X-Git-Url: http://git.openwrt.org/?a=blobdiff_plain;f=options.h;h=e20c89b064b5f2c5092dde73bf4fcfcb9a42fe41;hb=50979cc9c3805a72145440299b5c78e1be25c473;hp=30c0a95bdd57f2201c7442408f0b8b5689dc9951;hpb=2f392a3b91c25c94abfc9a7862d908c923f7bf2b;p=project%2Ffirewall3.git

diff --git a/options.h b/options.h
index 30c0a95..e20c89b 100644
--- a/options.h
+++ b/options.h
@@ -1,7 +1,7 @@
 /*
  * firewall3 - 3rd OpenWrt UCI firewall implementation
  *
- *   Copyright (C) 2013-2014 Jo-Philipp Wich <jow@openwrt.org>
+ *   Copyright (C) 2013-2014 Jo-Philipp Wich <jo@mein.io>
  *
  * Permission to use, copy, modify, and/or distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
@@ -32,6 +32,8 @@
 #include <netdb.h>
 #include <arpa/inet.h>
 #include <sys/socket.h>
+#define _LINUX_IN_H
+#define _LINUX_IN6_H
 #include <netinet/in.h>
 #include <netinet/ether.h>
 
@@ -41,6 +43,7 @@
 
 #include <libubox/list.h>
 #include <libubox/utils.h>
+#include <libubox/blobmsg.h>
 
 #include "icmp_codes.h"
 #include "utils.h"
@@ -68,22 +71,33 @@ enum fw3_flag
 	FW3_FLAG_REJECT        = 7,
 	FW3_FLAG_DROP          = 8,
 	FW3_FLAG_NOTRACK       = 9,
-	FW3_FLAG_MARK          = 10,
-	FW3_FLAG_DNAT          = 11,
-	FW3_FLAG_SNAT          = 12,
-	FW3_FLAG_MASQUERADE    = 13,
-	FW3_FLAG_SRC_ACCEPT    = 14,
-	FW3_FLAG_SRC_REJECT    = 15,
-	FW3_FLAG_SRC_DROP      = 16,
-	FW3_FLAG_CUSTOM_CHAINS = 17,
-	FW3_FLAG_SYN_FLOOD     = 18,
-	FW3_FLAG_MTU_FIX       = 19,
-	FW3_FLAG_DROP_INVALID  = 20,
-	FW3_FLAG_HOTPLUG       = 21,
+	FW3_FLAG_HELPER        = 10,
+	FW3_FLAG_MARK          = 11,
+	FW3_FLAG_DSCP          = 12,
+	FW3_FLAG_DNAT          = 13,
+	FW3_FLAG_SNAT          = 14,
+	FW3_FLAG_MASQUERADE    = 15,
+	FW3_FLAG_SRC_ACCEPT    = 16,
+	FW3_FLAG_SRC_REJECT    = 17,
+	FW3_FLAG_SRC_DROP      = 18,
+	FW3_FLAG_CUSTOM_CHAINS = 19,
+	FW3_FLAG_SYN_FLOOD     = 20,
+	FW3_FLAG_MTU_FIX       = 21,
+	FW3_FLAG_DROP_INVALID  = 22,
+	FW3_FLAG_HOTPLUG       = 23,
 
 	__FW3_FLAG_MAX
 };
 
+enum fw3_reject_code
+{
+	FW3_REJECT_CODE_TCP_RESET      = 0,
+	FW3_REJECT_CODE_PORT_UNREACH   = 1,
+	FW3_REJECT_CODE_ADM_PROHIBITED = 2,
+
+	__FW3_REJECT_CODE_MAX
+};
+
 extern const char *fw3_flag_names[__FW3_FLAG_MAX];
 
 
@@ -174,7 +188,6 @@ struct fw3_address
 	bool invert;
 	bool resolved;
 	enum fw3_family family;
-	int mask;
 	union {
 		struct in_addr v4;
 		struct in6_addr v6;
@@ -184,7 +197,7 @@ struct fw3_address
 		struct in_addr v4;
 		struct in6_addr v6;
 		struct ether_addr mac;
-	} address2;
+	} mask;
 };
 
 struct fw3_mac
@@ -256,6 +269,23 @@ struct fw3_mark
 	uint32_t mask;
 };
 
+struct fw3_dscp
+{
+	bool set;
+	bool invert;
+	uint8_t dscp;
+};
+
+struct fw3_cthelpermatch
+{
+	struct list_head list;
+
+	bool set;
+	bool invert;
+	char name[32];
+	struct fw3_cthelper *ptr;
+};
+
 struct fw3_defaults
 {
 	enum fw3_flag policy_input;
@@ -263,6 +293,8 @@ struct fw3_defaults
 	enum fw3_flag policy_forward;
 
 	bool drop_invalid;
+	enum fw3_reject_code tcp_reject_code;
+	enum fw3_reject_code any_reject_code;
 
 	bool syn_flood;
 	struct fw3_limit syn_flood_rate;
@@ -275,6 +307,9 @@ struct fw3_defaults
 	bool accept_source_route;
 
 	bool custom_chains;
+	bool auto_helper;
+	bool flow_offloading;
+	bool flow_offloading_hw;
 
 	bool disable_ipv6;
 
@@ -302,18 +337,23 @@ struct fw3_zone
 	const char *extra_dest;
 
 	bool masq;
+	bool masq_allow_invalid;
 	struct list_head masq_src;
 	struct list_head masq_dest;
 
-	bool conntrack;
 	bool mtu_fix;
 
-	bool log;
+	struct list_head cthelpers;
+
+	int log;
 	struct fw3_limit log_limit;
 
 	bool custom_chains;
+	bool auto_helper;
 
 	uint32_t flags[2];
+
+	struct list_head old_addrs;
 };
 
 struct fw3_rule
@@ -334,6 +374,7 @@ struct fw3_rule
 	struct fw3_device src;
 	struct fw3_device dest;
 	struct fw3_setmatch ipset;
+	struct fw3_cthelpermatch helper;
 
 	struct list_head proto;
 
@@ -349,10 +390,13 @@ struct fw3_rule
 	struct fw3_limit limit;
 	struct fw3_time time;
 	struct fw3_mark mark;
+	struct fw3_dscp dscp;
 
 	enum fw3_flag target;
 	struct fw3_mark set_mark;
 	struct fw3_mark set_xmark;
+	struct fw3_dscp set_dscp;
+	struct fw3_cthelpermatch set_helper;
 
 	const char *extra;
 };
@@ -372,6 +416,7 @@ struct fw3_redirect
 	struct fw3_device src;
 	struct fw3_device dest;
 	struct fw3_setmatch ipset;
+	struct fw3_cthelpermatch helper;
 
 	struct list_head proto;
 
@@ -396,6 +441,7 @@ struct fw3_redirect
 	bool local;
 	bool reflection;
 	enum fw3_reflection_source reflection_src;
+	struct list_head reflection_zones;
 };
 
 struct fw3_snat
@@ -411,6 +457,7 @@ struct fw3_snat
 
 	struct fw3_device src;
 	struct fw3_setmatch ipset;
+	struct fw3_cthelpermatch helper;
 	const char *device;
 
 	struct list_head proto;
@@ -455,6 +502,10 @@ struct fw3_ipset
 	struct list_head list;
 
 	bool enabled;
+	bool reload_set;
+	bool counters;
+	bool comment;
+
 	const char *name;
 	enum fw3_family family;
 
@@ -472,6 +523,9 @@ struct fw3_ipset
 
 	const char *external;
 
+	struct list_head entries;
+	const char *loadfile;
+
 	uint32_t flags[2];
 };
 
@@ -489,6 +543,25 @@ struct fw3_include
 	bool reload;
 };
 
+struct fw3_cthelper
+{
+	struct list_head list;
+
+	bool enabled;
+	const char *name;
+	const char *module;
+	const char *description;
+	enum fw3_family family;
+	struct list_head proto;
+	struct fw3_port port;
+};
+
+struct fw3_setentry
+{
+	struct list_head list;
+	const char *value;
+};
+
 struct fw3_state
 {
 	struct uci_context *uci;
@@ -500,6 +573,7 @@ struct fw3_state
 	struct list_head forwards;
 	struct list_head ipsets;
 	struct list_head includes;
+	struct list_head cthelpers;
 
 	bool disable_ipsets;
 	bool statefile;
@@ -532,6 +606,7 @@ bool fw3_parse_bool(void *ptr, const char *val, bool is_list);
 bool fw3_parse_int(void *ptr, const char *val, bool is_list);
 bool fw3_parse_string(void *ptr, const char *val, bool is_list);
 bool fw3_parse_target(void *ptr, const char *val, bool is_list);
+bool fw3_parse_reject_code(void *ptr, const char *val, bool is_list);
 bool fw3_parse_limit(void *ptr, const char *val, bool is_list);
 bool fw3_parse_device(void *ptr, const char *val, bool is_list);
 bool fw3_parse_address(void *ptr, const char *val, bool is_list);
@@ -553,13 +628,18 @@ bool fw3_parse_time(void *ptr, const char *val, bool is_list);
 bool fw3_parse_weekdays(void *ptr, const char *val, bool is_list);
 bool fw3_parse_monthdays(void *ptr, const char *val, bool is_list);
 bool fw3_parse_mark(void *ptr, const char *val, bool is_list);
+bool fw3_parse_dscp(void *ptr, const char *val, bool is_list);
 bool fw3_parse_setmatch(void *ptr, const char *val, bool is_list);
 bool fw3_parse_direction(void *ptr, const char *val, bool is_list);
+bool fw3_parse_cthelper(void *ptr, const char *val, bool is_list);
+bool fw3_parse_setentry(void *ptr, const char *val, bool is_list);
 
 bool fw3_parse_options(void *s, const struct fw3_option *opts,
                        struct uci_section *section);
+bool fw3_parse_blob_options(void *s, const struct fw3_option *opts,
+                            struct blob_attr *a, const char *name);
 
 const char * fw3_address_to_string(struct fw3_address *address,
-                                   bool allow_invert);
+                                   bool allow_invert, bool as_cidr);
 
 #endif