GCC Code Coverage Report
Directory: ./ Exec Total Coverage
File: usr.sbin/relayd/relayd.h Lines: 0 1 0.0 %
Date: 2017-11-13 Branches: 0 4 0.0 %

Line Branch Exec Source
1
/*	$OpenBSD: relayd.h,v 1.242 2017/07/28 13:58:52 bluhm Exp $	*/
2
3
/*
4
 * Copyright (c) 2006 - 2016 Reyk Floeter <reyk@openbsd.org>
5
 * Copyright (c) 2006, 2007 Pierre-Yves Ritschard <pyr@openbsd.org>
6
 * Copyright (c) 2003, 2004 Henning Brauer <henning@openbsd.org>
7
 *
8
 * Permission to use, copy, modify, and distribute this software for any
9
 * purpose with or without fee is hereby granted, provided that the above
10
 * copyright notice and this permission notice appear in all copies.
11
 *
12
 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
13
 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
14
 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
15
 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
16
 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17
 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18
 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
 */
20
21
#ifndef RELAYD_H
22
#define RELAYD_H
23
24
#include <sys/types.h>
25
#include <sys/socket.h>
26
#include <sys/queue.h>
27
#include <sys/tree.h>
28
#include <sys/time.h>
29
30
#include <net/if.h>
31
#include <net/pfvar.h>
32
33
#include <stdarg.h>
34
#include <limits.h>
35
#include <siphash.h>
36
#include <event.h>
37
#include <imsg.h>
38
39
#include <openssl/ssl.h>
40
#include <tls.h>
41
42
#ifndef nitems
43
#define	nitems(_a)	(sizeof((_a)) / sizeof((_a)[0]))
44
#endif
45
46
#define CONF_FILE		"/etc/relayd.conf"
47
#define RELAYD_SOCKET		"/var/run/relayd.sock"
48
#define PF_SOCKET		"/dev/pf"
49
#define RELAYD_USER		"_relayd"
50
#define RELAYD_ANCHOR		"relayd"
51
#define RELAYD_SERVERNAME	"OpenBSD relayd"
52
#define CHECK_TIMEOUT		200
53
#define CHECK_INTERVAL		10
54
#define EMPTY_TABLE		UINT_MAX
55
#define EMPTY_ID		UINT_MAX
56
#define LABEL_NAME_SIZE		1024
57
#define TAG_NAME_SIZE		64
58
#define TABLE_NAME_SIZE		64
59
#define	RD_TAG_NAME_SIZE	64
60
#define	RT_LABEL_SIZE		32
61
#define SRV_NAME_SIZE		64
62
#define MAX_NAME_SIZE		64
63
#define SRV_MAX_VIRTS		16
64
#define TLS_NAME_SIZE		512
65
#define TLS_CERT_HASH_SIZE	128
66
#define RELAY_MAX_PREFETCH	256
67
#define RELAY_MIN_PREFETCHED	32
68
69
#define FD_RESERVE		5
70
71
#define RELAY_MAX_SESSIONS	1024
72
#define RELAY_TIMEOUT		600
73
#define RELAY_CACHESIZE		-1	/* use default size */
74
#define RELAY_NUMPROC		3
75
#define RELAY_MAXHOSTS		32
76
#define RELAY_MAXHEADERLENGTH	8192
77
#define RELAY_STATINTERVAL	60
78
#define RELAY_BACKLOG		10
79
#define RELAY_MAXLOOKUPLEVELS	5
80
#define RELAY_OUTOF_FD_RETRIES	5
81
#define RELAY_MAX_HASH_RETRIES	5
82
#define RELAY_TLS_PRIV_TIMEOUT	1000	/* wait 1sec for the ca */
83
84
#define CONFIG_RELOAD		0x00
85
#define CONFIG_TABLES		0x01
86
#define CONFIG_RDRS		0x02
87
#define CONFIG_RELAYS		0x04
88
#define CONFIG_PROTOS		0x08
89
#define CONFIG_ROUTES		0x10
90
#define CONFIG_RTS		0x20
91
#define CONFIG_CA_ENGINE	0x40
92
#define CONFIG_ALL		0xff
93
94
#define SMALL_READ_BUF_SIZE	1024
95
#define ICMP_BUF_SIZE		64
96
#define ICMP_RCVBUF_SIZE	262144
97
98
#define SNMP_RECONNECT_TIMEOUT	{ 3, 0 }	/* sec, usec */
99
100
#define PROC_PARENT_SOCK_FILENO	3
101
#define PROC_MAX_INSTANCES	32
102
103
#if DEBUG > 1
104
#define DPRINTF		log_debug
105
#define DEBUG_CERT	1
106
#else
107
#define DPRINTF(x...)	do {} while(0)
108
#endif
109
110
/* Used for DNS request ID randomization */
111
struct shuffle {
112
	u_int16_t	 id_shuffle[65536];
113
	int		 isindex;
114
};
115
116
typedef u_int32_t objid_t;
117
118
struct ctl_status {
119
	objid_t		 id;
120
	int		 up;
121
	int		 retry_cnt;
122
	u_long		 check_cnt;
123
	u_int16_t	 he;
124
};
125
126
struct ctl_id {
127
	objid_t		 id;
128
	char		 name[MAX_NAME_SIZE];
129
};
130
131
struct ctl_relaytable {
132
	objid_t		 id;
133
	objid_t		 relayid;
134
	int		 mode;
135
	u_int32_t	 flags;
136
};
137
138
struct ctl_script {
139
	objid_t		 host;
140
	int		 retval;
141
	struct timeval	 timeout;
142
	char		 name[HOST_NAME_MAX+1];
143
	char		 path[PATH_MAX];
144
};
145
146
struct ctl_demote {
147
	char		 group[IFNAMSIZ];
148
	int		 level;
149
};
150
151
struct ctl_icmp_event {
152
	struct relayd		*env;
153
	int			 s;
154
	int			 af;
155
	int			 last_up;
156
	struct event		 ev;
157
	struct timeval		 tv_start;
158
};
159
160
struct ctl_tcp_event {
161
	int			 s;
162
	char			*req;
163
	struct ibuf		*buf;
164
	struct host		*host;
165
	struct table		*table;
166
	struct timeval		 tv_start;
167
	struct event		 ev;
168
	int			(*validate_read)(struct ctl_tcp_event *);
169
	int			(*validate_close)(struct ctl_tcp_event *);
170
171
	struct tls		*tls;
172
};
173
174
enum direction {
175
	RELAY_DIR_INVALID	= -1,
176
	RELAY_DIR_ANY		=  0,
177
	RELAY_DIR_REQUEST	=  1,
178
	RELAY_DIR_RESPONSE	=  2
179
};
180
181
enum relay_state {
182
	STATE_INIT,
183
	STATE_PENDING,
184
	STATE_PRECONNECT,
185
	STATE_CONNECTED
186
};
187
188
struct ctl_relay_event {
189
	int			 s;
190
	in_port_t		 port;
191
	struct sockaddr_storage	 ss;
192
	struct bufferevent	*bev;
193
	struct evbuffer		*output;
194
	struct ctl_relay_event	*dst;
195
	struct rsession		*con;
196
197
	struct tls		*tls;
198
	struct tls_config	*tls_cfg;
199
200
	uint8_t			*tlscert;
201
	size_t			 tlscert_len;
202
203
	off_t			 splicelen;
204
	off_t			 toread;
205
	size_t			 headerlen;
206
	int			 line;
207
	int			 done;
208
	int			 timedout;
209
	enum relay_state	 state;
210
	enum direction		 dir;
211
212
	/* protocol-specific descriptor */
213
	void			*desc;
214
};
215
216
enum httpchunk {
217
	TOREAD_UNLIMITED		= -1,
218
	TOREAD_HTTP_HEADER		= -2,
219
	TOREAD_HTTP_CHUNK_LENGTH	= -3,
220
	TOREAD_HTTP_CHUNK_TRAILER	= -4
221
};
222
223
struct ctl_natlook {
224
	objid_t			 id;
225
	int			 proc;
226
227
	struct sockaddr_storage	 src;
228
	struct sockaddr_storage	 dst;
229
	struct sockaddr_storage	 rsrc;
230
	struct sockaddr_storage	 rdst;
231
	in_port_t		 rsport;
232
	in_port_t		 rdport;
233
	int			 in;
234
	int			 proto;
235
};
236
237
struct ctl_bindany {
238
	objid_t			 bnd_id;
239
	int			 bnd_proc;
240
241
	struct sockaddr_storage	 bnd_ss;
242
	in_port_t		 bnd_port;
243
	int			 bnd_proto;
244
};
245
246
struct ctl_keyop {
247
	char			 cko_hash[TLS_CERT_HASH_SIZE];
248
	int			 cko_proc;
249
	int			 cko_flen;
250
	int			 cko_tlen;
251
	int			 cko_padding;
252
};
253
254
struct ctl_stats {
255
	objid_t			 id;
256
	int			 proc;
257
258
	u_int64_t		 interval;
259
	u_int64_t		 cnt;
260
	u_int32_t		 tick;
261
	u_int32_t		 avg;
262
	u_int32_t		 last;
263
	u_int32_t		 avg_hour;
264
	u_int32_t		 last_hour;
265
	u_int32_t		 avg_day;
266
	u_int32_t		 last_day;
267
};
268
269
enum key_option {
270
	KEY_OPTION_NONE		= 0,
271
	KEY_OPTION_APPEND,
272
	KEY_OPTION_SET,
273
	KEY_OPTION_REMOVE,
274
	KEY_OPTION_HASH,
275
	KEY_OPTION_LOG
276
};
277
278
enum key_type {
279
	KEY_TYPE_NONE		= 0,
280
	KEY_TYPE_COOKIE,
281
	KEY_TYPE_HEADER,
282
	KEY_TYPE_PATH,
283
	KEY_TYPE_QUERY,
284
	KEY_TYPE_URL,
285
	KEY_TYPE_MAX
286
};
287
288
struct ctl_kvlen {
289
	ssize_t		 key;
290
	ssize_t		 value;
291
};
292
293
struct ctl_rule {
294
	struct ctl_kvlen kvlen[KEY_TYPE_MAX];
295
};
296
297
enum digest_type {
298
	DIGEST_NONE		= 0,
299
	DIGEST_SHA1		= 1,
300
	DIGEST_MD5		= 2
301
};
302
303
TAILQ_HEAD(kvlist, kv);
304
RB_HEAD(kvtree, kv);
305
306
struct kv {
307
	char			*kv_key;
308
	char			*kv_value;
309
310
	enum key_type		 kv_type;
311
	enum key_option		 kv_option;
312
	enum digest_type	 kv_digest;
313
314
#define KV_FLAG_MACRO		 0x01
315
#define KV_FLAG_INVALID		 0x02
316
#define KV_FLAG_GLOBBING	 0x04
317
	u_int8_t		 kv_flags;
318
319
	struct kvlist		 kv_children;
320
	struct kv		*kv_parent;
321
	TAILQ_ENTRY(kv)		 kv_entry;
322
323
	RB_ENTRY(kv)		 kv_node;
324
325
	/* A few pointers used by the rule actions */
326
	struct kv		*kv_match;
327
	struct kvtree		*kv_matchtree;
328
329
	TAILQ_ENTRY(kv)		 kv_match_entry;
330
	TAILQ_ENTRY(kv)		 kv_rule_entry;
331
	TAILQ_ENTRY(kv)		 kv_action_entry;
332
};
333
334
struct portrange {
335
	in_port_t		 val[2];
336
	u_int8_t		 op;
337
};
338
339
struct address {
340
	objid_t			 rdrid;
341
	struct sockaddr_storage	 ss;
342
	int			 ipproto;
343
	struct portrange	 port;
344
	char			 ifname[IFNAMSIZ];
345
	TAILQ_ENTRY(address)	 entry;
346
};
347
TAILQ_HEAD(addresslist, address);
348
349
union hashkey {
350
	/* Simplified version of pf_poolhashkey */
351
	u_int32_t		 data[4];
352
	SIPHASH_KEY		 siphashkey;
353
};
354
355
#define F_DISABLE		0x00000001
356
#define F_BACKUP		0x00000002
357
#define F_USED			0x00000004
358
#define F_DOWN			0x00000008
359
#define F_ADD			0x00000010
360
#define F_DEL			0x00000020
361
#define F_CHANGED		0x00000040
362
#define F_STICKY		0x00000080
363
#define F_CHECK_DONE		0x00000100
364
#define F_ACTIVE_RULESET	0x00000200
365
#define F_CHECK_SENT		0x00000400
366
#define F_TLS			0x00000800
367
#define F_NATLOOK		0x00001000
368
#define F_DEMOTE		0x00002000
369
#define F_LOOKUP_PATH		0x00004000
370
#define F_DEMOTED		0x00008000
371
#define F_UDP			0x00010000
372
#define F_RETURN		0x00020000
373
#define F_SNMP			0x00040000
374
#define F_NEEDPF		0x00080000
375
#define F_PORT			0x00100000
376
#define F_TLSCLIENT		0x00200000
377
#define F_NEEDRT		0x00400000
378
#define F_MATCH			0x00800000
379
#define F_DIVERT		0x01000000
380
#define F_SCRIPT		0x02000000
381
#define F_TLSINSPECT		0x04000000
382
#define F_HASHKEY		0x08000000
383
#define	F_SNMP_TRAPONLY		0x10000000
384
385
#define F_BITS								\
386
	"\10\01DISABLE\02BACKUP\03USED\04DOWN\05ADD\06DEL\07CHANGED"	\
387
	"\10STICKY-ADDRESS\11CHECK_DONE\12ACTIVE_RULESET\13CHECK_SENT"	\
388
	"\14TLS\15NAT_LOOKUP\16DEMOTE\17LOOKUP_PATH\20DEMOTED\21UDP"	\
389
	"\22RETURN\23TRAP\24NEEDPF\25PORT\26TLS_CLIENT\27NEEDRT"	\
390
	"\30MATCH\31DIVERT\32SCRIPT\33TLS_INSPECT\34HASHKEY"		\
391
	"\35SNMP_TRAPONLY"
392
393
enum forwardmode {
394
	FWD_NORMAL		= 0,
395
	FWD_ROUTE,
396
	FWD_TRANS
397
};
398
399
struct host_config {
400
	objid_t			 id;
401
	objid_t			 parentid;
402
	objid_t			 tableid;
403
	int			 retry;
404
	char			 name[HOST_NAME_MAX+1];
405
	struct sockaddr_storage	 ss;
406
	int			 ttl;
407
	int			 priority;
408
};
409
410
struct host {
411
	TAILQ_ENTRY(host)	 entry;
412
	TAILQ_ENTRY(host)	 globalentry;
413
	SLIST_ENTRY(host)	 child;
414
	SLIST_HEAD(,host)	 children;
415
	struct host_config	 conf;
416
	u_int32_t		 flags;
417
	char			*tablename;
418
	int			 up;
419
	int			 last_up;
420
	u_long			 check_cnt;
421
	u_long			 up_cnt;
422
	int			 retry_cnt;
423
	int			 idx;
424
	u_int16_t		 he;
425
	int			 code;
426
	struct ctl_tcp_event	 cte;
427
};
428
TAILQ_HEAD(hostlist, host);
429
430
enum host_error {
431
	HCE_NONE		= 0,
432
	HCE_ABORT,
433
	HCE_INTERVAL_TIMEOUT,
434
	HCE_ICMP_OK,
435
	HCE_ICMP_READ_TIMEOUT,
436
	HCE_ICMP_WRITE_TIMEOUT,
437
	HCE_TCP_SOCKET_ERROR,
438
	HCE_TCP_SOCKET_LIMIT,
439
	HCE_TCP_SOCKET_OPTION,
440
	HCE_TCP_CONNECT_FAIL,
441
	HCE_TCP_CONNECT_TIMEOUT,
442
	HCE_TCP_CONNECT_OK,
443
	HCE_TCP_WRITE_TIMEOUT,
444
	HCE_TCP_WRITE_FAIL,
445
	HCE_TCP_READ_TIMEOUT,
446
	HCE_TCP_READ_FAIL,
447
	HCE_SCRIPT_OK,
448
	HCE_SCRIPT_FAIL,
449
	HCE_TLS_CONNECT_ERROR,
450
	HCE_TLS_CONNECT_FAIL,
451
	HCE_TLS_CONNECT_OK,
452
	HCE_TLS_CONNECT_TIMEOUT,
453
	HCE_TLS_READ_TIMEOUT,
454
	HCE_TLS_WRITE_TIMEOUT,
455
	HCE_TLS_READ_ERROR,
456
	HCE_TLS_WRITE_ERROR,
457
	HCE_SEND_EXPECT_FAIL,
458
	HCE_SEND_EXPECT_OK,
459
	HCE_HTTP_CODE_ERROR,
460
	HCE_HTTP_CODE_FAIL,
461
	HCE_HTTP_CODE_OK,
462
	HCE_HTTP_DIGEST_ERROR,
463
	HCE_HTTP_DIGEST_FAIL,
464
	HCE_HTTP_DIGEST_OK,
465
};
466
467
enum host_status {
468
	HOST_DOWN	= -1,
469
	HOST_UNKNOWN	= 0,
470
	HOST_UP		= 1
471
};
472
#define HOST_ISUP(x)	(x == HOST_UP)
473
474
struct table_config {
475
	objid_t			 id;
476
	objid_t			 rdrid;
477
	u_int32_t		 flags;
478
	int			 check;
479
	char			 demote_group[IFNAMSIZ];
480
	char			 ifname[IFNAMSIZ];
481
	struct timeval		 timeout;
482
	in_port_t		 port;
483
	int			 retcode;
484
	int			 skip_cnt;
485
	char			 name[TABLE_NAME_SIZE];
486
	size_t			 name_len;
487
	char			 path[PATH_MAX];
488
	char			 exbuf[64];
489
	char			 digest[41]; /* length of sha1 digest * 2 */
490
	u_int8_t		 digest_type;
491
	enum forwardmode	 fwdmode;
492
};
493
494
struct table {
495
	TAILQ_ENTRY(table)	 entry;
496
	struct table_config	 conf;
497
	int			 up;
498
	int			 skipped;
499
	struct hostlist		 hosts;
500
	struct tls_config	*tls_cfg;
501
	char			*sendbuf;
502
};
503
TAILQ_HEAD(tablelist, table);
504
505
enum table_check {
506
	CHECK_NOCHECK		= 0,
507
	CHECK_ICMP		= 1,
508
	CHECK_TCP		= 2,
509
	CHECK_HTTP_CODE		= 3,
510
	CHECK_HTTP_DIGEST	= 4,
511
	CHECK_SEND_EXPECT	= 5,
512
	CHECK_SCRIPT		= 6
513
};
514
515
struct rdr_config {
516
	objid_t			 id;
517
	u_int32_t		 flags;
518
	in_port_t		 port;
519
	objid_t			 table_id;
520
	objid_t			 backup_id;
521
	int			 mode;
522
	union hashkey		 key;
523
	char			 name[SRV_NAME_SIZE];
524
	char			 tag[RD_TAG_NAME_SIZE];
525
	struct timeval		 timeout;
526
};
527
528
struct rdr {
529
	TAILQ_ENTRY(rdr)	 entry;
530
	struct rdr_config	 conf;
531
	struct addresslist	 virts;
532
	struct table		*table;
533
	struct table		*backup; /* use this if no host up */
534
	struct ctl_stats	 stats;
535
};
536
TAILQ_HEAD(rdrlist, rdr);
537
538
struct rsession {
539
	objid_t				 se_id;
540
	objid_t				 se_relayid;
541
	struct ctl_relay_event		 se_in;
542
	struct ctl_relay_event		 se_out;
543
	void				*se_priv;
544
	SIPHASH_CTX			 se_siphashctx;
545
	struct relay_table		*se_table;
546
	struct event			 se_ev;
547
	struct timeval			 se_timeout;
548
	struct timeval			 se_tv_start;
549
	struct timeval			 se_tv_last;
550
	struct event			 se_inflightevt;
551
	int				 se_done;
552
	int				 se_retry;
553
	int				 se_retrycount;
554
	int				 se_connectcount;
555
	int				 se_haslog;
556
	struct evbuffer			*se_log;
557
	struct relay			*se_relay;
558
	struct ctl_natlook		*se_cnl;
559
	int				 se_bnds;
560
	u_int16_t			 se_tag;
561
	u_int16_t			 se_label;
562
563
	int				 se_cid;
564
	pid_t				 se_pid;
565
	SPLAY_ENTRY(rsession)		 se_nodes;
566
	TAILQ_ENTRY(rsession)		 se_entry;
567
};
568
SPLAY_HEAD(session_tree, rsession);
569
TAILQ_HEAD(sessionlist, rsession);
570
571
enum prototype {
572
	RELAY_PROTO_TCP		= 0,
573
	RELAY_PROTO_HTTP,
574
	RELAY_PROTO_DNS
575
};
576
577
enum relay_result {
578
	RES_DROP		= 0,
579
	RES_PASS		= 1,
580
	RES_FAIL		= -1,
581
	RES_BAD			= -2,
582
	RES_INTERNAL		= -3
583
};
584
585
enum rule_action {
586
	RULE_ACTION_MATCH	= 0,
587
	RULE_ACTION_PASS,
588
	RULE_ACTION_BLOCK
589
};
590
591
struct rule_addr {
592
	int				 addr_af;
593
	struct sockaddr_storage		 addr;
594
	u_int8_t			 addr_mask;
595
	int				 addr_net;
596
	in_port_t			 addr_port;
597
};
598
599
#define RELAY_ADDR_EQ(_a, _b)						\
600
	((_a)->addr_mask == (_b)->addr_mask &&				\
601
	sockaddr_cmp((struct sockaddr *)&(_a)->addr,			\
602
	(struct sockaddr *)&(_b)->addr, (_a)->addr_mask) == 0)
603
604
#define RELAY_ADDR_CMP(_a, _b)						\
605
	sockaddr_cmp((struct sockaddr *)&(_a)->addr,			\
606
	(struct sockaddr *)(_b), (_a)->addr_mask)
607
608
#define RELAY_ADDR_NEQ(_a, _b)						\
609
	((_a)->addr_mask != (_b)->addr_mask ||				\
610
	sockaddr_cmp((struct sockaddr *)&(_a)->addr,			\
611
	(struct sockaddr *)&(_b)->addr, (_a)->addr_mask) != 0)
612
613
struct relay_rule {
614
	objid_t			 rule_id;
615
	objid_t			 rule_protoid;
616
617
	u_int			 rule_action;
618
#define RULE_SKIP_PROTO		 0
619
#define RULE_SKIP_DIR		 1
620
#define RULE_SKIP_AF		 2
621
#define RULE_SKIP_SRC		 3
622
#define RULE_SKIP_DST		 4
623
#define RULE_SKIP_METHOD	 5
624
#define RULE_SKIP_COUNT		 6
625
	struct relay_rule	*rule_skip[RULE_SKIP_COUNT];
626
627
#define RULE_FLAG_QUICK		0x01
628
	u_int8_t		 rule_flags;
629
630
	int			 rule_label;
631
	int			 rule_tag;
632
	int			 rule_tagged;
633
	enum direction		 rule_dir;
634
	u_int			 rule_proto;
635
	int			 rule_af;
636
	struct rule_addr	 rule_src;
637
	struct rule_addr	 rule_dst;
638
	struct relay_table	*rule_table;
639
640
	u_int			 rule_method;
641
	char			 rule_labelname[LABEL_NAME_SIZE];
642
	char			 rule_tablename[TABLE_NAME_SIZE];
643
	char			 rule_taggedname[TAG_NAME_SIZE];
644
	char			 rule_tagname[TAG_NAME_SIZE];
645
646
	struct ctl_rule		 rule_ctl;
647
	struct kv		 rule_kv[KEY_TYPE_MAX];
648
	struct kvlist		 rule_kvlist;
649
650
	TAILQ_ENTRY(relay_rule)	 rule_entry;
651
};
652
TAILQ_HEAD(relay_rules, relay_rule);
653
654
#define TCPFLAG_NODELAY		0x01
655
#define TCPFLAG_NNODELAY	0x02
656
#define TCPFLAG_SACK		0x04
657
#define TCPFLAG_NSACK		0x08
658
#define TCPFLAG_BUFSIZ		0x10
659
#define TCPFLAG_IPTTL		0x20
660
#define TCPFLAG_IPMINTTL	0x40
661
#define TCPFLAG_NSPLICE		0x80
662
#define TCPFLAG_DEFAULT		0x00
663
664
#define TCPFLAG_BITS						\
665
	"\10\01NODELAY\02NO_NODELAY\03SACK\04NO_SACK"		\
666
	"\05SOCKET_BUFFER_SIZE\06IP_TTL\07IP_MINTTL\10NO_SPLICE"
667
668
#define TLSFLAG_SSLV3				0x01
669
#define TLSFLAG_TLSV1_0				0x02
670
#define TLSFLAG_TLSV1_1				0x04
671
#define TLSFLAG_TLSV1_2				0x08
672
#define TLSFLAG_TLSV1				0x0e
673
#define TLSFLAG_VERSION				0x1f
674
#define TLSFLAG_CIPHER_SERVER_PREF		0x20
675
#define TLSFLAG_CLIENT_RENEG			0x40
676
#define TLSFLAG_DEFAULT				\
677
	(TLSFLAG_TLSV1_2|TLSFLAG_CIPHER_SERVER_PREF)
678
679
#define TLSFLAG_BITS						\
680
	"\06\01sslv3\02tlsv1.0\03tlsv1.1\04tlsv1.2"	\
681
	"\06cipher-server-preference\07client-renegotiation"
682
683
#define TLSCIPHERS_DEFAULT	"HIGH:!aNULL"
684
#define TLSECDHCURVE_DEFAULT	"auto"
685
#define TLSDHPARAM_DEFAULT	"none"
686
687
struct relay_ticket_key {
688
	uint32_t	tt_keyrev;
689
	unsigned char	tt_key[TLS_TICKET_KEY_SIZE];
690
};
691
#define	TLS_SESSION_LIFETIME	(2 * 3600)
692
693
struct protocol {
694
	objid_t			 id;
695
	u_int32_t		 flags;
696
	u_int8_t		 tcpflags;
697
	int			 tcpbufsiz;
698
	int			 tcpbacklog;
699
	u_int8_t		 tcpipttl;
700
	u_int8_t		 tcpipminttl;
701
	u_int8_t		 tlsflags;
702
	char			 tlsciphers[768];
703
	char			 tlsdhparams[128];
704
	char			 tlsecdhcurve[128];
705
	char			 tlsca[PATH_MAX];
706
	char			 tlscacert[PATH_MAX];
707
	char			 tlscakey[PATH_MAX];
708
	char			*tlscapass;
709
	char			 name[MAX_NAME_SIZE];
710
	int			 tickets;
711
	enum prototype		 type;
712
	char			*style;
713
714
	int			(*cmp)(struct rsession *, struct rsession *);
715
	void			*(*validate)(struct rsession *, struct relay *,
716
				    struct sockaddr_storage *,
717
				    u_int8_t *, size_t);
718
	int			(*request)(struct rsession *);
719
	void			(*close)(struct rsession *);
720
721
	struct relay_rules	 rules;
722
	int			 rulecount;
723
724
	TAILQ_ENTRY(protocol)	 entry;
725
};
726
TAILQ_HEAD(protolist, protocol);
727
728
struct relay_table {
729
	struct table		*rlt_table;
730
	u_int32_t		 rlt_flags;
731
	int			 rlt_mode;
732
	u_int32_t		 rlt_index;
733
	struct host		*rlt_host[RELAY_MAXHOSTS];
734
	int			 rlt_nhosts;
735
	TAILQ_ENTRY(relay_table) rlt_entry;
736
};
737
TAILQ_HEAD(relaytables, relay_table);
738
739
struct ca_pkey {
740
	char			 pkey_hash[TLS_CERT_HASH_SIZE];
741
	EVP_PKEY		*pkey;
742
	TAILQ_ENTRY(ca_pkey)	 pkey_entry;
743
};
744
TAILQ_HEAD(ca_pkeylist, ca_pkey);
745
746
struct relay_config {
747
	objid_t			 id;
748
	u_int32_t		 flags;
749
	objid_t			 proto;
750
	char			 name[HOST_NAME_MAX+1];
751
	in_port_t		 port;
752
	in_port_t		 dstport;
753
	int			 dstretry;
754
	struct sockaddr_storage	 ss;
755
	struct sockaddr_storage	 dstss;
756
	struct sockaddr_storage	 dstaf;
757
	struct timeval		 timeout;
758
	enum forwardmode	 fwdmode;
759
	union hashkey		 hashkey;
760
	off_t			 tls_cert_len;
761
	off_t			 tls_key_len;
762
	objid_t			 tls_keyid;
763
	off_t			 tls_ca_len;
764
	off_t			 tls_cacert_len;
765
	off_t			 tls_cakey_len;
766
	objid_t			 tls_cakeyid;
767
};
768
769
struct relay {
770
	TAILQ_ENTRY(relay)	 rl_entry;
771
	struct relay_config	 rl_conf;
772
773
	int			 rl_up;
774
	struct protocol		*rl_proto;
775
	int			 rl_s;
776
	struct bufferevent	*rl_bev;
777
778
	int			 rl_dsts;
779
	struct bufferevent	*rl_dstbev;
780
781
	struct relaytables	 rl_tables;
782
783
	struct event		 rl_ev;
784
	struct event		 rl_evt;
785
786
	struct tls_config	*rl_tls_cfg;
787
	struct tls_config	*rl_tls_client_cfg;
788
	struct tls		*rl_tls_ctx;
789
790
	char			*rl_tls_cert;
791
	char			*rl_tls_key;
792
	EVP_PKEY		*rl_tls_pkey;
793
	char			*rl_tls_ca;
794
	char			*rl_tls_cacert;
795
	X509			*rl_tls_cacertx509;
796
	char			*rl_tls_cakey;
797
	EVP_PKEY		*rl_tls_capkey;
798
799
	struct ctl_stats	 rl_stats[PROC_MAX_INSTANCES + 1];
800
801
	struct session_tree	 rl_sessions;
802
};
803
TAILQ_HEAD(relaylist, relay);
804
805
enum dstmode {
806
	RELAY_DSTMODE_LOADBALANCE = 0,
807
	RELAY_DSTMODE_ROUNDROBIN,
808
	RELAY_DSTMODE_HASH,
809
	RELAY_DSTMODE_SRCHASH,
810
	RELAY_DSTMODE_LEASTSTATES,
811
	RELAY_DSTMODE_RANDOM
812
};
813
#define RELAY_DSTMODE_DEFAULT		RELAY_DSTMODE_ROUNDROBIN
814
815
struct netroute_config {
816
	objid_t			 id;
817
	struct sockaddr_storage	 ss;
818
	int			 prefixlen;
819
	objid_t			 routerid;
820
};
821
822
struct netroute {
823
	struct netroute_config	 nr_conf;
824
825
	TAILQ_ENTRY(netroute)	 nr_entry;
826
	TAILQ_ENTRY(netroute)	 nr_route;
827
828
	struct router		*nr_router;
829
};
830
TAILQ_HEAD(netroutelist, netroute);
831
832
struct router_config {
833
	objid_t			 id;
834
	u_int32_t		 flags;
835
	char			 name[HOST_NAME_MAX+1];
836
	char			 label[RT_LABEL_SIZE];
837
	int			 nroutes;
838
	objid_t			 gwtable;
839
	in_port_t		 gwport;
840
	int			 rtable;
841
	int			 af;
842
};
843
844
struct router {
845
	struct router_config	 rt_conf;
846
847
	struct table		*rt_gwtable;
848
	struct netroutelist	 rt_netroutes;
849
850
	TAILQ_ENTRY(router)	 rt_entry;
851
};
852
TAILQ_HEAD(routerlist, router);
853
854
struct ctl_netroute {
855
	int			up;
856
	struct host_config	host;
857
	struct netroute_config	nr;
858
	struct router_config	rt;
859
};
860
861
/* initially control.h */
862
struct control_sock {
863
	const char	*cs_name;
864
	struct event	 cs_ev;
865
	struct event	 cs_evt;
866
	int		 cs_fd;
867
	int		 cs_restricted;
868
	void		*cs_env;
869
870
	TAILQ_ENTRY(control_sock) cs_entry;
871
};
872
TAILQ_HEAD(control_socks, control_sock);
873
874
struct {
875
	struct event	 ev;
876
	int		 fd;
877
} control_state;
878
879
struct imsgev {
880
	struct imsgbuf		 ibuf;
881
	void			(*handler)(int, short, void *);
882
	struct event		 ev;
883
	struct privsep_proc	*proc;
884
	void			*data;
885
	short			 events;
886
};
887
888
#define IMSG_SIZE_CHECK(imsg, p) do {				\
889
	if (IMSG_DATA_SIZE(imsg) < sizeof(*p))			\
890
		fatalx("bad length imsg received");		\
891
} while (0)
892
#define IMSG_DATA_SIZE(imsg)	((imsg)->hdr.len - IMSG_HEADER_SIZE)
893
894
struct ctl_conn {
895
	TAILQ_ENTRY(ctl_conn)	 entry;
896
	u_int8_t		 flags;
897
	u_int			 waiting;
898
#define CTL_CONN_NOTIFY		 0x01
899
	struct imsgev		 iev;
900
901
};
902
TAILQ_HEAD(ctl_connlist, ctl_conn);
903
904
enum imsg_type {
905
	IMSG_NONE,
906
	IMSG_CTL_OK,		/* answer to relayctl requests */
907
	IMSG_CTL_FAIL,
908
	IMSG_CTL_VERBOSE,
909
	IMSG_CTL_PROCFD,
910
	IMSG_CTL_END,
911
	IMSG_CTL_RDR,
912
	IMSG_CTL_TABLE,
913
	IMSG_CTL_HOST,
914
	IMSG_CTL_RELAY,
915
	IMSG_CTL_SESSION,
916
	IMSG_CTL_ROUTER,
917
	IMSG_CTL_NETROUTE,
918
	IMSG_CTL_TABLE_CHANGED,
919
	IMSG_CTL_PULL_RULESET,
920
	IMSG_CTL_PUSH_RULESET,
921
	IMSG_CTL_SHOW_SUM,	/* relayctl requests */
922
	IMSG_CTL_RDR_ENABLE,
923
	IMSG_CTL_RDR_DISABLE,
924
	IMSG_CTL_TABLE_ENABLE,
925
	IMSG_CTL_TABLE_DISABLE,
926
	IMSG_CTL_HOST_ENABLE,
927
	IMSG_CTL_HOST_DISABLE,
928
	IMSG_CTL_SHUTDOWN,
929
	IMSG_CTL_START,
930
	IMSG_CTL_RELOAD,
931
	IMSG_CTL_RESET,
932
	IMSG_CTL_POLL,
933
	IMSG_CTL_NOTIFY,
934
	IMSG_CTL_RDR_STATS,
935
	IMSG_CTL_RELAY_STATS,
936
	IMSG_RDR_ENABLE,	/* notifies from pfe to hce */
937
	IMSG_RDR_DISABLE,
938
	IMSG_TABLE_ENABLE,
939
	IMSG_TABLE_DISABLE,
940
	IMSG_HOST_ENABLE,
941
	IMSG_HOST_DISABLE,
942
	IMSG_HOST_STATUS,	/* notifies from hce to pfe */
943
	IMSG_SYNC,
944
	IMSG_NATLOOK,
945
	IMSG_DEMOTE,
946
	IMSG_STATISTICS,
947
	IMSG_SCRIPT,
948
	IMSG_SNMPSOCK,
949
	IMSG_BINDANY,
950
	IMSG_RTMSG,		/* from pfe to parent */
951
	IMSG_CFG_TABLE,		/* configuration from parent */
952
	IMSG_CFG_HOST,
953
	IMSG_CFG_RDR,
954
	IMSG_CFG_VIRT,
955
	IMSG_CFG_ROUTER,
956
	IMSG_CFG_ROUTE,
957
	IMSG_CFG_PROTO,
958
	IMSG_CFG_RULE,
959
	IMSG_CFG_RELAY,
960
	IMSG_CFG_RELAY_TABLE,
961
	IMSG_CFG_DONE,
962
	IMSG_CA_PRIVENC,
963
	IMSG_CA_PRIVDEC,
964
	IMSG_SESS_PUBLISH,	/* from relay to hce */
965
	IMSG_SESS_UNPUBLISH,
966
	IMSG_TLSTICKET_REKEY
967
};
968
969
enum privsep_procid {
970
	PROC_ALL	= -1,
971
	PROC_PARENT	= 0,
972
	PROC_HCE,
973
	PROC_RELAY,
974
	PROC_PFE,
975
	PROC_CA,
976
	PROC_MAX
977
} privsep_process;
978
979
/* Attach the control socket to the following process */
980
#define PROC_CONTROL	PROC_PFE
981
982
struct privsep_pipes {
983
	int				*pp_pipes[PROC_MAX];
984
};
985
986
struct privsep {
987
	struct privsep_pipes		*ps_pipes[PROC_MAX];
988
	struct privsep_pipes		*ps_pp;
989
990
	struct imsgev			*ps_ievs[PROC_MAX];
991
	const char			*ps_title[PROC_MAX];
992
	u_int8_t			 ps_what[PROC_MAX];
993
994
	u_int				 ps_instances[PROC_MAX];
995
	u_int				 ps_instance;
996
997
	struct control_sock		 ps_csock;
998
	struct control_socks		 ps_rcsocks;
999
1000
	/* Event and signal handlers */
1001
	struct event			 ps_evsigint;
1002
	struct event			 ps_evsigterm;
1003
	struct event			 ps_evsigchld;
1004
	struct event			 ps_evsighup;
1005
	struct event			 ps_evsigpipe;
1006
	struct event			 ps_evsigusr1;
1007
1008
	int				 ps_noaction;
1009
	struct passwd			*ps_pw;
1010
	struct relayd			*ps_env;
1011
};
1012
1013
struct privsep_proc {
1014
	const char		*p_title;
1015
	enum privsep_procid	 p_id;
1016
	int			(*p_cb)(int, struct privsep_proc *,
1017
				    struct imsg *);
1018
	void			(*p_init)(struct privsep *,
1019
				    struct privsep_proc *);
1020
	const char		*p_chroot;
1021
	struct privsep		*p_ps;
1022
	void			(*p_shutdown)(void);
1023
	struct passwd		*p_pw;
1024
};
1025
1026
struct privsep_fd {
1027
	enum privsep_procid		 pf_procid;
1028
	unsigned int			 pf_instance;
1029
};
1030
1031
struct relayd_config {
1032
	char			 tls_sid[SSL_MAX_SID_CTX_LENGTH];
1033
	char			 snmp_path[PATH_MAX];
1034
	struct timeval		 interval;
1035
	struct timeval		 timeout;
1036
	struct timeval		 statinterval;
1037
	u_int16_t		 prefork_relay;
1038
	u_int16_t		 opts;
1039
	u_int32_t		 flags;
1040
};
1041
1042
struct pfdata {
1043
	int			 dev;
1044
	struct pf_anchor	*anchor;
1045
	struct pfioc_trans	 pft;
1046
	struct pfioc_trans_e	 pfte;
1047
	u_int8_t		 pfused;
1048
};
1049
1050
struct relayd {
1051
	struct relayd_config	 sc_conf;
1052
	const char		*sc_conffile;
1053
	struct pfdata		*sc_pf;
1054
	int			 sc_rtsock;
1055
	int			 sc_rtseq;
1056
	int			 sc_tablecount;
1057
	int			 sc_rdrcount;
1058
	int			 sc_protocount;
1059
	int			 sc_relaycount;
1060
	int			 sc_routercount;
1061
	int			 sc_routecount;
1062
	struct table		 sc_empty_table;
1063
	struct protocol		 sc_proto_default;
1064
	struct event		 sc_ev;
1065
	struct tablelist	*sc_tables;
1066
	struct hostlist		 sc_hosts;
1067
	struct rdrlist		*sc_rdrs;
1068
	struct protolist	*sc_protos;
1069
	struct relaylist	*sc_relays;
1070
	struct routerlist	*sc_rts;
1071
	struct netroutelist	*sc_routes;
1072
	struct ca_pkeylist	*sc_pkeys;
1073
	struct sessionlist	 sc_sessions;
1074
	char			 sc_demote_group[IFNAMSIZ];
1075
	u_int16_t		 sc_id;
1076
	int			 sc_rtable;
1077
1078
	struct event		 sc_statev;
1079
1080
	int			 sc_snmp;
1081
	struct event		 sc_snmpto;
1082
	struct event		 sc_snmpev;
1083
1084
	int			 sc_has_icmp;
1085
	int			 sc_has_icmp6;
1086
	struct ctl_icmp_event	 sc_icmp_send;
1087
	struct ctl_icmp_event	 sc_icmp_recv;
1088
	struct ctl_icmp_event	 sc_icmp6_send;
1089
	struct ctl_icmp_event	 sc_icmp6_recv;
1090
1091
	struct relay_ticket_key	 sc_ticket;
1092
1093
	struct privsep		*sc_ps;
1094
	int			 sc_reload;
1095
};
1096
1097
#define RELAYD_OPT_VERBOSE		0x01
1098
#define RELAYD_OPT_NOACTION		0x04
1099
#define RELAYD_OPT_LOGUPDATE		0x08
1100
#define RELAYD_OPT_LOGNOTIFY		0x10
1101
#define RELAYD_OPT_LOGALL		0x18
1102
1103
/* control.c */
1104
int	 control_init(struct privsep *, struct control_sock *);
1105
int	 control_listen(struct control_sock *);
1106
void	 control_cleanup(struct control_sock *);
1107
void	 control_dispatch_imsg(int, short, void *);
1108
void	 control_imsg_forward(struct privsep *ps, struct imsg *);
1109
struct ctl_conn	*
1110
	 control_connbyfd(int);
1111
1112
extern  struct ctl_connlist ctl_conns;
1113
1114
/* parse.y */
1115
int	 parse_config(const char *, struct relayd *);
1116
int	 load_config(const char *, struct relayd *);
1117
int	 cmdline_symset(char *);
1118
1119
/* util.c */
1120
const char *host_error(enum host_error);
1121
const char *host_status(enum host_status);
1122
const char *table_check(enum table_check);
1123
const char *print_availability(u_long, u_long);
1124
const char *print_host(struct sockaddr_storage *, char *, size_t);
1125
const char *print_time(struct timeval *, struct timeval *, char *, size_t);
1126
const char *printb_flags(const u_int32_t, const char *);
1127
void	 getmonotime(struct timeval *);
1128
1129
/* pfe.c */
1130
void	 pfe(struct privsep *, struct privsep_proc *);
1131
void	 show(struct ctl_conn *);
1132
void	 show_sessions(struct ctl_conn *);
1133
int	 enable_rdr(struct ctl_conn *, struct ctl_id *);
1134
int	 enable_table(struct ctl_conn *, struct ctl_id *);
1135
int	 enable_host(struct ctl_conn *, struct ctl_id *, struct host *);
1136
int	 disable_rdr(struct ctl_conn *, struct ctl_id *);
1137
int	 disable_table(struct ctl_conn *, struct ctl_id *);
1138
int	 disable_host(struct ctl_conn *, struct ctl_id *, struct host *);
1139
1140
/* pfe_filter.c */
1141
void	 init_tables(struct relayd *);
1142
void	 flush_table(struct relayd *, struct rdr *);
1143
void	 sync_table(struct relayd *, struct rdr *, struct table *);
1144
void	 sync_ruleset(struct relayd *, struct rdr *, int);
1145
void	 flush_rulesets(struct relayd *);
1146
int	 natlook(struct relayd *, struct ctl_natlook *);
1147
u_int64_t
1148
	 check_table(struct relayd *, struct rdr *, struct table *);
1149
1150
/* pfe_route.c */
1151
void	 init_routes(struct relayd *);
1152
void	 sync_routes(struct relayd *, struct router *);
1153
int	 pfe_route(struct relayd *, struct ctl_netroute *);
1154
1155
/* hce.c */
1156
void	 hce(struct privsep *, struct privsep_proc *);
1157
void	 hce_notify_done(struct host *, enum host_error);
1158
1159
/* relay.c */
1160
void	 relay(struct privsep *, struct privsep_proc *);
1161
int	 relay_privinit(struct relay *);
1162
void	 relay_notify_done(struct host *, const char *);
1163
int	 relay_session_cmp(struct rsession *, struct rsession *);
1164
int	 relay_load_certfiles(struct relay *);
1165
void	 relay_close(struct rsession *, const char *);
1166
void	 relay_natlook(int, short, void *);
1167
void	 relay_session(struct rsession *);
1168
int	 relay_from_table(struct rsession *);
1169
int	 relay_socket_af(struct sockaddr_storage *, in_port_t);
1170
in_port_t
1171
	 relay_socket_getport(struct sockaddr_storage *);
1172
int	 relay_cmp_af(struct sockaddr_storage *,
1173
	    struct sockaddr_storage *);
1174
void	 relay_write(struct bufferevent *, void *);
1175
void	 relay_read(struct bufferevent *, void *);
1176
int	 relay_splice(struct ctl_relay_event *);
1177
int	 relay_splicelen(struct ctl_relay_event *);
1178
int	 relay_spliceadjust(struct ctl_relay_event *);
1179
void	 relay_error(struct bufferevent *, short, void *);
1180
int	 relay_preconnect(struct rsession *);
1181
int	 relay_connect(struct rsession *);
1182
void	 relay_connected(int, short, void *);
1183
void	 relay_bindanyreq(struct rsession *, in_port_t, int);
1184
void	 relay_bindany(int, short, void *);
1185
void	 relay_dump(struct ctl_relay_event *, const void *, size_t);
1186
int	 relay_bufferevent_add(struct event *, int);
1187
int	 relay_bufferevent_print(struct ctl_relay_event *, const char *);
1188
int	 relay_bufferevent_write_buffer(struct ctl_relay_event *,
1189
	    struct evbuffer *);
1190
int	 relay_bufferevent_write_chunk(struct ctl_relay_event *,
1191
	    struct evbuffer *, size_t);
1192
int	 relay_bufferevent_write(struct ctl_relay_event *,
1193
	    void *, size_t);
1194
int	 relay_test(struct protocol *, struct ctl_relay_event *);
1195
void	 relay_calc_skip_steps(struct relay_rules *);
1196
void	 relay_match(struct kvlist *, struct kv *, struct kv *,
1197
	    struct kvtree *);
1198
void	 relay_session_insert(struct rsession *);
1199
void	 relay_session_remove(struct rsession *);
1200
void	 relay_session_publish(struct rsession *);
1201
void	 relay_session_unpublish(struct rsession *);
1202
1203
SPLAY_PROTOTYPE(session_tree, rsession, se_nodes, relay_session_cmp);
1204
1205
/* relay_http.c */
1206
void	 relay_http(struct relayd *);
1207
void	 relay_http_init(struct relay *);
1208
void	 relay_abort_http(struct rsession *, u_int, const char *,
1209
	    u_int16_t);
1210
void	 relay_read_http(struct bufferevent *, void *);
1211
void	 relay_close_http(struct rsession *);
1212
u_int	 relay_httpmethod_byname(const char *);
1213
const char
1214
	*relay_httpmethod_byid(u_int);
1215
const char
1216
	*relay_httperror_byid(u_int);
1217
int	 relay_httpdesc_init(struct ctl_relay_event *);
1218
ssize_t	 relay_http_time(time_t, char *, size_t);
1219
1220
/* relay_udp.c */
1221
void	 relay_udp_privinit(struct relay *);
1222
void	 relay_udp_init(struct relayd *, struct relay *);
1223
int	 relay_udp_bind(struct sockaddr_storage *, in_port_t,
1224
	    struct protocol *);
1225
void	 relay_udp_server(int, short, void *);
1226
1227
/* check_icmp.c */
1228
void	 icmp_init(struct relayd *);
1229
void	 schedule_icmp(struct relayd *, struct host *);
1230
void	 check_icmp(struct relayd *, struct timeval *);
1231
1232
/* check_tcp.c */
1233
void	 check_tcp(struct ctl_tcp_event *);
1234
1235
/* check_tls.c */
1236
void	 check_tls(struct ctl_tcp_event *);
1237
1238
/* check_script.c */
1239
void	 check_script(struct relayd *, struct host *);
1240
void	 script_done(struct relayd *, struct ctl_script *);
1241
int	 script_exec(struct relayd *, struct ctl_script *);
1242
1243
/* ssl.c */
1244
void	 ssl_init(struct relayd *);
1245
char	*ssl_load_key(struct relayd *, const char *, off_t *, char *);
1246
uint8_t *ssl_update_certificate(const uint8_t *, size_t, EVP_PKEY *,
1247
	    EVP_PKEY *, X509 *, size_t *);
1248
int	 ssl_load_pkey(char *, off_t, X509 **, EVP_PKEY **);
1249
int	 ssl_ctx_fake_private_key(char *, off_t, const char **);
1250
1251
/* ca.c */
1252
void	 ca(struct privsep *, struct privsep_proc *);
1253
void	 ca_engine_init(struct relayd *);
1254
void	 hash_x509(X509 *cert, char *hash, size_t hashlen);
1255
1256
/* relayd.c */
1257
struct host	*host_find(struct relayd *, objid_t);
1258
struct table	*table_find(struct relayd *, objid_t);
1259
struct rdr	*rdr_find(struct relayd *, objid_t);
1260
struct netroute	*route_find(struct relayd *, objid_t);
1261
struct router	*router_find(struct relayd *, objid_t);
1262
struct host	*host_findbyname(struct relayd *, const char *);
1263
struct table	*table_findbyname(struct relayd *, const char *);
1264
struct table	*table_findbyconf(struct relayd *, struct table *);
1265
struct rdr	*rdr_findbyname(struct relayd *, const char *);
1266
void		 event_again(struct event *, int, short,
1267
		    void (*)(int, short, void *),
1268
		    struct timeval *, struct timeval *, void *);
1269
struct relay	*relay_find(struct relayd *, objid_t);
1270
struct protocol	*proto_find(struct relayd *, objid_t);
1271
struct rsession	*session_find(struct relayd *, objid_t);
1272
struct relay	*relay_findbyname(struct relayd *, const char *);
1273
struct relay	*relay_findbyaddr(struct relayd *, struct relay_config *);
1274
EVP_PKEY	*pkey_find(struct relayd *, char *hash);
1275
struct ca_pkey	*pkey_add(struct relayd *, EVP_PKEY *, char *hash);
1276
int		 expand_string(char *, size_t, const char *, const char *);
1277
void		 translate_string(char *);
1278
void		 purge_key(char **, off_t);
1279
void		 purge_table(struct relayd *, struct tablelist *,
1280
		    struct table *);
1281
void		 purge_relay(struct relayd *, struct relay *);
1282
char		*digeststr(enum digest_type, const u_int8_t *, size_t, char *);
1283
const char	*canonicalize_host(const char *, char *, size_t);
1284
int		 parse_url(const char *, char **, char **, char **);
1285
int		 map6to4(struct sockaddr_storage *);
1286
int		 map4to6(struct sockaddr_storage *, struct sockaddr_storage *);
1287
void		 imsg_event_add(struct imsgev *);
1288
int		 imsg_compose_event(struct imsgev *, u_int16_t, u_int32_t,
1289
		    pid_t, int, void *, u_int16_t);
1290
void		 socket_rlimit(int);
1291
char		*get_string(u_int8_t *, size_t);
1292
void		*get_data(u_int8_t *, size_t);
1293
int		 sockaddr_cmp(struct sockaddr *, struct sockaddr *, int);
1294
struct in6_addr *prefixlen2mask6(u_int8_t, u_int32_t *);
1295
u_int32_t	 prefixlen2mask(u_int8_t);
1296
int		 accept_reserve(int, struct sockaddr *, socklen_t *, int,
1297
		     volatile int *);
1298
struct kv	*kv_add(struct kvtree *, char *, char *, int);
1299
int		 kv_set(struct kv *, char *, ...);
1300
int		 kv_setkey(struct kv *, char *, ...);
1301
void		 kv_delete(struct kvtree *, struct kv *);
1302
struct kv	*kv_extend(struct kvtree *, struct kv *, char *);
1303
void		 kv_purge(struct kvtree *);
1304
void		 kv_free(struct kv *);
1305
struct kv	*kv_inherit(struct kv *, struct kv *);
1306
void		 relay_log(struct rsession *, char *);
1307
int		 kv_log(struct rsession *, struct kv *, u_int16_t,
1308
		     enum direction);
1309
struct kv	*kv_find(struct kvtree *, struct kv *);
1310
int		 kv_cmp(struct kv *, struct kv *);
1311
int		 rule_add(struct protocol *, struct relay_rule *, const char
1312
		     *);
1313
void		 rule_delete(struct relay_rules *, struct relay_rule *);
1314
void		 rule_free(struct relay_rule *);
1315
struct relay_rule
1316
		*rule_inherit(struct relay_rule *);
1317
void		 rule_settable(struct relay_rules *, struct relay_table *);
1318
RB_PROTOTYPE(kvtree, kv, kv_node, kv_cmp);
1319
1320
/* carp.c */
1321
int	 carp_demote_init(char *, int);
1322
void	 carp_demote_shutdown(void);
1323
int	 carp_demote_get(char *);
1324
int	 carp_demote_set(char *, int);
1325
int	 carp_demote_reset(char *, int);
1326
1327
/* name2id.c */
1328
u_int16_t	 label_name2id(const char *);
1329
const char	*label_id2name(u_int16_t);
1330
void		 label_unref(u_int16_t);
1331
void		 label_ref(u_int16_t);
1332
u_int16_t	 tag_name2id(const char *);
1333
const char	*tag_id2name(u_int16_t);
1334
void		 tag_unref(u_int16_t);
1335
void		 tag_ref(u_int16_t);
1336
1337
/* snmp.c */
1338
void	 snmp_init(struct relayd *, enum privsep_procid);
1339
void	 snmp_setsock(struct relayd *, enum privsep_procid);
1340
int	 snmp_getsock(struct relayd *, struct imsg *);
1341
void	 snmp_hosttrap(struct relayd *, struct table *, struct host *);
1342
1343
/* shuffle.c */
1344
void		shuffle_init(struct shuffle *);
1345
u_int16_t	shuffle_generate16(struct shuffle *);
1346
1347
/* log.c */
1348
void	log_init(int, int);
1349
void	log_procinit(const char *);
1350
void	log_setverbose(int);
1351
int	log_getverbose(void);
1352
void	log_warn(const char *, ...)
1353
	    __attribute__((__format__ (printf, 1, 2)));
1354
void	log_warnx(const char *, ...)
1355
	    __attribute__((__format__ (printf, 1, 2)));
1356
void	log_info(const char *, ...)
1357
	    __attribute__((__format__ (printf, 1, 2)));
1358
void	log_debug(const char *, ...)
1359
	    __attribute__((__format__ (printf, 1, 2)));
1360
void	logit(int, const char *, ...)
1361
	    __attribute__((__format__ (printf, 2, 3)));
1362
void	vlog(int, const char *, va_list)
1363
	    __attribute__((__format__ (printf, 2, 0)));
1364
__dead void fatal(const char *, ...)
1365
	    __attribute__((__format__ (printf, 1, 2)));
1366
__dead void fatalx(const char *, ...)
1367
	    __attribute__((__format__ (printf, 1, 2)));
1368
1369
/* proc.c */
1370
enum privsep_procid
1371
	    proc_getid(struct privsep_proc *, unsigned int, const char *);
1372
int	 proc_flush_imsg(struct privsep *, enum privsep_procid, int);
1373
void	 proc_init(struct privsep *, struct privsep_proc *, unsigned int,
1374
	    int, char **, enum privsep_procid);
1375
void	 proc_kill(struct privsep *);
1376
void	 proc_connect(struct privsep *);
1377
void	 proc_dispatch(int, short event, void *);
1378
void	 proc_run(struct privsep *, struct privsep_proc *,
1379
	    struct privsep_proc *, unsigned int,
1380
	    void (*)(struct privsep *, struct privsep_proc *, void *), void *);
1381
void	 proc_range(struct privsep *, enum privsep_procid, int *, int *);
1382
int	 proc_compose_imsg(struct privsep *, enum privsep_procid, int,
1383
	    u_int16_t, u_int32_t, int, void *, u_int16_t);
1384
int	 proc_compose(struct privsep *, enum privsep_procid,
1385
	    uint16_t, void *, uint16_t);
1386
int	 proc_composev_imsg(struct privsep *, enum privsep_procid, int,
1387
	    u_int16_t, u_int32_t, int, const struct iovec *, int);
1388
int	 proc_composev(struct privsep *, enum privsep_procid,
1389
	    uint16_t, const struct iovec *, int);
1390
int	 proc_forward_imsg(struct privsep *, struct imsg *,
1391
	    enum privsep_procid, int);
1392
struct imsgbuf *
1393
	 proc_ibuf(struct privsep *, enum privsep_procid, int);
1394
struct imsgev *
1395
	 proc_iev(struct privsep *, enum privsep_procid, int);
1396
void	 imsg_event_add(struct imsgev *);
1397
int	 imsg_compose_event(struct imsgev *, uint16_t, uint32_t,
1398
	    pid_t, int, void *, uint16_t);
1399
int	 imsg_composev_event(struct imsgev *, uint16_t, uint32_t,
1400
	    pid_t, int, const struct iovec *, int);
1401
1402
/* config.c */
1403
int	 config_init(struct relayd *);
1404
void	 config_purge(struct relayd *, u_int);
1405
int	 config_setreset(struct relayd *, u_int);
1406
int	 config_getreset(struct relayd *, struct imsg *);
1407
int	 config_getcfg(struct relayd *, struct imsg *);
1408
int	 config_settable(struct relayd *, struct table *);
1409
int	 config_gettable(struct relayd *, struct imsg *);
1410
int	 config_gethost(struct relayd *, struct imsg *);
1411
int	 config_setrdr(struct relayd *, struct rdr *);
1412
int	 config_getrdr(struct relayd *, struct imsg *);
1413
int	 config_getvirt(struct relayd *, struct imsg *);
1414
int	 config_setrt(struct relayd *, struct router *);
1415
int	 config_getrt(struct relayd *, struct imsg *);
1416
int	 config_getroute(struct relayd *, struct imsg *);
1417
int	 config_setproto(struct relayd *, struct protocol *);
1418
int	 config_getproto(struct relayd *, struct imsg *);
1419
int	 config_setrule(struct relayd *, struct protocol *);
1420
int	 config_getrule(struct relayd *, struct imsg *);
1421
int	 config_setrelay(struct relayd *, struct relay *);
1422
int	 config_getrelay(struct relayd *, struct imsg *);
1423
int	 config_getrelaytable(struct relayd *, struct imsg *);
1424
1425
#endif /* RELAYD_H */