I'm debugging a chunk of code which attempts to parse the nat list in
kernel memory looking for a specific connection. However, it seems to find
only a handfull of the active connections. Help!
#define N_NATLIST 1
#define N_TOTAL 3
/*
** Get a piece of kernel memory.
** Returns 0 on success, -1 on failure.
*/
static int getbuf(u_long addr, void *buf, size_t len) {
if (kvm_read(kinfo->kd, addr, buf, len) < 0) {
debug("getbuf: kvm_read: %s", strerror(errno));
return (-1);
}
return (0);
}
int sock;
in_port_t lport;
in_port_t fport;
struct sockaddr_storage *laddr;
struct sockaddr_storage *faddr;
nat_t *np;
nat_t nat;
char os[24];
char user[MAX_ULEN];
struct sockaddr_storage ss;
kinfo->nl[N_NATLIST].n_name = "_nat_instances";
kinfo->nl[N_TOTAL - 1].n_name = NULL;
if (kvm_nlist(kinfo->kd, kinfo->nl) != 0) {
kvm_close(kinfo->kd);
free(kinfo);
debug("kvm_nlist: %s", strerror(errno));
return (-1);
}
/*
** Only IPv4 is supported right now..
*/
if (faddr->ss_family != AF_INET || laddr->ss_family != AF_INET)
return (-1);
if (getbuf(kinfo->nl[N_NATLIST].n_value, &np, sizeof(np)) == -1)
return (-1);
for ( ; np != NULL; np = nat.nat_next) {
int ret;
in_port_t masq_lport;
if (getbuf((u_long) np, &nat, sizeof(nat)) == -1) {
debug("getbuf: %s", strerror(errno));
break;
}
if (nat.nat_p != IPPROTO_TCP)
continue;
if (lport != nat.nat_outport)
continue;
if (fport != nat.nat_oport)
continue;
.....
}
