Changeset View
Changeset View
Standalone View
Standalone View
sys/net/pfvar.h
Show First 20 Lines • Show All 577 Lines • ▼ Show 20 Lines | |||||
}; | }; | ||||
struct pf_keth_rule_addr { | struct pf_keth_rule_addr { | ||||
uint8_t addr[ETHER_ADDR_LEN]; | uint8_t addr[ETHER_ADDR_LEN]; | ||||
bool neg; | bool neg; | ||||
uint8_t isset; | uint8_t isset; | ||||
}; | }; | ||||
struct pf_keth_anchor; | |||||
TAILQ_HEAD(pf_keth_ruleq, pf_keth_rule); | |||||
struct pf_keth_ruleset { | |||||
struct pf_keth_ruleq rules[2]; | |||||
struct pf_keth_rules { | |||||
struct pf_keth_ruleq *rules; | |||||
int open; | |||||
uint32_t ticket; | |||||
} active, inactive; | |||||
struct epoch_context epoch_ctx; | |||||
struct vnet *vnet; | |||||
struct pf_keth_anchor *anchor; | |||||
}; | |||||
RB_HEAD(pf_keth_anchor_global, pf_keth_anchor); | |||||
RB_HEAD(pf_keth_anchor_node, pf_keth_anchor); | |||||
struct pf_keth_anchor { | |||||
RB_ENTRY(pf_keth_anchor) entry_node; | |||||
RB_ENTRY(pf_keth_anchor) entry_global; | |||||
struct pf_keth_anchor *parent; | |||||
struct pf_keth_anchor_node children; | |||||
char name[PF_ANCHOR_NAME_SIZE]; | |||||
char path[MAXPATHLEN]; | |||||
struct pf_keth_ruleset ruleset; | |||||
int refcnt; /* anchor rules */ | |||||
uint8_t anchor_relative; | |||||
uint8_t anchor_wildcard; | |||||
}; | |||||
RB_PROTOTYPE(pf_keth_anchor_node, pf_keth_anchor, entry_node, | |||||
pf_keth_anchor_compare); | |||||
RB_PROTOTYPE(pf_keth_anchor_global, pf_keth_anchor, entry_global, | |||||
pf_keth_anchor_compare); | |||||
struct pf_keth_rule { | struct pf_keth_rule { | ||||
#define PFE_SKIP_IFP 0 | #define PFE_SKIP_IFP 0 | ||||
#define PFE_SKIP_DIR 1 | #define PFE_SKIP_DIR 1 | ||||
#define PFE_SKIP_PROTO 2 | #define PFE_SKIP_PROTO 2 | ||||
#define PFE_SKIP_SRC_ADDR 3 | #define PFE_SKIP_SRC_ADDR 3 | ||||
#define PFE_SKIP_DST_ADDR 4 | #define PFE_SKIP_DST_ADDR 4 | ||||
#define PFE_SKIP_COUNT 5 | #define PFE_SKIP_COUNT 5 | ||||
union pf_keth_rule_ptr skip[PFE_SKIP_COUNT]; | union pf_keth_rule_ptr skip[PFE_SKIP_COUNT]; | ||||
TAILQ_ENTRY(pf_keth_rule) entries; | TAILQ_ENTRY(pf_keth_rule) entries; | ||||
struct pf_keth_anchor *anchor; | |||||
u_int8_t anchor_relative; | |||||
u_int8_t anchor_wildcard; | |||||
uint32_t nr; | uint32_t nr; | ||||
bool quick; | bool quick; | ||||
/* Filter */ | /* Filter */ | ||||
char ifname[IFNAMSIZ]; | char ifname[IFNAMSIZ]; | ||||
struct pfi_kkif *kif; | struct pfi_kkif *kif; | ||||
bool ifnot; | bool ifnot; | ||||
Show All 11 Lines | #define PFE_SKIP_COUNT 5 | ||||
int qid; | int qid; | ||||
char tagname[PF_TAG_NAME_SIZE]; | char tagname[PF_TAG_NAME_SIZE]; | ||||
uint16_t tag; | uint16_t tag; | ||||
uint8_t action; | uint8_t action; | ||||
uint16_t dnpipe; | uint16_t dnpipe; | ||||
uint32_t dnflags; | uint32_t dnflags; | ||||
}; | }; | ||||
TAILQ_HEAD(pf_keth_rules, pf_keth_rule); | |||||
struct pf_keth_settings { | |||||
struct pf_keth_rules rules; | |||||
uint32_t ticket; | |||||
int open; | |||||
struct vnet *vnet; | |||||
struct epoch_context epoch_ctx; | |||||
}; | |||||
union pf_krule_ptr { | union pf_krule_ptr { | ||||
struct pf_krule *ptr; | struct pf_krule *ptr; | ||||
u_int32_t nr; | u_int32_t nr; | ||||
}; | }; | ||||
struct pf_krule { | struct pf_krule { | ||||
struct pf_rule_addr src; | struct pf_rule_addr src; | ||||
struct pf_rule_addr dst; | struct pf_rule_addr dst; | ||||
▲ Show 20 Lines • Show All 504 Lines • ▼ Show 20 Lines | #define PFR_TFLAG_ALLMASK (PFR_TFLAG_PERSIST | \ | ||||
PFR_TFLAG_CONST | \ | PFR_TFLAG_CONST | \ | ||||
PFR_TFLAG_ACTIVE | \ | PFR_TFLAG_ACTIVE | \ | ||||
PFR_TFLAG_INACTIVE | \ | PFR_TFLAG_INACTIVE | \ | ||||
PFR_TFLAG_REFERENCED | \ | PFR_TFLAG_REFERENCED | \ | ||||
PFR_TFLAG_REFDANCHOR | \ | PFR_TFLAG_REFDANCHOR | \ | ||||
PFR_TFLAG_COUNTERS) | PFR_TFLAG_COUNTERS) | ||||
struct pf_kanchor_stackframe; | struct pf_kanchor_stackframe; | ||||
struct pf_keth_anchor_stackframe; | |||||
struct pfr_table { | struct pfr_table { | ||||
char pfrt_anchor[MAXPATHLEN]; | char pfrt_anchor[MAXPATHLEN]; | ||||
char pfrt_name[PF_TABLE_NAME_SIZE]; | char pfrt_name[PF_TABLE_NAME_SIZE]; | ||||
u_int32_t pfrt_flags; | u_int32_t pfrt_flags; | ||||
u_int8_t pfrt_fback; | u_int8_t pfrt_fback; | ||||
}; | }; | ||||
▲ Show 20 Lines • Show All 1,039 Lines • ▼ Show 20 Lines | |||||
#endif /* _KERNEL */ | #endif /* _KERNEL */ | ||||
#ifdef _KERNEL | #ifdef _KERNEL | ||||
VNET_DECLARE(struct pf_kanchor_global, pf_anchors); | VNET_DECLARE(struct pf_kanchor_global, pf_anchors); | ||||
#define V_pf_anchors VNET(pf_anchors) | #define V_pf_anchors VNET(pf_anchors) | ||||
VNET_DECLARE(struct pf_kanchor, pf_main_anchor); | VNET_DECLARE(struct pf_kanchor, pf_main_anchor); | ||||
#define V_pf_main_anchor VNET(pf_main_anchor) | #define V_pf_main_anchor VNET(pf_main_anchor) | ||||
VNET_DECLARE(struct pf_keth_anchor_global, pf_keth_anchors); | |||||
#define V_pf_keth_anchors VNET(pf_keth_anchors) | |||||
#define pf_main_ruleset V_pf_main_anchor.ruleset | #define pf_main_ruleset V_pf_main_anchor.ruleset | ||||
VNET_DECLARE(struct pf_keth_settings*, pf_keth); | VNET_DECLARE(struct pf_keth_anchor, pf_main_keth_anchor); | ||||
#define V_pf_main_keth_anchor VNET(pf_main_keth_anchor) | |||||
VNET_DECLARE(struct pf_keth_ruleset*, pf_keth); | |||||
#define V_pf_keth VNET(pf_keth) | #define V_pf_keth VNET(pf_keth) | ||||
VNET_DECLARE(struct pf_keth_settings*, pf_keth_inactive); | |||||
#define V_pf_keth_inactive VNET(pf_keth_inactive) | |||||
void pf_init_kruleset(struct pf_kruleset *); | void pf_init_kruleset(struct pf_kruleset *); | ||||
void pf_init_keth(struct pf_keth_settings *); | void pf_init_keth(struct pf_keth_ruleset *); | ||||
int pf_kanchor_setup(struct pf_krule *, | int pf_kanchor_setup(struct pf_krule *, | ||||
const struct pf_kruleset *, const char *); | const struct pf_kruleset *, const char *); | ||||
int pf_kanchor_nvcopyout(const struct pf_kruleset *, | int pf_kanchor_nvcopyout(const struct pf_kruleset *, | ||||
const struct pf_krule *, nvlist_t *); | const struct pf_krule *, nvlist_t *); | ||||
int pf_kanchor_copyout(const struct pf_kruleset *, | int pf_kanchor_copyout(const struct pf_kruleset *, | ||||
const struct pf_krule *, struct pfioc_rule *); | const struct pf_krule *, struct pfioc_rule *); | ||||
void pf_kanchor_remove(struct pf_krule *); | void pf_kanchor_remove(struct pf_krule *); | ||||
void pf_remove_if_empty_kruleset(struct pf_kruleset *); | void pf_remove_if_empty_kruleset(struct pf_kruleset *); | ||||
struct pf_kruleset *pf_find_kruleset(const char *); | struct pf_kruleset *pf_find_kruleset(const char *); | ||||
struct pf_kruleset *pf_find_or_create_kruleset(const char *); | struct pf_kruleset *pf_find_or_create_kruleset(const char *); | ||||
void pf_rs_initialize(void); | void pf_rs_initialize(void); | ||||
struct pf_krule *pf_krule_alloc(void); | struct pf_krule *pf_krule_alloc(void); | ||||
void pf_remove_if_empty_keth_ruleset( | |||||
struct pf_keth_ruleset *); | |||||
struct pf_keth_ruleset *pf_find_keth_ruleset(const char *); | |||||
struct pf_keth_anchor *pf_find_keth_anchor(const char *); | |||||
int pf_keth_anchor_setup(struct pf_keth_rule *, | |||||
const struct pf_keth_ruleset *, const char *); | |||||
int pf_keth_anchor_nvcopyout( | |||||
const struct pf_keth_ruleset *, | |||||
const struct pf_keth_rule *, nvlist_t *); | |||||
struct pf_keth_ruleset *pf_find_or_create_keth_ruleset(const char *); | |||||
void pf_keth_anchor_remove(struct pf_keth_rule *); | |||||
void pf_krule_free(struct pf_krule *); | void pf_krule_free(struct pf_krule *); | ||||
#endif | #endif | ||||
/* The fingerprint functions can be linked into userland programs (tcpdump) */ | /* The fingerprint functions can be linked into userland programs (tcpdump) */ | ||||
int pf_osfp_add(struct pf_osfp_ioctl *); | int pf_osfp_add(struct pf_osfp_ioctl *); | ||||
#ifdef _KERNEL | #ifdef _KERNEL | ||||
struct pf_osfp_enlist * | struct pf_osfp_enlist * | ||||
pf_osfp_fingerprint(struct pf_pdesc *, struct mbuf *, int, | pf_osfp_fingerprint(struct pf_pdesc *, struct mbuf *, int, | ||||
const struct tcphdr *); | const struct tcphdr *); | ||||
#endif /* _KERNEL */ | #endif /* _KERNEL */ | ||||
void pf_osfp_flush(void); | void pf_osfp_flush(void); | ||||
int pf_osfp_get(struct pf_osfp_ioctl *); | int pf_osfp_get(struct pf_osfp_ioctl *); | ||||
int pf_osfp_match(struct pf_osfp_enlist *, pf_osfp_t); | int pf_osfp_match(struct pf_osfp_enlist *, pf_osfp_t); | ||||
#ifdef _KERNEL | #ifdef _KERNEL | ||||
void pf_print_host(struct pf_addr *, u_int16_t, u_int8_t); | void pf_print_host(struct pf_addr *, u_int16_t, u_int8_t); | ||||
void pf_step_into_anchor(struct pf_kanchor_stackframe *, int *, | void pf_step_into_anchor(struct pf_kanchor_stackframe *, int *, | ||||
struct pf_kruleset **, int, struct pf_krule **, | struct pf_kruleset **, int, struct pf_krule **, | ||||
struct pf_krule **, int *); | struct pf_krule **, int *); | ||||
int pf_step_out_of_anchor(struct pf_kanchor_stackframe *, int *, | int pf_step_out_of_anchor(struct pf_kanchor_stackframe *, int *, | ||||
struct pf_kruleset **, int, struct pf_krule **, | struct pf_kruleset **, int, struct pf_krule **, | ||||
struct pf_krule **, int *); | struct pf_krule **, int *); | ||||
void pf_step_into_keth_anchor(struct pf_keth_anchor_stackframe *, | |||||
int *, struct pf_keth_ruleset **, | |||||
struct pf_keth_rule **, struct pf_keth_rule **, | |||||
int *); | |||||
int pf_step_out_of_keth_anchor(struct pf_keth_anchor_stackframe *, | |||||
int *, struct pf_keth_ruleset **, | |||||
struct pf_keth_rule **, struct pf_keth_rule **, | |||||
int *); | |||||
int pf_map_addr(u_int8_t, struct pf_krule *, | int pf_map_addr(u_int8_t, struct pf_krule *, | ||||
struct pf_addr *, struct pf_addr *, | struct pf_addr *, struct pf_addr *, | ||||
struct pf_addr *, struct pf_ksrc_node **); | struct pf_addr *, struct pf_ksrc_node **); | ||||
struct pf_krule *pf_get_translation(struct pf_pdesc *, struct mbuf *, | struct pf_krule *pf_get_translation(struct pf_pdesc *, struct mbuf *, | ||||
int, int, struct pfi_kkif *, struct pf_ksrc_node **, | int, int, struct pfi_kkif *, struct pf_ksrc_node **, | ||||
struct pf_state_key **, struct pf_state_key **, | struct pf_state_key **, struct pf_state_key **, | ||||
struct pf_addr *, struct pf_addr *, | struct pf_addr *, struct pf_addr *, | ||||
Show All 12 Lines |