1/* $NetBSD: ipf.h,v 1.14 2008/05/20 07:08:06 darrenr Exp $ */ 2 3/* 4 * Copyright (C) 1993-2001, 2003 by Darren Reed. 5 * 6 * See the IPFILTER.LICENCE file for details on licencing. 7 * 8 * @(#)ipf.h 1.12 6/5/96 9 * Id: ipf.h,v 2.71.2.16 2007/10/26 12:15:14 darrenr Exp 10 */ 11 12#ifndef __IPF_H__ 13#define __IPF_H__ 14 15#if defined(__osf__) 16# define radix_mask ipf_radix_mask 17# define radix_node ipf_radix_node 18# define radix_node_head ipf_radix_node_head 19#endif 20 21#include <sys/param.h> 22#include <sys/types.h> 23#include <sys/file.h> 24/* 25 * This is a workaround for <sys/uio.h> troubles on FreeBSD, HPUX, OpenBSD. 26 * Needed here because on some systems <sys/uio.h> gets included by things 27 * like <sys/socket.h> 28 */ 29#ifndef _KERNEL 30# define ADD_KERNEL 31# define _KERNEL 32# define KERNEL 33#endif 34#ifdef __OpenBSD__ 35struct file; 36#endif 37#include <sys/uio.h> 38#ifdef ADD_KERNEL 39# undef _KERNEL 40# undef KERNEL 41#endif 42#include <sys/time.h> 43#include <sys/socket.h> 44#include <net/if.h> 45#if __FreeBSD_version >= 300000 46# include <net/if_var.h> 47#endif 48#include <netinet/in.h> 49#include <netinet/in_systm.h> 50#include <netinet/ip.h> 51#include <netinet/ip_icmp.h> 52#ifndef TCP_PAWS_IDLE /* IRIX */ 53# include <netinet/tcp.h> 54#endif 55#include <netinet/udp.h> 56 57#include <arpa/inet.h> 58 59#include <errno.h> 60#include <limits.h> 61#include <netdb.h> 62#include <stdlib.h> 63#include <stddef.h> 64#include <stdio.h> 65#if !defined(__SVR4) && !defined(__svr4__) && defined(sun) 66# include <strings.h> 67#endif 68#include <string.h> 69#include <unistd.h> 70 71#include "netinet/ip_compat.h" 72#include "netinet/ip_fil.h" 73#include "netinet/ip_nat.h" 74#include "netinet/ip_frag.h" 75#include "netinet/ip_state.h" 76#include "netinet/ip_proxy.h" 77#include "netinet/ip_auth.h" 78#include "netinet/ip_lookup.h" 79#include "netinet/ip_pool.h" 80#include "netinet/ip_scan.h" 81#include "netinet/ip_htable.h" 82#include "netinet/ip_sync.h" 83 84#include "opts.h" 85 86#ifndef __STDC__ 87# undef const 88# define const 89#endif 90 91#ifndef U_32_T 92# define U_32_T 1 93# if defined(__NetBSD__) || defined(__OpenBSD__) || defined(__FreeBSD__) || \ 94 defined(__sgi) 95typedef u_int32_t u_32_t; 96# else 97# if defined(__alpha__) || defined(__alpha) || defined(_LP64) 98typedef unsigned int u_32_t; 99# else 100# if SOLARIS2 >= 6 101typedef uint32_t u_32_t; 102# else 103typedef unsigned int u_32_t; 104# endif 105# endif 106# endif /* __NetBSD__ || __OpenBSD__ || __FreeBSD__ || __sgi */ 107#endif /* U_32_T */ 108 109#ifndef MAXHOSTNAMELEN 110# define MAXHOSTNAMELEN 256 111#endif 112 113#define MAX_ICMPCODE 16 114#define MAX_ICMPTYPE 19 115 116 117struct ipopt_names { 118 int on_value; 119 int on_bit; 120 int on_siz; 121 char *on_name; 122}; 123 124 125typedef struct alist_s { 126 struct alist_s *al_next; 127 int al_not; 128 i6addr_t al_i6addr; 129 i6addr_t al_i6mask; 130} alist_t; 131 132#define al_addr al_i6addr.in4_addr 133#define al_mask al_i6mask.in4_addr 134#define al_1 al_addr 135#define al_2 al_mask 136 137 138typedef struct { 139 u_short fb_c; 140 u_char fb_t; 141 u_char fb_f; 142 u_32_t fb_k; 143} fakebpf_t; 144 145 146#if defined(__NetBSD__) || defined(__OpenBSD__) || \ 147 (_BSDI_VERSION >= 199701) || (__FreeBSD_version >= 300000) || \ 148 SOLARIS || defined(__sgi) || defined(__osf__) || defined(linux) 149# include <stdarg.h> 150typedef int (* ioctlfunc_t)(int, ioctlcmd_t, ...); 151#else 152typedef int (* ioctlfunc_t)(dev_t, ioctlcmd_t, void *); 153#endif 154typedef void (* addfunc_t)(int, ioctlfunc_t, void *); 155typedef int (* copyfunc_t)(void *, void *, size_t); 156 157 158/* 159 * SunOS4 160 */ 161#if defined(sun) && !defined(__SVR4) && !defined(__svr4__) 162extern int ioctl(int, int, void *); 163#endif 164 165extern char thishost[]; 166extern char flagset[]; 167extern u_char flags[]; 168extern struct ipopt_names ionames[]; 169extern struct ipopt_names secclass[]; 170extern char *icmpcodes[MAX_ICMPCODE + 1]; 171extern char *icmptypes[MAX_ICMPTYPE + 1]; 172extern int use_inet6; 173extern int lineNum; 174extern struct ipopt_names v6ionames[]; 175 176 177extern int addicmp(char ***, struct frentry *, int); 178extern int addipopt(char *, struct ipopt_names *, int, char *); 179extern void alist_free(alist_t *); 180extern alist_t *alist_new(int, char *); 181extern void binprint(void *, size_t); 182extern void initparse(void); 183extern u_32_t buildopts(char *, char *, int); 184extern int checkrev(char *); 185extern int count6bits(u_32_t *); 186extern int count4bits(u_32_t); 187extern char *fac_toname(int); 188extern int fac_findname(char *); 189extern void fill6bits(int, u_int *); 190extern int gethost(char *, u_32_t *); 191extern int getport(struct frentry *, char *, u_short *); 192extern int getportproto(char *, int); 193extern int getproto(char *); 194extern char *getnattype(struct nat *, int); 195extern char *getsumd(u_32_t); 196extern u_32_t getoptbyname(char *); 197extern u_32_t getoptbyvalue(int); 198extern u_32_t getv6optbyname(char *); 199extern u_32_t getv6optbyvalue(int); 200extern void initparse(void); 201extern void ipf_dotuning(int, char *, ioctlfunc_t); 202extern void ipf_addrule(int, ioctlfunc_t, void *); 203extern int ipf_parsefile(int, addfunc_t, ioctlfunc_t *, char *); 204extern int ipf_parsesome(int, addfunc_t, ioctlfunc_t *, FILE *); 205extern int ipmon_parsefile(char *); 206extern int ipmon_parsesome(FILE *); 207extern void ipnat_addrule(int, ioctlfunc_t, void *); 208extern int ipnat_parsefile(int, addfunc_t, ioctlfunc_t, char *); 209extern int ipnat_parsesome(int, addfunc_t, ioctlfunc_t, FILE *); 210extern int ippool_parsefile(int, char *, ioctlfunc_t); 211extern int ippool_parsesome(int, FILE *, ioctlfunc_t); 212extern int kmemcpywrap(void *, void *, size_t); 213extern char *kvatoname(ipfunc_t, ioctlfunc_t); 214extern alist_t *load_file(char *); 215extern int load_hash(struct iphtable_s *, struct iphtent_s *, 216 ioctlfunc_t); 217extern int load_hashnode(int, char *, struct iphtent_s *, ioctlfunc_t); 218extern alist_t *load_http(char *); 219extern int load_pool(struct ip_pool_s *list, ioctlfunc_t); 220extern int load_poolnode(int, char *, ip_pool_node_t *, ioctlfunc_t); 221extern alist_t *load_url(char *); 222extern alist_t *make_range(int, struct in_addr, struct in_addr); 223extern ipfunc_t nametokva(char *, ioctlfunc_t); 224extern void nat_setgroupmap(struct ipnat *); 225extern int ntomask(int, int, u_32_t *); 226extern u_32_t optname(char ***, u_short *, int); 227extern struct frentry *parse(char *, int); 228extern char *portname(int, int); 229extern int pri_findname(char *); 230extern char *pri_toname(int); 231extern void print_toif(char *, struct frdest *); 232extern void printaps(ap_session_t *, int); 233extern void printbuf(char *, int, int); 234extern void printfr(struct frentry *, ioctlfunc_t); 235extern void printtunable(ipftune_t *); 236extern struct iphtable_s *printhash(struct iphtable_s *, copyfunc_t, 237 char *, int); 238extern struct iphtable_s *printhash_live(iphtable_t *, int, char *, int); 239extern void printhashdata(iphtable_t *, int); 240extern struct iphtent_s *printhashnode(struct iphtable_s *, 241 struct iphtent_s *, 242 copyfunc_t, int); 243extern void printhostmask(int, u_32_t *, u_32_t *); 244extern void printip(u_32_t *); 245extern void printlog(struct frentry *); 246extern void printlookup(i6addr_t *addr, i6addr_t *mask); 247extern void printmask(u_32_t *); 248extern void printpacket(struct ip *); 249extern void printpacket6(struct ip *); 250extern struct ip_pool_s *printpool(struct ip_pool_s *, copyfunc_t, 251 char *, int); 252extern struct ip_pool_s *printpool_live(struct ip_pool_s *, int, 253 char *, int); 254extern void printpooldata(ip_pool_t *, int); 255extern struct ip_pool_node *printpoolnode(struct ip_pool_node *, int); 256extern void printproto(struct protoent *, int, struct ipnat *); 257extern void printportcmp(int, struct frpcmp *); 258extern void optprint(u_short *, u_long, u_long); 259#ifdef USE_INET6 260extern void optprintv6(u_short *, u_long, u_long); 261#endif 262extern int remove_hash(struct iphtable_s *, ioctlfunc_t); 263extern int remove_hashnode(int, char *, struct iphtent_s *, ioctlfunc_t); 264extern int remove_pool(ip_pool_t *, ioctlfunc_t); 265extern int remove_poolnode(int, char *, ip_pool_node_t *, ioctlfunc_t); 266extern u_char tcp_flags(char *, u_char *, int); 267extern u_char tcpflags(char *); 268extern void printc(struct frentry *); 269extern void printC(int); 270extern void emit(int, int, void *, struct frentry *); 271extern u_char secbit(int); 272extern u_char seclevel(char *); 273extern void printfraginfo(char *, struct ipfr *); 274extern void printifname(char *, char *, void *); 275extern char *hostname(int, void *); 276extern struct ipstate *printstate(struct ipstate *, int, u_long); 277extern void printsbuf(char *); 278extern void printnat(struct ipnat *, int); 279extern void printactivenat(struct nat *, int, int, u_long); 280extern void printhostmap(struct hostmap *, u_int); 281extern void printtqtable(ipftq_t *); 282 283extern void set_variable(char *, char *); 284extern char *get_variable(char *, char **, int); 285extern void resetlexer(void); 286 287#if SOLARIS 288extern int gethostname(char *, int ); 289extern void sync(void); 290#endif 291 292#endif /* __IPF_H__ */ 293