1*7829bedfShenning /* $OpenBSD: pfctl_parser.h,v 1.49 2003/02/18 21:59:34 henning Exp $ */ 214a9b182Skjell 314a9b182Skjell /* 4fd3c3a0cSderaadt * Copyright (c) 2001 Daniel Hartmeier 514a9b182Skjell * All rights reserved. 614a9b182Skjell * 714a9b182Skjell * Redistribution and use in source and binary forms, with or without 814a9b182Skjell * modification, are permitted provided that the following conditions 914a9b182Skjell * are met: 1014a9b182Skjell * 1114a9b182Skjell * - Redistributions of source code must retain the above copyright 1214a9b182Skjell * notice, this list of conditions and the following disclaimer. 1314a9b182Skjell * - Redistributions in binary form must reproduce the above 1414a9b182Skjell * copyright notice, this list of conditions and the following 1514a9b182Skjell * disclaimer in the documentation and/or other materials provided 1614a9b182Skjell * with the distribution. 1714a9b182Skjell * 1814a9b182Skjell * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 1914a9b182Skjell * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 2014a9b182Skjell * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 2114a9b182Skjell * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE 225974bd37Sdhartmei * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, 2314a9b182Skjell * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, 2414a9b182Skjell * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 2514a9b182Skjell * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER 2614a9b182Skjell * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 2714a9b182Skjell * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN 2814a9b182Skjell * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 2914a9b182Skjell * POSSIBILITY OF SUCH DAMAGE. 3014a9b182Skjell * 3114a9b182Skjell */ 3214a9b182Skjell 33a6d3c168Sdhartmei #ifndef _PFCTL_PARSER_H_ 34a6d3c168Sdhartmei #define _PFCTL_PARSER_H_ 3514a9b182Skjell 36533ca421Smarkus #define PF_OPT_DISABLE 0x0001 37533ca421Smarkus #define PF_OPT_ENABLE 0x0002 38533ca421Smarkus #define PF_OPT_VERBOSE 0x0004 39533ca421Smarkus #define PF_OPT_NOACTION 0x0008 40533ca421Smarkus #define PF_OPT_QUIET 0x0010 41455ef0c1Sdhartmei #define PF_OPT_CLRRULECTRS 0x0020 420eed2997Sdhartmei #define PF_OPT_USEDNS 0x0040 430406e8a5Sderaadt #define PF_OPT_VERBOSE2 0x0080 4402cc3c1dScedric #define PF_OPT_DUMMYACTION 0x0100 45533ca421Smarkus 46bc795af0Shugh #define PF_TH_ALL 0xFF 47bc795af0Shugh 48e4b04189Sdhartmei #define PF_NAT_PROXY_PORT_LOW 50001 49e4b04189Sdhartmei #define PF_NAT_PROXY_PORT_HIGH 65535 50e4b04189Sdhartmei 51c474e331Shenning #define FCNT_NAMES { \ 52c474e331Shenning "searches", \ 53c474e331Shenning "inserts", \ 54c474e331Shenning "removals", \ 55c474e331Shenning NULL \ 56c474e331Shenning } 57c474e331Shenning 58ff352a37Smarkus struct pfctl { 59ff352a37Smarkus int dev; 60ff352a37Smarkus int opts; 61370f5541Shenning int loadopt; 62e8793aa9Smcbride u_int32_t rule_nr; 633a44df3cSmcbride struct pfioc_pooladdr paddr; 64b0711a00Smcbride struct pfioc_rule *prule[PF_RULESET_MAX]; 6578e1d2a6Shenning struct pfioc_altq *paltq; 6678e1d2a6Shenning struct pfioc_queue *pqueue; 67ff352a37Smarkus }; 68ff352a37Smarkus 6994e9410bShenning enum pfctl_iflookup_mode { 7094e9410bShenning PFCTL_IFLOOKUP_HOST, 7194e9410bShenning PFCTL_IFLOOKUP_NET, 7294e9410bShenning PFCTL_IFLOOKUP_BCAST 7394e9410bShenning }; 7494e9410bShenning 7594e9410bShenning struct node_if { 7694e9410bShenning char ifname[IFNAMSIZ]; 7794e9410bShenning u_int8_t not; 7894e9410bShenning u_int ifa_flags; 7994e9410bShenning struct node_if *next; 8094e9410bShenning struct node_if *tail; 8194e9410bShenning }; 8294e9410bShenning 8394e9410bShenning struct node_host { 8494e9410bShenning struct pf_addr_wrap addr; 8594e9410bShenning struct pf_addr bcast; 8694e9410bShenning sa_family_t af; 8794e9410bShenning u_int8_t not; 8894e9410bShenning u_int32_t ifindex; /* link-local IPv6 addrs */ 8994e9410bShenning char *ifname; 9094e9410bShenning u_int ifa_flags; 9194e9410bShenning struct node_host *next; 9294e9410bShenning struct node_host *tail; 9394e9410bShenning }; 9494e9410bShenning 95ff352a37Smarkus int pfctl_add_rule(struct pfctl *, struct pf_rule *); 9678e1d2a6Shenning int pfctl_add_altq(struct pfctl *, struct pf_altq *); 97f535f952Sdhartmei int pfctl_add_pool(struct pfctl *, struct pf_pool *, sa_family_t); 98f535f952Sdhartmei void pfctl_clear_pool(struct pf_pool *); 99ff352a37Smarkus 100*7829bedfShenning int pfctl_set_timeout(struct pfctl *, const char *, int, int); 10141d03d6aShenning int pfctl_set_optimization(struct pfctl *, const char *); 10241d03d6aShenning int pfctl_set_limit(struct pfctl *, const char *, unsigned int); 10341d03d6aShenning int pfctl_set_logif(struct pfctl *, char *); 10441d03d6aShenning 105f3e945c9Shenning int parse_rules(FILE *, struct pfctl *); 106ff352a37Smarkus int parse_flags(char *); 107ff352a37Smarkus 108e8793aa9Smcbride void print_filter(struct pf_rule *, int); 109e0c302d0Smcbride void print_pool(struct pf_pool *, u_int16_t, u_int16_t, sa_family_t, int); 110e8793aa9Smcbride void print_rule(struct pf_rule *, int); 11160927d26Sdhartmei void print_nat(struct pf_rule *, int); 11260927d26Sdhartmei void print_binat(struct pf_rule *, int); 11360927d26Sdhartmei void print_rdr(struct pf_rule *, int); 11481a15e5dSderaadt void print_status(struct pf_status *); 11514a9b182Skjell 116eb824e11Sderaadt int eval_pfaltq(struct pfctl *, struct pf_altq *, u_int32_t, u_int16_t); 117eb824e11Sderaadt int eval_pfqueue(struct pfctl *, struct pf_altq *, u_int32_t, u_int16_t); 118eb824e11Sderaadt 119c06aa877Scedric void pfctl_begin_table(void); 120c06aa877Scedric void pfctl_append_addr(char *, int, int); 1217d7bd290Scedric void pfctl_append_file(char *); 1223f8554f9Scedric void pfctl_define_table(char *, int, int, int); 123c06aa877Scedric void pfctl_commit_table(void); 124c06aa877Scedric 125ff352a37Smarkus struct icmptypeent { 126ff352a37Smarkus char *name; 127ff352a37Smarkus u_int8_t type; 128ff352a37Smarkus }; 129ff352a37Smarkus 130ff352a37Smarkus struct icmpcodeent { 131ff352a37Smarkus char *name; 132ff352a37Smarkus u_int8_t type; 133ff352a37Smarkus u_int8_t code; 134ff352a37Smarkus }; 135ff352a37Smarkus 1367d27d81aSdhartmei const struct icmptypeent *geticmptypebynumber(u_int8_t, u_int8_t); 1377d27d81aSdhartmei const struct icmptypeent *geticmptypebyname(char *, u_int8_t); 1387d27d81aSdhartmei const struct icmpcodeent *geticmpcodebynumber(u_int8_t, u_int8_t, u_int8_t); 1397d27d81aSdhartmei const struct icmpcodeent *geticmpcodebyname(u_long, char *, u_int8_t); 140ff352a37Smarkus 141cc5f0329Sdhartmei struct pf_timeout { 142cc5f0329Sdhartmei const char *name; 143cc5f0329Sdhartmei int timeout; 144cc5f0329Sdhartmei }; 145cc5f0329Sdhartmei 146afc6663eSkjell #define PFCTL_FLAG_ALL 0x01 147afc6663eSkjell #define PFCTL_FLAG_FILTER 0x02 148afc6663eSkjell #define PFCTL_FLAG_NAT 0x04 14941d03d6aShenning #define PFCTL_FLAG_OPTION 0x08 15078e1d2a6Shenning #define PFCTL_FLAG_ALTQ 0x10 151c06aa877Scedric #define PFCTL_FLAG_TABLE 0x20 152afc6663eSkjell 153cc5f0329Sdhartmei extern const struct pf_timeout pf_timeouts[]; 154cc5f0329Sdhartmei 15594e9410bShenning void set_ipmask(struct node_host *, u_int8_t); 15694e9410bShenning void ifa_load(void); 1576cba701cShenning struct node_host *ifa_exists(const char *); 1586cba701cShenning struct node_host *ifa_lookup(const char *, enum pfctl_iflookup_mode); 1596cba701cShenning struct node_host *host(const char *, int); 16094e9410bShenning 161a6d3c168Sdhartmei #endif /* _PFCTL_PARSER_H_ */ 162