1 /*- 2 * Copyright (c) 1996 - 2001 Brian Somers <brian (at) Awfulhak.org> 3 * based on work by Toshiharu OHNO <tony-o (at) iij.ad.jp> 4 * Internet Initiative Japan, Inc (IIJ) 5 * All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 2. Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in the 14 * documentation and/or other materials provided with the distribution. 15 * 16 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 17 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 18 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 19 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 20 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 21 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 22 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 23 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 24 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 25 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 26 * SUCH DAMAGE. 27 * 28 * $FreeBSD: src/usr.sbin/ppp/filter.h,v 1.29.26.1 2010/12/21 17:10:29 kensmith Exp $ 29 */ 30 31 /* Operations - f_srcop, f_dstop */ 32 #define OP_NONE 0 33 #define OP_EQ 1 34 #define OP_GT 2 35 #define OP_LT 3 36 37 /* srctype or dsttype */ 38 #define T_ADDR 0 39 #define T_MYADDR 1 40 #define T_MYADDR6 2 41 #define T_HISADDR 3 42 #define T_HISADDR6 4 43 #define T_DNS0 5 44 #define T_DNS1 6 45 46 /* 47 * There's a struct filterent for each possible filter rule. The 48 * layout is designed to minimise size (there are 4 * MAXFILTERS of 49 * them) - which is also conveniently a power of 2 (32 bytes) on 50 * architectures where sizeof(int)==4 (this makes indexing faster). 51 * 52 * Note that there are four free bits in the initial word for future 53 * extensions. 54 */ 55 struct filterent { 56 int f_proto; /* Protocol: getprotoby*() */ 57 unsigned f_action : 8; /* Filtering action: goto or A_... */ 58 unsigned f_srcop : 2; /* Source port operation: OP_... */ 59 unsigned f_dstop : 2; /* Destination port operation: OP_... */ 60 unsigned f_srctype : 3; /* T_ value of src */ 61 unsigned f_dsttype : 3; /* T_ value of dst */ 62 unsigned f_estab : 1; /* Check TCP ACK bit */ 63 unsigned f_syn : 1; /* Check TCP SYN bit */ 64 unsigned f_finrst : 1; /* Check TCP FIN/RST bits */ 65 unsigned f_invert : 1; /* true to complement match */ 66 struct ncprange f_src; /* Source address and mask */ 67 struct ncprange f_dst; /* Destination address and mask */ 68 u_short f_srcport; /* Source port, compared with f_srcop */ 69 u_short f_dstport; /* Destination port, compared with f_dstop */ 70 unsigned timeout; /* Keep alive value for passed packet */ 71 }; 72 73 #define MAXFILTERS 40 /* in each filter set */ 74 75 /* f_action values [0..MAXFILTERS) specify the next filter rule, others are: */ 76 #define A_NONE (MAXFILTERS) 77 #define A_PERMIT (A_NONE+1) 78 #define A_DENY (A_PERMIT+1) 79 80 struct filter { 81 struct filterent rule[MAXFILTERS]; /* incoming packet filter */ 82 const char *name; 83 unsigned fragok : 1; 84 unsigned logok : 1; 85 }; 86 87 /* Which filter set */ 88 #define FL_IN 0 89 #define FL_OUT 1 90 #define FL_DIAL 2 91 #define FL_KEEP 3 92 93 struct ipcp; 94 struct cmdargs; 95 96 extern int filter_Show(struct cmdargs const *); 97 extern int filter_Set(struct cmdargs const *); 98 extern const char * filter_Action2Nam(unsigned); 99 extern const char *filter_Op2Nam(unsigned); 100 extern void filter_AdjustAddr(struct filter *, struct ncpaddr *, 101 struct ncpaddr *, struct in_addr *); 102
