2 * Copyright (C) 2012 by Darren Reed.
4 * Simple PPTP transparent proxy for in-kernel use. For use with the NAT
10 #define IPF_PPTP_PROXY
17 typedef struct pptp_side {
25 char pptps_buffer[512];
28 typedef struct pptp_pxy {
30 struct ipstate *pptp_state;
32 pptp_side_t pptp_side[2];
36 typedef struct pptp_hdr {
42 #define PPTP_MSGTYPE_CTL 1
43 #define PPTP_MTCTL_STARTREQ 1
44 #define PPTP_MTCTL_STARTREP 2
45 #define PPTP_MTCTL_STOPREQ 3
46 #define PPTP_MTCTL_STOPREP 4
47 #define PPTP_MTCTL_ECHOREQ 5
48 #define PPTP_MTCTL_ECHOREP 6
49 #define PPTP_MTCTL_OUTREQ 7
50 #define PPTP_MTCTL_OUTREP 8
51 #define PPTP_MTCTL_INREQ 9
52 #define PPTP_MTCTL_INREP 10
53 #define PPTP_MTCTL_INCONNECT 11
54 #define PPTP_MTCTL_CLEAR 12
55 #define PPTP_MTCTL_DISCONNECT 13
56 #define PPTP_MTCTL_WANERROR 14
57 #define PPTP_MTCTL_LINKINFO 15
60 void ipf_p_pptp_main_load __P((void));
61 void ipf_p_pptp_main_unload __P((void));
62 int ipf_p_pptp_new __P((void *, fr_info_t *, ap_session_t *, nat_t *));
63 void ipf_p_pptp_del __P((ipf_main_softc_t *, ap_session_t *));
64 int ipf_p_pptp_inout __P((void *, fr_info_t *, ap_session_t *, nat_t *));
65 void ipf_p_pptp_donatstate __P((fr_info_t *, nat_t *, pptp_pxy_t *));
66 int ipf_p_pptp_message __P((fr_info_t *, nat_t *, pptp_pxy_t *, pptp_side_t *));
67 int ipf_p_pptp_nextmessage __P((fr_info_t *, nat_t *, pptp_pxy_t *, int));
68 int ipf_p_pptp_mctl __P((fr_info_t *, nat_t *, pptp_pxy_t *, pptp_side_t *));
70 static frentry_t pptpfr;
72 static int pptp_proxy_init = 0;
73 static int ipf_p_pptp_debug = 0;
74 static int ipf_p_pptp_gretimeout = IPF_TTLVAL(120); /* 2 minutes */
78 * PPTP application proxy initialization.
81 ipf_p_pptp_main_load()
83 bzero((char *)&pptpfr, sizeof(pptpfr));
85 pptpfr.fr_age[0] = ipf_p_pptp_gretimeout;
86 pptpfr.fr_age[1] = ipf_p_pptp_gretimeout;
87 pptpfr.fr_flags = FR_OUTQUE|FR_PASS|FR_QUICK|FR_KEEPSTATE;
88 MUTEX_INIT(&pptpfr.fr_lock, "PPTP proxy rule lock");
94 ipf_p_pptp_main_unload()
96 if (pptp_proxy_init == 1) {
97 MUTEX_DESTROY(&pptpfr.fr_lock);
104 * Setup for a new PPTP proxy.
106 * NOTE: The printf's are broken up with %s in them to prevent them being
107 * optimised into puts statements on FreeBSD (this doesn't exist in the kernel)
110 ipf_p_pptp_new(arg, fin, aps, nat)
129 if (ipf_nat_outlookup(fin, 0, IPPROTO_GRE, nat->nat_osrcip,
130 ip->ip_dst) != NULL) {
131 if (ipf_p_pptp_debug > 0)
132 printf("ipf_p_pptp_new: GRE session already exists\n");
136 KMALLOC(pptp, pptp_pxy_t *);
138 if (ipf_p_pptp_debug > 0)
139 printf("ipf_p_pptp_new: malloc for aps_data failed\n");
142 KMALLOCS(ipn, ipnat_t *, size);
148 aps->aps_data = pptp;
149 aps->aps_psiz = sizeof(*pptp);
150 bzero((char *)pptp, sizeof(*pptp));
151 bzero((char *)ipn, size);
152 pptp->pptp_rule = ipn;
155 * Create NAT rule against which the tunnel/transport mapping is
156 * created. This is required because the current NAT rule does not
157 * describe GRE but TCP instead.
160 ipn->in_ifps[0] = fin->fin_ifp;
165 ipn->in_snip = ntohl(nat->nat_nsrcaddr);
166 ipn->in_nsrcaddr = fin->fin_saddr;
167 ipn->in_dnip = ntohl(nat->nat_ndstaddr);
168 ipn->in_ndstaddr = nat->nat_ndstaddr;
169 ipn->in_redir = np->in_redir;
170 ipn->in_osrcaddr = nat->nat_osrcaddr;
171 ipn->in_odstaddr = nat->nat_odstaddr;
172 ipn->in_osrcmsk = 0xffffffff;
173 ipn->in_nsrcmsk = 0xffffffff;
174 ipn->in_odstmsk = 0xffffffff;
175 ipn->in_ndstmsk = 0xffffffff;
176 ipn->in_flags = (np->in_flags | IPN_PROXYRULE);
177 MUTEX_INIT(&ipn->in_lock, "pptp proxy NAT rule");
179 ipn->in_namelen = np->in_namelen;
180 bcopy(np->in_names, ipn->in_ifnames, ipn->in_namelen);
181 ipn->in_ifnames[0] = np->in_ifnames[0];
182 ipn->in_ifnames[1] = np->in_ifnames[1];
184 ipn->in_pr[0] = IPPROTO_GRE;
185 ipn->in_pr[1] = IPPROTO_GRE;
187 pptp->pptp_side[0].pptps_wptr = pptp->pptp_side[0].pptps_buffer;
188 pptp->pptp_side[1].pptps_wptr = pptp->pptp_side[1].pptps_buffer;
194 ipf_p_pptp_donatstate(fin, nat, pptp)
199 ipf_main_softc_t *softc = fin->fin_main_soft;
209 nat2 = pptp->pptp_nat;
210 if ((nat2 == NULL) || (pptp->pptp_state == NULL)) {
211 bcopy((char *)fin, (char *)&fi, sizeof(fi));
212 bzero((char *)&gre, sizeof(gre));
213 fi.fin_fi.fi_p = IPPROTO_GRE;
215 if ((nat->nat_dir == NAT_OUTBOUND && fin->fin_out) ||
216 (nat->nat_dir == NAT_INBOUND && !fin->fin_out)) {
217 fi.fin_data[0] = pptp->pptp_call[0];
218 fi.fin_data[1] = pptp->pptp_call[1];
220 fi.fin_data[0] = pptp->pptp_call[1];
221 fi.fin_data[1] = pptp->pptp_call[0];
224 ip->ip_p = IPPROTO_GRE;
225 fi.fin_flx &= ~(FI_TCPUDP|FI_STATE|FI_FRAG);
226 fi.fin_flx |= FI_IGNORE;
228 gre.gr_flags = htons(1 << 13);
230 fi.fin_fi.fi_saddr = nat->nat_osrcaddr;
231 fi.fin_fi.fi_daddr = nat->nat_odstaddr;
235 * Update NAT timeout/create NAT if missing.
238 ipf_queueback(softc->ipf_ticks, &nat2->nat_tqe);
241 ipf_nat_softc_t *softn = softc->ipf_nat_soft;
244 MUTEX_ENTER(&softn->ipf_nat_new);
245 nat2 = ipf_nat_add(&fi, pptp->pptp_rule, &pptp->pptp_nat,
246 NAT_SLAVE, nat->nat_dir);
247 MUTEX_EXIT(&softn->ipf_nat_new);
249 (void) ipf_nat_proto(&fi, nat2, 0);
250 MUTEX_ENTER(&nat2->nat_lock);
251 ipf_nat_update(&fi, nat2);
252 MUTEX_EXIT(&nat2->nat_lock);
256 READ_ENTER(&softc->ipf_state);
257 if (pptp->pptp_state != NULL) {
258 ipf_queueback(softc->ipf_ticks, &pptp->pptp_state->is_sti);
259 RWLOCK_EXIT(&softc->ipf_state);
261 RWLOCK_EXIT(&softc->ipf_state);
263 if (nat->nat_dir == NAT_INBOUND)
264 fi.fin_fi.fi_daddr = nat2->nat_ndstaddr;
266 fi.fin_fi.fi_saddr = nat2->nat_osrcaddr;
269 (void) ipf_state_add(softc, &fi, &pptp->pptp_state, 0);
277 * Try and build up the next PPTP message in the TCP stream and if we can
278 * build it up completely (fits in our buffer) then pass it off to the message
282 ipf_p_pptp_nextmessage(fin, nat, pptp, rev)
288 static const char *funcname = "ipf_p_pptp_nextmessage";
298 dlen = fin->fin_dlen - (TCP_OFF(tcp) << 2);
299 start = ntohl(tcp->th_seq);
300 pptps = &pptp->pptp_side[rev];
301 off = (char *)tcp - (char *)fin->fin_ip + (TCP_OFF(tcp) << 2) +
307 * If the complete data packet is before what we expect to see
308 * "next", just ignore it as the chances are we've already seen it.
309 * The next if statement following this one really just causes packets
310 * ahead of what we've seen to be dropped, implying that something in
311 * the middle went missing and we want to see that first.
314 if (pptps->pptps_next > end && pptps->pptps_next > start)
317 if (pptps->pptps_next != start) {
318 if (ipf_p_pptp_debug > 5)
319 printf("%s: next (%x) != start (%x)\n", funcname,
320 pptps->pptps_next, start);
324 msg = (char *)fin->fin_dp + (TCP_OFF(tcp) << 2);
327 off += pptps->pptps_bytes;
328 if (pptps->pptps_gothdr == 0) {
330 * PPTP has an 8 byte header that inclues the cookie.
331 * The start of every message should include one and
332 * it should match 1a2b3c4d. Byte order is ignored,
333 * deliberately, when printing out the error.
335 len = MIN(8 - pptps->pptps_bytes, dlen);
336 COPYDATA(fin->fin_m, off, len, pptps->pptps_wptr);
337 pptps->pptps_bytes += len;
338 pptps->pptps_wptr += len;
339 hdr = (pptp_hdr_t *)pptps->pptps_buffer;
340 if (pptps->pptps_bytes == 8) {
341 pptps->pptps_next += 8;
342 if (ntohl(hdr->pptph_cookie) != 0x1a2b3c4d) {
343 if (ipf_p_pptp_debug > 1)
344 printf("%s: bad cookie (%x)\n",
354 pptps->pptps_gothdr = 1;
355 len = ntohs(hdr->pptph_len);
356 pptps->pptps_len = len;
357 pptps->pptps_nexthdr += len;
360 * If a message is too big for the buffer, just set
361 * the fields for the next message to come along.
362 * The messages defined in RFC 2637 will not exceed
363 * 512 bytes (in total length) so this is likely a
364 * bad data packet, anyway.
366 if (len > sizeof(pptps->pptps_buffer)) {
367 if (ipf_p_pptp_debug > 3)
368 printf("%s: message too big (%d)\n",
370 pptps->pptps_next = pptps->pptps_nexthdr;
371 pptps->pptps_wptr = pptps->pptps_buffer;
372 pptps->pptps_gothdr = 0;
373 pptps->pptps_bytes = 0;
374 pptps->pptps_len = 0;
379 len = MIN(pptps->pptps_len - pptps->pptps_bytes, dlen);
380 COPYDATA(fin->fin_m, off, len, pptps->pptps_wptr);
381 pptps->pptps_bytes += len;
382 pptps->pptps_wptr += len;
383 pptps->pptps_next += len;
385 if (pptps->pptps_len > pptps->pptps_bytes)
388 ipf_p_pptp_message(fin, nat, pptp, pptps);
389 pptps->pptps_wptr = pptps->pptps_buffer;
390 pptps->pptps_gothdr = 0;
391 pptps->pptps_bytes = 0;
392 pptps->pptps_len = 0;
404 * handle a complete PPTP message
407 ipf_p_pptp_message(fin, nat, pptp, pptps)
413 pptp_hdr_t *hdr = (pptp_hdr_t *)pptps->pptps_buffer;
415 switch (ntohs(hdr->pptph_type))
417 case PPTP_MSGTYPE_CTL :
418 ipf_p_pptp_mctl(fin, nat, pptp, pptps);
429 * handle a complete PPTP control message
432 ipf_p_pptp_mctl(fin, nat, pptp, pptps)
438 u_short *buffer = (u_short *)(pptps->pptps_buffer);
441 if (pptps == &pptp->pptp_side[0])
442 pptpo = &pptp->pptp_side[1];
444 pptpo = &pptp->pptp_side[0];
447 * Breakout to handle all the various messages. Most are just state
450 switch (ntohs(buffer[4]))
452 case PPTP_MTCTL_STARTREQ :
453 pptps->pptps_state = PPTP_MTCTL_STARTREQ;
455 case PPTP_MTCTL_STARTREP :
456 if (pptpo->pptps_state == PPTP_MTCTL_STARTREQ)
457 pptps->pptps_state = PPTP_MTCTL_STARTREP;
459 case PPTP_MTCTL_STOPREQ :
460 pptps->pptps_state = PPTP_MTCTL_STOPREQ;
462 case PPTP_MTCTL_STOPREP :
463 if (pptpo->pptps_state == PPTP_MTCTL_STOPREQ)
464 pptps->pptps_state = PPTP_MTCTL_STOPREP;
466 case PPTP_MTCTL_ECHOREQ :
467 pptps->pptps_state = PPTP_MTCTL_ECHOREQ;
469 case PPTP_MTCTL_ECHOREP :
470 if (pptpo->pptps_state == PPTP_MTCTL_ECHOREQ)
471 pptps->pptps_state = PPTP_MTCTL_ECHOREP;
473 case PPTP_MTCTL_OUTREQ :
474 pptps->pptps_state = PPTP_MTCTL_OUTREQ;
476 case PPTP_MTCTL_OUTREP :
477 if (pptpo->pptps_state == PPTP_MTCTL_OUTREQ) {
478 pptps->pptps_state = PPTP_MTCTL_OUTREP;
479 pptp->pptp_call[0] = buffer[7];
480 pptp->pptp_call[1] = buffer[6];
481 ipf_p_pptp_donatstate(fin, nat, pptp);
484 case PPTP_MTCTL_INREQ :
485 pptps->pptps_state = PPTP_MTCTL_INREQ;
487 case PPTP_MTCTL_INREP :
488 if (pptpo->pptps_state == PPTP_MTCTL_INREQ) {
489 pptps->pptps_state = PPTP_MTCTL_INREP;
490 pptp->pptp_call[0] = buffer[7];
491 pptp->pptp_call[1] = buffer[6];
492 ipf_p_pptp_donatstate(fin, nat, pptp);
495 case PPTP_MTCTL_INCONNECT :
496 pptps->pptps_state = PPTP_MTCTL_INCONNECT;
498 case PPTP_MTCTL_CLEAR :
499 pptps->pptps_state = PPTP_MTCTL_CLEAR;
501 case PPTP_MTCTL_DISCONNECT :
502 pptps->pptps_state = PPTP_MTCTL_DISCONNECT;
504 case PPTP_MTCTL_WANERROR :
505 pptps->pptps_state = PPTP_MTCTL_WANERROR;
507 case PPTP_MTCTL_LINKINFO :
508 pptps->pptps_state = PPTP_MTCTL_LINKINFO;
517 * For outgoing PPTP packets. refresh timeouts for NAT & state entries, if
518 * we can. If they have disappeared, recreate them.
521 ipf_p_pptp_inout(arg, fin, aps, nat)
531 if ((fin->fin_out == 1) && (nat->nat_dir == NAT_INBOUND))
533 else if ((fin->fin_out == 0) && (nat->nat_dir == NAT_OUTBOUND))
538 tcp = (tcphdr_t *)fin->fin_dp;
539 if ((tcp->th_flags & TH_OPENING) == TH_OPENING) {
540 pptp = (pptp_pxy_t *)aps->aps_data;
541 pptp->pptp_side[1 - rev].pptps_next = ntohl(tcp->th_ack);
542 pptp->pptp_side[1 - rev].pptps_nexthdr = ntohl(tcp->th_ack);
543 pptp->pptp_side[rev].pptps_next = ntohl(tcp->th_seq) + 1;
544 pptp->pptp_side[rev].pptps_nexthdr = ntohl(tcp->th_seq) + 1;
546 return ipf_p_pptp_nextmessage(fin, nat, (pptp_pxy_t *)aps->aps_data,
552 * clean up after ourselves.
555 ipf_p_pptp_del(softc, aps)
556 ipf_main_softc_t *softc;
561 pptp = aps->aps_data;
565 * Don't bother changing any of the NAT structure details,
566 * *_del() is on a callback from aps_free(), from nat_delete()
569 READ_ENTER(&softc->ipf_state);
570 if (pptp->pptp_state != NULL) {
571 ipf_state_setpending(softc, pptp->pptp_state);
573 RWLOCK_EXIT(&softc->ipf_state);
575 if (pptp->pptp_nat != NULL)
576 ipf_nat_setpending(softc, pptp->pptp_nat);
577 pptp->pptp_rule->in_flags |= IPN_DELETE;
578 ipf_nat_rule_deref(softc, &pptp->pptp_rule);
projects / FreeBSD / releng / 10.2.git / blob