search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Merge commit '0b2e8253986c5c761129b58cfdac46d204903de1'
[unleashed.git] / include / netinet / ip_proxy.h
blob95b7eb56d26242c4c977ea668002e20c8fa464fa
1 /*
2 * Copyright (C) 1997-2001 by Darren Reed.
3 *
4 * See the IPFILTER.LICENCE file for details on licencing.
5 *
6 * $Id: ip_proxy.h,v 2.31.2.3 2005/06/18 02:41:33 darrenr Exp $
7 *
8 * Copyright 2007 Sun Microsystems, Inc. All rights reserved.
9 * Use is subject to license terms.
10 */
11
12 #ifndef __IP_PROXY_H__
13 #define __IP_PROXY_H__
14
15 #ifdef SOLARIS
16 #undef SOLARIS
17 #endif
18 #if (defined(sun) && (defined(__svr4__) || defined(__SVR4)))
19 #define SOLARIS (1)
20 #else
21 #define SOLARIS (0)
22 #endif
23
24 #if defined(__STDC__) || defined(__GNUC__) || defined(_AIX51)
25 #define SIOCPROXY _IOWR('r', 64, struct ap_control)
26 #else
27 #define SIOCPROXY _IOWR(r, 64, struct ap_control)
28 #endif
29
30 #ifndef APR_LABELLEN
31 #define APR_LABELLEN 16
32 #endif
33 #define AP_SESS_SIZE 53
34
35 struct nat;
36 struct ipnat;
37 struct ipstate;
38
39 typedef struct ap_tcp {
40 u_short apt_sport; /* source port */
41 u_short apt_dport; /* destination port */
42 short apt_sel[2]; /* {seq,ack}{off,min} set selector */
43 short apt_seqoff[2]; /* sequence # difference */
44 u_32_t apt_seqmin[2]; /* don't change seq-off until after this */
45 short apt_ackoff[2]; /* sequence # difference */
46 u_32_t apt_ackmin[2]; /* don't change seq-off until after this */
47 u_char apt_state[2]; /* connection state */
48 } ap_tcp_t;
49
50 typedef struct ap_udp {
51 u_short apu_sport; /* source port */
52 u_short apu_dport; /* destination port */
53 } ap_udp_t;
54
55 typedef struct ap_session {
56 struct aproxy *aps_apr;
57 union {
58 struct ap_tcp apu_tcp;
59 struct ap_udp apu_udp;
60 } aps_un;
61 u_int aps_flags;
62 U_QUAD_T aps_bytes; /* bytes sent */
63 U_QUAD_T aps_pkts; /* packets sent */
64 void *aps_nat; /* pointer back to nat struct */
65 void *aps_data; /* private data */
66 int aps_p; /* protocol */
67 int aps_psiz; /* size of private data */
68 struct ap_session *aps_hnext;
69 struct ap_session *aps_next;
70 } ap_session_t;
71
72 #define aps_sport aps_un.apu_tcp.apt_sport
73 #define aps_dport aps_un.apu_tcp.apt_dport
74 #define aps_sel aps_un.apu_tcp.apt_sel
75 #define aps_seqoff aps_un.apu_tcp.apt_seqoff
76 #define aps_seqmin aps_un.apu_tcp.apt_seqmin
77 #define aps_state aps_un.apu_tcp.apt_state
78 #define aps_ackoff aps_un.apu_tcp.apt_ackoff
79 #define aps_ackmin aps_un.apu_tcp.apt_ackmin
80
81
82 typedef struct ap_control {
83 char apc_label[APR_LABELLEN];
84 u_char apc_p;
85 /*
86 * The following fields are upto the proxy's apr_ctl routine to deal
87 * with. When the proxy gets this in kernel space, apc_data will
88 * point to a malloc'd region of memory of apc_dsize bytes. If the
89 * proxy wants to keep that memory, it must set apc_data to NULL
90 * before it returns. It is expected if this happens that it will
91 * take care to free it in apr_fini or otherwise as appropriate.
92 * apc_cmd is provided as a standard place to put simple commands,
93 * with apc_arg being available to put a simple arg.
94 */
95 u_long apc_cmd;
96 u_long apc_arg;
97 void *apc_data;
98 size_t apc_dsize;
99 } ap_ctl_t;
100
101
102 typedef struct aproxy {
103 struct aproxy *apr_next;
104 char apr_label[APR_LABELLEN]; /* Proxy label # */
105 u_char apr_p; /* protocol */
106 int apr_ref; /* +1 per rule referencing it */
107 int apr_flags;
108 void *apr_private; /* proxy private data */
109 int (* apr_init) __P((void **, ipf_stack_t *));
110 void (* apr_fini) __P((void **, ipf_stack_t *));
111 int (* apr_new) __P((fr_info_t *, ap_session_t *, struct nat *, void *));
112 void (* apr_del) __P((ap_session_t *, void *, ipf_stack_t *));
113 int (* apr_inpkt) __P((fr_info_t *, ap_session_t *, struct nat *, void *));
114 int (* apr_outpkt) __P((fr_info_t *, ap_session_t *, struct nat *, void *));
115 int (* apr_match) __P((fr_info_t *, ap_session_t *, struct nat *, void *));
116 int (* apr_ctl) __P((struct aproxy *, struct ap_control *, void *));
117 } aproxy_t;
118
119 #define APR_DELETE 1
120
121 #define APR_ERR(x) ((x) << 16)
122 #define APR_EXIT(x) (((x) >> 16) & 0xffff)
123 #define APR_INC(x) ((x) & 0xffff)
124
125 /*
126 * Generic #define's to cover missing things in the kernel
127 */
128 #ifndef isdigit
129 #define isdigit(x) ((x) >= '0' && (x) <= '9')
130 #endif
131 #ifndef isupper
132 #define isupper(x) (((unsigned)(x) >= 'A') && ((unsigned)(x) <= 'Z'))
133 #endif
134 #ifndef islower
135 #define islower(x) (((unsigned)(x) >= 'a') && ((unsigned)(x) <= 'z'))
136 #endif
137 #ifndef isalpha
138 #define isalpha(x) (isupper(x) || islower(x))
139 #endif
140 #ifndef toupper
141 #define toupper(x) (isupper(x) ? (x) : (x) - 'a' + 'A')
142 #endif
143 #ifndef isspace
144 #define isspace(x) (((x) == ' ') || ((x) == '\r') || ((x) == '\n') || \
145 ((x) == '\t') || ((x) == '\b'))
146 #endif
147
148 /*
149 * This is the scratch buffer size used to hold strings from the TCP stream
150 * that we may want to parse. It's an arbitrary size, really, but it must
151 * be at least as large as IPF_FTPBUFSZ.
152 */
153 #define FTP_BUFSZ 120
154
155 /*
156 * This buffer, however, doesn't need to be nearly so big. It just needs to
157 * be able to squeeze in the largest command it needs to rewrite, Which ones
158 * does it rewrite? EPRT, PORT, 227 replies.
159 */
160 #define IPF_FTPBUFSZ 80 /* This *MUST* be >= 53! */
161
162 typedef struct ftpside {
163 char *ftps_rptr;
164 char *ftps_wptr;
165 void *ftps_ifp;
166 u_32_t ftps_seq[2];
167 u_32_t ftps_len;
168 int ftps_junk; /* 2 = no cr/lf yet, 1 = cannot parse */
169 int ftps_cmds;
170 char ftps_buf[FTP_BUFSZ];
171 } ftpside_t;
172
173 typedef struct ftpinfo {
174 int ftp_passok;
175 int ftp_incok;
176 ftpside_t ftp_side[2];
177 } ftpinfo_t;
178
179
180 /*
181 * For the irc proxy.
182 */
183 typedef struct ircinfo {
184 size_t irc_len;
185 char *irc_snick;
186 char *irc_dnick;
187 char *irc_type;
188 char *irc_arg;
189 char *irc_addr;
190 u_32_t irc_ipnum;
191 u_short irc_port;
192 } ircinfo_t;
193
194
195 /*
196 * Real audio proxy structure and #defines
197 */
198 typedef struct raudio_s {
199 int rap_seenpna;
200 int rap_seenver;
201 int rap_version;
202 int rap_eos; /* End Of Startup */
203 int rap_gotid;
204 int rap_gotlen;
205 int rap_mode;
206 int rap_sdone;
207 u_short rap_plport;
208 u_short rap_prport;
209 u_short rap_srport;
210 char rap_svr[19];
211 u_32_t rap_sbf; /* flag to indicate which of the 19 bytes have
212 * been filled
213 */
214 u_32_t rap_sseq;
215 } raudio_t;
216
217 #define RA_ID_END 0
218 #define RA_ID_UDP 1
219 #define RA_ID_ROBUST 7
220
221 #define RAP_M_UDP 1
222 #define RAP_M_ROBUST 2
223 #define RAP_M_TCP 4
224 #define RAP_M_UDP_ROBUST (RAP_M_UDP|RAP_M_ROBUST)
225
226
227 /*
228 * MSN RPC proxy
229 */
230 typedef struct msnrpcinfo {
231 u_int mri_flags;
232 int mri_cmd[2];
233 u_int mri_valid;
234 struct in_addr mri_raddr;
235 u_short mri_rport;
236 } msnrpcinfo_t;
237
238
239 /*
240 * IPSec proxy
241 */
242 typedef u_32_t ipsec_cookie_t[2];
243
244 typedef struct ipsec_pxy {
245 ipsec_cookie_t ipsc_icookie;
246 ipsec_cookie_t ipsc_rcookie;
247 int ipsc_rckset;
248 ipnat_t ipsc_rule;
249 nat_t *ipsc_nat;
250 struct ipstate *ipsc_state;
251 } ipsec_pxy_t;
252
253 /*
254 * PPTP proxy
255 */
256 typedef struct pptp_side {
257 u_32_t pptps_nexthdr;
258 u_32_t pptps_next;
259 int pptps_state;
260 int pptps_gothdr;
261 int pptps_len;
262 int pptps_bytes;
263 char *pptps_wptr;
264 char pptps_buffer[512];
265 } pptp_side_t;
266
267 typedef struct pptp_pxy {
268 ipnat_t pptp_rule;
269 nat_t *pptp_nat;
270 struct ipstate *pptp_state;
271 u_short pptp_call[2];
272 pptp_side_t pptp_side[2];
273 } pptp_pxy_t;
274
275
276 /*
277 * Sun RPCBIND proxy
278 */
279 #define RPCB_MAXMSG 888
280 #define RPCB_RES_PMAP 0 /* Response contains a v2 port. */
281 #define RPCB_RES_STRING 1 /* " " " v3 (GETADDR) string. */
282 #define RPCB_RES_LIST 2 /* " " " v4 (GETADDRLIST) list. */
283 #define RPCB_MAXREQS 32 /* Arbitrary limit on tracked transactions */
284
285 #define RPCB_REQMIN 40
286 #define RPCB_REQMAX 888
287 #define RPCB_REPMIN 20
288 #define RPCB_REPMAX 604 /* XXX double check this! */
289
290 /*
291 * These macros determine the number of bytes between p and the end of
292 * r->rs_buf relative to l.
293 */
294 #define RPCB_BUF_END(r) (char *)((r)->rm_msgbuf + (r)->rm_buflen)
295 #define RPCB_BUF_GEQ(r, p, l) \
296 ((RPCB_BUF_END((r)) > (char *)(p)) && \
297 ((RPCB_BUF_END((r)) - (char *)(p)) >= (l)))
298 #define RPCB_BUF_EQ(r, p, l) \
299 (RPCB_BUF_END((r)) == ((char *)(p) + (l)))
300
301 /*
302 * The following correspond to RPC(B) detailed in RFC183[13].
303 */
304 #define RPCB_CALL 0
305 #define RPCB_REPLY 1
306 #define RPCB_MSG_VERSION 2
307 #define RPCB_PROG 100000
308 #define RPCB_GETPORT 3
309 #define RPCB_GETADDR 3
310 #define RPCB_GETADDRLIST 11
311 #define RPCB_MSG_ACCEPTED 0
312 #define RPCB_MSG_DENIED 1
313
314 /* BEGIN (Generic XDR structures) */
315 typedef struct xdr_string {
316 u_32_t *xs_len;
317 char *xs_str;
318 } xdr_string_t;
319
320 typedef struct xdr_auth {
321 /* u_32_t xa_flavor; */
322 xdr_string_t xa_string;
323 } xdr_auth_t;
324
325 typedef struct xdr_uaddr {
326 u_32_t xu_ip;
327 u_short xu_port;
328 xdr_string_t xu_str;
329 } xdr_uaddr_t;
330
331 typedef struct xdr_proto {
332 u_int xp_proto;
333 xdr_string_t xp_str;
334 } xdr_proto_t;
335
336 #define xu_xslen xu_str.xs_len
337 #define xu_xsstr xu_str.xs_str
338 #define xp_xslen xp_str.xs_len
339 #define xp_xsstr xp_str.xs_str
340 /* END (Generic XDR structures) */
341
342 /* BEGIN (RPC call structures) */
343 typedef struct pmap_args {
344 /* u_32_t pa_prog; */
345 /* u_32_t pa_vers; */
346 u_32_t *pa_prot;
347 /* u_32_t pa_port; */
348 } pmap_args_t;
349
350 typedef struct rpcb_args {
351 /* u_32_t *ra_prog; */
352 /* u_32_t *ra_vers; */
353 xdr_proto_t ra_netid;
354 xdr_uaddr_t ra_maddr;
355 /* xdr_string_t ra_owner; */
356 } rpcb_args_t;
357
358 typedef struct rpc_call {
359 /* u_32_t rc_rpcvers; */
360 /* u_32_t rc_prog; */
361 u_32_t *rc_vers;
362 u_32_t *rc_proc;
363 xdr_auth_t rc_authcred;
364 xdr_auth_t rc_authverf;
365 union {
366 pmap_args_t ra_pmapargs;
367 rpcb_args_t ra_rpcbargs;
368 } rpcb_args;
369 } rpc_call_t;
370
371 #define rc_pmapargs rpcb_args.ra_pmapargs
372 #define rc_rpcbargs rpcb_args.ra_rpcbargs
373 /* END (RPC call structures) */
374
375 /* BEGIN (RPC reply structures) */
376 typedef struct rpcb_entry {
377 xdr_uaddr_t re_maddr;
378 xdr_proto_t re_netid;
379 /* u_32_t re_semantics; */
380 xdr_string_t re_family;
381 xdr_proto_t re_proto;
382 u_32_t *re_more; /* 1 == another entry follows */
383 } rpcb_entry_t;
384
385 typedef struct rpcb_listp {
386 u_32_t *rl_list; /* 1 == list follows */
387 int rl_cnt;
388 rpcb_entry_t rl_entries[2]; /* TCP / UDP only */
389 } rpcb_listp_t;
390
391 typedef struct rpc_resp {
392 /* u_32_t rr_acceptdeny; */
393 /* Omitted 'message denied' fork; we don't care about rejects. */
394 xdr_auth_t rr_authverf;
395 /* u_32_t *rr_astat; */
396 union {
397 u_32_t *resp_pmap;
398 xdr_uaddr_t resp_getaddr;
399 rpcb_listp_t resp_getaddrlist;
400 } rpcb_reply;
401 } rpc_resp_t;
402
403 #define rr_v2 rpcb_reply.resp_pmap
404 #define rr_v3 rpcb_reply.resp_getaddr
405 #define rr_v4 rpcb_reply.resp_getaddrlist
406 /* END (RPC reply structures) */
407
408 /* BEGIN (RPC message structure & macros) */
409 typedef struct rpc_msg {
410 char rm_msgbuf[RPCB_MAXMSG]; /* RPCB data buffer */
411 u_int rm_buflen;
412 u_32_t *rm_xid;
413 /* u_32_t Call vs Reply */
414 union {
415 rpc_call_t rb_call;
416 rpc_resp_t rb_resp;
417 } rm_body;
418 } rpc_msg_t;
419
420 #define rm_call rm_body.rb_call
421 #define rm_resp rm_body.rb_resp
422 /* END (RPC message structure & macros) */
423
424 /*
425 * These code paths aren't hot enough to warrant per transaction
426 * mutexes.
427 */
428 typedef struct rpcb_xact {
429 struct rpcb_xact *rx_next;
430 struct rpcb_xact **rx_pnext;
431 u_32_t rx_xid; /* RPC transmission ID */
432 u_int rx_type; /* RPCB response type */
433 u_int rx_ref; /* reference count */
434 u_int rx_proto; /* transport protocol (v2 only) */
435 } rpcb_xact_t;
436
437 typedef struct rpcb_session {
438 ipfmutex_t rs_rxlock;
439 rpcb_xact_t *rs_rxlist;
440 } rpcb_session_t;
441
442 /*
443 * For an explanation, please see the following:
444 * RFC1832 - Sections 3.11, 4.4, and 4.5.
445 */
446 #define XDRALIGN(x) ((((x) % 4) != 0) ? ((((x) + 3) / 4) * 4) : (x))
447
448 extern int appr_add __P((aproxy_t *, ipf_stack_t *));
449 extern int appr_ctl __P((ap_ctl_t *, ipf_stack_t *));
450 extern int appr_del __P((aproxy_t *, ipf_stack_t *));
451 extern int appr_init __P((ipf_stack_t *));
452 extern void appr_unload __P((ipf_stack_t *));
453 extern int appr_ok __P((fr_info_t *, tcphdr_t *, struct ipnat *));
454 extern int appr_match __P((fr_info_t *, struct nat *));
455 extern void appr_free __P((aproxy_t *));
456 extern void aps_free __P((ap_session_t *, ipf_stack_t *));
457 extern int appr_check __P((fr_info_t *, struct nat *));
458 extern aproxy_t *appr_lookup __P((u_int, char *, ipf_stack_t *));
459 extern int appr_new __P((fr_info_t *, struct nat *));
460 extern int appr_ioctl __P((caddr_t, ioctlcmd_t, int, ipf_stack_t *));
461
462 #endif /* __IP_PROXY_H__ */
Unleashed OS