FreeBSD kernel IPv4 code
alias_proxy.c
Go to the documentation of this file.
1/*-
2 * SPDX-License-Identifier: BSD-2-Clause-FreeBSD
3 *
4 * Copyright (c) 2001 Charles Mott <cm@linktel.net>
5 * All rights reserved.
6 *
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
9 * are met:
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
15 *
16 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
17 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
18 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
19 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
20 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
21 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
22 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
23 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
24 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
25 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
26 * SUCH DAMAGE.
27 */
28
29#include <sys/cdefs.h>
30__FBSDID("$FreeBSD$");
31
32/* file: alias_proxy.c
33
34 This file encapsulates special operations related to transparent
35 proxy redirection. This is where packets with a particular destination,
36 usually tcp port 80, are redirected to a proxy server.
37
38 When packets are proxied, the destination address and port are
39 modified. In certain cases, it is necessary to somehow encode
40 the original address/port info into the packet. Two methods are
41 presently supported: addition of a [DEST addr port] string at the
42 beginning of a tcp stream, or inclusion of an optional field
43 in the IP header.
44
45 There is one public API function:
46
47 PacketAliasProxyRule() -- Adds and deletes proxy
48 rules.
49
50 Rules are stored in a linear linked list, so lookup efficiency
51 won't be too good for large lists.
52
53 Initial development: April, 1998 (cjm)
54*/
55
56/* System includes */
57#ifdef _KERNEL
58#include <sys/param.h>
59#include <sys/ctype.h>
60#include <sys/libkern.h>
61#include <sys/limits.h>
62#else
63#include <sys/types.h>
64#include <ctype.h>
65#include <stdio.h>
66#include <stdlib.h>
67#include <netdb.h>
68#include <string.h>
69#endif
70
71#include <netinet/tcp.h>
72
73#ifdef _KERNEL
74#include <netinet/libalias/alias.h>
75#include <netinet/libalias/alias_local.h>
76#include <netinet/libalias/alias_mod.h>
77#else
78#include <arpa/inet.h>
79
80#include "alias.h" /* Public API functions for libalias */
81#include "alias_local.h" /* Functions used by alias*.c */
82#endif
83
84/*
85 Data structures
86 */
87
88/*
89 * A linked list of arbitrary length, based on struct proxy_entry is
90 * used to store proxy rules.
91 */
92struct proxy_entry {
93 struct libalias *la;
94#define PROXY_TYPE_ENCODE_NONE 1
95#define PROXY_TYPE_ENCODE_TCPSTREAM 2
96#define PROXY_TYPE_ENCODE_IPHDR 3
97 int rule_index;
98 int proxy_type;
99 u_char proto;
100 u_short proxy_port;
101 u_short server_port;
102
103 struct in_addr server_addr;
104
105 struct in_addr src_addr;
106 struct in_addr src_mask;
107
108 struct in_addr dst_addr;
109 struct in_addr dst_mask;
110
111 struct proxy_entry *next;
112 struct proxy_entry *last;
113};
114
115/*
116 File scope variables
117*/
118
119/* Local (static) functions:
120
121 IpMask() -- Utility function for creating IP
122 masks from integer (1-32) specification.
123 IpAddr() -- Utility function for converting string
124 to IP address
125 IpPort() -- Utility function for converting string
126 to port number
127 RuleAdd() -- Adds an element to the rule list.
128 RuleDelete() -- Removes an element from the rule list.
129 RuleNumberDelete() -- Removes all elements from the rule list
130 having a certain rule number.
131 ProxyEncodeTcpStream() -- Adds [DEST x.x.x.x xxxx] to the beginning
132 of a TCP stream.
133 ProxyEncodeIpHeader() -- Adds an IP option indicating the true
134 destination of a proxied IP packet
135*/
136
137static int IpMask(int, struct in_addr *);
138static int IpAddr(char *, struct in_addr *);
139static int IpPort(char *, int, int *);
140static void RuleAdd(struct libalias *la, struct proxy_entry *);
141static void RuleDelete(struct proxy_entry *);
142static int RuleNumberDelete(struct libalias *la, int);
143static void ProxyEncodeTcpStream(struct alias_link *, struct ip *, int);
144static void ProxyEncodeIpHeader(struct ip *, int);
145
146static int
147IpMask(int nbits, struct in_addr *mask)
148{
149 int i;
150 u_int imask;
151
152 if (nbits < 0 || nbits > 32)
153 return (-1);
154
155 imask = 0;
156 for (i = 0; i < nbits; i++)
157 imask = (imask >> 1) + 0x80000000;
158 mask->s_addr = htonl(imask);
159
160 return (0);
161}
162
163static int
164IpAddr(char *s, struct in_addr *addr)
165{
166 if (inet_aton(s, addr) == 0)
167 return (-1);
168 else
169 return (0);
170}
171
172static int
173IpPort(char *s, int proto, int *port)
174{
175 int n;
176
177 n = sscanf(s, "%d", port);
178 if (n != 1)
179#ifndef _KERNEL /* XXX: we accept only numeric ports in kernel */
180 {
181 struct servent *se;
182
183 if (proto == IPPROTO_TCP)
184 se = getservbyname(s, "tcp");
185 else if (proto == IPPROTO_UDP)
186 se = getservbyname(s, "udp");
187 else
188 return (-1);
189
190 if (se == NULL)
191 return (-1);
192
193 *port = (u_int)ntohs(se->s_port);
194 }
195#else
196 return (-1);
197#endif
198 return (0);
199}
200
201void
202RuleAdd(struct libalias *la, struct proxy_entry *entry)
203{
204 int rule_index;
205 struct proxy_entry *ptr;
206 struct proxy_entry *ptr_last;
207
208 LIBALIAS_LOCK_ASSERT(la);
209
210 entry->la = la;
211 if (la->proxyList == NULL) {
212 la->proxyList = entry;
213 entry->last = NULL;
214 entry->next = NULL;
215 return;
216 }
217
218 rule_index = entry->rule_index;
219 ptr = la->proxyList;
220 ptr_last = NULL;
221 while (ptr != NULL) {
222 if (ptr->rule_index >= rule_index) {
223 if (ptr_last == NULL) {
224 entry->next = la->proxyList;
225 entry->last = NULL;
226 la->proxyList->last = entry;
227 la->proxyList = entry;
228 return;
229 }
230 ptr_last->next = entry;
231 ptr->last = entry;
232 entry->last = ptr->last;
233 entry->next = ptr;
234 return;
235 }
236 ptr_last = ptr;
237 ptr = ptr->next;
238 }
239
240 ptr_last->next = entry;
241 entry->last = ptr_last;
242 entry->next = NULL;
243}
244
245static void
246RuleDelete(struct proxy_entry *entry)
247{
248 struct libalias *la;
249
250 la = entry->la;
251 LIBALIAS_LOCK_ASSERT(la);
252 if (entry->last != NULL)
253 entry->last->next = entry->next;
254 else
255 la->proxyList = entry->next;
256
257 if (entry->next != NULL)
258 entry->next->last = entry->last;
259
260 free(entry);
261}
262
263static int
264RuleNumberDelete(struct libalias *la, int rule_index)
265{
266 int err;
267 struct proxy_entry *ptr;
268
269 LIBALIAS_LOCK_ASSERT(la);
270 err = -1;
271 ptr = la->proxyList;
272 while (ptr != NULL) {
273 struct proxy_entry *ptr_next;
274
275 ptr_next = ptr->next;
276 if (ptr->rule_index == rule_index) {
277 err = 0;
278 RuleDelete(ptr);
279 }
280 ptr = ptr_next;
281 }
282
283 return (err);
284}
285
286static void
287ProxyEncodeTcpStream(struct alias_link *lnk,
288 struct ip *pip,
289 int maxpacketsize)
290{
291 int slen;
292 char buffer[40];
293 struct tcphdr *tc;
294 char addrbuf[INET_ADDRSTRLEN];
295
296 /* Compute pointer to tcp header */
297 tc = (struct tcphdr *)ip_next(pip);
298
299 /* Don't modify if once already modified */
300 if (GetAckModified(lnk))
301 return;
302
303 /* Translate destination address and port to string form */
304 snprintf(buffer, sizeof(buffer) - 2, "[DEST %s %d]",
305 inet_ntoa_r(GetProxyAddress(lnk), INET_NTOA_BUF(addrbuf)),
306 (u_int)ntohs(GetProxyPort(lnk)));
307
308 /* Pad string out to a multiple of two in length */
309 slen = strlen(buffer);
310 switch (slen % 2) {
311 case 0:
312 strcat(buffer, " \n");
313 slen += 2;
314 break;
315 case 1:
316 strcat(buffer, "\n");
317 slen += 1;
318 }
319
320 /* Check for packet overflow */
321 if ((int)(ntohs(pip->ip_len) + strlen(buffer)) > maxpacketsize)
322 return;
323
324 /* Shift existing TCP data and insert destination string */
325 {
326 int dlen;
327 int hlen;
328 char *p;
329
330 hlen = (pip->ip_hl + tc->th_off) << 2;
331 dlen = ntohs(pip->ip_len) - hlen;
332
333 /* Modify first packet that has data in it */
334 if (dlen == 0)
335 return;
336
337 p = (char *)pip;
338 p += hlen;
339
340 bcopy(p, p + slen, dlen);
341 memcpy(p, buffer, slen);
342 }
343
344 /* Save information about modfied sequence number */
345 {
346 int delta;
347
348 SetAckModified(lnk);
349 tc = (struct tcphdr *)ip_next(pip);
350 delta = GetDeltaSeqOut(tc->th_seq, lnk);
351 AddSeq(lnk, delta + slen, pip->ip_hl, pip->ip_len, tc->th_seq,
352 tc->th_off);
353 }
354
355 /* Update IP header packet length and checksum */
356 {
357 int accumulate;
358
359 accumulate = pip->ip_len;
360 pip->ip_len = htons(ntohs(pip->ip_len) + slen);
361 accumulate -= pip->ip_len;
362
363 ADJUST_CHECKSUM(accumulate, pip->ip_sum);
364 }
365
366 /* Update TCP checksum, Use TcpChecksum since so many things have
367 already changed. */
368
369 tc->th_sum = 0;
370#ifdef _KERNEL
371 tc->th_x2 = 1;
372#else
373 tc->th_sum = TcpChecksum(pip);
374#endif
375}
376
377static void
378ProxyEncodeIpHeader(struct ip *pip, int maxpacketsize)
379{
380#define OPTION_LEN_BYTES 8
381#define OPTION_LEN_INT16 4
382#define OPTION_LEN_INT32 2
383 _Alignas(_Alignof(u_short)) u_char option[OPTION_LEN_BYTES];
384
385#ifdef LIBALIAS_DEBUG
386 fprintf(stdout, " ip cksum 1 = %x\n", (u_int)IpChecksum(pip));
387 fprintf(stdout, "tcp cksum 1 = %x\n", (u_int)TcpChecksum(pip));
388#endif
389
390 (void)maxpacketsize;
391
392 /* Check to see that there is room to add an IP option */
393 if (pip->ip_hl > (0x0f - OPTION_LEN_INT32))
394 return;
395
396 /* Build option and copy into packet */
397 {
398 u_char *ptr;
399 struct tcphdr *tc;
400
401 ptr = (u_char *) pip;
402 ptr += 20;
403 memcpy(ptr + OPTION_LEN_BYTES, ptr, ntohs(pip->ip_len) - 20);
404
405 option[0] = 0x64; /* class: 3 (reserved), option 4 */
406 option[1] = OPTION_LEN_BYTES;
407
408 memcpy(&option[2], (u_char *)&pip->ip_dst, 4);
409
410 tc = (struct tcphdr *)ip_next(pip);
411 memcpy(&option[6], (u_char *)&tc->th_sport, 2);
412
413 memcpy(ptr, option, 8);
414 }
415
416 /* Update checksum, header length and packet length */
417 {
418 int i;
419 int accumulate;
420 u_short *sptr;
421
422 sptr = (u_short *) option;
423 accumulate = 0;
424 for (i = 0; i < OPTION_LEN_INT16; i++)
425 accumulate -= *(sptr++);
426
427 sptr = (u_short *) pip;
428 accumulate += *sptr;
429 pip->ip_hl += OPTION_LEN_INT32;
430 accumulate -= *sptr;
431
432 accumulate += pip->ip_len;
433 pip->ip_len = htons(ntohs(pip->ip_len) + OPTION_LEN_BYTES);
434 accumulate -= pip->ip_len;
435
436 ADJUST_CHECKSUM(accumulate, pip->ip_sum);
437 }
438#undef OPTION_LEN_BYTES
439#undef OPTION_LEN_INT16
440#undef OPTION_LEN_INT32
441#ifdef LIBALIAS_DEBUG
442 fprintf(stdout, " ip cksum 2 = %x\n", (u_int)IpChecksum(pip));
443 fprintf(stdout, "tcp cksum 2 = %x\n", (u_int)TcpChecksum(pip));
444#endif
445}
446
447/* Functions by other packet alias source files
448
449 ProxyCheck() -- Checks whether an outgoing packet should
450 be proxied.
451 ProxyModify() -- Encodes the original destination address/port
452 for a packet which is to be redirected to
453 a proxy server.
454*/
455
456int
457ProxyCheck(struct libalias *la, struct in_addr *proxy_server_addr,
458 u_short * proxy_server_port, struct in_addr src_addr,
459 struct in_addr dst_addr, u_short dst_port, u_char ip_p)
460{
461 struct proxy_entry *ptr;
462
463 LIBALIAS_LOCK_ASSERT(la);
464
465 ptr = la->proxyList;
466 while (ptr != NULL) {
467 u_short proxy_port;
468
469 proxy_port = ptr->proxy_port;
470 if ((dst_port == proxy_port || proxy_port == 0)
471 && ip_p == ptr->proto
472 && src_addr.s_addr != ptr->server_addr.s_addr) {
473 struct in_addr src_addr_masked;
474 struct in_addr dst_addr_masked;
475
476 src_addr_masked.s_addr = src_addr.s_addr & ptr->src_mask.s_addr;
477 dst_addr_masked.s_addr = dst_addr.s_addr & ptr->dst_mask.s_addr;
478
479 if ((src_addr_masked.s_addr == ptr->src_addr.s_addr)
480 && (dst_addr_masked.s_addr == ptr->dst_addr.s_addr)) {
481 if ((*proxy_server_port = ptr->server_port) == 0)
482 *proxy_server_port = dst_port;
483 *proxy_server_addr = ptr->server_addr;
484 return (ptr->proxy_type);
485 }
486 }
487 ptr = ptr->next;
488 }
489
490 return (0);
491}
492
493void
494ProxyModify(struct libalias *la, struct alias_link *lnk,
495 struct ip *pip,
496 int maxpacketsize,
497 int proxy_type)
498{
499 LIBALIAS_LOCK_ASSERT(la);
500 (void)la;
501
502 switch (proxy_type) {
503 case PROXY_TYPE_ENCODE_IPHDR:
504 ProxyEncodeIpHeader(pip, maxpacketsize);
505 break;
506
507 case PROXY_TYPE_ENCODE_TCPSTREAM:
508 ProxyEncodeTcpStream(lnk, pip, maxpacketsize);
509 break;
510 }
511}
512
513/*
514 Public API functions
515*/
516
517/*
518 * This function takes command strings of the form:
519 *
520 * server <addr>[:<port>]
521 * [port <port>]
522 * [rule n]
523 * [proto tcp|udp]
524 * [src <addr>[/n]]
525 * [dst <addr>[/n]]
526 * [type encode_tcp_stream|encode_ip_hdr|no_encode]
527 *
528 * delete <rule number>
529 *
530 * Subfields can be in arbitrary order. Port numbers and addresses
531 * must be in either numeric or symbolic form. An optional rule number
532 * is used to control the order in which rules are searched. If two
533 * rules have the same number, then search order cannot be guaranteed,
534 * and the rules should be disjoint. If no rule number is specified,
535 * then 0 is used, and group 0 rules are always checked before any
536 * others.
537 */
538int
539LibAliasProxyRule(struct libalias *la, const char *cmd)
540{
541 int i, n, len, ret;
542 int cmd_len;
543 int token_count;
544 int state;
545 char *token;
546 char buffer[256];
547 char str_port[sizeof(buffer)];
548 char str_server_port[sizeof(buffer)];
549 char *res = buffer;
550
551 int rule_index;
552 int proto;
553 int proxy_type;
554 int proxy_port;
555 int server_port;
556 struct in_addr server_addr;
557 struct in_addr src_addr, src_mask;
558 struct in_addr dst_addr, dst_mask;
559 struct proxy_entry *proxy_entry;
560
561 LIBALIAS_LOCK(la);
562 ret = 0;
563
564 /* Copy command line into a buffer */
565 cmd += strspn(cmd, " \t");
566 cmd_len = strlen(cmd);
567 if (cmd_len > (int)(sizeof(buffer) - 1)) {
568 ret = -1;
569 goto getout;
570 }
571 strcpy(buffer, cmd);
572
573 /* Convert to lower case */
574 len = strlen(buffer);
575 for (i = 0; i < len; i++)
576 buffer[i] = tolower((unsigned char)buffer[i]);
577
578 /* Set default proxy type */
579
580 /* Set up default values */
581 rule_index = 0;
582 proxy_type = PROXY_TYPE_ENCODE_NONE;
583 proto = IPPROTO_TCP;
584 proxy_port = 0;
585 server_addr.s_addr = 0;
586 server_port = 0;
587 src_addr.s_addr = 0;
588 IpMask(0, &src_mask);
589 dst_addr.s_addr = 0;
590 IpMask(0, &dst_mask);
591
592 str_port[0] = 0;
593 str_server_port[0] = 0;
594
595 /* Parse command string with state machine */
596#define STATE_READ_KEYWORD 0
597#define STATE_READ_TYPE 1
598#define STATE_READ_PORT 2
599#define STATE_READ_SERVER 3
600#define STATE_READ_RULE 4
601#define STATE_READ_DELETE 5
602#define STATE_READ_PROTO 6
603#define STATE_READ_SRC 7
604#define STATE_READ_DST 8
605 state = STATE_READ_KEYWORD;
606 token = strsep(&res, " \t");
607 token_count = 0;
608 while (token != NULL) {
609 token_count++;
610 switch (state) {
611 case STATE_READ_KEYWORD:
612 if (strcmp(token, "type") == 0)
613 state = STATE_READ_TYPE;
614 else if (strcmp(token, "port") == 0)
615 state = STATE_READ_PORT;
616 else if (strcmp(token, "server") == 0)
617 state = STATE_READ_SERVER;
618 else if (strcmp(token, "rule") == 0)
619 state = STATE_READ_RULE;
620 else if (strcmp(token, "delete") == 0)
621 state = STATE_READ_DELETE;
622 else if (strcmp(token, "proto") == 0)
623 state = STATE_READ_PROTO;
624 else if (strcmp(token, "src") == 0)
625 state = STATE_READ_SRC;
626 else if (strcmp(token, "dst") == 0)
627 state = STATE_READ_DST;
628 else {
629 ret = -1;
630 goto getout;
631 }
632 break;
633
634 case STATE_READ_TYPE:
635 if (strcmp(token, "encode_ip_hdr") == 0)
636 proxy_type = PROXY_TYPE_ENCODE_IPHDR;
637 else if (strcmp(token, "encode_tcp_stream") == 0)
638 proxy_type = PROXY_TYPE_ENCODE_TCPSTREAM;
639 else if (strcmp(token, "no_encode") == 0)
640 proxy_type = PROXY_TYPE_ENCODE_NONE;
641 else {
642 ret = -1;
643 goto getout;
644 }
645 state = STATE_READ_KEYWORD;
646 break;
647
648 case STATE_READ_PORT:
649 strcpy(str_port, token);
650 state = STATE_READ_KEYWORD;
651 break;
652
653 case STATE_READ_SERVER: {
654 int err;
655 char *p;
656 char s[sizeof(buffer)];
657
658 p = token;
659 while (*p != ':' && *p != 0)
660 p++;
661
662 if (*p != ':') {
663 err = IpAddr(token, &server_addr);
664 if (err) {
665 ret = -1;
666 goto getout;
667 }
668 } else {
669 *p = ' ';
670
671 n = sscanf(token, "%s %s", s, str_server_port);
672 if (n != 2) {
673 ret = -1;
674 goto getout;
675 }
676
677 err = IpAddr(s, &server_addr);
678 if (err) {
679 ret = -1;
680 goto getout;
681 }
682 }
683
684 state = STATE_READ_KEYWORD;
685 break;
686 }
687 case STATE_READ_RULE:
688 n = sscanf(token, "%d", &rule_index);
689 if (n != 1 || rule_index < 0) {
690 ret = -1;
691 goto getout;
692 }
693 state = STATE_READ_KEYWORD;
694 break;
695
696 case STATE_READ_DELETE: {
697 int err;
698 int rule_to_delete;
699
700 if (token_count != 2) {
701 ret = -1;
702 goto getout;
703 }
704
705 n = sscanf(token, "%d", &rule_to_delete);
706 if (n != 1) {
707 ret = -1;
708 goto getout;
709 }
710 err = RuleNumberDelete(la, rule_to_delete);
711 if (err)
712 ret = -1;
713 else
714 ret = 0;
715 goto getout;
716 }
717
718 case STATE_READ_PROTO:
719 if (strcmp(token, "tcp") == 0)
720 proto = IPPROTO_TCP;
721 else if (strcmp(token, "udp") == 0)
722 proto = IPPROTO_UDP;
723 else {
724 ret = -1;
725 goto getout;
726 }
727 state = STATE_READ_KEYWORD;
728 break;
729
730 case STATE_READ_SRC:
731 case STATE_READ_DST: {
732 int err;
733 char *p;
734 struct in_addr mask;
735 struct in_addr addr;
736
737 p = token;
738 while (*p != '/' && *p != 0)
739 p++;
740
741 if (*p != '/') {
742 IpMask(32, &mask);
743 err = IpAddr(token, &addr);
744 if (err) {
745 ret = -1;
746 goto getout;
747 }
748 } else {
749 int nbits;
750 char s[sizeof(buffer)];
751
752 *p = ' ';
753 n = sscanf(token, "%s %d", s, &nbits);
754 if (n != 2) {
755 ret = -1;
756 goto getout;
757 }
758
759 err = IpAddr(s, &addr);
760 if (err) {
761 ret = -1;
762 goto getout;
763 }
764
765 err = IpMask(nbits, &mask);
766 if (err) {
767 ret = -1;
768 goto getout;
769 }
770 }
771
772 if (state == STATE_READ_SRC) {
773 src_addr = addr;
774 src_mask = mask;
775 } else {
776 dst_addr = addr;
777 dst_mask = mask;
778 }
779
780 state = STATE_READ_KEYWORD;
781 break;
782 }
783
784 default:
785 ret = -1;
786 goto getout;
787 break;
788 }
789
790 do {
791 token = strsep(&res, " \t");
792 } while (token != NULL && !*token);
793 }
794#undef STATE_READ_KEYWORD
795#undef STATE_READ_TYPE
796#undef STATE_READ_PORT
797#undef STATE_READ_SERVER
798#undef STATE_READ_RULE
799#undef STATE_READ_DELETE
800#undef STATE_READ_PROTO
801#undef STATE_READ_SRC
802#undef STATE_READ_DST
803
804 /* Convert port strings to numbers.
805 This needs to be done after the string is parsed, because
806 the prototype might not be designated before the ports
807 (which might be symbolic entries in /etc/services) */
808
809 if (strlen(str_port) != 0) {
810 int err;
811
812 err = IpPort(str_port, proto, &proxy_port);
813 if (err) {
814 ret = -1;
815 goto getout;
816 }
817 } else {
818 proxy_port = 0;
819 }
820
821 if (strlen(str_server_port) != 0) {
822 int err;
823
824 err = IpPort(str_server_port, proto, &server_port);
825 if (err) {
826 ret = -1;
827 goto getout;
828 }
829 } else {
830 server_port = 0;
831 }
832
833 /* Check that at least the server address has been defined */
834 if (server_addr.s_addr == 0) {
835 ret = -1;
836 goto getout;
837 }
838
839 /* Add to linked list */
840 proxy_entry = malloc(sizeof(struct proxy_entry));
841 if (proxy_entry == NULL) {
842 ret = -1;
843 goto getout;
844 }
845
846 proxy_entry->proxy_type = proxy_type;
847 proxy_entry->rule_index = rule_index;
848 proxy_entry->proto = proto;
849 proxy_entry->proxy_port = htons(proxy_port);
850 proxy_entry->server_port = htons(server_port);
851 proxy_entry->server_addr = server_addr;
852 proxy_entry->src_addr.s_addr = src_addr.s_addr & src_mask.s_addr;
853 proxy_entry->dst_addr.s_addr = dst_addr.s_addr & dst_mask.s_addr;
854 proxy_entry->src_mask = src_mask;
855 proxy_entry->dst_mask = dst_mask;
856
857 RuleAdd(la, proxy_entry);
858
859getout:
860 LIBALIAS_UNLOCK(la);
861 return (ret);
862}
GetAckModified
int GetAckModified(struct alias_link *lnk)
Definition: alias_db.c:1576
GetProxyPort
u_short GetProxyPort(struct alias_link *lnk)
Definition: alias_db.c:1563
GetProxyAddress
struct in_addr GetProxyAddress(struct alias_link *lnk)
Definition: alias_db.c:1551
SetAckModified
void SetAckModified(struct alias_link *lnk)
Definition: alias_db.c:1545
AddSeq
void AddSeq(struct alias_link *lnk, int delta, u_int ip_hl, u_short ip_len, u_long th_seq, u_int th_off)
Definition: alias_db.c:1672
GetDeltaSeqOut
int GetDeltaSeqOut(u_long seq, struct alias_link *lnk)
Definition: alias_db.c:1630
alias_local.h
LIBALIAS_LOCK_ASSERT
#define LIBALIAS_LOCK_ASSERT(l)
Definition: alias_local.h:174
INET_NTOA_BUF
#define INET_NTOA_BUF(buf)
Definition: alias_local.h:74
LIBALIAS_LOCK
#define LIBALIAS_LOCK(l)
Definition: alias_local.h:175
ADJUST_CHECKSUM
#define ADJUST_CHECKSUM(acc, cksum)
Definition: alias_local.h:194
LIBALIAS_UNLOCK
#define LIBALIAS_UNLOCK(l)
Definition: alias_local.h:176
alias_mod.h
STATE_READ_SRC
#define STATE_READ_SRC
PROXY_TYPE_ENCODE_NONE
#define PROXY_TYPE_ENCODE_NONE
Definition: alias_proxy.c:94
PROXY_TYPE_ENCODE_TCPSTREAM
#define PROXY_TYPE_ENCODE_TCPSTREAM
Definition: alias_proxy.c:95
RuleAdd
static void RuleAdd(struct libalias *la, struct proxy_entry *)
Definition: alias_proxy.c:202
PROXY_TYPE_ENCODE_IPHDR
#define PROXY_TYPE_ENCODE_IPHDR
Definition: alias_proxy.c:96
IpPort
static int IpPort(char *, int, int *)
Definition: alias_proxy.c:173
STATE_READ_DST
#define STATE_READ_DST
STATE_READ_DELETE
#define STATE_READ_DELETE
STATE_READ_KEYWORD
#define STATE_READ_KEYWORD
ProxyEncodeIpHeader
static void ProxyEncodeIpHeader(struct ip *, int)
Definition: alias_proxy.c:378
OPTION_LEN_INT16
#define OPTION_LEN_INT16
IpMask
static int IpMask(int, struct in_addr *)
Definition: alias_proxy.c:147
__FBSDID
__FBSDID("$FreeBSD$")
ProxyModify
void ProxyModify(struct libalias *la, struct alias_link *lnk, struct ip *pip, int maxpacketsize, int proxy_type)
Definition: alias_proxy.c:494
STATE_READ_PORT
#define STATE_READ_PORT
ProxyCheck
int ProxyCheck(struct libalias *la, struct in_addr *proxy_server_addr, u_short *proxy_server_port, struct in_addr src_addr, struct in_addr dst_addr, u_short dst_port, u_char ip_p)
Definition: alias_proxy.c:457
RuleNumberDelete
static int RuleNumberDelete(struct libalias *la, int)
Definition: alias_proxy.c:264
OPTION_LEN_INT32
#define OPTION_LEN_INT32
RuleDelete
static void RuleDelete(struct proxy_entry *)
Definition: alias_proxy.c:246
OPTION_LEN_BYTES
#define OPTION_LEN_BYTES
LibAliasProxyRule
int LibAliasProxyRule(struct libalias *la, const char *cmd)
Definition: alias_proxy.c:539
ProxyEncodeTcpStream
static void ProxyEncodeTcpStream(struct alias_link *, struct ip *, int)
Definition: alias_proxy.c:287
STATE_READ_RULE
#define STATE_READ_RULE
IpAddr
static int IpAddr(char *, struct in_addr *)
Definition: alias_proxy.c:164
STATE_READ_TYPE
#define STATE_READ_TYPE
STATE_READ_PROTO
#define STATE_READ_PROTO
STATE_READ_SERVER
#define STATE_READ_SERVER
inet_ntoa_r
char * inet_ntoa_r(struct in_addr ina, char *buf)
IPPROTO_TCP
#define IPPROTO_TCP
Definition: in.h:45
inet_aton
int inet_aton(const char *, struct in_addr *)
IPPROTO_UDP
#define IPPROTO_UDP
Definition: in.h:46
ip_p
u_char ip_p
Definition: ip.h:17
state
u_int32_t state
Definition: ip_fw.h:10
alias_link
Definition: alias_db.h:254
in_addr
Definition: in.h:83
in_addr::s_addr
in_addr_t s_addr
Definition: in.h:84
ip
Definition: ip.h:51
ip::ip_dst
struct in_addr ip_src ip_dst
Definition: ip.h:71
ip::ip_hl
u_char ip_hl
Definition: ip.h:53
ip::ip_sum
u_short ip_sum
Definition: ip.h:70
ip::ip_len
u_short ip_len
Definition: ip.h:61
libalias::proxyList
struct proxy_entry * proxyList
Definition: alias_local.h:139
proxy_entry
Definition: alias_proxy.c:92
proxy_entry::rule_index
int rule_index
Definition: alias_proxy.c:97
proxy_entry::proto
u_char proto
Definition: alias_proxy.c:99
proxy_entry::src_mask
struct in_addr src_mask
Definition: alias_proxy.c:106
proxy_entry::last
struct proxy_entry * last
Definition: alias_proxy.c:112
proxy_entry::server_port
u_short server_port
Definition: alias_proxy.c:101
proxy_entry::la
struct libalias * la
Definition: alias_proxy.c:93
proxy_entry::server_addr
struct in_addr server_addr
Definition: alias_proxy.c:103
proxy_entry::proxy_port
u_short proxy_port
Definition: alias_proxy.c:100
proxy_entry::next
struct proxy_entry * next
Definition: alias_proxy.c:111
proxy_entry::dst_mask
struct in_addr dst_mask
Definition: alias_proxy.c:109
proxy_entry::src_addr
struct in_addr src_addr
Definition: alias_proxy.c:105
proxy_entry::dst_addr
struct in_addr dst_addr
Definition: alias_proxy.c:108
proxy_entry::proxy_type
int proxy_type
Definition: alias_proxy.c:98