diff options
Diffstat (limited to 'sys/contrib/ipfilter/netinet/ip_fil.h')
| -rw-r--r-- | sys/contrib/ipfilter/netinet/ip_fil.h | 199 |
1 files changed, 28 insertions, 171 deletions
diff --git a/sys/contrib/ipfilter/netinet/ip_fil.h b/sys/contrib/ipfilter/netinet/ip_fil.h index da710c1..568453d 100644 --- a/sys/contrib/ipfilter/netinet/ip_fil.h +++ b/sys/contrib/ipfilter/netinet/ip_fil.h @@ -4,7 +4,8 @@ * See the IPFILTER.LICENCE file for details on licencing. * * @(#)ip_fil.h 1.35 6/5/96 - * $Id: ip_fil.h,v 2.170.2.45 2007/05/28 11:56:22 darrenr Exp $ + * $FreeBSD$ + * Id: ip_fil.h,v 2.170.2.29 2006/03/29 11:19:55 darrenr Exp $ */ #ifndef __IP_FIL_H__ @@ -43,12 +44,12 @@ # define SIOCZRLST _IOWR('r', 75, struct ipfobj) # define SIOCAUTHW _IOWR('r', 76, struct ipfobj) # define SIOCAUTHR _IOWR('r', 77, struct ipfobj) -# define SIOCSTAT1 _IOWR('r', 78, struct ipfobj) +# define SIOCATHST _IOWR('r', 78, struct ipfobj) # define SIOCSTLCK _IOWR('r', 79, u_int) # define SIOCSTPUT _IOWR('r', 80, struct ipfobj) # define SIOCSTGET _IOWR('r', 81, struct ipfobj) # define SIOCSTGSZ _IOWR('r', 82, struct ipfobj) -# define SIOCSTAT2 _IOWR('r', 83, struct ipfobj) +# define SIOCGFRST _IOWR('r', 83, struct ipfobj) # define SIOCSETLG _IOWR('r', 84, int) # define SIOCGETLG _IOWR('r', 85, int) # define SIOCFUNCL _IOWR('r', 86, struct ipfunc_resolve) @@ -56,12 +57,6 @@ # define SIOCIPFGET _IOWR('r', 88, struct ipfobj) # define SIOCIPFSET _IOWR('r', 89, struct ipfobj) # define SIOCIPFL6 _IOWR('r', 90, int) -# define SIOCIPFITER _IOWR('r', 91, struct ipfobj) -# define SIOCGENITER _IOWR('r', 92, struct ipfobj) -# define SIOCGTABL _IOWR('r', 93, struct ipfobj) -# define SIOCIPFDELTOK _IOWR('r', 94, int) -# define SIOCLOOKUPITER _IOWR('r', 95, struct ipfobj) -# define SIOCGTQTAB _IOWR('r', 96, struct ipfobj) #else # define SIOCADAFR _IOW(r, 60, struct ipfobj) # define SIOCRMAFR _IOW(r, 61, struct ipfobj) @@ -81,12 +76,12 @@ # define SIOCZRLST _IOWR(r, 75, struct ipfobj) # define SIOCAUTHW _IOWR(r, 76, struct ipfobj) # define SIOCAUTHR _IOWR(r, 77, struct ipfobj) -# define SIOCSTAT1 _IOWR(r, 78, struct ipfobj) +# define SIOCATHST _IOWR(r, 78, struct ipfobj) # define SIOCSTLCK _IOWR(r, 79, u_int) # define SIOCSTPUT _IOWR(r, 80, struct ipfobj) # define SIOCSTGET _IOWR(r, 81, struct ipfobj) # define SIOCSTGSZ _IOWR(r, 82, struct ipfobj) -# define SIOCSTAT2 _IOWR(r, 83, struct ipfobj) +# define SIOCGFRST _IOWR(r, 83, struct ipfobj) # define SIOCSETLG _IOWR(r, 84, int) # define SIOCGETLG _IOWR(r, 85, int) # define SIOCFUNCL _IOWR(r, 86, struct ipfunc_resolve) @@ -94,18 +89,10 @@ # define SIOCIPFGET _IOWR(r, 88, struct ipfobj) # define SIOCIPFSET _IOWR(r, 89, struct ipfobj) # define SIOCIPFL6 _IOWR(r, 90, int) -# define SIOCIPFITER _IOWR(r, 91, struct ipfobj) -# define SIOCGENITER _IOWR(r, 92, struct ipfobj) -# define SIOCGTABL _IOWR(r, 93, struct ipfobj) -# define SIOCIPFDELTOK _IOWR(r, 94, int) -# define SIOCLOOKUPITER _IOWR(r, 95, struct ipfobj) -# define SIOCGTQTAB _IOWR(r, 96, struct ipfobj) #endif #define SIOCADDFR SIOCADAFR #define SIOCDELFR SIOCRMAFR #define SIOCINSFR SIOCINAFR -#define SIOCATHST SIOCSTAT1 -#define SIOCGFRST SIOCSTAT2 struct ipscan; @@ -125,11 +112,6 @@ typedef union i6addr { struct in6_addr in6; void *vptr[2]; lookupfunc_t lptr[2]; - struct { - u_short type; - u_short subtype; - char label[12]; - } i6un; } i6addr_t; #else typedef union i6addr { @@ -137,19 +119,12 @@ typedef union i6addr { struct in_addr in4; void *vptr[2]; lookupfunc_t lptr[2]; - struct { - u_short type; - u_short subtype; - char label[12]; - } i6un; } i6addr_t; #endif #define in4_addr in4.s_addr -#define iplookupnum i6[1] -#define iplookupname i6un.label -#define iplookuptype i6un.type -#define iplookupsubtype i6un.subtype +#define iplookupnum i6[0] +#define iplookuptype i6[1] /* * NOTE: These DO overlap the above on 64bit systems and this IS recognised. */ @@ -275,12 +250,8 @@ typedef struct fr_ip { #define fi_daddr fi_dst.in4.s_addr #define fi_srcnum fi_src.iplookupnum #define fi_dstnum fi_dst.iplookupnum -#define fi_srcname fi_src.iplookupname -#define fi_dstname fi_dst.iplookupname #define fi_srctype fi_src.iplookuptype #define fi_dsttype fi_dst.iplookuptype -#define fi_srcsubtype fi_src.iplookupsubtype -#define fi_dstsubtype fi_dst.iplookupsubtype #define fi_srcptr fi_src.iplookupptr #define fi_dstptr fi_dst.iplookupptr #define fi_srcfunc fi_src.iplookupfunc @@ -329,7 +300,6 @@ typedef struct fr_info { void *fin_nat; void *fin_state; void *fin_nattag; - void *fin_exthdr; ip_t *fin_ip; mb_t **fin_mp; /* pointer to pointer to mbuf */ mb_t *fin_m; /* pointer to mbuf */ @@ -360,8 +330,8 @@ typedef struct fr_info { #define fin_dport fin_dat.fid_16[1] #define fin_ports fin_dat.fid_32 -#define IPF_IN 0 -#define IPF_OUT 1 +#define IPF_IN 0 +#define IPF_OUT 1 typedef struct frentry *(*ipfunc_t) __P((fr_info_t *, u_32_t *)); typedef int (*ipfuncinit_t) __P((struct frentry *)); @@ -471,13 +441,9 @@ typedef struct fripf { int fri_difpidx; /* index into fr_ifps[] to use when */ } fripf_t; -#define fri_dlookup fri_mip.fi_dst -#define fri_slookup fri_mip.fi_src -#define fri_dstnum fri_mip.fi_dstnum +#define fri_dstnum fri_ip.fi_dstnum #define fri_srcnum fri_mip.fi_srcnum -#define fri_dstname fri_mip.fi_dstname -#define fri_srcname fri_mip.fi_srcname -#define fri_dstptr fri_mip.fi_dstptr +#define fri_dstptr fri_ip.fi_dstptr #define fri_srcptr fri_mip.fi_srcptr #define FRI_NORMAL 0 /* Normal address */ @@ -503,13 +469,6 @@ typedef struct frentry { int fr_ref; /* reference count - for grouping */ int fr_statecnt; /* state count - for limit rules */ /* - * The line number from a file is here because we need to be able to - * match the rule generated with ``grep rule ipf.conf | ipf -rf -'' - * with the rule loaded using ``ipf -f ipf.conf'' - thus it can't be - * on the other side of fr_func. - */ - int fr_flineno; /* line number from conf file */ - /* * These are only incremented when a packet matches this rule and * it is the last match */ @@ -536,6 +495,7 @@ typedef struct frentry { int fr_dsize; int fr_pps; int fr_statemax; /* max reference count */ + int fr_flineno; /* line number from conf file */ u_32_t fr_type; u_32_t fr_flags; /* per-rule flags && options (see below) */ u_32_t fr_logtag; /* user defined log tag # */ @@ -595,14 +555,8 @@ typedef struct frentry { #define fr_smask fr_mip.fi_src.in4.s_addr #define fr_dstnum fr_ip.fi_dstnum #define fr_srcnum fr_ip.fi_srcnum -#define fr_dlookup fr_ip.fi_dst -#define fr_slookup fr_ip.fi_src -#define fr_dstname fr_ip.fi_dstname -#define fr_srcname fr_ip.fi_srcname #define fr_dsttype fr_ip.fi_dsttype #define fr_srctype fr_ip.fi_srctype -#define fr_dstsubtype fr_ip.fi_dstsubtype -#define fr_srcsubtype fr_ip.fi_srcsubtype #define fr_dstptr fr_mip.fi_dstptr #define fr_srcptr fr_mip.fi_srcptr #define fr_dstfunc fr_mip.fi_dstfunc @@ -1065,8 +1019,6 @@ typedef struct ipftq { /* checks its timeout queues. */ #define IPF_TTLVAL(x) (((x) / IPF_HZ_MULT) * IPF_HZ_DIVIDE) -typedef int (*ipftq_delete_fn_t)(void *); - /* * Structure to define address for pool lookups. */ @@ -1102,13 +1054,6 @@ typedef struct ipfobj { #define IPFOBJ_STATESTAT 11 /* struct ips_stat */ #define IPFOBJ_FRAUTH 12 /* struct frauth */ #define IPFOBJ_TUNEABLE 13 /* struct ipftune */ -#define IPFOBJ_NAT 14 /* struct nat */ -#define IPFOBJ_IPFITER 15 /* struct ipfruleiter */ -#define IPFOBJ_GENITER 16 /* struct ipfgeniter */ -#define IPFOBJ_GTABLE 17 /* struct ipftable */ -#define IPFOBJ_LOOKUPITER 18 /* struct ipflookupiter */ -#define IPFOBJ_STATETQTAB 19 /* struct ipftq [NSTATES] */ -#define IPFOBJ_COUNT 20 /* How many #defines are above this? */ typedef union ipftunevalptr { @@ -1121,7 +1066,7 @@ typedef union ipftunevalptr { typedef struct ipftuneable { ipftunevalptr_t ipft_una; - const char *ipft_name; + char *ipft_name; u_long ipft_min; u_long ipft_max; int ipft_sz; @@ -1160,66 +1105,6 @@ typedef struct ipftune { #define ipft_vshort ipft_un.ipftu_short #define ipft_vchar ipft_un.ipftu_char -/* - * - */ -typedef struct ipfruleiter { - int iri_inout; - char iri_group[FR_GROUPLEN]; - int iri_active; - int iri_nrules; - int iri_v; - frentry_t *iri_rule; -} ipfruleiter_t; - -/* - * Values for iri_inout - */ -#define F_IN 0 -#define F_OUT 1 -#define F_ACIN 2 -#define F_ACOUT 3 - - -typedef struct ipfgeniter { - int igi_type; - int igi_nitems; - void *igi_data; -} ipfgeniter_t; - -#define IPFGENITER_IPF 0 -#define IPFGENITER_NAT 1 -#define IPFGENITER_IPNAT 2 -#define IPFGENITER_FRAG 3 -#define IPFGENITER_AUTH 4 -#define IPFGENITER_STATE 5 -#define IPFGENITER_NATFRAG 6 -#define IPFGENITER_HOSTMAP 7 -#define IPFGENITER_LOOKUP 8 - -typedef struct ipftable { - int ita_type; - void *ita_table; -} ipftable_t; - -#define IPFTABLE_BUCKETS 1 - - -/* - * - */ -typedef struct ipftoken { - struct ipftoken *ipt_next; - struct ipftoken **ipt_pnext; - void *ipt_ctx; - void *ipt_data; - u_long ipt_die; - int ipt_type; - int ipt_uid; - int ipt_subtype; - int ipt_alive; -} ipftoken_t; - /* ** HPUX Port @@ -1242,7 +1127,7 @@ typedef struct ipftoken { #if (defined(NetBSD) && (NetBSD > 199609) && (NetBSD <= 1991011)) || \ (defined(NetBSD1_2) && NetBSD1_2 > 1) || \ (defined(__FreeBSD__) && (__FreeBSD_version >= 500043)) -# if (NetBSD >= 199905) +# if defined(NetBSD) && (NetBSD >= 199905) # define PFIL_HOOKS # endif # ifdef PFIL_HOOKS @@ -1278,22 +1163,11 @@ extern int iplclose __P((dev_t, int)); extern void m_freem __P((mb_t *)); extern int bcopywrap __P((void *, void *, size_t)); #else /* #ifndef _KERNEL */ -# ifdef BSD -# if (defined(__NetBSD__) && (__NetBSD_Version__ < 399000000)) || \ - defined(__osf__) || \ - (defined(__FreeBSD_version) && (__FreeBSD_version < 500043)) -# include <sys/select.h> -# else -# include <sys/selinfo.h> -# endif -extern struct selinfo ipfselwait[IPL_LOGSIZE]; -# endif # if defined(__NetBSD__) && defined(PFIL_HOOKS) extern void ipfilterattach __P((int)); # endif extern int ipl_enable __P((void)); extern int ipl_disable __P((void)); -extern int ipf_inject __P((fr_info_t *, mb_t *)); # ifdef MENTAT extern int fr_check __P((struct ip *, int, void *, int, void *, mblk_t **)); @@ -1316,6 +1190,7 @@ extern int iplread __P((dev_t, uio_t *)); extern int iplwrite __P((dev_t, uio_t *)); extern int iplselect __P((dev_t, int)); # endif +extern int ipfsync __P((void)); extern int fr_qout __P((queue_t *, mblk_t *)); # else /* MENTAT */ extern int fr_check __P((struct ip *, int, void *, int, mb_t **)); @@ -1328,6 +1203,7 @@ extern int iplopen __P((dev_t *, int, int, cred_t *)); extern int iplclose __P((dev_t, int, int, cred_t *)); extern int iplread __P((dev_t, uio_t *, cred_t *)); extern int iplwrite __P((dev_t, uio_t *, cred_t *)); +extern int ipfsync __P((void)); extern int ipfilter_sgi_attach __P((void)); extern void ipfilter_sgi_detach __P((void)); extern void ipfilter_sgi_intfsync __P((void)); @@ -1335,9 +1211,11 @@ extern void ipfilter_sgi_intfsync __P((void)); # ifdef IPFILTER_LKM extern int iplidentify __P((char *)); # endif -# if (_BSDI_VERSION >= 199510) || (__FreeBSD_version >= 220000) || \ +# if (defined(_BSDI_VERSION) && _BSDI_VERSION >= 199510) || \ + (__FreeBSD_version >= 220000) || \ (NetBSD >= 199511) || defined(__OpenBSD__) -# if defined(__NetBSD__) || (_BSDI_VERSION >= 199701) || \ +# if defined(__NetBSD__) || \ + (defined(_BSDI_VERSION) && _BSDI_VERSION >= 199701) || \ defined(__OpenBSD__) || (__FreeBSD_version >= 300000) # if (__FreeBSD_version >= 500024) # if (__FreeBSD_version >= 502116) @@ -1346,18 +1224,10 @@ extern int iplioctl __P((struct cdev*, u_long, caddr_t, int, struct thread *)); extern int iplioctl __P((dev_t, u_long, caddr_t, int, struct thread *)); # endif /* __FreeBSD_version >= 502116 */ # else -# if (__NetBSD_Version__ >= 499001000) -extern int iplioctl __P((dev_t, u_long, void *, int, struct lwp *)); -# else -# if (__NetBSD_Version__ >= 399001400) -extern int iplioctl __P((dev_t, u_long, caddr_t, int, struct lwp *)); -# else extern int iplioctl __P((dev_t, u_long, caddr_t, int, struct proc *)); -# endif -# endif # endif /* __FreeBSD_version >= 500024 */ # else -extern int iplioctl __P((dev_t, int, caddr_t, int, struct proc *)); +extern int iplioctl __P((dev_t, int, caddr_t, int, struct thread *)); # endif # if (__FreeBSD_version >= 500024) # if (__FreeBSD_version >= 502116) @@ -1368,13 +1238,8 @@ extern int iplopen __P((dev_t, int, int, struct thread *)); extern int iplclose __P((dev_t, int, int, struct thread *)); # endif /* __FreeBSD_version >= 502116 */ # else -# if (__NetBSD_Version__ >= 399001400) -extern int iplopen __P((dev_t, int, int, struct lwp *)); -extern int iplclose __P((dev_t, int, int, struct lwp *)); -# else extern int iplopen __P((dev_t, int, int, struct proc *)); extern int iplclose __P((dev_t, int, int, struct proc *)); -# endif /* __NetBSD_Version__ >= 399001400 */ # endif /* __FreeBSD_version >= 500024 */ # else # ifdef linux @@ -1408,22 +1273,21 @@ extern ipfmutex_t ipl_mutex, ipf_authmx, ipf_rw, ipf_hostmap; extern ipfmutex_t ipf_timeoutlock, ipf_stinsert, ipf_natio, ipf_nat_new; extern ipfrwlock_t ipf_mutex, ipf_global, ip_poolrw, ipf_ipidfrag; extern ipfrwlock_t ipf_frag, ipf_state, ipf_nat, ipf_natfrag, ipf_auth; -extern ipfrwlock_t ipf_frcache, ipf_tokens; +extern ipfrwlock_t ipf_frcache; extern char *memstr __P((const char *, char *, size_t, size_t)); extern int count4bits __P((u_32_t)); extern int frrequest __P((int, ioctlcmd_t, caddr_t, int, int)); extern char *getifname __P((struct ifnet *)); -extern int ipfattach __P((void)); -extern int ipfdetach __P((void)); +extern int iplattach __P((void)); +extern int ipldetach __P((void)); extern u_short ipf_cksum __P((u_short *, int)); extern int copyinptr __P((void *, void *, size_t)); extern int copyoutptr __P((void *, void *, size_t)); extern int fr_fastroute __P((mb_t *, mb_t **, fr_info_t *, frdest_t *)); extern int fr_inobj __P((void *, void *, int)); extern int fr_inobjsz __P((void *, void *, int, int)); -extern int fr_ioctlswitch __P((int, void *, ioctlcmd_t, int, int, void *)); -extern int fr_ipf_ioctl __P((caddr_t, ioctlcmd_t, int, int, void *)); +extern int fr_ioctlswitch __P((int, void *, ioctlcmd_t, int)); extern int fr_ipftune __P((ioctlcmd_t, void *)); extern int fr_outobj __P((void *, void *, int)); extern int fr_outobjsz __P((void *, void *, int, int)); @@ -1433,7 +1297,7 @@ extern int fr_resolvefunc __P((void *)); extern void *fr_resolvenic __P((char *, int)); extern int fr_send_icmp_err __P((int, fr_info_t *, int)); extern int fr_send_reset __P((fr_info_t *)); -#if (__FreeBSD_version < 501000) || !defined(_KERNEL) +#if (__FreeBSD_version < 490000) || !defined(_KERNEL) extern int ppsratecheck __P((struct timeval *, int *, int)); #endif extern ipftq_t *fr_addtimeoutqueue __P((ipftq_t **, u_int)); @@ -1495,20 +1359,12 @@ extern int fr_matchicmpqueryreply __P((int, icmpinfo_t *, struct icmp *, int)); extern u_32_t fr_newisn __P((fr_info_t *)); extern u_short fr_nextipid __P((fr_info_t *)); -extern int ipf_queueflush __P((ipftq_delete_fn_t, ipftq_t *, ipftq_t *)); extern int fr_rulen __P((int, frentry_t *)); extern int fr_scanlist __P((fr_info_t *, u_32_t)); extern frentry_t *fr_srcgrpmap __P((fr_info_t *, u_32_t *)); extern int fr_tcpudpchk __P((fr_info_t *, frtuc_t *)); extern int fr_verifysrc __P((fr_info_t *fin)); extern int fr_zerostats __P((char *)); -extern ipftoken_t *ipf_findtoken __P((int, int, void *)); -extern int ipf_getnextrule __P((ipftoken_t *, void *)); -extern void ipf_expiretokens __P((void)); -extern void ipf_freetoken __P((ipftoken_t *)); -extern int ipf_deltoken __P((int,int, void *)); -extern int ipfsync __P((void)); -extern int ipf_genericiter __P((void *, int, void *)); extern int fr_running; extern u_long fr_frouteok[2]; @@ -1523,6 +1379,7 @@ extern int fr_update_ipid; extern int nat_logging; extern int ipstate_logging; extern int ipl_suppress; +extern int ipl_buffer_sz; extern int ipl_logmax; extern int ipl_logall; extern int ipl_logsize; |
