?? nat_api.c
字號:
/* nat_api.c - WIND NET NAT system management interface */
/* WindNet NAT Application Programming Interface */
/* Copyright 2000-2003 Wind River Systems, Inc. */
/* @format.tab-size 4, @format.use-tabs true, @format.new-line lf */
/*
modification history
--------------------
01h,29aug03,zhu updated the format for refgen
01g,06may03,zhu fixed SPR80248: Pass through API mismatched with
natPassThruList implementation
01f,29apr03,myz fixed one compiler warning on MIPS32diab
01e,25apr03,svk Implement version number
01d,24apr03,zhu updated copyright
01c,21apr03,myz replaced swap(_long) with the ntohs(l) and htons(l) macros,
replaced RWOS list functions with ones in dllLib.c
01b,17apr03,zhu removed #if 0
01a,15apr03,zhu allow localAddress of 0 when global address is also 0 in
natTcpStaticAdd and natUdpStaticAdd
040803 vks updated Copyright info
040303 vks replaced table_free with free
120602 zhu fixed the printf error
111502 zhu fixed memory leak SPR#83726
102102 ep removing diab warnings
101902 zhu added SPR65740 patch
093002 vvv fixed typo in natShow
092402 vvv fixed build error
092402 vvv replaced rw_container lists with linked lists to improve
performance
092302 vvv fixed Diab warning
092302 vvv unconditionally include patch for SPR #65740
112601 tk Fix SPR65740: ARP problem with Basic-NAT.
100901 tk Bug fix. udpListLock semaphore didn't get released in
natUdpXlatDelete.
100501 tk Bug fix in natTcpStaticAdd and natUdpStaticAdd to prevent
addition of duplicate static entry.
100301 tk Put semaphore lock around natTcpXlatAdd, natTcpXladDelete,
natUdpXlatAdd, and natUdpXlatDelete.
091801 tk Add natGetGlobalAddr function. Comment out passthru functions.
091001 tk Change NAT version from NAT 1.1 to NAT FCS 1.1.
082301 tk Modify natTcp(and Udp)StaticAdd(and Delete) functions so
that adding or deleting an entry not only add/delete the
entry to/from the static table, but also to/from the NAT
translation list and bind list.
070201 tk Replace natXlatAdd and natXlatDelete with natIpXlatAdd and
natIpXlatDelete. Put appropriate semaphore lock around the
call to add a new entry or delete an entry in each
translation list.
052501 tk Change natShow to show "Global Addresses In Use" in Basic
NAT only the addresses above the configured starting global
address unless they are static entries. For each entry,
show it is static or dynamic.
051701 tk Rewrite natPassThruListAdd(), add functions
natPassThruListDelete() and natPassThruListShow().
051401 tk Change natTcpXlatShow to show IP translation entries and TCP
Client translation entries created based on address-based
static entries. Also, for IP translation static entries,
display time-stamp to be 0 to indicate it is not applicable.
050901 tk Add natTcpStaticAdd, natUdpStaticAdd, natTcpStaticDelete,
natUdpStaticDelete. Change natShow to check all TCP and UDP
static entries and show them if entry is not 0. Previously,
it would stop at the first encounter of entry 0.
042101 tk Fix natShow, NAT's global address mask showed global address
Fix call to new_udp_translation_entry in natUdpXlatAdd, htonl
was on remoteAddress instead of on localAddress.
*/
/*
DESCRIPTION
This library supplies functions that system managers can use to enable
or disable NAT entirely for the system as a whole or on just on a
specific port. This library also supplies functions for reviewing
translation lists and adding or deleting entries from those lists.
Other than that, the library does not supply a generic interface for
configuring NAT. That is handled in your 'natcfg.c' file.
*/
#include <stdio.h> /* printf */
#include <etherLib.h>
#include <arpLib.h>
#include <nat_api.h> /* verify prototypes */
#include "nat.h"
#ifdef NATDNSPROXY
#include "sockLib.h"
#include "unistd.h"
#endif
#ifdef NATDNSPROXY
#define NAT_DDNSPORT 53
#define NATDNSPROXY_DAEMON_PRIOR 241
#define NATDNS_DATA_BUFFER 512
#endif
LOCAL short natUnmark_in_map(NAT_CURRENCY_TRANSLATION_ENTRY *sptr_translation_entry);
#ifdef NATDNSPROXY
LOCAL STATUS natdnsproxy_terminated(void);
LOCAL STATUS natdnsproxy_end(void);
LOCAL STATUS natdnsproxyrecv(void);
LOCAL STATUS natdnsproxy(char * buffer,struct sockaddr_in *from,int len);
int natdnsproxy_sock=-1;
struct sockaddr_in dnssock;
int natdnsproxy_terminate=FALSE;
#endif
extern STATUS registerStaticEntryToTranslationList (NAT_PORT_STATIC_ENTRY *,
u_short);
extern NAT_AGENT_INFO agent_info;
extern NAT_AGENT_INFO pptp_gre_agent_info;
extern NAT_AGENT_INFO h323Alg[2];
extern NAT_AGENT_INFO isakmp_agent_info;
/******************************************************************************
*
* natShow - display current NAT status information
*
* This routine displays the current status and configuration of the NAT
* device, as well as the static bind tables and all of the translation
* lists. In NAPT mode, all the static binds that apply to NAT in NAPT mode
* are shown, including the TCP and UDP port-based static binds, as well as
* the IP address-based static binds. In Basic NAT mode, only the IP
* address-based static binds are shown.
*
* Similarly, all of the static binds, as well as the dynamic binds that
* are still active in the translation lists, are displayed. In NAPT mode,
* the translation lists displayed include TCP, UDP, IP, and ICMP translation
* lists. In Basic NAT mode, they include only the IP translation list and
* the TCP translation list of each IP bind. NAT creates and maintains a
* separate TCP translation list in each IP bind when TCP sessions are
* initiated off of the IP bind.
*
* RETURNS
*
* OK (success), or ERROR (failure).
*
*/
/**************************************add by zbb**************/
#if 0
int natLeaseScript(char * Parms_Buffer)
{
int count=0;
int loop;
NAT_PASSTHRU_PAIR *p_pair=NULL;
struct in_addr tempip;
struct in_addr tempmask;
count+=sprintf(Parms_Buffer+count,"ip nat\n");
if(!nat.single_global_address_enabled)
count+=sprintf(Parms_Buffer+count," pool %lu %lu %lu\n",nat.starting_global_address,
nat.global_address_mask,nat.natg.global_address_pool_size);
if(nat.filter_unknown_protocols)
count+=sprintf(Parms_Buffer+count," nat-filter\n");
p_pair = (NAT_PASSTHRU_PAIR *) lstFirst(&nat.passthru_list);
while (p_pair != NULL)
{
tempip.s_addr=p_pair->address;
tempmask.s_addr=p_pair->mask;
count+=sprintf(Parms_Buffer+count," pass-through %s %s\n",inet_ntoa(tempip),inet_ntoa(tempmask));
p_pair = (NAT_PASSTHRU_PAIR *)lstNext((NODE*)p_pair);
}
if(nat.tcp_closing_timer!=0xffffffff)
count+=sprintf(Parms_Buffer+count," translation finrst-timeout timeout %ld\n",nat.tcp_closing_timer);
else
count+=sprintf(Parms_Buffer+count," translation finrst-timeout never\n");
if(nat.icmp_translation_entry_timer!=0xffffffff)
count+=sprintf(Parms_Buffer+count," translation icmp-timeout timeout %ld\n",nat.icmp_translation_entry_timer);
else
count+=sprintf(Parms_Buffer+count," translation icmp-timeout never\n");
if(nat.tcp_connecting_timer!=0xffffffff)
count+=sprintf(Parms_Buffer+count," translation sync-timeout timeout %ld\n",nat.tcp_connecting_timer);
else
count+=sprintf(Parms_Buffer+count," translation sync-timeout never\n");
if(nat.tcp_disconnected_timer!=0xffffffff)
count+=sprintf(Parms_Buffer+count," translation tcp-timeout timeout %ld\n",nat.tcp_disconnected_timer);
else
count+=sprintf(Parms_Buffer+count," translation tcp-timeout never\n");
if(nat.udp_translation_entry_timer!=0xffffffff)
count+=sprintf(Parms_Buffer+count," translation udp-timeout timeout %ld\n",nat.udp_translation_entry_timer);
else
count+=sprintf(Parms_Buffer+count," translation udp-timeout never\n");
if(nat.ip_translation_entry_timer!=0xffffffff)
count+=sprintf(Parms_Buffer+count," translation ip-timeout timeout %ld\n",nat.ip_translation_entry_timer);
else
count+=sprintf(Parms_Buffer+count," translation ip-timeout never\n");
if(agent_info.id)
count+=sprintf(Parms_Buffer+count," service ftp-application\n");
if(pptp_gre_agent_info.id)
count+=sprintf(Parms_Buffer+count," service pptp-application\n");
if(h323Alg[0].id)
count+=sprintf(Parms_Buffer+count," service h323-application\n");
if(isakmp_agent_info.id)
count+=sprintf(Parms_Buffer+count," service isakmp-application\n");
if(nat.static_entries_enabled)
{
count+=sprintf(Parms_Buffer+count," outside static enable\n");
if(nat.single_global_address_enabled)
{
for(loop=0;loop<MAXIMUM_NUMBER_OF_TCP_STATIC_ENTRIES;loop++)
{
if(nat.tcp_static_entries[loop].local_address!=0)
{
tempip.s_addr=nat.tcp_static_entries[loop].local_address;
count+=sprintf(Parms_Buffer+count," outside static tcp %s %d %d\n",inet_ntoa(tempip),
nat.tcp_static_entries[loop].local_port_number,nat.tcp_static_entries[loop].global_port_number);
}
}
for(loop=0;loop<MAXIMUM_NUMBER_OF_UDP_STATIC_ENTRIES;loop++)
{
if(nat.tcp_static_entries[loop].local_address!=0)
{
tempip.s_addr=nat.tcp_static_entries[loop].local_address;
count+=sprintf(Parms_Buffer+count," outside static udp %s %d %d\n",inet_ntoa(tempip),
nat.tcp_static_entries[loop].local_port_number,nat.tcp_static_entries[loop].global_port_number);
}
}
}
else
{
for(loop=0;loop<MAXIMUM_NUMBER_OF_STATIC_ENTRIES;loop++)
{
if(nat.static_entries[loop].local_address&&nat.static_entries[loop].global_address)
{
tempip.s_addr=nat.static_entries[loop].local_address;
tempmask.s_addr=nat.static_entries[loop].global_address;
count+=sprintf(Parms_Buffer+count," inside source static entry %s %s\n",inet_ntoa(tempip),inet_ntoa(tempmask));
}
}
}
}
if(nat.enabled)
count=sprintf(Parms_Buffer+count," enabled\n");
return (count);
}
int natinterfaceScript(char *ifname,char * Parms_Buffer)
{
int count=0;
int loop;
int ifnumber=-1;
for (loop = 0; loop < sizeof(nat.port)/sizeof(nat.port[0]);loop++)
{
if(!strncmp(ifname,nat.port[loop].ifname,strlen(nat.port[loop].ifname)))
{
ifnumber=loop;
break;
}
}
if(ifnumber==-1)
return count;
if(nat.port[ifnumber].type==NAT_LOCAL_PORT)
{
count+=sprintf(Parms_Buffer+count," ip nat inside\n");
}
else
{
count+=sprintf(Parms_Buffer+count," ip nat outside\n");
}
return (count);
}
STATUS natLeaseParamsShow(void)
{
char addrBuf [INET_ADDR_LEN];
int loop;
printf(" NAT enabled %s\n",nat.enabled ?"enable":"disable");
printf(" NAT single_global_address_enabled %s\n",nat.single_global_address_enabled ? "enable":"disable");
printf(" NAT global_address_pool_size %ld\n",nat.natg.global_address_pool_size);
printf(" NAT filter_unknown_protocols %s\n",nat.filter_unknown_protocols? "enable":"disable");
inet_ntoa_b (*(struct in_addr *)&nat.nats.icmp_default_entry.local_address, addrBuf);
printf(" NAT NAT ICMP Default Address %s\n",addrBuf);
printf(" NAT ip_translation_entry_timer %ld\n",nat.ip_translation_entry_timer);
inet_ntoa_b (*(struct in_addr *)&nat.global_address, addrBuf);
printf(" NAT global_address %s\n",addrBuf);
inet_ntoa_b (*(struct in_addr *)&nat.global_address_mask, addrBuf);
printf(" NAT global address mask %s\n",addrBuf);
printf(" NAT dynamic_global_address %s\n",nat.dynamic_global_address ? "enable":"disable");
inet_ntoa_b (*(struct in_addr *)&nat.starting_global_address, addrBuf);
printf(" NAT starting_global_address %s\n",addrBuf);
for (loop = 0; loop < sizeof(nat.port)/sizeof(nat.port[0]);loop++)
{
printf(" NAT port[%d] enabled %s\n",loop,nat.port[loop].enabled ? "enable":"disable");
printf(" NAT port[%d] default_translate_enabled %s\n",loop,nat.port[loop].default_translate_enabled ? "enable":"disable");
printf(" NAT port[%d] type_string %s\n",loop,&nat.port[loop].type_string[0]);
printf(" NAT port[%d] ifname %s\n",loop,&nat.port[loop].ifname[0]);
inet_ntoa_b (*(struct in_addr *)&nat.port[loop].address, addrBuf);
printf(" NAT port[%d] address %s\n",loop,addrBuf);
inet_ntoa_b (*(struct in_addr *)&nat.port[loop].mask, addrBuf);
printf(" NAT port[%d] mask %s\n",loop,addrBuf);
}
printf(" NAT tcp_connecting_timer %ld\n",nat.tcp_connecting_timer);
printf(" NAT tcp_closing_timer %ld\n",nat.tcp_closing_timer);
printf(" NAT tcp_connected_timer %ld\n",nat.tcp_connected_timer);
printf(" NAT tcp_disconnected_timer %ld\n",nat.tcp_disconnected_timer);
printf(" NAT sequence_entry_timer %ld\n",nat.sequence_entry_timer);
printf(" NAT udp_translation_entry_timer %ld\n",nat.udp_translation_entry_timer);
printf(" NAT icmp_translation_entry_timer %ld\n",nat.icmp_translation_entry_timer);
printf(" NAT filter_non_corporate_addresses %s\n",nat.filter_non_corporate_addresses ? "enable":"disable");
printf(" NAT static_entries_enabled %s\n",nat.static_entries_enabled ? "enable":"disable");
for(loop=0;loop<MAXIMUM_NUMBER_OF_STATIC_ENTRIES;loop++)
{
inet_ntoa_b (*(struct in_addr *)&nat.static_entries[loop].local_address, addrBuf);
printf(" NAT static_entries[%d] local_address %s\n",loop,addrBuf);
inet_ntoa_b (*(struct in_addr *)&nat.static_entries[loop].global_address, addrBuf);
printf(" NAT static_entries[%d] global_address %s\n",loop,addrBuf);
}
for(loop=0;loop<MAXIMUM_NUMBER_OF_TCP_STATIC_ENTRIES;loop++)
{
printf(" NAT tcp_static_entries[%d] global_port_number %d\n",loop,nat.tcp_static_entries[loop].global_port_number);
printf(" NAT tcp_static_entries[%d] local_port_number %d\n",loop,nat.tcp_static_entries[loop].local_port_number);
inet_ntoa_b (*(struct in_addr *)&nat.tcp_static_entries[loop].local_address, addrBuf);
printf(" NAT tcp_static_entries[%d] local_address %s\n",loop,addrBuf);
}
for(loop=0;loop<MAXIMUM_NUMBER_OF_UDP_STATIC_ENTRIES;loop++)
{
printf(" NAT udp_static_entries[%d] global_port_number %d\n",loop,nat.udp_static_entries[loop].global_port_number);
printf(" NAT udp_static_entries[%d] local_port_number %d\n",loop,nat.udp_static_entries[loop].local_port_number);
inet_ntoa_b (*(struct in_addr *)&nat.udp_static_entries[loop].local_address, addrBuf);
printf(" NAT udp_static_entries[%d] local_address %s\n",loop,addrBuf);
}
printf(" NAT printing_enabled %s\n",nat.printing_enabled ? "enable":"disable");
printf(" NAT printing_debug %s\n",nat.printing_debug ? "enable":"disable");
printf(" NAT initialization_printing_enabled %s\n",nat.initialization_printing_enabled ? "enable":"disable");
printf(" NAT data_printing_enabled %s\n",nat.data_printing_enabled ? "enable":"disable");
printf(" NAT trace_printing_enabled %s\n",nat.trace_printing_enabled ? "enable":"disable");
printf(" NAT error_printing_enabled %s\n",nat.error_printing_enabled ? "enable":"disable");
printf(" NAT logging_enabled %s\n",nat.logging_enabled ? "enable":"disable");
printf(" NAT initialization_logging_enabled %s\n",nat.initialization_logging_enabled ? "enable":"disable");
printf(" NAT data_logging_enabled %s\n",nat.data_logging_enabled ? "enable":"disable");
printf(" NAT trace_logging_enabled %s\n",nat.trace_logging_enabled ? "enable":"disable");
printf(" NAT error_logging_enabled %s\n",nat.error_logging_enabled ? "enable":"disable");
return (OK);
}
STATUS Show_NAT_Statistic()
{
printf("\n");
printf("\n================================\n");
printf(" Tcp Nat Entrys :%lu\n",natStats.tcpCons);
printf(" Tcp Nat l2i Packets:%lu\n",natStats.tcp_pkts_l2i);
printf(" Tcp Nat l2i Bytes:%lu\n",natStats.tcp_bytes_l2i);
printf(" Tcp Nat i2l Packets:%lu\n",natStats.tcp_pkts_i2l);
printf(" Tcp Nat i2l Bytes:%lu\n",natStats.tcp_bytes_i2l);
printf("\n================================\n");
printf(" Udp Nat Entrys : %lu\n",natStats.udpCons);
printf(" Udp Nat l2i Packets : %lu\n",natStats.udp_pkts_l2i);
printf(" Udp Nat l2i Bytes:%lu\n",natStats.udp_bytes_l2i);
printf(" Udp Nat i2l Packets : %lu\n",natStats.udp_pkts_i2l);
printf(" Udp Nat i2l Bytes:%lu\n",natStats.udp_bytes_i2l);
printf("\n================================\n");
printf(" Icmp Nat Entrys : %lu\n",natStats.icmpCons);
printf(" Icmp Nat l2i Packets : %lu\n",natStats.icmp_pkts_l2i);
printf(" Icmp Nat l2i Bytes:%lu\n",natStats.icmp_bytes_l2i);
printf(" Icmp Nat i2l Packets : %lu\n",natStats.icmp_pkts_i2l);
printf(" Icmp Nat i2l Bytes:%lu\n",natStats.icmp_bytes_i2l);
printf("\n");
return (OK);
}
/*****************************************************************/
STATUS Show_NAT()
{
char addr[16];
int port_index;
int addr_index;
struct in_addr iaddr;
int entry_num;
printf("Mode: %-8s Enabled: %s FastNat: %s\n"
,nat.single_global_address_enabled ? "NAPT" : "Basic"
,nat.enabled ? "Yes" : "No",nat.fastnat?"enable":"disable");
printf("Static translation entries enabled: %s\n"
,nat.static_entries_enabled ? "Yes" : "No");
printf("Filter non-corporate addressed packets on global interface: %s\n"
,nat.filter_non_corporate_addresses ? "Yes" : "No");
printf("\nPort/Interface List");
printf("\n-------------------\n");
printf("# Name %-*s Type Dynamic DefXlat Enabled\n", 15, "Address");
for(port_index=0; port_index<NUMBER_OF_IP_PORTS; port_index++)
{
iaddr.s_addr = htonl (nat.port[port_index].address);
inet_ntoa_b(iaddr, addr);
printf("%-3d %-6s %-*s %-6s %-7s %-7s %s\n"
,port_index
,nat.port[port_index].ifname
,15,addr
,nat.port[port_index].type_string
,nat.port[port_index].ifunit == NULL ? "Yes" : "No"
,nat.port[port_index].default_translate_enabled ? "Yes" : "No"
,nat.port[port_index].enabled ? "Yes" : "No"
);
?? 快捷鍵說明
復(fù)制代碼
Ctrl + C
搜索代碼
Ctrl + F
全屏模式
F11
切換主題
Ctrl + Shift + D
顯示快捷鍵
?
增大字號
Ctrl + =
減小字號
Ctrl + -