ip_proxy.h revision 145522
1145522Sdarrenr/* $FreeBSD: head/sys/contrib/ipfilter/netinet/ip_proxy.h 145522 2005-04-25 18:43:14Z darrenr $ */ 2145522Sdarrenr 353642Sguido/* 480482Sdarrenr * Copyright (C) 1997-2001 by Darren Reed. 553642Sguido * 680482Sdarrenr * See the IPFILTER.LICENCE file for details on licencing. 753642Sguido * 857126Sguido * $FreeBSD: head/sys/contrib/ipfilter/netinet/ip_proxy.h 145522 2005-04-25 18:43:14Z darrenr $ 9145522Sdarrenr * Id: ip_proxy.h,v 2.31.2.2 2005/03/12 19:33:48 darrenr Exp 1053642Sguido */ 1153642Sguido 1253642Sguido#ifndef __IP_PROXY_H__ 1353642Sguido#define __IP_PROXY_H__ 1453642Sguido 1553642Sguido#ifndef SOLARIS 1653642Sguido#define SOLARIS (defined(sun) && (defined(__svr4__) || defined(__SVR4))) 1753642Sguido#endif 1853642Sguido 1953642Sguido#ifndef APR_LABELLEN 2053642Sguido#define APR_LABELLEN 16 2153642Sguido#endif 2253642Sguido#define AP_SESS_SIZE 53 2353642Sguido 2453642Sguidostruct nat; 2553642Sguidostruct ipnat; 2653642Sguido 2753642Sguidotypedef struct ap_tcp { 2853642Sguido u_short apt_sport; /* source port */ 2953642Sguido u_short apt_dport; /* destination port */ 3053642Sguido short apt_sel[2]; /* {seq,ack}{off,min} set selector */ 3153642Sguido short apt_seqoff[2]; /* sequence # difference */ 3253642Sguido tcp_seq apt_seqmin[2]; /* don't change seq-off until after this */ 3353642Sguido short apt_ackoff[2]; /* sequence # difference */ 3453642Sguido tcp_seq apt_ackmin[2]; /* don't change seq-off until after this */ 3553642Sguido u_char apt_state[2]; /* connection state */ 3653642Sguido} ap_tcp_t; 3753642Sguido 3853642Sguidotypedef struct ap_udp { 3953642Sguido u_short apu_sport; /* source port */ 4053642Sguido u_short apu_dport; /* destination port */ 4153642Sguido} ap_udp_t; 4253642Sguido 4353642Sguidotypedef struct ap_session { 4453642Sguido struct aproxy *aps_apr; 4553642Sguido union { 4653642Sguido struct ap_tcp apu_tcp; 4753642Sguido struct ap_udp apu_udp; 4853642Sguido } aps_un; 4953642Sguido u_int aps_flags; 5053642Sguido U_QUAD_T aps_bytes; /* bytes sent */ 5153642Sguido U_QUAD_T aps_pkts; /* packets sent */ 5253642Sguido void *aps_nat; /* pointer back to nat struct */ 5353642Sguido void *aps_data; /* private data */ 5453642Sguido int aps_p; /* protocol */ 5553642Sguido int aps_psiz; /* size of private data */ 5653642Sguido struct ap_session *aps_hnext; 5753642Sguido struct ap_session *aps_next; 5860855Sdarrenr} ap_session_t; 5953642Sguido 6053642Sguido#define aps_sport aps_un.apu_tcp.apt_sport 6153642Sguido#define aps_dport aps_un.apu_tcp.apt_dport 6253642Sguido#define aps_sel aps_un.apu_tcp.apt_sel 6353642Sguido#define aps_seqoff aps_un.apu_tcp.apt_seqoff 6453642Sguido#define aps_seqmin aps_un.apu_tcp.apt_seqmin 6553642Sguido#define aps_state aps_un.apu_tcp.apt_state 6653642Sguido#define aps_ackoff aps_un.apu_tcp.apt_ackoff 6753642Sguido#define aps_ackmin aps_un.apu_tcp.apt_ackmin 6853642Sguido 6953642Sguido 70145522Sdarrenrtypedef struct ap_control { 71145522Sdarrenr char apc_label[APR_LABELLEN]; 72145522Sdarrenr u_char apc_p; 73145522Sdarrenr /* 74145522Sdarrenr * The following fields are upto the proxy's apr_ctl routine to deal 75145522Sdarrenr * with. When the proxy gets this in kernel space, apc_data will 76145522Sdarrenr * point to a malloc'd region of memory of apc_dsize bytes. If the 77145522Sdarrenr * proxy wants to keep that memory, it must set apc_data to NULL 78145522Sdarrenr * before it returns. It is expected if this happens that it will 79145522Sdarrenr * take care to free it in apr_fini or otherwise as appropriate. 80145522Sdarrenr * apc_cmd is provided as a standard place to put simple commands, 81145522Sdarrenr * with apc_arg being available to put a simple arg. 82145522Sdarrenr */ 83145522Sdarrenr u_long apc_cmd; 84145522Sdarrenr u_long apc_arg; 85145522Sdarrenr void *apc_data; 86145522Sdarrenr size_t apc_dsize; 87145522Sdarrenr} ap_ctl_t; 88145522Sdarrenr 89145522Sdarrenr 9053642Sguidotypedef struct aproxy { 9160855Sdarrenr struct aproxy *apr_next; 9253642Sguido char apr_label[APR_LABELLEN]; /* Proxy label # */ 9353642Sguido u_char apr_p; /* protocol */ 9453642Sguido int apr_ref; /* +1 per rule referencing it */ 9553642Sguido int apr_flags; 9653642Sguido int (* apr_init) __P((void)); 9760855Sdarrenr void (* apr_fini) __P((void)); 98145522Sdarrenr int (* apr_new) __P((fr_info_t *, ap_session_t *, struct nat *)); 9992685Sdarrenr void (* apr_del) __P((ap_session_t *)); 100145522Sdarrenr int (* apr_inpkt) __P((fr_info_t *, ap_session_t *, struct nat *)); 101145522Sdarrenr int (* apr_outpkt) __P((fr_info_t *, ap_session_t *, struct nat *)); 10292685Sdarrenr int (* apr_match) __P((fr_info_t *, ap_session_t *, struct nat *)); 103145522Sdarrenr int (* apr_ctl) __P((struct aproxy *, struct ap_control *)); 10453642Sguido} aproxy_t; 10553642Sguido 10653642Sguido#define APR_DELETE 1 10753642Sguido 108145522Sdarrenr#define APR_ERR(x) ((x) << 16) 10960855Sdarrenr#define APR_EXIT(x) (((x) >> 16) & 0xffff) 11060855Sdarrenr#define APR_INC(x) ((x) & 0xffff) 11153642Sguido 11253642Sguido/* 113145522Sdarrenr * Generic #define's to cover missing things in the kernel 11460855Sdarrenr */ 115145522Sdarrenr#ifndef isdigit 116145522Sdarrenr#define isdigit(x) ((x) >= '0' && (x) <= '9') 117145522Sdarrenr#endif 118145522Sdarrenr#ifndef isupper 119145522Sdarrenr#define isupper(x) (((unsigned)(x) >= 'A') && ((unsigned)(x) <= 'Z')) 120145522Sdarrenr#endif 121145522Sdarrenr#ifndef islower 122145522Sdarrenr#define islower(x) (((unsigned)(x) >= 'a') && ((unsigned)(x) <= 'z')) 123145522Sdarrenr#endif 124145522Sdarrenr#ifndef isalpha 125145522Sdarrenr#define isalpha(x) (isupper(x) || islower(x)) 126145522Sdarrenr#endif 127145522Sdarrenr#ifndef toupper 128145522Sdarrenr#define toupper(x) (isupper(x) ? (x) : (x) - 'a' + 'A') 129145522Sdarrenr#endif 130145522Sdarrenr#ifndef isspace 131145522Sdarrenr#define isspace(x) (((x) == ' ') || ((x) == '\r') || ((x) == '\n') || \ 132145522Sdarrenr ((x) == '\t') || ((x) == '\b')) 133145522Sdarrenr#endif 134145522Sdarrenr 135145522Sdarrenr/* 136145522Sdarrenr * This is the scratch buffer size used to hold strings from the TCP stream 137145522Sdarrenr * that we may want to parse. It's an arbitrary size, really, but it must 138145522Sdarrenr * be at least as large as IPF_FTPBUFSZ. 139145522Sdarrenr */ 140145522Sdarrenr#define FTP_BUFSZ 120 141145522Sdarrenr 142145522Sdarrenr/* 143145522Sdarrenr * This buffer, however, doesn't need to be nearly so big. It just needs to 144145522Sdarrenr * be able to squeeze in the largest command it needs to rewrite, Which ones 145145522Sdarrenr * does it rewrite? EPRT, PORT, 227 replies. 146145522Sdarrenr */ 147145522Sdarrenr#define IPF_FTPBUFSZ 80 /* This *MUST* be >= 53! */ 148145522Sdarrenr 14960855Sdarrenrtypedef struct ftpside { 15060855Sdarrenr char *ftps_rptr; 15160855Sdarrenr char *ftps_wptr; 152145522Sdarrenr void *ftps_ifp; 153102520Sdarrenr u_32_t ftps_seq[2]; 15472006Sdarrenr u_32_t ftps_len; 155145522Sdarrenr int ftps_junk; /* 2 = no cr/lf yet, 1 = cannot parse */ 15692685Sdarrenr int ftps_cmds; 15760855Sdarrenr char ftps_buf[FTP_BUFSZ]; 15860855Sdarrenr} ftpside_t; 15960855Sdarrenr 16060855Sdarrenrtypedef struct ftpinfo { 16180482Sdarrenr int ftp_passok; 16280482Sdarrenr int ftp_incok; 16360855Sdarrenr ftpside_t ftp_side[2]; 16460855Sdarrenr} ftpinfo_t; 16560855Sdarrenr 166145522Sdarrenr 16760855Sdarrenr/* 168145522Sdarrenr * For the irc proxy. 169145522Sdarrenr */ 170145522Sdarrenrtypedef struct ircinfo { 171145522Sdarrenr size_t irc_len; 172145522Sdarrenr char *irc_snick; 173145522Sdarrenr char *irc_dnick; 174145522Sdarrenr char *irc_type; 175145522Sdarrenr char *irc_arg; 176145522Sdarrenr char *irc_addr; 177145522Sdarrenr u_32_t irc_ipnum; 178145522Sdarrenr u_short irc_port; 179145522Sdarrenr} ircinfo_t; 180145522Sdarrenr 181145522Sdarrenr 182145522Sdarrenr/* 18353642Sguido * Real audio proxy structure and #defines 18453642Sguido */ 18592685Sdarrenrtypedef struct raudio_s { 18653642Sguido int rap_seenpna; 18753642Sguido int rap_seenver; 18853642Sguido int rap_version; 18953642Sguido int rap_eos; /* End Of Startup */ 19053642Sguido int rap_gotid; 19153642Sguido int rap_gotlen; 19253642Sguido int rap_mode; 19353642Sguido int rap_sdone; 19453642Sguido u_short rap_plport; 19553642Sguido u_short rap_prport; 19653642Sguido u_short rap_srport; 19753642Sguido char rap_svr[19]; 19853642Sguido u_32_t rap_sbf; /* flag to indicate which of the 19 bytes have 19953642Sguido * been filled 20053642Sguido */ 20153642Sguido tcp_seq rap_sseq; 20253642Sguido} raudio_t; 20353642Sguido 20453642Sguido#define RA_ID_END 0 20553642Sguido#define RA_ID_UDP 1 20653642Sguido#define RA_ID_ROBUST 7 20753642Sguido 20853642Sguido#define RAP_M_UDP 1 20953642Sguido#define RAP_M_ROBUST 2 21053642Sguido#define RAP_M_TCP 4 21153642Sguido#define RAP_M_UDP_ROBUST (RAP_M_UDP|RAP_M_ROBUST) 21253642Sguido 213145522Sdarrenr 21492685Sdarrenr/* 215145522Sdarrenr * MSN RPC proxy 216145522Sdarrenr */ 217145522Sdarrenrtypedef struct msnrpcinfo { 218145522Sdarrenr u_int mri_flags; 219145522Sdarrenr int mri_cmd[2]; 220145522Sdarrenr u_int mri_valid; 221145522Sdarrenr struct in_addr mri_raddr; 222145522Sdarrenr u_short mri_rport; 223145522Sdarrenr} msnrpcinfo_t; 224145522Sdarrenr 225145522Sdarrenr 226145522Sdarrenr/* 22792685Sdarrenr * IPSec proxy 22892685Sdarrenr */ 22992685Sdarrenrtypedef u_32_t ipsec_cookie_t[2]; 23053642Sguido 23192685Sdarrenrtypedef struct ipsec_pxy { 23292685Sdarrenr ipsec_cookie_t ipsc_icookie; 23392685Sdarrenr ipsec_cookie_t ipsc_rcookie; 23492685Sdarrenr int ipsc_rckset; 23592685Sdarrenr ipnat_t ipsc_rule; 23692685Sdarrenr nat_t *ipsc_nat; 23792685Sdarrenr ipstate_t *ipsc_state; 23892685Sdarrenr} ipsec_pxy_t; 23992685Sdarrenr 240145522Sdarrenr/* 241145522Sdarrenr * PPTP proxy 242145522Sdarrenr */ 243145522Sdarrenrtypedef struct pptp_side { 244145522Sdarrenr u_32_t pptps_nexthdr; 245145522Sdarrenr u_32_t pptps_next; 246145522Sdarrenr int pptps_state; 247145522Sdarrenr int pptps_gothdr; 248145522Sdarrenr int pptps_len; 249145522Sdarrenr int pptps_bytes; 250145522Sdarrenr char *pptps_wptr; 251145522Sdarrenr char pptps_buffer[512]; 252145522Sdarrenr} pptp_side_t; 253145522Sdarrenr 254145522Sdarrenrtypedef struct pptp_pxy { 255145522Sdarrenr ipnat_t pptp_rule; 256145522Sdarrenr nat_t *pptp_nat; 257145522Sdarrenr ipstate_t *pptp_state; 258145522Sdarrenr u_short pptp_call[2]; 259145522Sdarrenr pptp_side_t pptp_side[2]; 260145522Sdarrenr} pptp_pxy_t; 261145522Sdarrenr 262145522Sdarrenr 263145522Sdarrenr/* 264145522Sdarrenr * Sun RPCBIND proxy 265145522Sdarrenr */ 266145522Sdarrenr#define RPCB_MAXMSG 888 267145522Sdarrenr#define RPCB_RES_PMAP 0 /* Response contains a v2 port. */ 268145522Sdarrenr#define RPCB_RES_STRING 1 /* " " " v3 (GETADDR) string. */ 269145522Sdarrenr#define RPCB_RES_LIST 2 /* " " " v4 (GETADDRLIST) list. */ 270145522Sdarrenr#define RPCB_MAXREQS 32 /* Arbitrary limit on tracked transactions */ 271145522Sdarrenr 272145522Sdarrenr#define RPCB_REQMIN 40 273145522Sdarrenr#define RPCB_REQMAX 888 274145522Sdarrenr#define RPCB_REPMIN 20 275145522Sdarrenr#define RPCB_REPMAX 604 /* XXX double check this! */ 276145522Sdarrenr 277145522Sdarrenr/* 278145522Sdarrenr * These macros determine the number of bytes between p and the end of 279145522Sdarrenr * r->rs_buf relative to l. 280145522Sdarrenr */ 281145522Sdarrenr#define RPCB_BUF_END(r) (char *)((r)->rm_msgbuf + (r)->rm_buflen) 282145522Sdarrenr#define RPCB_BUF_GEQ(r, p, l) \ 283145522Sdarrenr ((RPCB_BUF_END((r)) > (char *)(p)) && \ 284145522Sdarrenr ((RPCB_BUF_END((r)) - (char *)(p)) >= (l))) 285145522Sdarrenr#define RPCB_BUF_EQ(r, p, l) \ 286145522Sdarrenr (RPCB_BUF_END((r)) == ((char *)(p) + (l))) 287145522Sdarrenr 288145522Sdarrenr/* 289145522Sdarrenr * The following correspond to RPC(B) detailed in RFC183[13]. 290145522Sdarrenr */ 291145522Sdarrenr#define RPCB_CALL 0 292145522Sdarrenr#define RPCB_REPLY 1 293145522Sdarrenr#define RPCB_MSG_VERSION 2 294145522Sdarrenr#define RPCB_PROG 100000 295145522Sdarrenr#define RPCB_GETPORT 3 296145522Sdarrenr#define RPCB_GETADDR 3 297145522Sdarrenr#define RPCB_GETADDRLIST 11 298145522Sdarrenr#define RPCB_MSG_ACCEPTED 0 299145522Sdarrenr#define RPCB_MSG_DENIED 1 300145522Sdarrenr 301145522Sdarrenr/* BEGIN (Generic XDR structures) */ 302145522Sdarrenrtypedef struct xdr_string { 303145522Sdarrenr u_32_t *xs_len; 304145522Sdarrenr char *xs_str; 305145522Sdarrenr} xdr_string_t; 306145522Sdarrenr 307145522Sdarrenrtypedef struct xdr_auth { 308145522Sdarrenr /* u_32_t xa_flavor; */ 309145522Sdarrenr xdr_string_t xa_string; 310145522Sdarrenr} xdr_auth_t; 311145522Sdarrenr 312145522Sdarrenrtypedef struct xdr_uaddr { 313145522Sdarrenr u_32_t xu_ip; 314145522Sdarrenr u_short xu_port; 315145522Sdarrenr xdr_string_t xu_str; 316145522Sdarrenr} xdr_uaddr_t; 317145522Sdarrenr 318145522Sdarrenrtypedef struct xdr_proto { 319145522Sdarrenr u_int xp_proto; 320145522Sdarrenr xdr_string_t xp_str; 321145522Sdarrenr} xdr_proto_t; 322145522Sdarrenr 323145522Sdarrenr#define xu_xslen xu_str.xs_len 324145522Sdarrenr#define xu_xsstr xu_str.xs_str 325145522Sdarrenr#define xp_xslen xp_str.xs_len 326145522Sdarrenr#define xp_xsstr xp_str.xs_str 327145522Sdarrenr/* END (Generic XDR structures) */ 328145522Sdarrenr 329145522Sdarrenr/* BEGIN (RPC call structures) */ 330145522Sdarrenrtypedef struct pmap_args { 331145522Sdarrenr /* u_32_t pa_prog; */ 332145522Sdarrenr /* u_32_t pa_vers; */ 333145522Sdarrenr u_32_t *pa_prot; 334145522Sdarrenr /* u_32_t pa_port; */ 335145522Sdarrenr} pmap_args_t; 336145522Sdarrenr 337145522Sdarrenrtypedef struct rpcb_args { 338145522Sdarrenr /* u_32_t *ra_prog; */ 339145522Sdarrenr /* u_32_t *ra_vers; */ 340145522Sdarrenr xdr_proto_t ra_netid; 341145522Sdarrenr xdr_uaddr_t ra_maddr; 342145522Sdarrenr /* xdr_string_t ra_owner; */ 343145522Sdarrenr} rpcb_args_t; 344145522Sdarrenr 345145522Sdarrenrtypedef struct rpc_call { 346145522Sdarrenr /* u_32_t rc_rpcvers; */ 347145522Sdarrenr /* u_32_t rc_prog; */ 348145522Sdarrenr u_32_t *rc_vers; 349145522Sdarrenr u_32_t *rc_proc; 350145522Sdarrenr xdr_auth_t rc_authcred; 351145522Sdarrenr xdr_auth_t rc_authverf; 352145522Sdarrenr union { 353145522Sdarrenr pmap_args_t ra_pmapargs; 354145522Sdarrenr rpcb_args_t ra_rpcbargs; 355145522Sdarrenr } rpcb_args; 356145522Sdarrenr} rpc_call_t; 357145522Sdarrenr 358145522Sdarrenr#define rc_pmapargs rpcb_args.ra_pmapargs 359145522Sdarrenr#define rc_rpcbargs rpcb_args.ra_rpcbargs 360145522Sdarrenr/* END (RPC call structures) */ 361145522Sdarrenr 362145522Sdarrenr/* BEGIN (RPC reply structures) */ 363145522Sdarrenrtypedef struct rpcb_entry { 364145522Sdarrenr xdr_uaddr_t re_maddr; 365145522Sdarrenr xdr_proto_t re_netid; 366145522Sdarrenr /* u_32_t re_semantics; */ 367145522Sdarrenr xdr_string_t re_family; 368145522Sdarrenr xdr_proto_t re_proto; 369145522Sdarrenr u_32_t *re_more; /* 1 == another entry follows */ 370145522Sdarrenr} rpcb_entry_t; 371145522Sdarrenr 372145522Sdarrenrtypedef struct rpcb_listp { 373145522Sdarrenr u_32_t *rl_list; /* 1 == list follows */ 374145522Sdarrenr int rl_cnt; 375145522Sdarrenr rpcb_entry_t rl_entries[2]; /* TCP / UDP only */ 376145522Sdarrenr} rpcb_listp_t; 377145522Sdarrenr 378145522Sdarrenrtypedef struct rpc_resp { 379145522Sdarrenr /* u_32_t rr_acceptdeny; */ 380145522Sdarrenr /* Omitted 'message denied' fork; we don't care about rejects. */ 381145522Sdarrenr xdr_auth_t rr_authverf; 382145522Sdarrenr /* u_32_t *rr_astat; */ 383145522Sdarrenr union { 384145522Sdarrenr u_32_t *resp_pmap; 385145522Sdarrenr xdr_uaddr_t resp_getaddr; 386145522Sdarrenr rpcb_listp_t resp_getaddrlist; 387145522Sdarrenr } rpcb_reply; 388145522Sdarrenr} rpc_resp_t; 389145522Sdarrenr 390145522Sdarrenr#define rr_v2 rpcb_reply.resp_pmap 391145522Sdarrenr#define rr_v3 rpcb_reply.resp_getaddr 392145522Sdarrenr#define rr_v4 rpcb_reply.resp_getaddrlist 393145522Sdarrenr/* END (RPC reply structures) */ 394145522Sdarrenr 395145522Sdarrenr/* BEGIN (RPC message structure & macros) */ 396145522Sdarrenrtypedef struct rpc_msg { 397145522Sdarrenr char rm_msgbuf[RPCB_MAXMSG]; /* RPCB data buffer */ 398145522Sdarrenr u_int rm_buflen; 399145522Sdarrenr u_32_t *rm_xid; 400145522Sdarrenr /* u_32_t Call vs Reply */ 401145522Sdarrenr union { 402145522Sdarrenr rpc_call_t rb_call; 403145522Sdarrenr rpc_resp_t rb_resp; 404145522Sdarrenr } rm_body; 405145522Sdarrenr} rpc_msg_t; 406145522Sdarrenr 407145522Sdarrenr#define rm_call rm_body.rb_call 408145522Sdarrenr#define rm_resp rm_body.rb_resp 409145522Sdarrenr/* END (RPC message structure & macros) */ 410145522Sdarrenr 411145522Sdarrenr/* 412145522Sdarrenr * These code paths aren't hot enough to warrant per transaction 413145522Sdarrenr * mutexes. 414145522Sdarrenr */ 415145522Sdarrenrtypedef struct rpcb_xact { 416145522Sdarrenr struct rpcb_xact *rx_next; 417145522Sdarrenr struct rpcb_xact **rx_pnext; 418145522Sdarrenr u_32_t rx_xid; /* RPC transmission ID */ 419145522Sdarrenr u_int rx_type; /* RPCB response type */ 420145522Sdarrenr u_int rx_ref; /* reference count */ 421145522Sdarrenr u_int rx_proto; /* transport protocol (v2 only) */ 422145522Sdarrenr} rpcb_xact_t; 423145522Sdarrenr 424145522Sdarrenrtypedef struct rpcb_session { 425145522Sdarrenr ipfmutex_t rs_rxlock; 426145522Sdarrenr rpcb_xact_t *rs_rxlist; 427145522Sdarrenr} rpcb_session_t; 428145522Sdarrenr 429145522Sdarrenr/* 430145522Sdarrenr * For an explanation, please see the following: 431145522Sdarrenr * RFC1832 - Sections 3.11, 4.4, and 4.5. 432145522Sdarrenr */ 433145522Sdarrenr#define XDRALIGN(x) ((((x) % 4) != 0) ? ((((x) + 3) / 4) * 4) : (x)) 434145522Sdarrenr 43553642Sguidoextern ap_session_t *ap_sess_tab[AP_SESS_SIZE]; 43653642Sguidoextern ap_session_t *ap_sess_list; 43753642Sguidoextern aproxy_t ap_proxies[]; 43860855Sdarrenrextern int ippr_ftp_pasvonly; 43953642Sguido 44060855Sdarrenrextern int appr_add __P((aproxy_t *)); 441145522Sdarrenrextern int appr_ctl __P((ap_ctl_t *)); 44260855Sdarrenrextern int appr_del __P((aproxy_t *)); 44353642Sguidoextern int appr_init __P((void)); 44460855Sdarrenrextern void appr_unload __P((void)); 445145522Sdarrenrextern int appr_ok __P((fr_info_t *, tcphdr_t *, struct ipnat *)); 44692685Sdarrenrextern int appr_match __P((fr_info_t *, struct nat *)); 44753642Sguidoextern void appr_free __P((aproxy_t *)); 44853642Sguidoextern void aps_free __P((ap_session_t *)); 449145522Sdarrenrextern int appr_check __P((fr_info_t *, struct nat *)); 45092685Sdarrenrextern aproxy_t *appr_lookup __P((u_int, char *)); 451145522Sdarrenrextern int appr_new __P((fr_info_t *, struct nat *)); 452145522Sdarrenrextern int appr_ioctl __P((caddr_t, ioctlcmd_t, int)); 45353642Sguido 45453642Sguido#endif /* __IP_PROXY_H__ */ 455