X-Git-Url: http://git.archive.openwrt.org/?p=project%2Ffirewall3.git;a=blobdiff_plain;f=options.h;h=0bfb3e82daeeb87ec75edcf664e1fdc87641dfa5;hp=0d9fb9987618273235de777f42fb70507f6291e9;hb=a4b710143626b399783865a3ea31bdb25aa1bac9;hpb=8fee8f9c520c58d07772cc6bd8f65d9eb1776a56 diff --git a/options.h b/options.h index 0d9fb99..0bfb3e8 100644 --- a/options.h +++ b/options.h @@ -35,6 +35,8 @@ #include #include +#include + #include #include @@ -46,30 +48,47 @@ enum fw3_table { - FW3_TABLE_FILTER, - FW3_TABLE_NAT, - FW3_TABLE_MANGLE, - FW3_TABLE_RAW, + FW3_TABLE_FILTER = 0, + FW3_TABLE_NAT = 1, + FW3_TABLE_MANGLE = 2, + FW3_TABLE_RAW = 3, }; enum fw3_family { FW3_FAMILY_ANY = 0, - FW3_FAMILY_V4 = 1, - FW3_FAMILY_V6 = 2, + FW3_FAMILY_V4 = 4, + FW3_FAMILY_V6 = 5, }; enum fw3_target { - FW3_TARGET_UNSPEC = 0, - FW3_TARGET_ACCEPT = 1, - FW3_TARGET_REJECT = 2, - FW3_TARGET_DROP = 3, - FW3_TARGET_NOTRACK = 4, - FW3_TARGET_DNAT = 5, - FW3_TARGET_SNAT = 6, + FW3_TARGET_UNSPEC = 0, + FW3_TARGET_ACCEPT = 6, + FW3_TARGET_REJECT = 7, + FW3_TARGET_DROP = 8, + FW3_TARGET_NOTRACK = 9, + FW3_TARGET_DNAT = 10, + FW3_TARGET_SNAT = 11, + FW3_TARGET_SRC_ACCEPT = 12, + FW3_TARGET_SRC_REJECT = 13, + FW3_TARGET_SRC_DROP = 14, + FW3_TARGET_CUSTOM_CNS_V4 = 15, + FW3_TARGET_CUSTOM_CNS_V6 = 16, }; +enum fw3_default +{ + FW3_DEFAULT_UNSPEC = 0, + FW3_DEFAULT_CUSTOM_CHAINS = 17, + FW3_DEFAULT_SYN_FLOOD = 18, + FW3_DEFAULT_MTU_FIX = 19, + FW3_DEFAULT_DROP_INVALID = 20, +}; + +extern const char *fw3_flag_names[FW3_DEFAULT_DROP_INVALID + 1]; + + enum fw3_limit_unit { FW3_LIMIT_UNIT_SECOND = 0, @@ -96,6 +115,12 @@ enum fw3_ipset_type FW3_IPSET_TYPE_SET = 5, }; +enum fw3_include_type +{ + FW3_INC_TYPE_SCRIPT = 0, + FW3_INC_TYPE_RESTORE = 1, +}; + struct fw3_ipset_datatype { struct list_head list; @@ -118,6 +143,7 @@ struct fw3_address struct list_head list; bool set; + bool range; bool invert; enum fw3_family family; int mask; @@ -126,6 +152,11 @@ struct fw3_address struct in6_addr v6; struct ether_addr mac; } address; + union { + struct in_addr v4; + struct in6_addr v6; + struct ether_addr mac; + } address2; }; struct fw3_mac @@ -143,7 +174,7 @@ struct fw3_protocol bool any; bool invert; - uint16_t protocol; + uint32_t protocol; }; struct fw3_port @@ -178,6 +209,17 @@ struct fw3_limit enum fw3_limit_unit unit; }; +struct fw3_time +{ + bool utc; + struct tm datestart; + struct tm datestop; + uint32_t timestart; + uint32_t timestop; + uint32_t monthdays; /* bit 0 is invert + 1 .. 31 */ + uint8_t weekdays; /* bit 0 is invert + 1 .. 7 */ +}; + struct fw3_defaults { enum fw3_target policy_input; @@ -191,7 +233,6 @@ struct fw3_defaults bool tcp_syncookies; bool tcp_ecn; - bool tcp_westwood; bool tcp_window_scaling; bool accept_redirects; @@ -200,12 +241,17 @@ struct fw3_defaults bool custom_chains; bool disable_ipv6; + + uint32_t flags; + uint32_t running_flags; }; struct fw3_zone { struct list_head list; + struct list_head running_list; + bool enabled; const char *name; enum fw3_family family; @@ -233,14 +279,15 @@ struct fw3_zone bool custom_chains; - bool has_src_target[FW3_TARGET_SNAT + 1]; - bool has_dest_target[FW3_TARGET_SNAT + 1]; + uint32_t flags; + uint32_t running_flags; }; struct fw3_rule { struct list_head list; + bool enabled; const char *name; enum fw3_family family; @@ -265,9 +312,10 @@ struct fw3_rule struct list_head icmp_type; - enum fw3_target target; - struct fw3_limit limit; + struct fw3_time time; + + enum fw3_target target; const char *extra; }; @@ -276,6 +324,7 @@ struct fw3_redirect { struct list_head list; + bool enabled; const char *name; enum fw3_family family; @@ -301,6 +350,8 @@ struct fw3_redirect struct fw3_address ip_redir; struct fw3_port port_redir; + struct fw3_time time; + enum fw3_target target; const char *extra; @@ -312,6 +363,7 @@ struct fw3_forward { struct list_head list; + bool enabled; const char *name; enum fw3_family family; @@ -326,14 +378,16 @@ struct fw3_forward struct fw3_ipset { struct list_head list; + struct list_head running_list; + bool enabled; const char *name; enum fw3_family family; enum fw3_ipset_method method; struct list_head datatypes; - struct list_head iprange; + struct fw3_address iprange; struct fw3_port portrange; int netmask; @@ -343,6 +397,22 @@ struct fw3_ipset int timeout; const char *external; + + uint32_t flags; + uint32_t running_flags; +}; + +struct fw3_include +{ + struct list_head list; + struct list_head running_list; + + bool enabled; + const char *name; + enum fw3_family family; + + const char *path; + enum fw3_include_type type; }; struct fw3_state @@ -354,8 +424,13 @@ struct fw3_state struct list_head redirects; struct list_head forwards; struct list_head ipsets; + struct list_head includes; + + struct list_head running_zones; + struct list_head running_ipsets; bool disable_ipsets; + bool statefile; }; @@ -387,10 +462,18 @@ bool fw3_parse_port(void *ptr, const char *val); bool fw3_parse_family(void *ptr, const char *val); bool fw3_parse_icmptype(void *ptr, const char *val); bool fw3_parse_protocol(void *ptr, const char *val); + bool fw3_parse_ipset_method(void *ptr, const char *val); bool fw3_parse_ipset_datatype(void *ptr, const char *val); -void fw3_parse_options(void *s, struct fw3_option *opts, int n, +bool fw3_parse_include_type(void *ptr, const char *val); + +bool fw3_parse_date(void *ptr, const char *val); +bool fw3_parse_time(void *ptr, const char *val); +bool fw3_parse_weekdays(void *ptr, const char *val); +bool fw3_parse_monthdays(void *ptr, const char *val); + +void fw3_parse_options(void *s, const struct fw3_option *opts, struct uci_section *section); void fw3_format_in_out(struct fw3_device *in, struct fw3_device *out); @@ -401,6 +484,7 @@ void fw3_format_protocol(struct fw3_protocol *proto, enum fw3_family family); void fw3_format_icmptype(struct fw3_icmptype *icmp, enum fw3_family family); void fw3_format_limit(struct fw3_limit *limit); void fw3_format_ipset(struct fw3_ipset *ipset, bool invert); +void fw3_format_time(struct fw3_time *time); void __fw3_format_comment(const char *comment, ...); #define fw3_format_comment(...) __fw3_format_comment(__VA_ARGS__, NULL)