X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;ds=sidebyside;f=dummynet2%2Finclude%2Fnetinet%2Fipfw%2Fip_fw_private.h;fp=dummynet2%2Finclude%2Fnetinet%2Fipfw%2Fip_fw_private.h;h=5bf3416995ad9d2e20673f45aa06d8d8c7e35db5;hb=40445faa1db58b90083115bc315d095e7eb2fe51;hp=41ae8456f8345dbaa376e8568766e0fd1d868814;hpb=fccf30d4bf6b00b317756a9ff9d2135b361d2599;p=ipfw.git diff --git a/dummynet2/include/netinet/ipfw/ip_fw_private.h b/dummynet2/include/netinet/ipfw/ip_fw_private.h index 41ae845..5bf3416 100644 --- a/dummynet2/include/netinet/ipfw/ip_fw_private.h +++ b/dummynet2/include/netinet/ipfw/ip_fw_private.h @@ -35,8 +35,18 @@ #ifdef _KERNEL -#define MTAG_IPFW 1148380143 /* IPFW-tagged cookie */ -#define MTAG_IPFW_RULE 1262273568 /* rule reference */ +/* + * For platforms that do not have SYSCTL support, we wrap the + * SYSCTL_* into a function (one per file) to collect the values + * into an array at module initialization. The wrapping macros, + * SYSBEGIN() and SYSEND, are empty in the default case. + */ +#ifndef SYSBEGIN +#define SYSBEGIN(x) +#endif +#ifndef SYSEND +#define SYSEND +#endif /* Return values from ipfw_chk() */ enum { @@ -66,38 +76,6 @@ struct _ip6dn_args { struct route_in6 ro_pmtu_or; }; -/* - * Reference to an ipfw rule that can be carried outside critical sections. - * A rule is identified by rulenum:rule_id which is ordered. - * In version chain_id the rule can be found in slot 'slot', so - * we don't need a lookup if chain_id == chain->id. - * - * On exit from the firewall this structure refers to the rule after - * the matching one (slot points to the new rule; rulenum:rule_id-1 - * is the matching rule), and additional info (e.g. info often contains - * the insn argument or tablearg in the low 16 bits, in host format). - * On entry, the structure is valid if slot>0, and refers to the starting - * rules. 'info' contains the reason for reinject, e.g. divert port, - * divert direction, and so on. - */ -struct ipfw_rule_ref { - uint32_t slot; /* slot for matching rule */ - uint32_t rulenum; /* matching rule number */ - uint32_t rule_id; /* matching rule id */ - uint32_t chain_id; /* ruleset id */ - uint32_t info; /* see below */ -}; - -enum { - IPFW_INFO_MASK = 0x0000ffff, - IPFW_INFO_OUT = 0x00000000, /* outgoing, just for convenience */ - IPFW_INFO_IN = 0x80000000, /* incoming, overloads dir */ - IPFW_ONEPASS = 0x40000000, /* One-pass, do not reinject */ - IPFW_IS_MASK = 0x30000000, /* which source ? */ - IPFW_IS_DIVERT = 0x20000000, - IPFW_IS_DUMMYNET =0x10000000, - IPFW_IS_PIPE = 0x08000000, /* pip1=1, queue = 0 */ -}; /* * Arguments for calling ipfw_chk() and dummynet_io(). We put them @@ -153,11 +131,13 @@ enum { }; /* wrapper for freeing a packet, in case we need to do more work */ -#ifdef __linux__ +#ifndef FREE_PKT +#if defined(__linux__) || defined(_WIN32) #define FREE_PKT(m) netisr_dispatch(-1, m) #else #define FREE_PKT(m) m_freem(m) #endif +#endif /* !FREE_PKT */ /* * Function definitions. @@ -283,13 +263,17 @@ int ipfw_ctl(struct sockopt *sopt); int ipfw_chk(struct ip_fw_args *args); void ipfw_reap_rules(struct ip_fw *head); +/* In ip_fw_pfil */ +int ipfw_check_hook(void *arg, struct mbuf **m0, struct ifnet *ifp, int dir, + struct inpcb *inp); + /* In ip_fw_table.c */ struct radix_node; int ipfw_lookup_table(struct ip_fw_chain *ch, uint16_t tbl, in_addr_t addr, uint32_t *val); int ipfw_init_tables(struct ip_fw_chain *ch); +void ipfw_destroy_tables(struct ip_fw_chain *ch); int ipfw_flush_table(struct ip_fw_chain *ch, uint16_t tbl); -void ipfw_flush_tables(struct ip_fw_chain *ch); int ipfw_add_table_entry(struct ip_fw_chain *ch, uint16_t tbl, in_addr_t addr, uint8_t mlen, uint32_t value); int ipfw_dump_table_entry(struct radix_node *rn, void *arg); @@ -298,10 +282,7 @@ int ipfw_del_table_entry(struct ip_fw_chain *ch, uint16_t tbl, in_addr_t addr, int ipfw_count_table(struct ip_fw_chain *ch, uint32_t tbl, uint32_t *cnt); int ipfw_dump_table(struct ip_fw_chain *ch, ipfw_table *tbl); -/* hooks for divert */ -extern void (*ip_divert_ptr)(struct mbuf *m, int incoming); - -/* In ip_fw_nat.c */ +/* In ip_fw_nat.c -- XXX to be moved to ip_var.h */ extern struct cfg_nat *(*lookup_nat_ptr)(struct nat_list *, int); @@ -316,14 +297,5 @@ extern ipfw_nat_cfg_t *ipfw_nat_del_ptr; extern ipfw_nat_cfg_t *ipfw_nat_get_cfg_ptr; extern ipfw_nat_cfg_t *ipfw_nat_get_log_ptr; -/* netgraph prototypes */ - -typedef int ng_ipfw_input_t(struct mbuf **, int, struct ip_fw_args *, int); -extern ng_ipfw_input_t *ng_ipfw_input_p; -#define NG_IPFW_LOADED (ng_ipfw_input_p != NULL) - -#define TAGSIZ (sizeof(struct ng_ipfw_tag) - sizeof(struct m_tag)) - - #endif /* _KERNEL */ #endif /* _IPFW2_PRIVATE_H */