2 * Copyright (C) 1998-2003 by Darren Reed
4 * See the IPFILTER.LICENCE file for details on licencing.
6 * $Id: ip_rcmd_pxy.c,v 1.41.2.6 2006/04/01 10:14:54 darrenr Exp $
8 * Simple RCMD transparent proxy for in-kernel use. For use with the NAT
12 #define IPF_RCMD_PROXY
15 int ippr_rcmd_init __P((void));
16 void ippr_rcmd_fini __P((void));
17 int ippr_rcmd_new __P((fr_info_t *, ap_session_t *, nat_t *));
18 int ippr_rcmd_out __P((fr_info_t *, ap_session_t *, nat_t *));
19 int ippr_rcmd_in __P((fr_info_t *, ap_session_t *, nat_t *));
20 u_short ipf_rcmd_atoi __P((char *));
21 int ippr_rcmd_portmsg __P((fr_info_t *, ap_session_t *, nat_t *));
23 static frentry_t rcmdfr;
25 int rcmd_proxy_init = 0;
29 * RCMD application proxy initialization.
33 bzero((char *)&rcmdfr, sizeof(rcmdfr));
35 rcmdfr.fr_flags = FR_INQUE|FR_PASS|FR_QUICK|FR_KEEPSTATE;
36 MUTEX_INIT(&rcmdfr.fr_lock, "RCMD proxy rule lock");
45 if (rcmd_proxy_init == 1) {
46 MUTEX_DESTROY(&rcmdfr.fr_lock);
53 * Setup for a new RCMD proxy.
55 int ippr_rcmd_new(fin, aps, nat)
60 tcphdr_t *tcp = (tcphdr_t *)fin->fin_dp;
65 aps->aps_psiz = sizeof(u_32_t);
66 KMALLOCS(aps->aps_data, u_32_t *, sizeof(u_32_t));
67 if (aps->aps_data == NULL) {
68 #ifdef IP_RCMD_PROXY_DEBUG
69 printf("ippr_rcmd_new:KMALLOCS(%d) failed\n", sizeof(u_32_t));
73 *(u_32_t *)aps->aps_data = 0;
74 aps->aps_sport = tcp->th_sport;
75 aps->aps_dport = tcp->th_dport;
81 * ipf_rcmd_atoi - implement a simple version of atoi
83 u_short ipf_rcmd_atoi(ptr)
86 register char *s = ptr, c;
87 register u_short i = 0;
89 while (((c = *s++) != '\0') && ISDIGIT(c)) {
97 int ippr_rcmd_portmsg(fin, aps, nat)
102 tcphdr_t *tcp, tcph, *tcp2 = &tcph;
103 struct in_addr swip, swip2;
104 int off, dlen, nflags;
112 tcp = (tcphdr_t *)fin->fin_dp;
114 if (tcp->th_flags & TH_SYN) {
115 *(u_32_t *)aps->aps_data = htonl(ntohl(tcp->th_seq) + 1);
119 if ((*(u_32_t *)aps->aps_data != 0) &&
120 (tcp->th_seq != *(u_32_t *)aps->aps_data))
125 off = (char *)tcp - (char *)ip + (TCP_OFF(tcp) << 2) + fin->fin_ipoff;
128 dlen = fin->fin_plen - off;
130 dlen = MSGDSIZE(m) - off;
135 bzero(portbuf, sizeof(portbuf));
136 COPYDATA(m, off, MIN(sizeof(portbuf), dlen), portbuf);
138 portbuf[sizeof(portbuf) - 1] = '\0';
140 sp = ipf_rcmd_atoi(s);
142 #ifdef IP_RCMD_PROXY_DEBUG
143 printf("ippr_rcmd_portmsg:sp == 0 dlen %d [%s]\n",
150 * Add skeleton NAT entry for connection which will come back the
153 bcopy((char *)fin, (char *)&fi, sizeof(fi));
156 fi.fin_flx |= FI_IGNORE;
159 if (nat->nat_dir == NAT_OUTBOUND)
160 nat2 = nat_outlookup(&fi, NAT_SEARCH|IPN_TCP, nat->nat_p,
161 nat->nat_inip, nat->nat_oip);
163 nat2 = nat_inlookup(&fi, NAT_SEARCH|IPN_TCP, nat->nat_p,
164 nat->nat_inip, nat->nat_oip);
169 ip->ip_len = fin->fin_hlen + sizeof(*tcp);
170 bzero((char *)tcp2, sizeof(*tcp2));
171 tcp2->th_win = htons(8192);
172 tcp2->th_sport = htons(sp);
173 tcp2->th_dport = 0; /* XXX - don't specify remote port */
175 tcp2->th_flags = TH_SYN;
176 fi.fin_dp = (char *)tcp2;
178 fi.fin_dlen = sizeof(*tcp2);
179 fi.fin_plen = fi.fin_hlen + sizeof(*tcp2);
180 fi.fin_flx &= FI_LOWTTL|FI_FRAG|FI_TCPUDP|FI_OPTIONS|FI_IGNORE;
181 nflags = NAT_SLAVE|IPN_TCP|SI_W_DPORT;
186 if (nat->nat_dir == NAT_OUTBOUND) {
187 fi.fin_fi.fi_saddr = nat->nat_inip.s_addr;
188 ip->ip_src = nat->nat_inip;
190 fi.fin_fi.fi_saddr = nat->nat_oip.s_addr;
191 ip->ip_src = nat->nat_oip;
192 nflags |= NAT_NOTRULEPORT;
195 nat2 = nat_new(&fi, nat->nat_ptr, NULL, nflags, nat->nat_dir);
198 (void) nat_proto(&fi, nat2, IPN_TCP);
199 nat_update(&fi, nat2, nat2->nat_ptr);
201 if (nat->nat_dir == NAT_INBOUND) {
202 fi.fin_fi.fi_daddr = nat->nat_inip.s_addr;
203 ip->ip_dst = nat->nat_inip;
205 (void) fr_addstate(&fi, NULL, SI_W_DPORT);
206 if (fi.fin_state != NULL)
207 fr_statederef(&fi, (ipstate_t **)&fi.fin_state);
217 int ippr_rcmd_out(fin, aps, nat)
222 if (nat->nat_dir == NAT_OUTBOUND)
223 return ippr_rcmd_portmsg(fin, aps, nat);
228 int ippr_rcmd_in(fin, aps, nat)
233 if (nat->nat_dir == NAT_INBOUND)
234 return ippr_rcmd_portmsg(fin, aps, nat);