/*
* firewall3 - 3rd OpenWrt UCI firewall implementation
*
- * Copyright (C) 2013-2014 Jo-Philipp Wich <jow@openwrt.org>
+ * Copyright (C) 2013-2014 Jo-Philipp Wich <jo@mein.io>
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
#include <netdb.h>
#include <arpa/inet.h>
#include <sys/socket.h>
+#define _LINUX_IN_H
+#define _LINUX_IN6_H
#include <netinet/in.h>
#include <netinet/ether.h>
FW3_FLAG_REJECT = 7,
FW3_FLAG_DROP = 8,
FW3_FLAG_NOTRACK = 9,
- FW3_FLAG_MARK = 10,
- FW3_FLAG_DNAT = 11,
- FW3_FLAG_SNAT = 12,
- FW3_FLAG_MASQUERADE = 13,
- FW3_FLAG_SRC_ACCEPT = 14,
- FW3_FLAG_SRC_REJECT = 15,
- FW3_FLAG_SRC_DROP = 16,
- FW3_FLAG_CUSTOM_CHAINS = 17,
- FW3_FLAG_SYN_FLOOD = 18,
- FW3_FLAG_MTU_FIX = 19,
- FW3_FLAG_DROP_INVALID = 20,
- FW3_FLAG_HOTPLUG = 21,
+ FW3_FLAG_HELPER = 10,
+ FW3_FLAG_MARK = 11,
+ FW3_FLAG_DNAT = 12,
+ FW3_FLAG_SNAT = 13,
+ FW3_FLAG_MASQUERADE = 14,
+ FW3_FLAG_SRC_ACCEPT = 15,
+ FW3_FLAG_SRC_REJECT = 16,
+ FW3_FLAG_SRC_DROP = 17,
+ FW3_FLAG_CUSTOM_CHAINS = 18,
+ FW3_FLAG_SYN_FLOOD = 19,
+ FW3_FLAG_MTU_FIX = 20,
+ FW3_FLAG_DROP_INVALID = 21,
+ FW3_FLAG_HOTPLUG = 22,
__FW3_FLAG_MAX
};
bool invert;
bool resolved;
enum fw3_family family;
- int mask;
union {
struct in_addr v4;
struct in6_addr v6;
struct in_addr v4;
struct in6_addr v6;
struct ether_addr mac;
- } address2;
+ } mask;
};
struct fw3_mac
uint32_t mask;
};
+struct fw3_cthelpermatch
+{
+ struct list_head list;
+
+ bool set;
+ bool invert;
+ char name[32];
+ struct fw3_cthelper *ptr;
+};
+
struct fw3_defaults
{
enum fw3_flag policy_input;
bool accept_source_route;
bool custom_chains;
+ bool auto_helper;
+ bool flow_offloading;
+ bool flow_offloading_hw;
bool disable_ipv6;
const char *extra_dest;
bool masq;
+ bool masq_allow_invalid;
struct list_head masq_src;
struct list_head masq_dest;
- bool conntrack;
bool mtu_fix;
- bool log;
+ struct list_head cthelpers;
+
+ int log;
struct fw3_limit log_limit;
bool custom_chains;
+ bool auto_helper;
uint32_t flags[2];
+
+ struct list_head old_addrs;
};
struct fw3_rule
struct fw3_device src;
struct fw3_device dest;
struct fw3_setmatch ipset;
+ struct fw3_cthelpermatch helper;
struct list_head proto;
enum fw3_flag target;
struct fw3_mark set_mark;
struct fw3_mark set_xmark;
+ struct fw3_cthelpermatch set_helper;
const char *extra;
};
struct fw3_device src;
struct fw3_device dest;
struct fw3_setmatch ipset;
+ struct fw3_cthelpermatch helper;
struct list_head proto;
struct fw3_device src;
struct fw3_setmatch ipset;
+ struct fw3_cthelpermatch helper;
const char *device;
struct list_head proto;
const char *external;
+ struct list_head entries;
+ const char *loadfile;
+
uint32_t flags[2];
};
bool reload;
};
+struct fw3_cthelper
+{
+ struct list_head list;
+
+ bool enabled;
+ const char *name;
+ const char *module;
+ const char *description;
+ enum fw3_family family;
+ struct list_head proto;
+ struct fw3_port port;
+};
+
+struct fw3_setentry
+{
+ struct list_head list;
+ const char *value;
+};
+
struct fw3_state
{
struct uci_context *uci;
struct list_head forwards;
struct list_head ipsets;
struct list_head includes;
+ struct list_head cthelpers;
bool disable_ipsets;
bool statefile;
bool fw3_parse_mark(void *ptr, const char *val, bool is_list);
bool fw3_parse_setmatch(void *ptr, const char *val, bool is_list);
bool fw3_parse_direction(void *ptr, const char *val, bool is_list);
+bool fw3_parse_cthelper(void *ptr, const char *val, bool is_list);
+bool fw3_parse_setentry(void *ptr, const char *val, bool is_list);
bool fw3_parse_options(void *s, const struct fw3_option *opts,
struct uci_section *section);
bool fw3_parse_blob_options(void *s, const struct fw3_option *opts,
- struct blob_attr *a);
+ struct blob_attr *a, const char *name);
const char * fw3_address_to_string(struct fw3_address *address,
- bool allow_invert);
+ bool allow_invert, bool as_cidr);
#endif
projects / project / firewall3.git / blobdiff