16a03354eSMatthew Dillon /* 2*4408d548SBill Yuan * Copyright (c) 2014 - 2018 The DragonFly Project. All rights reserved. 36a03354eSMatthew Dillon * 46a03354eSMatthew Dillon * This code is derived from software contributed to The DragonFly Project 59187b359SBill Yuan * by Bill Yuan <bycn82@dragonflybsd.org> 66a03354eSMatthew Dillon * 76a03354eSMatthew Dillon * Redistribution and use in source and binary forms, with or without 86a03354eSMatthew Dillon * modification, are permitted provided that the following conditions 96a03354eSMatthew Dillon * are met: 106a03354eSMatthew Dillon * 116a03354eSMatthew Dillon * 1. Redistributions of source code must retain the above copyright 126a03354eSMatthew Dillon * notice, this list of conditions and the following disclaimer. 136a03354eSMatthew Dillon * 2. Redistributions in binary form must reproduce the above copyright 146a03354eSMatthew Dillon * notice, this list of conditions and the following disclaimer in 156a03354eSMatthew Dillon * the documentation and/or other materials provided with the 166a03354eSMatthew Dillon * distribution. 176a03354eSMatthew Dillon * 3. Neither the name of The DragonFly Project nor the names of its 186a03354eSMatthew Dillon * contributors may be used to endorse or promote products derived 196a03354eSMatthew Dillon * from this software without specific, prior written permission. 206a03354eSMatthew Dillon * 216a03354eSMatthew Dillon * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 226a03354eSMatthew Dillon * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 236a03354eSMatthew Dillon * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 246a03354eSMatthew Dillon * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE 256a03354eSMatthew Dillon * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, 266a03354eSMatthew Dillon * INCIDENTAL, SPECIAL, EXEMPLARY OR CONSEQUENTIAL DAMAGES (INCLUDING, 276a03354eSMatthew Dillon * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 286a03354eSMatthew Dillon * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED 296a03354eSMatthew Dillon * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 306a03354eSMatthew Dillon * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT 316a03354eSMatthew Dillon * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 326a03354eSMatthew Dillon * SUCH DAMAGE. 336a03354eSMatthew Dillon */ 34e600b76aSBill Yuan #ifndef _IP_FW3_BASIC_H 35e600b76aSBill Yuan #define _IP_FW3_BASIC_H 366a03354eSMatthew Dillon 376a03354eSMatthew Dillon #define MODULE_BASIC_ID 0 386a03354eSMatthew Dillon #define MODULE_BASIC_NAME "basic" 396a03354eSMatthew Dillon 40*4408d548SBill Yuan enum ipfw3_basic_opcodes { 416a03354eSMatthew Dillon O_BASIC_ACCEPT, /* accept */ 426a03354eSMatthew Dillon O_BASIC_DENY, /* deny */ 436a03354eSMatthew Dillon O_BASIC_COUNT, /* count */ 446a03354eSMatthew Dillon O_BASIC_SKIPTO, /* skipto action->arg1 */ 456a03354eSMatthew Dillon O_BASIC_FORWARD, /* arg3 count of dest, arg1 type of fwd */ 466a03354eSMatthew Dillon 476a03354eSMatthew Dillon O_BASIC_IN, /* in */ 486a03354eSMatthew Dillon O_BASIC_OUT, /* out */ 496a03354eSMatthew Dillon O_BASIC_VIA, /* via */ 506a03354eSMatthew Dillon O_BASIC_XMIT, /* xmit */ 516a03354eSMatthew Dillon O_BASIC_RECV, /* recv */ 526a03354eSMatthew Dillon 536a03354eSMatthew Dillon O_BASIC_PROTO, /* arg1=protocol */ 546a03354eSMatthew Dillon O_BASIC_IP_SRC, 55c1bde762SBill Yuan O_BASIC_IP_SRC_N_PORT, /* src ip: src port */ 566a03354eSMatthew Dillon O_BASIC_IP_SRC_MASK, /* ip = IP/mask*/ 576a03354eSMatthew Dillon O_BASIC_IP_SRC_ME, /* me */ 585284582fSBill Yuan O_BASIC_IP_SRC_LOOKUP, /* from lookup table */ 596a03354eSMatthew Dillon 606a03354eSMatthew Dillon O_BASIC_IP_DST, 61c1bde762SBill Yuan O_BASIC_IP_DST_N_PORT, /* dst ip: dst port */ 626a03354eSMatthew Dillon O_BASIC_IP_DST_MASK, /* ip = IP/mask */ 636a03354eSMatthew Dillon O_BASIC_IP_DST_ME, /* me */ 645284582fSBill Yuan O_BASIC_IP_DST_LOOKUP, /* to lookup table */ 655284582fSBill Yuan 66c1bde762SBill Yuan O_BASIC_IP_SRCPORT, /* src-port */ 67c1bde762SBill Yuan O_BASIC_IP_DSTPORT, /* dst-port */ 686a03354eSMatthew Dillon O_BASIC_PROB, /* probability 0~1*/ 696a03354eSMatthew Dillon O_BASIC_KEEP_STATE, /* */ 706a03354eSMatthew Dillon O_BASIC_CHECK_STATE, /* */ 716a03354eSMatthew Dillon O_BASIC_TAG, /* action, add tag info into mbuf */ 726a03354eSMatthew Dillon O_BASIC_UNTAG, /* action, remote tag from mbuf */ 736a03354eSMatthew Dillon O_BASIC_TAGGED, /* filter, check the tag info */ 746a03354eSMatthew Dillon 756a03354eSMatthew Dillon O_BASIC_COMMENT, /* comment,behind action, no check */ 766a03354eSMatthew Dillon }; 776a03354eSMatthew Dillon 786a03354eSMatthew Dillon 796a03354eSMatthew Dillon #define IS_EXPIRED(state) (state->lifetime > 0 && \ 806a03354eSMatthew Dillon (state->timestamp + state->lifetime) < time_second) || \ 816a03354eSMatthew Dillon ((state->expiry != 0) && (state->expiry < time_second)) 826a03354eSMatthew Dillon 836a03354eSMatthew Dillon 84*4408d548SBill Yuan #ifdef _KERNEL 85*4408d548SBill Yuan 86*4408d548SBill Yuan 87*4408d548SBill Yuan 88*4408d548SBill Yuan #include <net/ipfw3_basic/ip_fw3_state.h> 89*4408d548SBill Yuan 90*4408d548SBill Yuan 91*4408d548SBill Yuan /* prototype of the checker functions */ 92*4408d548SBill Yuan void check_count(int *cmd_ctl, int *cmd_val, struct ip_fw_args **args, 93*4408d548SBill Yuan struct ip_fw **f, ipfw_insn *cmd, uint16_t ip_len); 94*4408d548SBill Yuan void check_skipto(int *cmd_ctl, int *cmd_val, struct ip_fw_args **args, 95*4408d548SBill Yuan struct ip_fw **f, ipfw_insn *cmd, uint16_t ip_len); 96*4408d548SBill Yuan void check_forward(int *cmd_ctl, int *cmd_val, struct ip_fw_args **args, 97*4408d548SBill Yuan struct ip_fw **f, ipfw_insn *cmd, uint16_t ip_len); 98*4408d548SBill Yuan void check_in(int *cmd_ctl, int *cmd_val, struct ip_fw_args **args, 99*4408d548SBill Yuan struct ip_fw **f, ipfw_insn *cmd, uint16_t ip_len); 100*4408d548SBill Yuan void check_out(int *cmd_ctl, int *cmd_val, struct ip_fw_args **args, 101*4408d548SBill Yuan struct ip_fw **f, ipfw_insn *cmd, uint16_t ip_len); 102*4408d548SBill Yuan void check_via(int *cmd_ctl, int *cmd_val, struct ip_fw_args **args, 103*4408d548SBill Yuan struct ip_fw **f, ipfw_insn *cmd, uint16_t ip_len); 104*4408d548SBill Yuan void check_proto(int *cmd_ctl, int *cmd_val, struct ip_fw_args **args, 105*4408d548SBill Yuan struct ip_fw **f, ipfw_insn *cmd, uint16_t ip_len); 106*4408d548SBill Yuan void check_prob(int *cmd_ctl, int *cmd_val, struct ip_fw_args **args, 107*4408d548SBill Yuan struct ip_fw **f, ipfw_insn *cmd, uint16_t ip_len); 108*4408d548SBill Yuan void check_from(int *cmd_ctl, int *cmd_val, struct ip_fw_args **args, 109*4408d548SBill Yuan struct ip_fw **f, ipfw_insn *cmd, uint16_t ip_len); 110*4408d548SBill Yuan void check_from_lookup(int *cmd_ctl, int *cmd_val, struct ip_fw_args **args, 111*4408d548SBill Yuan struct ip_fw **f, ipfw_insn *cmd, uint16_t ip_len); 112*4408d548SBill Yuan void check_from_me(int *cmd_ctl, int *cmd_val, struct ip_fw_args **args, 113*4408d548SBill Yuan struct ip_fw **f, ipfw_insn *cmd, uint16_t ip_len); 114*4408d548SBill Yuan void check_from_mask(int *cmd_ctl, int *cmd_val, struct ip_fw_args **args, 115*4408d548SBill Yuan struct ip_fw **f, ipfw_insn *cmd, uint16_t ip_len); 116*4408d548SBill Yuan void check_to(int *cmd_ctl, int *cmd_val, struct ip_fw_args **args, 117*4408d548SBill Yuan struct ip_fw **f, ipfw_insn *cmd, uint16_t ip_len); 118*4408d548SBill Yuan void check_to_lookup(int *cmd_ctl, int *cmd_val, struct ip_fw_args **args, 119*4408d548SBill Yuan struct ip_fw **f, ipfw_insn *cmd, uint16_t ip_len); 120*4408d548SBill Yuan void check_to_me(int *cmd_ctl, int *cmd_val, struct ip_fw_args **args, 121*4408d548SBill Yuan struct ip_fw **f, ipfw_insn *cmd, uint16_t ip_len); 122*4408d548SBill Yuan void check_to_mask(int *cmd_ctl, int *cmd_val, struct ip_fw_args **args, 123*4408d548SBill Yuan struct ip_fw **f, ipfw_insn *cmd, uint16_t ip_len); 124*4408d548SBill Yuan void check_tag(int *cmd_ctl, int *cmd_val, struct ip_fw_args **args, 125*4408d548SBill Yuan struct ip_fw **f, ipfw_insn *cmd, uint16_t ip_len); 126*4408d548SBill Yuan void check_untag(int *cmd_ctl, int *cmd_val, struct ip_fw_args **args, 127*4408d548SBill Yuan struct ip_fw **f, ipfw_insn *cmd, uint16_t ip_len); 128*4408d548SBill Yuan void check_tagged(int *cmd_ctl, int *cmd_val, struct ip_fw_args **args, 129*4408d548SBill Yuan struct ip_fw **f, ipfw_insn *cmd, uint16_t ip_len); 130*4408d548SBill Yuan void check_src_port(int *cmd_ctl, int *cmd_val, struct ip_fw_args **args, 131*4408d548SBill Yuan struct ip_fw **f, ipfw_insn *cmd, uint16_t ip_len); 132*4408d548SBill Yuan void check_dst_port(int *cmd_ctl, int *cmd_val, struct ip_fw_args **args, 133*4408d548SBill Yuan struct ip_fw **f, ipfw_insn *cmd, uint16_t ip_len); 134*4408d548SBill Yuan void check_src_n_port(int *cmd_ctl, int *cmd_val, struct ip_fw_args **args, 135*4408d548SBill Yuan struct ip_fw **f, ipfw_insn *cmd, uint16_t ip_len); 136*4408d548SBill Yuan void check_dst_n_port(int *cmd_ctl, int *cmd_val, struct ip_fw_args **args, 137*4408d548SBill Yuan struct ip_fw **f, ipfw_insn *cmd, uint16_t ip_len); 138*4408d548SBill Yuan 139*4408d548SBill Yuan /* prototype of the utility functions */ 140*4408d548SBill Yuan int match_state(ipfw_insn *cmd, struct ipfw_flow_id *fid, 141*4408d548SBill Yuan struct ipfw3_state *state); 142*4408d548SBill Yuan int count_match_state(ipfw_insn *cmd, struct ipfw_flow_id *fid, 143*4408d548SBill Yuan struct ipfw3_state *state, int *count); 144*4408d548SBill Yuan 145*4408d548SBill Yuan int ip_fw3_basic_init(void); 146*4408d548SBill Yuan int ip_fw3_basic_fini(void); 147*4408d548SBill Yuan #endif /* _KERNEL */ 1486a03354eSMatthew Dillon #endif 149