1/*
2 * alias_pptp.c
3 *
4 * Copyright (c) 2000 Whistle Communications, Inc.
5 * All rights reserved.
6 *
7 * Subject to the following obligations and disclaimer of warranty, use and
8 * redistribution of this software, in source or object code forms, with or
--- 23 unchanged lines hidden (view full) ---
32 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
33 * THIS SOFTWARE, EVEN IF WHISTLE COMMUNICATIONS IS ADVISED OF THE POSSIBILITY
34 * OF SUCH DAMAGE.
35 *
36 * Author: Erik Salander <erik@whistle.com>
37 */
38
39#include <sys/cdefs.h>
40__FBSDID("$FreeBSD: head/sys/netinet/libalias/alias_pptp.c 127094 2004-03-16 21:30:41Z des $");
41
42/*
43 Alias_pptp.c performs special processing for PPTP sessions under TCP.
44 Specifically, watch PPTP control messages and alias the Call ID or the
45 Peer's Call ID in the appropriate messages. Note, PPTP requires
46 "de-aliasing" of incoming packets, this is different than any other
47 TCP applications that are currently (ie. FTP, IRC and RTSP) aliased.
48
--- 26 unchanged lines hidden (view full) ---
75#include <stdio.h>
76
77#include "alias_local.h"
78
79/*
80 * PPTP definitions
81 */
82
83struct grehdr { /* Enhanced GRE header. */
84 u_int16_t gh_flags; /* Flags. */
85 u_int16_t gh_protocol; /* Protocol type. */
86 u_int16_t gh_length; /* Payload length. */
87 u_int16_t gh_call_id; /* Call ID. */
88 u_int32_t gh_seq_no; /* Sequence number (optional). */
89 u_int32_t gh_ack_no; /* Acknowledgment number
90 * (optional). */
91};
92typedef struct grehdr GreHdr;
93
94/* The PPTP protocol ID used in the GRE 'proto' field. */
95#define PPTP_GRE_PROTO 0x880b
96
97/* Bits that must be set a certain way in all PPTP/GRE packets. */
98#define PPTP_INIT_VALUE ((0x2001 << 16) | PPTP_GRE_PROTO)
99#define PPTP_INIT_MASK 0xef7fffff
100
101#define PPTP_MAGIC 0x1a2b3c4d
102#define PPTP_CTRL_MSG_TYPE 1
103
104enum {
105 PPTP_StartCtrlConnRequest = 1,
106 PPTP_StartCtrlConnReply = 2,
107 PPTP_StopCtrlConnRequest = 3,
108 PPTP_StopCtrlConnReply = 4,
109 PPTP_EchoRequest = 5,
110 PPTP_EchoReply = 6,
111 PPTP_OutCallRequest = 7,
112 PPTP_OutCallReply = 8,
113 PPTP_InCallRequest = 9,
114 PPTP_InCallReply = 10,
115 PPTP_InCallConn = 11,
116 PPTP_CallClearRequest = 12,
117 PPTP_CallDiscNotify = 13,
118 PPTP_WanErrorNotify = 14,
119 PPTP_SetLinkInfo = 15
120};
121
122 /* Message structures */
123struct pptpMsgHead {
124 u_int16_t length; /* total length */
125 u_int16_t msgType;/* PPTP message type */
126 u_int32_t magic; /* magic cookie */
127 u_int16_t type; /* control message type */
128 u_int16_t resv0; /* reserved */
129};
130typedef struct pptpMsgHead *PptpMsgHead;
131
132struct pptpCodes {
133 u_int8_t resCode;/* Result Code */
134 u_int8_t errCode;/* Error Code */
135};
136typedef struct pptpCodes *PptpCode;
137
138struct pptpCallIds {
139 u_int16_t cid1; /* Call ID field #1 */
140 u_int16_t cid2; /* Call ID field #2 */
141};
142typedef struct pptpCallIds *PptpCallId;
143
144static PptpCallId AliasVerifyPptp(struct ip *, u_int16_t *);
145
146
147void
148AliasHandlePptpOut(struct libalias *la,
149 struct ip *pip, /* IP packet to examine/patch */
150 struct alias_link *link)
151{ /* The PPTP control link */
152 struct alias_link *pptp_link;
153 PptpCallId cptr;
154 PptpCode codes;
155 u_int16_t ctl_type; /* control message type */
156 struct tcphdr *tc;
157
158 /* Verify valid PPTP control message */
159 if ((cptr = AliasVerifyPptp(pip, &ctl_type)) == NULL)
160 return;
161
162 /* Modify certain PPTP messages */
163 switch (ctl_type) {
164 case PPTP_OutCallRequest:
165 case PPTP_OutCallReply:
166 case PPTP_InCallRequest:
167 case PPTP_InCallReply:
168 /*
169 * Establish PPTP link for address and Call ID found in
170 * control message.
171 */
172 pptp_link = AddPptp(la, GetOriginalAddress(link), GetDestAddress(link),
173 GetAliasAddress(link), cptr->cid1);
174 break;
175 case PPTP_CallClearRequest:
176 case PPTP_CallDiscNotify:
177 /*
178 * Find PPTP link for address and Call ID found in control
179 * message.
180 */
181 pptp_link = FindPptpOutByCallId(la, GetOriginalAddress(link),
182 GetDestAddress(link),
183 cptr->cid1);
184 break;
185 default:
186 return;
187 }
188
189 if (pptp_link != NULL) {
190 int accumulate = cptr->cid1;
191
192 /* alias the Call Id */
193 cptr->cid1 = GetAliasPort(pptp_link);
194
195 /* Compute TCP checksum for revised packet */
196 tc = (struct tcphdr *)((char *)pip + (pip->ip_hl << 2));
197 accumulate -= cptr->cid1;
198 ADJUST_CHECKSUM(accumulate, tc->th_sum);
199
200 switch (ctl_type) {
201 case PPTP_OutCallReply:
202 case PPTP_InCallReply:
203 codes = (PptpCode) (cptr + 1);
204 if (codes->resCode == 1) /* Connection
205 * established, */
206 SetDestCallId(pptp_link, /* note the Peer's Call
207 * ID. */
208 cptr->cid2);
209 else
210 SetExpire(pptp_link, 0); /* Connection refused. */
211 break;
212 case PPTP_CallDiscNotify: /* Connection closed. */
213 SetExpire(pptp_link, 0);
214 break;
215 }
216 }
217}
218
219void
220AliasHandlePptpIn(struct libalias *la,
221 struct ip *pip, /* IP packet to examine/patch */
222 struct alias_link *link)
223{ /* The PPTP control link */
224 struct alias_link *pptp_link;
225 PptpCallId cptr;
226 u_int16_t *pcall_id;
227 u_int16_t ctl_type; /* control message type */
228 struct tcphdr *tc;
229
230 /* Verify valid PPTP control message */
231 if ((cptr = AliasVerifyPptp(pip, &ctl_type)) == NULL)
232 return;
233
234 /* Modify certain PPTP messages */
235 switch (ctl_type) {
236 case PPTP_InCallConn:
237 case PPTP_WanErrorNotify:
238 case PPTP_SetLinkInfo:
239 pcall_id = &cptr->cid1;
240 break;
241 case PPTP_OutCallReply:
242 case PPTP_InCallReply:
243 pcall_id = &cptr->cid2;
244 break;
245 case PPTP_CallDiscNotify: /* Connection closed. */
246 pptp_link = FindPptpInByCallId(la, GetDestAddress(link),
247 GetAliasAddress(link),
248 cptr->cid1);
249 if (pptp_link != NULL)
250 SetExpire(pptp_link, 0);
251 return;
252 default:
253 return;
254 }
255
256 /* Find PPTP link for address and Call ID found in PPTP Control Msg */
257 pptp_link = FindPptpInByPeerCallId(la, GetDestAddress(link),
258 GetAliasAddress(link),
259 *pcall_id);
260
261 if (pptp_link != NULL) {
262 int accumulate = *pcall_id;
263
264 /* De-alias the Peer's Call Id. */
265 *pcall_id = GetOriginalPort(pptp_link);
266
267 /* Compute TCP checksum for modified packet */
268 tc = (struct tcphdr *)((char *)pip + (pip->ip_hl << 2));
269 accumulate -= *pcall_id;
270 ADJUST_CHECKSUM(accumulate, tc->th_sum);
271
272 if (ctl_type == PPTP_OutCallReply || ctl_type == PPTP_InCallReply) {
273 PptpCode codes = (PptpCode) (cptr + 1);
274
275 if (codes->resCode == 1) /* Connection
276 * established, */
277 SetDestCallId(pptp_link, /* note the Call ID. */
278 cptr->cid1);
279 else
280 SetExpire(pptp_link, 0); /* Connection refused. */
281 }
282 }
283}
284
285static PptpCallId
286AliasVerifyPptp(struct ip *pip, u_int16_t * ptype)
287{ /* IP packet to examine/patch */
288 int hlen, tlen, dlen;
289 PptpMsgHead hptr;
290 struct tcphdr *tc;
291
292 /* Calculate some lengths */
293 tc = (struct tcphdr *)((char *)pip + (pip->ip_hl << 2));
294 hlen = (pip->ip_hl + tc->th_off) << 2;
295 tlen = ntohs(pip->ip_len);
296 dlen = tlen - hlen;
297
298 /* Verify data length */
299 if (dlen < (sizeof(struct pptpMsgHead) + sizeof(struct pptpCallIds)))
300 return (NULL);
301
302 /* Move up to PPTP message header */
303 hptr = (PptpMsgHead) (((char *)pip) + hlen);
304
305 /* Return the control message type */
306 *ptype = ntohs(hptr->type);
307
308 /* Verify PPTP Control Message */
309 if ((ntohs(hptr->msgType) != PPTP_CTRL_MSG_TYPE) ||
310 (ntohl(hptr->magic) != PPTP_MAGIC))
311 return (NULL);
312
313 /* Verify data length. */
314 if ((*ptype == PPTP_OutCallReply || *ptype == PPTP_InCallReply) &&
315 (dlen < sizeof(struct pptpMsgHead) + sizeof(struct pptpCallIds) +
316 sizeof(struct pptpCodes)))
317 return (NULL);
318 else
319 return (PptpCallId) (hptr + 1);
320}
321
322
323int
324AliasHandlePptpGreOut(struct libalias *la, struct ip *pip)
325{
326 GreHdr *gr;
327 struct alias_link *link;
328
329 gr = (GreHdr *) ((char *)pip + (pip->ip_hl << 2));
330
331 /* Check GRE header bits. */
332 if ((ntohl(*((u_int32_t *) gr)) & PPTP_INIT_MASK) != PPTP_INIT_VALUE)
333 return (-1);
334
335 link = FindPptpOutByPeerCallId(la, pip->ip_src, pip->ip_dst, gr->gh_call_id);
336 if (link != NULL) {
337 struct in_addr alias_addr = GetAliasAddress(link);
338
339 /* Change source IP address. */
340 DifferentialChecksum(&pip->ip_sum,
341 (u_short *) & alias_addr,
342 (u_short *) & pip->ip_src,
343 2);
344 pip->ip_src = alias_addr;
345 }
346 return (0);
347}
348
349
350int
351AliasHandlePptpGreIn(struct libalias *la, struct ip *pip)
352{
353 GreHdr *gr;
354 struct alias_link *link;
355
356 gr = (GreHdr *) ((char *)pip + (pip->ip_hl << 2));
357
358 /* Check GRE header bits. */
359 if ((ntohl(*((u_int32_t *) gr)) & PPTP_INIT_MASK) != PPTP_INIT_VALUE)
360 return (-1);
361
362 link = FindPptpInByPeerCallId(la, pip->ip_src, pip->ip_dst, gr->gh_call_id);
363 if (link != NULL) {
364 struct in_addr src_addr = GetOriginalAddress(link);
365
366 /* De-alias the Peer's Call Id. */
367 gr->gh_call_id = GetOriginalPort(link);
368
369 /* Restore original IP address. */
370 DifferentialChecksum(&pip->ip_sum,
371 (u_short *) & src_addr,
372 (u_short *) & pip->ip_dst,
373 2);
374 pip->ip_dst = src_addr;
375 }
376 return (0);
377}
2 * alias_pptp.c
3 *
4 * Copyright (c) 2000 Whistle Communications, Inc.
5 * All rights reserved.
6 *
7 * Subject to the following obligations and disclaimer of warranty, use and
8 * redistribution of this software, in source or object code forms, with or
--- 23 unchanged lines hidden (view full) ---
32 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
33 * THIS SOFTWARE, EVEN IF WHISTLE COMMUNICATIONS IS ADVISED OF THE POSSIBILITY
34 * OF SUCH DAMAGE.
35 *
36 * Author: Erik Salander <erik@whistle.com>
37 */
38
39#include <sys/cdefs.h>
40__FBSDID("$FreeBSD: head/sys/netinet/libalias/alias_pptp.c 127094 2004-03-16 21:30:41Z des $");
41
42/*
43 Alias_pptp.c performs special processing for PPTP sessions under TCP.
44 Specifically, watch PPTP control messages and alias the Call ID or the
45 Peer's Call ID in the appropriate messages. Note, PPTP requires
46 "de-aliasing" of incoming packets, this is different than any other
47 TCP applications that are currently (ie. FTP, IRC and RTSP) aliased.
48
--- 26 unchanged lines hidden (view full) ---
75#include <stdio.h>
76
77#include "alias_local.h"
78
79/*
80 * PPTP definitions
81 */
82
83struct grehdr { /* Enhanced GRE header. */
84 u_int16_t gh_flags; /* Flags. */
85 u_int16_t gh_protocol; /* Protocol type. */
86 u_int16_t gh_length; /* Payload length. */
87 u_int16_t gh_call_id; /* Call ID. */
88 u_int32_t gh_seq_no; /* Sequence number (optional). */
89 u_int32_t gh_ack_no; /* Acknowledgment number
90 * (optional). */
91};
92typedef struct grehdr GreHdr;
93
94/* The PPTP protocol ID used in the GRE 'proto' field. */
95#define PPTP_GRE_PROTO 0x880b
96
97/* Bits that must be set a certain way in all PPTP/GRE packets. */
98#define PPTP_INIT_VALUE ((0x2001 << 16) | PPTP_GRE_PROTO)
99#define PPTP_INIT_MASK 0xef7fffff
100
101#define PPTP_MAGIC 0x1a2b3c4d
102#define PPTP_CTRL_MSG_TYPE 1
103
104enum {
105 PPTP_StartCtrlConnRequest = 1,
106 PPTP_StartCtrlConnReply = 2,
107 PPTP_StopCtrlConnRequest = 3,
108 PPTP_StopCtrlConnReply = 4,
109 PPTP_EchoRequest = 5,
110 PPTP_EchoReply = 6,
111 PPTP_OutCallRequest = 7,
112 PPTP_OutCallReply = 8,
113 PPTP_InCallRequest = 9,
114 PPTP_InCallReply = 10,
115 PPTP_InCallConn = 11,
116 PPTP_CallClearRequest = 12,
117 PPTP_CallDiscNotify = 13,
118 PPTP_WanErrorNotify = 14,
119 PPTP_SetLinkInfo = 15
120};
121
122 /* Message structures */
123struct pptpMsgHead {
124 u_int16_t length; /* total length */
125 u_int16_t msgType;/* PPTP message type */
126 u_int32_t magic; /* magic cookie */
127 u_int16_t type; /* control message type */
128 u_int16_t resv0; /* reserved */
129};
130typedef struct pptpMsgHead *PptpMsgHead;
131
132struct pptpCodes {
133 u_int8_t resCode;/* Result Code */
134 u_int8_t errCode;/* Error Code */
135};
136typedef struct pptpCodes *PptpCode;
137
138struct pptpCallIds {
139 u_int16_t cid1; /* Call ID field #1 */
140 u_int16_t cid2; /* Call ID field #2 */
141};
142typedef struct pptpCallIds *PptpCallId;
143
144static PptpCallId AliasVerifyPptp(struct ip *, u_int16_t *);
145
146
147void
148AliasHandlePptpOut(struct libalias *la,
149 struct ip *pip, /* IP packet to examine/patch */
150 struct alias_link *link)
151{ /* The PPTP control link */
152 struct alias_link *pptp_link;
153 PptpCallId cptr;
154 PptpCode codes;
155 u_int16_t ctl_type; /* control message type */
156 struct tcphdr *tc;
157
158 /* Verify valid PPTP control message */
159 if ((cptr = AliasVerifyPptp(pip, &ctl_type)) == NULL)
160 return;
161
162 /* Modify certain PPTP messages */
163 switch (ctl_type) {
164 case PPTP_OutCallRequest:
165 case PPTP_OutCallReply:
166 case PPTP_InCallRequest:
167 case PPTP_InCallReply:
168 /*
169 * Establish PPTP link for address and Call ID found in
170 * control message.
171 */
172 pptp_link = AddPptp(la, GetOriginalAddress(link), GetDestAddress(link),
173 GetAliasAddress(link), cptr->cid1);
174 break;
175 case PPTP_CallClearRequest:
176 case PPTP_CallDiscNotify:
177 /*
178 * Find PPTP link for address and Call ID found in control
179 * message.
180 */
181 pptp_link = FindPptpOutByCallId(la, GetOriginalAddress(link),
182 GetDestAddress(link),
183 cptr->cid1);
184 break;
185 default:
186 return;
187 }
188
189 if (pptp_link != NULL) {
190 int accumulate = cptr->cid1;
191
192 /* alias the Call Id */
193 cptr->cid1 = GetAliasPort(pptp_link);
194
195 /* Compute TCP checksum for revised packet */
196 tc = (struct tcphdr *)((char *)pip + (pip->ip_hl << 2));
197 accumulate -= cptr->cid1;
198 ADJUST_CHECKSUM(accumulate, tc->th_sum);
199
200 switch (ctl_type) {
201 case PPTP_OutCallReply:
202 case PPTP_InCallReply:
203 codes = (PptpCode) (cptr + 1);
204 if (codes->resCode == 1) /* Connection
205 * established, */
206 SetDestCallId(pptp_link, /* note the Peer's Call
207 * ID. */
208 cptr->cid2);
209 else
210 SetExpire(pptp_link, 0); /* Connection refused. */
211 break;
212 case PPTP_CallDiscNotify: /* Connection closed. */
213 SetExpire(pptp_link, 0);
214 break;
215 }
216 }
217}
218
219void
220AliasHandlePptpIn(struct libalias *la,
221 struct ip *pip, /* IP packet to examine/patch */
222 struct alias_link *link)
223{ /* The PPTP control link */
224 struct alias_link *pptp_link;
225 PptpCallId cptr;
226 u_int16_t *pcall_id;
227 u_int16_t ctl_type; /* control message type */
228 struct tcphdr *tc;
229
230 /* Verify valid PPTP control message */
231 if ((cptr = AliasVerifyPptp(pip, &ctl_type)) == NULL)
232 return;
233
234 /* Modify certain PPTP messages */
235 switch (ctl_type) {
236 case PPTP_InCallConn:
237 case PPTP_WanErrorNotify:
238 case PPTP_SetLinkInfo:
239 pcall_id = &cptr->cid1;
240 break;
241 case PPTP_OutCallReply:
242 case PPTP_InCallReply:
243 pcall_id = &cptr->cid2;
244 break;
245 case PPTP_CallDiscNotify: /* Connection closed. */
246 pptp_link = FindPptpInByCallId(la, GetDestAddress(link),
247 GetAliasAddress(link),
248 cptr->cid1);
249 if (pptp_link != NULL)
250 SetExpire(pptp_link, 0);
251 return;
252 default:
253 return;
254 }
255
256 /* Find PPTP link for address and Call ID found in PPTP Control Msg */
257 pptp_link = FindPptpInByPeerCallId(la, GetDestAddress(link),
258 GetAliasAddress(link),
259 *pcall_id);
260
261 if (pptp_link != NULL) {
262 int accumulate = *pcall_id;
263
264 /* De-alias the Peer's Call Id. */
265 *pcall_id = GetOriginalPort(pptp_link);
266
267 /* Compute TCP checksum for modified packet */
268 tc = (struct tcphdr *)((char *)pip + (pip->ip_hl << 2));
269 accumulate -= *pcall_id;
270 ADJUST_CHECKSUM(accumulate, tc->th_sum);
271
272 if (ctl_type == PPTP_OutCallReply || ctl_type == PPTP_InCallReply) {
273 PptpCode codes = (PptpCode) (cptr + 1);
274
275 if (codes->resCode == 1) /* Connection
276 * established, */
277 SetDestCallId(pptp_link, /* note the Call ID. */
278 cptr->cid1);
279 else
280 SetExpire(pptp_link, 0); /* Connection refused. */
281 }
282 }
283}
284
285static PptpCallId
286AliasVerifyPptp(struct ip *pip, u_int16_t * ptype)
287{ /* IP packet to examine/patch */
288 int hlen, tlen, dlen;
289 PptpMsgHead hptr;
290 struct tcphdr *tc;
291
292 /* Calculate some lengths */
293 tc = (struct tcphdr *)((char *)pip + (pip->ip_hl << 2));
294 hlen = (pip->ip_hl + tc->th_off) << 2;
295 tlen = ntohs(pip->ip_len);
296 dlen = tlen - hlen;
297
298 /* Verify data length */
299 if (dlen < (sizeof(struct pptpMsgHead) + sizeof(struct pptpCallIds)))
300 return (NULL);
301
302 /* Move up to PPTP message header */
303 hptr = (PptpMsgHead) (((char *)pip) + hlen);
304
305 /* Return the control message type */
306 *ptype = ntohs(hptr->type);
307
308 /* Verify PPTP Control Message */
309 if ((ntohs(hptr->msgType) != PPTP_CTRL_MSG_TYPE) ||
310 (ntohl(hptr->magic) != PPTP_MAGIC))
311 return (NULL);
312
313 /* Verify data length. */
314 if ((*ptype == PPTP_OutCallReply || *ptype == PPTP_InCallReply) &&
315 (dlen < sizeof(struct pptpMsgHead) + sizeof(struct pptpCallIds) +
316 sizeof(struct pptpCodes)))
317 return (NULL);
318 else
319 return (PptpCallId) (hptr + 1);
320}
321
322
323int
324AliasHandlePptpGreOut(struct libalias *la, struct ip *pip)
325{
326 GreHdr *gr;
327 struct alias_link *link;
328
329 gr = (GreHdr *) ((char *)pip + (pip->ip_hl << 2));
330
331 /* Check GRE header bits. */
332 if ((ntohl(*((u_int32_t *) gr)) & PPTP_INIT_MASK) != PPTP_INIT_VALUE)
333 return (-1);
334
335 link = FindPptpOutByPeerCallId(la, pip->ip_src, pip->ip_dst, gr->gh_call_id);
336 if (link != NULL) {
337 struct in_addr alias_addr = GetAliasAddress(link);
338
339 /* Change source IP address. */
340 DifferentialChecksum(&pip->ip_sum,
341 (u_short *) & alias_addr,
342 (u_short *) & pip->ip_src,
343 2);
344 pip->ip_src = alias_addr;
345 }
346 return (0);
347}
348
349
350int
351AliasHandlePptpGreIn(struct libalias *la, struct ip *pip)
352{
353 GreHdr *gr;
354 struct alias_link *link;
355
356 gr = (GreHdr *) ((char *)pip + (pip->ip_hl << 2));
357
358 /* Check GRE header bits. */
359 if ((ntohl(*((u_int32_t *) gr)) & PPTP_INIT_MASK) != PPTP_INIT_VALUE)
360 return (-1);
361
362 link = FindPptpInByPeerCallId(la, pip->ip_src, pip->ip_dst, gr->gh_call_id);
363 if (link != NULL) {
364 struct in_addr src_addr = GetOriginalAddress(link);
365
366 /* De-alias the Peer's Call Id. */
367 gr->gh_call_id = GetOriginalPort(link);
368
369 /* Restore original IP address. */
370 DifferentialChecksum(&pip->ip_sum,
371 (u_short *) & src_addr,
372 (u_short *) & pip->ip_dst,
373 2);
374 pip->ip_dst = src_addr;
375 }
376 return (0);
377}