OpenCores
URL https://opencores.org/ocsvn/or1k_old/or1k_old/trunk

Subversion Repositories or1k_old

[/] [or1k_old/] [trunk/] [rc203soc/] [sw/] [uClinux/] [include/] [linux/] [ip_fw.h] - Blame information for rev 1782

Details | Compare with Previous | View Log

Line No. Rev Author Line
1 1633 jcastillo 
/*
2 
 *      IP firewalling code. This is taken from 4.4BSD. Please note the
3 
 *      copyright message below. As per the GPL it must be maintained
4 
 *      and the licenses thus do not conflict. While this port is subject
5 
 *      to the GPL I also place my modifications under the original
6 
 *      license in recognition of the original copyright.
7 
 *
8 
 *      Ported from BSD to Linux,
9 
 *              Alan Cox 22/Nov/1994.
10 
 *      Merged and included the FreeBSD-Current changes at Ugen's request
11 
 *      (but hey it's a lot cleaner now). Ugen would prefer in some ways
12 
 *      we waited for his final product but since Linux 1.2.0 is about to
13 
 *      appear it's not practical - Read: It works, it's not clean but please
14 
 *      don't consider it to be his standard of finished work.
15 
 *              Alan.
16 
 *
17 
 * Fixes:
18 
 *      Pauline Middelink       :       Added masquerading.
19 
 *      Jos Vos                 :       Separate input  and output firewall
20 
 *                                      chains, new "insert" and "append"
21 
 *                                      commands to replace "add" commands,
22 
 *                                      add ICMP header to struct ip_fwpkt.
23 
 *      Jos Vos                 :       Add support for matching device names.
24 
 *      Willy Konynenberg       :       Add transparent proxying support.
25 
 *      Jos Vos                 :       Add options for input/output accounting.
26 
 *
27 
 *      All the real work was done by .....
28 
 */
29 
 
30 
/*
31 
 * Copyright (c) 1993 Daniel Boulet
32 
 * Copyright (c) 1994 Ugen J.S.Antsilevich
33 
 *
34 
 * Redistribution and use in source forms, with and without modification,
35 
 * are permitted provided that this entire comment appears intact.
36 
 *
37 
 * Redistribution in binary form may occur without any restrictions.
38 
 * Obviously, it would be nice if you gave credit where credit is due
39 
 * but requiring it would be too onerous.
40 
 *
41 
 * This software is provided ``AS IS'' without any warranties of any kind.
42 
 */
43 
 
44 
/*
45 
 *      Format of an IP firewall descriptor
46 
 *
47 
 *      src, dst, src_mask, dst_mask are always stored in network byte order.
48 
 *      flags and num_*_ports are stored in host byte order (of course).
49 
 *      Port numbers are stored in HOST byte order.
50 
 */
51 
 
52 
#ifndef _IP_FW_H
53 
#define _IP_FW_H
54 
 
55 
#include <linux/icmp.h>
56 
#include <linux/in.h>
57 
#include <linux/ip.h>
58 
#include <linux/tcp.h>
59 
#include <linux/udp.h>
60 
#include <linux/config.h>
61 
#include <linux/if.h>
62 
 
63 
struct ip_fw
64 
{
65 
        struct ip_fw  *fw_next;                 /* Next firewall on chain */
66 
        struct in_addr fw_src, fw_dst;          /* Source and destination IP addr */
67 
        struct in_addr fw_smsk, fw_dmsk;        /* Mask for src and dest IP addr */
68 
        struct in_addr fw_via;                  /* IP address of interface "via" */
69 
        struct device *fw_viadev;               /* device of interface "via" */
70 
        unsigned short fw_flg;                  /* Flags word */
71 
        unsigned short fw_nsp, fw_ndp;          /* N'of src ports and # of dst ports */
72 
                                                /* in ports array (dst ports follow */
73 
                                                /* src ports; max of 10 ports in all; */
74 
                                                /* count of 0 means match all ports) */
75 
#define IP_FW_MAX_PORTS 10                      /* A reasonable maximum */
76 
        unsigned short fw_pts[IP_FW_MAX_PORTS]; /* Array of port numbers to match */
77 
        unsigned long  fw_pcnt,fw_bcnt;         /* Packet and byte counters */
78 
        unsigned char  fw_tosand, fw_tosxor;    /* Revised packet priority */
79 
        char           fw_vianame[IFNAMSIZ];    /* name of interface "via" */
80 
};
81 
 
82 
/*
83 
 *      Values for "flags" field .
84 
 */
85 
 
86 
#define IP_FW_F_ALL     0x0000  /* This is a universal packet firewall*/
87 
#define IP_FW_F_TCP     0x0001  /* This is a TCP packet firewall      */
88 
#define IP_FW_F_UDP     0x0002  /* This is a UDP packet firewall      */
89 
#define IP_FW_F_ICMP    0x0003  /* This is a ICMP packet firewall     */
90 
#define IP_FW_F_KIND    0x0003  /* Mask to isolate firewall kind      */
91 
#define IP_FW_F_ACCEPT  0x0004  /* This is an accept firewall (as     *
92 
                                 *         opposed to a deny firewall)*
93 
                                 *                                    */
94 
#define IP_FW_F_SRNG    0x0008  /* The first two src ports are a min  *
95 
                                 * and max range (stored in host byte *
96 
                                 * order).                            *
97 
                                 *                                    */
98 
#define IP_FW_F_DRNG    0x0010  /* The first two dst ports are a min  *
99 
                                 * and max range (stored in host byte *
100 
                                 * order).                            *
101 
                                 * (ports[0] <= port <= ports[1])     *
102 
                                 *                                    */
103 
#define IP_FW_F_PRN     0x0020  /* In verbose mode print this firewall*/
104 
#define IP_FW_F_BIDIR   0x0040  /* For bidirectional firewalls        */
105 
#define IP_FW_F_TCPSYN  0x0080  /* For tcp packets-check SYN only     */
106 
#define IP_FW_F_ICMPRPL 0x0100  /* Send back icmp unreachable packet  */
107 
#define IP_FW_F_MASQ    0x0200  /* Masquerading                       */
108 
#define IP_FW_F_TCPACK  0x0400  /* For tcp-packets match if ACK is set*/
109 
#define IP_FW_F_REDIR   0x0800  /* Redirect to local port fw_pts[n]   */
110 
#define IP_FW_F_ACCTIN  0x1000  /* Account incoming packets only.     */
111 
#define IP_FW_F_ACCTOUT 0x2000  /* Account outgoing packets only.     */
112 
 
113 
#define IP_FW_F_MASK    0x3FFF  /* All possible flag bits mask        */
114 
 
115 
/*
116 
 *      New IP firewall options for [gs]etsockopt at the RAW IP level.
117 
 *      Unlike BSD Linux inherits IP options so you don't have to use
118 
 *      a raw socket for this. Instead we check rights in the calls.
119 
 */
120 
 
121 
#define IP_FW_BASE_CTL          64      /* base for firewall socket options */
122 
 
123 
#define IP_FW_COMMAND           0x00FF  /* mask for command without chain */
124 
#define IP_FW_TYPE              0x0300  /* mask for type (chain) */
125 
#define IP_FW_SHIFT             8       /* shift count for type (chain) */
126 
 
127 
#define IP_FW_FWD               0
128 
#define IP_FW_IN                1
129 
#define IP_FW_OUT               2
130 
#define IP_FW_ACCT              3
131 
#define IP_FW_CHAINS            4       /* total number of ip_fw chains */
132 
#ifdef CONFIG_IP_MASQUERADE_IPAUTOFW
133 
#define IP_FW_AUTOFW            5
134 
#endif
135 
#ifdef CONFIG_IP_MASQUERADE_IPPORTFW
136 
#define IP_FW_PORTFW            6
137 
#endif
138 
 
139 
#define IP_FW_INSERT            (IP_FW_BASE_CTL)
140 
#define IP_FW_APPEND            (IP_FW_BASE_CTL+1)
141 
#define IP_FW_DELETE            (IP_FW_BASE_CTL+2)
142 
#define IP_FW_FLUSH             (IP_FW_BASE_CTL+3)
143 
#define IP_FW_ZERO              (IP_FW_BASE_CTL+4)
144 
#define IP_FW_POLICY            (IP_FW_BASE_CTL+5)
145 
#define IP_FW_CHECK             (IP_FW_BASE_CTL+6)
146 
#define IP_FW_MASQ_TIMEOUTS     (IP_FW_BASE_CTL+7)
147 
 
148 
#define IP_FW_INSERT_FWD        (IP_FW_INSERT | (IP_FW_FWD << IP_FW_SHIFT))
149 
#define IP_FW_APPEND_FWD        (IP_FW_APPEND | (IP_FW_FWD << IP_FW_SHIFT))
150 
#define IP_FW_DELETE_FWD        (IP_FW_DELETE | (IP_FW_FWD << IP_FW_SHIFT))
151 
#define IP_FW_FLUSH_FWD         (IP_FW_FLUSH  | (IP_FW_FWD << IP_FW_SHIFT))
152 
#define IP_FW_ZERO_FWD          (IP_FW_ZERO   | (IP_FW_FWD << IP_FW_SHIFT))
153 
#define IP_FW_POLICY_FWD        (IP_FW_POLICY | (IP_FW_FWD << IP_FW_SHIFT))
154 
#define IP_FW_CHECK_FWD         (IP_FW_CHECK  | (IP_FW_FWD << IP_FW_SHIFT))
155 
 
156 
#define IP_FW_INSERT_IN         (IP_FW_INSERT | (IP_FW_IN << IP_FW_SHIFT))
157 
#define IP_FW_APPEND_IN         (IP_FW_APPEND | (IP_FW_IN << IP_FW_SHIFT))
158 
#define IP_FW_DELETE_IN         (IP_FW_DELETE | (IP_FW_IN << IP_FW_SHIFT))
159 
#define IP_FW_FLUSH_IN          (IP_FW_FLUSH  | (IP_FW_IN << IP_FW_SHIFT))
160 
#define IP_FW_ZERO_IN           (IP_FW_ZERO   | (IP_FW_IN << IP_FW_SHIFT))
161 
#define IP_FW_POLICY_IN         (IP_FW_POLICY | (IP_FW_IN << IP_FW_SHIFT))
162 
#define IP_FW_CHECK_IN          (IP_FW_CHECK  | (IP_FW_IN << IP_FW_SHIFT))
163 
 
164 
#define IP_FW_INSERT_OUT        (IP_FW_INSERT | (IP_FW_OUT << IP_FW_SHIFT))
165 
#define IP_FW_APPEND_OUT        (IP_FW_APPEND | (IP_FW_OUT << IP_FW_SHIFT))
166 
#define IP_FW_DELETE_OUT        (IP_FW_DELETE | (IP_FW_OUT << IP_FW_SHIFT))
167 
#define IP_FW_FLUSH_OUT         (IP_FW_FLUSH  | (IP_FW_OUT << IP_FW_SHIFT))
168 
#define IP_FW_ZERO_OUT          (IP_FW_ZERO   | (IP_FW_OUT << IP_FW_SHIFT))
169 
#define IP_FW_POLICY_OUT        (IP_FW_POLICY | (IP_FW_OUT << IP_FW_SHIFT))
170 
#define IP_FW_CHECK_OUT         (IP_FW_CHECK  | (IP_FW_OUT << IP_FW_SHIFT))
171 
 
172 
#define IP_ACCT_INSERT          (IP_FW_INSERT | (IP_FW_ACCT << IP_FW_SHIFT))
173 
#define IP_ACCT_APPEND          (IP_FW_APPEND | (IP_FW_ACCT << IP_FW_SHIFT))
174 
#define IP_ACCT_DELETE          (IP_FW_DELETE | (IP_FW_ACCT << IP_FW_SHIFT))
175 
#define IP_ACCT_FLUSH           (IP_FW_FLUSH  | (IP_FW_ACCT << IP_FW_SHIFT))
176 
#define IP_ACCT_ZERO            (IP_FW_ZERO   | (IP_FW_ACCT << IP_FW_SHIFT))
177 
 
178 
#ifdef CONFIG_IP_MASQUERADE_IPAUTOFW
179 
#define IP_AUTOFW_ADD           (IP_FW_APPEND | (IP_FW_AUTOFW << IP_FW_SHIFT))
180 
#define IP_AUTOFW_DEL           (IP_FW_DELETE | (IP_FW_AUTOFW << IP_FW_SHIFT))
181 
#define IP_AUTOFW_FLUSH         (IP_FW_FLUSH  | (IP_FW_AUTOFW << IP_FW_SHIFT))
182 
#endif /* CONFIG_IP_MASQUERADE_IPAUTOFW */
183 
 
184 
#ifdef CONFIG_IP_MASQUERADE_IPPORTFW
185 
#define IP_PORTFW_ADD          (IP_FW_APPEND | (IP_FW_PORTFW << IP_FW_SHIFT))
186 
#define IP_PORTFW_DEL          (IP_FW_DELETE | (IP_FW_PORTFW << IP_FW_SHIFT))
187 
#define IP_PORTFW_FLUSH        (IP_FW_FLUSH  | (IP_FW_PORTFW << IP_FW_SHIFT))
188 
#endif /* CONFIG_IP_MASQUERADE_IPPORTFW */
189 
 
190 
struct ip_fwpkt
191 
{
192 
        struct iphdr fwp_iph;                   /* IP header */
193 
        union {
194 
                struct tcphdr fwp_tcph;         /* TCP header or */
195 
                struct udphdr fwp_udph;         /* UDP header */
196 
                struct icmphdr fwp_icmph;       /* ICMP header */
197 
        } fwp_protoh;
198 
        struct in_addr fwp_via;                 /* interface address */
199 
        char           fwp_vianame[IFNAMSIZ];   /* interface name */
200 
};
201 
 
202 
/*
203 
 * timeouts for ip masquerading
204 
 */
205 
 
206 
struct ip_fw_masq;
207 
 
208 
/*
209 
 *      Main firewall chains definitions and global var's definitions.
210 
 */
211 
 
212 
#ifdef __KERNEL__
213 
 
214 
/* Modes used in the ip_fw_chk() routine. */
215 
#define IP_FW_MODE_FW           0x00    /* kernel firewall check */
216 
#define IP_FW_MODE_ACCT_IN      0x01    /* accounting (incoming) */
217 
#define IP_FW_MODE_ACCT_OUT     0x02    /* accounting (outgoing) */
218 
#define IP_FW_MODE_CHK          0x04    /* check requested by user */
219 
 
220 
#ifdef CONFIG_IP_FIREWALL
221 
extern struct ip_fw *ip_fw_in_chain;
222 
extern struct ip_fw *ip_fw_out_chain;
223 
extern struct ip_fw *ip_fw_fwd_chain;
224 
extern int ip_fw_in_policy;
225 
extern int ip_fw_out_policy;
226 
extern int ip_fw_fwd_policy;
227 
extern int ip_fw_ctl(int, void *, int);
228 
#endif
229 
#ifdef CONFIG_IP_MASQUERADE_IPAUTOFW
230 
extern int ip_autofw_ctl(int, void *, int);
231 
#endif
232 
#ifdef CONFIG_IP_MASQUERADE_IPPORTFW
233 
extern int ip_portfw_ctl(int, void *, int);
234 
#endif
235 
#ifdef CONFIG_IP_ACCT
236 
extern struct ip_fw *ip_acct_chain;
237 
extern int ip_acct_ctl(int, void *, int);
238 
#endif
239 
 
240 
extern int ip_fw_chk(struct iphdr *, struct device *, __u16 *, struct ip_fw *, int, int);
241 
extern void ip_fw_init(void);
242 
#endif /* KERNEL */
243 
 
244 
#ifdef CONFIG_IP_MASQUERADE_IPAUTOFW
245 
#define IP_FWD_RANGE            1
246 
#define IP_FWD_PORT             2
247 
#define IP_FWD_DIRECT           3
248 
 
249 
#define IP_AUTOFW_ACTIVE        1
250 
#define IP_AUTOFW_USETIME       2
251 
#define IP_AUTOFW_SECURE        4
252 
 
253 
struct ip_autofw {
254 
        struct ip_autofw * next;
255 
        __u16 type;
256 
        __u16 low;
257 
        __u16 hidden;
258 
        __u16 high;
259 
        __u16 visible;
260 
        __u16 protocol;
261 
        __u32 lastcontact;
262 
        __u32 where;
263 
        __u16 ctlproto;
264 
        __u16 ctlport;
265 
        __u16 flags;
266 
        struct timer_list timer;
267 
};
268 
#endif /* CONFIG_IP_MASQUERADE_IPAUTOFW */
269 
#ifdef CONFIG_IP_MASQUERADE_IPPORTFW
270 
 
271 
#define IP_PORTFW_PORT_MIN 1
272 
#define IP_PORTFW_PORT_MAX 60999
273 
 
274 
struct ip_portfw {
275 
        struct ip_portfw *next;
276 
        __u32           laddr, raddr;
277 
        __u16           lport, rport;
278 
};
279 
 
280 
struct ip_portfw_edits {
281 
       __u16           protocol;       /* Which protocol are we talking? */
282 
       __u32           laddr, raddr;   /* Remote address */
283 
       __u16           lport, rport;   /* Local and remote port */
284 
       __u16           dummy;          /* Make up to multiple of 4 */
285 
};
286 
#endif /* CONFIG_IP_MASQUERADE_IPPORTFW */
287 
#endif /* _IP_FW_H */

powered by: WebSVN 2.1.0

© copyright 1999-2024 OpenCores.org, equivalent to Oliscience, all rights reserved. OpenCores®, registered trademark.