1 /* $NetBSD: ip_proxy.h,v 1.19 2004/03/28 09:00:57 martti Exp $ */
2
3 /*
4 * Copyright (C) 1997-2001 by Darren Reed.
5 *
6 * See the IPFILTER.LICENCE file for details on licencing.
7 *
8 * Id: ip_proxy.h,v 2.31 2003/07/25 12:29:59 darrenr Exp
9 */
10
11 #ifndef _NETINET_IP_PROXY_H_
12 #define _NETINET_IP_PROXY_H_
13
14 #ifndef SOLARIS
15 #define SOLARIS (defined(sun) && (defined(__svr4__) || defined(__SVR4)))
16 #endif
17
18 #ifndef APR_LABELLEN
19 #define APR_LABELLEN 16
20 #endif
21 #define AP_SESS_SIZE 53
22
23 struct nat;
24 struct ipnat;
25
26 typedef struct ap_tcp {
27 u_short apt_sport; /* source port */
28 u_short apt_dport; /* destination port */
29 short apt_sel[2]; /* {seq,ack}{off,min} set selector */
30 short apt_seqoff[2]; /* sequence # difference */
31 tcp_seq apt_seqmin[2]; /* don't change seq-off until after this */
32 short apt_ackoff[2]; /* sequence # difference */
33 tcp_seq apt_ackmin[2]; /* don't change seq-off until after this */
34 u_char apt_state[2]; /* connection state */
35 } ap_tcp_t;
36
37 typedef struct ap_udp {
38 u_short apu_sport; /* source port */
39 u_short apu_dport; /* destination port */
40 } ap_udp_t;
41
42 typedef struct ap_session {
43 struct aproxy *aps_apr;
44 union {
45 struct ap_tcp apu_tcp;
46 struct ap_udp apu_udp;
47 } aps_un;
48 u_int aps_flags;
49 U_QUAD_T aps_bytes; /* bytes sent */
50 U_QUAD_T aps_pkts; /* packets sent */
51 void *aps_nat; /* pointer back to nat struct */
52 void *aps_data; /* private data */
53 int aps_p; /* protocol */
54 int aps_psiz; /* size of private data */
55 struct ap_session *aps_hnext;
56 struct ap_session *aps_next;
57 } ap_session_t;
58
59 #define aps_sport aps_un.apu_tcp.apt_sport
60 #define aps_dport aps_un.apu_tcp.apt_dport
61 #define aps_sel aps_un.apu_tcp.apt_sel
62 #define aps_seqoff aps_un.apu_tcp.apt_seqoff
63 #define aps_seqmin aps_un.apu_tcp.apt_seqmin
64 #define aps_state aps_un.apu_tcp.apt_state
65 #define aps_ackoff aps_un.apu_tcp.apt_ackoff
66 #define aps_ackmin aps_un.apu_tcp.apt_ackmin
67
68
69 typedef struct ap_control {
70 char apc_label[APR_LABELLEN];
71 u_char apc_p;
72 /*
73 * The following fields are upto the proxy's apr_ctl routine to deal
74 * with. When the proxy gets this in kernel space, apc_data will
75 * point to a malloc'd region of memory of apc_dsize bytes. If the
76 * proxy wants to keep that memory, it must set apc_data to NULL
77 * before it returns. It is expected if this happens that it will
78 * take care to free it in apr_fini or otherwise as appropriate.
79 * apc_cmd is provided as a standard place to put simple commands,
80 * with apc_arg being available to put a simple arg.
81 */
82 u_long apc_cmd;
83 u_long apc_arg;
84 void *apc_data;
85 size_t apc_dsize;
86 } ap_ctl_t;
87
88
89 typedef struct aproxy {
90 struct aproxy *apr_next;
91 char apr_label[APR_LABELLEN]; /* Proxy label # */
92 u_char apr_p; /* protocol */
93 int apr_ref; /* +1 per rule referencing it */
94 int apr_flags;
95 int (* apr_init) __P((void));
96 void (* apr_fini) __P((void));
97 int (* apr_new) __P((fr_info_t *, ap_session_t *, struct nat *));
98 void (* apr_del) __P((ap_session_t *));
99 int (* apr_inpkt) __P((fr_info_t *, ap_session_t *, struct nat *));
100 int (* apr_outpkt) __P((fr_info_t *, ap_session_t *, struct nat *));
101 int (* apr_match) __P((fr_info_t *, ap_session_t *, struct nat *));
102 int (* apr_ctl) __P((struct aproxy *, struct ap_control *));
103 } aproxy_t;
104
105 #define APR_DELETE 1
106
107 #define APR_ERR(x) ((x) << 16)
108 #define APR_EXIT(x) (((x) >> 16) & 0xffff)
109 #define APR_INC(x) ((x) & 0xffff)
110
111 /*
112 * Generic #define's to cover missing things in the kernel
113 */
114 #ifndef isdigit
115 #define isdigit(x) ((x) >= '' && (x) <= '9')
116 #endif
117 #ifndef isupper
118 #define isupper(x) (((unsigned)(x) >= 'A') && ((unsigned)(x) <= 'Z'))
119 #endif
120 #ifndef islower
121 #define islower(x) (((unsigned)(x) >= 'a') && ((unsigned)(x) <= 'z'))
122 #endif
123 #ifndef isalpha
124 #define isalpha(x) (isupper(x) || islower(x))
125 #endif
126 #ifndef toupper
127 #define toupper(x) (isupper(x) ? (x) : (x) - 'a' + 'A')
128 #endif
129 #ifndef isspace
130 #define isspace(x) (((x) == ' ') || ((x) == '\r') || ((x) == '\n') || \
131 ((x) == '\t') || ((x) == '\b'))
132 #endif
133
134 /*
135 * For the ftp proxy.
136 */
137 #define FTP_BUFSZ 160
138
139 typedef struct ftpside {
140 char *ftps_rptr;
141 char *ftps_wptr;
142 void *ftps_ifp;
143 u_32_t ftps_seq[2];
144 u_32_t ftps_len;
145 int ftps_junk;
146 int ftps_cmds;
147 char ftps_buf[FTP_BUFSZ];
148 } ftpside_t;
149
150 typedef struct ftpinfo {
151 int ftp_passok;
152 int ftp_incok;
153 ftpside_t ftp_side[2];
154 } ftpinfo_t;
155
156
157 /*
158 * For the irc proxy.
159 */
160 typedef struct ircinfo {
161 size_t irc_len;
162 char *irc_snick;
163 char *irc_dnick;
164 char *irc_type;
165 char *irc_arg;
166 char *irc_addr;
167 u_32_t irc_ipnum;
168 u_short irc_port;
169 } ircinfo_t;
170
171
172 /*
173 * Real audio proxy structure and #defines
174 */
175 typedef struct raudio_s {
176 int rap_seenpna;
177 int rap_seenver;
178 int rap_version;
179 int rap_eos; /* End Of Startup */
180 int rap_gotid;
181 int rap_gotlen;
182 int rap_mode;
183 int rap_sdone;
184 u_short rap_plport;
185 u_short rap_prport;
186 u_short rap_srport;
187 char rap_svr[19];
188 u_32_t rap_sbf; /* flag to indicate which of the 19 bytes have
189 * been filled
190 */
191 tcp_seq rap_sseq;
192 } raudio_t;
193
194 #define RA_ID_END 0
195 #define RA_ID_UDP 1
196 #define RA_ID_ROBUST 7
197
198 #define RAP_M_UDP 1
199 #define RAP_M_ROBUST 2
200 #define RAP_M_TCP 4
201 #define RAP_M_UDP_ROBUST (RAP_M_UDP|RAP_M_ROBUST)
202
203
204 typedef struct msnrpcinfo {
205 u_int mri_flags;
206 int mri_cmd[2];
207 u_int mri_valid;
208 struct in_addr mri_raddr;
209 u_short mri_rport;
210 } msnrpcinfo_t;
211
212
213 /*
214 * IPSec proxy
215 */
216 typedef u_32_t ipsec_cookie_t[2];
217
218 typedef struct ipsec_pxy {
219 ipsec_cookie_t ipsc_icookie;
220 ipsec_cookie_t ipsc_rcookie;
221 int ipsc_rckset;
222 ipnat_t ipsc_rule;
223 nat_t *ipsc_nat;
224 ipstate_t *ipsc_state;
225 } ipsec_pxy_t;
226
227 /*
228 * Sun RPCBIND proxy
229 */
230 #define RPCB_MAXMSG 888
231 #define RPCB_RES_PMAP 0 /* Response contains a v2 port. */
232 #define RPCB_RES_STRING 1 /* " " " v3 (GETADDR) string. */
233 #define RPCB_RES_LIST 2 /* " " " v4 (GETADDRLIST) list. */
234 #define RPCB_MAXREQS 32 /* Arbitrary limit on tracked transactions */
235
236 #define RPCB_REQMIN 40
237 #define RPCB_REQMAX 888
238 #define RPCB_REPMIN 20
239 #define RPCB_REPMAX 604 /* XXX double check this! */
240
241 /*
242 * These macros determine the number of bytes between p and the end of
243 * r->rs_buf relative to l.
244 */
245 #define RPCB_BUF_END(r) (char *)((r)->rm_msgbuf + (r)->rm_buflen)
246 #define RPCB_BUF_GEQ(r, p, l) \
247 ((RPCB_BUF_END((r)) > (char *)(p)) && \
248 ((RPCB_BUF_END((r)) - (char *)(p)) >= (l)))
249 #define RPCB_BUF_EQ(r, p, l) \
250 (RPCB_BUF_END((r)) == ((char *)(p) + (l)))
251
252 /*
253 * The following correspond to RPC(B) detailed in RFC183[13].
254 */
255 #define RPCB_CALL 0
256 #define RPCB_REPLY 1
257 #define RPCB_MSG_VERSION 2
258 #define RPCB_PROG 100000
259 #define RPCB_GETPORT 3
260 #define RPCB_GETADDR 3
261 #define RPCB_GETADDRLIST 11
262 #define RPCB_MSG_ACCEPTED 0
263 #define RPCB_MSG_DENIED 1
264
265 /* BEGIN (Generic XDR structures) */
266 typedef struct xdr_string {
267 u_32_t *xs_len;
268 char *xs_str;
269 } xdr_string_t;
270
271 typedef struct xdr_auth {
272 /* u_32_t xa_flavor; */
273 xdr_string_t xa_string;
274 } xdr_auth_t;
275
276 typedef struct xdr_uaddr {
277 u_32_t xu_ip;
278 u_short xu_port;
279 xdr_string_t xu_str;
280 } xdr_uaddr_t;
281
282 typedef struct xdr_proto {
283 u_int xp_proto;
284 xdr_string_t xp_str;
285 } xdr_proto_t;
286
287 #define xu_xslen xu_str.xs_len
288 #define xu_xsstr xu_str.xs_str
289 #define xp_xslen xp_str.xs_len
290 #define xp_xsstr xp_str.xs_str
291 /* END (Generic XDR structures) */
292
293 /* BEGIN (RPC call structures) */
294 typedef struct pmap_args {
295 /* u_32_t pa_prog; */
296 /* u_32_t pa_vers; */
297 u_32_t *pa_prot;
298 /* u_32_t pa_port; */
299 } pmap_args_t;
300
301 typedef struct rpcb_args {
302 /* u_32_t *ra_prog; */
303 /* u_32_t *ra_vers; */
304 xdr_proto_t ra_netid;
305 xdr_uaddr_t ra_maddr;
306 /* xdr_string_t ra_owner; */
307 } rpcb_args_t;
308
309 typedef struct rpc_call {
310 /* u_32_t rc_rpcvers; */
311 /* u_32_t rc_prog; */
312 u_32_t *rc_vers;
313 u_32_t *rc_proc;
314 xdr_auth_t rc_authcred;
315 xdr_auth_t rc_authverf;
316 union {
317 pmap_args_t ra_pmapargs;
318 rpcb_args_t ra_rpcbargs;
319 } rpcb_args;
320 } rpc_call_t;
321
322 #define rc_pmapargs rpcb_args.ra_pmapargs
323 #define rc_rpcbargs rpcb_args.ra_rpcbargs
324 /* END (RPC call structures) */
325
326 /* BEGIN (RPC reply structures) */
327 typedef struct rpcb_entry {
328 xdr_uaddr_t re_maddr;
329 xdr_proto_t re_netid;
330 /* u_32_t re_semantics; */
331 xdr_string_t re_family;
332 xdr_proto_t re_proto;
333 u_32_t *re_more; /* 1 == another entry follows */
334 } rpcb_entry_t;
335
336 typedef struct rpcb_listp {
337 u_32_t *rl_list; /* 1 == list follows */
338 int rl_cnt;
339 rpcb_entry_t rl_entries[2]; /* TCP / UDP only */
340 } rpcb_listp_t;
341
342 typedef struct rpc_resp {
343 /* u_32_t rr_acceptdeny; */
344 /* Omitted 'message denied' fork; we don't care about rejects. */
345 xdr_auth_t rr_authverf;
346 /* u_32_t *rr_astat; */
347 union {
348 u_32_t *resp_pmap;
349 xdr_uaddr_t resp_getaddr;
350 rpcb_listp_t resp_getaddrlist;
351 } rpcb_reply;
352 } rpc_resp_t;
353
354 #define rr_v2 rpcb_reply.resp_pmap
355 #define rr_v3 rpcb_reply.resp_getaddr
356 #define rr_v4 rpcb_reply.resp_getaddrlist
357 /* END (RPC reply structures) */
358
359 /* BEGIN (RPC message structure & macros) */
360 typedef struct rpc_msg {
361 char rm_msgbuf[RPCB_MAXMSG]; /* RPCB data buffer */
362 u_int rm_buflen;
363 u_32_t *rm_xid;
364 /* u_32_t Call vs Reply */
365 union {
366 rpc_call_t rb_call;
367 rpc_resp_t rb_resp;
368 } rm_body;
369 } rpc_msg_t;
370
371 #define rm_call rm_body.rb_call
372 #define rm_resp rm_body.rb_resp
373 /* END (RPC message structure & macros) */
374
375 /*
376 * These code paths aren't hot enough to warrant per transaction
377 * mutexes.
378 */
379 typedef struct rpcb_xact {
380 struct rpcb_xact *rx_next;
381 struct rpcb_xact **rx_pnext;
382 u_32_t rx_xid; /* RPC transmission ID */
383 u_int rx_type; /* RPCB response type */
384 u_int rx_ref; /* reference count */
385 u_int rx_proto; /* transport protocol (v2 only) */
386 } rpcb_xact_t;
387
388 typedef struct rpcb_session {
389 ipfmutex_t rs_rxlock;
390 rpcb_xact_t *rs_rxlist;
391 } rpcb_session_t;
392
393 /*
394 * For an explanation, please see the following:
395 * RFC1832 - Sections 3.11, 4.4, and 4.5.
396 */
397 #define XDRALIGN(x) ((((x) % 4) != 0) ? ((((x) + 3) / 4) * 4) : (x))
398
399 extern ap_session_t *ap_sess_tab[AP_SESS_SIZE];
400 extern ap_session_t *ap_sess_list;
401 extern aproxy_t ap_proxies[];
402 extern int ippr_ftp_pasvonly;
403
404 extern int appr_add __P((aproxy_t *));
405 extern int appr_ctl __P((ap_ctl_t *));
406 extern int appr_del __P((aproxy_t *));
407 extern int appr_init __P((void));
408 extern void appr_unload __P((void));
409 extern int appr_ok __P((fr_info_t *, tcphdr_t *, struct ipnat *));
410 extern int appr_match __P((fr_info_t *, struct nat *));
411 extern void appr_free __P((aproxy_t *));
412 extern void aps_free __P((ap_session_t *));
413 extern int appr_check __P((fr_info_t *, struct nat *));
414 extern aproxy_t *appr_lookup __P((u_int, char *));
415 extern int appr_new __P((fr_info_t *, struct nat *));
416 extern int appr_ioctl __P((caddr_t, ioctlcmd_t, int));
417
418 #endif /* _NETINET_IP_PROXY_H_ */
Cache object: 44fdf0b30fb182ccb6c3976f4809cfe4
|