xref: /openbsd/sbin/pfctl/pfctl_parser.h (revision 79cc0068) 
1*79cc0068Scedric /*	$OpenBSD: pfctl_parser.h,v 1.68 2003/09/26 21:44:09 cedric Exp $ */
214a9b182Skjell 
314a9b182Skjell /*
4fd3c3a0cSderaadt  * Copyright (c) 2001 Daniel Hartmeier
514a9b182Skjell  * All rights reserved.
614a9b182Skjell  *
714a9b182Skjell  * Redistribution and use in source and binary forms, with or without
814a9b182Skjell  * modification, are permitted provided that the following conditions
914a9b182Skjell  * are met:
1014a9b182Skjell  *
1114a9b182Skjell  *    - Redistributions of source code must retain the above copyright
1214a9b182Skjell  *      notice, this list of conditions and the following disclaimer.
1314a9b182Skjell  *    - Redistributions in binary form must reproduce the above
1414a9b182Skjell  *      copyright notice, this list of conditions and the following
1514a9b182Skjell  *      disclaimer in the documentation and/or other materials provided
1614a9b182Skjell  *      with the distribution.
1714a9b182Skjell  *
1814a9b182Skjell  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
1914a9b182Skjell  * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
2014a9b182Skjell  * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
2114a9b182Skjell  * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
225974bd37Sdhartmei  * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
2314a9b182Skjell  * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
2414a9b182Skjell  * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
2514a9b182Skjell  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
2614a9b182Skjell  * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
2714a9b182Skjell  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
2814a9b182Skjell  * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
2914a9b182Skjell  * POSSIBILITY OF SUCH DAMAGE.
3014a9b182Skjell  *
3114a9b182Skjell  */
3214a9b182Skjell 
33a6d3c168Sdhartmei #ifndef _PFCTL_PARSER_H_
34a6d3c168Sdhartmei #define _PFCTL_PARSER_H_
3514a9b182Skjell 
3664b4b616Sfrantzen #define PF_OSFP_FILE		"/etc/pf.os"
3764b4b616Sfrantzen 
38533ca421Smarkus #define PF_OPT_DISABLE		0x0001
39533ca421Smarkus #define PF_OPT_ENABLE		0x0002
40533ca421Smarkus #define PF_OPT_VERBOSE		0x0004
41533ca421Smarkus #define PF_OPT_NOACTION		0x0008
42533ca421Smarkus #define PF_OPT_QUIET		0x0010
43455ef0c1Sdhartmei #define PF_OPT_CLRRULECTRS	0x0020
440eed2997Sdhartmei #define PF_OPT_USEDNS		0x0040
450406e8a5Sderaadt #define PF_OPT_VERBOSE2		0x0080
4602cc3c1dScedric #define PF_OPT_DUMMYACTION	0x0100
47c5bc9f9aShenning #define PF_OPT_DEBUG		0x0200
48533ca421Smarkus 
49bc795af0Shugh #define PF_TH_ALL		0xFF
50bc795af0Shugh 
51e4b04189Sdhartmei #define PF_NAT_PROXY_PORT_LOW	50001
52e4b04189Sdhartmei #define PF_NAT_PROXY_PORT_HIGH	65535
53e4b04189Sdhartmei 
54c474e331Shenning #define FCNT_NAMES { \
55c474e331Shenning 	"searches", \
56c474e331Shenning 	"inserts", \
57c474e331Shenning 	"removals", \
58c474e331Shenning 	NULL \
59c474e331Shenning }
60c474e331Shenning 
61ff352a37Smarkus struct pfctl {
62ff352a37Smarkus 	int dev;
63ff352a37Smarkus 	int opts;
64370f5541Shenning 	int loadopt;
65b2ba8e10Scedric 	u_int32_t tticket;		/* table ticket */
661cc45128Scedric 	int tdirty;			/* kernel dirty */
67e8793aa9Smcbride 	u_int32_t rule_nr;
683a44df3cSmcbride 	struct pfioc_pooladdr paddr;
6978e1d2a6Shenning 	struct pfioc_altq *paltq;
7078e1d2a6Shenning 	struct pfioc_queue *pqueue;
71*79cc0068Scedric 	struct pfr_buffer *trans;
723e963a2eScedric 	const char *anchor;
733e963a2eScedric 	const char *ruleset;
74ff352a37Smarkus };
75ff352a37Smarkus 
7694e9410bShenning enum pfctl_iflookup_mode {
7794e9410bShenning 	PFCTL_IFLOOKUP_HOST,
7894e9410bShenning 	PFCTL_IFLOOKUP_NET,
7994e9410bShenning 	PFCTL_IFLOOKUP_BCAST
8094e9410bShenning };
8194e9410bShenning 
8294e9410bShenning struct node_if {
8394e9410bShenning 	char			 ifname[IFNAMSIZ];
8494e9410bShenning 	u_int8_t		 not;
8594e9410bShenning 	u_int			 ifa_flags;
8694e9410bShenning 	struct node_if		*next;
8794e9410bShenning 	struct node_if		*tail;
8894e9410bShenning };
8994e9410bShenning 
9094e9410bShenning struct node_host {
9194e9410bShenning 	struct pf_addr_wrap	 addr;
9294e9410bShenning 	struct pf_addr		 bcast;
9394e9410bShenning 	sa_family_t		 af;
9494e9410bShenning 	u_int8_t		 not;
9594e9410bShenning 	u_int32_t		 ifindex;	/* link-local IPv6 addrs */
9694e9410bShenning 	char			*ifname;
9794e9410bShenning 	u_int			 ifa_flags;
9894e9410bShenning 	struct node_host	*next;
9994e9410bShenning 	struct node_host	*tail;
10094e9410bShenning };
10194e9410bShenning 
10264b4b616Sfrantzen struct node_os {
10364b4b616Sfrantzen 	char			*os;
10464b4b616Sfrantzen 	pf_osfp_t		 fingerprint;
10564b4b616Sfrantzen 	struct node_os		*next;
10664b4b616Sfrantzen 	struct node_os		*tail;
10764b4b616Sfrantzen };
10864b4b616Sfrantzen 
10926025fd6Shenning struct node_queue_bw {
11026025fd6Shenning 	u_int32_t	bw_absolute;
11126025fd6Shenning 	u_int16_t	bw_percent;
11226025fd6Shenning };
11326025fd6Shenning 
11426025fd6Shenning struct node_hfsc_sc {
11526025fd6Shenning 	struct node_queue_bw	m1;	/* slope of 1st segment; bps */
11626025fd6Shenning 	u_int			d;	/* x-projection of m1; msec */
11726025fd6Shenning 	struct node_queue_bw	m2;	/* slope of 2nd segment; bps */
11826025fd6Shenning 	u_int8_t		used;
11926025fd6Shenning };
12026025fd6Shenning 
12126025fd6Shenning struct node_hfsc_opts {
12226025fd6Shenning 	struct node_hfsc_sc	realtime;
12326025fd6Shenning 	struct node_hfsc_sc	linkshare;
12426025fd6Shenning 	struct node_hfsc_sc	upperlimit;
12526025fd6Shenning 	int			flags;
12626025fd6Shenning };
12726025fd6Shenning 
128643bebe0Shenning struct node_queue_opt {
129643bebe0Shenning 	int			 qtype;
130643bebe0Shenning 	union {
131643bebe0Shenning 		struct cbq_opts		cbq_opts;
132643bebe0Shenning 		struct priq_opts	priq_opts;
13326025fd6Shenning 		struct node_hfsc_opts	hfsc_opts;
134643bebe0Shenning 	}			 data;
135643bebe0Shenning };
136643bebe0Shenning 
1375b6c447dScedric SIMPLEQ_HEAD(node_tinithead, node_tinit);
1385b6c447dScedric struct node_tinit {	/* table initializer */
1395b6c447dScedric 	SIMPLEQ_ENTRY(node_tinit)	 entries;
1405b6c447dScedric 	struct node_host		*host;
1415b6c447dScedric 	char				*file;
1425b6c447dScedric };
1435b6c447dScedric 
1445b6c447dScedric struct pfr_buffer;	/* forward definition */
1455b6c447dScedric 
146*79cc0068Scedric int	pfctl_rules(int, char *, int, char *, char *, struct pfr_buffer *);
1474ad19872Shenning 
148ff352a37Smarkus int	pfctl_add_rule(struct pfctl *, struct pf_rule *);
14978e1d2a6Shenning int	pfctl_add_altq(struct pfctl *, struct pf_altq *);
150f535f952Sdhartmei int	pfctl_add_pool(struct pfctl *, struct pf_pool *, sa_family_t);
151f535f952Sdhartmei void	pfctl_clear_pool(struct pf_pool *);
152ff352a37Smarkus 
1537829bedfShenning int	pfctl_set_timeout(struct pfctl *, const char *, int, int);
15441d03d6aShenning int	pfctl_set_optimization(struct pfctl *, const char *);
15541d03d6aShenning int	pfctl_set_limit(struct pfctl *, const char *, unsigned int);
15641d03d6aShenning int	pfctl_set_logif(struct pfctl *, char *);
15741d03d6aShenning 
158f3e945c9Shenning int	parse_rules(FILE *, struct pfctl *);
159ff352a37Smarkus int	parse_flags(char *);
160*79cc0068Scedric int	pfctl_load_anchors(int, int, struct pfr_buffer *);
161ff352a37Smarkus 
162e0c302d0Smcbride void	print_pool(struct pf_pool *, u_int16_t, u_int16_t, sa_family_t, int);
163e8793aa9Smcbride void	print_rule(struct pf_rule *, int);
1645b6c447dScedric void	print_tabledef(const char *, int, int, struct node_tinithead *);
16581a15e5dSderaadt void	print_status(struct pf_status *);
16614a9b182Skjell 
167ac91b495Shenning int	eval_pfaltq(struct pfctl *, struct pf_altq *, struct node_queue_bw *,
168ac91b495Shenning 	    struct node_queue_opt *);
169ac91b495Shenning int	eval_pfqueue(struct pfctl *, struct pf_altq *, struct node_queue_bw *,
170ac91b495Shenning 	    struct node_queue_opt *);
171eb824e11Sderaadt 
17290f7fec6Shenning void	 print_altq(const struct pf_altq *, unsigned, struct node_queue_bw *,
17390f7fec6Shenning 	     struct node_queue_opt *);
174c1a24a13Shenning void	 print_queue(const struct pf_altq *, unsigned, struct node_queue_bw *,
17590f7fec6Shenning 	     int, struct node_queue_opt *);
176c1a24a13Shenning 
1775b6c447dScedric int	pfctl_define_table(char *, int, int, const char *, const char *,
178b2ba8e10Scedric 	    struct pfr_buffer *, u_int32_t);
179c06aa877Scedric 
18064b4b616Sfrantzen void		 pfctl_clear_fingerprints(int, int);
18164b4b616Sfrantzen int		 pfctl_file_fingerprints(int, int, const char *);
18264b4b616Sfrantzen pf_osfp_t	 pfctl_get_fingerprint(const char *);
18364b4b616Sfrantzen int		 pfctl_load_fingerprints(int, int);
18464b4b616Sfrantzen char		*pfctl_lookup_fingerprint(pf_osfp_t, char *, size_t);
18564b4b616Sfrantzen void		 pfctl_show_fingerprints(int);
18664b4b616Sfrantzen 
18764b4b616Sfrantzen 
188ff352a37Smarkus struct icmptypeent {
189132c30ccShenning 	const char *name;
190ff352a37Smarkus 	u_int8_t type;
191ff352a37Smarkus };
192ff352a37Smarkus 
193ff352a37Smarkus struct icmpcodeent {
194132c30ccShenning 	const char *name;
195ff352a37Smarkus 	u_int8_t type;
196ff352a37Smarkus 	u_int8_t code;
197ff352a37Smarkus };
198ff352a37Smarkus 
1997d27d81aSdhartmei const struct icmptypeent *geticmptypebynumber(u_int8_t, u_int8_t);
2007d27d81aSdhartmei const struct icmptypeent *geticmptypebyname(char *, u_int8_t);
2017d27d81aSdhartmei const struct icmpcodeent *geticmpcodebynumber(u_int8_t, u_int8_t, u_int8_t);
2027d27d81aSdhartmei const struct icmpcodeent *geticmpcodebyname(u_long, char *, u_int8_t);
203ff352a37Smarkus 
204cc5f0329Sdhartmei struct pf_timeout {
205cc5f0329Sdhartmei 	const char	*name;
206cc5f0329Sdhartmei 	int		 timeout;
207cc5f0329Sdhartmei };
208cc5f0329Sdhartmei 
209afc6663eSkjell #define PFCTL_FLAG_FILTER	0x02
210afc6663eSkjell #define PFCTL_FLAG_NAT		0x04
21141d03d6aShenning #define PFCTL_FLAG_OPTION	0x08
21278e1d2a6Shenning #define PFCTL_FLAG_ALTQ		0x10
213c06aa877Scedric #define PFCTL_FLAG_TABLE	0x20
214afc6663eSkjell 
215cc5f0329Sdhartmei extern const struct pf_timeout pf_timeouts[];
216cc5f0329Sdhartmei 
21794e9410bShenning void			 set_ipmask(struct node_host *, u_int8_t);
21852f4a4a4Shenning int			 check_netmask(struct node_host *, sa_family_t);
21994e9410bShenning void			 ifa_load(void);
2206cba701cShenning struct node_host	*ifa_exists(const char *);
2216cba701cShenning struct node_host	*ifa_lookup(const char *, enum pfctl_iflookup_mode);
222f23861c1Shenning struct node_host	*host(const char *);
22394e9410bShenning 
22442e05679Scedric int			 append_addr(struct pfr_buffer *, char *, int);
2255b6c447dScedric int			 append_addr_host(struct pfr_buffer *,
2265b6c447dScedric 			    struct node_host *, int, int);
22742e05679Scedric 
228a6d3c168Sdhartmei #endif /* _PFCTL_PARSER_H_ */
229