1 /* 2 * Copyright (c) 2014 - 2018 The DragonFly Project. All rights reserved. 3 * 4 * This code is derived from software contributed to The DragonFly Project 5 * by Bill Yuan <bycn82@dragonflybsd.org> 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 11 * 1. Redistributions of source code must retain the above copyright 12 * notice, this list of conditions and the following disclaimer. 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in 15 * the documentation and/or other materials provided with the 16 * distribution. 17 * 3. Neither the name of The DragonFly Project nor the names of its 18 * contributors may be used to endorse or promote products derived 19 * from this software without specific, prior written permission. 20 * 21 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 22 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 23 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 24 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE 25 * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, 26 * INCIDENTAL, SPECIAL, EXEMPLARY OR CONSEQUENTIAL DAMAGES (INCLUDING, 27 * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 28 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED 29 * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 30 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT 31 * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 32 * SUCH DAMAGE. 33 */ 34 #ifndef _IP_FW3_BASIC_H 35 #define _IP_FW3_BASIC_H 36 37 #define MODULE_BASIC_ID 0 38 #define MODULE_BASIC_NAME "basic" 39 40 enum ipfw3_basic_opcodes { 41 O_BASIC_ACCEPT, /* accept */ 42 O_BASIC_DENY, /* deny */ 43 O_BASIC_COUNT, /* count */ 44 O_BASIC_SKIPTO, /* skipto action->arg1 */ 45 O_BASIC_FORWARD, /* arg3 count of dest, arg1 type of fwd */ 46 47 O_BASIC_IN, /* in */ 48 O_BASIC_OUT, /* out */ 49 O_BASIC_VIA, /* via */ 50 O_BASIC_XMIT, /* xmit */ 51 O_BASIC_RECV, /* recv */ 52 53 O_BASIC_PROTO, /* arg1=protocol */ 54 O_BASIC_IP_SRC, 55 O_BASIC_IP_SRC_N_PORT, /* src ip: src port */ 56 O_BASIC_IP_SRC_MASK, /* ip = IP/mask*/ 57 O_BASIC_IP_SRC_ME, /* me */ 58 O_BASIC_IP_SRC_LOOKUP, /* from lookup table */ 59 60 O_BASIC_IP_DST, 61 O_BASIC_IP_DST_N_PORT, /* dst ip: dst port */ 62 O_BASIC_IP_DST_MASK, /* ip = IP/mask */ 63 O_BASIC_IP_DST_ME, /* me */ 64 O_BASIC_IP_DST_LOOKUP, /* to lookup table */ 65 66 O_BASIC_IP_SRCPORT, /* src-port */ 67 O_BASIC_IP_DSTPORT, /* dst-port */ 68 O_BASIC_PROB, /* probability 0~1*/ 69 O_BASIC_KEEP_STATE, /* */ 70 O_BASIC_CHECK_STATE, /* */ 71 O_BASIC_TAG, /* action, add tag info into mbuf */ 72 O_BASIC_UNTAG, /* action, remote tag from mbuf */ 73 O_BASIC_TAGGED, /* filter, check the tag info */ 74 75 O_BASIC_COMMENT, /* comment,behind action, no check */ 76 }; 77 78 79 #define IS_EXPIRED(state) (state->lifetime > 0 && \ 80 (state->timestamp + state->lifetime) < time_second) || \ 81 ((state->expiry != 0) && (state->expiry < time_second)) 82 83 84 #ifdef _KERNEL 85 86 87 88 #include <net/ipfw3_basic/ip_fw3_state.h> 89 90 91 /* prototype of the checker functions */ 92 void check_count(int *cmd_ctl, int *cmd_val, struct ip_fw_args **args, 93 struct ip_fw **f, ipfw_insn *cmd, uint16_t ip_len); 94 void check_skipto(int *cmd_ctl, int *cmd_val, struct ip_fw_args **args, 95 struct ip_fw **f, ipfw_insn *cmd, uint16_t ip_len); 96 void check_forward(int *cmd_ctl, int *cmd_val, struct ip_fw_args **args, 97 struct ip_fw **f, ipfw_insn *cmd, uint16_t ip_len); 98 void check_in(int *cmd_ctl, int *cmd_val, struct ip_fw_args **args, 99 struct ip_fw **f, ipfw_insn *cmd, uint16_t ip_len); 100 void check_out(int *cmd_ctl, int *cmd_val, struct ip_fw_args **args, 101 struct ip_fw **f, ipfw_insn *cmd, uint16_t ip_len); 102 void check_via(int *cmd_ctl, int *cmd_val, struct ip_fw_args **args, 103 struct ip_fw **f, ipfw_insn *cmd, uint16_t ip_len); 104 void check_proto(int *cmd_ctl, int *cmd_val, struct ip_fw_args **args, 105 struct ip_fw **f, ipfw_insn *cmd, uint16_t ip_len); 106 void check_prob(int *cmd_ctl, int *cmd_val, struct ip_fw_args **args, 107 struct ip_fw **f, ipfw_insn *cmd, uint16_t ip_len); 108 void check_from(int *cmd_ctl, int *cmd_val, struct ip_fw_args **args, 109 struct ip_fw **f, ipfw_insn *cmd, uint16_t ip_len); 110 void check_from_lookup(int *cmd_ctl, int *cmd_val, struct ip_fw_args **args, 111 struct ip_fw **f, ipfw_insn *cmd, uint16_t ip_len); 112 void check_from_me(int *cmd_ctl, int *cmd_val, struct ip_fw_args **args, 113 struct ip_fw **f, ipfw_insn *cmd, uint16_t ip_len); 114 void check_from_mask(int *cmd_ctl, int *cmd_val, struct ip_fw_args **args, 115 struct ip_fw **f, ipfw_insn *cmd, uint16_t ip_len); 116 void check_to(int *cmd_ctl, int *cmd_val, struct ip_fw_args **args, 117 struct ip_fw **f, ipfw_insn *cmd, uint16_t ip_len); 118 void check_to_lookup(int *cmd_ctl, int *cmd_val, struct ip_fw_args **args, 119 struct ip_fw **f, ipfw_insn *cmd, uint16_t ip_len); 120 void check_to_me(int *cmd_ctl, int *cmd_val, struct ip_fw_args **args, 121 struct ip_fw **f, ipfw_insn *cmd, uint16_t ip_len); 122 void check_to_mask(int *cmd_ctl, int *cmd_val, struct ip_fw_args **args, 123 struct ip_fw **f, ipfw_insn *cmd, uint16_t ip_len); 124 void check_tag(int *cmd_ctl, int *cmd_val, struct ip_fw_args **args, 125 struct ip_fw **f, ipfw_insn *cmd, uint16_t ip_len); 126 void check_untag(int *cmd_ctl, int *cmd_val, struct ip_fw_args **args, 127 struct ip_fw **f, ipfw_insn *cmd, uint16_t ip_len); 128 void check_tagged(int *cmd_ctl, int *cmd_val, struct ip_fw_args **args, 129 struct ip_fw **f, ipfw_insn *cmd, uint16_t ip_len); 130 void check_src_port(int *cmd_ctl, int *cmd_val, struct ip_fw_args **args, 131 struct ip_fw **f, ipfw_insn *cmd, uint16_t ip_len); 132 void check_dst_port(int *cmd_ctl, int *cmd_val, struct ip_fw_args **args, 133 struct ip_fw **f, ipfw_insn *cmd, uint16_t ip_len); 134 void check_src_n_port(int *cmd_ctl, int *cmd_val, struct ip_fw_args **args, 135 struct ip_fw **f, ipfw_insn *cmd, uint16_t ip_len); 136 void check_dst_n_port(int *cmd_ctl, int *cmd_val, struct ip_fw_args **args, 137 struct ip_fw **f, ipfw_insn *cmd, uint16_t ip_len); 138 139 /* prototype of the utility functions */ 140 int match_state(ipfw_insn *cmd, struct ipfw_flow_id *fid, 141 struct ipfw3_state *state); 142 int count_match_state(ipfw_insn *cmd, struct ipfw_flow_id *fid, 143 struct ipfw3_state *state, int *count); 144 145 int ip_fw3_basic_init(void); 146 int ip_fw3_basic_fini(void); 147 #endif /* _KERNEL */ 148 #endif 149