| pfvar.h (c4a32455d9cb7f680964243341cfd0f2448eee64) | pfvar.h (4bf98559d9d6fa7c3571d26ed6f2b18823e3a30b) |
|---|---|
| 1/*- 2 * SPDX-License-Identifier: BSD-2-Clause 3 * 4 * Copyright (c) 2001 Daniel Hartmeier 5 * All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions --- 627 unchanged lines hidden (view full) --- 636 uint16_t pqid; 637 uint16_t max_mss; 638 uint8_t log; 639 uint8_t set_tos; 640 uint8_t min_ttl; 641 uint16_t dnpipe; 642 uint16_t dnrpipe; /* Reverse direction pipe */ 643 uint32_t flags; | 1/*- 2 * SPDX-License-Identifier: BSD-2-Clause 3 * 4 * Copyright (c) 2001 Daniel Hartmeier 5 * All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions --- 627 unchanged lines hidden (view full) --- 636 uint16_t pqid; 637 uint16_t max_mss; 638 uint8_t log; 639 uint8_t set_tos; 640 uint8_t min_ttl; 641 uint16_t dnpipe; 642 uint16_t dnrpipe; /* Reverse direction pipe */ 643 uint32_t flags; |
| 644 uint8_t set_prio[2]; |
|
| 644}; 645 646union pf_keth_rule_ptr { 647 struct pf_keth_rule *ptr; 648 uint32_t nr; 649}; 650 651struct pf_keth_rule_addr { --- 400 unchanged lines hidden (view full) --- 1052 u_int16_t dnpipe; 1053 u_int16_t dnrpipe; 1054 u_int16_t tag; 1055 u_int8_t log; 1056 int32_t rtableid; 1057 u_int8_t min_ttl; 1058 u_int8_t set_tos; 1059 u_int16_t max_mss; | 645}; 646 647union pf_keth_rule_ptr { 648 struct pf_keth_rule *ptr; 649 uint32_t nr; 650}; 651 652struct pf_keth_rule_addr { --- 400 unchanged lines hidden (view full) --- 1053 u_int16_t dnpipe; 1054 u_int16_t dnrpipe; 1055 u_int16_t tag; 1056 u_int8_t log; 1057 int32_t rtableid; 1058 u_int8_t min_ttl; 1059 u_int8_t set_tos; 1060 u_int16_t max_mss; |
| 1061 u_int8_t rt; 1062 u_int8_t set_prio[2]; |
|
| 1060}; 1061 1062/* | 1063}; 1064 1065/* |
| 1063 * Size <= fits 12 objects per page on LP64. Try to not grow the struct beyond that. | 1066 * Size <= fits 11 objects per page on LP64. Try to not grow the struct beyond that. |
| 1064 */ | 1067 */ |
| 1065_Static_assert(sizeof(struct pf_kstate) <= 336, "pf_kstate size crosses 336 bytes"); | 1068_Static_assert(sizeof(struct pf_kstate) <= 368, "pf_kstate size crosses 368 bytes"); |
| 1066#endif 1067 1068/* 1069 * Unified state structures for pulling states out of the kernel 1070 * used by pfsync(4) and the pf(4) ioctl. 1071 */ 1072struct pfsync_state_scrub { 1073 u_int16_t pfss_flags; --- 15 unchanged lines hidden (view full) --- 1089 u_int8_t pad[6]; 1090} __packed; 1091 1092struct pfsync_state_key { 1093 struct pf_addr addr[2]; 1094 u_int16_t port[2]; 1095}; 1096 | 1069#endif 1070 1071/* 1072 * Unified state structures for pulling states out of the kernel 1073 * used by pfsync(4) and the pf(4) ioctl. 1074 */ 1075struct pfsync_state_scrub { 1076 u_int16_t pfss_flags; --- 15 unchanged lines hidden (view full) --- 1092 u_int8_t pad[6]; 1093} __packed; 1094 1095struct pfsync_state_key { 1096 struct pf_addr addr[2]; 1097 u_int16_t port[2]; 1098}; 1099 |
| 1097struct pfsync_state { | 1100struct pfsync_state_1301 { |
| 1098 u_int64_t id; 1099 char ifname[IFNAMSIZ]; 1100 struct pfsync_state_key key[2]; 1101 struct pfsync_state_peer src; 1102 struct pfsync_state_peer dst; 1103 struct pf_addr rt_addr; 1104 u_int32_t rule; 1105 u_int32_t anchor; 1106 u_int32_t nat_rule; 1107 u_int32_t creation; 1108 u_int32_t expire; 1109 u_int32_t packets[2][2]; 1110 u_int32_t bytes[2][2]; 1111 u_int32_t creatorid; 1112 sa_family_t af; 1113 u_int8_t proto; 1114 u_int8_t direction; | 1101 u_int64_t id; 1102 char ifname[IFNAMSIZ]; 1103 struct pfsync_state_key key[2]; 1104 struct pfsync_state_peer src; 1105 struct pfsync_state_peer dst; 1106 struct pf_addr rt_addr; 1107 u_int32_t rule; 1108 u_int32_t anchor; 1109 u_int32_t nat_rule; 1110 u_int32_t creation; 1111 u_int32_t expire; 1112 u_int32_t packets[2][2]; 1113 u_int32_t bytes[2][2]; 1114 u_int32_t creatorid; 1115 sa_family_t af; 1116 u_int8_t proto; 1117 u_int8_t direction; |
| 1118 u_int8_t __spare[2]; 1119 u_int8_t log; 1120 u_int8_t state_flags; 1121 u_int8_t timeout; 1122 u_int8_t sync_flags; 1123 u_int8_t updates; 1124} __packed; 1125 1126struct pfsync_state_1400 { 1127 /* The beginning of the struct is compatible with previous versions */ 1128 u_int64_t id; 1129 char ifname[IFNAMSIZ]; 1130 struct pfsync_state_key key[2]; 1131 struct pfsync_state_peer src; 1132 struct pfsync_state_peer dst; 1133 struct pf_addr rt_addr; 1134 u_int32_t rule; 1135 u_int32_t anchor; 1136 u_int32_t nat_rule; 1137 u_int32_t creation; 1138 u_int32_t expire; 1139 u_int32_t packets[2][2]; 1140 u_int32_t bytes[2][2]; 1141 u_int32_t creatorid; 1142 sa_family_t af; 1143 u_int8_t proto; 1144 u_int8_t direction; |
|
| 1115 u_int16_t state_flags; 1116 u_int8_t log; | 1145 u_int16_t state_flags; 1146 u_int8_t log; |
| 1117 u_int8_t state_flags_compat; | 1147 u_int8_t __spare; |
| 1118 u_int8_t timeout; 1119 u_int8_t sync_flags; 1120 u_int8_t updates; | 1148 u_int8_t timeout; 1149 u_int8_t sync_flags; 1150 u_int8_t updates; |
| 1151 /* The rest is not */ 1152 u_int16_t qid; 1153 u_int16_t pqid; 1154 u_int16_t dnpipe; 1155 u_int16_t dnrpipe; 1156 int32_t rtableid; 1157 u_int8_t min_ttl; 1158 u_int8_t set_tos; 1159 u_int16_t max_mss; 1160 u_int8_t set_prio[2]; 1161 u_int8_t rt; 1162 char rt_ifname[IFNAMSIZ]; 1163 |
|
| 1121} __packed; 1122 | 1164} __packed; 1165 |
| 1166union pfsync_state_union { 1167 struct pfsync_state_1301 pfs_1301; 1168 struct pfsync_state_1400 pfs_1400; 1169} __packed; 1170 |
|
| 1123#ifdef _KERNEL 1124/* pfsync */ | 1171#ifdef _KERNEL 1172/* pfsync */ |
| 1125typedef int pfsync_state_import_t(struct pfsync_state *, int); | 1173typedef int pfsync_state_import_t(union pfsync_state_union *, int, int); |
| 1126typedef void pfsync_insert_state_t(struct pf_kstate *); 1127typedef void pfsync_update_state_t(struct pf_kstate *); 1128typedef void pfsync_delete_state_t(struct pf_kstate *); 1129typedef void pfsync_clear_states_t(u_int32_t, const char *); 1130typedef int pfsync_defer_t(struct pf_kstate *, struct mbuf *); 1131typedef void pfsync_detach_ifnet_t(struct ifnet *); 1132 1133VNET_DECLARE(pfsync_state_import_t *, pfsync_state_import_ptr); --- 5 unchanged lines hidden (view full) --- 1139VNET_DECLARE(pfsync_delete_state_t *, pfsync_delete_state_ptr); 1140#define V_pfsync_delete_state_ptr VNET(pfsync_delete_state_ptr) 1141VNET_DECLARE(pfsync_clear_states_t *, pfsync_clear_states_ptr); 1142#define V_pfsync_clear_states_ptr VNET(pfsync_clear_states_ptr) 1143VNET_DECLARE(pfsync_defer_t *, pfsync_defer_ptr); 1144#define V_pfsync_defer_ptr VNET(pfsync_defer_ptr) 1145extern pfsync_detach_ifnet_t *pfsync_detach_ifnet_ptr; 1146 | 1174typedef void pfsync_insert_state_t(struct pf_kstate *); 1175typedef void pfsync_update_state_t(struct pf_kstate *); 1176typedef void pfsync_delete_state_t(struct pf_kstate *); 1177typedef void pfsync_clear_states_t(u_int32_t, const char *); 1178typedef int pfsync_defer_t(struct pf_kstate *, struct mbuf *); 1179typedef void pfsync_detach_ifnet_t(struct ifnet *); 1180 1181VNET_DECLARE(pfsync_state_import_t *, pfsync_state_import_ptr); --- 5 unchanged lines hidden (view full) --- 1187VNET_DECLARE(pfsync_delete_state_t *, pfsync_delete_state_ptr); 1188#define V_pfsync_delete_state_ptr VNET(pfsync_delete_state_ptr) 1189VNET_DECLARE(pfsync_clear_states_t *, pfsync_clear_states_ptr); 1190#define V_pfsync_clear_states_ptr VNET(pfsync_clear_states_ptr) 1191VNET_DECLARE(pfsync_defer_t *, pfsync_defer_ptr); 1192#define V_pfsync_defer_ptr VNET(pfsync_defer_ptr) 1193extern pfsync_detach_ifnet_t *pfsync_detach_ifnet_ptr; 1194 |
| 1147void pfsync_state_export(struct pfsync_state *, 1148 struct pf_kstate *); | 1195void pfsync_state_export(union pfsync_state_union *, 1196 struct pf_kstate *, int); |
| 1149void pf_state_export(struct pf_state_export *, 1150 struct pf_kstate *); 1151 1152/* pflog */ 1153struct pf_kruleset; 1154struct pf_pdesc; 1155typedef int pflog_packet_t(struct pfi_kkif *, struct mbuf *, sa_family_t, 1156 u_int8_t, u_int8_t, struct pf_krule *, struct pf_krule *, --- 503 unchanged lines hidden (view full) --- 1660 u_int16_t rsport; 1661 u_int16_t rdport; 1662 sa_family_t af; 1663 u_int8_t proto; 1664 u_int8_t direction; 1665}; 1666 1667struct pfioc_state { | 1197void pf_state_export(struct pf_state_export *, 1198 struct pf_kstate *); 1199 1200/* pflog */ 1201struct pf_kruleset; 1202struct pf_pdesc; 1203typedef int pflog_packet_t(struct pfi_kkif *, struct mbuf *, sa_family_t, 1204 u_int8_t, u_int8_t, struct pf_krule *, struct pf_krule *, --- 503 unchanged lines hidden (view full) --- 1708 u_int16_t rsport; 1709 u_int16_t rdport; 1710 sa_family_t af; 1711 u_int8_t proto; 1712 u_int8_t direction; 1713}; 1714 1715struct pfioc_state { |
| 1668 struct pfsync_state state; | 1716 struct pfsync_state_1301 state; |
| 1669}; 1670 1671struct pfioc_src_node_kill { 1672 sa_family_t psnk_af; 1673 struct pf_rule_addr psnk_src; 1674 struct pf_rule_addr psnk_dst; 1675 u_int psnk_killed; 1676}; --- 22 unchanged lines hidden (view full) --- 1699 char psk_ifname[IFNAMSIZ]; 1700 char psk_label[PF_RULE_LABEL_SIZE]; 1701 u_int psk_killed; 1702}; 1703 1704struct pfioc_states { 1705 int ps_len; 1706 union { | 1717}; 1718 1719struct pfioc_src_node_kill { 1720 sa_family_t psnk_af; 1721 struct pf_rule_addr psnk_src; 1722 struct pf_rule_addr psnk_dst; 1723 u_int psnk_killed; 1724}; --- 22 unchanged lines hidden (view full) --- 1747 char psk_ifname[IFNAMSIZ]; 1748 char psk_label[PF_RULE_LABEL_SIZE]; 1749 u_int psk_killed; 1750}; 1751 1752struct pfioc_states { 1753 int ps_len; 1754 union { |
| 1707 void *ps_buf; 1708 struct pfsync_state *ps_states; | 1755 void *ps_buf; 1756 struct pfsync_state_1301 *ps_states; |
| 1709 }; 1710}; 1711 1712struct pfioc_states_v2 { 1713 int ps_len; 1714 uint64_t ps_req_version; 1715 union { 1716 void *ps_buf; --- 718 unchanged lines hidden --- | 1757 }; 1758}; 1759 1760struct pfioc_states_v2 { 1761 int ps_len; 1762 uint64_t ps_req_version; 1763 union { 1764 void *ps_buf; --- 718 unchanged lines hidden --- |