Changeset View
Changeset View
Standalone View
Standalone View
sys/net/pfil.h
Show First 20 Lines • Show All 76 Lines • ▼ Show 20 Lines | |||||
#define PFILIOC_LISTHEADS _IOWR('P', 1, struct pfilioc_list) | #define PFILIOC_LISTHEADS _IOWR('P', 1, struct pfilioc_list) | ||||
#define PFILIOC_LISTHOOKS _IOWR('P', 2, struct pfilioc_list) | #define PFILIOC_LISTHOOKS _IOWR('P', 2, struct pfilioc_list) | ||||
#define PFILIOC_LINK _IOW('P', 3, struct pfilioc_link) | #define PFILIOC_LINK _IOW('P', 3, struct pfilioc_link) | ||||
#define PFIL_IN 0x00010000 | #define PFIL_IN 0x00010000 | ||||
#define PFIL_OUT 0x00020000 | #define PFIL_OUT 0x00020000 | ||||
/* UNUSED 0x00040000 */ | /* UNUSED 0x00040000 */ | ||||
#define PFIL_DIR(f) ((f) & (PFIL_IN|PFIL_OUT)) | #define PFIL_DIR(f) ((f) & (PFIL_IN|PFIL_OUT)) | ||||
#define PFIL_MEMPTR 0x00080000 | |||||
#define PFIL_HEADPTR 0x00100000 | #define PFIL_HEADPTR 0x00100000 | ||||
#define PFIL_HOOKPTR 0x00200000 | #define PFIL_HOOKPTR 0x00200000 | ||||
#define PFIL_APPEND 0x00400000 | #define PFIL_APPEND 0x00400000 | ||||
#define PFIL_UNLINK 0x00800000 | #define PFIL_UNLINK 0x00800000 | ||||
#define PFIL_LENMASK 0x0000ffff | |||||
#define PFIL_LENGTH(f) ((f) & PFIL_LENMASK) | |||||
#ifdef _KERNEL | #ifdef _KERNEL | ||||
struct mbuf; | struct mbuf; | ||||
struct ifnet; | struct ifnet; | ||||
struct inpcb; | struct inpcb; | ||||
typedef union { | |||||
struct mbuf **m; | |||||
void *mem; | |||||
uintptr_t __ui; | |||||
} pfil_packet_t __attribute__((__transparent_union__)); | |||||
static inline pfil_packet_t | |||||
pfil_packet_align(pfil_packet_t p) | |||||
{ | |||||
return ((pfil_packet_t ) (((uintptr_t)(p).mem + | |||||
(_Alignof(void *) - 1)) & - _Alignof(void *))); | |||||
} | |||||
static inline struct mbuf * | |||||
pfil_mem2mbuf(void *v) | |||||
{ | |||||
return (*(struct mbuf **) (((uintptr_t)(v) + | |||||
(_Alignof(void *) - 1)) & - _Alignof(void *))); | |||||
} | |||||
typedef enum { | typedef enum { | ||||
PFIL_PASS = 0, | PFIL_PASS = 0, | ||||
PFIL_DROPPED, | PFIL_DROPPED, | ||||
PFIL_CONSUMED, | PFIL_CONSUMED, | ||||
PFIL_REALLOCED, | PFIL_REALLOCED, | ||||
} pfil_return_t; | } pfil_return_t; | ||||
typedef pfil_return_t (*pfil_func_t)(pfil_packet_t, struct ifnet *, int, | typedef pfil_return_t (*pfil_mbuf_chk_t)(struct mbuf **, struct ifnet *, int, | ||||
void *, struct inpcb *); | void *, struct inpcb *); | ||||
typedef pfil_return_t (*pfil_mem_chk_t)(void *, u_int, int, struct ifnet *, | |||||
void *, struct mbuf **); | |||||
/* | /* | ||||
* A pfil head is created by a packet intercept point. | * A pfil head is created by a packet intercept point. | ||||
* | * | ||||
* A pfil hook is created by a packet filter. | * A pfil hook is created by a packet filter. | ||||
* | * | ||||
* Hooks are chained on heads. Historically some hooking happens | * Hooks are chained on heads. Historically some hooking happens | ||||
* automatically, e.g. ipfw(4), pf(4) and ipfilter(4) would register | * automatically, e.g. ipfw(4), pf(4) and ipfilter(4) would register | ||||
* theirselves on IPv4 and IPv6 input/output. | * theirselves on IPv4 and IPv6 input/output. | ||||
*/ | */ | ||||
typedef struct pfil_hook * pfil_hook_t; | typedef struct pfil_hook * pfil_hook_t; | ||||
typedef struct pfil_head * pfil_head_t; | typedef struct pfil_head * pfil_head_t; | ||||
/* | /* | ||||
* Give us a chance to modify pfil_xxx_args structures in future. | * Give us a chance to modify pfil_xxx_args structures in future. | ||||
*/ | */ | ||||
#define PFIL_VERSION 1 | #define PFIL_VERSION 2 | ||||
/* Argument structure used by packet filters to register themselves. */ | /* Argument structure used by packet filters to register themselves. */ | ||||
struct pfil_hook_args { | struct pfil_hook_args { | ||||
int pa_version; | int pa_version; | ||||
int pa_flags; | int pa_flags; | ||||
enum pfil_types pa_type; | enum pfil_types pa_type; | ||||
pfil_func_t pa_func; | pfil_mbuf_chk_t pa_mbuf_chk; | ||||
pfil_mem_chk_t pa_mem_chk; | |||||
void *pa_ruleset; | void *pa_ruleset; | ||||
const char *pa_modname; | const char *pa_modname; | ||||
const char *pa_rulname; | const char *pa_rulname; | ||||
}; | }; | ||||
/* Public functions for pfil hook management by packet filters. */ | /* Public functions for pfil hook management by packet filters. */ | ||||
pfil_hook_t pfil_add_hook(struct pfil_hook_args *); | pfil_hook_t pfil_add_hook(struct pfil_hook_args *); | ||||
void pfil_remove_hook(pfil_hook_t); | void pfil_remove_hook(pfil_hook_t); | ||||
Show All 26 Lines | struct pfil_head_args { | ||||
const char *pa_headname; | const char *pa_headname; | ||||
}; | }; | ||||
/* Public functions for pfil head management by inspection points. */ | /* Public functions for pfil head management by inspection points. */ | ||||
pfil_head_t pfil_head_register(struct pfil_head_args *); | pfil_head_t pfil_head_register(struct pfil_head_args *); | ||||
void pfil_head_unregister(pfil_head_t); | void pfil_head_unregister(pfil_head_t); | ||||
/* Public functions to run the packet inspection by inspection points. */ | /* Public functions to run the packet inspection by inspection points. */ | ||||
int pfil_run_hooks(struct pfil_head *, pfil_packet_t, struct ifnet *, int, | int pfil_mem_in(struct pfil_head *, void *, u_int, struct ifnet *, | ||||
struct mbuf **); | |||||
int pfil_mem_out(struct pfil_head *, void *, u_int, struct ifnet *, | |||||
struct mbuf **); | |||||
int pfil_mbuf_in(struct pfil_head *, struct mbuf **, struct ifnet *, | |||||
struct inpcb *inp); | struct inpcb *inp); | ||||
int pfil_mbuf_in(struct pfil_head *, pfil_packet_t, struct ifnet *, | int pfil_mbuf_out(struct pfil_head *, struct mbuf **, struct ifnet *, | ||||
struct inpcb *inp); | struct inpcb *inp); | ||||
int pfil_mbuf_out(struct pfil_head *, pfil_packet_t, struct ifnet *, | |||||
struct inpcb *inp); | |||||
/* | /* | ||||
* Minimally exposed structure to avoid function call in case of absence | * Minimally exposed structure to avoid function call in case of absence | ||||
* of any filters by protocols and macros to do the check. | * of any filters by protocols and macros to do the check. | ||||
*/ | */ | ||||
struct _pfil_head { | struct _pfil_head { | ||||
int head_nhooksin; | int head_nhooksin; | ||||
int head_nhooksout; | int head_nhooksout; | ||||
}; | }; | ||||
#define PFIL_HOOKED_IN(p) (((struct _pfil_head *)(p))->head_nhooksin > 0) | #define PFIL_HOOKED_IN(p) (((struct _pfil_head *)(p))->head_nhooksin > 0) | ||||
#define PFIL_HOOKED_OUT(p) (((struct _pfil_head *)(p))->head_nhooksout > 0) | #define PFIL_HOOKED_OUT(p) (((struct _pfil_head *)(p))->head_nhooksout > 0) | ||||
/* | |||||
* Alloc mbuf to be used instead of memory pointer. | |||||
*/ | |||||
int pfil_realloc(pfil_packet_t *, int, struct ifnet *); | |||||
#endif /* _KERNEL */ | #endif /* _KERNEL */ | ||||
#endif /* _NET_PFIL_H_ */ | #endif /* _NET_PFIL_H_ */ |