| pfctl_parser.h (145840) | pfctl_parser.h (171172) |
|---|---|
| 1/* $OpenBSD: pfctl_parser.h,v 1.80 2005/02/07 18:18:14 david Exp $ */ | 1/* $OpenBSD: pfctl_parser.h,v 1.86 2006/10/31 23:46:25 mcbride Exp $ */ |
| 2 3/* 4 * Copyright (c) 2001 Daniel Hartmeier 5 * All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: --- 13 unchanged lines hidden (view full) --- 23 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, 24 * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 25 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER 26 * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 27 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN 28 * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 29 * POSSIBILITY OF SUCH DAMAGE. 30 * | 2 3/* 4 * Copyright (c) 2001 Daniel Hartmeier 5 * All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: --- 13 unchanged lines hidden (view full) --- 23 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, 24 * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 25 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER 26 * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 27 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN 28 * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 29 * POSSIBILITY OF SUCH DAMAGE. 30 * |
| 31 * $FreeBSD: head/contrib/pf/pfctl/pfctl_parser.h 145840 2005-05-03 16:55:20Z mlaier $ | 31 * $FreeBSD: head/contrib/pf/pfctl/pfctl_parser.h 171172 2007-07-03 12:30:03Z mlaier $ |
| 32 */ 33 34#ifndef _PFCTL_PARSER_H_ 35#define _PFCTL_PARSER_H_ 36 37#define PF_OSFP_FILE "/etc/pf.os" 38 39#define PF_OPT_DISABLE 0x0001 40#define PF_OPT_ENABLE 0x0002 41#define PF_OPT_VERBOSE 0x0004 42#define PF_OPT_NOACTION 0x0008 43#define PF_OPT_QUIET 0x0010 44#define PF_OPT_CLRRULECTRS 0x0020 45#define PF_OPT_USEDNS 0x0040 46#define PF_OPT_VERBOSE2 0x0080 47#define PF_OPT_DUMMYACTION 0x0100 48#define PF_OPT_DEBUG 0x0200 49#define PF_OPT_SHOWALL 0x0400 50#define PF_OPT_OPTIMIZE 0x0800 | 32 */ 33 34#ifndef _PFCTL_PARSER_H_ 35#define _PFCTL_PARSER_H_ 36 37#define PF_OSFP_FILE "/etc/pf.os" 38 39#define PF_OPT_DISABLE 0x0001 40#define PF_OPT_ENABLE 0x0002 41#define PF_OPT_VERBOSE 0x0004 42#define PF_OPT_NOACTION 0x0008 43#define PF_OPT_QUIET 0x0010 44#define PF_OPT_CLRRULECTRS 0x0020 45#define PF_OPT_USEDNS 0x0040 46#define PF_OPT_VERBOSE2 0x0080 47#define PF_OPT_DUMMYACTION 0x0100 48#define PF_OPT_DEBUG 0x0200 49#define PF_OPT_SHOWALL 0x0400 50#define PF_OPT_OPTIMIZE 0x0800 |
| 51#define PF_OPT_OPTIMIZE_PROFILE 0x1000 | |
| 52#define PF_OPT_MERGE 0x2000 | 51#define PF_OPT_MERGE 0x2000 |
| 52#define PF_OPT_RECURSE 0x4000 |
|
| 53 54#define PF_TH_ALL 0xFF 55 56#define PF_NAT_PROXY_PORT_LOW 50001 57#define PF_NAT_PROXY_PORT_HIGH 65535 58 | 53 54#define PF_TH_ALL 0xFF 55 56#define PF_NAT_PROXY_PORT_LOW 50001 57#define PF_NAT_PROXY_PORT_HIGH 65535 58 |
| 59#define PF_OPTIMIZE_BASIC 0x0001 60#define PF_OPTIMIZE_PROFILE 0x0002 61 |
|
| 59#define FCNT_NAMES { \ 60 "searches", \ 61 "inserts", \ 62 "removals", \ 63 NULL \ 64} 65 66struct pfr_buffer; /* forward definition */ | 62#define FCNT_NAMES { \ 63 "searches", \ 64 "inserts", \ 65 "removals", \ 66 NULL \ 67} 68 69struct pfr_buffer; /* forward definition */ |
| 67struct pf_opt_rule; 68TAILQ_HEAD(pf_opt_queue, pf_opt_rule); | |
| 69 70 71struct pfctl { 72 int dev; 73 int opts; | 70 71 72struct pfctl { 73 int dev; 74 int opts; |
| 75 int optimize; |
|
| 74 int loadopt; | 76 int loadopt; |
| 75 u_int32_t tticket; /* table ticket */ | 77 int asd; /* anchor stack depth */ 78 int bn; /* brace number */ 79 int brace; |
| 76 int tdirty; /* kernel dirty */ | 80 int tdirty; /* kernel dirty */ |
| 77 u_int32_t rule_nr; | 81#define PFCTL_ANCHOR_STACK_DEPTH 64 82 struct pf_anchor *astack[PFCTL_ANCHOR_STACK_DEPTH]; |
| 78 struct pfioc_pooladdr paddr; 79 struct pfioc_altq *paltq; 80 struct pfioc_queue *pqueue; 81 struct pfr_buffer *trans; | 83 struct pfioc_pooladdr paddr; 84 struct pfioc_altq *paltq; 85 struct pfioc_queue *pqueue; 86 struct pfr_buffer *trans; |
| 82 const char *anchor; | 87 struct pf_anchor *anchor, *alast; |
| 83 const char *ruleset; | 88 const char *ruleset; |
| 84 struct pf_opt_queue opt_queue; | |
| 85 86 /* 'set foo' options */ 87 u_int32_t timeout[PFTM_MAX]; 88 u_int32_t limit[PF_LIMIT_MAX]; 89 u_int32_t debug; 90 u_int32_t hostid; 91 char *ifname; 92 --- 20 unchanged lines hidden (view full) --- 113 sa_family_t af; 114 u_int8_t not; 115 u_int32_t ifindex; /* link-local IPv6 addrs */ 116 char *ifname; 117 u_int ifa_flags; 118 struct node_host *next; 119 struct node_host *tail; 120}; | 89 90 /* 'set foo' options */ 91 u_int32_t timeout[PFTM_MAX]; 92 u_int32_t limit[PF_LIMIT_MAX]; 93 u_int32_t debug; 94 u_int32_t hostid; 95 char *ifname; 96 --- 20 unchanged lines hidden (view full) --- 117 sa_family_t af; 118 u_int8_t not; 119 u_int32_t ifindex; /* link-local IPv6 addrs */ 120 char *ifname; 121 u_int ifa_flags; 122 struct node_host *next; 123 struct node_host *tail; 124}; |
| 121/* special flags used by ifa_exists */ 122#define PF_IFA_FLAG_GROUP 0x10000 123#define PF_IFA_FLAG_DYNAMIC 0x20000 124#define PF_IFA_FLAG_CLONABLE 0x40000 | |
| 125 126struct node_os { 127 char *os; 128 pf_osfp_t fingerprint; 129 struct node_os *next; 130 struct node_os *tail; 131}; 132 --- 67 unchanged lines hidden (view full) --- 200}; 201#define PF_OPT_TABLE_PREFIX "__automatic_" 202 203/* optimizer pf_rule container */ 204struct pf_opt_rule { 205 struct pf_rule por_rule; 206 struct pf_opt_tbl *por_src_tbl; 207 struct pf_opt_tbl *por_dst_tbl; | 125 126struct node_os { 127 char *os; 128 pf_osfp_t fingerprint; 129 struct node_os *next; 130 struct node_os *tail; 131}; 132 --- 67 unchanged lines hidden (view full) --- 200}; 201#define PF_OPT_TABLE_PREFIX "__automatic_" 202 203/* optimizer pf_rule container */ 204struct pf_opt_rule { 205 struct pf_rule por_rule; 206 struct pf_opt_tbl *por_src_tbl; 207 struct pf_opt_tbl *por_dst_tbl; |
| 208 char por_anchor[MAXPATHLEN]; | |
| 209 u_int64_t por_profile_count; 210 TAILQ_ENTRY(pf_opt_rule) por_entry; 211 TAILQ_ENTRY(pf_opt_rule) por_skip_entry[PF_SKIP_COUNT]; 212}; 213 | 208 u_int64_t por_profile_count; 209 TAILQ_ENTRY(pf_opt_rule) por_entry; 210 TAILQ_ENTRY(pf_opt_rule) por_skip_entry[PF_SKIP_COUNT]; 211}; 212 |
| 213TAILQ_HEAD(pf_opt_queue, pf_opt_rule); |
|
| 214 | 214 |
| 215int pfctl_rules(int, char *, int, char *, struct pfr_buffer *); 216int pfctl_optimize_rules(struct pfctl *); | 215int pfctl_rules(int, char *, FILE *, int, int, char *, struct pfr_buffer *); 216int pfctl_optimize_ruleset(struct pfctl *, struct pf_ruleset *); |
| 217 218int pfctl_add_rule(struct pfctl *, struct pf_rule *, const char *); 219int pfctl_add_altq(struct pfctl *, struct pf_altq *); 220int pfctl_add_pool(struct pfctl *, struct pf_pool *, sa_family_t); | 217 218int pfctl_add_rule(struct pfctl *, struct pf_rule *, const char *); 219int pfctl_add_altq(struct pfctl *, struct pf_altq *); 220int pfctl_add_pool(struct pfctl *, struct pf_pool *, sa_family_t); |
| 221void pfctl_move_pool(struct pf_pool *, struct pf_pool *); |
|
| 221void pfctl_clear_pool(struct pf_pool *); 222 223int pfctl_set_timeout(struct pfctl *, const char *, int, int); 224int pfctl_set_optimization(struct pfctl *, const char *); 225int pfctl_set_limit(struct pfctl *, const char *, unsigned int); 226int pfctl_set_logif(struct pfctl *, char *); 227int pfctl_set_hostid(struct pfctl *, u_int32_t); 228int pfctl_set_debug(struct pfctl *, char *); 229int pfctl_set_interface_flags(struct pfctl *, char *, int, int); 230 231int parse_rules(FILE *, struct pfctl *); 232int parse_flags(char *); | 222void pfctl_clear_pool(struct pf_pool *); 223 224int pfctl_set_timeout(struct pfctl *, const char *, int, int); 225int pfctl_set_optimization(struct pfctl *, const char *); 226int pfctl_set_limit(struct pfctl *, const char *, unsigned int); 227int pfctl_set_logif(struct pfctl *, char *); 228int pfctl_set_hostid(struct pfctl *, u_int32_t); 229int pfctl_set_debug(struct pfctl *, char *); 230int pfctl_set_interface_flags(struct pfctl *, char *, int, int); 231 232int parse_rules(FILE *, struct pfctl *); 233int parse_flags(char *); |
| 233int pfctl_load_anchors(int, int, struct pfr_buffer *); | 234int pfctl_load_anchors(int, struct pfctl *, struct pfr_buffer *); |
| 234 235void print_pool(struct pf_pool *, u_int16_t, u_int16_t, sa_family_t, int); 236void print_src_node(struct pf_src_node *, int); 237void print_rule(struct pf_rule *, const char *, int); 238void print_tabledef(const char *, int, int, struct node_tinithead *); 239void print_status(struct pf_status *, int); 240 241int eval_pfaltq(struct pfctl *, struct pf_altq *, struct node_queue_bw *, --- 45 unchanged lines hidden (view full) --- 287#define PFCTL_FLAG_TABLE 0x20 288 289extern const struct pf_timeout pf_timeouts[]; 290 291void set_ipmask(struct node_host *, u_int8_t); 292int check_netmask(struct node_host *, sa_family_t); 293int unmask(struct pf_addr *, sa_family_t); 294void ifa_load(void); | 235 236void print_pool(struct pf_pool *, u_int16_t, u_int16_t, sa_family_t, int); 237void print_src_node(struct pf_src_node *, int); 238void print_rule(struct pf_rule *, const char *, int); 239void print_tabledef(const char *, int, int, struct node_tinithead *); 240void print_status(struct pf_status *, int); 241 242int eval_pfaltq(struct pfctl *, struct pf_altq *, struct node_queue_bw *, --- 45 unchanged lines hidden (view full) --- 288#define PFCTL_FLAG_TABLE 0x20 289 290extern const struct pf_timeout pf_timeouts[]; 291 292void set_ipmask(struct node_host *, u_int8_t); 293int check_netmask(struct node_host *, sa_family_t); 294int unmask(struct pf_addr *, sa_family_t); 295void ifa_load(void); |
| 295struct node_host *ifa_exists(const char *, int); | 296struct node_host *ifa_exists(const char *); |
| 296struct node_host *ifa_lookup(const char *, int); 297struct node_host *host(const char *); 298 299int append_addr(struct pfr_buffer *, char *, int); 300int append_addr_host(struct pfr_buffer *, 301 struct node_host *, int, int); 302 303#endif /* _PFCTL_PARSER_H_ */ | 297struct node_host *ifa_lookup(const char *, int); 298struct node_host *host(const char *); 299 300int append_addr(struct pfr_buffer *, char *, int); 301int append_addr_host(struct pfr_buffer *, 302 struct node_host *, int, int); 303 304#endif /* _PFCTL_PARSER_H_ */ |