1/* $OpenBSD: pfvar.h,v 1.170 2003/08/22 21:50:34 david Exp $ */
2
3/*
4 * Copyright (c) 2001 Daniel Hartmeier
5 * All rights reserved.
6 *
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
--- 24 unchanged lines hidden (view full) ---
33#ifndef _NET_PFVAR_H_
34#define _NET_PFVAR_H_
35
36#include <sys/types.h>
37#include <sys/queue.h>
38#include <sys/tree.h>
39
40#include <net/radix.h>
41#include <netinet/ip_ipsp.h>
42#include <netinet/tcp_fsm.h>
43
44struct ip;
45
46#define PF_TCPS_PROXY_SRC ((TCP_NSTATES)+0)
47#define PF_TCPS_PROXY_DST ((TCP_NSTATES)+1)
48
49enum { PF_INOUT, PF_IN, PF_OUT };
--- 64 unchanged lines hidden (view full) ---
114 u_int8_t type; /* PF_ADDR_* */
115};
116
117struct pf_addr_dyn {
118 char ifname[IFNAMSIZ];
119 struct ifnet *ifp;
120 struct pf_addr *addr;
121 sa_family_t af;
122 void *hook_cookie;
123 u_int8_t undefined;
124};
125
126/*
127 * Address manipulation macros
128 */
129
130#ifdef _KERNEL
131
132#ifdef INET
133#ifndef INET6
134#define PF_INET_ONLY
135#endif /* ! INET6 */
136#endif /* INET */
137
138#ifdef INET6
139#ifndef INET
--- 956 unchanged lines hidden (view full) ---
1096#define DIOCRTSTADDRS _IOWR('D', 73, struct pfioc_table)
1097#define DIOCRSETTFLAGS _IOWR('D', 74, struct pfioc_table)
1098#define DIOCRINABEGIN _IOWR('D', 75, struct pfioc_table)
1099#define DIOCRINACOMMIT _IOWR('D', 76, struct pfioc_table)
1100#define DIOCRINADEFINE _IOWR('D', 77, struct pfioc_table)
1101#define DIOCOSFPFLUSH _IO('D', 78)
1102#define DIOCOSFPADD _IOWR('D', 79, struct pf_osfp_ioctl)
1103#define DIOCOSFPGET _IOWR('D', 80, struct pf_osfp_ioctl)
1104
1105#ifdef _KERNEL
1106RB_HEAD(pf_state_tree, pf_tree_node);
1107RB_PROTOTYPE(pf_state_tree, pf_tree_node, entry, pf_state_compare);
1108extern struct pf_state_tree tree_lan_ext, tree_ext_gwy;
1109
1110extern struct pf_anchorqueue pf_anchors;
1111extern struct pf_ruleset pf_main_ruleset;
--- 18 unchanged lines hidden (view full) ---
1130extern int pf_dynaddr_setup(struct pf_addr_wrap *,
1131 sa_family_t);
1132extern void pf_dynaddr_copyout(struct pf_addr_wrap *);
1133extern void pf_dynaddr_remove(struct pf_addr_wrap *);
1134extern void pf_calc_skip_steps(struct pf_rulequeue *);
1135extern void pf_rule_set_qid(struct pf_rulequeue *);
1136extern u_int32_t pf_qname_to_qid(char *);
1137extern void pf_update_anchor_rules(void);
1138extern struct pool pf_tree_pl, pf_rule_pl, pf_addr_pl;
1139extern struct pool pf_state_pl, pf_altq_pl, pf_pooladdr_pl;
1140extern struct pool pf_state_scrub_pl;
1141extern void pf_purge_timeout(void *);
1142extern void pf_purge_expired_states(void);
1143extern int pf_insert_state(struct pf_state *);
1144extern struct pf_state *pf_find_state(struct pf_state_tree *,
1145 struct pf_tree_node *);
1146extern struct pf_anchor *pf_find_anchor(const char *);
1147extern struct pf_ruleset *pf_find_ruleset(char *, char *);
1148extern struct pf_ruleset *pf_find_or_create_ruleset(char *, char *);
--- 80 unchanged lines hidden (view full) ---
1229 int *, u_int32_t, int);
1230
1231u_int16_t pf_tagname2tag(char *);
1232void pf_tag2tagname(u_int16_t, char *);
1233void pf_tag_unref(u_int16_t);
1234int pf_tag_packet(struct mbuf *, struct pf_tag *, int);
1235
1236extern struct pf_status pf_status;
1237extern struct pool pf_frent_pl, pf_frag_pl;
1238
1239struct pf_pool_limit {
1240 void *pp;
1241 unsigned limit;
1242};
1243extern struct pf_pool_limit pf_pool_limits[PF_LIMIT_MAX];
1244
1245#endif /* _KERNEL */
1246
1247/* The fingerprint functions can be linked into userland programs (tcpdump) */
1248int pf_osfp_add(struct pf_osfp_ioctl *);
1249#ifdef _KERNEL
1250struct pf_osfp_enlist *
1251 pf_osfp_fingerprint(struct pf_pdesc *, struct mbuf *, int,
1252 const struct tcphdr *);
1253#endif /* _KERNEL */
1254struct pf_osfp_enlist *
1255 pf_osfp_fingerprint_hdr(const struct ip *, const struct tcphdr *);
1256void pf_osfp_flush(void);
1257int pf_osfp_get(struct pf_osfp_ioctl *);
1258void pf_osfp_initialize(void);
1259int pf_osfp_match(struct pf_osfp_enlist *, pf_osfp_t);
1260struct pf_os_fingerprint *
1261 pf_osfp_validate(void);
1262
1263
1264#endif /* _NET_PFVAR_H_ */
2
3/*
4 * Copyright (c) 2001 Daniel Hartmeier
5 * All rights reserved.
6 *
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
--- 24 unchanged lines hidden (view full) ---
33#ifndef _NET_PFVAR_H_
34#define _NET_PFVAR_H_
35
36#include <sys/types.h>
37#include <sys/queue.h>
38#include <sys/tree.h>
39
40#include <net/radix.h>
41#include <netinet/ip_ipsp.h>
42#include <netinet/tcp_fsm.h>
43
44struct ip;
45
46#define PF_TCPS_PROXY_SRC ((TCP_NSTATES)+0)
47#define PF_TCPS_PROXY_DST ((TCP_NSTATES)+1)
48
49enum { PF_INOUT, PF_IN, PF_OUT };
--- 64 unchanged lines hidden (view full) ---
114 u_int8_t type; /* PF_ADDR_* */
115};
116
117struct pf_addr_dyn {
118 char ifname[IFNAMSIZ];
119 struct ifnet *ifp;
120 struct pf_addr *addr;
121 sa_family_t af;
122 void *hook_cookie;
123 u_int8_t undefined;
124};
125
126/*
127 * Address manipulation macros
128 */
129
130#ifdef _KERNEL
131
132#ifdef INET
133#ifndef INET6
134#define PF_INET_ONLY
135#endif /* ! INET6 */
136#endif /* INET */
137
138#ifdef INET6
139#ifndef INET
--- 956 unchanged lines hidden (view full) ---
1096#define DIOCRTSTADDRS _IOWR('D', 73, struct pfioc_table)
1097#define DIOCRSETTFLAGS _IOWR('D', 74, struct pfioc_table)
1098#define DIOCRINABEGIN _IOWR('D', 75, struct pfioc_table)
1099#define DIOCRINACOMMIT _IOWR('D', 76, struct pfioc_table)
1100#define DIOCRINADEFINE _IOWR('D', 77, struct pfioc_table)
1101#define DIOCOSFPFLUSH _IO('D', 78)
1102#define DIOCOSFPADD _IOWR('D', 79, struct pf_osfp_ioctl)
1103#define DIOCOSFPGET _IOWR('D', 80, struct pf_osfp_ioctl)
1104
1105#ifdef _KERNEL
1106RB_HEAD(pf_state_tree, pf_tree_node);
1107RB_PROTOTYPE(pf_state_tree, pf_tree_node, entry, pf_state_compare);
1108extern struct pf_state_tree tree_lan_ext, tree_ext_gwy;
1109
1110extern struct pf_anchorqueue pf_anchors;
1111extern struct pf_ruleset pf_main_ruleset;
--- 18 unchanged lines hidden (view full) ---
1130extern int pf_dynaddr_setup(struct pf_addr_wrap *,
1131 sa_family_t);
1132extern void pf_dynaddr_copyout(struct pf_addr_wrap *);
1133extern void pf_dynaddr_remove(struct pf_addr_wrap *);
1134extern void pf_calc_skip_steps(struct pf_rulequeue *);
1135extern void pf_rule_set_qid(struct pf_rulequeue *);
1136extern u_int32_t pf_qname_to_qid(char *);
1137extern void pf_update_anchor_rules(void);
1138extern struct pool pf_tree_pl, pf_rule_pl, pf_addr_pl;
1139extern struct pool pf_state_pl, pf_altq_pl, pf_pooladdr_pl;
1140extern struct pool pf_state_scrub_pl;
1141extern void pf_purge_timeout(void *);
1142extern void pf_purge_expired_states(void);
1143extern int pf_insert_state(struct pf_state *);
1144extern struct pf_state *pf_find_state(struct pf_state_tree *,
1145 struct pf_tree_node *);
1146extern struct pf_anchor *pf_find_anchor(const char *);
1147extern struct pf_ruleset *pf_find_ruleset(char *, char *);
1148extern struct pf_ruleset *pf_find_or_create_ruleset(char *, char *);
--- 80 unchanged lines hidden (view full) ---
1229 int *, u_int32_t, int);
1230
1231u_int16_t pf_tagname2tag(char *);
1232void pf_tag2tagname(u_int16_t, char *);
1233void pf_tag_unref(u_int16_t);
1234int pf_tag_packet(struct mbuf *, struct pf_tag *, int);
1235
1236extern struct pf_status pf_status;
1237extern struct pool pf_frent_pl, pf_frag_pl;
1238
1239struct pf_pool_limit {
1240 void *pp;
1241 unsigned limit;
1242};
1243extern struct pf_pool_limit pf_pool_limits[PF_LIMIT_MAX];
1244
1245#endif /* _KERNEL */
1246
1247/* The fingerprint functions can be linked into userland programs (tcpdump) */
1248int pf_osfp_add(struct pf_osfp_ioctl *);
1249#ifdef _KERNEL
1250struct pf_osfp_enlist *
1251 pf_osfp_fingerprint(struct pf_pdesc *, struct mbuf *, int,
1252 const struct tcphdr *);
1253#endif /* _KERNEL */
1254struct pf_osfp_enlist *
1255 pf_osfp_fingerprint_hdr(const struct ip *, const struct tcphdr *);
1256void pf_osfp_flush(void);
1257int pf_osfp_get(struct pf_osfp_ioctl *);
1258void pf_osfp_initialize(void);
1259int pf_osfp_match(struct pf_osfp_enlist *, pf_osfp_t);
1260struct pf_os_fingerprint *
1261 pf_osfp_validate(void);
1262
1263
1264#endif /* _NET_PFVAR_H_ */