archive
/
windows-xp
mirror of https://github.com/tongzx/nt5src
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
6 Commits
1 Branch
0 Tags
2.0 GiB
Tree: daad8a087a
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'daad8a087a'
${ noResults }
windows-xp/Source/XPSP1/NT/net/rras/ip/nat/raw.c

528 lines
12 KiB
Raw Normal View History

Add source files
4 years ago
  1. /*++
  3. Copyright (c) 1997 Microsoft Corporation
  5. Module Name:
  7. raw.c
  9. Abstract:
  11. This module contains the code for manipulating IP mappings.
  12. When the NAT decides to translate an IP packet for an unrecognized protocol
  13. it creates a mapping and places it on the interface's IP-mapping list,
  14. so that if a reply to the packet arrives, it can be directed to the
  15. appropriate client.
  17. Author:
  19. Abolade Gbadegesin (aboladeg) 18-Apr-1998
  21. Revision History:
  23. Abolade Gbadegesin (aboladeg) 18-Apr-1998
  25. Based on icmp.c.
  27. --*/
  29. #include "precomp.h"
  30. #pragma hdrstop
  32. //
  33. // GLOBAL DATA DECLARATIONS
  34. //
  36. NPAGED_LOOKASIDE_LIST IpLookasideList;
  37. LIST_ENTRY IpMappingList[NatMaximumDirection];
  38. KSPIN_LOCK IpMappingLock;
  41. NTSTATUS
  42. NatCreateIpMapping(
  43. PNAT_INTERFACE Interfacep,
  44. ULONG RemoteAddress,
  45. ULONG PrivateAddress,
  46. ULONG PublicAddress,
  47. UCHAR Protocol,
  48. PLIST_ENTRY InboundInsertionPoint,
  49. PLIST_ENTRY OutboundInsertionPoint,
  50. PNAT_IP_MAPPING* MappingCreated
  51. )
  53. /*++
  55. Routine Description:
  57. Called to create, initialize, and insert an IP mapping in an interface's
  58. list of IP mappings.
  60. Arguments:
  62. Interfacep - the interface for the new mapping
  64. RemoteAddress - the address of the remote endpoint
  66. PrivateAddress - the address of the machine on the private network
  68. PublicAddress - the publicly-visible address to replace 'PrivateAddress';
  69. in case this is 0, an address is chosen in this routine.
  71. Protocol - the protocol field of the IP header
  73. InboundInsertionPoint - the entry preceding the new mapping in the list
  74. sorted for inbound searching
  76. OutboundInsertionPoint - the entry preceding the new mapping in the list
  77. sorted for outbound searching
  79. MappingCreated - receives the mapping created
  81. Return Value:
  83. NTSTATUS - indicates success/failure
  85. Environment:
  87. Invoked with 'IpMappingLock' held by the caller.
  89. --*/
  91. {
  92. PLIST_ENTRY Link;
  93. PNAT_IP_MAPPING Mapping;
  94. NTSTATUS status;
  95. PNAT_IP_MAPPING Temp;
  96. PNAT_USED_ADDRESS UsedAddress;
  99. CALLTRACE(("NatCreateIpMapping\n"));
  101. //
  102. // Allocate a new mapping
  103. //
  105. Mapping = ALLOCATE_IP_BLOCK();
  106. if (!Mapping) {
  107. ERROR(("NatCreateIpMapping: allocation failed\n"));
  108. return STATUS_NO_MEMORY;
  109. }
  111. //
  112. // Initialize the mapping
  113. //
  115. Mapping->PrivateKey = MAKE_IP_KEY(RemoteAddress, PrivateAddress);
  116. Mapping->Protocol = Protocol;
  118. //
  119. // See if the public address is specified, and if not, acquire an address
  120. //
  122. if (!PublicAddress) {
  124. //
  125. // Acquire an address mapping for the IP mapping;
  126. //
  128. KeAcquireSpinLockAtDpcLevel(&Interfacep->Lock);
  129. status =
  130. NatAcquireFromAddressPool(
  131. Interfacep,
  132. PrivateAddress,
  133. 0,
  134. &UsedAddress
  135. );
  137. if (!NT_SUCCESS(status)) {
  138. KeReleaseSpinLockFromDpcLevel(&Interfacep->Lock);
  139. TRACE(IP, ("NatCreateIpMapping: no address available\n"));
  140. FREE_IP_BLOCK(Mapping);
  141. return STATUS_UNSUCCESSFUL;
  142. }
  144. PublicAddress = UsedAddress->PublicAddress;
  145. NatDereferenceAddressPoolEntry(Interfacep, UsedAddress);
  146. KeReleaseSpinLockFromDpcLevel(&Interfacep->Lock);
  147. }
  149. Mapping->PublicKey = MAKE_IP_KEY(RemoteAddress, PublicAddress);
  151. TRACE(
  152. MAPPING,
  153. ("NatCreateIpMapping: Ip=%d:%016I64X:%016I64X\n",
  154. Mapping->Protocol, Mapping->PrivateKey, Mapping->PublicKey
  155. ));
  157. //
  158. // Insert the mapping in the inbound list
  159. //
  161. if (!InboundInsertionPoint) {
  162. Temp =
  163. NatLookupInboundIpMapping(
  164. Mapping->PrivateKey,
  165. Protocol,
  166. &InboundInsertionPoint
  167. );
  168. if (Temp) {
  169. TRACE(IP, ("NatCreateIpMapping: duplicated inbound mapping\n"));
  170. return STATUS_UNSUCCESSFUL;
  171. }
  172. }
  174. //
  175. // Insert the mapping in the outbound list
  176. //
  178. if (!OutboundInsertionPoint) {
  179. Temp =
  180. NatLookupOutboundIpMapping(
  181. Mapping->PublicKey,
  182. Protocol,
  183. &OutboundInsertionPoint
  184. );
  185. if (Temp) {
  186. TRACE(IP, ("NatCreateIpMapping: duplicated outbound mapping\n"));
  187. return STATUS_UNSUCCESSFUL;
  188. }
  189. }
  191. InsertTailList(InboundInsertionPoint, &Mapping->Link[NatInboundDirection]);
  192. InsertTailList(OutboundInsertionPoint, &Mapping->Link[NatOutboundDirection]);
  194. *MappingCreated = Mapping;
  195. return STATUS_SUCCESS;
  197. } // NatCreateIpMapping
  200. VOID
  201. NatInitializeRawIpManagement(
  202. VOID
  203. )
  205. /*++
  207. Routine Description:
  209. This routine is called to initialize the raw IP-layer translation module.
  211. Arguments:
  213. none.
  215. Return Value:
  217. none.
  219. --*/
  221. {
  222. KeInitializeSpinLock(&IpMappingLock);
  223. InitializeListHead(&IpMappingList[NatInboundDirection]);
  224. InitializeListHead(&IpMappingList[NatOutboundDirection]);
  225. ExInitializeNPagedLookasideList(
  226. &IpLookasideList,
  227. NatAllocateFunction,
  228. NULL,
  229. 0,
  230. sizeof(NAT_IP_MAPPING),
  231. NAT_TAG_IP,
  232. IP_LOOKASIDE_DEPTH
  233. );
  234. } // NatInitializeRawIpManagement
  237. PNAT_IP_MAPPING
  238. NatLookupInboundIpMapping(
  239. ULONG64 PublicKey,
  240. UCHAR Protocol,
  241. PLIST_ENTRY* InsertionPoint
  242. )
  244. /*++
  246. Routine Description:
  248. This routine is called to find an IP mapping using the remote-address
  249. and the publicly-visible address, which correspond to the 'PublicKey',
  250. and the 'Protocol' field.
  252. Arguments:
  254. PublicKey - the remote-address/public-address combination
  256. Protocol - the IP protocol of the mapping to be found
  258. InsertionPoint - receives the insertion-point if the mapping is not found.
  260. Return Value:
  262. PNAT_IP_MAPPING - the mapping found, or NULL if not found.
  264. --*/
  266. {
  267. PLIST_ENTRY Link;
  268. PNAT_IP_MAPPING Mapping;
  270. CALLTRACE(("NatLookupInboundIpMapping\n"));
  272. if (InsertionPoint) { *InsertionPoint = NULL; }
  274. for (Link = IpMappingList[NatInboundDirection].Flink;
  275. Link != &IpMappingList[NatInboundDirection]; Link = Link->Flink) {
  277. Mapping =
  278. CONTAINING_RECORD(
  279. Link, NAT_IP_MAPPING, Link[NatInboundDirection]
  280. );
  282. if (PublicKey > Mapping->PublicKey) {
  283. continue;
  284. } else if (PublicKey < Mapping->PublicKey) {
  285. break;
  286. }
  288. //
  289. // Primary keys equal; check secondary keys.
  290. //
  292. if (Protocol > Mapping->Protocol) {
  293. continue;
  294. } else if (Protocol < Mapping->Protocol) {
  295. break;
  296. }
  298. //
  299. // Secondary keys equal, too. This is the requested item.
  300. //
  302. return Mapping;
  303. }
  305. if (InsertionPoint) { *InsertionPoint = Link; }
  306. return NULL;
  308. } // NatLookupInboundIpMapping
  311. PNAT_IP_MAPPING
  312. NatLookupOutboundIpMapping(
  313. ULONG64 PrivateKey,
  314. UCHAR Protocol,
  315. PLIST_ENTRY* InsertionPoint
  316. )
  318. /*++
  320. Routine Description:
  322. This routine is called to find an IP mapping using the remote-address
  323. and the private address, which correspond to the 'PrivateKey'.
  325. Arguments:
  327. PrivateKey - the remote-address/private-address combination
  329. Protocol - the IP protocol of the mapping to be found
  331. InsertionPoint - receives insertion-point if mapping not found.
  333. Return Value:
  335. PNAT_IP_MAPPING - the mapping found, or NULL if not found.
  337. --*/
  339. {
  340. PLIST_ENTRY Link;
  341. PNAT_IP_MAPPING Mapping;
  343. CALLTRACE(("NatLookupOutboundIpMapping\n"));
  345. if (InsertionPoint) { *InsertionPoint = NULL; }
  347. for (Link = IpMappingList[NatOutboundDirection].Flink;
  348. Link != &IpMappingList[NatOutboundDirection]; Link = Link->Flink) {
  350. Mapping =
  351. CONTAINING_RECORD(
  352. Link, NAT_IP_MAPPING, Link[NatOutboundDirection]
  353. );
  355. if (PrivateKey > Mapping->PrivateKey) {
  356. continue;
  357. } else if (PrivateKey < Mapping->PrivateKey) {
  358. break;
  359. }
  361. //
  362. // Primary keys equal; check secondary keys.
  363. //
  365. if (Protocol > Mapping->Protocol) {
  366. continue;
  367. } else if (Protocol < Mapping->Protocol) {
  368. break;
  369. }
  371. //
  372. // Keys are equal, so we've found it.
  373. //
  375. return Mapping;
  376. }
  378. if (InsertionPoint) { *InsertionPoint = Link; }
  379. return NULL;
  381. } // NatLookupOutboundIpMapping
  384. VOID
  385. NatShutdownRawIpManagement(
  386. VOID
  387. )
  389. /*++
  391. Routine Description:
  393. This routine is called to clean up the raw IP-layer translation module.
  395. Arguments:
  397. none.
  399. Return Value:
  401. none.
  403. --*/
  405. {
  406. ExDeleteNPagedLookasideList(&IpLookasideList);
  407. } // NatShutdownRawIpManagement
  410. FORWARD_ACTION
  411. NatTranslateIp(
  412. PNAT_INTERFACE Interfacep,
  413. IP_NAT_DIRECTION Direction,
  414. PNAT_XLATE_CONTEXT Contextp,
  415. IPRcvBuf** InReceiveBuffer,
  416. IPRcvBuf** OutReceiveBuffer
  417. )
  419. /*++
  421. Routine Description:
  423. This routine is called to translate a IP data packet.
  425. Arguments:
  427. Interfacep - the boundary interface over which to translate.
  429. Direction - the direction in which the packet is traveling
  431. Contextp - initialized with context-information for the packet
  433. InReceiveBuffer - input buffer-chain
  435. OutReceiveBuffer - receives modified buffer-chain.
  437. Return Value:
  439. FORWARD_ACTION - indicates action to take on the packet.
  441. Environment:
  443. Invoked with a reference made to 'Interfacep' by the caller.
  445. --*/
  447. {
  448. ULONG Checksum;
  449. ULONG ChecksumDelta = 0;
  450. PIP_HEADER IpHeader;
  451. PNAT_IP_MAPPING Mapping;
  452. ULONG64 PrivateKey;
  453. ULONG64 PublicKey;
  454. BOOLEAN FirewallMode;
  456. TRACE(XLATE, ("NatTranslateIp\n"));
  458. FirewallMode = Interfacep && NAT_INTERFACE_FW(Interfacep);
  460. IpHeader = Contextp->Header;
  462. if (Direction == NatInboundDirection) {
  464. //
  465. // Look for the IP mapping for the data packet
  466. //
  468. PublicKey =
  469. MAKE_IP_KEY(
  470. Contextp->SourceAddress,
  471. Contextp->DestinationAddress
  472. );
  473. KeAcquireSpinLockAtDpcLevel(&IpMappingLock);
  474. Mapping =
  475. NatLookupInboundIpMapping(
  476. PublicKey,
  477. IpHeader->Protocol,
  478. NULL
  479. );
  480. if (!Mapping) {
  481. KeReleaseSpinLockFromDpcLevel(&IpMappingLock);
  482. return
  483. ((*Contextp->DestinationType < DEST_REMOTE) && !FirewallMode
  484. ? FORWARD : DROP);
  485. }
  487. CHECKSUM_LONG(ChecksumDelta, ~IpHeader->DestinationAddress);
  488. IpHeader->DestinationAddress = IP_KEY_PRIVATE(Mapping->PrivateKey);
  489. CHECKSUM_LONG(ChecksumDelta, IpHeader->DestinationAddress);
  491. CHECKSUM_UPDATE(IpHeader->Checksum);
  492. } else {
  494. //
  495. // Look for the IP mapping for the data packet
  496. //
  498. PrivateKey =
  499. MAKE_IP_KEY(
  500. Contextp->DestinationAddress,
  501. Contextp->SourceAddress
  502. );
  503. KeAcquireSpinLockAtDpcLevel(&IpMappingLock);
  504. Mapping =
  505. NatLookupOutboundIpMapping(
  506. PrivateKey,
  507. IpHeader->Protocol,
  508. NULL
  509. );
  510. if (!Mapping) {
  511. KeReleaseSpinLockFromDpcLevel(&IpMappingLock);
  512. return DROP;
  513. }
  515. CHECKSUM_LONG(ChecksumDelta, ~IpHeader->SourceAddress);
  516. IpHeader->SourceAddress = IP_KEY_PUBLIC(Mapping->PublicKey);
  517. CHECKSUM_LONG(ChecksumDelta, IpHeader->SourceAddress);
  519. CHECKSUM_UPDATE(IpHeader->Checksum);
  520. }
  522. KeQueryTickCount((PLARGE_INTEGER)&Mapping->LastAccessTime);
  523. KeReleaseSpinLockFromDpcLevel(&IpMappingLock);
  524. *OutReceiveBuffer = *InReceiveBuffer; *InReceiveBuffer = NULL;
  525. *Contextp->DestinationType = DEST_INVALID;
  526. return FORWARD;
  528. } // NatTranslateIp