1 /* $OpenBSD: relayd.h,v 1.233 2016/09/03 14:44:21 reyk Exp $ */ 2 3 /* 4 * Copyright (c) 2006 - 2016 Reyk Floeter <reyk@openbsd.org> 5 * Copyright (c) 2006, 2007 Pierre-Yves Ritschard <pyr@openbsd.org> 6 * Copyright (c) 2003, 2004 Henning Brauer <henning@openbsd.org> 7 * 8 * Permission to use, copy, modify, and distribute this software for any 9 * purpose with or without fee is hereby granted, provided that the above 10 * copyright notice and this permission notice appear in all copies. 11 * 12 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 13 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 14 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 15 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 16 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 17 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 18 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 19 */ 20 21 #ifndef RELAYD_H 22 #define RELAYD_H 23 24 #include <sys/types.h> 25 #include <sys/socket.h> 26 #include <sys/queue.h> 27 #include <sys/tree.h> 28 #include <sys/time.h> 29 30 #include <net/if.h> 31 32 #include <stdarg.h> 33 #include <limits.h> 34 #include <siphash.h> 35 #include <event.h> 36 #include <imsg.h> 37 38 #include <openssl/ssl.h> 39 40 #ifndef nitems 41 #define nitems(_a) (sizeof((_a)) / sizeof((_a)[0])) 42 #endif 43 44 #define CONF_FILE "/etc/relayd.conf" 45 #define RELAYD_SOCKET "/var/run/relayd.sock" 46 #define PF_SOCKET "/dev/pf" 47 #define RELAYD_USER "_relayd" 48 #define RELAYD_ANCHOR "relayd" 49 #define RELAYD_SERVERNAME "OpenBSD relayd" 50 #define CHECK_TIMEOUT 200 51 #define CHECK_INTERVAL 10 52 #define EMPTY_TABLE UINT_MAX 53 #define EMPTY_ID UINT_MAX 54 #define LABEL_NAME_SIZE 1024 55 #define TAG_NAME_SIZE 64 56 #define TABLE_NAME_SIZE 64 57 #define RD_TAG_NAME_SIZE 64 58 #define RT_LABEL_SIZE 32 59 #define SRV_NAME_SIZE 64 60 #define MAX_NAME_SIZE 64 61 #define SRV_MAX_VIRTS 16 62 #define TLS_NAME_SIZE 512 63 #define RELAY_MAX_PREFETCH 256 64 #define RELAY_MIN_PREFETCHED 32 65 66 #define FD_RESERVE 5 67 68 #define RELAY_MAX_SESSIONS 1024 69 #define RELAY_TIMEOUT 600 70 #define RELAY_CACHESIZE -1 /* use default size */ 71 #define RELAY_NUMPROC 3 72 #define RELAY_MAXHOSTS 32 73 #define RELAY_MAXHEADERLENGTH 8192 74 #define RELAY_STATINTERVAL 60 75 #define RELAY_BACKLOG 10 76 #define RELAY_MAXLOOKUPLEVELS 5 77 #define RELAY_OUTOF_FD_RETRIES 5 78 #define RELAY_MAX_HASH_RETRIES 5 79 #define RELAY_TLS_PRIV_TIMEOUT 1000 /* wait 1sec for the ca */ 80 81 #define CONFIG_RELOAD 0x00 82 #define CONFIG_TABLES 0x01 83 #define CONFIG_RDRS 0x02 84 #define CONFIG_RELAYS 0x04 85 #define CONFIG_PROTOS 0x08 86 #define CONFIG_ROUTES 0x10 87 #define CONFIG_RTS 0x20 88 #define CONFIG_CA_ENGINE 0x40 89 #define CONFIG_ALL 0xff 90 91 #define SMALL_READ_BUF_SIZE 1024 92 #define ICMP_BUF_SIZE 64 93 #define ICMP_RCVBUF_SIZE 262144 94 95 #define SNMP_RECONNECT_TIMEOUT { 3, 0 } /* sec, usec */ 96 97 #define PROC_PARENT_SOCK_FILENO 3 98 #define PROC_MAX_INSTANCES 32 99 100 #if DEBUG > 1 101 #define DPRINTF log_debug 102 #define DEBUG_CERT 1 103 #else 104 #define DPRINTF(x...) do {} while(0) 105 #endif 106 107 /* Used for DNS request ID randomization */ 108 struct shuffle { 109 u_int16_t id_shuffle[65536]; 110 int isindex; 111 }; 112 113 typedef u_int32_t objid_t; 114 115 struct ctl_status { 116 objid_t id; 117 int up; 118 int retry_cnt; 119 u_long check_cnt; 120 u_int16_t he; 121 }; 122 123 struct ctl_id { 124 objid_t id; 125 char name[MAX_NAME_SIZE]; 126 }; 127 128 struct ctl_relaytable { 129 objid_t id; 130 objid_t relayid; 131 int mode; 132 u_int32_t flags; 133 }; 134 135 struct ctl_script { 136 objid_t host; 137 int retval; 138 struct timeval timeout; 139 char name[HOST_NAME_MAX+1]; 140 char path[PATH_MAX]; 141 }; 142 143 struct ctl_demote { 144 char group[IFNAMSIZ]; 145 int level; 146 }; 147 148 struct ctl_icmp_event { 149 struct relayd *env; 150 int s; 151 int af; 152 int last_up; 153 struct event ev; 154 struct timeval tv_start; 155 }; 156 157 struct ctl_tcp_event { 158 int s; 159 char *req; 160 struct ibuf *buf; 161 struct host *host; 162 struct table *table; 163 struct timeval tv_start; 164 struct event ev; 165 int (*validate_read)(struct ctl_tcp_event *); 166 int (*validate_close)(struct ctl_tcp_event *); 167 168 SSL *ssl; /* libssl object */ 169 }; 170 171 enum direction { 172 RELAY_DIR_INVALID = -1, 173 RELAY_DIR_ANY = 0, 174 RELAY_DIR_REQUEST = 1, 175 RELAY_DIR_RESPONSE = 2 176 }; 177 178 enum tlsreneg_state { 179 TLSRENEG_INIT = 0, /* first/next negotiation is allowed */ 180 TLSRENEG_ALLOW = 1, /* all (re-)negotiations are allowed */ 181 TLSRENEG_DENY = 2, /* next renegotiation must be denied */ 182 TLSRENEG_ABORT = 3 /* the connection should be aborted */ 183 }; 184 185 enum relay_state { 186 STATE_INIT, 187 STATE_PENDING, 188 STATE_PRECONNECT, 189 STATE_CONNECTED 190 }; 191 192 struct ctl_relay_event { 193 int s; 194 in_port_t port; 195 struct sockaddr_storage ss; 196 struct bufferevent *bev; 197 struct evbuffer *output; 198 struct ctl_relay_event *dst; 199 struct rsession *con; 200 201 SSL *ssl; /* libssl object */ 202 203 X509 *tlscert; 204 enum tlsreneg_state tlsreneg_state; 205 206 off_t splicelen; 207 off_t toread; 208 size_t headerlen; 209 int line; 210 int done; 211 int timedout; 212 enum relay_state state; 213 enum direction dir; 214 215 u_int8_t *buf; 216 int buflen; 217 218 /* protocol-specific descriptor */ 219 void *desc; 220 }; 221 222 enum httpchunk { 223 TOREAD_UNLIMITED = -1, 224 TOREAD_HTTP_HEADER = -2, 225 TOREAD_HTTP_CHUNK_LENGTH = -3, 226 TOREAD_HTTP_CHUNK_TRAILER = -4 227 }; 228 229 struct ctl_natlook { 230 objid_t id; 231 int proc; 232 233 struct sockaddr_storage src; 234 struct sockaddr_storage dst; 235 struct sockaddr_storage rsrc; 236 struct sockaddr_storage rdst; 237 in_port_t rsport; 238 in_port_t rdport; 239 int in; 240 int proto; 241 }; 242 243 struct ctl_bindany { 244 objid_t bnd_id; 245 int bnd_proc; 246 247 struct sockaddr_storage bnd_ss; 248 in_port_t bnd_port; 249 int bnd_proto; 250 }; 251 252 struct ctl_keyop { 253 objid_t cko_id; 254 int cko_proc; 255 int cko_flen; 256 int cko_tlen; 257 int cko_padding; 258 }; 259 260 struct ctl_stats { 261 objid_t id; 262 int proc; 263 264 u_int64_t interval; 265 u_int64_t cnt; 266 u_int32_t tick; 267 u_int32_t avg; 268 u_int32_t last; 269 u_int32_t avg_hour; 270 u_int32_t last_hour; 271 u_int32_t avg_day; 272 u_int32_t last_day; 273 }; 274 275 enum key_option { 276 KEY_OPTION_NONE = 0, 277 KEY_OPTION_APPEND, 278 KEY_OPTION_SET, 279 KEY_OPTION_REMOVE, 280 KEY_OPTION_HASH, 281 KEY_OPTION_LOG 282 }; 283 284 enum key_type { 285 KEY_TYPE_NONE = 0, 286 KEY_TYPE_COOKIE, 287 KEY_TYPE_HEADER, 288 KEY_TYPE_PATH, 289 KEY_TYPE_QUERY, 290 KEY_TYPE_URL, 291 KEY_TYPE_MAX 292 }; 293 294 struct ctl_kvlen { 295 ssize_t key; 296 ssize_t value; 297 }; 298 299 struct ctl_rule { 300 struct ctl_kvlen kvlen[KEY_TYPE_MAX]; 301 }; 302 303 enum digest_type { 304 DIGEST_NONE = 0, 305 DIGEST_SHA1 = 1, 306 DIGEST_MD5 = 2 307 }; 308 309 TAILQ_HEAD(kvlist, kv); 310 RB_HEAD(kvtree, kv); 311 312 struct kv { 313 char *kv_key; 314 char *kv_value; 315 316 enum key_type kv_type; 317 enum key_option kv_option; 318 enum digest_type kv_digest; 319 320 #define KV_FLAG_MACRO 0x01 321 #define KV_FLAG_INVALID 0x02 322 #define KV_FLAG_GLOBBING 0x04 323 u_int8_t kv_flags; 324 325 struct kvlist kv_children; 326 struct kv *kv_parent; 327 TAILQ_ENTRY(kv) kv_entry; 328 329 RB_ENTRY(kv) kv_node; 330 331 /* A few pointers used by the rule actions */ 332 struct kv *kv_match; 333 struct kvtree *kv_matchtree; 334 335 TAILQ_ENTRY(kv) kv_match_entry; 336 TAILQ_ENTRY(kv) kv_rule_entry; 337 TAILQ_ENTRY(kv) kv_action_entry; 338 }; 339 340 struct portrange { 341 in_port_t val[2]; 342 u_int8_t op; 343 }; 344 345 struct address { 346 objid_t rdrid; 347 struct sockaddr_storage ss; 348 int ipproto; 349 struct portrange port; 350 char ifname[IFNAMSIZ]; 351 TAILQ_ENTRY(address) entry; 352 }; 353 TAILQ_HEAD(addresslist, address); 354 355 union hashkey { 356 /* Simplified version of pf_poolhashkey */ 357 u_int32_t data[4]; 358 SIPHASH_KEY siphashkey; 359 }; 360 361 #define F_DISABLE 0x00000001 362 #define F_BACKUP 0x00000002 363 #define F_USED 0x00000004 364 #define F_DOWN 0x00000008 365 #define F_ADD 0x00000010 366 #define F_DEL 0x00000020 367 #define F_CHANGED 0x00000040 368 #define F_STICKY 0x00000080 369 #define F_CHECK_DONE 0x00000100 370 #define F_ACTIVE_RULESET 0x00000200 371 #define F_CHECK_SENT 0x00000400 372 #define F_TLS 0x00000800 373 #define F_NATLOOK 0x00001000 374 #define F_DEMOTE 0x00002000 375 #define F_LOOKUP_PATH 0x00004000 376 #define F_DEMOTED 0x00008000 377 #define F_UDP 0x00010000 378 #define F_RETURN 0x00020000 379 #define F_SNMP 0x00040000 380 #define F_NEEDPF 0x00080000 381 #define F_PORT 0x00100000 382 #define F_TLSCLIENT 0x00200000 383 #define F_NEEDRT 0x00400000 384 #define F_MATCH 0x00800000 385 #define F_DIVERT 0x01000000 386 #define F_SCRIPT 0x02000000 387 #define F_TLSINSPECT 0x04000000 388 #define F_HASHKEY 0x08000000 389 #define F_SNMP_TRAPONLY 0x10000000 390 391 #define F_BITS \ 392 "\10\01DISABLE\02BACKUP\03USED\04DOWN\05ADD\06DEL\07CHANGED" \ 393 "\10STICKY-ADDRESS\11CHECK_DONE\12ACTIVE_RULESET\13CHECK_SENT" \ 394 "\14TLS\15NAT_LOOKUP\16DEMOTE\17LOOKUP_PATH\20DEMOTED\21UDP" \ 395 "\22RETURN\23TRAP\24NEEDPF\25PORT\26TLS_CLIENT\27NEEDRT" \ 396 "\30MATCH\31DIVERT\32SCRIPT\33TLS_INSPECT\34HASHKEY" \ 397 "\35SNMP_TRAPONLY" 398 399 enum forwardmode { 400 FWD_NORMAL = 0, 401 FWD_ROUTE, 402 FWD_TRANS 403 }; 404 405 struct host_config { 406 objid_t id; 407 objid_t parentid; 408 objid_t tableid; 409 int retry; 410 char name[HOST_NAME_MAX+1]; 411 struct sockaddr_storage ss; 412 int ttl; 413 int priority; 414 }; 415 416 struct host { 417 TAILQ_ENTRY(host) entry; 418 TAILQ_ENTRY(host) globalentry; 419 SLIST_ENTRY(host) child; 420 SLIST_HEAD(,host) children; 421 struct host_config conf; 422 u_int32_t flags; 423 char *tablename; 424 int up; 425 int last_up; 426 u_long check_cnt; 427 u_long up_cnt; 428 int retry_cnt; 429 int idx; 430 u_int16_t he; 431 int code; 432 struct ctl_tcp_event cte; 433 }; 434 TAILQ_HEAD(hostlist, host); 435 436 enum host_error { 437 HCE_NONE = 0, 438 HCE_ABORT, 439 HCE_INTERVAL_TIMEOUT, 440 HCE_ICMP_OK, 441 HCE_ICMP_READ_TIMEOUT, 442 HCE_ICMP_WRITE_TIMEOUT, 443 HCE_TCP_SOCKET_ERROR, 444 HCE_TCP_SOCKET_LIMIT, 445 HCE_TCP_SOCKET_OPTION, 446 HCE_TCP_CONNECT_FAIL, 447 HCE_TCP_CONNECT_TIMEOUT, 448 HCE_TCP_CONNECT_OK, 449 HCE_TCP_WRITE_TIMEOUT, 450 HCE_TCP_WRITE_FAIL, 451 HCE_TCP_READ_TIMEOUT, 452 HCE_TCP_READ_FAIL, 453 HCE_SCRIPT_OK, 454 HCE_SCRIPT_FAIL, 455 HCE_TLS_CONNECT_ERROR, 456 HCE_TLS_CONNECT_FAIL, 457 HCE_TLS_CONNECT_OK, 458 HCE_TLS_CONNECT_TIMEOUT, 459 HCE_TLS_READ_TIMEOUT, 460 HCE_TLS_WRITE_TIMEOUT, 461 HCE_TLS_READ_ERROR, 462 HCE_TLS_WRITE_ERROR, 463 HCE_SEND_EXPECT_FAIL, 464 HCE_SEND_EXPECT_OK, 465 HCE_HTTP_CODE_ERROR, 466 HCE_HTTP_CODE_FAIL, 467 HCE_HTTP_CODE_OK, 468 HCE_HTTP_DIGEST_ERROR, 469 HCE_HTTP_DIGEST_FAIL, 470 HCE_HTTP_DIGEST_OK, 471 }; 472 473 enum host_status { 474 HOST_DOWN = -1, 475 HOST_UNKNOWN = 0, 476 HOST_UP = 1 477 }; 478 #define HOST_ISUP(x) (x == HOST_UP) 479 480 struct table_config { 481 objid_t id; 482 objid_t rdrid; 483 u_int32_t flags; 484 int check; 485 char demote_group[IFNAMSIZ]; 486 char ifname[IFNAMSIZ]; 487 struct timeval timeout; 488 in_port_t port; 489 int retcode; 490 int skip_cnt; 491 char name[TABLE_NAME_SIZE]; 492 size_t name_len; 493 char path[PATH_MAX]; 494 char exbuf[64]; 495 char digest[41]; /* length of sha1 digest * 2 */ 496 u_int8_t digest_type; 497 enum forwardmode fwdmode; 498 }; 499 500 struct table { 501 TAILQ_ENTRY(table) entry; 502 struct table_config conf; 503 int up; 504 int skipped; 505 struct hostlist hosts; 506 SSL_CTX *ssl_ctx; /* libssl context */ 507 char *sendbuf; 508 }; 509 TAILQ_HEAD(tablelist, table); 510 511 enum table_check { 512 CHECK_NOCHECK = 0, 513 CHECK_ICMP = 1, 514 CHECK_TCP = 2, 515 CHECK_HTTP_CODE = 3, 516 CHECK_HTTP_DIGEST = 4, 517 CHECK_SEND_EXPECT = 5, 518 CHECK_SCRIPT = 6 519 }; 520 521 struct rdr_config { 522 objid_t id; 523 u_int32_t flags; 524 in_port_t port; 525 objid_t table_id; 526 objid_t backup_id; 527 int mode; 528 union hashkey key; 529 char name[SRV_NAME_SIZE]; 530 char tag[RD_TAG_NAME_SIZE]; 531 struct timeval timeout; 532 }; 533 534 struct rdr { 535 TAILQ_ENTRY(rdr) entry; 536 struct rdr_config conf; 537 struct addresslist virts; 538 struct table *table; 539 struct table *backup; /* use this if no host up */ 540 struct ctl_stats stats; 541 }; 542 TAILQ_HEAD(rdrlist, rdr); 543 544 struct rsession { 545 objid_t se_id; 546 objid_t se_relayid; 547 struct ctl_relay_event se_in; 548 struct ctl_relay_event se_out; 549 void *se_priv; 550 SIPHASH_CTX se_siphashctx; 551 struct relay_table *se_table; 552 struct event se_ev; 553 struct timeval se_timeout; 554 struct timeval se_tv_start; 555 struct timeval se_tv_last; 556 struct event se_inflightevt; 557 int se_done; 558 int se_retry; 559 int se_retrycount; 560 int se_connectcount; 561 int se_haslog; 562 struct evbuffer *se_log; 563 struct relay *se_relay; 564 struct ctl_natlook *se_cnl; 565 int se_bnds; 566 u_int16_t se_tag; 567 u_int16_t se_label; 568 569 int se_cid; 570 pid_t se_pid; 571 SPLAY_ENTRY(rsession) se_nodes; 572 TAILQ_ENTRY(rsession) se_entry; 573 }; 574 SPLAY_HEAD(session_tree, rsession); 575 TAILQ_HEAD(sessionlist, rsession); 576 577 enum prototype { 578 RELAY_PROTO_TCP = 0, 579 RELAY_PROTO_HTTP, 580 RELAY_PROTO_DNS 581 }; 582 583 enum relay_result { 584 RES_DROP = 0, 585 RES_PASS = 1, 586 RES_FAIL = -1, 587 RES_BAD = -2, 588 RES_INTERNAL = -3 589 }; 590 591 enum rule_action { 592 RULE_ACTION_MATCH = 0, 593 RULE_ACTION_PASS, 594 RULE_ACTION_BLOCK 595 }; 596 597 struct rule_addr { 598 int addr_af; 599 struct sockaddr_storage addr; 600 u_int8_t addr_mask; 601 int addr_net; 602 in_port_t addr_port; 603 }; 604 605 #define RELAY_ADDR_EQ(_a, _b) \ 606 ((_a)->addr_mask == (_b)->addr_mask && \ 607 sockaddr_cmp((struct sockaddr *)&(_a)->addr, \ 608 (struct sockaddr *)&(_b)->addr, (_a)->addr_mask) == 0) 609 610 #define RELAY_ADDR_CMP(_a, _b) \ 611 sockaddr_cmp((struct sockaddr *)&(_a)->addr, \ 612 (struct sockaddr *)(_b), (_a)->addr_mask) 613 614 #define RELAY_ADDR_NEQ(_a, _b) \ 615 ((_a)->addr_mask != (_b)->addr_mask || \ 616 sockaddr_cmp((struct sockaddr *)&(_a)->addr, \ 617 (struct sockaddr *)&(_b)->addr, (_a)->addr_mask) != 0) 618 619 struct relay_rule { 620 objid_t rule_id; 621 objid_t rule_protoid; 622 623 u_int rule_action; 624 #define RULE_SKIP_PROTO 0 625 #define RULE_SKIP_DIR 1 626 #define RULE_SKIP_AF 2 627 #define RULE_SKIP_SRC 3 628 #define RULE_SKIP_DST 4 629 #define RULE_SKIP_METHOD 5 630 #define RULE_SKIP_COUNT 6 631 struct relay_rule *rule_skip[RULE_SKIP_COUNT]; 632 633 #define RULE_FLAG_QUICK 0x01 634 u_int8_t rule_flags; 635 636 int rule_label; 637 int rule_tag; 638 int rule_tagged; 639 enum direction rule_dir; 640 u_int rule_proto; 641 int rule_af; 642 struct rule_addr rule_src; 643 struct rule_addr rule_dst; 644 struct relay_table *rule_table; 645 646 u_int rule_method; 647 char rule_labelname[LABEL_NAME_SIZE]; 648 char rule_tablename[TABLE_NAME_SIZE]; 649 char rule_taggedname[TAG_NAME_SIZE]; 650 char rule_tagname[TAG_NAME_SIZE]; 651 652 struct ctl_rule rule_ctl; 653 struct kv rule_kv[KEY_TYPE_MAX]; 654 struct kvlist rule_kvlist; 655 656 TAILQ_ENTRY(relay_rule) rule_entry; 657 }; 658 TAILQ_HEAD(relay_rules, relay_rule); 659 660 #define TCPFLAG_NODELAY 0x01 661 #define TCPFLAG_NNODELAY 0x02 662 #define TCPFLAG_SACK 0x04 663 #define TCPFLAG_NSACK 0x08 664 #define TCPFLAG_BUFSIZ 0x10 665 #define TCPFLAG_IPTTL 0x20 666 #define TCPFLAG_IPMINTTL 0x40 667 #define TCPFLAG_NSPLICE 0x80 668 #define TCPFLAG_DEFAULT 0x00 669 670 #define TCPFLAG_BITS \ 671 "\10\01NODELAY\02NO_NODELAY\03SACK\04NO_SACK" \ 672 "\05SOCKET_BUFFER_SIZE\06IP_TTL\07IP_MINTTL\10NO_SPLICE" 673 674 #define TLSFLAG_SSLV3 0x01 675 #define TLSFLAG_TLSV1_0 0x02 676 #define TLSFLAG_TLSV1_1 0x04 677 #define TLSFLAG_TLSV1_2 0x08 678 #define TLSFLAG_TLSV1 0x0e 679 #define TLSFLAG_VERSION 0x1f 680 #define TLSFLAG_CIPHER_SERVER_PREF 0x20 681 #define TLSFLAG_CLIENT_RENEG 0x40 682 #define TLSFLAG_DEFAULT \ 683 (TLSFLAG_TLSV1_2|TLSFLAG_CIPHER_SERVER_PREF|TLSFLAG_CLIENT_RENEG) 684 685 #define TLSFLAG_BITS \ 686 "\06\01sslv3\02tlsv1.0\03tlsv1.1\04tlsv1.2" \ 687 "\06cipher-server-preference\07client-renegotiation" 688 689 #define TLSCIPHERS_DEFAULT "HIGH:!aNULL" 690 #define TLSECDHCURVE_DEFAULT NID_X9_62_prime256v1 691 692 #define TLSDHPARAMS_NONE 0 693 #define TLSDHPARAMS_DEFAULT 0 694 #define TLSDHPARAMS_MIN 1024 695 696 struct tls_ticket { 697 /* The key, aes key and hmac key must be 16 bytes / 128bits */ 698 unsigned char tt_key_name[16]; 699 unsigned char tt_aes_key[16]; 700 unsigned char tt_hmac_key[16]; 701 int tt_backup; 702 }; 703 #define TLS_TICKET_REKEY_TIME (2 * 3600) 704 705 struct protocol { 706 objid_t id; 707 u_int32_t flags; 708 u_int8_t tcpflags; 709 int tcpbufsiz; 710 int tcpbacklog; 711 u_int8_t tcpipttl; 712 u_int8_t tcpipminttl; 713 u_int8_t tlsflags; 714 char tlsciphers[768]; 715 int tlsdhparams; 716 int tlsecdhcurve; 717 char tlsca[PATH_MAX]; 718 char tlscacert[PATH_MAX]; 719 char tlscakey[PATH_MAX]; 720 char *tlscapass; 721 char name[MAX_NAME_SIZE]; 722 int tickets; 723 enum prototype type; 724 char *style; 725 726 int (*cmp)(struct rsession *, struct rsession *); 727 void *(*validate)(struct rsession *, struct relay *, 728 struct sockaddr_storage *, 729 u_int8_t *, size_t); 730 int (*request)(struct rsession *); 731 void (*close)(struct rsession *); 732 733 struct relay_rules rules; 734 int rulecount; 735 736 TAILQ_ENTRY(protocol) entry; 737 }; 738 TAILQ_HEAD(protolist, protocol); 739 740 struct relay_table { 741 struct table *rlt_table; 742 u_int32_t rlt_flags; 743 int rlt_mode; 744 u_int32_t rlt_index; 745 struct host *rlt_host[RELAY_MAXHOSTS]; 746 int rlt_nhosts; 747 TAILQ_ENTRY(relay_table) rlt_entry; 748 }; 749 TAILQ_HEAD(relaytables, relay_table); 750 751 struct ca_pkey { 752 objid_t pkey_id; 753 EVP_PKEY *pkey; 754 TAILQ_ENTRY(ca_pkey) pkey_entry; 755 }; 756 TAILQ_HEAD(ca_pkeylist, ca_pkey); 757 758 struct relay_config { 759 objid_t id; 760 u_int32_t flags; 761 objid_t proto; 762 char name[HOST_NAME_MAX+1]; 763 in_port_t port; 764 in_port_t dstport; 765 int dstretry; 766 struct sockaddr_storage ss; 767 struct sockaddr_storage dstss; 768 struct sockaddr_storage dstaf; 769 struct timeval timeout; 770 enum forwardmode fwdmode; 771 union hashkey hashkey; 772 off_t tls_cert_len; 773 off_t tls_key_len; 774 objid_t tls_keyid; 775 off_t tls_ca_len; 776 off_t tls_cacert_len; 777 off_t tls_cakey_len; 778 objid_t tls_cakeyid; 779 }; 780 781 struct relay { 782 TAILQ_ENTRY(relay) rl_entry; 783 struct relay_config rl_conf; 784 785 int rl_up; 786 struct protocol *rl_proto; 787 int rl_s; 788 struct bufferevent *rl_bev; 789 790 int rl_dsts; 791 struct bufferevent *rl_dstbev; 792 793 struct relaytables rl_tables; 794 795 struct event rl_ev; 796 struct event rl_evt; 797 798 SSL_CTX *rl_ssl_ctx; /* libssl context */ 799 800 char *rl_tls_cert; 801 X509 *rl_tls_x509; 802 char *rl_tls_key; 803 EVP_PKEY *rl_tls_pkey; 804 char *rl_tls_ca; 805 char *rl_tls_cacert; 806 X509 *rl_tls_cacertx509; 807 char *rl_tls_cakey; 808 EVP_PKEY *rl_tls_capkey; 809 810 struct ctl_stats rl_stats[PROC_MAX_INSTANCES + 1]; 811 812 struct session_tree rl_sessions; 813 }; 814 TAILQ_HEAD(relaylist, relay); 815 816 enum dstmode { 817 RELAY_DSTMODE_LOADBALANCE = 0, 818 RELAY_DSTMODE_ROUNDROBIN, 819 RELAY_DSTMODE_HASH, 820 RELAY_DSTMODE_SRCHASH, 821 RELAY_DSTMODE_LEASTSTATES, 822 RELAY_DSTMODE_RANDOM 823 }; 824 #define RELAY_DSTMODE_DEFAULT RELAY_DSTMODE_ROUNDROBIN 825 826 struct netroute_config { 827 objid_t id; 828 struct sockaddr_storage ss; 829 int prefixlen; 830 objid_t routerid; 831 }; 832 833 struct netroute { 834 struct netroute_config nr_conf; 835 836 TAILQ_ENTRY(netroute) nr_entry; 837 TAILQ_ENTRY(netroute) nr_route; 838 839 struct router *nr_router; 840 }; 841 TAILQ_HEAD(netroutelist, netroute); 842 843 struct router_config { 844 objid_t id; 845 u_int32_t flags; 846 char name[HOST_NAME_MAX+1]; 847 char label[RT_LABEL_SIZE]; 848 int nroutes; 849 objid_t gwtable; 850 in_port_t gwport; 851 int rtable; 852 int af; 853 }; 854 855 struct router { 856 struct router_config rt_conf; 857 858 struct table *rt_gwtable; 859 struct netroutelist rt_netroutes; 860 861 TAILQ_ENTRY(router) rt_entry; 862 }; 863 TAILQ_HEAD(routerlist, router); 864 865 struct ctl_netroute { 866 int up; 867 struct host_config host; 868 struct netroute_config nr; 869 struct router_config rt; 870 }; 871 872 /* initially control.h */ 873 struct control_sock { 874 const char *cs_name; 875 struct event cs_ev; 876 struct event cs_evt; 877 int cs_fd; 878 int cs_restricted; 879 void *cs_env; 880 881 TAILQ_ENTRY(control_sock) cs_entry; 882 }; 883 TAILQ_HEAD(control_socks, control_sock); 884 885 struct { 886 struct event ev; 887 int fd; 888 } control_state; 889 890 struct imsgev { 891 struct imsgbuf ibuf; 892 void (*handler)(int, short, void *); 893 struct event ev; 894 struct privsep_proc *proc; 895 void *data; 896 short events; 897 }; 898 899 #define IMSG_SIZE_CHECK(imsg, p) do { \ 900 if (IMSG_DATA_SIZE(imsg) < sizeof(*p)) \ 901 fatalx("bad length imsg received"); \ 902 } while (0) 903 #define IMSG_DATA_SIZE(imsg) ((imsg)->hdr.len - IMSG_HEADER_SIZE) 904 905 struct ctl_conn { 906 TAILQ_ENTRY(ctl_conn) entry; 907 u_int8_t flags; 908 u_int waiting; 909 #define CTL_CONN_NOTIFY 0x01 910 struct imsgev iev; 911 912 }; 913 TAILQ_HEAD(ctl_connlist, ctl_conn); 914 915 enum imsg_type { 916 IMSG_NONE, 917 IMSG_CTL_OK, /* answer to relayctl requests */ 918 IMSG_CTL_FAIL, 919 IMSG_CTL_VERBOSE, 920 IMSG_CTL_PROCFD, 921 IMSG_CTL_END, 922 IMSG_CTL_RDR, 923 IMSG_CTL_TABLE, 924 IMSG_CTL_HOST, 925 IMSG_CTL_RELAY, 926 IMSG_CTL_SESSION, 927 IMSG_CTL_ROUTER, 928 IMSG_CTL_NETROUTE, 929 IMSG_CTL_TABLE_CHANGED, 930 IMSG_CTL_PULL_RULESET, 931 IMSG_CTL_PUSH_RULESET, 932 IMSG_CTL_SHOW_SUM, /* relayctl requests */ 933 IMSG_CTL_RDR_ENABLE, 934 IMSG_CTL_RDR_DISABLE, 935 IMSG_CTL_TABLE_ENABLE, 936 IMSG_CTL_TABLE_DISABLE, 937 IMSG_CTL_HOST_ENABLE, 938 IMSG_CTL_HOST_DISABLE, 939 IMSG_CTL_SHUTDOWN, 940 IMSG_CTL_START, 941 IMSG_CTL_RELOAD, 942 IMSG_CTL_RESET, 943 IMSG_CTL_POLL, 944 IMSG_CTL_NOTIFY, 945 IMSG_CTL_RDR_STATS, 946 IMSG_CTL_RELAY_STATS, 947 IMSG_RDR_ENABLE, /* notifies from pfe to hce */ 948 IMSG_RDR_DISABLE, 949 IMSG_TABLE_ENABLE, 950 IMSG_TABLE_DISABLE, 951 IMSG_HOST_ENABLE, 952 IMSG_HOST_DISABLE, 953 IMSG_HOST_STATUS, /* notifies from hce to pfe */ 954 IMSG_SYNC, 955 IMSG_NATLOOK, 956 IMSG_DEMOTE, 957 IMSG_STATISTICS, 958 IMSG_SCRIPT, 959 IMSG_SNMPSOCK, 960 IMSG_BINDANY, 961 IMSG_RTMSG, /* from pfe to parent */ 962 IMSG_CFG_TABLE, /* configuration from parent */ 963 IMSG_CFG_HOST, 964 IMSG_CFG_RDR, 965 IMSG_CFG_VIRT, 966 IMSG_CFG_ROUTER, 967 IMSG_CFG_ROUTE, 968 IMSG_CFG_PROTO, 969 IMSG_CFG_RULE, 970 IMSG_CFG_RELAY, 971 IMSG_CFG_RELAY_TABLE, 972 IMSG_CFG_DONE, 973 IMSG_CA_PRIVENC, 974 IMSG_CA_PRIVDEC, 975 IMSG_SESS_PUBLISH, /* from relay to hce */ 976 IMSG_SESS_UNPUBLISH, 977 IMSG_TLSTICKET_REKEY 978 }; 979 980 enum privsep_procid { 981 PROC_ALL = -1, 982 PROC_PARENT = 0, 983 PROC_HCE, 984 PROC_RELAY, 985 PROC_PFE, 986 PROC_CA, 987 PROC_MAX 988 } privsep_process; 989 990 /* Attach the control socket to the following process */ 991 #define PROC_CONTROL PROC_PFE 992 993 struct privsep_pipes { 994 int *pp_pipes[PROC_MAX]; 995 }; 996 997 struct privsep { 998 struct privsep_pipes *ps_pipes[PROC_MAX]; 999 struct privsep_pipes *ps_pp; 1000 1001 struct imsgev *ps_ievs[PROC_MAX]; 1002 const char *ps_title[PROC_MAX]; 1003 u_int8_t ps_what[PROC_MAX]; 1004 1005 u_int ps_instances[PROC_MAX]; 1006 u_int ps_instance; 1007 1008 struct control_sock ps_csock; 1009 struct control_socks ps_rcsocks; 1010 1011 /* Event and signal handlers */ 1012 struct event ps_evsigint; 1013 struct event ps_evsigterm; 1014 struct event ps_evsigchld; 1015 struct event ps_evsighup; 1016 struct event ps_evsigpipe; 1017 struct event ps_evsigusr1; 1018 1019 int ps_noaction; 1020 struct passwd *ps_pw; 1021 struct relayd *ps_env; 1022 }; 1023 1024 struct privsep_proc { 1025 const char *p_title; 1026 enum privsep_procid p_id; 1027 int (*p_cb)(int, struct privsep_proc *, 1028 struct imsg *); 1029 void (*p_init)(struct privsep *, 1030 struct privsep_proc *); 1031 void (*p_shutdown)(void); 1032 const char *p_chroot; 1033 struct privsep *p_ps; 1034 struct relayd *p_env; 1035 }; 1036 1037 struct privsep_fd { 1038 enum privsep_procid pf_procid; 1039 unsigned int pf_instance; 1040 }; 1041 1042 struct relayd_config { 1043 char tls_sid[SSL_MAX_SID_CTX_LENGTH]; 1044 char snmp_path[PATH_MAX]; 1045 struct timeval interval; 1046 struct timeval timeout; 1047 struct timeval statinterval; 1048 u_int16_t prefork_relay; 1049 u_int16_t opts; 1050 u_int32_t flags; 1051 }; 1052 1053 struct relayd { 1054 struct relayd_config sc_conf; 1055 const char *sc_conffile; 1056 struct pfdata *sc_pf; 1057 int sc_rtsock; 1058 int sc_rtseq; 1059 int sc_tablecount; 1060 int sc_rdrcount; 1061 int sc_protocount; 1062 int sc_relaycount; 1063 int sc_routercount; 1064 int sc_routecount; 1065 struct table sc_empty_table; 1066 struct protocol sc_proto_default; 1067 struct event sc_ev; 1068 struct tablelist *sc_tables; 1069 struct hostlist sc_hosts; 1070 struct rdrlist *sc_rdrs; 1071 struct protolist *sc_protos; 1072 struct relaylist *sc_relays; 1073 struct routerlist *sc_rts; 1074 struct netroutelist *sc_routes; 1075 struct ca_pkeylist *sc_pkeys; 1076 struct sessionlist sc_sessions; 1077 char sc_demote_group[IFNAMSIZ]; 1078 u_int16_t sc_id; 1079 int sc_rtable; 1080 1081 struct event sc_statev; 1082 1083 int sc_snmp; 1084 struct event sc_snmpto; 1085 struct event sc_snmpev; 1086 1087 int sc_has_icmp; 1088 int sc_has_icmp6; 1089 struct ctl_icmp_event sc_icmp_send; 1090 struct ctl_icmp_event sc_icmp_recv; 1091 struct ctl_icmp_event sc_icmp6_send; 1092 struct ctl_icmp_event sc_icmp6_recv; 1093 1094 struct privsep *sc_ps; 1095 int sc_reload; 1096 1097 struct tls_ticket sc_tls_ticket; 1098 struct tls_ticket sc_tls_ticket_bak; 1099 }; 1100 1101 #define RELAYD_OPT_VERBOSE 0x01 1102 #define RELAYD_OPT_NOACTION 0x04 1103 #define RELAYD_OPT_LOGUPDATE 0x08 1104 #define RELAYD_OPT_LOGNOTIFY 0x10 1105 #define RELAYD_OPT_LOGALL 0x18 1106 1107 /* control.c */ 1108 int control_init(struct privsep *, struct control_sock *); 1109 int control_listen(struct control_sock *); 1110 void control_cleanup(struct control_sock *); 1111 void control_dispatch_imsg(int, short, void *); 1112 void control_imsg_forward(struct privsep *ps, struct imsg *); 1113 struct ctl_conn * 1114 control_connbyfd(int); 1115 1116 extern struct ctl_connlist ctl_conns; 1117 1118 /* parse.y */ 1119 int parse_config(const char *, struct relayd *); 1120 int load_config(const char *, struct relayd *); 1121 int cmdline_symset(char *); 1122 1123 /* util.c */ 1124 const char *host_error(enum host_error); 1125 const char *host_status(enum host_status); 1126 const char *table_check(enum table_check); 1127 const char *print_availability(u_long, u_long); 1128 const char *print_host(struct sockaddr_storage *, char *, size_t); 1129 const char *print_time(struct timeval *, struct timeval *, char *, size_t); 1130 const char *printb_flags(const u_int32_t, const char *); 1131 void getmonotime(struct timeval *); 1132 1133 /* pfe.c */ 1134 void pfe(struct privsep *, struct privsep_proc *); 1135 void show(struct ctl_conn *); 1136 void show_sessions(struct ctl_conn *); 1137 int enable_rdr(struct ctl_conn *, struct ctl_id *); 1138 int enable_table(struct ctl_conn *, struct ctl_id *); 1139 int enable_host(struct ctl_conn *, struct ctl_id *, struct host *); 1140 int disable_rdr(struct ctl_conn *, struct ctl_id *); 1141 int disable_table(struct ctl_conn *, struct ctl_id *); 1142 int disable_host(struct ctl_conn *, struct ctl_id *, struct host *); 1143 1144 /* pfe_filter.c */ 1145 void init_filter(struct relayd *, int); 1146 void init_tables(struct relayd *); 1147 void flush_table(struct relayd *, struct rdr *); 1148 void sync_table(struct relayd *, struct rdr *, struct table *); 1149 void sync_ruleset(struct relayd *, struct rdr *, int); 1150 void flush_rulesets(struct relayd *); 1151 int natlook(struct relayd *, struct ctl_natlook *); 1152 u_int64_t 1153 check_table(struct relayd *, struct rdr *, struct table *); 1154 1155 /* pfe_route.c */ 1156 void init_routes(struct relayd *); 1157 void sync_routes(struct relayd *, struct router *); 1158 int pfe_route(struct relayd *, struct ctl_netroute *); 1159 1160 /* hce.c */ 1161 void hce(struct privsep *, struct privsep_proc *); 1162 void hce_notify_done(struct host *, enum host_error); 1163 1164 /* relay.c */ 1165 void relay(struct privsep *, struct privsep_proc *); 1166 int relay_privinit(struct relay *); 1167 void relay_notify_done(struct host *, const char *); 1168 int relay_session_cmp(struct rsession *, struct rsession *); 1169 int relay_load_certfiles(struct relay *); 1170 void relay_close(struct rsession *, const char *); 1171 void relay_natlook(int, short, void *); 1172 void relay_session(struct rsession *); 1173 int relay_from_table(struct rsession *); 1174 int relay_socket_af(struct sockaddr_storage *, in_port_t); 1175 in_port_t 1176 relay_socket_getport(struct sockaddr_storage *); 1177 int relay_cmp_af(struct sockaddr_storage *, 1178 struct sockaddr_storage *); 1179 void relay_write(struct bufferevent *, void *); 1180 void relay_read(struct bufferevent *, void *); 1181 int relay_splice(struct ctl_relay_event *); 1182 int relay_splicelen(struct ctl_relay_event *); 1183 int relay_spliceadjust(struct ctl_relay_event *); 1184 void relay_error(struct bufferevent *, short, void *); 1185 int relay_preconnect(struct rsession *); 1186 int relay_connect(struct rsession *); 1187 void relay_connected(int, short, void *); 1188 void relay_bindanyreq(struct rsession *, in_port_t, int); 1189 void relay_bindany(int, short, void *); 1190 void relay_dump(struct ctl_relay_event *, const void *, size_t); 1191 int relay_bufferevent_add(struct event *, int); 1192 int relay_bufferevent_print(struct ctl_relay_event *, const char *); 1193 int relay_bufferevent_write_buffer(struct ctl_relay_event *, 1194 struct evbuffer *); 1195 int relay_bufferevent_write_chunk(struct ctl_relay_event *, 1196 struct evbuffer *, size_t); 1197 int relay_bufferevent_write(struct ctl_relay_event *, 1198 void *, size_t); 1199 int relay_test(struct protocol *, struct ctl_relay_event *); 1200 void relay_calc_skip_steps(struct relay_rules *); 1201 void relay_match(struct kvlist *, struct kv *, struct kv *, 1202 struct kvtree *); 1203 void relay_session_insert(struct rsession *); 1204 void relay_session_remove(struct rsession *); 1205 void relay_session_publish(struct rsession *); 1206 void relay_session_unpublish(struct rsession *); 1207 1208 SPLAY_PROTOTYPE(session_tree, rsession, se_nodes, relay_session_cmp); 1209 1210 /* relay_http.c */ 1211 void relay_http(struct relayd *); 1212 void relay_http_init(struct relay *); 1213 void relay_abort_http(struct rsession *, u_int, const char *, 1214 u_int16_t); 1215 void relay_read_http(struct bufferevent *, void *); 1216 void relay_close_http(struct rsession *); 1217 u_int relay_httpmethod_byname(const char *); 1218 const char 1219 *relay_httpmethod_byid(u_int); 1220 const char 1221 *relay_httperror_byid(u_int); 1222 int relay_httpdesc_init(struct ctl_relay_event *); 1223 ssize_t relay_http_time(time_t, char *, size_t); 1224 1225 /* relay_udp.c */ 1226 void relay_udp_privinit(struct relayd *, struct relay *); 1227 void relay_udp_init(struct relay *); 1228 int relay_udp_bind(struct sockaddr_storage *, in_port_t, 1229 struct protocol *); 1230 void relay_udp_server(int, short, void *); 1231 1232 /* check_icmp.c */ 1233 void icmp_init(struct relayd *); 1234 void schedule_icmp(struct relayd *, struct host *); 1235 void check_icmp(struct relayd *, struct timeval *); 1236 1237 /* check_tcp.c */ 1238 void check_tcp(struct ctl_tcp_event *); 1239 1240 /* check_script.c */ 1241 void check_script(struct relayd *, struct host *); 1242 void script_done(struct relayd *, struct ctl_script *); 1243 int script_exec(struct relayd *, struct ctl_script *); 1244 1245 /* ssl.c */ 1246 void ssl_init(struct relayd *); 1247 void ssl_transaction(struct ctl_tcp_event *); 1248 SSL_CTX *ssl_ctx_create(struct relayd *); 1249 void ssl_error(const char *, const char *); 1250 char *ssl_load_key(struct relayd *, const char *, off_t *, char *); 1251 X509 *ssl_update_certificate(X509 *, EVP_PKEY *, EVP_PKEY *, X509 *); 1252 int ssl_load_pkey(const void *, size_t, char *, off_t, 1253 X509 **, EVP_PKEY **); 1254 int ssl_ctx_fake_private_key(SSL_CTX *, const void *, size_t, 1255 char *, off_t, X509 **, EVP_PKEY **); 1256 1257 /* ca.c */ 1258 void ca(struct privsep *, struct privsep_proc *); 1259 void ca_engine_init(struct relayd *); 1260 1261 /* relayd.c */ 1262 struct host *host_find(struct relayd *, objid_t); 1263 struct table *table_find(struct relayd *, objid_t); 1264 struct rdr *rdr_find(struct relayd *, objid_t); 1265 struct netroute *route_find(struct relayd *, objid_t); 1266 struct router *router_find(struct relayd *, objid_t); 1267 struct host *host_findbyname(struct relayd *, const char *); 1268 struct table *table_findbyname(struct relayd *, const char *); 1269 struct table *table_findbyconf(struct relayd *, struct table *); 1270 struct rdr *rdr_findbyname(struct relayd *, const char *); 1271 void event_again(struct event *, int, short, 1272 void (*)(int, short, void *), 1273 struct timeval *, struct timeval *, void *); 1274 struct relay *relay_find(struct relayd *, objid_t); 1275 struct protocol *proto_find(struct relayd *, objid_t); 1276 struct rsession *session_find(struct relayd *, objid_t); 1277 struct relay *relay_findbyname(struct relayd *, const char *); 1278 struct relay *relay_findbyaddr(struct relayd *, struct relay_config *); 1279 EVP_PKEY *pkey_find(struct relayd *, objid_t); 1280 struct ca_pkey *pkey_add(struct relayd *, EVP_PKEY *, objid_t); 1281 int expand_string(char *, size_t, const char *, const char *); 1282 void translate_string(char *); 1283 void purge_key(char **, off_t); 1284 void purge_table(struct relayd *, struct tablelist *, 1285 struct table *); 1286 void purge_relay(struct relayd *, struct relay *); 1287 char *digeststr(enum digest_type, const u_int8_t *, size_t, char *); 1288 const char *canonicalize_host(const char *, char *, size_t); 1289 int parse_url(const char *, char **, char **, char **); 1290 int map6to4(struct sockaddr_storage *); 1291 int map4to6(struct sockaddr_storage *, struct sockaddr_storage *); 1292 void imsg_event_add(struct imsgev *); 1293 int imsg_compose_event(struct imsgev *, u_int16_t, u_int32_t, 1294 pid_t, int, void *, u_int16_t); 1295 void socket_rlimit(int); 1296 char *get_string(u_int8_t *, size_t); 1297 void *get_data(u_int8_t *, size_t); 1298 int sockaddr_cmp(struct sockaddr *, struct sockaddr *, int); 1299 struct in6_addr *prefixlen2mask6(u_int8_t, u_int32_t *); 1300 u_int32_t prefixlen2mask(u_int8_t); 1301 int accept_reserve(int, struct sockaddr *, socklen_t *, int, 1302 volatile int *); 1303 struct kv *kv_add(struct kvtree *, char *, char *, int); 1304 int kv_set(struct kv *, char *, ...); 1305 int kv_setkey(struct kv *, char *, ...); 1306 void kv_delete(struct kvtree *, struct kv *); 1307 struct kv *kv_extend(struct kvtree *, struct kv *, char *); 1308 void kv_purge(struct kvtree *); 1309 void kv_free(struct kv *); 1310 struct kv *kv_inherit(struct kv *, struct kv *); 1311 void relay_log(struct rsession *, char *); 1312 int kv_log(struct rsession *, struct kv *, u_int16_t, 1313 enum direction); 1314 struct kv *kv_find(struct kvtree *, struct kv *); 1315 int kv_cmp(struct kv *, struct kv *); 1316 int rule_add(struct protocol *, struct relay_rule *, const char 1317 *); 1318 void rule_delete(struct relay_rules *, struct relay_rule *); 1319 void rule_free(struct relay_rule *); 1320 struct relay_rule 1321 *rule_inherit(struct relay_rule *); 1322 void rule_settable(struct relay_rules *, struct relay_table *); 1323 RB_PROTOTYPE(kvtree, kv, kv_node, kv_cmp); 1324 1325 /* carp.c */ 1326 int carp_demote_init(char *, int); 1327 void carp_demote_shutdown(void); 1328 int carp_demote_get(char *); 1329 int carp_demote_set(char *, int); 1330 int carp_demote_reset(char *, int); 1331 1332 /* name2id.c */ 1333 u_int16_t label_name2id(const char *); 1334 const char *label_id2name(u_int16_t); 1335 void label_unref(u_int16_t); 1336 void label_ref(u_int16_t); 1337 u_int16_t tag_name2id(const char *); 1338 const char *tag_id2name(u_int16_t); 1339 void tag_unref(u_int16_t); 1340 void tag_ref(u_int16_t); 1341 1342 /* snmp.c */ 1343 void snmp_init(struct relayd *, enum privsep_procid); 1344 void snmp_setsock(struct relayd *, enum privsep_procid); 1345 int snmp_getsock(struct relayd *, struct imsg *); 1346 void snmp_hosttrap(struct relayd *, struct table *, struct host *); 1347 1348 /* shuffle.c */ 1349 void shuffle_init(struct shuffle *); 1350 u_int16_t shuffle_generate16(struct shuffle *); 1351 1352 /* log.c */ 1353 void log_init(int, int); 1354 void log_procinit(const char *); 1355 void log_verbose(int); 1356 void log_warn(const char *, ...) 1357 __attribute__((__format__ (printf, 1, 2))); 1358 void log_warnx(const char *, ...) 1359 __attribute__((__format__ (printf, 1, 2))); 1360 void log_info(const char *, ...) 1361 __attribute__((__format__ (printf, 1, 2))); 1362 void log_debug(const char *, ...) 1363 __attribute__((__format__ (printf, 1, 2))); 1364 void logit(int, const char *, ...) 1365 __attribute__((__format__ (printf, 2, 3))); 1366 void vlog(int, const char *, va_list) 1367 __attribute__((__format__ (printf, 2, 0))); 1368 __dead void fatal(const char *, ...) 1369 __attribute__((__format__ (printf, 1, 2))); 1370 __dead void fatalx(const char *, ...) 1371 __attribute__((__format__ (printf, 1, 2))); 1372 1373 /* proc.c */ 1374 enum privsep_procid 1375 proc_getid(struct privsep_proc *, unsigned int, const char *); 1376 void proc_init(struct privsep *, struct privsep_proc *, unsigned int, 1377 int, char **, enum privsep_procid); 1378 void proc_kill(struct privsep *); 1379 void proc_connect(struct privsep *); 1380 void proc_dispatch(int, short event, void *); 1381 void proc_run(struct privsep *, struct privsep_proc *, 1382 struct privsep_proc *, unsigned int, 1383 void (*)(struct privsep *, struct privsep_proc *, void *), void *); 1384 void proc_range(struct privsep *, enum privsep_procid, int *, int *); 1385 int proc_compose_imsg(struct privsep *, enum privsep_procid, int, 1386 u_int16_t, u_int32_t, int, void *, u_int16_t); 1387 int proc_compose(struct privsep *, enum privsep_procid, 1388 uint16_t, void *, uint16_t); 1389 int proc_composev_imsg(struct privsep *, enum privsep_procid, int, 1390 u_int16_t, u_int32_t, int, const struct iovec *, int); 1391 int proc_composev(struct privsep *, enum privsep_procid, 1392 uint16_t, const struct iovec *, int); 1393 int proc_forward_imsg(struct privsep *, struct imsg *, 1394 enum privsep_procid, int); 1395 struct imsgbuf * 1396 proc_ibuf(struct privsep *, enum privsep_procid, int); 1397 struct imsgev * 1398 proc_iev(struct privsep *, enum privsep_procid, int); 1399 void imsg_event_add(struct imsgev *); 1400 int imsg_compose_event(struct imsgev *, uint16_t, uint32_t, 1401 pid_t, int, void *, uint16_t); 1402 int imsg_composev_event(struct imsgev *, uint16_t, uint32_t, 1403 pid_t, int, const struct iovec *, int); 1404 1405 /* config.c */ 1406 int config_init(struct relayd *); 1407 void config_purge(struct relayd *, u_int); 1408 int config_setreset(struct relayd *, u_int); 1409 int config_getreset(struct relayd *, struct imsg *); 1410 int config_getcfg(struct relayd *, struct imsg *); 1411 int config_settable(struct relayd *, struct table *); 1412 int config_gettable(struct relayd *, struct imsg *); 1413 int config_gethost(struct relayd *, struct imsg *); 1414 int config_setrdr(struct relayd *, struct rdr *); 1415 int config_getrdr(struct relayd *, struct imsg *); 1416 int config_getvirt(struct relayd *, struct imsg *); 1417 int config_setrt(struct relayd *, struct router *); 1418 int config_getrt(struct relayd *, struct imsg *); 1419 int config_getroute(struct relayd *, struct imsg *); 1420 int config_setproto(struct relayd *, struct protocol *); 1421 int config_getproto(struct relayd *, struct imsg *); 1422 int config_setrule(struct relayd *, struct protocol *); 1423 int config_getrule(struct relayd *, struct imsg *); 1424 int config_setrelay(struct relayd *, struct relay *); 1425 int config_getrelay(struct relayd *, struct imsg *); 1426 int config_getrelaytable(struct relayd *, struct imsg *); 1427 1428 #endif /* RELAYD_H */ 1429