alias_irc.c revision 32377 
10SN/A/* Alias_irc.c intercepts packages contain IRC CTCP commands, and
20SN/A	changes DCC commands to export a port on the aliasing host instead
30SN/A	of an aliased host.
40SN/A
50SN/A    For this routine to work, the DCC command must fit entirely into a
62362SN/A    single TCP packet.  This will usually happen, but is not
70SN/A    guaranteed.
82362SN/A
90SN/A	 The interception is likely to change the length of the packet.
100SN/A	 The handling of this is copied more-or-less verbatim from
110SN/A	 ftp_alias.c
120SN/A
130SN/A    This software is placed into the public domain with no restrictions
140SN/A    on its distribution.
150SN/A
160SN/A	 Initial version: Eivind Eklund <perhaps@yes.no> (ee) 97-01-29
170SN/A
180SN/A         Version 2.1:  May, 1997 (cjm)
190SN/A             Very minor changes to conform with
202362SN/A             local/global/function naming conventions
212362SN/A             withing the packet alising module.
222362SN/A*/
230SN/A
240SN/A/* Includes */
250SN/A#include <ctype.h>
260SN/A#include <stdio.h>
270SN/A#include <string.h>
283171SN/A#include <sys/types.h>
290SN/A#include <netinet/in_systm.h>
300SN/A#include <netinet/in.h>
310SN/A#include <netinet/ip.h>
320SN/A#include <netinet/tcp.h>
330SN/A#include <limits.h>
340SN/A
351693SN/A#include "alias_local.h"
361693SN/A
371693SN/A/* Local defines */
381693SN/A#define DBprintf(a)
391693SN/A
400SN/A
410SN/Avoid
420SN/AAliasHandleIrcOut(struct ip *pip, /* IP packet to examine */
430SN/A				 struct alias_link *link,		  /* Which link are we on? */
440SN/A				 int maxsize		  /* Maximum size of IP packet including headers */
450SN/A				 )
460SN/A{
471693SN/A    int hlen, tlen, dlen;
481693SN/A    struct in_addr true_addr;
490SN/A    u_short true_port;
500SN/A    char *sptr;
510SN/A    struct tcphdr *tc;
520SN/A	 int i;							  /* Iterator through the source */
530SN/A
540SN/A/* Calculate data length of TCP packet */
550SN/A    tc = (struct tcphdr *) ((char *) pip + (pip->ip_hl << 2));
560SN/A    hlen = (pip->ip_hl + tc->th_off) << 2;
570SN/A    tlen = ntohs(pip->ip_len);
580SN/A    dlen = tlen - hlen;
590SN/A
600SN/A	 /* Return if data length is too short - assume an entire PRIVMSG in each packet. */
610SN/A    if (dlen<sizeof(":A!a@n.n PRIVMSG A :aDCC 1 1a")-1)
620SN/A        return;
633171SN/A
643171SN/A/* Place string pointer at beginning of data */
650SN/A    sptr = (char *) pip;
660SN/A    sptr += hlen;
671693SN/A	 maxsize -= hlen;				  /* We're interested in maximum size of data, not packet */
680SN/A
691693SN/A	 /* Search for a CTCP command [Note 1] */
70	 for(	i=0; i<dlen; i++ ) {
71		 if(sptr[i]=='\001')
72			 goto lFOUND_CTCP;
73	 }
74	 return;					  /* No CTCP commands in  */
75	 /* Handle CTCP commands - the buffer may have to be copied */
76lFOUND_CTCP:
77	 {
78		 char newpacket[65536];	  /* Estimate of maximum packet size :) */
79		 int  copyat = i;			  /* Same */
80		 int  iCopy = 0;			  /* How much data have we written to copy-back string? */
81		 unsigned long org_addr;  /* Original IP address */
82		 unsigned short org_port; /* Original source port address */
83	 lCTCP_START:
84		 if( i >= dlen || iCopy >= sizeof(newpacket) )
85			 goto lPACKET_DONE;
86		 newpacket[iCopy++] = sptr[i++];	/* Copy the CTCP start character */
87		 /* Start of a CTCP */
88		 if( i+4 >= dlen )		  /* Too short for DCC */
89			 goto lBAD_CTCP;
90		 if( sptr[i+0] != 'D' )
91			 goto lBAD_CTCP;
92		 if( sptr[i+1] != 'C' )
93			 goto lBAD_CTCP;
94		 if( sptr[i+2] != 'C' )
95			 goto lBAD_CTCP;
96		 if( sptr[i+3] != ' ' )
97			 goto lBAD_CTCP;
98		 /* We have a DCC command - handle it! */
99		 i+= 4;						  /* Skip "DCC " */
100		 if( iCopy+4 > sizeof(newpacket) )
101			 goto lPACKET_DONE;
102		 newpacket[iCopy++] = 'D';
103		 newpacket[iCopy++] = 'C';
104		 newpacket[iCopy++] = 'C';
105		 newpacket[iCopy++] = ' ';
106
107		 DBprintf(("Found DCC\n"));
108		 /* Skip any extra spaces (should not occur according to
109          protocol, but DCC breaks CTCP protocol anyway */
110		 while(sptr[i] == ' ') {
111			 if( ++i >= dlen) {
112				 DBprintf(("DCC packet terminated in just spaces\n"));
113				 goto lPACKET_DONE;
114			 }
115		 }
116
117		 DBprintf(("Transferring command...\n"));
118		 while(sptr[i] != ' ') {
119			 newpacket[iCopy++] = sptr[i];
120			 if( ++i >= dlen || iCopy >= sizeof(newpacket) ) {
121				 DBprintf(("DCC packet terminated during command\n"));
122				 goto lPACKET_DONE;
123			 }
124		 }
125		 /* Copy _one_ space */
126		 if( i+1 < dlen && iCopy < sizeof(newpacket) )
127			 newpacket[iCopy++] = sptr[i++];
128
129		 DBprintf(("Done command - removing spaces\n"));
130		 /* Skip any extra spaces (should not occur according to
131          protocol, but DCC breaks CTCP protocol anyway */
132		 while(sptr[i] == ' ') {
133			 if( ++i >= dlen ) {
134				 DBprintf(("DCC packet terminated in just spaces (post-command)\n"));
135				 goto lPACKET_DONE;
136			 }
137		 }
138
139		 DBprintf(("Transferring filename...\n"));
140		 while(sptr[i] != ' ') {
141			 newpacket[iCopy++] = sptr[i];
142			 if( ++i >= dlen || iCopy >= sizeof(newpacket) ) {
143				 DBprintf(("DCC packet terminated during filename\n"));
144				 goto lPACKET_DONE;
145			 }
146		 }
147		 /* Copy _one_ space */
148		 if( i+1 < dlen && iCopy < sizeof(newpacket) )
149			 newpacket[iCopy++] = sptr[i++];
150
151		 DBprintf(("Done filename - removing spaces\n"));
152		 /* Skip any extra spaces (should not occur according to
153          protocol, but DCC breaks CTCP protocol anyway */
154		 while(sptr[i] == ' ') {
155			 if( ++i >= dlen ) {
156				 DBprintf(("DCC packet terminated in just spaces (post-filename)\n"));
157				 goto lPACKET_DONE;
158			 }
159		 }
160
161		 DBprintf(("Fetching IP address\n"));
162		 /* Fetch IP address */
163		 org_addr = 0;
164		 while(i<dlen && isdigit(sptr[i])) {
165			 if( org_addr > ULONG_MAX/10UL )	{ /* Terminate on overflow */
166				 DBprintf(("DCC Address overflow (org_addr == 0x%08lx, next char %c\n", org_addr, sptr[i]));
167				 goto lBAD_CTCP;
168			 }
169			 org_addr *= 10;
170			 org_addr += sptr[i++]-'0';
171		 }
172		 DBprintf(("Skipping space\n"));
173		 if( i+1 >= dlen || sptr[i] != ' ' ) {
174			 DBprintf(("Overflow (%d >= %d) or bad character (%02x) terminating IP address\n", i+1, dlen, sptr[i]));
175			 goto lBAD_CTCP;
176		 }
177		 /* Skip any extra spaces (should not occur according to
178          protocol, but DCC breaks CTCP protocol anyway, so we might
179          as well play it safe */
180		 while(sptr[i] == ' ') {
181			 if( ++i >= dlen ) {
182				 DBprintf(("Packet failure - space overflow.\n"));
183				 goto lPACKET_DONE;
184			 }
185		 }
186		 DBprintf(("Fetching port number\n"));
187		 /* Fetch source port */
188		 org_port = 0;
189		 while(i<dlen && isdigit(sptr[i])) {
190			 if( org_port > 6554 )	{ /* Terminate on overflow (65536/10 rounded up*/
191				 DBprintf(("DCC: port number overflow\n"));
192				 goto lBAD_CTCP;
193			 }
194			 org_port *= 10;
195			 org_port += sptr[i++]-'0';
196		 }
197		 /* Skip illegal addresses (or early termination) */
198		 if( i >= dlen || (sptr[i] != '\001' && sptr[i] != ' ') ) {
199			 DBprintf(("Bad port termination\n"));
200			 goto lBAD_CTCP;
201		 }
202		 DBprintf(("Got IP %lu and port %u\n", org_addr, (unsigned)org_port));
203
204		 /* We've got the address and port - now alias it */
205		 {
206			 struct alias_link *dcc_link;
207			 struct in_addr destaddr;
208
209
210			 true_port = htons(org_port);
211			 true_addr.s_addr = htonl(org_addr);
212			 destaddr.s_addr = 0;
213
214			 /* Steal the FTP_DATA_PORT - it doesn't really matter, and this
215				 would probably allow it through at least _some_
216				 firewalls. */
217			 dcc_link = FindUdpTcpOut (true_addr,
218											destaddr,
219										   true_port,
220											0, IPPROTO_TCP);
221			 DBprintf(("Got a DCC link\n"));
222			 if ( dcc_link ) {
223				 struct in_addr alias_address;	/* Address from aliasing */
224				 u_short alias_port;	/* Port given by aliasing */
225
226				 /* Generate firewall hole as appropriate */
227				 PunchFWHole(dcc_link);
228
229				 alias_address = GetAliasAddress(link);
230				 iCopy += snprintf(&newpacket[iCopy],
231										 sizeof(newpacket)-iCopy,
232										 "%lu ", htonl(alias_address.s_addr));
233				 if( iCopy >= sizeof(newpacket) ) { /* Truncated/fit exactly - bad news */
234					 DBprintf(("DCC constructed packet overflow.\n"));
235					 goto lBAD_CTCP;
236				 }
237				 alias_port = GetAliasPort(dcc_link);
238				 iCopy += snprintf(&newpacket[iCopy],
239										 sizeof(newpacket)-iCopy,
240										 "%u", htons(alias_port) );
241				 /* Done - truncated cases will be taken care of by lBAD_CTCP */
242				 DBprintf(("Aliased IP %lu and port %u\n", alias_address.s_addr, (unsigned)alias_port));
243			 }
244		 }
245		 /* An uninteresting CTCP - state entered right after '\001' has
246          been pushed.  Also used to copy the rest of a DCC, after IP
247          address and port has been handled */
248	 lBAD_CTCP:
249		 for(; i<dlen && iCopy<sizeof(newpacket); i++,iCopy++) {
250			 newpacket[iCopy] = sptr[i]; /* Copy CTCP unchanged */
251			 if(sptr[i] == '\001') {
252				 goto lNORMAL_TEXT;
253			 }
254		 }
255		 goto lPACKET_DONE;
256		 /* Normal text */
257	 lNORMAL_TEXT:
258		 for(; i<dlen && iCopy<sizeof(newpacket); i++,iCopy++) {
259			 newpacket[iCopy] = sptr[i]; /* Copy CTCP unchanged */
260			 if(sptr[i] == '\001') {
261				 goto lCTCP_START;
262			 }
263		 }
264		 /* Handle the end of a packet */
265	 lPACKET_DONE:
266		 iCopy = iCopy > maxsize-copyat ? maxsize-copyat : iCopy;
267		 memcpy(sptr+copyat, newpacket, iCopy);
268
269/* Save information regarding modified seq and ack numbers */
270        {
271            int delta;
272
273            SetAckModified(link);
274            delta = GetDeltaSeqOut(pip, link);
275            AddSeq(pip, link, delta+copyat+iCopy-dlen);
276        }
277
278		  /* Revise IP header */
279        {
280			  u_short new_len;
281
282			  new_len = htons(hlen + iCopy + copyat);
283			  DifferentialChecksum(&pip->ip_sum,
284										  &new_len,
285										  &pip->ip_len,
286										  1);
287			  pip->ip_len = new_len;
288        }
289
290		  /* Compute TCP checksum for revised packet */
291        tc->th_sum = 0;
292        tc->th_sum = TcpChecksum(pip);
293		  return;
294	 }
295}
296
297/* Notes:
298	[Note 1]
299	The initial search will most often fail; it could be replaced with a 32-bit specific search.
300	Such a search would be done for 32-bit unsigned value V:
301	V ^= 0x01010101;				  (Search is for null bytes)
302	if( ((V-0x01010101)^V) & 0x80808080 ) {
303     (found a null bytes which was a 01 byte)
304	}
305   To assert that the processor is 32-bits, do
306   extern int ircdccar[32];        (32 bits)
307   extern int ircdccar[CHAR_BIT*sizeof(unsigned int)];
308   which will generate a type-error on all but 32-bit machines.
309
310	[Note 2] This routine really ought to be replaced with one that
311	creates a transparent proxy on the aliasing host, to allow arbitary
312	changes in the TCP stream.  This should not be too difficult given
313	this base;  I (ee) will try to do this some time later.
314	*/
315