Changeset View
Changeset View
Standalone View
Standalone View
sys/netpfil/ipfw/ip_fw_private.h
| Show First 20 Lines • Show All 176 Lines • ▼ Show 20 Lines | |||||
| /* | /* | ||||
| * The lock for dynamic rules is only used once outside the file, | * The lock for dynamic rules is only used once outside the file, | ||||
| * and only to release the result of lookup_dyn_rule(). | * and only to release the result of lookup_dyn_rule(). | ||||
| * Eventually we may implement it with a callback on the function. | * Eventually we may implement it with a callback on the function. | ||||
| */ | */ | ||||
| struct ip_fw_chain; | struct ip_fw_chain; | ||||
| struct sockopt_data; | struct sockopt_data; | ||||
| int ipfw_is_dyn_rule(struct ip_fw *rule); | int ipfw_is_dyn_rule(struct ip_fw *rule); | ||||
| void ipfw_expire_dyn_rules(struct ip_fw_chain *, ipfw_range_tlv *); | void ipfw_expire_dyn_states(struct ip_fw_chain *, ipfw_range_tlv *); | ||||
| void ipfw_dyn_unlock(ipfw_dyn_rule *q); | |||||
| struct tcphdr; | |||||
| struct mbuf *ipfw_send_pkt(struct mbuf *, struct ipfw_flow_id *, | struct mbuf *ipfw_send_pkt(struct mbuf *, struct ipfw_flow_id *, | ||||
| u_int32_t, u_int32_t, int); | u_int32_t, u_int32_t, int); | ||||
| int ipfw_install_state(struct ip_fw_chain *chain, struct ip_fw *rule, | /* | ||||
| ipfw_insn_limit *cmd, struct ip_fw_args *args, uint32_t tablearg); | * Macro to determine that we need to do or redo dynamic state lookup. | ||||
| ipfw_dyn_rule *ipfw_lookup_dyn_rule(struct ipfw_flow_id *pkt, | * direction == MATCH_UNKNOWN means that this is first lookup, then we need | ||||
| int *match_direction, struct tcphdr *tcp, uint16_t kidx); | * to do lookup. | ||||
| void ipfw_remove_dyn_children(struct ip_fw *rule); | * Otherwise check the state name, if previous lookup was for "any" name, | ||||
| * this means there is no state with specific name. Thus no need to do | |||||
| * lookup. If previous name was not "any", redo lookup for specific name. | |||||
| */ | |||||
| #define DYN_LOOKUP_NEEDED(p, cmd) \ | |||||
| ((p)->direction == MATCH_UNKNOWN || \ | |||||
| ((p)->kidx != 0 && (p)->kidx != (cmd)->arg1)) | |||||
| #define DYN_INFO_INIT(p) do { \ | |||||
julian: separate by whitespace plz :-) | |||||
| (p)->direction = MATCH_UNKNOWN; \ | |||||
| (p)->kidx = 0; \ | |||||
| } while (0) | |||||
| struct ipfw_dyn_info { | |||||
| uint16_t direction; /* match direction */ | |||||
| uint16_t kidx; /* state name kidx */ | |||||
| uint32_t hashval; /* hash value */ | |||||
| uint32_t version; /* bucket version */ | |||||
| uint32_t f_pos; | |||||
| }; | |||||
| int ipfw_dyn_install_state(struct ip_fw_chain *chain, struct ip_fw *rule, | |||||
| const ipfw_insn_limit *cmd, const struct ip_fw_args *args, | |||||
| const void *ulp, int pktlen, struct ipfw_dyn_info *info, | |||||
| uint32_t tablearg); | |||||
| struct ip_fw *ipfw_dyn_lookup_state(const struct ip_fw_args *args, | |||||
| const void *ulp, int pktlen, const ipfw_insn *cmd, | |||||
| struct ipfw_dyn_info *info); | |||||
| void ipfw_get_dynamic(struct ip_fw_chain *chain, char **bp, const char *ep); | void ipfw_get_dynamic(struct ip_fw_chain *chain, char **bp, const char *ep); | ||||
| int ipfw_dump_states(struct ip_fw_chain *chain, struct sockopt_data *sd); | int ipfw_dump_states(struct ip_fw_chain *chain, struct sockopt_data *sd); | ||||
| void ipfw_dyn_init(struct ip_fw_chain *); /* per-vnet initialization */ | void ipfw_dyn_init(struct ip_fw_chain *); /* per-vnet initialization */ | ||||
| void ipfw_dyn_uninit(int); /* per-vnet deinitialization */ | void ipfw_dyn_uninit(int); /* per-vnet deinitialization */ | ||||
| int ipfw_dyn_len(void); | int ipfw_dyn_len(void); | ||||
| int ipfw_dyn_get_count(void); | uint32_t ipfw_dyn_get_count(void); | ||||
| /* common variables */ | /* common variables */ | ||||
| VNET_DECLARE(int, fw_one_pass); | VNET_DECLARE(int, fw_one_pass); | ||||
| #define V_fw_one_pass VNET(fw_one_pass) | #define V_fw_one_pass VNET(fw_one_pass) | ||||
| VNET_DECLARE(int, fw_verbose); | VNET_DECLARE(int, fw_verbose); | ||||
| #define V_fw_verbose VNET(fw_verbose) | #define V_fw_verbose VNET(fw_verbose) | ||||
| ▲ Show 20 Lines • Show All 409 Lines • ▼ Show 20 Lines | |||||
| void ipfw_iface_del_notify(struct ip_fw_chain *ch, struct ipfw_ifc *ic); | void ipfw_iface_del_notify(struct ip_fw_chain *ch, struct ipfw_ifc *ic); | ||||
| /* In ip_fw_sockopt.c */ | /* In ip_fw_sockopt.c */ | ||||
| void ipfw_init_skipto_cache(struct ip_fw_chain *chain); | void ipfw_init_skipto_cache(struct ip_fw_chain *chain); | ||||
| void ipfw_destroy_skipto_cache(struct ip_fw_chain *chain); | void ipfw_destroy_skipto_cache(struct ip_fw_chain *chain); | ||||
| int ipfw_find_rule(struct ip_fw_chain *chain, uint32_t key, uint32_t id); | int ipfw_find_rule(struct ip_fw_chain *chain, uint32_t key, uint32_t id); | ||||
| int ipfw_ctl3(struct sockopt *sopt); | int ipfw_ctl3(struct sockopt *sopt); | ||||
| int ipfw_chk(struct ip_fw_args *args); | int ipfw_chk(struct ip_fw_args *args); | ||||
| int ipfw_add_protected_rule(struct ip_fw_chain *chain, struct ip_fw *rule, | |||||
| int locked); | |||||
| void ipfw_reap_add(struct ip_fw_chain *chain, struct ip_fw **head, | void ipfw_reap_add(struct ip_fw_chain *chain, struct ip_fw **head, | ||||
| struct ip_fw *rule); | struct ip_fw *rule); | ||||
| void ipfw_reap_rules(struct ip_fw *head); | void ipfw_reap_rules(struct ip_fw *head); | ||||
| void ipfw_init_counters(void); | void ipfw_init_counters(void); | ||||
| void ipfw_destroy_counters(void); | void ipfw_destroy_counters(void); | ||||
| struct ip_fw *ipfw_alloc_rule(struct ip_fw_chain *chain, size_t rulesize); | struct ip_fw *ipfw_alloc_rule(struct ip_fw_chain *chain, size_t rulesize); | ||||
| int ipfw_match_range(struct ip_fw *rule, ipfw_range_tlv *rt); | int ipfw_match_range(struct ip_fw *rule, ipfw_range_tlv *rt); | ||||
| ▲ Show 20 Lines • Show All 151 Lines • Show Last 20 Lines | |||||
separate by whitespace plz :-)