xref: /onnv-gate/usr/src/uts/common/inet/ipf/ip_compat.c (revision 7176:101cc5da1498) 
1*7176Syx160601 /*
2*7176Syx160601  * Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
3*7176Syx160601  * Use is subject to license terms.
4*7176Syx160601  */
5*7176Syx160601 
6*7176Syx160601 #pragma ident	"%Z%%M%	%I%	%E% SMI"
7*7176Syx160601 
8*7176Syx160601 #if defined(KERNEL) || defined(_KERNEL)
9*7176Syx160601 # undef KERNEL
10*7176Syx160601 # undef _KERNEL
11*7176Syx160601 # define        KERNEL	1
12*7176Syx160601 # define        _KERNEL	1
13*7176Syx160601 #endif
14*7176Syx160601 #include <sys/errno.h>
15*7176Syx160601 #include <sys/types.h>
16*7176Syx160601 #include <sys/param.h>
17*7176Syx160601 #include <sys/time.h>
18*7176Syx160601 #if defined(__NetBSD__)
19*7176Syx160601 # if (NetBSD >= 199905) && !defined(IPFILTER_LKM) && defined(_KERNEL)
20*7176Syx160601 #  include "opt_ipfilter_log.h"
21*7176Syx160601 # endif
22*7176Syx160601 #endif
23*7176Syx160601 #if defined(_KERNEL) && defined(__FreeBSD_version) && \
24*7176Syx160601     (__FreeBSD_version >= 220000)
25*7176Syx160601 # if (__FreeBSD_version >= 400000)
26*7176Syx160601 #  if !defined(IPFILTER_LKM)
27*7176Syx160601 #   include "opt_inet6.h"
28*7176Syx160601 #  endif
29*7176Syx160601 #  if (__FreeBSD_version == 400019)
30*7176Syx160601 #   define CSUM_DELAY_DATA
31*7176Syx160601 #  endif
32*7176Syx160601 # endif
33*7176Syx160601 # include <sys/filio.h>
34*7176Syx160601 #else
35*7176Syx160601 # include <sys/ioctl.h>
36*7176Syx160601 #endif
37*7176Syx160601 #if !defined(_AIX51)
38*7176Syx160601 # include <sys/fcntl.h>
39*7176Syx160601 #endif
40*7176Syx160601 #if defined(_KERNEL)
41*7176Syx160601 # include <sys/systm.h>
42*7176Syx160601 # include <sys/file.h>
43*7176Syx160601 #else
44*7176Syx160601 # include <stdio.h>
45*7176Syx160601 # include <string.h>
46*7176Syx160601 # include <stdlib.h>
47*7176Syx160601 # include <stddef.h>
48*7176Syx160601 # include <sys/file.h>
49*7176Syx160601 # define _KERNEL
50*7176Syx160601 # ifdef __OpenBSD__
51*7176Syx160601 struct file;
52*7176Syx160601 # endif
53*7176Syx160601 # include <sys/uio.h>
54*7176Syx160601 # undef _KERNEL
55*7176Syx160601 #endif
56*7176Syx160601 #if !defined(__SVR4) && !defined(__svr4__) && !defined(__hpux) && \
57*7176Syx160601     !defined(linux)
58*7176Syx160601 # include <sys/mbuf.h>
59*7176Syx160601 #else
60*7176Syx160601 # if !defined(linux)
61*7176Syx160601 #  include <sys/byteorder.h>
62*7176Syx160601 # endif
63*7176Syx160601 # if (SOLARIS2 < 5) && defined(sun)
64*7176Syx160601 #  include <sys/dditypes.h>
65*7176Syx160601 # endif
66*7176Syx160601 #endif
67*7176Syx160601 #ifdef __hpux
68*7176Syx160601 # define _NET_ROUTE_INCLUDED
69*7176Syx160601 #endif
70*7176Syx160601 #if !defined(linux)
71*7176Syx160601 # include <sys/protosw.h>
72*7176Syx160601 #endif
73*7176Syx160601 #include <sys/socket.h>
74*7176Syx160601 #include <net/if.h>
75*7176Syx160601 #ifdef sun
76*7176Syx160601 # include <net/af.h>
77*7176Syx160601 #endif
78*7176Syx160601 #if !defined(_KERNEL) && defined(__FreeBSD__)
79*7176Syx160601 # include "radix_ipf.h"
80*7176Syx160601 #endif
81*7176Syx160601 #include <net/route.h>
82*7176Syx160601 #include <netinet/in.h>
83*7176Syx160601 #include <netinet/in_systm.h>
84*7176Syx160601 #include <netinet/ip.h>
85*7176Syx160601 #if !defined(linux)
86*7176Syx160601 # include <netinet/ip_var.h>
87*7176Syx160601 #endif
88*7176Syx160601 #if defined(__sgi) && defined(IFF_DRVRLOCK) /* IRIX 6 */
89*7176Syx160601 # include <sys/hashing.h>
90*7176Syx160601 # include <netinet/in_var.h>
91*7176Syx160601 #endif
92*7176Syx160601 #include <netinet/tcp.h>
93*7176Syx160601 #if (!defined(__sgi) && !defined(AIX)) || defined(_KERNEL)
94*7176Syx160601 # include <netinet/udp.h>
95*7176Syx160601 # include <netinet/ip_icmp.h>
96*7176Syx160601 #endif
97*7176Syx160601 #ifdef __hpux
98*7176Syx160601 # undef _NET_ROUTE_INCLUDED
99*7176Syx160601 #endif
100*7176Syx160601 #include "netinet/ip_compat.h"
101*7176Syx160601 #ifdef	USE_INET6
102*7176Syx160601 # include <netinet/icmp6.h>
103*7176Syx160601 # if !SOLARIS && defined(_KERNEL) && !defined(__osf__) && !defined(__hpux)
104*7176Syx160601 #  include <netinet6/in6_var.h>
105*7176Syx160601 # endif
106*7176Syx160601 #endif
107*7176Syx160601 #include <netinet/tcpip.h>
108*7176Syx160601 #include "netinet/ip_fil.h"
109*7176Syx160601 #include "netinet/ip_nat.h"
110*7176Syx160601 #include "netinet/ip_frag.h"
111*7176Syx160601 #include "netinet/ip_state.h"
112*7176Syx160601 #include "netinet/ip_proxy.h"
113*7176Syx160601 #include "netinet/ip_auth.h"
114*7176Syx160601 #include "netinet/ipf_stack.h"
115*7176Syx160601 #ifdef IPFILTER_SCAN
116*7176Syx160601 # include "netinet/ip_scan.h"
117*7176Syx160601 #endif
118*7176Syx160601 #ifdef IPFILTER_SYNC
119*7176Syx160601 # include "netinet/ip_sync.h"
120*7176Syx160601 #endif
121*7176Syx160601 #include "netinet/ip_pool.h"
122*7176Syx160601 #include "netinet/ip_htable.h"
123*7176Syx160601 #ifdef IPFILTER_COMPILED
124*7176Syx160601 # include "netinet/ip_rules.h"
125*7176Syx160601 #endif
126*7176Syx160601 #if defined(IPFILTER_BPF) && defined(_KERNEL)
127*7176Syx160601 # include <net/bpf.h>
128*7176Syx160601 #endif
129*7176Syx160601 #if defined(__FreeBSD_version) && (__FreeBSD_version >= 300000)
130*7176Syx160601 # include <sys/malloc.h>
131*7176Syx160601 # if defined(_KERNEL) && !defined(IPFILTER_LKM)
132*7176Syx160601 #  include "opt_ipfilter.h"
133*7176Syx160601 # endif
134*7176Syx160601 #endif
135*7176Syx160601 #include "netinet/ipl.h"
136*7176Syx160601 /* END OF INCLUDES */
137*7176Syx160601 
138*7176Syx160601 #ifdef IPFILTER_COMPAT
139*7176Syx160601 
140*7176Syx160601 # define	IPFILTER_VERSION_4010900	4010900
141*7176Syx160601 
142*7176Syx160601 struct nat_4010900 {
143*7176Syx160601 	ipfmutex_t	nat_lock;
144*7176Syx160601 	struct	nat	*nat_next;
145*7176Syx160601 	struct	nat	**nat_pnext;
146*7176Syx160601 	struct	nat	*nat_hnext[2];
147*7176Syx160601 	struct	nat	**nat_phnext[2];
148*7176Syx160601 	struct	hostmap	*nat_hm;
149*7176Syx160601 	void		*nat_data;
150*7176Syx160601 	struct	nat	**nat_me;
151*7176Syx160601 	struct	ipstate	*nat_state;
152*7176Syx160601 	struct	ap_session	*nat_aps;		/* proxy session */
153*7176Syx160601 	frentry_t	*nat_fr;	/* filter rule ptr if appropriate */
154*7176Syx160601 	struct	ipnat	*nat_ptr;	/* pointer back to the rule */
155*7176Syx160601 	void		*nat_ifps[2];
156*7176Syx160601 	void		*nat_sync;
157*7176Syx160601 	ipftqent_t	nat_tqe;
158*7176Syx160601 	u_32_t		nat_flags;
159*7176Syx160601 	u_32_t		nat_sumd[2];	/* ip checksum delta for data segment */
160*7176Syx160601 	u_32_t		nat_ipsumd;	/* ip checksum delta for ip header */
161*7176Syx160601 	u_32_t		nat_mssclamp;	/* if != zero clamp MSS to this */
162*7176Syx160601 	i6addr_t	nat_inip6;
163*7176Syx160601 	i6addr_t	nat_outip6;
164*7176Syx160601 	i6addr_t	nat_oip6;		/* other ip */
165*7176Syx160601 	U_QUAD_T	nat_pkts[2];
166*7176Syx160601 	U_QUAD_T	nat_bytes[2];
167*7176Syx160601 	union	{
168*7176Syx160601 		udpinfo_t	nat_unu;
169*7176Syx160601 		tcpinfo_t	nat_unt;
170*7176Syx160601 		icmpinfo_t	nat_uni;
171*7176Syx160601 		greinfo_t	nat_ugre;
172*7176Syx160601 	} nat_un;
173*7176Syx160601 	u_short		nat_oport;		/* other port */
174*7176Syx160601 	u_short		nat_use;
175*7176Syx160601 	u_char		nat_p;			/* protocol for NAT */
176*7176Syx160601 	int		nat_dir;
177*7176Syx160601 	int		nat_ref;		/* reference count */
178*7176Syx160601 	int		nat_hv[2];
179*7176Syx160601 	char		nat_ifnames[2][LIFNAMSIZ];
180*7176Syx160601 	int		nat_rev;		/* 0 = forward, 1 = reverse */
181*7176Syx160601 	int		nat_redir;
182*7176Syx160601 };
183*7176Syx160601 
184*7176Syx160601 struct  nat_save_4010900    {
185*7176Syx160601 	void	*ipn_next;
186*7176Syx160601 	struct	nat_4010900	ipn_nat;
187*7176Syx160601 	struct	ipnat		ipn_ipnat;
188*7176Syx160601 	struct	frentry		ipn_fr;
189*7176Syx160601 	int			ipn_dsize;
190*7176Syx160601 	char			ipn_data[4];
191*7176Syx160601 };
192*7176Syx160601 
193*7176Syx160601 struct natlookup_4010900 {
194*7176Syx160601 	struct	in_addr	nlc_inip;
195*7176Syx160601 	struct	in_addr	nlc_outip;
196*7176Syx160601 	struct	in_addr	nlc_realip;
197*7176Syx160601 	int		nlc_flags;
198*7176Syx160601 	u_short		nlc_inport;
199*7176Syx160601 	u_short		nlc_outport;
200*7176Syx160601 	u_short		nlc_realport;
201*7176Syx160601 };
202*7176Syx160601 
203*7176Syx160601 
204*7176Syx160601 /* ------------------------------------------------------------------------ */
205*7176Syx160601 /* Function:    fr_incomptrans                                              */
206*7176Syx160601 /* Returns:     int     - 0 = success, else failure                         */
207*7176Syx160601 /* Parameters:  obj(I) - pointer to ioctl data                              */
208*7176Syx160601 /*              ptr(I)  - pointer to store real data in                     */
209*7176Syx160601 /*                                                                          */
210*7176Syx160601 /* Translate the copied in ipfobj_t to new for backward compatibility at    */
211*7176Syx160601 /* the ABI for user land.                                                   */
212*7176Syx160601 /* ------------------------------------------------------------------------ */
fr_incomptrans(obj,ptr)213*7176Syx160601 int fr_incomptrans(obj, ptr)
214*7176Syx160601 ipfobj_t *obj;
215*7176Syx160601 void *ptr;
216*7176Syx160601 {
217*7176Syx160601 	int error;
218*7176Syx160601 	natlookup_t *nlp;
219*7176Syx160601 	nat_save_t *nsp;
220*7176Syx160601 	struct nat_save_4010900 nsc;
221*7176Syx160601 	struct natlookup_4010900 nlc;
222*7176Syx160601 
223*7176Syx160601 	switch (obj->ipfo_type)
224*7176Syx160601 	{
225*7176Syx160601 	case IPFOBJ_NATLOOKUP :
226*7176Syx160601 		if ((obj->ipfo_rev != IPFILTER_VERSION_4010900) ||
227*7176Syx160601 		    (obj->ipfo_size != sizeof (nlc)))
228*7176Syx160601 			return EINVAL;
229*7176Syx160601 		error = COPYIN((caddr_t)obj->ipfo_ptr, (caddr_t)&nlc,
230*7176Syx160601 				obj->ipfo_size);
231*7176Syx160601 		if (!error) {
232*7176Syx160601 			nlp = (natlookup_t *)ptr;
233*7176Syx160601 			bzero((char *)nlp, sizeof (*nlp));
234*7176Syx160601 			nlp->nl_inip = nlc.nlc_inip;
235*7176Syx160601 			nlp->nl_outip = nlc.nlc_outip;
236*7176Syx160601 			nlp->nl_inport = nlc.nlc_inport;
237*7176Syx160601 			nlp->nl_outport = nlc.nlc_outport;
238*7176Syx160601 			nlp->nl_flags = nlc.nlc_flags;
239*7176Syx160601 			nlp->nl_v = 4;
240*7176Syx160601 		}
241*7176Syx160601 		break;
242*7176Syx160601 	case IPFOBJ_NATSAVE :
243*7176Syx160601 		if ((obj->ipfo_rev != IPFILTER_VERSION_4010900) ||
244*7176Syx160601 		    (obj->ipfo_size != sizeof (nsc)))
245*7176Syx160601 			return EINVAL;
246*7176Syx160601 		error = COPYIN((caddr_t)obj->ipfo_ptr, (caddr_t)&nsc,
247*7176Syx160601 				obj->ipfo_size);
248*7176Syx160601 		if (!error) {
249*7176Syx160601 			nsp = (nat_save_t *)ptr;
250*7176Syx160601 			bzero((char *)nsp, sizeof (*nsp));
251*7176Syx160601 			nsp->ipn_next = nsc.ipn_next;
252*7176Syx160601 			nsp->ipn_dsize = nsc.ipn_dsize;
253*7176Syx160601 			nsp->ipn_nat.nat_inip = nsc.ipn_nat.nat_inip;
254*7176Syx160601 			nsp->ipn_nat.nat_outip = nsc.ipn_nat.nat_outip;
255*7176Syx160601 			nsp->ipn_nat.nat_oip = nsc.ipn_nat.nat_oip;
256*7176Syx160601 			nsp->ipn_nat.nat_inport = nsc.ipn_nat.nat_inport;
257*7176Syx160601 			nsp->ipn_nat.nat_outport = nsc.ipn_nat.nat_outport;
258*7176Syx160601 			nsp->ipn_nat.nat_oport = nsc.ipn_nat.nat_oport;
259*7176Syx160601 			nsp->ipn_nat.nat_flags = nsc.ipn_nat.nat_flags;
260*7176Syx160601 			nsp->ipn_nat.nat_v = 4;
261*7176Syx160601 		}
262*7176Syx160601 		break;
263*7176Syx160601 	default :
264*7176Syx160601 		return EINVAL;
265*7176Syx160601 	}
266*7176Syx160601 	return error;
267*7176Syx160601 }
268*7176Syx160601 
269*7176Syx160601 /* ------------------------------------------------------------------------ */
270*7176Syx160601 /* Function:    fr_outcomptrans                                             */
271*7176Syx160601 /* Returns:     int     - 0 = success, else failure                         */
272*7176Syx160601 /* Parameters:  obj(I) - pointer to ioctl data                              */
273*7176Syx160601 /*              ptr(I)  - pointer to store real data in                     */
274*7176Syx160601 /*                                                                          */
275*7176Syx160601 /* Translate the copied out ipfobj_t to new definition for backward         */
276*7176Syx160601 /* compatibility at the ABI for user land.                                  */
277*7176Syx160601 /* ------------------------------------------------------------------------ */
fr_outcomptrans(obj,ptr)278*7176Syx160601 int fr_outcomptrans(obj, ptr)
279*7176Syx160601 ipfobj_t *obj;
280*7176Syx160601 void *ptr;
281*7176Syx160601 {
282*7176Syx160601 	int error;
283*7176Syx160601 	natlookup_t *nlp;
284*7176Syx160601 	struct natlookup_4010900 nlc;
285*7176Syx160601 
286*7176Syx160601 	switch (obj->ipfo_type)
287*7176Syx160601 	{
288*7176Syx160601 	case IPFOBJ_NATLOOKUP :
289*7176Syx160601 		if ((obj->ipfo_rev != IPFILTER_VERSION_4010900) ||
290*7176Syx160601 		    (obj->ipfo_size != sizeof (nlc)))
291*7176Syx160601 			return EINVAL;
292*7176Syx160601 		bzero((char *)&nlc, sizeof (nlc));
293*7176Syx160601 		nlp = (natlookup_t *)ptr;
294*7176Syx160601 		nlc.nlc_inip = nlp->nl_inip;
295*7176Syx160601 		nlc.nlc_outip = nlp->nl_outip;
296*7176Syx160601 		nlc.nlc_realip = nlp->nl_realip;
297*7176Syx160601 		nlc.nlc_inport = nlp->nl_inport;
298*7176Syx160601 		nlc.nlc_outport = nlp->nl_outport;
299*7176Syx160601 		nlc.nlc_realport = nlp->nl_realport;
300*7176Syx160601 		nlc.nlc_flags = nlp->nl_flags;
301*7176Syx160601 		error = COPYOUT((caddr_t)&nlc, (caddr_t)obj->ipfo_ptr,
302*7176Syx160601 				obj->ipfo_size);
303*7176Syx160601 		break;
304*7176Syx160601 	default :
305*7176Syx160601 		return EINVAL;
306*7176Syx160601 	}
307*7176Syx160601 	return error;
308*7176Syx160601 }
309*7176Syx160601 
310*7176Syx160601 #endif /* IPFILTER_COMPAT */
311