1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
|
/* $FreeBSD$ */
/*
* Copyright (C) 2012 by Darren Reed.
*
* See the IPFILTER.LICENCE file for details on licencing.
*
* @(#)ipf.h 1.12 6/5/96
* $Id$
*/
#ifndef __IPF_H__
#define __IPF_H__
#include <sys/param.h>
#include <sys/types.h>
#include <sys/file.h>
/*
* This is a workaround for <sys/uio.h> troubles on FreeBSD, HPUX, OpenBSD.
* Needed here because on some systems <sys/uio.h> gets included by things
* like <sys/socket.h>
*/
#ifndef _KERNEL
# define ADD_KERNEL
# define _KERNEL
# define KERNEL
#endif
#include <sys/uio.h>
#ifdef ADD_KERNEL
# undef _KERNEL
# undef KERNEL
#endif
#include <sys/time.h>
#include <sys/socket.h>
#include <net/if.h>
#include <netinet/in.h>
#include <netinet/in_systm.h>
#include <netinet/ip.h>
#include <netinet/ip_icmp.h>
# include <netinet/tcp.h>
#include <netinet/udp.h>
#include <arpa/inet.h>
#include <errno.h>
#include <limits.h>
#include <netdb.h>
#include <stdlib.h>
#include <stddef.h>
#include <stdio.h>
#if !defined(__SVR4) && !defined(__svr4__) && defined(sun)
# include <strings.h>
#endif
#include <string.h>
#include <unistd.h>
#include "netinet/ip_compat.h"
#include "netinet/ip_fil.h"
#include "netinet/ip_nat.h"
#include "netinet/ip_frag.h"
#include "netinet/ip_state.h"
#include "netinet/ip_proxy.h"
#include "netinet/ip_auth.h"
#include "netinet/ip_lookup.h"
#include "netinet/ip_pool.h"
#include "netinet/ip_scan.h"
#include "netinet/ip_htable.h"
#include "netinet/ip_sync.h"
#include "netinet/ip_dstlist.h"
#include "opts.h"
#ifndef __P
# ifdef __STDC__
# define __P(x) x
# else
# define __P(x) ()
# endif
#endif
#ifndef __STDC__
# undef const
# define const
#endif
#ifndef U_32_T
# define U_32_T 1
# if defined(__NetBSD__) || defined(__OpenBSD__) || defined(__FreeBSD__) || \
defined(__sgi)
typedef u_int32_t u_32_t;
# else
# if defined(__alpha__) || defined(__alpha) || defined(_LP64)
typedef unsigned int u_32_t;
# else
# if SOLARIS2 >= 6
typedef uint32_t u_32_t;
# else
typedef unsigned int u_32_t;
# endif
# endif
# endif /* __NetBSD__ || __OpenBSD__ || __FreeBSD__ || __sgi */
#endif /* U_32_T */
#ifndef MAXHOSTNAMELEN
# define MAXHOSTNAMELEN 256
#endif
#define MAX_ICMPCODE 16
#define MAX_ICMPTYPE 19
#define PRINTF (void)printf
#define FPRINTF (void)fprintf
struct ipopt_names {
int on_value;
int on_bit;
int on_siz;
char *on_name;
};
typedef struct alist_s {
struct alist_s *al_next;
int al_not;
int al_family;
i6addr_t al_i6addr;
i6addr_t al_i6mask;
} alist_t;
#define al_addr al_i6addr.in4_addr
#define al_mask al_i6mask.in4_addr
#define al_1 al_addr
#define al_2 al_mask
typedef struct plist_s {
struct plist_s *pl_next;
int pl_compare;
u_short pl_port1;
u_short pl_port2;
} plist_t;
typedef struct {
u_short fb_c;
u_char fb_t;
u_char fb_f;
u_32_t fb_k;
} fakebpf_t;
typedef struct {
char *it_name;
int it_v4;
int it_v6;
} icmptype_t;
typedef struct wordtab {
char *w_word;
int w_value;
} wordtab_t;
typedef struct namelist {
struct namelist *na_next;
char *na_name;
int na_value;
} namelist_t;
typedef struct proxyrule {
struct proxyrule *pr_next;
char *pr_proxy;
char *pr_conf;
namelist_t *pr_names;
int pr_proto;
} proxyrule_t;
#if defined(__NetBSD__) || defined(__FreeBSD_version) || \
SOLARIS
# include <stdarg.h>
typedef int (* ioctlfunc_t) __P((int, ioctlcmd_t, ...));
#else
typedef int (* ioctlfunc_t) __P((dev_t, ioctlcmd_t, void *));
#endif
typedef int (* addfunc_t) __P((int, ioctlfunc_t, void *));
typedef int (* copyfunc_t) __P((void *, void *, size_t));
extern char thishost[MAXHOSTNAMELEN];
extern char flagset[];
extern u_char flags[];
extern struct ipopt_names ionames[];
extern struct ipopt_names secclass[];
extern char *icmpcodes[MAX_ICMPCODE + 1];
extern char *icmptypes[MAX_ICMPTYPE + 1];
extern int use_inet6;
extern int lineNum;
extern int debuglevel;
extern struct ipopt_names v6ionames[];
extern icmptype_t icmptypelist[];
extern wordtab_t statefields[];
extern wordtab_t natfields[];
extern wordtab_t poolfields[];
extern int addicmp __P((char ***, struct frentry *, int));
extern int addipopt __P((char *, struct ipopt_names *, int, char *));
extern int addkeep __P((char ***, struct frentry *, int));
extern alist_t *alist_new __P((int, char *));
extern void alist_free __P((alist_t *));
extern void assigndefined __P((char *));
extern void binprint __P((void *, size_t));
extern u_32_t buildopts __P((char *, char *, int));
extern int checkrev __P((char *));
extern int connecttcp __P((char *, int));
extern int count6bits __P((u_32_t *));
extern int count4bits __P((u_32_t));
extern char *fac_toname __P((int));
extern int fac_findname __P((char *));
extern const char *familyname __P((const int));
extern void fill6bits __P((int, u_int *));
extern wordtab_t *findword __P((wordtab_t *, char *));
extern int ftov __P((int));
extern char *ipf_geterror __P((int, ioctlfunc_t *));
extern int genmask __P((int, char *, i6addr_t *));
extern int gethost __P((int, char *, i6addr_t *));
extern int geticmptype __P((int, char *));
extern int getport __P((struct frentry *, char *, u_short *, char *));
extern int getportproto __P((char *, int));
extern int getproto __P((char *));
extern char *getnattype __P((struct nat *));
extern char *getsumd __P((u_32_t));
extern u_32_t getoptbyname __P((char *));
extern u_32_t getoptbyvalue __P((int));
extern u_32_t getv6optbyname __P((char *));
extern u_32_t getv6optbyvalue __P((int));
extern char *icmptypename __P((int, int));
extern void initparse __P((void));
extern void ipf_dotuning __P((int, char *, ioctlfunc_t));
extern int ipf_addrule __P((int, ioctlfunc_t, void *));
extern void ipf_mutex_clean __P((void));
extern int ipf_parsefile __P((int, addfunc_t, ioctlfunc_t *, char *));
extern int ipf_parsesome __P((int, addfunc_t, ioctlfunc_t *, FILE *));
extern void ipf_perror __P((int, char *));
extern int ipf_perror_fd __P(( int, ioctlfunc_t, char *));
extern void ipf_rwlock_clean __P((void));
extern char *ipf_strerror __P((int));
extern void ipferror __P((int, char *));
extern int ipmon_parsefile __P((char *));
extern int ipmon_parsesome __P((FILE *));
extern int ipnat_addrule __P((int, ioctlfunc_t, void *));
extern int ipnat_parsefile __P((int, addfunc_t, ioctlfunc_t, char *));
extern int ipnat_parsesome __P((int, addfunc_t, ioctlfunc_t, FILE *));
extern int ippool_parsefile __P((int, char *, ioctlfunc_t));
extern int ippool_parsesome __P((int, FILE *, ioctlfunc_t));
extern int kmemcpywrap __P((void *, void *, size_t));
extern char *kvatoname __P((ipfunc_t, ioctlfunc_t));
extern int load_dstlist __P((struct ippool_dst *, ioctlfunc_t,
ipf_dstnode_t *));
extern int load_dstlistnode __P((int, char *, struct ipf_dstnode *,
ioctlfunc_t));
extern alist_t *load_file __P((char *));
extern int load_hash __P((struct iphtable_s *, struct iphtent_s *,
ioctlfunc_t));
extern int load_hashnode __P((int, char *, struct iphtent_s *, int,
ioctlfunc_t));
extern alist_t *load_http __P((char *));
extern int load_pool __P((struct ip_pool_s *list, ioctlfunc_t));
extern int load_poolnode __P((int, char *, ip_pool_node_t *, int, ioctlfunc_t));
extern alist_t *load_url __P((char *));
extern alist_t *make_range __P((int, struct in_addr, struct in_addr));
extern void mb_hexdump __P((mb_t *, FILE *));
extern ipfunc_t nametokva __P((char *, ioctlfunc_t));
extern void nat_setgroupmap __P((struct ipnat *));
extern int ntomask __P((int, int, u_32_t *));
extern u_32_t optname __P((char ***, u_short *, int));
extern wordtab_t *parsefields __P((wordtab_t *, char *));
extern int *parseipfexpr __P((char *, char **));
extern int parsewhoisline __P((char *, addrfamily_t *, addrfamily_t *));
extern void pool_close __P((void));
extern int pool_fd __P((void));
extern int pool_ioctl __P((ioctlfunc_t, ioctlcmd_t, void *));
extern int pool_open __P((void));
extern char *portname __P((int, int));
extern int pri_findname __P((char *));
extern char *pri_toname __P((int));
extern void print_toif __P((int, char *, char *, struct frdest *));
extern void printaps __P((ap_session_t *, int, int));
extern void printaddr __P((int, int, char *, int, u_32_t *, u_32_t *));
extern void printbuf __P((char *, int, int));
extern void printfieldhdr __P((wordtab_t *, wordtab_t *));
extern void printfr __P((struct frentry *, ioctlfunc_t));
extern struct iphtable_s *printhash __P((struct iphtable_s *, copyfunc_t,
char *, int, wordtab_t *));
extern struct iphtable_s *printhash_live __P((iphtable_t *, int, char *,
int, wordtab_t *));
extern ippool_dst_t *printdstl_live __P((ippool_dst_t *, int, char *,
int, wordtab_t *));
extern void printhashdata __P((iphtable_t *, int));
extern struct iphtent_s *printhashnode __P((struct iphtable_s *,
struct iphtent_s *,
copyfunc_t, int, wordtab_t *));
extern void printhost __P((int, u_32_t *));
extern void printhostmask __P((int, u_32_t *, u_32_t *));
extern void printip __P((int, u_32_t *));
extern void printlog __P((struct frentry *));
extern void printlookup __P((char *, i6addr_t *addr, i6addr_t *mask));
extern void printmask __P((int, u_32_t *));
extern void printnataddr __P((int, char *, nat_addr_t *, int));
extern void printnatfield __P((nat_t *, int));
extern void printnatside __P((char *, nat_stat_side_t *));
extern void printpacket __P((int, mb_t *));
extern void printpacket6 __P((int, mb_t *));
extern struct ippool_dst *printdstlist __P((struct ippool_dst *, copyfunc_t,
char *, int, ipf_dstnode_t *,
wordtab_t *));
extern void printdstlistdata __P((ippool_dst_t *, int));
extern ipf_dstnode_t *printdstlistnode __P((ipf_dstnode_t *, copyfunc_t,
int, wordtab_t *));
extern void printdstlistpolicy __P((ippool_policy_t));
extern struct ip_pool_s *printpool __P((struct ip_pool_s *, copyfunc_t,
char *, int, wordtab_t *));
extern struct ip_pool_s *printpool_live __P((struct ip_pool_s *, int,
char *, int, wordtab_t *));
extern void printpooldata __P((ip_pool_t *, int));
extern void printpoolfield __P((void *, int, int));
extern struct ip_pool_node *printpoolnode __P((struct ip_pool_node *,
int, wordtab_t *));
extern void printproto __P((struct protoent *, int, struct ipnat *));
extern void printportcmp __P((int, struct frpcmp *));
extern void printstatefield __P((ipstate_t *, int));
extern void printtqtable __P((ipftq_t *));
extern void printtunable __P((ipftune_t *));
extern void printunit __P((int));
extern void optprint __P((u_short *, u_long, u_long));
#ifdef USE_INET6
extern void optprintv6 __P((u_short *, u_long, u_long));
#endif
extern int remove_hash __P((struct iphtable_s *, ioctlfunc_t));
extern int remove_hashnode __P((int, char *, struct iphtent_s *, ioctlfunc_t));
extern int remove_pool __P((ip_pool_t *, ioctlfunc_t));
extern int remove_poolnode __P((int, char *, ip_pool_node_t *, ioctlfunc_t));
extern u_char tcpflags __P((char *));
extern void printc __P((struct frentry *));
extern void printC __P((int));
extern void emit __P((int, int, void *, struct frentry *));
extern u_char secbit __P((int));
extern u_char seclevel __P((char *));
extern void printfraginfo __P((char *, struct ipfr *));
extern void printifname __P((char *, char *, void *));
extern char *hostname __P((int, void *));
extern struct ipstate *printstate __P((struct ipstate *, int, u_long));
extern void printsbuf __P((char *));
extern void printnat __P((struct ipnat *, int));
extern void printactiveaddress __P((int, char *, i6addr_t *, char *));
extern void printactivenat __P((struct nat *, int, u_long));
extern void printhostmap __P((struct hostmap *, u_int));
extern void printtcpflags __P((u_32_t, u_32_t));
extern void printipfexpr __P((int *));
extern void printstatefield __P((ipstate_t *, int));
extern void printstatefieldhdr __P((int));
extern int sendtrap_v1_0 __P((int, char *, char *, int, time_t));
extern int sendtrap_v2_0 __P((int, char *, char *, int));
extern int vtof __P((int));
extern void set_variable __P((char *, char *));
extern char *get_variable __P((char *, char **, int));
extern void resetlexer __P((void));
extern void debug __P((int, char *, ...));
extern void verbose __P((int, char *, ...));
extern void ipfkdebug __P((char *, ...));
extern void ipfkverbose __P((char *, ...));
#if SOLARIS
extern int gethostname __P((char *, int ));
extern void sync __P((void));
#endif
#endif /* __IPF_H__ */
|
