alias_irc.c revision 32377
10SN/A/* Alias_irc.c intercepts packages contain IRC CTCP commands, and 20SN/A changes DCC commands to export a port on the aliasing host instead 30SN/A of an aliased host. 40SN/A 50SN/A For this routine to work, the DCC command must fit entirely into a 62362SN/A single TCP packet. This will usually happen, but is not 70SN/A guaranteed. 82362SN/A 90SN/A The interception is likely to change the length of the packet. 100SN/A The handling of this is copied more-or-less verbatim from 110SN/A ftp_alias.c 120SN/A 130SN/A This software is placed into the public domain with no restrictions 140SN/A on its distribution. 150SN/A 160SN/A Initial version: Eivind Eklund <perhaps@yes.no> (ee) 97-01-29 170SN/A 180SN/A Version 2.1: May, 1997 (cjm) 190SN/A Very minor changes to conform with 202362SN/A local/global/function naming conventions 212362SN/A withing the packet alising module. 222362SN/A*/ 230SN/A 240SN/A/* Includes */ 250SN/A#include <ctype.h> 260SN/A#include <stdio.h> 270SN/A#include <string.h> 283171SN/A#include <sys/types.h> 290SN/A#include <netinet/in_systm.h> 300SN/A#include <netinet/in.h> 310SN/A#include <netinet/ip.h> 320SN/A#include <netinet/tcp.h> 330SN/A#include <limits.h> 340SN/A 351693SN/A#include "alias_local.h" 361693SN/A 371693SN/A/* Local defines */ 381693SN/A#define DBprintf(a) 391693SN/A 400SN/A 410SN/Avoid 420SN/AAliasHandleIrcOut(struct ip *pip, /* IP packet to examine */ 430SN/A struct alias_link *link, /* Which link are we on? */ 440SN/A int maxsize /* Maximum size of IP packet including headers */ 450SN/A ) 460SN/A{ 471693SN/A int hlen, tlen, dlen; 481693SN/A struct in_addr true_addr; 490SN/A u_short true_port; 500SN/A char *sptr; 510SN/A struct tcphdr *tc; 520SN/A int i; /* Iterator through the source */ 530SN/A 540SN/A/* Calculate data length of TCP packet */ 550SN/A tc = (struct tcphdr *) ((char *) pip + (pip->ip_hl << 2)); 560SN/A hlen = (pip->ip_hl + tc->th_off) << 2; 570SN/A tlen = ntohs(pip->ip_len); 580SN/A dlen = tlen - hlen; 590SN/A 600SN/A /* Return if data length is too short - assume an entire PRIVMSG in each packet. */ 610SN/A if (dlen<sizeof(":A!a@n.n PRIVMSG A :aDCC 1 1a")-1) 620SN/A return; 633171SN/A 643171SN/A/* Place string pointer at beginning of data */ 650SN/A sptr = (char *) pip; 660SN/A sptr += hlen; 671693SN/A maxsize -= hlen; /* We're interested in maximum size of data, not packet */ 680SN/A 691693SN/A /* Search for a CTCP command [Note 1] */ 70 for( i=0; i<dlen; i++ ) { 71 if(sptr[i]=='\001') 72 goto lFOUND_CTCP; 73 } 74 return; /* No CTCP commands in */ 75 /* Handle CTCP commands - the buffer may have to be copied */ 76lFOUND_CTCP: 77 { 78 char newpacket[65536]; /* Estimate of maximum packet size :) */ 79 int copyat = i; /* Same */ 80 int iCopy = 0; /* How much data have we written to copy-back string? */ 81 unsigned long org_addr; /* Original IP address */ 82 unsigned short org_port; /* Original source port address */ 83 lCTCP_START: 84 if( i >= dlen || iCopy >= sizeof(newpacket) ) 85 goto lPACKET_DONE; 86 newpacket[iCopy++] = sptr[i++]; /* Copy the CTCP start character */ 87 /* Start of a CTCP */ 88 if( i+4 >= dlen ) /* Too short for DCC */ 89 goto lBAD_CTCP; 90 if( sptr[i+0] != 'D' ) 91 goto lBAD_CTCP; 92 if( sptr[i+1] != 'C' ) 93 goto lBAD_CTCP; 94 if( sptr[i+2] != 'C' ) 95 goto lBAD_CTCP; 96 if( sptr[i+3] != ' ' ) 97 goto lBAD_CTCP; 98 /* We have a DCC command - handle it! */ 99 i+= 4; /* Skip "DCC " */ 100 if( iCopy+4 > sizeof(newpacket) ) 101 goto lPACKET_DONE; 102 newpacket[iCopy++] = 'D'; 103 newpacket[iCopy++] = 'C'; 104 newpacket[iCopy++] = 'C'; 105 newpacket[iCopy++] = ' '; 106 107 DBprintf(("Found DCC\n")); 108 /* Skip any extra spaces (should not occur according to 109 protocol, but DCC breaks CTCP protocol anyway */ 110 while(sptr[i] == ' ') { 111 if( ++i >= dlen) { 112 DBprintf(("DCC packet terminated in just spaces\n")); 113 goto lPACKET_DONE; 114 } 115 } 116 117 DBprintf(("Transferring command...\n")); 118 while(sptr[i] != ' ') { 119 newpacket[iCopy++] = sptr[i]; 120 if( ++i >= dlen || iCopy >= sizeof(newpacket) ) { 121 DBprintf(("DCC packet terminated during command\n")); 122 goto lPACKET_DONE; 123 } 124 } 125 /* Copy _one_ space */ 126 if( i+1 < dlen && iCopy < sizeof(newpacket) ) 127 newpacket[iCopy++] = sptr[i++]; 128 129 DBprintf(("Done command - removing spaces\n")); 130 /* Skip any extra spaces (should not occur according to 131 protocol, but DCC breaks CTCP protocol anyway */ 132 while(sptr[i] == ' ') { 133 if( ++i >= dlen ) { 134 DBprintf(("DCC packet terminated in just spaces (post-command)\n")); 135 goto lPACKET_DONE; 136 } 137 } 138 139 DBprintf(("Transferring filename...\n")); 140 while(sptr[i] != ' ') { 141 newpacket[iCopy++] = sptr[i]; 142 if( ++i >= dlen || iCopy >= sizeof(newpacket) ) { 143 DBprintf(("DCC packet terminated during filename\n")); 144 goto lPACKET_DONE; 145 } 146 } 147 /* Copy _one_ space */ 148 if( i+1 < dlen && iCopy < sizeof(newpacket) ) 149 newpacket[iCopy++] = sptr[i++]; 150 151 DBprintf(("Done filename - removing spaces\n")); 152 /* Skip any extra spaces (should not occur according to 153 protocol, but DCC breaks CTCP protocol anyway */ 154 while(sptr[i] == ' ') { 155 if( ++i >= dlen ) { 156 DBprintf(("DCC packet terminated in just spaces (post-filename)\n")); 157 goto lPACKET_DONE; 158 } 159 } 160 161 DBprintf(("Fetching IP address\n")); 162 /* Fetch IP address */ 163 org_addr = 0; 164 while(i<dlen && isdigit(sptr[i])) { 165 if( org_addr > ULONG_MAX/10UL ) { /* Terminate on overflow */ 166 DBprintf(("DCC Address overflow (org_addr == 0x%08lx, next char %c\n", org_addr, sptr[i])); 167 goto lBAD_CTCP; 168 } 169 org_addr *= 10; 170 org_addr += sptr[i++]-'0'; 171 } 172 DBprintf(("Skipping space\n")); 173 if( i+1 >= dlen || sptr[i] != ' ' ) { 174 DBprintf(("Overflow (%d >= %d) or bad character (%02x) terminating IP address\n", i+1, dlen, sptr[i])); 175 goto lBAD_CTCP; 176 } 177 /* Skip any extra spaces (should not occur according to 178 protocol, but DCC breaks CTCP protocol anyway, so we might 179 as well play it safe */ 180 while(sptr[i] == ' ') { 181 if( ++i >= dlen ) { 182 DBprintf(("Packet failure - space overflow.\n")); 183 goto lPACKET_DONE; 184 } 185 } 186 DBprintf(("Fetching port number\n")); 187 /* Fetch source port */ 188 org_port = 0; 189 while(i<dlen && isdigit(sptr[i])) { 190 if( org_port > 6554 ) { /* Terminate on overflow (65536/10 rounded up*/ 191 DBprintf(("DCC: port number overflow\n")); 192 goto lBAD_CTCP; 193 } 194 org_port *= 10; 195 org_port += sptr[i++]-'0'; 196 } 197 /* Skip illegal addresses (or early termination) */ 198 if( i >= dlen || (sptr[i] != '\001' && sptr[i] != ' ') ) { 199 DBprintf(("Bad port termination\n")); 200 goto lBAD_CTCP; 201 } 202 DBprintf(("Got IP %lu and port %u\n", org_addr, (unsigned)org_port)); 203 204 /* We've got the address and port - now alias it */ 205 { 206 struct alias_link *dcc_link; 207 struct in_addr destaddr; 208 209 210 true_port = htons(org_port); 211 true_addr.s_addr = htonl(org_addr); 212 destaddr.s_addr = 0; 213 214 /* Steal the FTP_DATA_PORT - it doesn't really matter, and this 215 would probably allow it through at least _some_ 216 firewalls. */ 217 dcc_link = FindUdpTcpOut (true_addr, 218 destaddr, 219 true_port, 220 0, IPPROTO_TCP); 221 DBprintf(("Got a DCC link\n")); 222 if ( dcc_link ) { 223 struct in_addr alias_address; /* Address from aliasing */ 224 u_short alias_port; /* Port given by aliasing */ 225 226 /* Generate firewall hole as appropriate */ 227 PunchFWHole(dcc_link); 228 229 alias_address = GetAliasAddress(link); 230 iCopy += snprintf(&newpacket[iCopy], 231 sizeof(newpacket)-iCopy, 232 "%lu ", htonl(alias_address.s_addr)); 233 if( iCopy >= sizeof(newpacket) ) { /* Truncated/fit exactly - bad news */ 234 DBprintf(("DCC constructed packet overflow.\n")); 235 goto lBAD_CTCP; 236 } 237 alias_port = GetAliasPort(dcc_link); 238 iCopy += snprintf(&newpacket[iCopy], 239 sizeof(newpacket)-iCopy, 240 "%u", htons(alias_port) ); 241 /* Done - truncated cases will be taken care of by lBAD_CTCP */ 242 DBprintf(("Aliased IP %lu and port %u\n", alias_address.s_addr, (unsigned)alias_port)); 243 } 244 } 245 /* An uninteresting CTCP - state entered right after '\001' has 246 been pushed. Also used to copy the rest of a DCC, after IP 247 address and port has been handled */ 248 lBAD_CTCP: 249 for(; i<dlen && iCopy<sizeof(newpacket); i++,iCopy++) { 250 newpacket[iCopy] = sptr[i]; /* Copy CTCP unchanged */ 251 if(sptr[i] == '\001') { 252 goto lNORMAL_TEXT; 253 } 254 } 255 goto lPACKET_DONE; 256 /* Normal text */ 257 lNORMAL_TEXT: 258 for(; i<dlen && iCopy<sizeof(newpacket); i++,iCopy++) { 259 newpacket[iCopy] = sptr[i]; /* Copy CTCP unchanged */ 260 if(sptr[i] == '\001') { 261 goto lCTCP_START; 262 } 263 } 264 /* Handle the end of a packet */ 265 lPACKET_DONE: 266 iCopy = iCopy > maxsize-copyat ? maxsize-copyat : iCopy; 267 memcpy(sptr+copyat, newpacket, iCopy); 268 269/* Save information regarding modified seq and ack numbers */ 270 { 271 int delta; 272 273 SetAckModified(link); 274 delta = GetDeltaSeqOut(pip, link); 275 AddSeq(pip, link, delta+copyat+iCopy-dlen); 276 } 277 278 /* Revise IP header */ 279 { 280 u_short new_len; 281 282 new_len = htons(hlen + iCopy + copyat); 283 DifferentialChecksum(&pip->ip_sum, 284 &new_len, 285 &pip->ip_len, 286 1); 287 pip->ip_len = new_len; 288 } 289 290 /* Compute TCP checksum for revised packet */ 291 tc->th_sum = 0; 292 tc->th_sum = TcpChecksum(pip); 293 return; 294 } 295} 296 297/* Notes: 298 [Note 1] 299 The initial search will most often fail; it could be replaced with a 32-bit specific search. 300 Such a search would be done for 32-bit unsigned value V: 301 V ^= 0x01010101; (Search is for null bytes) 302 if( ((V-0x01010101)^V) & 0x80808080 ) { 303 (found a null bytes which was a 01 byte) 304 } 305 To assert that the processor is 32-bits, do 306 extern int ircdccar[32]; (32 bits) 307 extern int ircdccar[CHAR_BIT*sizeof(unsigned int)]; 308 which will generate a type-error on all but 32-bit machines. 309 310 [Note 2] This routine really ought to be replaced with one that 311 creates a transparent proxy on the aliasing host, to allow arbitary 312 changes in the TCP stream. This should not be too difficult given 313 this base; I (ee) will try to do this some time later. 314 */ 315