xref: /freebsd/sys/netinet/libalias/alias_ftp.c (revision 7fdf597e96a02165cfe22ff357b857d5fa15ed8a)
1 /*-
2  * SPDX-License-Identifier: BSD-2-Clause
3  *
4  * Copyright (c) 2001 Charles Mott <cm@linktel.net>
5  * All rights reserved.
6  *
7  * Redistribution and use in source and binary forms, with or without
8  * modification, are permitted provided that the following conditions
9  * are met:
10  * 1. Redistributions of source code must retain the above copyright
11  *    notice, this list of conditions and the following disclaimer.
12  * 2. Redistributions in binary form must reproduce the above copyright
13  *    notice, this list of conditions and the following disclaimer in the
14  *    documentation and/or other materials provided with the distribution.
15  *
16  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
17  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
18  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
19  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
20  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
21  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
22  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
23  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
24  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
25  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
26  * SUCH DAMAGE.
27  */
28 
29 #include <sys/cdefs.h>
30 /*
31     Alias_ftp.c performs special processing for FTP sessions under
32     TCP.  Specifically, when a PORT/EPRT command from the client
33     side or 227/229 reply from the server is sent, it is intercepted
34     and modified.  The address is changed to the gateway machine
35     and an aliasing port is used.
36 
37     For this routine to work, the message must fit entirely into a
38     single TCP packet.  This is typically the case, but exceptions
39     can easily be envisioned under the actual specifications.
40 
41     Probably the most troubling aspect of the approach taken here is
42     that the new message will typically be a different length, and
43     this causes a certain amount of bookkeeping to keep track of the
44     changes of sequence and acknowledgment numbers, since the client
45     machine is totally unaware of the modification to the TCP stream.
46 
47     References: RFC 959, RFC 2428.
48 
49     Initial version:  August, 1996  (cjm)
50 
51     Version 1.6
52 	 Brian Somers and Martin Renters identified an IP checksum
53 	 error for modified IP packets.
54 
55     Version 1.7:  January 9, 1996 (cjm)
56 	 Differential checksum computation for change
57 	 in IP packet length.
58 
59     Version 2.1:  May, 1997 (cjm)
60 	 Very minor changes to conform with
61 	 local/global/function naming conventions
62 	 within the packet aliasing module.
63 
64     Version 3.1:  May, 2000 (eds)
65 	 Add support for passive mode, alias the 227 replies.
66 
67     See HISTORY file for record of revisions.
68 */
69 
70 /* Includes */
71 #ifdef _KERNEL
72 #include <sys/param.h>
73 #include <sys/ctype.h>
74 #include <sys/systm.h>
75 #include <sys/kernel.h>
76 #include <sys/module.h>
77 #else
78 #include <ctype.h>
79 #include <errno.h>
80 #include <sys/types.h>
81 #include <stdio.h>
82 #include <string.h>
83 #endif
84 
85 #include <netinet/in_systm.h>
86 #include <netinet/in.h>
87 #include <netinet/ip.h>
88 #include <netinet/tcp.h>
89 
90 #ifdef _KERNEL
91 #include <netinet/libalias/alias.h>
92 #include <netinet/libalias/alias_local.h>
93 #include <netinet/libalias/alias_mod.h>
94 #else
95 #include "alias_local.h"
96 #include "alias_mod.h"
97 #endif
98 
99 #define FTP_CONTROL_PORT_NUMBER 21
100 
101 static void
102 AliasHandleFtpOut(struct libalias *, struct ip *, struct alias_link *,
103     int maxpacketsize);
104 static void
105 AliasHandleFtpIn(struct libalias *, struct ip *, struct alias_link *);
106 
107 static int
108 fingerprint_out(struct libalias *la, struct alias_data *ah)
109 {
110 	if (ah->dport == NULL || ah->sport == NULL || ah->lnk == NULL ||
111 	    ah->maxpktsize == 0)
112 		return (-1);
113 	if (ntohs(*ah->dport) == FTP_CONTROL_PORT_NUMBER ||
114 	    ntohs(*ah->sport) == FTP_CONTROL_PORT_NUMBER)
115 		return (0);
116 	return (-1);
117 }
118 
119 static int
120 fingerprint_in(struct libalias *la, struct alias_data *ah)
121 {
122 	if (ah->dport == NULL || ah->sport == NULL || ah->lnk == NULL)
123 		return (-1);
124 	if (ntohs(*ah->dport) == FTP_CONTROL_PORT_NUMBER ||
125 	    ntohs(*ah->sport) == FTP_CONTROL_PORT_NUMBER)
126 		return (0);
127 	return (-1);
128 }
129 
130 static int
131 protohandler_out(struct libalias *la, struct ip *pip, struct alias_data *ah)
132 {
133 	AliasHandleFtpOut(la, pip, ah->lnk, ah->maxpktsize);
134 	return (0);
135 }
136 
137 static int
138 protohandler_in(struct libalias *la, struct ip *pip, struct alias_data *ah)
139 {
140 	AliasHandleFtpIn(la, pip, ah->lnk);
141 	return (0);
142 }
143 
144 struct proto_handler handlers[] = {
145 	{
146 	  .pri = 80,
147 	  .dir = OUT,
148 	  .proto = TCP,
149 	  .fingerprint = &fingerprint_out,
150 	  .protohandler = &protohandler_out
151 	},
152 	{
153 	  .pri = 80,
154 	  .dir = IN,
155 	  .proto = TCP,
156 	  .fingerprint = &fingerprint_in,
157 	  .protohandler = &protohandler_in
158 	},
159 	{ EOH }
160 };
161 
162 static int
163 mod_handler(module_t mod, int type, void *data)
164 {
165 	int error;
166 
167 	switch (type) {
168 	case MOD_LOAD:
169 		error = 0;
170 		LibAliasAttachHandlers(handlers);
171 		break;
172 	case MOD_UNLOAD:
173 		error = 0;
174 		LibAliasDetachHandlers(handlers);
175 		break;
176 	default:
177 		error = EINVAL;
178 	}
179 	return (error);
180 }
181 
182 #ifdef _KERNEL
183 static
184 #endif
185 moduledata_t alias_mod = {
186        "alias_ftp", mod_handler, NULL
187 };
188 
189 #ifdef _KERNEL
190 DECLARE_MODULE(alias_ftp, alias_mod, SI_SUB_DRIVERS, SI_ORDER_SECOND);
191 MODULE_VERSION(alias_ftp, 1);
192 MODULE_DEPEND(alias_ftp, libalias, 1, 1, 1);
193 #endif
194 
195 #define FTP_CONTROL_PORT_NUMBER 21
196 #define MAX_MESSAGE_SIZE	128
197 
198 /* FTP protocol flags. */
199 #define WAIT_CRLF		0x01
200 
201 enum ftp_message_type {
202 	FTP_PORT_COMMAND,
203 	FTP_EPRT_COMMAND,
204 	FTP_227_REPLY,
205 	FTP_229_REPLY,
206 	FTP_UNKNOWN_MESSAGE
207 };
208 
209 static int	ParseFtpPortCommand(struct libalias *la, char *, int);
210 static int	ParseFtpEprtCommand(struct libalias *la, char *, int);
211 static int	ParseFtp227Reply(struct libalias *la, char *, int);
212 static int	ParseFtp229Reply(struct libalias *la, char *, int);
213 static void	NewFtpMessage(struct libalias *la, struct ip *, struct alias_link *, int, int);
214 
215 static void
216 AliasHandleFtpOut(
217     struct libalias *la,
218     struct ip *pip,		/* IP packet to examine/patch */
219     struct alias_link *lnk,	/* The link to go through (aliased port) */
220     int maxpacketsize		/* The maximum size this packet can grow to
221 				   (including headers) */ )
222 {
223 	int hlen, tlen, dlen, pflags;
224 	char *sptr;
225 	struct tcphdr *tc;
226 	int ftp_message_type;
227 
228 	/* Calculate data length of TCP packet */
229 	tc = (struct tcphdr *)ip_next(pip);
230 	hlen = (pip->ip_hl + tc->th_off) << 2;
231 	tlen = ntohs(pip->ip_len);
232 	dlen = tlen - hlen;
233 
234 	/* Place string pointer and beginning of data */
235 	sptr = (char *)pip;
236 	sptr += hlen;
237 
238 	/*
239 	 * Check that data length is not too long and previous message was
240 	 * properly terminated with CRLF.
241 	 */
242 	pflags = GetProtocolFlags(lnk);
243 	if (dlen <= MAX_MESSAGE_SIZE && !(pflags & WAIT_CRLF)) {
244 		ftp_message_type = FTP_UNKNOWN_MESSAGE;
245 
246 		if (ntohs(tc->th_dport) == FTP_CONTROL_PORT_NUMBER) {
247 			/* When aliasing a client, check for the PORT/EPRT command. */
248 			if (ParseFtpPortCommand(la, sptr, dlen))
249 				ftp_message_type = FTP_PORT_COMMAND;
250 			else if (ParseFtpEprtCommand(la, sptr, dlen))
251 				ftp_message_type = FTP_EPRT_COMMAND;
252 		} else {
253 			/* When aliasing a server, check for the 227/229 reply. */
254 			if (ParseFtp227Reply(la, sptr, dlen))
255 				ftp_message_type = FTP_227_REPLY;
256 			else if (ParseFtp229Reply(la, sptr, dlen)) {
257 				ftp_message_type = FTP_229_REPLY;
258 				la->true_addr.s_addr = pip->ip_src.s_addr;
259 			}
260 		}
261 
262 		if (ftp_message_type != FTP_UNKNOWN_MESSAGE)
263 			NewFtpMessage(la, pip, lnk, maxpacketsize, ftp_message_type);
264 	}
265 
266 	/* Track the msgs which are CRLF term'd for PORT/PASV FW breach */
267 	if (dlen) {			/* only if there's data */
268 		sptr = (char *)pip;	/* start over at beginning */
269 		tlen = ntohs(pip->ip_len); /* recalc tlen, pkt may have grown */
270 		if (sptr[tlen - 2] == '\r' && sptr[tlen - 1] == '\n')
271 			pflags &= ~WAIT_CRLF;
272 		else
273 			pflags |= WAIT_CRLF;
274 		SetProtocolFlags(lnk, pflags);
275 	}
276 }
277 
278 static void
279 AliasHandleFtpIn(struct libalias *la,
280     struct ip *pip,		/* IP packet to examine/patch */
281     struct alias_link *lnk)	/* The link to go through (aliased port) */
282 {
283 	int hlen, tlen, dlen, pflags;
284 	char *sptr;
285 	struct tcphdr *tc;
286 
287 	/* Calculate data length of TCP packet */
288 	tc = (struct tcphdr *)ip_next(pip);
289 	hlen = (pip->ip_hl + tc->th_off) << 2;
290 	tlen = ntohs(pip->ip_len);
291 	dlen = tlen - hlen;
292 
293 	/* Place string pointer and beginning of data */
294 	sptr = (char *)pip;
295 	sptr += hlen;
296 
297 	/*
298 	 * Check that data length is not too long and previous message was
299 	 * properly terminated with CRLF.
300 	 */
301 	pflags = GetProtocolFlags(lnk);
302 	if (dlen <= MAX_MESSAGE_SIZE && (pflags & WAIT_CRLF) == 0 &&
303 	    ntohs(tc->th_dport) == FTP_CONTROL_PORT_NUMBER &&
304 	    (ParseFtpPortCommand(la, sptr, dlen) != 0 ||
305 	        ParseFtpEprtCommand(la, sptr, dlen) != 0)) {
306 		/*
307 		 * Alias active mode client requesting data from server
308 		 * behind NAT.  We need to alias server->client connection
309 		 * to external address client is connecting to.
310 		 */
311 		AddLink(la, GetOriginalAddress(lnk), la->true_addr,
312 		    GetAliasAddress(lnk), htons(FTP_CONTROL_PORT_NUMBER - 1),
313 		    htons(la->true_port), GET_ALIAS_PORT, IPPROTO_TCP);
314 	}
315 	/* Track the msgs which are CRLF term'd for PORT/PASV FW breach */
316 	if (dlen) {
317 		sptr = (char *)pip;		/* start over at beginning */
318 		tlen = ntohs(pip->ip_len);	/* recalc tlen, pkt may
319 						 * have grown. */
320 		if (sptr[tlen - 2] == '\r' && sptr[tlen - 1] == '\n')
321 			pflags &= ~WAIT_CRLF;
322 		else
323 			pflags |= WAIT_CRLF;
324 		SetProtocolFlags(lnk, pflags);
325        }
326 }
327 
328 static int
329 ParseFtpPortCommand(struct libalias *la, char *sptr, int dlen)
330 {
331 	char ch;
332 	int i, state;
333 	u_int32_t addr;
334 	u_short port;
335 	u_int8_t octet;
336 
337 	/* Format: "PORT A,D,D,R,PO,RT". */
338 
339 	/* Return if data length is too short. */
340 	if (dlen < 18)
341 		return (0);
342 
343 	if (strncasecmp("PORT ", sptr, 5))
344 		return (0);
345 
346 	addr = port = octet = 0;
347 	state = 0;
348 	for (i = 5; i < dlen; i++) {
349 		ch = sptr[i];
350 		switch (state) {
351 		case 0:
352 			if (isspace(ch))
353 				break;
354 			else
355 				state++;
356 		case 1:
357 		case 3:
358 		case 5:
359 		case 7:
360 		case 9:
361 		case 11:
362 			if (isdigit(ch)) {
363 				octet = ch - '0';
364 				state++;
365 			} else
366 				return (0);
367 			break;
368 		case 2:
369 		case 4:
370 		case 6:
371 		case 8:
372 			if (isdigit(ch))
373 				octet = 10 * octet + ch - '0';
374 			else if (ch == ',') {
375 				addr = (addr << 8) + octet;
376 				state++;
377 			} else
378 				return (0);
379 			break;
380 		case 10:
381 		case 12:
382 			if (isdigit(ch))
383 				octet = 10 * octet + ch - '0';
384 			else if (ch == ',' || state == 12) {
385 				port = (port << 8) + octet;
386 				state++;
387 			} else
388 				return (0);
389 			break;
390 		}
391 	}
392 
393 	if (state == 13) {
394 		la->true_addr.s_addr = htonl(addr);
395 		la->true_port = port;
396 		return (1);
397 	} else
398 		return (0);
399 }
400 
401 static int
402 ParseFtpEprtCommand(struct libalias *la, char *sptr, int dlen)
403 {
404 	char ch, delim;
405 	int i, state;
406 	u_int32_t addr;
407 	u_short port;
408 	u_int8_t octet;
409 
410 	/* Format: "EPRT |1|A.D.D.R|PORT|". */
411 
412 	/* Return if data length is too short. */
413 	if (dlen < 18)
414 		return (0);
415 
416 	if (strncasecmp("EPRT ", sptr, 5))
417 		return (0);
418 
419 	addr = port = octet = 0;
420 	delim = '|';		/* XXX gcc -Wuninitialized */
421 	state = 0;
422 	for (i = 5; i < dlen; i++) {
423 		ch = sptr[i];
424 		switch (state) {
425 		case 0:
426 			if (!isspace(ch)) {
427 				delim = ch;
428 				state++;
429 			}
430 			break;
431 		case 1:
432 			if (ch == '1')	/* IPv4 address */
433 				state++;
434 			else
435 				return (0);
436 			break;
437 		case 2:
438 			if (ch == delim)
439 				state++;
440 			else
441 				return (0);
442 			break;
443 		case 3:
444 		case 5:
445 		case 7:
446 		case 9:
447 			if (isdigit(ch)) {
448 				octet = ch - '0';
449 				state++;
450 			} else
451 				return (0);
452 			break;
453 		case 4:
454 		case 6:
455 		case 8:
456 		case 10:
457 			if (isdigit(ch))
458 				octet = 10 * octet + ch - '0';
459 			else if (ch == '.' || state == 10) {
460 				addr = (addr << 8) + octet;
461 				state++;
462 			} else
463 				return (0);
464 			break;
465 		case 11:
466 			if (isdigit(ch)) {
467 				port = ch - '0';
468 				state++;
469 			} else
470 				return (0);
471 			break;
472 		case 12:
473 			if (isdigit(ch))
474 				port = 10 * port + ch - '0';
475 			else if (ch == delim)
476 				state++;
477 			else
478 				return (0);
479 			break;
480 		}
481 	}
482 
483 	if (state == 13) {
484 		la->true_addr.s_addr = htonl(addr);
485 		la->true_port = port;
486 		return (1);
487 	} else
488 		return (0);
489 }
490 
491 static int
492 ParseFtp227Reply(struct libalias *la, char *sptr, int dlen)
493 {
494 	char ch;
495 	int i, state;
496 	u_int32_t addr;
497 	u_short port;
498 	u_int8_t octet;
499 
500 	/* Format: "227 Entering Passive Mode (A,D,D,R,PO,RT)" */
501 
502 	/* Return if data length is too short. */
503 	if (dlen < 17)
504 		return (0);
505 
506 	if (strncmp("227 ", sptr, 4))
507 		return (0);
508 
509 	addr = port = octet = 0;
510 
511 	state = 0;
512 	for (i = 4; i < dlen; i++) {
513 		ch = sptr[i];
514 		switch (state) {
515 		case 0:
516 			if (ch == '(')
517 				state++;
518 			break;
519 		case 1:
520 		case 3:
521 		case 5:
522 		case 7:
523 		case 9:
524 		case 11:
525 			if (isdigit(ch)) {
526 				octet = ch - '0';
527 				state++;
528 			} else
529 				return (0);
530 			break;
531 		case 2:
532 		case 4:
533 		case 6:
534 		case 8:
535 			if (isdigit(ch))
536 				octet = 10 * octet + ch - '0';
537 			else if (ch == ',') {
538 				addr = (addr << 8) + octet;
539 				state++;
540 			} else
541 				return (0);
542 			break;
543 		case 10:
544 		case 12:
545 			if (isdigit(ch))
546 				octet = 10 * octet + ch - '0';
547 			else if (ch == ',' || (state == 12 && ch == ')')) {
548 				port = (port << 8) + octet;
549 				state++;
550 			} else
551 				return (0);
552 			break;
553 		}
554 	}
555 
556 	if (state == 13) {
557 		la->true_port = port;
558 		la->true_addr.s_addr = htonl(addr);
559 		return (1);
560 	} else
561 		return (0);
562 }
563 
564 static int
565 ParseFtp229Reply(struct libalias *la, char *sptr, int dlen)
566 {
567 	char ch, delim;
568 	int i, state;
569 	u_short port;
570 
571 	/* Format: "229 Entering Extended Passive Mode (|||PORT|)" */
572 
573 	/* Return if data length is too short. */
574 	if (dlen < 11)
575 		return (0);
576 
577 	if (strncmp("229 ", sptr, 4))
578 		return (0);
579 
580 	port = 0;
581 	delim = '|';		/* XXX gcc -Wuninitialized */
582 
583 	state = 0;
584 	for (i = 4; i < dlen; i++) {
585 		ch = sptr[i];
586 		switch (state) {
587 		case 0:
588 			if (ch == '(')
589 				state++;
590 			break;
591 		case 1:
592 			delim = ch;
593 			state++;
594 			break;
595 		case 2:
596 		case 3:
597 			if (ch == delim)
598 				state++;
599 			else
600 				return (0);
601 			break;
602 		case 4:
603 			if (isdigit(ch)) {
604 				port = ch - '0';
605 				state++;
606 			} else
607 				return (0);
608 			break;
609 		case 5:
610 			if (isdigit(ch))
611 				port = 10 * port + ch - '0';
612 			else if (ch == delim)
613 				state++;
614 			else
615 				return (0);
616 			break;
617 		case 6:
618 			if (ch == ')')
619 				state++;
620 			else
621 				return (0);
622 			break;
623 		}
624 	}
625 
626 	if (state == 7) {
627 		la->true_port = port;
628 		return (1);
629 	} else
630 		return (0);
631 }
632 
633 static void
634 NewFtpMessage(struct libalias *la, struct ip *pip,
635     struct alias_link *lnk,
636     int maxpacketsize,
637     int ftp_message_type)
638 {
639 	struct alias_link *ftp_lnk;
640 
641 	/* Security checks. */
642 	if (pip->ip_src.s_addr != la->true_addr.s_addr)
643 		return;
644 
645 	if (la->true_port < IPPORT_RESERVED)
646 		return;
647 
648 	/* Establish link to address and port found in FTP control message. */
649 	ftp_lnk = AddLink(la, la->true_addr, GetDestAddress(lnk),
650 	    GetAliasAddress(lnk), htons(la->true_port), 0, GET_ALIAS_PORT,
651 	    IPPROTO_TCP);
652 
653 	if (ftp_lnk != NULL) {
654 		int slen, hlen, tlen, dlen;
655 		struct tcphdr *tc;
656 
657 #ifndef NO_FW_PUNCH
658 		/* Punch hole in firewall */
659 		PunchFWHole(ftp_lnk);
660 #endif
661 
662 		/* Calculate data length of TCP packet */
663 		tc = (struct tcphdr *)ip_next(pip);
664 		hlen = (pip->ip_hl + tc->th_off) << 2;
665 		tlen = ntohs(pip->ip_len);
666 		dlen = tlen - hlen;
667 
668 		/* Create new FTP message. */
669 		{
670 			char stemp[MAX_MESSAGE_SIZE + 1];
671 			char *sptr;
672 			u_short alias_port;
673 			u_char *ptr;
674 			int a1, a2, a3, a4, p1, p2;
675 			struct in_addr alias_address;
676 
677 			/* Decompose alias address into quad format */
678 			alias_address = GetAliasAddress(lnk);
679 			ptr = (u_char *)&alias_address.s_addr;
680 			a1 = *ptr++;
681 			a2 = *ptr++;
682 			a3 = *ptr++;
683 			a4 = *ptr;
684 
685 			alias_port = GetAliasPort(ftp_lnk);
686 
687 			/* Prepare new command */
688 			switch (ftp_message_type) {
689 			case FTP_PORT_COMMAND:
690 			case FTP_227_REPLY:
691 				/* Decompose alias port into pair format. */
692 				ptr = (char *)&alias_port;
693 				p1 = *ptr++;
694 				p2 = *ptr;
695 
696 				if (ftp_message_type == FTP_PORT_COMMAND) {
697 					/* Generate PORT command string. */
698 					sprintf(stemp, "PORT %d,%d,%d,%d,%d,%d\r\n",
699 					    a1, a2, a3, a4, p1, p2);
700 				} else {
701 					/* Generate 227 reply string. */
702 					sprintf(stemp,
703 					    "227 Entering Passive Mode (%d,%d,%d,%d,%d,%d)\r\n",
704 					    a1, a2, a3, a4, p1, p2);
705 				}
706 				break;
707 			case FTP_EPRT_COMMAND:
708 				/* Generate EPRT command string. */
709 				sprintf(stemp, "EPRT |1|%d.%d.%d.%d|%d|\r\n",
710 				    a1, a2, a3, a4, ntohs(alias_port));
711 				break;
712 			case FTP_229_REPLY:
713 				/* Generate 229 reply string. */
714 				sprintf(stemp, "229 Entering Extended Passive Mode (|||%d|)\r\n",
715 				    ntohs(alias_port));
716 				break;
717 			}
718 
719 			/* Save string length for IP header modification */
720 			slen = strlen(stemp);
721 
722 			/* Copy modified buffer into IP packet. */
723 			sptr = (char *)pip;
724 			sptr += hlen;
725 			strncpy(sptr, stemp, maxpacketsize - hlen);
726 		}
727 
728 		/* Save information regarding modified seq and ack numbers */
729 		{
730 			int delta;
731 
732 			SetAckModified(lnk);
733 			tc = (struct tcphdr *)ip_next(pip);
734 			delta = GetDeltaSeqOut(tc->th_seq, lnk);
735 			AddSeq(lnk, delta + slen - dlen, pip->ip_hl,
736 			    pip->ip_len, tc->th_seq, tc->th_off);
737 		}
738 
739 		/* Revise IP header */
740 		{
741 			u_short new_len;
742 
743 			new_len = htons(hlen +
744 			    MIN(slen, maxpacketsize - hlen));
745 			DifferentialChecksum(&pip->ip_sum,
746 			    &new_len,
747 			    &pip->ip_len,
748 			    1);
749 			pip->ip_len = new_len;
750 		}
751 
752 		/* Compute TCP checksum for revised packet */
753 		tc->th_sum = 0;
754 #ifdef _KERNEL
755 		tcp_set_flags(tc, tcp_get_flags(tc) | TH_RES1);
756 #else
757 		tc->th_sum = TcpChecksum(pip);
758 #endif
759 	} else {
760 #ifdef LIBALIAS_DEBUG
761 		fprintf(stderr,
762 		    "PacketAlias/HandleFtpOut: Cannot allocate FTP data port\n");
763 #endif
764 	}
765 }
766