src/helper/helper-firewall.h

   1 /*
   2  * Copyright (c) 2016 Samsung Electronics Co., Ltd.
   3  *
   4  * Licensed under the Apache License, Version 2.0 (the "License");
   5  * you may not use this file except in compliance with the License.
   6  * You may obtain a copy of the License at
   7  *
   8  * http://www.apache.org/licenses/LICENSE-2.0
   9  *
  10  * Unless required by applicable law or agreed to in writing, software
  11  * distributed under the License is distributed on an "AS IS" BASIS,
  12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  13  * See the License for the specific language governing permissions and
  14  * limitations under the License.
  15  */
  16
  17 #ifndef __STC_HELPER_FIREWALL_H__
  18 #define __STC_HELPER_FIREWALL_H__
  19
  20 #include <arpa/inet.h>
  21
  22 #include "stc-manager.h"
  23 #include "stc-error.h"
  24
  25 #define FIREWALL_CHAIN_TARGET_IN     "STC_IN"
  26 #define FIREWALL_CHAIN_TARGET_OUT    "STC_OUT"
  27
  28 #define FIREWALL_RULE_TARGET_ACCEPT  "ACCEPT"
  29 #define FIREWALL_RULE_TARGET_DROP    "DROP"
  30 #define FIREWALL_RULE_TARGET_LOG     "LOG"
  31 #define FIREWALL_RULE_TARGET_NFLOG   "NFLOG"
  32
  33 #define RULE_CHAIN      "chain"
  34 #define RULE_DIRECTION  "direction"
  35 #define RULE_IFNAME     "ifname"
  36 #define RULE_PROTOCOL   "protocol"
  37 #define RULE_TARGET     "target"
  38 #define RULE_TARGETTYPE "target_type"
  39
  40 #define RULE_FAMILY     "family"
  41 #define RULE_SIPTYPE    "s_ip_type"
  42 #define RULE_SIP1       "s_ip1"
  43 #define RULE_SIP2       "s_ip2"
  44 #define RULE_DIPTYPE    "d_ip_type"
  45 #define RULE_DIP1       "d_ip1"
  46 #define RULE_DIP2       "d_ip2"
  47 #define RULE_SPORTTYPE  "s_port_type"
  48 #define RULE_SPORT1     "s_port1"
  49 #define RULE_SPORT2     "s_port2"
  50 #define RULE_DPORTTYPE  "d_port_type"
  51 #define RULE_DPORT1     "d_port1"
  52 #define RULE_DPORT2     "d_port2"
  53
  54 #define RULE_LOG_LEVEL       "log_level"
  55 #define RULE_LOG_PREFIX      "log_prefix"
  56 #define RULE_NFLOG_GROUP     "nflog_group"
  57 #define RULE_NFLOG_PREFIX    "nflog_prefix"
  58 #define RULE_NFLOG_RANGE     "nflog_range"
  59 #define RULE_NFLOG_THRESHOLD "nflog_threshold"
  60
  61 typedef enum {
  62         FIREWALL_UNKONWN,
  63         FIREWALL_UNLOCKED,
  64         FIREWALL_LOCKED
  65 } firewall_lock_e;
  66
  67 typedef union {
  68         struct in_addr Ipv4;
  69         struct in6_addr Ipv6;
  70 } ip_addr_u;
  71
  72 typedef struct {
  73         char *chain;
  74         stc_fw_chain_target_e target;
  75         guint priority;
  76 } firewall_chain_s;
  77
  78 typedef struct {
  79         guint key;
  80         char *chain;
  81         stc_fw_direction_e direction;
  82         stc_fw_ip_type_e s_ip_type;
  83         stc_fw_ip_type_e d_ip_type;
  84         stc_fw_port_type_e s_port_type;
  85         stc_fw_port_type_e d_port_type;
  86         stc_fw_protocol_type_e protocol;
  87         stc_fw_family_type_e family;
  88         ip_addr_u s_ip1;
  89         ip_addr_u s_ip2;
  90         ip_addr_u d_ip1;
  91         ip_addr_u d_ip2;
  92         guint s_port1;
  93         guint s_port2;
  94         guint d_port1;
  95         guint d_port2;
  96         char *ifname;
  97         stc_fw_rule_target_e target;
  98         char *target_str;
  99         guchar log_level;
 100         char *log_prefix;
 101         guint nflog_group;
 102         char *nflog_prefix;
 103         guint nflog_range;
 104         guint nflog_threshold;
 105         char *identifier;
 106 } firewall_rule_s;
 107
 108 stc_error_e firewall_chain_add(firewall_chain_s *chain);
 109 stc_error_e firewall_chain_remove(firewall_chain_s *chain);
 110 stc_error_e firewall_chain_flush(firewall_chain_s *chain);
 111 stc_error_e firewall_chain_set(firewall_chain_s *chain);
 112 stc_error_e firewall_chain_unset(firewall_chain_s *chain);
 113
 114 stc_error_e firewall_rule_add(firewall_rule_s *rule);
 115 stc_error_e firewall_rule_remove(firewall_rule_s *rule);
 116
 117 #endif  /*__STC_HELPER_FIREWALL_H__*/