Deleted Added
sdiff udiff text old ( 126259 ) new ( 126261 )
full compact
pfvar.h (126259) pfvar.h (126261)
1/* $FreeBSD: head/sys/contrib/pf/net/pfvar.h 126261 2004-02-26 02:34:12Z mlaier $ */
1/* $OpenBSD: pfvar.h,v 1.170 2003/08/22 21:50:34 david Exp $ */
2
3/*
4 * Copyright (c) 2001 Daniel Hartmeier
5 * All rights reserved.
6 *
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions

--- 24 unchanged lines hidden (view full) ---

33#ifndef _NET_PFVAR_H_
34#define _NET_PFVAR_H_
35
36#include <sys/types.h>
37#include <sys/queue.h>
38#include <sys/tree.h>
39
40#include <net/radix.h>
2/* $OpenBSD: pfvar.h,v 1.170 2003/08/22 21:50:34 david Exp $ */
3
4/*
5 * Copyright (c) 2001 Daniel Hartmeier
6 * All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions

--- 24 unchanged lines hidden (view full) ---

34#ifndef _NET_PFVAR_H_
35#define _NET_PFVAR_H_
36
37#include <sys/types.h>
38#include <sys/queue.h>
39#include <sys/tree.h>
40
41#include <net/radix.h>
42#if defined(__FreeBSD__)
43#include <vm/uma.h>
44#else
41#include <netinet/ip_ipsp.h>
45#include <netinet/ip_ipsp.h>
46#endif
47
48#if defined(__FreeBSD__)
49#include <netinet/in.h>
50/*
51 * XXX
52 * If we include <netipsec/keydb.h>, we need _KERNEL definition.
53 * This makes pfctl compilation difficult.
54 */
55union sockaddr_union {
56 struct sockaddr sa;
57 struct sockaddr_in sin;
58 struct sockaddr_in6 sin6;
59};
60#endif
61
42#include <netinet/tcp_fsm.h>
43
44struct ip;
45
46#define PF_TCPS_PROXY_SRC ((TCP_NSTATES)+0)
47#define PF_TCPS_PROXY_DST ((TCP_NSTATES)+1)
48
49enum { PF_INOUT, PF_IN, PF_OUT };

--- 64 unchanged lines hidden (view full) ---

114 u_int8_t type; /* PF_ADDR_* */
115};
116
117struct pf_addr_dyn {
118 char ifname[IFNAMSIZ];
119 struct ifnet *ifp;
120 struct pf_addr *addr;
121 sa_family_t af;
62#include <netinet/tcp_fsm.h>
63
64struct ip;
65
66#define PF_TCPS_PROXY_SRC ((TCP_NSTATES)+0)
67#define PF_TCPS_PROXY_DST ((TCP_NSTATES)+1)
68
69enum { PF_INOUT, PF_IN, PF_OUT };

--- 64 unchanged lines hidden (view full) ---

134 u_int8_t type; /* PF_ADDR_* */
135};
136
137struct pf_addr_dyn {
138 char ifname[IFNAMSIZ];
139 struct ifnet *ifp;
140 struct pf_addr *addr;
141 sa_family_t af;
142#if defined(__FreeBSD__) && defined(HOOK_HACK)
143 eventhandler_tag hook_cookie;
144#else
122 void *hook_cookie;
145 void *hook_cookie;
146#endif
123 u_int8_t undefined;
124};
125
126/*
127 * Address manipulation macros
128 */
129
130#ifdef _KERNEL
131
147 u_int8_t undefined;
148};
149
150/*
151 * Address manipulation macros
152 */
153
154#ifdef _KERNEL
155
156#if defined(__FreeBSD__)
157#define splsoftnet() splnet()
158
159#define PF_NAME "pf"
160
161#define PR_NOWAIT M_NOWAIT
162#define pool_get(p, f) uma_zalloc(*(p), (f))
163#define pool_put(p, o) uma_zfree(*(p), (o))
164
165#define UMA_CREATE(var, type, desc) \
166 var = uma_zcreate(desc, sizeof(type), \
167 NULL, NULL, NULL, NULL, UMA_ALIGN_PTR, 0); \
168 if (var == NULL) break
169#define UMA_DESTROY(var) \
170 if(var) uma_zdestroy(var)
171
172extern struct mtx pf_task_mtx;
173#if defined(ALTQ)
174extern struct mtx pf_altq_mtx;
175extern int pfaltq_ref;
176#endif
177
178#define PF_ASSERT(h) mtx_assert(&pf_task_mtx, (h))
179
180#define PF_LOCK() do { \
181 PF_ASSERT(MA_NOTOWNED); \
182 mtx_lock(&pf_task_mtx); \
183} while(0)
184#define PF_UNLOCK() do { \
185 PF_ASSERT(MA_OWNED); \
186 mtx_unlock(&pf_task_mtx); \
187} while(0)
188
189#define PF_COPYIN(uaddr, kaddr, len, r) do { \
190 PF_UNLOCK(); \
191 r = copyin((uaddr), (kaddr), (len)); \
192 PF_LOCK(); \
193} while(0)
194
195#define PF_COPYOUT(kaddr, uaddr, len, r) do { \
196 PF_UNLOCK(); \
197 r = copyout((kaddr), (uaddr), (len)); \
198 PF_LOCK(); \
199} while(0)
200
201extern void init_pf_mutex(void);
202extern void destroy_pf_mutex(void);
203
204#define PF_MODVER 1
205#define PFLOG_MODVER 1
206#define PFSYNC_MODVER 1
207
208#define PFLOG_MINVER 1
209#define PFLOG_PREFVER PFLOG_MODVER
210#define PFLOG_MAXVER 1
211#define PFSYNC_MINVER 1
212#define PFSYNC_PREFVER PFSYNC_MODVER
213#define PFSYNC_MAXVER 1
214#endif
215
132#ifdef INET
133#ifndef INET6
134#define PF_INET_ONLY
135#endif /* ! INET6 */
136#endif /* INET */
137
138#ifdef INET6
139#ifndef INET

--- 956 unchanged lines hidden (view full) ---

1096#define DIOCRTSTADDRS _IOWR('D', 73, struct pfioc_table)
1097#define DIOCRSETTFLAGS _IOWR('D', 74, struct pfioc_table)
1098#define DIOCRINABEGIN _IOWR('D', 75, struct pfioc_table)
1099#define DIOCRINACOMMIT _IOWR('D', 76, struct pfioc_table)
1100#define DIOCRINADEFINE _IOWR('D', 77, struct pfioc_table)
1101#define DIOCOSFPFLUSH _IO('D', 78)
1102#define DIOCOSFPADD _IOWR('D', 79, struct pf_osfp_ioctl)
1103#define DIOCOSFPGET _IOWR('D', 80, struct pf_osfp_ioctl)
216#ifdef INET
217#ifndef INET6
218#define PF_INET_ONLY
219#endif /* ! INET6 */
220#endif /* INET */
221
222#ifdef INET6
223#ifndef INET

--- 956 unchanged lines hidden (view full) ---

1180#define DIOCRTSTADDRS _IOWR('D', 73, struct pfioc_table)
1181#define DIOCRSETTFLAGS _IOWR('D', 74, struct pfioc_table)
1182#define DIOCRINABEGIN _IOWR('D', 75, struct pfioc_table)
1183#define DIOCRINACOMMIT _IOWR('D', 76, struct pfioc_table)
1184#define DIOCRINADEFINE _IOWR('D', 77, struct pfioc_table)
1185#define DIOCOSFPFLUSH _IO('D', 78)
1186#define DIOCOSFPADD _IOWR('D', 79, struct pf_osfp_ioctl)
1187#define DIOCOSFPGET _IOWR('D', 80, struct pf_osfp_ioctl)
1188#if defined(__FreeBSD__)
1189struct pf_ifspeed {
1190 char ifname[IFNAMSIZ];
1191 u_int32_t baudrate;
1192};
1193#define DIOCGIFSPEED _IOWR('D', 81, struct pf_ifspeed)
1194#endif
1104
1105#ifdef _KERNEL
1106RB_HEAD(pf_state_tree, pf_tree_node);
1107RB_PROTOTYPE(pf_state_tree, pf_tree_node, entry, pf_state_compare);
1108extern struct pf_state_tree tree_lan_ext, tree_ext_gwy;
1109
1110extern struct pf_anchorqueue pf_anchors;
1111extern struct pf_ruleset pf_main_ruleset;

--- 18 unchanged lines hidden (view full) ---

1130extern int pf_dynaddr_setup(struct pf_addr_wrap *,
1131 sa_family_t);
1132extern void pf_dynaddr_copyout(struct pf_addr_wrap *);
1133extern void pf_dynaddr_remove(struct pf_addr_wrap *);
1134extern void pf_calc_skip_steps(struct pf_rulequeue *);
1135extern void pf_rule_set_qid(struct pf_rulequeue *);
1136extern u_int32_t pf_qname_to_qid(char *);
1137extern void pf_update_anchor_rules(void);
1195
1196#ifdef _KERNEL
1197RB_HEAD(pf_state_tree, pf_tree_node);
1198RB_PROTOTYPE(pf_state_tree, pf_tree_node, entry, pf_state_compare);
1199extern struct pf_state_tree tree_lan_ext, tree_ext_gwy;
1200
1201extern struct pf_anchorqueue pf_anchors;
1202extern struct pf_ruleset pf_main_ruleset;

--- 18 unchanged lines hidden (view full) ---

1221extern int pf_dynaddr_setup(struct pf_addr_wrap *,
1222 sa_family_t);
1223extern void pf_dynaddr_copyout(struct pf_addr_wrap *);
1224extern void pf_dynaddr_remove(struct pf_addr_wrap *);
1225extern void pf_calc_skip_steps(struct pf_rulequeue *);
1226extern void pf_rule_set_qid(struct pf_rulequeue *);
1227extern u_int32_t pf_qname_to_qid(char *);
1228extern void pf_update_anchor_rules(void);
1229#if defined(__FreeBSD__)
1230extern uma_zone_t pf_tree_pl, pf_rule_pl, pf_addr_pl;
1231extern uma_zone_t pf_state_pl, pf_altq_pl, pf_pooladdr_pl;
1232extern uma_zone_t pfr_ktable_pl, pfr_kentry_pl;
1233extern uma_zone_t pf_cache_pl, pf_cent_pl;
1234extern uma_zone_t pf_state_scrub_pl;
1235#else
1138extern struct pool pf_tree_pl, pf_rule_pl, pf_addr_pl;
1139extern struct pool pf_state_pl, pf_altq_pl, pf_pooladdr_pl;
1140extern struct pool pf_state_scrub_pl;
1236extern struct pool pf_tree_pl, pf_rule_pl, pf_addr_pl;
1237extern struct pool pf_state_pl, pf_altq_pl, pf_pooladdr_pl;
1238extern struct pool pf_state_scrub_pl;
1239#endif
1141extern void pf_purge_timeout(void *);
1142extern void pf_purge_expired_states(void);
1143extern int pf_insert_state(struct pf_state *);
1144extern struct pf_state *pf_find_state(struct pf_state_tree *,
1145 struct pf_tree_node *);
1146extern struct pf_anchor *pf_find_anchor(const char *);
1147extern struct pf_ruleset *pf_find_ruleset(char *, char *);
1148extern struct pf_ruleset *pf_find_or_create_ruleset(char *, char *);

--- 80 unchanged lines hidden (view full) ---

1229 int *, u_int32_t, int);
1230
1231u_int16_t pf_tagname2tag(char *);
1232void pf_tag2tagname(u_int16_t, char *);
1233void pf_tag_unref(u_int16_t);
1234int pf_tag_packet(struct mbuf *, struct pf_tag *, int);
1235
1236extern struct pf_status pf_status;
1240extern void pf_purge_timeout(void *);
1241extern void pf_purge_expired_states(void);
1242extern int pf_insert_state(struct pf_state *);
1243extern struct pf_state *pf_find_state(struct pf_state_tree *,
1244 struct pf_tree_node *);
1245extern struct pf_anchor *pf_find_anchor(const char *);
1246extern struct pf_ruleset *pf_find_ruleset(char *, char *);
1247extern struct pf_ruleset *pf_find_or_create_ruleset(char *, char *);

--- 80 unchanged lines hidden (view full) ---

1328 int *, u_int32_t, int);
1329
1330u_int16_t pf_tagname2tag(char *);
1331void pf_tag2tagname(u_int16_t, char *);
1332void pf_tag_unref(u_int16_t);
1333int pf_tag_packet(struct mbuf *, struct pf_tag *, int);
1334
1335extern struct pf_status pf_status;
1336
1337#if defined(__FreeBSD__)
1338extern uma_zone_t pf_frent_pl, pf_frag_pl;
1339#else
1237extern struct pool pf_frent_pl, pf_frag_pl;
1340extern struct pool pf_frent_pl, pf_frag_pl;
1341#endif
1238
1239struct pf_pool_limit {
1240 void *pp;
1241 unsigned limit;
1242};
1243extern struct pf_pool_limit pf_pool_limits[PF_LIMIT_MAX];
1244
1342
1343struct pf_pool_limit {
1344 void *pp;
1345 unsigned limit;
1346};
1347extern struct pf_pool_limit pf_pool_limits[PF_LIMIT_MAX];
1348
1349#if defined(__FreeBSD__)
1350struct pf_frent {
1351 LIST_ENTRY(pf_frent) fr_next;
1352 struct ip *fr_ip;
1353 struct mbuf *fr_m;
1354};
1355
1356struct pf_frcache {
1357 LIST_ENTRY(pf_frcache) fr_next;
1358 uint16_t fr_off;
1359 uint16_t fr_end;
1360};
1361
1362struct pf_fragment {
1363 RB_ENTRY(pf_fragment) fr_entry;
1364 TAILQ_ENTRY(pf_fragment) frag_next;
1365 struct in_addr fr_src;
1366 struct in_addr fr_dst;
1367 u_int8_t fr_p; /* protocol of this fragment */
1368 u_int8_t fr_flags; /* status flags */
1369 u_int16_t fr_id; /* fragment id for reassemble */
1370 u_int16_t fr_max; /* fragment data max */
1371 u_int32_t fr_timeout;
1372#define fr_queue fr_u.fru_queue
1373#define fr_cache fr_u.fru_cache
1374 union {
1375 LIST_HEAD(pf_fragq, pf_frent) fru_queue; /* buffering */
1376 LIST_HEAD(pf_cacheq, pf_frcache) fru_cache; /* non-buf */
1377 } fr_u;
1378};
1379#endif /* (__FreeBSD__) */
1380
1245#endif /* _KERNEL */
1246
1247/* The fingerprint functions can be linked into userland programs (tcpdump) */
1248int pf_osfp_add(struct pf_osfp_ioctl *);
1249#ifdef _KERNEL
1250struct pf_osfp_enlist *
1251 pf_osfp_fingerprint(struct pf_pdesc *, struct mbuf *, int,
1252 const struct tcphdr *);
1253#endif /* _KERNEL */
1254struct pf_osfp_enlist *
1255 pf_osfp_fingerprint_hdr(const struct ip *, const struct tcphdr *);
1256void pf_osfp_flush(void);
1257int pf_osfp_get(struct pf_osfp_ioctl *);
1381#endif /* _KERNEL */
1382
1383/* The fingerprint functions can be linked into userland programs (tcpdump) */
1384int pf_osfp_add(struct pf_osfp_ioctl *);
1385#ifdef _KERNEL
1386struct pf_osfp_enlist *
1387 pf_osfp_fingerprint(struct pf_pdesc *, struct mbuf *, int,
1388 const struct tcphdr *);
1389#endif /* _KERNEL */
1390struct pf_osfp_enlist *
1391 pf_osfp_fingerprint_hdr(const struct ip *, const struct tcphdr *);
1392void pf_osfp_flush(void);
1393int pf_osfp_get(struct pf_osfp_ioctl *);
1394#if defined(__FreeBSD__)
1395int pf_osfp_initialize(void);
1396void pf_osfp_cleanup(void);
1397#else
1258void pf_osfp_initialize(void);
1398void pf_osfp_initialize(void);
1399#endif
1259int pf_osfp_match(struct pf_osfp_enlist *, pf_osfp_t);
1260struct pf_os_fingerprint *
1261 pf_osfp_validate(void);
1262
1263
1264#endif /* _NET_PFVAR_H_ */
1400int pf_osfp_match(struct pf_osfp_enlist *, pf_osfp_t);
1401struct pf_os_fingerprint *
1402 pf_osfp_validate(void);
1403
1404
1405#endif /* _NET_PFVAR_H_ */