FW3_FLAG_NOTRACK = 9,
FW3_FLAG_HELPER = 10,
FW3_FLAG_MARK = 11,
- FW3_FLAG_DNAT = 12,
- FW3_FLAG_SNAT = 13,
- FW3_FLAG_MASQUERADE = 14,
- FW3_FLAG_SRC_ACCEPT = 15,
- FW3_FLAG_SRC_REJECT = 16,
- FW3_FLAG_SRC_DROP = 17,
- FW3_FLAG_CUSTOM_CHAINS = 18,
- FW3_FLAG_SYN_FLOOD = 19,
- FW3_FLAG_MTU_FIX = 20,
- FW3_FLAG_DROP_INVALID = 21,
- FW3_FLAG_HOTPLUG = 22,
+ FW3_FLAG_DSCP = 12,
+ FW3_FLAG_DNAT = 13,
+ FW3_FLAG_SNAT = 14,
+ FW3_FLAG_MASQUERADE = 15,
+ FW3_FLAG_SRC_ACCEPT = 16,
+ FW3_FLAG_SRC_REJECT = 17,
+ FW3_FLAG_SRC_DROP = 18,
+ FW3_FLAG_CUSTOM_CHAINS = 19,
+ FW3_FLAG_SYN_FLOOD = 20,
+ FW3_FLAG_MTU_FIX = 21,
+ FW3_FLAG_DROP_INVALID = 22,
+ FW3_FLAG_HOTPLUG = 23,
__FW3_FLAG_MAX
};
+enum fw3_reject_code
+{
+ FW3_REJECT_CODE_TCP_RESET = 0,
+ FW3_REJECT_CODE_PORT_UNREACH = 1,
+ FW3_REJECT_CODE_ADM_PROHIBITED = 2,
+
+ __FW3_REJECT_CODE_MAX
+};
+
extern const char *fw3_flag_names[__FW3_FLAG_MAX];
uint32_t mask;
};
+struct fw3_dscp
+{
+ bool set;
+ bool invert;
+ uint8_t dscp;
+};
+
struct fw3_cthelpermatch
{
struct list_head list;
enum fw3_flag policy_forward;
bool drop_invalid;
+ enum fw3_reject_code tcp_reject_code;
+ enum fw3_reject_code any_reject_code;
bool syn_flood;
struct fw3_limit syn_flood_rate;
bool custom_chains;
bool auto_helper;
+ bool flow_offloading;
+ bool flow_offloading_hw;
bool disable_ipv6;
struct fw3_limit limit;
struct fw3_time time;
struct fw3_mark mark;
+ struct fw3_dscp dscp;
enum fw3_flag target;
struct fw3_mark set_mark;
struct fw3_mark set_xmark;
+ struct fw3_dscp set_dscp;
struct fw3_cthelpermatch set_helper;
const char *extra;
struct list_head list;
bool enabled;
+ bool reload_set;
+ bool counters;
+ bool comment;
+
const char *name;
enum fw3_family family;
const char *module;
const char *description;
enum fw3_family family;
- struct fw3_protocol proto;
+ struct list_head proto;
struct fw3_port port;
};
bool fw3_parse_int(void *ptr, const char *val, bool is_list);
bool fw3_parse_string(void *ptr, const char *val, bool is_list);
bool fw3_parse_target(void *ptr, const char *val, bool is_list);
+bool fw3_parse_reject_code(void *ptr, const char *val, bool is_list);
bool fw3_parse_limit(void *ptr, const char *val, bool is_list);
bool fw3_parse_device(void *ptr, const char *val, bool is_list);
bool fw3_parse_address(void *ptr, const char *val, bool is_list);
bool fw3_parse_weekdays(void *ptr, const char *val, bool is_list);
bool fw3_parse_monthdays(void *ptr, const char *val, bool is_list);
bool fw3_parse_mark(void *ptr, const char *val, bool is_list);
+bool fw3_parse_dscp(void *ptr, const char *val, bool is_list);
bool fw3_parse_setmatch(void *ptr, const char *val, bool is_list);
bool fw3_parse_direction(void *ptr, const char *val, bool is_list);
bool fw3_parse_cthelper(void *ptr, const char *val, bool is_list);