summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorbrian <brian@cvs.openbsd.org>2000-11-02 00:53:48 +0000
committerbrian <brian@cvs.openbsd.org>2000-11-02 00:53:48 +0000
commit5692c094e2a56114a53555eece196578113c1fe5 (patch)
treeb2d77e851254ce3225de38f29b9394116730d9a0
parent060384c82bf0e12c72e8a365bb3f742b4e1f0166 (diff)
Improvements for ICMP and GRE/PPTP; FreeBSD
-rw-r--r--usr.sbin/ppp/ppp/alias.c88
-rw-r--r--usr.sbin/ppp/ppp/alias_cuseeme.c4
-rw-r--r--usr.sbin/ppp/ppp/alias_db.c223
-rw-r--r--usr.sbin/ppp/ppp/alias_ftp.c4
-rw-r--r--usr.sbin/ppp/ppp/alias_irc.c9
-rw-r--r--usr.sbin/ppp/ppp/alias_local.h26
-rw-r--r--usr.sbin/ppp/ppp/alias_pptp.c182
-rw-r--r--usr.sbin/ppp/ppp/alias_smedia.c4
8 files changed, 294 insertions, 246 deletions
diff --git a/usr.sbin/ppp/ppp/alias.c b/usr.sbin/ppp/ppp/alias.c
index 99f7a492ebb..0087c25dfb8 100644
--- a/usr.sbin/ppp/ppp/alias.c
+++ b/usr.sbin/ppp/ppp/alias.c
@@ -85,7 +85,7 @@
See HISTORY file for additional revisions.
- $OpenBSD: alias.c,v 1.11 2000/10/06 00:26:43 brian Exp $
+ $OpenBSD: alias.c,v 1.12 2000/11/02 00:53:47 brian Exp $
*/
#include <sys/types.h>
@@ -185,7 +185,6 @@ TcpMonitorOut(struct ip *pip, struct alias_link *link)
ProtoAliasIn(), ProtoAliasOut()
UdpAliasIn(), UdpAliasOut()
TcpAliasIn(), TcpAliasOut()
- GreAliasIn()
These routines handle protocol specific details of packet aliasing.
One may observe a certain amount of repetitive arithmetic in these
@@ -237,8 +236,6 @@ static int UdpAliasIn (struct ip *);
static int TcpAliasOut(struct ip *, int);
static int TcpAliasIn (struct ip *);
-static int GreAliasIn(struct ip *);
-
static int
IcmpAliasIn1(struct ip *pip)
@@ -253,7 +250,7 @@ IcmpAliasIn1(struct ip *pip)
ic = (struct icmp *) ((char *) pip + (pip->ip_hl << 2));
/* Get source address from ICMP data field and restore original data */
- link = FindIcmpIn(pip->ip_src, pip->ip_dst, ic->icmp_id);
+ link = FindIcmpIn(pip->ip_src, pip->ip_dst, ic->icmp_id, 1);
if (link != NULL)
{
u_short original_id;
@@ -309,14 +306,14 @@ IcmpAliasIn2(struct ip *pip)
if (ip->ip_p == IPPROTO_UDP)
link = FindUdpTcpIn(ip->ip_dst, ip->ip_src,
ud->uh_dport, ud->uh_sport,
- IPPROTO_UDP);
+ IPPROTO_UDP, 0);
else if (ip->ip_p == IPPROTO_TCP)
link = FindUdpTcpIn(ip->ip_dst, ip->ip_src,
tc->th_dport, tc->th_sport,
- IPPROTO_TCP);
+ IPPROTO_TCP, 0);
else if (ip->ip_p == IPPROTO_ICMP) {
if (ic2->icmp_type == ICMP_ECHO || ic2->icmp_type == ICMP_TSTAMP)
- link = FindIcmpIn(ip->ip_dst, ip->ip_src, ic2->icmp_id);
+ link = FindIcmpIn(ip->ip_dst, ip->ip_src, ic2->icmp_id, 0);
else
link = NULL;
} else
@@ -446,7 +443,7 @@ IcmpAliasOut1(struct ip *pip)
ic = (struct icmp *) ((char *) pip + (pip->ip_hl << 2));
/* Save overwritten data for when echo packet returns */
- link = FindIcmpOut(pip->ip_src, pip->ip_dst, ic->icmp_id);
+ link = FindIcmpOut(pip->ip_src, pip->ip_dst, ic->icmp_id, 1);
if (link != NULL)
{
u_short alias_id;
@@ -503,14 +500,14 @@ IcmpAliasOut2(struct ip *pip)
if (ip->ip_p == IPPROTO_UDP)
link = FindUdpTcpOut(ip->ip_dst, ip->ip_src,
ud->uh_dport, ud->uh_sport,
- IPPROTO_UDP);
+ IPPROTO_UDP, 0);
else if (ip->ip_p == IPPROTO_TCP)
link = FindUdpTcpOut(ip->ip_dst, ip->ip_src,
tc->th_dport, tc->th_sport,
- IPPROTO_TCP);
+ IPPROTO_TCP, 0);
else if (ip->ip_p == IPPROTO_ICMP) {
if (ic2->icmp_type == ICMP_ECHO || ic2->icmp_type == ICMP_TSTAMP)
- link = FindIcmpOut(ip->ip_dst, ip->ip_src, ic2->icmp_id);
+ link = FindIcmpOut(ip->ip_dst, ip->ip_src, ic2->icmp_id, 0);
else
link = NULL;
} else
@@ -707,40 +704,6 @@ ProtoAliasOut(struct ip *pip)
static int
-GreAliasIn(struct ip *pip)
-{
- u_short call_id;
- struct alias_link *link;
-
-/* Return if proxy-only mode is enabled. */
- if (packetAliasMode & PKT_ALIAS_PROXY_ONLY)
- return (PKT_ALIAS_OK);
-
- if (PptpGetCallID(pip, &call_id)) {
- if ((link = FindPptpIn(pip->ip_src, pip->ip_dst, call_id)) != NULL) {
- struct in_addr alias_address;
- struct in_addr original_address;
-
- alias_address = GetAliasAddress(link);
- original_address = GetOriginalAddress(link);
- PptpSetCallID(pip, GetOriginalPort(link));
-
- /* Restore original IP address. */
- DifferentialChecksum(&pip->ip_sum,
- (u_short *)&original_address,
- (u_short *)&pip->ip_dst,
- 2);
- pip->ip_dst = original_address;
-
- return (PKT_ALIAS_OK);
- } else
- return (PKT_ALIAS_IGNORED);
- } else
- return ProtoAliasIn(pip);
-}
-
-
-static int
UdpAliasIn(struct ip *pip)
{
struct udphdr *ud;
@@ -754,7 +717,7 @@ UdpAliasIn(struct ip *pip)
link = FindUdpTcpIn(pip->ip_src, pip->ip_dst,
ud->uh_sport, ud->uh_dport,
- IPPROTO_UDP);
+ IPPROTO_UDP, 1);
if (link != NULL)
{
struct in_addr alias_address;
@@ -828,7 +791,7 @@ UdpAliasOut(struct ip *pip)
link = FindUdpTcpOut(pip->ip_src, pip->ip_dst,
ud->uh_sport, ud->uh_dport,
- IPPROTO_UDP);
+ IPPROTO_UDP, 1);
if (link != NULL)
{
u_short alias_port;
@@ -894,7 +857,8 @@ TcpAliasIn(struct ip *pip)
link = FindUdpTcpIn(pip->ip_src, pip->ip_dst,
tc->th_sport, tc->th_dport,
- IPPROTO_TCP);
+ IPPROTO_TCP,
+ !(packetAliasMode & PKT_ALIAS_PROXY_ONLY));
if (link != NULL)
{
struct in_addr alias_address;
@@ -1049,7 +1013,7 @@ TcpAliasOut(struct ip *pip, int maxpacketsize)
link = FindUdpTcpOut(pip->ip_src, pip->ip_dst,
tc->th_sport, tc->th_dport,
- IPPROTO_TCP);
+ IPPROTO_TCP, 1);
if (link !=NULL)
{
u_short alias_port;
@@ -1318,8 +1282,12 @@ PacketAliasIn(char *ptr, int maxpacketsize)
iresult = TcpAliasIn(pip);
break;
case IPPROTO_GRE:
- iresult = GreAliasIn(pip);
- break;
+ if (packetAliasMode & PKT_ALIAS_PROXY_ONLY ||
+ AliasHandlePptpGreIn(pip) == 0)
+ iresult = PKT_ALIAS_OK;
+ else
+ iresult = ProtoAliasIn(pip);
+ break;
default:
iresult = ProtoAliasIn(pip);
break;
@@ -1426,6 +1394,12 @@ PacketAliasOut(char *ptr, /* valid IP packet */
case IPPROTO_TCP:
iresult = TcpAliasOut(pip, maxpacketsize);
break;
+ case IPPROTO_GRE:
+ if (AliasHandlePptpGreOut(pip) == 0)
+ iresult = PKT_ALIAS_OK;
+ else
+ iresult = ProtoAliasOut(pip);
+ break;
default:
iresult = ProtoAliasOut(pip);
break;
@@ -1465,15 +1439,15 @@ PacketUnaliasOut(char *ptr, /* valid IP packet */
/* Find a link */
if (pip->ip_p == IPPROTO_UDP)
- link = QueryUdpTcpIn(pip->ip_dst, pip->ip_src,
+ link = FindUdpTcpIn(pip->ip_dst, pip->ip_src,
ud->uh_dport, ud->uh_sport,
- IPPROTO_UDP);
+ IPPROTO_UDP, 0);
else if (pip->ip_p == IPPROTO_TCP)
- link = QueryUdpTcpIn(pip->ip_dst, pip->ip_src,
+ link = FindUdpTcpIn(pip->ip_dst, pip->ip_src,
tc->th_dport, tc->th_sport,
- IPPROTO_TCP);
+ IPPROTO_TCP, 0);
else if (pip->ip_p == IPPROTO_ICMP)
- link = FindIcmpIn(pip->ip_dst, pip->ip_src, ic->icmp_id);
+ link = FindIcmpIn(pip->ip_dst, pip->ip_src, ic->icmp_id, 0);
else
link = NULL;
diff --git a/usr.sbin/ppp/ppp/alias_cuseeme.c b/usr.sbin/ppp/ppp/alias_cuseeme.c
index c8edaad8723..6dc750d0b22 100644
--- a/usr.sbin/ppp/ppp/alias_cuseeme.c
+++ b/usr.sbin/ppp/ppp/alias_cuseeme.c
@@ -25,7 +25,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
- * $OpenBSD: alias_cuseeme.c,v 1.3 2000/10/06 00:26:43 brian Exp $
+ * $OpenBSD: alias_cuseeme.c,v 1.4 2000/11/02 00:53:47 brian Exp $
*/
#include <sys/types.h>
@@ -79,7 +79,7 @@ AliasHandleCUSeeMeOut(struct ip *pip, struct alias_link *link)
cu->addr = (u_int32_t)GetAliasAddress(link).s_addr;
cu_link = FindUdpTcpOut(pip->ip_src, GetDestAddress(link),
- ud->uh_dport, 0, IPPROTO_UDP);
+ ud->uh_dport, 0, IPPROTO_UDP, 1);
#ifndef NO_FW_PUNCH
if (cu_link)
diff --git a/usr.sbin/ppp/ppp/alias_db.c b/usr.sbin/ppp/ppp/alias_db.c
index c6d5e59bbef..518358e3b61 100644
--- a/usr.sbin/ppp/ppp/alias_db.c
+++ b/usr.sbin/ppp/ppp/alias_db.c
@@ -115,7 +115,7 @@
See HISTORY file for additional revisions.
- $OpenBSD: alias_db.c,v 1.15 2000/09/02 22:12:26 brian Exp $
+ $OpenBSD: alias_db.c,v 1.16 2000/11/02 00:53:47 brian Exp $
*/
@@ -158,7 +158,6 @@
/* Timeouts (in seconds) for different link types */
#define ICMP_EXPIRE_TIME 60
#define UDP_EXPIRE_TIME 60
-#define PPTP_EXPIRE_TIME 60
#define PROTO_EXPIRE_TIME 60
#define FRAGMENT_ID_EXPIRE_TIME 10
#define FRAGMENT_PTR_EXPIRE_TIME 30
@@ -422,7 +421,8 @@ StartPointIn(struct in_addr alias_addr,
u_int n;
n = alias_addr.s_addr;
- n += alias_port;
+ if (link_type != LINK_PPTP)
+ n += alias_port;
n += link_type;
return(n % LINK_TABLE_IN_SIZE);
}
@@ -436,8 +436,10 @@ StartPointOut(struct in_addr src_addr, struct in_addr dst_addr,
n = src_addr.s_addr;
n += dst_addr.s_addr;
- n += src_port;
- n += dst_port;
+ if (link_type != LINK_PPTP) {
+ n += src_port;
+ n += dst_port;
+ }
n += link_type;
return(n % LINK_TABLE_OUT_SIZE);
@@ -931,8 +933,7 @@ DeleteLink(struct alias_link *link)
break;
case LINK_TCP:
tcpLinkCount--;
- if (link->data.tcp != NULL)
- free(link->data.tcp);
+ free(link->data.tcp);
break;
case LINK_PPTP:
pptpLinkCount--;
@@ -1005,7 +1006,7 @@ AddLink(struct in_addr src_addr,
link->expire_time = TCP_EXPIRE_INITIAL;
break;
case LINK_PPTP:
- link->expire_time = PPTP_EXPIRE_TIME;
+ link->flags |= LINK_PERMANENT; /* no timeout. */
break;
case LINK_FRAGMENT_ID:
link->expire_time = FRAGMENT_ID_EXPIRE_TIME;
@@ -1033,15 +1034,6 @@ AddLink(struct in_addr src_addr,
return(NULL);
}
- /* Set up pointers for output lookup table */
- start_point = StartPointOut(src_addr, dst_addr,
- src_port, dst_port, link_type);
- LIST_INSERT_HEAD(&linkTableOut[start_point], link, list_out);
-
- /* Set up pointers for input lookup table */
- start_point = StartPointIn(alias_addr, link->alias_port, link_type);
- LIST_INSERT_HEAD(&linkTableIn[start_point], link, list_in);
-
/* Link-type dependent initialization */
switch(link_type)
{
@@ -1055,7 +1047,6 @@ AddLink(struct in_addr src_addr,
break;
case LINK_TCP:
aux_tcp = malloc(sizeof(struct tcp_dat));
- link->data.tcp = aux_tcp;
if (aux_tcp != NULL)
{
int i;
@@ -1068,6 +1059,7 @@ AddLink(struct in_addr src_addr,
for (i=0; i<N_LINK_TCP_DATA; i++)
aux_tcp->ack[i].active = 0;
aux_tcp->fwhole = -1;
+ link->data.tcp = aux_tcp;
}
else
{
@@ -1075,6 +1067,8 @@ AddLink(struct in_addr src_addr,
fprintf(stderr, "PacketAlias/AddLink: ");
fprintf(stderr, " cannot allocate auxiliary TCP data\n");
#endif
+ free(link);
+ return (NULL);
}
break;
case LINK_PPTP:
@@ -1092,6 +1086,15 @@ AddLink(struct in_addr src_addr,
protoLinkCount++;
break;
}
+
+ /* Set up pointers for output lookup table */
+ start_point = StartPointOut(src_addr, dst_addr,
+ src_port, dst_port, link_type);
+ LIST_INSERT_HEAD(&linkTableOut[start_point], link, list_out);
+
+ /* Set up pointers for input lookup table */
+ start_point = StartPointIn(alias_addr, link->alias_port, link_type);
+ LIST_INSERT_HEAD(&linkTableIn[start_point], link, list_in);
}
else
{
@@ -1127,7 +1130,6 @@ ReLink(struct alias_link *old_link,
#ifndef NO_FW_PUNCH
if (new_link != NULL &&
old_link->link_type == LINK_TCP &&
- old_link->data.tcp &&
old_link->data.tcp->fwhole > 0) {
PunchFWHole(new_link);
}
@@ -1389,7 +1391,8 @@ FindLinkIn(struct in_addr dst_addr,
AddFragmentPtrLink(), FindFragmentPtr()
FindProtoIn(), FindProtoOut()
FindUdpTcpIn(), FindUdpTcpOut()
- FindPptpIn(), FindPptpOut()
+ AddPptp(), FindPptpOutByCallId(), FindPptpInByCallId(),
+ FindPptpOutByPeerCallId(), FindPptpInByPeerCallId()
FindOriginalAddress(), FindAliasAddress()
(prototypes in alias_local.h)
@@ -1399,14 +1402,15 @@ FindLinkIn(struct in_addr dst_addr,
struct alias_link *
FindIcmpIn(struct in_addr dst_addr,
struct in_addr alias_addr,
- u_short id_alias)
+ u_short id_alias,
+ int create)
{
struct alias_link *link;
link = FindLinkIn(dst_addr, alias_addr,
NO_DEST_PORT, id_alias,
LINK_ICMP, 0);
- if (link == NULL && !(packetAliasMode & PKT_ALIAS_DENY_INCOMING))
+ if (link == NULL && create && !(packetAliasMode & PKT_ALIAS_DENY_INCOMING))
{
struct in_addr target_addr;
@@ -1423,14 +1427,15 @@ FindIcmpIn(struct in_addr dst_addr,
struct alias_link *
FindIcmpOut(struct in_addr src_addr,
struct in_addr dst_addr,
- u_short id)
+ u_short id,
+ int create)
{
struct alias_link * link;
link = FindLinkOut(src_addr, dst_addr,
id, NO_DEST_PORT,
LINK_ICMP, 0);
- if (link == NULL)
+ if (link == NULL && create)
{
struct in_addr alias_addr;
@@ -1552,7 +1557,8 @@ FindUdpTcpIn(struct in_addr dst_addr,
struct in_addr alias_addr,
u_short dst_port,
u_short alias_port,
- u_char proto)
+ u_char proto,
+ int create)
{
int link_type;
struct alias_link *link;
@@ -1572,11 +1578,9 @@ FindUdpTcpIn(struct in_addr dst_addr,
link = FindLinkIn(dst_addr, alias_addr,
dst_port, alias_port,
- link_type, 1);
+ link_type, create);
- if (!(packetAliasMode & PKT_ALIAS_DENY_INCOMING)
- && !(packetAliasMode & PKT_ALIAS_PROXY_ONLY)
- && link == NULL)
+ if (link == NULL && create && !(packetAliasMode & PKT_ALIAS_DENY_INCOMING))
{
struct in_addr target_addr;
@@ -1595,7 +1599,8 @@ FindUdpTcpOut(struct in_addr src_addr,
struct in_addr dst_addr,
u_short src_port,
u_short dst_port,
- u_char proto)
+ u_char proto,
+ int create)
{
int link_type;
struct alias_link *link;
@@ -1613,9 +1618,9 @@ FindUdpTcpOut(struct in_addr src_addr,
break;
}
- link = FindLinkOut(src_addr, dst_addr, src_port, dst_port, link_type, 1);
+ link = FindLinkOut(src_addr, dst_addr, src_port, dst_port, link_type, create);
- if (link == NULL)
+ if (link == NULL && create)
{
struct in_addr alias_addr;
@@ -1630,114 +1635,94 @@ FindUdpTcpOut(struct in_addr src_addr,
struct alias_link *
-FindPptpIn(struct in_addr dst_addr,
- struct in_addr alias_addr,
- u_short call_id)
+AddPptp(struct in_addr src_addr,
+ struct in_addr dst_addr,
+ struct in_addr alias_addr,
+ u_int16_t src_call_id)
{
struct alias_link *link;
- link = FindLinkIn(dst_addr, alias_addr,
- NO_DEST_PORT, call_id,
- LINK_PPTP, 1);
-
- if (link == NULL && !(packetAliasMode & PKT_ALIAS_DENY_INCOMING))
- {
- struct in_addr target_addr;
-
- target_addr = FindOriginalAddress(alias_addr);
- link = AddLink(target_addr, dst_addr, alias_addr,
- call_id, NO_DEST_PORT, call_id,
- LINK_PPTP);
- }
+ link = AddLink(src_addr, dst_addr, alias_addr,
+ src_call_id, 0, GET_ALIAS_PORT,
+ LINK_PPTP);
- return(link);
+ return (link);
}
-struct alias_link *
-FindPptpOut(struct in_addr src_addr,
- struct in_addr dst_addr,
- u_short call_id)
+struct alias_link *
+FindPptpOutByCallId(struct in_addr src_addr,
+ struct in_addr dst_addr,
+ u_int16_t src_call_id)
{
+ u_int i;
struct alias_link *link;
- link = FindLinkOut(src_addr, dst_addr,
- call_id, NO_DEST_PORT,
- LINK_PPTP, 1);
+ i = StartPointOut(src_addr, dst_addr, 0, 0, LINK_PPTP);
+ LIST_FOREACH(link, &linkTableOut[i], list_out)
+ if (link->link_type == LINK_PPTP &&
+ link->src_addr.s_addr == src_addr.s_addr &&
+ link->dst_addr.s_addr == dst_addr.s_addr &&
+ link->src_port == src_call_id)
+ break;
- if (link == NULL)
- {
- struct in_addr alias_addr;
+ return (link);
+}
- alias_addr = FindAliasAddress(src_addr);
- link = AddLink(src_addr, dst_addr, alias_addr,
- call_id, NO_DEST_PORT, GET_ALIAS_PORT,
- LINK_PPTP);
- }
- return(link);
+struct alias_link *
+FindPptpOutByPeerCallId(struct in_addr src_addr,
+ struct in_addr dst_addr,
+ u_int16_t dst_call_id)
+{
+ u_int i;
+ struct alias_link *link;
+
+ i = StartPointOut(src_addr, dst_addr, 0, 0, LINK_PPTP);
+ LIST_FOREACH(link, &linkTableOut[i], list_out)
+ if (link->link_type == LINK_PPTP &&
+ link->src_addr.s_addr == src_addr.s_addr &&
+ link->dst_addr.s_addr == dst_addr.s_addr &&
+ link->dst_port == dst_call_id)
+ break;
+
+ return (link);
}
struct alias_link *
-QueryUdpTcpIn(struct in_addr dst_addr,
- struct in_addr alias_addr,
- u_short dst_port,
- u_short alias_port,
- u_char proto)
+FindPptpInByCallId(struct in_addr dst_addr,
+ struct in_addr alias_addr,
+ u_int16_t dst_call_id)
{
- int link_type;
+ u_int i;
struct alias_link *link;
- switch (proto)
- {
- case IPPROTO_UDP:
- link_type = LINK_UDP;
- break;
- case IPPROTO_TCP:
- link_type = LINK_TCP;
- break;
- default:
- return NULL;
- break;
- }
-
- link = FindLinkIn(dst_addr, alias_addr,
- dst_port, alias_port,
- link_type, 0);
+ i = StartPointIn(alias_addr, 0, LINK_PPTP);
+ LIST_FOREACH(link, &linkTableIn[i], list_in)
+ if (link->link_type == LINK_PPTP &&
+ link->dst_addr.s_addr == dst_addr.s_addr &&
+ link->alias_addr.s_addr == alias_addr.s_addr &&
+ link->dst_port == dst_call_id)
+ break;
- return(link);
+ return (link);
}
-struct alias_link *
-QueryUdpTcpOut(struct in_addr src_addr,
- struct in_addr dst_addr,
- u_short src_port,
- u_short dst_port,
- u_char proto)
+struct alias_link *
+FindPptpInByPeerCallId(struct in_addr dst_addr,
+ struct in_addr alias_addr,
+ u_int16_t alias_call_id)
{
- int link_type;
struct alias_link *link;
- switch (proto)
- {
- case IPPROTO_UDP:
- link_type = LINK_UDP;
- break;
- case IPPROTO_TCP:
- link_type = LINK_TCP;
- break;
- default:
- return NULL;
- break;
- }
+ link = FindLinkIn(dst_addr, alias_addr,
+ 0/* any */, alias_call_id,
+ LINK_PPTP, 0);
- link = FindLinkOut(src_addr, dst_addr,
- src_port, dst_port,
- link_type, 0);
- return(link);
+ return (link);
}
@@ -1845,6 +1830,7 @@ FindAliasAddress(struct in_addr original_addr)
SetAckModified(), GetAckModified()
GetDeltaAckIn(), GetDeltaSeqOut(), AddSeq()
SetLastLineCrlfTermed(), GetLastLineCrlfTermed()
+ SetDestCallId()
*/
@@ -2227,6 +2213,16 @@ GetLastLineCrlfTermed(struct alias_link *link)
return (link->flags & LINK_LAST_LINE_CRLF_TERMED);
}
+void
+SetDestCallId(struct alias_link *link, u_int16_t cid)
+{
+
+ deleteAllLinks = 1;
+ link = ReLink(link, link->src_addr, link->dst_addr, link->alias_addr,
+ link->src_port, cid, link->alias_port, link->link_type);
+ deleteAllLinks = 0;
+}
+
/* Miscellaneous Functions
@@ -2679,8 +2675,7 @@ PunchFWHole(struct alias_link *link) {
/* Don't do anything unless we are asked to */
if ( !(packetAliasMode & PKT_ALIAS_PUNCH_FW) ||
fireWallFD < 0 ||
- link->link_type != LINK_TCP ||
- !link->data.tcp)
+ link->link_type != LINK_TCP)
return;
memset(&rule, 0, sizeof rule);
@@ -2755,7 +2750,7 @@ PunchFWHole(struct alias_link *link) {
link. Calling this too often is harmless. */
static void
ClearFWHole(struct alias_link *link) {
- if (link->link_type == LINK_TCP && link->data.tcp) {
+ if (link->link_type == LINK_TCP) {
int fwhole = link->data.tcp->fwhole; /* Where is the firewall hole? */
struct ip_fw rule;
diff --git a/usr.sbin/ppp/ppp/alias_ftp.c b/usr.sbin/ppp/ppp/alias_ftp.c
index 9f51ed402b2..2200d31e14f 100644
--- a/usr.sbin/ppp/ppp/alias_ftp.c
+++ b/usr.sbin/ppp/ppp/alias_ftp.c
@@ -41,7 +41,7 @@
See HISTORY file for record of revisions.
- $OpenBSD: alias_ftp.c,v 1.7 2000/06/23 09:47:05 brian Exp $
+ $OpenBSD: alias_ftp.c,v 1.8 2000/11/02 00:53:47 brian Exp $
*/
/* Includes */
@@ -443,7 +443,7 @@ NewFtpMessage(struct ip *pip,
/* Establish link to address and port found in FTP control message. */
ftp_link = FindUdpTcpOut(true_addr, GetDestAddress(link),
- htons(true_port), 0, IPPROTO_TCP);
+ htons(true_port), 0, IPPROTO_TCP, 1);
if (ftp_link != NULL)
{
diff --git a/usr.sbin/ppp/ppp/alias_irc.c b/usr.sbin/ppp/ppp/alias_irc.c
index 904615c9724..9cb823de437 100644
--- a/usr.sbin/ppp/ppp/alias_irc.c
+++ b/usr.sbin/ppp/ppp/alias_irc.c
@@ -20,7 +20,7 @@
local/global/function naming conventions
withing the packet alising module.
- $OpenBSD: alias_irc.c,v 1.3 2000/02/27 01:38:24 brian Exp $
+ $OpenBSD: alias_irc.c,v 1.4 2000/11/02 00:53:47 brian Exp $
*/
/* Includes */
@@ -216,10 +216,9 @@ lFOUND_CTCP:
/* Steal the FTP_DATA_PORT - it doesn't really matter, and this
would probably allow it through at least _some_
firewalls. */
- dcc_link = FindUdpTcpOut (true_addr,
- destaddr,
- true_port,
- 0, IPPROTO_TCP);
+ dcc_link = FindUdpTcpOut(true_addr, destaddr,
+ true_port, 0,
+ IPPROTO_TCP, 1);
DBprintf(("Got a DCC link\n"));
if ( dcc_link ) {
struct in_addr alias_address; /* Address from aliasing */
diff --git a/usr.sbin/ppp/ppp/alias_local.h b/usr.sbin/ppp/ppp/alias_local.h
index 9d314cfb376..0005e8e0b52 100644
--- a/usr.sbin/ppp/ppp/alias_local.h
+++ b/usr.sbin/ppp/ppp/alias_local.h
@@ -14,7 +14,7 @@
<updated several times by original author and Eivind Eklund>
- $OpenBSD: alias_local.h,v 1.9 2000/08/13 22:05:47 brian Exp $
+ $OpenBSD: alias_local.h,v 1.10 2000/11/02 00:53:47 brian Exp $
*/
#ifndef ALIAS_LOCAL_H
#define ALIAS_LOCAL_H
@@ -78,10 +78,10 @@ void DifferentialChecksum(u_short *, u_short *, u_short *, int);
/* Internal data access */
struct alias_link *
-FindIcmpIn(struct in_addr, struct in_addr, u_short);
+FindIcmpIn(struct in_addr, struct in_addr, u_short, int);
struct alias_link *
-FindIcmpOut(struct in_addr, struct in_addr, u_short);
+FindIcmpOut(struct in_addr, struct in_addr, u_short, int);
struct alias_link *
FindFragmentIn1(struct in_addr, struct in_addr, u_short);
@@ -102,22 +102,25 @@ struct alias_link *
FindProtoOut(struct in_addr, struct in_addr, u_char);
struct alias_link *
-FindUdpTcpIn (struct in_addr, struct in_addr, u_short, u_short, u_char);
+FindUdpTcpIn (struct in_addr, struct in_addr, u_short, u_short, u_char, int);
struct alias_link *
-FindUdpTcpOut(struct in_addr, struct in_addr, u_short, u_short, u_char);
+FindUdpTcpOut(struct in_addr, struct in_addr, u_short, u_short, u_char, int);
struct alias_link *
-FindPptpIn(struct in_addr, struct in_addr, u_short);
+AddPptp(struct in_addr, struct in_addr, struct in_addr, u_int16_t);
struct alias_link *
-FindPptpOut(struct in_addr, struct in_addr, u_short);
+FindPptpOutByCallId(struct in_addr, struct in_addr, u_int16_t);
struct alias_link *
-QueryUdpTcpIn (struct in_addr, struct in_addr, u_short, u_short, u_char);
+FindPptpInByCallId(struct in_addr, struct in_addr, u_int16_t);
struct alias_link *
-QueryUdpTcpOut(struct in_addr, struct in_addr, u_short, u_short, u_char);
+FindPptpOutByPeerCallId(struct in_addr, struct in_addr, u_int16_t);
+
+struct alias_link *
+FindPptpInByPeerCallId(struct in_addr, struct in_addr, u_int16_t);
struct alias_link *
FindRtspOut(struct in_addr, struct in_addr, u_short, u_short, u_char);
@@ -159,6 +162,7 @@ void SetExpire(struct alias_link *, int);
void ClearCheckNewLink(void);
void SetLastLineCrlfTermed(struct alias_link *, int);
int GetLastLineCrlfTermed(struct alias_link *);
+void SetDestCallId(struct alias_link *, u_int16_t);
#ifndef NO_FW_PUNCH
void PunchFWHole(struct alias_link *);
#endif
@@ -180,10 +184,10 @@ void AliasHandleIrcOut(struct ip *, struct alias_link *, int);
void AliasHandleRtspOut(struct ip *, struct alias_link *, int);
/* PPTP routines */
-int PptpGetCallID(struct ip *, u_short *);
-void PptpSetCallID(struct ip *, u_short);
void AliasHandlePptpOut(struct ip *, struct alias_link *);
void AliasHandlePptpIn(struct ip *, struct alias_link *);
+int AliasHandlePptpGreOut(struct ip *);
+int AliasHandlePptpGreIn(struct ip *);
/* NetBIOS routines */
int AliasHandleUdpNbt(struct ip *, struct alias_link *, struct in_addr *, u_short);
diff --git a/usr.sbin/ppp/ppp/alias_pptp.c b/usr.sbin/ppp/ppp/alias_pptp.c
index fe63d895891..e79b380e398 100644
--- a/usr.sbin/ppp/ppp/alias_pptp.c
+++ b/usr.sbin/ppp/ppp/alias_pptp.c
@@ -35,7 +35,7 @@
*
* Author: Erik Salander <erik@whistle.com>
*
- * $OpenBSD: alias_pptp.c,v 1.2 2000/08/13 22:05:47 brian Exp $
+ * $OpenBSD: alias_pptp.c,v 1.3 2000/11/02 00:53:47 brian Exp $
*/
/*
@@ -65,9 +65,6 @@
*/
/* Includes */
-#include <ctype.h>
-#include <stdio.h>
-#include <string.h>
#include <sys/types.h>
#include <netinet/in_systm.h>
#include <netinet/in.h>
@@ -82,21 +79,14 @@
struct grehdr /* Enhanced GRE header. */
{
- u_char gh_recursion:3, /* Recursion control. */
- gh_ssr_flag:1, /* Strict source route present. */
- gh_seq_no_flag:1, /* Sequence number present. */
- gh_key_flag:1, /* Key present. */
- gh_rt_flag:1, /* Routing present. */
- gh_cksum_flag:1; /* Checksum present. */
- u_char gh_version:3, /* GRE version. */
- gh_flags:4, /* Flags. */
- gh_ack_no_flag:1; /* Acknowledgment sequence number present. */
- u_short gh_protocol; /* Protocol type. */
- u_short gh_length; /* Payload length. */
- u_short gh_call_id; /* Call ID. */
+ u_int16_t gh_flags; /* Flags. */
+ u_int16_t gh_protocol; /* Protocol type. */
+ u_int16_t gh_length; /* Payload length. */
+ u_int16_t gh_call_id; /* Call ID. */
u_int32_t gh_seq_no; /* Sequence number (optional). */
u_int32_t gh_ack_no; /* Acknowledgment number (optional). */
};
+typedef struct grehdr GreHdr;
/* The PPTP protocol ID used in the GRE 'proto' field. */
#define PPTP_GRE_PROTO 0x880b
@@ -123,7 +113,7 @@ enum {
PPTP_CallClearRequest = 12,
PPTP_CallDiscNotify = 13,
PPTP_WanErrorNotify = 14,
- PPTP_SetLinkInfo = 15,
+ PPTP_SetLinkInfo = 15
};
/* Message structures */
@@ -136,6 +126,12 @@ enum {
};
typedef struct pptpMsgHead *PptpMsgHead;
+ struct pptpCodes {
+ u_int8_t resCode; /* Result Code */
+ u_int8_t errCode; /* Error Code */
+ };
+ typedef struct pptpCodes *PptpCode;
+
struct pptpCallIds {
u_int16_t cid1; /* Call ID field #1 */
u_int16_t cid2; /* Call ID field #2 */
@@ -144,29 +140,6 @@ enum {
static PptpCallId AliasVerifyPptp(struct ip *, u_int16_t *);
-int
-PptpGetCallID(struct ip *pip,
- u_short *call_id)
-{
- struct grehdr *gr;
-
- gr = (struct grehdr *)((char *)pip + (pip->ip_hl << 2));
-
- /* Check GRE header bits. */
- if ((ntohl(*((u_int32_t *)gr)) & PPTP_INIT_MASK) == PPTP_INIT_VALUE) {
- *call_id = gr->gh_call_id;
- return 1;
- } else
- return 0;
-};
-
-void PptpSetCallID(struct ip *pip, u_short call_id)
-{
- struct grehdr *gr;
-
- gr = (struct grehdr *)((char *)pip + (pip->ip_hl << 2));
- gr->gh_call_id = call_id;
-};
void
AliasHandlePptpOut(struct ip *pip, /* IP packet to examine/patch */
@@ -174,6 +147,7 @@ AliasHandlePptpOut(struct ip *pip, /* IP packet to examine/patch */
{
struct alias_link *pptp_link;
PptpCallId cptr;
+ PptpCode codes;
u_int16_t ctl_type; /* control message type */
struct tcphdr *tc;
@@ -187,12 +161,20 @@ AliasHandlePptpOut(struct ip *pip, /* IP packet to examine/patch */
case PPTP_OutCallReply:
case PPTP_InCallRequest:
case PPTP_InCallReply:
+ /* Establish PPTP link for address and Call ID found in control message. */
+ pptp_link = AddPptp(GetOriginalAddress(link), GetDestAddress(link),
+ GetAliasAddress(link), cptr->cid1);
+ break;
case PPTP_CallClearRequest:
case PPTP_CallDiscNotify:
-
- /* Establish PPTP link for address and Call ID found in PPTP Control Msg */
- pptp_link = FindPptpOut(GetOriginalAddress(link), GetDestAddress(link),
- cptr->cid1);
+ /* Find PPTP link for address and Call ID found in control message. */
+ pptp_link = FindPptpOutByCallId(GetOriginalAddress(link),
+ GetDestAddress(link),
+ cptr->cid1);
+ break;
+ default:
+ return;
+ }
if (pptp_link != NULL) {
int accumulate = cptr->cid1;
@@ -204,11 +186,22 @@ AliasHandlePptpOut(struct ip *pip, /* IP packet to examine/patch */
tc = (struct tcphdr *) ((char *) pip + (pip->ip_hl << 2));
accumulate -= cptr->cid1;
ADJUST_CHECKSUM(accumulate, tc->th_sum);
+
+ switch (ctl_type) {
+ case PPTP_OutCallReply:
+ case PPTP_InCallReply:
+ codes = (PptpCode)(cptr + 1);
+ if (codes->resCode == 1) /* Connection established, */
+ SetDestCallId(pptp_link, /* note the Peer's Call ID. */
+ cptr->cid2);
+ else
+ SetExpire(pptp_link, 0); /* Connection refused. */
+ break;
+ case PPTP_CallDiscNotify: /* Connection closed. */
+ SetExpire(pptp_link, 0);
+ break;
+ }
}
- break;
- default:
- return;
- }
}
void
@@ -237,28 +230,46 @@ AliasHandlePptpIn(struct ip *pip, /* IP packet to examine/patch */
case PPTP_InCallReply:
pcall_id = &cptr->cid2;
break;
+ case PPTP_CallDiscNotify: /* Connection closed. */
+ pptp_link = FindPptpInByCallId(GetDestAddress(link),
+ GetAliasAddress(link),
+ cptr->cid1);
+ if (pptp_link != NULL)
+ SetExpire(pptp_link, 0);
+ return;
default:
return;
}
/* Find PPTP link for address and Call ID found in PPTP Control Msg */
- pptp_link = FindPptpIn(GetDestAddress(link), GetAliasAddress(link),
- *pcall_id);
+ pptp_link = FindPptpInByPeerCallId(GetDestAddress(link),
+ GetAliasAddress(link),
+ *pcall_id);
if (pptp_link != NULL) {
int accumulate = *pcall_id;
- /* alias the Call Id */
+ /* De-alias the Peer's Call Id. */
*pcall_id = GetOriginalPort(pptp_link);
/* Compute TCP checksum for modified packet */
tc = (struct tcphdr *) ((char *) pip + (pip->ip_hl << 2));
accumulate -= *pcall_id;
ADJUST_CHECKSUM(accumulate, tc->th_sum);
+
+ if (ctl_type == PPTP_OutCallReply || ctl_type == PPTP_InCallReply) {
+ PptpCode codes = (PptpCode)(cptr + 1);
+
+ if (codes->resCode == 1) /* Connection established, */
+ SetDestCallId(pptp_link, /* note the Call ID. */
+ cptr->cid1);
+ else
+ SetExpire(pptp_link, 0); /* Connection refused. */
+ }
}
}
-PptpCallId
+static PptpCallId
AliasVerifyPptp(struct ip *pip, u_int16_t *ptype) /* IP packet to examine/patch */
{
int hlen, tlen, dlen;
@@ -285,6 +296,71 @@ AliasVerifyPptp(struct ip *pip, u_int16_t *ptype) /* IP packet to examine/patch
if ((ntohs(hptr->msgType) != PPTP_CTRL_MSG_TYPE) ||
(ntohl(hptr->magic) != PPTP_MAGIC))
return(NULL);
+
+ /* Verify data length. */
+ if ((*ptype == PPTP_OutCallReply || *ptype == PPTP_InCallReply) &&
+ (dlen < sizeof(struct pptpMsgHead) + sizeof(struct pptpCallIds) +
+ sizeof(struct pptpCodes)))
+ return (NULL);
else
- return((PptpCallId)(((char *)hptr) + sizeof(struct pptpMsgHead)));
+ return (PptpCallId)(hptr + 1);
+}
+
+
+int
+AliasHandlePptpGreOut(struct ip *pip)
+{
+ GreHdr *gr;
+ struct alias_link *link;
+
+ gr = (GreHdr *)((char *)pip + (pip->ip_hl << 2));
+
+ /* Check GRE header bits. */
+ if ((ntohl(*((u_int32_t *)gr)) & PPTP_INIT_MASK) != PPTP_INIT_VALUE)
+ return (-1);
+
+ link = FindPptpOutByPeerCallId(pip->ip_src, pip->ip_dst, gr->gh_call_id);
+ if (link != NULL) {
+ struct in_addr alias_addr = GetAliasAddress(link);
+
+ /* Change source IP address. */
+ DifferentialChecksum(&pip->ip_sum,
+ (u_short *)&alias_addr,
+ (u_short *)&pip->ip_src,
+ 2);
+ pip->ip_src = alias_addr;
+ }
+
+ return (0);
+}
+
+
+int
+AliasHandlePptpGreIn(struct ip *pip)
+{
+ GreHdr *gr;
+ struct alias_link *link;
+
+ gr = (GreHdr *)((char *)pip + (pip->ip_hl << 2));
+
+ /* Check GRE header bits. */
+ if ((ntohl(*((u_int32_t *)gr)) & PPTP_INIT_MASK) != PPTP_INIT_VALUE)
+ return (-1);
+
+ link = FindPptpInByPeerCallId(pip->ip_src, pip->ip_dst, gr->gh_call_id);
+ if (link != NULL) {
+ struct in_addr src_addr = GetOriginalAddress(link);
+
+ /* De-alias the Peer's Call Id. */
+ gr->gh_call_id = GetOriginalPort(link);
+
+ /* Restore original IP address. */
+ DifferentialChecksum(&pip->ip_sum,
+ (u_short *)&src_addr,
+ (u_short *)&pip->ip_dst,
+ 2);
+ pip->ip_dst = src_addr;
+ }
+
+ return (0);
}
diff --git a/usr.sbin/ppp/ppp/alias_smedia.c b/usr.sbin/ppp/ppp/alias_smedia.c
index 900c73112e1..7e156ea79bc 100644
--- a/usr.sbin/ppp/ppp/alias_smedia.c
+++ b/usr.sbin/ppp/ppp/alias_smedia.c
@@ -62,7 +62,7 @@
* Junichi SATOH <junichi@astec.co.jp>
* <junichi@junichi.org>
*
- * $FreeBSD: src/lib/libalias/alias_smedia.c,v 1.1 2000/07/26 23:15:46 archie Exp $
+ * $OpenBSD: alias_smedia.c,v 1.3 2000/11/02 00:53:47 brian Exp $
*/
/*
@@ -343,7 +343,7 @@ alias_pna_out(struct ip *pip,
if ((ntohs(msg_id) == 1) || (ntohs(msg_id) == 7)) {
memcpy((char*)&port, (char*)work, 2);
pna_links = FindUdpTcpOut(pip->ip_src, GetDestAddress(link),
- port, 0, IPPROTO_UDP);
+ port, 0, IPPROTO_UDP, 1);
if (pna_links != NULL) {
#ifndef NO_FW_PUNCH
/* Punch hole in firewall */