2 * Copyright (C) 1993-2002 by Darren Reed.
4 * See the IPFILTER.LICENCE file for details on licencing.
6 * @(#)ip_fil.h 1.35 6/5/96
7 * $Id: ip_fil.h,v 2.29.2.33 2002/06/04 14:46:28 darrenr Exp $
8 * $FreeBSD: src/sys/contrib/ipfilter/netinet/ip_fil.h,v 1.18.2.8 2004/07/05 06:02:35 darrenr Exp $
9 * $DragonFly: src/sys/contrib/ipfilter/netinet/ip_fil.h,v 1.11 2006/07/29 03:49:01 y0netan1 Exp $
15 #if defined(__DragonFly__)
16 #include <sys/device.h>
20 * Pathnames for various IP Filter control devices. Used by LKM
21 * and userland, so defined here.
23 #define IPNAT_NAME "/dev/ipnat"
24 #define IPSTATE_NAME "/dev/ipstate"
25 #define IPAUTH_NAME "/dev/ipauth"
28 # define SOLARIS (defined(sun) && (defined(__svr4__) || defined(__SVR4)))
31 #if defined(KERNEL) && !defined(_KERNEL)
36 # define offsetof(t,m) (int)((&((t *)0L)->m))
39 #if defined(__STDC__) || defined(__GNUC__)
40 # define SIOCADAFR _IOW('r', 60, struct frentry *)
41 # define SIOCRMAFR _IOW('r', 61, struct frentry *)
42 # define SIOCSETFF _IOW('r', 62, u_int)
43 # define SIOCGETFF _IOR('r', 63, u_int)
44 # define SIOCGETFS _IOWR('r', 64, struct friostat *)
45 # define SIOCIPFFL _IOWR('r', 65, int)
46 # define SIOCIPFFB _IOR('r', 66, int)
47 # define SIOCADIFR _IOW('r', 67, struct frentry *)
48 # define SIOCRMIFR _IOW('r', 68, struct frentry *)
49 # define SIOCSWAPA _IOR('r', 69, u_int)
50 # define SIOCINAFR _IOW('r', 70, struct frentry *)
51 # define SIOCINIFR _IOW('r', 71, struct frentry *)
52 # define SIOCFRENB _IOW('r', 72, u_int)
53 # define SIOCFRSYN _IOW('r', 73, u_int)
54 # define SIOCFRZST _IOWR('r', 74, struct friostat *)
55 # define SIOCZRLST _IOWR('r', 75, struct frentry *)
56 # define SIOCAUTHW _IOWR('r', 76, struct frauth *)
57 # define SIOCAUTHR _IOWR('r', 77, struct frauth *)
58 # define SIOCATHST _IOWR('r', 78, struct fr_authstat *)
59 # define SIOCSTLCK _IOWR('r', 79, u_int)
60 # define SIOCSTPUT _IOWR('r', 80, struct ipstate_save *)
61 # define SIOCSTGET _IOWR('r', 81, struct ipstate_save *)
62 # define SIOCSTGSZ _IOWR('r', 82, struct natget)
63 # define SIOCGFRST _IOWR('r', 83, struct ipfrstat *)
64 # define SIOCIPFL6 _IOWR('r', 84, int)
66 # define SIOCADAFR _IOW(r, 60, struct frentry *)
67 # define SIOCRMAFR _IOW(r, 61, struct frentry *)
68 # define SIOCSETFF _IOW(r, 62, u_int)
69 # define SIOCGETFF _IOR(r, 63, u_int)
70 # define SIOCGETFS _IOWR(r, 64, struct friostat *)
71 # define SIOCIPFFL _IOWR(r, 65, int)
72 # define SIOCIPFFB _IOR(r, 66, int)
73 # define SIOCADIFR _IOW(r, 67, struct frentry *)
74 # define SIOCRMIFR _IOW(r, 68, struct frentry *)
75 # define SIOCSWAPA _IOR(r, 69, u_int)
76 # define SIOCINAFR _IOW(r, 70, struct frentry *)
77 # define SIOCINIFR _IOW(r, 71, struct frentry *)
78 # define SIOCFRENB _IOW(r, 72, u_int)
79 # define SIOCFRSYN _IOW(r, 73, u_int)
80 # define SIOCFRZST _IOWR(r, 74, struct friostat *)
81 # define SIOCZRLST _IOWR(r, 75, struct frentry *)
82 # define SIOCAUTHW _IOWR(r, 76, struct frauth *)
83 # define SIOCAUTHR _IOWR(r, 77, struct frauth *)
84 # define SIOCATHST _IOWR(r, 78, struct fr_authstat *)
85 # define SIOCSTLCK _IOWR(r, 79, u_int)
86 # define SIOCSTPUT _IOWR(r, 80, struct ipstate_save *)
87 # define SIOCSTGET _IOWR(r, 81, struct ipstate_save *)
88 # define SIOCSTGSZ _IOWR(r, 82, struct natget)
89 # define SIOCGFRST _IOWR(r, 83, struct ipfrstat *)
90 # define SIOCIPFL6 _IOWR(r, 84, int)
92 #define SIOCADDFR SIOCADAFR
93 #define SIOCDELFR SIOCRMAFR
94 #define SIOCINSFR SIOCINAFR
97 typedef struct fr_ip {
98 u_32_t fi_v:4; /* IP version */
99 u_32_t fi_fl:4; /* packet flags */
100 u_32_t fi_tos:8; /* IP packet TOS */
101 u_32_t fi_ttl:8; /* IP packet TTL */
102 u_32_t fi_p:8; /* IP packet protocol */
103 union i6addr fi_src; /* source address from packet */
104 union i6addr fi_dst; /* destination address from packet */
105 u_32_t fi_optmsk; /* bitmask composed from IP options */
106 u_short fi_secmsk; /* bitmask composed from IP security options */
107 u_short fi_auth; /* authentication code from IP sec. options */
110 #define FI_OPTIONS (FF_OPTIONS >> 24)
111 #define FI_TCPUDP (FF_TCPUDP >> 24) /* TCP/UCP implied comparison*/
112 #define FI_FRAG (FF_FRAG >> 24)
113 #define FI_SHORT (FF_SHORT >> 24)
114 #define FI_CMP (FI_OPTIONS|FI_TCPUDP|FI_SHORT)
116 #define fi_saddr fi_src.in4.s_addr
117 #define fi_daddr fi_dst.in4.s_addr
121 * These are both used by the state and NAT code to indicate that one port or
122 * the other should be treated as a wildcard.
124 #define FI_W_SPORT 0x00000100
125 #define FI_W_DPORT 0x00000200
126 #define FI_WILDP (FI_W_SPORT|FI_W_DPORT)
127 #define FI_W_SADDR 0x00000400
128 #define FI_W_DADDR 0x00000800
129 #define FI_WILDA (FI_W_SADDR|FI_W_DADDR)
130 #define FI_NEWFR 0x00001000 /* Create a filter rule */
131 #define FI_IGNOREPKT 0x00002000 /* Do not treat as a real packet */
132 #define FI_NORULE 0x00004000 /* Not direct a result of a rule */
134 typedef struct fr_info {
135 void *fin_ifp; /* interface packet is `on' */
136 struct fr_ip fin_fi; /* IP Packet summary */
137 u_short fin_data[2]; /* TCP/UDP ports, ICMP code/type */
138 u_int fin_out; /* in or out ? 1 == out, 0 == in */
139 u_short fin_hlen; /* length of IP header in bytes */
140 u_char fin_rev; /* state only: 1 = reverse */
141 u_char fin_tcpf; /* TCP header flags (SYN, ACK, etc) */
142 u_int fin_icode; /* ICMP error to return */
143 u_32_t fin_rule; /* rule # last matched */
144 u_32_t fin_group; /* group number, -1 for none */
145 struct frentry *fin_fr; /* last matching rule */
146 char *fin_dp; /* start of data past IP header */
149 u_short fin_dlen; /* length of data portion of packet */
150 u_short fin_id; /* IP packet id field */
152 mb_t **fin_mp; /* pointer to pointer to mbuf */
154 void *fin_qfm; /* pointer to mblk where pkt starts */
159 #define fin_v fin_fi.fi_v
160 #define fin_p fin_fi.fi_p
161 #define fin_saddr fin_fi.fi_saddr
162 #define fin_src fin_fi.fi_src.in4
163 #define fin_daddr fin_fi.fi_daddr
164 #define fin_dst fin_fi.fi_dst.in4
165 #define fin_fl fin_fi.fi_fl
168 * Size for compares on fr_info structures
170 #define FI_CSIZE offsetof(fr_info_t, fin_icode)
171 #define FI_LCSIZE offsetof(fr_info_t, fin_dp)
176 #define FM_BADSTATE 0x00000001
179 * Size for copying cache fr_info structure
181 #define FI_COPYSIZE offsetof(fr_info_t, fin_dp)
183 typedef struct frdest {
186 char fd_ifname[LIFNAMSIZ];
188 mb_t *fd_mp; /* cache resolver for to/dup-to */
192 #define fd_ip fd_ip6.in4
195 typedef struct frpcmp {
196 int frp_cmp; /* data for port comparisons */
197 u_short frp_port; /* top port for <> and >< */
198 u_short frp_top; /* top port for <> and >< */
201 typedef struct frtuc {
202 u_char ftu_tcpfm; /* tcp flags mask */
203 u_char ftu_tcpf; /* tcp flags */
208 #define ftu_scmp ftu_src.frp_cmp
209 #define ftu_dcmp ftu_dst.frp_cmp
210 #define ftu_sport ftu_src.frp_port
211 #define ftu_dport ftu_dst.frp_port
212 #define ftu_stop ftu_src.frp_top
213 #define ftu_dtop ftu_dst.frp_top
215 typedef struct frentry {
216 struct frentry *fr_next;
217 struct frentry *fr_grp;
218 int fr_ref; /* reference count - for grouping */
221 * These are only incremented when a packet matches this rule and
222 * it is the last match
227 * Fields after this may not change whilst in the kernel.
230 struct fr_ip fr_mip; /* mask structure */
233 u_short fr_icmpm; /* data for ICMP packets (mask) */
236 u_int fr_age[2]; /* aging for state */
238 u_32_t fr_group; /* group to which this rule belongs */
239 u_32_t fr_grhead; /* group # which this rule starts */
240 u_32_t fr_flags; /* per-rule flags && options (see below) */
241 u_int fr_skip; /* # of rules to skip */
242 u_int fr_loglevel; /* syslog log facility + priority */
243 int (*fr_func) (int, ip_t *, fr_info_t *); /* call this function */
244 int fr_sap; /* For solaris only */
245 u_char fr_icode; /* return ICMP code */
246 char fr_ifnames[4][LIFNAMSIZ];
247 struct frdest fr_tif; /* "to" interface */
248 struct frdest fr_dif; /* duplicate packet interfaces */
249 u_int fr_cksum; /* checksum on filter rules for performance */
252 #define fr_v fr_ip.fi_v
253 #define fr_proto fr_ip.fi_p
254 #define fr_ttl fr_ip.fi_ttl
255 #define fr_tos fr_ip.fi_tos
256 #define fr_tcpfm fr_tuc.ftu_tcpfm
257 #define fr_tcpf fr_tuc.ftu_tcpf
258 #define fr_scmp fr_tuc.ftu_scmp
259 #define fr_dcmp fr_tuc.ftu_dcmp
260 #define fr_dport fr_tuc.ftu_dport
261 #define fr_sport fr_tuc.ftu_sport
262 #define fr_stop fr_tuc.ftu_stop
263 #define fr_dtop fr_tuc.ftu_dtop
264 #define fr_dst fr_ip.fi_dst.in4
265 #define fr_src fr_ip.fi_src.in4
266 #define fr_dmsk fr_mip.fi_dst.in4
267 #define fr_smsk fr_mip.fi_src.in4
268 #define fr_ifname fr_ifnames[0]
269 #define fr_oifname fr_ifnames[2]
270 #define fr_ifa fr_ifas[0]
271 #define fr_oifa fr_ifas[2]
273 #define FR_CMPSIZ (sizeof(struct frentry) - offsetof(frentry_t, fr_ip))
278 #define FR_BLOCK 0x00001 /* do not allow packet to pass */
279 #define FR_PASS 0x00002 /* allow packet to pass */
280 #define FR_OUTQUE 0x00004 /* outgoing packets */
281 #define FR_INQUE 0x00008 /* ingoing packets */
282 #define FR_LOG 0x00010 /* Log */
283 #define FR_LOGB 0x00011 /* Log-fail */
284 #define FR_LOGP 0x00012 /* Log-pass */
285 #define FR_NOTSRCIP 0x00020 /* not the src IP# */
286 #define FR_NOTDSTIP 0x00040 /* not the dst IP# */
287 #define FR_RETRST 0x00080 /* Return TCP RST packet - reset connection */
288 #define FR_RETICMP 0x00100 /* Return ICMP unreachable packet */
289 #define FR_FAKEICMP 0x00180 /* Return ICMP unreachable with fake source */
290 #define FR_NOMATCH 0x00200 /* no match occured */
291 #define FR_ACCOUNT 0x00400 /* count packet bytes */
292 #define FR_KEEPFRAG 0x00800 /* keep fragment information */
293 #define FR_KEEPSTATE 0x01000 /* keep `connection' state information */
294 #define FR_INACTIVE 0x02000
295 #define FR_QUICK 0x04000 /* match & stop processing list */
296 #define FR_FASTROUTE 0x08000 /* bypass normal routing */
297 #define FR_CALLNOW 0x10000 /* call another function (fr_func) if matches */
298 #define FR_DUP 0x20000 /* duplicate packet */
299 #define FR_LOGORBLOCK 0x40000 /* block the packet if it can't be logged */
300 #define FR_LOGBODY 0x80000 /* Log the body */
301 #define FR_LOGFIRST 0x100000 /* Log the first byte if state held */
302 #define FR_AUTH 0x200000 /* use authentication */
303 #define FR_PREAUTH 0x400000 /* require preauthentication */
304 #define FR_DONTCACHE 0x800000 /* don't cache the result */
306 #define FR_LOGMASK (FR_LOG|FR_LOGP|FR_LOGB)
307 #define FR_RETMASK (FR_RETICMP|FR_RETRST|FR_FAKEICMP)
310 * These correspond to #define's for FI_* and are stored in fr_flags
312 #define FF_OPTIONS 0x01000000
313 #define FF_TCPUDP 0x02000000
314 #define FF_FRAG 0x04000000
315 #define FF_SHORT 0x08000000
317 * recognized flags for SIOCGETFF and SIOCSETFF, and get put in fr_flags
319 #define FF_LOGPASS 0x10000000
320 #define FF_LOGBLOCK 0x20000000
321 #define FF_LOGNOMATCH 0x40000000
322 #define FF_LOGGING (FF_LOGPASS|FF_LOGBLOCK|FF_LOGNOMATCH)
323 #define FF_BLOCKNONIP 0x80000000 /* Solaris2 Only */
329 #define FR_GREATERT 4
331 #define FR_GREATERTE 6
332 #define FR_OUTRANGE 7
335 typedef struct filterstats {
336 u_long fr_pass; /* packets allowed */
337 u_long fr_block; /* packets denied */
338 u_long fr_nom; /* packets which don't match any rule */
339 u_long fr_short; /* packets which are short */
340 u_long fr_ppkl; /* packets allowed and logged */
341 u_long fr_bpkl; /* packets denied and logged */
342 u_long fr_npkl; /* packets unmatched and logged */
343 u_long fr_pkl; /* packets logged */
344 u_long fr_skip; /* packets to be logged but buffer full */
345 u_long fr_ret; /* packets for which a return is sent */
346 u_long fr_acct; /* packets for which counting was performed */
347 u_long fr_bnfr; /* bad attempts to allocate fragment state */
348 u_long fr_nfr; /* new fragment state kept */
349 u_long fr_cfr; /* add new fragment state but complete pkt */
350 u_long fr_bads; /* bad attempts to allocate packet state */
351 u_long fr_ads; /* new packet state kept */
352 u_long fr_chit; /* cached hit */
353 u_long fr_tcpbad; /* TCP checksum check failures */
354 u_long fr_pull[2]; /* good and bad pullup attempts */
355 u_long fr_badsrc; /* source received doesn't match route */
356 u_long fr_badttl; /* TTL in packet doesn't reach minimum */
358 u_long fr_notdata; /* PROTO/PCPROTO that have no data */
359 u_long fr_nodata; /* mblks that have no data */
360 u_long fr_bad; /* bad IP packets to the filter */
361 u_long fr_notip; /* packets passed through no on ip queue */
362 u_long fr_drop; /* packets dropped - no info for them! */
363 u_long fr_copy; /* messages copied due to db_ref > 1 */
365 u_long fr_ipv6[2]; /* IPv6 packets in/out */
371 typedef struct friostat {
372 struct filterstats f_st[2];
373 struct frentry *f_fin[2];
374 struct frentry *f_fout[2];
375 struct frentry *f_acctin[2];
376 struct frentry *f_acctout[2];
377 struct frentry *f_fin6[2];
378 struct frentry *f_fout6[2];
379 struct frentry *f_acctin6[2];
380 struct frentry *f_acctout6[2];
381 struct frentry *f_auth;
382 struct frgroup *f_groups[3][2];
384 int f_defpass; /* default pass - from fr_pass */
385 char f_active; /* 1 or 0 - active rule set */
386 char f_running; /* 1 if running, else 0 */
387 char f_logging; /* 1 if enabled, else 0 */
388 char f_version[32]; /* version string */
392 typedef struct optlist {
399 * Group list structure.
401 typedef struct frgroup {
403 struct frgroup *fg_next;
404 struct frentry *fg_head;
405 struct frentry **fg_start;
410 * Log structure. Each packet header logged is prepended by one of these.
411 * Following this in the log records read from the device will be an ipflog
412 * structure which is then followed by any packet data.
414 typedef struct iplog {
417 struct timeval ipl_tv;
419 struct iplog *ipl_next;
422 #define ipl_sec ipl_tv.tv_sec
423 #define ipl_usec ipl_tv.tv_usec
425 #define IPL_MAGIC 0x49504c4d /* 'IPLM' */
426 #define IPLOG_SIZE sizeof(iplog_t)
428 typedef struct ipflog {
429 #if (defined(NetBSD) && (NetBSD <= 1991011) && (NetBSD >= 199603)) || \
430 (defined(OpenBSD) && (OpenBSD >= 199603)) || defined(__DragonFly__)
431 char fl_ifname[LIFNAMSIZ];
434 char fl_ifname[LIFNAMSIZ];
436 u_char fl_plen; /* extra data after hlen */
437 u_char fl_hlen; /* length of IP headers saved */
438 u_short fl_loglevel; /* syslog log level */
447 #ifndef ICMP_UNREACH_FILTER
448 # define ICMP_UNREACH_FILTER 13
452 # define IPF_LOGGING 0
454 #ifndef IPF_DEFAULT_PASS
455 # define IPF_DEFAULT_PASS FR_PASS
458 #define IPMINLEN(i, h) ((i)->ip_len >= ((i)->ip_hl * 4 + sizeof(struct h)))
459 #define IPLLOGSIZE 8192
461 #define IPF_OPTCOPY 0x07ff00 /* bit mask of copied options */
464 * Device filenames for reading log information. Use ipf on Solaris2 because
465 * ipl is already a name used by something else.
469 # define IPL_NAME "/dev/ipf"
471 # define IPL_NAME "/dev/ipl"
474 #define IPL_NAT IPNAT_NAME
475 #define IPL_STATE IPSTATE_NAME
476 #define IPL_AUTH IPAUTH_NAME
478 #define IPL_LOGIPF 0 /* Minor device #'s for accessing logs */
480 #define IPL_LOGSTATE 2
481 #define IPL_LOGAUTH 3
484 #if !defined(CDEV_MAJOR) && (defined(__DragonFly__) || \
485 (defined (__FreeBSD_version) && __FreeBSD_version >= 220000))
486 # define CDEV_MAJOR 79
490 * Post NetBSD 1.2 has the PFIL interface for packet filters. This turns
491 * on those hooks. We don't need any special mods in non-IP Filter code
494 #if (defined(NetBSD) && (NetBSD > 199609) && (NetBSD <= 1991011)) || \
495 (defined(NetBSD1_2) && NetBSD1_2 > 1) || (__DragonFly_version >= 100000)
496 # if (NetBSD >= 199905) || (__DragonFly_version >= 100000)
507 extern char *get_ifname (struct ifnet *);
508 extern int fr_check (ip_t *, int, void *, int, mb_t **);
509 extern int (*fr_checkp) (ip_t *, int, void *, int, mb_t **);
510 extern int send_reset (ip_t *, fr_info_t *);
511 extern int send_icmp_err (ip_t *, int, fr_info_t *, int);
512 extern int ipf_log (void);
513 extern struct ifnet *get_unit (char *, int);
514 extern int mbuflen (mb_t *);
515 # if defined(__DragonFly__) || defined(__NetBSD__) || defined(__OpenBSD__) || \
516 (_BSDI_VERSION >= 199701) || (__FreeBSD_version >= 300000)
517 extern int iplioctl (dev_t, u_long, caddr_t, int);
519 extern int iplioctl (dev_t, int, caddr_t, int);
521 extern int iplopen (dev_t, int);
522 extern int iplclose (dev_t, int);
523 #else /* #ifndef _KERNEL */
524 # if defined(__NetBSD__) && defined(PFIL_HOOKS)
525 extern void ipfilterattach (int);
527 extern int iplattach (void);
528 extern int ipl_enable (void);
529 extern int ipl_disable (void);
530 extern int send_icmp_err (ip_t *, int, fr_info_t *, int);
531 extern int send_reset (ip_t *, fr_info_t *);
533 extern int fr_check (ip_t *, int, void *, int, qif_t *, mb_t **);
534 extern int (*fr_checkp) (ip_t *, int, void *,
535 int, qif_t *, mb_t **);
537 extern int iplioctl (dev_t, int, intptr_t, int, cred_t *, int *);
539 extern int iplioctl (dev_t, int, int *, int, cred_t *, int *);
541 extern int iplopen (dev_t *, int, int, cred_t *);
542 extern int iplclose (dev_t, int, int, cred_t *);
543 extern int ipfsync (void);
544 extern int ipfr_fastroute (ip_t *, mblk_t *, mblk_t **,
545 fr_info_t *, frdest_t *);
546 extern void copyin_mblk (mblk_t *, size_t, size_t, char *);
547 extern void copyout_mblk (mblk_t *, size_t, size_t, char *);
548 extern int fr_qin (queue_t *, mblk_t *);
549 extern int fr_qout (queue_t *, mblk_t *);
550 extern int iplread (dev_t, struct uio *, cred_t *);
552 extern int fr_check (ip_t *, int, void *, int, mb_t **);
553 extern int (*fr_checkp) (ip_t *, int, void *, int, mb_t **);
554 extern int ipfr_fastroute (mb_t *, mb_t **, fr_info_t *, frdest_t *);
555 extern size_t mbufchainlen (mb_t *);
557 # include <sys/cred.h>
558 extern int iplioctl (dev_t, int, caddr_t, int, cred_t *, int *);
559 extern int iplopen (dev_t *, int, int, cred_t *);
560 extern int iplclose (dev_t, int, int, cred_t *);
561 extern int iplread (dev_t, struct uio *, cred_t *);
562 extern int ipfsync (void);
563 extern int ipfilter_sgi_attach (void);
564 extern void ipfilter_sgi_detach (void);
565 extern void ipfilter_sgi_intfsync (void);
568 extern int iplidentify (char *);
570 #if defined(__DragonFly__) || defined(__FreeBSD__)
571 extern d_ioctl_t iplioctl;
572 extern d_open_t iplopen;
573 extern d_close_t iplclose;
575 # if defined(__DragonFly__) || (_BSDI_VERSION >= 199510) || (__FreeBSD_version >= 220000) || \
576 (NetBSD >= 199511) || defined(__OpenBSD__)
577 # if defined(__NetBSD__) || (_BSDI_VERSION >= 199701) || \
578 defined(__OpenBSD__) || defined(__DragonFly__) || (__FreeBSD_version >= 300000)
579 extern int iplioctl (dev_t, u_long, caddr_t, int, struct proc *);
581 extern int iplioctl (dev_t, int, caddr_t, int, struct proc *);
583 extern int iplopen (dev_t, int, int, struct proc *);
584 extern int iplclose (dev_t, int, int, struct proc *);
587 extern int iplopen (dev_t, int);
588 extern int iplclose (dev_t, int);
589 extern int iplioctl (dev_t, int, caddr_t, int);
591 extern int iplioctl(struct inode *, struct file *, u_int, u_long);
592 extern int iplopen (struct inode *, struct file *);
593 extern void iplclose (struct inode *, struct file *);
595 # endif /* (_BSDI_VERSION >= 199510) */
598 extern d_read_t iplread;
601 extern int iplread (dev_t, struct uio *);
603 extern int iplread(struct inode *, struct file *, char *, int);
605 # endif /* BSD >= 199306 */
607 # endif /* SOLARIS */
608 #endif /* #ifndef _KERNEL */
610 extern char *memstr (char *, char *, int, int);
611 extern void fixskip (frentry_t **, frentry_t *, int);
612 extern int countbits (u_32_t);
613 extern int ipldetach (void);
614 extern u_short ipf_cksum (u_short *, int);
615 extern int ircopyptr (void *, void *, size_t);
616 extern int iwcopyptr (void *, void *, size_t);
618 extern void ipflog_init (void);
619 extern int ipflog_clear (minor_t);
620 extern int ipflog (u_int, ip_t *, fr_info_t *, mb_t *);
621 extern int ipllog (int, fr_info_t *, void **, size_t *, int *, int);
622 extern int ipflog_read (minor_t, struct uio *);
624 extern int frflush (minor_t, int, int);
625 extern void frsync (void);
626 extern frgroup_t *fr_addgroup (u_32_t, frentry_t *, minor_t, int);
627 extern void fr_delgroup (u_32_t, u_32_t, minor_t, int);
628 extern frgroup_t *fr_findgroup (u_32_t, u_32_t, minor_t, int,
631 extern int fr_copytolog (int, char *, int);
632 extern void fr_forgetifp (void *);
633 extern void fr_getstat (struct friostat *);
634 extern int fr_ifpaddr (int, void *, struct in_addr *);
635 extern int fr_lock (caddr_t, int *);
636 extern int fr_makefrip (int, ip_t *, fr_info_t *);
637 extern u_short fr_tcpsum (mb_t *, ip_t *, tcphdr_t *);
638 extern int fr_scanlist (u_32_t, ip_t *, fr_info_t *, void *);
639 extern int fr_tcpudpchk (frtuc_t *, fr_info_t *);
640 extern int fr_verifysrc (struct in_addr, void *);
642 extern int ipl_unreach;
643 extern int fr_running;
644 extern u_long ipl_frouteok[2];
647 extern int fr_active;
648 extern int fr_chksrc;
649 extern int fr_minttl;
650 extern int fr_minttllog;
651 extern fr_info_t frcache[2];
652 extern char ipfilter_version[];
653 extern iplog_t **iplh[IPL_LOGMAX+1], *iplt[IPL_LOGMAX+1];
654 extern size_t iplused[IPL_LOGMAX + 1];
655 extern struct frentry *ipfilter[2][2], *ipacct[2][2];
657 extern struct frentry *ipfilter6[2][2], *ipacct6[2][2];
658 extern int icmptoicmp6types[ICMP_MAXTYPE+1];
659 extern int icmptoicmp6unreach[ICMP_MAX_UNREACH];
661 extern struct frgroup *ipfgroups[3][2];
662 extern struct filterstats frstats[];
664 #endif /* __IP_FIL_H__ */
polachok's projects / dragonfly.git / blob