xref: /openbsd/sbin/pfctl/pfctl_parser.h (revision 41d03d6a) 
1*41d03d6aShenning /*	$OpenBSD: pfctl_parser.h,v 1.25 2002/06/25 08:13:26 henning Exp $ */
214a9b182Skjell 
314a9b182Skjell /*
4fd3c3a0cSderaadt  * Copyright (c) 2001 Daniel Hartmeier
514a9b182Skjell  * All rights reserved.
614a9b182Skjell  *
714a9b182Skjell  * Redistribution and use in source and binary forms, with or without
814a9b182Skjell  * modification, are permitted provided that the following conditions
914a9b182Skjell  * are met:
1014a9b182Skjell  *
1114a9b182Skjell  *    - Redistributions of source code must retain the above copyright
1214a9b182Skjell  *      notice, this list of conditions and the following disclaimer.
1314a9b182Skjell  *    - Redistributions in binary form must reproduce the above
1414a9b182Skjell  *      copyright notice, this list of conditions and the following
1514a9b182Skjell  *      disclaimer in the documentation and/or other materials provided
1614a9b182Skjell  *      with the distribution.
1714a9b182Skjell  *
1814a9b182Skjell  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
1914a9b182Skjell  * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
2014a9b182Skjell  * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
2114a9b182Skjell  * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
225974bd37Sdhartmei  * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
2314a9b182Skjell  * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
2414a9b182Skjell  * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
2514a9b182Skjell  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
2614a9b182Skjell  * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
2714a9b182Skjell  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
2814a9b182Skjell  * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
2914a9b182Skjell  * POSSIBILITY OF SUCH DAMAGE.
3014a9b182Skjell  *
3114a9b182Skjell  */
3214a9b182Skjell 
33a6d3c168Sdhartmei #ifndef _PFCTL_PARSER_H_
34a6d3c168Sdhartmei #define _PFCTL_PARSER_H_
3514a9b182Skjell 
36533ca421Smarkus #define PF_OPT_DISABLE		0x0001
37533ca421Smarkus #define PF_OPT_ENABLE		0x0002
38533ca421Smarkus #define PF_OPT_VERBOSE		0x0004
39533ca421Smarkus #define PF_OPT_NOACTION		0x0008
40533ca421Smarkus #define PF_OPT_QUIET		0x0010
41455ef0c1Sdhartmei #define PF_OPT_CLRRULECTRS	0x0020
420eed2997Sdhartmei #define PF_OPT_USEDNS		0x0040
43533ca421Smarkus 
44bc795af0Shugh #define PF_TH_ALL		0xFF
45bc795af0Shugh 
46e4b04189Sdhartmei #define PF_NAT_PROXY_PORT_LOW	50001
47e4b04189Sdhartmei #define PF_NAT_PROXY_PORT_HIGH	65535
48e4b04189Sdhartmei 
49c474e331Shenning #define FCNT_NAMES { \
50c474e331Shenning 	"searches", \
51c474e331Shenning 	"inserts", \
52c474e331Shenning 	"removals", \
53c474e331Shenning 	NULL \
54c474e331Shenning }
55c474e331Shenning 
56ff352a37Smarkus struct pfctl {
57ff352a37Smarkus 	int dev;
58ff352a37Smarkus 	int opts;
59928dece9Sdhartmei 	u_int16_t rule_nr;
60ff352a37Smarkus 	struct pfioc_rule *prule;
61ff352a37Smarkus 	struct pfioc_nat *pnat;
62a3e657d0Sjasoni 	struct pfioc_binat *pbinat;
63ff352a37Smarkus 	struct pfioc_rdr *prdr;
64ff352a37Smarkus };
65ff352a37Smarkus 
66ff352a37Smarkus int	 pfctl_add_rule(struct pfctl *, struct pf_rule *);
67ff352a37Smarkus int	 pfctl_add_nat(struct pfctl *, struct pf_nat *);
68a3e657d0Sjasoni int	 pfctl_add_binat(struct pfctl *, struct pf_binat *);
69ff352a37Smarkus int	 pfctl_add_rdr(struct pfctl *, struct pf_rdr *);
70ff352a37Smarkus 
71*41d03d6aShenning int	 pfctl_set_timeout(struct pfctl *, const char *, int);
72*41d03d6aShenning int	 pfctl_set_optimization(struct pfctl *, const char *);
73*41d03d6aShenning int	 pfctl_set_limit(struct pfctl *, const char *, unsigned int);
74*41d03d6aShenning int	 pfctl_set_logif(struct pfctl *, char *);
75*41d03d6aShenning 
76ff352a37Smarkus int	 parse_rules(FILE *, struct pfctl *);
77ff352a37Smarkus int	 parse_flags(char *);
78ff352a37Smarkus 
7981a15e5dSderaadt void	 print_rule(struct pf_rule *);
8081a15e5dSderaadt void	 print_nat(struct pf_nat *);
81a3e657d0Sjasoni void	 print_binat(struct pf_binat *);
8281a15e5dSderaadt void	 print_rdr(struct pf_rdr *);
8381a15e5dSderaadt void	 print_status(struct pf_status *);
8414a9b182Skjell 
8592d58610Shenning int	 unmask(struct pf_addr *, u_int8_t);
8692d58610Shenning 
87ff352a37Smarkus struct icmptypeent {
88ff352a37Smarkus 	char *name;
89ff352a37Smarkus 	u_int8_t type;
90ff352a37Smarkus };
91ff352a37Smarkus 
92ff352a37Smarkus struct icmpcodeent {
93ff352a37Smarkus 	char *name;
94ff352a37Smarkus 	u_int8_t type;
95ff352a37Smarkus 	u_int8_t code;
96ff352a37Smarkus };
97ff352a37Smarkus 
987d27d81aSdhartmei const struct icmptypeent *geticmptypebynumber(u_int8_t, u_int8_t);
997d27d81aSdhartmei const struct icmptypeent *geticmptypebyname(char *, u_int8_t);
1007d27d81aSdhartmei const struct icmpcodeent *geticmpcodebynumber(u_int8_t, u_int8_t, u_int8_t);
1017d27d81aSdhartmei const struct icmpcodeent *geticmpcodebyname(u_long, char *, u_int8_t);
102ff352a37Smarkus 
103cc5f0329Sdhartmei struct pf_timeout {
104cc5f0329Sdhartmei 	const char	*name;
105cc5f0329Sdhartmei 	int		 timeout;
106cc5f0329Sdhartmei };
107cc5f0329Sdhartmei 
108afc6663eSkjell #define PFCTL_FLAG_ALL		0x01
109afc6663eSkjell #define PFCTL_FLAG_FILTER	0x02
110afc6663eSkjell #define PFCTL_FLAG_NAT		0x04
111*41d03d6aShenning #define PFCTL_FLAG_OPTION	0x08
112afc6663eSkjell 
113cc5f0329Sdhartmei extern const struct pf_timeout pf_timeouts[];
114cc5f0329Sdhartmei 
115a6d3c168Sdhartmei #endif /* _PFCTL_PARSER_H_ */
116