ip_irc_pxy.c revision 1.1.1.2
1 1.1 christos /* $NetBSD: ip_irc_pxy.c,v 1.1.1.2 2012/07/22 13:45:19 darrenr Exp $ */ 2 1.1 christos 3 1.1 christos /* 4 1.1.1.2 darrenr * Copyright (C) 2012 by Darren Reed. 5 1.1 christos * 6 1.1 christos * See the IPFILTER.LICENCE file for details on licencing. 7 1.1 christos * 8 1.1.1.2 darrenr * $Id: ip_irc_pxy.c,v 1.1.1.2 2012/07/22 13:45:19 darrenr Exp $ 9 1.1 christos */ 10 1.1 christos 11 1.1 christos #define IPF_IRC_PROXY 12 1.1 christos 13 1.1 christos #define IPF_IRCBUFSZ 96 /* This *MUST* be >= 64! */ 14 1.1 christos 15 1.1 christos 16 1.1 christos void ipf_p_irc_main_load __P((void)); 17 1.1 christos void ipf_p_irc_main_unload __P((void)); 18 1.1 christos int ipf_p_irc_new __P((void *, fr_info_t *, ap_session_t *, nat_t *)); 19 1.1 christos int ipf_p_irc_out __P((void *, fr_info_t *, ap_session_t *, nat_t *)); 20 1.1 christos int ipf_p_irc_send __P((fr_info_t *, nat_t *)); 21 1.1 christos int ipf_p_irc_complete __P((ircinfo_t *, char *, size_t)); 22 1.1 christos u_short ipf_irc_atoi __P((char **)); 23 1.1 christos 24 1.1 christos static frentry_t ircnatfr; 25 1.1 christos 26 1.1 christos int irc_proxy_init = 0; 27 1.1 christos 28 1.1 christos 29 1.1 christos /* 30 1.1 christos * Initialize local structures. 31 1.1 christos */ 32 1.1 christos void 33 1.1 christos ipf_p_irc_main_load() 34 1.1 christos { 35 1.1 christos bzero((char *)&ircnatfr, sizeof(ircnatfr)); 36 1.1 christos ircnatfr.fr_ref = 1; 37 1.1 christos ircnatfr.fr_flags = FR_INQUE|FR_PASS|FR_QUICK|FR_KEEPSTATE; 38 1.1 christos MUTEX_INIT(&ircnatfr.fr_lock, "IRC proxy rule lock"); 39 1.1 christos irc_proxy_init = 1; 40 1.1 christos } 41 1.1 christos 42 1.1 christos 43 1.1 christos void 44 1.1 christos ipf_p_irc_main_unload() 45 1.1 christos { 46 1.1 christos if (irc_proxy_init == 1) { 47 1.1 christos MUTEX_DESTROY(&ircnatfr.fr_lock); 48 1.1 christos irc_proxy_init = 0; 49 1.1 christos } 50 1.1 christos } 51 1.1 christos 52 1.1 christos 53 1.1 christos const char *ipf_p_irc_dcctypes[] = { 54 1.1 christos "CHAT ", /* CHAT chat ipnumber portnumber */ 55 1.1 christos "SEND ", /* SEND filename ipnumber portnumber */ 56 1.1 christos "MOVE ", 57 1.1 christos "TSEND ", 58 1.1 christos "SCHAT ", 59 1.1 christos NULL, 60 1.1 christos }; 61 1.1 christos 62 1.1 christos 63 1.1 christos /* 64 1.1 christos * :A PRIVMSG B :^ADCC CHAT chat 0 0^A\r\n 65 1.1 christos * PRIVMSG B ^ADCC CHAT chat 0 0^A\r\n 66 1.1 christos */ 67 1.1 christos 68 1.1 christos 69 1.1 christos int 70 1.1 christos ipf_p_irc_complete(ircp, buf, len) 71 1.1 christos ircinfo_t *ircp; 72 1.1 christos char *buf; 73 1.1 christos size_t len; 74 1.1 christos { 75 1.1 christos register char *s, c; 76 1.1 christos register size_t i; 77 1.1 christos u_32_t l; 78 1.1 christos int j, k; 79 1.1 christos 80 1.1 christos ircp->irc_ipnum = 0; 81 1.1 christos ircp->irc_port = 0; 82 1.1 christos 83 1.1 christos if (len < 31) 84 1.1 christos return 0; 85 1.1 christos s = buf; 86 1.1 christos c = *s++; 87 1.1 christos i = len - 1; 88 1.1 christos 89 1.1 christos if ((c != ':') && (c != 'P')) 90 1.1 christos return 0; 91 1.1 christos 92 1.1 christos if (c == ':') { 93 1.1 christos /* 94 1.1 christos * Loosely check that the source is a nickname of some sort 95 1.1 christos */ 96 1.1 christos s++; 97 1.1 christos c = *s; 98 1.1 christos ircp->irc_snick = s; 99 1.1 christos if (!ISALPHA(c)) 100 1.1 christos return 0; 101 1.1 christos i--; 102 1.1 christos for (c = *s; !ISSPACE(c) && (i > 0); i--) 103 1.1 christos c = *s++; 104 1.1 christos if (i < 31) 105 1.1 christos return 0; 106 1.1 christos if (c != 'P') 107 1.1 christos return 0; 108 1.1 christos } else 109 1.1 christos ircp->irc_snick = NULL; 110 1.1 christos 111 1.1 christos /* 112 1.1 christos * Check command string 113 1.1 christos */ 114 1.1 christos if (strncmp(s, "PRIVMSG ", 8)) 115 1.1 christos return 0; 116 1.1 christos i -= 8; 117 1.1 christos s += 8; 118 1.1 christos c = *s; 119 1.1 christos ircp->irc_dnick = s; 120 1.1 christos 121 1.1 christos /* 122 1.1 christos * Loosely check that the destination is a nickname of some sort 123 1.1 christos */ 124 1.1 christos if (!ISALPHA(c)) 125 1.1 christos return 0; 126 1.1 christos for (; !ISSPACE(c) && (i > 0); i--) 127 1.1 christos c = *s++; 128 1.1 christos if (i < 20) 129 1.1 christos return 0; 130 1.1 christos s++, 131 1.1 christos i--; 132 1.1 christos 133 1.1 christos /* 134 1.1 christos * Look for a ^A to start the DCC 135 1.1 christos */ 136 1.1 christos c = *s; 137 1.1 christos if (c == ':') { 138 1.1 christos s++; 139 1.1 christos c = *s; 140 1.1 christos } 141 1.1 christos 142 1.1 christos if (strncmp(s, "\001DCC ", 4)) 143 1.1 christos return 0; 144 1.1 christos 145 1.1 christos i -= 4; 146 1.1 christos s += 4; 147 1.1 christos 148 1.1 christos /* 149 1.1 christos * Check for a recognised DCC command 150 1.1 christos */ 151 1.1 christos for (j = 0, k = 0; ipf_p_irc_dcctypes[j]; j++) { 152 1.1 christos k = MIN(strlen(ipf_p_irc_dcctypes[j]), i); 153 1.1 christos if (!strncmp(ipf_p_irc_dcctypes[j], s, k)) 154 1.1 christos break; 155 1.1 christos } 156 1.1 christos if (!ipf_p_irc_dcctypes[j]) 157 1.1 christos return 0; 158 1.1 christos 159 1.1 christos ircp->irc_type = s; 160 1.1 christos i -= k; 161 1.1 christos s += k; 162 1.1 christos 163 1.1 christos if (i < 11) 164 1.1 christos return 0; 165 1.1 christos 166 1.1 christos /* 167 1.1 christos * Check for the arg 168 1.1 christos */ 169 1.1 christos c = *s; 170 1.1 christos if (ISSPACE(c)) 171 1.1 christos return 0; 172 1.1 christos ircp->irc_arg = s; 173 1.1 christos for (; (c != ' ') && (c != '\001') && (i > 0); i--) 174 1.1 christos c = *s++; 175 1.1 christos 176 1.1 christos if (c == '\001') /* In reality a ^A can quote another ^A...*/ 177 1.1 christos return 0; 178 1.1 christos 179 1.1 christos if (i < 5) 180 1.1 christos return 0; 181 1.1 christos 182 1.1 christos s++; 183 1.1 christos i--; 184 1.1 christos c = *s; 185 1.1 christos if (!ISDIGIT(c)) 186 1.1 christos return 0; 187 1.1 christos ircp->irc_addr = s; 188 1.1 christos /* 189 1.1 christos * Get the IP# 190 1.1 christos */ 191 1.1 christos for (l = 0; ISDIGIT(c) && (i > 0); i--) { 192 1.1 christos l *= 10; 193 1.1 christos l += c - '0'; 194 1.1 christos c = *s++; 195 1.1 christos } 196 1.1 christos 197 1.1 christos if (i < 4) 198 1.1 christos return 0; 199 1.1 christos 200 1.1 christos if (c != ' ') 201 1.1 christos return 0; 202 1.1 christos 203 1.1 christos ircp->irc_ipnum = l; 204 1.1 christos s++; 205 1.1 christos i--; 206 1.1 christos c = *s; 207 1.1 christos if (!ISDIGIT(c)) 208 1.1 christos return 0; 209 1.1 christos /* 210 1.1 christos * Get the port# 211 1.1 christos */ 212 1.1 christos for (l = 0; ISDIGIT(c) && (i > 0); i--) { 213 1.1 christos l *= 10; 214 1.1 christos l += c - '0'; 215 1.1 christos c = *s++; 216 1.1 christos } 217 1.1 christos if (i < 3) 218 1.1 christos return 0; 219 1.1 christos if (strncmp(s, "\001\r\n", 3)) 220 1.1 christos return 0; 221 1.1 christos s += 3; 222 1.1 christos ircp->irc_len = s - buf; 223 1.1 christos ircp->irc_port = l; 224 1.1 christos return 1; 225 1.1 christos } 226 1.1 christos 227 1.1 christos 228 1.1 christos int 229 1.1 christos ipf_p_irc_new(arg, fin, aps, nat) 230 1.1 christos void *arg; 231 1.1 christos fr_info_t *fin; 232 1.1 christos ap_session_t *aps; 233 1.1 christos nat_t *nat; 234 1.1 christos { 235 1.1 christos ircinfo_t *irc; 236 1.1 christos 237 1.1.1.2 darrenr if (fin->fin_v != 4) 238 1.1.1.2 darrenr return -1; 239 1.1.1.2 darrenr 240 1.1 christos KMALLOC(irc, ircinfo_t *); 241 1.1 christos if (irc == NULL) 242 1.1 christos return -1; 243 1.1 christos 244 1.1 christos nat = nat; /* LINT */ 245 1.1 christos 246 1.1 christos aps->aps_data = irc; 247 1.1 christos aps->aps_psiz = sizeof(ircinfo_t); 248 1.1 christos 249 1.1 christos bzero((char *)irc, sizeof(*irc)); 250 1.1 christos return 0; 251 1.1 christos } 252 1.1 christos 253 1.1 christos 254 1.1 christos int 255 1.1 christos ipf_p_irc_send(fin, nat) 256 1.1 christos fr_info_t *fin; 257 1.1 christos nat_t *nat; 258 1.1 christos { 259 1.1 christos char ctcpbuf[IPF_IRCBUFSZ], newbuf[IPF_IRCBUFSZ]; 260 1.1 christos tcphdr_t *tcp, tcph, *tcp2 = &tcph; 261 1.1 christos int off, inc = 0, i, dlen; 262 1.1 christos ipf_main_softc_t *softc; 263 1.1 christos size_t nlen = 0, olen; 264 1.1 christos struct in_addr swip; 265 1.1 christos u_short a5, sp; 266 1.1 christos ircinfo_t *irc; 267 1.1 christos fr_info_t fi; 268 1.1 christos nat_t *nat2; 269 1.1 christos u_int a1; 270 1.1 christos ip_t *ip; 271 1.1 christos mb_t *m; 272 1.1 christos #ifdef MENTAT 273 1.1 christos mb_t *m1; 274 1.1 christos #endif 275 1.1 christos softc = fin->fin_main_soft; 276 1.1 christos 277 1.1 christos m = fin->fin_m; 278 1.1 christos ip = fin->fin_ip; 279 1.1 christos tcp = (tcphdr_t *)fin->fin_dp; 280 1.1 christos bzero(ctcpbuf, sizeof(ctcpbuf)); 281 1.1 christos off = (char *)tcp - (char *)ip + (TCP_OFF(tcp) << 2) + fin->fin_ipoff; 282 1.1 christos 283 1.1 christos #ifdef __sgi 284 1.1 christos dlen = fin->fin_plen - off; 285 1.1 christos #else 286 1.1 christos dlen = MSGDSIZE(m) - off; 287 1.1 christos #endif 288 1.1 christos if (dlen <= 0) 289 1.1 christos return 0; 290 1.1 christos COPYDATA(m, off, MIN(sizeof(ctcpbuf), dlen), ctcpbuf); 291 1.1 christos 292 1.1 christos if (dlen <= 0) 293 1.1 christos return 0; 294 1.1 christos ctcpbuf[sizeof(ctcpbuf) - 1] = '\0'; 295 1.1 christos *newbuf = '\0'; 296 1.1 christos 297 1.1 christos irc = nat->nat_aps->aps_data; 298 1.1 christos if (ipf_p_irc_complete(irc, ctcpbuf, dlen) == 0) 299 1.1 christos return 0; 300 1.1 christos 301 1.1 christos /* 302 1.1 christos * check that IP address in the DCC reply is the same as the 303 1.1 christos * sender of the command - prevents use for port scanning. 304 1.1 christos */ 305 1.1 christos if (irc->irc_ipnum != ntohl(nat->nat_osrcaddr)) 306 1.1 christos return 0; 307 1.1 christos 308 1.1 christos a5 = irc->irc_port; 309 1.1 christos 310 1.1 christos /* 311 1.1 christos * Calculate new address parts for the DCC command 312 1.1 christos */ 313 1.1 christos a1 = ntohl(ip->ip_src.s_addr); 314 1.1 christos olen = irc->irc_len; 315 1.1 christos i = irc->irc_addr - ctcpbuf; 316 1.1 christos i++; 317 1.1 christos (void) strncpy(newbuf, ctcpbuf, i); 318 1.1 christos /* DO NOT change these! */ 319 1.1 christos #if defined(SNPRINTF) && defined(KERNEL) 320 1.1 christos SNPRINTF(newbuf, sizeof(newbuf) - i, "%u %u\001\r\n", a1, a5); 321 1.1 christos #else 322 1.1 christos (void) sprintf(newbuf, "%u %u\001\r\n", a1, a5); 323 1.1 christos #endif 324 1.1 christos 325 1.1 christos nlen = strlen(newbuf); 326 1.1 christos inc = nlen - olen; 327 1.1 christos 328 1.1 christos if ((inc + fin->fin_plen) > 65535) 329 1.1 christos return 0; 330 1.1 christos 331 1.1 christos #ifdef MENTAT 332 1.1 christos for (m1 = m; m1->b_cont; m1 = m1->b_cont) 333 1.1 christos ; 334 1.1 christos if ((inc > 0) && (m1->b_datap->db_lim - m1->b_wptr < inc)) { 335 1.1 christos mblk_t *nm; 336 1.1 christos 337 1.1 christos /* alloc enough to keep same trailer space for lower driver */ 338 1.1 christos nm = allocb(nlen, BPRI_MED); 339 1.1 christos PANIC((!nm),("ipf_p_irc_out: allocb failed")); 340 1.1 christos 341 1.1 christos nm->b_band = m1->b_band; 342 1.1 christos nm->b_wptr += nlen; 343 1.1 christos 344 1.1 christos m1->b_wptr -= olen; 345 1.1 christos PANIC((m1->b_wptr < m1->b_rptr), 346 1.1 christos ("ipf_p_irc_out: cannot handle fragmented data block")); 347 1.1 christos 348 1.1 christos linkb(m1, nm); 349 1.1 christos } else { 350 1.1 christos # if SOLARIS && defined(ICK_VALID) 351 1.1 christos if (m1->b_datap->db_struiolim == m1->b_wptr) 352 1.1 christos m1->b_datap->db_struiolim += inc; 353 1.1 christos m1->b_datap->db_struioflag &= ~STRUIO_IP; 354 1.1 christos # endif 355 1.1 christos m1->b_wptr += inc; 356 1.1 christos } 357 1.1 christos #else 358 1.1 christos if (inc < 0) 359 1.1 christos m_adj(m, inc); 360 1.1 christos /* the mbuf chain will be extended if necessary by m_copyback() */ 361 1.1 christos #endif 362 1.1 christos COPYBACK(m, off, nlen, newbuf); 363 1.1.1.2 darrenr fin->fin_flx |= FI_DOCKSUM; 364 1.1 christos 365 1.1 christos if (inc != 0) { 366 1.1 christos #if defined(MENTAT) || defined(__sgi) 367 1.1 christos register u_32_t sum1, sum2; 368 1.1 christos 369 1.1 christos sum1 = fin->fin_plen; 370 1.1 christos sum2 = fin->fin_plen + inc; 371 1.1 christos 372 1.1 christos /* Because ~1 == -2, We really need ~1 == -1 */ 373 1.1 christos if (sum1 > sum2) 374 1.1 christos sum2--; 375 1.1 christos sum2 -= sum1; 376 1.1 christos sum2 = (sum2 & 0xffff) + (sum2 >> 16); 377 1.1 christos 378 1.1.1.2 darrenr ipf_fix_outcksum(0, &ip->ip_sum, sum2, 0); 379 1.1 christos #endif 380 1.1 christos fin->fin_plen += inc; 381 1.1 christos ip->ip_len = htons(fin->fin_plen); 382 1.1 christos fin->fin_dlen += inc; 383 1.1 christos } 384 1.1 christos 385 1.1 christos /* 386 1.1 christos * Add skeleton NAT entry for connection which will come back the 387 1.1 christos * other way. 388 1.1 christos */ 389 1.1 christos sp = htons(a5); 390 1.1 christos /* 391 1.1 christos * Don't allow the PORT command to specify a port < 1024 due to 392 1.1 christos * security crap. 393 1.1 christos */ 394 1.1 christos if (ntohs(sp) < 1024) 395 1.1 christos return 0; 396 1.1 christos 397 1.1 christos /* 398 1.1 christos * The server may not make the connection back from port 20, but 399 1.1 christos * it is the most likely so use it here to check for a conflicting 400 1.1 christos * mapping. 401 1.1 christos */ 402 1.1 christos bcopy((caddr_t)fin, (caddr_t)&fi, sizeof(fi)); 403 1.1 christos fi.fin_data[0] = sp; 404 1.1 christos fi.fin_data[1] = fin->fin_data[1]; 405 1.1 christos nat2 = ipf_nat_outlookup(fin, IPN_TCP, nat->nat_pr[1], nat->nat_nsrcip, 406 1.1 christos ip->ip_dst); 407 1.1 christos if (nat2 == NULL) { 408 1.1 christos #ifdef USE_MUTEXES 409 1.1 christos ipf_nat_softc_t *softn = softc->ipf_nat_soft; 410 1.1 christos #endif 411 1.1 christos 412 1.1 christos bcopy((caddr_t)fin, (caddr_t)&fi, sizeof(fi)); 413 1.1 christos bzero((char *)tcp2, sizeof(*tcp2)); 414 1.1 christos tcp2->th_win = htons(8192); 415 1.1 christos tcp2->th_sport = sp; 416 1.1 christos tcp2->th_dport = 0; /* XXX - don't specify remote port */ 417 1.1 christos fi.fin_data[0] = ntohs(sp); 418 1.1 christos fi.fin_data[1] = 0; 419 1.1 christos fi.fin_dp = (char *)tcp2; 420 1.1 christos fi.fin_fr = &ircnatfr; 421 1.1 christos fi.fin_dlen = sizeof(*tcp2); 422 1.1 christos fi.fin_plen = fi.fin_hlen + sizeof(*tcp2); 423 1.1 christos swip = ip->ip_src; 424 1.1 christos ip->ip_src = nat->nat_nsrcip; 425 1.1 christos MUTEX_ENTER(&softn->ipf_nat_new); 426 1.1 christos nat2 = ipf_nat_add(&fi, nat->nat_ptr, NULL, 427 1.1 christos NAT_SLAVE|IPN_TCP|SI_W_DPORT, NAT_OUTBOUND); 428 1.1 christos MUTEX_EXIT(&softn->ipf_nat_new); 429 1.1 christos if (nat2 != NULL) { 430 1.1 christos (void) ipf_nat_proto(&fi, nat2, 0); 431 1.1 christos MUTEX_ENTER(&nat2->nat_lock); 432 1.1 christos ipf_nat_update(&fi, nat2); 433 1.1 christos MUTEX_EXIT(&nat2->nat_lock); 434 1.1 christos 435 1.1 christos (void) ipf_state_add(softc, &fi, NULL, SI_W_DPORT); 436 1.1 christos } 437 1.1 christos ip->ip_src = swip; 438 1.1 christos } 439 1.1 christos return inc; 440 1.1 christos } 441 1.1 christos 442 1.1 christos 443 1.1 christos int 444 1.1 christos ipf_p_irc_out(arg, fin, aps, nat) 445 1.1 christos void *arg; 446 1.1 christos fr_info_t *fin; 447 1.1 christos ap_session_t *aps; 448 1.1 christos nat_t *nat; 449 1.1 christos { 450 1.1 christos aps = aps; /* LINT */ 451 1.1 christos return ipf_p_irc_send(fin, nat); 452 1.1 christos } 453
Indexes created Wed Oct 22 13:09:56 GMT 2025