int ipfw_chk(struct ip_fw_args *);
-int ipfw_init(void);
-void ipfw_destroy(void);
-
-typedef int ip_fw_ctl_t(struct sockopt *);
-extern ip_fw_ctl_t *ip_fw_ctl_ptr;
-extern int fw_one_pass;
-extern int fw_enable;
-#ifdef INET6
-extern int fw6_enable;
+int ipfw_hook(void);
+int ipfw6_hook(void);
+int ipfw_unhook(void);
+int ipfw6_unhook(void);
+#ifdef NOTYET
+void ipfw_nat_destroy(void);
#endif
-/* For kernel ipfw_ether and ipfw_bridge. */
-typedef int ip_fw_chk_t(struct ip_fw_args *args);
-extern ip_fw_chk_t *ip_fw_chk_ptr;
+#define IPFW_HAVE_SKIPTO_TABLE
-#ifdef IPFW_INTERNAL
+struct _rulepointer {
+ struct ip_fw *rule;
+ uint32_t id;
+};
+
+VNET_DECLARE(int, fw_one_pass);
+VNET_DECLARE(int, fw_enable);
+#define V_fw_one_pass VNET(fw_one_pass)
+#define V_fw_enable VNET(fw_enable)
+
+#ifdef INET6
+VNET_DECLARE(int, fw6_enable);
+#define V_fw6_enable VNET(fw6_enable)
+#endif
struct ip_fw_chain {
struct ip_fw *rules; /* list of rules */
struct rwlock rwmtx;
#endif /* !__linux__ */
uint32_t id; /* ruleset id */
+ struct _rulepointer skipto_pointers[64*1024];
+ struct new_hash_table *global_tables[128];
};
+
+#ifdef IPFW_INTERNAL
+
#define IPFW_LOCK_INIT(_chain) \
rw_init(&(_chain)->rwmtx, "IPFW static rules")
#define IPFW_LOCK_DESTROY(_chain) rw_destroy(&(_chain)->rwmtx)
typedef int ipfw_nat_cfg_t(struct sockopt *);
#endif
+VNET_DECLARE(struct ip_fw_chain, layer3_chain);
+#define V_layer3_chain VNET(layer3_chain)
+
#endif /* _KERNEL */
#endif /* _IPFW2_H */
git://git.onelab.eu / ipfw.git / blobdiff