diff options
author | ru <ru@FreeBSD.org> | 2004-06-09 20:10:38 +0000 |
---|---|---|
committer | ru <ru@FreeBSD.org> | 2004-06-09 20:10:38 +0000 |
commit | 27bed143c8c7c9b562797f2484f88fdaa8bc1e39 (patch) | |
tree | 75de0420ffeefb842b539c0cbc464d8e78cc60e1 /sys/netinet/ip_fw.h | |
parent | e6a8fb50df7df24d4a19173cd8d92ef29425f515 (diff) | |
download | FreeBSD-src-27bed143c8c7c9b562797f2484f88fdaa8bc1e39.zip FreeBSD-src-27bed143c8c7c9b562797f2484f88fdaa8bc1e39.tar.gz |
Introduce a new feature to IPFW2: lookup tables. These are useful
for handling large sparse address sets. Initial implementation by
Vsevolod Lobko <seva@ip.net.ua>, refined by me.
MFC after: 1 week
Diffstat (limited to 'sys/netinet/ip_fw.h')
-rw-r--r-- | sys/netinet/ip_fw.h | 19 |
1 files changed, 19 insertions, 0 deletions
diff --git a/sys/netinet/ip_fw.h b/sys/netinet/ip_fw.h index 7258b6c..d66335a 100644 --- a/sys/netinet/ip_fw.h +++ b/sys/netinet/ip_fw.h @@ -126,6 +126,8 @@ enum ipfw_opcodes { /* arguments (4 byte each) */ * More opcodes. */ O_IPSEC, /* has ipsec history */ + O_IP_SRC_LOOKUP, /* arg1=table number, u32=value */ + O_IP_DST_LOOKUP, /* arg1=table number, u32=value */ O_LAST_OPCODE /* not an opcode! */ }; @@ -376,6 +378,23 @@ struct _ipfw_dyn_rule { #define ICMP_REJECT_RST 0x100 /* fake ICMP code (send a TCP RST) */ /* + * These are used for lookup tables. + */ +typedef struct _ipfw_table_entry { + in_addr_t addr; /* network address */ + u_int32_t value; /* value */ + u_int16_t tbl; /* table number */ + u_int8_t masklen; /* mask length */ +} ipfw_table_entry; + +typedef struct _ipfw_table { + u_int32_t size; /* size of entries in bytes */ + u_int32_t cnt; /* # of entries */ + u_int16_t tbl; /* table number */ + ipfw_table_entry ent[0]; /* entries */ +} ipfw_table; + +/* * Main firewall chains definitions and global var's definitions. */ #ifdef _KERNEL |