1a9643ea8Slogwang /* lint -save -library Flexelint comment for external headers */ 2a9643ea8Slogwang 3a9643ea8Slogwang /*- 4*22ce4affSfengbojiang * SPDX-License-Identifier: BSD-2-Clause-FreeBSD 5*22ce4affSfengbojiang * 6a9643ea8Slogwang * Copyright (c) 2001 Charles Mott <[email protected]> 7a9643ea8Slogwang * All rights reserved. 8a9643ea8Slogwang * 9a9643ea8Slogwang * Redistribution and use in source and binary forms, with or without 10a9643ea8Slogwang * modification, are permitted provided that the following conditions 11a9643ea8Slogwang * are met: 12a9643ea8Slogwang * 1. Redistributions of source code must retain the above copyright 13a9643ea8Slogwang * notice, this list of conditions and the following disclaimer. 14a9643ea8Slogwang * 2. Redistributions in binary form must reproduce the above copyright 15a9643ea8Slogwang * notice, this list of conditions and the following disclaimer in the 16a9643ea8Slogwang * documentation and/or other materials provided with the distribution. 17a9643ea8Slogwang * 18a9643ea8Slogwang * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 19a9643ea8Slogwang * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 20a9643ea8Slogwang * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 21a9643ea8Slogwang * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 22a9643ea8Slogwang * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 23a9643ea8Slogwang * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 24a9643ea8Slogwang * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 25a9643ea8Slogwang * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 26a9643ea8Slogwang * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 27a9643ea8Slogwang * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 28a9643ea8Slogwang * SUCH DAMAGE. 29a9643ea8Slogwang * 30a9643ea8Slogwang * $FreeBSD$ 31a9643ea8Slogwang */ 32a9643ea8Slogwang 33a9643ea8Slogwang /* 34a9643ea8Slogwang * Alias.h defines the outside world interfaces for the packet aliasing 35a9643ea8Slogwang * software. 36a9643ea8Slogwang * 37a9643ea8Slogwang * This software is placed into the public domain with no restrictions on its 38a9643ea8Slogwang * distribution. 39a9643ea8Slogwang */ 40a9643ea8Slogwang 41a9643ea8Slogwang #ifndef _ALIAS_H_ 42a9643ea8Slogwang #define _ALIAS_H_ 43a9643ea8Slogwang 44a9643ea8Slogwang #include <netinet/in_systm.h> 45a9643ea8Slogwang #include <netinet/in.h> 46a9643ea8Slogwang #include <netinet/ip.h> 47a9643ea8Slogwang 48a9643ea8Slogwang #define LIBALIAS_BUF_SIZE 128 49a9643ea8Slogwang #ifdef _KERNEL 50a9643ea8Slogwang /* 51a9643ea8Slogwang * The kernel version of libalias does not support these features. 52a9643ea8Slogwang */ 53a9643ea8Slogwang #define NO_FW_PUNCH 54a9643ea8Slogwang #define NO_USE_SOCKETS 55a9643ea8Slogwang #endif 56a9643ea8Slogwang 57a9643ea8Slogwang /* 58a9643ea8Slogwang * The external interface to libalias, the packet aliasing engine. 59a9643ea8Slogwang * 60a9643ea8Slogwang * There are two sets of functions: 61a9643ea8Slogwang * 62a9643ea8Slogwang * PacketAlias*() the old API which doesn't take an instance pointer 63a9643ea8Slogwang * and therefore can only have one packet engine at a time. 64a9643ea8Slogwang * 65a9643ea8Slogwang * LibAlias*() the new API which takes as first argument a pointer to 66a9643ea8Slogwang * the instance of the packet aliasing engine. 67a9643ea8Slogwang * 68a9643ea8Slogwang * The functions otherwise correspond to each other one for one, except 69a9643ea8Slogwang * for the LibAliasUnaliasOut()/PacketUnaliasOut() function which were 70a9643ea8Slogwang * were misnamed in the old API. 71a9643ea8Slogwang */ 72a9643ea8Slogwang 73a9643ea8Slogwang /* 74a9643ea8Slogwang * The instance structure 75a9643ea8Slogwang */ 76a9643ea8Slogwang struct libalias; 77a9643ea8Slogwang 78a9643ea8Slogwang /* 79a9643ea8Slogwang * An anonymous structure, a pointer to which is returned from 80a9643ea8Slogwang * PacketAliasRedirectAddr(), PacketAliasRedirectPort() or 81a9643ea8Slogwang * PacketAliasRedirectProto(), passed to PacketAliasAddServer(), 82a9643ea8Slogwang * and freed by PacketAliasRedirectDelete(). 83a9643ea8Slogwang */ 84a9643ea8Slogwang struct alias_link; 85a9643ea8Slogwang 86a9643ea8Slogwang /* Initialization and control functions. */ 87a9643ea8Slogwang struct libalias *LibAliasInit(struct libalias *); 88a9643ea8Slogwang void LibAliasSetAddress(struct libalias *, struct in_addr _addr); 89a9643ea8Slogwang void LibAliasSetFWBase(struct libalias *, unsigned int _base, unsigned int _num); 90a9643ea8Slogwang void LibAliasSetSkinnyPort(struct libalias *, unsigned int _port); 91a9643ea8Slogwang unsigned int 92a9643ea8Slogwang LibAliasSetMode(struct libalias *, unsigned int _flags, unsigned int _mask); 93a9643ea8Slogwang void LibAliasUninit(struct libalias *); 94a9643ea8Slogwang 95a9643ea8Slogwang /* Packet Handling functions. */ 96*22ce4affSfengbojiang int LibAliasIn (struct libalias *, void *_ptr, int _maxpacketsize); 97*22ce4affSfengbojiang int LibAliasOut(struct libalias *, void *_ptr, int _maxpacketsize); 98*22ce4affSfengbojiang int LibAliasOutTry(struct libalias *, void *_ptr, int _maxpacketsize, int _create); 99*22ce4affSfengbojiang int LibAliasUnaliasOut(struct libalias *, void *_ptr, int _maxpacketsize); 100a9643ea8Slogwang 101a9643ea8Slogwang /* Port and address redirection functions. */ 102a9643ea8Slogwang 103a9643ea8Slogwang int 104a9643ea8Slogwang LibAliasAddServer(struct libalias *, struct alias_link *_lnk, 105a9643ea8Slogwang struct in_addr _addr, unsigned short _port); 106a9643ea8Slogwang struct alias_link * 107a9643ea8Slogwang LibAliasRedirectAddr(struct libalias *, struct in_addr _src_addr, 108a9643ea8Slogwang struct in_addr _alias_addr); 109a9643ea8Slogwang int LibAliasRedirectDynamic(struct libalias *, struct alias_link *_lnk); 110a9643ea8Slogwang void LibAliasRedirectDelete(struct libalias *, struct alias_link *_lnk); 111a9643ea8Slogwang struct alias_link * 112a9643ea8Slogwang LibAliasRedirectPort(struct libalias *, struct in_addr _src_addr, 113a9643ea8Slogwang unsigned short _src_port, struct in_addr _dst_addr, 114a9643ea8Slogwang unsigned short _dst_port, struct in_addr _alias_addr, 115a9643ea8Slogwang unsigned short _alias_port, unsigned char _proto); 116a9643ea8Slogwang struct alias_link * 117a9643ea8Slogwang LibAliasRedirectProto(struct libalias *, struct in_addr _src_addr, 118a9643ea8Slogwang struct in_addr _dst_addr, struct in_addr _alias_addr, 119a9643ea8Slogwang unsigned char _proto); 120a9643ea8Slogwang 121a9643ea8Slogwang /* Fragment Handling functions. */ 122*22ce4affSfengbojiang void LibAliasFragmentIn(struct libalias *, void *_ptr, void *_ptr_fragment); 123*22ce4affSfengbojiang void *LibAliasGetFragment(struct libalias *, void *_ptr); 124*22ce4affSfengbojiang int LibAliasSaveFragment(struct libalias *, void *_ptr); 125a9643ea8Slogwang 126a9643ea8Slogwang /* Miscellaneous functions. */ 127a9643ea8Slogwang int LibAliasCheckNewLink(struct libalias *); 128a9643ea8Slogwang unsigned short 129a9643ea8Slogwang LibAliasInternetChecksum(struct libalias *, unsigned short *_ptr, int _nbytes); 130a9643ea8Slogwang void LibAliasSetTarget(struct libalias *, struct in_addr _target_addr); 131a9643ea8Slogwang 132a9643ea8Slogwang /* Transparent proxying routines. */ 133a9643ea8Slogwang int LibAliasProxyRule(struct libalias *, const char *_cmd); 134a9643ea8Slogwang 135a9643ea8Slogwang /* Module handling API */ 136a9643ea8Slogwang int LibAliasLoadModule(char *); 137a9643ea8Slogwang int LibAliasUnLoadAllModule(void); 138a9643ea8Slogwang int LibAliasRefreshModules(void); 139a9643ea8Slogwang 140a9643ea8Slogwang /* Mbuf helper function. */ 141a9643ea8Slogwang struct mbuf *m_megapullup(struct mbuf *, int); 142a9643ea8Slogwang 143a9643ea8Slogwang /* 144a9643ea8Slogwang * Mode flags and other constants. 145a9643ea8Slogwang */ 146a9643ea8Slogwang 147a9643ea8Slogwang /* Mode flags, set using PacketAliasSetMode() */ 148a9643ea8Slogwang 149a9643ea8Slogwang /* 150a9643ea8Slogwang * If PKT_ALIAS_LOG is set, a message will be printed to /var/log/alias.log 151a9643ea8Slogwang * every time a link is created or deleted. This is useful for debugging. 152a9643ea8Slogwang */ 153a9643ea8Slogwang #define PKT_ALIAS_LOG 0x01 154a9643ea8Slogwang 155a9643ea8Slogwang /* 156a9643ea8Slogwang * If PKT_ALIAS_DENY_INCOMING is set, then incoming connections (e.g. to ftp, 157a9643ea8Slogwang * telnet or web servers will be prevented by the aliasing mechanism. 158a9643ea8Slogwang */ 159a9643ea8Slogwang #define PKT_ALIAS_DENY_INCOMING 0x02 160a9643ea8Slogwang 161a9643ea8Slogwang /* 162a9643ea8Slogwang * If PKT_ALIAS_SAME_PORTS is set, packets will be attempted sent from the 163a9643ea8Slogwang * same port as they originated on. This allows e.g. rsh to work *99% of the 164a9643ea8Slogwang * time*, but _not_ 100% (it will be slightly flakey instead of not working 165a9643ea8Slogwang * at all). This mode bit is set by PacketAliasInit(), so it is a default 166a9643ea8Slogwang * mode of operation. 167a9643ea8Slogwang */ 168a9643ea8Slogwang #define PKT_ALIAS_SAME_PORTS 0x04 169a9643ea8Slogwang 170a9643ea8Slogwang /* 171a9643ea8Slogwang * If PKT_ALIAS_USE_SOCKETS is set, then when partially specified links (e.g. 172a9643ea8Slogwang * destination port and/or address is zero), the packet aliasing engine will 173a9643ea8Slogwang * attempt to allocate a socket for the aliasing port it chooses. This will 174a9643ea8Slogwang * avoid interference with the host machine. Fully specified links do not 175a9643ea8Slogwang * require this. This bit is set after a call to PacketAliasInit(), so it is 176a9643ea8Slogwang * a default mode of operation. 177a9643ea8Slogwang */ 178a9643ea8Slogwang #ifndef NO_USE_SOCKETS 179a9643ea8Slogwang #define PKT_ALIAS_USE_SOCKETS 0x08 180a9643ea8Slogwang #endif 181a9643ea8Slogwang /*- 182a9643ea8Slogwang * If PKT_ALIAS_UNREGISTERED_ONLY is set, then only packets with 183a9643ea8Slogwang * unregistered source addresses will be aliased. Private 184a9643ea8Slogwang * addresses are those in the following ranges: 185a9643ea8Slogwang * 186a9643ea8Slogwang * 10.0.0.0 -> 10.255.255.255 187a9643ea8Slogwang * 172.16.0.0 -> 172.31.255.255 188a9643ea8Slogwang * 192.168.0.0 -> 192.168.255.255 189a9643ea8Slogwang */ 190a9643ea8Slogwang #define PKT_ALIAS_UNREGISTERED_ONLY 0x10 191a9643ea8Slogwang 192a9643ea8Slogwang /* 193a9643ea8Slogwang * If PKT_ALIAS_RESET_ON_ADDR_CHANGE is set, then the table of dynamic 194a9643ea8Slogwang * aliasing links will be reset whenever PacketAliasSetAddress() changes the 195a9643ea8Slogwang * default aliasing address. If the default aliasing address is left 196a9643ea8Slogwang * unchanged by this function call, then the table of dynamic aliasing links 197a9643ea8Slogwang * will be left intact. This bit is set after a call to PacketAliasInit(). 198a9643ea8Slogwang */ 199a9643ea8Slogwang #define PKT_ALIAS_RESET_ON_ADDR_CHANGE 0x20 200a9643ea8Slogwang 201a9643ea8Slogwang /* 202a9643ea8Slogwang * If PKT_ALIAS_PROXY_ONLY is set, then NAT will be disabled and only 203a9643ea8Slogwang * transparent proxying is performed. 204a9643ea8Slogwang */ 205a9643ea8Slogwang #define PKT_ALIAS_PROXY_ONLY 0x40 206a9643ea8Slogwang 207a9643ea8Slogwang /* 208a9643ea8Slogwang * If PKT_ALIAS_REVERSE is set, the actions of PacketAliasIn() and 209a9643ea8Slogwang * PacketAliasOut() are reversed. 210a9643ea8Slogwang */ 211a9643ea8Slogwang #define PKT_ALIAS_REVERSE 0x80 212a9643ea8Slogwang 213a9643ea8Slogwang #ifndef NO_FW_PUNCH 214a9643ea8Slogwang /* 215a9643ea8Slogwang * If PKT_ALIAS_PUNCH_FW is set, active FTP and IRC DCC connections will 216a9643ea8Slogwang * create a 'hole' in the firewall to allow the transfers to work. The 217a9643ea8Slogwang * ipfw rule number that the hole is created with is controlled by 218a9643ea8Slogwang * PacketAliasSetFWBase(). The hole will be attached to that 219a9643ea8Slogwang * particular alias_link, so when the link goes away the hole is deleted. 220a9643ea8Slogwang */ 221a9643ea8Slogwang #define PKT_ALIAS_PUNCH_FW 0x100 222a9643ea8Slogwang #endif 223a9643ea8Slogwang 224a9643ea8Slogwang /* 225a9643ea8Slogwang * If PKT_ALIAS_SKIP_GLOBAL is set, nat instance is not checked for matching 226a9643ea8Slogwang * states in 'ipfw nat global' rule. 227a9643ea8Slogwang */ 228a9643ea8Slogwang #define PKT_ALIAS_SKIP_GLOBAL 0x200 229a9643ea8Slogwang 230*22ce4affSfengbojiang /* 231*22ce4affSfengbojiang * Like PKT_ALIAS_UNREGISTERED_ONLY, but includes the RFC 6598 232*22ce4affSfengbojiang * (Carrier Grade NAT) address range as follows: 233*22ce4affSfengbojiang * 234*22ce4affSfengbojiang * 100.64.0.0 -> 100.127.255.255 235*22ce4affSfengbojiang */ 236*22ce4affSfengbojiang #define PKT_ALIAS_UNREGISTERED_CGN 0x400 237*22ce4affSfengbojiang 238a9643ea8Slogwang /* Function return codes. */ 239a9643ea8Slogwang #define PKT_ALIAS_ERROR -1 240a9643ea8Slogwang #define PKT_ALIAS_OK 1 241a9643ea8Slogwang #define PKT_ALIAS_IGNORED 2 242a9643ea8Slogwang #define PKT_ALIAS_UNRESOLVED_FRAGMENT 3 243a9643ea8Slogwang #define PKT_ALIAS_FOUND_HEADER_FRAGMENT 4 244a9643ea8Slogwang 245a9643ea8Slogwang #endif /* !_ALIAS_H_ */ 246a9643ea8Slogwang 247a9643ea8Slogwang /* lint -restore */ 248