patch-2.3.15 linux/net/ipv4/ip_masq_ftp.c
Next file: linux/net/ipv4/ip_masq_irc.c
Previous file: linux/net/ipv4/ip_masq_cuseeme.c
Back to the patch index
Back to the overall index
- Lines: 394
- Date:
Wed Dec 31 16:00:00 1969
- Orig file:
v2.3.14/linux/net/ipv4/ip_masq_ftp.c
- Orig date:
Mon Oct 5 12:28:09 1998
diff -u --recursive --new-file v2.3.14/linux/net/ipv4/ip_masq_ftp.c linux/net/ipv4/ip_masq_ftp.c
@@ -1,393 +0,0 @@
-/*
- * IP_MASQ_FTP ftp masquerading module
- *
- *
- * Version: @(#)ip_masq_ftp.c 0.04 02/05/96
- *
- * Author: Wouter Gadeyne
- *
- *
- * Fixes:
- * Wouter Gadeyne : Fixed masquerading support of ftp PORT commands
- * Juan Jose Ciarlante : Code moved and adapted from ip_fw.c
- * Keith Owens : Add keep alive for ftp control channel
- * Nigel Metheringham : Added multiple port support
- * Juan Jose Ciarlante : Use control_add() for ftp control chan
- * Juan Jose Ciarlante : Litl bits for 2.1
- * Juan Jose Ciarlante : use ip_masq_listen()
- * Juan Jose Ciarlante : use private app_data for own flag(s)
- *
- *
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License
- * as published by the Free Software Foundation; either version
- * 2 of the License, or (at your option) any later version.
- *
- * Multiple Port Support
- * The helper can be made to handle up to MAX_MASQ_APP_PORTS (normally 12)
- * with the port numbers being defined at module load time. The module
- * uses the symbol "ports" to define a list of monitored ports, which can
- * be specified on the insmod command line as
- * ports=x1,x2,x3...
- * where x[n] are integer port numbers. This option can be put into
- * /etc/conf.modules (or /etc/modules.conf depending on your config)
- * where modload will pick it up should you use modload to load your
- * modules.
- *
- */
-
-#include <linux/config.h>
-#include <linux/module.h>
-#include <asm/system.h>
-#include <linux/types.h>
-#include <linux/kernel.h>
-#include <linux/skbuff.h>
-#include <linux/in.h>
-#include <linux/ip.h>
-#include <linux/init.h>
-#include <net/protocol.h>
-#include <net/tcp.h>
-
-/* #define IP_MASQ_NDEBUG */
-#include <net/ip_masq.h>
-
-
-/*
- * List of ports (up to MAX_MASQ_APP_PORTS) to be handled by helper
- * First port is set to the default port.
- */
-static int ports[MAX_MASQ_APP_PORTS] = {21}; /* I rely on the trailing items being set to zero */
-struct ip_masq_app *masq_incarnations[MAX_MASQ_APP_PORTS];
-
-/*
- * Debug level
- */
-#ifdef CONFIG_IP_MASQ_DEBUG
-static int debug=0;
-MODULE_PARM(debug, "i");
-#endif
-
-MODULE_PARM(ports, "1-" __MODULE_STRING(MAX_MASQ_APP_PORTS) "i");
-
-/* Dummy variable */
-static int masq_ftp_pasv;
-
-static int
-masq_ftp_init_1 (struct ip_masq_app *mapp, struct ip_masq *ms)
-{
- MOD_INC_USE_COUNT;
- return 0;
-}
-
-static int
-masq_ftp_done_1 (struct ip_masq_app *mapp, struct ip_masq *ms)
-{
- MOD_DEC_USE_COUNT;
- return 0;
-}
-
-int
-masq_ftp_out (struct ip_masq_app *mapp, struct ip_masq *ms, struct sk_buff **skb_p, __u32 maddr)
-{
- struct sk_buff *skb;
- struct iphdr *iph;
- struct tcphdr *th;
- char *p, *data, *data_limit;
- unsigned char p1,p2,p3,p4,p5,p6;
- __u32 from;
- __u16 port;
- struct ip_masq *n_ms;
- char buf[24]; /* xxx.xxx.xxx.xxx,ppp,ppp\000 */
- unsigned buf_len;
- int diff;
-
- skb = *skb_p;
- iph = skb->nh.iph;
- th = (struct tcphdr *)&(((char *)iph)[iph->ihl*4]);
- data = (char *)&th[1];
-
- data_limit = skb->h.raw + skb->len - 18;
- if (skb->len >= 6 && (memcmp(data, "PASV\r\n", 6) == 0 || memcmp(data, "pasv\r\n", 6) == 0))
- ms->app_data = &masq_ftp_pasv;
-
- while (data < data_limit)
- {
- if (memcmp(data,"PORT ",5) && memcmp(data,"port ",5))
- {
- data ++;
- continue;
- }
- p = data+5;
- p1 = simple_strtoul(data+5,&data,10);
- if (*data!=',')
- continue;
- p2 = simple_strtoul(data+1,&data,10);
- if (*data!=',')
- continue;
- p3 = simple_strtoul(data+1,&data,10);
- if (*data!=',')
- continue;
- p4 = simple_strtoul(data+1,&data,10);
- if (*data!=',')
- continue;
- p5 = simple_strtoul(data+1,&data,10);
- if (*data!=',')
- continue;
- p6 = simple_strtoul(data+1,&data,10);
- if (*data!='\r' && *data!='\n')
- continue;
-
- from = (p1<<24) | (p2<<16) | (p3<<8) | p4;
- port = (p5<<8) | p6;
-
- IP_MASQ_DEBUG(1-debug, "PORT %X:%X detected\n",from,port);
-
- /*
- * Now update or create an masquerade entry for it
- */
-
- IP_MASQ_DEBUG(1-debug, "protocol %d %lX:%X %X:%X\n", iph->protocol, htonl(from), htons(port), iph->daddr, 0);
-
- n_ms = ip_masq_out_get(iph->protocol,
- htonl(from), htons(port),
- iph->daddr, 0);
- if (!n_ms) {
- n_ms = ip_masq_new(IPPROTO_TCP,
- maddr, 0,
- htonl(from), htons(port),
- iph->daddr, 0,
- IP_MASQ_F_NO_DPORT);
-
- if (n_ms==NULL)
- return 0;
- ip_masq_control_add(n_ms, ms);
- }
-
- /*
- * Replace the old PORT with the new one
- */
- from = ntohl(n_ms->maddr);
- port = ntohs(n_ms->mport);
- sprintf(buf,"%d,%d,%d,%d,%d,%d",
- from>>24&255,from>>16&255,from>>8&255,from&255,
- port>>8&255,port&255);
- buf_len = strlen(buf);
-
- IP_MASQ_DEBUG(1-debug, "new PORT %X:%X\n",from,port);
-
- /*
- * Calculate required delta-offset to keep TCP happy
- */
-
- diff = buf_len - (data-p);
-
- /*
- * No shift.
- */
-
- if (diff==0) {
- /*
- * simple case, just replace the old PORT cmd
- */
- memcpy(p,buf,buf_len);
- } else {
-
- *skb_p = ip_masq_skb_replace(skb, GFP_ATOMIC, p, data-p, buf, buf_len);
- }
- /*
- * Move tunnel to listen state
- */
- ip_masq_listen(n_ms);
- ip_masq_put(n_ms);
-
- return diff;
-
- }
- return 0;
-
-}
-
-/*
- * Look at incoming ftp packets to catch the response to a PASV command. When
- * we see one we build a masquerading entry for the client address, client port
- * 0 (unknown at the moment), the server address and the server port. Mark the
- * current masquerade entry as a control channel and point the new entry at the
- * control entry. All this work just for ftp keepalive across masquerading.
- *
- * The incoming packet should be something like
- * "227 Entering Passive Mode (xxx,xxx,xxx,xxx,ppp,ppp)".
- * xxx,xxx,xxx,xxx is the server address, ppp,ppp is the server port number.
- * ncftp 2.3.0 cheats by skipping the leading number then going 22 bytes into
- * the data so we do the same. If it's good enough for ncftp then it's good
- * enough for me.
- *
- * In this case, the client is the source machine being masqueraded, the server
- * is the destination for ftp requests. It all depends on your point of view ...
- */
-
-int
-masq_ftp_in (struct ip_masq_app *mapp, struct ip_masq *ms, struct sk_buff **skb_p, __u32 maddr)
-{
- struct sk_buff *skb;
- struct iphdr *iph;
- struct tcphdr *th;
- char *data, *data_limit;
- unsigned char p1,p2,p3,p4,p5,p6;
- __u32 to;
- __u16 port;
- struct ip_masq *n_ms;
-
- if (ms->app_data != &masq_ftp_pasv)
- return 0; /* quick exit if no outstanding PASV */
-
- skb = *skb_p;
- iph = skb->nh.iph;
- th = (struct tcphdr *)&(((char *)iph)[iph->ihl*4]);
- data = (char *)&th[1];
- data_limit = skb->h.raw + skb->len;
-
- while (data < data_limit && *data != ' ')
- ++data;
- while (data < data_limit && *data == ' ')
- ++data;
- data += 22;
- if (data >= data_limit || *data != '(')
- return 0;
- p1 = simple_strtoul(data+1, &data, 10);
- if (data >= data_limit || *data != ',')
- return 0;
- p2 = simple_strtoul(data+1, &data, 10);
- if (data >= data_limit || *data != ',')
- return 0;
- p3 = simple_strtoul(data+1, &data, 10);
- if (data >= data_limit || *data != ',')
- return 0;
- p4 = simple_strtoul(data+1, &data, 10);
- if (data >= data_limit || *data != ',')
- return 0;
- p5 = simple_strtoul(data+1, &data, 10);
- if (data >= data_limit || *data != ',')
- return 0;
- p6 = simple_strtoul(data+1, &data, 10);
- if (data >= data_limit || *data != ')')
- return 0;
-
- to = (p1<<24) | (p2<<16) | (p3<<8) | p4;
- port = (p5<<8) | p6;
-
- /*
- * Now update or create an masquerade entry for it
- */
- IP_MASQ_DEBUG(1-debug, "PASV response %lX:%X %X:%X detected\n", ntohl(ms->saddr), 0, to, port);
-
- n_ms = ip_masq_out_get(iph->protocol,
- ms->saddr, 0,
- htonl(to), htons(port));
- if (!n_ms) {
- n_ms = ip_masq_new(IPPROTO_TCP,
- maddr, 0,
- ms->saddr, 0,
- htonl(to), htons(port),
- IP_MASQ_F_NO_SPORT);
-
- if (n_ms==NULL)
- return 0;
- ip_masq_control_add(n_ms, ms);
- }
-
-#if 0 /* v0.12 state processing */
-
- /*
- * keep for a bit longer than tcp_fin, client may not issue open
- * to server port before tcp_fin_timeout.
- */
- n_ms->timeout = ip_masq_expire->tcp_fin_timeout*3;
-#endif
- ms->app_data = NULL;
- ip_masq_put(n_ms);
-
- return 0; /* no diff required for incoming packets, thank goodness */
-}
-
-struct ip_masq_app ip_masq_ftp = {
- NULL, /* next */
- "ftp", /* name */
- 0, /* type */
- 0, /* n_attach */
- masq_ftp_init_1, /* ip_masq_init_1 */
- masq_ftp_done_1, /* ip_masq_done_1 */
- masq_ftp_out, /* pkt_out */
- masq_ftp_in, /* pkt_in */
-};
-
-/*
- * ip_masq_ftp initialization
- */
-
-__initfunc(int ip_masq_ftp_init(void))
-{
- int i, j;
-
- for (i=0; (i<MAX_MASQ_APP_PORTS); i++) {
- if (ports[i]) {
- if ((masq_incarnations[i] = kmalloc(sizeof(struct ip_masq_app),
- GFP_KERNEL)) == NULL)
- return -ENOMEM;
- memcpy(masq_incarnations[i], &ip_masq_ftp, sizeof(struct ip_masq_app));
- if ((j = register_ip_masq_app(masq_incarnations[i],
- IPPROTO_TCP,
- ports[i]))) {
- return j;
- }
- IP_MASQ_DEBUG(1-debug, "Ftp: loaded support on port[%d] = %d\n",
- i, ports[i]);
- } else {
- /* To be safe, force the incarnation table entry to NULL */
- masq_incarnations[i] = NULL;
- }
- }
- return 0;
-}
-
-/*
- * ip_masq_ftp fin.
- */
-
-int ip_masq_ftp_done(void)
-{
- int i, j, k;
-
- k=0;
- for (i=0; (i<MAX_MASQ_APP_PORTS); i++) {
- if (masq_incarnations[i]) {
- if ((j = unregister_ip_masq_app(masq_incarnations[i]))) {
- k = j;
- } else {
- kfree(masq_incarnations[i]);
- masq_incarnations[i] = NULL;
- IP_MASQ_DEBUG(1-debug, "Ftp: unloaded support on port[%d] = %d\n",
- i, ports[i]);
- }
- }
- }
- return k;
-}
-
-#ifdef MODULE
-EXPORT_NO_SYMBOLS;
-
-int init_module(void)
-{
- if (ip_masq_ftp_init() != 0)
- return -EIO;
- return 0;
-}
-
-void cleanup_module(void)
-{
- if (ip_masq_ftp_done() != 0)
- printk(KERN_INFO "ip_masq_ftp: can't remove module");
-}
-
-#endif /* MODULE */
FUNET's LINUX-ADM group, linux-adm@nic.funet.fi
TCL-scripts by Sam Shen (who was at: slshen@lbl.gov)