X-Git-Url: http://git.archive.openwrt.org/?p=project%2Ffirewall3.git;a=blobdiff_plain;f=options.h;h=6edd174819b59aa8ef82b1907892b823a7e4dc97;hp=567845103187c059d3233864d31945b37d8b90a6;hb=0a7d36d8cf56f160b531f3db9f045e3f9315dd15;hpb=9ce8ca5ec9d28f6e5449c6ce138648cbaf99b438

diff --git a/options.h b/options.h
index 5678451..6edd174 100644
--- a/options.h
+++ b/options.h
@@ -1,7 +1,7 @@
 /*
  * firewall3 - 3rd OpenWrt UCI firewall implementation
  *
- *   Copyright (C) 2013 Jo-Philipp Wich <jow@openwrt.org>
+ *   Copyright (C) 2013-2014 Jo-Philipp Wich <jo@mein.io>
  *
  * Permission to use, copy, modify, and/or distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
@@ -32,6 +32,8 @@
 #include <netdb.h>
 #include <arpa/inet.h>
 #include <sys/socket.h>
+#define _LINUX_IN_H
+#define _LINUX_IN6_H
 #include <netinet/in.h>
 #include <netinet/ether.h>
 
@@ -41,6 +43,7 @@
 
 #include <libubox/list.h>
 #include <libubox/utils.h>
+#include <libubox/blobmsg.h>
 
 #include "icmp_codes.h"
 #include "utils.h"
@@ -71,14 +74,15 @@ enum fw3_flag
 	FW3_FLAG_MARK          = 10,
 	FW3_FLAG_DNAT          = 11,
 	FW3_FLAG_SNAT          = 12,
-	FW3_FLAG_SRC_ACCEPT    = 13,
-	FW3_FLAG_SRC_REJECT    = 14,
-	FW3_FLAG_SRC_DROP      = 15,
-	FW3_FLAG_CUSTOM_CHAINS = 16,
-	FW3_FLAG_SYN_FLOOD     = 17,
-	FW3_FLAG_MTU_FIX       = 18,
-	FW3_FLAG_DROP_INVALID  = 19,
-	FW3_FLAG_HOTPLUG       = 20,
+	FW3_FLAG_MASQUERADE    = 13,
+	FW3_FLAG_SRC_ACCEPT    = 14,
+	FW3_FLAG_SRC_REJECT    = 15,
+	FW3_FLAG_SRC_DROP      = 16,
+	FW3_FLAG_CUSTOM_CHAINS = 17,
+	FW3_FLAG_SYN_FLOOD     = 18,
+	FW3_FLAG_MTU_FIX       = 19,
+	FW3_FLAG_DROP_INVALID  = 20,
+	FW3_FLAG_HOTPLUG       = 21,
 
 	__FW3_FLAG_MAX
 };
@@ -92,8 +96,13 @@ enum fw3_limit_unit
 	FW3_LIMIT_UNIT_MINUTE = 1,
 	FW3_LIMIT_UNIT_HOUR   = 2,
 	FW3_LIMIT_UNIT_DAY    = 3,
+
+	__FW3_LIMIT_UNIT_MAX
 };
 
+extern const char *fw3_limit_units[__FW3_LIMIT_UNIT_MAX];
+
+
 enum fw3_ipset_method
 {
 	FW3_IPSET_METHOD_UNSPEC = 0,
@@ -136,7 +145,16 @@ struct fw3_ipset_datatype
 {
 	struct list_head list;
 	enum fw3_ipset_type type;
-	bool dest;
+	const char *dir;
+};
+
+struct fw3_setmatch
+{
+	bool set;
+	bool invert;
+	char name[32];
+	const char *dir[3];
+	struct fw3_ipset *ptr;
 };
 
 struct fw3_device
@@ -147,7 +165,7 @@ struct fw3_device
 	bool any;
 	bool invert;
 	char name[32];
-	struct fw3_device *network;
+	char network[32];
 };
 
 struct fw3_address
@@ -157,8 +175,8 @@ struct fw3_address
 	bool set;
 	bool range;
 	bool invert;
+	bool resolved;
 	enum fw3_family family;
-	int mask;
 	union {
 		struct in_addr v4;
 		struct in6_addr v6;
@@ -168,7 +186,7 @@ struct fw3_address
 		struct in_addr v4;
 		struct in6_addr v6;
 		struct ether_addr mac;
-	} address2;
+	} mask;
 };
 
 struct fw3_mac
@@ -252,7 +270,7 @@ struct fw3_defaults
 	struct fw3_limit syn_flood_rate;
 
 	bool tcp_syncookies;
-	bool tcp_ecn;
+	int tcp_ecn;
 	bool tcp_window_scaling;
 
 	bool accept_redirects;
@@ -286,10 +304,10 @@ struct fw3_zone
 	const char *extra_dest;
 
 	bool masq;
+	bool masq_allow_invalid;
 	struct list_head masq_src;
 	struct list_head masq_dest;
 
-	bool conntrack;
 	bool mtu_fix;
 
 	bool log;
@@ -298,6 +316,8 @@ struct fw3_zone
 	bool custom_chains;
 
 	uint32_t flags[2];
+
+	struct list_head old_addrs;
 };
 
 struct fw3_rule
@@ -312,11 +332,12 @@ struct fw3_rule
 	struct fw3_zone *_src;
 	struct fw3_zone *_dest;
 
+	const char *device;
+	bool direction_out;
+
 	struct fw3_device src;
 	struct fw3_device dest;
-
-	struct fw3_ipset *_ipset;
-	struct fw3_device ipset;
+	struct fw3_setmatch ipset;
 
 	struct list_head proto;
 
@@ -354,9 +375,7 @@ struct fw3_redirect
 
 	struct fw3_device src;
 	struct fw3_device dest;
-
-	struct fw3_ipset *_ipset;
-	struct fw3_device ipset;
+	struct fw3_setmatch ipset;
 
 	struct list_head proto;
 
@@ -370,6 +389,7 @@ struct fw3_redirect
 	struct fw3_address ip_redir;
 	struct fw3_port port_redir;
 
+	struct fw3_limit limit;
 	struct fw3_time time;
 	struct fw3_mark mark;
 
@@ -377,10 +397,47 @@ struct fw3_redirect
 
 	const char *extra;
 
+	bool local;
 	bool reflection;
 	enum fw3_reflection_source reflection_src;
 };
 
+struct fw3_snat
+{
+	struct list_head list;
+
+	bool enabled;
+	const char *name;
+
+	enum fw3_family family;
+
+	struct fw3_zone *_src;
+
+	struct fw3_device src;
+	struct fw3_setmatch ipset;
+	const char *device;
+
+	struct list_head proto;
+
+	struct fw3_address ip_src;
+	struct fw3_port port_src;
+
+	struct fw3_address ip_dest;
+	struct fw3_port port_dest;
+
+	struct fw3_address ip_snat;
+	struct fw3_port port_snat;
+
+	struct fw3_limit limit;
+	struct fw3_time time;
+	struct fw3_mark mark;
+	bool connlimit_ports;
+
+	enum fw3_flag target;
+
+	const char *extra;
+};
+
 struct fw3_forward
 {
 	struct list_head list;
@@ -443,6 +500,7 @@ struct fw3_state
 	struct list_head zones;
 	struct list_head rules;
 	struct list_head redirects;
+	struct list_head snats;
 	struct list_head forwards;
 	struct list_head ipsets;
 	struct list_head includes;
@@ -451,6 +509,13 @@ struct fw3_state
 	bool statefile;
 };
 
+struct fw3_chain_spec {
+	int family;
+	int table;
+	int flag;
+	const char *format;
+};
+
 
 struct fw3_option
 {
@@ -492,27 +557,15 @@ bool fw3_parse_time(void *ptr, const char *val, bool is_list);
 bool fw3_parse_weekdays(void *ptr, const char *val, bool is_list);
 bool fw3_parse_monthdays(void *ptr, const char *val, bool is_list);
 bool fw3_parse_mark(void *ptr, const char *val, bool is_list);
+bool fw3_parse_setmatch(void *ptr, const char *val, bool is_list);
+bool fw3_parse_direction(void *ptr, const char *val, bool is_list);
 
-void fw3_parse_options(void *s, const struct fw3_option *opts,
+bool fw3_parse_options(void *s, const struct fw3_option *opts,
                        struct uci_section *section);
+bool fw3_parse_blob_options(void *s, const struct fw3_option *opts,
+                            struct blob_attr *a, const char *name);
 
 const char * fw3_address_to_string(struct fw3_address *address,
-                                   bool allow_invert);
-
-void fw3_format_in_out(struct fw3_device *in, struct fw3_device *out);
-void fw3_format_src_dest(struct fw3_address *src, struct fw3_address *dest);
-void fw3_format_sport_dport(struct fw3_port *sp, struct fw3_port *dp);
-void fw3_format_mac(struct fw3_mac *mac);
-void fw3_format_protocol(struct fw3_protocol *proto, enum fw3_family family);
-void fw3_format_icmptype(struct fw3_icmptype *icmp, enum fw3_family family);
-void fw3_format_limit(struct fw3_limit *limit);
-void fw3_format_ipset(struct fw3_ipset *ipset, bool invert);
-void fw3_format_time(struct fw3_time *time);
-void fw3_format_mark(struct fw3_mark *mark);
-
-void __fw3_format_comment(const char *comment, ...);
-#define fw3_format_comment(...) __fw3_format_comment(__VA_ARGS__, NULL)
-
-void fw3_format_extra(const char *extra);
+                                   bool allow_invert, bool as_cidr);
 
 #endif