xref: /dragonfly/sbin/ipfw3/ipfw3.h (revision 372a54ac)
19187b359SBill Yuan /*
24408d548SBill Yuan  * Copyright (c) 2014 - 2018 The DragonFly Project.  All rights reserved.
39187b359SBill Yuan  *
49187b359SBill Yuan  * This code is derived from software contributed to The DragonFly Project
59187b359SBill Yuan  * by Bill Yuan <bycn82@dragonflybsd.org>
69187b359SBill Yuan  *
79187b359SBill Yuan  * Redistribution and use in source and binary forms, with or without
89187b359SBill Yuan  * modification, are permitted provided that the following conditions
99187b359SBill Yuan  * are met:
109187b359SBill Yuan  *
119187b359SBill Yuan  * 1. Redistributions of source code must retain the above copyright
129187b359SBill Yuan  *    notice, this list of conditions and the following disclaimer.
139187b359SBill Yuan  * 2. Redistributions in binary form must reproduce the above copyright
149187b359SBill Yuan  *    notice, this list of conditions and the following disclaimer in
159187b359SBill Yuan  *    the documentation and/or other materials provided with the
169187b359SBill Yuan  *    distribution.
179187b359SBill Yuan  * 3. Neither the name of The DragonFly Project nor the names of its
189187b359SBill Yuan  *    contributors may be used to endorse or promote products derived
199187b359SBill Yuan  *    from this software without specific, prior written permission.
209187b359SBill Yuan  *
219187b359SBill Yuan  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
229187b359SBill Yuan  * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
239187b359SBill Yuan  * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
249187b359SBill Yuan  * FOR A PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE
259187b359SBill Yuan  * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
269187b359SBill Yuan  * INCIDENTAL, SPECIAL, EXEMPLARY OR CONSEQUENTIAL DAMAGES (INCLUDING,
279187b359SBill Yuan  * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
289187b359SBill Yuan  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
299187b359SBill Yuan  * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
309187b359SBill Yuan  * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
319187b359SBill Yuan  * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
329187b359SBill Yuan  * SUCH DAMAGE.
339187b359SBill Yuan  */
349187b359SBill Yuan 
359187b359SBill Yuan 
369187b359SBill Yuan #ifndef _IPFW3_H_
379187b359SBill Yuan #define _IPFW3_H_
389187b359SBill Yuan 
399187b359SBill Yuan /*
409187b359SBill Yuan  * This macro returns the size of a struct sockaddr when passed
419187b359SBill Yuan  * through a routing socket. Basically we round up sa_len to
429187b359SBill Yuan  * a multiple of sizeof(long), with a minimum of sizeof(long).
439187b359SBill Yuan  * The check for a NULL pointer is just a convenience, probably never used.
449187b359SBill Yuan  * The case sa_len == 0 should only apply to empty structures.
459187b359SBill Yuan  */
469187b359SBill Yuan #define SA_SIZE(sa)						\
479187b359SBill Yuan 	( (!(sa) || ((struct sockaddr *)(sa))->sa_len == 0) ?	\
489187b359SBill Yuan 	sizeof(long)		:				\
499187b359SBill Yuan 	1 + ( (((struct sockaddr *)(sa))->sa_len - 1) | (sizeof(long) - 1) ) )
509187b359SBill Yuan 
519187b359SBill Yuan /*
529187b359SBill Yuan  * Definition of a port range, and macros to deal with values.
539187b359SBill Yuan  * FORMAT: HI 16-bits == first port in range, 0 == all ports.
549187b359SBill Yuan  *		 LO 16-bits == number of ports in range
559187b359SBill Yuan  * NOTES: - Port values are not stored in network byte order.
569187b359SBill Yuan  */
579187b359SBill Yuan 
589187b359SBill Yuan 
599187b359SBill Yuan #define GETLOPORT(x)	((x) >> 0x10)
609187b359SBill Yuan #define GETNUMPORTS(x)	((x) & 0x0000ffff)
619187b359SBill Yuan #define GETHIPORT(x)	(GETLOPORT((x)) + GETNUMPORTS((x)))
629187b359SBill Yuan 
639187b359SBill Yuan /* Set y to be the low-port value in port_range variable x. */
649187b359SBill Yuan #define SETLOPORT(x, y) ((x) = ((x) & 0x0000ffff) | ((y) << 0x10))
659187b359SBill Yuan 
669187b359SBill Yuan /* Set y to be the number of ports in port_range variable x. */
679187b359SBill Yuan #define SETNUMPORTS(x, y) ((x) = ((x) & 0xffff0000) | (y))
689187b359SBill Yuan 
699187b359SBill Yuan #define INC_ARGCV() do {			\
709187b359SBill Yuan 	(*_av)++;				\
719187b359SBill Yuan 	(*_ac)--;				\
729187b359SBill Yuan 	av = *_av;				\
739187b359SBill Yuan 	ac = *_ac;				\
749187b359SBill Yuan } while (0)
759187b359SBill Yuan 
769187b359SBill Yuan 
779187b359SBill Yuan enum tokens {
789187b359SBill Yuan 	TOK_NULL=0,
799187b359SBill Yuan 
809187b359SBill Yuan 	TOK_IP,
819187b359SBill Yuan 	TOK_IF,
829187b359SBill Yuan 	TOK_ALOG,
839187b359SBill Yuan 	TOK_DENY_INC,
849187b359SBill Yuan 	TOK_SAME_PORTS,
859187b359SBill Yuan 	TOK_UNREG_ONLY,
869187b359SBill Yuan 	TOK_RESET_ADDR,
879187b359SBill Yuan 	TOK_ALIAS_REV,
889187b359SBill Yuan 	TOK_PROXY_ONLY,
899187b359SBill Yuan 	TOK_REDIR_ADDR,
909187b359SBill Yuan 	TOK_REDIR_PORT,
919187b359SBill Yuan 	TOK_REDIR_PROTO,
929187b359SBill Yuan 
939187b359SBill Yuan 	TOK_PIPE,
949187b359SBill Yuan 	TOK_QUEUE,
959187b359SBill Yuan 	TOK_PLR,
969187b359SBill Yuan 	TOK_NOERROR,
979187b359SBill Yuan 	TOK_BUCKETS,
989187b359SBill Yuan 	TOK_DSTIP,
999187b359SBill Yuan 	TOK_SRCIP,
1009187b359SBill Yuan 	TOK_DSTPORT,
1019187b359SBill Yuan 	TOK_SRCPORT,
1029187b359SBill Yuan 	TOK_ALL,
1039187b359SBill Yuan 	TOK_MASK,
1049187b359SBill Yuan 	TOK_BW,
1059187b359SBill Yuan 	TOK_DELAY,
1069187b359SBill Yuan 	TOK_RED,
1079187b359SBill Yuan 	TOK_GRED,
1089187b359SBill Yuan 	TOK_DROPTAIL,
1099187b359SBill Yuan 	TOK_PROTO,
1109187b359SBill Yuan 	TOK_WEIGHT,
1119187b359SBill Yuan };
1129187b359SBill Yuan 
1139187b359SBill Yuan struct char_int_map {
1149187b359SBill Yuan 	char *key;
1159187b359SBill Yuan 	int val;
1169187b359SBill Yuan };
1179187b359SBill Yuan 
1182490fdcaSBill Yuan typedef void (*parser_func)(ipfw_insn **,int *, char ***);
1192490fdcaSBill Yuan typedef void (*shower_func)(ipfw_insn *, int);
1202490fdcaSBill Yuan typedef void (*register_func)(int, int, parser_func, shower_func);
1212490fdcaSBill Yuan typedef void (*register_keyword)(int, int, char *, int);
1222490fdcaSBill Yuan typedef void (*init_module)(register_func, register_keyword);
1232490fdcaSBill Yuan 
1244408d548SBill Yuan #define MAX_KEYWORD_LEN	20
1254408d548SBill Yuan #define KEYWORD_SIZE	256
1264408d548SBill Yuan #define MAPPING_SIZE	256
1274408d548SBill Yuan 
1284408d548SBill Yuan struct ipfw3_keyword {
1294408d548SBill Yuan 	int type;
1304408d548SBill Yuan 	char word[MAX_KEYWORD_LEN];
1314408d548SBill Yuan 	int module;
1324408d548SBill Yuan 	int opcode;
1334408d548SBill Yuan };
1344408d548SBill Yuan #define LEN_FW3_KEYWORD sizeof(struct ipfw3_keyword)
1354408d548SBill Yuan 
1364408d548SBill Yuan struct ipfw3_mapping {
1374408d548SBill Yuan 	int type;
1384408d548SBill Yuan 	int module;
1394408d548SBill Yuan 	int opcode;
1404408d548SBill Yuan 	parser_func parser;
1414408d548SBill Yuan 	shower_func shower;
1424408d548SBill Yuan };
1434408d548SBill Yuan #define LEN_FW3_MAPPING sizeof(struct ipfw3_mapping)
1444408d548SBill Yuan 
1454408d548SBill Yuan ipfw_insn*	next_cmd(ipfw_insn *cmd);
1469187b359SBill Yuan void 	register_ipfw_keyword(int module, int opcode, char *word, int type);
1472490fdcaSBill Yuan void 	register_ipfw_func(int, int, parser_func, shower_func);
1489187b359SBill Yuan int	do_get_x(int optname, void *rule, int *optlen);
1499187b359SBill Yuan int	do_set_x(int optname, void *rule, int optlen);
1509187b359SBill Yuan 
1519187b359SBill Yuan int	match_token(struct char_int_map *table, char *string);
1524408d548SBill Yuan void	module_get(char *modules_str, int len);
1534408d548SBill Yuan void	module_list(int ac, char **av);
1544408d548SBill Yuan void	module_load(void);
1554408d548SBill Yuan void	register_ipfw_keyword(int module, int opcode, char *word, int type);
1564408d548SBill Yuan void	register_ipfw_func(int module, int opcode,
1574408d548SBill Yuan 			parser_func parser, shower_func shower);
1584408d548SBill Yuan void	prev_show_chk(ipfw_insn *cmd, uint8_t *prev_module,
1594408d548SBill Yuan 			uint8_t *prev_opcode, int *show_or);
1604408d548SBill Yuan int	show_filter(ipfw_insn *cmd, char *word, int type);
1614408d548SBill Yuan void	help(void);
1624408d548SBill Yuan void	rule_delete(int ac, char **av);
1634408d548SBill Yuan void	rule_list(int ac, char **av);
164*372a54acSYour Name void	rule_add(int ac, char **av, uint8_t insert);
1654408d548SBill Yuan void	rule_zero(int ac, char **av);
1664408d548SBill Yuan void	rule_flush(void);
1674408d548SBill Yuan void	rule_show(struct ipfw_ioc_rule *rule, int pcwidth, int bcwidth);
1684408d548SBill Yuan int	do_set_x(int optname, void *rule, int optlen);
1694408d548SBill Yuan int	do_get_x(int optname, void *rule, int *optlen);
1704408d548SBill Yuan int	ipfw3_main(int ac, char **av);
1714408d548SBill Yuan void	ipfw3_readfile(int ac, char **av);
1729187b359SBill Yuan #endif
173