release/src/router/shared/netconf.h

   1 /*
   2  * Network configuration layer
   3  *
   4  * Copyright (C) 2010, Broadcom Corporation. All Rights Reserved.
   5  *
   6  * Permission to use, copy, modify, and/or distribute this software for any
   7  * purpose with or without fee is hereby granted, provided that the above
   8  * copyright notice and this permission notice appear in all copies.
   9  *
  10  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
  11  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
  12  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
  13  * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
  14  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
  15  * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
  16  * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  17  *
  18  * $Id: netconf.h 241398 2011-02-18 03:46:33Z stakita $
  19  */
  20
  21 #ifndef _netconf_h_
  22 #define _netconf_h_
  23
  24 #include <sys/types.h>
  25 #include <sys/socket.h>
  26 #include <netinet/in.h>
  27 #include <net/if.h>
  28
  29 #include <typedefs.h>
  30 #include <proto/ethernet.h>
  31
  32 #include <bcmconfig.h>
  33
  34 /* Supported match states */
  35 #define NETCONF_INVALID         0x01    /* Packet could not be classified */
  36 #define NETCONF_ESTABLISHED     0x02    /* Packet is related to an existing connection */
  37 #define NETCONF_RELATED         0x04    /* Packet is part of an established connection */
  38 #define NETCONF_NEW             0x08    /* Packet is trying to establish a new connection */
  39
  40 /* Supported match flags */
  41 #define NETCONF_INV_SRCIP       0x01    /* Invert the sense of source IP address */
  42 #define NETCONF_INV_DSTIP       0x02    /* Invert the sense of destination IP address */
  43 #define NETCONF_INV_SRCPT       0x04    /* Invert the sense of source port range */
  44 #define NETCONF_INV_DSTPT       0x08    /* Invert the sense of destination port range */
  45 #define NETCONF_INV_MAC         0x10    /* Invert the sense of source MAC address */
  46 #define NETCONF_INV_IN          0x20    /* Invert the sense of inbound interface */
  47 #define NETCONF_INV_OUT         0x40    /* Invert the sense of outbound interface */
  48 #define NETCONF_INV_STATE       0x80    /* Invert the sense of state */
  49 #define NETCONF_INV_DAYS        0x100   /* Invert the sense of day of the week */
  50 #define NETCONF_INV_SECS        0x200   /* Invert the sense of time of day */
  51
  52 #define NETCONF_DISABLED        0x80000000 /* Entry is disabled */
  53
  54
  55 /* Cone NAT, Otherwise Symmetric NAT */
  56 /* Please remember, the value 0x800 is in continuation with
  57  * the NFC_IP_XXX codes defined in linux/linux/inxlude/linux/netfilter_ipv4.h.
  58  * So, we need to keep both NETCONF_CONE_NAT here and NFC_IP_CONE_NAT
  59  * in netfilter_ipv4.h in sync.
  60  */
  61 #define NETCONF_CONE_NAT         0x0800
  62
  63 /* Match description */
  64 typedef struct _netconf_match_t {
  65         int ipproto;                    /* IP protocol (TCP/UDP) */
  66         struct {
  67                 struct in_addr ipaddr;  /* Match by IP address */
  68                 struct in_addr netmask;
  69                 uint16 ports[2];        /* Match by TCP/UDP port range */
  70         } src, dst;
  71         struct ether_addr mac;          /* Match by source MAC address */
  72         struct {
  73                 char name[IFNAMSIZ];    /* Match by interface name */
  74         } in, out;
  75         int state;                      /* Match by packet state */
  76         int flags;                      /* Match flags */
  77         uint days[2];                   /* Match by day of the week (local time) (Sunday == 0) */
  78         uint secs[2];                   /* Match by time of day (local time) (12:00 AM == 0) */
  79         struct _netconf_match_t *next, *prev;
  80         uint8 dscp;         /* Match by DSCP value */
  81 } netconf_match_t;
  82
  83 #ifndef __CONFIG_IPV6__
  84 #define netconf_valid_ipproto(ipproto) \
  85         ((ipproto == 0) || (ipproto) == IPPROTO_TCP || (ipproto) == IPPROTO_UDP)
  86 #else
  87 #define netconf_valid_ipproto(ipproto) \
  88         ((ipproto == 0) || (ipproto) == IPPROTO_TCP || (ipproto) == IPPROTO_UDP || \
  89         (ipproto) == IPPROTO_IPV6)
  90 #endif /* __CONFIG_IPV6__ */
  91
  92 /* Supported firewall target types */
  93 enum netconf_target {
  94         NETCONF_DROP,                   /* Drop packet (filter) */
  95         NETCONF_ACCEPT,                 /* Accept packet (filter) */
  96         NETCONF_LOG_DROP,               /* Log and drop packet (filter) */
  97         NETCONF_LOG_ACCEPT,             /* Log and accept packet (filter) */
  98         NETCONF_SNAT,                   /* Source NAT (nat) */
  99         NETCONF_DNAT,                   /* Destination NAT (nat) */
 100         NETCONF_MASQ,                   /* IP masquerade (nat) */
 101         NETCONF_APP,                    /* Application specific port forward (app) */
 102         NETCONF_TARGET_MAX
 103 };
 104
 105 #define netconf_valid_filter(target) \
 106         ((target) == NETCONF_DROP || (target) == NETCONF_ACCEPT || \
 107          (target) == NETCONF_LOG_DROP || (target) == NETCONF_LOG_ACCEPT)
 108
 109 #define netconf_valid_nat(target) \
 110         ((target) == NETCONF_SNAT || (target) == NETCONF_DNAT || (target) == NETCONF_MASQ)
 111
 112 #define netconf_valid_target(target) \
 113         ((target) >= 0 && (target) < NETCONF_TARGET_MAX)
 114
 115 #define NETCONF_FW_COMMON \
 116         netconf_match_t match;          /* Match type */ \
 117         enum netconf_target target;     /* Target type */ \
 118         char desc[40];                  /* String description */ \
 119         struct _netconf_fw_t *next, *prev \
 120
 121 /* Generic firewall entry description */
 122 typedef struct _netconf_fw_t {
 123         NETCONF_FW_COMMON;
 124         char data[0];                   /* Target specific */
 125 } netconf_fw_t;
 126
 127 /* Supported filter directions */
 128 enum netconf_dir {
 129         NETCONF_IN,                     /* Packets destined for the firewall */
 130         NETCONF_FORWARD,                /* Packets routed through the firewall */
 131         NETCONF_OUT,                    /* Packets generated by the firewall */
 132         NETCONF_DIR_MAX
 133 };
 134
 135 #define netconf_valid_dir(dir) \
 136         ((dir) >= 0 && (dir) < NETCONF_DIR_MAX)
 137
 138 /* Filter target firewall entry description */
 139 typedef struct _netconf_filter_t {
 140         NETCONF_FW_COMMON;
 141         enum netconf_dir dir;           /* Direction to filter */
 142 } netconf_filter_t;
 143
 144 #ifdef __CONFIG_URLFILTER__
 145 /* URL filter entry description */
 146 typedef struct _netconf_urlfilter_t {
 147         NETCONF_FW_COMMON;
 148         char url[256];
 149 } netconf_urlfilter_t;
 150 #endif /* __CONFIG_URLFILTER__ */
 151
 152 /* NAT target firewall entry description */
 153 typedef struct _netconf_nat_t {
 154         NETCONF_FW_COMMON;
 155         unsigned int type;              /* Indicates Cone/Symmetric NAT */
 156         struct in_addr ipaddr;          /* Address to map packet to */
 157         uint16 ports[2];                /* Port(s) to map packet to (network order) */
 158 } netconf_nat_t;
 159
 160 /* Application specific port forward description */
 161 typedef struct _netconf_app_t {
 162         NETCONF_FW_COMMON;
 163         uint16 proto;           /* Related protocol */
 164         uint16 dport[2];        /* Related destination port(s) (network order) */
 165         uint16 to[2];           /* Port(s) to map related destination port to (network order) */
 166 } netconf_app_t;
 167
 168 /* Match description for Media traffic management */
 169 typedef struct _netconf_trmgmt_t {
 170         NETCONF_FW_COMMON;
 171         uint16 prio;             /* Priority */
 172         uint16 favored;          /* Flags */
 173 } netconf_trmgmt_t;
 174
 175 /* Generic doubly linked list processing macros */
 176 #define netconf_list_init(head) ((head)->next = (head)->prev = (head))
 177
 178 #define netconf_list_empty(head) ((head)->next == (head))
 179
 180 #define netconf_list_add(new, head) do { \
 181         (head)->next->prev = (new); \
 182         (new)->next = (head)->next; \
 183         (new)->prev = (head); \
 184         (head)->next = (new); \
 185 } while (0)
 186
 187 #define netconf_list_del(old) do { \
 188         (old)->next->prev = (old)->prev; \
 189         (old)->prev->next = (old)->next; \
 190 } while (0)
 191
 192 #define netconf_list_for_each(pos, head) \
 193         for ((pos) = (head)->next; (pos) != (head); (pos) = (pos)->next)
 194
 195 #define netconf_list_free(head) do { \
 196         typeof(head) pos, next; \
 197         for ((pos) = (head)->next; (pos) != (head); (pos) = next) { \
 198                 next = pos->next; \
 199                 netconf_list_del(pos); \
 200                 free(pos); \
 201         } \
 202 } while (0)
 203
 204 /*
 205  * Functions that work on arrays take a pointer to the array byte
 206  * length. If the length is zero, the function will set the length to
 207  * the number of bytes that must be provided to fulfill the
 208  * request. If the length is non-zero, then the array will be
 209  * constructed until the buffer length is exhausted or the request is
 210  * fulfilled.
 211  */
 212
 213 /*
 214  * Add a firewall entry
 215  * @param       fw      firewall entry
 216  * @return      0 on success and errno on failure
 217  */
 218 extern int netconf_add_fw(netconf_fw_t *fw);
 219
 220 /*
 221  * Delete a firewall entry
 222  * @param       fw      firewall entry
 223  * @return      0 on success and errno on failure
 224  */
 225 extern int netconf_del_fw(netconf_fw_t *fw);
 226
 227 /*
 228  * Get a list of the current firewall entries
 229  * @param       fw_list         list of firewall entries
 230  * @return      0 on success and errno on failure
 231  */
 232 extern int netconf_get_fw(netconf_fw_t *fw_list);
 233
 234 /*
 235  * See if a given firewall entry already exists
 236  * @param       nat     NAT entry to look for
 237  * @return      whether NAT entry exists
 238  */
 239 extern int netconf_fw_exists(netconf_fw_t *fw);
 240
 241 /*
 242  * Reset the firewall to a sane state
 243  * @return 0 on success and errno on failure
 244  */
 245 extern int netconf_reset_fw(void);
 246
 247 /*
 248  * Add a NAT entry or list of NAT entries
 249  * @param       nat_list        NAT entry or list of NAT entries
 250  * @return      0 on success and errno on failure
 251  */
 252 extern int netconf_add_nat(netconf_nat_t *nat_list);
 253
 254 /*
 255  * Delete a NAT entry or list of NAT entries
 256  * @param       nat_list        NAT entry or list of NAT entries
 257  * @return      0 on success and errno on failure
 258  */
 259 extern int netconf_del_nat(netconf_nat_t *nat_list);
 260
 261 /*
 262  * Get an array of the current NAT entries
 263  * @param       nat_array       array of NAT entries
 264  * @param       space           Pointer to size of nat_array in bytes
 265  * @return 0 on success and errno on failure
 266  */
 267 extern int netconf_get_nat(netconf_nat_t *nat_array, int *space);
 268
 269 /*
 270  * Add a filter entry or list of filter entries
 271  * @param       filter_list     filter entry or list of filter entries
 272  * @return      0 on success and errno on failure
 273  */
 274 extern int netconf_add_filter(netconf_filter_t *filter_list);
 275
 276 /*
 277  * Delete a filter entry or list of filter entries
 278  * @param       filter_list     filter entry or list of filter entries
 279  * @return      0 on success and errno on failure
 280  */
 281 extern int netconf_del_filter(netconf_filter_t *filter_list);
 282
 283 /*
 284  * Get an array of the current filter entries
 285  * @param       filter_array    array of filter entries
 286  * @param       space           Pointer to size of filter_array in bytes
 287  * @return 0 on success and errno on failure
 288  */
 289 extern int netconf_get_filter(netconf_filter_t *filter_array, int *space);
 290
 291 extern int netconf_clamp_mss_to_pmtu(void);
 292
 293
 294 #endif /* _netconf_h_ */