2 * Copyright (c) 2001 Charles Mott <cm@linktel.net>
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in the
12 * documentation and/or other materials provided with the distribution.
14 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
15 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
16 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
17 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
18 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
19 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
20 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
21 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
22 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
23 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
27 #include <sys/cdefs.h>
28 __FBSDID("$FreeBSD$");
31 Alias_ftp.c performs special processing for FTP sessions under
32 TCP. Specifically, when a PORT/EPRT command from the client
33 side or 227/229 reply from the server is sent, it is intercepted
34 and modified. The address is changed to the gateway machine
35 and an aliasing port is used.
37 For this routine to work, the message must fit entirely into a
38 single TCP packet. This is typically the case, but exceptions
39 can easily be envisioned under the actual specifications.
41 Probably the most troubling aspect of the approach taken here is
42 that the new message will typically be a different length, and
43 this causes a certain amount of bookkeeping to keep track of the
44 changes of sequence and acknowledgment numbers, since the client
45 machine is totally unaware of the modification to the TCP stream.
48 References: RFC 959, RFC 2428.
50 Initial version: August, 1996 (cjm)
53 Brian Somers and Martin Renters identified an IP checksum
54 error for modified IP packets.
56 Version 1.7: January 9, 1996 (cjm)
57 Differential checksum computation for change
60 Version 2.1: May, 1997 (cjm)
61 Very minor changes to conform with
62 local/global/function naming conventions
63 within the packet aliasing module.
65 Version 3.1: May, 2000 (eds)
66 Add support for passive mode, alias the 227 replies.
68 See HISTORY file for record of revisions.
73 #include <sys/param.h>
74 #include <sys/ctype.h>
75 #include <sys/systm.h>
76 #include <sys/kernel.h>
77 #include <sys/module.h>
80 #include <sys/types.h>
85 #include <netinet/in_systm.h>
86 #include <netinet/in.h>
87 #include <netinet/ip.h>
88 #include <netinet/tcp.h>
91 #include <netinet/libalias/alias.h>
92 #include <netinet/libalias/alias_local.h>
93 #include <netinet/libalias/alias_mod.h>
95 #include "alias_local.h"
96 #include "alias_mod.h"
99 #define FTP_CONTROL_PORT_NUMBER 21
102 AliasHandleFtpOut(struct libalias *, struct ip *, struct alias_link *,
106 fingerprint(struct libalias *la, struct ip *pip, struct alias_data *ah)
109 if (ah->dport == NULL || ah->sport == NULL || ah->lnk == NULL ||
112 if (ntohs(*ah->dport) == FTP_CONTROL_PORT_NUMBER
113 || ntohs(*ah->sport) == FTP_CONTROL_PORT_NUMBER)
119 protohandler(struct libalias *la, struct ip *pip, struct alias_data *ah)
122 AliasHandleFtpOut(la, pip, ah->lnk, ah->maxpktsize);
126 struct proto_handler handlers[] = {
131 .fingerprint = &fingerprint,
132 .protohandler = &protohandler
138 mod_handler(module_t mod, int type, void *data)
145 LibAliasAttachHandlers(handlers);
149 LibAliasDetachHandlers(handlers);
160 moduledata_t alias_mod = {
161 "alias_ftp", mod_handler, NULL
165 DECLARE_MODULE(alias_ftp, alias_mod, SI_SUB_DRIVERS, SI_ORDER_SECOND);
166 MODULE_VERSION(alias_ftp, 1);
167 MODULE_DEPEND(alias_ftp, libalias, 1, 1, 1);
170 #define FTP_CONTROL_PORT_NUMBER 21
171 #define MAX_MESSAGE_SIZE 128
173 /* FTP protocol flags. */
174 #define WAIT_CRLF 0x01
176 enum ftp_message_type {
184 static int ParseFtpPortCommand(struct libalias *la, char *, int);
185 static int ParseFtpEprtCommand(struct libalias *la, char *, int);
186 static int ParseFtp227Reply(struct libalias *la, char *, int);
187 static int ParseFtp229Reply(struct libalias *la, char *, int);
188 static void NewFtpMessage(struct libalias *la, struct ip *, struct alias_link *, int, int);
193 struct ip *pip, /* IP packet to examine/patch */
194 struct alias_link *lnk, /* The link to go through (aliased port) */
195 int maxpacketsize /* The maximum size this packet can grow to
196 (including headers) */ )
198 int hlen, tlen, dlen, pflags;
201 int ftp_message_type;
203 /* Calculate data length of TCP packet */
204 tc = (struct tcphdr *)ip_next(pip);
205 hlen = (pip->ip_hl + tc->th_off) << 2;
206 tlen = ntohs(pip->ip_len);
209 /* Place string pointer and beginning of data */
214 * Check that data length is not too long and previous message was
215 * properly terminated with CRLF.
217 pflags = GetProtocolFlags(lnk);
218 if (dlen <= MAX_MESSAGE_SIZE && !(pflags & WAIT_CRLF)) {
219 ftp_message_type = FTP_UNKNOWN_MESSAGE;
221 if (ntohs(tc->th_dport) == FTP_CONTROL_PORT_NUMBER) {
223 * When aliasing a client, check for the PORT/EPRT command.
225 if (ParseFtpPortCommand(la, sptr, dlen))
226 ftp_message_type = FTP_PORT_COMMAND;
227 else if (ParseFtpEprtCommand(la, sptr, dlen))
228 ftp_message_type = FTP_EPRT_COMMAND;
231 * When aliasing a server, check for the 227/229 reply.
233 if (ParseFtp227Reply(la, sptr, dlen))
234 ftp_message_type = FTP_227_REPLY;
235 else if (ParseFtp229Reply(la, sptr, dlen)) {
236 ftp_message_type = FTP_229_REPLY;
237 la->true_addr.s_addr = pip->ip_src.s_addr;
241 if (ftp_message_type != FTP_UNKNOWN_MESSAGE)
242 NewFtpMessage(la, pip, lnk, maxpacketsize, ftp_message_type);
244 /* Track the msgs which are CRLF term'd for PORT/PASV FW breach */
246 if (dlen) { /* only if there's data */
247 sptr = (char *)pip; /* start over at beginning */
248 tlen = ntohs(pip->ip_len); /* recalc tlen, pkt may
250 if (sptr[tlen - 2] == '\r' && sptr[tlen - 1] == '\n')
251 pflags &= ~WAIT_CRLF;
254 SetProtocolFlags(lnk, pflags);
259 ParseFtpPortCommand(struct libalias *la, char *sptr, int dlen)
267 /* Format: "PORT A,D,D,R,PO,RT". */
269 /* Return if data length is too short. */
273 if (strncasecmp("PORT ", sptr, 5))
276 addr = port = octet = 0;
278 for (i = 5; i < dlen; i++) {
303 octet = 10 * octet + ch - '0';
304 else if (ch == ',') {
305 addr = (addr << 8) + octet;
313 octet = 10 * octet + ch - '0';
314 else if (ch == ',' || state == 12) {
315 port = (port << 8) + octet;
324 la->true_addr.s_addr = htonl(addr);
325 la->true_port = port;
332 ParseFtpEprtCommand(struct libalias *la, char *sptr, int dlen)
340 /* Format: "EPRT |1|A.D.D.R|PORT|". */
342 /* Return if data length is too short. */
346 if (strncasecmp("EPRT ", sptr, 5))
349 addr = port = octet = 0;
350 delim = '|'; /* XXX gcc -Wuninitialized */
352 for (i = 5; i < dlen; i++) {
362 if (ch == '1') /* IPv4 address */
388 octet = 10 * octet + ch - '0';
389 else if (ch == '.' || state == 10) {
390 addr = (addr << 8) + octet;
404 port = 10 * port + ch - '0';
405 else if (ch == delim)
414 la->true_addr.s_addr = htonl(addr);
415 la->true_port = port;
422 ParseFtp227Reply(struct libalias *la, char *sptr, int dlen)
430 /* Format: "227 Entering Passive Mode (A,D,D,R,PO,RT)" */
432 /* Return if data length is too short. */
436 if (strncmp("227 ", sptr, 4))
439 addr = port = octet = 0;
442 for (i = 4; i < dlen; i++) {
466 octet = 10 * octet + ch - '0';
467 else if (ch == ',') {
468 addr = (addr << 8) + octet;
476 octet = 10 * octet + ch - '0';
477 else if (ch == ',' || (state == 12 && ch == ')')) {
478 port = (port << 8) + octet;
487 la->true_port = port;
488 la->true_addr.s_addr = htonl(addr);
495 ParseFtp229Reply(struct libalias *la, char *sptr, int dlen)
501 /* Format: "229 Entering Extended Passive Mode (|||PORT|)" */
503 /* Return if data length is too short. */
507 if (strncmp("229 ", sptr, 4))
511 delim = '|'; /* XXX gcc -Wuninitialized */
514 for (i = 4; i < dlen; i++) {
541 port = 10 * port + ch - '0';
542 else if (ch == delim)
557 la->true_port = port;
564 NewFtpMessage(struct libalias *la, struct ip *pip,
565 struct alias_link *lnk,
567 int ftp_message_type)
569 struct alias_link *ftp_lnk;
571 /* Security checks. */
572 if (pip->ip_src.s_addr != la->true_addr.s_addr)
575 if (la->true_port < IPPORT_RESERVED)
578 /* Establish link to address and port found in FTP control message. */
579 ftp_lnk = FindUdpTcpOut(la, la->true_addr, GetDestAddress(lnk),
580 htons(la->true_port), 0, IPPROTO_TCP, 1);
582 if (ftp_lnk != NULL) {
583 int slen, hlen, tlen, dlen;
587 /* Punch hole in firewall */
588 PunchFWHole(ftp_lnk);
591 /* Calculate data length of TCP packet */
592 tc = (struct tcphdr *)ip_next(pip);
593 hlen = (pip->ip_hl + tc->th_off) << 2;
594 tlen = ntohs(pip->ip_len);
597 /* Create new FTP message. */
599 char stemp[MAX_MESSAGE_SIZE + 1];
603 int a1, a2, a3, a4, p1, p2;
604 struct in_addr alias_address;
606 /* Decompose alias address into quad format */
607 alias_address = GetAliasAddress(lnk);
608 ptr = (u_char *) & alias_address.s_addr;
614 alias_port = GetAliasPort(ftp_lnk);
616 /* Prepare new command */
617 switch (ftp_message_type) {
618 case FTP_PORT_COMMAND:
620 /* Decompose alias port into pair format. */
621 ptr = (char *)&alias_port;
625 if (ftp_message_type == FTP_PORT_COMMAND) {
626 /* Generate PORT command string. */
627 sprintf(stemp, "PORT %d,%d,%d,%d,%d,%d\r\n",
628 a1, a2, a3, a4, p1, p2);
630 /* Generate 227 reply string. */
632 "227 Entering Passive Mode (%d,%d,%d,%d,%d,%d)\r\n",
633 a1, a2, a3, a4, p1, p2);
636 case FTP_EPRT_COMMAND:
637 /* Generate EPRT command string. */
638 sprintf(stemp, "EPRT |1|%d.%d.%d.%d|%d|\r\n",
639 a1, a2, a3, a4, ntohs(alias_port));
642 /* Generate 229 reply string. */
643 sprintf(stemp, "229 Entering Extended Passive Mode (|||%d|)\r\n",
648 /* Save string length for IP header modification */
649 slen = strlen(stemp);
651 /* Copy modified buffer into IP packet. */
654 strncpy(sptr, stemp, maxpacketsize - hlen);
657 /* Save information regarding modified seq and ack numbers */
662 delta = GetDeltaSeqOut(pip, lnk);
663 AddSeq(pip, lnk, delta + slen - dlen);
666 /* Revise IP header */
670 new_len = htons(hlen + slen);
671 DifferentialChecksum(&pip->ip_sum,
675 pip->ip_len = new_len;
678 /* Compute TCP checksum for revised packet */
683 tc->th_sum = TcpChecksum(pip);
686 #ifdef LIBALIAS_DEBUG
688 "PacketAlias/HandleFtpOut: Cannot allocate FTP data port\n");
projects / FreeBSD / releng / 7.2.git / blob