1/*	$NetBSD: npf.h,v 1.6.2.7 2013/02/11 21:49:48 riz Exp $	*/
2
3/*-
4 * Copyright (c) 2011-2013 The NetBSD Foundation, Inc.
5 * All rights reserved.
6 *
7 * This material is based upon work partially supported by The
8 * NetBSD Foundation under a contract with Mindaugas Rasiukevicius.
9 *
10 * Redistribution and use in source and binary forms, with or without
11 * modification, are permitted provided that the following conditions
12 * are met:
13 * 1. Redistributions of source code must retain the above copyright
14 *    notice, this list of conditions and the following disclaimer.
15 * 2. Redistributions in binary form must reproduce the above copyright
16 *    notice, this list of conditions and the following disclaimer in the
17 *    documentation and/or other materials provided with the distribution.
18 *
19 * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
20 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
21 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
22 * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
23 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
24 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
25 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
26 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
27 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
28 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
29 * POSSIBILITY OF SUCH DAMAGE.
30 */
31
32#ifndef _NPF_LIB_H_
33#define _NPF_LIB_H_
34
35#include <sys/types.h>
36#include <net/npf.h>
37
38__BEGIN_DECLS
39
40struct nl_config;
41struct nl_rule;
42struct nl_rproc;
43struct nl_table;
44struct nl_ext;
45
46typedef struct nl_config	nl_config_t;
47typedef struct nl_rule		nl_rule_t;
48typedef struct nl_rproc		nl_rproc_t;
49typedef struct nl_table		nl_table_t;
50
51typedef struct nl_rule		nl_nat_t;
52
53typedef struct nl_ext		nl_ext_t;
54
55typedef int (*npfext_initfunc_t)(void);
56typedef nl_ext_t *(*npfext_consfunc_t)(const char *);
57typedef int (*npfext_paramfunc_t)(nl_ext_t *, const char *, const char *);
58
59#ifdef _NPF_PRIVATE
60
61typedef struct {
62	int		ne_id;
63	char *		ne_source_file;
64	u_int		ne_source_line;
65	int		ne_ncode_error;
66	int		ne_ncode_errat;
67} nl_error_t;
68
69typedef void (*nl_rule_callback_t)(nl_rule_t *, unsigned);
70typedef void (*nl_table_callback_t)(unsigned, int);
71
72#endif
73
74#define	NPF_MAX_TABLE_ID	(16)
75
76nl_config_t *	npf_config_create(void);
77int		npf_config_submit(nl_config_t *, int);
78void		npf_config_destroy(nl_config_t *);
79nl_config_t *	npf_config_retrieve(int, bool *, bool *);
80int		npf_config_flush(int);
81
82int		npf_ruleset_add(int, const char *, nl_rule_t *, uint64_t *);
83int		npf_ruleset_remove(int, const char *, uint64_t);
84int		npf_ruleset_remkey(int, const char *, const void *, size_t);
85int		npf_ruleset_flush(int, const char *);
86
87nl_ext_t *	npf_ext_construct(const char *name);
88void		npf_ext_param_u32(nl_ext_t *, const char *, uint32_t);
89void		npf_ext_param_bool(nl_ext_t *, const char *, bool);
90
91nl_rule_t *	npf_rule_create(const char *, uint32_t, u_int);
92int		npf_rule_setcode(nl_rule_t *, int, const void *, size_t);
93int		npf_rule_setprio(nl_rule_t *, pri_t);
94int		npf_rule_setproc(nl_rule_t *, const char *);
95int		npf_rule_setkey(nl_rule_t *, const void *, size_t);
96bool		npf_rule_exists_p(nl_config_t *, const char *);
97int		npf_rule_insert(nl_config_t *, nl_rule_t *, nl_rule_t *);
98void *		npf_rule_export(nl_rule_t *, size_t *);
99void		npf_rule_destroy(nl_rule_t *);
100
101nl_rproc_t *	npf_rproc_create(const char *);
102int		npf_rproc_extcall(nl_rproc_t *, nl_ext_t *);
103bool		npf_rproc_exists_p(nl_config_t *, const char *);
104int		npf_rproc_insert(nl_config_t *, nl_rproc_t *);
105
106nl_nat_t *	npf_nat_create(int, u_int, u_int, npf_addr_t *, int, in_port_t);
107int		npf_nat_insert(nl_config_t *, nl_nat_t *, pri_t);
108
109nl_table_t *	npf_table_create(u_int, int);
110int		npf_table_add_entry(nl_table_t *, int,
111		    const npf_addr_t *, const npf_netmask_t);
112bool		npf_table_exists_p(nl_config_t *, u_int);
113int		npf_table_insert(nl_config_t *, nl_table_t *);
114void		npf_table_destroy(nl_table_t *);
115
116#ifdef _NPF_PRIVATE
117
118#include <ifaddrs.h>
119
120int		npf_sessions_send(int, const char *);
121int		npf_sessions_recv(int, const char *);
122
123void		_npf_config_error(nl_config_t *, nl_error_t *);
124void		_npf_config_setsubmit(nl_config_t *, const char *);
125int		_npf_ruleset_list(int, const char *, nl_config_t *);
126int		_npf_rule_foreach(nl_config_t *, nl_rule_callback_t);
127pri_t		_npf_rule_getinfo(nl_rule_t *, const char **, uint32_t *,
128		    u_int *);
129const void *	_npf_rule_ncode(nl_rule_t *, size_t *);
130const char *	_npf_rule_rproc(nl_rule_t *);
131int		_npf_nat_foreach(nl_config_t *, nl_rule_callback_t);
132void		_npf_nat_getinfo(nl_nat_t *, int *, u_int *, npf_addr_t *,
133		    size_t *, in_port_t *);
134void		_npf_table_foreach(nl_config_t *, nl_table_callback_t);
135
136void		_npf_debug_addif(nl_config_t *, struct ifaddrs *, u_int);
137#endif
138
139__END_DECLS
140
141#endif	/* _NPF_LIB_H_ */
142