107ac07d3Srmind /*- 2dadc88e3Srmind * Copyright (c) 2011-2019 The NetBSD Foundation, Inc. 307ac07d3Srmind * All rights reserved. 407ac07d3Srmind * 507ac07d3Srmind * This material is based upon work partially supported by The 607ac07d3Srmind * NetBSD Foundation under a contract with Mindaugas Rasiukevicius. 707ac07d3Srmind * 807ac07d3Srmind * Redistribution and use in source and binary forms, with or without 907ac07d3Srmind * modification, are permitted provided that the following conditions 1007ac07d3Srmind * are met: 1107ac07d3Srmind * 1. Redistributions of source code must retain the above copyright 1207ac07d3Srmind * notice, this list of conditions and the following disclaimer. 1307ac07d3Srmind * 2. Redistributions in binary form must reproduce the above copyright 1407ac07d3Srmind * notice, this list of conditions and the following disclaimer in the 1507ac07d3Srmind * documentation and/or other materials provided with the distribution. 1607ac07d3Srmind * 1707ac07d3Srmind * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS 1807ac07d3Srmind * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 1907ac07d3Srmind * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 2007ac07d3Srmind * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS 2107ac07d3Srmind * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 2207ac07d3Srmind * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 2307ac07d3Srmind * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 2407ac07d3Srmind * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 2507ac07d3Srmind * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 2607ac07d3Srmind * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 2707ac07d3Srmind * POSSIBILITY OF SUCH DAMAGE. 2807ac07d3Srmind */ 2907ac07d3Srmind 3007ac07d3Srmind #ifndef _NPF_LIB_H_ 3107ac07d3Srmind #define _NPF_LIB_H_ 3207ac07d3Srmind 3307ac07d3Srmind #include <sys/types.h> 3407ac07d3Srmind #include <net/npf.h> 3507ac07d3Srmind 3607ac07d3Srmind __BEGIN_DECLS 3707ac07d3Srmind 3807ac07d3Srmind struct nl_config; 3907ac07d3Srmind struct nl_rule; 4007ac07d3Srmind struct nl_rproc; 4107ac07d3Srmind struct nl_table; 420e218254Srmind struct nl_ext; 4307ac07d3Srmind 4407ac07d3Srmind typedef struct nl_config nl_config_t; 4507ac07d3Srmind typedef struct nl_rule nl_rule_t; 4607ac07d3Srmind typedef struct nl_rproc nl_rproc_t; 4707ac07d3Srmind typedef struct nl_table nl_table_t; 4807ac07d3Srmind typedef struct nl_rule nl_nat_t; 498c6e21bfSrmind typedef struct nl_ext nl_ext_t; 508c6e21bfSrmind 51dadc88e3Srmind /* 52dadc88e3Srmind * Iterator. 53dadc88e3Srmind */ 54dadc88e3Srmind #define NPF_ITER_BEGIN 0 55dadc88e3Srmind 56dadc88e3Srmind typedef signed long nl_iter_t; 57dadc88e3Srmind 58dadc88e3Srmind /* 5904cb50acSrmind * Ruleset prefix(es). 6004cb50acSrmind */ 6104cb50acSrmind 6204cb50acSrmind #define NPF_RULESET_MAP_PREF "map:" 6304cb50acSrmind 6404cb50acSrmind /* 65dadc88e3Srmind * Extensions API types. 66dadc88e3Srmind */ 678c6e21bfSrmind typedef int (*npfext_initfunc_t)(void); 688c6e21bfSrmind typedef nl_ext_t *(*npfext_consfunc_t)(const char *); 698c6e21bfSrmind typedef int (*npfext_paramfunc_t)(nl_ext_t *, const char *, const char *); 708c6e21bfSrmind 71dadc88e3Srmind typedef int (*npf_conn_func_t)(unsigned, const npf_addr_t *, 72dadc88e3Srmind const in_port_t *, const char *, void *); 73f7fec0d2Srmind 74dadc88e3Srmind /* 75dadc88e3Srmind * API functions. 76dadc88e3Srmind */ 77f7fec0d2Srmind 7807ac07d3Srmind nl_config_t * npf_config_create(void); 7907ac07d3Srmind void npf_config_destroy(nl_config_t *); 80f75d79ebSchristos int npf_config_submit(nl_config_t *, int, npf_error_t *); 81f75d79ebSchristos nl_config_t * npf_config_retrieve(int); 824b85474bSrmind int npf_config_flush(int); 83f75d79ebSchristos nl_config_t * npf_config_import(const void *, size_t); 84f75d79ebSchristos void * npf_config_export(nl_config_t *, size_t *); 85f75d79ebSchristos bool npf_config_active_p(nl_config_t *); 86f75d79ebSchristos bool npf_config_loaded_p(nl_config_t *); 87*b899bfd9Srmind const void * npf_config_build(nl_config_t *); 8807ac07d3Srmind 89dadc88e3Srmind int npf_alg_load(nl_config_t *, const char *); 90dadc88e3Srmind 91dadc88e3Srmind int npf_param_get(nl_config_t *, const char *, int *); 92dadc88e3Srmind int npf_param_set(nl_config_t *, const char *, int); 93*b899bfd9Srmind const char * npf_param_iterate(nl_config_t *, nl_iter_t *, int *, int *); 94dadc88e3Srmind 9556910be7Srmind int npf_ruleset_add(int, const char *, nl_rule_t *, uint64_t *); 9656910be7Srmind int npf_ruleset_remove(int, const char *, uint64_t); 970e218254Srmind int npf_ruleset_remkey(int, const char *, const void *, size_t); 9850c5afcaSrmind int npf_ruleset_flush(int, const char *); 990e218254Srmind 1003d9a792dSrmind nl_ext_t * npf_ext_construct(const char *); 1018c6e21bfSrmind void npf_ext_param_u32(nl_ext_t *, const char *, uint32_t); 1028c6e21bfSrmind void npf_ext_param_bool(nl_ext_t *, const char *, bool); 103c628b578Sjakllsch void npf_ext_param_string(nl_ext_t *, const char *, const char *); 1048c6e21bfSrmind 105a79812eaSrmind nl_rule_t * npf_rule_create(const char *, uint32_t, const char *); 10607ac07d3Srmind int npf_rule_setcode(nl_rule_t *, int, const void *, size_t); 107f75d79ebSchristos int npf_rule_setprio(nl_rule_t *, int); 1080e218254Srmind int npf_rule_setproc(nl_rule_t *, const char *); 1090e218254Srmind int npf_rule_setkey(nl_rule_t *, const void *, size_t); 1104e592132Srmind int npf_rule_setinfo(nl_rule_t *, const void *, size_t); 111dadc88e3Srmind const char * npf_rule_getname(nl_rule_t *); 112dadc88e3Srmind uint32_t npf_rule_getattr(nl_rule_t *); 113dadc88e3Srmind const char * npf_rule_getinterface(nl_rule_t *); 114dadc88e3Srmind const void * npf_rule_getinfo(nl_rule_t *, size_t *); 115dadc88e3Srmind const char * npf_rule_getproc(nl_rule_t *); 116dadc88e3Srmind uint64_t npf_rule_getid(nl_rule_t *); 117dadc88e3Srmind const void * npf_rule_getcode(nl_rule_t *, int *, size_t *); 11807ac07d3Srmind bool npf_rule_exists_p(nl_config_t *, const char *); 1190e218254Srmind int npf_rule_insert(nl_config_t *, nl_rule_t *, nl_rule_t *); 1200e218254Srmind void * npf_rule_export(nl_rule_t *, size_t *); 12107ac07d3Srmind void npf_rule_destroy(nl_rule_t *); 12207ac07d3Srmind 12307ac07d3Srmind nl_rproc_t * npf_rproc_create(const char *); 1248c6e21bfSrmind int npf_rproc_extcall(nl_rproc_t *, nl_ext_t *); 12507ac07d3Srmind bool npf_rproc_exists_p(nl_config_t *, const char *); 12607ac07d3Srmind int npf_rproc_insert(nl_config_t *, nl_rproc_t *); 127dadc88e3Srmind const char * npf_rproc_getname(nl_rproc_t *); 12807ac07d3Srmind 1293d9a792dSrmind nl_nat_t * npf_nat_create(int, unsigned, const char *); 1303d9a792dSrmind int npf_nat_setaddr(nl_nat_t *, int, npf_addr_t *, npf_netmask_t); 1313d9a792dSrmind int npf_nat_setport(nl_nat_t *, in_port_t); 1323d9a792dSrmind int npf_nat_settable(nl_nat_t *, unsigned); 133dadc88e3Srmind int npf_nat_settablefilter(nl_nat_t *, int, npf_addr_t *, npf_netmask_t); 1343d9a792dSrmind int npf_nat_setalgo(nl_nat_t *, unsigned); 1353d9a792dSrmind int npf_nat_setnpt66(nl_nat_t *, uint16_t); 136dadc88e3Srmind int npf_nat_gettype(nl_nat_t *); 137dadc88e3Srmind unsigned npf_nat_getflags(nl_nat_t *); 138dadc88e3Srmind const npf_addr_t *npf_nat_getaddr(nl_nat_t *, size_t *, npf_netmask_t *); 139dadc88e3Srmind in_port_t npf_nat_getport(nl_nat_t *); 140dadc88e3Srmind unsigned npf_nat_gettable(nl_nat_t *); 141dadc88e3Srmind unsigned npf_nat_getalgo(nl_nat_t *); 142dadc88e3Srmind int npf_nat_insert(nl_config_t *, nl_nat_t *); 143dadc88e3Srmind int npf_nat_lookup(int, int, npf_addr_t *[2], in_port_t [2], int, int); 144dadc88e3Srmind 145dadc88e3Srmind int npf_conn_list(int, npf_conn_func_t, void *); 14607ac07d3Srmind 14739013e66Srmind nl_table_t * npf_table_create(const char *, unsigned, int); 148dadc88e3Srmind const char * npf_table_getname(nl_table_t *); 149dadc88e3Srmind unsigned npf_table_getid(nl_table_t *); 150dadc88e3Srmind int npf_table_gettype(nl_table_t *); 15157ff5416Srmind int npf_table_add_entry(nl_table_t *, int, 152a3b239f6Srmind const npf_addr_t *, const npf_netmask_t); 15307ac07d3Srmind int npf_table_insert(nl_config_t *, nl_table_t *); 15407ac07d3Srmind void npf_table_destroy(nl_table_t *); 15507ac07d3Srmind 1560e1944daSrmind int npf_table_replace(int, nl_table_t *, npf_error_t *); 1570e1944daSrmind 15833b678d7Srmind #ifdef _NPF_PRIVATE 15963f44833Srmind 16063f44833Srmind #include <ifaddrs.h> 16163f44833Srmind 162dadc88e3Srmind nl_rule_t * npf_rule_iterate(nl_config_t *, nl_iter_t *, unsigned *); 163dadc88e3Srmind nl_nat_t * npf_nat_iterate(nl_config_t *, nl_iter_t *); 164dadc88e3Srmind nl_rproc_t * npf_rproc_iterate(nl_config_t *, nl_iter_t *); 165dadc88e3Srmind nl_table_t * npf_table_iterate(nl_config_t *, nl_iter_t *); 1664e592132Srmind 16750c5afcaSrmind int _npf_ruleset_list(int, const char *, nl_config_t *); 168a79812eaSrmind void _npf_debug_addif(nl_config_t *, const char *); 16939013e66Srmind void _npf_config_dump(nl_config_t *, int); 170bc0f55deSchristos 17133b678d7Srmind #endif 17233b678d7Srmind 17307ac07d3Srmind __END_DECLS 17407ac07d3Srmind 17507ac07d3Srmind #endif /* _NPF_LIB_H_ */ 176