ip_tftp_pxy.c revision 1.1
1 1.1 christos /* $NetBSD: ip_tftp_pxy.c,v 1.1 2012/03/23 20:37:04 christos Exp $ */ 2 1.1 christos 3 1.1 christos /* 4 1.1 christos * Copyright (C) 2010 by Darren Reed. 5 1.1 christos * 6 1.1 christos * See the IPFILTER.LICENCE file for details on licencing. 7 1.1 christos * 8 1.1 christos * Id: ip_tftp_pxy.c,v 1.1.2.4 2012/01/26 05:44:25 darren_r Exp 9 1.1 christos */ 10 1.1 christos 11 1.1 christos #define IPF_TFTP_PROXY 12 1.1 christos 13 1.1 christos void ipf_p_tftp_main_load __P((void)); 14 1.1 christos void ipf_p_tftp_main_unload __P((void)); 15 1.1 christos int ipf_p_tftp_new __P((void *, fr_info_t *, ap_session_t *, nat_t *)); 16 1.1 christos int ipf_p_tftp_out __P((void *, fr_info_t *, ap_session_t *, nat_t *)); 17 1.1 christos int ipf_p_tftp_in __P((void *, fr_info_t *, ap_session_t *, nat_t *)); 18 1.1 christos int ipf_p_tftp_client __P((fr_info_t *, ap_session_t *, nat_t *)); 19 1.1 christos int ipf_p_tftp_server __P((fr_info_t *, ap_session_t *, nat_t *)); 20 1.1 christos int ipf_p_tftp_backchannel __P((fr_info_t *, ap_session_t *, nat_t *)); 21 1.1 christos 22 1.1 christos static frentry_t tftpfr; 23 1.1 christos 24 1.1 christos int tftp_proxy_init = 0; 25 1.1 christos 26 1.1 christos typedef struct tftpinfo { 27 1.1 christos nat_t *ti_datanat; 28 1.1 christos ipstate_t *ti_datastate; 29 1.1 christos int ti_lastcmd; 30 1.1 christos int ti_nextblk; 31 1.1 christos int ti_lastblk; 32 1.1 christos int ti_lasterror; 33 1.1 christos char ti_filename[80]; 34 1.1 christos } tftpinfo_t; 35 1.1 christos 36 1.1 christos #define TFTP_CMD_READ 1 37 1.1 christos #define TFTP_CMD_WRITE 2 38 1.1 christos #define TFTP_CMD_DATA 3 39 1.1 christos #define TFTP_CMD_ACK 4 40 1.1 christos #define TFTP_CMD_ERROR 5 41 1.1 christos 42 1.1 christos 43 1.1 christos /* 44 1.1 christos * TFTP application proxy initialization. 45 1.1 christos */ 46 1.1 christos void 47 1.1 christos ipf_p_tftp_main_load() 48 1.1 christos { 49 1.1 christos 50 1.1 christos bzero((char *)&tftpfr, sizeof(tftpfr)); 51 1.1 christos tftpfr.fr_ref = 1; 52 1.1 christos tftpfr.fr_flags = FR_INQUE|FR_PASS|FR_QUICK|FR_KEEPSTATE; 53 1.1 christos MUTEX_INIT(&tftpfr.fr_lock, "TFTP proxy rule lock"); 54 1.1 christos tftp_proxy_init = 1; 55 1.1 christos } 56 1.1 christos 57 1.1 christos 58 1.1 christos void 59 1.1 christos ipf_p_tftp_main_unload() 60 1.1 christos { 61 1.1 christos 62 1.1 christos if (tftp_proxy_init == 1) { 63 1.1 christos MUTEX_DESTROY(&tftpfr.fr_lock); 64 1.1 christos tftp_proxy_init = 0; 65 1.1 christos } 66 1.1 christos } 67 1.1 christos 68 1.1 christos 69 1.1 christos int 70 1.1 christos ipf_p_tftp_out(arg, fin, aps, nat) 71 1.1 christos void *arg; 72 1.1 christos fr_info_t *fin; 73 1.1 christos ap_session_t *aps; 74 1.1 christos nat_t *nat; 75 1.1 christos { 76 1.1 christos 77 1.1 christos if (nat->nat_dir == NAT_OUTBOUND) 78 1.1 christos return ipf_p_tftp_client(fin, aps, nat); 79 1.1 christos return ipf_p_tftp_server(fin, aps, nat); 80 1.1 christos } 81 1.1 christos 82 1.1 christos 83 1.1 christos int 84 1.1 christos ipf_p_tftp_in(arg, fin, aps, nat) 85 1.1 christos void *arg; 86 1.1 christos fr_info_t *fin; 87 1.1 christos ap_session_t *aps; 88 1.1 christos nat_t *nat; 89 1.1 christos { 90 1.1 christos 91 1.1 christos if (nat->nat_dir == NAT_INBOUND) 92 1.1 christos return ipf_p_tftp_client(fin, aps, nat); 93 1.1 christos return ipf_p_tftp_server(fin, aps, nat); 94 1.1 christos } 95 1.1 christos 96 1.1 christos 97 1.1 christos int 98 1.1 christos ipf_p_tftp_new(arg, fin, aps, nat) 99 1.1 christos void *arg; 100 1.1 christos fr_info_t *fin; 101 1.1 christos ap_session_t *aps; 102 1.1 christos nat_t *nat; 103 1.1 christos { 104 1.1 christos udphdr_t *udp; 105 1.1 christos tftpinfo_t *ti; 106 1.1 christos 107 1.1 christos KMALLOC(ti, tftpinfo_t *); 108 1.1 christos if (ti == NULL) 109 1.1 christos return -1; 110 1.1 christos 111 1.1 christos aps->aps_data = ti; 112 1.1 christos aps->aps_psiz = sizeof(*ti); 113 1.1 christos ti->ti_lastcmd = 0; 114 1.1 christos 115 1.1 christos nat = nat; /* LINT */ 116 1.1 christos fin = fin; /* LINT */ 117 1.1 christos 118 1.1 christos udp = (udphdr_t *)fin->fin_dp; 119 1.1 christos aps->aps_sport = udp->uh_sport; 120 1.1 christos aps->aps_dport = udp->uh_dport; 121 1.1 christos return 0; 122 1.1 christos } 123 1.1 christos 124 1.1 christos 125 1.1 christos /* 126 1.1 christos * Setup for a new TFTP proxy. 127 1.1 christos */ 128 1.1 christos int 129 1.1 christos ipf_p_tftp_backchannel(fin, aps, nat) 130 1.1 christos fr_info_t *fin; 131 1.1 christos ap_session_t *aps; 132 1.1 christos nat_t *nat; 133 1.1 christos { 134 1.1 christos ipf_main_softc_t *softc = fin->fin_main_soft; 135 1.1 christos #ifdef USE_MUTEXES 136 1.1 christos ipf_nat_softc_t *softn = softc->ipf_nat_soft; 137 1.1 christos #endif 138 1.1 christos struct in_addr swip,swip2; 139 1.1 christos tftpinfo_t *ti; 140 1.1 christos udphdr_t *udp; 141 1.1 christos fr_info_t fi; 142 1.1 christos nat_t *nat2; 143 1.1 christos 144 1.1 christos ti = aps->aps_data; 145 1.1 christos udp = (udphdr_t *)fin->fin_dp; 146 1.1 christos /* 147 1.1 christos * Add skeleton NAT entry for connection which will come back the 148 1.1 christos * other way. 149 1.1 christos */ 150 1.1 christos bcopy((char *)fin, (char *)&fi, sizeof(fi)); 151 1.1 christos fi.fin_flx |= FI_IGNORE; 152 1.1 christos fi.fin_data[1] = 0; 153 1.1 christos if (nat->nat_dir == NAT_OUTBOUND) 154 1.1 christos nat2 = ipf_nat_outlookup(&fi, NAT_SEARCH|IPN_UDP, 155 1.1 christos nat->nat_pr[0], nat->nat_osrcip, 156 1.1 christos nat->nat_odstip); 157 1.1 christos else 158 1.1 christos nat2 = ipf_nat_inlookup(&fi, NAT_SEARCH|IPN_UDP, 159 1.1 christos nat->nat_pr[0], nat->nat_nsrcip, 160 1.1 christos nat->nat_odstip); 161 1.1 christos if (nat2 == NULL) { 162 1.1 christos u_short slen; 163 1.1 christos int nflags; 164 1.1 christos ip_t *ip; 165 1.1 christos 166 1.1 christos ip = fin->fin_ip; 167 1.1 christos slen = ip->ip_len; 168 1.1 christos ip->ip_len = htons(fin->fin_hlen + sizeof(*udp)); 169 1.1 christos bzero((char *)udp, sizeof(*udp)); 170 1.1 christos udp->uh_sport = htons(fi.fin_data[0]); 171 1.1 christos udp->uh_dport = 0; /* XXX - don't specify remote port */ 172 1.1 christos udp->uh_ulen = 0; 173 1.1 christos udp->uh_sum = 0; 174 1.1 christos fi.fin_dp = (char *)udp; 175 1.1 christos fi.fin_fr = &tftpfr; 176 1.1 christos fi.fin_dlen = sizeof(*udp); 177 1.1 christos fi.fin_plen = fi.fin_hlen + sizeof(*udp); 178 1.1 christos fi.fin_flx &= FI_LOWTTL|FI_FRAG|FI_TCPUDP|FI_OPTIONS|FI_IGNORE; 179 1.1 christos nflags = NAT_SLAVE|IPN_UDP|SI_W_DPORT; 180 1.1 christos 181 1.1 christos swip = ip->ip_src; 182 1.1 christos swip2 = ip->ip_dst; 183 1.1 christos fi.fin_fi.fi_saddr = nat->nat_osrcaddr; 184 1.1 christos ip->ip_src = nat->nat_osrcip; 185 1.1 christos fi.fin_fi.fi_daddr = nat->nat_odstaddr; 186 1.1 christos ip->ip_dst = nat->nat_odstip; 187 1.1 christos 188 1.1 christos if (nat->nat_dir == NAT_INBOUND) 189 1.1 christos nflags |= NAT_NOTRULEPORT; 190 1.1 christos 191 1.1 christos MUTEX_ENTER(&softn->ipf_nat_new); 192 1.1 christos nat2 = ipf_nat_add(&fi, nat->nat_ptr, &ti->ti_datanat, 193 1.1 christos nflags, nat->nat_dir); 194 1.1 christos MUTEX_EXIT(&softn->ipf_nat_new); 195 1.1 christos if (nat2 != NULL) { 196 1.1 christos (void) ipf_nat_proto(&fi, nat2, IPN_UDP); 197 1.1 christos ipf_nat_update(&fi, nat2); 198 1.1 christos fi.fin_ifp = NULL; 199 1.1 christos if (ipf_state_add(softc, &fi, &ti->ti_datastate, 200 1.1 christos SI_W_DPORT) != 0) { 201 1.1 christos ipf_nat_setpending(softc, nat2); 202 1.1 christos } 203 1.1 christos } 204 1.1 christos ip->ip_len = slen; 205 1.1 christos ip->ip_src = swip; 206 1.1 christos ip->ip_dst = swip2; 207 1.1 christos return 0; 208 1.1 christos } 209 1.1 christos return -1; 210 1.1 christos } 211 1.1 christos 212 1.1 christos 213 1.1 christos int 214 1.1 christos ipf_p_tftp_client(fin, aps, nat) 215 1.1 christos fr_info_t *fin; 216 1.1 christos ap_session_t *aps; 217 1.1 christos nat_t *nat; 218 1.1 christos { 219 1.1 christos u_char *msg, *s, *t; 220 1.1 christos tftpinfo_t *ti; 221 1.1 christos u_short opcode; 222 1.1 christos udphdr_t *udp; 223 1.1 christos int len; 224 1.1 christos 225 1.1 christos if (fin->fin_dlen < 4) 226 1.1 christos return 0; 227 1.1 christos 228 1.1 christos ti = aps->aps_data; 229 1.1 christos msg = fin->fin_dp; 230 1.1 christos msg += sizeof(udphdr_t); 231 1.1 christos opcode = (msg[0] << 8) | msg[1]; 232 1.1 christos 233 1.1 christos switch (opcode) 234 1.1 christos { 235 1.1 christos case TFTP_CMD_READ : 236 1.1 christos case TFTP_CMD_WRITE : 237 1.1 christos if (fin->fin_out != 0) 238 1.1 christos return -1; 239 1.1 christos len = fin->fin_dlen - sizeof(*udp) - 2; 240 1.1 christos if (len > sizeof(ti->ti_filename) - 1) 241 1.1 christos len = sizeof(ti->ti_filename) - 1; 242 1.1 christos s = msg + 2; 243 1.1 christos for (t = (u_char *)ti->ti_filename; (len > 0); len--, s++) { 244 1.1 christos *t++ = *s; 245 1.1 christos if (*s == '\0') 246 1.1 christos break; 247 1.1 christos } 248 1.1 christos break; 249 1.1 christos default : 250 1.1 christos return -1; 251 1.1 christos } 252 1.1 christos 253 1.1 christos ti = aps->aps_data; 254 1.1 christos ti->ti_lastcmd = opcode; 255 1.1 christos return 0; 256 1.1 christos } 257 1.1 christos 258 1.1 christos 259 1.1 christos int 260 1.1 christos ipf_p_tftp_server(fin, aps, nat) 261 1.1 christos fr_info_t *fin; 262 1.1 christos ap_session_t *aps; 263 1.1 christos nat_t *nat; 264 1.1 christos { 265 1.1 christos tftpinfo_t *ti; 266 1.1 christos u_short opcode; 267 1.1 christos u_short arg; 268 1.1 christos u_char *msg; 269 1.1 christos 270 1.1 christos if (fin->fin_dlen < 4) 271 1.1 christos return 0; 272 1.1 christos 273 1.1 christos ti = aps->aps_data; 274 1.1 christos msg = fin->fin_dp; 275 1.1 christos msg += sizeof(udphdr_t); 276 1.1 christos arg = (msg[2] << 8) | msg[3]; 277 1.1 christos opcode = (msg[0] << 8) | msg[1]; 278 1.1 christos 279 1.1 christos switch (opcode) 280 1.1 christos { 281 1.1 christos case TFTP_CMD_ACK : 282 1.1 christos /* This proxy should not see any ACKS for DATA blocks */ 283 1.1 christos if (fin->fin_out != 1) 284 1.1 christos return -1; 285 1.1 christos if ((arg == 0) && 286 1.1 christos (ti->ti_lastcmd == TFTP_CMD_READ || 287 1.1 christos ti->ti_lastcmd == TFTP_CMD_WRITE)) 288 1.1 christos ipf_p_tftp_backchannel(fin, aps, nat); 289 1.1 christos ti->ti_lastblk = arg; 290 1.1 christos break; 291 1.1 christos case TFTP_CMD_ERROR : 292 1.1 christos if (fin->fin_out != 1) 293 1.1 christos return -1; 294 1.1 christos ti->ti_lasterror = arg; 295 1.1 christos break; 296 1.1 christos default : 297 1.1 christos return -1; 298 1.1 christos } 299 1.1 christos 300 1.1 christos ti->ti_lastcmd = opcode; 301 1.1 christos return 0; 302 1.1 christos } 303
Indexes created Sat Sep 27 14:09:57 GMT 2025