2 * Copyright (C) 2002-2003 by Darren Reed
4 * Simple PPTP transparent proxy for in-kernel use. For use with the NAT
7 * $Id: ip_pptp_pxy.c,v 2.10.2.15 2006/10/31 12:11:23 darrenr Exp $
10 #define IPF_PPTP_PROXY
12 typedef struct pptp_hdr {
18 #define PPTP_MSGTYPE_CTL 1
19 #define PPTP_MTCTL_STARTREQ 1
20 #define PPTP_MTCTL_STARTREP 2
21 #define PPTP_MTCTL_STOPREQ 3
22 #define PPTP_MTCTL_STOPREP 4
23 #define PPTP_MTCTL_ECHOREQ 5
24 #define PPTP_MTCTL_ECHOREP 6
25 #define PPTP_MTCTL_OUTREQ 7
26 #define PPTP_MTCTL_OUTREP 8
27 #define PPTP_MTCTL_INREQ 9
28 #define PPTP_MTCTL_INREP 10
29 #define PPTP_MTCTL_INCONNECT 11
30 #define PPTP_MTCTL_CLEAR 12
31 #define PPTP_MTCTL_DISCONNECT 13
32 #define PPTP_MTCTL_WANERROR 14
33 #define PPTP_MTCTL_LINKINFO 15
36 int ippr_pptp_init __P((void));
37 void ippr_pptp_fini __P((void));
38 int ippr_pptp_new __P((fr_info_t *, ap_session_t *, nat_t *));
39 void ippr_pptp_del __P((ap_session_t *));
40 int ippr_pptp_inout __P((fr_info_t *, ap_session_t *, nat_t *));
41 void ippr_pptp_donatstate __P((fr_info_t *, nat_t *, pptp_pxy_t *));
42 int ippr_pptp_message __P((fr_info_t *, nat_t *, pptp_pxy_t *, pptp_side_t *));
43 int ippr_pptp_nextmessage __P((fr_info_t *, nat_t *, pptp_pxy_t *, int));
44 int ippr_pptp_mctl __P((fr_info_t *, nat_t *, pptp_pxy_t *, pptp_side_t *));
46 static frentry_t pptpfr;
48 int pptp_proxy_init = 0;
49 int ippr_pptp_debug = 0;
50 int ippr_pptp_gretimeout = IPF_TTLVAL(120); /* 2 minutes */
54 * PPTP application proxy initialization.
58 bzero((char *)&pptpfr, sizeof(pptpfr));
60 pptpfr.fr_age[0] = ippr_pptp_gretimeout;
61 pptpfr.fr_age[1] = ippr_pptp_gretimeout;
62 pptpfr.fr_flags = FR_OUTQUE|FR_PASS|FR_QUICK|FR_KEEPSTATE;
63 MUTEX_INIT(&pptpfr.fr_lock, "PPTP proxy rule lock");
72 if (pptp_proxy_init == 1) {
73 MUTEX_DESTROY(&pptpfr.fr_lock);
80 * Setup for a new PPTP proxy.
82 * NOTE: The printf's are broken up with %s in them to prevent them being
83 * optimised into puts statements on FreeBSD (this doesn't exist in the kernel)
85 int ippr_pptp_new(fin, aps, nat)
96 if (nat_outlookup(fin, 0, IPPROTO_GRE, nat->nat_inip,
97 ip->ip_dst) != NULL) {
98 if (ippr_pptp_debug > 0)
99 printf("ippr_pptp_new: GRE session %s\n",
104 aps->aps_psiz = sizeof(*pptp);
105 KMALLOCS(aps->aps_data, pptp_pxy_t *, sizeof(*pptp));
106 if (aps->aps_data == NULL) {
107 if (ippr_pptp_debug > 0)
108 printf("ippr_pptp_new: malloc for aps_data %s\n",
114 * Create NAT rule against which the tunnel/transport mapping is
115 * created. This is required because the current NAT rule does not
116 * describe GRE but TCP instead.
118 pptp = aps->aps_data;
119 bzero((char *)pptp, sizeof(*pptp));
120 ipn = &pptp->pptp_rule;
121 ipn->in_ifps[0] = fin->fin_ifp;
126 if (nat->nat_dir == NAT_OUTBOUND) {
127 ipn->in_nip = ntohl(nat->nat_outip.s_addr);
128 ipn->in_outip = fin->fin_saddr;
129 ipn->in_redir = NAT_MAP;
130 } else if (nat->nat_dir == NAT_INBOUND) {
132 ipn->in_outip = nat->nat_outip.s_addr;
133 ipn->in_redir = NAT_REDIRECT;
135 ipn->in_inip = nat->nat_inip.s_addr;
136 ipn->in_inmsk = 0xffffffff;
137 ipn->in_outmsk = 0xffffffff;
138 ipn->in_srcip = fin->fin_saddr;
139 ipn->in_srcmsk = 0xffffffff;
140 bcopy(nat->nat_ptr->in_ifnames[0], ipn->in_ifnames[0],
141 sizeof(ipn->in_ifnames[0]));
142 ipn->in_p = IPPROTO_GRE;
144 pptp->pptp_side[0].pptps_wptr = pptp->pptp_side[0].pptps_buffer;
145 pptp->pptp_side[1].pptps_wptr = pptp->pptp_side[1].pptps_buffer;
150 void ippr_pptp_donatstate(fin, nat, pptp)
164 nat2 = pptp->pptp_nat;
165 if ((nat2 == NULL) || (pptp->pptp_state == NULL)) {
166 bcopy((char *)fin, (char *)&fi, sizeof(fi));
167 bzero((char *)&gre, sizeof(gre));
170 fi.fin_fi.fi_p = IPPROTO_GRE;
172 if ((nat->nat_dir == NAT_OUTBOUND && fin->fin_out) ||
173 (nat->nat_dir == NAT_INBOUND && !fin->fin_out)) {
174 fi.fin_data[0] = pptp->pptp_call[0];
175 fi.fin_data[1] = pptp->pptp_call[1];
177 fi.fin_data[0] = pptp->pptp_call[1];
178 fi.fin_data[1] = pptp->pptp_call[0];
181 ip->ip_p = IPPROTO_GRE;
182 fi.fin_flx &= ~(FI_TCPUDP|FI_STATE|FI_FRAG);
183 fi.fin_flx |= FI_IGNORE;
185 gre.gr_flags = htons(1 << 13);
186 if (fin->fin_out && nat->nat_dir == NAT_INBOUND) {
187 fi.fin_fi.fi_saddr = fin->fin_fi.fi_daddr;
188 fi.fin_fi.fi_daddr = nat->nat_outip.s_addr;
189 } else if (!fin->fin_out && nat->nat_dir == NAT_OUTBOUND) {
190 fi.fin_fi.fi_saddr = nat->nat_inip.s_addr;
191 fi.fin_fi.fi_daddr = fin->fin_fi.fi_saddr;
196 * Update NAT timeout/create NAT if missing.
199 fr_queueback(&nat2->nat_tqe);
201 nat2 = nat_new(&fi, &pptp->pptp_rule, &pptp->pptp_nat,
202 NAT_SLAVE, nat->nat_dir);
203 pptp->pptp_nat = nat2;
205 (void) nat_proto(&fi, nat2, 0);
206 nat_update(&fi, nat2, nat2->nat_ptr);
210 READ_ENTER(&ipf_state);
211 if (pptp->pptp_state != NULL) {
212 fr_queueback(&pptp->pptp_state->is_sti);
213 RWLOCK_EXIT(&ipf_state);
215 RWLOCK_EXIT(&ipf_state);
217 if (nat->nat_dir == NAT_INBOUND)
218 fi.fin_fi.fi_daddr = nat2->nat_inip.s_addr;
220 fi.fin_fi.fi_saddr = nat2->nat_inip.s_addr;
223 pptp->pptp_state = fr_addstate(&fi, &pptp->pptp_state,
225 if (fi.fin_state != NULL)
226 fr_statederef((ipstate_t **)&fi.fin_state);
234 * Try and build up the next PPTP message in the TCP stream and if we can
235 * build it up completely (fits in our buffer) then pass it off to the message
238 int ippr_pptp_nextmessage(fin, nat, pptp, rev)
244 static const char *funcname = "ippr_pptp_nextmessage";
254 dlen = fin->fin_dlen - (TCP_OFF(tcp) << 2);
255 start = ntohl(tcp->th_seq);
256 pptps = &pptp->pptp_side[rev];
257 off = (char *)tcp - (char *)fin->fin_ip + (TCP_OFF(tcp) << 2) +
263 * If the complete data packet is before what we expect to see
264 * "next", just ignore it as the chances are we've already seen it.
265 * The next if statement following this one really just causes packets
266 * ahead of what we've seen to be dropped, implying that something in
267 * the middle went missing and we want to see that first.
270 if (pptps->pptps_next > end && pptps->pptps_next > start)
273 if (pptps->pptps_next != start) {
274 if (ippr_pptp_debug > 5)
275 printf("%s: next (%x) != start (%x)\n", funcname,
276 pptps->pptps_next, start);
280 msg = (char *)fin->fin_dp + (TCP_OFF(tcp) << 2);
283 off += pptps->pptps_bytes;
284 if (pptps->pptps_gothdr == 0) {
286 * PPTP has an 8 byte header that inclues the cookie.
287 * The start of every message should include one and
288 * it should match 1a2b3c4d. Byte order is ignored,
289 * deliberately, when printing out the error.
291 len = MIN(8 - pptps->pptps_bytes, dlen);
292 COPYDATA(fin->fin_m, off, len, pptps->pptps_wptr);
293 pptps->pptps_bytes += len;
294 pptps->pptps_wptr += len;
295 hdr = (pptp_hdr_t *)pptps->pptps_buffer;
296 if (pptps->pptps_bytes == 8) {
297 pptps->pptps_next += 8;
298 if (ntohl(hdr->pptph_cookie) != 0x1a2b3c4d) {
299 if (ippr_pptp_debug > 1)
300 printf("%s: bad cookie (%x)\n",
310 pptps->pptps_gothdr = 1;
311 len = ntohs(hdr->pptph_len);
312 pptps->pptps_len = len;
313 pptps->pptps_nexthdr += len;
316 * If a message is too big for the buffer, just set
317 * the fields for the next message to come along.
318 * The messages defined in RFC 2637 will not exceed
319 * 512 bytes (in total length) so this is likely a
320 * bad data packet, anyway.
322 if (len > sizeof(pptps->pptps_buffer)) {
323 if (ippr_pptp_debug > 3)
324 printf("%s: message too big (%d)\n",
326 pptps->pptps_next = pptps->pptps_nexthdr;
327 pptps->pptps_wptr = pptps->pptps_buffer;
328 pptps->pptps_gothdr = 0;
329 pptps->pptps_bytes = 0;
330 pptps->pptps_len = 0;
335 len = MIN(pptps->pptps_len - pptps->pptps_bytes, dlen);
336 COPYDATA(fin->fin_m, off, len, pptps->pptps_wptr);
337 pptps->pptps_bytes += len;
338 pptps->pptps_wptr += len;
339 pptps->pptps_next += len;
341 if (pptps->pptps_len > pptps->pptps_bytes)
344 ippr_pptp_message(fin, nat, pptp, pptps);
345 pptps->pptps_wptr = pptps->pptps_buffer;
346 pptps->pptps_gothdr = 0;
347 pptps->pptps_bytes = 0;
348 pptps->pptps_len = 0;
360 * handle a complete PPTP message
362 int ippr_pptp_message(fin, nat, pptp, pptps)
368 pptp_hdr_t *hdr = (pptp_hdr_t *)pptps->pptps_buffer;
370 switch (ntohs(hdr->pptph_type))
372 case PPTP_MSGTYPE_CTL :
373 ippr_pptp_mctl(fin, nat, pptp, pptps);
384 * handle a complete PPTP control message
386 int ippr_pptp_mctl(fin, nat, pptp, pptps)
392 u_short *buffer = (u_short *)(pptps->pptps_buffer);
395 if (pptps == &pptp->pptp_side[0])
396 pptpo = &pptp->pptp_side[1];
398 pptpo = &pptp->pptp_side[0];
401 * Breakout to handle all the various messages. Most are just state
404 switch (ntohs(buffer[4]))
406 case PPTP_MTCTL_STARTREQ :
407 pptps->pptps_state = PPTP_MTCTL_STARTREQ;
409 case PPTP_MTCTL_STARTREP :
410 if (pptpo->pptps_state == PPTP_MTCTL_STARTREQ)
411 pptps->pptps_state = PPTP_MTCTL_STARTREP;
413 case PPTP_MTCTL_STOPREQ :
414 pptps->pptps_state = PPTP_MTCTL_STOPREQ;
416 case PPTP_MTCTL_STOPREP :
417 if (pptpo->pptps_state == PPTP_MTCTL_STOPREQ)
418 pptps->pptps_state = PPTP_MTCTL_STOPREP;
420 case PPTP_MTCTL_ECHOREQ :
421 pptps->pptps_state = PPTP_MTCTL_ECHOREQ;
423 case PPTP_MTCTL_ECHOREP :
424 if (pptpo->pptps_state == PPTP_MTCTL_ECHOREQ)
425 pptps->pptps_state = PPTP_MTCTL_ECHOREP;
427 case PPTP_MTCTL_OUTREQ :
428 pptps->pptps_state = PPTP_MTCTL_OUTREQ;
430 case PPTP_MTCTL_OUTREP :
431 if (pptpo->pptps_state == PPTP_MTCTL_OUTREQ) {
432 pptps->pptps_state = PPTP_MTCTL_OUTREP;
433 pptp->pptp_call[0] = buffer[7];
434 pptp->pptp_call[1] = buffer[6];
435 ippr_pptp_donatstate(fin, nat, pptp);
438 case PPTP_MTCTL_INREQ :
439 pptps->pptps_state = PPTP_MTCTL_INREQ;
441 case PPTP_MTCTL_INREP :
442 if (pptpo->pptps_state == PPTP_MTCTL_INREQ) {
443 pptps->pptps_state = PPTP_MTCTL_INREP;
444 pptp->pptp_call[0] = buffer[7];
445 pptp->pptp_call[1] = buffer[6];
446 ippr_pptp_donatstate(fin, nat, pptp);
449 case PPTP_MTCTL_INCONNECT :
450 pptps->pptps_state = PPTP_MTCTL_INCONNECT;
452 case PPTP_MTCTL_CLEAR :
453 pptps->pptps_state = PPTP_MTCTL_CLEAR;
455 case PPTP_MTCTL_DISCONNECT :
456 pptps->pptps_state = PPTP_MTCTL_DISCONNECT;
458 case PPTP_MTCTL_WANERROR :
459 pptps->pptps_state = PPTP_MTCTL_WANERROR;
461 case PPTP_MTCTL_LINKINFO :
462 pptps->pptps_state = PPTP_MTCTL_LINKINFO;
471 * For outgoing PPTP packets. refresh timeouts for NAT & state entries, if
472 * we can. If they have disappeared, recreate them.
474 int ippr_pptp_inout(fin, aps, nat)
483 if ((fin->fin_out == 1) && (nat->nat_dir == NAT_INBOUND))
485 else if ((fin->fin_out == 0) && (nat->nat_dir == NAT_OUTBOUND))
490 tcp = (tcphdr_t *)fin->fin_dp;
491 if ((tcp->th_flags & TH_OPENING) == TH_OPENING) {
492 pptp = (pptp_pxy_t *)aps->aps_data;
493 pptp->pptp_side[1 - rev].pptps_next = ntohl(tcp->th_ack);
494 pptp->pptp_side[1 - rev].pptps_nexthdr = ntohl(tcp->th_ack);
495 pptp->pptp_side[rev].pptps_next = ntohl(tcp->th_seq) + 1;
496 pptp->pptp_side[rev].pptps_nexthdr = ntohl(tcp->th_seq) + 1;
498 return ippr_pptp_nextmessage(fin, nat, (pptp_pxy_t *)aps->aps_data,
504 * clean up after ourselves.
506 void ippr_pptp_del(aps)
511 pptp = aps->aps_data;
515 * Don't bother changing any of the NAT structure details,
516 * *_del() is on a callback from aps_free(), from nat_delete()
519 READ_ENTER(&ipf_state);
520 if (pptp->pptp_state != NULL) {
521 pptp->pptp_state->is_die = fr_ticks + 1;
522 pptp->pptp_state->is_me = NULL;
523 fr_queuefront(&pptp->pptp_state->is_sti);
525 RWLOCK_EXIT(&ipf_state);
527 pptp->pptp_state = NULL;
528 pptp->pptp_nat = NULL;
projects / FreeBSD / releng / 9.2.git / blob