// L2TPNS Global Stuff
-// $Id: l2tpns.h,v 1.35 2004/11/16 07:54:32 bodea Exp $
+// $Id: l2tpns.h,v 1.38 2004/11/27 05:19:53 bodea Exp $
#ifndef __L2TPNS_H__
#define __L2TPNS_H__
#include <sys/types.h>
#include <libcli.h>
-#define VERSION "2.0.8"
+#define VERSION "2.0.9"
// Limits
#define MAXTUNNEL 500 // could be up to 65535
#define DUMP_MAGIC "L2TPNS#" VERSION "#"
// structures
-typedef struct routes // route
+typedef struct // route
{
ipt ip;
ipt mask;
}
controlt;
-typedef struct sessions
+typedef struct
{
sessionidt next; // next session in linked list
sessionidt far; // far end session ID
ipt snoop_ip; // Interception destination IP
u16 snoop_port; // Interception destination port
u16 sid; // near end session id.
- char reserved[20]; // Space to expand structure without changing HB_VERSION
+ u8 filter_in; // input filter index (to ip_filters[N-1]; 0 if none)
+ u8 filter_out; // output filter index
+ char reserved[18]; // Space to expand structure without changing HB_VERSION
}
sessiont;
#define SF_IPCP_ACKED 1 // Has this session seen an IPCP Ack?
#define SF_LCP_ACKED 2 // LCP negotiated
+#define SF_CCP_ACKED 4 // CCP negotiated
-typedef struct {
+typedef struct
+{
u32 cin;
u32 cout;
} sessioncountt;
#define SESSIONACFC 2 // ACFC negotiated flags
// 168 bytes per tunnel
-typedef struct tunnels
+typedef struct
{
tunnelidt far; // far end tunnel ID
ipt ip; // Ip for far end
tunnelt;
// 180 bytes per radius session
-typedef struct radiuss // outstanding RADIUS requests
+typedef struct // outstanding RADIUS requests
{
sessionidt session; // which session this applies to
hasht auth; // request authenticator
#define SET_STAT(x, y)
#endif
-struct configt
+typedef struct
{
int debug; // debugging level
time_t start_time; // time when l2tpns was started
int hold;
} neighbour[BGP_NUM_PEERS];
#endif
-};
+} configt;
enum config_typet { INT, STRING, UNSIGNED_LONG, SHORT, BOOL, IP, MAC };
-struct config_descriptt
+typedef struct
{
char *key;
int offset;
int size;
enum config_typet type;
-};
+} config_descriptt;
+
+typedef struct
+{
+ u8 op; // operation
+#define FILTER_PORT_OP_NONE 0 // all ports match
+#define FILTER_PORT_OP_EQ 1
+#define FILTER_PORT_OP_NEQ 2
+#define FILTER_PORT_OP_GT 3
+#define FILTER_PORT_OP_LT 4
+#define FILTER_PORT_OP_RANGE 5
+ portt port;
+ portt port2; // for range
+} ip_filter_portt;
+
+typedef struct
+{
+ int action; // permit/deny
+#define FILTER_ACTION_DENY 1
+#define FILTER_ACTION_PERMIT 2
+ int proto; // protocol: IPPROTO_* (netinet/in.h)
+ ipt src_ip; // source ip
+ ipt src_wild;
+ ip_filter_portt src_ports;
+ ipt dst_ip; // dest ip
+ ipt dst_wild;
+ ip_filter_portt dst_ports;
+ u8 tcp_flag_op; // match type: any, all
+#define FILTER_FLAG_OP_ANY 0
+#define FILTER_FLAG_OP_ALL 1
+ u8 tcp_sflags; // flags set
+ u8 tcp_cflags; // flags clear
+} ip_filter_rulet;
+
+#define TCP_FLAG_FIN 0x01
+#define TCP_FLAG_SYN 0x02
+#define TCP_FLAG_RST 0x04
+#define TCP_FLAG_PSH 0x08
+#define TCP_FLAG_ACK 0x10
+#define TCP_FLAG_URG 0x20
+
+#define MAXFILTER 32
+#define MAXFILTER_RULES 32
+typedef struct
+{
+ char name[32]; // ACL name
+ int extended; // type: 0 = standard, 1 = extended
+ ip_filter_rulet rules[MAXFILTER_RULES];
+ int used; // session ref count
+} ip_filtert;
// arp.c
void sendarp(int ifr_idx, const unsigned char* mac, ipt ip);
}
-extern struct configt *config;
+extern configt *config;
extern time_t basetime; // Time when this process started.
extern time_t time_now; // Seconds since EPOCH.
extern u32 last_id;