2 * Copyright (c) 2001 Charles Mott <cm@linktel.net>
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in the
12 * documentation and/or other materials provided with the distribution.
14 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
15 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
16 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
17 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
18 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
19 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
20 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
21 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
22 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
23 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
27 #include <sys/cdefs.h>
28 __FBSDID("$FreeBSD$");
31 Alias_ftp.c performs special processing for FTP sessions under
32 TCP. Specifically, when a PORT/EPRT command from the client
33 side or 227/229 reply from the server is sent, it is intercepted
34 and modified. The address is changed to the gateway machine
35 and an aliasing port is used.
37 For this routine to work, the message must fit entirely into a
38 single TCP packet. This is typically the case, but exceptions
39 can easily be envisioned under the actual specifications.
41 Probably the most troubling aspect of the approach taken here is
42 that the new message will typically be a different length, and
43 this causes a certain amount of bookkeeping to keep track of the
44 changes of sequence and acknowledgment numbers, since the client
45 machine is totally unaware of the modification to the TCP stream.
48 References: RFC 959, RFC 2428.
50 Initial version: August, 1996 (cjm)
53 Brian Somers and Martin Renters identified an IP checksum
54 error for modified IP packets.
56 Version 1.7: January 9, 1996 (cjm)
57 Differential checksum computation for change
60 Version 2.1: May, 1997 (cjm)
61 Very minor changes to conform with
62 local/global/function naming conventions
63 within the packet aliasing module.
65 Version 3.1: May, 2000 (eds)
66 Add support for passive mode, alias the 227 replies.
68 See HISTORY file for record of revisions.
73 #include <sys/param.h>
74 #include <sys/ctype.h>
75 #include <sys/systm.h>
76 #include <sys/kernel.h>
77 #include <sys/module.h>
81 #include <sys/types.h>
86 #include <netinet/in_systm.h>
87 #include <netinet/in.h>
88 #include <netinet/ip.h>
89 #include <netinet/tcp.h>
92 #include <netinet/libalias/alias.h>
93 #include <netinet/libalias/alias_local.h>
94 #include <netinet/libalias/alias_mod.h>
96 #include "alias_local.h"
97 #include "alias_mod.h"
100 #define FTP_CONTROL_PORT_NUMBER 21
103 AliasHandleFtpOut(struct libalias *, struct ip *, struct alias_link *,
107 fingerprint(struct libalias *la, struct alias_data *ah)
110 if (ah->dport == NULL || ah->sport == NULL || ah->lnk == NULL ||
113 if (ntohs(*ah->dport) == FTP_CONTROL_PORT_NUMBER
114 || ntohs(*ah->sport) == FTP_CONTROL_PORT_NUMBER)
120 protohandler(struct libalias *la, struct ip *pip, struct alias_data *ah)
123 AliasHandleFtpOut(la, pip, ah->lnk, ah->maxpktsize);
127 struct proto_handler handlers[] = {
132 .fingerprint = &fingerprint,
133 .protohandler = &protohandler
139 mod_handler(module_t mod, int type, void *data)
146 LibAliasAttachHandlers(handlers);
150 LibAliasDetachHandlers(handlers);
161 moduledata_t alias_mod = {
162 "alias_ftp", mod_handler, NULL
166 DECLARE_MODULE(alias_ftp, alias_mod, SI_SUB_DRIVERS, SI_ORDER_SECOND);
167 MODULE_VERSION(alias_ftp, 1);
168 MODULE_DEPEND(alias_ftp, libalias, 1, 1, 1);
171 #define FTP_CONTROL_PORT_NUMBER 21
172 #define MAX_MESSAGE_SIZE 128
174 /* FTP protocol flags. */
175 #define WAIT_CRLF 0x01
177 enum ftp_message_type {
185 static int ParseFtpPortCommand(struct libalias *la, char *, int);
186 static int ParseFtpEprtCommand(struct libalias *la, char *, int);
187 static int ParseFtp227Reply(struct libalias *la, char *, int);
188 static int ParseFtp229Reply(struct libalias *la, char *, int);
189 static void NewFtpMessage(struct libalias *la, struct ip *, struct alias_link *, int, int);
194 struct ip *pip, /* IP packet to examine/patch */
195 struct alias_link *lnk, /* The link to go through (aliased port) */
196 int maxpacketsize /* The maximum size this packet can grow to
197 (including headers) */ )
199 int hlen, tlen, dlen, pflags;
202 int ftp_message_type;
204 /* Calculate data length of TCP packet */
205 tc = (struct tcphdr *)ip_next(pip);
206 hlen = (pip->ip_hl + tc->th_off) << 2;
207 tlen = ntohs(pip->ip_len);
210 /* Place string pointer and beginning of data */
215 * Check that data length is not too long and previous message was
216 * properly terminated with CRLF.
218 pflags = GetProtocolFlags(lnk);
219 if (dlen <= MAX_MESSAGE_SIZE && !(pflags & WAIT_CRLF)) {
220 ftp_message_type = FTP_UNKNOWN_MESSAGE;
222 if (ntohs(tc->th_dport) == FTP_CONTROL_PORT_NUMBER) {
224 * When aliasing a client, check for the PORT/EPRT command.
226 if (ParseFtpPortCommand(la, sptr, dlen))
227 ftp_message_type = FTP_PORT_COMMAND;
228 else if (ParseFtpEprtCommand(la, sptr, dlen))
229 ftp_message_type = FTP_EPRT_COMMAND;
232 * When aliasing a server, check for the 227/229 reply.
234 if (ParseFtp227Reply(la, sptr, dlen))
235 ftp_message_type = FTP_227_REPLY;
236 else if (ParseFtp229Reply(la, sptr, dlen)) {
237 ftp_message_type = FTP_229_REPLY;
238 la->true_addr.s_addr = pip->ip_src.s_addr;
242 if (ftp_message_type != FTP_UNKNOWN_MESSAGE)
243 NewFtpMessage(la, pip, lnk, maxpacketsize, ftp_message_type);
245 /* Track the msgs which are CRLF term'd for PORT/PASV FW breach */
247 if (dlen) { /* only if there's data */
248 sptr = (char *)pip; /* start over at beginning */
249 tlen = ntohs(pip->ip_len); /* recalc tlen, pkt may
251 if (sptr[tlen - 2] == '\r' && sptr[tlen - 1] == '\n')
252 pflags &= ~WAIT_CRLF;
255 SetProtocolFlags(lnk, pflags);
260 ParseFtpPortCommand(struct libalias *la, char *sptr, int dlen)
268 /* Format: "PORT A,D,D,R,PO,RT". */
270 /* Return if data length is too short. */
274 if (strncasecmp("PORT ", sptr, 5))
277 addr = port = octet = 0;
279 for (i = 5; i < dlen; i++) {
304 octet = 10 * octet + ch - '0';
305 else if (ch == ',') {
306 addr = (addr << 8) + octet;
314 octet = 10 * octet + ch - '0';
315 else if (ch == ',' || state == 12) {
316 port = (port << 8) + octet;
325 la->true_addr.s_addr = htonl(addr);
326 la->true_port = port;
333 ParseFtpEprtCommand(struct libalias *la, char *sptr, int dlen)
341 /* Format: "EPRT |1|A.D.D.R|PORT|". */
343 /* Return if data length is too short. */
347 if (strncasecmp("EPRT ", sptr, 5))
350 addr = port = octet = 0;
351 delim = '|'; /* XXX gcc -Wuninitialized */
353 for (i = 5; i < dlen; i++) {
363 if (ch == '1') /* IPv4 address */
389 octet = 10 * octet + ch - '0';
390 else if (ch == '.' || state == 10) {
391 addr = (addr << 8) + octet;
405 port = 10 * port + ch - '0';
406 else if (ch == delim)
415 la->true_addr.s_addr = htonl(addr);
416 la->true_port = port;
423 ParseFtp227Reply(struct libalias *la, char *sptr, int dlen)
431 /* Format: "227 Entering Passive Mode (A,D,D,R,PO,RT)" */
433 /* Return if data length is too short. */
437 if (strncmp("227 ", sptr, 4))
440 addr = port = octet = 0;
443 for (i = 4; i < dlen; i++) {
467 octet = 10 * octet + ch - '0';
468 else if (ch == ',') {
469 addr = (addr << 8) + octet;
477 octet = 10 * octet + ch - '0';
478 else if (ch == ',' || (state == 12 && ch == ')')) {
479 port = (port << 8) + octet;
488 la->true_port = port;
489 la->true_addr.s_addr = htonl(addr);
496 ParseFtp229Reply(struct libalias *la, char *sptr, int dlen)
502 /* Format: "229 Entering Extended Passive Mode (|||PORT|)" */
504 /* Return if data length is too short. */
508 if (strncmp("229 ", sptr, 4))
512 delim = '|'; /* XXX gcc -Wuninitialized */
515 for (i = 4; i < dlen; i++) {
542 port = 10 * port + ch - '0';
543 else if (ch == delim)
558 la->true_port = port;
565 NewFtpMessage(struct libalias *la, struct ip *pip,
566 struct alias_link *lnk,
568 int ftp_message_type)
570 struct alias_link *ftp_lnk;
572 /* Security checks. */
573 if (pip->ip_src.s_addr != la->true_addr.s_addr)
576 if (la->true_port < IPPORT_RESERVED)
579 /* Establish link to address and port found in FTP control message. */
580 ftp_lnk = FindUdpTcpOut(la, la->true_addr, GetDestAddress(lnk),
581 htons(la->true_port), 0, IPPROTO_TCP, 1);
583 if (ftp_lnk != NULL) {
584 int slen, hlen, tlen, dlen;
588 /* Punch hole in firewall */
589 PunchFWHole(ftp_lnk);
592 /* Calculate data length of TCP packet */
593 tc = (struct tcphdr *)ip_next(pip);
594 hlen = (pip->ip_hl + tc->th_off) << 2;
595 tlen = ntohs(pip->ip_len);
598 /* Create new FTP message. */
600 char stemp[MAX_MESSAGE_SIZE + 1];
604 int a1, a2, a3, a4, p1, p2;
605 struct in_addr alias_address;
607 /* Decompose alias address into quad format */
608 alias_address = GetAliasAddress(lnk);
609 ptr = (u_char *) & alias_address.s_addr;
615 alias_port = GetAliasPort(ftp_lnk);
617 /* Prepare new command */
618 switch (ftp_message_type) {
619 case FTP_PORT_COMMAND:
621 /* Decompose alias port into pair format. */
622 ptr = (char *)&alias_port;
626 if (ftp_message_type == FTP_PORT_COMMAND) {
627 /* Generate PORT command string. */
628 sprintf(stemp, "PORT %d,%d,%d,%d,%d,%d\r\n",
629 a1, a2, a3, a4, p1, p2);
631 /* Generate 227 reply string. */
633 "227 Entering Passive Mode (%d,%d,%d,%d,%d,%d)\r\n",
634 a1, a2, a3, a4, p1, p2);
637 case FTP_EPRT_COMMAND:
638 /* Generate EPRT command string. */
639 sprintf(stemp, "EPRT |1|%d.%d.%d.%d|%d|\r\n",
640 a1, a2, a3, a4, ntohs(alias_port));
643 /* Generate 229 reply string. */
644 sprintf(stemp, "229 Entering Extended Passive Mode (|||%d|)\r\n",
649 /* Save string length for IP header modification */
650 slen = strlen(stemp);
652 /* Copy modified buffer into IP packet. */
655 strncpy(sptr, stemp, maxpacketsize - hlen);
658 /* Save information regarding modified seq and ack numbers */
663 tc = (struct tcphdr *)ip_next(pip);
664 delta = GetDeltaSeqOut(tc->th_seq, lnk);
665 AddSeq(lnk, delta + slen - dlen, pip->ip_hl,
666 pip->ip_len, tc->th_seq, tc->th_off);
669 /* Revise IP header */
673 new_len = htons(hlen + slen);
674 DifferentialChecksum(&pip->ip_sum,
678 pip->ip_len = new_len;
681 /* Compute TCP checksum for revised packet */
686 tc->th_sum = TcpChecksum(pip);
689 #ifdef LIBALIAS_DEBUG
691 "PacketAlias/HandleFtpOut: Cannot allocate FTP data port\n");
projects / FreeBSD / releng / 8.1.git / blob