Linux Kernel  3.7.1
 All Data Structures Namespaces Files Functions Variables Typedefs Enumerations Enumerator Macros Groups Pages
nf_conntrack_irc.c
Go to the documentation of this file.
1 /* IRC extension for IP connection tracking, Version 1.21
2  * (C) 2000-2002 by Harald Welte <[email protected]>
3  * based on RR's ip_conntrack_ftp.c
4  *
5  * This program is free software; you can redistribute it and/or
6  * modify it under the terms of the GNU General Public License
7  * as published by the Free Software Foundation; either version
8  * 2 of the License, or (at your option) any later version.
9  */
10 
11 #include <linux/module.h>
12 #include <linux/moduleparam.h>
13 #include <linux/skbuff.h>
14 #include <linux/in.h>
15 #include <linux/ip.h>
16 #include <linux/tcp.h>
17 #include <linux/netfilter.h>
18 #include <linux/slab.h>
19 
24 
25 #define MAX_PORTS 8
26 static unsigned short ports[MAX_PORTS];
27 static unsigned int ports_c;
28 static unsigned int max_dcc_channels = 8;
29 static unsigned int dcc_timeout __read_mostly = 300;
30 /* This is slow, but it's simple. --RR */
31 static char *irc_buffer;
32 static DEFINE_SPINLOCK(irc_buffer_lock);
33 
34 unsigned int (*nf_nat_irc_hook)(struct sk_buff *skb,
35  enum ip_conntrack_info ctinfo,
36  unsigned int protoff,
37  unsigned int matchoff,
38  unsigned int matchlen,
41 
42 MODULE_AUTHOR("Harald Welte <[email protected]>");
43 MODULE_DESCRIPTION("IRC (DCC) connection tracking helper");
44 MODULE_LICENSE("GPL");
45 MODULE_ALIAS("ip_conntrack_irc");
47 
48 module_param_array(ports, ushort, &ports_c, 0400);
49 MODULE_PARM_DESC(ports, "port numbers of IRC servers");
50 module_param(max_dcc_channels, uint, 0400);
51 MODULE_PARM_DESC(max_dcc_channels, "max number of expected DCC channels per "
52  "IRC session");
53 module_param(dcc_timeout, uint, 0400);
54 MODULE_PARM_DESC(dcc_timeout, "timeout on for unestablished DCC channels");
55 
56 static const char *const dccprotos[] = {
57  "SEND ", "CHAT ", "MOVE ", "TSEND ", "SCHAT "
58 };
59 
60 #define MINMATCHLEN 5
61 
62 /* tries to get the ip_addr and port out of a dcc command
63  * return value: -1 on failure, 0 on success
64  * data pointer to first byte of DCC command data
65  * data_end pointer to last byte of dcc command data
66  * ip returns parsed ip of dcc command
67  * port returns parsed port of dcc command
68  * ad_beg_p returns pointer to first byte of addr data
69  * ad_end_p returns pointer to last byte of addr data
70  */
71 static int parse_dcc(char *data, const char *data_end, __be32 *ip,
72  u_int16_t *port, char **ad_beg_p, char **ad_end_p)
73 {
74  char *tmp;
75 
76  /* at least 12: "AAAAAAAA P\1\n" */
77  while (*data++ != ' ')
78  if (data > data_end - 12)
79  return -1;
80 
81  /* Make sure we have a newline character within the packet boundaries
82  * because simple_strtoul parses until the first invalid character. */
83  for (tmp = data; tmp <= data_end; tmp++)
84  if (*tmp == '\n')
85  break;
86  if (tmp > data_end || *tmp != '\n')
87  return -1;
88 
89  *ad_beg_p = data;
90  *ip = cpu_to_be32(simple_strtoul(data, &data, 10));
91 
92  /* skip blanks between ip and port */
93  while (*data == ' ') {
94  if (data >= data_end)
95  return -1;
96  data++;
97  }
98 
99  *port = simple_strtoul(data, &data, 10);
100  *ad_end_p = data;
101 
102  return 0;
103 }
104 
105 static int help(struct sk_buff *skb, unsigned int protoff,
106  struct nf_conn *ct, enum ip_conntrack_info ctinfo)
107 {
108  unsigned int dataoff;
109  const struct iphdr *iph;
110  const struct tcphdr *th;
111  struct tcphdr _tcph;
112  const char *data_limit;
113  char *data, *ib_ptr;
114  int dir = CTINFO2DIR(ctinfo);
115  struct nf_conntrack_expect *exp;
116  struct nf_conntrack_tuple *tuple;
117  __be32 dcc_ip;
118  u_int16_t dcc_port;
119  __be16 port;
120  int i, ret = NF_ACCEPT;
121  char *addr_beg_p, *addr_end_p;
122  typeof(nf_nat_irc_hook) nf_nat_irc;
123 
124  /* If packet is coming from IRC server */
125  if (dir == IP_CT_DIR_REPLY)
127 
128  /* Until there's been traffic both ways, don't look in packets. */
129  if (ctinfo != IP_CT_ESTABLISHED && ctinfo != IP_CT_ESTABLISHED_REPLY)
130  return NF_ACCEPT;
131 
132  /* Not a full tcp header? */
133  th = skb_header_pointer(skb, protoff, sizeof(_tcph), &_tcph);
134  if (th == NULL)
135  return NF_ACCEPT;
136 
137  /* No data? */
138  dataoff = protoff + th->doff*4;
139  if (dataoff >= skb->len)
140  return NF_ACCEPT;
141 
142  spin_lock_bh(&irc_buffer_lock);
143  ib_ptr = skb_header_pointer(skb, dataoff, skb->len - dataoff,
144  irc_buffer);
145  BUG_ON(ib_ptr == NULL);
146 
147  data = ib_ptr;
148  data_limit = ib_ptr + skb->len - dataoff;
149 
150  /* strlen("\1DCC SENT t AAAAAAAA P\1\n")=24
151  * 5+MINMATCHLEN+strlen("t AAAAAAAA P\1\n")=14 */
152  while (data < data_limit - (19 + MINMATCHLEN)) {
153  if (memcmp(data, "\1DCC ", 5)) {
154  data++;
155  continue;
156  }
157  data += 5;
158  /* we have at least (19+MINMATCHLEN)-5 bytes valid data left */
159 
160  iph = ip_hdr(skb);
161  pr_debug("DCC found in master %pI4:%u %pI4:%u\n",
162  &iph->saddr, ntohs(th->source),
163  &iph->daddr, ntohs(th->dest));
164 
165  for (i = 0; i < ARRAY_SIZE(dccprotos); i++) {
166  if (memcmp(data, dccprotos[i], strlen(dccprotos[i]))) {
167  /* no match */
168  continue;
169  }
170  data += strlen(dccprotos[i]);
171  pr_debug("DCC %s detected\n", dccprotos[i]);
172 
173  /* we have at least
174  * (19+MINMATCHLEN)-5-dccprotos[i].matchlen bytes valid
175  * data left (== 14/13 bytes) */
176  if (parse_dcc(data, data_limit, &dcc_ip,
177  &dcc_port, &addr_beg_p, &addr_end_p)) {
178  pr_debug("unable to parse dcc command\n");
179  continue;
180  }
181 
182  pr_debug("DCC bound ip/port: %pI4:%u\n",
183  &dcc_ip, dcc_port);
184 
185  /* dcc_ip can be the internal OR external (NAT'ed) IP */
186  tuple = &ct->tuplehash[dir].tuple;
187  if (tuple->src.u3.ip != dcc_ip &&
188  tuple->dst.u3.ip != dcc_ip) {
189  net_warn_ratelimited("Forged DCC command from %pI4: %pI4:%u\n",
190  &tuple->src.u3.ip,
191  &dcc_ip, dcc_port);
192  continue;
193  }
194 
195  exp = nf_ct_expect_alloc(ct);
196  if (exp == NULL) {
197  ret = NF_DROP;
198  goto out;
199  }
200  tuple = &ct->tuplehash[!dir].tuple;
201  port = htons(dcc_port);
203  tuple->src.l3num,
204  NULL, &tuple->dst.u3,
205  IPPROTO_TCP, NULL, &port);
206 
207  nf_nat_irc = rcu_dereference(nf_nat_irc_hook);
208  if (nf_nat_irc && ct->status & IPS_NAT_MASK)
209  ret = nf_nat_irc(skb, ctinfo, protoff,
210  addr_beg_p - ib_ptr,
211  addr_end_p - addr_beg_p,
212  exp);
213  else if (nf_ct_expect_related(exp) != 0)
214  ret = NF_DROP;
215  nf_ct_expect_put(exp);
216  goto out;
217  }
218  }
219  out:
220  spin_unlock_bh(&irc_buffer_lock);
221  return ret;
222 }
223 
224 static struct nf_conntrack_helper irc[MAX_PORTS] __read_mostly;
225 static struct nf_conntrack_expect_policy irc_exp_policy;
226 
227 static void nf_conntrack_irc_fini(void);
228 
229 static int __init nf_conntrack_irc_init(void)
230 {
231  int i, ret;
232 
233  if (max_dcc_channels < 1) {
234  printk(KERN_ERR "nf_ct_irc: max_dcc_channels must not be zero\n");
235  return -EINVAL;
236  }
237 
238  irc_exp_policy.max_expected = max_dcc_channels;
239  irc_exp_policy.timeout = dcc_timeout;
240 
241  irc_buffer = kmalloc(65536, GFP_KERNEL);
242  if (!irc_buffer)
243  return -ENOMEM;
244 
245  /* If no port given, default to standard irc port */
246  if (ports_c == 0)
247  ports[ports_c++] = IRC_PORT;
248 
249  for (i = 0; i < ports_c; i++) {
250  irc[i].tuple.src.l3num = AF_INET;
251  irc[i].tuple.src.u.tcp.port = htons(ports[i]);
252  irc[i].tuple.dst.protonum = IPPROTO_TCP;
253  irc[i].expect_policy = &irc_exp_policy;
254  irc[i].me = THIS_MODULE;
255  irc[i].help = help;
256 
257  if (ports[i] == IRC_PORT)
258  sprintf(irc[i].name, "irc");
259  else
260  sprintf(irc[i].name, "irc-%u", i);
261 
262  ret = nf_conntrack_helper_register(&irc[i]);
263  if (ret) {
264  printk(KERN_ERR "nf_ct_irc: failed to register helper "
265  "for pf: %u port: %u\n",
266  irc[i].tuple.src.l3num, ports[i]);
267  nf_conntrack_irc_fini();
268  return ret;
269  }
270  }
271  return 0;
272 }
273 
274 /* This function is intentionally _NOT_ defined as __exit, because
275  * it is needed by the init function */
276 static void nf_conntrack_irc_fini(void)
277 {
278  int i;
279 
280  for (i = 0; i < ports_c; i++)
282  kfree(irc_buffer);
283 }
284 
285 module_init(nf_conntrack_irc_init);
286 module_exit(nf_conntrack_irc_fini);