X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ian/git?p=secnet.git;a=blobdiff_plain;f=secnet.h;h=f0f3a3efa4730e34aec5747230f390a1a1d5b85f;hp=ce5f9d6b9731bbf1a8d8b513bf6d5351ae342cce;hb=baa06aeb963965b4b6a8a8051ec15b72372080dd;hpb=2fe58dfd10216a37f1ece081f926971882de112e

diff --git a/secnet.h b/secnet.h
index ce5f9d6..f0f3a3e 100644
--- a/secnet.h
+++ b/secnet.h
@@ -3,14 +3,14 @@
 #ifndef secnet_h
 #define secnet_h
 
+#include "config.h"
 #include <stdlib.h>
-#include <stdint.h>
 #include <stdarg.h>
 #include <syslog.h>
 #include <sys/poll.h>
+#include <sys/types.h>
+#include <sys/time.h>
 #include <netinet/in.h>
-#include "config.h"
-
 
 typedef char *string_t;
 typedef enum {False,True} bool_t;
@@ -34,11 +34,19 @@ struct subnet_list {
 /* Match an address (in HOST byte order) with a subnet list.
    Returns True if matched. */
 extern bool_t subnet_match(struct subnet_list *list, uint32_t address);
+extern bool_t subnets_intersect(struct subnet a, struct subnet b);
+extern bool_t subnet_intersects_with_list(struct subnet a,
+					  struct subnet_list *b);
+extern bool_t subnet_lists_intersect(struct subnet_list *a,
+				     struct subnet_list *b);
 
 /***** END of shared types *****/
 
 /***** CONFIGURATION support *****/
 
+extern bool_t just_check_config; /* If True then we're going to exit after
+				    reading the configuration file */
+
 typedef struct dict dict_t;        /* Configuration dictionary */
 typedef struct closure closure_t;
 typedef struct item item_t;
@@ -141,6 +149,8 @@ extern void Message(uint32_t class, char *message, ...);
 extern string_t ipaddr_to_string(uint32_t addr);
 extern string_t subnet_to_string(struct subnet *sn);
 
+extern int sys_cmd(const char *file, char *argc, ...);
+
 /***** END of utility functions *****/
 
 /***** SCHEDULING support */
@@ -177,10 +187,11 @@ extern void register_for_poll(void *st, beforepoll_fn *before,
 #define PHASE_GETOPTS       1  /* Process command-line arguments */
 #define PHASE_READCONFIG    2  /* Parse and process configuration file */
 #define PHASE_SETUP         3  /* Process information in configuration */
-#define PHASE_DROPPRIV      4  /* Last chance for privileged operations */
-#define PHASE_RUN           5
-#define PHASE_SHUTDOWN      6  /* About to die; delete key material, etc. */
-#define NR_PHASES           7
+#define PHASE_GETRESOURCES  4  /* Obtain all external resources */
+#define PHASE_DROPPRIV      5  /* Last chance for privileged operations */
+#define PHASE_RUN           6
+#define PHASE_SHUTDOWN      7  /* About to die; delete key material, etc. */
+#define NR_PHASES           8
 
 typedef void hook_fn(void *self, uint32_t newphase);
 bool_t add_hook(uint32_t phase, hook_fn *f, void *state);
@@ -345,16 +356,21 @@ struct transform_if {
 /* Used by netlink to deliver to site, and by site to deliver to netlink.
    cid is the client identifier returned by netlink_regnets_fn */
 typedef void netlink_deliver_fn(void *st, void *cid, struct buffer_if *buf);
+/* site code can tell netlink when outgoing packets will be dropped,
+   so netlink can generate appropriate ICMP */
+typedef void netlink_can_deliver_fn(void *st, void *cid, bool_t can_deliver);
 /* Register for packets from specified networks. Return value is client
    identifier. */
 typedef void *netlink_regnets_fn(void *st, struct subnet_list *networks,
 				 netlink_deliver_fn *deliver, void *dst,
-				 uint32_t max_start_pad, uint32_t max_end_pad);
+				 uint32_t max_start_pad, uint32_t max_end_pad,
+				 string_t client_name);
 
 struct netlink_if {
     void *st;
     netlink_regnets_fn *regnets;
     netlink_deliver_fn *deliver;
+    netlink_can_deliver_fn *set_delivery;
 };
 
 /* DH interface */