OpenCores
URL https://opencores.org/ocsvn/or1k/or1k/trunk

Subversion Repositories or1k

[/] [or1k/] [trunk/] [ecos-2.0/] [packages/] [net/] [tcpip/] [v2_0/] [include/] [netinet/] [ip_fil.h] - Blame information for rev 1765

Details | Compare with Previous | View Log

Line No. Rev Author Line
1 1254 phoenix
//==========================================================================
2
//
3
//      include/netinet/ip_fil.h
4
//
5
//      
6
//
7
//==========================================================================
8
//####BSDCOPYRIGHTBEGIN####
9
//
10
// -------------------------------------------
11
//
12
// Portions of this software may have been derived from OpenBSD or other sources,
13
// and are covered by the appropriate copyright disclaimers included herein.
14
//
15
// -------------------------------------------
16
//
17
//####BSDCOPYRIGHTEND####
18
//==========================================================================
19
//#####DESCRIPTIONBEGIN####
20
//
21
// Author(s):    gthomas
22
// Contributors: gthomas
23
// Date:         2000-01-10
24
// Purpose:      
25
// Description:  
26
//              
27
//
28
//####DESCRIPTIONEND####
29
//
30
//==========================================================================
31
 
32
 
33
/* $OpenBSD: ip_fil.h,v 1.13 1999/12/15 05:20:21 kjell Exp $ */
34
/*
35
 * Copyright (C) 1993-1998 by Darren Reed.
36
 *
37
 * Redistribution and use in source and binary forms are permitted
38
 * provided that this notice is preserved and due credit is given
39
 * to the original author and the contributors.
40
 *
41
 * @(#)ip_fil.h 1.35 6/5/96
42
 */
43
 
44
#ifndef _NETINET_IP_FIL_H__
45
#define _NETINET_IP_FIL_H__
46
 
47
/*
48
 * Pathnames for various IP Filter control devices.  Used by LKM
49
 * and userland, so defined here.
50
 */
51
#define IPNAT_NAME      "/dev/ipnat"
52
#define IPSTATE_NAME    "/dev/ipstate"
53
#define IPAUTH_NAME     "/dev/ipauth"
54
 
55
#ifndef SOLARIS
56
# define SOLARIS (defined(sun) && (defined(__svr4__) || defined(__SVR4)))
57
#endif
58
 
59
#if defined(KERNEL) && !defined(_KERNEL)
60
# define        _KERNEL
61
#endif
62
 
63
#ifndef __P
64
# ifdef __STDC__
65
#  define       __P(x)  x
66
# else
67
#  define       __P(x)  ()
68
# endif
69
#endif
70
 
71
#if defined(__STDC__) || defined(__GNUC__)
72
# define        SIOCADAFR       _IOW('r', 60, struct frentry)
73
# define        SIOCRMAFR       _IOW('r', 61, struct frentry)
74
# define        SIOCSETFF       _IOW('r', 62, u_int)
75
# define        SIOCGETFF       _IOR('r', 63, u_int)
76
# define        SIOCGETFS       _IOR('r', 64, struct friostat)
77
# define        SIOCIPFFL       _IOWR('r', 65, int)
78
# define        SIOCIPFFB       _IOR('r', 66, int)
79
# define        SIOCADIFR       _IOW('r', 67, struct frentry)
80
# define        SIOCRMIFR       _IOW('r', 68, struct frentry)
81
# define        SIOCSWAPA       _IOR('r', 69, u_int)
82
# define        SIOCINAFR       _IOW('r', 70, struct frentry)
83
# define        SIOCINIFR       _IOW('r', 71, struct frentry)
84
# define        SIOCFRENB       _IOW('r', 72, u_int)
85
# define        SIOCFRSYN       _IOW('r', 73, u_int)
86
# define        SIOCFRZST       _IOWR('r', 74, struct friostat)
87
# define        SIOCZRLST       _IOWR('r', 75, struct frentry)
88
# define        SIOCAUTHW       _IOWR('r', 76, struct fr_info)
89
# define        SIOCAUTHR       _IOWR('r', 77, struct fr_info)
90
# define        SIOCATHST       _IOWR('r', 78, struct fr_authstat)
91
#else
92
# define        SIOCADAFR       _IOW(r, 60, struct frentry)
93
# define        SIOCRMAFR       _IOW(r, 61, struct frentry)
94
# define        SIOCSETFF       _IOW(r, 62, u_int)
95
# define        SIOCGETFF       _IOR(r, 63, u_int)
96
# define        SIOCGETFS       _IOR(r, 64, struct friostat)
97
# define        SIOCIPFFL       _IOWR(r, 65, int)
98
# define        SIOCIPFFB       _IOR(r, 66, int)
99
# define        SIOCADIFR       _IOW(r, 67, struct frentry)
100
# define        SIOCRMIFR       _IOW(r, 68, struct frentry)
101
# define        SIOCSWAPA       _IOR(r, 69, u_int)
102
# define        SIOCINAFR       _IOW(r, 70, struct frentry)
103
# define        SIOCINIFR       _IOW(r, 71, struct frentry)
104
# define        SIOCFRENB       _IOW(r, 72, u_int)
105
# define        SIOCFRSYN       _IOW(r, 73, u_int)
106
# define        SIOCFRZST       _IOWR(r, 74, struct friostat)
107
# define        SIOCZRLST       _IOWR(r, 75, struct frentry)
108
# define        SIOCAUTHW       _IOWR(r, 76, struct fr_info)
109
# define        SIOCAUTHR       _IOWR(r, 77, struct fr_info)
110
# define        SIOCATHST       _IOWR(r, 78, struct fr_authstat)
111
#endif
112
#define SIOCADDFR       SIOCADAFR
113
#define SIOCDELFR       SIOCRMAFR
114
#define SIOCINSFR       SIOCINAFR
115
 
116
typedef struct  fr_ip   {
117
        u_char  fi_v:4;         /* IP version */
118
        u_char  fi_fl:4;        /* packet flags */
119
        u_char  fi_tos;         /* IP packet TOS */
120
        u_char  fi_ttl;         /* IP packet TTL */
121
        u_char  fi_p;           /* IP packet protocol */
122
        struct  in_addr fi_src; /* source address from packet */
123
        struct  in_addr fi_dst; /* destination address from packet */
124
        u_32_t  fi_optmsk;      /* bitmask composed from IP options */
125
        u_short fi_secmsk;      /* bitmask composed from IP security options */
126
        u_short fi_auth;        /* authentication code from IP sec. options */
127
} fr_ip_t;
128
 
129
#define FI_OPTIONS      (FF_OPTIONS >> 24)
130
#define FI_TCPUDP       (FF_TCPUDP >> 24)       /* TCP/UCP implied comparison*/
131
#define FI_FRAG         (FF_FRAG >> 24)
132
#define FI_SHORT        (FF_SHORT >> 24)
133
#define FI_CMP          (FI_OPTIONS|FI_TCPUDP|FI_SHORT)
134
 
135
/*
136
 * These are both used by the state and NAT code to indicate that one port or
137
 * the other should be treated as a wildcard.
138
 */
139
#define FI_W_SPORT      0x00000100
140
#define FI_W_DPORT      0x00000200
141
#define FI_WILD         (FI_W_SPORT|FI_W_DPORT)
142
 
143
typedef struct  fr_info {
144
        void    *fin_ifp;               /* interface packet is `on' */
145
        struct  fr_ip   fin_fi;         /* IP Packet summary */
146
        u_short fin_data[2];            /* TCP/UDP ports, ICMP code/type */
147
        u_char  fin_out;                /* in or out ? 1 == out, 0 == in */
148
        u_char  fin_rev;                /* state only: 1 = reverse */
149
        u_short fin_hlen;               /* length of IP header in bytes */
150
        u_char  fin_tcpf;               /* TCP header flags (SYN, ACK, etc) */
151
        /* From here on is packet specific */
152
        u_char  fin_icode;              /* ICMP error to return */
153
        u_short fin_rule;               /* rule # last matched */
154
        u_short fin_group;              /* group number, -1 for none */
155
        struct  frentry *fin_fr;        /* last matching rule */
156
        char    *fin_dp;                /* start of data past IP header */
157
        u_short fin_dlen;               /* length of data portion of packet */
158
        u_short fin_id;                 /* IP packet id field */
159
        void    *fin_mp;                /* pointer to pointer to mbuf */
160
#if SOLARIS && defined(_KERNEL)
161
        void    *fin_qfm;               /* pointer to mblk where pkt starts */
162
        void    *fin_qif;
163
#endif
164
} fr_info_t;
165
 
166
/*
167
 * Size for compares on fr_info structures
168
 */
169
#define FI_CSIZE        offsetof(fr_info_t, fin_icode)
170
 
171
/*
172
 * Size for copying cache fr_info structure
173
 */
174
#define FI_COPYSIZE     offsetof(fr_info_t, fin_dp)
175
 
176
typedef struct  frdest  {
177
        void    *fd_ifp;
178
        struct  in_addr fd_ip;
179
        char    fd_ifname[IFNAMSIZ];
180
} frdest_t;
181
 
182
typedef struct  frentry {
183
        struct  frentry *fr_next;
184
        u_short fr_group;       /* group to which this rule belongs */
185
        u_short fr_grhead;      /* group # which this rule starts */
186
        struct  frentry *fr_grp;
187
        int     fr_ref;         /* reference count - for grouping */
188
        void    *fr_ifa;
189
#if BSD >= 199306
190
        void    *fr_oifa;
191
#endif
192
        /*
193
         * These are only incremented when a packet  matches this rule and
194
         * it is the last match
195
         */
196
        U_QUAD_T        fr_hits;
197
        U_QUAD_T        fr_bytes;
198
        /*
199
         * Fields after this may not change whilst in the kernel.
200
         */
201
        struct  fr_ip   fr_ip;
202
        struct  fr_ip   fr_mip; /* mask structure */
203
 
204
        u_char  fr_tcpfm;       /* tcp flags mask */
205
        u_char  fr_tcpf;        /* tcp flags */
206
 
207
        u_short fr_icmpm;       /* data for ICMP packets (mask) */
208
        u_short fr_icmp;
209
 
210
        u_char  fr_scmp;        /* data for port comparisons */
211
        u_char  fr_dcmp;
212
        u_short fr_dport;
213
        u_short fr_sport;
214
        u_short fr_stop;        /* top port for <> and >< */
215
        u_short fr_dtop;        /* top port for <> and >< */
216
        u_32_t  fr_flags;       /* per-rule flags && options (see below) */
217
        u_short fr_skip;        /* # of rules to skip */
218
        u_short fr_loglevel;    /* syslog log facility + priority */
219
        int     (*fr_func) __P((int, ip_t *, fr_info_t *));     /* call this function */
220
        char    fr_icode;       /* return ICMP code */
221
        char    fr_ifname[IFNAMSIZ];
222
#if BSD >= 199306
223
        char    fr_oifname[IFNAMSIZ];
224
#endif
225
        struct  frdest  fr_tif; /* "to" interface */
226
        struct  frdest  fr_dif; /* duplicate packet interfaces */
227
} frentry_t;
228
 
229
#define fr_proto        fr_ip.fi_p
230
#define fr_ttl          fr_ip.fi_ttl
231
#define fr_tos          fr_ip.fi_tos
232
#define fr_dst          fr_ip.fi_dst
233
#define fr_src          fr_ip.fi_src
234
#define fr_dmsk         fr_mip.fi_dst
235
#define fr_smsk         fr_mip.fi_src
236
 
237
#ifndef offsetof
238
#define offsetof(t,m)   (int)((&((t *)0L)->m))
239
#endif
240
#define FR_CMPSIZ       (sizeof(struct frentry) - offsetof(frentry_t, fr_ip))
241
 
242
/*
243
 * fr_flags
244
 */
245
#define FR_BLOCK        0x00001 /* do not allow packet to pass */
246
#define FR_PASS         0x00002 /* allow packet to pass */
247
#define FR_OUTQUE       0x00004 /* outgoing packets */
248
#define FR_INQUE        0x00008 /* ingoing packets */
249
#define FR_LOG          0x00010 /* Log */
250
#define FR_LOGB         0x00011 /* Log-fail */
251
#define FR_LOGP         0x00012 /* Log-pass */
252
#define FR_LOGBODY      0x00020 /* Log the body */
253
#define FR_LOGFIRST     0x00040 /* Log the first byte if state held */
254
#define FR_RETRST       0x00080 /* Return TCP RST packet - reset connection */
255
#define FR_RETICMP      0x00100 /* Return ICMP unreachable packet */
256
#define FR_FAKEICMP     0x00180 /* Return ICMP unreachable with fake source */
257
#define FR_NOMATCH      0x00200 /* no match occured */
258
#define FR_ACCOUNT      0x00400 /* count packet bytes */
259
#define FR_KEEPFRAG     0x00800 /* keep fragment information */
260
#define FR_KEEPSTATE    0x01000 /* keep `connection' state information */
261
#define FR_INACTIVE     0x02000
262
#define FR_QUICK        0x04000 /* match & stop processing list */
263
#define FR_FASTROUTE    0x08000 /* bypass normal routing */
264
#define FR_CALLNOW      0x10000 /* call another function (fr_func) if matches */
265
#define FR_DUP          0x20000 /* duplicate packet */
266
#define FR_LOGORBLOCK   0x40000 /* block the packet if it can't be logged */
267
#define FR_NOTSRCIP     0x80000 /* not the src IP# */
268
#define FR_NOTDSTIP     0x100000        /* not the dst IP# */
269
#define FR_AUTH         0x200000        /* use authentication */
270
#define FR_PREAUTH      0x400000        /* require preauthentication */
271
#define FR_DONTCACHE    0x800000        /* don't cache the result */
272
 
273
#define FR_LOGMASK      (FR_LOG|FR_LOGP|FR_LOGB)
274
#define FR_RETMASK      (FR_RETICMP|FR_RETRST|FR_FAKEICMP)
275
 
276
/*
277
 * These correspond to #define's for FI_* and are stored in fr_flags
278
 */
279
#define FF_OPTIONS      0x01000000
280
#define FF_TCPUDP       0x02000000
281
#define FF_FRAG         0x04000000
282
#define FF_SHORT        0x08000000
283
/*
284
 * recognized flags for SIOCGETFF and SIOCSETFF, and get put in fr_flags
285
 */
286
#define FF_LOGPASS      0x10000000
287
#define FF_LOGBLOCK     0x20000000
288
#define FF_LOGNOMATCH   0x40000000
289
#define FF_LOGGING      (FF_LOGPASS|FF_LOGBLOCK|FF_LOGNOMATCH)
290
#define FF_BLOCKNONIP   0x80000000      /* Solaris2 Only */
291
 
292
#define FR_NONE 0
293
#define FR_EQUAL 1
294
#define FR_NEQUAL 2
295
#define FR_LESST 3
296
#define FR_GREATERT 4
297
#define FR_LESSTE 5
298
#define FR_GREATERTE 6
299
#define FR_OUTRANGE 7
300
#define FR_INRANGE 8
301
 
302
typedef struct  filterstats {
303
        u_long  fr_pass;        /* packets allowed */
304
        u_long  fr_block;       /* packets denied */
305
        u_long  fr_nom;         /* packets which don't match any rule */
306
        u_long  fr_ppkl;        /* packets allowed and logged */
307
        u_long  fr_bpkl;        /* packets denied and logged */
308
        u_long  fr_npkl;        /* packets unmatched and logged */
309
        u_long  fr_pkl;         /* packets logged */
310
        u_long  fr_skip;        /* packets to be logged but buffer full */
311
        u_long  fr_ret;         /* packets for which a return is sent */
312
        u_long  fr_acct;        /* packets for which counting was performed */
313
        u_long  fr_bnfr;        /* bad attempts to allocate fragment state */
314
        u_long  fr_nfr;         /* new fragment state kept */
315
        u_long  fr_cfr;         /* add new fragment state but complete pkt */
316
        u_long  fr_bads;        /* bad attempts to allocate packet state */
317
        u_long  fr_ads;         /* new packet state kept */
318
        u_long  fr_chit;        /* cached hit */
319
        u_long  fr_tcpbad;      /* TCP checksum check failures */
320
        u_long  fr_pull[2];     /* good and bad pullup attempts */
321
#if SOLARIS
322
        u_long  fr_notdata;     /* PROTO/PCPROTO that have no data */
323
        u_long  fr_nodata;      /* mblks that have no data */
324
        u_long  fr_bad;         /* bad IP packets to the filter */
325
        u_long  fr_notip;       /* packets passed through no on ip queue */
326
        u_long  fr_drop;        /* packets dropped - no info for them! */
327
#endif
328
} filterstats_t;
329
 
330
/*
331
 * For SIOCGETFS
332
 */
333
typedef struct  friostat        {
334
        struct  filterstats     f_st[2];
335
        struct  frentry         *f_fin[2];
336
        struct  frentry         *f_fout[2];
337
        struct  frentry         *f_acctin[2];
338
        struct  frentry         *f_acctout[2];
339
        struct  frentry         *f_auth;
340
        struct  frgroup         *f_groups[3][2];
341
        u_long  f_froute[2];
342
        int     f_active;       /* 1 or 0 - active rule set */
343
        int     f_defpass;      /* default pass - from fr_pass */
344
        int     f_running;      /* 1 if running, else 0 */
345
        int     f_logging;      /* 1 if enabled, else 0 */
346
        char    f_version[32];  /* version string */
347
} friostat_t;
348
 
349
typedef struct  optlist {
350
        u_short ol_val;
351
        int     ol_bit;
352
} optlist_t;
353
 
354
 
355
/*
356
 * Group list structure.
357
 */
358
typedef struct frgroup {
359
        u_short fg_num;
360
        struct  frgroup *fg_next;
361
        struct  frentry *fg_head;
362
        struct  frentry **fg_start;
363
} frgroup_t;
364
 
365
 
366
/*
367
 * Log structure.  Each packet header logged is prepended by one of these.
368
 * Following this in the log records read from the device will be an ipflog
369
 * structure which is then followed by any packet data.
370
 */
371
typedef struct  iplog   {
372
        u_32_t  ipl_magic;
373
        u_int   ipl_count;
374
        u_long  ipl_sec;
375
        u_long  ipl_usec;
376
        size_t  ipl_dsize;
377
        struct  iplog   *ipl_next;
378
} iplog_t;
379
 
380
#define IPL_MAGIC 0x49504c4d /* 'IPLM' */
381
 
382
typedef struct  ipflog  {
383
#if (defined(NetBSD) && (NetBSD <= 1991011) && (NetBSD >= 199603)) || \
384
        (defined(OpenBSD) && (OpenBSD >= 199603))
385
        u_char  fl_ifname[IFNAMSIZ];
386
#else
387
        u_int   fl_unit;
388
        u_char  fl_ifname[4];
389
#endif
390
        u_char  fl_plen;        /* extra data after hlen */
391
        u_char  fl_hlen;        /* length of IP headers saved */
392
        u_short fl_rule;        /* assume never more than 64k rules, total */
393
        u_short fl_group;
394
        u_short fl_loglevel;    /* syslog log level */
395
        u_32_t  fl_flags;
396
        u_32_t  fl_lflags;
397
} ipflog_t;
398
 
399
 
400
#if !defined(__OpenBSD__)
401
# ifndef        ICMP_UNREACH_FILTER
402
#  define       ICMP_UNREACH_FILTER     13
403
# endif
404
#endif
405
 
406
#ifndef IPF_LOGGING
407
# define        IPF_LOGGING     0
408
#endif
409
#ifndef IPF_DEFAULT_PASS
410
# define        IPF_DEFAULT_PASS        FR_PASS
411
#endif
412
 
413
#define IPMINLEN(i, h)  ((i)->ip_len >= ((i)->ip_hl * 4 + sizeof(struct h)))
414
#define IPLLOGSIZE      8192
415
 
416
/*
417
 * Device filenames for reading log information.  Use ipf on Solaris2 because
418
 * ipl is already a name used by something else.
419
 */
420
#ifndef IPL_NAME
421
# if    SOLARIS
422
#  define       IPL_NAME        "/dev/ipf"
423
# else
424
#  define       IPL_NAME        "/dev/ipl"
425
# endif
426
#endif
427
#define IPL_NAT         IPNAT_NAME
428
#define IPL_STATE       IPSTATE_NAME
429
#define IPL_AUTH        IPAUTH_NAME
430
 
431
#define IPL_LOGIPF      0        /* Minor device #'s for accessing logs */
432
#define IPL_LOGNAT      1
433
#define IPL_LOGSTATE    2
434
#define IPL_LOGAUTH     3
435
#define IPL_LOGMAX      3
436
 
437
#if !defined(CDEV_MAJOR) && defined (__FreeBSD_version) && \
438
    (__FreeBSD_version >= 220000)
439
# define        CDEV_MAJOR      79
440
#endif
441
 
442
/*
443
 * Post NetBSD 1.2 has the PFIL interface for packet filters.  This turns
444
 * on those hooks.  We don't need any special mods in non-IP Filter code
445
 * with this!
446
 */
447
#if (defined(NetBSD) && (NetBSD > 199609) && (NetBSD <= 1991011)) || \
448
    (defined(NetBSD1_2) && NetBSD1_2 > 1)
449
# if (NetBSD >= 199905)
450
#  define PFIL_HOOKS
451
# endif
452
# ifdef PFIL_HOOKS
453
#  define NETBSD_PF
454
# endif
455
#endif
456
 
457
 
458
#ifndef _KERNEL
459
extern  int     fr_check __P((ip_t *, int, void *, int, mb_t **));
460
extern  int     (*fr_checkp) __P((ip_t *, int, void *, int, mb_t **));
461
extern  int     send_reset __P((ip_t *, struct ifnet *));
462
extern  int     icmp_error __P((ip_t *, struct ifnet *));
463
extern  int     ipf_log __P((void));
464
extern  int     ipfr_fastroute __P((ip_t *, fr_info_t *, frdest_t *));
465
extern  struct  ifnet *get_unit __P((char *));
466
# if defined(__NetBSD__) || defined(__OpenBSD__) || \
467
          (_BSDI_VERSION >= 199701) || (__FreeBSD_version >= 300000)
468
extern  int     iplioctl __P((dev_t, u_long, caddr_t, int));
469
# else
470
extern  int     iplioctl __P((dev_t, int, caddr_t, int));
471
# endif
472
extern  int     iplopen __P((dev_t, int));
473
extern  int     iplclose __P((dev_t, int));
474
#else /* #ifndef _KERNEL */
475
# if defined(__NetBSD__) && defined(PFIL_HOOKS)
476
extern  void    ipfilterattach __P((int));
477
# endif
478
 
479
#if !defined(__OpenBSD__)
480
/*
481
 * OpenBSD has this call in the kernel but doesn't export it to userland.
482
 * See ip_fil.c for actual hook and more details.
483
 */
484
extern  int     iplattach __P((void));
485
#endif
486
 
487
extern  int     ipl_enable __P((void));
488
extern  int     ipl_disable __P((void));
489
extern  void    ipflog_init __P((void));
490
extern  int     ipflog_clear __P((minor_t));
491
extern  int     ipflog_read __P((minor_t, struct uio *));
492
extern  int     ipflog __P((u_int, ip_t *, fr_info_t *, mb_t *));
493
extern  int     ipllog __P((int, fr_info_t *, void **, size_t *, int *, int));
494
# if    SOLARIS
495
extern  int     fr_check __P((ip_t *, int, void *, int, qif_t *, mb_t **));
496
extern  int     (*fr_checkp) __P((ip_t *, int, void *,
497
                                  int, qif_t *, mb_t **));
498
extern  int     icmp_error __P((ip_t *, int, int, qif_t *, struct in_addr));
499
#  if SOLARIS2 >= 7
500
extern  int     iplioctl __P((dev_t, int, intptr_t, int, cred_t *, int *));
501
#  else
502
extern  int     iplioctl __P((dev_t, int, int *, int, cred_t *, int *));
503
#  endif
504
extern  int     iplopen __P((dev_t *, int, int, cred_t *));
505
extern  int     iplclose __P((dev_t, int, int, cred_t *));
506
extern  int     ipfsync __P((void));
507
extern  int     send_reset __P((fr_info_t *, ip_t *, qif_t *));
508
extern  int     ipfr_fastroute __P((qif_t *, ip_t *, mblk_t *, mblk_t **,
509
                                   fr_info_t *, frdest_t *));
510
extern  void    copyin_mblk __P((mblk_t *, size_t, size_t, char *));
511
extern  void    copyout_mblk __P((mblk_t *, size_t, size_t, char *));
512
extern  int     fr_qin __P((queue_t *, mblk_t *));
513
extern  int     fr_qout __P((queue_t *, mblk_t *));
514
#  ifdef        IPFILTER_LOG
515
extern  int     iplread __P((dev_t, struct uio *, cred_t *));
516
#  endif
517
# else /* SOLARIS */
518
extern  int     fr_check __P((ip_t *, int, void *, int, mb_t **));
519
extern  int     (*fr_checkp) __P((ip_t *, int, void *, int, mb_t **));
520
#  ifdef        linux
521
extern  int     send_reset __P((tcpiphdr_t *, struct ifnet *));
522
#  else
523
extern  int     send_reset __P((fr_info_t *, struct ip *));
524
extern  int     send_icmp_err __P((ip_t *, int, int, void *, struct in_addr));
525
#  endif
526
extern  int     ipfr_fastroute __P((mb_t *, fr_info_t *, frdest_t *));
527
extern  size_t  mbufchainlen __P((mb_t *));
528
#  ifdef        __sgi
529
#   include <sys/cred.h>
530
extern  int     iplioctl __P((dev_t, int, caddr_t, int, cred_t *, int *));
531
extern  int     iplopen __P((dev_t *, int, int, cred_t *));
532
extern  int     iplclose __P((dev_t, int, int, cred_t *));
533
extern  int     iplread __P((dev_t, struct uio *, cred_t *));
534
extern  int     ipfsync __P((void));
535
extern  int     ipfilter_sgi_attach __P((void));
536
extern  void    ipfilter_sgi_detach __P((void));
537
extern  void    ipfilter_sgi_intfsync __P((void));
538
#  else
539
#   ifdef       IPFILTER_LKM
540
extern  int     iplidentify __P((char *));
541
#   endif
542
#   if (_BSDI_VERSION >= 199510) || (__FreeBSD_version >= 220000) || \
543
      (NetBSD >= 199511) || defined(__OpenBSD__)
544
#    if defined(__NetBSD__) || (_BSDI_VERSION >= 199701) || \
545
       defined(__OpenBSD__) || (__FreeBSD_version >= 300000)
546
extern  int     iplioctl __P((dev_t, u_long, caddr_t, int, struct proc *));
547
#    else
548
extern  int     iplioctl __P((dev_t, int, caddr_t, int, struct proc *));
549
#    endif
550
extern  int     iplopen __P((dev_t, int, int, struct proc *));
551
extern  int     iplclose __P((dev_t, int, int, struct proc *));
552
#   else
553
#    ifndef     linux
554
extern  int     iplopen __P((dev_t, int));
555
extern  int     iplclose __P((dev_t, int));
556
extern  int     iplioctl __P((dev_t, int, caddr_t, int));
557
#    else
558
extern  int     iplioctl(struct inode *, struct file *, u_int, u_long);
559
extern  int     iplopen __P((struct inode *, struct file *));
560
extern  void    iplclose __P((struct inode *, struct file *));
561
#    endif /* !linux */
562
#   endif /* (_BSDI_VERSION >= 199510) */
563
#   if  BSD >= 199306
564
extern  int     iplread __P((dev_t, struct uio *, int));
565
#   else
566
#    ifndef linux
567
extern  int     iplread __P((dev_t, struct uio *));
568
#    else
569
extern  int     iplread(struct inode *, struct file *, char *, int);
570
#    endif /* !linux */
571
#   endif /* BSD >= 199306 */
572
#  endif /* __ sgi */
573
# endif /* SOLARIS */
574
#endif /* #ifndef _KERNEL */
575
 
576
extern  void    fixskip __P((frentry_t **, frentry_t *, int));
577
extern  int     countbits __P((u_32_t));
578
extern  int     ipldetach __P((void));
579
extern  u_short fr_tcpsum __P((mb_t *, ip_t *, tcphdr_t *));
580
extern  int     fr_scanlist __P((u_32_t, ip_t *, fr_info_t *, void *));
581
extern  u_short ipf_cksum __P((u_short *, int));
582
extern  int     fr_copytolog __P((int, char *, int));
583
extern  void    fr_forgetifp __P((void *));
584
extern  int     frflush __P((minor_t, int));
585
extern  void    frsync __P((void));
586
extern  frgroup_t *fr_addgroup __P((u_int, frentry_t *, minor_t, int));
587
extern  frgroup_t *fr_findgroup __P((u_int, u_32_t, minor_t, int, frgroup_t ***));
588
extern  void    fr_delgroup __P((u_int, u_32_t, minor_t, int));
589
extern  void    fr_makefrip __P((int, ip_t *, fr_info_t *));
590
extern  int     fr_ifpaddr __P((void *, struct in_addr *));
591
extern  char    *memstr __P((char *, char *, int, int));
592
extern  int     ipl_unreach;
593
extern  int     ipl_inited;
594
extern  u_long  ipl_frouteok[2];
595
extern  int     fr_pass;
596
extern  int     fr_flags;
597
extern  int     fr_active;
598
extern  fr_info_t       frcache[2];
599
extern  char    ipfilter_version[];
600
#ifdef  IPFILTER_LOG
601
extern  iplog_t **iplh[IPL_LOGMAX+1], *iplt[IPL_LOGMAX+1];
602
extern  size_t  iplused[IPL_LOGMAX + 1];
603
#endif
604
extern  struct frentry *ipfilter[2][2], *ipacct[2][2];
605
extern  struct frgroup *ipfgroups[3][2];
606
extern  struct filterstats frstats[];
607
 
608
#endif  /* _NETINET_IP_FIL_H__ */

powered by: WebSVN 2.1.0

© copyright 1999-2024 OpenCores.org, equivalent to Oliscience, all rights reserved. OpenCores®, registered trademark.