d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

A significant rewrite of PPTP aliasing code.

Browse Source 
PPTP links are no longer dropped by simple (and inappropriate in this
case) "inactivity timeout" procedure, only when requested through the
control connection.

It is now possible to have multiple PPTP servers running behind NAT.
Just redirect the incoming TCP traffic to port 1723, everything else
is done transparently.

Problems were reported and the fix was tested by:
		Michael Adler <Michael.Adler@compaq.com>,
		David Andersen <dga@lcs.mit.edu>
This commit is contained in:
Ruslan Ermilov 2000-10-30 12:39:41 +00:00
parent 2644e5e81b
commit 03453c5e87
Notes: svn2git 2020-12-20 02:59:44 +00:00 
svn path=/head/; revision=67966
8 changed files with 530 additions and 302 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

51
lib/libalias/alias.c
View File

@ -185,7 +185,6 @@ TcpMonitorOut(struct ip *pip, struct alias_link *link)
ProtoAliasIn(), ProtoAliasOut()
UdpAliasIn(), UdpAliasOut()
TcpAliasIn(), TcpAliasOut()
GreAliasIn()
These routines handle protocol specific details of packet aliasing.
One may observe a certain amount of repetitive arithmetic in these
@ -237,8 +236,6 @@ static int UdpAliasIn (struct ip *);
static int TcpAliasOut(struct ip *, int);
static int TcpAliasIn (struct ip *);
static int GreAliasIn(struct ip *);
static int
IcmpAliasIn1(struct ip *pip)
@ -706,40 +703,6 @@ ProtoAliasOut(struct ip *pip)
}
static int
GreAliasIn(struct ip *pip)
{
u_short call_id;
struct alias_link *link;
/* Return if proxy-only mode is enabled. */
if (packetAliasMode & PKT_ALIAS_PROXY_ONLY)
return (PKT_ALIAS_OK);
if (PptpGetCallID(pip, &call_id)) {
if ((link = FindPptpIn(pip->ip_src, pip->ip_dst, call_id)) != NULL) {
struct in_addr alias_address;
struct in_addr original_address;
alias_address = GetAliasAddress(link);
original_address = GetOriginalAddress(link);
PptpSetCallID(pip, GetOriginalPort(link));
/* Restore original IP address. */
DifferentialChecksum(&pip->ip_sum,
(u_short *)&original_address,
(u_short *)&pip->ip_dst,
2);
pip->ip_dst = original_address;
return (PKT_ALIAS_OK);
} else
return (PKT_ALIAS_IGNORED);
} else
return ProtoAliasIn(pip);
}
static int
UdpAliasIn(struct ip *pip)
{
@ -1318,8 +1281,12 @@ PacketAliasIn(char *ptr, int maxpacketsize)
iresult = TcpAliasIn(pip);
break;
case IPPROTO_GRE:
iresult = GreAliasIn(pip);
break;
if (packetAliasMode & PKT_ALIAS_PROXY_ONLY ||
AliasHandlePptpGreIn(pip) == 0)
iresult = PKT_ALIAS_OK;
else
iresult = ProtoAliasIn(pip);
break;
default:
iresult = ProtoAliasIn(pip);
break;
@ -1426,6 +1393,12 @@ PacketAliasOut(char *ptr, /* valid IP packet */
case IPPROTO_TCP:
iresult = TcpAliasOut(pip, maxpacketsize);
break;
case IPPROTO_GRE:
if (AliasHandlePptpGreOut(pip) == 0)
iresult = PKT_ALIAS_OK;
else
iresult = ProtoAliasOut(pip);
break;
default:
iresult = ProtoAliasOut(pip);
break;

167
lib/libalias/alias_db.c
View File

@ -158,7 +158,6 @@
/* Timeouts (in seconds) for different link types */
#define ICMP_EXPIRE_TIME 60
#define UDP_EXPIRE_TIME 60
#define PPTP_EXPIRE_TIME 60
#define PROTO_EXPIRE_TIME 60
#define FRAGMENT_ID_EXPIRE_TIME 10
#define FRAGMENT_PTR_EXPIRE_TIME 30
@ -422,7 +421,8 @@ StartPointIn(struct in_addr alias_addr,
u_int n;
n = alias_addr.s_addr;
n += alias_port;
if (link_type != LINK_PPTP)
n += alias_port;
n += link_type;
return(n % LINK_TABLE_IN_SIZE);
}
@ -436,8 +436,10 @@ StartPointOut(struct in_addr src_addr, struct in_addr dst_addr,
n = src_addr.s_addr;
n += dst_addr.s_addr;
n += src_port;
n += dst_port;
if (link_type != LINK_PPTP) {
n += src_port;
n += dst_port;
}
n += link_type;
return(n % LINK_TABLE_OUT_SIZE);
@ -1004,7 +1006,7 @@ AddLink(struct in_addr src_addr,
link->expire_time = TCP_EXPIRE_INITIAL;
break;
case LINK_PPTP:
link->expire_time = PPTP_EXPIRE_TIME;
link->flags |= LINK_PERMANENT; /* no timeout. */
break;
case LINK_FRAGMENT_ID:
link->expire_time = FRAGMENT_ID_EXPIRE_TIME;
@ -1389,7 +1391,8 @@ FindLinkIn(struct in_addr dst_addr,
AddFragmentPtrLink(), FindFragmentPtr()
FindProtoIn(), FindProtoOut()
FindUdpTcpIn(), FindUdpTcpOut()
FindPptpIn(), FindPptpOut()
AddPptp(), FindPptpOutByCallId(), FindPptpInByCallId(),
FindPptpOutByPeerCallId(), FindPptpInByPeerCallId()
FindOriginalAddress(), FindAliasAddress()
(prototypes in alias_local.h)
@ -1629,56 +1632,6 @@ FindUdpTcpOut(struct in_addr src_addr,
}
struct alias_link *
FindPptpIn(struct in_addr dst_addr,
struct in_addr alias_addr,
u_short call_id)
{
struct alias_link *link;
link = FindLinkIn(dst_addr, alias_addr,
NO_DEST_PORT, call_id,
LINK_PPTP, 1);
if (link == NULL && !(packetAliasMode & PKT_ALIAS_DENY_INCOMING))
{
struct in_addr target_addr;
target_addr = FindOriginalAddress(alias_addr);
link = AddLink(target_addr, dst_addr, alias_addr,
call_id, NO_DEST_PORT, call_id,
LINK_PPTP);
}
return(link);
}
struct alias_link *
FindPptpOut(struct in_addr src_addr,
struct in_addr dst_addr,
u_short call_id)
{
struct alias_link *link;
link = FindLinkOut(src_addr, dst_addr,
call_id, NO_DEST_PORT,
LINK_PPTP, 1);
if (link == NULL)
{
struct in_addr alias_addr;
alias_addr = FindAliasAddress(src_addr);
link = AddLink(src_addr, dst_addr, alias_addr,
call_id, NO_DEST_PORT, GET_ALIAS_PORT,
LINK_PPTP);
}
return(link);
}
struct alias_link *
QueryUdpTcpIn(struct in_addr dst_addr,
struct in_addr alias_addr,
@ -1740,6 +1693,97 @@ QueryUdpTcpOut(struct in_addr src_addr,
return(link);
}
struct alias_link *
AddPptp(struct in_addr src_addr,
struct in_addr dst_addr,
struct in_addr alias_addr,
u_int16_t src_call_id)
{
struct alias_link *link;
link = AddLink(src_addr, dst_addr, alias_addr,
src_call_id, 0, GET_ALIAS_PORT,
LINK_PPTP);
return (link);
}
struct alias_link *
FindPptpOutByCallId(struct in_addr src_addr,
struct in_addr dst_addr,
u_int16_t src_call_id)
{
u_int i;
struct alias_link *link;
i = StartPointOut(src_addr, dst_addr, 0, 0, LINK_PPTP);
LIST_FOREACH(link, &linkTableOut[i], list_out)
if (link->link_type == LINK_PPTP &&
link->src_addr.s_addr == src_addr.s_addr &&
link->dst_addr.s_addr == dst_addr.s_addr &&
link->src_port == src_call_id)
break;
return (link);
}
struct alias_link *
FindPptpOutByPeerCallId(struct in_addr src_addr,
struct in_addr dst_addr,
u_int16_t dst_call_id)
{
u_int i;
struct alias_link *link;
i = StartPointOut(src_addr, dst_addr, 0, 0, LINK_PPTP);
LIST_FOREACH(link, &linkTableOut[i], list_out)
if (link->link_type == LINK_PPTP &&
link->src_addr.s_addr == src_addr.s_addr &&
link->dst_addr.s_addr == dst_addr.s_addr &&
link->dst_port == dst_call_id)
break;
return (link);
}
struct alias_link *
FindPptpInByCallId(struct in_addr dst_addr,
struct in_addr alias_addr,
u_int16_t dst_call_id)
{
u_int i;
struct alias_link *link;
i = StartPointIn(alias_addr, 0, LINK_PPTP);
LIST_FOREACH(link, &linkTableIn[i], list_in)
if (link->link_type == LINK_PPTP &&
link->dst_addr.s_addr == dst_addr.s_addr &&
link->alias_addr.s_addr == alias_addr.s_addr &&
link->dst_port == dst_call_id)
break;
return (link);
}
struct alias_link *
FindPptpInByPeerCallId(struct in_addr dst_addr,
struct in_addr alias_addr,
u_int16_t alias_call_id)
{
struct alias_link *link;
link = FindLinkIn(dst_addr, alias_addr,
0/* any */, alias_call_id,
LINK_PPTP, 0);
return (link);
}
struct alias_link *
FindRtspOut(struct in_addr src_addr,
@ -1845,6 +1889,7 @@ FindAliasAddress(struct in_addr original_addr)
SetAckModified(), GetAckModified()
GetDeltaAckIn(), GetDeltaSeqOut(), AddSeq()
SetLastLineCrlfTermed(), GetLastLineCrlfTermed()
SetDestCallId()
*/
@ -2227,6 +2272,16 @@ GetLastLineCrlfTermed(struct alias_link *link)
return (link->flags & LINK_LAST_LINE_CRLF_TERMED);
}
void
SetDestCallId(struct alias_link *link, u_int16_t cid)
{
deleteAllLinks = 1;
link = ReLink(link, link->src_addr, link->dst_addr, link->alias_addr,
link->src_port, cid, link->alias_port, link->link_type);
deleteAllLinks = 0;
}
/* Miscellaneous Functions

18
lib/libalias/alias_local.h
View File

@ -108,10 +108,19 @@ struct alias_link *
FindUdpTcpOut(struct in_addr, struct in_addr, u_short, u_short, u_char);
struct alias_link *
FindPptpIn(struct in_addr, struct in_addr, u_short);
AddPptp(struct in_addr, struct in_addr, struct in_addr, u_int16_t);
struct alias_link *
FindPptpOut(struct in_addr, struct in_addr, u_short);
FindPptpOutByCallId(struct in_addr, struct in_addr, u_int16_t);
struct alias_link *
FindPptpInByCallId(struct in_addr, struct in_addr, u_int16_t);
struct alias_link *
FindPptpOutByPeerCallId(struct in_addr, struct in_addr, u_int16_t);
struct alias_link *
FindPptpInByPeerCallId(struct in_addr, struct in_addr, u_int16_t);
struct alias_link *
QueryUdpTcpIn (struct in_addr, struct in_addr, u_short, u_short, u_char);
@ -159,6 +168,7 @@ void SetExpire(struct alias_link *, int);
void ClearCheckNewLink(void);
void SetLastLineCrlfTermed(struct alias_link *, int);
int GetLastLineCrlfTermed(struct alias_link *);
void SetDestCallId(struct alias_link *, u_int16_t);
#ifndef NO_FW_PUNCH
void PunchFWHole(struct alias_link *);
#endif
@ -180,10 +190,10 @@ void AliasHandleIrcOut(struct ip *, struct alias_link *, int);
void AliasHandleRtspOut(struct ip *, struct alias_link *, int);
/* PPTP routines */
int PptpGetCallID(struct ip *, u_short *);
void PptpSetCallID(struct ip *, u_short);
void AliasHandlePptpOut(struct ip *, struct alias_link *);
void AliasHandlePptpIn(struct ip *, struct alias_link *);
int AliasHandlePptpGreOut(struct ip *);
int AliasHandlePptpGreIn(struct ip *);
/* NetBIOS routines */
int AliasHandleUdpNbt(struct ip *, struct alias_link *, struct in_addr *, u_short);

180
lib/libalias/alias_pptp.c
View File

@ -65,9 +65,6 @@
*/
/* Includes */
#include <ctype.h>
#include <stdio.h>
#include <string.h>
#include <sys/types.h>
#include <netinet/in_systm.h>
#include <netinet/in.h>
@ -82,21 +79,14 @@
struct grehdr /* Enhanced GRE header. */
{
u_char gh_recursion:3, /* Recursion control. */
gh_ssr_flag:1, /* Strict source route present. */
gh_seq_no_flag:1, /* Sequence number present. */
gh_key_flag:1, /* Key present. */
gh_rt_flag:1, /* Routing present. */
gh_cksum_flag:1; /* Checksum present. */
u_char gh_version:3, /* GRE version. */
gh_flags:4, /* Flags. */
gh_ack_no_flag:1; /* Acknowledgment sequence number present. */
u_short gh_protocol; /* Protocol type. */
u_short gh_length; /* Payload length. */
u_short gh_call_id; /* Call ID. */
u_int16_t gh_flags; /* Flags. */
u_int16_t gh_protocol; /* Protocol type. */
u_int16_t gh_length; /* Payload length. */
u_int16_t gh_call_id; /* Call ID. */
u_int32_t gh_seq_no; /* Sequence number (optional). */
u_int32_t gh_ack_no; /* Acknowledgment number (optional). */
};
typedef struct grehdr GreHdr;
/* The PPTP protocol ID used in the GRE 'proto' field. */
#define PPTP_GRE_PROTO 0x880b
@ -123,7 +113,7 @@ enum {
PPTP_CallClearRequest = 12,
PPTP_CallDiscNotify = 13,
PPTP_WanErrorNotify = 14,
PPTP_SetLinkInfo = 15,
PPTP_SetLinkInfo = 15
};
/* Message structures */
@ -136,6 +126,12 @@ enum {
};
typedef struct pptpMsgHead *PptpMsgHead;
struct pptpCodes {
u_int8_t resCode; /* Result Code */
u_int8_t errCode; /* Error Code */
};
typedef struct pptpCodes *PptpCode;
struct pptpCallIds {
u_int16_t cid1; /* Call ID field #1 */
u_int16_t cid2; /* Call ID field #2 */
@ -144,29 +140,6 @@ enum {
static PptpCallId AliasVerifyPptp(struct ip *, u_int16_t *);
int
PptpGetCallID(struct ip *pip,
u_short *call_id)
{
struct grehdr *gr;
gr = (struct grehdr *)((char *)pip + (pip->ip_hl << 2));
/* Check GRE header bits. */
if ((ntohl(*((u_int32_t *)gr)) & PPTP_INIT_MASK) == PPTP_INIT_VALUE) {
*call_id = gr->gh_call_id;
return 1;
} else
return 0;
};
void PptpSetCallID(struct ip *pip, u_short call_id)
{
struct grehdr *gr;
gr = (struct grehdr *)((char *)pip + (pip->ip_hl << 2));
gr->gh_call_id = call_id;
};
void
AliasHandlePptpOut(struct ip *pip, /* IP packet to examine/patch */
@ -174,6 +147,7 @@ AliasHandlePptpOut(struct ip *pip, /* IP packet to examine/patch */
{
struct alias_link *pptp_link;
PptpCallId cptr;
PptpCode codes;
u_int16_t ctl_type; /* control message type */
struct tcphdr *tc;
@ -187,12 +161,20 @@ AliasHandlePptpOut(struct ip *pip, /* IP packet to examine/patch */
case PPTP_OutCallReply:
case PPTP_InCallRequest:
case PPTP_InCallReply:
/* Establish PPTP link for address and Call ID found in control message. */
pptp_link = AddPptp(GetOriginalAddress(link), GetDestAddress(link),
GetAliasAddress(link), cptr->cid1);
break;
case PPTP_CallClearRequest:
case PPTP_CallDiscNotify:
/* Establish PPTP link for address and Call ID found in PPTP Control Msg */
pptp_link = FindPptpOut(GetOriginalAddress(link), GetDestAddress(link),
cptr->cid1);
/* Find PPTP link for address and Call ID found in control message. */
pptp_link = FindPptpOutByCallId(GetOriginalAddress(link),
GetDestAddress(link),
cptr->cid1);
break;
default:
return;
}
if (pptp_link != NULL) {
int accumulate = cptr->cid1;
@ -204,11 +186,22 @@ AliasHandlePptpOut(struct ip *pip, /* IP packet to examine/patch */
tc = (struct tcphdr *) ((char *) pip + (pip->ip_hl << 2));
accumulate -= cptr->cid1;
ADJUST_CHECKSUM(accumulate, tc->th_sum);
switch (ctl_type) {
case PPTP_OutCallReply:
case PPTP_InCallReply:
codes = (PptpCode)(cptr + 1);
if (codes->resCode == 1) /* Connection established, */
SetDestCallId(pptp_link, /* note the Peer's Call ID. */
cptr->cid2);
else
SetExpire(pptp_link, 0); /* Connection refused. */
break;
case PPTP_CallDiscNotify: /* Connection closed. */
SetExpire(pptp_link, 0);
break;
}
}
break;
default:
return;
}
}
void
@ -237,28 +230,46 @@ AliasHandlePptpIn(struct ip *pip, /* IP packet to examine/patch */
case PPTP_InCallReply:
pcall_id = &cptr->cid2;
break;
case PPTP_CallDiscNotify: /* Connection closed. */
pptp_link = FindPptpInByCallId(GetDestAddress(link),
GetAliasAddress(link),
cptr->cid1);
if (pptp_link != NULL)
SetExpire(pptp_link, 0);
return;
default:
return;
}
/* Find PPTP link for address and Call ID found in PPTP Control Msg */
pptp_link = FindPptpIn(GetDestAddress(link), GetAliasAddress(link),
*pcall_id);
pptp_link = FindPptpInByPeerCallId(GetDestAddress(link),
GetAliasAddress(link),
*pcall_id);
if (pptp_link != NULL) {
int accumulate = *pcall_id;
/* alias the Call Id */
/* De-alias the Peer's Call Id. */
*pcall_id = GetOriginalPort(pptp_link);
/* Compute TCP checksum for modified packet */
tc = (struct tcphdr *) ((char *) pip + (pip->ip_hl << 2));
accumulate -= *pcall_id;
ADJUST_CHECKSUM(accumulate, tc->th_sum);
if (ctl_type == PPTP_OutCallReply || ctl_type == PPTP_InCallReply) {
PptpCode codes = (PptpCode)(cptr + 1);
if (codes->resCode == 1) /* Connection established, */
SetDestCallId(pptp_link, /* note the Call ID. */
cptr->cid1);
else
SetExpire(pptp_link, 0); /* Connection refused. */
}
}
}
PptpCallId
static PptpCallId
AliasVerifyPptp(struct ip *pip, u_int16_t *ptype) /* IP packet to examine/patch */
{
int hlen, tlen, dlen;
@ -285,6 +296,71 @@ AliasVerifyPptp(struct ip *pip, u_int16_t *ptype) /* IP packet to examine/patch
if ((ntohs(hptr->msgType) != PPTP_CTRL_MSG_TYPE) ||
(ntohl(hptr->magic) != PPTP_MAGIC))
return(NULL);
/* Verify data length. */
if ((*ptype == PPTP_OutCallReply || *ptype == PPTP_InCallReply) &&
(dlen < sizeof(struct pptpMsgHead) + sizeof(struct pptpCallIds) +
sizeof(struct pptpCodes)))
return (NULL);
else
return((PptpCallId)(((char *)hptr) + sizeof(struct pptpMsgHead)));
return (PptpCallId)(hptr + 1);
}
int
AliasHandlePptpGreOut(struct ip *pip)
{
GreHdr *gr;
struct alias_link *link;
gr = (GreHdr *)((char *)pip + (pip->ip_hl << 2));
/* Check GRE header bits. */
if ((ntohl(*((u_int32_t *)gr)) & PPTP_INIT_MASK) != PPTP_INIT_VALUE)
return (-1);
link = FindPptpOutByPeerCallId(pip->ip_src, pip->ip_dst, gr->gh_call_id);
if (link != NULL) {
struct in_addr alias_addr = GetAliasAddress(link);
/* Change source IP address. */
DifferentialChecksum(&pip->ip_sum,
(u_short *)&alias_addr,
(u_short *)&pip->ip_src,
2);
pip->ip_src = alias_addr;
}
return (0);
}
int
AliasHandlePptpGreIn(struct ip *pip)
{
GreHdr *gr;
struct alias_link *link;
gr = (GreHdr *)((char *)pip + (pip->ip_hl << 2));
/* Check GRE header bits. */
if ((ntohl(*((u_int32_t *)gr)) & PPTP_INIT_MASK) != PPTP_INIT_VALUE)
return (-1);
link = FindPptpInByPeerCallId(pip->ip_src, pip->ip_dst, gr->gh_call_id);
if (link != NULL) {
struct in_addr src_addr = GetOriginalAddress(link);
/* De-alias the Peer's Call Id. */
gr->gh_call_id = GetOriginalPort(link);
/* Restore original IP address. */
DifferentialChecksum(&pip->ip_sum,
(u_short *)&src_addr,
(u_short *)&pip->ip_dst,
2);
pip->ip_dst = src_addr;
}
return (0);
}

51
sys/netinet/libalias/alias.c
View File

@ -185,7 +185,6 @@ TcpMonitorOut(struct ip *pip, struct alias_link *link)
ProtoAliasIn(), ProtoAliasOut()
UdpAliasIn(), UdpAliasOut()
TcpAliasIn(), TcpAliasOut()
GreAliasIn()
These routines handle protocol specific details of packet aliasing.
One may observe a certain amount of repetitive arithmetic in these
@ -237,8 +236,6 @@ static int UdpAliasIn (struct ip *);
static int TcpAliasOut(struct ip *, int);
static int TcpAliasIn (struct ip *);
static int GreAliasIn(struct ip *);
static int
IcmpAliasIn1(struct ip *pip)
@ -706,40 +703,6 @@ ProtoAliasOut(struct ip *pip)
}
static int
GreAliasIn(struct ip *pip)
{
u_short call_id;
struct alias_link *link;
/* Return if proxy-only mode is enabled. */
if (packetAliasMode & PKT_ALIAS_PROXY_ONLY)
return (PKT_ALIAS_OK);
if (PptpGetCallID(pip, &call_id)) {
if ((link = FindPptpIn(pip->ip_src, pip->ip_dst, call_id)) != NULL) {
struct in_addr alias_address;
struct in_addr original_address;
alias_address = GetAliasAddress(link);
original_address = GetOriginalAddress(link);
PptpSetCallID(pip, GetOriginalPort(link));
/* Restore original IP address. */
DifferentialChecksum(&pip->ip_sum,
(u_short *)&original_address,
(u_short *)&pip->ip_dst,
2);
pip->ip_dst = original_address;
return (PKT_ALIAS_OK);
} else
return (PKT_ALIAS_IGNORED);
} else
return ProtoAliasIn(pip);
}
static int
UdpAliasIn(struct ip *pip)
{
@ -1318,8 +1281,12 @@ PacketAliasIn(char *ptr, int maxpacketsize)
iresult = TcpAliasIn(pip);
break;
case IPPROTO_GRE:
iresult = GreAliasIn(pip);
break;
if (packetAliasMode & PKT_ALIAS_PROXY_ONLY ||
AliasHandlePptpGreIn(pip) == 0)
iresult = PKT_ALIAS_OK;
else
iresult = ProtoAliasIn(pip);
break;
default:
iresult = ProtoAliasIn(pip);
break;
@ -1426,6 +1393,12 @@ PacketAliasOut(char *ptr, /* valid IP packet */
case IPPROTO_TCP:
iresult = TcpAliasOut(pip, maxpacketsize);
break;
case IPPROTO_GRE:
if (AliasHandlePptpGreOut(pip) == 0)
iresult = PKT_ALIAS_OK;
else
iresult = ProtoAliasOut(pip);
break;
default:
iresult = ProtoAliasOut(pip);
break;

167
sys/netinet/libalias/alias_db.c
View File

@ -158,7 +158,6 @@
/* Timeouts (in seconds) for different link types */
#define ICMP_EXPIRE_TIME 60
#define UDP_EXPIRE_TIME 60
#define PPTP_EXPIRE_TIME 60
#define PROTO_EXPIRE_TIME 60
#define FRAGMENT_ID_EXPIRE_TIME 10
#define FRAGMENT_PTR_EXPIRE_TIME 30
@ -422,7 +421,8 @@ StartPointIn(struct in_addr alias_addr,
u_int n;
n = alias_addr.s_addr;
n += alias_port;
if (link_type != LINK_PPTP)
n += alias_port;
n += link_type;
return(n % LINK_TABLE_IN_SIZE);
}
@ -436,8 +436,10 @@ StartPointOut(struct in_addr src_addr, struct in_addr dst_addr,
n = src_addr.s_addr;
n += dst_addr.s_addr;
n += src_port;
n += dst_port;
if (link_type != LINK_PPTP) {
n += src_port;
n += dst_port;
}
n += link_type;
return(n % LINK_TABLE_OUT_SIZE);
@ -1004,7 +1006,7 @@ AddLink(struct in_addr src_addr,
link->expire_time = TCP_EXPIRE_INITIAL;
break;
case LINK_PPTP:
link->expire_time = PPTP_EXPIRE_TIME;
link->flags |= LINK_PERMANENT; /* no timeout. */
break;
case LINK_FRAGMENT_ID:
link->expire_time = FRAGMENT_ID_EXPIRE_TIME;
@ -1389,7 +1391,8 @@ FindLinkIn(struct in_addr dst_addr,
AddFragmentPtrLink(), FindFragmentPtr()
FindProtoIn(), FindProtoOut()
FindUdpTcpIn(), FindUdpTcpOut()
FindPptpIn(), FindPptpOut()
AddPptp(), FindPptpOutByCallId(), FindPptpInByCallId(),
FindPptpOutByPeerCallId(), FindPptpInByPeerCallId()
FindOriginalAddress(), FindAliasAddress()
(prototypes in alias_local.h)
@ -1629,56 +1632,6 @@ FindUdpTcpOut(struct in_addr src_addr,
}
struct alias_link *
FindPptpIn(struct in_addr dst_addr,
struct in_addr alias_addr,
u_short call_id)
{
struct alias_link *link;
link = FindLinkIn(dst_addr, alias_addr,
NO_DEST_PORT, call_id,
LINK_PPTP, 1);
if (link == NULL && !(packetAliasMode & PKT_ALIAS_DENY_INCOMING))
{
struct in_addr target_addr;
target_addr = FindOriginalAddress(alias_addr);
link = AddLink(target_addr, dst_addr, alias_addr,
call_id, NO_DEST_PORT, call_id,
LINK_PPTP);
}
return(link);
}
struct alias_link *
FindPptpOut(struct in_addr src_addr,
struct in_addr dst_addr,
u_short call_id)
{
struct alias_link *link;
link = FindLinkOut(src_addr, dst_addr,
call_id, NO_DEST_PORT,
LINK_PPTP, 1);
if (link == NULL)
{
struct in_addr alias_addr;
alias_addr = FindAliasAddress(src_addr);
link = AddLink(src_addr, dst_addr, alias_addr,
call_id, NO_DEST_PORT, GET_ALIAS_PORT,
LINK_PPTP);
}
return(link);
}
struct alias_link *
QueryUdpTcpIn(struct in_addr dst_addr,
struct in_addr alias_addr,
@ -1740,6 +1693,97 @@ QueryUdpTcpOut(struct in_addr src_addr,
return(link);
}
struct alias_link *
AddPptp(struct in_addr src_addr,
struct in_addr dst_addr,
struct in_addr alias_addr,
u_int16_t src_call_id)
{
struct alias_link *link;
link = AddLink(src_addr, dst_addr, alias_addr,
src_call_id, 0, GET_ALIAS_PORT,
LINK_PPTP);
return (link);
}
struct alias_link *
FindPptpOutByCallId(struct in_addr src_addr,
struct in_addr dst_addr,
u_int16_t src_call_id)
{
u_int i;
struct alias_link *link;
i = StartPointOut(src_addr, dst_addr, 0, 0, LINK_PPTP);
LIST_FOREACH(link, &linkTableOut[i], list_out)
if (link->link_type == LINK_PPTP &&
link->src_addr.s_addr == src_addr.s_addr &&
link->dst_addr.s_addr == dst_addr.s_addr &&
link->src_port == src_call_id)
break;
return (link);
}
struct alias_link *
FindPptpOutByPeerCallId(struct in_addr src_addr,
struct in_addr dst_addr,
u_int16_t dst_call_id)
{
u_int i;
struct alias_link *link;
i = StartPointOut(src_addr, dst_addr, 0, 0, LINK_PPTP);
LIST_FOREACH(link, &linkTableOut[i], list_out)
if (link->link_type == LINK_PPTP &&
link->src_addr.s_addr == src_addr.s_addr &&
link->dst_addr.s_addr == dst_addr.s_addr &&
link->dst_port == dst_call_id)
break;
return (link);
}
struct alias_link *
FindPptpInByCallId(struct in_addr dst_addr,
struct in_addr alias_addr,
u_int16_t dst_call_id)
{
u_int i;
struct alias_link *link;
i = StartPointIn(alias_addr, 0, LINK_PPTP);
LIST_FOREACH(link, &linkTableIn[i], list_in)
if (link->link_type == LINK_PPTP &&
link->dst_addr.s_addr == dst_addr.s_addr &&
link->alias_addr.s_addr == alias_addr.s_addr &&
link->dst_port == dst_call_id)
break;
return (link);
}
struct alias_link *
FindPptpInByPeerCallId(struct in_addr dst_addr,
struct in_addr alias_addr,
u_int16_t alias_call_id)
{
struct alias_link *link;
link = FindLinkIn(dst_addr, alias_addr,
0/* any */, alias_call_id,
LINK_PPTP, 0);
return (link);
}
struct alias_link *
FindRtspOut(struct in_addr src_addr,
@ -1845,6 +1889,7 @@ FindAliasAddress(struct in_addr original_addr)
SetAckModified(), GetAckModified()
GetDeltaAckIn(), GetDeltaSeqOut(), AddSeq()
SetLastLineCrlfTermed(), GetLastLineCrlfTermed()
SetDestCallId()
*/
@ -2227,6 +2272,16 @@ GetLastLineCrlfTermed(struct alias_link *link)
return (link->flags & LINK_LAST_LINE_CRLF_TERMED);
}
void
SetDestCallId(struct alias_link *link, u_int16_t cid)
{
deleteAllLinks = 1;
link = ReLink(link, link->src_addr, link->dst_addr, link->alias_addr,
link->src_port, cid, link->alias_port, link->link_type);
deleteAllLinks = 0;
}
/* Miscellaneous Functions

18
sys/netinet/libalias/alias_local.h
View File

@ -108,10 +108,19 @@ struct alias_link *
FindUdpTcpOut(struct in_addr, struct in_addr, u_short, u_short, u_char);
struct alias_link *
FindPptpIn(struct in_addr, struct in_addr, u_short);
AddPptp(struct in_addr, struct in_addr, struct in_addr, u_int16_t);
struct alias_link *
FindPptpOut(struct in_addr, struct in_addr, u_short);
FindPptpOutByCallId(struct in_addr, struct in_addr, u_int16_t);
struct alias_link *
FindPptpInByCallId(struct in_addr, struct in_addr, u_int16_t);
struct alias_link *
FindPptpOutByPeerCallId(struct in_addr, struct in_addr, u_int16_t);
struct alias_link *
FindPptpInByPeerCallId(struct in_addr, struct in_addr, u_int16_t);
struct alias_link *
QueryUdpTcpIn (struct in_addr, struct in_addr, u_short, u_short, u_char);
@ -159,6 +168,7 @@ void SetExpire(struct alias_link *, int);
void ClearCheckNewLink(void);
void SetLastLineCrlfTermed(struct alias_link *, int);
int GetLastLineCrlfTermed(struct alias_link *);
void SetDestCallId(struct alias_link *, u_int16_t);
#ifndef NO_FW_PUNCH
void PunchFWHole(struct alias_link *);
#endif
@ -180,10 +190,10 @@ void AliasHandleIrcOut(struct ip *, struct alias_link *, int);
void AliasHandleRtspOut(struct ip *, struct alias_link *, int);
/* PPTP routines */
int PptpGetCallID(struct ip *, u_short *);
void PptpSetCallID(struct ip *, u_short);
void AliasHandlePptpOut(struct ip *, struct alias_link *);
void AliasHandlePptpIn(struct ip *, struct alias_link *);
int AliasHandlePptpGreOut(struct ip *);
int AliasHandlePptpGreIn(struct ip *);
/* NetBIOS routines */
int AliasHandleUdpNbt(struct ip *, struct alias_link *, struct in_addr *, u_short);

180
sys/netinet/libalias/alias_pptp.c
View File

@ -65,9 +65,6 @@
*/
/* Includes */
#include <ctype.h>
#include <stdio.h>
#include <string.h>
#include <sys/types.h>
#include <netinet/in_systm.h>
#include <netinet/in.h>
@ -82,21 +79,14 @@
struct grehdr /* Enhanced GRE header. */
{
u_char gh_recursion:3, /* Recursion control. */
gh_ssr_flag:1, /* Strict source route present. */
gh_seq_no_flag:1, /* Sequence number present. */
gh_key_flag:1, /* Key present. */
gh_rt_flag:1, /* Routing present. */
gh_cksum_flag:1; /* Checksum present. */
u_char gh_version:3, /* GRE version. */
gh_flags:4, /* Flags. */
gh_ack_no_flag:1; /* Acknowledgment sequence number present. */
u_short gh_protocol; /* Protocol type. */
u_short gh_length; /* Payload length. */
u_short gh_call_id; /* Call ID. */
u_int16_t gh_flags; /* Flags. */
u_int16_t gh_protocol; /* Protocol type. */
u_int16_t gh_length; /* Payload length. */
u_int16_t gh_call_id; /* Call ID. */
u_int32_t gh_seq_no; /* Sequence number (optional). */
u_int32_t gh_ack_no; /* Acknowledgment number (optional). */
};
typedef struct grehdr GreHdr;
/* The PPTP protocol ID used in the GRE 'proto' field. */
#define PPTP_GRE_PROTO 0x880b
@ -123,7 +113,7 @@ enum {
PPTP_CallClearRequest = 12,
PPTP_CallDiscNotify = 13,
PPTP_WanErrorNotify = 14,
PPTP_SetLinkInfo = 15,
PPTP_SetLinkInfo = 15
};
/* Message structures */
@ -136,6 +126,12 @@ enum {
};
typedef struct pptpMsgHead *PptpMsgHead;
struct pptpCodes {
u_int8_t resCode; /* Result Code */
u_int8_t errCode; /* Error Code */
};
typedef struct pptpCodes *PptpCode;
struct pptpCallIds {
u_int16_t cid1; /* Call ID field #1 */
u_int16_t cid2; /* Call ID field #2 */
@ -144,29 +140,6 @@ enum {
static PptpCallId AliasVerifyPptp(struct ip *, u_int16_t *);
int
PptpGetCallID(struct ip *pip,
u_short *call_id)
{
struct grehdr *gr;
gr = (struct grehdr *)((char *)pip + (pip->ip_hl << 2));
/* Check GRE header bits. */
if ((ntohl(*((u_int32_t *)gr)) & PPTP_INIT_MASK) == PPTP_INIT_VALUE) {
*call_id = gr->gh_call_id;
return 1;
} else
return 0;
};
void PptpSetCallID(struct ip *pip, u_short call_id)
{
struct grehdr *gr;
gr = (struct grehdr *)((char *)pip + (pip->ip_hl << 2));
gr->gh_call_id = call_id;
};
void
AliasHandlePptpOut(struct ip *pip, /* IP packet to examine/patch */
@ -174,6 +147,7 @@ AliasHandlePptpOut(struct ip *pip, /* IP packet to examine/patch */
{
struct alias_link *pptp_link;
PptpCallId cptr;
PptpCode codes;
u_int16_t ctl_type; /* control message type */
struct tcphdr *tc;
@ -187,12 +161,20 @@ AliasHandlePptpOut(struct ip *pip, /* IP packet to examine/patch */
case PPTP_OutCallReply:
case PPTP_InCallRequest:
case PPTP_InCallReply:
/* Establish PPTP link for address and Call ID found in control message. */
pptp_link = AddPptp(GetOriginalAddress(link), GetDestAddress(link),
GetAliasAddress(link), cptr->cid1);
break;
case PPTP_CallClearRequest:
case PPTP_CallDiscNotify:
/* Establish PPTP link for address and Call ID found in PPTP Control Msg */
pptp_link = FindPptpOut(GetOriginalAddress(link), GetDestAddress(link),
cptr->cid1);
/* Find PPTP link for address and Call ID found in control message. */
pptp_link = FindPptpOutByCallId(GetOriginalAddress(link),
GetDestAddress(link),
cptr->cid1);
break;
default:
return;
}
if (pptp_link != NULL) {
int accumulate = cptr->cid1;
@ -204,11 +186,22 @@ AliasHandlePptpOut(struct ip *pip, /* IP packet to examine/patch */
tc = (struct tcphdr *) ((char *) pip + (pip->ip_hl << 2));
accumulate -= cptr->cid1;
ADJUST_CHECKSUM(accumulate, tc->th_sum);
switch (ctl_type) {
case PPTP_OutCallReply:
case PPTP_InCallReply:
codes = (PptpCode)(cptr + 1);
if (codes->resCode == 1) /* Connection established, */
SetDestCallId(pptp_link, /* note the Peer's Call ID. */
cptr->cid2);
else
SetExpire(pptp_link, 0); /* Connection refused. */
break;
case PPTP_CallDiscNotify: /* Connection closed. */
SetExpire(pptp_link, 0);
break;
}
}
break;
default:
return;
}
}
void
@ -237,28 +230,46 @@ AliasHandlePptpIn(struct ip *pip, /* IP packet to examine/patch */
case PPTP_InCallReply:
pcall_id = &cptr->cid2;
break;
case PPTP_CallDiscNotify: /* Connection closed. */
pptp_link = FindPptpInByCallId(GetDestAddress(link),
GetAliasAddress(link),
cptr->cid1);
if (pptp_link != NULL)
SetExpire(pptp_link, 0);
return;
default:
return;
}
/* Find PPTP link for address and Call ID found in PPTP Control Msg */
pptp_link = FindPptpIn(GetDestAddress(link), GetAliasAddress(link),
*pcall_id);
pptp_link = FindPptpInByPeerCallId(GetDestAddress(link),
GetAliasAddress(link),
*pcall_id);
if (pptp_link != NULL) {
int accumulate = *pcall_id;
/* alias the Call Id */
/* De-alias the Peer's Call Id. */
*pcall_id = GetOriginalPort(pptp_link);
/* Compute TCP checksum for modified packet */
tc = (struct tcphdr *) ((char *) pip + (pip->ip_hl << 2));
accumulate -= *pcall_id;
ADJUST_CHECKSUM(accumulate, tc->th_sum);
if (ctl_type == PPTP_OutCallReply || ctl_type == PPTP_InCallReply) {
PptpCode codes = (PptpCode)(cptr + 1);
if (codes->resCode == 1) /* Connection established, */
SetDestCallId(pptp_link, /* note the Call ID. */
cptr->cid1);
else
SetExpire(pptp_link, 0); /* Connection refused. */
}
}
}
PptpCallId
static PptpCallId
AliasVerifyPptp(struct ip *pip, u_int16_t *ptype) /* IP packet to examine/patch */
{
int hlen, tlen, dlen;
@ -285,6 +296,71 @@ AliasVerifyPptp(struct ip *pip, u_int16_t *ptype) /* IP packet to examine/patch
if ((ntohs(hptr->msgType) != PPTP_CTRL_MSG_TYPE) ||
(ntohl(hptr->magic) != PPTP_MAGIC))
return(NULL);
/* Verify data length. */
if ((*ptype == PPTP_OutCallReply || *ptype == PPTP_InCallReply) &&
(dlen < sizeof(struct pptpMsgHead) + sizeof(struct pptpCallIds) +
sizeof(struct pptpCodes)))
return (NULL);
else
return((PptpCallId)(((char *)hptr) + sizeof(struct pptpMsgHead)));
return (PptpCallId)(hptr + 1);
}
int
AliasHandlePptpGreOut(struct ip *pip)
{
GreHdr *gr;
struct alias_link *link;
gr = (GreHdr *)((char *)pip + (pip->ip_hl << 2));
/* Check GRE header bits. */
if ((ntohl(*((u_int32_t *)gr)) & PPTP_INIT_MASK) != PPTP_INIT_VALUE)
return (-1);
link = FindPptpOutByPeerCallId(pip->ip_src, pip->ip_dst, gr->gh_call_id);
if (link != NULL) {
struct in_addr alias_addr = GetAliasAddress(link);
/* Change source IP address. */
DifferentialChecksum(&pip->ip_sum,
(u_short *)&alias_addr,
(u_short *)&pip->ip_src,
2);
pip->ip_src = alias_addr;
}
return (0);
}
int
AliasHandlePptpGreIn(struct ip *pip)
{
GreHdr *gr;
struct alias_link *link;
gr = (GreHdr *)((char *)pip + (pip->ip_hl << 2));
/* Check GRE header bits. */
if ((ntohl(*((u_int32_t *)gr)) & PPTP_INIT_MASK) != PPTP_INIT_VALUE)
return (-1);
link = FindPptpInByPeerCallId(pip->ip_src, pip->ip_dst, gr->gh_call_id);
if (link != NULL) {
struct in_addr src_addr = GetOriginalAddress(link);
/* De-alias the Peer's Call Id. */
gr->gh_call_id = GetOriginalPort(link);
/* Restore original IP address. */
DifferentialChecksum(&pip->ip_sum,
(u_short *)&src_addr,
(u_short *)&pip->ip_dst,
2);
pip->ip_dst = src_addr;
}
return (0);
}