search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
tcp: Cache align ACK queue header.
[dragonfly.git] / usr.sbin / ftp-proxy / ftp-proxy.c
blob0dd2f1713b0238536e214c8f6f5bce5dba046cf6
1 /* $OpenBSD: ftp-proxy.c,v 1.15 2007/08/15 15:18:02 camield Exp $ */
2
3 /*
4 * Copyright (c) 2004, 2005 Camiel Dobbelaar, <cd@sentia.nl>
5 *
6 * Permission to use, copy, modify, and distribute this software for any
7 * purpose with or without fee is hereby granted, provided that the above
8 * copyright notice and this permission notice appear in all copies.
9 *
10 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
11 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
12 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
13 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
14 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17 */
18
19 #include <sys/queue.h>
20 #include <sys/types.h>
21 #include <sys/event.h>
22 #include <sys/time.h>
23 #include <sys/resource.h>
24 #include <sys/socket.h>
25
26 #include <net/if.h>
27 #include <net/pf/pfvar.h>
28 #include <netinet/in.h>
29 #include <arpa/inet.h>
30
31 #include <err.h>
32 #include <errno.h>
33 #include <fcntl.h>
34 #include <netdb.h>
35 #include <pwd.h>
36 #include <signal.h>
37 #include <stdarg.h>
38 #include <stdio.h>
39 #include <stdlib.h>
40 #include <string.h>
41 #include <syslog.h>
42 #include <unistd.h>
43 #include <vis.h>
44
45 #include "filter.h"
46
47 #define CONNECT_TIMEOUT 30
48 #define MIN_PORT 1024
49 #define MAX_LINE 500
50 #define MAX_LOGLINE 300
51 #define NTOP_BUFS 3
52 #define TCP_BACKLOG 10
53
54 #define CHROOT_DIR "/var/empty"
55 #define NOPRIV_USER "proxy"
56
57 /* pfctl standard NAT range. */
58 #define PF_NAT_PROXY_PORT_LOW 50001
59 #define PF_NAT_PROXY_PORT_HIGH 65535
60
61 #define sstosa(ss) ((struct sockaddr *)(ss))
62
63 enum { CMD_NONE = 0, CMD_PORT, CMD_EPRT, CMD_PASV, CMD_EPSV };
64
65 struct cbuf {
66 char *buffer;
67 size_t buffer_size;
68 size_t buffer_offset;
69 };
70
71 struct session {
72 u_int32_t id;
73 struct sockaddr_storage client_ss;
74 struct sockaddr_storage proxy_ss;
75 struct sockaddr_storage server_ss;
76 struct sockaddr_storage orig_server_ss;
77 struct cbuf client;
78 struct cbuf server;
79 int client_fd;
80 int server_fd;
81 char cbuf[MAX_LINE];
82 size_t cbuf_valid;
83 char sbuf[MAX_LINE];
84 size_t sbuf_valid;
85 int cmd;
86 u_int16_t port;
87 u_int16_t proxy_port;
88 LIST_ENTRY(session) entry;
89 };
90
91 LIST_HEAD(, session) sessions = LIST_HEAD_INITIALIZER(sessions);
92
93 void buffer_data(struct session *, struct cbuf *, char *, size_t);
94 int client_parse(struct session *);
95 int client_parse_anon(struct session *);
96 int client_parse_cmd(struct session *);
97 void client_read(struct session *);
98 void client_write(struct session *);
99 int drop_privs(void);
100 void end_session(struct session *);
101 int exit_daemon(void);
102 int get_line(char *, size_t *);
103 void handle_connection(const int);
104 void handle_signal(int);
105 struct session * init_session(void);
106 void logmsg(int, const char *, ...) __printflike(2, 3);
107 u_int16_t parse_port(int);
108 u_int16_t pick_proxy_port(void);
109 void proxy_reply(int, struct sockaddr *, u_int16_t);
110 int server_parse(struct session *);
111 void server_read(struct session *);
112 void server_write(struct session *);
113 int allow_data_connection(struct session *s);
114 const char *sock_ntop(struct sockaddr *);
115 void usage(void);
116
117 char linebuf[MAX_LINE + 1];
118 size_t linelen;
119
120 char ntop_buf[NTOP_BUFS][INET6_ADDRSTRLEN];
121
122 #define KQ_NEVENTS 64
123 struct kevent changes[KQ_NEVENTS];
124 int nchanges;
125
126 struct sockaddr_storage fixed_server_ss, fixed_proxy_ss;
127 char *fixed_server, *fixed_server_port, *fixed_proxy, *listen_ip, *listen_port,
128 *qname, *tagname;
129 int anonymous_only, daemonize, id_count, ipv6_mode, loglevel, max_sessions,
130 rfc_mode, session_count, timeout, verbose;
131 extern char *__progname;
132
133 void
134 buffer_data(struct session *s, struct cbuf *cb, char *buf, size_t len)
135 {
136 if (len < 1)
137 return;
138
139 if (cb->buffer == NULL)
140 if ((cb->buffer = malloc(MAX_LINE)) == NULL)
141 goto error;
142
143 memcpy(cb->buffer, buf, len);
144 cb->buffer_size = len;
145 return;
146
147 error:
148 logmsg(LOG_ERR, "#%d could not allocate memory for buffer", s->id);
149 end_session(s);
150 }
151
152 int
153 client_parse(struct session *s)
154 {
155 /* Reset any previous command. */
156 s->cmd = CMD_NONE;
157 s->port = 0;
158
159 /* Commands we are looking for are at least 4 chars long. */
160 if (linelen < 4)
161 return (1);
162
163 if (linebuf[0] == 'P' || linebuf[0] == 'p' ||
164 linebuf[0] == 'E' || linebuf[0] == 'e') {
165 if (!client_parse_cmd(s))
166 return (0);
167
168 /*
169 * Allow active mode connections immediately, instead of
170 * waiting for a positive reply from the server. Some
171 * rare servers/proxies try to probe or setup the data
172 * connection before an actual transfer request.
173 */
174 if (s->cmd == CMD_PORT || s->cmd == CMD_EPRT)
175 return (allow_data_connection(s));
176 }
177
178 if (anonymous_only && (linebuf[0] == 'U' || linebuf[0] == 'u'))
179 return (client_parse_anon(s));
180
181 return (1);
182 }
183
184 int
185 client_parse_anon(struct session *s)
186 {
187 size_t written;
188
189 if (strcasecmp("USER ftp\r\n", linebuf) != 0 &&
190 strcasecmp("USER anonymous\r\n", linebuf) != 0) {
191 snprintf(linebuf, sizeof linebuf,
192 "500 Only anonymous FTP allowed\r\n");
193 logmsg(LOG_DEBUG, "#%d proxy: %s", s->id, linebuf);
194
195 /* Talk back to the client ourself. */
196 linelen = strlen(linebuf);
197 written = write(s->client_fd, linebuf, linelen);
198 if (written == -1) {
199 logmsg(LOG_ERR, "#%d write failed", s->id);
200 return (0); /* Session will be ended for us */
201 } else if (written < linelen) {
202 EV_SET(&changes[nchanges++], s->server_fd,
203 EVFILT_READ, EV_DISABLE, 0, 0, s);
204 EV_SET(&changes[nchanges++], s->client_fd,
205 EVFILT_WRITE, EV_ADD, 0, 0, s);
206 buffer_data(s, &s->client, linebuf + written,
207 linelen - written);
208 return (1);
209 }
210
211 /* Clear buffer so it's not sent to the server. */
212 linebuf[0] = '\0';
213 linelen = 0;
214 }
215
216 return (1);
217 }
218
219 int
220 client_parse_cmd(struct session *s)
221 {
222 if (strncasecmp("PASV", linebuf, 4) == 0)
223 s->cmd = CMD_PASV;
224 else if (strncasecmp("PORT ", linebuf, 5) == 0)
225 s->cmd = CMD_PORT;
226 else if (strncasecmp("EPSV", linebuf, 4) == 0)
227 s->cmd = CMD_EPSV;
228 else if (strncasecmp("EPRT ", linebuf, 5) == 0)
229 s->cmd = CMD_EPRT;
230 else
231 return (1);
232
233 if (ipv6_mode && (s->cmd == CMD_PASV || s->cmd == CMD_PORT)) {
234 logmsg(LOG_CRIT, "PASV and PORT not allowed with IPv6");
235 return (0);
236 }
237
238 if (s->cmd == CMD_PORT || s->cmd == CMD_EPRT) {
239 s->port = parse_port(s->cmd);
240 if (s->port < MIN_PORT) {
241 logmsg(LOG_CRIT, "#%d bad port in '%s'", s->id,
242 linebuf);
243 return (0);
244 }
245 s->proxy_port = pick_proxy_port();
246 proxy_reply(s->cmd, sstosa(&s->proxy_ss), s->proxy_port);
247 logmsg(LOG_DEBUG, "#%d proxy: %s", s->id, linebuf);
248 }
249
250 return (1);
251 }
252
253 void
254 client_read(struct session *s)
255 {
256 size_t buf_avail, bread, bwritten;
257 int n;
258
259 do {
260 buf_avail = sizeof s->cbuf - s->cbuf_valid;
261 bread = read(s->client_fd, s->cbuf + s->cbuf_valid, buf_avail);
262 s->cbuf_valid += bread;
263
264 while ((n = get_line(s->cbuf, &s->cbuf_valid)) > 0) {
265 logmsg(LOG_DEBUG, "#%d client: %s", s->id, linebuf);
266 if (!client_parse(s)) {
267 end_session(s);
268 return;
269 }
270 bwritten = write(s->server_fd, linebuf, linelen);
271 if (bwritten == -1) {
272 } else if (bwritten < linelen) {
273 EV_SET(&changes[nchanges++], s->client_fd,
274 EVFILT_READ, EV_DISABLE, 0, 0, s);
275 EV_SET(&changes[nchanges++], s->server_fd,
276 EVFILT_WRITE, EV_ADD, 0, 0, s);
277 buffer_data(s, &s->server, linebuf + bwritten,
278 linelen - bwritten);
279 return;
280 }
281 }
282
283 if (n == -1) {
284 logmsg(LOG_ERR, "#%d client command too long or not"
285 " clean", s->id);
286 end_session(s);
287 return;
288 }
289 } while (bread == buf_avail);
290 }
291
292 void
293 client_write(struct session *s)
294 {
295 size_t written;
296
297 written = write(s->client_fd, s->client.buffer + s->client.buffer_offset,
298 s->client.buffer_size - s->client.buffer_offset);
299 if (written == -1) {
300 logmsg(LOG_ERR, "#%d write failed", s->id);
301 end_session(s);
302 } else if (written == (s->client.buffer_size - s->client.buffer_offset)) {
303 free(s->client.buffer);
304 s->client.buffer = NULL;
305 s->client.buffer_size = 0;
306 s->client.buffer_offset = 0;
307 EV_SET(&changes[nchanges++], s->server_fd,
308 EVFILT_READ, EV_ENABLE, 0, 0, s);
309 } else {
310 s->client.buffer_offset += written;
311 }
312 }
313
314 int
315 drop_privs(void)
316 {
317 struct passwd *pw;
318
319 pw = getpwnam(NOPRIV_USER);
320 if (pw == NULL)
321 return (0);
322
323 tzset();
324 if (chroot(CHROOT_DIR) != 0 || chdir("/") != 0 ||
325 setgroups(1, &pw->pw_gid) != 0 ||
326 setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) != 0 ||
327 setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid) != 0)
328 return (0);
329
330 return (1);
331 }
332
333 void
334 end_session(struct session *s)
335 {
336 int err;
337
338 logmsg(LOG_INFO, "#%d ending session", s->id);
339
340 if (s->client_fd != -1)
341 close(s->client_fd);
342 if (s->server_fd != -1)
343 close(s->server_fd);
344
345 if (s->client.buffer)
346 free(s->client.buffer);
347 if (s->server.buffer)
348 free(s->server.buffer);
349
350 /* Remove rulesets by commiting empty ones. */
351 err = 0;
352 if (prepare_commit(s->id) == -1)
353 err = errno;
354 else if (do_commit() == -1) {
355 err = errno;
356 do_rollback();
357 }
358 if (err)
359 logmsg(LOG_ERR, "#%d pf rule removal failed: %s", s->id,
360 strerror(err));
361
362 LIST_REMOVE(s, entry);
363 free(s);
364 session_count--;
365 }
366
367 int
368 exit_daemon(void)
369 {
370 struct session *s, *tmp;
371
372 LIST_FOREACH_MUTABLE(s, &sessions, entry, tmp) {
373 end_session(s);
374 }
375
376 if (daemonize)
377 closelog();
378
379 exit(0);
380
381 /* NOTREACHED */
382 return (-1);
383 }
384
385 int
386 get_line(char *buf, size_t *valid)
387 {
388 size_t i;
389
390 if (*valid > MAX_LINE)
391 return (-1);
392
393 /* Copy to linebuf while searching for a newline. */
394 for (i = 0; i < *valid; i++) {
395 linebuf[i] = buf[i];
396 if (buf[i] == '\0')
397 return (-1);
398 if (buf[i] == '\n')
399 break;
400 }
401
402 if (i == *valid) {
403 /* No newline found. */
404 linebuf[0] = '\0';
405 linelen = 0;
406 if (i < MAX_LINE)
407 return (0);
408 return (-1);
409 }
410
411 linelen = i + 1;
412 linebuf[linelen] = '\0';
413 *valid -= linelen;
414
415 /* Move leftovers to the start. */
416 if (*valid != 0)
417 bcopy(buf + linelen, buf, *valid);
418
419 return ((int)linelen);
420 }
421
422 void
423 handle_connection(const int listen_fd)
424 {
425 struct sockaddr_storage tmp_ss;
426 struct sockaddr *client_sa, *server_sa, *fixed_server_sa;
427 struct sockaddr *client_to_proxy_sa, *proxy_to_server_sa;
428 struct session *s;
429 socklen_t len;
430 int client_fd, fc, on;
431
432 /*
433 * We _must_ accept the connection, otherwise libevent will keep
434 * coming back, and we will chew up all CPU.
435 */
436 client_sa = sstosa(&tmp_ss);
437 len = sizeof(struct sockaddr_storage);
438 if ((client_fd = accept(listen_fd, client_sa, &len)) < 0) {
439 logmsg(LOG_CRIT, "accept failed: %s", strerror(errno));
440 return;
441 }
442
443 /* Refuse connection if the maximum is reached. */
444 if (session_count >= max_sessions) {
445 logmsg(LOG_ERR, "client limit (%d) reached, refusing "
446 "connection from %s", max_sessions, sock_ntop(client_sa));
447 close(client_fd);
448 return;
449 }
450
451 /* Allocate session and copy back the info from the accept(). */
452 s = init_session();
453 if (s == NULL) {
454 logmsg(LOG_CRIT, "init_session failed");
455 close(client_fd);
456 return;
457 }
458 s->client_fd = client_fd;
459 memcpy(sstosa(&s->client_ss), client_sa, client_sa->sa_len);
460
461 /* Cast it once, and be done with it. */
462 client_sa = sstosa(&s->client_ss);
463 server_sa = sstosa(&s->server_ss);
464 client_to_proxy_sa = sstosa(&tmp_ss);
465 proxy_to_server_sa = sstosa(&s->proxy_ss);
466 fixed_server_sa = sstosa(&fixed_server_ss);
467
468 /* Log id/client early to ease debugging. */
469 logmsg(LOG_DEBUG, "#%d accepted connection from %s", s->id,
470 sock_ntop(client_sa));
471
472 /*
473 * Find out the real server and port that the client wanted.
474 */
475 len = sizeof(struct sockaddr_storage);
476 if ((getsockname(s->client_fd, client_to_proxy_sa, &len)) < 0) {
477 logmsg(LOG_CRIT, "#%d getsockname failed: %s", s->id,
478 strerror(errno));
479 goto fail;
480 }
481 if (server_lookup(client_sa, client_to_proxy_sa, server_sa) != 0) {
482 logmsg(LOG_CRIT, "#%d server lookup failed (no rdr?)", s->id);
483 goto fail;
484 }
485 if (fixed_server) {
486 memcpy(sstosa(&s->orig_server_ss), server_sa,
487 server_sa->sa_len);
488 memcpy(server_sa, fixed_server_sa, fixed_server_sa->sa_len);
489 }
490
491 /* XXX: check we are not connecting to ourself. */
492
493 /*
494 * Setup socket and connect to server.
495 */
496 if ((s->server_fd = socket(server_sa->sa_family, SOCK_STREAM,
497 IPPROTO_TCP)) < 0) {
498 logmsg(LOG_CRIT, "#%d server socket failed: %s", s->id,
499 strerror(errno));
500 goto fail;
501 }
502 if (fixed_proxy && bind(s->server_fd, sstosa(&fixed_proxy_ss),
503 fixed_proxy_ss.ss_len) != 0) {
504 logmsg(LOG_CRIT, "#%d cannot bind fixed proxy address: %s",
505 s->id, strerror(errno));
506 goto fail;
507 }
508
509 /* Use non-blocking connect(), see CONNECT_TIMEOUT below. */
510 if ((fc = fcntl(s->server_fd, F_GETFL)) == -1 ||
511 fcntl(s->server_fd, F_SETFL, fc | O_NONBLOCK) == -1) {
512 logmsg(LOG_CRIT, "#%d cannot mark socket non-blocking: %s",
513 s->id, strerror(errno));
514 goto fail;
515 }
516 if (connect(s->server_fd, server_sa, server_sa->sa_len) < 0 &&
517 errno != EINPROGRESS) {
518 logmsg(LOG_CRIT, "#%d proxy cannot connect to server %s: %s",
519 s->id, sock_ntop(server_sa), strerror(errno));
520 goto fail;
521 }
522
523 len = sizeof(struct sockaddr_storage);
524 if ((getsockname(s->server_fd, proxy_to_server_sa, &len)) < 0) {
525 logmsg(LOG_CRIT, "#%d getsockname failed: %s", s->id,
526 strerror(errno));
527 goto fail;
528 }
529
530 logmsg(LOG_INFO, "#%d FTP session %d/%d started: client %s to server "
531 "%s via proxy %s ", s->id, session_count, max_sessions,
532 sock_ntop(client_sa), sock_ntop(server_sa),
533 sock_ntop(proxy_to_server_sa));
534
535 /* Keepalive is nice, but don't care if it fails. */
536 on = 1;
537 setsockopt(s->client_fd, SOL_SOCKET, SO_KEEPALIVE, (void *)&on,
538 sizeof on);
539 setsockopt(s->server_fd, SOL_SOCKET, SO_KEEPALIVE, (void *)&on,
540 sizeof on);
541
542 EV_SET(&changes[nchanges++], s->client_fd, EVFILT_READ, EV_ADD, 0, 0, s);
543 EV_SET(&changes[nchanges++], s->server_fd, EVFILT_READ, EV_ADD, 0, 0, s);
544
545 return;
546
547 fail:
548 end_session(s);
549 }
550
551 void
552 handle_signal(int sig)
553 {
554 /*
555 * Signal handler rules don't apply.
556 */
557
558 logmsg(LOG_ERR, "%s exiting on signal %d", __progname, sig);
559
560 exit_daemon();
561 }
562
563
564 struct session *
565 init_session(void)
566 {
567 struct session *s;
568
569 s = calloc(1, sizeof(struct session));
570 if (s == NULL)
571 return (NULL);
572
573 s->id = id_count++;
574 s->client_fd = -1;
575 s->server_fd = -1;
576 s->cbuf[0] = '\0';
577 s->cbuf_valid = 0;
578 s->sbuf[0] = '\0';
579 s->sbuf_valid = 0;
580 s->client.buffer = NULL;
581 s->client.buffer_size = 0;
582 s->client.buffer_offset = 0;
583 s->server.buffer = NULL;
584 s->server.buffer_size = 0;
585 s->server.buffer_offset = 0;
586 s->cmd = CMD_NONE;
587 s->port = 0;
588
589 LIST_INSERT_HEAD(&sessions, s, entry);
590 session_count++;
591
592 return (s);
593 }
594
595 void
596 logmsg(int pri, const char *message, ...)
597 {
598 va_list ap;
599
600 if (pri > loglevel)
601 return;
602
603 va_start(ap, message);
604
605 if (daemonize)
606 /* syslog does its own vissing. */
607 vsyslog(pri, message, ap);
608 else {
609 char buf[MAX_LOGLINE];
610 char visbuf[2 * MAX_LOGLINE];
611
612 /* We don't care about truncation. */
613 vsnprintf(buf, sizeof buf, message, ap);
614 strnvis(visbuf, buf, sizeof visbuf, VIS_CSTYLE | VIS_NL);
615 fprintf(stderr, "%s\n", visbuf);
616 }
617
618 va_end(ap);
619 }
620
621 int
622 main(int argc, char *argv[])
623 {
624 struct rlimit rlp;
625 struct addrinfo hints, *res;
626 int kq, ch, error, listenfd, on;
627 const char *errstr;
628
629 /* Defaults. */
630 anonymous_only = 0;
631 daemonize = 1;
632 fixed_proxy = NULL;
633 fixed_server = NULL;
634 fixed_server_port = "21";
635 ipv6_mode = 0;
636 listen_ip = NULL;
637 listen_port = "8021";
638 loglevel = LOG_NOTICE;
639 max_sessions = 100;
640 qname = NULL;
641 rfc_mode = 0;
642 tagname = NULL;
643 timeout = 24 * 3600;
644 verbose = 0;
645
646 /* Other initialization. */
647 id_count = 1;
648 session_count = 0;
649 nchanges = 0;
650
651 while ((ch = getopt(argc, argv, "6Aa:b:D:dm:P:p:q:R:rT:t:v")) != -1) {
652 switch (ch) {
653 case '6':
654 ipv6_mode = 1;
655 break;
656 case 'A':
657 anonymous_only = 1;
658 break;
659 case 'a':
660 fixed_proxy = optarg;
661 break;
662 case 'b':
663 listen_ip = optarg;
664 break;
665 case 'D':
666 loglevel = strtonum(optarg, LOG_EMERG, LOG_DEBUG,
667 &errstr);
668 if (errstr)
669 errx(1, "loglevel %s", errstr);
670 break;
671 case 'd':
672 daemonize = 0;
673 break;
674 case 'm':
675 max_sessions = strtonum(optarg, 1, 500, &errstr);
676 if (errstr)
677 errx(1, "max sessions %s", errstr);
678 break;
679 case 'P':
680 fixed_server_port = optarg;
681 break;
682 case 'p':
683 listen_port = optarg;
684 break;
685 case 'q':
686 if (strlen(optarg) >= PF_QNAME_SIZE)
687 errx(1, "queuename too long");
688 qname = optarg;
689 break;
690 case 'R':
691 fixed_server = optarg;
692 break;
693 case 'r':
694 rfc_mode = 1;
695 break;
696 case 'T':
697 if (strlen(optarg) >= PF_TAG_NAME_SIZE)
698 errx(1, "tagname too long");
699 tagname = optarg;
700 break;
701 case 't':
702 timeout = strtonum(optarg, 0, 86400, &errstr);
703 if (errstr)
704 errx(1, "timeout %s", errstr);
705 break;
706 case 'v':
707 verbose++;
708 if (verbose > 2)
709 usage();
710 break;
711 default:
712 usage();
713 }
714 }
715
716 if (listen_ip == NULL)
717 listen_ip = ipv6_mode ? "::1" : "127.0.0.1";
718
719 /* Check for root to save the user from cryptic failure messages. */
720 if (getuid() != 0)
721 errx(1, "needs to start as root");
722
723 /* Raise max. open files limit to satisfy max. sessions. */
724 rlp.rlim_cur = rlp.rlim_max = (2 * max_sessions) + 10;
725 if (setrlimit(RLIMIT_NOFILE, &rlp) == -1)
726 err(1, "setrlimit");
727
728 if (fixed_proxy) {
729 memset(&hints, 0, sizeof hints);
730 hints.ai_flags = AI_NUMERICHOST;
731 hints.ai_family = ipv6_mode ? AF_INET6 : AF_INET;
732 hints.ai_socktype = SOCK_STREAM;
733 error = getaddrinfo(fixed_proxy, NULL, &hints, &res);
734 if (error)
735 errx(1, "getaddrinfo fixed proxy address failed: %s",
736 gai_strerror(error));
737 memcpy(&fixed_proxy_ss, res->ai_addr, res->ai_addrlen);
738 logmsg(LOG_INFO, "using %s to connect to servers",
739 sock_ntop(sstosa(&fixed_proxy_ss)));
740 freeaddrinfo(res);
741 }
742
743 if (fixed_server) {
744 memset(&hints, 0, sizeof hints);
745 hints.ai_family = ipv6_mode ? AF_INET6 : AF_INET;
746 hints.ai_socktype = SOCK_STREAM;
747 error = getaddrinfo(fixed_server, fixed_server_port, &hints,
748 &res);
749 if (error)
750 errx(1, "getaddrinfo fixed server address failed: %s",
751 gai_strerror(error));
752 memcpy(&fixed_server_ss, res->ai_addr, res->ai_addrlen);
753 logmsg(LOG_INFO, "using fixed server %s",
754 sock_ntop(sstosa(&fixed_server_ss)));
755 freeaddrinfo(res);
756 }
757
758 /* Setup listener. */
759 memset(&hints, 0, sizeof hints);
760 hints.ai_flags = AI_NUMERICHOST | AI_PASSIVE;
761 hints.ai_family = ipv6_mode ? AF_INET6 : AF_INET;
762 hints.ai_socktype = SOCK_STREAM;
763 error = getaddrinfo(listen_ip, listen_port, &hints, &res);
764 if (error)
765 errx(1, "getaddrinfo listen address failed: %s",
766 gai_strerror(error));
767 if ((listenfd = socket(res->ai_family, SOCK_STREAM, IPPROTO_TCP)) == -1)
768 errx(1, "socket failed");
769 on = 1;
770 if (setsockopt(listenfd, SOL_SOCKET, SO_REUSEADDR, (void *)&on,
771 sizeof on) != 0)
772 err(1, "setsockopt failed");
773 if (bind(listenfd, (struct sockaddr *)res->ai_addr,
774 (socklen_t)res->ai_addrlen) != 0)
775 err(1, "bind failed");
776 if (listen(listenfd, TCP_BACKLOG) != 0)
777 err(1, "listen failed");
778 freeaddrinfo(res);
779
780 /* Initialize pf. */
781 init_filter(qname, tagname, verbose);
782
783 if (daemonize) {
784 if (daemon(0, 0) == -1)
785 err(1, "cannot daemonize");
786 openlog(__progname, LOG_PID | LOG_NDELAY, LOG_DAEMON);
787 }
788
789 /* Use logmsg for output from here on. */
790
791 if (!drop_privs()) {
792 logmsg(LOG_ERR, "cannot drop privileges: %s", strerror(errno));
793 exit(1);
794 }
795
796 if ((kq = kqueue()) == -1) {
797 logmsg(LOG_ERR, "cannot create new kqueue(2): %s", strerror(errno));
798 exit(1);
799 }
800
801 /* Setup signal handler. */
802 signal(SIGPIPE, SIG_IGN);
803 EV_SET(&changes[nchanges++], SIGHUP, EVFILT_SIGNAL, EV_ADD, 0, 0, NULL);
804 EV_SET(&changes[nchanges++], SIGINT, EVFILT_SIGNAL, EV_ADD, 0, 0, NULL);
805 EV_SET(&changes[nchanges++], SIGTERM, EVFILT_SIGNAL, EV_ADD, 0, 0, NULL);
806
807 EV_SET(&changes[nchanges++], listenfd, EVFILT_READ, EV_ADD, 0, 0, NULL);
808
809 logmsg(LOG_NOTICE, "listening on %s port %s", listen_ip, listen_port);
810
811 /* Vroom, vroom. */
812 for ( ; ; ) {
813 int i, nevents;
814 struct kevent events[KQ_NEVENTS], *event;
815 struct session *s;
816
817 nevents = kevent(kq, &changes[0], nchanges, &events[0],
818 KQ_NEVENTS, NULL);
819 if (nevents == -1) {
820 logmsg(LOG_ERR, "cannot create new kqueue(2): %s", strerror(errno));
821 exit(1);
822 }
823 nchanges = 0;
824
825 for (i = 0; i < nevents; ++i) {
826 event = &events[i];
827
828 if (event->filter == EVFILT_SIGNAL) {
829 handle_signal(event->ident);
830 continue;
831 }
832
833 if (event->ident == listenfd) {
834 /* Handle new connection */
835 handle_connection(event->ident);
836 } else {
837 /* Process existing connection */
838 s = (struct session *)event->udata;
839
840 if (event->ident == s->client_fd) {
841 if (event->filter == EVFILT_READ)
842 client_read(s);
843 else
844 client_write(s);
845 } else {
846 if (event->filter == EVFILT_READ)
847 server_read(s);
848 else
849 server_write(s);
850 }
851 }
852
853 /* The next loop might overflow changes */
854 if (nchanges > KQ_NEVENTS - 4)
855 break;
856 }
857 }
858
859 exit_daemon();
860
861 /* NOTREACHED */
862 return (1);
863 }
864
865 u_int16_t
866 parse_port(int mode)
867 {
868 unsigned int port, v[6];
869 int n;
870 char *p;
871
872 /* Find the last space or left-parenthesis. */
873 for (p = linebuf + linelen; p > linebuf; p--)
874 if (*p == ' ' || *p == '(')
875 break;
876 if (p == linebuf)
877 return (0);
878
879 switch (mode) {
880 case CMD_PORT:
881 n = sscanf(p, " %u,%u,%u,%u,%u,%u", &v[0], &v[1], &v[2],
882 &v[3], &v[4], &v[5]);
883 if (n == 6 && v[0] < 256 && v[1] < 256 && v[2] < 256 &&
884 v[3] < 256 && v[4] < 256 && v[5] < 256)
885 return ((v[4] << 8) | v[5]);
886 break;
887 case CMD_PASV:
888 n = sscanf(p, "(%u,%u,%u,%u,%u,%u)", &v[0], &v[1], &v[2],
889 &v[3], &v[4], &v[5]);
890 if (n == 6 && v[0] < 256 && v[1] < 256 && v[2] < 256 &&
891 v[3] < 256 && v[4] < 256 && v[5] < 256)
892 return ((v[4] << 8) | v[5]);
893 break;
894 case CMD_EPSV:
895 n = sscanf(p, "(|||%u|)", &port);
896 if (n == 1 && port < 65536)
897 return (port);
898 break;
899 case CMD_EPRT:
900 n = sscanf(p, " |1|%u.%u.%u.%u|%u|", &v[0], &v[1], &v[2],
901 &v[3], &port);
902 if (n == 5 && v[0] < 256 && v[1] < 256 && v[2] < 256 &&
903 v[3] < 256 && port < 65536)
904 return (port);
905 n = sscanf(p, " |2|%*[a-fA-F0-9:]|%u|", &port);
906 if (n == 1 && port < 65536)
907 return (port);
908 break;
909 default:
910 return (0);
911 }
912
913 return (0);
914 }
915
916 u_int16_t
917 pick_proxy_port(void)
918 {
919 /* Random should be good enough for avoiding port collisions. */
920 return (IPPORT_HIFIRSTAUTO + (arc4random() %
921 (IPPORT_HILASTAUTO - IPPORT_HIFIRSTAUTO)));
922 }
923
924 void
925 proxy_reply(int cmd, struct sockaddr *sa, u_int16_t port)
926 {
927 int i, r;
928
929 switch (cmd) {
930 case CMD_PORT:
931 r = snprintf(linebuf, sizeof linebuf,
932 "PORT %s,%u,%u\r\n", sock_ntop(sa), port / 256,
933 port % 256);
934 break;
935 case CMD_PASV:
936 r = snprintf(linebuf, sizeof linebuf,
937 "227 Entering Passive Mode (%s,%u,%u)\r\n", sock_ntop(sa),
938 port / 256, port % 256);
939 break;
940 case CMD_EPRT:
941 if (sa->sa_family == AF_INET)
942 r = snprintf(linebuf, sizeof linebuf,
943 "EPRT |1|%s|%u|\r\n", sock_ntop(sa), port);
944 else if (sa->sa_family == AF_INET6)
945 r = snprintf(linebuf, sizeof linebuf,
946 "EPRT |2|%s|%u|\r\n", sock_ntop(sa), port);
947 break;
948 case CMD_EPSV:
949 r = snprintf(linebuf, sizeof linebuf,
950 "229 Entering Extended Passive Mode (|||%u|)\r\n", port);
951 break;
952 }
953
954 if (r < 0 || r >= sizeof linebuf) {
955 logmsg(LOG_ERR, "proxy_reply failed: %d", r);
956 linebuf[0] = '\0';
957 linelen = 0;
958 return;
959 }
960 linelen = (size_t)r;
961
962 if (cmd == CMD_PORT || cmd == CMD_PASV) {
963 /* Replace dots in IP address with commas. */
964 for (i = 0; i < linelen; i++)
965 if (linebuf[i] == '.')
966 linebuf[i] = ',';
967 }
968 }
969
970 int
971 server_parse(struct session *s)
972 {
973 if (s->cmd == CMD_NONE || linelen < 4 || linebuf[0] != '2')
974 goto out;
975
976 if ((s->cmd == CMD_PASV && strncmp("227 ", linebuf, 4) == 0) ||
977 (s->cmd == CMD_EPSV && strncmp("229 ", linebuf, 4) == 0))
978 return (allow_data_connection(s));
979
980 out:
981 s->cmd = CMD_NONE;
982 s->port = 0;
983
984 return (1);
985 }
986
987 int
988 allow_data_connection(struct session *s)
989 {
990 struct sockaddr *client_sa, *orig_sa, *proxy_sa, *server_sa;
991 int prepared = 0;
992
993 if (s->cmd == CMD_NONE || linelen < 4 || linebuf[0] != '2')
994 goto out;
995
996 /*
997 * The pf rules below do quite some NAT rewriting, to keep up
998 * appearances. Points to keep in mind:
999 * 1) The client must think it's talking to the real server,
1000 * for both control and data connections. Transparently.
1001 * 2) The server must think that the proxy is the client.
1002 * 3) Source and destination ports are rewritten to minimize
1003 * port collisions, to aid security (some systems pick weak
1004 * ports) or to satisfy RFC requirements (source port 20).
1005 */
1006
1007 /* Cast this once, to make code below it more readable. */
1008 client_sa = sstosa(&s->client_ss);
1009 server_sa = sstosa(&s->server_ss);
1010 proxy_sa = sstosa(&s->proxy_ss);
1011 if (fixed_server)
1012 /* Fixed server: data connections must appear to come
1013 from / go to the original server, not the fixed one. */
1014 orig_sa = sstosa(&s->orig_server_ss);
1015 else
1016 /* Server not fixed: orig_server == server. */
1017 orig_sa = sstosa(&s->server_ss);
1018
1019 /* Passive modes. */
1020 if (s->cmd == CMD_PASV || s->cmd == CMD_EPSV) {
1021 s->port = parse_port(s->cmd);
1022 if (s->port < MIN_PORT) {
1023 logmsg(LOG_CRIT, "#%d bad port in '%s'", s->id,
1024 linebuf);
1025 return (0);
1026 }
1027 s->proxy_port = pick_proxy_port();
1028 logmsg(LOG_INFO, "#%d passive: client to server port %d"
1029 " via port %d", s->id, s->port, s->proxy_port);
1030
1031 if (prepare_commit(s->id) == -1)
1032 goto fail;
1033 prepared = 1;
1034
1035 proxy_reply(s->cmd, orig_sa, s->proxy_port);
1036 logmsg(LOG_DEBUG, "#%d proxy: %s", s->id, linebuf);
1037
1038 /* rdr from $client to $orig_server port $proxy_port -> $server
1039 port $port */
1040 if (add_rdr(s->id, client_sa, orig_sa, s->proxy_port,
1041 server_sa, s->port) == -1)
1042 goto fail;
1043
1044 /* nat from $client to $server port $port -> $proxy */
1045 if (add_nat(s->id, client_sa, server_sa, s->port, proxy_sa,
1046 PF_NAT_PROXY_PORT_LOW, PF_NAT_PROXY_PORT_HIGH) == -1)
1047 goto fail;
1048
1049 /* pass in from $client to $server port $port */
1050 if (add_filter(s->id, PF_IN, client_sa, server_sa,
1051 s->port) == -1)
1052 goto fail;
1053
1054 /* pass out from $proxy to $server port $port */
1055 if (add_filter(s->id, PF_OUT, proxy_sa, server_sa,
1056 s->port) == -1)
1057 goto fail;
1058 }
1059
1060 /* Active modes. */
1061 if (s->cmd == CMD_PORT || s->cmd == CMD_EPRT) {
1062 logmsg(LOG_INFO, "#%d active: server to client port %d"
1063 " via port %d", s->id, s->port, s->proxy_port);
1064
1065 if (prepare_commit(s->id) == -1)
1066 goto fail;
1067 prepared = 1;
1068
1069 /* rdr from $server to $proxy port $proxy_port -> $client port
1070 $port */
1071 if (add_rdr(s->id, server_sa, proxy_sa, s->proxy_port,
1072 client_sa, s->port) == -1)
1073 goto fail;
1074
1075 /* nat from $server to $client port $port -> $orig_server port
1076 $natport */
1077 if (rfc_mode && s->cmd == CMD_PORT) {
1078 /* Rewrite sourceport to RFC mandated 20. */
1079 if (add_nat(s->id, server_sa, client_sa, s->port,
1080 orig_sa, 20, 20) == -1)
1081 goto fail;
1082 } else {
1083 /* Let pf pick a source port from the standard range. */
1084 if (add_nat(s->id, server_sa, client_sa, s->port,
1085 orig_sa, PF_NAT_PROXY_PORT_LOW,
1086 PF_NAT_PROXY_PORT_HIGH) == -1)
1087 goto fail;
1088 }
1089
1090 /* pass in from $server to $client port $port */
1091 if (add_filter(s->id, PF_IN, server_sa, client_sa, s->port) ==
1092 -1)
1093 goto fail;
1094
1095 /* pass out from $orig_server to $client port $port */
1096 if (add_filter(s->id, PF_OUT, orig_sa, client_sa, s->port) ==
1097 -1)
1098 goto fail;
1099 }
1100
1101 /* Commit rules if they were prepared. */
1102 if (prepared && (do_commit() == -1)) {
1103 if (errno != EBUSY)
1104 goto fail;
1105 /* One more try if busy. */
1106 usleep(5000);
1107 if (do_commit() == -1)
1108 goto fail;
1109 }
1110
1111 out:
1112 s->cmd = CMD_NONE;
1113 s->port = 0;
1114
1115 return (1);
1116
1117 fail:
1118 logmsg(LOG_CRIT, "#%d pf operation failed: %s", s->id, strerror(errno));
1119 if (prepared)
1120 do_rollback();
1121 return (0);
1122 }
1123
1124 void
1125 server_read(struct session *s)
1126 {
1127 size_t buf_avail, bread, bwritten;
1128 int n;
1129
1130 do {
1131 buf_avail = sizeof s->sbuf - s->sbuf_valid;
1132 bread = read(s->server_fd, s->sbuf + s->sbuf_valid, buf_avail);
1133 s->sbuf_valid += bread;
1134
1135 while ((n = get_line(s->sbuf, &s->sbuf_valid)) > 0) {
1136 logmsg(LOG_DEBUG, "#%d server: %s", s->id, linebuf);
1137 if (!server_parse(s)) {
1138 end_session(s);
1139 return;
1140 }
1141 bwritten = write(s->client_fd, linebuf, linelen);
1142 if (bwritten == -1) {
1143 logmsg(LOG_ERR, "#%d write failed", s->id);
1144 end_session(s);
1145 return;
1146 } else if (bwritten < linelen) {
1147 EV_SET(&changes[nchanges++], s->server_fd,
1148 EVFILT_READ, EV_DISABLE, 0, 0, s);
1149 EV_SET(&changes[nchanges++], s->client_fd,
1150 EVFILT_WRITE, EV_ADD, 0, 0, s);
1151 buffer_data(s, &s->client, linebuf + bwritten,
1152 linelen - bwritten);
1153 return;
1154 }
1155 }
1156
1157 if (n == -1) {
1158 logmsg(LOG_ERR, "#%d server reply too long or not"
1159 " clean", s->id);
1160 end_session(s);
1161 return;
1162 }
1163 } while (bread == buf_avail);
1164 }
1165
1166 void
1167 server_write(struct session *s)
1168 {
1169 size_t written;
1170
1171 written = write(s->server_fd, s->server.buffer + s->server.buffer_offset,
1172 s->server.buffer_size - s->server.buffer_offset);
1173 if (written == -1) {
1174 logmsg(LOG_ERR, "#%d write failed", s->id);
1175 end_session(s);
1176 } else if (written == (s->server.buffer_size - s->server.buffer_offset)) {
1177 free(s->server.buffer);
1178 s->server.buffer = NULL;
1179 s->server.buffer_size = 0;
1180 s->server.buffer_offset = 0;
1181 EV_SET(&changes[nchanges++], s->client_fd,
1182 EVFILT_READ, EV_ENABLE, 0, 0, s);
1183 } else {
1184 s->server.buffer_offset += written;
1185 }
1186 }
1187
1188 const char *
1189 sock_ntop(struct sockaddr *sa)
1190 {
1191 static int n = 0;
1192
1193 /* Cycle to next buffer. */
1194 n = (n + 1) % NTOP_BUFS;
1195 ntop_buf[n][0] = '\0';
1196
1197 if (sa->sa_family == AF_INET) {
1198 struct sockaddr_in *sin = (struct sockaddr_in *)sa;
1199
1200 return (inet_ntop(AF_INET, &sin->sin_addr, ntop_buf[n],
1201 sizeof ntop_buf[0]));
1202 }
1203
1204 if (sa->sa_family == AF_INET6) {
1205 struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)sa;
1206
1207 return (inet_ntop(AF_INET6, &sin6->sin6_addr, ntop_buf[n],
1208 sizeof ntop_buf[0]));
1209 }
1210
1211 return (NULL);
1212 }
1213
1214 void
1215 usage(void)
1216 {
1217 fprintf(stderr, "usage: %s [-6Adrv] [-a address] [-b address]"
1218 " [-D level] [-m maxsessions]\n [-P port]"
1219 " [-p port] [-q queue] [-R address] [-T tag] [-t timeout]\n", __progname);
1220 exit(1);
1221 }
DragonFly BSD