4 * Copyright (C) 2012 by Darren Reed.
6 * See the IPFILTER.LICENCE file for details on licencing.
9 * Id: ip_proxy.h,v 2.31.2.2 2005/03/12 19:33:48 darrenr Exp
12 #ifndef __IP_PROXY_H__
13 #define __IP_PROXY_H__
16 # if defined(sun) && (defined(__svr4__) || defined(__SVR4))
23 #if defined(__STDC__) || defined(__GNUC__) || defined(_AIX51)
24 #define SIOCPROXY _IOWR('r', 64, struct ap_control)
26 #define SIOCPROXY _IOWR(r, 64, struct ap_control)
30 #define APR_LABELLEN 16
32 #define AP_SESS_SIZE 53
38 typedef struct ap_tcp {
39 u_short apt_sport; /* source port */
40 u_short apt_dport; /* destination port */
41 short apt_sel[2]; /* {seq,ack}{off,min} set selector */
42 short apt_seqoff[2]; /* sequence # difference */
43 u_32_t apt_seqmin[2]; /* don't change seq-off until after this */
44 short apt_ackoff[2]; /* sequence # difference */
45 u_32_t apt_ackmin[2]; /* don't change seq-off until after this */
46 u_char apt_state[2]; /* connection state */
49 typedef struct ap_udp {
50 u_short apu_sport; /* source port */
51 u_short apu_dport; /* destination port */
54 typedef struct ap_session {
55 struct aproxy *aps_apr;
57 struct ap_tcp apu_tcp;
58 struct ap_udp apu_udp;
60 U_QUAD_T aps_bytes; /* bytes sent */
61 U_QUAD_T aps_pkts; /* packets sent */
62 void *aps_nat; /* pointer back to nat struct */
63 void *aps_data; /* private data */
64 int aps_psiz; /* size of private data */
65 struct ap_session *aps_next;
68 #define aps_sport aps_un.apu_tcp.apt_sport
69 #define aps_dport aps_un.apu_tcp.apt_dport
70 #define aps_sel aps_un.apu_tcp.apt_sel
71 #define aps_seqoff aps_un.apu_tcp.apt_seqoff
72 #define aps_seqmin aps_un.apu_tcp.apt_seqmin
73 #define aps_state aps_un.apu_tcp.apt_state
74 #define aps_ackoff aps_un.apu_tcp.apt_ackoff
75 #define aps_ackmin aps_un.apu_tcp.apt_ackmin
78 typedef struct ap_control {
79 char apc_label[APR_LABELLEN];
80 char apc_config[APR_LABELLEN];
83 * The following fields are upto the proxy's apr_ctl routine to deal
84 * with. When the proxy gets this in kernel space, apc_data will
85 * point to a malloc'd region of memory of apc_dsize bytes. If the
86 * proxy wants to keep that memory, it must set apc_data to NULL
87 * before it returns. It is expected if this happens that it will
88 * take care to free it in apr_fini or otherwise as appropriate.
89 * apc_cmd is provided as a standard place to put simple commands,
90 * with apc_arg being available to put a simple arg.
102 typedef struct aproxy {
103 struct aproxy *apr_next;
104 struct aproxy *apr_parent;
105 char apr_label[APR_LABELLEN]; /* Proxy label # */
106 u_char apr_p; /* protocol */
110 void (* apr_load) __P((void));
111 void (* apr_unload) __P((void));
112 void *(* apr_create) __P((ipf_main_softc_t *));
113 void (* apr_destroy) __P((ipf_main_softc_t *, void *));
114 int (* apr_init) __P((ipf_main_softc_t *, void *));
115 void (* apr_fini) __P((ipf_main_softc_t *, void *));
116 int (* apr_new) __P((void *, fr_info_t *, ap_session_t *,
118 void (* apr_del) __P((ipf_main_softc_t *, ap_session_t *));
119 int (* apr_inpkt) __P((void *, fr_info_t *, ap_session_t *,
121 int (* apr_outpkt) __P((void *, fr_info_t *, ap_session_t *,
123 int (* apr_match) __P((fr_info_t *, ap_session_t *, struct nat *));
124 int (* apr_ctl) __P((ipf_main_softc_t *, void *, ap_ctl_t *));
125 int (* apr_clear) __P((struct aproxy *));
126 int (* apr_flush) __P((struct aproxy *, int));
132 #define APR_ERR(x) ((x) << 16)
133 #define APR_EXIT(x) (((x) >> 16) & 0xffff)
134 #define APR_INC(x) ((x) & 0xffff)
139 * Generic #define's to cover missing things in the kernel
142 # define isdigit(x) ((x) >= '0' && (x) <= '9')
145 # define isupper(x) (((unsigned)(x) >= 'A') && ((unsigned)(x) <= 'Z'))
148 # define islower(x) (((unsigned)(x) >= 'a') && ((unsigned)(x) <= 'z'))
151 # define isalpha(x) (isupper(x) || islower(x))
154 # define toupper(x) (isupper(x) ? (x) : (x) - 'a' + 'A')
157 # define isspace(x) (((x) == ' ') || ((x) == '\r') || ((x) == '\n') || \
158 ((x) == '\t') || ((x) == '\b'))
165 #define FTP_BUFSZ 160
166 #define IPF_FTPBUFSZ 160
168 typedef struct ftpside {
177 char ftps_buf[FTP_BUFSZ];
180 typedef struct ftpinfo {
185 ftpside_t ftp_side[2];
192 typedef u_32_t ipsec_cookie_t[2];
194 typedef struct ipsec_pxy {
195 ipsec_cookie_t ipsc_icookie;
196 ipsec_cookie_t ipsc_rcookie;
199 struct ipstate *ipsc_state;
207 typedef struct ircinfo {
220 * For the DNS "proxy"
222 typedef struct dnsinfo {
223 ipfmutex_t dnsi_lock;
225 char dnsi_buffer[512];
230 * Real audio proxy structure and #defines
232 typedef struct raudio_s {
236 int rap_eos; /* End Of Startup */
245 u_32_t rap_sbf; /* flag to indicate which of the 19 bytes have
253 #define RA_ID_ROBUST 7
256 #define RAP_M_ROBUST 2
258 #define RAP_M_UDP_ROBUST (RAP_M_UDP|RAP_M_ROBUST)
264 typedef struct msnrpcinfo {
268 struct in_addr mri_raddr;
276 #define RPCB_MAXMSG 888
277 #define RPCB_RES_PMAP 0 /* Response contains a v2 port. */
278 #define RPCB_RES_STRING 1 /* " " " v3 (GETADDR) string. */
279 #define RPCB_RES_LIST 2 /* " " " v4 (GETADDRLIST) list. */
280 #define RPCB_MAXREQS 32 /* Arbitrary limit on tracked transactions */
282 #define RPCB_REQMIN 40
283 #define RPCB_REQMAX 888
284 #define RPCB_REPMIN 20
285 #define RPCB_REPMAX 604 /* XXX double check this! */
288 * These macros determine the number of bytes between p and the end of
289 * r->rs_buf relative to l.
291 #define RPCB_BUF_END(r) (char *)((r)->rm_msgbuf + (r)->rm_buflen)
292 #define RPCB_BUF_GEQ(r, p, l) \
293 ((RPCB_BUF_END((r)) > (char *)(p)) && \
294 ((RPCB_BUF_END((r)) - (char *)(p)) >= (l)))
295 #define RPCB_BUF_EQ(r, p, l) \
296 (RPCB_BUF_END((r)) == ((char *)(p) + (l)))
299 * The following correspond to RPC(B) detailed in RFC183[13].
303 #define RPCB_MSG_VERSION 2
304 #define RPCB_PROG 100000
305 #define RPCB_GETPORT 3
306 #define RPCB_GETADDR 3
307 #define RPCB_GETADDRLIST 11
308 #define RPCB_MSG_ACCEPTED 0
309 #define RPCB_MSG_DENIED 1
311 /* BEGIN (Generic XDR structures) */
312 typedef struct xdr_string {
317 typedef struct xdr_auth {
318 /* u_32_t xa_flavor; */
319 xdr_string_t xa_string;
322 typedef struct xdr_uaddr {
328 typedef struct xdr_proto {
333 #define xu_xslen xu_str.xs_len
334 #define xu_xsstr xu_str.xs_str
335 #define xp_xslen xp_str.xs_len
336 #define xp_xsstr xp_str.xs_str
337 /* END (Generic XDR structures) */
339 /* BEGIN (RPC call structures) */
340 typedef struct pmap_args {
341 /* u_32_t pa_prog; */
342 /* u_32_t pa_vers; */
344 /* u_32_t pa_port; */
347 typedef struct rpcb_args {
348 /* u_32_t *ra_prog; */
349 /* u_32_t *ra_vers; */
350 xdr_proto_t ra_netid;
351 xdr_uaddr_t ra_maddr;
352 /* xdr_string_t ra_owner; */
355 typedef struct rpc_call {
356 /* u_32_t rc_rpcvers; */
357 /* u_32_t rc_prog; */
360 xdr_auth_t rc_authcred;
361 xdr_auth_t rc_authverf;
363 pmap_args_t ra_pmapargs;
364 rpcb_args_t ra_rpcbargs;
368 #define rc_pmapargs rpcb_args.ra_pmapargs
369 #define rc_rpcbargs rpcb_args.ra_rpcbargs
370 /* END (RPC call structures) */
372 /* BEGIN (RPC reply structures) */
373 typedef struct rpcb_entry {
374 xdr_uaddr_t re_maddr;
375 xdr_proto_t re_netid;
376 /* u_32_t re_semantics; */
377 xdr_string_t re_family;
378 xdr_proto_t re_proto;
379 u_32_t *re_more; /* 1 == another entry follows */
382 typedef struct rpcb_listp {
383 u_32_t *rl_list; /* 1 == list follows */
385 rpcb_entry_t rl_entries[2]; /* TCP / UDP only */
388 typedef struct rpc_resp {
389 /* u_32_t rr_acceptdeny; */
390 /* Omitted 'message denied' fork; we don't care about rejects. */
391 xdr_auth_t rr_authverf;
392 /* u_32_t *rr_astat; */
395 xdr_uaddr_t resp_getaddr;
396 rpcb_listp_t resp_getaddrlist;
400 #define rr_v2 rpcb_reply.resp_pmap
401 #define rr_v3 rpcb_reply.resp_getaddr
402 #define rr_v4 rpcb_reply.resp_getaddrlist
403 /* END (RPC reply structures) */
405 /* BEGIN (RPC message structure & macros) */
406 typedef struct rpc_msg {
407 char rm_msgbuf[RPCB_MAXMSG]; /* RPCB data buffer */
410 /* u_32_t Call vs Reply */
417 #define rm_call rm_body.rb_call
418 #define rm_resp rm_body.rb_resp
419 /* END (RPC message structure & macros) */
422 * These code paths aren't hot enough to warrant per transaction
425 typedef struct rpcb_xact {
426 struct rpcb_xact *rx_next;
427 struct rpcb_xact **rx_pnext;
428 u_32_t rx_xid; /* RPC transmission ID */
429 u_int rx_type; /* RPCB response type */
430 u_int rx_ref; /* reference count */
431 u_int rx_proto; /* transport protocol (v2 only) */
434 typedef struct rpcb_session {
435 ipfmutex_t rs_rxlock;
436 rpcb_xact_t *rs_rxlist;
440 * For an explanation, please see the following:
441 * RFC1832 - Sections 3.11, 4.4, and 4.5.
443 #define XDRALIGN(x) ((((x) % 4) != 0) ? ((((x) + 3) / 4) * 4) : (x))
445 extern int ipf_proxy_add __P((void *, aproxy_t *));
446 extern int ipf_proxy_check __P((fr_info_t *, struct nat *));
447 extern int ipf_proxy_ctl __P((ipf_main_softc_t *, void *, ap_ctl_t *));
448 extern int ipf_proxy_del __P((aproxy_t *));
449 extern void ipf_proxy_deref __P((aproxy_t *));
450 extern void ipf_proxy_flush __P((void *, int));
451 extern int ipf_proxy_init __P((void));
452 extern int ipf_proxy_ioctl __P((ipf_main_softc_t *, caddr_t, ioctlcmd_t, int, void *));
453 extern aproxy_t *ipf_proxy_lookup __P((void *, u_int, char *));
454 extern int ipf_proxy_match __P((fr_info_t *, struct nat *));
455 extern int ipf_proxy_new __P((fr_info_t *, struct nat *));
456 extern int ipf_proxy_ok __P((fr_info_t *, tcphdr_t *, struct ipnat *));
457 extern void ipf_proxy_free __P((ipf_main_softc_t *, ap_session_t *));
458 extern int ipf_proxy_main_load __P((void));
459 extern int ipf_proxy_main_unload __P((void));
460 extern ipnat_t *ipf_proxy_rule_fwd __P((nat_t *));
461 extern ipnat_t *ipf_proxy_rule_rev __P((nat_t *));
462 extern void *ipf_proxy_soft_create __P((ipf_main_softc_t *));
463 extern void ipf_proxy_soft_destroy __P((ipf_main_softc_t *, void *));
464 extern int ipf_proxy_soft_init __P((ipf_main_softc_t *, void *));
465 extern int ipf_proxy_soft_fini __P((ipf_main_softc_t *, void *));
467 #endif /* __IP_PROXY_H__ */