0a1,2
> /* $FreeBSD: head/sys/contrib/ipfilter/netinet/ip_proxy.h 145522 2005-04-25 18:43:14Z darrenr $ */
>
6,7c8,9
< * $Id: ip_proxy.h,v 2.8.2.4 2000/12/02 00:15:03 darrenr Exp $
< * $FreeBSD: head/sys/contrib/ipfilter/netinet/ip_proxy.h 110916 2003-02-15 06:25:25Z darrenr $
---
> * $FreeBSD: head/sys/contrib/ipfilter/netinet/ip_proxy.h 145522 2005-04-25 18:43:14Z darrenr $
> * Id: ip_proxy.h,v 2.31.2.2 2005/03/12 19:33:48 darrenr Exp
67a70,89
> typedef struct ap_control {
> char apc_label[APR_LABELLEN];
> u_char apc_p;
> /*
> * The following fields are upto the proxy's apr_ctl routine to deal
> * with. When the proxy gets this in kernel space, apc_data will
> * point to a malloc'd region of memory of apc_dsize bytes. If the
> * proxy wants to keep that memory, it must set apc_data to NULL
> * before it returns. It is expected if this happens that it will
> * take care to free it in apr_fini or otherwise as appropriate.
> * apc_cmd is provided as a standard place to put simple commands,
> * with apc_arg being available to put a simple arg.
> */
> u_long apc_cmd;
> u_long apc_arg;
> void *apc_data;
> size_t apc_dsize;
> } ap_ctl_t;
>
>
76,77c98
< int (* apr_new) __P((fr_info_t *, ip_t *,
< ap_session_t *, struct nat *));
---
> int (* apr_new) __P((fr_info_t *, ap_session_t *, struct nat *));
79,82c100,101
< int (* apr_inpkt) __P((fr_info_t *, ip_t *,
< ap_session_t *, struct nat *));
< int (* apr_outpkt) __P((fr_info_t *, ip_t *,
< ap_session_t *, struct nat *));
---
> int (* apr_inpkt) __P((fr_info_t *, ap_session_t *, struct nat *));
> int (* apr_outpkt) __P((fr_info_t *, ap_session_t *, struct nat *));
83a103
> int (* apr_ctl) __P((struct aproxy *, struct ap_control *));
88c108
< #define APR_ERR(x) (((x) & 0xffff) << 16)
---
> #define APR_ERR(x) ((x) << 16)
92d111
< #define FTP_BUFSZ 160
94c113
< * For the ftp proxy.
---
> * Generic #define's to cover missing things in the kernel
95a115,148
> #ifndef isdigit
> #define isdigit(x) ((x) >= '0' && (x) <= '9')
> #endif
> #ifndef isupper
> #define isupper(x) (((unsigned)(x) >= 'A') && ((unsigned)(x) <= 'Z'))
> #endif
> #ifndef islower
> #define islower(x) (((unsigned)(x) >= 'a') && ((unsigned)(x) <= 'z'))
> #endif
> #ifndef isalpha
> #define isalpha(x) (isupper(x) || islower(x))
> #endif
> #ifndef toupper
> #define toupper(x) (isupper(x) ? (x) : (x) - 'a' + 'A')
> #endif
> #ifndef isspace
> #define isspace(x) (((x) == ' ') || ((x) == '\r') || ((x) == '\n') || \
> ((x) == '\t') || ((x) == '\b'))
> #endif
>
> /*
> * This is the scratch buffer size used to hold strings from the TCP stream
> * that we may want to parse. It's an arbitrary size, really, but it must
> * be at least as large as IPF_FTPBUFSZ.
> */
> #define FTP_BUFSZ 120
>
> /*
> * This buffer, however, doesn't need to be nearly so big. It just needs to
> * be able to squeeze in the largest command it needs to rewrite, Which ones
> * does it rewrite? EPRT, PORT, 227 replies.
> */
> #define IPF_FTPBUFSZ 80 /* This *MUST* be >= 53! */
>
98a152
> void *ftps_ifp;
101c155
< int ftps_junk;
---
> int ftps_junk; /* 2 = no cr/lf yet, 1 = cannot parse */
103d156
< int ftps_cmd;
112a166
>
113a168,182
> * For the irc proxy.
> */
> typedef struct ircinfo {
> size_t irc_len;
> char *irc_snick;
> char *irc_dnick;
> char *irc_type;
> char *irc_arg;
> char *irc_addr;
> u_32_t irc_ipnum;
> u_short irc_port;
> } ircinfo_t;
>
>
> /*
143a213
>
144a215,226
> * MSN RPC proxy
> */
> typedef struct msnrpcinfo {
> u_int mri_flags;
> int mri_cmd[2];
> u_int mri_valid;
> struct in_addr mri_raddr;
> u_short mri_rport;
> } msnrpcinfo_t;
>
>
> /*
157a240,434
> /*
> * PPTP proxy
> */
> typedef struct pptp_side {
> u_32_t pptps_nexthdr;
> u_32_t pptps_next;
> int pptps_state;
> int pptps_gothdr;
> int pptps_len;
> int pptps_bytes;
> char *pptps_wptr;
> char pptps_buffer[512];
> } pptp_side_t;
>
> typedef struct pptp_pxy {
> ipnat_t pptp_rule;
> nat_t *pptp_nat;
> ipstate_t *pptp_state;
> u_short pptp_call[2];
> pptp_side_t pptp_side[2];
> } pptp_pxy_t;
>
>
> /*
> * Sun RPCBIND proxy
> */
> #define RPCB_MAXMSG 888
> #define RPCB_RES_PMAP 0 /* Response contains a v2 port. */
> #define RPCB_RES_STRING 1 /* " " " v3 (GETADDR) string. */
> #define RPCB_RES_LIST 2 /* " " " v4 (GETADDRLIST) list. */
> #define RPCB_MAXREQS 32 /* Arbitrary limit on tracked transactions */
>
> #define RPCB_REQMIN 40
> #define RPCB_REQMAX 888
> #define RPCB_REPMIN 20
> #define RPCB_REPMAX 604 /* XXX double check this! */
>
> /*
> * These macros determine the number of bytes between p and the end of
> * r->rs_buf relative to l.
> */
> #define RPCB_BUF_END(r) (char *)((r)->rm_msgbuf + (r)->rm_buflen)
> #define RPCB_BUF_GEQ(r, p, l) \
> ((RPCB_BUF_END((r)) > (char *)(p)) && \
> ((RPCB_BUF_END((r)) - (char *)(p)) >= (l)))
> #define RPCB_BUF_EQ(r, p, l) \
> (RPCB_BUF_END((r)) == ((char *)(p) + (l)))
>
> /*
> * The following correspond to RPC(B) detailed in RFC183[13].
> */
> #define RPCB_CALL 0
> #define RPCB_REPLY 1
> #define RPCB_MSG_VERSION 2
> #define RPCB_PROG 100000
> #define RPCB_GETPORT 3
> #define RPCB_GETADDR 3
> #define RPCB_GETADDRLIST 11
> #define RPCB_MSG_ACCEPTED 0
> #define RPCB_MSG_DENIED 1
>
> /* BEGIN (Generic XDR structures) */
> typedef struct xdr_string {
> u_32_t *xs_len;
> char *xs_str;
> } xdr_string_t;
>
> typedef struct xdr_auth {
> /* u_32_t xa_flavor; */
> xdr_string_t xa_string;
> } xdr_auth_t;
>
> typedef struct xdr_uaddr {
> u_32_t xu_ip;
> u_short xu_port;
> xdr_string_t xu_str;
> } xdr_uaddr_t;
>
> typedef struct xdr_proto {
> u_int xp_proto;
> xdr_string_t xp_str;
> } xdr_proto_t;
>
> #define xu_xslen xu_str.xs_len
> #define xu_xsstr xu_str.xs_str
> #define xp_xslen xp_str.xs_len
> #define xp_xsstr xp_str.xs_str
> /* END (Generic XDR structures) */
>
> /* BEGIN (RPC call structures) */
> typedef struct pmap_args {
> /* u_32_t pa_prog; */
> /* u_32_t pa_vers; */
> u_32_t *pa_prot;
> /* u_32_t pa_port; */
> } pmap_args_t;
>
> typedef struct rpcb_args {
> /* u_32_t *ra_prog; */
> /* u_32_t *ra_vers; */
> xdr_proto_t ra_netid;
> xdr_uaddr_t ra_maddr;
> /* xdr_string_t ra_owner; */
> } rpcb_args_t;
>
> typedef struct rpc_call {
> /* u_32_t rc_rpcvers; */
> /* u_32_t rc_prog; */
> u_32_t *rc_vers;
> u_32_t *rc_proc;
> xdr_auth_t rc_authcred;
> xdr_auth_t rc_authverf;
> union {
> pmap_args_t ra_pmapargs;
> rpcb_args_t ra_rpcbargs;
> } rpcb_args;
> } rpc_call_t;
>
> #define rc_pmapargs rpcb_args.ra_pmapargs
> #define rc_rpcbargs rpcb_args.ra_rpcbargs
> /* END (RPC call structures) */
>
> /* BEGIN (RPC reply structures) */
> typedef struct rpcb_entry {
> xdr_uaddr_t re_maddr;
> xdr_proto_t re_netid;
> /* u_32_t re_semantics; */
> xdr_string_t re_family;
> xdr_proto_t re_proto;
> u_32_t *re_more; /* 1 == another entry follows */
> } rpcb_entry_t;
>
> typedef struct rpcb_listp {
> u_32_t *rl_list; /* 1 == list follows */
> int rl_cnt;
> rpcb_entry_t rl_entries[2]; /* TCP / UDP only */
> } rpcb_listp_t;
>
> typedef struct rpc_resp {
> /* u_32_t rr_acceptdeny; */
> /* Omitted 'message denied' fork; we don't care about rejects. */
> xdr_auth_t rr_authverf;
> /* u_32_t *rr_astat; */
> union {
> u_32_t *resp_pmap;
> xdr_uaddr_t resp_getaddr;
> rpcb_listp_t resp_getaddrlist;
> } rpcb_reply;
> } rpc_resp_t;
>
> #define rr_v2 rpcb_reply.resp_pmap
> #define rr_v3 rpcb_reply.resp_getaddr
> #define rr_v4 rpcb_reply.resp_getaddrlist
> /* END (RPC reply structures) */
>
> /* BEGIN (RPC message structure & macros) */
> typedef struct rpc_msg {
> char rm_msgbuf[RPCB_MAXMSG]; /* RPCB data buffer */
> u_int rm_buflen;
> u_32_t *rm_xid;
> /* u_32_t Call vs Reply */
> union {
> rpc_call_t rb_call;
> rpc_resp_t rb_resp;
> } rm_body;
> } rpc_msg_t;
>
> #define rm_call rm_body.rb_call
> #define rm_resp rm_body.rb_resp
> /* END (RPC message structure & macros) */
>
> /*
> * These code paths aren't hot enough to warrant per transaction
> * mutexes.
> */
> typedef struct rpcb_xact {
> struct rpcb_xact *rx_next;
> struct rpcb_xact **rx_pnext;
> u_32_t rx_xid; /* RPC transmission ID */
> u_int rx_type; /* RPCB response type */
> u_int rx_ref; /* reference count */
> u_int rx_proto; /* transport protocol (v2 only) */
> } rpcb_xact_t;
>
> typedef struct rpcb_session {
> ipfmutex_t rs_rxlock;
> rpcb_xact_t *rs_rxlist;
> } rpcb_session_t;
>
> /*
> * For an explanation, please see the following:
> * RFC1832 - Sections 3.11, 4.4, and 4.5.
> */
> #define XDRALIGN(x) ((((x) % 4) != 0) ? ((((x) + 3) / 4) * 4) : (x))
>
163a441
> extern int appr_ctl __P((ap_ctl_t *));
167c445
< extern int appr_ok __P((ip_t *, tcphdr_t *, struct ipnat *));
---
> extern int appr_ok __P((fr_info_t *, tcphdr_t *, struct ipnat *));
171c449
< extern int appr_check __P((ip_t *, fr_info_t *, struct nat *));
---
> extern int appr_check __P((fr_info_t *, struct nat *));
173c451,452
< extern int appr_new __P((fr_info_t *, ip_t *, struct nat *));
---
> extern int appr_new __P((fr_info_t *, struct nat *));
> extern int appr_ioctl __P((caddr_t, ioctlcmd_t, int));
> /* $FreeBSD: head/sys/contrib/ipfilter/netinet/ip_proxy.h 145522 2005-04-25 18:43:14Z darrenr $ */
>
6,7c8,9
< * $Id: ip_proxy.h,v 2.8.2.4 2000/12/02 00:15:03 darrenr Exp $
< * $FreeBSD: head/sys/contrib/ipfilter/netinet/ip_proxy.h 110916 2003-02-15 06:25:25Z darrenr $
---
> * $FreeBSD: head/sys/contrib/ipfilter/netinet/ip_proxy.h 145522 2005-04-25 18:43:14Z darrenr $
> * Id: ip_proxy.h,v 2.31.2.2 2005/03/12 19:33:48 darrenr Exp
67a70,89
> typedef struct ap_control {
> char apc_label[APR_LABELLEN];
> u_char apc_p;
> /*
> * The following fields are upto the proxy's apr_ctl routine to deal
> * with. When the proxy gets this in kernel space, apc_data will
> * point to a malloc'd region of memory of apc_dsize bytes. If the
> * proxy wants to keep that memory, it must set apc_data to NULL
> * before it returns. It is expected if this happens that it will
> * take care to free it in apr_fini or otherwise as appropriate.
> * apc_cmd is provided as a standard place to put simple commands,
> * with apc_arg being available to put a simple arg.
> */
> u_long apc_cmd;
> u_long apc_arg;
> void *apc_data;
> size_t apc_dsize;
> } ap_ctl_t;
>
>
76,77c98
< int (* apr_new) __P((fr_info_t *, ip_t *,
< ap_session_t *, struct nat *));
---
> int (* apr_new) __P((fr_info_t *, ap_session_t *, struct nat *));
79,82c100,101
< int (* apr_inpkt) __P((fr_info_t *, ip_t *,
< ap_session_t *, struct nat *));
< int (* apr_outpkt) __P((fr_info_t *, ip_t *,
< ap_session_t *, struct nat *));
---
> int (* apr_inpkt) __P((fr_info_t *, ap_session_t *, struct nat *));
> int (* apr_outpkt) __P((fr_info_t *, ap_session_t *, struct nat *));
83a103
> int (* apr_ctl) __P((struct aproxy *, struct ap_control *));
88c108
< #define APR_ERR(x) (((x) & 0xffff) << 16)
---
> #define APR_ERR(x) ((x) << 16)
92d111
< #define FTP_BUFSZ 160
94c113
< * For the ftp proxy.
---
> * Generic #define's to cover missing things in the kernel
95a115,148
> #ifndef isdigit
> #define isdigit(x) ((x) >= '0' && (x) <= '9')
> #endif
> #ifndef isupper
> #define isupper(x) (((unsigned)(x) >= 'A') && ((unsigned)(x) <= 'Z'))
> #endif
> #ifndef islower
> #define islower(x) (((unsigned)(x) >= 'a') && ((unsigned)(x) <= 'z'))
> #endif
> #ifndef isalpha
> #define isalpha(x) (isupper(x) || islower(x))
> #endif
> #ifndef toupper
> #define toupper(x) (isupper(x) ? (x) : (x) - 'a' + 'A')
> #endif
> #ifndef isspace
> #define isspace(x) (((x) == ' ') || ((x) == '\r') || ((x) == '\n') || \
> ((x) == '\t') || ((x) == '\b'))
> #endif
>
> /*
> * This is the scratch buffer size used to hold strings from the TCP stream
> * that we may want to parse. It's an arbitrary size, really, but it must
> * be at least as large as IPF_FTPBUFSZ.
> */
> #define FTP_BUFSZ 120
>
> /*
> * This buffer, however, doesn't need to be nearly so big. It just needs to
> * be able to squeeze in the largest command it needs to rewrite, Which ones
> * does it rewrite? EPRT, PORT, 227 replies.
> */
> #define IPF_FTPBUFSZ 80 /* This *MUST* be >= 53! */
>
98a152
> void *ftps_ifp;
101c155
< int ftps_junk;
---
> int ftps_junk; /* 2 = no cr/lf yet, 1 = cannot parse */
103d156
< int ftps_cmd;
112a166
>
113a168,182
> * For the irc proxy.
> */
> typedef struct ircinfo {
> size_t irc_len;
> char *irc_snick;
> char *irc_dnick;
> char *irc_type;
> char *irc_arg;
> char *irc_addr;
> u_32_t irc_ipnum;
> u_short irc_port;
> } ircinfo_t;
>
>
> /*
143a213
>
144a215,226
> * MSN RPC proxy
> */
> typedef struct msnrpcinfo {
> u_int mri_flags;
> int mri_cmd[2];
> u_int mri_valid;
> struct in_addr mri_raddr;
> u_short mri_rport;
> } msnrpcinfo_t;
>
>
> /*
157a240,434
> /*
> * PPTP proxy
> */
> typedef struct pptp_side {
> u_32_t pptps_nexthdr;
> u_32_t pptps_next;
> int pptps_state;
> int pptps_gothdr;
> int pptps_len;
> int pptps_bytes;
> char *pptps_wptr;
> char pptps_buffer[512];
> } pptp_side_t;
>
> typedef struct pptp_pxy {
> ipnat_t pptp_rule;
> nat_t *pptp_nat;
> ipstate_t *pptp_state;
> u_short pptp_call[2];
> pptp_side_t pptp_side[2];
> } pptp_pxy_t;
>
>
> /*
> * Sun RPCBIND proxy
> */
> #define RPCB_MAXMSG 888
> #define RPCB_RES_PMAP 0 /* Response contains a v2 port. */
> #define RPCB_RES_STRING 1 /* " " " v3 (GETADDR) string. */
> #define RPCB_RES_LIST 2 /* " " " v4 (GETADDRLIST) list. */
> #define RPCB_MAXREQS 32 /* Arbitrary limit on tracked transactions */
>
> #define RPCB_REQMIN 40
> #define RPCB_REQMAX 888
> #define RPCB_REPMIN 20
> #define RPCB_REPMAX 604 /* XXX double check this! */
>
> /*
> * These macros determine the number of bytes between p and the end of
> * r->rs_buf relative to l.
> */
> #define RPCB_BUF_END(r) (char *)((r)->rm_msgbuf + (r)->rm_buflen)
> #define RPCB_BUF_GEQ(r, p, l) \
> ((RPCB_BUF_END((r)) > (char *)(p)) && \
> ((RPCB_BUF_END((r)) - (char *)(p)) >= (l)))
> #define RPCB_BUF_EQ(r, p, l) \
> (RPCB_BUF_END((r)) == ((char *)(p) + (l)))
>
> /*
> * The following correspond to RPC(B) detailed in RFC183[13].
> */
> #define RPCB_CALL 0
> #define RPCB_REPLY 1
> #define RPCB_MSG_VERSION 2
> #define RPCB_PROG 100000
> #define RPCB_GETPORT 3
> #define RPCB_GETADDR 3
> #define RPCB_GETADDRLIST 11
> #define RPCB_MSG_ACCEPTED 0
> #define RPCB_MSG_DENIED 1
>
> /* BEGIN (Generic XDR structures) */
> typedef struct xdr_string {
> u_32_t *xs_len;
> char *xs_str;
> } xdr_string_t;
>
> typedef struct xdr_auth {
> /* u_32_t xa_flavor; */
> xdr_string_t xa_string;
> } xdr_auth_t;
>
> typedef struct xdr_uaddr {
> u_32_t xu_ip;
> u_short xu_port;
> xdr_string_t xu_str;
> } xdr_uaddr_t;
>
> typedef struct xdr_proto {
> u_int xp_proto;
> xdr_string_t xp_str;
> } xdr_proto_t;
>
> #define xu_xslen xu_str.xs_len
> #define xu_xsstr xu_str.xs_str
> #define xp_xslen xp_str.xs_len
> #define xp_xsstr xp_str.xs_str
> /* END (Generic XDR structures) */
>
> /* BEGIN (RPC call structures) */
> typedef struct pmap_args {
> /* u_32_t pa_prog; */
> /* u_32_t pa_vers; */
> u_32_t *pa_prot;
> /* u_32_t pa_port; */
> } pmap_args_t;
>
> typedef struct rpcb_args {
> /* u_32_t *ra_prog; */
> /* u_32_t *ra_vers; */
> xdr_proto_t ra_netid;
> xdr_uaddr_t ra_maddr;
> /* xdr_string_t ra_owner; */
> } rpcb_args_t;
>
> typedef struct rpc_call {
> /* u_32_t rc_rpcvers; */
> /* u_32_t rc_prog; */
> u_32_t *rc_vers;
> u_32_t *rc_proc;
> xdr_auth_t rc_authcred;
> xdr_auth_t rc_authverf;
> union {
> pmap_args_t ra_pmapargs;
> rpcb_args_t ra_rpcbargs;
> } rpcb_args;
> } rpc_call_t;
>
> #define rc_pmapargs rpcb_args.ra_pmapargs
> #define rc_rpcbargs rpcb_args.ra_rpcbargs
> /* END (RPC call structures) */
>
> /* BEGIN (RPC reply structures) */
> typedef struct rpcb_entry {
> xdr_uaddr_t re_maddr;
> xdr_proto_t re_netid;
> /* u_32_t re_semantics; */
> xdr_string_t re_family;
> xdr_proto_t re_proto;
> u_32_t *re_more; /* 1 == another entry follows */
> } rpcb_entry_t;
>
> typedef struct rpcb_listp {
> u_32_t *rl_list; /* 1 == list follows */
> int rl_cnt;
> rpcb_entry_t rl_entries[2]; /* TCP / UDP only */
> } rpcb_listp_t;
>
> typedef struct rpc_resp {
> /* u_32_t rr_acceptdeny; */
> /* Omitted 'message denied' fork; we don't care about rejects. */
> xdr_auth_t rr_authverf;
> /* u_32_t *rr_astat; */
> union {
> u_32_t *resp_pmap;
> xdr_uaddr_t resp_getaddr;
> rpcb_listp_t resp_getaddrlist;
> } rpcb_reply;
> } rpc_resp_t;
>
> #define rr_v2 rpcb_reply.resp_pmap
> #define rr_v3 rpcb_reply.resp_getaddr
> #define rr_v4 rpcb_reply.resp_getaddrlist
> /* END (RPC reply structures) */
>
> /* BEGIN (RPC message structure & macros) */
> typedef struct rpc_msg {
> char rm_msgbuf[RPCB_MAXMSG]; /* RPCB data buffer */
> u_int rm_buflen;
> u_32_t *rm_xid;
> /* u_32_t Call vs Reply */
> union {
> rpc_call_t rb_call;
> rpc_resp_t rb_resp;
> } rm_body;
> } rpc_msg_t;
>
> #define rm_call rm_body.rb_call
> #define rm_resp rm_body.rb_resp
> /* END (RPC message structure & macros) */
>
> /*
> * These code paths aren't hot enough to warrant per transaction
> * mutexes.
> */
> typedef struct rpcb_xact {
> struct rpcb_xact *rx_next;
> struct rpcb_xact **rx_pnext;
> u_32_t rx_xid; /* RPC transmission ID */
> u_int rx_type; /* RPCB response type */
> u_int rx_ref; /* reference count */
> u_int rx_proto; /* transport protocol (v2 only) */
> } rpcb_xact_t;
>
> typedef struct rpcb_session {
> ipfmutex_t rs_rxlock;
> rpcb_xact_t *rs_rxlist;
> } rpcb_session_t;
>
> /*
> * For an explanation, please see the following:
> * RFC1832 - Sections 3.11, 4.4, and 4.5.
> */
> #define XDRALIGN(x) ((((x) % 4) != 0) ? ((((x) + 3) / 4) * 4) : (x))
>
163a441
> extern int appr_ctl __P((ap_ctl_t *));
167c445
< extern int appr_ok __P((ip_t *, tcphdr_t *, struct ipnat *));
---
> extern int appr_ok __P((fr_info_t *, tcphdr_t *, struct ipnat *));
171c449
< extern int appr_check __P((ip_t *, fr_info_t *, struct nat *));
---
> extern int appr_check __P((fr_info_t *, struct nat *));
173c451,452
< extern int appr_new __P((fr_info_t *, ip_t *, struct nat *));
---
> extern int appr_new __P((fr_info_t *, struct nat *));
> extern int appr_ioctl __P((caddr_t, ioctlcmd_t, int));