96 int	client_parse(struct session *s);
97 int	client_parse_anon(struct session *s);
98 int	client_parse_cmd(struct session *s);
112 int	server_parse(struct session *s);
113 int	allow_data_connection(struct session *s);
133 	struct session *s = arg;  in client_error()  local
136 		logmsg(LOG_INFO, "#%d client close", s->id);  in client_error()
138 		logmsg(LOG_ERR, "#%d client reset connection", s->id);  in client_error()
140 		logmsg(LOG_ERR, "#%d client timeout", s->id);  in client_error()
142 		logmsg(LOG_ERR, "#%d client write error: %d", s->id, what);  in client_error()
144 		logmsg(LOG_ERR, "#%d abnormal client error: %d", s->id, what);  in client_error()
146 	end_session(s);  in client_error()
150 client_parse(struct session *s)  in client_parse()  argument
153 	s->cmd = CMD_NONE;  in client_parse()
154 	s->port = 0;  in client_parse()
162 		if (!client_parse_cmd(s))  in client_parse()
171 		if (s->cmd == CMD_PORT || s->cmd == CMD_EPRT)  in client_parse()
172 			return (allow_data_connection(s));  in client_parse()
176 		return (client_parse_anon(s));  in client_parse()
182 client_parse_anon(struct session *s)  in client_parse_anon()  argument
188 		logmsg(LOG_DEBUG, "#%d proxy: %s", s->id, linebuf);  in client_parse_anon()
192 		bufferevent_write(s->client_bufev, linebuf, linelen);  in client_parse_anon()
203 client_parse_cmd(struct session *s)  in client_parse_cmd()  argument
206 		s->cmd = CMD_PASV;  in client_parse_cmd()
208 		s->cmd = CMD_PORT;  in client_parse_cmd()
210 		s->cmd = CMD_EPSV;  in client_parse_cmd()
212 		s->cmd = CMD_EPRT;  in client_parse_cmd()
216 	if (ipv6_mode && (s->cmd == CMD_PASV || s->cmd == CMD_PORT)) {  in client_parse_cmd()
221 	if (s->cmd == CMD_PORT || s->cmd == CMD_EPRT) {  in client_parse_cmd()
222 		s->port = parse_port(s->cmd);  in client_parse_cmd()
223 		if (s->port < MIN_PORT) {  in client_parse_cmd()
224 			logmsg(LOG_CRIT, "#%d bad port in '%s'", s->id,  in client_parse_cmd()
228 		s->proxy_port = pick_proxy_port();  in client_parse_cmd()
229 		proxy_reply(s->cmd, sstosa(&s->proxy_ss), s->proxy_port);  in client_parse_cmd()
230 		logmsg(LOG_DEBUG, "#%d proxy: %s", s->id, linebuf);  in client_parse_cmd()
239 	struct session	*s = arg;  in client_read()  local
244 		buf_avail = sizeof s->cbuf - s->cbuf_valid;  in client_read()
245 		clientread = bufferevent_read(bufev, s->cbuf + s->cbuf_valid,  in client_read()
247 		s->cbuf_valid += clientread;  in client_read()
249 		while ((n = get_line(s->cbuf, &s->cbuf_valid)) > 0) {  in client_read()
250 			logmsg(LOG_DEBUG, "#%d client: %s", s->id, linebuf);  in client_read()
251 			if (!client_parse(s)) {  in client_read()
252 				end_session(s);  in client_read()
255 			bufferevent_write(s->server_bufev, linebuf, linelen);  in client_read()
260 			    " clean", s->id);  in client_read()
261 			end_session(s);  in client_read()
287 end_session(struct session *s)  in end_session()  argument
291 	logmsg(LOG_INFO, "#%d ending session", s->id);  in end_session()
294 	if (s->client_bufev && s->client_fd != -1)  in end_session()
295 		evbuffer_write(s->client_bufev->output, s->client_fd);  in end_session()
296 	if (s->server_bufev && s->server_fd != -1)  in end_session()
297 		evbuffer_write(s->server_bufev->output, s->server_fd);  in end_session()
299 	if (s->client_fd != -1)  in end_session()
300 		close(s->client_fd);  in end_session()
301 	if (s->server_fd != -1)  in end_session()
302 		close(s->server_fd);  in end_session()
304 	if (s->client_bufev)  in end_session()
305 		bufferevent_free(s->client_bufev);  in end_session()
306 	if (s->server_bufev)  in end_session()
307 		bufferevent_free(s->server_bufev);  in end_session()
311 	if (prepare_commit(s->id) == -1)  in end_session()
318 		logmsg(LOG_ERR, "#%d pf rule removal failed: %s", s->id,  in end_session()
321 	LIST_REMOVE(s, entry);  in end_session()
322 	free(s);  in end_session()
329 	struct session *s, *next;  in exit_daemon()  local
331 	for (s = LIST_FIRST(&sessions); s != LIST_END(&sessions); s = next) {  in exit_daemon()
332 		next = LIST_NEXT(s, entry);  in exit_daemon()
333 		end_session(s);  in exit_daemon()
385 	struct session *s;  in handle_connection()  local
409 	s = init_session();  in handle_connection()
410 	if (s == NULL) {  in handle_connection()
415 	s->client_fd = client_fd;  in handle_connection()
416 	memcpy(sstosa(&s->client_ss), client_sa, client_sa->sa_len);  in handle_connection()
419 	client_sa = sstosa(&s->client_ss);  in handle_connection()
420 	server_sa = sstosa(&s->server_ss);  in handle_connection()
422 	proxy_to_server_sa = sstosa(&s->proxy_ss);  in handle_connection()
426 	logmsg(LOG_DEBUG, "#%d accepted connection from %s", s->id,  in handle_connection()
433 	if ((getsockname(s->client_fd, client_to_proxy_sa, &len)) < 0) {  in handle_connection()
434 		logmsg(LOG_CRIT, "#%d getsockname failed: %s", s->id,  in handle_connection()
439 	    	logmsg(LOG_CRIT, "#%d server lookup failed (no rdr?)", s->id);  in handle_connection()
443 		memcpy(sstosa(&s->orig_server_ss), server_sa,  in handle_connection()
453 	if ((s->server_fd = socket(server_sa->sa_family, SOCK_STREAM,  in handle_connection()
455 		logmsg(LOG_CRIT, "#%d server socket failed: %s", s->id,  in handle_connection()
459 	if (fixed_proxy && bind(s->server_fd, sstosa(&fixed_proxy_ss),  in handle_connection()
462 		    s->id, strerror(errno));  in handle_connection()
467 	if ((fc = fcntl(s->server_fd, F_GETFL)) == -1 ||  in handle_connection()
468 	    fcntl(s->server_fd, F_SETFL, fc | O_NONBLOCK) == -1) {  in handle_connection()
470 		    s->id, strerror(errno));  in handle_connection()
473 	if (connect(s->server_fd, server_sa, server_sa->sa_len) < 0 &&  in handle_connection()
476 		    s->id, sock_ntop(server_sa), strerror(errno));  in handle_connection()
481 	if ((getsockname(s->server_fd, proxy_to_server_sa, &len)) < 0) {  in handle_connection()
482 		logmsg(LOG_CRIT, "#%d getsockname failed: %s", s->id,  in handle_connection()
488 	    "%s via proxy %s ", s->id, session_count, max_sessions,  in handle_connection()
494 	setsockopt(s->client_fd, SOL_SOCKET, SO_KEEPALIVE, (void *)&on,  in handle_connection()
496 	setsockopt(s->server_fd, SOL_SOCKET, SO_KEEPALIVE, (void *)&on,  in handle_connection()
502 	s->client_bufev = bufferevent_new(s->client_fd, &client_read, NULL,  in handle_connection()
503 	    &client_error, s);  in handle_connection()
504 	if (s->client_bufev == NULL) {  in handle_connection()
505 		logmsg(LOG_CRIT, "#%d bufferevent_new client failed", s->id);  in handle_connection()
508 	bufferevent_settimeout(s->client_bufev, timeout, 0);  in handle_connection()
509 	bufferevent_enable(s->client_bufev, EV_READ | EV_TIMEOUT);  in handle_connection()
511 	s->server_bufev = bufferevent_new(s->server_fd, &server_read, NULL,  in handle_connection()
512 	    &server_error, s);  in handle_connection()
513 	if (s->server_bufev == NULL) {  in handle_connection()
514 		logmsg(LOG_CRIT, "#%d bufferevent_new server failed", s->id);  in handle_connection()
517 	bufferevent_settimeout(s->server_bufev, CONNECT_TIMEOUT, 0);  in handle_connection()
518 	bufferevent_enable(s->server_bufev, EV_READ | EV_TIMEOUT);  in handle_connection()
523 	end_session(s);  in handle_connection()
542 	struct session *s;  in init_session()  local
544 	s = calloc(1, sizeof(struct session));  in init_session()
545 	if (s == NULL)  in init_session()
548 	s->id = id_count++;  in init_session()
549 	s->client_fd = -1;  in init_session()
550 	s->server_fd = -1;  in init_session()
551 	s->cbuf[0] = '\0';  in init_session()
552 	s->cbuf_valid = 0;  in init_session()
553 	s->sbuf[0] = '\0';  in init_session()
554 	s->sbuf_valid = 0;  in init_session()
555 	s->client_bufev = NULL;  in init_session()
556 	s->server_bufev = NULL;  in init_session()
557 	s->cmd = CMD_NONE;  in init_session()
558 	s->port = 0;  in init_session()
560 	LIST_INSERT_HEAD(&sessions, s, entry);  in init_session()
563 	return (s);  in init_session()
906 	struct session *s = arg;  in server_error()  local
909 		logmsg(LOG_INFO, "#%d server close", s->id);  in server_error()
911 		logmsg(LOG_ERR, "#%d server refused connection", s->id);  in server_error()
913 		logmsg(LOG_ERR, "#%d server write error: %d", s->id, what);  in server_error()
915 		logmsg(LOG_NOTICE, "#%d server timeout", s->id);  in server_error()
917 		logmsg(LOG_ERR, "#%d abnormal server error: %d", s->id, what);  in server_error()
919 	end_session(s);  in server_error()
923 server_parse(struct session *s)  in server_parse()  argument
925 	if (s->cmd == CMD_NONE || linelen < 4 || linebuf[0] != '2')  in server_parse()
928 	if ((s->cmd == CMD_PASV && strncmp("227 ", linebuf, 4) == 0) ||  in server_parse()
929 	    (s->cmd == CMD_EPSV && strncmp("229 ", linebuf, 4) == 0))  in server_parse()
930 		return (allow_data_connection(s));  in server_parse()
933 	s->cmd = CMD_NONE;  in server_parse()
934 	s->port = 0;  in server_parse()
940 allow_data_connection(struct session *s)  in allow_data_connection()  argument
957 	client_sa = sstosa(&s->client_ss);  in allow_data_connection()
958 	server_sa = sstosa(&s->server_ss);  in allow_data_connection()
959 	proxy_sa = sstosa(&s->proxy_ss);  in allow_data_connection()
963 		orig_sa = sstosa(&s->orig_server_ss);  in allow_data_connection()
966 		orig_sa = sstosa(&s->server_ss);  in allow_data_connection()
969 	if (s->cmd == CMD_PASV || s->cmd == CMD_EPSV) {  in allow_data_connection()
970 		s->port = parse_port(s->cmd);  in allow_data_connection()
971 		if (s->port < MIN_PORT) {  in allow_data_connection()
972 			logmsg(LOG_CRIT, "#%d bad port in '%s'", s->id,  in allow_data_connection()
976 		s->proxy_port = pick_proxy_port();  in allow_data_connection()
978 		    " via port %d", s->id, s->port, s->proxy_port);  in allow_data_connection()
980 		if (prepare_commit(s->id) == -1)  in allow_data_connection()
984 		proxy_reply(s->cmd, orig_sa, s->proxy_port);  in allow_data_connection()
985 		logmsg(LOG_DEBUG, "#%d proxy: %s", s->id, linebuf);  in allow_data_connection()
989 		if (add_rdr(s->id, client_sa, orig_sa, s->proxy_port,  in allow_data_connection()
990 		    server_sa, s->port) == -1)  in allow_data_connection()
994 		if (add_nat(s->id, client_sa, server_sa, s->port, proxy_sa,  in allow_data_connection()
999 		if (add_filter(s->id, PF_IN, client_sa, server_sa,  in allow_data_connection()
1000 		    s->port) == -1)  in allow_data_connection()
1004 		if (add_filter(s->id, PF_OUT, proxy_sa, server_sa,  in allow_data_connection()
1005 		    s->port) == -1)  in allow_data_connection()
1010 	if (s->cmd == CMD_PORT || s->cmd == CMD_EPRT) {  in allow_data_connection()
1012 		    " via port %d", s->id, s->port, s->proxy_port);  in allow_data_connection()
1014 		if (prepare_commit(s->id) == -1)  in allow_data_connection()
1020 		if (add_rdr(s->id, server_sa, proxy_sa, s->proxy_port,  in allow_data_connection()
1021 		    client_sa, s->port) == -1)  in allow_data_connection()
1026 		if (rfc_mode && s->cmd == CMD_PORT) {  in allow_data_connection()
1028 			if (add_nat(s->id, server_sa, client_sa, s->port,  in allow_data_connection()
1033 			if (add_nat(s->id, server_sa, client_sa, s->port,  in allow_data_connection()
1040 		if (add_filter(s->id, PF_IN, server_sa, client_sa, s->port) ==  in allow_data_connection()
1045 		if (add_filter(s->id, PF_OUT, orig_sa, client_sa, s->port) ==  in allow_data_connection()
1060 	s->cmd = CMD_NONE;  in allow_data_connection()
1061 	s->port = 0;  in allow_data_connection()
1066 	logmsg(LOG_CRIT, "#%d pf operation failed: %s", s->id, strerror(errno));  in allow_data_connection()
1075 	struct session	*s = arg;  in server_read()  local
1082 		buf_avail = sizeof s->sbuf - s->sbuf_valid;  in server_read()
1083 		srvread = bufferevent_read(bufev, s->sbuf + s->sbuf_valid,  in server_read()
1085 		s->sbuf_valid += srvread;  in server_read()
1087 		while ((n = get_line(s->sbuf, &s->sbuf_valid)) > 0) {  in server_read()
1088 			logmsg(LOG_DEBUG, "#%d server: %s", s->id, linebuf);  in server_read()
1089 			if (!server_parse(s)) {  in server_read()
1090 				end_session(s);  in server_read()
1093 			bufferevent_write(s->client_bufev, linebuf, linelen);  in server_read()
1098 			    " clean", s->id);  in server_read()
1099 			end_session(s);  in server_read()