usr.sbin/npf/npfctl/npfctl.h
author rmind <rmind@NetBSD.org>
Tue, 18 Jan 2011 20:33:45 +0000
branchtrunk
changeset 196924 6ab7fbf8ee49
parent 195759 01a1917eb9ce
child 197379 a86aaa1c2753
child 280517 6b8d57945d57
permissions -rw-r--r--
NPF checkpoint: - Add the concept of rule procedure: separate normalization, logging and potentially other functions from the rule structure. Rule procedure can be shared amongst the rules. Separation is both at kernel level (npf_rproc_t) and configuration ("procedure" + "apply"). - Fix portmap sharing for NAT policy. - Update TCP state tracking logic. Use TCP FSM definitions. - Add if_byindex(), OK by matt@. Use in logging for the lookup. - Fix traceroute ALG and many other bugs; misc clean-up.

/*	$NetBSD: npfctl.h,v 1.5 2011/01/18 20:33:45 rmind Exp $	*/

/*-
 * Copyright (c) 2009-2011 The NetBSD Foundation, Inc.
 * All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 *
 * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
 * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 * POSSIBILITY OF SUCH DAMAGE.
 */

#ifndef _NPFCTL_H_
#define _NPFCTL_H_

#include <sys/types.h>
#include <stdio.h>
#include <stdbool.h>

#ifndef _NPF_TESTING
#include <net/npf.h>
#include <net/npf_ncode.h>
#else
#include "npf.h"
#include "npf_ncode.h"
#endif

#ifdef DEBUG
#define	DPRINTF(x)	printf x
#else
#define	DPRINTF(x)
#endif

#define	NPF_DEV_PATH	"/dev/npf"
#define	NPF_CONF_PATH	"/etc/npf.conf"
#define	NPF_SESSDB_PATH	"/var/db/npf_sessions.db"

typedef struct {
	char *		e_data;
	void *		e_next;
} element_t;

#define	VAR_SINGLE	1
#define	VAR_ARRAY	2
#define	VAR_TABLE	3

typedef struct {
	char *		v_key;
	element_t *	v_elements;
	int		v_type;
	int		v_count;
	void *		v_next;
} var_t;

void *		zalloc(size_t);
char *		xstrdup(const char *);

void		npfctl_init_data(void);
int		npfctl_ioctl_send(int);
int		npfctl_ioctl_recvse(int);
int		npfctl_ioctl_sendse(int);
int		npfctl_ioctl_flushse(int);

struct ifaddrs *npfctl_getif(char *, unsigned int *, bool);
bool		npfctl_parse_v4mask(char *, in_addr_t *, in_addr_t *);

prop_dictionary_t npfctl_mk_rule(bool, prop_dictionary_t);
void		npfctl_rule_setattr(prop_dictionary_t, int, u_int);
void		npfctl_rule_protodata(prop_dictionary_t, char *, char *,
		    int, int, var_t *, var_t *, var_t *, var_t *);
void		npfctl_rule_icmpdata(prop_dictionary_t, var_t *, var_t *);

prop_dictionary_t npfctl_lookup_table(char *);
prop_dictionary_t npfctl_construct_table(int, int);
void		npfctl_fill_table(prop_dictionary_t, char *);

prop_dictionary_t npfctl_mk_rproc(void);
bool		npfctl_find_rproc(prop_dictionary_t, char *);

prop_dictionary_t npfctl_mk_nat(void);
void		npfctl_nat_setup(prop_dictionary_t, int, int,
		    u_int, char *, char *);

size_t		npfctl_calc_ncsize(int []);
size_t		npfctl_failure_offset(int []);

void		npfctl_gennc_ether(void **, int, uint16_t);
void		npfctl_gennc_v4cidr(void **, int,
		    in_addr_t, in_addr_t, bool);
void		npfctl_gennc_icmp(void **, int, int, int);
void		npfctl_gennc_tcpfl(void **, int , uint8_t, uint8_t);
void		npfctl_gennc_ports(void **, int,
		    in_port_t, in_port_t, bool, bool);
void		npfctl_gennc_tbl(void **, int, u_int , bool);
void		npfctl_gennc_complete(void **);

int		npf_parseline(char *);

#endif