2 Alias_ftp.c performs special processing for FTP sessions under
3 TCP. Specifically, when a PORT command from the client side
4 is sent, it is intercepted and modified. The address is changed
5 to the gateway machine and an aliasing port is used.
7 For this routine to work, the PORT command must fit entirely
8 into a single TCP packet. This is typically the case, but exceptions
9 can easily be envisioned under the actual specifications.
11 Probably the most troubling aspect of the approach taken here is
12 that the new PORT command will typically be a different length, and
13 this causes a certain amount of bookkeeping to keep track of the
14 changes of sequence and acknowledgment numbers, since the client
15 machine is totally unaware of the modification to the TCP stream.
18 This software is placed into the public domain with no restrictions
21 Initial version: August, 1996 (cjm)
24 Brian Somers and Martin Renters identified an IP checksum
25 error for modified IP packets.
27 Version 1.7: January 9, 1996 (cjm)
28 Differental checksum computation for change
31 Version 2.1: May, 1997 (cjm)
32 Very minor changes to conform with
33 local/global/function naming conventions
34 withing the packet alising module.
36 See HISTORY file for record of revisions.
45 #include <sys/types.h>
46 #include <netinet/in_systm.h>
47 #include <netinet/in.h>
48 #include <netinet/ip.h>
49 #include <netinet/tcp.h>
51 #include "alias_local.h"
53 static void NewFtpPortCommand(struct ip *, struct alias_link *, struct in_addr, u_short, int);
59 struct ip *pip, /* IP packet to examine/patch */
60 struct alias_link *link, /* The link to go through (aliased port) */
61 int maxpacketsize /* The maximum size this packet can grow to (including headers) */)
64 struct in_addr true_addr;
69 /* Calculate data length of TCP packet */
70 tc = (struct tcphdr *) ((char *) pip + (pip->ip_hl << 2));
71 hlen = (pip->ip_hl + tc->th_off) << 2;
72 tlen = ntohs(pip->ip_len);
75 /* Return is data length is too long or too short */
76 if (dlen<10 || dlen>80)
79 /* Place string pointer and beginning of data */
83 /* Parse through string using state diagram method */
87 u_long a1, a2, a3, a4;
90 a1=0; a2=0; a3=0; a4=0; p1=0; p2=0;
93 for (i=0; i<dlen; i++)
98 case -4: if (ch == 'P') state=-3; else return; break;
99 case -3: if (ch == 'O') state=-2; else return; break;
100 case -2: if (ch == 'R') state=-1; else return; break;
101 case -1: if (ch == 'T') state= 0; else return; break;
104 if (isdigit(ch)) {a1=ch-zero; state=1 ;} break;
106 if (isdigit(ch)) a1=10*a1+ch-zero; else state=2 ; break;
108 if (isdigit(ch)) {a2=ch-zero; state=3 ;} break;
110 if (isdigit(ch)) a2=10*a2+ch-zero; else state=4 ; break;
112 if (isdigit(ch)) {a3=ch-zero; state=5 ;} break;
114 if (isdigit(ch)) a3=10*a3+ch-zero; else state=6 ; break;
116 if (isdigit(ch)) {a4=ch-zero; state=7 ;} break;
118 if (isdigit(ch)) a4=10*a4+ch-zero; else state=8 ; break;
120 if (isdigit(ch)) {p1=ch-zero; state=9 ;} break;
122 if (isdigit(ch)) p1=10*p1+ch-zero; else state=10; break;
124 if (isdigit(ch)) {p2=ch-zero; state=11;} break;
126 if (isdigit(ch)) p2=10*p2+ch-zero; break;
132 true_port = htons((p1<<8) + p2);
133 true_addr.s_addr = htonl((a1<<24) + (a2<<16) +(a3<<8) + a4);
134 NewFtpPortCommand(pip, link, true_addr, true_port, maxpacketsize);
140 NewFtpPortCommand(struct ip *pip,
141 struct alias_link *link,
142 struct in_addr true_addr,
146 struct alias_link *ftp_link;
148 /* Establish link to address and port found in PORT command */
149 ftp_link = FindUdpTcpOut(true_addr, GetDestAddress(link),
150 true_port, 0, IPPROTO_TCP);
152 if (ftp_link != NULL)
154 int slen, hlen, tlen, dlen;
158 /* Punch hole in firewall */
159 PunchFWHole(ftp_link);
162 /* Calculate data length of TCP packet */
163 tc = (struct tcphdr *) ((char *) pip + (pip->ip_hl << 2));
164 hlen = (pip->ip_hl + tc->th_off) << 2;
165 tlen = ntohs(pip->ip_len);
168 /* Create new PORT command */
174 int a1, a2, a3, a4, p1, p2;
175 struct in_addr alias_address;
177 /* Decompose alias address into quad format */
178 alias_address = GetAliasAddress(link);
179 ptr = (u_char *) &alias_address.s_addr;
180 a1 = *ptr++; a2=*ptr++; a3=*ptr++; a4=*ptr;
182 /* Decompose alias port into pair format */
183 alias_port = GetAliasPort(ftp_link);
184 ptr = (char *) &alias_port;
185 p1 = *ptr++; p2=*ptr;
187 /* Generate command string */
188 sprintf(stemp, "PORT %d,%d,%d,%d,%d,%d\r\n",
191 /* Save string length for IP header modification */
192 slen = strlen(stemp);
194 /* Copy into IP packet */
195 sptr = (char *) pip; sptr += hlen;
196 strncpy(sptr, stemp, maxpacketsize-hlen);
199 /* Save information regarding modified seq and ack numbers */
203 SetAckModified(link);
204 delta = GetDeltaSeqOut(pip, link);
205 AddSeq(pip, link, delta+slen-dlen);
208 /* Revise IP header */
212 new_len = htons(hlen + slen);
213 DifferentialChecksum(&pip->ip_sum,
217 pip->ip_len = new_len;
220 /* Compute TCP checksum for revised packet */
222 tc->th_sum = TcpChecksum(pip);
228 "PacketAlias/HandleFtpOut: Cannot allocate FTP data port\n");