Add hooks for an IP NAT module, much like the firewall stuff...

Move the sockopt definitions for the firewall code from
ip_fw.h to in.h where it belongs.
This commit is contained in:
Søren Schmidt 1996-08-21 21:37:07 +00:00
parent 1702c53ed2
commit fed1c7e9e4
Notes: svn2git 2020-12-20 02:59:44 +00:00
svn path=/head/; revision=17758
5 changed files with 60 additions and 23 deletions

View File

@ -31,7 +31,7 @@
* SUCH DAMAGE.
*
* @(#)in.h 8.3 (Berkeley) 1/3/94
* $Id: in.h,v 1.18 1996/07/10 19:44:20 julian Exp $
* $Id: in.h,v 1.19 1996/08/12 14:05:53 peter Exp $
*/
#ifndef _NETINET_IN_H_
@ -220,6 +220,13 @@ struct ip_opts {
#define IP_RSVP_VIF_OFF 18 /* unset RSVP per-vif socket */
#define IP_PORTRANGE 19 /* int; range to choose for unspec port */
#define IP_FW_ADD 50 /* add a firewall rule to chain */
#define IP_FW_DEL 51 /* delete a firewall rule from chain */
#define IP_FW_FLUSH 52 /* flush firewall rule chain */
#define IP_FW_ZERO 53 /* clear all firewall counters */
#define IP_FW_GET 54 /* get entire firewall rule chain */
#define IP_NAT 55 /* set/get NAT opts */
/*
* Defaults and limits for options
*/
@ -322,10 +329,19 @@ char *inet_ntoa __P((struct in_addr)); /* in libkern */
/* Firewall hooks */
struct ip;
typedef int ip_fw_chk_t __P((struct ip**, int, struct ifnet*, int, struct mbuf**));
typedef int ip_fw_ctl_t __P((int, struct mbuf**));
extern ip_fw_chk_t *ip_fw_chk_ptr;
extern ip_fw_ctl_t *ip_fw_ctl_ptr;
typedef int ip_fw_chk_t __P((struct ip**, int, struct ifnet*, int, struct mbuf**));
typedef int ip_fw_ctl_t __P((int, struct mbuf**));
extern ip_fw_chk_t *ip_fw_chk_ptr;
extern ip_fw_ctl_t *ip_fw_ctl_ptr;
/* ip NAT hooks */
typedef int ip_nat_t __P((struct ip**, struct mbuf**, int));
typedef int ip_nat_ctl_t __P((int, struct mbuf**));
extern ip_nat_t *ip_nat_ptr;
extern ip_nat_ctl_t *ip_nat_ctl_ptr;
#define IP_NAT_IN 0x00000001
#define IP_NAT_OUT 0x00000002
#endif /* KERNEL */
#endif

View File

@ -11,7 +11,7 @@
*
* This software is provided ``AS IS'' without any warranties of any kind.
*
* $Id: ip_fw.h,v 1.21 1996/07/10 19:44:24 julian Exp $
* $Id: ip_fw.h,v 1.22 1996/08/13 19:43:41 pst Exp $
*/
/*
@ -113,17 +113,6 @@ struct ip_fw_chain {
#define IP_FW_TCPF_URG TH_URG
#define IP_FW_TCPF_ESTAB 0x40
/*
* New IP firewall options for [gs]etsockopt at the RAW IP level.
*/
#define IP_FW_BASE_CTL 50
#define IP_FW_ADD (IP_FW_BASE_CTL+0)
#define IP_FW_DEL (IP_FW_BASE_CTL+1)
#define IP_FW_FLUSH (IP_FW_BASE_CTL+2)
#define IP_FW_ZERO (IP_FW_BASE_CTL+3)
#define IP_FW_GET (IP_FW_BASE_CTL+4)
/*
* Main firewall chains definitions and global var's definitions.
*/

View File

@ -31,7 +31,7 @@
* SUCH DAMAGE.
*
* @(#)ip_input.c 8.2 (Berkeley) 1/4/94
* $Id: ip_input.c,v 1.44 1996/06/12 19:34:33 gpalmer Exp $
* $Id: ip_input.c,v 1.45 1996/07/10 19:44:25 julian Exp $
*/
#include "opt_ipfw.h"
@ -114,6 +114,10 @@ SYSCTL_INT(_net_inet_ip, IPCTL_DEFMTU, mtu, CTLFLAG_RW,
ip_fw_chk_t *ip_fw_chk_ptr;
ip_fw_ctl_t *ip_fw_ctl_ptr;
/* IP Network Address Translation (NAT) hooks */
ip_nat_t *ip_nat_ptr;
ip_nat_ctl_t *ip_nat_ctl_ptr;
/*
* We need to save the IP options in case a protocol wants to respond
* to an incoming packet over the same route if the packet got here
@ -175,6 +179,10 @@ ip_init()
#ifdef IPFIREWALL
ip_fw_init();
#endif
#ifdef IPNAT
ip_nat_init();
#endif
}
static struct sockaddr_in ipaddr = { sizeof(ipaddr), AF_INET };
@ -265,6 +273,7 @@ ip_input(struct mbuf *m)
* and it is still fresh out of network we do our black
* deals with it.
* - Firewall: deny/allow/divert
* - Xlate: translate packet's addr/port (NAT).
* - Wrap: fake packet's addr/port <unimpl.>
* - Encapsulate: put it in another IP and send out. <unimp.>
*/
@ -290,6 +299,9 @@ ip_input(struct mbuf *m)
}
}
if (ip_nat_ptr && !(*ip_nat_ptr)(&ip, &m, IP_NAT_IN))
return;
/*
* Process options and, if not destined for us,
* ship it on. ip_dooptions returns 1 when an

View File

@ -31,7 +31,7 @@
* SUCH DAMAGE.
*
* @(#)ip_output.c 8.3 (Berkeley) 1/21/94
* $Id: ip_output.c,v 1.40 1996/06/08 08:18:59 bde Exp $
* $Id: ip_output.c,v 1.41 1996/07/10 19:44:26 julian Exp $
*/
#define _IP_VHL
@ -331,6 +331,19 @@ ip_output(m0, opt, ro, flags, imo)
}
sendit:
/*
* IpHack's section.
* - Xlate: translate packet's addr/port (NAT).
* - Firewall: deny/allow
* - Wrap: fake packet's addr/port <unimpl.>
* - Encapsulate: put it in another IP and send out. <unimp.>
*/
if (ip_nat_ptr && !(*ip_nat_ptr)(&ip, &m, IP_NAT_OUT)) {
error = EACCES;
goto done;
}
#ifdef COMPAT_IPFW
/*
* Check with the firewall...

View File

@ -31,7 +31,7 @@
* SUCH DAMAGE.
*
* @(#)raw_ip.c 8.7 (Berkeley) 5/15/95
* $Id: raw_ip.c,v 1.32 1996/07/20 00:16:20 alex Exp $
* $Id: raw_ip.c,v 1.33 1996/07/24 18:46:18 wollman Exp $
*/
#include <sys/param.h>
@ -235,23 +235,30 @@ rip_ctloutput(op, so, level, optname, m)
#ifdef COMPAT_IPFW
case IP_FW_GET:
if (ip_fw_ctl_ptr==NULL || op == PRCO_SETOPT) {
if (ip_fw_ctl_ptr == NULL || op == PRCO_SETOPT) {
if (*m) (void)m_free(*m);
return(EINVAL);
}
return (*ip_fw_ctl_ptr)(optname, m);
case IP_FW_ADD:
case IP_FW_DEL:
case IP_FW_FLUSH:
case IP_FW_ZERO:
if (ip_fw_ctl_ptr==NULL || op != PRCO_SETOPT) {
if (ip_fw_ctl_ptr == NULL || op != PRCO_SETOPT) {
if (*m) (void)m_free(*m);
return(EINVAL);
}
return (*ip_fw_ctl_ptr)(optname, m);
#endif
case IP_NAT:
if (ip_nat_ctl_ptr == NULL) {
if (*m) (void)m_free(*m);
return(EINVAL);
}
return (*ip_nat_ctl_ptr)(optname, m);
case IP_RSVP_ON:
return ip_rsvp_init(so);
break;