1706e567fc5ff6b79738a5f470e5aa7b2cae76459Chia-chi Yeh/*- 2706e567fc5ff6b79738a5f470e5aa7b2cae76459Chia-chi Yeh * Copyright (c) 1996 - 2001 Brian Somers <brian@Awfulhak.org> 3706e567fc5ff6b79738a5f470e5aa7b2cae76459Chia-chi Yeh * based on work by Toshiharu OHNO <tony-o@iij.ad.jp> 4706e567fc5ff6b79738a5f470e5aa7b2cae76459Chia-chi Yeh * Internet Initiative Japan, Inc (IIJ) 5706e567fc5ff6b79738a5f470e5aa7b2cae76459Chia-chi Yeh * All rights reserved. 6706e567fc5ff6b79738a5f470e5aa7b2cae76459Chia-chi Yeh * 7706e567fc5ff6b79738a5f470e5aa7b2cae76459Chia-chi Yeh * Redistribution and use in source and binary forms, with or without 8706e567fc5ff6b79738a5f470e5aa7b2cae76459Chia-chi Yeh * modification, are permitted provided that the following conditions 9706e567fc5ff6b79738a5f470e5aa7b2cae76459Chia-chi Yeh * are met: 10706e567fc5ff6b79738a5f470e5aa7b2cae76459Chia-chi Yeh * 1. Redistributions of source code must retain the above copyright 11706e567fc5ff6b79738a5f470e5aa7b2cae76459Chia-chi Yeh * notice, this list of conditions and the following disclaimer. 12706e567fc5ff6b79738a5f470e5aa7b2cae76459Chia-chi Yeh * 2. Redistributions in binary form must reproduce the above copyright 13706e567fc5ff6b79738a5f470e5aa7b2cae76459Chia-chi Yeh * notice, this list of conditions and the following disclaimer in the 14706e567fc5ff6b79738a5f470e5aa7b2cae76459Chia-chi Yeh * documentation and/or other materials provided with the distribution. 15706e567fc5ff6b79738a5f470e5aa7b2cae76459Chia-chi Yeh * 16706e567fc5ff6b79738a5f470e5aa7b2cae76459Chia-chi Yeh * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 17706e567fc5ff6b79738a5f470e5aa7b2cae76459Chia-chi Yeh * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 18706e567fc5ff6b79738a5f470e5aa7b2cae76459Chia-chi Yeh * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 19706e567fc5ff6b79738a5f470e5aa7b2cae76459Chia-chi Yeh * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 20706e567fc5ff6b79738a5f470e5aa7b2cae76459Chia-chi Yeh * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 21706e567fc5ff6b79738a5f470e5aa7b2cae76459Chia-chi Yeh * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 22706e567fc5ff6b79738a5f470e5aa7b2cae76459Chia-chi Yeh * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 23706e567fc5ff6b79738a5f470e5aa7b2cae76459Chia-chi Yeh * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 24706e567fc5ff6b79738a5f470e5aa7b2cae76459Chia-chi Yeh * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 25706e567fc5ff6b79738a5f470e5aa7b2cae76459Chia-chi Yeh * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 26706e567fc5ff6b79738a5f470e5aa7b2cae76459Chia-chi Yeh * SUCH DAMAGE. 27706e567fc5ff6b79738a5f470e5aa7b2cae76459Chia-chi Yeh * 28706e567fc5ff6b79738a5f470e5aa7b2cae76459Chia-chi Yeh * $FreeBSD: src/usr.sbin/ppp/filter.h,v 1.29.26.1 2010/12/21 17:10:29 kensmith Exp $ 29706e567fc5ff6b79738a5f470e5aa7b2cae76459Chia-chi Yeh */ 30706e567fc5ff6b79738a5f470e5aa7b2cae76459Chia-chi Yeh 31706e567fc5ff6b79738a5f470e5aa7b2cae76459Chia-chi Yeh/* Operations - f_srcop, f_dstop */ 32706e567fc5ff6b79738a5f470e5aa7b2cae76459Chia-chi Yeh#define OP_NONE 0 33706e567fc5ff6b79738a5f470e5aa7b2cae76459Chia-chi Yeh#define OP_EQ 1 34706e567fc5ff6b79738a5f470e5aa7b2cae76459Chia-chi Yeh#define OP_GT 2 35706e567fc5ff6b79738a5f470e5aa7b2cae76459Chia-chi Yeh#define OP_LT 3 36706e567fc5ff6b79738a5f470e5aa7b2cae76459Chia-chi Yeh 37706e567fc5ff6b79738a5f470e5aa7b2cae76459Chia-chi Yeh/* srctype or dsttype */ 38706e567fc5ff6b79738a5f470e5aa7b2cae76459Chia-chi Yeh#define T_ADDR 0 39706e567fc5ff6b79738a5f470e5aa7b2cae76459Chia-chi Yeh#define T_MYADDR 1 40706e567fc5ff6b79738a5f470e5aa7b2cae76459Chia-chi Yeh#define T_MYADDR6 2 41706e567fc5ff6b79738a5f470e5aa7b2cae76459Chia-chi Yeh#define T_HISADDR 3 42706e567fc5ff6b79738a5f470e5aa7b2cae76459Chia-chi Yeh#define T_HISADDR6 4 43706e567fc5ff6b79738a5f470e5aa7b2cae76459Chia-chi Yeh#define T_DNS0 5 44706e567fc5ff6b79738a5f470e5aa7b2cae76459Chia-chi Yeh#define T_DNS1 6 45706e567fc5ff6b79738a5f470e5aa7b2cae76459Chia-chi Yeh 46706e567fc5ff6b79738a5f470e5aa7b2cae76459Chia-chi Yeh/* 47706e567fc5ff6b79738a5f470e5aa7b2cae76459Chia-chi Yeh * There's a struct filterent for each possible filter rule. The 48706e567fc5ff6b79738a5f470e5aa7b2cae76459Chia-chi Yeh * layout is designed to minimise size (there are 4 * MAXFILTERS of 49706e567fc5ff6b79738a5f470e5aa7b2cae76459Chia-chi Yeh * them) - which is also conveniently a power of 2 (32 bytes) on 50706e567fc5ff6b79738a5f470e5aa7b2cae76459Chia-chi Yeh * architectures where sizeof(int)==4 (this makes indexing faster). 51706e567fc5ff6b79738a5f470e5aa7b2cae76459Chia-chi Yeh * 52706e567fc5ff6b79738a5f470e5aa7b2cae76459Chia-chi Yeh * Note that there are four free bits in the initial word for future 53706e567fc5ff6b79738a5f470e5aa7b2cae76459Chia-chi Yeh * extensions. 54706e567fc5ff6b79738a5f470e5aa7b2cae76459Chia-chi Yeh */ 55706e567fc5ff6b79738a5f470e5aa7b2cae76459Chia-chi Yehstruct filterent { 56706e567fc5ff6b79738a5f470e5aa7b2cae76459Chia-chi Yeh int f_proto; /* Protocol: getprotoby*() */ 57706e567fc5ff6b79738a5f470e5aa7b2cae76459Chia-chi Yeh unsigned f_action : 8; /* Filtering action: goto or A_... */ 58706e567fc5ff6b79738a5f470e5aa7b2cae76459Chia-chi Yeh unsigned f_srcop : 2; /* Source port operation: OP_... */ 59706e567fc5ff6b79738a5f470e5aa7b2cae76459Chia-chi Yeh unsigned f_dstop : 2; /* Destination port operation: OP_... */ 60706e567fc5ff6b79738a5f470e5aa7b2cae76459Chia-chi Yeh unsigned f_srctype : 3; /* T_ value of src */ 61706e567fc5ff6b79738a5f470e5aa7b2cae76459Chia-chi Yeh unsigned f_dsttype : 3; /* T_ value of dst */ 62706e567fc5ff6b79738a5f470e5aa7b2cae76459Chia-chi Yeh unsigned f_estab : 1; /* Check TCP ACK bit */ 63706e567fc5ff6b79738a5f470e5aa7b2cae76459Chia-chi Yeh unsigned f_syn : 1; /* Check TCP SYN bit */ 64706e567fc5ff6b79738a5f470e5aa7b2cae76459Chia-chi Yeh unsigned f_finrst : 1; /* Check TCP FIN/RST bits */ 65706e567fc5ff6b79738a5f470e5aa7b2cae76459Chia-chi Yeh unsigned f_invert : 1; /* true to complement match */ 66706e567fc5ff6b79738a5f470e5aa7b2cae76459Chia-chi Yeh struct ncprange f_src; /* Source address and mask */ 67706e567fc5ff6b79738a5f470e5aa7b2cae76459Chia-chi Yeh struct ncprange f_dst; /* Destination address and mask */ 68706e567fc5ff6b79738a5f470e5aa7b2cae76459Chia-chi Yeh u_short f_srcport; /* Source port, compared with f_srcop */ 69706e567fc5ff6b79738a5f470e5aa7b2cae76459Chia-chi Yeh u_short f_dstport; /* Destination port, compared with f_dstop */ 70706e567fc5ff6b79738a5f470e5aa7b2cae76459Chia-chi Yeh unsigned timeout; /* Keep alive value for passed packet */ 71706e567fc5ff6b79738a5f470e5aa7b2cae76459Chia-chi Yeh}; 72706e567fc5ff6b79738a5f470e5aa7b2cae76459Chia-chi Yeh 73706e567fc5ff6b79738a5f470e5aa7b2cae76459Chia-chi Yeh#define MAXFILTERS 40 /* in each filter set */ 74706e567fc5ff6b79738a5f470e5aa7b2cae76459Chia-chi Yeh 75706e567fc5ff6b79738a5f470e5aa7b2cae76459Chia-chi Yeh/* f_action values [0..MAXFILTERS) specify the next filter rule, others are: */ 76706e567fc5ff6b79738a5f470e5aa7b2cae76459Chia-chi Yeh#define A_NONE (MAXFILTERS) 77706e567fc5ff6b79738a5f470e5aa7b2cae76459Chia-chi Yeh#define A_PERMIT (A_NONE+1) 78706e567fc5ff6b79738a5f470e5aa7b2cae76459Chia-chi Yeh#define A_DENY (A_PERMIT+1) 79706e567fc5ff6b79738a5f470e5aa7b2cae76459Chia-chi Yeh 80706e567fc5ff6b79738a5f470e5aa7b2cae76459Chia-chi Yehstruct filter { 81706e567fc5ff6b79738a5f470e5aa7b2cae76459Chia-chi Yeh struct filterent rule[MAXFILTERS]; /* incoming packet filter */ 82706e567fc5ff6b79738a5f470e5aa7b2cae76459Chia-chi Yeh const char *name; 83706e567fc5ff6b79738a5f470e5aa7b2cae76459Chia-chi Yeh unsigned fragok : 1; 84706e567fc5ff6b79738a5f470e5aa7b2cae76459Chia-chi Yeh unsigned logok : 1; 85706e567fc5ff6b79738a5f470e5aa7b2cae76459Chia-chi Yeh}; 86706e567fc5ff6b79738a5f470e5aa7b2cae76459Chia-chi Yeh 87706e567fc5ff6b79738a5f470e5aa7b2cae76459Chia-chi Yeh/* Which filter set */ 88706e567fc5ff6b79738a5f470e5aa7b2cae76459Chia-chi Yeh#define FL_IN 0 89706e567fc5ff6b79738a5f470e5aa7b2cae76459Chia-chi Yeh#define FL_OUT 1 90706e567fc5ff6b79738a5f470e5aa7b2cae76459Chia-chi Yeh#define FL_DIAL 2 91706e567fc5ff6b79738a5f470e5aa7b2cae76459Chia-chi Yeh#define FL_KEEP 3 92706e567fc5ff6b79738a5f470e5aa7b2cae76459Chia-chi Yeh 93706e567fc5ff6b79738a5f470e5aa7b2cae76459Chia-chi Yehstruct ipcp; 94706e567fc5ff6b79738a5f470e5aa7b2cae76459Chia-chi Yehstruct cmdargs; 95706e567fc5ff6b79738a5f470e5aa7b2cae76459Chia-chi Yeh 96706e567fc5ff6b79738a5f470e5aa7b2cae76459Chia-chi Yehextern int filter_Show(struct cmdargs const *); 97706e567fc5ff6b79738a5f470e5aa7b2cae76459Chia-chi Yehextern int filter_Set(struct cmdargs const *); 98706e567fc5ff6b79738a5f470e5aa7b2cae76459Chia-chi Yehextern const char * filter_Action2Nam(unsigned); 99706e567fc5ff6b79738a5f470e5aa7b2cae76459Chia-chi Yehextern const char *filter_Op2Nam(unsigned); 100706e567fc5ff6b79738a5f470e5aa7b2cae76459Chia-chi Yehextern void filter_AdjustAddr(struct filter *, struct ncpaddr *, 101706e567fc5ff6b79738a5f470e5aa7b2cae76459Chia-chi Yeh struct ncpaddr *, struct in_addr *); 102