sockd.h

sock protocol ,it is useful!

/*
 * Copyright (c) 1997, 1998, 1999
 *      Inferno Nettverk A/S, Norway.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. The above copyright notice, this list of conditions and the following
 *    disclaimer must appear in all copies of the software, derivative works
 *    or modified versions, and any portions thereof, aswell as in all
 *    supporting documentation.
 * 2. All advertising materials mentioning features or use of this software
 *    must display the following acknowledgement:
 *      This product includes software developed by
 *      Inferno Nettverk A/S, Norway.
 * 3. The name of the author may not be used to endorse or promote products
 *    derived from this software without specific prior written permission.
 *
 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 *
 * Inferno Nettverk A/S requests users of this software to return to
 *
 *  Software Distribution Coordinator  or  sdc@inet.no
 *  Inferno Nettverk A/S
 *  Oslo Research Park
 *  Gaustadal閑n 21
 *  N-0349 Oslo
 *  Norway
 *
 * any improvements or extensions that they make and grant Inferno Nettverk A/S
 * the rights to redistribute these changes.
 *
 */

/* $Id: sockd.h,v 1.136 1999/12/22 09:29:20 karls Exp $ */

#ifndef _SOCKD_H_
#define _SOCKD_H_
#endif

/* use caching version in server. */
#define gethostbyname(name)				cgethostbyname(name)
#define gethostbyaddr(addr, len, type)	cgethostbyaddr(addr, len, type)

#ifdef lint
extern const int lintnoloop_sockd_h;
#else
#define lintnoloop_sockd_h 0
#endif


#define INIT(length)									\
	const size_t start	= state->start;		\
	const size_t end		= start + (length);	\
	errno = 0

#define MEMLEFT()		(sizeof(state->mem) - state->reqread)

#define LEFT()	((end) - state->reqread)
/*
 * Returns the number of bytes left to read.
 */

#define READ(s, length)	(readn((s), &state->mem[state->reqread], (length)))
/*
 * "s" is the descriptor to read from.
 * "length" is how much to read.
 * Returns the number of bytes read, -1 on error.
 */



#define OBJECTFILL(object)	memcpy((object), &state->mem[start], end - start)
/*
 * Fills "object" with data.
 */

#define CHECK(object, nextfunction)									\
do {																			\
	int p;																	\
																				\
	if (LEFT()) {															\
																				\
		SASSERT(LEFT() > 0);												\
																				\
		if (LEFT() > MEMLEFT())											\
			SERRX(MEMLEFT());												\
																				\
		errno = 0;															\
		if ((p = READ(s, LEFT())) <= 0)								\
			return p;														\
		state->reqread += p;												\
																				\
		if (LEFT())															\
			return p;														\
																				\
		state->start = end;												\
		OBJECTFILL((object));											\
		state->rcurrent = nextfunction;								\
																				\
		if (state->rcurrent != NULL)									\
			return state->rcurrent(s, request, state);			\
	}																			\
} while (lintnoloop_sockd_h)



#define SOCKD_NEWREQUEST	1	/* sending a new request	*/
#define SOCKD_FREESLOT		2	/* free'd a slot.				*/


/* a requestchild can currently only handle a maximum of one client. */
#define SOCKD_REQUESTMAX	1


/* IO stuff. */
#define IO_SRCBLOCK			-4
#define IO_ERRORUNKNOWN		-3
#define IO_TIMEOUT			-2
#define IO_ERROR				-1
#define IO_CLOSE				0

/* types of children. */
#define CHILD_MOTHER			1
#define CHILD_IO				2
#define CHILD_NEGOTIATE		3
#define CHILD_REQUEST		4

#define FDPASS_MAX			3	/* max number of descriptors we send/receive. */


	/*
	 * config stuff
	*/

#define VERDICT_BLOCKs		"block"
#define VERDICT_PASSs		"pass"


#define LOG_CONNECTs			"connect"
#define LOG_DISCONNECTs		"disconnect"
#define LOG_DATAs				"data"
#define LOG_ERRORs			"error"
#define LOG_IOOPERATIONs	"iooperation"


#define OPERATION_ACCEPT		1
#define OPERATION_CONNECT		(OPERATION_ACCEPT + 1)
#define OPERATION_IO				(OPERATION_CONNECT + 1)
#define OPERATION_DISCONNECT	(OPERATION_IO + 1)
#define OPERATION_ABORT			(OPERATION_DISCONNECT + 1)
#define OPERATION_ERROR			(OPERATION_ABORT + 1)



struct log_t {
	unsigned connect:1;
	unsigned disconnect:1;
	unsigned data:1;
	unsigned error:1;
	unsigned iooperation:1;
	unsigned :0;
};


struct timeout_t {
	time_t			negotiate;	/* how long negotiation can last.					*/
	time_t			io;			/* how long connection lasts without i/o.			*/
};


struct linkedname_t {
	char						*name;
	struct linkedname_t	*next;	/* next name in list.								*/
};

/* linked list over current rules. */
struct rule_t {
	struct ruleaddress_t		dst;				/* dst.										*/
	struct log_t				log;				/* type of logging to do.				*/
	int							number;			/* rulenumber, info/debugging only.	*/
	struct ruleaddress_t		src;				/* src.										*/
	struct serverstate_t		state;
	struct linkedname_t		*user;			/* name of users allowed.				*/
	int							verdict;			/* verdict for this rule.				*/

#if HAVE_LIBWRAP
	char							libwrap[LIBWRAPBUF];	/* libwrapline.					*/
#endif  /* HAVE_LIBWRAP */

	struct rule_t				*next;			/* next rule in list.					*/
};

struct srchost_t {
	unsigned nomismatch:1;	/* deny mismatch between claim and fact?				*/
	unsigned nounknown:1;	/* deny no fact?												*/
	unsigned :0;
};

struct option_t {
	char					*configfile;	/* name of configfile.							*/
	unsigned				daemon:1;		/* run as a daemon?								*/
	int					debug;			/* debug level.									*/
	unsigned				keepalive:1;	/* set SO_KEEPALIVE?								*/
	unsigned				lbuf:1;			/* line buffered output?						*/
	int					sleep;			/* sleep at misc. places. (debugging)		*/
	int					serverc;			/* number of servers.							*/
};


struct userid_t {
	uid_t				privileged;
	unsigned			privileged_isset:1;
	uid_t				unprivileged;
	unsigned			unprivileged_isset:1;
	uid_t				libwrap;
	unsigned			libwrap_isset:1;
};

struct configstate_t {
	unsigned						init:1;
	volatile sig_atomic_t	addchild;				/* okay to do a addchild()?	*/
	uid_t							euid;						/* original euid.					*/
	pid_t							*motherpidv;			/* pid of mothers.				*/
	pid_t							pid;						/* pid of current process.		*/
	int							type;						/* process type we are.			*/
};

struct listenaddress_t {
	struct sockaddr_in	addr;							/* bound address.					*/
	int						s;								/* bound socket.					*/
#if NEED_ACCEPTLOCK
	int						lock;							/* lock on structure.			*/
#endif
};

struct statistic_t {
	time_t						boot;						/* time of serverstart.			*/

	size_t						accepted;				/* connections accepted.		*/

	struct {
		size_t					sendt;					/* clients sent to children.	*/
		size_t					received;				/* clients received back.		*/
	} negotiate;

	struct {
		size_t					sendt;					/* clients sent to children.	*/
		size_t					received;				/* clients received back.		*/
	} request;

	struct {
		size_t					sendt;					/* clients sent to children.	*/
	} io;
};


/* Make sure to keep in sync with clearconfig(). */
struct config_t {
	struct listenaddress_t		*internalv;				/* internal address'.		*/
	int								internalc;

	struct sockaddr_in			*externalv;				/*	external address'.		*/
	int								externalc;

	struct rule_t					*crule;					/* clientrules, list.		*/
	struct rule_t					*srule;					/* socksrules, list.			*/
	struct route_t					*route;					/* not in use yet.			*/

	struct compat_t				compat;					/* compatibility options.  */
	struct extension_t			extension;				/* extensions set.			*/
	struct logtype_t				log;						/* where to log.				*/
	struct option_t				option;					/* commandline options.		*/
	int								resolveprotocol;		/* resolve protocol.			*/
	struct srchost_t				srchost;					/* relevant to srchost.		*/
	struct statistic_t			stat;						/* some statistics.			*/
	struct configstate_t			state;
	struct timeout_t				timeout;					/* timeout values.			*/
	struct userid_t				uid;						/* userids.						*/

	int								methodv[AUTHMETHOD_MAX];/* methods by priority.	*/
	int								methodc;					/* methods in list.			*/

};


struct connectionstate_t {
	struct authmethod_t	auth;
	int						command;
	struct extension_t	extension;			/* extensions set.						*/
	int						protocol;
	struct {
		time_t				accept;				/* time of connection accept.			*/
		time_t				negotiate_start;	/* time negotiation started.			*/
	} time;
	int						version;

};

struct sockd_io_direction_t {
	int								s;				/* socket connection.					*/
	struct sockaddr_in			laddr;		/* local address of s.					*/
	struct sockaddr_in			raddr;		/* address of remote peer for s.		*/
	struct connectionstate_t	state;

	size_t							sndlowat;	/* low-water mark for send.			*/

		/* byte count */
	size_t							read;			/* bytes read.								*/
	size_t							written;		/* bytes written.							*/

	int								flags;		/* misc. flags								*/
};


struct sockd_io_t {
	unsigned								allocated:1;/* object allocated?					*/

	struct connectionstate_t		state;

	struct sockd_io_direction_t	in;			/* client we receive data from.	*/
	struct sockd_io_direction_t	out;			/* remote peer.						*/
	struct sockd_io_direction_t	control;		/* control connection to client.	*/

	struct rule_t						acceptrule;	/* rule matched for accept().		*/
	struct rule_t						rule;			/* matched rule for i/o.			*/

	struct sockshost_t				src;			/* our client.							*/
	struct sockshost_t				dst;			/* it's desired peer.				*/

	time_t								time;			/* time of last i/o operation.	*/
	struct sockd_io_t					*next;		/* for some special cases.			*/
};


struct negotiate_state_t {
	unsigned					complete:1;							/* completed?				*/
	unsigned char			mem[ 1								/* VER						*/
									+ 1								/* NMETHODS					*/
									+ AUTHMETHOD_MAX				/* METHODS					*/
									+ sizeof(struct request_t)
									];
	int						reqread;								/* read so far.			*/
	size_t					start;								/* start of current req */
	char						emsg[256];							/* errormessage, if any.*/
	int						(*rcurrent)(int s,
											   struct request_t *request,
												struct negotiate_state_t *state);
};

struct sockd_negotiate_t {
	unsigned							allocated:1;
	unsigned							ignore:1;		/* ignore for now?					*/
	struct request_t				req;
	struct negotiate_state_t	negstate;
	struct rule_t					rule;				/* rule matched for accept().		*/
	int								s;					/* client connection.				*/
	struct sockshost_t			src;				/* client address.					*/
	struct sockshost_t			dst;				/* our address.						*/
	struct connectionstate_t	state;			/* state of connection.				*/
};


struct sockd_request_t {
	struct sockaddr_in			from;			/* client's control address.			*/
	struct request_t				req;			/* request to perform.					*/
	struct rule_t					rule;			/* rule matched for accept().			*/
	int								s;				/* clients control connection.		*/
	struct connectionstate_t	state;		/* state of connection.					*/
	struct sockaddr_in			to;			/* address client was accepted on.	*/
};

struct sockd_mother_t {
	int						s;					/* connection to child for ancillary.	*/
#if HAVE_SENDMSG_DEADLOCK
	int						lock;				/* lock on request connection.			*/
#endif /* HAVE_SENDMSG_DEADLOCK */
	int						ack;				/* connection for ack's.					*/
};

struct sockd_child_t {
	int						type;				/* child type.									*/
	pid_t						pid;				/* childs pid.									*/
	int						freec;			/* free slots on last count.				*/
	int						s;					/* connection to mother for ancillary.	*/
#if HAVE_SENDMSG_DEADLOCK
	int						lock;				/* lock on request connection.			*/
#endif /* HAVE_SENDMSG_DEADLOCK */
	int						ack;				/* connection for ack's.					*/
};




/* functions */
__BEGIN_DECLS


int
sockd_bind __P((int s, const struct sockaddr *addr, size_t retries));
/*
 * Binds the address "addr" to the socket "s".  The bind call will
 * be tried "retries" + 1 times if the error is EADDRINUSE, or until
 * successful, whatever comes first.
 * Returns:
 *		On success: 0.
 *		On failure:	-1
 */


int
socks_permit __P((int client, struct socks_t *dst, int permit));
/*
 * "client" is the connection to the client from which the request in
 * "dst" was made.  "permit" is the result of a rulecheck.
 * The function sends a correct reply to the connection on "client" if
 * "permit" indicates the connection is not to be allowed.
 * Returns:
 *		If connection allowed: true.
 *		If connection disallowed: false.
 */


int
sockdio __P((struct sockd_io_t *io));
/*
 * Tries to send the io object "io" to a child.
 * If no child is able to accept the io a new one is created and
 * the attempt is retried.
 *
 * Returns
 *    On success: 0
 *    On failure: -1, io was not accepted by any child.
 */

int
pidismother __P((pid_t pid));
/*
 * If "pid" refers to a mother, the number of "pid" in
 * state.motherpidv is returned.  Numbers are counted from 1.
 * IF "pid" is no mother, 0 is returned.
 */


int
childcheck __P((int type));
/*