hardenedbsd/HardenedBSD
1
0
Fork 0
mirror of https://git.hardenedbsd.org/hardenedbsd/HardenedBSD.git synced 2024-11-15 23:05:49 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

fix up conflicts

Browse Source
This commit is contained in:
Darren Reed 2000-05-24 04:40:17 +00:00
parent af7b56f450
commit 6e067727a7
Notes: svn2git 2020-12-20 02:59:44 +00:00 
svn path=/head/; revision=60857
11 changed files with 639 additions and 174 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
sys/netinet/fil.c
View File

@ -1503,7 +1503,7 @@ int set;
KMALLOC(fg, frgroup_t *);
if (fg) {
fg->fg_num = num & 0xffff;
fg->fg_num = num;
fg->fg_next = *fgp;
fg->fg_head = fp;
fg->fg_start = &fp->fr_grp;

1
sys/netinet/ip_auth.c
View File

@ -391,6 +391,7 @@ fr_authioctlloop:
if (error)
return error;
WRITE_ENTER(&ipf_auth);
i = au->fra_index;
if ((i < 0) || (i > FR_NUMAUTH) ||
(fr_auth[i].fra_info.fin_id != au->fra_info.fin_id)) {
RWLOCK_EXIT(&ipf_auth);

222
sys/netinet/ip_compat.h
View File

@ -1,5 +1,5 @@
/*
* Copyright (C) 1993-1998 by Darren Reed.
* Copyright (C) 1993-2000 by Darren Reed.
*
* Redistribution and use in source and binary forms are permitted
* provided that this notice is preserved and due credit is given
@ -28,6 +28,11 @@
#ifndef SOLARIS
#define SOLARIS (defined(sun) && (defined(__svr4__) || defined(__SVR4)))
#endif
#if SOLARIS2 >= 8
# ifndef USE_INET6
# define USE_INET6
# endif
#endif
#if defined(_KERNEL) || defined(KERNEL) || defined(__KERNEL__)
# undef KERNEL
@ -91,19 +96,29 @@ struct ether_addr {
# ifndef KERNEL
# define _KERNEL
# undef RES_INIT
# if SOLARIS2 >= 8
# include <netinet/ip6.h>
# endif
# include <inet/common.h>
# include <inet/ip.h>
# include <inet/ip_ire.h>
# undef _KERNEL
# else /* _KERNEL */
# if SOLARIS2 >= 8
# include <netinet/ip6.h>
# endif
# include <inet/common.h>
# include <inet/ip.h>
# include <inet/ip_ire.h>
# endif /* _KERNEL */
# if SOLARIS2 >= 8
# include <inet/ip_if.h>
# include <netinet/ip6.h>
# include <inet/ip6.h>
# define ipif_local_addr ipif_lcl_addr
/* Only defined in private include file */
# ifndef V4_PART_OF_V6
# define V4_PART_OF_V6(v6) v6.s6_addr32[3]
# endif
# endif
#else
# if !defined(__sgi)
@ -125,12 +140,25 @@ typedef int minor_t;
# define QUAD_T long
#endif /* BSD > 199306 */
/*
* These operating systems already take care of the problem for us.
*/
#if defined(__NetBSD__) || defined(__OpenBSD__) || defined(__FreeBSD__) || \
defined(__sgi)
typedef u_int32_t u_32_t;
# if defined(_KERNEL) && !defined(IPFILTER_LKM)
# if defined(__NetBSD_Version__) && (__NetBSD_Version__ >= 104110000)
# include "opt_inet.h"
# endif
# if defined(__FreeBSD_version) && (__FreeBSD_version >= 400000) && \
!defined(KLD_MODULE)
# include "opt_inet6.h"
# endif
# ifdef INET6
# define USE_INET6
# endif
# endif
#else
/*
* Really, any arch where sizeof(long) != sizeof(int).
@ -138,10 +166,38 @@ typedef u_int32_t u_32_t;
# if defined(__alpha__) || defined(__alpha) || defined(_LP64)
typedef unsigned int u_32_t;
# else
typedef unsigned long u_32_t;
# if SOLARIS2 >= 6
typedef uint32_t u_32_t;
# else
typedef unsigned int u_32_t;
# endif
# endif
#endif /* __NetBSD__ || __OpenBSD__ || __FreeBSD__ || __sgi */
#ifdef USE_INET6
# if defined(__NetBSD__) || defined(__OpenBSD__) || defined(__FreeBSD__)
# include <netinet/ip6.h>
# ifdef _KERNEL
# include <netinet6/ip6_var.h>
# endif
typedef struct ip6_hdr ip6_t;
# endif
union i6addr {
u_32_t i6[4];
struct in_addr in4;
struct in6_addr in6;
};
#else
union i6addr {
u_32_t i6[4];
struct in_addr in4;
};
#endif
#define IP6CMP(a,b) bcmp((char *)&(a), (char *)&(b), sizeof(a))
#define IP6EQ(a,b) (bcmp((char *)&(a), (char *)&(b), sizeof(a)) == 0)
#define IP6NEQ(a,b) (bcmp((char *)&(a), (char *)&(b), sizeof(a)) != 0)
#ifndef MAX
#define MAX(a,b) (((a) > (b)) ? (a) : (b))
#endif
@ -203,12 +259,15 @@ typedef unsigned long u_32_t;
#define IPOPT_FINN 205 /* FINN */
#if defined(__FreeBSD__) && defined(KERNEL)
#if defined(__FreeBSD__) && (defined(KERNEL) || defined(_KERNEL))
# if __FreeBSD__ < 3
# include <machine/spl.h>
# endif
# if defined(IPFILTER_LKM) && !defined(ACTUALLY_LKM_NOT_KERNEL)
# define ACTUALLY_LKM_NOT_KERNEL
# else
# if __FreeBSD__ == 3
# if defined(IPFILTER_LKM) && !defined(ACTUALLY_LKM_NOT_KERNEL)
# define ACTUALLY_LKM_NOT_KERNEL
# endif
# endif
# endif
#endif /* __FreeBSD__ && KERNEL */
@ -216,12 +275,39 @@ typedef unsigned long u_32_t;
* Build some macros and #defines to enable the same code to compile anywhere
* Well, that's the idea, anyway :-)
*/
#if !SOLARIS || (SOLARIS2 < 6) || !defined(KERNEL)
# define ATOMIC_INCL ATOMIC_INC
# define ATOMIC_INC64 ATOMIC_INC
# define ATOMIC_INC32 ATOMIC_INC
# define ATOMIC_INC16 ATOMIC_INC
# define ATOMIC_DECL ATOMIC_DEC
# define ATOMIC_DEC64 ATOMIC_DEC
# define ATOMIC_DEC32 ATOMIC_DEC
# define ATOMIC_DEC16 ATOMIC_DEC
#endif
#ifdef KERNEL
# if SOLARIS
# define ATOMIC_INC(x) { mutex_enter(&ipf_rw); (x)++; \
# if SOLARIS2 >= 6
# include <sys/atomic.h>
# if SOLARIS2 == 6
# define ATOMIC_INCL(x) atomic_add_long((uint32_t*)&(x), 1)
# define ATOMIC_DECL(x) atomic_add_long((uint32_t*)&(x), -1)
# else
# define ATOMIC_INCL(x) atomic_add_long(&(x), 1)
# define ATOMIC_DECL(x) atomic_add_long(&(x), -1)
# endif
# define ATOMIC_INC64(x) atomic_add_64((uint64_t*)&(x), 1)
# define ATOMIC_INC32(x) atomic_add_32((uint32_t*)&(x), 1)
# define ATOMIC_INC16(x) atomic_add_16((uint16_t*)&(x), 1)
# define ATOMIC_DEC64(x) atomic_add_64((uint64_t*)&(x), -1)
# define ATOMIC_DEC32(x) atomic_add_32((uint32_t*)&(x), -1)
# define ATOMIC_DEC16(x) atomic_add_16((uint16_t*)&(x), -1)
# else
# define ATOMIC_INC(x) { mutex_enter(&ipf_rw); (x)++; \
mutex_exit(&ipf_rw); }
# define ATOMIC_DEC(x) { mutex_enter(&ipf_rw); (x)--; \
# define ATOMIC_DEC(x) { mutex_enter(&ipf_rw); (x)--; \
mutex_exit(&ipf_rw); }
# endif
# define MUTEX_ENTER(x) mutex_enter(x)
# if 1
# define KRWLOCK_T krwlock_t
@ -244,10 +330,14 @@ typedef unsigned long u_32_t;
# define RWLOCK_EXIT(x) mutex_exit(x)
# define RW_DESTROY(x) mutex_destroy(x)
# endif
# define MUTEX_INIT(x, y, z) mutex_init((x), (y), MUTEX_DRIVER, (z))
# define MUTEX_DESTROY(x) mutex_destroy(x)
# define MUTEX_EXIT(x) mutex_exit(x)
# define MTOD(m,t) (t)((m)->b_rptr)
# define IRCOPY(a,b,c) copyin((a), (b), (c))
# define IWCOPY(a,b,c) copyout((a), (b), (c))
# define IRCOPYPTR ircopyptr
# define IWCOPYPTR iwcopyptr
# define FREE_MB_T(m) freemsg(m)
# define SPL_NET(x) ;
# define SPL_IMP(x) ;
@ -283,9 +373,11 @@ typedef struct qif {
* in case the ILL has disappeared...
*/
size_t qf_hl; /* header length */
int qf_sap;
} qif_t;
extern ill_t *get_unit __P((char *));
# define GETUNIT(n) get_unit((n))
extern ill_t *get_unit __P((char *, int));
# define GETUNIT(n, v) get_unit(n, v)
# define IFNAME(x) ((ill_t *)x)->ill_name
# else /* SOLARIS */
# if defined(__sgi)
# define hz HZ
@ -307,35 +399,48 @@ typedef struct {
# define WRITE_ENTER(x) MUTEX_ENTER(x)
# define RW_UPGRADE(x) ;
# define MUTEX_DOWNGRADE(x) ;
# define RWLOCK_EXIT(x) MUTEX_EXIT(x)
# define MUTEX_EXIT(x) UNLOCK((x)->l, (x)->pl);
# define RWLOCK_EXIT(x) MUTEX_EXIT(x)
# define MUTEX_EXIT(x) UNLOCK((x)->l, (x)->pl);
# define MUTEX_INIT(x,y,z) (x).l = LOCK_ALLOC((uchar_t)-1, IPF_LOCK_PL, (lkinfo_t *)-1, KM_NOSLEEP)
# define MUTEX_DESTROY(x) LOCK_DEALLOC((x).l)
# else /* __sgi */
# define ATOMIC_INC(x) (x)++
# define ATOMIC_DEC(x) (x)--
# define MUTEX_ENTER(x) ;
# define READ_ENTER(x) ;
# define WRITE_ENTER(x) ;
# define RW_UPGRADE(x) ;
# define READ_ENTER(x) ;
# define WRITE_ENTER(x) ;
# define RW_UPGRADE(x) ;
# define MUTEX_DOWNGRADE(x) ;
# define RWLOCK_EXIT(x) ;
# define MUTEX_EXIT(x) ;
# define RWLOCK_EXIT(x) ;
# define MUTEX_EXIT(x) ;
# define MUTEX_INIT(x,y,z) ;
# define MUTEX_DESTROY(x) ;
# endif /* __sgi */
# ifndef linux
# define FREE_MB_T(m) m_freem(m)
# define MTOD(m,t) mtod(m,t)
# define IRCOPY(a,b,c) bcopy((a), (b), (c))
# define IWCOPY(a,b,c) bcopy((a), (b), (c))
# define IRCOPY(a,b,c) (bcopy((a), (b), (c)), 0)
# define IWCOPY(a,b,c) (bcopy((a), (b), (c)), 0)
# define IRCOPYPTR ircopyptr
# define IWCOPYPTR iwcopyptr
# endif /* !linux */
# endif /* SOLARIS */
# ifdef sun
# if !SOLARIS
# include <sys/kmem_alloc.h>
# define GETUNIT(n) ifunit((n), IFNAMSIZ)
# define GETUNIT(n, v) ifunit(n, IFNAMSIZ)
# define IFNAME(x) ((struct ifnet *)x)->if_name
# endif
# else
# ifndef linux
# define GETUNIT(n) ifunit((n))
# define GETUNIT(n, v) ifunit(n)
# if (defined(NetBSD) && (NetBSD <= 1991011) && (NetBSD >= 199606)) || \
(defined(OpenBSD) && (OpenBSD >= 199603))
# define IFNAME(x) ((struct ifnet *)x)->if_xname
# else
# define IFNAME(x) ((struct ifnet *)x)->if_name
# endif
# endif
# endif /* sun */
@ -409,6 +514,8 @@ extern vm_map_t kmem_map;
# define ATOMIC_DEC(x) (x)--
# define MUTEX_ENTER(x) ;
# define READ_ENTER(x) ;
# define MUTEX_INIT(x,y,z) ;
# define MUTEX_DESTROY(x) ;
# define WRITE_ENTER(x) ;
# define RW_UPGRADE(x) ;
# define MUTEX_DOWNGRADE(x) ;
@ -422,9 +529,11 @@ extern vm_map_t kmem_map;
# define KMALLOCS(a,b,c) (a) = (b)malloc(c)
# define KFREE(x) free(x)
# define KFREES(x,s) free(x)
# define GETUNIT(x) get_unit(x)
# define IRCOPY(a,b,c) bcopy((a), (b), (c))
# define IWCOPY(a,b,c) bcopy((a), (b), (c))
# define GETUNIT(x, v) get_unit(x,v)
# define IRCOPY(a,b,c) (bcopy((a), (b), (c)), 0)
# define IWCOPY(a,b,c) (bcopy((a), (b), (c)), 0)
# define IRCOPYPTR ircopyptr
# define IWCOPYPTR iwcopyptr
#endif /* KERNEL */
#if SOLARIS
@ -746,7 +855,7 @@ typedef struct uio {
# define if_name name
# ifdef KERNEL
# define GETUNIT(x) dev_get(x)
# define GETUNIT(x, v) dev_get(x)
# define FREE_MB_T(m) kfree_skb(m, FREE_WRITE)
# define uniqtime do_gettimeofday
# undef INT_MAX
@ -768,16 +877,50 @@ typedef struct uio {
# define KMALLOCS(a,b,c) (a) = (b)kmalloc((c), GFP_ATOMIC)
# define KFREE(x) kfree_s((x), sizeof(*(x)))
# define KFREES(x,s) kfree_s((x), (s))
# define IRCOPY(a,b,c) { \
error = verify_area(VERIFY_READ, (a) ,(c)); \
if (!error) \
memcpy_fromfs((b), (a), (c)); \
}
# define IWCOPY(a,b,c) { \
error = verify_area(VERIFY_WRITE, (b), (c)); \
if (!error) \
memcpy_tofs((b), (a), (c)); \
}
#define IRCOPY(const void *a, void *b, size_t c) { \
int error; \
error = verify_area(VERIFY_READ, a ,c); \
if (!error) \
memcpy_fromfs(b, a, c); \
return error; \
}
static inline int IWCOPY(const void *a, void *b, size_t c)
{
int error;
error = verify_area(VERIFY_WRITE, b, c);
if (!error)
memcpy_tofs(b, a, c);
return error;
}
static inline int IRCOPYPTR(const void *a, void *b, size_t c) {
caddr_t ca;
int error;
error = verify_area(VERIFY_READ, a ,sizeof(ca));
if (!error) {
memcpy_fromfs(ca, a, sizeof(ca));
error = verify_area(VERIFY_READ, ca , c);
if (!error)
memcpy_fromfs(b, ca, c);
}
return error;
}
static inline int IWCOPYPTR(const void *a, void *b, size_t c) {
caddr_t ca;
int error;
error = verify_area(VERIFY_READ, b ,sizeof(ca));
if (!error) {
memcpy_fromfs(ca, b, sizeof(ca));
error = verify_area(VERIFY_WRITE, ca, c);
if (!error)
memcpy_tofs(ca, a, c);
}
return error;
}
# else
# define __KERNEL__
# undef INT_MAX
@ -818,12 +961,18 @@ struct ether_addr {
#define A_A &
#endif
#define TCPF_ALL (TH_FIN|TH_SYN|TH_RST|TH_PUSH|TH_ACK|TH_URG)
#ifndef ICMP_ROUTERADVERT
# define ICMP_ROUTERADVERT 9
#endif
#ifndef ICMP_ROUTERSOLICIT
# define ICMP_ROUTERSOLICIT 10
#endif
#undef ICMP_MAX_UNREACH
#define ICMP_MAX_UNREACH 14
#undef ICMP_MAXTYPE
#define ICMP_MAXTYPE 18
/*
* ICMP error replies have an IP header (20 bytes), 8 bytes of ICMP data,
* another IP header and then 64 bits of data, totalling 56. Of course,
@ -833,5 +982,6 @@ struct ether_addr {
#define ICMPERR_IPICMPHLEN (20 + 8)
#define ICMPERR_MINPKTLEN (20 + 8 + 20)
#define ICMPERR_MAXPKTLEN (20 + 8 + 20 + 8)
#define ICMP6ERR_MINPKTLEN (20 + 8)
#endif /* __IP_COMPAT_H__ */

519
sys/netinet/ip_ftp_pxy.c
View File

@ -8,6 +8,7 @@ extern kmutex_t ipf_rw;
#endif
#define isdigit(x) ((x) >= '0' && (x) <= '9')
#define isupper(x) ((unsigned)((x) - 'A') <= 'Z' - 'A')
#define IPF_FTP_PROXY
@ -15,17 +16,24 @@ extern kmutex_t ipf_rw;
#define IPF_MAXPORTLEN 30
#define IPF_MIN227LEN 39
#define IPF_MAX227LEN 51
#define IPF_FTPBUFSZ 96 /* This *MUST* be >= 53! */
int ippr_ftp_init __P((void));
int ippr_ftp_out __P((fr_info_t *, ip_t *, ap_session_t *, nat_t *));
int ippr_ftp_client __P((fr_info_t *, ip_t *, nat_t *, ftpinfo_t *, int));
int ippr_ftp_complete __P((char *, size_t));
int ippr_ftp_in __P((fr_info_t *, ip_t *, ap_session_t *, nat_t *));
int ippr_ftp_portmsg __P((fr_info_t *, ip_t *, nat_t *));
int ippr_ftp_pasvmsg __P((fr_info_t *, ip_t *, nat_t *));
u_short ipf_ftp_atoi __P((char **));
int ippr_ftp_init __P((void));
int ippr_ftp_new __P((fr_info_t *, ip_t *, ap_session_t *, nat_t *));
int ippr_ftp_out __P((fr_info_t *, ip_t *, ap_session_t *, nat_t *));
int ippr_ftp_pasv __P((fr_info_t *, ip_t *, nat_t *, ftpside_t *, int));
int ippr_ftp_port __P((fr_info_t *, ip_t *, nat_t *, ftpside_t *, int));
int ippr_ftp_process __P((fr_info_t *, ip_t *, nat_t *, ftpinfo_t *, int));
int ippr_ftp_server __P((fr_info_t *, ip_t *, nat_t *, ftpinfo_t *, int));
int ippr_ftp_valid __P((char *, size_t));
u_short ippr_ftp_atoi __P((char **));
static frentry_t natfr;
int ippr_ftp_pasvonly = 0;
/*
@ -40,48 +48,47 @@ int ippr_ftp_init()
}
/*
* ipf_ftp_atoi - implement a version of atoi which processes numbers in
* pairs separated by commas (which are expected to be in the range 0 - 255),
* returning a 16 bit number combining either side of the , as the MSB and
* LSB.
*/
u_short ipf_ftp_atoi(ptr)
char **ptr;
int ippr_ftp_new(fin, ip, aps, nat)
fr_info_t *fin;
ip_t *ip;
ap_session_t *aps;
nat_t *nat;
{
register char *s = *ptr, c;
register u_char i = 0, j = 0;
ftpinfo_t *ftp;
ftpside_t *f;
while ((c = *s++) && isdigit(c)) {
i *= 10;
i += c - '0';
}
if (c != ',') {
*ptr = NULL;
return 0;
}
while ((c = *s++) && isdigit(c)) {
j *= 10;
j += c - '0';
}
*ptr = s;
return (i << 8) | j;
KMALLOC(ftp, ftpinfo_t *);
if (ftp == NULL)
return -1;
aps->aps_data = ftp;
aps->aps_psiz = sizeof(ftpinfo_t);
bzero((char *)ftp, sizeof(*ftp));
f = &ftp->ftp_side[0];
f->ftps_rptr = f->ftps_buf;
f->ftps_wptr = f->ftps_buf;
f = &ftp->ftp_side[1];
f->ftps_rptr = f->ftps_buf;
f->ftps_wptr = f->ftps_buf;
return 0;
}
int ippr_ftp_portmsg(fin, ip, nat)
int ippr_ftp_port(fin, ip, nat, f, dlen)
fr_info_t *fin;
ip_t *ip;
nat_t *nat;
ftpside_t *f;
int dlen;
{
char portbuf[IPF_MAXPORTLEN + 1], newbuf[IPF_MAXPORTLEN + 1], *s;
tcphdr_t *tcp, tcph, *tcp2 = &tcph;
size_t nlen = 0, dlen, olen;
char newbuf[IPF_FTPBUFSZ], *s;
u_short a5, a6, sp, dp;
u_int a1, a2, a3, a4;
struct in_addr swip;
int off, inc = 0;
size_t nlen, olen;
fr_info_t fi;
int inc, off;
nat_t *ipn;
mb_t *m;
#if SOLARIS
@ -89,46 +96,34 @@ nat_t *nat;
#endif
tcp = (tcphdr_t *)fin->fin_dp;
bzero(portbuf, sizeof(portbuf));
off = (ip->ip_hl << 2) + (tcp->th_off << 2);
#if SOLARIS
m = fin->fin_qfm;
dlen = msgdsize(m) - off;
if (dlen > 0)
copyout_mblk(m, off, MIN(sizeof(portbuf), dlen), portbuf);
#else
m = *(mb_t **)fin->fin_mp;
dlen = mbufchainlen(m) - off;
if (dlen > 0)
m_copydata(m, off, MIN(sizeof(portbuf), dlen), portbuf);
#endif
if (dlen == 0)
off = f->ftps_seq - ntohl(tcp->th_seq);
if (off < 0)
return 0;
portbuf[sizeof(portbuf) - 1] = '\0';
*newbuf = '\0';
if (!strncmp(portbuf, "PORT ", 5)) {
if (dlen < IPF_MINPORTLEN)
return 0;
} else
/*
* Check for client sending out PORT message.
*/
if (dlen < IPF_MINPORTLEN)
return 0;
/*
* Count the number of bytes in the PORT message is.
*/
if (off < 0)
return 0;
off += fin->fin_hlen + (tcp->th_off << 2);
/*
* Skip the PORT command + space
*/
s = portbuf + 5;
s = f->ftps_rptr + 5;
/*
* Pick out the address components, two at a time.
*/
a1 = ipf_ftp_atoi(&s);
a1 = ippr_ftp_atoi(&s);
if (!s)
return 0;
a2 = ipf_ftp_atoi(&s);
a2 = ippr_ftp_atoi(&s);
if (!s)
return 0;
/*
* check that IP address in the PORT/PASV reply is the same as the
* sender of the command - prevents using PORT for port scanning.
@ -138,7 +133,7 @@ nat_t *nat;
if (a1 != ntohl(nat->nat_inip.s_addr))
return 0;
a5 = ipf_ftp_atoi(&s);
a5 = ippr_ftp_atoi(&s);
if (!s)
return 0;
if (*s == ')')
@ -163,13 +158,18 @@ nat_t *nat;
a3 = (a1 >> 8) & 0xff;
a4 = a1 & 0xff;
a1 >>= 24;
olen = s - portbuf;
olen = s - f->ftps_rptr;
/* DO NOT change this to sprintf! */
(void) sprintf(newbuf, "%s %u,%u,%u,%u,%u,%u\r\n",
"PORT", a1, a2, a3, a4, a5, a6);
nlen = strlen(newbuf);
inc = nlen - olen;
if ((inc + ip->ip_len) > 65535)
return 0;
#if SOLARIS
m = fin->fin_qfm;
for (m1 = m; m1->b_cont; m1 = m1->b_cont)
;
if ((inc > 0) && (m1->b_datap->db_lim - m1->b_wptr < inc)) {
@ -195,6 +195,7 @@ nat_t *nat;
}
copyin_mblk(m, off, nlen, newbuf);
#else
m = *((mb_t **)fin->fin_mp);
if (inc < 0)
m_adj(m, inc);
/* the mbuf chain will be extended if necessary by m_copyback() */
@ -223,6 +224,12 @@ nat_t *nat;
* other way.
*/
sp = htons(a5 << 8 | a6);
/*
* Don't allow the PORT command to specify a port < 1024 due to
* security crap.
*/
if (ntohs(sp) < 1024)
return 0;
/*
* The server may not make the connection back from port 20, but
* it is the most likely so use it here to check for a conflicting
@ -232,10 +239,15 @@ nat_t *nat;
ipn = nat_outlookup(fin->fin_ifp, IPN_TCP, nat->nat_p, nat->nat_inip,
ip->ip_dst, (dp << 16) | sp);
if (ipn == NULL) {
int slen;
slen = ip->ip_len;
ip->ip_len = fin->fin_hlen + sizeof(*tcp2);
bcopy((char *)fin, (char *)&fi, sizeof(fi));
bzero((char *)tcp2, sizeof(*tcp2));
tcp2->th_win = htons(8192);
tcp2->th_sport = sp;
tcp2->th_off = 5;
tcp2->th_dport = 0; /* XXX - don't specify remote port */
fi.fin_data[0] = ntohs(sp);
fi.fin_data[1] = 0;
@ -248,82 +260,92 @@ nat_t *nat;
ipn->nat_age = fr_defnatage;
(void) fr_addstate(ip, &fi, FI_W_DPORT);
}
ip->ip_len = slen;
ip->ip_src = swip;
}
return inc;
}
int ippr_ftp_out(fin, ip, aps, nat)
int ippr_ftp_client(fin, ip, nat, ftp, dlen)
fr_info_t *fin;
ip_t *ip;
ap_session_t *aps;
nat_t *nat;
ftpinfo_t *ftp;
ip_t *ip;
int dlen;
{
return ippr_ftp_portmsg(fin, ip, nat);
char *rptr, *wptr;
ftpside_t *f;
int inc;
inc = 0;
f = &ftp->ftp_side[0];
rptr = f->ftps_rptr;
wptr = f->ftps_wptr;
if ((ftp->ftp_passok == 0) && !strncmp(rptr, "USER ", 5))
ftp->ftp_passok = 1;
else if ((ftp->ftp_passok == 2) && !strncmp(rptr, "PASS ", 5))
ftp->ftp_passok = 3;
else if ((ftp->ftp_passok == 4) && !ippr_ftp_pasvonly &&
!strncmp(rptr, "PORT ", 5)) {
inc = ippr_ftp_port(fin, ip, nat, f, dlen);
}
while ((*rptr++ != '\n') && (rptr < wptr))
;
f->ftps_seq += rptr - f->ftps_rptr;
f->ftps_rptr = rptr;
return inc;
}
int ippr_ftp_pasvmsg(fin, ip, nat)
int ippr_ftp_pasv(fin, ip, nat, f, dlen)
fr_info_t *fin;
ip_t *ip;
nat_t *nat;
ftpside_t *f;
int dlen;
{
char portbuf[IPF_MAX227LEN + 1], newbuf[IPF_MAX227LEN + 1], *s;
int off, olen, dlen, nlen = 0, inc = 0;
tcphdr_t tcph, *tcp2 = &tcph;
tcphdr_t *tcp, tcph, *tcp2 = &tcph;
struct in_addr swip, swip2;
u_short a5, a6, dp, sp;
u_short a5, a6, sp, dp;
u_int a1, a2, a3, a4;
tcphdr_t *tcp;
fr_info_t fi;
int inc, off;
nat_t *ipn;
mb_t *m;
#if SOLARIS
mb_t *m1;
#endif
char *s;
/*
* Check for PASV reply message.
*/
if (dlen < IPF_MIN227LEN)
return 0;
else if (strncmp(f->ftps_rptr, "227 Entering Passive Mode", 25))
return 0;
/*
* Count the number of bytes in the 227 reply is.
*/
tcp = (tcphdr_t *)fin->fin_dp;
off = (ip->ip_hl << 2) + (tcp->th_off << 2);
m = *(mb_t **)fin->fin_mp;
bzero(portbuf, sizeof(portbuf));
#if SOLARIS
m = fin->fin_qfm;
dlen = msgdsize(m) - off;
if (dlen > 0)
copyout_mblk(m, off, MIN(sizeof(portbuf), dlen), portbuf);
#else
dlen = mbufchainlen(m) - off;
if (dlen > 0)
m_copydata(m, off, MIN(sizeof(portbuf), dlen), portbuf);
#endif
if (dlen == 0)
off = f->ftps_seq - ntohl(tcp->th_seq);
if (off < 0)
return 0;
portbuf[sizeof(portbuf) - 1] = '\0';
*newbuf = '\0';
if (!strncmp(portbuf, "227 ", 4)) {
if (dlen < IPF_MIN227LEN)
return 0;
else if (strncmp(portbuf, "227 Entering Passive Mode", 25))
return 0;
} else
return 0;
off += fin->fin_hlen + (tcp->th_off << 2);
/*
* Skip the PORT command + space
*/
s = portbuf + 25;
s = f->ftps_rptr + 25;
while (*s && !isdigit(*s))
s++;
/*
* Pick out the address components, two at a time.
*/
a1 = ipf_ftp_atoi(&s);
a1 = ippr_ftp_atoi(&s);
if (!s)
return 0;
a2 = ipf_ftp_atoi(&s);
a2 = ippr_ftp_atoi(&s);
if (!s)
return 0;
@ -336,7 +358,7 @@ nat_t *nat;
if (a1 != ntohl(nat->nat_oip.s_addr))
return 0;
a5 = ipf_ftp_atoi(&s);
a5 = ippr_ftp_atoi(&s);
if (!s)
return 0;
@ -361,13 +383,18 @@ nat_t *nat;
a3 = (a1 >> 8) & 0xff;
a4 = a1 & 0xff;
a1 >>= 24;
olen = s - portbuf;
inc = 0;
#if 0
olen = s - f->ftps_rptr;
(void) sprintf(newbuf, "%s %u,%u,%u,%u,%u,%u\r\n",
"227 Entering Passive Mode", a1, a2, a3, a4, a5, a6);
nlen = strlen(newbuf);
inc = nlen - olen;
if ((inc + ip->ip_len) > 65535)
return 0;
#if SOLARIS
m = fin->fin_qfm;
for (m1 = m; m1->b_cont; m1 = m1->b_cont)
;
if ((inc > 0) && (m1->b_datap->db_lim - m1->b_wptr < inc)) {
@ -388,12 +415,13 @@ nat_t *nat;
} else {
m1->b_wptr += inc;
}
copyin_mblk(m, off, nlen, newbuf);
/*copyin_mblk(m, off, nlen, newbuf);*/
#else
m = *((mb_t **)fin->fin_mp);
if (inc < 0)
m_adj(m, inc);
/* the mbuf chain will be extended if necessary by m_copyback() */
m_copyback(m, off, nlen, newbuf);
/*m_copyback(m, off, nlen, newbuf);*/
#endif
if (inc != 0) {
#if SOLARIS || defined(__sgi)
@ -412,6 +440,7 @@ nat_t *nat;
#endif
ip->ip_len += inc;
}
#endif
/*
* Add skeleton NAT entry for connection which will come back the
@ -422,10 +451,15 @@ nat_t *nat;
ipn = nat_outlookup(fin->fin_ifp, IPN_TCP, nat->nat_p, nat->nat_inip,
ip->ip_dst, (dp << 16) | sp);
if (ipn == NULL) {
int slen;
slen = ip->ip_len;
ip->ip_len = fin->fin_hlen + sizeof(*tcp2);
bcopy((char *)fin, (char *)&fi, sizeof(fi));
bzero((char *)tcp2, sizeof(*tcp2));
tcp2->th_win = htons(8192);
tcp2->th_sport = 0; /* XXX - fake it for nat_new */
tcp2->th_off = 5;
fi.fin_data[0] = a5 << 8 | a6;
tcp2->th_dport = htons(fi.fin_data[0]);
fi.fin_data[1] = 0;
@ -440,6 +474,7 @@ nat_t *nat;
ipn->nat_age = fr_defnatage;
(void) fr_addstate(ip, &fi, FI_W_SPORT);
}
ip->ip_len = slen;
ip->ip_src = swip;
ip->ip_dst = swip2;
}
@ -447,12 +482,274 @@ nat_t *nat;
}
int ippr_ftp_server(fin, ip, nat, ftp, dlen)
fr_info_t *fin;
ip_t *ip;
nat_t *nat;
ftpinfo_t *ftp;
int dlen;
{
char *rptr, *wptr;
ftpside_t *f;
int inc;
inc = 0;
f = &ftp->ftp_side[1];
rptr = f->ftps_rptr;
wptr = f->ftps_wptr;
if ((ftp->ftp_passok == 1) && !strncmp(rptr, "331", 3))
ftp->ftp_passok = 2;
else if ((ftp->ftp_passok == 3) && !strncmp(rptr, "230", 3))
ftp->ftp_passok = 4;
else if ((ftp->ftp_passok == 3) && !strncmp(rptr, "530", 3))
ftp->ftp_passok = 0;
else if ((ftp->ftp_passok == 4) && !strncmp(rptr, "227 ", 4)) {
inc = ippr_ftp_pasv(fin, ip, nat, f, dlen);
}
while ((*rptr++ != '\n') && (rptr < wptr))
;
f->ftps_seq += rptr - f->ftps_rptr;
f->ftps_rptr = rptr;
return inc;
}
/*
* Look to see if the buffer starts with something which we recognise as
* being the correct syntax for the FTP protocol.
*/
int ippr_ftp_valid(buf, len)
char *buf;
size_t len;
{
register char *s, c;
register size_t i = len;
if (i < 5)
return 2;
s = buf;
c = *s++;
i--;
if (isdigit(c)) {
c = *s++;
i--;
if (isdigit(c)) {
c = *s++;
i--;
if (isdigit(c)) {
c = *s++;
i--;
if ((c != '-') && (c != ' '))
return 1;
} else
return 1;
} else
return 1;
} else if (isupper(c)) {
c = *s++;
i--;
if (isupper(c)) {
c = *s++;
i--;
if (isupper(c)) {
c = *s++;
i--;
if (isupper(c)) {
c = *s++;
i--;
if ((c != ' ') && (c != '\r'))
return 1;
} else if ((c != ' ') && (c != '\r'))
return 1;
} else
return 1;
} else
return 1;
} else
return 1;
for (; i; i--) {
c = *s++;
if (c == '\n')
return 0;
}
return 2;
}
int ippr_ftp_process(fin, ip, nat, ftp, rv)
fr_info_t *fin;
ip_t *ip;
nat_t *nat;
ftpinfo_t *ftp;
int rv;
{
int mlen, len, off, inc, i;
char *rptr, *wptr;
tcphdr_t *tcp;
ftpside_t *f;
mb_t *m;
tcp = (tcphdr_t *)fin->fin_dp;
off = fin->fin_hlen + (tcp->th_off << 2);
#if SOLARIS
m = fin->fin_qfm;
#else
m = *((mb_t **)fin->fin_mp);
#endif
#if SOLARIS
mlen = msgdsize(m) - off;
#else
mlen = mbufchainlen(m) - off;
#endif
if (!mlen)
return 0;
inc = 0;
f = &ftp->ftp_side[rv];
rptr = f->ftps_rptr;
wptr = f->ftps_wptr;
if ((wptr == f->ftps_buf) && (f->ftps_seq <= ntohl(tcp->th_seq)))
f->ftps_seq = ntohl(tcp->th_seq);
/*
* XXX - Ideally, this packet should get dropped because we now know
* that it is out of order (and there is no real danger in doing so
* apart from causing packets to go through here ordered).
*/
if (ntohl(tcp->th_seq) != f->ftps_seq + (wptr - rptr)) {
return APR_ERR(0);
}
while (mlen > 0) {
len = MIN(mlen, FTP_BUFSZ / 2);
#if SOLARIS
copyout_mblk(m, off, len, wptr);
#else
m_copydata(m, off, len, wptr);
#endif
mlen -= len;
off += len;
wptr += len;
f->ftps_wptr = wptr;
if (f->ftps_junk == 2)
f->ftps_junk = ippr_ftp_valid(rptr, wptr - rptr);
while ((f->ftps_junk == 0) && (wptr > rptr)) {
f->ftps_junk = ippr_ftp_valid(rptr, wptr - rptr);
if (f->ftps_junk == 0) {
len = wptr - rptr;
f->ftps_rptr = rptr;
if (rv)
inc += ippr_ftp_server(fin, ip, nat,
ftp, len);
else
inc += ippr_ftp_client(fin, ip, nat,
ftp, len);
rptr = f->ftps_rptr;
}
}
while ((f->ftps_junk == 1) && (rptr < wptr)) {
while ((rptr < wptr) && (*rptr != '\r'))
rptr++;
if ((*rptr == '\r') && (rptr + 1 < wptr)) {
if (*(rptr + 1) == '\n') {
rptr += 2;
f->ftps_junk = 0;
} else
rptr++;
}
f->ftps_seq += rptr - f->ftps_rptr;
f->ftps_rptr = rptr;
}
if (rptr == wptr) {
rptr = wptr = f->ftps_buf;
} else {
if ((wptr > f->ftps_buf + FTP_BUFSZ / 2)) {
i = wptr - rptr;
if ((rptr == f->ftps_buf) ||
(wptr - rptr > FTP_BUFSZ / 2)) {
f->ftps_seq += i;
f->ftps_junk = 1;
rptr = wptr = f->ftps_buf;
} else {
bcopy(rptr, f->ftps_buf, i);
wptr = f->ftps_buf + i;
rptr = f->ftps_buf;
}
}
f->ftps_rptr = rptr;
f->ftps_wptr = wptr;
}
}
f->ftps_rptr = rptr;
f->ftps_wptr = wptr;
return inc;
}
int ippr_ftp_out(fin, ip, aps, nat)
fr_info_t *fin;
ip_t *ip;
ap_session_t *aps;
nat_t *nat;
{
ftpinfo_t *ftp;
ftp = aps->aps_data;
if (ftp == NULL)
return 0;
return ippr_ftp_process(fin, ip, nat, ftp, 0);
}
int ippr_ftp_in(fin, ip, aps, nat)
fr_info_t *fin;
ip_t *ip;
ap_session_t *aps;
nat_t *nat;
{
ftpinfo_t *ftp;
return ippr_ftp_pasvmsg(fin, ip, nat);
ftp = aps->aps_data;
if (ftp == NULL)
return 0;
return ippr_ftp_process(fin, ip, nat, ftp, 1);
}
/*
* ippr_ftp_atoi - implement a version of atoi which processes numbers in
* pairs separated by commas (which are expected to be in the range 0 - 255),
* returning a 16 bit number combining either side of the , as the MSB and
* LSB.
*/
u_short ippr_ftp_atoi(ptr)
char **ptr;
{
register char *s = *ptr, c;
register u_char i = 0, j = 0;
while ((c = *s++) && isdigit(c)) {
i *= 10;
i += c - '0';
}
if (c != ',') {
*ptr = NULL;
return 0;
}
while ((c = *s++) && isdigit(c)) {
j *= 10;
j += c - '0';
}
*ptr = s;
return (i << 8) | j;
}

25
sys/netinet/ip_log.c
View File

@ -1,5 +1,5 @@
/*
* Copyright (C) 1997-1998 by Darren Reed.
* Copyright (C) 1997-2000 by Darren Reed.
*
* Redistribution and use in source and binary forms are permitted
* provided that this notice is preserved and due credit is given
@ -17,12 +17,11 @@
#endif
#ifdef __FreeBSD__
# if defined(_KERNEL) && !defined(IPFILTER_LKM)
# if !defined(__FreeBSD_version)
# include <sys/osreldate.h>
# endif
# if defined(__FreeBSD_version) && (__FreeBSD_version >= 300000)
# include "opt_ipfilter.h"
# endif
# else
# include <osreldate.h>
# endif
#endif
#ifdef IPFILTER_LOG
@ -129,7 +128,7 @@ extern kcondvar_t iplwait;
iplog_t **iplh[IPL_LOGMAX+1], *iplt[IPL_LOGMAX+1], *ipll[IPL_LOGMAX+1];
size_t iplused[IPL_LOGMAX+1];
fr_info_t iplcrc[IPL_LOGMAX+1];
static fr_info_t iplcrc[IPL_LOGMAX+1];
# ifdef linux
static struct wait_queue *iplwait[IPL_LOGMAX+1];
# endif
@ -172,6 +171,7 @@ mb_t *m;
size_t sizes[2];
void *ptrs[2];
int types[2];
u_char p;
# if SOLARIS
ill_t *ifp = fin->fin_ifp;
# else
@ -182,15 +182,16 @@ mb_t *m;
* calculate header size.
*/
hlen = fin->fin_hlen;
if ((ip->ip_off & IP_OFFMASK) == 0) {
if (ip->ip_p == IPPROTO_TCP)
if (fin->fin_off == 0) {
p = fin->fin_fi.fi_p;
if (p == IPPROTO_TCP)
hlen += MIN(sizeof(tcphdr_t), fin->fin_dlen);
else if (ip->ip_p == IPPROTO_UDP)
else if (p == IPPROTO_UDP)
hlen += MIN(sizeof(udphdr_t), fin->fin_dlen);
else if (ip->ip_p == IPPROTO_ICMP) {
struct icmp *icmp;
else if (p == IPPROTO_ICMP) {
struct icmp *icmp;
icmp = (struct icmp *)((char *)ip + hlen);
icmp = (struct icmp *)fin->fin_dp;
/*
* For ICMP, if the packet is an error packet, also
@ -235,7 +236,7 @@ mb_t *m;
if ((ipfl.fl_ifname[2] = ifp->if_name[2]))
ipfl.fl_ifname[3] = ifp->if_name[3];
# endif
mlen = (flags & FR_LOGBODY) ? MIN(ip->ip_len - hlen, 128) : 0;
mlen = (flags & FR_LOGBODY) ? MIN(fin->fin_plen - hlen, 128) : 0;
# endif
ipfl.fl_plen = (u_char)mlen;
ipfl.fl_hlen = (u_char)hlen;

1
sys/netinet/ip_nat.c
View File

@ -138,6 +138,7 @@ static int nat_flushtable __P((void));
static int nat_clearlist __P((void));
static void nat_addnat __P((struct ipnat *));
static void nat_addrdr __P((struct ipnat *));
static void nat_delete __P((struct nat *));
static void nat_delrdr __P((struct ipnat *));
static void nat_delnat __P((struct ipnat *));
static int fr_natgetent __P((caddr_t));

1
sys/netinet/ip_nat.h
View File

@ -285,6 +285,7 @@ extern nat_t *nat_icmplookup __P((ip_t *, fr_info_t *, int));
extern nat_t *nat_icmp __P((ip_t *, fr_info_t *, u_int *, int));
extern void nat_insert __P((nat_t *));
extern int ip_natout __P((ip_t *, fr_info_t *));
extern int ip_natin __P((ip_t *, fr_info_t *));
extern void ip_natunload __P((void)), ip_natexpire __P((void));
extern void nat_log __P((struct nat *, u_int));

24
sys/netinet/ip_raudio_pxy.c
View File

@ -41,12 +41,13 @@ nat_t *nat;
KMALLOCS(aps->aps_data, void *, sizeof(raudio_t));
if (aps->aps_data != NULL) {
bzero(aps->aps_data, sizeof(raudio_t));
rap = aps->aps_data;
aps->aps_psiz = sizeof(raudio_t);
rap->rap_mode = RAP_M_TCP; /* default is for TCP */
}
if (aps->aps_data == NULL)
return -1;
bzero(aps->aps_data, sizeof(raudio_t));
rap = aps->aps_data;
aps->aps_psiz = sizeof(raudio_t);
rap->rap_mode = RAP_M_TCP; /* default is for TCP */
return 0;
}
@ -171,8 +172,8 @@ nat_t *nat;
raudio_t *rap = aps->aps_data;
struct in_addr swa, swb;
u_int a1, a2, a3, a4;
int off, dlen, slen;
u_short sp, dp;
int off, dlen;
fr_info_t fi;
tcp_seq seq;
nat_t *ipn;
@ -261,9 +262,12 @@ nat_t *nat;
bcopy((char *)fin, (char *)&fi, sizeof(fi));
bzero((char *)tcp2, sizeof(*tcp2));
tcp2->th_off = 5;
fi.fin_dp = (char *)tcp2;
fi.fin_fr = &raudiofr;
tcp2->th_win = htons(8192);
slen = ip->ip_len;
ip->ip_len = fin->fin_hlen + sizeof(*tcp);
if (((rap->rap_mode & RAP_M_UDP_ROBUST) == RAP_M_UDP_ROBUST) &&
(rap->rap_srport != 0)) {
@ -274,8 +278,7 @@ nat_t *nat;
fi.fin_data[0] = dp;
fi.fin_data[1] = sp;
ipn = nat_new(nat->nat_ptr, ip, &fi,
IPN_UDP | (sp ? 0 : FI_W_SPORT),
NAT_OUTBOUND);
IPN_UDP | (sp ? 0 : FI_W_SPORT), NAT_OUTBOUND);
if (ipn != NULL) {
ipn->nat_age = fr_defnatage;
(void) fr_addstate(ip, &fi, sp ? 0 : FI_W_SPORT);
@ -295,8 +298,9 @@ nat_t *nat;
(void) fr_addstate(ip, &fi, FI_W_DPORT);
}
}
ip->ip_p = swp;
ip->ip_len = slen;
ip->ip_src = swa;
ip->ip_dst = swb;
return 0;

9
sys/netinet/ip_rcmd_pxy.c
View File

@ -1,3 +1,6 @@
/*
* $Id: ip_rcmd_pxy.c,v 1.4.2.1 2000/05/06 11:19:34 darrenr Exp $
*/
/*
* Simple RCMD transparent proxy for in-kernel use. For use with the NAT
* code.
@ -124,11 +127,16 @@ nat_t *nat;
ipn = nat_outlookup(fin->fin_ifp, IPN_TCP, nat->nat_p, nat->nat_inip,
ip->ip_dst, (dp << 16) | sp);
if (ipn == NULL) {
int slen;
slen = ip->ip_len;
ip->ip_len = fin->fin_hlen + sizeof(*tcp);
bcopy((char *)fin, (char *)&fi, sizeof(fi));
bzero((char *)tcp2, sizeof(*tcp2));
tcp2->th_win = htons(8192);
tcp2->th_sport = sp;
tcp2->th_dport = 0; /* XXX - don't specify remote port */
tcp2->th_off = 5;
fi.fin_data[0] = ntohs(sp);
fi.fin_data[1] = 0;
fi.fin_dp = (char *)tcp2;
@ -141,6 +149,7 @@ nat_t *nat;
fi.fin_fr = &rcmdfr;
(void) fr_addstate(ip, &fi, FI_W_DPORT);
}
ip->ip_len = slen;
ip->ip_src = swip;
}
return 0;

4
sys/netinet/ipl.h
View File

@ -1,5 +1,5 @@
/*
* Copyright (C) 1993-1999 by Darren Reed.
* Copyright (C) 1993-2000 by Darren Reed.
*
* Redistribution and use in source and binary forms are permitted
* provided that this notice is preserved and due credit is given
@ -12,6 +12,6 @@
#ifndef __IPL_H__
#define __IPL_H__
#define IPL_VERSION "IP Filter: v3.3.8"
#define IPL_VERSION "IP Filter: v3.4.4"
#endif

5
sys/netinet/mlfk_ipl.c
View File

@ -26,6 +26,7 @@
* $FreeBSD$
*/
#include <sys/param.h>
#include <sys/systm.h>
#include <sys/kernel.h>
@ -108,6 +109,7 @@ ipfilter_modevent(module_t mod, int type, void *unused)
switch (type) {
case MOD_LOAD :
error = iplattach();
if (error)
break;
@ -162,7 +164,6 @@ ipfilter_modevent(module_t mod, int type, void *unused)
destroy_dev(ipf_devs[IPL_LOGNAT]);
destroy_dev(ipf_devs[IPL_LOGSTATE]);
destroy_dev(ipf_devs[IPL_LOGAUTH]);
cdevsw_remove(&ipl_cdevsw);
error = ipldetach();
break;
default:
@ -173,7 +174,7 @@ ipfilter_modevent(module_t mod, int type, void *unused)
}
static moduledata_t ipfiltermod = {
"ipfilter",
IPL_VERSION,
ipfilter_modevent,
0
};