ip_proxy.h revision 305138 
1/*	$FreeBSD: stable/10/sys/contrib/ipfilter/netinet/ip_proxy.h 305138 2016-08-31 18:00:41Z dim $	*/
2
3/*
4 * Copyright (C) 2012 by Darren Reed.
5 *
6 * See the IPFILTER.LICENCE file for details on licencing.
7 *
8 * $FreeBSD: stable/10/sys/contrib/ipfilter/netinet/ip_proxy.h 305138 2016-08-31 18:00:41Z dim $
9 * Id: ip_proxy.h,v 2.31.2.2 2005/03/12 19:33:48 darrenr Exp
10 */
11
12#ifndef	__IP_PROXY_H__
13#define	__IP_PROXY_H__
14
15#ifndef	SOLARIS
16# if defined(sun) && (defined(__svr4__) || defined(__SVR4))
17#  define	SOLARIS		1
18# else
19#  define	SOLARIS		0
20# endif
21#endif
22
23#if defined(__STDC__) || defined(__GNUC__) || defined(_AIX51)
24#define	SIOCPROXY	_IOWR('r', 64, struct ap_control)
25#else
26#define	SIOCPROXY	_IOWR(r, 64, struct ap_control)
27#endif
28
29#ifndef	APR_LABELLEN
30#define	APR_LABELLEN	16
31#endif
32#define	AP_SESS_SIZE	53
33
34struct	nat;
35struct	ipnat;
36struct	ipstate;
37
38typedef	struct	ap_tcp {
39	u_short	apt_sport;	/* source port */
40	u_short	apt_dport;	/* destination port */
41	short	apt_sel[2];	/* {seq,ack}{off,min} set selector */
42	short	apt_seqoff[2];	/* sequence # difference */
43	u_32_t	apt_seqmin[2];	/* don't change seq-off until after this */
44	short	apt_ackoff[2];	/* sequence # difference */
45	u_32_t	apt_ackmin[2];	/* don't change seq-off until after this */
46	u_char	apt_state[2];	/* connection state */
47} ap_tcp_t;
48
49typedef	struct	ap_udp {
50	u_short	apu_sport;	/* source port */
51	u_short	apu_dport;	/* destination port */
52} ap_udp_t;
53
54typedef	struct ap_session {
55	struct	aproxy	*aps_apr;
56	union {
57		struct	ap_tcp	apu_tcp;
58		struct	ap_udp	apu_udp;
59	} aps_un;
60	U_QUAD_T aps_bytes;	/* bytes sent */
61	U_QUAD_T aps_pkts;	/* packets sent */
62	void	*aps_nat;	/* pointer back to nat struct */
63	void	*aps_data;	/* private data */
64	int	aps_psiz;	/* size of private data */
65	struct	ap_session	*aps_next;
66} ap_session_t;
67
68#define	aps_sport	aps_un.apu_tcp.apt_sport
69#define	aps_dport	aps_un.apu_tcp.apt_dport
70#define	aps_sel		aps_un.apu_tcp.apt_sel
71#define	aps_seqoff	aps_un.apu_tcp.apt_seqoff
72#define	aps_seqmin	aps_un.apu_tcp.apt_seqmin
73#define	aps_state	aps_un.apu_tcp.apt_state
74#define	aps_ackoff	aps_un.apu_tcp.apt_ackoff
75#define	aps_ackmin	aps_un.apu_tcp.apt_ackmin
76
77
78typedef	struct	ap_control {
79	char	apc_label[APR_LABELLEN];
80	char	apc_config[APR_LABELLEN];
81	u_char	apc_p;
82	/*
83	 * The following fields are upto the proxy's apr_ctl routine to deal
84	 * with.  When the proxy gets this in kernel space, apc_data will
85	 * point to a malloc'd region of memory of apc_dsize bytes.  If the
86	 * proxy wants to keep that memory, it must set apc_data to NULL
87	 * before it returns.  It is expected if this happens that it will
88	 * take care to free it in apr_fini or otherwise as appropriate.
89	 * apc_cmd is provided as a standard place to put simple commands,
90	 * with apc_arg being available to put a simple arg.
91	 */
92	u_long	apc_cmd;
93	u_long	apc_arg;
94	void	*apc_data;
95	size_t	apc_dsize;
96} ap_ctl_t;
97
98#define	APC_CMD_ADD	0
99#define	APC_CMD_DEL	1
100
101
102typedef	struct	aproxy	{
103	struct	aproxy	*apr_next;
104	struct	aproxy	*apr_parent;
105	char	apr_label[APR_LABELLEN];	/* Proxy label # */
106	u_char	apr_p;				/* protocol */
107	int	apr_flags;
108	int	apr_ref;
109	int	apr_clones;
110	void	(* apr_load) __P((void));
111	void	(* apr_unload) __P((void));
112	void	*(* apr_create) __P((ipf_main_softc_t *));
113	void	(* apr_destroy) __P((ipf_main_softc_t *, void *));
114	int	(* apr_init) __P((ipf_main_softc_t *, void *));
115	void	(* apr_fini) __P((ipf_main_softc_t *, void *));
116	int	(* apr_new) __P((void *, fr_info_t *, ap_session_t *,
117				 struct nat *));
118	void	(* apr_del) __P((ipf_main_softc_t *, ap_session_t *));
119	int	(* apr_inpkt) __P((void *, fr_info_t *, ap_session_t *,
120				   struct nat *));
121	int	(* apr_outpkt) __P((void *, fr_info_t *, ap_session_t *,
122				    struct nat *));
123	int	(* apr_match) __P((fr_info_t *, ap_session_t *, struct nat *));
124	int	(* apr_ctl) __P((ipf_main_softc_t *, void *, ap_ctl_t *));
125	int	(* apr_clear) __P((struct aproxy *));
126	int	(* apr_flush) __P((struct aproxy *, int));
127	void	*apr_soft;
128} aproxy_t;
129
130#define	APR_DELETE	1
131
132#define	APR_ERR(x)	((x) << 16)
133#define	APR_EXIT(x)	(((x) >> 16) & 0xffff)
134#define	APR_INC(x)	((x) & 0xffff)
135
136
137#ifdef _KERNEL
138/*
139 * Generic #define's to cover missing things in the kernel
140 */
141# ifndef isdigit
142#  define isdigit(x)	((x) >= '0' && (x) <= '9')
143# endif
144# ifndef isupper
145#  define isupper(x)	(((unsigned)(x) >= 'A') && ((unsigned)(x) <= 'Z'))
146# endif
147# ifndef islower
148#  define islower(x)	(((unsigned)(x) >= 'a') && ((unsigned)(x) <= 'z'))
149# endif
150# ifndef isalpha
151#  define isalpha(x)	(isupper(x) || islower(x))
152# endif
153# ifndef toupper
154#  define toupper(x)	(isupper(x) ? (x) : (x) - 'a' + 'A')
155# endif
156# ifndef isspace
157#  define isspace(x)	(((x) == ' ') || ((x) == '\r') || ((x) == '\n') || \
158			 ((x) == '\t') || ((x) == '\b'))
159# endif
160#endif /* _KERNEL */
161
162/*
163 * For the ftp proxy.
164 */
165#define	FTP_BUFSZ	160
166#define	IPF_FTPBUFSZ	160
167
168typedef struct  ftpside {
169	char	*ftps_rptr;
170	char	*ftps_wptr;
171	void	*ftps_ifp;
172	u_32_t	ftps_seq[2];
173	u_32_t	ftps_len;
174	int	ftps_junk;
175	int	ftps_cmds;
176	int	ftps_cmd;
177	char	ftps_buf[FTP_BUFSZ];
178} ftpside_t;
179
180typedef struct  ftpinfo {
181	int 	  	ftp_passok;
182	int		ftp_incok;
183	void		*ftp_pendstate;
184	nat_t		*ftp_pendnat;
185	ftpside_t	ftp_side[2];
186} ftpinfo_t;
187
188
189/*
190 * IPsec proxy
191 */
192typedef u_32_t		ipsec_cookie_t[2];
193
194typedef struct ipsec_pxy {
195	ipsec_cookie_t	ipsc_icookie;
196	ipsec_cookie_t	ipsc_rcookie;
197	int		ipsc_rckset;
198	nat_t		*ipsc_nat;
199	struct ipstate	*ipsc_state;
200	ipnat_t		*ipsc_rule;
201} ipsec_pxy_t;
202
203
204/*
205 * For the irc proxy.
206 */
207typedef	struct	ircinfo {
208	size_t	irc_len;
209	char	*irc_snick;
210	char	*irc_dnick;
211	char	*irc_type;
212	char	*irc_arg;
213	char	*irc_addr;
214	u_32_t	irc_ipnum;
215	u_short	irc_port;
216} ircinfo_t;
217
218
219/*
220 * For the DNS "proxy"
221 */
222typedef struct dnsinfo {
223        ipfmutex_t	dnsi_lock;
224	u_short		dnsi_id;
225	char		dnsi_buffer[512];
226} dnsinfo_t;
227
228
229/*
230 * Real audio proxy structure and #defines
231 */
232typedef	struct	raudio_s {
233	int	rap_seenpna;
234	int	rap_seenver;
235	int	rap_version;
236	int	rap_eos;	/* End Of Startup */
237	int	rap_gotid;
238	int	rap_gotlen;
239	int	rap_mode;
240	int	rap_sdone;
241	u_short	rap_plport;
242	u_short	rap_prport;
243	u_short	rap_srport;
244	char	rap_svr[19];
245	u_32_t	rap_sbf;	/* flag to indicate which of the 19 bytes have
246				 * been filled
247				 */
248	u_32_t	rap_sseq;
249} raudio_t;
250
251#define	RA_ID_END	0
252#define	RA_ID_UDP	1
253#define	RA_ID_ROBUST	7
254
255#define	RAP_M_UDP	1
256#define	RAP_M_ROBUST	2
257#define	RAP_M_TCP	4
258#define	RAP_M_UDP_ROBUST	(RAP_M_UDP|RAP_M_ROBUST)
259
260
261/*
262 * MSN RPC proxy
263 */
264typedef	struct	msnrpcinfo	{
265	u_int		mri_flags;
266	int		mri_cmd[2];
267	u_int		mri_valid;
268	struct	in_addr	mri_raddr;
269	u_short		mri_rport;
270} msnrpcinfo_t;
271
272
273/*
274 * Sun RPCBIND proxy
275 */
276#define RPCB_MAXMSG	888
277#define RPCB_RES_PMAP	0	/* Response contains a v2 port. */
278#define RPCB_RES_STRING	1	/* " " " v3 (GETADDR) string. */
279#define RPCB_RES_LIST	2	/* " " " v4 (GETADDRLIST) list. */
280#define RPCB_MAXREQS	32	/* Arbitrary limit on tracked transactions */
281
282#define RPCB_REQMIN	40
283#define RPCB_REQMAX	888
284#define RPCB_REPMIN	20
285#define	RPCB_REPMAX	604	/* XXX double check this! */
286
287/*
288 * These macros determine the number of bytes between p and the end of
289 * r->rs_buf relative to l.
290 */
291#define RPCB_BUF_END(r) (char *)((r)->rm_msgbuf + (r)->rm_buflen)
292#define RPCB_BUF_GEQ(r, p, l)   \
293        ((RPCB_BUF_END((r)) > (char *)(p)) &&           \
294         ((RPCB_BUF_END((r)) - (char *)(p)) >= (l)))
295#define	RPCB_BUF_EQ(r, p, l)                            \
296        (RPCB_BUF_END((r)) == ((char *)(p) + (l)))
297
298/*
299 * The following correspond to RPC(B) detailed in RFC183[13].
300 */
301#define RPCB_CALL		0
302#define RPCB_REPLY		1
303#define RPCB_MSG_VERSION	2
304#define RPCB_PROG		100000
305#define RPCB_GETPORT		3
306#define RPCB_GETADDR		3
307#define RPCB_GETADDRLIST	11
308#define RPCB_MSG_ACCEPTED	0
309#define RPCB_MSG_DENIED		1
310
311/* BEGIN (Generic XDR structures) */
312typedef struct xdr_string {
313	u_32_t	*xs_len;
314	char	*xs_str;
315} xdr_string_t;
316
317typedef struct xdr_auth {
318	/* u_32_t	xa_flavor; */
319	xdr_string_t	xa_string;
320} xdr_auth_t;
321
322typedef struct xdr_uaddr {
323	u_32_t		xu_ip;
324	u_short         xu_port;
325	xdr_string_t	xu_str;
326} xdr_uaddr_t;
327
328typedef	struct xdr_proto {
329	u_int		xp_proto;
330	xdr_string_t	xp_str;
331} xdr_proto_t;
332
333#define xu_xslen	xu_str.xs_len
334#define xu_xsstr	xu_str.xs_str
335#define	xp_xslen	xp_str.xs_len
336#define xp_xsstr	xp_str.xs_str
337/* END (Generic XDR structures) */
338
339/* BEGIN (RPC call structures) */
340typedef struct pmap_args {
341	/* u_32_t	pa_prog; */
342	/* u_32_t	pa_vers; */
343	u_32_t		*pa_prot;
344	/* u_32_t	pa_port; */
345} pmap_args_t;
346
347typedef struct rpcb_args {
348	/* u_32_t	*ra_prog; */
349	/* u_32_t	*ra_vers; */
350	xdr_proto_t	ra_netid;
351	xdr_uaddr_t	ra_maddr;
352	/* xdr_string_t	ra_owner; */
353} rpcb_args_t;
354
355typedef struct rpc_call {
356	/* u_32_t	rc_rpcvers; */
357	/* u_32_t	rc_prog; */
358	u_32_t	*rc_vers;
359	u_32_t	*rc_proc;
360	xdr_auth_t	rc_authcred;
361	xdr_auth_t	rc_authverf;
362	union {
363		pmap_args_t	ra_pmapargs;
364		rpcb_args_t	ra_rpcbargs;
365	} rpcb_args;
366} rpc_call_t;
367
368#define	rc_pmapargs	rpcb_args.ra_pmapargs
369#define rc_rpcbargs	rpcb_args.ra_rpcbargs
370/* END (RPC call structures) */
371
372/* BEGIN (RPC reply structures) */
373typedef struct rpcb_entry {
374	xdr_uaddr_t	re_maddr;
375	xdr_proto_t	re_netid;
376	/* u_32_t	re_semantics; */
377	xdr_string_t	re_family;
378	xdr_proto_t	re_proto;
379	u_32_t		*re_more; /* 1 == another entry follows */
380} rpcb_entry_t;
381
382typedef struct rpcb_listp {
383	u_32_t		*rl_list; /* 1 == list follows */
384	int		rl_cnt;
385	rpcb_entry_t	rl_entries[2]; /* TCP / UDP only */
386} rpcb_listp_t;
387
388typedef struct rpc_resp {
389	/* u_32_t	rr_acceptdeny; */
390	/* Omitted 'message denied' fork; we don't care about rejects. */
391	xdr_auth_t	rr_authverf;
392	/* u_32_t		*rr_astat;	*/
393	union {
394		u_32_t		*resp_pmap;
395		xdr_uaddr_t	resp_getaddr;
396		rpcb_listp_t	resp_getaddrlist;
397	} rpcb_reply;
398} rpc_resp_t;
399
400#define	rr_v2	rpcb_reply.resp_pmap
401#define rr_v3	rpcb_reply.resp_getaddr
402#define	rr_v4	rpcb_reply.resp_getaddrlist
403/* END (RPC reply structures) */
404
405/* BEGIN (RPC message structure & macros) */
406typedef struct rpc_msg {
407	char	rm_msgbuf[RPCB_MAXMSG];	/* RPCB data buffer */
408	u_int	rm_buflen;
409	u_32_t	*rm_xid;
410	/* u_32_t Call vs Reply */
411	union {
412		rpc_call_t	rb_call;
413		rpc_resp_t	rb_resp;
414	} rm_body;
415} rpc_msg_t;
416
417#define rm_call		rm_body.rb_call
418#define rm_resp		rm_body.rb_resp
419/* END (RPC message structure & macros) */
420
421/*
422 * These code paths aren't hot enough to warrant per transaction
423 * mutexes.
424 */
425typedef struct rpcb_xact {
426	struct	rpcb_xact	*rx_next;
427	struct	rpcb_xact	**rx_pnext;
428	u_32_t	rx_xid;		/* RPC transmission ID */
429	u_int	rx_type;	/* RPCB response type */
430	u_int	rx_ref;         /* reference count */
431	u_int	rx_proto;	/* transport protocol (v2 only) */
432} rpcb_xact_t;
433
434typedef struct rpcb_session {
435        ipfmutex_t	rs_rxlock;
436	rpcb_xact_t	*rs_rxlist;
437} rpcb_session_t;
438
439/*
440 * For an explanation, please see the following:
441 *   RFC1832 - Sections 3.11, 4.4, and 4.5.
442 */
443#define XDRALIGN(x)	((((x) % 4) != 0) ? ((((x) + 3) / 4) * 4) : (x))
444
445extern	int	ipf_proxy_add __P((void *, aproxy_t *));
446extern	int	ipf_proxy_check __P((fr_info_t *, struct nat *));
447extern	int	ipf_proxy_ctl __P((ipf_main_softc_t *, void *, ap_ctl_t *));
448extern	int	ipf_proxy_del __P((aproxy_t *));
449extern	void	ipf_proxy_deref __P((aproxy_t *));
450extern	void	ipf_proxy_flush __P((void *, int));
451extern	int	ipf_proxy_init __P((void));
452extern	int	ipf_proxy_ioctl __P((ipf_main_softc_t *, caddr_t, ioctlcmd_t, int, void *));
453extern	aproxy_t	*ipf_proxy_lookup __P((void *, u_int, char *));
454extern	int	ipf_proxy_match __P((fr_info_t *, struct nat *));
455extern	int	ipf_proxy_new __P((fr_info_t *, struct nat *));
456extern	int	ipf_proxy_ok __P((fr_info_t *, tcphdr_t *, struct ipnat *));
457extern	void	ipf_proxy_free __P((ipf_main_softc_t *, ap_session_t *));
458extern	int	ipf_proxy_main_load __P((void));
459extern	int	ipf_proxy_main_unload __P((void));
460extern	ipnat_t	*ipf_proxy_rule_fwd __P((nat_t *));
461extern	ipnat_t	*ipf_proxy_rule_rev __P((nat_t *));
462extern	void	*ipf_proxy_soft_create __P((ipf_main_softc_t *));
463extern	void	ipf_proxy_soft_destroy __P((ipf_main_softc_t *, void *));
464extern	int	ipf_proxy_soft_init __P((ipf_main_softc_t *, void *));
465extern	int	ipf_proxy_soft_fini __P((ipf_main_softc_t *, void *));
466
467#endif /* __IP_PROXY_H__ */
468