+} config_descriptt;
+
+typedef struct
+{
+ uint8_t op; // operation
+#define FILTER_PORT_OP_NONE 0 // all ports match
+#define FILTER_PORT_OP_EQ 1
+#define FILTER_PORT_OP_NEQ 2
+#define FILTER_PORT_OP_GT 3
+#define FILTER_PORT_OP_LT 4
+#define FILTER_PORT_OP_RANGE 5
+ uint16_t port; // port (host byte order)
+ uint16_t port2; // range
+} ip_filter_portt;
+
+typedef struct
+{
+ int action; // permit/deny
+#define FILTER_ACTION_DENY 1
+#define FILTER_ACTION_PERMIT 2
+ uint8_t proto; // protocol: IPPROTO_* (netinet/in.h)
+ in_addr_t src_ip; // source ip (network byte order)
+ in_addr_t src_wild;
+ ip_filter_portt src_ports;
+ in_addr_t dst_ip; // dest ip
+ in_addr_t dst_wild;
+ ip_filter_portt dst_ports;
+ uint8_t frag; // apply to non-initial fragments
+ uint8_t tcp_flag_op; // match type: any, all, established
+#define FILTER_FLAG_OP_ANY 1
+#define FILTER_FLAG_OP_ALL 2
+#define FILTER_FLAG_OP_EST 3
+ uint8_t tcp_sflags; // flags set
+ uint8_t tcp_cflags; // flags clear
+ uint32_t counter; // match count
+} ip_filter_rulet;
+
+#define TCP_FLAG_FIN 0x01
+#define TCP_FLAG_SYN 0x02
+#define TCP_FLAG_RST 0x04
+#define TCP_FLAG_PSH 0x08
+#define TCP_FLAG_ACK 0x10
+#define TCP_FLAG_URG 0x20
+
+#define MAXFILTER 32
+#define MAXFILTER_RULES 32
+typedef struct
+{
+ char name[32]; // ACL name
+ int extended; // type: 0 = standard, 1 = extended
+ ip_filter_rulet rules[MAXFILTER_RULES];
+ int used; // session ref count
+} ip_filtert;
+
+// CDN result/error codes
+#define CDN_NONE 0, 0
+#define CDN_TRY_ANOTHER 2, 7
+#define CDN_ADMIN_DISC 3, 0
+#define CDN_UNAVAILABLE 4, 0
+
+// RADIUS Acct-Terminate-Cause values
+#define TERM_USER_REQUEST 1
+#define TERM_LOST_CARRIER 2
+#define TERM_LOST_SERVICE 3
+#define TERM_IDLE_TIMEOUT 4
+#define TERM_SESSION_TIMEOUT 5
+#define TERM_ADMIN_RESET 6
+#define TERM_ADMIN_REBOOT 7
+#define TERM_PORT_ERROR 8
+#define TERM_NAS_ERROR 9
+#define TERM_NAS_REQUEST 10
+#define TERM_NAS_REBOOT 11
+#define TERM_PORT_UNNEEDED 12
+#define TERM_PORT_PREEMPTED 13
+#define TERM_PORT_SUSPENDED 14
+#define TERM_SERVICE_UNAVAILABLE 15
+#define TERM_CALLBACK 16
+#define TERM_USER_ERROR 17
+#define TERM_HOST_REQUEST 18
+#define TERM_SUPPLICANT_RESTART 19
+#define TERM_REAUTHENTICATION_FAILURE 20
+#define TERM_PORT_REINIT 21
+#define TERM_PORT_DISABLED 22
+
+// on slaves, alow BGP to withdraw cleanly before exiting
+#define QUIT_DELAY 5
+
+// quit actions (master)
+#define QUIT_FAILOVER 1 // SIGTERM: exit when all control messages have been acked (for cluster failover)
+#define QUIT_SHUTDOWN 2 // SIGQUIT: shutdown sessions/tunnels, reject new connections