2 * Copyright (C) 1993-2002 by Darren Reed.
4 * See the IPFILTER.LICENCE file for details on licencing.
6 * @(#)ip_fil.h 1.35 6/5/96
7 * $Id: ip_fil.h,v 2.29.2.33 2002/06/04 14:46:28 darrenr Exp $
8 * $FreeBSD: src/sys/contrib/ipfilter/netinet/ip_fil.h,v 1.18.2.8 2004/07/05 06:02:35 darrenr Exp $
9 * $DragonFly: src/sys/contrib/ipfilter/netinet/ip_fil.h,v 1.8 2005/02/26 14:15:36 joerg Exp $
16 * Pathnames for various IP Filter control devices. Used by LKM
17 * and userland, so defined here.
19 #define IPNAT_NAME "/dev/ipnat"
20 #define IPSTATE_NAME "/dev/ipstate"
21 #define IPAUTH_NAME "/dev/ipauth"
24 # define SOLARIS (defined(sun) && (defined(__svr4__) || defined(__SVR4)))
27 #if defined(KERNEL) && !defined(_KERNEL)
32 # define offsetof(t,m) (int)((&((t *)0L)->m))
35 #if defined(__STDC__) || defined(__GNUC__)
36 # define SIOCADAFR _IOW('r', 60, struct frentry *)
37 # define SIOCRMAFR _IOW('r', 61, struct frentry *)
38 # define SIOCSETFF _IOW('r', 62, u_int)
39 # define SIOCGETFF _IOR('r', 63, u_int)
40 # define SIOCGETFS _IOWR('r', 64, struct friostat *)
41 # define SIOCIPFFL _IOWR('r', 65, int)
42 # define SIOCIPFFB _IOR('r', 66, int)
43 # define SIOCADIFR _IOW('r', 67, struct frentry *)
44 # define SIOCRMIFR _IOW('r', 68, struct frentry *)
45 # define SIOCSWAPA _IOR('r', 69, u_int)
46 # define SIOCINAFR _IOW('r', 70, struct frentry *)
47 # define SIOCINIFR _IOW('r', 71, struct frentry *)
48 # define SIOCFRENB _IOW('r', 72, u_int)
49 # define SIOCFRSYN _IOW('r', 73, u_int)
50 # define SIOCFRZST _IOWR('r', 74, struct friostat *)
51 # define SIOCZRLST _IOWR('r', 75, struct frentry *)
52 # define SIOCAUTHW _IOWR('r', 76, struct frauth *)
53 # define SIOCAUTHR _IOWR('r', 77, struct frauth *)
54 # define SIOCATHST _IOWR('r', 78, struct fr_authstat *)
55 # define SIOCSTLCK _IOWR('r', 79, u_int)
56 # define SIOCSTPUT _IOWR('r', 80, struct ipstate_save *)
57 # define SIOCSTGET _IOWR('r', 81, struct ipstate_save *)
58 # define SIOCSTGSZ _IOWR('r', 82, struct natget)
59 # define SIOCGFRST _IOWR('r', 83, struct ipfrstat *)
60 # define SIOCIPFL6 _IOWR('r', 84, int)
62 # define SIOCADAFR _IOW(r, 60, struct frentry *)
63 # define SIOCRMAFR _IOW(r, 61, struct frentry *)
64 # define SIOCSETFF _IOW(r, 62, u_int)
65 # define SIOCGETFF _IOR(r, 63, u_int)
66 # define SIOCGETFS _IOWR(r, 64, struct friostat *)
67 # define SIOCIPFFL _IOWR(r, 65, int)
68 # define SIOCIPFFB _IOR(r, 66, int)
69 # define SIOCADIFR _IOW(r, 67, struct frentry *)
70 # define SIOCRMIFR _IOW(r, 68, struct frentry *)
71 # define SIOCSWAPA _IOR(r, 69, u_int)
72 # define SIOCINAFR _IOW(r, 70, struct frentry *)
73 # define SIOCINIFR _IOW(r, 71, struct frentry *)
74 # define SIOCFRENB _IOW(r, 72, u_int)
75 # define SIOCFRSYN _IOW(r, 73, u_int)
76 # define SIOCFRZST _IOWR(r, 74, struct friostat *)
77 # define SIOCZRLST _IOWR(r, 75, struct frentry *)
78 # define SIOCAUTHW _IOWR(r, 76, struct frauth *)
79 # define SIOCAUTHR _IOWR(r, 77, struct frauth *)
80 # define SIOCATHST _IOWR(r, 78, struct fr_authstat *)
81 # define SIOCSTLCK _IOWR(r, 79, u_int)
82 # define SIOCSTPUT _IOWR(r, 80, struct ipstate_save *)
83 # define SIOCSTGET _IOWR(r, 81, struct ipstate_save *)
84 # define SIOCSTGSZ _IOWR(r, 82, struct natget)
85 # define SIOCGFRST _IOWR(r, 83, struct ipfrstat *)
86 # define SIOCIPFL6 _IOWR(r, 84, int)
88 #define SIOCADDFR SIOCADAFR
89 #define SIOCDELFR SIOCRMAFR
90 #define SIOCINSFR SIOCINAFR
93 typedef struct fr_ip {
94 u_32_t fi_v:4; /* IP version */
95 u_32_t fi_fl:4; /* packet flags */
96 u_32_t fi_tos:8; /* IP packet TOS */
97 u_32_t fi_ttl:8; /* IP packet TTL */
98 u_32_t fi_p:8; /* IP packet protocol */
99 union i6addr fi_src; /* source address from packet */
100 union i6addr fi_dst; /* destination address from packet */
101 u_32_t fi_optmsk; /* bitmask composed from IP options */
102 u_short fi_secmsk; /* bitmask composed from IP security options */
103 u_short fi_auth; /* authentication code from IP sec. options */
106 #define FI_OPTIONS (FF_OPTIONS >> 24)
107 #define FI_TCPUDP (FF_TCPUDP >> 24) /* TCP/UCP implied comparison*/
108 #define FI_FRAG (FF_FRAG >> 24)
109 #define FI_SHORT (FF_SHORT >> 24)
110 #define FI_CMP (FI_OPTIONS|FI_TCPUDP|FI_SHORT)
112 #define fi_saddr fi_src.in4.s_addr
113 #define fi_daddr fi_dst.in4.s_addr
117 * These are both used by the state and NAT code to indicate that one port or
118 * the other should be treated as a wildcard.
120 #define FI_W_SPORT 0x00000100
121 #define FI_W_DPORT 0x00000200
122 #define FI_WILDP (FI_W_SPORT|FI_W_DPORT)
123 #define FI_W_SADDR 0x00000400
124 #define FI_W_DADDR 0x00000800
125 #define FI_WILDA (FI_W_SADDR|FI_W_DADDR)
126 #define FI_NEWFR 0x00001000 /* Create a filter rule */
127 #define FI_IGNOREPKT 0x00002000 /* Do not treat as a real packet */
128 #define FI_NORULE 0x00004000 /* Not direct a result of a rule */
130 typedef struct fr_info {
131 void *fin_ifp; /* interface packet is `on' */
132 struct fr_ip fin_fi; /* IP Packet summary */
133 u_short fin_data[2]; /* TCP/UDP ports, ICMP code/type */
134 u_int fin_out; /* in or out ? 1 == out, 0 == in */
135 u_short fin_hlen; /* length of IP header in bytes */
136 u_char fin_rev; /* state only: 1 = reverse */
137 u_char fin_tcpf; /* TCP header flags (SYN, ACK, etc) */
138 u_int fin_icode; /* ICMP error to return */
139 u_32_t fin_rule; /* rule # last matched */
140 u_32_t fin_group; /* group number, -1 for none */
141 struct frentry *fin_fr; /* last matching rule */
142 char *fin_dp; /* start of data past IP header */
145 u_short fin_dlen; /* length of data portion of packet */
146 u_short fin_id; /* IP packet id field */
148 mb_t **fin_mp; /* pointer to pointer to mbuf */
150 void *fin_qfm; /* pointer to mblk where pkt starts */
155 #define fin_v fin_fi.fi_v
156 #define fin_p fin_fi.fi_p
157 #define fin_saddr fin_fi.fi_saddr
158 #define fin_src fin_fi.fi_src.in4
159 #define fin_daddr fin_fi.fi_daddr
160 #define fin_dst fin_fi.fi_dst.in4
161 #define fin_fl fin_fi.fi_fl
164 * Size for compares on fr_info structures
166 #define FI_CSIZE offsetof(fr_info_t, fin_icode)
167 #define FI_LCSIZE offsetof(fr_info_t, fin_dp)
172 #define FM_BADSTATE 0x00000001
175 * Size for copying cache fr_info structure
177 #define FI_COPYSIZE offsetof(fr_info_t, fin_dp)
179 typedef struct frdest {
182 char fd_ifname[LIFNAMSIZ];
184 mb_t *fd_mp; /* cache resolver for to/dup-to */
188 #define fd_ip fd_ip6.in4
191 typedef struct frpcmp {
192 int frp_cmp; /* data for port comparisons */
193 u_short frp_port; /* top port for <> and >< */
194 u_short frp_top; /* top port for <> and >< */
197 typedef struct frtuc {
198 u_char ftu_tcpfm; /* tcp flags mask */
199 u_char ftu_tcpf; /* tcp flags */
204 #define ftu_scmp ftu_src.frp_cmp
205 #define ftu_dcmp ftu_dst.frp_cmp
206 #define ftu_sport ftu_src.frp_port
207 #define ftu_dport ftu_dst.frp_port
208 #define ftu_stop ftu_src.frp_top
209 #define ftu_dtop ftu_dst.frp_top
211 typedef struct frentry {
212 struct frentry *fr_next;
213 struct frentry *fr_grp;
214 int fr_ref; /* reference count - for grouping */
217 * These are only incremented when a packet matches this rule and
218 * it is the last match
223 * Fields after this may not change whilst in the kernel.
226 struct fr_ip fr_mip; /* mask structure */
229 u_short fr_icmpm; /* data for ICMP packets (mask) */
232 u_int fr_age[2]; /* aging for state */
234 u_32_t fr_group; /* group to which this rule belongs */
235 u_32_t fr_grhead; /* group # which this rule starts */
236 u_32_t fr_flags; /* per-rule flags && options (see below) */
237 u_int fr_skip; /* # of rules to skip */
238 u_int fr_loglevel; /* syslog log facility + priority */
239 int (*fr_func) (int, ip_t *, fr_info_t *); /* call this function */
240 int fr_sap; /* For solaris only */
241 u_char fr_icode; /* return ICMP code */
242 char fr_ifnames[4][LIFNAMSIZ];
243 struct frdest fr_tif; /* "to" interface */
244 struct frdest fr_dif; /* duplicate packet interfaces */
245 u_int fr_cksum; /* checksum on filter rules for performance */
248 #define fr_v fr_ip.fi_v
249 #define fr_proto fr_ip.fi_p
250 #define fr_ttl fr_ip.fi_ttl
251 #define fr_tos fr_ip.fi_tos
252 #define fr_tcpfm fr_tuc.ftu_tcpfm
253 #define fr_tcpf fr_tuc.ftu_tcpf
254 #define fr_scmp fr_tuc.ftu_scmp
255 #define fr_dcmp fr_tuc.ftu_dcmp
256 #define fr_dport fr_tuc.ftu_dport
257 #define fr_sport fr_tuc.ftu_sport
258 #define fr_stop fr_tuc.ftu_stop
259 #define fr_dtop fr_tuc.ftu_dtop
260 #define fr_dst fr_ip.fi_dst.in4
261 #define fr_src fr_ip.fi_src.in4
262 #define fr_dmsk fr_mip.fi_dst.in4
263 #define fr_smsk fr_mip.fi_src.in4
264 #define fr_ifname fr_ifnames[0]
265 #define fr_oifname fr_ifnames[2]
266 #define fr_ifa fr_ifas[0]
267 #define fr_oifa fr_ifas[2]
269 #define FR_CMPSIZ (sizeof(struct frentry) - offsetof(frentry_t, fr_ip))
274 #define FR_BLOCK 0x00001 /* do not allow packet to pass */
275 #define FR_PASS 0x00002 /* allow packet to pass */
276 #define FR_OUTQUE 0x00004 /* outgoing packets */
277 #define FR_INQUE 0x00008 /* ingoing packets */
278 #define FR_LOG 0x00010 /* Log */
279 #define FR_LOGB 0x00011 /* Log-fail */
280 #define FR_LOGP 0x00012 /* Log-pass */
281 #define FR_NOTSRCIP 0x00020 /* not the src IP# */
282 #define FR_NOTDSTIP 0x00040 /* not the dst IP# */
283 #define FR_RETRST 0x00080 /* Return TCP RST packet - reset connection */
284 #define FR_RETICMP 0x00100 /* Return ICMP unreachable packet */
285 #define FR_FAKEICMP 0x00180 /* Return ICMP unreachable with fake source */
286 #define FR_NOMATCH 0x00200 /* no match occured */
287 #define FR_ACCOUNT 0x00400 /* count packet bytes */
288 #define FR_KEEPFRAG 0x00800 /* keep fragment information */
289 #define FR_KEEPSTATE 0x01000 /* keep `connection' state information */
290 #define FR_INACTIVE 0x02000
291 #define FR_QUICK 0x04000 /* match & stop processing list */
292 #define FR_FASTROUTE 0x08000 /* bypass normal routing */
293 #define FR_CALLNOW 0x10000 /* call another function (fr_func) if matches */
294 #define FR_DUP 0x20000 /* duplicate packet */
295 #define FR_LOGORBLOCK 0x40000 /* block the packet if it can't be logged */
296 #define FR_LOGBODY 0x80000 /* Log the body */
297 #define FR_LOGFIRST 0x100000 /* Log the first byte if state held */
298 #define FR_AUTH 0x200000 /* use authentication */
299 #define FR_PREAUTH 0x400000 /* require preauthentication */
300 #define FR_DONTCACHE 0x800000 /* don't cache the result */
302 #define FR_LOGMASK (FR_LOG|FR_LOGP|FR_LOGB)
303 #define FR_RETMASK (FR_RETICMP|FR_RETRST|FR_FAKEICMP)
306 * These correspond to #define's for FI_* and are stored in fr_flags
308 #define FF_OPTIONS 0x01000000
309 #define FF_TCPUDP 0x02000000
310 #define FF_FRAG 0x04000000
311 #define FF_SHORT 0x08000000
313 * recognized flags for SIOCGETFF and SIOCSETFF, and get put in fr_flags
315 #define FF_LOGPASS 0x10000000
316 #define FF_LOGBLOCK 0x20000000
317 #define FF_LOGNOMATCH 0x40000000
318 #define FF_LOGGING (FF_LOGPASS|FF_LOGBLOCK|FF_LOGNOMATCH)
319 #define FF_BLOCKNONIP 0x80000000 /* Solaris2 Only */
325 #define FR_GREATERT 4
327 #define FR_GREATERTE 6
328 #define FR_OUTRANGE 7
331 typedef struct filterstats {
332 u_long fr_pass; /* packets allowed */
333 u_long fr_block; /* packets denied */
334 u_long fr_nom; /* packets which don't match any rule */
335 u_long fr_short; /* packets which are short */
336 u_long fr_ppkl; /* packets allowed and logged */
337 u_long fr_bpkl; /* packets denied and logged */
338 u_long fr_npkl; /* packets unmatched and logged */
339 u_long fr_pkl; /* packets logged */
340 u_long fr_skip; /* packets to be logged but buffer full */
341 u_long fr_ret; /* packets for which a return is sent */
342 u_long fr_acct; /* packets for which counting was performed */
343 u_long fr_bnfr; /* bad attempts to allocate fragment state */
344 u_long fr_nfr; /* new fragment state kept */
345 u_long fr_cfr; /* add new fragment state but complete pkt */
346 u_long fr_bads; /* bad attempts to allocate packet state */
347 u_long fr_ads; /* new packet state kept */
348 u_long fr_chit; /* cached hit */
349 u_long fr_tcpbad; /* TCP checksum check failures */
350 u_long fr_pull[2]; /* good and bad pullup attempts */
351 u_long fr_badsrc; /* source received doesn't match route */
352 u_long fr_badttl; /* TTL in packet doesn't reach minimum */
354 u_long fr_notdata; /* PROTO/PCPROTO that have no data */
355 u_long fr_nodata; /* mblks that have no data */
356 u_long fr_bad; /* bad IP packets to the filter */
357 u_long fr_notip; /* packets passed through no on ip queue */
358 u_long fr_drop; /* packets dropped - no info for them! */
359 u_long fr_copy; /* messages copied due to db_ref > 1 */
361 u_long fr_ipv6[2]; /* IPv6 packets in/out */
367 typedef struct friostat {
368 struct filterstats f_st[2];
369 struct frentry *f_fin[2];
370 struct frentry *f_fout[2];
371 struct frentry *f_acctin[2];
372 struct frentry *f_acctout[2];
373 struct frentry *f_fin6[2];
374 struct frentry *f_fout6[2];
375 struct frentry *f_acctin6[2];
376 struct frentry *f_acctout6[2];
377 struct frentry *f_auth;
378 struct frgroup *f_groups[3][2];
380 int f_defpass; /* default pass - from fr_pass */
381 char f_active; /* 1 or 0 - active rule set */
382 char f_running; /* 1 if running, else 0 */
383 char f_logging; /* 1 if enabled, else 0 */
384 char f_version[32]; /* version string */
388 typedef struct optlist {
395 * Group list structure.
397 typedef struct frgroup {
399 struct frgroup *fg_next;
400 struct frentry *fg_head;
401 struct frentry **fg_start;
406 * Log structure. Each packet header logged is prepended by one of these.
407 * Following this in the log records read from the device will be an ipflog
408 * structure which is then followed by any packet data.
410 typedef struct iplog {
413 struct timeval ipl_tv;
415 struct iplog *ipl_next;
418 #define ipl_sec ipl_tv.tv_sec
419 #define ipl_usec ipl_tv.tv_usec
421 #define IPL_MAGIC 0x49504c4d /* 'IPLM' */
422 #define IPLOG_SIZE sizeof(iplog_t)
424 typedef struct ipflog {
425 #if (defined(NetBSD) && (NetBSD <= 1991011) && (NetBSD >= 199603)) || \
426 (defined(OpenBSD) && (OpenBSD >= 199603)) || defined(__DragonFly__)
427 char fl_ifname[LIFNAMSIZ];
430 char fl_ifname[LIFNAMSIZ];
432 u_char fl_plen; /* extra data after hlen */
433 u_char fl_hlen; /* length of IP headers saved */
434 u_short fl_loglevel; /* syslog log level */
443 #ifndef ICMP_UNREACH_FILTER
444 # define ICMP_UNREACH_FILTER 13
448 # define IPF_LOGGING 0
450 #ifndef IPF_DEFAULT_PASS
451 # define IPF_DEFAULT_PASS FR_PASS
454 #define IPMINLEN(i, h) ((i)->ip_len >= ((i)->ip_hl * 4 + sizeof(struct h)))
455 #define IPLLOGSIZE 8192
457 #define IPF_OPTCOPY 0x07ff00 /* bit mask of copied options */
460 * Device filenames for reading log information. Use ipf on Solaris2 because
461 * ipl is already a name used by something else.
465 # define IPL_NAME "/dev/ipf"
467 # define IPL_NAME "/dev/ipl"
470 #define IPL_NAT IPNAT_NAME
471 #define IPL_STATE IPSTATE_NAME
472 #define IPL_AUTH IPAUTH_NAME
474 #define IPL_LOGIPF 0 /* Minor device #'s for accessing logs */
476 #define IPL_LOGSTATE 2
477 #define IPL_LOGAUTH 3
480 #if !defined(CDEV_MAJOR) && (defined(__DragonFly__) || \
481 (defined (__FreeBSD_version) && __FreeBSD_version >= 220000))
482 # define CDEV_MAJOR 79
486 * Post NetBSD 1.2 has the PFIL interface for packet filters. This turns
487 * on those hooks. We don't need any special mods in non-IP Filter code
490 #if (defined(NetBSD) && (NetBSD > 199609) && (NetBSD <= 1991011)) || \
491 (defined(NetBSD1_2) && NetBSD1_2 > 1) || (__DragonFly_version >= 100000)
492 # if (NetBSD >= 199905) || (__DragonFly_version >= 100000)
503 extern char *get_ifname (struct ifnet *);
504 extern int fr_check (ip_t *, int, void *, int, mb_t **);
505 extern int (*fr_checkp) (ip_t *, int, void *, int, mb_t **);
506 extern int send_reset (ip_t *, fr_info_t *);
507 extern int send_icmp_err (ip_t *, int, fr_info_t *, int);
508 extern int ipf_log (void);
509 extern struct ifnet *get_unit (char *, int);
510 extern int mbuflen (mb_t *);
511 # if defined(__DragonFly__) || defined(__NetBSD__) || defined(__OpenBSD__) || \
512 (_BSDI_VERSION >= 199701) || (__FreeBSD_version >= 300000)
513 extern int iplioctl (dev_t, u_long, caddr_t, int);
515 extern int iplioctl (dev_t, int, caddr_t, int);
517 extern int iplopen (dev_t, int);
518 extern int iplclose (dev_t, int);
519 #else /* #ifndef _KERNEL */
520 # if defined(__NetBSD__) && defined(PFIL_HOOKS)
521 extern void ipfilterattach (int);
523 extern int iplattach (void);
524 extern int ipl_enable (void);
525 extern int ipl_disable (void);
526 extern int send_icmp_err (ip_t *, int, fr_info_t *, int);
527 extern int send_reset (ip_t *, fr_info_t *);
529 extern int fr_check (ip_t *, int, void *, int, qif_t *, mb_t **);
530 extern int (*fr_checkp) (ip_t *, int, void *,
531 int, qif_t *, mb_t **);
533 extern int iplioctl (dev_t, int, intptr_t, int, cred_t *, int *);
535 extern int iplioctl (dev_t, int, int *, int, cred_t *, int *);
537 extern int iplopen (dev_t *, int, int, cred_t *);
538 extern int iplclose (dev_t, int, int, cred_t *);
539 extern int ipfsync (void);
540 extern int ipfr_fastroute (ip_t *, mblk_t *, mblk_t **,
541 fr_info_t *, frdest_t *);
542 extern void copyin_mblk (mblk_t *, size_t, size_t, char *);
543 extern void copyout_mblk (mblk_t *, size_t, size_t, char *);
544 extern int fr_qin (queue_t *, mblk_t *);
545 extern int fr_qout (queue_t *, mblk_t *);
546 extern int iplread (dev_t, struct uio *, cred_t *);
548 extern int fr_check (ip_t *, int, void *, int, mb_t **);
549 extern int (*fr_checkp) (ip_t *, int, void *, int, mb_t **);
550 extern int ipfr_fastroute (mb_t *, mb_t **, fr_info_t *, frdest_t *);
551 extern size_t mbufchainlen (mb_t *);
553 # include <sys/cred.h>
554 extern int iplioctl (dev_t, int, caddr_t, int, cred_t *, int *);
555 extern int iplopen (dev_t *, int, int, cred_t *);
556 extern int iplclose (dev_t, int, int, cred_t *);
557 extern int iplread (dev_t, struct uio *, cred_t *);
558 extern int ipfsync (void);
559 extern int ipfilter_sgi_attach (void);
560 extern void ipfilter_sgi_detach (void);
561 extern void ipfilter_sgi_intfsync (void);
564 extern int iplidentify (char *);
566 #if defined(__DragonFly__) || defined(__FreeBSD__)
567 extern int iplioctl (dev_t, u_long, caddr_t, int, struct thread *);
568 extern int iplopen (dev_t, int, int, struct thread *);
569 extern int iplclose (dev_t, int, int, struct thread *);
571 # if defined(__DragonFly__) || (_BSDI_VERSION >= 199510) || (__FreeBSD_version >= 220000) || \
572 (NetBSD >= 199511) || defined(__OpenBSD__)
573 # if defined(__NetBSD__) || (_BSDI_VERSION >= 199701) || \
574 defined(__OpenBSD__) || defined(__DragonFly__) || (__FreeBSD_version >= 300000)
575 extern int iplioctl (dev_t, u_long, caddr_t, int, struct proc *);
577 extern int iplioctl (dev_t, int, caddr_t, int, struct proc *);
579 extern int iplopen (dev_t, int, int, struct proc *);
580 extern int iplclose (dev_t, int, int, struct proc *);
583 extern int iplopen (dev_t, int);
584 extern int iplclose (dev_t, int);
585 extern int iplioctl (dev_t, int, caddr_t, int);
587 extern int iplioctl(struct inode *, struct file *, u_int, u_long);
588 extern int iplopen (struct inode *, struct file *);
589 extern void iplclose (struct inode *, struct file *);
591 # endif /* (_BSDI_VERSION >= 199510) */
594 extern int iplread (dev_t, struct uio *, int);
597 extern int iplread (dev_t, struct uio *);
599 extern int iplread(struct inode *, struct file *, char *, int);
601 # endif /* BSD >= 199306 */
603 # endif /* SOLARIS */
604 #endif /* #ifndef _KERNEL */
606 extern char *memstr (char *, char *, int, int);
607 extern void fixskip (frentry_t **, frentry_t *, int);
608 extern int countbits (u_32_t);
609 extern int ipldetach (void);
610 extern u_short ipf_cksum (u_short *, int);
611 extern int ircopyptr (void *, void *, size_t);
612 extern int iwcopyptr (void *, void *, size_t);
614 extern void ipflog_init (void);
615 extern int ipflog_clear (minor_t);
616 extern int ipflog (u_int, ip_t *, fr_info_t *, mb_t *);
617 extern int ipllog (int, fr_info_t *, void **, size_t *, int *, int);
618 extern int ipflog_read (minor_t, struct uio *);
620 extern int frflush (minor_t, int, int);
621 extern void frsync (void);
622 extern frgroup_t *fr_addgroup (u_32_t, frentry_t *, minor_t, int);
623 extern void fr_delgroup (u_32_t, u_32_t, minor_t, int);
624 extern frgroup_t *fr_findgroup (u_32_t, u_32_t, minor_t, int,
627 extern int fr_copytolog (int, char *, int);
628 extern void fr_forgetifp (void *);
629 extern void fr_getstat (struct friostat *);
630 extern int fr_ifpaddr (int, void *, struct in_addr *);
631 extern int fr_lock (caddr_t, int *);
632 extern int fr_makefrip (int, ip_t *, fr_info_t *);
633 extern u_short fr_tcpsum (mb_t *, ip_t *, tcphdr_t *);
634 extern int fr_scanlist (u_32_t, ip_t *, fr_info_t *, void *);
635 extern int fr_tcpudpchk (frtuc_t *, fr_info_t *);
636 extern int fr_verifysrc (struct in_addr, void *);
638 extern int ipl_unreach;
639 extern int fr_running;
640 extern u_long ipl_frouteok[2];
643 extern int fr_active;
644 extern int fr_chksrc;
645 extern int fr_minttl;
646 extern int fr_minttllog;
647 extern fr_info_t frcache[2];
648 extern char ipfilter_version[];
649 extern iplog_t **iplh[IPL_LOGMAX+1], *iplt[IPL_LOGMAX+1];
650 extern size_t iplused[IPL_LOGMAX + 1];
651 extern struct frentry *ipfilter[2][2], *ipacct[2][2];
653 extern struct frentry *ipfilter6[2][2], *ipacct6[2][2];
654 extern int icmptoicmp6types[ICMP_MAXTYPE+1];
655 extern int icmptoicmp6unreach[ICMP_MAX_UNREACH];
657 extern struct frgroup *ipfgroups[3][2];
658 extern struct filterstats frstats[];
660 #endif /* __IP_FIL_H__ */
projects / dragonfly.git / blob