Cross Reference: /freebsd-11-stable/sys/netpfil/ipfw/ip_fw

Deleted Added

sdiff udiff text old ( 279948 ) new ( 282070 )

full compact

ip_fw_private.h (279948)	ip_fw_private.h (282070)
1/- 2 Copyright (c) 2002-2009 Luigi Rizzo, Universita` di Pisa 3 * 4 * Redistribution and use in source and binary forms, with or without 5 * modification, are permitted provided that the following conditions 6 * are met: 7 * 1. Redistributions of source code must retain the above copyright 8 * notice, this list of conditions and the following disclaimer. --- 8 unchanged lines hidden (view full) --- 17 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 18 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 19 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 20 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 21 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 22 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 23 * SUCH DAMAGE. 24 *	1/- 2 Copyright (c) 2002-2009 Luigi Rizzo, Universita` di Pisa 3 * 4 * Redistribution and use in source and binary forms, with or without 5 * modification, are permitted provided that the following conditions 6 * are met: 7 * 1. Redistributions of source code must retain the above copyright 8 * notice, this list of conditions and the following disclaimer. --- 8 unchanged lines hidden (view full) --- 17 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 18 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 19 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 20 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 21 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 22 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 23 * SUCH DAMAGE. 24 *
25 * $FreeBSD: head/sys/netpfil/ipfw/ip_fw_private.h 279948 2015-03-13 09:03:25Z ae $	25 * $FreeBSD: head/sys/netpfil/ipfw/ip_fw_private.h 282070 2015-04-27 08:29:39Z melifaro $
26 / 27 28#ifndef _IPFW2_PRIVATE_H 29#define _IPFW2_PRIVATE_H 30 31/ 32 * Internal constants and data structures used by ipfw components 33 * and not meant to be exported outside the kernel. --- 225 unchanged lines hidden (view full) --- 259#define IPFW_RULE_CNTR_SIZE (2 * sizeof(counter_u64_t)) 260 261#endif 262 263struct ip_fw_chain { 264 struct ip_fw *map; / array of rule ptrs to ease lookup / 265* uint32_t id; /* ruleset id / 266* int n_rules; /* number of static rules */	26 / 27 28#ifndef _IPFW2_PRIVATE_H 29#define _IPFW2_PRIVATE_H 30 31/ 32 * Internal constants and data structures used by ipfw components 33 * and not meant to be exported outside the kernel. --- 225 unchanged lines hidden (view full) --- 259#define IPFW_RULE_CNTR_SIZE (2 * sizeof(counter_u64_t)) 260 261#endif 262 263struct ip_fw_chain { 264 struct ip_fw *map; / array of rule ptrs to ease lookup / 265* uint32_t id; /* ruleset id / 266* int n_rules; /* number of static rules */
267 LIST_HEAD(nat_list, cfg_nat) nat; /* list of nat entries */
268 void tablestate; / runtime table info / 269* void valuestate; / runtime table value info / 270* int idxmap; / skipto array of rules */	267 void tablestate; / runtime table info / 268* void valuestate; / runtime table value info / 269* int idxmap; / skipto array of rules */
	270 void *srvstate; / runtime service mappings */
271#if defined( __linux__ ) \|\| defined( _WIN32 ) 272 spinlock_t rwmtx; 273#else 274 struct rmlock rwmtx; 275#endif 276 int static_len; /* total len of static rules (v0) / 277* uint32_t gencnt; /* NAT generation count */	271#if defined( __linux__ ) \|\| defined( _WIN32 ) 272 spinlock_t rwmtx; 273#else 274 struct rmlock rwmtx; 275#endif 276 int static_len; /* total len of static rules (v0) / 277* uint32_t gencnt; /* NAT generation count */
	278 LIST_HEAD(nat_list, cfg_nat) nat; /* list of nat entries */
278 struct ip_fw default_rule; 279* struct tables_config tblcfg; / tables module data / 280* void ifcfg; / interface module data / 281* int idxmap_back; / standby skipto array of rules */	279 struct ip_fw default_rule; 280* struct tables_config tblcfg; / tables module data / 281* void ifcfg; / interface module data / 282* int idxmap_back; / standby skipto array of rules */
	283 struct namedobj_instance srvmap; / cfg name->number mappings */
282#if defined( __linux__ ) \|\| defined( _WIN32 ) 283 spinlock_t uh_lock; 284#else 285 struct rwlock uh_lock; /* lock for upper half / 286#endif 287}; 288* 289/* 64-byte structure representing multi-field table value / --- 11 unchanged lines hidden* (view full) --- 301 uint16_t spare1; 302 /* -- 32 bytes -- / 303* struct in6_addr nh6; 304 uint32_t limit; /* O_LIMIT / 305* uint32_t zoneid; /* scope zone id for nh6 / 306* uint64_t refcnt; /* Number of references / 307}; 308*	284#if defined( __linux__ ) \|\| defined( _WIN32 ) 285 spinlock_t uh_lock; 286#else 287 struct rwlock uh_lock; /* lock for upper half / 288#endif 289}; 290* 291/* 64-byte structure representing multi-field table value / --- 11 unchanged lines hidden* (view full) --- 303 uint16_t spare1; 304 /* -- 32 bytes -- / 305* struct in6_addr nh6; 306 uint32_t limit; /* O_LIMIT / 307* uint32_t zoneid; /* scope zone id for nh6 / 308* uint64_t refcnt; /* Number of references / 309}; 310*
309struct namedobj_instance;
310 311struct named_object { 312 TAILQ_ENTRY(named_object) nn_next; /* namehash / 313* TAILQ_ENTRY(named_object) nv_next; /* valuehash / 314* char name; / object name */	311 312struct named_object { 313 TAILQ_ENTRY(named_object) nn_next; /* namehash / 314* TAILQ_ENTRY(named_object) nv_next; /* valuehash / 315* char name; / object name */
315 uint8_t type; /* object type / 316* uint8_t compat; /* Object name is number */	316 uint8_t subtype; /* object subtype within class / 317* uint8_t etlv; /* Export TLV id / 318* uint16_t spare[2];
317 uint16_t kidx; /* object kernel index */	319 uint16_t kidx; /* object kernel index */
318 uint16_t uidx; /* userland idx for compat records */
319 uint32_t set; /* set object belongs to / 320* uint32_t refcnt; /* number of references / 321}; 322TAILQ_HEAD(namedobjects_head, named_object); 323* 324struct sockopt; /* used by tcp_var.h / 325struct sockopt_data { 326* caddr_t kbuf; /* allocated buffer / --- 118 unchanged lines hidden* (view full) --- 445 uint16_t kidx; /* kernel object index / 446* uint16_t off; /* tlv offset from rule end in 4-byte words / 447* uint8_t spare; 448 uint8_t type; /* object type within its category / 449}; 450* 451struct rule_check_info { 452 uint16_t flags; /* rule-specific check flags */	320 uint32_t set; /* set object belongs to / 321* uint32_t refcnt; /* number of references / 322}; 323TAILQ_HEAD(namedobjects_head, named_object); 324* 325struct sockopt; /* used by tcp_var.h / 326struct sockopt_data { 327* caddr_t kbuf; /* allocated buffer / --- 118 unchanged lines hidden* (view full) --- 446 uint16_t kidx; /* kernel object index / 447* uint16_t off; /* tlv offset from rule end in 4-byte words / 448* uint8_t spare; 449 uint8_t type; /* object type within its category / 450}; 451* 452struct rule_check_info { 453 uint16_t flags; /* rule-specific check flags */
453 uint16_t table_opcodes; /* count of opcodes referencing table */	454 uint16_t object_opcodes; /* num of opcodes referencing objects */
454 uint16_t urule_numoff; /* offset of rulenum in bytes / 455* uint8_t version; /* rule version / 456* uint8_t spare; 457 ipfw_obj_ctlv ctlv; / name TLV containter / 458* struct ip_fw krule; / resulting rule pointer / 459* caddr_t urule; /* original rule pointer / 460* struct obj_idx obuf[8]; /* table references storage / 461}; --- 40 unchanged lines hidden* (view full) --- 502/* FreeBSD8 <> current kernel format / 503#define RULEUSIZE0(r) (sizeof(struct ip_fw_rule0) + (r)->cmd_len 4 - 4) 504#define RULEKSIZE0(r) roundup2((sizeof(struct ip_fw) + (r)->cmd_len4 - 4), 8) 505/ FreeBSD11 <> current kernel format / 506#define RULEUSIZE1(r) (roundup2(sizeof(struct ip_fw_rule) + \ 507* (r)->cmd_len * 4 - 4, 8)) 508#define RULEKSIZE1(r) roundup2((sizeof(struct ip_fw) + (r)->cmd_len4 - 4), 8) 509*	455 uint16_t urule_numoff; /* offset of rulenum in bytes / 456* uint8_t version; /* rule version / 457* uint8_t spare; 458 ipfw_obj_ctlv ctlv; / name TLV containter / 459* struct ip_fw krule; / resulting rule pointer / 460* caddr_t urule; /* original rule pointer / 461* struct obj_idx obuf[8]; /* table references storage / 462}; --- 40 unchanged lines hidden* (view full) --- 503/* FreeBSD8 <> current kernel format / 504#define RULEUSIZE0(r) (sizeof(struct ip_fw_rule0) + (r)->cmd_len 4 - 4) 505#define RULEKSIZE0(r) roundup2((sizeof(struct ip_fw) + (r)->cmd_len4 - 4), 8) 506/ FreeBSD11 <> current kernel format / 507#define RULEUSIZE1(r) (roundup2(sizeof(struct ip_fw_rule) + \ 508* (r)->cmd_len * 4 - 4, 8)) 509#define RULEKSIZE1(r) roundup2((sizeof(struct ip_fw) + (r)->cmd_len4 - 4), 8) 510*
	511/* 512 * Tables/Objects index rewriting code 513 */
510	514
	515/* Default and maximum number of ipfw tables/objects. / 516#define IPFW_TABLES_MAX 65536 517#define IPFW_TABLES_DEFAULT 128 518#define IPFW_OBJECTS_MAX 65536 519#define IPFW_OBJECTS_DEFAULT 128 520* 521#define CHAIN_TO_SRV(ch) ((ch)->srvmap) 522 523struct tid_info { 524 uint32_t set; /* table set / 525* uint16_t uidx; /* table index / 526* uint8_t type; /* table type / 527* uint8_t atype; 528 uint8_t spare; 529 int tlen; /* Total TLV size block / 530* void tlvs; / Pointer to first TLV / 531}; 532* 533/* 534 * Classifier callback. Checks if @cmd opcode contains kernel object reference. 535 * If true, returns its index and type. 536 * Returns 0 if match is found, 1 overwise. 537 / 538typedef int (ipfw_obj_rw_cl)(ipfw_insn cmd, uint16_t puidx, uint8_t ptype); 539/* 540 * Updater callback. Sets kernel object reference index to @puidx 541 / 542typedef void (ipfw_obj_rw_upd)(ipfw_insn cmd, uint16_t puidx); 543/* 544 * Finder callback. Tries to find named object by name (specified via @ti). 545 * Stores found named object pointer in @pno. 546 * If object was not found, NULL is stored. 547 * 548 * Return 0 if input data was valid. 549 / 550typedef int (ipfw_obj_fname_cb)(struct ip_fw_chain ch, 551 struct tid_info ti, struct named_object pno); 552/ 553 * Another finder callback. Tries to findex named object by kernel index. 554 * 555 * Returns pointer to named object or NULL. 556 / 557typedef struct named_object (ipfw_obj_fidx_cb)(struct ip_fw_chain ch, 558* uint16_t kidx); 559/* 560 * Object creator callback. Tries to create object specified by @ti. 561 * Stores newly-allocated object index in @pkidx. 562 * 563 * Returns 0 on success. 564 / 565typedef int (ipfw_obj_create_cb)(struct ip_fw_chain ch, struct tid_info ti, 566* uint16_t pkidx); 567* 568 569struct opcode_obj_rewrite { 570 uint32_t opcode; /* Opcode to act upon / 571* uint32_t etlv; /* Relevant export TLV id / 572* ipfw_obj_rw_cl classifier; / Check if rewrite is needed / 573* ipfw_obj_rw_upd update; / update cmd with new value / 574* ipfw_obj_fname_cb find_byname; / Find named object by name / 575* ipfw_obj_fidx_cb find_bykidx; / Find named object by kidx / 576* ipfw_obj_create_cb create_object; / Create named object / 577}; 578* 579#define IPFW_ADD_OBJ_REWRITER(f, c) do { \ 580 if ((f) != 0) \ 581 ipfw_add_obj_rewriter(c, \ 582 sizeof(c) / sizeof(c[0])); \ 583 } while(0) 584#define IPFW_DEL_OBJ_REWRITER(l, c) do { \ 585 if ((l) != 0) \ 586 ipfw_del_obj_rewriter(c, \ 587 sizeof(c) / sizeof(c[0])); \ 588 } while(0) 589
511/* In ip_fw_iface.c / 512int ipfw_iface_init(void); 513void ipfw_iface_destroy(void); 514void vnet_ipfw_iface_destroy(struct ip_fw_chain ch); 515int ipfw_iface_ref(struct ip_fw_chain ch, char name, 516 struct ipfw_ifc ic); 517void ipfw_iface_unref(struct ip_fw_chain ch, struct ipfw_ifc ic); 518void ipfw_iface_add_notify(struct ip_fw_chain ch, struct ipfw_ifc ic); --- 38 unchanged lines hidden* (view full) --- 557 sizeof(c) / sizeof(c[0])); \ 558 } while(0) 559#define IPFW_DEL_SOPT_HANDLER(l, c) do { \ 560 if ((l) != 0) \ 561 ipfw_del_sopt_handler(c, \ 562 sizeof(c) / sizeof(c[0])); \ 563 } while(0) 564	590/* In ip_fw_iface.c / 591int ipfw_iface_init(void); 592void ipfw_iface_destroy(void); 593void vnet_ipfw_iface_destroy(struct ip_fw_chain ch); 594int ipfw_iface_ref(struct ip_fw_chain ch, char name, 595 struct ipfw_ifc ic); 596void ipfw_iface_unref(struct ip_fw_chain ch, struct ipfw_ifc ic); 597void ipfw_iface_add_notify(struct ip_fw_chain ch, struct ipfw_ifc ic); --- 38 unchanged lines hidden* (view full) --- 636 sizeof(c) / sizeof(c[0])); \ 637 } while(0) 638#define IPFW_DEL_SOPT_HANDLER(l, c) do { \ 639 if ((l) != 0) \ 640 ipfw_del_sopt_handler(c, \ 641 sizeof(c) / sizeof(c[0])); \ 642 } while(0) 643
	644struct namedobj_instance;
565typedef void (objhash_cb_t)(struct namedobj_instance ni, struct named_object , 566 void arg); 567typedef uint32_t (objhash_hash_f)(struct namedobj_instance ni, void key, 568* uint32_t kopt); 569typedef int (objhash_cmp_f)(struct named_object no, void key, uint32_t kopt); 570struct namedobj_instance ipfw_objhash_create(uint32_t items); 571void ipfw_objhash_destroy(struct namedobj_instance ); 572void ipfw_objhash_bitmap_alloc(uint32_t items, void *idx, int pblocks); 573void ipfw_objhash_bitmap_merge(struct namedobj_instance ni, 574* void *idx, int blocks); 575void ipfw_objhash_bitmap_swap(struct namedobj_instance ni, 576* void *idx, int blocks); 577void ipfw_objhash_bitmap_free(void idx, int blocks); 578void ipfw_objhash_set_hashf(struct namedobj_instance ni, objhash_hash_f f); 579struct named_object ipfw_objhash_lookup_name(struct namedobj_instance ni, 580* uint32_t set, char *name);	645typedef void (objhash_cb_t)(struct namedobj_instance ni, struct named_object , 646 void arg); 647typedef uint32_t (objhash_hash_f)(struct namedobj_instance ni, void key, 648* uint32_t kopt); 649typedef int (objhash_cmp_f)(struct named_object no, void key, uint32_t kopt); 650struct namedobj_instance ipfw_objhash_create(uint32_t items); 651void ipfw_objhash_destroy(struct namedobj_instance ); 652void ipfw_objhash_bitmap_alloc(uint32_t items, void *idx, int pblocks); 653void ipfw_objhash_bitmap_merge(struct namedobj_instance ni, 654* void *idx, int blocks); 655void ipfw_objhash_bitmap_swap(struct namedobj_instance ni, 656* void *idx, int blocks); 657void ipfw_objhash_bitmap_free(void idx, int blocks); 658void ipfw_objhash_set_hashf(struct namedobj_instance ni, objhash_hash_f f); 659struct named_object ipfw_objhash_lookup_name(struct namedobj_instance ni, 660* uint32_t set, char *name);
	661struct named_object ipfw_objhash_lookup_name_type(struct namedobj_instance ni, 662 uint32_t set, uint32_t type, char *name);
581struct named_object ipfw_objhash_lookup_kidx(struct namedobj_instance ni, 582 uint16_t idx); 583int ipfw_objhash_same_name(struct namedobj_instance ni, struct named_object a, 584 struct named_object b); 585void ipfw_objhash_add(struct namedobj_instance ni, struct named_object no); 586void ipfw_objhash_del(struct namedobj_instance ni, struct named_object no); 587uint32_t ipfw_objhash_count(struct namedobj_instance ni); 588void ipfw_objhash_foreach(struct namedobj_instance ni, objhash_cb_t f, 589 void arg); 590int ipfw_objhash_free_idx(struct namedobj_instance ni, uint16_t idx); 591int ipfw_objhash_alloc_idx(void n, uint16_t pidx); 592void ipfw_objhash_set_funcs(struct namedobj_instance ni, 593* objhash_hash_f hash_f, objhash_cmp_f cmp_f);	663struct named_object ipfw_objhash_lookup_kidx(struct namedobj_instance ni, 664 uint16_t idx); 665int ipfw_objhash_same_name(struct namedobj_instance ni, struct named_object a, 666 struct named_object b); 667void ipfw_objhash_add(struct namedobj_instance ni, struct named_object no); 668void ipfw_objhash_del(struct namedobj_instance ni, struct named_object no); 669uint32_t ipfw_objhash_count(struct namedobj_instance ni); 670void ipfw_objhash_foreach(struct namedobj_instance ni, objhash_cb_t f, 671 void arg); 672int ipfw_objhash_free_idx(struct namedobj_instance ni, uint16_t idx); 673int ipfw_objhash_alloc_idx(void n, uint16_t pidx); 674void ipfw_objhash_set_funcs(struct namedobj_instance ni, 675* objhash_hash_f hash_f, objhash_cmp_f cmp_f);
	676void ipfw_init_obj_rewriter(void); 677void ipfw_destroy_obj_rewriter(void); 678void ipfw_add_obj_rewriter(struct opcode_obj_rewrite rw, size_t count); 679int ipfw_del_obj_rewriter(struct opcode_obj_rewrite rw, size_t count);
594	680
	681int ipfw_rewrite_rule_uidx(struct ip_fw_chain chain, 682* struct rule_check_info ci); 683int ipfw_mark_object_kidx(struct ip_fw_chain chain, struct ip_fw rule, 684* uint32_t bmask); 685int ref_opcode_object(struct ip_fw_chain ch, ipfw_insn cmd, struct tid_info ti, 686 struct obj_idx pidx, int found, int unresolved); 687void unref_oib_objects(struct ip_fw_chain ch, ipfw_insn cmd, 688* struct obj_idx oib, struct obj_idx end); 689int create_objects_compat(struct ip_fw_chain ch, ipfw_insn cmd, 690 struct obj_idx oib, struct obj_idx pidx, struct tid_info ti); 691void update_opcode_kidx(ipfw_insn cmd, uint16_t idx); 692int classify_opcode_kidx(ipfw_insn cmd, uint16_t puidx); 693void ipfw_init_srv(struct ip_fw_chain ch); 694void ipfw_destroy_srv(struct ip_fw_chain ch); 695
595/* In ip_fw_table.c / 596struct table_info; 597* 598typedef int (table_lookup_t)(struct table_info ti, void key, uint32_t keylen, 599 uint32_t val); 600* 601int ipfw_lookup_table(struct ip_fw_chain ch, uint16_t tbl, in_addr_t addr, 602* uint32_t val); --- 26 unchanged lines hidden* ---	696/* In ip_fw_table.c / 697struct table_info; 698* 699typedef int (table_lookup_t)(struct table_info ti, void key, uint32_t keylen, 700 uint32_t val); 701* 702int ipfw_lookup_table(struct ip_fw_chain ch, uint16_t tbl, in_addr_t addr, 703* uint32_t val); --- 26 unchanged lines hidden* ---

ip_fw_private.h (279948)	ip_fw_private.h (282070)
1/- 2 Copyright (c) 2002-2009 Luigi Rizzo, Universita` di Pisa 3 * 4 * Redistribution and use in source and binary forms, with or without 5 * modification, are permitted provided that the following conditions 6 * are met: 7 * 1. Redistributions of source code must retain the above copyright 8 * notice, this list of conditions and the following disclaimer. --- 8 unchanged lines hidden (view full) --- 17 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 18 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 19 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 20 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 21 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 22 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 23 * SUCH DAMAGE. 24 *	1/- 2 Copyright (c) 2002-2009 Luigi Rizzo, Universita` di Pisa 3 * 4 * Redistribution and use in source and binary forms, with or without 5 * modification, are permitted provided that the following conditions 6 * are met: 7 * 1. Redistributions of source code must retain the above copyright 8 * notice, this list of conditions and the following disclaimer. --- 8 unchanged lines hidden (view full) --- 17 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 18 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 19 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 20 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 21 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 22 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 23 * SUCH DAMAGE. 24 *
25 * $FreeBSD: head/sys/netpfil/ipfw/ip_fw_private.h 279948 2015-03-13 09:03:25Z ae $	25 * $FreeBSD: head/sys/netpfil/ipfw/ip_fw_private.h 282070 2015-04-27 08:29:39Z melifaro $
26 / 27 28#ifndef _IPFW2_PRIVATE_H 29#define _IPFW2_PRIVATE_H 30 31/ 32 * Internal constants and data structures used by ipfw components 33 * and not meant to be exported outside the kernel. --- 225 unchanged lines hidden (view full) --- 259#define IPFW_RULE_CNTR_SIZE (2 * sizeof(counter_u64_t)) 260 261#endif 262 263struct ip_fw_chain { 264 struct ip_fw *map; / array of rule ptrs to ease lookup / 265* uint32_t id; /* ruleset id / 266* int n_rules; /* number of static rules */	26 / 27 28#ifndef _IPFW2_PRIVATE_H 29#define _IPFW2_PRIVATE_H 30 31/ 32 * Internal constants and data structures used by ipfw components 33 * and not meant to be exported outside the kernel. --- 225 unchanged lines hidden (view full) --- 259#define IPFW_RULE_CNTR_SIZE (2 * sizeof(counter_u64_t)) 260 261#endif 262 263struct ip_fw_chain { 264 struct ip_fw *map; / array of rule ptrs to ease lookup / 265* uint32_t id; /* ruleset id / 266* int n_rules; /* number of static rules */
267 LIST_HEAD(nat_list, cfg_nat) nat; /* list of nat entries */
268 void tablestate; / runtime table info / 269* void valuestate; / runtime table value info / 270* int idxmap; / skipto array of rules */	267 void tablestate; / runtime table info / 268* void valuestate; / runtime table value info / 269* int idxmap; / skipto array of rules */
	270 void *srvstate; / runtime service mappings */
271#if defined( __linux__ ) \|\| defined( _WIN32 ) 272 spinlock_t rwmtx; 273#else 274 struct rmlock rwmtx; 275#endif 276 int static_len; /* total len of static rules (v0) / 277* uint32_t gencnt; /* NAT generation count */	271#if defined( __linux__ ) \|\| defined( _WIN32 ) 272 spinlock_t rwmtx; 273#else 274 struct rmlock rwmtx; 275#endif 276 int static_len; /* total len of static rules (v0) / 277* uint32_t gencnt; /* NAT generation count */
	278 LIST_HEAD(nat_list, cfg_nat) nat; /* list of nat entries */
278 struct ip_fw default_rule; 279* struct tables_config tblcfg; / tables module data / 280* void ifcfg; / interface module data / 281* int idxmap_back; / standby skipto array of rules */	279 struct ip_fw default_rule; 280* struct tables_config tblcfg; / tables module data / 281* void ifcfg; / interface module data / 282* int idxmap_back; / standby skipto array of rules */
	283 struct namedobj_instance srvmap; / cfg name->number mappings */
282#if defined( __linux__ ) \|\| defined( _WIN32 ) 283 spinlock_t uh_lock; 284#else 285 struct rwlock uh_lock; /* lock for upper half / 286#endif 287}; 288* 289/* 64-byte structure representing multi-field table value / --- 11 unchanged lines hidden* (view full) --- 301 uint16_t spare1; 302 /* -- 32 bytes -- / 303* struct in6_addr nh6; 304 uint32_t limit; /* O_LIMIT / 305* uint32_t zoneid; /* scope zone id for nh6 / 306* uint64_t refcnt; /* Number of references / 307}; 308*	284#if defined( __linux__ ) \|\| defined( _WIN32 ) 285 spinlock_t uh_lock; 286#else 287 struct rwlock uh_lock; /* lock for upper half / 288#endif 289}; 290* 291/* 64-byte structure representing multi-field table value / --- 11 unchanged lines hidden* (view full) --- 303 uint16_t spare1; 304 /* -- 32 bytes -- / 305* struct in6_addr nh6; 306 uint32_t limit; /* O_LIMIT / 307* uint32_t zoneid; /* scope zone id for nh6 / 308* uint64_t refcnt; /* Number of references / 309}; 310*
309struct namedobj_instance;
310 311struct named_object { 312 TAILQ_ENTRY(named_object) nn_next; /* namehash / 313* TAILQ_ENTRY(named_object) nv_next; /* valuehash / 314* char name; / object name */	311 312struct named_object { 313 TAILQ_ENTRY(named_object) nn_next; /* namehash / 314* TAILQ_ENTRY(named_object) nv_next; /* valuehash / 315* char name; / object name */
315 uint8_t type; /* object type / 316* uint8_t compat; /* Object name is number */	316 uint8_t subtype; /* object subtype within class / 317* uint8_t etlv; /* Export TLV id / 318* uint16_t spare[2];
317 uint16_t kidx; /* object kernel index */	319 uint16_t kidx; /* object kernel index */
318 uint16_t uidx; /* userland idx for compat records */
319 uint32_t set; /* set object belongs to / 320* uint32_t refcnt; /* number of references / 321}; 322TAILQ_HEAD(namedobjects_head, named_object); 323* 324struct sockopt; /* used by tcp_var.h / 325struct sockopt_data { 326* caddr_t kbuf; /* allocated buffer / --- 118 unchanged lines hidden* (view full) --- 445 uint16_t kidx; /* kernel object index / 446* uint16_t off; /* tlv offset from rule end in 4-byte words / 447* uint8_t spare; 448 uint8_t type; /* object type within its category / 449}; 450* 451struct rule_check_info { 452 uint16_t flags; /* rule-specific check flags */	320 uint32_t set; /* set object belongs to / 321* uint32_t refcnt; /* number of references / 322}; 323TAILQ_HEAD(namedobjects_head, named_object); 324* 325struct sockopt; /* used by tcp_var.h / 326struct sockopt_data { 327* caddr_t kbuf; /* allocated buffer / --- 118 unchanged lines hidden* (view full) --- 446 uint16_t kidx; /* kernel object index / 447* uint16_t off; /* tlv offset from rule end in 4-byte words / 448* uint8_t spare; 449 uint8_t type; /* object type within its category / 450}; 451* 452struct rule_check_info { 453 uint16_t flags; /* rule-specific check flags */
453 uint16_t table_opcodes; /* count of opcodes referencing table */	454 uint16_t object_opcodes; /* num of opcodes referencing objects */
454 uint16_t urule_numoff; /* offset of rulenum in bytes / 455* uint8_t version; /* rule version / 456* uint8_t spare; 457 ipfw_obj_ctlv ctlv; / name TLV containter / 458* struct ip_fw krule; / resulting rule pointer / 459* caddr_t urule; /* original rule pointer / 460* struct obj_idx obuf[8]; /* table references storage / 461}; --- 40 unchanged lines hidden* (view full) --- 502/* FreeBSD8 <> current kernel format / 503#define RULEUSIZE0(r) (sizeof(struct ip_fw_rule0) + (r)->cmd_len 4 - 4) 504#define RULEKSIZE0(r) roundup2((sizeof(struct ip_fw) + (r)->cmd_len4 - 4), 8) 505/ FreeBSD11 <> current kernel format / 506#define RULEUSIZE1(r) (roundup2(sizeof(struct ip_fw_rule) + \ 507* (r)->cmd_len * 4 - 4, 8)) 508#define RULEKSIZE1(r) roundup2((sizeof(struct ip_fw) + (r)->cmd_len4 - 4), 8) 509*	455 uint16_t urule_numoff; /* offset of rulenum in bytes / 456* uint8_t version; /* rule version / 457* uint8_t spare; 458 ipfw_obj_ctlv ctlv; / name TLV containter / 459* struct ip_fw krule; / resulting rule pointer / 460* caddr_t urule; /* original rule pointer / 461* struct obj_idx obuf[8]; /* table references storage / 462}; --- 40 unchanged lines hidden* (view full) --- 503/* FreeBSD8 <> current kernel format / 504#define RULEUSIZE0(r) (sizeof(struct ip_fw_rule0) + (r)->cmd_len 4 - 4) 505#define RULEKSIZE0(r) roundup2((sizeof(struct ip_fw) + (r)->cmd_len4 - 4), 8) 506/ FreeBSD11 <> current kernel format / 507#define RULEUSIZE1(r) (roundup2(sizeof(struct ip_fw_rule) + \ 508* (r)->cmd_len * 4 - 4, 8)) 509#define RULEKSIZE1(r) roundup2((sizeof(struct ip_fw) + (r)->cmd_len4 - 4), 8) 510*
	511/* 512 * Tables/Objects index rewriting code 513 */
510	514
	515/* Default and maximum number of ipfw tables/objects. / 516#define IPFW_TABLES_MAX 65536 517#define IPFW_TABLES_DEFAULT 128 518#define IPFW_OBJECTS_MAX 65536 519#define IPFW_OBJECTS_DEFAULT 128 520* 521#define CHAIN_TO_SRV(ch) ((ch)->srvmap) 522 523struct tid_info { 524 uint32_t set; /* table set / 525* uint16_t uidx; /* table index / 526* uint8_t type; /* table type / 527* uint8_t atype; 528 uint8_t spare; 529 int tlen; /* Total TLV size block / 530* void tlvs; / Pointer to first TLV / 531}; 532* 533/* 534 * Classifier callback. Checks if @cmd opcode contains kernel object reference. 535 * If true, returns its index and type. 536 * Returns 0 if match is found, 1 overwise. 537 / 538typedef int (ipfw_obj_rw_cl)(ipfw_insn cmd, uint16_t puidx, uint8_t ptype); 539/* 540 * Updater callback. Sets kernel object reference index to @puidx 541 / 542typedef void (ipfw_obj_rw_upd)(ipfw_insn cmd, uint16_t puidx); 543/* 544 * Finder callback. Tries to find named object by name (specified via @ti). 545 * Stores found named object pointer in @pno. 546 * If object was not found, NULL is stored. 547 * 548 * Return 0 if input data was valid. 549 / 550typedef int (ipfw_obj_fname_cb)(struct ip_fw_chain ch, 551 struct tid_info ti, struct named_object pno); 552/ 553 * Another finder callback. Tries to findex named object by kernel index. 554 * 555 * Returns pointer to named object or NULL. 556 / 557typedef struct named_object (ipfw_obj_fidx_cb)(struct ip_fw_chain ch, 558* uint16_t kidx); 559/* 560 * Object creator callback. Tries to create object specified by @ti. 561 * Stores newly-allocated object index in @pkidx. 562 * 563 * Returns 0 on success. 564 / 565typedef int (ipfw_obj_create_cb)(struct ip_fw_chain ch, struct tid_info ti, 566* uint16_t pkidx); 567* 568 569struct opcode_obj_rewrite { 570 uint32_t opcode; /* Opcode to act upon / 571* uint32_t etlv; /* Relevant export TLV id / 572* ipfw_obj_rw_cl classifier; / Check if rewrite is needed / 573* ipfw_obj_rw_upd update; / update cmd with new value / 574* ipfw_obj_fname_cb find_byname; / Find named object by name / 575* ipfw_obj_fidx_cb find_bykidx; / Find named object by kidx / 576* ipfw_obj_create_cb create_object; / Create named object / 577}; 578* 579#define IPFW_ADD_OBJ_REWRITER(f, c) do { \ 580 if ((f) != 0) \ 581 ipfw_add_obj_rewriter(c, \ 582 sizeof(c) / sizeof(c[0])); \ 583 } while(0) 584#define IPFW_DEL_OBJ_REWRITER(l, c) do { \ 585 if ((l) != 0) \ 586 ipfw_del_obj_rewriter(c, \ 587 sizeof(c) / sizeof(c[0])); \ 588 } while(0) 589
511/* In ip_fw_iface.c / 512int ipfw_iface_init(void); 513void ipfw_iface_destroy(void); 514void vnet_ipfw_iface_destroy(struct ip_fw_chain ch); 515int ipfw_iface_ref(struct ip_fw_chain ch, char name, 516 struct ipfw_ifc ic); 517void ipfw_iface_unref(struct ip_fw_chain ch, struct ipfw_ifc ic); 518void ipfw_iface_add_notify(struct ip_fw_chain ch, struct ipfw_ifc ic); --- 38 unchanged lines hidden* (view full) --- 557 sizeof(c) / sizeof(c[0])); \ 558 } while(0) 559#define IPFW_DEL_SOPT_HANDLER(l, c) do { \ 560 if ((l) != 0) \ 561 ipfw_del_sopt_handler(c, \ 562 sizeof(c) / sizeof(c[0])); \ 563 } while(0) 564	590/* In ip_fw_iface.c / 591int ipfw_iface_init(void); 592void ipfw_iface_destroy(void); 593void vnet_ipfw_iface_destroy(struct ip_fw_chain ch); 594int ipfw_iface_ref(struct ip_fw_chain ch, char name, 595 struct ipfw_ifc ic); 596void ipfw_iface_unref(struct ip_fw_chain ch, struct ipfw_ifc ic); 597void ipfw_iface_add_notify(struct ip_fw_chain ch, struct ipfw_ifc ic); --- 38 unchanged lines hidden* (view full) --- 636 sizeof(c) / sizeof(c[0])); \ 637 } while(0) 638#define IPFW_DEL_SOPT_HANDLER(l, c) do { \ 639 if ((l) != 0) \ 640 ipfw_del_sopt_handler(c, \ 641 sizeof(c) / sizeof(c[0])); \ 642 } while(0) 643
	644struct namedobj_instance;
565typedef void (objhash_cb_t)(struct namedobj_instance ni, struct named_object , 566 void arg); 567typedef uint32_t (objhash_hash_f)(struct namedobj_instance ni, void key, 568* uint32_t kopt); 569typedef int (objhash_cmp_f)(struct named_object no, void key, uint32_t kopt); 570struct namedobj_instance ipfw_objhash_create(uint32_t items); 571void ipfw_objhash_destroy(struct namedobj_instance ); 572void ipfw_objhash_bitmap_alloc(uint32_t items, void *idx, int pblocks); 573void ipfw_objhash_bitmap_merge(struct namedobj_instance ni, 574* void *idx, int blocks); 575void ipfw_objhash_bitmap_swap(struct namedobj_instance ni, 576* void *idx, int blocks); 577void ipfw_objhash_bitmap_free(void idx, int blocks); 578void ipfw_objhash_set_hashf(struct namedobj_instance ni, objhash_hash_f f); 579struct named_object ipfw_objhash_lookup_name(struct namedobj_instance ni, 580* uint32_t set, char *name);	645typedef void (objhash_cb_t)(struct namedobj_instance ni, struct named_object , 646 void arg); 647typedef uint32_t (objhash_hash_f)(struct namedobj_instance ni, void key, 648* uint32_t kopt); 649typedef int (objhash_cmp_f)(struct named_object no, void key, uint32_t kopt); 650struct namedobj_instance ipfw_objhash_create(uint32_t items); 651void ipfw_objhash_destroy(struct namedobj_instance ); 652void ipfw_objhash_bitmap_alloc(uint32_t items, void *idx, int pblocks); 653void ipfw_objhash_bitmap_merge(struct namedobj_instance ni, 654* void *idx, int blocks); 655void ipfw_objhash_bitmap_swap(struct namedobj_instance ni, 656* void *idx, int blocks); 657void ipfw_objhash_bitmap_free(void idx, int blocks); 658void ipfw_objhash_set_hashf(struct namedobj_instance ni, objhash_hash_f f); 659struct named_object ipfw_objhash_lookup_name(struct namedobj_instance ni, 660* uint32_t set, char *name);
	661struct named_object ipfw_objhash_lookup_name_type(struct namedobj_instance ni, 662 uint32_t set, uint32_t type, char *name);
581struct named_object ipfw_objhash_lookup_kidx(struct namedobj_instance ni, 582 uint16_t idx); 583int ipfw_objhash_same_name(struct namedobj_instance ni, struct named_object a, 584 struct named_object b); 585void ipfw_objhash_add(struct namedobj_instance ni, struct named_object no); 586void ipfw_objhash_del(struct namedobj_instance ni, struct named_object no); 587uint32_t ipfw_objhash_count(struct namedobj_instance ni); 588void ipfw_objhash_foreach(struct namedobj_instance ni, objhash_cb_t f, 589 void arg); 590int ipfw_objhash_free_idx(struct namedobj_instance ni, uint16_t idx); 591int ipfw_objhash_alloc_idx(void n, uint16_t pidx); 592void ipfw_objhash_set_funcs(struct namedobj_instance ni, 593* objhash_hash_f hash_f, objhash_cmp_f cmp_f);	663struct named_object ipfw_objhash_lookup_kidx(struct namedobj_instance ni, 664 uint16_t idx); 665int ipfw_objhash_same_name(struct namedobj_instance ni, struct named_object a, 666 struct named_object b); 667void ipfw_objhash_add(struct namedobj_instance ni, struct named_object no); 668void ipfw_objhash_del(struct namedobj_instance ni, struct named_object no); 669uint32_t ipfw_objhash_count(struct namedobj_instance ni); 670void ipfw_objhash_foreach(struct namedobj_instance ni, objhash_cb_t f, 671 void arg); 672int ipfw_objhash_free_idx(struct namedobj_instance ni, uint16_t idx); 673int ipfw_objhash_alloc_idx(void n, uint16_t pidx); 674void ipfw_objhash_set_funcs(struct namedobj_instance ni, 675* objhash_hash_f hash_f, objhash_cmp_f cmp_f);
	676void ipfw_init_obj_rewriter(void); 677void ipfw_destroy_obj_rewriter(void); 678void ipfw_add_obj_rewriter(struct opcode_obj_rewrite rw, size_t count); 679int ipfw_del_obj_rewriter(struct opcode_obj_rewrite rw, size_t count);
594	680
	681int ipfw_rewrite_rule_uidx(struct ip_fw_chain chain, 682* struct rule_check_info ci); 683int ipfw_mark_object_kidx(struct ip_fw_chain chain, struct ip_fw rule, 684* uint32_t bmask); 685int ref_opcode_object(struct ip_fw_chain ch, ipfw_insn cmd, struct tid_info ti, 686 struct obj_idx pidx, int found, int unresolved); 687void unref_oib_objects(struct ip_fw_chain ch, ipfw_insn cmd, 688* struct obj_idx oib, struct obj_idx end); 689int create_objects_compat(struct ip_fw_chain ch, ipfw_insn cmd, 690 struct obj_idx oib, struct obj_idx pidx, struct tid_info ti); 691void update_opcode_kidx(ipfw_insn cmd, uint16_t idx); 692int classify_opcode_kidx(ipfw_insn cmd, uint16_t puidx); 693void ipfw_init_srv(struct ip_fw_chain ch); 694void ipfw_destroy_srv(struct ip_fw_chain ch); 695
595/* In ip_fw_table.c / 596struct table_info; 597* 598typedef int (table_lookup_t)(struct table_info ti, void key, uint32_t keylen, 599 uint32_t val); 600* 601int ipfw_lookup_table(struct ip_fw_chain ch, uint16_t tbl, in_addr_t addr, 602* uint32_t val); --- 26 unchanged lines hidden* ---	696/* In ip_fw_table.c / 697struct table_info; 698* 699typedef int (table_lookup_t)(struct table_info ti, void key, uint32_t keylen, 700 uint32_t val); 701* 702int ipfw_lookup_table(struct ip_fw_chain ch, uint16_t tbl, in_addr_t addr, 703* uint32_t val); --- 26 unchanged lines hidden* ---