summaryrefslogtreecommitdiffstats
path: root/sys/netpfil/ipfw/ip_fw_private.h
diff options
context:
space:
mode:
Diffstat (limited to 'sys/netpfil/ipfw/ip_fw_private.h')
-rw-r--r--sys/netpfil/ipfw/ip_fw_private.h57
1 files changed, 46 insertions, 11 deletions
diff --git a/sys/netpfil/ipfw/ip_fw_private.h b/sys/netpfil/ipfw/ip_fw_private.h
index e4a2f31..4f4cf93 100644
--- a/sys/netpfil/ipfw/ip_fw_private.h
+++ b/sys/netpfil/ipfw/ip_fw_private.h
@@ -101,6 +101,7 @@ struct ip_fw_args {
struct ipfw_flow_id f_id; /* grabbed from IP header */
//uint32_t cookie; /* a cookie depending on rule action */
+ uint32_t dir; /* direction */
struct inpcb *inp;
struct _ip6dn_args dummypar; /* dummynet->ip6_output */
@@ -170,6 +171,9 @@ enum { /* result for matching dynamic rules */
MATCH_UNKNOWN,
};
+VNET_DECLARE(u_int32_t, curr_dyn_buckets);
+#define V_curr_dyn_buckets VNET(curr_dyn_buckets)
+
/*
* The lock for dynamic rules is only used once outside the file,
* and only to release the result of lookup_dyn_rule().
@@ -178,6 +182,7 @@ enum { /* result for matching dynamic rules */
struct ip_fw_chain;
void ipfw_expire_dyn_rules(struct ip_fw_chain *, struct ip_fw *, int);
void ipfw_dyn_unlock(ipfw_dyn_rule *q);
+int resize_dynamic_table(struct ip_fw_chain *, int);
struct tcphdr;
struct mbuf *ipfw_send_pkt(struct mbuf *, struct ipfw_flow_id *,
@@ -189,7 +194,7 @@ ipfw_dyn_rule *ipfw_lookup_dyn_rule(struct ipfw_flow_id *pkt,
void ipfw_remove_dyn_children(struct ip_fw *rule);
void ipfw_get_dynamic(struct ip_fw_chain *chain, char **bp, const char *ep);
-void ipfw_dyn_init(struct ip_fw_chain *); /* per-vnet initialization */
+void ipfw_dyn_init(void); /* per-vnet initialization */
void ipfw_dyn_uninit(int); /* per-vnet deinitialization */
int ipfw_dyn_len(void);
@@ -200,9 +205,6 @@ VNET_DECLARE(int, fw_one_pass);
VNET_DECLARE(int, fw_verbose);
#define V_fw_verbose VNET(fw_verbose)
-VNET_DECLARE(struct ip_fw_chain, layer3_chain);
-#define V_layer3_chain VNET(layer3_chain)
-
VNET_DECLARE(u_int32_t, set_disable);
#define V_set_disable VNET(set_disable)
@@ -236,6 +238,33 @@ struct ip_fw_chain {
#endif
};
+struct ip_fw_ctx_iflist {
+ TAILQ_ENTRY(ip_fw_ctx_iflist) entry;
+ char ifname[IFNAMSIZ];
+};
+
+#define IP_FW_MAXCTX 4096
+struct ip_fw_contextes {
+ struct ip_fw_chain *chain[IP_FW_MAXCTX]; /* Arrays of contextes */
+ TAILQ_HEAD(, ip_fw_ctx_iflist) iflist[IP_FW_MAXCTX];
+ struct rwlock rwctx;
+ eventhandler_tag ifnet_arrival;
+};
+
+VNET_DECLARE(struct ip_fw_contextes, ip_fw_contexts);
+#define V_ip_fw_contexts VNET(ip_fw_contexts)
+
+#define IPFW_CTX_LOCK_INIT() rw_init(&V_ip_fw_contexts.rwctx, "IPFW context")
+#define IPFW_CTX_LOCK_DESTROY() rw_destroy(&V_ip_fw_contexts.rwctx)
+#define IPFW_CTX_WLOCK() rw_wlock(&V_ip_fw_contexts.rwctx)
+#define IPFW_CTX_WUNLOCK() rw_wunlock(&V_ip_fw_contexts.rwctx)
+#define IPFW_CTX_RLOCK() rw_rlock(&V_ip_fw_contexts.rwctx)
+#define IPFW_CTX_RUNLOCK() rw_runlock(&V_ip_fw_contexts.rwctx)
+
+void ipfw_attach_ifnet_event(void *, struct ifnet *);
+int ipfw_context_init(int);
+int ipfw_context_uninit(int);
+
struct sockopt; /* used by tcp_var.h */
/* Macro for working with various counters */
@@ -303,16 +332,21 @@ int ipfw_chk(struct ip_fw_args *args);
void ipfw_reap_rules(struct ip_fw *head);
/* In ip_fw_table.c */
+struct ether_addr;
struct radix_node;
-int ipfw_lookup_table(struct ip_fw_chain *ch, uint16_t tbl, in_addr_t addr,
- uint32_t *val);
-int ipfw_lookup_table_extended(struct ip_fw_chain *ch, uint16_t tbl, void *paddr,
- uint32_t *val, int type);
+void *ipfw_lookup_table(struct ip_fw_chain *ch, uint16_t tbl, in_addr_t addr,
+ uint32_t *val, struct ether_addr *);
+void *ipfw_lookup_table_extended(struct ip_fw_chain *ch, uint16_t tbl, void *paddr,
+ uint32_t *val, int type, struct ether_addr *);
+void ipfw_count_table_entry_stats(void *, int);
+void ipfw_count_table_xentry_stats(void *, int);
+int ipfw_zero_table_xentry_stats(struct ip_fw_chain *, ipfw_table_xentry *);
+int ipfw_lookup_table_xentry(struct ip_fw_chain *, ipfw_table_xentry *);
int ipfw_init_tables(struct ip_fw_chain *ch);
void ipfw_destroy_tables(struct ip_fw_chain *ch);
int ipfw_flush_table(struct ip_fw_chain *ch, uint16_t tbl);
int ipfw_add_table_entry(struct ip_fw_chain *ch, uint16_t tbl, void *paddr,
- uint8_t plen, uint8_t mlen, uint8_t type, uint32_t value);
+ uint8_t plen, uint8_t mlen, uint8_t type, u_int64_t mac_addr, uint32_t value);
int ipfw_del_table_entry(struct ip_fw_chain *ch, uint16_t tbl, void *paddr,
uint8_t plen, uint8_t mlen, uint8_t type);
int ipfw_count_table(struct ip_fw_chain *ch, uint32_t tbl, uint32_t *cnt);
@@ -326,8 +360,9 @@ int ipfw_resize_tables(struct ip_fw_chain *ch, unsigned int ntables);
extern struct cfg_nat *(*lookup_nat_ptr)(struct nat_list *, int);
-typedef int ipfw_nat_t(struct ip_fw_args *, struct cfg_nat *, struct mbuf *);
-typedef int ipfw_nat_cfg_t(struct sockopt *);
+typedef int ipfw_nat_t(struct ip_fw_args *, struct cfg_nat *, struct mbuf *,
+ struct ip_fw_chain *);
+typedef int ipfw_nat_cfg_t(struct sockopt *, struct ip_fw_chain *);
VNET_DECLARE(int, ipfw_nat_ready);
#define V_ipfw_nat_ready VNET(ipfw_nat_ready)
OpenPOWER on IntegriCloud