0a1,2
> /* $FreeBSD: head/sys/contrib/ipfilter/netinet/ip_state.h 145522 2005-04-25 18:43:14Z darrenr $ */
>
7,8c9,10
< * $Id: ip_state.h,v 2.13.2.1 2000/07/08 02:15:35 darrenr Exp $
< * $FreeBSD: head/sys/contrib/ipfilter/netinet/ip_state.h 139255 2004-12-24 09:14:26Z darrenr $
---
> * $FreeBSD: head/sys/contrib/ipfilter/netinet/ip_state.h 145522 2005-04-25 18:43:14Z darrenr $
> * Id: ip_state.h,v 2.68.2.3 2005/03/03 14:24:11 darrenr Exp
14c16
< # define SIOCDELST _IOW('r', 61, struct ipstate *)
---
> # define SIOCDELST _IOW('r', 61, struct ipfobj)
16c18
< # define SIOCDELST _IOW(r, 61, struct ipstate *)
---
> # define SIOCDELST _IOW(r, 61, struct ipfobj)
18a21,22
> struct ipscan;
>
32,56d35
< typedef struct udpstate {
< u_short us_sport;
< u_short us_dport;
< } udpstate_t;
<
< typedef struct icmpstate {
< u_short ics_id;
< u_short ics_seq;
< u_char ics_type;
< } icmpstate_t;
<
< typedef struct tcpdata {
< u_32_t td_end;
< u_32_t td_maxend;
< u_32_t td_maxwin;
< u_char td_wscale;
< } tcpdata_t;
<
< typedef struct tcpstate {
< u_short ts_sport;
< u_short ts_dport;
< tcpdata_t ts_data[2];
< u_char ts_state[2];
< } tcpstate_t;
<
57a37
> ipfmutex_t is_lock;
62a43,45
> void *is_ifp[4];
> void *is_sync;
> struct nat *is_nat[2];
64,71c47,58
< U_QUAD_T is_pkts;
< U_QUAD_T is_bytes;
< U_QUAD_T is_icmppkts;
< union i6addr is_src;
< union i6addr is_dst;
< void *is_ifp[4];
< u_long is_age;
< u_int is_frage[2]; /* age from filter rule, forward & reverse */
---
> struct ipftq *is_tqehead[2];
> struct ipscan *is_isc;
> U_QUAD_T is_pkts[4];
> U_QUAD_T is_bytes[4];
> U_QUAD_T is_icmppkts[4];
> struct ipftqent is_sti;
> u_int is_frage[2];
> int is_ref; /* reference count */
> int is_isninc[2];
> u_short is_sumd[2];
> i6addr_t is_src;
> i6addr_t is_dst;
74,79c61,63
< u_char is_v; /* IP version */
< u_char is_fsm; /* 1 = following FSM, 0 = not */
< u_char is_xxx; /* pad */
< u_int is_hv; /* hash value for this in the table */
< u_32_t is_rulen; /* rule number */
< u_32_t is_flags; /* flags for this structure */
---
> u_char is_v;
> u_32_t is_hv;
> u_32_t is_tag;
87,89c71,74
< icmpstate_t is_ics;
< tcpstate_t is_ts;
< udpstate_t is_us;
---
> icmpinfo_t is_ics;
> tcpinfo_t is_ts;
> udpinfo_t is_us;
> greinfo_t is_ug;
91,95c76,83
< u_32_t is_group;
< char is_ifname[4][IFNAMSIZ];
< #if SOLARIS || defined(__sgi) || (__FreeBSD_version >= 500043)
< kmutex_t is_lock;
< #endif
---
> u_32_t is_flags;
> int is_flx[2][2];
> u_32_t is_rulen; /* rule number when created */
> u_32_t is_s0[2];
> u_short is_smsk[2];
> char is_group[FR_GROUPLEN];
> char is_sbuf[2][16];
> char is_ifname[4][LIFNAMSIZ];
97a86,88
> #define is_die is_sti.tqe_die
> #define is_state is_sti.tqe_state
> #define is_touched is_sti.tqe_touched
101,102c92,93
< #define is_type is_icmp.ics_type
< #define is_code is_icmp.ics_code
---
> #define is_type is_icmp.ici_type
> #define is_code is_icmp.ici_code
109,110d99
< #define is_swscale is_tcp.ts_data[0].td_wscale
< #define is_dwscale is_tcp.ts_data[1].td_wscale
112a102,105
> #define is_swinscale is_tcp.ts_data[0].td_winscale
> #define is_dwinscale is_tcp.ts_data[1].td_winscale
> #define is_swinflags is_tcp.ts_data[0].td_winflags
> #define is_dwinflags is_tcp.ts_data[1].td_winflags
115d107
< #define is_state is_tcp.ts_state
117a110,111
> #define is_gre is_ps.is_ug
> #define is_call is_gre.gs_call
118a113,139
> #define IS_WSPORT SI_W_SPORT /* 0x00100 */
> #define IS_WDPORT SI_W_DPORT /* 0x00200 */
> #define IS_WSADDR SI_W_SADDR /* 0x00400 */
> #define IS_WDADDR SI_W_DADDR /* 0x00800 */
> #define IS_NEWFR SI_NEWFR /* 0x01000 */
> #define IS_CLONE SI_CLONE /* 0x02000 */
> #define IS_CLONED SI_CLONED /* 0x04000 */
> #define IS_TCPFSM 0x10000
> #define IS_STRICT 0x20000
> #define IS_ISNSYN 0x40000
> #define IS_ISNACK 0x80000
> #define IS_STATESYNC 0x100000
> /*
> * IS_SC flags are for scan-operations that need to be recognised in state.
> */
> #define IS_SC_CLIENT 0x10000000
> #define IS_SC_SERVER 0x20000000
> #define IS_SC_MATCHC 0x40000000
> #define IS_SC_MATCHS 0x80000000
> #define IS_SC_MATCHALL (IS_SC_MATCHC|IS_SC_MATCHC)
> #define IS_SC_ALL (IS_SC_MATCHC|IS_SC_MATCHC|IS_SC_CLIENT|IS_SC_SERVER)
>
> /*
> * Flags that can be passed into fr_addstate
> */
> #define IS_INHERITED 0x0fffff00
>
126a148,149
> * Bits 10,11 are reserved for other wildcard flag compatibility.
> * Bits 12,13 are for scaning.
139,142c162,166
< U_QUAD_T isl_pkts;
< U_QUAD_T isl_bytes;
< union i6addr isl_src;
< union i6addr isl_dst;
---
> U_QUAD_T isl_pkts[4];
> U_QUAD_T isl_bytes[4];
> i6addr_t isl_src;
> i6addr_t isl_dst;
> u_32_t isl_tag;
154c178
< u_32_t isl_group;
---
> char isl_group[FR_GROUPLEN];
161,164c185,192
< #define ISL_NEW 0
< #define ISL_EXPIRE 0xffff
< #define ISL_FLUSH 0xfffe
< #define ISL_REMOVE 0xfffd
---
> #define ISL_NEW 0
> #define ISL_CLONE 1
> #define ISL_EXPIRE 0xffff
> #define ISL_FLUSH 0xfffe
> #define ISL_REMOVE 0xfffd
> #define ISL_INTERMEDIATE 0xfffc
> #define ISL_KILLED 0xfffb
> #define ISL_ORPHAN 0xfffa
170a199
> u_long iss_maxref;
180a210,215
> u_long iss_wild;
> u_long iss_killed;
> u_long iss_ticks;
> u_long iss_bucketfull;
> int iss_statesize;
> int iss_statemax;
182a218
> u_long *iss_bucketlen;
196c232,234
< extern ipstate_t *ips_list;
---
> extern u_long fr_iptimeout;
> extern int fr_statemax;
> extern int fr_statesize;
197a236,241
> extern int fr_state_maxbucket;
> extern int fr_state_maxbucket_reset;
> extern ipstate_t *ips_list;
> extern ipftq_t *ips_utqe;
> extern ipftq_t ips_tqtqb[IPF_TCP_NSTATES];
>
199,202c243,246
< extern int fr_tcpstate __P((ipstate_t *, fr_info_t *, ip_t *, tcphdr_t *));
< extern ipstate_t *fr_addstate __P((ip_t *, fr_info_t *, ipstate_t **, u_int));
< extern frentry_t *fr_checkstate __P((ip_t *, fr_info_t *));
< extern void ip_statesync __P((void *));
---
> extern ipstate_t *fr_addstate __P((fr_info_t *, ipstate_t **, u_int));
> extern frentry_t *fr_checkstate __P((struct fr_info *, u_32_t *));
> extern ipstate_t *fr_stlookup __P((fr_info_t *, tcphdr_t *, ipftq_t **));
> extern void fr_statesync __P((void *));
204c248,251
< extern int fr_tcp_age __P((u_long *, u_char *, fr_info_t *, int, int));
---
> extern int fr_tcp_age __P((struct ipftqent *, struct fr_info *,
> struct ipftq *, int));
> extern int fr_tcpinwindow __P((struct fr_info *, struct tcpdata *,
> struct tcpdata *, tcphdr_t *, int));
207,211c254,260
< #if defined(__NetBSD__) || defined(__OpenBSD__)
< extern int fr_state_ioctl __P((caddr_t, u_long, int));
< #else
< extern int fr_state_ioctl __P((caddr_t, int, int));
< #endif
---
> extern int fr_state_ioctl __P((caddr_t, ioctlcmd_t, int));
> extern void fr_stinsert __P((struct ipstate *, int));
> extern void fr_sttab_init __P((struct ipftq *));
> extern void fr_sttab_destroy __P((struct ipftq *));
> extern void fr_updatestate __P((fr_info_t *, ipstate_t *, ipftq_t *));
> extern void fr_statederef __P((fr_info_t *, ipstate_t **));
> extern void fr_setstatequeue __P((ipstate_t *, int));
> /* $FreeBSD: head/sys/contrib/ipfilter/netinet/ip_state.h 145522 2005-04-25 18:43:14Z darrenr $ */
>
7,8c9,10
< * $Id: ip_state.h,v 2.13.2.1 2000/07/08 02:15:35 darrenr Exp $
< * $FreeBSD: head/sys/contrib/ipfilter/netinet/ip_state.h 139255 2004-12-24 09:14:26Z darrenr $
---
> * $FreeBSD: head/sys/contrib/ipfilter/netinet/ip_state.h 145522 2005-04-25 18:43:14Z darrenr $
> * Id: ip_state.h,v 2.68.2.3 2005/03/03 14:24:11 darrenr Exp
14c16
< # define SIOCDELST _IOW('r', 61, struct ipstate *)
---
> # define SIOCDELST _IOW('r', 61, struct ipfobj)
16c18
< # define SIOCDELST _IOW(r, 61, struct ipstate *)
---
> # define SIOCDELST _IOW(r, 61, struct ipfobj)
18a21,22
> struct ipscan;
>
32,56d35
< typedef struct udpstate {
< u_short us_sport;
< u_short us_dport;
< } udpstate_t;
<
< typedef struct icmpstate {
< u_short ics_id;
< u_short ics_seq;
< u_char ics_type;
< } icmpstate_t;
<
< typedef struct tcpdata {
< u_32_t td_end;
< u_32_t td_maxend;
< u_32_t td_maxwin;
< u_char td_wscale;
< } tcpdata_t;
<
< typedef struct tcpstate {
< u_short ts_sport;
< u_short ts_dport;
< tcpdata_t ts_data[2];
< u_char ts_state[2];
< } tcpstate_t;
<
57a37
> ipfmutex_t is_lock;
62a43,45
> void *is_ifp[4];
> void *is_sync;
> struct nat *is_nat[2];
64,71c47,58
< U_QUAD_T is_pkts;
< U_QUAD_T is_bytes;
< U_QUAD_T is_icmppkts;
< union i6addr is_src;
< union i6addr is_dst;
< void *is_ifp[4];
< u_long is_age;
< u_int is_frage[2]; /* age from filter rule, forward & reverse */
---
> struct ipftq *is_tqehead[2];
> struct ipscan *is_isc;
> U_QUAD_T is_pkts[4];
> U_QUAD_T is_bytes[4];
> U_QUAD_T is_icmppkts[4];
> struct ipftqent is_sti;
> u_int is_frage[2];
> int is_ref; /* reference count */
> int is_isninc[2];
> u_short is_sumd[2];
> i6addr_t is_src;
> i6addr_t is_dst;
74,79c61,63
< u_char is_v; /* IP version */
< u_char is_fsm; /* 1 = following FSM, 0 = not */
< u_char is_xxx; /* pad */
< u_int is_hv; /* hash value for this in the table */
< u_32_t is_rulen; /* rule number */
< u_32_t is_flags; /* flags for this structure */
---
> u_char is_v;
> u_32_t is_hv;
> u_32_t is_tag;
87,89c71,74
< icmpstate_t is_ics;
< tcpstate_t is_ts;
< udpstate_t is_us;
---
> icmpinfo_t is_ics;
> tcpinfo_t is_ts;
> udpinfo_t is_us;
> greinfo_t is_ug;
91,95c76,83
< u_32_t is_group;
< char is_ifname[4][IFNAMSIZ];
< #if SOLARIS || defined(__sgi) || (__FreeBSD_version >= 500043)
< kmutex_t is_lock;
< #endif
---
> u_32_t is_flags;
> int is_flx[2][2];
> u_32_t is_rulen; /* rule number when created */
> u_32_t is_s0[2];
> u_short is_smsk[2];
> char is_group[FR_GROUPLEN];
> char is_sbuf[2][16];
> char is_ifname[4][LIFNAMSIZ];
97a86,88
> #define is_die is_sti.tqe_die
> #define is_state is_sti.tqe_state
> #define is_touched is_sti.tqe_touched
101,102c92,93
< #define is_type is_icmp.ics_type
< #define is_code is_icmp.ics_code
---
> #define is_type is_icmp.ici_type
> #define is_code is_icmp.ici_code
109,110d99
< #define is_swscale is_tcp.ts_data[0].td_wscale
< #define is_dwscale is_tcp.ts_data[1].td_wscale
112a102,105
> #define is_swinscale is_tcp.ts_data[0].td_winscale
> #define is_dwinscale is_tcp.ts_data[1].td_winscale
> #define is_swinflags is_tcp.ts_data[0].td_winflags
> #define is_dwinflags is_tcp.ts_data[1].td_winflags
115d107
< #define is_state is_tcp.ts_state
117a110,111
> #define is_gre is_ps.is_ug
> #define is_call is_gre.gs_call
118a113,139
> #define IS_WSPORT SI_W_SPORT /* 0x00100 */
> #define IS_WDPORT SI_W_DPORT /* 0x00200 */
> #define IS_WSADDR SI_W_SADDR /* 0x00400 */
> #define IS_WDADDR SI_W_DADDR /* 0x00800 */
> #define IS_NEWFR SI_NEWFR /* 0x01000 */
> #define IS_CLONE SI_CLONE /* 0x02000 */
> #define IS_CLONED SI_CLONED /* 0x04000 */
> #define IS_TCPFSM 0x10000
> #define IS_STRICT 0x20000
> #define IS_ISNSYN 0x40000
> #define IS_ISNACK 0x80000
> #define IS_STATESYNC 0x100000
> /*
> * IS_SC flags are for scan-operations that need to be recognised in state.
> */
> #define IS_SC_CLIENT 0x10000000
> #define IS_SC_SERVER 0x20000000
> #define IS_SC_MATCHC 0x40000000
> #define IS_SC_MATCHS 0x80000000
> #define IS_SC_MATCHALL (IS_SC_MATCHC|IS_SC_MATCHC)
> #define IS_SC_ALL (IS_SC_MATCHC|IS_SC_MATCHC|IS_SC_CLIENT|IS_SC_SERVER)
>
> /*
> * Flags that can be passed into fr_addstate
> */
> #define IS_INHERITED 0x0fffff00
>
126a148,149
> * Bits 10,11 are reserved for other wildcard flag compatibility.
> * Bits 12,13 are for scaning.
139,142c162,166
< U_QUAD_T isl_pkts;
< U_QUAD_T isl_bytes;
< union i6addr isl_src;
< union i6addr isl_dst;
---
> U_QUAD_T isl_pkts[4];
> U_QUAD_T isl_bytes[4];
> i6addr_t isl_src;
> i6addr_t isl_dst;
> u_32_t isl_tag;
154c178
< u_32_t isl_group;
---
> char isl_group[FR_GROUPLEN];
161,164c185,192
< #define ISL_NEW 0
< #define ISL_EXPIRE 0xffff
< #define ISL_FLUSH 0xfffe
< #define ISL_REMOVE 0xfffd
---
> #define ISL_NEW 0
> #define ISL_CLONE 1
> #define ISL_EXPIRE 0xffff
> #define ISL_FLUSH 0xfffe
> #define ISL_REMOVE 0xfffd
> #define ISL_INTERMEDIATE 0xfffc
> #define ISL_KILLED 0xfffb
> #define ISL_ORPHAN 0xfffa
170a199
> u_long iss_maxref;
180a210,215
> u_long iss_wild;
> u_long iss_killed;
> u_long iss_ticks;
> u_long iss_bucketfull;
> int iss_statesize;
> int iss_statemax;
182a218
> u_long *iss_bucketlen;
196c232,234
< extern ipstate_t *ips_list;
---
> extern u_long fr_iptimeout;
> extern int fr_statemax;
> extern int fr_statesize;
197a236,241
> extern int fr_state_maxbucket;
> extern int fr_state_maxbucket_reset;
> extern ipstate_t *ips_list;
> extern ipftq_t *ips_utqe;
> extern ipftq_t ips_tqtqb[IPF_TCP_NSTATES];
>
199,202c243,246
< extern int fr_tcpstate __P((ipstate_t *, fr_info_t *, ip_t *, tcphdr_t *));
< extern ipstate_t *fr_addstate __P((ip_t *, fr_info_t *, ipstate_t **, u_int));
< extern frentry_t *fr_checkstate __P((ip_t *, fr_info_t *));
< extern void ip_statesync __P((void *));
---
> extern ipstate_t *fr_addstate __P((fr_info_t *, ipstate_t **, u_int));
> extern frentry_t *fr_checkstate __P((struct fr_info *, u_32_t *));
> extern ipstate_t *fr_stlookup __P((fr_info_t *, tcphdr_t *, ipftq_t **));
> extern void fr_statesync __P((void *));
204c248,251
< extern int fr_tcp_age __P((u_long *, u_char *, fr_info_t *, int, int));
---
> extern int fr_tcp_age __P((struct ipftqent *, struct fr_info *,
> struct ipftq *, int));
> extern int fr_tcpinwindow __P((struct fr_info *, struct tcpdata *,
> struct tcpdata *, tcphdr_t *, int));
207,211c254,260
< #if defined(__NetBSD__) || defined(__OpenBSD__)
< extern int fr_state_ioctl __P((caddr_t, u_long, int));
< #else
< extern int fr_state_ioctl __P((caddr_t, int, int));
< #endif
---
> extern int fr_state_ioctl __P((caddr_t, ioctlcmd_t, int));
> extern void fr_stinsert __P((struct ipstate *, int));
> extern void fr_sttab_init __P((struct ipftq *));
> extern void fr_sttab_destroy __P((struct ipftq *));
> extern void fr_updatestate __P((fr_info_t *, ipstate_t *, ipftq_t *));
> extern void fr_statederef __P((fr_info_t *, ipstate_t **));
> extern void fr_setstatequeue __P((ipstate_t *, int));