ip_compat.h revision 358664 
1/*
2 * Copyright (C) 2012 by Darren Reed.
3 *
4 * See the IPFILTER.LICENCE file for details on licencing.
5 *
6 * @(#)ip_compat.h	1.8 1/14/96
7 * $FreeBSD: stable/11/sys/contrib/ipfilter/netinet/ip_compat.h 358664 2020-03-05 06:35:05Z cy $
8 * Id: ip_compat.h,v 2.142.2.57 2007/10/10 09:51:42 darrenr Exp $
9 */
10
11#ifndef	__IP_COMPAT_H__
12#define	__IP_COMPAT_H__
13
14#ifndef	__P
15# ifdef	__STDC__
16#  define	__P(x)  x
17# else
18#  define	__P(x)  ()
19# endif
20#endif
21#ifndef	__STDC__
22# undef		const
23# define	const
24#endif
25
26#if defined(_KERNEL) || defined(KERNEL) || defined(__KERNEL__)
27# undef	KERNEL
28# undef	_KERNEL
29# undef 	__KERNEL__
30# define	KERNEL
31# define	_KERNEL
32# define 	__KERNEL__
33#endif
34
35#ifndef	SOLARIS
36# if defined(sun) && defined(__SVR4)
37#  define	SOLARIS		1
38# else
39#  define	SOLARIS		0
40# endif
41#endif
42
43
44#if defined(__SVR4)
45# define index   strchr
46# if !defined(_KERNEL)
47#  define	bzero(a,b)	memset(a,0,b)
48#  define	bcmp		memcmp
49#  define	bcopy(a,b,c)	memmove(b,a,c)
50# endif
51#endif
52
53#ifndef LIFNAMSIZ
54# ifdef IF_NAMESIZE
55#  define	LIFNAMSIZ	IF_NAMESIZE
56# else
57#  ifdef	IFNAMSIZ
58#   define	LIFNAMSIZ	IFNAMSIZ
59#  else
60#   define	LIFNAMSIZ	16
61#  endif
62# endif
63#endif
64
65
66# ifdef __STDC__
67#  define IPL_EXTERN(ep) ipl##ep
68# else
69#  define IPL_EXTERN(ep) ipl/**/ep
70# endif
71
72/*
73 * This is a workaround for <sys/uio.h> troubles on FreeBSD and OpenBSD.
74 */
75# ifndef _KERNEL
76#  define ADD_KERNEL
77#  define _KERNEL
78#  define KERNEL
79# endif
80# include <sys/uio.h>
81# ifdef ADD_KERNEL
82#  undef _KERNEL
83#  undef KERNEL
84# endif
85
86#define	NETBSD_GE_REV(x)	(defined(__NetBSD_Version__) && \
87				 (__NetBSD_Version__ >= (x)))
88#define	NETBSD_GT_REV(x)	(defined(__NetBSD_Version__) && \
89				 (__NetBSD_Version__ > (x)))
90#define	NETBSD_LT_REV(x)	(defined(__NetBSD_Version__) && \
91				 (__NetBSD_Version__ < (x)))
92#define	FREEBSD_GE_REV(x)	(defined(__FreeBSD_version) && \
93				 (__FreeBSD_version >= (x)))
94#define	FREEBSD_GT_REV(x)	(defined(__FreeBSD_version) && \
95				 (__FreeBSD_version > (x)))
96#define	FREEBSD_LT_REV(x)	(defined(__FreeBSD_version) && \
97				 (__FreeBSD_version < (x)))
98#define	BSD_GE_YEAR(x)		(defined(BSD) && (BSD >= (x)))
99#define	BSD_GT_YEAR(x)		(defined(BSD) && (BSD > (x)))
100#define	BSD_LT_YEAR(x)		(defined(BSD) && (BSD < (x)))
101
102
103/* ----------------------------------------------------------------------- */
104/*                                F R E E B S D                            */
105/* ----------------------------------------------------------------------- */
106# define HAS_SYS_MD5_H	1
107# if defined(_KERNEL)
108#   include "opt_bpf.h"
109#   include "opt_inet6.h"
110#  if defined(INET6) && !defined(USE_INET6)
111#   define USE_INET6
112#  endif
113# else
114#  if !defined(USE_INET6) && !defined(NOINET6)
115#   define	USE_INET6
116#  endif
117# endif
118
119# if defined(_KERNEL)
120#  include <netinet/ip_var.h>
121#    define	p_cred	td_ucred
122#    define	p_uid	td_ucred->cr_ruid
123
124/*
125 * When #define'd, the 5.2.1 kernel panics when used with the ftp proxy.
126 * There may be other, safe, kernels but this is not extensively tested yet.
127 */
128#   define HAVE_M_PULLDOWN
129#  if !defined(IPFILTER_LKM) && defined(__FreeBSD_version)
130#   include "opt_ipfilter.h"
131#  endif
132#  define	COPYIN(a,b,c)	copyin((caddr_t)(a), (caddr_t)(b), (c))
133#  define	COPYOUT(a,b,c)	copyout((caddr_t)(a), (caddr_t)(b), (c))
134
135# else
136#  include <inttypes.h>
137# endif /* _KERNEL */
138
139#  include <sys/selinfo.h>
140#  include <sys/lock.h>
141#  include <sys/malloc.h>
142#  include <sys/mutex.h>
143#    define	KRWLOCK_FILL_SZ		56
144#    define	KMUTEX_FILL_SZ		56
145#   include <sys/rwlock.h>
146#   define	KMUTEX_T		struct mtx
147#   define	KRWLOCK_T		struct rwlock
148
149#ifdef _KERNEL
150#    define	READ_ENTER(x)		rw_rlock(&(x)->ipf_lk)
151#    define	WRITE_ENTER(x)		rw_wlock(&(x)->ipf_lk)
152#    define	MUTEX_DOWNGRADE(x)	rw_downgrade(&(x)->ipf_lk)
153#    define	MUTEX_TRY_UPGRADE(x)	rw_try_upgrade(&(x)->ipf_lk)
154#    define	RWLOCK_INIT(x,y)	rw_init(&(x)->ipf_lk, (y))
155#    define	RW_DESTROY(x)		rw_destroy(&(x)->ipf_lk)
156#    define	RWLOCK_EXIT(x)		do { \
157					    if (rw_wowned(&(x)->ipf_lk)) \
158					    	rw_wunlock(&(x)->ipf_lk); \
159					    else \
160						rw_runlock(&(x)->ipf_lk); \
161					} while (0)
162#  include <net/if_var.h>
163#  define	GETKTIME(x)	microtime((struct timeval *)x)
164
165#   include <netinet/in_systm.h>
166#   include <netinet/ip.h>
167#   include <machine/in_cksum.h>
168
169#   define	USE_MUTEXES
170#   define	MUTEX_ENTER(x)		mtx_lock(&(x)->ipf_lk)
171#   define	MUTEX_EXIT(x)		mtx_unlock(&(x)->ipf_lk)
172#   define	MUTEX_INIT(x,y)		mtx_init(&(x)->ipf_lk, (y), NULL,\
173						 MTX_DEF)
174#   define	MUTEX_DESTROY(x)	mtx_destroy(&(x)->ipf_lk)
175#   define	MUTEX_NUKE(x)		bzero((x), sizeof(*(x)))
176/*
177 * Whilst the sx(9) locks on FreeBSD have the right semantics and interface
178 * for what we want to use them for, despite testing showing they work -
179 * with a WITNESS kernel, it generates LOR messages.
180 */
181#   include <machine/atomic.h>
182#   define	ATOMIC_INC(x)		{ mtx_lock(&softc->ipf_rw.ipf_lk); (x)++; \
183					  mtx_unlock(&softc->ipf_rw.ipf_lk); }
184#   define	ATOMIC_DEC(x)		{ mtx_lock(&softc->ipf_rw.ipf_lk); (x)--; \
185					  mtx_unlock(&softc->ipf_rw.ipf_lk); }
186#   define	ATOMIC_INCL(x)		atomic_add_long(&(x), 1)
187#   define	ATOMIC_INC64(x)		ATOMIC_INC(x)
188#   define	ATOMIC_INC32(x)		atomic_add_32((u_int *)&(x), 1)
189#   define	ATOMIC_DECL(x)		atomic_add_long(&(x), -1)
190#   define	ATOMIC_DEC64(x)		ATOMIC_DEC(x)
191#   define	ATOMIC_DEC32(x)		atomic_add_32((u_int *)&(x), -1)
192#   define	SPL_X(x)	;
193#   define	SPL_NET(x)	;
194#   define	SPL_IMP(x)	;
195#   define	SPL_SCHED(x)	;
196#   define	GET_MINOR		dev2unit
197#  define	MSGDSIZE(m)	mbufchainlen(m)
198#  define	M_LEN(m)	(m)->m_len
199#  define	M_ADJ(m,x)	m_adj(m, x)
200#  define	M_COPY(x)	m_copy((x), 0, M_COPYALL)
201#  define	M_DUP(m)	m_dup(m, M_NOWAIT)
202#  define	IPF_PANIC(x,y)	if (x) { printf y; panic("ipf_panic"); }
203typedef struct mbuf mb_t;
204
205#else	/* !_KERNEL */
206#ifndef _NET_IF_VAR_H_
207/*
208 * Userland emulation of struct ifnet.
209 */
210struct route;
211struct mbuf;
212struct ifnet {
213	char			if_xname[IFNAMSIZ];
214	TAILQ_HEAD(, ifaddr)	if_addrlist;
215	int	(*if_output)(struct ifnet *, struct mbuf *,
216	    const struct sockaddr *, struct route *);
217};
218#endif /* _NET_IF_VAR_H_ */
219#endif /* _KERNEL */
220
221#  define	IFNAME(x)	((struct ifnet *)x)->if_xname
222#  define	COPYIFNAME(v, x, b) \
223				(void) strncpy(b, \
224					       ((struct ifnet *)x)->if_xname, \
225					       LIFNAMSIZ)
226
227typedef	u_long		ioctlcmd_t;
228typedef	struct uio	uio_t;
229typedef	int		minor_t;
230typedef	u_int32_t	u_32_t;
231# define	U_32_T	1
232
233
234/* ----------------------------------------------------------------------- */
235/*                           G E N E R I C                                 */
236/* ----------------------------------------------------------------------- */
237
238/*
239 * For BSD kernels, if bpf is in the kernel, enable ipfilter to use bpf in
240 * filter rules.
241 */
242#if !defined(IPFILTER_BPF)
243# if (defined(NBPF) && (NBPF > 0)) || (defined(DEV_BPF) && (DEV_BPF > 0)) || \
244     (defined(NBPFILTER) && (NBPFILTER > 0))
245#  define	IPFILTER_BPF
246# endif
247#endif
248
249/*
250 * Userland locking primitives
251 */
252#ifndef _KERNEL
253#if !defined(KMUTEX_FILL_SZ)
254# define	KMUTEX_FILL_SZ	1
255#endif
256#if !defined(KRWLOCK_FILL_SZ)
257# define	KRWLOCK_FILL_SZ	1
258#endif
259#endif
260
261typedef	struct	{
262	char	*eMm_owner;
263	char	*eMm_heldin;
264	u_int	eMm_magic;
265	int	eMm_held;
266	int	eMm_heldat;
267} eMmutex_t;
268
269typedef	struct	{
270	char	*eMrw_owner;
271	char	*eMrw_heldin;
272	u_int	eMrw_magic;
273	short	eMrw_read;
274	short	eMrw_write;
275	int	eMrw_heldat;
276} eMrwlock_t;
277
278typedef union {
279	char	_fill[KMUTEX_FILL_SZ];
280#ifdef KMUTEX_T
281	struct	{
282		KMUTEX_T	ipf_slk;
283		const char	*ipf_lname;
284	} ipf_lkun_s;
285#endif
286	eMmutex_t	ipf_emu;
287} ipfmutex_t;
288
289typedef union {
290	char	_fill[KRWLOCK_FILL_SZ];
291#ifdef KRWLOCK_T
292	struct	{
293		KRWLOCK_T	ipf_slk;
294		const char	*ipf_lname;
295		int		ipf_sr;
296		int		ipf_sw;
297		u_int		ipf_magic;
298	} ipf_lkun_s;
299#endif
300	eMrwlock_t	ipf_emu;
301} ipfrwlock_t;
302
303#define	ipf_lk		ipf_lkun_s.ipf_slk
304#define	ipf_lname	ipf_lkun_s.ipf_lname
305#define	ipf_isr		ipf_lkun_s.ipf_sr
306#define	ipf_isw		ipf_lkun_s.ipf_sw
307#define	ipf_magic	ipf_lkun_s.ipf_magic
308
309#if !defined(__GNUC__) || defined(__FreeBSD_version)
310# ifndef	INLINE
311#  define	INLINE
312# endif
313#else
314# define	INLINE	__inline__
315#endif
316
317#if defined(__FreeBSD_version) && defined(_KERNEL)
318     CTASSERT(sizeof(ipfrwlock_t) == KRWLOCK_FILL_SZ);
319     CTASSERT(sizeof(ipfmutex_t) == KMUTEX_FILL_SZ);
320#endif
321
322
323/*
324 * In a non-kernel environment, there are a lot of macros that need to be
325 * filled in to be null-ops or to point to some compatibility function,
326 * somewhere in userland.
327 */
328#ifndef _KERNEL
329typedef	struct	mb_s	{
330	struct	mb_s	*mb_next;
331	char		*mb_data;
332	void		*mb_ifp;
333	int		mb_len;
334	int		mb_flags;
335	u_long		mb_buf[2048];
336} mb_t;
337# undef		m_next
338# define	m_next		mb_next
339# undef		m_len
340# define	m_len		mb_len
341# undef		m_flags
342# define	m_flags		mb_flags
343# undef		m_data
344# define	m_data		mb_data
345# undef		M_MCAST
346# define	M_MCAST		0x01
347# undef		M_BCAST
348# define	M_BCAST		0x02
349# undef		M_MBCAST
350# define	M_MBCAST	0x04
351# define	MSGDSIZE(m)	msgdsize(m)
352# define	M_LEN(m)	(m)->mb_len
353# define	M_ADJ(m,x)	(m)->mb_len += x
354# define	M_COPY(m)	dupmbt(m)
355# define	M_DUP(m)	dupmbt(m)
356# define	GETKTIME(x)	gettimeofday((struct timeval *)(x), NULL)
357# define	MTOD(m, t)	((t)(m)->mb_data)
358# define	FREE_MB_T(m)	freembt(m)
359# define	ALLOC_MB_T(m,l)	(m) = allocmbt(l)
360# define	PREP_MB_T(f, m)	do { \
361						(m)->mb_next = *(f)->fin_mp; \
362						*(fin)->fin_mp = (m); \
363						(f)->fin_m = (m); \
364					} while (0)
365# define	SLEEP(x,y)	1;
366# define	WAKEUP(x,y)	;
367# define	POLLWAKEUP(y)	;
368# define	IPF_PANIC(x,y)	;
369# define	PANIC(x,y)	;
370# define	SPL_SCHED(x)	;
371# define	SPL_NET(x)	;
372# define	SPL_IMP(x)	;
373# define	SPL_X(x)	;
374# define	KMALLOC(a,b)	(a) = (b)malloc(sizeof(*a))
375# define	KMALLOCS(a,b,c)	(a) = (b)malloc(c)
376# define	KFREE(x)	free(x)
377# define	KFREES(x,s)	free(x)
378# define	GETIFP(x, v)	get_unit(x,v)
379# define	GETIFMTU_4(x)	2048
380# define	GETIFMTU_6(x)	2048
381# define	COPYIN(a,b,c)	bcopywrap((a), (b), (c))
382# define	COPYOUT(a,b,c)	bcopywrap((a), (b), (c))
383# define	COPYDATA(m, o, l, b)	bcopy(MTOD((mb_t *)m, char *) + (o), \
384					      (b), (l))
385# define	COPYBACK(m, o, l, b)	bcopy((b), \
386					      MTOD((mb_t *)m, char *) + (o), \
387					      (l))
388# define	UIOMOVE(a,b,c,d)	ipfuiomove((caddr_t)a,b,c,d)
389extern	void	m_copydata __P((mb_t *, int, int, caddr_t));
390extern	int	ipfuiomove __P((caddr_t, int, int, struct uio *));
391extern	int	bcopywrap __P((void *, void *, size_t));
392extern	mb_t	*allocmbt __P((size_t));
393extern	mb_t	*dupmbt __P((mb_t *));
394extern	void	freembt __P((mb_t *));
395
396# define	MUTEX_DESTROY(x)	eMmutex_destroy(&(x)->ipf_emu, \
397							__FILE__, __LINE__)
398# define	MUTEX_ENTER(x)		eMmutex_enter(&(x)->ipf_emu, \
399						      __FILE__, __LINE__)
400# define	MUTEX_EXIT(x)		eMmutex_exit(&(x)->ipf_emu, \
401						     __FILE__, __LINE__)
402# define	MUTEX_INIT(x,y)		eMmutex_init(&(x)->ipf_emu, y, \
403						     __FILE__, __LINE__)
404# define	MUTEX_NUKE(x)		bzero((x), sizeof(*(x)))
405
406# define	MUTEX_DOWNGRADE(x)	eMrwlock_downgrade(&(x)->ipf_emu, \
407							   __FILE__, __LINE__)
408# define	MUTEX_TRY_UPGRADE(x)	eMrwlock_try_upgrade(&(x)->ipf_emu, \
409							   __FILE__, __LINE__)
410# define	READ_ENTER(x)		eMrwlock_read_enter(&(x)->ipf_emu, \
411							    __FILE__, __LINE__)
412# define	RWLOCK_INIT(x, y)	eMrwlock_init(&(x)->ipf_emu, y)
413# define	RWLOCK_EXIT(x)		eMrwlock_exit(&(x)->ipf_emu)
414# define	RW_DESTROY(x)		eMrwlock_destroy(&(x)->ipf_emu)
415# define	WRITE_ENTER(x)		eMrwlock_write_enter(&(x)->ipf_emu, \
416							     __FILE__, \
417							     __LINE__)
418
419# define	USE_MUTEXES		1
420
421extern void eMmutex_destroy __P((eMmutex_t *, char *, int));
422extern void eMmutex_enter __P((eMmutex_t *, char *, int));
423extern void eMmutex_exit __P((eMmutex_t *, char *, int));
424extern void eMmutex_init __P((eMmutex_t *, char *, char *, int));
425extern void eMrwlock_destroy __P((eMrwlock_t *));
426extern void eMrwlock_exit __P((eMrwlock_t *));
427extern void eMrwlock_init __P((eMrwlock_t *, char *));
428extern void eMrwlock_read_enter __P((eMrwlock_t *, char *, int));
429extern void eMrwlock_write_enter __P((eMrwlock_t *, char *, int));
430extern void eMrwlock_downgrade __P((eMrwlock_t *, char *, int));
431
432#endif
433
434extern	mb_t	*allocmbt(size_t);
435
436#define	MAX_IPV4HDR	((0xf << 2) + sizeof(struct icmp) + sizeof(ip_t) + 8)
437
438#ifndef	IP_OFFMASK
439# define	IP_OFFMASK	0x1fff
440#endif
441
442
443/*
444 * On BSD's use quad_t as a guarantee for getting at least a 64bit sized
445 * object.
446 */
447#if !defined(__amd64__) && BSD_GT_YEAR(199306)
448# define	USE_QUAD_T
449# define	U_QUAD_T	unsigned long long
450# define	QUAD_T		long long
451#else /* BSD > 199306 */
452# if !defined(U_QUAD_T)
453#  define	U_QUAD_T	u_long
454#  define	QUAD_T		long
455# endif
456#endif /* BSD > 199306 */
457
458
459#ifdef	USE_INET6
460# if defined(__NetBSD__) || defined(__FreeBSD__)
461#  include <netinet/ip6.h>
462#  include <netinet/icmp6.h>
463#   if defined(_KERNEL)
464#    include <netinet6/ip6_var.h>
465#   endif
466typedef	struct ip6_hdr	ip6_t;
467# endif
468#endif
469
470#ifndef	MAX
471# define	MAX(a,b)	(((a) > (b)) ? (a) : (b))
472#endif
473
474#if defined(_KERNEL)
475# if defined(MENTAT) && !defined(INSTANCES)
476#  define	COPYDATA	mb_copydata
477#  define	COPYBACK	mb_copyback
478# else
479#  define	COPYDATA	m_copydata
480#  define	COPYBACK	m_copyback
481# endif
482#  if (defined(__NetBSD_Version__) && (__NetBSD_Version__ < 105180000)) || \
483       defined(__FreeBSD__)
484#   include <vm/vm.h>
485#  endif
486#   if NETBSD_GE_REV(105180000)
487#    include <uvm/uvm_extern.h>
488#   else
489#    include <vm/vm_extern.h>
490extern  vm_map_t        kmem_map;
491#   endif
492#   include <sys/proc.h>
493
494#  ifdef IPFILTER_M_IPFILTER
495#    include <sys/malloc.h>
496MALLOC_DECLARE(M_IPFILTER);
497#    define	_M_IPF		M_IPFILTER
498#  else /* IPFILTER_M_IPFILTER */
499#   ifdef M_PFIL
500#    define	_M_IPF		M_PFIL
501#   else
502#    ifdef M_IPFILTER
503#     define	_M_IPF		M_IPFILTER
504#    else
505#     define	_M_IPF		M_TEMP
506#    endif /* M_IPFILTER */
507#   endif /* M_PFIL */
508#  endif /* IPFILTER_M_IPFILTER */
509#  if !defined(KMALLOC)
510#   define	KMALLOC(a, b)	MALLOC((a), b, sizeof(*(a)), _M_IPF, M_NOWAIT)
511#  endif
512#  if !defined(KMALLOCS)
513#   define	KMALLOCS(a, b, c)	MALLOC((a), b, (c), _M_IPF, M_NOWAIT)
514#  endif
515#  if !defined(KFREE)
516#   define	KFREE(x)	FREE((x), _M_IPF)
517#  endif
518#   if !defined(KFREES)
519#  define	KFREES(x,s)	FREE((x), _M_IPF)
520#  endif
521#  define	UIOMOVE(a,b,c,d)	uiomove((caddr_t)a,b,d)
522#  define	SLEEP(id, n)	tsleep((id), PPAUSE|PCATCH, n, 0)
523#  define	WAKEUP(id,x)	wakeup(id+x)
524#  if !defined(POLLWAKEUP)
525#   define	POLLWAKEUP(x)	selwakeup(softc->ipf_selwait+x)
526#  endif
527#  define	GETIFP(n, v)	ifunit(n)
528#  define	GETIFMTU_4(x)	((struct ifnet *)x)->if_mtu
529#  define	GETIFMTU_6(x)	((struct ifnet *)x)->if_mtu
530
531# if !defined(USE_MUTEXES) && !defined(SPL_NET)
532#  define	SPL_IMP(x)	x = splimp()
533#  define	SPL_NET(x)	x = splnet()
534#  if !defined(SPL_SCHED)
535#   define	SPL_SCHED(x)	x = splsched()
536#  endif
537#  define	SPL_X(x)	(void) splx(x)
538# endif /* !USE_MUTEXES */
539
540# ifndef FREE_MB_T
541#  define	FREE_MB_T(m)	m_freem(m)
542# endif
543# ifndef ALLOC_MB_T
544#  ifdef MGETHDR
545#   define	ALLOC_MB_T(m,l)	do { \
546					MGETHDR((m), M_NOWAIT, MT_HEADER); \
547					if ((m) != NULL) { \
548						(m)->m_len = (l); \
549						(m)->m_pkthdr.len = (l); \
550					} \
551				} while (0)
552#  else
553#   define	ALLOC_MB_T(m,l)	do { \
554					MGET((m), M_NOWAIT, MT_HEADER); \
555					if ((m) != NULL) { \
556						(m)->m_len = (l); \
557						(m)->m_pkthdr.len = (l); \
558					} \
559				} while (0)
560#  endif
561# endif
562# ifndef PREP_MB_T
563#  define	PREP_MB_T(f, m)	do { \
564						mb_t *_o = *(f)->fin_mp; \
565						(m)->m_next = _o; \
566						*(fin)->fin_mp = (m); \
567						if (_o->m_flags & M_PKTHDR) { \
568							(m)->m_pkthdr.len += \
569							    _o->m_pkthdr.len; \
570							(m)->m_pkthdr.rcvif = \
571							  _o->m_pkthdr.rcvif; \
572						} \
573					} while (0)
574# endif
575# ifndef M_DUP
576#  ifdef M_COPYALL
577#   define	M_DUP(m)	m_dup(m, 0, M_COPYALL, 0)
578#  else
579#   define	M_DUP(m)	m_dup(m)
580#  endif
581# endif
582
583# ifndef MTOD
584#  define	MTOD(m,t)	mtod(m,t)
585# endif
586
587# ifndef COPYIN
588#  define	COPYIN(a,b,c)	(bcopy((caddr_t)(a), (caddr_t)(b), (c)), 0)
589#  define	COPYOUT(a,b,c)	(bcopy((caddr_t)(a), (caddr_t)(b), (c)), 0)
590# endif
591
592# if SOLARIS && !defined(KMALLOC)
593#  define	KMALLOC(a,b)	(a) = (b)new_kmem_alloc(sizeof(*(a)), \
594							KMEM_NOSLEEP)
595#  define	KMALLOCS(a,b,c)	(a) = (b)new_kmem_alloc((c), KMEM_NOSLEEP)
596# endif
597
598# ifndef	GET_MINOR
599#  define	GET_MINOR(x)	dev2unit(x)
600# endif
601# define	PANIC(x,y)	if (x) panic y
602#endif /* _KERNEL */
603
604#if !defined(IFNAME) && !defined(_KERNEL)
605# define	IFNAME(x)	get_ifname((struct ifnet *)x)
606#endif
607#ifndef	COPYIFNAME
608# define	NEED_FRGETIFNAME
609extern	char	*ipf_getifname __P((struct ifnet *, char *));
610# define	COPYIFNAME(v, x, b) \
611				ipf_getifname((struct ifnet *)x, b)
612#endif
613
614#ifndef ASSERT
615# ifdef _KERNEL
616#  define	ASSERT(x)
617# else
618#  define	ASSERT(x)	do { if (!(x)) abort(); } while (0)
619# endif
620#endif
621
622#ifndef BCOPYIN
623#  define	BCOPYIN(a,b,c)	(bcopy((caddr_t)(a), (caddr_t)(b), (c)), 0)
624#  define	BCOPYOUT(a,b,c)	(bcopy((caddr_t)(a), (caddr_t)(b), (c)), 0)
625#endif
626
627/*
628 * Because the ctype(3) posix definition, if used "safely" in code everywhere,
629 * would mean all normal code that walks through strings needed casts.  Yuck.
630 */
631#define	ISALNUM(x)	isalnum((u_char)(x))
632#define	ISALPHA(x)	isalpha((u_char)(x))
633#define	ISDIGIT(x)	isdigit((u_char)(x))
634#define	ISSPACE(x)	isspace((u_char)(x))
635#define	ISUPPER(x)	isupper((u_char)(x))
636#define	ISXDIGIT(x)	isxdigit((u_char)(x))
637#define	ISLOWER(x)	islower((u_char)(x))
638#define	TOUPPER(x)	toupper((u_char)(x))
639#define	TOLOWER(x)	tolower((u_char)(x))
640
641/*
642 * If mutexes aren't being used, turn all the mutex functions into null-ops.
643 */
644#if !defined(USE_MUTEXES)
645# define	USE_SPL			1
646# undef		RW_DESTROY
647# undef		MUTEX_INIT
648# undef		MUTEX_NUKE
649# undef		MUTEX_DESTROY
650# define	MUTEX_ENTER(x)		;
651# define	READ_ENTER(x)		;
652# define	WRITE_ENTER(x)		;
653# define	MUTEX_DOWNGRADE(x)	;
654# define	MUTEX_TRY_UPGRADE(x)	;
655# define	RWLOCK_INIT(x, y)	;
656# define	RWLOCK_EXIT(x)		;
657# define	RW_DESTROY(x)		;
658# define	MUTEX_EXIT(x)		;
659# define	MUTEX_INIT(x,y)		;
660# define	MUTEX_DESTROY(x)	;
661# define	MUTEX_NUKE(x)		;
662#endif /* !USE_MUTEXES */
663#ifndef	ATOMIC_INC
664# define	ATOMIC_INC(x)		(x)++
665# define	ATOMIC_DEC(x)		(x)--
666#endif
667
668#if defined(USE_SPL) && defined(_KERNEL)
669# define	SPL_INT(x)	int x
670#else
671# define	SPL_INT(x)
672#endif
673
674/*
675 * If there are no atomic operations for bit sizes defined, define them to all
676 * use a generic one that works for all sizes.
677 */
678#ifndef	ATOMIC_INCL
679# define	ATOMIC_INCL		ATOMIC_INC
680# define	ATOMIC_INC64		ATOMIC_INC
681# define	ATOMIC_INC32		ATOMIC_INC
682# define	ATOMIC_DECL		ATOMIC_DEC
683# define	ATOMIC_DEC64		ATOMIC_DEC
684# define	ATOMIC_DEC32		ATOMIC_DEC
685#endif
686
687#ifndef HDR_T_PRIVATE
688typedef	struct	tcphdr	tcphdr_t;
689typedef	struct	udphdr	udphdr_t;
690#endif
691typedef	struct	icmp	icmphdr_t;
692typedef	struct	ip	ip_t;
693typedef	struct	ether_header	ether_header_t;
694typedef	struct	tcpiphdr	tcpiphdr_t;
695
696#ifndef	FR_GROUPLEN
697# define	FR_GROUPLEN	16
698#endif
699
700#ifndef offsetof
701# define offsetof(t,m) (size_t)((&((t *)0L)->m))
702#endif
703#ifndef stsizeof
704# define stsizeof(t,m)	sizeof(((t *)0L)->m)
705#endif
706
707/*
708 * This set of macros has been brought about because on Tru64 it is not
709 * possible to easily assign or examine values in a structure that are
710 * bit fields.
711 */
712#ifndef IP_V
713# define	IP_V(x)		(x)->ip_v
714#endif
715#ifndef	IP_V_A
716# define	IP_V_A(x,y)	(x)->ip_v = (y)
717#endif
718#ifndef	IP_HL
719# define	IP_HL(x)	(x)->ip_hl
720#endif
721#ifndef	IP_HL_A
722# define	IP_HL_A(x,y)	(x)->ip_hl = ((y) & 0xf)
723#endif
724#ifndef	TCP_X2
725# define	TCP_X2(x)	(x)->th_x2
726#endif
727#ifndef	TCP_X2_A
728# define	TCP_X2_A(x,y)	(x)->th_x2 = (y)
729#endif
730#ifndef	TCP_OFF
731# define	TCP_OFF(x)	(x)->th_off
732#endif
733#ifndef	TCP_OFF_A
734# define	TCP_OFF_A(x,y)	(x)->th_off = (y)
735#endif
736#define	IPMINLEN(i, h)	((i)->ip_len >= (IP_HL(i) * 4 + sizeof(struct h)))
737
738#define	TCPF_ALL	(TH_FIN|TH_SYN|TH_RST|TH_PUSH|TH_ACK|TH_URG|\
739			 TH_ECN|TH_CWR)
740
741#if BSD_GE_YEAR(199306) && !defined(m_act)
742# define	m_act	m_nextpkt
743#endif
744
745/*
746 * Security Options for Intenet Protocol (IPSO) as defined in RFC 1108.
747 *
748 * Basic Option
749 *
750 * 00000001   -   (Reserved 4)
751 * 00111101   -   Top Secret
752 * 01011010   -   Secret
753 * 10010110   -   Confidential
754 * 01100110   -   (Reserved 3)
755 * 11001100   -   (Reserved 2)
756 * 10101011   -   Unclassified
757 * 11110001   -   (Reserved 1)
758 */
759#define	IPSO_CLASS_RES4		0x01
760#define	IPSO_CLASS_TOPS		0x3d
761#define	IPSO_CLASS_SECR		0x5a
762#define	IPSO_CLASS_CONF		0x96
763#define	IPSO_CLASS_RES3		0x66
764#define	IPSO_CLASS_RES2		0xcc
765#define	IPSO_CLASS_UNCL		0xab
766#define	IPSO_CLASS_RES1		0xf1
767
768#define	IPSO_AUTH_GENSER	0x80
769#define	IPSO_AUTH_ESI		0x40
770#define	IPSO_AUTH_SCI		0x20
771#define	IPSO_AUTH_NSA		0x10
772#define	IPSO_AUTH_DOE		0x08
773#define	IPSO_AUTH_UN		0x06
774#define	IPSO_AUTH_FTE		0x01
775
776/*
777 * IP option #defines
778 */
779#undef	IPOPT_RR
780#define	IPOPT_RR	7
781#undef	IPOPT_ZSU
782#define	IPOPT_ZSU	10	/* ZSU */
783#undef	IPOPT_MTUP
784#define	IPOPT_MTUP	11	/* MTUP */
785#undef	IPOPT_MTUR
786#define	IPOPT_MTUR	12	/* MTUR */
787#undef	IPOPT_ENCODE
788#define	IPOPT_ENCODE	15	/* ENCODE */
789#undef	IPOPT_TS
790#define	IPOPT_TS	68
791#undef	IPOPT_TR
792#define	IPOPT_TR	82	/* TR */
793#undef	IPOPT_SECURITY
794#define	IPOPT_SECURITY	130
795#undef	IPOPT_LSRR
796#define	IPOPT_LSRR	131
797#undef	IPOPT_E_SEC
798#define	IPOPT_E_SEC	133	/* E-SEC */
799#undef	IPOPT_CIPSO
800#define	IPOPT_CIPSO	134	/* CIPSO */
801#undef	IPOPT_SATID
802#define	IPOPT_SATID	136
803#ifndef	IPOPT_SID
804# define	IPOPT_SID	IPOPT_SATID
805#endif
806#undef	IPOPT_SSRR
807#define	IPOPT_SSRR	137
808#undef	IPOPT_ADDEXT
809#define	IPOPT_ADDEXT	147	/* ADDEXT */
810#undef	IPOPT_VISA
811#define	IPOPT_VISA	142	/* VISA */
812#undef	IPOPT_IMITD
813#define	IPOPT_IMITD	144	/* IMITD */
814#undef	IPOPT_EIP
815#define	IPOPT_EIP	145	/* EIP */
816#undef	IPOPT_RTRALRT
817#define	IPOPT_RTRALRT	148	/* RTRALRT */
818#undef	IPOPT_SDB
819#define	IPOPT_SDB	149
820#undef	IPOPT_NSAPA
821#define	IPOPT_NSAPA	150
822#undef	IPOPT_DPS
823#define	IPOPT_DPS	151
824#undef	IPOPT_UMP
825#define	IPOPT_UMP	152
826#undef	IPOPT_FINN
827#define	IPOPT_FINN	205	/* FINN */
828#undef	IPOPT_AH
829#define	IPOPT_AH	256+IPPROTO_AH
830
831# define	ICMP_UNREACH_ADMIN_PROHIBIT	ICMP_UNREACH_FILTER_PROHIB
832# define	ICMP_UNREACH_FILTER	ICMP_UNREACH_FILTER_PROHIB
833
834#ifndef	IPVERSION
835# define	IPVERSION	4
836#endif
837#ifndef	IPOPT_MINOFF
838# define	IPOPT_MINOFF	4
839#endif
840#ifndef	IPOPT_COPIED
841# define	IPOPT_COPIED(x)	((x)&0x80)
842#endif
843#ifndef	IPOPT_EOL
844# define	IPOPT_EOL	0
845#endif
846#ifndef	IPOPT_NOP
847# define	IPOPT_NOP	1
848#endif
849#ifndef	IP_MF
850# define	IP_MF	((u_short)0x2000)
851#endif
852#ifndef	ETHERTYPE_IP
853# define	ETHERTYPE_IP	((u_short)0x0800)
854#endif
855#ifndef	TH_FIN
856# define	TH_FIN	0x01
857#endif
858#ifndef	TH_SYN
859# define	TH_SYN	0x02
860#endif
861#ifndef	TH_RST
862# define	TH_RST	0x04
863#endif
864#ifndef	TH_PUSH
865# define	TH_PUSH	0x08
866#endif
867#ifndef	TH_ACK
868# define	TH_ACK	0x10
869#endif
870#ifndef	TH_URG
871# define	TH_URG	0x20
872#endif
873#undef	TH_ACKMASK
874#define	TH_ACKMASK	(TH_FIN|TH_SYN|TH_RST|TH_ACK)
875
876#ifndef	IPOPT_EOL
877# define	IPOPT_EOL	0
878#endif
879#ifndef	IPOPT_NOP
880# define	IPOPT_NOP	1
881#endif
882#ifndef	IPOPT_RR
883# define	IPOPT_RR	7
884#endif
885#ifndef	IPOPT_TS
886# define	IPOPT_TS	68
887#endif
888#ifndef	IPOPT_SECURITY
889# define	IPOPT_SECURITY	130
890#endif
891#ifndef	IPOPT_LSRR
892# define	IPOPT_LSRR	131
893#endif
894#ifndef	IPOPT_SATID
895# define	IPOPT_SATID	136
896#endif
897#ifndef	IPOPT_SSRR
898# define	IPOPT_SSRR	137
899#endif
900#ifndef	IPOPT_SECUR_UNCLASS
901# define	IPOPT_SECUR_UNCLASS	((u_short)0x0000)
902#endif
903#ifndef	IPOPT_SECUR_CONFID
904# define	IPOPT_SECUR_CONFID	((u_short)0xf135)
905#endif
906#ifndef	IPOPT_SECUR_EFTO
907# define	IPOPT_SECUR_EFTO	((u_short)0x789a)
908#endif
909#ifndef	IPOPT_SECUR_MMMM
910# define	IPOPT_SECUR_MMMM	((u_short)0xbc4d)
911#endif
912#ifndef	IPOPT_SECUR_RESTR
913# define	IPOPT_SECUR_RESTR	((u_short)0xaf13)
914#endif
915#ifndef	IPOPT_SECUR_SECRET
916# define	IPOPT_SECUR_SECRET	((u_short)0xd788)
917#endif
918#ifndef IPOPT_SECUR_TOPSECRET
919# define	IPOPT_SECUR_TOPSECRET	((u_short)0x6bc5)
920#endif
921#ifndef IPOPT_OLEN
922# define	IPOPT_OLEN	1
923#endif
924#ifndef	IPPROTO_HOPOPTS
925# define	IPPROTO_HOPOPTS	0
926#endif
927#ifndef	IPPROTO_IPIP
928# define	IPPROTO_IPIP	4
929#endif
930#ifndef	IPPROTO_ENCAP
931# define	IPPROTO_ENCAP	98
932#endif
933#ifndef	IPPROTO_IPV6
934# define	IPPROTO_IPV6	41
935#endif
936#ifndef	IPPROTO_ROUTING
937# define	IPPROTO_ROUTING	43
938#endif
939#ifndef	IPPROTO_FRAGMENT
940# define	IPPROTO_FRAGMENT	44
941#endif
942#ifndef	IPPROTO_GRE
943# define	IPPROTO_GRE	47	/* GRE encaps RFC 1701 */
944#endif
945#ifndef	IPPROTO_ESP
946# define	IPPROTO_ESP	50
947#endif
948#ifndef	IPPROTO_AH
949# define	IPPROTO_AH	51
950#endif
951#ifndef	IPPROTO_ICMPV6
952# define	IPPROTO_ICMPV6	58
953#endif
954#ifndef	IPPROTO_NONE
955# define	IPPROTO_NONE	59
956#endif
957#ifndef	IPPROTO_DSTOPTS
958# define	IPPROTO_DSTOPTS	60
959#endif
960#ifndef	IPPROTO_MOBILITY
961# define	IPPROTO_MOBILITY	135
962#endif
963
964#ifndef	ICMP_ROUTERADVERT
965# define	ICMP_ROUTERADVERT	9
966#endif
967#ifndef	ICMP_ROUTERSOLICIT
968# define	ICMP_ROUTERSOLICIT	10
969#endif
970#ifndef	ICMP6_DST_UNREACH
971# define	ICMP6_DST_UNREACH	1
972#endif
973#ifndef	ICMP6_PACKET_TOO_BIG
974# define	ICMP6_PACKET_TOO_BIG	2
975#endif
976#ifndef	ICMP6_TIME_EXCEEDED
977# define	ICMP6_TIME_EXCEEDED	3
978#endif
979#ifndef	ICMP6_PARAM_PROB
980# define	ICMP6_PARAM_PROB	4
981#endif
982
983#ifndef	ICMP6_ECHO_REQUEST
984# define	ICMP6_ECHO_REQUEST	128
985#endif
986#ifndef	ICMP6_ECHO_REPLY
987# define	ICMP6_ECHO_REPLY	129
988#endif
989#ifndef	ICMP6_MEMBERSHIP_QUERY
990# define	ICMP6_MEMBERSHIP_QUERY	130
991#endif
992#ifndef	MLD6_LISTENER_QUERY
993# define	MLD6_LISTENER_QUERY	130
994#endif
995#ifndef	ICMP6_MEMBERSHIP_REPORT
996# define	ICMP6_MEMBERSHIP_REPORT	131
997#endif
998#ifndef	MLD6_LISTENER_REPORT
999# define	MLD6_LISTENER_REPORT	131
1000#endif
1001#ifndef	ICMP6_MEMBERSHIP_REDUCTION
1002# define	ICMP6_MEMBERSHIP_REDUCTION	132
1003#endif
1004#ifndef	MLD6_LISTENER_DONE
1005# define	MLD6_LISTENER_DONE	132
1006#endif
1007#ifndef	ND_ROUTER_SOLICIT
1008# define	ND_ROUTER_SOLICIT	133
1009#endif
1010#ifndef	ND_ROUTER_ADVERT
1011# define	ND_ROUTER_ADVERT	134
1012#endif
1013#ifndef	ND_NEIGHBOR_SOLICIT
1014# define	ND_NEIGHBOR_SOLICIT	135
1015#endif
1016#ifndef	ND_NEIGHBOR_ADVERT
1017# define	ND_NEIGHBOR_ADVERT	136
1018#endif
1019#ifndef	ND_REDIRECT
1020# define	ND_REDIRECT	137
1021#endif
1022#ifndef	ICMP6_ROUTER_RENUMBERING
1023# define	ICMP6_ROUTER_RENUMBERING	138
1024#endif
1025#ifndef	ICMP6_WRUREQUEST
1026# define	ICMP6_WRUREQUEST	139
1027#endif
1028#ifndef	ICMP6_WRUREPLY
1029# define	ICMP6_WRUREPLY		140
1030#endif
1031#ifndef	ICMP6_FQDN_QUERY
1032# define	ICMP6_FQDN_QUERY	139
1033#endif
1034#ifndef	ICMP6_FQDN_REPLY
1035# define	ICMP6_FQDN_REPLY	140
1036#endif
1037#ifndef	ICMP6_NI_QUERY
1038# define	ICMP6_NI_QUERY		139
1039#endif
1040#ifndef	ICMP6_NI_REPLY
1041# define	ICMP6_NI_REPLY		140
1042#endif
1043#ifndef	MLD6_MTRACE_RESP
1044# define	MLD6_MTRACE_RESP	200
1045#endif
1046#ifndef	MLD6_MTRACE
1047# define	MLD6_MTRACE		201
1048#endif
1049#ifndef	ICMP6_HADISCOV_REQUEST
1050# define	ICMP6_HADISCOV_REQUEST	202
1051#endif
1052#ifndef	ICMP6_HADISCOV_REPLY
1053# define	ICMP6_HADISCOV_REPLY	203
1054#endif
1055#ifndef	ICMP6_MOBILEPREFIX_SOLICIT
1056# define	ICMP6_MOBILEPREFIX_SOLICIT	204
1057#endif
1058#ifndef	ICMP6_MOBILEPREFIX_ADVERT
1059# define	ICMP6_MOBILEPREFIX_ADVERT	205
1060#endif
1061#ifndef	ICMP6_MAXTYPE
1062# define	ICMP6_MAXTYPE		205
1063#endif
1064
1065#ifndef	ICMP6_DST_UNREACH_NOROUTE
1066# define	ICMP6_DST_UNREACH_NOROUTE	0
1067#endif
1068#ifndef	ICMP6_DST_UNREACH_ADMIN
1069# define	ICMP6_DST_UNREACH_ADMIN		1
1070#endif
1071#ifndef	ICMP6_DST_UNREACH_NOTNEIGHBOR
1072# define	ICMP6_DST_UNREACH_NOTNEIGHBOR	2
1073#endif
1074#ifndef	ICMP6_DST_UNREACH_BEYONDSCOPE
1075# define	ICMP6_DST_UNREACH_BEYONDSCOPE	2
1076#endif
1077#ifndef	ICMP6_DST_UNREACH_ADDR
1078# define	ICMP6_DST_UNREACH_ADDR		3
1079#endif
1080#ifndef	ICMP6_DST_UNREACH_NOPORT
1081# define	ICMP6_DST_UNREACH_NOPORT	4
1082#endif
1083#ifndef	ICMP6_TIME_EXCEED_TRANSIT
1084# define	ICMP6_TIME_EXCEED_TRANSIT	0
1085#endif
1086#ifndef	ICMP6_TIME_EXCEED_REASSEMBLY
1087# define	ICMP6_TIME_EXCEED_REASSEMBLY	1
1088#endif
1089
1090#ifndef	ICMP6_NI_SUCCESS
1091# define	ICMP6_NI_SUCCESS	0
1092#endif
1093#ifndef	ICMP6_NI_REFUSED
1094# define	ICMP6_NI_REFUSED	1
1095#endif
1096#ifndef	ICMP6_NI_UNKNOWN
1097# define	ICMP6_NI_UNKNOWN	2
1098#endif
1099
1100#ifndef	ICMP6_ROUTER_RENUMBERING_COMMAND
1101# define	ICMP6_ROUTER_RENUMBERING_COMMAND	0
1102#endif
1103#ifndef	ICMP6_ROUTER_RENUMBERING_RESULT
1104# define	ICMP6_ROUTER_RENUMBERING_RESULT	1
1105#endif
1106#ifndef	ICMP6_ROUTER_RENUMBERING_SEQNUM_RESET
1107# define	ICMP6_ROUTER_RENUMBERING_SEQNUM_RESET	255
1108#endif
1109
1110#ifndef	ICMP6_PARAMPROB_HEADER
1111# define	ICMP6_PARAMPROB_HEADER	0
1112#endif
1113#ifndef	ICMP6_PARAMPROB_NEXTHEADER
1114# define	ICMP6_PARAMPROB_NEXTHEADER	1
1115#endif
1116#ifndef	ICMP6_PARAMPROB_OPTION
1117# define	ICMP6_PARAMPROB_OPTION	2
1118#endif
1119
1120#ifndef	ICMP6_NI_SUBJ_IPV6
1121# define	ICMP6_NI_SUBJ_IPV6	0
1122#endif
1123#ifndef	ICMP6_NI_SUBJ_FQDN
1124# define	ICMP6_NI_SUBJ_FQDN	1
1125#endif
1126#ifndef	ICMP6_NI_SUBJ_IPV4
1127# define	ICMP6_NI_SUBJ_IPV4	2
1128#endif
1129
1130#ifndef	MLD_MTRACE_RESP
1131# define	MLD_MTRACE_RESP		200
1132#endif
1133#ifndef	MLD_MTRACE
1134# define	MLD_MTRACE		201
1135#endif
1136#ifndef	MLD6_MTRACE_RESP
1137# define	MLD6_MTRACE_RESP	MLD_MTRACE_RESP
1138#endif
1139#ifndef	MLD6_MTRACE
1140# define	MLD6_MTRACE		MLD_MTRACE
1141#endif
1142
1143#if !defined(IPV6_FLOWINFO_MASK)
1144# if (BYTE_ORDER == BIG_ENDIAN) || defined(_BIG_ENDIAN)
1145#  define IPV6_FLOWINFO_MASK	0x0fffffff	/* flow info (28 bits) */
1146# else
1147#  if(BYTE_ORDER == LITTLE_ENDIAN) || !defined(_BIG_ENDIAN)
1148#   define IPV6_FLOWINFO_MASK	0xffffff0f	/* flow info (28 bits) */
1149#  endif /* LITTLE_ENDIAN */
1150# endif
1151#endif
1152#if !defined(IPV6_FLOWLABEL_MASK)
1153# if (BYTE_ORDER == BIG_ENDIAN) || defined(_BIG_ENDIAN)
1154#  define IPV6_FLOWLABEL_MASK	0x000fffff	/* flow label (20 bits) */
1155# else
1156#  if (BYTE_ORDER == LITTLE_ENDIAN) || !defined(_BIG_ENDIAN)
1157#   define IPV6_FLOWLABEL_MASK	0xffff0f00	/* flow label (20 bits) */
1158#  endif /* LITTLE_ENDIAN */
1159# endif
1160#endif
1161
1162/*
1163 * ECN is a new addition to TCP - RFC 2481
1164 */
1165#ifndef TH_ECN
1166# define	TH_ECN	0x40
1167#endif
1168#ifndef TH_CWR
1169# define	TH_CWR	0x80
1170#endif
1171#define	TH_ECNALL	(TH_ECN|TH_CWR)
1172
1173/*
1174 * TCP States
1175 */
1176#define IPF_TCPS_LISTEN		0	/* listening for connection */
1177#define IPF_TCPS_SYN_SENT	1	/* active, have sent syn */
1178#define IPF_TCPS_SYN_RECEIVED	2	/* have send and received syn */
1179#define IPF_TCPS_HALF_ESTAB	3	/* for connections not fully "up" */
1180/* states < IPF_TCPS_ESTABLISHED are those where connections not established */
1181#define IPF_TCPS_ESTABLISHED	4	/* established */
1182#define IPF_TCPS_CLOSE_WAIT	5	/* rcvd fin, waiting for close */
1183/* states > IPF_TCPS_CLOSE_WAIT are those where user has closed */
1184#define IPF_TCPS_FIN_WAIT_1	6	/* have closed, sent fin */
1185#define IPF_TCPS_CLOSING	7	/* closed xchd FIN; await FIN ACK */
1186#define IPF_TCPS_LAST_ACK	8	/* had fin and close; await FIN ACK */
1187/* states > IPF_TCPS_CLOSE_WAIT && < IPF_TCPS_FIN_WAIT_2 await ACK of FIN */
1188#define IPF_TCPS_FIN_WAIT_2	9	/* have closed, fin is acked */
1189#define IPF_TCPS_TIME_WAIT	10	/* in 2*msl quiet wait after close */
1190#define IPF_TCPS_CLOSED		11	/* closed */
1191#define IPF_TCP_NSTATES		12
1192
1193#define	TCP_MSL			120
1194
1195#undef	ICMP_MAX_UNREACH
1196#define	ICMP_MAX_UNREACH	14
1197#undef	ICMP_MAXTYPE
1198#define	ICMP_MAXTYPE		18
1199
1200#ifndef	LOG_FTP
1201# define	LOG_FTP		(11<<3)
1202#endif
1203#ifndef	LOG_AUTHPRIV
1204# define	LOG_AUTHPRIV	(10<<3)
1205#endif
1206#ifndef	LOG_AUDIT
1207# define	LOG_AUDIT	(13<<3)
1208#endif
1209#ifndef	LOG_NTP
1210# define	LOG_NTP		(12<<3)
1211#endif
1212#ifndef	LOG_SECURITY
1213# define	LOG_SECURITY	(13<<3)
1214#endif
1215#ifndef	LOG_LFMT
1216# define	LOG_LFMT	(14<<3)
1217#endif
1218#ifndef	LOG_CONSOLE
1219# define	LOG_CONSOLE	(14<<3)
1220#endif
1221
1222/*
1223 * ICMP error replies have an IP header (20 bytes), 8 bytes of ICMP data,
1224 * another IP header and then 64 bits of data, totalling 56.  Of course,
1225 * the last 64 bits is dependent on that being available.
1226 */
1227#define	ICMPERR_ICMPHLEN	8
1228#define	ICMPERR_IPICMPHLEN	(20 + 8)
1229#define	ICMPERR_MINPKTLEN	(20 + 8 + 20)
1230#define	ICMPERR_MAXPKTLEN	(20 + 8 + 20 + 8)
1231#define ICMP6ERR_MINPKTLEN	(40 + 8)
1232#define ICMP6ERR_IPICMPHLEN	(40 + 8 + 40)
1233
1234#ifndef MIN
1235# define	MIN(a,b)	(((a)<(b))?(a):(b))
1236#endif
1237
1238#ifdef RESCUE
1239# undef IPFILTER_BPF
1240#endif
1241
1242#ifdef IPF_DEBUG
1243# define	DPRINT(x)	printf x
1244#else
1245# define	DPRINT(x)
1246#endif
1247
1248#ifdef DTRACE_PROBE
1249# ifdef _KERNEL
1250#  define	DT(_n)			DTRACE_PROBE(_n)
1251#  define	DT1(_n,_a,_b)		DTRACE_PROBE1(_n,_a,_b)
1252#  define	DT2(_n,_a,_b,_c,_d)	DTRACE_PROBE2(_n,_a,_b,_c,_d)
1253#  define	DT3(_n,_a,_b,_c,_d,_e,_f)	\
1254					DTRACE_PROBE3(_n,_a,_b,_c,_d,_e,_f)
1255#  define	DT4(_n,_a,_b,_c,_d,_e,_f,_g,_h) \
1256				DTRACE_PROBE4(_n,_a,_b,_c,_d,_e,_f,_g,_h)
1257# else
1258#  define	DT(_n)
1259#  define	DT1(_n,_a,_b)
1260#  define	DT2(_n,_a,_b,_c,_d)
1261#  define	DT3(_n,_a,_b,_c,_d,_e,_f)
1262#  define	DT4(_n,_a,_b,_c,_d,_e,_f,_g,_h)
1263# endif
1264#else
1265# define	DT(_n)
1266# define	DT1(_n,_a,_b)
1267# define	DT2(_n,_a,_b,_c,_d)
1268# define	DT3(_n,_a,_b,_c,_d,_e,_f)
1269# define	DT4(_n,_a,_b,_c,_d,_e,_f,_g,_h)
1270#endif
1271
1272struct ip6_routing {
1273	u_char	ip6r_nxt;	/* next header */
1274	u_char	ip6r_len;	/* length in units of 8 octets */
1275	u_char	ip6r_type;	/* always zero */
1276	u_char	ip6r_segleft;	/* segments left */
1277	u_32_t	ip6r_reserved;	/* reserved field */
1278};
1279
1280#endif	/* __IP_COMPAT_H__ */
1281