1 | /* $NetBSD: ip_tftp_pxy.c,v 1.5 2012/07/30 19:27:47 pgoyette Exp $ */ |
2 | |
3 | /* |
4 | * Copyright (C) 2012 by Darren Reed. |
5 | * |
6 | * See the IPFILTER.LICENCE file for details on licencing. |
7 | * |
8 | * Id: ip_tftp_pxy.c,v 1.1.1.2 2012/07/22 13:45:38 darrenr Exp |
9 | */ |
10 | |
11 | #define IPF_TFTP_PROXY |
12 | |
13 | typedef struct ipf_tftp_softc_s { |
14 | int ipf_p_tftp_readonly; |
15 | ipftuneable_t *ipf_p_tftp_tune; |
16 | } ipf_tftp_softc_t; |
17 | |
18 | int ipf_p_tftp_backchannel(fr_info_t *, ap_session_t *, nat_t *); |
19 | int ipf_p_tftp_client(ipf_tftp_softc_t *, fr_info_t *, ap_session_t *, |
20 | nat_t *); |
21 | int ipf_p_tftp_in(void *, fr_info_t *, ap_session_t *, nat_t *); |
22 | void ipf_p_tftp_main_load(void); |
23 | void ipf_p_tftp_main_unload(void); |
24 | int ipf_p_tftp_new(void *, fr_info_t *, ap_session_t *, nat_t *); |
25 | void ipf_p_tftp_del(ipf_main_softc_t *, ap_session_t *); |
26 | int ipf_p_tftp_out(void *, fr_info_t *, ap_session_t *, nat_t *); |
27 | int ipf_p_tftp_server(ipf_tftp_softc_t *, fr_info_t *, ap_session_t *, |
28 | nat_t *); |
29 | void *ipf_p_tftp_soft_create(ipf_main_softc_t *); |
30 | void ipf_p_tftp_soft_destroy(ipf_main_softc_t *, void *); |
31 | |
32 | static frentry_t tftpfr; |
33 | static int tftp_proxy_init = 0; |
34 | |
35 | typedef enum tftp_cmd_e { |
36 | TFTP_CMD_READ = 1, |
37 | TFTP_CMD_WRITE = 2, |
38 | TFTP_CMD_DATA = 3, |
39 | TFTP_CMD_ACK = 4, |
40 | TFTP_CMD_ERROR = 5 |
41 | } tftp_cmd_t; |
42 | |
43 | typedef struct tftpinfo { |
44 | tftp_cmd_t ti_lastcmd; |
45 | int ti_nextblk; |
46 | int ti_lastblk; |
47 | int ti_lasterror; |
48 | char ti_filename[80]; |
49 | ipnat_t *ti_rule; |
50 | } tftpinfo_t; |
51 | |
52 | static ipftuneable_t ipf_tftp_tuneables[] = { |
53 | { { (void *)offsetof(ipf_tftp_softc_t, ipf_p_tftp_readonly) }, |
54 | "tftp_read_only" , 0, 1, |
55 | stsizeof(ipf_tftp_softc_t, ipf_p_tftp_readonly), |
56 | 0, NULL, NULL }, |
57 | { { NULL }, NULL, 0, 0, 0, 0, NULL, NULL } |
58 | }; |
59 | |
60 | |
61 | /* |
62 | * TFTP application proxy initialization. |
63 | */ |
64 | void |
65 | ipf_p_tftp_main_load(void) |
66 | { |
67 | |
68 | bzero((char *)&tftpfr, sizeof(tftpfr)); |
69 | tftpfr.fr_ref = 1; |
70 | tftpfr.fr_flags = FR_INQUE|FR_PASS|FR_QUICK|FR_KEEPSTATE; |
71 | MUTEX_INIT(&tftpfr.fr_lock, "TFTP proxy rule lock" ); |
72 | tftp_proxy_init = 1; |
73 | } |
74 | |
75 | |
76 | void |
77 | ipf_p_tftp_main_unload(void) |
78 | { |
79 | |
80 | if (tftp_proxy_init == 1) { |
81 | MUTEX_DESTROY(&tftpfr.fr_lock); |
82 | tftp_proxy_init = 0; |
83 | } |
84 | } |
85 | |
86 | |
87 | void * |
88 | ipf_p_tftp_soft_create(ipf_main_softc_t *softc) |
89 | { |
90 | ipf_tftp_softc_t *softt; |
91 | |
92 | KMALLOC(softt, ipf_tftp_softc_t *); |
93 | if (softt == NULL) |
94 | return NULL; |
95 | |
96 | bzero((char *)softt, sizeof(*softt)); |
97 | |
98 | softt->ipf_p_tftp_tune = ipf_tune_array_copy(softt, |
99 | sizeof(ipf_tftp_tuneables), |
100 | ipf_tftp_tuneables); |
101 | if (softt->ipf_p_tftp_tune == NULL) { |
102 | ipf_p_tftp_soft_destroy(softc, softt); |
103 | return NULL; |
104 | } |
105 | if (ipf_tune_array_link(softc, softt->ipf_p_tftp_tune) == -1) { |
106 | ipf_p_tftp_soft_destroy(softc, softt); |
107 | return NULL; |
108 | } |
109 | |
110 | softt->ipf_p_tftp_readonly = 1; |
111 | |
112 | return softt; |
113 | } |
114 | |
115 | |
116 | void |
117 | ipf_p_tftp_soft_destroy(ipf_main_softc_t *softc, void *arg) |
118 | { |
119 | ipf_tftp_softc_t *softt = arg; |
120 | |
121 | if (softt->ipf_p_tftp_tune != NULL) { |
122 | ipf_tune_array_unlink(softc, softt->ipf_p_tftp_tune); |
123 | KFREES(softt->ipf_p_tftp_tune, sizeof(ipf_tftp_tuneables)); |
124 | softt->ipf_p_tftp_tune = NULL; |
125 | } |
126 | |
127 | KFREE(softt); |
128 | } |
129 | |
130 | |
131 | int |
132 | ipf_p_tftp_out(void *arg, fr_info_t *fin, ap_session_t *aps, nat_t *nat) |
133 | { |
134 | ipf_tftp_softc_t *softt = arg; |
135 | |
136 | fin->fin_flx |= FI_NOWILD; |
137 | if (nat->nat_dir == NAT_OUTBOUND) |
138 | return ipf_p_tftp_client(softt, fin, aps, nat); |
139 | return ipf_p_tftp_server(softt, fin, aps, nat); |
140 | } |
141 | |
142 | |
143 | int |
144 | ipf_p_tftp_in(void *arg, fr_info_t *fin, ap_session_t *aps, nat_t *nat) |
145 | { |
146 | ipf_tftp_softc_t *softt = arg; |
147 | |
148 | fin->fin_flx |= FI_NOWILD; |
149 | if (nat->nat_dir == NAT_INBOUND) |
150 | return ipf_p_tftp_client(softt, fin, aps, nat); |
151 | return ipf_p_tftp_server(softt, fin, aps, nat); |
152 | } |
153 | |
154 | |
155 | int |
156 | ipf_p_tftp_new(void *arg, fr_info_t *fin, ap_session_t *aps, nat_t *nat) |
157 | { |
158 | udphdr_t *udp; |
159 | tftpinfo_t *ti; |
160 | ipnat_t *ipn; |
161 | ipnat_t *np; |
162 | int size; |
163 | |
164 | fin = fin; /* LINT */ |
165 | |
166 | np = nat->nat_ptr; |
167 | size = np->in_size; |
168 | |
169 | KMALLOC(ti, tftpinfo_t *); |
170 | if (ti == NULL) |
171 | return -1; |
172 | KMALLOCS(ipn, ipnat_t *, size); |
173 | if (ipn == NULL) { |
174 | KFREE(ti); |
175 | return -1; |
176 | } |
177 | |
178 | aps->aps_data = ti; |
179 | aps->aps_psiz = sizeof(*ti); |
180 | bzero((char *)ti, sizeof(*ti)); |
181 | bzero((char *)ipn, size); |
182 | ti->ti_rule = ipn; |
183 | |
184 | udp = (udphdr_t *)fin->fin_dp; |
185 | aps->aps_sport = udp->uh_sport; |
186 | aps->aps_dport = udp->uh_dport; |
187 | |
188 | ipn->in_size = size; |
189 | ipn->in_apr = NULL; |
190 | ipn->in_use = 1; |
191 | ipn->in_hits = 1; |
192 | ipn->in_ippip = 1; |
193 | ipn->in_pr[0] = IPPROTO_UDP; |
194 | ipn->in_pr[1] = IPPROTO_UDP; |
195 | ipn->in_ifps[0] = nat->nat_ifps[0]; |
196 | ipn->in_ifps[1] = nat->nat_ifps[1]; |
197 | ipn->in_v[0] = nat->nat_ptr->in_v[1]; |
198 | ipn->in_v[1] = nat->nat_ptr->in_v[0]; |
199 | ipn->in_flags = IPN_UDP|IPN_FIXEDDPORT|IPN_PROXYRULE; |
200 | |
201 | ipn->in_nsrcip6 = nat->nat_odst6; |
202 | ipn->in_osrcip6 = nat->nat_ndst6; |
203 | |
204 | if ((np->in_redir & NAT_REDIRECT) != 0) { |
205 | ipn->in_redir = NAT_MAP; |
206 | if (ipn->in_v[0] == 4) { |
207 | ipn->in_snip = ntohl(nat->nat_odstaddr); |
208 | ipn->in_dnip = ntohl(nat->nat_nsrcaddr); |
209 | } else { |
210 | #ifdef USE_INET6 |
211 | ipn->in_snip6 = nat->nat_odst6; |
212 | ipn->in_dnip6 = nat->nat_nsrc6; |
213 | #endif |
214 | } |
215 | ipn->in_ndstip6 = nat->nat_nsrc6; |
216 | ipn->in_odstip6 = nat->nat_osrc6; |
217 | } else { |
218 | ipn->in_redir = NAT_REDIRECT; |
219 | if (ipn->in_v[0] == 4) { |
220 | ipn->in_snip = ntohl(nat->nat_odstaddr); |
221 | ipn->in_dnip = ntohl(nat->nat_osrcaddr); |
222 | } else { |
223 | #ifdef USE_INET6 |
224 | ipn->in_snip6 = nat->nat_odst6; |
225 | ipn->in_dnip6 = nat->nat_osrc6; |
226 | #endif |
227 | } |
228 | ipn->in_ndstip6 = nat->nat_osrc6; |
229 | ipn->in_odstip6 = nat->nat_nsrc6; |
230 | } |
231 | ipn->in_odport = htons(fin->fin_sport); |
232 | ipn->in_ndport = htons(fin->fin_sport); |
233 | |
234 | IP6_SETONES(&ipn->in_osrcmsk6); |
235 | IP6_SETONES(&ipn->in_nsrcmsk6); |
236 | IP6_SETONES(&ipn->in_odstmsk6); |
237 | IP6_SETONES(&ipn->in_ndstmsk6); |
238 | MUTEX_INIT(&ipn->in_lock, "tftp proxy NAT rule" ); |
239 | |
240 | ipn->in_namelen = np->in_namelen; |
241 | bcopy(np->in_names, ipn->in_ifnames, ipn->in_namelen); |
242 | ipn->in_ifnames[0] = np->in_ifnames[0]; |
243 | ipn->in_ifnames[1] = np->in_ifnames[1]; |
244 | |
245 | ti->ti_lastcmd = 0; |
246 | |
247 | return 0; |
248 | } |
249 | |
250 | |
251 | void |
252 | ipf_p_tftp_del(ipf_main_softc_t *softc, ap_session_t *aps) |
253 | { |
254 | tftpinfo_t *tftp; |
255 | |
256 | tftp = aps->aps_data; |
257 | if (tftp != NULL) { |
258 | tftp->ti_rule->in_flags |= IPN_DELETE; |
259 | ipf_nat_rule_deref(softc, &tftp->ti_rule); |
260 | } |
261 | } |
262 | |
263 | |
264 | /* |
265 | * Setup for a new TFTP proxy. |
266 | */ |
267 | int |
268 | ipf_p_tftp_backchannel(fr_info_t *fin, ap_session_t *aps, nat_t *nat) |
269 | { |
270 | ipf_main_softc_t *softc = fin->fin_main_soft; |
271 | #ifdef USE_MUTEXES |
272 | ipf_nat_softc_t *softn = softc->ipf_nat_soft; |
273 | #endif |
274 | #ifdef USE_INET6 |
275 | i6addr_t swip6, sw2ip6; |
276 | ip6_t *ip6; |
277 | #endif |
278 | struct in_addr swip, sw2ip; |
279 | tftpinfo_t *ti; |
280 | udphdr_t udp; |
281 | fr_info_t fi; |
282 | u_short slen = 0; |
283 | nat_t *nat2 = NULL; |
284 | int nflags; |
285 | ip_t *ip; |
286 | int dir; |
287 | |
288 | ti = aps->aps_data; |
289 | /* |
290 | * Add skeleton NAT entry for connection which will come back the |
291 | * other way. |
292 | */ |
293 | bcopy((char *)fin, (char *)&fi, sizeof(fi)); |
294 | fi.fin_flx |= FI_IGNORE; |
295 | fi.fin_data[1] = 0; |
296 | |
297 | bzero((char *)&udp, sizeof(udp)); |
298 | udp.uh_sport = 0; /* XXX - don't specify remote port */ |
299 | udp.uh_dport = ti->ti_rule->in_ndport; |
300 | udp.uh_ulen = htons(sizeof(udp)); |
301 | udp.uh_sum = 0; |
302 | |
303 | fi.fin_fr = &tftpfr; |
304 | fi.fin_dp = (char *)&udp; |
305 | fi.fin_sport = 0; |
306 | fi.fin_dport = ntohs(ti->ti_rule->in_ndport); |
307 | fi.fin_dlen = sizeof(udp); |
308 | fi.fin_plen = fi.fin_hlen + sizeof(udp); |
309 | fi.fin_flx &= FI_LOWTTL|FI_FRAG|FI_TCPUDP|FI_OPTIONS|FI_IGNORE; |
310 | nflags = NAT_SLAVE|IPN_UDP|SI_W_SPORT; |
311 | #ifdef USE_INET6 |
312 | ip6 = (ip6_t *)fin->fin_ip; |
313 | #endif |
314 | ip = fin->fin_ip; |
315 | sw2ip.s_addr = 0; |
316 | swip.s_addr = 0; |
317 | |
318 | fi.fin_src6 = nat->nat_ndst6; |
319 | fi.fin_dst6 = nat->nat_nsrc6; |
320 | if (nat->nat_v[0] == 4) { |
321 | slen = ip->ip_len; |
322 | ip->ip_len = htons(fin->fin_hlen + sizeof(udp)); |
323 | swip = ip->ip_src; |
324 | sw2ip = ip->ip_dst; |
325 | ip->ip_src = nat->nat_ndstip; |
326 | ip->ip_dst = nat->nat_nsrcip; |
327 | } else { |
328 | #ifdef USE_INET6 |
329 | slen = ip6->ip6_plen; |
330 | ip6->ip6_plen = htons(sizeof(udp)); |
331 | swip6.in6 = ip6->ip6_src; |
332 | sw2ip6.in6 = ip6->ip6_dst; |
333 | ip6->ip6_src = nat->nat_ndst6.in6; |
334 | ip6->ip6_dst = nat->nat_nsrc6.in6; |
335 | #endif |
336 | } |
337 | |
338 | if (nat->nat_dir == NAT_INBOUND) { |
339 | dir = NAT_OUTBOUND; |
340 | fi.fin_out = 1; |
341 | } else { |
342 | dir = NAT_INBOUND; |
343 | fi.fin_out = 0; |
344 | } |
345 | nflags |= NAT_NOTRULEPORT; |
346 | |
347 | MUTEX_ENTER(&softn->ipf_nat_new); |
348 | if (nat->nat_v[0] == 4) |
349 | nat2 = ipf_nat_add(&fi, ti->ti_rule, NULL, nflags, dir); |
350 | #ifdef USE_INET6 |
351 | else |
352 | nat2 = ipf_nat6_add(&fi, ti->ti_rule, NULL, nflags, dir); |
353 | #endif |
354 | MUTEX_EXIT(&softn->ipf_nat_new); |
355 | if (nat2 != NULL) { |
356 | (void) ipf_nat_proto(&fi, nat2, IPN_UDP); |
357 | ipf_nat_update(&fi, nat2); |
358 | fi.fin_ifp = NULL; |
359 | if (ti->ti_rule->in_redir == NAT_MAP) { |
360 | fi.fin_src6 = nat->nat_ndst6; |
361 | fi.fin_dst6 = nat->nat_nsrc6; |
362 | if (nat->nat_v[0] == 4) { |
363 | ip->ip_src = nat->nat_ndstip; |
364 | ip->ip_dst = nat->nat_nsrcip; |
365 | } else { |
366 | #ifdef USE_INET6 |
367 | ip6->ip6_src = nat->nat_ndst6.in6; |
368 | ip6->ip6_dst = nat->nat_nsrc6.in6; |
369 | #endif |
370 | } |
371 | } else { |
372 | fi.fin_src6 = nat->nat_odst6; |
373 | fi.fin_dst6 = nat->nat_osrc6; |
374 | if (fin->fin_v == 4) { |
375 | ip->ip_src = nat->nat_odstip; |
376 | ip->ip_dst = nat->nat_osrcip; |
377 | } else { |
378 | #ifdef USE_INET6 |
379 | ip6->ip6_src = nat->nat_odst6.in6; |
380 | ip6->ip6_dst = nat->nat_osrc6.in6; |
381 | #endif |
382 | } |
383 | } |
384 | if (ipf_state_add(softc, &fi, NULL, SI_W_SPORT) != 0) { |
385 | ipf_nat_setpending(softc, nat2); |
386 | } |
387 | } |
388 | if (nat->nat_v[0] == 4) { |
389 | ip->ip_len = slen; |
390 | ip->ip_src = swip; |
391 | ip->ip_dst = sw2ip; |
392 | } else { |
393 | #ifdef USE_INET6 |
394 | ip6->ip6_plen = slen; |
395 | ip6->ip6_src = swip6.in6; |
396 | ip6->ip6_dst = sw2ip6.in6; |
397 | #endif |
398 | } |
399 | return 0; |
400 | } |
401 | |
402 | |
403 | int |
404 | ipf_p_tftp_client(ipf_tftp_softc_t *softt, fr_info_t *fin, ap_session_t *aps, |
405 | nat_t *nat) |
406 | { |
407 | u_char *msg, *s, *t; |
408 | tftpinfo_t *ti; |
409 | u_short opcode; |
410 | udphdr_t *udp; |
411 | int len; |
412 | |
413 | if (fin->fin_dlen < 4) |
414 | return 0; |
415 | |
416 | ti = aps->aps_data; |
417 | msg = fin->fin_dp; |
418 | msg += sizeof(udphdr_t); |
419 | opcode = (msg[0] << 8) | msg[1]; |
420 | DT3(tftp_cmd, fr_info_t *, fin, int, opcode, nat_t *, nat); |
421 | |
422 | switch (opcode) |
423 | { |
424 | case TFTP_CMD_WRITE : |
425 | if (softt->ipf_p_tftp_readonly != 0) |
426 | break; |
427 | /* FALLTHROUGH */ |
428 | case TFTP_CMD_READ : |
429 | len = fin->fin_dlen - sizeof(*udp) - 2; |
430 | if (len > sizeof(ti->ti_filename) - 1) |
431 | len = sizeof(ti->ti_filename) - 1; |
432 | s = msg + 2; |
433 | for (t = (u_char *)ti->ti_filename; (len > 0); len--, s++) { |
434 | *t++ = *s; |
435 | if (*s == '\0') |
436 | break; |
437 | } |
438 | ipf_p_tftp_backchannel(fin, aps, nat); |
439 | break; |
440 | default : |
441 | return -1; |
442 | } |
443 | |
444 | ti = aps->aps_data; |
445 | ti->ti_lastcmd = opcode; |
446 | return 0; |
447 | } |
448 | |
449 | |
450 | int |
451 | ipf_p_tftp_server(ipf_tftp_softc_t *softt, fr_info_t *fin, ap_session_t *aps, |
452 | nat_t *nat) |
453 | { |
454 | tftpinfo_t *ti; |
455 | u_short opcode; |
456 | u_short arg; |
457 | u_char *msg; |
458 | |
459 | if (fin->fin_dlen < 4) |
460 | return 0; |
461 | |
462 | ti = aps->aps_data; |
463 | msg = fin->fin_dp; |
464 | msg += sizeof(udphdr_t); |
465 | arg = (msg[2] << 8) | msg[3]; |
466 | opcode = (msg[0] << 8) | msg[1]; |
467 | |
468 | switch (opcode) |
469 | { |
470 | case TFTP_CMD_ACK : |
471 | ti->ti_lastblk = arg; |
472 | break; |
473 | |
474 | case TFTP_CMD_ERROR : |
475 | ti->ti_lasterror = arg; |
476 | break; |
477 | |
478 | default : |
479 | return -1; |
480 | } |
481 | |
482 | ti->ti_lastcmd = opcode; |
483 | return 0; |
484 | } |
485 | |