diff options
author | Kjell Wooding <kjell@cvs.openbsd.org> | 2001-06-24 19:49:00 +0000 |
---|---|---|
committer | Kjell Wooding <kjell@cvs.openbsd.org> | 2001-06-24 19:49:00 +0000 |
commit | 6b7e146b5046259ba9faa9444114b5c4c18070fe (patch) | |
tree | 6769ac6a79b4a0c4a79698115a952bc6f6a41909 /sys/net/pfvar.h | |
parent | 4d339188d7d3d36098d08968a138bb031f00562d (diff) |
Initial import of pf, an all-new ipf-compatable packet filter.
Insane amounts of work done my dhartmei. Great work!
Diffstat (limited to 'sys/net/pfvar.h')
-rw-r--r-- | sys/net/pfvar.h | 170 |
1 files changed, 170 insertions, 0 deletions
diff --git a/sys/net/pfvar.h b/sys/net/pfvar.h new file mode 100644 index 00000000000..c771abece86 --- /dev/null +++ b/sys/net/pfvar.h @@ -0,0 +1,170 @@ +/* $OpenBSD: pfvar.h,v 1.1 2001/06/24 19:48:58 kjell Exp $ */ + +/* + * Copyright (c) 2001, Daniel Hartmeier + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * - Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * - Redistributions in binary form must reproduce the above + * copyright notice, this list of conditions and the following + * disclaimer in the documentation and/or other materials provided + * with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * REGENTS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER + * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN + * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + * + */ + +#ifndef _NETINET_PACKETFILTER_H_ +#define _NETINET_PACKETFILTER_H_ + +#include <sys/types.h> + +enum { PF_IN=0, PF_OUT=1 }; +enum { PF_PASS=0, PF_DROP=1, PF_DROP_RST=2 }; + +struct rule { + u_int8_t action; + u_int8_t direction; + u_int8_t log; + u_int8_t quick; + u_int8_t keep_state; + char ifname[16]; + struct ifnet *ifp; + u_int8_t proto; + struct { + u_int8_t not; + u_int32_t addr, + mask; + u_int8_t port_op; + u_int16_t port[2]; + } src, + dst; + u_int8_t type, + code; + u_int8_t flags, + flagset; + struct rule *next; +}; + +struct state { + u_int8_t proto; + u_int8_t direction; + struct host { + u_int32_t addr; + u_int16_t port; + } lan, + gwy, + ext; + struct peer { + u_int32_t seqlo, + seqhi; + u_int8_t state; + } src, + dst; + u_int32_t creation, + expire; + u_int32_t packets, + bytes; + struct state *next; +}; + +struct nat { + char ifname[16]; + struct ifnet *ifp; + u_int8_t proto; + u_int8_t not; + u_int32_t saddr, + smask, + daddr; + struct nat *next; +}; + +struct rdr { + char ifname[16]; + struct ifnet *ifp; + u_int8_t proto; + u_int8_t not; + u_int32_t daddr, + dmask, + raddr; + u_int16_t dport, + rport; + struct rdr *next; +}; + +struct status { + u_int8_t running; + u_int32_t bytes[2]; + u_int32_t packets[2][2]; + u_int32_t states, + state_inserts, + state_removals, + state_searches; + u_int32_t since; +}; + +/* + * ioctl parameter structure + */ + +struct ioctlbuffer { + u_int32_t size; + u_int16_t entries; + void *buffer; +}; + +/* + * ioctl operations + */ + +#define DIOCSTART _IO ('D', 1) +#define DIOCSTOP _IO ('D', 2) +#define DIOCSETRULES _IOWR('D', 3, struct ioctlbuffer) +#define DIOCGETRULES _IOWR('D', 4, struct ioctlbuffer) +#define DIOCSETNAT _IOWR('D', 5, struct ioctlbuffer) +#define DIOCGETNAT _IOWR('D', 6, struct ioctlbuffer) +#define DIOCSETRDR _IOWR('D', 7, struct ioctlbuffer) +#define DIOCGETRDR _IOWR('D', 8, struct ioctlbuffer) +#define DIOCCLRSTATES _IO ('D', 9) +#define DIOCGETSTATES _IOWR('D', 10, struct ioctlbuffer) +#define DIOCSETSTATUSIF _IOWR('D', 11, struct ioctlbuffer) +#define DIOCGETSTATUS _IOWR('D', 12, struct ioctlbuffer) + +/* + * ioctl errors + */ + +enum error_msg { + NO_ERROR=0, + ERROR_INVALID_OP=100, + ERROR_ALREADY_RUNNING, + ERROR_NOT_RUNNING, + ERROR_INVALID_PARAMETERS, + ERROR_MALLOC, + MAX_ERROR_NUM +}; + + +#ifdef _KERNEL + +int pf_test (int, struct ifnet *, struct mbuf **); + +#endif /* _KERNEL */ + +#endif /* _NET_PACKETFILTER_H_ */ |