4 * Copyright (C) 1997-2003 by Darren Reed
6 * See the IPFILTER.LICENCE file for details on licencing.
8 * Simple FTP transparent proxy for in-kernel use. For use with the NAT
12 * Id: ip_ftp_pxy.c,v 2.88.2.19 2006/04/01 10:14:53 darrenr Exp $
17 #define IPF_MINPORTLEN 18
18 #define IPF_MAXPORTLEN 30
19 #define IPF_MIN227LEN 39
20 #define IPF_MAX227LEN 51
21 #define IPF_MIN229LEN 47
22 #define IPF_MAX229LEN 51
26 #define FTPXY_USER_1 2
27 #define FTPXY_USOK_1 3
28 #define FTPXY_PASS_1 4
29 #define FTPXY_PAOK_1 5
30 #define FTPXY_AUTH_1 6
31 #define FTPXY_AUOK_1 7
32 #define FTPXY_ADAT_1 8
33 #define FTPXY_ADOK_1 9
34 #define FTPXY_ACCT_1 10
35 #define FTPXY_ACOK_1 11
36 #define FTPXY_USER_2 12
37 #define FTPXY_USOK_2 13
38 #define FTPXY_PASS_2 14
39 #define FTPXY_PAOK_2 15
42 * Values for FTP commands. Numerics cover 0-999
44 #define FTPXY_C_PASV 1000
46 int ippr_ftp_client __P((fr_info_t *, ip_t *, nat_t *, ftpinfo_t *, int));
47 int ippr_ftp_complete __P((char *, size_t));
48 int ippr_ftp_in __P((fr_info_t *, ap_session_t *, nat_t *));
49 int ippr_ftp_init __P((void));
50 void ippr_ftp_fini __P((void));
51 int ippr_ftp_new __P((fr_info_t *, ap_session_t *, nat_t *));
52 int ippr_ftp_out __P((fr_info_t *, ap_session_t *, nat_t *));
53 int ippr_ftp_pasv __P((fr_info_t *, ip_t *, nat_t *, ftpinfo_t *, int));
54 int ippr_ftp_epsv __P((fr_info_t *, ip_t *, nat_t *, ftpside_t *, int));
55 int ippr_ftp_port __P((fr_info_t *, ip_t *, nat_t *, ftpside_t *, int));
56 int ippr_ftp_process __P((fr_info_t *, nat_t *, ftpinfo_t *, int));
57 int ippr_ftp_server __P((fr_info_t *, ip_t *, nat_t *, ftpinfo_t *, int));
58 int ippr_ftp_valid __P((ftpinfo_t *, int, char *, size_t));
59 int ippr_ftp_server_valid __P((ftpside_t *, char *, size_t));
60 int ippr_ftp_client_valid __P((ftpside_t *, char *, size_t));
61 u_short ippr_ftp_atoi __P((char **));
62 int ippr_ftp_pasvreply __P((fr_info_t *, ip_t *, nat_t *, ftpside_t *,
63 u_int, char *, char *, u_int));
66 int ftp_proxy_init = 0;
67 int ippr_ftp_pasvonly = 0;
68 int ippr_ftp_insecure = 0; /* Do not require logins before transfers */
69 int ippr_ftp_pasvrdr = 0;
70 int ippr_ftp_forcepasv = 0; /* PASV must be last command prior to 227 */
72 int ippr_ftp_debug = 0;
74 int ippr_ftp_debug = 2;
85 static frentry_t ftppxyfr;
86 static ipftuneable_t ftptune = {
91 sizeof(ippr_ftp_debug),
98 * Initialize local structures.
102 bzero((char *)&ftppxyfr, sizeof(ftppxyfr));
104 ftppxyfr.fr_flags = FR_INQUE|FR_PASS|FR_QUICK|FR_KEEPSTATE;
105 MUTEX_INIT(&ftppxyfr.fr_lock, "FTP Proxy Mutex");
107 (void) fr_addipftune(&ftptune);
115 (void) fr_delipftune(&ftptune);
117 if (ftp_proxy_init == 1) {
118 MUTEX_DESTROY(&ftppxyfr.fr_lock);
124 int ippr_ftp_new(fin, aps, nat)
132 KMALLOC(ftp, ftpinfo_t *);
136 fin = fin; /* LINT */
137 nat = nat; /* LINT */
140 aps->aps_psiz = sizeof(ftpinfo_t);
142 bzero((char *)ftp, sizeof(*ftp));
143 f = &ftp->ftp_side[0];
144 f->ftps_rptr = f->ftps_buf;
145 f->ftps_wptr = f->ftps_buf;
146 f = &ftp->ftp_side[1];
147 f->ftps_rptr = f->ftps_buf;
148 f->ftps_wptr = f->ftps_buf;
149 ftp->ftp_passok = FTPXY_INIT;
155 int ippr_ftp_port(fin, ip, nat, f, dlen)
162 tcphdr_t *tcp, tcph, *tcp2 = &tcph;
163 char newbuf[IPF_FTPBUFSZ], *s;
164 struct in_addr swip, swip2;
165 u_int a1, a2, a3, a4;
174 tcp = (tcphdr_t *)fin->fin_dp;
175 off = (char *)tcp - (char *)ip + (TCP_OFF(tcp) << 2) + fin->fin_ipoff;
178 * Check for client sending out PORT message.
180 if (dlen < IPF_MINPORTLEN) {
181 if (ippr_ftp_debug > 1)
182 printf("ippr_ftp_port:dlen(%d) < IPF_MINPORTLEN\n",
187 * Skip the PORT command + space
189 s = f->ftps_rptr + 5;
191 * Pick out the address components, two at a time.
193 a1 = ippr_ftp_atoi(&s);
195 if (ippr_ftp_debug > 1)
196 printf("ippr_ftp_port:ippr_ftp_atoi(%d) failed\n", 1);
199 a2 = ippr_ftp_atoi(&s);
201 if (ippr_ftp_debug > 1)
202 printf("ippr_ftp_port:ippr_ftp_atoi(%d) failed\n", 2);
207 * Check that IP address in the PORT/PASV reply is the same as the
208 * sender of the command - prevents using PORT for port scanning.
212 if (((nat->nat_dir == NAT_OUTBOUND) &&
213 (a1 != ntohl(nat->nat_inip.s_addr))) ||
214 ((nat->nat_dir == NAT_INBOUND) &&
215 (a1 != ntohl(nat->nat_oip.s_addr)))) {
216 if (ippr_ftp_debug > 0)
217 printf("ippr_ftp_port:%s != nat->nat_inip\n", "a1");
221 a5 = ippr_ftp_atoi(&s);
223 if (ippr_ftp_debug > 1)
224 printf("ippr_ftp_port:ippr_ftp_atoi(%d) failed\n", 3);
231 * check for CR-LF at the end.
235 if ((*s == '\r') && (*(s + 1) == '\n')) {
239 if (ippr_ftp_debug > 1)
240 printf("ippr_ftp_port:missing %s\n", "cr-lf");
248 * Don't allow the PORT command to specify a port < 1024 due to
252 if (ippr_ftp_debug > 0)
253 printf("ippr_ftp_port:sp(%d) < 1024\n", sp);
257 * Calculate new address parts for PORT command
259 if (nat->nat_dir == NAT_INBOUND)
260 a1 = ntohl(nat->nat_oip.s_addr);
262 a1 = ntohl(ip->ip_src.s_addr);
263 a2 = (a1 >> 16) & 0xff;
264 a3 = (a1 >> 8) & 0xff;
267 olen = s - f->ftps_rptr;
268 /* DO NOT change this to snprintf! */
269 #if defined(SNPRINTF) && defined(_KERNEL)
270 SNPRINTF(newbuf, sizeof(newbuf), "%s %u,%u,%u,%u,%u,%u\r\n",
271 "PORT", a1, a2, a3, a4, a5, a6);
273 (void) sprintf(newbuf, "%s %u,%u,%u,%u,%u,%u\r\n",
274 "PORT", a1, a2, a3, a4, a5, a6);
277 nlen = strlen(newbuf);
279 if ((inc + ip->ip_len) > 65535) {
280 if (ippr_ftp_debug > 0)
281 printf("ippr_ftp_port:inc(%d) + ip->ip_len > 65535\n",
286 #if !defined(_KERNEL)
287 bcopy(newbuf, MTOD(m, char *) + off, nlen);
291 (void)adjmsg(m, inc);
292 # else /* defined(MENTAT) */
294 * m_adj takes care of pkthdr.len, if required and treats inc<0 to
295 * mean remove -len bytes from the end of the packet.
296 * The mbuf chain will be extended if necessary by m_copyback().
300 # endif /* defined(MENTAT) */
301 #endif /* !defined(_KERNEL) */
302 COPYBACK(m, off, nlen, newbuf);
306 fin->fin_dlen += inc;
307 fin->fin_plen += inc;
311 * The server may not make the connection back from port 20, but
312 * it is the most likely so use it here to check for a conflicting
315 bcopy((char *)fin, (char *)&fi, sizeof(fi));
318 fi.fin_flx |= FI_IGNORE;
320 fi.fin_data[1] = fin->fin_data[1] - 1;
322 * Add skeleton NAT entry for connection which will come back the
325 if (nat->nat_dir == NAT_OUTBOUND)
326 nat2 = nat_outlookup(&fi, NAT_SEARCH|IPN_TCP, nat->nat_p,
327 nat->nat_inip, nat->nat_oip);
329 nat2 = nat_inlookup(&fi, NAT_SEARCH|IPN_TCP, nat->nat_p,
330 nat->nat_inip, nat->nat_oip);
335 ip->ip_len = fin->fin_hlen + sizeof(*tcp2);
336 bzero((char *)tcp2, sizeof(*tcp2));
337 tcp2->th_win = htons(8192);
338 tcp2->th_sport = htons(sp);
340 tcp2->th_flags = TH_SYN;
341 tcp2->th_dport = 0; /* XXX - don't specify remote port */
343 fi.fin_dlen = sizeof(*tcp2);
344 fi.fin_plen = fi.fin_hlen + sizeof(*tcp2);
345 fi.fin_dp = (char *)tcp2;
346 fi.fin_fr = &ftppxyfr;
347 fi.fin_out = nat->nat_dir;
348 fi.fin_flx &= FI_LOWTTL|FI_FRAG|FI_TCPUDP|FI_OPTIONS|FI_IGNORE;
351 if (nat->nat_dir == NAT_OUTBOUND) {
352 fi.fin_fi.fi_saddr = nat->nat_inip.s_addr;
353 ip->ip_src = nat->nat_inip;
354 } else if (nat->nat_dir == NAT_INBOUND) {
355 fi.fin_fi.fi_saddr = nat->nat_oip.s_addr;
356 ip->ip_src = nat->nat_oip;
359 flags = NAT_SLAVE|IPN_TCP|SI_W_DPORT;
360 if (nat->nat_dir == NAT_INBOUND)
361 flags |= NAT_NOTRULEPORT;
362 nat2 = nat_new(&fi, nat->nat_ptr, NULL, flags, nat->nat_dir);
365 (void) nat_proto(&fi, nat2, IPN_TCP);
366 nat_update(&fi, nat2, nat->nat_ptr);
368 if (nat->nat_dir == NAT_INBOUND) {
369 fi.fin_fi.fi_daddr = nat->nat_inip.s_addr;
370 ip->ip_dst = nat->nat_inip;
372 (void) fr_addstate(&fi, NULL, SI_W_DPORT);
373 if (fi.fin_state != NULL)
374 fr_statederef((ipstate_t **)&fi.fin_state);
384 int ippr_ftp_client(fin, ip, nat, ftp, dlen)
391 char *rptr, *wptr, cmd[6], c;
396 f = &ftp->ftp_side[0];
400 for (i = 0; (i < 5) && (i < dlen); i++) {
411 if (!strncmp(cmd, "USER ", 5) || !strncmp(cmd, "XAUT ", 5)) {
412 if (ftp->ftp_passok == FTPXY_ADOK_1 ||
413 ftp->ftp_passok == FTPXY_AUOK_1) {
414 ftp->ftp_passok = FTPXY_USER_2;
417 ftp->ftp_passok = FTPXY_USER_1;
420 } else if (!strncmp(cmd, "AUTH ", 5)) {
421 ftp->ftp_passok = FTPXY_AUTH_1;
423 } else if (!strncmp(cmd, "PASS ", 5)) {
424 if (ftp->ftp_passok == FTPXY_USOK_1) {
425 ftp->ftp_passok = FTPXY_PASS_1;
427 } else if (ftp->ftp_passok == FTPXY_USOK_2) {
428 ftp->ftp_passok = FTPXY_PASS_2;
431 } else if ((ftp->ftp_passok == FTPXY_AUOK_1) &&
432 !strncmp(cmd, "ADAT ", 5)) {
433 ftp->ftp_passok = FTPXY_ADAT_1;
435 } else if ((ftp->ftp_passok == FTPXY_PAOK_1 ||
436 ftp->ftp_passok == FTPXY_PAOK_2) &&
437 !strncmp(cmd, "ACCT ", 5)) {
438 ftp->ftp_passok = FTPXY_ACCT_1;
440 } else if ((ftp->ftp_passok == FTPXY_GO) && !ippr_ftp_pasvonly &&
441 !strncmp(cmd, "PORT ", 5)) {
442 inc = ippr_ftp_port(fin, ip, nat, f, dlen);
443 } else if (ippr_ftp_insecure && !ippr_ftp_pasvonly &&
444 !strncmp(cmd, "PORT ", 5)) {
445 inc = ippr_ftp_port(fin, ip, nat, f, dlen);
448 while ((*rptr++ != '\n') && (rptr < wptr))
455 int ippr_ftp_pasv(fin, ip, nat, ftp, dlen)
462 u_int a1, a2, a3, a4, data_ip;
463 char newbuf[IPF_FTPBUFSZ];
464 const char *brackets[2];
469 if (ippr_ftp_forcepasv != 0 &&
470 ftp->ftp_side[0].ftps_cmds != FTPXY_C_PASV) {
471 if (ippr_ftp_debug > 0)
472 printf("ippr_ftp_pasv:ftps_cmds(%d) != FTPXY_C_PASV\n",
473 ftp->ftp_side[0].ftps_cmds);
477 f = &ftp->ftp_side[1];
479 #define PASV_REPLEN 24
481 * Check for PASV reply message.
483 if (dlen < IPF_MIN227LEN) {
484 if (ippr_ftp_debug > 1)
485 printf("ippr_ftp_pasv:dlen(%d) < IPF_MIN227LEN\n",
488 } else if (strncmp(f->ftps_rptr,
489 "227 Entering Passive Mod", PASV_REPLEN)) {
490 if (ippr_ftp_debug > 0)
491 printf("ippr_ftp_pasv:%d reply wrong\n", 227);
498 * Skip the PASV reply + space
500 s = f->ftps_rptr + PASV_REPLEN;
501 while (*s && !ISDIGIT(*s)) {
510 * Pick out the address components, two at a time.
512 a1 = ippr_ftp_atoi(&s);
514 if (ippr_ftp_debug > 1)
515 printf("ippr_ftp_pasv:ippr_ftp_atoi(%d) failed\n", 1);
518 a2 = ippr_ftp_atoi(&s);
520 if (ippr_ftp_debug > 1)
521 printf("ippr_ftp_pasv:ippr_ftp_atoi(%d) failed\n", 2);
526 * check that IP address in the PASV reply is the same as the
527 * sender of the command - prevents using PASV for port scanning.
532 if (((nat->nat_dir == NAT_INBOUND) &&
533 (a1 != ntohl(nat->nat_inip.s_addr))) ||
534 ((nat->nat_dir == NAT_OUTBOUND) &&
535 (a1 != ntohl(nat->nat_oip.s_addr)))) {
536 if (ippr_ftp_debug > 0)
537 printf("ippr_ftp_pasv:%s != nat->nat_oip\n", "a1");
541 a5 = ippr_ftp_atoi(&s);
543 if (ippr_ftp_debug > 1)
544 printf("ippr_ftp_pasv:ippr_ftp_atoi(%d) failed\n", 3);
555 * check for CR-LF at the end.
557 if ((*s == '\r') && (*(s + 1) == '\n')) {
560 if (ippr_ftp_debug > 1)
561 printf("ippr_ftp_pasv:missing %s", "cr-lf\n");
568 * Calculate new address parts for 227 reply
570 if (nat->nat_dir == NAT_INBOUND) {
571 data_ip = nat->nat_outip.s_addr;
576 a2 = (a1 >> 16) & 0xff;
577 a3 = (a1 >> 8) & 0xff;
581 #if defined(SNPRINTF) && defined(_KERNEL)
582 SNPRINTF(newbuf, sizeof(newbuf), "%s %s%u,%u,%u,%u,%u,%u%s\r\n",
583 "227 Entering Passive Mode", brackets[0], a1, a2, a3, a4,
584 a5, a6, brackets[1]);
586 (void) sprintf(newbuf, "%s %s%u,%u,%u,%u,%u,%u%s\r\n",
587 "227 Entering Passive Mode", brackets[0], a1, a2, a3, a4,
588 a5, a6, brackets[1]);
590 return ippr_ftp_pasvreply(fin, ip, nat, f, (a5 << 8 | a6),
594 int ippr_ftp_pasvreply(fin, ip, nat, f, port, newmsg, s, data_ip)
604 int inc, off, nflags, sflags;
605 tcphdr_t *tcp, tcph, *tcp2;
606 struct in_addr swip, swip2;
607 struct in_addr data_addr;
614 tcp = (tcphdr_t *)fin->fin_dp;
615 off = (char *)tcp - (char *)ip + (TCP_OFF(tcp) << 2) + fin->fin_ipoff;
617 data_addr.s_addr = data_ip;
622 olen = s - f->ftps_rptr;
623 nlen = strlen(newmsg);
625 if ((inc + ip->ip_len) > 65535) {
626 if (ippr_ftp_debug > 0)
627 printf("ippr_ftp_pasv:inc(%d) + ip->ip_len > 65535\n",
632 #if !defined(_KERNEL)
633 bcopy(newmsg, MTOD(m, char *) + off, nlen);
637 (void)adjmsg(m, inc);
638 # else /* defined(MENTAT) */
640 * m_adj takes care of pkthdr.len, if required and treats inc<0 to
641 * mean remove -len bytes from the end of the packet.
642 * The mbuf chain will be extended if necessary by m_copyback().
646 # endif /* defined(MENTAT) */
647 #endif /* !defined(_KERNEL) */
648 COPYBACK(m, off, nlen, newmsg);
652 fin->fin_dlen += inc;
653 fin->fin_plen += inc;
657 * Add skeleton NAT entry for connection which will come back the
660 bcopy((char *)fin, (char *)&fi, sizeof(fi));
663 fi.fin_flx |= FI_IGNORE;
665 fi.fin_data[1] = port;
666 nflags = IPN_TCP|SI_W_SPORT;
667 if (ippr_ftp_pasvrdr && f->ftps_ifp)
668 nflags |= SI_W_DPORT;
669 if (nat->nat_dir == NAT_OUTBOUND)
670 nat2 = nat_outlookup(&fi, nflags|NAT_SEARCH,
671 nat->nat_p, nat->nat_inip, nat->nat_oip);
673 nat2 = nat_inlookup(&fi, nflags|NAT_SEARCH,
674 nat->nat_p, nat->nat_inip, nat->nat_oip);
679 ip->ip_len = fin->fin_hlen + sizeof(*tcp2);
680 bzero((char *)tcp2, sizeof(*tcp2));
681 tcp2->th_win = htons(8192);
682 tcp2->th_sport = 0; /* XXX - fake it for nat_new */
684 tcp2->th_flags = TH_SYN;
685 fi.fin_data[1] = port;
686 fi.fin_dlen = sizeof(*tcp2);
687 tcp2->th_dport = htons(port);
689 fi.fin_dp = (char *)tcp2;
690 fi.fin_plen = fi.fin_hlen + sizeof(*tcp);
691 fi.fin_fr = &ftppxyfr;
692 fi.fin_out = nat->nat_dir;
693 fi.fin_flx &= FI_LOWTTL|FI_FRAG|FI_TCPUDP|FI_OPTIONS|FI_IGNORE;
696 if (nat->nat_dir == NAT_OUTBOUND) {
697 fi.fin_fi.fi_daddr = data_addr.s_addr;
698 fi.fin_fi.fi_saddr = nat->nat_inip.s_addr;
699 ip->ip_dst = data_addr;
700 ip->ip_src = nat->nat_inip;
701 } else if (nat->nat_dir == NAT_INBOUND) {
702 fi.fin_fi.fi_saddr = nat->nat_oip.s_addr;
703 fi.fin_fi.fi_daddr = nat->nat_outip.s_addr;
704 ip->ip_src = nat->nat_oip;
705 ip->ip_dst = nat->nat_outip;
710 if (nat->nat_dir == NAT_INBOUND)
711 nflags |= NAT_NOTRULEPORT;
712 nat2 = nat_new(&fi, nat->nat_ptr, NULL, nflags, nat->nat_dir);
714 (void) nat_proto(&fi, nat2, IPN_TCP);
715 nat_update(&fi, nat2, nat->nat_ptr);
717 if (nat->nat_dir == NAT_INBOUND) {
718 fi.fin_fi.fi_daddr = nat->nat_inip.s_addr;
719 ip->ip_dst = nat->nat_inip;
721 (void) fr_addstate(&fi, NULL, sflags);
722 if (fi.fin_state != NULL)
723 fr_statederef((ipstate_t **)&fi.fin_state);
734 int ippr_ftp_server(fin, ip, nat, ftp, dlen)
746 f = &ftp->ftp_side[1];
752 if (!ISDIGIT(*rptr) || !ISDIGIT(*(rptr + 1)) || !ISDIGIT(*(rptr + 2)))
754 if (ftp->ftp_passok == FTPXY_GO) {
755 if (!strncmp(rptr, "227 ", 4))
756 inc = ippr_ftp_pasv(fin, ip, nat, ftp, dlen);
757 else if (!strncmp(rptr, "229 ", 4))
758 inc = ippr_ftp_epsv(fin, ip, nat, f, dlen);
759 } else if (ippr_ftp_insecure && !strncmp(rptr, "227 ", 4)) {
760 inc = ippr_ftp_pasv(fin, ip, nat, ftp, dlen);
761 } else if (ippr_ftp_insecure && !strncmp(rptr, "229 ", 4)) {
762 inc = ippr_ftp_epsv(fin, ip, nat, f, dlen);
763 } else if (*rptr == '5' || *rptr == '4')
764 ftp->ftp_passok = FTPXY_INIT;
765 else if (ftp->ftp_incok) {
767 if (ftp->ftp_passok == FTPXY_ACCT_1)
768 ftp->ftp_passok = FTPXY_GO;
771 } else if (*rptr == '2') {
772 switch (ftp->ftp_passok)
779 ftp->ftp_passok = FTPXY_GO;
782 ftp->ftp_passok += 3;
790 while ((*rptr++ != '\n') && (rptr < wptr))
798 * Look to see if the buffer starts with something which we recognise as
799 * being the correct syntax for the FTP protocol.
801 int ippr_ftp_client_valid(ftps, buf, len)
806 register char *s, c, pc;
807 register size_t i = len;
812 if (ftps->ftps_junk == 1)
816 if (ippr_ftp_debug > 3)
817 printf("ippr_ftp_client_valid:i(%d) < 5\n", (int)i);
840 if ((c != ' ') && (c != '\r'))
841 goto bad_client_command;
842 } else if ((c != ' ') && (c != '\r'))
843 goto bad_client_command;
845 goto bad_client_command;
847 goto bad_client_command;
850 if (ippr_ftp_debug > 3)
851 printf("%s:bad:junk %d len %d/%d c 0x%x buf [%*.*s]\n",
852 "ippr_ftp_client_valid",
853 ftps->ftps_junk, (int)len, (int)i, c,
854 (int)len, (int)len, buf);
861 if ((pc == '\r') && (c == '\n')) {
863 if (!strcmp(cmd, "PASV"))
864 ftps->ftps_cmds = FTPXY_C_PASV;
870 #if !defined(_KERNEL)
871 printf("ippr_ftp_client_valid:junk after cmd[%*.*s]\n",
872 (int)len, (int)len, buf);
878 int ippr_ftp_server_valid(ftps, buf, len)
883 register char *s, c, pc;
884 register size_t i = len;
890 if (ftps->ftps_junk == 1)
894 if (ippr_ftp_debug > 3)
895 printf("ippr_ftp_servert_valid:i(%d) < 5\n", (int)i);
905 cmd = (c - '0') * 100;
909 cmd += (c - '0') * 10;
916 if ((c != '-') && (c != ' '))
917 goto bad_server_command;
919 goto bad_server_command;
921 goto bad_server_command;
924 if (ippr_ftp_debug > 3)
925 printf("%s:bad:junk %d len %d/%d c 0x%x buf [%*.*s]\n",
926 "ippr_ftp_server_valid",
927 ftps->ftps_junk, (int)len, (int)i,
928 c, (int)len, (int)len, buf);
935 if ((pc == '\r') && (c == '\n')) {
936 ftps->ftps_cmds = cmd;
940 if (ippr_ftp_debug > 3)
941 printf("ippr_ftp_server_valid:junk after cmd[%*.*s]\n",
942 (int)len, (int)len, buf);
947 int ippr_ftp_valid(ftp, side, buf, len)
956 ftps = &ftp->ftp_side[side];
959 ret = ippr_ftp_client_valid(ftps, buf, len);
961 ret = ippr_ftp_server_valid(ftps, buf, len);
967 * For map rules, the following applies:
968 * rv == 0 for outbound processing,
969 * rv == 1 for inbound processing.
970 * For rdr rules, the following applies:
971 * rv == 0 for inbound processing,
972 * rv == 1 for outbound processing.
974 int ippr_ftp_process(fin, nat, ftp, rv)
980 int mlen, len, off, inc, i, sel, sel2, ok, ackoff, seqoff;
981 char *rptr, *wptr, *s;
991 tcp = (tcphdr_t *)fin->fin_dp;
992 off = (char *)tcp - (char *)ip + (TCP_OFF(tcp) << 2) + fin->fin_ipoff;
994 f = &ftp->ftp_side[rv];
995 t = &ftp->ftp_side[1 - rv];
996 thseq = ntohl(tcp->th_seq);
997 thack = ntohl(tcp->th_ack);
1000 mlen = fin->fin_plen - off;
1002 mlen = MSGDSIZE(m) - off;
1004 if (ippr_ftp_debug > 4)
1005 printf("ippr_ftp_process: mlen %d\n", mlen);
1007 if ((mlen == 0) && ((tcp->th_flags & TH_OPENING) == TH_OPENING)) {
1008 f->ftps_seq[0] = thseq + 1;
1009 t->ftps_seq[0] = thack;
1011 } else if (mlen < 0) {
1017 sel = aps->aps_sel[1 - rv];
1018 sel2 = aps->aps_sel[rv];
1020 seqoff = aps->aps_seqoff[sel];
1021 if (aps->aps_seqmin[sel] > seqoff + thseq)
1022 seqoff = aps->aps_seqoff[!sel];
1023 ackoff = aps->aps_ackoff[sel2];
1024 if (aps->aps_ackmin[sel2] > ackoff + thack)
1025 ackoff = aps->aps_ackoff[!sel2];
1027 seqoff = aps->aps_ackoff[sel];
1028 if (ippr_ftp_debug > 2)
1029 printf("seqoff %d thseq %x ackmin %x\n", seqoff, thseq,
1030 aps->aps_ackmin[sel]);
1031 if (aps->aps_ackmin[sel] > seqoff + thseq)
1032 seqoff = aps->aps_ackoff[!sel];
1034 ackoff = aps->aps_seqoff[sel2];
1035 if (ippr_ftp_debug > 2)
1036 printf("ackoff %d thack %x seqmin %x\n", ackoff, thack,
1037 aps->aps_seqmin[sel2]);
1039 if (aps->aps_seqmin[sel2] > ackoff + thack)
1040 ackoff = aps->aps_seqoff[!sel2];
1042 if (aps->aps_seqmin[sel2] > thack)
1043 ackoff = aps->aps_seqoff[!sel2];
1046 if (ippr_ftp_debug > 2) {
1047 printf("%s: %x seq %x/%d ack %x/%d len %d/%d off %d\n",
1048 rv ? "IN" : "OUT", tcp->th_flags, thseq, seqoff,
1049 thack, ackoff, mlen, fin->fin_plen, off);
1050 printf("sel %d seqmin %x/%x offset %d/%d\n", sel,
1051 aps->aps_seqmin[sel], aps->aps_seqmin[sel2],
1052 aps->aps_seqoff[sel], aps->aps_seqoff[sel2]);
1053 printf("sel %d ackmin %x/%x offset %d/%d\n", sel2,
1054 aps->aps_ackmin[sel], aps->aps_ackmin[sel2],
1055 aps->aps_ackoff[sel], aps->aps_ackoff[sel2]);
1059 * XXX - Ideally, this packet should get dropped because we now know
1060 * that it is out of order (and there is no real danger in doing so
1061 * apart from causing packets to go through here ordered).
1063 if (ippr_ftp_debug > 2) {
1064 printf("rv %d t:seq[0] %x seq[1] %x %d/%d\n",
1065 rv, t->ftps_seq[0], t->ftps_seq[1], seqoff, ackoff);
1069 if (t->ftps_seq[0] == 0) {
1070 t->ftps_seq[0] = thack;
1074 if (t->ftps_seq[0] == thack)
1076 else if (t->ftps_seq[1] == thack) {
1077 t->ftps_seq[0] = thack;
1081 if (t->ftps_seq[0] + ackoff == thack)
1083 else if (t->ftps_seq[0] == thack + ackoff)
1085 else if (t->ftps_seq[1] + ackoff == thack) {
1086 t->ftps_seq[0] = thack - ackoff;
1088 } else if (t->ftps_seq[1] == thack + ackoff) {
1089 t->ftps_seq[0] = thack - ackoff;
1095 if (ippr_ftp_debug > 2) {
1097 printf("%s ok\n", "not");
1101 if (t->ftps_seq[0] + ackoff != thack) {
1102 if (ippr_ftp_debug > 1) {
1103 printf("%s:seq[0](%x) + (%x) != (%x)\n",
1104 "ippr_ftp_process", t->ftps_seq[0],
1110 if (ippr_ftp_debug > 2) {
1111 printf("ippr_ftp_process:f:seq[0] %x seq[1] %x\n",
1112 f->ftps_seq[0], f->ftps_seq[1]);
1115 if (tcp->th_flags & TH_FIN) {
1116 if (thseq == f->ftps_seq[1]) {
1117 f->ftps_seq[0] = f->ftps_seq[1] - seqoff;
1118 f->ftps_seq[1] = thseq + 1 - seqoff;
1120 if (ippr_ftp_debug > 1) {
1121 printf("FIN: thseq %x seqoff %d ftps_seq %x %x\n",
1122 thseq, seqoff, f->ftps_seq[0], f->ftps_seq[1]);
1132 if ((thseq == f->ftps_seq[0]) || (thseq == f->ftps_seq[1])) {
1135 * Retransmitted data packet.
1137 } else if ((thseq + mlen == f->ftps_seq[0]) ||
1138 (thseq + mlen == f->ftps_seq[1])) {
1143 inc = thseq - f->ftps_seq[0];
1144 if (ippr_ftp_debug > 1) {
1145 printf("inc %d sel %d rv %d\n", inc, sel, rv);
1146 printf("th_seq %x ftps_seq %x/%x\n",
1147 thseq, f->ftps_seq[0], f->ftps_seq[1]);
1148 printf("ackmin %x ackoff %d\n", aps->aps_ackmin[sel],
1149 aps->aps_ackoff[sel]);
1150 printf("seqmin %x seqoff %d\n", aps->aps_seqmin[sel],
1151 aps->aps_seqoff[sel]);
1158 rptr = f->ftps_rptr;
1159 wptr = f->ftps_wptr;
1160 f->ftps_seq[0] = thseq;
1161 f->ftps_seq[1] = f->ftps_seq[0] + mlen;
1165 len = MIN(mlen, sizeof(f->ftps_buf) - (wptr - rptr));
1166 COPYDATA(m, off, len, wptr);
1171 if (ippr_ftp_debug > 3)
1172 printf("%s:len %d/%d off %d wptr %lx junk %d [%*.*s]\n",
1174 len, mlen, off, (u_long)wptr, f->ftps_junk,
1177 f->ftps_wptr = wptr;
1178 if (f->ftps_junk != 0) {
1180 f->ftps_junk = ippr_ftp_valid(ftp, rv, rptr,
1183 if (ippr_ftp_debug > 5)
1184 printf("%s:junk %d -> %d\n",
1185 "ippr_ftp_process", i, f->ftps_junk);
1187 if (f->ftps_junk != 0) {
1188 if (wptr - rptr == sizeof(f->ftps_buf)) {
1189 if (ippr_ftp_debug > 4)
1190 printf("%s:full buffer\n",
1191 "ippr_ftp_process");
1192 f->ftps_rptr = f->ftps_buf;
1193 f->ftps_wptr = f->ftps_buf;
1194 rptr = f->ftps_rptr;
1195 wptr = f->ftps_wptr;
1197 * Because we throw away data here that
1198 * we would otherwise parse, set the
1199 * junk flag to indicate just ignore
1200 * any data upto the next CRLF.
1208 while ((f->ftps_junk == 0) && (wptr > rptr)) {
1210 f->ftps_junk = ippr_ftp_valid(ftp, rv, rptr, len);
1212 if (ippr_ftp_debug > 3) {
1213 printf("%s=%d len %d rv %d ptr %lx/%lx ",
1215 f->ftps_junk, len, rv, (u_long)rptr,
1217 printf("buf [%*.*s]\n", len, len, rptr);
1220 if (f->ftps_junk == 0) {
1221 f->ftps_rptr = rptr;
1223 inc += ippr_ftp_server(fin, ip, nat,
1226 inc += ippr_ftp_client(fin, ip, nat,
1228 rptr = f->ftps_rptr;
1229 wptr = f->ftps_wptr;
1234 * Off to a bad start so lets just forget about using the
1235 * ftp proxy for this connection.
1237 if ((f->ftps_cmds == 0) && (f->ftps_junk == 1)) {
1238 /* f->ftps_seq[1] += inc; */
1240 if (ippr_ftp_debug > 1)
1241 printf("%s:cmds == 0 junk == 1\n",
1242 "ippr_ftp_process");
1246 if ((f->ftps_junk != 0) && (rptr < wptr)) {
1247 for (s = rptr; s < wptr; s++) {
1248 if ((*s == '\r') && (s + 1 < wptr) &&
1249 (*(s + 1) == '\n')) {
1258 rptr = wptr = f->ftps_buf;
1261 * Compact the buffer back to the start. The junk
1262 * flag should already be set and because we're not
1263 * throwing away any data, it is preserved from its
1266 if (rptr > f->ftps_buf) {
1267 bcopy(rptr, f->ftps_buf, len);
1268 wptr -= rptr - f->ftps_buf;
1272 f->ftps_rptr = rptr;
1273 f->ftps_wptr = wptr;
1276 /* f->ftps_seq[1] += inc; */
1277 if (tcp->th_flags & TH_FIN)
1279 if (ippr_ftp_debug > 3) {
1281 mlen = fin->fin_plen;
1286 printf("ftps_seq[1] = %x inc %d len %d\n",
1287 f->ftps_seq[1], inc, mlen);
1290 f->ftps_rptr = rptr;
1291 f->ftps_wptr = wptr;
1292 return APR_INC(inc);
1296 int ippr_ftp_out(fin, aps, nat)
1304 ftp = aps->aps_data;
1308 rev = (nat->nat_dir == NAT_OUTBOUND) ? 0 : 1;
1309 if (ftp->ftp_side[1 - rev].ftps_ifp == NULL)
1310 ftp->ftp_side[1 - rev].ftps_ifp = fin->fin_ifp;
1312 return ippr_ftp_process(fin, nat, ftp, rev);
1316 int ippr_ftp_in(fin, aps, nat)
1324 ftp = aps->aps_data;
1328 rev = (nat->nat_dir == NAT_OUTBOUND) ? 0 : 1;
1329 if (ftp->ftp_side[rev].ftps_ifp == NULL)
1330 ftp->ftp_side[rev].ftps_ifp = fin->fin_ifp;
1332 return ippr_ftp_process(fin, nat, ftp, 1 - rev);
1337 * ippr_ftp_atoi - implement a version of atoi which processes numbers in
1338 * pairs separated by commas (which are expected to be in the range 0 - 255),
1339 * returning a 16 bit number combining either side of the , as the MSB and
1342 u_short ippr_ftp_atoi(ptr)
1345 register char *s = *ptr, c;
1346 register u_char i = 0, j = 0;
1348 while (((c = *s++) != '\0') && ISDIGIT(c)) {
1356 while (((c = *s++) != '\0') && ISDIGIT(c)) {
1363 return (i << 8) | j;
1367 int ippr_ftp_epsv(fin, ip, nat, f, dlen)
1374 char newbuf[IPF_FTPBUFSZ];
1378 #define EPSV_REPLEN 33
1380 * Check for EPSV reply message.
1382 if (dlen < IPF_MIN229LEN)
1384 else if (strncmp(f->ftps_rptr,
1385 "229 Entering Extended Passive Mode", EPSV_REPLEN))
1389 * Skip the EPSV command + space
1391 s = f->ftps_rptr + 33;
1392 while (*s && !ISDIGIT(*s))
1396 * As per RFC 2428, there are no addres components in the EPSV
1397 * response. So we'll go straight to getting the port.
1399 while (*s && ISDIGIT(*s)) {
1414 * check for CR-LF at the end.
1416 if ((*s == '\r') && (*(s + 1) == '\n')) {
1421 #if defined(SNPRINTF) && defined(_KERNEL)
1422 SNPRINTF(newbuf, sizeof(newbuf), "%s (|||%u|)\r\n",
1423 "229 Entering Extended Passive Mode", ap);
1425 (void) sprintf(newbuf, "%s (|||%u|)\r\n",
1426 "229 Entering Extended Passive Mode", ap);
1429 return ippr_ftp_pasvreply(fin, ip, nat, f, (u_int)ap, newbuf, s,
projects / FreeBSD / releng / 9.2.git / blob