X-Git-Url: http://git.archive.openwrt.org/?p=project%2Ffirewall3.git;a=blobdiff_plain;f=options.h;h=3656a98abd51e2ea58ce2f206f47e00aeeb5d249;hp=f62f0deec4e6c3674c281ef2699d89e10c228b26;hb=eb2a20924afd979feb485298111ced679de42aa0;hpb=c9092f26645a28a4315846d91e8c8b1ae25bec57 diff --git a/options.h b/options.h index f62f0de..3656a98 100644 --- a/options.h +++ b/options.h @@ -35,6 +35,8 @@ #include #include +#include + #include #include @@ -59,27 +61,28 @@ enum fw3_family FW3_FAMILY_V6 = 5, }; -enum fw3_target -{ - FW3_TARGET_UNSPEC = 0, - FW3_TARGET_ACCEPT = 6, - FW3_TARGET_REJECT = 7, - FW3_TARGET_DROP = 8, - FW3_TARGET_NOTRACK = 9, - FW3_TARGET_DNAT = 10, - FW3_TARGET_SNAT = 11, -}; - -enum fw3_default +enum fw3_flag { - FW3_DEFAULT_UNSPEC = 0, - FW3_DEFAULT_CUSTOM_CHAINS = 12, - FW3_DEFAULT_SYN_FLOOD = 13, - FW3_DEFAULT_MTU_FIX = 14, - FW3_DEFAULT_DROP_INVALID = 15, + FW3_FLAG_UNSPEC = 0, + FW3_FLAG_ACCEPT = 6, + FW3_FLAG_REJECT = 7, + FW3_FLAG_DROP = 8, + FW3_FLAG_NOTRACK = 9, + FW3_FLAG_DNAT = 10, + FW3_FLAG_SNAT = 11, + FW3_FLAG_SRC_ACCEPT = 12, + FW3_FLAG_SRC_REJECT = 13, + FW3_FLAG_SRC_DROP = 14, + FW3_FLAG_CUSTOM_CHAINS = 15, + FW3_FLAG_SYN_FLOOD = 16, + FW3_FLAG_MTU_FIX = 17, + FW3_FLAG_DROP_INVALID = 18, + FW3_FLAG_HOTPLUG = 19, + + __FW3_FLAG_MAX }; -extern const char *fw3_flag_names[FW3_DEFAULT_DROP_INVALID + 1]; +extern const char *fw3_flag_names[__FW3_FLAG_MAX]; enum fw3_limit_unit @@ -108,6 +111,18 @@ enum fw3_ipset_type FW3_IPSET_TYPE_SET = 5, }; +enum fw3_include_type +{ + FW3_INC_TYPE_SCRIPT = 0, + FW3_INC_TYPE_RESTORE = 1, +}; + +enum fw3_reflection_source +{ + FW3_REFLECTION_INTERNAL = 0, + FW3_REFLECTION_EXTERNAL = 1, +}; + struct fw3_ipset_datatype { struct list_head list; @@ -123,6 +138,7 @@ struct fw3_device bool any; bool invert; char name[32]; + struct fw3_device *network; }; struct fw3_address @@ -161,7 +177,7 @@ struct fw3_protocol bool any; bool invert; - uint16_t protocol; + uint32_t protocol; }; struct fw3_port @@ -196,11 +212,22 @@ struct fw3_limit enum fw3_limit_unit unit; }; +struct fw3_time +{ + bool utc; + struct tm datestart; + struct tm datestop; + uint32_t timestart; + uint32_t timestop; + uint32_t monthdays; /* bit 0 is invert + 1 .. 31 */ + uint8_t weekdays; /* bit 0 is invert + 1 .. 7 */ +}; + struct fw3_defaults { - enum fw3_target policy_input; - enum fw3_target policy_output; - enum fw3_target policy_forward; + enum fw3_flag policy_input; + enum fw3_flag policy_output; + enum fw3_flag policy_forward; bool drop_invalid; @@ -209,7 +236,6 @@ struct fw3_defaults bool tcp_syncookies; bool tcp_ecn; - bool tcp_westwood; bool tcp_window_scaling; bool accept_redirects; @@ -219,7 +245,7 @@ struct fw3_defaults bool disable_ipv6; - uint16_t flags; + uint32_t flags[2]; }; struct fw3_zone @@ -227,18 +253,22 @@ struct fw3_zone struct list_head list; struct list_head running_list; + bool enabled; const char *name; enum fw3_family family; - enum fw3_target policy_input; - enum fw3_target policy_output; - enum fw3_target policy_forward; + enum fw3_flag policy_input; + enum fw3_flag policy_output; + enum fw3_flag policy_forward; struct list_head networks; struct list_head devices; struct list_head subnets; + struct list_head running_networks; + struct list_head running_devices; + const char *extra_src; const char *extra_dest; @@ -254,14 +284,14 @@ struct fw3_zone bool custom_chains; - uint16_t src_flags; - uint16_t dst_flags; + uint32_t flags[2]; }; struct fw3_rule { struct list_head list; + bool enabled; const char *name; enum fw3_family family; @@ -286,9 +316,10 @@ struct fw3_rule struct list_head icmp_type; - enum fw3_target target; - struct fw3_limit limit; + struct fw3_time time; + + enum fw3_flag target; const char *extra; }; @@ -297,6 +328,7 @@ struct fw3_redirect { struct list_head list; + bool enabled; const char *name; enum fw3_family family; @@ -322,17 +354,21 @@ struct fw3_redirect struct fw3_address ip_redir; struct fw3_port port_redir; - enum fw3_target target; + struct fw3_time time; + + enum fw3_flag target; const char *extra; bool reflection; + enum fw3_reflection_source reflection_src; }; struct fw3_forward { struct list_head list; + bool enabled; const char *name; enum fw3_family family; @@ -349,13 +385,14 @@ struct fw3_ipset struct list_head list; struct list_head running_list; + bool enabled; const char *name; enum fw3_family family; enum fw3_ipset_method method; struct list_head datatypes; - struct list_head iprange; + struct fw3_address iprange; struct fw3_port portrange; int netmask; @@ -366,7 +403,22 @@ struct fw3_ipset const char *external; - uint16_t flags; + uint32_t flags[2]; +}; + +struct fw3_include +{ + struct list_head list; + struct list_head running_list; + + bool enabled; + const char *name; + enum fw3_family family; + + const char *path; + enum fw3_include_type type; + + bool reload; }; struct fw3_state @@ -378,8 +430,8 @@ struct fw3_state struct list_head redirects; struct list_head forwards; struct list_head ipsets; + struct list_head includes; - struct fw3_defaults running_defaults; struct list_head running_zones; struct list_head running_ipsets; @@ -391,7 +443,7 @@ struct fw3_state struct fw3_option { const char *name; - bool (*parse)(void *, const char *); + bool (*parse)(void *, const char *, bool); uintptr_t offset; size_t elem_size; }; @@ -403,21 +455,30 @@ struct fw3_option { name, fw3_parse_##parse, offsetof(struct fw3_##structure, member), \ sizeof(struct fw3_##structure) } - -bool fw3_parse_bool(void *ptr, const char *val); -bool fw3_parse_int(void *ptr, const char *val); -bool fw3_parse_string(void *ptr, const char *val); -bool fw3_parse_target(void *ptr, const char *val); -bool fw3_parse_limit(void *ptr, const char *val); -bool fw3_parse_device(void *ptr, const char *val); -bool fw3_parse_address(void *ptr, const char *val); -bool fw3_parse_mac(void *ptr, const char *val); -bool fw3_parse_port(void *ptr, const char *val); -bool fw3_parse_family(void *ptr, const char *val); -bool fw3_parse_icmptype(void *ptr, const char *val); -bool fw3_parse_protocol(void *ptr, const char *val); -bool fw3_parse_ipset_method(void *ptr, const char *val); -bool fw3_parse_ipset_datatype(void *ptr, const char *val); +bool fw3_parse_bool(void *ptr, const char *val, bool is_list); +bool fw3_parse_int(void *ptr, const char *val, bool is_list); +bool fw3_parse_string(void *ptr, const char *val, bool is_list); +bool fw3_parse_target(void *ptr, const char *val, bool is_list); +bool fw3_parse_limit(void *ptr, const char *val, bool is_list); +bool fw3_parse_device(void *ptr, const char *val, bool is_list); +bool fw3_parse_address(void *ptr, const char *val, bool is_list); +bool fw3_parse_network(void *ptr, const char *val, bool is_list); +bool fw3_parse_mac(void *ptr, const char *val, bool is_list); +bool fw3_parse_port(void *ptr, const char *val, bool is_list); +bool fw3_parse_family(void *ptr, const char *val, bool is_list); +bool fw3_parse_icmptype(void *ptr, const char *val, bool is_list); +bool fw3_parse_protocol(void *ptr, const char *val, bool is_list); + +bool fw3_parse_ipset_method(void *ptr, const char *val, bool is_list); +bool fw3_parse_ipset_datatype(void *ptr, const char *val, bool is_list); + +bool fw3_parse_include_type(void *ptr, const char *val, bool is_list); +bool fw3_parse_reflection_source(void *ptr, const char *val, bool is_list); + +bool fw3_parse_date(void *ptr, const char *val, bool is_list); +bool fw3_parse_time(void *ptr, const char *val, bool is_list); +bool fw3_parse_weekdays(void *ptr, const char *val, bool is_list); +bool fw3_parse_monthdays(void *ptr, const char *val, bool is_list); void fw3_parse_options(void *s, const struct fw3_option *opts, struct uci_section *section); @@ -430,6 +491,7 @@ void fw3_format_protocol(struct fw3_protocol *proto, enum fw3_family family); void fw3_format_icmptype(struct fw3_icmptype *icmp, enum fw3_family family); void fw3_format_limit(struct fw3_limit *limit); void fw3_format_ipset(struct fw3_ipset *ipset, bool invert); +void fw3_format_time(struct fw3_time *time); void __fw3_format_comment(const char *comment, ...); #define fw3_format_comment(...) __fw3_format_comment(__VA_ARGS__, NULL)