1 /* $NetBSD: ip_pptp_pxy.c,v 1.3 2012/07/22 14:27:51 darrenr Exp $ */ 2 3 /* 4 * Copyright (C) 2012 by Darren Reed. 5 * 6 * Simple PPTP transparent proxy for in-kernel use. For use with the NAT 7 * code. 8 * 9 * Id: ip_pptp_pxy.c,v 1.1.1.2 2012/07/22 13:45:32 darrenr Exp 10 * 11 */ 12 13 #include <sys/cdefs.h> 14 __KERNEL_RCSID(1, "$NetBSD: ip_pptp_pxy.c,v 1.3 2012/07/22 14:27:51 darrenr Exp $"); 15 16 #define IPF_PPTP_PROXY 17 18 19 20 /* 21 * PPTP proxy 22 */ 23 typedef struct pptp_side { 24 u_32_t pptps_nexthdr; 25 u_32_t pptps_next; 26 int pptps_state; 27 int pptps_gothdr; 28 int pptps_len; 29 int pptps_bytes; 30 char *pptps_wptr; 31 char pptps_buffer[512]; 32 } pptp_side_t; 33 34 typedef struct pptp_pxy { 35 nat_t *pptp_nat; 36 struct ipstate *pptp_state; 37 u_short pptp_call[2]; 38 pptp_side_t pptp_side[2]; 39 ipnat_t *pptp_rule; 40 } pptp_pxy_t; 41 42 typedef struct pptp_hdr { 43 u_short pptph_len; 44 u_short pptph_type; 45 u_32_t pptph_cookie; 46 } pptp_hdr_t; 47 48 #define PPTP_MSGTYPE_CTL 1 49 #define PPTP_MTCTL_STARTREQ 1 50 #define PPTP_MTCTL_STARTREP 2 51 #define PPTP_MTCTL_STOPREQ 3 52 #define PPTP_MTCTL_STOPREP 4 53 #define PPTP_MTCTL_ECHOREQ 5 54 #define PPTP_MTCTL_ECHOREP 6 55 #define PPTP_MTCTL_OUTREQ 7 56 #define PPTP_MTCTL_OUTREP 8 57 #define PPTP_MTCTL_INREQ 9 58 #define PPTP_MTCTL_INREP 10 59 #define PPTP_MTCTL_INCONNECT 11 60 #define PPTP_MTCTL_CLEAR 12 61 #define PPTP_MTCTL_DISCONNECT 13 62 #define PPTP_MTCTL_WANERROR 14 63 #define PPTP_MTCTL_LINKINFO 15 64 65 66 void ipf_p_pptp_main_load(void); 67 void ipf_p_pptp_main_unload(void); 68 int ipf_p_pptp_new(void *, fr_info_t *, ap_session_t *, nat_t *); 69 void ipf_p_pptp_del(ipf_main_softc_t *, ap_session_t *); 70 int ipf_p_pptp_inout(void *, fr_info_t *, ap_session_t *, nat_t *); 71 void ipf_p_pptp_donatstate(fr_info_t *, nat_t *, pptp_pxy_t *); 72 int ipf_p_pptp_message(fr_info_t *, nat_t *, pptp_pxy_t *, pptp_side_t *); 73 int ipf_p_pptp_nextmessage(fr_info_t *, nat_t *, pptp_pxy_t *, int); 74 int ipf_p_pptp_mctl(fr_info_t *, nat_t *, pptp_pxy_t *, pptp_side_t *); 75 76 static frentry_t pptpfr; 77 78 static int pptp_proxy_init = 0; 79 static int ipf_p_pptp_debug = 0; 80 static int ipf_p_pptp_gretimeout = IPF_TTLVAL(120); /* 2 minutes */ 81 82 83 /* 84 * PPTP application proxy initialization. 85 */ 86 void 87 ipf_p_pptp_main_load(void) 88 { 89 bzero((char *)&pptpfr, sizeof(pptpfr)); 90 pptpfr.fr_ref = 1; 91 pptpfr.fr_age[0] = ipf_p_pptp_gretimeout; 92 pptpfr.fr_age[1] = ipf_p_pptp_gretimeout; 93 pptpfr.fr_flags = FR_OUTQUE|FR_PASS|FR_QUICK|FR_KEEPSTATE; 94 MUTEX_INIT(&pptpfr.fr_lock, "PPTP proxy rule lock"); 95 pptp_proxy_init = 1; 96 } 97 98 99 void 100 ipf_p_pptp_main_unload(void) 101 { 102 if (pptp_proxy_init == 1) { 103 MUTEX_DESTROY(&pptpfr.fr_lock); 104 pptp_proxy_init = 0; 105 } 106 } 107 108 109 /* 110 * Setup for a new PPTP proxy. 111 * 112 * NOTE: The printf's are broken up with %s in them to prevent them being 113 * optimised into puts statements on FreeBSD (this doesn't exist in the kernel) 114 */ 115 int 116 ipf_p_pptp_new(void *arg, fr_info_t *fin, ap_session_t *aps, nat_t *nat) 117 { 118 pptp_pxy_t *pptp; 119 ipnat_t *ipn; 120 ipnat_t *np; 121 int size; 122 ip_t *ip; 123 124 if (fin->fin_v != 4) 125 return -1; 126 127 ip = fin->fin_ip; 128 np = nat->nat_ptr; 129 size = np->in_size; 130 131 if (ipf_nat_outlookup(fin, 0, IPPROTO_GRE, nat->nat_osrcip, 132 ip->ip_dst) != NULL) { 133 if (ipf_p_pptp_debug > 0) 134 printf("ipf_p_pptp_new: GRE session already exists\n"); 135 return -1; 136 } 137 138 KMALLOC(pptp, pptp_pxy_t *); 139 if (pptp == NULL) { 140 if (ipf_p_pptp_debug > 0) 141 printf("ipf_p_pptp_new: malloc for aps_data failed\n"); 142 return -1; 143 } 144 KMALLOCS(ipn, ipnat_t *, size); 145 if (ipn == NULL) { 146 KFREE(pptp); 147 return -1; 148 } 149 150 aps->aps_data = pptp; 151 aps->aps_psiz = sizeof(*pptp); 152 bzero((char *)pptp, sizeof(*pptp)); 153 bzero((char *)ipn, size); 154 pptp->pptp_rule = ipn; 155 156 /* 157 * Create NAT rule against which the tunnel/transport mapping is 158 * created. This is required because the current NAT rule does not 159 * describe GRE but TCP instead. 160 */ 161 ipn->in_size = size; 162 ipn->in_ifps[0] = fin->fin_ifp; 163 ipn->in_apr = NULL; 164 ipn->in_use = 1; 165 ipn->in_hits = 1; 166 ipn->in_ippip = 1; 167 ipn->in_snip = ntohl(nat->nat_nsrcaddr); 168 ipn->in_nsrcaddr = fin->fin_saddr; 169 ipn->in_dnip = ntohl(nat->nat_ndstaddr); 170 ipn->in_ndstaddr = nat->nat_ndstaddr; 171 ipn->in_redir = np->in_redir; 172 ipn->in_osrcaddr = nat->nat_osrcaddr; 173 ipn->in_odstaddr = nat->nat_odstaddr; 174 ipn->in_osrcmsk = 0xffffffff; 175 ipn->in_nsrcmsk = 0xffffffff; 176 ipn->in_odstmsk = 0xffffffff; 177 ipn->in_ndstmsk = 0xffffffff; 178 ipn->in_flags = (np->in_flags | IPN_PROXYRULE); 179 MUTEX_INIT(&ipn->in_lock, "pptp proxy NAT rule"); 180 181 ipn->in_namelen = np->in_namelen; 182 bcopy(np->in_names, ipn->in_ifnames, ipn->in_namelen); 183 ipn->in_ifnames[0] = np->in_ifnames[0]; 184 ipn->in_ifnames[1] = np->in_ifnames[1]; 185 186 ipn->in_pr[0] = IPPROTO_GRE; 187 ipn->in_pr[1] = IPPROTO_GRE; 188 189 pptp->pptp_side[0].pptps_wptr = pptp->pptp_side[0].pptps_buffer; 190 pptp->pptp_side[1].pptps_wptr = pptp->pptp_side[1].pptps_buffer; 191 return 0; 192 } 193 194 195 void 196 ipf_p_pptp_donatstate(fr_info_t *fin, nat_t *nat, pptp_pxy_t *pptp) 197 { 198 ipf_main_softc_t *softc = fin->fin_main_soft; 199 fr_info_t fi; 200 grehdr_t gre; 201 nat_t *nat2; 202 u_char p; 203 ip_t *ip; 204 205 ip = fin->fin_ip; 206 p = ip->ip_p; 207 208 nat2 = pptp->pptp_nat; 209 if ((nat2 == NULL) || (pptp->pptp_state == NULL)) { 210 bcopy((char *)fin, (char *)&fi, sizeof(fi)); 211 bzero((char *)&gre, sizeof(gre)); 212 fi.fin_fi.fi_p = IPPROTO_GRE; 213 fi.fin_fr = &pptpfr; 214 if ((nat->nat_dir == NAT_OUTBOUND && fin->fin_out) || 215 (nat->nat_dir == NAT_INBOUND && !fin->fin_out)) { 216 fi.fin_data[0] = pptp->pptp_call[0]; 217 fi.fin_data[1] = pptp->pptp_call[1]; 218 } else { 219 fi.fin_data[0] = pptp->pptp_call[1]; 220 fi.fin_data[1] = pptp->pptp_call[0]; 221 } 222 ip = fin->fin_ip; 223 ip->ip_p = IPPROTO_GRE; 224 fi.fin_flx &= ~(FI_TCPUDP|FI_STATE|FI_FRAG); 225 fi.fin_flx |= FI_IGNORE; 226 fi.fin_dp = &gre; 227 gre.gr_flags = htons(1 << 13); 228 229 fi.fin_fi.fi_saddr = nat->nat_osrcaddr; 230 fi.fin_fi.fi_daddr = nat->nat_odstaddr; 231 } 232 233 /* 234 * Update NAT timeout/create NAT if missing. 235 */ 236 if (nat2 != NULL) 237 ipf_queueback(softc->ipf_ticks, &nat2->nat_tqe); 238 else { 239 #ifdef USE_MUTEXES 240 ipf_nat_softc_t *softn = softc->ipf_nat_soft; 241 #endif 242 243 MUTEX_ENTER(&softn->ipf_nat_new); 244 nat2 = ipf_nat_add(&fi, pptp->pptp_rule, &pptp->pptp_nat, 245 NAT_SLAVE, nat->nat_dir); 246 MUTEX_EXIT(&softn->ipf_nat_new); 247 if (nat2 != NULL) { 248 (void) ipf_nat_proto(&fi, nat2, 0); 249 MUTEX_ENTER(&nat2->nat_lock); 250 ipf_nat_update(&fi, nat2); 251 MUTEX_EXIT(&nat2->nat_lock); 252 } 253 } 254 255 READ_ENTER(&softc->ipf_state); 256 if (pptp->pptp_state != NULL) { 257 ipf_queueback(softc->ipf_ticks, &pptp->pptp_state->is_sti); 258 RWLOCK_EXIT(&softc->ipf_state); 259 } else { 260 RWLOCK_EXIT(&softc->ipf_state); 261 if (nat2 != NULL) { 262 if (nat->nat_dir == NAT_INBOUND) 263 fi.fin_fi.fi_daddr = nat2->nat_ndstaddr; 264 else 265 fi.fin_fi.fi_saddr = nat2->nat_osrcaddr; 266 } 267 fi.fin_ifp = NULL; 268 (void) ipf_state_add(softc, &fi, &pptp->pptp_state, 0); 269 } 270 ip->ip_p = p; 271 return; 272 } 273 274 275 /* 276 * Try and build up the next PPTP message in the TCP stream and if we can 277 * build it up completely (fits in our buffer) then pass it off to the message 278 * parsing function. 279 */ 280 int 281 ipf_p_pptp_nextmessage(fr_info_t *fin, nat_t *nat, pptp_pxy_t *pptp, int rev) 282 { 283 static const char *funcname = "ipf_p_pptp_nextmessage"; 284 pptp_side_t *pptps; 285 u_32_t start, end; 286 pptp_hdr_t *hdr; 287 tcphdr_t *tcp; 288 int dlen, off; 289 u_short len; 290 char *msg; 291 292 tcp = fin->fin_dp; 293 dlen = fin->fin_dlen - (TCP_OFF(tcp) << 2); 294 start = ntohl(tcp->th_seq); 295 pptps = &pptp->pptp_side[rev]; 296 off = (char *)tcp - (char *)fin->fin_ip + (TCP_OFF(tcp) << 2) + 297 fin->fin_ipoff; 298 299 if (dlen <= 0) 300 return 0; 301 /* 302 * If the complete data packet is before what we expect to see 303 * "next", just ignore it as the chances are we've already seen it. 304 * The next if statement following this one really just causes packets 305 * ahead of what we've seen to be dropped, implying that something in 306 * the middle went missing and we want to see that first. 307 */ 308 end = start + dlen; 309 if (pptps->pptps_next > end && pptps->pptps_next > start) 310 return 0; 311 312 if (pptps->pptps_next != start) { 313 if (ipf_p_pptp_debug > 5) 314 printf("%s: next (%x) != start (%x)\n", funcname, 315 pptps->pptps_next, start); 316 return -1; 317 } 318 319 msg = (char *)fin->fin_dp + (TCP_OFF(tcp) << 2); 320 321 while (dlen > 0) { 322 off += pptps->pptps_bytes; 323 if (pptps->pptps_gothdr == 0) { 324 /* 325 * PPTP has an 8 byte header that inclues the cookie. 326 * The start of every message should include one and 327 * it should match 1a2b3c4d. Byte order is ignored, 328 * deliberately, when printing out the error. 329 */ 330 len = MIN(8 - pptps->pptps_bytes, dlen); 331 COPYDATA(fin->fin_m, off, len, pptps->pptps_wptr); 332 pptps->pptps_bytes += len; 333 pptps->pptps_wptr += len; 334 hdr = (pptp_hdr_t *)pptps->pptps_buffer; 335 if (pptps->pptps_bytes == 8) { 336 pptps->pptps_next += 8; 337 if (ntohl(hdr->pptph_cookie) != 0x1a2b3c4d) { 338 if (ipf_p_pptp_debug > 1) 339 printf("%s: bad cookie (%x)\n", 340 funcname, 341 hdr->pptph_cookie); 342 return -1; 343 } 344 } 345 dlen -= len; 346 msg += len; 347 off += len; 348 349 pptps->pptps_gothdr = 1; 350 len = ntohs(hdr->pptph_len); 351 pptps->pptps_len = len; 352 pptps->pptps_nexthdr += len; 353 354 /* 355 * If a message is too big for the buffer, just set 356 * the fields for the next message to come along. 357 * The messages defined in RFC 2637 will not exceed 358 * 512 bytes (in total length) so this is likely a 359 * bad data packet, anyway. 360 */ 361 if (len > sizeof(pptps->pptps_buffer)) { 362 if (ipf_p_pptp_debug > 3) 363 printf("%s: message too big (%d)\n", 364 funcname, len); 365 pptps->pptps_next = pptps->pptps_nexthdr; 366 pptps->pptps_wptr = pptps->pptps_buffer; 367 pptps->pptps_gothdr = 0; 368 pptps->pptps_bytes = 0; 369 pptps->pptps_len = 0; 370 break; 371 } 372 } 373 374 len = MIN(pptps->pptps_len - pptps->pptps_bytes, dlen); 375 COPYDATA(fin->fin_m, off, len, pptps->pptps_wptr); 376 pptps->pptps_bytes += len; 377 pptps->pptps_wptr += len; 378 pptps->pptps_next += len; 379 380 if (pptps->pptps_len > pptps->pptps_bytes) 381 break; 382 383 ipf_p_pptp_message(fin, nat, pptp, pptps); 384 pptps->pptps_wptr = pptps->pptps_buffer; 385 pptps->pptps_gothdr = 0; 386 pptps->pptps_bytes = 0; 387 pptps->pptps_len = 0; 388 389 start += len; 390 msg += len; 391 dlen -= len; 392 } 393 394 return 0; 395 } 396 397 398 /* 399 * handle a complete PPTP message 400 */ 401 int 402 ipf_p_pptp_message(fr_info_t *fin, nat_t *nat, pptp_pxy_t *pptp, 403 pptp_side_t *pptps) 404 { 405 pptp_hdr_t *hdr = (pptp_hdr_t *)pptps->pptps_buffer; 406 407 switch (ntohs(hdr->pptph_type)) 408 { 409 case PPTP_MSGTYPE_CTL : 410 ipf_p_pptp_mctl(fin, nat, pptp, pptps); 411 break; 412 413 default : 414 break; 415 } 416 return 0; 417 } 418 419 420 /* 421 * handle a complete PPTP control message 422 */ 423 int 424 ipf_p_pptp_mctl(fr_info_t *fin, nat_t *nat, pptp_pxy_t *pptp, 425 pptp_side_t *pptps) 426 { 427 u_short *buffer = (u_short *)(pptps->pptps_buffer); 428 pptp_side_t *pptpo; 429 430 if (pptps == &pptp->pptp_side[0]) 431 pptpo = &pptp->pptp_side[1]; 432 else 433 pptpo = &pptp->pptp_side[0]; 434 435 /* 436 * Breakout to handle all the various messages. Most are just state 437 * transition. 438 */ 439 switch (ntohs(buffer[4])) 440 { 441 case PPTP_MTCTL_STARTREQ : 442 pptps->pptps_state = PPTP_MTCTL_STARTREQ; 443 break; 444 case PPTP_MTCTL_STARTREP : 445 if (pptpo->pptps_state == PPTP_MTCTL_STARTREQ) 446 pptps->pptps_state = PPTP_MTCTL_STARTREP; 447 break; 448 case PPTP_MTCTL_STOPREQ : 449 pptps->pptps_state = PPTP_MTCTL_STOPREQ; 450 break; 451 case PPTP_MTCTL_STOPREP : 452 if (pptpo->pptps_state == PPTP_MTCTL_STOPREQ) 453 pptps->pptps_state = PPTP_MTCTL_STOPREP; 454 break; 455 case PPTP_MTCTL_ECHOREQ : 456 pptps->pptps_state = PPTP_MTCTL_ECHOREQ; 457 break; 458 case PPTP_MTCTL_ECHOREP : 459 if (pptpo->pptps_state == PPTP_MTCTL_ECHOREQ) 460 pptps->pptps_state = PPTP_MTCTL_ECHOREP; 461 break; 462 case PPTP_MTCTL_OUTREQ : 463 pptps->pptps_state = PPTP_MTCTL_OUTREQ; 464 break; 465 case PPTP_MTCTL_OUTREP : 466 if (pptpo->pptps_state == PPTP_MTCTL_OUTREQ) { 467 pptps->pptps_state = PPTP_MTCTL_OUTREP; 468 pptp->pptp_call[0] = buffer[7]; 469 pptp->pptp_call[1] = buffer[6]; 470 ipf_p_pptp_donatstate(fin, nat, pptp); 471 } 472 break; 473 case PPTP_MTCTL_INREQ : 474 pptps->pptps_state = PPTP_MTCTL_INREQ; 475 break; 476 case PPTP_MTCTL_INREP : 477 if (pptpo->pptps_state == PPTP_MTCTL_INREQ) { 478 pptps->pptps_state = PPTP_MTCTL_INREP; 479 pptp->pptp_call[0] = buffer[7]; 480 pptp->pptp_call[1] = buffer[6]; 481 ipf_p_pptp_donatstate(fin, nat, pptp); 482 } 483 break; 484 case PPTP_MTCTL_INCONNECT : 485 pptps->pptps_state = PPTP_MTCTL_INCONNECT; 486 break; 487 case PPTP_MTCTL_CLEAR : 488 pptps->pptps_state = PPTP_MTCTL_CLEAR; 489 break; 490 case PPTP_MTCTL_DISCONNECT : 491 pptps->pptps_state = PPTP_MTCTL_DISCONNECT; 492 break; 493 case PPTP_MTCTL_WANERROR : 494 pptps->pptps_state = PPTP_MTCTL_WANERROR; 495 break; 496 case PPTP_MTCTL_LINKINFO : 497 pptps->pptps_state = PPTP_MTCTL_LINKINFO; 498 break; 499 } 500 501 return 0; 502 } 503 504 505 /* 506 * For outgoing PPTP packets. refresh timeouts for NAT & state entries, if 507 * we can. If they have disappeared, recreate them. 508 */ 509 int 510 ipf_p_pptp_inout(void *arg, fr_info_t *fin, ap_session_t *aps, nat_t *nat) 511 { 512 pptp_pxy_t *pptp; 513 tcphdr_t *tcp; 514 int rev; 515 516 if ((fin->fin_out == 1) && (nat->nat_dir == NAT_INBOUND)) 517 rev = 1; 518 else if ((fin->fin_out == 0) && (nat->nat_dir == NAT_OUTBOUND)) 519 rev = 1; 520 else 521 rev = 0; 522 523 tcp = (tcphdr_t *)fin->fin_dp; 524 if ((tcp->th_flags & TH_OPENING) == TH_OPENING) { 525 pptp = (pptp_pxy_t *)aps->aps_data; 526 pptp->pptp_side[1 - rev].pptps_next = ntohl(tcp->th_ack); 527 pptp->pptp_side[1 - rev].pptps_nexthdr = ntohl(tcp->th_ack); 528 pptp->pptp_side[rev].pptps_next = ntohl(tcp->th_seq) + 1; 529 pptp->pptp_side[rev].pptps_nexthdr = ntohl(tcp->th_seq) + 1; 530 } 531 return ipf_p_pptp_nextmessage(fin, nat, (pptp_pxy_t *)aps->aps_data, 532 rev); 533 } 534 535 536 /* 537 * clean up after ourselves. 538 */ 539 void 540 ipf_p_pptp_del(ipf_main_softc_t *softc, ap_session_t *aps) 541 { 542 pptp_pxy_t *pptp; 543 544 pptp = aps->aps_data; 545 546 if (pptp != NULL) { 547 /* 548 * Don't bother changing any of the NAT structure details, 549 * *_del() is on a callback from aps_free(), from nat_delete() 550 */ 551 552 READ_ENTER(&softc->ipf_state); 553 if (pptp->pptp_state != NULL) { 554 ipf_state_setpending(softc, pptp->pptp_state); 555 } 556 RWLOCK_EXIT(&softc->ipf_state); 557 558 if (pptp->pptp_nat != NULL) 559 ipf_nat_setpending(softc, pptp->pptp_nat); 560 pptp->pptp_rule->in_flags |= IPN_DELETE; 561 ipf_nat_rule_deref(softc, &pptp->pptp_rule); 562 } 563 } 564
Indexes created Sat Sep 20 22:09:52 GMT 2025