1
2/*
3 * Copyright (C) 2012 by Darren Reed.
4 *
5 * See the IPFILTER.LICENCE file for details on licencing.
6 * Id: ip_proxy.h,v 2.31.2.2 2005/03/12 19:33:48 darrenr Exp
7 */
8
9#ifndef	__IP_PROXY_H__
10#define	__IP_PROXY_H__
11
12#ifndef	SOLARIS
13# if defined(sun) && defined(__SVR4)
14#  define	SOLARIS		1
15# else
16#  define	SOLARIS		0
17# endif
18#endif
19
20#define	SIOCPROXY	_IOWR('r', 64, struct ap_control)
21
22#ifndef	APR_LABELLEN
23#define	APR_LABELLEN	16
24#endif
25#define	AP_SESS_SIZE	53
26
27struct	nat;
28struct	ipnat;
29struct	ipstate;
30
31typedef	struct	ap_tcp {
32	u_short	apt_sport;	/* source port */
33	u_short	apt_dport;	/* destination port */
34	short	apt_sel[2];	/* {seq,ack}{off,min} set selector */
35	short	apt_seqoff[2];	/* sequence # difference */
36	u_32_t	apt_seqmin[2];	/* don't change seq-off until after this */
37	short	apt_ackoff[2];	/* sequence # difference */
38	u_32_t	apt_ackmin[2];	/* don't change seq-off until after this */
39	u_char	apt_state[2];	/* connection state */
40} ap_tcp_t;
41
42typedef	struct	ap_udp {
43	u_short	apu_sport;	/* source port */
44	u_short	apu_dport;	/* destination port */
45} ap_udp_t;
46
47typedef	struct ap_session {
48	struct	aproxy	*aps_apr;
49	union {
50		struct	ap_tcp	apu_tcp;
51		struct	ap_udp	apu_udp;
52	} aps_un;
53	U_QUAD_T aps_bytes;	/* bytes sent */
54	U_QUAD_T aps_pkts;	/* packets sent */
55	void	*aps_nat;	/* pointer back to nat struct */
56	void	*aps_data;	/* private data */
57	int	aps_psiz;	/* size of private data */
58	struct	ap_session	*aps_next;
59} ap_session_t;
60
61#define	aps_sport	aps_un.apu_tcp.apt_sport
62#define	aps_dport	aps_un.apu_tcp.apt_dport
63#define	aps_sel		aps_un.apu_tcp.apt_sel
64#define	aps_seqoff	aps_un.apu_tcp.apt_seqoff
65#define	aps_seqmin	aps_un.apu_tcp.apt_seqmin
66#define	aps_state	aps_un.apu_tcp.apt_state
67#define	aps_ackoff	aps_un.apu_tcp.apt_ackoff
68#define	aps_ackmin	aps_un.apu_tcp.apt_ackmin
69
70
71typedef	struct	ap_control {
72	char	apc_label[APR_LABELLEN];
73	char	apc_config[APR_LABELLEN];
74	u_char	apc_p;
75	/*
76	 * The following fields are upto the proxy's apr_ctl routine to deal
77	 * with.  When the proxy gets this in kernel space, apc_data will
78	 * point to a malloc'd region of memory of apc_dsize bytes.  If the
79	 * proxy wants to keep that memory, it must set apc_data to NULL
80	 * before it returns.  It is expected if this happens that it will
81	 * take care to free it in apr_fini or otherwise as appropriate.
82	 * apc_cmd is provided as a standard place to put simple commands,
83	 * with apc_arg being available to put a simple arg.
84	 */
85	u_long	apc_cmd;
86	u_long	apc_arg;
87	void	*apc_data;
88	size_t	apc_dsize;
89} ap_ctl_t;
90
91#define	APC_CMD_ADD	0
92#define	APC_CMD_DEL	1
93
94
95typedef	struct	aproxy	{
96	struct	aproxy	*apr_next;
97	struct	aproxy	*apr_parent;
98	char	apr_label[APR_LABELLEN];	/* Proxy label # */
99	u_char	apr_p;				/* protocol */
100	int	apr_flags;
101	int	apr_ref;
102	int	apr_clones;
103	void	(* apr_load)(void);
104	void	(* apr_unload)(void);
105	void	*(* apr_create)(ipf_main_softc_t *);
106	void	(* apr_destroy)(ipf_main_softc_t *, void *);
107	int	(* apr_init)(ipf_main_softc_t *, void *);
108	void	(* apr_fini)(ipf_main_softc_t *, void *);
109	int	(* apr_new)(void *, fr_info_t *, ap_session_t *,
110				 struct nat *);
111	void	(* apr_del)(ipf_main_softc_t *, ap_session_t *);
112	int	(* apr_inpkt)(void *, fr_info_t *, ap_session_t *,
113				   struct nat *);
114	int	(* apr_outpkt)(void *, fr_info_t *, ap_session_t *,
115				    struct nat *);
116	int	(* apr_match)(fr_info_t *, ap_session_t *, struct nat *);
117	int	(* apr_ctl)(ipf_main_softc_t *, void *, ap_ctl_t *);
118	int	(* apr_clear)(struct aproxy *);
119	int	(* apr_flush)(struct aproxy *, int);
120	void	*apr_soft;
121} aproxy_t;
122
123#define	APR_DELETE	1
124
125#define	APR_ERR(x)	((x) << 16)
126#define	APR_EXIT(x)	(((x) >> 16) & 0xffff)
127#define	APR_INC(x)	((x) & 0xffff)
128
129
130#ifdef _KERNEL
131/*
132 * Generic #define's to cover missing things in the kernel
133 */
134# ifndef isdigit
135#  define isdigit(x)	((x) >= '0' && (x) <= '9')
136# endif
137# ifndef isupper
138#  define isupper(x)	(((unsigned)(x) >= 'A') && ((unsigned)(x) <= 'Z'))
139# endif
140# ifndef islower
141#  define islower(x)	(((unsigned)(x) >= 'a') && ((unsigned)(x) <= 'z'))
142# endif
143# ifndef isalpha
144#  define isalpha(x)	(isupper(x) || islower(x))
145# endif
146# ifndef toupper
147#  define toupper(x)	(isupper(x) ? (x) : (x) - 'a' + 'A')
148# endif
149# ifndef isspace
150#  define isspace(x)	(((x) == ' ') || ((x) == '\r') || ((x) == '\n') || \
151			 ((x) == '\t') || ((x) == '\b'))
152# endif
153#endif /* _KERNEL */
154
155/*
156 * For the ftp proxy.
157 */
158#define	FTP_BUFSZ	160
159#define	IPF_FTPBUFSZ	160
160
161typedef struct  ftpside {
162	char	*ftps_rptr;
163	char	*ftps_wptr;
164	void	*ftps_ifp;
165	u_32_t	ftps_seq[2];
166	u_32_t	ftps_len;
167	int	ftps_junk;
168	int	ftps_cmds;
169	int	ftps_cmd;
170	char	ftps_buf[FTP_BUFSZ];
171} ftpside_t;
172
173typedef struct  ftpinfo {
174	int 	  	ftp_passok;
175	int		ftp_incok;
176	void		*ftp_pendstate;
177	nat_t		*ftp_pendnat;
178	ftpside_t	ftp_side[2];
179} ftpinfo_t;
180
181
182/*
183 * IPsec proxy
184 */
185typedef u_32_t		ipsec_cookie_t[2];
186
187typedef struct ipsec_pxy {
188	ipsec_cookie_t	ipsc_icookie;
189	ipsec_cookie_t	ipsc_rcookie;
190	int		ipsc_rckset;
191	nat_t		*ipsc_nat;
192	struct ipstate	*ipsc_state;
193	ipnat_t		*ipsc_rule;
194} ipsec_pxy_t;
195
196
197/*
198 * For the irc proxy.
199 */
200typedef	struct	ircinfo {
201	size_t	irc_len;
202	char	*irc_snick;
203	char	*irc_dnick;
204	char	*irc_type;
205	char	*irc_arg;
206	char	*irc_addr;
207	u_32_t	irc_ipnum;
208	u_short	irc_port;
209} ircinfo_t;
210
211
212/*
213 * For the DNS "proxy"
214 */
215typedef struct dnsinfo {
216	ipfmutex_t	dnsi_lock;
217	u_short		dnsi_id;
218	char		dnsi_buffer[512];
219} dnsinfo_t;
220
221
222/*
223 * Real audio proxy structure and #defines
224 */
225typedef	struct	raudio_s {
226	int	rap_seenpna;
227	int	rap_seenver;
228	int	rap_version;
229	int	rap_eos;	/* End Of Startup */
230	int	rap_gotid;
231	int	rap_gotlen;
232	int	rap_mode;
233	int	rap_sdone;
234	u_short	rap_plport;
235	u_short	rap_prport;
236	u_short	rap_srport;
237	char	rap_svr[19];
238	u_32_t	rap_sbf;	/* flag to indicate which of the 19 bytes have
239				 * been filled
240				 */
241	u_32_t	rap_sseq;
242} raudio_t;
243
244#define	RA_ID_END	0
245#define	RA_ID_UDP	1
246#define	RA_ID_ROBUST	7
247
248#define	RAP_M_UDP	1
249#define	RAP_M_ROBUST	2
250#define	RAP_M_TCP	4
251#define	RAP_M_UDP_ROBUST	(RAP_M_UDP|RAP_M_ROBUST)
252
253
254/*
255 * MSN RPC proxy
256 */
257typedef	struct	msnrpcinfo	{
258	u_int		mri_flags;
259	int		mri_cmd[2];
260	u_int		mri_valid;
261	struct	in_addr	mri_raddr;
262	u_short		mri_rport;
263} msnrpcinfo_t;
264
265
266/*
267 * Sun RPCBIND proxy
268 */
269#define RPCB_MAXMSG	888
270#define RPCB_RES_PMAP	0	/* Response contains a v2 port. */
271#define RPCB_RES_STRING	1	/* " " " v3 (GETADDR) string. */
272#define RPCB_RES_LIST	2	/* " " " v4 (GETADDRLIST) list. */
273#define RPCB_MAXREQS	32	/* Arbitrary limit on tracked transactions */
274
275#define RPCB_REQMIN	40
276#define RPCB_REQMAX	888
277#define RPCB_REPMIN	20
278#define	RPCB_REPMAX	604	/* XXX double check this! */
279
280/*
281 * These macros determine the number of bytes between p and the end of
282 * r->rs_buf relative to l.
283 */
284#define RPCB_BUF_END(r) (char *)((r)->rm_msgbuf + (r)->rm_buflen)
285#define RPCB_BUF_GEQ(r, p, l)   \
286	((RPCB_BUF_END((r)) > (char *)(p)) &&           \
287	 ((RPCB_BUF_END((r)) - (char *)(p)) >= (l)))
288#define	RPCB_BUF_EQ(r, p, l)                            \
289	(RPCB_BUF_END((r)) == ((char *)(p) + (l)))
290
291/*
292 * The following correspond to RPC(B) detailed in RFC183[13].
293 */
294#define RPCB_CALL		0
295#define RPCB_REPLY		1
296#define RPCB_MSG_VERSION	2
297#define RPCB_PROG		100000
298#define RPCB_GETPORT		3
299#define RPCB_GETADDR		3
300#define RPCB_GETADDRLIST	11
301#define RPCB_MSG_ACCEPTED	0
302#define RPCB_MSG_DENIED		1
303
304/* BEGIN (Generic XDR structures) */
305typedef struct xdr_string {
306	u_32_t	*xs_len;
307	char	*xs_str;
308} xdr_string_t;
309
310typedef struct xdr_auth {
311	/* u_32_t	xa_flavor; */
312	xdr_string_t	xa_string;
313} xdr_auth_t;
314
315typedef struct xdr_uaddr {
316	u_32_t		xu_ip;
317	u_short         xu_port;
318	xdr_string_t	xu_str;
319} xdr_uaddr_t;
320
321typedef	struct xdr_proto {
322	u_int		xp_proto;
323	xdr_string_t	xp_str;
324} xdr_proto_t;
325
326#define xu_xslen	xu_str.xs_len
327#define xu_xsstr	xu_str.xs_str
328#define	xp_xslen	xp_str.xs_len
329#define xp_xsstr	xp_str.xs_str
330/* END (Generic XDR structures) */
331
332/* BEGIN (RPC call structures) */
333typedef struct pmap_args {
334	/* u_32_t	pa_prog; */
335	/* u_32_t	pa_vers; */
336	u_32_t		*pa_prot;
337	/* u_32_t	pa_port; */
338} pmap_args_t;
339
340typedef struct rpcb_args {
341	/* u_32_t	*ra_prog; */
342	/* u_32_t	*ra_vers; */
343	xdr_proto_t	ra_netid;
344	xdr_uaddr_t	ra_maddr;
345	/* xdr_string_t	ra_owner; */
346} rpcb_args_t;
347
348typedef struct rpc_call {
349	/* u_32_t	rc_rpcvers; */
350	/* u_32_t	rc_prog; */
351	u_32_t	*rc_vers;
352	u_32_t	*rc_proc;
353	xdr_auth_t	rc_authcred;
354	xdr_auth_t	rc_authverf;
355	union {
356		pmap_args_t	ra_pmapargs;
357		rpcb_args_t	ra_rpcbargs;
358	} rpcb_args;
359} rpc_call_t;
360
361#define	rc_pmapargs	rpcb_args.ra_pmapargs
362#define rc_rpcbargs	rpcb_args.ra_rpcbargs
363/* END (RPC call structures) */
364
365/* BEGIN (RPC reply structures) */
366typedef struct rpcb_entry {
367	xdr_uaddr_t	re_maddr;
368	xdr_proto_t	re_netid;
369	/* u_32_t	re_semantics; */
370	xdr_string_t	re_family;
371	xdr_proto_t	re_proto;
372	u_32_t		*re_more; /* 1 == another entry follows */
373} rpcb_entry_t;
374
375typedef struct rpcb_listp {
376	u_32_t		*rl_list; /* 1 == list follows */
377	int		rl_cnt;
378	rpcb_entry_t	rl_entries[2]; /* TCP / UDP only */
379} rpcb_listp_t;
380
381typedef struct rpc_resp {
382	/* u_32_t	rr_acceptdeny; */
383	/* Omitted 'message denied' fork; we don't care about rejects. */
384	xdr_auth_t	rr_authverf;
385	/* u_32_t		*rr_astat;	*/
386	union {
387		u_32_t		*resp_pmap;
388		xdr_uaddr_t	resp_getaddr;
389		rpcb_listp_t	resp_getaddrlist;
390	} rpcb_reply;
391} rpc_resp_t;
392
393#define	rr_v2	rpcb_reply.resp_pmap
394#define rr_v3	rpcb_reply.resp_getaddr
395#define	rr_v4	rpcb_reply.resp_getaddrlist
396/* END (RPC reply structures) */
397
398/* BEGIN (RPC message structure & macros) */
399typedef struct rpc_msg {
400	char	rm_msgbuf[RPCB_MAXMSG];	/* RPCB data buffer */
401	u_int	rm_buflen;
402	u_32_t	*rm_xid;
403	/* u_32_t Call vs Reply */
404	union {
405		rpc_call_t	rb_call;
406		rpc_resp_t	rb_resp;
407	} rm_body;
408} rpc_msg_t;
409
410#define rm_call		rm_body.rb_call
411#define rm_resp		rm_body.rb_resp
412/* END (RPC message structure & macros) */
413
414/*
415 * These code paths aren't hot enough to warrant per transaction
416 * mutexes.
417 */
418typedef struct rpcb_xact {
419	struct	rpcb_xact	*rx_next;
420	struct	rpcb_xact	**rx_pnext;
421	u_32_t	rx_xid;		/* RPC transmission ID */
422	u_int	rx_type;	/* RPCB response type */
423	u_int	rx_ref;         /* reference count */
424	u_int	rx_proto;	/* transport protocol (v2 only) */
425} rpcb_xact_t;
426
427typedef struct rpcb_session {
428	ipfmutex_t	rs_rxlock;
429	rpcb_xact_t	*rs_rxlist;
430} rpcb_session_t;
431
432/*
433 * For an explanation, please see the following:
434 *   RFC1832 - Sections 3.11, 4.4, and 4.5.
435 */
436#define XDRALIGN(x)	((((x) % 4) != 0) ? ((((x) + 3) / 4) * 4) : (x))
437
438extern	int	ipf_proxy_add(void *, aproxy_t *);
439extern	int	ipf_proxy_check(fr_info_t *, struct nat *);
440extern	int	ipf_proxy_ctl(ipf_main_softc_t *, void *, ap_ctl_t *);
441extern	int	ipf_proxy_del(aproxy_t *);
442extern	void	ipf_proxy_deref(aproxy_t *);
443extern	void	ipf_proxy_flush(void *, int);
444extern	int	ipf_proxy_init(void);
445extern	int	ipf_proxy_ioctl(ipf_main_softc_t *, caddr_t, ioctlcmd_t, int, void *);
446extern	aproxy_t	*ipf_proxy_lookup(void *, u_int, char *);
447extern	int	ipf_proxy_match(fr_info_t *, struct nat *);
448extern	int	ipf_proxy_new(fr_info_t *, struct nat *);
449extern	int	ipf_proxy_ok(fr_info_t *, tcphdr_t *, struct ipnat *);
450extern	void	ipf_proxy_free(ipf_main_softc_t *, ap_session_t *);
451extern	int	ipf_proxy_main_load(void);
452extern	int	ipf_proxy_main_unload(void);
453extern	ipnat_t	*ipf_proxy_rule_fwd(nat_t *);
454extern	ipnat_t	*ipf_proxy_rule_rev(nat_t *);
455extern	void	*ipf_proxy_soft_create(ipf_main_softc_t *);
456extern	void	ipf_proxy_soft_destroy(ipf_main_softc_t *, void *);
457extern	int	ipf_proxy_soft_init(ipf_main_softc_t *, void *);
458extern	int	ipf_proxy_soft_fini(ipf_main_softc_t *, void *);
459
460#endif /* __IP_PROXY_H__ */
461