b523d38061
Remove #ifdefs for ancient and irrelevant operating systems from ipfilter. When ipfilter was written the UNIX and UNIX-like systems in use were diverse and plentiful. IRIX, Tru64 (OSF/1) don't exist any more. OpenBSD removed ipfilter shortly after the first time the ipfilter license terms changed in the early 2000's. ipfilter on AIX, HP/UX, and Linux never really caught on. Removal of code for operating systems that ipfilter will never run on again will simplify the code making it easier to fix bugs, complete partially implemented features, and extend ipfilter. Unsupported previous version FreeBSD code and some older NetBSD code has also been removed. What remains is supported FreeBSD, NetBSD, and illumos. FreeBSD and NetBSD have collaborated exchanging patches, while illumos has expressed willingness to have their ipfilter updated to 5.1.2, provided their zone-specific updates to their ipfilter are merged (which are of interest to FreeBSD to allow control of ipfilters in jails from the global zone). Reviewed by: glebius@ MFC after: 1 month Differential Revision: https://reviews.freebsd.org/D19006
386 lines
12 KiB
C
386 lines
12 KiB
C
/* $FreeBSD$ */
|
|
|
|
/*
|
|
* Copyright (C) 2012 by Darren Reed.
|
|
*
|
|
* See the IPFILTER.LICENCE file for details on licencing.
|
|
*
|
|
* @(#)ipf.h 1.12 6/5/96
|
|
* $Id$
|
|
*/
|
|
|
|
#ifndef __IPF_H__
|
|
#define __IPF_H__
|
|
|
|
|
|
#include <sys/param.h>
|
|
#include <sys/types.h>
|
|
#include <sys/file.h>
|
|
/*
|
|
* This is a workaround for <sys/uio.h> troubles on FreeBSD, HPUX, OpenBSD.
|
|
* Needed here because on some systems <sys/uio.h> gets included by things
|
|
* like <sys/socket.h>
|
|
*/
|
|
#ifndef _KERNEL
|
|
# define ADD_KERNEL
|
|
# define _KERNEL
|
|
# define KERNEL
|
|
#endif
|
|
#include <sys/uio.h>
|
|
#ifdef ADD_KERNEL
|
|
# undef _KERNEL
|
|
# undef KERNEL
|
|
#endif
|
|
#include <sys/time.h>
|
|
#include <sys/socket.h>
|
|
#include <net/if.h>
|
|
|
|
#include <netinet/in.h>
|
|
#include <netinet/in_systm.h>
|
|
#include <netinet/ip.h>
|
|
#include <netinet/ip_icmp.h>
|
|
# include <netinet/tcp.h>
|
|
#include <netinet/udp.h>
|
|
|
|
#include <arpa/inet.h>
|
|
|
|
#include <errno.h>
|
|
#include <limits.h>
|
|
#include <netdb.h>
|
|
#include <stdlib.h>
|
|
#include <stddef.h>
|
|
#include <stdio.h>
|
|
#if !defined(__SVR4) && !defined(__svr4__) && defined(sun)
|
|
# include <strings.h>
|
|
#endif
|
|
#include <string.h>
|
|
#include <unistd.h>
|
|
|
|
#include "netinet/ip_compat.h"
|
|
#include "netinet/ip_fil.h"
|
|
#include "netinet/ip_nat.h"
|
|
#include "netinet/ip_frag.h"
|
|
#include "netinet/ip_state.h"
|
|
#include "netinet/ip_proxy.h"
|
|
#include "netinet/ip_auth.h"
|
|
#include "netinet/ip_lookup.h"
|
|
#include "netinet/ip_pool.h"
|
|
#include "netinet/ip_scan.h"
|
|
#include "netinet/ip_htable.h"
|
|
#include "netinet/ip_sync.h"
|
|
#include "netinet/ip_dstlist.h"
|
|
|
|
#include "opts.h"
|
|
|
|
#ifndef __P
|
|
# ifdef __STDC__
|
|
# define __P(x) x
|
|
# else
|
|
# define __P(x) ()
|
|
# endif
|
|
#endif
|
|
#ifndef __STDC__
|
|
# undef const
|
|
# define const
|
|
#endif
|
|
|
|
#ifndef U_32_T
|
|
# define U_32_T 1
|
|
# if defined(__NetBSD__) || defined(__OpenBSD__) || defined(__FreeBSD__) || \
|
|
defined(__sgi)
|
|
typedef u_int32_t u_32_t;
|
|
# else
|
|
# if defined(__alpha__) || defined(__alpha) || defined(_LP64)
|
|
typedef unsigned int u_32_t;
|
|
# else
|
|
# if SOLARIS2 >= 6
|
|
typedef uint32_t u_32_t;
|
|
# else
|
|
typedef unsigned int u_32_t;
|
|
# endif
|
|
# endif
|
|
# endif /* __NetBSD__ || __OpenBSD__ || __FreeBSD__ || __sgi */
|
|
#endif /* U_32_T */
|
|
|
|
#ifndef MAXHOSTNAMELEN
|
|
# define MAXHOSTNAMELEN 256
|
|
#endif
|
|
|
|
#define MAX_ICMPCODE 16
|
|
#define MAX_ICMPTYPE 19
|
|
|
|
#define PRINTF (void)printf
|
|
#define FPRINTF (void)fprintf
|
|
|
|
|
|
struct ipopt_names {
|
|
int on_value;
|
|
int on_bit;
|
|
int on_siz;
|
|
char *on_name;
|
|
};
|
|
|
|
|
|
typedef struct alist_s {
|
|
struct alist_s *al_next;
|
|
int al_not;
|
|
int al_family;
|
|
i6addr_t al_i6addr;
|
|
i6addr_t al_i6mask;
|
|
} alist_t;
|
|
|
|
#define al_addr al_i6addr.in4_addr
|
|
#define al_mask al_i6mask.in4_addr
|
|
#define al_1 al_addr
|
|
#define al_2 al_mask
|
|
|
|
|
|
typedef struct plist_s {
|
|
struct plist_s *pl_next;
|
|
int pl_compare;
|
|
u_short pl_port1;
|
|
u_short pl_port2;
|
|
} plist_t;
|
|
|
|
|
|
typedef struct {
|
|
u_short fb_c;
|
|
u_char fb_t;
|
|
u_char fb_f;
|
|
u_32_t fb_k;
|
|
} fakebpf_t;
|
|
|
|
|
|
typedef struct {
|
|
char *it_name;
|
|
int it_v4;
|
|
int it_v6;
|
|
} icmptype_t;
|
|
|
|
|
|
typedef struct wordtab {
|
|
char *w_word;
|
|
int w_value;
|
|
} wordtab_t;
|
|
|
|
|
|
typedef struct namelist {
|
|
struct namelist *na_next;
|
|
char *na_name;
|
|
int na_value;
|
|
} namelist_t;
|
|
|
|
|
|
typedef struct proxyrule {
|
|
struct proxyrule *pr_next;
|
|
char *pr_proxy;
|
|
char *pr_conf;
|
|
namelist_t *pr_names;
|
|
int pr_proto;
|
|
} proxyrule_t;
|
|
|
|
|
|
#if defined(__NetBSD__) || defined(__FreeBSD_version) || \
|
|
SOLARIS
|
|
# include <stdarg.h>
|
|
typedef int (* ioctlfunc_t) __P((int, ioctlcmd_t, ...));
|
|
#else
|
|
typedef int (* ioctlfunc_t) __P((dev_t, ioctlcmd_t, void *));
|
|
#endif
|
|
typedef int (* addfunc_t) __P((int, ioctlfunc_t, void *));
|
|
typedef int (* copyfunc_t) __P((void *, void *, size_t));
|
|
|
|
|
|
extern char thishost[];
|
|
extern char flagset[];
|
|
extern u_char flags[];
|
|
extern struct ipopt_names ionames[];
|
|
extern struct ipopt_names secclass[];
|
|
extern char *icmpcodes[MAX_ICMPCODE + 1];
|
|
extern char *icmptypes[MAX_ICMPTYPE + 1];
|
|
extern int use_inet6;
|
|
extern int lineNum;
|
|
extern int debuglevel;
|
|
extern struct ipopt_names v6ionames[];
|
|
extern icmptype_t icmptypelist[];
|
|
extern wordtab_t statefields[];
|
|
extern wordtab_t natfields[];
|
|
extern wordtab_t poolfields[];
|
|
|
|
|
|
extern int addicmp __P((char ***, struct frentry *, int));
|
|
extern int addipopt __P((char *, struct ipopt_names *, int, char *));
|
|
extern int addkeep __P((char ***, struct frentry *, int));
|
|
extern alist_t *alist_new __P((int, char *));
|
|
extern void alist_free __P((alist_t *));
|
|
extern void assigndefined __P((char *));
|
|
extern void binprint __P((void *, size_t));
|
|
extern u_32_t buildopts __P((char *, char *, int));
|
|
extern int checkrev __P((char *));
|
|
extern int connecttcp __P((char *, int));
|
|
extern int count6bits __P((u_32_t *));
|
|
extern int count4bits __P((u_32_t));
|
|
extern char *fac_toname __P((int));
|
|
extern int fac_findname __P((char *));
|
|
extern const char *familyname __P((const int));
|
|
extern void fill6bits __P((int, u_int *));
|
|
extern wordtab_t *findword __P((wordtab_t *, char *));
|
|
extern int ftov __P((int));
|
|
extern char *ipf_geterror __P((int, ioctlfunc_t *));
|
|
extern int genmask __P((int, char *, i6addr_t *));
|
|
extern int gethost __P((int, char *, i6addr_t *));
|
|
extern int geticmptype __P((int, char *));
|
|
extern int getport __P((struct frentry *, char *, u_short *, char *));
|
|
extern int getportproto __P((char *, int));
|
|
extern int getproto __P((char *));
|
|
extern char *getnattype __P((struct nat *));
|
|
extern char *getsumd __P((u_32_t));
|
|
extern u_32_t getoptbyname __P((char *));
|
|
extern u_32_t getoptbyvalue __P((int));
|
|
extern u_32_t getv6optbyname __P((char *));
|
|
extern u_32_t getv6optbyvalue __P((int));
|
|
extern char *icmptypename __P((int, int));
|
|
extern void initparse __P((void));
|
|
extern void ipf_dotuning __P((int, char *, ioctlfunc_t));
|
|
extern int ipf_addrule __P((int, ioctlfunc_t, void *));
|
|
extern void ipf_mutex_clean __P((void));
|
|
extern int ipf_parsefile __P((int, addfunc_t, ioctlfunc_t *, char *));
|
|
extern int ipf_parsesome __P((int, addfunc_t, ioctlfunc_t *, FILE *));
|
|
extern void ipf_perror __P((int, char *));
|
|
extern int ipf_perror_fd __P(( int, ioctlfunc_t, char *));
|
|
extern void ipf_rwlock_clean __P((void));
|
|
extern char *ipf_strerror __P((int));
|
|
extern void ipferror __P((int, char *));
|
|
extern int ipmon_parsefile __P((char *));
|
|
extern int ipmon_parsesome __P((FILE *));
|
|
extern int ipnat_addrule __P((int, ioctlfunc_t, void *));
|
|
extern int ipnat_parsefile __P((int, addfunc_t, ioctlfunc_t, char *));
|
|
extern int ipnat_parsesome __P((int, addfunc_t, ioctlfunc_t, FILE *));
|
|
extern int ippool_parsefile __P((int, char *, ioctlfunc_t));
|
|
extern int ippool_parsesome __P((int, FILE *, ioctlfunc_t));
|
|
extern int kmemcpywrap __P((void *, void *, size_t));
|
|
extern char *kvatoname __P((ipfunc_t, ioctlfunc_t));
|
|
extern int load_dstlist __P((struct ippool_dst *, ioctlfunc_t,
|
|
ipf_dstnode_t *));
|
|
extern int load_dstlistnode __P((int, char *, struct ipf_dstnode *,
|
|
ioctlfunc_t));
|
|
extern alist_t *load_file __P((char *));
|
|
extern int load_hash __P((struct iphtable_s *, struct iphtent_s *,
|
|
ioctlfunc_t));
|
|
extern int load_hashnode __P((int, char *, struct iphtent_s *, int,
|
|
ioctlfunc_t));
|
|
extern alist_t *load_http __P((char *));
|
|
extern int load_pool __P((struct ip_pool_s *list, ioctlfunc_t));
|
|
extern int load_poolnode __P((int, char *, ip_pool_node_t *, int, ioctlfunc_t));
|
|
extern alist_t *load_url __P((char *));
|
|
extern alist_t *make_range __P((int, struct in_addr, struct in_addr));
|
|
extern void mb_hexdump __P((mb_t *, FILE *));
|
|
extern ipfunc_t nametokva __P((char *, ioctlfunc_t));
|
|
extern void nat_setgroupmap __P((struct ipnat *));
|
|
extern int ntomask __P((int, int, u_32_t *));
|
|
extern u_32_t optname __P((char ***, u_short *, int));
|
|
extern wordtab_t *parsefields __P((wordtab_t *, char *));
|
|
extern int *parseipfexpr __P((char *, char **));
|
|
extern int parsewhoisline __P((char *, addrfamily_t *, addrfamily_t *));
|
|
extern void pool_close __P((void));
|
|
extern int pool_fd __P((void));
|
|
extern int pool_ioctl __P((ioctlfunc_t, ioctlcmd_t, void *));
|
|
extern int pool_open __P((void));
|
|
extern char *portname __P((int, int));
|
|
extern int pri_findname __P((char *));
|
|
extern char *pri_toname __P((int));
|
|
extern void print_toif __P((int, char *, char *, struct frdest *));
|
|
extern void printaps __P((ap_session_t *, int, int));
|
|
extern void printaddr __P((int, int, char *, int, u_32_t *, u_32_t *));
|
|
extern void printbuf __P((char *, int, int));
|
|
extern void printfieldhdr __P((wordtab_t *, wordtab_t *));
|
|
extern void printfr __P((struct frentry *, ioctlfunc_t));
|
|
extern struct iphtable_s *printhash __P((struct iphtable_s *, copyfunc_t,
|
|
char *, int, wordtab_t *));
|
|
extern struct iphtable_s *printhash_live __P((iphtable_t *, int, char *,
|
|
int, wordtab_t *));
|
|
extern ippool_dst_t *printdstl_live __P((ippool_dst_t *, int, char *,
|
|
int, wordtab_t *));
|
|
extern void printhashdata __P((iphtable_t *, int));
|
|
extern struct iphtent_s *printhashnode __P((struct iphtable_s *,
|
|
struct iphtent_s *,
|
|
copyfunc_t, int, wordtab_t *));
|
|
extern void printhost __P((int, u_32_t *));
|
|
extern void printhostmask __P((int, u_32_t *, u_32_t *));
|
|
extern void printip __P((int, u_32_t *));
|
|
extern void printlog __P((struct frentry *));
|
|
extern void printlookup __P((char *, i6addr_t *addr, i6addr_t *mask));
|
|
extern void printmask __P((int, u_32_t *));
|
|
extern void printnataddr __P((int, char *, nat_addr_t *, int));
|
|
extern void printnatfield __P((nat_t *, int));
|
|
extern void printnatside __P((char *, nat_stat_side_t *));
|
|
extern void printpacket __P((int, mb_t *));
|
|
extern void printpacket6 __P((int, mb_t *));
|
|
extern struct ippool_dst *printdstlist __P((struct ippool_dst *, copyfunc_t,
|
|
char *, int, ipf_dstnode_t *,
|
|
wordtab_t *));
|
|
extern void printdstlistdata __P((ippool_dst_t *, int));
|
|
extern ipf_dstnode_t *printdstlistnode __P((ipf_dstnode_t *, copyfunc_t,
|
|
int, wordtab_t *));
|
|
extern void printdstlistpolicy __P((ippool_policy_t));
|
|
extern struct ip_pool_s *printpool __P((struct ip_pool_s *, copyfunc_t,
|
|
char *, int, wordtab_t *));
|
|
extern struct ip_pool_s *printpool_live __P((struct ip_pool_s *, int,
|
|
char *, int, wordtab_t *));
|
|
extern void printpooldata __P((ip_pool_t *, int));
|
|
extern void printpoolfield __P((void *, int, int));
|
|
extern struct ip_pool_node *printpoolnode __P((struct ip_pool_node *,
|
|
int, wordtab_t *));
|
|
extern void printproto __P((struct protoent *, int, struct ipnat *));
|
|
extern void printportcmp __P((int, struct frpcmp *));
|
|
extern void printstatefield __P((ipstate_t *, int));
|
|
extern void printtqtable __P((ipftq_t *));
|
|
extern void printtunable __P((ipftune_t *));
|
|
extern void printunit __P((int));
|
|
extern void optprint __P((u_short *, u_long, u_long));
|
|
#ifdef USE_INET6
|
|
extern void optprintv6 __P((u_short *, u_long, u_long));
|
|
#endif
|
|
extern int remove_hash __P((struct iphtable_s *, ioctlfunc_t));
|
|
extern int remove_hashnode __P((int, char *, struct iphtent_s *, ioctlfunc_t));
|
|
extern int remove_pool __P((ip_pool_t *, ioctlfunc_t));
|
|
extern int remove_poolnode __P((int, char *, ip_pool_node_t *, ioctlfunc_t));
|
|
extern u_char tcpflags __P((char *));
|
|
extern void printc __P((struct frentry *));
|
|
extern void printC __P((int));
|
|
extern void emit __P((int, int, void *, struct frentry *));
|
|
extern u_char secbit __P((int));
|
|
extern u_char seclevel __P((char *));
|
|
extern void printfraginfo __P((char *, struct ipfr *));
|
|
extern void printifname __P((char *, char *, void *));
|
|
extern char *hostname __P((int, void *));
|
|
extern struct ipstate *printstate __P((struct ipstate *, int, u_long));
|
|
extern void printsbuf __P((char *));
|
|
extern void printnat __P((struct ipnat *, int));
|
|
extern void printactiveaddress __P((int, char *, i6addr_t *, char *));
|
|
extern void printactivenat __P((struct nat *, int, u_long));
|
|
extern void printhostmap __P((struct hostmap *, u_int));
|
|
extern void printtcpflags __P((u_32_t, u_32_t));
|
|
extern void printipfexpr __P((int *));
|
|
extern void printstatefield __P((ipstate_t *, int));
|
|
extern void printstatefieldhdr __P((int));
|
|
extern int sendtrap_v1_0 __P((int, char *, char *, int, time_t));
|
|
extern int sendtrap_v2_0 __P((int, char *, char *, int));
|
|
extern int vtof __P((int));
|
|
|
|
extern void set_variable __P((char *, char *));
|
|
extern char *get_variable __P((char *, char **, int));
|
|
extern void resetlexer __P((void));
|
|
|
|
extern void debug __P((int, char *, ...));
|
|
extern void verbose __P((int, char *, ...));
|
|
extern void ipfkdebug __P((char *, ...));
|
|
extern void ipfkverbose __P((char *, ...));
|
|
|
|
#if SOLARIS
|
|
extern int gethostname __P((char *, int ));
|
|
extern void sync __P((void));
|
|
#endif
|
|
|
|
#endif /* __IPF_H__ */
|