1145519Sdarrenr/* $FreeBSD: releng/10.3/contrib/ipfilter/ipf.h 255332 2013-09-06 23:11:19Z cy $ */ 2145510Sdarrenr 322514Sdarrenr/* 4255332Scy * Copyright (C) 2012 by Darren Reed. 522514Sdarrenr * 680486Sdarrenr * See the IPFILTER.LICENCE file for details on licencing. 722514Sdarrenr * 822514Sdarrenr * @(#)ipf.h 1.12 6/5/96 9255332Scy * $Id$ 1022514Sdarrenr */ 1122514Sdarrenr 1226119Sdarrenr#ifndef __IPF_H__ 1326119Sdarrenr#define __IPF_H__ 1426119Sdarrenr 15145510Sdarrenr#if defined(__osf__) 16145510Sdarrenr# define radix_mask ipf_radix_mask 17145510Sdarrenr# define radix_node ipf_radix_node 18145510Sdarrenr# define radix_node_head ipf_radix_node_head 1922514Sdarrenr#endif 2022514Sdarrenr 21145510Sdarrenr#include <sys/param.h> 22145510Sdarrenr#include <sys/types.h> 23145510Sdarrenr#include <sys/file.h> 24145510Sdarrenr/* 25145510Sdarrenr * This is a workaround for <sys/uio.h> troubles on FreeBSD, HPUX, OpenBSD. 26145510Sdarrenr * Needed here because on some systems <sys/uio.h> gets included by things 27145510Sdarrenr * like <sys/socket.h> 28145510Sdarrenr */ 29145510Sdarrenr#ifndef _KERNEL 30145510Sdarrenr# define ADD_KERNEL 31145510Sdarrenr# define _KERNEL 32145510Sdarrenr# define KERNEL 33145510Sdarrenr#endif 34145510Sdarrenr#ifdef __OpenBSD__ 35145510Sdarrenrstruct file; 36145510Sdarrenr#endif 37145510Sdarrenr#include <sys/uio.h> 38145510Sdarrenr#ifdef ADD_KERNEL 39145510Sdarrenr# undef _KERNEL 40145510Sdarrenr# undef KERNEL 41145510Sdarrenr#endif 42145510Sdarrenr#include <sys/time.h> 43145510Sdarrenr#include <sys/socket.h> 44145510Sdarrenr#include <net/if.h> 45145510Sdarrenr#if __FreeBSD_version >= 300000 46145510Sdarrenr# include <net/if_var.h> 47145510Sdarrenr#endif 48145510Sdarrenr#include <netinet/in.h> 49145510Sdarrenr#include <netinet/in_systm.h> 50145510Sdarrenr#include <netinet/ip.h> 51145510Sdarrenr#include <netinet/ip_icmp.h> 52145510Sdarrenr#ifndef TCP_PAWS_IDLE /* IRIX */ 53145510Sdarrenr# include <netinet/tcp.h> 54145510Sdarrenr#endif 55145510Sdarrenr#include <netinet/udp.h> 5660841Sdarrenr 57145510Sdarrenr#include <arpa/inet.h> 5860841Sdarrenr 59145510Sdarrenr#include <errno.h> 60145510Sdarrenr#include <limits.h> 61145510Sdarrenr#include <netdb.h> 62145510Sdarrenr#include <stdlib.h> 63145510Sdarrenr#include <stddef.h> 64145510Sdarrenr#include <stdio.h> 65145510Sdarrenr#if !defined(__SVR4) && !defined(__svr4__) && defined(sun) 66145510Sdarrenr# include <strings.h> 67145510Sdarrenr#endif 68145510Sdarrenr#include <string.h> 69145510Sdarrenr#include <unistd.h> 70145510Sdarrenr 71145510Sdarrenr#include "netinet/ip_compat.h" 72145510Sdarrenr#include "netinet/ip_fil.h" 73145510Sdarrenr#include "netinet/ip_nat.h" 74145510Sdarrenr#include "netinet/ip_frag.h" 75145510Sdarrenr#include "netinet/ip_state.h" 76145510Sdarrenr#include "netinet/ip_proxy.h" 77145510Sdarrenr#include "netinet/ip_auth.h" 78145510Sdarrenr#include "netinet/ip_lookup.h" 79145510Sdarrenr#include "netinet/ip_pool.h" 80145510Sdarrenr#include "netinet/ip_scan.h" 81145510Sdarrenr#include "netinet/ip_htable.h" 82145510Sdarrenr#include "netinet/ip_sync.h" 83255332Scy#include "netinet/ip_dstlist.h" 84145510Sdarrenr 85145510Sdarrenr#include "opts.h" 86145510Sdarrenr 8724583Sdarrenr#ifndef __P 88145510Sdarrenr# ifdef __STDC__ 8924583Sdarrenr# define __P(x) x 9024583Sdarrenr# else 9124583Sdarrenr# define __P(x) () 9224583Sdarrenr# endif 9324583Sdarrenr#endif 94145510Sdarrenr#ifndef __STDC__ 95145510Sdarrenr# undef const 96145510Sdarrenr# define const 97145510Sdarrenr#endif 9822514Sdarrenr 99145510Sdarrenr#ifndef U_32_T 100145510Sdarrenr# define U_32_T 1 101145510Sdarrenr# if defined(__NetBSD__) || defined(__OpenBSD__) || defined(__FreeBSD__) || \ 102145510Sdarrenr defined(__sgi) 103145510Sdarrenrtypedef u_int32_t u_32_t; 104145510Sdarrenr# else 105145510Sdarrenr# if defined(__alpha__) || defined(__alpha) || defined(_LP64) 106145510Sdarrenrtypedef unsigned int u_32_t; 107145510Sdarrenr# else 108145510Sdarrenr# if SOLARIS2 >= 6 109145510Sdarrenrtypedef uint32_t u_32_t; 110145510Sdarrenr# else 111145510Sdarrenrtypedef unsigned int u_32_t; 112145510Sdarrenr# endif 113145510Sdarrenr# endif 114145510Sdarrenr# endif /* __NetBSD__ || __OpenBSD__ || __FreeBSD__ || __sgi */ 115145510Sdarrenr#endif /* U_32_T */ 11660841Sdarrenr 117145510Sdarrenr#ifndef MAXHOSTNAMELEN 118145510Sdarrenr# define MAXHOSTNAMELEN 256 11931183Speter#endif 12031183Speter 121145510Sdarrenr#define MAX_ICMPCODE 16 122145510Sdarrenr#define MAX_ICMPTYPE 19 12322514Sdarrenr 124255332Scy#define PRINTF (void)printf 125255332Scy#define FPRINTF (void)fprintf 12624583Sdarrenr 127255332Scy 12822514Sdarrenrstruct ipopt_names { 12922514Sdarrenr int on_value; 13022514Sdarrenr int on_bit; 13122514Sdarrenr int on_siz; 13222514Sdarrenr char *on_name; 13322514Sdarrenr}; 13422514Sdarrenr 13522514Sdarrenr 136145510Sdarrenrtypedef struct alist_s { 137145510Sdarrenr struct alist_s *al_next; 138145510Sdarrenr int al_not; 139255332Scy int al_family; 140145510Sdarrenr i6addr_t al_i6addr; 141145510Sdarrenr i6addr_t al_i6mask; 142145510Sdarrenr} alist_t; 143145510Sdarrenr 144145510Sdarrenr#define al_addr al_i6addr.in4_addr 145145510Sdarrenr#define al_mask al_i6mask.in4_addr 146145510Sdarrenr#define al_1 al_addr 147145510Sdarrenr#define al_2 al_mask 148145510Sdarrenr 149145510Sdarrenr 150255332Scytypedef struct plist_s { 151255332Scy struct plist_s *pl_next; 152255332Scy int pl_compare; 153255332Scy u_short pl_port1; 154255332Scy u_short pl_port2; 155255332Scy} plist_t; 156255332Scy 157255332Scy 158145510Sdarrenrtypedef struct { 159145510Sdarrenr u_short fb_c; 160145510Sdarrenr u_char fb_t; 161145510Sdarrenr u_char fb_f; 162145510Sdarrenr u_32_t fb_k; 163145510Sdarrenr} fakebpf_t; 164145510Sdarrenr 165145510Sdarrenr 166255332Scytypedef struct { 167255332Scy char *it_name; 168255332Scy int it_v4; 169255332Scy int it_v6; 170255332Scy} icmptype_t; 171255332Scy 172255332Scy 173255332Scytypedef struct wordtab { 174255332Scy char *w_word; 175255332Scy int w_value; 176255332Scy} wordtab_t; 177255332Scy 178255332Scy 179255332Scytypedef struct namelist { 180255332Scy struct namelist *na_next; 181255332Scy char *na_name; 182255332Scy int na_value; 183255332Scy} namelist_t; 184255332Scy 185255332Scy 186255332Scytypedef struct proxyrule { 187255332Scy struct proxyrule *pr_next; 188255332Scy char *pr_proxy; 189255332Scy char *pr_conf; 190255332Scy namelist_t *pr_names; 191255332Scy int pr_proto; 192255332Scy} proxyrule_t; 193255332Scy 194255332Scy 195145510Sdarrenr#if defined(__NetBSD__) || defined(__OpenBSD__) || \ 196145510Sdarrenr (_BSDI_VERSION >= 199701) || (__FreeBSD_version >= 300000) || \ 197145510Sdarrenr SOLARIS || defined(__sgi) || defined(__osf__) || defined(linux) 198145510Sdarrenr# include <stdarg.h> 199145510Sdarrenrtypedef int (* ioctlfunc_t) __P((int, ioctlcmd_t, ...)); 200145510Sdarrenr#else 201145510Sdarrenrtypedef int (* ioctlfunc_t) __P((dev_t, ioctlcmd_t, void *)); 202145510Sdarrenr#endif 203255332Scytypedef int (* addfunc_t) __P((int, ioctlfunc_t, void *)); 204145510Sdarrenrtypedef int (* copyfunc_t) __P((void *, void *, size_t)); 205145510Sdarrenr 206145510Sdarrenr 207145510Sdarrenr/* 208145510Sdarrenr * SunOS4 209145510Sdarrenr */ 210145510Sdarrenr#if defined(sun) && !defined(__SVR4) && !defined(__svr4__) 211145510Sdarrenrextern int ioctl __P((int, int, void *)); 212145510Sdarrenr#endif 213145510Sdarrenr 214145510Sdarrenrextern char thishost[]; 21560841Sdarrenrextern char flagset[]; 21660841Sdarrenrextern u_char flags[]; 217145510Sdarrenrextern struct ipopt_names ionames[]; 218145510Sdarrenrextern struct ipopt_names secclass[]; 219145510Sdarrenrextern char *icmpcodes[MAX_ICMPCODE + 1]; 220145510Sdarrenrextern char *icmptypes[MAX_ICMPTYPE + 1]; 221145510Sdarrenrextern int use_inet6; 222145510Sdarrenrextern int lineNum; 223255332Scyextern int debuglevel; 224145510Sdarrenrextern struct ipopt_names v6ionames[]; 225255332Scyextern icmptype_t icmptypelist[]; 226255332Scyextern wordtab_t statefields[]; 227255332Scyextern wordtab_t natfields[]; 228255332Scyextern wordtab_t poolfields[]; 22960841Sdarrenr 23092686Sdarrenr 231145510Sdarrenrextern int addicmp __P((char ***, struct frentry *, int)); 232145510Sdarrenrextern int addipopt __P((char *, struct ipopt_names *, int, char *)); 233255332Scyextern int addkeep __P((char ***, struct frentry *, int)); 234255332Scyextern alist_t *alist_new __P((int, char *)); 235170268Sdarrenrextern void alist_free __P((alist_t *)); 236255332Scyextern void assigndefined __P((char *)); 237145510Sdarrenrextern void binprint __P((void *, size_t)); 238145510Sdarrenrextern u_32_t buildopts __P((char *, char *, int)); 239145510Sdarrenrextern int checkrev __P((char *)); 240255332Scyextern int connecttcp __P((char *, int)); 241145510Sdarrenrextern int count6bits __P((u_32_t *)); 242145510Sdarrenrextern int count4bits __P((u_32_t)); 243145510Sdarrenrextern char *fac_toname __P((int)); 244145510Sdarrenrextern int fac_findname __P((char *)); 245255332Scyextern const char *familyname __P((const int)); 246145510Sdarrenrextern void fill6bits __P((int, u_int *)); 247255332Scyextern wordtab_t *findword __P((wordtab_t *, char *)); 248255332Scyextern int ftov __P((int)); 249255332Scyextern char *ipf_geterror __P((int, ioctlfunc_t *)); 250255332Scyextern int genmask __P((int, char *, i6addr_t *)); 251255332Scyextern int gethost __P((int, char *, i6addr_t *)); 252255332Scyextern int geticmptype __P((int, char *)); 253255332Scyextern int getport __P((struct frentry *, char *, u_short *, char *)); 254145510Sdarrenrextern int getportproto __P((char *, int)); 255145510Sdarrenrextern int getproto __P((char *)); 256255332Scyextern char *getnattype __P((struct nat *)); 257145510Sdarrenrextern char *getsumd __P((u_32_t)); 258145510Sdarrenrextern u_32_t getoptbyname __P((char *)); 259145510Sdarrenrextern u_32_t getoptbyvalue __P((int)); 260145510Sdarrenrextern u_32_t getv6optbyname __P((char *)); 261145510Sdarrenrextern u_32_t getv6optbyvalue __P((int)); 262255332Scyextern char *icmptypename __P((int, int)); 263145510Sdarrenrextern void initparse __P((void)); 264255332Scyextern void ipf_dotuning __P((int, char *, ioctlfunc_t)); 265255332Scyextern int ipf_addrule __P((int, ioctlfunc_t, void *)); 266255332Scyextern void ipf_mutex_clean __P((void)); 267145510Sdarrenrextern int ipf_parsefile __P((int, addfunc_t, ioctlfunc_t *, char *)); 268145510Sdarrenrextern int ipf_parsesome __P((int, addfunc_t, ioctlfunc_t *, FILE *)); 269255332Scyextern void ipf_perror __P((int, char *)); 270255332Scyextern int ipf_perror_fd __P(( int, ioctlfunc_t, char *)); 271255332Scyextern void ipf_rwlock_clean __P((void)); 272255332Scyextern char *ipf_strerror __P((int)); 273255332Scyextern void ipferror __P((int, char *)); 274145510Sdarrenrextern int ipmon_parsefile __P((char *)); 275145510Sdarrenrextern int ipmon_parsesome __P((FILE *)); 276255332Scyextern int ipnat_addrule __P((int, ioctlfunc_t, void *)); 277145510Sdarrenrextern int ipnat_parsefile __P((int, addfunc_t, ioctlfunc_t, char *)); 278145510Sdarrenrextern int ipnat_parsesome __P((int, addfunc_t, ioctlfunc_t, FILE *)); 279145510Sdarrenrextern int ippool_parsefile __P((int, char *, ioctlfunc_t)); 280145510Sdarrenrextern int ippool_parsesome __P((int, FILE *, ioctlfunc_t)); 281145510Sdarrenrextern int kmemcpywrap __P((void *, void *, size_t)); 282145510Sdarrenrextern char *kvatoname __P((ipfunc_t, ioctlfunc_t)); 283255332Scyextern int load_dstlist __P((struct ippool_dst *, ioctlfunc_t, 284255332Scy ipf_dstnode_t *)); 285255332Scyextern int load_dstlistnode __P((int, char *, struct ipf_dstnode *, 286255332Scy ioctlfunc_t)); 287170268Sdarrenrextern alist_t *load_file __P((char *)); 288145510Sdarrenrextern int load_hash __P((struct iphtable_s *, struct iphtent_s *, 289145510Sdarrenr ioctlfunc_t)); 290255332Scyextern int load_hashnode __P((int, char *, struct iphtent_s *, int, 291255332Scy ioctlfunc_t)); 292170268Sdarrenrextern alist_t *load_http __P((char *)); 293145510Sdarrenrextern int load_pool __P((struct ip_pool_s *list, ioctlfunc_t)); 294255332Scyextern int load_poolnode __P((int, char *, ip_pool_node_t *, int, ioctlfunc_t)); 295170268Sdarrenrextern alist_t *load_url __P((char *)); 296145510Sdarrenrextern alist_t *make_range __P((int, struct in_addr, struct in_addr)); 297255332Scyextern void mb_hexdump __P((mb_t *, FILE *)); 298145510Sdarrenrextern ipfunc_t nametokva __P((char *, ioctlfunc_t)); 299145510Sdarrenrextern void nat_setgroupmap __P((struct ipnat *)); 300145510Sdarrenrextern int ntomask __P((int, int, u_32_t *)); 301145510Sdarrenrextern u_32_t optname __P((char ***, u_short *, int)); 302255332Scyextern wordtab_t *parsefields __P((wordtab_t *, char *)); 303255332Scyextern int *parseipfexpr __P((char *, char **)); 304255332Scyextern int parsewhoisline __P((char *, addrfamily_t *, addrfamily_t *)); 305255332Scyextern void pool_close __P((void)); 306255332Scyextern int pool_fd __P((void)); 307255332Scyextern int pool_ioctl __P((ioctlfunc_t, ioctlcmd_t, void *)); 308255332Scyextern int pool_open __P((void)); 309145510Sdarrenrextern char *portname __P((int, int)); 310145510Sdarrenrextern int pri_findname __P((char *)); 311145510Sdarrenrextern char *pri_toname __P((int)); 312255332Scyextern void print_toif __P((int, char *, char *, struct frdest *)); 313255332Scyextern void printaps __P((ap_session_t *, int, int)); 314255332Scyextern void printaddr __P((int, int, char *, int, u_32_t *, u_32_t *)); 315145510Sdarrenrextern void printbuf __P((char *, int, int)); 316255332Scyextern void printfieldhdr __P((wordtab_t *, wordtab_t *)); 317145510Sdarrenrextern void printfr __P((struct frentry *, ioctlfunc_t)); 318145510Sdarrenrextern struct iphtable_s *printhash __P((struct iphtable_s *, copyfunc_t, 319255332Scy char *, int, wordtab_t *)); 320255332Scyextern struct iphtable_s *printhash_live __P((iphtable_t *, int, char *, 321255332Scy int, wordtab_t *)); 322255332Scyextern ippool_dst_t *printdstl_live __P((ippool_dst_t *, int, char *, 323255332Scy int, wordtab_t *)); 324170268Sdarrenrextern void printhashdata __P((iphtable_t *, int)); 325145510Sdarrenrextern struct iphtent_s *printhashnode __P((struct iphtable_s *, 326145510Sdarrenr struct iphtent_s *, 327255332Scy copyfunc_t, int, wordtab_t *)); 328255332Scyextern void printhost __P((int, u_32_t *)); 329145510Sdarrenrextern void printhostmask __P((int, u_32_t *, u_32_t *)); 330255332Scyextern void printip __P((int, u_32_t *)); 331145510Sdarrenrextern void printlog __P((struct frentry *)); 332255332Scyextern void printlookup __P((char *, i6addr_t *addr, i6addr_t *mask)); 333255332Scyextern void printmask __P((int, u_32_t *)); 334255332Scyextern void printnataddr __P((int, char *, nat_addr_t *, int)); 335255332Scyextern void printnatfield __P((nat_t *, int)); 336255332Scyextern void printnatside __P((char *, nat_stat_side_t *)); 337255332Scyextern void printpacket __P((int, mb_t *)); 338255332Scyextern void printpacket6 __P((int, mb_t *)); 339255332Scyextern struct ippool_dst *printdstlist __P((struct ippool_dst *, copyfunc_t, 340255332Scy char *, int, ipf_dstnode_t *, 341255332Scy wordtab_t *)); 342255332Scyextern void printdstlistdata __P((ippool_dst_t *, int)); 343255332Scyextern ipf_dstnode_t *printdstlistnode __P((ipf_dstnode_t *, copyfunc_t, 344255332Scy int, wordtab_t *)); 345255332Scyextern void printdstlistpolicy __P((ippool_policy_t)); 346145510Sdarrenrextern struct ip_pool_s *printpool __P((struct ip_pool_s *, copyfunc_t, 347255332Scy char *, int, wordtab_t *)); 348170268Sdarrenrextern struct ip_pool_s *printpool_live __P((struct ip_pool_s *, int, 349255332Scy char *, int, wordtab_t *)); 350170268Sdarrenrextern void printpooldata __P((ip_pool_t *, int)); 351255332Scyextern void printpoolfield __P((void *, int, int)); 352255332Scyextern struct ip_pool_node *printpoolnode __P((struct ip_pool_node *, 353255332Scy int, wordtab_t *)); 354153881Sguidoextern void printproto __P((struct protoent *, int, struct ipnat *)); 355145510Sdarrenrextern void printportcmp __P((int, struct frpcmp *)); 356255332Scyextern void printstatefield __P((ipstate_t *, int)); 357255332Scyextern void printtqtable __P((ipftq_t *)); 358255332Scyextern void printtunable __P((ipftune_t *)); 359255332Scyextern void printunit __P((int)); 360145510Sdarrenrextern void optprint __P((u_short *, u_long, u_long)); 361145510Sdarrenr#ifdef USE_INET6 362145510Sdarrenrextern void optprintv6 __P((u_short *, u_long, u_long)); 36322514Sdarrenr#endif 364145510Sdarrenrextern int remove_hash __P((struct iphtable_s *, ioctlfunc_t)); 365145510Sdarrenrextern int remove_hashnode __P((int, char *, struct iphtent_s *, ioctlfunc_t)); 366145510Sdarrenrextern int remove_pool __P((ip_pool_t *, ioctlfunc_t)); 367145510Sdarrenrextern int remove_poolnode __P((int, char *, ip_pool_node_t *, ioctlfunc_t)); 368145510Sdarrenrextern u_char tcpflags __P((char *)); 369145510Sdarrenrextern void printc __P((struct frentry *)); 370145510Sdarrenrextern void printC __P((int)); 371145510Sdarrenrextern void emit __P((int, int, void *, struct frentry *)); 372145510Sdarrenrextern u_char secbit __P((int)); 373145510Sdarrenrextern u_char seclevel __P((char *)); 374145510Sdarrenrextern void printfraginfo __P((char *, struct ipfr *)); 375145510Sdarrenrextern void printifname __P((char *, char *, void *)); 376145510Sdarrenrextern char *hostname __P((int, void *)); 377145510Sdarrenrextern struct ipstate *printstate __P((struct ipstate *, int, u_long)); 378145510Sdarrenrextern void printsbuf __P((char *)); 379145510Sdarrenrextern void printnat __P((struct ipnat *, int)); 380255332Scyextern void printactiveaddress __P((int, char *, i6addr_t *, char *)); 381255332Scyextern void printactivenat __P((struct nat *, int, u_long)); 382145510Sdarrenrextern void printhostmap __P((struct hostmap *, u_int)); 383255332Scyextern void printtcpflags __P((u_32_t, u_32_t)); 384255332Scyextern void printipfexpr __P((int *)); 385255332Scyextern void printstatefield __P((ipstate_t *, int)); 386255332Scyextern void printstatefieldhdr __P((int)); 387255332Scyextern int sendtrap_v1_0 __P((int, char *, char *, int, time_t)); 388255332Scyextern int sendtrap_v2_0 __P((int, char *, char *, int)); 389255332Scyextern int vtof __P((int)); 39022514Sdarrenr 391145510Sdarrenrextern void set_variable __P((char *, char *)); 392145510Sdarrenrextern char *get_variable __P((char *, char **, int)); 393145510Sdarrenrextern void resetlexer __P((void)); 39422514Sdarrenr 395255332Scyextern void debug __P((int, char *, ...)); 396255332Scyextern void verbose __P((int, char *, ...)); 397255332Scyextern void ipfkdebug __P((char *, ...)); 398255332Scyextern void ipfkverbose __P((char *, ...)); 399255332Scy 400145510Sdarrenr#if SOLARIS 401145510Sdarrenrextern int gethostname __P((char *, int )); 402145510Sdarrenrextern void sync __P((void)); 40322514Sdarrenr#endif 40422514Sdarrenr 40526119Sdarrenr#endif /* __IPF_H__ */ 406