ip_proxy.c revision 7c478bd95313f5f23a4c958a745db2134aa03244
/*
* Copyright (C) 1997-2003 by Darren Reed.
*
* See the IPFILTER.LICENCE file for details on licencing.
*
* Copyright 2003 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
#pragma ident "%Z%%M% %I% %E% SMI"
# define KERNEL 1
# define _KERNEL 1
#endif
#if !defined(_KERNEL) && !defined(__KERNEL__)
# include <stdio.h>
# include <string.h>
# include <stdlib.h>
# include <ctype.h>
# define _KERNEL
# ifdef __OpenBSD__
struct file;
# endif
#endif
#if defined(_KERNEL)
!defined(__OpenBSD__) && !defined(__hpux)
# endif
# endif
#endif
# include "opt_ipfilter.h"
# endif
#else
#endif
# include <sys/byteorder.h>
# ifdef _KERNEL
# include <sys/dditypes.h>
# endif
#endif
#if __FreeBSD__ > 2
#endif
#ifdef sun
#endif
#include <netinet/in_systm.h>
#if SOLARIS2 >= 10
#include "ip_compat.h"
#include "ip_fil.h"
#include "ip_nat.h"
#include "ip_state.h"
#include "ip_proxy.h"
#else
#include "netinet/ip_compat.h"
#include "netinet/ip_state.h"
#include "netinet/ip_proxy.h"
#endif
#if (__FreeBSD_version >= 300000)
#endif
#if !defined(lint)
static const char rcsid[] = "@(#)$Id: ip_proxy.c,v 2.49 2003/06/14 02:56:40 darrenr Exp $";
#endif
#define AP_SESS_SIZE 53
#if SOLARIS2 >= 10
#include "ip_ftp_pxy.c"
#if defined(_KERNEL)
#include "ip_irc_pxy.c"
#include "ip_rcmd_pxy.c"
#include "ip_raudio_pxy.c"
#include "ip_h323_pxy.c"
#ifdef IPFILTER_PRO
#include "ip_msnrpc_pxy.c"
#endif
#include "ip_netbios_pxy.c"
#endif
#include "ip_ipsec_pxy.c"
#include "ip_rpcb_pxy.c"
#else
#include "netinet/ip_ftp_pxy.c"
#if defined(_KERNEL)
#include "netinet/ip_irc_pxy.c"
#include "netinet/ip_rcmd_pxy.c"
#include "netinet/ip_raudio_pxy.c"
#include "netinet/ip_h323_pxy.c"
#ifdef IPFILTER_PRO
#include "netinet/ip_msnrpc_pxy.c"
#endif
#include "netinet/ip_netbios_pxy.c"
#endif
#include "netinet/ip_ipsec_pxy.c"
#include "netinet/ip_rpcb_pxy.c"
#endif
aproxy_t ap_proxies[] = {
#ifdef IPF_FTP_PROXY
#endif
#ifdef IPF_IRC_PROXY
#endif
#ifdef IPF_RCMD_PROXY
#endif
#ifdef IPF_RAUDIO_PROXY
#endif
#ifdef IPF_MSNRPC_PROXY
#endif
#ifdef IPF_NETBIOS_PROXY
#endif
#ifdef IPF_IPSEC_PROXY
#endif
#ifdef IPF_H323_PROXY
#endif
#ifdef IPF_RPCB_PROXY
# if 0
# endif
#endif
};
/*
* Dynamically add a new kernel proxy. Ensure that it is unique in the
* collection compiled in and dynamically added.
*/
{
aproxy_t *a;
for (a = ap_proxies; a->apr_p; a++)
return -1;
return -1;
ap_proxylist = ap;
return 0;
}
/*
* Check to see if the proxy this control request has come through for
* exists, and if it does and it has a control function then invoke that
* control function.
*/
{
aproxy_t *a;
int error;
if (a == NULL)
else
return error;
}
/*
* Delete a proxy that has been added dynamically from those available.
* If it is in use, return 1 (do not destroy NOW), not in use 0 or -1
* if it cannot be matched.
*/
{
if (a == ap) {
a->apr_flags |= APR_DELETE;
return 1;
return 0;
}
return -1;
}
/*
* Return 1 if the packet is a good match against a proxy, else 0.
*/
{
return 0;
return 0;
return 1;
}
int mode;
#else
int cmd;
#endif
{
int error;
switch (cmd)
{
case SIOCPROXY :
else {
if (error == 0)
}
} else {
error = 0;
}
if (error == 0)
}
break;
default :
}
return error;
}
/*
* If a proxy has a match function, call that to do extended packet
* matching.
*/
{
return -1;
return -1;
return -1;
return 0;
}
/*
* Allocate a new application proxy structure and fill it in with the
* relevant details. call the init function once complete, prior to
* returning.
*/
{
register ap_session_t *aps;
return -1;
return -1;
if (!aps)
return -1;
}
return -1;
}
ap_sess_list = aps;
return 0;
}
/*
* Check to see if a packet should be passed through an active proxy routine
* if one has been setup for it. We don't need to check the checksum here if
* IPFILTER_CKSUM is defined because if it is, a failed check causes FI_BAD
* to be set.
*/
{
#if defined(ICK_VALID)
mb_t *m;
#endif
int dosum = 1;
#endif
short rv;
int err;
#endif
return -1;
#ifndef IPFILTER_CKSUM
# if PROXY_DEBUG || !defined(_KERNEL)
printf("proxy l4 checksum failure\n");
# endif
return -1;
}
#endif
/*
* If there is data in this packet to be proxied then try and
* get it all into the one buffer, else drop it.
*/
return -1;
{
case IPPROTO_TCP :
dosum = 0;
#endif
/*
* Don't bother the proxy with these...or in fact,
* should we free up proxy stuff when seen?
*/
break;
/*FALLTHROUGH*/
case IPPROTO_UDP :
break;
default :
break;
}
err = 0;
} else {
}
if (rv == 1) {
#if PROXY_DEBUG || !defined(_KERNEL)
printf("proxy says bad packet received\n");
#endif
return -1;
}
if (rv == 2) {
#if PROXY_DEBUG || !defined(_KERNEL)
printf("proxy says free app proxy data\n");
#endif
return -1;
}
/*
* If err != 0 then the data size of the packet has changed
* so we need to recalculate the header checksums for the
* packet.
*/
if (err != 0) {
}
#endif
/*
* For TCP packets, we may need to adjust the sequence and
* acknowledgement numbers to reflect changes in size of the
* data stream.
*
* For both TCP and UDP, recalculate the layer 4 checksum,
* regardless, as we can't tell (here) if data has been
* changed or not.
*/
if (dosum)
IPPROTO_TCP, tcp);
#else
IPPROTO_TCP, tcp);
#endif
if (dosum)
IPPROTO_UDP, udp);
#else
IPPROTO_UDP, udp);
#endif
}
return 1;
}
return 0;
}
/*
* Search for an proxy by the protocol it is being used with and its name.
*/
char *name;
{
return ap;
}
return ap;
}
return NULL;
}
{
}
{
ap_session_t *a, **ap;
if (!aps)
return;
if (a == aps) {
break;
}
}
/*
* returns 2 if ack or seq number in TCP header is changed, returns 0 otherwise
*/
int inc;
{
short inc2;
/*
* ip_len has already been adjusted by 'inc'.
*/
if (out != 0) {
/* switch to other set ? */
#if PROXY_DEBUG
printf("proxy out switch set seq %d -> %d %x > %x\n",
#endif
}
ch = 1;
}
}
#if PROXY_DEBUG
inc);
#endif
}
/***/
/* switch to other set ? */
#if PROXY_DEBUG
printf("proxy out switch set ack %d -> %d %x > %x\n",
#endif
}
ch = 1;
}
} else {
/* switch to other set ? */
#if PROXY_DEBUG
printf("proxy in switch set ack %d -> %d %x > %x\n",
#endif
}
ch = 1;
}
}
#if PROXY_DEBUG
inc);
#endif
}
/***/
/* switch to other set ? */
#if PROXY_DEBUG
printf("proxy in switch set seq %d -> %d %x > %x\n",
#endif
}
#if PROXY_DEBUG
#endif
ch = 1;
}
}
}
#if PROXY_DEBUG
#endif
return ch ? 2 : 0;
}
/*
* Initialise hook for kernel application proxies.
* Call the initialise routine for all the compiled in kernel proxies.
*/
int appr_init()
{
int err = 0;
if (err != 0)
break;
}
}
return err;
}
/*
* Unload hook for kernel application proxies.
* Call the finialise routine for all the compiled in kernel proxies.
*/
void appr_unload()
{
}