2 * Copyright (c) 2001 Charles Mott <cm@linktel.net>
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in the
12 * documentation and/or other materials provided with the distribution.
14 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
15 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
16 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
17 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
18 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
19 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
20 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
21 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
22 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
23 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
27 #include <sys/cdefs.h>
28 __FBSDID("$FreeBSD$");
31 Alias_ftp.c performs special processing for FTP sessions under
32 TCP. Specifically, when a PORT/EPRT command from the client
33 side or 227/229 reply from the server is sent, it is intercepted
34 and modified. The address is changed to the gateway machine
35 and an aliasing port is used.
37 For this routine to work, the message must fit entirely into a
38 single TCP packet. This is typically the case, but exceptions
39 can easily be envisioned under the actual specifications.
41 Probably the most troubling aspect of the approach taken here is
42 that the new message will typically be a different length, and
43 this causes a certain amount of bookkeeping to keep track of the
44 changes of sequence and acknowledgment numbers, since the client
45 machine is totally unaware of the modification to the TCP stream.
48 References: RFC 959, RFC 2428.
50 Initial version: August, 1996 (cjm)
53 Brian Somers and Martin Renters identified an IP checksum
54 error for modified IP packets.
56 Version 1.7: January 9, 1996 (cjm)
57 Differential checksum computation for change
60 Version 2.1: May, 1997 (cjm)
61 Very minor changes to conform with
62 local/global/function naming conventions
63 within the packet aliasing module.
65 Version 3.1: May, 2000 (eds)
66 Add support for passive mode, alias the 227 replies.
68 See HISTORY file for record of revisions.
73 #include <sys/param.h>
74 #include <sys/ctype.h>
75 #include <sys/libkern.h>
77 #include <sys/types.h>
83 #include <netinet/in_systm.h>
84 #include <netinet/in.h>
85 #include <netinet/ip.h>
86 #include <netinet/tcp.h>
89 #include <netinet/libalias/alias.h>
90 #include <netinet/libalias/alias_local.h>
92 #include "alias_local.h"
95 #define FTP_CONTROL_PORT_NUMBER 21
96 #define MAX_MESSAGE_SIZE 128
98 /* FTP protocol flags. */
99 #define WAIT_CRLF 0x01
101 enum ftp_message_type {
109 static int ParseFtpPortCommand(struct libalias *la, char *, int);
110 static int ParseFtpEprtCommand(struct libalias *la, char *, int);
111 static int ParseFtp227Reply(struct libalias *la, char *, int);
112 static int ParseFtp229Reply(struct libalias *la, char *, int);
113 static void NewFtpMessage(struct libalias *la, struct ip *, struct alias_link *, int, int);
118 struct ip *pip, /* IP packet to examine/patch */
119 struct alias_link *lnk, /* The link to go through (aliased port) */
120 int maxpacketsize /* The maximum size this packet can grow to
121 (including headers) */ )
123 int hlen, tlen, dlen, pflags;
126 int ftp_message_type;
128 /* Calculate data length of TCP packet */
129 tc = (struct tcphdr *)ip_next(pip);
130 hlen = (pip->ip_hl + tc->th_off) << 2;
131 tlen = ntohs(pip->ip_len);
134 /* Place string pointer and beginning of data */
139 * Check that data length is not too long and previous message was
140 * properly terminated with CRLF.
142 pflags = GetProtocolFlags(lnk);
143 if (dlen <= MAX_MESSAGE_SIZE && !(pflags & WAIT_CRLF)) {
144 ftp_message_type = FTP_UNKNOWN_MESSAGE;
146 if (ntohs(tc->th_dport) == FTP_CONTROL_PORT_NUMBER) {
148 * When aliasing a client, check for the PORT/EPRT command.
150 if (ParseFtpPortCommand(la, sptr, dlen))
151 ftp_message_type = FTP_PORT_COMMAND;
152 else if (ParseFtpEprtCommand(la, sptr, dlen))
153 ftp_message_type = FTP_EPRT_COMMAND;
156 * When aliasing a server, check for the 227/229 reply.
158 if (ParseFtp227Reply(la, sptr, dlen))
159 ftp_message_type = FTP_227_REPLY;
160 else if (ParseFtp229Reply(la, sptr, dlen)) {
161 ftp_message_type = FTP_229_REPLY;
162 la->true_addr.s_addr = pip->ip_src.s_addr;
166 if (ftp_message_type != FTP_UNKNOWN_MESSAGE)
167 NewFtpMessage(la, pip, lnk, maxpacketsize, ftp_message_type);
169 /* Track the msgs which are CRLF term'd for PORT/PASV FW breach */
171 if (dlen) { /* only if there's data */
172 sptr = (char *)pip; /* start over at beginning */
173 tlen = ntohs(pip->ip_len); /* recalc tlen, pkt may
175 if (sptr[tlen - 2] == '\r' && sptr[tlen - 1] == '\n')
176 pflags &= ~WAIT_CRLF;
179 SetProtocolFlags(lnk, pflags);
184 ParseFtpPortCommand(struct libalias *la, char *sptr, int dlen)
192 /* Format: "PORT A,D,D,R,PO,RT". */
194 /* Return if data length is too short. */
198 addr = port = octet = 0;
200 for (i = 0; i < dlen; i++) {
250 octet = 10 * octet + ch - '0';
251 else if (ch == ',') {
252 addr = (addr << 8) + octet;
260 octet = 10 * octet + ch - '0';
261 else if (ch == ',' || state == 12) {
262 port = (port << 8) + octet;
271 la->true_addr.s_addr = htonl(addr);
272 la->true_port = port;
279 ParseFtpEprtCommand(struct libalias *la, char *sptr, int dlen)
287 /* Format: "EPRT |1|A.D.D.R|PORT|". */
289 /* Return if data length is too short. */
293 addr = port = octet = 0;
294 delim = '|'; /* XXX gcc -Wuninitialized */
296 for (i = 0; i < dlen; i++) {
331 if (ch == '1') /* IPv4 address */
357 octet = 10 * octet + ch - '0';
358 else if (ch == '.' || state == 10) {
359 addr = (addr << 8) + octet;
373 port = 10 * port + ch - '0';
374 else if (ch == delim)
383 la->true_addr.s_addr = htonl(addr);
384 la->true_port = port;
391 ParseFtp227Reply(struct libalias *la, char *sptr, int dlen)
399 /* Format: "227 Entering Passive Mode (A,D,D,R,PO,RT)" */
401 /* Return if data length is too short. */
405 addr = port = octet = 0;
408 for (i = 0; i < dlen; i++) {
451 octet = 10 * octet + ch - '0';
452 else if (ch == ',') {
453 addr = (addr << 8) + octet;
461 octet = 10 * octet + ch - '0';
462 else if (ch == ',' || (state == 12 && ch == ')')) {
463 port = (port << 8) + octet;
472 la->true_port = port;
473 la->true_addr.s_addr = htonl(addr);
480 ParseFtp229Reply(struct libalias *la, char *sptr, int dlen)
486 /* Format: "229 Entering Extended Passive Mode (|||PORT|)" */
488 /* Return if data length is too short. */
493 delim = '|'; /* XXX gcc -Wuninitialized */
496 for (i = 0; i < dlen; i++) {
542 port = 10 * port + ch - '0';
543 else if (ch == delim)
558 la->true_port = port;
565 NewFtpMessage(struct libalias *la, struct ip *pip,
566 struct alias_link *lnk,
568 int ftp_message_type)
570 struct alias_link *ftp_lnk;
572 /* Security checks. */
573 if (pip->ip_src.s_addr != la->true_addr.s_addr)
576 if (la->true_port < IPPORT_RESERVED)
579 /* Establish link to address and port found in FTP control message. */
580 ftp_lnk = FindUdpTcpOut(la, la->true_addr, GetDestAddress(lnk),
581 htons(la->true_port), 0, IPPROTO_TCP, 1);
583 if (ftp_lnk != NULL) {
584 int slen, hlen, tlen, dlen;
588 /* Punch hole in firewall */
589 PunchFWHole(ftp_lnk);
592 /* Calculate data length of TCP packet */
593 tc = (struct tcphdr *)ip_next(pip);
594 hlen = (pip->ip_hl + tc->th_off) << 2;
595 tlen = ntohs(pip->ip_len);
598 /* Create new FTP message. */
600 char stemp[MAX_MESSAGE_SIZE + 1];
604 int a1, a2, a3, a4, p1, p2;
605 struct in_addr alias_address;
607 /* Decompose alias address into quad format */
608 alias_address = GetAliasAddress(lnk);
609 ptr = (u_char *) & alias_address.s_addr;
615 alias_port = GetAliasPort(ftp_lnk);
617 switch (ftp_message_type) {
618 case FTP_PORT_COMMAND:
620 /* Decompose alias port into pair format. */
621 ptr = (char *)&alias_port;
625 if (ftp_message_type == FTP_PORT_COMMAND) {
626 /* Generate PORT command string. */
627 sprintf(stemp, "PORT %d,%d,%d,%d,%d,%d\r\n",
628 a1, a2, a3, a4, p1, p2);
630 /* Generate 227 reply string. */
632 "227 Entering Passive Mode (%d,%d,%d,%d,%d,%d)\r\n",
633 a1, a2, a3, a4, p1, p2);
636 case FTP_EPRT_COMMAND:
637 /* Generate EPRT command string. */
638 sprintf(stemp, "EPRT |1|%d.%d.%d.%d|%d|\r\n",
639 a1, a2, a3, a4, ntohs(alias_port));
642 /* Generate 229 reply string. */
643 sprintf(stemp, "229 Entering Extended Passive Mode (|||%d|)\r\n",
648 /* Save string length for IP header modification */
649 slen = strlen(stemp);
651 /* Copy modified buffer into IP packet. */
654 strncpy(sptr, stemp, maxpacketsize - hlen);
657 /* Save information regarding modified seq and ack numbers */
662 delta = GetDeltaSeqOut(pip, lnk);
663 AddSeq(pip, lnk, delta + slen - dlen);
666 /* Revise IP header */
670 new_len = htons(hlen + slen);
671 DifferentialChecksum(&pip->ip_sum,
675 pip->ip_len = new_len;
678 /* Compute TCP checksum for revised packet */
683 tc->th_sum = TcpChecksum(pip);
686 #ifdef LIBALIAS_DEBUG
688 "PacketAlias/HandleFtpOut: Cannot allocate FTP data port\n");