1 /* $OpenBSD: relayd.h,v 1.271 2023/06/25 08:07:39 op Exp $ */ 2 3 /* 4 * Copyright (c) 2006 - 2016 Reyk Floeter <reyk@openbsd.org> 5 * Copyright (c) 2006, 2007 Pierre-Yves Ritschard <pyr@openbsd.org> 6 * Copyright (c) 2003, 2004 Henning Brauer <henning@openbsd.org> 7 * 8 * Permission to use, copy, modify, and distribute this software for any 9 * purpose with or without fee is hereby granted, provided that the above 10 * copyright notice and this permission notice appear in all copies. 11 * 12 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 13 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 14 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 15 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 16 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 17 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 18 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 19 */ 20 21 #ifndef RELAYD_H 22 #define RELAYD_H 23 24 #include <sys/types.h> 25 #include <sys/socket.h> 26 #include <sys/queue.h> 27 #include <sys/tree.h> 28 #include <sys/time.h> 29 #include <sys/un.h> 30 31 #include <net/if.h> 32 #include <net/pfvar.h> 33 34 #include <stdarg.h> 35 #include <limits.h> 36 #include <siphash.h> 37 #include <event.h> 38 #include <imsg.h> 39 40 #include <openssl/ssl.h> 41 #include <tls.h> 42 43 #ifndef nitems 44 #define nitems(_a) (sizeof((_a)) / sizeof((_a)[0])) 45 #endif 46 47 #define CONF_FILE "/etc/relayd.conf" 48 #define RELAYD_SOCKET "/var/run/relayd.sock" 49 #define PF_SOCKET "/dev/pf" 50 #define RELAYD_USER "_relayd" 51 #define RELAYD_ANCHOR "relayd" 52 #define RELAYD_SERVERNAME "OpenBSD relayd" 53 #define CHECK_TIMEOUT 200 54 #define CHECK_INTERVAL 10 55 #define EMPTY_TABLE UINT_MAX 56 #define EMPTY_ID UINT_MAX 57 #define LABEL_NAME_SIZE 1024 58 #define TAG_NAME_SIZE 64 59 #define TABLE_NAME_SIZE 64 60 #define RD_TAG_NAME_SIZE 64 61 #define RT_LABEL_SIZE 32 62 #define SRV_NAME_SIZE 64 63 #define MAX_NAME_SIZE 64 64 #define SRV_MAX_VIRTS 16 65 #define TLS_NAME_SIZE 512 66 #define TLS_CERT_HASH_SIZE 128 67 #define RELAY_MAX_PREFETCH 256 68 #define RELAY_MIN_PREFETCHED 32 69 70 #define FD_RESERVE 5 71 72 #define RELAY_MAX_BACKLOG 512 73 #define RELAY_TIMEOUT 600 74 #define RELAY_CACHESIZE -1 /* use default size */ 75 #define RELAY_NUMPROC 3 76 #define RELAY_MAXHOSTS 32 77 #define RELAY_MAXHEADERLENGTH 131072 78 #define RELAY_DEFHEADERLENGTH 8192 79 #define RELAY_STATINTERVAL 60 80 #define RELAY_BACKLOG 10 81 #define RELAY_MAXLOOKUPLEVELS 5 82 #define RELAY_OUTOF_FD_RETRIES 5 83 #define RELAY_MAX_HASH_RETRIES 5 84 #define RELAY_TLS_PRIV_TIMEOUT 1000 /* wait 1sec for the ca */ 85 86 #define CONFIG_RELOAD 0x00 87 #define CONFIG_TABLES 0x01 88 #define CONFIG_RDRS 0x02 89 #define CONFIG_RELAYS 0x04 90 #define CONFIG_PROTOS 0x08 91 #define CONFIG_ROUTES 0x10 92 #define CONFIG_RTS 0x20 93 #define CONFIG_CA_ENGINE 0x40 94 #define CONFIG_CERTS 0x80 95 #define CONFIG_ALL 0xff 96 97 #define SMALL_READ_BUF_SIZE 1024 98 #define ICMP_BUF_SIZE 64 99 #define ICMP_RCVBUF_SIZE 262144 100 101 #define AGENTX_RECONNECT_TIMEOUT { 3, 0 } /* sec, usec */ 102 103 #define PROC_PARENT_SOCK_FILENO 3 104 #define PROC_MAX_INSTANCES 32 105 106 #if DEBUG > 1 107 #define DPRINTF log_debug 108 #define DEBUG_CERT 1 109 #else 110 #define DPRINTF(x...) do {} while(0) 111 #endif 112 113 /* Used for DNS request ID randomization */ 114 struct shuffle { 115 u_int16_t id_shuffle[65536]; 116 int isindex; 117 }; 118 119 typedef u_int32_t objid_t; 120 121 struct ctl_status { 122 objid_t id; 123 int up; 124 int retry_cnt; 125 u_long check_cnt; 126 u_int16_t he; 127 }; 128 129 struct ctl_id { 130 objid_t id; 131 char name[MAX_NAME_SIZE]; 132 }; 133 134 struct ctl_relaytable { 135 objid_t id; 136 objid_t relayid; 137 int mode; 138 u_int32_t flags; 139 }; 140 141 enum fd_type { 142 RELAY_FD_CERT = 1, 143 RELAY_FD_CACERT = 2, 144 RELAY_FD_CAFILE = 3, 145 RELAY_FD_KEY = 4, 146 RELAY_FD_OCSP = 5 147 }; 148 149 struct ctl_relayfd { 150 objid_t id; 151 objid_t relayid; 152 enum fd_type type; 153 }; 154 155 struct ctl_script { 156 objid_t host; 157 int retval; 158 struct timeval timeout; 159 char name[HOST_NAME_MAX+1]; 160 char path[PATH_MAX]; 161 }; 162 163 struct ctl_demote { 164 char group[IFNAMSIZ]; 165 int level; 166 }; 167 168 struct ctl_icmp_event { 169 struct relayd *env; 170 int s; 171 int af; 172 int last_up; 173 struct event ev; 174 struct timeval tv_start; 175 }; 176 177 struct ctl_tcp_event { 178 int s; 179 struct ibuf *buf; 180 struct host *host; 181 struct table *table; 182 struct timeval tv_start; 183 struct event ev; 184 int (*validate_read)(struct ctl_tcp_event *); 185 int (*validate_close)(struct ctl_tcp_event *); 186 187 struct tls *tls; 188 }; 189 190 enum direction { 191 RELAY_DIR_INVALID = -1, 192 RELAY_DIR_ANY = 0, 193 RELAY_DIR_REQUEST = 1, 194 RELAY_DIR_RESPONSE = 2 195 }; 196 197 enum relay_state { 198 STATE_INIT, 199 STATE_PENDING, 200 STATE_PRECONNECT, 201 STATE_CONNECTED, 202 STATE_CLOSED, 203 STATE_DONE 204 }; 205 206 struct ctl_relay_event { 207 int s; 208 in_port_t port; 209 struct sockaddr_storage ss; 210 struct bufferevent *bev; 211 struct evbuffer *output; 212 struct ctl_relay_event *dst; 213 struct rsession *con; 214 215 struct tls *tls; 216 struct tls_config *tls_cfg; 217 struct tls *tls_ctx; 218 219 uint8_t *tlscert; 220 size_t tlscert_len; 221 222 off_t splicelen; 223 off_t toread; 224 size_t headerlen; 225 int line; 226 int done; 227 int timedout; 228 enum relay_state state; 229 enum direction dir; 230 231 /* protocol-specific descriptor */ 232 void *desc; 233 }; 234 235 enum httpchunk { 236 TOREAD_UNLIMITED = -1, 237 TOREAD_HTTP_HEADER = -2, 238 TOREAD_HTTP_CHUNK_LENGTH = -3, 239 TOREAD_HTTP_CHUNK_TRAILER = -4 240 }; 241 242 struct ctl_natlook { 243 objid_t id; 244 int proc; 245 246 struct sockaddr_storage src; 247 struct sockaddr_storage dst; 248 struct sockaddr_storage rsrc; 249 struct sockaddr_storage rdst; 250 in_port_t rsport; 251 in_port_t rdport; 252 int in; 253 int proto; 254 }; 255 256 struct ctl_bindany { 257 objid_t bnd_id; 258 int bnd_proc; 259 260 struct sockaddr_storage bnd_ss; 261 in_port_t bnd_port; 262 int bnd_proto; 263 }; 264 265 struct ctl_keyop { 266 char cko_hash[TLS_CERT_HASH_SIZE]; 267 int cko_proc; 268 int cko_flen; 269 int cko_tlen; 270 int cko_padding; 271 u_int cko_cookie; 272 }; 273 274 struct ctl_stats { 275 objid_t id; 276 int proc; 277 278 u_int64_t interval; 279 u_int64_t cnt; 280 u_int32_t tick; 281 u_int32_t avg; 282 u_int32_t last; 283 u_int32_t avg_hour; 284 u_int32_t last_hour; 285 u_int32_t avg_day; 286 u_int32_t last_day; 287 }; 288 289 enum key_option { 290 KEY_OPTION_NONE = 0, 291 KEY_OPTION_APPEND, 292 KEY_OPTION_SET, 293 KEY_OPTION_REMOVE, 294 KEY_OPTION_HASH, 295 KEY_OPTION_LOG, 296 KEY_OPTION_STRIP 297 }; 298 299 enum key_type { 300 KEY_TYPE_NONE = 0, 301 KEY_TYPE_COOKIE, 302 KEY_TYPE_HEADER, 303 KEY_TYPE_PATH, 304 KEY_TYPE_QUERY, 305 KEY_TYPE_URL, 306 KEY_TYPE_MAX 307 }; 308 309 struct ctl_kvlen { 310 ssize_t key; 311 ssize_t value; 312 }; 313 314 struct ctl_rule { 315 struct ctl_kvlen kvlen[KEY_TYPE_MAX]; 316 }; 317 318 enum digest_type { 319 DIGEST_NONE = 0, 320 DIGEST_SHA1 = 1, 321 DIGEST_MD5 = 2 322 }; 323 324 TAILQ_HEAD(kvlist, kv); 325 RB_HEAD(kvtree, kv); 326 327 struct kv { 328 char *kv_key; 329 char *kv_value; 330 331 enum key_type kv_type; 332 enum key_option kv_option; 333 enum digest_type kv_digest; 334 335 #define KV_FLAG_MACRO 0x01 336 #define KV_FLAG_INVALID 0x02 337 #define KV_FLAG_GLOBBING 0x04 338 u_int8_t kv_flags; 339 340 struct kvlist kv_children; 341 struct kv *kv_parent; 342 TAILQ_ENTRY(kv) kv_entry; 343 344 RB_ENTRY(kv) kv_node; 345 346 /* A few pointers used by the rule actions */ 347 struct kv *kv_match; 348 struct kvtree *kv_matchtree; 349 350 TAILQ_ENTRY(kv) kv_match_entry; 351 TAILQ_ENTRY(kv) kv_rule_entry; 352 TAILQ_ENTRY(kv) kv_action_entry; 353 }; 354 355 struct portrange { 356 in_port_t val[2]; 357 u_int8_t op; 358 }; 359 360 struct address { 361 objid_t rdrid; 362 struct sockaddr_storage ss; 363 int ipproto; 364 struct portrange port; 365 char ifname[IFNAMSIZ]; 366 TAILQ_ENTRY(address) entry; 367 }; 368 TAILQ_HEAD(addresslist, address); 369 370 union hashkey { 371 /* Simplified version of pf_poolhashkey */ 372 u_int32_t data[4]; 373 SIPHASH_KEY siphashkey; 374 }; 375 376 #define F_DISABLE 0x00000001 377 #define F_BACKUP 0x00000002 378 #define F_USED 0x00000004 379 #define F_DOWN 0x00000008 380 #define F_ADD 0x00000010 381 #define F_DEL 0x00000020 382 #define F_CHANGED 0x00000040 383 #define F_STICKY 0x00000080 384 #define F_CHECK_DONE 0x00000100 385 #define F_ACTIVE_RULESET 0x00000200 386 #define F_CHECK_SENT 0x00000400 387 #define F_TLS 0x00000800 388 #define F_NATLOOK 0x00001000 389 #define F_DEMOTE 0x00002000 390 #define F_LOOKUP_PATH 0x00004000 391 #define F_DEMOTED 0x00008000 392 #define F_UDP 0x00010000 393 #define F_RETURN 0x00020000 394 #define F_AGENTX 0x00040000 395 #define F_NEEDPF 0x00080000 396 #define F_PORT 0x00100000 397 #define F_TLSCLIENT 0x00200000 398 #define F_NEEDRT 0x00400000 399 #define F_MATCH 0x00800000 400 #define F_DIVERT 0x01000000 401 #define F_SCRIPT 0x02000000 402 #define F_TLSINSPECT 0x04000000 403 #define F_HASHKEY 0x08000000 404 #define F_AGENTX_TRAPONLY 0x10000000 405 406 #define F_BITS \ 407 "\10\01DISABLE\02BACKUP\03USED\04DOWN\05ADD\06DEL\07CHANGED" \ 408 "\10STICKY-ADDRESS\11CHECK_DONE\12ACTIVE_RULESET\13CHECK_SENT" \ 409 "\14TLS\15NAT_LOOKUP\16DEMOTE\17LOOKUP_PATH\20DEMOTED\21UDP" \ 410 "\22RETURN\23TRAP\24NEEDPF\25PORT\26TLS_CLIENT\27NEEDRT" \ 411 "\30MATCH\31DIVERT\32SCRIPT\33TLS_INSPECT\34HASHKEY" \ 412 "\35AGENTX_TRAPONLY" 413 414 enum forwardmode { 415 FWD_NORMAL = 0, 416 FWD_ROUTE, 417 FWD_TRANS 418 }; 419 420 struct host_config { 421 objid_t id; 422 objid_t parentid; 423 objid_t tableid; 424 int retry; 425 char name[HOST_NAME_MAX+1]; 426 struct sockaddr_storage ss; 427 int ttl; 428 int priority; 429 }; 430 431 struct host { 432 TAILQ_ENTRY(host) entry; 433 TAILQ_ENTRY(host) globalentry; 434 SLIST_ENTRY(host) child; 435 SLIST_HEAD(,host) children; 436 struct host_config conf; 437 u_int32_t flags; 438 char *tablename; 439 int up; 440 int last_up; 441 u_long check_cnt; 442 u_long up_cnt; 443 int retry_cnt; 444 int idx; 445 u_int16_t he; 446 int code; 447 struct ctl_tcp_event cte; 448 }; 449 TAILQ_HEAD(hostlist, host); 450 451 enum host_error { 452 HCE_NONE = 0, 453 HCE_ABORT, 454 HCE_INTERVAL_TIMEOUT, 455 HCE_ICMP_OK, 456 HCE_ICMP_READ_TIMEOUT, 457 HCE_ICMP_WRITE_TIMEOUT, 458 HCE_TCP_SOCKET_ERROR, 459 HCE_TCP_SOCKET_LIMIT, 460 HCE_TCP_SOCKET_OPTION, 461 HCE_TCP_CONNECT_FAIL, 462 HCE_TCP_CONNECT_TIMEOUT, 463 HCE_TCP_CONNECT_OK, 464 HCE_TCP_WRITE_TIMEOUT, 465 HCE_TCP_WRITE_FAIL, 466 HCE_TCP_READ_TIMEOUT, 467 HCE_TCP_READ_FAIL, 468 HCE_SCRIPT_OK, 469 HCE_SCRIPT_FAIL, 470 HCE_TLS_CONNECT_ERROR, 471 HCE_TLS_CONNECT_FAIL, 472 HCE_TLS_CONNECT_OK, 473 HCE_TLS_CONNECT_TIMEOUT, 474 HCE_TLS_READ_TIMEOUT, 475 HCE_TLS_WRITE_TIMEOUT, 476 HCE_TLS_READ_ERROR, 477 HCE_TLS_WRITE_ERROR, 478 HCE_SEND_EXPECT_FAIL, 479 HCE_SEND_EXPECT_OK, 480 HCE_HTTP_CODE_ERROR, 481 HCE_HTTP_CODE_FAIL, 482 HCE_HTTP_CODE_OK, 483 HCE_HTTP_DIGEST_ERROR, 484 HCE_HTTP_DIGEST_FAIL, 485 HCE_HTTP_DIGEST_OK, 486 }; 487 488 enum host_status { 489 HOST_DOWN = -1, 490 HOST_UNKNOWN = 0, 491 HOST_UP = 1 492 }; 493 #define HOST_ISUP(x) (x == HOST_UP) 494 495 struct table_config { 496 objid_t id; 497 objid_t rdrid; 498 u_int32_t flags; 499 int check; 500 char demote_group[IFNAMSIZ]; 501 char ifname[IFNAMSIZ]; 502 struct timeval timeout; 503 in_port_t port; 504 int retcode; 505 int skip_cnt; 506 char name[TABLE_NAME_SIZE]; 507 size_t name_len; 508 char path[PATH_MAX]; 509 unsigned char exbinbuf[128]; 510 char exbuf[256]; 511 char digest[41]; /* length of sha1 digest * 2 */ 512 u_int8_t digest_type; 513 enum forwardmode fwdmode; 514 }; 515 516 struct table { 517 TAILQ_ENTRY(table) entry; 518 struct table_config conf; 519 int up; 520 int skipped; 521 struct hostlist hosts; 522 struct tls_config *tls_cfg; 523 struct ibuf *sendbinbuf; 524 char *sendbuf; 525 }; 526 TAILQ_HEAD(tablelist, table); 527 528 enum table_check { 529 CHECK_NOCHECK = 0, 530 CHECK_ICMP = 1, 531 CHECK_TCP = 2, 532 CHECK_HTTP_CODE = 3, 533 CHECK_HTTP_DIGEST = 4, 534 CHECK_BINSEND_EXPECT = 5, 535 CHECK_SEND_EXPECT = 6, 536 CHECK_SCRIPT = 7 537 }; 538 539 struct rdr_config { 540 objid_t id; 541 u_int32_t flags; 542 in_port_t port; 543 objid_t table_id; 544 objid_t backup_id; 545 int mode; 546 union hashkey key; 547 char name[SRV_NAME_SIZE]; 548 char tag[RD_TAG_NAME_SIZE]; 549 struct timeval timeout; 550 }; 551 552 struct rdr { 553 TAILQ_ENTRY(rdr) entry; 554 struct rdr_config conf; 555 struct addresslist virts; 556 struct table *table; 557 struct table *backup; /* use this if no host up */ 558 struct ctl_stats stats; 559 }; 560 TAILQ_HEAD(rdrlist, rdr); 561 562 struct rsession { 563 objid_t se_id; 564 objid_t se_relayid; 565 struct sockaddr_storage se_sockname; 566 struct ctl_relay_event se_in; 567 struct ctl_relay_event se_out; 568 void *se_priv; 569 SIPHASH_CTX se_siphashctx; 570 struct relay_table *se_table; 571 struct relay_table *se_table0; 572 struct event se_ev; 573 struct timeval se_timeout; 574 struct timeval se_tv_start; 575 struct timeval se_tv_last; 576 struct event se_inflightevt; 577 int se_done; 578 int se_retry; 579 int se_retrycount; 580 int se_connectcount; 581 int se_haslog; 582 struct evbuffer *se_log; 583 struct relay *se_relay; 584 struct ctl_natlook *se_cnl; 585 int se_bnds; 586 u_int16_t se_tag; 587 u_int16_t se_label; 588 589 int se_cid; 590 pid_t se_pid; 591 SPLAY_ENTRY(rsession) se_nodes; 592 TAILQ_ENTRY(rsession) se_entry; 593 }; 594 SPLAY_HEAD(session_tree, rsession); 595 TAILQ_HEAD(sessionlist, rsession); 596 597 enum prototype { 598 RELAY_PROTO_TCP = 0, 599 RELAY_PROTO_HTTP, 600 RELAY_PROTO_DNS 601 }; 602 603 enum relay_result { 604 RES_DROP = 0, 605 RES_PASS = 1, 606 RES_FAIL = -1, 607 RES_BAD = -2, 608 RES_INTERNAL = -3 609 }; 610 611 enum rule_action { 612 RULE_ACTION_MATCH = 0, 613 RULE_ACTION_PASS, 614 RULE_ACTION_BLOCK 615 }; 616 617 struct rule_addr { 618 struct sockaddr_storage addr; 619 u_int8_t addr_mask; 620 int addr_port; 621 }; 622 623 #define RELAY_ADDR_EQ(_a, _b) \ 624 ((_a)->addr_mask == (_b)->addr_mask && \ 625 sockaddr_cmp((struct sockaddr *)&(_a)->addr, \ 626 (struct sockaddr *)&(_b)->addr, (_a)->addr_mask) == 0) 627 628 #define RELAY_ADDR_CMP(_a, _b) \ 629 sockaddr_cmp((struct sockaddr *)&(_a)->addr, \ 630 (struct sockaddr *)(_b), (_a)->addr_mask) 631 632 #define RELAY_ADDR_NEQ(_a, _b) \ 633 ((_a)->addr_mask != (_b)->addr_mask || \ 634 sockaddr_cmp((struct sockaddr *)&(_a)->addr, \ 635 (struct sockaddr *)&(_b)->addr, (_a)->addr_mask) != 0) 636 637 #define RELAY_AF_NEQ(_a, _b) \ 638 (((_a) != AF_UNSPEC) && ((_b) != AF_UNSPEC) && \ 639 ((_a) != (_b))) 640 641 struct relay_rule { 642 objid_t rule_id; 643 objid_t rule_protoid; 644 645 u_int rule_action; 646 #define RULE_SKIP_PROTO 0 647 #define RULE_SKIP_DIR 1 648 #define RULE_SKIP_AF 2 649 #define RULE_SKIP_SRC 3 650 #define RULE_SKIP_DST 4 651 #define RULE_SKIP_METHOD 5 652 #define RULE_SKIP_COUNT 6 653 struct relay_rule *rule_skip[RULE_SKIP_COUNT]; 654 655 #define RULE_FLAG_QUICK 0x01 656 u_int8_t rule_flags; 657 658 int rule_label; 659 int rule_tag; 660 int rule_tagged; 661 enum direction rule_dir; 662 u_int rule_proto; 663 int rule_af; 664 struct rule_addr rule_src; 665 struct rule_addr rule_dst; 666 struct relay_table *rule_table; 667 668 u_int rule_method; 669 char rule_labelname[LABEL_NAME_SIZE]; 670 char rule_tablename[TABLE_NAME_SIZE]; 671 char rule_taggedname[TAG_NAME_SIZE]; 672 char rule_tagname[TAG_NAME_SIZE]; 673 674 struct ctl_rule rule_ctl; 675 struct kv rule_kv[KEY_TYPE_MAX]; 676 struct kvlist rule_kvlist; 677 678 TAILQ_ENTRY(relay_rule) rule_entry; 679 }; 680 TAILQ_HEAD(relay_rules, relay_rule); 681 682 #define TCPFLAG_NODELAY 0x01 683 #define TCPFLAG_NNODELAY 0x02 684 #define TCPFLAG_SACK 0x04 685 #define TCPFLAG_NSACK 0x08 686 #define TCPFLAG_BUFSIZ 0x10 687 #define TCPFLAG_IPTTL 0x20 688 #define TCPFLAG_IPMINTTL 0x40 689 #define TCPFLAG_NSPLICE 0x80 690 #define TCPFLAG_DEFAULT 0x00 691 692 #define TCPFLAG_BITS \ 693 "\10\01NODELAY\02NO_NODELAY\03SACK\04NO_SACK" \ 694 "\05SOCKET_BUFFER_SIZE\06IP_TTL\07IP_MINTTL\10NO_SPLICE" 695 696 #define TLSFLAG_SSLV3 0x01 697 #define TLSFLAG_TLSV1_0 0x02 698 #define TLSFLAG_TLSV1_1 0x04 699 #define TLSFLAG_TLSV1_2 0x08 700 #define TLSFLAG_TLSV1_3 0x10 701 #define TLSFLAG_TLSV1 0x1e 702 #define TLSFLAG_VERSION 0x1f 703 #define TLSFLAG_CIPHER_SERVER_PREF 0x20 704 #define TLSFLAG_CLIENT_RENEG 0x40 705 #define TLSFLAG_DEFAULT \ 706 (TLSFLAG_TLSV1_2|TLSFLAG_TLSV1_3|TLSFLAG_CIPHER_SERVER_PREF) 707 708 #define TLSFLAG_BITS \ 709 "\06\01sslv3\02tlsv1.0\03tlsv1.1\04tlsv1.2\05tlsv1.3" \ 710 "\06cipher-server-preference\07client-renegotiation" 711 712 #define TLSCIPHERS_DEFAULT "HIGH:!aNULL" 713 #define TLSECDHECURVES_DEFAULT "default" 714 #define TLSDHPARAM_DEFAULT "none" 715 716 struct relay_ticket_key { 717 uint32_t tt_keyrev; 718 unsigned char tt_key[TLS_TICKET_KEY_SIZE]; 719 }; 720 #define TLS_SESSION_LIFETIME (2 * 3600) 721 722 #define HTTPFLAG_WEBSOCKETS 0x01 723 724 struct keyname { 725 TAILQ_ENTRY(keyname) entry; 726 char *name; 727 }; 728 TAILQ_HEAD(keynamelist, keyname); 729 730 struct protocol { 731 objid_t id; 732 u_int32_t flags; 733 u_int8_t tcpflags; 734 int tcpbufsiz; 735 int tcpbacklog; 736 u_int8_t tcpipttl; 737 u_int8_t tcpipminttl; 738 size_t httpheaderlen; 739 int httpflags; 740 u_int8_t tlsflags; 741 char tlsciphers[768]; 742 char tlsdhparams[128]; 743 char tlsecdhecurves[128]; 744 char tlsca[PATH_MAX]; 745 char tlscacert[PATH_MAX]; 746 char tlscakey[PATH_MAX]; 747 char *tlscapass; 748 struct keynamelist tlscerts; 749 char name[MAX_NAME_SIZE]; 750 int tickets; 751 enum prototype type; 752 char *style; 753 754 int (*cmp)(struct rsession *, struct rsession *); 755 void *(*validate)(struct rsession *, struct relay *, 756 struct sockaddr_storage *, 757 u_int8_t *, size_t); 758 int (*request)(struct rsession *); 759 void (*close)(struct rsession *); 760 761 struct relay_rules rules; 762 int rulecount; 763 764 TAILQ_ENTRY(protocol) entry; 765 }; 766 TAILQ_HEAD(protolist, protocol); 767 768 struct relay_table { 769 struct table *rlt_table; 770 u_int32_t rlt_flags; 771 int rlt_mode; 772 u_int32_t rlt_index; 773 struct host *rlt_host[RELAY_MAXHOSTS]; 774 int rlt_nhosts; 775 TAILQ_ENTRY(relay_table) rlt_entry; 776 }; 777 TAILQ_HEAD(relaytables, relay_table); 778 779 struct ca_pkey { 780 char pkey_hash[TLS_CERT_HASH_SIZE]; 781 EVP_PKEY *pkey; 782 TAILQ_ENTRY(ca_pkey) pkey_entry; 783 }; 784 TAILQ_HEAD(ca_pkeylist, ca_pkey); 785 786 struct relay_cert { 787 objid_t cert_id; 788 objid_t cert_relayid; 789 int cert_fd; 790 int cert_key_fd; 791 int cert_ocsp_fd; 792 EVP_PKEY *cert_pkey; 793 TAILQ_ENTRY(relay_cert) cert_entry; 794 }; 795 TAILQ_HEAD(relaycertlist, relay_cert); 796 797 struct relay_config { 798 objid_t id; 799 u_int32_t flags; 800 objid_t proto; 801 char name[HOST_NAME_MAX+1]; 802 in_port_t port; 803 in_port_t dstport; 804 int dstretry; 805 struct sockaddr_storage ss; 806 struct sockaddr_storage dstss; 807 struct sockaddr_storage dstaf; 808 struct timeval timeout; 809 enum forwardmode fwdmode; 810 union hashkey hashkey; 811 off_t tls_cakey_len; 812 }; 813 814 struct relay { 815 TAILQ_ENTRY(relay) rl_entry; 816 struct relay_config rl_conf; 817 818 int rl_up; 819 struct protocol *rl_proto; 820 int rl_s; 821 struct bufferevent *rl_bev; 822 823 int rl_dsts; 824 struct bufferevent *rl_dstbev; 825 826 struct relaytables rl_tables; 827 828 struct event rl_ev; 829 struct event rl_evt; 830 831 struct tls_config *rl_tls_cfg; 832 struct tls_config *rl_tls_client_cfg; 833 struct tls *rl_tls_ctx; 834 835 int rl_tls_ca_fd; 836 int rl_tls_cacert_fd; 837 EVP_PKEY *rl_tls_pkey; 838 X509 *rl_tls_cacertx509; 839 char *rl_tls_cakey; 840 EVP_PKEY *rl_tls_capkey; 841 842 struct ctl_stats rl_stats[PROC_MAX_INSTANCES + 1]; 843 844 struct session_tree rl_sessions; 845 }; 846 TAILQ_HEAD(relaylist, relay); 847 848 enum dstmode { 849 RELAY_DSTMODE_LOADBALANCE = 0, 850 RELAY_DSTMODE_ROUNDROBIN, 851 RELAY_DSTMODE_HASH, 852 RELAY_DSTMODE_SRCHASH, 853 RELAY_DSTMODE_LEASTSTATES, 854 RELAY_DSTMODE_RANDOM 855 }; 856 #define RELAY_DSTMODE_DEFAULT RELAY_DSTMODE_ROUNDROBIN 857 858 struct netroute_config { 859 objid_t id; 860 struct sockaddr_storage ss; 861 int prefixlen; 862 objid_t routerid; 863 }; 864 865 struct netroute { 866 struct netroute_config nr_conf; 867 868 TAILQ_ENTRY(netroute) nr_entry; 869 TAILQ_ENTRY(netroute) nr_route; 870 871 struct router *nr_router; 872 }; 873 TAILQ_HEAD(netroutelist, netroute); 874 875 struct router_config { 876 objid_t id; 877 u_int32_t flags; 878 char name[HOST_NAME_MAX+1]; 879 char label[RT_LABEL_SIZE]; 880 int nroutes; 881 objid_t gwtable; 882 in_port_t gwport; 883 int rtable; 884 int af; 885 }; 886 887 struct router { 888 struct router_config rt_conf; 889 890 struct table *rt_gwtable; 891 struct netroutelist rt_netroutes; 892 893 TAILQ_ENTRY(router) rt_entry; 894 }; 895 TAILQ_HEAD(routerlist, router); 896 897 struct ctl_netroute { 898 int up; 899 struct host_config host; 900 struct netroute_config nr; 901 struct router_config rt; 902 }; 903 904 /* initially control.h */ 905 struct control_sock { 906 const char *cs_name; 907 struct event cs_ev; 908 struct event cs_evt; 909 int cs_fd; 910 int cs_restricted; 911 void *cs_env; 912 913 TAILQ_ENTRY(control_sock) cs_entry; 914 }; 915 TAILQ_HEAD(control_socks, control_sock); 916 917 extern struct { 918 struct event ev; 919 int fd; 920 } control_state; 921 922 struct imsgev { 923 struct imsgbuf ibuf; 924 void (*handler)(int, short, void *); 925 struct event ev; 926 struct privsep_proc *proc; 927 void *data; 928 short events; 929 }; 930 931 #define IMSG_SIZE_CHECK(imsg, p) do { \ 932 if (IMSG_DATA_SIZE(imsg) < sizeof(*p)) \ 933 fatalx("bad length imsg received"); \ 934 } while (0) 935 #define IMSG_DATA_SIZE(imsg) ((imsg)->hdr.len - IMSG_HEADER_SIZE) 936 937 struct ctl_conn { 938 TAILQ_ENTRY(ctl_conn) entry; 939 u_int8_t flags; 940 u_int waiting; 941 #define CTL_CONN_NOTIFY 0x01 942 struct imsgev iev; 943 944 }; 945 TAILQ_HEAD(ctl_connlist, ctl_conn); 946 947 enum imsg_type { 948 IMSG_NONE, 949 IMSG_CTL_OK, /* answer to relayctl requests */ 950 IMSG_CTL_FAIL, 951 IMSG_CTL_VERBOSE, 952 IMSG_CTL_PROCFD, 953 IMSG_CTL_END, 954 IMSG_CTL_RDR, 955 IMSG_CTL_TABLE, 956 IMSG_CTL_HOST, 957 IMSG_CTL_RELAY, 958 IMSG_CTL_SESSION, 959 IMSG_CTL_ROUTER, 960 IMSG_CTL_NETROUTE, 961 IMSG_CTL_TABLE_CHANGED, 962 IMSG_CTL_PULL_RULESET, 963 IMSG_CTL_PUSH_RULESET, 964 IMSG_CTL_SHOW_SUM, /* relayctl requests */ 965 IMSG_CTL_RDR_ENABLE, 966 IMSG_CTL_RDR_DISABLE, 967 IMSG_CTL_TABLE_ENABLE, 968 IMSG_CTL_TABLE_DISABLE, 969 IMSG_CTL_HOST_ENABLE, 970 IMSG_CTL_HOST_DISABLE, 971 IMSG_CTL_SHUTDOWN, 972 IMSG_CTL_START, 973 IMSG_CTL_RELOAD, 974 IMSG_CTL_RESET, 975 IMSG_CTL_POLL, 976 IMSG_CTL_NOTIFY, 977 IMSG_CTL_RDR_STATS, 978 IMSG_CTL_RELAY_STATS, 979 IMSG_RDR_ENABLE, /* notifies from pfe to hce */ 980 IMSG_RDR_DISABLE, 981 IMSG_TABLE_ENABLE, 982 IMSG_TABLE_DISABLE, 983 IMSG_HOST_ENABLE, 984 IMSG_HOST_DISABLE, 985 IMSG_HOST_STATUS, /* notifies from hce to pfe */ 986 IMSG_SYNC, 987 IMSG_NATLOOK, 988 IMSG_DEMOTE, 989 IMSG_STATISTICS, 990 IMSG_SCRIPT, 991 IMSG_AGENTXSOCK, 992 IMSG_BINDANY, 993 IMSG_RTMSG, /* from pfe to parent */ 994 IMSG_CFG_TABLE, /* configuration from parent */ 995 IMSG_CFG_HOST, 996 IMSG_CFG_RDR, 997 IMSG_CFG_VIRT, 998 IMSG_CFG_ROUTER, 999 IMSG_CFG_ROUTE, 1000 IMSG_CFG_PROTO, 1001 IMSG_CFG_RULE, 1002 IMSG_CFG_RELAY, 1003 IMSG_CFG_RELAY_TABLE, 1004 IMSG_CFG_RELAY_CERT, 1005 IMSG_CFG_RELAY_FD, 1006 IMSG_CFG_DONE, 1007 IMSG_CA_PRIVENC, 1008 IMSG_CA_PRIVDEC, 1009 IMSG_SESS_PUBLISH, /* from relay to pfe */ 1010 IMSG_SESS_UNPUBLISH, 1011 IMSG_TLSTICKET_REKEY 1012 }; 1013 1014 enum privsep_procid { 1015 PROC_ALL = -1, 1016 PROC_PARENT = 0, 1017 PROC_HCE, 1018 PROC_RELAY, 1019 PROC_PFE, 1020 PROC_CA, 1021 PROC_MAX 1022 }; 1023 extern enum privsep_procid privsep_process; 1024 1025 /* Attach the control socket to the following process */ 1026 #define PROC_CONTROL PROC_PFE 1027 1028 struct privsep_pipes { 1029 int *pp_pipes[PROC_MAX]; 1030 }; 1031 1032 struct privsep { 1033 struct privsep_pipes *ps_pipes[PROC_MAX]; 1034 struct privsep_pipes *ps_pp; 1035 1036 struct imsgev *ps_ievs[PROC_MAX]; 1037 const char *ps_title[PROC_MAX]; 1038 u_int8_t ps_what[PROC_MAX]; 1039 1040 u_int ps_instances[PROC_MAX]; 1041 u_int ps_instance; 1042 1043 struct control_sock ps_csock; 1044 struct control_socks ps_rcsocks; 1045 1046 /* Event and signal handlers */ 1047 struct event ps_evsigint; 1048 struct event ps_evsigterm; 1049 struct event ps_evsigchld; 1050 struct event ps_evsighup; 1051 struct event ps_evsigpipe; 1052 struct event ps_evsigusr1; 1053 1054 int ps_noaction; 1055 struct passwd *ps_pw; 1056 struct relayd *ps_env; 1057 }; 1058 1059 struct privsep_proc { 1060 const char *p_title; 1061 enum privsep_procid p_id; 1062 int (*p_cb)(int, struct privsep_proc *, 1063 struct imsg *); 1064 void (*p_init)(struct privsep *, 1065 struct privsep_proc *); 1066 const char *p_chroot; 1067 struct privsep *p_ps; 1068 void (*p_shutdown)(void); 1069 struct passwd *p_pw; 1070 }; 1071 1072 struct privsep_fd { 1073 enum privsep_procid pf_procid; 1074 unsigned int pf_instance; 1075 }; 1076 1077 struct relayd_config { 1078 char tls_sid[SSL_MAX_SID_CTX_LENGTH]; 1079 char agentx_path[sizeof(((struct sockaddr_un *)NULL)->sun_path)]; 1080 char agentx_context[32]; 1081 struct timeval interval; 1082 struct timeval timeout; 1083 struct timeval statinterval; 1084 u_int16_t prefork_relay; 1085 u_int16_t opts; 1086 u_int32_t flags; 1087 }; 1088 1089 struct pfdata { 1090 int dev; 1091 struct pf_anchor *anchor; 1092 struct pfioc_trans pft; 1093 struct pfioc_trans_e pfte; 1094 u_int8_t pfused; 1095 }; 1096 1097 struct relayd { 1098 struct relayd_config sc_conf; 1099 const char *sc_conffile; 1100 struct pfdata *sc_pf; 1101 int sc_rtsock; 1102 int sc_rtseq; 1103 int sc_tablecount; 1104 int sc_rdrcount; 1105 int sc_protocount; 1106 int sc_relaycount; 1107 int sc_routercount; 1108 int sc_routecount; 1109 struct table sc_empty_table; 1110 struct protocol sc_proto_default; 1111 struct event sc_ev; 1112 struct tablelist *sc_tables; 1113 struct hostlist sc_hosts; 1114 struct rdrlist *sc_rdrs; 1115 struct protolist *sc_protos; 1116 struct relaylist *sc_relays; 1117 struct routerlist *sc_rts; 1118 struct netroutelist *sc_routes; 1119 struct ca_pkeylist *sc_pkeys; 1120 struct relaycertlist *sc_certs; 1121 struct sessionlist sc_sessions; 1122 char sc_demote_group[IFNAMSIZ]; 1123 u_int16_t sc_id; 1124 int sc_rtable; 1125 1126 struct event sc_statev; 1127 1128 struct event sc_agentxev; 1129 1130 int sc_has_icmp; 1131 int sc_has_icmp6; 1132 struct ctl_icmp_event sc_icmp_send; 1133 struct ctl_icmp_event sc_icmp_recv; 1134 struct ctl_icmp_event sc_icmp6_send; 1135 struct ctl_icmp_event sc_icmp6_recv; 1136 1137 struct relay_ticket_key sc_ticket; 1138 1139 struct privsep *sc_ps; 1140 int sc_reload; 1141 }; 1142 1143 #define RELAYD_OPT_VERBOSE 0x01 1144 #define RELAYD_OPT_NOACTION 0x04 1145 #define RELAYD_OPT_LOGUPDATE 0x08 1146 #define RELAYD_OPT_LOGHOSTCHECK 0x10 1147 #define RELAYD_OPT_LOGCON 0x20 1148 #define RELAYD_OPT_LOGCONERR 0x40 1149 1150 /* control.c */ 1151 int control_init(struct privsep *, struct control_sock *); 1152 int control_listen(struct control_sock *); 1153 void control_cleanup(struct control_sock *); 1154 void control_dispatch_imsg(int, short, void *); 1155 void control_imsg_forward(struct privsep *ps, struct imsg *); 1156 struct ctl_conn * 1157 control_connbyfd(int); 1158 1159 /* parse.y */ 1160 int parse_config(const char *, struct relayd *); 1161 int load_config(const char *, struct relayd *); 1162 int cmdline_symset(char *); 1163 1164 /* util.c */ 1165 const char *host_error(enum host_error); 1166 const char *host_status(enum host_status); 1167 const char *table_check(enum table_check); 1168 #ifdef DEBUG 1169 const char *relay_state(enum relay_state); 1170 #endif 1171 const char *print_availability(u_long, u_long); 1172 const char *print_host(struct sockaddr_storage *, char *, size_t); 1173 const char *print_time(struct timeval *, struct timeval *, char *, size_t); 1174 const char *printb_flags(const u_int32_t, const char *); 1175 void getmonotime(struct timeval *); 1176 struct ibuf *string2binary(const char *); 1177 void print_hex(uint8_t *, off_t, size_t); 1178 void print_debug(const char *, ...); 1179 1180 /* pfe.c */ 1181 void pfe(struct privsep *, struct privsep_proc *); 1182 void show(struct ctl_conn *); 1183 void show_sessions(struct ctl_conn *); 1184 int enable_rdr(struct ctl_conn *, struct ctl_id *); 1185 int enable_table(struct ctl_conn *, struct ctl_id *); 1186 int enable_host(struct ctl_conn *, struct ctl_id *, struct host *); 1187 int disable_rdr(struct ctl_conn *, struct ctl_id *); 1188 int disable_table(struct ctl_conn *, struct ctl_id *); 1189 int disable_host(struct ctl_conn *, struct ctl_id *, struct host *); 1190 1191 /* pfe_filter.c */ 1192 void init_tables(struct relayd *); 1193 void flush_table(struct relayd *, struct rdr *); 1194 void sync_table(struct relayd *, struct rdr *, struct table *); 1195 void sync_ruleset(struct relayd *, struct rdr *, int); 1196 void flush_rulesets(struct relayd *); 1197 int natlook(struct relayd *, struct ctl_natlook *); 1198 u_int64_t 1199 check_table(struct relayd *, struct rdr *, struct table *); 1200 1201 /* pfe_route.c */ 1202 void init_routes(struct relayd *); 1203 void sync_routes(struct relayd *, struct router *); 1204 int pfe_route(struct relayd *, struct ctl_netroute *); 1205 1206 /* hce.c */ 1207 void hce(struct privsep *, struct privsep_proc *); 1208 void hce_notify_done(struct host *, enum host_error); 1209 1210 /* relay.c */ 1211 void relay(struct privsep *, struct privsep_proc *); 1212 int relay_privinit(struct relay *); 1213 void relay_notify_done(struct host *, const char *); 1214 int relay_session_cmp(struct rsession *, struct rsession *); 1215 void relay_close(struct rsession *, const char *, int); 1216 int relay_reset_event(struct rsession *, struct ctl_relay_event *); 1217 void relay_natlook(int, short, void *); 1218 void relay_session(struct rsession *); 1219 int relay_from_table(struct rsession *); 1220 int relay_socket_af(struct sockaddr_storage *, in_port_t); 1221 in_port_t 1222 relay_socket_getport(struct sockaddr_storage *); 1223 int relay_cmp_af(struct sockaddr_storage *, 1224 struct sockaddr_storage *); 1225 void relay_write(struct bufferevent *, void *); 1226 void relay_read(struct bufferevent *, void *); 1227 int relay_splice(struct ctl_relay_event *); 1228 int relay_splicelen(struct ctl_relay_event *); 1229 int relay_spliceadjust(struct ctl_relay_event *); 1230 void relay_error(struct bufferevent *, short, void *); 1231 int relay_preconnect(struct rsession *); 1232 int relay_connect(struct rsession *); 1233 void relay_connected(int, short, void *); 1234 void relay_bindanyreq(struct rsession *, in_port_t, int); 1235 void relay_bindany(int, short, void *); 1236 void relay_dump(struct ctl_relay_event *, const void *, size_t); 1237 int relay_bufferevent_add(struct event *, int); 1238 int relay_bufferevent_print(struct ctl_relay_event *, const char *); 1239 int relay_bufferevent_write_buffer(struct ctl_relay_event *, 1240 struct evbuffer *); 1241 int relay_bufferevent_write_chunk(struct ctl_relay_event *, 1242 struct evbuffer *, size_t); 1243 int relay_bufferevent_write(struct ctl_relay_event *, 1244 void *, size_t); 1245 int relay_test(struct protocol *, struct ctl_relay_event *); 1246 void relay_calc_skip_steps(struct relay_rules *); 1247 void relay_match(struct kvlist *, struct kv *, struct kv *, 1248 struct kvtree *); 1249 void relay_session_insert(struct rsession *); 1250 void relay_session_remove(struct rsession *); 1251 void relay_session_publish(struct rsession *); 1252 void relay_session_unpublish(struct rsession *); 1253 1254 SPLAY_PROTOTYPE(session_tree, rsession, se_nodes, relay_session_cmp); 1255 1256 /* relay_http.c */ 1257 void relay_http(struct relayd *); 1258 void relay_http_init(struct relay *); 1259 void relay_abort_http(struct rsession *, u_int, const char *, 1260 u_int16_t); 1261 void relay_read_http(struct bufferevent *, void *); 1262 void relay_close_http(struct rsession *); 1263 u_int relay_httpmethod_byname(const char *); 1264 const char 1265 *relay_httpmethod_byid(u_int); 1266 const char 1267 *relay_httperror_byid(u_int); 1268 int relay_http_priv_init(struct rsession *); 1269 int relay_httpdesc_init(struct ctl_relay_event *); 1270 ssize_t relay_http_time(time_t, char *, size_t); 1271 1272 /* relay_udp.c */ 1273 void relay_udp_privinit(struct relay *); 1274 void relay_udp_init(struct relayd *, struct relay *); 1275 int relay_udp_bind(struct sockaddr_storage *, in_port_t, 1276 struct protocol *); 1277 void relay_udp_server(int, short, void *); 1278 1279 /* check_icmp.c */ 1280 void icmp_init(struct relayd *); 1281 void schedule_icmp(struct relayd *, struct host *); 1282 void check_icmp(struct relayd *, struct timeval *); 1283 1284 /* check_tcp.c */ 1285 void check_tcp(struct ctl_tcp_event *); 1286 1287 /* check_tls.c */ 1288 void check_tls(struct ctl_tcp_event *); 1289 1290 /* check_script.c */ 1291 void check_script(struct relayd *, struct host *); 1292 void script_done(struct relayd *, struct ctl_script *); 1293 int script_exec(struct relayd *, struct ctl_script *); 1294 1295 /* ssl.c */ 1296 char *ssl_load_key(struct relayd *, const char *, off_t *, char *); 1297 uint8_t *ssl_update_certificate(const uint8_t *, size_t, EVP_PKEY *, 1298 EVP_PKEY *, X509 *, size_t *); 1299 int ssl_load_pkey(char *, off_t, X509 **, EVP_PKEY **); 1300 1301 /* ca.c */ 1302 void ca(struct privsep *, struct privsep_proc *); 1303 void ca_engine_init(struct relayd *); 1304 void hash_x509(X509 *cert, char *hash, size_t hashlen); 1305 1306 /* relayd.c */ 1307 struct host *host_find(struct relayd *, objid_t); 1308 struct table *table_find(struct relayd *, objid_t); 1309 struct rdr *rdr_find(struct relayd *, objid_t); 1310 struct netroute *route_find(struct relayd *, objid_t); 1311 struct router *router_find(struct relayd *, objid_t); 1312 struct host *host_findbyname(struct relayd *, const char *); 1313 struct table *table_findbyname(struct relayd *, const char *); 1314 struct table *table_findbyconf(struct relayd *, struct table *); 1315 struct rdr *rdr_findbyname(struct relayd *, const char *); 1316 void event_again(struct event *, int, short, 1317 void (*)(int, short, void *), 1318 struct timeval *, struct timeval *, void *); 1319 struct relay *relay_find(struct relayd *, objid_t); 1320 struct protocol *proto_find(struct relayd *, objid_t); 1321 struct rsession *session_find(struct relayd *, objid_t); 1322 struct relay *relay_findbyname(struct relayd *, const char *); 1323 struct relay *relay_findbyaddr(struct relayd *, struct relay_config *); 1324 EVP_PKEY *pkey_find(struct relayd *, char *hash); 1325 struct ca_pkey *pkey_add(struct relayd *, EVP_PKEY *, char *hash); 1326 struct relay_cert *cert_add(struct relayd *, objid_t); 1327 struct relay_cert *cert_find(struct relayd *, objid_t); 1328 char *relay_load_fd(int, off_t *); 1329 int relay_load_certfiles(struct relayd *, struct relay *, 1330 const char *); 1331 int expand_string(char *, size_t, const char *, const char *); 1332 void translate_string(char *); 1333 void purge_key(char **, off_t); 1334 void purge_table(struct relayd *, struct tablelist *, 1335 struct table *); 1336 void purge_relay(struct relayd *, struct relay *); 1337 char *digeststr(enum digest_type, const u_int8_t *, size_t, char *); 1338 const char *canonicalize_host(const char *, char *, size_t); 1339 int parse_url(const char *, char **, char **, char **); 1340 int map6to4(struct sockaddr_storage *); 1341 int map4to6(struct sockaddr_storage *, struct sockaddr_storage *); 1342 void imsg_event_add(struct imsgev *); 1343 int imsg_compose_event(struct imsgev *, u_int16_t, u_int32_t, 1344 pid_t, int, void *, u_int16_t); 1345 void socket_rlimit(int); 1346 char *get_string(u_int8_t *, size_t); 1347 void *get_data(u_int8_t *, size_t); 1348 int sockaddr_cmp(struct sockaddr *, struct sockaddr *, int); 1349 struct in6_addr *prefixlen2mask6(u_int8_t, u_int32_t *); 1350 u_int32_t prefixlen2mask(u_int8_t); 1351 int accept_reserve(int, struct sockaddr *, socklen_t *, int, 1352 volatile int *); 1353 struct kv *kv_add(struct kvtree *, char *, char *, int); 1354 int kv_set(struct kv *, char *, ...) 1355 __attribute__((__format__ (printf, 2, 3))); 1356 int kv_setkey(struct kv *, char *, ...) 1357 __attribute__((__format__ (printf, 2, 3))); 1358 void kv_delete(struct kvtree *, struct kv *); 1359 struct kv *kv_extend(struct kvtree *, struct kv *, char *); 1360 void kv_purge(struct kvtree *); 1361 void kv_free(struct kv *); 1362 struct kv *kv_inherit(struct kv *, struct kv *); 1363 void relay_log(struct rsession *, char *); 1364 int kv_log(struct rsession *, struct kv *, u_int16_t, 1365 enum direction); 1366 struct kv *kv_find(struct kvtree *, struct kv *); 1367 struct kv *kv_find_value(struct kvtree *, char *, const char *, 1368 const char *); 1369 int kv_cmp(struct kv *, struct kv *); 1370 int rule_add(struct protocol *, struct relay_rule *, const char 1371 *); 1372 void rule_delete(struct relay_rules *, struct relay_rule *); 1373 void rule_free(struct relay_rule *); 1374 struct relay_rule 1375 *rule_inherit(struct relay_rule *); 1376 void rule_settable(struct relay_rules *, struct relay_table *); 1377 RB_PROTOTYPE(kvtree, kv, kv_node, kv_cmp); 1378 1379 /* carp.c */ 1380 int carp_demote_init(char *, int); 1381 void carp_demote_shutdown(void); 1382 int carp_demote_get(char *); 1383 int carp_demote_set(char *, int); 1384 int carp_demote_reset(char *, int); 1385 1386 /* name2id.c */ 1387 u_int16_t label_name2id(const char *); 1388 const char *label_id2name(u_int16_t); 1389 void label_unref(u_int16_t); 1390 void label_ref(u_int16_t); 1391 u_int16_t tag_name2id(const char *); 1392 const char *tag_id2name(u_int16_t); 1393 void tag_unref(u_int16_t); 1394 void tag_ref(u_int16_t); 1395 1396 /* agentx_control.c */ 1397 void agentx_init(struct relayd *); 1398 void agentx_setsock(struct relayd *, enum privsep_procid); 1399 void agentx_getsock(struct imsg *); 1400 void snmp_hosttrap(struct relayd *, struct table *, struct host *); 1401 1402 /* shuffle.c */ 1403 void shuffle_init(struct shuffle *); 1404 u_int16_t shuffle_generate16(struct shuffle *); 1405 1406 /* log.c */ 1407 void log_init(int, int); 1408 void log_procinit(const char *); 1409 void log_setverbose(int); 1410 int log_getverbose(void); 1411 void log_warn(const char *, ...) 1412 __attribute__((__format__ (printf, 1, 2))); 1413 void log_warnx(const char *, ...) 1414 __attribute__((__format__ (printf, 1, 2))); 1415 void log_info(const char *, ...) 1416 __attribute__((__format__ (printf, 1, 2))); 1417 void log_debug(const char *, ...) 1418 __attribute__((__format__ (printf, 1, 2))); 1419 void logit(int, const char *, ...) 1420 __attribute__((__format__ (printf, 2, 3))); 1421 void vlog(int, const char *, va_list) 1422 __attribute__((__format__ (printf, 2, 0))); 1423 __dead void fatal(const char *, ...) 1424 __attribute__((__format__ (printf, 1, 2))); 1425 __dead void fatalx(const char *, ...) 1426 __attribute__((__format__ (printf, 1, 2))); 1427 1428 /* proc.c */ 1429 enum privsep_procid 1430 proc_getid(struct privsep_proc *, unsigned int, const char *); 1431 int proc_flush_imsg(struct privsep *, enum privsep_procid, int); 1432 void proc_init(struct privsep *, struct privsep_proc *, unsigned int, int, 1433 int, char **, enum privsep_procid); 1434 void proc_kill(struct privsep *); 1435 void proc_connect(struct privsep *); 1436 void proc_dispatch(int, short event, void *); 1437 void proc_run(struct privsep *, struct privsep_proc *, 1438 struct privsep_proc *, unsigned int, 1439 void (*)(struct privsep *, struct privsep_proc *, void *), void *); 1440 void proc_range(struct privsep *, enum privsep_procid, int *, int *); 1441 int proc_compose_imsg(struct privsep *, enum privsep_procid, int, 1442 u_int16_t, u_int32_t, int, void *, u_int16_t); 1443 int proc_compose(struct privsep *, enum privsep_procid, 1444 uint16_t, void *, uint16_t); 1445 int proc_composev_imsg(struct privsep *, enum privsep_procid, int, 1446 u_int16_t, u_int32_t, int, const struct iovec *, int); 1447 int proc_composev(struct privsep *, enum privsep_procid, 1448 uint16_t, const struct iovec *, int); 1449 int proc_forward_imsg(struct privsep *, struct imsg *, 1450 enum privsep_procid, int); 1451 struct imsgbuf * 1452 proc_ibuf(struct privsep *, enum privsep_procid, int); 1453 struct imsgev * 1454 proc_iev(struct privsep *, enum privsep_procid, int); 1455 void imsg_event_add(struct imsgev *); 1456 int imsg_compose_event(struct imsgev *, uint16_t, uint32_t, 1457 pid_t, int, void *, uint16_t); 1458 int imsg_composev_event(struct imsgev *, uint16_t, uint32_t, 1459 pid_t, int, const struct iovec *, int); 1460 1461 /* config.c */ 1462 int config_init(struct relayd *); 1463 void config_purge(struct relayd *, u_int); 1464 int config_setreset(struct relayd *, u_int); 1465 int config_getreset(struct relayd *, struct imsg *); 1466 int config_getcfg(struct relayd *, struct imsg *); 1467 int config_settable(struct relayd *, struct table *); 1468 int config_gettable(struct relayd *, struct imsg *); 1469 int config_gethost(struct relayd *, struct imsg *); 1470 int config_setrdr(struct relayd *, struct rdr *); 1471 int config_getrdr(struct relayd *, struct imsg *); 1472 int config_getvirt(struct relayd *, struct imsg *); 1473 int config_setrt(struct relayd *, struct router *); 1474 int config_getrt(struct relayd *, struct imsg *); 1475 int config_getroute(struct relayd *, struct imsg *); 1476 int config_setproto(struct relayd *, struct protocol *); 1477 int config_getproto(struct relayd *, struct imsg *); 1478 int config_setrule(struct relayd *, struct protocol *); 1479 int config_getrule(struct relayd *, struct imsg *); 1480 int config_setrelay(struct relayd *, struct relay *); 1481 int config_getrelay(struct relayd *, struct imsg *); 1482 int config_getrelaytable(struct relayd *, struct imsg *); 1483 int config_getrelayfd(struct relayd *, struct imsg *); 1484 1485 #endif /* RELAYD_H */ 1486