ip_proxy.h (110916) | ip_proxy.h (145522) |
---|---|
1/* $FreeBSD: head/sys/contrib/ipfilter/netinet/ip_proxy.h 145522 2005-04-25 18:43:14Z darrenr $ */ 2 |
|
1/* 2 * Copyright (C) 1997-2001 by Darren Reed. 3 * 4 * See the IPFILTER.LICENCE file for details on licencing. 5 * | 3/* 4 * Copyright (C) 1997-2001 by Darren Reed. 5 * 6 * See the IPFILTER.LICENCE file for details on licencing. 7 * |
6 * $Id: ip_proxy.h,v 2.8.2.4 2000/12/02 00:15:03 darrenr Exp $ 7 * $FreeBSD: head/sys/contrib/ipfilter/netinet/ip_proxy.h 110916 2003-02-15 06:25:25Z darrenr $ | 8 * $FreeBSD: head/sys/contrib/ipfilter/netinet/ip_proxy.h 145522 2005-04-25 18:43:14Z darrenr $ 9 * Id: ip_proxy.h,v 2.31.2.2 2005/03/12 19:33:48 darrenr Exp |
8 */ 9 10#ifndef __IP_PROXY_H__ 11#define __IP_PROXY_H__ 12 13#ifndef SOLARIS 14#define SOLARIS (defined(sun) && (defined(__svr4__) || defined(__SVR4))) 15#endif --- 44 unchanged lines hidden (view full) --- 60#define aps_sel aps_un.apu_tcp.apt_sel 61#define aps_seqoff aps_un.apu_tcp.apt_seqoff 62#define aps_seqmin aps_un.apu_tcp.apt_seqmin 63#define aps_state aps_un.apu_tcp.apt_state 64#define aps_ackoff aps_un.apu_tcp.apt_ackoff 65#define aps_ackmin aps_un.apu_tcp.apt_ackmin 66 67 | 10 */ 11 12#ifndef __IP_PROXY_H__ 13#define __IP_PROXY_H__ 14 15#ifndef SOLARIS 16#define SOLARIS (defined(sun) && (defined(__svr4__) || defined(__SVR4))) 17#endif --- 44 unchanged lines hidden (view full) --- 62#define aps_sel aps_un.apu_tcp.apt_sel 63#define aps_seqoff aps_un.apu_tcp.apt_seqoff 64#define aps_seqmin aps_un.apu_tcp.apt_seqmin 65#define aps_state aps_un.apu_tcp.apt_state 66#define aps_ackoff aps_un.apu_tcp.apt_ackoff 67#define aps_ackmin aps_un.apu_tcp.apt_ackmin 68 69 |
70typedef struct ap_control { 71 char apc_label[APR_LABELLEN]; 72 u_char apc_p; 73 /* 74 * The following fields are upto the proxy's apr_ctl routine to deal 75 * with. When the proxy gets this in kernel space, apc_data will 76 * point to a malloc'd region of memory of apc_dsize bytes. If the 77 * proxy wants to keep that memory, it must set apc_data to NULL 78 * before it returns. It is expected if this happens that it will 79 * take care to free it in apr_fini or otherwise as appropriate. 80 * apc_cmd is provided as a standard place to put simple commands, 81 * with apc_arg being available to put a simple arg. 82 */ 83 u_long apc_cmd; 84 u_long apc_arg; 85 void *apc_data; 86 size_t apc_dsize; 87} ap_ctl_t; 88 89 |
|
68typedef struct aproxy { 69 struct aproxy *apr_next; 70 char apr_label[APR_LABELLEN]; /* Proxy label # */ 71 u_char apr_p; /* protocol */ 72 int apr_ref; /* +1 per rule referencing it */ 73 int apr_flags; 74 int (* apr_init) __P((void)); 75 void (* apr_fini) __P((void)); | 90typedef struct aproxy { 91 struct aproxy *apr_next; 92 char apr_label[APR_LABELLEN]; /* Proxy label # */ 93 u_char apr_p; /* protocol */ 94 int apr_ref; /* +1 per rule referencing it */ 95 int apr_flags; 96 int (* apr_init) __P((void)); 97 void (* apr_fini) __P((void)); |
76 int (* apr_new) __P((fr_info_t *, ip_t *, 77 ap_session_t *, struct nat *)); | 98 int (* apr_new) __P((fr_info_t *, ap_session_t *, struct nat *)); |
78 void (* apr_del) __P((ap_session_t *)); | 99 void (* apr_del) __P((ap_session_t *)); |
79 int (* apr_inpkt) __P((fr_info_t *, ip_t *, 80 ap_session_t *, struct nat *)); 81 int (* apr_outpkt) __P((fr_info_t *, ip_t *, 82 ap_session_t *, struct nat *)); | 100 int (* apr_inpkt) __P((fr_info_t *, ap_session_t *, struct nat *)); 101 int (* apr_outpkt) __P((fr_info_t *, ap_session_t *, struct nat *)); |
83 int (* apr_match) __P((fr_info_t *, ap_session_t *, struct nat *)); | 102 int (* apr_match) __P((fr_info_t *, ap_session_t *, struct nat *)); |
103 int (* apr_ctl) __P((struct aproxy *, struct ap_control *)); |
|
84} aproxy_t; 85 86#define APR_DELETE 1 87 | 104} aproxy_t; 105 106#define APR_DELETE 1 107 |
88#define APR_ERR(x) (((x) & 0xffff) << 16) | 108#define APR_ERR(x) ((x) << 16) |
89#define APR_EXIT(x) (((x) >> 16) & 0xffff) 90#define APR_INC(x) ((x) & 0xffff) 91 | 109#define APR_EXIT(x) (((x) >> 16) & 0xffff) 110#define APR_INC(x) ((x) & 0xffff) 111 |
92#define FTP_BUFSZ 160 | |
93/* | 112/* |
94 * For the ftp proxy. | 113 * Generic #define's to cover missing things in the kernel |
95 */ | 114 */ |
115#ifndef isdigit 116#define isdigit(x) ((x) >= '0' && (x) <= '9') 117#endif 118#ifndef isupper 119#define isupper(x) (((unsigned)(x) >= 'A') && ((unsigned)(x) <= 'Z')) 120#endif 121#ifndef islower 122#define islower(x) (((unsigned)(x) >= 'a') && ((unsigned)(x) <= 'z')) 123#endif 124#ifndef isalpha 125#define isalpha(x) (isupper(x) || islower(x)) 126#endif 127#ifndef toupper 128#define toupper(x) (isupper(x) ? (x) : (x) - 'a' + 'A') 129#endif 130#ifndef isspace 131#define isspace(x) (((x) == ' ') || ((x) == '\r') || ((x) == '\n') || \ 132 ((x) == '\t') || ((x) == '\b')) 133#endif 134 135/* 136 * This is the scratch buffer size used to hold strings from the TCP stream 137 * that we may want to parse. It's an arbitrary size, really, but it must 138 * be at least as large as IPF_FTPBUFSZ. 139 */ 140#define FTP_BUFSZ 120 141 142/* 143 * This buffer, however, doesn't need to be nearly so big. It just needs to 144 * be able to squeeze in the largest command it needs to rewrite, Which ones 145 * does it rewrite? EPRT, PORT, 227 replies. 146 */ 147#define IPF_FTPBUFSZ 80 /* This *MUST* be >= 53! */ 148 |
|
96typedef struct ftpside { 97 char *ftps_rptr; 98 char *ftps_wptr; | 149typedef struct ftpside { 150 char *ftps_rptr; 151 char *ftps_wptr; |
152 void *ftps_ifp; |
|
99 u_32_t ftps_seq[2]; 100 u_32_t ftps_len; | 153 u_32_t ftps_seq[2]; 154 u_32_t ftps_len; |
101 int ftps_junk; | 155 int ftps_junk; /* 2 = no cr/lf yet, 1 = cannot parse */ |
102 int ftps_cmds; | 156 int ftps_cmds; |
103 int ftps_cmd; | |
104 char ftps_buf[FTP_BUFSZ]; 105} ftpside_t; 106 107typedef struct ftpinfo { 108 int ftp_passok; 109 int ftp_incok; 110 ftpside_t ftp_side[2]; 111} ftpinfo_t; 112 | 157 char ftps_buf[FTP_BUFSZ]; 158} ftpside_t; 159 160typedef struct ftpinfo { 161 int ftp_passok; 162 int ftp_incok; 163 ftpside_t ftp_side[2]; 164} ftpinfo_t; 165 |
166 |
|
113/* | 167/* |
168 * For the irc proxy. 169 */ 170typedef struct ircinfo { 171 size_t irc_len; 172 char *irc_snick; 173 char *irc_dnick; 174 char *irc_type; 175 char *irc_arg; 176 char *irc_addr; 177 u_32_t irc_ipnum; 178 u_short irc_port; 179} ircinfo_t; 180 181 182/* |
|
114 * Real audio proxy structure and #defines 115 */ 116typedef struct raudio_s { 117 int rap_seenpna; 118 int rap_seenver; 119 int rap_version; 120 int rap_eos; /* End Of Startup */ 121 int rap_gotid; --- 14 unchanged lines hidden (view full) --- 136#define RA_ID_UDP 1 137#define RA_ID_ROBUST 7 138 139#define RAP_M_UDP 1 140#define RAP_M_ROBUST 2 141#define RAP_M_TCP 4 142#define RAP_M_UDP_ROBUST (RAP_M_UDP|RAP_M_ROBUST) 143 | 183 * Real audio proxy structure and #defines 184 */ 185typedef struct raudio_s { 186 int rap_seenpna; 187 int rap_seenver; 188 int rap_version; 189 int rap_eos; /* End Of Startup */ 190 int rap_gotid; --- 14 unchanged lines hidden (view full) --- 205#define RA_ID_UDP 1 206#define RA_ID_ROBUST 7 207 208#define RAP_M_UDP 1 209#define RAP_M_ROBUST 2 210#define RAP_M_TCP 4 211#define RAP_M_UDP_ROBUST (RAP_M_UDP|RAP_M_ROBUST) 212 |
213 |
|
144/* | 214/* |
215 * MSN RPC proxy 216 */ 217typedef struct msnrpcinfo { 218 u_int mri_flags; 219 int mri_cmd[2]; 220 u_int mri_valid; 221 struct in_addr mri_raddr; 222 u_short mri_rport; 223} msnrpcinfo_t; 224 225 226/* |
|
145 * IPSec proxy 146 */ 147typedef u_32_t ipsec_cookie_t[2]; 148 149typedef struct ipsec_pxy { 150 ipsec_cookie_t ipsc_icookie; 151 ipsec_cookie_t ipsc_rcookie; 152 int ipsc_rckset; 153 ipnat_t ipsc_rule; 154 nat_t *ipsc_nat; 155 ipstate_t *ipsc_state; 156} ipsec_pxy_t; 157 | 227 * IPSec proxy 228 */ 229typedef u_32_t ipsec_cookie_t[2]; 230 231typedef struct ipsec_pxy { 232 ipsec_cookie_t ipsc_icookie; 233 ipsec_cookie_t ipsc_rcookie; 234 int ipsc_rckset; 235 ipnat_t ipsc_rule; 236 nat_t *ipsc_nat; 237 ipstate_t *ipsc_state; 238} ipsec_pxy_t; 239 |
240/* 241 * PPTP proxy 242 */ 243typedef struct pptp_side { 244 u_32_t pptps_nexthdr; 245 u_32_t pptps_next; 246 int pptps_state; 247 int pptps_gothdr; 248 int pptps_len; 249 int pptps_bytes; 250 char *pptps_wptr; 251 char pptps_buffer[512]; 252} pptp_side_t; 253 254typedef struct pptp_pxy { 255 ipnat_t pptp_rule; 256 nat_t *pptp_nat; 257 ipstate_t *pptp_state; 258 u_short pptp_call[2]; 259 pptp_side_t pptp_side[2]; 260} pptp_pxy_t; 261 262 263/* 264 * Sun RPCBIND proxy 265 */ 266#define RPCB_MAXMSG 888 267#define RPCB_RES_PMAP 0 /* Response contains a v2 port. */ 268#define RPCB_RES_STRING 1 /* " " " v3 (GETADDR) string. */ 269#define RPCB_RES_LIST 2 /* " " " v4 (GETADDRLIST) list. */ 270#define RPCB_MAXREQS 32 /* Arbitrary limit on tracked transactions */ 271 272#define RPCB_REQMIN 40 273#define RPCB_REQMAX 888 274#define RPCB_REPMIN 20 275#define RPCB_REPMAX 604 /* XXX double check this! */ 276 277/* 278 * These macros determine the number of bytes between p and the end of 279 * r->rs_buf relative to l. 280 */ 281#define RPCB_BUF_END(r) (char *)((r)->rm_msgbuf + (r)->rm_buflen) 282#define RPCB_BUF_GEQ(r, p, l) \ 283 ((RPCB_BUF_END((r)) > (char *)(p)) && \ 284 ((RPCB_BUF_END((r)) - (char *)(p)) >= (l))) 285#define RPCB_BUF_EQ(r, p, l) \ 286 (RPCB_BUF_END((r)) == ((char *)(p) + (l))) 287 288/* 289 * The following correspond to RPC(B) detailed in RFC183[13]. 290 */ 291#define RPCB_CALL 0 292#define RPCB_REPLY 1 293#define RPCB_MSG_VERSION 2 294#define RPCB_PROG 100000 295#define RPCB_GETPORT 3 296#define RPCB_GETADDR 3 297#define RPCB_GETADDRLIST 11 298#define RPCB_MSG_ACCEPTED 0 299#define RPCB_MSG_DENIED 1 300 301/* BEGIN (Generic XDR structures) */ 302typedef struct xdr_string { 303 u_32_t *xs_len; 304 char *xs_str; 305} xdr_string_t; 306 307typedef struct xdr_auth { 308 /* u_32_t xa_flavor; */ 309 xdr_string_t xa_string; 310} xdr_auth_t; 311 312typedef struct xdr_uaddr { 313 u_32_t xu_ip; 314 u_short xu_port; 315 xdr_string_t xu_str; 316} xdr_uaddr_t; 317 318typedef struct xdr_proto { 319 u_int xp_proto; 320 xdr_string_t xp_str; 321} xdr_proto_t; 322 323#define xu_xslen xu_str.xs_len 324#define xu_xsstr xu_str.xs_str 325#define xp_xslen xp_str.xs_len 326#define xp_xsstr xp_str.xs_str 327/* END (Generic XDR structures) */ 328 329/* BEGIN (RPC call structures) */ 330typedef struct pmap_args { 331 /* u_32_t pa_prog; */ 332 /* u_32_t pa_vers; */ 333 u_32_t *pa_prot; 334 /* u_32_t pa_port; */ 335} pmap_args_t; 336 337typedef struct rpcb_args { 338 /* u_32_t *ra_prog; */ 339 /* u_32_t *ra_vers; */ 340 xdr_proto_t ra_netid; 341 xdr_uaddr_t ra_maddr; 342 /* xdr_string_t ra_owner; */ 343} rpcb_args_t; 344 345typedef struct rpc_call { 346 /* u_32_t rc_rpcvers; */ 347 /* u_32_t rc_prog; */ 348 u_32_t *rc_vers; 349 u_32_t *rc_proc; 350 xdr_auth_t rc_authcred; 351 xdr_auth_t rc_authverf; 352 union { 353 pmap_args_t ra_pmapargs; 354 rpcb_args_t ra_rpcbargs; 355 } rpcb_args; 356} rpc_call_t; 357 358#define rc_pmapargs rpcb_args.ra_pmapargs 359#define rc_rpcbargs rpcb_args.ra_rpcbargs 360/* END (RPC call structures) */ 361 362/* BEGIN (RPC reply structures) */ 363typedef struct rpcb_entry { 364 xdr_uaddr_t re_maddr; 365 xdr_proto_t re_netid; 366 /* u_32_t re_semantics; */ 367 xdr_string_t re_family; 368 xdr_proto_t re_proto; 369 u_32_t *re_more; /* 1 == another entry follows */ 370} rpcb_entry_t; 371 372typedef struct rpcb_listp { 373 u_32_t *rl_list; /* 1 == list follows */ 374 int rl_cnt; 375 rpcb_entry_t rl_entries[2]; /* TCP / UDP only */ 376} rpcb_listp_t; 377 378typedef struct rpc_resp { 379 /* u_32_t rr_acceptdeny; */ 380 /* Omitted 'message denied' fork; we don't care about rejects. */ 381 xdr_auth_t rr_authverf; 382 /* u_32_t *rr_astat; */ 383 union { 384 u_32_t *resp_pmap; 385 xdr_uaddr_t resp_getaddr; 386 rpcb_listp_t resp_getaddrlist; 387 } rpcb_reply; 388} rpc_resp_t; 389 390#define rr_v2 rpcb_reply.resp_pmap 391#define rr_v3 rpcb_reply.resp_getaddr 392#define rr_v4 rpcb_reply.resp_getaddrlist 393/* END (RPC reply structures) */ 394 395/* BEGIN (RPC message structure & macros) */ 396typedef struct rpc_msg { 397 char rm_msgbuf[RPCB_MAXMSG]; /* RPCB data buffer */ 398 u_int rm_buflen; 399 u_32_t *rm_xid; 400 /* u_32_t Call vs Reply */ 401 union { 402 rpc_call_t rb_call; 403 rpc_resp_t rb_resp; 404 } rm_body; 405} rpc_msg_t; 406 407#define rm_call rm_body.rb_call 408#define rm_resp rm_body.rb_resp 409/* END (RPC message structure & macros) */ 410 411/* 412 * These code paths aren't hot enough to warrant per transaction 413 * mutexes. 414 */ 415typedef struct rpcb_xact { 416 struct rpcb_xact *rx_next; 417 struct rpcb_xact **rx_pnext; 418 u_32_t rx_xid; /* RPC transmission ID */ 419 u_int rx_type; /* RPCB response type */ 420 u_int rx_ref; /* reference count */ 421 u_int rx_proto; /* transport protocol (v2 only) */ 422} rpcb_xact_t; 423 424typedef struct rpcb_session { 425 ipfmutex_t rs_rxlock; 426 rpcb_xact_t *rs_rxlist; 427} rpcb_session_t; 428 429/* 430 * For an explanation, please see the following: 431 * RFC1832 - Sections 3.11, 4.4, and 4.5. 432 */ 433#define XDRALIGN(x) ((((x) % 4) != 0) ? ((((x) + 3) / 4) * 4) : (x)) 434 |
|
158extern ap_session_t *ap_sess_tab[AP_SESS_SIZE]; 159extern ap_session_t *ap_sess_list; 160extern aproxy_t ap_proxies[]; 161extern int ippr_ftp_pasvonly; 162 163extern int appr_add __P((aproxy_t *)); | 435extern ap_session_t *ap_sess_tab[AP_SESS_SIZE]; 436extern ap_session_t *ap_sess_list; 437extern aproxy_t ap_proxies[]; 438extern int ippr_ftp_pasvonly; 439 440extern int appr_add __P((aproxy_t *)); |
441extern int appr_ctl __P((ap_ctl_t *)); |
|
164extern int appr_del __P((aproxy_t *)); 165extern int appr_init __P((void)); 166extern void appr_unload __P((void)); | 442extern int appr_del __P((aproxy_t *)); 443extern int appr_init __P((void)); 444extern void appr_unload __P((void)); |
167extern int appr_ok __P((ip_t *, tcphdr_t *, struct ipnat *)); | 445extern int appr_ok __P((fr_info_t *, tcphdr_t *, struct ipnat *)); |
168extern int appr_match __P((fr_info_t *, struct nat *)); 169extern void appr_free __P((aproxy_t *)); 170extern void aps_free __P((ap_session_t *)); | 446extern int appr_match __P((fr_info_t *, struct nat *)); 447extern void appr_free __P((aproxy_t *)); 448extern void aps_free __P((ap_session_t *)); |
171extern int appr_check __P((ip_t *, fr_info_t *, struct nat *)); | 449extern int appr_check __P((fr_info_t *, struct nat *)); |
172extern aproxy_t *appr_lookup __P((u_int, char *)); | 450extern aproxy_t *appr_lookup __P((u_int, char *)); |
173extern int appr_new __P((fr_info_t *, ip_t *, struct nat *)); | 451extern int appr_new __P((fr_info_t *, struct nat *)); 452extern int appr_ioctl __P((caddr_t, ioctlcmd_t, int)); |
174 175#endif /* __IP_PROXY_H__ */ | 453 454#endif /* __IP_PROXY_H__ */ |