2 * Copyright (C) 1997-2001 by Darren Reed.
4 * See the IPFILTER.LICENCE file for details on licencing.
6 * $Id: ip_proxy.h,v 2.31.2.3 2005/06/18 02:41:33 darrenr Exp $
8 * Copyright 2007 Sun Microsystems, Inc. All rights reserved.
9 * Use is subject to license terms.
12 #pragma ident "%Z%%M% %I% %E% SMI"
14 #ifndef __IP_PROXY_H__
15 #define __IP_PROXY_H__
18 #define SOLARIS (defined(sun) && (defined(__svr4__) || defined(__SVR4)))
21 #if defined(__STDC__) || defined(__GNUC__) || defined(_AIX51)
22 #define SIOCPROXY _IOWR('r', 64, struct ap_control)
24 #define SIOCPROXY _IOWR(r, 64, struct ap_control)
28 #define APR_LABELLEN 16
30 #define AP_SESS_SIZE 53
36 typedef struct ap_tcp
{
37 u_short apt_sport
; /* source port */
38 u_short apt_dport
; /* destination port */
39 short apt_sel
[2]; /* {seq,ack}{off,min} set selector */
40 short apt_seqoff
[2]; /* sequence # difference */
41 u_32_t apt_seqmin
[2]; /* don't change seq-off until after this */
42 short apt_ackoff
[2]; /* sequence # difference */
43 u_32_t apt_ackmin
[2]; /* don't change seq-off until after this */
44 u_char apt_state
[2]; /* connection state */
47 typedef struct ap_udp
{
48 u_short apu_sport
; /* source port */
49 u_short apu_dport
; /* destination port */
52 typedef struct ap_session
{
53 struct aproxy
*aps_apr
;
55 struct ap_tcp apu_tcp
;
56 struct ap_udp apu_udp
;
59 U_QUAD_T aps_bytes
; /* bytes sent */
60 U_QUAD_T aps_pkts
; /* packets sent */
61 void *aps_nat
; /* pointer back to nat struct */
62 void *aps_data
; /* private data */
63 int aps_p
; /* protocol */
64 int aps_psiz
; /* size of private data */
65 struct ap_session
*aps_hnext
;
66 struct ap_session
*aps_next
;
69 #define aps_sport aps_un.apu_tcp.apt_sport
70 #define aps_dport aps_un.apu_tcp.apt_dport
71 #define aps_sel aps_un.apu_tcp.apt_sel
72 #define aps_seqoff aps_un.apu_tcp.apt_seqoff
73 #define aps_seqmin aps_un.apu_tcp.apt_seqmin
74 #define aps_state aps_un.apu_tcp.apt_state
75 #define aps_ackoff aps_un.apu_tcp.apt_ackoff
76 #define aps_ackmin aps_un.apu_tcp.apt_ackmin
79 typedef struct ap_control
{
80 char apc_label
[APR_LABELLEN
];
83 * The following fields are upto the proxy's apr_ctl routine to deal
84 * with. When the proxy gets this in kernel space, apc_data will
85 * point to a malloc'd region of memory of apc_dsize bytes. If the
86 * proxy wants to keep that memory, it must set apc_data to NULL
87 * before it returns. It is expected if this happens that it will
88 * take care to free it in apr_fini or otherwise as appropriate.
89 * apc_cmd is provided as a standard place to put simple commands,
90 * with apc_arg being available to put a simple arg.
99 typedef struct aproxy
{
100 struct aproxy
*apr_next
;
101 char apr_label
[APR_LABELLEN
]; /* Proxy label # */
102 u_char apr_p
; /* protocol */
103 int apr_ref
; /* +1 per rule referencing it */
105 void *apr_private
; /* proxy private data */
106 int (* apr_init
) __P((void **, ipf_stack_t
*));
107 void (* apr_fini
) __P((void **, ipf_stack_t
*));
108 int (* apr_new
) __P((fr_info_t
*, ap_session_t
*, struct nat
*, void *));
109 void (* apr_del
) __P((ap_session_t
*, void *, ipf_stack_t
*));
110 int (* apr_inpkt
) __P((fr_info_t
*, ap_session_t
*, struct nat
*, void *));
111 int (* apr_outpkt
) __P((fr_info_t
*, ap_session_t
*, struct nat
*, void *));
112 int (* apr_match
) __P((fr_info_t
*, ap_session_t
*, struct nat
*, void *));
113 int (* apr_ctl
) __P((struct aproxy
*, struct ap_control
*, void *));
118 #define APR_ERR(x) ((x) << 16)
119 #define APR_EXIT(x) (((x) >> 16) & 0xffff)
120 #define APR_INC(x) ((x) & 0xffff)
123 * Generic #define's to cover missing things in the kernel
126 #define isdigit(x) ((x) >= '0' && (x) <= '9')
129 #define isupper(x) (((unsigned)(x) >= 'A') && ((unsigned)(x) <= 'Z'))
132 #define islower(x) (((unsigned)(x) >= 'a') && ((unsigned)(x) <= 'z'))
135 #define isalpha(x) (isupper(x) || islower(x))
138 #define toupper(x) (isupper(x) ? (x) : (x) - 'a' + 'A')
141 #define isspace(x) (((x) == ' ') || ((x) == '\r') || ((x) == '\n') || \
142 ((x) == '\t') || ((x) == '\b'))
146 * This is the scratch buffer size used to hold strings from the TCP stream
147 * that we may want to parse. It's an arbitrary size, really, but it must
148 * be at least as large as IPF_FTPBUFSZ.
150 #define FTP_BUFSZ 120
153 * This buffer, however, doesn't need to be nearly so big. It just needs to
154 * be able to squeeze in the largest command it needs to rewrite, Which ones
155 * does it rewrite? EPRT, PORT, 227 replies.
157 #define IPF_FTPBUFSZ 80 /* This *MUST* be >= 53! */
159 typedef struct ftpside
{
165 int ftps_junk
; /* 2 = no cr/lf yet, 1 = cannot parse */
167 char ftps_buf
[FTP_BUFSZ
];
170 typedef struct ftpinfo
{
173 ftpside_t ftp_side
[2];
180 typedef struct ircinfo
{
193 * Real audio proxy structure and #defines
195 typedef struct raudio_s
{
199 int rap_eos
; /* End Of Startup */
208 u_32_t rap_sbf
; /* flag to indicate which of the 19 bytes have
216 #define RA_ID_ROBUST 7
219 #define RAP_M_ROBUST 2
221 #define RAP_M_UDP_ROBUST (RAP_M_UDP|RAP_M_ROBUST)
227 typedef struct msnrpcinfo
{
231 struct in_addr mri_raddr
;
239 typedef u_32_t ipsec_cookie_t
[2];
241 typedef struct ipsec_pxy
{
242 ipsec_cookie_t ipsc_icookie
;
243 ipsec_cookie_t ipsc_rcookie
;
247 struct ipstate
*ipsc_state
;
253 typedef struct pptp_side
{
254 u_32_t pptps_nexthdr
;
261 char pptps_buffer
[512];
264 typedef struct pptp_pxy
{
267 struct ipstate
*pptp_state
;
268 u_short pptp_call
[2];
269 pptp_side_t pptp_side
[2];
276 #define RPCB_MAXMSG 888
277 #define RPCB_RES_PMAP 0 /* Response contains a v2 port. */
278 #define RPCB_RES_STRING 1 /* " " " v3 (GETADDR) string. */
279 #define RPCB_RES_LIST 2 /* " " " v4 (GETADDRLIST) list. */
280 #define RPCB_MAXREQS 32 /* Arbitrary limit on tracked transactions */
282 #define RPCB_REQMIN 40
283 #define RPCB_REQMAX 888
284 #define RPCB_REPMIN 20
285 #define RPCB_REPMAX 604 /* XXX double check this! */
288 * These macros determine the number of bytes between p and the end of
289 * r->rs_buf relative to l.
291 #define RPCB_BUF_END(r) (char *)((r)->rm_msgbuf + (r)->rm_buflen)
292 #define RPCB_BUF_GEQ(r, p, l) \
293 ((RPCB_BUF_END((r)) > (char *)(p)) && \
294 ((RPCB_BUF_END((r)) - (char *)(p)) >= (l)))
295 #define RPCB_BUF_EQ(r, p, l) \
296 (RPCB_BUF_END((r)) == ((char *)(p) + (l)))
299 * The following correspond to RPC(B) detailed in RFC183[13].
303 #define RPCB_MSG_VERSION 2
304 #define RPCB_PROG 100000
305 #define RPCB_GETPORT 3
306 #define RPCB_GETADDR 3
307 #define RPCB_GETADDRLIST 11
308 #define RPCB_MSG_ACCEPTED 0
309 #define RPCB_MSG_DENIED 1
311 /* BEGIN (Generic XDR structures) */
312 typedef struct xdr_string
{
317 typedef struct xdr_auth
{
318 /* u_32_t xa_flavor; */
319 xdr_string_t xa_string
;
322 typedef struct xdr_uaddr
{
328 typedef struct xdr_proto
{
333 #define xu_xslen xu_str.xs_len
334 #define xu_xsstr xu_str.xs_str
335 #define xp_xslen xp_str.xs_len
336 #define xp_xsstr xp_str.xs_str
337 /* END (Generic XDR structures) */
339 /* BEGIN (RPC call structures) */
340 typedef struct pmap_args
{
341 /* u_32_t pa_prog; */
342 /* u_32_t pa_vers; */
344 /* u_32_t pa_port; */
347 typedef struct rpcb_args
{
348 /* u_32_t *ra_prog; */
349 /* u_32_t *ra_vers; */
350 xdr_proto_t ra_netid
;
351 xdr_uaddr_t ra_maddr
;
352 /* xdr_string_t ra_owner; */
355 typedef struct rpc_call
{
356 /* u_32_t rc_rpcvers; */
357 /* u_32_t rc_prog; */
360 xdr_auth_t rc_authcred
;
361 xdr_auth_t rc_authverf
;
363 pmap_args_t ra_pmapargs
;
364 rpcb_args_t ra_rpcbargs
;
368 #define rc_pmapargs rpcb_args.ra_pmapargs
369 #define rc_rpcbargs rpcb_args.ra_rpcbargs
370 /* END (RPC call structures) */
372 /* BEGIN (RPC reply structures) */
373 typedef struct rpcb_entry
{
374 xdr_uaddr_t re_maddr
;
375 xdr_proto_t re_netid
;
376 /* u_32_t re_semantics; */
377 xdr_string_t re_family
;
378 xdr_proto_t re_proto
;
379 u_32_t
*re_more
; /* 1 == another entry follows */
382 typedef struct rpcb_listp
{
383 u_32_t
*rl_list
; /* 1 == list follows */
385 rpcb_entry_t rl_entries
[2]; /* TCP / UDP only */
388 typedef struct rpc_resp
{
389 /* u_32_t rr_acceptdeny; */
390 /* Omitted 'message denied' fork; we don't care about rejects. */
391 xdr_auth_t rr_authverf
;
392 /* u_32_t *rr_astat; */
395 xdr_uaddr_t resp_getaddr
;
396 rpcb_listp_t resp_getaddrlist
;
400 #define rr_v2 rpcb_reply.resp_pmap
401 #define rr_v3 rpcb_reply.resp_getaddr
402 #define rr_v4 rpcb_reply.resp_getaddrlist
403 /* END (RPC reply structures) */
405 /* BEGIN (RPC message structure & macros) */
406 typedef struct rpc_msg
{
407 char rm_msgbuf
[RPCB_MAXMSG
]; /* RPCB data buffer */
410 /* u_32_t Call vs Reply */
417 #define rm_call rm_body.rb_call
418 #define rm_resp rm_body.rb_resp
419 /* END (RPC message structure & macros) */
422 * These code paths aren't hot enough to warrant per transaction
425 typedef struct rpcb_xact
{
426 struct rpcb_xact
*rx_next
;
427 struct rpcb_xact
**rx_pnext
;
428 u_32_t rx_xid
; /* RPC transmission ID */
429 u_int rx_type
; /* RPCB response type */
430 u_int rx_ref
; /* reference count */
431 u_int rx_proto
; /* transport protocol (v2 only) */
434 typedef struct rpcb_session
{
435 ipfmutex_t rs_rxlock
;
436 rpcb_xact_t
*rs_rxlist
;
440 * For an explanation, please see the following:
441 * RFC1832 - Sections 3.11, 4.4, and 4.5.
443 #define XDRALIGN(x) ((((x) % 4) != 0) ? ((((x) + 3) / 4) * 4) : (x))
445 extern int appr_add
__P((aproxy_t
*, ipf_stack_t
*));
446 extern int appr_ctl
__P((ap_ctl_t
*, ipf_stack_t
*));
447 extern int appr_del
__P((aproxy_t
*, ipf_stack_t
*));
448 extern int appr_init
__P((ipf_stack_t
*));
449 extern void appr_unload
__P((ipf_stack_t
*));
450 extern int appr_ok
__P((fr_info_t
*, tcphdr_t
*, struct ipnat
*));
451 extern int appr_match
__P((fr_info_t
*, struct nat
*));
452 extern void appr_free
__P((aproxy_t
*));
453 extern void aps_free
__P((ap_session_t
*, ipf_stack_t
*));
454 extern int appr_check
__P((fr_info_t
*, struct nat
*));
455 extern aproxy_t
*appr_lookup
__P((u_int
, char *, ipf_stack_t
*));
456 extern int appr_new
__P((fr_info_t
*, struct nat
*));
457 extern int appr_ioctl
__P((caddr_t
, ioctlcmd_t
, int, ipf_stack_t
*));
459 #endif /* __IP_PROXY_H__ */