filter.h revision 42844 
1156952Sume/*
2156952Sume *	    Written by Toshiharu OHNO (tony-o@iij.ad.jp)
3156952Sume *
4156952Sume *   Copyright (C) 1993, Internet Initiative Japan, Inc. All rights reserverd.
5156952Sume *
6156952Sume * Redistribution and use in source and binary forms are permitted
7156952Sume * provided that the above copyright notice and this paragraph are
8156952Sume * duplicated in all such forms and that any documentation,
9156952Sume * advertising materials, and other materials related to such
10156952Sume * distribution and use acknowledge that the software was developed
11156952Sume * by the Internet Initiative Japan.  The name of the
12156952Sume * IIJ may not be used to endorse or promote products derived
13156952Sume * from this software without specific prior written permission.
14156952Sume * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
15156952Sume * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
16156952Sume * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
17156952Sume *
18156952Sume * $Id: filter.h,v 1.12 1998/05/21 21:45:16 brian Exp $
19170244Sume *
20156952Sume *	TODO:
21156956Sume */
22156956Sume
23156952Sume/*
24156952Sume *   Actions
25156952Sume */
26156952Sume#define	A_NONE		0
27156952Sume#define	A_PERMIT	1
28156952Sume#define	A_DENY		2
29156952Sume#define	A_MASK		3
30156952Sume#define	A_UHOST		4
31156952Sume#define	A_UPORT		8
32156952Sume
33156952Sume/*
34156952Sume *   Known protocols
35156952Sume */
36156952Sume#define	P_NONE	0
37156952Sume#define	P_TCP	1
38156952Sume#define	P_UDP	2
39156952Sume#define	P_ICMP	3
40170244Sume
41156952Sume/*
42156952Sume *   Operations
43156952Sume */
44156952Sume#define	OP_NONE	0
45156956Sume#define	OP_EQ	1
46156956Sume#define	OP_GT	2
47156952Sume#define	OP_LT	4
48156952Sume
49156952Sumestruct filterent {
50156952Sume  int action;			/* Filtering action */
51156952Sume  int swidth;			/* Effective source address width */
52156952Sume  struct in_addr saddr;		/* Source address */
53156952Sume  struct in_addr smask;		/* Source address mask */
54156952Sume  int dwidth;			/* Effective destination address width */
55156952Sume  struct in_addr daddr;		/* Destination address */
56156952Sume  struct in_addr dmask;		/* Destination address mask */
57156956Sume  int proto;			/* Protocol */
58156956Sume  struct {
59156952Sume    short srcop;
60156952Sume    u_short srcport;
61156952Sume    short dstop;
62156952Sume    u_short dstport;
63156952Sume    unsigned estab : 1;
64156952Sume    unsigned syn : 1;
65156952Sume    unsigned finrst : 1;
66156952Sume  } opt;
67156952Sume};
68156952Sume
69156952Sume#define	MAXFILTERS		40	/* in each filter set */
70156952Sume
71156952Sumestruct filter {
72156952Sume  struct filterent rule[MAXFILTERS];	/* incoming packet filter */
73156952Sume  const char *name;
74156952Sume  unsigned fragok : 1;
75156952Sume  unsigned logok : 1;
76156952Sume};
77156952Sume
78156952Sume#define FL_IN		0
79156952Sume#define FL_OUT		1
80156952Sume#define FL_DIAL		2
81156952Sume#define FL_KEEP		3
82156952Sume
83156952Sumestruct ipcp;
84156956Sumestruct cmdargs;
85156952Sume
86156952Sumeextern int ParseAddr(struct ipcp *, int, char const *const *, struct in_addr *,
87156952Sume                     struct in_addr *, int *);
88156956Sumeextern int filter_Show(struct cmdargs const *);
89156952Sumeextern int filter_Set(struct cmdargs const *);
90156956Sumeextern const char * filter_Action2Nam(int);
91156956Sumeextern const char *filter_Proto2Nam(int);
92156952Sumeextern const char *filter_Op2Nam(int);
93156952Sume