root/include/linux/ip_fw.h

/* [previous][next][first][last][top][bottom][index][help] */

INCLUDED FROM


   1 /*
   2  *      IP firewalling code. This is taken from 4.4BSD. Please note the 
   3  *      copyright message below. As per the GPL it must be maintained
   4  *      and the licenses thus do not conflict. While this port is subject
   5  *      to the GPL I also place my modifications under the original 
   6  *      license in recognition of the original copyright. 
   7  *
   8  *      Ported from BSD to Linux,
   9  *              Alan Cox 22/Nov/1994.
  10  *
  11  *      All the real work was done by .....
  12  */
  13 
  14 /*
  15  * Copyright (c) 1993 Daniel Boulet
  16  * Copyright (c) 1994 Ugen J.S.Antsilevich
  17  *
  18  * Redistribution and use in source forms, with and without modification,
  19  * are permitted provided that this entire comment appears intact.
  20  *
  21  * Redistribution in binary form may occur without any restrictions.
  22  * Obviously, it would be nice if you gave credit where credit is due
  23  * but requiring it would be too onerous.
  24  *
  25  * This software is provided ``AS IS'' without any warranties of any kind.
  26  */
  27 
  28 /*
  29  *      Format of an IP firewall descriptor
  30  *
  31  *      src, dst, src_mask, dst_mask are always stored in network byte order.
  32  *      flags and num_*_ports are stored in host byte order (of course).
  33  *      Port numbers are stored in HOST byte order.
  34  */
  35  
  36 #ifndef _IP_FW_H
  37 #define _IP_FW_H
  38 
  39 struct ip_fw 
  40 {
  41         struct ip_fw *next;                     /* Next firewall on chain */
  42         struct in_addr src, dst;                /* Source and destination IP addr */
  43         struct in_addr src_mask, dst_mask;      /* Mask for src and dest IP addr */
  44         unsigned short flags;                   /* Flags word */
  45         unsigned short n_src_p, n_dst_p;        /* # of src ports and # of dst ports */
  46                                                 /* in ports array (dst ports follow */
  47                                                 /* src ports; max of 10 ports in all; */
  48                                                 /* count of 0 means match all ports) */
  49 #define IP_FW_MAX_PORTS 10                      /* A reasonable maximum */
  50         unsigned short ports[IP_FW_MAX_PORTS];  /* Array of port numbers to match */
  51         unsigned long p_cnt,b_cnt;              /* Packet and byte counters */
  52 };
  53 
  54 /*
  55  *      Values for "flags" field .
  56  */
  57 
  58 #define IP_FW_F_ALL     0x00    /* This is a universal packet firewall*/
  59 #define IP_FW_F_TCP     0x01    /* This is a TCP packet firewall      */
  60 #define IP_FW_F_UDP     0x02    /* This is a UDP packet firewall      */
  61 #define IP_FW_F_ICMP    0x03    /* This is a ICMP packet firewall     */
  62 #define IP_FW_F_KIND    0x03    /* Mask to isolate firewall kind      */
  63 #define IP_FW_F_ACCEPT  0x04    /* This is an accept firewall (as     *
  64                                  *         opposed to a deny firewall)*
  65                                  *                                    */
  66 #define IP_FW_F_SRNG    0x08    /* The first two src ports are a min  *
  67                                  * and max range (stored in host byte *
  68                                  * order).                            *
  69                                  *                                    */
  70 #define IP_FW_F_DRNG    0x10    /* The first two dst ports are a min  *
  71                                  * and max range (stored in host byte *
  72                                  * order).                            *
  73                                  * (ports[0] <= port <= ports[1])     *
  74                                  *                                    */
  75 #define IP_FW_F_PRN     0x20    /* In verbose mode print this firewall*/
  76 #define IP_FW_F_BIDIR   0x40    /* For accounting-count two way       */
  77 #define IP_FW_F_MASK    0x7F    /* All possible flag bits mask        */
  78 
  79 /*    
  80  *      New IP firewall options for [gs]etsockopt at the RAW IP level.
  81  *      Unlike BSD Linux inherits IP options so you don't have to use
  82  *      a raw socket for this. Instead we check rights in the calls.
  83  */     
  84 
  85 #define IP_FW_BASE_CTL  64
  86 
  87 #define IP_FW_ADD_BLK (IP_FW_BASE_CTL)
  88 #define IP_FW_ADD_FWD (IP_FW_BASE_CTL+1)   
  89 #define IP_FW_CHK_BLK (IP_FW_BASE_CTL+2)
  90 #define IP_FW_CHK_FWD (IP_FW_BASE_CTL+3)
  91 #define IP_FW_DEL_BLK (IP_FW_BASE_CTL+4)
  92 #define IP_FW_DEL_FWD (IP_FW_BASE_CTL+5)
  93 #define IP_FW_FLUSH   (IP_FW_BASE_CTL+6)
  94 #define IP_FW_POLICY  (IP_FW_BASE_CTL+7) 
  95 
  96 #define IP_ACCT_ADD   (IP_FW_BASE_CTL+10)
  97 #define IP_ACCT_DEL   (IP_FW_BASE_CTL+11)
  98 #define IP_ACCT_FLUSH (IP_FW_BASE_CTL+12)
  99 #define IP_ACCT_ZERO  (IP_FW_BASE_CTL+13)
 100 
 101 
 102 /*
 103  *      Main firewall chains definitions and global var's definitions.
 104  */
 105 
 106 #ifdef __KERNEL__
 107 #ifdef CONFIG_IP_FIREWALL
 108 extern struct ip_fw *ip_fw_blk_chain;
 109 extern struct ip_fw *ip_fw_fwd_chain;
 110 extern int ip_fw_policy;
 111 extern int ip_fw_chk(struct iphdr *, struct ip_fw *);
 112 extern int ip_fw_ctl(int, void *, int);
 113 #endif
 114 #ifdef CONFIG_IP_ACCT
 115 extern struct ip_fw *ip_acct_chain;
 116 extern void ip_acct_cnt(struct iphdr *, struct ip_fw *, int);
 117 extern int ip_acct_ctl(int, void *, int);
 118 #endif
 119 #endif /* KERNEL */
 120 
 121 #endif /* _IP_FW_H */

/* [previous][next][first][last][top][bottom][index][help] */