19187b359SBill Yuan /* 24408d548SBill Yuan * Copyright (c) 2014 - 2018 The DragonFly Project. All rights reserved. 39187b359SBill Yuan * 49187b359SBill Yuan * This code is derived from software contributed to The DragonFly Project 59187b359SBill Yuan * by Bill Yuan <bycn82@dragonflybsd.org> 69187b359SBill Yuan * 79187b359SBill Yuan * Redistribution and use in source and binary forms, with or without 89187b359SBill Yuan * modification, are permitted provided that the following conditions 99187b359SBill Yuan * are met: 109187b359SBill Yuan * 119187b359SBill Yuan * 1. Redistributions of source code must retain the above copyright 129187b359SBill Yuan * notice, this list of conditions and the following disclaimer. 139187b359SBill Yuan * 2. Redistributions in binary form must reproduce the above copyright 149187b359SBill Yuan * notice, this list of conditions and the following disclaimer in 159187b359SBill Yuan * the documentation and/or other materials provided with the 169187b359SBill Yuan * distribution. 179187b359SBill Yuan * 3. Neither the name of The DragonFly Project nor the names of its 189187b359SBill Yuan * contributors may be used to endorse or promote products derived 199187b359SBill Yuan * from this software without specific, prior written permission. 209187b359SBill Yuan * 219187b359SBill Yuan * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 229187b359SBill Yuan * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 239187b359SBill Yuan * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 249187b359SBill Yuan * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE 259187b359SBill Yuan * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, 269187b359SBill Yuan * INCIDENTAL, SPECIAL, EXEMPLARY OR CONSEQUENTIAL DAMAGES (INCLUDING, 279187b359SBill Yuan * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 289187b359SBill Yuan * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED 299187b359SBill Yuan * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 309187b359SBill Yuan * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT 319187b359SBill Yuan * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 329187b359SBill Yuan * SUCH DAMAGE. 339187b359SBill Yuan */ 349187b359SBill Yuan 359187b359SBill Yuan 369187b359SBill Yuan #ifndef _IPFW3_H_ 379187b359SBill Yuan #define _IPFW3_H_ 389187b359SBill Yuan 399187b359SBill Yuan /* 409187b359SBill Yuan * This macro returns the size of a struct sockaddr when passed 419187b359SBill Yuan * through a routing socket. Basically we round up sa_len to 429187b359SBill Yuan * a multiple of sizeof(long), with a minimum of sizeof(long). 439187b359SBill Yuan * The check for a NULL pointer is just a convenience, probably never used. 449187b359SBill Yuan * The case sa_len == 0 should only apply to empty structures. 459187b359SBill Yuan */ 469187b359SBill Yuan #define SA_SIZE(sa) \ 479187b359SBill Yuan ( (!(sa) || ((struct sockaddr *)(sa))->sa_len == 0) ? \ 489187b359SBill Yuan sizeof(long) : \ 499187b359SBill Yuan 1 + ( (((struct sockaddr *)(sa))->sa_len - 1) | (sizeof(long) - 1) ) ) 509187b359SBill Yuan 519187b359SBill Yuan /* 529187b359SBill Yuan * Definition of a port range, and macros to deal with values. 539187b359SBill Yuan * FORMAT: HI 16-bits == first port in range, 0 == all ports. 549187b359SBill Yuan * LO 16-bits == number of ports in range 559187b359SBill Yuan * NOTES: - Port values are not stored in network byte order. 569187b359SBill Yuan */ 579187b359SBill Yuan 589187b359SBill Yuan 599187b359SBill Yuan #define GETLOPORT(x) ((x) >> 0x10) 609187b359SBill Yuan #define GETNUMPORTS(x) ((x) & 0x0000ffff) 619187b359SBill Yuan #define GETHIPORT(x) (GETLOPORT((x)) + GETNUMPORTS((x))) 629187b359SBill Yuan 639187b359SBill Yuan /* Set y to be the low-port value in port_range variable x. */ 649187b359SBill Yuan #define SETLOPORT(x, y) ((x) = ((x) & 0x0000ffff) | ((y) << 0x10)) 659187b359SBill Yuan 669187b359SBill Yuan /* Set y to be the number of ports in port_range variable x. */ 679187b359SBill Yuan #define SETNUMPORTS(x, y) ((x) = ((x) & 0xffff0000) | (y)) 689187b359SBill Yuan 699187b359SBill Yuan #define INC_ARGCV() do { \ 709187b359SBill Yuan (*_av)++; \ 719187b359SBill Yuan (*_ac)--; \ 729187b359SBill Yuan av = *_av; \ 739187b359SBill Yuan ac = *_ac; \ 749187b359SBill Yuan } while (0) 759187b359SBill Yuan 769187b359SBill Yuan 779187b359SBill Yuan enum tokens { 789187b359SBill Yuan TOK_NULL=0, 799187b359SBill Yuan 809187b359SBill Yuan TOK_IP, 819187b359SBill Yuan TOK_IF, 829187b359SBill Yuan TOK_ALOG, 839187b359SBill Yuan TOK_DENY_INC, 849187b359SBill Yuan TOK_SAME_PORTS, 859187b359SBill Yuan TOK_UNREG_ONLY, 869187b359SBill Yuan TOK_RESET_ADDR, 879187b359SBill Yuan TOK_ALIAS_REV, 889187b359SBill Yuan TOK_PROXY_ONLY, 899187b359SBill Yuan TOK_REDIR_ADDR, 909187b359SBill Yuan TOK_REDIR_PORT, 919187b359SBill Yuan TOK_REDIR_PROTO, 929187b359SBill Yuan 939187b359SBill Yuan TOK_PIPE, 949187b359SBill Yuan TOK_QUEUE, 959187b359SBill Yuan TOK_PLR, 969187b359SBill Yuan TOK_NOERROR, 979187b359SBill Yuan TOK_BUCKETS, 989187b359SBill Yuan TOK_DSTIP, 999187b359SBill Yuan TOK_SRCIP, 1009187b359SBill Yuan TOK_DSTPORT, 1019187b359SBill Yuan TOK_SRCPORT, 1029187b359SBill Yuan TOK_ALL, 1039187b359SBill Yuan TOK_MASK, 1049187b359SBill Yuan TOK_BW, 1059187b359SBill Yuan TOK_DELAY, 1069187b359SBill Yuan TOK_RED, 1079187b359SBill Yuan TOK_GRED, 1089187b359SBill Yuan TOK_DROPTAIL, 1099187b359SBill Yuan TOK_PROTO, 1109187b359SBill Yuan TOK_WEIGHT, 1119187b359SBill Yuan }; 1129187b359SBill Yuan 1139187b359SBill Yuan struct char_int_map { 1149187b359SBill Yuan char *key; 1159187b359SBill Yuan int val; 1169187b359SBill Yuan }; 1179187b359SBill Yuan 1182490fdcaSBill Yuan typedef void (*parser_func)(ipfw_insn **,int *, char ***); 1192490fdcaSBill Yuan typedef void (*shower_func)(ipfw_insn *, int); 1202490fdcaSBill Yuan typedef void (*register_func)(int, int, parser_func, shower_func); 1212490fdcaSBill Yuan typedef void (*register_keyword)(int, int, char *, int); 1222490fdcaSBill Yuan typedef void (*init_module)(register_func, register_keyword); 1232490fdcaSBill Yuan 1244408d548SBill Yuan #define MAX_KEYWORD_LEN 20 1254408d548SBill Yuan #define KEYWORD_SIZE 256 1264408d548SBill Yuan #define MAPPING_SIZE 256 1274408d548SBill Yuan 1284408d548SBill Yuan struct ipfw3_keyword { 1294408d548SBill Yuan int type; 1304408d548SBill Yuan char word[MAX_KEYWORD_LEN]; 1314408d548SBill Yuan int module; 1324408d548SBill Yuan int opcode; 1334408d548SBill Yuan }; 1344408d548SBill Yuan #define LEN_FW3_KEYWORD sizeof(struct ipfw3_keyword) 1354408d548SBill Yuan 1364408d548SBill Yuan struct ipfw3_mapping { 1374408d548SBill Yuan int type; 1384408d548SBill Yuan int module; 1394408d548SBill Yuan int opcode; 1404408d548SBill Yuan parser_func parser; 1414408d548SBill Yuan shower_func shower; 1424408d548SBill Yuan }; 1434408d548SBill Yuan #define LEN_FW3_MAPPING sizeof(struct ipfw3_mapping) 1444408d548SBill Yuan 1454408d548SBill Yuan ipfw_insn* next_cmd(ipfw_insn *cmd); 1469187b359SBill Yuan void register_ipfw_keyword(int module, int opcode, char *word, int type); 1472490fdcaSBill Yuan void register_ipfw_func(int, int, parser_func, shower_func); 1489187b359SBill Yuan int do_get_x(int optname, void *rule, int *optlen); 1499187b359SBill Yuan int do_set_x(int optname, void *rule, int optlen); 1509187b359SBill Yuan 1519187b359SBill Yuan int match_token(struct char_int_map *table, char *string); 1524408d548SBill Yuan void module_get(char *modules_str, int len); 1534408d548SBill Yuan void module_list(int ac, char **av); 1544408d548SBill Yuan void module_load(void); 1554408d548SBill Yuan void register_ipfw_keyword(int module, int opcode, char *word, int type); 1564408d548SBill Yuan void register_ipfw_func(int module, int opcode, 1574408d548SBill Yuan parser_func parser, shower_func shower); 1584408d548SBill Yuan void prev_show_chk(ipfw_insn *cmd, uint8_t *prev_module, 1594408d548SBill Yuan uint8_t *prev_opcode, int *show_or); 1604408d548SBill Yuan int show_filter(ipfw_insn *cmd, char *word, int type); 1614408d548SBill Yuan void help(void); 1624408d548SBill Yuan void rule_delete(int ac, char **av); 1634408d548SBill Yuan void rule_list(int ac, char **av); 164*372a54acSYour Name void rule_add(int ac, char **av, uint8_t insert); 1654408d548SBill Yuan void rule_zero(int ac, char **av); 1664408d548SBill Yuan void rule_flush(void); 1674408d548SBill Yuan void rule_show(struct ipfw_ioc_rule *rule, int pcwidth, int bcwidth); 1684408d548SBill Yuan int do_set_x(int optname, void *rule, int optlen); 1694408d548SBill Yuan int do_get_x(int optname, void *rule, int *optlen); 1704408d548SBill Yuan int ipfw3_main(int ac, char **av); 1714408d548SBill Yuan void ipfw3_readfile(int ac, char **av); 1729187b359SBill Yuan #endif 173