2 * Copyright (c) 2001 Charles Mott <cm@linktel.net>
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in the
12 * documentation and/or other materials provided with the distribution.
14 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
15 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
16 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
17 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
18 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
19 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
20 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
21 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
22 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
23 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
27 #include <sys/cdefs.h>
28 __FBSDID("$FreeBSD$");
31 Alias_ftp.c performs special processing for FTP sessions under
32 TCP. Specifically, when a PORT/EPRT command from the client
33 side or 227/229 reply from the server is sent, it is intercepted
34 and modified. The address is changed to the gateway machine
35 and an aliasing port is used.
37 For this routine to work, the message must fit entirely into a
38 single TCP packet. This is typically the case, but exceptions
39 can easily be envisioned under the actual specifications.
41 Probably the most troubling aspect of the approach taken here is
42 that the new message will typically be a different length, and
43 this causes a certain amount of bookkeeping to keep track of the
44 changes of sequence and acknowledgment numbers, since the client
45 machine is totally unaware of the modification to the TCP stream.
48 References: RFC 959, RFC 2428.
50 Initial version: August, 1996 (cjm)
53 Brian Somers and Martin Renters identified an IP checksum
54 error for modified IP packets.
56 Version 1.7: January 9, 1996 (cjm)
57 Differential checksum computation for change
60 Version 2.1: May, 1997 (cjm)
61 Very minor changes to conform with
62 local/global/function naming conventions
63 within the packet aliasing module.
65 Version 3.1: May, 2000 (eds)
66 Add support for passive mode, alias the 227 replies.
68 See HISTORY file for record of revisions.
73 #include <sys/param.h>
74 #include <sys/ctype.h>
75 #include <sys/systm.h>
76 #include <sys/kernel.h>
77 #include <sys/module.h>
80 #include <sys/types.h>
85 #include <netinet/in_systm.h>
86 #include <netinet/in.h>
87 #include <netinet/ip.h>
88 #include <netinet/tcp.h>
91 #include <netinet/libalias/alias.h>
92 #include <netinet/libalias/alias_local.h>
93 #include <netinet/libalias/alias_mod.h>
95 #include "alias_local.h"
96 #include "alias_mod.h"
99 #define FTP_CONTROL_PORT_NUMBER 21
102 AliasHandleFtpOut(struct libalias *, struct ip *, struct alias_link *,
106 fingerprint(struct libalias *la, struct ip *pip, struct alias_data *ah)
109 if (ah->dport == NULL || ah->sport == NULL || ah->lnk == NULL ||
112 if (ntohs(*ah->dport) == FTP_CONTROL_PORT_NUMBER
113 || ntohs(*ah->sport) == FTP_CONTROL_PORT_NUMBER)
119 protohandler(struct libalias *la, struct ip *pip, struct alias_data *ah)
122 AliasHandleFtpOut(la, pip, ah->lnk, ah->maxpktsize);
126 struct proto_handler handlers[] = {
131 .fingerprint = &fingerprint,
132 .protohandler = &protohandler
138 mod_handler(module_t mod, int type, void *data)
145 LibAliasAttachHandlers(handlers);
149 LibAliasDetachHandlers(handlers);
160 moduledata_t alias_mod = {
161 "alias_ftp", mod_handler, NULL
165 DECLARE_MODULE(alias_ftp, alias_mod, SI_SUB_DRIVERS, SI_ORDER_SECOND);
166 MODULE_VERSION(alias_ftp, 1);
167 MODULE_DEPEND(alias_ftp, libalias, 1, 1, 1);
170 #define FTP_CONTROL_PORT_NUMBER 21
171 #define MAX_MESSAGE_SIZE 128
173 /* FTP protocol flags. */
174 #define WAIT_CRLF 0x01
176 enum ftp_message_type {
184 static int ParseFtpPortCommand(struct libalias *la, char *, int);
185 static int ParseFtpEprtCommand(struct libalias *la, char *, int);
186 static int ParseFtp227Reply(struct libalias *la, char *, int);
187 static int ParseFtp229Reply(struct libalias *la, char *, int);
188 static void NewFtpMessage(struct libalias *la, struct ip *, struct alias_link *, int, int);
193 struct ip *pip, /* IP packet to examine/patch */
194 struct alias_link *lnk, /* The link to go through (aliased port) */
195 int maxpacketsize /* The maximum size this packet can grow to
196 (including headers) */ )
198 int hlen, tlen, dlen, pflags;
201 int ftp_message_type;
203 /* Calculate data length of TCP packet */
204 tc = (struct tcphdr *)ip_next(pip);
205 hlen = (pip->ip_hl + tc->th_off) << 2;
206 tlen = ntohs(pip->ip_len);
209 /* Place string pointer and beginning of data */
214 * Check that data length is not too long and previous message was
215 * properly terminated with CRLF.
217 pflags = GetProtocolFlags(lnk);
218 if (dlen <= MAX_MESSAGE_SIZE && !(pflags & WAIT_CRLF)) {
219 ftp_message_type = FTP_UNKNOWN_MESSAGE;
221 if (ntohs(tc->th_dport) == FTP_CONTROL_PORT_NUMBER) {
223 * When aliasing a client, check for the PORT/EPRT command.
225 if (ParseFtpPortCommand(la, sptr, dlen))
226 ftp_message_type = FTP_PORT_COMMAND;
227 else if (ParseFtpEprtCommand(la, sptr, dlen))
228 ftp_message_type = FTP_EPRT_COMMAND;
231 * When aliasing a server, check for the 227/229 reply.
233 if (ParseFtp227Reply(la, sptr, dlen))
234 ftp_message_type = FTP_227_REPLY;
235 else if (ParseFtp229Reply(la, sptr, dlen)) {
236 ftp_message_type = FTP_229_REPLY;
237 la->true_addr.s_addr = pip->ip_src.s_addr;
241 if (ftp_message_type != FTP_UNKNOWN_MESSAGE)
242 NewFtpMessage(la, pip, lnk, maxpacketsize, ftp_message_type);
244 /* Track the msgs which are CRLF term'd for PORT/PASV FW breach */
246 if (dlen) { /* only if there's data */
247 sptr = (char *)pip; /* start over at beginning */
248 tlen = ntohs(pip->ip_len); /* recalc tlen, pkt may
250 if (sptr[tlen - 2] == '\r' && sptr[tlen - 1] == '\n')
251 pflags &= ~WAIT_CRLF;
254 SetProtocolFlags(lnk, pflags);
259 ParseFtpPortCommand(struct libalias *la, char *sptr, int dlen)
267 /* Format: "PORT A,D,D,R,PO,RT". */
269 /* Return if data length is too short. */
273 addr = port = octet = 0;
275 for (i = 0; i < dlen; i++) {
325 octet = 10 * octet + ch - '0';
326 else if (ch == ',') {
327 addr = (addr << 8) + octet;
335 octet = 10 * octet + ch - '0';
336 else if (ch == ',' || state == 12) {
337 port = (port << 8) + octet;
346 la->true_addr.s_addr = htonl(addr);
347 la->true_port = port;
354 ParseFtpEprtCommand(struct libalias *la, char *sptr, int dlen)
362 /* Format: "EPRT |1|A.D.D.R|PORT|". */
364 /* Return if data length is too short. */
368 addr = port = octet = 0;
369 delim = '|'; /* XXX gcc -Wuninitialized */
371 for (i = 0; i < dlen; i++) {
406 if (ch == '1') /* IPv4 address */
432 octet = 10 * octet + ch - '0';
433 else if (ch == '.' || state == 10) {
434 addr = (addr << 8) + octet;
448 port = 10 * port + ch - '0';
449 else if (ch == delim)
458 la->true_addr.s_addr = htonl(addr);
459 la->true_port = port;
466 ParseFtp227Reply(struct libalias *la, char *sptr, int dlen)
474 /* Format: "227 Entering Passive Mode (A,D,D,R,PO,RT)" */
476 /* Return if data length is too short. */
480 addr = port = octet = 0;
483 for (i = 0; i < dlen; i++) {
526 octet = 10 * octet + ch - '0';
527 else if (ch == ',') {
528 addr = (addr << 8) + octet;
536 octet = 10 * octet + ch - '0';
537 else if (ch == ',' || (state == 12 && ch == ')')) {
538 port = (port << 8) + octet;
547 la->true_port = port;
548 la->true_addr.s_addr = htonl(addr);
555 ParseFtp229Reply(struct libalias *la, char *sptr, int dlen)
561 /* Format: "229 Entering Extended Passive Mode (|||PORT|)" */
563 /* Return if data length is too short. */
568 delim = '|'; /* XXX gcc -Wuninitialized */
571 for (i = 0; i < dlen; i++) {
617 port = 10 * port + ch - '0';
618 else if (ch == delim)
633 la->true_port = port;
640 NewFtpMessage(struct libalias *la, struct ip *pip,
641 struct alias_link *lnk,
643 int ftp_message_type)
645 struct alias_link *ftp_lnk;
647 /* Security checks. */
648 if (pip->ip_src.s_addr != la->true_addr.s_addr)
651 if (la->true_port < IPPORT_RESERVED)
654 /* Establish link to address and port found in FTP control message. */
655 ftp_lnk = FindUdpTcpOut(la, la->true_addr, GetDestAddress(lnk),
656 htons(la->true_port), 0, IPPROTO_TCP, 1);
658 if (ftp_lnk != NULL) {
659 int slen, hlen, tlen, dlen;
663 /* Punch hole in firewall */
664 PunchFWHole(ftp_lnk);
667 /* Calculate data length of TCP packet */
668 tc = (struct tcphdr *)ip_next(pip);
669 hlen = (pip->ip_hl + tc->th_off) << 2;
670 tlen = ntohs(pip->ip_len);
673 /* Create new FTP message. */
675 char stemp[MAX_MESSAGE_SIZE + 1];
679 int a1, a2, a3, a4, p1, p2;
680 struct in_addr alias_address;
682 /* Decompose alias address into quad format */
683 alias_address = GetAliasAddress(lnk);
684 ptr = (u_char *) & alias_address.s_addr;
690 alias_port = GetAliasPort(ftp_lnk);
692 switch (ftp_message_type) {
693 case FTP_PORT_COMMAND:
695 /* Decompose alias port into pair format. */
696 ptr = (char *)&alias_port;
700 if (ftp_message_type == FTP_PORT_COMMAND) {
701 /* Generate PORT command string. */
702 sprintf(stemp, "PORT %d,%d,%d,%d,%d,%d\r\n",
703 a1, a2, a3, a4, p1, p2);
705 /* Generate 227 reply string. */
707 "227 Entering Passive Mode (%d,%d,%d,%d,%d,%d)\r\n",
708 a1, a2, a3, a4, p1, p2);
711 case FTP_EPRT_COMMAND:
712 /* Generate EPRT command string. */
713 sprintf(stemp, "EPRT |1|%d.%d.%d.%d|%d|\r\n",
714 a1, a2, a3, a4, ntohs(alias_port));
717 /* Generate 229 reply string. */
718 sprintf(stemp, "229 Entering Extended Passive Mode (|||%d|)\r\n",
723 /* Save string length for IP header modification */
724 slen = strlen(stemp);
726 /* Copy modified buffer into IP packet. */
729 strncpy(sptr, stemp, maxpacketsize - hlen);
732 /* Save information regarding modified seq and ack numbers */
737 delta = GetDeltaSeqOut(pip, lnk);
738 AddSeq(pip, lnk, delta + slen - dlen);
741 /* Revise IP header */
745 new_len = htons(hlen + slen);
746 DifferentialChecksum(&pip->ip_sum,
750 pip->ip_len = new_len;
753 /* Compute TCP checksum for revised packet */
758 tc->th_sum = TcpChecksum(pip);
761 #ifdef LIBALIAS_DEBUG
763 "PacketAlias/HandleFtpOut: Cannot allocate FTP data port\n");
projects / FreeBSD / FreeBSD.git / blob