root/include/linux/ip_fw.h

/* [previous][next][first][last][top][bottom][index][help] */

INCLUDED FROM

   1 /*
   2  *      IP firewalling code. This is taken from 4.4BSD. Please note the 
   3  *      copyright message below. As per the GPL it must be maintained
   4  *      and the licenses thus do not conflict. While this port is subject
   5  *      to the GPL I also place my modifications under the original 
   6  *      license in recognition of the original copyright. 
   7  *
   8  *      Ported from BSD to Linux,
   9  *              Alan Cox 22/Nov/1994.
  10  *
  11  *      All the real work was done by .....
  12  */
  13 
  14 /*
  15  * Copyright (c) 1993 Daniel Boulet
  16  * Copyright (c) 1994 Ugen J.S.Antsilevich
  17  *
  18  * Redistribution and use in source forms, with and without modification,
  19  * are permitted provided that this entire comment appears intact.
  20  *
  21  * Redistribution in binary form may occur without any restrictions.
  22  * Obviously, it would be nice if you gave credit where credit is due
  23  * but requiring it would be too onerous.
  24  *
  25  * This software is provided ``AS IS'' without any warranties of any kind.
  26  */
  27 
  28 /*
  29  *      Format of an IP firewall descriptor
  30  *
  31  *      src, dst, src_mask, dst_mask are always stored in network byte order.
  32  *      flags and num_*_ports are stored in host byte order (of course).
  33  *      Port numbers are stored in HOST byte order.
  34  */
  35  
  36 #ifndef _IP_FW_H
  37 #define _IP_FW_H
  38 
  39 struct ip_fw 
  40 {
  41         struct ip_fw *next;                     /* Next firewall on chain */
  42         struct in_addr src, dst;                /* Source and destination IP addr */
  43         struct in_addr src_mask, dst_mask;      /* Mask for src and dest IP addr */
  44         unsigned short flags;                   /* Flags word */
  45         unsigned short n_src_p, n_dst_p;        /* # of src ports and # of dst ports */
  46                                                 /* in ports array (dst ports follow */
  47                                                 /* src ports; max of 10 ports in all; */
  48                                                 /* count of 0 means match all ports) */
  49 #define IP_FW_MAX_PORTS 10                      /* A reasonable maximum */
  50         unsigned short ports[IP_FW_MAX_PORTS];  /* Array of port numbers to match */
  51         unsigned long p_cnt,b_cnt;              /* Packet and byte counters */
  52 };
  53 
  54 /*
  55  *      Values for "flags" field .
  56  */
  57 
  58 #define IP_FW_F_ALL     0x00    /* This is a universal packet firewall*/
  59 #define IP_FW_F_TCP     0x01    /* This is a TCP packet firewall      */
  60 #define IP_FW_F_UDP     0x02    /* This is a UDP packet firewall      */
  61 #define IP_FW_F_ICMP    0x03    /* This is a ICMP packet firewall     */
  62 #define IP_FW_F_KIND    0x03    /* Mask to isolate firewall kind      */
  63 #define IP_FW_F_ACCEPT  0x04    /* This is an accept firewall (as     *
  64                                  *         opposed to a deny firewall)*
  65                                  *                                    */
  66 #define IP_FW_F_SRNG    0x08    /* The first two src ports are a min  *
  67                                  * and max range (stored in host byte *
  68                                  * order).                            *
  69                                  *                                    */
  70 #define IP_FW_F_DRNG    0x10    /* The first two dst ports are a min  *
  71                                  * and max range (stored in host byte *
  72                                  * order).                            *
  73                                  * (ports[0] <= port <= ports[1])     *
  74                                  *                                    */
  75 #define IP_FW_F_PRN     0x20    /* In verbose mode print this firewall*/
  76 #define IP_FW_F_BIDIR   0x40    /* For accounting-count two way       */
  77 #define IP_FW_F_MASK    0x7F    /* All possible flag bits mask        */
  78 
  79 /*    
  80  *      New IP firewall options for [gs]etsockopt at the RAW IP level.
  81  *      Unlike BSD Linux inherits IP options so you don't have to use
  82  *      a raw socket for this. Instead we check rights in the calls.
  83  */     
  84 
  85 #define IP_FW_BASE_CTL   64
  86 
  87 #define IP_FW_ADD_BLK    (IP_FW_BASE_CTL)
  88 #define IP_FW_ADD_FWD    (IP_FW_BASE_CTL+1)   
  89 #define IP_FW_CHK_BLK    (IP_FW_BASE_CTL+2)
  90 #define IP_FW_CHK_FWD    (IP_FW_BASE_CTL+3)
  91 #define IP_FW_DEL_BLK    (IP_FW_BASE_CTL+4)
  92 #define IP_FW_DEL_FWD    (IP_FW_BASE_CTL+5)
  93 #define IP_FW_FLUSH_BLK  (IP_FW_BASE_CTL+6)
  94 #define IP_FW_FLUSH_FWD  (IP_FW_BASE_CTL+7)
  95 #define IP_FW_ZERO_BLK   (IP_FW_BASE_CTL+8)
  96 #define IP_FW_ZERO_FWD   (IP_FW_BASE_CTL+9)
  97 #define IP_FW_POLICY_BLK (IP_FW_BASE_CTL+10)
  98 #define IP_FW_POLICY_FWD (IP_FW_BASE_CTL+11)
  99 
 100 #define IP_ACCT_ADD      (IP_FW_BASE_CTL+16)
 101 #define IP_ACCT_DEL      (IP_FW_BASE_CTL+17)
 102 #define IP_ACCT_FLUSH    (IP_FW_BASE_CTL+18)
 103 #define IP_ACCT_ZERO     (IP_FW_BASE_CTL+19)
 104 
 105 
 106 /*
 107  *      Main firewall chains definitions and global var's definitions.
 108  */
 109 
 110 #ifdef __KERNEL__
 111 
 112 #include <linux/config.h>
 113 
 114 #ifdef CONFIG_IP_FIREWALL
 115 extern struct ip_fw *ip_fw_blk_chain;
 116 extern struct ip_fw *ip_fw_fwd_chain;
 117 extern int ip_fw_blk_policy;
 118 extern int ip_fw_fwd_policy;
 119 extern int ip_fw_chk(struct iphdr *, struct ip_fw *, int);
 120 extern int ip_fw_ctl(int, void *, int);
 121 #endif
 122 #ifdef CONFIG_IP_ACCT
 123 extern struct ip_fw *ip_acct_chain;
 124 extern void ip_acct_cnt(struct iphdr *, struct ip_fw *);
 125 extern int ip_acct_ctl(int, void *, int);
 126 #endif
 127 #endif /* KERNEL */
 128 
 129 #endif /* _IP_FW_H */
/* [previous][next][first][last][top][bottom][index][help] */