NuFW: src/nufw/structure.h Source File

00001 /*
00002 ** Copyright (C) 2002-2008 INL
00003 ** Written by Éric Leblond <regit@inl.fr>
00004 ** INL http://www.inl.fr/
00005 **
00006 ** $Id: structure.h 5232 2008-11-19 15:21:29Z pollux $
00007 **
00008 ** This program is free software; you can redistribute it and/or modify
00009 ** it under the terms of the GNU General Public License as published by
00010 ** the Free Software Foundation; version 3 of the License.
00011 **
00012 ** This program is distributed in the hope that it will be useful,
00013 ** but WITHOUT ANY WARRANTY; without even the implied warranty of
00014 ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
00015 ** GNU General Public License for more details.
00016 **
00017 ** You should have received a copy of the GNU General Public License
00018 ** along with this program; if not, write to the Free Software
00019 ** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
00020 */
00021 
00029 #ifndef STRUCTURE_HEADER
00030 #define STRUCTURE_HEADER
00031 
00032 #ifndef NUFW_HEADER_H
00033 #   error "include nufw.h instead of structure.h"
00034 #endif
00035 
00036 #include <semaphore.h>
00037 #include <sys/types.h>
00038 #include <unistd.h>
00039 #include <stdlib.h>
00040 #include <stdio.h>
00041 #include <pthread.h>
00042 #include <netinet/in.h>
00043 #include <netinet/ip.h>
00044 #include <netinet/tcp.h>
00045 #include <netinet/udp.h>
00046 #include <arpa/inet.h>
00047 #include <linux/netfilter.h>
00048 #include <time.h>
00049 #include "config.h"
00050 
00051 #include "proto.h"
00052 
00053 #define AUTHREQ_ADDR  "127.0.0.1"       
00054 #define TRACK_SIZE 1000         
00055 #define PACKET_TIMEOUT 15       
00056 #define HOSTNAME_SIZE 256       
00057 #define FILENAME_SIZE 256       
00059 extern char *cert_file;         
00060 extern char *key_file;          
00061 char *ca_file;                  
00062 char *crl_file;                 
00063 char *nuauth_cert_dn;           
00066 char authreq_addr[HOSTNAME_SIZE];
00067 
00069 unsigned int authreq_port;
00070 
00072 int packet_timeout;
00073 
00075 int track_size;
00076 
00078 int nufw_set_mark;
00079 
00081 int nufw_strict_tls;
00082 
00087 typedef enum {
00088         PCKT_NONE = 0,
00089         PCKT_WAITING,
00090         PCKT_SENT,
00091         PCKT_ANSWERED
00092 } pckt_state_t;
00093 
00099 typedef struct Packet_Ids {
00102         unsigned long id;
00103 
00104         pckt_state_t state;
00105 
00107         long timestamp;
00108 #ifdef PERF_DISPLAY_ENABLE
00109         struct timeval arrival_time;
00110 #endif
00111 
00112 #if (HAVE_LIBIPQ_MARK || USE_NFQUEUE)
00113 
00114         unsigned long nfmark;
00115 #endif
00116 
00119         struct Packet_Ids *next;
00120 } packet_idl;
00121 
00122 /***** Pack list ****/
00123 
00129 struct packets_list_t {
00130         packet_idl *start;      
00131         packet_idl *end;        
00132         int length;             
00133         pthread_mutex_t mutex;
00134 } packets_list;
00135 
00139 struct nufw_signals {
00140         struct sigaction old_sigterm_hdl;
00141         struct sigaction old_sigint_hdl;
00142 };
00143 
00144 #if USE_NFQUEUE
00145 struct nfq_q_handle *hndl;
00146 #else
00147 /* ipq handler */
00148 struct ipq_handle *hndl;
00149 #endif
00150 
00154 struct nufw_threadtype {
00155         pthread_t thread;
00156         pthread_mutex_t mutex;
00157 };
00158 
00162 struct nufw_threadargument {
00163         struct nufw_threadtype *thread;
00164         int parent_pid;
00165 };
00166 
00167 /* mutex */
00168 extern pthread_mutex_t ipq_mutex;
00169 
00180 #if USE_NFQUEUE
00181 #define IPQ_SET_VERDICT(PACKETID, DECISION) \
00182         do { \
00183                 pthread_mutex_lock(&ipq_mutex); \
00184                 nfq_set_verdict(hndl, PACKETID, DECISION, 0 , NULL); \
00185                 pthread_mutex_unlock(&ipq_mutex); \
00186         } while(0)
00187 
00188 #define IPQ_SET_VWMARK(PACKETID, DECISION, NFMARK) \
00189         do { \
00190                 pthread_mutex_lock(&ipq_mutex); \
00191                 nfq_set_verdict_mark(hndl, PACKETID, DECISION, NFMARK, 0, NULL); \
00192                 pthread_mutex_unlock(&ipq_mutex); \
00193         } while(0)
00194 #else
00195 #define IPQ_SET_VERDICT(PACKETID, DECISION) \
00196         do { \
00197                 pthread_mutex_lock(&ipq_mutex); \
00198                 ipq_set_verdict(hndl, PACKETID, DECISION,0,NULL); \
00199                 pthread_mutex_unlock(&ipq_mutex); \
00200         } while(0)
00201 
00202 #define IPQ_SET_VWMARK(PACKETID, DECISION, NFMARK) \
00203         do { \
00204                 pthread_mutex_lock(&ipq_mutex); \
00205                 ipq_set_vwmark(hndl, PACKETID, DECISION, NFMARK,0,NULL); \
00206                 pthread_mutex_unlock(&ipq_mutex); \
00207         } while(0)
00208 #endif
00209 
00210 int pckt_tx;                    
00211 int pckt_rx;                    
00213 #endif                          /* ifndef STRUCTURE_HEADER */