Changeset View
Changeset View
Standalone View
Standalone View
sys/netpfil/ipfw/ip_fw_private.h
Show First 20 Lines • Show All 140 Lines • ▼ Show 20 Lines | |||||
#else | #else | ||||
#define FREE_PKT(m) m_freem(m) | #define FREE_PKT(m) m_freem(m) | ||||
#endif | #endif | ||||
#endif /* !FREE_PKT */ | #endif /* !FREE_PKT */ | ||||
/* | /* | ||||
* Function definitions. | * Function definitions. | ||||
*/ | */ | ||||
int ipfw_chk(struct ip_fw_args *args); | |||||
struct mbuf *ipfw_send_pkt(struct mbuf *, struct ipfw_flow_id *, | |||||
u_int32_t, u_int32_t, int); | |||||
/* attach (arg = 1) or detach (arg = 0) hooks */ | /* attach (arg = 1) or detach (arg = 0) hooks */ | ||||
int ipfw_attach_hooks(int); | int ipfw_attach_hooks(int); | ||||
#ifdef NOTYET | #ifdef NOTYET | ||||
void ipfw_nat_destroy(void); | void ipfw_nat_destroy(void); | ||||
#endif | #endif | ||||
/* In ip_fw_log.c */ | /* In ip_fw_log.c */ | ||||
struct ip; | struct ip; | ||||
struct ip_fw_chain; | struct ip_fw_chain; | ||||
void ipfw_bpf_init(int); | void ipfw_bpf_init(int); | ||||
void ipfw_bpf_uninit(int); | void ipfw_bpf_uninit(int); | ||||
void ipfw_bpf_mtap2(void *, u_int, struct mbuf *); | void ipfw_bpf_mtap2(void *, u_int, struct mbuf *); | ||||
void ipfw_log(struct ip_fw_chain *chain, struct ip_fw *f, u_int hlen, | void ipfw_log(struct ip_fw_chain *chain, struct ip_fw *f, u_int hlen, | ||||
struct ip_fw_args *args, struct mbuf *m, struct ifnet *oif, | struct ip_fw_args *args, struct mbuf *m, struct ifnet *oif, | ||||
u_short offset, uint32_t tablearg, struct ip *ip); | u_short offset, uint32_t tablearg, struct ip *ip); | ||||
VNET_DECLARE(u_int64_t, norule_counter); | VNET_DECLARE(u_int64_t, norule_counter); | ||||
#define V_norule_counter VNET(norule_counter) | #define V_norule_counter VNET(norule_counter) | ||||
VNET_DECLARE(int, verbose_limit); | VNET_DECLARE(int, verbose_limit); | ||||
#define V_verbose_limit VNET(verbose_limit) | #define V_verbose_limit VNET(verbose_limit) | ||||
/* In ip_fw_dynamic.c */ | /* In ip_fw_dynamic.c */ | ||||
struct sockopt_data; | |||||
enum { /* result for matching dynamic rules */ | enum { /* result for matching dynamic rules */ | ||||
MATCH_REVERSE = 0, | MATCH_REVERSE = 0, | ||||
MATCH_FORWARD, | MATCH_FORWARD, | ||||
MATCH_NONE, | MATCH_NONE, | ||||
MATCH_UNKNOWN, | MATCH_UNKNOWN, | ||||
}; | }; | ||||
/* | /* | ||||
* The lock for dynamic rules is only used once outside the file, | |||||
* and only to release the result of lookup_dyn_rule(). | |||||
* Eventually we may implement it with a callback on the function. | |||||
*/ | |||||
struct ip_fw_chain; | |||||
struct sockopt_data; | |||||
int ipfw_is_dyn_rule(struct ip_fw *rule); | |||||
void ipfw_expire_dyn_states(struct ip_fw_chain *, ipfw_range_tlv *); | |||||
struct tcphdr; | |||||
struct mbuf *ipfw_send_pkt(struct mbuf *, struct ipfw_flow_id *, | |||||
u_int32_t, u_int32_t, int); | |||||
/* | |||||
* Macro to determine that we need to do or redo dynamic state lookup. | * Macro to determine that we need to do or redo dynamic state lookup. | ||||
* direction == MATCH_UNKNOWN means that this is first lookup, then we need | * direction == MATCH_UNKNOWN means that this is first lookup, then we need | ||||
* to do lookup. | * to do lookup. | ||||
* Otherwise check the state name, if previous lookup was for "any" name, | * Otherwise check the state name, if previous lookup was for "any" name, | ||||
* this means there is no state with specific name. Thus no need to do | * this means there is no state with specific name. Thus no need to do | ||||
* lookup. If previous name was not "any", redo lookup for specific name. | * lookup. If previous name was not "any", redo lookup for specific name. | ||||
*/ | */ | ||||
#define DYN_LOOKUP_NEEDED(p, cmd) \ | #define DYN_LOOKUP_NEEDED(p, cmd) \ | ||||
Show All 13 Lines | |||||
int ipfw_dyn_install_state(struct ip_fw_chain *chain, struct ip_fw *rule, | int ipfw_dyn_install_state(struct ip_fw_chain *chain, struct ip_fw *rule, | ||||
const ipfw_insn_limit *cmd, const struct ip_fw_args *args, | const ipfw_insn_limit *cmd, const struct ip_fw_args *args, | ||||
const void *ulp, int pktlen, struct ipfw_dyn_info *info, | const void *ulp, int pktlen, struct ipfw_dyn_info *info, | ||||
uint32_t tablearg); | uint32_t tablearg); | ||||
struct ip_fw *ipfw_dyn_lookup_state(const struct ip_fw_args *args, | struct ip_fw *ipfw_dyn_lookup_state(const struct ip_fw_args *args, | ||||
const void *ulp, int pktlen, const ipfw_insn *cmd, | const void *ulp, int pktlen, const ipfw_insn *cmd, | ||||
struct ipfw_dyn_info *info); | struct ipfw_dyn_info *info); | ||||
int ipfw_is_dyn_rule(struct ip_fw *rule); | |||||
void ipfw_expire_dyn_states(struct ip_fw_chain *, ipfw_range_tlv *); | |||||
void ipfw_get_dynamic(struct ip_fw_chain *chain, char **bp, const char *ep); | void ipfw_get_dynamic(struct ip_fw_chain *chain, char **bp, const char *ep); | ||||
int ipfw_dump_states(struct ip_fw_chain *chain, struct sockopt_data *sd); | int ipfw_dump_states(struct ip_fw_chain *chain, struct sockopt_data *sd); | ||||
void ipfw_dyn_init(struct ip_fw_chain *); /* per-vnet initialization */ | void ipfw_dyn_init(struct ip_fw_chain *); /* per-vnet initialization */ | ||||
void ipfw_dyn_uninit(int); /* per-vnet deinitialization */ | void ipfw_dyn_uninit(int); /* per-vnet deinitialization */ | ||||
int ipfw_dyn_len(void); | int ipfw_dyn_len(void); | ||||
uint32_t ipfw_dyn_get_count(void); | uint32_t ipfw_dyn_get_count(uint32_t *, int *); | ||||
void ipfw_dyn_reset_eaction(struct ip_fw_chain *ch, uint16_t eaction_id, | |||||
uint16_t default_id, uint16_t instance_id); | |||||
/* common variables */ | /* common variables */ | ||||
VNET_DECLARE(int, fw_one_pass); | VNET_DECLARE(int, fw_one_pass); | ||||
#define V_fw_one_pass VNET(fw_one_pass) | #define V_fw_one_pass VNET(fw_one_pass) | ||||
VNET_DECLARE(int, fw_verbose); | VNET_DECLARE(int, fw_verbose); | ||||
#define V_fw_verbose VNET(fw_verbose) | #define V_fw_verbose VNET(fw_verbose) | ||||
Show All 38 Lines | struct ip_fw { | ||||
uint16_t rulenum; /* rule number */ | uint16_t rulenum; /* rule number */ | ||||
uint8_t set; /* rule set (0..31) */ | uint8_t set; /* rule set (0..31) */ | ||||
uint8_t flags; /* currently unused */ | uint8_t flags; /* currently unused */ | ||||
counter_u64_t cntr; /* Pointer to rule counters */ | counter_u64_t cntr; /* Pointer to rule counters */ | ||||
uint32_t timestamp; /* tv_sec of last match */ | uint32_t timestamp; /* tv_sec of last match */ | ||||
uint32_t id; /* rule id */ | uint32_t id; /* rule id */ | ||||
uint32_t cached_id; /* used by jump_fast */ | uint32_t cached_id; /* used by jump_fast */ | ||||
uint32_t cached_pos; /* used by jump_fast */ | uint32_t cached_pos; /* used by jump_fast */ | ||||
uint32_t refcnt; /* number of references */ | |||||
struct ip_fw *next; /* linked list of deleted rules */ | |||||
ipfw_insn cmd[1]; /* storage for commands */ | ipfw_insn cmd[1]; /* storage for commands */ | ||||
}; | }; | ||||
#define IPFW_RULE_CNTR_SIZE (2 * sizeof(uint64_t)) | #define IPFW_RULE_CNTR_SIZE (2 * sizeof(uint64_t)) | ||||
#endif | #endif | ||||
struct ip_fw_chain { | struct ip_fw_chain { | ||||
▲ Show 20 Lines • Show All 353 Lines • ▼ Show 20 Lines | |||||
void ipfw_iface_add_notify(struct ip_fw_chain *ch, struct ipfw_ifc *ic); | void ipfw_iface_add_notify(struct ip_fw_chain *ch, struct ipfw_ifc *ic); | ||||
void ipfw_iface_del_notify(struct ip_fw_chain *ch, struct ipfw_ifc *ic); | void ipfw_iface_del_notify(struct ip_fw_chain *ch, struct ipfw_ifc *ic); | ||||
/* In ip_fw_sockopt.c */ | /* In ip_fw_sockopt.c */ | ||||
void ipfw_init_skipto_cache(struct ip_fw_chain *chain); | void ipfw_init_skipto_cache(struct ip_fw_chain *chain); | ||||
void ipfw_destroy_skipto_cache(struct ip_fw_chain *chain); | void ipfw_destroy_skipto_cache(struct ip_fw_chain *chain); | ||||
int ipfw_find_rule(struct ip_fw_chain *chain, uint32_t key, uint32_t id); | int ipfw_find_rule(struct ip_fw_chain *chain, uint32_t key, uint32_t id); | ||||
int ipfw_ctl3(struct sockopt *sopt); | int ipfw_ctl3(struct sockopt *sopt); | ||||
int ipfw_chk(struct ip_fw_args *args); | |||||
int ipfw_add_protected_rule(struct ip_fw_chain *chain, struct ip_fw *rule, | int ipfw_add_protected_rule(struct ip_fw_chain *chain, struct ip_fw *rule, | ||||
int locked); | int locked); | ||||
void ipfw_reap_add(struct ip_fw_chain *chain, struct ip_fw **head, | void ipfw_reap_add(struct ip_fw_chain *chain, struct ip_fw **head, | ||||
struct ip_fw *rule); | struct ip_fw *rule); | ||||
void ipfw_reap_rules(struct ip_fw *head); | void ipfw_reap_rules(struct ip_fw *head); | ||||
void ipfw_init_counters(void); | void ipfw_init_counters(void); | ||||
void ipfw_destroy_counters(void); | void ipfw_destroy_counters(void); | ||||
struct ip_fw *ipfw_alloc_rule(struct ip_fw_chain *chain, size_t rulesize); | struct ip_fw *ipfw_alloc_rule(struct ip_fw_chain *chain, size_t rulesize); | ||||
void ipfw_free_rule(struct ip_fw *rule); | |||||
int ipfw_match_range(struct ip_fw *rule, ipfw_range_tlv *rt); | int ipfw_match_range(struct ip_fw *rule, ipfw_range_tlv *rt); | ||||
int ipfw_mark_object_kidx(uint32_t *bmask, uint16_t etlv, uint16_t kidx); | |||||
typedef int (sopt_handler_f)(struct ip_fw_chain *ch, | typedef int (sopt_handler_f)(struct ip_fw_chain *ch, | ||||
ip_fw3_opheader *op3, struct sockopt_data *sd); | ip_fw3_opheader *op3, struct sockopt_data *sd); | ||||
struct ipfw_sopt_handler { | struct ipfw_sopt_handler { | ||||
uint16_t opcode; | uint16_t opcode; | ||||
uint8_t version; | uint8_t version; | ||||
uint8_t dir; | uint8_t dir; | ||||
sopt_handler_f *handler; | sopt_handler_f *handler; | ||||
▲ Show 20 Lines • Show All 82 Lines • ▼ Show 20 Lines | |||||
int ipfw_eaction_init(struct ip_fw_chain *ch, int first); | int ipfw_eaction_init(struct ip_fw_chain *ch, int first); | ||||
void ipfw_eaction_uninit(struct ip_fw_chain *ch, int last); | void ipfw_eaction_uninit(struct ip_fw_chain *ch, int last); | ||||
uint16_t ipfw_add_eaction(struct ip_fw_chain *ch, ipfw_eaction_t handler, | uint16_t ipfw_add_eaction(struct ip_fw_chain *ch, ipfw_eaction_t handler, | ||||
const char *name); | const char *name); | ||||
int ipfw_del_eaction(struct ip_fw_chain *ch, uint16_t eaction_id); | int ipfw_del_eaction(struct ip_fw_chain *ch, uint16_t eaction_id); | ||||
int ipfw_run_eaction(struct ip_fw_chain *ch, struct ip_fw_args *args, | int ipfw_run_eaction(struct ip_fw_chain *ch, struct ip_fw_args *args, | ||||
ipfw_insn *cmd, int *done); | ipfw_insn *cmd, int *done); | ||||
int ipfw_reset_eaction(struct ip_fw_chain *ch, struct ip_fw *rule, | |||||
uint16_t eaction_id, uint16_t default_id, uint16_t instance_id); | |||||
int ipfw_reset_eaction_instance(struct ip_fw_chain *ch, uint16_t eaction_id, | |||||
uint16_t instance_id); | |||||
/* In ip_fw_table.c */ | /* In ip_fw_table.c */ | ||||
struct table_info; | struct table_info; | ||||
typedef int (table_lookup_t)(struct table_info *ti, void *key, uint32_t keylen, | typedef int (table_lookup_t)(struct table_info *ti, void *key, uint32_t keylen, | ||||
uint32_t *val); | uint32_t *val); | ||||
int ipfw_lookup_table(struct ip_fw_chain *ch, uint16_t tbl, uint16_t plen, | int ipfw_lookup_table(struct ip_fw_chain *ch, uint16_t tbl, uint16_t plen, | ||||
▲ Show 20 Lines • Show All 46 Lines • Show Last 20 Lines |