| blob | 23e135ca6ac3913fa45389fc621f471d45cdf17a |
1 /*-
2 * Copyright (c) 2001 Charles Mott <cm@linktel.net>
3 * All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in the
12 * documentation and/or other materials provided with the distribution.
13 *
14 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
15 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
16 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
17 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
18 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
19 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
20 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
21 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
22 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
23 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
24 * SUCH DAMAGE.
25 *
26 * $FreeBSD: src/lib/libalias/alias_proxy.c,v 1.4.2.5 2001/11/03 11:34:33 brian Exp $
27 * $DragonFly: src/lib/libalias/alias_proxy.c,v 1.3 2004/08/20 00:08:17 joerg Exp $
28 */
30 /* file: alias_proxy.c
32 This file encapsulates special operations related to transparent
33 proxy redirection. This is where packets with a particular destination,
34 usually tcp port 80, are redirected to a proxy server.
36 When packets are proxied, the destination address and port are
37 modified. In certain cases, it is necessary to somehow encode
38 the original address/port info into the packet. Two methods are
39 presently supported: addition of a [DEST addr port] string at the
40 beginning a of tcp stream, or inclusion of an optional field
41 in the IP header.
43 There is one public API function:
45 PacketAliasProxyRule() -- Adds and deletes proxy
46 rules.
48 Rules are stored in a linear linked list, so lookup efficiency
49 won't be too good for large lists.
52 Initial development: April, 1998 (cjm)
53 */
56 /* System includes */
57 #include <sys/param.h>
58 #include <sys/socket.h>
60 #include <ctype.h>
61 #include <stdio.h>
62 #include <stdlib.h>
63 #include <string.h>
64 #include <netdb.h>
66 /* BSD IPV4 includes */
67 #include <netinet/in_systm.h>
68 #include <netinet/in.h>
69 #include <netinet/ip.h>
70 #include <netinet/tcp.h>
72 #include <arpa/inet.h>
79 /*
80 Data structures
81 */
83 /*
84 * A linked list of arbitrary length, based on struct proxy_entry is
85 * used to store proxy rules.
86 */
87 struct proxy_entry
88 {
89 #define PROXY_TYPE_ENCODE_NONE 1
90 #define PROXY_TYPE_ENCODE_TCPSTREAM 2
91 #define PROXY_TYPE_ENCODE_IPHDR 3
94 u_char proto;
95 u_short proxy_port;
96 u_short server_port;
108 };
112 /*
113 File scope variables
114 */
120 /* Local (static) functions:
122 IpMask() -- Utility function for creating IP
123 masks from integer (1-32) specification.
124 IpAddr() -- Utility function for converting string
125 to IP address
126 IpPort() -- Utility function for converting string
127 to port number
128 RuleAdd() -- Adds an element to the rule list.
129 RuleDelete() -- Removes an element from the rule list.
130 RuleNumberDelete() -- Removes all elements from the rule list
131 having a certain rule number.
132 ProxyEncodeTcpStream() -- Adds [DEST x.x.x.x xxxx] to the beginning
133 of a TCP stream.
134 ProxyEncodeIpHeader() -- Adds an IP option indicating the true
135 destination of a proxied IP packet
136 */
147 static int
149 {
151 u_int imask;
162 }
164 static int
166 {
169 else
171 }
173 static int
175 {
180 {
187 else
194 }
197 }
199 void
201 {
207 {
212 }
218 {
220 {
222 {
228 }
235 }
238 }
243 }
245 static void
247 {
250 else
257 }
259 static int
261 {
268 {
273 {
276 }
279 }
282 }
284 static void
288 {
293 /* Compute pointer to tcp header */
296 /* Don't modify if once already modified */
301 /* Translate destination address and port to string form */
305 /* Pad string out to a multiple of two in length */
308 {
316 }
318 /* Check for packet overflow */
322 /* Shift existing TCP data and insert destination string */
323 {
331 /* Modify first packet that has data in it */
341 }
343 /* Save information about modfied sequence number */
344 {
350 }
352 /* Update IP header packet length and checksum */
353 {
361 }
363 /* Update TCP checksum, Use TcpChecksum since so many things have
364 already changed. */
368 }
370 static void
373 {
374 #define OPTION_LEN_BYTES 8
375 #define OPTION_LEN_INT16 4
376 #define OPTION_LEN_INT32 2
379 #ifdef DEBUG
382 #endif
384 /* Check to see that there is room to add an IP option */
388 /* Build option and copy into packet */
389 {
406 }
408 /* Update checksum, header length and packet length */
409 {
429 }
430 #undef OPTION_LEN_BYTES
431 #undef OPTION_LEN_INT16
432 #undef OPTION_LEN_INT32
433 #ifdef DEBUG
436 #endif
437 }
440 /* Functions by other packet alias source files
442 ProxyCheck() -- Checks whether an outgoing packet should
443 be proxied.
444 ProxyModify() -- Encodes the original destination address/port
445 for a packet which is to be redirected to
446 a proxy server.
447 */
449 int
453 {
454 u_short dst_port;
466 {
467 u_short proxy_port;
473 {
482 {
487 }
488 }
490 }
493 }
495 void
500 {
502 {
510 }
511 }
514 /*
515 Public API functions
516 */
518 int
520 {
521 /*
522 * This function takes command strings of the form:
523 *
524 * server <addr>[:<port>]
525 * [port <port>]
526 * [rule n]
527 * [proto tcp|udp]
528 * [src <addr>[/n]]
529 * [dst <addr>[/n]]
530 * [type encode_tcp_stream|encode_ip_hdr|no_encode]
531 *
532 * delete <rule number>
533 *
534 * Subfields can be in arbitrary order. Port numbers and addresses
535 * must be in either numeric or symbolic form. An optional rule number
536 * is used to control the order in which rules are searched. If two
537 * rules have the same number, then search order cannot be guaranteed,
538 * and the rules should be disjoint. If no rule number is specified,
539 * then 0 is used, and group 0 rules are always checked before any
540 * others.
541 */
562 /* Copy command line into a buffer */
569 /* Convert to lower case */
574 /* Set default proxy type */
576 /* Set up default values */
591 /* Parse command string with state machine */
592 #define STATE_READ_KEYWORD 0
593 #define STATE_READ_TYPE 1
594 #define STATE_READ_PORT 2
595 #define STATE_READ_SERVER 3
596 #define STATE_READ_RULE 4
597 #define STATE_READ_DELETE 5
598 #define STATE_READ_PROTO 6
599 #define STATE_READ_SRC 7
600 #define STATE_READ_DST 8
605 {
606 token_count++;
608 {
626 else
637 else
648 {
655 p++;
658 {
662 }
663 else
664 {
674 }
675 }
687 {
701 }
708 else
715 {
723 p++;
726 {
731 }
732 else
733 {
749 }
752 {
755 }
756 else
757 {
760 }
761 }
768 }
773 }
774 #undef STATE_READ_KEYWORD
775 #undef STATE_READ_TYPE
776 #undef STATE_READ_PORT
777 #undef STATE_READ_SERVER
778 #undef STATE_READ_RULE
779 #undef STATE_READ_DELETE
780 #undef STATE_READ_PROTO
781 #undef STATE_READ_SRC
782 #undef STATE_READ_DST
784 /* Convert port strings to numbers. This needs to be done after
785 the string is parsed, because the prototype might not be designated
786 before the ports (which might be symbolic entries in /etc/services) */
789 {
795 }
796 else
797 {
799 }
802 {
808 }
809 else
810 {
812 }
814 /* Check that at least the server address has been defined */
818 /* Add to linked list */
837 }