1127dd473Swhl739 /* lint -save -library Flexelint comment for external headers */ 2127dd473Swhl739 3127dd473Swhl739 /*- 4*d4a07e70Sfengbojiang * SPDX-License-Identifier: BSD-2-Clause-FreeBSD 5*d4a07e70Sfengbojiang * 6127dd473Swhl739 * Copyright (c) 2001 Charles Mott <[email protected]> 7127dd473Swhl739 * All rights reserved. 8127dd473Swhl739 * 9127dd473Swhl739 * Redistribution and use in source and binary forms, with or without 10127dd473Swhl739 * modification, are permitted provided that the following conditions 11127dd473Swhl739 * are met: 12127dd473Swhl739 * 1. Redistributions of source code must retain the above copyright 13127dd473Swhl739 * notice, this list of conditions and the following disclaimer. 14127dd473Swhl739 * 2. Redistributions in binary form must reproduce the above copyright 15127dd473Swhl739 * notice, this list of conditions and the following disclaimer in the 16127dd473Swhl739 * documentation and/or other materials provided with the distribution. 17127dd473Swhl739 * 18127dd473Swhl739 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 19127dd473Swhl739 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 20127dd473Swhl739 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 21127dd473Swhl739 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 22127dd473Swhl739 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 23127dd473Swhl739 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 24127dd473Swhl739 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 25127dd473Swhl739 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 26127dd473Swhl739 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 27127dd473Swhl739 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 28127dd473Swhl739 * SUCH DAMAGE. 29127dd473Swhl739 * 30127dd473Swhl739 * $FreeBSD$ 31127dd473Swhl739 */ 32127dd473Swhl739 33127dd473Swhl739 /* 34127dd473Swhl739 * Alias.h defines the outside world interfaces for the packet aliasing 35127dd473Swhl739 * software. 36127dd473Swhl739 * 37127dd473Swhl739 * This software is placed into the public domain with no restrictions on its 38127dd473Swhl739 * distribution. 39127dd473Swhl739 */ 40127dd473Swhl739 41127dd473Swhl739 #ifndef _ALIAS_H_ 42127dd473Swhl739 #define _ALIAS_H_ 43127dd473Swhl739 44127dd473Swhl739 #include <netinet/in_systm.h> 45127dd473Swhl739 #include <netinet/in.h> 46127dd473Swhl739 #include <netinet/ip.h> 47127dd473Swhl739 48127dd473Swhl739 #define LIBALIAS_BUF_SIZE 128 49127dd473Swhl739 #ifdef _KERNEL 50127dd473Swhl739 /* 51127dd473Swhl739 * The kernel version of libalias does not support these features. 52127dd473Swhl739 */ 53127dd473Swhl739 #define NO_FW_PUNCH 54127dd473Swhl739 #define NO_USE_SOCKETS 55127dd473Swhl739 #endif 56127dd473Swhl739 57127dd473Swhl739 /* 58127dd473Swhl739 * The external interface to libalias, the packet aliasing engine. 59127dd473Swhl739 * 60127dd473Swhl739 * There are two sets of functions: 61127dd473Swhl739 * 62127dd473Swhl739 * PacketAlias*() the old API which doesn't take an instance pointer 63127dd473Swhl739 * and therefore can only have one packet engine at a time. 64127dd473Swhl739 * 65127dd473Swhl739 * LibAlias*() the new API which takes as first argument a pointer to 66127dd473Swhl739 * the instance of the packet aliasing engine. 67127dd473Swhl739 * 68127dd473Swhl739 * The functions otherwise correspond to each other one for one, except 69127dd473Swhl739 * for the LibAliasUnaliasOut()/PacketUnaliasOut() function which were 70127dd473Swhl739 * were misnamed in the old API. 71127dd473Swhl739 */ 72127dd473Swhl739 73127dd473Swhl739 /* 74127dd473Swhl739 * The instance structure 75127dd473Swhl739 */ 76127dd473Swhl739 struct libalias; 77127dd473Swhl739 78127dd473Swhl739 /* 79127dd473Swhl739 * An anonymous structure, a pointer to which is returned from 80127dd473Swhl739 * PacketAliasRedirectAddr(), PacketAliasRedirectPort() or 81127dd473Swhl739 * PacketAliasRedirectProto(), passed to PacketAliasAddServer(), 82127dd473Swhl739 * and freed by PacketAliasRedirectDelete(). 83127dd473Swhl739 */ 84127dd473Swhl739 struct alias_link; 85127dd473Swhl739 86127dd473Swhl739 /* Initialization and control functions. */ 87127dd473Swhl739 struct libalias *LibAliasInit(struct libalias *); 88127dd473Swhl739 void LibAliasSetAddress(struct libalias *, struct in_addr _addr); 89127dd473Swhl739 void LibAliasSetFWBase(struct libalias *, unsigned int _base, unsigned int _num); 90127dd473Swhl739 void LibAliasSetSkinnyPort(struct libalias *, unsigned int _port); 91127dd473Swhl739 unsigned int 92127dd473Swhl739 LibAliasSetMode(struct libalias *, unsigned int _flags, unsigned int _mask); 93127dd473Swhl739 void LibAliasUninit(struct libalias *); 94127dd473Swhl739 95127dd473Swhl739 /* Packet Handling functions. */ 96*d4a07e70Sfengbojiang int LibAliasIn (struct libalias *, void *_ptr, int _maxpacketsize); 97*d4a07e70Sfengbojiang int LibAliasOut(struct libalias *, void *_ptr, int _maxpacketsize); 98*d4a07e70Sfengbojiang int LibAliasOutTry(struct libalias *, void *_ptr, int _maxpacketsize, int _create); 99*d4a07e70Sfengbojiang int LibAliasUnaliasOut(struct libalias *, void *_ptr, int _maxpacketsize); 100127dd473Swhl739 101127dd473Swhl739 /* Port and address redirection functions. */ 102127dd473Swhl739 103127dd473Swhl739 int 104127dd473Swhl739 LibAliasAddServer(struct libalias *, struct alias_link *_lnk, 105127dd473Swhl739 struct in_addr _addr, unsigned short _port); 106127dd473Swhl739 struct alias_link * 107127dd473Swhl739 LibAliasRedirectAddr(struct libalias *, struct in_addr _src_addr, 108127dd473Swhl739 struct in_addr _alias_addr); 109127dd473Swhl739 int LibAliasRedirectDynamic(struct libalias *, struct alias_link *_lnk); 110127dd473Swhl739 void LibAliasRedirectDelete(struct libalias *, struct alias_link *_lnk); 111127dd473Swhl739 struct alias_link * 112127dd473Swhl739 LibAliasRedirectPort(struct libalias *, struct in_addr _src_addr, 113127dd473Swhl739 unsigned short _src_port, struct in_addr _dst_addr, 114127dd473Swhl739 unsigned short _dst_port, struct in_addr _alias_addr, 115127dd473Swhl739 unsigned short _alias_port, unsigned char _proto); 116127dd473Swhl739 struct alias_link * 117127dd473Swhl739 LibAliasRedirectProto(struct libalias *, struct in_addr _src_addr, 118127dd473Swhl739 struct in_addr _dst_addr, struct in_addr _alias_addr, 119127dd473Swhl739 unsigned char _proto); 120127dd473Swhl739 121127dd473Swhl739 /* Fragment Handling functions. */ 122*d4a07e70Sfengbojiang void LibAliasFragmentIn(struct libalias *, void *_ptr, void *_ptr_fragment); 123*d4a07e70Sfengbojiang void *LibAliasGetFragment(struct libalias *, void *_ptr); 124*d4a07e70Sfengbojiang int LibAliasSaveFragment(struct libalias *, void *_ptr); 125127dd473Swhl739 126127dd473Swhl739 /* Miscellaneous functions. */ 127127dd473Swhl739 int LibAliasCheckNewLink(struct libalias *); 128127dd473Swhl739 unsigned short 129127dd473Swhl739 LibAliasInternetChecksum(struct libalias *, unsigned short *_ptr, int _nbytes); 130127dd473Swhl739 void LibAliasSetTarget(struct libalias *, struct in_addr _target_addr); 131127dd473Swhl739 132127dd473Swhl739 /* Transparent proxying routines. */ 133127dd473Swhl739 int LibAliasProxyRule(struct libalias *, const char *_cmd); 134127dd473Swhl739 135127dd473Swhl739 /* Module handling API */ 136127dd473Swhl739 int LibAliasLoadModule(char *); 137127dd473Swhl739 int LibAliasUnLoadAllModule(void); 138127dd473Swhl739 int LibAliasRefreshModules(void); 139127dd473Swhl739 140127dd473Swhl739 /* Mbuf helper function. */ 141127dd473Swhl739 struct mbuf *m_megapullup(struct mbuf *, int); 142127dd473Swhl739 143127dd473Swhl739 /* 144127dd473Swhl739 * Mode flags and other constants. 145127dd473Swhl739 */ 146127dd473Swhl739 147127dd473Swhl739 /* Mode flags, set using PacketAliasSetMode() */ 148127dd473Swhl739 149127dd473Swhl739 /* 150127dd473Swhl739 * If PKT_ALIAS_LOG is set, a message will be printed to /var/log/alias.log 151127dd473Swhl739 * every time a link is created or deleted. This is useful for debugging. 152127dd473Swhl739 */ 153127dd473Swhl739 #define PKT_ALIAS_LOG 0x01 154127dd473Swhl739 155127dd473Swhl739 /* 156127dd473Swhl739 * If PKT_ALIAS_DENY_INCOMING is set, then incoming connections (e.g. to ftp, 157127dd473Swhl739 * telnet or web servers will be prevented by the aliasing mechanism. 158127dd473Swhl739 */ 159127dd473Swhl739 #define PKT_ALIAS_DENY_INCOMING 0x02 160127dd473Swhl739 161127dd473Swhl739 /* 162127dd473Swhl739 * If PKT_ALIAS_SAME_PORTS is set, packets will be attempted sent from the 163127dd473Swhl739 * same port as they originated on. This allows e.g. rsh to work *99% of the 164127dd473Swhl739 * time*, but _not_ 100% (it will be slightly flakey instead of not working 165127dd473Swhl739 * at all). This mode bit is set by PacketAliasInit(), so it is a default 166127dd473Swhl739 * mode of operation. 167127dd473Swhl739 */ 168127dd473Swhl739 #define PKT_ALIAS_SAME_PORTS 0x04 169127dd473Swhl739 170127dd473Swhl739 /* 171127dd473Swhl739 * If PKT_ALIAS_USE_SOCKETS is set, then when partially specified links (e.g. 172127dd473Swhl739 * destination port and/or address is zero), the packet aliasing engine will 173127dd473Swhl739 * attempt to allocate a socket for the aliasing port it chooses. This will 174127dd473Swhl739 * avoid interference with the host machine. Fully specified links do not 175127dd473Swhl739 * require this. This bit is set after a call to PacketAliasInit(), so it is 176127dd473Swhl739 * a default mode of operation. 177127dd473Swhl739 */ 178127dd473Swhl739 #ifndef NO_USE_SOCKETS 179127dd473Swhl739 #define PKT_ALIAS_USE_SOCKETS 0x08 180127dd473Swhl739 #endif 181127dd473Swhl739 /*- 182127dd473Swhl739 * If PKT_ALIAS_UNREGISTERED_ONLY is set, then only packets with 183127dd473Swhl739 * unregistered source addresses will be aliased. Private 184127dd473Swhl739 * addresses are those in the following ranges: 185127dd473Swhl739 * 186127dd473Swhl739 * 10.0.0.0 -> 10.255.255.255 187127dd473Swhl739 * 172.16.0.0 -> 172.31.255.255 188127dd473Swhl739 * 192.168.0.0 -> 192.168.255.255 189127dd473Swhl739 */ 190127dd473Swhl739 #define PKT_ALIAS_UNREGISTERED_ONLY 0x10 191127dd473Swhl739 192127dd473Swhl739 /* 193127dd473Swhl739 * If PKT_ALIAS_RESET_ON_ADDR_CHANGE is set, then the table of dynamic 194127dd473Swhl739 * aliasing links will be reset whenever PacketAliasSetAddress() changes the 195127dd473Swhl739 * default aliasing address. If the default aliasing address is left 196127dd473Swhl739 * unchanged by this function call, then the table of dynamic aliasing links 197127dd473Swhl739 * will be left intact. This bit is set after a call to PacketAliasInit(). 198127dd473Swhl739 */ 199127dd473Swhl739 #define PKT_ALIAS_RESET_ON_ADDR_CHANGE 0x20 200127dd473Swhl739 201127dd473Swhl739 /* 202127dd473Swhl739 * If PKT_ALIAS_PROXY_ONLY is set, then NAT will be disabled and only 203127dd473Swhl739 * transparent proxying is performed. 204127dd473Swhl739 */ 205127dd473Swhl739 #define PKT_ALIAS_PROXY_ONLY 0x40 206127dd473Swhl739 207127dd473Swhl739 /* 208127dd473Swhl739 * If PKT_ALIAS_REVERSE is set, the actions of PacketAliasIn() and 209127dd473Swhl739 * PacketAliasOut() are reversed. 210127dd473Swhl739 */ 211127dd473Swhl739 #define PKT_ALIAS_REVERSE 0x80 212127dd473Swhl739 213127dd473Swhl739 #ifndef NO_FW_PUNCH 214127dd473Swhl739 /* 215127dd473Swhl739 * If PKT_ALIAS_PUNCH_FW is set, active FTP and IRC DCC connections will 216127dd473Swhl739 * create a 'hole' in the firewall to allow the transfers to work. The 217127dd473Swhl739 * ipfw rule number that the hole is created with is controlled by 218127dd473Swhl739 * PacketAliasSetFWBase(). The hole will be attached to that 219127dd473Swhl739 * particular alias_link, so when the link goes away the hole is deleted. 220127dd473Swhl739 */ 221127dd473Swhl739 #define PKT_ALIAS_PUNCH_FW 0x100 222127dd473Swhl739 #endif 223127dd473Swhl739 224127dd473Swhl739 /* 225127dd473Swhl739 * If PKT_ALIAS_SKIP_GLOBAL is set, nat instance is not checked for matching 226127dd473Swhl739 * states in 'ipfw nat global' rule. 227127dd473Swhl739 */ 228127dd473Swhl739 #define PKT_ALIAS_SKIP_GLOBAL 0x200 229127dd473Swhl739 230*d4a07e70Sfengbojiang /* 231*d4a07e70Sfengbojiang * Like PKT_ALIAS_UNREGISTERED_ONLY, but includes the RFC 6598 232*d4a07e70Sfengbojiang * (Carrier Grade NAT) address range as follows: 233*d4a07e70Sfengbojiang * 234*d4a07e70Sfengbojiang * 100.64.0.0 -> 100.127.255.255 235*d4a07e70Sfengbojiang */ 236*d4a07e70Sfengbojiang #define PKT_ALIAS_UNREGISTERED_CGN 0x400 237*d4a07e70Sfengbojiang 238127dd473Swhl739 /* Function return codes. */ 239127dd473Swhl739 #define PKT_ALIAS_ERROR -1 240127dd473Swhl739 #define PKT_ALIAS_OK 1 241127dd473Swhl739 #define PKT_ALIAS_IGNORED 2 242127dd473Swhl739 #define PKT_ALIAS_UNRESOLVED_FRAGMENT 3 243127dd473Swhl739 #define PKT_ALIAS_FOUND_HEADER_FRAGMENT 4 244127dd473Swhl739 245127dd473Swhl739 #endif /* !_ALIAS_H_ */ 246127dd473Swhl739 247127dd473Swhl739 /* lint -restore */ 248