blob: ff75a002248fd80882e68977075b074d61edc40f [file] [log] [blame]
/*
* OpenVPN -- An application to securely tunnel IP networks
* over a single TCP/UDP port, with support for SSL/TLS-based
* session authentication and key exchange,
* packet encryption, packet authentication, and
* packet compression.
*
* Copyright (C) 2002-2018 OpenVPN Inc <sales@openvpn.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2
* as published by the Free Software Foundation.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License along
* with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
/* packet filter functions */
#if defined(ENABLE_PF) && !defined(OPENVPN_PF_H)
#define OPENVPN_PF_H
#include "list.h"
#include "mroute.h"
#define PF_MAX_LINE_LEN 256
struct context;
struct ipv4_subnet {
bool exclude;
in_addr_t network;
in_addr_t netmask;
};
struct pf_subnet {
struct pf_subnet *next;
struct ipv4_subnet rule;
};
struct pf_subnet_set {
bool default_allow;
struct pf_subnet *list;
};
struct pf_cn {
bool exclude;
char *cn;
};
struct pf_cn_elem {
struct pf_cn_elem *next;
struct pf_cn rule;
};
struct pf_cn_set {
bool default_allow;
struct pf_cn_elem *list;
struct hash *hash_table;
};
struct pf_set {
bool kill;
struct pf_subnet_set sns;
struct pf_cn_set cns;
};
struct pf_context {
bool enabled;
struct pf_set *pfs;
#ifdef PLUGIN_PF
char *filename;
time_t file_last_mod;
unsigned int n_check_reload;
struct event_timeout reload;
#endif
};
void pf_init_context(struct context *c);
void pf_destroy_context(struct pf_context *pfc);
#ifdef PLUGIN_PF
void pf_check_reload(struct context *c);
#endif
#ifdef MANAGEMENT_PF
bool pf_load_from_buffer_list(struct context *c, const struct buffer_list *config);
#endif
#ifdef ENABLE_DEBUG
void pf_context_print(const struct pf_context *pfc, const char *prefix, const int lev);
#endif
#endif /* if defined(ENABLE_PF) && !defined(OPENVPN_PF_H) */