1
10
13
14
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
120
121
122
123
124
125
126
127
128
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
166
167
168
169
170
171
172
173
174
176
177
178
179
180
181
182
183
184
185
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
213
218
225
226
227
228
229
230
231
232
233
...
...
...
#define NX_SOURCE_CODE
#include "nx_api.h"
#include "nx_tcp.h"
#include "nx_packet.h"
#include "nx_ip.h"
#ifdef NX_IPSEC_ENABLE
#include "nx_ipsec.h"
#endif
#ifdef FEATURE_NX_IPV6
#include "nx_ipv6.h"
#endif
...
...
VOID _nx_tcp_no_connection_reset(NX_IP *ip_ptr, NX_PACKET *packet_ptr, NX_TCP_HEADER *tcp_header_ptr)
{
NX_TCP_SOCKET fake_socket;
ULONG header_length;
#ifdef NX_IPSEC_ENABLE
VOID *sa;
NXD_ADDRESS source_ip;
NXD_ADDRESS destination_ip;
UINT ret;
ULONG data_offset = 0;/* ... */
#endif
memset((void *)&fake_socket, 0, sizeof(NX_TCP_SOCKET));
fake_socket.nx_tcp_socket_ip_ptr = ip_ptr;
#ifndef NX_DISABLE_IPV4
if (packet_ptr -> nx_packet_ip_version == NX_IP_VERSION_V4)
{
NX_IPV4_HEADER *ip_header_ptr;
ip_header_ptr = (NX_IPV4_HEADER *)packet_ptr -> nx_packet_ip_header;
fake_socket.nx_tcp_socket_connect_ip.nxd_ip_version = NX_IP_VERSION_V4;
fake_socket.nx_tcp_socket_connect_ip.nxd_ip_address.v4 = ip_header_ptr -> nx_ip_header_source_ip;
/* ... */
fake_socket.nx_tcp_socket_connect_interface = packet_ptr -> nx_packet_address.nx_packet_interface_ptr;
fake_socket.nx_tcp_socket_next_hop_address = NX_NULL;
_nx_ip_route_find(ip_ptr, fake_socket.nx_tcp_socket_connect_ip.nxd_ip_address.v4, &fake_socket.nx_tcp_socket_connect_interface,
&fake_socket.nx_tcp_socket_next_hop_address);
#ifdef NX_IPSEC_ENABLE
source_ip.nxd_ip_version = NX_IP_VERSION_V4;
source_ip.nxd_ip_address.v4 = fake_socket.nx_tcp_socket_connect_interface -> nx_interface_ip_address;
destination_ip.nxd_ip_version = NX_IP_VERSION_V4;
destination_ip.nxd_ip_address.v4 = ip_header_ptr -> nx_ip_header_source_ip;/* ... */
#endif
}if (packet_ptr -> nx_packet_ip_version == NX_IP_VERSION_V4) { ... }
/* ... */#endif
#ifdef FEATURE_NX_IPV6
if (packet_ptr -> nx_packet_ip_version == NX_IP_VERSION_V6)
{
NX_IPV6_HEADER *ipv6_header_ptr;
ipv6_header_ptr = (NX_IPV6_HEADER *)packet_ptr -> nx_packet_ip_header;
fake_socket.nx_tcp_socket_connect_ip.nxd_ip_version = NX_IP_VERSION_V6;
COPY_IPV6_ADDRESS(&ipv6_header_ptr -> nx_ip_header_source_ip[0], fake_socket.nx_tcp_socket_connect_ip.nxd_ip_address.v6);
fake_socket.nx_tcp_socket_ipv6_addr = packet_ptr -> nx_packet_address.nx_packet_ipv6_address_ptr;
fake_socket.nx_tcp_socket_connect_interface = packet_ptr -> nx_packet_address.nx_packet_ipv6_address_ptr -> nxd_ipv6_address_attached;
#ifdef NX_IPSEC_ENABLE
source_ip.nxd_ip_version = NX_IP_VERSION_V6;
COPY_IPV6_ADDRESS(fake_socket.nx_tcp_socket_ipv6_addr -> nxd_ipv6_address, source_ip.nxd_ip_address.v6);
destination_ip.nxd_ip_version = NX_IP_VERSION_V6;
COPY_IPV6_ADDRESS(&ipv6_header_ptr -> nx_ip_header_source_ip[0], destination_ip.nxd_ip_address.v6);/* ... */
#endif
}if (packet_ptr -> nx_packet_ip_version == NX_IP_VERSION_V6) { ... }
/* ... */#endif
fake_socket.nx_tcp_socket_port = (UINT)(tcp_header_ptr -> nx_tcp_header_word_0 & NX_LOWER_16_MASK);
fake_socket.nx_tcp_socket_connect_port = (UINT)(tcp_header_ptr -> nx_tcp_header_word_0 >> NX_SHIFT_BY_16);
/* ... */
if (!(tcp_header_ptr -> nx_tcp_header_word_3 & NX_TCP_ACK_BIT))
{
header_length = (tcp_header_ptr -> nx_tcp_header_word_3 >> NX_TCP_HEADER_SHIFT) * (ULONG)sizeof(ULONG);
tcp_header_ptr -> nx_tcp_sequence_number += (packet_ptr -> nx_packet_length - header_length);
if (tcp_header_ptr -> nx_tcp_header_word_3 & (NX_TCP_SYN_BIT | NX_TCP_FIN_BIT))
{
tcp_header_ptr -> nx_tcp_sequence_number++;
}if (tcp_header_ptr -> nx_tcp_header_word_3 & (NX_TCP_SYN_BIT | NX_TCP_FIN_BIT)) { ... }
}if (!(tcp_header_ptr -> nx_tcp_header_word_3 & NX_TCP_ACK_BIT)) { ... }
#ifdef NX_IPSEC_ENABLE
if (ip_ptr -> nx_ip_packet_egress_sa_lookup != NX_NULL)
{
ret = ip_ptr -> nx_ip_packet_egress_sa_lookup(ip_ptr,
&source_ip,
&destination_ip,
NX_PROTOCOL_TCP,
fake_socket.nx_tcp_socket_port,
fake_socket.nx_tcp_socket_connect_port,
&data_offset, &sa, 0);
if (ret == NX_IPSEC_TRAFFIC_PROTECT)
{
fake_socket.nx_tcp_socket_egress_sa = sa;
fake_socket.nx_tcp_socket_egress_sa_data_offset = data_offset;
}if (ret == NX_IPSEC_TRAFFIC_PROTECT) { ... }
else if (ret == NX_IPSEC_TRAFFIC_DROP || ret == NX_IPSEC_TRAFFIC_PENDING_IKEV2)
{
return;
}else if (ret == NX_IPSEC_TRAFFIC_DROP || ret == NX_IPSEC_TRAFFIC_PENDING_IKEV2) { ... }
else
{
fake_socket.nx_tcp_socket_egress_sa = NX_NULL;
fake_socket.nx_tcp_socket_egress_sa_data_offset = 0;
}else { ... }
...}/* ... */
#endif
fake_socket.nx_tcp_socket_time_to_live = (UINT)NX_IP_TIME_TO_LIVE;
_nx_tcp_packet_send_rst(&fake_socket, tcp_header_ptr);
}{ ... }