diff -BburN libalias_orig/alias.c libalias/alias.c --- libalias_orig/alias.c Tue Dec 18 17:18:48 2001 +++ libalias/alias.c Fri Sep 13 21:30:34 2002 @@ -277,7 +277,8 @@ ic = (struct icmp *) ((char *) pip + (pip->ip_hl << 2)); /* Get source address from ICMP data field and restore original data */ - link = FindIcmpIn(pip->ip_src, pip->ip_dst, ic->icmp_id, 1); + link = FindIcmpIn(pip->ip_src, pip->ip_dst, ic->icmp_id, + !(packetAliasMode & PKT_ALIAS_NO_AUTOCREATE)); if (link != NULL) { u_short original_id; @@ -307,6 +308,9 @@ return(PKT_ALIAS_OK); } + if ( packetAliasMode & PKT_ALIAS_NO_AUTOCREATE ) + return(PKT_ALIAS_NO_STATE); + else return(PKT_ALIAS_IGNORED); } @@ -470,7 +474,8 @@ ic = (struct icmp *) ((char *) pip + (pip->ip_hl << 2)); /* Save overwritten data for when echo packet returns */ - link = FindIcmpOut(pip->ip_src, pip->ip_dst, ic->icmp_id, 1); + link = FindIcmpOut(pip->ip_src, pip->ip_dst, ic->icmp_id, + !(packetAliasMode & PKT_ALIAS_NO_AUTOCREATE)); if (link != NULL) { u_short alias_id; @@ -500,6 +505,9 @@ return(PKT_ALIAS_OK); } + if ( packetAliasMode & PKT_ALIAS_NO_AUTOCREATE ) + return(PKT_ALIAS_NO_STATE); + else return(PKT_ALIAS_IGNORED); } @@ -676,7 +684,8 @@ if (packetAliasMode & PKT_ALIAS_PROXY_ONLY) return PKT_ALIAS_OK; - link = FindProtoIn(pip->ip_src, pip->ip_dst, pip->ip_p); + link = FindProtoIn(pip->ip_src, pip->ip_dst, pip->ip_p, + !(packetAliasMode & PKT_ALIAS_NO_AUTOCREATE)); if (link != NULL) { struct in_addr original_address; @@ -692,6 +701,9 @@ return(PKT_ALIAS_OK); } + if ( packetAliasMode & PKT_ALIAS_NO_AUTOCREATE ) + return(PKT_ALIAS_NO_STATE); + else return(PKT_ALIAS_IGNORED); } @@ -710,7 +722,8 @@ if (packetAliasMode & PKT_ALIAS_PROXY_ONLY) return PKT_ALIAS_OK; - link = FindProtoOut(pip->ip_src, pip->ip_dst, pip->ip_p); + link = FindProtoOut(pip->ip_src, pip->ip_dst, pip->ip_p, + !(packetAliasMode & PKT_ALIAS_NO_AUTOCREATE)); if (link != NULL) { struct in_addr alias_address; @@ -726,6 +739,9 @@ return(PKT_ALIAS_OK); } + if ( packetAliasMode & PKT_ALIAS_NO_AUTOCREATE ) + return(PKT_ALIAS_NO_STATE); + else return(PKT_ALIAS_IGNORED); } @@ -744,7 +760,8 @@ link = FindUdpTcpIn(pip->ip_src, pip->ip_dst, ud->uh_sport, ud->uh_dport, - IPPROTO_UDP, 1); + IPPROTO_UDP, + !(packetAliasMode & PKT_ALIAS_NO_AUTOCREATE)); if (link != NULL) { struct in_addr alias_address; @@ -801,6 +818,9 @@ else return(PKT_ALIAS_OK); } + if ( packetAliasMode & PKT_ALIAS_NO_AUTOCREATE ) + return(PKT_ALIAS_NO_STATE); + else return(PKT_ALIAS_IGNORED); } @@ -818,7 +838,8 @@ link = FindUdpTcpOut(pip->ip_src, pip->ip_dst, ud->uh_sport, ud->uh_dport, - IPPROTO_UDP, 1); + IPPROTO_UDP, + !(packetAliasMode & PKT_ALIAS_NO_AUTOCREATE)); if (link != NULL) { u_short alias_port; @@ -877,6 +898,9 @@ return(PKT_ALIAS_OK); } + if ( packetAliasMode & PKT_ALIAS_NO_AUTOCREATE ) + return(PKT_ALIAS_NO_STATE); + else return(PKT_ALIAS_IGNORED); } @@ -893,7 +917,7 @@ link = FindUdpTcpIn(pip->ip_src, pip->ip_dst, tc->th_sport, tc->th_dport, IPPROTO_TCP, - !(packetAliasMode & PKT_ALIAS_PROXY_ONLY)); + !(packetAliasMode & (PKT_ALIAS_PROXY_ONLY|PKT_ALIAS_NO_AUTOCREATE))); if (link != NULL) { struct in_addr alias_address; @@ -992,6 +1016,9 @@ return(PKT_ALIAS_OK); } + if ( packetAliasMode & PKT_ALIAS_NO_AUTOCREATE ) + return(PKT_ALIAS_NO_STATE); + else return(PKT_ALIAS_IGNORED); } @@ -1048,7 +1075,8 @@ link = FindUdpTcpOut(pip->ip_src, pip->ip_dst, tc->th_sport, tc->th_dport, - IPPROTO_TCP, 1); + IPPROTO_TCP, + !(packetAliasMode & PKT_ALIAS_NO_AUTOCREATE)); if (link !=NULL) { u_short alias_port; @@ -1136,6 +1164,9 @@ return(PKT_ALIAS_OK); } + if ( packetAliasMode & PKT_ALIAS_NO_AUTOCREATE ) + return(PKT_ALIAS_NO_STATE); + else return(PKT_ALIAS_IGNORED); } @@ -1355,6 +1386,33 @@ } +int PacketAliasInCreate(char *ptr, /* valid IP packet */ + int maxpacketsize, /* How much the packet data + may grow (FTP and IRC + inline changes) + */ + struct in_addr alias_addr /* address of the alias + interface + */ + ) +{ + int iresult; + + if (packetAliasMode & PKT_ALIAS_REVERSE) { + packetAliasMode &= ~PKT_ALIAS_REVERSE; + iresult = PacketAliasOutCreate(ptr, maxpacketsize, alias_addr); + packetAliasMode |= PKT_ALIAS_REVERSE; + return iresult; + } + + /* incomming states are for the moment created automaticaly, + it is not possible to loadbalance incomming connections. + Redirects will either implicitly use ReLink() (when added befor) + or will be explicitly created with PacketAliasRedirectCreate(). + THIS CALL IS NONSENSE AND THEREFOR ILLEGAL !!! + */ + return (PKT_ALIAS_ERROR); +} /* Unregistered address ranges */ @@ -1571,3 +1629,41 @@ return(iresult); } + +int PacketAliasOutCreate(char *ptr, /* valid IP packet */ + int maxpacketsize, /* How much the packet data + may grow (FTP and IRC + inline changes) + */ + struct in_addr alias_addr /* address of the alias + interface + */ + ) +{ + struct in_addr addr_save; + int iresult; + + if (packetAliasMode & PKT_ALIAS_REVERSE) { + packetAliasMode &= ~PKT_ALIAS_REVERSE; + iresult = PacketAliasInCreate(ptr, maxpacketsize, alias_addr); + packetAliasMode |= PKT_ALIAS_REVERSE; + return iresult; + } + + /* run PacketAliasOut() with PKT_ALIAS_NO_AUTOCREATE disabled + and alias_addr as default AliasAddress. + */ + iresult = PKT_ALIAS_ERROR; + if (packetAliasMode & PKT_ALIAS_NO_AUTOCREATE) { + addr_save = GetDefaultAliasAddress(); + SetDefaultAliasAddress(alias_addr); + packetAliasMode &= ~PKT_ALIAS_NO_AUTOCREATE; + iresult = PacketAliasOut(ptr, maxpacketsize); + packetAliasMode |= PKT_ALIAS_NO_AUTOCREATE; + SetDefaultAliasAddress(addr_save); + } + + return(iresult); +} + + diff -BburN libalias_orig/alias.h libalias/alias.h --- libalias_orig/alias.h Fri Nov 23 14:10:15 2001 +++ libalias/alias.h Wed Aug 14 15:50:14 2002 @@ -53,6 +53,10 @@ int PacketAliasIn(char *_ptr, int _maxpacketsize); int PacketAliasOut(char *_ptr, int _maxpacketsize); int PacketUnaliasOut(char *_ptr, int _maxpacketsize); +int PacketAliasInCreate(char *_ptr, int _maxpacketsize, + struct in_addr _alias_addr); +int PacketAliasOutCreate(char *_ptr, int _maxpacketsize, + struct in_addr _alias_addr); /* Port and address redirection functions. */ @@ -79,6 +83,16 @@ PacketAliasRedirectProto(struct in_addr _src_addr, struct in_addr _dst_addr, struct in_addr _alias_addr, unsigned char _proto); +struct alias_link * + PacketAliasRedirectCreate(struct in_addr _src_addr, + unsigned short _src_port, struct in_addr _dst_addr, + unsigned short _dst_port, struct in_addr _alias_addr, + unsigned short _alias_port, unsigned char _proto); +struct alias_link * + PacketAliasRedirectCreateProto(struct in_addr _src_addr, + struct in_addr _dst_addr, struct in_addr _alias_addr, + unsigned char _proto); + /* Fragment Handling functions. */ void PacketAliasFragmentIn(char *_ptr, char *_ptr_fragment); @@ -170,12 +184,21 @@ */ #define PKT_ALIAS_REVERSE 0x80 + +/* + * If PKT_ALIAS_NO_AUTOCREATE is set, PacketAlias{In,Out}() will fail with + * error PKT_ALIAS_NO_STATE when packets have no known state. + * The state has to be added explicitly with PacketAliasCreate{In,Out}(). + */ +#define PKT_ALIAS_NO_AUTOCREATE 0x200 + /* Function return codes. */ #define PKT_ALIAS_ERROR -1 #define PKT_ALIAS_OK 1 #define PKT_ALIAS_IGNORED 2 #define PKT_ALIAS_UNRESOLVED_FRAGMENT 3 #define PKT_ALIAS_FOUND_HEADER_FRAGMENT 4 +#define PKT_ALIAS_NO_STATE 5 #endif /* !_ALIAS_H_ */ diff -BburN libalias_orig/alias_db.c libalias/alias_db.c --- libalias_orig/alias_db.c Sat Nov 3 12:34:33 2001 +++ libalias/alias_db.c Fri Sep 13 23:26:49 2002 @@ -1530,7 +1530,8 @@ struct alias_link * FindProtoIn(struct in_addr dst_addr, struct in_addr alias_addr, - u_char proto) + u_char proto, + int create) { struct alias_link *link; @@ -1538,7 +1539,7 @@ NO_DEST_PORT, 0, proto, 1); - if (link == NULL && !(packetAliasMode & PKT_ALIAS_DENY_INCOMING)) + if (link == NULL && create && !(packetAliasMode & PKT_ALIAS_DENY_INCOMING)) { struct in_addr target_addr; @@ -1555,7 +1556,8 @@ struct alias_link * FindProtoOut(struct in_addr src_addr, struct in_addr dst_addr, - u_char proto) + u_char proto, + int create) { struct alias_link *link; @@ -1563,7 +1565,7 @@ NO_SRC_PORT, NO_DEST_PORT, proto, 1); - if (link == NULL) + if (link == NULL && create && !(packetAliasMode & PKT_ALIAS_NO_AUTOCREATE)) { struct in_addr alias_addr; @@ -2495,6 +2497,72 @@ return link; } +/* finctions to create redirect states explicitly (this states are not permanent) */ +struct alias_link * +PacketAliasRedirectCreate(struct in_addr src_addr, + unsigned short src_port, + struct in_addr dst_addr, + unsigned short dst_port, + struct in_addr alias_addr, + unsigned short alias_port, + unsigned char proto) +{ + int link_type; + struct alias_link *link; + + switch(proto) + { + case IPPROTO_UDP: + link_type = LINK_UDP; + break; + case IPPROTO_TCP: + link_type = LINK_TCP; + break; + default: +#ifdef DEBUG + fprintf(stderr, "PacketAliasRedirectPort(): "); + fprintf(stderr, "only TCP and UDP protocols allowed\n"); +#endif + return NULL; + } + + link = AddLink(src_addr, dst_addr, alias_addr, + src_port, dst_port, alias_port, + link_type); + +#ifdef DEBUG + if (link == NULL) + { + fprintf(stderr, "PacketAliasRedirectCreate(): " + "call to AddLink() failed\n"); + } +#endif + + return link; +} + +struct alias_link * +PacketAliasRedirectCreateProto(struct in_addr src_addr, + struct in_addr dst_addr, + struct in_addr alias_addr, + unsigned char proto) +{ + struct alias_link *link; + + link = AddLink(src_addr, dst_addr, alias_addr, + NO_SRC_PORT, NO_DEST_PORT, 0, + proto); + +#ifdef DEBUG + if (link == NULL) + { + fprintf(stderr, "PacketAliasRedirectCreateProto(): " + "call to AddLink() failed\n"); + } +#endif + + return link; +} void PacketAliasRedirectDelete(struct alias_link *link) diff -BburN libalias_orig/alias_local.h libalias/alias_local.h --- libalias_orig/alias_local.h Fri Nov 23 14:10:15 2001 +++ libalias/alias_local.h Wed Aug 14 15:26:18 2002 @@ -102,10 +102,10 @@ FindFragmentPtr(struct in_addr _dst_addr, u_short _ip_id); struct alias_link * FindProtoIn(struct in_addr _dst_addr, struct in_addr _alias_addr, - u_char _proto); + u_char _proto, int _create); struct alias_link * FindProtoOut(struct in_addr _src_addr, struct in_addr _dst_addr, - u_char _proto); + u_char _proto, int _create); struct alias_link * FindUdpTcpIn(struct in_addr _dst_addr, struct in_addr _alias_addr, u_short _dst_port, u_short _alias_port, u_char _proto, int _create);