xref: /freebsd/usr.sbin/ppp/nat_cmd.c (revision daf1cffce2e07931f27c6c6998652e90df6ba87e) 
1 /*-
2  * The code in this file was written by Eivind Eklund <perhaps@yes.no>,
3  * who places it in the public domain without restriction.
4  *
5  * $FreeBSD$
6  */
7 
8 #include <sys/param.h>
9 #include <netinet/in.h>
10 #include <arpa/inet.h>
11 #include <netdb.h>
12 #include <netinet/in_systm.h>
13 #include <netinet/in.h>
14 #include <netinet/ip.h>
15 #include <sys/un.h>
16 
17 #include <stdio.h>
18 #include <stdlib.h>
19 #include <string.h>
20 #include <termios.h>
21 
22 #ifdef __FreeBSD__
23 #include <alias.h>
24 #else
25 #include "alias.h"
26 #endif
27 #include "layer.h"
28 #include "proto.h"
29 #include "defs.h"
30 #include "command.h"
31 #include "log.h"
32 #include "nat_cmd.h"
33 #include "descriptor.h"
34 #include "prompt.h"
35 #include "timer.h"
36 #include "fsm.h"
37 #include "slcompress.h"
38 #include "throughput.h"
39 #include "iplist.h"
40 #include "mbuf.h"
41 #include "lqr.h"
42 #include "hdlc.h"
43 #include "ipcp.h"
44 #include "lcp.h"
45 #include "ccp.h"
46 #include "link.h"
47 #include "mp.h"
48 #include "filter.h"
49 #ifndef NORADIUS
50 #include "radius.h"
51 #endif
52 #include "bundle.h"
53 
54 
55 #define NAT_EXTRABUF (13)
56 
57 static int StrToAddr(const char *, struct in_addr *);
58 static int StrToPortRange(const char *, u_short *, u_short *, const char *);
59 static int StrToAddrAndPort(const char *, struct in_addr *, u_short *,
60                             u_short *, const char *);
61 
62 static void
63 lowhigh(u_short *a, u_short *b)
64 {
65   if (a > b) {
66     u_short c;
67 
68     c = *b;
69     *b = *a;
70     *a = c;
71   }
72 }
73 
74 int
75 nat_RedirectPort(struct cmdargs const *arg)
76 {
77   if (!arg->bundle->NatEnabled) {
78     prompt_Printf(arg->prompt, "Alias not enabled\n");
79     return 1;
80   } else if (arg->argc == arg->argn + 3 || arg->argc == arg->argn + 4) {
81     char proto_constant;
82     const char *proto;
83     struct in_addr localaddr;
84     u_short hlocalport, llocalport;
85     struct in_addr aliasaddr;
86     u_short haliasport, laliasport;
87     struct in_addr remoteaddr;
88     u_short hremoteport, lremoteport;
89     struct alias_link *link;
90     int error;
91 
92     proto = arg->argv[arg->argn];
93     if (strcmp(proto, "tcp") == 0) {
94       proto_constant = IPPROTO_TCP;
95     } else if (strcmp(proto, "udp") == 0) {
96       proto_constant = IPPROTO_UDP;
97     } else {
98       prompt_Printf(arg->prompt, "port redirect: protocol must be"
99                     " tcp or udp\n");
100       return -1;
101     }
102 
103     error = StrToAddrAndPort(arg->argv[arg->argn+1], &localaddr, &llocalport,
104                              &hlocalport, proto);
105     if (error) {
106       prompt_Printf(arg->prompt, "nat port: error reading localaddr:port\n");
107       return -1;
108     }
109 
110     error = StrToPortRange(arg->argv[arg->argn+2], &laliasport, &haliasport,
111                            proto);
112     if (error) {
113       prompt_Printf(arg->prompt, "nat port: error reading alias port\n");
114       return -1;
115     }
116     aliasaddr.s_addr = INADDR_ANY;
117 
118     if (arg->argc == arg->argn + 4) {
119       error = StrToAddrAndPort(arg->argv[arg->argn+3], &remoteaddr,
120                                &lremoteport, &hremoteport, proto);
121       if (error) {
122         prompt_Printf(arg->prompt, "nat port: error reading "
123                       "remoteaddr:port\n");
124         return -1;
125       }
126     } else {
127       remoteaddr.s_addr = INADDR_ANY;
128       lremoteport = hremoteport = 0;
129     }
130 
131     lowhigh(&llocalport, &hlocalport);
132     lowhigh(&laliasport, &haliasport);
133     lowhigh(&lremoteport, &hremoteport);
134 
135     if (haliasport - laliasport != hlocalport - llocalport) {
136       prompt_Printf(arg->prompt, "nat port: local & alias port ranges "
137                     "are not equal\n");
138       return -1;
139     }
140 
141     if (hremoteport && hremoteport - lremoteport != hlocalport - llocalport) {
142       prompt_Printf(arg->prompt, "nat port: local & remote port ranges "
143                     "are not equal\n");
144       return -1;
145     }
146 
147     while (laliasport <= haliasport) {
148       link = PacketAliasRedirectPort(localaddr, htons(llocalport),
149 				     remoteaddr, htons(lremoteport),
150                                      aliasaddr, htons(laliasport),
151 				     proto_constant);
152 
153       if (link == NULL) {
154         prompt_Printf(arg->prompt, "nat port: %d: error %d\n", laliasport,
155                       error);
156         return 1;
157       }
158       llocalport++;
159       laliasport++;
160       if (hremoteport)
161         lremoteport++;
162     }
163 
164     return 0;
165   }
166 
167   return -1;
168 }
169 
170 
171 int
172 nat_RedirectAddr(struct cmdargs const *arg)
173 {
174   if (!arg->bundle->NatEnabled) {
175     prompt_Printf(arg->prompt, "nat not enabled\n");
176     return 1;
177   } else if (arg->argc == arg->argn+2) {
178     int error;
179     struct in_addr localaddr, aliasaddr;
180     struct alias_link *link;
181 
182     error = StrToAddr(arg->argv[arg->argn], &localaddr);
183     if (error) {
184       prompt_Printf(arg->prompt, "address redirect: invalid local address\n");
185       return 1;
186     }
187     error = StrToAddr(arg->argv[arg->argn+1], &aliasaddr);
188     if (error) {
189       prompt_Printf(arg->prompt, "address redirect: invalid alias address\n");
190       prompt_Printf(arg->prompt, "Usage: nat %s %s\n", arg->cmd->name,
191                     arg->cmd->syntax);
192       return 1;
193     }
194     link = PacketAliasRedirectAddr(localaddr, aliasaddr);
195     if (link == NULL) {
196       prompt_Printf(arg->prompt, "address redirect: packet aliasing"
197                     " engine error\n");
198       prompt_Printf(arg->prompt, "Usage: nat %s %s\n", arg->cmd->name,
199                     arg->cmd->syntax);
200     }
201   } else
202     return -1;
203 
204   return 0;
205 }
206 
207 
208 static int
209 StrToAddr(const char *str, struct in_addr *addr)
210 {
211   struct hostent *hp;
212 
213   if (inet_aton(str, addr))
214     return 0;
215 
216   hp = gethostbyname(str);
217   if (!hp) {
218     log_Printf(LogWARN, "StrToAddr: Unknown host %s.\n", str);
219     return -1;
220   }
221   *addr = *((struct in_addr *) hp->h_addr);
222   return 0;
223 }
224 
225 
226 static int
227 StrToPort(const char *str, u_short *port, const char *proto)
228 {
229   struct servent *sp;
230   char *end;
231 
232   *port = strtol(str, &end, 10);
233   if (*end != '\0') {
234     sp = getservbyname(str, proto);
235     if (sp == NULL) {
236       log_Printf(LogWARN, "StrToAddr: Unknown port or service %s/%s.\n",
237 	        str, proto);
238       return -1;
239     }
240     *port = ntohs(sp->s_port);
241   }
242 
243   return 0;
244 }
245 
246 static int
247 StrToPortRange(const char *str, u_short *low, u_short *high, const char *proto)
248 {
249   char *minus;
250   int res;
251 
252   minus = strchr(str, '-');
253   if (minus)
254     *minus = '\0';		/* Cheat the const-ness ! */
255 
256   res = StrToPort(str, low, proto);
257 
258   if (minus)
259     *minus = '-';		/* Cheat the const-ness ! */
260 
261   if (res == 0) {
262     if (minus)
263       res = StrToPort(minus + 1, high, proto);
264     else
265       *high = *low;
266   }
267 
268   return res;
269 }
270 
271 static int
272 StrToAddrAndPort(const char *str, struct in_addr *addr, u_short *low,
273                  u_short *high, const char *proto)
274 {
275   char *colon;
276   int res;
277 
278   colon = strchr(str, ':');
279   if (!colon) {
280     log_Printf(LogWARN, "StrToAddrAndPort: %s is missing port number.\n", str);
281     return -1;
282   }
283 
284   *colon = '\0';		/* Cheat the const-ness ! */
285   res = StrToAddr(str, addr);
286   *colon = ':';			/* Cheat the const-ness ! */
287   if (res != 0)
288     return -1;
289 
290   return StrToPortRange(colon + 1, low, high, proto);
291 }
292 
293 int
294 nat_ProxyRule(struct cmdargs const *arg)
295 {
296   char cmd[LINE_LEN];
297   int f, pos;
298   size_t len;
299 
300   if (arg->argn >= arg->argc)
301     return -1;
302 
303   for (f = arg->argn, pos = 0; f < arg->argc; f++) {
304     len = strlen(arg->argv[f]);
305     if (sizeof cmd - pos < len + (f ? 1 : 0))
306       break;
307     if (f)
308       cmd[pos++] = ' ';
309     strcpy(cmd + pos, arg->argv[f]);
310     pos += len;
311   }
312 
313   return PacketAliasProxyRule(cmd);
314 }
315 
316 int
317 nat_Pptp(struct cmdargs const *arg)
318 {
319   struct in_addr addr;
320 
321   if (arg->argc == arg->argn) {
322     addr.s_addr = INADDR_NONE;
323     PacketAliasPptp(addr);
324     return 0;
325   }
326 
327   if (arg->argc != arg->argn + 1)
328     return -1;
329 
330   addr = GetIpAddr(arg->argv[arg->argn]);
331   if (addr.s_addr == INADDR_NONE) {
332     log_Printf(LogWARN, "%s: invalid address\n", arg->argv[arg->argn]);
333     return 1;
334   }
335 
336   PacketAliasPptp(addr);
337   return 0;
338 }
339 
340 static struct mbuf *
341 nat_LayerPush(struct bundle *bundle, struct link *l, struct mbuf *bp,
342                 int pri, u_short *proto)
343 {
344   if (!bundle->NatEnabled || *proto != PROTO_IP)
345     return bp;
346 
347   log_Printf(LogDEBUG, "nat_LayerPush: PROTO_IP -> PROTO_IP\n");
348   m_settype(bp, MB_NATOUT);
349   /* Ensure there's a bit of extra buffer for the NAT code... */
350   bp = m_pullup(m_append(bp, NULL, NAT_EXTRABUF));
351   PacketAliasOut(MBUF_CTOP(bp), bp->m_len);
352   bp->m_len = ntohs(((struct ip *)MBUF_CTOP(bp))->ip_len);
353 
354   return bp;
355 }
356 
357 static struct mbuf *
358 nat_LayerPull(struct bundle *bundle, struct link *l, struct mbuf *bp,
359                 u_short *proto)
360 {
361   struct ip *pip, *piip;
362   int ret, len;
363   struct mbuf **last;
364   char *fptr;
365 
366   if (!bundle->NatEnabled || *proto != PROTO_IP)
367     return bp;
368 
369   log_Printf(LogDEBUG, "nat_LayerPull: PROTO_IP -> PROTO_IP\n");
370   m_settype(bp, MB_NATIN);
371   bp = m_pullup(bp);
372   pip = (struct ip *)MBUF_CTOP(bp);
373   piip = (struct ip *)((char *)pip + (pip->ip_hl << 2));
374 
375   if (pip->ip_p == IPPROTO_IGMP ||
376       (pip->ip_p == IPPROTO_IPIP && IN_CLASSD(ntohl(piip->ip_dst.s_addr))))
377     return bp;
378 
379   /* Ensure there's a bit of extra buffer for the NAT code... */
380   bp = m_pullup(m_append(bp, NULL, NAT_EXTRABUF));
381   ret = PacketAliasIn(MBUF_CTOP(bp), bp->m_len);
382 
383   bp->m_len = ntohs(pip->ip_len);
384   if (bp->m_len > MAX_MRU) {
385     log_Printf(LogWARN, "nat_LayerPull: Problem with IP header length (%d)\n",
386                bp->m_len);
387     m_freem(bp);
388     return NULL;
389   }
390 
391   switch (ret) {
392     case PKT_ALIAS_OK:
393       break;
394 
395     case PKT_ALIAS_UNRESOLVED_FRAGMENT:
396       /* Save the data for later */
397       fptr = malloc(bp->m_len);
398       bp = mbuf_Read(bp, fptr, bp->m_len);
399       PacketAliasSaveFragment(fptr);
400       break;
401 
402     case PKT_ALIAS_FOUND_HEADER_FRAGMENT:
403       /* Fetch all the saved fragments and chain them on the end of `bp' */
404       last = &bp->m_nextpkt;
405       while ((fptr = PacketAliasGetFragment(MBUF_CTOP(bp))) != NULL) {
406 	PacketAliasFragmentIn(MBUF_CTOP(bp), fptr);
407         len = ntohs(((struct ip *)fptr)->ip_len);
408         *last = m_get(len, MB_NATIN);
409         memcpy(MBUF_CTOP(*last), fptr, len);
410         free(fptr);
411         last = &(*last)->m_nextpkt;
412       }
413       break;
414 
415     default:
416       m_freem(bp);
417       bp = NULL;
418       break;
419   }
420 
421   return bp;
422 }
423 
424 struct layer natlayer =
425   { LAYER_NAT, "nat", nat_LayerPush, nat_LayerPull };
426