3 * Swinburne University of Technology, Melbourne, Australia.
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in the
12 * documentation and/or other materials provided with the distribution.
14 * THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS "AS IS" AND
15 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
16 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
17 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE
18 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
19 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
20 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
21 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
22 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
23 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
28 * Alias_sctp forms part of the libalias kernel module to handle
29 * Network Address Translation (NAT) for the SCTP protocol.
31 * This software was developed by David A. Hayes and Jason But
33 * The design is outlined in CAIA technical report number 080618A
34 * (D. Hayes and J. But, "Alias_sctp Version 0.1: SCTP NAT implementation in IPFW")
36 * Development is part of the CAIA SONATA project,
37 * proposed by Jason But and Grenville Armitage:
38 * http://caia.swin.edu.au/urp/sonata/
41 * This project has been made possible in part by a grant from
42 * the Cisco University Research Program Fund at Community
43 * Foundation Silicon Valley.
47 * Alias_sctp is part of the SONATA (http://caia.swin.edu.au/urp/sonata) project
48 * to develop and release a BSD licensed implementation of a Network Address
49 * Translation (NAT) module that supports the Stream Control Transmission
52 * Traditional address and port number look ups are inadequate for SCTP's
53 * operation due to both processing requirements and issues with multi-homing.
54 * Alias_sctp integrates with FreeBSD's ipfw/libalias NAT system.
56 * Version 0.2 features include:
57 * - Support for global multi-homing
58 * - Support for ASCONF modification from Internet Draft
59 * (draft-stewart-behave-sctpnat-04, R. Stewart and M. Tuexen, "Stream control
60 * transmission protocol (SCTP) network address translation," Jul. 2008) to
61 * provide support for multi-homed privately addressed hosts
62 * - Support for forwarding of T-flagged packets
63 * - Generation and delivery of AbortM/ErrorM packets upon detection of NAT
65 * - Per-port forwarding rules
66 * - Dynamically controllable logging and statistics
67 * - Dynamic management of timers
68 * - Dynamic control of hash-table size
74 #include <machine/stdarg.h>
75 #include <sys/param.h>
76 #include <sys/systm.h>
77 #include <sys/kernel.h>
78 #include <sys/module.h>
79 #include <sys/syslog.h>
80 #include <netinet/libalias/alias_sctp.h>
81 #include <netinet/libalias/alias.h>
82 #include <netinet/libalias/alias_local.h>
83 #include <netinet/sctp_crc32.h>
84 #include <machine/in_cksum.h>
86 #include "alias_sctp.h"
87 #include <arpa/inet.h>
89 #include "alias_local.h"
90 #include <machine/in_cksum.h>
91 #include <sys/libkern.h>
92 #endif //#ifdef _KERNEL
94 /* ----------------------------------------------------------------------
96 * ----------------------------------------------------------------------
98 /* Packet Parsing Functions */
99 static int sctp_PktParser(struct libalias *la, int direction, struct ip *pip,
100 struct sctp_nat_msg *sm, struct sctp_nat_assoc **passoc);
101 static int GetAsconfVtags(struct libalias *la, struct sctp_nat_msg *sm,
102 uint32_t *l_vtag, uint32_t *g_vtag, int direction);
103 static int IsASCONFack(struct libalias *la, struct sctp_nat_msg *sm, int direction);
105 static void AddGlobalIPAddresses(struct sctp_nat_msg *sm, struct sctp_nat_assoc *assoc, int direction);
106 static int Add_Global_Address_to_List(struct sctp_nat_assoc *assoc, struct sctp_GlobalAddress *G_addr);
107 static void RmGlobalIPAddresses(struct sctp_nat_msg *sm, struct sctp_nat_assoc *assoc, int direction);
108 static int IsADDorDEL(struct libalias *la, struct sctp_nat_msg *sm, int direction);
110 /* State Machine Functions */
111 static int ProcessSctpMsg(struct libalias *la, int direction, \
112 struct sctp_nat_msg *sm, struct sctp_nat_assoc *assoc);
114 static int ID_process(struct libalias *la, int direction,\
115 struct sctp_nat_assoc *assoc, struct sctp_nat_msg *sm);
116 static int INi_process(struct libalias *la, int direction,\
117 struct sctp_nat_assoc *assoc, struct sctp_nat_msg *sm);
118 static int INa_process(struct libalias *la, int direction,\
119 struct sctp_nat_assoc *assoc, struct sctp_nat_msg *sm);
120 static int UP_process(struct libalias *la, int direction,\
121 struct sctp_nat_assoc *assoc, struct sctp_nat_msg *sm);
122 static int CL_process(struct libalias *la, int direction,\
123 struct sctp_nat_assoc *assoc, struct sctp_nat_msg *sm);
124 static void TxAbortErrorM(struct libalias *la, struct sctp_nat_msg *sm,\
125 struct sctp_nat_assoc *assoc, int sndrply, int direction);
127 /* Hash Table Functions */
128 static struct sctp_nat_assoc*
129 FindSctpLocal(struct libalias *la, struct in_addr l_addr, struct in_addr g_addr, uint32_t l_vtag, uint16_t l_port, uint16_t g_port);
130 static struct sctp_nat_assoc*
131 FindSctpGlobal(struct libalias *la, struct in_addr g_addr, uint32_t g_vtag, uint16_t g_port, uint16_t l_port, int *partial_match);
132 static struct sctp_nat_assoc*
133 FindSctpGlobalClash(struct libalias *la, struct sctp_nat_assoc *Cassoc);
134 static struct sctp_nat_assoc*
135 FindSctpLocalT(struct libalias *la, struct in_addr g_addr, uint32_t l_vtag, uint16_t g_port, uint16_t l_port);
136 static struct sctp_nat_assoc*
137 FindSctpGlobalT(struct libalias *la, struct in_addr g_addr, uint32_t g_vtag, uint16_t l_port, uint16_t g_port);
139 static int AddSctpAssocLocal(struct libalias *la, struct sctp_nat_assoc *assoc, struct in_addr g_addr);
140 static int AddSctpAssocGlobal(struct libalias *la, struct sctp_nat_assoc *assoc);
141 static void RmSctpAssoc(struct libalias *la, struct sctp_nat_assoc *assoc);
142 static void freeGlobalAddressList(struct sctp_nat_assoc *assoc);
144 /* Timer Queue Functions */
145 static void sctp_AddTimeOut(struct libalias *la, struct sctp_nat_assoc *assoc);
146 static void sctp_RmTimeOut(struct libalias *la, struct sctp_nat_assoc *assoc);
147 static void sctp_ResetTimeOut(struct libalias *la, struct sctp_nat_assoc *assoc, int newexp);
148 void sctp_CheckTimers(struct libalias *la);
151 /* Logging Functions */
152 static void logsctperror(char* errormsg, uint32_t vtag, int error, int direction);
153 static void logsctpparse(int direction, struct sctp_nat_msg *sm);
154 static void logsctpassoc(struct sctp_nat_assoc *assoc, char *s);
155 static void logTimerQ(struct libalias *la);
156 static void logSctpGlobal(struct libalias *la);
157 static void logSctpLocal(struct libalias *la);
159 static void SctpAliasLog(const char *format, ...);
162 /** @defgroup external External code changes and modifications
164 * Some changes have been made to files external to alias_sctp.(c|h). These
165 * changes are primarily due to code needing to call static functions within
166 * those files or to perform extra functionality that can only be performed
167 * within these files.
169 /** @ingroup external
170 * @brief Log current statistics for the libalias instance
172 * This function is defined in alias_db.c, since it calls static functions in
175 * Calls the higher level ShowAliasStats() in alias_db.c which logs all current
176 * statistics about the libalias instance - including SCTP statistics
178 * @param la Pointer to the libalias instance
180 void SctpShowAliasStats(struct libalias *la);
184 static MALLOC_DEFINE(M_SCTPNAT, "sctpnat", "sctp nat dbs");
185 /* Use kernel allocator. */
186 #ifdef _SYS_MALLOC_H_
187 #define sn_malloc(x) malloc(x, M_SCTPNAT, M_NOWAIT|M_ZERO)
188 #define sn_calloc(n,x) sn_malloc(x * n)
189 #define sn_free(x) free(x, M_SCTPNAT)
190 #endif// #ifdef _SYS_MALLOC_H_
192 #else //#ifdef _KERNEL
193 #define sn_malloc(x) malloc(x)
194 #define sn_calloc(n, x) calloc(n, x)
195 #define sn_free(x) free(x)
197 #endif //#ifdef _KERNEL
199 /** @defgroup packet_parser SCTP Packet Parsing
202 * - Return pointers to the first and next SCTP chunks within an SCTP Packet
203 * - Define possible return values of the packet parsing process
204 * - SCTP message types for storing in the sctp_nat_msg structure @{
207 #define SN_SCTP_FIRSTCHUNK(sctphead) (struct sctp_chunkhdr *)(((char *)sctphead) + sizeof(struct sctphdr))
208 /**< Returns a pointer to the first chunk in an SCTP packet given a pointer to the SCTP header */
210 #define SN_SCTP_NEXTCHUNK(chunkhead) (struct sctp_chunkhdr *)(((char *)chunkhead) + SCTP_SIZE32(ntohs(chunkhead->chunk_length)))
211 /**< Returns a pointer to the next chunk in an SCTP packet given a pointer to the current chunk */
213 #define SN_SCTP_NEXTPARAM(param) (struct sctp_paramhdr *)(((char *)param) + SCTP_SIZE32(ntohs(param->param_length)))
214 /**< Returns a pointer to the next parameter in an SCTP packet given a pointer to the current parameter */
216 #define SN_MIN_CHUNK_SIZE 4 /**< Smallest possible SCTP chunk size in bytes */
217 #define SN_MIN_PARAM_SIZE 4 /**< Smallest possible SCTP param size in bytes */
218 #define SN_VTAG_PARAM_SIZE 12 /**< Size of SCTP ASCONF vtag param in bytes */
219 #define SN_ASCONFACK_PARAM_SIZE 8 /**< Size of SCTP ASCONF ACK param in bytes */
221 /* Packet parsing return codes */
222 #define SN_PARSE_OK 0 /**< Packet parsed for SCTP messages */
223 #define SN_PARSE_ERROR_IPSHL 1 /**< Packet parsing error - IP and SCTP common header len */
224 #define SN_PARSE_ERROR_AS_MALLOC 2 /**< Packet parsing error - assoc malloc */
225 #define SN_PARSE_ERROR_CHHL 3 /**< Packet parsing error - Chunk header len */
226 #define SN_PARSE_ERROR_DIR 4 /**< Packet parsing error - Direction */
227 #define SN_PARSE_ERROR_VTAG 5 /**< Packet parsing error - Vtag */
228 #define SN_PARSE_ERROR_CHUNK 6 /**< Packet parsing error - Chunk */
229 #define SN_PARSE_ERROR_PORT 7 /**< Packet parsing error - Port=0 */
230 #define SN_PARSE_ERROR_LOOKUP 8 /**< Packet parsing error - Lookup */
231 #define SN_PARSE_ERROR_PARTIALLOOKUP 9 /**< Packet parsing error - partial lookup only found */
232 #define SN_PARSE_ERROR_LOOKUP_ABORT 10 /**< Packet parsing error - Lookup - but abort packet */
234 /* Alias_sctp performs its processing based on a number of key messages */
235 #define SN_SCTP_ABORT 0x0000 /**< a packet containing an ABORT chunk */
236 #define SN_SCTP_INIT 0x0001 /**< a packet containing an INIT chunk */
237 #define SN_SCTP_INITACK 0x0002 /**< a packet containing an INIT-ACK chunk */
238 #define SN_SCTP_SHUTCOMP 0x0010 /**< a packet containing a SHUTDOWN-COMPLETE chunk */
239 #define SN_SCTP_SHUTACK 0x0020 /**< a packet containing a SHUTDOWN-ACK chunk */
240 #define SN_SCTP_ASCONF 0x0100 /**< a packet containing an ASCONF chunk */
241 #define SN_SCTP_ASCONFACK 0x0200 /**< a packet containing an ASCONF-ACK chunk */
242 #define SN_SCTP_OTHER 0xFFFF /**< a packet containing a chunk that is not of interest */
245 * @defgroup state_machine SCTP NAT State Machine
247 * Defines the various states an association can be within the NAT @{
249 #define SN_ID 0x0000 /**< Idle state */
250 #define SN_INi 0x0010 /**< Initialising, waiting for InitAck state */
251 #define SN_INa 0x0020 /**< Initialising, waiting for AddIpAck state */
252 #define SN_UP 0x0100 /**< Association in UP state */
253 #define SN_CL 0x1000 /**< Closing state */
254 #define SN_RM 0x2000 /**< Removing state */
257 * @defgroup Logging Logging Functionality
259 * Define various log levels and a macro to call specified log functions only if
260 * the current log level (sysctl_log_level) matches the specified level @{
263 #define SN_LOG_EVENT 1
264 #define SN_LOG_INFO 2
265 #define SN_LOG_DETAIL 3
266 #define SN_LOG_DEBUG 4
267 #define SN_LOG_DEBUG_MAX 5
269 #define SN_LOG(level, action) if (sysctl_log_level >= level) { action; } /**< Perform log action ONLY if the current log level meets the specified log level */
272 * @defgroup Hash Hash Table Macros and Functions
274 * Defines minimum/maximum/default values for the hash table size @{
276 #define SN_MIN_HASH_SIZE 101 /**< Minimum hash table size (set to stop users choosing stupid values) */
277 #define SN_MAX_HASH_SIZE 1000001 /**< Maximum hash table size (NB must be less than max int) */
278 #define SN_DEFAULT_HASH_SIZE 2003 /**< A reasonable default size for the hash tables */
280 #define SN_LOCAL_TBL 0x01 /**< assoc in local table */
281 #define SN_GLOBAL_TBL 0x02 /**< assoc in global table */
282 #define SN_BOTH_TBL 0x03 /**< assoc in both tables */
283 #define SN_WAIT_TOLOCAL 0x10 /**< assoc waiting for TOLOCAL asconf ACK*/
284 #define SN_WAIT_TOGLOBAL 0x20 /**< assoc waiting for TOLOCAL asconf ACK*/
285 #define SN_NULL_TBL 0x00 /**< assoc in No table */
286 #define SN_MAX_GLOBAL_ADDRESSES 100 /**< absolute maximum global address count*/
288 #define SN_ADD_OK 0 /**< Association added to the table */
289 #define SN_ADD_CLASH 1 /**< Clash when trying to add the assoc. info to the table */
291 #define SN_TABLE_HASH(vtag, port, size) (((u_int) vtag + (u_int) port) % (u_int) size) /**< Calculate the hash table lookup position */
294 * @defgroup Timer Timer Queue Macros and Functions
296 * Timer macros set minimum/maximum timeout values and calculate timer expiry
297 * times for the provided libalias instance @{
299 #define SN_MIN_TIMER 1
300 #define SN_MAX_TIMER 600
301 #define SN_TIMER_QUEUE_SIZE SN_MAX_TIMER+2
303 #define SN_I_T(la) (la->timeStamp + sysctl_init_timer) /**< INIT State expiration time in seconds */
304 #define SN_U_T(la) (la->timeStamp + sysctl_up_timer) /**< UP State expiration time in seconds */
305 #define SN_C_T(la) (la->timeStamp + sysctl_shutdown_timer) /**< CL State expiration time in seconds */
306 #define SN_X_T(la) (la->timeStamp + sysctl_holddown_timer) /**< Wait after a shutdown complete in seconds */
309 * @defgroup sysctl SysCtl Variable and callback function declarations
311 * Sysctl variables to modify NAT functionality in real-time along with associated functions
312 * to manage modifications to the sysctl variables @{
316 int sysctl_chg_loglevel(SYSCTL_HANDLER_ARGS);
317 int sysctl_chg_timer(SYSCTL_HANDLER_ARGS);
318 int sysctl_chg_hashtable_size(SYSCTL_HANDLER_ARGS);
319 int sysctl_chg_error_on_ootb(SYSCTL_HANDLER_ARGS);
320 int sysctl_chg_accept_global_ootb_addip(SYSCTL_HANDLER_ARGS);
321 int sysctl_chg_initialising_chunk_proc_limit(SYSCTL_HANDLER_ARGS);
322 int sysctl_chg_chunk_proc_limit(SYSCTL_HANDLER_ARGS);
323 int sysctl_chg_param_proc_limit(SYSCTL_HANDLER_ARGS);
324 int sysctl_chg_track_global_addresses(SYSCTL_HANDLER_ARGS);
326 /* Sysctl variables */
327 /** @brief net.inet.ip.alias.sctp.log_level */
328 static u_int sysctl_log_level = 0; /**< Stores the current level of logging */
329 /** @brief net.inet.ip.alias.sctp.init_timer */
330 static u_int sysctl_init_timer = 15; /**< Seconds to hold an association in the table waiting for an INIT-ACK or AddIP-ACK */
331 /** @brief net.inet.ip.alias.sctp.up_timer */
332 static u_int sysctl_up_timer = 300; /**< Seconds to hold an association in the table while no packets are transmitted */
333 /** @brief net.inet.ip.alias.sctp.shutdown_timer */
334 static u_int sysctl_shutdown_timer = 15; /**< Seconds to hold an association in the table waiting for a SHUTDOWN-COMPLETE */
335 /** @brief net.inet.ip.alias.sctp.holddown_timer */
336 static u_int sysctl_holddown_timer = 0; /**< Seconds to hold an association in the table after it has been shutdown (to allow for lost SHUTDOWN-COMPLETEs) */
337 /** @brief net.inet.ip.alias.sctp.hashtable_size */
338 static u_int sysctl_hashtable_size = SN_DEFAULT_HASH_SIZE; /**< Sets the hash table size for any NEW NAT instances (existing instances retain their existing Hash Table */
339 /** @brief net.inet.ip.alias.sctp.error_on_ootb */
340 static u_int sysctl_error_on_ootb = 1; /**< NAT response to receipt of OOTB packet
341 (0 - No response, 1 - NAT will send ErrorM only to local side,
342 2 - NAT will send local ErrorM and global ErrorM if there was a partial association match
343 3 - NAT will send ErrorM to both local and global) */
344 /** @brief net.inet.ip.alias.sctp.accept_global_ootb_addip */
345 static u_int sysctl_accept_global_ootb_addip = 0; /**<NAT responset to receipt of global OOTB AddIP (0 - No response, 1 - NAT will accept OOTB global AddIP messages for processing (Security risk)) */
346 /** @brief net.inet.ip.alias.sctp.initialising_chunk_proc_limit */
347 static u_int sysctl_initialising_chunk_proc_limit = 2; /**< A limit on the number of chunks that should be searched if there is no matching association (DoS prevention) */
348 /** @brief net.inet.ip.alias.sctp.param_proc_limit */
349 static u_int sysctl_chunk_proc_limit = 5; /**< A limit on the number of chunks that should be searched (DoS prevention) */
350 /** @brief net.inet.ip.alias.sctp.param_proc_limit */
351 static u_int sysctl_param_proc_limit = 25; /**< A limit on the number of parameters (in chunks) that should be searched (DoS prevention) */
352 /** @brief net.inet.ip.alias.sctp.track_global_addresses */
353 static u_int sysctl_track_global_addresses = 0; /**< Configures the global address tracking option within the NAT (0 - Global tracking is disabled, > 0 - enables tracking but limits the number of global IP addresses to this value)
354 If set to >=1 the NAT will track that many global IP addresses. This may reduce look up table conflicts, but increases processing */
356 #define SN_NO_ERROR_ON_OOTB 0 /**< Send no errorM on out of the blue packets */
357 #define SN_LOCAL_ERROR_ON_OOTB 1 /**< Send only local errorM on out of the blue packets */
358 #define SN_LOCALandPARTIAL_ERROR_ON_OOTB 2 /**< Send local errorM and global errorM for out of the blue packets only if partial match found */
359 #define SN_ERROR_ON_OOTB 3 /**< Send errorM on out of the blue packets */
363 SYSCTL_DECL(_net_inet);
364 SYSCTL_DECL(_net_inet_ip);
365 SYSCTL_DECL(_net_inet_ip_alias);
367 static SYSCTL_NODE(_net_inet_ip_alias, OID_AUTO, sctp, CTLFLAG_RW, NULL,
369 SYSCTL_PROC(_net_inet_ip_alias_sctp, OID_AUTO, log_level, CTLTYPE_UINT | CTLFLAG_RW,
370 &sysctl_log_level, 0, sysctl_chg_loglevel, "IU",
371 "Level of detail (0 - default, 1 - event, 2 - info, 3 - detail, 4 - debug, 5 - max debug)");
372 SYSCTL_PROC(_net_inet_ip_alias_sctp, OID_AUTO, init_timer, CTLTYPE_UINT | CTLFLAG_RW,
373 &sysctl_init_timer, 0, sysctl_chg_timer, "IU",
374 "Timeout value (s) while waiting for (INIT-ACK|AddIP-ACK)");
375 SYSCTL_PROC(_net_inet_ip_alias_sctp, OID_AUTO, up_timer, CTLTYPE_UINT | CTLFLAG_RW,
376 &sysctl_up_timer, 0, sysctl_chg_timer, "IU",
377 "Timeout value (s) to keep an association up with no traffic");
378 SYSCTL_PROC(_net_inet_ip_alias_sctp, OID_AUTO, shutdown_timer, CTLTYPE_UINT | CTLFLAG_RW,
379 &sysctl_shutdown_timer, 0, sysctl_chg_timer, "IU",
380 "Timeout value (s) while waiting for SHUTDOWN-COMPLETE");
381 SYSCTL_PROC(_net_inet_ip_alias_sctp, OID_AUTO, holddown_timer, CTLTYPE_UINT | CTLFLAG_RW,
382 &sysctl_holddown_timer, 0, sysctl_chg_timer, "IU",
383 "Hold association in table for this many seconds after receiving a SHUTDOWN-COMPLETE");
384 SYSCTL_PROC(_net_inet_ip_alias_sctp, OID_AUTO, hashtable_size, CTLTYPE_UINT | CTLFLAG_RW,
385 &sysctl_hashtable_size, 0, sysctl_chg_hashtable_size, "IU",
386 "Size of hash tables used for NAT lookups (100 < prime_number > 1000001)");
387 SYSCTL_PROC(_net_inet_ip_alias_sctp, OID_AUTO, error_on_ootb, CTLTYPE_UINT | CTLFLAG_RW,
388 &sysctl_error_on_ootb, 0, sysctl_chg_error_on_ootb, "IU",
389 "ErrorM sent on receipt of ootb packet:\n\t0 - none,\n\t1 - to local only,\n\t2 - to local and global if a partial association match,\n\t3 - to local and global (DoS risk)");
390 SYSCTL_PROC(_net_inet_ip_alias_sctp, OID_AUTO, accept_global_ootb_addip, CTLTYPE_UINT | CTLFLAG_RW,
391 &sysctl_accept_global_ootb_addip, 0, sysctl_chg_accept_global_ootb_addip, "IU",
392 "NAT response to receipt of global OOTB AddIP:\n\t0 - No response,\n\t1 - NAT will accept OOTB global AddIP messages for processing (Security risk)");
393 SYSCTL_PROC(_net_inet_ip_alias_sctp, OID_AUTO, initialising_chunk_proc_limit, CTLTYPE_UINT | CTLFLAG_RW,
394 &sysctl_initialising_chunk_proc_limit, 0, sysctl_chg_initialising_chunk_proc_limit, "IU",
395 "Number of chunks that should be processed if there is no current association found:\n\t > 0 (A high value is a DoS risk)");
396 SYSCTL_PROC(_net_inet_ip_alias_sctp, OID_AUTO, chunk_proc_limit, CTLTYPE_UINT | CTLFLAG_RW,
397 &sysctl_chunk_proc_limit, 0, sysctl_chg_chunk_proc_limit, "IU",
398 "Number of chunks that should be processed to find key chunk:\n\t>= initialising_chunk_proc_limit (A high value is a DoS risk)");
399 SYSCTL_PROC(_net_inet_ip_alias_sctp, OID_AUTO, param_proc_limit, CTLTYPE_UINT | CTLFLAG_RW,
400 &sysctl_param_proc_limit, 0, sysctl_chg_param_proc_limit, "IU",
401 "Number of parameters (in a chunk) that should be processed to find key parameters:\n\t> 1 (A high value is a DoS risk)");
402 SYSCTL_PROC(_net_inet_ip_alias_sctp, OID_AUTO, track_global_addresses, CTLTYPE_UINT | CTLFLAG_RW,
403 &sysctl_track_global_addresses, 0, sysctl_chg_track_global_addresses, "IU",
404 "Configures the global address tracking option within the NAT:\n\t0 - Global tracking is disabled,\n\t> 0 - enables tracking but limits the number of global IP addresses to this value");
406 #endif /* SYSCTL_NODE */
410 * @brief sysctl callback for changing net.inet.ip.fw.sctp.log_level
412 * Updates the variable sysctl_log_level to the provided value and ensures
413 * it is in the valid range (SN_LOG_LOW -> SN_LOG_DEBUG)
415 int sysctl_chg_loglevel(SYSCTL_HANDLER_ARGS)
417 u_int level = *(u_int *)arg1;
420 error = sysctl_handle_int(oidp, &level, 0, req);
421 if (error) return (error);
423 sysctl_log_level = (level > SN_LOG_DEBUG_MAX)?(SN_LOG_DEBUG_MAX):(level);
424 sysctl_log_level = (level < SN_LOG_LOW)?(SN_LOG_LOW):(level);
430 * @brief sysctl callback for changing net.inet.ip.fw.sctp.(init_timer|up_timer|shutdown_timer)
432 * Updates the timer-based sysctl variables. The new values are sanity-checked
433 * to make sure that they are within the range SN_MIN_TIMER-SN_MAX_TIMER. The
434 * holddown timer is allowed to be 0
436 int sysctl_chg_timer(SYSCTL_HANDLER_ARGS)
438 u_int timer = *(u_int *)arg1;
441 error = sysctl_handle_int(oidp, &timer, 0, req);
442 if (error) return (error);
444 timer = (timer > SN_MAX_TIMER)?(SN_MAX_TIMER):(timer);
446 if (((u_int *)arg1) != &sysctl_holddown_timer)
448 timer = (timer < SN_MIN_TIMER)?(SN_MIN_TIMER):(timer);
451 *(u_int *)arg1 = timer;
457 * @brief sysctl callback for changing net.inet.ip.alias.sctp.hashtable_size
459 * Updates the hashtable_size sysctl variable. The new value should be a prime
460 * number. We sanity check to ensure that the size is within the range
461 * SN_MIN_HASH_SIZE-SN_MAX_HASH_SIZE. We then check the provided number to see
462 * if it is prime. We approximate by checking that (2,3,5,7,11) are not factors,
463 * incrementing the user provided value until we find a suitable number.
465 int sysctl_chg_hashtable_size(SYSCTL_HANDLER_ARGS)
467 u_int size = *(u_int *)arg1;
470 error = sysctl_handle_int(oidp, &size, 0, req);
471 if (error) return (error);
473 size = (size < SN_MIN_HASH_SIZE)?(SN_MIN_HASH_SIZE):((size > SN_MAX_HASH_SIZE)?(SN_MAX_HASH_SIZE):(size));
475 size |= 0x00000001; /* make odd */
477 for(;(((size % 3) == 0) || ((size % 5) == 0) || ((size % 7) == 0) || ((size % 11) == 0)); size+=2);
478 sysctl_hashtable_size = size;
484 * @brief sysctl callback for changing net.inet.ip.alias.sctp.error_on_ootb
486 * Updates the error_on_clash sysctl variable.
487 * If set to 0, no ErrorM will be sent if there is a look up table clash
488 * If set to 1, an ErrorM is sent only to the local side
489 * If set to 2, an ErrorM is sent to the local side and global side if there is
490 * a partial association match
491 * If set to 3, an ErrorM is sent to both local and global sides (DoS) risk.
493 int sysctl_chg_error_on_ootb(SYSCTL_HANDLER_ARGS)
495 u_int flag = *(u_int *)arg1;
498 error = sysctl_handle_int(oidp, &flag, 0, req);
499 if (error) return (error);
501 sysctl_error_on_ootb = (flag > SN_ERROR_ON_OOTB) ? SN_ERROR_ON_OOTB: flag;
507 * @brief sysctl callback for changing net.inet.ip.alias.sctp.accept_global_ootb_addip
509 * If set to 1 the NAT will accept ootb global addip messages for processing (Security risk)
510 * Default is 0, only responding to local ootb AddIP messages
512 int sysctl_chg_accept_global_ootb_addip(SYSCTL_HANDLER_ARGS)
514 u_int flag = *(u_int *)arg1;
517 error = sysctl_handle_int(oidp, &flag, 0, req);
518 if (error) return (error);
520 sysctl_accept_global_ootb_addip = (flag == 1) ? 1: 0;
526 * @brief sysctl callback for changing net.inet.ip.alias.sctp.initialising_chunk_proc_limit
528 * Updates the initialising_chunk_proc_limit sysctl variable. Number of chunks
529 * that should be processed if there is no current association found: > 0 (A
530 * high value is a DoS risk)
532 int sysctl_chg_initialising_chunk_proc_limit(SYSCTL_HANDLER_ARGS)
534 u_int proclimit = *(u_int *)arg1;
537 error = sysctl_handle_int(oidp, &proclimit, 0, req);
538 if (error) return (error);
540 sysctl_initialising_chunk_proc_limit = (proclimit < 1) ? 1: proclimit;
541 sysctl_chunk_proc_limit =
542 (sysctl_chunk_proc_limit < sysctl_initialising_chunk_proc_limit) ? sysctl_initialising_chunk_proc_limit : sysctl_chunk_proc_limit;
548 * @brief sysctl callback for changing net.inet.ip.alias.sctp.chunk_proc_limit
550 * Updates the chunk_proc_limit sysctl variable.
551 * Number of chunks that should be processed to find key chunk:
552 * >= initialising_chunk_proc_limit (A high value is a DoS risk)
554 int sysctl_chg_chunk_proc_limit(SYSCTL_HANDLER_ARGS)
556 u_int proclimit = *(u_int *)arg1;
559 error = sysctl_handle_int(oidp, &proclimit, 0, req);
560 if (error) return (error);
562 sysctl_chunk_proc_limit =
563 (proclimit < sysctl_initialising_chunk_proc_limit) ? sysctl_initialising_chunk_proc_limit : proclimit;
570 * @brief sysctl callback for changing net.inet.ip.alias.sctp.param_proc_limit
572 * Updates the param_proc_limit sysctl variable.
573 * Number of parameters that should be processed to find key parameters:
574 * > 1 (A high value is a DoS risk)
576 int sysctl_chg_param_proc_limit(SYSCTL_HANDLER_ARGS)
578 u_int proclimit = *(u_int *)arg1;
581 error = sysctl_handle_int(oidp, &proclimit, 0, req);
582 if (error) return (error);
584 sysctl_param_proc_limit =
585 (proclimit < 2) ? 2 : proclimit;
591 * @brief sysctl callback for changing net.inet.ip.alias.sctp.track_global_addresses
593 *Configures the global address tracking option within the NAT (0 - Global
594 *tracking is disabled, > 0 - enables tracking but limits the number of global
595 *IP addresses to this value)
597 int sysctl_chg_track_global_addresses(SYSCTL_HANDLER_ARGS)
599 u_int num_to_track = *(u_int *)arg1;
602 error = sysctl_handle_int(oidp, &num_to_track, 0, req);
603 if (error) return (error);
605 sysctl_track_global_addresses = (num_to_track > SN_MAX_GLOBAL_ADDRESSES) ? SN_MAX_GLOBAL_ADDRESSES : num_to_track;
611 /* ----------------------------------------------------------------------
613 * ----------------------------------------------------------------------
616 * @brief Initialises the SCTP NAT Implementation
618 * Creates the look-up tables and the timer queue and initialises all state
621 * @param la Pointer to the relevant libalias instance
623 void AliasSctpInit(struct libalias *la)
625 /* Initialise association tables*/
627 la->sctpNatTableSize = sysctl_hashtable_size;
629 SctpAliasLog("Initialising SCTP NAT Instance (hash_table_size:%d)\n", la->sctpNatTableSize));
630 la->sctpTableLocal = sn_calloc(la->sctpNatTableSize, sizeof(struct sctpNatTableL));
631 la->sctpTableGlobal = sn_calloc(la->sctpNatTableSize, sizeof(struct sctpNatTableG));
632 la->sctpNatTimer.TimerQ = sn_calloc(SN_TIMER_QUEUE_SIZE, sizeof(struct sctpTimerQ));
633 /* Initialise hash table */
634 for (i = 0; i < la->sctpNatTableSize; i++) {
635 LIST_INIT(&la->sctpTableLocal[i]);
636 LIST_INIT(&la->sctpTableGlobal[i]);
639 /* Initialise circular timer Q*/
640 for (i = 0; i < SN_TIMER_QUEUE_SIZE; i++)
641 LIST_INIT(&la->sctpNatTimer.TimerQ[i]);
643 la->sctpNatTimer.loc_time=time_uptime; /* la->timeStamp is not set yet */
645 la->sctpNatTimer.loc_time=la->timeStamp;
647 la->sctpNatTimer.cur_loc = 0;
648 la->sctpLinkCount = 0;
652 * @brief Cleans-up the SCTP NAT Implementation prior to unloading
654 * Removes all entries from the timer queue, freeing associations as it goes.
655 * We then free memory allocated to the look-up tables and the time queue
657 * NOTE: We do not need to traverse the look-up tables as each association
658 * will always have an entry in the timer queue, freeing this memory
659 * once will free all memory allocated to entries in the look-up tables
661 * @param la Pointer to the relevant libalias instance
663 void AliasSctpTerm(struct libalias *la)
665 struct sctp_nat_assoc *assoc1, *assoc2;
668 LIBALIAS_LOCK_ASSERT(la);
670 SctpAliasLog("Removing SCTP NAT Instance\n"));
671 for (i = 0; i < SN_TIMER_QUEUE_SIZE; i++) {
672 assoc1 = LIST_FIRST(&la->sctpNatTimer.TimerQ[i]);
673 while (assoc1 != NULL) {
674 freeGlobalAddressList(assoc1);
675 assoc2 = LIST_NEXT(assoc1, timer_Q);
681 sn_free(la->sctpTableLocal);
682 sn_free(la->sctpTableGlobal);
683 sn_free(la->sctpNatTimer.TimerQ);
687 * @brief Handles SCTP packets passed from libalias
689 * This function needs to actually NAT/drop packets and possibly create and
690 * send AbortM or ErrorM packets in response. The process involves:
691 * - Validating the direction parameter passed by the caller
692 * - Checking and handling any expired timers for the NAT
693 * - Calling sctp_PktParser() to parse the packet
694 * - Call ProcessSctpMsg() to decide the appropriate outcome and to update
696 * - Based on the return code either:
698 * - Construct and send an ErrorM|AbortM packet
699 * - Mark the association for removal from the tables
700 * - Potentially remove the association from all lookup tables
701 * - Return the appropriate result to libalias
703 * @param la Pointer to the relevant libalias instance
704 * @param pip Pointer to IP packet to process
705 * @param direction SN_TO_LOCAL | SN_TO_GLOBAL
707 * @return PKT_ALIAS_OK | PKT_ALIAS_IGNORE | PKT_ALIAS_ERROR
710 SctpAlias(struct libalias *la, struct ip *pip, int direction)
713 struct sctp_nat_msg msg;
714 struct sctp_nat_assoc *assoc = NULL;
716 if ((direction != SN_TO_LOCAL) && (direction != SN_TO_GLOBAL)) {
717 SctpAliasLog("ERROR: Invalid direction\n");
718 return(PKT_ALIAS_ERROR);
721 sctp_CheckTimers(la); /* Check timers */
723 /* Parse the packet */
724 rtnval = sctp_PktParser(la, direction, pip, &msg, &assoc); //using *char (change to mbuf when get code from paolo)
728 case SN_PARSE_ERROR_CHHL:
729 /* Not an error if there is a chunk length parsing error and this is a fragmented packet */
730 if (ntohs(pip->ip_off) & IP_MF) {
731 rtnval = SN_PARSE_OK;
735 logsctperror("SN_PARSE_ERROR", msg.sctp_hdr->v_tag, rtnval, direction));
736 return(PKT_ALIAS_ERROR);
737 case SN_PARSE_ERROR_PARTIALLOOKUP:
738 if (sysctl_error_on_ootb > SN_LOCALandPARTIAL_ERROR_ON_OOTB) {
740 logsctperror("SN_PARSE_ERROR", msg.sctp_hdr->v_tag, rtnval, direction));
741 return(PKT_ALIAS_ERROR);
743 case SN_PARSE_ERROR_LOOKUP:
744 if (sysctl_error_on_ootb == SN_ERROR_ON_OOTB ||
745 (sysctl_error_on_ootb == SN_LOCALandPARTIAL_ERROR_ON_OOTB && direction == SN_TO_LOCAL) ||
746 (sysctl_error_on_ootb == SN_LOCAL_ERROR_ON_OOTB && direction == SN_TO_GLOBAL)) {
747 TxAbortErrorM(la, &msg, assoc, SN_REFLECT_ERROR, direction); /*NB assoc=NULL */
748 return(PKT_ALIAS_RESPOND);
752 logsctperror("SN_PARSE_ERROR", msg.sctp_hdr->v_tag, rtnval, direction));
753 return(PKT_ALIAS_ERROR);
756 SN_LOG(SN_LOG_DETAIL,
757 logsctpassoc(assoc, "*");
758 logsctpparse(direction, &msg);
761 /* Process the SCTP message */
762 rtnval = ProcessSctpMsg(la, direction, &msg, assoc);
764 SN_LOG(SN_LOG_DEBUG_MAX,
765 logsctpassoc(assoc, "-");
769 SN_LOG(SN_LOG_DEBUG, logTimerQ(la));
775 DifferentialChecksum(&(msg.ip_hdr->ip_sum),
776 &(assoc->l_addr), &(msg.ip_hdr->ip_dst), 2);
777 msg.ip_hdr->ip_dst = assoc->l_addr; /* change dst address to local address*/
780 DifferentialChecksum(&(msg.ip_hdr->ip_sum),
781 &(assoc->a_addr), &(msg.ip_hdr->ip_src), 2);
782 msg.ip_hdr->ip_src = assoc->a_addr; /* change src to alias addr*/
785 rtnval = SN_DROP_PKT; /* shouldn't get here, but if it does drop packet */
786 SN_LOG(SN_LOG_LOW, logsctperror("ERROR: Invalid direction", msg.sctp_hdr->v_tag, rtnval, direction));
791 SN_LOG(SN_LOG_DETAIL, logsctperror("SN_DROP_PKT", msg.sctp_hdr->v_tag, rtnval, direction));
796 TxAbortErrorM(la, &msg, assoc, rtnval, direction);
799 // big error, remove association and go to idle and write log messages
800 SN_LOG(SN_LOG_LOW, logsctperror("SN_PROCESSING_ERROR", msg.sctp_hdr->v_tag, rtnval, direction));
801 assoc->state=SN_RM;/* Mark for removal*/
805 /* Remove association if tagged for removal */
806 if (assoc->state == SN_RM) {
807 if (assoc->TableRegister) {
808 sctp_RmTimeOut(la, assoc);
809 RmSctpAssoc(la, assoc);
811 LIBALIAS_LOCK_ASSERT(la);
812 freeGlobalAddressList(assoc);
817 return(PKT_ALIAS_OK);
819 return(PKT_ALIAS_OK);
822 case SN_REFLECT_ERROR:
823 return(PKT_ALIAS_RESPOND);
826 return(PKT_ALIAS_ERROR);
831 * @brief Send an AbortM or ErrorM
833 * We construct the new SCTP packet to send in place of the existing packet we
834 * have been asked to NAT. This function can only be called if the original
835 * packet was successfully parsed as a valid SCTP packet.
837 * An AbortM (without cause) packet is the smallest SCTP packet available and as
838 * such there is always space in the existing packet buffer to fit the AbortM
839 * packet. An ErrorM packet is 4 bytes longer than the (the error cause is not
840 * optional). An ErrorM is sent in response to an AddIP when the Vtag/address
841 * combination, if added, will produce a conflict in the association look up
842 * tables. It may also be used for an unexpected packet - a packet with no
843 * matching association in the NAT table and we are requesting an AddIP so we
844 * can add it. The smallest valid SCTP packet while the association is in an
845 * up-state is a Heartbeat packet, which is big enough to be transformed to an
848 * We create a temporary character array to store the packet as we are constructing
849 * it. We then populate the array with appropriate values based on:
850 * - Packet type (AbortM | ErrorM)
851 * - Initial packet direction (SN_TO_LOCAL | SN_TO_GLOBAL)
852 * - NAT response (Send packet | Reply packet)
854 * Once complete, we copy the contents of the temporary packet over the original
855 * SCTP packet we were asked to NAT
857 * @param la Pointer to the relevant libalias instance
858 * @param sm Pointer to sctp message information
859 * @param assoc Pointer to current association details
860 * @param sndrply SN_SEND_ABORT | SN_REPLY_ABORT | SN_REPLY_ERROR
861 * @param direction SN_TO_LOCAL | SN_TO_GLOBAL
864 local_sctp_finalize_crc32(uint32_t crc32c)
866 /* This routine is duplicated from SCTP
867 * we need to do that since it MAY be that SCTP
868 * is NOT compiled into the kernel. The CRC32C routines
869 * however are always available in libkern.
872 #if BYTE_ORDER == BIG_ENDIAN
873 uint8_t byte0, byte1, byte2, byte3;
876 /* Complement the result */
878 #if BYTE_ORDER == BIG_ENDIAN
880 * For BIG-ENDIAN.. aka Motorola byte order the result is in
881 * little-endian form. So we must manually swap the bytes. Then we
882 * can call htonl() which does nothing...
884 byte0 = result & 0x000000ff;
885 byte1 = (result >> 8) & 0x000000ff;
886 byte2 = (result >> 16) & 0x000000ff;
887 byte3 = (result >> 24) & 0x000000ff;
888 crc32c = ((byte0 << 24) | (byte1 << 16) | (byte2 << 8) | byte3);
891 * For INTEL platforms the result comes out in network order. No
892 * htonl is required or the swap above. So we optimize out both the
893 * htonl and the manual swap above.
901 TxAbortErrorM(struct libalias *la, struct sctp_nat_msg *sm, struct sctp_nat_assoc *assoc, int sndrply, int direction)
903 int sctp_size = sizeof(struct sctphdr) + sizeof(struct sctp_chunkhdr) + sizeof(struct sctp_error_cause);
904 int ip_size = sizeof(struct ip) + sctp_size;
905 int include_error_cause = 1;
906 char tmp_ip[ip_size];
908 if (ntohs(sm->ip_hdr->ip_len) < ip_size) { /* short packet, cannot send error cause */
909 include_error_cause = 0;
910 ip_size = ip_size - sizeof(struct sctp_error_cause);
911 sctp_size = sctp_size - sizeof(struct sctp_error_cause);
913 /* Assign header pointers packet */
914 struct ip* ip = (struct ip *) tmp_ip;
915 struct sctphdr* sctp_hdr = (struct sctphdr *) ((char *) ip + sizeof(*ip));
916 struct sctp_chunkhdr* chunk_hdr = (struct sctp_chunkhdr *) ((char *) sctp_hdr + sizeof(*sctp_hdr));
917 struct sctp_error_cause* error_cause = (struct sctp_error_cause *) ((char *) chunk_hdr + sizeof(*chunk_hdr));
919 /* construct ip header */
920 ip->ip_v = sm->ip_hdr->ip_v;
921 ip->ip_hl = 5; /* 5*32 bit words */
923 ip->ip_len = htons(ip_size);
924 ip->ip_id = sm->ip_hdr->ip_id;
927 ip->ip_p = IPPROTO_SCTP;
929 The definitions below should be removed when they make it into the SCTP stack
931 #define SCTP_MIDDLEBOX_FLAG 0x02
932 #define SCTP_NAT_TABLE_COLLISION 0x00b0
933 #define SCTP_MISSING_NAT 0x00b1
934 chunk_hdr->chunk_type = (sndrply & SN_TX_ABORT) ? SCTP_ABORT_ASSOCIATION : SCTP_OPERATION_ERROR;
935 chunk_hdr->chunk_flags = SCTP_MIDDLEBOX_FLAG;
936 if (include_error_cause) {
937 error_cause->code = htons((sndrply & SN_REFLECT_ERROR) ? SCTP_MISSING_NAT : SCTP_NAT_TABLE_COLLISION);
938 error_cause->length = htons(sizeof(struct sctp_error_cause));
939 chunk_hdr->chunk_length = htons(sizeof(*chunk_hdr) + sizeof(struct sctp_error_cause));
941 chunk_hdr->chunk_length = htons(sizeof(*chunk_hdr));
944 /* set specific values */
946 case SN_REFLECT_ERROR:
947 chunk_hdr->chunk_flags |= SCTP_HAD_NO_TCB; /* set Tbit */
948 sctp_hdr->v_tag = sm->sctp_hdr->v_tag;
951 sctp_hdr->v_tag = (direction == SN_TO_LOCAL) ? assoc->g_vtag : assoc->l_vtag ;
954 sctp_hdr->v_tag = sm->sctp_hdr->v_tag;
957 sctp_hdr->v_tag = sm->sctpchnk.Init->initiate_tag;
961 /* Set send/reply values */
962 if (sndrply == SN_SEND_ABORT) { /*pass through NAT */
963 ip->ip_src = (direction == SN_TO_LOCAL) ? sm->ip_hdr->ip_src : assoc->a_addr;
964 ip->ip_dst = (direction == SN_TO_LOCAL) ? assoc->l_addr : sm->ip_hdr->ip_dst;
965 sctp_hdr->src_port = sm->sctp_hdr->src_port;
966 sctp_hdr->dest_port = sm->sctp_hdr->dest_port;
967 } else { /* reply and reflect */
968 ip->ip_src = sm->ip_hdr->ip_dst;
969 ip->ip_dst = sm->ip_hdr->ip_src;
970 sctp_hdr->src_port = sm->sctp_hdr->dest_port;
971 sctp_hdr->dest_port = sm->sctp_hdr->src_port;
974 /* Calculate IP header checksum */
975 ip->ip_sum = in_cksum_hdr(ip);
977 /* calculate SCTP header CRC32 */
978 sctp_hdr->checksum = 0;
979 sctp_hdr->checksum = local_sctp_finalize_crc32(calculate_crc32c(0xffffffff, (unsigned char *) sctp_hdr, sctp_size));
981 memcpy(sm->ip_hdr, ip, ip_size);
983 SN_LOG(SN_LOG_EVENT,SctpAliasLog("%s %s 0x%x (->%s:%u vtag=0x%x crc=0x%x)\n",
984 ((sndrply == SN_SEND_ABORT) ? "Sending" : "Replying"),
985 ((sndrply & SN_TX_ERROR) ? "ErrorM" : "AbortM"),
986 (include_error_cause ? ntohs(error_cause->code) : 0),
987 inet_ntoa(ip->ip_dst),ntohs(sctp_hdr->dest_port),
988 ntohl(sctp_hdr->v_tag), ntohl(sctp_hdr->checksum)));
991 /* ----------------------------------------------------------------------
993 * ----------------------------------------------------------------------
995 /** @addtogroup packet_parser
997 * These functions parse the SCTP packet and fill a sctp_nat_msg structure
998 * with the parsed contents.
1000 /** @ingroup packet_parser
1001 * @brief Parses SCTP packets for the key SCTP chunk that will be processed
1003 * This module parses SCTP packets for the key SCTP chunk that will be processed
1004 * The module completes the sctp_nat_msg structure and either retrieves the
1005 * relevant (existing) stored association from the Hash Tables or creates a new
1006 * association entity with state SN_ID
1008 * @param la Pointer to the relevant libalias instance
1009 * @param direction SN_TO_LOCAL | SN_TO_GLOBAL
1011 * @param sm Pointer to sctp message information
1012 * @param passoc Pointer to the association this SCTP Message belongs to
1014 * @return SN_PARSE_OK | SN_PARSE_ERROR_*
1017 sctp_PktParser(struct libalias *la, int direction, struct ip *pip,
1018 struct sctp_nat_msg *sm, struct sctp_nat_assoc **passoc)
1019 //sctp_PktParser(int direction, struct mbuf *ipak, int ip_hdr_len,struct sctp_nat_msg *sm, struct sctp_nat_assoc *assoc)
1021 struct sctphdr *sctp_hdr;
1022 struct sctp_chunkhdr *chunk_hdr;
1023 struct sctp_paramhdr *param_hdr;
1024 struct in_addr ipv4addr;
1025 int bytes_left; /* bytes left in ip packet */
1028 int partial_match = 0;
1032 // mlen = SCTP_HEADER_LEN(i_pak);
1033 // mp = SCTP_HEADER_TO_CHAIN(i_pak); /* does nothing in bsd since header and chain not separate */
1036 * Note, that if the VTag is zero, it must be an INIT
1037 * Also, I am only interested in the content of INIT and ADDIP chunks
1040 // no mbuf stuff from Paolo yet so ...
1042 /* remove ip header length from the bytes_left */
1043 bytes_left = ntohs(pip->ip_len) - (pip->ip_hl << 2);
1045 /* Check SCTP header length and move to first chunk */
1046 if (bytes_left < sizeof(struct sctphdr)) {
1047 sm->sctp_hdr = NULL;
1048 return(SN_PARSE_ERROR_IPSHL); /* packet not long enough*/
1051 sm->sctp_hdr = sctp_hdr = (struct sctphdr *) ip_next(pip);
1052 bytes_left -= sizeof(struct sctphdr);
1054 /* Check for valid ports (zero valued ports would find partially initialised associations */
1055 if (sctp_hdr->src_port == 0 || sctp_hdr->dest_port == 0)
1056 return(SN_PARSE_ERROR_PORT);
1058 /* Check length of first chunk */
1059 if (bytes_left < SN_MIN_CHUNK_SIZE) /* malformed chunk - could cause endless loop*/
1060 return(SN_PARSE_ERROR_CHHL); /* packet not long enough for this chunk */
1063 chunk_hdr = SN_SCTP_FIRSTCHUNK(sctp_hdr);
1065 chunk_length = SCTP_SIZE32(ntohs(chunk_hdr->chunk_length));
1066 if ((chunk_length < SN_MIN_CHUNK_SIZE) || (chunk_length > bytes_left)) /* malformed chunk - could cause endless loop*/
1067 return(SN_PARSE_ERROR_CHHL);
1069 if ((chunk_hdr->chunk_flags & SCTP_HAD_NO_TCB) &&
1070 ((chunk_hdr->chunk_type == SCTP_ABORT_ASSOCIATION) ||
1071 (chunk_hdr->chunk_type == SCTP_SHUTDOWN_COMPLETE))) {
1073 if (direction == SN_TO_LOCAL)
1074 *passoc = FindSctpGlobalT(la, pip->ip_src, sctp_hdr->v_tag, sctp_hdr->dest_port, sctp_hdr->src_port);
1076 *passoc = FindSctpLocalT(la, pip->ip_dst, sctp_hdr->v_tag, sctp_hdr->dest_port, sctp_hdr->src_port);
1078 /* Proper v_tag settings */
1079 if (direction == SN_TO_LOCAL)
1080 *passoc = FindSctpGlobal(la, pip->ip_src, sctp_hdr->v_tag, sctp_hdr->src_port, sctp_hdr->dest_port, &partial_match);
1082 *passoc = FindSctpLocal(la, pip->ip_src, pip->ip_dst, sctp_hdr->v_tag, sctp_hdr->src_port, sctp_hdr->dest_port);
1086 /* Real packet parsing occurs below */
1087 sm->msg = SN_SCTP_OTHER;/* Initialise to largest value*/
1088 sm->chunk_length = 0; /* only care about length for key chunks */
1089 while (IS_SCTP_CONTROL(chunk_hdr)) {
1090 switch(chunk_hdr->chunk_type) {
1091 case SCTP_INITIATION:
1092 if (chunk_length < sizeof(struct sctp_init_chunk)) /* malformed chunk*/
1093 return(SN_PARSE_ERROR_CHHL);
1094 sm->msg = SN_SCTP_INIT;
1095 sm->sctpchnk.Init = (struct sctp_init *) ((char *) chunk_hdr + sizeof(struct sctp_chunkhdr));
1096 sm->chunk_length = chunk_length;
1097 /* if no existing association, create a new one */
1098 if (*passoc == NULL) {
1099 if (sctp_hdr->v_tag == 0){ //Init requires vtag=0
1100 *passoc = (struct sctp_nat_assoc *) sn_malloc(sizeof(struct sctp_nat_assoc));
1101 if (*passoc == NULL) {/* out of resources */
1102 return(SN_PARSE_ERROR_AS_MALLOC);
1104 /* Initialise association - malloc initialises memory to zeros */
1105 (*passoc)->state = SN_ID;
1106 LIST_INIT(&((*passoc)->Gaddr)); /* always initialise to avoid memory problems */
1107 (*passoc)->TableRegister = SN_NULL_TBL;
1108 return(SN_PARSE_OK);
1110 return(SN_PARSE_ERROR_VTAG);
1112 return(SN_PARSE_ERROR_LOOKUP);
1113 case SCTP_INITIATION_ACK:
1114 if (chunk_length < sizeof(struct sctp_init_ack_chunk)) /* malformed chunk*/
1115 return(SN_PARSE_ERROR_CHHL);
1116 sm->msg = SN_SCTP_INITACK;
1117 sm->sctpchnk.InitAck = (struct sctp_init_ack *) ((char *) chunk_hdr + sizeof(struct sctp_chunkhdr));
1118 sm->chunk_length = chunk_length;
1119 return ((*passoc == NULL)?(SN_PARSE_ERROR_LOOKUP):(SN_PARSE_OK));
1120 case SCTP_ABORT_ASSOCIATION: /* access only minimum sized chunk */
1121 sm->msg = SN_SCTP_ABORT;
1122 sm->chunk_length = chunk_length;
1123 return ((*passoc == NULL)?(SN_PARSE_ERROR_LOOKUP_ABORT):(SN_PARSE_OK));
1124 case SCTP_SHUTDOWN_ACK:
1125 if (chunk_length < sizeof(struct sctp_shutdown_ack_chunk)) /* malformed chunk*/
1126 return(SN_PARSE_ERROR_CHHL);
1127 if (sm->msg > SN_SCTP_SHUTACK) {
1128 sm->msg = SN_SCTP_SHUTACK;
1129 sm->chunk_length = chunk_length;
1132 case SCTP_SHUTDOWN_COMPLETE: /* minimum sized chunk */
1133 if (sm->msg > SN_SCTP_SHUTCOMP) {
1134 sm->msg = SN_SCTP_SHUTCOMP;
1135 sm->chunk_length = chunk_length;
1137 return ((*passoc == NULL)?(SN_PARSE_ERROR_LOOKUP):(SN_PARSE_OK));
1139 if (sm->msg > SN_SCTP_ASCONF) {
1140 if (chunk_length < (sizeof(struct sctp_asconf_chunk) + sizeof(struct sctp_ipv4addr_param))) /* malformed chunk*/
1141 return(SN_PARSE_ERROR_CHHL);
1142 //leave parameter searching to later, if required
1143 param_hdr = (struct sctp_paramhdr *) ((char *) chunk_hdr + sizeof(struct sctp_asconf_chunk)); /*compulsory IP parameter*/
1144 if (ntohs(param_hdr->param_type) == SCTP_IPV4_ADDRESS) {
1145 if ((*passoc == NULL) && (direction == SN_TO_LOCAL)) { /* AddIP with no association */
1146 /* try look up with the ASCONF packet's alternative address */
1147 ipv4addr.s_addr = ((struct sctp_ipv4addr_param *) param_hdr)->addr;
1148 *passoc = FindSctpGlobal(la, ipv4addr, sctp_hdr->v_tag, sctp_hdr->src_port, sctp_hdr->dest_port, &partial_match);
1150 param_hdr = (struct sctp_paramhdr *)
1151 ((char *) param_hdr + sizeof(struct sctp_ipv4addr_param)); /*asconf's compulsory address parameter */
1152 sm->chunk_length = chunk_length - sizeof(struct sctp_asconf_chunk) - sizeof(struct sctp_ipv4addr_param); /* rest of chunk */
1154 if (chunk_length < (sizeof(struct sctp_asconf_chunk) + sizeof(struct sctp_ipv6addr_param))) /* malformed chunk*/
1155 return(SN_PARSE_ERROR_CHHL);
1156 param_hdr = (struct sctp_paramhdr *)
1157 ((char *) param_hdr + sizeof(struct sctp_ipv6addr_param)); /*asconf's compulsory address parameter */
1158 sm->chunk_length = chunk_length - sizeof(struct sctp_asconf_chunk) - sizeof(struct sctp_ipv6addr_param); /* rest of chunk */
1160 sm->msg = SN_SCTP_ASCONF;
1161 sm->sctpchnk.Asconf = param_hdr;
1163 if (*passoc == NULL) { /* AddIP with no association */
1164 *passoc = (struct sctp_nat_assoc *) sn_malloc(sizeof(struct sctp_nat_assoc));
1165 if (*passoc == NULL) {/* out of resources */
1166 return(SN_PARSE_ERROR_AS_MALLOC);
1168 /* Initialise association - malloc initialises memory to zeros */
1169 (*passoc)->state = SN_ID;
1170 LIST_INIT(&((*passoc)->Gaddr)); /* always initialise to avoid memory problems */
1171 (*passoc)->TableRegister = SN_NULL_TBL;
1172 return(SN_PARSE_OK);
1176 case SCTP_ASCONF_ACK:
1177 if (sm->msg > SN_SCTP_ASCONFACK) {
1178 if (chunk_length < sizeof(struct sctp_asconf_ack_chunk)) /* malformed chunk*/
1179 return(SN_PARSE_ERROR_CHHL);
1180 //leave parameter searching to later, if required
1181 param_hdr = (struct sctp_paramhdr *) ((char *) chunk_hdr
1182 + sizeof(struct sctp_asconf_ack_chunk));
1183 sm->msg = SN_SCTP_ASCONFACK;
1184 sm->sctpchnk.Asconf = param_hdr;
1185 sm->chunk_length = chunk_length - sizeof(struct sctp_asconf_ack_chunk);
1189 break; /* do nothing*/
1192 /* if no association is found exit - we need to find an Init or AddIP within sysctl_initialising_chunk_proc_limit */
1193 if ((*passoc == NULL) && (chunk_count >= sysctl_initialising_chunk_proc_limit))
1194 return(SN_PARSE_ERROR_LOOKUP);
1196 /* finished with this chunk, on to the next chunk*/
1197 bytes_left-= chunk_length;
1199 /* Is this the end of the packet ? */
1200 if (bytes_left == 0)
1201 return (*passoc == NULL)?(SN_PARSE_ERROR_LOOKUP):(SN_PARSE_OK);
1203 /* Are there enough bytes in packet to at least retrieve length of next chunk ? */
1204 if (bytes_left < SN_MIN_CHUNK_SIZE)
1205 return(SN_PARSE_ERROR_CHHL);
1207 chunk_hdr = SN_SCTP_NEXTCHUNK(chunk_hdr);
1209 /* Is the chunk long enough to not cause endless look and are there enough bytes in packet to read the chunk ? */
1210 chunk_length = SCTP_SIZE32(ntohs(chunk_hdr->chunk_length));
1211 if ((chunk_length < SN_MIN_CHUNK_SIZE) || (chunk_length > bytes_left))
1212 return(SN_PARSE_ERROR_CHHL);
1213 if(++chunk_count > sysctl_chunk_proc_limit)
1214 return(SN_PARSE_OK); /* limit for processing chunks, take what we get */
1217 if (*passoc == NULL)
1218 return (partial_match)?(SN_PARSE_ERROR_PARTIALLOOKUP):(SN_PARSE_ERROR_LOOKUP);
1220 return(SN_PARSE_OK);
1223 /** @ingroup packet_parser
1224 * @brief Extract Vtags from Asconf Chunk
1226 * GetAsconfVtags scans an Asconf Chunk for the vtags parameter, and then
1227 * extracts the vtags.
1229 * GetAsconfVtags is not called from within sctp_PktParser. It is called only
1230 * from within ID_process when an AddIP has been received.
1232 * @param la Pointer to the relevant libalias instance
1233 * @param sm Pointer to sctp message information
1234 * @param l_vtag Pointer to the local vtag in the association this SCTP Message belongs to
1235 * @param g_vtag Pointer to the local vtag in the association this SCTP Message belongs to
1236 * @param direction SN_TO_LOCAL | SN_TO_GLOBAL
1238 * @return 1 - success | 0 - fail
1241 GetAsconfVtags(struct libalias *la, struct sctp_nat_msg *sm, uint32_t *l_vtag, uint32_t *g_vtag, int direction)
1243 /* To be removed when information is in the sctp headers */
1244 #define SCTP_VTAG_PARAM 0xC007
1245 struct sctp_vtag_param {
1246 struct sctp_paramhdr ph;/* type=SCTP_VTAG_PARAM */
1247 uint32_t local_vtag;
1248 uint32_t remote_vtag;
1249 } __attribute__((packed));
1251 struct sctp_vtag_param *vtag_param;
1252 struct sctp_paramhdr *param;
1258 param = sm->sctpchnk.Asconf;
1259 param_size = SCTP_SIZE32(ntohs(param->param_length));
1260 bytes_left = sm->chunk_length;
1261 /* step through Asconf parameters */
1262 while((bytes_left >= param_size) && (bytes_left >= SN_VTAG_PARAM_SIZE)) {
1263 if (ntohs(param->param_type) == SCTP_VTAG_PARAM) {
1264 vtag_param = (struct sctp_vtag_param *) param;
1266 /* The Internet draft is a little ambigious as to order of these vtags.
1267 We think it is this way around. If we are wrong, the order will need
1270 *g_vtag = vtag_param->local_vtag;
1271 *l_vtag = vtag_param->remote_vtag;
1274 *g_vtag = vtag_param->remote_vtag;
1275 *l_vtag = vtag_param->local_vtag;
1278 return(1); /* found */
1281 bytes_left -= param_size;
1282 if (bytes_left < SN_MIN_PARAM_SIZE) return(0);
1284 param = SN_SCTP_NEXTPARAM(param);
1285 param_size = SCTP_SIZE32(ntohs(param->param_length));
1286 if (++param_count > sysctl_param_proc_limit) {
1287 SN_LOG(SN_LOG_EVENT,
1288 logsctperror("Parameter parse limit exceeded (GetAsconfVtags)",
1289 sm->sctp_hdr->v_tag, sysctl_param_proc_limit, direction));
1290 return(0); /* not found limit exceeded*/
1293 return(0); /* not found */
1296 /** @ingroup packet_parser
1297 * @brief AddGlobalIPAddresses from Init,InitAck,or AddIP packets
1299 * AddGlobalIPAddresses scans an SCTP chunk (in sm) for Global IP addresses, and
1302 * @param sm Pointer to sctp message information
1303 * @param assoc Pointer to the association this SCTP Message belongs to
1304 * @param direction SN_TO_LOCAL | SN_TO_GLOBAL
1308 AddGlobalIPAddresses(struct sctp_nat_msg *sm, struct sctp_nat_assoc *assoc, int direction)
1310 struct sctp_ipv4addr_param *ipv4_param;
1311 struct sctp_paramhdr *param = NULL;
1312 struct sctp_GlobalAddress *G_Addr;
1313 struct in_addr g_addr = {0};
1316 int param_count, addr_param_count = 0;
1319 case SN_TO_GLOBAL: /* does not contain global addresses */
1320 g_addr = sm->ip_hdr->ip_dst;
1321 bytes_left = 0; /* force exit */
1324 g_addr = sm->ip_hdr->ip_src;
1328 bytes_left = sm->chunk_length - sizeof(struct sctp_init_chunk);
1329 param = (struct sctp_paramhdr *)((char *)sm->sctpchnk.Init + sizeof(struct sctp_init));
1331 case SN_SCTP_INITACK:
1332 bytes_left = sm->chunk_length - sizeof(struct sctp_init_ack_chunk);
1333 param = (struct sctp_paramhdr *)((char *)sm->sctpchnk.InitAck + sizeof(struct sctp_init_ack));
1335 case SN_SCTP_ASCONF:
1336 bytes_left = sm->chunk_length;
1337 param = sm->sctpchnk.Asconf;
1341 if (bytes_left >= SN_MIN_PARAM_SIZE)
1342 param_size = SCTP_SIZE32(ntohs(param->param_length));
1344 param_size = bytes_left+1; /* force skip loop */
1346 if ((assoc->state == SN_ID) && ((sm->msg == SN_SCTP_INIT) || (bytes_left < SN_MIN_PARAM_SIZE))) {/* add pkt address */
1347 G_Addr = (struct sctp_GlobalAddress *) sn_malloc(sizeof(struct sctp_GlobalAddress));
1348 if (G_Addr == NULL) {/* out of resources */
1349 SN_LOG(SN_LOG_EVENT,
1350 logsctperror("AddGlobalIPAddress: No resources for adding global address - revert to no tracking",
1351 sm->sctp_hdr->v_tag, 0, direction));
1352 assoc->num_Gaddr = 0; /* don't track any more for this assoc*/
1353 sysctl_track_global_addresses=0;
1356 G_Addr->g_addr = g_addr;
1357 if (!Add_Global_Address_to_List(assoc, G_Addr))
1358 SN_LOG(SN_LOG_EVENT,
1359 logsctperror("AddGlobalIPAddress: Address already in list",
1360 sm->sctp_hdr->v_tag, assoc->num_Gaddr, direction));
1363 /* step through parameters */
1364 while((bytes_left >= param_size) && (bytes_left >= sizeof(struct sctp_ipv4addr_param))) {
1365 if (assoc->num_Gaddr >= sysctl_track_global_addresses) {
1366 SN_LOG(SN_LOG_EVENT,
1367 logsctperror("AddGlobalIPAddress: Maximum Number of addresses reached",
1368 sm->sctp_hdr->v_tag, sysctl_track_global_addresses, direction));
1371 switch(ntohs(param->param_type)) {
1372 case SCTP_ADD_IP_ADDRESS:
1373 /* skip to address parameter - leave param_size so bytes left will be calculated properly*/
1374 param = (struct sctp_paramhdr *) &((struct sctp_asconf_addrv4_param *) param)->addrp;
1375 case SCTP_IPV4_ADDRESS:
1376 ipv4_param = (struct sctp_ipv4addr_param *) param;
1377 /* add addresses to association */
1378 G_Addr = (struct sctp_GlobalAddress *) sn_malloc(sizeof(struct sctp_GlobalAddress));
1379 if (G_Addr == NULL) {/* out of resources */
1380 SN_LOG(SN_LOG_EVENT,
1381 logsctperror("AddGlobalIPAddress: No resources for adding global address - revert to no tracking",
1382 sm->sctp_hdr->v_tag, 0, direction));
1383 assoc->num_Gaddr = 0; /* don't track any more for this assoc*/
1384 sysctl_track_global_addresses=0;
1389 if ((sm->msg == SN_SCTP_ASCONF) && (ipv4_param->addr == INADDR_ANY)) { /* use packet address */
1390 G_Addr->g_addr = g_addr;
1391 if (!Add_Global_Address_to_List(assoc, G_Addr))
1392 SN_LOG(SN_LOG_EVENT,
1393 logsctperror("AddGlobalIPAddress: Address already in list",
1394 sm->sctp_hdr->v_tag, assoc->num_Gaddr, direction));
1395 return; /*shouldn't be any other addresses if the zero address is given*/
1397 G_Addr->g_addr.s_addr = ipv4_param->addr;
1398 if (!Add_Global_Address_to_List(assoc, G_Addr))
1399 SN_LOG(SN_LOG_EVENT,
1400 logsctperror("AddGlobalIPAddress: Address already in list",
1401 sm->sctp_hdr->v_tag, assoc->num_Gaddr, direction));
1405 bytes_left -= param_size;
1406 if (bytes_left < SN_MIN_PARAM_SIZE)
1409 param = SN_SCTP_NEXTPARAM(param);
1410 param_size = SCTP_SIZE32(ntohs(param->param_length));
1411 if (++param_count > sysctl_param_proc_limit) {
1412 SN_LOG(SN_LOG_EVENT,
1413 logsctperror("Parameter parse limit exceeded (AddGlobalIPAddress)",
1414 sm->sctp_hdr->v_tag, sysctl_param_proc_limit, direction));
1415 break; /* limit exceeded*/
1418 if (addr_param_count == 0) {
1419 SN_LOG(SN_LOG_DETAIL,
1420 logsctperror("AddGlobalIPAddress: no address parameters to add",
1421 sm->sctp_hdr->v_tag, assoc->num_Gaddr, direction));
1426 * @brief Add_Global_Address_to_List
1428 * Adds a global IP address to an associations address list, if it is not
1429 * already there. The first address added us usually the packet's address, and
1430 * is most likely to be used, so it is added at the beginning. Subsequent
1431 * addresses are added after this one.
1433 * @param assoc Pointer to the association this SCTP Message belongs to
1434 * @param G_addr Pointer to the global address to add
1436 * @return 1 - success | 0 - fail
1438 static int Add_Global_Address_to_List(struct sctp_nat_assoc *assoc, struct sctp_GlobalAddress *G_addr)
1440 struct sctp_GlobalAddress *iter_G_Addr = NULL, *first_G_Addr = NULL;
1441 first_G_Addr = LIST_FIRST(&(assoc->Gaddr));
1442 if (first_G_Addr == NULL) {
1443 LIST_INSERT_HEAD(&(assoc->Gaddr), G_addr, list_Gaddr); /* add new address to beginning of list*/
1445 LIST_FOREACH(iter_G_Addr, &(assoc->Gaddr), list_Gaddr) {
1446 if (G_addr->g_addr.s_addr == iter_G_Addr->g_addr.s_addr)
1447 return(0); /* already exists, so don't add */
1449 LIST_INSERT_AFTER(first_G_Addr, G_addr, list_Gaddr); /* add address to end of list*/
1452 return(1); /* success */
1455 /** @ingroup packet_parser
1456 * @brief RmGlobalIPAddresses from DelIP packets
1458 * RmGlobalIPAddresses scans an ASCONF chunk for DelIP parameters to remove the
1459 * given Global IP addresses from the association. It will not delete the
1460 * the address if it is a list of one address.
1463 * @param sm Pointer to sctp message information
1464 * @param assoc Pointer to the association this SCTP Message belongs to
1465 * @param direction SN_TO_LOCAL | SN_TO_GLOBAL
1469 RmGlobalIPAddresses(struct sctp_nat_msg *sm, struct sctp_nat_assoc *assoc, int direction)
1471 struct sctp_asconf_addrv4_param *asconf_ipv4_param;
1472 struct sctp_paramhdr *param;
1473 struct sctp_GlobalAddress *G_Addr, *G_Addr_tmp;
1474 struct in_addr g_addr;
1479 if(direction == SN_TO_GLOBAL)
1480 g_addr = sm->ip_hdr->ip_dst;
1482 g_addr = sm->ip_hdr->ip_src;
1484 bytes_left = sm->chunk_length;
1486 param = sm->sctpchnk.Asconf;
1487 if (bytes_left >= SN_MIN_PARAM_SIZE) {
1488 param_size = SCTP_SIZE32(ntohs(param->param_length));
1490 SN_LOG(SN_LOG_EVENT,
1491 logsctperror("RmGlobalIPAddress: truncated packet - cannot remove IP addresses",
1492 sm->sctp_hdr->v_tag, sysctl_track_global_addresses, direction));
1496 /* step through Asconf parameters */
1497 while((bytes_left >= param_size) && (bytes_left >= sizeof(struct sctp_ipv4addr_param))) {
1498 if (ntohs(param->param_type) == SCTP_DEL_IP_ADDRESS) {
1499 asconf_ipv4_param = (struct sctp_asconf_addrv4_param *) param;
1500 if (asconf_ipv4_param->addrp.addr == INADDR_ANY) { /* remove all bar pkt address */
1501 LIST_FOREACH_SAFE(G_Addr, &(assoc->Gaddr), list_Gaddr, G_Addr_tmp) {
1502 if(G_Addr->g_addr.s_addr != sm->ip_hdr->ip_src.s_addr) {
1503 if (assoc->num_Gaddr > 1) { /* only delete if more than one */
1504 LIST_REMOVE(G_Addr, list_Gaddr);
1508 SN_LOG(SN_LOG_EVENT,
1509 logsctperror("RmGlobalIPAddress: Request to remove last IP address (didn't)",
1510 sm->sctp_hdr->v_tag, assoc->num_Gaddr, direction));
1514 return; /*shouldn't be any other addresses if the zero address is given*/
1516 LIST_FOREACH_SAFE(G_Addr, &(assoc->Gaddr), list_Gaddr, G_Addr_tmp) {
1517 if(G_Addr->g_addr.s_addr == asconf_ipv4_param->addrp.addr) {
1518 if (assoc->num_Gaddr > 1) { /* only delete if more than one */
1519 LIST_REMOVE(G_Addr, list_Gaddr);
1522 break; /* Since add only adds new addresses, there should be no double entries */
1524 SN_LOG(SN_LOG_EVENT,
1525 logsctperror("RmGlobalIPAddress: Request to remove last IP address (didn't)",
1526 sm->sctp_hdr->v_tag, assoc->num_Gaddr, direction));
1532 bytes_left -= param_size;
1533 if (bytes_left == 0) return;
1534 else if (bytes_left < SN_MIN_PARAM_SIZE) {
1535 SN_LOG(SN_LOG_EVENT,
1536 logsctperror("RmGlobalIPAddress: truncated packet - may not have removed all IP addresses",
1537 sm->sctp_hdr->v_tag, sysctl_track_global_addresses, direction));
1541 param = SN_SCTP_NEXTPARAM(param);
1542 param_size = SCTP_SIZE32(ntohs(param->param_length));
1543 if (++param_count > sysctl_param_proc_limit) {
1544 SN_LOG(SN_LOG_EVENT,
1545 logsctperror("Parameter parse limit exceeded (RmGlobalIPAddress)",
1546 sm->sctp_hdr->v_tag, sysctl_param_proc_limit, direction));
1547 return; /* limit exceeded*/
1552 /** @ingroup packet_parser
1553 * @brief Check that ASCONF was successful
1555 * Each ASCONF configuration parameter carries a correlation ID which should be
1556 * matched with an ASCONFack. This is difficult for a NAT, since every
1557 * association could potentially have a number of outstanding ASCONF
1558 * configuration parameters, which should only be activated on receipt of the
1561 * Currently we only look for an ACK when the NAT is setting up a new
1562 * association (ie AddIP for a connection that the NAT does not know about
1563 * because the original Init went through a public interface or another NAT)
1564 * Since there is currently no connection on this path, there should be no other
1565 * ASCONF configuration parameters outstanding, so we presume that if there is
1566 * an ACK that it is responding to the AddIP and activate the new association.
1568 * @param la Pointer to the relevant libalias instance
1569 * @param sm Pointer to sctp message information
1570 * @param direction SN_TO_LOCAL | SN_TO_GLOBAL
1572 * @return 1 - success | 0 - fail
1575 IsASCONFack(struct libalias *la, struct sctp_nat_msg *sm, int direction)
1577 struct sctp_paramhdr *param;
1583 param = sm->sctpchnk.Asconf;
1584 param_size = SCTP_SIZE32(ntohs(param->param_length));
1585 if (param_size == 8)
1586 return(1); /*success - default acknowledgement of everything */
1588 bytes_left = sm->chunk_length;
1589 if (bytes_left < param_size)
1590 return(0); /* not found */
1591 /* step through Asconf parameters */
1592 while(bytes_left >= SN_ASCONFACK_PARAM_SIZE) {
1593 if (ntohs(param->param_type) == SCTP_SUCCESS_REPORT)
1594 return(1); /* success - but can't match correlation IDs - should only be one */
1595 /* check others just in case */
1596 bytes_left -= param_size;
1597 if (bytes_left >= SN_MIN_PARAM_SIZE) {
1598 param = SN_SCTP_NEXTPARAM(param);
1602 param_size = SCTP_SIZE32(ntohs(param->param_length));
1603 if (bytes_left < param_size) return(0);
1605 if (++param_count > sysctl_param_proc_limit) {
1606 SN_LOG(SN_LOG_EVENT,
1607 logsctperror("Parameter parse limit exceeded (IsASCONFack)",
1608 sm->sctp_hdr->v_tag, sysctl_param_proc_limit, direction));
1609 return(0); /* not found limit exceeded*/
1612 return(0); /* not success */
1615 /** @ingroup packet_parser
1616 * @brief Check to see if ASCONF contains an Add IP or Del IP parameter
1618 * IsADDorDEL scans an ASCONF packet to see if it contains an AddIP or DelIP
1621 * @param la Pointer to the relevant libalias instance
1622 * @param sm Pointer to sctp message information
1623 * @param direction SN_TO_LOCAL | SN_TO_GLOBAL
1625 * @return SCTP_ADD_IP_ADDRESS | SCTP_DEL_IP_ADDRESS | 0 - fail
1628 IsADDorDEL(struct libalias *la, struct sctp_nat_msg *sm, int direction)
1630 struct sctp_paramhdr *param;
1636 param = sm->sctpchnk.Asconf;
1637 param_size = SCTP_SIZE32(ntohs(param->param_length));
1639 bytes_left = sm->chunk_length;
1640 if (bytes_left < param_size)
1641 return(0); /* not found */
1642 /* step through Asconf parameters */
1643 while(bytes_left >= SN_ASCONFACK_PARAM_SIZE) {
1644 if (ntohs(param->param_type) == SCTP_ADD_IP_ADDRESS)
1645 return(SCTP_ADD_IP_ADDRESS);
1646 else if (ntohs(param->param_type) == SCTP_DEL_IP_ADDRESS)
1647 return(SCTP_DEL_IP_ADDRESS);
1648 /* check others just in case */
1649 bytes_left -= param_size;
1650 if (bytes_left >= SN_MIN_PARAM_SIZE) {
1651 param = SN_SCTP_NEXTPARAM(param);
1653 return(0); /*Neither found */
1655 param_size = SCTP_SIZE32(ntohs(param->param_length));
1656 if (bytes_left < param_size) return(0);
1658 if (++param_count > sysctl_param_proc_limit) {
1659 SN_LOG(SN_LOG_EVENT,
1660 logsctperror("Parameter parse limit exceeded IsADDorDEL)",
1661 sm->sctp_hdr->v_tag, sysctl_param_proc_limit, direction));
1662 return(0); /* not found limit exceeded*/
1665 return(0); /*Neither found */
1668 /* ----------------------------------------------------------------------
1669 * STATE MACHINE CODE
1670 * ----------------------------------------------------------------------
1672 /** @addtogroup state_machine
1674 * The SCTP NAT State Machine functions will:
1675 * - Process an already parsed packet
1676 * - Use the existing NAT Hash Tables
1677 * - Determine the next state for the association
1678 * - Update the NAT Hash Tables and Timer Queues
1679 * - Return the appropriate action to take with the packet
1681 /** @ingroup state_machine
1682 * @brief Process SCTP message
1684 * This function is the base state machine. It calls the processing engine for
1687 * @param la Pointer to the relevant libalias instance
1688 * @param direction SN_TO_LOCAL | SN_TO_GLOBAL
1689 * @param sm Pointer to sctp message information
1690 * @param assoc Pointer to the association this SCTP Message belongs to
1692 * @return SN_DROP_PKT | SN_NAT_PKT | SN_REPLY_ABORT | SN_REPLY_ERROR | SN_PROCESSING_ERROR
1695 ProcessSctpMsg(struct libalias *la, int direction, struct sctp_nat_msg *sm, struct sctp_nat_assoc *assoc)
1699 switch (assoc->state) {
1700 case SN_ID: /* Idle */
1701 rtnval = ID_process(la, direction, assoc, sm);
1702 if (rtnval != SN_NAT_PKT) {
1703 assoc->state = SN_RM;/* Mark for removal*/
1706 case SN_INi: /* Initialising - Init */
1707 return(INi_process(la, direction, assoc, sm));
1708 case SN_INa: /* Initialising - AddIP */
1709 return(INa_process(la, direction, assoc, sm));
1710 case SN_UP: /* Association UP */
1711 return(UP_process(la, direction, assoc, sm));
1712 case SN_CL: /* Association Closing */
1713 return(CL_process(la, direction, assoc, sm));
1715 return(SN_PROCESSING_ERROR);
1718 /** @ingroup state_machine
1719 * @brief Process SCTP message while in the Idle state
1721 * This function looks for an Incoming INIT or AddIP message.
1723 * All other SCTP messages are invalid when in SN_ID, and are dropped.
1725 * @param la Pointer to the relevant libalias instance
1726 * @param direction SN_TO_LOCAL | SN_TO_GLOBAL
1727 * @param sm Pointer to sctp message information
1728 * @param assoc Pointer to the association this SCTP Message belongs to
1730 * @return SN_NAT_PKT | SN_DROP_PKT | SN_REPLY_ABORT | SN_REPLY_ERROR
1733 ID_process(struct libalias *la, int direction, struct sctp_nat_assoc *assoc, struct sctp_nat_msg *sm)
1736 case SN_SCTP_ASCONF: /* a packet containing an ASCONF chunk with ADDIP */
1737 if (!sysctl_accept_global_ootb_addip && (direction == SN_TO_LOCAL))
1738 return(SN_DROP_PKT);
1739 /* if this Asconf packet does not contain the Vtag parameters it is of no use in Idle state */
1740 if (!GetAsconfVtags(la, sm, &(assoc->l_vtag), &(assoc->g_vtag), direction))
1741 return(SN_DROP_PKT);
1742 case SN_SCTP_INIT: /* a packet containing an INIT chunk or an ASCONF AddIP */
1743 if (sysctl_track_global_addresses)
1744 AddGlobalIPAddresses(sm, assoc, direction);
1747 assoc->l_addr = sm->ip_hdr->ip_src;
1748 assoc->a_addr = FindAliasAddress(la, assoc->l_addr);
1749 assoc->l_port = sm->sctp_hdr->src_port;
1750 assoc->g_port = sm->sctp_hdr->dest_port;
1751 if(sm->msg == SN_SCTP_INIT)
1752 assoc->g_vtag = sm->sctpchnk.Init->initiate_tag;
1753 if (AddSctpAssocGlobal(la, assoc)) /* DB clash *///**** need to add dst address
1754 return((sm->msg == SN_SCTP_INIT) ? SN_REPLY_ABORT : SN_REPLY_ERROR);
1755 if(sm->msg == SN_SCTP_ASCONF) {
1756 if (AddSctpAssocLocal(la, assoc, sm->ip_hdr->ip_dst)) /* DB clash */
1757 return(SN_REPLY_ERROR);
1758 assoc->TableRegister |= SN_WAIT_TOLOCAL; /* wait for tolocal ack */
1762 assoc->l_addr = FindSctpRedirectAddress(la, sm);
1763 assoc->a_addr = sm->ip_hdr->ip_dst;
1764 assoc->l_port = sm->sctp_hdr->dest_port;
1765 assoc->g_port = sm->sctp_hdr->src_port;
1766 if(sm->msg == SN_SCTP_INIT)
1767 assoc->l_vtag = sm->sctpchnk.Init->initiate_tag;
1768 if (AddSctpAssocLocal(la, assoc, sm->ip_hdr->ip_src)) /* DB clash */
1769 return((sm->msg == SN_SCTP_INIT) ? SN_REPLY_ABORT : SN_REPLY_ERROR);
1770 if(sm->msg == SN_SCTP_ASCONF) {
1771 if (AddSctpAssocGlobal(la, assoc)) /* DB clash */ //**** need to add src address
1772 return(SN_REPLY_ERROR);
1773 assoc->TableRegister |= SN_WAIT_TOGLOBAL; /* wait for toglobal ack */
1777 assoc->state = (sm->msg == SN_SCTP_INIT) ? SN_INi : SN_INa;
1778 assoc->exp = SN_I_T(la);
1779 sctp_AddTimeOut(la,assoc);
1781 default: /* Any other type of SCTP message is not valid in Idle */
1782 return(SN_DROP_PKT);
1784 return(SN_DROP_PKT);/* shouldn't get here very bad: log, drop and hope for the best */
1787 /** @ingroup state_machine
1788 * @brief Process SCTP message while waiting for an INIT-ACK message
1790 * Only an INIT-ACK, resent INIT, or an ABORT SCTP packet are valid in this
1791 * state, all other packets are dropped.
1793 * @param la Pointer to the relevant libalias instance
1794 * @param direction SN_TO_LOCAL | SN_TO_GLOBAL
1795 * @param sm Pointer to sctp message information
1796 * @param assoc Pointer to the association this SCTP Message belongs to
1798 * @return SN_NAT_PKT | SN_DROP_PKT | SN_REPLY_ABORT
1801 INi_process(struct libalias *la, int direction, struct sctp_nat_assoc *assoc, struct sctp_nat_msg *sm)
1804 case SN_SCTP_INIT: /* a packet containing a retransmitted INIT chunk */
1805 sctp_ResetTimeOut(la, assoc, SN_I_T(la));
1807 case SN_SCTP_INITACK: /* a packet containing an INIT-ACK chunk */
1810 if (assoc->num_Gaddr) /*If tracking global addresses for this association */
1811 AddGlobalIPAddresses(sm, assoc, direction);
1812 assoc->l_vtag = sm->sctpchnk.Init->initiate_tag;
1813 if (AddSctpAssocLocal(la, assoc, sm->ip_hdr->ip_src)) { /* DB clash */
1814 assoc->state = SN_RM;/* Mark for removal*/
1815 return(SN_SEND_ABORT);
1819 assoc->l_addr = sm->ip_hdr->ip_src; // Only if not set in Init! *
1820 assoc->g_vtag = sm->sctpchnk.Init->initiate_tag;
1821 if (AddSctpAssocGlobal(la, assoc)) { /* DB clash */
1822 assoc->state = SN_RM;/* Mark for removal*/
1823 return(SN_SEND_ABORT);
1827 assoc->state = SN_UP;/* association established for NAT */
1828 sctp_ResetTimeOut(la,assoc, SN_U_T(la));
1830 case SN_SCTP_ABORT: /* a packet containing an ABORT chunk */
1831 assoc->state = SN_RM;/* Mark for removal*/
1834 return(SN_DROP_PKT);
1836 return(SN_DROP_PKT);/* shouldn't get here very bad: log, drop and hope for the best */
1839 /** @ingroup state_machine
1840 * @brief Process SCTP message while waiting for an AddIp-ACK message
1842 * Only an AddIP-ACK, resent AddIP, or an ABORT message are valid, all other
1843 * SCTP packets are dropped
1845 * @param la Pointer to the relevant libalias instance
1846 * @param direction SN_TO_LOCAL | SN_TO_GLOBAL
1847 * @param sm Pointer to sctp message information
1848 * @param assoc Pointer to the association this SCTP Message belongs to
1850 * @return SN_NAT_PKT | SN_DROP_PKT
1853 INa_process(struct libalias *la, int direction,struct sctp_nat_assoc *assoc, struct sctp_nat_msg *sm)
1856 case SN_SCTP_ASCONF: /* a packet containing an ASCONF chunk*/
1857 sctp_ResetTimeOut(la,assoc, SN_I_T(la));
1859 case SN_SCTP_ASCONFACK: /* a packet containing an ASCONF chunk with a ADDIP-ACK */
1862 if (!(assoc->TableRegister & SN_WAIT_TOLOCAL)) /* wrong direction */
1863 return(SN_DROP_PKT);
1866 if (!(assoc->TableRegister & SN_WAIT_TOGLOBAL)) /* wrong direction */
1867 return(SN_DROP_PKT);
1869 if (IsASCONFack(la,sm,direction)) {
1870 assoc->TableRegister &= SN_BOTH_TBL; /* remove wait flags */
1871 assoc->state = SN_UP; /* association established for NAT */
1872 sctp_ResetTimeOut(la,assoc, SN_U_T(la));
1875 assoc->state = SN_RM;/* Mark for removal*/
1878 case SN_SCTP_ABORT: /* a packet containing an ABORT chunk */
1879 assoc->state = SN_RM;/* Mark for removal*/
1882 return(SN_DROP_PKT);
1884 return(SN_DROP_PKT);/* shouldn't get here very bad: log, drop and hope for the best */
1887 /** @ingroup state_machine
1888 * @brief Process SCTP messages while association is UP redirecting packets
1890 * While in the SN_UP state, all packets for the particular association
1891 * are passed. Only a SHUT-ACK or an ABORT will cause a change of state.
1893 * @param la Pointer to the relevant libalias instance
1894 * @param direction SN_TO_LOCAL | SN_TO_GLOBAL
1895 * @param sm Pointer to sctp message information
1896 * @param assoc Pointer to the association this SCTP Message belongs to
1898 * @return SN_NAT_PKT | SN_DROP_PKT
1901 UP_process(struct libalias *la, int direction, struct sctp_nat_assoc *assoc, struct sctp_nat_msg *sm)
1904 case SN_SCTP_SHUTACK: /* a packet containing a SHUTDOWN-ACK chunk */
1905 assoc->state = SN_CL;
1906 sctp_ResetTimeOut(la,assoc, SN_C_T(la));
1908 case SN_SCTP_ABORT: /* a packet containing an ABORT chunk */
1909 assoc->state = SN_RM;/* Mark for removal*/
1911 case SN_SCTP_ASCONF: /* a packet containing an ASCONF chunk*/
1912 if ((direction == SN_TO_LOCAL) && assoc->num_Gaddr) /*If tracking global addresses for this association & from global side */
1913 switch(IsADDorDEL(la,sm,direction)) {
1914 case SCTP_ADD_IP_ADDRESS:
1915 AddGlobalIPAddresses(sm, assoc, direction);
1917 case SCTP_DEL_IP_ADDRESS:
1918 RmGlobalIPAddresses(sm, assoc, direction);
1920 } /* fall through to default */
1922 sctp_ResetTimeOut(la,assoc, SN_U_T(la));
1923 return(SN_NAT_PKT); /* forward packet */
1925 return(SN_DROP_PKT);/* shouldn't get here very bad: log, drop and hope for the best */
1928 /** @ingroup state_machine
1929 * @brief Process SCTP message while association is in the process of closing
1931 * This function waits for a SHUT-COMP to close the association. Depending on
1932 * the setting of sysctl_holddown_timer it may not remove the association
1933 * immediately, but leave it up until SN_X_T(la). Only SHUT-COMP, SHUT-ACK, and
1934 * ABORT packets are permitted in this state. All other packets are dropped.
1936 * @param la Pointer to the relevant libalias instance
1937 * @param direction SN_TO_LOCAL | SN_TO_GLOBAL
1938 * @param sm Pointer to sctp message information
1939 * @param assoc Pointer to the association this SCTP Message belongs to
1941 * @return SN_NAT_PKT | SN_DROP_PKT
1944 CL_process(struct libalias *la, int direction,struct sctp_nat_assoc *assoc, struct sctp_nat_msg *sm)
1947 case SN_SCTP_SHUTCOMP: /* a packet containing a SHUTDOWN-COMPLETE chunk */
1948 assoc->state = SN_CL; /* Stay in Close state until timeout */
1949 if (sysctl_holddown_timer > 0)
1950 sctp_ResetTimeOut(la, assoc, SN_X_T(la));/* allow to stay open for Tbit packets*/
1952 assoc->state = SN_RM;/* Mark for removal*/
1954 case SN_SCTP_SHUTACK: /* a packet containing a SHUTDOWN-ACK chunk */
1955 assoc->state = SN_CL; /* Stay in Close state until timeout */
1956 sctp_ResetTimeOut(la, assoc, SN_C_T(la));
1958 case SN_SCTP_ABORT: /* a packet containing an ABORT chunk */
1959 assoc->state = SN_RM;/* Mark for removal*/
1962 return(SN_DROP_PKT);
1964 return(SN_DROP_PKT);/* shouldn't get here very bad: log, drop and hope for the best */
1967 /* ----------------------------------------------------------------------
1969 * ----------------------------------------------------------------------
1971 /** @addtogroup Hash
1973 * The Hash functions facilitate searching the NAT Hash Tables for associations
1974 * as well as adding/removing associations from the table(s).
1977 * @brief Find the SCTP association given the local address, port and vtag
1979 * Searches the local look-up table for the association entry matching the
1980 * provided local <address:ports:vtag> tuple
1982 * @param la Pointer to the relevant libalias instance
1983 * @param l_addr local address
1984 * @param g_addr global address
1985 * @param l_vtag local Vtag
1986 * @param l_port local Port
1987 * @param g_port global Port
1989 * @return pointer to association or NULL
1991 static struct sctp_nat_assoc*
1992 FindSctpLocal(struct libalias *la, struct in_addr l_addr, struct in_addr g_addr, uint32_t l_vtag, uint16_t l_port, uint16_t g_port)
1995 struct sctp_nat_assoc *assoc = NULL;
1996 struct sctp_GlobalAddress *G_Addr = NULL;
1998 if (l_vtag != 0) { /* an init packet, vtag==0 */
1999 i = SN_TABLE_HASH(l_vtag, l_port, la->sctpNatTableSize);
2000 LIST_FOREACH(assoc, &la->sctpTableLocal[i], list_L) {
2001 if ((assoc->l_vtag == l_vtag) && (assoc->l_port == l_port) && (assoc->g_port == g_port)\
2002 && (assoc->l_addr.s_addr == l_addr.s_addr)) {
2003 if (assoc->num_Gaddr) {
2004 LIST_FOREACH(G_Addr, &(assoc->Gaddr), list_Gaddr) {
2005 if(G_Addr->g_addr.s_addr == g_addr.s_addr)
2018 * @brief Check for Global Clash
2020 * Searches the global look-up table for the association entry matching the
2021 * provided global <(addresses):ports:vtag> tuple
2023 * @param la Pointer to the relevant libalias instance
2024 * @param Cassoc association being checked for a clash
2026 * @return pointer to association or NULL
2028 static struct sctp_nat_assoc*
2029 FindSctpGlobalClash(struct libalias *la, struct sctp_nat_assoc *Cassoc)
2032 struct sctp_nat_assoc *assoc = NULL;
2033 struct sctp_GlobalAddress *G_Addr = NULL;
2034 struct sctp_GlobalAddress *G_AddrC = NULL;
2036 if (Cassoc->g_vtag != 0) { /* an init packet, vtag==0 */
2037 i = SN_TABLE_HASH(Cassoc->g_vtag, Cassoc->g_port, la->sctpNatTableSize);
2038 LIST_FOREACH(assoc, &la->sctpTableGlobal[i], list_G) {
2039 if ((assoc->g_vtag == Cassoc->g_vtag) && (assoc->g_port == Cassoc->g_port) && (assoc->l_port == Cassoc->l_port)) {
2040 if (assoc->num_Gaddr) {
2041 LIST_FOREACH(G_AddrC, &(Cassoc->Gaddr), list_Gaddr) {
2042 LIST_FOREACH(G_Addr, &(assoc->Gaddr), list_Gaddr) {
2043 if(G_Addr->g_addr.s_addr == G_AddrC->g_addr.s_addr)
2057 * @brief Find the SCTP association given the global port and vtag
2059 * Searches the global look-up table for the association entry matching the
2060 * provided global <address:ports:vtag> tuple
2062 * If all but the global address match it sets partial_match to 1 to indicate a
2063 * partial match. If the NAT is tracking global IP addresses for this
2064 * association, the NAT may respond with an ERRORM to request the missing
2065 * address to be added.
2067 * @param la Pointer to the relevant libalias instance
2068 * @param g_addr global address
2069 * @param g_vtag global vtag
2070 * @param g_port global port
2071 * @param l_port local port
2073 * @return pointer to association or NULL
2075 static struct sctp_nat_assoc*
2076 FindSctpGlobal(struct libalias *la, struct in_addr g_addr, uint32_t g_vtag, uint16_t g_port, uint16_t l_port, int *partial_match)
2079 struct sctp_nat_assoc *assoc = NULL;
2080 struct sctp_GlobalAddress *G_Addr = NULL;
2083 if (g_vtag != 0) { /* an init packet, vtag==0 */
2084 i = SN_TABLE_HASH(g_vtag, g_port, la->sctpNatTableSize);
2085 LIST_FOREACH(assoc, &la->sctpTableGlobal[i], list_G) {
2086 if ((assoc->g_vtag == g_vtag) && (assoc->g_port == g_port) && (assoc->l_port == l_port)) {
2088 if (assoc->num_Gaddr) {
2089 LIST_FOREACH(G_Addr, &(assoc->Gaddr), list_Gaddr) {
2090 if(G_Addr->g_addr.s_addr == g_addr.s_addr)
2103 * @brief Find the SCTP association for a T-Flag message (given the global port and local vtag)
2105 * Searches the local look-up table for a unique association entry matching the
2106 * provided global port and local vtag information
2108 * @param la Pointer to the relevant libalias instance
2109 * @param g_addr global address
2110 * @param l_vtag local Vtag
2111 * @param g_port global Port
2112 * @param l_port local Port
2114 * @return pointer to association or NULL
2116 static struct sctp_nat_assoc*
2117 FindSctpLocalT(struct libalias *la, struct in_addr g_addr, uint32_t l_vtag, uint16_t g_port, uint16_t l_port)
2120 struct sctp_nat_assoc *assoc = NULL, *lastmatch = NULL;
2121 struct sctp_GlobalAddress *G_Addr = NULL;
2124 if (l_vtag != 0) { /* an init packet, vtag==0 */
2125 i = SN_TABLE_HASH(l_vtag, g_port, la->sctpNatTableSize);
2126 LIST_FOREACH(assoc, &la->sctpTableGlobal[i], list_G) {
2127 if ((assoc->g_vtag == l_vtag) && (assoc->g_port == g_port) && (assoc->l_port == l_port)) {
2128 if (assoc->num_Gaddr) {
2129 LIST_FOREACH(G_Addr, &(assoc->Gaddr), list_Gaddr) {
2130 if(G_Addr->g_addr.s_addr == G_Addr->g_addr.s_addr)
2131 return(assoc); /* full match */
2134 if (++cnt > 1) return(NULL);
2140 /* If there is more than one match we do not know which local address to send to */
2141 return( cnt ? lastmatch : NULL );
2145 * @brief Find the SCTP association for a T-Flag message (given the local port and global vtag)
2147 * Searches the global look-up table for a unique association entry matching the
2148 * provided local port and global vtag information
2150 * @param la Pointer to the relevant libalias instance
2151 * @param g_addr global address
2152 * @param g_vtag global vtag
2153 * @param l_port local port
2154 * @param g_port global port
2156 * @return pointer to association or NULL
2158 static struct sctp_nat_assoc*
2159 FindSctpGlobalT(struct libalias *la, struct in_addr g_addr, uint32_t g_vtag, uint16_t l_port, uint16_t g_port)
2162 struct sctp_nat_assoc *assoc = NULL;
2163 struct sctp_GlobalAddress *G_Addr = NULL;
2165 if (g_vtag != 0) { /* an init packet, vtag==0 */
2166 i = SN_TABLE_HASH(g_vtag, l_port, la->sctpNatTableSize);
2167 LIST_FOREACH(assoc, &la->sctpTableLocal[i], list_L) {
2168 if ((assoc->l_vtag == g_vtag) && (assoc->l_port == l_port) && (assoc->g_port == g_port)) {
2169 if (assoc->num_Gaddr) {
2170 LIST_FOREACH(G_Addr, &(assoc->Gaddr), list_Gaddr) {
2171 if(G_Addr->g_addr.s_addr == g_addr.s_addr)
2184 * @brief Add the sctp association information to the local look up table
2186 * Searches the local look-up table for an existing association with the same
2187 * details. If a match exists and is ONLY in the local look-up table then this
2188 * is a repeated INIT packet, we need to remove this association from the
2189 * look-up table and add the new association
2191 * The new association is added to the head of the list and state is updated
2193 * @param la Pointer to the relevant libalias instance
2194 * @param assoc pointer to sctp association
2195 * @param g_addr global address
2197 * @return SN_ADD_OK | SN_ADD_CLASH
2200 AddSctpAssocLocal(struct libalias *la, struct sctp_nat_assoc *assoc, struct in_addr g_addr)
2202 struct sctp_nat_assoc *found;
2204 LIBALIAS_LOCK_ASSERT(la);
2205 found = FindSctpLocal(la, assoc->l_addr, g_addr, assoc->l_vtag, assoc->l_port, assoc->g_port);
2207 * Note that if a different global address initiated this Init,
2208 * ie it wasn't resent as presumed:
2209 * - the local receiver if receiving it for the first time will establish
2210 * an association with the new global host
2211 * - if receiving an init from a different global address after sending a
2212 * lost initack it will send an initack to the new global host, the first
2213 * association attempt will then be blocked if retried.
2215 if (found != NULL) {
2216 if ((found->TableRegister == SN_LOCAL_TBL) && (found->g_port == assoc->g_port)) { /* resent message */
2217 RmSctpAssoc(la, found);
2218 sctp_RmTimeOut(la, found);
2219 freeGlobalAddressList(found);
2222 return(SN_ADD_CLASH);
2225 LIST_INSERT_HEAD(&la->sctpTableLocal[SN_TABLE_HASH(assoc->l_vtag, assoc->l_port, la->sctpNatTableSize)],
2227 assoc->TableRegister |= SN_LOCAL_TBL;
2228 la->sctpLinkCount++; //increment link count
2230 if (assoc->TableRegister == SN_BOTH_TBL) {
2231 /* libalias log -- controlled by libalias */
2232 if (la->packetAliasMode & PKT_ALIAS_LOG)
2233 SctpShowAliasStats(la);
2235 SN_LOG(SN_LOG_INFO, logsctpassoc(assoc, "^"));
2242 * @brief Add the sctp association information to the global look up table
2244 * Searches the global look-up table for an existing association with the same
2245 * details. If a match exists and is ONLY in the global look-up table then this
2246 * is a repeated INIT packet, we need to remove this association from the
2247 * look-up table and add the new association
2249 * The new association is added to the head of the list and state is updated
2251 * @param la Pointer to the relevant libalias instance
2252 * @param assoc pointer to sctp association
2254 * @return SN_ADD_OK | SN_ADD_CLASH
2257 AddSctpAssocGlobal(struct libalias *la, struct sctp_nat_assoc *assoc)
2259 struct sctp_nat_assoc *found;
2261 LIBALIAS_LOCK_ASSERT(la);
2262 found = FindSctpGlobalClash(la, assoc);
2263 if (found != NULL) {
2264 if ((found->TableRegister == SN_GLOBAL_TBL) && \
2265 (found->l_addr.s_addr == assoc->l_addr.s_addr) && (found->l_port == assoc->l_port)) { /* resent message */
2266 RmSctpAssoc(la, found);
2267 sctp_RmTimeOut(la, found);
2268 freeGlobalAddressList(found);
2271 return(SN_ADD_CLASH);
2274 LIST_INSERT_HEAD(&la->sctpTableGlobal[SN_TABLE_HASH(assoc->g_vtag, assoc->g_port, la->sctpNatTableSize)],
2276 assoc->TableRegister |= SN_GLOBAL_TBL;
2277 la->sctpLinkCount++; //increment link count
2279 if (assoc->TableRegister == SN_BOTH_TBL) {
2280 /* libalias log -- controlled by libalias */
2281 if (la->packetAliasMode & PKT_ALIAS_LOG)
2282 SctpShowAliasStats(la);
2284 SN_LOG(SN_LOG_INFO, logsctpassoc(assoc, "^"));
2291 * @brief Remove the sctp association information from the look up table
2293 * For each of the two (local/global) look-up tables, remove the association
2294 * from that table IF it has been registered in that table.
2296 * NOTE: The calling code is responsible for freeing memory allocated to the
2297 * association structure itself
2299 * NOTE: The association is NOT removed from the timer queue
2301 * @param la Pointer to the relevant libalias instance
2302 * @param assoc pointer to sctp association
2305 RmSctpAssoc(struct libalias *la, struct sctp_nat_assoc *assoc)
2307 // struct sctp_nat_assoc *found;
2308 if (assoc == NULL) {
2309 /* very bad, log and die*/
2311 logsctperror("ERROR: alias_sctp:RmSctpAssoc(NULL)\n", 0, 0, SN_TO_NODIR));
2314 /* log if association is fully up and now closing */
2315 if (assoc->TableRegister == SN_BOTH_TBL) {
2316 SN_LOG(SN_LOG_INFO, logsctpassoc(assoc, "$"));
2318 LIBALIAS_LOCK_ASSERT(la);
2319 if (assoc->TableRegister & SN_LOCAL_TBL) {
2320 assoc->TableRegister ^= SN_LOCAL_TBL;
2321 la->sctpLinkCount--; //decrement link count
2322 LIST_REMOVE(assoc, list_L);
2325 if (assoc->TableRegister & SN_GLOBAL_TBL) {
2326 assoc->TableRegister ^= SN_GLOBAL_TBL;
2327 la->sctpLinkCount--; //decrement link count
2328 LIST_REMOVE(assoc, list_G);
2330 // sn_free(assoc); //Don't remove now, remove if needed later
2331 /* libalias logging -- controlled by libalias log definition */
2332 if (la->packetAliasMode & PKT_ALIAS_LOG)
2333 SctpShowAliasStats(la);
2338 * @brief free the Global Address List memory
2340 * freeGlobalAddressList deletes all global IP addresses in an associations
2341 * global IP address list.
2345 static void freeGlobalAddressList(struct sctp_nat_assoc *assoc)
2347 struct sctp_GlobalAddress *gaddr1=NULL,*gaddr2=NULL;
2348 /*free global address list*/
2349 gaddr1 = LIST_FIRST(&(assoc->Gaddr));
2350 while (gaddr1 != NULL) {
2351 gaddr2 = LIST_NEXT(gaddr1, list_Gaddr);
2356 /* ----------------------------------------------------------------------
2358 * ----------------------------------------------------------------------
2360 /** @addtogroup Timer
2362 * The timer queue management functions are designed to operate efficiently with
2363 * a minimum of interaction with the queues.
2365 * Once a timeout is set in the queue it will not be altered in the queue unless
2366 * it has to be changed to a shorter time (usually only for aborts and closing).
2367 * On a queue timeout, the real expiry time is checked, and if not leq than the
2368 * timeout it is requeued (O(1)) at its later time. This is especially important
2369 * for normal packets sent during an association. When a timer expires, it is
2370 * updated to its new expiration time if necessary, or processed as a
2371 * timeout. This means that while in UP state, the timing queue is only altered
2372 * every U_T (every few minutes) for a particular association.
2375 * @brief Add an association timeout to the timer queue
2377 * Determine the location in the queue to add the timeout and insert the
2378 * association into the list at that queue position
2384 sctp_AddTimeOut(struct libalias *la, struct sctp_nat_assoc *assoc)
2387 LIBALIAS_LOCK_ASSERT(la);
2388 add_loc = assoc->exp - la->sctpNatTimer.loc_time + la->sctpNatTimer.cur_loc;
2389 if (add_loc >= SN_TIMER_QUEUE_SIZE)
2390 add_loc -= SN_TIMER_QUEUE_SIZE;
2391 LIST_INSERT_HEAD(&la->sctpNatTimer.TimerQ[add_loc], assoc, timer_Q);
2392 assoc->exp_loc = add_loc;
2396 * @brief Remove an association from timer queue
2398 * This is an O(1) operation to remove the association pointer from its
2399 * current position in the timer queue
2401 * @param la Pointer to the relevant libalias instance
2402 * @param assoc pointer to sctp association
2405 sctp_RmTimeOut(struct libalias *la, struct sctp_nat_assoc *assoc)
2407 LIBALIAS_LOCK_ASSERT(la);
2408 LIST_REMOVE(assoc, timer_Q);/* Note this is O(1) */
2413 * @brief Reset timer in timer queue
2415 * Reset the actual timeout for the specified association. If it is earlier than
2416 * the existing timeout, then remove and re-install the association into the
2419 * @param la Pointer to the relevant libalias instance
2420 * @param assoc pointer to sctp association
2421 * @param newexp New expiration time
2424 sctp_ResetTimeOut(struct libalias *la, struct sctp_nat_assoc *assoc, int newexp)
2426 if (newexp < assoc->exp) {
2427 sctp_RmTimeOut(la, assoc);
2428 assoc->exp = newexp;
2429 sctp_AddTimeOut(la, assoc);
2431 assoc->exp = newexp;
2436 * @brief Check timer Q against current time
2438 * Loop through each entry in the timer queue since the last time we processed
2439 * the timer queue until now (the current time). For each association in the
2440 * event list, we remove it from that position in the timer queue and check if
2441 * it has really expired. If so we:
2442 * - Log the timer expiry
2443 * - Remove the association from the NAT tables
2444 * - Release the memory used by the association
2446 * If the timer hasn't really expired we place the association into its new
2447 * correct position in the timer queue.
2449 * @param la Pointer to the relevant libalias instance
2452 sctp_CheckTimers(struct libalias *la)
2454 struct sctp_nat_assoc *assoc;
2456 LIBALIAS_LOCK_ASSERT(la);
2457 while(la->timeStamp >= la->sctpNatTimer.loc_time) {
2458 while (!LIST_EMPTY(&la->sctpNatTimer.TimerQ[la->sctpNatTimer.cur_loc])) {
2459 assoc = LIST_FIRST(&la->sctpNatTimer.TimerQ[la->sctpNatTimer.cur_loc]);
2460 //SLIST_REMOVE_HEAD(&la->sctpNatTimer.TimerQ[la->sctpNatTimer.cur_loc], timer_Q);
2461 LIST_REMOVE(assoc, timer_Q);
2462 if (la->timeStamp >= assoc->exp) { /* state expired */
2463 SN_LOG(((assoc->state == SN_CL)?(SN_LOG_DEBUG):(SN_LOG_INFO)),
2464 logsctperror("Timer Expired", assoc->g_vtag, assoc->state, SN_TO_NODIR));
2465 RmSctpAssoc(la, assoc);
2466 freeGlobalAddressList(assoc);
2468 } else {/* state not expired, reschedule timer*/
2469 sctp_AddTimeOut(la, assoc);
2472 /* Goto next location in the timer queue*/
2473 ++la->sctpNatTimer.loc_time;
2474 if (++la->sctpNatTimer.cur_loc >= SN_TIMER_QUEUE_SIZE)
2475 la->sctpNatTimer.cur_loc = 0;
2479 /* ----------------------------------------------------------------------
2481 * ----------------------------------------------------------------------
2483 /** @addtogroup Logging
2485 * The logging functions provide logging of different items ranging from logging
2486 * a simple message, through logging an association details to logging the
2487 * current state of the NAT tables
2489 /** @ingroup Logging
2490 * @brief Log sctp nat errors
2492 * @param errormsg Error message to be logged
2493 * @param vtag Current Vtag
2494 * @param error Error number
2495 * @param direction Direction of packet
2498 logsctperror(char* errormsg, uint32_t vtag, int error, int direction)
2512 SctpAliasLog("->%c %s (vt=%u) %d\n", dir, errormsg, ntohl(vtag), error);
2515 /** @ingroup Logging
2516 * @brief Log what the parser parsed
2518 * @param direction Direction of packet
2519 * @param sm Pointer to sctp message information
2522 logsctpparse(int direction, struct sctp_nat_msg *sm)
2524 char *ploc, *pstate;
2527 ploc = "TO_LOCAL -";
2530 ploc = "TO_GLOBAL -";
2539 case SN_SCTP_INITACK:
2545 case SN_SCTP_SHUTACK:
2548 case SN_SCTP_SHUTCOMP:
2549 pstate = "ShutComp";
2551 case SN_SCTP_ASCONF:
2554 case SN_SCTP_ASCONFACK:
2555 pstate = "AsconfAck";
2561 pstate = "***ERROR***";
2564 SctpAliasLog("Parsed: %s %s\n", ploc, pstate);
2567 /** @ingroup Logging
2568 * @brief Log an SCTP association's details
2570 * @param assoc pointer to sctp association
2571 * @param s Character that indicates the state of processing for this packet
2573 static void logsctpassoc(struct sctp_nat_assoc *assoc, char* s)
2575 struct sctp_GlobalAddress *G_Addr = NULL;
2577 switch(assoc->state) {
2600 SctpAliasLog("%sAssoc: %s exp=%u la=%s lv=%u lp=%u gv=%u gp=%u tbl=%d\n",
2601 s, sp, assoc->exp, inet_ntoa(assoc->l_addr), ntohl(assoc->l_vtag),
2602 ntohs(assoc->l_port), ntohl(assoc->g_vtag), ntohs(assoc->g_port),
2603 assoc->TableRegister);
2604 /* list global addresses */
2605 LIST_FOREACH(G_Addr, &(assoc->Gaddr), list_Gaddr) {
2606 SctpAliasLog("\t\tga=%s\n",inet_ntoa(G_Addr->g_addr));
2610 /** @ingroup Logging
2611 * @brief Output Global table to log
2613 * @param la Pointer to the relevant libalias instance
2615 static void logSctpGlobal(struct libalias *la)
2618 struct sctp_nat_assoc *assoc = NULL;
2620 SctpAliasLog("G->\n");
2621 for (i=0; i < la->sctpNatTableSize; i++) {
2622 LIST_FOREACH(assoc, &la->sctpTableGlobal[i], list_G) {
2623 logsctpassoc(assoc, " ");
2628 /** @ingroup Logging
2629 * @brief Output Local table to log
2631 * @param la Pointer to the relevant libalias instance
2633 static void logSctpLocal(struct libalias *la)
2636 struct sctp_nat_assoc *assoc = NULL;
2638 SctpAliasLog("L->\n");
2639 for (i=0; i < la->sctpNatTableSize; i++) {
2640 LIST_FOREACH(assoc, &la->sctpTableLocal[i], list_L) {
2641 logsctpassoc(assoc, " ");
2646 /** @ingroup Logging
2647 * @brief Output timer queue to log
2649 * @param la Pointer to the relevant libalias instance
2651 static void logTimerQ(struct libalias *la)
2653 static char buf[50];
2655 struct sctp_nat_assoc *assoc = NULL;
2657 SctpAliasLog("t->\n");
2658 for (i=0; i < SN_TIMER_QUEUE_SIZE; i++) {
2659 LIST_FOREACH(assoc, &la->sctpNatTimer.TimerQ[i], timer_Q) {
2660 snprintf(buf, 50, " l=%u ",i);
2661 //SctpAliasLog(la->logDesc," l=%d ",i);
2662 logsctpassoc(assoc, buf);
2667 /** @ingroup Logging
2668 * @brief Sctp NAT logging function
2670 * This function is based on a similar function in alias_db.c
2672 * @param str/stream logging descriptor
2673 * @param format printf type string
2677 SctpAliasLog(const char *format, ...)
2679 char buffer[LIBALIAS_BUF_SIZE];
2681 va_start(ap, format);
2682 vsnprintf(buffer, LIBALIAS_BUF_SIZE, format, ap);
2684 log(LOG_SECURITY | LOG_INFO,
2685 "alias_sctp: %s", buffer);
2689 SctpAliasLog(FILE *stream, const char *format, ...)
2693 va_start(ap, format);
2694 vfprintf(stream, format, ap);
projects / FreeBSD / releng / 9.2.git / blob