/* * Copyright (C) 2019-2024 by Sukchan Lee * * This file is part of Open5GS. * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU Affero General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . */ #ifndef OGS_IPFW_H #define OGS_IPFW_H #ifdef __cplusplus extern "C" { #endif #include "proto/ogs-proto.h" typedef struct ogs_ipfw_rule_s { uint8_t proto; uint8_t ipv4_src; uint8_t ipv4_dst; uint8_t ipv6_src; uint8_t ipv6_dst; struct { struct { uint32_t addr[4]; uint32_t mask[4]; } src; struct { uint32_t addr[4]; uint32_t mask[4]; } dst; } ip; struct { struct { uint16_t low; uint16_t high; } src; struct { uint16_t low; uint16_t high; } dst; } port; uint16_t tos_traffic_class; uint32_t security_parameter_index; uint32_t flow_label; /* 24bit */ uint32_t sdf_filter_id; } ogs_ipfw_rule_t; int ogs_ipfw_compile_rule(ogs_ipfw_rule_t *ipfw_rule, char *flow_description); char *ogs_ipfw_encode_flow_description(ogs_ipfw_rule_t *ipfw_rule); /* * Refer to lib/ipfw/ogs-ipfw.h * Issue #338 * * > * RX : permit out from

to * GX : permit out from

to * PFCP : permit out from

to * RULE : Source

Destination * TFT : Local REMOTE

* * * RX : permit in from to

* GX : permit out from

to * PFCP : permit out from

to * RULE : Source Destination

* TFT : Local REMOTE

*/ ogs_ipfw_rule_t *ogs_ipfw_copy_and_swap( ogs_ipfw_rule_t *dst, ogs_ipfw_rule_t *src); void ogs_ipfw_rule_swap(ogs_ipfw_rule_t *ipfw_rule); #define OGS_MAX_NUM_OF_PACKET_FILTER_COMPONENT 16 typedef struct ogs_pf_content_s { uint8_t length; #define OGS_PACKET_FILTER_MATCH_ALL 1 #define OGS_PACKET_FILTER_PROTOCOL_IDENTIFIER_NEXT_HEADER_TYPE 48 #define OGS_PACKET_FILTER_IPV4_REMOTE_ADDRESS_TYPE 16 #define OGS_PACKET_FILTER_IPV4_LOCAL_ADDRESS_TYPE 17 #define OGS_PACKET_FILTER_IPV6_REMOTE_ADDRESS_TYPE 32 #define OGS_PACKET_FILTER_IPV6_REMOTE_ADDRESS_PREFIX_LENGTH_TYPE 33 #define OGS_PACKET_FILTER_IPV6_LOCAL_ADDRESS_TYPE 34 #define OGS_PACKET_FILTER_IPV6_LOCAL_ADDRESS_PREFIX_LENGTH_TYPE 35 #define OGS_PACKET_FILTER_SINGLE_LOCAL_PORT_TYPE 64 #define OGS_PACKET_FILTER_LOCAL_PORT_RANGE_TYPE 65 #define OGS_PACKET_FILTER_SINGLE_REMOTE_PORT_TYPE 80 #define OGS_PACKET_FILTER_REMOTE_PORT_RANGE_TYPE 81 #define OGS_PACKET_FILTER_SECURITY_PARAMETER_INDEX_TYPE 96 #define OGS_PACKET_FILTER_TOS_TRAFFIC_CLASS_TYPE 112 #define OGS_PACKET_FILTER_FLOW_LABEL_TYPE 128 struct { uint8_t type; union { uint8_t proto; struct { uint32_t addr; uint32_t mask; } ipv4; struct { uint32_t addr[4]; uint8_t prefixlen; } ipv6; struct { uint32_t addr[4]; uint32_t mask[4]; } ipv6_mask; struct { uint16_t low; uint16_t high; } port; }; } component[OGS_MAX_NUM_OF_PACKET_FILTER_COMPONENT]; uint8_t num_of_component; } ogs_pf_content_t; void ogs_pf_content_from_ipfw_rule( uint8_t direction, ogs_pf_content_t *content, ogs_ipfw_rule_t *rule, bool no_ipv4v6_local_addr_in_packet_filter); #ifdef __cplusplus } #endif #endif /* OGS_IPFW_H */