1 /* $FreeBSD$ */ 2 3 /* 4 * Copyright (C) 2012 by Darren Reed. 5 * 6 * See the IPFILTER.LICENCE file for details on licencing. 7 * 8 * $FreeBSD$ 9 * Id: ip_proxy.h,v 2.31.2.2 2005/03/12 19:33:48 darrenr Exp 10 */ 11 12 #ifndef __IP_PROXY_H__ 13 #define __IP_PROXY_H__ 14 15 #ifndef SOLARIS 16 # if defined(sun) && defined(__SVR4) 17 # define SOLARIS 1 18 # else 19 # define SOLARIS 0 20 # endif 21 #endif 22 23 #define SIOCPROXY _IOWR('r', 64, struct ap_control) 24 25 #ifndef APR_LABELLEN 26 #define APR_LABELLEN 16 27 #endif 28 #define AP_SESS_SIZE 53 29 30 struct nat; 31 struct ipnat; 32 struct ipstate; 33 34 typedef struct ap_tcp { 35 u_short apt_sport; /* source port */ 36 u_short apt_dport; /* destination port */ 37 short apt_sel[2]; /* {seq,ack}{off,min} set selector */ 38 short apt_seqoff[2]; /* sequence # difference */ 39 u_32_t apt_seqmin[2]; /* don't change seq-off until after this */ 40 short apt_ackoff[2]; /* sequence # difference */ 41 u_32_t apt_ackmin[2]; /* don't change seq-off until after this */ 42 u_char apt_state[2]; /* connection state */ 43 } ap_tcp_t; 44 45 typedef struct ap_udp { 46 u_short apu_sport; /* source port */ 47 u_short apu_dport; /* destination port */ 48 } ap_udp_t; 49 50 typedef struct ap_session { 51 struct aproxy *aps_apr; 52 union { 53 struct ap_tcp apu_tcp; 54 struct ap_udp apu_udp; 55 } aps_un; 56 U_QUAD_T aps_bytes; /* bytes sent */ 57 U_QUAD_T aps_pkts; /* packets sent */ 58 void *aps_nat; /* pointer back to nat struct */ 59 void *aps_data; /* private data */ 60 int aps_psiz; /* size of private data */ 61 struct ap_session *aps_next; 62 } ap_session_t; 63 64 #define aps_sport aps_un.apu_tcp.apt_sport 65 #define aps_dport aps_un.apu_tcp.apt_dport 66 #define aps_sel aps_un.apu_tcp.apt_sel 67 #define aps_seqoff aps_un.apu_tcp.apt_seqoff 68 #define aps_seqmin aps_un.apu_tcp.apt_seqmin 69 #define aps_state aps_un.apu_tcp.apt_state 70 #define aps_ackoff aps_un.apu_tcp.apt_ackoff 71 #define aps_ackmin aps_un.apu_tcp.apt_ackmin 72 73 74 typedef struct ap_control { 75 char apc_label[APR_LABELLEN]; 76 char apc_config[APR_LABELLEN]; 77 u_char apc_p; 78 /* 79 * The following fields are upto the proxy's apr_ctl routine to deal 80 * with. When the proxy gets this in kernel space, apc_data will 81 * point to a malloc'd region of memory of apc_dsize bytes. If the 82 * proxy wants to keep that memory, it must set apc_data to NULL 83 * before it returns. It is expected if this happens that it will 84 * take care to free it in apr_fini or otherwise as appropriate. 85 * apc_cmd is provided as a standard place to put simple commands, 86 * with apc_arg being available to put a simple arg. 87 */ 88 u_long apc_cmd; 89 u_long apc_arg; 90 void *apc_data; 91 size_t apc_dsize; 92 } ap_ctl_t; 93 94 #define APC_CMD_ADD 0 95 #define APC_CMD_DEL 1 96 97 98 typedef struct aproxy { 99 struct aproxy *apr_next; 100 struct aproxy *apr_parent; 101 char apr_label[APR_LABELLEN]; /* Proxy label # */ 102 u_char apr_p; /* protocol */ 103 int apr_flags; 104 int apr_ref; 105 int apr_clones; 106 void (* apr_load)(void); 107 void (* apr_unload)(void); 108 void *(* apr_create)(ipf_main_softc_t *); 109 void (* apr_destroy)(ipf_main_softc_t *, void *); 110 int (* apr_init)(ipf_main_softc_t *, void *); 111 void (* apr_fini)(ipf_main_softc_t *, void *); 112 int (* apr_new)(void *, fr_info_t *, ap_session_t *, 113 struct nat *); 114 void (* apr_del)(ipf_main_softc_t *, ap_session_t *); 115 int (* apr_inpkt)(void *, fr_info_t *, ap_session_t *, 116 struct nat *); 117 int (* apr_outpkt)(void *, fr_info_t *, ap_session_t *, 118 struct nat *); 119 int (* apr_match)(fr_info_t *, ap_session_t *, struct nat *); 120 int (* apr_ctl)(ipf_main_softc_t *, void *, ap_ctl_t *); 121 int (* apr_clear)(struct aproxy *); 122 int (* apr_flush)(struct aproxy *, int); 123 void *apr_soft; 124 } aproxy_t; 125 126 #define APR_DELETE 1 127 128 #define APR_ERR(x) ((x) << 16) 129 #define APR_EXIT(x) (((x) >> 16) & 0xffff) 130 #define APR_INC(x) ((x) & 0xffff) 131 132 133 #ifdef _KERNEL 134 /* 135 * Generic #define's to cover missing things in the kernel 136 */ 137 # ifndef isdigit 138 # define isdigit(x) ((x) >= '0' && (x) <= '9') 139 # endif 140 # ifndef isupper 141 # define isupper(x) (((unsigned)(x) >= 'A') && ((unsigned)(x) <= 'Z')) 142 # endif 143 # ifndef islower 144 # define islower(x) (((unsigned)(x) >= 'a') && ((unsigned)(x) <= 'z')) 145 # endif 146 # ifndef isalpha 147 # define isalpha(x) (isupper(x) || islower(x)) 148 # endif 149 # ifndef toupper 150 # define toupper(x) (isupper(x) ? (x) : (x) - 'a' + 'A') 151 # endif 152 # ifndef isspace 153 # define isspace(x) (((x) == ' ') || ((x) == '\r') || ((x) == '\n') || \ 154 ((x) == '\t') || ((x) == '\b')) 155 # endif 156 #endif /* _KERNEL */ 157 158 /* 159 * For the ftp proxy. 160 */ 161 #define FTP_BUFSZ 160 162 #define IPF_FTPBUFSZ 160 163 164 typedef struct ftpside { 165 char *ftps_rptr; 166 char *ftps_wptr; 167 void *ftps_ifp; 168 u_32_t ftps_seq[2]; 169 u_32_t ftps_len; 170 int ftps_junk; 171 int ftps_cmds; 172 int ftps_cmd; 173 char ftps_buf[FTP_BUFSZ]; 174 } ftpside_t; 175 176 typedef struct ftpinfo { 177 int ftp_passok; 178 int ftp_incok; 179 void *ftp_pendstate; 180 nat_t *ftp_pendnat; 181 ftpside_t ftp_side[2]; 182 } ftpinfo_t; 183 184 185 /* 186 * IPsec proxy 187 */ 188 typedef u_32_t ipsec_cookie_t[2]; 189 190 typedef struct ipsec_pxy { 191 ipsec_cookie_t ipsc_icookie; 192 ipsec_cookie_t ipsc_rcookie; 193 int ipsc_rckset; 194 nat_t *ipsc_nat; 195 struct ipstate *ipsc_state; 196 ipnat_t *ipsc_rule; 197 } ipsec_pxy_t; 198 199 200 /* 201 * For the irc proxy. 202 */ 203 typedef struct ircinfo { 204 size_t irc_len; 205 char *irc_snick; 206 char *irc_dnick; 207 char *irc_type; 208 char *irc_arg; 209 char *irc_addr; 210 u_32_t irc_ipnum; 211 u_short irc_port; 212 } ircinfo_t; 213 214 215 /* 216 * For the DNS "proxy" 217 */ 218 typedef struct dnsinfo { 219 ipfmutex_t dnsi_lock; 220 u_short dnsi_id; 221 char dnsi_buffer[512]; 222 } dnsinfo_t; 223 224 225 /* 226 * Real audio proxy structure and #defines 227 */ 228 typedef struct raudio_s { 229 int rap_seenpna; 230 int rap_seenver; 231 int rap_version; 232 int rap_eos; /* End Of Startup */ 233 int rap_gotid; 234 int rap_gotlen; 235 int rap_mode; 236 int rap_sdone; 237 u_short rap_plport; 238 u_short rap_prport; 239 u_short rap_srport; 240 char rap_svr[19]; 241 u_32_t rap_sbf; /* flag to indicate which of the 19 bytes have 242 * been filled 243 */ 244 u_32_t rap_sseq; 245 } raudio_t; 246 247 #define RA_ID_END 0 248 #define RA_ID_UDP 1 249 #define RA_ID_ROBUST 7 250 251 #define RAP_M_UDP 1 252 #define RAP_M_ROBUST 2 253 #define RAP_M_TCP 4 254 #define RAP_M_UDP_ROBUST (RAP_M_UDP|RAP_M_ROBUST) 255 256 257 /* 258 * MSN RPC proxy 259 */ 260 typedef struct msnrpcinfo { 261 u_int mri_flags; 262 int mri_cmd[2]; 263 u_int mri_valid; 264 struct in_addr mri_raddr; 265 u_short mri_rport; 266 } msnrpcinfo_t; 267 268 269 /* 270 * Sun RPCBIND proxy 271 */ 272 #define RPCB_MAXMSG 888 273 #define RPCB_RES_PMAP 0 /* Response contains a v2 port. */ 274 #define RPCB_RES_STRING 1 /* " " " v3 (GETADDR) string. */ 275 #define RPCB_RES_LIST 2 /* " " " v4 (GETADDRLIST) list. */ 276 #define RPCB_MAXREQS 32 /* Arbitrary limit on tracked transactions */ 277 278 #define RPCB_REQMIN 40 279 #define RPCB_REQMAX 888 280 #define RPCB_REPMIN 20 281 #define RPCB_REPMAX 604 /* XXX double check this! */ 282 283 /* 284 * These macros determine the number of bytes between p and the end of 285 * r->rs_buf relative to l. 286 */ 287 #define RPCB_BUF_END(r) (char *)((r)->rm_msgbuf + (r)->rm_buflen) 288 #define RPCB_BUF_GEQ(r, p, l) \ 289 ((RPCB_BUF_END((r)) > (char *)(p)) && \ 290 ((RPCB_BUF_END((r)) - (char *)(p)) >= (l))) 291 #define RPCB_BUF_EQ(r, p, l) \ 292 (RPCB_BUF_END((r)) == ((char *)(p) + (l))) 293 294 /* 295 * The following correspond to RPC(B) detailed in RFC183[13]. 296 */ 297 #define RPCB_CALL 0 298 #define RPCB_REPLY 1 299 #define RPCB_MSG_VERSION 2 300 #define RPCB_PROG 100000 301 #define RPCB_GETPORT 3 302 #define RPCB_GETADDR 3 303 #define RPCB_GETADDRLIST 11 304 #define RPCB_MSG_ACCEPTED 0 305 #define RPCB_MSG_DENIED 1 306 307 /* BEGIN (Generic XDR structures) */ 308 typedef struct xdr_string { 309 u_32_t *xs_len; 310 char *xs_str; 311 } xdr_string_t; 312 313 typedef struct xdr_auth { 314 /* u_32_t xa_flavor; */ 315 xdr_string_t xa_string; 316 } xdr_auth_t; 317 318 typedef struct xdr_uaddr { 319 u_32_t xu_ip; 320 u_short xu_port; 321 xdr_string_t xu_str; 322 } xdr_uaddr_t; 323 324 typedef struct xdr_proto { 325 u_int xp_proto; 326 xdr_string_t xp_str; 327 } xdr_proto_t; 328 329 #define xu_xslen xu_str.xs_len 330 #define xu_xsstr xu_str.xs_str 331 #define xp_xslen xp_str.xs_len 332 #define xp_xsstr xp_str.xs_str 333 /* END (Generic XDR structures) */ 334 335 /* BEGIN (RPC call structures) */ 336 typedef struct pmap_args { 337 /* u_32_t pa_prog; */ 338 /* u_32_t pa_vers; */ 339 u_32_t *pa_prot; 340 /* u_32_t pa_port; */ 341 } pmap_args_t; 342 343 typedef struct rpcb_args { 344 /* u_32_t *ra_prog; */ 345 /* u_32_t *ra_vers; */ 346 xdr_proto_t ra_netid; 347 xdr_uaddr_t ra_maddr; 348 /* xdr_string_t ra_owner; */ 349 } rpcb_args_t; 350 351 typedef struct rpc_call { 352 /* u_32_t rc_rpcvers; */ 353 /* u_32_t rc_prog; */ 354 u_32_t *rc_vers; 355 u_32_t *rc_proc; 356 xdr_auth_t rc_authcred; 357 xdr_auth_t rc_authverf; 358 union { 359 pmap_args_t ra_pmapargs; 360 rpcb_args_t ra_rpcbargs; 361 } rpcb_args; 362 } rpc_call_t; 363 364 #define rc_pmapargs rpcb_args.ra_pmapargs 365 #define rc_rpcbargs rpcb_args.ra_rpcbargs 366 /* END (RPC call structures) */ 367 368 /* BEGIN (RPC reply structures) */ 369 typedef struct rpcb_entry { 370 xdr_uaddr_t re_maddr; 371 xdr_proto_t re_netid; 372 /* u_32_t re_semantics; */ 373 xdr_string_t re_family; 374 xdr_proto_t re_proto; 375 u_32_t *re_more; /* 1 == another entry follows */ 376 } rpcb_entry_t; 377 378 typedef struct rpcb_listp { 379 u_32_t *rl_list; /* 1 == list follows */ 380 int rl_cnt; 381 rpcb_entry_t rl_entries[2]; /* TCP / UDP only */ 382 } rpcb_listp_t; 383 384 typedef struct rpc_resp { 385 /* u_32_t rr_acceptdeny; */ 386 /* Omitted 'message denied' fork; we don't care about rejects. */ 387 xdr_auth_t rr_authverf; 388 /* u_32_t *rr_astat; */ 389 union { 390 u_32_t *resp_pmap; 391 xdr_uaddr_t resp_getaddr; 392 rpcb_listp_t resp_getaddrlist; 393 } rpcb_reply; 394 } rpc_resp_t; 395 396 #define rr_v2 rpcb_reply.resp_pmap 397 #define rr_v3 rpcb_reply.resp_getaddr 398 #define rr_v4 rpcb_reply.resp_getaddrlist 399 /* END (RPC reply structures) */ 400 401 /* BEGIN (RPC message structure & macros) */ 402 typedef struct rpc_msg { 403 char rm_msgbuf[RPCB_MAXMSG]; /* RPCB data buffer */ 404 u_int rm_buflen; 405 u_32_t *rm_xid; 406 /* u_32_t Call vs Reply */ 407 union { 408 rpc_call_t rb_call; 409 rpc_resp_t rb_resp; 410 } rm_body; 411 } rpc_msg_t; 412 413 #define rm_call rm_body.rb_call 414 #define rm_resp rm_body.rb_resp 415 /* END (RPC message structure & macros) */ 416 417 /* 418 * These code paths aren't hot enough to warrant per transaction 419 * mutexes. 420 */ 421 typedef struct rpcb_xact { 422 struct rpcb_xact *rx_next; 423 struct rpcb_xact **rx_pnext; 424 u_32_t rx_xid; /* RPC transmission ID */ 425 u_int rx_type; /* RPCB response type */ 426 u_int rx_ref; /* reference count */ 427 u_int rx_proto; /* transport protocol (v2 only) */ 428 } rpcb_xact_t; 429 430 typedef struct rpcb_session { 431 ipfmutex_t rs_rxlock; 432 rpcb_xact_t *rs_rxlist; 433 } rpcb_session_t; 434 435 /* 436 * For an explanation, please see the following: 437 * RFC1832 - Sections 3.11, 4.4, and 4.5. 438 */ 439 #define XDRALIGN(x) ((((x) % 4) != 0) ? ((((x) + 3) / 4) * 4) : (x)) 440 441 extern int ipf_proxy_add(void *, aproxy_t *); 442 extern int ipf_proxy_check(fr_info_t *, struct nat *); 443 extern int ipf_proxy_ctl(ipf_main_softc_t *, void *, ap_ctl_t *); 444 extern int ipf_proxy_del(aproxy_t *); 445 extern void ipf_proxy_deref(aproxy_t *); 446 extern void ipf_proxy_flush(void *, int); 447 extern int ipf_proxy_init(void); 448 extern int ipf_proxy_ioctl(ipf_main_softc_t *, caddr_t, ioctlcmd_t, int, void *); 449 extern aproxy_t *ipf_proxy_lookup(void *, u_int, char *); 450 extern int ipf_proxy_match(fr_info_t *, struct nat *); 451 extern int ipf_proxy_new(fr_info_t *, struct nat *); 452 extern int ipf_proxy_ok(fr_info_t *, tcphdr_t *, struct ipnat *); 453 extern void ipf_proxy_free(ipf_main_softc_t *, ap_session_t *); 454 extern int ipf_proxy_main_load(void); 455 extern int ipf_proxy_main_unload(void); 456 extern ipnat_t *ipf_proxy_rule_fwd(nat_t *); 457 extern ipnat_t *ipf_proxy_rule_rev(nat_t *); 458 extern void *ipf_proxy_soft_create(ipf_main_softc_t *); 459 extern void ipf_proxy_soft_destroy(ipf_main_softc_t *, void *); 460 extern int ipf_proxy_soft_init(ipf_main_softc_t *, void *); 461 extern int ipf_proxy_soft_fini(ipf_main_softc_t *, void *); 462 463 #endif /* __IP_PROXY_H__ */ 464