1 /*
2 * Simple FTP transparent proxy for in-kernel use. For use with the NAT
3 * code.
4 */
5
6 #define isdigit(x) ((x) >= '' && (x) <= '9')
7
8 #define IPF_FTP_PROXY
9
10 #define IPF_MINPORTLEN 18
11 #define IPF_MAXPORTLEN 30
12
13
14 int ippr_ftp_init __P((fr_info_t *, ip_t *, tcphdr_t *,
15 ap_session_t *, nat_t *));
16 int ippr_ftp_in __P((fr_info_t *, ip_t *, tcphdr_t *,
17 ap_session_t *, nat_t *));
18 int ippr_ftp_out __P((fr_info_t *, ip_t *, tcphdr_t *,
19 ap_session_t *, nat_t *));
20 u_short ipf_ftp_atoi __P((char **));
21
22
23 /*
24 * FTP application proxy initialization.
25 */
26 int ippr_ftp_init(fin, ip, tcp, aps, nat)
27 fr_info_t *fin;
28 ip_t *ip;
29 tcphdr_t *tcp;
30 ap_session_t *aps;
31 nat_t *nat;
32 {
33 aps->aps_sport = tcp->th_sport;
34 aps->aps_dport = tcp->th_dport;
35 return 0;
36 }
37
38
39 int ippr_ftp_in(fin, ip, tcp, aps, nat)
40 fr_info_t *fin;
41 ip_t *ip;
42 tcphdr_t *tcp;
43 ap_session_t *aps;
44 nat_t *nat;
45 {
46 u_32_t sum1, sum2;
47 short sel;
48
49 if (tcp->th_sport == aps->aps_dport) {
50 sum2 = (u_32_t)ntohl(tcp->th_ack);
51 sel = aps->aps_sel;
52 if ((aps->aps_after[!sel] > aps->aps_after[sel]) &&
53 (sum2 > aps->aps_after[!sel])) {
54 sel = aps->aps_sel = !sel; /* switch to other set */
55 }
56 if (aps->aps_seqoff[sel] && (sum2 > aps->aps_after[sel])) {
57 sum1 = (u_32_t)aps->aps_seqoff[sel];
58 tcp->th_ack = htonl(sum2 - sum1);
59 return 2;
60 }
61 }
62 return 0;
63 }
64
65
66 /*
67 * ipf_ftp_atoi - implement a version of atoi which processes numbers in
68 * pairs separated by commas (which are expected to be in the range 0 - 255),
69 * returning a 16 bit number combining either side of the , as the MSB and
70 * LSB.
71 */
72 u_short ipf_ftp_atoi(ptr)
73 char **ptr;
74 {
75 register char *s = *ptr, c;
76 register u_char i = 0, j = 0;
77
78 while ((c = *s++) && isdigit(c)) {
79 i *= 10;
80 i += c - '';
81 }
82 if (c != ',') {
83 *ptr = NULL;
84 return 0;
85 }
86 while ((c = *s++) && isdigit(c)) {
87 j *= 10;
88 j += c - '';
89 }
90 *ptr = s;
91 return (i << 8) | j;
92 }
93
94
95 int ippr_ftp_out(fin, ip, tcp, aps, nat)
96 fr_info_t *fin;
97 ip_t *ip;
98 tcphdr_t *tcp;
99 ap_session_t *aps;
100 nat_t *nat;
101 {
102 register u_32_t sum1, sum2;
103 char newbuf[IPF_MAXPORTLEN+1];
104 char portbuf[IPF_MAXPORTLEN+1], *s;
105 int ch = 0, off = (ip->ip_hl << 2) + (tcp->th_off << 2);
106 u_int a1, a2, a3, a4;
107 u_short a5, a6;
108 int olen, dlen, nlen = 0, inc = 0;
109 tcphdr_t tcph, *tcp2 = &tcph;
110 void *savep;
111 nat_t *ipn;
112 struct in_addr swip;
113 mb_t *m = *(mb_t **)fin->fin_mp;
114
115 #if SOLARIS
116 mb_t *m1;
117
118 /* skip any leading M_PROTOs */
119 while(m && (MTYPE(m) != M_DATA))
120 m = m->b_cont;
121 PANIC((!m),("ippr_ftp_out: no M_DATA"));
122
123 dlen = msgdsize(m) - off;
124 bzero(portbuf, sizeof(portbuf));
125 copyout_mblk(m, off, MIN(sizeof(portbuf), dlen), portbuf);
126 #else
127 dlen = mbufchainlen(m) - off;
128 bzero(portbuf, sizeof(portbuf));
129 m_copydata(m, off, MIN(sizeof(portbuf), dlen), portbuf);
130 #endif
131 portbuf[IPF_MAXPORTLEN] = '\0';
132
133 if ((dlen < IPF_MINPORTLEN) || strncmp(portbuf, "PORT ", 5))
134 goto adjust_seqack;
135
136 /*
137 * Skip the PORT command + space
138 */
139 s = portbuf + 5;
140 /*
141 * Pick out the address components, two at a time.
142 */
143 (void) ipf_ftp_atoi(&s);
144 if (!s)
145 goto adjust_seqack;
146 (void) ipf_ftp_atoi(&s);
147 if (!s)
148 goto adjust_seqack;
149 a5 = ipf_ftp_atoi(&s);
150 if (!s)
151 goto adjust_seqack;
152 /*
153 * check for CR-LF at the end.
154 */
155 if (*s != '\n' || *(s - 1) != '\r')
156 goto adjust_seqack;
157 a6 = a5 & 0xff;
158 a5 >>= 8;
159 /*
160 * Calculate new address parts for PORT command
161 */
162 a1 = ntohl(ip->ip_src.s_addr);
163 a2 = (a1 >> 16) & 0xff;
164 a3 = (a1 >> 8) & 0xff;
165 a4 = a1 & 0xff;
166 a1 >>= 24;
167 olen = s - portbuf + 1;
168 (void) snprintf(newbuf, sizeof(newbuf), "PORT %d,%d,%d,%d,%d,%d\r\n",
169 a1, a2, a3, a4, a5, a6);
170 nlen = strlen(newbuf);
171 inc = nlen - olen;
172 #if SOLARIS
173 for (m1 = m; m1->b_cont; m1 = m1->b_cont)
174 ;
175 if (inc > 0) {
176 mblk_t *nm;
177
178 /* alloc enough to keep same trailer space for lower driver */
179 nm = allocb(nlen + m1->b_datap->db_lim - m1->b_wptr, BPRI_MED);
180 PANIC((!nm),("ippr_ftp_out: allocb failed"));
181
182 nm->b_band = m1->b_band;
183 nm->b_wptr += nlen;
184
185 m1->b_wptr -= olen;
186 PANIC((m1->b_wptr < m1->b_rptr),("ippr_ftp_out: cannot handle fragmented data block"));
187
188 linkb(m1, nm);
189 } else {
190 m1->b_wptr += inc;
191 }
192 copyin_mblk(m, off, nlen, newbuf);
193 #else
194 if (inc < 0)
195 m_adj(m, inc);
196 /* the mbuf chain will be extended if necessary by m_copyback() */
197 m_copyback(m, off, nlen, newbuf);
198 #endif
199 if (inc) {
200 #if SOLARIS || defined(__sgi)
201 sum1 = ip->ip_len;
202 sum2 = ip->ip_len + inc;
203
204 /* Because ~1 == -2, We really need ~1 == -1 */
205 if (sum1 > sum2)
206 sum2--;
207 sum2 -= sum1;
208 sum2 = (sum2 & 0xffff) + (sum2 >> 16);
209
210 fix_outcksum(&ip->ip_sum, sum2);
211 #endif
212 ip->ip_len += inc;
213 }
214 ch = 1;
215
216 /*
217 * Add skeleton NAT entry for connection which will come back the
218 * other way.
219 */
220 savep = fin->fin_dp;
221 fin->fin_dp = (char *)tcp2;
222 bzero((char *)tcp2, sizeof(*tcp2));
223 tcp2->th_sport = htons(a5 << 8 | a6);
224 tcp2->th_dport = htons(20);
225 swip = ip->ip_src;
226 ip->ip_src = nat->nat_inip;
227 if ((ipn = nat_new(nat->nat_ptr, ip, fin, IPN_TCP, NAT_OUTBOUND)))
228 ipn->nat_age = fr_defnatage;
229 (void) fr_addstate(ip, fin, FR_INQUE|FR_PASS|FR_QUICK|FR_KEEPSTATE);
230 ip->ip_src = swip;
231 fin->fin_dp = (char *)savep;
232
233 adjust_seqack:
234 if (tcp->th_dport == aps->aps_dport) {
235 sum2 = (u_32_t)ntohl(tcp->th_seq);
236 off = aps->aps_sel;
237 if ((aps->aps_after[!off] > aps->aps_after[off]) &&
238 (sum2 > aps->aps_after[!off])) {
239 off = aps->aps_sel = !off; /* switch to other set */
240 }
241 if (aps->aps_seqoff[off]) {
242 sum1 = (u_32_t)aps->aps_after[off] -
243 aps->aps_seqoff[off];
244 if (sum2 > sum1) {
245 sum1 = (u_32_t)aps->aps_seqoff[off];
246 sum2 += sum1;
247 tcp->th_seq = htonl(sum2);
248 ch = 1;
249 }
250 }
251
252 if (inc && (sum2 > aps->aps_after[!off])) {
253 aps->aps_after[!off] = sum2 + nlen - 1;
254 aps->aps_seqoff[!off] = aps->aps_seqoff[off] + inc;
255 }
256 }
257 return ch ? 2 : 0;
258 }
Cache object: 74cfea0658ace9d3349abb099f33cc75
|