1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
|
#ifndef __GRULE_H
#define __GRULE_H
#ifdef __cplusplus
extern "C" {
#endif
#include <netinet/ip.h>
typedef void * grule_hdl_t;
//typedef void * rule_item_t;
#if __BYTE_ORDER != __LITTLE_ENDIAN
#error "machine is not little-endian"
#endif
/*#define GRULE_TYPE_SIP 1
#define GRULE_TYPE_SIP_DIP 5
#define GRULE_TYPE_SIP_SPORT 9
#define GRULE_TYPE_SIP_PROTO 257
#define GRULE_TYPE_SIP_SPORT_PROTO 273
#define GRULE_TYPE_SIP_DPORT 65
#define GRULE_TYPE_SIP_DPORT_PROTO 321
#define GRULE_TYPE_SIP_DIP_PROTO 261
#define GRULE_TYPE_DIP 4
#define GRULE_TYPE_DIP_DPORT 68
#define GRULE_TYPE_DIP_DPORT_PROTO 324
#define GRULE_TYPE_DIP_PROTO 260
#define GRULE_TYPE_DIP_SPORT_PROTO 276
*/
typedef union{
struct{
uint16_t sip_flag:1;
uint16_t sipmsk_flag:1;
uint16_t dip_flag:1;
uint16_t dipmsk_flag:1;
uint16_t sport_flag:1;
uint16_t spmsk_flag:1;
uint16_t dport_flag:1;
uint16_t dpmsk_flag:1;
uint16_t proto_flag:1;
uint16_t pmsk_flag:1;
uint16_t resv:6; // resv must be zero
};
uint16_t grule_type;
}grule_type_t;
typedef uint32_t ip4_addr_t;
typedef uint16_t port_t;
typedef union{
unsigned long ip6_l[2];
unsigned int ip6_i[4];
unsigned char ip6_c[16];
}ip6_addr_t;
typedef struct{
ip4_addr_t sip;
ip4_addr_t dip;
port_t sport;
port_t dport;
uint8_t proto;
}simple4_rule_t;
typedef struct{
ip6_addr_t sip;
ip6_addr_t dip;
port_t sport;
port_t dport;
uint8_t proto;
}simple6_rule_t;
typedef struct{
ip4_addr_t sip;
ip4_addr_t sip_mask;
ip4_addr_t dip;
ip4_addr_t dip_mask;
port_t sport;
port_t sport_mask;
port_t dport;
port_t dport_mask;
uint8_t proto;
uint8_t proto_mask;
}mask4_rule_t;
typedef struct{
ip6_addr_t sip;
ip6_addr_t sip_mask;
ip6_addr_t dip;
ip6_addr_t dip_mask;
port_t sport;
port_t sport_mask;
port_t dport;
port_t dport_mask;
uint8_t proto;
uint8_t proto_mask;
}mask6_rule_t;
#define GRULE_BIG_TYPE_SIMPLE4 1
#define GRULE_BIG_TYPE_SIMPLE6 2
#define GRULE_BIG_TYPE_MASK4 3
#define GRULE_BIG_TYPE_MASK6 4
#define GRULE_ACTION_ADD 1
#define GRULE_ACTION_DEL 2
typedef struct{
uint64_t rule_id;// rule uniq id
uint32_t srv_type; // rule service type
uint32_t rule_scope; // rule scope, such as all of carrier, China unicom
uint16_t big_type; // GRULE_BIG_TYPE_SIMPLE4, GRULE_BIG_TYPE_SIMPLE6, GRULE_BIG_TYPE_MASK4,
uint16_t durable; // rule is durable
uint16_t action; // add or delete
grule_type_t rule_type;
union{
simple4_rule_t s4;
simple6_rule_t s6;
mask4_rule_t m4;
mask6_rule_t m6;
};
}grule_t;
#define GRULE_SOL_PROTO 1
#define GRULE_TYPE_AUTH 1
#define GRULE_TYPE_NONBLOCK 2
#define GRULE_OK 0
#define GRULE_ERR -1
#define GRULE_ERRNO_AGAIN 99
#define GRULE_ERRNO_BAD_RULE 100
#define GRULE_ERRNO_BAD_OPT 101
#define GRULE_ERRNO_BAD_CONNECTION 102
#define GRULE_ERRNO_AUTH 103
#define GRULE_RESP_OK 0
#define GRULE_RESP_WHITELIST 1
typedef struct{
//uint64_t rule_id;
uint32_t result;
}grule_result_t;
/*
* return 0, if rule is ok. otherwise rule is bad.
*/
int grule_check_rule(const grule_t * rule);
/*#define GRULE_APP_STATUS_AUTHING 1 // authenticaing, it cannot send data;
#define GRULE_APP_STATUS_AUTH_ERROR 2
//#define GRULE_APP_STATUS_AUTH_SUCC
#define GRULE_APP_STATUS_CONNECTED 3 // connected, send all durable rules;
#define GRULE_APP_STATUS_ACTIVE 4 // active, send one rule;
#define GRULE_APP_STATUS_CLOSE 5 // close.
*/
#define GRULE_APP_STATUS_IDLE 1
#define GRULE_APP_STATUS_CONNECTED 2
#define GRULE_APP_STATUS_ACTIVE 3
//int grule_restart(grule_hdl_t hdl);
/*
get app status
return -1 if it failed, otherwise return status
*/
int grule_app_status(grule_hdl_t hdl);
/*
init grule handle
*/
grule_hdl_t grule_open();
/*
get option value of rule handle, including rule handle, tcp.
return 0 if it succeded, otherwise -1. grule_errno() indicates the detailed error.
*/
int grule_opt_get(grule_hdl_t hdl, int level, int type, void * opt, size_t opt_size);
/*
* set option of rule handle
return 0 if it succeded, otherwise -1. grule_errno() indicates the detailed error.
*/
int grule_opt_set(grule_hdl_t hdl, int level, int type, const void * opt, size_t opt_size);
/*
* connect server;
return 0 if it succeded, otherwise -1. grule_errno() indicates the detailed error.
*/
int grule_connect(grule_hdl_t hdl, const char * addr);
/*
* send rules, flags=0
* return > 1 if it succeded, 0: connecting state, try again, <0 rule error
*/
int grule_send(grule_hdl_t hdl, grule_t *rules, size_t rule_num, int flags);
/*
* recieve result;flags=0
* return 0 if it succeded, otherwise -1. grule_errno() indicates the detailed error.
*/
int grule_recv(grule_hdl_t hdl, grule_result_t *rst, size_t rst_num, int flags);
/*
* get error info of result;
*/
const char * grule_bad_results_str(grule_result_t *rst);
const char * grule_error_str(int err_no);
int grule_errno(grule_hdl_t hdl);
/*
* release hdl
*/
int grule_close(grule_hdl_t hdl);
void parse_rule(grule_t * rule);
char * parse_rule_str(grule_t * rule, char * buf, size_t *size);
char * parse_rule_str_full(grule_t * rule, char * buf, size_t *size);
//usage
#define RULE_SIP 0x0001
#define RULE_SIPMASK 0x0002
#define RULE_DIP 0x0004
#define RULE_DIPMASK 0x0008
#define RULE_SPORT 0x0010
#define RULE_SPMASK 0x0020
#define RULE_DPORT 0x0040
#define RULE_DPMASK 0x0080
#define RULE_PROTO 0x0100
#define RULE_PMASK 0x0200
#ifdef __cplusplus
}
#endif
#endif
|
