1 /* 2 * Copyright (c) 2014 - 2016 The DragonFly Project. All rights reserved. 3 * 4 * This code is derived from software contributed to The DragonFly Project 5 * by Bill Yuan <bycn82@dragonflybsd.org> 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 11 * 1. Redistributions of source code must retain the above copyright 12 * notice, this list of conditions and the following disclaimer. 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in 15 * the documentation and/or other materials provided with the 16 * distribution. 17 * 3. Neither the name of The DragonFly Project nor the names of its 18 * contributors may be used to endorse or promote products derived 19 * from this software without specific, prior written permission. 20 * 21 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 22 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 23 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 24 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE 25 * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, 26 * INCIDENTAL, SPECIAL, EXEMPLARY OR CONSEQUENTIAL DAMAGES (INCLUDING, 27 * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 28 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED 29 * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 30 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT 31 * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 32 * SUCH DAMAGE. 33 */ 34 #ifndef _IP_FW3_BASIC_H 35 #define _IP_FW3_BASIC_H 36 37 #define MODULE_BASIC_ID 0 38 #define MODULE_BASIC_NAME "basic" 39 40 #ifdef _KERNEL 41 42 MALLOC_DEFINE(M_IPFW3_BASIC, "IPFW3_BASIC", "ipfw3_basic module"); 43 void ipfw_sync_install_state(struct cmd_send_state *cmd); 44 45 /* prototype of the checker functions */ 46 void check_count(int *cmd_ctl, int *cmd_val, struct ip_fw_args **args, 47 struct ip_fw **f, ipfw_insn *cmd, uint16_t ip_len); 48 void check_skipto(int *cmd_ctl, int *cmd_val, struct ip_fw_args **args, 49 struct ip_fw **f, ipfw_insn *cmd, uint16_t ip_len); 50 void check_forward(int *cmd_ctl, int *cmd_val, struct ip_fw_args **args, 51 struct ip_fw **f, ipfw_insn *cmd, uint16_t ip_len); 52 void check_check_state(int *cmd_ctl, int *cmd_val, struct ip_fw_args **args, 53 struct ip_fw **f, ipfw_insn *cmd, uint16_t ip_len); 54 void check_in(int *cmd_ctl, int *cmd_val, struct ip_fw_args **args, 55 struct ip_fw **f, ipfw_insn *cmd, uint16_t ip_len); 56 void check_out(int *cmd_ctl, int *cmd_val, struct ip_fw_args **args, 57 struct ip_fw **f, ipfw_insn *cmd, uint16_t ip_len); 58 void check_via(int *cmd_ctl, int *cmd_val, struct ip_fw_args **args, 59 struct ip_fw **f, ipfw_insn *cmd, uint16_t ip_len); 60 void check_proto(int *cmd_ctl, int *cmd_val, struct ip_fw_args **args, 61 struct ip_fw **f, ipfw_insn *cmd, uint16_t ip_len); 62 void check_prob(int *cmd_ctl, int *cmd_val, struct ip_fw_args **args, 63 struct ip_fw **f, ipfw_insn *cmd, uint16_t ip_len); 64 void check_from(int *cmd_ctl, int *cmd_val, struct ip_fw_args **args, 65 struct ip_fw **f, ipfw_insn *cmd, uint16_t ip_len); 66 void check_from_lookup(int *cmd_ctl, int *cmd_val, struct ip_fw_args **args, 67 struct ip_fw **f, ipfw_insn *cmd, uint16_t ip_len); 68 void check_from_me(int *cmd_ctl, int *cmd_val, struct ip_fw_args **args, 69 struct ip_fw **f, ipfw_insn *cmd, uint16_t ip_len); 70 void check_from_mask(int *cmd_ctl, int *cmd_val, struct ip_fw_args **args, 71 struct ip_fw **f, ipfw_insn *cmd, uint16_t ip_len); 72 void check_to(int *cmd_ctl, int *cmd_val, struct ip_fw_args **args, 73 struct ip_fw **f, ipfw_insn *cmd, uint16_t ip_len); 74 void check_to_lookup(int *cmd_ctl, int *cmd_val, struct ip_fw_args **args, 75 struct ip_fw **f, ipfw_insn *cmd, uint16_t ip_len); 76 void check_to_me(int *cmd_ctl, int *cmd_val, struct ip_fw_args **args, 77 struct ip_fw **f, ipfw_insn *cmd, uint16_t ip_len); 78 void check_to_mask(int *cmd_ctl, int *cmd_val, struct ip_fw_args **args, 79 struct ip_fw **f, ipfw_insn *cmd, uint16_t ip_len); 80 void check_keep_state(int *cmd_ctl, int *cmd_val, struct ip_fw_args **args, 81 struct ip_fw **f, ipfw_insn *cmd, uint16_t ip_len); 82 void check_tag(int *cmd_ctl, int *cmd_val, struct ip_fw_args **args, 83 struct ip_fw **f, ipfw_insn *cmd, uint16_t ip_len); 84 void check_untag(int *cmd_ctl, int *cmd_val, struct ip_fw_args **args, 85 struct ip_fw **f, ipfw_insn *cmd, uint16_t ip_len); 86 void check_tagged(int *cmd_ctl, int *cmd_val, struct ip_fw_args **args, 87 struct ip_fw **f, ipfw_insn *cmd, uint16_t ip_len); 88 void check_src_port(int *cmd_ctl, int *cmd_val, struct ip_fw_args **args, 89 struct ip_fw **f, ipfw_insn *cmd, uint16_t ip_len); 90 void check_dst_port(int *cmd_ctl, int *cmd_val, struct ip_fw_args **args, 91 struct ip_fw **f, ipfw_insn *cmd, uint16_t ip_len); 92 void check_src_n_port(int *cmd_ctl, int *cmd_val, struct ip_fw_args **args, 93 struct ip_fw **f, ipfw_insn *cmd, uint16_t ip_len); 94 void check_dst_n_port(int *cmd_ctl, int *cmd_val, struct ip_fw_args **args, 95 struct ip_fw **f, ipfw_insn *cmd, uint16_t ip_len); 96 97 /* prototype of the utility functions */ 98 int match_state(ipfw_insn *cmd, struct ipfw_flow_id *fid, 99 struct ip_fw_state *state); 100 int count_match_state(ipfw_insn *cmd, struct ipfw_flow_id *fid, 101 struct ip_fw_state *state, int *count); 102 103 #endif 104 105 enum ipfw_basic_opcodes { 106 O_BASIC_ACCEPT, /* accept */ 107 O_BASIC_DENY, /* deny */ 108 O_BASIC_COUNT, /* count */ 109 O_BASIC_SKIPTO, /* skipto action->arg1 */ 110 O_BASIC_FORWARD, /* arg3 count of dest, arg1 type of fwd */ 111 112 O_BASIC_IN, /* in */ 113 O_BASIC_OUT, /* out */ 114 O_BASIC_VIA, /* via */ 115 O_BASIC_XMIT, /* xmit */ 116 O_BASIC_RECV, /* recv */ 117 118 O_BASIC_PROTO, /* arg1=protocol */ 119 O_BASIC_IP_SRC, 120 O_BASIC_IP_SRC_N_PORT, /* src ip: src port */ 121 O_BASIC_IP_SRC_MASK, /* ip = IP/mask*/ 122 O_BASIC_IP_SRC_ME, /* me */ 123 O_BASIC_IP_SRC_LOOKUP, /* from lookup table */ 124 125 O_BASIC_IP_DST, 126 O_BASIC_IP_DST_N_PORT, /* dst ip: dst port */ 127 O_BASIC_IP_DST_MASK, /* ip = IP/mask */ 128 O_BASIC_IP_DST_ME, /* me */ 129 O_BASIC_IP_DST_LOOKUP, /* to lookup table */ 130 131 O_BASIC_IP_SRCPORT, /* src-port */ 132 O_BASIC_IP_DSTPORT, /* dst-port */ 133 O_BASIC_PROB, /* probability 0~1*/ 134 O_BASIC_KEEP_STATE, /* */ 135 O_BASIC_CHECK_STATE, /* */ 136 O_BASIC_TAG, /* action, add tag info into mbuf */ 137 O_BASIC_UNTAG, /* action, remote tag from mbuf */ 138 O_BASIC_TAGGED, /* filter, check the tag info */ 139 140 O_BASIC_COMMENT, /* comment,behind action, no check */ 141 }; 142 143 144 #define IS_EXPIRED(state) (state->lifetime > 0 && \ 145 (state->timestamp + state->lifetime) < time_second) || \ 146 ((state->expiry != 0) && (state->expiry < time_second)) 147 148 #define IPFW_BASIC_LOADED (ip_fw_basic_loaded) 149 150 #endif 151