X-Git-Url: http://git.archive.openwrt.org/?p=project%2Ffirewall3.git;a=blobdiff_plain;f=options.h;h=f62f0deec4e6c3674c281ef2699d89e10c228b26;hp=0d9fb9987618273235de777f42fb70507f6291e9;hb=c9092f26645a28a4315846d91e8c8b1ae25bec57;hpb=8fee8f9c520c58d07772cc6bd8f65d9eb1776a56

diff --git a/options.h b/options.h
index 0d9fb99..f62f0de 100644
--- a/options.h
+++ b/options.h
@@ -46,30 +46,42 @@
 
 enum fw3_table
 {
-	FW3_TABLE_FILTER,
-	FW3_TABLE_NAT,
-	FW3_TABLE_MANGLE,
-	FW3_TABLE_RAW,
+	FW3_TABLE_FILTER = 0,
+	FW3_TABLE_NAT    = 1,
+	FW3_TABLE_MANGLE = 2,
+	FW3_TABLE_RAW    = 3,
 };
 
 enum fw3_family
 {
 	FW3_FAMILY_ANY = 0,
-	FW3_FAMILY_V4  = 1,
-	FW3_FAMILY_V6  = 2,
+	FW3_FAMILY_V4  = 4,
+	FW3_FAMILY_V6  = 5,
 };
 
 enum fw3_target
 {
 	FW3_TARGET_UNSPEC  = 0,
-	FW3_TARGET_ACCEPT  = 1,
-	FW3_TARGET_REJECT  = 2,
-	FW3_TARGET_DROP    = 3,
-	FW3_TARGET_NOTRACK = 4,
-	FW3_TARGET_DNAT    = 5,
-	FW3_TARGET_SNAT    = 6,
+	FW3_TARGET_ACCEPT  = 6,
+	FW3_TARGET_REJECT  = 7,
+	FW3_TARGET_DROP    = 8,
+	FW3_TARGET_NOTRACK = 9,
+	FW3_TARGET_DNAT    = 10,
+	FW3_TARGET_SNAT    = 11,
 };
 
+enum fw3_default
+{
+	FW3_DEFAULT_UNSPEC        = 0,
+	FW3_DEFAULT_CUSTOM_CHAINS = 12,
+	FW3_DEFAULT_SYN_FLOOD     = 13,
+	FW3_DEFAULT_MTU_FIX       = 14,
+	FW3_DEFAULT_DROP_INVALID  = 15,
+};
+
+extern const char *fw3_flag_names[FW3_DEFAULT_DROP_INVALID + 1];
+
+
 enum fw3_limit_unit
 {
 	FW3_LIMIT_UNIT_SECOND = 0,
@@ -118,6 +130,7 @@ struct fw3_address
 	struct list_head list;
 
 	bool set;
+	bool range;
 	bool invert;
 	enum fw3_family family;
 	int mask;
@@ -126,6 +139,11 @@ struct fw3_address
 		struct in6_addr v6;
 		struct ether_addr mac;
 	} address;
+	union {
+		struct in_addr v4;
+		struct in6_addr v6;
+		struct ether_addr mac;
+	} address2;
 };
 
 struct fw3_mac
@@ -200,11 +218,14 @@ struct fw3_defaults
 	bool custom_chains;
 
 	bool disable_ipv6;
+
+	uint16_t flags;
 };
 
 struct fw3_zone
 {
 	struct list_head list;
+	struct list_head running_list;
 
 	const char *name;
 
@@ -233,8 +254,8 @@ struct fw3_zone
 
 	bool custom_chains;
 
-	bool has_src_target[FW3_TARGET_SNAT + 1];
-	bool has_dest_target[FW3_TARGET_SNAT + 1];
+	uint16_t src_flags;
+	uint16_t dst_flags;
 };
 
 struct fw3_rule
@@ -326,6 +347,7 @@ struct fw3_forward
 struct fw3_ipset
 {
 	struct list_head list;
+	struct list_head running_list;
 
 	const char *name;
 	enum fw3_family family;
@@ -343,6 +365,8 @@ struct fw3_ipset
 	int timeout;
 
 	const char *external;
+
+	uint16_t flags;
 };
 
 struct fw3_state
@@ -355,7 +379,12 @@ struct fw3_state
 	struct list_head forwards;
 	struct list_head ipsets;
 
+	struct fw3_defaults running_defaults;
+	struct list_head running_zones;
+	struct list_head running_ipsets;
+
 	bool disable_ipsets;
+	bool statefile;
 };
 
 
@@ -390,7 +419,7 @@ bool fw3_parse_protocol(void *ptr, const char *val);
 bool fw3_parse_ipset_method(void *ptr, const char *val);
 bool fw3_parse_ipset_datatype(void *ptr, const char *val);
 
-void fw3_parse_options(void *s, struct fw3_option *opts, int n,
+void fw3_parse_options(void *s, const struct fw3_option *opts,
                        struct uci_section *section);
 
 void fw3_format_in_out(struct fw3_device *in, struct fw3_device *out);