Changeset View
Changeset View
Standalone View
Standalone View
sys/net/pfvar.h
Show First 20 Lines • Show All 48 Lines • ▼ Show 20 Lines | |||||
#include <net/radix.h> | #include <net/radix.h> | ||||
#include <netinet/in.h> | #include <netinet/in.h> | ||||
#include <netpfil/pf/pf.h> | #include <netpfil/pf/pf.h> | ||||
#include <netpfil/pf/pf_altq.h> | #include <netpfil/pf/pf_altq.h> | ||||
#include <netpfil/pf/pf_mtag.h> | #include <netpfil/pf/pf_mtag.h> | ||||
struct pf_addr { | |||||
union { | |||||
struct in_addr v4; | |||||
struct in6_addr v6; | |||||
u_int8_t addr8[16]; | |||||
u_int16_t addr16[8]; | |||||
u_int32_t addr32[4]; | |||||
} pfa; /* 128-bit address */ | |||||
#define v4 pfa.v4 | |||||
#define v6 pfa.v6 | |||||
#define addr8 pfa.addr8 | |||||
#define addr16 pfa.addr16 | |||||
#define addr32 pfa.addr32 | |||||
}; | |||||
#define PFI_AFLAG_NETWORK 0x01 | #define PFI_AFLAG_NETWORK 0x01 | ||||
#define PFI_AFLAG_BROADCAST 0x02 | #define PFI_AFLAG_BROADCAST 0x02 | ||||
#define PFI_AFLAG_PEER 0x04 | #define PFI_AFLAG_PEER 0x04 | ||||
#define PFI_AFLAG_MODEMASK 0x07 | #define PFI_AFLAG_MODEMASK 0x07 | ||||
#define PFI_AFLAG_NOALIAS 0x08 | #define PFI_AFLAG_NOALIAS 0x08 | ||||
struct pf_addr_wrap { | struct pf_addr_wrap { | ||||
union { | union { | ||||
▲ Show 20 Lines • Show All 395 Lines • ▼ Show 20 Lines | struct pf_osfp_ioctl { | ||||
u_int16_t fp_flags; | u_int16_t fp_flags; | ||||
u_int8_t fp_optcnt; /* TCP option count */ | u_int8_t fp_optcnt; /* TCP option count */ | ||||
u_int8_t fp_wscale; /* TCP window scaling */ | u_int8_t fp_wscale; /* TCP window scaling */ | ||||
u_int8_t fp_ttl; /* IPv4 TTL */ | u_int8_t fp_ttl; /* IPv4 TTL */ | ||||
int fp_getnum; /* DIOCOSFPGET number */ | int fp_getnum; /* DIOCOSFPGET number */ | ||||
}; | }; | ||||
union pf_rule_ptr { | |||||
struct pf_rule *ptr; | |||||
u_int32_t nr; | |||||
}; | |||||
#define PF_ANCHOR_NAME_SIZE 64 | #define PF_ANCHOR_NAME_SIZE 64 | ||||
struct pf_rule { | struct pf_rule { | ||||
struct pf_rule_addr src; | struct pf_rule_addr src; | ||||
struct pf_rule_addr dst; | struct pf_rule_addr dst; | ||||
#define PF_SKIP_IFP 0 | #define PF_SKIP_IFP 0 | ||||
#define PF_SKIP_DIR 1 | #define PF_SKIP_DIR 1 | ||||
#define PF_SKIP_AF 2 | #define PF_SKIP_AF 2 | ||||
▲ Show 20 Lines • Show All 127 Lines • ▼ Show 20 Lines | |||||
/* rule flags again */ | /* rule flags again */ | ||||
#define PFRULE_IFBOUND 0x00010000 /* if-bound */ | #define PFRULE_IFBOUND 0x00010000 /* if-bound */ | ||||
#define PFRULE_STATESLOPPY 0x00020000 /* sloppy state tracking */ | #define PFRULE_STATESLOPPY 0x00020000 /* sloppy state tracking */ | ||||
#define PFSTATE_HIWAT 100000 /* default state table size */ | #define PFSTATE_HIWAT 100000 /* default state table size */ | ||||
#define PFSTATE_ADAPT_START 60000 /* default adaptive timeout start */ | #define PFSTATE_ADAPT_START 60000 /* default adaptive timeout start */ | ||||
#define PFSTATE_ADAPT_END 120000 /* default adaptive timeout end */ | #define PFSTATE_ADAPT_END 120000 /* default adaptive timeout end */ | ||||
struct pf_threshold { | #ifdef _KERNEL | ||||
u_int32_t limit; | struct pf_ksrc_node { | ||||
#define PF_THRESHOLD_MULT 1000 | LIST_ENTRY(pf_ksrc_node) entry; | ||||
#define PF_THRESHOLD_MAX 0xffffffff / PF_THRESHOLD_MULT | |||||
u_int32_t seconds; | |||||
u_int32_t count; | |||||
u_int32_t last; | |||||
}; | |||||
struct pf_src_node { | |||||
LIST_ENTRY(pf_src_node) entry; | |||||
struct pf_addr addr; | struct pf_addr addr; | ||||
struct pf_addr raddr; | struct pf_addr raddr; | ||||
union pf_rule_ptr rule; | union pf_rule_ptr rule; | ||||
struct pfi_kif *kif; | struct pfi_kif *kif; | ||||
u_int64_t bytes[2]; | u_int64_t bytes[2]; | ||||
u_int64_t packets[2]; | u_int64_t packets[2]; | ||||
u_int32_t states; | u_int32_t states; | ||||
u_int32_t conn; | u_int32_t conn; | ||||
struct pf_threshold conn_rate; | struct pf_threshold conn_rate; | ||||
u_int32_t creation; | u_int32_t creation; | ||||
u_int32_t expire; | u_int32_t expire; | ||||
sa_family_t af; | sa_family_t af; | ||||
u_int8_t ruletype; | u_int8_t ruletype; | ||||
}; | }; | ||||
#endif | |||||
#define PFSNODE_HIWAT 10000 /* default source node table size */ | |||||
struct pf_state_scrub { | struct pf_state_scrub { | ||||
struct timeval pfss_last; /* time received last packet */ | struct timeval pfss_last; /* time received last packet */ | ||||
u_int32_t pfss_tsecr; /* last echoed timestamp */ | u_int32_t pfss_tsecr; /* last echoed timestamp */ | ||||
u_int32_t pfss_tsval; /* largest timestamp */ | u_int32_t pfss_tsval; /* largest timestamp */ | ||||
u_int32_t pfss_tsval0; /* original timestamp */ | u_int32_t pfss_tsval0; /* original timestamp */ | ||||
u_int16_t pfss_flags; | u_int16_t pfss_flags; | ||||
#define PFSS_TIMESTAMP 0x0001 /* modulate timestamp */ | #define PFSS_TIMESTAMP 0x0001 /* modulate timestamp */ | ||||
#define PFSS_PAWS 0x0010 /* stricter PAWS checks */ | #define PFSS_PAWS 0x0010 /* stricter PAWS checks */ | ||||
▲ Show 20 Lines • Show All 66 Lines • ▼ Show 20 Lines | struct pf_state { | ||||
struct pf_state_peer dst; | struct pf_state_peer dst; | ||||
union pf_rule_ptr rule; | union pf_rule_ptr rule; | ||||
union pf_rule_ptr anchor; | union pf_rule_ptr anchor; | ||||
union pf_rule_ptr nat_rule; | union pf_rule_ptr nat_rule; | ||||
struct pf_addr rt_addr; | struct pf_addr rt_addr; | ||||
struct pf_state_key *key[2]; /* addresses stack and wire */ | struct pf_state_key *key[2]; /* addresses stack and wire */ | ||||
struct pfi_kif *kif; | struct pfi_kif *kif; | ||||
struct pfi_kif *rt_kif; | struct pfi_kif *rt_kif; | ||||
struct pf_src_node *src_node; | struct pf_ksrc_node *src_node; | ||||
struct pf_src_node *nat_src_node; | struct pf_ksrc_node *nat_src_node; | ||||
counter_u64_t packets[2]; | counter_u64_t packets[2]; | ||||
counter_u64_t bytes[2]; | counter_u64_t bytes[2]; | ||||
u_int32_t creation; | u_int32_t creation; | ||||
u_int32_t expire; | u_int32_t expire; | ||||
u_int32_t pfsync_time; | u_int32_t pfsync_time; | ||||
u_int16_t tag; | u_int16_t tag; | ||||
u_int8_t log; | u_int8_t log; | ||||
u_int8_t state_flags; | u_int8_t state_flags; | ||||
▲ Show 20 Lines • Show All 825 Lines • ▼ Show 20 Lines | |||||
#define DIOCGETALTQ __CONCAT(DIOCGETALTQV, 0) | #define DIOCGETALTQ __CONCAT(DIOCGETALTQV, 0) | ||||
#define DIOCCHANGEALTQ __CONCAT(DIOCCHANGEALTQV, 0) | #define DIOCCHANGEALTQ __CONCAT(DIOCCHANGEALTQV, 0) | ||||
#define DIOCGETQSTATS __CONCAT(DIOCGETQSTATSV, 0) | #define DIOCGETQSTATS __CONCAT(DIOCGETQSTATSV, 0) | ||||
#define DIOCGIFSPEED __CONCAT(DIOCGIFSPEEDV, 0) | #define DIOCGIFSPEED __CONCAT(DIOCGIFSPEEDV, 0) | ||||
#endif /* PFIOC_USE_LATEST */ | #endif /* PFIOC_USE_LATEST */ | ||||
#endif /* _KERNEL */ | #endif /* _KERNEL */ | ||||
#ifdef _KERNEL | #ifdef _KERNEL | ||||
LIST_HEAD(pf_src_node_list, pf_src_node); | LIST_HEAD(pf_ksrc_node_list, pf_ksrc_node); | ||||
struct pf_srchash { | struct pf_srchash { | ||||
struct pf_src_node_list nodes; | struct pf_ksrc_node_list nodes; | ||||
struct mtx lock; | struct mtx lock; | ||||
}; | }; | ||||
struct pf_keyhash { | struct pf_keyhash { | ||||
LIST_HEAD(, pf_state_key) keys; | LIST_HEAD(, pf_state_key) keys; | ||||
struct mtx lock; | struct mtx lock; | ||||
}; | }; | ||||
▲ Show 20 Lines • Show All 95 Lines • ▼ Show 20 Lines | if (refcount_release(&s->refs)) { | ||||
return (1); | return (1); | ||||
} else | } else | ||||
return (0); | return (0); | ||||
} | } | ||||
extern struct pf_state *pf_find_state_byid(uint64_t, uint32_t); | extern struct pf_state *pf_find_state_byid(uint64_t, uint32_t); | ||||
extern struct pf_state *pf_find_state_all(struct pf_state_key_cmp *, | extern struct pf_state *pf_find_state_all(struct pf_state_key_cmp *, | ||||
u_int, int *); | u_int, int *); | ||||
extern struct pf_src_node *pf_find_src_node(struct pf_addr *, | extern struct pf_ksrc_node *pf_find_src_node(struct pf_addr *, | ||||
struct pf_rule *, sa_family_t, int); | struct pf_rule *, sa_family_t, int); | ||||
extern void pf_unlink_src_node(struct pf_src_node *); | extern void pf_unlink_src_node(struct pf_ksrc_node *); | ||||
extern u_int pf_free_src_nodes(struct pf_src_node_list *); | extern u_int pf_free_src_nodes(struct pf_ksrc_node_list *); | ||||
extern void pf_print_state(struct pf_state *); | extern void pf_print_state(struct pf_state *); | ||||
extern void pf_print_flags(u_int8_t); | extern void pf_print_flags(u_int8_t); | ||||
extern u_int16_t pf_cksum_fixup(u_int16_t, u_int16_t, u_int16_t, | extern u_int16_t pf_cksum_fixup(u_int16_t, u_int16_t, u_int16_t, | ||||
u_int8_t); | u_int8_t); | ||||
extern u_int16_t pf_proto_cksum_fixup(struct mbuf *, u_int16_t, | extern u_int16_t pf_proto_cksum_fixup(struct mbuf *, u_int16_t, | ||||
u_int16_t, u_int16_t, u_int8_t); | u_int16_t, u_int16_t, u_int8_t); | ||||
VNET_DECLARE(struct ifnet *, sync_ifp); | VNET_DECLARE(struct ifnet *, sync_ifp); | ||||
▲ Show 20 Lines • Show All 175 Lines • ▼ Show 20 Lines | void pf_step_into_anchor(struct pf_anchor_stackframe *, int *, | ||||
struct pf_ruleset **, int, struct pf_rule **, | struct pf_ruleset **, int, struct pf_rule **, | ||||
struct pf_rule **, int *); | struct pf_rule **, int *); | ||||
int pf_step_out_of_anchor(struct pf_anchor_stackframe *, int *, | int pf_step_out_of_anchor(struct pf_anchor_stackframe *, int *, | ||||
struct pf_ruleset **, int, struct pf_rule **, | struct pf_ruleset **, int, struct pf_rule **, | ||||
struct pf_rule **, int *); | struct pf_rule **, int *); | ||||
int pf_map_addr(u_int8_t, struct pf_rule *, | int pf_map_addr(u_int8_t, struct pf_rule *, | ||||
struct pf_addr *, struct pf_addr *, | struct pf_addr *, struct pf_addr *, | ||||
struct pf_addr *, struct pf_src_node **); | struct pf_addr *, struct pf_ksrc_node **); | ||||
struct pf_rule *pf_get_translation(struct pf_pdesc *, struct mbuf *, | struct pf_rule *pf_get_translation(struct pf_pdesc *, struct mbuf *, | ||||
int, int, struct pfi_kif *, struct pf_src_node **, | int, int, struct pfi_kif *, struct pf_ksrc_node **, | ||||
struct pf_state_key **, struct pf_state_key **, | struct pf_state_key **, struct pf_state_key **, | ||||
struct pf_addr *, struct pf_addr *, | struct pf_addr *, struct pf_addr *, | ||||
uint16_t, uint16_t, struct pf_anchor_stackframe *); | uint16_t, uint16_t, struct pf_anchor_stackframe *); | ||||
struct pf_state_key *pf_state_key_setup(struct pf_pdesc *, struct pf_addr *, | struct pf_state_key *pf_state_key_setup(struct pf_pdesc *, struct pf_addr *, | ||||
struct pf_addr *, u_int16_t, u_int16_t); | struct pf_addr *, u_int16_t, u_int16_t); | ||||
struct pf_state_key *pf_state_key_clone(struct pf_state_key *); | struct pf_state_key *pf_state_key_clone(struct pf_state_key *); | ||||
#endif /* _KERNEL */ | #endif /* _KERNEL */ | ||||
#endif /* _NET_PFVAR_H_ */ | #endif /* _NET_PFVAR_H_ */ |