diff -BburN libalias_orig/alias.c libalias/alias.c --- libalias_orig/alias.c Tue Dec 18 17:18:48 2001 +++ libalias/alias.c Fri Sep 13 21:30:34 2002 @@ -277,7 +277,8 @@ ic = (struct icmp *) ((char *) pip + (pip->ip_hl << 2)); /* Get source address from ICMP data field and restore original data */ - link = FindIcmpIn(pip->ip_src, pip->ip_dst, ic->icmp_id, 1); + link = FindIcmpIn(pip->ip_src, pip->ip_dst, ic->icmp_id, + !(packetAliasMode & PKT_ALIAS_NO_AUTOCREATE)); if (link != NULL) { u_short original_id; @@ -307,6 +308,9 @@ return(PKT_ALIAS_OK); } + if ( packetAliasMode & PKT_ALIAS_NO_AUTOCREATE ) + return(PKT_ALIAS_NO_STATE); + else return(PKT_ALIAS_IGNORED); } @@ -470,7 +474,8 @@ ic = (struct icmp *) ((char *) pip + (pip->ip_hl << 2)); /* Save overwritten data for when echo packet returns */ - link = FindIcmpOut(pip->ip_src, pip->ip_dst, ic->icmp_id, 1); + link = FindIcmpOut(pip->ip_src, pip->ip_dst, ic->icmp_id, + !(packetAliasMode & PKT_ALIAS_NO_AUTOCREATE)); if (link != NULL) { u_short alias_id; @@ -500,6 +505,9 @@ return(PKT_ALIAS_OK); } + if ( packetAliasMode & PKT_ALIAS_NO_AUTOCREATE ) + return(PKT_ALIAS_NO_STATE); + else return(PKT_ALIAS_IGNORED); } @@ -676,7 +684,8 @@ if (packetAliasMode & PKT_ALIAS_PROXY_ONLY) return PKT_ALIAS_OK; - link = FindProtoIn(pip->ip_src, pip->ip_dst, pip->ip_p); + link = FindProtoIn(pip->ip_src, pip->ip_dst, pip->ip_p, + !(packetAliasMode & PKT_ALIAS_NO_AUTOCREATE)); if (link != NULL) { struct in_addr original_address; @@ -692,6 +701,9 @@ return(PKT_ALIAS_OK); } + if ( packetAliasMode & PKT_ALIAS_NO_AUTOCREATE ) + return(PKT_ALIAS_NO_STATE); + else return(PKT_ALIAS_IGNORED); } @@ -710,7 +722,8 @@ if (packetAliasMode & PKT_ALIAS_PROXY_ONLY) return PKT_ALIAS_OK; - link = FindProtoOut(pip->ip_src, pip->ip_dst, pip->ip_p); + link = FindProtoOut(pip->ip_src, pip->ip_dst, pip->ip_p, + !(packetAliasMode & PKT_ALIAS_NO_AUTOCREATE)); if (link != NULL) { struct in_addr alias_address; @@ -726,6 +739,9 @@ return(PKT_ALIAS_OK); } + if ( packetAliasMode & PKT_ALIAS_NO_AUTOCREATE ) + return(PKT_ALIAS_NO_STATE); + else return(PKT_ALIAS_IGNORED); } @@ -744,7 +760,8 @@ link = FindUdpTcpIn(pip->ip_src, pip->ip_dst, ud->uh_sport, ud->uh_dport, - IPPROTO_UDP, 1); + IPPROTO_UDP, + !(packetAliasMode & PKT_ALIAS_NO_AUTOCREATE)); if (link != NULL) { struct in_addr alias_address; @@ -801,6 +818,9 @@ else return(PKT_ALIAS_OK); } + if ( packetAliasMode & PKT_ALIAS_NO_AUTOCREATE ) + return(PKT_ALIAS_NO_STATE); + else return(PKT_ALIAS_IGNORED); } @@ -818,7 +838,8 @@ link = FindUdpTcpOut(pip->ip_src, pip->ip_dst, ud->uh_sport, ud->uh_dport, - IPPROTO_UDP, 1); + IPPROTO_UDP, + !(packetAliasMode & PKT_ALIAS_NO_AUTOCREATE)); if (link != NULL) { u_short alias_port; @@ -877,6 +898,9 @@ return(PKT_ALIAS_OK); } + if ( packetAliasMode & PKT_ALIAS_NO_AUTOCREATE ) + return(PKT_ALIAS_NO_STATE); + else return(PKT_ALIAS_IGNORED); } @@ -893,7 +917,7 @@ link = FindUdpTcpIn(pip->ip_src, pip->ip_dst, tc->th_sport, tc->th_dport, IPPROTO_TCP, - !(packetAliasMode & PKT_ALIAS_PROXY_ONLY)); + !(packetAliasMode & (PKT_ALIAS_PROXY_ONLY|PKT_ALIAS_NO_AUTOCREATE))); if (link != NULL) { struct in_addr alias_address; @@ -992,6 +1016,9 @@ return(PKT_ALIAS_OK); } + if ( packetAliasMode & PKT_ALIAS_NO_AUTOCREATE ) + return(PKT_ALIAS_NO_STATE); + else return(PKT_ALIAS_IGNORED); } @@ -1048,7 +1075,8 @@ link = FindUdpTcpOut(pip->ip_src, pip->ip_dst, tc->th_sport, tc->th_dport, - IPPROTO_TCP, 1); + IPPROTO_TCP, + !(packetAliasMode & PKT_ALIAS_NO_AUTOCREATE)); if (link !=NULL) { u_short alias_port; @@ -1136,6 +1164,9 @@ return(PKT_ALIAS_OK); } + if ( packetAliasMode & PKT_ALIAS_NO_AUTOCREATE ) + return(PKT_ALIAS_NO_STATE); + else return(PKT_ALIAS_IGNORED); } @@ -1355,6 +1386,33 @@ } +int PacketAliasInCreate(char *ptr, /* valid IP packet */ + int maxpacketsize, /* How much the packet data + may grow (FTP and IRC + inline changes) + */ + struct in_addr alias_addr /* address of the alias + interface + */ + ) +{ + int iresult; + + if (packetAliasMode & PKT_ALIAS_REVERSE) { + packetAliasMode &= ~PKT_ALIAS_REVERSE; + iresult = PacketAliasOutCreate(ptr, maxpacketsize, alias_addr); + packetAliasMode |= PKT_ALIAS_REVERSE; + return iresult; + } + + /* incomming states are for the moment created automaticaly, + it is not possible to loadbalance incomming connections. + Redirects will either implicitly use ReLink() (when added befor) + or will be explicitly created with PacketAliasRedirectCreate(). + THIS CALL IS NONSENSE AND THEREFOR ILLEGAL !!! + */ + return (PKT_ALIAS_ERROR); +} /* Unregistered address ranges */ @@ -1571,3 +1629,41 @@ return(iresult); } + +int PacketAliasOutCreate(char *ptr, /* valid IP packet */ + int maxpacketsize, /* How much the packet data + may grow (FTP and IRC + inline changes) + */ + struct in_addr alias_addr /* address of the alias + interface + */ + ) +{ + struct in_addr addr_save; + int iresult; + + if (packetAliasMode & PKT_ALIAS_REVERSE) { + packetAliasMode &= ~PKT_ALIAS_REVERSE; + iresult = PacketAliasInCreate(ptr, maxpacketsize, alias_addr); + packetAliasMode |= PKT_ALIAS_REVERSE; + return iresult; + } + + /* run PacketAliasOut() with PKT_ALIAS_NO_AUTOCREATE disabled + and alias_addr as default AliasAddress. + */ + iresult = PKT_ALIAS_ERROR; + if (packetAliasMode & PKT_ALIAS_NO_AUTOCREATE) { + addr_save = GetDefaultAliasAddress(); + SetDefaultAliasAddress(alias_addr); + packetAliasMode &= ~PKT_ALIAS_NO_AUTOCREATE; + iresult = PacketAliasOut(ptr, maxpacketsize); + packetAliasMode |= PKT_ALIAS_NO_AUTOCREATE; + SetDefaultAliasAddress(addr_save); + } + + return(iresult); +} + + diff -BburN libalias_orig/alias.h libalias/alias.h --- libalias_orig/alias.h Fri Nov 23 14:10:15 2001 +++ libalias/alias.h Wed Aug 14 15:50:14 2002 @@ -53,6 +53,10 @@ int PacketAliasIn(char *_ptr, int _maxpacketsize); int PacketAliasOut(char *_ptr, int _maxpacketsize); int PacketUnaliasOut(char *_ptr, int _maxpacketsize); +int PacketAliasInCreate(char *_ptr, int _maxpacketsize, + struct in_addr _alias_addr); +int PacketAliasOutCreate(char *_ptr, int _maxpacketsize, + struct in_addr _alias_addr); /* Port and address redirection functions. */ @@ -79,6 +83,16 @@ PacketAliasRedirectProto(struct in_addr _src_addr, struct in_addr _dst_addr, struct in_addr _alias_addr, unsigned char _proto); +struct alias_link * + PacketAliasRedirectCreate(struct in_addr _src_addr, + unsigned short _src_port, struct in_addr _dst_addr, + unsigned short _dst_port, struct in_addr _alias_addr, + unsigned short _alias_port, unsigned char _proto); +struct alias_link * + PacketAliasRedirectCreateProto(struct in_addr _src_addr, + struct in_addr _dst_addr, struct in_addr _alias_addr, + unsigned char _proto); + /* Fragment Handling functions. */ void PacketAliasFragmentIn(char *_ptr, char *_ptr_fragment); @@ -170,12 +184,21 @@ */ #define PKT_ALIAS_REVERSE 0x80 + +/* + * If PKT_ALIAS_NO_AUTOCREATE is set, PacketAlias{In,Out}() will fail with + * error PKT_ALIAS_NO_STATE when packets have no known state. + * The state has to be added explicitly with PacketAliasCreate{In,Out}(). + */ +#define PKT_ALIAS_NO_AUTOCREATE 0x200 + /* Function return codes. */ #define PKT_ALIAS_ERROR -1 #define PKT_ALIAS_OK 1 #define PKT_ALIAS_IGNORED 2 #define PKT_ALIAS_UNRESOLVED_FRAGMENT 3 #define PKT_ALIAS_FOUND_HEADER_FRAGMENT 4 +#define PKT_ALIAS_NO_STATE 5 #endif /* !_ALIAS_H_ */ diff -BburN libalias_orig/alias_cuseeme.c libalias/alias_cuseeme.c --- libalias_orig/alias_cuseeme.c Tue Oct 31 09:48:21 2000 +++ libalias/alias_cuseeme.c Thu Sep 26 16:33:38 2002 @@ -68,6 +68,7 @@ AliasHandleCUSeeMeOut(struct ip *pip, struct alias_link *link) { struct udphdr *ud; + struct in_addr addr_save; ud = (struct udphdr *)((char *)pip + (pip->ip_hl << 2)); if (ntohs(ud->uh_ulen) - sizeof(struct udphdr) >= sizeof(struct cu_header)) { @@ -78,9 +79,15 @@ if (cu->addr) cu->addr = (u_int32_t)GetAliasAddress(link).s_addr; +/* set the alias address to the alias address of the link */ + addr_save = GetDefaultAliasAddress(); + SetDefaultAliasAddress(GetAliasAddress(link)); + cu_link = FindUdpTcpOut(pip->ip_src, GetDestAddress(link), ud->uh_dport, 0, IPPROTO_UDP, 1); + SetDefaultAliasAddress(addr_save); + #ifndef NO_FW_PUNCH if (cu_link) PunchFWHole(cu_link); diff -BburN libalias_orig/alias_db.c libalias/alias_db.c --- libalias_orig/alias_db.c Sat Nov 3 12:34:33 2001 +++ libalias/alias_db.c Thu Sep 26 16:10:37 2002 @@ -1530,7 +1530,8 @@ struct alias_link * FindProtoIn(struct in_addr dst_addr, struct in_addr alias_addr, - u_char proto) + u_char proto, + int create) { struct alias_link *link; @@ -1538,7 +1539,7 @@ NO_DEST_PORT, 0, proto, 1); - if (link == NULL && !(packetAliasMode & PKT_ALIAS_DENY_INCOMING)) + if (link == NULL && create && !(packetAliasMode & PKT_ALIAS_DENY_INCOMING)) { struct in_addr target_addr; @@ -1555,7 +1556,8 @@ struct alias_link * FindProtoOut(struct in_addr src_addr, struct in_addr dst_addr, - u_char proto) + u_char proto, + int create) { struct alias_link *link; @@ -1563,7 +1565,7 @@ NO_SRC_PORT, NO_DEST_PORT, proto, 1); - if (link == NULL) + if (link == NULL && create && !(packetAliasMode & PKT_ALIAS_NO_AUTOCREATE)) { struct in_addr alias_addr; @@ -2001,13 +2003,11 @@ return(link->alias_port); } -#ifndef NO_FW_PUNCH -static u_short +u_short GetDestPort(struct alias_link *link) { return(link->dst_port); } -#endif void SetAckModified(struct alias_link *link) @@ -2495,6 +2495,72 @@ return link; } +/* finctions to create redirect states explicitly (this states are not permanent) */ +struct alias_link * +PacketAliasRedirectCreate(struct in_addr src_addr, + unsigned short src_port, + struct in_addr dst_addr, + unsigned short dst_port, + struct in_addr alias_addr, + unsigned short alias_port, + unsigned char proto) +{ + int link_type; + struct alias_link *link; + + switch(proto) + { + case IPPROTO_UDP: + link_type = LINK_UDP; + break; + case IPPROTO_TCP: + link_type = LINK_TCP; + break; + default: +#ifdef DEBUG + fprintf(stderr, "PacketAliasRedirectPort(): "); + fprintf(stderr, "only TCP and UDP protocols allowed\n"); +#endif + return NULL; + } + + link = AddLink(src_addr, dst_addr, alias_addr, + src_port, dst_port, alias_port, + link_type); + +#ifdef DEBUG + if (link == NULL) + { + fprintf(stderr, "PacketAliasRedirectCreate(): " + "call to AddLink() failed\n"); + } +#endif + + return link; +} + +struct alias_link * +PacketAliasRedirectCreateProto(struct in_addr src_addr, + struct in_addr dst_addr, + struct in_addr alias_addr, + unsigned char proto) +{ + struct alias_link *link; + + link = AddLink(src_addr, dst_addr, alias_addr, + NO_SRC_PORT, NO_DEST_PORT, 0, + proto); + +#ifdef DEBUG + if (link == NULL) + { + fprintf(stderr, "PacketAliasRedirectCreateProto(): " + "call to AddLink() failed\n"); + } +#endif + + return link; +} void PacketAliasRedirectDelete(struct alias_link *link) diff -BburN libalias_orig/alias_ftp.c libalias/alias_ftp.c --- libalias_orig/alias_ftp.c Thu Dec 6 10:00:26 2001 +++ libalias/alias_ftp.c Thu Sep 26 17:24:48 2002 @@ -457,6 +457,7 @@ int ftp_message_type) { struct alias_link *ftp_link; + struct in_addr addr_save; /* Security checks. */ if (pip->ip_src.s_addr != true_addr.s_addr) @@ -465,15 +466,35 @@ if (true_port < IPPORT_RESERVED) return; + +/* set the alias address to the alias address of the link */ + addr_save = GetDefaultAliasAddress(); + SetDefaultAliasAddress(GetAliasAddress(link)); /* Establish link to address and port found in FTP control message. */ ftp_link = FindUdpTcpOut(true_addr, GetDestAddress(link), htons(true_port), 0, IPPROTO_TCP, 1); + SetDefaultAliasAddress(addr_save); + + if (ftp_link != NULL) { int slen, hlen, tlen, dlen; struct tcphdr *tc; +#if 0 + fprintf(stderr, "INFO [ftp add state]: internal %s:%d ", + inet_ntoa(GetOriginalAddress(ftp_link)), + ntohs(GetOriginalPort(ftp_link))); + fprintf(stderr, "remote %s:%d ", + inet_ntoa(GetDestAddress(ftp_link)), + ntohs(GetDestPort(ftp_link))); + + fprintf(stderr, "-> alias %s:%d\n", + inet_ntoa(GetAliasAddress(ftp_link)), + ntohs(GetAliasPort(ftp_link))); +#endif + #ifndef NO_FW_PUNCH /* Punch hole in firewall */ PunchFWHole(ftp_link); diff -BburN libalias_orig/alias_irc.c libalias/alias_irc.c --- libalias_orig/alias_irc.c Sat Nov 3 12:34:33 2001 +++ libalias/alias_irc.c Thu Sep 26 17:08:39 2002 @@ -230,6 +230,7 @@ { struct alias_link *dcc_link; struct in_addr destaddr; + struct in_addr addr_save; true_port = htons(org_port); @@ -242,12 +243,15 @@ org_port < IPPORT_RESERVED) goto lBAD_CTCP; + addr_save = GetDefaultAliasAddress(); + SetDefaultAliasAddress(GetAliasAddress(link)); /* Steal the FTP_DATA_PORT - it doesn't really matter, and this would probably allow it through at least _some_ firewalls. */ dcc_link = FindUdpTcpOut(true_addr, destaddr, true_port, 0, IPPROTO_TCP, 1); + SetDefaultAliasAddress(addr_save); DBprintf(("Got a DCC link\n")); if ( dcc_link ) { struct in_addr alias_address; /* Address from aliasing */ diff -BburN libalias_orig/alias_local.h libalias/alias_local.h --- libalias_orig/alias_local.h Fri Nov 23 14:10:15 2001 +++ libalias/alias_local.h Thu Sep 26 16:09:51 2002 @@ -102,10 +102,10 @@ FindFragmentPtr(struct in_addr _dst_addr, u_short _ip_id); struct alias_link * FindProtoIn(struct in_addr _dst_addr, struct in_addr _alias_addr, - u_char _proto); + u_char _proto, int _create); struct alias_link * FindProtoOut(struct in_addr _src_addr, struct in_addr _dst_addr, - u_char _proto); + u_char _proto, int _create); struct alias_link * FindUdpTcpIn(struct in_addr _dst_addr, struct in_addr _alias_addr, u_short _dst_port, u_short _alias_port, u_char _proto, int _create); @@ -158,6 +158,7 @@ void SetDefaultAliasAddress(struct in_addr _alias_addr); u_short GetOriginalPort(struct alias_link *_link); u_short GetAliasPort(struct alias_link *_link); +u_short GetDestPort(struct alias_link *_link); struct in_addr GetProxyAddress(struct alias_link *_link); void SetProxyAddress(struct alias_link *_link, struct in_addr _addr); diff -BburN libalias_orig/alias_smedia.c libalias/alias_smedia.c --- libalias_orig/alias_smedia.c Mon Mar 5 04:48:00 2001 +++ libalias/alias_smedia.c Thu Sep 26 17:23:25 2002 @@ -234,9 +234,17 @@ base_alias = ntohs(salias); for (j = 0; j < RTSP_PORT_GROUP; j++) { /* Establish link to port found in RTSP packet */ + struct in_addr addr_save; + + /* set the alias address to the alias address of the link */ + addr_save = GetDefaultAliasAddress(); + SetDefaultAliasAddress(GetAliasAddress(link)); + rtsp_link = FindRtspOut(GetOriginalAddress(link), null_addr, htons(base_port + j), htons(base_alias + j), IPPROTO_UDP); + SetDefaultAliasAddress(addr_save); + if (rtsp_link != NULL) { #ifndef NO_FW_PUNCH /* Punch hole in firewall */ @@ -328,6 +336,7 @@ char *work; u_short alias_port, port; struct tcphdr *tc; + struct in_addr addr_save; work = data; work += 5; @@ -342,8 +351,12 @@ } if ((ntohs(msg_id) == 1) || (ntohs(msg_id) == 7)) { memcpy(&port, work, 2); + /* set the alias address to the alias address of the link */ + addr_save = GetDefaultAliasAddress(); + SetDefaultAliasAddress(GetAliasAddress(link)); pna_links = FindUdpTcpOut(pip->ip_src, GetDestAddress(link), port, 0, IPPROTO_UDP, 1); + SetDefaultAliasAddress(addr_save); if (pna_links != NULL) { #ifndef NO_FW_PUNCH /* Punch hole in firewall */