ipaccess.h

用于嵌入式系统的TCP/IP协议栈及若干服务

/*
*            Copyright (c) 1998-2001 by NETsilicon Inc.
*
*  This software is copyrighted by and is the sole property of
*  NETsilicon.  All rights, title, ownership, or other interests
*  in the software remain the property of NETsilicon.  This
*  software may only be used in accordance with the corresponding
*  license agreement.  Any unauthorized use, duplication, transmission,
*  distribution, or disclosure of this software is expressly forbidden.
*
*  This Copyright notice may not be removed or modified without prior
*  written consent of NETsilicon.
*
*  NETsilicon, reserves the right to modify this software
*  without notice.
*
*  NETsilicon
*  411 Waverley Oaks Road                  USA 781.647.1234
*  Suite 227                               http://www.netsilicon.com
*  Waltham, MA 02452                       AmericaSales@netsilicon.com
*
*************************************************************************
*  $Name: Fusion 6.52 Fusion 6.51 $
*  $Date: 2001/09/20 10:32:04 $
*  $Source: M:/psisrc/routing/incl/rcs/ipaccess.h $
*  $Revision: 1.3 $
*************************************************************************
*  File Description: Definitions for using Access lists.
*************************************************************************/

/*****************************************

NOTE: start port specific area

*****************************************/

/* set true if you want to perform ip access list checking
   during forwarding, can slow forwarding perfromance.
   Also needed for bgp and route redistibution functions.
*/
#define IP_ACCESS_CONTROL		1

/* access control blocks */
#define ipAccListAlloc(len)		malloc(len)
#define ipAccListFree(ptr)		free(ptr)
#define ipAccEntAlloc(len)		malloc(len)
#define ipAccEntFree(ptr)		free(ptr)
#define ipRmapListAlloc()	    (RTMAP_LIST *)malloc(sizeof(RTMAP_LIST))
#define ipRmapListFree(ptr)	    free(ptr)

#define ipRmapEntAlloc()	    (RTMAP_ENT *)malloc(sizeof(RTMAP_ENT))
#define ipRmapEntFree(ptr)	    free(ptr)


/*****************************************

NOTE: end port specific area

*****************************************/


#define IPAL_NOLIST   -1
#define IPAL_PERMIT    0
#define IPAL_DENY      1

/* list head struct: list consists of head plus
   list of access entries
*/
typedef struct ipaccess_list{
	struct ipaccess_list	*fwd;
	struct ipaccess_list	*bwd;
	int					    id;
	struct ipaccess_ent		*efwd;
	struct ipaccess_ent		*ebwd;
}IPACC_LIST;

/* for access entry that has protocol check,
   each protocol has own semantics and own
   struct
*/
typedef struct ipacc_udp{
	int 		cmp;
	word		dport;
}IPACC_UDP;

typedef struct ipacc_tcp{
	int 		cmp;
	word		dport;
	byte		flags;
}IPACC_TCP;

typedef struct ipacc_icmp{
	byte 	    type;
	byte		code;
}IPACC_ICMP;

typedef struct ipacc_igmp{
	byte		type;
}IPACC_IGMP;


typedef struct ipacc_information{
	int					    denyval;	/*1 deny,0 permit*/
	IPNA				    src;
	IPNA				    dst;
	int					    type;
	byte				    protocol;
	union{
		struct ipacc_udp	udp;	
		struct ipacc_tcp	tcp;	
		struct ipacc_icmp	icmp;	
		struct ipacc_igmp	igmp;	
	}u;
}IPACC_INFO;

/* access entry */
typedef struct ipaccess_ent{
	struct ipaccess_ent		*fwd;
	struct ipaccess_ent		*bwd;
	int					    listid;
	IPACC_INFO			    u;
}IPACC_ENT;


#define IPACC_IN		1
#define IPACC_OUT		2

/* types, ip or aspath (for bgp) */
#define IPACCT_IP		1
#define IPACCT_ASP		2

#define IPACC_CMP_NONE	255	/* cant be 0 (icmp echo) */
#define IPACC_CMP_EQ	1
#define IPACC_CMP_GT	2
#define IPACC_CMP_LT	3


/* routes maps:
   list head struct: list consists of head plus
   sequnce of entries of form [match[match...]][set[set..].
   If there are no match entries, everything matches. If
   there is no match, the route is filtered. If there is a 
   match and denyval is true, the route is filtered.



*/
typedef struct rtmap_list{
	struct rtmap_list	    *fwd;
	struct rtmap_list	    *bwd;
	int					    id;
	struct rtmap_ent		*efwd;
	struct rtmap_ent		*ebwd;
}RTMAP_LIST;


/* map entry */
typedef struct rtmap_ent{
	struct rtmap_ent	*fwd;
	struct rtmap_ent	*bwd;
	int					ms;		/* match or set */
	int					code;	/* match/set type */
	int					mapid;
	int					listid;	/* asp/access list */
	dword				val;		/* code dependent */
	int					seq;
	int					denyval;	/*1 deny,0 permit*/
}RTMAP_ENT;

#define RTMAP_MS_MATCH	1
#define RTMAP_MS_SET	2

/* match condition uses value, not list */
#define RTMAP_MATCH_VAL  0x80

/* code values */
#define RTMAP_MATCH_ASP	    1		/* aspath list */
#define RTMAP_MATCH_ACC	    2		/* access list */
#define RTMAP_MATCH_NHOP	3		/* next hop */
#define RTMAP_MATCH_COMM	4		/* community */
#define RTMAP_MATCH_RTYPE	0x85		/* internal/eternal */
#define RTMAP_MATCH_IFACE	0x86
#define RTMAP_MATCH_SRC		7
#define RTMAP_MATCH_MET		0x88
#define RTMAP_MATCH_TAG		0x89
/* wildcard match, used for route map sequence with
   no match or set conditions
*/
#define RTMAP_MATCH_ANY       0x0a

#define RTMAP_SET_LPREF	    1		/* local preference */
#define RTMAP_SET_WEIGHT	2		/* route weight */
#define RTMAP_SET_NHOP	    3		/* next hop */
#define RTMAP_SET_MET		4		/* metric (MED) */
#define RTMAP_SET_ASP		5		/* modify path */
#define RTMAP_SET_COMM	    6		/* community */
#define RTMAP_SET_AUTOTAG	7
#define RTMAP_SET_LEVEL		8
#define RTMAP_SET_METTYPE	9
#define RTMAP_SET_TAG		10
#define RTMAP_SET_ORIGIN    11

#define RTMAP_MATCH_INTERNAL	1
#define RTMAP_MATCH_EXTERNAL	2

#define RMC_SEQ_MATCH      1
#define RMC_SEQ_NOMATCH    2

/* used for RTMAP_MATCH_RTYPE */
#define RMC_RTYPE_ANY          0   /* ospf int/ext, isis1-2*/
#define RMC_RTYPE_INTRA        1   /* rip, ospf intra */
#define RMC_RTYPE_EXT          2   /* ospf ext 1 or 2 */
#define RMC_RTYPE_EXT1         3   /* ospf ext type 1 */
#define RMC_RTYPE_EXT2         4   /* ospf ext type 2 */
#define RMC_RTYPE_L1           5   /* isis level 1 */
#define RMC_RTYPE_L2           6   /* isis level 2 */

#define RMC_SET_DEFAULT        0

/* used for RTMAP_SET_METTYPE */
#define RMC_METTYPE_INT        1	/* isis */
#define RMC_METTYPE_EXT        2	/* isis */
#define RMC_METTYPE_1          3   /* ospf ext 1*/
#define RMC_METTYPE_2          4   /* ospf ext 2*/

/* used for RTMAP_SET_LEVEL */
#define RMC_LEVEL_1            1	/* isis */
#define RMC_LEVEL_2            2	/* isis */
#define RMC_LEVEL_1_2          3	/* isis */
#define RMC_LEVEL_NSSA         4   /* ospf */
#define RMC_LEVEL_BBONE        5   /* ospf */

#define RMC_ORIGIN_IGP         1
#define RMC_ORIGIN_EGP         2
#define RMC_ORIGIN_INC         3

#if 0 /* Until access lists are supported */
fnc_prot(int ,ipAccessListCheck,(int,rripa,rripa))
#else
#define ipAccessListCheck(a,b,c) 0
#endif

fnc_prot(void, ipRmapListDelete,(int id,int))
fnc_prot(RTMAP_LIST *,ipRmapListFind,(int))
fnc_prot(int, ipAddRmapEntry,(int id, RTMAP_ENT *ent))
fnc_prot(void, ipDelRmapEntry,(int id, RTMAP_ENT *ent))
fnc_prot(IPACC_LIST *,ipAccessListFind,(int))