IP Masquerading - Real Audio proxy

Nigel Metheringham (Nigel.Metheringham@theplanet.net)
Thu, 16 May 1996 18:49:38 +0100


This is a multipart MIME message.

--===_0_Thu_May_16_18:49:00_BST_1996
Content-Type: text/plain; charset=us-ascii

Here are 2 more patches....

The first is a trivial one to add the proxy name to
/proc/net/ip_masq_app

The second is a first cut at a Real Audio proxy.
It works with some servers but not with others - methinks that
Progressive Networks description of the protocol in their firewall
kit is a tad incomplete. I will finish it, but I am going away for a
few days so am putting it out for others to bash on.

Please can comments and improvments be passed directly to me (ie
don't assume I'll see it on a list since when I get back there will
be a largish backlog).

Nigel.

--===_0_Thu_May_16_18:49:00_BST_1996
Content-Type: application/x-patch
Content-Description: masq_raudio.patch

Index: linux/net/ipv4/Makefile
diff -c linux/net/ipv4/Makefile:1.1.1.1 linux/net/ipv4/Makefile:1.2
*** linux/net/ipv4/Makefile:1.1.1.1 Wed May 15 10:20:23 1996
--- linux/net/ipv4/Makefile Thu May 16 18:39:31 1996
***************
*** 40,46 ****

ifeq ($(CONFIG_IP_MASQUERADE),y)
IPV4_OBJS += ip_masq.o ip_masq_app.o
! M_OBJS += ip_masq_ftp.o ip_masq_irc.o
endif

ifeq ($(CONFIG_IP_ALIAS),y)
--- 40,46 ----

ifeq ($(CONFIG_IP_MASQUERADE),y)
IPV4_OBJS += ip_masq.o ip_masq_app.o
! M_OBJS += ip_masq_ftp.o ip_masq_irc.o ip_masq_raudio.o
endif

ifeq ($(CONFIG_IP_ALIAS),y)
Index: linux/net/ipv4/ip_masq_raudio.c
diff -c /dev/null linux/net/ipv4/ip_masq_raudio.c:1.1
*** /dev/null Thu May 16 18:47:00 1996
--- linux/net/ipv4/ip_masq_raudio.c Thu May 16 18:39:31 1996
***************
*** 0 ****
--- 1,192 ----
+ /*
+ * IP_MASQ_RAUDIO - Real Audio masquerading module
+ *
+ *
+ * Version: @(#)$Id: ip_masq_raudio.c,v 1.1 1996/05/16 17:39:31 nigel Exp $
+ *
+ * Author: Nigel Metheringham
+ * [strongly based on ftp module by Juan Jose Ciarlante & Wouter Gadeyne]
+ * [Real Audio information taken from Progressive Networks firewall docs]
+ *
+ *
+ *
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version
+ * 2 of the License, or (at your option) any later version.
+ *
+ *
+ * Limitations
+ * The IP Masquerading proxies at present do not have access to a processed
+ * data stream. Hence for a protocol like the Real Audio control protocol,
+ * which depends on knowing where you are in the data stream, you either
+ * to keep a *lot* of state in your proxy, or you cheat and simplify the
+ * problem [needless to say I did the latter].
+ *
+ * This proxy only handles data in the first packet. Everything else is
+ * passed transparently. This means it should work under all normal
+ * circumstances, but it could be fooled by new data formats or a
+ * malicious application!
+ *
+ */
+
+ #include <linux/module.h>
+ #include <asm/system.h>
+ #include <linux/types.h>
+ #include <linux/kernel.h>
+ #include <linux/skbuff.h>
+ #include <linux/in.h>
+ #include <linux/ip.h>
+ #include <net/protocol.h>
+ #include <net/tcp.h>
+ #include <net/ip_masq.h>
+
+ #define DEBUG_CONFIG_IP_MASQ_RAUDIO 1
+
+
+ static int
+ masq_raudio_init_1 (struct ip_masq_app *mapp, struct ip_masq *ms)
+ {
+ MOD_INC_USE_COUNT;
+ return 0;
+ }
+
+ static int
+ masq_raudio_done_1 (struct ip_masq_app *mapp, struct ip_masq *ms)
+ {
+ MOD_DEC_USE_COUNT;
+ return 0;
+ }
+
+ int
+ masq_raudio_out (struct ip_masq_app *mapp, struct ip_masq *ms, struct sk_buff **skb_p, struct device *dev)
+ {
+ struct sk_buff *skb;
+ struct iphdr *iph;
+ struct tcphdr *th;
+ char *p, *data, *data_limit;
+ struct ip_masq *n_ms;
+ unsigned short version, msg_id, msg_len, udp_port;
+
+ skb = *skb_p;
+ iph = skb->h.iph;
+ th = (struct tcphdr *)&(((char *)iph)[iph->ihl*4]);
+ data = (char *)&th[1];
+
+ data_limit = skb->h.raw + skb->len - 18;
+
+ /* Check to see if this is the first packet with protocol ID */
+ if (memcmp(data, "PNA", 3)) {
+ #if DEBUG_CONFIG_IP_MASQ_RAUDIO
+ printk("RealAudio: not initial protocol packet - ignored");
+ #endif
+ return(0);
+ }
+ data += 3;
+ memcpy(&version, data, 2);
+
+ #if DEBUG_CONFIG_IP_MASQ_RAUDIO
+ printk("RealAudio: initial seen - protocol version %d\n",
+ ntohs(version));
+ #endif
+ if (ntohs(version) >= 256)
+ {
+ printk(KERN_INFO "RealAudio: version (%d) not supported\n",
+ ntohs(version));
+ return 0;
+ }
+
+ data += 2;
+ while (data < data_limit) {
+ memcpy(&msg_id, data, 2);
+ data += 2;
+ memcpy(&msg_len, data, 2);
+ data += 2;
+ #if DEBUG_CONFIG_IP_MASQ_RAUDIO
+ printk("RealAudio: msg %d - %d byte\n",
+ ntohs(msg_id), ntohs(msg_len));
+ #endif
+ p = data;
+ data += ntohs(msg_len);
+ if (data > data_limit)
+ {
+ printk(KERN_INFO "RealAudio: Packet too short for data\n");
+ return 0;
+ }
+ if (ntohs(msg_id) == 1) {
+ /* This is a message detailing the UDP port to be used */
+ memcpy(&udp_port, p, 2);
+ n_ms = ip_masq_new(dev, IPPROTO_UDP,
+ ms->saddr, udp_port,
+ ms->daddr, 0,
+ IP_MASQ_F_NO_DPORT);
+
+ if (n_ms==NULL)
+ return 0;
+
+ memcpy(p, &(n_ms->mport), 2);
+ #if DEBUG_CONFIG_IP_MASQ_RAUDIO
+ printk("RealAudio: rewrote UDP port %d -> %d\n",
+ ntohs(udp_port), ntohs(n_ms->mport));
+ #endif
+ ip_masq_set_expire(n_ms, ip_masq_expire->udp_timeout);
+ /*
+ * There is nothing else useful we can do
+ * Maybe a development could do more, but for now
+ * we exit gracefully!
+ */
+ return 0;
+
+ } else if (ntohs(msg_id) == 0)
+ return 0;
+ }
+ return 0;
+ }
+
+ struct ip_masq_app ip_masq_raudio = {
+ NULL, /* next */
+ "real audio", /* name */
+ 0, /* type */
+ 0, /* n_attach */
+ masq_raudio_init_1, /* ip_masq_init_1 */
+ masq_raudio_done_1, /* ip_masq_done_1 */
+ masq_raudio_out, /* pkt_out */
+ NULL /* pkt_in */
+ };
+
+ /*
+ * ip_masq_raudio initialization
+ */
+
+ int ip_masq_raudio_init(void)
+ {
+ return register_ip_masq_app(&ip_masq_raudio, IPPROTO_TCP, 7070);
+ }
+
+ /*
+ * ip_masq_raudio fin.
+ */
+
+ int ip_masq_raudio_done(void)
+ {
+ return unregister_ip_masq_app(&ip_masq_raudio);
+ }
+
+ #ifdef MODULE
+
+ int init_module(void)
+ {
+ if (ip_masq_raudio_init() != 0)
+ return -EIO;
+ register_symtab(0);
+ return 0;
+ }
+
+ void cleanup_module(void)
+ {
+ if (ip_masq_raudio_done() != 0)
+ printk("ip_masq_raudio: can't remove module");
+ }
+
+ #endif /* MODULE */

--===_0_Thu_May_16_18:49:00_BST_1996
Content-Type: application/x-patch
Content-Description: masq_name.patch

Index: linux/net/ipv4/ip_masq_app.c
diff -c linux/net/ipv4/ip_masq_app.c:1.1.1.1 linux/net/ipv4/ip_masq_app.c:1.2
*** linux/net/ipv4/ip_masq_app.c:1.1.1.1 Wed May 15 10:20:29 1996
--- linux/net/ipv4/ip_masq_app.c Thu May 16 14:37:10 1996
***************
*** 438,461 ****
struct ip_masq_app * mapp;
unsigned idx;

! if (offset < 22)
! len=sprintf(buffer,"%-21s\n", "prot port n_attach");
! pos = 22;

for (idx=0 ; idx < IP_MASQ_APP_TAB_SIZE; idx++)
for (mapp = ip_masq_app_base[idx]; mapp ; mapp = mapp->next) {
/*
* If you change the length of this sprintf, then all
* the length calculations need fixing too!
! * Line length = 22 (3 + 2 + 7 + 1 + 7 + 1 + 1)
*/
! pos += 22;
if (pos < offset)
continue;

! len += sprintf(buffer+len, "%-3s %-7u %-7d \n",
masq_proto_name(IP_MASQ_APP_PROTO(mapp->type)),
! IP_MASQ_APP_PORT(mapp->type), mapp->n_attach);

if(len >= length)
goto done;
--- 438,462 ----
struct ip_masq_app * mapp;
unsigned idx;

! if (offset < 40)
! len=sprintf(buffer,"%-39s\n", "prot port n_attach name");
! pos = 40;

for (idx=0 ; idx < IP_MASQ_APP_TAB_SIZE; idx++)
for (mapp = ip_masq_app_base[idx]; mapp ; mapp = mapp->next) {
/*
* If you change the length of this sprintf, then all
* the length calculations need fixing too!
! * Line length = 40 (3 + 2 + 7 + 1 + 7 + 1 + 2 + 17)
*/
! pos += 40;
if (pos < offset)
continue;

! len += sprintf(buffer+len, "%-3s %-7u %-7d %-17s\n",
masq_proto_name(IP_MASQ_APP_PROTO(mapp->type)),
! IP_MASQ_APP_PORT(mapp->type), mapp->n_attach,
! mapp->name);

if(len >= length)
goto done;

--===_0_Thu_May_16_18:49:00_BST_1996
Content-Type: text/plain; charset=us-ascii

[ Nigel.Metheringham@theplanet.net - Unix Applications Engineer ]
[ *Views expressed here are personal and not supported by PLAnet* ]
[ PLAnet Online : The White House Tel : +44 113 2345566 x 612 ]
[ Melbourne Street, Leeds LS2 7PS UK. Fax : +44 113 2345656 ]

--===_0_Thu_May_16_18:49:00_BST_1996--