// L2TPNS Global Stuff
-// $Id: l2tpns.h,v 1.38 2004-11-27 05:19:53 bodea Exp $
+// $Id: l2tpns.h,v 1.40 2004-11-28 20:10:04 bodea Exp $
#ifndef __L2TPNS_H__
#define __L2TPNS_H__
u16 snoop_port;
int throttle_in;
int throttle_out;
+ int filter_in;
+ int filter_out;
};
#define CLI_SESS_KILL 0x01
#define CLI_SESS_NOSNOOP 0x04
#define CLI_SESS_THROTTLE 0x08
#define CLI_SESS_NOTHROTTLE 0x10
+#define CLI_SESS_FILTER 0x20
+#define CLI_SESS_NOFILTER 0x40
struct cli_tunnel_actions {
char action;
#define FILTER_PORT_OP_GT 3
#define FILTER_PORT_OP_LT 4
#define FILTER_PORT_OP_RANGE 5
- portt port;
- portt port2; // for range
+ portt port; // port (host byte order)
+ portt port2; // range
} ip_filter_portt;
typedef struct
int action; // permit/deny
#define FILTER_ACTION_DENY 1
#define FILTER_ACTION_PERMIT 2
- int proto; // protocol: IPPROTO_* (netinet/in.h)
- ipt src_ip; // source ip
+ u8 proto; // protocol: IPPROTO_* (netinet/in.h)
+ ipt src_ip; // source ip (network byte order)
ipt src_wild;
ip_filter_portt src_ports;
ipt dst_ip; // dest ip
ipt dst_wild;
ip_filter_portt dst_ports;
u8 tcp_flag_op; // match type: any, all
-#define FILTER_FLAG_OP_ANY 0
-#define FILTER_FLAG_OP_ALL 1
+#define FILTER_FLAG_OP_ANY 1
+#define FILTER_FLAG_OP_ALL 2
u8 tcp_sflags; // flags set
u8 tcp_cflags; // flags clear
} ip_filter_rulet;
void sendipcp(tunnelidt t, sessionidt s);
void processudp(u8 * buf, int len, struct sockaddr_in *addr);
void snoop_send_packet(char *packet, u16 size, ipt destination, u16 port);
+int ip_filter(u8 *buf, int len, u8 filter);
int cmd_show_ipcache(struct cli_def *cli, char *command, char **argv, int argc);
int cmd_show_hist_idle(struct cli_def *cli, char *command, char **argv, int argc);
int cmd_show_hist_open(struct cli_def *cli, char *command, char **argv, int argc);