ip_proxy.h revision 1.2
1 /* $NetBSD: ip_proxy.h,v 1.2 2012/03/23 20:39:50 christos Exp $ */ 2 3 /* 4 * Copyright (C) 2011 by Darren Reed. 5 * 6 * See the IPFILTER.LICENCE file for details on licencing. 7 * 8 * Id: ip_proxy.h,v 2.46.2.3 2012/01/26 05:29:12 darrenr Exp 9 */ 10 11 #ifndef _NETINET_IP_PROXY_H_ 12 #define _NETINET_IP_PROXY_H_ 13 14 #ifndef SOLARIS 15 #define SOLARIS (defined(sun) && (defined(__svr4__) || defined(__SVR4))) 16 #endif 17 18 #if defined(__STDC__) || defined(__GNUC__) || defined(_AIX51) 19 #define SIOCPROXY _IOWR('r', 64, struct ap_control) 20 #else 21 #define SIOCPROXY _IOWR(r, 64, struct ap_control) 22 #endif 23 24 #ifndef APR_LABELLEN 25 #define APR_LABELLEN 16 26 #endif 27 #define AP_SESS_SIZE 53 28 29 struct nat; 30 struct ipnat; 31 struct ipstate; 32 33 typedef struct ap_tcp { 34 u_short apt_sport; /* source port */ 35 u_short apt_dport; /* destination port */ 36 short apt_sel[2]; /* {seq,ack}{off,min} set selector */ 37 short apt_seqoff[2]; /* sequence # difference */ 38 u_32_t apt_seqmin[2]; /* don't change seq-off until after this */ 39 short apt_ackoff[2]; /* sequence # difference */ 40 u_32_t apt_ackmin[2]; /* don't change seq-off until after this */ 41 u_char apt_state[2]; /* connection state */ 42 } ap_tcp_t; 43 44 typedef struct ap_udp { 45 u_short apu_sport; /* source port */ 46 u_short apu_dport; /* destination port */ 47 } ap_udp_t; 48 49 typedef struct ap_session { 50 struct aproxy *aps_apr; 51 union { 52 struct ap_tcp apu_tcp; 53 struct ap_udp apu_udp; 54 } aps_un; 55 U_QUAD_T aps_bytes; /* bytes sent */ 56 U_QUAD_T aps_pkts; /* packets sent */ 57 void *aps_nat; /* pointer back to nat struct */ 58 void *aps_data; /* private data */ 59 int aps_psiz; /* size of private data */ 60 struct ap_session *aps_next; 61 } ap_session_t; 62 63 #define aps_sport aps_un.apu_tcp.apt_sport 64 #define aps_dport aps_un.apu_tcp.apt_dport 65 #define aps_sel aps_un.apu_tcp.apt_sel 66 #define aps_seqoff aps_un.apu_tcp.apt_seqoff 67 #define aps_seqmin aps_un.apu_tcp.apt_seqmin 68 #define aps_state aps_un.apu_tcp.apt_state 69 #define aps_ackoff aps_un.apu_tcp.apt_ackoff 70 #define aps_ackmin aps_un.apu_tcp.apt_ackmin 71 72 73 typedef struct ap_control { 74 char apc_label[APR_LABELLEN]; 75 char apc_config[APR_LABELLEN]; 76 u_char apc_p; 77 /* 78 * The following fields are upto the proxy's apr_ctl routine to deal 79 * with. When the proxy gets this in kernel space, apc_data will 80 * point to a malloc'd region of memory of apc_dsize bytes. If the 81 * proxy wants to keep that memory, it must set apc_data to NULL 82 * before it returns. It is expected if this happens that it will 83 * take care to free it in apr_fini or otherwise as appropriate. 84 * apc_cmd is provided as a standard place to put simple commands, 85 * with apc_arg being available to put a simple arg. 86 */ 87 u_long apc_cmd; 88 u_long apc_arg; 89 void *apc_data; 90 size_t apc_dsize; 91 } ap_ctl_t; 92 93 #define APC_CMD_ADD 0 94 #define APC_CMD_DEL 1 95 96 97 typedef struct aproxy { 98 struct aproxy *apr_next; 99 struct aproxy *apr_parent; 100 char apr_label[APR_LABELLEN]; /* Proxy label # */ 101 u_char apr_p; /* protocol */ 102 int apr_flags; 103 int apr_ref; 104 int apr_clones; 105 void (* apr_load)(void); 106 void (* apr_unload)(void); 107 void *(* apr_create)(ipf_main_softc_t *); 108 void (* apr_destroy)(ipf_main_softc_t *, void *); 109 int (* apr_init)(ipf_main_softc_t *, void *); 110 void (* apr_fini)(ipf_main_softc_t *, void *); 111 int (* apr_new)(void *, fr_info_t *, ap_session_t *, 112 struct nat *); 113 void (* apr_del)(ipf_main_softc_t *, ap_session_t *); 114 int (* apr_inpkt)(void *, fr_info_t *, ap_session_t *, 115 struct nat *); 116 int (* apr_outpkt)(void *, fr_info_t *, ap_session_t *, 117 struct nat *); 118 int (* apr_match)(fr_info_t *, ap_session_t *, struct nat *); 119 int (* apr_ctl)(ipf_main_softc_t *, void *, ap_ctl_t *); 120 int (* apr_clear)(struct aproxy *); 121 int (* apr_flush)(struct aproxy *, int); 122 void *apr_soft; 123 } aproxy_t; 124 125 #define APR_DELETE 1 126 127 #define APR_ERR(x) ((x) << 16) 128 #define APR_EXIT(x) (((x) >> 16) & 0xffff) 129 #define APR_INC(x) ((x) & 0xffff) 130 131 132 #ifdef _KERNEL 133 /* 134 * Generic #define's to cover missing things in the kernel 135 */ 136 # ifndef isdigit 137 # define isdigit(x) ((x) >= '0' && (x) <= '9') 138 # endif 139 # ifndef isupper 140 # define isupper(x) (((unsigned)(x) >= 'A') && ((unsigned)(x) <= 'Z')) 141 # endif 142 # ifndef islower 143 # define islower(x) (((unsigned)(x) >= 'a') && ((unsigned)(x) <= 'z')) 144 # endif 145 # ifndef isalpha 146 # define isalpha(x) (isupper(x) || islower(x)) 147 # endif 148 # ifndef toupper 149 # define toupper(x) (isupper(x) ? (x) : (x) - 'a' + 'A') 150 # endif 151 # ifndef isspace 152 # define isspace(x) (((x) == ' ') || ((x) == '\r') || ((x) == '\n') || \ 153 ((x) == '\t') || ((x) == '\b')) 154 # endif 155 #endif /* _KERNEL */ 156 157 /* 158 * For the ftp proxy. 159 */ 160 #define FTP_BUFSZ 160 161 #define IPF_FTPBUFSZ 160 162 163 typedef struct ftpside { 164 char *ftps_rptr; 165 char *ftps_wptr; 166 void *ftps_ifp; 167 u_32_t ftps_seq[2]; 168 u_32_t ftps_len; 169 int ftps_junk; 170 int ftps_cmds; 171 int ftps_cmd; 172 char ftps_buf[FTP_BUFSZ]; 173 } ftpside_t; 174 175 typedef struct ftpinfo { 176 int ftp_passok; 177 int ftp_incok; 178 void *ftp_pendstate; 179 nat_t *ftp_pendnat; 180 ftpside_t ftp_side[2]; 181 } ftpinfo_t; 182 183 184 /* 185 * For the irc proxy. 186 */ 187 typedef struct ircinfo { 188 size_t irc_len; 189 char *irc_snick; 190 char *irc_dnick; 191 char *irc_type; 192 char *irc_arg; 193 char *irc_addr; 194 u_32_t irc_ipnum; 195 u_short irc_port; 196 } ircinfo_t; 197 198 199 /* 200 * For the rcmd proxy. rcmd_rule must be last for names in ipnat_t 201 */ 202 typedef struct rcmdinfo { 203 u_32_t rcmd_port; /* Port number seen */ 204 u_32_t rcmd_portseq; /* Sequence number where port is first seen */ 205 ipnat_t rcmd_rule; /* Template rule for back connection */ 206 } rcmdinfo_t; 207 208 /* 209 * For the DNS "proxy" 210 */ 211 typedef struct dnsinfo { 212 ipfmutex_t dnsi_lock; 213 u_short dnsi_id; 214 char dnsi_buffer[512]; 215 } dnsinfo_t; 216 217 218 /* 219 * Real audio proxy structure and #defines 220 */ 221 typedef struct raudio_s { 222 int rap_seenpna; 223 int rap_seenver; 224 int rap_version; 225 int rap_eos; /* End Of Startup */ 226 int rap_gotid; 227 int rap_gotlen; 228 int rap_mode; 229 int rap_sdone; 230 u_short rap_plport; 231 u_short rap_prport; 232 u_short rap_srport; 233 char rap_svr[19]; 234 u_32_t rap_sbf; /* flag to indicate which of the 19 bytes have 235 * been filled 236 */ 237 u_32_t rap_sseq; 238 } raudio_t; 239 240 #define RA_ID_END 0 241 #define RA_ID_UDP 1 242 #define RA_ID_ROBUST 7 243 244 #define RAP_M_UDP 1 245 #define RAP_M_ROBUST 2 246 #define RAP_M_TCP 4 247 #define RAP_M_UDP_ROBUST (RAP_M_UDP|RAP_M_ROBUST) 248 249 250 /* 251 * MSN RPC proxy 252 */ 253 typedef struct msnrpcinfo { 254 u_int mri_flags; 255 int mri_cmd[2]; 256 u_int mri_valid; 257 struct in_addr mri_raddr; 258 u_short mri_rport; 259 } msnrpcinfo_t; 260 261 262 /* 263 * IPSec proxy. ipsc_rule must be last for names in ipnat_t 264 */ 265 typedef u_32_t ipsec_cookie_t[2]; 266 267 typedef struct ipsec_pxy { 268 ipsec_cookie_t ipsc_icookie; 269 ipsec_cookie_t ipsc_rcookie; 270 int ipsc_rckset; 271 nat_t *ipsc_nat; 272 struct ipstate *ipsc_state; 273 ipnat_t ipsc_rule; 274 } ipsec_pxy_t; 275 276 /* 277 * PPTP proxy. pptp_rule must be last for names in ipnat_t 278 */ 279 typedef struct pptp_side { 280 u_32_t pptps_nexthdr; 281 u_32_t pptps_next; 282 int pptps_state; 283 int pptps_gothdr; 284 int pptps_len; 285 int pptps_bytes; 286 char *pptps_wptr; 287 char pptps_buffer[512]; 288 } pptp_side_t; 289 290 typedef struct pptp_pxy { 291 nat_t *pptp_nat; 292 struct ipstate *pptp_state; 293 u_short pptp_call[2]; 294 pptp_side_t pptp_side[2]; 295 ipnat_t pptp_rule; 296 } pptp_pxy_t; 297 298 299 /* 300 * Sun RPCBIND proxy 301 */ 302 #define RPCB_MAXMSG 888 303 #define RPCB_RES_PMAP 0 /* Response contains a v2 port. */ 304 #define RPCB_RES_STRING 1 /* " " " v3 (GETADDR) string. */ 305 #define RPCB_RES_LIST 2 /* " " " v4 (GETADDRLIST) list. */ 306 #define RPCB_MAXREQS 32 /* Arbitrary limit on tracked transactions */ 307 308 #define RPCB_REQMIN 40 309 #define RPCB_REQMAX 888 310 #define RPCB_REPMIN 20 311 #define RPCB_REPMAX 604 /* XXX double check this! */ 312 313 /* 314 * These macros determine the number of bytes between p and the end of 315 * r->rs_buf relative to l. 316 */ 317 #define RPCB_BUF_END(r) (char *)((r)->rm_msgbuf + (r)->rm_buflen) 318 #define RPCB_BUF_GEQ(r, p, l) \ 319 ((RPCB_BUF_END((r)) > (char *)(p)) && \ 320 ((RPCB_BUF_END((r)) - (char *)(p)) >= (l))) 321 #define RPCB_BUF_EQ(r, p, l) \ 322 (RPCB_BUF_END((r)) == ((char *)(p) + (l))) 323 324 /* 325 * The following correspond to RPC(B) detailed in RFC183[13]. 326 */ 327 #define RPCB_CALL 0 328 #define RPCB_REPLY 1 329 #define RPCB_MSG_VERSION 2 330 #define RPCB_PROG 100000 331 #define RPCB_GETPORT 3 332 #define RPCB_GETADDR 3 333 #define RPCB_GETADDRLIST 11 334 #define RPCB_MSG_ACCEPTED 0 335 #define RPCB_MSG_DENIED 1 336 337 /* BEGIN (Generic XDR structures) */ 338 typedef struct xdr_string { 339 u_32_t *xs_len; 340 char *xs_str; 341 } xdr_string_t; 342 343 typedef struct xdr_auth { 344 /* u_32_t xa_flavor; */ 345 xdr_string_t xa_string; 346 } xdr_auth_t; 347 348 typedef struct xdr_uaddr { 349 u_32_t xu_ip; 350 u_short xu_port; 351 xdr_string_t xu_str; 352 } xdr_uaddr_t; 353 354 typedef struct xdr_proto { 355 u_int xp_proto; 356 xdr_string_t xp_str; 357 } xdr_proto_t; 358 359 #define xu_xslen xu_str.xs_len 360 #define xu_xsstr xu_str.xs_str 361 #define xp_xslen xp_str.xs_len 362 #define xp_xsstr xp_str.xs_str 363 /* END (Generic XDR structures) */ 364 365 /* BEGIN (RPC call structures) */ 366 typedef struct pmap_args { 367 /* u_32_t pa_prog; */ 368 /* u_32_t pa_vers; */ 369 u_32_t *pa_prot; 370 /* u_32_t pa_port; */ 371 } pmap_args_t; 372 373 typedef struct rpcb_args { 374 /* u_32_t *ra_prog; */ 375 /* u_32_t *ra_vers; */ 376 xdr_proto_t ra_netid; 377 xdr_uaddr_t ra_maddr; 378 /* xdr_string_t ra_owner; */ 379 } rpcb_args_t; 380 381 typedef struct rpc_call { 382 /* u_32_t rc_rpcvers; */ 383 /* u_32_t rc_prog; */ 384 u_32_t *rc_vers; 385 u_32_t *rc_proc; 386 xdr_auth_t rc_authcred; 387 xdr_auth_t rc_authverf; 388 union { 389 pmap_args_t ra_pmapargs; 390 rpcb_args_t ra_rpcbargs; 391 } rpcb_args; 392 } rpc_call_t; 393 394 #define rc_pmapargs rpcb_args.ra_pmapargs 395 #define rc_rpcbargs rpcb_args.ra_rpcbargs 396 /* END (RPC call structures) */ 397 398 /* BEGIN (RPC reply structures) */ 399 typedef struct rpcb_entry { 400 xdr_uaddr_t re_maddr; 401 xdr_proto_t re_netid; 402 /* u_32_t re_semantics; */ 403 xdr_string_t re_family; 404 xdr_proto_t re_proto; 405 u_32_t *re_more; /* 1 == another entry follows */ 406 } rpcb_entry_t; 407 408 typedef struct rpcb_listp { 409 u_32_t *rl_list; /* 1 == list follows */ 410 int rl_cnt; 411 rpcb_entry_t rl_entries[2]; /* TCP / UDP only */ 412 } rpcb_listp_t; 413 414 typedef struct rpc_resp { 415 /* u_32_t rr_acceptdeny; */ 416 /* Omitted 'message denied' fork; we don't care about rejects. */ 417 xdr_auth_t rr_authverf; 418 /* u_32_t *rr_astat; */ 419 union { 420 u_32_t *resp_pmap; 421 xdr_uaddr_t resp_getaddr; 422 rpcb_listp_t resp_getaddrlist; 423 } rpcb_reply; 424 } rpc_resp_t; 425 426 #define rr_v2 rpcb_reply.resp_pmap 427 #define rr_v3 rpcb_reply.resp_getaddr 428 #define rr_v4 rpcb_reply.resp_getaddrlist 429 /* END (RPC reply structures) */ 430 431 /* BEGIN (RPC message structure & macros) */ 432 typedef struct rpc_msg { 433 char rm_msgbuf[RPCB_MAXMSG]; /* RPCB data buffer */ 434 u_int rm_buflen; 435 u_32_t *rm_xid; 436 /* u_32_t Call vs Reply */ 437 union { 438 rpc_call_t rb_call; 439 rpc_resp_t rb_resp; 440 } rm_body; 441 } rpc_msg_t; 442 443 #define rm_call rm_body.rb_call 444 #define rm_resp rm_body.rb_resp 445 /* END (RPC message structure & macros) */ 446 447 /* 448 * These code paths aren't hot enough to warrant per transaction 449 * mutexes. 450 */ 451 typedef struct rpcb_xact { 452 struct rpcb_xact *rx_next; 453 struct rpcb_xact **rx_pnext; 454 u_32_t rx_xid; /* RPC transmission ID */ 455 u_int rx_type; /* RPCB response type */ 456 u_int rx_ref; /* reference count */ 457 u_int rx_proto; /* transport protocol (v2 only) */ 458 } rpcb_xact_t; 459 460 typedef struct rpcb_session { 461 ipfmutex_t rs_rxlock; 462 rpcb_xact_t *rs_rxlist; 463 } rpcb_session_t; 464 465 /* 466 * For an explanation, please see the following: 467 * RFC1832 - Sections 3.11, 4.4, and 4.5. 468 */ 469 #define XDRALIGN(x) ((((x) % 4) != 0) ? ((((x) + 3) / 4) * 4) : (x)) 470 471 extern int ipf_proxy_add(void *, aproxy_t *); 472 extern int ipf_proxy_check(fr_info_t *, struct nat *); 473 extern int ipf_proxy_ctl(ipf_main_softc_t *, void *, ap_ctl_t *); 474 extern int ipf_proxy_del(aproxy_t *); 475 extern void ipf_proxy_flush(void *, int); 476 extern void ipf_proxy_free(aproxy_t *); 477 extern int ipf_proxy_init(void); 478 extern int ipf_proxy_ioctl(ipf_main_softc_t *, void *, ioctlcmd_t, int, void *); 479 extern aproxy_t *ipf_proxy_lookup(void *, u_int, char *); 480 extern int ipf_proxy_match(fr_info_t *, struct nat *); 481 extern int ipf_proxy_new(fr_info_t *, struct nat *); 482 extern int ipf_proxy_ok(fr_info_t *, tcphdr_t *, struct ipnat *); 483 extern void aps_free(ipf_main_softc_t *, void *, ap_session_t *); 484 extern int ipf_proxy_main_load(void); 485 extern int ipf_proxy_main_unload(void); 486 extern void *ipf_proxy_soft_create(ipf_main_softc_t *); 487 extern void ipf_proxy_soft_destroy(ipf_main_softc_t *, void *); 488 extern int ipf_proxy_soft_init(ipf_main_softc_t *, void *); 489 extern int ipf_proxy_soft_fini(ipf_main_softc_t *, void *); 490 491 #endif /* _NETINET_IP_PROXY_H_ */ 492
Indexes created Mon Sep 29 21:09:56 GMT 2025