diff options
author | brian <brian@cvs.openbsd.org> | 2000-11-02 00:53:48 +0000 |
---|---|---|
committer | brian <brian@cvs.openbsd.org> | 2000-11-02 00:53:48 +0000 |
commit | 5692c094e2a56114a53555eece196578113c1fe5 (patch) | |
tree | b2d77e851254ce3225de38f29b9394116730d9a0 | |
parent | 060384c82bf0e12c72e8a365bb3f742b4e1f0166 (diff) |
Improvements for ICMP and GRE/PPTP; FreeBSD
-rw-r--r-- | usr.sbin/ppp/ppp/alias.c | 88 | ||||
-rw-r--r-- | usr.sbin/ppp/ppp/alias_cuseeme.c | 4 | ||||
-rw-r--r-- | usr.sbin/ppp/ppp/alias_db.c | 223 | ||||
-rw-r--r-- | usr.sbin/ppp/ppp/alias_ftp.c | 4 | ||||
-rw-r--r-- | usr.sbin/ppp/ppp/alias_irc.c | 9 | ||||
-rw-r--r-- | usr.sbin/ppp/ppp/alias_local.h | 26 | ||||
-rw-r--r-- | usr.sbin/ppp/ppp/alias_pptp.c | 182 | ||||
-rw-r--r-- | usr.sbin/ppp/ppp/alias_smedia.c | 4 |
8 files changed, 294 insertions, 246 deletions
diff --git a/usr.sbin/ppp/ppp/alias.c b/usr.sbin/ppp/ppp/alias.c index 99f7a492ebb..0087c25dfb8 100644 --- a/usr.sbin/ppp/ppp/alias.c +++ b/usr.sbin/ppp/ppp/alias.c @@ -85,7 +85,7 @@ See HISTORY file for additional revisions. - $OpenBSD: alias.c,v 1.11 2000/10/06 00:26:43 brian Exp $ + $OpenBSD: alias.c,v 1.12 2000/11/02 00:53:47 brian Exp $ */ #include <sys/types.h> @@ -185,7 +185,6 @@ TcpMonitorOut(struct ip *pip, struct alias_link *link) ProtoAliasIn(), ProtoAliasOut() UdpAliasIn(), UdpAliasOut() TcpAliasIn(), TcpAliasOut() - GreAliasIn() These routines handle protocol specific details of packet aliasing. One may observe a certain amount of repetitive arithmetic in these @@ -237,8 +236,6 @@ static int UdpAliasIn (struct ip *); static int TcpAliasOut(struct ip *, int); static int TcpAliasIn (struct ip *); -static int GreAliasIn(struct ip *); - static int IcmpAliasIn1(struct ip *pip) @@ -253,7 +250,7 @@ IcmpAliasIn1(struct ip *pip) ic = (struct icmp *) ((char *) pip + (pip->ip_hl << 2)); /* Get source address from ICMP data field and restore original data */ - link = FindIcmpIn(pip->ip_src, pip->ip_dst, ic->icmp_id); + link = FindIcmpIn(pip->ip_src, pip->ip_dst, ic->icmp_id, 1); if (link != NULL) { u_short original_id; @@ -309,14 +306,14 @@ IcmpAliasIn2(struct ip *pip) if (ip->ip_p == IPPROTO_UDP) link = FindUdpTcpIn(ip->ip_dst, ip->ip_src, ud->uh_dport, ud->uh_sport, - IPPROTO_UDP); + IPPROTO_UDP, 0); else if (ip->ip_p == IPPROTO_TCP) link = FindUdpTcpIn(ip->ip_dst, ip->ip_src, tc->th_dport, tc->th_sport, - IPPROTO_TCP); + IPPROTO_TCP, 0); else if (ip->ip_p == IPPROTO_ICMP) { if (ic2->icmp_type == ICMP_ECHO || ic2->icmp_type == ICMP_TSTAMP) - link = FindIcmpIn(ip->ip_dst, ip->ip_src, ic2->icmp_id); + link = FindIcmpIn(ip->ip_dst, ip->ip_src, ic2->icmp_id, 0); else link = NULL; } else @@ -446,7 +443,7 @@ IcmpAliasOut1(struct ip *pip) ic = (struct icmp *) ((char *) pip + (pip->ip_hl << 2)); /* Save overwritten data for when echo packet returns */ - link = FindIcmpOut(pip->ip_src, pip->ip_dst, ic->icmp_id); + link = FindIcmpOut(pip->ip_src, pip->ip_dst, ic->icmp_id, 1); if (link != NULL) { u_short alias_id; @@ -503,14 +500,14 @@ IcmpAliasOut2(struct ip *pip) if (ip->ip_p == IPPROTO_UDP) link = FindUdpTcpOut(ip->ip_dst, ip->ip_src, ud->uh_dport, ud->uh_sport, - IPPROTO_UDP); + IPPROTO_UDP, 0); else if (ip->ip_p == IPPROTO_TCP) link = FindUdpTcpOut(ip->ip_dst, ip->ip_src, tc->th_dport, tc->th_sport, - IPPROTO_TCP); + IPPROTO_TCP, 0); else if (ip->ip_p == IPPROTO_ICMP) { if (ic2->icmp_type == ICMP_ECHO || ic2->icmp_type == ICMP_TSTAMP) - link = FindIcmpOut(ip->ip_dst, ip->ip_src, ic2->icmp_id); + link = FindIcmpOut(ip->ip_dst, ip->ip_src, ic2->icmp_id, 0); else link = NULL; } else @@ -707,40 +704,6 @@ ProtoAliasOut(struct ip *pip) static int -GreAliasIn(struct ip *pip) -{ - u_short call_id; - struct alias_link *link; - -/* Return if proxy-only mode is enabled. */ - if (packetAliasMode & PKT_ALIAS_PROXY_ONLY) - return (PKT_ALIAS_OK); - - if (PptpGetCallID(pip, &call_id)) { - if ((link = FindPptpIn(pip->ip_src, pip->ip_dst, call_id)) != NULL) { - struct in_addr alias_address; - struct in_addr original_address; - - alias_address = GetAliasAddress(link); - original_address = GetOriginalAddress(link); - PptpSetCallID(pip, GetOriginalPort(link)); - - /* Restore original IP address. */ - DifferentialChecksum(&pip->ip_sum, - (u_short *)&original_address, - (u_short *)&pip->ip_dst, - 2); - pip->ip_dst = original_address; - - return (PKT_ALIAS_OK); - } else - return (PKT_ALIAS_IGNORED); - } else - return ProtoAliasIn(pip); -} - - -static int UdpAliasIn(struct ip *pip) { struct udphdr *ud; @@ -754,7 +717,7 @@ UdpAliasIn(struct ip *pip) link = FindUdpTcpIn(pip->ip_src, pip->ip_dst, ud->uh_sport, ud->uh_dport, - IPPROTO_UDP); + IPPROTO_UDP, 1); if (link != NULL) { struct in_addr alias_address; @@ -828,7 +791,7 @@ UdpAliasOut(struct ip *pip) link = FindUdpTcpOut(pip->ip_src, pip->ip_dst, ud->uh_sport, ud->uh_dport, - IPPROTO_UDP); + IPPROTO_UDP, 1); if (link != NULL) { u_short alias_port; @@ -894,7 +857,8 @@ TcpAliasIn(struct ip *pip) link = FindUdpTcpIn(pip->ip_src, pip->ip_dst, tc->th_sport, tc->th_dport, - IPPROTO_TCP); + IPPROTO_TCP, + !(packetAliasMode & PKT_ALIAS_PROXY_ONLY)); if (link != NULL) { struct in_addr alias_address; @@ -1049,7 +1013,7 @@ TcpAliasOut(struct ip *pip, int maxpacketsize) link = FindUdpTcpOut(pip->ip_src, pip->ip_dst, tc->th_sport, tc->th_dport, - IPPROTO_TCP); + IPPROTO_TCP, 1); if (link !=NULL) { u_short alias_port; @@ -1318,8 +1282,12 @@ PacketAliasIn(char *ptr, int maxpacketsize) iresult = TcpAliasIn(pip); break; case IPPROTO_GRE: - iresult = GreAliasIn(pip); - break; + if (packetAliasMode & PKT_ALIAS_PROXY_ONLY || + AliasHandlePptpGreIn(pip) == 0) + iresult = PKT_ALIAS_OK; + else + iresult = ProtoAliasIn(pip); + break; default: iresult = ProtoAliasIn(pip); break; @@ -1426,6 +1394,12 @@ PacketAliasOut(char *ptr, /* valid IP packet */ case IPPROTO_TCP: iresult = TcpAliasOut(pip, maxpacketsize); break; + case IPPROTO_GRE: + if (AliasHandlePptpGreOut(pip) == 0) + iresult = PKT_ALIAS_OK; + else + iresult = ProtoAliasOut(pip); + break; default: iresult = ProtoAliasOut(pip); break; @@ -1465,15 +1439,15 @@ PacketUnaliasOut(char *ptr, /* valid IP packet */ /* Find a link */ if (pip->ip_p == IPPROTO_UDP) - link = QueryUdpTcpIn(pip->ip_dst, pip->ip_src, + link = FindUdpTcpIn(pip->ip_dst, pip->ip_src, ud->uh_dport, ud->uh_sport, - IPPROTO_UDP); + IPPROTO_UDP, 0); else if (pip->ip_p == IPPROTO_TCP) - link = QueryUdpTcpIn(pip->ip_dst, pip->ip_src, + link = FindUdpTcpIn(pip->ip_dst, pip->ip_src, tc->th_dport, tc->th_sport, - IPPROTO_TCP); + IPPROTO_TCP, 0); else if (pip->ip_p == IPPROTO_ICMP) - link = FindIcmpIn(pip->ip_dst, pip->ip_src, ic->icmp_id); + link = FindIcmpIn(pip->ip_dst, pip->ip_src, ic->icmp_id, 0); else link = NULL; diff --git a/usr.sbin/ppp/ppp/alias_cuseeme.c b/usr.sbin/ppp/ppp/alias_cuseeme.c index c8edaad8723..6dc750d0b22 100644 --- a/usr.sbin/ppp/ppp/alias_cuseeme.c +++ b/usr.sbin/ppp/ppp/alias_cuseeme.c @@ -25,7 +25,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $OpenBSD: alias_cuseeme.c,v 1.3 2000/10/06 00:26:43 brian Exp $ + * $OpenBSD: alias_cuseeme.c,v 1.4 2000/11/02 00:53:47 brian Exp $ */ #include <sys/types.h> @@ -79,7 +79,7 @@ AliasHandleCUSeeMeOut(struct ip *pip, struct alias_link *link) cu->addr = (u_int32_t)GetAliasAddress(link).s_addr; cu_link = FindUdpTcpOut(pip->ip_src, GetDestAddress(link), - ud->uh_dport, 0, IPPROTO_UDP); + ud->uh_dport, 0, IPPROTO_UDP, 1); #ifndef NO_FW_PUNCH if (cu_link) diff --git a/usr.sbin/ppp/ppp/alias_db.c b/usr.sbin/ppp/ppp/alias_db.c index c6d5e59bbef..518358e3b61 100644 --- a/usr.sbin/ppp/ppp/alias_db.c +++ b/usr.sbin/ppp/ppp/alias_db.c @@ -115,7 +115,7 @@ See HISTORY file for additional revisions. - $OpenBSD: alias_db.c,v 1.15 2000/09/02 22:12:26 brian Exp $ + $OpenBSD: alias_db.c,v 1.16 2000/11/02 00:53:47 brian Exp $ */ @@ -158,7 +158,6 @@ /* Timeouts (in seconds) for different link types */ #define ICMP_EXPIRE_TIME 60 #define UDP_EXPIRE_TIME 60 -#define PPTP_EXPIRE_TIME 60 #define PROTO_EXPIRE_TIME 60 #define FRAGMENT_ID_EXPIRE_TIME 10 #define FRAGMENT_PTR_EXPIRE_TIME 30 @@ -422,7 +421,8 @@ StartPointIn(struct in_addr alias_addr, u_int n; n = alias_addr.s_addr; - n += alias_port; + if (link_type != LINK_PPTP) + n += alias_port; n += link_type; return(n % LINK_TABLE_IN_SIZE); } @@ -436,8 +436,10 @@ StartPointOut(struct in_addr src_addr, struct in_addr dst_addr, n = src_addr.s_addr; n += dst_addr.s_addr; - n += src_port; - n += dst_port; + if (link_type != LINK_PPTP) { + n += src_port; + n += dst_port; + } n += link_type; return(n % LINK_TABLE_OUT_SIZE); @@ -931,8 +933,7 @@ DeleteLink(struct alias_link *link) break; case LINK_TCP: tcpLinkCount--; - if (link->data.tcp != NULL) - free(link->data.tcp); + free(link->data.tcp); break; case LINK_PPTP: pptpLinkCount--; @@ -1005,7 +1006,7 @@ AddLink(struct in_addr src_addr, link->expire_time = TCP_EXPIRE_INITIAL; break; case LINK_PPTP: - link->expire_time = PPTP_EXPIRE_TIME; + link->flags |= LINK_PERMANENT; /* no timeout. */ break; case LINK_FRAGMENT_ID: link->expire_time = FRAGMENT_ID_EXPIRE_TIME; @@ -1033,15 +1034,6 @@ AddLink(struct in_addr src_addr, return(NULL); } - /* Set up pointers for output lookup table */ - start_point = StartPointOut(src_addr, dst_addr, - src_port, dst_port, link_type); - LIST_INSERT_HEAD(&linkTableOut[start_point], link, list_out); - - /* Set up pointers for input lookup table */ - start_point = StartPointIn(alias_addr, link->alias_port, link_type); - LIST_INSERT_HEAD(&linkTableIn[start_point], link, list_in); - /* Link-type dependent initialization */ switch(link_type) { @@ -1055,7 +1047,6 @@ AddLink(struct in_addr src_addr, break; case LINK_TCP: aux_tcp = malloc(sizeof(struct tcp_dat)); - link->data.tcp = aux_tcp; if (aux_tcp != NULL) { int i; @@ -1068,6 +1059,7 @@ AddLink(struct in_addr src_addr, for (i=0; i<N_LINK_TCP_DATA; i++) aux_tcp->ack[i].active = 0; aux_tcp->fwhole = -1; + link->data.tcp = aux_tcp; } else { @@ -1075,6 +1067,8 @@ AddLink(struct in_addr src_addr, fprintf(stderr, "PacketAlias/AddLink: "); fprintf(stderr, " cannot allocate auxiliary TCP data\n"); #endif + free(link); + return (NULL); } break; case LINK_PPTP: @@ -1092,6 +1086,15 @@ AddLink(struct in_addr src_addr, protoLinkCount++; break; } + + /* Set up pointers for output lookup table */ + start_point = StartPointOut(src_addr, dst_addr, + src_port, dst_port, link_type); + LIST_INSERT_HEAD(&linkTableOut[start_point], link, list_out); + + /* Set up pointers for input lookup table */ + start_point = StartPointIn(alias_addr, link->alias_port, link_type); + LIST_INSERT_HEAD(&linkTableIn[start_point], link, list_in); } else { @@ -1127,7 +1130,6 @@ ReLink(struct alias_link *old_link, #ifndef NO_FW_PUNCH if (new_link != NULL && old_link->link_type == LINK_TCP && - old_link->data.tcp && old_link->data.tcp->fwhole > 0) { PunchFWHole(new_link); } @@ -1389,7 +1391,8 @@ FindLinkIn(struct in_addr dst_addr, AddFragmentPtrLink(), FindFragmentPtr() FindProtoIn(), FindProtoOut() FindUdpTcpIn(), FindUdpTcpOut() - FindPptpIn(), FindPptpOut() + AddPptp(), FindPptpOutByCallId(), FindPptpInByCallId(), + FindPptpOutByPeerCallId(), FindPptpInByPeerCallId() FindOriginalAddress(), FindAliasAddress() (prototypes in alias_local.h) @@ -1399,14 +1402,15 @@ FindLinkIn(struct in_addr dst_addr, struct alias_link * FindIcmpIn(struct in_addr dst_addr, struct in_addr alias_addr, - u_short id_alias) + u_short id_alias, + int create) { struct alias_link *link; link = FindLinkIn(dst_addr, alias_addr, NO_DEST_PORT, id_alias, LINK_ICMP, 0); - if (link == NULL && !(packetAliasMode & PKT_ALIAS_DENY_INCOMING)) + if (link == NULL && create && !(packetAliasMode & PKT_ALIAS_DENY_INCOMING)) { struct in_addr target_addr; @@ -1423,14 +1427,15 @@ FindIcmpIn(struct in_addr dst_addr, struct alias_link * FindIcmpOut(struct in_addr src_addr, struct in_addr dst_addr, - u_short id) + u_short id, + int create) { struct alias_link * link; link = FindLinkOut(src_addr, dst_addr, id, NO_DEST_PORT, LINK_ICMP, 0); - if (link == NULL) + if (link == NULL && create) { struct in_addr alias_addr; @@ -1552,7 +1557,8 @@ FindUdpTcpIn(struct in_addr dst_addr, struct in_addr alias_addr, u_short dst_port, u_short alias_port, - u_char proto) + u_char proto, + int create) { int link_type; struct alias_link *link; @@ -1572,11 +1578,9 @@ FindUdpTcpIn(struct in_addr dst_addr, link = FindLinkIn(dst_addr, alias_addr, dst_port, alias_port, - link_type, 1); + link_type, create); - if (!(packetAliasMode & PKT_ALIAS_DENY_INCOMING) - && !(packetAliasMode & PKT_ALIAS_PROXY_ONLY) - && link == NULL) + if (link == NULL && create && !(packetAliasMode & PKT_ALIAS_DENY_INCOMING)) { struct in_addr target_addr; @@ -1595,7 +1599,8 @@ FindUdpTcpOut(struct in_addr src_addr, struct in_addr dst_addr, u_short src_port, u_short dst_port, - u_char proto) + u_char proto, + int create) { int link_type; struct alias_link *link; @@ -1613,9 +1618,9 @@ FindUdpTcpOut(struct in_addr src_addr, break; } - link = FindLinkOut(src_addr, dst_addr, src_port, dst_port, link_type, 1); + link = FindLinkOut(src_addr, dst_addr, src_port, dst_port, link_type, create); - if (link == NULL) + if (link == NULL && create) { struct in_addr alias_addr; @@ -1630,114 +1635,94 @@ FindUdpTcpOut(struct in_addr src_addr, struct alias_link * -FindPptpIn(struct in_addr dst_addr, - struct in_addr alias_addr, - u_short call_id) +AddPptp(struct in_addr src_addr, + struct in_addr dst_addr, + struct in_addr alias_addr, + u_int16_t src_call_id) { struct alias_link *link; - link = FindLinkIn(dst_addr, alias_addr, - NO_DEST_PORT, call_id, - LINK_PPTP, 1); - - if (link == NULL && !(packetAliasMode & PKT_ALIAS_DENY_INCOMING)) - { - struct in_addr target_addr; - - target_addr = FindOriginalAddress(alias_addr); - link = AddLink(target_addr, dst_addr, alias_addr, - call_id, NO_DEST_PORT, call_id, - LINK_PPTP); - } + link = AddLink(src_addr, dst_addr, alias_addr, + src_call_id, 0, GET_ALIAS_PORT, + LINK_PPTP); - return(link); + return (link); } -struct alias_link * -FindPptpOut(struct in_addr src_addr, - struct in_addr dst_addr, - u_short call_id) +struct alias_link * +FindPptpOutByCallId(struct in_addr src_addr, + struct in_addr dst_addr, + u_int16_t src_call_id) { + u_int i; struct alias_link *link; - link = FindLinkOut(src_addr, dst_addr, - call_id, NO_DEST_PORT, - LINK_PPTP, 1); + i = StartPointOut(src_addr, dst_addr, 0, 0, LINK_PPTP); + LIST_FOREACH(link, &linkTableOut[i], list_out) + if (link->link_type == LINK_PPTP && + link->src_addr.s_addr == src_addr.s_addr && + link->dst_addr.s_addr == dst_addr.s_addr && + link->src_port == src_call_id) + break; - if (link == NULL) - { - struct in_addr alias_addr; + return (link); +} - alias_addr = FindAliasAddress(src_addr); - link = AddLink(src_addr, dst_addr, alias_addr, - call_id, NO_DEST_PORT, GET_ALIAS_PORT, - LINK_PPTP); - } - return(link); +struct alias_link * +FindPptpOutByPeerCallId(struct in_addr src_addr, + struct in_addr dst_addr, + u_int16_t dst_call_id) +{ + u_int i; + struct alias_link *link; + + i = StartPointOut(src_addr, dst_addr, 0, 0, LINK_PPTP); + LIST_FOREACH(link, &linkTableOut[i], list_out) + if (link->link_type == LINK_PPTP && + link->src_addr.s_addr == src_addr.s_addr && + link->dst_addr.s_addr == dst_addr.s_addr && + link->dst_port == dst_call_id) + break; + + return (link); } struct alias_link * -QueryUdpTcpIn(struct in_addr dst_addr, - struct in_addr alias_addr, - u_short dst_port, - u_short alias_port, - u_char proto) +FindPptpInByCallId(struct in_addr dst_addr, + struct in_addr alias_addr, + u_int16_t dst_call_id) { - int link_type; + u_int i; struct alias_link *link; - switch (proto) - { - case IPPROTO_UDP: - link_type = LINK_UDP; - break; - case IPPROTO_TCP: - link_type = LINK_TCP; - break; - default: - return NULL; - break; - } - - link = FindLinkIn(dst_addr, alias_addr, - dst_port, alias_port, - link_type, 0); + i = StartPointIn(alias_addr, 0, LINK_PPTP); + LIST_FOREACH(link, &linkTableIn[i], list_in) + if (link->link_type == LINK_PPTP && + link->dst_addr.s_addr == dst_addr.s_addr && + link->alias_addr.s_addr == alias_addr.s_addr && + link->dst_port == dst_call_id) + break; - return(link); + return (link); } -struct alias_link * -QueryUdpTcpOut(struct in_addr src_addr, - struct in_addr dst_addr, - u_short src_port, - u_short dst_port, - u_char proto) +struct alias_link * +FindPptpInByPeerCallId(struct in_addr dst_addr, + struct in_addr alias_addr, + u_int16_t alias_call_id) { - int link_type; struct alias_link *link; - switch (proto) - { - case IPPROTO_UDP: - link_type = LINK_UDP; - break; - case IPPROTO_TCP: - link_type = LINK_TCP; - break; - default: - return NULL; - break; - } + link = FindLinkIn(dst_addr, alias_addr, + 0/* any */, alias_call_id, + LINK_PPTP, 0); - link = FindLinkOut(src_addr, dst_addr, - src_port, dst_port, - link_type, 0); - return(link); + return (link); } @@ -1845,6 +1830,7 @@ FindAliasAddress(struct in_addr original_addr) SetAckModified(), GetAckModified() GetDeltaAckIn(), GetDeltaSeqOut(), AddSeq() SetLastLineCrlfTermed(), GetLastLineCrlfTermed() + SetDestCallId() */ @@ -2227,6 +2213,16 @@ GetLastLineCrlfTermed(struct alias_link *link) return (link->flags & LINK_LAST_LINE_CRLF_TERMED); } +void +SetDestCallId(struct alias_link *link, u_int16_t cid) +{ + + deleteAllLinks = 1; + link = ReLink(link, link->src_addr, link->dst_addr, link->alias_addr, + link->src_port, cid, link->alias_port, link->link_type); + deleteAllLinks = 0; +} + /* Miscellaneous Functions @@ -2679,8 +2675,7 @@ PunchFWHole(struct alias_link *link) { /* Don't do anything unless we are asked to */ if ( !(packetAliasMode & PKT_ALIAS_PUNCH_FW) || fireWallFD < 0 || - link->link_type != LINK_TCP || - !link->data.tcp) + link->link_type != LINK_TCP) return; memset(&rule, 0, sizeof rule); @@ -2755,7 +2750,7 @@ PunchFWHole(struct alias_link *link) { link. Calling this too often is harmless. */ static void ClearFWHole(struct alias_link *link) { - if (link->link_type == LINK_TCP && link->data.tcp) { + if (link->link_type == LINK_TCP) { int fwhole = link->data.tcp->fwhole; /* Where is the firewall hole? */ struct ip_fw rule; diff --git a/usr.sbin/ppp/ppp/alias_ftp.c b/usr.sbin/ppp/ppp/alias_ftp.c index 9f51ed402b2..2200d31e14f 100644 --- a/usr.sbin/ppp/ppp/alias_ftp.c +++ b/usr.sbin/ppp/ppp/alias_ftp.c @@ -41,7 +41,7 @@ See HISTORY file for record of revisions. - $OpenBSD: alias_ftp.c,v 1.7 2000/06/23 09:47:05 brian Exp $ + $OpenBSD: alias_ftp.c,v 1.8 2000/11/02 00:53:47 brian Exp $ */ /* Includes */ @@ -443,7 +443,7 @@ NewFtpMessage(struct ip *pip, /* Establish link to address and port found in FTP control message. */ ftp_link = FindUdpTcpOut(true_addr, GetDestAddress(link), - htons(true_port), 0, IPPROTO_TCP); + htons(true_port), 0, IPPROTO_TCP, 1); if (ftp_link != NULL) { diff --git a/usr.sbin/ppp/ppp/alias_irc.c b/usr.sbin/ppp/ppp/alias_irc.c index 904615c9724..9cb823de437 100644 --- a/usr.sbin/ppp/ppp/alias_irc.c +++ b/usr.sbin/ppp/ppp/alias_irc.c @@ -20,7 +20,7 @@ local/global/function naming conventions withing the packet alising module. - $OpenBSD: alias_irc.c,v 1.3 2000/02/27 01:38:24 brian Exp $ + $OpenBSD: alias_irc.c,v 1.4 2000/11/02 00:53:47 brian Exp $ */ /* Includes */ @@ -216,10 +216,9 @@ lFOUND_CTCP: /* Steal the FTP_DATA_PORT - it doesn't really matter, and this would probably allow it through at least _some_ firewalls. */ - dcc_link = FindUdpTcpOut (true_addr, - destaddr, - true_port, - 0, IPPROTO_TCP); + dcc_link = FindUdpTcpOut(true_addr, destaddr, + true_port, 0, + IPPROTO_TCP, 1); DBprintf(("Got a DCC link\n")); if ( dcc_link ) { struct in_addr alias_address; /* Address from aliasing */ diff --git a/usr.sbin/ppp/ppp/alias_local.h b/usr.sbin/ppp/ppp/alias_local.h index 9d314cfb376..0005e8e0b52 100644 --- a/usr.sbin/ppp/ppp/alias_local.h +++ b/usr.sbin/ppp/ppp/alias_local.h @@ -14,7 +14,7 @@ <updated several times by original author and Eivind Eklund> - $OpenBSD: alias_local.h,v 1.9 2000/08/13 22:05:47 brian Exp $ + $OpenBSD: alias_local.h,v 1.10 2000/11/02 00:53:47 brian Exp $ */ #ifndef ALIAS_LOCAL_H #define ALIAS_LOCAL_H @@ -78,10 +78,10 @@ void DifferentialChecksum(u_short *, u_short *, u_short *, int); /* Internal data access */ struct alias_link * -FindIcmpIn(struct in_addr, struct in_addr, u_short); +FindIcmpIn(struct in_addr, struct in_addr, u_short, int); struct alias_link * -FindIcmpOut(struct in_addr, struct in_addr, u_short); +FindIcmpOut(struct in_addr, struct in_addr, u_short, int); struct alias_link * FindFragmentIn1(struct in_addr, struct in_addr, u_short); @@ -102,22 +102,25 @@ struct alias_link * FindProtoOut(struct in_addr, struct in_addr, u_char); struct alias_link * -FindUdpTcpIn (struct in_addr, struct in_addr, u_short, u_short, u_char); +FindUdpTcpIn (struct in_addr, struct in_addr, u_short, u_short, u_char, int); struct alias_link * -FindUdpTcpOut(struct in_addr, struct in_addr, u_short, u_short, u_char); +FindUdpTcpOut(struct in_addr, struct in_addr, u_short, u_short, u_char, int); struct alias_link * -FindPptpIn(struct in_addr, struct in_addr, u_short); +AddPptp(struct in_addr, struct in_addr, struct in_addr, u_int16_t); struct alias_link * -FindPptpOut(struct in_addr, struct in_addr, u_short); +FindPptpOutByCallId(struct in_addr, struct in_addr, u_int16_t); struct alias_link * -QueryUdpTcpIn (struct in_addr, struct in_addr, u_short, u_short, u_char); +FindPptpInByCallId(struct in_addr, struct in_addr, u_int16_t); struct alias_link * -QueryUdpTcpOut(struct in_addr, struct in_addr, u_short, u_short, u_char); +FindPptpOutByPeerCallId(struct in_addr, struct in_addr, u_int16_t); + +struct alias_link * +FindPptpInByPeerCallId(struct in_addr, struct in_addr, u_int16_t); struct alias_link * FindRtspOut(struct in_addr, struct in_addr, u_short, u_short, u_char); @@ -159,6 +162,7 @@ void SetExpire(struct alias_link *, int); void ClearCheckNewLink(void); void SetLastLineCrlfTermed(struct alias_link *, int); int GetLastLineCrlfTermed(struct alias_link *); +void SetDestCallId(struct alias_link *, u_int16_t); #ifndef NO_FW_PUNCH void PunchFWHole(struct alias_link *); #endif @@ -180,10 +184,10 @@ void AliasHandleIrcOut(struct ip *, struct alias_link *, int); void AliasHandleRtspOut(struct ip *, struct alias_link *, int); /* PPTP routines */ -int PptpGetCallID(struct ip *, u_short *); -void PptpSetCallID(struct ip *, u_short); void AliasHandlePptpOut(struct ip *, struct alias_link *); void AliasHandlePptpIn(struct ip *, struct alias_link *); +int AliasHandlePptpGreOut(struct ip *); +int AliasHandlePptpGreIn(struct ip *); /* NetBIOS routines */ int AliasHandleUdpNbt(struct ip *, struct alias_link *, struct in_addr *, u_short); diff --git a/usr.sbin/ppp/ppp/alias_pptp.c b/usr.sbin/ppp/ppp/alias_pptp.c index fe63d895891..e79b380e398 100644 --- a/usr.sbin/ppp/ppp/alias_pptp.c +++ b/usr.sbin/ppp/ppp/alias_pptp.c @@ -35,7 +35,7 @@ * * Author: Erik Salander <erik@whistle.com> * - * $OpenBSD: alias_pptp.c,v 1.2 2000/08/13 22:05:47 brian Exp $ + * $OpenBSD: alias_pptp.c,v 1.3 2000/11/02 00:53:47 brian Exp $ */ /* @@ -65,9 +65,6 @@ */ /* Includes */ -#include <ctype.h> -#include <stdio.h> -#include <string.h> #include <sys/types.h> #include <netinet/in_systm.h> #include <netinet/in.h> @@ -82,21 +79,14 @@ struct grehdr /* Enhanced GRE header. */ { - u_char gh_recursion:3, /* Recursion control. */ - gh_ssr_flag:1, /* Strict source route present. */ - gh_seq_no_flag:1, /* Sequence number present. */ - gh_key_flag:1, /* Key present. */ - gh_rt_flag:1, /* Routing present. */ - gh_cksum_flag:1; /* Checksum present. */ - u_char gh_version:3, /* GRE version. */ - gh_flags:4, /* Flags. */ - gh_ack_no_flag:1; /* Acknowledgment sequence number present. */ - u_short gh_protocol; /* Protocol type. */ - u_short gh_length; /* Payload length. */ - u_short gh_call_id; /* Call ID. */ + u_int16_t gh_flags; /* Flags. */ + u_int16_t gh_protocol; /* Protocol type. */ + u_int16_t gh_length; /* Payload length. */ + u_int16_t gh_call_id; /* Call ID. */ u_int32_t gh_seq_no; /* Sequence number (optional). */ u_int32_t gh_ack_no; /* Acknowledgment number (optional). */ }; +typedef struct grehdr GreHdr; /* The PPTP protocol ID used in the GRE 'proto' field. */ #define PPTP_GRE_PROTO 0x880b @@ -123,7 +113,7 @@ enum { PPTP_CallClearRequest = 12, PPTP_CallDiscNotify = 13, PPTP_WanErrorNotify = 14, - PPTP_SetLinkInfo = 15, + PPTP_SetLinkInfo = 15 }; /* Message structures */ @@ -136,6 +126,12 @@ enum { }; typedef struct pptpMsgHead *PptpMsgHead; + struct pptpCodes { + u_int8_t resCode; /* Result Code */ + u_int8_t errCode; /* Error Code */ + }; + typedef struct pptpCodes *PptpCode; + struct pptpCallIds { u_int16_t cid1; /* Call ID field #1 */ u_int16_t cid2; /* Call ID field #2 */ @@ -144,29 +140,6 @@ enum { static PptpCallId AliasVerifyPptp(struct ip *, u_int16_t *); -int -PptpGetCallID(struct ip *pip, - u_short *call_id) -{ - struct grehdr *gr; - - gr = (struct grehdr *)((char *)pip + (pip->ip_hl << 2)); - - /* Check GRE header bits. */ - if ((ntohl(*((u_int32_t *)gr)) & PPTP_INIT_MASK) == PPTP_INIT_VALUE) { - *call_id = gr->gh_call_id; - return 1; - } else - return 0; -}; - -void PptpSetCallID(struct ip *pip, u_short call_id) -{ - struct grehdr *gr; - - gr = (struct grehdr *)((char *)pip + (pip->ip_hl << 2)); - gr->gh_call_id = call_id; -}; void AliasHandlePptpOut(struct ip *pip, /* IP packet to examine/patch */ @@ -174,6 +147,7 @@ AliasHandlePptpOut(struct ip *pip, /* IP packet to examine/patch */ { struct alias_link *pptp_link; PptpCallId cptr; + PptpCode codes; u_int16_t ctl_type; /* control message type */ struct tcphdr *tc; @@ -187,12 +161,20 @@ AliasHandlePptpOut(struct ip *pip, /* IP packet to examine/patch */ case PPTP_OutCallReply: case PPTP_InCallRequest: case PPTP_InCallReply: + /* Establish PPTP link for address and Call ID found in control message. */ + pptp_link = AddPptp(GetOriginalAddress(link), GetDestAddress(link), + GetAliasAddress(link), cptr->cid1); + break; case PPTP_CallClearRequest: case PPTP_CallDiscNotify: - - /* Establish PPTP link for address and Call ID found in PPTP Control Msg */ - pptp_link = FindPptpOut(GetOriginalAddress(link), GetDestAddress(link), - cptr->cid1); + /* Find PPTP link for address and Call ID found in control message. */ + pptp_link = FindPptpOutByCallId(GetOriginalAddress(link), + GetDestAddress(link), + cptr->cid1); + break; + default: + return; + } if (pptp_link != NULL) { int accumulate = cptr->cid1; @@ -204,11 +186,22 @@ AliasHandlePptpOut(struct ip *pip, /* IP packet to examine/patch */ tc = (struct tcphdr *) ((char *) pip + (pip->ip_hl << 2)); accumulate -= cptr->cid1; ADJUST_CHECKSUM(accumulate, tc->th_sum); + + switch (ctl_type) { + case PPTP_OutCallReply: + case PPTP_InCallReply: + codes = (PptpCode)(cptr + 1); + if (codes->resCode == 1) /* Connection established, */ + SetDestCallId(pptp_link, /* note the Peer's Call ID. */ + cptr->cid2); + else + SetExpire(pptp_link, 0); /* Connection refused. */ + break; + case PPTP_CallDiscNotify: /* Connection closed. */ + SetExpire(pptp_link, 0); + break; + } } - break; - default: - return; - } } void @@ -237,28 +230,46 @@ AliasHandlePptpIn(struct ip *pip, /* IP packet to examine/patch */ case PPTP_InCallReply: pcall_id = &cptr->cid2; break; + case PPTP_CallDiscNotify: /* Connection closed. */ + pptp_link = FindPptpInByCallId(GetDestAddress(link), + GetAliasAddress(link), + cptr->cid1); + if (pptp_link != NULL) + SetExpire(pptp_link, 0); + return; default: return; } /* Find PPTP link for address and Call ID found in PPTP Control Msg */ - pptp_link = FindPptpIn(GetDestAddress(link), GetAliasAddress(link), - *pcall_id); + pptp_link = FindPptpInByPeerCallId(GetDestAddress(link), + GetAliasAddress(link), + *pcall_id); if (pptp_link != NULL) { int accumulate = *pcall_id; - /* alias the Call Id */ + /* De-alias the Peer's Call Id. */ *pcall_id = GetOriginalPort(pptp_link); /* Compute TCP checksum for modified packet */ tc = (struct tcphdr *) ((char *) pip + (pip->ip_hl << 2)); accumulate -= *pcall_id; ADJUST_CHECKSUM(accumulate, tc->th_sum); + + if (ctl_type == PPTP_OutCallReply || ctl_type == PPTP_InCallReply) { + PptpCode codes = (PptpCode)(cptr + 1); + + if (codes->resCode == 1) /* Connection established, */ + SetDestCallId(pptp_link, /* note the Call ID. */ + cptr->cid1); + else + SetExpire(pptp_link, 0); /* Connection refused. */ + } } } -PptpCallId +static PptpCallId AliasVerifyPptp(struct ip *pip, u_int16_t *ptype) /* IP packet to examine/patch */ { int hlen, tlen, dlen; @@ -285,6 +296,71 @@ AliasVerifyPptp(struct ip *pip, u_int16_t *ptype) /* IP packet to examine/patch if ((ntohs(hptr->msgType) != PPTP_CTRL_MSG_TYPE) || (ntohl(hptr->magic) != PPTP_MAGIC)) return(NULL); + + /* Verify data length. */ + if ((*ptype == PPTP_OutCallReply || *ptype == PPTP_InCallReply) && + (dlen < sizeof(struct pptpMsgHead) + sizeof(struct pptpCallIds) + + sizeof(struct pptpCodes))) + return (NULL); else - return((PptpCallId)(((char *)hptr) + sizeof(struct pptpMsgHead))); + return (PptpCallId)(hptr + 1); +} + + +int +AliasHandlePptpGreOut(struct ip *pip) +{ + GreHdr *gr; + struct alias_link *link; + + gr = (GreHdr *)((char *)pip + (pip->ip_hl << 2)); + + /* Check GRE header bits. */ + if ((ntohl(*((u_int32_t *)gr)) & PPTP_INIT_MASK) != PPTP_INIT_VALUE) + return (-1); + + link = FindPptpOutByPeerCallId(pip->ip_src, pip->ip_dst, gr->gh_call_id); + if (link != NULL) { + struct in_addr alias_addr = GetAliasAddress(link); + + /* Change source IP address. */ + DifferentialChecksum(&pip->ip_sum, + (u_short *)&alias_addr, + (u_short *)&pip->ip_src, + 2); + pip->ip_src = alias_addr; + } + + return (0); +} + + +int +AliasHandlePptpGreIn(struct ip *pip) +{ + GreHdr *gr; + struct alias_link *link; + + gr = (GreHdr *)((char *)pip + (pip->ip_hl << 2)); + + /* Check GRE header bits. */ + if ((ntohl(*((u_int32_t *)gr)) & PPTP_INIT_MASK) != PPTP_INIT_VALUE) + return (-1); + + link = FindPptpInByPeerCallId(pip->ip_src, pip->ip_dst, gr->gh_call_id); + if (link != NULL) { + struct in_addr src_addr = GetOriginalAddress(link); + + /* De-alias the Peer's Call Id. */ + gr->gh_call_id = GetOriginalPort(link); + + /* Restore original IP address. */ + DifferentialChecksum(&pip->ip_sum, + (u_short *)&src_addr, + (u_short *)&pip->ip_dst, + 2); + pip->ip_dst = src_addr; + } + + return (0); } diff --git a/usr.sbin/ppp/ppp/alias_smedia.c b/usr.sbin/ppp/ppp/alias_smedia.c index 900c73112e1..7e156ea79bc 100644 --- a/usr.sbin/ppp/ppp/alias_smedia.c +++ b/usr.sbin/ppp/ppp/alias_smedia.c @@ -62,7 +62,7 @@ * Junichi SATOH <junichi@astec.co.jp> * <junichi@junichi.org> * - * $FreeBSD: src/lib/libalias/alias_smedia.c,v 1.1 2000/07/26 23:15:46 archie Exp $ + * $OpenBSD: alias_smedia.c,v 1.3 2000/11/02 00:53:47 brian Exp $ */ /* @@ -343,7 +343,7 @@ alias_pna_out(struct ip *pip, if ((ntohs(msg_id) == 1) || (ntohs(msg_id) == 7)) { memcpy((char*)&port, (char*)work, 2); pna_links = FindUdpTcpOut(pip->ip_src, GetDestAddress(link), - port, 0, IPPROTO_UDP); + port, 0, IPPROTO_UDP, 1); if (pna_links != NULL) { #ifndef NO_FW_PUNCH /* Punch hole in firewall */ |