| ip_ftp_pxy.c (80482) | ip_ftp_pxy.c (92685) |
|---|---|
| 1/* 2 * Simple FTP transparent proxy for in-kernel use. For use with the NAT 3 * code. 4 * | 1/* 2 * Simple FTP transparent proxy for in-kernel use. For use with the NAT 3 * code. 4 * |
| 5 * $FreeBSD: head/sys/contrib/ipfilter/netinet/ip_ftp_pxy.c 80482 2001-07-28 11:58:26Z darrenr $ | 5 * $FreeBSD: head/sys/contrib/ipfilter/netinet/ip_ftp_pxy.c 92685 2002-03-19 11:44:16Z darrenr $ |
| 6 */ 7#if SOLARIS && defined(_KERNEL) 8extern kmutex_t ipf_rw; 9#endif 10 11#define isdigit(x) ((x) >= '0' && (x) <= '9') 12#define isupper(x) (((unsigned)(x) >= 'A') && ((unsigned)(x) <= 'Z')) 13#define islower(x) (((unsigned)(x) >= 'a') && ((unsigned)(x) <= 'z')) --- 30 unchanged lines hidden (view full) --- 44int ippr_ftp_in __P((fr_info_t *, ip_t *, ap_session_t *, nat_t *)); 45int ippr_ftp_init __P((void)); 46int ippr_ftp_new __P((fr_info_t *, ip_t *, ap_session_t *, nat_t *)); 47int ippr_ftp_out __P((fr_info_t *, ip_t *, ap_session_t *, nat_t *)); 48int ippr_ftp_pasv __P((fr_info_t *, ip_t *, nat_t *, ftpside_t *, int)); 49int ippr_ftp_port __P((fr_info_t *, ip_t *, nat_t *, ftpside_t *, int)); 50int ippr_ftp_process __P((fr_info_t *, ip_t *, nat_t *, ftpinfo_t *, int)); 51int ippr_ftp_server __P((fr_info_t *, ip_t *, nat_t *, ftpinfo_t *, int)); | 6 */ 7#if SOLARIS && defined(_KERNEL) 8extern kmutex_t ipf_rw; 9#endif 10 11#define isdigit(x) ((x) >= '0' && (x) <= '9') 12#define isupper(x) (((unsigned)(x) >= 'A') && ((unsigned)(x) <= 'Z')) 13#define islower(x) (((unsigned)(x) >= 'a') && ((unsigned)(x) <= 'z')) --- 30 unchanged lines hidden (view full) --- 44int ippr_ftp_in __P((fr_info_t *, ip_t *, ap_session_t *, nat_t *)); 45int ippr_ftp_init __P((void)); 46int ippr_ftp_new __P((fr_info_t *, ip_t *, ap_session_t *, nat_t *)); 47int ippr_ftp_out __P((fr_info_t *, ip_t *, ap_session_t *, nat_t *)); 48int ippr_ftp_pasv __P((fr_info_t *, ip_t *, nat_t *, ftpside_t *, int)); 49int ippr_ftp_port __P((fr_info_t *, ip_t *, nat_t *, ftpside_t *, int)); 50int ippr_ftp_process __P((fr_info_t *, ip_t *, nat_t *, ftpinfo_t *, int)); 51int ippr_ftp_server __P((fr_info_t *, ip_t *, nat_t *, ftpinfo_t *, int)); |
| 52int ippr_ftp_valid __P((char *, size_t)); | 52int ippr_ftp_valid __P((int, char *, size_t)); 53int ippr_ftp_server_valid __P((char *, size_t)); 54int ippr_ftp_client_valid __P((char *, size_t)); |
| 53u_short ippr_ftp_atoi __P((char **)); 54 | 55u_short ippr_ftp_atoi __P((char **)); 56 |
| 55static frentry_t natfr; | 57static frentry_t ftppxyfr; |
| 56int ippr_ftp_pasvonly = 0; 57int ippr_ftp_insecure = 0; 58 59 60/* 61 * Initialize local structures. 62 */ 63int ippr_ftp_init() 64{ | 58int ippr_ftp_pasvonly = 0; 59int ippr_ftp_insecure = 0; 60 61 62/* 63 * Initialize local structures. 64 */ 65int ippr_ftp_init() 66{ |
| 65 bzero((char *)&natfr, sizeof(natfr)); 66 natfr.fr_ref = 1; 67 natfr.fr_flags = FR_INQUE|FR_PASS|FR_QUICK|FR_KEEPSTATE; | 67 bzero((char *)&ftppxyfr, sizeof(ftppxyfr)); 68 ftppxyfr.fr_ref = 1; 69 ftppxyfr.fr_flags = FR_INQUE|FR_PASS|FR_QUICK|FR_KEEPSTATE; |
| 68 return 0; 69} 70 71 72int ippr_ftp_new(fin, ip, aps, nat) 73fr_info_t *fin; 74ip_t *ip; 75ap_session_t *aps; --- 24 unchanged lines hidden (view full) --- 100fr_info_t *fin; 101ip_t *ip; 102nat_t *nat; 103ftpside_t *f; 104int dlen; 105{ 106 tcphdr_t *tcp, tcph, *tcp2 = &tcph; 107 char newbuf[IPF_FTPBUFSZ], *s; | 70 return 0; 71} 72 73 74int ippr_ftp_new(fin, ip, aps, nat) 75fr_info_t *fin; 76ip_t *ip; 77ap_session_t *aps; --- 24 unchanged lines hidden (view full) --- 102fr_info_t *fin; 103ip_t *ip; 104nat_t *nat; 105ftpside_t *f; 106int dlen; 107{ 108 tcphdr_t *tcp, tcph, *tcp2 = &tcph; 109 char newbuf[IPF_FTPBUFSZ], *s; |
| 108 u_short a5, a6, sp, dp; | |
| 109 u_int a1, a2, a3, a4; 110 struct in_addr swip; | 110 u_int a1, a2, a3, a4; 111 struct in_addr swip; |
| 112 u_short a5, a6, sp; |
|
| 111 size_t nlen, olen; 112 fr_info_t fi; 113 int inc, off; 114 nat_t *ipn; 115 mb_t *m; 116#if SOLARIS 117 mb_t *m1; 118#endif --- 49 unchanged lines hidden (view full) --- 168 * Calculate new address parts for PORT command 169 */ 170 a1 = ntohl(ip->ip_src.s_addr); 171 a2 = (a1 >> 16) & 0xff; 172 a3 = (a1 >> 8) & 0xff; 173 a4 = a1 & 0xff; 174 a1 >>= 24; 175 olen = s - f->ftps_rptr; | 113 size_t nlen, olen; 114 fr_info_t fi; 115 int inc, off; 116 nat_t *ipn; 117 mb_t *m; 118#if SOLARIS 119 mb_t *m1; 120#endif --- 49 unchanged lines hidden (view full) --- 170 * Calculate new address parts for PORT command 171 */ 172 a1 = ntohl(ip->ip_src.s_addr); 173 a2 = (a1 >> 16) & 0xff; 174 a3 = (a1 >> 8) & 0xff; 175 a4 = a1 & 0xff; 176 a1 >>= 24; 177 olen = s - f->ftps_rptr; |
| 176 /* DO NOT change this to sprintf! */ | 178 /* DO NOT change this to snprintf! */ |
| 177 (void) sprintf(newbuf, "%s %u,%u,%u,%u,%u,%u\r\n", 178 "PORT", a1, a2, a3, a4, a5, a6); 179 180 nlen = strlen(newbuf); 181 inc = nlen - olen; 182 if ((inc + ip->ip_len) > 65535) 183 return 0; 184 --- 51 unchanged lines hidden (view full) --- 236#endif 237 ip->ip_len += inc; 238 } 239 240 /* 241 * Add skeleton NAT entry for connection which will come back the 242 * other way. 243 */ | 179 (void) sprintf(newbuf, "%s %u,%u,%u,%u,%u,%u\r\n", 180 "PORT", a1, a2, a3, a4, a5, a6); 181 182 nlen = strlen(newbuf); 183 inc = nlen - olen; 184 if ((inc + ip->ip_len) > 65535) 185 return 0; 186 --- 51 unchanged lines hidden (view full) --- 238#endif 239 ip->ip_len += inc; 240 } 241 242 /* 243 * Add skeleton NAT entry for connection which will come back the 244 * other way. 245 */ |
| 244 sp = htons(a5 << 8 | a6); | 246 sp = (a5 << 8 | a6); |
| 245 /* 246 * Don't allow the PORT command to specify a port < 1024 due to 247 * security crap. 248 */ | 247 /* 248 * Don't allow the PORT command to specify a port < 1024 due to 249 * security crap. 250 */ |
| 249 if (ntohs(sp) < 1024) | 251 if (sp < 1024) |
| 250 return 0; 251 /* 252 * The server may not make the connection back from port 20, but 253 * it is the most likely so use it here to check for a conflicting 254 * mapping. 255 */ | 252 return 0; 253 /* 254 * The server may not make the connection back from port 20, but 255 * it is the most likely so use it here to check for a conflicting 256 * mapping. 257 */ |
| 256 dp = htons(fin->fin_data[1] - 1); 257 ipn = nat_outlookup(fin->fin_ifp, IPN_TCP, nat->nat_p, nat->nat_inip, 258 ip->ip_dst, (dp << 16) | sp, 0); | 258 bcopy((char *)fin, (char *)&fi, sizeof(fi)); 259 fi.fin_data[0] = sp; 260 fi.fin_data[1] = fin->fin_data[1] - 1; 261 ipn = nat_outlookup(&fi, IPN_TCP, nat->nat_p, nat->nat_inip, 262 ip->ip_dst, 0); |
| 259 if (ipn == NULL) { 260 int slen; 261 262 slen = ip->ip_len; 263 ip->ip_len = fin->fin_hlen + sizeof(*tcp2); | 263 if (ipn == NULL) { 264 int slen; 265 266 slen = ip->ip_len; 267 ip->ip_len = fin->fin_hlen + sizeof(*tcp2); |
| 264 bcopy((char *)fin, (char *)&fi, sizeof(fi)); | |
| 265 bzero((char *)tcp2, sizeof(*tcp2)); 266 tcp2->th_win = htons(8192); | 268 bzero((char *)tcp2, sizeof(*tcp2)); 269 tcp2->th_win = htons(8192); |
| 267 tcp2->th_sport = sp; | 270 tcp2->th_sport = htons(sp); |
| 268 tcp2->th_off = 5; 269 tcp2->th_dport = 0; /* XXX - don't specify remote port */ | 271 tcp2->th_off = 5; 272 tcp2->th_dport = 0; /* XXX - don't specify remote port */ |
| 270 fi.fin_data[0] = ntohs(sp); | |
| 271 fi.fin_data[1] = 0; 272 fi.fin_dlen = sizeof(*tcp2); 273 fi.fin_dp = (char *)tcp2; | 273 fi.fin_data[1] = 0; 274 fi.fin_dlen = sizeof(*tcp2); 275 fi.fin_dp = (char *)tcp2; |
| 274 fi.fin_fr = &natfr; | 276 fi.fin_fr = &ftppxyfr; |
| 275 fi.fin_out = 1; 276 swip = ip->ip_src; 277 fi.fin_fi.fi_saddr = nat->nat_inip.s_addr; 278 ip->ip_src = nat->nat_inip; | 277 fi.fin_out = 1; 278 swip = ip->ip_src; 279 fi.fin_fi.fi_saddr = nat->nat_inip.s_addr; 280 ip->ip_src = nat->nat_inip; |
| 279 ipn = nat_new(nat->nat_ptr, ip, &fi, IPN_TCP|FI_W_DPORT, | 281 ipn = nat_new(&fi, ip, nat->nat_ptr, NULL, IPN_TCP|FI_W_DPORT, |
| 280 NAT_OUTBOUND); 281 if (ipn != NULL) { 282 ipn->nat_age = fr_defnatage; | 282 NAT_OUTBOUND); 283 if (ipn != NULL) { 284 ipn->nat_age = fr_defnatage; |
| 283 (void) fr_addstate(ip, &fi, FI_W_DPORT); | 285 (void) fr_addstate(ip, &fi, NULL, 286 FI_W_DPORT|FI_IGNOREPKT); |
| 284 } 285 ip->ip_len = slen; 286 ip->ip_src = swip; 287 } 288 return APR_INC(inc); 289} 290 291 --- 43 unchanged lines hidden (view full) --- 335 } else if (ftp->ftp_passok == FTPXY_USOK_2) { 336 ftp->ftp_passok = FTPXY_PASS_2; 337 ftp->ftp_incok = 1; 338 } 339 } else if ((ftp->ftp_passok == FTPXY_AUOK_1) && 340 !strncmp(cmd, "ADAT ", 5)) { 341 ftp->ftp_passok = FTPXY_ADAT_1; 342 ftp->ftp_incok = 1; | 287 } 288 ip->ip_len = slen; 289 ip->ip_src = swip; 290 } 291 return APR_INC(inc); 292} 293 294 --- 43 unchanged lines hidden (view full) --- 338 } else if (ftp->ftp_passok == FTPXY_USOK_2) { 339 ftp->ftp_passok = FTPXY_PASS_2; 340 ftp->ftp_incok = 1; 341 } 342 } else if ((ftp->ftp_passok == FTPXY_AUOK_1) && 343 !strncmp(cmd, "ADAT ", 5)) { 344 ftp->ftp_passok = FTPXY_ADAT_1; 345 ftp->ftp_incok = 1; |
| 343 } else if ((ftp->ftp_passok == FTPXY_PAOK_2) && | 346 } else if ((ftp->ftp_passok == FTPXY_PAOK_1 || 347 ftp->ftp_passok == FTPXY_PAOK_2) && |
| 344 !strncmp(cmd, "ACCT ", 5)) { 345 ftp->ftp_passok = FTPXY_ACCT_1; 346 ftp->ftp_incok = 1; 347 } else if ((ftp->ftp_passok == FTPXY_GO) && !ippr_ftp_pasvonly && 348 !strncmp(cmd, "PORT ", 5)) { 349 inc = ippr_ftp_port(fin, ip, nat, f, dlen); 350 } else if (ippr_ftp_insecure && !ippr_ftp_pasvonly && 351 !strncmp(cmd, "PORT ", 5)) { --- 11 unchanged lines hidden (view full) --- 363fr_info_t *fin; 364ip_t *ip; 365nat_t *nat; 366ftpside_t *f; 367int dlen; 368{ 369 tcphdr_t *tcp, tcph, *tcp2 = &tcph; 370 struct in_addr swip, swip2; | 348 !strncmp(cmd, "ACCT ", 5)) { 349 ftp->ftp_passok = FTPXY_ACCT_1; 350 ftp->ftp_incok = 1; 351 } else if ((ftp->ftp_passok == FTPXY_GO) && !ippr_ftp_pasvonly && 352 !strncmp(cmd, "PORT ", 5)) { 353 inc = ippr_ftp_port(fin, ip, nat, f, dlen); 354 } else if (ippr_ftp_insecure && !ippr_ftp_pasvonly && 355 !strncmp(cmd, "PORT ", 5)) { --- 11 unchanged lines hidden (view full) --- 367fr_info_t *fin; 368ip_t *ip; 369nat_t *nat; 370ftpside_t *f; 371int dlen; 372{ 373 tcphdr_t *tcp, tcph, *tcp2 = &tcph; 374 struct in_addr swip, swip2; |
| 371 u_short a5, a6, sp, dp; | |
| 372 u_int a1, a2, a3, a4; | 375 u_int a1, a2, a3, a4; |
| 376 u_short a5, a6, dp; |
|
| 373 fr_info_t fi; 374 nat_t *ipn; 375 int inc; 376 char *s; 377 378#define PASV_REPLEN 24 379 /* 380 * Check for PASV reply message. --- 115 unchanged lines hidden (view full) --- 496 ip->ip_len += inc; 497 } 498#endif /* 0 */ 499 500 /* 501 * Add skeleton NAT entry for connection which will come back the 502 * other way. 503 */ | 377 fr_info_t fi; 378 nat_t *ipn; 379 int inc; 380 char *s; 381 382#define PASV_REPLEN 24 383 /* 384 * Check for PASV reply message. --- 115 unchanged lines hidden (view full) --- 500 ip->ip_len += inc; 501 } 502#endif /* 0 */ 503 504 /* 505 * Add skeleton NAT entry for connection which will come back the 506 * other way. 507 */ |
| 504 sp = 0; | 508 bcopy((char *)fin, (char *)&fi, sizeof(fi)); 509 fi.fin_data[0] = 0; |
| 505 dp = htons(fin->fin_data[1] - 1); | 510 dp = htons(fin->fin_data[1] - 1); |
| 506 ipn = nat_outlookup(fin->fin_ifp, IPN_TCP, nat->nat_p, nat->nat_inip, 507 ip->ip_dst, (dp << 16) | sp, 0); | 511 fi.fin_data[1] = ntohs(dp); 512 ipn = nat_outlookup(&fi, IPN_TCP, nat->nat_p, nat->nat_inip, 513 ip->ip_dst, 0); |
| 508 if (ipn == NULL) { 509 int slen; 510 511 slen = ip->ip_len; 512 ip->ip_len = fin->fin_hlen + sizeof(*tcp2); | 514 if (ipn == NULL) { 515 int slen; 516 517 slen = ip->ip_len; 518 ip->ip_len = fin->fin_hlen + sizeof(*tcp2); |
| 513 bcopy((char *)fin, (char *)&fi, sizeof(fi)); | |
| 514 bzero((char *)tcp2, sizeof(*tcp2)); 515 tcp2->th_win = htons(8192); 516 tcp2->th_sport = 0; /* XXX - fake it for nat_new */ 517 tcp2->th_off = 5; | 519 bzero((char *)tcp2, sizeof(*tcp2)); 520 tcp2->th_win = htons(8192); 521 tcp2->th_sport = 0; /* XXX - fake it for nat_new */ 522 tcp2->th_off = 5; |
| 518 fi.fin_data[0] = a5 << 8 | a6; | 523 fi.fin_data[1] = a5 << 8 | a6; |
| 519 fi.fin_dlen = sizeof(*tcp2); | 524 fi.fin_dlen = sizeof(*tcp2); |
| 520 tcp2->th_dport = htons(fi.fin_data[0]); 521 fi.fin_data[1] = 0; | 525 tcp2->th_dport = htons(fi.fin_data[1]); 526 fi.fin_data[0] = 0; |
| 522 fi.fin_dp = (char *)tcp2; | 527 fi.fin_dp = (char *)tcp2; |
| 523 fi.fin_fr = &natfr; | 528 fi.fin_fr = &ftppxyfr; |
| 524 fi.fin_out = 1; 525 swip = ip->ip_src; 526 swip2 = ip->ip_dst; 527 fi.fin_fi.fi_daddr = ip->ip_src.s_addr; 528 fi.fin_fi.fi_saddr = nat->nat_inip.s_addr; 529 ip->ip_dst = ip->ip_src; 530 ip->ip_src = nat->nat_inip; | 529 fi.fin_out = 1; 530 swip = ip->ip_src; 531 swip2 = ip->ip_dst; 532 fi.fin_fi.fi_daddr = ip->ip_src.s_addr; 533 fi.fin_fi.fi_saddr = nat->nat_inip.s_addr; 534 ip->ip_dst = ip->ip_src; 535 ip->ip_src = nat->nat_inip; |
| 531 ipn = nat_new(nat->nat_ptr, ip, &fi, IPN_TCP|FI_W_SPORT, | 536 ipn = nat_new(&fi, ip, nat->nat_ptr, NULL, IPN_TCP|FI_W_SPORT, |
| 532 NAT_OUTBOUND); 533 if (ipn != NULL) { 534 ipn->nat_age = fr_defnatage; | 537 NAT_OUTBOUND); 538 if (ipn != NULL) { 539 ipn->nat_age = fr_defnatage; |
| 535 (void) fr_addstate(ip, &fi, FI_W_SPORT); | 540 (void) fr_addstate(ip, &fi, NULL, 541 FI_W_SPORT|FI_IGNOREPKT); |
| 536 } 537 ip->ip_len = slen; 538 ip->ip_src = swip; 539 ip->ip_dst = swip2; 540 } 541 return inc; 542} 543 --- 52 unchanged lines hidden (view full) --- 596 return inc; 597} 598 599 600/* 601 * Look to see if the buffer starts with something which we recognise as 602 * being the correct syntax for the FTP protocol. 603 */ | 542 } 543 ip->ip_len = slen; 544 ip->ip_src = swip; 545 ip->ip_dst = swip2; 546 } 547 return inc; 548} 549 --- 52 unchanged lines hidden (view full) --- 602 return inc; 603} 604 605 606/* 607 * Look to see if the buffer starts with something which we recognise as 608 * being the correct syntax for the FTP protocol. 609 */ |
| 604int ippr_ftp_valid(buf, len) | 610int ippr_ftp_client_valid(buf, len) |
| 605char *buf; 606size_t len; 607{ 608 register char *s, c; 609 register size_t i = len; 610 611 if (i < 5) 612 return 2; 613 s = buf; 614 c = *s++; 615 i--; 616 | 611char *buf; 612size_t len; 613{ 614 register char *s, c; 615 register size_t i = len; 616 617 if (i < 5) 618 return 2; 619 s = buf; 620 c = *s++; 621 i--; 622 |
| 617 if (isdigit(c)) { | 623 if (isalpha(c)) { |
| 618 c = *s++; 619 i--; | 624 c = *s++; 625 i--; |
| 620 if (isdigit(c)) { | 626 if (isalpha(c)) { |
| 621 c = *s++; 622 i--; | 627 c = *s++; 628 i--; |
| 623 if (isdigit(c)) { | 629 if (isalpha(c)) { |
| 624 c = *s++; 625 i--; | 630 c = *s++; 631 i--; |
| 626 if ((c != '-') && (c != ' ')) | 632 if (isalpha(c)) { 633 c = *s++; 634 i--; 635 if ((c != ' ') && (c != '\r')) 636 return 1; 637 } else if ((c != ' ') && (c != '\r')) |
| 627 return 1; 628 } else 629 return 1; 630 } else 631 return 1; | 638 return 1; 639 } else 640 return 1; 641 } else 642 return 1; |
| 632 } else if (isalpha(c)) { | 643 } else 644 return 1; 645 for (; i; i--) { |
| 633 c = *s++; | 646 c = *s++; |
| 647 if (c == '\n') 648 return 0; 649 } 650 return 2; 651} 652 653 654int ippr_ftp_server_valid(buf, len) 655char *buf; 656size_t len; 657{ 658 register char *s, c; 659 register size_t i = len; 660 661 if (i < 5) 662 return 2; 663 s = buf; 664 c = *s++; 665 i--; 666 667 if (isdigit(c)) { 668 c = *s++; |
|
| 634 i--; | 669 i--; |
| 635 if (isalpha(c)) { | 670 if (isdigit(c)) { |
| 636 c = *s++; 637 i--; | 671 c = *s++; 672 i--; |
| 638 if (isalpha(c)) { | 673 if (isdigit(c)) { |
| 639 c = *s++; 640 i--; | 674 c = *s++; 675 i--; |
| 641 if (isalpha(c)) { 642 c = *s++; 643 i--; 644 if ((c != ' ') && (c != '\r')) 645 return 1; 646 } else if ((c != ' ') && (c != '\r')) | 676 if ((c != '-') && (c != ' ')) |
| 647 return 1; 648 } else 649 return 1; 650 } else 651 return 1; 652 } else 653 return 1; 654 for (; i; i--) { 655 c = *s++; 656 if (c == '\n') 657 return 0; 658 } 659 return 2; 660} 661 662 | 677 return 1; 678 } else 679 return 1; 680 } else 681 return 1; 682 } else 683 return 1; 684 for (; i; i--) { 685 c = *s++; 686 if (c == '\n') 687 return 0; 688 } 689 return 2; 690} 691 692 |
| 693int ippr_ftp_valid(side, buf, len) 694int side; 695char *buf; 696size_t len; 697{ 698 int ret; 699 700 if (side == 0) 701 ret = ippr_ftp_client_valid(buf, len); 702 else 703 ret = ippr_ftp_server_valid(buf, len); 704 return ret; 705} 706 707 |
|
| 663int ippr_ftp_process(fin, ip, nat, ftp, rv) 664fr_info_t *fin; 665ip_t *ip; 666nat_t *nat; 667ftpinfo_t *ftp; 668int rv; 669{ 670 int mlen, len, off, inc, i, sel; --- 39 unchanged lines hidden (view full) --- 710 /* 711 * XXX - Ideally, this packet should get dropped because we now know 712 * that it is out of order (and there is no real danger in doing so 713 * apart from causing packets to go through here ordered). 714 */ 715 if (f->ftps_len + f->ftps_seq == ntohl(tcp->th_seq)) 716 f->ftps_seq = ntohl(tcp->th_seq); 717 else if (ntohl(tcp->th_seq) + i != f->ftps_seq) { | 708int ippr_ftp_process(fin, ip, nat, ftp, rv) 709fr_info_t *fin; 710ip_t *ip; 711nat_t *nat; 712ftpinfo_t *ftp; 713int rv; 714{ 715 int mlen, len, off, inc, i, sel; --- 39 unchanged lines hidden (view full) --- 755 /* 756 * XXX - Ideally, this packet should get dropped because we now know 757 * that it is out of order (and there is no real danger in doing so 758 * apart from causing packets to go through here ordered). 759 */ 760 if (f->ftps_len + f->ftps_seq == ntohl(tcp->th_seq)) 761 f->ftps_seq = ntohl(tcp->th_seq); 762 else if (ntohl(tcp->th_seq) + i != f->ftps_seq) { |
| 718 return APR_ERR(-1); | 763 return APR_ERR(1); |
| 719 } 720 f->ftps_len = mlen; 721 722 while (mlen > 0) { 723 len = MIN(mlen, FTP_BUFSZ / 2); 724 725#if SOLARIS 726 copyout_mblk(m, off, len, wptr); 727#else 728 m_copydata(m, off, len, wptr); 729#endif 730 mlen -= len; 731 off += len; 732 wptr += len; 733 f->ftps_wptr = wptr; 734 if (f->ftps_junk == 2) | 764 } 765 f->ftps_len = mlen; 766 767 while (mlen > 0) { 768 len = MIN(mlen, FTP_BUFSZ / 2); 769 770#if SOLARIS 771 copyout_mblk(m, off, len, wptr); 772#else 773 m_copydata(m, off, len, wptr); 774#endif 775 mlen -= len; 776 off += len; 777 wptr += len; 778 f->ftps_wptr = wptr; 779 if (f->ftps_junk == 2) |
| 735 f->ftps_junk = ippr_ftp_valid(rptr, wptr - rptr); | 780 f->ftps_junk = ippr_ftp_valid(rv, rptr, wptr - rptr); |
| 736 737 while ((f->ftps_junk == 0) && (wptr > rptr)) { | 781 782 while ((f->ftps_junk == 0) && (wptr > rptr)) { |
| 738 f->ftps_junk = ippr_ftp_valid(rptr, wptr - rptr); | 783 f->ftps_junk = ippr_ftp_valid(rv, rptr, wptr - rptr); |
| 739 if (f->ftps_junk == 0) { | 784 if (f->ftps_junk == 0) { |
| 785 f->ftps_cmds++; |
|
| 740 len = wptr - rptr; 741 f->ftps_rptr = rptr; 742 if (rv) 743 inc += ippr_ftp_server(fin, ip, nat, 744 ftp, len); 745 else 746 inc += ippr_ftp_client(fin, ip, nat, 747 ftp, len); 748 rptr = f->ftps_rptr; | 786 len = wptr - rptr; 787 f->ftps_rptr = rptr; 788 if (rv) 789 inc += ippr_ftp_server(fin, ip, nat, 790 ftp, len); 791 else 792 inc += ippr_ftp_client(fin, ip, nat, 793 ftp, len); 794 rptr = f->ftps_rptr; |
| 795 wptr = f->ftps_wptr; |
|
| 749 } 750 } 751 | 796 } 797 } 798 |
| 799 /* 800 * Off to a bad start so lets just forget about using the 801 * ftp proxy for this connection. 802 */ 803 if ((f->ftps_cmds == 0) && (f->ftps_junk == 1)) 804 return APR_ERR(2); 805 |
|
| 752 while ((f->ftps_junk == 1) && (rptr < wptr)) { 753 while ((rptr < wptr) && (*rptr != '\r')) 754 rptr++; 755 756 if (*rptr == '\r') { 757 if (rptr + 1 < wptr) { 758 if (*(rptr + 1) == '\n') { 759 rptr += 2; --- 95 unchanged lines hidden --- | 806 while ((f->ftps_junk == 1) && (rptr < wptr)) { 807 while ((rptr < wptr) && (*rptr != '\r')) 808 rptr++; 809 810 if (*rptr == '\r') { 811 if (rptr + 1 < wptr) { 812 if (*(rptr + 1) == '\n') { 813 rptr += 2; --- 95 unchanged lines hidden --- |