]> bbs.cooldavid.org Git - net-next-2.6.git/blame - net/ipv4/netfilter/nf_nat_snmp_basic.c
git://bbs.cooldavid.org / net-next-2.6.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
[SK_BUFF]: Introduce ip_hdr(), remove skb->nh.iph
[net-next-2.6.git] / net / ipv4 / netfilter / nf_nat_snmp_basic.c
CommitLineData
807467c2
PM		 1/*
2 * nf_nat_snmp_basic.c
3 *
4 * Basic SNMP Application Layer Gateway
5 *
6 * This IP NAT module is intended for use with SNMP network
7 * discovery and monitoring applications where target networks use
8 * conflicting private address realms.
9 *
10 * Static NAT is used to remap the networks from the view of the network
11 * management system at the IP layer, and this module remaps some application
12 * layer addresses to match.
13 *
14 * The simplest form of ALG is performed, where only tagged IP addresses
15 * are modified. The module does not need to be MIB aware and only scans
16 * messages at the ASN.1/BER level.
17 *
18 * Currently, only SNMPv1 and SNMPv2 are supported.
19 *
20 * More information on ALG and associated issues can be found in
21 * RFC 2962
22 *
23 * The ASB.1/BER parsing code is derived from the gxsnmp package by Gregory
24 * McLean & Jochen Friedrich, stripped down for use in the kernel.
25 *
26 * Copyright (c) 2000 RP Internet (www.rpi.net.au).
27 *
28 * This program is free software; you can redistribute it and/or modify
29 * it under the terms of the GNU General Public License as published by
30 * the Free Software Foundation; either version 2 of the License, or
31 * (at your option) any later version.
32 * This program is distributed in the hope that it will be useful,
33 * but WITHOUT ANY WARRANTY; without even the implied warranty of
34 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
35 * GNU General Public License for more details.
36 * You should have received a copy of the GNU General Public License
37 * along with this program; if not, write to the Free Software
38 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
39 *
40 * Author: James Morris <jmorris@intercode.com.au>
41 *
42 * Updates:
43 * 2000-08-06: Convert to new helper API (Harald Welte).
44 *
45 */
46#include <linux/module.h>
47#include <linux/moduleparam.h>
48#include <linux/types.h>
49#include <linux/kernel.h>
50#include <linux/in.h>
51#include <linux/ip.h>
52#include <linux/udp.h>
53#include <net/checksum.h>
54#include <net/udp.h>
55
56#include <net/netfilter/nf_nat.h>
57#include <net/netfilter/nf_conntrack_helper.h>
58#include <net/netfilter/nf_nat_helper.h>
59
60MODULE_LICENSE("GPL");
61MODULE_AUTHOR("James Morris <jmorris@intercode.com.au>");
62MODULE_DESCRIPTION("Basic SNMP Application Layer Gateway");
63MODULE_ALIAS("ip_nat_snmp_basic");
64
65#define SNMP_PORT 161
66#define SNMP_TRAP_PORT 162
67#define NOCT1(n) (*(u8 *)n)
68
69static int debug;
70static DEFINE_SPINLOCK(snmp_lock);
71
72/*
73 * Application layer address mapping mimics the NAT mapping, but
74 * only for the first octet in this case (a more flexible system
75 * can be implemented if needed).
76 */
77struct oct1_map
78{
79 u_int8_t from;
80 u_int8_t to;
81};
82
83
84/*****************************************************************************
85 *
86 * Basic ASN.1 decoding routines (gxsnmp author Dirk Wisse)
87 *
88 *****************************************************************************/
89
90/* Class */
91#define ASN1_UNI 0 /* Universal */
92#define ASN1_APL 1 /* Application */
93#define ASN1_CTX 2 /* Context */
94#define ASN1_PRV 3 /* Private */
95
96/* Tag */
97#define ASN1_EOC 0 /* End Of Contents */
98#define ASN1_BOL 1 /* Boolean */
99#define ASN1_INT 2 /* Integer */
100#define ASN1_BTS 3 /* Bit String */
101#define ASN1_OTS 4 /* Octet String */
102#define ASN1_NUL 5 /* Null */
103#define ASN1_OJI 6 /* Object Identifier */
104#define ASN1_OJD 7 /* Object Description */
105#define ASN1_EXT 8 /* External */
106#define ASN1_SEQ 16 /* Sequence */
107#define ASN1_SET 17 /* Set */
108#define ASN1_NUMSTR 18 /* Numerical String */
109#define ASN1_PRNSTR 19 /* Printable String */
110#define ASN1_TEXSTR 20 /* Teletext String */
111#define ASN1_VIDSTR 21 /* Video String */
112#define ASN1_IA5STR 22 /* IA5 String */
113#define ASN1_UNITIM 23 /* Universal Time */
114#define ASN1_GENTIM 24 /* General Time */
115#define ASN1_GRASTR 25 /* Graphical String */
116#define ASN1_VISSTR 26 /* Visible String */
117#define ASN1_GENSTR 27 /* General String */
118
119/* Primitive / Constructed methods*/
120#define ASN1_PRI 0 /* Primitive */
121#define ASN1_CON 1 /* Constructed */
122
123/*
124 * Error codes.
125 */
126#define ASN1_ERR_NOERROR 0
127#define ASN1_ERR_DEC_EMPTY 2
128#define ASN1_ERR_DEC_EOC_MISMATCH 3
129#define ASN1_ERR_DEC_LENGTH_MISMATCH 4
130#define ASN1_ERR_DEC_BADVALUE 5
131
132/*
133 * ASN.1 context.
134 */
135struct asn1_ctx
136{
137 int error; /* Error condition */
138 unsigned char *pointer; /* Octet just to be decoded */
139 unsigned char *begin; /* First octet */
140 unsigned char *end; /* Octet after last octet */
141};
142
143/*
144 * Octet string (not null terminated)
145 */
146struct asn1_octstr
147{
148 unsigned char *data;
149 unsigned int len;
150};
151
152static void asn1_open(struct asn1_ctx *ctx,
e905a9ed
YH		 153 unsigned char *buf,
154 unsigned int len)
807467c2
PM		 155{
156 ctx->begin = buf;
157 ctx->end = buf + len;
158 ctx->pointer = buf;
159 ctx->error = ASN1_ERR_NOERROR;
160}
161
162static unsigned char asn1_octet_decode(struct asn1_ctx *ctx, unsigned char *ch)
163{
164 if (ctx->pointer >= ctx->end) {
165 ctx->error = ASN1_ERR_DEC_EMPTY;
166 return 0;
167 }
168 *ch = *(ctx->pointer)++;
169 return 1;
170}
171
172static unsigned char asn1_tag_decode(struct asn1_ctx *ctx, unsigned int *tag)
173{
174 unsigned char ch;
175
176 *tag = 0;
177
178 do
179 {
180 if (!asn1_octet_decode(ctx, &ch))
181 return 0;
182 *tag <<= 7;
183 *tag |= ch & 0x7F;
184 } while ((ch & 0x80) == 0x80);
185 return 1;
186}
187
188static unsigned char asn1_id_decode(struct asn1_ctx *ctx,
e905a9ed
YH		 189 unsigned int *cls,
190 unsigned int *con,
191 unsigned int *tag)
807467c2
PM		 192{
193 unsigned char ch;
194
195 if (!asn1_octet_decode(ctx, &ch))
196 return 0;
197
198 *cls = (ch & 0xC0) >> 6;
199 *con = (ch & 0x20) >> 5;
200 *tag = (ch & 0x1F);
201
202 if (*tag == 0x1F) {
203 if (!asn1_tag_decode(ctx, tag))
204 return 0;
205 }
206 return 1;
207}
208
209static unsigned char asn1_length_decode(struct asn1_ctx *ctx,
e905a9ed
YH		 210 unsigned int *def,
211 unsigned int *len)
807467c2
PM		 212{
213 unsigned char ch, cnt;
214
215 if (!asn1_octet_decode(ctx, &ch))
216 return 0;
217
218 if (ch == 0x80)
219 *def = 0;
220 else {
221 *def = 1;
222
223 if (ch < 0x80)
224 *len = ch;
225 else {
226 cnt = (unsigned char) (ch & 0x7F);
227 *len = 0;
228
229 while (cnt > 0) {
230 if (!asn1_octet_decode(ctx, &ch))
231 return 0;
232 *len <<= 8;
233 *len |= ch;
234 cnt--;
235 }
236 }
237 }
238 return 1;
239}
240
241static unsigned char asn1_header_decode(struct asn1_ctx *ctx,
e905a9ed
YH		 242 unsigned char **eoc,
243 unsigned int *cls,
244 unsigned int *con,
245 unsigned int *tag)
807467c2
PM		 246{
247 unsigned int def, len;
248
249 if (!asn1_id_decode(ctx, cls, con, tag))
250 return 0;
251
252 def = len = 0;
253 if (!asn1_length_decode(ctx, &def, &len))
254 return 0;
255
256 if (def)
257 *eoc = ctx->pointer + len;
258 else
259 *eoc = NULL;
260 return 1;
261}
262
263static unsigned char asn1_eoc_decode(struct asn1_ctx *ctx, unsigned char *eoc)
264{
265 unsigned char ch;
266
267 if (eoc == 0) {
268 if (!asn1_octet_decode(ctx, &ch))
269 return 0;
270
271 if (ch != 0x00) {
272 ctx->error = ASN1_ERR_DEC_EOC_MISMATCH;
273 return 0;
274 }
275
276 if (!asn1_octet_decode(ctx, &ch))
277 return 0;
278
279 if (ch != 0x00) {
280 ctx->error = ASN1_ERR_DEC_EOC_MISMATCH;
281 return 0;
282 }
283 return 1;
284 } else {
285 if (ctx->pointer != eoc) {
286 ctx->error = ASN1_ERR_DEC_LENGTH_MISMATCH;
287 return 0;
288 }
289 return 1;
290 }
291}
292
293static unsigned char asn1_null_decode(struct asn1_ctx *ctx, unsigned char *eoc)
294{
295 ctx->pointer = eoc;
296 return 1;
297}
298
299static unsigned char asn1_long_decode(struct asn1_ctx *ctx,
e905a9ed
YH		 300 unsigned char *eoc,
301 long *integer)
807467c2
PM		 302{
303 unsigned char ch;
304 unsigned int len;
305
306 if (!asn1_octet_decode(ctx, &ch))
307 return 0;
308
309 *integer = (signed char) ch;
310 len = 1;
311
312 while (ctx->pointer < eoc) {
313 if (++len > sizeof (long)) {
314 ctx->error = ASN1_ERR_DEC_BADVALUE;
315 return 0;
316 }
317
318 if (!asn1_octet_decode(ctx, &ch))
319 return 0;
320
321 *integer <<= 8;
322 *integer |= ch;
323 }
324 return 1;
325}
326
327static unsigned char asn1_uint_decode(struct asn1_ctx *ctx,
e905a9ed
YH		 328 unsigned char *eoc,
329 unsigned int *integer)
807467c2
PM		 330{
331 unsigned char ch;
332 unsigned int len;
333
334 if (!asn1_octet_decode(ctx, &ch))
335 return 0;
336
337 *integer = ch;
338 if (ch == 0) len = 0;
339 else len = 1;
340
341 while (ctx->pointer < eoc) {
342 if (++len > sizeof (unsigned int)) {
343 ctx->error = ASN1_ERR_DEC_BADVALUE;
344 return 0;
345 }
346
347 if (!asn1_octet_decode(ctx, &ch))
348 return 0;
349
350 *integer <<= 8;
351 *integer |= ch;
352 }
353 return 1;
354}
355
356static unsigned char asn1_ulong_decode(struct asn1_ctx *ctx,
e905a9ed
YH		 357 unsigned char *eoc,
358 unsigned long *integer)
807467c2
PM		 359{
360 unsigned char ch;
361 unsigned int len;
362
363 if (!asn1_octet_decode(ctx, &ch))
364 return 0;
365
366 *integer = ch;
367 if (ch == 0) len = 0;
368 else len = 1;
369
370 while (ctx->pointer < eoc) {
371 if (++len > sizeof (unsigned long)) {
372 ctx->error = ASN1_ERR_DEC_BADVALUE;
373 return 0;
374 }
375
376 if (!asn1_octet_decode(ctx, &ch))
377 return 0;
378
379 *integer <<= 8;
380 *integer |= ch;
381 }
382 return 1;
383}
384
385static unsigned char asn1_octets_decode(struct asn1_ctx *ctx,
e905a9ed
YH		 386 unsigned char *eoc,
387 unsigned char **octets,
388 unsigned int *len)
807467c2
PM		 389{
390 unsigned char *ptr;
391
392 *len = 0;
393
394 *octets = kmalloc(eoc - ctx->pointer, GFP_ATOMIC);
395 if (*octets == NULL) {
396 if (net_ratelimit())
397 printk("OOM in bsalg (%d)\n", __LINE__);
398 return 0;
399 }
400
401 ptr = *octets;
402 while (ctx->pointer < eoc) {
403 if (!asn1_octet_decode(ctx, (unsigned char *)ptr++)) {
404 kfree(*octets);
405 *octets = NULL;
406 return 0;
407 }
408 (*len)++;
409 }
410 return 1;
411}
412
413static unsigned char asn1_subid_decode(struct asn1_ctx *ctx,
e905a9ed 414 unsigned long *subid)
807467c2
PM		 415{
416 unsigned char ch;
417
418 *subid = 0;
419
420 do {
421 if (!asn1_octet_decode(ctx, &ch))
422 return 0;
423
424 *subid <<= 7;
425 *subid |= ch & 0x7F;
426 } while ((ch & 0x80) == 0x80);
427 return 1;
428}
429
430static unsigned char asn1_oid_decode(struct asn1_ctx *ctx,
e905a9ed
YH		 431 unsigned char *eoc,
432 unsigned long **oid,
433 unsigned int *len)
807467c2
PM		 434{
435 unsigned long subid;
436 unsigned int size;
437 unsigned long *optr;
438
439 size = eoc - ctx->pointer + 1;
440 *oid = kmalloc(size * sizeof(unsigned long), GFP_ATOMIC);
441 if (*oid == NULL) {
442 if (net_ratelimit())
443 printk("OOM in bsalg (%d)\n", __LINE__);
444 return 0;
445 }
446
447 optr = *oid;
448
449 if (!asn1_subid_decode(ctx, &subid)) {
450 kfree(*oid);
451 *oid = NULL;
452 return 0;
453 }
454
455 if (subid < 40) {
456 optr [0] = 0;
457 optr [1] = subid;
458 } else if (subid < 80) {
459 optr [0] = 1;
460 optr [1] = subid - 40;
461 } else {
462 optr [0] = 2;
463 optr [1] = subid - 80;
464 }
465
466 *len = 2;
467 optr += 2;
468
469 while (ctx->pointer < eoc) {
470 if (++(*len) > size) {
471 ctx->error = ASN1_ERR_DEC_BADVALUE;
472 kfree(*oid);
473 *oid = NULL;
474 return 0;
475 }
476
477 if (!asn1_subid_decode(ctx, optr++)) {
478 kfree(*oid);
479 *oid = NULL;
480 return 0;
481 }
482 }
483 return 1;
484}
485
486/*****************************************************************************
487 *
488 * SNMP decoding routines (gxsnmp author Dirk Wisse)
489 *
490 *****************************************************************************/
491
492/* SNMP Versions */
493#define SNMP_V1 0
494#define SNMP_V2C 1
495#define SNMP_V2 2
496#define SNMP_V3 3
497
498/* Default Sizes */
499#define SNMP_SIZE_COMM 256
500#define SNMP_SIZE_OBJECTID 128
501#define SNMP_SIZE_BUFCHR 256
502#define SNMP_SIZE_BUFINT 128
503#define SNMP_SIZE_SMALLOBJECTID 16
504
505/* Requests */
506#define SNMP_PDU_GET 0
507#define SNMP_PDU_NEXT 1
508#define SNMP_PDU_RESPONSE 2
509#define SNMP_PDU_SET 3
510#define SNMP_PDU_TRAP1 4
511#define SNMP_PDU_BULK 5
512#define SNMP_PDU_INFORM 6
513#define SNMP_PDU_TRAP2 7
514
515/* Errors */
516#define SNMP_NOERROR 0
517#define SNMP_TOOBIG 1
518#define SNMP_NOSUCHNAME 2
519#define SNMP_BADVALUE 3
520#define SNMP_READONLY 4
521#define SNMP_GENERROR 5
522#define SNMP_NOACCESS 6
523#define SNMP_WRONGTYPE 7
524#define SNMP_WRONGLENGTH 8
525#define SNMP_WRONGENCODING 9
526#define SNMP_WRONGVALUE 10
527#define SNMP_NOCREATION 11
528#define SNMP_INCONSISTENTVALUE 12
529#define SNMP_RESOURCEUNAVAILABLE 13
530#define SNMP_COMMITFAILED 14
531#define SNMP_UNDOFAILED 15
532#define SNMP_AUTHORIZATIONERROR 16
533#define SNMP_NOTWRITABLE 17
534#define SNMP_INCONSISTENTNAME 18
535
536/* General SNMP V1 Traps */
537#define SNMP_TRAP_COLDSTART 0
538#define SNMP_TRAP_WARMSTART 1
539#define SNMP_TRAP_LINKDOWN 2
540#define SNMP_TRAP_LINKUP 3
541#define SNMP_TRAP_AUTFAILURE 4
542#define SNMP_TRAP_EQPNEIGHBORLOSS 5
543#define SNMP_TRAP_ENTSPECIFIC 6
544
545/* SNMPv1 Types */
546#define SNMP_NULL 0
547#define SNMP_INTEGER 1 /* l */
548#define SNMP_OCTETSTR 2 /* c */
549#define SNMP_DISPLAYSTR 2 /* c */
550#define SNMP_OBJECTID 3 /* ul */
551#define SNMP_IPADDR 4 /* uc */
552#define SNMP_COUNTER 5 /* ul */
553#define SNMP_GAUGE 6 /* ul */
554#define SNMP_TIMETICKS 7 /* ul */
555#define SNMP_OPAQUE 8 /* c */
556
557/* Additional SNMPv2 Types */
558#define SNMP_UINTEGER 5 /* ul */
559#define SNMP_BITSTR 9 /* uc */
560#define SNMP_NSAP 10 /* uc */
561#define SNMP_COUNTER64 11 /* ul */
562#define SNMP_NOSUCHOBJECT 12
563#define SNMP_NOSUCHINSTANCE 13
564#define SNMP_ENDOFMIBVIEW 14
565
566union snmp_syntax
567{
568 unsigned char uc[0]; /* 8 bit unsigned */
569 char c[0]; /* 8 bit signed */
570 unsigned long ul[0]; /* 32 bit unsigned */
571 long l[0]; /* 32 bit signed */
572};
573
574struct snmp_object
575{
576 unsigned long *id;
577 unsigned int id_len;
578 unsigned short type;
579 unsigned int syntax_len;
580 union snmp_syntax syntax;
581};
582
583struct snmp_request
584{
585 unsigned long id;
586 unsigned int error_status;
587 unsigned int error_index;
588};
589
590struct snmp_v1_trap
591{
592 unsigned long *id;
593 unsigned int id_len;
594 unsigned long ip_address; /* pointer */
595 unsigned int general;
596 unsigned int specific;
597 unsigned long time;
598};
599
600/* SNMP types */
601#define SNMP_IPA 0
602#define SNMP_CNT 1
603#define SNMP_GGE 2
604#define SNMP_TIT 3
605#define SNMP_OPQ 4
606#define SNMP_C64 6
607
608/* SNMP errors */
609#define SERR_NSO 0
610#define SERR_NSI 1
611#define SERR_EOM 2
612
613static inline void mangle_address(unsigned char *begin,
e905a9ed
YH		 614 unsigned char *addr,
615 const struct oct1_map *map,
616 __sum16 *check);
807467c2
PM		 617struct snmp_cnv
618{
619 unsigned int class;
620 unsigned int tag;
621 int syntax;
622};
623
624static struct snmp_cnv snmp_conv [] =
625{
626 {ASN1_UNI, ASN1_NUL, SNMP_NULL},
627 {ASN1_UNI, ASN1_INT, SNMP_INTEGER},
628 {ASN1_UNI, ASN1_OTS, SNMP_OCTETSTR},
629 {ASN1_UNI, ASN1_OTS, SNMP_DISPLAYSTR},
630 {ASN1_UNI, ASN1_OJI, SNMP_OBJECTID},
631 {ASN1_APL, SNMP_IPA, SNMP_IPADDR},
632 {ASN1_APL, SNMP_CNT, SNMP_COUNTER}, /* Counter32 */
633 {ASN1_APL, SNMP_GGE, SNMP_GAUGE}, /* Gauge32 == Unsigned32 */
634 {ASN1_APL, SNMP_TIT, SNMP_TIMETICKS},
635 {ASN1_APL, SNMP_OPQ, SNMP_OPAQUE},
636
637 /* SNMPv2 data types and errors */
638 {ASN1_UNI, ASN1_BTS, SNMP_BITSTR},
639 {ASN1_APL, SNMP_C64, SNMP_COUNTER64},
640 {ASN1_CTX, SERR_NSO, SNMP_NOSUCHOBJECT},
641 {ASN1_CTX, SERR_NSI, SNMP_NOSUCHINSTANCE},
642 {ASN1_CTX, SERR_EOM, SNMP_ENDOFMIBVIEW},
643 {0, 0, -1}
644};
645
646static unsigned char snmp_tag_cls2syntax(unsigned int tag,
e905a9ed
YH		 647 unsigned int cls,
648 unsigned short *syntax)
807467c2
PM		 649{
650 struct snmp_cnv *cnv;
651
652 cnv = snmp_conv;
653
654 while (cnv->syntax != -1) {
655 if (cnv->tag == tag && cnv->class == cls) {
656 *syntax = cnv->syntax;
657 return 1;
658 }
659 cnv++;
660 }
661 return 0;
662}
663
664static unsigned char snmp_object_decode(struct asn1_ctx *ctx,
e905a9ed 665 struct snmp_object **obj)
807467c2
PM		 666{
667 unsigned int cls, con, tag, len, idlen;
668 unsigned short type;
669 unsigned char *eoc, *end, *p;
670 unsigned long *lp, *id;
671 unsigned long ul;
672 long l;
673
674 *obj = NULL;
675 id = NULL;
676
677 if (!asn1_header_decode(ctx, &eoc, &cls, &con, &tag))
678 return 0;
679
680 if (cls != ASN1_UNI || con != ASN1_CON || tag != ASN1_SEQ)
681 return 0;
682
683 if (!asn1_header_decode(ctx, &end, &cls, &con, &tag))
684 return 0;
685
686 if (cls != ASN1_UNI || con != ASN1_PRI || tag != ASN1_OJI)
687 return 0;
688
689 if (!asn1_oid_decode(ctx, end, &id, &idlen))
690 return 0;
691
692 if (!asn1_header_decode(ctx, &end, &cls, &con, &tag)) {
693 kfree(id);
694 return 0;
695 }
696
697 if (con != ASN1_PRI) {
698 kfree(id);
699 return 0;
700 }
701
702 type = 0;
703 if (!snmp_tag_cls2syntax(tag, cls, &type)) {
704 kfree(id);
705 return 0;
706 }
707
708 l = 0;
709 switch (type) {
710 case SNMP_INTEGER:
711 len = sizeof(long);
712 if (!asn1_long_decode(ctx, end, &l)) {
713 kfree(id);
714 return 0;
715 }
716 *obj = kmalloc(sizeof(struct snmp_object) + len,
e905a9ed 717 GFP_ATOMIC);
807467c2
PM		 718 if (*obj == NULL) {
719 kfree(id);
720 if (net_ratelimit())
721 printk("OOM in bsalg (%d)\n", __LINE__);
722 return 0;
723 }
724 (*obj)->syntax.l[0] = l;
725 break;
726 case SNMP_OCTETSTR:
727 case SNMP_OPAQUE:
728 if (!asn1_octets_decode(ctx, end, &p, &len)) {
729 kfree(id);
730 return 0;
731 }
732 *obj = kmalloc(sizeof(struct snmp_object) + len,
e905a9ed 733 GFP_ATOMIC);
807467c2
PM		 734 if (*obj == NULL) {
735 kfree(id);
736 if (net_ratelimit())
737 printk("OOM in bsalg (%d)\n", __LINE__);
738 return 0;
739 }
740 memcpy((*obj)->syntax.c, p, len);
741 kfree(p);
742 break;
743 case SNMP_NULL:
744 case SNMP_NOSUCHOBJECT:
745 case SNMP_NOSUCHINSTANCE:
746 case SNMP_ENDOFMIBVIEW:
747 len = 0;
748 *obj = kmalloc(sizeof(struct snmp_object), GFP_ATOMIC);
749 if (*obj == NULL) {
750 kfree(id);
751 if (net_ratelimit())
752 printk("OOM in bsalg (%d)\n", __LINE__);
753 return 0;
754 }
755 if (!asn1_null_decode(ctx, end)) {
756 kfree(id);
757 kfree(*obj);
758 *obj = NULL;
759 return 0;
760 }
761 break;
762 case SNMP_OBJECTID:
763 if (!asn1_oid_decode(ctx, end, (unsigned long **)&lp, &len)) {
764 kfree(id);
765 return 0;
766 }
767 len *= sizeof(unsigned long);
768 *obj = kmalloc(sizeof(struct snmp_object) + len, GFP_ATOMIC);
769 if (*obj == NULL) {
770 kfree(lp);
771 kfree(id);
772 if (net_ratelimit())
773 printk("OOM in bsalg (%d)\n", __LINE__);
774 return 0;
775 }
776 memcpy((*obj)->syntax.ul, lp, len);
777 kfree(lp);
778 break;
779 case SNMP_IPADDR:
780 if (!asn1_octets_decode(ctx, end, &p, &len)) {
781 kfree(id);
782 return 0;
783 }
784 if (len != 4) {
785 kfree(p);
786 kfree(id);
787 return 0;
788 }
789 *obj = kmalloc(sizeof(struct snmp_object) + len, GFP_ATOMIC);
790 if (*obj == NULL) {
791 kfree(p);
792 kfree(id);
793 if (net_ratelimit())
794 printk("OOM in bsalg (%d)\n", __LINE__);
795 return 0;
796 }
797 memcpy((*obj)->syntax.uc, p, len);
798 kfree(p);
799 break;
800 case SNMP_COUNTER:
801 case SNMP_GAUGE:
802 case SNMP_TIMETICKS:
803 len = sizeof(unsigned long);
804 if (!asn1_ulong_decode(ctx, end, &ul)) {
805 kfree(id);
806 return 0;
807 }
808 *obj = kmalloc(sizeof(struct snmp_object) + len, GFP_ATOMIC);
809 if (*obj == NULL) {
810 kfree(id);
811 if (net_ratelimit())
812 printk("OOM in bsalg (%d)\n", __LINE__);
813 return 0;
814 }
815 (*obj)->syntax.ul[0] = ul;
816 break;
817 default:
818 kfree(id);
819 return 0;
820 }
821
822 (*obj)->syntax_len = len;
823 (*obj)->type = type;
824 (*obj)->id = id;
825 (*obj)->id_len = idlen;
826
827 if (!asn1_eoc_decode(ctx, eoc)) {
828 kfree(id);
829 kfree(*obj);
830 *obj = NULL;
831 return 0;
832 }
833 return 1;
834}
835
836static unsigned char snmp_request_decode(struct asn1_ctx *ctx,
e905a9ed 837 struct snmp_request *request)
807467c2
PM		 838{
839 unsigned int cls, con, tag;
840 unsigned char *end;
841
842 if (!asn1_header_decode(ctx, &end, &cls, &con, &tag))
843 return 0;
844
845 if (cls != ASN1_UNI || con != ASN1_PRI || tag != ASN1_INT)
846 return 0;
847
848 if (!asn1_ulong_decode(ctx, end, &request->id))
849 return 0;
850
851 if (!asn1_header_decode(ctx, &end, &cls, &con, &tag))
852 return 0;
853
854 if (cls != ASN1_UNI || con != ASN1_PRI || tag != ASN1_INT)
855 return 0;
856
857 if (!asn1_uint_decode(ctx, end, &request->error_status))
858 return 0;
859
860 if (!asn1_header_decode(ctx, &end, &cls, &con, &tag))
861 return 0;
862
863 if (cls != ASN1_UNI || con != ASN1_PRI || tag != ASN1_INT)
864 return 0;
865
866 if (!asn1_uint_decode(ctx, end, &request->error_index))
867 return 0;
868
869 return 1;
870}
871
872/*
873 * Fast checksum update for possibly oddly-aligned UDP byte, from the
874 * code example in the draft.
875 */
876static void fast_csum(__sum16 *csum,
e905a9ed
YH		 877 const unsigned char *optr,
878 const unsigned char *nptr,
879 int offset)
807467c2
PM		 880{
881 unsigned char s[4];
882
883 if (offset & 1) {
884 s[0] = s[2] = 0;
885 s[1] = ~*optr;
886 s[3] = *nptr;
887 } else {
888 s[1] = s[3] = 0;
889 s[0] = ~*optr;
890 s[2] = *nptr;
891 }
892
893 *csum = csum_fold(csum_partial(s, 4, ~csum_unfold(*csum)));
894}
895
896/*
897 * Mangle IP address.
898 * - begin points to the start of the snmp messgae
899 * - addr points to the start of the address
900 */
901static inline void mangle_address(unsigned char *begin,
e905a9ed
YH		 902 unsigned char *addr,
903 const struct oct1_map *map,
904 __sum16 *check)
807467c2
PM		 905{
906 if (map->from == NOCT1(addr)) {
907 u_int32_t old;
908
909 if (debug)
910 memcpy(&old, (unsigned char *)addr, sizeof(old));
911
912 *addr = map->to;
913
914 /* Update UDP checksum if being used */
915 if (*check) {
916 fast_csum(check,
e905a9ed 917 &map->from, &map->to, addr - begin);
807467c2
PM		 918
919 }
920
921 if (debug)
922 printk(KERN_DEBUG "bsalg: mapped %u.%u.%u.%u to "
923 "%u.%u.%u.%u\n", NIPQUAD(old), NIPQUAD(*addr));
924 }
925}
926
927static unsigned char snmp_trap_decode(struct asn1_ctx *ctx,
e905a9ed
YH		 928 struct snmp_v1_trap *trap,
929 const struct oct1_map *map,
930 __sum16 *check)
807467c2
PM		 931{
932 unsigned int cls, con, tag, len;
933 unsigned char *end;
934
935 if (!asn1_header_decode(ctx, &end, &cls, &con, &tag))
936 return 0;
937
938 if (cls != ASN1_UNI || con != ASN1_PRI || tag != ASN1_OJI)
939 return 0;
940
941 if (!asn1_oid_decode(ctx, end, &trap->id, &trap->id_len))
942 return 0;
943
944 if (!asn1_header_decode(ctx, &end, &cls, &con, &tag))
945 goto err_id_free;
946
947 if (!((cls == ASN1_APL && con == ASN1_PRI && tag == SNMP_IPA) ||
948 (cls == ASN1_UNI && con == ASN1_PRI && tag == ASN1_OTS)))
949 goto err_id_free;
950
951 if (!asn1_octets_decode(ctx, end, (unsigned char **)&trap->ip_address, &len))
952 goto err_id_free;
953
954 /* IPv4 only */
955 if (len != 4)
956 goto err_addr_free;
957
958 mangle_address(ctx->begin, ctx->pointer - 4, map, check);
959
960 if (!asn1_header_decode(ctx, &end, &cls, &con, &tag))
961 goto err_addr_free;
962
963 if (cls != ASN1_UNI || con != ASN1_PRI || tag != ASN1_INT)
964 goto err_addr_free;
965
966 if (!asn1_uint_decode(ctx, end, &trap->general))
967 goto err_addr_free;
968
969 if (!asn1_header_decode(ctx, &end, &cls, &con, &tag))
970 goto err_addr_free;
971
972 if (cls != ASN1_UNI || con != ASN1_PRI || tag != ASN1_INT)
973 goto err_addr_free;
974
975 if (!asn1_uint_decode(ctx, end, &trap->specific))
976 goto err_addr_free;
977
978 if (!asn1_header_decode(ctx, &end, &cls, &con, &tag))
979 goto err_addr_free;
980
981 if (!((cls == ASN1_APL && con == ASN1_PRI && tag == SNMP_TIT) ||
982 (cls == ASN1_UNI && con == ASN1_PRI && tag == ASN1_INT)))
983 goto err_addr_free;
984
985 if (!asn1_ulong_decode(ctx, end, &trap->time))
986 goto err_addr_free;
987
988 return 1;
989
990err_addr_free:
991 kfree((unsigned long *)trap->ip_address);
992
993err_id_free:
994 kfree(trap->id);
995
996 return 0;
997}
998
999/*****************************************************************************
1000 *
1001 * Misc. routines
1002 *
1003 *****************************************************************************/
1004
1005static void hex_dump(unsigned char *buf, size_t len)
1006{
1007 size_t i;
1008
1009 for (i = 0; i < len; i++) {
1010 if (i && !(i % 16))
1011 printk("\n");
1012 printk("%02x ", *(buf + i));
1013 }
1014 printk("\n");
1015}
1016
1017/*
1018 * Parse and mangle SNMP message according to mapping.
1019 * (And this is the fucking 'basic' method).
1020 */
1021static int snmp_parse_mangle(unsigned char *msg,
e905a9ed
YH		 1022 u_int16_t len,
1023 const struct oct1_map *map,
1024 __sum16 *check)
807467c2
PM		 1025{
1026 unsigned char *eoc, *end;
1027 unsigned int cls, con, tag, vers, pdutype;
1028 struct asn1_ctx ctx;
1029 struct asn1_octstr comm;
1030 struct snmp_object **obj;
1031
1032 if (debug > 1)
1033 hex_dump(msg, len);
1034
1035 asn1_open(&ctx, msg, len);
1036
1037 /*
1038 * Start of SNMP message.
1039 */
1040 if (!asn1_header_decode(&ctx, &eoc, &cls, &con, &tag))
1041 return 0;
1042 if (cls != ASN1_UNI || con != ASN1_CON || tag != ASN1_SEQ)
1043 return 0;
1044
1045 /*
1046 * Version 1 or 2 handled.
1047 */
1048 if (!asn1_header_decode(&ctx, &end, &cls, &con, &tag))
1049 return 0;
1050 if (cls != ASN1_UNI || con != ASN1_PRI || tag != ASN1_INT)
1051 return 0;
1052 if (!asn1_uint_decode (&ctx, end, &vers))
1053 return 0;
1054 if (debug > 1)
1055 printk(KERN_DEBUG "bsalg: snmp version: %u\n", vers + 1);
1056 if (vers > 1)
1057 return 1;
1058
1059 /*
1060 * Community.
1061 */
1062 if (!asn1_header_decode (&ctx, &end, &cls, &con, &tag))
1063 return 0;
1064 if (cls != ASN1_UNI || con != ASN1_PRI || tag != ASN1_OTS)
1065 return 0;
1066 if (!asn1_octets_decode(&ctx, end, &comm.data, &comm.len))
1067 return 0;
1068 if (debug > 1) {
1069 unsigned int i;
1070
1071 printk(KERN_DEBUG "bsalg: community: ");
1072 for (i = 0; i < comm.len; i++)
1073 printk("%c", comm.data[i]);
1074 printk("\n");
1075 }
1076 kfree(comm.data);
1077
1078 /*
1079 * PDU type
1080 */
1081 if (!asn1_header_decode(&ctx, &eoc, &cls, &con, &pdutype))
1082 return 0;
1083 if (cls != ASN1_CTX || con != ASN1_CON)
1084 return 0;
1085 if (debug > 1) {
1086 unsigned char *pdus[] = {
1087 [SNMP_PDU_GET] = "get",
1088 [SNMP_PDU_NEXT] = "get-next",
1089 [SNMP_PDU_RESPONSE] = "response",
1090 [SNMP_PDU_SET] = "set",
1091 [SNMP_PDU_TRAP1] = "trapv1",
1092 [SNMP_PDU_BULK] = "bulk",
1093 [SNMP_PDU_INFORM] = "inform",
1094 [SNMP_PDU_TRAP2] = "trapv2"
1095 };
1096
1097 if (pdutype > SNMP_PDU_TRAP2)
1098 printk(KERN_DEBUG "bsalg: bad pdu type %u\n", pdutype);
1099 else
1100 printk(KERN_DEBUG "bsalg: pdu: %s\n", pdus[pdutype]);
1101 }
1102 if (pdutype != SNMP_PDU_RESPONSE &&
1103 pdutype != SNMP_PDU_TRAP1 && pdutype != SNMP_PDU_TRAP2)
1104 return 1;
1105
1106 /*
1107 * Request header or v1 trap
1108 */
1109 if (pdutype == SNMP_PDU_TRAP1) {
1110 struct snmp_v1_trap trap;
1111 unsigned char ret = snmp_trap_decode(&ctx, &trap, map, check);
1112
1113 if (ret) {
1114 kfree(trap.id);
1115 kfree((unsigned long *)trap.ip_address);
1116 } else
1117 return ret;
1118
1119 } else {
1120 struct snmp_request req;
1121
1122 if (!snmp_request_decode(&ctx, &req))
1123 return 0;
1124
1125 if (debug > 1)
1126 printk(KERN_DEBUG "bsalg: request: id=0x%lx error_status=%u "
1127 "error_index=%u\n", req.id, req.error_status,
1128 req.error_index);
1129 }
1130
1131 /*
1132 * Loop through objects, look for IP addresses to mangle.
1133 */
1134 if (!asn1_header_decode(&ctx, &eoc, &cls, &con, &tag))
1135 return 0;
1136
1137 if (cls != ASN1_UNI || con != ASN1_CON || tag != ASN1_SEQ)
1138 return 0;
1139
1140 obj = kmalloc(sizeof(struct snmp_object), GFP_ATOMIC);
1141 if (obj == NULL) {
1142 if (net_ratelimit())
1143 printk(KERN_WARNING "OOM in bsalg(%d)\n", __LINE__);
1144 return 0;
1145 }
1146
1147 while (!asn1_eoc_decode(&ctx, eoc)) {
1148 unsigned int i;
1149
1150 if (!snmp_object_decode(&ctx, obj)) {
1151 if (*obj) {
1152 kfree((*obj)->id);
1153 kfree(*obj);
1154 }
1155 kfree(obj);
1156 return 0;
1157 }
1158
1159 if (debug > 1) {
1160 printk(KERN_DEBUG "bsalg: object: ");
1161 for (i = 0; i < (*obj)->id_len; i++) {
1162 if (i > 0)
1163 printk(".");
1164 printk("%lu", (*obj)->id[i]);
1165 }
1166 printk(": type=%u\n", (*obj)->type);
1167
1168 }
1169
1170 if ((*obj)->type == SNMP_IPADDR)
1171 mangle_address(ctx.begin, ctx.pointer - 4 , map, check);
1172
1173 kfree((*obj)->id);
1174 kfree(*obj);
1175 }
1176 kfree(obj);
1177
1178 if (!asn1_eoc_decode(&ctx, eoc))
1179 return 0;
1180
1181 return 1;
1182}
1183
1184/*****************************************************************************
1185 *
1186 * NAT routines.
1187 *
1188 *****************************************************************************/
1189
1190/*
1191 * SNMP translation routine.
1192 */
1193static int snmp_translate(struct nf_conn *ct,
e905a9ed
YH		 1194 enum ip_conntrack_info ctinfo,
1195 struct sk_buff **pskb)
807467c2 1196{
eddc9ec5 1197 struct iphdr *iph = ip_hdr(*pskb);
807467c2
PM		 1198 struct udphdr *udph = (struct udphdr *)((__be32 *)iph + iph->ihl);
1199 u_int16_t udplen = ntohs(udph->len);
1200 u_int16_t paylen = udplen - sizeof(struct udphdr);
1201 int dir = CTINFO2DIR(ctinfo);
1202 struct oct1_map map;
1203
1204 /*
1205 * Determine mappping for application layer addresses based
1206 * on NAT manipulations for the packet.
1207 */
1208 if (dir == IP_CT_DIR_ORIGINAL) {
1209 /* SNAT traps */
1210 map.from = NOCT1(&ct->tuplehash[dir].tuple.src.u3.ip);
1211 map.to = NOCT1(&ct->tuplehash[!dir].tuple.dst.u3.ip);
1212 } else {
1213 /* DNAT replies */
1214 map.from = NOCT1(&ct->tuplehash[dir].tuple.src.u3.ip);
1215 map.to = NOCT1(&ct->tuplehash[!dir].tuple.dst.u3.ip);
1216 }
1217
1218 if (map.from == map.to)
1219 return NF_ACCEPT;
1220
1221 if (!snmp_parse_mangle((unsigned char *)udph + sizeof(struct udphdr),
e905a9ed 1222 paylen, &map, &udph->check)) {
807467c2
PM		 1223 if (net_ratelimit())
1224 printk(KERN_WARNING "bsalg: parser failed\n");
1225 return NF_DROP;
1226 }
1227 return NF_ACCEPT;
1228}
1229
1230/* We don't actually set up expectations, just adjust internal IP
1231 * addresses if this is being NATted */
1232static int help(struct sk_buff **pskb, unsigned int protoff,
1233 struct nf_conn *ct,
1234 enum ip_conntrack_info ctinfo)
1235{
1236 int dir = CTINFO2DIR(ctinfo);
1237 unsigned int ret;
eddc9ec5 1238 struct iphdr *iph = ip_hdr(*pskb);
807467c2
PM		 1239 struct udphdr *udph = (struct udphdr *)((u_int32_t *)iph + iph->ihl);
1240
1241 /* SNMP replies and originating SNMP traps get mangled */
1242 if (udph->source == htons(SNMP_PORT) && dir != IP_CT_DIR_REPLY)
1243 return NF_ACCEPT;
1244 if (udph->dest == htons(SNMP_TRAP_PORT) && dir != IP_CT_DIR_ORIGINAL)
1245 return NF_ACCEPT;
1246
1247 /* No NAT? */
1248 if (!(ct->status & IPS_NAT_MASK))
1249 return NF_ACCEPT;
1250
1251 /*
1252 * Make sure the packet length is ok. So far, we were only guaranteed
1253 * to have a valid length IP header plus 8 bytes, which means we have
1254 * enough room for a UDP header. Just verify the UDP length field so we
1255 * can mess around with the payload.
1256 */
1257 if (ntohs(udph->len) != (*pskb)->len - (iph->ihl << 2)) {
1258 if (net_ratelimit())
1259 printk(KERN_WARNING "SNMP: dropping malformed packet "
1260 "src=%u.%u.%u.%u dst=%u.%u.%u.%u\n",
1261 NIPQUAD(iph->saddr), NIPQUAD(iph->daddr));
1262 return NF_DROP;
1263 }
1264
1265 if (!skb_make_writable(pskb, (*pskb)->len))
1266 return NF_DROP;
1267
1268 spin_lock_bh(&snmp_lock);
1269 ret = snmp_translate(ct, ctinfo, pskb);
1270 spin_unlock_bh(&snmp_lock);
1271 return ret;
1272}
1273
1274static struct nf_conntrack_helper snmp_helper __read_mostly = {
1275 .max_expected = 0,
1276 .timeout = 180,
1277 .me = THIS_MODULE,
1278 .help = help,
1279 .name = "snmp",
1280 .tuple.src.l3num = AF_INET,
1281 .tuple.src.u.udp.port = __constant_htons(SNMP_PORT),
1282 .tuple.dst.protonum = IPPROTO_UDP,
1283 .mask.src.l3num = 0xFFFF,
1284 .mask.src.u.udp.port = __constant_htons(0xFFFF),
1285 .mask.dst.protonum = 0xFF,
1286};
1287
1288static struct nf_conntrack_helper snmp_trap_helper __read_mostly = {
1289 .max_expected = 0,
1290 .timeout = 180,
1291 .me = THIS_MODULE,
1292 .help = help,
1293 .name = "snmp_trap",
1294 .tuple.src.l3num = AF_INET,
1295 .tuple.src.u.udp.port = __constant_htons(SNMP_TRAP_PORT),
1296 .tuple.dst.protonum = IPPROTO_UDP,
1297 .mask.src.l3num = 0xFFFF,
1298 .mask.src.u.udp.port = __constant_htons(0xFFFF),
1299 .mask.dst.protonum = 0xFF,
1300};
1301
1302/*****************************************************************************
1303 *
1304 * Module stuff.
1305 *
1306 *****************************************************************************/
1307
1308static int __init nf_nat_snmp_basic_init(void)
1309{
1310 int ret = 0;
1311
1312 ret = nf_conntrack_helper_register(&snmp_helper);
1313 if (ret < 0)
1314 return ret;
1315 ret = nf_conntrack_helper_register(&snmp_trap_helper);
1316 if (ret < 0) {
1317 nf_conntrack_helper_unregister(&snmp_helper);
1318 return ret;
1319 }
1320 return ret;
1321}
1322
1323static void __exit nf_nat_snmp_basic_fini(void)
1324{
1325 nf_conntrack_helper_unregister(&snmp_helper);
1326 nf_conntrack_helper_unregister(&snmp_trap_helper);
1327}
1328
1329module_init(nf_nat_snmp_basic_init);
1330module_exit(nf_nat_snmp_basic_fini);
1331
1332module_param(debug, int, 0600);
Clone of davem's net-next-2.6 tree