ip_proxy.h revision 305138
1/* $FreeBSD: stable/10/sys/contrib/ipfilter/netinet/ip_proxy.h 305138 2016-08-31 18:00:41Z dim $ */ 2 3/* 4 * Copyright (C) 2012 by Darren Reed. 5 * 6 * See the IPFILTER.LICENCE file for details on licencing. 7 * 8 * $FreeBSD: stable/10/sys/contrib/ipfilter/netinet/ip_proxy.h 305138 2016-08-31 18:00:41Z dim $ 9 * Id: ip_proxy.h,v 2.31.2.2 2005/03/12 19:33:48 darrenr Exp 10 */ 11 12#ifndef __IP_PROXY_H__ 13#define __IP_PROXY_H__ 14 15#ifndef SOLARIS 16# if defined(sun) && (defined(__svr4__) || defined(__SVR4)) 17# define SOLARIS 1 18# else 19# define SOLARIS 0 20# endif 21#endif 22 23#if defined(__STDC__) || defined(__GNUC__) || defined(_AIX51) 24#define SIOCPROXY _IOWR('r', 64, struct ap_control) 25#else 26#define SIOCPROXY _IOWR(r, 64, struct ap_control) 27#endif 28 29#ifndef APR_LABELLEN 30#define APR_LABELLEN 16 31#endif 32#define AP_SESS_SIZE 53 33 34struct nat; 35struct ipnat; 36struct ipstate; 37 38typedef struct ap_tcp { 39 u_short apt_sport; /* source port */ 40 u_short apt_dport; /* destination port */ 41 short apt_sel[2]; /* {seq,ack}{off,min} set selector */ 42 short apt_seqoff[2]; /* sequence # difference */ 43 u_32_t apt_seqmin[2]; /* don't change seq-off until after this */ 44 short apt_ackoff[2]; /* sequence # difference */ 45 u_32_t apt_ackmin[2]; /* don't change seq-off until after this */ 46 u_char apt_state[2]; /* connection state */ 47} ap_tcp_t; 48 49typedef struct ap_udp { 50 u_short apu_sport; /* source port */ 51 u_short apu_dport; /* destination port */ 52} ap_udp_t; 53 54typedef struct ap_session { 55 struct aproxy *aps_apr; 56 union { 57 struct ap_tcp apu_tcp; 58 struct ap_udp apu_udp; 59 } aps_un; 60 U_QUAD_T aps_bytes; /* bytes sent */ 61 U_QUAD_T aps_pkts; /* packets sent */ 62 void *aps_nat; /* pointer back to nat struct */ 63 void *aps_data; /* private data */ 64 int aps_psiz; /* size of private data */ 65 struct ap_session *aps_next; 66} ap_session_t; 67 68#define aps_sport aps_un.apu_tcp.apt_sport 69#define aps_dport aps_un.apu_tcp.apt_dport 70#define aps_sel aps_un.apu_tcp.apt_sel 71#define aps_seqoff aps_un.apu_tcp.apt_seqoff 72#define aps_seqmin aps_un.apu_tcp.apt_seqmin 73#define aps_state aps_un.apu_tcp.apt_state 74#define aps_ackoff aps_un.apu_tcp.apt_ackoff 75#define aps_ackmin aps_un.apu_tcp.apt_ackmin 76 77 78typedef struct ap_control { 79 char apc_label[APR_LABELLEN]; 80 char apc_config[APR_LABELLEN]; 81 u_char apc_p; 82 /* 83 * The following fields are upto the proxy's apr_ctl routine to deal 84 * with. When the proxy gets this in kernel space, apc_data will 85 * point to a malloc'd region of memory of apc_dsize bytes. If the 86 * proxy wants to keep that memory, it must set apc_data to NULL 87 * before it returns. It is expected if this happens that it will 88 * take care to free it in apr_fini or otherwise as appropriate. 89 * apc_cmd is provided as a standard place to put simple commands, 90 * with apc_arg being available to put a simple arg. 91 */ 92 u_long apc_cmd; 93 u_long apc_arg; 94 void *apc_data; 95 size_t apc_dsize; 96} ap_ctl_t; 97 98#define APC_CMD_ADD 0 99#define APC_CMD_DEL 1 100 101 102typedef struct aproxy { 103 struct aproxy *apr_next; 104 struct aproxy *apr_parent; 105 char apr_label[APR_LABELLEN]; /* Proxy label # */ 106 u_char apr_p; /* protocol */ 107 int apr_flags; 108 int apr_ref; 109 int apr_clones; 110 void (* apr_load) __P((void)); 111 void (* apr_unload) __P((void)); 112 void *(* apr_create) __P((ipf_main_softc_t *)); 113 void (* apr_destroy) __P((ipf_main_softc_t *, void *)); 114 int (* apr_init) __P((ipf_main_softc_t *, void *)); 115 void (* apr_fini) __P((ipf_main_softc_t *, void *)); 116 int (* apr_new) __P((void *, fr_info_t *, ap_session_t *, 117 struct nat *)); 118 void (* apr_del) __P((ipf_main_softc_t *, ap_session_t *)); 119 int (* apr_inpkt) __P((void *, fr_info_t *, ap_session_t *, 120 struct nat *)); 121 int (* apr_outpkt) __P((void *, fr_info_t *, ap_session_t *, 122 struct nat *)); 123 int (* apr_match) __P((fr_info_t *, ap_session_t *, struct nat *)); 124 int (* apr_ctl) __P((ipf_main_softc_t *, void *, ap_ctl_t *)); 125 int (* apr_clear) __P((struct aproxy *)); 126 int (* apr_flush) __P((struct aproxy *, int)); 127 void *apr_soft; 128} aproxy_t; 129 130#define APR_DELETE 1 131 132#define APR_ERR(x) ((x) << 16) 133#define APR_EXIT(x) (((x) >> 16) & 0xffff) 134#define APR_INC(x) ((x) & 0xffff) 135 136 137#ifdef _KERNEL 138/* 139 * Generic #define's to cover missing things in the kernel 140 */ 141# ifndef isdigit 142# define isdigit(x) ((x) >= '0' && (x) <= '9') 143# endif 144# ifndef isupper 145# define isupper(x) (((unsigned)(x) >= 'A') && ((unsigned)(x) <= 'Z')) 146# endif 147# ifndef islower 148# define islower(x) (((unsigned)(x) >= 'a') && ((unsigned)(x) <= 'z')) 149# endif 150# ifndef isalpha 151# define isalpha(x) (isupper(x) || islower(x)) 152# endif 153# ifndef toupper 154# define toupper(x) (isupper(x) ? (x) : (x) - 'a' + 'A') 155# endif 156# ifndef isspace 157# define isspace(x) (((x) == ' ') || ((x) == '\r') || ((x) == '\n') || \ 158 ((x) == '\t') || ((x) == '\b')) 159# endif 160#endif /* _KERNEL */ 161 162/* 163 * For the ftp proxy. 164 */ 165#define FTP_BUFSZ 160 166#define IPF_FTPBUFSZ 160 167 168typedef struct ftpside { 169 char *ftps_rptr; 170 char *ftps_wptr; 171 void *ftps_ifp; 172 u_32_t ftps_seq[2]; 173 u_32_t ftps_len; 174 int ftps_junk; 175 int ftps_cmds; 176 int ftps_cmd; 177 char ftps_buf[FTP_BUFSZ]; 178} ftpside_t; 179 180typedef struct ftpinfo { 181 int ftp_passok; 182 int ftp_incok; 183 void *ftp_pendstate; 184 nat_t *ftp_pendnat; 185 ftpside_t ftp_side[2]; 186} ftpinfo_t; 187 188 189/* 190 * IPsec proxy 191 */ 192typedef u_32_t ipsec_cookie_t[2]; 193 194typedef struct ipsec_pxy { 195 ipsec_cookie_t ipsc_icookie; 196 ipsec_cookie_t ipsc_rcookie; 197 int ipsc_rckset; 198 nat_t *ipsc_nat; 199 struct ipstate *ipsc_state; 200 ipnat_t *ipsc_rule; 201} ipsec_pxy_t; 202 203 204/* 205 * For the irc proxy. 206 */ 207typedef struct ircinfo { 208 size_t irc_len; 209 char *irc_snick; 210 char *irc_dnick; 211 char *irc_type; 212 char *irc_arg; 213 char *irc_addr; 214 u_32_t irc_ipnum; 215 u_short irc_port; 216} ircinfo_t; 217 218 219/* 220 * For the DNS "proxy" 221 */ 222typedef struct dnsinfo { 223 ipfmutex_t dnsi_lock; 224 u_short dnsi_id; 225 char dnsi_buffer[512]; 226} dnsinfo_t; 227 228 229/* 230 * Real audio proxy structure and #defines 231 */ 232typedef struct raudio_s { 233 int rap_seenpna; 234 int rap_seenver; 235 int rap_version; 236 int rap_eos; /* End Of Startup */ 237 int rap_gotid; 238 int rap_gotlen; 239 int rap_mode; 240 int rap_sdone; 241 u_short rap_plport; 242 u_short rap_prport; 243 u_short rap_srport; 244 char rap_svr[19]; 245 u_32_t rap_sbf; /* flag to indicate which of the 19 bytes have 246 * been filled 247 */ 248 u_32_t rap_sseq; 249} raudio_t; 250 251#define RA_ID_END 0 252#define RA_ID_UDP 1 253#define RA_ID_ROBUST 7 254 255#define RAP_M_UDP 1 256#define RAP_M_ROBUST 2 257#define RAP_M_TCP 4 258#define RAP_M_UDP_ROBUST (RAP_M_UDP|RAP_M_ROBUST) 259 260 261/* 262 * MSN RPC proxy 263 */ 264typedef struct msnrpcinfo { 265 u_int mri_flags; 266 int mri_cmd[2]; 267 u_int mri_valid; 268 struct in_addr mri_raddr; 269 u_short mri_rport; 270} msnrpcinfo_t; 271 272 273/* 274 * Sun RPCBIND proxy 275 */ 276#define RPCB_MAXMSG 888 277#define RPCB_RES_PMAP 0 /* Response contains a v2 port. */ 278#define RPCB_RES_STRING 1 /* " " " v3 (GETADDR) string. */ 279#define RPCB_RES_LIST 2 /* " " " v4 (GETADDRLIST) list. */ 280#define RPCB_MAXREQS 32 /* Arbitrary limit on tracked transactions */ 281 282#define RPCB_REQMIN 40 283#define RPCB_REQMAX 888 284#define RPCB_REPMIN 20 285#define RPCB_REPMAX 604 /* XXX double check this! */ 286 287/* 288 * These macros determine the number of bytes between p and the end of 289 * r->rs_buf relative to l. 290 */ 291#define RPCB_BUF_END(r) (char *)((r)->rm_msgbuf + (r)->rm_buflen) 292#define RPCB_BUF_GEQ(r, p, l) \ 293 ((RPCB_BUF_END((r)) > (char *)(p)) && \ 294 ((RPCB_BUF_END((r)) - (char *)(p)) >= (l))) 295#define RPCB_BUF_EQ(r, p, l) \ 296 (RPCB_BUF_END((r)) == ((char *)(p) + (l))) 297 298/* 299 * The following correspond to RPC(B) detailed in RFC183[13]. 300 */ 301#define RPCB_CALL 0 302#define RPCB_REPLY 1 303#define RPCB_MSG_VERSION 2 304#define RPCB_PROG 100000 305#define RPCB_GETPORT 3 306#define RPCB_GETADDR 3 307#define RPCB_GETADDRLIST 11 308#define RPCB_MSG_ACCEPTED 0 309#define RPCB_MSG_DENIED 1 310 311/* BEGIN (Generic XDR structures) */ 312typedef struct xdr_string { 313 u_32_t *xs_len; 314 char *xs_str; 315} xdr_string_t; 316 317typedef struct xdr_auth { 318 /* u_32_t xa_flavor; */ 319 xdr_string_t xa_string; 320} xdr_auth_t; 321 322typedef struct xdr_uaddr { 323 u_32_t xu_ip; 324 u_short xu_port; 325 xdr_string_t xu_str; 326} xdr_uaddr_t; 327 328typedef struct xdr_proto { 329 u_int xp_proto; 330 xdr_string_t xp_str; 331} xdr_proto_t; 332 333#define xu_xslen xu_str.xs_len 334#define xu_xsstr xu_str.xs_str 335#define xp_xslen xp_str.xs_len 336#define xp_xsstr xp_str.xs_str 337/* END (Generic XDR structures) */ 338 339/* BEGIN (RPC call structures) */ 340typedef struct pmap_args { 341 /* u_32_t pa_prog; */ 342 /* u_32_t pa_vers; */ 343 u_32_t *pa_prot; 344 /* u_32_t pa_port; */ 345} pmap_args_t; 346 347typedef struct rpcb_args { 348 /* u_32_t *ra_prog; */ 349 /* u_32_t *ra_vers; */ 350 xdr_proto_t ra_netid; 351 xdr_uaddr_t ra_maddr; 352 /* xdr_string_t ra_owner; */ 353} rpcb_args_t; 354 355typedef struct rpc_call { 356 /* u_32_t rc_rpcvers; */ 357 /* u_32_t rc_prog; */ 358 u_32_t *rc_vers; 359 u_32_t *rc_proc; 360 xdr_auth_t rc_authcred; 361 xdr_auth_t rc_authverf; 362 union { 363 pmap_args_t ra_pmapargs; 364 rpcb_args_t ra_rpcbargs; 365 } rpcb_args; 366} rpc_call_t; 367 368#define rc_pmapargs rpcb_args.ra_pmapargs 369#define rc_rpcbargs rpcb_args.ra_rpcbargs 370/* END (RPC call structures) */ 371 372/* BEGIN (RPC reply structures) */ 373typedef struct rpcb_entry { 374 xdr_uaddr_t re_maddr; 375 xdr_proto_t re_netid; 376 /* u_32_t re_semantics; */ 377 xdr_string_t re_family; 378 xdr_proto_t re_proto; 379 u_32_t *re_more; /* 1 == another entry follows */ 380} rpcb_entry_t; 381 382typedef struct rpcb_listp { 383 u_32_t *rl_list; /* 1 == list follows */ 384 int rl_cnt; 385 rpcb_entry_t rl_entries[2]; /* TCP / UDP only */ 386} rpcb_listp_t; 387 388typedef struct rpc_resp { 389 /* u_32_t rr_acceptdeny; */ 390 /* Omitted 'message denied' fork; we don't care about rejects. */ 391 xdr_auth_t rr_authverf; 392 /* u_32_t *rr_astat; */ 393 union { 394 u_32_t *resp_pmap; 395 xdr_uaddr_t resp_getaddr; 396 rpcb_listp_t resp_getaddrlist; 397 } rpcb_reply; 398} rpc_resp_t; 399 400#define rr_v2 rpcb_reply.resp_pmap 401#define rr_v3 rpcb_reply.resp_getaddr 402#define rr_v4 rpcb_reply.resp_getaddrlist 403/* END (RPC reply structures) */ 404 405/* BEGIN (RPC message structure & macros) */ 406typedef struct rpc_msg { 407 char rm_msgbuf[RPCB_MAXMSG]; /* RPCB data buffer */ 408 u_int rm_buflen; 409 u_32_t *rm_xid; 410 /* u_32_t Call vs Reply */ 411 union { 412 rpc_call_t rb_call; 413 rpc_resp_t rb_resp; 414 } rm_body; 415} rpc_msg_t; 416 417#define rm_call rm_body.rb_call 418#define rm_resp rm_body.rb_resp 419/* END (RPC message structure & macros) */ 420 421/* 422 * These code paths aren't hot enough to warrant per transaction 423 * mutexes. 424 */ 425typedef struct rpcb_xact { 426 struct rpcb_xact *rx_next; 427 struct rpcb_xact **rx_pnext; 428 u_32_t rx_xid; /* RPC transmission ID */ 429 u_int rx_type; /* RPCB response type */ 430 u_int rx_ref; /* reference count */ 431 u_int rx_proto; /* transport protocol (v2 only) */ 432} rpcb_xact_t; 433 434typedef struct rpcb_session { 435 ipfmutex_t rs_rxlock; 436 rpcb_xact_t *rs_rxlist; 437} rpcb_session_t; 438 439/* 440 * For an explanation, please see the following: 441 * RFC1832 - Sections 3.11, 4.4, and 4.5. 442 */ 443#define XDRALIGN(x) ((((x) % 4) != 0) ? ((((x) + 3) / 4) * 4) : (x)) 444 445extern int ipf_proxy_add __P((void *, aproxy_t *)); 446extern int ipf_proxy_check __P((fr_info_t *, struct nat *)); 447extern int ipf_proxy_ctl __P((ipf_main_softc_t *, void *, ap_ctl_t *)); 448extern int ipf_proxy_del __P((aproxy_t *)); 449extern void ipf_proxy_deref __P((aproxy_t *)); 450extern void ipf_proxy_flush __P((void *, int)); 451extern int ipf_proxy_init __P((void)); 452extern int ipf_proxy_ioctl __P((ipf_main_softc_t *, caddr_t, ioctlcmd_t, int, void *)); 453extern aproxy_t *ipf_proxy_lookup __P((void *, u_int, char *)); 454extern int ipf_proxy_match __P((fr_info_t *, struct nat *)); 455extern int ipf_proxy_new __P((fr_info_t *, struct nat *)); 456extern int ipf_proxy_ok __P((fr_info_t *, tcphdr_t *, struct ipnat *)); 457extern void ipf_proxy_free __P((ipf_main_softc_t *, ap_session_t *)); 458extern int ipf_proxy_main_load __P((void)); 459extern int ipf_proxy_main_unload __P((void)); 460extern ipnat_t *ipf_proxy_rule_fwd __P((nat_t *)); 461extern ipnat_t *ipf_proxy_rule_rev __P((nat_t *)); 462extern void *ipf_proxy_soft_create __P((ipf_main_softc_t *)); 463extern void ipf_proxy_soft_destroy __P((ipf_main_softc_t *, void *)); 464extern int ipf_proxy_soft_init __P((ipf_main_softc_t *, void *)); 465extern int ipf_proxy_soft_fini __P((ipf_main_softc_t *, void *)); 466 467#endif /* __IP_PROXY_H__ */ 468