1 /* 2 * Copyright (c) 2014 The DragonFly Project. All rights reserved. 3 * 4 * This code is derived from software contributed to The DragonFly Project 5 * by Bill Yuan <bycn82@gmail.com> 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 11 * 1. Redistributions of source code must retain the above copyright 12 * notice, this list of conditions and the following disclaimer. 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in 15 * the documentation and/or other materials provided with the 16 * distribution. 17 * 3. Neither the name of The DragonFly Project nor the names of its 18 * contributors may be used to endorse or promote products derived 19 * from this software without specific, prior written permission. 20 * 21 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 22 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 23 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 24 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE 25 * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, 26 * INCIDENTAL, SPECIAL, EXEMPLARY OR CONSEQUENTIAL DAMAGES (INCLUDING, 27 * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 28 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED 29 * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 30 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT 31 * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 32 * SUCH DAMAGE. 33 */ 34 35 #include <sys/param.h> 36 #include <sys/kernel.h> 37 #include <sys/malloc.h> 38 #include <sys/mbuf.h> 39 #include <sys/socketvar.h> 40 #include <sys/sysctl.h> 41 #include <sys/systimer.h> 42 #include <sys/thread2.h> 43 #include <sys/in_cksum.h> 44 #include <sys/systm.h> 45 #include <sys/proc.h> 46 #include <sys/socket.h> 47 #include <sys/syslog.h> 48 #include <sys/ucred.h> 49 #include <sys/lock.h> 50 #include <sys/mplock2.h> 51 52 #include <net/ethernet.h> 53 #include <net/netmsg2.h> 54 #include <net/netisr2.h> 55 #include <net/route.h> 56 #include <net/if.h> 57 58 #include <netinet/in.h> 59 #include <netinet/ip.h> 60 #include <netinet/ip_icmp.h> 61 #include <netinet/tcp.h> 62 #include <netinet/tcp_timer.h> 63 #include <netinet/tcp_var.h> 64 #include <netinet/tcpip.h> 65 #include <netinet/udp.h> 66 #include <netinet/udp_var.h> 67 #include <netinet/in_systm.h> 68 #include <netinet/in_var.h> 69 #include <netinet/in_pcb.h> 70 #include <netinet/ip_var.h> 71 #include <netinet/ip_divert.h> 72 73 #include <net/libalias/alias.h> 74 #include <net/libalias/alias_local.h> 75 76 #include <net/ipfw3/ip_fw.h> 77 78 #include "ip_fw3_nat.h" 79 80 81 static struct lock nat_lock; 82 83 extern struct ipfw_nat_context *ipfw_nat_ctx; 84 extern ipfw_nat_cfg_t *ipfw_nat_cfg_ptr; 85 extern ipfw_nat_cfg_t *ipfw_nat_del_ptr; 86 extern ipfw_nat_cfg_t *ipfw_nat_flush_ptr; 87 extern ipfw_nat_cfg_t *ipfw_nat_get_cfg_ptr; 88 extern ipfw_nat_cfg_t *ipfw_nat_get_log_ptr; 89 90 typedef int ipfw_nat_t(struct ip_fw_args *, struct cfg_nat *, struct mbuf *); 91 92 int ipfw_nat(struct ip_fw_args *args, struct cfg_nat *t, struct mbuf *m); 93 int ipfw_nat_cfg(struct sockopt *sopt); 94 int ipfw_nat_del(struct sockopt *sopt); 95 int ipfw_nat_flush(struct sockopt *sopt); 96 void check_nat(int *cmd_ctl, int *cmd_val, struct ip_fw_args **args, 97 struct ip_fw **f, ipfw_insn *cmd, uint16_t ip_len); 98 99 100 void 101 check_nat(int *cmd_ctl, int *cmd_val, struct ip_fw_args **args, 102 struct ip_fw **f, ipfw_insn *cmd, uint16_t ip_len) 103 { 104 if ((*args)->eh != NULL) { 105 *cmd_ctl = IP_FW_CTL_NO; 106 *cmd_val = IP_FW_NOT_MATCH; 107 return; 108 } 109 struct cfg_nat *t; 110 int nat_id; 111 (*args)->rule = *f; 112 lockmgr(&nat_lock, LK_SHARED); 113 t = ((ipfw_insn_nat *)cmd)->nat; 114 if (t == NULL) { 115 nat_id = cmd->arg1; 116 LOOKUP_NAT((*ipfw_nat_ctx), nat_id, t); 117 if (t == NULL) { 118 lockmgr(&nat_lock, LK_RELEASE); 119 *cmd_val = IP_FW_DENY; 120 *cmd_ctl = IP_FW_CTL_DONE; 121 return; 122 } 123 ((ipfw_insn_nat *)cmd)->nat = t; 124 } 125 *cmd_val = ipfw_nat(*args, t, (*args)->m); 126 lockmgr(&nat_lock, LK_RELEASE); 127 *cmd_ctl = IP_FW_CTL_NAT; 128 } 129 130 static void 131 del_redir_spool_cfg(struct cfg_nat *n, struct redir_chain *head) 132 { 133 struct cfg_redir *r, *tmp_r; 134 struct cfg_spool *s, *tmp_s; 135 int i, num; 136 137 LIST_FOREACH_MUTABLE(r, head, _next, tmp_r) { 138 num = 1; /* Number of alias_link to delete. */ 139 switch (r->mode) { 140 case REDIR_PORT: 141 num = r->pport_cnt; 142 /* FALLTHROUGH */ 143 case REDIR_ADDR: 144 case REDIR_PROTO: 145 /* Delete all libalias redirect entry. */ 146 for (i = 0; i < num; i++) 147 LibAliasRedirectDelete(n->lib, 148 r->alink[i]); 149 150 /* Del spool cfg if any. */ 151 LIST_FOREACH_MUTABLE(s, &r->spool_chain, 152 _next, tmp_s) { 153 LIST_REMOVE(s, _next); 154 kfree(s, M_IPFW_NAT); 155 } 156 kfree(r->alink, M_IPFW_NAT); 157 LIST_REMOVE(r, _next); 158 kfree(r, M_IPFW_NAT); 159 break; 160 default: 161 kprintf("unknown redirect mode: %u\n", r->mode); 162 /* XXX - panic?!?!? */ 163 break; 164 } 165 } 166 } 167 168 static int 169 add_redir_spool_cfg(char *buf, struct cfg_nat *ptr) 170 { 171 struct cfg_redir *r, *ser_r; 172 struct cfg_spool *s, *ser_s; 173 int cnt, off, i; 174 char *panic_err; 175 176 for (cnt = 0, off = 0; cnt < ptr->redir_cnt; cnt++) { 177 ser_r = (struct cfg_redir *)&buf[off]; 178 r = kmalloc(SOF_REDIR, M_IPFW_NAT, M_WAITOK | M_ZERO); 179 memcpy(r, ser_r, SOF_REDIR); 180 LIST_INIT(&r->spool_chain); 181 off += SOF_REDIR; 182 r->alink = kmalloc(sizeof(struct alias_link *) * r->pport_cnt, 183 M_IPFW_NAT, M_WAITOK | M_ZERO); 184 switch (r->mode) { 185 case REDIR_ADDR: 186 r->alink[0] = LibAliasRedirectAddr(ptr->lib, 187 r->laddr, r->paddr); 188 break; 189 case REDIR_PORT: 190 for (i = 0 ; i < r->pport_cnt; i++) { 191 /* 192 * If remotePort is all ports 193 * set it to 0. 194 */ 195 u_short remotePortCopy = r->rport + i; 196 if (r->rport_cnt == 1 && r->rport == 0) 197 remotePortCopy = 0; 198 r->alink[i] = 199 200 LibAliasRedirectPort(ptr->lib, 201 r->laddr,htons(r->lport + i), 202 r->raddr,htons(remotePortCopy), 203 r->paddr,htons(r->pport + i), 204 r->proto); 205 206 if (r->alink[i] == NULL) { 207 r->alink[0] = NULL; 208 break; 209 } 210 } 211 break; 212 case REDIR_PROTO: 213 r->alink[0] = LibAliasRedirectProto(ptr->lib, 214 r->laddr, r->raddr, r->paddr, r->proto); 215 break; 216 default: 217 kprintf("unknown redirect mode: %u\n", r->mode); 218 break; 219 } 220 if (r->alink[0] == NULL) { 221 panic_err = "LibAliasRedirect* returned NULL"; 222 goto bad; 223 } else /* LSNAT handling. */ 224 for (i = 0; i < r->spool_cnt; i++) { 225 ser_s = (struct cfg_spool *)&buf[off]; 226 s = kmalloc(SOF_REDIR, M_IPFW_NAT, 227 M_WAITOK | M_ZERO); 228 memcpy(s, ser_s, SOF_SPOOL); 229 LibAliasAddServer(ptr->lib, r->alink[0], 230 s->addr, htons(s->port)); 231 off += SOF_SPOOL; 232 /* Hook spool entry. */ 233 HOOK_SPOOL(&r->spool_chain, s); 234 } 235 /* And finally hook this redir entry. */ 236 HOOK_REDIR(&ptr->redir_chain, r); 237 } 238 return 1; 239 bad: 240 /* something really bad happened: panic! */ 241 panic("%s\n", panic_err); 242 } 243 244 static int 245 ipfw_nat_get_cfg(struct sockopt *sopt) 246 { 247 uint8_t *data; 248 struct cfg_nat *n; 249 struct cfg_redir *r; 250 struct cfg_spool *s; 251 int nat_cnt, off, nat_cfg_size; 252 size_t size; 253 254 nat_cnt = 0; 255 nat_cfg_size = 0; 256 off = sizeof(nat_cnt); 257 258 size = sopt->sopt_valsize; 259 260 data = sopt->sopt_val; 261 lockmgr(&nat_lock, LK_SHARED); 262 /* count the size of nat cfg */ 263 LIST_FOREACH(n, &((*ipfw_nat_ctx).nat), _next) { 264 nat_cfg_size += SOF_NAT; 265 } 266 267 LIST_FOREACH(n, &((*ipfw_nat_ctx).nat), _next) { 268 nat_cnt++; 269 if (off + SOF_NAT < size) { 270 bcopy(n, &data[off], SOF_NAT); 271 off += SOF_NAT; 272 LIST_FOREACH(r, &n->redir_chain, _next) { 273 if (off + SOF_REDIR < size) { 274 bcopy(r, &data[off], SOF_REDIR); 275 off += SOF_REDIR; 276 LIST_FOREACH(s, &r->spool_chain, 277 _next) { 278 if (off + SOF_SPOOL < size) { 279 bcopy(s, &data[off], 280 SOF_SPOOL); 281 off += SOF_SPOOL; 282 } else 283 goto nospace; 284 } 285 } else 286 goto nospace; 287 } 288 } else 289 goto nospace; 290 } 291 bcopy(&nat_cnt, data, sizeof(nat_cnt)); 292 sopt->sopt_valsize = nat_cfg_size; 293 lockmgr(&nat_lock, LK_RELEASE); 294 return 0; 295 nospace: 296 lockmgr(&nat_lock, LK_RELEASE); 297 bzero(sopt->sopt_val, sopt->sopt_valsize); 298 sopt->sopt_valsize = nat_cfg_size; 299 return 0; 300 } 301 302 static int 303 ipfw_nat_get_log(struct sockopt *sopt) 304 { 305 struct cfg_nat *ptr; 306 int cnt, data_size, i, size, sof; 307 uint8_t *data; 308 309 data = NULL; 310 sof = LIBALIAS_BUF_SIZE; 311 cnt = 0; 312 313 size = i = 0; 314 data_size = 1024; 315 316 data = krealloc(data, data_size, M_IPFW_NAT, M_WAITOK); 317 318 lockmgr(&nat_lock, LK_SHARED); 319 LIST_FOREACH(ptr, &((*ipfw_nat_ctx).nat), _next) { 320 if (ptr->lib->logDesc == NULL) 321 continue; 322 cnt++; 323 size = cnt * (sof + sizeof(int)); 324 if (size > data_size) { 325 data_size = data_size * 2 + 256; 326 data = krealloc(data, data_size, M_IPFW_NAT, M_WAITOK); 327 } 328 329 bcopy(&ptr->id, &data[i], sizeof(int)); 330 i += sizeof(int); 331 bcopy(ptr->lib->logDesc, &data[i], sof); 332 i += sof; 333 } 334 lockmgr(&nat_lock, LK_RELEASE); 335 sooptcopyout(sopt, data, size); 336 kfree(data, M_IPFW_NAT); 337 return 0; 338 } 339 340 int 341 ipfw_nat(struct ip_fw_args *args, struct cfg_nat *t, struct mbuf *m) 342 { 343 struct mbuf *mcl; 344 struct ip *ip; 345 int ldt, retval; 346 char *c; 347 ldt = 0; 348 retval = 0; 349 if ((mcl = m_megapullup(m, m->m_pkthdr.len)) ==NULL) 350 goto badnat; 351 ip = mtod(mcl, struct ip *); 352 if (args->eh == NULL) { 353 ip->ip_len = htons(ip->ip_len); 354 ip->ip_off = htons(ip->ip_off); 355 } 356 357 if (mcl->m_pkthdr.rcvif == NULL && 358 mcl->m_pkthdr.csum_flags & 359 CSUM_DELAY_DATA) 360 ldt = 1; 361 362 c = mtod(mcl, char *); 363 if (args->oif == NULL) 364 retval = LibAliasIn(t->lib, c, 365 mcl->m_len + M_TRAILINGSPACE(mcl)); 366 else 367 retval = LibAliasOut(t->lib, c, 368 mcl->m_len + M_TRAILINGSPACE(mcl)); 369 if (retval != PKT_ALIAS_OK && 370 retval != PKT_ALIAS_FOUND_HEADER_FRAGMENT) { 371 /* XXX - should i add some logging? */ 372 m_free(mcl); 373 badnat: 374 args->m = NULL; 375 return IP_FW_DENY; 376 } 377 mcl->m_pkthdr.len = mcl->m_len = ntohs(ip->ip_len); 378 379 if ((ip->ip_off & htons(IP_OFFMASK)) == 0 && 380 ip->ip_p == IPPROTO_TCP) { 381 struct tcphdr *th; 382 383 th = (struct tcphdr *)(ip + 1); 384 if (th->th_x2){ 385 ldt = 1; 386 } 387 } 388 389 if (ldt) { 390 struct tcphdr *th; 391 struct udphdr *uh; 392 u_short cksum; 393 394 ip->ip_len = ntohs(ip->ip_len); 395 cksum = in_pseudo( 396 ip->ip_src.s_addr, 397 ip->ip_dst.s_addr, 398 htons(ip->ip_p + ip->ip_len - (ip->ip_hl << 2)) 399 ); 400 401 switch (ip->ip_p) { 402 case IPPROTO_TCP: 403 th = (struct tcphdr *)(ip + 1); 404 th->th_x2 = 0; 405 th->th_sum = cksum; 406 mcl->m_pkthdr.csum_data = 407 offsetof(struct tcphdr, th_sum); 408 break; 409 case IPPROTO_UDP: 410 uh = (struct udphdr *)(ip + 1); 411 uh->uh_sum = cksum; 412 mcl->m_pkthdr.csum_data = 413 offsetof(struct udphdr, uh_sum); 414 break; 415 } 416 /* 417 * No hw checksum offloading: do it 418 * by ourself. 419 */ 420 if ((mcl->m_pkthdr.csum_flags & 421 CSUM_DELAY_DATA) == 0) { 422 in_delayed_cksum(mcl); 423 mcl->m_pkthdr.csum_flags &= 424 ~CSUM_DELAY_DATA; 425 } 426 ip->ip_len = htons(ip->ip_len); 427 } 428 429 if (args->eh == NULL) { 430 ip->ip_len = ntohs(ip->ip_len); 431 ip->ip_off = ntohs(ip->ip_off); 432 } 433 434 args->m = mcl; 435 return IP_FW_NAT; 436 } 437 438 int ipfw_nat_cfg(struct sockopt *sopt) 439 { 440 struct cfg_nat *ptr, *ser_n; 441 char *buf; 442 443 buf = kmalloc(sopt->sopt_valsize, M_IPFW_NAT, M_WAITOK | M_ZERO); 444 sooptcopyin(sopt, buf, sopt->sopt_valsize, sizeof(struct cfg_nat)); 445 ser_n = (struct cfg_nat *)(sopt->sopt_val); 446 447 /* 448 * Find/create nat rule. 449 */ 450 lockmgr(&nat_lock, LK_EXCLUSIVE); 451 LOOKUP_NAT((*ipfw_nat_ctx), ser_n->id, ptr); 452 453 if (ptr == NULL) { 454 /* New rule: allocate and init new instance. */ 455 ptr = kmalloc(sizeof(struct cfg_nat), M_IPFW_NAT, 456 M_WAITOK | M_ZERO); 457 458 ptr->lib = LibAliasInit(NULL); 459 if (ptr->lib == NULL) { 460 kfree(ptr, M_IPFW_NAT); 461 kfree(buf, M_IPFW_NAT); 462 lockmgr(&nat_lock, LK_RELEASE); 463 return EINVAL; 464 } 465 466 LIST_INIT(&ptr->redir_chain); 467 } else { 468 /* XXX TODO Entry already exists */ 469 goto done; 470 } 471 472 /* 473 * Basic nat configuration. 474 */ 475 ptr->id = ser_n->id; 476 /* 477 * XXX - what if this rule doesn't nat any ip and just 478 * redirect? 479 * do we set aliasaddress to 0.0.0.0? 480 */ 481 ptr->ip = ser_n->ip; 482 ptr->redir_cnt = ser_n->redir_cnt; 483 ptr->mode = ser_n->mode; 484 485 LibAliasSetMode(ptr->lib, ser_n->mode, ser_n->mode); 486 LibAliasSetAddress(ptr->lib, ptr->ip); 487 memcpy(ptr->if_name, ser_n->if_name, IF_NAMESIZE); 488 489 /* Add new entries. */ 490 add_redir_spool_cfg(&buf[(sizeof(struct cfg_nat))], ptr); 491 HOOK_NAT(&(ipfw_nat_ctx->nat), ptr); 492 done: 493 lockmgr(&nat_lock, LK_RELEASE); 494 kfree(buf, M_IPFW_NAT); 495 return 0; 496 } 497 498 int 499 ipfw_nat_del(struct sockopt *sopt) 500 { 501 struct cfg_nat *n; 502 int *i; 503 504 i = sopt->sopt_val; 505 lockmgr(&nat_lock, LK_EXCLUSIVE); 506 LOOKUP_NAT((*ipfw_nat_ctx), *i, n); 507 if (n == NULL) { 508 lockmgr(&nat_lock, LK_RELEASE); 509 return EINVAL; 510 } 511 UNHOOK_NAT(n); 512 del_redir_spool_cfg(n, &n->redir_chain); 513 LibAliasUninit(n->lib); 514 kfree(n, M_IPFW_NAT); 515 lockmgr(&nat_lock, LK_RELEASE); 516 return 0; 517 } 518 519 int 520 ipfw_nat_flush(struct sockopt *sopt) 521 { 522 struct cfg_nat *ptr, *ptr_temp; 523 524 lockmgr(&nat_lock, LK_EXCLUSIVE); 525 LIST_FOREACH_MUTABLE(ptr, &(ipfw_nat_ctx->nat), _next, ptr_temp) { 526 LIST_REMOVE(ptr, _next); 527 del_redir_spool_cfg(ptr, &ptr->redir_chain); 528 LibAliasUninit(ptr->lib); 529 kfree(ptr, M_IPFW_NAT); 530 } 531 lockmgr(&nat_lock, LK_RELEASE); 532 return 0; 533 } 534 535 static 536 int ipfw_nat_init(void) 537 { 538 lockinit(&nat_lock, "ipfw3 nat lock", 0, 0); 539 register_ipfw_module(MODULE_NAT_ID, MODULE_NAT_NAME); 540 register_ipfw_filter_funcs(MODULE_NAT_ID, O_NAT_NAT, 541 (filter_func)check_nat); 542 ipfw_nat_cfg_ptr = ipfw_nat_cfg; 543 ipfw_nat_del_ptr = ipfw_nat_del; 544 ipfw_nat_flush_ptr = ipfw_nat_flush; 545 ipfw_nat_get_cfg_ptr = ipfw_nat_get_cfg; 546 ipfw_nat_get_log_ptr = ipfw_nat_get_log; 547 return 0; 548 } 549 550 static int 551 ipfw_nat_stop(void) 552 { 553 struct cfg_nat *ptr, *ptr_temp; 554 lockuninit(&nat_lock); 555 LIST_FOREACH_MUTABLE(ptr, &(ipfw_nat_ctx->nat), _next, ptr_temp) { 556 LIST_REMOVE(ptr, _next); 557 del_redir_spool_cfg(ptr, &ptr->redir_chain); 558 LibAliasUninit(ptr->lib); 559 kfree(ptr, M_IPFW_NAT); 560 } 561 562 ipfw_nat_cfg_ptr = NULL; 563 ipfw_nat_del_ptr = NULL; 564 ipfw_nat_flush_ptr = NULL; 565 ipfw_nat_get_cfg_ptr = NULL; 566 ipfw_nat_get_log_ptr = NULL; 567 568 return unregister_ipfw_module(MODULE_NAT_ID); 569 } 570 571 static int ipfw_nat_modevent(module_t mod, int type, void *data) 572 { 573 switch (type) { 574 case MOD_LOAD: 575 return ipfw_nat_init(); 576 case MOD_UNLOAD: 577 return ipfw_nat_stop(); 578 default: 579 break; 580 } 581 return 0; 582 } 583 584 static moduledata_t ipfw_nat_mod = { 585 "ipfw3_nat", 586 ipfw_nat_modevent, 587 NULL 588 }; 589 590 DECLARE_MODULE(ipfw3_nat, ipfw_nat_mod, 591 SI_SUB_PROTO_IFATTACHDOMAIN, SI_ORDER_ANY); 592 MODULE_DEPEND(ipfw3_nat, libalias, 1, 1, 1); 593 MODULE_DEPEND(ipfw3_nat, ipfw3_basic, 1, 1, 1); 594 MODULE_VERSION(ipfw3_nat, 1); 595