2 * Copyright (c) 2001 Charles Mott <cm@linktel.net>
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in the
12 * documentation and/or other materials provided with the distribution.
14 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
15 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
16 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
17 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
18 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
19 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
20 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
21 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
22 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
23 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
27 #include <sys/cdefs.h>
28 __FBSDID("$FreeBSD$");
30 /* Alias_irc.c intercepts packages contain IRC CTCP commands, and
31 changes DCC commands to export a port on the aliasing host instead
34 For this routine to work, the DCC command must fit entirely into a
35 single TCP packet. This will usually happen, but is not
38 The interception is likely to change the length of the packet.
39 The handling of this is copied more-or-less verbatim from
42 Initial version: Eivind Eklund <perhaps@yes.no> (ee) 97-01-29
44 Version 2.1: May, 1997 (cjm)
45 Very minor changes to conform with
46 local/global/function naming conventions
47 withing the packet alising module.
52 #include <sys/param.h>
53 #include <sys/libkern.h>
54 #include <sys/ctype.h>
55 #include <sys/limits.h>
57 #include <sys/types.h>
64 #include <netinet/in_systm.h>
65 #include <netinet/in.h>
66 #include <netinet/ip.h>
67 #include <netinet/tcp.h>
70 #include <netinet/libalias/alias.h>
71 #include <netinet/libalias/alias_local.h>
73 #include "alias_local.h"
81 AliasHandleIrcOut(struct libalias *la,
82 struct ip *pip, /* IP packet to examine */
83 struct alias_link *lnk, /* Which link are we on? */
84 int maxsize /* Maximum size of IP packet including
89 struct in_addr true_addr;
93 int i; /* Iterator through the source */
95 /* Calculate data length of TCP packet */
96 tc = (struct tcphdr *)ip_next(pip);
97 hlen = (pip->ip_hl + tc->th_off) << 2;
98 tlen = ntohs(pip->ip_len);
102 * Return if data length is too short - assume an entire PRIVMSG in
105 if (dlen < (int)sizeof(":A!a@n.n PRIVMSG A :aDCC 1 1a") - 1)
108 /* Place string pointer at beginning of data */
111 maxsize -= hlen; /* We're interested in maximum size of
112 * data, not packet */
114 /* Search for a CTCP command [Note 1] */
115 for (i = 0; i < dlen; i++) {
116 if (sptr[i] == '\001')
119 return; /* No CTCP commands in */
120 /* Handle CTCP commands - the buffer may have to be copied */
123 char newpacket[65536]; /* Estimate of maximum packet size
125 unsigned int copyat = i; /* Same */
126 unsigned int iCopy = 0; /* How much data have we written to
127 * copy-back string? */
128 unsigned long org_addr; /* Original IP address */
129 unsigned short org_port; /* Original source port
133 if (i >= dlen || iCopy >= sizeof(newpacket))
135 newpacket[iCopy++] = sptr[i++]; /* Copy the CTCP start
137 /* Start of a CTCP */
138 if (i + 4 >= dlen) /* Too short for DCC */
140 if (sptr[i + 0] != 'D')
142 if (sptr[i + 1] != 'C')
144 if (sptr[i + 2] != 'C')
146 if (sptr[i + 3] != ' ')
148 /* We have a DCC command - handle it! */
149 i += 4; /* Skip "DCC " */
150 if (iCopy + 4 > sizeof(newpacket))
152 newpacket[iCopy++] = 'D';
153 newpacket[iCopy++] = 'C';
154 newpacket[iCopy++] = 'C';
155 newpacket[iCopy++] = ' ';
157 DBprintf(("Found DCC\n"));
159 * Skip any extra spaces (should not occur according to
160 * protocol, but DCC breaks CTCP protocol anyway
162 while (sptr[i] == ' ') {
164 DBprintf(("DCC packet terminated in just spaces\n"));
169 DBprintf(("Transferring command...\n"));
170 while (sptr[i] != ' ') {
171 newpacket[iCopy++] = sptr[i];
172 if (++i >= dlen || iCopy >= sizeof(newpacket)) {
173 DBprintf(("DCC packet terminated during command\n"));
177 /* Copy _one_ space */
178 if (i + 1 < dlen && iCopy < sizeof(newpacket))
179 newpacket[iCopy++] = sptr[i++];
181 DBprintf(("Done command - removing spaces\n"));
183 * Skip any extra spaces (should not occur according to
184 * protocol, but DCC breaks CTCP protocol anyway
186 while (sptr[i] == ' ') {
188 DBprintf(("DCC packet terminated in just spaces (post-command)\n"));
193 DBprintf(("Transferring filename...\n"));
194 while (sptr[i] != ' ') {
195 newpacket[iCopy++] = sptr[i];
196 if (++i >= dlen || iCopy >= sizeof(newpacket)) {
197 DBprintf(("DCC packet terminated during filename\n"));
201 /* Copy _one_ space */
202 if (i + 1 < dlen && iCopy < sizeof(newpacket))
203 newpacket[iCopy++] = sptr[i++];
205 DBprintf(("Done filename - removing spaces\n"));
207 * Skip any extra spaces (should not occur according to
208 * protocol, but DCC breaks CTCP protocol anyway
210 while (sptr[i] == ' ') {
212 DBprintf(("DCC packet terminated in just spaces (post-filename)\n"));
217 DBprintf(("Fetching IP address\n"));
218 /* Fetch IP address */
220 while (i < dlen && isdigit(sptr[i])) {
221 if (org_addr > ULONG_MAX / 10UL) { /* Terminate on overflow */
222 DBprintf(("DCC Address overflow (org_addr == 0x%08lx, next char %c\n", org_addr, sptr[i]));
226 org_addr += sptr[i++] - '0';
228 DBprintf(("Skipping space\n"));
229 if (i + 1 >= dlen || sptr[i] != ' ') {
230 DBprintf(("Overflow (%d >= %d) or bad character (%02x) terminating IP address\n", i + 1, dlen, sptr[i]));
234 * Skip any extra spaces (should not occur according to
235 * protocol, but DCC breaks CTCP protocol anyway, so we
236 * might as well play it safe
238 while (sptr[i] == ' ') {
240 DBprintf(("Packet failure - space overflow.\n"));
244 DBprintf(("Fetching port number\n"));
245 /* Fetch source port */
247 while (i < dlen && isdigit(sptr[i])) {
248 if (org_port > 6554) { /* Terminate on overflow
249 * (65536/10 rounded up */
250 DBprintf(("DCC: port number overflow\n"));
254 org_port += sptr[i++] - '0';
256 /* Skip illegal addresses (or early termination) */
257 if (i >= dlen || (sptr[i] != '\001' && sptr[i] != ' ')) {
258 DBprintf(("Bad port termination\n"));
261 DBprintf(("Got IP %lu and port %u\n", org_addr, (unsigned)org_port));
263 /* We've got the address and port - now alias it */
265 struct alias_link *dcc_lnk;
266 struct in_addr destaddr;
269 true_port = htons(org_port);
270 true_addr.s_addr = htonl(org_addr);
273 /* Sanity/Security checking */
274 if (!org_addr || !org_port ||
275 pip->ip_src.s_addr != true_addr.s_addr ||
276 org_port < IPPORT_RESERVED)
280 * Steal the FTP_DATA_PORT - it doesn't really
281 * matter, and this would probably allow it through
282 * at least _some_ firewalls.
284 dcc_lnk = FindUdpTcpOut(la, true_addr, destaddr,
287 DBprintf(("Got a DCC link\n"));
289 struct in_addr alias_address; /* Address from aliasing */
290 u_short alias_port; /* Port given by
295 /* Generate firewall hole as appropriate */
296 PunchFWHole(dcc_lnk);
299 alias_address = GetAliasAddress(lnk);
300 n = snprintf(&newpacket[iCopy],
301 sizeof(newpacket) - iCopy,
302 "%lu ", (u_long) htonl(alias_address.s_addr));
304 DBprintf(("DCC packet construct failure.\n"));
307 if ((iCopy += n) >= sizeof(newpacket)) { /* Truncated/fit exactly
309 DBprintf(("DCC constructed packet overflow.\n"));
312 alias_port = GetAliasPort(dcc_lnk);
313 n = snprintf(&newpacket[iCopy],
314 sizeof(newpacket) - iCopy,
315 "%u", htons(alias_port));
317 DBprintf(("DCC packet construct failure.\n"));
322 * Done - truncated cases will be taken
323 * care of by lBAD_CTCP
325 DBprintf(("Aliased IP %lu and port %u\n", alias_address.s_addr, (unsigned)alias_port));
329 * An uninteresting CTCP - state entered right after '\001'
330 * has been pushed. Also used to copy the rest of a DCC,
331 * after IP address and port has been handled
334 for (; i < dlen && iCopy < sizeof(newpacket); i++, iCopy++) {
335 newpacket[iCopy] = sptr[i]; /* Copy CTCP unchanged */
336 if (sptr[i] == '\001') {
343 for (; i < dlen && iCopy < sizeof(newpacket); i++, iCopy++) {
344 newpacket[iCopy] = sptr[i]; /* Copy CTCP unchanged */
345 if (sptr[i] == '\001') {
349 /* Handle the end of a packet */
351 iCopy = iCopy > maxsize - copyat ? maxsize - copyat : iCopy;
352 memcpy(sptr + copyat, newpacket, iCopy);
354 /* Save information regarding modified seq and ack numbers */
359 delta = GetDeltaSeqOut(pip, lnk);
360 AddSeq(pip, lnk, delta + copyat + iCopy - dlen);
363 /* Revise IP header */
367 new_len = htons(hlen + iCopy + copyat);
368 DifferentialChecksum(&pip->ip_sum,
372 pip->ip_len = new_len;
375 /* Compute TCP checksum for revised packet */
380 tc->th_sum = TcpChecksum(pip);
388 The initial search will most often fail; it could be replaced with a 32-bit specific search.
389 Such a search would be done for 32-bit unsigned value V:
390 V ^= 0x01010101; (Search is for null bytes)
391 if( ((V-0x01010101)^V) & 0x80808080 ) {
392 (found a null bytes which was a 01 byte)
394 To assert that the processor is 32-bits, do
395 extern int ircdccar[32]; (32 bits)
396 extern int ircdccar[CHAR_BIT*sizeof(unsigned int)];
397 which will generate a type-error on all but 32-bit machines.
399 [Note 2] This routine really ought to be replaced with one that
400 creates a transparent proxy on the aliasing host, to allow arbitary
401 changes in the TCP stream. This should not be too difficult given
402 this base; I (ee) will try to do this some time later.