Changeset View
Changeset View
Standalone View
Standalone View
sys/net/pfvar.h
Show First 20 Lines • Show All 1,126 Lines • ▼ Show 20 Lines | |||||
#define REASON_SET(a, x) \ | #define REASON_SET(a, x) \ | ||||
do { \ | do { \ | ||||
if ((a) != NULL) \ | if ((a) != NULL) \ | ||||
*(a) = (x); \ | *(a) = (x); \ | ||||
if (x < PFRES_MAX) \ | if (x < PFRES_MAX) \ | ||||
counter_u64_add(V_pf_status.counters[x], 1); \ | counter_u64_add(V_pf_status.counters[x], 1); \ | ||||
} while (0) | } while (0) | ||||
enum pf_syncookies_mode { | |||||
PF_SYNCOOKIES_NEVER = 0, | |||||
PF_SYNCOOKIES_ALWAYS = 1, | |||||
PF_SYNCOOKIES_MODE_MAX = PF_SYNCOOKIES_ALWAYS | |||||
}; | |||||
struct pf_kstatus { | struct pf_kstatus { | ||||
counter_u64_t counters[PFRES_MAX]; /* reason for passing/dropping */ | counter_u64_t counters[PFRES_MAX]; /* reason for passing/dropping */ | ||||
counter_u64_t lcounters[LCNT_MAX]; /* limit counters */ | counter_u64_t lcounters[LCNT_MAX]; /* limit counters */ | ||||
counter_u64_t fcounters[FCNT_MAX]; /* state operation counters */ | counter_u64_t fcounters[FCNT_MAX]; /* state operation counters */ | ||||
counter_u64_t scounters[SCNT_MAX]; /* src_node operation counters */ | counter_u64_t scounters[SCNT_MAX]; /* src_node operation counters */ | ||||
uint32_t states; | uint32_t states; | ||||
uint32_t src_nodes; | uint32_t src_nodes; | ||||
uint32_t running; | uint32_t running; | ||||
uint32_t since; | uint32_t since; | ||||
uint32_t debug; | uint32_t debug; | ||||
uint32_t hostid; | uint32_t hostid; | ||||
char ifname[IFNAMSIZ]; | char ifname[IFNAMSIZ]; | ||||
uint8_t pf_chksum[PF_MD5_DIGEST_LENGTH]; | uint8_t pf_chksum[PF_MD5_DIGEST_LENGTH]; | ||||
bool keep_counters; | bool keep_counters; | ||||
enum pf_syncookies_mode syncookies_mode; | |||||
bool syncookies_active; | |||||
}; | }; | ||||
struct pf_divert { | struct pf_divert { | ||||
union { | union { | ||||
struct in_addr ipv4; | struct in_addr ipv4; | ||||
struct in6_addr ipv6; | struct in6_addr ipv6; | ||||
} addr; | } addr; | ||||
u_int16_t port; | u_int16_t port; | ||||
▲ Show 20 Lines • Show All 324 Lines • ▼ Show 20 Lines | |||||
#define DIOCCLRSRCNODES _IO('D', 85) | #define DIOCCLRSRCNODES _IO('D', 85) | ||||
#define DIOCSETHOSTID _IOWR('D', 86, u_int32_t) | #define DIOCSETHOSTID _IOWR('D', 86, u_int32_t) | ||||
#define DIOCIGETIFACES _IOWR('D', 87, struct pfioc_iface) | #define DIOCIGETIFACES _IOWR('D', 87, struct pfioc_iface) | ||||
#define DIOCSETIFFLAG _IOWR('D', 89, struct pfioc_iface) | #define DIOCSETIFFLAG _IOWR('D', 89, struct pfioc_iface) | ||||
#define DIOCCLRIFFLAG _IOWR('D', 90, struct pfioc_iface) | #define DIOCCLRIFFLAG _IOWR('D', 90, struct pfioc_iface) | ||||
#define DIOCKILLSRCNODES _IOWR('D', 91, struct pfioc_src_node_kill) | #define DIOCKILLSRCNODES _IOWR('D', 91, struct pfioc_src_node_kill) | ||||
#define DIOCKEEPCOUNTERS _IOWR('D', 92, struct pfioc_nv) | #define DIOCKEEPCOUNTERS _IOWR('D', 92, struct pfioc_nv) | ||||
#define DIOCGETSTATESV2 _IOWR('D', 93, struct pfioc_states_v2) | #define DIOCGETSTATESV2 _IOWR('D', 93, struct pfioc_states_v2) | ||||
#define DIOCGETSYNCOOKIES _IOWR('D', 94, struct pfioc_nv) | |||||
#define DIOCSETSYNCOOKIES _IOWR('D', 95, struct pfioc_nv) | |||||
struct pf_ifspeed_v0 { | struct pf_ifspeed_v0 { | ||||
char ifname[IFNAMSIZ]; | char ifname[IFNAMSIZ]; | ||||
u_int32_t baudrate; | u_int32_t baudrate; | ||||
}; | }; | ||||
struct pf_ifspeed_v1 { | struct pf_ifspeed_v1 { | ||||
char ifname[IFNAMSIZ]; | char ifname[IFNAMSIZ]; | ||||
▲ Show 20 Lines • Show All 313 Lines • ▼ Show 20 Lines | |||||
int pfi_set_flags(const char *, int); | int pfi_set_flags(const char *, int); | ||||
int pfi_clear_flags(const char *, int); | int pfi_clear_flags(const char *, int); | ||||
int pf_match_tag(struct mbuf *, struct pf_krule *, int *, int); | int pf_match_tag(struct mbuf *, struct pf_krule *, int *, int); | ||||
int pf_tag_packet(struct mbuf *, struct pf_pdesc *, int); | int pf_tag_packet(struct mbuf *, struct pf_pdesc *, int); | ||||
int pf_addr_cmp(struct pf_addr *, struct pf_addr *, | int pf_addr_cmp(struct pf_addr *, struct pf_addr *, | ||||
sa_family_t); | sa_family_t); | ||||
void pf_qid2qname(u_int32_t, char *); | void pf_qid2qname(u_int32_t, char *); | ||||
u_int16_t pf_get_mss(struct mbuf *, int, u_int16_t, sa_family_t); | |||||
u_int8_t pf_get_wscale(struct mbuf *, int, u_int16_t, sa_family_t); | |||||
struct mbuf *pf_build_tcp(const struct pf_krule *, sa_family_t, | |||||
const struct pf_addr *, const struct pf_addr *, | |||||
u_int16_t, u_int16_t, u_int32_t, u_int32_t, | |||||
u_int8_t, u_int16_t, u_int16_t, u_int8_t, int, | |||||
u_int16_t); | |||||
void pf_send_tcp(const struct pf_krule *, sa_family_t, | |||||
const struct pf_addr *, const struct pf_addr *, | |||||
u_int16_t, u_int16_t, u_int32_t, u_int32_t, | |||||
u_int8_t, u_int16_t, u_int16_t, u_int8_t, int, | |||||
u_int16_t); | |||||
void pf_syncookies_init(void); | |||||
int pf_syncookies_setmode(u_int8_t); | |||||
int pf_get_syncookies(struct pfioc_nv *); | |||||
int pf_set_syncookies(struct pfioc_nv *); | |||||
int pf_synflood_check(struct pf_pdesc *); | |||||
void pf_syncookie_send(struct mbuf *m, int off, | |||||
struct pf_pdesc *); | |||||
u_int8_t pf_syncookie_validate(struct pf_pdesc *); | |||||
struct mbuf * pf_syncookie_recreate_syn(uint8_t, int, | |||||
struct pf_pdesc *); | |||||
VNET_DECLARE(struct pf_kstatus, pf_status); | VNET_DECLARE(struct pf_kstatus, pf_status); | ||||
#define V_pf_status VNET(pf_status) | #define V_pf_status VNET(pf_status) | ||||
struct pf_limit { | struct pf_limit { | ||||
uma_zone_t zone; | uma_zone_t zone; | ||||
u_int limit; | u_int limit; | ||||
}; | }; | ||||
▲ Show 20 Lines • Show All 68 Lines • Show Last 20 Lines |