2 * SPDX-License-Identifier: BSD-2-Clause-FreeBSD
4 * Copyright (c) 2001 Charles Mott <cm@linktel.net>
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
16 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
17 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
18 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
19 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
20 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
21 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
22 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
23 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
24 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
25 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
29 #include <sys/cdefs.h>
30 __FBSDID("$FreeBSD$");
33 Alias_ftp.c performs special processing for FTP sessions under
34 TCP. Specifically, when a PORT/EPRT command from the client
35 side or 227/229 reply from the server is sent, it is intercepted
36 and modified. The address is changed to the gateway machine
37 and an aliasing port is used.
39 For this routine to work, the message must fit entirely into a
40 single TCP packet. This is typically the case, but exceptions
41 can easily be envisioned under the actual specifications.
43 Probably the most troubling aspect of the approach taken here is
44 that the new message will typically be a different length, and
45 this causes a certain amount of bookkeeping to keep track of the
46 changes of sequence and acknowledgment numbers, since the client
47 machine is totally unaware of the modification to the TCP stream.
50 References: RFC 959, RFC 2428.
52 Initial version: August, 1996 (cjm)
55 Brian Somers and Martin Renters identified an IP checksum
56 error for modified IP packets.
58 Version 1.7: January 9, 1996 (cjm)
59 Differential checksum computation for change
62 Version 2.1: May, 1997 (cjm)
63 Very minor changes to conform with
64 local/global/function naming conventions
65 within the packet aliasing module.
67 Version 3.1: May, 2000 (eds)
68 Add support for passive mode, alias the 227 replies.
70 See HISTORY file for record of revisions.
75 #include <sys/param.h>
76 #include <sys/ctype.h>
77 #include <sys/systm.h>
78 #include <sys/kernel.h>
79 #include <sys/module.h>
83 #include <sys/types.h>
88 #include <netinet/in_systm.h>
89 #include <netinet/in.h>
90 #include <netinet/ip.h>
91 #include <netinet/tcp.h>
94 #include <netinet/libalias/alias.h>
95 #include <netinet/libalias/alias_local.h>
96 #include <netinet/libalias/alias_mod.h>
98 #include "alias_local.h"
99 #include "alias_mod.h"
102 #define FTP_CONTROL_PORT_NUMBER 21
105 AliasHandleFtpOut(struct libalias *, struct ip *, struct alias_link *,
108 AliasHandleFtpIn(struct libalias *, struct ip *, struct alias_link *);
111 fingerprint_out(struct libalias *la, struct alias_data *ah)
114 if (ah->dport == NULL || ah->sport == NULL || ah->lnk == NULL ||
117 if (ntohs(*ah->dport) == FTP_CONTROL_PORT_NUMBER ||
118 ntohs(*ah->sport) == FTP_CONTROL_PORT_NUMBER)
124 fingerprint_in(struct libalias *la, struct alias_data *ah)
127 if (ah->dport == NULL || ah->sport == NULL || ah->lnk == NULL)
129 if (ntohs(*ah->dport) == FTP_CONTROL_PORT_NUMBER ||
130 ntohs(*ah->sport) == FTP_CONTROL_PORT_NUMBER)
136 protohandler_out(struct libalias *la, struct ip *pip, struct alias_data *ah)
139 AliasHandleFtpOut(la, pip, ah->lnk, ah->maxpktsize);
145 protohandler_in(struct libalias *la, struct ip *pip, struct alias_data *ah)
148 AliasHandleFtpIn(la, pip, ah->lnk);
152 struct proto_handler handlers[] = {
157 .fingerprint = &fingerprint_out,
158 .protohandler = &protohandler_out
164 .fingerprint = &fingerprint_in,
165 .protohandler = &protohandler_in
171 mod_handler(module_t mod, int type, void *data)
178 LibAliasAttachHandlers(handlers);
182 LibAliasDetachHandlers(handlers);
193 moduledata_t alias_mod = {
194 "alias_ftp", mod_handler, NULL
198 DECLARE_MODULE(alias_ftp, alias_mod, SI_SUB_DRIVERS, SI_ORDER_SECOND);
199 MODULE_VERSION(alias_ftp, 1);
200 MODULE_DEPEND(alias_ftp, libalias, 1, 1, 1);
203 #define FTP_CONTROL_PORT_NUMBER 21
204 #define MAX_MESSAGE_SIZE 128
206 /* FTP protocol flags. */
207 #define WAIT_CRLF 0x01
209 enum ftp_message_type {
217 static int ParseFtpPortCommand(struct libalias *la, char *, int);
218 static int ParseFtpEprtCommand(struct libalias *la, char *, int);
219 static int ParseFtp227Reply(struct libalias *la, char *, int);
220 static int ParseFtp229Reply(struct libalias *la, char *, int);
221 static void NewFtpMessage(struct libalias *la, struct ip *, struct alias_link *, int, int);
226 struct ip *pip, /* IP packet to examine/patch */
227 struct alias_link *lnk, /* The link to go through (aliased port) */
228 int maxpacketsize /* The maximum size this packet can grow to
229 (including headers) */ )
231 int hlen, tlen, dlen, pflags;
234 int ftp_message_type;
236 /* Calculate data length of TCP packet */
237 tc = (struct tcphdr *)ip_next(pip);
238 hlen = (pip->ip_hl + tc->th_off) << 2;
239 tlen = ntohs(pip->ip_len);
242 /* Place string pointer and beginning of data */
247 * Check that data length is not too long and previous message was
248 * properly terminated with CRLF.
250 pflags = GetProtocolFlags(lnk);
251 if (dlen <= MAX_MESSAGE_SIZE && !(pflags & WAIT_CRLF)) {
252 ftp_message_type = FTP_UNKNOWN_MESSAGE;
254 if (ntohs(tc->th_dport) == FTP_CONTROL_PORT_NUMBER) {
256 * When aliasing a client, check for the PORT/EPRT command.
258 if (ParseFtpPortCommand(la, sptr, dlen))
259 ftp_message_type = FTP_PORT_COMMAND;
260 else if (ParseFtpEprtCommand(la, sptr, dlen))
261 ftp_message_type = FTP_EPRT_COMMAND;
264 * When aliasing a server, check for the 227/229 reply.
266 if (ParseFtp227Reply(la, sptr, dlen))
267 ftp_message_type = FTP_227_REPLY;
268 else if (ParseFtp229Reply(la, sptr, dlen)) {
269 ftp_message_type = FTP_229_REPLY;
270 la->true_addr.s_addr = pip->ip_src.s_addr;
274 if (ftp_message_type != FTP_UNKNOWN_MESSAGE)
275 NewFtpMessage(la, pip, lnk, maxpacketsize, ftp_message_type);
277 /* Track the msgs which are CRLF term'd for PORT/PASV FW breach */
279 if (dlen) { /* only if there's data */
280 sptr = (char *)pip; /* start over at beginning */
281 tlen = ntohs(pip->ip_len); /* recalc tlen, pkt may
283 if (sptr[tlen - 2] == '\r' && sptr[tlen - 1] == '\n')
284 pflags &= ~WAIT_CRLF;
287 SetProtocolFlags(lnk, pflags);
292 AliasHandleFtpIn(struct libalias *la,
293 struct ip *pip, /* IP packet to examine/patch */
294 struct alias_link *lnk) /* The link to go through (aliased port) */
296 int hlen, tlen, dlen, pflags;
300 /* Calculate data length of TCP packet */
301 tc = (struct tcphdr *)ip_next(pip);
302 hlen = (pip->ip_hl + tc->th_off) << 2;
303 tlen = ntohs(pip->ip_len);
306 /* Place string pointer and beginning of data */
311 * Check that data length is not too long and previous message was
312 * properly terminated with CRLF.
314 pflags = GetProtocolFlags(lnk);
315 if (dlen <= MAX_MESSAGE_SIZE && (pflags & WAIT_CRLF) == 0 &&
316 ntohs(tc->th_dport) == FTP_CONTROL_PORT_NUMBER &&
317 (ParseFtpPortCommand(la, sptr, dlen) != 0 ||
318 ParseFtpEprtCommand(la, sptr, dlen) != 0)) {
320 * Alias active mode client requesting data from server
321 * behind NAT. We need to alias server->client connection
322 * to external address client is connecting to.
324 AddLink(la, GetOriginalAddress(lnk), la->true_addr,
325 GetAliasAddress(lnk), htons(FTP_CONTROL_PORT_NUMBER - 1),
326 htons(la->true_port), GET_ALIAS_PORT, IPPROTO_TCP);
328 /* Track the msgs which are CRLF term'd for PORT/PASV FW breach */
330 sptr = (char *)pip; /* start over at beginning */
331 tlen = ntohs(pip->ip_len); /* recalc tlen, pkt may
334 if (sptr[tlen - 2] == '\r' && sptr[tlen - 1] == '\n')
335 pflags &= ~WAIT_CRLF;
338 SetProtocolFlags(lnk, pflags);
343 ParseFtpPortCommand(struct libalias *la, char *sptr, int dlen)
351 /* Format: "PORT A,D,D,R,PO,RT". */
353 /* Return if data length is too short. */
357 if (strncasecmp("PORT ", sptr, 5))
360 addr = port = octet = 0;
362 for (i = 5; i < dlen; i++) {
387 octet = 10 * octet + ch - '0';
388 else if (ch == ',') {
389 addr = (addr << 8) + octet;
397 octet = 10 * octet + ch - '0';
398 else if (ch == ',' || state == 12) {
399 port = (port << 8) + octet;
408 la->true_addr.s_addr = htonl(addr);
409 la->true_port = port;
416 ParseFtpEprtCommand(struct libalias *la, char *sptr, int dlen)
424 /* Format: "EPRT |1|A.D.D.R|PORT|". */
426 /* Return if data length is too short. */
430 if (strncasecmp("EPRT ", sptr, 5))
433 addr = port = octet = 0;
434 delim = '|'; /* XXX gcc -Wuninitialized */
436 for (i = 5; i < dlen; i++) {
446 if (ch == '1') /* IPv4 address */
472 octet = 10 * octet + ch - '0';
473 else if (ch == '.' || state == 10) {
474 addr = (addr << 8) + octet;
488 port = 10 * port + ch - '0';
489 else if (ch == delim)
498 la->true_addr.s_addr = htonl(addr);
499 la->true_port = port;
506 ParseFtp227Reply(struct libalias *la, char *sptr, int dlen)
514 /* Format: "227 Entering Passive Mode (A,D,D,R,PO,RT)" */
516 /* Return if data length is too short. */
520 if (strncmp("227 ", sptr, 4))
523 addr = port = octet = 0;
526 for (i = 4; i < dlen; i++) {
550 octet = 10 * octet + ch - '0';
551 else if (ch == ',') {
552 addr = (addr << 8) + octet;
560 octet = 10 * octet + ch - '0';
561 else if (ch == ',' || (state == 12 && ch == ')')) {
562 port = (port << 8) + octet;
571 la->true_port = port;
572 la->true_addr.s_addr = htonl(addr);
579 ParseFtp229Reply(struct libalias *la, char *sptr, int dlen)
585 /* Format: "229 Entering Extended Passive Mode (|||PORT|)" */
587 /* Return if data length is too short. */
591 if (strncmp("229 ", sptr, 4))
595 delim = '|'; /* XXX gcc -Wuninitialized */
598 for (i = 4; i < dlen; i++) {
625 port = 10 * port + ch - '0';
626 else if (ch == delim)
641 la->true_port = port;
648 NewFtpMessage(struct libalias *la, struct ip *pip,
649 struct alias_link *lnk,
651 int ftp_message_type)
653 struct alias_link *ftp_lnk;
655 /* Security checks. */
656 if (pip->ip_src.s_addr != la->true_addr.s_addr)
659 if (la->true_port < IPPORT_RESERVED)
662 /* Establish link to address and port found in FTP control message. */
663 ftp_lnk = AddLink(la, la->true_addr, GetDestAddress(lnk),
664 GetAliasAddress(lnk), htons(la->true_port), 0, GET_ALIAS_PORT,
667 if (ftp_lnk != NULL) {
668 int slen, hlen, tlen, dlen;
672 /* Punch hole in firewall */
673 PunchFWHole(ftp_lnk);
676 /* Calculate data length of TCP packet */
677 tc = (struct tcphdr *)ip_next(pip);
678 hlen = (pip->ip_hl + tc->th_off) << 2;
679 tlen = ntohs(pip->ip_len);
682 /* Create new FTP message. */
684 char stemp[MAX_MESSAGE_SIZE + 1];
688 int a1, a2, a3, a4, p1, p2;
689 struct in_addr alias_address;
691 /* Decompose alias address into quad format */
692 alias_address = GetAliasAddress(lnk);
693 ptr = (u_char *) & alias_address.s_addr;
699 alias_port = GetAliasPort(ftp_lnk);
701 /* Prepare new command */
702 switch (ftp_message_type) {
703 case FTP_PORT_COMMAND:
705 /* Decompose alias port into pair format. */
706 ptr = (char *)&alias_port;
710 if (ftp_message_type == FTP_PORT_COMMAND) {
711 /* Generate PORT command string. */
712 sprintf(stemp, "PORT %d,%d,%d,%d,%d,%d\r\n",
713 a1, a2, a3, a4, p1, p2);
715 /* Generate 227 reply string. */
717 "227 Entering Passive Mode (%d,%d,%d,%d,%d,%d)\r\n",
718 a1, a2, a3, a4, p1, p2);
721 case FTP_EPRT_COMMAND:
722 /* Generate EPRT command string. */
723 sprintf(stemp, "EPRT |1|%d.%d.%d.%d|%d|\r\n",
724 a1, a2, a3, a4, ntohs(alias_port));
727 /* Generate 229 reply string. */
728 sprintf(stemp, "229 Entering Extended Passive Mode (|||%d|)\r\n",
733 /* Save string length for IP header modification */
734 slen = strlen(stemp);
736 /* Copy modified buffer into IP packet. */
739 strncpy(sptr, stemp, maxpacketsize - hlen);
742 /* Save information regarding modified seq and ack numbers */
747 tc = (struct tcphdr *)ip_next(pip);
748 delta = GetDeltaSeqOut(tc->th_seq, lnk);
749 AddSeq(lnk, delta + slen - dlen, pip->ip_hl,
750 pip->ip_len, tc->th_seq, tc->th_off);
753 /* Revise IP header */
757 new_len = htons(hlen +
758 MIN(slen, maxpacketsize - hlen));
759 DifferentialChecksum(&pip->ip_sum,
763 pip->ip_len = new_len;
766 /* Compute TCP checksum for revised packet */
771 tc->th_sum = TcpChecksum(pip);
774 #ifdef LIBALIAS_DEBUG
776 "PacketAlias/HandleFtpOut: Cannot allocate FTP data port\n");
projects / FreeBSD / FreeBSD.git / blob