d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
7531c434a5
freebsd-dev/sbin/ipf/common/ipmon.h
Cy Schubert 41edb306f0 ipfilter: Move userland bits to sbin 
Through fixes and improvements our ipfilter sources have diverged
enough to warrant move from contrib into sbin/ipf. Now that I'm
planning on implementing MSS clamping as in iptables it makes more
sense to move ipfilter to sbin.

This is the second of three commits of the ipfilter move.

Suggested by glebius on two occaions.

Suggested by and discussed with:	glebius
Reviewed by:				glebius, kp (for #network)
MFC after:				1 month
Differential Revision:		https://reviews.freebsd.org/D33510
2021-12-20 06:16:33 -08:00

143 lines
3.2 KiB
C
Raw Blame History

/* $FreeBSD$ */
/*
* Copyright (C) 2012 by Darren Reed.
*
* See the IPFILTER.LICENCE file for details on licencing.
*
* @(#)ip_fil.h 1.35 6/5/96
* $Id$
*/
typedef struct ipmon_msg_s {
int imm_msglen;
char *imm_msg;
int imm_dsize;
void *imm_data;
time_t imm_when;
int imm_loglevel;
} ipmon_msg_t;
typedef void (*ims_destroy_func_t)(void *);
typedef void *(*ims_dup_func_t)(void *);
typedef int (*ims_match_func_t)(void *, void *);
typedef void *(*ims_parse_func_t)(char **);
typedef void (*ims_print_func_t)(void *);
typedef int (*ims_store_func_t)(void *, ipmon_msg_t *);
typedef struct ipmon_saver_s {
char *ims_name;
ims_destroy_func_t ims_destroy;
ims_dup_func_t ims_dup;
ims_match_func_t ims_match;
ims_parse_func_t ims_parse;
ims_print_func_t ims_print;
ims_store_func_t ims_store;
} ipmon_saver_t;
typedef struct ipmon_saver_int_s {
struct ipmon_saver_int_s *imsi_next;
ipmon_saver_t *imsi_stor;
void *imsi_handle;
} ipmon_saver_int_t;
typedef struct ipmon_doing_s {
struct ipmon_doing_s *ipmd_next;
void *ipmd_token;
ipmon_saver_t *ipmd_saver;
/*
* ipmd_store is "cached" in this structure to avoid a double
* deref when doing saves....
*/
int (*ipmd_store)(void *, ipmon_msg_t *);
} ipmon_doing_t;
typedef struct ipmon_action {
struct ipmon_action *ac_next;
int ac_mflag; /* collection of things to compare */
int ac_dflag; /* flags to compliment the doing fields */
int ac_logpri;
int ac_direction;
char ac_group[FR_GROUPLEN];
char ac_nattag[16];
u_32_t ac_logtag;
int ac_type; /* nat/state/ipf */
int ac_proto;
int ac_rule;
int ac_packet;
int ac_second;
int ac_result;
u_32_t ac_sip;
u_32_t ac_smsk;
u_32_t ac_dip;
u_32_t ac_dmsk;
u_short ac_sport;
u_short ac_dport;
char *ac_iface;
/*
* used with ac_packet/ac_second
*/
struct timeval ac_last;
int ac_pktcnt;
/*
* What to do with matches
*/
ipmon_doing_t *ac_doing;
} ipmon_action_t;
#define ac_lastsec ac_last.tv_sec
#define ac_lastusec ac_last.tv_usec
/*
* Flags indicating what fields to do matching upon (ac_mflag).
*/
#define IPMAC_DIRECTION 0x0001
#define IPMAC_DSTIP 0x0002
#define IPMAC_DSTPORT 0x0004
#define IPMAC_EVERY 0x0008
#define IPMAC_GROUP 0x0010
#define IPMAC_INTERFACE 0x0020
#define IPMAC_LOGTAG 0x0040
#define IPMAC_NATTAG 0x0080
#define IPMAC_PROTOCOL 0x0100
#define IPMAC_RESULT 0x0200
#define IPMAC_RULE 0x0400
#define IPMAC_SRCIP 0x0800
#define IPMAC_SRCPORT 0x1000
#define IPMAC_TYPE 0x2000
#define IPMAC_WITH 0x4000
#define IPMR_BLOCK 1
#define IPMR_PASS 2
#define IPMR_NOMATCH 3
#define IPMR_LOG 4
#define IPMON_SYSLOG 0x001
#define IPMON_RESOLVE 0x002
#define IPMON_HEXBODY 0x004
#define IPMON_HEXHDR 0x010
#define IPMON_TAIL 0x020
#define IPMON_VERBOSE 0x040
#define IPMON_NAT 0x080
#define IPMON_STATE 0x100
#define IPMON_FILTER 0x200
#define IPMON_PORTNUM 0x400
#define IPMON_LOGALL (IPMON_NAT|IPMON_STATE|IPMON_FILTER)
#define IPMON_LOGBODY 0x800
#define HOSTNAME_V4(a,b) hostname((a), 4, (u_32_t *)&(b))
#ifndef LOGFAC
#define LOGFAC LOG_LOCAL0
#endif
extern void dump_config(void);
extern int load_config(char *);
extern void unload_config(void);
extern void dumphex(FILE *, int, char *, int);
extern int check_action(char *, char *, int, int);
extern char *getword(int);
extern void *add_doing(ipmon_saver_t *);
Reference in New Issue View Git Blame Copy Permalink