1/*	$FreeBSD: stable/11/sys/contrib/ipfilter/netinet/ip_proxy.h 369245 2021-02-09 13:47:46Z git2svn $	*/
2
3/*
4 * Copyright (C) 2012 by Darren Reed.
5 *
6 * See the IPFILTER.LICENCE file for details on licencing.
7 *
8 * $FreeBSD: stable/11/sys/contrib/ipfilter/netinet/ip_proxy.h 369245 2021-02-09 13:47:46Z git2svn $
9 * Id: ip_proxy.h,v 2.31.2.2 2005/03/12 19:33:48 darrenr Exp
10 */
11
12#ifndef	__IP_PROXY_H__
13#define	__IP_PROXY_H__
14
15#ifndef	SOLARIS
16# if defined(sun) && defined(__SVR4)
17#  define	SOLARIS		1
18# else
19#  define	SOLARIS		0
20# endif
21#endif
22
23#define	SIOCPROXY	_IOWR('r', 64, struct ap_control)
24
25#ifndef	APR_LABELLEN
26#define	APR_LABELLEN	16
27#endif
28#define	AP_SESS_SIZE	53
29
30struct	nat;
31struct	ipnat;
32struct	ipstate;
33
34typedef	struct	ap_tcp {
35	u_short	apt_sport;	/* source port */
36	u_short	apt_dport;	/* destination port */
37	short	apt_sel[2];	/* {seq,ack}{off,min} set selector */
38	short	apt_seqoff[2];	/* sequence # difference */
39	u_32_t	apt_seqmin[2];	/* don't change seq-off until after this */
40	short	apt_ackoff[2];	/* sequence # difference */
41	u_32_t	apt_ackmin[2];	/* don't change seq-off until after this */
42	u_char	apt_state[2];	/* connection state */
43} ap_tcp_t;
44
45typedef	struct	ap_udp {
46	u_short	apu_sport;	/* source port */
47	u_short	apu_dport;	/* destination port */
48} ap_udp_t;
49
50typedef	struct ap_session {
51	struct	aproxy	*aps_apr;
52	union {
53		struct	ap_tcp	apu_tcp;
54		struct	ap_udp	apu_udp;
55	} aps_un;
56	U_QUAD_T aps_bytes;	/* bytes sent */
57	U_QUAD_T aps_pkts;	/* packets sent */
58	void	*aps_nat;	/* pointer back to nat struct */
59	void	*aps_data;	/* private data */
60	int	aps_psiz;	/* size of private data */
61	struct	ap_session	*aps_next;
62} ap_session_t;
63
64#define	aps_sport	aps_un.apu_tcp.apt_sport
65#define	aps_dport	aps_un.apu_tcp.apt_dport
66#define	aps_sel		aps_un.apu_tcp.apt_sel
67#define	aps_seqoff	aps_un.apu_tcp.apt_seqoff
68#define	aps_seqmin	aps_un.apu_tcp.apt_seqmin
69#define	aps_state	aps_un.apu_tcp.apt_state
70#define	aps_ackoff	aps_un.apu_tcp.apt_ackoff
71#define	aps_ackmin	aps_un.apu_tcp.apt_ackmin
72
73
74typedef	struct	ap_control {
75	char	apc_label[APR_LABELLEN];
76	char	apc_config[APR_LABELLEN];
77	u_char	apc_p;
78	/*
79	 * The following fields are upto the proxy's apr_ctl routine to deal
80	 * with.  When the proxy gets this in kernel space, apc_data will
81	 * point to a malloc'd region of memory of apc_dsize bytes.  If the
82	 * proxy wants to keep that memory, it must set apc_data to NULL
83	 * before it returns.  It is expected if this happens that it will
84	 * take care to free it in apr_fini or otherwise as appropriate.
85	 * apc_cmd is provided as a standard place to put simple commands,
86	 * with apc_arg being available to put a simple arg.
87	 */
88	u_long	apc_cmd;
89	u_long	apc_arg;
90	void	*apc_data;
91	size_t	apc_dsize;
92} ap_ctl_t;
93
94#define	APC_CMD_ADD	0
95#define	APC_CMD_DEL	1
96
97
98typedef	struct	aproxy	{
99	struct	aproxy	*apr_next;
100	struct	aproxy	*apr_parent;
101	char	apr_label[APR_LABELLEN];	/* Proxy label # */
102	u_char	apr_p;				/* protocol */
103	int	apr_flags;
104	int	apr_ref;
105	int	apr_clones;
106	void	(* apr_load)(void);
107	void	(* apr_unload)(void);
108	void	*(* apr_create)(ipf_main_softc_t *);
109	void	(* apr_destroy)(ipf_main_softc_t *, void *);
110	int	(* apr_init)(ipf_main_softc_t *, void *);
111	void	(* apr_fini)(ipf_main_softc_t *, void *);
112	int	(* apr_new)(void *, fr_info_t *, ap_session_t *,
113				 struct nat *);
114	void	(* apr_del)(ipf_main_softc_t *, ap_session_t *);
115	int	(* apr_inpkt)(void *, fr_info_t *, ap_session_t *,
116				   struct nat *);
117	int	(* apr_outpkt)(void *, fr_info_t *, ap_session_t *,
118				    struct nat *);
119	int	(* apr_match)(fr_info_t *, ap_session_t *, struct nat *);
120	int	(* apr_ctl)(ipf_main_softc_t *, void *, ap_ctl_t *);
121	int	(* apr_clear)(struct aproxy *);
122	int	(* apr_flush)(struct aproxy *, int);
123	void	*apr_soft;
124} aproxy_t;
125
126#define	APR_DELETE	1
127
128#define	APR_ERR(x)	((x) << 16)
129#define	APR_EXIT(x)	(((x) >> 16) & 0xffff)
130#define	APR_INC(x)	((x) & 0xffff)
131
132
133#ifdef _KERNEL
134/*
135 * Generic #define's to cover missing things in the kernel
136 */
137# ifndef isdigit
138#  define isdigit(x)	((x) >= '0' && (x) <= '9')
139# endif
140# ifndef isupper
141#  define isupper(x)	(((unsigned)(x) >= 'A') && ((unsigned)(x) <= 'Z'))
142# endif
143# ifndef islower
144#  define islower(x)	(((unsigned)(x) >= 'a') && ((unsigned)(x) <= 'z'))
145# endif
146# ifndef isalpha
147#  define isalpha(x)	(isupper(x) || islower(x))
148# endif
149# ifndef toupper
150#  define toupper(x)	(isupper(x) ? (x) : (x) - 'a' + 'A')
151# endif
152# ifndef isspace
153#  define isspace(x)	(((x) == ' ') || ((x) == '\r') || ((x) == '\n') || \
154			 ((x) == '\t') || ((x) == '\b'))
155# endif
156#endif /* _KERNEL */
157
158/*
159 * For the ftp proxy.
160 */
161#define	FTP_BUFSZ	160
162#define	IPF_FTPBUFSZ	160
163
164typedef struct  ftpside {
165	char	*ftps_rptr;
166	char	*ftps_wptr;
167	void	*ftps_ifp;
168	u_32_t	ftps_seq[2];
169	u_32_t	ftps_len;
170	int	ftps_junk;
171	int	ftps_cmds;
172	int	ftps_cmd;
173	char	ftps_buf[FTP_BUFSZ];
174} ftpside_t;
175
176typedef struct  ftpinfo {
177	int 	  	ftp_passok;
178	int		ftp_incok;
179	void		*ftp_pendstate;
180	nat_t		*ftp_pendnat;
181	ftpside_t	ftp_side[2];
182} ftpinfo_t;
183
184
185/*
186 * IPsec proxy
187 */
188typedef u_32_t		ipsec_cookie_t[2];
189
190typedef struct ipsec_pxy {
191	ipsec_cookie_t	ipsc_icookie;
192	ipsec_cookie_t	ipsc_rcookie;
193	int		ipsc_rckset;
194	nat_t		*ipsc_nat;
195	struct ipstate	*ipsc_state;
196	ipnat_t		*ipsc_rule;
197} ipsec_pxy_t;
198
199
200/*
201 * For the irc proxy.
202 */
203typedef	struct	ircinfo {
204	size_t	irc_len;
205	char	*irc_snick;
206	char	*irc_dnick;
207	char	*irc_type;
208	char	*irc_arg;
209	char	*irc_addr;
210	u_32_t	irc_ipnum;
211	u_short	irc_port;
212} ircinfo_t;
213
214
215/*
216 * For the DNS "proxy"
217 */
218typedef struct dnsinfo {
219        ipfmutex_t	dnsi_lock;
220	u_short		dnsi_id;
221	char		dnsi_buffer[512];
222} dnsinfo_t;
223
224
225/*
226 * Real audio proxy structure and #defines
227 */
228typedef	struct	raudio_s {
229	int	rap_seenpna;
230	int	rap_seenver;
231	int	rap_version;
232	int	rap_eos;	/* End Of Startup */
233	int	rap_gotid;
234	int	rap_gotlen;
235	int	rap_mode;
236	int	rap_sdone;
237	u_short	rap_plport;
238	u_short	rap_prport;
239	u_short	rap_srport;
240	char	rap_svr[19];
241	u_32_t	rap_sbf;	/* flag to indicate which of the 19 bytes have
242				 * been filled
243				 */
244	u_32_t	rap_sseq;
245} raudio_t;
246
247#define	RA_ID_END	0
248#define	RA_ID_UDP	1
249#define	RA_ID_ROBUST	7
250
251#define	RAP_M_UDP	1
252#define	RAP_M_ROBUST	2
253#define	RAP_M_TCP	4
254#define	RAP_M_UDP_ROBUST	(RAP_M_UDP|RAP_M_ROBUST)
255
256
257/*
258 * MSN RPC proxy
259 */
260typedef	struct	msnrpcinfo	{
261	u_int		mri_flags;
262	int		mri_cmd[2];
263	u_int		mri_valid;
264	struct	in_addr	mri_raddr;
265	u_short		mri_rport;
266} msnrpcinfo_t;
267
268
269/*
270 * Sun RPCBIND proxy
271 */
272#define RPCB_MAXMSG	888
273#define RPCB_RES_PMAP	0	/* Response contains a v2 port. */
274#define RPCB_RES_STRING	1	/* " " " v3 (GETADDR) string. */
275#define RPCB_RES_LIST	2	/* " " " v4 (GETADDRLIST) list. */
276#define RPCB_MAXREQS	32	/* Arbitrary limit on tracked transactions */
277
278#define RPCB_REQMIN	40
279#define RPCB_REQMAX	888
280#define RPCB_REPMIN	20
281#define	RPCB_REPMAX	604	/* XXX double check this! */
282
283/*
284 * These macros determine the number of bytes between p and the end of
285 * r->rs_buf relative to l.
286 */
287#define RPCB_BUF_END(r) (char *)((r)->rm_msgbuf + (r)->rm_buflen)
288#define RPCB_BUF_GEQ(r, p, l)   \
289        ((RPCB_BUF_END((r)) > (char *)(p)) &&           \
290         ((RPCB_BUF_END((r)) - (char *)(p)) >= (l)))
291#define	RPCB_BUF_EQ(r, p, l)                            \
292        (RPCB_BUF_END((r)) == ((char *)(p) + (l)))
293
294/*
295 * The following correspond to RPC(B) detailed in RFC183[13].
296 */
297#define RPCB_CALL		0
298#define RPCB_REPLY		1
299#define RPCB_MSG_VERSION	2
300#define RPCB_PROG		100000
301#define RPCB_GETPORT		3
302#define RPCB_GETADDR		3
303#define RPCB_GETADDRLIST	11
304#define RPCB_MSG_ACCEPTED	0
305#define RPCB_MSG_DENIED		1
306
307/* BEGIN (Generic XDR structures) */
308typedef struct xdr_string {
309	u_32_t	*xs_len;
310	char	*xs_str;
311} xdr_string_t;
312
313typedef struct xdr_auth {
314	/* u_32_t	xa_flavor; */
315	xdr_string_t	xa_string;
316} xdr_auth_t;
317
318typedef struct xdr_uaddr {
319	u_32_t		xu_ip;
320	u_short         xu_port;
321	xdr_string_t	xu_str;
322} xdr_uaddr_t;
323
324typedef	struct xdr_proto {
325	u_int		xp_proto;
326	xdr_string_t	xp_str;
327} xdr_proto_t;
328
329#define xu_xslen	xu_str.xs_len
330#define xu_xsstr	xu_str.xs_str
331#define	xp_xslen	xp_str.xs_len
332#define xp_xsstr	xp_str.xs_str
333/* END (Generic XDR structures) */
334
335/* BEGIN (RPC call structures) */
336typedef struct pmap_args {
337	/* u_32_t	pa_prog; */
338	/* u_32_t	pa_vers; */
339	u_32_t		*pa_prot;
340	/* u_32_t	pa_port; */
341} pmap_args_t;
342
343typedef struct rpcb_args {
344	/* u_32_t	*ra_prog; */
345	/* u_32_t	*ra_vers; */
346	xdr_proto_t	ra_netid;
347	xdr_uaddr_t	ra_maddr;
348	/* xdr_string_t	ra_owner; */
349} rpcb_args_t;
350
351typedef struct rpc_call {
352	/* u_32_t	rc_rpcvers; */
353	/* u_32_t	rc_prog; */
354	u_32_t	*rc_vers;
355	u_32_t	*rc_proc;
356	xdr_auth_t	rc_authcred;
357	xdr_auth_t	rc_authverf;
358	union {
359		pmap_args_t	ra_pmapargs;
360		rpcb_args_t	ra_rpcbargs;
361	} rpcb_args;
362} rpc_call_t;
363
364#define	rc_pmapargs	rpcb_args.ra_pmapargs
365#define rc_rpcbargs	rpcb_args.ra_rpcbargs
366/* END (RPC call structures) */
367
368/* BEGIN (RPC reply structures) */
369typedef struct rpcb_entry {
370	xdr_uaddr_t	re_maddr;
371	xdr_proto_t	re_netid;
372	/* u_32_t	re_semantics; */
373	xdr_string_t	re_family;
374	xdr_proto_t	re_proto;
375	u_32_t		*re_more; /* 1 == another entry follows */
376} rpcb_entry_t;
377
378typedef struct rpcb_listp {
379	u_32_t		*rl_list; /* 1 == list follows */
380	int		rl_cnt;
381	rpcb_entry_t	rl_entries[2]; /* TCP / UDP only */
382} rpcb_listp_t;
383
384typedef struct rpc_resp {
385	/* u_32_t	rr_acceptdeny; */
386	/* Omitted 'message denied' fork; we don't care about rejects. */
387	xdr_auth_t	rr_authverf;
388	/* u_32_t		*rr_astat;	*/
389	union {
390		u_32_t		*resp_pmap;
391		xdr_uaddr_t	resp_getaddr;
392		rpcb_listp_t	resp_getaddrlist;
393	} rpcb_reply;
394} rpc_resp_t;
395
396#define	rr_v2	rpcb_reply.resp_pmap
397#define rr_v3	rpcb_reply.resp_getaddr
398#define	rr_v4	rpcb_reply.resp_getaddrlist
399/* END (RPC reply structures) */
400
401/* BEGIN (RPC message structure & macros) */
402typedef struct rpc_msg {
403	char	rm_msgbuf[RPCB_MAXMSG];	/* RPCB data buffer */
404	u_int	rm_buflen;
405	u_32_t	*rm_xid;
406	/* u_32_t Call vs Reply */
407	union {
408		rpc_call_t	rb_call;
409		rpc_resp_t	rb_resp;
410	} rm_body;
411} rpc_msg_t;
412
413#define rm_call		rm_body.rb_call
414#define rm_resp		rm_body.rb_resp
415/* END (RPC message structure & macros) */
416
417/*
418 * These code paths aren't hot enough to warrant per transaction
419 * mutexes.
420 */
421typedef struct rpcb_xact {
422	struct	rpcb_xact	*rx_next;
423	struct	rpcb_xact	**rx_pnext;
424	u_32_t	rx_xid;		/* RPC transmission ID */
425	u_int	rx_type;	/* RPCB response type */
426	u_int	rx_ref;         /* reference count */
427	u_int	rx_proto;	/* transport protocol (v2 only) */
428} rpcb_xact_t;
429
430typedef struct rpcb_session {
431        ipfmutex_t	rs_rxlock;
432	rpcb_xact_t	*rs_rxlist;
433} rpcb_session_t;
434
435/*
436 * For an explanation, please see the following:
437 *   RFC1832 - Sections 3.11, 4.4, and 4.5.
438 */
439#define XDRALIGN(x)	((((x) % 4) != 0) ? ((((x) + 3) / 4) * 4) : (x))
440
441extern	int	ipf_proxy_add(void *, aproxy_t *);
442extern	int	ipf_proxy_check(fr_info_t *, struct nat *);
443extern	int	ipf_proxy_ctl(ipf_main_softc_t *, void *, ap_ctl_t *);
444extern	int	ipf_proxy_del(aproxy_t *);
445extern	void	ipf_proxy_deref(aproxy_t *);
446extern	void	ipf_proxy_flush(void *, int);
447extern	int	ipf_proxy_init(void);
448extern	int	ipf_proxy_ioctl(ipf_main_softc_t *, caddr_t, ioctlcmd_t, int, void *);
449extern	aproxy_t	*ipf_proxy_lookup(void *, u_int, char *);
450extern	int	ipf_proxy_match(fr_info_t *, struct nat *);
451extern	int	ipf_proxy_new(fr_info_t *, struct nat *);
452extern	int	ipf_proxy_ok(fr_info_t *, tcphdr_t *, struct ipnat *);
453extern	void	ipf_proxy_free(ipf_main_softc_t *, ap_session_t *);
454extern	int	ipf_proxy_main_load(void);
455extern	int	ipf_proxy_main_unload(void);
456extern	ipnat_t	*ipf_proxy_rule_fwd(nat_t *);
457extern	ipnat_t	*ipf_proxy_rule_rev(nat_t *);
458extern	void	*ipf_proxy_soft_create(ipf_main_softc_t *);
459extern	void	ipf_proxy_soft_destroy(ipf_main_softc_t *, void *);
460extern	int	ipf_proxy_soft_init(ipf_main_softc_t *, void *);
461extern	int	ipf_proxy_soft_fini(ipf_main_softc_t *, void *);
462
463#endif /* __IP_PROXY_H__ */
464