pf.h (126259) | pf.h (126261) |
---|---|
1/* $FreeBSD: head/sys/contrib/pf/net/pfvar.h 126261 2004-02-26 02:34:12Z mlaier $ */ |
|
1/* $OpenBSD: pfvar.h,v 1.170 2003/08/22 21:50:34 david Exp $ */ 2 3/* 4 * Copyright (c) 2001 Daniel Hartmeier 5 * All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions --- 24 unchanged lines hidden (view full) --- 33#ifndef _NET_PFVAR_H_ 34#define _NET_PFVAR_H_ 35 36#include <sys/types.h> 37#include <sys/queue.h> 38#include <sys/tree.h> 39 40#include <net/radix.h> | 2/* $OpenBSD: pfvar.h,v 1.170 2003/08/22 21:50:34 david Exp $ */ 3 4/* 5 * Copyright (c) 2001 Daniel Hartmeier 6 * All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions --- 24 unchanged lines hidden (view full) --- 34#ifndef _NET_PFVAR_H_ 35#define _NET_PFVAR_H_ 36 37#include <sys/types.h> 38#include <sys/queue.h> 39#include <sys/tree.h> 40 41#include <net/radix.h> |
42#if defined(__FreeBSD__) 43#include <vm/uma.h> 44#else |
|
41#include <netinet/ip_ipsp.h> | 45#include <netinet/ip_ipsp.h> |
46#endif 47 48#if defined(__FreeBSD__) 49#include <netinet/in.h> 50/* 51 * XXX 52 * If we include <netipsec/keydb.h>, we need _KERNEL definition. 53 * This makes pfctl compilation difficult. 54 */ 55union sockaddr_union { 56 struct sockaddr sa; 57 struct sockaddr_in sin; 58 struct sockaddr_in6 sin6; 59}; 60#endif 61 |
|
42#include <netinet/tcp_fsm.h> 43 44struct ip; 45 46#define PF_TCPS_PROXY_SRC ((TCP_NSTATES)+0) 47#define PF_TCPS_PROXY_DST ((TCP_NSTATES)+1) 48 49enum { PF_INOUT, PF_IN, PF_OUT }; --- 64 unchanged lines hidden (view full) --- 114 u_int8_t type; /* PF_ADDR_* */ 115}; 116 117struct pf_addr_dyn { 118 char ifname[IFNAMSIZ]; 119 struct ifnet *ifp; 120 struct pf_addr *addr; 121 sa_family_t af; | 62#include <netinet/tcp_fsm.h> 63 64struct ip; 65 66#define PF_TCPS_PROXY_SRC ((TCP_NSTATES)+0) 67#define PF_TCPS_PROXY_DST ((TCP_NSTATES)+1) 68 69enum { PF_INOUT, PF_IN, PF_OUT }; --- 64 unchanged lines hidden (view full) --- 134 u_int8_t type; /* PF_ADDR_* */ 135}; 136 137struct pf_addr_dyn { 138 char ifname[IFNAMSIZ]; 139 struct ifnet *ifp; 140 struct pf_addr *addr; 141 sa_family_t af; |
142#if defined(__FreeBSD__) && defined(HOOK_HACK) 143 eventhandler_tag hook_cookie; 144#else |
|
122 void *hook_cookie; | 145 void *hook_cookie; |
146#endif |
|
123 u_int8_t undefined; 124}; 125 126/* 127 * Address manipulation macros 128 */ 129 130#ifdef _KERNEL 131 | 147 u_int8_t undefined; 148}; 149 150/* 151 * Address manipulation macros 152 */ 153 154#ifdef _KERNEL 155 |
156#if defined(__FreeBSD__) 157#define splsoftnet() splnet() 158 159#define PF_NAME "pf" 160 161#define PR_NOWAIT M_NOWAIT 162#define pool_get(p, f) uma_zalloc(*(p), (f)) 163#define pool_put(p, o) uma_zfree(*(p), (o)) 164 165#define UMA_CREATE(var, type, desc) \ 166 var = uma_zcreate(desc, sizeof(type), \ 167 NULL, NULL, NULL, NULL, UMA_ALIGN_PTR, 0); \ 168 if (var == NULL) break 169#define UMA_DESTROY(var) \ 170 if(var) uma_zdestroy(var) 171 172extern struct mtx pf_task_mtx; 173#if defined(ALTQ) 174extern struct mtx pf_altq_mtx; 175extern int pfaltq_ref; 176#endif 177 178#define PF_ASSERT(h) mtx_assert(&pf_task_mtx, (h)) 179 180#define PF_LOCK() do { \ 181 PF_ASSERT(MA_NOTOWNED); \ 182 mtx_lock(&pf_task_mtx); \ 183} while(0) 184#define PF_UNLOCK() do { \ 185 PF_ASSERT(MA_OWNED); \ 186 mtx_unlock(&pf_task_mtx); \ 187} while(0) 188 189#define PF_COPYIN(uaddr, kaddr, len, r) do { \ 190 PF_UNLOCK(); \ 191 r = copyin((uaddr), (kaddr), (len)); \ 192 PF_LOCK(); \ 193} while(0) 194 195#define PF_COPYOUT(kaddr, uaddr, len, r) do { \ 196 PF_UNLOCK(); \ 197 r = copyout((kaddr), (uaddr), (len)); \ 198 PF_LOCK(); \ 199} while(0) 200 201extern void init_pf_mutex(void); 202extern void destroy_pf_mutex(void); 203 204#define PF_MODVER 1 205#define PFLOG_MODVER 1 206#define PFSYNC_MODVER 1 207 208#define PFLOG_MINVER 1 209#define PFLOG_PREFVER PFLOG_MODVER 210#define PFLOG_MAXVER 1 211#define PFSYNC_MINVER 1 212#define PFSYNC_PREFVER PFSYNC_MODVER 213#define PFSYNC_MAXVER 1 214#endif 215 |
|
132#ifdef INET 133#ifndef INET6 134#define PF_INET_ONLY 135#endif /* ! INET6 */ 136#endif /* INET */ 137 138#ifdef INET6 139#ifndef INET --- 956 unchanged lines hidden (view full) --- 1096#define DIOCRTSTADDRS _IOWR('D', 73, struct pfioc_table) 1097#define DIOCRSETTFLAGS _IOWR('D', 74, struct pfioc_table) 1098#define DIOCRINABEGIN _IOWR('D', 75, struct pfioc_table) 1099#define DIOCRINACOMMIT _IOWR('D', 76, struct pfioc_table) 1100#define DIOCRINADEFINE _IOWR('D', 77, struct pfioc_table) 1101#define DIOCOSFPFLUSH _IO('D', 78) 1102#define DIOCOSFPADD _IOWR('D', 79, struct pf_osfp_ioctl) 1103#define DIOCOSFPGET _IOWR('D', 80, struct pf_osfp_ioctl) | 216#ifdef INET 217#ifndef INET6 218#define PF_INET_ONLY 219#endif /* ! INET6 */ 220#endif /* INET */ 221 222#ifdef INET6 223#ifndef INET --- 956 unchanged lines hidden (view full) --- 1180#define DIOCRTSTADDRS _IOWR('D', 73, struct pfioc_table) 1181#define DIOCRSETTFLAGS _IOWR('D', 74, struct pfioc_table) 1182#define DIOCRINABEGIN _IOWR('D', 75, struct pfioc_table) 1183#define DIOCRINACOMMIT _IOWR('D', 76, struct pfioc_table) 1184#define DIOCRINADEFINE _IOWR('D', 77, struct pfioc_table) 1185#define DIOCOSFPFLUSH _IO('D', 78) 1186#define DIOCOSFPADD _IOWR('D', 79, struct pf_osfp_ioctl) 1187#define DIOCOSFPGET _IOWR('D', 80, struct pf_osfp_ioctl) |
1188#if defined(__FreeBSD__) 1189struct pf_ifspeed { 1190 char ifname[IFNAMSIZ]; 1191 u_int32_t baudrate; 1192}; 1193#define DIOCGIFSPEED _IOWR('D', 81, struct pf_ifspeed) 1194#endif |
|
1104 1105#ifdef _KERNEL 1106RB_HEAD(pf_state_tree, pf_tree_node); 1107RB_PROTOTYPE(pf_state_tree, pf_tree_node, entry, pf_state_compare); 1108extern struct pf_state_tree tree_lan_ext, tree_ext_gwy; 1109 1110extern struct pf_anchorqueue pf_anchors; 1111extern struct pf_ruleset pf_main_ruleset; --- 18 unchanged lines hidden (view full) --- 1130extern int pf_dynaddr_setup(struct pf_addr_wrap *, 1131 sa_family_t); 1132extern void pf_dynaddr_copyout(struct pf_addr_wrap *); 1133extern void pf_dynaddr_remove(struct pf_addr_wrap *); 1134extern void pf_calc_skip_steps(struct pf_rulequeue *); 1135extern void pf_rule_set_qid(struct pf_rulequeue *); 1136extern u_int32_t pf_qname_to_qid(char *); 1137extern void pf_update_anchor_rules(void); | 1195 1196#ifdef _KERNEL 1197RB_HEAD(pf_state_tree, pf_tree_node); 1198RB_PROTOTYPE(pf_state_tree, pf_tree_node, entry, pf_state_compare); 1199extern struct pf_state_tree tree_lan_ext, tree_ext_gwy; 1200 1201extern struct pf_anchorqueue pf_anchors; 1202extern struct pf_ruleset pf_main_ruleset; --- 18 unchanged lines hidden (view full) --- 1221extern int pf_dynaddr_setup(struct pf_addr_wrap *, 1222 sa_family_t); 1223extern void pf_dynaddr_copyout(struct pf_addr_wrap *); 1224extern void pf_dynaddr_remove(struct pf_addr_wrap *); 1225extern void pf_calc_skip_steps(struct pf_rulequeue *); 1226extern void pf_rule_set_qid(struct pf_rulequeue *); 1227extern u_int32_t pf_qname_to_qid(char *); 1228extern void pf_update_anchor_rules(void); |
1229#if defined(__FreeBSD__) 1230extern uma_zone_t pf_tree_pl, pf_rule_pl, pf_addr_pl; 1231extern uma_zone_t pf_state_pl, pf_altq_pl, pf_pooladdr_pl; 1232extern uma_zone_t pfr_ktable_pl, pfr_kentry_pl; 1233extern uma_zone_t pf_cache_pl, pf_cent_pl; 1234extern uma_zone_t pf_state_scrub_pl; 1235#else |
|
1138extern struct pool pf_tree_pl, pf_rule_pl, pf_addr_pl; 1139extern struct pool pf_state_pl, pf_altq_pl, pf_pooladdr_pl; 1140extern struct pool pf_state_scrub_pl; | 1236extern struct pool pf_tree_pl, pf_rule_pl, pf_addr_pl; 1237extern struct pool pf_state_pl, pf_altq_pl, pf_pooladdr_pl; 1238extern struct pool pf_state_scrub_pl; |
1239#endif |
|
1141extern void pf_purge_timeout(void *); 1142extern void pf_purge_expired_states(void); 1143extern int pf_insert_state(struct pf_state *); 1144extern struct pf_state *pf_find_state(struct pf_state_tree *, 1145 struct pf_tree_node *); 1146extern struct pf_anchor *pf_find_anchor(const char *); 1147extern struct pf_ruleset *pf_find_ruleset(char *, char *); 1148extern struct pf_ruleset *pf_find_or_create_ruleset(char *, char *); --- 80 unchanged lines hidden (view full) --- 1229 int *, u_int32_t, int); 1230 1231u_int16_t pf_tagname2tag(char *); 1232void pf_tag2tagname(u_int16_t, char *); 1233void pf_tag_unref(u_int16_t); 1234int pf_tag_packet(struct mbuf *, struct pf_tag *, int); 1235 1236extern struct pf_status pf_status; | 1240extern void pf_purge_timeout(void *); 1241extern void pf_purge_expired_states(void); 1242extern int pf_insert_state(struct pf_state *); 1243extern struct pf_state *pf_find_state(struct pf_state_tree *, 1244 struct pf_tree_node *); 1245extern struct pf_anchor *pf_find_anchor(const char *); 1246extern struct pf_ruleset *pf_find_ruleset(char *, char *); 1247extern struct pf_ruleset *pf_find_or_create_ruleset(char *, char *); --- 80 unchanged lines hidden (view full) --- 1328 int *, u_int32_t, int); 1329 1330u_int16_t pf_tagname2tag(char *); 1331void pf_tag2tagname(u_int16_t, char *); 1332void pf_tag_unref(u_int16_t); 1333int pf_tag_packet(struct mbuf *, struct pf_tag *, int); 1334 1335extern struct pf_status pf_status; |
1336 1337#if defined(__FreeBSD__) 1338extern uma_zone_t pf_frent_pl, pf_frag_pl; 1339#else |
|
1237extern struct pool pf_frent_pl, pf_frag_pl; | 1340extern struct pool pf_frent_pl, pf_frag_pl; |
1341#endif |
|
1238 1239struct pf_pool_limit { 1240 void *pp; 1241 unsigned limit; 1242}; 1243extern struct pf_pool_limit pf_pool_limits[PF_LIMIT_MAX]; 1244 | 1342 1343struct pf_pool_limit { 1344 void *pp; 1345 unsigned limit; 1346}; 1347extern struct pf_pool_limit pf_pool_limits[PF_LIMIT_MAX]; 1348 |
1349#if defined(__FreeBSD__) 1350struct pf_frent { 1351 LIST_ENTRY(pf_frent) fr_next; 1352 struct ip *fr_ip; 1353 struct mbuf *fr_m; 1354}; 1355 1356struct pf_frcache { 1357 LIST_ENTRY(pf_frcache) fr_next; 1358 uint16_t fr_off; 1359 uint16_t fr_end; 1360}; 1361 1362struct pf_fragment { 1363 RB_ENTRY(pf_fragment) fr_entry; 1364 TAILQ_ENTRY(pf_fragment) frag_next; 1365 struct in_addr fr_src; 1366 struct in_addr fr_dst; 1367 u_int8_t fr_p; /* protocol of this fragment */ 1368 u_int8_t fr_flags; /* status flags */ 1369 u_int16_t fr_id; /* fragment id for reassemble */ 1370 u_int16_t fr_max; /* fragment data max */ 1371 u_int32_t fr_timeout; 1372#define fr_queue fr_u.fru_queue 1373#define fr_cache fr_u.fru_cache 1374 union { 1375 LIST_HEAD(pf_fragq, pf_frent) fru_queue; /* buffering */ 1376 LIST_HEAD(pf_cacheq, pf_frcache) fru_cache; /* non-buf */ 1377 } fr_u; 1378}; 1379#endif /* (__FreeBSD__) */ 1380 |
|
1245#endif /* _KERNEL */ 1246 1247/* The fingerprint functions can be linked into userland programs (tcpdump) */ 1248int pf_osfp_add(struct pf_osfp_ioctl *); 1249#ifdef _KERNEL 1250struct pf_osfp_enlist * 1251 pf_osfp_fingerprint(struct pf_pdesc *, struct mbuf *, int, 1252 const struct tcphdr *); 1253#endif /* _KERNEL */ 1254struct pf_osfp_enlist * 1255 pf_osfp_fingerprint_hdr(const struct ip *, const struct tcphdr *); 1256void pf_osfp_flush(void); 1257int pf_osfp_get(struct pf_osfp_ioctl *); | 1381#endif /* _KERNEL */ 1382 1383/* The fingerprint functions can be linked into userland programs (tcpdump) */ 1384int pf_osfp_add(struct pf_osfp_ioctl *); 1385#ifdef _KERNEL 1386struct pf_osfp_enlist * 1387 pf_osfp_fingerprint(struct pf_pdesc *, struct mbuf *, int, 1388 const struct tcphdr *); 1389#endif /* _KERNEL */ 1390struct pf_osfp_enlist * 1391 pf_osfp_fingerprint_hdr(const struct ip *, const struct tcphdr *); 1392void pf_osfp_flush(void); 1393int pf_osfp_get(struct pf_osfp_ioctl *); |
1394#if defined(__FreeBSD__) 1395int pf_osfp_initialize(void); 1396void pf_osfp_cleanup(void); 1397#else |
|
1258void pf_osfp_initialize(void); | 1398void pf_osfp_initialize(void); |
1399#endif |
|
1259int pf_osfp_match(struct pf_osfp_enlist *, pf_osfp_t); 1260struct pf_os_fingerprint * 1261 pf_osfp_validate(void); 1262 1263 1264#endif /* _NET_PFVAR_H_ */ | 1400int pf_osfp_match(struct pf_osfp_enlist *, pf_osfp_t); 1401struct pf_os_fingerprint * 1402 pf_osfp_validate(void); 1403 1404 1405#endif /* _NET_PFVAR_H_ */ |