i386/linux-2.3.21/net/ipv4/ip_nat_dumb.c

   1 /*
   2  * INET         An implementation of the TCP/IP protocol suite for the LINUX
   3  *              operating system.  INET is implemented using the  BSD Socket
   4  *              interface as the means of communication with the user level.
   5  *
   6  *              Dumb Network Address Translation.
   7  *
   8  * Version:     $Id: ip_nat_dumb.c,v 1.9 1999/08/20 11:05:46 davem Exp $
   9  *
  10  * Authors:     Alexey Kuznetsov, <kuznet@ms2.inr.ac.ru>
  11  *
  12  *              This program is free software; you can redistribute it and/or
  13  *              modify it under the terms of the GNU General Public License
  14  *              as published by the Free Software Foundation; either version
  15  *              2 of the License, or (at your option) any later version.
  16  *
  17  * Fixes:
  18  *              Rani Assaf      :       A zero checksum is a special case
  19  *                                      only in UDP
  20  *              Rani Assaf      :       Added ICMP messages rewriting
  21  *              Rani Assaf      :       Repaired wrong changes, made by ANK.
  22  *
  23  *
  24  * NOTE:        It is just working model of real NAT.
  25  */
  26
  27 #include <linux/config.h>
  28 #include <linux/types.h>
  29 #include <linux/mm.h>
  30 #include <linux/sched.h>
  31 #include <linux/skbuff.h>
  32 #include <linux/ip.h>
  33 #include <linux/icmp.h>
  34 #include <linux/netdevice.h>
  35 #include <net/sock.h>
  36 #include <net/ip.h>
  37 #include <net/icmp.h>
  38 #include <linux/tcp.h>
  39 #include <linux/udp.h>
  40 #include <net/checksum.h>
  41 #include <linux/route.h>
  42 #include <net/route.h>
  43 #include <net/ip_fib.h>
  44
  45
  46 int
  47 ip_do_nat(struct sk_buff *skb)
  48 {
  49         struct rtable *rt = (struct rtable*)skb->dst;
  50         struct iphdr *iph = skb->nh.iph;
  51         u32 odaddr = iph->daddr;
  52         u32 osaddr = iph->saddr;
  53         u16     check;
  54
  55         IPCB(skb)->flags |= IPSKB_TRANSLATED;
  56
  57         /* Rewrite IP header */
  58         iph->daddr = rt->rt_dst_map;
  59         iph->saddr = rt->rt_src_map;
  60         iph->check = 0;
  61         iph->check = ip_fast_csum((unsigned char *)iph, iph->ihl);
  62
  63         /* If it is the first fragment, rewrite protocol headers */
  64
  65         if (!(iph->frag_off & htons(IP_OFFSET))) {
  66                 u16     *cksum;
  67
  68                 switch(iph->protocol) {
  69                 case IPPROTO_TCP:
  70                         cksum  = (u16*)&((struct tcphdr*)(((char*)iph) + (iph->ihl<<2)))->check;
  71                         if ((u8*)(cksum+1) > skb->tail)
  72                                 goto truncated;
  73                         check  = csum_tcpudp_magic(iph->saddr, iph->daddr, 0, 0, ~(*cksum));
  74                         *cksum = csum_tcpudp_magic(~osaddr, ~odaddr, 0, 0, ~check);
  75                         break;
  76                 case IPPROTO_UDP:
  77                         cksum  = (u16*)&((struct udphdr*)(((char*)iph) + (iph->ihl<<2)))->check;
  78                         if ((u8*)(cksum+1) > skb->tail)
  79                                 goto truncated;
  80                         if ((check = *cksum) != 0) {
  81                                 check = csum_tcpudp_magic(iph->saddr, iph->daddr, 0, 0, ~check);
  82                                 check = csum_tcpudp_magic(~osaddr, ~odaddr, 0, 0, ~check);
  83                                 *cksum = check ? : 0xFFFF;
  84                         }
  85                         break;
  86                 case IPPROTO_ICMP:
  87                 {
  88                         struct icmphdr *icmph = (struct icmphdr*)((char*)iph + (iph->ihl<<2));
  89                         struct   iphdr *ciph;
  90                         u32 idaddr, isaddr;
  91                         int updated;
  92
  93                         if ((icmph->type != ICMP_DEST_UNREACH) &&
  94                             (icmph->type != ICMP_TIME_EXCEEDED) &&
  95                             (icmph->type != ICMP_PARAMETERPROB))
  96                                 break;
  97
  98                         ciph = (struct iphdr *) (icmph + 1);
  99
 100                         if ((u8*)(ciph+1) > skb->tail)
 101                                 goto truncated;
 102
 103                         isaddr = ciph->saddr;
 104                         idaddr = ciph->daddr;
 105                         updated = 0;
 106
 107                         if (rt->rt_flags&RTCF_DNAT && ciph->saddr == odaddr) {
 108                                 ciph->saddr = iph->daddr;
 109                                 updated = 1;
 110                         }
 111                         if (rt->rt_flags&RTCF_SNAT) {
 112                                 if (ciph->daddr != osaddr) {
 113                                         struct   fib_result res;
 114                                         struct   rt_key key;
 115                                         unsigned flags = 0;
 116
 117                                         key.src = ciph->daddr;
 118                                         key.dst = ciph->saddr;
 119                                         key.iif = skb->dev->ifindex;
 120                                         key.oif = 0;
 121 #ifdef CONFIG_IP_ROUTE_TOS
 122                                         key.tos = RT_TOS(ciph->tos);
 123 #endif
 124 #ifdef CONFIG_IP_ROUTE_FWMARK
 125                                         key.fwmark = 0;
 126 #endif
 127                                         /* Use fib_lookup() until we get our own
 128                                          * hash table of NATed hosts -- Rani
 129                                          */
 130                                         if (fib_lookup(&key, &res) == 0) {
 131                                                 if (res.r) {
 132                                                         ciph->daddr = fib_rules_policy(ciph->daddr, &res, &flags);
 133                                                         if (ciph->daddr != idaddr)
 134                                                                 updated = 1;
 135                                                 }
 136                                                 fib_res_put(&res);
 137                                         }
 138                                 } else {
 139                                         ciph->daddr = iph->saddr;
 140                                         updated = 1;
 141                                 }
 142                         }
 143                         if (updated) {
 144                                 cksum  = &icmph->checksum;
 145                                 /* Using tcpudp primitive. Why not? */
 146                                 check  = csum_tcpudp_magic(ciph->saddr, ciph->daddr, 0, 0, ~(*cksum));
 147                                 *cksum = csum_tcpudp_magic(~isaddr, ~idaddr, 0, 0, ~check);
 148                         }
 149                         break;
 150                 }
 151                 default:
 152                         break;
 153                 }
 154         }
 155         return 0;
 156
 157 truncated:
 158         return -EINVAL;
 159 }