// SPDX-License-Identifier: GPL-2.0-only /* FTP extension for connection tracking. */ /* (C) 1999-2001 Paul `Rusty' Russell * (C) 2002-2004 Netfilter Core Team <[email protected]> * (C) 2003,2004 USAGI/WIDE Project <http://www.linux-ipv6.org> * (C) 2006-2012 Patrick McHardy <[email protected]> */ #define pr_fmt(fmt) … #include <linux/module.h> #include <linux/moduleparam.h> #include <linux/netfilter.h> #include <linux/ip.h> #include <linux/slab.h> #include <linux/ipv6.h> #include <linux/ctype.h> #include <linux/inet.h> #include <net/checksum.h> #include <net/tcp.h> #include <net/netfilter/nf_conntrack.h> #include <net/netfilter/nf_conntrack_expect.h> #include <net/netfilter/nf_conntrack_ecache.h> #include <net/netfilter/nf_conntrack_helper.h> #include <linux/netfilter/nf_conntrack_ftp.h> #define HELPER_NAME … MODULE_LICENSE(…) …; MODULE_AUTHOR(…) …; MODULE_DESCRIPTION(…) …; MODULE_ALIAS(…) …; MODULE_ALIAS_NFCT_HELPER(…); static DEFINE_SPINLOCK(nf_ftp_lock); #define MAX_PORTS … static u_int16_t ports[MAX_PORTS]; static unsigned int ports_c; module_param_array(…); static bool loose; module_param(loose, bool, 0600); unsigned int (*nf_nat_ftp_hook)(struct sk_buff *skb, enum ip_conntrack_info ctinfo, enum nf_ct_ftp_type type, unsigned int protoff, unsigned int matchoff, unsigned int matchlen, struct nf_conntrack_expect *exp); EXPORT_SYMBOL_GPL(…); static int try_rfc959(const char *, size_t, struct nf_conntrack_man *, char, unsigned int *); static int try_rfc1123(const char *, size_t, struct nf_conntrack_man *, char, unsigned int *); static int try_eprt(const char *, size_t, struct nf_conntrack_man *, char, unsigned int *); static int try_epsv_response(const char *, size_t, struct nf_conntrack_man *, char, unsigned int *); static struct ftp_search { … } search[IP_CT_DIR_MAX][2] = …; static int get_ipv6_addr(const char *src, size_t dlen, struct in6_addr *dst, u_int8_t term) { … } static int try_number(const char *data, size_t dlen, u_int32_t array[], int array_size, char sep, char term) { … } /* Returns 0, or length of numbers: 192,168,1,1,5,6 */ static int try_rfc959(const char *data, size_t dlen, struct nf_conntrack_man *cmd, char term, unsigned int *offset) { … } /* * From RFC 1123: * The format of the 227 reply to a PASV command is not * well standardized. In particular, an FTP client cannot * assume that the parentheses shown on page 40 of RFC-959 * will be present (and in fact, Figure 3 on page 43 omits * them). Therefore, a User-FTP program that interprets * the PASV reply must scan the reply for the first digit * of the host and port numbers. */ static int try_rfc1123(const char *data, size_t dlen, struct nf_conntrack_man *cmd, char term, unsigned int *offset) { … } /* Grab port: number up to delimiter */ static int get_port(const char *data, int start, size_t dlen, char delim, __be16 *port) { … } /* Returns 0, or length of numbers: |1|132.235.1.2|6275| or |2|3ffe::1|6275| */ static int try_eprt(const char *data, size_t dlen, struct nf_conntrack_man *cmd, char term, unsigned int *offset) { … } /* Returns 0, or length of numbers: |||6446| */ static int try_epsv_response(const char *data, size_t dlen, struct nf_conntrack_man *cmd, char term, unsigned int *offset) { … } /* Return 1 for match, 0 for accept, -1 for partial. */ static int find_pattern(const char *data, size_t dlen, const char *pattern, size_t plen, char skip, char term, unsigned int *numoff, unsigned int *numlen, struct nf_conntrack_man *cmd, int (*getnum)(const char *, size_t, struct nf_conntrack_man *, char, unsigned int *)) { … } /* Look up to see if we're just after a \n. */ static int find_nl_seq(u32 seq, const struct nf_ct_ftp_master *info, int dir) { … } /* We don't update if it's older than what we have. */ static void update_nl_seq(struct nf_conn *ct, u32 nl_seq, struct nf_ct_ftp_master *info, int dir, struct sk_buff *skb) { … } static int help(struct sk_buff *skb, unsigned int protoff, struct nf_conn *ct, enum ip_conntrack_info ctinfo) { … } static int nf_ct_ftp_from_nlattr(struct nlattr *attr, struct nf_conn *ct) { … } static struct nf_conntrack_helper ftp[MAX_PORTS * 2] __read_mostly; static const struct nf_conntrack_expect_policy ftp_exp_policy = …; static void __exit nf_conntrack_ftp_fini(void) { … } static int __init nf_conntrack_ftp_init(void) { … } module_init(…) …; module_exit(nf_conntrack_ftp_fini);
Codebase Browser
linux