1 /* $NetBSD: ip_proxy.h,v 1.4 2012/09/15 16:56:45 plunky Exp $ */ 2 3 /* 4 * Copyright (C) 2012 by Darren Reed. 5 * 6 * See the IPFILTER.LICENCE file for details on licencing. 7 * 8 * Id: ip_proxy.h,v 1.1.1.2 2012/07/22 13:45:33 darrenr Exp 9 */ 10 11 #ifndef _NETINET_IP_PROXY_H_ 12 #define _NETINET_IP_PROXY_H_ 13 14 #ifndef SOLARIS 15 # if (defined(sun) && (defined(__svr4__) || defined(__SVR4))) 16 # define SOLARIS 1 17 # else 18 # define SOLARIS 0 19 # endif 20 #endif 21 22 #if defined(__STDC__) || defined(__GNUC__) || defined(_AIX51) 23 #define SIOCPROXY _IOWR('r', 64, struct ap_control) 24 #else 25 #define SIOCPROXY _IOWR(r, 64, struct ap_control) 26 #endif 27 28 #ifndef APR_LABELLEN 29 #define APR_LABELLEN 16 30 #endif 31 #define AP_SESS_SIZE 53 32 33 struct nat; 34 struct ipnat; 35 struct ipstate; 36 37 typedef struct ap_tcp { 38 u_short apt_sport; /* source port */ 39 u_short apt_dport; /* destination port */ 40 short apt_sel[2]; /* {seq,ack}{off,min} set selector */ 41 short apt_seqoff[2]; /* sequence # difference */ 42 u_32_t apt_seqmin[2]; /* don't change seq-off until after this */ 43 short apt_ackoff[2]; /* sequence # difference */ 44 u_32_t apt_ackmin[2]; /* don't change seq-off until after this */ 45 u_char apt_state[2]; /* connection state */ 46 } ap_tcp_t; 47 48 typedef struct ap_udp { 49 u_short apu_sport; /* source port */ 50 u_short apu_dport; /* destination port */ 51 } ap_udp_t; 52 53 typedef struct ap_session { 54 struct aproxy *aps_apr; 55 union { 56 struct ap_tcp apu_tcp; 57 struct ap_udp apu_udp; 58 } aps_un; 59 U_QUAD_T aps_bytes; /* bytes sent */ 60 U_QUAD_T aps_pkts; /* packets sent */ 61 void *aps_nat; /* pointer back to nat struct */ 62 void *aps_data; /* private data */ 63 int aps_psiz; /* size of private data */ 64 struct ap_session *aps_next; 65 } ap_session_t; 66 67 #define aps_sport aps_un.apu_tcp.apt_sport 68 #define aps_dport aps_un.apu_tcp.apt_dport 69 #define aps_sel aps_un.apu_tcp.apt_sel 70 #define aps_seqoff aps_un.apu_tcp.apt_seqoff 71 #define aps_seqmin aps_un.apu_tcp.apt_seqmin 72 #define aps_state aps_un.apu_tcp.apt_state 73 #define aps_ackoff aps_un.apu_tcp.apt_ackoff 74 #define aps_ackmin aps_un.apu_tcp.apt_ackmin 75 76 77 typedef struct ap_control { 78 char apc_label[APR_LABELLEN]; 79 char apc_config[APR_LABELLEN]; 80 u_char apc_p; 81 /* 82 * The following fields are upto the proxy's apr_ctl routine to deal 83 * with. When the proxy gets this in kernel space, apc_data will 84 * point to a malloc'd region of memory of apc_dsize bytes. If the 85 * proxy wants to keep that memory, it must set apc_data to NULL 86 * before it returns. It is expected if this happens that it will 87 * take care to free it in apr_fini or otherwise as appropriate. 88 * apc_cmd is provided as a standard place to put simple commands, 89 * with apc_arg being available to put a simple arg. 90 */ 91 u_long apc_cmd; 92 u_long apc_arg; 93 void *apc_data; 94 size_t apc_dsize; 95 } ap_ctl_t; 96 97 #define APC_CMD_ADD 0 98 #define APC_CMD_DEL 1 99 100 101 typedef struct aproxy { 102 struct aproxy *apr_next; 103 struct aproxy *apr_parent; 104 char apr_label[APR_LABELLEN]; /* Proxy label # */ 105 u_char apr_p; /* protocol */ 106 int apr_flags; 107 int apr_ref; 108 int apr_clones; 109 void (* apr_load)(void); 110 void (* apr_unload)(void); 111 void *(* apr_create)(ipf_main_softc_t *); 112 void (* apr_destroy)(ipf_main_softc_t *, void *); 113 int (* apr_init)(ipf_main_softc_t *, void *); 114 void (* apr_fini)(ipf_main_softc_t *, void *); 115 int (* apr_new)(void *, fr_info_t *, ap_session_t *, 116 struct nat *); 117 void (* apr_del)(ipf_main_softc_t *, ap_session_t *); 118 int (* apr_inpkt)(void *, fr_info_t *, ap_session_t *, 119 struct nat *); 120 int (* apr_outpkt)(void *, fr_info_t *, ap_session_t *, 121 struct nat *); 122 int (* apr_match)(fr_info_t *, ap_session_t *, struct nat *); 123 int (* apr_ctl)(ipf_main_softc_t *, void *, ap_ctl_t *); 124 int (* apr_clear)(struct aproxy *); 125 int (* apr_flush)(struct aproxy *, int); 126 void *apr_soft; 127 } aproxy_t; 128 129 #define APR_DELETE 1 130 131 #define APR_ERR(x) ((x) << 16) 132 #define APR_EXIT(x) (((x) >> 16) & 0xffff) 133 #define APR_INC(x) ((x) & 0xffff) 134 135 136 #ifdef _KERNEL 137 /* 138 * Generic #define's to cover missing things in the kernel 139 */ 140 # ifndef isdigit 141 # define isdigit(x) ((x) >= '0' && (x) <= '9') 142 # endif 143 # ifndef isupper 144 # define isupper(x) (((unsigned)(x) >= 'A') && ((unsigned)(x) <= 'Z')) 145 # endif 146 # ifndef islower 147 # define islower(x) (((unsigned)(x) >= 'a') && ((unsigned)(x) <= 'z')) 148 # endif 149 # ifndef isalpha 150 # define isalpha(x) (isupper(x) || islower(x)) 151 # endif 152 # ifndef toupper 153 # define toupper(x) (isupper(x) ? (x) : (x) - 'a' + 'A') 154 # endif 155 # ifndef isspace 156 # define isspace(x) (((x) == ' ') || ((x) == '\r') || ((x) == '\n') || \ 157 ((x) == '\t') || ((x) == '\b')) 158 # endif 159 #endif /* _KERNEL */ 160 161 /* 162 * For the ftp proxy. 163 */ 164 #define FTP_BUFSZ 160 165 #define IPF_FTPBUFSZ 160 166 167 typedef struct ftpside { 168 char *ftps_rptr; 169 char *ftps_wptr; 170 void *ftps_ifp; 171 u_32_t ftps_seq[2]; 172 u_32_t ftps_len; 173 int ftps_junk; 174 int ftps_cmds; 175 int ftps_cmd; 176 char ftps_buf[FTP_BUFSZ]; 177 } ftpside_t; 178 179 typedef struct ftpinfo { 180 int ftp_passok; 181 int ftp_incok; 182 void *ftp_pendstate; 183 nat_t *ftp_pendnat; 184 ftpside_t ftp_side[2]; 185 } ftpinfo_t; 186 187 188 /* 189 * IPsec proxy 190 */ 191 typedef u_32_t ipsec_cookie_t[2]; 192 193 typedef struct ipsec_pxy { 194 ipsec_cookie_t ipsc_icookie; 195 ipsec_cookie_t ipsc_rcookie; 196 int ipsc_rckset; 197 nat_t *ipsc_nat; 198 struct ipstate *ipsc_state; 199 ipnat_t *ipsc_rule; 200 } ipsec_pxy_t; 201 202 203 /* 204 * For the irc proxy. 205 */ 206 typedef struct ircinfo { 207 size_t irc_len; 208 char *irc_snick; 209 char *irc_dnick; 210 char *irc_type; 211 char *irc_arg; 212 char *irc_addr; 213 u_32_t irc_ipnum; 214 u_short irc_port; 215 } ircinfo_t; 216 217 218 /* 219 * For the DNS "proxy" 220 */ 221 typedef struct dnsinfo { 222 ipfmutex_t dnsi_lock; 223 u_short dnsi_id; 224 char dnsi_buffer[512]; 225 } dnsinfo_t; 226 227 228 /* 229 * Real audio proxy structure and #defines 230 */ 231 typedef struct raudio_s { 232 int rap_seenpna; 233 int rap_seenver; 234 int rap_version; 235 int rap_eos; /* End Of Startup */ 236 int rap_gotid; 237 int rap_gotlen; 238 int rap_mode; 239 int rap_sdone; 240 u_short rap_plport; 241 u_short rap_prport; 242 u_short rap_srport; 243 char rap_svr[19]; 244 u_32_t rap_sbf; /* flag to indicate which of the 19 bytes have 245 * been filled 246 */ 247 u_32_t rap_sseq; 248 } raudio_t; 249 250 #define RA_ID_END 0 251 #define RA_ID_UDP 1 252 #define RA_ID_ROBUST 7 253 254 #define RAP_M_UDP 1 255 #define RAP_M_ROBUST 2 256 #define RAP_M_TCP 4 257 #define RAP_M_UDP_ROBUST (RAP_M_UDP|RAP_M_ROBUST) 258 259 260 /* 261 * MSN RPC proxy 262 */ 263 typedef struct msnrpcinfo { 264 u_int mri_flags; 265 int mri_cmd[2]; 266 u_int mri_valid; 267 struct in_addr mri_raddr; 268 u_short mri_rport; 269 } msnrpcinfo_t; 270 271 272 /* 273 * Sun RPCBIND proxy 274 */ 275 #define RPCB_MAXMSG 888 276 #define RPCB_RES_PMAP 0 /* Response contains a v2 port. */ 277 #define RPCB_RES_STRING 1 /* " " " v3 (GETADDR) string. */ 278 #define RPCB_RES_LIST 2 /* " " " v4 (GETADDRLIST) list. */ 279 #define RPCB_MAXREQS 32 /* Arbitrary limit on tracked transactions */ 280 281 #define RPCB_REQMIN 40 282 #define RPCB_REQMAX 888 283 #define RPCB_REPMIN 20 284 #define RPCB_REPMAX 604 /* XXX double check this! */ 285 286 /* 287 * These macros determine the number of bytes between p and the end of 288 * r->rs_buf relative to l. 289 */ 290 #define RPCB_BUF_END(r) (char *)((r)->rm_msgbuf + (r)->rm_buflen) 291 #define RPCB_BUF_GEQ(r, p, l) \ 292 ((RPCB_BUF_END((r)) > (char *)(p)) && \ 293 ((RPCB_BUF_END((r)) - (char *)(p)) >= (l))) 294 #define RPCB_BUF_EQ(r, p, l) \ 295 (RPCB_BUF_END((r)) == ((char *)(p) + (l))) 296 297 /* 298 * The following correspond to RPC(B) detailed in RFC183[13]. 299 */ 300 #define RPCB_CALL 0 301 #define RPCB_REPLY 1 302 #define RPCB_MSG_VERSION 2 303 #define RPCB_PROG 100000 304 #define RPCB_GETPORT 3 305 #define RPCB_GETADDR 3 306 #define RPCB_GETADDRLIST 11 307 #define RPCB_MSG_ACCEPTED 0 308 #define RPCB_MSG_DENIED 1 309 310 /* BEGIN (Generic XDR structures) */ 311 typedef struct xdr_string { 312 u_32_t *xs_len; 313 char *xs_str; 314 } xdr_string_t; 315 316 typedef struct xdr_auth { 317 /* u_32_t xa_flavor; */ 318 xdr_string_t xa_string; 319 } xdr_auth_t; 320 321 typedef struct xdr_uaddr { 322 u_32_t xu_ip; 323 u_short xu_port; 324 xdr_string_t xu_str; 325 } xdr_uaddr_t; 326 327 typedef struct xdr_proto { 328 u_int xp_proto; 329 xdr_string_t xp_str; 330 } xdr_proto_t; 331 332 #define xu_xslen xu_str.xs_len 333 #define xu_xsstr xu_str.xs_str 334 #define xp_xslen xp_str.xs_len 335 #define xp_xsstr xp_str.xs_str 336 /* END (Generic XDR structures) */ 337 338 /* BEGIN (RPC call structures) */ 339 typedef struct pmap_args { 340 /* u_32_t pa_prog; */ 341 /* u_32_t pa_vers; */ 342 u_32_t *pa_prot; 343 /* u_32_t pa_port; */ 344 } pmap_args_t; 345 346 typedef struct rpcb_args { 347 /* u_32_t *ra_prog; */ 348 /* u_32_t *ra_vers; */ 349 xdr_proto_t ra_netid; 350 xdr_uaddr_t ra_maddr; 351 /* xdr_string_t ra_owner; */ 352 } rpcb_args_t; 353 354 typedef struct rpc_call { 355 /* u_32_t rc_rpcvers; */ 356 /* u_32_t rc_prog; */ 357 u_32_t *rc_vers; 358 u_32_t *rc_proc; 359 xdr_auth_t rc_authcred; 360 xdr_auth_t rc_authverf; 361 union { 362 pmap_args_t ra_pmapargs; 363 rpcb_args_t ra_rpcbargs; 364 } rpcb_args; 365 } rpc_call_t; 366 367 #define rc_pmapargs rpcb_args.ra_pmapargs 368 #define rc_rpcbargs rpcb_args.ra_rpcbargs 369 /* END (RPC call structures) */ 370 371 /* BEGIN (RPC reply structures) */ 372 typedef struct rpcb_entry { 373 xdr_uaddr_t re_maddr; 374 xdr_proto_t re_netid; 375 /* u_32_t re_semantics; */ 376 xdr_string_t re_family; 377 xdr_proto_t re_proto; 378 u_32_t *re_more; /* 1 == another entry follows */ 379 } rpcb_entry_t; 380 381 typedef struct rpcb_listp { 382 u_32_t *rl_list; /* 1 == list follows */ 383 int rl_cnt; 384 rpcb_entry_t rl_entries[2]; /* TCP / UDP only */ 385 } rpcb_listp_t; 386 387 typedef struct rpc_resp { 388 /* u_32_t rr_acceptdeny; */ 389 /* Omitted 'message denied' fork; we don't care about rejects. */ 390 xdr_auth_t rr_authverf; 391 /* u_32_t *rr_astat; */ 392 union { 393 u_32_t *resp_pmap; 394 xdr_uaddr_t resp_getaddr; 395 rpcb_listp_t resp_getaddrlist; 396 } rpcb_reply; 397 } rpc_resp_t; 398 399 #define rr_v2 rpcb_reply.resp_pmap 400 #define rr_v3 rpcb_reply.resp_getaddr 401 #define rr_v4 rpcb_reply.resp_getaddrlist 402 /* END (RPC reply structures) */ 403 404 /* BEGIN (RPC message structure & macros) */ 405 typedef struct rpc_msg { 406 char rm_msgbuf[RPCB_MAXMSG]; /* RPCB data buffer */ 407 u_int rm_buflen; 408 u_32_t *rm_xid; 409 /* u_32_t Call vs Reply */ 410 union { 411 rpc_call_t rb_call; 412 rpc_resp_t rb_resp; 413 } rm_body; 414 } rpc_msg_t; 415 416 #define rm_call rm_body.rb_call 417 #define rm_resp rm_body.rb_resp 418 /* END (RPC message structure & macros) */ 419 420 /* 421 * These code paths aren't hot enough to warrant per transaction 422 * mutexes. 423 */ 424 typedef struct rpcb_xact { 425 struct rpcb_xact *rx_next; 426 struct rpcb_xact **rx_pnext; 427 u_32_t rx_xid; /* RPC transmission ID */ 428 u_int rx_type; /* RPCB response type */ 429 u_int rx_ref; /* reference count */ 430 u_int rx_proto; /* transport protocol (v2 only) */ 431 } rpcb_xact_t; 432 433 typedef struct rpcb_session { 434 ipfmutex_t rs_rxlock; 435 rpcb_xact_t *rs_rxlist; 436 } rpcb_session_t; 437 438 /* 439 * For an explanation, please see the following: 440 * RFC1832 - Sections 3.11, 4.4, and 4.5. 441 */ 442 #define XDRALIGN(x) ((((x) % 4) != 0) ? ((((x) + 3) / 4) * 4) : (x)) 443 444 extern int ipf_proxy_add(void *, aproxy_t *); 445 extern int ipf_proxy_check(fr_info_t *, struct nat *); 446 extern int ipf_proxy_ctl(ipf_main_softc_t *, void *, ap_ctl_t *); 447 extern int ipf_proxy_del(aproxy_t *); 448 extern void ipf_proxy_deref(aproxy_t *); 449 extern void ipf_proxy_flush(void *, int); 450 extern void ipf_proxy_free(ipf_main_softc_t *, ap_session_t *); 451 extern int ipf_proxy_init(void); 452 extern int ipf_proxy_ioctl(ipf_main_softc_t *, void *, ioctlcmd_t, int, void *); 453 extern aproxy_t *ipf_proxy_lookup(void *, u_int, char *); 454 extern int ipf_proxy_match(fr_info_t *, struct nat *); 455 extern int ipf_proxy_new(fr_info_t *, struct nat *); 456 extern int ipf_proxy_ok(fr_info_t *, tcphdr_t *, struct ipnat *); 457 extern void aps_free(ipf_main_softc_t *, void *, ap_session_t *); 458 extern int ipf_proxy_main_load(void); 459 extern int ipf_proxy_main_unload(void); 460 extern ipnat_t *ipf_proxy_rule_fwd(nat_t *); 461 extern ipnat_t *ipf_proxy_rule_rev(nat_t *); 462 extern void *ipf_proxy_soft_create(ipf_main_softc_t *); 463 extern void ipf_proxy_soft_destroy(ipf_main_softc_t *, void *); 464 extern int ipf_proxy_soft_fini(ipf_main_softc_t *, void *); 465 extern int ipf_proxy_soft_init(ipf_main_softc_t *, void *); 466 467 #endif /* _NETINET_IP_PROXY_H_ */ 468