1 /* 2 Alias_ftp.c performs special processing for FTP sessions under 3 TCP. Specifically, when a PORT command from the client side 4 is sent, it is intercepted and modified. The address is changed 5 to the gateway machine and an aliasing port is used. 6 7 For this routine to work, the PORT command must fit entirely 8 into a single TCP packet. This is typically the case, but exceptions 9 can easily be envisioned under the actual specifications. 10 11 Probably the most troubling aspect of the approach taken here is 12 that the new PORT command will typically be a different length, and 13 this causes a certain amount of bookkeeping to keep track of the 14 changes of sequence and acknowledgment numbers, since the client 15 machine is totally unaware of the modification to the TCP stream. 16 17 18 This software is placed into the public domain with no restrictions 19 on its distribution. 20 21 Initial version: August, 1996 (cjm) 22 23 Version 1.6 24 Brian Somers and Martin Renters identified an IP checksum 25 error for modified IP packets. 26 27 Version 1.7: January 9, 1996 (cjm) 28 Differental checksum computation for change 29 in IP packet length. 30 31 Version 2.1: May, 1997 (cjm) 32 Very minor changes to conform with 33 local/global/function naming conventions 34 withing the packet alising module. 35 */ 36 37 /* Includes */ 38 #include <ctype.h> 39 #include <stdio.h> 40 #include <string.h> 41 #include <sys/types.h> 42 #include <netinet/in_systm.h> 43 #include <netinet/in.h> 44 #include <netinet/ip.h> 45 #include <netinet/tcp.h> 46 47 #include "alias_local.h" 48 49 static void NewFtpPortCommand(struct ip *, struct alias_link *, struct in_addr, u_short, int); 50 51 52 53 void 54 AliasHandleFtpOut( 55 struct ip *pip, /* IP packet to examine/patch */ 56 struct alias_link *link, /* The link to go through (aliased port) */ 57 int maxpacketsize /* The maximum size this packet can grow to (including headers) */) 58 { 59 int hlen, tlen, dlen; 60 struct in_addr true_addr; 61 u_short true_port; 62 char *sptr; 63 struct tcphdr *tc; 64 65 /* Calculate data length of TCP packet */ 66 tc = (struct tcphdr *) ((char *) pip + (pip->ip_hl << 2)); 67 hlen = (pip->ip_hl + tc->th_off) << 2; 68 tlen = ntohs(pip->ip_len); 69 dlen = tlen - hlen; 70 71 /* Return is data length is too long or too short */ 72 if (dlen<10 || dlen>80) 73 return; 74 75 /* Place string pointer and beginning of data */ 76 sptr = (char *) pip; 77 sptr += hlen; 78 79 /* Parse through string using state diagram method */ 80 { 81 char ch, zero; 82 int i, state; 83 u_long a1, a2, a3, a4; 84 u_short p1, p2; 85 86 a1=0; a2=0; a3=0; a4=0; p1=0; p2=0; 87 zero = '0'; 88 state=-4; 89 for (i=0; i<dlen; i++) 90 { 91 ch = sptr[i]; 92 switch (state) 93 { 94 case -4: if (ch == 'P') state=-3; else return; break; 95 case -3: if (ch == 'O') state=-2; else return; break; 96 case -2: if (ch == 'R') state=-1; else return; break; 97 case -1: if (ch == 'T') state= 0; else return; break; 98 99 case 0 : 100 if (isdigit(ch)) {a1=ch-zero; state=1 ;} break; 101 case 1 : 102 if (isdigit(ch)) a1=10*a1+ch-zero; else state=2 ; break; 103 case 2 : 104 if (isdigit(ch)) {a2=ch-zero; state=3 ;} break; 105 case 3 : 106 if (isdigit(ch)) a2=10*a2+ch-zero; else state=4 ; break; 107 case 4 : 108 if (isdigit(ch)) {a3=ch-zero; state=5 ;} break; 109 case 5 : 110 if (isdigit(ch)) a3=10*a3+ch-zero; else state=6 ; break; 111 case 6 : 112 if (isdigit(ch)) {a4=ch-zero; state=7 ;} break; 113 case 7 : 114 if (isdigit(ch)) a4=10*a4+ch-zero; else state=8 ; break; 115 case 8 : 116 if (isdigit(ch)) {p1=ch-zero; state=9 ;} break; 117 case 9 : 118 if (isdigit(ch)) p1=10*p1+ch-zero; else state=10; break; 119 case 10: 120 if (isdigit(ch)) {p2=ch-zero; state=11;} break; 121 case 11: 122 if (isdigit(ch)) p2=10*p2+ch-zero; break; 123 } 124 } 125 126 if (state == 11) 127 { 128 true_port = htons((p1<<8) + p2); 129 true_addr.s_addr = htonl((a1<<24) + (a2<<16) +(a3<<8) + a4); 130 NewFtpPortCommand(pip, link, true_addr, true_port, maxpacketsize); 131 } 132 } 133 } 134 135 static void 136 NewFtpPortCommand(struct ip *pip, 137 struct alias_link *link, 138 struct in_addr true_addr, 139 u_short true_port, 140 int maxpacketsize) 141 { 142 struct alias_link *ftp_link; 143 144 /* Establish link to address and port found in PORT command */ 145 ftp_link = FindUdpTcpOut(true_addr, GetDestAddress(link), 146 true_port, 0, IPPROTO_TCP); 147 148 if (ftp_link != NULL) 149 { 150 int slen, hlen, tlen, dlen; 151 struct tcphdr *tc; 152 153 /* Calculate data length of TCP packet */ 154 tc = (struct tcphdr *) ((char *) pip + (pip->ip_hl << 2)); 155 hlen = (pip->ip_hl + tc->th_off) << 2; 156 tlen = ntohs(pip->ip_len); 157 dlen = tlen - hlen; 158 159 /* Create new PORT command */ 160 { 161 char stemp[80]; 162 char *sptr; 163 u_short alias_port; 164 u_char *ptr; 165 int a1, a2, a3, a4, p1, p2; 166 struct in_addr alias_address; 167 168 /* Decompose alias address into quad format */ 169 alias_address = GetAliasAddress(link); 170 ptr = (char *) &alias_address; 171 a1 = *ptr++; a2=*ptr++; a3=*ptr++; a4=*ptr; 172 173 /* Decompose alias port into pair format */ 174 alias_port = GetAliasPort(ftp_link); 175 ptr = (char *) &alias_port; 176 p1 = *ptr++; p2=*ptr; 177 178 /* Generate command string */ 179 sprintf(stemp, "PORT %d,%d,%d,%d,%d,%d\r\n", 180 a1,a2,a3,a4,p1,p2); 181 182 /* Save string length for IP header modification */ 183 slen = strlen(stemp); 184 185 /* Copy into IP packet */ 186 sptr = (char *) pip; sptr += hlen; 187 strncpy(sptr, stemp, maxpacketsize-hlen); 188 } 189 190 /* Save information regarding modified seq and ack numbers */ 191 { 192 int delta; 193 194 SetAckModified(link); 195 delta = GetDeltaSeqOut(pip, link); 196 AddSeq(pip, link, delta+slen-dlen); 197 } 198 199 /* Revise IP header */ 200 { 201 u_short new_len; 202 203 new_len = htons(hlen + slen); 204 DifferentialChecksum(&pip->ip_sum, 205 &new_len, 206 &pip->ip_len, 207 1); 208 pip->ip_len = new_len; 209 } 210 211 /* Compute TCP checksum for revised packet */ 212 tc->th_sum = 0; 213 tc->th_sum = TcpChecksum(pip); 214 } 215 else 216 { 217 fprintf(stderr, 218 "PacketAlias/HandleFtpOut: Cannot allocate FTP data port\n"); 219 } 220 } 221