Index: head/sys/net/if_gif.h =================================================================== --- head/sys/net/if_gif.h (revision 191737) +++ head/sys/net/if_gif.h (revision 191738) @@ -1,146 +1,146 @@ /* $FreeBSD$ */ /* $KAME: if_gif.h,v 1.17 2000/09/11 11:36:41 sumikawa Exp $ */ /*- * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. Neither the name of the project nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ /* * if_gif.h */ #ifndef _NET_IF_GIF_H_ #define _NET_IF_GIF_H_ #ifdef _KERNEL #include "opt_inet.h" #include "opt_inet6.h" #include /* xxx sigh, why route have struct route instead of pointer? */ struct encaptab; extern void (*ng_gif_input_p)(struct ifnet *ifp, struct mbuf **mp, int af); extern void (*ng_gif_input_orphan_p)(struct ifnet *ifp, struct mbuf *m, int af); extern int (*ng_gif_output_p)(struct ifnet *ifp, struct mbuf **mp); extern void (*ng_gif_attach_p)(struct ifnet *ifp); extern void (*ng_gif_detach_p)(struct ifnet *ifp); struct gif_softc { struct ifnet *gif_ifp; struct mtx gif_mtx; struct sockaddr *gif_psrc; /* Physical src addr */ struct sockaddr *gif_pdst; /* Physical dst addr */ union { struct route gifscr_ro; /* xxx */ #ifdef INET6 struct route_in6 gifscr_ro6; /* xxx */ #endif } gifsc_gifscr; int gif_flags; u_int gif_fibnum; const struct encaptab *encap_cookie4; const struct encaptab *encap_cookie6; void *gif_netgraph; /* ng_gif(4) netgraph node info */ LIST_ENTRY(gif_softc) gif_list; /* all gif's are linked */ }; #define GIF2IFP(sc) ((sc)->gif_ifp) #define GIF_LOCK_INIT(sc) mtx_init(&(sc)->gif_mtx, "gif softc", \ NULL, MTX_DEF) #define GIF_LOCK_DESTROY(sc) mtx_destroy(&(sc)->gif_mtx) #define GIF_LOCK(sc) mtx_lock(&(sc)->gif_mtx) #define GIF_UNLOCK(sc) mtx_unlock(&(sc)->gif_mtx) #define GIF_LOCK_ASSERT(sc) mtx_assert(&(sc)->gif_mtx, MA_OWNED) #define gif_ro gifsc_gifscr.gifscr_ro #ifdef INET6 #define gif_ro6 gifsc_gifscr.gifscr_ro6 #endif #define GIF_MTU (1280) /* Default MTU */ #define GIF_MTU_MIN (1280) /* Minimum MTU */ #define GIF_MTU_MAX (8192) /* Maximum MTU */ #define MTAG_GIF 1080679712 #define MTAG_GIF_CALLED 0 struct etherip_header { u_int8_t eip_ver; /* version/reserved */ u_int8_t eip_pad; /* required padding byte */ }; #define ETHERIP_VER_VERS_MASK 0x0f #define ETHERIP_VER_RSVD_MASK 0xf0 #define ETHERIP_VERSION 0x03 /* mbuf adjust factor to force 32-bit alignment of IP header */ #define ETHERIP_ALIGN 2 /* Prototypes */ void gif_input(struct mbuf *, int, struct ifnet *); int gif_output(struct ifnet *, struct mbuf *, struct sockaddr *, struct route *); int gif_ioctl(struct ifnet *, u_long, caddr_t); int gif_set_tunnel(struct ifnet *, struct sockaddr *, struct sockaddr *); void gif_delete_tunnel(struct ifnet *); int gif_encapcheck(const struct mbuf *, int, int, void *); /* * Virtualization support */ struct vnet_gif { - LIST_HEAD(, gif_softc) _gif_softc_list; - int _max_gif_nesting; - int _parallel_tunnels; - int _ip_gif_ttl; - int _ip6_gif_hlim; + LIST_HEAD(, gif_softc) _gif_softc_list; + int _max_gif_nesting; + int _parallel_tunnels; + int _ip_gif_ttl; + int _ip6_gif_hlim; }; #ifndef VIMAGE #ifndef VIMAGE_GLOBALS extern struct vnet_gif vnet_gif_0; #endif #endif #define INIT_VNET_GIF(vnet) \ INIT_FROM_VNET(vnet, VNET_MOD_GIF, struct vnet_gif, vnet_gif) #define VNET_GIF(sym) VSYM(vnet_gif, sym) #define V_gif_softc_list VNET_GIF(gif_softc_list) #define V_max_gif_nesting VNET_GIF(max_gif_nesting) #define V_parallel_tunnels VNET_GIF(parallel_tunnels) #define V_ip_gif_ttl VNET_GIF(ip_gif_ttl) #define V_ip6_gif_hlim VNET_GIF(ip6_gif_hlim) #endif /* _KERNEL */ #endif /* _NET_IF_GIF_H_ */ Index: head/sys/net/vnet.h =================================================================== --- head/sys/net/vnet.h (revision 191737) +++ head/sys/net/vnet.h (revision 191738) @@ -1,92 +1,92 @@ /*- * Copyright (c) 2006-2008 University of Zagreb * Copyright (c) 2006-2008 FreeBSD Foundation * * This software was developed by the University of Zagreb and the * FreeBSD Foundation under sponsorship by the Stichting NLnet and the * FreeBSD Foundation. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * $FreeBSD$ */ #ifndef _NET_VNET_H_ #define _NET_VNET_H_ #include struct vnet_net { - int _if_index; - struct ifindex_entry *_ifindex_table; - struct ifnethead _ifnet; - struct ifgrouphead _ifg_head; + int _if_index; + struct ifindex_entry * _ifindex_table; + struct ifnethead _ifnet; + struct ifgrouphead _ifg_head; - int _if_indexlim; - struct knlist _ifklist; + int _if_indexlim; + struct knlist _ifklist; - struct rtstat _rtstat; - struct radix_node_head *_rt_tables[RT_MAXFIBS][AF_MAX+1]; - int _rttrash; - uma_zone_t _rtzone; + struct rtstat _rtstat; + struct radix_node_head *_rt_tables[RT_MAXFIBS][AF_MAX+1]; + int _rttrash; + uma_zone_t _rtzone; - struct ifnet *_loif; - LIST_HEAD(, lo_softc) _lo_list; + struct ifnet * _loif; + LIST_HEAD(, lo_softc) _lo_list; - LIST_HEAD(, rawcb) _rawcb_list; + LIST_HEAD(, rawcb) _rawcb_list; - int _ether_ipfw; + int _ether_ipfw; }; /* Size guard. See sys/vimage.h. */ VIMAGE_CTASSERT(SIZEOF_vnet_net, sizeof(struct vnet_net)); #ifndef VIMAGE #ifndef VIMAGE_GLOBALS extern struct vnet_net vnet_net_0; #endif #endif /* * Symbol translation macros */ #define INIT_VNET_NET(vnet) \ INIT_FROM_VNET(vnet, VNET_MOD_NET, struct vnet_net, vnet_net) #define VNET_NET(sym) VSYM(vnet_net, sym) #define V_ether_ipfw VNET_NET(ether_ipfw) #define V_if_index VNET_NET(if_index) #define V_if_indexlim VNET_NET(if_indexlim) #define V_ifg_head VNET_NET(ifg_head) #define V_ifindex_table VNET_NET(ifindex_table) #define V_ifklist VNET_NET(ifklist) #define V_ifnet VNET_NET(ifnet) #define V_lo_list VNET_NET(lo_list) #define V_loif VNET_NET(loif) #define V_rawcb_list VNET_NET(rawcb_list) #define V_rt_tables VNET_NET(rt_tables) #define V_rtstat VNET_NET(rtstat) #define V_rttrash VNET_NET(rttrash) #define V_rtzone VNET_NET(rtzone) #endif /* !_NET_VNET_H_ */ Index: head/sys/netinet/ip_fw.h =================================================================== --- head/sys/netinet/ip_fw.h (revision 191737) +++ head/sys/netinet/ip_fw.h (revision 191738) @@ -1,766 +1,766 @@ /*- * Copyright (c) 2002 Luigi Rizzo, Universita` di Pisa * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * $FreeBSD$ */ #ifndef _IPFW2_H #define _IPFW2_H /* * The default rule number. By the design of ip_fw, the default rule * is the last one, so its number can also serve as the highest number * allowed for a rule. The ip_fw code relies on both meanings of this * constant. */ #define IPFW_DEFAULT_RULE 65535 /* * The number of ipfw tables. The maximum allowed table number is the * (IPFW_TABLES_MAX - 1). */ #define IPFW_TABLES_MAX 128 /* * The kernel representation of ipfw rules is made of a list of * 'instructions' (for all practical purposes equivalent to BPF * instructions), which specify which fields of the packet * (or its metadata) should be analysed. * * Each instruction is stored in a structure which begins with * "ipfw_insn", and can contain extra fields depending on the * instruction type (listed below). * Note that the code is written so that individual instructions * have a size which is a multiple of 32 bits. This means that, if * such structures contain pointers or other 64-bit entities, * (there is just one instance now) they may end up unaligned on * 64-bit architectures, so the must be handled with care. * * "enum ipfw_opcodes" are the opcodes supported. We can have up * to 256 different opcodes. When adding new opcodes, they should * be appended to the end of the opcode list before O_LAST_OPCODE, * this will prevent the ABI from being broken, otherwise users * will have to recompile ipfw(8) when they update the kernel. */ enum ipfw_opcodes { /* arguments (4 byte each) */ O_NOP, O_IP_SRC, /* u32 = IP */ O_IP_SRC_MASK, /* ip = IP/mask */ O_IP_SRC_ME, /* none */ O_IP_SRC_SET, /* u32=base, arg1=len, bitmap */ O_IP_DST, /* u32 = IP */ O_IP_DST_MASK, /* ip = IP/mask */ O_IP_DST_ME, /* none */ O_IP_DST_SET, /* u32=base, arg1=len, bitmap */ O_IP_SRCPORT, /* (n)port list:mask 4 byte ea */ O_IP_DSTPORT, /* (n)port list:mask 4 byte ea */ O_PROTO, /* arg1=protocol */ O_MACADDR2, /* 2 mac addr:mask */ O_MAC_TYPE, /* same as srcport */ O_LAYER2, /* none */ O_IN, /* none */ O_FRAG, /* none */ O_RECV, /* none */ O_XMIT, /* none */ O_VIA, /* none */ O_IPOPT, /* arg1 = 2*u8 bitmap */ O_IPLEN, /* arg1 = len */ O_IPID, /* arg1 = id */ O_IPTOS, /* arg1 = id */ O_IPPRECEDENCE, /* arg1 = precedence << 5 */ O_IPTTL, /* arg1 = TTL */ O_IPVER, /* arg1 = version */ O_UID, /* u32 = id */ O_GID, /* u32 = id */ O_ESTAB, /* none (tcp established) */ O_TCPFLAGS, /* arg1 = 2*u8 bitmap */ O_TCPWIN, /* arg1 = desired win */ O_TCPSEQ, /* u32 = desired seq. */ O_TCPACK, /* u32 = desired seq. */ O_ICMPTYPE, /* u32 = icmp bitmap */ O_TCPOPTS, /* arg1 = 2*u8 bitmap */ O_VERREVPATH, /* none */ O_VERSRCREACH, /* none */ O_PROBE_STATE, /* none */ O_KEEP_STATE, /* none */ O_LIMIT, /* ipfw_insn_limit */ O_LIMIT_PARENT, /* dyn_type, not an opcode. */ /* * These are really 'actions'. */ O_LOG, /* ipfw_insn_log */ O_PROB, /* u32 = match probability */ O_CHECK_STATE, /* none */ O_ACCEPT, /* none */ O_DENY, /* none */ O_REJECT, /* arg1=icmp arg (same as deny) */ O_COUNT, /* none */ O_SKIPTO, /* arg1=next rule number */ O_PIPE, /* arg1=pipe number */ O_QUEUE, /* arg1=queue number */ O_DIVERT, /* arg1=port number */ O_TEE, /* arg1=port number */ O_FORWARD_IP, /* fwd sockaddr */ O_FORWARD_MAC, /* fwd mac */ O_NAT, /* nope */ O_REASS, /* none */ /* * More opcodes. */ O_IPSEC, /* has ipsec history */ O_IP_SRC_LOOKUP, /* arg1=table number, u32=value */ O_IP_DST_LOOKUP, /* arg1=table number, u32=value */ O_ANTISPOOF, /* none */ O_JAIL, /* u32 = id */ O_ALTQ, /* u32 = altq classif. qid */ O_DIVERTED, /* arg1=bitmap (1:loop, 2:out) */ O_TCPDATALEN, /* arg1 = tcp data len */ O_IP6_SRC, /* address without mask */ O_IP6_SRC_ME, /* my addresses */ O_IP6_SRC_MASK, /* address with the mask */ O_IP6_DST, O_IP6_DST_ME, O_IP6_DST_MASK, O_FLOW6ID, /* for flow id tag in the ipv6 pkt */ O_ICMP6TYPE, /* icmp6 packet type filtering */ O_EXT_HDR, /* filtering for ipv6 extension header */ O_IP6, /* * actions for ng_ipfw */ O_NETGRAPH, /* send to ng_ipfw */ O_NGTEE, /* copy to ng_ipfw */ O_IP4, O_UNREACH6, /* arg1=icmpv6 code arg (deny) */ O_TAG, /* arg1=tag number */ O_TAGGED, /* arg1=tag number */ O_SETFIB, /* arg1=FIB number */ O_FIB, /* arg1=FIB desired fib number */ O_LAST_OPCODE /* not an opcode! */ }; /* * The extension header are filtered only for presence using a bit * vector with a flag for each header. */ #define EXT_FRAGMENT 0x1 #define EXT_HOPOPTS 0x2 #define EXT_ROUTING 0x4 #define EXT_AH 0x8 #define EXT_ESP 0x10 #define EXT_DSTOPTS 0x20 #define EXT_RTHDR0 0x40 #define EXT_RTHDR2 0x80 /* * Template for instructions. * * ipfw_insn is used for all instructions which require no operands, * a single 16-bit value (arg1), or a couple of 8-bit values. * * For other instructions which require different/larger arguments * we have derived structures, ipfw_insn_*. * * The size of the instruction (in 32-bit words) is in the low * 6 bits of "len". The 2 remaining bits are used to implement * NOT and OR on individual instructions. Given a type, you can * compute the length to be put in "len" using F_INSN_SIZE(t) * * F_NOT negates the match result of the instruction. * * F_OR is used to build or blocks. By default, instructions * are evaluated as part of a logical AND. An "or" block * { X or Y or Z } contains F_OR set in all but the last * instruction of the block. A match will cause the code * to skip past the last instruction of the block. * * NOTA BENE: in a couple of places we assume that * sizeof(ipfw_insn) == sizeof(u_int32_t) * this needs to be fixed. * */ typedef struct _ipfw_insn { /* template for instructions */ enum ipfw_opcodes opcode:8; u_int8_t len; /* number of 32-bit words */ #define F_NOT 0x80 #define F_OR 0x40 #define F_LEN_MASK 0x3f #define F_LEN(cmd) ((cmd)->len & F_LEN_MASK) u_int16_t arg1; } ipfw_insn; /* * The F_INSN_SIZE(type) computes the size, in 4-byte words, of * a given type. */ #define F_INSN_SIZE(t) ((sizeof (t))/sizeof(u_int32_t)) #define MTAG_IPFW 1148380143 /* IPFW-tagged cookie */ /* * This is used to store an array of 16-bit entries (ports etc.) */ typedef struct _ipfw_insn_u16 { ipfw_insn o; u_int16_t ports[2]; /* there may be more */ } ipfw_insn_u16; /* * This is used to store an array of 32-bit entries * (uid, single IPv4 addresses etc.) */ typedef struct _ipfw_insn_u32 { ipfw_insn o; u_int32_t d[1]; /* one or more */ } ipfw_insn_u32; /* * This is used to store IP addr-mask pairs. */ typedef struct _ipfw_insn_ip { ipfw_insn o; struct in_addr addr; struct in_addr mask; } ipfw_insn_ip; /* * This is used to forward to a given address (ip). */ typedef struct _ipfw_insn_sa { ipfw_insn o; struct sockaddr_in sa; } ipfw_insn_sa; /* * This is used for MAC addr-mask pairs. */ typedef struct _ipfw_insn_mac { ipfw_insn o; u_char addr[12]; /* dst[6] + src[6] */ u_char mask[12]; /* dst[6] + src[6] */ } ipfw_insn_mac; /* * This is used for interface match rules (recv xx, xmit xx). */ typedef struct _ipfw_insn_if { ipfw_insn o; union { struct in_addr ip; int glob; } p; char name[IFNAMSIZ]; } ipfw_insn_if; /* * This is used for storing an altq queue id number. */ typedef struct _ipfw_insn_altq { ipfw_insn o; u_int32_t qid; } ipfw_insn_altq; /* * This is used for limit rules. */ typedef struct _ipfw_insn_limit { ipfw_insn o; u_int8_t _pad; u_int8_t limit_mask; /* combination of DYN_* below */ #define DYN_SRC_ADDR 0x1 #define DYN_SRC_PORT 0x2 #define DYN_DST_ADDR 0x4 #define DYN_DST_PORT 0x8 u_int16_t conn_limit; } ipfw_insn_limit; /* * This is used for log instructions. */ typedef struct _ipfw_insn_log { ipfw_insn o; u_int32_t max_log; /* how many do we log -- 0 = all */ u_int32_t log_left; /* how many left to log */ } ipfw_insn_log; /* * Data structures required by both ipfw(8) and ipfw(4) but not part of the * management API are protected by IPFW_INTERNAL. */ #ifdef IPFW_INTERNAL /* Server pool support (LSNAT). */ struct cfg_spool { LIST_ENTRY(cfg_spool) _next; /* chain of spool instances */ struct in_addr addr; u_short port; }; #endif /* Redirect modes id. */ #define REDIR_ADDR 0x01 #define REDIR_PORT 0x02 #define REDIR_PROTO 0x04 #ifdef IPFW_INTERNAL /* Nat redirect configuration. */ struct cfg_redir { LIST_ENTRY(cfg_redir) _next; /* chain of redir instances */ u_int16_t mode; /* type of redirect mode */ struct in_addr laddr; /* local ip address */ struct in_addr paddr; /* public ip address */ struct in_addr raddr; /* remote ip address */ u_short lport; /* local port */ u_short pport; /* public port */ u_short rport; /* remote port */ u_short pport_cnt; /* number of public ports */ u_short rport_cnt; /* number of remote ports */ int proto; /* protocol: tcp/udp */ struct alias_link **alink; /* num of entry in spool chain */ u_int16_t spool_cnt; /* chain of spool instances */ LIST_HEAD(spool_chain, cfg_spool) spool_chain; }; #endif #define NAT_BUF_LEN 1024 #ifdef IPFW_INTERNAL /* Nat configuration data struct. */ struct cfg_nat { /* chain of nat instances */ LIST_ENTRY(cfg_nat) _next; int id; /* nat id */ struct in_addr ip; /* nat ip address */ char if_name[IF_NAMESIZE]; /* interface name */ int mode; /* aliasing mode */ struct libalias *lib; /* libalias instance */ /* number of entry in spool chain */ int redir_cnt; /* chain of redir instances */ LIST_HEAD(redir_chain, cfg_redir) redir_chain; }; #endif #define SOF_NAT sizeof(struct cfg_nat) #define SOF_REDIR sizeof(struct cfg_redir) #define SOF_SPOOL sizeof(struct cfg_spool) /* Nat command. */ typedef struct _ipfw_insn_nat { ipfw_insn o; struct cfg_nat *nat; } ipfw_insn_nat; /* Apply ipv6 mask on ipv6 addr */ #define APPLY_MASK(addr,mask) \ (addr)->__u6_addr.__u6_addr32[0] &= (mask)->__u6_addr.__u6_addr32[0]; \ (addr)->__u6_addr.__u6_addr32[1] &= (mask)->__u6_addr.__u6_addr32[1]; \ (addr)->__u6_addr.__u6_addr32[2] &= (mask)->__u6_addr.__u6_addr32[2]; \ (addr)->__u6_addr.__u6_addr32[3] &= (mask)->__u6_addr.__u6_addr32[3]; /* Structure for ipv6 */ typedef struct _ipfw_insn_ip6 { ipfw_insn o; struct in6_addr addr6; struct in6_addr mask6; } ipfw_insn_ip6; /* Used to support icmp6 types */ typedef struct _ipfw_insn_icmp6 { ipfw_insn o; uint32_t d[7]; /* XXX This number si related to the netinet/icmp6.h * define ICMP6_MAXTYPE * as follows: n = ICMP6_MAXTYPE/32 + 1 * Actually is 203 */ } ipfw_insn_icmp6; /* * Here we have the structure representing an ipfw rule. * * It starts with a general area (with link fields and counters) * followed by an array of one or more instructions, which the code * accesses as an array of 32-bit values. * * Given a rule pointer r: * * r->cmd is the start of the first instruction. * ACTION_PTR(r) is the start of the first action (things to do * once a rule matched). * * When assembling instruction, remember the following: * * + if a rule has a "keep-state" (or "limit") option, then the * first instruction (at r->cmd) MUST BE an O_PROBE_STATE * + if a rule has a "log" option, then the first action * (at ACTION_PTR(r)) MUST be O_LOG * + if a rule has an "altq" option, it comes after "log" * + if a rule has an O_TAG option, it comes after "log" and "altq" * * NOTE: we use a simple linked list of rules because we never need * to delete a rule without scanning the list. We do not use * queue(3) macros for portability and readability. */ struct ip_fw { struct ip_fw *next; /* linked list of rules */ struct ip_fw *next_rule; /* ptr to next [skipto] rule */ /* 'next_rule' is used to pass up 'set_disable' status */ u_int16_t act_ofs; /* offset of action in 32-bit units */ u_int16_t cmd_len; /* # of 32-bit words in cmd */ u_int16_t rulenum; /* rule number */ u_int8_t set; /* rule set (0..31) */ #define RESVD_SET 31 /* set for default and persistent rules */ u_int8_t _pad; /* padding */ /* These fields are present in all rules. */ u_int64_t pcnt; /* Packet counter */ u_int64_t bcnt; /* Byte counter */ u_int32_t timestamp; /* tv_sec of last match */ ipfw_insn cmd[1]; /* storage for commands */ }; #define ACTION_PTR(rule) \ (ipfw_insn *)( (u_int32_t *)((rule)->cmd) + ((rule)->act_ofs) ) #define RULESIZE(rule) (sizeof(struct ip_fw) + \ ((struct ip_fw *)(rule))->cmd_len * 4 - 4) /* * This structure is used as a flow mask and a flow id for various * parts of the code. */ struct ipfw_flow_id { u_int32_t dst_ip; u_int32_t src_ip; u_int16_t dst_port; u_int16_t src_port; u_int8_t fib; u_int8_t proto; u_int8_t flags; /* protocol-specific flags */ uint8_t addr_type; /* 4 = ipv4, 6 = ipv6, 1=ether ? */ struct in6_addr dst_ip6; /* could also store MAC addr! */ struct in6_addr src_ip6; u_int32_t flow_id6; u_int32_t frag_id6; }; #define IS_IP6_FLOW_ID(id) ((id)->addr_type == 6) /* * Dynamic ipfw rule. */ typedef struct _ipfw_dyn_rule ipfw_dyn_rule; struct _ipfw_dyn_rule { ipfw_dyn_rule *next; /* linked list of rules. */ struct ip_fw *rule; /* pointer to rule */ /* 'rule' is used to pass up the rule number (from the parent) */ ipfw_dyn_rule *parent; /* pointer to parent rule */ u_int64_t pcnt; /* packet match counter */ u_int64_t bcnt; /* byte match counter */ struct ipfw_flow_id id; /* (masked) flow id */ u_int32_t expire; /* expire time */ u_int32_t bucket; /* which bucket in hash table */ u_int32_t state; /* state of this rule (typically a * combination of TCP flags) */ u_int32_t ack_fwd; /* most recent ACKs in forward */ u_int32_t ack_rev; /* and reverse directions (used */ /* to generate keepalives) */ u_int16_t dyn_type; /* rule type */ u_int16_t count; /* refcount */ }; /* * Definitions for IP option names. */ #define IP_FW_IPOPT_LSRR 0x01 #define IP_FW_IPOPT_SSRR 0x02 #define IP_FW_IPOPT_RR 0x04 #define IP_FW_IPOPT_TS 0x08 /* * Definitions for TCP option names. */ #define IP_FW_TCPOPT_MSS 0x01 #define IP_FW_TCPOPT_WINDOW 0x02 #define IP_FW_TCPOPT_SACK 0x04 #define IP_FW_TCPOPT_TS 0x08 #define IP_FW_TCPOPT_CC 0x10 #define ICMP_REJECT_RST 0x100 /* fake ICMP code (send a TCP RST) */ #define ICMP6_UNREACH_RST 0x100 /* fake ICMPv6 code (send a TCP RST) */ /* * These are used for lookup tables. */ typedef struct _ipfw_table_entry { in_addr_t addr; /* network address */ u_int32_t value; /* value */ u_int16_t tbl; /* table number */ u_int8_t masklen; /* mask length */ } ipfw_table_entry; typedef struct _ipfw_table { u_int32_t size; /* size of entries in bytes */ u_int32_t cnt; /* # of entries */ u_int16_t tbl; /* table number */ ipfw_table_entry ent[0]; /* entries */ } ipfw_table; #define IP_FW_TABLEARG 65535 /* * Main firewall chains definitions and global var's definitions. */ #ifdef _KERNEL /* Return values from ipfw_chk() */ enum { IP_FW_PASS = 0, IP_FW_DENY, IP_FW_DIVERT, IP_FW_TEE, IP_FW_DUMMYNET, IP_FW_NETGRAPH, IP_FW_NGTEE, IP_FW_NAT, IP_FW_REASS, }; /* flags for divert mtag */ #define IP_FW_DIVERT_LOOPBACK_FLAG 0x00080000 #define IP_FW_DIVERT_OUTPUT_FLAG 0x00100000 /* * Structure for collecting parameters to dummynet for ip6_output forwarding */ struct _ip6dn_args { struct ip6_pktopts *opt_or; struct route_in6 ro_or; int flags_or; struct ip6_moptions *im6o_or; struct ifnet *origifp_or; struct ifnet *ifp_or; struct sockaddr_in6 dst_or; u_long mtu_or; struct route_in6 ro_pmtu_or; }; /* * Arguments for calling ipfw_chk() and dummynet_io(). We put them * all into a structure because this way it is easier and more * efficient to pass variables around and extend the interface. */ struct ip_fw_args { struct mbuf *m; /* the mbuf chain */ struct ifnet *oif; /* output interface */ struct sockaddr_in *next_hop; /* forward address */ struct ip_fw *rule; /* matching rule */ struct ether_header *eh; /* for bridged packets */ struct ipfw_flow_id f_id; /* grabbed from IP header */ u_int32_t cookie; /* a cookie depending on rule action */ struct inpcb *inp; struct _ip6dn_args dummypar; /* dummynet->ip6_output */ struct sockaddr_in hopstore; /* store here if cannot use a pointer */ }; /* * Function definitions. */ /* Firewall hooks */ struct sockopt; struct dn_flow_set; int ipfw_check_in(void *, struct mbuf **, struct ifnet *, int, struct inpcb *inp); int ipfw_check_out(void *, struct mbuf **, struct ifnet *, int, struct inpcb *inp); int ipfw_chk(struct ip_fw_args *); int ipfw_init(void); void ipfw_destroy(void); #ifdef NOTYET void ipfw_nat_destroy(void); #endif typedef int ip_fw_ctl_t(struct sockopt *); extern ip_fw_ctl_t *ip_fw_ctl_ptr; #ifdef VIMAGE_GLOBALS extern int fw_one_pass; extern int fw_enable; #ifdef INET6 extern int fw6_enable; #endif #endif /* For kernel ipfw_ether and ipfw_bridge. */ typedef int ip_fw_chk_t(struct ip_fw_args *args); extern ip_fw_chk_t *ip_fw_chk_ptr; #define IPFW_LOADED (ip_fw_chk_ptr != NULL) struct ip_fw_chain { struct ip_fw *rules; /* list of rules */ struct ip_fw *reap; /* list of rules to reap */ LIST_HEAD(, cfg_nat) nat; /* list of nat entries */ struct radix_node_head *tables[IPFW_TABLES_MAX]; struct rwlock rwmtx; }; #ifdef IPFW_INTERNAL #define IPFW_LOCK_INIT(_chain) \ rw_init(&(_chain)->rwmtx, "IPFW static rules") #define IPFW_LOCK_DESTROY(_chain) rw_destroy(&(_chain)->rwmtx) #define IPFW_WLOCK_ASSERT(_chain) rw_assert(&(_chain)->rwmtx, RA_WLOCKED) #define IPFW_RLOCK(p) rw_rlock(&(p)->rwmtx) #define IPFW_RUNLOCK(p) rw_runlock(&(p)->rwmtx) #define IPFW_WLOCK(p) rw_wlock(&(p)->rwmtx) #define IPFW_WUNLOCK(p) rw_wunlock(&(p)->rwmtx) #define LOOKUP_NAT(l, i, p) do { \ LIST_FOREACH((p), &(l.nat), _next) { \ if ((p)->id == (i)) { \ break; \ } \ } \ } while (0) typedef int ipfw_nat_t(struct ip_fw_args *, struct cfg_nat *, struct mbuf *); typedef int ipfw_nat_cfg_t(struct sockopt *); #endif struct eventhandler_entry; /* * Stack virtualization support. */ struct vnet_ipfw { - int _fw_enable; - int _fw6_enable; - u_int32_t _set_disable; - int _fw_deny_unknown_exthdrs; - int _fw_verbose; - int _verbose_limit; - int _autoinc_step; - ipfw_dyn_rule **_ipfw_dyn_v; - uma_zone_t _ipfw_dyn_rule_zone; - struct ip_fw_chain _layer3_chain; - u_int32_t _dyn_buckets; - u_int32_t _curr_dyn_buckets; - u_int32_t _dyn_ack_lifetime; - u_int32_t _dyn_syn_lifetime; - u_int32_t _dyn_fin_lifetime; - u_int32_t _dyn_rst_lifetime; - u_int32_t _dyn_udp_lifetime; - u_int32_t _dyn_short_lifetime; - u_int32_t _dyn_keepalive_interval; - u_int32_t _dyn_keepalive_period; - u_int32_t _dyn_keepalive; - u_int32_t _static_count; - u_int32_t _static_len; - u_int32_t _dyn_count; - u_int32_t _dyn_max; - u_int64_t _norule_counter; - struct callout _ipfw_timeout; + int _fw_enable; + int _fw6_enable; + u_int32_t _set_disable; + int _fw_deny_unknown_exthdrs; + int _fw_verbose; + int _verbose_limit; + int _autoinc_step; + ipfw_dyn_rule ** _ipfw_dyn_v; + uma_zone_t _ipfw_dyn_rule_zone; + struct ip_fw_chain _layer3_chain; + u_int32_t _dyn_buckets; + u_int32_t _curr_dyn_buckets; + u_int32_t _dyn_ack_lifetime; + u_int32_t _dyn_syn_lifetime; + u_int32_t _dyn_fin_lifetime; + u_int32_t _dyn_rst_lifetime; + u_int32_t _dyn_udp_lifetime; + u_int32_t _dyn_short_lifetime; + u_int32_t _dyn_keepalive_interval; + u_int32_t _dyn_keepalive_period; + u_int32_t _dyn_keepalive; + u_int32_t _static_count; + u_int32_t _static_len; + u_int32_t _dyn_count; + u_int32_t _dyn_max; + u_int64_t _norule_counter; + struct callout _ipfw_timeout; struct eventhandler_entry *_ifaddr_event_tag; }; #ifndef VIMAGE #ifndef VIMAGE_GLOBALS extern struct vnet_ipfw vnet_ipfw_0; #endif #endif /* * Symbol translation macros */ #define INIT_VNET_IPFW(vnet) \ INIT_FROM_VNET(vnet, VNET_MOD_IPFW, struct vnet_ipfw, vnet_ipfw) #define VNET_IPFW(sym) VSYM(vnet_ipfw, sym) #define V_fw_enable VNET_IPFW(fw_enable) #define V_fw6_enable VNET_IPFW(fw6_enable) #define V_set_disable VNET_IPFW(set_disable) #define V_fw_deny_unknown_exthdrs VNET_IPFW(fw_deny_unknown_exthdrs) #define V_fw_verbose VNET_IPFW(fw_verbose) #define V_verbose_limit VNET_IPFW(verbose_limit) #define V_autoinc_step VNET_IPFW(autoinc_step) #define V_ipfw_dyn_v VNET_IPFW(ipfw_dyn_v) #define V_ipfw_dyn_rule_zone VNET_IPFW(ipfw_dyn_rule_zone) #define V_layer3_chain VNET_IPFW(layer3_chain) #define V_dyn_buckets VNET_IPFW(dyn_buckets) #define V_curr_dyn_buckets VNET_IPFW(curr_dyn_buckets) #define V_dyn_ack_lifetime VNET_IPFW(dyn_ack_lifetime) #define V_dyn_syn_lifetime VNET_IPFW(dyn_syn_lifetime) #define V_dyn_fin_lifetime VNET_IPFW(dyn_fin_lifetime) #define V_dyn_rst_lifetime VNET_IPFW(dyn_rst_lifetime) #define V_dyn_udp_lifetime VNET_IPFW(dyn_udp_lifetime) #define V_dyn_short_lifetime VNET_IPFW(dyn_short_lifetime) #define V_dyn_keepalive_interval VNET_IPFW(dyn_keepalive_interval) #define V_dyn_keepalive_period VNET_IPFW(dyn_keepalive_period) #define V_dyn_keepalive VNET_IPFW(dyn_keepalive) #define V_static_count VNET_IPFW(static_count) #define V_static_len VNET_IPFW(static_len) #define V_dyn_count VNET_IPFW(dyn_count) #define V_dyn_max VNET_IPFW(dyn_max) #define V_norule_counter VNET_IPFW(norule_counter) #define V_ipfw_timeout VNET_IPFW(ipfw_timeout) #define V_ifaddr_event_tag VNET_IPFW(ifaddr_event_tag) #endif /* _KERNEL */ #endif /* _IPFW2_H */ Index: head/sys/netinet/vinet.h =================================================================== --- head/sys/netinet/vinet.h (revision 191737) +++ head/sys/netinet/vinet.h (revision 191738) @@ -1,382 +1,382 @@ /*- * Copyright (c) 2006-2008 University of Zagreb * Copyright (c) 2006-2008 FreeBSD Foundation * * This software was developed by the University of Zagreb and the * FreeBSD Foundation under sponsorship by the Stichting NLnet and the * FreeBSD Foundation. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * $FreeBSD$ */ #ifndef _NETINET_VINET_H_ #define _NETINET_VINET_H_ #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include struct vnet_inet { - struct in_ifaddrhashhead *_in_ifaddrhashtbl; - struct in_ifaddrhead _in_ifaddrhead; - u_long _in_ifaddrhmask; + struct in_ifaddrhashhead *_in_ifaddrhashtbl; + struct in_ifaddrhead _in_ifaddrhead; + u_long _in_ifaddrhmask; - int _arpt_keep; - int _arp_maxtries; - int _useloopback; - int _arp_proxyall; - int _subnetsarelocal; - int _sameprefixcarponly; + int _arpt_keep; + int _arp_maxtries; + int _useloopback; + int _arp_proxyall; + int _subnetsarelocal; + int _sameprefixcarponly; - int _ipforwarding; - int _ipstealth; - int _ipfastforward_active; - int _ipsendredirects; - int _ip_defttl; - int _ip_keepfaith; - int _ip_sendsourcequench; - int _ip_do_randomid; - int _ip_checkinterface; - int _ip_output_flowtable_size; - u_short _ip_id; + int _ipforwarding; + int _ipstealth; + int _ipfastforward_active; + int _ipsendredirects; + int _ip_defttl; + int _ip_keepfaith; + int _ip_sendsourcequench; + int _ip_do_randomid; + int _ip_checkinterface; + int _ip_output_flowtable_size; + u_short _ip_id; - uma_zone_t _ipq_zone; - int _nipq; /* Total # of reass queues */ - int _maxnipq; /* Admin. limit on # reass queues. */ - int _maxfragsperpacket; + uma_zone_t _ipq_zone; + int _nipq; /* Total # of reass queues */ + int _maxnipq; /* Admin. limit on # reass queues. */ + int _maxfragsperpacket; TAILQ_HEAD(ipqhead, ipq) _ipq[IPREASS_NHASH]; - struct inpcbhead _tcb; /* head of queue of active tcpcb's */ - struct inpcbinfo _tcbinfo; - struct tcpstat _tcpstat; /* tcp statistics */ - struct tcp_hostcache _tcp_hostcache; - struct callout _tcp_hc_callout; + struct inpcbhead _tcb; /* head of queue of active tcpcb's */ + struct inpcbinfo _tcbinfo; + struct tcpstat _tcpstat; /* tcp statistics */ + struct tcp_hostcache _tcp_hostcache; + struct callout _tcp_hc_callout; - uma_zone_t _tcp_reass_zone; - uma_zone_t _tcpcb_zone; - uma_zone_t _tcptw_zone; - uma_zone_t _sack_hole_zone; + uma_zone_t _tcp_reass_zone; + uma_zone_t _tcpcb_zone; + uma_zone_t _tcptw_zone; + uma_zone_t _sack_hole_zone; - struct tcp_syncache _tcp_syncache; - int _tcp_syncookies; - int _tcp_syncookiesonly; - int _tcp_sc_rst_sock_fail; + struct tcp_syncache _tcp_syncache; + int _tcp_syncookies; + int _tcp_syncookiesonly; + int _tcp_sc_rst_sock_fail; - struct inpcbhead _divcb; - struct inpcbinfo _divcbinfo; - TAILQ_HEAD(, tcptw) _twq_2msl; + struct inpcbhead _divcb; + struct inpcbinfo _divcbinfo; + TAILQ_HEAD(, tcptw) _twq_2msl; - int _tcp_mssdflt; - int _tcp_v6mssdflt; - int _tcp_minmss; - int _tcp_do_rfc1323; - int _icmp_may_rst; - int _tcp_isn_reseed_interval; - int _tcp_inflight_enable; - int _tcp_inflight_rttthresh; - int _tcp_inflight_min; - int _tcp_inflight_max; - int _tcp_inflight_stab; - int _nolocaltimewait; - int _path_mtu_discovery; - int _ss_fltsz; - int _ss_fltsz_local; - int _tcp_do_newreno; - int _tcp_do_tso; - int _tcp_do_autosndbuf; - int _tcp_autosndbuf_inc; - int _tcp_autosndbuf_max; - int _tcp_do_sack; - int _tcp_sack_maxholes; - int _tcp_sack_globalmaxholes; - int _tcp_sack_globalholes; - int _blackhole; - int _tcp_delack_enabled; - int _drop_synfin; - int _tcp_do_rfc3042; - int _tcp_do_rfc3390; - int _tcp_do_rfc3465; - int _tcp_abc_l_var; - int _tcp_do_ecn; - int _tcp_ecn_maxretries; - int _tcp_insecure_rst; - int _tcp_do_autorcvbuf; - int _tcp_autorcvbuf_inc; - int _tcp_autorcvbuf_max; - int _tcp_reass_maxseg; - int _tcp_reass_qsize; - int _tcp_reass_maxqlen; - int _tcp_reass_overflows; + int _tcp_mssdflt; + int _tcp_v6mssdflt; + int _tcp_minmss; + int _tcp_do_rfc1323; + int _icmp_may_rst; + int _tcp_isn_reseed_interval; + int _tcp_inflight_enable; + int _tcp_inflight_rttthresh; + int _tcp_inflight_min; + int _tcp_inflight_max; + int _tcp_inflight_stab; + int _nolocaltimewait; + int _path_mtu_discovery; + int _ss_fltsz; + int _ss_fltsz_local; + int _tcp_do_newreno; + int _tcp_do_tso; + int _tcp_do_autosndbuf; + int _tcp_autosndbuf_inc; + int _tcp_autosndbuf_max; + int _tcp_do_sack; + int _tcp_sack_maxholes; + int _tcp_sack_globalmaxholes; + int _tcp_sack_globalholes; + int _blackhole; + int _tcp_delack_enabled; + int _drop_synfin; + int _tcp_do_rfc3042; + int _tcp_do_rfc3390; + int _tcp_do_rfc3465; + int _tcp_abc_l_var; + int _tcp_do_ecn; + int _tcp_ecn_maxretries; + int _tcp_insecure_rst; + int _tcp_do_autorcvbuf; + int _tcp_autorcvbuf_inc; + int _tcp_autorcvbuf_max; + int _tcp_reass_maxseg; + int _tcp_reass_qsize; + int _tcp_reass_maxqlen; + int _tcp_reass_overflows; - u_char _isn_secret[32]; - int _isn_last_reseed; - u_int32_t _isn_offset; - u_int32_t _isn_offset_old; + u_char _isn_secret[32]; + int _isn_last_reseed; + u_int32_t _isn_offset; + u_int32_t _isn_offset_old; - struct inpcbhead _udb; - struct inpcbinfo _udbinfo; - struct udpstat _udpstat; - int _udp_blackhole; + struct inpcbhead _udb; + struct inpcbinfo _udbinfo; + struct udpstat _udpstat; + int _udp_blackhole; - struct inpcbhead _ripcb; - struct inpcbinfo _ripcbinfo; - struct socket *_ip_mrouter; + struct inpcbhead _ripcb; + struct inpcbinfo _ripcbinfo; + struct socket * _ip_mrouter; - struct socket *_ip_rsvpd; - int _ip_rsvp_on; - int _rsvp_on; + struct socket * _ip_rsvpd; + int _ip_rsvp_on; + int _rsvp_on; - struct icmpstat _icmpstat; - struct ipstat _ipstat; + struct icmpstat _icmpstat; + struct ipstat _ipstat; - LIST_HEAD(, igmp_ifinfo) _igi_head; - struct igmpstat _igmpstat; - int _interface_timers_running; - int _state_change_timers_running; - int _current_state_timers_running; - int _igmp_recvifkludge; - int _igmp_sendra; - int _igmp_sendlocal; - int _igmp_v1enable; - int _igmp_v2enable; - int _igmp_legacysupp; - int _igmp_sgalloc; - int _igmp_default_version; - struct timeval _igmp_gsrdelay; + LIST_HEAD(, igmp_ifinfo) _igi_head; + struct igmpstat _igmpstat; + int _interface_timers_running; + int _state_change_timers_running; + int _current_state_timers_running; + int _igmp_recvifkludge; + int _igmp_sendra; + int _igmp_sendlocal; + int _igmp_v1enable; + int _igmp_v2enable; + int _igmp_legacysupp; + int _igmp_sgalloc; + int _igmp_default_version; + struct timeval _igmp_gsrdelay; - int _rtq_timeout; - int _rtq_reallyold; - int _rtq_minreallyold; - int _rtq_toomany; - struct callout _rtq_timer; + int _rtq_timeout; + int _rtq_reallyold; + int _rtq_minreallyold; + int _rtq_toomany; + struct callout _rtq_timer; - int _ipport_lowfirstauto; - int _ipport_lowlastauto; - int _ipport_firstauto; - int _ipport_lastauto; - int _ipport_hifirstauto; - int _ipport_hilastauto; - int _ipport_reservedhigh; - int _ipport_reservedlow; - int _ipport_randomized; - int _ipport_randomcps; - int _ipport_randomtime; - int _ipport_stoprandom; - int _ipport_tcpallocs; - int _ipport_tcplastcount; + int _ipport_lowfirstauto; + int _ipport_lowlastauto; + int _ipport_firstauto; + int _ipport_lastauto; + int _ipport_hifirstauto; + int _ipport_hilastauto; + int _ipport_reservedhigh; + int _ipport_reservedlow; + int _ipport_randomized; + int _ipport_randomcps; + int _ipport_randomtime; + int _ipport_stoprandom; + int _ipport_tcpallocs; + int _ipport_tcplastcount; - int _icmpmaskrepl; - u_int _icmpmaskfake; - int _drop_redirect; - int _log_redirect; - int _icmplim; - int _icmplim_output; - char _reply_src[IFNAMSIZ]; - int _icmp_rfi; - int _icmp_quotelen; - int _icmpbmcastecho; + int _icmpmaskrepl; + u_int _icmpmaskfake; + int _drop_redirect; + int _log_redirect; + int _icmplim; + int _icmplim_output; + char _reply_src[IFNAMSIZ]; + int _icmp_rfi; + int _icmp_quotelen; + int _icmpbmcastecho; - int _fw_one_pass; + int _fw_one_pass; }; /* Size guard. See sys/vimage.h. */ VIMAGE_CTASSERT(SIZEOF_vnet_inet, sizeof(struct vnet_inet)); #ifndef VIMAGE #ifndef VIMAGE_GLOBALS extern struct vnet_inet vnet_inet_0; #endif #endif /* * Symbol translation macros */ #define INIT_VNET_INET(vnet) \ INIT_FROM_VNET(vnet, VNET_MOD_INET, struct vnet_inet, vnet_inet) #define VNET_INET(sym) VSYM(vnet_inet, sym) #define V_arp_maxtries VNET_INET(arp_maxtries) #define V_arp_proxyall VNET_INET(arp_proxyall) #define V_arpt_keep VNET_INET(arpt_keep) #define V_blackhole VNET_INET(blackhole) #define V_divcb VNET_INET(divcb) #define V_divcbinfo VNET_INET(divcbinfo) #define V_drop_redirect VNET_INET(drop_redirect) #define V_drop_synfin VNET_INET(drop_synfin) #define V_fw_one_pass VNET_INET(fw_one_pass) #define V_icmp_may_rst VNET_INET(icmp_may_rst) #define V_icmp_quotelen VNET_INET(icmp_quotelen) #define V_icmp_rfi VNET_INET(icmp_rfi) #define V_icmpbmcastecho VNET_INET(icmpbmcastecho) #define V_icmplim VNET_INET(icmplim) #define V_icmplim_output VNET_INET(icmplim_output) #define V_icmpmaskfake VNET_INET(icmpmaskfake) #define V_icmpmaskrepl VNET_INET(icmpmaskrepl) #define V_icmpstat VNET_INET(icmpstat) #define V_igi_head VNET_INET(igi_head) #define V_igmpstat VNET_INET(igmpstat) #define V_interface_timers_running \ VNET_INET(interface_timers_running) #define V_state_change_timers_running \ VNET_INET(state_change_timers_running) #define V_current_state_timers_running \ VNET_INET(current_state_timers_running) #define V_igmp_recvifkludge VNET_INET(igmp_recvifkludge) #define V_igmp_sendra VNET_INET(igmp_sendra) #define V_igmp_sendlocal VNET_INET(igmp_sendlocal) #define V_igmp_v1enable VNET_INET(igmp_v1enable) #define V_igmp_v2enable VNET_INET(igmp_v2enable) #define V_igmp_legacysupp VNET_INET(igmp_legacysupp) #define V_igmp_sgalloc VNET_INET(igmp_sgalloc) #define V_igmp_default_version VNET_INET(igmp_default_version) #define V_igmp_gsrdelay VNET_INET(igmp_gsrdelay) #define V_in_ifaddrhashtbl VNET_INET(in_ifaddrhashtbl) #define V_in_ifaddrhead VNET_INET(in_ifaddrhead) #define V_in_ifaddrhmask VNET_INET(in_ifaddrhmask) #define V_ip_checkinterface VNET_INET(ip_checkinterface) #define V_ip_defttl VNET_INET(ip_defttl) #define V_ip_do_randomid VNET_INET(ip_do_randomid) #define V_ip_id VNET_INET(ip_id) #define V_ip_keepfaith VNET_INET(ip_keepfaith) #define V_ip_mrouter VNET_INET(ip_mrouter) #define V_ip_rsvp_on VNET_INET(ip_rsvp_on) #define V_ip_rsvpd VNET_INET(ip_rsvpd) #define V_ip_sendsourcequench VNET_INET(ip_sendsourcequench) #define V_ipfastforward_active VNET_INET(ipfastforward_active) #define V_ipforwarding VNET_INET(ipforwarding) #define V_ipport_firstauto VNET_INET(ipport_firstauto) #define V_ipport_hifirstauto VNET_INET(ipport_hifirstauto) #define V_ipport_hilastauto VNET_INET(ipport_hilastauto) #define V_ipport_lastauto VNET_INET(ipport_lastauto) #define V_ipport_lowfirstauto VNET_INET(ipport_lowfirstauto) #define V_ipport_lowlastauto VNET_INET(ipport_lowlastauto) #define V_ipport_randomcps VNET_INET(ipport_randomcps) #define V_ipport_randomized VNET_INET(ipport_randomized) #define V_ipport_randomtime VNET_INET(ipport_randomtime) #define V_ipport_reservedhigh VNET_INET(ipport_reservedhigh) #define V_ipport_reservedlow VNET_INET(ipport_reservedlow) #define V_ipport_stoprandom VNET_INET(ipport_stoprandom) #define V_ipport_tcpallocs VNET_INET(ipport_tcpallocs) #define V_ipport_tcplastcount VNET_INET(ipport_tcplastcount) #define V_ipq VNET_INET(ipq) #define V_ipq_zone VNET_INET(ipq_zone) #define V_ipsendredirects VNET_INET(ipsendredirects) #define V_ipstat VNET_INET(ipstat) #define V_ipstealth VNET_INET(ipstealth) #define V_isn_last_reseed VNET_INET(isn_last_reseed) #define V_isn_offset VNET_INET(isn_offset) #define V_isn_offset_old VNET_INET(isn_offset_old) #define V_isn_secret VNET_INET(isn_secret) #define V_llinfo_arp VNET_INET(llinfo_arp) #define V_log_redirect VNET_INET(log_redirect) #define V_maxfragsperpacket VNET_INET(maxfragsperpacket) #define V_maxnipq VNET_INET(maxnipq) #define V_nipq VNET_INET(nipq) #define V_nolocaltimewait VNET_INET(nolocaltimewait) #define V_path_mtu_discovery VNET_INET(path_mtu_discovery) #define V_reply_src VNET_INET(reply_src) #define V_ripcb VNET_INET(ripcb) #define V_ripcbinfo VNET_INET(ripcbinfo) #define V_router_info_head VNET_INET(router_info_head) #define V_rsvp_on VNET_INET(rsvp_on) #define V_rtq_minreallyold VNET_INET(rtq_minreallyold) #define V_rtq_reallyold VNET_INET(rtq_reallyold) #define V_rtq_timeout VNET_INET(rtq_timeout) #define V_rtq_timer VNET_INET(rtq_timer) #define V_rtq_toomany VNET_INET(rtq_toomany) #define V_sack_hole_zone VNET_INET(sack_hole_zone) #define V_sameprefixcarponly VNET_INET(sameprefixcarponly) #define V_ss_fltsz VNET_INET(ss_fltsz) #define V_ss_fltsz_local VNET_INET(ss_fltsz_local) #define V_subnetsarelocal VNET_INET(subnetsarelocal) #define V_tcb VNET_INET(tcb) #define V_tcbinfo VNET_INET(tcbinfo) #define V_tcpcb_zone VNET_INET(tcpcb_zone) #define V_tcptw_zone VNET_INET(tcptw_zone) #define V_tcp_abc_l_var VNET_INET(tcp_abc_l_var) #define V_tcp_autorcvbuf_inc VNET_INET(tcp_autorcvbuf_inc) #define V_tcp_autorcvbuf_max VNET_INET(tcp_autorcvbuf_max) #define V_tcp_autosndbuf_inc VNET_INET(tcp_autosndbuf_inc) #define V_tcp_autosndbuf_max VNET_INET(tcp_autosndbuf_max) #define V_tcp_delack_enabled VNET_INET(tcp_delack_enabled) #define V_tcp_do_autorcvbuf VNET_INET(tcp_do_autorcvbuf) #define V_tcp_do_autosndbuf VNET_INET(tcp_do_autosndbuf) #define V_tcp_do_ecn VNET_INET(tcp_do_ecn) #define V_tcp_do_newreno VNET_INET(tcp_do_newreno) #define V_tcp_do_rfc1323 VNET_INET(tcp_do_rfc1323) #define V_tcp_do_rfc3042 VNET_INET(tcp_do_rfc3042) #define V_tcp_do_rfc3390 VNET_INET(tcp_do_rfc3390) #define V_tcp_do_rfc3465 VNET_INET(tcp_do_rfc3465) #define V_tcp_do_sack VNET_INET(tcp_do_sack) #define V_tcp_do_tso VNET_INET(tcp_do_tso) #define V_tcp_ecn_maxretries VNET_INET(tcp_ecn_maxretries) #define V_tcp_hc_callout VNET_INET(tcp_hc_callout) #define V_tcp_hostcache VNET_INET(tcp_hostcache) #define V_tcp_inflight_enable VNET_INET(tcp_inflight_enable) #define V_tcp_inflight_max VNET_INET(tcp_inflight_max) #define V_tcp_inflight_min VNET_INET(tcp_inflight_min) #define V_tcp_inflight_rttthresh VNET_INET(tcp_inflight_rttthresh) #define V_tcp_inflight_stab VNET_INET(tcp_inflight_stab) #define V_tcp_insecure_rst VNET_INET(tcp_insecure_rst) #define V_tcp_isn_reseed_interval VNET_INET(tcp_isn_reseed_interval) #define V_tcp_minmss VNET_INET(tcp_minmss) #define V_tcp_mssdflt VNET_INET(tcp_mssdflt) #define V_tcp_reass_maxqlen VNET_INET(tcp_reass_maxqlen) #define V_tcp_reass_maxseg VNET_INET(tcp_reass_maxseg) #define V_tcp_reass_overflows VNET_INET(tcp_reass_overflows) #define V_tcp_reass_qsize VNET_INET(tcp_reass_qsize) #define V_tcp_reass_zone VNET_INET(tcp_reass_zone) #define V_tcp_sack_globalholes VNET_INET(tcp_sack_globalholes) #define V_tcp_sack_globalmaxholes VNET_INET(tcp_sack_globalmaxholes) #define V_tcp_sack_maxholes VNET_INET(tcp_sack_maxholes) #define V_tcp_sc_rst_sock_fail VNET_INET(tcp_sc_rst_sock_fail) #define V_tcp_syncache VNET_INET(tcp_syncache) #define V_tcp_syncookies VNET_INET(tcp_syncookies) #define V_tcp_syncookiesonly VNET_INET(tcp_syncookiesonly) #define V_tcp_v6mssdflt VNET_INET(tcp_v6mssdflt) #define V_tcpstat VNET_INET(tcpstat) #define V_twq_2msl VNET_INET(twq_2msl) #define V_udb VNET_INET(udb) #define V_udbinfo VNET_INET(udbinfo) #define V_udp_blackhole VNET_INET(udp_blackhole) #define V_udpstat VNET_INET(udpstat) #define V_useloopback VNET_INET(useloopback) #define ip_newid() ((V_ip_do_randomid != 0) ? ip_randomid() : htons(V_ip_id++)) #endif /* !_NETINET_VINET_H_ */ Index: head/sys/netinet6/vinet6.h =================================================================== --- head/sys/netinet6/vinet6.h (revision 191737) +++ head/sys/netinet6/vinet6.h (revision 191738) @@ -1,272 +1,272 @@ /*- * Copyright (c) 2006-2008 University of Zagreb * Copyright (c) 2006-2008 FreeBSD Foundation * * This software was developed by the University of Zagreb and the * FreeBSD Foundation under sponsorship by the Stichting NLnet and the * FreeBSD Foundation. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * $FreeBSD$ */ #ifndef _NETINET6_VINET6_H_ #define _NETINET6_VINET6_H_ #include #include #include #include #include #include #include #include #include #include struct vnet_inet6 { - struct in6_ifaddr * _in6_ifaddr; + struct in6_ifaddr * _in6_ifaddr; - u_int _frag6_nfragpackets; - u_int _frag6_nfrags; - struct ip6q _ip6q; + u_int _frag6_nfragpackets; + u_int _frag6_nfrags; + struct ip6q _ip6q; - struct in6_addrpolicy _defaultaddrpolicy; + struct in6_addrpolicy _defaultaddrpolicy; TAILQ_HEAD(, addrsel_policyent) _addrsel_policytab; - u_int _in6_maxmtu; - int _ip6_auto_linklocal; - int _rtq_minreallyold6; - int _rtq_reallyold6; - int _rtq_toomany6; + u_int _in6_maxmtu; + int _ip6_auto_linklocal; + int _rtq_minreallyold6; + int _rtq_reallyold6; + int _rtq_toomany6; - struct ip6stat _ip6stat; - struct rip6stat _rip6stat; - struct icmp6stat _icmp6stat; + struct ip6stat _ip6stat; + struct rip6stat _rip6stat; + struct icmp6stat _icmp6stat; - int _rtq_timeout6; - struct callout _rtq_timer6; - struct callout _rtq_mtutimer; - struct callout _nd6_slowtimo_ch; - struct callout _nd6_timer_ch; - struct callout _in6_tmpaddrtimer_ch; + int _rtq_timeout6; + struct callout _rtq_timer6; + struct callout _rtq_mtutimer; + struct callout _nd6_slowtimo_ch; + struct callout _nd6_timer_ch; + struct callout _in6_tmpaddrtimer_ch; - int _nd6_inuse; - int _nd6_allocated; - int _nd6_onlink_ns_rfc4861; - struct nd_drhead _nd_defrouter; - struct nd_prhead _nd_prefix; - struct ifnet * _nd6_defifp; - int _nd6_defifindex; + int _nd6_inuse; + int _nd6_allocated; + int _nd6_onlink_ns_rfc4861; + struct nd_drhead _nd_defrouter; + struct nd_prhead _nd_prefix; + struct ifnet * _nd6_defifp; + int _nd6_defifindex; - struct scope6_id _sid_default; + struct scope6_id _sid_default; - TAILQ_HEAD(, dadq) _dadq; - int _dad_init; + TAILQ_HEAD(, dadq) _dadq; + int _dad_init; - int _icmp6errpps_count; - struct timeval _icmp6errppslim_last; + int _icmp6errpps_count; + struct timeval _icmp6errppslim_last; - int _ip6_forwarding; - int _ip6_sendredirects; - int _ip6_defhlim; - int _ip6_defmcasthlim; - int _ip6_accept_rtadv; - int _ip6_maxfragpackets; - int _ip6_maxfrags; - int _ip6_log_interval; - int _ip6_hdrnestlimit; - int _ip6_dad_count; - int _ip6_auto_flowlabel; - int _ip6_use_deprecated; - int _ip6_rr_prune; - int _ip6_mcast_pmtu; - int _ip6_v6only; - int _ip6_keepfaith; - int _ip6stealth; - time_t _ip6_log_time; + int _ip6_forwarding; + int _ip6_sendredirects; + int _ip6_defhlim; + int _ip6_defmcasthlim; + int _ip6_accept_rtadv; + int _ip6_maxfragpackets; + int _ip6_maxfrags; + int _ip6_log_interval; + int _ip6_hdrnestlimit; + int _ip6_dad_count; + int _ip6_auto_flowlabel; + int _ip6_use_deprecated; + int _ip6_rr_prune; + int _ip6_mcast_pmtu; + int _ip6_v6only; + int _ip6_keepfaith; + int _ip6stealth; + time_t _ip6_log_time; - int _pmtu_expire; - int _pmtu_probe; - u_long _rip6_sendspace; - u_long _rip6_recvspace; - int _icmp6_rediraccept; - int _icmp6_redirtimeout; - int _icmp6errppslim; - int _icmp6_nodeinfo; - int _udp6_sendspace; - int _udp6_recvspace; - int _ip6qmaxlen; - int _ip6_prefer_tempaddr; + int _pmtu_expire; + int _pmtu_probe; + u_long _rip6_sendspace; + u_long _rip6_recvspace; + int _icmp6_rediraccept; + int _icmp6_redirtimeout; + int _icmp6errppslim; + int _icmp6_nodeinfo; + int _udp6_sendspace; + int _udp6_recvspace; + int _ip6qmaxlen; + int _ip6_prefer_tempaddr; - int _nd6_prune; - int _nd6_delay; - int _nd6_umaxtries; - int _nd6_mmaxtries; - int _nd6_useloopback; - int _nd6_gctimer; - int _nd6_maxndopt; - int _nd6_maxnudhint; - int _nd6_maxqueuelen; - int _nd6_debug; - int _nd6_recalc_reachtm_interval; - int _dad_ignore_ns; - int _dad_maxtry; - int _ip6_use_tempaddr; - int _ip6_desync_factor; - u_int32_t _ip6_temp_preferred_lifetime; - u_int32_t _ip6_temp_valid_lifetime; + int _nd6_prune; + int _nd6_delay; + int _nd6_umaxtries; + int _nd6_mmaxtries; + int _nd6_useloopback; + int _nd6_gctimer; + int _nd6_maxndopt; + int _nd6_maxnudhint; + int _nd6_maxqueuelen; + int _nd6_debug; + int _nd6_recalc_reachtm_interval; + int _dad_ignore_ns; + int _dad_maxtry; + int _ip6_use_tempaddr; + int _ip6_desync_factor; + u_int32_t _ip6_temp_preferred_lifetime; + u_int32_t _ip6_temp_valid_lifetime; - struct socket * _ip6_mrouter; - int _ip6_mrouter_ver; - int _pim6; - u_int _mrt6debug; + struct socket * _ip6_mrouter; + int _ip6_mrouter_ver; + int _pim6; + u_int _mrt6debug; - int _ip6_temp_regen_advance; - int _ip6_use_defzone; + int _ip6_temp_regen_advance; + int _ip6_use_defzone; - struct ip6_pktopts _ip6_opts; + struct ip6_pktopts _ip6_opts; - struct timeval _mld_gsrdelay; - LIST_HEAD(, mld_ifinfo) _mli_head; - int _interface_timers_running6; - int _state_change_timers_running6; - int _current_state_timers_running6; + struct timeval _mld_gsrdelay; + LIST_HEAD(, mld_ifinfo) _mli_head; + int _interface_timers_running6; + int _state_change_timers_running6; + int _current_state_timers_running6; }; /* Size guard. See sys/vimage.h. */ VIMAGE_CTASSERT(SIZEOF_vnet_inet6, sizeof(struct vnet_inet6)); #ifndef VIMAGE #ifndef VIMAGE_GLOBALS extern struct vnet_inet6 vnet_inet6_0; #endif #endif #define INIT_VNET_INET6(vnet) \ INIT_FROM_VNET(vnet, VNET_MOD_INET6, struct vnet_inet6, vnet_inet6) #define VNET_INET6(sym) VSYM(vnet_inet6, sym) /* * Symbol translation macros */ #define V_addrsel_policytab VNET_INET6(addrsel_policytab) #define V_current_state_timers_running6 \ VNET_INET6(current_state_timers_running6) #define V_dad_ignore_ns VNET_INET6(dad_ignore_ns) #define V_dad_init VNET_INET6(dad_init) #define V_dad_maxtry VNET_INET6(dad_maxtry) #define V_dadq VNET_INET6(dadq) #define V_defaultaddrpolicy VNET_INET6(defaultaddrpolicy) #define V_frag6_nfragpackets VNET_INET6(frag6_nfragpackets) #define V_frag6_nfrags VNET_INET6(frag6_nfrags) #define V_icmp6_nodeinfo VNET_INET6(icmp6_nodeinfo) #define V_icmp6_rediraccept VNET_INET6(icmp6_rediraccept) #define V_icmp6_redirtimeout VNET_INET6(icmp6_redirtimeout) #define V_icmp6errpps_count VNET_INET6(icmp6errpps_count) #define V_icmp6errppslim VNET_INET6(icmp6errppslim) #define V_icmp6errppslim_last VNET_INET6(icmp6errppslim_last) #define V_icmp6stat VNET_INET6(icmp6stat) #define V_in6_ifaddr VNET_INET6(in6_ifaddr) #define V_in6_maxmtu VNET_INET6(in6_maxmtu) #define V_in6_tmpaddrtimer_ch VNET_INET6(in6_tmpaddrtimer_ch) #define V_interface_timers_running6 \ VNET_INET6(interface_timers_running6) #define V_ip6_accept_rtadv VNET_INET6(ip6_accept_rtadv) #define V_ip6_auto_flowlabel VNET_INET6(ip6_auto_flowlabel) #define V_ip6_auto_linklocal VNET_INET6(ip6_auto_linklocal) #define V_ip6_dad_count VNET_INET6(ip6_dad_count) #define V_ip6_defhlim VNET_INET6(ip6_defhlim) #define V_ip6_defmcasthlim VNET_INET6(ip6_defmcasthlim) #define V_ip6_desync_factor VNET_INET6(ip6_desync_factor) #define V_ip6_forwarding VNET_INET6(ip6_forwarding) #define V_ip6_hdrnestlimit VNET_INET6(ip6_hdrnestlimit) #define V_ip6_keepfaith VNET_INET6(ip6_keepfaith) #define V_ip6_log_interval VNET_INET6(ip6_log_interval) #define V_ip6_log_time VNET_INET6(ip6_log_time) #define V_ip6_maxfragpackets VNET_INET6(ip6_maxfragpackets) #define V_ip6_maxfrags VNET_INET6(ip6_maxfrags) #define V_ip6_mcast_pmtu VNET_INET6(ip6_mcast_pmtu) #define V_ip6_mrouter VNET_INET6(ip6_mrouter) #define V_ip6_mrouter_ver VNET_INET6(ip6_mrouter_ver) #define V_ip6_opts VNET_INET6(ip6_opts) #define V_ip6_prefer_tempaddr VNET_INET6(ip6_prefer_tempaddr) #define V_ip6_rr_prune VNET_INET6(ip6_rr_prune) #define V_ip6_sendredirects VNET_INET6(ip6_sendredirects) #define V_ip6_temp_preferred_lifetime VNET_INET6(ip6_temp_preferred_lifetime) #define V_ip6_temp_regen_advance VNET_INET6(ip6_temp_regen_advance) #define V_ip6_temp_valid_lifetime VNET_INET6(ip6_temp_valid_lifetime) #define V_ip6_use_defzone VNET_INET6(ip6_use_defzone) #define V_ip6_use_deprecated VNET_INET6(ip6_use_deprecated) #define V_ip6_use_tempaddr VNET_INET6(ip6_use_tempaddr) #define V_ip6_v6only VNET_INET6(ip6_v6only) #define V_ip6q VNET_INET6(ip6q) #define V_ip6qmaxlen VNET_INET6(ip6qmaxlen) #define V_ip6stat VNET_INET6(ip6stat) #define V_ip6stealth VNET_INET6(ip6stealth) #define V_llinfo_nd6 VNET_INET6(llinfo_nd6) #define V_mrt6debug VNET_INET6(mrt6debug) #define V_mld_gsrdelay VNET_INET6(mld_gsrdelay) #define V_mli_head VNET_INET6(mli_head) #define V_nd6_allocated VNET_INET6(nd6_allocated) #define V_nd6_debug VNET_INET6(nd6_debug) #define V_nd6_defifindex VNET_INET6(nd6_defifindex) #define V_nd6_defifp VNET_INET6(nd6_defifp) #define V_nd6_delay VNET_INET6(nd6_delay) #define V_nd6_gctimer VNET_INET6(nd6_gctimer) #define V_nd6_inuse VNET_INET6(nd6_inuse) #define V_nd6_maxndopt VNET_INET6(nd6_maxndopt) #define V_nd6_maxnudhint VNET_INET6(nd6_maxnudhint) #define V_nd6_maxqueuelen VNET_INET6(nd6_maxqueuelen) #define V_nd6_mmaxtries VNET_INET6(nd6_mmaxtries) #define V_nd6_onlink_ns_rfc4861 VNET_INET6(nd6_onlink_ns_rfc4861) #define V_nd6_prune VNET_INET6(nd6_prune) #define V_nd6_recalc_reachtm_interval VNET_INET6(nd6_recalc_reachtm_interval) #define V_nd6_slowtimo_ch VNET_INET6(nd6_slowtimo_ch) #define V_nd6_timer_ch VNET_INET6(nd6_timer_ch) #define V_nd6_umaxtries VNET_INET6(nd6_umaxtries) #define V_nd6_useloopback VNET_INET6(nd6_useloopback) #define V_nd_defrouter VNET_INET6(nd_defrouter) #define V_nd_prefix VNET_INET6(nd_prefix) #define V_pim6 VNET_INET6(pim6) #define V_pmtu_expire VNET_INET6(pmtu_expire) #define V_pmtu_probe VNET_INET6(pmtu_probe) #define V_rip6_recvspace VNET_INET6(rip6_recvspace) #define V_rip6_sendspace VNET_INET6(rip6_sendspace) #define V_rip6stat VNET_INET6(rip6stat) #define V_rtq_minreallyold6 VNET_INET6(rtq_minreallyold6) #define V_rtq_mtutimer VNET_INET6(rtq_mtutimer) #define V_rtq_reallyold6 VNET_INET6(rtq_reallyold6) #define V_rtq_timeout6 VNET_INET6(rtq_timeout6) #define V_rtq_timer6 VNET_INET6(rtq_timer6) #define V_rtq_toomany6 VNET_INET6(rtq_toomany6) #define V_sid_default VNET_INET6(sid_default) #define V_state_change_timers_running6 \ VNET_INET6(state_change_timers_running6) #define V_udp6_recvspace VNET_INET6(udp6_recvspace) #define V_udp6_sendspace VNET_INET6(udp6_sendspace) #endif /* !_NETINET6_VINET6_H_ */ Index: head/sys/netipsec/vipsec.h =================================================================== --- head/sys/netipsec/vipsec.h (revision 191737) +++ head/sys/netipsec/vipsec.h (revision 191738) @@ -1,180 +1,180 @@ /* * Copyright (c) 2007-2008 University of Zagreb * Copyright (c) 2007-2008 FreeBSD Foundation * * This software was developed by the University of Zagreb and the * FreeBSD Foundation under sponsorship by the Stichting NLnet and the * FreeBSD Foundation. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * $FreeBSD$ */ #ifndef _NETIPSEC_VIPSEC_H_ #define _NETIPSEC_VIPSEC_H_ #include #include #include #include #include #include #include #include #include struct vnet_ipsec { int _ipsec_debug; - struct ipsecstat _ipsec4stat; - struct secpolicy _ip4_def_policy; + struct ipsecstat _ipsec4stat; + struct secpolicy _ip4_def_policy; int _ip4_esp_trans_deflev; int _ip4_esp_net_deflev; int _ip4_ah_trans_deflev; int _ip4_ah_net_deflev; int _ip4_ah_offsetmask; int _ip4_ipsec_dfbit; int _ip4_ipsec_ecn; int _ip4_esp_randpad; int _ipsec_replay; int _ipsec_integrity; int _crypto_support; u_int32_t _key_debug_level; u_int _key_spi_trycnt; u_int32_t _key_spi_minval; u_int32_t _key_spi_maxval; u_int32_t _policy_id; u_int _key_int_random; u_int _key_larval_lifetime; int _key_blockacq_count; int _key_blockacq_lifetime; int _key_preferred_oldsa; u_int32_t _acq_seq; int _esp_enable; struct espstat _espstat; int _esp_max_ivlen; int _ipsec_esp_keymin; int _ipsec_esp_auth; int _ipsec_ah_keymin; int _ipip_allow; struct ipipstat _ipipstat; struct ipsecstat _ipsec6stat; int _ip6_esp_trans_deflev; int _ip6_esp_net_deflev; int _ip6_ah_trans_deflev; int _ip6_ah_net_deflev; int _ip6_ipsec_ecn; int _ah_enable; int _ah_cleartos; struct ahstat _ahstat; int _ipcomp_enable; struct ipcompstat _ipcompstat; struct pfkeystat _pfkeystat; struct key_cb _key_cb; LIST_HEAD(, secpolicy) _sptree[IPSEC_DIR_MAX]; LIST_HEAD(, secashead) _sahtree; LIST_HEAD(, secreg) _regtree[SADB_SATYPE_MAX + 1]; LIST_HEAD(, secacq) _acqtree; LIST_HEAD(, secspacq) _spacqtree; }; /* Size guard. See sys/vimage.h. */ VIMAGE_CTASSERT(SIZEOF_vnet_ipsec, sizeof(struct vnet_ipsec)); #ifndef VIMAGE #ifndef VIMAGE_GLOBALS extern struct vnet_ipsec vnet_ipsec_0; #endif #endif /* * Symbol translation macros */ #define INIT_VNET_IPSEC(vnet) \ INIT_FROM_VNET(vnet, VNET_MOD_IPSEC, struct vnet_ipsec, vnet_ipsec) #define VNET_IPSEC(sym) VSYM(vnet_ipsec, sym) #define V_acq_seq VNET_IPSEC(acq_seq) #define V_acqtree VNET_IPSEC(acqtree) #define V_ah_cleartos VNET_IPSEC(ah_cleartos) #define V_ah_enable VNET_IPSEC(ah_enable) #define V_ahstat VNET_IPSEC(ahstat) #define V_crypto_support VNET_IPSEC(crypto_support) #define V_esp_enable VNET_IPSEC(esp_enable) #define V_esp_max_ivlen VNET_IPSEC(esp_max_ivlen) #define V_espstat VNET_IPSEC(espstat) #define V_ip4_ah_net_deflev VNET_IPSEC(ip4_ah_net_deflev) #define V_ip4_ah_offsetmask VNET_IPSEC(ip4_ah_offsetmask) #define V_ip4_ah_trans_deflev VNET_IPSEC(ip4_ah_trans_deflev) #define V_ip4_def_policy VNET_IPSEC(ip4_def_policy) #define V_ip4_esp_net_deflev VNET_IPSEC(ip4_esp_net_deflev) #define V_ip4_esp_randpad VNET_IPSEC(ip4_esp_randpad) #define V_ip4_esp_trans_deflev VNET_IPSEC(ip4_esp_trans_deflev) #define V_ip4_ipsec_dfbit VNET_IPSEC(ip4_ipsec_dfbit) #define V_ip4_ipsec_ecn VNET_IPSEC(ip4_ipsec_ecn) #define V_ip6_ah_net_deflev VNET_IPSEC(ip6_ah_net_deflev) #define V_ip6_ah_trans_deflev VNET_IPSEC(ip6_ah_trans_deflev) #define V_ip6_esp_net_deflev VNET_IPSEC(ip6_esp_net_deflev) #define V_ip6_esp_randpad VNET_IPSEC(ip6_esp_randpad) #define V_ip6_esp_trans_deflev VNET_IPSEC(ip6_esp_trans_deflev) #define V_ip6_ipsec_ecn VNET_IPSEC(ip6_ipsec_ecn) #define V_ipcomp_enable VNET_IPSEC(ipcomp_enable) #define V_ipcompstat VNET_IPSEC(ipcompstat) #define V_ipip_allow VNET_IPSEC(ipip_allow) #define V_ipipstat VNET_IPSEC(ipipstat) #define V_ipsec4stat VNET_IPSEC(ipsec4stat) #define V_ipsec6stat VNET_IPSEC(ipsec6stat) #define V_ipsec_ah_keymin VNET_IPSEC(ipsec_ah_keymin) #define V_ipsec_debug VNET_IPSEC(ipsec_debug) #define V_ipsec_esp_auth VNET_IPSEC(ipsec_esp_auth) #define V_ipsec_esp_keymin VNET_IPSEC(ipsec_esp_keymin) #define V_ipsec_integrity VNET_IPSEC(ipsec_integrity) #define V_ipsec_replay VNET_IPSEC(ipsec_replay) #define V_key_blockacq_count VNET_IPSEC(key_blockacq_count) #define V_key_blockacq_lifetime VNET_IPSEC(key_blockacq_lifetime) #define V_key_cb VNET_IPSEC(key_cb) #define V_key_debug_level VNET_IPSEC(key_debug_level) #define V_key_int_random VNET_IPSEC(key_int_random) #define V_key_larval_lifetime VNET_IPSEC(key_larval_lifetime) #define V_key_preferred_oldsa VNET_IPSEC(key_preferred_oldsa) #define V_key_spi_maxval VNET_IPSEC(key_spi_maxval) #define V_key_spi_minval VNET_IPSEC(key_spi_minval) #define V_key_spi_trycnt VNET_IPSEC(key_spi_trycnt) #define V_pfkeystat VNET_IPSEC(pfkeystat) #define V_policy_id VNET_IPSEC(policy_id) #define V_regtree VNET_IPSEC(regtree) #define V_sahtree VNET_IPSEC(sahtree) #define V_spacqtree VNET_IPSEC(spacqtree) #define V_sptree VNET_IPSEC(sptree) #endif /* !_NETIPSEC_VIPSEC_H_ */