/* * Entry point * ret value: * <0 err * ==0 ok * >0 ok, copy to user */ static int ip_masq_user_ctl(int optname, struct ip_masq_ctl *mctl, int optlen) { struct ip_masq_user *ums = &mctl->u.user; int ret = EINVAL; int arglen = optlen - IP_MASQ_CTL_BSIZE; int cmd; IP_MASQ_DEBUG(1-debug, "ip_masq_user_ctl(len=%d/%d|%d/%d)\n", arglen, sizeof (*ums), optlen, sizeof (*mctl)); /* * Yes, I'm a bad guy ... */ if (arglen != sizeof(*ums) && optlen != sizeof(*mctl)) return EINVAL; MOD_INC_USE_COUNT; /* * Don't trust the lusers - plenty of error checking! */ cmd = mctl->m_cmd; IP_MASQ_DEBUG(1-debug, "ip_masq_user_ctl(cmd=%d)\n", cmd); switch (mctl->m_cmd) { case IP_MASQ_CMD_ADD: case IP_MASQ_CMD_INSERT: ret = ip_masq_user_new(ums); break; case IP_MASQ_CMD_DEL: ret = ip_masq_user_del(ums); break; case IP_MASQ_CMD_SET: ret = ip_masq_user_set(ums); break; case IP_MASQ_CMD_GET: ret = ip_masq_user_get(ums); break; } /* * For all of the above, return masq tunnel info */ ret = -ret; if (ret == 0) { ret = sizeof (*ums) + IP_MASQ_CTL_BSIZE; IP_MASQ_DEBUG(1-debug, "will return %d bytes to user\n", ret); } MOD_DEC_USE_COUNT; return ret; }
static int ip_masq_user_maddr(struct ip_masq_user *ums) { struct device *dev; struct rtable *rt; int ret = -EINVAL; u32 rt_daddr, rt_saddr; u32 tos; /* * Did specify masq address. */ if (ums->maddr) return 0; /* * Select address to use for routing query */ rt_daddr = ums->rt_daddr? ums->rt_daddr : ums->daddr; rt_saddr = ums->rt_saddr? ums->rt_saddr : ums->saddr; /* * No address for routing, cannot continue */ if (rt_daddr == 0) { IP_MASQ_DEBUG(1-debug, "cannot setup maddr with daddr=%lX, rt_addr=%lX\n", ntohl(ums->daddr), ntohl(ums->rt_daddr)); return -EINVAL; } /* * Find out rt device */ rt_saddr = 0; tos = RT_TOS(ums->ip_tos) | RTO_CONN; if ((ret=ip_route_output(&rt, rt_daddr, rt_saddr, tos, 0 /* dev */))) { IP_MASQ_DEBUG(0-debug, "could not setup maddr for routing daddr=%lX, saddr=%lX\n", ntohl(rt_daddr), ntohl(rt_saddr)); return ret; } dev = rt->u.dst.dev; ums->maddr = ip_masq_select_addr(dev, rt->rt_gateway, RT_SCOPE_UNIVERSE); IP_MASQ_DEBUG(1-debug, "did setup maddr=%lX\n", ntohl(ums->maddr)); ip_rt_put(rt); return 0; }
/* * Module control entry */ int ip_masq_mod_ctl(int optname, struct ip_masq_ctl *mctl, int optlen) { struct ip_masq_mod * mmod; #ifdef CONFIG_KMOD char kmod_name[IP_MASQ_TNAME_MAX+8]; #endif /* tappo */ mctl->m_tname[IP_MASQ_TNAME_MAX-1] = 0; mmod = ip_masq_mod_getbyname(mctl->m_tname); if (mmod) return mmod->mmod_ctl(optname, mctl, optlen); #ifdef CONFIG_KMOD sprintf(kmod_name,"ip_masq_%s", mctl->m_tname); IP_MASQ_DEBUG(1, "About to request \"%s\" module\n", kmod_name); /* * Let sleep for a while ... */ request_module(kmod_name); mmod = ip_masq_mod_getbyname(mctl->m_tname); if (mmod) return mmod->mmod_ctl(optname, mctl, optlen); #endif return ESRCH; }
__initfunc(int ip_masq_irc_init(void)) { int i, j; for (i=0; (i<MAX_MASQ_APP_PORTS); i++) { if (ports[i]) { if ((masq_incarnations[i] = kmalloc(sizeof(struct ip_masq_app), GFP_KERNEL)) == NULL) return -ENOMEM; memcpy(masq_incarnations[i], &ip_masq_irc, sizeof(struct ip_masq_app)); if ((j = register_ip_masq_app(masq_incarnations[i], IPPROTO_TCP, ports[i]))) { return j; } IP_MASQ_DEBUG(1-debug, "Irc: loaded support on port[%d] = %d\n", i, ports[i]); } else { /* To be safe, force the incarnation table entry to NULL */ masq_incarnations[i] = NULL; } } return 0; }
struct ip_masq_mod * ip_masq_mod_getbyname(const char *mmod_name) { struct ip_masq_mod * mmod; IP_MASQ_DEBUG(1, "searching mmod_name \"%s\"\n", mmod_name); for (mmod=ip_masq_mod_reg_base; mmod ; mmod=mmod->next_reg) { if (mmod->mmod_ctl && *(mmod_name) && (strcmp(mmod_name, mmod->mmod_name)==0)) { /* HIT */ return mmod; } } return NULL; }
int ip_masq_ftp_done(void) { int i, j, k; k=0; for (i=0; (i<MAX_MASQ_APP_PORTS); i++) { if (masq_incarnations[i]) { if ((j = unregister_ip_masq_app(masq_incarnations[i]))) { k = j; } else { kfree(masq_incarnations[i]); masq_incarnations[i] = NULL; IP_MASQ_DEBUG(1-debug, "Ftp: unloaded support on port[%d] = %d\n", i, ports[i]); } } } return k; }
static int ip_masq_user_info(char *buffer, char **start, off_t offset, int length, int proto) { off_t pos=0, begin; struct ip_masq *ms; char temp[129]; int idx = 0; int len=0; int magic_control; MOD_INC_USE_COUNT; IP_MASQ_DEBUG(1-debug, "Entered user_info with proto=%d\n", proto); if (offset < 128) { sprintf(temp, "Prot SrcIP SPrt DstIP DPrt MAddr MPrt State Flgs Ref Ctl Expires (free=%d,%d,%d)", atomic_read(ip_masq_free_ports), atomic_read(ip_masq_free_ports+1), atomic_read(ip_masq_free_ports+2)); len = sprintf(buffer, "%-127s\n", temp); } pos = 128; for(idx = 0; idx < IP_MASQ_TAB_SIZE; idx++) { /* * Lock is actually only need in next loop * we are called from uspace: must stop bh. */ read_lock_bh(&__ip_masq_lock); for(ms = ip_masq_m_tab[idx]; ms ; ms = ms->m_link) { if (ms->protocol != proto) { continue; } pos += 128; if (pos <= offset) { len = 0; continue; } /* * We have locked the tables, no need to del/add timers * nor cli() 8) */ magic_control = atomic_read(&ms->n_control); if (!magic_control && ms->control) magic_control = -1; sprintf(temp,"%-4s %08lX:%04X %08lX:%04X %08lX:%04X %-12s %3X %4d %3d %7lu", masq_proto_name(ms->protocol), ntohl(ms->saddr), ntohs(ms->sport), ntohl(ms->daddr), ntohs(ms->dport), ntohl(ms->maddr), ntohs(ms->mport), ip_masq_state_name(ms->state), ms->flags, atomic_read(&ms->refcnt), magic_control, (ms->timer.expires-jiffies)/HZ); len += sprintf(buffer+len, "%-127s\n", temp); if(len >= length) { read_unlock_bh(&__ip_masq_lock); goto done; } } read_unlock_bh(&__ip_masq_lock); } done: if (len) { begin = len - (pos - offset); *start = buffer + begin; len -= begin; } if(len>length) len = length; MOD_DEC_USE_COUNT; return len; }
int masq_ftp_out (struct ip_masq_app *mapp, struct ip_masq *ms, struct sk_buff **skb_p, __u32 maddr) { struct sk_buff *skb; struct iphdr *iph; struct tcphdr *th; char *p, *data, *data_limit; unsigned char p1,p2,p3,p4,p5,p6; __u32 from; __u16 port; struct ip_masq *n_ms; char buf[24]; /* xxx.xxx.xxx.xxx,ppp,ppp\000 */ unsigned buf_len; int diff; skb = *skb_p; iph = skb->nh.iph; th = (struct tcphdr *)&(((char *)iph)[iph->ihl*4]); data = (char *)&th[1]; data_limit = skb->h.raw + skb->len - 18; if (skb->len >= 6 && (memcmp(data, "PASV\r\n", 6) == 0 || memcmp(data, "pasv\r\n", 6) == 0)) ms->app_data = &masq_ftp_pasv; while (data < data_limit) { if (memcmp(data,"PORT ",5) && memcmp(data,"port ",5)) { data ++; continue; } p = data+5; p1 = simple_strtoul(data+5,&data,10); if (*data!=',') continue; p2 = simple_strtoul(data+1,&data,10); if (*data!=',') continue; p3 = simple_strtoul(data+1,&data,10); if (*data!=',') continue; p4 = simple_strtoul(data+1,&data,10); if (*data!=',') continue; p5 = simple_strtoul(data+1,&data,10); if (*data!=',') continue; p6 = simple_strtoul(data+1,&data,10); if (*data!='\r' && *data!='\n') continue; from = (p1<<24) | (p2<<16) | (p3<<8) | p4; port = (p5<<8) | p6; IP_MASQ_DEBUG(1-debug, "PORT %X:%X detected\n",from,port); /* * Now update or create an masquerade entry for it */ IP_MASQ_DEBUG(1-debug, "protocol %d %lX:%X %X:%X\n", iph->protocol, htonl(from), htons(port), iph->daddr, 0); n_ms = ip_masq_out_get(iph->protocol, htonl(from), htons(port), iph->daddr, 0); if (!n_ms) { n_ms = ip_masq_new(IPPROTO_TCP, maddr, 0, htonl(from), htons(port), iph->daddr, 0, IP_MASQ_F_NO_DPORT); if (n_ms==NULL) return 0; ip_masq_control_add(n_ms, ms); } /* * Replace the old PORT with the new one */ from = ntohl(n_ms->maddr); port = ntohs(n_ms->mport); sprintf(buf,"%d,%d,%d,%d,%d,%d", from>>24&255,from>>16&255,from>>8&255,from&255, port>>8&255,port&255); buf_len = strlen(buf); IP_MASQ_DEBUG(1-debug, "new PORT %X:%X\n",from,port); /* * Calculate required delta-offset to keep TCP happy */ diff = buf_len - (data-p); /* * No shift. */ if (diff==0) { /* * simple case, just replace the old PORT cmd */ memcpy(p,buf,buf_len); } else { *skb_p = ip_masq_skb_replace(skb, GFP_ATOMIC, p, data-p, buf, buf_len); } /* * Move tunnel to listen state */ ip_masq_listen(n_ms); ip_masq_put(n_ms); return diff; } return 0; }
int masq_ftp_in (struct ip_masq_app *mapp, struct ip_masq *ms, struct sk_buff **skb_p, __u32 maddr) { struct sk_buff *skb; struct iphdr *iph; struct tcphdr *th; char *data, *data_limit; unsigned char p1,p2,p3,p4,p5,p6; __u32 to; __u16 port; struct ip_masq *n_ms; if (ms->app_data != &masq_ftp_pasv) return 0; /* quick exit if no outstanding PASV */ skb = *skb_p; iph = skb->nh.iph; th = (struct tcphdr *)&(((char *)iph)[iph->ihl*4]); data = (char *)&th[1]; data_limit = skb->h.raw + skb->len; while (data < data_limit && *data != ' ') ++data; while (data < data_limit && *data == ' ') ++data; data += 22; if (data >= data_limit || *data != '(') return 0; p1 = simple_strtoul(data+1, &data, 10); if (data >= data_limit || *data != ',') return 0; p2 = simple_strtoul(data+1, &data, 10); if (data >= data_limit || *data != ',') return 0; p3 = simple_strtoul(data+1, &data, 10); if (data >= data_limit || *data != ',') return 0; p4 = simple_strtoul(data+1, &data, 10); if (data >= data_limit || *data != ',') return 0; p5 = simple_strtoul(data+1, &data, 10); if (data >= data_limit || *data != ',') return 0; p6 = simple_strtoul(data+1, &data, 10); if (data >= data_limit || *data != ')') return 0; to = (p1<<24) | (p2<<16) | (p3<<8) | p4; port = (p5<<8) | p6; /* * Now update or create an masquerade entry for it */ IP_MASQ_DEBUG(1-debug, "PASV response %lX:%X %X:%X detected\n", ntohl(ms->saddr), 0, to, port); n_ms = ip_masq_out_get(iph->protocol, ms->saddr, 0, htonl(to), htons(port)); if (!n_ms) { n_ms = ip_masq_new(IPPROTO_TCP, maddr, 0, ms->saddr, 0, htonl(to), htons(port), IP_MASQ_F_NO_SPORT); if (n_ms==NULL) return 0; ip_masq_control_add(n_ms, ms); } #if 0 /* v0.12 state processing */ /* * keep for a bit longer than tcp_fin, client may not issue open * to server port before tcp_fin_timeout. */ n_ms->timeout = ip_masq_expire->tcp_fin_timeout*3; #endif ms->app_data = NULL; ip_masq_put(n_ms); return 0; /* no diff required for incoming packets, thank goodness */ }
int masq_irc_out (struct ip_masq_app *mapp, struct ip_masq *ms, struct sk_buff **skb_p, __u32 maddr) { struct sk_buff *skb; struct iphdr *iph; struct tcphdr *th; char *data, *data_limit; __u32 s_addr; __u16 s_port; struct ip_masq *n_ms; char buf[20]; /* "m_addr m_port" (dec base)*/ unsigned buf_len; int diff; char *dcc_p, *addr_beg_p, *addr_end_p; skb = *skb_p; iph = skb->nh.iph; th = (struct tcphdr *)&(((char *)iph)[iph->ihl*4]); data = (char *)&th[1]; /* * Hunt irc DCC string, the _shortest_: * * strlen("\1DCC CHAT chat AAAAAAAA P\1\n")=27 * strlen("\1DCC SCHAT chat AAAAAAAA P\1\n")=28 * strlen("\1DCC SEND F AAAAAAAA P S\1\n")=26 * strlen("\1DCC MOVE F AAAAAAAA P S\1\n")=26 * strlen("\1DCC TSEND F AAAAAAAA P S\1\n")=27 * AAAAAAAAA: bound addr (1.0.0.0==16777216, min 8 digits) * P: bound port (min 1 d ) * F: filename (min 1 d ) * S: size (min 1 d ) * 0x01, \n: terminators */ data_limit = skb->h.raw + skb->len; while (data < (data_limit - ( 22 + MAXMATCHLEN ) ) ) { int i; if (memcmp(data,"\1DCC ",5)) { data ++; continue; } dcc_p = data; data += 5; /* point to DCC cmd */ for(i=0; i<NUM_DCCPROTO; i++) { /* * go through the table and hunt a match string */ if( memcmp(data, dccprotos[i].match, dccprotos[i].matchlen ) == 0 ) { data += dccprotos[i].matchlen; /* * skip next string. */ while( *data++ != ' ') /* * must still parse, at least, "AAAAAAAA P\1\n", * 12 bytes left. */ if (data > (data_limit-12)) return 0; addr_beg_p = data; /* * client bound address in dec base */ s_addr = simple_strtoul(data,&data,10); if (*data++ !=' ') continue; /* * client bound port in dec base */ s_port = simple_strtoul(data,&data,10); addr_end_p = data; /* * Now create an masquerade entry for it * must set NO_DPORT and NO_DADDR because * connection is requested by another client. */ n_ms = ip_masq_new(IPPROTO_TCP, maddr, 0, htonl(s_addr),htons(s_port), 0, 0, IP_MASQ_F_NO_DPORT|IP_MASQ_F_NO_DADDR); if (n_ms==NULL) return 0; /* * Replace the old "address port" with the new one */ buf_len = sprintf(buf,"%lu %u", ntohl(n_ms->maddr),ntohs(n_ms->mport)); /* * Calculate required delta-offset to keep TCP happy */ diff = buf_len - (addr_end_p-addr_beg_p); *addr_beg_p = '\0'; IP_MASQ_DEBUG(1-debug, "masq_irc_out(): '%s' %X:%X detected (diff=%d)\n", dcc_p, s_addr,s_port, diff); /* * No shift. */ if (diff==0) { /* * simple case, just copy. */ memcpy(addr_beg_p,buf,buf_len); } else { *skb_p = ip_masq_skb_replace(skb, GFP_ATOMIC, addr_beg_p, addr_end_p-addr_beg_p, buf, buf_len); } ip_masq_listen(n_ms); ip_masq_put(n_ms); return diff; } } } return 0; }