| 47ae8457 |
/*
* OpenVPN -- An application to securely tunnel IP networks
* over a single TCP/UDP port, with support for SSL/TLS-based
* session authentication and key exchange,
* packet encryption, packet authentication, and
* packet compression.
* |
| 58716979 |
* Copyright (C) 2002-2017 OpenVPN Technologies, Inc. <sales@openvpn.net> |
| 47ae8457 |
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2
* as published by the Free Software Foundation.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
* |
| caa54ac3 |
* You should have received a copy of the GNU General Public License along
* with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. |
| 47ae8457 |
*/
/* packet filter functions */
#if defined(ENABLE_PF) && !defined(OPENVPN_PF_H)
#define OPENVPN_PF_H
#include "list.h"
#include "mroute.h"
|
| 90efcacb |
#define PF_MAX_LINE_LEN 256 |
| 47ae8457 |
struct context;
struct ipv4_subnet { |
| 81d882d5 |
bool exclude;
in_addr_t network;
in_addr_t netmask; |
| 47ae8457 |
};
struct pf_subnet { |
| 81d882d5 |
struct pf_subnet *next;
struct ipv4_subnet rule; |
| 47ae8457 |
};
struct pf_subnet_set { |
| 81d882d5 |
bool default_allow;
struct pf_subnet *list; |
| 47ae8457 |
};
struct pf_cn { |
| 81d882d5 |
bool exclude;
char *cn; |
| 47ae8457 |
};
struct pf_cn_elem { |
| 81d882d5 |
struct pf_cn_elem *next;
struct pf_cn rule; |
| 47ae8457 |
};
struct pf_cn_set { |
| 81d882d5 |
bool default_allow;
struct pf_cn_elem *list;
struct hash *hash_table; |
| 47ae8457 |
};
struct pf_set { |
| 81d882d5 |
bool kill;
struct pf_subnet_set sns;
struct pf_cn_set cns; |
| 47ae8457 |
};
struct pf_context { |
| 81d882d5 |
bool enabled;
struct pf_set *pfs; |
| 90efcacb |
#ifdef PLUGIN_PF |
| d2342067 |
const char *filename; |
| 81d882d5 |
time_t file_last_mod;
unsigned int n_check_reload;
struct event_timeout reload; |
| 90efcacb |
#endif |
| 47ae8457 |
};
|
| 81d882d5 |
void pf_init_context(struct context *c); |
| 47ae8457 |
|
| 81d882d5 |
void pf_destroy_context(struct pf_context *pfc); |
| 47ae8457 |
|
| 90efcacb |
#ifdef PLUGIN_PF |
| 81d882d5 |
void pf_check_reload(struct context *c);
|
| 90efcacb |
#endif |
| 47ae8457 |
|
| 90efcacb |
#ifdef MANAGEMENT_PF |
| 81d882d5 |
bool pf_load_from_buffer_list(struct context *c, const struct buffer_list *config);
|
| 90efcacb |
#endif |
| 47ae8457 |
|
| 90efcacb |
#ifdef ENABLE_DEBUG |
| 81d882d5 |
void pf_context_print(const struct pf_context *pfc, const char *prefix, const int lev); |
| 47ae8457 |
#endif |
| 81d882d5 |
#endif /* if defined(ENABLE_PF) && !defined(OPENVPN_PF_H) */ |