1 /* 2 * Copyright (C) 1997-2001 by Darren Reed. 3 * 4 * See the IPFILTER.LICENCE file for details on licencing. 5 * 6 * $Id: ip_proxy.h,v 2.31.2.3 2005/06/18 02:41:33 darrenr Exp $ 7 * 8 * Copyright 2007 Sun Microsystems, Inc. All rights reserved. 9 * Use is subject to license terms. 10 */ 11 12 #pragma ident "%Z%%M% %I% %E% SMI" 13 14 #ifndef __IP_PROXY_H__ 15 #define __IP_PROXY_H__ 16 17 #ifndef SOLARIS 18 #define SOLARIS (defined(sun) && (defined(__svr4__) || defined(__SVR4))) 19 #endif 20 21 #if defined(__STDC__) || defined(__GNUC__) || defined(_AIX51) 22 #define SIOCPROXY _IOWR('r', 64, struct ap_control) 23 #else 24 #define SIOCPROXY _IOWR(r, 64, struct ap_control) 25 #endif 26 27 #ifndef APR_LABELLEN 28 #define APR_LABELLEN 16 29 #endif 30 #define AP_SESS_SIZE 53 31 32 struct nat; 33 struct ipnat; 34 struct ipstate; 35 36 typedef struct ap_tcp { 37 u_short apt_sport; /* source port */ 38 u_short apt_dport; /* destination port */ 39 short apt_sel[2]; /* {seq,ack}{off,min} set selector */ 40 short apt_seqoff[2]; /* sequence # difference */ 41 u_32_t apt_seqmin[2]; /* don't change seq-off until after this */ 42 short apt_ackoff[2]; /* sequence # difference */ 43 u_32_t apt_ackmin[2]; /* don't change seq-off until after this */ 44 u_char apt_state[2]; /* connection state */ 45 } ap_tcp_t; 46 47 typedef struct ap_udp { 48 u_short apu_sport; /* source port */ 49 u_short apu_dport; /* destination port */ 50 } ap_udp_t; 51 52 typedef struct ap_session { 53 struct aproxy *aps_apr; 54 union { 55 struct ap_tcp apu_tcp; 56 struct ap_udp apu_udp; 57 } aps_un; 58 u_int aps_flags; 59 U_QUAD_T aps_bytes; /* bytes sent */ 60 U_QUAD_T aps_pkts; /* packets sent */ 61 void *aps_nat; /* pointer back to nat struct */ 62 void *aps_data; /* private data */ 63 int aps_p; /* protocol */ 64 int aps_psiz; /* size of private data */ 65 struct ap_session *aps_hnext; 66 struct ap_session *aps_next; 67 } ap_session_t; 68 69 #define aps_sport aps_un.apu_tcp.apt_sport 70 #define aps_dport aps_un.apu_tcp.apt_dport 71 #define aps_sel aps_un.apu_tcp.apt_sel 72 #define aps_seqoff aps_un.apu_tcp.apt_seqoff 73 #define aps_seqmin aps_un.apu_tcp.apt_seqmin 74 #define aps_state aps_un.apu_tcp.apt_state 75 #define aps_ackoff aps_un.apu_tcp.apt_ackoff 76 #define aps_ackmin aps_un.apu_tcp.apt_ackmin 77 78 79 typedef struct ap_control { 80 char apc_label[APR_LABELLEN]; 81 u_char apc_p; 82 /* 83 * The following fields are upto the proxy's apr_ctl routine to deal 84 * with. When the proxy gets this in kernel space, apc_data will 85 * point to a malloc'd region of memory of apc_dsize bytes. If the 86 * proxy wants to keep that memory, it must set apc_data to NULL 87 * before it returns. It is expected if this happens that it will 88 * take care to free it in apr_fini or otherwise as appropriate. 89 * apc_cmd is provided as a standard place to put simple commands, 90 * with apc_arg being available to put a simple arg. 91 */ 92 u_long apc_cmd; 93 u_long apc_arg; 94 void *apc_data; 95 size_t apc_dsize; 96 } ap_ctl_t; 97 98 99 typedef struct aproxy { 100 struct aproxy *apr_next; 101 char apr_label[APR_LABELLEN]; /* Proxy label # */ 102 u_char apr_p; /* protocol */ 103 int apr_ref; /* +1 per rule referencing it */ 104 int apr_flags; 105 void *apr_private; /* proxy private data */ 106 int (* apr_init) __P((void **, ipf_stack_t *)); 107 void (* apr_fini) __P((void **, ipf_stack_t *)); 108 int (* apr_new) __P((fr_info_t *, ap_session_t *, struct nat *, void *)); 109 void (* apr_del) __P((ap_session_t *, void *, ipf_stack_t *)); 110 int (* apr_inpkt) __P((fr_info_t *, ap_session_t *, struct nat *, void *)); 111 int (* apr_outpkt) __P((fr_info_t *, ap_session_t *, struct nat *, void *)); 112 int (* apr_match) __P((fr_info_t *, ap_session_t *, struct nat *, void *)); 113 int (* apr_ctl) __P((struct aproxy *, struct ap_control *, void *)); 114 } aproxy_t; 115 116 #define APR_DELETE 1 117 118 #define APR_ERR(x) ((x) << 16) 119 #define APR_EXIT(x) (((x) >> 16) & 0xffff) 120 #define APR_INC(x) ((x) & 0xffff) 121 122 /* 123 * Generic #define's to cover missing things in the kernel 124 */ 125 #ifndef isdigit 126 #define isdigit(x) ((x) >= '0' && (x) <= '9') 127 #endif 128 #ifndef isupper 129 #define isupper(x) (((unsigned)(x) >= 'A') && ((unsigned)(x) <= 'Z')) 130 #endif 131 #ifndef islower 132 #define islower(x) (((unsigned)(x) >= 'a') && ((unsigned)(x) <= 'z')) 133 #endif 134 #ifndef isalpha 135 #define isalpha(x) (isupper(x) || islower(x)) 136 #endif 137 #ifndef toupper 138 #define toupper(x) (isupper(x) ? (x) : (x) - 'a' + 'A') 139 #endif 140 #ifndef isspace 141 #define isspace(x) (((x) == ' ') || ((x) == '\r') || ((x) == '\n') || \ 142 ((x) == '\t') || ((x) == '\b')) 143 #endif 144 145 /* 146 * This is the scratch buffer size used to hold strings from the TCP stream 147 * that we may want to parse. It's an arbitrary size, really, but it must 148 * be at least as large as IPF_FTPBUFSZ. 149 */ 150 #define FTP_BUFSZ 120 151 152 /* 153 * This buffer, however, doesn't need to be nearly so big. It just needs to 154 * be able to squeeze in the largest command it needs to rewrite, Which ones 155 * does it rewrite? EPRT, PORT, 227 replies. 156 */ 157 #define IPF_FTPBUFSZ 80 /* This *MUST* be >= 53! */ 158 159 typedef struct ftpside { 160 char *ftps_rptr; 161 char *ftps_wptr; 162 void *ftps_ifp; 163 u_32_t ftps_seq[2]; 164 u_32_t ftps_len; 165 int ftps_junk; /* 2 = no cr/lf yet, 1 = cannot parse */ 166 int ftps_cmds; 167 char ftps_buf[FTP_BUFSZ]; 168 } ftpside_t; 169 170 typedef struct ftpinfo { 171 int ftp_passok; 172 int ftp_incok; 173 ftpside_t ftp_side[2]; 174 } ftpinfo_t; 175 176 177 /* 178 * For the irc proxy. 179 */ 180 typedef struct ircinfo { 181 size_t irc_len; 182 char *irc_snick; 183 char *irc_dnick; 184 char *irc_type; 185 char *irc_arg; 186 char *irc_addr; 187 u_32_t irc_ipnum; 188 u_short irc_port; 189 } ircinfo_t; 190 191 192 /* 193 * Real audio proxy structure and #defines 194 */ 195 typedef struct raudio_s { 196 int rap_seenpna; 197 int rap_seenver; 198 int rap_version; 199 int rap_eos; /* End Of Startup */ 200 int rap_gotid; 201 int rap_gotlen; 202 int rap_mode; 203 int rap_sdone; 204 u_short rap_plport; 205 u_short rap_prport; 206 u_short rap_srport; 207 char rap_svr[19]; 208 u_32_t rap_sbf; /* flag to indicate which of the 19 bytes have 209 * been filled 210 */ 211 u_32_t rap_sseq; 212 } raudio_t; 213 214 #define RA_ID_END 0 215 #define RA_ID_UDP 1 216 #define RA_ID_ROBUST 7 217 218 #define RAP_M_UDP 1 219 #define RAP_M_ROBUST 2 220 #define RAP_M_TCP 4 221 #define RAP_M_UDP_ROBUST (RAP_M_UDP|RAP_M_ROBUST) 222 223 224 /* 225 * MSN RPC proxy 226 */ 227 typedef struct msnrpcinfo { 228 u_int mri_flags; 229 int mri_cmd[2]; 230 u_int mri_valid; 231 struct in_addr mri_raddr; 232 u_short mri_rport; 233 } msnrpcinfo_t; 234 235 236 /* 237 * IPSec proxy 238 */ 239 typedef u_32_t ipsec_cookie_t[2]; 240 241 typedef struct ipsec_pxy { 242 ipsec_cookie_t ipsc_icookie; 243 ipsec_cookie_t ipsc_rcookie; 244 int ipsc_rckset; 245 ipnat_t ipsc_rule; 246 nat_t *ipsc_nat; 247 struct ipstate *ipsc_state; 248 } ipsec_pxy_t; 249 250 /* 251 * PPTP proxy 252 */ 253 typedef struct pptp_side { 254 u_32_t pptps_nexthdr; 255 u_32_t pptps_next; 256 int pptps_state; 257 int pptps_gothdr; 258 int pptps_len; 259 int pptps_bytes; 260 char *pptps_wptr; 261 char pptps_buffer[512]; 262 } pptp_side_t; 263 264 typedef struct pptp_pxy { 265 ipnat_t pptp_rule; 266 nat_t *pptp_nat; 267 struct ipstate *pptp_state; 268 u_short pptp_call[2]; 269 pptp_side_t pptp_side[2]; 270 } pptp_pxy_t; 271 272 273 /* 274 * Sun RPCBIND proxy 275 */ 276 #define RPCB_MAXMSG 888 277 #define RPCB_RES_PMAP 0 /* Response contains a v2 port. */ 278 #define RPCB_RES_STRING 1 /* " " " v3 (GETADDR) string. */ 279 #define RPCB_RES_LIST 2 /* " " " v4 (GETADDRLIST) list. */ 280 #define RPCB_MAXREQS 32 /* Arbitrary limit on tracked transactions */ 281 282 #define RPCB_REQMIN 40 283 #define RPCB_REQMAX 888 284 #define RPCB_REPMIN 20 285 #define RPCB_REPMAX 604 /* XXX double check this! */ 286 287 /* 288 * These macros determine the number of bytes between p and the end of 289 * r->rs_buf relative to l. 290 */ 291 #define RPCB_BUF_END(r) (char *)((r)->rm_msgbuf + (r)->rm_buflen) 292 #define RPCB_BUF_GEQ(r, p, l) \ 293 ((RPCB_BUF_END((r)) > (char *)(p)) && \ 294 ((RPCB_BUF_END((r)) - (char *)(p)) >= (l))) 295 #define RPCB_BUF_EQ(r, p, l) \ 296 (RPCB_BUF_END((r)) == ((char *)(p) + (l))) 297 298 /* 299 * The following correspond to RPC(B) detailed in RFC183[13]. 300 */ 301 #define RPCB_CALL 0 302 #define RPCB_REPLY 1 303 #define RPCB_MSG_VERSION 2 304 #define RPCB_PROG 100000 305 #define RPCB_GETPORT 3 306 #define RPCB_GETADDR 3 307 #define RPCB_GETADDRLIST 11 308 #define RPCB_MSG_ACCEPTED 0 309 #define RPCB_MSG_DENIED 1 310 311 /* BEGIN (Generic XDR structures) */ 312 typedef struct xdr_string { 313 u_32_t *xs_len; 314 char *xs_str; 315 } xdr_string_t; 316 317 typedef struct xdr_auth { 318 /* u_32_t xa_flavor; */ 319 xdr_string_t xa_string; 320 } xdr_auth_t; 321 322 typedef struct xdr_uaddr { 323 u_32_t xu_ip; 324 u_short xu_port; 325 xdr_string_t xu_str; 326 } xdr_uaddr_t; 327 328 typedef struct xdr_proto { 329 u_int xp_proto; 330 xdr_string_t xp_str; 331 } xdr_proto_t; 332 333 #define xu_xslen xu_str.xs_len 334 #define xu_xsstr xu_str.xs_str 335 #define xp_xslen xp_str.xs_len 336 #define xp_xsstr xp_str.xs_str 337 /* END (Generic XDR structures) */ 338 339 /* BEGIN (RPC call structures) */ 340 typedef struct pmap_args { 341 /* u_32_t pa_prog; */ 342 /* u_32_t pa_vers; */ 343 u_32_t *pa_prot; 344 /* u_32_t pa_port; */ 345 } pmap_args_t; 346 347 typedef struct rpcb_args { 348 /* u_32_t *ra_prog; */ 349 /* u_32_t *ra_vers; */ 350 xdr_proto_t ra_netid; 351 xdr_uaddr_t ra_maddr; 352 /* xdr_string_t ra_owner; */ 353 } rpcb_args_t; 354 355 typedef struct rpc_call { 356 /* u_32_t rc_rpcvers; */ 357 /* u_32_t rc_prog; */ 358 u_32_t *rc_vers; 359 u_32_t *rc_proc; 360 xdr_auth_t rc_authcred; 361 xdr_auth_t rc_authverf; 362 union { 363 pmap_args_t ra_pmapargs; 364 rpcb_args_t ra_rpcbargs; 365 } rpcb_args; 366 } rpc_call_t; 367 368 #define rc_pmapargs rpcb_args.ra_pmapargs 369 #define rc_rpcbargs rpcb_args.ra_rpcbargs 370 /* END (RPC call structures) */ 371 372 /* BEGIN (RPC reply structures) */ 373 typedef struct rpcb_entry { 374 xdr_uaddr_t re_maddr; 375 xdr_proto_t re_netid; 376 /* u_32_t re_semantics; */ 377 xdr_string_t re_family; 378 xdr_proto_t re_proto; 379 u_32_t *re_more; /* 1 == another entry follows */ 380 } rpcb_entry_t; 381 382 typedef struct rpcb_listp { 383 u_32_t *rl_list; /* 1 == list follows */ 384 int rl_cnt; 385 rpcb_entry_t rl_entries[2]; /* TCP / UDP only */ 386 } rpcb_listp_t; 387 388 typedef struct rpc_resp { 389 /* u_32_t rr_acceptdeny; */ 390 /* Omitted 'message denied' fork; we don't care about rejects. */ 391 xdr_auth_t rr_authverf; 392 /* u_32_t *rr_astat; */ 393 union { 394 u_32_t *resp_pmap; 395 xdr_uaddr_t resp_getaddr; 396 rpcb_listp_t resp_getaddrlist; 397 } rpcb_reply; 398 } rpc_resp_t; 399 400 #define rr_v2 rpcb_reply.resp_pmap 401 #define rr_v3 rpcb_reply.resp_getaddr 402 #define rr_v4 rpcb_reply.resp_getaddrlist 403 /* END (RPC reply structures) */ 404 405 /* BEGIN (RPC message structure & macros) */ 406 typedef struct rpc_msg { 407 char rm_msgbuf[RPCB_MAXMSG]; /* RPCB data buffer */ 408 u_int rm_buflen; 409 u_32_t *rm_xid; 410 /* u_32_t Call vs Reply */ 411 union { 412 rpc_call_t rb_call; 413 rpc_resp_t rb_resp; 414 } rm_body; 415 } rpc_msg_t; 416 417 #define rm_call rm_body.rb_call 418 #define rm_resp rm_body.rb_resp 419 /* END (RPC message structure & macros) */ 420 421 /* 422 * These code paths aren't hot enough to warrant per transaction 423 * mutexes. 424 */ 425 typedef struct rpcb_xact { 426 struct rpcb_xact *rx_next; 427 struct rpcb_xact **rx_pnext; 428 u_32_t rx_xid; /* RPC transmission ID */ 429 u_int rx_type; /* RPCB response type */ 430 u_int rx_ref; /* reference count */ 431 u_int rx_proto; /* transport protocol (v2 only) */ 432 } rpcb_xact_t; 433 434 typedef struct rpcb_session { 435 ipfmutex_t rs_rxlock; 436 rpcb_xact_t *rs_rxlist; 437 } rpcb_session_t; 438 439 /* 440 * For an explanation, please see the following: 441 * RFC1832 - Sections 3.11, 4.4, and 4.5. 442 */ 443 #define XDRALIGN(x) ((((x) % 4) != 0) ? ((((x) + 3) / 4) * 4) : (x)) 444 445 extern int appr_add __P((aproxy_t *, ipf_stack_t *)); 446 extern int appr_ctl __P((ap_ctl_t *, ipf_stack_t *)); 447 extern int appr_del __P((aproxy_t *, ipf_stack_t *)); 448 extern int appr_init __P((ipf_stack_t *)); 449 extern void appr_unload __P((ipf_stack_t *)); 450 extern int appr_ok __P((fr_info_t *, tcphdr_t *, struct ipnat *)); 451 extern int appr_match __P((fr_info_t *, struct nat *)); 452 extern void appr_free __P((aproxy_t *)); 453 extern void aps_free __P((ap_session_t *, ipf_stack_t *)); 454 extern int appr_check __P((fr_info_t *, struct nat *)); 455 extern aproxy_t *appr_lookup __P((u_int, char *, ipf_stack_t *)); 456 extern int appr_new __P((fr_info_t *, struct nat *)); 457 extern int appr_ioctl __P((caddr_t, ioctlcmd_t, int, ipf_stack_t *)); 458 459 #endif /* __IP_PROXY_H__ */ 460
Indexes created Sat Nov 28 12:39:51 UTC 2009
Terms of Use |
Privacy |
Trademarks |
Copyright Policy |
Site Guidelines |
Help
Your use of this web site or any of its content or software indicates your agreement to be bound by these Terms of Use.
Copyright © 1995-2008 Sun Microsystems, Inc.