1/*
  2 * Copyright (C) 2012 by Darren Reed.
  3 *
  4 * See the IPFILTER.LICENCE file for details on licencing.
  5 * Id: ip_proxy.h,v 2.31.2.2 2005/03/12 19:33:48 darrenr Exp
  6 */
  7
  8#ifndef	__IP_PROXY_H__
  9#define	__IP_PROXY_H__
 10
 11#ifndef	SOLARIS
 12# if defined(sun) && defined(__SVR4)
 13#  define	SOLARIS		1
 14# else
 15#  define	SOLARIS		0
 16# endif
 17#endif
 18
 19#define	SIOCPROXY	_IOWR('r', 64, struct ap_control)
 20
 21#ifndef	APR_LABELLEN
 22#define	APR_LABELLEN	16
 23#endif
 24#define	AP_SESS_SIZE	53
 25
 26struct	nat;
 27struct	ipnat;
 28struct	ipstate;
 29
 30typedef	struct	ap_tcp {
 31	u_short	apt_sport;	/* source port */
 32	u_short	apt_dport;	/* destination port */
 33	short	apt_sel[2];	/* {seq,ack}{off,min} set selector */
 34	short	apt_seqoff[2];	/* sequence # difference */
 35	u_32_t	apt_seqmin[2];	/* don't change seq-off until after this */
 36	short	apt_ackoff[2];	/* sequence # difference */
 37	u_32_t	apt_ackmin[2];	/* don't change seq-off until after this */
 38	u_char	apt_state[2];	/* connection state */
 39} ap_tcp_t;
 40
 41typedef	struct	ap_udp {
 42	u_short	apu_sport;	/* source port */
 43	u_short	apu_dport;	/* destination port */
 44} ap_udp_t;
 45
 46typedef	struct ap_session {
 47	struct	aproxy	*aps_apr;
 48	union {
 49		struct	ap_tcp	apu_tcp;
 50		struct	ap_udp	apu_udp;
 51	} aps_un;
 52	U_QUAD_T aps_bytes;	/* bytes sent */
 53	U_QUAD_T aps_pkts;	/* packets sent */
 54	void	*aps_nat;	/* pointer back to nat struct */
 55	void	*aps_data;	/* private data */
 56	int	aps_psiz;	/* size of private data */
 57	struct	ap_session	*aps_next;
 58} ap_session_t;
 59
 60#define	aps_sport	aps_un.apu_tcp.apt_sport
 61#define	aps_dport	aps_un.apu_tcp.apt_dport
 62#define	aps_sel		aps_un.apu_tcp.apt_sel
 63#define	aps_seqoff	aps_un.apu_tcp.apt_seqoff
 64#define	aps_seqmin	aps_un.apu_tcp.apt_seqmin
 65#define	aps_state	aps_un.apu_tcp.apt_state
 66#define	aps_ackoff	aps_un.apu_tcp.apt_ackoff
 67#define	aps_ackmin	aps_un.apu_tcp.apt_ackmin
 68
 69
 70typedef	struct	ap_control {
 71	char	apc_label[APR_LABELLEN];
 72	char	apc_config[APR_LABELLEN];
 73	u_char	apc_p;
 74	/*
 75	 * The following fields are upto the proxy's apr_ctl routine to deal
 76	 * with.  When the proxy gets this in kernel space, apc_data will
 77	 * point to a malloc'd region of memory of apc_dsize bytes.  If the
 78	 * proxy wants to keep that memory, it must set apc_data to NULL
 79	 * before it returns.  It is expected if this happens that it will
 80	 * take care to free it in apr_fini or otherwise as appropriate.
 81	 * apc_cmd is provided as a standard place to put simple commands,
 82	 * with apc_arg being available to put a simple arg.
 83	 */
 84	u_long	apc_cmd;
 85	u_long	apc_arg;
 86	void	*apc_data;
 87	size_t	apc_dsize;
 88} ap_ctl_t;
 89
 90#define	APC_CMD_ADD	0
 91#define	APC_CMD_DEL	1
 92
 93
 94typedef	struct	aproxy	{
 95	struct	aproxy	*apr_next;
 96	struct	aproxy	*apr_parent;
 97	char	apr_label[APR_LABELLEN];	/* Proxy label # */
 98	u_char	apr_p;				/* protocol */
 99	int	apr_flags;
100	int	apr_ref;
101	int	apr_clones;
102	void	(* apr_load)(void);
103	void	(* apr_unload)(void);
104	void	*(* apr_create)(ipf_main_softc_t *);
105	void	(* apr_destroy)(ipf_main_softc_t *, void *);
106	int	(* apr_init)(ipf_main_softc_t *, void *);
107	void	(* apr_fini)(ipf_main_softc_t *, void *);
108	int	(* apr_new)(void *, fr_info_t *, ap_session_t *,
109				 struct nat *);
110	void	(* apr_del)(ipf_main_softc_t *, ap_session_t *);
111	int	(* apr_inpkt)(void *, fr_info_t *, ap_session_t *,
112				   struct nat *);
113	int	(* apr_outpkt)(void *, fr_info_t *, ap_session_t *,
114				    struct nat *);
115	int	(* apr_match)(fr_info_t *, ap_session_t *, struct nat *);
116	int	(* apr_ctl)(ipf_main_softc_t *, void *, ap_ctl_t *);
117	int	(* apr_clear)(struct aproxy *);
118	int	(* apr_flush)(struct aproxy *, int);
119	void	*apr_soft;
120} aproxy_t;
121
122#define	APR_DELETE	1
123
124#define	APR_ERR(x)	((x) << 16)
125#define	APR_EXIT(x)	(((x) >> 16) & 0xffff)
126#define	APR_INC(x)	((x) & 0xffff)
127
128
129#ifdef _KERNEL
130/*
131 * Generic #define's to cover missing things in the kernel
132 */
133# ifndef isdigit
134#  define isdigit(x)	((x) >= '0' && (x) <= '9')
135# endif
136# ifndef isupper
137#  define isupper(x)	(((unsigned)(x) >= 'A') && ((unsigned)(x) <= 'Z'))
138# endif
139# ifndef islower
140#  define islower(x)	(((unsigned)(x) >= 'a') && ((unsigned)(x) <= 'z'))
141# endif
142# ifndef isalpha
143#  define isalpha(x)	(isupper(x) || islower(x))
144# endif
145# ifndef toupper
146#  define toupper(x)	(isupper(x) ? (x) : (x) - 'a' + 'A')
147# endif
148# ifndef isspace
149#  define isspace(x)	(((x) == ' ') || ((x) == '\r') || ((x) == '\n') || \
150			 ((x) == '\t') || ((x) == '\b'))
151# endif
152#endif /* _KERNEL */
153
154/*
155 * For the ftp proxy.
156 */
157#define	FTP_BUFSZ	160
158#define	IPF_FTPBUFSZ	160
159
160typedef struct  ftpside {
161	char	*ftps_rptr;
162	char	*ftps_wptr;
163	void	*ftps_ifp;
164	u_32_t	ftps_seq[2];
165	u_32_t	ftps_len;
166	int	ftps_junk;
167	int	ftps_cmds;
168	int	ftps_cmd;
169	char	ftps_buf[FTP_BUFSZ];
170} ftpside_t;
171
172typedef struct  ftpinfo {
173	int 	  	ftp_passok;
174	int		ftp_incok;
175	void		*ftp_pendstate;
176	nat_t		*ftp_pendnat;
177	ftpside_t	ftp_side[2];
178} ftpinfo_t;
179
180
181/*
182 * IPsec proxy
183 */
184typedef u_32_t		ipsec_cookie_t[2];
185
186typedef struct ipsec_pxy {
187	ipsec_cookie_t	ipsc_icookie;
188	ipsec_cookie_t	ipsc_rcookie;
189	int		ipsc_rckset;
190	nat_t		*ipsc_nat;
191	struct ipstate	*ipsc_state;
192	ipnat_t		*ipsc_rule;
193} ipsec_pxy_t;
194
195
196/*
197 * For the irc proxy.
198 */
199typedef	struct	ircinfo {
200	size_t	irc_len;
201	char	*irc_snick;
202	char	*irc_dnick;
203	char	*irc_type;
204	char	*irc_arg;
205	char	*irc_addr;
206	u_32_t	irc_ipnum;
207	u_short	irc_port;
208} ircinfo_t;
209
210
211/*
212 * For the DNS "proxy"
213 */
214typedef struct dnsinfo {
215	ipfmutex_t	dnsi_lock;
216	u_short		dnsi_id;
217	char		dnsi_buffer[512];
218} dnsinfo_t;
219
220
221/*
222 * Real audio proxy structure and #defines
223 */
224typedef	struct	raudio_s {
225	int	rap_seenpna;
226	int	rap_seenver;
227	int	rap_version;
228	int	rap_eos;	/* End Of Startup */
229	int	rap_gotid;
230	int	rap_gotlen;
231	int	rap_mode;
232	int	rap_sdone;
233	u_short	rap_plport;
234	u_short	rap_prport;
235	u_short	rap_srport;
236	char	rap_svr[19];
237	u_32_t	rap_sbf;	/* flag to indicate which of the 19 bytes have
238				 * been filled
239				 */
240	u_32_t	rap_sseq;
241} raudio_t;
242
243#define	RA_ID_END	0
244#define	RA_ID_UDP	1
245#define	RA_ID_ROBUST	7
246
247#define	RAP_M_UDP	1
248#define	RAP_M_ROBUST	2
249#define	RAP_M_TCP	4
250#define	RAP_M_UDP_ROBUST	(RAP_M_UDP|RAP_M_ROBUST)
251
252
253/*
254 * MSN RPC proxy
255 */
256typedef	struct	msnrpcinfo	{
257	u_int		mri_flags;
258	int		mri_cmd[2];
259	u_int		mri_valid;
260	struct	in_addr	mri_raddr;
261	u_short		mri_rport;
262} msnrpcinfo_t;
263
264
265/*
266 * Sun RPCBIND proxy
267 */
268#define RPCB_MAXMSG	888
269#define RPCB_RES_PMAP	0	/* Response contains a v2 port. */
270#define RPCB_RES_STRING	1	/* " " " v3 (GETADDR) string. */
271#define RPCB_RES_LIST	2	/* " " " v4 (GETADDRLIST) list. */
272#define RPCB_MAXREQS	32	/* Arbitrary limit on tracked transactions */
273
274#define RPCB_REQMIN	40
275#define RPCB_REQMAX	888
276#define RPCB_REPMIN	20
277#define	RPCB_REPMAX	604	/* XXX double check this! */
278
279/*
280 * These macros determine the number of bytes between p and the end of
281 * r->rs_buf relative to l.
282 */
283#define RPCB_BUF_END(r) (char *)((r)->rm_msgbuf + (r)->rm_buflen)
284#define RPCB_BUF_GEQ(r, p, l)   \
285	((RPCB_BUF_END((r)) > (char *)(p)) &&           \
286	 ((RPCB_BUF_END((r)) - (char *)(p)) >= (l)))
287#define	RPCB_BUF_EQ(r, p, l)                            \
288	(RPCB_BUF_END((r)) == ((char *)(p) + (l)))
289
290/*
291 * The following correspond to RPC(B) detailed in RFC183[13].
292 */
293#define RPCB_CALL		0
294#define RPCB_REPLY		1
295#define RPCB_MSG_VERSION	2
296#define RPCB_PROG		100000
297#define RPCB_GETPORT		3
298#define RPCB_GETADDR		3
299#define RPCB_GETADDRLIST	11
300#define RPCB_MSG_ACCEPTED	0
301#define RPCB_MSG_DENIED		1
302
303/* BEGIN (Generic XDR structures) */
304typedef struct xdr_string {
305	u_32_t	*xs_len;
306	char	*xs_str;
307} xdr_string_t;
308
309typedef struct xdr_auth {
310	/* u_32_t	xa_flavor; */
311	xdr_string_t	xa_string;
312} xdr_auth_t;
313
314typedef struct xdr_uaddr {
315	u_32_t		xu_ip;
316	u_short         xu_port;
317	xdr_string_t	xu_str;
318} xdr_uaddr_t;
319
320typedef	struct xdr_proto {
321	u_int		xp_proto;
322	xdr_string_t	xp_str;
323} xdr_proto_t;
324
325#define xu_xslen	xu_str.xs_len
326#define xu_xsstr	xu_str.xs_str
327#define	xp_xslen	xp_str.xs_len
328#define xp_xsstr	xp_str.xs_str
329/* END (Generic XDR structures) */
330
331/* BEGIN (RPC call structures) */
332typedef struct pmap_args {
333	/* u_32_t	pa_prog; */
334	/* u_32_t	pa_vers; */
335	u_32_t		*pa_prot;
336	/* u_32_t	pa_port; */
337} pmap_args_t;
338
339typedef struct rpcb_args {
340	/* u_32_t	*ra_prog; */
341	/* u_32_t	*ra_vers; */
342	xdr_proto_t	ra_netid;
343	xdr_uaddr_t	ra_maddr;
344	/* xdr_string_t	ra_owner; */
345} rpcb_args_t;
346
347typedef struct rpc_call {
348	/* u_32_t	rc_rpcvers; */
349	/* u_32_t	rc_prog; */
350	u_32_t	*rc_vers;
351	u_32_t	*rc_proc;
352	xdr_auth_t	rc_authcred;
353	xdr_auth_t	rc_authverf;
354	union {
355		pmap_args_t	ra_pmapargs;
356		rpcb_args_t	ra_rpcbargs;
357	} rpcb_args;
358} rpc_call_t;
359
360#define	rc_pmapargs	rpcb_args.ra_pmapargs
361#define rc_rpcbargs	rpcb_args.ra_rpcbargs
362/* END (RPC call structures) */
363
364/* BEGIN (RPC reply structures) */
365typedef struct rpcb_entry {
366	xdr_uaddr_t	re_maddr;
367	xdr_proto_t	re_netid;
368	/* u_32_t	re_semantics; */
369	xdr_string_t	re_family;
370	xdr_proto_t	re_proto;
371	u_32_t		*re_more; /* 1 == another entry follows */
372} rpcb_entry_t;
373
374typedef struct rpcb_listp {
375	u_32_t		*rl_list; /* 1 == list follows */
376	int		rl_cnt;
377	rpcb_entry_t	rl_entries[2]; /* TCP / UDP only */
378} rpcb_listp_t;
379
380typedef struct rpc_resp {
381	/* u_32_t	rr_acceptdeny; */
382	/* Omitted 'message denied' fork; we don't care about rejects. */
383	xdr_auth_t	rr_authverf;
384	/* u_32_t		*rr_astat;	*/
385	union {
386		u_32_t		*resp_pmap;
387		xdr_uaddr_t	resp_getaddr;
388		rpcb_listp_t	resp_getaddrlist;
389	} rpcb_reply;
390} rpc_resp_t;
391
392#define	rr_v2	rpcb_reply.resp_pmap
393#define rr_v3	rpcb_reply.resp_getaddr
394#define	rr_v4	rpcb_reply.resp_getaddrlist
395/* END (RPC reply structures) */
396
397/* BEGIN (RPC message structure & macros) */
398typedef struct rpc_msg {
399	char	rm_msgbuf[RPCB_MAXMSG];	/* RPCB data buffer */
400	u_int	rm_buflen;
401	u_32_t	*rm_xid;
402	/* u_32_t Call vs Reply */
403	union {
404		rpc_call_t	rb_call;
405		rpc_resp_t	rb_resp;
406	} rm_body;
407} rpc_msg_t;
408
409#define rm_call		rm_body.rb_call
410#define rm_resp		rm_body.rb_resp
411/* END (RPC message structure & macros) */
412
413/*
414 * These code paths aren't hot enough to warrant per transaction
415 * mutexes.
416 */
417typedef struct rpcb_xact {
418	struct	rpcb_xact	*rx_next;
419	struct	rpcb_xact	**rx_pnext;
420	u_32_t	rx_xid;		/* RPC transmission ID */
421	u_int	rx_type;	/* RPCB response type */
422	u_int	rx_ref;         /* reference count */
423	u_int	rx_proto;	/* transport protocol (v2 only) */
424} rpcb_xact_t;
425
426typedef struct rpcb_session {
427	ipfmutex_t	rs_rxlock;
428	rpcb_xact_t	*rs_rxlist;
429} rpcb_session_t;
430
431/*
432 * For an explanation, please see the following:
433 *   RFC1832 - Sections 3.11, 4.4, and 4.5.
434 */
435#define XDRALIGN(x)	((((x) % 4) != 0) ? ((((x) + 3) / 4) * 4) : (x))
436
437extern	int	ipf_proxy_add(void *, aproxy_t *);
438extern	int	ipf_proxy_check(fr_info_t *, struct nat *);
439extern	int	ipf_proxy_ctl(ipf_main_softc_t *, void *, ap_ctl_t *);
440extern	int	ipf_proxy_del(aproxy_t *);
441extern	void	ipf_proxy_deref(aproxy_t *);
442extern	void	ipf_proxy_flush(void *, int);
443extern	int	ipf_proxy_init(void);
444extern	int	ipf_proxy_ioctl(ipf_main_softc_t *, caddr_t, ioctlcmd_t, int, void *);
445extern	aproxy_t	*ipf_proxy_lookup(void *, u_int, char *);
446extern	int	ipf_proxy_match(fr_info_t *, struct nat *);
447extern	int	ipf_proxy_new(fr_info_t *, struct nat *);
448extern	int	ipf_proxy_ok(fr_info_t *, tcphdr_t *, struct ipnat *);
449extern	void	ipf_proxy_free(ipf_main_softc_t *, ap_session_t *);
450extern	int	ipf_proxy_main_load(void);
451extern	int	ipf_proxy_main_unload(void);
452extern	ipnat_t	*ipf_proxy_rule_fwd(nat_t *);
453extern	ipnat_t	*ipf_proxy_rule_rev(nat_t *);
454extern	void	*ipf_proxy_soft_create(ipf_main_softc_t *);
455extern	void	ipf_proxy_soft_destroy(ipf_main_softc_t *, void *);
456extern	int	ipf_proxy_soft_init(ipf_main_softc_t *, void *);
457extern	int	ipf_proxy_soft_fini(ipf_main_softc_t *, void *);
458
459#endif /* __IP_PROXY_H__ */