1 /* $OpenBSD: pfctl.h,v 1.42 2007/12/05 12:01:47 chl Exp $ */ 2 3 /*- 4 * SPDX-License-Identifier: BSD-2-Clause 5 * 6 * Copyright (c) 2001 Daniel Hartmeier 7 * All rights reserved. 8 * 9 * Redistribution and use in source and binary forms, with or without 10 * modification, are permitted provided that the following conditions 11 * are met: 12 * 13 * - Redistributions of source code must retain the above copyright 14 * notice, this list of conditions and the following disclaimer. 15 * - Redistributions in binary form must reproduce the above 16 * copyright notice, this list of conditions and the following 17 * disclaimer in the documentation and/or other materials provided 18 * with the distribution. 19 * 20 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 21 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 22 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 23 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE 24 * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, 25 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, 26 * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 27 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER 28 * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN 30 * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 31 * POSSIBILITY OF SUCH DAMAGE. 32 */ 33 34 #ifndef _PFCTL_H_ 35 #define _PFCTL_H_ 36 37 #include <libpfctl.h> 38 39 #ifdef PFCTL_DEBUG 40 #define DBGPRINT(...) fprintf(stderr, __VA_ARGS__) 41 #else 42 #define DBGPRINT(...) (void)(0) 43 #endif 44 45 extern struct pfctl_handle *pfh; 46 47 struct pfctl; 48 49 enum pfctl_show { PFCTL_SHOW_RULES, PFCTL_SHOW_LABELS, PFCTL_SHOW_NOTHING }; 50 51 enum { PFRB_TABLES = 1, PFRB_TSTATS, PFRB_ADDRS, PFRB_ASTATS, 52 PFRB_IFACES, PFRB_TRANS, PFRB_MAX }; 53 struct pfr_buffer { 54 int pfrb_type; /* type of content, see enum above */ 55 int pfrb_size; /* number of objects in buffer */ 56 int pfrb_msize; /* maximum number of objects in buffer */ 57 void *pfrb_caddr; /* malloc'ated memory area */ 58 }; 59 #define PFRB_FOREACH(var, buf) \ 60 for ((var) = pfr_buf_next((buf), NULL); \ 61 (var) != NULL; \ 62 (var) = pfr_buf_next((buf), (var))) 63 64 RB_HEAD(pfr_ktablehead, pfr_ktable); 65 struct pfr_ktable { 66 struct pfr_tstats pfrkt_ts; 67 RB_ENTRY(pfr_ktable) pfrkt_tree; 68 SLIST_ENTRY(pfr_ktable) pfrkt_workq; 69 struct radix_node_head *pfrkt_ip4; 70 struct radix_node_head *pfrkt_ip6; 71 struct pfr_ktable *pfrkt_shadow; 72 struct pfr_ktable *pfrkt_root; 73 struct pf_kruleset *pfrkt_rs; 74 long pfrkt_larg; 75 int pfrkt_nflags; 76 }; 77 #define pfrkt_t pfrkt_ts.pfrts_t 78 #define pfrkt_name pfrkt_t.pfrt_name 79 #define pfrkt_anchor pfrkt_t.pfrt_anchor 80 #define pfrkt_ruleset pfrkt_t.pfrt_ruleset 81 #define pfrkt_flags pfrkt_t.pfrt_flags 82 #define pfrkt_cnt pfrkt_kts.pfrkts_cnt 83 #define pfrkt_refcnt pfrkt_kts.pfrkts_refcnt 84 #define pfrkt_tzero pfrkt_kts.pfrkts_tzero 85 86 struct pfr_uktable { 87 struct pfr_ktable pfrukt_kt; 88 struct pfr_buffer pfrukt_addrs; 89 int pfrukt_init_addr; 90 SLIST_ENTRY(pfr_uktable) pfrukt_entry; 91 }; 92 93 #define pfrukt_t pfrukt_kt.pfrkt_ts.pfrts_t 94 #define pfrukt_name pfrukt_kt.pfrkt_t.pfrt_name 95 #define pfrukt_anchor pfrukt_kt.pfrkt_t.pfrt_anchor 96 97 extern struct pfr_ktablehead pfr_ktables; 98 99 struct pfr_anchoritem { 100 SLIST_ENTRY(pfr_anchoritem) pfra_sle; 101 char *pfra_anchorname; 102 }; 103 104 SLIST_HEAD(pfr_anchors, pfr_anchoritem); 105 106 int pfr_add_table(struct pfr_table *, int *, int); 107 int pfr_del_table(struct pfr_table *, int *, int); 108 int pfr_get_tables(struct pfr_table *, struct pfr_table *, int *, int); 109 int pfr_clr_astats(struct pfr_table *, struct pfr_addr *, int, int *, int); 110 int pfr_clr_addrs(struct pfr_table *, int *, int); 111 int pfr_add_addrs(struct pfr_table *, struct pfr_addr *, int, int *, int); 112 int pfr_del_addrs(struct pfr_table *, struct pfr_addr *, int, int *, int); 113 int pfr_set_addrs(struct pfr_table *, struct pfr_addr *, int, int *, 114 int *, int *, int *, int); 115 int pfr_get_addrs(struct pfr_table *, struct pfr_addr *, int *, int); 116 int pfr_get_astats(struct pfr_table *, struct pfr_astats *, int *, int); 117 int pfr_tst_addrs(struct pfr_table *, struct pfr_addr *, int, int *, int); 118 int pfr_ina_define(struct pfr_table *, struct pfr_addr *, int, int *, 119 int *, int, int); 120 void pfr_buf_clear(struct pfr_buffer *); 121 int pfr_buf_add(struct pfr_buffer *, const void *); 122 void *pfr_buf_next(struct pfr_buffer *, const void *); 123 int pfr_buf_grow(struct pfr_buffer *, int); 124 int pfr_buf_load(struct pfr_buffer *, char *, int, 125 int (*)(struct pfr_buffer *, char *, int, int), int); 126 char *pf_strerror(int); 127 int pfi_get_ifaces(const char *, struct pfi_kif *, int *); 128 129 void pfctl_print_title(char *); 130 int pfctl_do_clear_tables(const char *, int); 131 void pfctl_show_tables(const char *, int); 132 int pfctl_table(int, char *[], char *, const char *, char *, 133 const char *, int); 134 int pfctl_show_altq(int, const char *, int, int); 135 void warn_duplicate_tables(const char *, const char *); 136 void pfctl_show_ifaces(const char *, int); 137 void pfctl_show_creators(int); 138 FILE *pfctl_fopen(const char *, const char *); 139 140 #ifdef __FreeBSD__ 141 extern int altqsupport; 142 extern int dummynetsupport; 143 #define HTONL(x) (x) = htonl((__uint32_t)(x)) 144 #endif 145 146 #ifndef DEFAULT_PRIORITY 147 #define DEFAULT_PRIORITY 1 148 #endif 149 150 #ifndef DEFAULT_QLIMIT 151 #define DEFAULT_QLIMIT 50 152 #endif 153 154 /* 155 * generalized service curve used for admission control 156 */ 157 struct segment { 158 LIST_ENTRY(segment) _next; 159 double x, y, d, m; 160 }; 161 162 extern int loadopt; 163 164 int check_commit_altq(int, int); 165 void pfaltq_store(struct pf_altq *); 166 char *rate2str(double); 167 168 void print_addr(struct pf_addr_wrap *, sa_family_t, int); 169 void print_addr_str(sa_family_t, struct pf_addr *); 170 void print_host(struct pf_addr *, u_int16_t p, sa_family_t, int); 171 void print_seq(struct pfctl_state_peer *); 172 void print_state(struct pfctl_state *, int); 173 174 int pfctl_cmdline_symset(char *); 175 int pfctl_add_trans(struct pfr_buffer *, int, const char *); 176 u_int32_t 177 pfctl_get_ticket(struct pfr_buffer *, int, const char *); 178 int pfctl_trans(int, struct pfr_buffer *, u_long, int); 179 180 int pf_get_ruleset_number(u_int8_t); 181 void pf_init_ruleset(struct pfctl_ruleset *); 182 int pfctl_anchor_setup(struct pfctl_rule *, 183 const struct pfctl_ruleset *, const char *); 184 void pf_remove_if_empty_ruleset(struct pfctl_ruleset *); 185 struct pfctl_ruleset *pf_find_ruleset(const char *); 186 struct pfctl_ruleset *pf_find_or_create_ruleset(const char *); 187 void pf_init_eth_ruleset(struct pfctl_eth_ruleset *); 188 int pfctl_eth_anchor_setup(struct pfctl *, 189 struct pfctl_eth_rule *, 190 const struct pfctl_eth_ruleset *, const char *); 191 struct pfctl_eth_ruleset *pf_find_or_create_eth_ruleset(const char *); 192 void pf_remove_if_empty_eth_ruleset( 193 struct pfctl_eth_ruleset *); 194 195 void expand_label(char *, size_t, struct pfctl_rule *); 196 197 const char *pfctl_proto2name(int); 198 199 void pfctl_err(int, int, const char *, ...); 200 void pfctl_errx(int, int, const char *, ...); 201 202 #endif /* _PFCTL_H_ */ 203