1145519Sdarrenr/* $FreeBSD: releng/11.0/contrib/ipfilter/ipf.h 279029 2015-02-19 23:14:35Z glebius $ */ 2145510Sdarrenr 322514Sdarrenr/* 4255332Scy * Copyright (C) 2012 by Darren Reed. 522514Sdarrenr * 680486Sdarrenr * See the IPFILTER.LICENCE file for details on licencing. 722514Sdarrenr * 822514Sdarrenr * @(#)ipf.h 1.12 6/5/96 9255332Scy * $Id$ 1022514Sdarrenr */ 1122514Sdarrenr 1226119Sdarrenr#ifndef __IPF_H__ 1326119Sdarrenr#define __IPF_H__ 1426119Sdarrenr 15145510Sdarrenr#if defined(__osf__) 16145510Sdarrenr# define radix_mask ipf_radix_mask 17145510Sdarrenr# define radix_node ipf_radix_node 18145510Sdarrenr# define radix_node_head ipf_radix_node_head 1922514Sdarrenr#endif 2022514Sdarrenr 21145510Sdarrenr#include <sys/param.h> 22145510Sdarrenr#include <sys/types.h> 23145510Sdarrenr#include <sys/file.h> 24145510Sdarrenr/* 25145510Sdarrenr * This is a workaround for <sys/uio.h> troubles on FreeBSD, HPUX, OpenBSD. 26145510Sdarrenr * Needed here because on some systems <sys/uio.h> gets included by things 27145510Sdarrenr * like <sys/socket.h> 28145510Sdarrenr */ 29145510Sdarrenr#ifndef _KERNEL 30145510Sdarrenr# define ADD_KERNEL 31145510Sdarrenr# define _KERNEL 32145510Sdarrenr# define KERNEL 33145510Sdarrenr#endif 34145510Sdarrenr#ifdef __OpenBSD__ 35145510Sdarrenrstruct file; 36145510Sdarrenr#endif 37145510Sdarrenr#include <sys/uio.h> 38145510Sdarrenr#ifdef ADD_KERNEL 39145510Sdarrenr# undef _KERNEL 40145510Sdarrenr# undef KERNEL 41145510Sdarrenr#endif 42145510Sdarrenr#include <sys/time.h> 43145510Sdarrenr#include <sys/socket.h> 44145510Sdarrenr#include <net/if.h> 45256518Sglebius 46145510Sdarrenr#include <netinet/in.h> 47145510Sdarrenr#include <netinet/in_systm.h> 48145510Sdarrenr#include <netinet/ip.h> 49145510Sdarrenr#include <netinet/ip_icmp.h> 50145510Sdarrenr#ifndef TCP_PAWS_IDLE /* IRIX */ 51145510Sdarrenr# include <netinet/tcp.h> 52145510Sdarrenr#endif 53145510Sdarrenr#include <netinet/udp.h> 5460841Sdarrenr 55145510Sdarrenr#include <arpa/inet.h> 5660841Sdarrenr 57145510Sdarrenr#include <errno.h> 58145510Sdarrenr#include <limits.h> 59145510Sdarrenr#include <netdb.h> 60145510Sdarrenr#include <stdlib.h> 61145510Sdarrenr#include <stddef.h> 62145510Sdarrenr#include <stdio.h> 63145510Sdarrenr#if !defined(__SVR4) && !defined(__svr4__) && defined(sun) 64145510Sdarrenr# include <strings.h> 65145510Sdarrenr#endif 66145510Sdarrenr#include <string.h> 67145510Sdarrenr#include <unistd.h> 68145510Sdarrenr 69145510Sdarrenr#include "netinet/ip_compat.h" 70145510Sdarrenr#include "netinet/ip_fil.h" 71145510Sdarrenr#include "netinet/ip_nat.h" 72145510Sdarrenr#include "netinet/ip_frag.h" 73145510Sdarrenr#include "netinet/ip_state.h" 74145510Sdarrenr#include "netinet/ip_proxy.h" 75145510Sdarrenr#include "netinet/ip_auth.h" 76145510Sdarrenr#include "netinet/ip_lookup.h" 77145510Sdarrenr#include "netinet/ip_pool.h" 78145510Sdarrenr#include "netinet/ip_scan.h" 79145510Sdarrenr#include "netinet/ip_htable.h" 80145510Sdarrenr#include "netinet/ip_sync.h" 81255332Scy#include "netinet/ip_dstlist.h" 82145510Sdarrenr 83145510Sdarrenr#include "opts.h" 84145510Sdarrenr 8524583Sdarrenr#ifndef __P 86145510Sdarrenr# ifdef __STDC__ 8724583Sdarrenr# define __P(x) x 8824583Sdarrenr# else 8924583Sdarrenr# define __P(x) () 9024583Sdarrenr# endif 9124583Sdarrenr#endif 92145510Sdarrenr#ifndef __STDC__ 93145510Sdarrenr# undef const 94145510Sdarrenr# define const 95145510Sdarrenr#endif 9622514Sdarrenr 97145510Sdarrenr#ifndef U_32_T 98145510Sdarrenr# define U_32_T 1 99145510Sdarrenr# if defined(__NetBSD__) || defined(__OpenBSD__) || defined(__FreeBSD__) || \ 100145510Sdarrenr defined(__sgi) 101145510Sdarrenrtypedef u_int32_t u_32_t; 102145510Sdarrenr# else 103145510Sdarrenr# if defined(__alpha__) || defined(__alpha) || defined(_LP64) 104145510Sdarrenrtypedef unsigned int u_32_t; 105145510Sdarrenr# else 106145510Sdarrenr# if SOLARIS2 >= 6 107145510Sdarrenrtypedef uint32_t u_32_t; 108145510Sdarrenr# else 109145510Sdarrenrtypedef unsigned int u_32_t; 110145510Sdarrenr# endif 111145510Sdarrenr# endif 112145510Sdarrenr# endif /* __NetBSD__ || __OpenBSD__ || __FreeBSD__ || __sgi */ 113145510Sdarrenr#endif /* U_32_T */ 11460841Sdarrenr 115145510Sdarrenr#ifndef MAXHOSTNAMELEN 116145510Sdarrenr# define MAXHOSTNAMELEN 256 11731183Speter#endif 11831183Speter 119145510Sdarrenr#define MAX_ICMPCODE 16 120145510Sdarrenr#define MAX_ICMPTYPE 19 12122514Sdarrenr 122255332Scy#define PRINTF (void)printf 123255332Scy#define FPRINTF (void)fprintf 12424583Sdarrenr 125255332Scy 12622514Sdarrenrstruct ipopt_names { 12722514Sdarrenr int on_value; 12822514Sdarrenr int on_bit; 12922514Sdarrenr int on_siz; 13022514Sdarrenr char *on_name; 13122514Sdarrenr}; 13222514Sdarrenr 13322514Sdarrenr 134145510Sdarrenrtypedef struct alist_s { 135145510Sdarrenr struct alist_s *al_next; 136145510Sdarrenr int al_not; 137255332Scy int al_family; 138145510Sdarrenr i6addr_t al_i6addr; 139145510Sdarrenr i6addr_t al_i6mask; 140145510Sdarrenr} alist_t; 141145510Sdarrenr 142145510Sdarrenr#define al_addr al_i6addr.in4_addr 143145510Sdarrenr#define al_mask al_i6mask.in4_addr 144145510Sdarrenr#define al_1 al_addr 145145510Sdarrenr#define al_2 al_mask 146145510Sdarrenr 147145510Sdarrenr 148255332Scytypedef struct plist_s { 149255332Scy struct plist_s *pl_next; 150255332Scy int pl_compare; 151255332Scy u_short pl_port1; 152255332Scy u_short pl_port2; 153255332Scy} plist_t; 154255332Scy 155255332Scy 156145510Sdarrenrtypedef struct { 157145510Sdarrenr u_short fb_c; 158145510Sdarrenr u_char fb_t; 159145510Sdarrenr u_char fb_f; 160145510Sdarrenr u_32_t fb_k; 161145510Sdarrenr} fakebpf_t; 162145510Sdarrenr 163145510Sdarrenr 164255332Scytypedef struct { 165255332Scy char *it_name; 166255332Scy int it_v4; 167255332Scy int it_v6; 168255332Scy} icmptype_t; 169255332Scy 170255332Scy 171255332Scytypedef struct wordtab { 172255332Scy char *w_word; 173255332Scy int w_value; 174255332Scy} wordtab_t; 175255332Scy 176255332Scy 177255332Scytypedef struct namelist { 178255332Scy struct namelist *na_next; 179255332Scy char *na_name; 180255332Scy int na_value; 181255332Scy} namelist_t; 182255332Scy 183255332Scy 184255332Scytypedef struct proxyrule { 185255332Scy struct proxyrule *pr_next; 186255332Scy char *pr_proxy; 187255332Scy char *pr_conf; 188255332Scy namelist_t *pr_names; 189255332Scy int pr_proto; 190255332Scy} proxyrule_t; 191255332Scy 192255332Scy 193145510Sdarrenr#if defined(__NetBSD__) || defined(__OpenBSD__) || \ 194145510Sdarrenr (_BSDI_VERSION >= 199701) || (__FreeBSD_version >= 300000) || \ 195145510Sdarrenr SOLARIS || defined(__sgi) || defined(__osf__) || defined(linux) 196145510Sdarrenr# include <stdarg.h> 197145510Sdarrenrtypedef int (* ioctlfunc_t) __P((int, ioctlcmd_t, ...)); 198145510Sdarrenr#else 199145510Sdarrenrtypedef int (* ioctlfunc_t) __P((dev_t, ioctlcmd_t, void *)); 200145510Sdarrenr#endif 201255332Scytypedef int (* addfunc_t) __P((int, ioctlfunc_t, void *)); 202145510Sdarrenrtypedef int (* copyfunc_t) __P((void *, void *, size_t)); 203145510Sdarrenr 204145510Sdarrenr 205145510Sdarrenr/* 206145510Sdarrenr * SunOS4 207145510Sdarrenr */ 208145510Sdarrenr#if defined(sun) && !defined(__SVR4) && !defined(__svr4__) 209145510Sdarrenrextern int ioctl __P((int, int, void *)); 210145510Sdarrenr#endif 211145510Sdarrenr 212145510Sdarrenrextern char thishost[]; 21360841Sdarrenrextern char flagset[]; 21460841Sdarrenrextern u_char flags[]; 215145510Sdarrenrextern struct ipopt_names ionames[]; 216145510Sdarrenrextern struct ipopt_names secclass[]; 217145510Sdarrenrextern char *icmpcodes[MAX_ICMPCODE + 1]; 218145510Sdarrenrextern char *icmptypes[MAX_ICMPTYPE + 1]; 219145510Sdarrenrextern int use_inet6; 220145510Sdarrenrextern int lineNum; 221255332Scyextern int debuglevel; 222145510Sdarrenrextern struct ipopt_names v6ionames[]; 223255332Scyextern icmptype_t icmptypelist[]; 224255332Scyextern wordtab_t statefields[]; 225255332Scyextern wordtab_t natfields[]; 226255332Scyextern wordtab_t poolfields[]; 22760841Sdarrenr 22892686Sdarrenr 229145510Sdarrenrextern int addicmp __P((char ***, struct frentry *, int)); 230145510Sdarrenrextern int addipopt __P((char *, struct ipopt_names *, int, char *)); 231255332Scyextern int addkeep __P((char ***, struct frentry *, int)); 232255332Scyextern alist_t *alist_new __P((int, char *)); 233170268Sdarrenrextern void alist_free __P((alist_t *)); 234255332Scyextern void assigndefined __P((char *)); 235145510Sdarrenrextern void binprint __P((void *, size_t)); 236145510Sdarrenrextern u_32_t buildopts __P((char *, char *, int)); 237145510Sdarrenrextern int checkrev __P((char *)); 238255332Scyextern int connecttcp __P((char *, int)); 239145510Sdarrenrextern int count6bits __P((u_32_t *)); 240145510Sdarrenrextern int count4bits __P((u_32_t)); 241145510Sdarrenrextern char *fac_toname __P((int)); 242145510Sdarrenrextern int fac_findname __P((char *)); 243255332Scyextern const char *familyname __P((const int)); 244145510Sdarrenrextern void fill6bits __P((int, u_int *)); 245255332Scyextern wordtab_t *findword __P((wordtab_t *, char *)); 246255332Scyextern int ftov __P((int)); 247255332Scyextern char *ipf_geterror __P((int, ioctlfunc_t *)); 248255332Scyextern int genmask __P((int, char *, i6addr_t *)); 249255332Scyextern int gethost __P((int, char *, i6addr_t *)); 250255332Scyextern int geticmptype __P((int, char *)); 251255332Scyextern int getport __P((struct frentry *, char *, u_short *, char *)); 252145510Sdarrenrextern int getportproto __P((char *, int)); 253145510Sdarrenrextern int getproto __P((char *)); 254255332Scyextern char *getnattype __P((struct nat *)); 255145510Sdarrenrextern char *getsumd __P((u_32_t)); 256145510Sdarrenrextern u_32_t getoptbyname __P((char *)); 257145510Sdarrenrextern u_32_t getoptbyvalue __P((int)); 258145510Sdarrenrextern u_32_t getv6optbyname __P((char *)); 259145510Sdarrenrextern u_32_t getv6optbyvalue __P((int)); 260255332Scyextern char *icmptypename __P((int, int)); 261145510Sdarrenrextern void initparse __P((void)); 262255332Scyextern void ipf_dotuning __P((int, char *, ioctlfunc_t)); 263255332Scyextern int ipf_addrule __P((int, ioctlfunc_t, void *)); 264255332Scyextern void ipf_mutex_clean __P((void)); 265145510Sdarrenrextern int ipf_parsefile __P((int, addfunc_t, ioctlfunc_t *, char *)); 266145510Sdarrenrextern int ipf_parsesome __P((int, addfunc_t, ioctlfunc_t *, FILE *)); 267255332Scyextern void ipf_perror __P((int, char *)); 268255332Scyextern int ipf_perror_fd __P(( int, ioctlfunc_t, char *)); 269255332Scyextern void ipf_rwlock_clean __P((void)); 270255332Scyextern char *ipf_strerror __P((int)); 271255332Scyextern void ipferror __P((int, char *)); 272145510Sdarrenrextern int ipmon_parsefile __P((char *)); 273145510Sdarrenrextern int ipmon_parsesome __P((FILE *)); 274255332Scyextern int ipnat_addrule __P((int, ioctlfunc_t, void *)); 275145510Sdarrenrextern int ipnat_parsefile __P((int, addfunc_t, ioctlfunc_t, char *)); 276145510Sdarrenrextern int ipnat_parsesome __P((int, addfunc_t, ioctlfunc_t, FILE *)); 277145510Sdarrenrextern int ippool_parsefile __P((int, char *, ioctlfunc_t)); 278145510Sdarrenrextern int ippool_parsesome __P((int, FILE *, ioctlfunc_t)); 279145510Sdarrenrextern int kmemcpywrap __P((void *, void *, size_t)); 280145510Sdarrenrextern char *kvatoname __P((ipfunc_t, ioctlfunc_t)); 281255332Scyextern int load_dstlist __P((struct ippool_dst *, ioctlfunc_t, 282255332Scy ipf_dstnode_t *)); 283255332Scyextern int load_dstlistnode __P((int, char *, struct ipf_dstnode *, 284255332Scy ioctlfunc_t)); 285170268Sdarrenrextern alist_t *load_file __P((char *)); 286145510Sdarrenrextern int load_hash __P((struct iphtable_s *, struct iphtent_s *, 287145510Sdarrenr ioctlfunc_t)); 288255332Scyextern int load_hashnode __P((int, char *, struct iphtent_s *, int, 289255332Scy ioctlfunc_t)); 290170268Sdarrenrextern alist_t *load_http __P((char *)); 291145510Sdarrenrextern int load_pool __P((struct ip_pool_s *list, ioctlfunc_t)); 292255332Scyextern int load_poolnode __P((int, char *, ip_pool_node_t *, int, ioctlfunc_t)); 293170268Sdarrenrextern alist_t *load_url __P((char *)); 294145510Sdarrenrextern alist_t *make_range __P((int, struct in_addr, struct in_addr)); 295255332Scyextern void mb_hexdump __P((mb_t *, FILE *)); 296145510Sdarrenrextern ipfunc_t nametokva __P((char *, ioctlfunc_t)); 297145510Sdarrenrextern void nat_setgroupmap __P((struct ipnat *)); 298145510Sdarrenrextern int ntomask __P((int, int, u_32_t *)); 299145510Sdarrenrextern u_32_t optname __P((char ***, u_short *, int)); 300255332Scyextern wordtab_t *parsefields __P((wordtab_t *, char *)); 301255332Scyextern int *parseipfexpr __P((char *, char **)); 302255332Scyextern int parsewhoisline __P((char *, addrfamily_t *, addrfamily_t *)); 303255332Scyextern void pool_close __P((void)); 304255332Scyextern int pool_fd __P((void)); 305255332Scyextern int pool_ioctl __P((ioctlfunc_t, ioctlcmd_t, void *)); 306255332Scyextern int pool_open __P((void)); 307145510Sdarrenrextern char *portname __P((int, int)); 308145510Sdarrenrextern int pri_findname __P((char *)); 309145510Sdarrenrextern char *pri_toname __P((int)); 310255332Scyextern void print_toif __P((int, char *, char *, struct frdest *)); 311255332Scyextern void printaps __P((ap_session_t *, int, int)); 312255332Scyextern void printaddr __P((int, int, char *, int, u_32_t *, u_32_t *)); 313145510Sdarrenrextern void printbuf __P((char *, int, int)); 314255332Scyextern void printfieldhdr __P((wordtab_t *, wordtab_t *)); 315145510Sdarrenrextern void printfr __P((struct frentry *, ioctlfunc_t)); 316145510Sdarrenrextern struct iphtable_s *printhash __P((struct iphtable_s *, copyfunc_t, 317255332Scy char *, int, wordtab_t *)); 318255332Scyextern struct iphtable_s *printhash_live __P((iphtable_t *, int, char *, 319255332Scy int, wordtab_t *)); 320255332Scyextern ippool_dst_t *printdstl_live __P((ippool_dst_t *, int, char *, 321255332Scy int, wordtab_t *)); 322170268Sdarrenrextern void printhashdata __P((iphtable_t *, int)); 323145510Sdarrenrextern struct iphtent_s *printhashnode __P((struct iphtable_s *, 324145510Sdarrenr struct iphtent_s *, 325255332Scy copyfunc_t, int, wordtab_t *)); 326255332Scyextern void printhost __P((int, u_32_t *)); 327145510Sdarrenrextern void printhostmask __P((int, u_32_t *, u_32_t *)); 328255332Scyextern void printip __P((int, u_32_t *)); 329145510Sdarrenrextern void printlog __P((struct frentry *)); 330255332Scyextern void printlookup __P((char *, i6addr_t *addr, i6addr_t *mask)); 331255332Scyextern void printmask __P((int, u_32_t *)); 332255332Scyextern void printnataddr __P((int, char *, nat_addr_t *, int)); 333255332Scyextern void printnatfield __P((nat_t *, int)); 334255332Scyextern void printnatside __P((char *, nat_stat_side_t *)); 335255332Scyextern void printpacket __P((int, mb_t *)); 336255332Scyextern void printpacket6 __P((int, mb_t *)); 337255332Scyextern struct ippool_dst *printdstlist __P((struct ippool_dst *, copyfunc_t, 338255332Scy char *, int, ipf_dstnode_t *, 339255332Scy wordtab_t *)); 340255332Scyextern void printdstlistdata __P((ippool_dst_t *, int)); 341255332Scyextern ipf_dstnode_t *printdstlistnode __P((ipf_dstnode_t *, copyfunc_t, 342255332Scy int, wordtab_t *)); 343255332Scyextern void printdstlistpolicy __P((ippool_policy_t)); 344145510Sdarrenrextern struct ip_pool_s *printpool __P((struct ip_pool_s *, copyfunc_t, 345255332Scy char *, int, wordtab_t *)); 346170268Sdarrenrextern struct ip_pool_s *printpool_live __P((struct ip_pool_s *, int, 347255332Scy char *, int, wordtab_t *)); 348170268Sdarrenrextern void printpooldata __P((ip_pool_t *, int)); 349255332Scyextern void printpoolfield __P((void *, int, int)); 350255332Scyextern struct ip_pool_node *printpoolnode __P((struct ip_pool_node *, 351255332Scy int, wordtab_t *)); 352153881Sguidoextern void printproto __P((struct protoent *, int, struct ipnat *)); 353145510Sdarrenrextern void printportcmp __P((int, struct frpcmp *)); 354255332Scyextern void printstatefield __P((ipstate_t *, int)); 355255332Scyextern void printtqtable __P((ipftq_t *)); 356255332Scyextern void printtunable __P((ipftune_t *)); 357255332Scyextern void printunit __P((int)); 358145510Sdarrenrextern void optprint __P((u_short *, u_long, u_long)); 359145510Sdarrenr#ifdef USE_INET6 360145510Sdarrenrextern void optprintv6 __P((u_short *, u_long, u_long)); 36122514Sdarrenr#endif 362145510Sdarrenrextern int remove_hash __P((struct iphtable_s *, ioctlfunc_t)); 363145510Sdarrenrextern int remove_hashnode __P((int, char *, struct iphtent_s *, ioctlfunc_t)); 364145510Sdarrenrextern int remove_pool __P((ip_pool_t *, ioctlfunc_t)); 365145510Sdarrenrextern int remove_poolnode __P((int, char *, ip_pool_node_t *, ioctlfunc_t)); 366145510Sdarrenrextern u_char tcpflags __P((char *)); 367145510Sdarrenrextern void printc __P((struct frentry *)); 368145510Sdarrenrextern void printC __P((int)); 369145510Sdarrenrextern void emit __P((int, int, void *, struct frentry *)); 370145510Sdarrenrextern u_char secbit __P((int)); 371145510Sdarrenrextern u_char seclevel __P((char *)); 372145510Sdarrenrextern void printfraginfo __P((char *, struct ipfr *)); 373145510Sdarrenrextern void printifname __P((char *, char *, void *)); 374145510Sdarrenrextern char *hostname __P((int, void *)); 375145510Sdarrenrextern struct ipstate *printstate __P((struct ipstate *, int, u_long)); 376145510Sdarrenrextern void printsbuf __P((char *)); 377145510Sdarrenrextern void printnat __P((struct ipnat *, int)); 378255332Scyextern void printactiveaddress __P((int, char *, i6addr_t *, char *)); 379255332Scyextern void printactivenat __P((struct nat *, int, u_long)); 380145510Sdarrenrextern void printhostmap __P((struct hostmap *, u_int)); 381255332Scyextern void printtcpflags __P((u_32_t, u_32_t)); 382255332Scyextern void printipfexpr __P((int *)); 383255332Scyextern void printstatefield __P((ipstate_t *, int)); 384255332Scyextern void printstatefieldhdr __P((int)); 385255332Scyextern int sendtrap_v1_0 __P((int, char *, char *, int, time_t)); 386255332Scyextern int sendtrap_v2_0 __P((int, char *, char *, int)); 387255332Scyextern int vtof __P((int)); 38822514Sdarrenr 389145510Sdarrenrextern void set_variable __P((char *, char *)); 390145510Sdarrenrextern char *get_variable __P((char *, char **, int)); 391145510Sdarrenrextern void resetlexer __P((void)); 39222514Sdarrenr 393255332Scyextern void debug __P((int, char *, ...)); 394255332Scyextern void verbose __P((int, char *, ...)); 395255332Scyextern void ipfkdebug __P((char *, ...)); 396255332Scyextern void ipfkverbose __P((char *, ...)); 397255332Scy 398145510Sdarrenr#if SOLARIS 399145510Sdarrenrextern int gethostname __P((char *, int )); 400145510Sdarrenrextern void sync __P((void)); 40122514Sdarrenr#endif 40222514Sdarrenr 40326119Sdarrenr#endif /* __IPF_H__ */ 404