Changeset View
Changeset View
Standalone View
Standalone View
sys/netpfil/ipfw/ip_fw_private.h
Show First 20 Lines • Show All 79 Lines • ▼ Show 20 Lines | |||||
/* | /* | ||||
* Arguments for calling ipfw_chk() and dummynet_io(). We put them | * Arguments for calling ipfw_chk() and dummynet_io(). We put them | ||||
* all into a structure because this way it is easier and more | * all into a structure because this way it is easier and more | ||||
* efficient to pass variables around and extend the interface. | * efficient to pass variables around and extend the interface. | ||||
*/ | */ | ||||
struct ip_fw_args { | struct ip_fw_args { | ||||
uint32_t flags; | uint32_t flags; | ||||
#define IPFW_ARGS_ETHER 0x0001 /* has valid ethernet header */ | #define IPFW_ARGS_ETHER 0x00010000 /* valid ethernet header */ | ||||
#define IPFW_ARGS_NH4 0x0002 /* has IPv4 next hop in hopstore */ | #define IPFW_ARGS_NH4 0x00020000 /* IPv4 next hop in hopstore */ | ||||
#define IPFW_ARGS_NH6 0x0004 /* has IPv6 next hop in hopstore */ | #define IPFW_ARGS_NH6 0x00040000 /* IPv6 next hop in hopstore */ | ||||
#define IPFW_ARGS_NH4PTR 0x0008 /* has IPv4 next hop in next_hop */ | #define IPFW_ARGS_NH4PTR 0x00080000 /* IPv4 next hop in next_hop */ | ||||
#define IPFW_ARGS_NH6PTR 0x0010 /* has IPv6 next hop in next_hop6 */ | #define IPFW_ARGS_NH6PTR 0x00100000 /* IPv6 next hop in next_hop6 */ | ||||
#define IPFW_ARGS_REF 0x0020 /* has valid ipfw_rule_ref */ | #define IPFW_ARGS_REF 0x00200000 /* valid ipfw_rule_ref */ | ||||
#define IPFW_ARGS_IN 0x00400000 /* called on input */ | |||||
#define IPFW_ARGS_OUT 0x00800000 /* called on output */ | |||||
#define IPFW_ARGS_IP4 0x01000000 /* belongs to v4 ISR */ | |||||
#define IPFW_ARGS_IP6 0x02000000 /* belongs to v6 ISR */ | |||||
#define IPFW_ARGS_DROP 0x04000000 /* drop it (dummynet) */ | |||||
#define IPFW_ARGS_LENMASK 0x0000ffff /* length of data in *mem */ | |||||
#define IPFW_ARGS_LENGTH(f) ((f) & IPFW_ARGS_LENMASK) | |||||
/* | /* | ||||
* On return, it points to the matching rule. | * On return, it points to the matching rule. | ||||
* On entry, rule.slot > 0 means the info is valid and | * On entry, rule.slot > 0 means the info is valid and | ||||
* contains the starting rule for an ipfw search. | * contains the starting rule for an ipfw search. | ||||
* If chain_id == chain->id && slot >0 then jump to that slot. | * If chain_id == chain->id && slot >0 then jump to that slot. | ||||
* Otherwise, we locate the first rule >= rulenum:rule_id | * Otherwise, we locate the first rule >= rulenum:rule_id | ||||
*/ | */ | ||||
struct ipfw_rule_ref rule; /* match/restart info */ | struct ipfw_rule_ref rule; /* match/restart info */ | ||||
struct ifnet *oif; /* output interface */ | struct ifnet *ifp; /* input/output interface */ | ||||
struct inpcb *inp; | struct inpcb *inp; | ||||
union { | union { | ||||
/* | /* | ||||
* We don't support forwarding on layer2, thus we can | |||||
* keep eh pointer in this union. | |||||
* next_hop[6] pointers can be used to point to next hop | * next_hop[6] pointers can be used to point to next hop | ||||
* stored in rule's opcode to avoid copying into hopstore. | * stored in rule's opcode to avoid copying into hopstore. | ||||
* Also, it is expected that all 0x1-0x10 flags are mutually | * Also, it is expected that all 0x1-0x10 flags are mutually | ||||
* exclusive. | * exclusive. | ||||
*/ | */ | ||||
struct ether_header *eh; /* for bridged packets */ | |||||
struct sockaddr_in *next_hop; | struct sockaddr_in *next_hop; | ||||
struct sockaddr_in6 *next_hop6; | struct sockaddr_in6 *next_hop6; | ||||
/* ipfw next hop storage */ | /* ipfw next hop storage */ | ||||
struct sockaddr_in hopstore; | struct sockaddr_in hopstore; | ||||
struct ip_fw_nh6 { | struct ip_fw_nh6 { | ||||
struct in6_addr sin6_addr; | struct in6_addr sin6_addr; | ||||
uint32_t sin6_scope_id; | uint32_t sin6_scope_id; | ||||
uint16_t sin6_port; | uint16_t sin6_port; | ||||
} hopstore6; | } hopstore6; | ||||
}; | }; | ||||
union { | |||||
struct mbuf *m; /* the mbuf chain */ | struct mbuf *m; /* the mbuf chain */ | ||||
void *mem; /* or memory pointer */ | |||||
}; | |||||
struct ipfw_flow_id f_id; /* grabbed from IP header */ | struct ipfw_flow_id f_id; /* grabbed from IP header */ | ||||
}; | }; | ||||
MALLOC_DECLARE(M_IPFW); | MALLOC_DECLARE(M_IPFW); | ||||
/* | |||||
* Hooks sometime need to know the direction of the packet | |||||
* (divert, dummynet, netgraph, ...) | |||||
* We use a generic definition here, with bit0-1 indicating the | |||||
* direction, bit 2 indicating layer2 or 3, bit 3-4 indicating the | |||||
* specific protocol | |||||
* indicating the protocol (if necessary) | |||||
*/ | |||||
enum { | |||||
DIR_MASK = 0x3, | |||||
DIR_OUT = 0, | |||||
DIR_IN = 1, | |||||
DIR_FWD = 2, | |||||
DIR_DROP = 3, | |||||
PROTO_LAYER2 = 0x4, /* set for layer 2 */ | |||||
/* PROTO_DEFAULT = 0, */ | |||||
PROTO_IPV4 = 0x08, | |||||
PROTO_IPV6 = 0x10, | |||||
PROTO_IFB = 0x0c, /* layer2 + ifbridge */ | |||||
/* PROTO_OLDBDG = 0x14, unused, old bridge */ | |||||
}; | |||||
/* wrapper for freeing a packet, in case we need to do more work */ | /* wrapper for freeing a packet, in case we need to do more work */ | ||||
#ifndef FREE_PKT | #ifndef FREE_PKT | ||||
#if defined(__linux__) || defined(_WIN32) | #if defined(__linux__) || defined(_WIN32) | ||||
#define FREE_PKT(m) netisr_dispatch(-1, m) | #define FREE_PKT(m) netisr_dispatch(-1, m) | ||||
#else | #else | ||||
#define FREE_PKT(m) m_freem(m) | #define FREE_PKT(m) m_freem(m) | ||||
#endif | #endif | ||||
#endif /* !FREE_PKT */ | #endif /* !FREE_PKT */ | ||||
Show All 12 Lines | |||||
#endif | #endif | ||||
/* In ip_fw_log.c */ | /* In ip_fw_log.c */ | ||||
struct ip; | struct ip; | ||||
struct ip_fw_chain; | struct ip_fw_chain; | ||||
void ipfw_bpf_init(int); | void ipfw_bpf_init(int); | ||||
void ipfw_bpf_uninit(int); | void ipfw_bpf_uninit(int); | ||||
void ipfw_bpf_tap(u_char *, u_int); | |||||
void ipfw_bpf_mtap(struct mbuf *); | |||||
void ipfw_bpf_mtap2(void *, u_int, struct mbuf *); | void ipfw_bpf_mtap2(void *, u_int, struct mbuf *); | ||||
void ipfw_log(struct ip_fw_chain *chain, struct ip_fw *f, u_int hlen, | void ipfw_log(struct ip_fw_chain *chain, struct ip_fw *f, u_int hlen, | ||||
struct ip_fw_args *args, struct mbuf *m, struct ifnet *oif, | struct ip_fw_args *args, u_short offset, uint32_t tablearg, struct ip *ip); | ||||
u_short offset, uint32_t tablearg, struct ip *ip); | |||||
VNET_DECLARE(u_int64_t, norule_counter); | VNET_DECLARE(u_int64_t, norule_counter); | ||||
#define V_norule_counter VNET(norule_counter) | #define V_norule_counter VNET(norule_counter) | ||||
VNET_DECLARE(int, verbose_limit); | VNET_DECLARE(int, verbose_limit); | ||||
#define V_verbose_limit VNET(verbose_limit) | #define V_verbose_limit VNET(verbose_limit) | ||||
/* In ip_fw_dynamic.c */ | /* In ip_fw_dynamic.c */ | ||||
struct sockopt_data; | struct sockopt_data; | ||||
▲ Show 20 Lines • Show All 645 Lines • Show Last 20 Lines |