76#include <machine/stdarg.h>
78#include <sys/gsb_crc32.h>
80#include <sys/kernel.h>
81#include <sys/module.h>
82#include <sys/syslog.h>
87#include <machine/in_cksum.h>
93#include <machine/in_cksum.h>
94#include <sys/libkern.h>
189#define sn_malloc(x) malloc(x, M_SCTPNAT, M_NOWAIT|M_ZERO)
190#define sn_calloc(n,x) mallocarray((n), (x), M_SCTPNAT, M_NOWAIT|M_ZERO)
191#define sn_free(x) free(x, M_SCTPNAT)
195#define sn_malloc(x) malloc(x)
196#define sn_calloc(n, x) calloc(n, x)
197#define sn_free(x) free(x)
209#define SN_SCTP_FIRSTCHUNK(sctphead) (struct sctp_chunkhdr *)(((char *)sctphead) + sizeof(struct sctphdr))
212#define SN_SCTP_NEXTCHUNK(chunkhead) (struct sctp_chunkhdr *)(((char *)chunkhead) + SCTP_SIZE32(ntohs(chunkhead->chunk_length)))
215#define SN_SCTP_NEXTPARAM(param) (struct sctp_paramhdr *)(((char *)param) + SCTP_SIZE32(ntohs(param->param_length)))
218#define SN_MIN_CHUNK_SIZE 4
219#define SN_MIN_PARAM_SIZE 4
220#define SN_VTAG_PARAM_SIZE 12
221#define SN_ASCONFACK_PARAM_SIZE 8
225#define SN_PARSE_ERROR_IPSHL 1
226#define SN_PARSE_ERROR_AS_MALLOC 2
227#define SN_PARSE_ERROR_CHHL 3
228#define SN_PARSE_ERROR_DIR 4
229#define SN_PARSE_ERROR_VTAG 5
230#define SN_PARSE_ERROR_CHUNK 6
231#define SN_PARSE_ERROR_PORT 7
232#define SN_PARSE_ERROR_LOOKUP 8
233#define SN_PARSE_ERROR_PARTIALLOOKUP 9
234#define SN_PARSE_ERROR_LOOKUP_ABORT 10
237#define SN_SCTP_ABORT 0x0000
238#define SN_SCTP_INIT 0x0001
239#define SN_SCTP_INITACK 0x0002
240#define SN_SCTP_SHUTCOMP 0x0010
241#define SN_SCTP_SHUTACK 0x0020
242#define SN_SCTP_ASCONF 0x0100
243#define SN_SCTP_ASCONFACK 0x0200
244#define SN_SCTP_OTHER 0xFFFF
263#define SN_LOG_EVENT 1
265#define SN_LOG_DETAIL 3
266#define SN_LOG_DEBUG 4
267#define SN_LOG_DEBUG_MAX 5
269#define SN_LOG(level, action) if (sysctl_log_level >= level) { action; }
275#define SN_MIN_HASH_SIZE 101
276#define SN_MAX_HASH_SIZE 1000001
277#define SN_DEFAULT_HASH_SIZE 2003
279#define SN_LOCAL_TBL 0x01
280#define SN_GLOBAL_TBL 0x02
281#define SN_BOTH_TBL 0x03
282#define SN_WAIT_TOLOCAL 0x10
283#define SN_WAIT_TOGLOBAL 0x20
284#define SN_NULL_TBL 0x00
285#define SN_MAX_GLOBAL_ADDRESSES 100
288#define SN_ADD_CLASH 1
290#define SN_TABLE_HASH(vtag, port, size) (((u_int) vtag + (u_int) port) % (u_int) size)
297#define SN_MIN_TIMER 1
298#define SN_MAX_TIMER 600
299#define SN_TIMER_QUEUE_SIZE SN_MAX_TIMER+2
301#define SN_I_T(la) (LibAliasTime + sysctl_init_timer)
302#define SN_U_T(la) (LibAliasTime + sysctl_up_timer)
303#define SN_C_T(la) (LibAliasTime + sysctl_shutdown_timer)
304#define SN_X_T(la) (LibAliasTime + sysctl_holddown_timer)
353#define SN_NO_ERROR_ON_OOTB 0
354#define SN_LOCAL_ERROR_ON_OOTB 1
355#define SN_LOCALandPARTIAL_ERROR_ON_OOTB 2
356#define SN_ERROR_ON_OOTB 3
364static SYSCTL_NODE(_net_inet_ip_alias, OID_AUTO, sctp,
365 CTLFLAG_RW | CTLFLAG_MPSAFE, NULL,
367SYSCTL_PROC(_net_inet_ip_alias_sctp, OID_AUTO, log_level,
368 CTLTYPE_UINT | CTLFLAG_RW | CTLFLAG_NEEDGIANT,
370 "Level of detail (0 - default, 1 - event, 2 - info, 3 - detail, 4 - debug, 5 - max debug)");
371SYSCTL_PROC(_net_inet_ip_alias_sctp, OID_AUTO, init_timer,
372 CTLTYPE_UINT | CTLFLAG_RW | CTLFLAG_NEEDGIANT,
374 "Timeout value (s) while waiting for (INIT-ACK|AddIP-ACK)");
375SYSCTL_PROC(_net_inet_ip_alias_sctp, OID_AUTO, up_timer,
376 CTLTYPE_UINT | CTLFLAG_RW | CTLFLAG_NEEDGIANT,
378 "Timeout value (s) to keep an association up with no traffic");
379SYSCTL_PROC(_net_inet_ip_alias_sctp, OID_AUTO, shutdown_timer,
380 CTLTYPE_UINT | CTLFLAG_RW | CTLFLAG_NEEDGIANT,
382 "Timeout value (s) while waiting for SHUTDOWN-COMPLETE");
383SYSCTL_PROC(_net_inet_ip_alias_sctp, OID_AUTO, holddown_timer,
384 CTLTYPE_UINT | CTLFLAG_RW | CTLFLAG_NEEDGIANT,
386 "Hold association in table for this many seconds after receiving a SHUTDOWN-COMPLETE");
387SYSCTL_PROC(_net_inet_ip_alias_sctp, OID_AUTO, hashtable_size,
388 CTLTYPE_UINT | CTLFLAG_RW | CTLFLAG_NEEDGIANT,
390 "Size of hash tables used for NAT lookups (100 < prime_number > 1000001)");
391SYSCTL_PROC(_net_inet_ip_alias_sctp, OID_AUTO, error_on_ootb,
392 CTLTYPE_UINT | CTLFLAG_RW | CTLFLAG_NEEDGIANT,
394 "ErrorM sent on receipt of ootb packet:\n\t0 - none,\n"
395 "\t1 - to local only,\n"
396 "\t2 - to local and global if a partial association match,\n"
397 "\t3 - to local and global (DoS risk)");
398SYSCTL_PROC(_net_inet_ip_alias_sctp, OID_AUTO, accept_global_ootb_addip,
399 CTLTYPE_UINT | CTLFLAG_RW | CTLFLAG_NEEDGIANT,
401 "NAT response to receipt of global OOTB AddIP:\n"
402 "\t0 - No response,\n"
403 "\t1 - NAT will accept OOTB global AddIP messages for processing (Security risk)");
404SYSCTL_PROC(_net_inet_ip_alias_sctp, OID_AUTO, initialising_chunk_proc_limit,
405 CTLTYPE_UINT | CTLFLAG_RW | CTLFLAG_NEEDGIANT,
408 "Number of chunks that should be processed if there is no current "
409 "association found:\n\t > 0 (A high value is a DoS risk)");
410SYSCTL_PROC(_net_inet_ip_alias_sctp, OID_AUTO, chunk_proc_limit,
411 CTLTYPE_UINT | CTLFLAG_RW | CTLFLAG_NEEDGIANT,
413 "Number of chunks that should be processed to find key chunk:\n"
414 "\t>= initialising_chunk_proc_limit (A high value is a DoS risk)");
415SYSCTL_PROC(_net_inet_ip_alias_sctp, OID_AUTO, param_proc_limit,
416 CTLTYPE_UINT | CTLFLAG_RW | CTLFLAG_NEEDGIANT,
418 "Number of parameters (in a chunk) that should be processed to find key "
419 "parameters:\n\t> 1 (A high value is a DoS risk)");
420SYSCTL_PROC(_net_inet_ip_alias_sctp, OID_AUTO, track_global_addresses,
421 CTLTYPE_UINT | CTLFLAG_RW | CTLFLAG_NEEDGIANT,
423 "Configures the global address tracking option within the NAT:\n"
424 "\t0 - Global tracking is disabled,\n"
425 "\t> 0 - enables tracking but limits the number of global IP addresses to this value");
437 u_int level = *(u_int *)arg1;
440 error = sysctl_handle_int(oidp, &level, 0, req);
459 u_int timer = *(u_int *)arg1;
462 error = sysctl_handle_int(oidp, &timer, 0, req);
472 *(u_int *)arg1 = timer;
488 u_int size = *(u_int *)arg1;
491 error = sysctl_handle_int(oidp, &size, 0, req);
499 for (;(((size % 3) == 0) || ((size % 5) == 0) || ((size % 7) == 0) || ((size % 11) == 0)); size+=2);
517 u_int flag = *(u_int *)arg1;
520 error = sysctl_handle_int(oidp, &flag, 0, req);
537 u_int flag = *(u_int *)arg1;
540 error = sysctl_handle_int(oidp, &flag, 0, req);
558 u_int proclimit = *(u_int *)arg1;
561 error = sysctl_handle_int(oidp, &proclimit, 0, req);
581 u_int proclimit = *(u_int *)arg1;
584 error = sysctl_handle_int(oidp, &proclimit, 0, req);
603 u_int proclimit = *(u_int *)arg1;
606 error = sysctl_handle_int(oidp, &proclimit, 0, req);
611 (proclimit < 2) ? 2 : proclimit;
625 u_int num_to_track = *(u_int *)arg1;
628 error = sysctl_handle_int(oidp, &num_to_track, 0, req);
657 la->sctpTableLocal = sn_calloc(la->
sctpNatTableSize,
sizeof(
struct sctpNatTableL));
658 la->sctpTableGlobal = sn_calloc(la->
sctpNatTableSize,
sizeof(
struct sctpNatTableG));
662 LIST_INIT(&la->sctpTableLocal[i]);
663 LIST_INIT(&la->sctpTableGlobal[i]);
701 while (assoc1 != NULL) {
703 assoc2 = LIST_NEXT(assoc1, timer_Q);
709 sn_free(la->sctpTableLocal);
710 sn_free(la->sctpTableGlobal);
763 logsctperror(
"SN_PARSE_ERROR", msg.sctp_hdr->v_tag, rtnval, direction));
768 logsctperror(
"SN_PARSE_ERROR", msg.sctp_hdr->v_tag, rtnval, direction));
780 logsctperror(
"SN_PARSE_ERROR", msg.sctp_hdr->v_tag, rtnval, direction));
804 &(assoc->
l_addr), &(msg.ip_hdr->ip_dst), 2);
805 msg.ip_hdr->ip_dst = assoc->
l_addr;
809 &(assoc->
a_addr), &(msg.ip_hdr->ip_src), 2);
810 msg.ip_hdr->ip_src = assoc->
a_addr;
900#if BYTE_ORDER == BIG_ENDIAN
901 uint8_t byte0, byte1, byte2, byte3;
906#if BYTE_ORDER == BIG_ENDIAN
912 byte0 = result & 0x000000ff;
913 byte1 = (result >> 8) & 0x000000ff;
914 byte2 = (result >> 16) & 0x000000ff;
915 byte3 = (result >> 24) & 0x000000ff;
916 crc32c = ((byte0 << 24) | (byte1 << 16) | (byte2 << 8) | byte3);
932 int ip_size =
sizeof(
struct ip) + sctp_size;
933 int include_error_cause = 1;
934 char tmp_ip[ip_size];
935 char addrbuf[INET_ADDRSTRLEN];
938 include_error_cause = 0;
943 struct ip*
ip = (
struct ip *) tmp_ip;
960#define SCTP_MIDDLEBOX_FLAG 0x02
961#define SCTP_NAT_TABLE_COLLISION 0x00b0
962#define SCTP_MISSING_NAT 0x00b1
965 if (include_error_cause) {
1015 (include_error_cause ? ntohs(error_cause->
code) : 0),
1058 int partial_match = 0;
1073 bytes_left = ntohs(pip->
ip_len) - (pip->
ip_hl << 2);
1076 if (bytes_left <
sizeof(
struct sctphdr)) {
1082 bytes_left -=
sizeof(
struct sctphdr);
1128 if (*passoc == NULL) {
1129 if (sctp_hdr->
v_tag == 0) {
1131 if (*passoc == NULL) {
1136 LIST_INIT(&((*passoc)->Gaddr));
1175 if ((*passoc == NULL) && (direction ==
SN_TO_LOCAL)) {
1193 if (*passoc == NULL) {
1195 if (*passoc == NULL) {
1200 LIST_INIT(&((*passoc)->Gaddr));
1227 bytes_left-= chunk_length;
1230 if (bytes_left == 0)
1247 if (*passoc == NULL)
1274#define SCTP_VTAG_PARAM 0xC007
1275 struct sctp_vtag_param {
1279 } __attribute__((packed));
1281 struct sctp_vtag_param *vtag_param;
1294 vtag_param = (
struct sctp_vtag_param *) param;
1295 switch (direction) {
1300 *g_vtag = vtag_param->local_vtag;
1301 *l_vtag = vtag_param->remote_vtag;
1304 *g_vtag = vtag_param->remote_vtag;
1305 *l_vtag = vtag_param->local_vtag;
1311 bytes_left -= param_size;
1319 logsctperror(
"Parameter parse limit exceeded (GetAsconfVtags)",
1347 int param_count, addr_param_count = 0;
1349 switch (direction) {
1355 g_addr = sm->
ip_hdr->ip_src;
1375 param_size = bytes_left+1;
1379 if (G_Addr == NULL) {
1381 logsctperror(
"AddGlobalIPAddress: No resources for adding global address - revert to no tracking",
1390 logsctperror(
"AddGlobalIPAddress: Address already in list",
1398 logsctperror(
"AddGlobalIPAddress: Maximum Number of addresses reached",
1411 if (G_Addr == NULL) {
1413 logsctperror(
"AddGlobalIPAddress: No resources for adding global address - revert to no tracking",
1425 logsctperror(
"AddGlobalIPAddress: Address already in list",
1432 logsctperror(
"AddGlobalIPAddress: Address already in list",
1437 bytes_left -= param_size;
1445 logsctperror(
"Parameter parse limit exceeded (AddGlobalIPAddress)",
1450 if (addr_param_count == 0) {
1452 logsctperror(
"AddGlobalIPAddress: no address parameters to add",
1474 first_G_Addr = LIST_FIRST(&(assoc->Gaddr));
1475 if (first_G_Addr == NULL) {
1476 LIST_INSERT_HEAD(&(assoc->Gaddr), G_addr, list_Gaddr);
1478 LIST_FOREACH(iter_G_Addr, &(assoc->Gaddr), list_Gaddr) {
1482 LIST_INSERT_AFTER(first_G_Addr, G_addr, list_Gaddr);
1515 g_addr = sm->
ip_hdr->ip_src;
1524 logsctperror(
"RmGlobalIPAddress: truncated packet - cannot remove IP addresses",
1534 LIST_FOREACH_SAFE(G_Addr, &(assoc->Gaddr), list_Gaddr, G_Addr_tmp) {
1537 LIST_REMOVE(G_Addr, list_Gaddr);
1542 logsctperror(
"RmGlobalIPAddress: Request to remove last IP address (didn't)",
1549 LIST_FOREACH_SAFE(G_Addr, &(assoc->Gaddr), list_Gaddr, G_Addr_tmp) {
1552 LIST_REMOVE(G_Addr, list_Gaddr);
1558 logsctperror(
"RmGlobalIPAddress: Request to remove last IP address (didn't)",
1565 bytes_left -= param_size;
1566 if (bytes_left == 0)
1570 logsctperror(
"RmGlobalIPAddress: truncated packet - may not have removed all IP addresses",
1579 logsctperror(
"Parameter parse limit exceeded (RmGlobalIPAddress)",
1619 if (param_size == 8)
1623 if (bytes_left < param_size)
1630 bytes_left -= param_size;
1637 if (bytes_left < param_size)
1642 logsctperror(
"Parameter parse limit exceeded (IsASCONFack)",
1675 if (bytes_left < param_size)
1684 bytes_left -= param_size;
1691 if (bytes_left < param_size)
1696 logsctperror(
"Parameter parse limit exceeded IsADDorDEL)",
1735 switch (assoc->
state) {
1737 rtnval =
ID_process(la, direction, assoc, sm);
1747 return (
UP_process(la, direction, assoc, sm));
1749 return (
CL_process(la, direction, assoc, sm));
1782 switch (direction) {
1845 switch (direction) {
1897 switch (direction) {
2038 LIST_FOREACH(assoc, &la->sctpTableLocal[i], list_L) {
2039 if ((assoc->
l_vtag == l_vtag) && (assoc->
l_port == l_port) && (assoc->
g_port == g_port)\
2042 LIST_FOREACH(G_Addr, &(assoc->Gaddr), list_Gaddr) {
2074 if (Cassoc->
g_vtag != 0) {
2076 LIST_FOREACH(assoc, &la->sctpTableGlobal[i], list_G) {
2079 LIST_FOREACH(G_AddrC, &(Cassoc->Gaddr), list_Gaddr) {
2080 LIST_FOREACH(G_Addr, &(assoc->Gaddr), list_Gaddr) {
2123 LIST_FOREACH(assoc, &la->sctpTableGlobal[i], list_G) {
2124 if ((assoc->
g_vtag == g_vtag) && (assoc->
g_port == g_port) && (assoc->
l_port == l_port)) {
2127 LIST_FOREACH(G_Addr, &(assoc->Gaddr), list_Gaddr) {
2164 LIST_FOREACH(assoc, &la->sctpTableGlobal[i], list_G) {
2165 if ((assoc->
g_vtag == l_vtag) && (assoc->
g_port == g_port) && (assoc->
l_port == l_port)) {
2167 LIST_FOREACH(G_Addr, &(assoc->Gaddr), list_Gaddr) {
2180 return (cnt ? lastmatch : NULL);
2206 LIST_FOREACH(assoc, &la->sctpTableLocal[i], list_L) {
2207 if ((assoc->
l_vtag == g_vtag) && (assoc->
l_port == l_port) && (assoc->
g_port == g_port)) {
2209 LIST_FOREACH(G_Addr, &(assoc->Gaddr), list_Gaddr) {
2254 if (found != NULL) {
2302 if (found != NULL) {
2348 if (assoc == NULL) {
2362 LIST_REMOVE(assoc, list_L);
2368 LIST_REMOVE(assoc, list_G);
2389 gaddr1 = LIST_FIRST(&(assoc->Gaddr));
2390 while (gaddr1 != NULL) {
2391 gaddr2 = LIST_NEXT(gaddr1, list_Gaddr);
2431 LIST_INSERT_HEAD(&la->
sctpNatTimer.TimerQ[add_loc], assoc, timer_Q);
2448 LIST_REMOVE(assoc, timer_Q);
2465 if (newexp < assoc->exp) {
2467 assoc->
exp = newexp;
2470 assoc->
exp = newexp;
2500 LIST_REMOVE(assoc, timer_Q);
2540 switch (direction) {
2551 SctpAliasLog(
"->%c %s (vt=%u) %d\n", dir, errormsg, ntohl(vtag), error);
2563 char *ploc, *pstate;
2564 switch (direction) {
2566 ploc =
"TO_LOCAL -";
2569 ploc =
"TO_GLOBAL -";
2588 pstate =
"ShutComp";
2594 pstate =
"AsconfAck";
2600 pstate =
"***ERROR***";
2616 char addrbuf[INET_ADDRSTRLEN];
2618 switch (assoc->
state) {
2641 SctpAliasLog(
"%sAssoc: %s exp=%u la=%s lv=%u lp=%u gv=%u gp=%u tbl=%d\n",
2647 LIST_FOREACH(G_Addr, &(assoc->Gaddr), list_Gaddr) {
2665 LIST_FOREACH(assoc, &la->sctpTableGlobal[i], list_G) {
2683 LIST_FOREACH(assoc, &la->sctpTableLocal[i], list_L) {
2696 static char buf[50];
2702 LIST_FOREACH(assoc, &la->
sctpNatTimer.TimerQ[i], timer_Q) {
2703 snprintf(buf, 50,
" l=%u ",i);
2724 va_start(ap, format);
2727 log(LOG_SECURITY | LOG_INFO,
"alias_sctp: %s", buffer);
2735 va_start(ap, format);
2736 vfprintf(stream, format, ap);
static SYSCTL_NODE(_net_inet_accf, OID_AUTO, http, CTLFLAG_RW|CTLFLAG_MPSAFE, 0, "HTTP accept filter")
#define LIBALIAS_BUF_SIZE
struct in_addr FindAliasAddress(struct libalias *la, struct in_addr original_addr)
struct in_addr FindSctpRedirectAddress(struct libalias *la, struct sctp_nat_msg *sm)
#define LIBALIAS_LOCK_ASSERT(l)
#define INET_NTOA_BUF(buf)
void DifferentialChecksum(u_short *_cksum, void *_new, void *_old, int _n)
static MALLOC_DEFINE(M_SCTPNAT, "sctpnat", "sctp nat dbs")
int SctpAlias(struct libalias *la, struct ip *pip, int direction)
Handles SCTP packets passed from libalias.
static uint32_t local_sctp_finalize_crc32(uint32_t crc32c)
Send an AbortM or ErrorM.
#define SCTP_NAT_TABLE_COLLISION
static int Add_Global_Address_to_List(struct sctp_nat_assoc *assoc, struct sctp_GlobalAddress *G_addr)
Add_Global_Address_to_List.
void AliasSctpTerm(struct libalias *la)
Cleans-up the SCTP NAT Implementation prior to unloading.
#define SCTP_MIDDLEBOX_FLAG
static void TxAbortErrorM(struct libalias *la, struct sctp_nat_msg *sm, struct sctp_nat_assoc *assoc, int sndrply, int direction)
void AliasSctpInit(struct libalias *la)
Initialises the SCTP NAT Implementation.
#define PKT_ALIAS_RESPOND
#define SN_PROCESSING_ERROR
SYSCTL_PROC(_net_inet_tcp_cc, OID_AUTO, algorithm, CTLFLAG_VNET|CTLTYPE_STRING|CTLFLAG_RW|CTLFLAG_MPSAFE, NULL, 0, cc_default_algo, "A", "Default congestion control algorithm")
SYSCTL_DECL(_net_inet_tcp_cc)
static struct sctp_nat_assoc * FindSctpGlobalClash(struct libalias *la, struct sctp_nat_assoc *Cassoc)
Check for Global Clash.
static struct sctp_nat_assoc * FindSctpLocalT(struct libalias *la, struct in_addr g_addr, uint32_t l_vtag, uint16_t g_port, uint16_t l_port)
Find the SCTP association for a T-Flag message (given the global port and local vtag)
static void RmSctpAssoc(struct libalias *la, struct sctp_nat_assoc *assoc)
Remove the sctp association information from the look up table.
static struct sctp_nat_assoc * FindSctpGlobalT(struct libalias *la, struct in_addr g_addr, uint32_t g_vtag, uint16_t l_port, uint16_t g_port)
Find the SCTP association for a T-Flag message (given the local port and global vtag)
#define SN_MAX_GLOBAL_ADDRESSES
#define SN_DEFAULT_HASH_SIZE
#define SN_TABLE_HASH(vtag, port, size)
static struct sctp_nat_assoc * FindSctpGlobal(struct libalias *la, struct in_addr g_addr, uint32_t g_vtag, uint16_t g_port, uint16_t l_port, int *partial_match)
Find the SCTP association given the global port and vtag.
static int AddSctpAssocGlobal(struct libalias *la, struct sctp_nat_assoc *assoc)
Add the sctp association information to the global look up table.
static int AddSctpAssocLocal(struct libalias *la, struct sctp_nat_assoc *assoc, struct in_addr g_addr)
Add the sctp association information to the local look up table.
static struct sctp_nat_assoc * FindSctpLocal(struct libalias *la, struct in_addr l_addr, struct in_addr g_addr, uint32_t l_vtag, uint16_t l_port, uint16_t g_port)
Find the SCTP association given the local address, port and vtag.
static void freeGlobalAddressList(struct sctp_nat_assoc *assoc)
free the Global Address List memory
static void logsctpassoc(struct sctp_nat_assoc *assoc, char *s)
Log an SCTP association's details.
static void logTimerQ(struct libalias *la)
Output timer queue to log.
#define SN_LOG(level, action)
static void logsctperror(char *errormsg, uint32_t vtag, int error, int direction)
Log sctp nat errors.
static void logsctpparse(int direction, struct sctp_nat_msg *sm)
Log what the parser parsed.
static void SctpAliasLog(const char *format,...)
Sctp NAT logging function.
static void logSctpLocal(struct libalias *la)
Output Local table to log.
static void logSctpGlobal(struct libalias *la)
Output Global table to log.
static void sctp_AddTimeOut(struct libalias *la, struct sctp_nat_assoc *assoc)
Add an association timeout to the timer queue.
static void sctp_ResetTimeOut(struct libalias *la, struct sctp_nat_assoc *assoc, int newexp)
Reset timer in timer queue.
static void sctp_RmTimeOut(struct libalias *la, struct sctp_nat_assoc *assoc)
Remove an association from timer queue.
#define SN_TIMER_QUEUE_SIZE
void sctp_CheckTimers(struct libalias *la)
Check timer Q against current time.
void SctpShowAliasStats(struct libalias *la)
Log current statistics for the libalias instance.
#define SN_VTAG_PARAM_SIZE
#define SN_PARSE_ERROR_PORT
#define SN_PARSE_ERROR_PARTIALLOOKUP
#define SN_SCTP_NEXTPARAM(param)
static int IsADDorDEL(struct libalias *la, struct sctp_nat_msg *sm, int direction)
Check to see if ASCONF contains an Add IP or Del IP parameter.
#define SN_PARSE_ERROR_LOOKUP
#define SN_PARSE_ERROR_CHHL
static int IsASCONFack(struct libalias *la, struct sctp_nat_msg *sm, int direction)
Check that ASCONF was successful.
#define SN_PARSE_ERROR_IPSHL
#define SN_MIN_CHUNK_SIZE
#define SN_SCTP_NEXTCHUNK(chunkhead)
static int GetAsconfVtags(struct libalias *la, struct sctp_nat_msg *sm, uint32_t *l_vtag, uint32_t *g_vtag, int direction)
Extract Vtags from Asconf Chunk.
#define SN_PARSE_ERROR_VTAG
#define SN_ASCONFACK_PARAM_SIZE
static void RmGlobalIPAddresses(struct sctp_nat_msg *sm, struct sctp_nat_assoc *assoc, int direction)
RmGlobalIPAddresses from DelIP packets.
static void AddGlobalIPAddresses(struct sctp_nat_msg *sm, struct sctp_nat_assoc *assoc, int direction)
AddGlobalIPAddresses from Init,InitAck,or AddIP packets.
#define SN_PARSE_ERROR_LOOKUP_ABORT
#define SN_PARSE_ERROR_AS_MALLOC
#define SN_SCTP_ASCONFACK
#define SN_MIN_PARAM_SIZE
#define SN_SCTP_FIRSTCHUNK(sctphead)
static int sctp_PktParser(struct libalias *la, int direction, struct ip *pip, struct sctp_nat_msg *sm, struct sctp_nat_assoc **passoc)
Parses SCTP packets for the key SCTP chunk that will be processed.
static int INi_process(struct libalias *la, int direction, struct sctp_nat_assoc *assoc, struct sctp_nat_msg *sm)
Process SCTP message while waiting for an INIT-ACK message.
static int ID_process(struct libalias *la, int direction, struct sctp_nat_assoc *assoc, struct sctp_nat_msg *sm)
Process SCTP message while in the Idle state.
static int ProcessSctpMsg(struct libalias *la, int direction, struct sctp_nat_msg *sm, struct sctp_nat_assoc *assoc)
Process SCTP message.
static int CL_process(struct libalias *la, int direction, struct sctp_nat_assoc *assoc, struct sctp_nat_msg *sm)
Process SCTP message while association is in the process of closing.
static int INa_process(struct libalias *la, int direction, struct sctp_nat_assoc *assoc, struct sctp_nat_msg *sm)
Process SCTP message while waiting for an AddIp-ACK message.
static int UP_process(struct libalias *la, int direction, struct sctp_nat_assoc *assoc, struct sctp_nat_msg *sm)
Process SCTP messages while association is UP redirecting packets.
int sysctl_chg_chunk_proc_limit(SYSCTL_HANDLER_ARGS)
sysctl callback for changing net.inet.ip.alias.sctp.chunk_proc_limit
static u_int sysctl_error_on_ootb
net.inet.ip.alias.sctp.error_on_ootb
static u_int sysctl_holddown_timer
net.inet.ip.alias.sctp.holddown_timer
static u_int sysctl_chunk_proc_limit
net.inet.ip.alias.sctp.param_proc_limit
static u_int sysctl_param_proc_limit
net.inet.ip.alias.sctp.param_proc_limit
static u_int sysctl_log_level
net.inet.ip.alias.sctp.log_level
int sysctl_chg_timer(SYSCTL_HANDLER_ARGS)
sysctl callback for changing net.inet.ip.fw.sctp.(init_timer|up_timer|shutdown_timer)
#define SN_LOCAL_ERROR_ON_OOTB
int sysctl_chg_accept_global_ootb_addip(SYSCTL_HANDLER_ARGS)
sysctl callback for changing net.inet.ip.alias.sctp.accept_global_ootb_addip
static u_int sysctl_up_timer
net.inet.ip.alias.sctp.up_timer
int sysctl_chg_track_global_addresses(SYSCTL_HANDLER_ARGS)
sysctl callback for changing net.inet.ip.alias.sctp.track_global_addresses
static u_int sysctl_track_global_addresses
net.inet.ip.alias.sctp.track_global_addresses
int sysctl_chg_error_on_ootb(SYSCTL_HANDLER_ARGS)
sysctl callback for changing net.inet.ip.alias.sctp.error_on_ootb
int sysctl_chg_loglevel(SYSCTL_HANDLER_ARGS)
sysctl callback for changing net.inet.ip.fw.sctp.log_level
#define SN_LOCALandPARTIAL_ERROR_ON_OOTB
int sysctl_chg_initialising_chunk_proc_limit(SYSCTL_HANDLER_ARGS)
sysctl callback for changing net.inet.ip.alias.sctp.initialising_chunk_proc_limit
static u_int sysctl_init_timer
net.inet.ip.alias.sctp.init_timer
int sysctl_chg_hashtable_size(SYSCTL_HANDLER_ARGS)
sysctl callback for changing net.inet.ip.alias.sctp.hashtable_size
static u_int sysctl_shutdown_timer
net.inet.ip.alias.sctp.shutdown_timer
int sysctl_chg_param_proc_limit(SYSCTL_HANDLER_ARGS)
sysctl callback for changing net.inet.ip.alias.sctp.param_proc_limit
static u_int sysctl_initialising_chunk_proc_limit
net.inet.ip.alias.sctp.initialising_chunk_proc_limit
static u_int sysctl_accept_global_ootb_addip
net.inet.ip.alias.sctp.accept_global_ootb_addip
static u_int sysctl_hashtable_size
net.inet.ip.alias.sctp.hashtable_size
char * inet_ntoa_r(struct in_addr ina, char *buf)
u_int in_cksum_hdr(const struct ip *ip)
#define SCTP_INITIATION_ACK
#define SCTP_OPERATION_ERROR
#define SCTP_SHUTDOWN_ACK
#define SCTP_SHUTDOWN_COMPLETE
#define SCTP_ABORT_ASSOCIATION
#define SCTP_ADD_IP_ADDRESS
#define SCTP_SUCCESS_REPORT
#define SCTP_DEL_IP_ADDRESS
#define SCTP_IPV4_ADDRESS
#define IS_SCTP_CONTROL(a)
struct in_addr ip_src ip_dst
struct sctp_nat_timer sctpNatTimer
struct sctp_ipv4addr_param addrp
sctp association information
union sctpChunkOfInt sctpchnk
struct sctphdr * sctp_hdr
struct sctp_init_ack * InitAck
struct sctp_paramhdr * Asconf