Changeset View
Changeset View
Standalone View
Standalone View
lib/libpfctl/libpfctl.h
Show All 30 Lines | |||||
* $FreeBSD$ | * $FreeBSD$ | ||||
*/ | */ | ||||
#ifndef _PFCTL_IOCTL_H_ | #ifndef _PFCTL_IOCTL_H_ | ||||
#define _PFCTL_IOCTL_H_ | #define _PFCTL_IOCTL_H_ | ||||
#include <netpfil/pf/pf.h> | #include <netpfil/pf/pf.h> | ||||
struct pfctl_anchor; | |||||
struct pfctl_rule { | |||||
struct pf_rule_addr src; | |||||
struct pf_rule_addr dst; | |||||
union pf_rule_ptr skip[PF_SKIP_COUNT]; | |||||
char label[PF_RULE_LABEL_SIZE]; | |||||
char ifname[IFNAMSIZ]; | |||||
char qname[PF_QNAME_SIZE]; | |||||
char pqname[PF_QNAME_SIZE]; | |||||
char tagname[PF_TAG_NAME_SIZE]; | |||||
char match_tagname[PF_TAG_NAME_SIZE]; | |||||
char overload_tblname[PF_TABLE_NAME_SIZE]; | |||||
TAILQ_ENTRY(pfctl_rule) entries; | |||||
struct pf_pool rpool; | |||||
u_int64_t evaluations; | |||||
u_int64_t packets[2]; | |||||
u_int64_t bytes[2]; | |||||
struct pfi_kif *kif; | |||||
struct pfctl_anchor *anchor; | |||||
struct pfr_ktable *overload_tbl; | |||||
pf_osfp_t os_fingerprint; | |||||
int rtableid; | |||||
u_int32_t timeout[PFTM_MAX]; | |||||
u_int32_t max_states; | |||||
u_int32_t max_src_nodes; | |||||
u_int32_t max_src_states; | |||||
u_int32_t max_src_conn; | |||||
struct { | |||||
u_int32_t limit; | |||||
u_int32_t seconds; | |||||
} max_src_conn_rate; | |||||
u_int32_t qid; | |||||
u_int32_t pqid; | |||||
u_int32_t nr; | |||||
u_int32_t prob; | |||||
uid_t cuid; | |||||
pid_t cpid; | |||||
counter_u64_t states_cur; | |||||
counter_u64_t states_tot; | |||||
counter_u64_t src_nodes; | |||||
u_int16_t return_icmp; | |||||
u_int16_t return_icmp6; | |||||
u_int16_t max_mss; | |||||
u_int16_t tag; | |||||
u_int16_t match_tag; | |||||
u_int16_t scrub_flags; | |||||
struct pf_rule_uid uid; | |||||
struct pf_rule_gid gid; | |||||
u_int32_t rule_flag; | |||||
u_int8_t action; | |||||
u_int8_t direction; | |||||
u_int8_t log; | |||||
u_int8_t logif; | |||||
u_int8_t quick; | |||||
u_int8_t ifnot; | |||||
u_int8_t match_tag_not; | |||||
u_int8_t natpass; | |||||
u_int8_t keep_state; | |||||
sa_family_t af; | |||||
u_int8_t proto; | |||||
u_int8_t type; | |||||
u_int8_t code; | |||||
u_int8_t flags; | |||||
u_int8_t flagset; | |||||
u_int8_t min_ttl; | |||||
u_int8_t allow_opts; | |||||
u_int8_t rt; | |||||
u_int8_t return_ttl; | |||||
u_int8_t tos; | |||||
u_int8_t set_tos; | |||||
u_int8_t anchor_relative; | |||||
u_int8_t anchor_wildcard; | |||||
u_int8_t flush; | |||||
u_int8_t prio; | |||||
u_int8_t set_prio[2]; | |||||
struct { | |||||
struct pf_addr addr; | |||||
u_int16_t port; | |||||
} divert; | |||||
uint64_t u_states_cur; | |||||
uint64_t u_states_tot; | |||||
uint64_t u_src_nodes; | |||||
}; | |||||
TAILQ_HEAD(pfctl_rulequeue, pfctl_rule); | |||||
struct pfctl_ruleset { | |||||
struct { | |||||
struct pfctl_rulequeue queues[2]; | |||||
struct { | |||||
struct pfctl_rulequeue *ptr; | |||||
struct pfctl_rule **ptr_array; | |||||
u_int32_t rcount; | |||||
u_int32_t ticket; | |||||
int open; | |||||
} active, inactive; | |||||
} rules[PF_RULESET_MAX]; | |||||
struct pfctl_anchor *anchor; | |||||
u_int32_t tticket; | |||||
int tables; | |||||
int topen; | |||||
}; | |||||
RB_HEAD(pfctl_anchor_global, pfctl_anchor); | |||||
RB_HEAD(pfctl_anchor_node, pfctl_anchor); | |||||
struct pfctl_anchor { | |||||
RB_ENTRY(pfctl_anchor) entry_global; | |||||
RB_ENTRY(pfctl_anchor) entry_node; | |||||
struct pfctl_anchor *parent; | |||||
struct pfctl_anchor_node children; | |||||
char name[PF_ANCHOR_NAME_SIZE]; | |||||
char path[MAXPATHLEN]; | |||||
struct pfctl_ruleset ruleset; | |||||
int refcnt; /* anchor rules */ | |||||
int match; /* XXX: used for pfctl black magic */ | |||||
}; | |||||
RB_PROTOTYPE(pfctl_anchor_global, pfctl_anchor, entry_global, | |||||
pf_anchor_compare); | |||||
RB_PROTOTYPE(pfctl_anchor_node, pfctl_anchor, entry_node, | |||||
pf_anchor_compare); | |||||
int libpfctl_get_rule(int dev, u_int32_t nr, u_int32_t ticket, | int libpfctl_get_rule(int dev, u_int32_t nr, u_int32_t ticket, | ||||
const char *anchor, u_int32_t ruleset, struct pf_rule *rule, | const char *anchor, u_int32_t ruleset, struct pfctl_rule *rule, | ||||
char *anchor_call); | char *anchor_call); | ||||
int libpfctl_add_rule(int dev, const struct pf_rule *r, const char *anchor, | int libpfctl_add_rule(int dev, const struct pfctl_rule *r, | ||||
const char *anchor_call, u_int32_t ticket, u_int32_t pool_ticket); | const char *anchor, const char *anchor_call, u_int32_t ticket, | ||||
u_int32_t pool_ticket); | |||||
#endif | #endif | ||||