search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
bldenv/nightly: remove unused RELEASE_MICRO/DEV_CM
[unleashed.git] / include / netinet / ip_proxy.h
blob7c490673e058246daeb26e0414bc196cb2562e74
1 /*
2 * Copyright (C) 1997-2001 by Darren Reed.
3 *
4 * See the IPFILTER.LICENCE file for details on licencing.
5 *
6 * $Id: ip_proxy.h,v 2.31.2.3 2005/06/18 02:41:33 darrenr Exp $
7 *
8 * Copyright 2007 Sun Microsystems, Inc. All rights reserved.
9 * Use is subject to license terms.
10 */
11
12 #pragma ident "%Z%%M% %I% %E% SMI"
13
14 #ifndef __IP_PROXY_H__
15 #define __IP_PROXY_H__
16
17 #ifndef SOLARIS
18 #define SOLARIS (defined(sun) && (defined(__svr4__) || defined(__SVR4)))
19 #endif
20
21 #if defined(__STDC__) || defined(__GNUC__) || defined(_AIX51)
22 #define SIOCPROXY _IOWR('r', 64, struct ap_control)
23 #else
24 #define SIOCPROXY _IOWR(r, 64, struct ap_control)
25 #endif
26
27 #ifndef APR_LABELLEN
28 #define APR_LABELLEN 16
29 #endif
30 #define AP_SESS_SIZE 53
31
32 struct nat;
33 struct ipnat;
34 struct ipstate;
35
36 typedef struct ap_tcp {
37 u_short apt_sport; /* source port */
38 u_short apt_dport; /* destination port */
39 short apt_sel[2]; /* {seq,ack}{off,min} set selector */
40 short apt_seqoff[2]; /* sequence # difference */
41 u_32_t apt_seqmin[2]; /* don't change seq-off until after this */
42 short apt_ackoff[2]; /* sequence # difference */
43 u_32_t apt_ackmin[2]; /* don't change seq-off until after this */
44 u_char apt_state[2]; /* connection state */
45 } ap_tcp_t;
46
47 typedef struct ap_udp {
48 u_short apu_sport; /* source port */
49 u_short apu_dport; /* destination port */
50 } ap_udp_t;
51
52 typedef struct ap_session {
53 struct aproxy *aps_apr;
54 union {
55 struct ap_tcp apu_tcp;
56 struct ap_udp apu_udp;
57 } aps_un;
58 u_int aps_flags;
59 U_QUAD_T aps_bytes; /* bytes sent */
60 U_QUAD_T aps_pkts; /* packets sent */
61 void *aps_nat; /* pointer back to nat struct */
62 void *aps_data; /* private data */
63 int aps_p; /* protocol */
64 int aps_psiz; /* size of private data */
65 struct ap_session *aps_hnext;
66 struct ap_session *aps_next;
67 } ap_session_t;
68
69 #define aps_sport aps_un.apu_tcp.apt_sport
70 #define aps_dport aps_un.apu_tcp.apt_dport
71 #define aps_sel aps_un.apu_tcp.apt_sel
72 #define aps_seqoff aps_un.apu_tcp.apt_seqoff
73 #define aps_seqmin aps_un.apu_tcp.apt_seqmin
74 #define aps_state aps_un.apu_tcp.apt_state
75 #define aps_ackoff aps_un.apu_tcp.apt_ackoff
76 #define aps_ackmin aps_un.apu_tcp.apt_ackmin
77
78
79 typedef struct ap_control {
80 char apc_label[APR_LABELLEN];
81 u_char apc_p;
82 /*
83 * The following fields are upto the proxy's apr_ctl routine to deal
84 * with. When the proxy gets this in kernel space, apc_data will
85 * point to a malloc'd region of memory of apc_dsize bytes. If the
86 * proxy wants to keep that memory, it must set apc_data to NULL
87 * before it returns. It is expected if this happens that it will
88 * take care to free it in apr_fini or otherwise as appropriate.
89 * apc_cmd is provided as a standard place to put simple commands,
90 * with apc_arg being available to put a simple arg.
91 */
92 u_long apc_cmd;
93 u_long apc_arg;
94 void *apc_data;
95 size_t apc_dsize;
96 } ap_ctl_t;
97
98
99 typedef struct aproxy {
100 struct aproxy *apr_next;
101 char apr_label[APR_LABELLEN]; /* Proxy label # */
102 u_char apr_p; /* protocol */
103 int apr_ref; /* +1 per rule referencing it */
104 int apr_flags;
105 void *apr_private; /* proxy private data */
106 int (* apr_init) __P((void **, ipf_stack_t *));
107 void (* apr_fini) __P((void **, ipf_stack_t *));
108 int (* apr_new) __P((fr_info_t *, ap_session_t *, struct nat *, void *));
109 void (* apr_del) __P((ap_session_t *, void *, ipf_stack_t *));
110 int (* apr_inpkt) __P((fr_info_t *, ap_session_t *, struct nat *, void *));
111 int (* apr_outpkt) __P((fr_info_t *, ap_session_t *, struct nat *, void *));
112 int (* apr_match) __P((fr_info_t *, ap_session_t *, struct nat *, void *));
113 int (* apr_ctl) __P((struct aproxy *, struct ap_control *, void *));
114 } aproxy_t;
115
116 #define APR_DELETE 1
117
118 #define APR_ERR(x) ((x) << 16)
119 #define APR_EXIT(x) (((x) >> 16) & 0xffff)
120 #define APR_INC(x) ((x) & 0xffff)
121
122 /*
123 * Generic #define's to cover missing things in the kernel
124 */
125 #ifndef isdigit
126 #define isdigit(x) ((x) >= '0' && (x) <= '9')
127 #endif
128 #ifndef isupper
129 #define isupper(x) (((unsigned)(x) >= 'A') && ((unsigned)(x) <= 'Z'))
130 #endif
131 #ifndef islower
132 #define islower(x) (((unsigned)(x) >= 'a') && ((unsigned)(x) <= 'z'))
133 #endif
134 #ifndef isalpha
135 #define isalpha(x) (isupper(x) || islower(x))
136 #endif
137 #ifndef toupper
138 #define toupper(x) (isupper(x) ? (x) : (x) - 'a' + 'A')
139 #endif
140 #ifndef isspace
141 #define isspace(x) (((x) == ' ') || ((x) == '\r') || ((x) == '\n') || \
142 ((x) == '\t') || ((x) == '\b'))
143 #endif
144
145 /*
146 * This is the scratch buffer size used to hold strings from the TCP stream
147 * that we may want to parse. It's an arbitrary size, really, but it must
148 * be at least as large as IPF_FTPBUFSZ.
149 */
150 #define FTP_BUFSZ 120
151
152 /*
153 * This buffer, however, doesn't need to be nearly so big. It just needs to
154 * be able to squeeze in the largest command it needs to rewrite, Which ones
155 * does it rewrite? EPRT, PORT, 227 replies.
156 */
157 #define IPF_FTPBUFSZ 80 /* This *MUST* be >= 53! */
158
159 typedef struct ftpside {
160 char *ftps_rptr;
161 char *ftps_wptr;
162 void *ftps_ifp;
163 u_32_t ftps_seq[2];
164 u_32_t ftps_len;
165 int ftps_junk; /* 2 = no cr/lf yet, 1 = cannot parse */
166 int ftps_cmds;
167 char ftps_buf[FTP_BUFSZ];
168 } ftpside_t;
169
170 typedef struct ftpinfo {
171 int ftp_passok;
172 int ftp_incok;
173 ftpside_t ftp_side[2];
174 } ftpinfo_t;
175
176
177 /*
178 * For the irc proxy.
179 */
180 typedef struct ircinfo {
181 size_t irc_len;
182 char *irc_snick;
183 char *irc_dnick;
184 char *irc_type;
185 char *irc_arg;
186 char *irc_addr;
187 u_32_t irc_ipnum;
188 u_short irc_port;
189 } ircinfo_t;
190
191
192 /*
193 * Real audio proxy structure and #defines
194 */
195 typedef struct raudio_s {
196 int rap_seenpna;
197 int rap_seenver;
198 int rap_version;
199 int rap_eos; /* End Of Startup */
200 int rap_gotid;
201 int rap_gotlen;
202 int rap_mode;
203 int rap_sdone;
204 u_short rap_plport;
205 u_short rap_prport;
206 u_short rap_srport;
207 char rap_svr[19];
208 u_32_t rap_sbf; /* flag to indicate which of the 19 bytes have
209 * been filled
210 */
211 u_32_t rap_sseq;
212 } raudio_t;
213
214 #define RA_ID_END 0
215 #define RA_ID_UDP 1
216 #define RA_ID_ROBUST 7
217
218 #define RAP_M_UDP 1
219 #define RAP_M_ROBUST 2
220 #define RAP_M_TCP 4
221 #define RAP_M_UDP_ROBUST (RAP_M_UDP|RAP_M_ROBUST)
222
223
224 /*
225 * MSN RPC proxy
226 */
227 typedef struct msnrpcinfo {
228 u_int mri_flags;
229 int mri_cmd[2];
230 u_int mri_valid;
231 struct in_addr mri_raddr;
232 u_short mri_rport;
233 } msnrpcinfo_t;
234
235
236 /*
237 * IPSec proxy
238 */
239 typedef u_32_t ipsec_cookie_t[2];
240
241 typedef struct ipsec_pxy {
242 ipsec_cookie_t ipsc_icookie;
243 ipsec_cookie_t ipsc_rcookie;
244 int ipsc_rckset;
245 ipnat_t ipsc_rule;
246 nat_t *ipsc_nat;
247 struct ipstate *ipsc_state;
248 } ipsec_pxy_t;
249
250 /*
251 * PPTP proxy
252 */
253 typedef struct pptp_side {
254 u_32_t pptps_nexthdr;
255 u_32_t pptps_next;
256 int pptps_state;
257 int pptps_gothdr;
258 int pptps_len;
259 int pptps_bytes;
260 char *pptps_wptr;
261 char pptps_buffer[512];
262 } pptp_side_t;
263
264 typedef struct pptp_pxy {
265 ipnat_t pptp_rule;
266 nat_t *pptp_nat;
267 struct ipstate *pptp_state;
268 u_short pptp_call[2];
269 pptp_side_t pptp_side[2];
270 } pptp_pxy_t;
271
272
273 /*
274 * Sun RPCBIND proxy
275 */
276 #define RPCB_MAXMSG 888
277 #define RPCB_RES_PMAP 0 /* Response contains a v2 port. */
278 #define RPCB_RES_STRING 1 /* " " " v3 (GETADDR) string. */
279 #define RPCB_RES_LIST 2 /* " " " v4 (GETADDRLIST) list. */
280 #define RPCB_MAXREQS 32 /* Arbitrary limit on tracked transactions */
281
282 #define RPCB_REQMIN 40
283 #define RPCB_REQMAX 888
284 #define RPCB_REPMIN 20
285 #define RPCB_REPMAX 604 /* XXX double check this! */
286
287 /*
288 * These macros determine the number of bytes between p and the end of
289 * r->rs_buf relative to l.
290 */
291 #define RPCB_BUF_END(r) (char *)((r)->rm_msgbuf + (r)->rm_buflen)
292 #define RPCB_BUF_GEQ(r, p, l) \
293 ((RPCB_BUF_END((r)) > (char *)(p)) && \
294 ((RPCB_BUF_END((r)) - (char *)(p)) >= (l)))
295 #define RPCB_BUF_EQ(r, p, l) \
296 (RPCB_BUF_END((r)) == ((char *)(p) + (l)))
297
298 /*
299 * The following correspond to RPC(B) detailed in RFC183[13].
300 */
301 #define RPCB_CALL 0
302 #define RPCB_REPLY 1
303 #define RPCB_MSG_VERSION 2
304 #define RPCB_PROG 100000
305 #define RPCB_GETPORT 3
306 #define RPCB_GETADDR 3
307 #define RPCB_GETADDRLIST 11
308 #define RPCB_MSG_ACCEPTED 0
309 #define RPCB_MSG_DENIED 1
310
311 /* BEGIN (Generic XDR structures) */
312 typedef struct xdr_string {
313 u_32_t *xs_len;
314 char *xs_str;
315 } xdr_string_t;
316
317 typedef struct xdr_auth {
318 /* u_32_t xa_flavor; */
319 xdr_string_t xa_string;
320 } xdr_auth_t;
321
322 typedef struct xdr_uaddr {
323 u_32_t xu_ip;
324 u_short xu_port;
325 xdr_string_t xu_str;
326 } xdr_uaddr_t;
327
328 typedef struct xdr_proto {
329 u_int xp_proto;
330 xdr_string_t xp_str;
331 } xdr_proto_t;
332
333 #define xu_xslen xu_str.xs_len
334 #define xu_xsstr xu_str.xs_str
335 #define xp_xslen xp_str.xs_len
336 #define xp_xsstr xp_str.xs_str
337 /* END (Generic XDR structures) */
338
339 /* BEGIN (RPC call structures) */
340 typedef struct pmap_args {
341 /* u_32_t pa_prog; */
342 /* u_32_t pa_vers; */
343 u_32_t *pa_prot;
344 /* u_32_t pa_port; */
345 } pmap_args_t;
346
347 typedef struct rpcb_args {
348 /* u_32_t *ra_prog; */
349 /* u_32_t *ra_vers; */
350 xdr_proto_t ra_netid;
351 xdr_uaddr_t ra_maddr;
352 /* xdr_string_t ra_owner; */
353 } rpcb_args_t;
354
355 typedef struct rpc_call {
356 /* u_32_t rc_rpcvers; */
357 /* u_32_t rc_prog; */
358 u_32_t *rc_vers;
359 u_32_t *rc_proc;
360 xdr_auth_t rc_authcred;
361 xdr_auth_t rc_authverf;
362 union {
363 pmap_args_t ra_pmapargs;
364 rpcb_args_t ra_rpcbargs;
365 } rpcb_args;
366 } rpc_call_t;
367
368 #define rc_pmapargs rpcb_args.ra_pmapargs
369 #define rc_rpcbargs rpcb_args.ra_rpcbargs
370 /* END (RPC call structures) */
371
372 /* BEGIN (RPC reply structures) */
373 typedef struct rpcb_entry {
374 xdr_uaddr_t re_maddr;
375 xdr_proto_t re_netid;
376 /* u_32_t re_semantics; */
377 xdr_string_t re_family;
378 xdr_proto_t re_proto;
379 u_32_t *re_more; /* 1 == another entry follows */
380 } rpcb_entry_t;
381
382 typedef struct rpcb_listp {
383 u_32_t *rl_list; /* 1 == list follows */
384 int rl_cnt;
385 rpcb_entry_t rl_entries[2]; /* TCP / UDP only */
386 } rpcb_listp_t;
387
388 typedef struct rpc_resp {
389 /* u_32_t rr_acceptdeny; */
390 /* Omitted 'message denied' fork; we don't care about rejects. */
391 xdr_auth_t rr_authverf;
392 /* u_32_t *rr_astat; */
393 union {
394 u_32_t *resp_pmap;
395 xdr_uaddr_t resp_getaddr;
396 rpcb_listp_t resp_getaddrlist;
397 } rpcb_reply;
398 } rpc_resp_t;
399
400 #define rr_v2 rpcb_reply.resp_pmap
401 #define rr_v3 rpcb_reply.resp_getaddr
402 #define rr_v4 rpcb_reply.resp_getaddrlist
403 /* END (RPC reply structures) */
404
405 /* BEGIN (RPC message structure & macros) */
406 typedef struct rpc_msg {
407 char rm_msgbuf[RPCB_MAXMSG]; /* RPCB data buffer */
408 u_int rm_buflen;
409 u_32_t *rm_xid;
410 /* u_32_t Call vs Reply */
411 union {
412 rpc_call_t rb_call;
413 rpc_resp_t rb_resp;
414 } rm_body;
415 } rpc_msg_t;
416
417 #define rm_call rm_body.rb_call
418 #define rm_resp rm_body.rb_resp
419 /* END (RPC message structure & macros) */
420
421 /*
422 * These code paths aren't hot enough to warrant per transaction
423 * mutexes.
424 */
425 typedef struct rpcb_xact {
426 struct rpcb_xact *rx_next;
427 struct rpcb_xact **rx_pnext;
428 u_32_t rx_xid; /* RPC transmission ID */
429 u_int rx_type; /* RPCB response type */
430 u_int rx_ref; /* reference count */
431 u_int rx_proto; /* transport protocol (v2 only) */
432 } rpcb_xact_t;
433
434 typedef struct rpcb_session {
435 ipfmutex_t rs_rxlock;
436 rpcb_xact_t *rs_rxlist;
437 } rpcb_session_t;
438
439 /*
440 * For an explanation, please see the following:
441 * RFC1832 - Sections 3.11, 4.4, and 4.5.
442 */
443 #define XDRALIGN(x) ((((x) % 4) != 0) ? ((((x) + 3) / 4) * 4) : (x))
444
445 extern int appr_add __P((aproxy_t *, ipf_stack_t *));
446 extern int appr_ctl __P((ap_ctl_t *, ipf_stack_t *));
447 extern int appr_del __P((aproxy_t *, ipf_stack_t *));
448 extern int appr_init __P((ipf_stack_t *));
449 extern void appr_unload __P((ipf_stack_t *));
450 extern int appr_ok __P((fr_info_t *, tcphdr_t *, struct ipnat *));
451 extern int appr_match __P((fr_info_t *, struct nat *));
452 extern void appr_free __P((aproxy_t *));
453 extern void aps_free __P((ap_session_t *, ipf_stack_t *));
454 extern int appr_check __P((fr_info_t *, struct nat *));
455 extern aproxy_t *appr_lookup __P((u_int, char *, ipf_stack_t *));
456 extern int appr_new __P((fr_info_t *, struct nat *));
457 extern int appr_ioctl __P((caddr_t, ioctlcmd_t, int, ipf_stack_t *));
458
459 #endif /* __IP_PROXY_H__ */
Unleashed OS