| ip_fw.h (5af87d0ea1bbc7f938bbadcb1fd819465bb7454b) | ip_fw.h (9b932e9e048ade36fd50bad5eb8b9475b0a6082d) |
|---|---|
| 1/* 2 * Copyright (c) 2002 Luigi Rizzo, Universita` di Pisa 3 * 4 * Redistribution and use in source and binary forms, with or without 5 * modification, are permitted provided that the following conditions 6 * are met: 7 * 1. Redistributions of source code must retain the above copyright 8 * notice, this list of conditions and the following disclaimer. --- 14 unchanged lines hidden (view full) --- 23 * SUCH DAMAGE. 24 * 25 * $FreeBSD$ 26 */ 27 28#ifndef _IPFW2_H 29#define _IPFW2_H 30#define IPFW2 1 | 1/* 2 * Copyright (c) 2002 Luigi Rizzo, Universita` di Pisa 3 * 4 * Redistribution and use in source and binary forms, with or without 5 * modification, are permitted provided that the following conditions 6 * are met: 7 * 1. Redistributions of source code must retain the above copyright 8 * notice, this list of conditions and the following disclaimer. --- 14 unchanged lines hidden (view full) --- 23 * SUCH DAMAGE. 24 * 25 * $FreeBSD$ 26 */ 27 28#ifndef _IPFW2_H 29#define _IPFW2_H 30#define IPFW2 1 |
| 31 |
|
| 31/* 32 * The kernel representation of ipfw rules is made of a list of 33 * 'instructions' (for all practical purposes equivalent to BPF 34 * instructions), which specify which fields of the packet 35 * (or its metadata) should be analysed. 36 * 37 * Each instruction is stored in a structure which begins with 38 * "ipfw_insn", and can contain extra fields depending on the --- 376 unchanged lines hidden (view full) --- 415 */ 416struct ip_fw_args { 417 struct mbuf *m; /* the mbuf chain */ 418 struct ifnet *oif; /* output interface */ 419 struct sockaddr_in *next_hop; /* forward address */ 420 struct ip_fw *rule; /* matching rule */ 421 struct ether_header *eh; /* for bridged packets */ 422 | 32/* 33 * The kernel representation of ipfw rules is made of a list of 34 * 'instructions' (for all practical purposes equivalent to BPF 35 * instructions), which specify which fields of the packet 36 * (or its metadata) should be analysed. 37 * 38 * Each instruction is stored in a structure which begins with 39 * "ipfw_insn", and can contain extra fields depending on the --- 376 unchanged lines hidden (view full) --- 416 */ 417struct ip_fw_args { 418 struct mbuf *m; /* the mbuf chain */ 419 struct ifnet *oif; /* output interface */ 420 struct sockaddr_in *next_hop; /* forward address */ 421 struct ip_fw *rule; /* matching rule */ 422 struct ether_header *eh; /* for bridged packets */ 423 |
| 423 struct route *ro; /* for dummynet */ 424 struct sockaddr_in *dst; /* for dummynet */ | |
| 425 int flags; /* for dummynet */ 426 427 struct ipfw_flow_id f_id; /* grabbed from IP header */ 428 u_int32_t retval; 429}; 430 431/* 432 * Function definitions. 433 */ 434 435/* Firewall hooks */ 436struct sockopt; 437struct dn_flow_set; 438 | 424 int flags; /* for dummynet */ 425 426 struct ipfw_flow_id f_id; /* grabbed from IP header */ 427 u_int32_t retval; 428}; 429 430/* 431 * Function definitions. 432 */ 433 434/* Firewall hooks */ 435struct sockopt; 436struct dn_flow_set; 437 |
| 438int ipfw_check_in(void *, struct mbuf **, struct ifnet *, int); 439int ipfw_check_out(void *, struct mbuf **, struct ifnet *, int); 440 441int ipfw_chk(struct ip_fw_args *); 442 443int ipfw_init(void); 444void ipfw_destroy(void); 445 |
|
| 439void flush_pipe_ptrs(struct dn_flow_set *match); /* used by dummynet */ 440 | 446void flush_pipe_ptrs(struct dn_flow_set *match); /* used by dummynet */ 447 |
| 441typedef int ip_fw_chk_t (struct ip_fw_args *args); 442typedef int ip_fw_ctl_t (struct sockopt *); 443extern ip_fw_chk_t *ip_fw_chk_ptr; | 448typedef int ip_fw_ctl_t(struct sockopt *); |
| 444extern ip_fw_ctl_t *ip_fw_ctl_ptr; 445extern int fw_one_pass; | 449extern ip_fw_ctl_t *ip_fw_ctl_ptr; 450extern int fw_one_pass; |
| 446extern int fw_enable; | 451 452/* For kernel ipfw_ether and ipfw_bridge. */ 453typedef int ip_fw_chk_t(struct ip_fw_args *args); 454extern ip_fw_chk_t *ip_fw_chk_ptr; |
| 447#define IPFW_LOADED (ip_fw_chk_ptr != NULL) | 455#define IPFW_LOADED (ip_fw_chk_ptr != NULL) |
| 448#endif /* _KERNEL */ | |
| 449 | 456 |
| 457#endif /* _KERNEL */ |
|
| 450#endif /* _IPFW2_H */ | 458#endif /* _IPFW2_H */ |