1/* 2 * alias_pptp.c 3 * 4 * Copyright (c) 2000 Whistle Communications, Inc. 5 * All rights reserved. 6 * 7 * Subject to the following obligations and disclaimer of warranty, use and 8 * redistribution of this software, in source or object code forms, with or --- 23 unchanged lines hidden (view full) --- 32 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 33 * THIS SOFTWARE, EVEN IF WHISTLE COMMUNICATIONS IS ADVISED OF THE POSSIBILITY 34 * OF SUCH DAMAGE. 35 * 36 * Author: Erik Salander <erik@whistle.com> 37 */ 38 39#include <sys/cdefs.h> |
40__FBSDID("$FreeBSD: head/sys/netinet/libalias/alias_pptp.c 127094 2004-03-16 21:30:41Z des $"); |
41 42/* 43 Alias_pptp.c performs special processing for PPTP sessions under TCP. 44 Specifically, watch PPTP control messages and alias the Call ID or the 45 Peer's Call ID in the appropriate messages. Note, PPTP requires 46 "de-aliasing" of incoming packets, this is different than any other 47 TCP applications that are currently (ie. FTP, IRC and RTSP) aliased. 48 --- 26 unchanged lines hidden (view full) --- 75#include <stdio.h> 76 77#include "alias_local.h" 78 79/* 80 * PPTP definitions 81 */ 82 |
83struct grehdr { /* Enhanced GRE header. */ 84 u_int16_t gh_flags; /* Flags. */ 85 u_int16_t gh_protocol; /* Protocol type. */ 86 u_int16_t gh_length; /* Payload length. */ 87 u_int16_t gh_call_id; /* Call ID. */ 88 u_int32_t gh_seq_no; /* Sequence number (optional). */ 89 u_int32_t gh_ack_no; /* Acknowledgment number 90 * (optional). */ |
91}; |
92typedef struct grehdr GreHdr; |
93 94/* The PPTP protocol ID used in the GRE 'proto' field. */ 95#define PPTP_GRE_PROTO 0x880b 96 97/* Bits that must be set a certain way in all PPTP/GRE packets. */ 98#define PPTP_INIT_VALUE ((0x2001 << 16) | PPTP_GRE_PROTO) 99#define PPTP_INIT_MASK 0xef7fffff 100 101#define PPTP_MAGIC 0x1a2b3c4d 102#define PPTP_CTRL_MSG_TYPE 1 103 104enum { |
105 PPTP_StartCtrlConnRequest = 1, 106 PPTP_StartCtrlConnReply = 2, 107 PPTP_StopCtrlConnRequest = 3, 108 PPTP_StopCtrlConnReply = 4, 109 PPTP_EchoRequest = 5, 110 PPTP_EchoReply = 6, 111 PPTP_OutCallRequest = 7, 112 PPTP_OutCallReply = 8, 113 PPTP_InCallRequest = 9, 114 PPTP_InCallReply = 10, 115 PPTP_InCallConn = 11, 116 PPTP_CallClearRequest = 12, 117 PPTP_CallDiscNotify = 13, 118 PPTP_WanErrorNotify = 14, 119 PPTP_SetLinkInfo = 15 |
120}; 121 |
122 /* Message structures */ 123struct pptpMsgHead { 124 u_int16_t length; /* total length */ 125 u_int16_t msgType;/* PPTP message type */ 126 u_int32_t magic; /* magic cookie */ 127 u_int16_t type; /* control message type */ 128 u_int16_t resv0; /* reserved */ 129}; 130typedef struct pptpMsgHead *PptpMsgHead; |
131 |
132struct pptpCodes { 133 u_int8_t resCode;/* Result Code */ 134 u_int8_t errCode;/* Error Code */ 135}; 136typedef struct pptpCodes *PptpCode; |
137 |
138struct pptpCallIds { 139 u_int16_t cid1; /* Call ID field #1 */ 140 u_int16_t cid2; /* Call ID field #2 */ 141}; 142typedef struct pptpCallIds *PptpCallId; |
143 144static PptpCallId AliasVerifyPptp(struct ip *, u_int16_t *); 145 146 147void 148AliasHandlePptpOut(struct libalias *la, |
149 struct ip *pip, /* IP packet to examine/patch */ 150 struct alias_link *link) 151{ /* The PPTP control link */ 152 struct alias_link *pptp_link; 153 PptpCallId cptr; 154 PptpCode codes; 155 u_int16_t ctl_type; /* control message type */ 156 struct tcphdr *tc; |
157 |
158 /* Verify valid PPTP control message */ 159 if ((cptr = AliasVerifyPptp(pip, &ctl_type)) == NULL) 160 return; |
161 |
162 /* Modify certain PPTP messages */ 163 switch (ctl_type) { 164 case PPTP_OutCallRequest: 165 case PPTP_OutCallReply: 166 case PPTP_InCallRequest: 167 case PPTP_InCallReply: 168 /* 169 * Establish PPTP link for address and Call ID found in 170 * control message. 171 */ 172 pptp_link = AddPptp(la, GetOriginalAddress(link), GetDestAddress(link), 173 GetAliasAddress(link), cptr->cid1); 174 break; 175 case PPTP_CallClearRequest: 176 case PPTP_CallDiscNotify: 177 /* 178 * Find PPTP link for address and Call ID found in control 179 * message. 180 */ 181 pptp_link = FindPptpOutByCallId(la, GetOriginalAddress(link), 182 GetDestAddress(link), 183 cptr->cid1); 184 break; 185 default: 186 return; 187 } |
188 |
189 if (pptp_link != NULL) { 190 int accumulate = cptr->cid1; |
191 |
192 /* alias the Call Id */ 193 cptr->cid1 = GetAliasPort(pptp_link); |
194 |
195 /* Compute TCP checksum for revised packet */ 196 tc = (struct tcphdr *)((char *)pip + (pip->ip_hl << 2)); 197 accumulate -= cptr->cid1; 198 ADJUST_CHECKSUM(accumulate, tc->th_sum); |
199 |
200 switch (ctl_type) { 201 case PPTP_OutCallReply: 202 case PPTP_InCallReply: 203 codes = (PptpCode) (cptr + 1); 204 if (codes->resCode == 1) /* Connection 205 * established, */ 206 SetDestCallId(pptp_link, /* note the Peer's Call 207 * ID. */ 208 cptr->cid2); 209 else 210 SetExpire(pptp_link, 0); /* Connection refused. */ 211 break; 212 case PPTP_CallDiscNotify: /* Connection closed. */ 213 SetExpire(pptp_link, 0); 214 break; 215 } |
216 } |
217} 218 219void |
220AliasHandlePptpIn(struct libalias *la, 221 struct ip *pip, /* IP packet to examine/patch */ 222 struct alias_link *link) 223{ /* The PPTP control link */ 224 struct alias_link *pptp_link; 225 PptpCallId cptr; 226 u_int16_t *pcall_id; 227 u_int16_t ctl_type; /* control message type */ 228 struct tcphdr *tc; |
229 |
230 /* Verify valid PPTP control message */ 231 if ((cptr = AliasVerifyPptp(pip, &ctl_type)) == NULL) 232 return; |
233 |
234 /* Modify certain PPTP messages */ 235 switch (ctl_type) { 236 case PPTP_InCallConn: 237 case PPTP_WanErrorNotify: 238 case PPTP_SetLinkInfo: 239 pcall_id = &cptr->cid1; 240 break; 241 case PPTP_OutCallReply: 242 case PPTP_InCallReply: 243 pcall_id = &cptr->cid2; 244 break; 245 case PPTP_CallDiscNotify: /* Connection closed. */ 246 pptp_link = FindPptpInByCallId(la, GetDestAddress(link), 247 GetAliasAddress(link), 248 cptr->cid1); 249 if (pptp_link != NULL) 250 SetExpire(pptp_link, 0); 251 return; 252 default: 253 return; 254 } |
255 |
256 /* Find PPTP link for address and Call ID found in PPTP Control Msg */ 257 pptp_link = FindPptpInByPeerCallId(la, GetDestAddress(link), 258 GetAliasAddress(link), 259 *pcall_id); |
260 |
261 if (pptp_link != NULL) { 262 int accumulate = *pcall_id; |
263 |
264 /* De-alias the Peer's Call Id. */ 265 *pcall_id = GetOriginalPort(pptp_link); |
266 |
267 /* Compute TCP checksum for modified packet */ 268 tc = (struct tcphdr *)((char *)pip + (pip->ip_hl << 2)); 269 accumulate -= *pcall_id; 270 ADJUST_CHECKSUM(accumulate, tc->th_sum); |
271 |
272 if (ctl_type == PPTP_OutCallReply || ctl_type == PPTP_InCallReply) { 273 PptpCode codes = (PptpCode) (cptr + 1); |
274 |
275 if (codes->resCode == 1) /* Connection 276 * established, */ 277 SetDestCallId(pptp_link, /* note the Call ID. */ 278 cptr->cid1); 279 else 280 SetExpire(pptp_link, 0); /* Connection refused. */ 281 } 282 } |
283} 284 |
285static PptpCallId 286AliasVerifyPptp(struct ip *pip, u_int16_t * ptype) 287{ /* IP packet to examine/patch */ 288 int hlen, tlen, dlen; 289 PptpMsgHead hptr; 290 struct tcphdr *tc; |
291 |
292 /* Calculate some lengths */ 293 tc = (struct tcphdr *)((char *)pip + (pip->ip_hl << 2)); 294 hlen = (pip->ip_hl + tc->th_off) << 2; 295 tlen = ntohs(pip->ip_len); 296 dlen = tlen - hlen; |
297 |
298 /* Verify data length */ 299 if (dlen < (sizeof(struct pptpMsgHead) + sizeof(struct pptpCallIds))) 300 return (NULL); |
301 |
302 /* Move up to PPTP message header */ 303 hptr = (PptpMsgHead) (((char *)pip) + hlen); |
304 |
305 /* Return the control message type */ 306 *ptype = ntohs(hptr->type); |
307 |
308 /* Verify PPTP Control Message */ 309 if ((ntohs(hptr->msgType) != PPTP_CTRL_MSG_TYPE) || 310 (ntohl(hptr->magic) != PPTP_MAGIC)) 311 return (NULL); |
312 |
313 /* Verify data length. */ 314 if ((*ptype == PPTP_OutCallReply || *ptype == PPTP_InCallReply) && 315 (dlen < sizeof(struct pptpMsgHead) + sizeof(struct pptpCallIds) + 316 sizeof(struct pptpCodes))) 317 return (NULL); 318 else 319 return (PptpCallId) (hptr + 1); |
320} 321 322 323int 324AliasHandlePptpGreOut(struct libalias *la, struct ip *pip) 325{ |
326 GreHdr *gr; 327 struct alias_link *link; |
328 |
329 gr = (GreHdr *) ((char *)pip + (pip->ip_hl << 2)); |
330 |
331 /* Check GRE header bits. */ 332 if ((ntohl(*((u_int32_t *) gr)) & PPTP_INIT_MASK) != PPTP_INIT_VALUE) 333 return (-1); |
334 |
335 link = FindPptpOutByPeerCallId(la, pip->ip_src, pip->ip_dst, gr->gh_call_id); 336 if (link != NULL) { 337 struct in_addr alias_addr = GetAliasAddress(link); |
338 |
339 /* Change source IP address. */ 340 DifferentialChecksum(&pip->ip_sum, 341 (u_short *) & alias_addr, 342 (u_short *) & pip->ip_src, 343 2); 344 pip->ip_src = alias_addr; 345 } 346 return (0); |
347} 348 349 350int 351AliasHandlePptpGreIn(struct libalias *la, struct ip *pip) 352{ |
353 GreHdr *gr; 354 struct alias_link *link; |
355 |
356 gr = (GreHdr *) ((char *)pip + (pip->ip_hl << 2)); |
357 |
358 /* Check GRE header bits. */ 359 if ((ntohl(*((u_int32_t *) gr)) & PPTP_INIT_MASK) != PPTP_INIT_VALUE) 360 return (-1); |
361 |
362 link = FindPptpInByPeerCallId(la, pip->ip_src, pip->ip_dst, gr->gh_call_id); 363 if (link != NULL) { 364 struct in_addr src_addr = GetOriginalAddress(link); |
365 |
366 /* De-alias the Peer's Call Id. */ 367 gr->gh_call_id = GetOriginalPort(link); |
368 |
369 /* Restore original IP address. */ 370 DifferentialChecksum(&pip->ip_sum, 371 (u_short *) & src_addr, 372 (u_short *) & pip->ip_dst, 373 2); 374 pip->ip_dst = src_addr; 375 } 376 return (0); |
377} |