[apple/xnu.git] / bsd / netinet / ip_proxy.c

/*
 * Copyright (c) 2000 Apple Computer, Inc. All rights reserved.
 *
 * @APPLE_LICENSE_HEADER_START@
 * 
 * The contents of this file constitute Original Code as defined in and
 * are subject to the Apple Public Source License Version 1.1 (the
 * "License").  You may not use this file except in compliance with the
 * License.  Please obtain a copy of the License at
 * http://www.apple.com/publicsource and read it before using this file.
 * 
 * This Original Code and all software distributed under the License are
 * distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY KIND, EITHER
 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
 * FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT.  Please see the
 * License for the specific language governing rights and limitations
 * under the License.
 * 
 * @APPLE_LICENSE_HEADER_END@
 */
/*
 * Copyright (C) 1997 by Darren Reed.
 *
 * Redistribution and use in source and binary forms are permitted
 * provided that this notice is preserved and due credit is given
 * to the original author and the contributors.
 */
#if !defined(lint)
#endif

#if defined(__FreeBSD__) && defined(KERNEL) && !defined(_KERNEL)
# define	_KERNEL
#endif

#if !defined(_KERNEL) && !defined(KERNEL)
# include <stdio.h>
# include <string.h>
# include <stdlib.h>
#endif
#include <sys/errno.h>
#include <sys/types.h>
#include <sys/param.h>
#include <sys/time.h>
#include <sys/file.h>
#if !defined(__FreeBSD__)
# include <sys/ioctl.h>
#endif
#include <sys/fcntl.h>
#include <sys/uio.h>
#ifndef	linux
# include <sys/protosw.h>
#endif
#include <sys/socket.h>
#if defined(_KERNEL)
# if !defined(linux)
#  include <sys/systm.h>
# else
#  include <linux/string.h>
# endif
#endif
#if !defined(__SVR4) && !defined(__svr4__)
# ifndef linux
#  include <sys/mbuf.h>
# endif
#else
# include <sys/byteorder.h>
# include <sys/dditypes.h>
# include <sys/stream.h>
# include <sys/kmem.h>
#endif
#if __FreeBSD__ > 2
# include <sys/queue.h>
# include <sys/malloc.h>
#endif
#include <net/if.h>
#ifdef sun
# include <net/af.h>
#endif
#include <net/route.h>
#include <netinet/in.h>
#include <netinet/in_systm.h>
#include <netinet/ip.h>
#ifndef linux
# include <netinet/ip_var.h>
#endif
#include <netinet/tcp.h>
#include <netinet/udp.h>
#include <netinet/ip_icmp.h>
#include "netinet/ip_compat.h"
#include <netinet/tcpip.h>
#include "netinet/ip_fil.h"
#include "netinet/ip_proxy.h"
#include "netinet/ip_nat.h"
#include "netinet/ip_state.h"

#ifndef MIN
#define MIN(a,b)        (((a)<(b))?(a):(b))
#endif

static ap_session_t *ap_find __P((ip_t *, tcphdr_t *));
static ap_session_t *ap_new_session __P((aproxy_t *, ip_t *, tcphdr_t *,
					 fr_info_t *, nat_t *));

static int ap_matchsrcdst __P((ap_session_t *aps, struct in_addr src,
			       struct in_addr dst, void *tcp, u_short sport,
			       u_short dport));

#define	AP_SESS_SIZE	53

#if defined(_KERNEL) && !defined(linux)
#include "netinet/ip_ftp_pxy.c"
#endif

ap_session_t	*ap_sess_tab[AP_SESS_SIZE];
aproxy_t	ap_proxies[] = {
#if	IPF_FTP_PROXY
	{ "ftp", (char)IPPROTO_TCP, 0, 0, ippr_ftp_init, ippr_ftp_in, ippr_ftp_out },
#endif
	{ "", '\0', 0, 0, NULL, NULL }
};


int ap_ok(ip, tcp, nat)
ip_t *ip;
tcphdr_t *tcp;
ipnat_t *nat;
{
	aproxy_t *apr = nat->in_apr;
	u_short dport = nat->in_dport;

	if (!apr || (apr && (apr->apr_flags & APR_DELETE)) ||
	    (ip->ip_p != apr->apr_p))
		return 0;
	if ((tcp && (tcp->th_dport != dport)) || (!tcp && dport))
		return 0;
	return 1;
}


static int
ap_matchsrcdst(aps, src, dst, tcp, sport, dport)
ap_session_t *aps;
struct in_addr src, dst;
void *tcp;
u_short sport, dport;
{
	if (aps->aps_dst.s_addr == dst.s_addr) {
		if ((aps->aps_src.s_addr == src.s_addr) &&
		    (!tcp || (sport == aps->aps_sport) &&
		     (dport == aps->aps_dport)))
			return 1;
	} else if (aps->aps_dst.s_addr == src.s_addr) {
		if ((aps->aps_src.s_addr == dst.s_addr) &&
		    (!tcp || (sport == aps->aps_dport) &&
		     (dport == aps->aps_sport)))
			return 1;
	}
	return 0;
}


static ap_session_t *ap_find(ip, tcp)
ip_t *ip;
tcphdr_t *tcp;
{
	register u_char p = ip->ip_p;
	register ap_session_t *aps;
	register u_short sp, dp;
	register u_long hv;
	struct in_addr src, dst;

	src = ip->ip_src, dst = ip->ip_dst;
	sp = dp = 0;			/* XXX gcc -Wunitialized */

	hv = ip->ip_src.s_addr ^ ip->ip_dst.s_addr;
	hv *= 651733;
	if (tcp) {
		sp = tcp->th_sport;
		dp = tcp->th_dport;
		hv ^= (sp + dp);
		hv *= 5;
	}
	hv %= AP_SESS_SIZE;

	for (aps = ap_sess_tab[hv]; aps; aps = aps->aps_next)
		if ((aps->aps_p == p) &&
		    ap_matchsrcdst(aps, src, dst, tcp, sp, dp))
			break;
	return aps;
}


/*
 * Allocate a new application proxy structure and fill it in with the
 * relevant details.  call the init function once complete, prior to
 * returning.
 */
static ap_session_t *ap_new_session(apr, ip, tcp, fin, nat)
aproxy_t *apr;
ip_t *ip;
tcphdr_t *tcp;
fr_info_t *fin;
nat_t *nat;
{
	register ap_session_t *aps;
	u_short dport;
	u_long hv;

	if (!apr || (apr && (apr->apr_flags & APR_DELETE)) ||
	    (ip->ip_p != apr->apr_p))
		return NULL;
	dport = nat->nat_ptr->in_dport;
	if ((tcp && (tcp->th_dport != dport)) || (!tcp && dport))
		return NULL;

	hv = ip->ip_src.s_addr ^ ip->ip_dst.s_addr;
	hv *= 651733;
	if (tcp) {
		hv ^= (tcp->th_sport + tcp->th_dport);
		hv *= 5;
	}
	hv %= AP_SESS_SIZE;

	KMALLOC(aps, ap_session_t *, sizeof(*aps));
	if (!aps)
		return NULL;
	bzero((char *)aps, sizeof(*aps));
	aps->aps_apr = apr;
	aps->aps_src = ip->ip_src;
	aps->aps_dst = ip->ip_dst;
	aps->aps_p = ip->ip_p;
	aps->aps_tout = 1200;	/* XXX */
	if (tcp) {
		aps->aps_sport = tcp->th_sport;
		aps->aps_dport = tcp->th_dport;
	}
	aps->aps_data = NULL;
	aps->aps_psiz = 0;
	aps->aps_next = ap_sess_tab[hv];
	ap_sess_tab[hv] = aps;
	(void) (*apr->apr_init)(fin, ip, tcp, aps, nat);
	return aps;
}


/*
 * check to see if a packet should be passed through an active proxy routine
 * if one has been setup for it.
 */
int ap_check(ip, tcp, fin, nat)
ip_t *ip;
tcphdr_t *tcp;
fr_info_t *fin;
nat_t *nat;
{
	ap_session_t *aps;
	aproxy_t *apr;
	int err;

	if (!(fin->fin_fi.fi_fl & FI_TCPUDP))
		tcp = NULL;

	if ((aps = ap_find(ip, tcp)) ||
	    (aps = ap_new_session(nat->nat_ptr->in_apr, ip, tcp, fin, nat))) {
		if (ip->ip_p == IPPROTO_TCP) {
			/*
			 * verify that the checksum is correct.  If not, then
			 * don't do anything with this packet.
			 */
			if (tcp->th_sum != fr_tcpsum(*(mb_t **)fin->fin_mp,
						     ip, tcp, ip->ip_len)) {
				frstats[fin->fin_out].fr_tcpbad++;
				return -1;
			}
			fr_tcp_age(&aps->aps_tout, aps->aps_state, ip, fin,
				   tcp->th_sport == aps->aps_sport);
		}

		apr = aps->aps_apr;
		err = 0;
		if (fin->fin_out) {
			if (apr->apr_outpkt)
				err = (*apr->apr_outpkt)(fin, ip, tcp,
							 aps, nat);
		} else {
			if (apr->apr_inpkt)
				err = (*apr->apr_inpkt)(fin, ip, tcp,
							aps, nat);
		}
		if (err == 2) {
			tcp->th_sum = fr_tcpsum(*(mb_t **)fin->fin_mp, ip,
						tcp, ip->ip_len);
			err = 0;
		}
		return err;
	}
	return -1;
}


aproxy_t *ap_match(pr, name)
u_char pr;
char *name;
{
	aproxy_t *ap;

	for (ap = ap_proxies; ap->apr_p; ap++)
		if ((ap->apr_p == pr) &&
		    !strncmp(name, ap->apr_label, sizeof(ap->apr_label))) {
			ap->apr_ref++;
			return ap;
		}
	return NULL;
}


void ap_free(ap)
aproxy_t *ap;
{
	ap->apr_ref--;
}


void aps_free(aps)
ap_session_t *aps;
{
	if (aps->aps_data && aps->aps_psiz)
		KFREES(aps->aps_data, aps->aps_psiz);
	KFREE(aps);
}


void ap_unload()
{
	ap_session_t *aps;
	int i;

	for (i = 0; i < AP_SESS_SIZE; i++)
		while ((aps = ap_sess_tab[i])) {
			ap_sess_tab[i] = aps->aps_next;
			aps_free(aps);
		}
}


void ap_expire()
{
	ap_session_t *aps, **apsp;
	int i;

	for (i = 0; i < AP_SESS_SIZE; i++)
		for (apsp = &ap_sess_tab[i]; (aps = *apsp); ) {
			aps->aps_tout--;
			if (!aps->aps_tout) {
				ap_sess_tab[i] = aps->aps_next;
				aps_free(aps);
				*apsp = aps->aps_next;
			} else
				apsp = &aps->aps_next;
		}
}
Commit	Line	Data
1c79356b A	1	/*
	2	* Copyright (c) 2000 Apple Computer, Inc. All rights reserved.
	3	*
	4	* @APPLE_LICENSE_HEADER_START@
	5	*
	6	* The contents of this file constitute Original Code as defined in and
	7	* are subject to the Apple Public Source License Version 1.1 (the
	8	* "License"). You may not use this file except in compliance with the
	9	* License. Please obtain a copy of the License at
	10	* http://www.apple.com/publicsource and read it before using this file.
	11	*
	12	* This Original Code and all software distributed under the License are
	13	* distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY KIND, EITHER
	14	* EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
	15	* INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
	16	* FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT. Please see the
	17	* License for the specific language governing rights and limitations
	18	* under the License.
	19	*
	20	* @APPLE_LICENSE_HEADER_END@
	21	*/
	22	/*
	23	* Copyright (C) 1997 by Darren Reed.
	24	*
	25	* Redistribution and use in source and binary forms are permitted
	26	* provided that this notice is preserved and due credit is given
	27	* to the original author and the contributors.
	28	*/
	29	#if !defined(lint)
	30	#endif
	31
	32	#if defined(__FreeBSD__) && defined(KERNEL) && !defined(_KERNEL)
	33	# define _KERNEL
	34	#endif
	35
	36	#if !defined(_KERNEL) && !defined(KERNEL)
	37	# include <stdio.h>
	38	# include <string.h>
	39	# include <stdlib.h>
	40	#endif
	41	#include <sys/errno.h>
	42	#include <sys/types.h>
	43	#include <sys/param.h>
	44	#include <sys/time.h>
	45	#include <sys/file.h>
	46	#if !defined(__FreeBSD__)
	47	# include <sys/ioctl.h>
	48	#endif
	49	#include <sys/fcntl.h>
	50	#include <sys/uio.h>
	51	#ifndef linux
	52	# include <sys/protosw.h>
	53	#endif
	54	#include <sys/socket.h>
	55	#if defined(_KERNEL)
	56	# if !defined(linux)
	57	# include <sys/systm.h>
	58	# else
	59	# include <linux/string.h>
	60	# endif
	61	#endif
	62	#if !defined(__SVR4) && !defined(__svr4__)
	63	# ifndef linux
	64	# include <sys/mbuf.h>
65	# endif
66	#else
67	# include <sys/byteorder.h>
68	# include <sys/dditypes.h>
69	# include <sys/stream.h>
70	# include <sys/kmem.h>
71	#endif
72	#if __FreeBSD__ > 2
73	# include <sys/queue.h>
74	# include <sys/malloc.h>
75	#endif
76	#include <net/if.h>
77	#ifdef sun
78	# include <net/af.h>
79	#endif
80	#include <net/route.h>
81	#include <netinet/in.h>
82	#include <netinet/in_systm.h>
83	#include <netinet/ip.h>
84	#ifndef linux
85	# include <netinet/ip_var.h>
86	#endif
87	#include <netinet/tcp.h>
88	#include <netinet/udp.h>
89	#include <netinet/ip_icmp.h>
90	#include "netinet/ip_compat.h"
91	#include <netinet/tcpip.h>
92	#include "netinet/ip_fil.h"
93	#include "netinet/ip_proxy.h"
94	#include "netinet/ip_nat.h"
95	#include "netinet/ip_state.h"
96
97	#ifndef MIN
98	#define MIN(a,b) (((a)<(b))?(a):(b))
99	#endif
100
101	static ap_session_t ap_find __P((ip_t , tcphdr_t *));
102	static ap_session_t ap_new_session __P((aproxy_t , ip_t , tcphdr_t ,
103	fr_info_t , nat_t ));
104
105	static int ap_matchsrcdst __P((ap_session_t *aps, struct in_addr src,
106	struct in_addr dst, void *tcp, u_short sport,
107	u_short dport));
108
109	#define AP_SESS_SIZE 53
110
111	#if defined(_KERNEL) && !defined(linux)
112	#include "netinet/ip_ftp_pxy.c"
113	#endif
114
115	ap_session_t *ap_sess_tab[AP_SESS_SIZE];
116	aproxy_t ap_proxies[] = {
117	#if IPF_FTP_PROXY
118	{ "ftp", (char)IPPROTO_TCP, 0, 0, ippr_ftp_init, ippr_ftp_in, ippr_ftp_out },
119	#endif
120	{ "", '\0', 0, 0, NULL, NULL }
121	};
122
123
124	int ap_ok(ip, tcp, nat)
125	ip_t *ip;
126	tcphdr_t *tcp;
127	ipnat_t *nat;
128	{
129	aproxy_t *apr = nat->in_apr;
130	u_short dport = nat->in_dport;
131
132	if (!apr \|\| (apr && (apr->apr_flags & APR_DELETE)) \|\|
133	(ip->ip_p != apr->apr_p))
134	return 0;
135	if ((tcp && (tcp->th_dport != dport)) \|\| (!tcp && dport))
136	return 0;
137	return 1;
138	}
139
140
141	static int
142	ap_matchsrcdst(aps, src, dst, tcp, sport, dport)
143	ap_session_t *aps;
144	struct in_addr src, dst;
145	void *tcp;
146	u_short sport, dport;
147	{
148	if (aps->aps_dst.s_addr == dst.s_addr) {
149	if ((aps->aps_src.s_addr == src.s_addr) &&
150	(!tcp \|\| (sport == aps->aps_sport) &&
151	(dport == aps->aps_dport)))
152	return 1;
153	} else if (aps->aps_dst.s_addr == src.s_addr) {
154	if ((aps->aps_src.s_addr == dst.s_addr) &&
155	(!tcp \|\| (sport == aps->aps_dport) &&
156	(dport == aps->aps_sport)))
157	return 1;
158	}
159	return 0;
160	}
161
162
163	static ap_session_t *ap_find(ip, tcp)
164	ip_t *ip;
165	tcphdr_t *tcp;
166	{
167	register u_char p = ip->ip_p;
168	register ap_session_t *aps;
169	register u_short sp, dp;
170	register u_long hv;
171	struct in_addr src, dst;
172
173	src = ip->ip_src, dst = ip->ip_dst;
174	sp = dp = 0; /* XXX gcc -Wunitialized */
175
176	hv = ip->ip_src.s_addr ^ ip->ip_dst.s_addr;
177	hv *= 651733;
178	if (tcp) {
179	sp = tcp->th_sport;
180	dp = tcp->th_dport;
181	hv ^= (sp + dp);
182	hv *= 5;
183	}
184	hv %= AP_SESS_SIZE;
185
186	for (aps = ap_sess_tab[hv]; aps; aps = aps->aps_next)
187	if ((aps->aps_p == p) &&
188	ap_matchsrcdst(aps, src, dst, tcp, sp, dp))
189	break;
190	return aps;
191	}
192
193
194	/*
195	* Allocate a new application proxy structure and fill it in with the
196	* relevant details. call the init function once complete, prior to
197	* returning.
198	*/
199	static ap_session_t *ap_new_session(apr, ip, tcp, fin, nat)
200	aproxy_t *apr;
201	ip_t *ip;
202	tcphdr_t *tcp;
203	fr_info_t *fin;
204	nat_t *nat;
205	{
206	register ap_session_t *aps;
207	u_short dport;
208	u_long hv;
209
210	if (!apr \|\| (apr && (apr->apr_flags & APR_DELETE)) \|\|
211	(ip->ip_p != apr->apr_p))
212	return NULL;
213	dport = nat->nat_ptr->in_dport;
214	if ((tcp && (tcp->th_dport != dport)) \|\| (!tcp && dport))
215	return NULL;
216
217	hv = ip->ip_src.s_addr ^ ip->ip_dst.s_addr;
218	hv *= 651733;
219	if (tcp) {
220	hv ^= (tcp->th_sport + tcp->th_dport);
221	hv *= 5;
222	}
223	hv %= AP_SESS_SIZE;
224
225	KMALLOC(aps, ap_session_t , sizeof(aps));
226	if (!aps)
227	return NULL;
228	bzero((char )aps, sizeof(aps));
229	aps->aps_apr = apr;
230	aps->aps_src = ip->ip_src;
231	aps->aps_dst = ip->ip_dst;
232	aps->aps_p = ip->ip_p;
233	aps->aps_tout = 1200; /* XXX */
234	if (tcp) {
235	aps->aps_sport = tcp->th_sport;
236	aps->aps_dport = tcp->th_dport;
237	}
238	aps->aps_data = NULL;
239	aps->aps_psiz = 0;
240	aps->aps_next = ap_sess_tab[hv];
241	ap_sess_tab[hv] = aps;
242	(void) (*apr->apr_init)(fin, ip, tcp, aps, nat);
243	return aps;
244	}
245
246
247	/*
248	* check to see if a packet should be passed through an active proxy routine
249	* if one has been setup for it.
250	*/
251	int ap_check(ip, tcp, fin, nat)
252	ip_t *ip;
253	tcphdr_t *tcp;
254	fr_info_t *fin;
255	nat_t *nat;
256	{
257	ap_session_t *aps;
258	aproxy_t *apr;
259	int err;
260
261	if (!(fin->fin_fi.fi_fl & FI_TCPUDP))
262	tcp = NULL;
263
264	if ((aps = ap_find(ip, tcp)) \|\|
265	(aps = ap_new_session(nat->nat_ptr->in_apr, ip, tcp, fin, nat))) {
266	if (ip->ip_p == IPPROTO_TCP) {
267	/*
268	* verify that the checksum is correct. If not, then
269	* don't do anything with this packet.
270	*/
271	if (tcp->th_sum != fr_tcpsum((mb_t *)fin->fin_mp,
272	ip, tcp, ip->ip_len)) {
273	frstats[fin->fin_out].fr_tcpbad++;
274	return -1;
275	}
276	fr_tcp_age(&aps->aps_tout, aps->aps_state, ip, fin,
277	tcp->th_sport == aps->aps_sport);
278	}
279
280	apr = aps->aps_apr;
281	err = 0;
282	if (fin->fin_out) {
283	if (apr->apr_outpkt)
284	err = (*apr->apr_outpkt)(fin, ip, tcp,
285	aps, nat);
286	} else {
287	if (apr->apr_inpkt)
288	err = (*apr->apr_inpkt)(fin, ip, tcp,
289	aps, nat);
290	}
291	if (err == 2) {
292	tcp->th_sum = fr_tcpsum((mb_t *)fin->fin_mp, ip,
293	tcp, ip->ip_len);
294	err = 0;
295	}
296	return err;
297	}
298	return -1;
299	}
300
301
302	aproxy_t *ap_match(pr, name)
303	u_char pr;
304	char *name;
305	{
306	aproxy_t *ap;
307
308	for (ap = ap_proxies; ap->apr_p; ap++)
309	if ((ap->apr_p == pr) &&
310	!strncmp(name, ap->apr_label, sizeof(ap->apr_label))) {
311	ap->apr_ref++;
312	return ap;
313	}
314	return NULL;
315	}
316
317
318	void ap_free(ap)
319	aproxy_t *ap;
320	{
321	ap->apr_ref--;
322	}
323
324
325	void aps_free(aps)
326	ap_session_t *aps;
327	{
328	if (aps->aps_data && aps->aps_psiz)
329	KFREES(aps->aps_data, aps->aps_psiz);
330	KFREE(aps);
331	}
332
333
334	void ap_unload()
335	{
336	ap_session_t *aps;
337	int i;
338
339	for (i = 0; i < AP_SESS_SIZE; i++)
340	while ((aps = ap_sess_tab[i])) {
341	ap_sess_tab[i] = aps->aps_next;
342	aps_free(aps);
343	}
344	}
345
346
347	void ap_expire()
348	{
349	ap_session_t aps, *apsp;
350	int i;
351
352	for (i = 0; i < AP_SESS_SIZE; i++)
353	for (apsp = &ap_sess_tab[i]; (aps = *apsp); ) {
354	aps->aps_tout--;
355	if (!aps->aps_tout) {
356	ap_sess_tab[i] = aps->aps_next;
357	aps_free(aps);
358	*apsp = aps->aps_next;
359	} else
360	apsp = &aps->aps_next;
361	}
362	}