search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Expand PMF_FN_* macros.
[netbsd-mini2440.git] / dist / ipf / ip_rpcb_pxy.c
blob4ea07c6af864a0c11d689acf950e69e9b795334b
1 /* $NetBSD$ */
2
3 /*
4 * Copyright (C) 2002-2003 by Ryan Beasley <ryanb@goddamnbastard.org>
5 *
6 * See the IPFILTER.LICENCE file for details on licencing.
7 */
8 /*
9 * Overview:
10 * This is an in-kernel application proxy for Sun's RPCBIND (nee portmap)
11 * protocol as defined in RFC1833. It is far from complete, mostly
12 * lacking in less-likely corner cases, but it's definitely functional.
13 *
14 * Invocation:
15 * rdr <int> <e_ip>/32 port <e_p> -> <i_ip> port <i_p> udp proxy rpcbu
16 *
17 * If the host running IP Filter is the same as the RPC server, it's
18 * perfectly legal for both the internal and external addresses and ports
19 * to match.
20 *
21 * When triggered by appropriate IP NAT rules, this proxy works by
22 * examining data contained in received packets. Requests and replies are
23 * modified, NAT and state table entries created, etc., as necessary.
24 */
25 /*
26 * TODO / NOTES
27 *
28 * o Must implement locking to protect proxy session data.
29 * o Fragmentation isn't supported.
30 * o Only supports UDP.
31 * o Doesn't support multiple RPC records in a single request.
32 * o Errors should be more fine-grained. (e.g., malloc failure vs.
33 * illegal RPCB request / reply)
34 * o Even with the limit on the total amount of recorded transactions,
35 * should there be a timeout on transaction removal?
36 * o There is a potential collision between cloning, wildcard NAT and
37 * state entries. There should be an appr_getport routine for
38 * to avoid this.
39 * o The enclosed hack of STREAMS support is pretty sick and most likely
40 * broken.
41 *
42 * Id: ip_rpcb_pxy.c,v 2.25.2.12 2008/11/06 21:18:36 darrenr Exp
43 */
44
45 #define IPF_RPCB_PROXY
46
47 /*
48 * Function prototypes
49 */
50 int ippr_rpcb_init __P((void));
51 void ippr_rpcb_fini __P((void));
52 int ippr_rpcb_new __P((fr_info_t *, ap_session_t *, nat_t *));
53 void ippr_rpcb_del __P((ap_session_t *));
54 int ippr_rpcb_in __P((fr_info_t *, ap_session_t *, nat_t *));
55 int ippr_rpcb_out __P((fr_info_t *, ap_session_t *, nat_t *));
56
57 static void ippr_rpcb_flush __P((rpcb_session_t *));
58 static int ippr_rpcb_decodereq __P((fr_info_t *, nat_t *,
59 rpcb_session_t *, rpc_msg_t *));
60 static int ippr_rpcb_skipauth __P((rpc_msg_t *, xdr_auth_t *, u_32_t **));
61 static int ippr_rpcb_insert __P((rpcb_session_t *, rpcb_xact_t *));
62 static int ippr_rpcb_xdrrpcb __P((rpc_msg_t *, u_32_t *, rpcb_args_t *));
63 static int ippr_rpcb_getuaddr __P((rpc_msg_t *, xdr_uaddr_t *,
64 u_32_t **));
65 static u_int ippr_rpcb_atoi __P((char *));
66 static int ippr_rpcb_modreq __P((fr_info_t *, nat_t *, rpc_msg_t *,
67 mb_t *, u_int));
68 static int ippr_rpcb_decoderep __P((fr_info_t *, nat_t *,
69 rpcb_session_t *, rpc_msg_t *, rpcb_xact_t **));
70 static rpcb_xact_t * ippr_rpcb_lookup __P((rpcb_session_t *, u_32_t));
71 static void ippr_rpcb_deref __P((rpcb_session_t *, rpcb_xact_t *));
72 static int ippr_rpcb_getproto __P((rpc_msg_t *, xdr_proto_t *,
73 u_32_t **));
74 static int ippr_rpcb_getnat __P((fr_info_t *, nat_t *, u_int, u_int));
75 static int ippr_rpcb_modv3 __P((fr_info_t *, nat_t *, rpc_msg_t *,
76 mb_t *, u_int));
77 static int ippr_rpcb_modv4 __P((fr_info_t *, nat_t *, rpc_msg_t *,
78 mb_t *, u_int));
79 static void ippr_rpcb_fixlen __P((fr_info_t *, int));
80
81 /*
82 * Global variables
83 */
84 static frentry_t rpcbfr; /* Skeleton rule for reference by entities
85 this proxy creates. */
86 static int rpcbcnt; /* Upper bound of allocated RPCB sessions. */
87 /* XXX rpcbcnt still requires locking. */
88
89 int rpcb_proxy_init = 0;
90
91
92 /*
93 * Since rpc_msg contains only pointers, one should use this macro as a
94 * handy way to get to the goods. (In case you're wondering about the name,
95 * this started as BYTEREF -> BREF -> B.)
96 */
97 #define B(r) (u_32_t)ntohl(*(r))
98
99 /*
100 * Public subroutines
101 */
102
103 /* -------------------------------------------------------------------- */
104 /* Function: ippr_rpcb_init */
105 /* Returns: int - 0 == success */
106 /* Parameters: (void) */
107 /* */
108 /* Initialize the filter rule entry and session limiter. */
109 /* -------------------------------------------------------------------- */
110 int
111 ippr_rpcb_init()
112 {
113 rpcbcnt = 0;
114
115 bzero((char *)&rpcbfr, sizeof(rpcbfr));
116 rpcbfr.fr_ref = 1;
117 rpcbfr.fr_flags = FR_PASS|FR_QUICK|FR_KEEPSTATE;
118 MUTEX_INIT(&rpcbfr.fr_lock, "ipf Sun RPCB proxy rule lock");
119 rpcb_proxy_init = 1;
120
121 return(0);
122 }
123
124 /* -------------------------------------------------------------------- */
125 /* Function: ippr_rpcb_fini */
126 /* Returns: void */
127 /* Parameters: (void) */
128 /* */
129 /* Destroy rpcbfr's mutex to avoid a lock leak. */
130 /* -------------------------------------------------------------------- */
131 void
132 ippr_rpcb_fini()
133 {
134 if (rpcb_proxy_init == 1) {
135 MUTEX_DESTROY(&rpcbfr.fr_lock);
136 rpcb_proxy_init = 0;
137 }
138 }
139
140 /* -------------------------------------------------------------------- */
141 /* Function: ippr_rpcb_new */
142 /* Returns: int - -1 == failure, 0 == success */
143 /* Parameters: fin(I) - pointer to packet information */
144 /* aps(I) - pointer to proxy session structure */
145 /* nat(I) - pointer to NAT session structure */
146 /* */
147 /* Allocate resources for per-session proxy structures. */
148 /* -------------------------------------------------------------------- */
149 int
150 ippr_rpcb_new(fin, aps, nat)
151 fr_info_t *fin;
152 ap_session_t *aps;
153 nat_t *nat;
154 {
155 rpcb_session_t *rs;
156
157 fin = fin; /* LINT */
158 nat = nat; /* LINT */
159
160 KMALLOC(rs, rpcb_session_t *);
161 if (rs == NULL)
162 return(-1);
163
164 bzero((char *)rs, sizeof(*rs));
165 MUTEX_INIT(&rs->rs_rxlock, "ipf Sun RPCB proxy session lock");
166
167 aps->aps_data = rs;
168
169 return(0);
170 }
171
172 /* -------------------------------------------------------------------- */
173 /* Function: ippr_rpcb_del */
174 /* Returns: void */
175 /* Parameters: aps(I) - pointer to proxy session structure */
176 /* */
177 /* Free up a session's list of RPCB requests. */
178 /* -------------------------------------------------------------------- */
179 void
180 ippr_rpcb_del(aps)
181 ap_session_t *aps;
182 {
183 rpcb_session_t *rs;
184 rs = (rpcb_session_t *)aps->aps_data;
185
186 MUTEX_ENTER(&rs->rs_rxlock);
187 ippr_rpcb_flush(rs);
188 MUTEX_EXIT(&rs->rs_rxlock);
189 MUTEX_DESTROY(&rs->rs_rxlock);
190 }
191
192 /* -------------------------------------------------------------------- */
193 /* Function: ippr_rpcb_in */
194 /* Returns: int - APR_ERR(1) == drop the packet, */
195 /* APR_ERR(2) == kill the proxy session, */
196 /* else change in packet length (in bytes) */
197 /* Parameters: fin(I) - pointer to packet information */
198 /* ip(I) - pointer to packet header */
199 /* aps(I) - pointer to proxy session structure */
200 /* nat(I) - pointer to NAT session structure */
201 /* */
202 /* Given a presumed RPCB request, perform some minor tests and pass off */
203 /* for decoding. Also pass packet off for a rewrite if necessary. */
204 /* -------------------------------------------------------------------- */
205 int
206 ippr_rpcb_in(fin, aps, nat)
207 fr_info_t *fin;
208 ap_session_t *aps;
209 nat_t *nat;
210 {
211 rpc_msg_t rpcmsg, *rm;
212 rpcb_session_t *rs;
213 u_int off, dlen;
214 mb_t *m;
215 int rv;
216
217 /* Disallow fragmented or illegally short packets. */
218 if ((fin->fin_flx & (FI_FRAG|FI_SHORT)) != 0)
219 return(APR_ERR(1));
220
221 /* Perform basic variable initialization. */
222 rs = (rpcb_session_t *)aps->aps_data;
223
224 m = fin->fin_m;
225 off = (char *)fin->fin_dp - (char *)fin->fin_ip;
226 off += sizeof(udphdr_t) + fin->fin_ipoff;
227 dlen = fin->fin_dlen - sizeof(udphdr_t);
228
229 /* Disallow packets outside legal range for supported requests. */
230 if ((dlen < RPCB_REQMIN) || (dlen > RPCB_REQMAX))
231 return(APR_ERR(1));
232
233 /* Copy packet over to convenience buffer. */
234 rm = &rpcmsg;
235 bzero((char *)rm, sizeof(*rm));
236 COPYDATA(m, off, dlen, (caddr_t)&rm->rm_msgbuf);
237 rm->rm_buflen = dlen;
238
239 /* Send off to decode request. */
240 rv = ippr_rpcb_decodereq(fin, nat, rs, rm);
241
242 switch(rv)
243 {
244 case -1:
245 return(APR_ERR(1));
246 /*NOTREACHED*/
247 break;
248 case 0:
249 break;
250 case 1:
251 rv = ippr_rpcb_modreq(fin, nat, rm, m, off);
252 break;
253 default:
254 /*CONSTANTCONDITION*/
255 IPF_PANIC(1, ("illegal rv %d (ippr_rpcb_req)", rv));
256 }
257
258 return(rv);
259 }
260
261 /* -------------------------------------------------------------------- */
262 /* Function: ippr_rpcb_out */
263 /* Returns: int - APR_ERR(1) == drop the packet, */
264 /* APR_ERR(2) == kill the proxy session, */
265 /* else change in packet length (in bytes) */
266 /* Parameters: fin(I) - pointer to packet information */
267 /* ip(I) - pointer to packet header */
268 /* aps(I) - pointer to proxy session structure */
269 /* nat(I) - pointer to NAT session structure */
270 /* */
271 /* Given a presumed RPCB reply, perform some minor tests and pass off */
272 /* for decoding. If the message indicates a successful request with */
273 /* valid addressing information, create NAT and state structures to */
274 /* allow direct communication between RPC client and server. */
275 /* -------------------------------------------------------------------- */
276 int
277 ippr_rpcb_out(fin, aps, nat)
278 fr_info_t *fin;
279 ap_session_t *aps;
280 nat_t *nat;
281 {
282 rpc_msg_t rpcmsg, *rm;
283 rpcb_session_t *rs;
284 rpcb_xact_t *rx;
285 u_int off, dlen;
286 int rv, diff;
287 mb_t *m;
288
289 /* Disallow fragmented or illegally short packets. */
290 if ((fin->fin_flx & (FI_FRAG|FI_SHORT)) != 0)
291 return(APR_ERR(1));
292
293 /* Perform basic variable initialization. */
294 rs = (rpcb_session_t *)aps->aps_data;
295 rx = NULL;
296
297 m = fin->fin_m;
298 off = (char *)fin->fin_dp - (char *)fin->fin_ip;
299 off += sizeof(udphdr_t) + fin->fin_ipoff;
300 dlen = fin->fin_dlen - sizeof(udphdr_t);
301 diff = 0;
302
303 /* Disallow packets outside legal range for supported requests. */
304 if ((dlen < RPCB_REPMIN) || (dlen > RPCB_REPMAX))
305 return(APR_ERR(1));
306
307 /* Copy packet over to convenience buffer. */
308 rm = &rpcmsg;
309 bzero((char *)rm, sizeof(*rm));
310 COPYDATA(m, off, dlen, (caddr_t)&rm->rm_msgbuf);
311 rm->rm_buflen = dlen;
312
313 rx = NULL; /* XXX gcc */
314
315 /* Send off to decode reply. */
316 rv = ippr_rpcb_decoderep(fin, nat, rs, rm, &rx);
317
318 switch(rv)
319 {
320 case -1: /* Bad packet */
321 if (rx != NULL) {
322 MUTEX_ENTER(&rs->rs_rxlock);
323 ippr_rpcb_deref(rs, rx);
324 MUTEX_EXIT(&rs->rs_rxlock);
325 }
326 return(APR_ERR(1));
327 /*NOTREACHED*/
328 break;
329 case 0: /* Negative reply / request rejected */
330 break;
331 case 1: /* Positive reply */
332 /*
333 * With the IP address embedded in a GETADDR(LIST) reply,
334 * we'll need to rewrite the packet in the very possible
335 * event that the internal & external addresses aren't the
336 * same. (i.e., this box is either a router or rpcbind
337 * only listens on loopback.)
338 */
339 if (nat->nat_inip.s_addr != nat->nat_outip.s_addr) {
340 if (rx->rx_type == RPCB_RES_STRING)
341 diff = ippr_rpcb_modv3(fin, nat, rm, m, off);
342 else if (rx->rx_type == RPCB_RES_LIST)
343 diff = ippr_rpcb_modv4(fin, nat, rm, m, off);
344 }
345 break;
346 default:
347 /*CONSTANTCONDITION*/
348 IPF_PANIC(1, ("illegal rv %d (ippr_rpcb_decoderep)", rv));
349 }
350
351 if (rx != NULL) {
352 MUTEX_ENTER(&rs->rs_rxlock);
353 /* XXX Gross hack - I'm overloading the reference
354 * counter to deal with both threads and retransmitted
355 * requests. One deref signals that this thread is
356 * finished with rx, and the other signals that we've
357 * processed its reply.
358 */
359 ippr_rpcb_deref(rs, rx);
360 ippr_rpcb_deref(rs, rx);
361 MUTEX_EXIT(&rs->rs_rxlock);
362 }
363
364 return(diff);
365 }
366
367 /*
368 * Private support subroutines
369 */
370
371 /* -------------------------------------------------------------------- */
372 /* Function: ippr_rpcb_flush */
373 /* Returns: void */
374 /* Parameters: rs(I) - pointer to RPCB session structure */
375 /* */
376 /* Simply flushes the list of outstanding transactions, if any. */
377 /* -------------------------------------------------------------------- */
378 static void
379 ippr_rpcb_flush(rs)
380 rpcb_session_t *rs;
381 {
382 rpcb_xact_t *r1, *r2;
383
384 r1 = rs->rs_rxlist;
385 if (r1 == NULL)
386 return;
387
388 while (r1 != NULL) {
389 r2 = r1;
390 r1 = r1->rx_next;
391 KFREE(r2);
392 }
393 }
394
395 /* -------------------------------------------------------------------- */
396 /* Function: ippr_rpcb_decodereq */
397 /* Returns: int - -1 == bad request or critical failure, */
398 /* 0 == request successfully decoded, */
399 /* 1 == request successfully decoded; requires */
400 /* address rewrite/modification */
401 /* Parameters: fin(I) - pointer to packet information */
402 /* nat(I) - pointer to NAT session structure */
403 /* rs(I) - pointer to RPCB session structure */
404 /* rm(I) - pointer to RPC message structure */
405 /* */
406 /* Take a presumed RPCB request, decode it, and store the results in */
407 /* the transaction list. If the internal target address needs to be */
408 /* modified, store its location in ptr. */
409 /* WARNING: It's the responsibility of the caller to make sure there */
410 /* is enough room in rs_buf for the basic RPC message "preamble". */
411 /* -------------------------------------------------------------------- */
412 static int
413 ippr_rpcb_decodereq(fin, nat, rs, rm)
414 fr_info_t *fin;
415 nat_t *nat;
416 rpcb_session_t *rs;
417 rpc_msg_t *rm;
418 {
419 rpcb_args_t *ra;
420 u_32_t xdr, *p;
421 rpc_call_t *rc;
422 rpcb_xact_t rx;
423 int mod;
424
425 p = (u_32_t *)rm->rm_msgbuf;
426 mod = 0;
427
428 bzero((char *)&rx, sizeof(rx));
429 rc = &rm->rm_call;
430
431 rm->rm_xid = p;
432 rx.rx_xid = B(p++); /* Record this message's XID. */
433
434 /* Parse out and test the RPC header. */
435 if ((B(p++) != RPCB_CALL) ||
436 (B(p++) != RPCB_MSG_VERSION) ||
437 (B(p++) != RPCB_PROG))
438 return(-1);
439
440 /* Record the RPCB version and procedure. */
441 rc->rc_vers = p++;
442 rc->rc_proc = p++;
443
444 /* Bypass RPC authentication stuff. */
445 if (ippr_rpcb_skipauth(rm, &rc->rc_authcred, &p) != 0)
446 return(-1);
447 if (ippr_rpcb_skipauth(rm, &rc->rc_authverf, &p) != 0)
448 return(-1);
449
450 /* Compare RPCB version and procedure numbers. */
451 switch(B(rc->rc_vers))
452 {
453 case 2:
454 /* This proxy only supports PMAP_GETPORT. */
455 if (B(rc->rc_proc) != RPCB_GETPORT)
456 return(-1);
457
458 /* Portmap requests contain four 4 byte parameters. */
459 if (RPCB_BUF_EQ(rm, p, 16) == 0)
460 return(-1);
461
462 p += 2; /* Skip requested program and version numbers. */
463
464 /* Sanity check the requested protocol. */
465 xdr = B(p);
466 if (!(xdr == IPPROTO_UDP || xdr == IPPROTO_TCP))
467 return(-1);
468
469 rx.rx_type = RPCB_RES_PMAP;
470 rx.rx_proto = xdr;
471 break;
472 case 3:
473 case 4:
474 /* GETADDRLIST is exclusive to v4; GETADDR for v3 & v4 */
475 switch(B(rc->rc_proc))
476 {
477 case RPCB_GETADDR:
478 rx.rx_type = RPCB_RES_STRING;
479 rx.rx_proto = (u_int)fin->fin_p;
480 break;
481 case RPCB_GETADDRLIST:
482 if (B(rc->rc_vers) != 4)
483 return(-1);
484 rx.rx_type = RPCB_RES_LIST;
485 break;
486 default:
487 return(-1);
488 }
489
490 ra = &rc->rc_rpcbargs;
491
492 /* Decode the 'struct rpcb' request. */
493 if (ippr_rpcb_xdrrpcb(rm, p, ra) != 0)
494 return(-1);
495
496 /* Are the target address & port valid? */
497 if ((ra->ra_maddr.xu_ip != nat->nat_outip.s_addr) ||
498 (ra->ra_maddr.xu_port != nat->nat_outport))
499 return(-1);
500
501 /* Do we need to rewrite this packet? */
502 if ((nat->nat_outip.s_addr != nat->nat_inip.s_addr) ||
503 (nat->nat_outport != nat->nat_inport))
504 mod = 1;
505 break;
506 default:
507 return(-1);
508 }
509
510 MUTEX_ENTER(&rs->rs_rxlock);
511 if (ippr_rpcb_insert(rs, &rx) != 0) {
512 MUTEX_EXIT(&rs->rs_rxlock);
513 return(-1);
514 }
515 MUTEX_EXIT(&rs->rs_rxlock);
516
517 return(mod);
518 }
519
520 /* -------------------------------------------------------------------- */
521 /* Function: ippr_rpcb_skipauth */
522 /* Returns: int -- -1 == illegal auth parameters (lengths) */
523 /* 0 == valid parameters, pointer advanced */
524 /* Parameters: rm(I) - pointer to RPC message structure */
525 /* auth(I) - pointer to RPC auth structure */
526 /* buf(IO) - pointer to location within convenience buffer */
527 /* */
528 /* Record auth data length & location of auth data, then advance past */
529 /* it. */
530 /* -------------------------------------------------------------------- */
531 static int
532 ippr_rpcb_skipauth(rm, auth, buf)
533 rpc_msg_t *rm;
534 xdr_auth_t *auth;
535 u_32_t **buf;
536 {
537 u_32_t *p, xdr;
538
539 p = *buf;
540
541 /* Make sure we have enough space for expected fixed auth parms. */
542 if (RPCB_BUF_GEQ(rm, p, 8) == 0)
543 return(-1);
544
545 p++; /* We don't care about auth_flavor. */
546
547 auth->xa_string.xs_len = p;
548 xdr = B(p++); /* Length of auth_data */
549
550 /* Test for absurdity / illegality of auth_data length. */
551 if ((XDRALIGN(xdr) < xdr) || (RPCB_BUF_GEQ(rm, p, XDRALIGN(xdr)) == 0))
552 return(-1);
553
554 auth->xa_string.xs_str = (char *)p;
555
556 p += XDRALIGN(xdr); /* Advance our location. */
557
558 *buf = (u_32_t *)p;
559
560 return(0);
561 }
562
563 /* -------------------------------------------------------------------- */
564 /* Function: ippr_rpcb_insert */
565 /* Returns: int -- -1 == list insertion failed, */
566 /* 0 == item successfully added */
567 /* Parameters: rs(I) - pointer to RPCB session structure */
568 /* rx(I) - pointer to RPCB transaction structure */
569 /* -------------------------------------------------------------------- */
570 static int
571 ippr_rpcb_insert(rs, rx)
572 rpcb_session_t *rs;
573 rpcb_xact_t *rx;
574 {
575 rpcb_xact_t *rxp;
576
577 rxp = ippr_rpcb_lookup(rs, rx->rx_xid);
578 if (rxp != NULL) {
579 ++rxp->rx_ref;
580 return(0);
581 }
582
583 if (rpcbcnt == RPCB_MAXREQS)
584 return(-1);
585
586 KMALLOC(rxp, rpcb_xact_t *);
587 if (rxp == NULL)
588 return(-1);
589
590 bcopy((char *)rx, (char *)rxp, sizeof(*rx));
591
592 if (rs->rs_rxlist != NULL)
593 rs->rs_rxlist->rx_pnext = &rxp->rx_next;
594
595 rxp->rx_pnext = &rs->rs_rxlist;
596 rxp->rx_next = rs->rs_rxlist;
597 rs->rs_rxlist = rxp;
598
599 rxp->rx_ref = 1;
600
601 ++rpcbcnt;
602
603 return(0);
604 }
605
606 /* -------------------------------------------------------------------- */
607 /* Function: ippr_rpcb_xdrrpcb */
608 /* Returns: int -- -1 == failure to properly decode the request */
609 /* 0 == rpcb successfully decoded */
610 /* Parameters: rs(I) - pointer to RPCB session structure */
611 /* p(I) - pointer to location within session buffer */
612 /* rpcb(O) - pointer to rpcb (xdr type) structure */
613 /* */
614 /* Decode a XDR encoded rpcb structure and record its contents in rpcb */
615 /* within only the context of TCP/UDP over IP networks. */
616 /* -------------------------------------------------------------------- */
617 static int
618 ippr_rpcb_xdrrpcb(rm, p, ra)
619 rpc_msg_t *rm;
620 u_32_t *p;
621 rpcb_args_t *ra;
622 {
623 if (!RPCB_BUF_GEQ(rm, p, 20))
624 return(-1);
625
626 /* Bypass target program & version. */
627 p += 2;
628
629 /* Decode r_netid. Must be "tcp" or "udp". */
630 if (ippr_rpcb_getproto(rm, &ra->ra_netid, &p) != 0)
631 return(-1);
632
633 /* Decode r_maddr. */
634 if (ippr_rpcb_getuaddr(rm, &ra->ra_maddr, &p) != 0)
635 return(-1);
636
637 /* Advance to r_owner and make sure it's empty. */
638 if (!RPCB_BUF_EQ(rm, p, 4) || (B(p) != 0))
639 return(-1);
640
641 return(0);
642 }
643
644 /* -------------------------------------------------------------------- */
645 /* Function: ippr_rpcb_getuaddr */
646 /* Returns: int -- -1 == illegal string, */
647 /* 0 == string parsed; contents recorded */
648 /* Parameters: rm(I) - pointer to RPC message structure */
649 /* xu(I) - pointer to universal address structure */
650 /* p(IO) - pointer to location within message buffer */
651 /* */
652 /* Decode the IP address / port at p and record them in xu. */
653 /* -------------------------------------------------------------------- */
654 static int
655 ippr_rpcb_getuaddr(rm, xu, p)
656 rpc_msg_t *rm;
657 xdr_uaddr_t *xu;
658 u_32_t **p;
659 {
660 char *c, *i, *b, *pp;
661 u_int d, dd, l, t;
662 char uastr[24];
663
664 /* Test for string length. */
665 if (!RPCB_BUF_GEQ(rm, *p, 4))
666 return(-1);
667
668 xu->xu_xslen = (*p)++;
669 xu->xu_xsstr = (char *)*p;
670
671 /* Length check */
672 l = B(xu->xu_xslen);
673 if (l < 11 || l > 23 || !RPCB_BUF_GEQ(rm, *p, XDRALIGN(l)))
674 return(-1);
675
676 /* Advance p */
677 *(char **)p += XDRALIGN(l);
678
679 /* Copy string to local buffer & terminate C style */
680 bcopy(xu->xu_xsstr, uastr, l);
681 uastr[l] = '\0';
682
683 i = (char *)&xu->xu_ip;
684 pp = (char *)&xu->xu_port;
685
686 /*
687 * Expected format: a.b.c.d.e.f where [a-d] correspond to bytes of
688 * an IP address and [ef] are the bytes of a L4 port.
689 */
690 if (!(ISDIGIT(uastr[0]) && ISDIGIT(uastr[l-1])))
691 return(-1);
692 b = uastr;
693 for (c = &uastr[1], d = 0, dd = 0; c < &uastr[l-1]; c++) {
694 if (ISDIGIT(*c)) {
695 dd = 0;
696 continue;
697 }
698 if (*c == '.') {
699 if (dd != 0)
700 return(-1);
701
702 /* Check for ASCII byte. */
703 *c = '\0';
704 t = ippr_rpcb_atoi(b);
705 if (t > 255)
706 return(-1);
707
708 /* Aim b at beginning of the next byte. */
709 b = c + 1;
710
711 /* Switch off IP addr vs port parsing. */
712 if (d < 4)
713 i[d++] = t & 0xff;
714 else
715 pp[d++ - 4] = t & 0xff;
716
717 dd = 1;
718 continue;
719 }
720 return(-1);
721 }
722 if (d != 5) /* String must contain exactly 5 periods. */
723 return(-1);
724
725 /* Handle the last byte (port low byte) */
726 t = ippr_rpcb_atoi(b);
727 if (t > 255)
728 return(-1);
729 pp[d - 4] = t & 0xff;
730
731 return(0);
732 }
733
734 /* -------------------------------------------------------------------- */
735 /* Function: ippr_rpcb_atoi (XXX should be generic for all proxies) */
736 /* Returns: int -- integer representation of supplied string */
737 /* Parameters: ptr(I) - input string */
738 /* */
739 /* Simple version of atoi(3) ripped from ip_rcmd_pxy.c. */
740 /* -------------------------------------------------------------------- */
741 static u_int
742 ippr_rpcb_atoi(ptr)
743 char *ptr;
744 {
745 register char *s = ptr, c;
746 register u_int i = 0;
747
748 while (((c = *s++) != '\0') && ISDIGIT(c)) {
749 i *= 10;
750 i += c - '0';
751 }
752 return i;
753 }
754
755 /* -------------------------------------------------------------------- */
756 /* Function: ippr_rpcb_modreq */
757 /* Returns: int -- change in datagram length */
758 /* APR_ERR(2) - critical failure */
759 /* Parameters: fin(I) - pointer to packet information */
760 /* nat(I) - pointer to NAT session */
761 /* rm(I) - pointer to RPC message structure */
762 /* m(I) - pointer to mbuf chain */
763 /* off(I) - current offset within mbuf chain */
764 /* */
765 /* When external and internal addresses differ, we rewrite the former */
766 /* with the latter. (This is exclusive to protocol versions 3 & 4). */
767 /* -------------------------------------------------------------------- */
768 static int
769 ippr_rpcb_modreq(fin, nat, rm, m, off)
770 fr_info_t *fin;
771 nat_t *nat;
772 rpc_msg_t *rm;
773 mb_t *m;
774 u_int off;
775 {
776 u_int len, xlen, pos, bogo;
777 rpcb_args_t *ra;
778 char uaddr[24];
779 udphdr_t *udp;
780 char *i, *p;
781 int diff;
782
783 ra = &rm->rm_call.rc_rpcbargs;
784 i = (char *)&nat->nat_inip.s_addr;
785 p = (char *)&nat->nat_inport;
786
787 /* Form new string. */
788 bzero(uaddr, sizeof(uaddr)); /* Just in case we need padding. */
789 #if defined(SNPRINTF) && defined(_KERNEL)
790 SNPRINTF(uaddr, sizeof(uaddr),
791 #else
792 (void) sprintf(uaddr,
793 #endif
794 "%u.%u.%u.%u.%u.%u", i[0] & 0xff, i[1] & 0xff,
795 i[2] & 0xff, i[3] & 0xff, p[0] & 0xff, p[1] & 0xff);
796 len = strlen(uaddr);
797 xlen = XDRALIGN(len);
798
799 /* Determine mbuf offset to start writing to. */
800 pos = (char *)ra->ra_maddr.xu_xslen - rm->rm_msgbuf;
801 off += pos;
802
803 /* Write new string length. */
804 bogo = htonl(len);
805 COPYBACK(m, off, 4, (caddr_t)&bogo);
806 off += 4;
807
808 /* Write new string. */
809 COPYBACK(m, off, xlen, uaddr);
810 off += xlen;
811
812 /* Write in zero r_owner. */
813 bogo = 0;
814 COPYBACK(m, off, 4, (caddr_t)&bogo);
815
816 /* Determine difference in data lengths. */
817 diff = xlen - XDRALIGN(B(ra->ra_maddr.xu_xslen));
818
819 /*
820 * If our new string has a different length, make necessary
821 * adjustments.
822 */
823 if (diff != 0) {
824 udp = fin->fin_dp;
825 udp->uh_ulen = htons(ntohs(udp->uh_ulen) + diff);
826 fin->fin_ip->ip_len += diff;
827 fin->fin_dlen += diff;
828 fin->fin_plen += diff;
829 /* XXX Storage lengths. */
830 }
831
832 return(diff);
833 }
834
835 /* -------------------------------------------------------------------- */
836 /* Function: ippr_rpcb_decoderep */
837 /* Returns: int - -1 == bad request or critical failure, */
838 /* 0 == valid, negative reply */
839 /* 1 == vaddlid, positive reply; needs no changes */
840 /* Parameters: fin(I) - pointer to packet information */
841 /* nat(I) - pointer to NAT session structure */
842 /* rs(I) - pointer to RPCB session structure */
843 /* rm(I) - pointer to RPC message structure */
844 /* rxp(O) - pointer to RPCB transaction structure */
845 /* */
846 /* Take a presumed RPCB reply, extract the XID, search for the original */
847 /* request information, and determine whether the request was accepted */
848 /* or rejected. With a valid accepted reply, go ahead and create NAT */
849 /* and state entries, and finish up by rewriting the packet as */
850 /* required. */
851 /* */
852 /* WARNING: It's the responsibility of the caller to make sure there */
853 /* is enough room in rs_buf for the basic RPC message "preamble". */
854 /* -------------------------------------------------------------------- */
855 static int
856 ippr_rpcb_decoderep(fin, nat, rs, rm, rxp)
857 fr_info_t *fin;
858 nat_t *nat;
859 rpcb_session_t *rs;
860 rpc_msg_t *rm;
861 rpcb_xact_t **rxp;
862 {
863 rpcb_listp_t *rl;
864 rpcb_entry_t *re;
865 rpcb_xact_t *rx;
866 u_32_t xdr, *p;
867 rpc_resp_t *rr;
868 int rv, cnt;
869
870 p = (u_32_t *)rm->rm_msgbuf;
871
872 bzero((char *)&rx, sizeof(rx));
873 rr = &rm->rm_resp;
874
875 rm->rm_xid = p;
876 xdr = B(p++); /* Record this message's XID. */
877
878 /* Lookup XID */
879 MUTEX_ENTER(&rs->rs_rxlock);
880 if ((rx = ippr_rpcb_lookup(rs, xdr)) == NULL) {
881 MUTEX_EXIT(&rs->rs_rxlock);
882 return(-1);
883 }
884 ++rx->rx_ref; /* per thread reference */
885 MUTEX_EXIT(&rs->rs_rxlock);
886
887 *rxp = rx;
888
889 /* Test call vs reply */
890 if (B(p++) != RPCB_REPLY)
891 return(-1);
892
893 /* Test reply_stat */
894 switch(B(p++))
895 {
896 case RPCB_MSG_DENIED:
897 return(0);
898 case RPCB_MSG_ACCEPTED:
899 break;
900 default:
901 return(-1);
902 }
903
904 /* Bypass RPC authentication stuff. */
905 if (ippr_rpcb_skipauth(rm, &rr->rr_authverf, &p) != 0)
906 return(-1);
907
908 /* Test accept status */
909 if (!RPCB_BUF_GEQ(rm, p, 4))
910 return(-1);
911 if (B(p++) != 0)
912 return(0);
913
914 /* Parse out the expected reply */
915 switch(rx->rx_type)
916 {
917 case RPCB_RES_PMAP:
918 /* There must be only one 4 byte argument. */
919 if (!RPCB_BUF_EQ(rm, p, 4))
920 return(-1);
921
922 rr->rr_v2 = p;
923 xdr = B(rr->rr_v2);
924
925 /* Reply w/ a 0 port indicates service isn't registered */
926 if (xdr == 0)
927 return(0);
928
929 /* Is the value sane? */
930 if (xdr > 65535)
931 return(-1);
932
933 /* Create NAT & state table entries. */
934 if (ippr_rpcb_getnat(fin, nat, rx->rx_proto, (u_int)xdr) != 0)
935 return(-1);
936 break;
937 case RPCB_RES_STRING:
938 /* Expecting a XDR string; need 4 bytes for length */
939 if (!RPCB_BUF_GEQ(rm, p, 4))
940 return(-1);
941
942 rr->rr_v3.xu_str.xs_len = p++;
943 rr->rr_v3.xu_str.xs_str = (char *)p;
944
945 xdr = B(rr->rr_v3.xu_xslen);
946
947 /* A null string indicates an unregistered service */
948 if ((xdr == 0) && RPCB_BUF_EQ(rm, p, 0))
949 return(0);
950
951 /* Decode the target IP address / port. */
952 if (ippr_rpcb_getuaddr(rm, &rr->rr_v3, &p) != 0)
953 return(-1);
954
955 /* Validate the IP address and port contained. */
956 if (nat->nat_inip.s_addr != rr->rr_v3.xu_ip)
957 return(-1);
958
959 /* Create NAT & state table entries. */
960 if (ippr_rpcb_getnat(fin, nat, rx->rx_proto,
961 (u_int)rr->rr_v3.xu_port) != 0)
962 return(-1);
963 break;
964 case RPCB_RES_LIST:
965 if (!RPCB_BUF_GEQ(rm, p, 4))
966 return(-1);
967 /* rpcb_entry_list_ptr */
968 switch(B(p))
969 {
970 case 0:
971 return(0);
972 /*NOTREACHED*/
973 break;
974 case 1:
975 break;
976 default:
977 return(-1);
978 }
979 rl = &rr->rr_v4;
980 rl->rl_list = p++;
981 cnt = 0;
982
983 for(;;) {
984 re = &rl->rl_entries[rl->rl_cnt];
985 if (ippr_rpcb_getuaddr(rm, &re->re_maddr, &p) != 0)
986 return(-1);
987 if (ippr_rpcb_getproto(rm, &re->re_netid, &p) != 0)
988 return(-1);
989 /* re_semantics & re_pfamily length */
990 if (!RPCB_BUF_GEQ(rm, p, 12))
991 return(-1);
992 p++; /* Skipping re_semantics. */
993 xdr = B(p++);
994 if ((xdr != 4) || strncmp((char *)p, "inet", 4))
995 return(-1);
996 p++;
997 if (ippr_rpcb_getproto(rm, &re->re_proto, &p) != 0)
998 return(-1);
999 if (!RPCB_BUF_GEQ(rm, p, 4))
1000 return(-1);
1001 re->re_more = p;
1002 if (B(re->re_more) > 1) /* 0,1 only legal values */
1003 return(-1);
1004 ++rl->rl_cnt;
1005 ++cnt;
1006 if (B(re->re_more) == 0)
1007 break;
1008 /* Replies in max out at 2; TCP and/or UDP */
1009 if (cnt > 2)
1010 return(-1);
1011 p++;
1012 }
1013
1014 for(rl->rl_cnt = 0; rl->rl_cnt < cnt; rl->rl_cnt++) {
1015 re = &rl->rl_entries[rl->rl_cnt];
1016 rv = ippr_rpcb_getnat(fin, nat,
1017 re->re_proto.xp_proto,
1018 (u_int)re->re_maddr.xu_port);
1019 if (rv != 0)
1020 return(-1);
1021 }
1022 break;
1023 default:
1024 /*CONSTANTCONDITION*/
1025 IPF_PANIC(1, ("illegal rx_type %d", rx->rx_type));
1026 }
1027
1028 return(1);
1029 }
1030
1031 /* -------------------------------------------------------------------- */
1032 /* Function: ippr_rpcb_lookup */
1033 /* Returns: rpcb_xact_t * - NULL == no matching record, */
1034 /* else pointer to relevant entry */
1035 /* Parameters: rs(I) - pointer to RPCB session */
1036 /* xid(I) - XID to look for */
1037 /* -------------------------------------------------------------------- */
1038 static rpcb_xact_t *
1039 ippr_rpcb_lookup(rs, xid)
1040 rpcb_session_t *rs;
1041 u_32_t xid;
1042 {
1043 rpcb_xact_t *rx;
1044
1045 if (rs->rs_rxlist == NULL)
1046 return(NULL);
1047
1048 for (rx = rs->rs_rxlist; rx != NULL; rx = rx->rx_next)
1049 if (rx->rx_xid == xid)
1050 break;
1051
1052 return(rx);
1053 }
1054
1055 /* -------------------------------------------------------------------- */
1056 /* Function: ippr_rpcb_deref */
1057 /* Returns: (void) */
1058 /* Parameters: rs(I) - pointer to RPCB session */
1059 /* rx(I) - pointer to RPC transaction struct to remove */
1060 /* force(I) - indicates to delete entry regardless of */
1061 /* reference count */
1062 /* Locking: rs->rs_rxlock must be held write only */
1063 /* */
1064 /* Free the RPCB transaction record rx from the chain of entries. */
1065 /* -------------------------------------------------------------------- */
1066 static void
1067 ippr_rpcb_deref(rs, rx)
1068 rpcb_session_t *rs;
1069 rpcb_xact_t *rx;
1070 {
1071 rs = rs; /* LINT */
1072
1073 if (rx == NULL)
1074 return;
1075
1076 if (--rx->rx_ref != 0)
1077 return;
1078
1079 if (rx->rx_next != NULL)
1080 rx->rx_next->rx_pnext = rx->rx_pnext;
1081
1082 *rx->rx_pnext = rx->rx_next;
1083
1084 KFREE(rx);
1085
1086 --rpcbcnt;
1087 }
1088
1089 /* -------------------------------------------------------------------- */
1090 /* Function: ippr_rpcb_getproto */
1091 /* Returns: int - -1 == illegal protocol/netid, */
1092 /* 0 == legal protocol/netid */
1093 /* Parameters: rm(I) - pointer to RPC message structure */
1094 /* xp(I) - pointer to netid structure */
1095 /* p(IO) - pointer to location within packet buffer */
1096 /* */
1097 /* Decode netid/proto stored at p and record its numeric value. */
1098 /* -------------------------------------------------------------------- */
1099 static int
1100 ippr_rpcb_getproto(rm, xp, p)
1101 rpc_msg_t *rm;
1102 xdr_proto_t *xp;
1103 u_32_t **p;
1104 {
1105 u_int len;
1106
1107 /* Must have 4 bytes for length & 4 bytes for "tcp" or "udp". */
1108 if (!RPCB_BUF_GEQ(rm, p, 8))
1109 return(-1);
1110
1111 xp->xp_xslen = (*p)++;
1112 xp->xp_xsstr = (char *)*p;
1113
1114 /* Test the string length. */
1115 len = B(xp->xp_xslen);
1116 if (len != 3)
1117 return(-1);
1118
1119 /* Test the actual string & record the protocol accordingly. */
1120 if (!strncmp((char *)xp->xp_xsstr, "tcp\0", 4))
1121 xp->xp_proto = IPPROTO_TCP;
1122 else if (!strncmp((char *)xp->xp_xsstr, "udp\0", 4))
1123 xp->xp_proto = IPPROTO_UDP;
1124 else {
1125 return(-1);
1126 }
1127
1128 /* Advance past the string. */
1129 (*p)++;
1130
1131 return(0);
1132 }
1133
1134 /* -------------------------------------------------------------------- */
1135 /* Function: ippr_rpcb_getnat */
1136 /* Returns: int -- -1 == failed to create table entries, */
1137 /* 0 == success */
1138 /* Parameters: fin(I) - pointer to packet information */
1139 /* nat(I) - pointer to NAT table entry */
1140 /* proto(I) - transport protocol for new entries */
1141 /* port(I) - new port to use w/ wildcard table entries */
1142 /* */
1143 /* Create state and NAT entries to handle an anticipated connection */
1144 /* attempt between RPC client and server. */
1145 /* -------------------------------------------------------------------- */
1146 static int
1147 ippr_rpcb_getnat(fin, nat, proto, port)
1148 fr_info_t *fin;
1149 nat_t *nat;
1150 u_int proto;
1151 u_int port;
1152 {
1153 ipnat_t *ipn, ipnat;
1154 tcphdr_t tcp;
1155 ipstate_t *is;
1156 fr_info_t fi;
1157 nat_t *natl;
1158 int nflags;
1159
1160 ipn = nat->nat_ptr;
1161
1162 /* Generate dummy fr_info */
1163 bcopy((char *)fin, (char *)&fi, sizeof(fi));
1164 fi.fin_out = 0;
1165 fi.fin_src = fin->fin_dst;
1166 fi.fin_dst = nat->nat_outip;
1167 fi.fin_p = proto;
1168 fi.fin_sport = 0;
1169 fi.fin_dport = port & 0xffff;
1170 fi.fin_flx |= FI_IGNORE;
1171
1172 bzero((char *)&tcp, sizeof(tcp));
1173 tcp.th_dport = htons(port);
1174
1175 if (proto == IPPROTO_TCP) {
1176 tcp.th_win = htons(8192);
1177 TCP_OFF_A(&tcp, sizeof(tcphdr_t) >> 2);
1178 fi.fin_dlen = sizeof(tcphdr_t);
1179 tcp.th_flags = TH_SYN;
1180 nflags = NAT_TCP;
1181 } else {
1182 fi.fin_dlen = sizeof(udphdr_t);
1183 nflags = NAT_UDP;
1184 }
1185
1186 nflags |= SI_W_SPORT|NAT_SEARCH;
1187 fi.fin_dp = &tcp;
1188 fi.fin_plen = fi.fin_hlen + fi.fin_dlen;
1189
1190 /*
1191 * Search for existing NAT & state entries. Pay close attention to
1192 * mutexes / locks grabbed from lookup routines, as not doing so could
1193 * lead to bad things.
1194 *
1195 * If successful, fr_stlookup returns with ipf_state locked. We have
1196 * no use for this lock, so simply unlock it if necessary.
1197 */
1198 is = fr_stlookup(&fi, &tcp, NULL);
1199 if (is != NULL) {
1200 RWLOCK_EXIT(&ipf_state);
1201 }
1202
1203 RWLOCK_EXIT(&ipf_nat);
1204
1205 WRITE_ENTER(&ipf_nat);
1206 natl = nat_inlookup(&fi, nflags, proto, fi.fin_src, fi.fin_dst);
1207
1208 if ((natl != NULL) && (is != NULL)) {
1209 MUTEX_DOWNGRADE(&ipf_nat);
1210 return(0);
1211 }
1212
1213 /* Slightly modify the following structures for actual use in creating
1214 * NAT and/or state entries. We're primarily concerned with stripping
1215 * flags that may be detrimental to the creation process or simply
1216 * shouldn't be associated with a table entry.
1217 */
1218 fi.fin_fr = &rpcbfr;
1219 fi.fin_flx &= ~FI_IGNORE;
1220 nflags &= ~NAT_SEARCH;
1221
1222 if (natl == NULL) {
1223 /* XXX Since we're just copying the original ipn contents
1224 * back, would we be better off just sending a pointer to
1225 * the 'temp' copy off to nat_new instead?
1226 */
1227 /* Generate template/bogus NAT rule. */
1228 bcopy((char *)ipn, (char *)&ipnat, sizeof(ipnat));
1229 ipn->in_flags = nflags & IPN_TCPUDP;
1230 ipn->in_apr = NULL;
1231 ipn->in_p = proto;
1232 ipn->in_pmin = htons(fi.fin_dport);
1233 ipn->in_pmax = htons(fi.fin_dport);
1234 ipn->in_pnext = htons(fi.fin_dport);
1235 ipn->in_space = 1;
1236 ipn->in_ippip = 1;
1237 if (ipn->in_flags & IPN_FILTER) {
1238 ipn->in_scmp = 0;
1239 ipn->in_dcmp = 0;
1240 }
1241 *ipn->in_plabel = '\0';
1242
1243 /* Create NAT entry. return NULL if this fails. */
1244 MUTEX_ENTER(&ipf_nat_new);
1245 natl = nat_new(&fi, ipn, NULL, nflags|SI_CLONE|NAT_SLAVE,
1246 NAT_INBOUND);
1247 MUTEX_EXIT(&ipf_nat_new);
1248
1249 bcopy((char *)&ipnat, (char *)ipn, sizeof(ipnat));
1250
1251 if (natl == NULL) {
1252 MUTEX_DOWNGRADE(&ipf_nat);
1253 return(-1);
1254 }
1255
1256 ipn->in_use++;
1257 (void) nat_proto(&fi, natl, nflags);
1258 MUTEX_ENTER(&natl->nat_lock);
1259 nat_update(&fi, natl);
1260 MUTEX_EXIT(&natl->nat_lock);
1261 }
1262 MUTEX_DOWNGRADE(&ipf_nat);
1263
1264 if (is == NULL) {
1265 /* Create state entry. Return NULL if this fails. */
1266 fi.fin_dst = nat->nat_inip;
1267 fi.fin_flx |= FI_NATED;
1268 fi.fin_flx &= ~FI_STATE;
1269 nflags &= NAT_TCPUDP;
1270 nflags |= SI_W_SPORT|SI_CLONE;
1271
1272 is = fr_addstate(&fi, NULL, nflags);
1273 if (is == NULL) {
1274 /*
1275 * XXX nat_delete is private to ip_nat.c. Should
1276 * check w/ Darren about this one.
1277 *
1278 * nat_delete(natl, NL_EXPIRE);
1279 */
1280 return(-1);
1281 }
1282 }
1283
1284 return(0);
1285 }
1286
1287 /* -------------------------------------------------------------------- */
1288 /* Function: ippr_rpcb_modv3 */
1289 /* Returns: int -- change in packet length */
1290 /* Parameters: fin(I) - pointer to packet information */
1291 /* nat(I) - pointer to NAT session */
1292 /* rm(I) - pointer to RPC message structure */
1293 /* m(I) - pointer to mbuf chain */
1294 /* off(I) - offset within mbuf chain */
1295 /* */
1296 /* Write a new universal address string to this packet, adjusting */
1297 /* lengths as necessary. */
1298 /* -------------------------------------------------------------------- */
1299 static int
1300 ippr_rpcb_modv3(fin, nat, rm, m, off)
1301 fr_info_t *fin;
1302 nat_t *nat;
1303 rpc_msg_t *rm;
1304 mb_t *m;
1305 u_int off;
1306 {
1307 u_int len, xlen, pos, bogo;
1308 rpc_resp_t *rr;
1309 char uaddr[24];
1310 char *i, *p;
1311 int diff;
1312
1313 rr = &rm->rm_resp;
1314 i = (char *)&nat->nat_outip.s_addr;
1315 p = (char *)&rr->rr_v3.xu_port;
1316
1317 /* Form new string. */
1318 bzero(uaddr, sizeof(uaddr)); /* Just in case we need padding. */
1319 #if defined(SNPRINTF) && defined(_KERNEL)
1320 SNPRINTF(uaddr, sizeof(uaddr),
1321 #else
1322 (void) sprintf(uaddr,
1323 #endif
1324 "%u.%u.%u.%u.%u.%u", i[0] & 0xff, i[1] & 0xff,
1325 i[2] & 0xff, i[3] & 0xff, p[0] & 0xff, p[1] & 0xff);
1326 len = strlen(uaddr);
1327 xlen = XDRALIGN(len);
1328
1329 /* Determine mbuf offset to write to. */
1330 pos = (char *)rr->rr_v3.xu_xslen - rm->rm_msgbuf;
1331 off += pos;
1332
1333 /* Write new string length. */
1334 bogo = htonl(len);
1335 COPYBACK(m, off, 4, (caddr_t)&bogo);
1336 off += 4;
1337
1338 /* Write new string. */
1339 COPYBACK(m, off, xlen, uaddr);
1340
1341 /* Determine difference in data lengths. */
1342 diff = xlen - XDRALIGN(B(rr->rr_v3.xu_xslen));
1343
1344 /*
1345 * If our new string has a different length, make necessary
1346 * adjustments.
1347 */
1348 if (diff != 0)
1349 ippr_rpcb_fixlen(fin, diff);
1350
1351 return(diff);
1352 }
1353
1354 /* -------------------------------------------------------------------- */
1355 /* Function: ippr_rpcb_modv4 */
1356 /* Returns: int -- change in packet length */
1357 /* Parameters: fin(I) - pointer to packet information */
1358 /* nat(I) - pointer to NAT session */
1359 /* rm(I) - pointer to RPC message structure */
1360 /* m(I) - pointer to mbuf chain */
1361 /* off(I) - offset within mbuf chain */
1362 /* */
1363 /* Write new rpcb_entry list, adjusting lengths as necessary. */
1364 /* -------------------------------------------------------------------- */
1365 static int
1366 ippr_rpcb_modv4(fin, nat, rm, m, off)
1367 fr_info_t *fin;
1368 nat_t *nat;
1369 rpc_msg_t *rm;
1370 mb_t *m;
1371 u_int off;
1372 {
1373 u_int len, xlen, pos, bogo;
1374 rpcb_listp_t *rl;
1375 rpcb_entry_t *re;
1376 rpc_resp_t *rr;
1377 char uaddr[24];
1378 int diff, cnt;
1379 char *i, *p;
1380
1381 diff = 0;
1382 rr = &rm->rm_resp;
1383 rl = &rr->rr_v4;
1384
1385 i = (char *)&nat->nat_outip.s_addr;
1386
1387 /* Determine mbuf offset to write to. */
1388 re = &rl->rl_entries[0];
1389 pos = (char *)re->re_maddr.xu_xslen - rm->rm_msgbuf;
1390 off += pos;
1391
1392 for (cnt = 0; cnt < rl->rl_cnt; cnt++) {
1393 re = &rl->rl_entries[cnt];
1394 p = (char *)&re->re_maddr.xu_port;
1395
1396 /* Form new string. */
1397 bzero(uaddr, sizeof(uaddr)); /* Just in case we need
1398 padding. */
1399 #if defined(SNPRINTF) && defined(_KERNEL)
1400 SNPRINTF(uaddr, sizeof(uaddr),
1401 #else
1402 (void) sprintf(uaddr,
1403 #endif
1404 "%u.%u.%u.%u.%u.%u", i[0] & 0xff,
1405 i[1] & 0xff, i[2] & 0xff, i[3] & 0xff,
1406 p[0] & 0xff, p[1] & 0xff);
1407 len = strlen(uaddr);
1408 xlen = XDRALIGN(len);
1409
1410 /* Write new string length. */
1411 bogo = htonl(len);
1412 COPYBACK(m, off, 4, (caddr_t)&bogo);
1413 off += 4;
1414
1415 /* Write new string. */
1416 COPYBACK(m, off, xlen, uaddr);
1417 off += xlen;
1418
1419 /* Record any change in length. */
1420 diff += xlen - XDRALIGN(B(re->re_maddr.xu_xslen));
1421
1422 /* If the length changed, copy back the rest of this entry. */
1423 len = ((char *)re->re_more + 4) -
1424 (char *)re->re_netid.xp_xslen;
1425 if (diff != 0) {
1426 COPYBACK(m, off, len, (caddr_t)re->re_netid.xp_xslen);
1427 }
1428 off += len;
1429 }
1430
1431 /*
1432 * If our new string has a different length, make necessary
1433 * adjustments.
1434 */
1435 if (diff != 0)
1436 ippr_rpcb_fixlen(fin, diff);
1437
1438 return(diff);
1439 }
1440
1441
1442 /* -------------------------------------------------------------------- */
1443 /* Function: ippr_rpcb_fixlen */
1444 /* Returns: (void) */
1445 /* Parameters: fin(I) - pointer to packet information */
1446 /* len(I) - change in packet length */
1447 /* */
1448 /* Adjust various packet related lengths held in structure and packet */
1449 /* header fields. */
1450 /* -------------------------------------------------------------------- */
1451 static void
1452 ippr_rpcb_fixlen(fin, len)
1453 fr_info_t *fin;
1454 int len;
1455 {
1456 udphdr_t *udp;
1457
1458 udp = fin->fin_dp;
1459 udp->uh_ulen = htons(ntohs(udp->uh_ulen) + len);
1460 fin->fin_ip->ip_len += len;
1461 fin->fin_dlen += len;
1462 fin->fin_plen += len;
1463 }
1464
1465 #undef B
NetBSD on the FriendlyARM MINI2440