Changeset View
Changeset View
Standalone View
Standalone View
sys/net/pfvar.h
Show First 20 Lines • Show All 287 Lines • ▼ Show 20 Lines | ((aw)->type == PF_ADDR_ADDRMASK && \ | ||||
!PF_MATCHA(0, &(aw)->v.a.addr, \ | !PF_MATCHA(0, &(aw)->v.a.addr, \ | ||||
&(aw)->v.a.mask, (x), (af))))) != \ | &(aw)->v.a.mask, (x), (af))))) != \ | ||||
(neg) \ | (neg) \ | ||||
) | ) | ||||
#define PF_ALGNMNT(off) (((off) % 2) == 0) | #define PF_ALGNMNT(off) (((off) % 2) == 0) | ||||
#ifdef _KERNEL | #ifdef _KERNEL | ||||
union pf_krule_ptr { | |||||
struct pf_krule *ptr; | |||||
u_int32_t nr; | |||||
}; | |||||
struct pf_krule { | |||||
struct pf_rule_addr src; | |||||
struct pf_rule_addr dst; | |||||
union pf_krule_ptr skip[PF_SKIP_COUNT]; | |||||
char label[PF_RULE_LABEL_SIZE]; | |||||
char ifname[IFNAMSIZ]; | |||||
char qname[PF_QNAME_SIZE]; | |||||
char pqname[PF_QNAME_SIZE]; | |||||
char tagname[PF_TAG_NAME_SIZE]; | |||||
char match_tagname[PF_TAG_NAME_SIZE]; | |||||
char overload_tblname[PF_TABLE_NAME_SIZE]; | |||||
TAILQ_ENTRY(pf_krule) entries; | |||||
struct pf_pool rpool; | |||||
u_int64_t evaluations; | |||||
u_int64_t packets[2]; | |||||
u_int64_t bytes[2]; | |||||
struct pfi_kif *kif; | |||||
struct pf_kanchor *anchor; | |||||
struct pfr_ktable *overload_tbl; | |||||
pf_osfp_t os_fingerprint; | |||||
int rtableid; | |||||
u_int32_t timeout[PFTM_MAX]; | |||||
u_int32_t max_states; | |||||
u_int32_t max_src_nodes; | |||||
u_int32_t max_src_states; | |||||
u_int32_t max_src_conn; | |||||
struct { | |||||
u_int32_t limit; | |||||
u_int32_t seconds; | |||||
} max_src_conn_rate; | |||||
u_int32_t qid; | |||||
u_int32_t pqid; | |||||
u_int32_t rt_listid; | |||||
u_int32_t nr; | |||||
u_int32_t prob; | |||||
uid_t cuid; | |||||
pid_t cpid; | |||||
counter_u64_t states_cur; | |||||
counter_u64_t states_tot; | |||||
counter_u64_t src_nodes; | |||||
u_int16_t return_icmp; | |||||
u_int16_t return_icmp6; | |||||
u_int16_t max_mss; | |||||
u_int16_t tag; | |||||
u_int16_t match_tag; | |||||
u_int16_t scrub_flags; | |||||
struct pf_rule_uid uid; | |||||
struct pf_rule_gid gid; | |||||
u_int32_t rule_flag; | |||||
u_int8_t action; | |||||
u_int8_t direction; | |||||
u_int8_t log; | |||||
u_int8_t logif; | |||||
u_int8_t quick; | |||||
u_int8_t ifnot; | |||||
u_int8_t match_tag_not; | |||||
u_int8_t natpass; | |||||
u_int8_t keep_state; | |||||
sa_family_t af; | |||||
u_int8_t proto; | |||||
u_int8_t type; | |||||
u_int8_t code; | |||||
u_int8_t flags; | |||||
u_int8_t flagset; | |||||
u_int8_t min_ttl; | |||||
u_int8_t allow_opts; | |||||
u_int8_t rt; | |||||
u_int8_t return_ttl; | |||||
u_int8_t tos; | |||||
u_int8_t set_tos; | |||||
u_int8_t anchor_relative; | |||||
u_int8_t anchor_wildcard; | |||||
u_int8_t flush; | |||||
u_int8_t prio; | |||||
u_int8_t set_prio[2]; | |||||
struct { | |||||
struct pf_addr addr; | |||||
u_int16_t port; | |||||
} divert; | |||||
uint64_t u_states_cur; | |||||
uint64_t u_states_tot; | |||||
uint64_t u_src_nodes; | |||||
}; | |||||
struct pf_ksrc_node { | struct pf_ksrc_node { | ||||
LIST_ENTRY(pf_ksrc_node) entry; | LIST_ENTRY(pf_ksrc_node) entry; | ||||
struct pf_addr addr; | struct pf_addr addr; | ||||
struct pf_addr raddr; | struct pf_addr raddr; | ||||
union pf_rule_ptr rule; | union pf_krule_ptr rule; | ||||
struct pfi_kif *kif; | struct pfi_kif *kif; | ||||
counter_u64_t bytes[2]; | counter_u64_t bytes[2]; | ||||
counter_u64_t packets[2]; | counter_u64_t packets[2]; | ||||
u_int32_t states; | u_int32_t states; | ||||
u_int32_t conn; | u_int32_t conn; | ||||
struct pf_threshold conn_rate; | struct pf_threshold conn_rate; | ||||
u_int32_t creation; | u_int32_t creation; | ||||
u_int32_t expire; | u_int32_t expire; | ||||
▲ Show 20 Lines • Show All 60 Lines • ▼ Show 20 Lines | |||||
/* Keep synced with struct pf_state. */ | /* Keep synced with struct pf_state. */ | ||||
struct pf_state_cmp { | struct pf_state_cmp { | ||||
u_int64_t id; | u_int64_t id; | ||||
u_int32_t creatorid; | u_int32_t creatorid; | ||||
u_int8_t direction; | u_int8_t direction; | ||||
u_int8_t pad[3]; | u_int8_t pad[3]; | ||||
}; | }; | ||||
#define PFSTATE_ALLOWOPTS 0x01 | |||||
#define PFSTATE_SLOPPY 0x02 | |||||
/* was PFSTATE_PFLOW 0x04 */ | |||||
#define PFSTATE_NOSYNC 0x08 | |||||
#define PFSTATE_ACK 0x10 | |||||
#define PFSTATE_SETPRIO 0x0200 | |||||
#define PFSTATE_SETMASK (PFSTATE_SETPRIO) | |||||
#ifdef _KERNEL | |||||
struct pf_state { | struct pf_state { | ||||
u_int64_t id; | u_int64_t id; | ||||
u_int32_t creatorid; | u_int32_t creatorid; | ||||
u_int8_t direction; | u_int8_t direction; | ||||
u_int8_t pad[3]; | u_int8_t pad[3]; | ||||
u_int refs; | u_int refs; | ||||
TAILQ_ENTRY(pf_state) sync_list; | TAILQ_ENTRY(pf_state) sync_list; | ||||
TAILQ_ENTRY(pf_state) key_list[2]; | TAILQ_ENTRY(pf_state) key_list[2]; | ||||
LIST_ENTRY(pf_state) entry; | LIST_ENTRY(pf_state) entry; | ||||
struct pf_state_peer src; | struct pf_state_peer src; | ||||
struct pf_state_peer dst; | struct pf_state_peer dst; | ||||
union pf_rule_ptr rule; | union pf_krule_ptr rule; | ||||
union pf_rule_ptr anchor; | union pf_krule_ptr anchor; | ||||
union pf_rule_ptr nat_rule; | union pf_krule_ptr nat_rule; | ||||
struct pf_addr rt_addr; | struct pf_addr rt_addr; | ||||
struct pf_state_key *key[2]; /* addresses stack and wire */ | struct pf_state_key *key[2]; /* addresses stack and wire */ | ||||
struct pfi_kif *kif; | struct pfi_kif *kif; | ||||
struct pfi_kif *rt_kif; | struct pfi_kif *rt_kif; | ||||
struct pf_ksrc_node *src_node; | struct pf_ksrc_node *src_node; | ||||
struct pf_ksrc_node *nat_src_node; | struct pf_ksrc_node *nat_src_node; | ||||
counter_u64_t packets[2]; | counter_u64_t packets[2]; | ||||
counter_u64_t bytes[2]; | counter_u64_t bytes[2]; | ||||
u_int32_t creation; | u_int32_t creation; | ||||
u_int32_t expire; | u_int32_t expire; | ||||
u_int32_t pfsync_time; | u_int32_t pfsync_time; | ||||
u_int16_t tag; | u_int16_t tag; | ||||
u_int8_t log; | u_int8_t log; | ||||
u_int8_t state_flags; | u_int8_t state_flags; | ||||
#define PFSTATE_ALLOWOPTS 0x01 | |||||
#define PFSTATE_SLOPPY 0x02 | |||||
/* was PFSTATE_PFLOW 0x04 */ | |||||
#define PFSTATE_NOSYNC 0x08 | |||||
#define PFSTATE_ACK 0x10 | |||||
#define PFSTATE_SETPRIO 0x0200 | |||||
#define PFSTATE_SETMASK (PFSTATE_SETPRIO) | |||||
u_int8_t timeout; | u_int8_t timeout; | ||||
u_int8_t sync_state; /* PFSYNC_S_x */ | u_int8_t sync_state; /* PFSYNC_S_x */ | ||||
/* XXX */ | /* XXX */ | ||||
u_int8_t sync_updates; | u_int8_t sync_updates; | ||||
u_int8_t _tail[3]; | u_int8_t _tail[3]; | ||||
}; | }; | ||||
#endif | |||||
/* | /* | ||||
* Unified state structures for pulling states out of the kernel | * Unified state structures for pulling states out of the kernel | ||||
* used by pfsync(4) and the pf(4) ioctl. | * used by pfsync(4) and the pf(4) ioctl. | ||||
*/ | */ | ||||
struct pfsync_state_scrub { | struct pfsync_state_scrub { | ||||
u_int16_t pfss_flags; | u_int16_t pfss_flags; | ||||
u_int8_t pfss_ttl; /* stashed TTL */ | u_int8_t pfss_ttl; /* stashed TTL */ | ||||
▲ Show 20 Lines • Show All 68 Lines • ▼ Show 20 Lines | |||||
VNET_DECLARE(pfsync_defer_t *, pfsync_defer_ptr); | VNET_DECLARE(pfsync_defer_t *, pfsync_defer_ptr); | ||||
#define V_pfsync_defer_ptr VNET(pfsync_defer_ptr) | #define V_pfsync_defer_ptr VNET(pfsync_defer_ptr) | ||||
extern pfsync_detach_ifnet_t *pfsync_detach_ifnet_ptr; | extern pfsync_detach_ifnet_t *pfsync_detach_ifnet_ptr; | ||||
void pfsync_state_export(struct pfsync_state *, | void pfsync_state_export(struct pfsync_state *, | ||||
struct pf_state *); | struct pf_state *); | ||||
/* pflog */ | /* pflog */ | ||||
struct pf_ruleset; | struct pf_kruleset; | ||||
struct pf_pdesc; | struct pf_pdesc; | ||||
typedef int pflog_packet_t(struct pfi_kif *, struct mbuf *, sa_family_t, | typedef int pflog_packet_t(struct pfi_kif *, struct mbuf *, sa_family_t, | ||||
u_int8_t, u_int8_t, struct pf_rule *, struct pf_rule *, | u_int8_t, u_int8_t, struct pf_krule *, struct pf_krule *, | ||||
struct pf_ruleset *, struct pf_pdesc *, int); | struct pf_kruleset *, struct pf_pdesc *, int); | ||||
extern pflog_packet_t *pflog_packet_ptr; | extern pflog_packet_t *pflog_packet_ptr; | ||||
#endif /* _KERNEL */ | #endif /* _KERNEL */ | ||||
#define PFSYNC_FLAG_SRCNODE 0x04 | #define PFSYNC_FLAG_SRCNODE 0x04 | ||||
#define PFSYNC_FLAG_NATSRCNODE 0x08 | #define PFSYNC_FLAG_NATSRCNODE 0x08 | ||||
/* for copies to/from network byte order */ | /* for copies to/from network byte order */ | ||||
▲ Show 20 Lines • Show All 41 Lines • ▼ Show 20 Lines | #define pf_state_counter_from_pfsync(s) \ | ||||
(((u_int64_t)(s[0])<<32) | (u_int64_t)(s[1])) | (((u_int64_t)(s[0])<<32) | (u_int64_t)(s[1])) | ||||
#define pf_state_counter_ntoh(s,d) do { \ | #define pf_state_counter_ntoh(s,d) do { \ | ||||
d = ntohl(s[0]); \ | d = ntohl(s[0]); \ | ||||
d = d<<32; \ | d = d<<32; \ | ||||
d += ntohl(s[1]); \ | d += ntohl(s[1]); \ | ||||
} while (0) | } while (0) | ||||
TAILQ_HEAD(pf_rulequeue, pf_rule); | TAILQ_HEAD(pf_krulequeue, pf_krule); | ||||
struct pf_anchor; | struct pf_kanchor; | ||||
struct pf_ruleset { | struct pf_kruleset { | ||||
struct { | struct { | ||||
struct pf_rulequeue queues[2]; | struct pf_krulequeue queues[2]; | ||||
struct { | struct { | ||||
struct pf_rulequeue *ptr; | struct pf_krulequeue *ptr; | ||||
struct pf_rule **ptr_array; | struct pf_krule **ptr_array; | ||||
u_int32_t rcount; | u_int32_t rcount; | ||||
u_int32_t ticket; | u_int32_t ticket; | ||||
int open; | int open; | ||||
} active, inactive; | } active, inactive; | ||||
} rules[PF_RULESET_MAX]; | } rules[PF_RULESET_MAX]; | ||||
struct pf_anchor *anchor; | struct pf_kanchor *anchor; | ||||
u_int32_t tticket; | u_int32_t tticket; | ||||
int tables; | int tables; | ||||
int topen; | int topen; | ||||
}; | }; | ||||
RB_HEAD(pf_anchor_global, pf_anchor); | RB_HEAD(pf_kanchor_global, pf_kanchor); | ||||
RB_HEAD(pf_anchor_node, pf_anchor); | RB_HEAD(pf_kanchor_node, pf_kanchor); | ||||
struct pf_anchor { | struct pf_kanchor { | ||||
RB_ENTRY(pf_anchor) entry_global; | RB_ENTRY(pf_kanchor) entry_global; | ||||
RB_ENTRY(pf_anchor) entry_node; | RB_ENTRY(pf_kanchor) entry_node; | ||||
struct pf_anchor *parent; | struct pf_kanchor *parent; | ||||
struct pf_anchor_node children; | struct pf_kanchor_node children; | ||||
char name[PF_ANCHOR_NAME_SIZE]; | char name[PF_ANCHOR_NAME_SIZE]; | ||||
char path[MAXPATHLEN]; | char path[MAXPATHLEN]; | ||||
struct pf_ruleset ruleset; | struct pf_kruleset ruleset; | ||||
int refcnt; /* anchor rules */ | int refcnt; /* anchor rules */ | ||||
int match; /* XXX: used for pfctl black magic */ | int match; /* XXX: used for pfctl black magic */ | ||||
}; | }; | ||||
RB_PROTOTYPE(pf_anchor_global, pf_anchor, entry_global, pf_anchor_compare); | RB_PROTOTYPE(pf_kanchor_global, pf_kanchor, entry_global, pf_anchor_compare); | ||||
RB_PROTOTYPE(pf_anchor_node, pf_anchor, entry_node, pf_anchor_compare); | RB_PROTOTYPE(pf_kanchor_node, pf_kanchor, entry_node, pf_kanchor_compare); | ||||
#define PF_RESERVED_ANCHOR "_pf" | #define PF_RESERVED_ANCHOR "_pf" | ||||
#define PFR_TFLAG_PERSIST 0x00000001 | #define PFR_TFLAG_PERSIST 0x00000001 | ||||
#define PFR_TFLAG_CONST 0x00000002 | #define PFR_TFLAG_CONST 0x00000002 | ||||
#define PFR_TFLAG_ACTIVE 0x00000004 | #define PFR_TFLAG_ACTIVE 0x00000004 | ||||
#define PFR_TFLAG_INACTIVE 0x00000008 | #define PFR_TFLAG_INACTIVE 0x00000008 | ||||
#define PFR_TFLAG_REFERENCED 0x00000010 | #define PFR_TFLAG_REFERENCED 0x00000010 | ||||
Show All 10 Lines | |||||
#define PFR_TFLAG_ALLMASK (PFR_TFLAG_PERSIST | \ | #define PFR_TFLAG_ALLMASK (PFR_TFLAG_PERSIST | \ | ||||
PFR_TFLAG_CONST | \ | PFR_TFLAG_CONST | \ | ||||
PFR_TFLAG_ACTIVE | \ | PFR_TFLAG_ACTIVE | \ | ||||
PFR_TFLAG_INACTIVE | \ | PFR_TFLAG_INACTIVE | \ | ||||
PFR_TFLAG_REFERENCED | \ | PFR_TFLAG_REFERENCED | \ | ||||
PFR_TFLAG_REFDANCHOR | \ | PFR_TFLAG_REFDANCHOR | \ | ||||
PFR_TFLAG_COUNTERS) | PFR_TFLAG_COUNTERS) | ||||
struct pf_anchor_stackframe; | struct pf_kanchor_stackframe; | ||||
struct pfr_table { | struct pfr_table { | ||||
char pfrt_anchor[MAXPATHLEN]; | char pfrt_anchor[MAXPATHLEN]; | ||||
char pfrt_name[PF_TABLE_NAME_SIZE]; | char pfrt_name[PF_TABLE_NAME_SIZE]; | ||||
u_int32_t pfrt_flags; | u_int32_t pfrt_flags; | ||||
u_int8_t pfrt_fback; | u_int8_t pfrt_fback; | ||||
}; | }; | ||||
▲ Show 20 Lines • Show All 65 Lines • ▼ Show 20 Lines | |||||
struct pfr_kcounters { | struct pfr_kcounters { | ||||
counter_u64_t pfrkc_counters; | counter_u64_t pfrkc_counters; | ||||
long pfrkc_tzero; | long pfrkc_tzero; | ||||
}; | }; | ||||
#define pfr_kentry_counter(kc, dir, op, t) \ | #define pfr_kentry_counter(kc, dir, op, t) \ | ||||
((kc)->pfrkc_counters + \ | ((kc)->pfrkc_counters + \ | ||||
(dir) * PFR_OP_ADDR_MAX * PFR_TYPE_MAX + (op) * PFR_TYPE_MAX + (t)) | (dir) * PFR_OP_ADDR_MAX * PFR_TYPE_MAX + (op) * PFR_TYPE_MAX + (t)) | ||||
#ifdef _KERNEL | |||||
SLIST_HEAD(pfr_kentryworkq, pfr_kentry); | SLIST_HEAD(pfr_kentryworkq, pfr_kentry); | ||||
struct pfr_kentry { | struct pfr_kentry { | ||||
struct radix_node pfrke_node[2]; | struct radix_node pfrke_node[2]; | ||||
union sockaddr_union pfrke_sa; | union sockaddr_union pfrke_sa; | ||||
SLIST_ENTRY(pfr_kentry) pfrke_workq; | SLIST_ENTRY(pfr_kentry) pfrke_workq; | ||||
struct pfr_kcounters pfrke_counters; | struct pfr_kcounters pfrke_counters; | ||||
u_int8_t pfrke_af; | u_int8_t pfrke_af; | ||||
u_int8_t pfrke_net; | u_int8_t pfrke_net; | ||||
u_int8_t pfrke_not; | u_int8_t pfrke_not; | ||||
u_int8_t pfrke_mark; | u_int8_t pfrke_mark; | ||||
}; | }; | ||||
SLIST_HEAD(pfr_ktableworkq, pfr_ktable); | SLIST_HEAD(pfr_ktableworkq, pfr_ktable); | ||||
RB_HEAD(pfr_ktablehead, pfr_ktable); | RB_HEAD(pfr_ktablehead, pfr_ktable); | ||||
struct pfr_ktable { | struct pfr_ktable { | ||||
struct pfr_ktstats pfrkt_kts; | struct pfr_ktstats pfrkt_kts; | ||||
RB_ENTRY(pfr_ktable) pfrkt_tree; | RB_ENTRY(pfr_ktable) pfrkt_tree; | ||||
SLIST_ENTRY(pfr_ktable) pfrkt_workq; | SLIST_ENTRY(pfr_ktable) pfrkt_workq; | ||||
struct radix_node_head *pfrkt_ip4; | struct radix_node_head *pfrkt_ip4; | ||||
struct radix_node_head *pfrkt_ip6; | struct radix_node_head *pfrkt_ip6; | ||||
struct pfr_ktable *pfrkt_shadow; | struct pfr_ktable *pfrkt_shadow; | ||||
struct pfr_ktable *pfrkt_root; | struct pfr_ktable *pfrkt_root; | ||||
struct pf_ruleset *pfrkt_rs; | struct pf_kruleset *pfrkt_rs; | ||||
long pfrkt_larg; | long pfrkt_larg; | ||||
int pfrkt_nflags; | int pfrkt_nflags; | ||||
}; | }; | ||||
#define pfrkt_t pfrkt_kts.pfrts_t | #define pfrkt_t pfrkt_kts.pfrts_t | ||||
#define pfrkt_name pfrkt_t.pfrt_name | #define pfrkt_name pfrkt_t.pfrt_name | ||||
#define pfrkt_anchor pfrkt_t.pfrt_anchor | #define pfrkt_anchor pfrkt_t.pfrt_anchor | ||||
#define pfrkt_ruleset pfrkt_t.pfrt_ruleset | #define pfrkt_ruleset pfrkt_t.pfrt_ruleset | ||||
#define pfrkt_flags pfrkt_t.pfrt_flags | #define pfrkt_flags pfrkt_t.pfrt_flags | ||||
#define pfrkt_cnt pfrkt_kts.pfrkts_cnt | #define pfrkt_cnt pfrkt_kts.pfrkts_cnt | ||||
#define pfrkt_refcnt pfrkt_kts.pfrkts_refcnt | #define pfrkt_refcnt pfrkt_kts.pfrkts_refcnt | ||||
#define pfrkt_packets pfrkt_kts.pfrkts_packets | #define pfrkt_packets pfrkt_kts.pfrkts_packets | ||||
#define pfrkt_bytes pfrkt_kts.pfrkts_bytes | #define pfrkt_bytes pfrkt_kts.pfrkts_bytes | ||||
#define pfrkt_match pfrkt_kts.pfrkts_match | #define pfrkt_match pfrkt_kts.pfrkts_match | ||||
#define pfrkt_nomatch pfrkt_kts.pfrkts_nomatch | #define pfrkt_nomatch pfrkt_kts.pfrkts_nomatch | ||||
#define pfrkt_tzero pfrkt_kts.pfrkts_tzero | #define pfrkt_tzero pfrkt_kts.pfrkts_tzero | ||||
#endif | |||||
/* keep synced with pfi_kif, used in RB_FIND */ | /* keep synced with pfi_kif, used in RB_FIND */ | ||||
struct pfi_kif_cmp { | struct pfi_kif_cmp { | ||||
char pfik_name[IFNAMSIZ]; | char pfik_name[IFNAMSIZ]; | ||||
}; | }; | ||||
struct pfi_kif { | struct pfi_kif { | ||||
char pfik_name[IFNAMSIZ]; | char pfik_name[IFNAMSIZ]; | ||||
Show All 28 Lines | union { | ||||
struct udphdr *udp; | struct udphdr *udp; | ||||
struct icmp *icmp; | struct icmp *icmp; | ||||
#ifdef INET6 | #ifdef INET6 | ||||
struct icmp6_hdr *icmp6; | struct icmp6_hdr *icmp6; | ||||
#endif /* INET6 */ | #endif /* INET6 */ | ||||
void *any; | void *any; | ||||
} hdr; | } hdr; | ||||
struct pf_rule *nat_rule; /* nat/rdr rule applied to packet */ | struct pf_krule *nat_rule; /* nat/rdr rule applied to packet */ | ||||
struct pf_addr *src; /* src address */ | struct pf_addr *src; /* src address */ | ||||
struct pf_addr *dst; /* dst address */ | struct pf_addr *dst; /* dst address */ | ||||
u_int16_t *sport; | u_int16_t *sport; | ||||
u_int16_t *dport; | u_int16_t *dport; | ||||
struct pf_mtag *pf_mtag; | struct pf_mtag *pf_mtag; | ||||
u_int32_t p_len; /* total length of payload */ | u_int32_t p_len; /* total length of payload */ | ||||
▲ Show 20 Lines • Show All 488 Lines • ▼ Show 20 Lines | |||||
#define V_pf_altqs_active VNET(pf_altqs_active) | #define V_pf_altqs_active VNET(pf_altqs_active) | ||||
VNET_DECLARE(struct pf_altqqueue *, pf_altq_ifs_active); | VNET_DECLARE(struct pf_altqqueue *, pf_altq_ifs_active); | ||||
#define V_pf_altq_ifs_active VNET(pf_altq_ifs_active) | #define V_pf_altq_ifs_active VNET(pf_altq_ifs_active) | ||||
VNET_DECLARE(struct pf_altqqueue *, pf_altqs_inactive); | VNET_DECLARE(struct pf_altqqueue *, pf_altqs_inactive); | ||||
#define V_pf_altqs_inactive VNET(pf_altqs_inactive) | #define V_pf_altqs_inactive VNET(pf_altqs_inactive) | ||||
VNET_DECLARE(struct pf_altqqueue *, pf_altq_ifs_inactive); | VNET_DECLARE(struct pf_altqqueue *, pf_altq_ifs_inactive); | ||||
#define V_pf_altq_ifs_inactive VNET(pf_altq_ifs_inactive) | #define V_pf_altq_ifs_inactive VNET(pf_altq_ifs_inactive) | ||||
VNET_DECLARE(struct pf_rulequeue, pf_unlinked_rules); | VNET_DECLARE(struct pf_krulequeue, pf_unlinked_rules); | ||||
#define V_pf_unlinked_rules VNET(pf_unlinked_rules) | #define V_pf_unlinked_rules VNET(pf_unlinked_rules) | ||||
void pf_initialize(void); | void pf_initialize(void); | ||||
void pf_mtag_initialize(void); | void pf_mtag_initialize(void); | ||||
void pf_mtag_cleanup(void); | void pf_mtag_cleanup(void); | ||||
void pf_cleanup(void); | void pf_cleanup(void); | ||||
struct pf_mtag *pf_get_mtag(struct mbuf *); | struct pf_mtag *pf_get_mtag(struct mbuf *); | ||||
extern void pf_calc_skip_steps(struct pf_rulequeue *); | extern void pf_calc_skip_steps(struct pf_krulequeue *); | ||||
#ifdef ALTQ | #ifdef ALTQ | ||||
extern void pf_altq_ifnet_event(struct ifnet *, int); | extern void pf_altq_ifnet_event(struct ifnet *, int); | ||||
#endif | #endif | ||||
VNET_DECLARE(uma_zone_t, pf_state_z); | VNET_DECLARE(uma_zone_t, pf_state_z); | ||||
#define V_pf_state_z VNET(pf_state_z) | #define V_pf_state_z VNET(pf_state_z) | ||||
VNET_DECLARE(uma_zone_t, pf_state_key_z); | VNET_DECLARE(uma_zone_t, pf_state_key_z); | ||||
#define V_pf_state_key_z VNET(pf_state_key_z) | #define V_pf_state_key_z VNET(pf_state_key_z) | ||||
VNET_DECLARE(uma_zone_t, pf_state_scrub_z); | VNET_DECLARE(uma_zone_t, pf_state_scrub_z); | ||||
Show All 30 Lines | pf_release_state(struct pf_state *s) | ||||
} else | } else | ||||
return (0); | return (0); | ||||
} | } | ||||
extern struct pf_state *pf_find_state_byid(uint64_t, uint32_t); | extern struct pf_state *pf_find_state_byid(uint64_t, uint32_t); | ||||
extern struct pf_state *pf_find_state_all(struct pf_state_key_cmp *, | extern struct pf_state *pf_find_state_all(struct pf_state_key_cmp *, | ||||
u_int, int *); | u_int, int *); | ||||
extern struct pf_ksrc_node *pf_find_src_node(struct pf_addr *, | extern struct pf_ksrc_node *pf_find_src_node(struct pf_addr *, | ||||
struct pf_rule *, sa_family_t, int); | struct pf_krule *, sa_family_t, int); | ||||
extern void pf_unlink_src_node(struct pf_ksrc_node *); | extern void pf_unlink_src_node(struct pf_ksrc_node *); | ||||
extern u_int pf_free_src_nodes(struct pf_ksrc_node_list *); | extern u_int pf_free_src_nodes(struct pf_ksrc_node_list *); | ||||
extern void pf_print_state(struct pf_state *); | extern void pf_print_state(struct pf_state *); | ||||
extern void pf_print_flags(u_int8_t); | extern void pf_print_flags(u_int8_t); | ||||
extern u_int16_t pf_cksum_fixup(u_int16_t, u_int16_t, u_int16_t, | extern u_int16_t pf_cksum_fixup(u_int16_t, u_int16_t, u_int16_t, | ||||
u_int8_t); | u_int8_t); | ||||
extern u_int16_t pf_proto_cksum_fixup(struct mbuf *, u_int16_t, | extern u_int16_t pf_proto_cksum_fixup(struct mbuf *, u_int16_t, | ||||
u_int16_t, u_int16_t, u_int8_t); | u_int16_t, u_int16_t, u_int8_t); | ||||
VNET_DECLARE(struct ifnet *, sync_ifp); | VNET_DECLARE(struct ifnet *, sync_ifp); | ||||
#define V_sync_ifp VNET(sync_ifp); | #define V_sync_ifp VNET(sync_ifp); | ||||
VNET_DECLARE(struct pf_rule, pf_default_rule); | VNET_DECLARE(struct pf_krule, pf_default_rule); | ||||
#define V_pf_default_rule VNET(pf_default_rule) | #define V_pf_default_rule VNET(pf_default_rule) | ||||
extern void pf_addrcpy(struct pf_addr *, struct pf_addr *, | extern void pf_addrcpy(struct pf_addr *, struct pf_addr *, | ||||
u_int8_t); | u_int8_t); | ||||
void pf_free_rule(struct pf_rule *); | void pf_free_rule(struct pf_krule *); | ||||
#ifdef INET | #ifdef INET | ||||
int pf_test(int, int, struct ifnet *, struct mbuf **, struct inpcb *); | int pf_test(int, int, struct ifnet *, struct mbuf **, struct inpcb *); | ||||
int pf_normalize_ip(struct mbuf **, int, struct pfi_kif *, u_short *, | int pf_normalize_ip(struct mbuf **, int, struct pfi_kif *, u_short *, | ||||
struct pf_pdesc *); | struct pf_pdesc *); | ||||
#endif /* INET */ | #endif /* INET */ | ||||
#ifdef INET6 | #ifdef INET6 | ||||
▲ Show 20 Lines • Show All 45 Lines • ▼ Show 20 Lines | |||||
void pfr_initialize(void); | void pfr_initialize(void); | ||||
void pfr_cleanup(void); | void pfr_cleanup(void); | ||||
int pfr_match_addr(struct pfr_ktable *, struct pf_addr *, sa_family_t); | int pfr_match_addr(struct pfr_ktable *, struct pf_addr *, sa_family_t); | ||||
void pfr_update_stats(struct pfr_ktable *, struct pf_addr *, sa_family_t, | void pfr_update_stats(struct pfr_ktable *, struct pf_addr *, sa_family_t, | ||||
u_int64_t, int, int, int); | u_int64_t, int, int, int); | ||||
int pfr_pool_get(struct pfr_ktable *, int *, struct pf_addr *, sa_family_t); | int pfr_pool_get(struct pfr_ktable *, int *, struct pf_addr *, sa_family_t); | ||||
void pfr_dynaddr_update(struct pfr_ktable *, struct pfi_dynaddr *); | void pfr_dynaddr_update(struct pfr_ktable *, struct pfi_dynaddr *); | ||||
struct pfr_ktable * | struct pfr_ktable * | ||||
pfr_attach_table(struct pf_ruleset *, char *); | pfr_attach_table(struct pf_kruleset *, char *); | ||||
void pfr_detach_table(struct pfr_ktable *); | void pfr_detach_table(struct pfr_ktable *); | ||||
int pfr_clr_tables(struct pfr_table *, int *, int); | int pfr_clr_tables(struct pfr_table *, int *, int); | ||||
int pfr_add_tables(struct pfr_table *, int, int *, int); | int pfr_add_tables(struct pfr_table *, int, int *, int); | ||||
int pfr_del_tables(struct pfr_table *, int, int *, int); | int pfr_del_tables(struct pfr_table *, int, int *, int); | ||||
int pfr_table_count(struct pfr_table *, int); | int pfr_table_count(struct pfr_table *, int); | ||||
int pfr_get_tables(struct pfr_table *, struct pfr_table *, int *, int); | int pfr_get_tables(struct pfr_table *, struct pfr_table *, int *, int); | ||||
int pfr_get_tstats(struct pfr_table *, struct pfr_tstats *, int *, int); | int pfr_get_tstats(struct pfr_table *, struct pfr_tstats *, int *, int); | ||||
int pfr_clr_tstats(struct pfr_table *, int, int *, int); | int pfr_clr_tstats(struct pfr_table *, int, int *, int); | ||||
Show All 37 Lines | |||||
int pfi_dynaddr_setup(struct pf_addr_wrap *, sa_family_t); | int pfi_dynaddr_setup(struct pf_addr_wrap *, sa_family_t); | ||||
void pfi_dynaddr_remove(struct pfi_dynaddr *); | void pfi_dynaddr_remove(struct pfi_dynaddr *); | ||||
void pfi_dynaddr_copyout(struct pf_addr_wrap *); | void pfi_dynaddr_copyout(struct pf_addr_wrap *); | ||||
void pfi_update_status(const char *, struct pf_status *); | void pfi_update_status(const char *, struct pf_status *); | ||||
void pfi_get_ifaces(const char *, struct pfi_kif *, int *); | void pfi_get_ifaces(const char *, struct pfi_kif *, int *); | ||||
int pfi_set_flags(const char *, int); | int pfi_set_flags(const char *, int); | ||||
int pfi_clear_flags(const char *, int); | int pfi_clear_flags(const char *, int); | ||||
int pf_match_tag(struct mbuf *, struct pf_rule *, int *, int); | int pf_match_tag(struct mbuf *, struct pf_krule *, int *, int); | ||||
int pf_tag_packet(struct mbuf *, struct pf_pdesc *, int); | int pf_tag_packet(struct mbuf *, struct pf_pdesc *, int); | ||||
int pf_addr_cmp(struct pf_addr *, struct pf_addr *, | int pf_addr_cmp(struct pf_addr *, struct pf_addr *, | ||||
sa_family_t); | sa_family_t); | ||||
void pf_qid2qname(u_int32_t, char *); | void pf_qid2qname(u_int32_t, char *); | ||||
VNET_DECLARE(struct pf_kstatus, pf_status); | VNET_DECLARE(struct pf_kstatus, pf_status); | ||||
#define V_pf_status VNET(pf_status) | #define V_pf_status VNET(pf_status) | ||||
struct pf_limit { | struct pf_limit { | ||||
uma_zone_t zone; | uma_zone_t zone; | ||||
u_int limit; | u_int limit; | ||||
}; | }; | ||||
VNET_DECLARE(struct pf_limit, pf_limits[PF_LIMIT_MAX]); | VNET_DECLARE(struct pf_limit, pf_limits[PF_LIMIT_MAX]); | ||||
#define V_pf_limits VNET(pf_limits) | #define V_pf_limits VNET(pf_limits) | ||||
#endif /* _KERNEL */ | #endif /* _KERNEL */ | ||||
#ifdef _KERNEL | #ifdef _KERNEL | ||||
VNET_DECLARE(struct pf_anchor_global, pf_anchors); | VNET_DECLARE(struct pf_kanchor_global, pf_anchors); | ||||
#define V_pf_anchors VNET(pf_anchors) | #define V_pf_anchors VNET(pf_anchors) | ||||
VNET_DECLARE(struct pf_anchor, pf_main_anchor); | VNET_DECLARE(struct pf_kanchor, pf_main_anchor); | ||||
#define V_pf_main_anchor VNET(pf_main_anchor) | #define V_pf_main_anchor VNET(pf_main_anchor) | ||||
#define pf_main_ruleset V_pf_main_anchor.ruleset | #define pf_main_ruleset V_pf_main_anchor.ruleset | ||||
#endif | |||||
/* these ruleset functions can be linked into userland programs (pfctl) */ | |||||
int pf_get_ruleset_number(u_int8_t); | int pf_get_ruleset_number(u_int8_t); | ||||
void pf_init_ruleset(struct pf_ruleset *); | void pf_init_kruleset(struct pf_kruleset *); | ||||
int pf_anchor_setup(struct pf_rule *, | int pf_kanchor_setup(struct pf_krule *, | ||||
const struct pf_ruleset *, const char *); | const struct pf_kruleset *, const char *); | ||||
int pf_anchor_copyout(const struct pf_ruleset *, | int pf_kanchor_copyout(const struct pf_kruleset *, | ||||
const struct pf_rule *, struct pfioc_rule *); | const struct pf_krule *, struct pfioc_rule *); | ||||
void pf_anchor_remove(struct pf_rule *); | void pf_kanchor_remove(struct pf_krule *); | ||||
void pf_remove_if_empty_ruleset(struct pf_ruleset *); | void pf_remove_if_empty_kruleset(struct pf_kruleset *); | ||||
struct pf_ruleset *pf_find_ruleset(const char *); | struct pf_kruleset *pf_find_kruleset(const char *); | ||||
struct pf_ruleset *pf_find_or_create_ruleset(const char *); | struct pf_kruleset *pf_find_or_create_kruleset(const char *); | ||||
void pf_rs_initialize(void); | void pf_rs_initialize(void); | ||||
#endif | |||||
/* The fingerprint functions can be linked into userland programs (tcpdump) */ | /* The fingerprint functions can be linked into userland programs (tcpdump) */ | ||||
int pf_osfp_add(struct pf_osfp_ioctl *); | int pf_osfp_add(struct pf_osfp_ioctl *); | ||||
#ifdef _KERNEL | #ifdef _KERNEL | ||||
struct pf_osfp_enlist * | struct pf_osfp_enlist * | ||||
pf_osfp_fingerprint(struct pf_pdesc *, struct mbuf *, int, | pf_osfp_fingerprint(struct pf_pdesc *, struct mbuf *, int, | ||||
const struct tcphdr *); | const struct tcphdr *); | ||||
#endif /* _KERNEL */ | #endif /* _KERNEL */ | ||||
void pf_osfp_flush(void); | void pf_osfp_flush(void); | ||||
int pf_osfp_get(struct pf_osfp_ioctl *); | int pf_osfp_get(struct pf_osfp_ioctl *); | ||||
int pf_osfp_match(struct pf_osfp_enlist *, pf_osfp_t); | int pf_osfp_match(struct pf_osfp_enlist *, pf_osfp_t); | ||||
#ifdef _KERNEL | #ifdef _KERNEL | ||||
void pf_print_host(struct pf_addr *, u_int16_t, u_int8_t); | void pf_print_host(struct pf_addr *, u_int16_t, u_int8_t); | ||||
void pf_step_into_anchor(struct pf_anchor_stackframe *, int *, | void pf_step_into_anchor(struct pf_kanchor_stackframe *, int *, | ||||
struct pf_ruleset **, int, struct pf_rule **, | struct pf_kruleset **, int, struct pf_krule **, | ||||
struct pf_rule **, int *); | struct pf_krule **, int *); | ||||
int pf_step_out_of_anchor(struct pf_anchor_stackframe *, int *, | int pf_step_out_of_anchor(struct pf_kanchor_stackframe *, int *, | ||||
struct pf_ruleset **, int, struct pf_rule **, | struct pf_kruleset **, int, struct pf_krule **, | ||||
struct pf_rule **, int *); | struct pf_krule **, int *); | ||||
int pf_map_addr(u_int8_t, struct pf_rule *, | int pf_map_addr(u_int8_t, struct pf_krule *, | ||||
struct pf_addr *, struct pf_addr *, | struct pf_addr *, struct pf_addr *, | ||||
struct pf_addr *, struct pf_ksrc_node **); | struct pf_addr *, struct pf_ksrc_node **); | ||||
struct pf_rule *pf_get_translation(struct pf_pdesc *, struct mbuf *, | struct pf_krule *pf_get_translation(struct pf_pdesc *, struct mbuf *, | ||||
int, int, struct pfi_kif *, struct pf_ksrc_node **, | int, int, struct pfi_kif *, struct pf_ksrc_node **, | ||||
struct pf_state_key **, struct pf_state_key **, | struct pf_state_key **, struct pf_state_key **, | ||||
struct pf_addr *, struct pf_addr *, | struct pf_addr *, struct pf_addr *, | ||||
uint16_t, uint16_t, struct pf_anchor_stackframe *); | uint16_t, uint16_t, struct pf_kanchor_stackframe *); | ||||
struct pf_state_key *pf_state_key_setup(struct pf_pdesc *, struct pf_addr *, | struct pf_state_key *pf_state_key_setup(struct pf_pdesc *, struct pf_addr *, | ||||
struct pf_addr *, u_int16_t, u_int16_t); | struct pf_addr *, u_int16_t, u_int16_t); | ||||
struct pf_state_key *pf_state_key_clone(struct pf_state_key *); | struct pf_state_key *pf_state_key_clone(struct pf_state_key *); | ||||
#endif /* _KERNEL */ | #endif /* _KERNEL */ | ||||
#endif /* _NET_PFVAR_H_ */ | #endif /* _NET_PFVAR_H_ */ |