1 2 /* 3 * Copyright (C) 2012 by Darren Reed. 4 * 5 * See the IPFILTER.LICENCE file for details on licencing. 6 * Id: ip_proxy.h,v 2.31.2.2 2005/03/12 19:33:48 darrenr Exp 7 */ 8 9 #ifndef __IP_PROXY_H__ 10 #define __IP_PROXY_H__ 11 12 #ifndef SOLARIS 13 # if defined(sun) && defined(__SVR4) 14 # define SOLARIS 1 15 # else 16 # define SOLARIS 0 17 # endif 18 #endif 19 20 #define SIOCPROXY _IOWR('r', 64, struct ap_control) 21 22 #ifndef APR_LABELLEN 23 #define APR_LABELLEN 16 24 #endif 25 #define AP_SESS_SIZE 53 26 27 struct nat; 28 struct ipnat; 29 struct ipstate; 30 31 typedef struct ap_tcp { 32 u_short apt_sport; /* source port */ 33 u_short apt_dport; /* destination port */ 34 short apt_sel[2]; /* {seq,ack}{off,min} set selector */ 35 short apt_seqoff[2]; /* sequence # difference */ 36 u_32_t apt_seqmin[2]; /* don't change seq-off until after this */ 37 short apt_ackoff[2]; /* sequence # difference */ 38 u_32_t apt_ackmin[2]; /* don't change seq-off until after this */ 39 u_char apt_state[2]; /* connection state */ 40 } ap_tcp_t; 41 42 typedef struct ap_udp { 43 u_short apu_sport; /* source port */ 44 u_short apu_dport; /* destination port */ 45 } ap_udp_t; 46 47 typedef struct ap_session { 48 struct aproxy *aps_apr; 49 union { 50 struct ap_tcp apu_tcp; 51 struct ap_udp apu_udp; 52 } aps_un; 53 U_QUAD_T aps_bytes; /* bytes sent */ 54 U_QUAD_T aps_pkts; /* packets sent */ 55 void *aps_nat; /* pointer back to nat struct */ 56 void *aps_data; /* private data */ 57 int aps_psiz; /* size of private data */ 58 struct ap_session *aps_next; 59 } ap_session_t; 60 61 #define aps_sport aps_un.apu_tcp.apt_sport 62 #define aps_dport aps_un.apu_tcp.apt_dport 63 #define aps_sel aps_un.apu_tcp.apt_sel 64 #define aps_seqoff aps_un.apu_tcp.apt_seqoff 65 #define aps_seqmin aps_un.apu_tcp.apt_seqmin 66 #define aps_state aps_un.apu_tcp.apt_state 67 #define aps_ackoff aps_un.apu_tcp.apt_ackoff 68 #define aps_ackmin aps_un.apu_tcp.apt_ackmin 69 70 71 typedef struct ap_control { 72 char apc_label[APR_LABELLEN]; 73 char apc_config[APR_LABELLEN]; 74 u_char apc_p; 75 /* 76 * The following fields are upto the proxy's apr_ctl routine to deal 77 * with. When the proxy gets this in kernel space, apc_data will 78 * point to a malloc'd region of memory of apc_dsize bytes. If the 79 * proxy wants to keep that memory, it must set apc_data to NULL 80 * before it returns. It is expected if this happens that it will 81 * take care to free it in apr_fini or otherwise as appropriate. 82 * apc_cmd is provided as a standard place to put simple commands, 83 * with apc_arg being available to put a simple arg. 84 */ 85 u_long apc_cmd; 86 u_long apc_arg; 87 void *apc_data; 88 size_t apc_dsize; 89 } ap_ctl_t; 90 91 #define APC_CMD_ADD 0 92 #define APC_CMD_DEL 1 93 94 95 typedef struct aproxy { 96 struct aproxy *apr_next; 97 struct aproxy *apr_parent; 98 char apr_label[APR_LABELLEN]; /* Proxy label # */ 99 u_char apr_p; /* protocol */ 100 int apr_flags; 101 int apr_ref; 102 int apr_clones; 103 void (* apr_load)(void); 104 void (* apr_unload)(void); 105 void *(* apr_create)(ipf_main_softc_t *); 106 void (* apr_destroy)(ipf_main_softc_t *, void *); 107 int (* apr_init)(ipf_main_softc_t *, void *); 108 void (* apr_fini)(ipf_main_softc_t *, void *); 109 int (* apr_new)(void *, fr_info_t *, ap_session_t *, 110 struct nat *); 111 void (* apr_del)(ipf_main_softc_t *, ap_session_t *); 112 int (* apr_inpkt)(void *, fr_info_t *, ap_session_t *, 113 struct nat *); 114 int (* apr_outpkt)(void *, fr_info_t *, ap_session_t *, 115 struct nat *); 116 int (* apr_match)(fr_info_t *, ap_session_t *, struct nat *); 117 int (* apr_ctl)(ipf_main_softc_t *, void *, ap_ctl_t *); 118 int (* apr_clear)(struct aproxy *); 119 int (* apr_flush)(struct aproxy *, int); 120 void *apr_soft; 121 } aproxy_t; 122 123 #define APR_DELETE 1 124 125 #define APR_ERR(x) ((x) << 16) 126 #define APR_EXIT(x) (((x) >> 16) & 0xffff) 127 #define APR_INC(x) ((x) & 0xffff) 128 129 130 #ifdef _KERNEL 131 /* 132 * Generic #define's to cover missing things in the kernel 133 */ 134 # ifndef isdigit 135 # define isdigit(x) ((x) >= '0' && (x) <= '9') 136 # endif 137 # ifndef isupper 138 # define isupper(x) (((unsigned)(x) >= 'A') && ((unsigned)(x) <= 'Z')) 139 # endif 140 # ifndef islower 141 # define islower(x) (((unsigned)(x) >= 'a') && ((unsigned)(x) <= 'z')) 142 # endif 143 # ifndef isalpha 144 # define isalpha(x) (isupper(x) || islower(x)) 145 # endif 146 # ifndef toupper 147 # define toupper(x) (isupper(x) ? (x) : (x) - 'a' + 'A') 148 # endif 149 # ifndef isspace 150 # define isspace(x) (((x) == ' ') || ((x) == '\r') || ((x) == '\n') || \ 151 ((x) == '\t') || ((x) == '\b')) 152 # endif 153 #endif /* _KERNEL */ 154 155 /* 156 * For the ftp proxy. 157 */ 158 #define FTP_BUFSZ 160 159 #define IPF_FTPBUFSZ 160 160 161 typedef struct ftpside { 162 char *ftps_rptr; 163 char *ftps_wptr; 164 void *ftps_ifp; 165 u_32_t ftps_seq[2]; 166 u_32_t ftps_len; 167 int ftps_junk; 168 int ftps_cmds; 169 int ftps_cmd; 170 char ftps_buf[FTP_BUFSZ]; 171 } ftpside_t; 172 173 typedef struct ftpinfo { 174 int ftp_passok; 175 int ftp_incok; 176 void *ftp_pendstate; 177 nat_t *ftp_pendnat; 178 ftpside_t ftp_side[2]; 179 } ftpinfo_t; 180 181 182 /* 183 * IPsec proxy 184 */ 185 typedef u_32_t ipsec_cookie_t[2]; 186 187 typedef struct ipsec_pxy { 188 ipsec_cookie_t ipsc_icookie; 189 ipsec_cookie_t ipsc_rcookie; 190 int ipsc_rckset; 191 nat_t *ipsc_nat; 192 struct ipstate *ipsc_state; 193 ipnat_t *ipsc_rule; 194 } ipsec_pxy_t; 195 196 197 /* 198 * For the irc proxy. 199 */ 200 typedef struct ircinfo { 201 size_t irc_len; 202 char *irc_snick; 203 char *irc_dnick; 204 char *irc_type; 205 char *irc_arg; 206 char *irc_addr; 207 u_32_t irc_ipnum; 208 u_short irc_port; 209 } ircinfo_t; 210 211 212 /* 213 * For the DNS "proxy" 214 */ 215 typedef struct dnsinfo { 216 ipfmutex_t dnsi_lock; 217 u_short dnsi_id; 218 char dnsi_buffer[512]; 219 } dnsinfo_t; 220 221 222 /* 223 * Real audio proxy structure and #defines 224 */ 225 typedef struct raudio_s { 226 int rap_seenpna; 227 int rap_seenver; 228 int rap_version; 229 int rap_eos; /* End Of Startup */ 230 int rap_gotid; 231 int rap_gotlen; 232 int rap_mode; 233 int rap_sdone; 234 u_short rap_plport; 235 u_short rap_prport; 236 u_short rap_srport; 237 char rap_svr[19]; 238 u_32_t rap_sbf; /* flag to indicate which of the 19 bytes have 239 * been filled 240 */ 241 u_32_t rap_sseq; 242 } raudio_t; 243 244 #define RA_ID_END 0 245 #define RA_ID_UDP 1 246 #define RA_ID_ROBUST 7 247 248 #define RAP_M_UDP 1 249 #define RAP_M_ROBUST 2 250 #define RAP_M_TCP 4 251 #define RAP_M_UDP_ROBUST (RAP_M_UDP|RAP_M_ROBUST) 252 253 254 /* 255 * MSN RPC proxy 256 */ 257 typedef struct msnrpcinfo { 258 u_int mri_flags; 259 int mri_cmd[2]; 260 u_int mri_valid; 261 struct in_addr mri_raddr; 262 u_short mri_rport; 263 } msnrpcinfo_t; 264 265 266 /* 267 * Sun RPCBIND proxy 268 */ 269 #define RPCB_MAXMSG 888 270 #define RPCB_RES_PMAP 0 /* Response contains a v2 port. */ 271 #define RPCB_RES_STRING 1 /* " " " v3 (GETADDR) string. */ 272 #define RPCB_RES_LIST 2 /* " " " v4 (GETADDRLIST) list. */ 273 #define RPCB_MAXREQS 32 /* Arbitrary limit on tracked transactions */ 274 275 #define RPCB_REQMIN 40 276 #define RPCB_REQMAX 888 277 #define RPCB_REPMIN 20 278 #define RPCB_REPMAX 604 /* XXX double check this! */ 279 280 /* 281 * These macros determine the number of bytes between p and the end of 282 * r->rs_buf relative to l. 283 */ 284 #define RPCB_BUF_END(r) (char *)((r)->rm_msgbuf + (r)->rm_buflen) 285 #define RPCB_BUF_GEQ(r, p, l) \ 286 ((RPCB_BUF_END((r)) > (char *)(p)) && \ 287 ((RPCB_BUF_END((r)) - (char *)(p)) >= (l))) 288 #define RPCB_BUF_EQ(r, p, l) \ 289 (RPCB_BUF_END((r)) == ((char *)(p) + (l))) 290 291 /* 292 * The following correspond to RPC(B) detailed in RFC183[13]. 293 */ 294 #define RPCB_CALL 0 295 #define RPCB_REPLY 1 296 #define RPCB_MSG_VERSION 2 297 #define RPCB_PROG 100000 298 #define RPCB_GETPORT 3 299 #define RPCB_GETADDR 3 300 #define RPCB_GETADDRLIST 11 301 #define RPCB_MSG_ACCEPTED 0 302 #define RPCB_MSG_DENIED 1 303 304 /* BEGIN (Generic XDR structures) */ 305 typedef struct xdr_string { 306 u_32_t *xs_len; 307 char *xs_str; 308 } xdr_string_t; 309 310 typedef struct xdr_auth { 311 /* u_32_t xa_flavor; */ 312 xdr_string_t xa_string; 313 } xdr_auth_t; 314 315 typedef struct xdr_uaddr { 316 u_32_t xu_ip; 317 u_short xu_port; 318 xdr_string_t xu_str; 319 } xdr_uaddr_t; 320 321 typedef struct xdr_proto { 322 u_int xp_proto; 323 xdr_string_t xp_str; 324 } xdr_proto_t; 325 326 #define xu_xslen xu_str.xs_len 327 #define xu_xsstr xu_str.xs_str 328 #define xp_xslen xp_str.xs_len 329 #define xp_xsstr xp_str.xs_str 330 /* END (Generic XDR structures) */ 331 332 /* BEGIN (RPC call structures) */ 333 typedef struct pmap_args { 334 /* u_32_t pa_prog; */ 335 /* u_32_t pa_vers; */ 336 u_32_t *pa_prot; 337 /* u_32_t pa_port; */ 338 } pmap_args_t; 339 340 typedef struct rpcb_args { 341 /* u_32_t *ra_prog; */ 342 /* u_32_t *ra_vers; */ 343 xdr_proto_t ra_netid; 344 xdr_uaddr_t ra_maddr; 345 /* xdr_string_t ra_owner; */ 346 } rpcb_args_t; 347 348 typedef struct rpc_call { 349 /* u_32_t rc_rpcvers; */ 350 /* u_32_t rc_prog; */ 351 u_32_t *rc_vers; 352 u_32_t *rc_proc; 353 xdr_auth_t rc_authcred; 354 xdr_auth_t rc_authverf; 355 union { 356 pmap_args_t ra_pmapargs; 357 rpcb_args_t ra_rpcbargs; 358 } rpcb_args; 359 } rpc_call_t; 360 361 #define rc_pmapargs rpcb_args.ra_pmapargs 362 #define rc_rpcbargs rpcb_args.ra_rpcbargs 363 /* END (RPC call structures) */ 364 365 /* BEGIN (RPC reply structures) */ 366 typedef struct rpcb_entry { 367 xdr_uaddr_t re_maddr; 368 xdr_proto_t re_netid; 369 /* u_32_t re_semantics; */ 370 xdr_string_t re_family; 371 xdr_proto_t re_proto; 372 u_32_t *re_more; /* 1 == another entry follows */ 373 } rpcb_entry_t; 374 375 typedef struct rpcb_listp { 376 u_32_t *rl_list; /* 1 == list follows */ 377 int rl_cnt; 378 rpcb_entry_t rl_entries[2]; /* TCP / UDP only */ 379 } rpcb_listp_t; 380 381 typedef struct rpc_resp { 382 /* u_32_t rr_acceptdeny; */ 383 /* Omitted 'message denied' fork; we don't care about rejects. */ 384 xdr_auth_t rr_authverf; 385 /* u_32_t *rr_astat; */ 386 union { 387 u_32_t *resp_pmap; 388 xdr_uaddr_t resp_getaddr; 389 rpcb_listp_t resp_getaddrlist; 390 } rpcb_reply; 391 } rpc_resp_t; 392 393 #define rr_v2 rpcb_reply.resp_pmap 394 #define rr_v3 rpcb_reply.resp_getaddr 395 #define rr_v4 rpcb_reply.resp_getaddrlist 396 /* END (RPC reply structures) */ 397 398 /* BEGIN (RPC message structure & macros) */ 399 typedef struct rpc_msg { 400 char rm_msgbuf[RPCB_MAXMSG]; /* RPCB data buffer */ 401 u_int rm_buflen; 402 u_32_t *rm_xid; 403 /* u_32_t Call vs Reply */ 404 union { 405 rpc_call_t rb_call; 406 rpc_resp_t rb_resp; 407 } rm_body; 408 } rpc_msg_t; 409 410 #define rm_call rm_body.rb_call 411 #define rm_resp rm_body.rb_resp 412 /* END (RPC message structure & macros) */ 413 414 /* 415 * These code paths aren't hot enough to warrant per transaction 416 * mutexes. 417 */ 418 typedef struct rpcb_xact { 419 struct rpcb_xact *rx_next; 420 struct rpcb_xact **rx_pnext; 421 u_32_t rx_xid; /* RPC transmission ID */ 422 u_int rx_type; /* RPCB response type */ 423 u_int rx_ref; /* reference count */ 424 u_int rx_proto; /* transport protocol (v2 only) */ 425 } rpcb_xact_t; 426 427 typedef struct rpcb_session { 428 ipfmutex_t rs_rxlock; 429 rpcb_xact_t *rs_rxlist; 430 } rpcb_session_t; 431 432 /* 433 * For an explanation, please see the following: 434 * RFC1832 - Sections 3.11, 4.4, and 4.5. 435 */ 436 #define XDRALIGN(x) ((((x) % 4) != 0) ? ((((x) + 3) / 4) * 4) : (x)) 437 438 extern int ipf_proxy_add(void *, aproxy_t *); 439 extern int ipf_proxy_check(fr_info_t *, struct nat *); 440 extern int ipf_proxy_ctl(ipf_main_softc_t *, void *, ap_ctl_t *); 441 extern int ipf_proxy_del(aproxy_t *); 442 extern void ipf_proxy_deref(aproxy_t *); 443 extern void ipf_proxy_flush(void *, int); 444 extern int ipf_proxy_init(void); 445 extern int ipf_proxy_ioctl(ipf_main_softc_t *, caddr_t, ioctlcmd_t, int, void *); 446 extern aproxy_t *ipf_proxy_lookup(void *, u_int, char *); 447 extern int ipf_proxy_match(fr_info_t *, struct nat *); 448 extern int ipf_proxy_new(fr_info_t *, struct nat *); 449 extern int ipf_proxy_ok(fr_info_t *, tcphdr_t *, struct ipnat *); 450 extern void ipf_proxy_free(ipf_main_softc_t *, ap_session_t *); 451 extern int ipf_proxy_main_load(void); 452 extern int ipf_proxy_main_unload(void); 453 extern ipnat_t *ipf_proxy_rule_fwd(nat_t *); 454 extern ipnat_t *ipf_proxy_rule_rev(nat_t *); 455 extern void *ipf_proxy_soft_create(ipf_main_softc_t *); 456 extern void ipf_proxy_soft_destroy(ipf_main_softc_t *, void *); 457 extern int ipf_proxy_soft_init(ipf_main_softc_t *, void *); 458 extern int ipf_proxy_soft_fini(ipf_main_softc_t *, void *); 459 460 #endif /* __IP_PROXY_H__ */ 461