1 /* $OpenBSD: relayd.h,v 1.262 2020/09/14 11:30:25 martijn Exp $ */ 2 3 /* 4 * Copyright (c) 2006 - 2016 Reyk Floeter <reyk@openbsd.org> 5 * Copyright (c) 2006, 2007 Pierre-Yves Ritschard <pyr@openbsd.org> 6 * Copyright (c) 2003, 2004 Henning Brauer <henning@openbsd.org> 7 * 8 * Permission to use, copy, modify, and distribute this software for any 9 * purpose with or without fee is hereby granted, provided that the above 10 * copyright notice and this permission notice appear in all copies. 11 * 12 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 13 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 14 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 15 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 16 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 17 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 18 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 19 */ 20 21 #ifndef RELAYD_H 22 #define RELAYD_H 23 24 #include <sys/types.h> 25 #include <sys/socket.h> 26 #include <sys/queue.h> 27 #include <sys/tree.h> 28 #include <sys/time.h> 29 #include <sys/un.h> 30 31 #include <net/if.h> 32 #include <net/pfvar.h> 33 34 #include <stdarg.h> 35 #include <limits.h> 36 #include <siphash.h> 37 #include <event.h> 38 #include <imsg.h> 39 40 #include <openssl/ssl.h> 41 #include <tls.h> 42 43 #ifndef nitems 44 #define nitems(_a) (sizeof((_a)) / sizeof((_a)[0])) 45 #endif 46 47 #define CONF_FILE "/etc/relayd.conf" 48 #define RELAYD_SOCKET "/var/run/relayd.sock" 49 #define PF_SOCKET "/dev/pf" 50 #define RELAYD_USER "_relayd" 51 #define RELAYD_ANCHOR "relayd" 52 #define RELAYD_SERVERNAME "OpenBSD relayd" 53 #define CHECK_TIMEOUT 200 54 #define CHECK_INTERVAL 10 55 #define EMPTY_TABLE UINT_MAX 56 #define EMPTY_ID UINT_MAX 57 #define LABEL_NAME_SIZE 1024 58 #define TAG_NAME_SIZE 64 59 #define TABLE_NAME_SIZE 64 60 #define RD_TAG_NAME_SIZE 64 61 #define RT_LABEL_SIZE 32 62 #define SRV_NAME_SIZE 64 63 #define MAX_NAME_SIZE 64 64 #define SRV_MAX_VIRTS 16 65 #define TLS_NAME_SIZE 512 66 #define TLS_CERT_HASH_SIZE 128 67 #define RELAY_MAX_PREFETCH 256 68 #define RELAY_MIN_PREFETCHED 32 69 70 #define FD_RESERVE 5 71 72 #define RELAY_MAX_BACKLOG 512 73 #define RELAY_TIMEOUT 600 74 #define RELAY_CACHESIZE -1 /* use default size */ 75 #define RELAY_NUMPROC 3 76 #define RELAY_MAXHOSTS 32 77 #define RELAY_MAXHEADERLENGTH 131072 78 #define RELAY_DEFHEADERLENGTH 8192 79 #define RELAY_STATINTERVAL 60 80 #define RELAY_BACKLOG 10 81 #define RELAY_MAXLOOKUPLEVELS 5 82 #define RELAY_OUTOF_FD_RETRIES 5 83 #define RELAY_MAX_HASH_RETRIES 5 84 #define RELAY_TLS_PRIV_TIMEOUT 1000 /* wait 1sec for the ca */ 85 86 #define CONFIG_RELOAD 0x00 87 #define CONFIG_TABLES 0x01 88 #define CONFIG_RDRS 0x02 89 #define CONFIG_RELAYS 0x04 90 #define CONFIG_PROTOS 0x08 91 #define CONFIG_ROUTES 0x10 92 #define CONFIG_RTS 0x20 93 #define CONFIG_CA_ENGINE 0x40 94 #define CONFIG_CERTS 0x80 95 #define CONFIG_ALL 0xff 96 97 #define SMALL_READ_BUF_SIZE 1024 98 #define ICMP_BUF_SIZE 64 99 #define ICMP_RCVBUF_SIZE 262144 100 101 #define AGENTX_RECONNECT_TIMEOUT { 3, 0 } /* sec, usec */ 102 103 #define PROC_PARENT_SOCK_FILENO 3 104 #define PROC_MAX_INSTANCES 32 105 106 #if DEBUG > 1 107 #define DPRINTF log_debug 108 #define DEBUG_CERT 1 109 #else 110 #define DPRINTF(x...) do {} while(0) 111 #endif 112 113 /* Used for DNS request ID randomization */ 114 struct shuffle { 115 u_int16_t id_shuffle[65536]; 116 int isindex; 117 }; 118 119 typedef u_int32_t objid_t; 120 121 struct ctl_status { 122 objid_t id; 123 int up; 124 int retry_cnt; 125 u_long check_cnt; 126 u_int16_t he; 127 }; 128 129 struct ctl_id { 130 objid_t id; 131 char name[MAX_NAME_SIZE]; 132 }; 133 134 struct ctl_relaytable { 135 objid_t id; 136 objid_t relayid; 137 int mode; 138 u_int32_t flags; 139 }; 140 141 enum fd_type { 142 RELAY_FD_CERT = 1, 143 RELAY_FD_CACERT = 2, 144 RELAY_FD_CAFILE = 3, 145 RELAY_FD_KEY = 4, 146 RELAY_FD_OCSP = 5 147 }; 148 149 struct ctl_relayfd { 150 objid_t id; 151 objid_t relayid; 152 enum fd_type type; 153 }; 154 155 struct ctl_script { 156 objid_t host; 157 int retval; 158 struct timeval timeout; 159 char name[HOST_NAME_MAX+1]; 160 char path[PATH_MAX]; 161 }; 162 163 struct ctl_demote { 164 char group[IFNAMSIZ]; 165 int level; 166 }; 167 168 struct ctl_icmp_event { 169 struct relayd *env; 170 int s; 171 int af; 172 int last_up; 173 struct event ev; 174 struct timeval tv_start; 175 }; 176 177 struct ctl_tcp_event { 178 int s; 179 char *req; 180 struct ibuf *buf; 181 struct host *host; 182 struct table *table; 183 struct timeval tv_start; 184 struct event ev; 185 int (*validate_read)(struct ctl_tcp_event *); 186 int (*validate_close)(struct ctl_tcp_event *); 187 188 struct tls *tls; 189 }; 190 191 enum direction { 192 RELAY_DIR_INVALID = -1, 193 RELAY_DIR_ANY = 0, 194 RELAY_DIR_REQUEST = 1, 195 RELAY_DIR_RESPONSE = 2 196 }; 197 198 enum relay_state { 199 STATE_INIT, 200 STATE_PENDING, 201 STATE_PRECONNECT, 202 STATE_CONNECTED, 203 STATE_CLOSED, 204 STATE_DONE 205 }; 206 207 struct ctl_relay_event { 208 int s; 209 in_port_t port; 210 struct sockaddr_storage ss; 211 struct bufferevent *bev; 212 struct evbuffer *output; 213 struct ctl_relay_event *dst; 214 struct rsession *con; 215 216 struct tls *tls; 217 struct tls_config *tls_cfg; 218 struct tls *tls_ctx; 219 220 uint8_t *tlscert; 221 size_t tlscert_len; 222 223 off_t splicelen; 224 off_t toread; 225 size_t headerlen; 226 int line; 227 int done; 228 int timedout; 229 enum relay_state state; 230 enum direction dir; 231 232 /* protocol-specific descriptor */ 233 void *desc; 234 }; 235 236 enum httpchunk { 237 TOREAD_UNLIMITED = -1, 238 TOREAD_HTTP_HEADER = -2, 239 TOREAD_HTTP_CHUNK_LENGTH = -3, 240 TOREAD_HTTP_CHUNK_TRAILER = -4 241 }; 242 243 struct ctl_natlook { 244 objid_t id; 245 int proc; 246 247 struct sockaddr_storage src; 248 struct sockaddr_storage dst; 249 struct sockaddr_storage rsrc; 250 struct sockaddr_storage rdst; 251 in_port_t rsport; 252 in_port_t rdport; 253 int in; 254 int proto; 255 }; 256 257 struct ctl_bindany { 258 objid_t bnd_id; 259 int bnd_proc; 260 261 struct sockaddr_storage bnd_ss; 262 in_port_t bnd_port; 263 int bnd_proto; 264 }; 265 266 struct ctl_keyop { 267 char cko_hash[TLS_CERT_HASH_SIZE]; 268 int cko_proc; 269 int cko_flen; 270 int cko_tlen; 271 int cko_padding; 272 }; 273 274 struct ctl_stats { 275 objid_t id; 276 int proc; 277 278 u_int64_t interval; 279 u_int64_t cnt; 280 u_int32_t tick; 281 u_int32_t avg; 282 u_int32_t last; 283 u_int32_t avg_hour; 284 u_int32_t last_hour; 285 u_int32_t avg_day; 286 u_int32_t last_day; 287 }; 288 289 enum key_option { 290 KEY_OPTION_NONE = 0, 291 KEY_OPTION_APPEND, 292 KEY_OPTION_SET, 293 KEY_OPTION_REMOVE, 294 KEY_OPTION_HASH, 295 KEY_OPTION_LOG 296 }; 297 298 enum key_type { 299 KEY_TYPE_NONE = 0, 300 KEY_TYPE_COOKIE, 301 KEY_TYPE_HEADER, 302 KEY_TYPE_PATH, 303 KEY_TYPE_QUERY, 304 KEY_TYPE_URL, 305 KEY_TYPE_MAX 306 }; 307 308 struct ctl_kvlen { 309 ssize_t key; 310 ssize_t value; 311 }; 312 313 struct ctl_rule { 314 struct ctl_kvlen kvlen[KEY_TYPE_MAX]; 315 }; 316 317 enum digest_type { 318 DIGEST_NONE = 0, 319 DIGEST_SHA1 = 1, 320 DIGEST_MD5 = 2 321 }; 322 323 TAILQ_HEAD(kvlist, kv); 324 RB_HEAD(kvtree, kv); 325 326 struct kv { 327 char *kv_key; 328 char *kv_value; 329 330 enum key_type kv_type; 331 enum key_option kv_option; 332 enum digest_type kv_digest; 333 334 #define KV_FLAG_MACRO 0x01 335 #define KV_FLAG_INVALID 0x02 336 #define KV_FLAG_GLOBBING 0x04 337 u_int8_t kv_flags; 338 339 struct kvlist kv_children; 340 struct kv *kv_parent; 341 TAILQ_ENTRY(kv) kv_entry; 342 343 RB_ENTRY(kv) kv_node; 344 345 /* A few pointers used by the rule actions */ 346 struct kv *kv_match; 347 struct kvtree *kv_matchtree; 348 349 TAILQ_ENTRY(kv) kv_match_entry; 350 TAILQ_ENTRY(kv) kv_rule_entry; 351 TAILQ_ENTRY(kv) kv_action_entry; 352 }; 353 354 struct portrange { 355 in_port_t val[2]; 356 u_int8_t op; 357 }; 358 359 struct address { 360 objid_t rdrid; 361 struct sockaddr_storage ss; 362 int ipproto; 363 struct portrange port; 364 char ifname[IFNAMSIZ]; 365 TAILQ_ENTRY(address) entry; 366 }; 367 TAILQ_HEAD(addresslist, address); 368 369 union hashkey { 370 /* Simplified version of pf_poolhashkey */ 371 u_int32_t data[4]; 372 SIPHASH_KEY siphashkey; 373 }; 374 375 #define F_DISABLE 0x00000001 376 #define F_BACKUP 0x00000002 377 #define F_USED 0x00000004 378 #define F_DOWN 0x00000008 379 #define F_ADD 0x00000010 380 #define F_DEL 0x00000020 381 #define F_CHANGED 0x00000040 382 #define F_STICKY 0x00000080 383 #define F_CHECK_DONE 0x00000100 384 #define F_ACTIVE_RULESET 0x00000200 385 #define F_CHECK_SENT 0x00000400 386 #define F_TLS 0x00000800 387 #define F_NATLOOK 0x00001000 388 #define F_DEMOTE 0x00002000 389 #define F_LOOKUP_PATH 0x00004000 390 #define F_DEMOTED 0x00008000 391 #define F_UDP 0x00010000 392 #define F_RETURN 0x00020000 393 #define F_AGENTX 0x00040000 394 #define F_NEEDPF 0x00080000 395 #define F_PORT 0x00100000 396 #define F_TLSCLIENT 0x00200000 397 #define F_NEEDRT 0x00400000 398 #define F_MATCH 0x00800000 399 #define F_DIVERT 0x01000000 400 #define F_SCRIPT 0x02000000 401 #define F_TLSINSPECT 0x04000000 402 #define F_HASHKEY 0x08000000 403 #define F_AGENTX_TRAPONLY 0x10000000 404 405 #define F_BITS \ 406 "\10\01DISABLE\02BACKUP\03USED\04DOWN\05ADD\06DEL\07CHANGED" \ 407 "\10STICKY-ADDRESS\11CHECK_DONE\12ACTIVE_RULESET\13CHECK_SENT" \ 408 "\14TLS\15NAT_LOOKUP\16DEMOTE\17LOOKUP_PATH\20DEMOTED\21UDP" \ 409 "\22RETURN\23TRAP\24NEEDPF\25PORT\26TLS_CLIENT\27NEEDRT" \ 410 "\30MATCH\31DIVERT\32SCRIPT\33TLS_INSPECT\34HASHKEY" \ 411 "\35AGENTX_TRAPONLY" 412 413 enum forwardmode { 414 FWD_NORMAL = 0, 415 FWD_ROUTE, 416 FWD_TRANS 417 }; 418 419 struct host_config { 420 objid_t id; 421 objid_t parentid; 422 objid_t tableid; 423 int retry; 424 char name[HOST_NAME_MAX+1]; 425 struct sockaddr_storage ss; 426 int ttl; 427 int priority; 428 }; 429 430 struct host { 431 TAILQ_ENTRY(host) entry; 432 TAILQ_ENTRY(host) globalentry; 433 SLIST_ENTRY(host) child; 434 SLIST_HEAD(,host) children; 435 struct host_config conf; 436 u_int32_t flags; 437 char *tablename; 438 int up; 439 int last_up; 440 u_long check_cnt; 441 u_long up_cnt; 442 int retry_cnt; 443 int idx; 444 u_int16_t he; 445 int code; 446 struct ctl_tcp_event cte; 447 }; 448 TAILQ_HEAD(hostlist, host); 449 450 enum host_error { 451 HCE_NONE = 0, 452 HCE_ABORT, 453 HCE_INTERVAL_TIMEOUT, 454 HCE_ICMP_OK, 455 HCE_ICMP_READ_TIMEOUT, 456 HCE_ICMP_WRITE_TIMEOUT, 457 HCE_TCP_SOCKET_ERROR, 458 HCE_TCP_SOCKET_LIMIT, 459 HCE_TCP_SOCKET_OPTION, 460 HCE_TCP_CONNECT_FAIL, 461 HCE_TCP_CONNECT_TIMEOUT, 462 HCE_TCP_CONNECT_OK, 463 HCE_TCP_WRITE_TIMEOUT, 464 HCE_TCP_WRITE_FAIL, 465 HCE_TCP_READ_TIMEOUT, 466 HCE_TCP_READ_FAIL, 467 HCE_SCRIPT_OK, 468 HCE_SCRIPT_FAIL, 469 HCE_TLS_CONNECT_ERROR, 470 HCE_TLS_CONNECT_FAIL, 471 HCE_TLS_CONNECT_OK, 472 HCE_TLS_CONNECT_TIMEOUT, 473 HCE_TLS_READ_TIMEOUT, 474 HCE_TLS_WRITE_TIMEOUT, 475 HCE_TLS_READ_ERROR, 476 HCE_TLS_WRITE_ERROR, 477 HCE_SEND_EXPECT_FAIL, 478 HCE_SEND_EXPECT_OK, 479 HCE_HTTP_CODE_ERROR, 480 HCE_HTTP_CODE_FAIL, 481 HCE_HTTP_CODE_OK, 482 HCE_HTTP_DIGEST_ERROR, 483 HCE_HTTP_DIGEST_FAIL, 484 HCE_HTTP_DIGEST_OK, 485 }; 486 487 enum host_status { 488 HOST_DOWN = -1, 489 HOST_UNKNOWN = 0, 490 HOST_UP = 1 491 }; 492 #define HOST_ISUP(x) (x == HOST_UP) 493 494 struct table_config { 495 objid_t id; 496 objid_t rdrid; 497 u_int32_t flags; 498 int check; 499 char demote_group[IFNAMSIZ]; 500 char ifname[IFNAMSIZ]; 501 struct timeval timeout; 502 in_port_t port; 503 int retcode; 504 int skip_cnt; 505 char name[TABLE_NAME_SIZE]; 506 size_t name_len; 507 char path[PATH_MAX]; 508 unsigned char exbinbuf[128]; 509 char exbuf[256]; 510 char digest[41]; /* length of sha1 digest * 2 */ 511 u_int8_t digest_type; 512 enum forwardmode fwdmode; 513 }; 514 515 struct table { 516 TAILQ_ENTRY(table) entry; 517 struct table_config conf; 518 int up; 519 int skipped; 520 struct hostlist hosts; 521 struct tls_config *tls_cfg; 522 struct ibuf *sendbinbuf; 523 char *sendbuf; 524 }; 525 TAILQ_HEAD(tablelist, table); 526 527 enum table_check { 528 CHECK_NOCHECK = 0, 529 CHECK_ICMP = 1, 530 CHECK_TCP = 2, 531 CHECK_HTTP_CODE = 3, 532 CHECK_HTTP_DIGEST = 4, 533 CHECK_BINSEND_EXPECT = 5, 534 CHECK_SEND_EXPECT = 6, 535 CHECK_SCRIPT = 7 536 }; 537 538 struct rdr_config { 539 objid_t id; 540 u_int32_t flags; 541 in_port_t port; 542 objid_t table_id; 543 objid_t backup_id; 544 int mode; 545 union hashkey key; 546 char name[SRV_NAME_SIZE]; 547 char tag[RD_TAG_NAME_SIZE]; 548 struct timeval timeout; 549 }; 550 551 struct rdr { 552 TAILQ_ENTRY(rdr) entry; 553 struct rdr_config conf; 554 struct addresslist virts; 555 struct table *table; 556 struct table *backup; /* use this if no host up */ 557 struct ctl_stats stats; 558 }; 559 TAILQ_HEAD(rdrlist, rdr); 560 561 struct rsession { 562 objid_t se_id; 563 objid_t se_relayid; 564 struct sockaddr_storage se_sockname; 565 struct ctl_relay_event se_in; 566 struct ctl_relay_event se_out; 567 void *se_priv; 568 SIPHASH_CTX se_siphashctx; 569 struct relay_table *se_table; 570 struct relay_table *se_table0; 571 struct event se_ev; 572 struct timeval se_timeout; 573 struct timeval se_tv_start; 574 struct timeval se_tv_last; 575 struct event se_inflightevt; 576 int se_done; 577 int se_retry; 578 int se_retrycount; 579 int se_connectcount; 580 int se_haslog; 581 struct evbuffer *se_log; 582 struct relay *se_relay; 583 struct ctl_natlook *se_cnl; 584 int se_bnds; 585 u_int16_t se_tag; 586 u_int16_t se_label; 587 588 int se_cid; 589 pid_t se_pid; 590 SPLAY_ENTRY(rsession) se_nodes; 591 TAILQ_ENTRY(rsession) se_entry; 592 }; 593 SPLAY_HEAD(session_tree, rsession); 594 TAILQ_HEAD(sessionlist, rsession); 595 596 enum prototype { 597 RELAY_PROTO_TCP = 0, 598 RELAY_PROTO_HTTP, 599 RELAY_PROTO_DNS 600 }; 601 602 enum relay_result { 603 RES_DROP = 0, 604 RES_PASS = 1, 605 RES_FAIL = -1, 606 RES_BAD = -2, 607 RES_INTERNAL = -3 608 }; 609 610 enum rule_action { 611 RULE_ACTION_MATCH = 0, 612 RULE_ACTION_PASS, 613 RULE_ACTION_BLOCK 614 }; 615 616 struct rule_addr { 617 struct sockaddr_storage addr; 618 u_int8_t addr_mask; 619 int addr_port; 620 }; 621 622 #define RELAY_ADDR_EQ(_a, _b) \ 623 ((_a)->addr_mask == (_b)->addr_mask && \ 624 sockaddr_cmp((struct sockaddr *)&(_a)->addr, \ 625 (struct sockaddr *)&(_b)->addr, (_a)->addr_mask) == 0) 626 627 #define RELAY_ADDR_CMP(_a, _b) \ 628 sockaddr_cmp((struct sockaddr *)&(_a)->addr, \ 629 (struct sockaddr *)(_b), (_a)->addr_mask) 630 631 #define RELAY_ADDR_NEQ(_a, _b) \ 632 ((_a)->addr_mask != (_b)->addr_mask || \ 633 sockaddr_cmp((struct sockaddr *)&(_a)->addr, \ 634 (struct sockaddr *)&(_b)->addr, (_a)->addr_mask) != 0) 635 636 #define RELAY_AF_NEQ(_a, _b) \ 637 (((_a) != AF_UNSPEC) && ((_b) != AF_UNSPEC) && \ 638 ((_a) != (_b))) 639 640 struct relay_rule { 641 objid_t rule_id; 642 objid_t rule_protoid; 643 644 u_int rule_action; 645 #define RULE_SKIP_PROTO 0 646 #define RULE_SKIP_DIR 1 647 #define RULE_SKIP_AF 2 648 #define RULE_SKIP_SRC 3 649 #define RULE_SKIP_DST 4 650 #define RULE_SKIP_METHOD 5 651 #define RULE_SKIP_COUNT 6 652 struct relay_rule *rule_skip[RULE_SKIP_COUNT]; 653 654 #define RULE_FLAG_QUICK 0x01 655 u_int8_t rule_flags; 656 657 int rule_label; 658 int rule_tag; 659 int rule_tagged; 660 enum direction rule_dir; 661 u_int rule_proto; 662 int rule_af; 663 struct rule_addr rule_src; 664 struct rule_addr rule_dst; 665 struct relay_table *rule_table; 666 667 u_int rule_method; 668 char rule_labelname[LABEL_NAME_SIZE]; 669 char rule_tablename[TABLE_NAME_SIZE]; 670 char rule_taggedname[TAG_NAME_SIZE]; 671 char rule_tagname[TAG_NAME_SIZE]; 672 673 struct ctl_rule rule_ctl; 674 struct kv rule_kv[KEY_TYPE_MAX]; 675 struct kvlist rule_kvlist; 676 677 TAILQ_ENTRY(relay_rule) rule_entry; 678 }; 679 TAILQ_HEAD(relay_rules, relay_rule); 680 681 #define TCPFLAG_NODELAY 0x01 682 #define TCPFLAG_NNODELAY 0x02 683 #define TCPFLAG_SACK 0x04 684 #define TCPFLAG_NSACK 0x08 685 #define TCPFLAG_BUFSIZ 0x10 686 #define TCPFLAG_IPTTL 0x20 687 #define TCPFLAG_IPMINTTL 0x40 688 #define TCPFLAG_NSPLICE 0x80 689 #define TCPFLAG_DEFAULT 0x00 690 691 #define TCPFLAG_BITS \ 692 "\10\01NODELAY\02NO_NODELAY\03SACK\04NO_SACK" \ 693 "\05SOCKET_BUFFER_SIZE\06IP_TTL\07IP_MINTTL\10NO_SPLICE" 694 695 #define TLSFLAG_SSLV3 0x01 696 #define TLSFLAG_TLSV1_0 0x02 697 #define TLSFLAG_TLSV1_1 0x04 698 #define TLSFLAG_TLSV1_2 0x08 699 #define TLSFLAG_TLSV1_3 0x10 700 #define TLSFLAG_TLSV1 0x1e 701 #define TLSFLAG_VERSION 0x1f 702 #define TLSFLAG_CIPHER_SERVER_PREF 0x20 703 #define TLSFLAG_CLIENT_RENEG 0x40 704 #define TLSFLAG_DEFAULT \ 705 (TLSFLAG_TLSV1_2|TLSFLAG_TLSV1_3|TLSFLAG_CIPHER_SERVER_PREF) 706 707 #define TLSFLAG_BITS \ 708 "\06\01sslv3\02tlsv1.0\03tlsv1.1\04tlsv1.2\05tlsv1.3" \ 709 "\06cipher-server-preference\07client-renegotiation" 710 711 #define TLSCIPHERS_DEFAULT "HIGH:!aNULL" 712 #define TLSECDHECURVES_DEFAULT "default" 713 #define TLSDHPARAM_DEFAULT "none" 714 715 struct relay_ticket_key { 716 uint32_t tt_keyrev; 717 unsigned char tt_key[TLS_TICKET_KEY_SIZE]; 718 }; 719 #define TLS_SESSION_LIFETIME (2 * 3600) 720 721 #define HTTPFLAG_WEBSOCKETS 0x01 722 723 struct keyname { 724 TAILQ_ENTRY(keyname) entry; 725 char *name; 726 }; 727 TAILQ_HEAD(keynamelist, keyname); 728 729 struct protocol { 730 objid_t id; 731 u_int32_t flags; 732 u_int8_t tcpflags; 733 int tcpbufsiz; 734 int tcpbacklog; 735 u_int8_t tcpipttl; 736 u_int8_t tcpipminttl; 737 size_t httpheaderlen; 738 int httpflags; 739 u_int8_t tlsflags; 740 char tlsciphers[768]; 741 char tlsdhparams[128]; 742 char tlsecdhecurves[128]; 743 char tlsca[PATH_MAX]; 744 char tlscacert[PATH_MAX]; 745 char tlscakey[PATH_MAX]; 746 char *tlscapass; 747 struct keynamelist tlscerts; 748 char name[MAX_NAME_SIZE]; 749 int tickets; 750 enum prototype type; 751 char *style; 752 753 int (*cmp)(struct rsession *, struct rsession *); 754 void *(*validate)(struct rsession *, struct relay *, 755 struct sockaddr_storage *, 756 u_int8_t *, size_t); 757 int (*request)(struct rsession *); 758 void (*close)(struct rsession *); 759 760 struct relay_rules rules; 761 int rulecount; 762 763 TAILQ_ENTRY(protocol) entry; 764 }; 765 TAILQ_HEAD(protolist, protocol); 766 767 struct relay_table { 768 struct table *rlt_table; 769 u_int32_t rlt_flags; 770 int rlt_mode; 771 u_int32_t rlt_index; 772 struct host *rlt_host[RELAY_MAXHOSTS]; 773 int rlt_nhosts; 774 TAILQ_ENTRY(relay_table) rlt_entry; 775 }; 776 TAILQ_HEAD(relaytables, relay_table); 777 778 struct ca_pkey { 779 char pkey_hash[TLS_CERT_HASH_SIZE]; 780 EVP_PKEY *pkey; 781 TAILQ_ENTRY(ca_pkey) pkey_entry; 782 }; 783 TAILQ_HEAD(ca_pkeylist, ca_pkey); 784 785 struct relay_cert { 786 objid_t cert_id; 787 objid_t cert_relayid; 788 int cert_fd; 789 int cert_key_fd; 790 int cert_ocsp_fd; 791 EVP_PKEY *cert_pkey; 792 TAILQ_ENTRY(relay_cert) cert_entry; 793 }; 794 TAILQ_HEAD(relaycertlist, relay_cert); 795 796 struct relay_config { 797 objid_t id; 798 u_int32_t flags; 799 objid_t proto; 800 char name[HOST_NAME_MAX+1]; 801 in_port_t port; 802 in_port_t dstport; 803 int dstretry; 804 struct sockaddr_storage ss; 805 struct sockaddr_storage dstss; 806 struct sockaddr_storage dstaf; 807 struct timeval timeout; 808 enum forwardmode fwdmode; 809 union hashkey hashkey; 810 off_t tls_cakey_len; 811 }; 812 813 struct relay { 814 TAILQ_ENTRY(relay) rl_entry; 815 struct relay_config rl_conf; 816 817 int rl_up; 818 struct protocol *rl_proto; 819 int rl_s; 820 struct bufferevent *rl_bev; 821 822 int rl_dsts; 823 struct bufferevent *rl_dstbev; 824 825 struct relaytables rl_tables; 826 827 struct event rl_ev; 828 struct event rl_evt; 829 830 struct tls_config *rl_tls_cfg; 831 struct tls_config *rl_tls_client_cfg; 832 struct tls *rl_tls_ctx; 833 834 int rl_tls_ca_fd; 835 int rl_tls_cacert_fd; 836 EVP_PKEY *rl_tls_pkey; 837 X509 *rl_tls_cacertx509; 838 char *rl_tls_cakey; 839 EVP_PKEY *rl_tls_capkey; 840 841 struct ctl_stats rl_stats[PROC_MAX_INSTANCES + 1]; 842 843 struct session_tree rl_sessions; 844 }; 845 TAILQ_HEAD(relaylist, relay); 846 847 enum dstmode { 848 RELAY_DSTMODE_LOADBALANCE = 0, 849 RELAY_DSTMODE_ROUNDROBIN, 850 RELAY_DSTMODE_HASH, 851 RELAY_DSTMODE_SRCHASH, 852 RELAY_DSTMODE_LEASTSTATES, 853 RELAY_DSTMODE_RANDOM 854 }; 855 #define RELAY_DSTMODE_DEFAULT RELAY_DSTMODE_ROUNDROBIN 856 857 struct netroute_config { 858 objid_t id; 859 struct sockaddr_storage ss; 860 int prefixlen; 861 objid_t routerid; 862 }; 863 864 struct netroute { 865 struct netroute_config nr_conf; 866 867 TAILQ_ENTRY(netroute) nr_entry; 868 TAILQ_ENTRY(netroute) nr_route; 869 870 struct router *nr_router; 871 }; 872 TAILQ_HEAD(netroutelist, netroute); 873 874 struct router_config { 875 objid_t id; 876 u_int32_t flags; 877 char name[HOST_NAME_MAX+1]; 878 char label[RT_LABEL_SIZE]; 879 int nroutes; 880 objid_t gwtable; 881 in_port_t gwport; 882 int rtable; 883 int af; 884 }; 885 886 struct router { 887 struct router_config rt_conf; 888 889 struct table *rt_gwtable; 890 struct netroutelist rt_netroutes; 891 892 TAILQ_ENTRY(router) rt_entry; 893 }; 894 TAILQ_HEAD(routerlist, router); 895 896 struct ctl_netroute { 897 int up; 898 struct host_config host; 899 struct netroute_config nr; 900 struct router_config rt; 901 }; 902 903 /* initially control.h */ 904 struct control_sock { 905 const char *cs_name; 906 struct event cs_ev; 907 struct event cs_evt; 908 int cs_fd; 909 int cs_restricted; 910 void *cs_env; 911 912 TAILQ_ENTRY(control_sock) cs_entry; 913 }; 914 TAILQ_HEAD(control_socks, control_sock); 915 916 struct { 917 struct event ev; 918 int fd; 919 } control_state; 920 921 struct imsgev { 922 struct imsgbuf ibuf; 923 void (*handler)(int, short, void *); 924 struct event ev; 925 struct privsep_proc *proc; 926 void *data; 927 short events; 928 }; 929 930 #define IMSG_SIZE_CHECK(imsg, p) do { \ 931 if (IMSG_DATA_SIZE(imsg) < sizeof(*p)) \ 932 fatalx("bad length imsg received"); \ 933 } while (0) 934 #define IMSG_DATA_SIZE(imsg) ((imsg)->hdr.len - IMSG_HEADER_SIZE) 935 936 struct ctl_conn { 937 TAILQ_ENTRY(ctl_conn) entry; 938 u_int8_t flags; 939 u_int waiting; 940 #define CTL_CONN_NOTIFY 0x01 941 struct imsgev iev; 942 943 }; 944 TAILQ_HEAD(ctl_connlist, ctl_conn); 945 946 enum imsg_type { 947 IMSG_NONE, 948 IMSG_CTL_OK, /* answer to relayctl requests */ 949 IMSG_CTL_FAIL, 950 IMSG_CTL_VERBOSE, 951 IMSG_CTL_PROCFD, 952 IMSG_CTL_END, 953 IMSG_CTL_RDR, 954 IMSG_CTL_TABLE, 955 IMSG_CTL_HOST, 956 IMSG_CTL_RELAY, 957 IMSG_CTL_SESSION, 958 IMSG_CTL_ROUTER, 959 IMSG_CTL_NETROUTE, 960 IMSG_CTL_TABLE_CHANGED, 961 IMSG_CTL_PULL_RULESET, 962 IMSG_CTL_PUSH_RULESET, 963 IMSG_CTL_SHOW_SUM, /* relayctl requests */ 964 IMSG_CTL_RDR_ENABLE, 965 IMSG_CTL_RDR_DISABLE, 966 IMSG_CTL_TABLE_ENABLE, 967 IMSG_CTL_TABLE_DISABLE, 968 IMSG_CTL_HOST_ENABLE, 969 IMSG_CTL_HOST_DISABLE, 970 IMSG_CTL_SHUTDOWN, 971 IMSG_CTL_START, 972 IMSG_CTL_RELOAD, 973 IMSG_CTL_RESET, 974 IMSG_CTL_POLL, 975 IMSG_CTL_NOTIFY, 976 IMSG_CTL_RDR_STATS, 977 IMSG_CTL_RELAY_STATS, 978 IMSG_RDR_ENABLE, /* notifies from pfe to hce */ 979 IMSG_RDR_DISABLE, 980 IMSG_TABLE_ENABLE, 981 IMSG_TABLE_DISABLE, 982 IMSG_HOST_ENABLE, 983 IMSG_HOST_DISABLE, 984 IMSG_HOST_STATUS, /* notifies from hce to pfe */ 985 IMSG_SYNC, 986 IMSG_NATLOOK, 987 IMSG_DEMOTE, 988 IMSG_STATISTICS, 989 IMSG_SCRIPT, 990 IMSG_AGENTXSOCK, 991 IMSG_BINDANY, 992 IMSG_RTMSG, /* from pfe to parent */ 993 IMSG_CFG_TABLE, /* configuration from parent */ 994 IMSG_CFG_HOST, 995 IMSG_CFG_RDR, 996 IMSG_CFG_VIRT, 997 IMSG_CFG_ROUTER, 998 IMSG_CFG_ROUTE, 999 IMSG_CFG_PROTO, 1000 IMSG_CFG_RULE, 1001 IMSG_CFG_RELAY, 1002 IMSG_CFG_RELAY_TABLE, 1003 IMSG_CFG_RELAY_CERT, 1004 IMSG_CFG_RELAY_FD, 1005 IMSG_CFG_DONE, 1006 IMSG_CA_PRIVENC, 1007 IMSG_CA_PRIVDEC, 1008 IMSG_SESS_PUBLISH, /* from relay to pfe */ 1009 IMSG_SESS_UNPUBLISH, 1010 IMSG_TLSTICKET_REKEY 1011 }; 1012 1013 enum privsep_procid { 1014 PROC_ALL = -1, 1015 PROC_PARENT = 0, 1016 PROC_HCE, 1017 PROC_RELAY, 1018 PROC_PFE, 1019 PROC_CA, 1020 PROC_MAX 1021 } privsep_process; 1022 1023 /* Attach the control socket to the following process */ 1024 #define PROC_CONTROL PROC_PFE 1025 1026 struct privsep_pipes { 1027 int *pp_pipes[PROC_MAX]; 1028 }; 1029 1030 struct privsep { 1031 struct privsep_pipes *ps_pipes[PROC_MAX]; 1032 struct privsep_pipes *ps_pp; 1033 1034 struct imsgev *ps_ievs[PROC_MAX]; 1035 const char *ps_title[PROC_MAX]; 1036 u_int8_t ps_what[PROC_MAX]; 1037 1038 u_int ps_instances[PROC_MAX]; 1039 u_int ps_instance; 1040 1041 struct control_sock ps_csock; 1042 struct control_socks ps_rcsocks; 1043 1044 /* Event and signal handlers */ 1045 struct event ps_evsigint; 1046 struct event ps_evsigterm; 1047 struct event ps_evsigchld; 1048 struct event ps_evsighup; 1049 struct event ps_evsigpipe; 1050 struct event ps_evsigusr1; 1051 1052 int ps_noaction; 1053 struct passwd *ps_pw; 1054 struct relayd *ps_env; 1055 }; 1056 1057 struct privsep_proc { 1058 const char *p_title; 1059 enum privsep_procid p_id; 1060 int (*p_cb)(int, struct privsep_proc *, 1061 struct imsg *); 1062 void (*p_init)(struct privsep *, 1063 struct privsep_proc *); 1064 const char *p_chroot; 1065 struct privsep *p_ps; 1066 void (*p_shutdown)(void); 1067 struct passwd *p_pw; 1068 }; 1069 1070 struct privsep_fd { 1071 enum privsep_procid pf_procid; 1072 unsigned int pf_instance; 1073 }; 1074 1075 struct relayd_config { 1076 char tls_sid[SSL_MAX_SID_CTX_LENGTH]; 1077 char agentx_path[sizeof(((struct sockaddr_un *)NULL)->sun_path)]; 1078 char agentx_context[32]; 1079 struct timeval interval; 1080 struct timeval timeout; 1081 struct timeval statinterval; 1082 u_int16_t prefork_relay; 1083 u_int16_t opts; 1084 u_int32_t flags; 1085 }; 1086 1087 struct pfdata { 1088 int dev; 1089 struct pf_anchor *anchor; 1090 struct pfioc_trans pft; 1091 struct pfioc_trans_e pfte; 1092 u_int8_t pfused; 1093 }; 1094 1095 struct relayd { 1096 struct relayd_config sc_conf; 1097 const char *sc_conffile; 1098 struct pfdata *sc_pf; 1099 int sc_rtsock; 1100 int sc_rtseq; 1101 int sc_tablecount; 1102 int sc_rdrcount; 1103 int sc_protocount; 1104 int sc_relaycount; 1105 int sc_routercount; 1106 int sc_routecount; 1107 struct table sc_empty_table; 1108 struct protocol sc_proto_default; 1109 struct event sc_ev; 1110 struct tablelist *sc_tables; 1111 struct hostlist sc_hosts; 1112 struct rdrlist *sc_rdrs; 1113 struct protolist *sc_protos; 1114 struct relaylist *sc_relays; 1115 struct routerlist *sc_rts; 1116 struct netroutelist *sc_routes; 1117 struct ca_pkeylist *sc_pkeys; 1118 struct relaycertlist *sc_certs; 1119 struct sessionlist sc_sessions; 1120 char sc_demote_group[IFNAMSIZ]; 1121 u_int16_t sc_id; 1122 int sc_rtable; 1123 1124 struct event sc_statev; 1125 1126 struct event sc_agentxev; 1127 1128 int sc_has_icmp; 1129 int sc_has_icmp6; 1130 struct ctl_icmp_event sc_icmp_send; 1131 struct ctl_icmp_event sc_icmp_recv; 1132 struct ctl_icmp_event sc_icmp6_send; 1133 struct ctl_icmp_event sc_icmp6_recv; 1134 1135 struct relay_ticket_key sc_ticket; 1136 1137 struct privsep *sc_ps; 1138 int sc_reload; 1139 }; 1140 1141 #define RELAYD_OPT_VERBOSE 0x01 1142 #define RELAYD_OPT_NOACTION 0x04 1143 #define RELAYD_OPT_LOGUPDATE 0x08 1144 #define RELAYD_OPT_LOGHOSTCHECK 0x10 1145 #define RELAYD_OPT_LOGCON 0x20 1146 #define RELAYD_OPT_LOGCONERR 0x40 1147 1148 /* control.c */ 1149 int control_init(struct privsep *, struct control_sock *); 1150 int control_listen(struct control_sock *); 1151 void control_cleanup(struct control_sock *); 1152 void control_dispatch_imsg(int, short, void *); 1153 void control_imsg_forward(struct privsep *ps, struct imsg *); 1154 struct ctl_conn * 1155 control_connbyfd(int); 1156 1157 extern struct ctl_connlist ctl_conns; 1158 1159 /* parse.y */ 1160 int parse_config(const char *, struct relayd *); 1161 int load_config(const char *, struct relayd *); 1162 int cmdline_symset(char *); 1163 1164 /* util.c */ 1165 const char *host_error(enum host_error); 1166 const char *host_status(enum host_status); 1167 const char *table_check(enum table_check); 1168 #ifdef DEBUG 1169 const char *relay_state(enum relay_state); 1170 #endif 1171 const char *print_availability(u_long, u_long); 1172 const char *print_host(struct sockaddr_storage *, char *, size_t); 1173 const char *print_time(struct timeval *, struct timeval *, char *, size_t); 1174 const char *printb_flags(const u_int32_t, const char *); 1175 void getmonotime(struct timeval *); 1176 struct ibuf *string2binary(const char *); 1177 void print_hex(uint8_t *, off_t, size_t); 1178 void print_debug(const char *, ...); 1179 1180 /* pfe.c */ 1181 void pfe(struct privsep *, struct privsep_proc *); 1182 void show(struct ctl_conn *); 1183 void show_sessions(struct ctl_conn *); 1184 int enable_rdr(struct ctl_conn *, struct ctl_id *); 1185 int enable_table(struct ctl_conn *, struct ctl_id *); 1186 int enable_host(struct ctl_conn *, struct ctl_id *, struct host *); 1187 int disable_rdr(struct ctl_conn *, struct ctl_id *); 1188 int disable_table(struct ctl_conn *, struct ctl_id *); 1189 int disable_host(struct ctl_conn *, struct ctl_id *, struct host *); 1190 1191 /* pfe_filter.c */ 1192 void init_tables(struct relayd *); 1193 void flush_table(struct relayd *, struct rdr *); 1194 void sync_table(struct relayd *, struct rdr *, struct table *); 1195 void sync_ruleset(struct relayd *, struct rdr *, int); 1196 void flush_rulesets(struct relayd *); 1197 int natlook(struct relayd *, struct ctl_natlook *); 1198 u_int64_t 1199 check_table(struct relayd *, struct rdr *, struct table *); 1200 1201 /* pfe_route.c */ 1202 void init_routes(struct relayd *); 1203 void sync_routes(struct relayd *, struct router *); 1204 int pfe_route(struct relayd *, struct ctl_netroute *); 1205 1206 /* hce.c */ 1207 void hce(struct privsep *, struct privsep_proc *); 1208 void hce_notify_done(struct host *, enum host_error); 1209 1210 /* relay.c */ 1211 void relay(struct privsep *, struct privsep_proc *); 1212 int relay_privinit(struct relay *); 1213 void relay_notify_done(struct host *, const char *); 1214 int relay_session_cmp(struct rsession *, struct rsession *); 1215 void relay_close(struct rsession *, const char *, int); 1216 int relay_reset_event(struct rsession *, struct ctl_relay_event *); 1217 void relay_natlook(int, short, void *); 1218 void relay_session(struct rsession *); 1219 int relay_from_table(struct rsession *); 1220 int relay_socket_af(struct sockaddr_storage *, in_port_t); 1221 in_port_t 1222 relay_socket_getport(struct sockaddr_storage *); 1223 int relay_cmp_af(struct sockaddr_storage *, 1224 struct sockaddr_storage *); 1225 void relay_write(struct bufferevent *, void *); 1226 void relay_read(struct bufferevent *, void *); 1227 int relay_splice(struct ctl_relay_event *); 1228 int relay_splicelen(struct ctl_relay_event *); 1229 int relay_spliceadjust(struct ctl_relay_event *); 1230 void relay_error(struct bufferevent *, short, void *); 1231 int relay_preconnect(struct rsession *); 1232 int relay_connect(struct rsession *); 1233 void relay_connected(int, short, void *); 1234 void relay_bindanyreq(struct rsession *, in_port_t, int); 1235 void relay_bindany(int, short, void *); 1236 void relay_dump(struct ctl_relay_event *, const void *, size_t); 1237 int relay_bufferevent_add(struct event *, int); 1238 int relay_bufferevent_print(struct ctl_relay_event *, const char *); 1239 int relay_bufferevent_write_buffer(struct ctl_relay_event *, 1240 struct evbuffer *); 1241 int relay_bufferevent_write_chunk(struct ctl_relay_event *, 1242 struct evbuffer *, size_t); 1243 int relay_bufferevent_write(struct ctl_relay_event *, 1244 void *, size_t); 1245 int relay_test(struct protocol *, struct ctl_relay_event *); 1246 void relay_calc_skip_steps(struct relay_rules *); 1247 void relay_match(struct kvlist *, struct kv *, struct kv *, 1248 struct kvtree *); 1249 void relay_session_insert(struct rsession *); 1250 void relay_session_remove(struct rsession *); 1251 void relay_session_publish(struct rsession *); 1252 void relay_session_unpublish(struct rsession *); 1253 1254 SPLAY_PROTOTYPE(session_tree, rsession, se_nodes, relay_session_cmp); 1255 1256 /* relay_http.c */ 1257 void relay_http(struct relayd *); 1258 void relay_http_init(struct relay *); 1259 void relay_abort_http(struct rsession *, u_int, const char *, 1260 u_int16_t); 1261 void relay_read_http(struct bufferevent *, void *); 1262 void relay_close_http(struct rsession *); 1263 u_int relay_httpmethod_byname(const char *); 1264 const char 1265 *relay_httpmethod_byid(u_int); 1266 const char 1267 *relay_httperror_byid(u_int); 1268 int relay_http_priv_init(struct rsession *); 1269 int relay_httpdesc_init(struct ctl_relay_event *); 1270 ssize_t relay_http_time(time_t, char *, size_t); 1271 1272 /* relay_udp.c */ 1273 void relay_udp_privinit(struct relay *); 1274 void relay_udp_init(struct relayd *, struct relay *); 1275 int relay_udp_bind(struct sockaddr_storage *, in_port_t, 1276 struct protocol *); 1277 void relay_udp_server(int, short, void *); 1278 1279 /* check_icmp.c */ 1280 void icmp_init(struct relayd *); 1281 void schedule_icmp(struct relayd *, struct host *); 1282 void check_icmp(struct relayd *, struct timeval *); 1283 1284 /* check_tcp.c */ 1285 void check_tcp(struct ctl_tcp_event *); 1286 1287 /* check_tls.c */ 1288 void check_tls(struct ctl_tcp_event *); 1289 1290 /* check_script.c */ 1291 void check_script(struct relayd *, struct host *); 1292 void script_done(struct relayd *, struct ctl_script *); 1293 int script_exec(struct relayd *, struct ctl_script *); 1294 1295 /* ssl.c */ 1296 void ssl_init(struct relayd *); 1297 char *ssl_load_key(struct relayd *, const char *, off_t *, char *); 1298 uint8_t *ssl_update_certificate(const uint8_t *, size_t, EVP_PKEY *, 1299 EVP_PKEY *, X509 *, size_t *); 1300 int ssl_load_pkey(char *, off_t, X509 **, EVP_PKEY **); 1301 int ssl_ctx_fake_private_key(char *, off_t, const char **); 1302 1303 /* ca.c */ 1304 void ca(struct privsep *, struct privsep_proc *); 1305 void ca_engine_init(struct relayd *); 1306 void hash_x509(X509 *cert, char *hash, size_t hashlen); 1307 1308 /* relayd.c */ 1309 struct host *host_find(struct relayd *, objid_t); 1310 struct table *table_find(struct relayd *, objid_t); 1311 struct rdr *rdr_find(struct relayd *, objid_t); 1312 struct netroute *route_find(struct relayd *, objid_t); 1313 struct router *router_find(struct relayd *, objid_t); 1314 struct host *host_findbyname(struct relayd *, const char *); 1315 struct table *table_findbyname(struct relayd *, const char *); 1316 struct table *table_findbyconf(struct relayd *, struct table *); 1317 struct rdr *rdr_findbyname(struct relayd *, const char *); 1318 void event_again(struct event *, int, short, 1319 void (*)(int, short, void *), 1320 struct timeval *, struct timeval *, void *); 1321 struct relay *relay_find(struct relayd *, objid_t); 1322 struct protocol *proto_find(struct relayd *, objid_t); 1323 struct rsession *session_find(struct relayd *, objid_t); 1324 struct relay *relay_findbyname(struct relayd *, const char *); 1325 struct relay *relay_findbyaddr(struct relayd *, struct relay_config *); 1326 EVP_PKEY *pkey_find(struct relayd *, char *hash); 1327 struct ca_pkey *pkey_add(struct relayd *, EVP_PKEY *, char *hash); 1328 struct relay_cert *cert_add(struct relayd *, objid_t); 1329 struct relay_cert *cert_find(struct relayd *, objid_t); 1330 char *relay_load_fd(int, off_t *); 1331 int relay_load_certfiles(struct relayd *, struct relay *, 1332 const char *); 1333 int expand_string(char *, size_t, const char *, const char *); 1334 void translate_string(char *); 1335 void purge_key(char **, off_t); 1336 void purge_table(struct relayd *, struct tablelist *, 1337 struct table *); 1338 void purge_relay(struct relayd *, struct relay *); 1339 char *digeststr(enum digest_type, const u_int8_t *, size_t, char *); 1340 const char *canonicalize_host(const char *, char *, size_t); 1341 int parse_url(const char *, char **, char **, char **); 1342 int map6to4(struct sockaddr_storage *); 1343 int map4to6(struct sockaddr_storage *, struct sockaddr_storage *); 1344 void imsg_event_add(struct imsgev *); 1345 int imsg_compose_event(struct imsgev *, u_int16_t, u_int32_t, 1346 pid_t, int, void *, u_int16_t); 1347 void socket_rlimit(int); 1348 char *get_string(u_int8_t *, size_t); 1349 void *get_data(u_int8_t *, size_t); 1350 int sockaddr_cmp(struct sockaddr *, struct sockaddr *, int); 1351 struct in6_addr *prefixlen2mask6(u_int8_t, u_int32_t *); 1352 u_int32_t prefixlen2mask(u_int8_t); 1353 int accept_reserve(int, struct sockaddr *, socklen_t *, int, 1354 volatile int *); 1355 struct kv *kv_add(struct kvtree *, char *, char *, int); 1356 int kv_set(struct kv *, char *, ...); 1357 int kv_setkey(struct kv *, char *, ...); 1358 void kv_delete(struct kvtree *, struct kv *); 1359 struct kv *kv_extend(struct kvtree *, struct kv *, char *); 1360 void kv_purge(struct kvtree *); 1361 void kv_free(struct kv *); 1362 struct kv *kv_inherit(struct kv *, struct kv *); 1363 void relay_log(struct rsession *, char *); 1364 int kv_log(struct rsession *, struct kv *, u_int16_t, 1365 enum direction); 1366 struct kv *kv_find(struct kvtree *, struct kv *); 1367 struct kv *kv_find_value(struct kvtree *, char *, const char *, 1368 const char *); 1369 int kv_cmp(struct kv *, struct kv *); 1370 int rule_add(struct protocol *, struct relay_rule *, const char 1371 *); 1372 void rule_delete(struct relay_rules *, struct relay_rule *); 1373 void rule_free(struct relay_rule *); 1374 struct relay_rule 1375 *rule_inherit(struct relay_rule *); 1376 void rule_settable(struct relay_rules *, struct relay_table *); 1377 RB_PROTOTYPE(kvtree, kv, kv_node, kv_cmp); 1378 1379 /* carp.c */ 1380 int carp_demote_init(char *, int); 1381 void carp_demote_shutdown(void); 1382 int carp_demote_get(char *); 1383 int carp_demote_set(char *, int); 1384 int carp_demote_reset(char *, int); 1385 1386 /* name2id.c */ 1387 u_int16_t label_name2id(const char *); 1388 const char *label_id2name(u_int16_t); 1389 void label_unref(u_int16_t); 1390 void label_ref(u_int16_t); 1391 u_int16_t tag_name2id(const char *); 1392 const char *tag_id2name(u_int16_t); 1393 void tag_unref(u_int16_t); 1394 void tag_ref(u_int16_t); 1395 1396 /* agentx_control.c */ 1397 void agentx_init(struct relayd *); 1398 void agentx_setsock(struct relayd *, enum privsep_procid); 1399 int agentx_getsock(struct imsg *); 1400 void snmp_hosttrap(struct relayd *, struct table *, struct host *); 1401 1402 /* shuffle.c */ 1403 void shuffle_init(struct shuffle *); 1404 u_int16_t shuffle_generate16(struct shuffle *); 1405 1406 /* log.c */ 1407 void log_init(int, int); 1408 void log_procinit(const char *); 1409 void log_setverbose(int); 1410 int log_getverbose(void); 1411 void log_warn(const char *, ...) 1412 __attribute__((__format__ (printf, 1, 2))); 1413 void log_warnx(const char *, ...) 1414 __attribute__((__format__ (printf, 1, 2))); 1415 void log_info(const char *, ...) 1416 __attribute__((__format__ (printf, 1, 2))); 1417 void log_debug(const char *, ...) 1418 __attribute__((__format__ (printf, 1, 2))); 1419 void logit(int, const char *, ...) 1420 __attribute__((__format__ (printf, 2, 3))); 1421 void vlog(int, const char *, va_list) 1422 __attribute__((__format__ (printf, 2, 0))); 1423 __dead void fatal(const char *, ...) 1424 __attribute__((__format__ (printf, 1, 2))); 1425 __dead void fatalx(const char *, ...) 1426 __attribute__((__format__ (printf, 1, 2))); 1427 1428 /* proc.c */ 1429 enum privsep_procid 1430 proc_getid(struct privsep_proc *, unsigned int, const char *); 1431 int proc_flush_imsg(struct privsep *, enum privsep_procid, int); 1432 void proc_init(struct privsep *, struct privsep_proc *, unsigned int, int, 1433 int, char **, enum privsep_procid); 1434 void proc_kill(struct privsep *); 1435 void proc_connect(struct privsep *); 1436 void proc_dispatch(int, short event, void *); 1437 void proc_run(struct privsep *, struct privsep_proc *, 1438 struct privsep_proc *, unsigned int, 1439 void (*)(struct privsep *, struct privsep_proc *, void *), void *); 1440 void proc_range(struct privsep *, enum privsep_procid, int *, int *); 1441 int proc_compose_imsg(struct privsep *, enum privsep_procid, int, 1442 u_int16_t, u_int32_t, int, void *, u_int16_t); 1443 int proc_compose(struct privsep *, enum privsep_procid, 1444 uint16_t, void *, uint16_t); 1445 int proc_composev_imsg(struct privsep *, enum privsep_procid, int, 1446 u_int16_t, u_int32_t, int, const struct iovec *, int); 1447 int proc_composev(struct privsep *, enum privsep_procid, 1448 uint16_t, const struct iovec *, int); 1449 int proc_forward_imsg(struct privsep *, struct imsg *, 1450 enum privsep_procid, int); 1451 struct imsgbuf * 1452 proc_ibuf(struct privsep *, enum privsep_procid, int); 1453 struct imsgev * 1454 proc_iev(struct privsep *, enum privsep_procid, int); 1455 void imsg_event_add(struct imsgev *); 1456 int imsg_compose_event(struct imsgev *, uint16_t, uint32_t, 1457 pid_t, int, void *, uint16_t); 1458 int imsg_composev_event(struct imsgev *, uint16_t, uint32_t, 1459 pid_t, int, const struct iovec *, int); 1460 1461 /* config.c */ 1462 int config_init(struct relayd *); 1463 void config_purge(struct relayd *, u_int); 1464 int config_setreset(struct relayd *, u_int); 1465 int config_getreset(struct relayd *, struct imsg *); 1466 int config_getcfg(struct relayd *, struct imsg *); 1467 int config_settable(struct relayd *, struct table *); 1468 int config_gettable(struct relayd *, struct imsg *); 1469 int config_gethost(struct relayd *, struct imsg *); 1470 int config_setrdr(struct relayd *, struct rdr *); 1471 int config_getrdr(struct relayd *, struct imsg *); 1472 int config_getvirt(struct relayd *, struct imsg *); 1473 int config_setrt(struct relayd *, struct router *); 1474 int config_getrt(struct relayd *, struct imsg *); 1475 int config_getroute(struct relayd *, struct imsg *); 1476 int config_setproto(struct relayd *, struct protocol *); 1477 int config_getproto(struct relayd *, struct imsg *); 1478 int config_setrule(struct relayd *, struct protocol *); 1479 int config_getrule(struct relayd *, struct imsg *); 1480 int config_setrelay(struct relayd *, struct relay *); 1481 int config_getrelay(struct relayd *, struct imsg *); 1482 int config_getrelaytable(struct relayd *, struct imsg *); 1483 int config_getrelayfd(struct relayd *, struct imsg *); 1484 1485 #endif /* RELAYD_H */ 1486