ip_state.h revision 57096
1/* 2 * Copyright (C) 1995-1998 by Darren Reed. 3 * 4 * Redistribution and use in source and binary forms are permitted 5 * provided that this notice is preserved and due credit is given 6 * to the original author and the contributors. 7 * 8 * @(#)ip_state.h 1.3 1/12/96 (C) 1995 Darren Reed 9 * $Id: ip_state.h,v 2.1.2.2 2000/01/24 13:13:52 darrenr Exp $ 10 */ 11#ifndef __IP_STATE_H__ 12#define __IP_STATE_H__ 13 14#define IPSTATE_SIZE 257 15#define IPSTATE_MAX 2048 /* Maximum number of states held */ 16 17#define PAIRS(s1,d1,s2,d2) ((((s1) == (s2)) && ((d1) == (d2))) ||\ 18 (((s1) == (d2)) && ((d1) == (s2)))) 19#define IPPAIR(s1,d1,s2,d2) PAIRS((s1).s_addr, (d1).s_addr, \ 20 (s2).s_addr, (d2).s_addr) 21 22 23typedef struct udpstate { 24 u_short us_sport; 25 u_short us_dport; 26} udpstate_t; 27 28typedef struct icmpstate { 29 u_short ics_id; 30 u_short ics_seq; 31 u_char ics_type; 32} icmpstate_t; 33 34typedef struct tcpdata { 35 u_32_t td_end; 36 u_32_t td_maxend; 37 u_short td_maxwin; 38} tcpdata_t; 39 40typedef struct tcpstate { 41 u_short ts_sport; 42 u_short ts_dport; 43 tcpdata_t ts_data[2]; 44 u_char ts_state[2]; 45} tcpstate_t; 46 47typedef struct ipstate { 48 struct ipstate *is_next; 49 u_long is_age; 50 u_int is_pass; 51 U_QUAD_T is_pkts; 52 U_QUAD_T is_bytes; 53 void *is_ifpin; 54 void *is_ifpout; 55 frentry_t *is_rule; 56 struct in_addr is_src; 57 struct in_addr is_dst; 58 u_char is_p; /* Protocol */ 59 u_char is_rout; /* Is rule in/out ? */ 60 u_32_t is_flags; 61 u_32_t is_opt; /* packet options set */ 62 u_32_t is_optmsk; /* " " mask */ 63 u_short is_sec; /* security options set */ 64 u_short is_secmsk; /* " " mask */ 65 u_short is_auth; /* authentication options set */ 66 u_short is_authmsk; /* " " mask */ 67 union { 68 icmpstate_t is_ics; 69 tcpstate_t is_ts; 70 udpstate_t is_us; 71 } is_ps; 72} ipstate_t; 73 74#define is_icmp is_ps.is_ics 75#define is_type is_icmp.ics_type 76#define is_code is_icmp.ics_code 77#define is_tcp is_ps.is_ts 78#define is_udp is_ps.is_us 79#define is_send is_tcp.ts_data[0].td_end 80#define is_dend is_tcp.ts_data[1].td_end 81#define is_maxswin is_tcp.ts_data[0].td_maxwin 82#define is_maxdwin is_tcp.ts_data[1].td_maxwin 83#define is_maxsend is_tcp.ts_data[0].td_maxend 84#define is_maxdend is_tcp.ts_data[1].td_maxend 85#define is_sport is_tcp.ts_sport 86#define is_dport is_tcp.ts_dport 87#define is_state is_tcp.ts_state 88 89#define TH_OPENING (TH_SYN|TH_ACK) 90/* 91 * is_flags: 92 * Bits 0 - 3 are use as a mask with the current packet's bits to check for 93 * whether it is short, tcp/udp, a fragment or the presence of IP options. 94 * Bits 4 - 7 are set from the initial packet and contain what the packet 95 * anded with bits 0-3 must match. 96 * Bits 8,9 are used to indicate wildcard source/destination port matching. 97 */ 98 99 100typedef struct ipslog { 101 U_QUAD_T isl_pkts; 102 U_QUAD_T isl_bytes; 103 struct in_addr isl_src; 104 struct in_addr isl_dst; 105 u_char isl_p; 106 u_char isl_flags; 107 u_char isl_state[2]; 108 u_short isl_type; 109 union { 110 u_short isl_filler[2]; 111 u_short isl_ports[2]; 112 u_short isl_icmp; 113 } isl_ps; 114} ipslog_t; 115 116#define isl_sport isl_ps.isl_ports[0] 117#define isl_dport isl_ps.isl_ports[1] 118#define isl_itype isl_ps.isl_icmp 119 120#define ISL_NEW 0 121#define ISL_EXPIRE 0xffff 122#define ISL_FLUSH 0xfffe 123 124 125typedef struct ips_stat { 126 u_long iss_hits; 127 u_long iss_miss; 128 u_long iss_max; 129 u_long iss_tcp; 130 u_long iss_udp; 131 u_long iss_icmp; 132 u_long iss_nomem; 133 u_long iss_expire; 134 u_long iss_fin; 135 u_long iss_active; 136 u_long iss_logged; 137 u_long iss_logfail; 138 u_long iss_inuse; 139 ipstate_t **iss_table; 140} ips_stat_t; 141 142 143extern u_long fr_tcpidletimeout; 144extern u_long fr_tcpclosewait; 145extern u_long fr_tcplastack; 146extern u_long fr_tcptimeout; 147extern u_long fr_tcpclosed; 148extern u_long fr_udptimeout; 149extern u_long fr_icmptimeout; 150extern int fr_stateinit __P((void)); 151extern int fr_tcpstate __P((ipstate_t *, fr_info_t *, ip_t *, tcphdr_t *)); 152extern ipstate_t *fr_addstate __P((ip_t *, fr_info_t *, u_int)); 153extern frentry_t *fr_checkstate __P((ip_t *, fr_info_t *)); 154extern void ip_statesync __P((void *)); 155extern void fr_timeoutstate __P((void)); 156extern void fr_tcp_age __P((u_long *, u_char *, ip_t *, fr_info_t *, int)); 157extern void fr_stateunload __P((void)); 158extern void ipstate_log __P((struct ipstate *, u_int)); 159#if defined(__NetBSD__) || defined(__OpenBSD__) 160extern int fr_state_ioctl __P((caddr_t, u_long, int)); 161#else 162extern int fr_state_ioctl __P((caddr_t, int, int)); 163#endif 164 165#endif /* __IP_STATE_H__ */ 166