npf_impl.h revision 1.2
1 /* $NetBSD: npf_impl.h,v 1.2 2010/09/16 04:53:27 rmind Exp $ */ 2 3 /*- 4 * Copyright (c) 2009-2010 The NetBSD Foundation, Inc. 5 * All rights reserved. 6 * 7 * This material is based upon work partially supported by The 8 * NetBSD Foundation under a contract with Mindaugas Rasiukevicius. 9 * 10 * Redistribution and use in source and binary forms, with or without 11 * modification, are permitted provided that the following conditions 12 * are met: 13 * 1. Redistributions of source code must retain the above copyright 14 * notice, this list of conditions and the following disclaimer. 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in the 17 * documentation and/or other materials provided with the distribution. 18 * 19 * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS 20 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 21 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 22 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS 23 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 24 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 25 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 26 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 27 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 28 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 29 * POSSIBILITY OF SUCH DAMAGE. 30 */ 31 32 /* 33 * Private NPF structures and interfaces. 34 * For internal use within NPF core only. 35 */ 36 37 #ifndef _NPF_IMPL_H_ 38 #define _NPF_IMPL_H_ 39 40 #include <sys/rb.h> 41 #include <sys/hash.h> 42 #include <sys/queue.h> 43 #include <sys/types.h> 44 #include <sys/rwlock.h> 45 46 #include "npf.h" 47 #include "npf_ncode.h" 48 49 #ifdef _NPF_TESTING 50 #include "testing.h" 51 #endif 52 53 /* 54 * STRUCTURE DECLARATIONS. 55 * 56 * Note: ruleset interface declarations are public. 57 */ 58 59 struct npf_nat; 60 struct npf_session; 61 62 typedef struct npf_nat npf_nat_t; 63 typedef struct npf_alg npf_alg_t; 64 typedef struct npf_natpolicy npf_natpolicy_t; 65 typedef struct npf_session npf_session_t; 66 67 struct npf_tblent; 68 struct npf_table; 69 70 typedef struct npf_tblent npf_tblent_t; 71 typedef struct npf_table npf_table_t; 72 73 typedef npf_table_t * npf_tableset_t; 74 75 /* 76 * DEFINITIONS. 77 */ 78 79 typedef bool (*npf_algfunc_t)(npf_cache_t *, void *, void *); 80 81 #define NPF_NCODE_LIMIT 1024 82 #define NPF_TABLE_SLOTS 32 83 84 /* 85 * INTERFACES. 86 */ 87 88 /* NPF control. */ 89 int npfctl_switch(void *); 90 int npfctl_reload(u_long, void *); 91 int npfctl_table(void *); 92 93 /* Packet filter hooks. */ 94 int npf_register_pfil(void); 95 void npf_unregister_pfil(void); 96 97 /* Protocol helpers. */ 98 bool npf_ip4_proto(npf_cache_t *, nbuf_t *, void *); 99 bool npf_fetch_ip4addrs(npf_cache_t *, nbuf_t *, void *); 100 bool npf_fetch_ports(npf_cache_t *, nbuf_t *, void *, const int); 101 bool npf_fetch_tcpfl(npf_cache_t *, nbuf_t *, void *); 102 bool npf_fetch_icmp(npf_cache_t *, nbuf_t *, void *); 103 bool npf_cache_all(npf_cache_t *, nbuf_t *); 104 105 bool npf_rwrport(npf_cache_t *, nbuf_t *, void *, const int, 106 in_port_t, in_addr_t); 107 bool npf_rwrip(npf_cache_t *, nbuf_t *, void *, const int, in_addr_t); 108 109 uint16_t npf_fixup16_cksum(uint16_t, uint16_t, uint16_t); 110 uint16_t npf_fixup32_cksum(uint16_t, uint32_t, uint32_t); 111 112 void npf_return_block(npf_cache_t *, nbuf_t *, const int); 113 114 /* Complex instructions. */ 115 int npf_match_ether(nbuf_t *, int, int, uint16_t, uint32_t *); 116 int npf_match_ip4table(npf_cache_t *, nbuf_t *, void *, 117 const int, const u_int); 118 int npf_match_ip4mask(npf_cache_t *, nbuf_t *, void *, 119 const int, in_addr_t, in_addr_t); 120 int npf_match_tcp_ports(npf_cache_t *, nbuf_t *, void *, 121 const int, const uint32_t); 122 int npf_match_udp_ports(npf_cache_t *, nbuf_t *, void *, 123 const int, const uint32_t); 124 int npf_match_icmp4(npf_cache_t *, nbuf_t *, void *, const uint32_t); 125 int npf_match_tcpfl(npf_cache_t *, nbuf_t *, void *, const uint32_t); 126 127 /* Tableset interface. */ 128 int npf_tableset_sysinit(void); 129 void npf_tableset_sysfini(void); 130 131 npf_tableset_t *npf_tableset_create(void); 132 void npf_tableset_destroy(npf_tableset_t *); 133 int npf_tableset_insert(npf_tableset_t *, npf_table_t *); 134 npf_tableset_t *npf_tableset_reload(npf_tableset_t *); 135 136 npf_table_t * npf_table_create(u_int, int, size_t); 137 void npf_table_destroy(npf_table_t *); 138 void npf_table_ref(npf_table_t *); 139 void npf_table_unref(npf_table_t *); 140 141 npf_table_t * npf_table_get(npf_tableset_t *, u_int); 142 void npf_table_put(npf_table_t *); 143 int npf_table_check(npf_tableset_t *, u_int, int); 144 int npf_table_add_v4cidr(npf_tableset_t *, u_int, 145 in_addr_t, in_addr_t); 146 int npf_table_rem_v4cidr(npf_tableset_t *, u_int, 147 in_addr_t, in_addr_t); 148 int npf_table_match_v4addr(u_int, in_addr_t); 149 150 /* Ruleset interface. */ 151 int npf_ruleset_sysinit(void); 152 void npf_ruleset_sysfini(void); 153 154 npf_ruleset_t * npf_ruleset_create(void); 155 void npf_ruleset_destroy(npf_ruleset_t *); 156 void npf_ruleset_insert(npf_ruleset_t *, npf_rule_t *); 157 void npf_ruleset_reload(npf_ruleset_t *, npf_tableset_t *); 158 159 npf_rule_t * npf_ruleset_match(npf_ruleset_t *, npf_cache_t *, nbuf_t *, 160 struct ifnet *, const int, const int); 161 npf_rule_t * npf_ruleset_inspect(npf_cache_t *, nbuf_t *, 162 struct ifnet *, const int, const int); 163 int npf_rule_apply(const npf_cache_t *, npf_rule_t *, bool *, int *); 164 npf_ruleset_t * npf_rule_subset(npf_rule_t *); 165 166 npf_natpolicy_t *npf_rule_getnat(const npf_rule_t *); 167 void npf_rule_setnat(npf_rule_t *, npf_natpolicy_t *); 168 169 /* State handling interface. */ 170 int npf_session_sysinit(void); 171 void npf_session_sysfini(void); 172 int npf_session_tracking(bool); 173 174 npf_session_t * npf_session_inspect(npf_cache_t *, nbuf_t *, 175 struct ifnet *, const int); 176 npf_session_t * npf_session_establish(const npf_cache_t *, 177 npf_nat_t *, const int); 178 void npf_session_release(npf_session_t *); 179 bool npf_session_pass(const npf_session_t *); 180 void npf_session_setpass(npf_session_t *); 181 void npf_session_link(npf_session_t *, npf_session_t *); 182 npf_nat_t * npf_session_retnat(npf_session_t *, const int, bool *); 183 184 /* NAT. */ 185 void npf_nat_sysinit(void); 186 void npf_nat_sysfini(void); 187 npf_natpolicy_t *npf_nat_newpolicy(int, int, in_addr_t, in_port_t); 188 void npf_nat_freepolicy(npf_natpolicy_t *); 189 void npf_nat_flush(void); 190 void npf_nat_reload(npf_ruleset_t *); 191 192 int npf_do_nat(npf_cache_t *, npf_session_t *, nbuf_t *, 193 struct ifnet *, const int); 194 void npf_nat_expire(npf_nat_t *); 195 void npf_nat_getorig(npf_nat_t *, in_addr_t *, in_port_t *); 196 void npf_nat_setalg(npf_nat_t *, npf_alg_t *, uintptr_t); 197 198 /* ALG interface. */ 199 void npf_alg_sysinit(void); 200 void npf_alg_sysfini(void); 201 npf_alg_t * npf_alg_register(npf_algfunc_t, npf_algfunc_t, 202 npf_algfunc_t, npf_algfunc_t); 203 int npf_alg_unregister(npf_alg_t *); 204 void npf_alg_match(npf_cache_t *, nbuf_t *, npf_nat_t *); 205 void npf_alg_exec(npf_cache_t *, nbuf_t *, npf_nat_t *, const int ); 206 bool npf_alg_sessionid(npf_cache_t *, nbuf_t *, npf_cache_t *); 207 208 /* Debugging routines. */ 209 void npf_rulenc_dump(npf_rule_t *); 210 void npf_sessions_dump(void); 211 void npf_nat_dump(npf_nat_t *); 212 213 #endif 214
Indexes created Tue Sep 23 14:10:03 GMT 2025