Aren
/
NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Resolve conflicts and fix a compile error in ip_ftp_pxy.c.

This commit is contained in:
veego 2000-05-11 19:46:05 +00:00
parent 8748ae4382
commit 8db28cd918
10 changed files with 502 additions and 323 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
sys/netinet/fil.c
View File

@ -1,4 +1,4 @@
/* $NetBSD: fil.c,v 1.32 2000/05/10 00:08:03 itojun Exp $ */
/* $NetBSD: fil.c,v 1.33 2000/05/11 19:46:05 veego Exp $ */
/*
* Copyright (C) 1993-2000 by Darren Reed.
@ -9,10 +9,10 @@
*/
#if !defined(lint)
#if defined(__NetBSD__)
static const char rcsid[] = "$NetBSD: fil.c,v 1.32 2000/05/10 00:08:03 itojun Exp $";
static const char rcsid[] = "$NetBSD: fil.c,v 1.33 2000/05/11 19:46:05 veego Exp $";
#else
static const char sccsid[] = "@(#)fil.c 1.36 6/5/96 (C) 1993-2000 Darren Reed";
static const char rcsid[] = "@(#)Id: fil.c,v 2.35.2.4 2000/04/28 15:38:32 darrenr Exp";
static const char rcsid[] = "@(#)Id: fil.c,v 2.35.2.6 2000/05/09 22:42:40 darrenr Exp";
#endif
#endif
@ -1074,6 +1074,10 @@ logit:
* Once we're finished return to our caller, freeing the packet if
* we are dropping it (* BSD ONLY *).
*/
if ((changed == -1) && (pass & FR_PASS)) {
pass &= ~FR_PASS;
pass |= FR_BLOCK;
}
#if defined(_KERNEL)
# if !SOLARIS
# if !defined(linux)
@ -1337,7 +1341,7 @@ nodata:
* SUCH DAMAGE.
*
* @(#)uipc_mbuf.c 8.2 (Berkeley) 1/4/94
* Id: fil.c,v 2.35.2.4 2000/04/28 15:38:32 darrenr Exp
* Id: fil.c,v 2.35.2.6 2000/05/09 22:42:40 darrenr Exp
*/
/*
* Copy data from an mbuf chain starting "off" bytes from the beginning,

48
sys/netinet/ip_fil.c
View File

@ -1,4 +1,4 @@
/* $NetBSD: ip_fil.c,v 1.49 2000/05/03 11:12:06 veego Exp $ */
/* $NetBSD: ip_fil.c,v 1.50 2000/05/11 19:46:05 veego Exp $ */
/*
* Copyright (C) 1993-2000 by Darren Reed.
@ -9,10 +9,10 @@
*/
#if !defined(lint)
#if defined(__NetBSD__)
static const char rcsid[] = "$NetBSD: ip_fil.c,v 1.49 2000/05/03 11:12:06 veego Exp $";
static const char rcsid[] = "$NetBSD: ip_fil.c,v 1.50 2000/05/11 19:46:05 veego Exp $";
#else
static const char sccsid[] = "@(#)ip_fil.c 2.41 6/5/96 (C) 1993-2000 Darren Reed";
static const char rcsid[] = "@(#)Id: ip_fil.c,v 2.42.2.2 2000/04/28 14:56:50 darrenr Exp";
static const char rcsid[] = "@(#)Id: ip_fil.c,v 2.42.2.4 2000/05/09 22:43:31 darrenr Exp";
#endif
#endif
@ -177,6 +177,10 @@ struct callout ipfr_slowtimer_ch;
#if (__FreeBSD_version >= 300000) && defined(_KERNEL)
struct callout_handle ipfr_slowtimer_ch;
#endif
#if defined(__NetBSD__) && (__NetBSD_Version__ >= 104230000)
# include <sys/callout.h>
struct callout ipfr_slowtimer_ch;
#endif
#if (_BSDI_VERSION >= 199510) && defined(_KERNEL)
# include <sys/device.h>
@ -326,13 +330,13 @@ pfil_error:
# else
"disabled");
# endif
#ifdef _KERNEL
# if (__FreeBSD_version >= 300000) && defined(_KERNEL)
ipfr_slowtimer_ch = timeout(ipfr_slowtimer, NULL, hz/2);
# else
# if defined(__NetBSD__)
#ifdef _KERNEL
# if defined(__NetBSD__) && (__NetBSD_Version__ >= 104230000)
callout_init(&ipfr_slowtimer_ch);
callout_reset(&ipfr_slowtimer_ch, hz / 2, ipfr_slowtimer, NULL);
# else
# if (__FreeBSD_version >= 300000) && defined(_KERNEL)
ipfr_slowtimer_ch = timeout(ipfr_slowtimer, NULL, hz/2);
# else
timeout(ipfr_slowtimer, NULL, hz/2);
# endif
@ -357,20 +361,20 @@ int ipldetach()
int error = 0;
#endif
#ifdef _KERNEL
# if (__FreeBSD_version >= 300000)
untimeout(ipfr_slowtimer, NULL, ipfr_slowtimer_ch);
#ifdef _KERNEL
# if defined(__NetBSD__) && (__NetBSD_Version__ >= 104230000)
callout_stop(&ipfr_slowtimer_ch);
# else
# if (__FreeBSD_version >= 300000)
untimeout(ipfr_slowtimer, NULL, ipfr_slowtimer_ch);
# else
# ifdef __sgi
untimeout(ipfr_slowtimer);
# else
# ifdef __NetBSD__
callout_stop(&ipfr_slowtimer_ch);
# else
untimeout(ipfr_slowtimer, NULL);
# endif
# endif
# endif
# endif /* FreeBSD */
# endif /* NetBSD */
#endif
SPL_NET(s);
if (!fr_running)
@ -1383,9 +1387,12 @@ frdest_t *fdp;
* If small enough for interface, can just send directly.
*/
if (ip->ip_len <= ifp->if_mtu) {
# ifndef __NetBSD__
# if BSD >= 199306
int i = m->m_flags & M_EXT;
# endif
# ifndef __NetBSD__
ip->ip_id = htons(ip->ip_id);
# endif
# endif
ip->ip_len = htons(ip->ip_len);
ip->ip_off = htons(ip->ip_off);
if (!ip->ip_sum)
@ -1393,6 +1400,11 @@ frdest_t *fdp;
# if BSD >= 199306
error = (*ifp->if_output)(ifp, m, (struct sockaddr *)dst,
ro->ro_rt);
if (i) {
ip->ip_id = ntohs(ip->ip_id);
ip->ip_len = ntohs(ip->ip_len);
ip->ip_off = ntohs(ip->ip_off);
}
# else
error = (*ifp->if_output)(ifp, m, (struct sockaddr *)dst);
# endif

26
sys/netinet/ip_frag.c
View File

@ -1,4 +1,4 @@
/* $NetBSD: ip_frag.c,v 1.18 2000/05/03 11:12:07 veego Exp $ */
/* $NetBSD: ip_frag.c,v 1.19 2000/05/11 19:46:06 veego Exp $ */
/*
* Copyright (C) 1993-2000 by Darren Reed.
@ -9,10 +9,10 @@
*/
#if !defined(lint)
#if defined(__NetBSD__)
static const char rcsid[] = "$NetBSD: ip_frag.c,v 1.18 2000/05/03 11:12:07 veego Exp $";
static const char rcsid[] = "$NetBSD: ip_frag.c,v 1.19 2000/05/11 19:46:06 veego Exp $";
#else
static const char sccsid[] = "@(#)ip_frag.c 1.11 3/24/96 (C) 1993-2000 Darren Reed";
static const char rcsid[] = "@(#)Id: ip_frag.c,v 2.10.2.1 2000/04/28 14:56:51 darrenr Exp";
static const char rcsid[] = "@(#)Id: ip_frag.c,v 2.10.2.3 2000/05/05 15:10:23 darrenr Exp";
#endif
#endif
@ -91,8 +91,8 @@ static const char rcsid[] = "@(#)Id: ip_frag.c,v 2.10.2.1 2000/04/28 14:56:51 da
extern struct callout_handle ipfr_slowtimer_ch;
# endif
#endif
#if defined(__NetBSD__)
#include <sys/callout.h>
#if defined(__NetBSD__) && (__NetBSD_Version__ >= 104230000)
# include <sys/callout.h>
extern struct callout ipfr_slowtimer_ch;
#endif
@ -535,10 +535,13 @@ int ipfr_slowtimer()
fr_timeoutstate();
ip_natexpire();
fr_authexpire();
# if SOLARIS
# if SOLARIS
ipfr_timer_id = timeout(ipfr_slowtimer, NULL, drv_usectohz(500000));
RWLOCK_EXIT(&ipf_solaris);
# else
# ifndef linux
# if defined(__NetBSD__) && (__NetBSD_Version__ >= 104240000)
callout_reset(&ipfr_slowtimer_ch, hz / 2, ipfr_slowtimer, NULL);
# else
# if (__FreeBSD_version >= 300000)
ipfr_slowtimer_ch = timeout(ipfr_slowtimer, NULL, hz/2);
# else
@ -548,11 +551,10 @@ int ipfr_slowtimer()
timeout(ipfr_slowtimer, NULL, hz/2);
# endif
# endif
# endif
# if (BSD < 199306) && !defined(__sgi)
# if (BSD < 199306) && !defined(__sgi)
return 0;
# endif
# endif
RWLOCK_EXIT(&ipf_solaris);
# endif /* FreeBSD */
# endif /* NetBSD */
# endif /* SOLARIS */
}
#endif /* defined(_KERNEL) */

634
sys/netinet/ip_ftp_pxy.c
View File

@ -1,10 +1,10 @@
/* $NetBSD: ip_ftp_pxy.c,v 1.14 2000/05/03 11:12:07 veego Exp $ */
/* $NetBSD: ip_ftp_pxy.c,v 1.15 2000/05/11 19:46:06 veego Exp $ */
/*
* Simple FTP transparent proxy for in-kernel use. For use with the NAT
* code.
*
* Id: ip_ftp_pxy.c,v 2.7.2.1 2000/04/30 05:13:05 darrenr Exp
* Id: ip_ftp_pxy.c,v 2.7.2.5 2000/05/09 11:41:46 darrenr Exp
*/
#if SOLARIS && defined(_KERNEL)
extern kmutex_t ipf_rw;
@ -22,15 +22,18 @@ extern kmutex_t ipf_rw;
#define IPF_FTPBUFSZ 96 /* This *MUST* be >= 53! */
int ippr_ftp_client __P((fr_info_t *, ip_t *, nat_t *, ftpinfo_t *, int));
int ippr_ftp_complete __P((char *, size_t));
int ippr_ftp_in __P((fr_info_t *, ip_t *, ap_session_t *, nat_t *));
int ippr_ftp_init __P((void));
int ippr_ftp_new __P((fr_info_t *, ip_t *, ap_session_t *, nat_t *));
int ippr_ftp_out __P((fr_info_t *, ip_t *, ap_session_t *, nat_t *));
int ippr_ftp_in __P((fr_info_t *, ip_t *, ap_session_t *, nat_t *));
int ippr_ftp_portmsg __P((fr_info_t *, ip_t *, nat_t *));
int ippr_ftp_pasvmsg __P((fr_info_t *, ip_t *, nat_t *));
int ippr_ftp_complete __P((char *, size_t));
u_short ipf_ftp_atoi __P((char **));
int ippr_ftp_pasv __P((fr_info_t *, ip_t *, nat_t *, ftpside_t *, int));
int ippr_ftp_port __P((fr_info_t *, ip_t *, nat_t *, ftpside_t *, int));
int ippr_ftp_process __P((fr_info_t *, ip_t *, nat_t *, ftpinfo_t *, int));
int ippr_ftp_server __P((fr_info_t *, ip_t *, nat_t *, ftpinfo_t *, int));
int ippr_ftp_valid __P((char *, size_t));
u_short ippr_ftp_atoi __P((char **));
static frentry_t natfr;
int ippr_ftp_pasvonly = 0;
@ -48,77 +51,6 @@ int ippr_ftp_init()
}
int ippr_ftp_complete(buf, len)
char *buf;
size_t len;
{
register char *s, c;
register size_t i = len;
nextmsg:
if (i < 5)
return 0;
s = buf;
c = *s++;
i--;
if (isdigit(c)) {
c = *s++;
i--;
if (isdigit(c)) {
c = *s++;
i--;
if (isdigit(c)) {
c = *s++;
i--;
if (c != '-' && c != ' ')
return 0;
} else
return 0;
} else
return 0;
} else if (isupper(c)) {
c = *s++;
i--;
if (isupper(c)) {
c = *s++;
i--;
if (isupper(c)) {
c = *s++;
i--;
if (isupper(c)) {
c = *s++;
i--;
if (c != ' ' && c != '\r')
return 0;
} else if (c != ' ' && c != '\r')
return 0;
} else
return 0;
} else
return 0;
} else
return 0;
for (; i && (c = *s); i--, s++) {
if (c == '\r') {
if (i >= 2)
continue;
return 0;
}
if (c == '\n') {
if (i > 1)
goto nextmsg;
}
if ((i == 2) && (c != '\r'))
return 0;
else if ((i == 1) && (c != '\n'))
return 0;
}
return (i == 0);
}
int ippr_ftp_new(fin, ip, aps, nat)
fr_info_t *fin;
ip_t *ip;
@ -126,6 +58,7 @@ ap_session_t *aps;
nat_t *nat;
{
ftpinfo_t *ftp;
ftpside_t *f;
KMALLOC(ftp, ftpinfo_t *);
if (ftp == NULL)
@ -134,53 +67,31 @@ nat_t *nat;
aps->aps_psiz = sizeof(ftpinfo_t);
bzero((char *)ftp, sizeof(*ftp));
f = &ftp->ftp_side[0];
f->ftps_rptr = f->ftps_buf;
f->ftps_wptr = f->ftps_buf;
f = &ftp->ftp_side[1];
f->ftps_rptr = f->ftps_buf;
f->ftps_wptr = f->ftps_buf;
return 0;
}
/*
* ipf_ftp_atoi - implement a version of atoi which processes numbers in
* pairs separated by commas (which are expected to be in the range 0 - 255),
* returning a 16 bit number combining either side of the , as the MSB and
* LSB.
*/
u_short ipf_ftp_atoi(ptr)
char **ptr;
{
char *s = *ptr, c;
u_char i = 0, j = 0;
while ((c = *s++) && isdigit(c)) {
i *= 10;
i += c - '0';
}
if (c != ',') {
*ptr = NULL;
return 0;
}
while ((c = *s++) && isdigit(c)) {
j *= 10;
j += c - '0';
}
*ptr = s;
return (i << 8) | j;
}
int ippr_ftp_portmsg(fin, ip, nat)
int ippr_ftp_port(fin, ip, nat, f, dlen)
fr_info_t *fin;
ip_t *ip;
nat_t *nat;
ftpside_t *f;
int dlen;
{
char portbuf[IPF_FTPBUFSZ], newbuf[IPF_FTPBUFSZ], *s;
tcphdr_t *tcp, tcph, *tcp2 = &tcph;
size_t nlen = 0, dlen, olen;
char newbuf[IPF_FTPBUFSZ], *s;
u_short a5, a6, sp, dp;
u_int a1, a2, a3, a4;
struct in_addr swip;
int off, inc = 0;
ftpinfo_t *ftp;
size_t nlen, olen;
fr_info_t fi;
int inc, off;
nat_t *ipn;
mb_t *m;
#if SOLARIS
@ -188,79 +99,34 @@ nat_t *nat;
#endif
tcp = (tcphdr_t *)fin->fin_dp;
bzero(portbuf, sizeof(portbuf));
off = (ip->ip_hl << 2) + (tcp->th_off << 2);
#if SOLARIS
m = fin->fin_qfm;
dlen = msgdsize(m) - off;
if (dlen > 0)
copyout_mblk(m, off, MIN(sizeof(portbuf), dlen), portbuf);
#else
m = *(mb_t **)fin->fin_mp;
dlen = mbufchainlen(m) - off;
if (dlen > 0)
m_copydata(m, off, MIN(sizeof(portbuf), dlen), portbuf);
#endif
if (dlen == 0)
off = f->ftps_seq - ntohl(tcp->th_seq);
if (off < 0)
return 0;
portbuf[sizeof(portbuf) - 1] = '\0';
*newbuf = '\0';
/*
* Check that a user is progressing through the login ok.
*/
ftp = nat->nat_aps->aps_data;
ftp->ftp_eol[1][1] = ftp->ftp_eol[1][0];
ftp->ftp_eol[1][0] = ippr_ftp_complete(portbuf, dlen);
ftp->ftp_seq[1][1] = ftp->ftp_seq[1][0];
ftp->ftp_seq[1][0] = ntohl(tcp->th_seq) + dlen;
switch (ftp->ftp_passok)
{
case 0 :
if (!strncmp(portbuf, "USER ", 5))
ftp->ftp_passok = 1;
break;
case 2 :
if (!strncmp(portbuf, "PASS ", 5))
ftp->ftp_passok = 3;
break;
}
if (ftp->ftp_eol[1][0] == 0)
return 0;
if ((ftp->ftp_passok != 4) || (ftp->ftp_eol[1][1] == 0) ||
(ntohl(tcp->th_ack) != ftp->ftp_seq[0][0]))
return 0;
/*
* Check for client sending out PORT message.
*/
if (!ippr_ftp_pasvonly && !strncmp(portbuf, "PORT ", 5)) {
if (dlen < IPF_MINPORTLEN)
return 0;
} else
if (dlen < IPF_MINPORTLEN)
return 0;
/*
* Count the number of bytes in the PORT message is.
*/
if (off < 0)
return 0;
off += fin->fin_hlen + (tcp->th_off << 2);
/*
* Skip the PORT command + space
*/
s = portbuf + 5;
s = f->ftps_rptr + 5;
/*
* Pick out the address components, two at a time.
*/
a1 = ipf_ftp_atoi(&s);
a1 = ippr_ftp_atoi(&s);
if (!s)
return 0;
a2 = ipf_ftp_atoi(&s);
a2 = ippr_ftp_atoi(&s);
if (!s)
return 0;
/*
* check that IP address in the PORT/PASV reply is the same as the
* sender of the command - prevents using PORT for port scanning.
@ -270,7 +136,7 @@ nat_t *nat;
if (a1 != ntohl(nat->nat_inip.s_addr))
return 0;
a5 = ipf_ftp_atoi(&s);
a5 = ippr_ftp_atoi(&s);
if (!s)
return 0;
if (*s == ')')
@ -295,7 +161,7 @@ nat_t *nat;
a3 = (a1 >> 8) & 0xff;
a4 = a1 & 0xff;
a1 >>= 24;
olen = s - portbuf;
olen = s - f->ftps_rptr;
/* DO NOT change this to sprintf! */
(void) sprintf(newbuf, "%s %u,%u,%u,%u,%u,%u\r\n",
"PORT", a1, a2, a3, a4, a5, a6);
@ -306,6 +172,7 @@ nat_t *nat;
return 0;
#if SOLARIS
m = fin->fin_qfm;
for (m1 = m; m1->b_cont; m1 = m1->b_cont)
;
if ((inc > 0) && (m1->b_datap->db_lim - m1->b_wptr < inc)) {
@ -331,6 +198,7 @@ nat_t *nat;
}
copyin_mblk(m, off, nlen, newbuf);
#else
m = *((mb_t **)fin->fin_mp);
if (inc < 0)
m_adj(m, inc);
/* the mbuf chain will be extended if necessary by m_copyback() */
@ -374,10 +242,15 @@ nat_t *nat;
ipn = nat_outlookup(fin->fin_ifp, IPN_TCP, nat->nat_p, nat->nat_inip,
ip->ip_dst, (dp << 16) | sp);
if (ipn == NULL) {
int slen;
slen = ip->ip_len;
ip->ip_len = fin->fin_hlen + sizeof(*tcp2);
bcopy((char *)fin, (char *)&fi, sizeof(fi));
bzero((char *)tcp2, sizeof(*tcp2));
tcp2->th_win = htons(8192);
tcp2->th_sport = sp;
tcp2->th_off = 5;
tcp2->th_dport = 0; /* XXX - don't specify remote port */
fi.fin_data[0] = ntohs(sp);
fi.fin_data[1] = 0;
@ -390,120 +263,99 @@ nat_t *nat;
ipn->nat_age = fr_defnatage;
(void) fr_addstate(ip, &fi, FI_W_DPORT);
}
ip->ip_len = slen;
ip->ip_src = swip;
}
return inc;
}
int ippr_ftp_out(fin, ip, aps, nat)
int ippr_ftp_client(fin, ip, nat, ftp, dlen)
fr_info_t *fin;
ip_t *ip;
ap_session_t *aps;
nat_t *nat;
ftpinfo_t *ftp;
ip_t *ip;
int dlen;
{
return ippr_ftp_portmsg(fin, ip, nat);
char *rptr, *wptr;
ftpside_t *f;
int inc;
inc = 0;
f = &ftp->ftp_side[0];
rptr = f->ftps_rptr;
wptr = f->ftps_wptr;
if ((ftp->ftp_passok == 0) && !strncmp(rptr, "USER ", 5))
ftp->ftp_passok = 1;
else if ((ftp->ftp_passok == 2) && !strncmp(rptr, "PASS ", 5))
ftp->ftp_passok = 3;
else if ((ftp->ftp_passok == 4) && !ippr_ftp_pasvonly &&
!strncmp(rptr, "PORT ", 5)) {
inc = ippr_ftp_port(fin, ip, nat, f, dlen);
}
while ((*rptr++ != '\n') && (rptr < wptr))
;
f->ftps_seq += rptr - f->ftps_rptr;
f->ftps_rptr = rptr;
return inc;
}
int ippr_ftp_pasvmsg(fin, ip, nat)
int ippr_ftp_pasv(fin, ip, nat, f, dlen)
fr_info_t *fin;
ip_t *ip;
nat_t *nat;
ftpside_t *f;
int dlen;
{
char portbuf[IPF_FTPBUFSZ], newbuf[IPF_FTPBUFSZ], *s;
int off, olen, dlen, nlen = 0, inc = 0;
tcphdr_t tcph, *tcp2 = &tcph;
tcphdr_t *tcp, tcph, *tcp2 = &tcph;
char *s;
struct in_addr swip, swip2;
u_short a5, a6, dp, sp;
u_short a5, a6, sp, dp;
u_int a1, a2, a3, a4;
ftpinfo_t *ftp;
tcphdr_t *tcp;
fr_info_t fi;
nat_t *ipn;
#if 0
char newbuf[IPF_FTPBUFSZ];
size_t nlen, olen;
mb_t *m;
#if SOLARIS
mb_t *m1;
#endif
tcp = (tcphdr_t *)fin->fin_dp;
off = (ip->ip_hl << 2) + (tcp->th_off << 2);
m = *(mb_t **)fin->fin_mp;
bzero(portbuf, sizeof(portbuf));
#if SOLARIS
m = fin->fin_qfm;
dlen = msgdsize(m) - off;
if (dlen > 0)
copyout_mblk(m, off, MIN(sizeof(portbuf), dlen), portbuf);
#else
dlen = mbufchainlen(m) - off;
if (dlen > 0)
m_copydata(m, off, MIN(sizeof(portbuf), dlen), portbuf);
#endif
if (dlen == 0)
return 0;
portbuf[sizeof(portbuf) - 1] = '\0';
*newbuf = '\0';
/*
* Check that a user is progressing through the login ok.
* Don't put the switch in one common function because one side
* should only see numeric responses and the other commands.
*/
ftp = nat->nat_aps->aps_data;
ftp->ftp_eol[0][1] = ftp->ftp_eol[0][0];
ftp->ftp_eol[0][0] = ippr_ftp_complete(portbuf, dlen);
ftp->ftp_seq[0][1] = ftp->ftp_seq[0][0];
ftp->ftp_seq[0][0] = ntohl(tcp->th_seq) + dlen;
switch (ftp->ftp_passok)
{
case 1 :
if (!strncmp(portbuf, "331", 3))
ftp->ftp_passok = 2;
else if (!strncmp(portbuf, "530", 3))
ftp->ftp_passok = 0;
break;
case 3 :
if (!strncmp(portbuf, "230", 3))
ftp->ftp_passok = 4;
break;
default :
break;
}
if (ftp->ftp_eol[0][0] == 0)
return 0;
if ((ftp->ftp_passok != 4) || (ftp->ftp_eol[0][1] == 0) ||
(ntohl(tcp->th_ack) != ftp->ftp_seq[1][0]))
return 0;
fr_info_t fi;
int inc, off;
nat_t *ipn;
/*
* Check for PASV reply message.
*/
if (!strncmp(portbuf, "227 ", 4)) {
if (dlen < IPF_MIN227LEN)
return 0;
else if (strncmp(portbuf, "227 Entering Passive Mode", 25))
return 0;
} else
if (dlen < IPF_MIN227LEN)
return 0;
else if (strncmp(f->ftps_rptr, "227 Entering Passive Mode", 25))
return 0;
/*
* Count the number of bytes in the 227 reply is.
*/
tcp = (tcphdr_t *)fin->fin_dp;
off = f->ftps_seq - ntohl(tcp->th_seq);
if (off < 0)
return 0;
off += fin->fin_hlen + (tcp->th_off << 2);
/*
* Skip the PORT command + space
*/
s = portbuf + 25;
s = f->ftps_rptr + 25;
while (*s && !isdigit(*s))
s++;
/*
* Pick out the address components, two at a time.
*/
a1 = ipf_ftp_atoi(&s);
a1 = ippr_ftp_atoi(&s);
if (!s)
return 0;
a2 = ipf_ftp_atoi(&s);
a2 = ippr_ftp_atoi(&s);
if (!s)
return 0;
@ -516,7 +368,7 @@ nat_t *nat;
if (a1 != ntohl(nat->nat_oip.s_addr))
return 0;
a5 = ipf_ftp_atoi(&s);
a5 = ippr_ftp_atoi(&s);
if (!s)
return 0;
@ -541,16 +393,18 @@ nat_t *nat;
a3 = (a1 >> 8) & 0xff;
a4 = a1 & 0xff;
a1 >>= 24;
olen = s - portbuf;
inc = 0;
#if 0
olen = s - f->ftps_rptr;
(void) sprintf(newbuf, "%s %u,%u,%u,%u,%u,%u\r\n",
"227 Entering Passive Mode", a1, a2, a3, a4, a5, a6);
nlen = strlen(newbuf);
inc = nlen - olen;
if ((inc + ip->ip_len) > 65535)
return 0;
#if SOLARIS
m = fin->fin_qfm;
for (m1 = m; m1->b_cont; m1 = m1->b_cont)
;
if ((inc > 0) && (m1->b_datap->db_lim - m1->b_wptr < inc)) {
@ -571,12 +425,13 @@ nat_t *nat;
} else {
m1->b_wptr += inc;
}
copyin_mblk(m, off, nlen, newbuf);
/*copyin_mblk(m, off, nlen, newbuf);*/
#else
m = *((mb_t **)fin->fin_mp);
if (inc < 0)
m_adj(m, inc);
/* the mbuf chain will be extended if necessary by m_copyback() */
m_copyback(m, off, nlen, newbuf);
/*m_copyback(m, off, nlen, newbuf);*/
#endif
if (inc != 0) {
#if SOLARIS || defined(__sgi)
@ -595,6 +450,7 @@ nat_t *nat;
#endif
ip->ip_len += inc;
}
#endif
/*
* Add skeleton NAT entry for connection which will come back the
@ -605,10 +461,15 @@ nat_t *nat;
ipn = nat_outlookup(fin->fin_ifp, IPN_TCP, nat->nat_p, nat->nat_inip,
ip->ip_dst, (dp << 16) | sp);
if (ipn == NULL) {
int slen;
slen = ip->ip_len;
ip->ip_len = fin->fin_hlen + sizeof(*tcp2);
bcopy((char *)fin, (char *)&fi, sizeof(fi));
bzero((char *)tcp2, sizeof(*tcp2));
tcp2->th_win = htons(8192);
tcp2->th_sport = 0; /* XXX - fake it for nat_new */
tcp2->th_off = 5;
fi.fin_data[0] = a5 << 8 | a6;
tcp2->th_dport = htons(fi.fin_data[0]);
fi.fin_data[1] = 0;
@ -623,6 +484,7 @@ nat_t *nat;
ipn->nat_age = fr_defnatage;
(void) fr_addstate(ip, &fi, FI_W_SPORT);
}
ip->ip_len = slen;
ip->ip_src = swip;
ip->ip_dst = swip2;
}
@ -630,12 +492,274 @@ nat_t *nat;
}
int ippr_ftp_server(fin, ip, nat, ftp, dlen)
fr_info_t *fin;
ip_t *ip;
nat_t *nat;
ftpinfo_t *ftp;
int dlen;
{
char *rptr, *wptr;
ftpside_t *f;
int inc;
inc = 0;
f = &ftp->ftp_side[1];
rptr = f->ftps_rptr;
wptr = f->ftps_wptr;
if ((ftp->ftp_passok == 1) && !strncmp(rptr, "331", 3))
ftp->ftp_passok = 2;
else if ((ftp->ftp_passok == 3) && !strncmp(rptr, "230", 3))
ftp->ftp_passok = 4;
else if ((ftp->ftp_passok == 3) && !strncmp(rptr, "530", 3))
ftp->ftp_passok = 0;
else if ((ftp->ftp_passok == 4) && !strncmp(rptr, "227 ", 4)) {
inc = ippr_ftp_pasv(fin, ip, nat, f, dlen);
}
while ((*rptr++ != '\n') && (rptr < wptr))
;
f->ftps_seq += rptr - f->ftps_rptr;
f->ftps_rptr = rptr;
return inc;
}
/*
* Look to see if the buffer starts with something which we recognise as
* being the correct syntax for the FTP protocol.
*/
int ippr_ftp_valid(buf, len)
char *buf;
size_t len;
{
register char *s, c;
register size_t i = len;
if (i < 5)
return 2;
s = buf;
c = *s++;
i--;
if (isdigit(c)) {
c = *s++;
i--;
if (isdigit(c)) {
c = *s++;
i--;
if (isdigit(c)) {
c = *s++;
i--;
if ((c != '-') && (c != ' '))
return 1;
} else
return 1;
} else
return 1;
} else if (isupper(c)) {
c = *s++;
i--;
if (isupper(c)) {
c = *s++;
i--;
if (isupper(c)) {
c = *s++;
i--;
if (isupper(c)) {
c = *s++;
i--;
if ((c != ' ') && (c != '\r'))
return 1;
} else if ((c != ' ') && (c != '\r'))
return 1;
} else
return 1;
} else
return 1;
} else
return 1;
for (; i; i--) {
c = *s++;
if (c == '\n')
return 0;
}
return 2;
}
int ippr_ftp_process(fin, ip, nat, ftp, rv)
fr_info_t *fin;
ip_t *ip;
nat_t *nat;
ftpinfo_t *ftp;
int rv;
{
int mlen, len, off, inc, i;
char *rptr, *wptr;
tcphdr_t *tcp;
ftpside_t *f;
mb_t *m;
tcp = (tcphdr_t *)fin->fin_dp;
off = fin->fin_hlen + (tcp->th_off << 2);
#if SOLARIS
m = fin->fin_qfm;
#else
m = *((mb_t **)fin->fin_mp);
#endif
#if SOLARIS
mlen = msgdsize(m) - off;
#else
mlen = mbufchainlen(m) - off;
#endif
if (!mlen)
return 0;
inc = 0;
f = &ftp->ftp_side[rv];
rptr = f->ftps_rptr;
wptr = f->ftps_wptr;
if ((wptr == f->ftps_buf) && (f->ftps_seq <= ntohl(tcp->th_seq)))
f->ftps_seq = ntohl(tcp->th_seq);
/*
* XXX - Ideally, this packet should get dropped because we now know
* that it is out of order (and there is no real danger in doing so
* apart from causing packets to go through here ordered).
*/
if (ntohl(tcp->th_seq) != f->ftps_seq + (wptr - rptr)) {
return APR_ERR(-1);
}
while (mlen > 0) {
len = MIN(mlen, FTP_BUFSZ / 2);
#if SOLARIS
copyout_mblk(m, off, len, wptr);
#else
m_copydata(m, off, len, wptr);
#endif
mlen -= len;
off += len;
wptr += len;
f->ftps_wptr = wptr;
if (f->ftps_junk == 2)
f->ftps_junk = ippr_ftp_valid(rptr, wptr - rptr);
while ((f->ftps_junk == 0) && (wptr > rptr)) {
f->ftps_junk = ippr_ftp_valid(rptr, wptr - rptr);
if (f->ftps_junk == 0) {
len = wptr - rptr;
f->ftps_rptr = rptr;
if (rv)
inc += ippr_ftp_server(fin, ip, nat,
ftp, len);
else
inc += ippr_ftp_client(fin, ip, nat,
ftp, len);
rptr = f->ftps_rptr;
}
}
while ((f->ftps_junk == 1) && (rptr < wptr)) {
while ((rptr < wptr) && (*rptr != '\r'))
rptr++;
if ((*rptr == '\r') && (rptr + 1 < wptr)) {
if (*(rptr + 1) == '\n') {
rptr += 2;
f->ftps_junk = 0;
} else
rptr++;
}
f->ftps_seq += rptr - f->ftps_rptr;
f->ftps_rptr = rptr;
}
if (rptr == wptr) {
rptr = wptr = f->ftps_buf;
} else {
if ((wptr > f->ftps_buf + FTP_BUFSZ / 2)) {
i = wptr - rptr;
if ((rptr == f->ftps_buf) ||
(wptr - rptr > FTP_BUFSZ / 2)) {
f->ftps_seq += i;
f->ftps_junk = 1;
rptr = wptr = f->ftps_buf;
} else {
bcopy(rptr, f->ftps_buf, i);
wptr = f->ftps_buf + i;
rptr = f->ftps_buf;
}
}
f->ftps_rptr = rptr;
f->ftps_wptr = wptr;
}
}
f->ftps_rptr = rptr;
f->ftps_wptr = wptr;
return inc;
}
int ippr_ftp_out(fin, ip, aps, nat)
fr_info_t *fin;
ip_t *ip;
ap_session_t *aps;
nat_t *nat;
{
ftpinfo_t *ftp;
ftp = aps->aps_data;
if (ftp == NULL)
return 0;
return ippr_ftp_process(fin, ip, nat, ftp, 0);
}
int ippr_ftp_in(fin, ip, aps, nat)
fr_info_t *fin;
ip_t *ip;
ap_session_t *aps;
nat_t *nat;
{
ftpinfo_t *ftp;
return ippr_ftp_pasvmsg(fin, ip, nat);
ftp = aps->aps_data;
if (ftp == NULL)
return 0;
return ippr_ftp_process(fin, ip, nat, ftp, 1);
}
/*
* ippr_ftp_atoi - implement a version of atoi which processes numbers in
* pairs separated by commas (which are expected to be in the range 0 - 255),
* returning a 16 bit number combining either side of the , as the MSB and
* LSB.
*/
u_short ippr_ftp_atoi(ptr)
char **ptr;
{
register char *s = *ptr, c;
register u_char i = 0, j = 0;
while ((c = *s++) && isdigit(c)) {
i *= 10;
i += c - '0';
}
if (c != ',') {
*ptr = NULL;
return 0;
}
while ((c = *s++) && isdigit(c)) {
j *= 10;
j += c - '0';
}
*ptr = s;
return (i << 8) | j;
}

36
sys/netinet/ip_nat.c
View File

@ -1,4 +1,4 @@
/* $NetBSD: ip_nat.c,v 1.31 2000/05/03 11:12:07 veego Exp $ */
/* $NetBSD: ip_nat.c,v 1.32 2000/05/11 19:46:06 veego Exp $ */
/*
* Copyright (C) 1995-2000 by Darren Reed.
@ -11,10 +11,10 @@
*/
#if !defined(lint)
#if defined(__NetBSD__)
static const char rcsid[] = "$NetBSD: ip_nat.c,v 1.31 2000/05/03 11:12:07 veego Exp $";
static const char rcsid[] = "$NetBSD: ip_nat.c,v 1.32 2000/05/11 19:46:06 veego Exp $";
#else
static const char sccsid[] = "@(#)ip_nat.c 1.11 6/5/96 (C) 1995 Darren Reed";
static const char rcsid[] = "@(#)Id: ip_nat.c,v 2.37.2.2 2000/04/30 05:10:56 darrenr Exp";
static const char rcsid[] = "@(#)Id: ip_nat.c,v 2.37.2.4 2000/05/06 12:29:48 darrenr Exp";
#endif
#endif
@ -1168,7 +1168,7 @@ int direction;
port += MAPBLK_MINPORT;
port = htons(port);
}
} else if (!in.s_addr &&
} else if (!np->in_nip &&
(np->in_outmsk == 0xffffffff)) {
/*
* 0/32 - use the interface's IP address.
@ -1177,7 +1177,7 @@ int direction;
fr_ifpaddr(4, fin->fin_ifp, &in) == -1)
goto badnat;
in.s_addr = ntohl(in.s_addr);
} else if (!in.s_addr && !np->in_outmsk) {
} else if (!np->in_nip && !np->in_outmsk) {
/*
* 0/0 - use the original source address/port.
*/
@ -1919,12 +1919,17 @@ maskloop:
ip->ip_len);
}
}
if ((np->in_apr != NULL) && (np->in_dport == 0 ||
(tcp != NULL && dport == np->in_dport)))
(void) appr_check(ip, fin, nat);
(tcp != NULL && dport == np->in_dport))) {
i = appr_check(ip, fin, nat);
if (i == 0)
i = 1;
} else
i = 1;
ATOMIC_INCL(nat_stats.ns_mapped[1]);
RWLOCK_EXIT(&ipf_nat); /* READ */
return 1;
return i;
}
RWLOCK_EXIT(&ipf_nat); /* READ/WRITE */
return 0;
@ -2040,8 +2045,13 @@ maskloop:
if (natadd && fin->fin_fi.fi_fl & FI_FRAG)
ipfr_nat_newfrag(ip, fin, 0, nat);
if ((np->in_apr != NULL) && (np->in_dport == 0 ||
(tcp != NULL && sport == np->in_dport)))
(void) appr_check(ip, fin, nat);
(tcp != NULL && sport == np->in_dport))) {
i = appr_check(ip, fin, nat);
if (i == -1) {
RWLOCK_EXIT(&ipf_nat);
return i;
}
}
MUTEX_ENTER(&nat->nat_lock);
if (nflags != IPN_ICMPERR)
@ -2102,9 +2112,11 @@ maskloop:
if (csump) {
if (nat->nat_dir == NAT_OUTBOUND)
fix_incksum(csump, nat->nat_sumd[0], 0);
fix_incksum(csump, nat->nat_sumd[0],
0);
else
fix_outcksum(csump, nat->nat_sumd[0], 0);
fix_outcksum(csump, nat->nat_sumd[0],
0);
}
}
ATOMIC_INCL(nat_stats.ns_mapped[0]);

17
sys/netinet/ip_proxy.c
View File

@ -1,4 +1,4 @@
/* $NetBSD: ip_proxy.c,v 1.21 2000/05/03 11:12:13 veego Exp $ */
/* $NetBSD: ip_proxy.c,v 1.22 2000/05/11 19:46:06 veego Exp $ */
/*
* Copyright (C) 1997-2000 by Darren Reed.
@ -9,9 +9,9 @@
*/
#if !defined(lint)
#if defined(__NetBSD__)
static const char rcsid[] = "$NetBSD: ip_proxy.c,v 1.21 2000/05/03 11:12:13 veego Exp $";
static const char rcsid[] = "$NetBSD: ip_proxy.c,v 1.22 2000/05/11 19:46:06 veego Exp $";
#else
static const char rcsid[] = "@(#)Id: ip_proxy.c,v 2.9 2000/03/16 01:42:35 darrenr Exp";
static const char rcsid[] = "@(#)Id: ip_proxy.c,v 2.9.2.1 2000/05/06 12:30:50 darrenr Exp";
#endif
#endif
@ -226,6 +226,7 @@ nat_t *nat;
aproxy_t *apr;
tcphdr_t *tcp = NULL;
u_32_t sum;
short rv;
int err;
if (nat->nat_aps == NULL)
@ -260,8 +261,12 @@ nat_t *nat;
err = (*apr->apr_inpkt)(fin, ip, aps, nat);
}
rv = APR_EXIT(err);
if (rv == -1)
return rv;
if (tcp != NULL) {
err = appr_fixseqack(fin, ip, aps, err);
err = appr_fixseqack(fin, ip, aps, APR_INC(err));
#if SOLARIS && defined(_KERNEL)
tcp->th_sum = fr_tcpsum(fin->fin_qfm, ip, tcp);
#else
@ -270,9 +275,9 @@ nat_t *nat;
}
aps->aps_bytes += ip->ip_len;
aps->aps_pkts++;
return 2;
return 1;
}
return -1;
return 0;
}

21
sys/netinet/ip_proxy.h
View File

@ -1,4 +1,4 @@
/* $NetBSD: ip_proxy.h,v 1.14 2000/05/03 11:12:13 veego Exp $ */
/* $NetBSD: ip_proxy.h,v 1.15 2000/05/11 19:46:06 veego Exp $ */
/*
* Copyright (C) 1997-2000 by Darren Reed.
@ -7,7 +7,7 @@
* provided that this notice is preserved and due credit is given
* to the original author and the contributors.
*
* Id: ip_proxy.h,v 2.8.2.1 2000/04/07 12:31:01 darrenr Exp
* Id: ip_proxy.h,v 2.8.2.3 2000/05/06 12:32:43 darrenr Exp
*/
#ifndef _NETINET_IP_PROXY_H_
@ -86,14 +86,25 @@ typedef struct aproxy {
#define APR_DELETE 1
#define APR_ERR(x) (((x) & 0xffff) << 16)
#define APR_EXIT(x) (((x) >> 16) & 0xffff)
#define APR_INC(x) ((x) & 0xffff)
#define FTP_BUFSZ 160
/*
* For the ftp proxy.
*/
typedef struct ftpside {
char *ftps_rptr;
char *ftps_wptr;
u_32_t ftps_seq;
int ftps_junk;
char ftps_buf[FTP_BUFSZ];
} ftpside_t;
typedef struct ftpinfo {
u_int ftp_passok;
u_char ftp_eol[2][2];
u_32_t ftp_seq[2][2];
u_int ftp_passok;
ftpside_t ftp_side[2];
} ftpinfo_t;
/*

15
sys/netinet/ip_raudio_pxy.c
View File

@ -1,7 +1,7 @@
/* $NetBSD: ip_raudio_pxy.c,v 1.4 2000/05/03 11:12:13 veego Exp $ */
/* $NetBSD: ip_raudio_pxy.c,v 1.5 2000/05/11 19:46:06 veego Exp $ */
/*
* Id: ip_raudio_pxy.c,v 1.7 2000/03/16 01:38:07 darrenr Exp
* Id: ip_raudio_pxy.c,v 1.7.2.1 2000/05/06 11:19:33 darrenr Exp
*/
#if SOLARIS && defined(_KERNEL)
extern kmutex_t ipf_rw;
@ -174,8 +174,8 @@ nat_t *nat;
raudio_t *rap = aps->aps_data;
struct in_addr swa, swb;
u_int a1, a2, a3, a4;
int off, dlen, slen;
u_short sp, dp;
int off, dlen;
fr_info_t fi;
tcp_seq seq;
nat_t *ipn;
@ -264,9 +264,12 @@ nat_t *nat;
bcopy((char *)fin, (char *)&fi, sizeof(fi));
bzero((char *)tcp2, sizeof(*tcp2));
tcp2->th_off = 5;
fi.fin_dp = (char *)tcp2;
fi.fin_fr = &raudiofr;
tcp2->th_win = htons(8192);
slen = ip->ip_len;
ip->ip_len = fin->fin_hlen + sizeof(*tcp);
if (((rap->rap_mode & RAP_M_UDP_ROBUST) == RAP_M_UDP_ROBUST) &&
(rap->rap_srport != 0)) {
@ -277,8 +280,7 @@ nat_t *nat;
fi.fin_data[0] = dp;
fi.fin_data[1] = sp;
ipn = nat_new(nat->nat_ptr, ip, &fi,
IPN_UDP | (sp ? 0 : FI_W_SPORT),
NAT_OUTBOUND);
IPN_UDP | (sp ? 0 : FI_W_SPORT), NAT_OUTBOUND);
if (ipn != NULL) {
ipn->nat_age = fr_defnatage;
(void) fr_addstate(ip, &fi, sp ? 0 : FI_W_SPORT);
@ -298,8 +300,9 @@ nat_t *nat;
(void) fr_addstate(ip, &fi, FI_W_DPORT);
}
}
ip->ip_p = swp;
ip->ip_len = slen;
ip->ip_src = swa;
ip->ip_dst = swb;
return 0;

10
sys/netinet/ip_rcmd_pxy.c
View File

@ -1,7 +1,7 @@
/* $NetBSD: ip_rcmd_pxy.c,v 1.3 2000/05/03 11:12:14 veego Exp $ */
/* $NetBSD: ip_rcmd_pxy.c,v 1.4 2000/05/11 19:46:06 veego Exp $ */
/*
* Id: ip_rcmd_pxy.c,v 1.4 1999/12/08 14:35:55 darrenr Exp
* Id: ip_rcmd_pxy.c,v 1.4.2.1 2000/05/06 11:19:34 darrenr Exp
*/
/*
* Simple RCMD transparent proxy for in-kernel use. For use with the NAT
@ -128,11 +128,16 @@ nat_t *nat;
ipn = nat_outlookup(fin->fin_ifp, IPN_TCP, nat->nat_p, nat->nat_inip,
ip->ip_dst, (dp << 16) | sp);
if (ipn == NULL) {
int slen;
slen = ip->ip_len;
ip->ip_len = fin->fin_hlen + sizeof(*tcp);
bcopy((char *)fin, (char *)&fi, sizeof(fi));
bzero((char *)tcp2, sizeof(*tcp2));
tcp2->th_win = htons(8192);
tcp2->th_sport = sp;
tcp2->th_dport = 0; /* XXX - don't specify remote port */
tcp2->th_off = 5;
fi.fin_data[0] = ntohs(sp);
fi.fin_data[1] = 0;
fi.fin_dp = (char *)tcp2;
@ -145,6 +150,7 @@ nat_t *nat;
fi.fin_fr = &rcmdfr;
(void) fr_addstate(ip, &fi, FI_W_DPORT);
}
ip->ip_len = slen;
ip->ip_src = swip;
}
return 0;

6
sys/netinet/ipl.h
View File

@ -1,4 +1,4 @@
/* $NetBSD: ipl.h,v 1.4 2000/05/03 11:12:14 veego Exp $ */
/* $NetBSD: ipl.h,v 1.5 2000/05/11 19:46:06 veego Exp $ */
/*
* Copyright (C) 1993-2000 by Darren Reed.
@ -8,12 +8,12 @@
* to the original author and the contributors.
*
* @(#)ipl.h 1.21 6/5/96
* Id: ipl.h,v 2.15.2.2 2000/04/30 05:13:54 darrenr Exp
* Id: ipl.h,v 2.15.2.3 2000/05/09 22:44:13 darrenr Exp
*/
#ifndef __IPL_H__
#define __IPL_H__
#define IPL_VERSION "IP Filter: v3.4.1"
#define IPL_VERSION "IP Filter: v3.4.2"
#endif