xref: /illumos-gate/usr/src/uts/common/inet/ipf/ip_compat.c (revision 9b9d39d2a32ff806d2431dbcc50968ef1e6d46b2) 
1 /*
2  * Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
3  * Use is subject to license terms.
4  */
5 
6 #if defined(KERNEL) || defined(_KERNEL)
7 # undef KERNEL
8 # undef _KERNEL
9 # define        KERNEL	1
10 # define        _KERNEL	1
11 #endif
12 #include <sys/errno.h>
13 #include <sys/types.h>
14 #include <sys/param.h>
15 #include <sys/time.h>
16 #if defined(__NetBSD__)
17 # if (NetBSD >= 199905) && !defined(IPFILTER_LKM) && defined(_KERNEL)
18 #  include "opt_ipfilter_log.h"
19 # endif
20 #endif
21 #if defined(_KERNEL) && defined(__FreeBSD_version) && \
22     (__FreeBSD_version >= 220000)
23 # if (__FreeBSD_version >= 400000)
24 #  if !defined(IPFILTER_LKM)
25 #   include "opt_inet6.h"
26 #  endif
27 #  if (__FreeBSD_version == 400019)
28 #   define CSUM_DELAY_DATA
29 #  endif
30 # endif
31 # include <sys/filio.h>
32 #else
33 # include <sys/ioctl.h>
34 #endif
35 #if !defined(_AIX51)
36 # include <sys/fcntl.h>
37 #endif
38 #if defined(_KERNEL)
39 # include <sys/systm.h>
40 # include <sys/file.h>
41 #else
42 # include <stdio.h>
43 # include <string.h>
44 # include <stdlib.h>
45 # include <stddef.h>
46 # include <sys/file.h>
47 # define _KERNEL
48 # ifdef __OpenBSD__
49 struct file;
50 # endif
51 # include <sys/uio.h>
52 # undef _KERNEL
53 #endif
54 #if !defined(__SVR4) && !defined(__svr4__) && !defined(__hpux) && \
55     !defined(linux)
56 # include <sys/mbuf.h>
57 #else
58 # if !defined(linux)
59 #  include <sys/byteorder.h>
60 # endif
61 # if (SOLARIS2 < 5) && defined(sun)
62 #  include <sys/dditypes.h>
63 # endif
64 #endif
65 #ifdef __hpux
66 # define _NET_ROUTE_INCLUDED
67 #endif
68 #if !defined(linux)
69 # include <sys/protosw.h>
70 #endif
71 #include <sys/socket.h>
72 #include <net/if.h>
73 #ifdef sun
74 # include <net/af.h>
75 #endif
76 #if !defined(_KERNEL) && defined(__FreeBSD__)
77 # include "radix_ipf.h"
78 #endif
79 #include <net/route.h>
80 #include <netinet/in.h>
81 #include <netinet/in_systm.h>
82 #include <netinet/ip.h>
83 #if !defined(linux)
84 # include <netinet/ip_var.h>
85 #endif
86 #if defined(__sgi) && defined(IFF_DRVRLOCK) /* IRIX 6 */
87 # include <sys/hashing.h>
88 # include <netinet/in_var.h>
89 #endif
90 #include <netinet/tcp.h>
91 #if (!defined(__sgi) && !defined(AIX)) || defined(_KERNEL)
92 # include <netinet/udp.h>
93 # include <netinet/ip_icmp.h>
94 #endif
95 #ifdef __hpux
96 # undef _NET_ROUTE_INCLUDED
97 #endif
98 #include "netinet/ip_compat.h"
99 #ifdef	USE_INET6
100 # include <netinet/icmp6.h>
101 # if !defined(SOLARIS) && defined(_KERNEL) && !defined(__osf__) && \
102 	!defined(__hpux)
103 #  include <netinet6/in6_var.h>
104 # endif
105 #endif
106 #include <netinet/tcpip.h>
107 #include "netinet/ip_fil.h"
108 #include "netinet/ip_nat.h"
109 #include "netinet/ip_frag.h"
110 #include "netinet/ip_state.h"
111 #include "netinet/ip_proxy.h"
112 #include "netinet/ip_auth.h"
113 #include "netinet/ipf_stack.h"
114 #ifdef IPFILTER_SCAN
115 # include "netinet/ip_scan.h"
116 #endif
117 #ifdef IPFILTER_SYNC
118 # include "netinet/ip_sync.h"
119 #endif
120 #include "netinet/ip_pool.h"
121 #include "netinet/ip_htable.h"
122 #ifdef IPFILTER_COMPILED
123 # include "netinet/ip_rules.h"
124 #endif
125 #if defined(IPFILTER_BPF) && defined(_KERNEL)
126 # include <net/bpf.h>
127 #endif
128 #if defined(__FreeBSD_version) && (__FreeBSD_version >= 300000)
129 # include <sys/malloc.h>
130 # if defined(_KERNEL) && !defined(IPFILTER_LKM)
131 #  include "opt_ipfilter.h"
132 # endif
133 #endif
134 #include "netinet/ipl.h"
135 /* END OF INCLUDES */
136 
137 #ifdef IPFILTER_COMPAT
138 
139 # define	IPFILTER_VERSION_4010900	4010900
140 
141 struct nat_4010900 {
142 	ipfmutex_t	nat_lock;
143 	struct	nat	*nat_next;
144 	struct	nat	**nat_pnext;
145 	struct	nat	*nat_hnext[2];
146 	struct	nat	**nat_phnext[2];
147 	struct	hostmap	*nat_hm;
148 	void		*nat_data;
149 	struct	nat	**nat_me;
150 	struct	ipstate	*nat_state;
151 	struct	ap_session	*nat_aps;		/* proxy session */
152 	frentry_t	*nat_fr;	/* filter rule ptr if appropriate */
153 	struct	ipnat	*nat_ptr;	/* pointer back to the rule */
154 	void		*nat_ifps[2];
155 	void		*nat_sync;
156 	ipftqent_t	nat_tqe;
157 	u_32_t		nat_flags;
158 	u_32_t		nat_sumd[2];	/* ip checksum delta for data segment */
159 	u_32_t		nat_ipsumd;	/* ip checksum delta for ip header */
160 	u_32_t		nat_mssclamp;	/* if != zero clamp MSS to this */
161 	i6addr_t	nat_inip6;
162 	i6addr_t	nat_outip6;
163 	i6addr_t	nat_oip6;		/* other ip */
164 	U_QUAD_T	nat_pkts[2];
165 	U_QUAD_T	nat_bytes[2];
166 	union	{
167 		udpinfo_t	nat_unu;
168 		tcpinfo_t	nat_unt;
169 		icmpinfo_t	nat_uni;
170 		greinfo_t	nat_ugre;
171 	} nat_un;
172 	u_short		nat_oport;		/* other port */
173 	u_short		nat_use;
174 	u_char		nat_p;			/* protocol for NAT */
175 	int		nat_dir;
176 	int		nat_ref;		/* reference count */
177 	int		nat_hv[2];
178 	char		nat_ifnames[2][LIFNAMSIZ];
179 	int		nat_rev;		/* 0 = forward, 1 = reverse */
180 	int		nat_redir;
181 };
182 
183 struct  nat_save_4010900    {
184 	void	*ipn_next;
185 	struct	nat_4010900	ipn_nat;
186 	struct	ipnat		ipn_ipnat;
187 	struct	frentry		ipn_fr;
188 	int			ipn_dsize;
189 	char			ipn_data[4];
190 };
191 
192 struct natlookup_4010900 {
193 	struct	in_addr	nlc_inip;
194 	struct	in_addr	nlc_outip;
195 	struct	in_addr	nlc_realip;
196 	int		nlc_flags;
197 	u_short		nlc_inport;
198 	u_short		nlc_outport;
199 	u_short		nlc_realport;
200 };
201 
202 
203 /* ------------------------------------------------------------------------ */
204 /* Function:    fr_incomptrans                                              */
205 /* Returns:     int     - 0 = success, else failure                         */
206 /* Parameters:  obj(I) - pointer to ioctl data                              */
207 /*              ptr(I)  - pointer to store real data in                     */
208 /*                                                                          */
209 /* Translate the copied in ipfobj_t to new for backward compatibility at    */
210 /* the ABI for user land.                                                   */
211 /* ------------------------------------------------------------------------ */
212 int fr_incomptrans(obj, ptr)
213 ipfobj_t *obj;
214 void *ptr;
215 {
216 	int error;
217 	natlookup_t *nlp;
218 	nat_save_t *nsp;
219 	struct nat_save_4010900 nsc;
220 	struct natlookup_4010900 nlc;
221 
222 	switch (obj->ipfo_type)
223 	{
224 	case IPFOBJ_NATLOOKUP :
225 		if ((obj->ipfo_rev != IPFILTER_VERSION_4010900) ||
226 		    (obj->ipfo_size != sizeof (nlc)))
227 			return EINVAL;
228 		error = COPYIN((caddr_t)obj->ipfo_ptr, (caddr_t)&nlc,
229 				obj->ipfo_size);
230 		if (!error) {
231 			nlp = (natlookup_t *)ptr;
232 			bzero((char *)nlp, sizeof (*nlp));
233 			nlp->nl_inip = nlc.nlc_inip;
234 			nlp->nl_outip = nlc.nlc_outip;
235 			nlp->nl_inport = nlc.nlc_inport;
236 			nlp->nl_outport = nlc.nlc_outport;
237 			nlp->nl_flags = nlc.nlc_flags;
238 			nlp->nl_v = 4;
239 		}
240 		break;
241 	case IPFOBJ_NATSAVE :
242 		if ((obj->ipfo_rev != IPFILTER_VERSION_4010900) ||
243 		    (obj->ipfo_size != sizeof (nsc)))
244 			return EINVAL;
245 		error = COPYIN((caddr_t)obj->ipfo_ptr, (caddr_t)&nsc,
246 				obj->ipfo_size);
247 		if (!error) {
248 			nsp = (nat_save_t *)ptr;
249 			bzero((char *)nsp, sizeof (*nsp));
250 			nsp->ipn_next = nsc.ipn_next;
251 			nsp->ipn_dsize = nsc.ipn_dsize;
252 			nsp->ipn_nat.nat_inip = nsc.ipn_nat.nat_inip;
253 			nsp->ipn_nat.nat_outip = nsc.ipn_nat.nat_outip;
254 			nsp->ipn_nat.nat_oip = nsc.ipn_nat.nat_oip;
255 			nsp->ipn_nat.nat_inport = nsc.ipn_nat.nat_inport;
256 			nsp->ipn_nat.nat_outport = nsc.ipn_nat.nat_outport;
257 			nsp->ipn_nat.nat_oport = nsc.ipn_nat.nat_oport;
258 			nsp->ipn_nat.nat_flags = nsc.ipn_nat.nat_flags;
259 			nsp->ipn_nat.nat_v = 4;
260 		}
261 		break;
262 	default :
263 		return EINVAL;
264 	}
265 	return error;
266 }
267 
268 /* ------------------------------------------------------------------------ */
269 /* Function:    fr_outcomptrans                                             */
270 /* Returns:     int     - 0 = success, else failure                         */
271 /* Parameters:  obj(I) - pointer to ioctl data                              */
272 /*              ptr(I)  - pointer to store real data in                     */
273 /*                                                                          */
274 /* Translate the copied out ipfobj_t to new definition for backward         */
275 /* compatibility at the ABI for user land.                                  */
276 /* ------------------------------------------------------------------------ */
277 int fr_outcomptrans(obj, ptr)
278 ipfobj_t *obj;
279 void *ptr;
280 {
281 	int error;
282 	natlookup_t *nlp;
283 	struct natlookup_4010900 nlc;
284 
285 	switch (obj->ipfo_type)
286 	{
287 	case IPFOBJ_NATLOOKUP :
288 		if ((obj->ipfo_rev != IPFILTER_VERSION_4010900) ||
289 		    (obj->ipfo_size != sizeof (nlc)))
290 			return EINVAL;
291 		bzero((char *)&nlc, sizeof (nlc));
292 		nlp = (natlookup_t *)ptr;
293 		nlc.nlc_inip = nlp->nl_inip;
294 		nlc.nlc_outip = nlp->nl_outip;
295 		nlc.nlc_realip = nlp->nl_realip;
296 		nlc.nlc_inport = nlp->nl_inport;
297 		nlc.nlc_outport = nlp->nl_outport;
298 		nlc.nlc_realport = nlp->nl_realport;
299 		nlc.nlc_flags = nlp->nl_flags;
300 		error = COPYOUT((caddr_t)&nlc, (caddr_t)obj->ipfo_ptr,
301 				obj->ipfo_size);
302 		break;
303 	default :
304 		return EINVAL;
305 	}
306 	return error;
307 }
308 
309 #endif /* IPFILTER_COMPAT */
310