xref: /illumos-gate/usr/src/uts/common/inet/ipf/netinet/ip_compat.h (revision 89a7715a55deca73d03076f5c24463717f0aaa91)
1 /*
2  * Copyright (C) 1993-2001, 2003 by Darren Reed.
3  *
4  * See the IPFILTER.LICENCE file for details on licencing.
5  *
6  * @(#)ip_compat.h	1.8 1/14/96
7  * $Id: ip_compat.h,v 2.142.2.30 2005/08/11 15:13:49 darrenr Exp $
8  *
9  * Copyright 2007 Sun Microsystems, Inc.  All rights reserved.
10  * Use is subject to license terms.
11  */
12 
13 #pragma ident	"%Z%%M%	%I%	%E% SMI"
14 
15 #ifndef	__IP_COMPAT_H__
16 #define	__IP_COMPAT_H__
17 
18 #ifndef	__P
19 # ifdef	__STDC__
20 #  define	__P(x)  x
21 # else
22 #  define	__P(x)  ()
23 # endif
24 #endif
25 #ifndef	__STDC__
26 # undef		const
27 # define	const
28 #endif
29 
30 #if defined(_KERNEL) || defined(KERNEL) || defined(__KERNEL__)
31 # undef	KERNEL
32 # undef	_KERNEL
33 # undef 	__KERNEL__
34 # define	KERNEL
35 # define	_KERNEL
36 # define 	__KERNEL__
37 #endif
38 
39 #ifndef	SOLARIS
40 #define	SOLARIS	(defined(sun) && (defined(__svr4__) || defined(__SVR4)))
41 #endif
42 #if SOLARIS2 >= 8
43 # ifndef	USE_INET6
44 #  define	USE_INET6
45 # endif
46 #endif
47 #if defined(__FreeBSD_version) && (__FreeBSD_version >= 400000) && \
48     !defined(_KERNEL) && !defined(USE_INET6) && !defined(NOINET6)
49 # define	USE_INET6
50 #endif
51 #if defined(__NetBSD_Version__) && (__NetBSD_Version__ >= 105000000) && \
52     !defined(_KERNEL) && !defined(USE_INET6)
53 # define	USE_INET6
54 # define	IPFILTER_M_IPFILTER
55 #endif
56 #if defined(OpenBSD) && (OpenBSD >= 200206) && \
57     !defined(_KERNEL) && !defined(USE_INET6)
58 # define	USE_INET6
59 #endif
60 #if defined(__osf__)
61 # define	USE_INET6
62 #endif
63 #if defined(linux) && (!defined(_KERNEL) || defined(CONFIG_IPV6))
64 # define	USE_INET6
65 #endif
66 #if defined(HPUXREV) && (HPUXREV >= 1111)
67 # define	USE_INET6
68 #endif
69 
70 #if defined(BSD) && (BSD < 199103) && defined(__osf__)
71 # undef BSD
72 # define BSD 199103
73 #endif
74 
75 #if defined(__SVR4) || defined(__svr4__) || defined(__sgi)
76 # define index   strchr
77 # if !defined(_KERNEL)
78 #  define	bzero(a,b)	memset(a,0,b)
79 #  define	bcmp		memcmp
80 #  define	bcopy(a,b,c)	memmove(b,a,c)
81 # endif
82 #endif
83 
84 #ifndef LIFNAMSIZ
85 # ifdef IF_NAMESIZE
86 #  define	LIFNAMSIZ	IF_NAMESIZE
87 # else
88 #  ifdef	IFNAMSIZ
89 #   define	LIFNAMSIZ	IFNAMSIZ
90 #  else
91 #   define	LIFNAMSIZ	16
92 #  endif
93 # endif
94 #endif
95 
96 #if defined(__sgi) || defined(bsdi) || defined(__hpux) || defined(hpux)
97 struct  ether_addr {
98         u_char  ether_addr_octet[6];
99 };
100 #endif
101 
102 #if defined(__sgi) && !defined(IPFILTER_LKM)
103 # ifdef __STDC__
104 #  define IPL_EXTERN(ep) ipfilter##ep
105 # else
106 #  define IPL_EXTERN(ep) ipfilter/**/ep
107 # endif
108 #else
109 # ifdef __STDC__
110 #  define IPL_EXTERN(ep) ipl##ep
111 # else
112 #  define IPL_EXTERN(ep) ipl/**/ep
113 # endif
114 #endif
115 
116 /*
117  * This is a workaround for <sys/uio.h> troubles on FreeBSD and OpenBSD.
118  */
119 #ifndef linux
120 # ifndef _KERNEL
121 #  define ADD_KERNEL
122 #  define _KERNEL
123 #  define KERNEL
124 # endif
125 # ifdef __OpenBSD__
126 struct file;
127 # endif
128 # include <sys/uio.h>
129 # ifdef ADD_KERNEL
130 #  undef _KERNEL
131 #  undef KERNEL
132 # endif
133 #endif
134 
135 
136 /* ----------------------------------------------------------------------- */
137 /*                                  S O L A R I S                          */
138 /* ----------------------------------------------------------------------- */
139 #if SOLARIS
140 # define	MENTAT	1
141 # include	<sys/cmn_err.h>
142 # include	<sys/isa_defs.h>
143 # include	<sys/stream.h>
144 # include	<sys/ioccom.h>
145 # include	<sys/sysmacros.h>
146 # include	<sys/kmem.h>
147 # if SOLARIS2 >= 10
148 #  include	<sys/procset.h>
149 #  include	<sys/proc.h>
150 #  include	<sys/devops.h>
151 #  include	<sys/ddi_impldefs.h>
152 #  include	<sys/neti.h>
153 # endif
154 
155 /*
156  * inet/ip.h would end up including radix.h with _KERNEL, which is not
157  * what the tools intend, so include radix.h first.
158  */
159 #if SOLARIS2 > 10
160 # include <net/radix.h>
161 #endif
162 /*
163  * because Solaris 2 defines these in two places :-/
164  */
165 # ifndef	KERNEL
166 #  define	ADD_KERNEL
167 #  define	_KERNEL
168 #  undef	RES_INIT
169 # endif /* _KERNEL */
170 
171 # if SOLARIS2 >= 8
172 #  include <netinet/ip6.h>
173 #  include <netinet/icmp6.h>
174 # endif
175 
176 # include <inet/common.h>
177 /* These 5 are defined in <inet/ip.h> and <netinet/ip.h> */
178 # undef	IPOPT_EOL
179 # undef	IPOPT_NOP
180 # undef	IPOPT_LSRR
181 # undef	IPOPT_RR
182 # undef	IPOPT_SSRR
183 # ifdef i386
184 #  define _SYS_PROMIF_H
185 # endif
186 # ifdef ADD_KERNEL
187 #  undef _KERNEL
188 # endif
189 # include <inet/ip.h>
190 # undef COPYOUT
191 # include <inet/ip_ire.h>
192 # ifndef	KERNEL
193 #  undef	_KERNEL
194 # endif
195 # if SOLARIS2 >= 8
196 #  define SNPRINTF	snprintf
197 
198 #  include <inet/ip_if.h>
199 #  define	ipif_local_addr	ipif_lcl_addr
200 /* Only defined in private include file */
201 #  ifndef	V4_PART_OF_V6
202 #   define	V4_PART_OF_V6(v6)	v6.s6_addr32[3]
203 #  endif
204 struct ip6_ext {
205 	u_char	ip6e_nxt;
206 	u_char	ip6e_len;
207 };
208 # endif /* SOLARIS2 >= 8 */
209 
210 # ifdef FW_HOOKS
211 
212 #  define	SOLARIS_PFHOOKS	1
213 
214 typedef	struct	qpktinfo	{
215 	/* data that changes per-packet */
216 	void		*qpi_ill;	/* COPIED */
217 	mblk_t		*qpi_m;
218 	void		*qpi_data;	/* where layer 3 header starts */
219 	size_t		qpi_off;
220 	int		qpi_flags;
221 } qpktinfo_t;
222 
223 #define	QPI_NOCKSUM	0x01
224 
225 extern void mb_copydata __P((mblk_t *, size_t , size_t, char *));
226 extern void mb_copyback __P((mblk_t *, size_t , size_t, char *));
227 # endif
228 
229 # if SOLARIS2 >= 6
230 #  include <sys/atomic.h>
231 typedef	uint32_t	u_32_t;
232 # else
233 typedef unsigned int	u_32_t;
234 # endif
235 # define	U_32_T	1
236 
237 # ifdef _KERNEL
238 #  define	KRWLOCK_T		krwlock_t
239 #  define	KMUTEX_T		kmutex_t
240 #  if SOLARIS2 >= 6
241 #   if SOLARIS2 == 6
242 #    define	ATOMIC_INCL(x)		atomic_add_long((uint32_t*)&(x), 1)
243 #    define	ATOMIC_DECL(x)		atomic_add_long((uint32_t*)&(x), -1)
244 #   else
245 #    define	ATOMIC_INCL(x)		atomic_add_long(&(x), 1)
246 #    define	ATOMIC_DECL(x)		atomic_add_long(&(x), -1)
247 #   endif /* SOLARIS2 == 6 */
248 #   define	ATOMIC_INC64(x)		atomic_add_64((uint64_t*)&(x), 1)
249 #   define	ATOMIC_INC32(x)		atomic_add_32((uint32_t*)&(x), 1)
250 #   define	ATOMIC_INC16(x)		atomic_add_16((uint16_t*)&(x), 1)
251 #   define	ATOMIC_DEC64(x)		atomic_add_64((uint64_t*)&(x), -1)
252 #   define	ATOMIC_DEC32(x)		atomic_add_32((uint32_t*)&(x), -1)
253 #   define	ATOMIC_DEC16(x)		atomic_add_16((uint16_t*)&(x), -1)
254 #  else
255 #   define	ATOMIC_INC(x)		{ mutex_enter(&ipf_rw); (x)++; \
256 					  mutex_exit(&ipf_rw); }
257 #   define	ATOMIC_DEC(x)		{ mutex_enter(&ipf_rw); (x)--; \
258 					  mutex_exit(&ipf_rw); }
259 #  endif /* SOLARIS2 >= 6 */
260 #  define	USE_MUTEXES
261 #  define	MUTEX_ENTER(x)		mutex_enter(&(x)->ipf_lk)
262 #  define	READ_ENTER(x)		rw_enter(&(x)->ipf_lk, RW_READER)
263 #  define	WRITE_ENTER(x)		rw_enter(&(x)->ipf_lk, RW_WRITER)
264 #  define	MUTEX_DOWNGRADE(x)	rw_downgrade(&(x)->ipf_lk)
265 #  define	RWLOCK_INIT(x, y)	rw_init(&(x)->ipf_lk, (y),  \
266 						RW_DRIVER, NULL)
267 #  define	RWLOCK_EXIT(x)		rw_exit(&(x)->ipf_lk)
268 #  define	RW_DESTROY(x)		rw_destroy(&(x)->ipf_lk)
269 #  define	MUTEX_INIT(x, y)	mutex_init(&(x)->ipf_lk, (y), \
270 						   MUTEX_DRIVER, NULL)
271 #  define	MUTEX_DESTROY(x)	mutex_destroy(&(x)->ipf_lk)
272 #  define	MUTEX_NUKE(x)		bzero((x), sizeof(*(x)))
273 #  define	MUTEX_EXIT(x)		mutex_exit(&(x)->ipf_lk)
274 #  define	COPYIN(a,b,c)	copyin((caddr_t)(a), (caddr_t)(b), (c))
275 #  define	COPYOUT(a,b,c)	copyout((caddr_t)(a), (caddr_t)(b), (c))
276 #  define	BCOPYIN(a,b,c)	(void) copyin((caddr_t)(a), (caddr_t)(b), (c))
277 #  define	BCOPYOUT(a,b,c)	(void) copyout((caddr_t)(a), (caddr_t)(b), (c))
278 #  define	UIOMOVE(a,b,c,d)	uiomove((caddr_t)a,b,c,d)
279 #  define	KFREE(x)	kmem_free((char *)(x), sizeof(*(x)))
280 #  define	KFREES(x,s)	kmem_free((char *)(x), (s))
281 #  define	SPL_NET(x)	;
282 #  define	SPL_IMP(x)	;
283 #  undef	SPL_X
284 #  define	SPL_X(x)	;
285 #  ifdef sparc
286 #   define	ntohs(x)	(x)
287 #   define	ntohl(x)	(x)
288 #   define	htons(x)	(x)
289 #   define	htonl(x)	(x)
290 #  endif /* sparc */
291 #  define	KMALLOC(a,b)	(a) = (b)kmem_alloc(sizeof(*(a)), KM_NOSLEEP)
292 #  define	KMALLOCS(a,b,c)	(a) = (b)kmem_alloc((c), KM_NOSLEEP)
293 #  define	GET_MINOR(x)	getminor(x)
294 /*extern	phy_if_t	get_unit __P((char *, int, ipf_stack_t *));*/
295 #  define	GETIFP(n, v, ifs)	(void *)get_unit(n, v, ifs)
296 #  define	IFNAME(x)	((ill_t *)x)->ill_name
297 #  define	COPYIFNAME(x, b, v)	(void) net_getifname(((v) == 4) ? \
298 					ifs->ifs_ipf_ipv4 : ifs->ifs_ipf_ipv6,\
299 					(phy_if_t)(x), (b), sizeof(b))
300 #  define	GETKTIME(x)	uniqtime((struct timeval *)x)
301 #  define	MSGDSIZE(x)	msgdsize(x)
302 #  define	M_LEN(x)	((x)->b_wptr - (x)->b_rptr)
303 #  define	M_DUPLICATE(x)	dupmsg((x))
304 #  define	MTOD(m,t)	((t)((m)->b_rptr))
305 #  define	MTYPE(m)	((m)->b_datap->db_type)
306 #  define	FREE_MB_T(m)	freemsg(m)
307 #  define	m_next		b_cont
308 #  define	CACHE_HASH(x)	(((phy_if_t)(x)->fin_ifp) & 7)
309 #  define	IPF_PANIC(x,y)	if (x) { printf y; cmn_err(CE_PANIC, "ipf_panic"); }
310 typedef mblk_t mb_t;
311 # endif /* _KERNEL */
312 
313 # if (SOLARIS2 >= 7)
314 #  ifdef lint
315 #   define ALIGN32(ptr)    (ptr ? 0L : 0L)
316 #   define ALIGN16(ptr)    (ptr ? 0L : 0L)
317 #  else
318 #   define ALIGN32(ptr)    (ptr)
319 #   define ALIGN16(ptr)    (ptr)
320 #  endif
321 # endif
322 
323 # if SOLARIS2 < 6
324 typedef	struct uio	uio_t;
325 # endif
326 typedef	int		ioctlcmd_t;
327 
328 # define OS_RECOGNISED 1
329 
330 #endif /* SOLARIS */
331 
332 /* ----------------------------------------------------------------------- */
333 /*                                  H P U X                                */
334 /* ----------------------------------------------------------------------- */
335 #ifdef __hpux
336 # define	MENTAT	1
337 # include	<sys/sysmacros.h>
338 # include	<sys/spinlock.h>
339 # include	<sys/lock.h>
340 # include	<sys/stream.h>
341 # ifdef USE_INET6
342 #  include	<netinet/if_ether.h>
343 #  include	<netinet/ip6.h>
344 #  include	<netinet/icmp6.h>
345 typedef	struct	ip6_hdr	ip6_t;
346 # endif
347 
348 # ifdef _KERNEL
349 #  define SNPRINTF	sprintf
350 #  if (HPUXREV >= 1111)
351 #   define	IPL_SELECT
352 #   ifdef	IPL_SELECT
353 #    include	<machine/sys/user.h>
354 #    include	<sys/kthread_iface.h>
355 #    define	READ_COLLISION	0x01
356 
357 typedef	struct	iplog_select_s {
358 	kthread_t	*read_waiter;
359 	int		state;
360 } iplog_select_t;
361 #   endif
362 #  endif
363 
364 #  define	GETKTIME(x)	uniqtime((struct timeval *)x)
365 
366 #  if HPUXREV == 1111
367 #   include	"kern_svcs.h"
368 #  else
369 #   include	<sys/kern_svcs.h>
370 #  endif
371 #  undef	ti_flags
372 #  undef	TCP_NODELAY
373 #  undef	TCP_MAXSEG
374 #  include <sys/reg.h>
375 #  include "../netinet/ip_info.h"
376 /*
377  * According to /usr/include/sys/spinlock.h on HP-UX 11.00, these functions
378  * are available.  Attempting to use them actually results in unresolved
379  * symbols when it comes time to load the module.
380  * This has been fixed!  Yipee!
381  */
382 #  if 1
383 #   ifdef __LP64__
384 #    define	ATOMIC_INCL(x)		lock_and_incr_int64(&ipf_rw.ipf_lk, &(x), 1)
385 #    define	ATOMIC_DECL(x)		lock_and_incr_int64(&ipf_rw.ipf_lk, &(x), -1)
386 #   else
387 #    define	ATOMIC_INCL(x)		lock_and_incr_int32(&ipf_rw.ipf_lk, &(x), 1)
388 #    define	ATOMIC_DECL(x)		lock_and_incr_int32(&ipf_rw.ipf_lk, &(x), -1)
389 #   endif
390 #   define	ATOMIC_INC64(x)		lock_and_incr_int64(&ipf_rw.ipf_lk, &(x), 1)
391 #   define	ATOMIC_INC32(x)		lock_and_incr_int32(&ipf_rw.ipf_lk, &(x), 1)
392 #   define	ATOMIC_INC16(x)		lock_and_incr_int16(&ipf_rw.ipf_lk, &(x), 1)
393 #   define	ATOMIC_DEC64(x)		lock_and_incr_int64(&ipf_rw.ipf_lk, &(x), -1)
394 #   define	ATOMIC_DEC32(x)		lock_and_incr_int32(&ipf_rw.ipf_lk, &(x), -1)
395 #   define	ATOMIC_DEC16(x)		lock_and_incr_int16(&ipf_rw.ipf_lk, &(x), -1)
396 #  else /* 0 */
397 #   define	ATOMIC_INC64(x)		{ MUTEX_ENTER(&ipf_rw); (x)++; \
398 					  MUTEX_EXIT(&ipf_rw); }
399 #   define	ATOMIC_DEC64(x)		{ MUTEX_ENTER(&ipf_rw); (x)--; \
400 					  MUTEX_EXIT(&ipf_rw); }
401 #   define	ATOMIC_INC32(x)		{ MUTEX_ENTER(&ipf_rw); (x)++; \
402 					  MUTEX_EXIT(&ipf_rw); }
403 #   define	ATOMIC_DEC32(x)		{ MUTEX_ENTER(&ipf_rw); (x)--; \
404 					  MUTEX_EXIT(&ipf_rw); }
405 #   define	ATOMIC_INCL(x)		{ MUTEX_ENTER(&ipf_rw); (x)++; \
406 					  MUTEX_EXIT(&ipf_rw); }
407 #   define	ATOMIC_DECL(x)		{ MUTEX_ENTER(&ipf_rw); (x)--; \
408 					  MUTEX_EXIT(&ipf_rw); }
409 #   define	ATOMIC_INC(x)		{ MUTEX_ENTER(&ipf_rw); (x)++; \
410 					  MUTEX_EXIT(&ipf_rw); }
411 #   define	ATOMIC_DEC(x)		{ MUTEX_ENTER(&ipf_rw); (x)--; \
412 					  MUTEX_EXIT(&ipf_rw); }
413 #  endif
414 #  define	ip_cksum		ip_csuma
415 #  define	memcpy(a,b,c)		bcopy((caddr_t)b, (caddr_t)a, c)
416 #  define	USE_MUTEXES
417 #  define	MUTEX_INIT(x, y)	initlock(&(x)->ipf_lk, 0, 0, (y))
418 #  define	MUTEX_ENTER(x)		spinlock(&(x)->ipf_lk)
419 #  define	MUTEX_EXIT(x)		spinunlock(&(x)->ipf_lk);
420 #  define	MUTEX_DESTROY(x)
421 #  define	MUTEX_NUKE(x)		bzero((char *)(x), sizeof(*(x)))
422 #  define	KMUTEX_T		lock_t
423 #  define	kmutex_t		lock_t		/* for pfil.h */
424 #  define	krwlock_t		lock_t		/* for pfil.h */
425 /*
426  * The read-write lock implementation in HP-UX 11.0 is crippled - it can
427  * only be used by threads working in a user context!
428  * This has been fixed!  Yipee! (Or at least it does in 11.00, not 11.11..)
429  */
430 #  if HPUXREV < 1111
431 #   define	MUTEX_DOWNGRADE(x)	lock_write_to_read(x)
432 #   define	KRWLOCK_T		struct rw_lock
433 #   define	READ_ENTER(x)		lock_read(&(x)->ipf_lk)
434 #   define	WRITE_ENTER(x)		lock_write(&(x)->ipf_lk)
435 #   if HPUXREV >= 1111
436 #    define	RWLOCK_INIT(x, y)	rwlock_init4(&(x)->ipf_lk, 0, RWLCK_CANSLEEP, 0, y)
437 #   else
438 #    define	RWLOCK_INIT(x, y)	lock_init3(&(x)->ipf_lk, 0, 1, 0, 0, y)
439 #   endif
440 #   define	RWLOCK_EXIT(x)		lock_done(&(x)->ipf_lk)
441 #  else
442 #   define	KRWLOCK_T		lock_t
443 #   define	KMUTEX_T		lock_t
444 #   define	READ_ENTER(x)		MUTEX_ENTER(x)
445 #   define	WRITE_ENTER(x)		MUTEX_ENTER(x)
446 #   define	MUTEX_DOWNGRADE(x)
447 #   define	RWLOCK_INIT(x, y)	initlock(&(x)->ipf_lk, 0, 0, y)
448 #   define	RWLOCK_EXIT(x)		MUTEX_EXIT(x)
449 #  endif
450 #  define	RW_DESTROY(x)
451 #  define	COPYIN(a,b,c)	copyin((caddr_t)(a), (caddr_t)(b), (c))
452 #  define	COPYOUT(a,b,c)	copyout((caddr_t)(a), (caddr_t)(b), (c))
453 #  if HPUXREV >= 1111
454 #   define	BCOPYIN(a,b,c)	0; bcopy((caddr_t)(a), (caddr_t)(b), (c))
455 #   define	BCOPYOUT(a,b,c)	0; bcopy((caddr_t)(a), (caddr_t)(b), (c))
456 #  else
457 #   define	BCOPYIN(a,b,c)	bcopy((caddr_t)(a), (caddr_t)(b), (c))
458 #   define	BCOPYOUT(a,b,c)	bcopy((caddr_t)(a), (caddr_t)(b), (c))
459 #  endif
460 #  define	SPL_NET(x)	;
461 #  define	SPL_IMP(x)	;
462 #  undef	SPL_X
463 #  define	SPL_X(x)	;
464 /*extern	void	*get_unit __P((char *, int, ipf_stack_t *));*/
465 #  define	GETIFP(n, v, ifs)	get_unit(n, v, ifs)
466 #  define	IFNAME(x, b)	((ill_t *)x)->ill_name
467 #  define	COPYIFNAME(x, b, v) \
468 				strncpy(b, ((ifinfo_t *)x)->ifi_name, \
469 					LIFNAMSIZ)
470 #  define	UIOMOVE(a,b,c,d)	uiomove((caddr_t)a,b,c,d)
471 #  define	SLEEP(id, n)	{ lock_t *_l = get_sleep_lock((caddr_t)id); \
472 				  sleep(id, PZERO+1); \
473 				  spinunlock(_l); \
474 				}
475 #  define	WAKEUP(id,x)	{ lock_t *_l = get_sleep_lock((caddr_t)id); \
476 				  wakeup(id + x); \
477 				  spinunlock(_l); \
478 				}
479 #  define	KMALLOC(a, b)	MALLOC((a), b, sizeof(*(a)), M_IOSYS, M_NOWAIT)
480 #  define	KMALLOCS(a, b, c)	MALLOC((a), b, (c), M_IOSYS, M_NOWAIT)
481 #  define	KFREE(x)	kmem_free((char *)(x), sizeof(*(x)))
482 #  define	KFREES(x,s)	kmem_free((char *)(x), (s))
483 #  define	MSGDSIZE(x)	msgdsize(x)
484 #  define	M_LEN(x)	((x)->b_wptr - (x)->b_rptr)
485 #  define	M_DUPLICATE(x)	dupmsg((x))
486 #  define	MTOD(m,t)	((t)((m)->b_rptr))
487 #  define	MTYPE(m)	((m)->b_datap->db_type)
488 #  define	FREE_MB_T(m)	freemsg(m)
489 #  define	m_next		b_cont
490 #  define	IPF_PANIC(x,y)	if (x) { printf y; panic("ipf_panic"); }
491 typedef mblk_t mb_t;
492 
493 #  define	CACHE_HASH(x)	(((phy_if_t)(x)->fin_ifp) & 7)
494 
495 #  include "qif.h"
496 #  include "pfil.h"
497 
498 # else /* _KERNEL */
499 
500 typedef	unsigned char uchar_t;
501 
502 #  ifndef	_SYS_STREAM_INCLUDED
503 typedef char * mblk_t;
504 typedef void * queue_t;
505 typedef	u_long ulong;
506 #  endif
507 #  include <netinet/ip_info.h>
508 
509 # endif /* _KERNEL */
510 
511 # ifdef lint
512 #  define ALIGN32(ptr)    (ptr ? 0L : 0L)
513 #  define ALIGN16(ptr)    (ptr ? 0L : 0L)
514 # else
515 #  define ALIGN32(ptr)    (ptr)
516 #  define ALIGN16(ptr)    (ptr)
517 # endif
518 
519 typedef	struct uio	uio_t;
520 typedef	int		ioctlcmd_t;
521 typedef	int		minor_t;
522 typedef unsigned int	u_32_t;
523 # define	U_32_T	1
524 
525 # define OS_RECOGNISED 1
526 
527 #endif /* __hpux */
528 
529 /* ----------------------------------------------------------------------- */
530 /*                                  I R I X                                */
531 /* ----------------------------------------------------------------------- */
532 #ifdef __sgi
533 # undef		MENTAT
534 # if IRIX < 60500
535 typedef	struct uio	uio_t;
536 # endif
537 typedef	int		ioctlcmd_t;
538 typedef u_int32_t       u_32_t;
539 # define	U_32_T	1
540 
541 # ifdef INET6
542 #  define USE_INET6
543 # endif
544 
545 # define  hz HZ
546 # include <sys/ksynch.h>
547 # define	IPF_LOCK_PL	plhi
548 # include <sys/sema.h>
549 # undef kmutex_t
550 typedef struct {
551 	lock_t *l;
552 	int pl;
553 } kmutex_t;
554 
555 # ifdef MUTEX_INIT
556 #  define	KMUTEX_T		mutex_t
557 # else
558 #  define	KMUTEX_T		kmutex_t
559 #  define	KRWLOCK_T		kmutex_t
560 # endif
561 
562 # ifdef _KERNEL
563 #  define	ATOMIC_INC(x)		{ MUTEX_ENTER(&ipf_rw); \
564 					  (x)++; MUTEX_EXIT(&ipf_rw); }
565 #  define	ATOMIC_DEC(x)		{ MUTEX_ENTER(&ipf_rw); \
566 					  (x)--; MUTEX_EXIT(&ipf_rw); }
567 #  define	USE_MUTEXES
568 #  ifdef MUTEX_INIT
569 #   include <sys/atomic_ops.h>
570 #   define	ATOMIC_INCL(x)		atomicAddUlong(&(x), 1)
571 #   define	ATOMIC_INC64(x)		atomicAddUint64(&(x), 1)
572 #   define	ATOMIC_INC32(x)		atomicAddUint(&(x), 1)
573 #   define	ATOMIC_INC16		ATOMIC_INC
574 #   define	ATOMIC_DECL(x)		atomicAddUlong(&(x), -1)
575 #   define	ATOMIC_DEC64(x)		atomicAddUint64(&(x), -1)
576 #   define	ATOMIC_DEC32(x)		atomicAddUint(&(x), -1)
577 #   define	ATOMIC_DEC16		ATOMIC_DEC
578 #   undef	MUTEX_INIT
579 #   define	MUTEX_INIT(x, y)	mutex_init(&(x)->ipf_lk,  \
580 						   MUTEX_DEFAULT, y)
581 #   undef	MUTEX_ENTER
582 #   define	MUTEX_ENTER(x)		mutex_lock(&(x)->ipf_lk, 0)
583 #   undef	MUTEX_EXIT
584 #   define	MUTEX_EXIT(x)		mutex_unlock(&(x)->ipf_lk)
585 #   undef	MUTEX_DESTROY
586 #   define	MUTEX_DESTROY(x)	mutex_destroy(&(x)->ipf_lk)
587 #   define	MUTEX_DOWNGRADE(x)	mrdemote(&(x)->ipf_lk)
588 #   define	KRWLOCK_T		mrlock_t
589 #   define	RWLOCK_INIT(x, y)	mrinit(&(x)->ipf_lk, y)
590 #   undef	RW_DESTROY
591 #   define	RW_DESTROY(x)		mrfree(&(x)->ipf_lk)
592 #   define	READ_ENTER(x)		RW_RDLOCK(&(x)->ipf_lk)
593 #   define	WRITE_ENTER(x)		RW_WRLOCK(&(x)->ipf_lk)
594 #   define	RWLOCK_EXIT(x)		RW_UNLOCK(&(x)->ipf_lk)
595 #  else
596 #   define	READ_ENTER(x)		MUTEX_ENTER(&(x)->ipf_lk)
597 #   define	WRITE_ENTER(x)		MUTEX_ENTER(&(x)->ipf_lk)
598 #   define	MUTEX_DOWNGRADE(x)	;
599 #   define	RWLOCK_EXIT(x)		MUTEX_EXIT(&(x)->ipf_lk)
600 #   define	MUTEX_EXIT(x)		UNLOCK((x)->ipf_lk.l, (x)->ipf_lk.pl);
601 #   define	MUTEX_INIT(x,y)		(x)->ipf_lk.l = LOCK_ALLOC((uchar_t)-1, IPF_LOCK_PL, (lkinfo_t *)-1, KM_NOSLEEP)
602 #   define	MUTEX_DESTROY(x)	LOCK_DEALLOC((x)->ipf_lk.l)
603 #   define	MUTEX_ENTER(x)		(x)->ipf_lk.pl = LOCK((x)->ipf_lk.l, \
604 							      IPF_LOCK_PL);
605 #  endif
606 #  define	MUTEX_NUKE(x)		bzero((x), sizeof(*(x)))
607 #  define	FREE_MB_T(m)	m_freem(m)
608 #  define	MTOD(m,t)	mtod(m,t)
609 #  define	COPYIN(a,b,c)	(bcopy((caddr_t)(a), (caddr_t)(b), (c)), 0)
610 #  define	COPYOUT(a,b,c)	(bcopy((caddr_t)(a), (caddr_t)(b), (c)), 0)
611 #  define	BCOPYIN(a,b,c)	(bcopy((caddr_t)(a), (caddr_t)(b), (c)), 0)
612 #  define	BCOPYOUT(a,b,c)	(bcopy((caddr_t)(a), (caddr_t)(b), (c)), 0)
613 #  define	UIOMOVE(a,b,c,d)	uiomove((caddr_t)a,b,c,d)
614 #  define	SLEEP(id, n)	sleep((id), PZERO+1)
615 #  define	WAKEUP(id,x)	wakeup(id+x)
616 #  define	KFREE(x)	kmem_free((char *)(x), sizeof(*(x)))
617 #  define	KFREES(x,s)	kmem_free((char *)(x), (s))
618 #  define	GETIFP(n,v, ifs)	ifunit(n)
619 #  include <sys/kmem.h>
620 #  include <sys/ddi.h>
621 #  define	KMALLOC(a,b)	(a) = (b)kmem_alloc(sizeof(*(a)), KM_NOSLEEP)
622 #  define	KMALLOCS(a,b,c)	(a) = (b)kmem_alloc((c), KM_NOSLEEP)
623 #  define	GET_MINOR(x)	getminor(x)
624 #  define	USE_SPL		1
625 #  define	SPL_IMP(x)	(x) = splimp()
626 #  define	SPL_NET(x)	(x) = splnet()
627 #  define	SPL_X(x)	(void) splx(x)
628 extern	void	m_copydata __P((struct mbuf *, int, int, caddr_t));
629 extern	void	m_copyback __P((struct mbuf *, int, int, caddr_t));
630 #  define	MSGDSIZE(x)	mbufchainlen(x)
631 #  define	M_LEN(x)	(x)->m_len
632 #  define	M_DUPLICATE(x)	m_copy((x), 0, M_COPYALL)
633 #  define	GETKTIME(x)	microtime((struct timeval *)x)
634 #  define	CACHE_HASH(x)	((IFNAME(fin->fin_ifp)[0] + \
635 				  ((struct ifnet *)fin->fin_ifp)->if_unit) & 7)
636 #  define	IPF_PANIC(x,y)	if (x) { printf y; panic("ipf_panic"); }
637 typedef struct mbuf mb_t;
638 # else
639 #  undef RW_DESTROY
640 #  undef MUTEX_INIT
641 #  undef MUTEX_DESTROY
642 # endif /* _KERNEL */
643 
644 # define OS_RECOGNISED 1
645 
646 #endif /* __sgi */
647 
648 /* ----------------------------------------------------------------------- */
649 /*                                  T R U 6 4                              */
650 /* ----------------------------------------------------------------------- */
651 #ifdef __osf__
652 # undef		MENTAT
653 
654 # include <kern/lock.h>
655 # include <sys/sysmacros.h>
656 
657 # ifdef _KERNEL
658 #  define	KMUTEX_T		simple_lock_data_t
659 #  define	KRWLOCK_T		lock_data_t
660 #  include <net/net_globals.h>
661 #  define	USE_MUTEXES
662 #  define	READ_ENTER(x)		lock_read(&(x)->ipf_lk)
663 #  define	WRITE_ENTER(x)		lock_write(&(x)->ipf_lk)
664 #  define	MUTEX_DOWNGRADE(x)	lock_write_to_read(&(x)->ipf_lk)
665 #  define	RWLOCK_INIT(x, y)	lock_init(&(x)->ipf_lk, TRUE)
666 #  define	RWLOCK_EXIT(x)		lock_done(&(x)->ipf_lk)
667 #  define	RW_DESTROY(x)		lock_terminate(&(x)->ipf_lk)
668 #  define	MUTEX_ENTER(x)		simple_lock(&(x)->ipf_lk)
669 #  define	MUTEX_INIT(x, y)	simple_lock_init(&(x)->ipf_lk)
670 #  define	MUTEX_DESTROY(x)	simple_lock_terminate(&(x)->ipf_lk)
671 #  define	MUTEX_EXIT(x)		simple_unlock(&(x)->ipf_lk)
672 #  define	MUTEX_NUKE(x)		bzero(x, sizeof(*(x)))
673 #  define	ATOMIC_INC64(x)		atomic_incq((uint64_t*)&(x))
674 #  define	ATOMIC_DEC64(x)		atomic_decq((uint64_t*)&(x))
675 #  define	ATOMIC_INC32(x)		atomic_incl((uint32_t*)&(x))
676 #  define	ATOMIC_DEC32(x)		atomic_decl((uint32_t*)&(x))
677 #  define	ATOMIC_INC16(x)		{ simple_lock(&ipf_rw); (x)++; \
678 					  simple_unlock(&ipf_rw); }
679 #  define	ATOMIC_DEC16(x)		{ simple_lock(&ipf_rw); (x)--; \
680 					  simple_unlock(&ipf_rw); }
681 #  define	ATOMIC_INCL(x)		atomic_incl((uint32_t*)&(x))
682 #  define	ATOMIC_DECL(x)		atomic_decl((uint32_t*)&(x))
683 #  define	ATOMIC_INC(x)		{ simple_lock(&ipf_rw); (x)++; \
684 					  simple_unlock(&ipf_rw); }
685 #  define	ATOMIC_DEC(x)		{ simple_lock(&ipf_rw); (x)--; \
686 					  simple_unlock(&ipf_rw); }
687 #  define	SPL_NET(x)		;
688 #  define	SPL_IMP(x)		;
689 #  undef	SPL_X
690 #  define	SPL_X(x)		;
691 #  define	UIOMOVE(a,b,c,d)	uiomove((caddr_t)a, b, d)
692 #  define	FREE_MB_T(m)		m_freem(m)
693 #  define	MTOD(m,t)		mtod(m,t)
694 #  define	GETIFP(n, v, ifs)	ifunit(n)
695 #  define	GET_MINOR		getminor
696 #  define	WAKEUP(id,x)		wakeup(id + x)
697 #  define	COPYIN(a,b,c)	copyin((caddr_t)(a), (caddr_t)(b), (c))
698 #  define	COPYOUT(a,b,c)	copyout((caddr_t)(a), (caddr_t)(b), (c))
699 #  define	BCOPYIN(a,b,c)	bcopy((caddr_t)(a), (caddr_t)(b), (c))
700 #  define	BCOPYOUT(a,b,c)	bcopy((caddr_t)(a), (caddr_t)(b), (c))
701 #  define	KMALLOC(a, b)	MALLOC((a), b, sizeof(*(a)), M_PFILT, M_NOWAIT)
702 #  define	KMALLOCS(a, b, c)	MALLOC((a), b, (c), M_PFILT, \
703 					    ((c) > 4096) ? M_WAITOK : M_NOWAIT)
704 #  define	KFREE(x)	FREE((x), M_PFILT)
705 #  define	KFREES(x,s)	FREE((x), M_PFILT)
706 #  define	MSGDSIZE(x)	mbufchainlen(x)
707 #  define	M_LEN(x)	(x)->m_len
708 #  define	M_DUPLICATE(x)	m_copy((x), 0, M_COPYALL)
709 #  define	GETKTIME(x)	microtime((struct timeval *)x)
710 #  define	CACHE_HASH(x)	((IFNAME(fin->fin_ifp)[0] + \
711 				  ((struct ifnet *)fin->fin_ifp)->if_unit) & 7)
712 #  define	IPF_PANIC(x,y)	if (x) { printf y; panic("ipf_panic"); }
713 typedef struct mbuf mb_t;
714 # endif /* _KERNEL */
715 
716 # if (defined(_KERNEL) || defined(_NO_BITFIELDS) || (__STDC__ == 1))
717 #  define	IP_V(x)		((x)->ip_vhl >> 4)
718 #  define	IP_HL(x)	((x)->ip_vhl & 0xf)
719 #  define	IP_V_A(x,y)	(x)->ip_vhl |= (((y) << 4) & 0xf0)
720 #  define	IP_HL_A(x,y)	(x)->ip_vhl |= ((y) & 0xf)
721 #  define	TCP_X2(x)	((x)->th_xoff & 0xf)
722 #  define	TCP_X2_A(x,y)	(x)->th_xoff |= ((y) & 0xf)
723 #  define	TCP_OFF(x)	((x)->th_xoff >> 4)
724 #  define	TCP_OFF_A(x,y)	(x)->th_xoff |= (((y) << 4) & 0xf0)
725 # endif
726 
727 /*
728  * These are from's Solaris' #defines for little endian.
729  */
730 #define	IP6F_MORE_FRAG		0x0100
731 #define	IP6F_RESERVED_MASK	0x0600
732 #define	IP6F_OFF_MASK		0xf8ff
733 
734 struct ip6_ext {
735 	u_char	ip6e_nxt;
736 	u_char	ip6e_len;
737 };
738 
739 typedef	int		ioctlcmd_t;
740 /*
741  * Really, any arch where sizeof(long) != sizeof(int).
742  */
743 typedef unsigned int    u_32_t;
744 # define	U_32_T	1
745 
746 # define OS_RECOGNISED 1
747 #endif /* __osf__ */
748 
749 /* ----------------------------------------------------------------------- */
750 /*                                  N E T B S D                            */
751 /* ----------------------------------------------------------------------- */
752 #ifdef __NetBSD__
753 # if defined(_KERNEL) && !defined(IPFILTER_LKM)
754 #  include "bpfilter.h"
755 #  if defined(__NetBSD_Version__) && (__NetBSD_Version__ >= 104110000)
756 #   include "opt_inet.h"
757 #  endif
758 #  ifdef INET6
759 #   define USE_INET6
760 #  endif
761 #  if (__NetBSD_Version__ >= 105000000)
762 #   define HAVE_M_PULLDOWN 1
763 #  endif
764 # endif
765 
766 # ifdef _KERNEL
767 #  define	MSGDSIZE(x)	mbufchainlen(x)
768 #  define	M_LEN(x)	(x)->m_len
769 #  define	M_DUPLICATE(x)	m_copy((x), 0, M_COPYALL)
770 #  define	GETKTIME(x)	microtime((struct timeval *)x)
771 #  define	IPF_PANIC(x,y)	if (x) { printf y; panic("ipf_panic"); }
772 #  define	COPYIN(a,b,c)	copyin((caddr_t)(a), (caddr_t)(b), (c))
773 #  define	COPYOUT(a,b,c)	copyout((caddr_t)(a), (caddr_t)(b), (c))
774 #  define	BCOPYIN(a,b,c)	bcopy((caddr_t)(a), (caddr_t)(b), (c))
775 #  define	BCOPYOUT(a,b,c)	bcopy((caddr_t)(a), (caddr_t)(b), (c))
776 typedef struct mbuf mb_t;
777 # endif /* _KERNEL */
778 # if (NetBSD <= 1991011) && (NetBSD >= 199606)
779 #  define	IFNAME(x)	((struct ifnet *)x)->if_xname
780 #  define	COPYIFNAME(x, b, v) \
781 				(void) strncpy(b, \
782 					       ((struct ifnet *)x)->if_xname, \
783 					       LIFNAMSIZ)
784 #  define	CACHE_HASH(x)	((((struct ifnet *)fin->fin_ifp)->if_index)&7)
785 # else
786 #  define	CACHE_HASH(x)	((IFNAME(fin->fin_ifp)[0] + \
787 				  ((struct ifnet *)fin->fin_ifp)->if_unit) & 7)
788 # endif
789 
790 typedef	struct uio	uio_t;
791 typedef	u_long		ioctlcmd_t;
792 typedef	int		minor_t;
793 typedef	u_int32_t	u_32_t;
794 # define	U_32_T	1
795 
796 # define OS_RECOGNISED 1
797 #endif /* __NetBSD__ */
798 
799 
800 /* ----------------------------------------------------------------------- */
801 /*                                F R E E B S D                            */
802 /* ----------------------------------------------------------------------- */
803 #ifdef __FreeBSD__
804 # if defined(_KERNEL)
805 #  if (__FreeBSD_version >= 500000)
806 #   include "opt_bpf.h"
807 #  else
808 #   include "bpf.h"
809 #  endif
810 #  if defined(__FreeBSD_version) && (__FreeBSD_version >= 400000)
811 #   include "opt_inet6.h"
812 #  endif
813 #  if defined(INET6) && !defined(USE_INET6)
814 #   define USE_INET6
815 #  endif
816 # endif
817 
818 # if defined(_KERNEL)
819 #  if (__FreeBSD_version >= 400000)
820 /*
821  * When #define'd, the 5.2.1 kernel panics when used with the ftp proxy.
822  * There may be other, safe, kernels but this is not extensively tested yet.
823  */
824 #   define HAVE_M_PULLDOWN
825 #  endif
826 #  if !defined(IPFILTER_LKM) && (__FreeBSD_version >= 300000)
827 #   include "opt_ipfilter.h"
828 #  endif
829 #  define	COPYIN(a,b,c)	copyin((caddr_t)(a), (caddr_t)(b), (c))
830 #  define	COPYOUT(a,b,c)	copyout((caddr_t)(a), (caddr_t)(b), (c))
831 #  define	BCOPYIN(a,b,c)	bcopy((caddr_t)(a), (caddr_t)(b), (c))
832 #  define	BCOPYOUT(a,b,c)	bcopy((caddr_t)(a), (caddr_t)(b), (c))
833 
834 #  if (__FreeBSD_version >= 500043)
835 #   define NETBSD_PF
836 #  endif
837 # endif /* _KERNEL */
838 
839 # if (__FreeBSD_version >= 500043)
840 #  include <sys/mutex.h>
841 #  include <sys/sx.h>
842 /*
843  * Whilst the sx(9) locks on FreeBSD have the right semantics and interface
844  * for what we want to use them for, despite testing showing they work -
845  * with a WITNESS kernel, it generates LOR messages.
846  */
847 #  define	KMUTEX_T		struct mtx
848 #  if 1
849 #   define	KRWLOCK_T		struct mtx
850 #  else
851 #   define	KRWLOCK_T		struct sx
852 #  endif
853 # endif
854 
855 # if (__FreeBSD_version >= 501113)
856 #  include <net/if_var.h>
857 #  define	IFNAME(x)	((struct ifnet *)x)->if_xname
858 #  define	COPYIFNAME(x, b) \
859 				(void) strncpy(b, \
860 					       ((struct ifnet *)x)->if_xname, \
861 					       LIFNAMSIZ)
862 # endif
863 # if (__FreeBSD_version >= 500043)
864 #  define	CACHE_HASH(x)	((((struct ifnet *)fin->fin_ifp)->if_index) & 7)
865 # else
866 #  define	CACHE_HASH(x)	((IFNAME(fin->fin_ifp)[0] + \
867 				  ((struct ifnet *)fin->fin_ifp)->if_unit) & 7)
868 # endif
869 
870 # ifdef _KERNEL
871 #  define	GETKTIME(x)	microtime((struct timeval *)x)
872 
873 #  if (__FreeBSD_version >= 500002)
874 #   include <netinet/in_systm.h>
875 #   include <netinet/ip.h>
876 #   include <machine/in_cksum.h>
877 #  endif
878 
879 #  if (__FreeBSD_version >= 500043)
880 #   define	USE_MUTEXES
881 #   define	MUTEX_ENTER(x)		mtx_lock(&(x)->ipf_lk)
882 #   define	MUTEX_EXIT(x)		mtx_unlock(&(x)->ipf_lk)
883 #   define	MUTEX_INIT(x,y)		mtx_init(&(x)->ipf_lk, (y), NULL,\
884 						 MTX_DEF)
885 #   define	MUTEX_DESTROY(x)	mtx_destroy(&(x)->ipf_lk)
886 #   define	MUTEX_NUKE(x)		bzero((x), sizeof(*(x)))
887 /*
888  * Whilst the sx(9) locks on FreeBSD have the right semantics and interface
889  * for what we want to use them for, despite testing showing they work -
890  * with a WITNESS kernel, it generates LOR messages.
891  */
892 #   if 1
893 #    define	READ_ENTER(x)		mtx_lock(&(x)->ipf_lk)
894 #    define	WRITE_ENTER(x)		mtx_lock(&(x)->ipf_lk)
895 #    define	RWLOCK_EXIT(x)		mtx_unlock(&(x)->ipf_lk)
896 #    define	MUTEX_DOWNGRADE(x)	;
897 #    define	RWLOCK_INIT(x,y)	mtx_init(&(x)->ipf_lk, (y), NULL,\
898 						 MTX_DEF)
899 #    define	RW_DESTROY(x)		mtx_destroy(&(x)->ipf_lk)
900 #   else
901 #    define	READ_ENTER(x)		sx_slock(&(x)->ipf_lk)
902 #    define	WRITE_ENTER(x)		sx_xlock(&(x)->ipf_lk)
903 #    define	MUTEX_DOWNGRADE(x)	sx_downgrade(&(x)->ipf_lk)
904 #    define	RWLOCK_INIT(x, y)	sx_init(&(x)->ipf_lk, (y))
905 #    define	RW_DESTROY(x)		sx_destroy(&(x)->ipf_lk)
906 #    ifdef sx_unlock
907 #     define	RWLOCK_EXIT(x)		sx_unlock(x)
908 #    else
909 #     define	RWLOCK_EXIT(x)		do { \
910 					    if ((x)->ipf_lk.sx_cnt < 0) \
911 						sx_xunlock(&(x)->ipf_lk); \
912 					    else \
913 						sx_sunlock(&(x)->ipf_lk); \
914 					} while (0)
915 #    endif
916 #   endif
917 #   include <machine/atomic.h>
918 #   define	ATOMIC_INC(x)		{ mtx_lock(&ipf_rw.ipf_lk); (x)++; \
919 					  mtx_unlock(&ipf_rw.ipf_lk); }
920 #   define	ATOMIC_DEC(x)		{ mtx_lock(&ipf_rw.ipf_lk); (x)--; \
921 					  mtx_unlock(&ipf_rw.ipf_lk); }
922 #   define	ATOMIC_INCL(x)		atomic_add_long(&(x), 1)
923 #   define	ATOMIC_INC64(x)		ATOMIC_INC(x)
924 #   define	ATOMIC_INC32(x)		atomic_add_32(&(x), 1)
925 #   define	ATOMIC_INC16(x)		atomic_add_16(&(x), 1)
926 #   define	ATOMIC_DECL(x)		atomic_add_long(&(x), -1)
927 #   define	ATOMIC_DEC64(x)		ATOMIC_DEC(x)
928 #   define	ATOMIC_DEC32(x)		atomic_add_32(&(x), -1)
929 #   define	ATOMIC_DEC16(x)		atomic_add_16(&(x), -1)
930 #   define	SPL_X(x)	;
931 #   define	SPL_NET(x)	;
932 #   define	SPL_IMP(x)	;
933 extern	int	in_cksum __P((struct mbuf *, int));
934 #  endif /* __FreeBSD_version >= 500043 */
935 #  define	MSGDSIZE(x)	mbufchainlen(x)
936 #  define	M_LEN(x)	(x)->m_len
937 #  define	M_DUPLICATE(x)	m_copy((x), 0, M_COPYALL)
938 #  define	IPF_PANIC(x,y)	if (x) { printf y; panic("ipf_panic"); }
939 typedef struct mbuf mb_t;
940 # endif /* _KERNEL */
941 
942 # if __FreeBSD__ < 3
943 #  include <machine/spl.h>
944 # else
945 #  if __FreeBSD__ == 3
946 #   if defined(IPFILTER_LKM) && !defined(ACTUALLY_LKM_NOT_KERNEL)
947 #    define	ACTUALLY_LKM_NOT_KERNEL
948 #   endif
949 #  endif
950 # endif
951 
952 # if (__FreeBSD_version >= 300000)
953 typedef	u_long		ioctlcmd_t;
954 # else
955 typedef	int		ioctlcmd_t;
956 # endif
957 typedef	struct uio	uio_t;
958 typedef	int		minor_t;
959 typedef	u_int32_t	u_32_t;
960 # define	U_32_T	1
961 
962 # define OS_RECOGNISED 1
963 #endif /* __FreeBSD__ */
964 
965 
966 /* ----------------------------------------------------------------------- */
967 /*                                O P E N B S D                            */
968 /* ----------------------------------------------------------------------- */
969 #ifdef __OpenBSD__
970 # ifdef INET6
971 #  define USE_INET6
972 # endif
973 
974 # ifdef _KERNEL
975 #  if !defined(IPFILTER_LKM)
976 #   include "bpfilter.h"
977 #  endif
978 #  if (OpenBSD >= 200311)
979 #   define SNPRINTF	snprintf
980 #   if defined(USE_INET6)
981 #    include "netinet6/in6_var.h"
982 #    include "netinet6/nd6.h"
983 #   endif
984 #  endif
985 #  if (OpenBSD >= 200012)
986 #   define HAVE_M_PULLDOWN 1
987 #  endif
988 #  define	COPYIN(a,b,c)	copyin((caddr_t)(a), (caddr_t)(b), (c))
989 #  define	COPYOUT(a,b,c)	copyout((caddr_t)(a), (caddr_t)(b), (c))
990 #  define	BCOPYIN(a,b,c)	bcopy((caddr_t)(a), (caddr_t)(b), (c))
991 #  define	BCOPYOUT(a,b,c)	bcopy((caddr_t)(a), (caddr_t)(b), (c))
992 #  define	GETKTIME(x)	microtime((struct timeval *)x)
993 #  define	MSGDSIZE(x)	mbufchainlen(x)
994 #  define	M_LEN(x)	(x)->m_len
995 #  define	M_DUPLICATE(x)	m_copy((x), 0, M_COPYALL)
996 #  define	IPF_PANIC(x,y)	if (x) { printf y; panic("ipf_panic"); }
997 typedef struct mbuf mb_t;
998 # endif /* _KERNEL */
999 # if (OpenBSD >= 199603)
1000 #  define	IFNAME(x, b)	((struct ifnet *)x)->if_xname
1001 #  define	COPYIFNAME(x, b, v) \
1002 				(void) strncpy(b, \
1003 					       ((struct ifnet *)x)->if_xname, \
1004 					       LIFNAMSIZ)
1005 #  define	CACHE_HASH(x)	((((struct ifnet *)fin->fin_ifp)->if_index)&7)
1006 # else
1007 #  define	CACHE_HASH(x)	((IFNAME(fin->fin_ifp)[0] + \
1008 				  ((struct ifnet *)fin->fin_ifp)->if_unit) & 7)
1009 # endif
1010 
1011 typedef	struct uio	uio_t;
1012 typedef	u_long		ioctlcmd_t;
1013 typedef	int		minor_t;
1014 typedef	u_int32_t	u_32_t;
1015 # define	U_32_T	1
1016 
1017 # define OS_RECOGNISED 1
1018 #endif /* __OpenBSD__ */
1019 
1020 
1021 /* ----------------------------------------------------------------------- */
1022 /*                                B S D O S                                */
1023 /* ----------------------------------------------------------------------- */
1024 #ifdef _BSDI_VERSION
1025 # ifdef INET6
1026 #  define USE_INET6
1027 # endif
1028 
1029 # ifdef _KERNEL
1030 #  define	GETKTIME(x)	microtime((struct timeval *)x)
1031 #  define	MSGDSIZE(x)	mbufchainlen(x)
1032 #  define	M_LEN(x)	(x)->m_len
1033 #  define	M_DUPLICATE(x)	m_copy((x), 0, M_COPYALL)
1034 #  define	CACHE_HASH(x)	((IFNAME(fin->fin_ifp)[0] + \
1035 				  ((struct ifnet *)fin->fin_ifp)->if_unit) & 7)
1036 typedef struct mbuf mb_t;
1037 # endif /* _KERNEL */
1038 
1039 # if (_BSDI_VERSION >= 199701)
1040 typedef	u_long		ioctlcmd_t;
1041 # else
1042 typedef	int		ioctlcmd_t;
1043 # endif
1044 typedef	u_int32_t	u_32_t;
1045 # define	U_32_T	1
1046 
1047 #endif /* _BSDI_VERSION */
1048 
1049 
1050 /* ----------------------------------------------------------------------- */
1051 /*                                  S U N O S 4                            */
1052 /* ----------------------------------------------------------------------- */
1053 #if defined(sun) && !defined(OS_RECOGNISED) /* SunOS4 */
1054 # ifdef _KERNEL
1055 #  include	<sys/kmem_alloc.h>
1056 #  define	GETKTIME(x)	uniqtime((struct timeval *)x)
1057 #  define	MSGDSIZE(x)	mbufchainlen(x)
1058 #  define	M_LEN(x)	(x)->m_len
1059 #  define	M_DUPLICATE(x)	m_copy((x), 0, M_COPYALL)
1060 #  define	CACHE_HASH(x)	((IFNAME(fin->fin_ifp)[0] + \
1061 				  ((struct ifnet *)fin->fin_ifp)->if_unit) & 7)
1062 #  define	GETIFP(n, v, ifs)	ifunit(n, IFNAMSIZ)
1063 #  define	KFREE(x)	kmem_free((char *)(x), sizeof(*(x)))
1064 #  define	KFREES(x,s)	kmem_free((char *)(x), (s))
1065 #  define	SLEEP(id, n)	sleep((id), PZERO+1)
1066 #  define	WAKEUP(id,x)	wakeup(id + x)
1067 #  define	UIOMOVE(a,b,c,d)	uiomove((caddr_t)a,b,c,d)
1068 #  define	IPF_PANIC(x,y)	if (x) { printf y; panic("ipf_panic"); }
1069 
1070 extern	void	m_copydata __P((struct mbuf *, int, int, caddr_t));
1071 extern	void	m_copyback __P((struct mbuf *, int, int, caddr_t));
1072 
1073 typedef struct mbuf mb_t;
1074 # endif
1075 
1076 typedef	struct uio	uio_t;
1077 typedef	int		ioctlcmd_t;
1078 typedef	int		minor_t;
1079 typedef	unsigned int	u_32_t;
1080 # define	U_32_T	1
1081 
1082 # define OS_RECOGNISED 1
1083 
1084 #endif /* SunOS 4 */
1085 
1086 /* ----------------------------------------------------------------------- */
1087 /*                            L I N U X                                    */
1088 /* ----------------------------------------------------------------------- */
1089 #if defined(linux) && !defined(OS_RECOGNISED)
1090 #include <linux/config.h>
1091 #include <linux/version.h>
1092 # if LINUX >= 20600
1093 #  define	 HDR_T_PRIVATE	1
1094 # endif
1095 # undef USE_INET6
1096 # ifdef USE_INET6
1097 struct ip6_ext {
1098 	u_char	ip6e_nxt;
1099 	u_char	ip6e_len;
1100 };
1101 # endif
1102 
1103 # ifdef _KERNEL
1104 #  define	IPF_PANIC(x,y)	if (x) { printf y; panic("ipf_panic"); }
1105 #  define	BCOPYIN(a,b,c)	bcopy((caddr_t)(a), (caddr_t)(b), (c))
1106 #  define	BCOPYOUT(a,b,c)	bcopy((caddr_t)(a), (caddr_t)(b), (c))
1107 #  define	COPYIN(a,b,c)	copy_from_user((caddr_t)(b), (caddr_t)(a), (c))
1108 #  define	COPYOUT(a,b,c)	copy_to_user((caddr_t)(b), (caddr_t)(a), (c))
1109 #  define	FREE_MB_T(m)	kfree_skb(m)
1110 #  define	GETKTIME(x)	do_gettimeofday((struct timeval *)x)
1111 #  define	SLEEP(x,s)	0, interruptible_sleep_on(x##_linux)
1112 #  define	WAKEUP(x,y)	wake_up(x##_linux + y)
1113 #  define	UIOMOVE(a,b,c,d)	uiomove(a,b,c,d)
1114 #  define	USE_MUTEXES
1115 #  define	KRWLOCK_T		rwlock_t
1116 #  define	KMUTEX_T		spinlock_t
1117 #  define	MUTEX_INIT(x,y)		spin_lock_init(&(x)->ipf_lk)
1118 #  define	MUTEX_ENTER(x)		spin_lock(&(x)->ipf_lk)
1119 #  define	MUTEX_EXIT(x)		spin_unlock(&(x)->ipf_lk)
1120 #  define	MUTEX_DESTROY(x)	do { } while (0)
1121 #  define	MUTEX_NUKE(x)		bzero(&(x)->ipf_lk, sizeof((x)->ipf_lk))
1122 #  define	READ_ENTER(x)		ipf_read_enter(x)
1123 #  define	WRITE_ENTER(x)		ipf_write_enter(x)
1124 #  define	RWLOCK_INIT(x,y)	rwlock_init(&(x)->ipf_lk)
1125 #  define	RW_DESTROY(x)		do { } while (0)
1126 #  define	RWLOCK_EXIT(x)		ipf_rw_exit(x)
1127 #  define	MUTEX_DOWNGRADE(x)	ipf_rw_downgrade(x)
1128 #  define	ATOMIC_INCL(x)		MUTEX_ENTER(&ipf_rw); (x)++; \
1129 					MUTEX_EXIT(&ipf_rw)
1130 #  define	ATOMIC_DECL(x)		MUTEX_ENTER(&ipf_rw); (x)--; \
1131 					MUTEX_EXIT(&ipf_rw)
1132 #  define	ATOMIC_INC64(x)		MUTEX_ENTER(&ipf_rw); (x)++; \
1133 					MUTEX_EXIT(&ipf_rw)
1134 #  define	ATOMIC_INC32(x)		MUTEX_ENTER(&ipf_rw); (x)++; \
1135 					MUTEX_EXIT(&ipf_rw)
1136 #  define	ATOMIC_INC16(x)		MUTEX_ENTER(&ipf_rw); (x)++; \
1137 					MUTEX_EXIT(&ipf_rw)
1138 #  define	ATOMIC_DEC64(x)		MUTEX_ENTER(&ipf_rw); (x)--; \
1139 					MUTEX_EXIT(&ipf_rw)
1140 #  define	ATOMIC_DEC32(x)		MUTEX_ENTER(&ipf_rw); (x)--; \
1141 					MUTEX_EXIT(&ipf_rw)
1142 #  define	ATOMIC_DEC16(x)		MUTEX_ENTER(&ipf_rw); (x)--; \
1143 					MUTEX_EXIT(&ipf_rw)
1144 #  define	SPL_IMP(x)		do { } while (0)
1145 #  define	SPL_NET(x)		do { } while (0)
1146 #  define	SPL_X(x)		do { } while (0)
1147 #  define	IFNAME(x)		((struct net_device*)x)->name
1148 #  define	CACHE_HASH(x)	((IFNAME(fin->fin_ifp)[0] + \
1149 			  ((struct net_device *)fin->fin_ifp)->ifindex) & 7)
1150 typedef	struct	sk_buff	mb_t;
1151 extern	void	m_copydata __P((mb_t *, int, int, caddr_t));
1152 extern	void	m_copyback __P((mb_t *, int, int, caddr_t));
1153 extern	void	m_adj __P((mb_t *, int));
1154 extern	mb_t	*m_pullup __P((mb_t *, int));
1155 #  define	mbuf	sk_buff
1156 
1157 #  define	mtod(m, t)	((t)(m)->data)
1158 #  define	m_len		len
1159 #  define	m_next		next
1160 #  define	M_DUPLICATE(m)	skb_clone((m), in_interrupt() ? GFP_ATOMIC : \
1161 								GFP_KERNEL)
1162 #  define	MSGDSIZE(m)	(m)->len
1163 #  define	M_LEN(m)	(m)->len
1164 
1165 #  define	splnet(x)	;
1166 #  define	printf		printk
1167 #  define	bcopy(s,d,z)	memmove(d, s, z)
1168 #  define	bzero(s,z)	memset(s, 0, z)
1169 #  define	bcmp(a,b,z)	memcmp(a, b, z)
1170 
1171 #  define	ifnet		net_device
1172 #  define	if_xname	name
1173 #  define	if_unit		ifindex
1174 
1175 #  define	KMALLOC(x,t)	(x) = (t)kmalloc(sizeof(*(x)), \
1176 				    in_interrupt() ? GFP_ATOMIC : GFP_KERNEL)
1177 #  define	KFREE(x)	kfree(x)
1178 #  define	KMALLOCS(x,t,s)	(x) = (t)kmalloc((s), \
1179 				    in_interrupt() ? GFP_ATOMIC : GFP_KERNEL)
1180 #  define	KFREES(x,s)	kfree(x)
1181 
1182 #  define GETIFP(n,v)	dev_get_by_name(n)
1183 
1184 # else
1185 #  include <net/ethernet.h>
1186 
1187 struct mbuf {
1188 };
1189 
1190 #  ifndef _NET_ROUTE_H
1191 struct rtentry {
1192 };
1193 #  endif
1194 
1195 struct ifnet {
1196 	char	if_xname[IFNAMSIZ];
1197 	int	if_unit;
1198 	int	(* if_output) __P((struct ifnet *, struct mbuf *, struct sockaddr *, struct rtentry *));
1199 	struct	ifaddr	*if_addrlist;
1200 };
1201 # define	IFNAME(x)	((struct ifnet *)x)->if_xname
1202 
1203 # endif	/* _KERNEL */
1204 
1205 # define	COPYIFNAME(x, b) \
1206 				(void) strncpy(b, \
1207 					       ((struct ifnet *)x)->if_xname, \
1208 					       LIFNAMSIZ)
1209 
1210 # include <linux/fs.h>
1211 # define	FWRITE	FMODE_WRITE
1212 # define	FREAD	FMODE_READ
1213 
1214 # define	__USE_MISC	1
1215 # define	__FAVOR_BSD	1
1216 
1217 typedef	struct uio {
1218 	struct iovec	*uio_iov;
1219 	void	*uio_file;
1220 	char	*uio_buf;
1221 	int	uio_iovcnt;
1222 	int	uio_offset;
1223 	size_t	uio_resid;
1224 	int	uio_rw;
1225 } uio_t;
1226 
1227 extern	int	uiomove __P((caddr_t, size_t, int, struct uio *));
1228 
1229 # define	UIO_READ	1
1230 # define	UIO_WRITE	2
1231 
1232 typedef	u_long		ioctlcmd_t;
1233 typedef	int		minor_t;
1234 typedef u_int32_t 	u_32_t;
1235 # define	U_32_T	1
1236 
1237 # define OS_RECOGNISED 1
1238 
1239 #endif
1240 
1241 
1242 /* ----------------------------------------------------------------------- */
1243 /*                                    A I X                                */
1244 /* ----------------------------------------------------------------------- */
1245 #if defined(_AIX51)
1246 # undef		MENTAT
1247 
1248 # include <sys/lock.h>
1249 # include <sys/sysmacros.h>
1250 
1251 # ifdef _KERNEL
1252 #  define rw_read_locked(x)		0
1253 #  include <net/net_globals.h>
1254 #  include <net/net_malloc.h>
1255 #  define	KMUTEX_T		simple_lock_t
1256 #  define	KRWLOCK_T		complex_lock_t
1257 #  define	USE_MUTEXES		1
1258 #  define	USE_SPL			1
1259 #  define	READ_ENTER(x)		lock_read((x)->ipf_lk)
1260 #  define	WRITE_ENTER(x)		lock_write((x)->ipf_lk)
1261 #  define	MUTEX_DOWNGRADE(x)	lock_write_to_read((x)->ipf_lk)
1262 #  define	RWLOCK_INIT(x, y)	lock_alloc(&(x)->ipf_lk, \
1263 						   LOCK_ALLOC_PIN, \
1264 						   (u_short)y, 0); \
1265 					lock_init((x)->ipf_lk, TRUE)
1266 #  define	RWLOCK_EXIT(x)		lock_done((x)->ipf_lk)
1267 #  define	RW_DESTROY(x)		lock_free(&(x)->ipf_lk)
1268 #  define	MUTEX_ENTER(x)		simple_lock((x)->ipf_lk)
1269 #  define	MUTEX_INIT(x, y)	lock_alloc(&(x)->ipf_lk, \
1270 						   LOCK_ALLOC_PIN, \
1271 						   (u_short)y, 0); \
1272 					simple_lock_init((x)->ipf_lk)
1273 #  define	MUTEX_DESTROY(x)	lock_free(&(x)->ipf_lk)
1274 #  define	MUTEX_EXIT(x)		simple_unlock((x)->ipf_lk)
1275 #  define	MUTEX_NUKE(x)		bzero(&(x)->ipf_lk, sizeof((x)->ipf_lk))
1276 #   define	ATOMIC_INC64(x)		{ MUTEX_ENTER(&ipf_rw); (x)++; \
1277 					  MUTEX_EXIT(&ipf_rw); }
1278 #   define	ATOMIC_DEC64(x)		{ MUTEX_ENTER(&ipf_rw); (x)--; \
1279 					  MUTEX_EXIT(&ipf_rw); }
1280 #   define	ATOMIC_INC32(x)		{ MUTEX_ENTER(&ipf_rw); (x)++; \
1281 					  MUTEX_EXIT(&ipf_rw); }
1282 #   define	ATOMIC_DEC32(x)		{ MUTEX_ENTER(&ipf_rw); (x)--; \
1283 					  MUTEX_EXIT(&ipf_rw); }
1284 #   define	ATOMIC_INCL(x)		{ MUTEX_ENTER(&ipf_rw); (x)++; \
1285 					  MUTEX_EXIT(&ipf_rw); }
1286 #   define	ATOMIC_DECL(x)		{ MUTEX_ENTER(&ipf_rw); (x)--; \
1287 					  MUTEX_EXIT(&ipf_rw); }
1288 #   define	ATOMIC_INC(x)		{ MUTEX_ENTER(&ipf_rw); (x)++; \
1289 					  MUTEX_EXIT(&ipf_rw); }
1290 #   define	ATOMIC_DEC(x)		{ MUTEX_ENTER(&ipf_rw); (x)--; \
1291 					  MUTEX_EXIT(&ipf_rw); }
1292 #  define	SPL_NET(x)		x = splnet()
1293 #  define	SPL_IMP(x)		x = splimp()
1294 #  undef	SPL_X
1295 #  define	SPL_X(x)		splx(x)
1296 #  define	UIOMOVE(a,b,c,d)	uiomove((caddr_t)a,b,c,d)
1297 extern void* getifp __P((char *, int));
1298 #  define	GETIFP(n, v)		getifp(n, v)
1299 #  define	GET_MINOR		minor
1300 #  define	SLEEP(id, n)	sleepx((id), PZERO+1, 0)
1301 #  define	WAKEUP(id,x)	wakeup(id)
1302 #  define	COPYIN(a,b,c)	copyin((caddr_t)(a), (caddr_t)(b), (c))
1303 #  define	COPYOUT(a,b,c)	copyout((caddr_t)(a), (caddr_t)(b), (c))
1304 #  define	BCOPYIN(a,b,c)	bcopy((caddr_t)(a), (caddr_t)(b), (c))
1305 #  define	BCOPYOUT(a,b,c)	bcopy((caddr_t)(a), (caddr_t)(b), (c))
1306 #  define	KMALLOC(a, b)	MALLOC((a), b, sizeof(*(a)), M_TEMP, M_NOWAIT)
1307 #  define	KMALLOCS(a, b, c)	MALLOC((a), b, (c), M_TEMP, \
1308 					    ((c) > 4096) ? M_WAITOK : M_NOWAIT)
1309 #  define	KFREE(x)	FREE((x), M_TEMP)
1310 #  define	KFREES(x,s)	FREE((x), M_TEMP)
1311 #  define	MSGDSIZE(x)	mbufchainlen(x)
1312 #  define	M_LEN(x)	(x)->m_len
1313 #  define	M_DUPLICATE(x)	m_copy((x), 0, M_COPYALL)
1314 #  define	GETKTIME(x)
1315 #  define	CACHE_HASH(x)	((IFNAME(fin->fin_ifp)[0] + \
1316 				  ((struct ifnet *)fin->fin_ifp)->if_unit) & 7)
1317 #  define	IPF_PANIC(x,y)
1318 typedef struct mbuf mb_t;
1319 # endif /* _KERNEL */
1320 
1321 /*
1322  * These are from's Solaris' #defines for little endian.
1323  */
1324 #if !defined(IP6F_MORE_FRAG)
1325 # define	IP6F_MORE_FRAG		0x0100
1326 #endif
1327 #if !defined(IP6F_RESERVED_MASK)
1328 # define	IP6F_RESERVED_MASK	0x0600
1329 #endif
1330 #if !defined(IP6F_OFF_MASK)
1331 # define	IP6F_OFF_MASK		0xf8ff
1332 #endif
1333 
1334 struct ip6_ext {
1335 	u_char	ip6e_nxt;
1336 	u_char	ip6e_len;
1337 };
1338 
1339 typedef	int		ioctlcmd_t;
1340 typedef	int		minor_t;
1341 /*
1342  * Really, any arch where sizeof(long) != sizeof(int).
1343  */
1344 typedef unsigned int    u_32_t;
1345 # define	U_32_T	1
1346 
1347 # define OS_RECOGNISED 1
1348 #endif	/* _AIX51 */
1349 
1350 
1351 #ifndef	OS_RECOGNISED
1352 #error	ip_compat.h does not recognise this platform/OS.
1353 #endif
1354 
1355 
1356 /* ----------------------------------------------------------------------- */
1357 /*                           G E N E R I C                                 */
1358 /* ----------------------------------------------------------------------- */
1359 #ifndef OS_RECOGNISED
1360 #endif
1361 
1362 /*
1363  * For BSD kernels, if bpf is in the kernel, enable ipfilter to use bpf in
1364  * filter rules.
1365  */
1366 #if !defined(IPFILTER_BPF) && ((NBPF > 0) || (NBPFILTER > 0) || (DEV_BPF > 0))
1367 # define IPFILTER_BPF
1368 #endif
1369 
1370 /*
1371  * Userland locking primitives
1372  */
1373 typedef	struct	{
1374 	char	*eMm_owner;
1375 	char	*eMm_heldin;
1376 	u_int	eMm_magic;
1377 	int	eMm_held;
1378 	int	eMm_heldat;
1379 #ifdef __hpux
1380 	char	eMm_fill[8];
1381 #endif
1382 } eMmutex_t;
1383 
1384 typedef	struct	{
1385 	char	*eMrw_owner;
1386 	char	*eMrw_heldin;
1387 	u_int	eMrw_magic;
1388 	short	eMrw_read;
1389 	short	eMrw_write;
1390 	int	eMrw_heldat;
1391 #ifdef __hpux
1392 	char	eMm_fill[24];
1393 #endif
1394 } eMrwlock_t;
1395 
1396 typedef union {
1397 #ifdef KMUTEX_T
1398 	struct	{
1399 		KMUTEX_T	ipf_slk;
1400 		char		*ipf_lname;
1401 	} ipf_lkun_s;
1402 #endif
1403 	eMmutex_t	ipf_emu;
1404 } ipfmutex_t;
1405 
1406 typedef union {
1407 #ifdef KRWLOCK_T
1408 	struct	{
1409 		KRWLOCK_T	ipf_slk;
1410 		char		*ipf_lname;
1411 		int		ipf_sr;
1412 		int		ipf_sw;
1413 		u_int		ipf_magic;
1414 	} ipf_lkun_s;
1415 #endif
1416 	eMrwlock_t	ipf_emu;
1417 } ipfrwlock_t;
1418 
1419 #define	ipf_lk		ipf_lkun_s.ipf_slk
1420 #define	ipf_lname	ipf_lkun_s.ipf_lname
1421 #define	ipf_isr		ipf_lkun_s.ipf_sr
1422 #define	ipf_isw		ipf_lkun_s.ipf_sw
1423 #define	ipf_magic	ipf_lkun_s.ipf_magic
1424 
1425 #if !defined(__GNUC__) || \
1426     (defined(__FreeBSD_version) && (__FreeBSD_version >= 503000))
1427 # ifndef	INLINE
1428 #  define	INLINE
1429 # endif
1430 #else
1431 # define	INLINE	__inline__
1432 #endif
1433 
1434 #if defined(linux) && defined(_KERNEL)
1435 extern	INLINE	void	ipf_read_enter __P((ipfrwlock_t *));
1436 extern	INLINE	void	ipf_write_enter __P((ipfrwlock_t *));
1437 extern	INLINE	void	ipf_rw_exit __P((ipfrwlock_t *));
1438 extern	INLINE	void	ipf_rw_downgrade __P((ipfrwlock_t *));
1439 #endif
1440 
1441 /*
1442  * In a non-kernel environment, there are a lot of macros that need to be
1443  * filled in to be null-ops or to point to some compatibility function,
1444  * somewhere in userland.
1445  */
1446 #ifndef _KERNEL
1447 typedef	struct	mb_s	{
1448 	struct	mb_s	*mb_next;
1449 	int		mb_len;
1450 	u_long		mb_buf[2048];
1451 } mb_t;
1452 # undef		m_next
1453 # define	m_next		mb_next
1454 # define	MSGDSIZE(x)	(x)->mb_len	/* XXX - from ipt.c */
1455 # define	M_LEN(x)	(x)->mb_len
1456 # define	M_DUPLICATE(x)	(x)
1457 # define	GETKTIME(x)	gettimeofday((struct timeval *)(x), NULL)
1458 # undef		MTOD
1459 # define	MTOD(m, t)	((t)(m)->mb_buf)
1460 # define	FREE_MB_T(x)
1461 # define	SLEEP(x,y)	1;
1462 # define	WAKEUP(x,y)	;
1463 # define	IPF_PANIC(x,y)	;
1464 # define	PANIC(x,y)	;
1465 # define	SPL_NET(x)	;
1466 # define	SPL_IMP(x)	;
1467 # define	SPL_X(x)	;
1468 # define	KMALLOC(a,b)	(a) = (b)malloc(sizeof(*a))
1469 # define	KMALLOCS(a,b,c)	(a) = (b)malloc(c)
1470 # define	KFREE(x)	free(x)
1471 # define	KFREES(x,s)	free(x)
1472 # define	GETIFP(x, v, ifs)	get_unit(x,v, ifs)
1473 # define	COPYIN(a,b,c)	(bcopy((a), (b), (c)), 0)
1474 # define	COPYOUT(a,b,c)	(bcopy((a), (b), (c)), 0)
1475 # define	BCOPYIN(a,b,c)	(bcopy((a), (b), (c)), 0)
1476 # define	BCOPYOUT(a,b,c)	(bcopy((a), (b), (c)), 0)
1477 # define	COPYDATA(m, o, l, b)	bcopy(MTOD((mb_t *)m, char *) + (o), \
1478 					      (b), (l))
1479 # define	COPYBACK(m, o, l, b)	bcopy((b), \
1480 					      MTOD((mb_t *)m, char *) + (o), \
1481 					      (l))
1482 # define	UIOMOVE(a,b,c,d)	ipfuiomove(a,b,c,d)
1483 extern	void	m_copydata __P((mb_t *, int, int, caddr_t));
1484 extern	int	ipfuiomove __P((caddr_t, int, int, struct uio *));
1485 # ifndef CACHE_HASH
1486 #  define	CACHE_HASH(x)	((IFNAME(fin->fin_ifp)[0] + \
1487 				  ((struct ifnet *)fin->fin_ifp)->if_unit) & 7)
1488 # endif
1489 
1490 # define	MUTEX_DESTROY(x)	eMmutex_destroy(&(x)->ipf_emu)
1491 # define	MUTEX_ENTER(x)		eMmutex_enter(&(x)->ipf_emu, \
1492 						      __FILE__, __LINE__)
1493 # define	MUTEX_EXIT(x)		eMmutex_exit(&(x)->ipf_emu)
1494 # define	MUTEX_INIT(x,y)		eMmutex_init(&(x)->ipf_emu, y)
1495 # define	MUTEX_NUKE(x)		bzero((x), sizeof(*(x)))
1496 
1497 # define	MUTEX_DOWNGRADE(x)	eMrwlock_downgrade(&(x)->ipf_emu, \
1498 							   __FILE__, __LINE__)
1499 # define	READ_ENTER(x)		eMrwlock_read_enter(&(x)->ipf_emu, \
1500 							    __FILE__, __LINE__)
1501 # define	RWLOCK_INIT(x, y)	eMrwlock_init(&(x)->ipf_emu, y)
1502 # define	RWLOCK_EXIT(x)		eMrwlock_exit(&(x)->ipf_emu)
1503 # define	RW_DESTROY(x)		eMrwlock_destroy(&(x)->ipf_emu)
1504 # define	WRITE_ENTER(x)		eMrwlock_write_enter(&(x)->ipf_emu, \
1505 							     __FILE__, \
1506 							     __LINE__)
1507 
1508 # define	USE_MUTEXES		1
1509 
1510 extern void eMmutex_destroy __P((eMmutex_t *));
1511 extern void eMmutex_enter __P((eMmutex_t *, char *, int));
1512 extern void eMmutex_exit __P((eMmutex_t *));
1513 extern void eMmutex_init __P((eMmutex_t *, char *));
1514 extern void eMrwlock_destroy __P((eMrwlock_t *));
1515 extern void eMrwlock_exit __P((eMrwlock_t *));
1516 extern void eMrwlock_init __P((eMrwlock_t *, char *));
1517 extern void eMrwlock_read_enter __P((eMrwlock_t *, char *, int));
1518 extern void eMrwlock_write_enter __P((eMrwlock_t *, char *, int));
1519 extern void eMrwlock_downgrade __P((eMrwlock_t *, char *, int));
1520 
1521 #undef NET_IS_HCK_L3_FULL
1522 #define	NET_IS_HCK_L3_FULL(n, x) (0)
1523 #undef NET_IS_HCK_L3_PART
1524 #define	NET_IS_HCK_L3_PART(n, x) (0)
1525 #undef NET_IS_HCK_L4_FULL
1526 #define	NET_IS_HCK_L4_FULL(n, x) (0)
1527 #undef NET_IS_HCK_L4_PART
1528 #define	NET_IS_HCK_L4_PART(n, x) (0)
1529 
1530 #endif
1531 
1532 #define	MAX_IPV4HDR	((0xf << 2) + sizeof(struct icmp) + sizeof(ip_t) + 8)
1533 
1534 #ifndef	IP_OFFMASK
1535 # define	IP_OFFMASK	0x1fff
1536 #endif
1537 
1538 
1539 /*
1540  * On BSD's use quad_t as a guarantee for getting at least a 64bit sized
1541  * object.
1542  */
1543 #if	BSD > 199306
1544 # define	USE_QUAD_T
1545 # define	U_QUAD_T	u_quad_t
1546 # define	QUAD_T		quad_t
1547 #else /* BSD > 199306 */
1548 # define	U_QUAD_T	u_long
1549 # define	QUAD_T		long
1550 #endif /* BSD > 199306 */
1551 
1552 
1553 #ifdef	USE_INET6
1554 # if defined(__NetBSD__) || defined(__OpenBSD__) || defined(__FreeBSD__) || \
1555      defined(__osf__) || defined(linux)
1556 #  include <netinet/ip6.h>
1557 #  include <netinet/icmp6.h>
1558 #  if !defined(linux)
1559 #   if defined(_KERNEL) && !defined(__osf__)
1560 #    include <netinet6/ip6_var.h>
1561 #   endif
1562 #  endif
1563 typedef	struct ip6_hdr	ip6_t;
1564 # endif
1565 #endif
1566 
1567 #ifndef	MAX
1568 # define	MAX(a,b)	(((a) > (b)) ? (a) : (b))
1569 #endif
1570 
1571 #if defined(_KERNEL)
1572 # ifdef MENTAT
1573 #  define	COPYDATA	mb_copydata
1574 #  define	COPYBACK	mb_copyback
1575 # else
1576 #  define	COPYDATA	m_copydata
1577 #  define	COPYBACK	m_copyback
1578 # endif
1579 # if (BSD >= 199306) || defined(__FreeBSD__)
1580 #  if (defined(__NetBSD_Version__) && (__NetBSD_Version__ < 105180000)) || \
1581        defined(__FreeBSD__) || (defined(OpenBSD) && (OpenBSD < 200206)) || \
1582        defined(_BSDI_VERSION)
1583 #   include <vm/vm.h>
1584 #  endif
1585 #  if !defined(__FreeBSD__) || (defined (__FreeBSD_version) && \
1586       (__FreeBSD_version >= 300000))
1587 #   if (defined(__NetBSD_Version__) && (__NetBSD_Version__ >= 105180000)) || \
1588        (defined(OpenBSD) && (OpenBSD >= 200111))
1589 #    include <uvm/uvm_extern.h>
1590 #   else
1591 #    include <vm/vm_extern.h>
1592 extern  vm_map_t        kmem_map;
1593 #   endif
1594 #   include <sys/proc.h>
1595 #  else /* !__FreeBSD__ || (__FreeBSD__ && __FreeBSD_version >= 300000) */
1596 #   include <vm/vm_kern.h>
1597 #  endif /* !__FreeBSD__ || (__FreeBSD__ && __FreeBSD_version >= 300000) */
1598 
1599 #  ifdef IPFILTER_M_IPFILTER
1600 #    include <sys/malloc.h>
1601 MALLOC_DECLARE(M_IPFILTER);
1602 #    define	_M_IPF		M_IPFILTER
1603 #  else /* IPFILTER_M_IPFILTER */
1604 #   ifdef M_PFIL
1605 #    define	_M_IPF		M_PFIL
1606 #   else
1607 #    ifdef M_IPFILTER
1608 #     define	_M_IPF		M_IPFILTER
1609 #    else
1610 #     define	_M_IPF		M_TEMP
1611 #    endif /* M_IPFILTER */
1612 #   endif /* M_PFIL */
1613 #  endif /* IPFILTER_M_IPFILTER */
1614 #  define	KMALLOC(a, b)	MALLOC((a), b, sizeof(*(a)), _M_IPF, M_NOWAIT)
1615 #  define	KMALLOCS(a, b, c)	MALLOC((a), b, (c), _M_IPF, M_NOWAIT)
1616 #  define	KFREE(x)	FREE((x), _M_IPF)
1617 #  define	KFREES(x,s)	FREE((x), _M_IPF)
1618 #  define	UIOMOVE(a,b,c,d)	uiomove(a,b,d)
1619 #  define	SLEEP(id, n)	tsleep((id), PPAUSE|PCATCH, n, 0)
1620 #  define	WAKEUP(id,x)	wakeup(id+x)
1621 #  define	GETIFP(n, v, ifs)	ifunit(n)
1622 # endif /* (Free)BSD */
1623 
1624 # if !defined(USE_MUTEXES) && !defined(SPL_NET)
1625 #  if (defined(NetBSD) && (NetBSD <= 1991011) && (NetBSD >= 199407)) || \
1626       (defined(OpenBSD) && (OpenBSD >= 200006))
1627 #   define	SPL_NET(x)	x = splsoftnet()
1628 #  else
1629 #   define	SPL_IMP(x)	x = splimp()
1630 #   define	SPL_NET(x)	x = splnet()
1631 #  endif /* NetBSD && (NetBSD <= 1991011) && (NetBSD >= 199407) */
1632 #  define	SPL_X(x)	(void) splx(x)
1633 # endif /* !USE_MUTEXES */
1634 
1635 # ifndef FREE_MB_T
1636 #  define	FREE_MB_T(m)	m_freem(m)
1637 # endif
1638 
1639 # ifndef MTOD
1640 #  define	MTOD(m,t)	mtod(m,t)
1641 # endif
1642 
1643 # ifndef COPYIN
1644 #  define	COPYIN(a,b,c)	(bcopy((caddr_t)(a), (caddr_t)(b), (c)), 0)
1645 #  define	COPYOUT(a,b,c)	(bcopy((caddr_t)(a), (caddr_t)(b), (c)), 0)
1646 #  define	BCOPYIN(a,b,c)	(bcopy((caddr_t)(a), (caddr_t)(b), (c)), 0)
1647 #  define	BCOPYOUT(a,b,c)	(bcopy((caddr_t)(a), (caddr_t)(b), (c)), 0)
1648 # endif
1649 
1650 # ifndef KMALLOC
1651 #  define	KMALLOC(a,b)	(a) = (b)new_kmem_alloc(sizeof(*(a)), \
1652 							KMEM_NOSLEEP)
1653 #  define	KMALLOCS(a,b,c)	(a) = (b)new_kmem_alloc((c), KMEM_NOSLEEP)
1654 # endif
1655 
1656 # ifndef	GET_MINOR
1657 #  define	GET_MINOR(x)	minor(x)
1658 # endif
1659 # define	PANIC(x,y)	if (x) panic y
1660 #endif /* _KERNEL */
1661 
1662 #ifndef	IFNAME
1663 # define	IFNAME(x)	((struct ifnet *)x)->if_name
1664 #endif
1665 #ifndef	COPYIFNAME
1666 # define	NEED_FRGETIFNAME
1667 extern	char	*fr_getifname __P((struct ifnet *, char *));
1668 # define	COPYIFNAME(x, b, v) \
1669 				fr_getifname((struct ifnet *)x, b)
1670 #endif
1671 
1672 #ifndef ASSERT
1673 # define	ASSERT(x)
1674 #endif
1675 
1676 /*
1677  * Because the ctype(3) posix definition, if used "safely" in code everywhere,
1678  * would mean all normal code that walks through strings needed casts.  Yuck.
1679  */
1680 #define	ISALNUM(x)	isalnum((u_char)(x))
1681 #define	ISALPHA(x)	isalpha((u_char)(x))
1682 #define	ISASCII(x)	isascii((u_char)(x))
1683 #define	ISDIGIT(x)	isdigit((u_char)(x))
1684 #define	ISPRINT(x)	isprint((u_char)(x))
1685 #define	ISSPACE(x)	isspace((u_char)(x))
1686 #define	ISUPPER(x)	isupper((u_char)(x))
1687 #define	ISXDIGIT(x)	isxdigit((u_char)(x))
1688 #define	ISLOWER(x)	islower((u_char)(x))
1689 #define	TOUPPER(x)	toupper((u_char)(x))
1690 #define	TOLOWER(x)	tolower((u_char)(x))
1691 
1692 /*
1693  * If mutexes aren't being used, turn all the mutex functions into null-ops.
1694  */
1695 #if !defined(USE_MUTEXES)
1696 # define	USE_SPL			1
1697 # undef		RW_DESTROY
1698 # undef		MUTEX_INIT
1699 # undef		MUTEX_NUKE
1700 # undef		MUTEX_DESTROY
1701 # define	MUTEX_ENTER(x)		;
1702 # define	READ_ENTER(x)		;
1703 # define	WRITE_ENTER(x)		;
1704 # define	MUTEX_DOWNGRADE(x)	;
1705 # define	RWLOCK_INIT(x, y)	;
1706 # define	RWLOCK_EXIT(x)		;
1707 # define	RW_DESTROY(x)		;
1708 # define	MUTEX_EXIT(x)		;
1709 # define	MUTEX_INIT(x,y)		;
1710 # define	MUTEX_DESTROY(x)	;
1711 # define	MUTEX_NUKE(x)		;
1712 #endif /* !USE_MUTEXES */
1713 #ifndef	ATOMIC_INC
1714 # define	ATOMIC_INC(x)		(x)++
1715 # define	ATOMIC_DEC(x)		(x)--
1716 #endif
1717 
1718 #if defined(USE_SPL) && defined(_KERNEL)
1719 # define	SPL_INT(x)	int x
1720 #else
1721 # define	SPL_INT(x)
1722 #endif
1723 
1724 /*
1725  * If there are no atomic operations for bit sizes defined, define them to all
1726  * use a generic one that works for all sizes.
1727  */
1728 #ifndef	ATOMIC_INCL
1729 # define	ATOMIC_INCL		ATOMIC_INC
1730 # define	ATOMIC_INC64		ATOMIC_INC
1731 # define	ATOMIC_INC32		ATOMIC_INC
1732 # define	ATOMIC_INC16		ATOMIC_INC
1733 # define	ATOMIC_DECL		ATOMIC_DEC
1734 # define	ATOMIC_DEC64		ATOMIC_DEC
1735 # define	ATOMIC_DEC32		ATOMIC_DEC
1736 # define	ATOMIC_DEC16		ATOMIC_DEC
1737 #endif
1738 
1739 #ifndef HDR_T_PRIVATE
1740 typedef	struct	tcphdr	tcphdr_t;
1741 typedef	struct	udphdr	udphdr_t;
1742 #endif
1743 typedef	struct	icmp	icmphdr_t;
1744 typedef	struct	ip	ip_t;
1745 typedef	struct	ether_header	ether_header_t;
1746 typedef	struct	tcpiphdr	tcpiphdr_t;
1747 
1748 #ifndef	FR_GROUPLEN
1749 # define	FR_GROUPLEN	16
1750 #endif
1751 
1752 #ifdef offsetof
1753 # undef	offsetof
1754 #endif
1755 #ifndef offsetof
1756 # define offsetof(t,m) (int)((&((t *)0L)->m))
1757 #endif
1758 
1759 /*
1760  * This set of macros has been brought about because on Tru64 it is not
1761  * possible to easily assign or examine values in a structure that are
1762  * bit fields.
1763  */
1764 #ifndef IP_V
1765 # define	IP_V(x)		(x)->ip_v
1766 #endif
1767 #ifndef	IP_V_A
1768 # define	IP_V_A(x,y)	(x)->ip_v = (y)
1769 #endif
1770 #ifndef	IP_HL
1771 # define	IP_HL(x)	(x)->ip_hl
1772 #endif
1773 #ifndef	IP_HL_A
1774 # define	IP_HL_A(x,y)	(x)->ip_hl = (y)
1775 #endif
1776 #ifndef	TCP_X2
1777 # define	TCP_X2(x)	(x)->th_x2
1778 #endif
1779 #ifndef	TCP_X2_A
1780 # define	TCP_X2_A(x,y)	(x)->th_x2 = (y)
1781 #endif
1782 #ifndef	TCP_OFF
1783 # define	TCP_OFF(x)	(x)->th_off
1784 #endif
1785 #ifndef	TCP_OFF_A
1786 # define	TCP_OFF_A(x,y)	(x)->th_off = (y)
1787 #endif
1788 #define	IPMINLEN(i, h)	((i)->ip_len >= (IP_HL(i) * 4 + sizeof(struct h)))
1789 
1790 
1791 /*
1792  * XXX - This is one of those *awful* hacks which nobody likes
1793  */
1794 #ifdef	ultrix
1795 #define	A_A
1796 #else
1797 #define	A_A	&
1798 #endif
1799 
1800 #define	TCPF_ALL	(TH_FIN|TH_SYN|TH_RST|TH_PUSH|TH_ACK|TH_URG|\
1801 			 TH_ECN|TH_CWR)
1802 
1803 #if (BSD >= 199306) && !defined(m_act)
1804 # define	m_act	m_nextpkt
1805 #endif
1806 
1807 /*
1808  * Security Options for Intenet Protocol (IPSO) as defined in RFC 1108.
1809  *
1810  * Basic Option
1811  *
1812  * 00000001   -   (Reserved 4)
1813  * 00111101   -   Top Secret
1814  * 01011010   -   Secret
1815  * 10010110   -   Confidential
1816  * 01100110   -   (Reserved 3)
1817  * 11001100   -   (Reserved 2)
1818  * 10101011   -   Unclassified
1819  * 11110001   -   (Reserved 1)
1820  */
1821 #define	IPSO_CLASS_RES4		0x01
1822 #define	IPSO_CLASS_TOPS		0x3d
1823 #define	IPSO_CLASS_SECR		0x5a
1824 #define	IPSO_CLASS_CONF		0x96
1825 #define	IPSO_CLASS_RES3		0x66
1826 #define	IPSO_CLASS_RES2		0xcc
1827 #define	IPSO_CLASS_UNCL		0xab
1828 #define	IPSO_CLASS_RES1		0xf1
1829 
1830 #define	IPSO_AUTH_GENSER	0x80
1831 #define	IPSO_AUTH_ESI		0x40
1832 #define	IPSO_AUTH_SCI		0x20
1833 #define	IPSO_AUTH_NSA		0x10
1834 #define	IPSO_AUTH_DOE		0x08
1835 #define	IPSO_AUTH_UN		0x06
1836 #define	IPSO_AUTH_FTE		0x01
1837 
1838 /*
1839  * IP option #defines
1840  */
1841 #undef	IPOPT_RR
1842 #define	IPOPT_RR	7
1843 #undef	IPOPT_ZSU
1844 #define	IPOPT_ZSU	10	/* ZSU */
1845 #undef	IPOPT_MTUP
1846 #define	IPOPT_MTUP	11	/* MTUP */
1847 #undef	IPOPT_MTUR
1848 #define	IPOPT_MTUR	12	/* MTUR */
1849 #undef	IPOPT_ENCODE
1850 #define	IPOPT_ENCODE	15	/* ENCODE */
1851 #undef	IPOPT_TS
1852 #define	IPOPT_TS	68
1853 #undef	IPOPT_TR
1854 #define	IPOPT_TR	82	/* TR */
1855 #undef	IPOPT_SECURITY
1856 #define	IPOPT_SECURITY	130
1857 #undef	IPOPT_LSRR
1858 #define	IPOPT_LSRR	131
1859 #undef	IPOPT_E_SEC
1860 #define	IPOPT_E_SEC	133	/* E-SEC */
1861 #undef	IPOPT_CIPSO
1862 #define	IPOPT_CIPSO	134	/* CIPSO */
1863 #undef	IPOPT_SATID
1864 #define	IPOPT_SATID	136
1865 #ifndef	IPOPT_SID
1866 # define	IPOPT_SID	IPOPT_SATID
1867 #endif
1868 #undef	IPOPT_SSRR
1869 #define	IPOPT_SSRR	137
1870 #undef	IPOPT_ADDEXT
1871 #define	IPOPT_ADDEXT	147	/* ADDEXT */
1872 #undef	IPOPT_VISA
1873 #define	IPOPT_VISA	142	/* VISA */
1874 #undef	IPOPT_IMITD
1875 #define	IPOPT_IMITD	144	/* IMITD */
1876 #undef	IPOPT_EIP
1877 #define	IPOPT_EIP	145	/* EIP */
1878 #undef	IPOPT_RTRALRT
1879 #define	IPOPT_RTRALRT	148	/* RTRALRT */
1880 #undef	IPOPT_SDB
1881 #define	IPOPT_SDB	149
1882 #undef	IPOPT_NSAPA
1883 #define	IPOPT_NSAPA	150
1884 #undef	IPOPT_DPS
1885 #define	IPOPT_DPS	151
1886 #undef	IPOPT_UMP
1887 #define	IPOPT_UMP	152
1888 #undef	IPOPT_FINN
1889 #define	IPOPT_FINN	205	/* FINN */
1890 
1891 #ifndef TCPOPT_EOL
1892 # define TCPOPT_EOL		0
1893 #endif
1894 #ifndef TCPOPT_NOP
1895 # define TCPOPT_NOP		1
1896 #endif
1897 #ifndef TCPOPT_MAXSEG
1898 # define TCPOPT_MAXSEG		2
1899 #endif
1900 #ifndef TCPOLEN_MAXSEG
1901 # define TCPOLEN_MAXSEG		4
1902 #endif
1903 #ifndef TCPOPT_WINDOW
1904 # define TCPOPT_WINDOW		3
1905 #endif
1906 #ifndef TCPOLEN_WINDOW
1907 # define TCPOLEN_WINDOW		3
1908 #endif
1909 #ifndef TCPOPT_SACK_PERMITTED
1910 # define TCPOPT_SACK_PERMITTED	4
1911 #endif
1912 #ifndef TCPOLEN_SACK_PERMITTED
1913 # define TCPOLEN_SACK_PERMITTED	2
1914 #endif
1915 #ifndef TCPOPT_SACK
1916 # define TCPOPT_SACK		5
1917 #endif
1918 #ifndef TCPOPT_TIMESTAMP
1919 # define TCPOPT_TIMESTAMP	8
1920 #endif
1921 
1922 #ifndef	ICMP_MINLEN
1923 # define	ICMP_MINLEN	8
1924 #endif
1925 #ifndef	ICMP_ECHOREPLY
1926 # define	ICMP_ECHOREPLY	0
1927 #endif
1928 #ifndef	ICMP_UNREACH
1929 # define	ICMP_UNREACH	3
1930 #endif
1931 #ifndef	ICMP_UNREACH_NET
1932 # define	ICMP_UNREACH_NET	0
1933 #endif
1934 #ifndef	ICMP_UNREACH_HOST
1935 # define	ICMP_UNREACH_HOST	1
1936 #endif
1937 #ifndef	ICMP_UNREACH_PROTOCOL
1938 # define	ICMP_UNREACH_PROTOCOL	2
1939 #endif
1940 #ifndef	ICMP_UNREACH_PORT
1941 # define	ICMP_UNREACH_PORT	3
1942 #endif
1943 #ifndef	ICMP_UNREACH_NEEDFRAG
1944 # define	ICMP_UNREACH_NEEDFRAG	4
1945 #endif
1946 #ifndef	ICMP_UNREACH_SRCFAIL
1947 # define	ICMP_UNREACH_SRCFAIL	5
1948 #endif
1949 #ifndef	ICMP_UNREACH_NET_UNKNOWN
1950 # define	ICMP_UNREACH_NET_UNKNOWN	6
1951 #endif
1952 #ifndef	ICMP_UNREACH_HOST_UNKNOWN
1953 # define	ICMP_UNREACH_HOST_UNKNOWN	7
1954 #endif
1955 #ifndef	ICMP_UNREACH_ISOLATED
1956 # define	ICMP_UNREACH_ISOLATED	8
1957 #endif
1958 #ifndef	ICMP_UNREACH_NET_PROHIB
1959 # define	ICMP_UNREACH_NET_PROHIB	9
1960 #endif
1961 #ifndef	ICMP_UNREACH_HOST_PROHIB
1962 # define	ICMP_UNREACH_HOST_PROHIB	10
1963 #endif
1964 #ifndef	ICMP_UNREACH_TOSNET
1965 # define	ICMP_UNREACH_TOSNET	11
1966 #endif
1967 #ifndef	ICMP_UNREACH_TOSHOST
1968 # define	ICMP_UNREACH_TOSHOST	12
1969 #endif
1970 #ifndef	ICMP_UNREACH_ADMIN_PROHIBIT
1971 # define	ICMP_UNREACH_ADMIN_PROHIBIT	13
1972 #endif
1973 #ifndef	ICMP_UNREACH_FILTER
1974 # define	ICMP_UNREACH_FILTER	13
1975 #endif
1976 #ifndef	ICMP_UNREACH_HOST_PRECEDENCE
1977 # define	ICMP_UNREACH_HOST_PRECEDENCE	14
1978 #endif
1979 #ifndef	ICMP_UNREACH_PRECEDENCE_CUTOFF
1980 # define	ICMP_UNREACH_PRECEDENCE_CUTOFF	15
1981 #endif
1982 #ifndef	ICMP_SOURCEQUENCH
1983 # define	ICMP_SOURCEQUENCH	4
1984 #endif
1985 #ifndef	ICMP_REDIRECT_NET
1986 # define	ICMP_REDIRECT_NET	0
1987 #endif
1988 #ifndef	ICMP_REDIRECT_HOST
1989 # define	ICMP_REDIRECT_HOST	1
1990 #endif
1991 #ifndef	ICMP_REDIRECT_TOSNET
1992 # define	ICMP_REDIRECT_TOSNET	2
1993 #endif
1994 #ifndef	ICMP_REDIRECT_TOSHOST
1995 # define	ICMP_REDIRECT_TOSHOST	3
1996 #endif
1997 #ifndef	ICMP_ALTHOSTADDR
1998 # define	ICMP_ALTHOSTADDR	6
1999 #endif
2000 #ifndef	ICMP_TIMXCEED
2001 # define	ICMP_TIMXCEED	11
2002 #endif
2003 #ifndef	ICMP_TIMXCEED_INTRANS
2004 # define	ICMP_TIMXCEED_INTRANS	0
2005 #endif
2006 #ifndef	ICMP_TIMXCEED_REASS
2007 # define		ICMP_TIMXCEED_REASS	1
2008 #endif
2009 #ifndef	ICMP_PARAMPROB
2010 # define	ICMP_PARAMPROB	12
2011 #endif
2012 #ifndef	ICMP_PARAMPROB_ERRATPTR
2013 # define	ICMP_PARAMPROB_ERRATPTR	0
2014 #endif
2015 #ifndef	ICMP_PARAMPROB_OPTABSENT
2016 # define	ICMP_PARAMPROB_OPTABSENT	1
2017 #endif
2018 #ifndef	ICMP_PARAMPROB_LENGTH
2019 # define	ICMP_PARAMPROB_LENGTH	2
2020 #endif
2021 #ifndef ICMP_TSTAMP
2022 # define	ICMP_TSTAMP	13
2023 #endif
2024 #ifndef ICMP_TSTAMPREPLY
2025 # define	ICMP_TSTAMPREPLY	14
2026 #endif
2027 #ifndef ICMP_IREQ
2028 # define	ICMP_IREQ	15
2029 #endif
2030 #ifndef ICMP_IREQREPLY
2031 # define	ICMP_IREQREPLY	16
2032 #endif
2033 #ifndef	ICMP_MASKREQ
2034 # define	ICMP_MASKREQ	17
2035 #endif
2036 #ifndef ICMP_MASKREPLY
2037 # define	ICMP_MASKREPLY	18
2038 #endif
2039 #ifndef	ICMP_TRACEROUTE
2040 # define	ICMP_TRACEROUTE	30
2041 #endif
2042 #ifndef	ICMP_DATACONVERR
2043 # define	ICMP_DATACONVERR	31
2044 #endif
2045 #ifndef	ICMP_MOBILE_REDIRECT
2046 # define	ICMP_MOBILE_REDIRECT	32
2047 #endif
2048 #ifndef	ICMP_IPV6_WHEREAREYOU
2049 # define	ICMP_IPV6_WHEREAREYOU	33
2050 #endif
2051 #ifndef	ICMP_IPV6_IAMHERE
2052 # define	ICMP_IPV6_IAMHERE	34
2053 #endif
2054 #ifndef	ICMP_MOBILE_REGREQUEST
2055 # define	ICMP_MOBILE_REGREQUEST	35
2056 #endif
2057 #ifndef	ICMP_MOBILE_REGREPLY
2058 # define	ICMP_MOBILE_REGREPLY	36
2059 #endif
2060 #ifndef	ICMP_SKIP
2061 # define	ICMP_SKIP	39
2062 #endif
2063 #ifndef	ICMP_PHOTURIS
2064 # define	ICMP_PHOTURIS	40
2065 #endif
2066 #ifndef	ICMP_PHOTURIS_UNKNOWN_INDEX
2067 # define	ICMP_PHOTURIS_UNKNOWN_INDEX	1
2068 #endif
2069 #ifndef	ICMP_PHOTURIS_AUTH_FAILED
2070 # define	ICMP_PHOTURIS_AUTH_FAILED	2
2071 #endif
2072 #ifndef	ICMP_PHOTURIS_DECRYPT_FAILED
2073 # define	ICMP_PHOTURIS_DECRYPT_FAILED	3
2074 #endif
2075 #ifndef	IPVERSION
2076 # define	IPVERSION	4
2077 #endif
2078 #ifndef	IPOPT_MINOFF
2079 # define	IPOPT_MINOFF	4
2080 #endif
2081 #ifndef	IPOPT_COPIED
2082 # define	IPOPT_COPIED(x)	((x)&0x80)
2083 #endif
2084 #ifndef	IPOPT_EOL
2085 # define	IPOPT_EOL	0
2086 #endif
2087 #ifndef	IPOPT_NOP
2088 # define	IPOPT_NOP	1
2089 #endif
2090 #ifndef	IP_MF
2091 # define	IP_MF	((u_short)0x2000)
2092 #endif
2093 #ifndef	ETHERTYPE_IP
2094 # define	ETHERTYPE_IP	((u_short)0x0800)
2095 #endif
2096 #ifndef	TH_FIN
2097 # define	TH_FIN	0x01
2098 #endif
2099 #ifndef	TH_SYN
2100 # define	TH_SYN	0x02
2101 #endif
2102 #ifndef	TH_RST
2103 # define	TH_RST	0x04
2104 #endif
2105 #ifndef	TH_PUSH
2106 # define	TH_PUSH	0x08
2107 #endif
2108 #ifndef	TH_ACK
2109 # define	TH_ACK	0x10
2110 #endif
2111 #ifndef	TH_URG
2112 # define	TH_URG	0x20
2113 #endif
2114 #undef	TH_ACKMASK
2115 #define	TH_ACKMASK	(TH_FIN|TH_SYN|TH_RST|TH_ACK)
2116 
2117 #ifndef	IPOPT_EOL
2118 # define	IPOPT_EOL	0
2119 #endif
2120 #ifndef	IPOPT_NOP
2121 # define	IPOPT_NOP	1
2122 #endif
2123 #ifndef	IPOPT_RR
2124 # define	IPOPT_RR	7
2125 #endif
2126 #ifndef	IPOPT_TS
2127 # define	IPOPT_TS	68
2128 #endif
2129 #ifndef	IPOPT_SECURITY
2130 # define	IPOPT_SECURITY	130
2131 #endif
2132 #ifndef	IPOPT_LSRR
2133 # define	IPOPT_LSRR	131
2134 #endif
2135 #ifndef	IPOPT_SATID
2136 # define	IPOPT_SATID	136
2137 #endif
2138 #ifndef	IPOPT_SSRR
2139 # define	IPOPT_SSRR	137
2140 #endif
2141 #ifndef	IPOPT_SECUR_UNCLASS
2142 # define	IPOPT_SECUR_UNCLASS	((u_short)0x0000)
2143 #endif
2144 #ifndef	IPOPT_SECUR_CONFID
2145 # define	IPOPT_SECUR_CONFID	((u_short)0xf135)
2146 #endif
2147 #ifndef	IPOPT_SECUR_EFTO
2148 # define	IPOPT_SECUR_EFTO	((u_short)0x789a)
2149 #endif
2150 #ifndef	IPOPT_SECUR_MMMM
2151 # define	IPOPT_SECUR_MMMM	((u_short)0xbc4d)
2152 #endif
2153 #ifndef	IPOPT_SECUR_RESTR
2154 # define	IPOPT_SECUR_RESTR	((u_short)0xaf13)
2155 #endif
2156 #ifndef	IPOPT_SECUR_SECRET
2157 # define	IPOPT_SECUR_SECRET	((u_short)0xd788)
2158 #endif
2159 #ifndef IPOPT_SECUR_TOPSECRET
2160 # define	IPOPT_SECUR_TOPSECRET	((u_short)0x6bc5)
2161 #endif
2162 #ifndef IPOPT_OLEN
2163 # define	IPOPT_OLEN	1
2164 #endif
2165 #ifndef	IPPROTO_HOPOPTS
2166 # define	IPPROTO_HOPOPTS	0
2167 #endif
2168 #ifndef	IPPROTO_ENCAP
2169 # define	IPPROTO_ENCAP	4
2170 #endif
2171 #ifndef	IPPROTO_IPV6
2172 # define	IPPROTO_IPV6	41
2173 #endif
2174 #ifndef	IPPROTO_ROUTING
2175 # define	IPPROTO_ROUTING	43
2176 #endif
2177 #ifndef	IPPROTO_FRAGMENT
2178 # define	IPPROTO_FRAGMENT	44
2179 #endif
2180 #ifndef	IPPROTO_GRE
2181 # define	IPPROTO_GRE	47	/* GRE encaps RFC 1701 */
2182 #endif
2183 #ifndef	IPPROTO_ESP
2184 # define	IPPROTO_ESP	50
2185 #endif
2186 #ifndef	IPPROTO_AH
2187 # define	IPPROTO_AH	51
2188 #endif
2189 #ifndef	IPPROTO_ICMPV6
2190 # define	IPPROTO_ICMPV6	58
2191 #endif
2192 #ifndef	IPPROTO_NONE
2193 # define	IPPROTO_NONE	59
2194 #endif
2195 #ifndef	IPPROTO_DSTOPTS
2196 # define	IPPROTO_DSTOPTS	60
2197 #endif
2198 #ifndef	IPPROTO_FRAGMENT
2199 # define	IPPROTO_FRAGMENT	44
2200 #endif
2201 #ifndef	ICMP_ROUTERADVERT
2202 # define	ICMP_ROUTERADVERT	9
2203 #endif
2204 #ifndef	ICMP_ROUTERSOLICIT
2205 # define	ICMP_ROUTERSOLICIT	10
2206 #endif
2207 #ifndef	ICMP6_DST_UNREACH
2208 # define	ICMP6_DST_UNREACH	1
2209 #endif
2210 #ifndef	ICMP6_PACKET_TOO_BIG
2211 # define	ICMP6_PACKET_TOO_BIG	2
2212 #endif
2213 #ifndef	ICMP6_TIME_EXCEEDED
2214 # define	ICMP6_TIME_EXCEEDED	3
2215 #endif
2216 #ifndef	ICMP6_PARAM_PROB
2217 # define	ICMP6_PARAM_PROB	4
2218 #endif
2219 
2220 #ifndef	ICMP6_ECHO_REQUEST
2221 # define	ICMP6_ECHO_REQUEST	128
2222 #endif
2223 #ifndef	ICMP6_ECHO_REPLY
2224 # define	ICMP6_ECHO_REPLY	129
2225 #endif
2226 #ifndef	ICMP6_MEMBERSHIP_QUERY
2227 # define	ICMP6_MEMBERSHIP_QUERY	130
2228 #endif
2229 #ifndef	MLD6_LISTENER_QUERY
2230 # define	MLD6_LISTENER_QUERY	130
2231 #endif
2232 #ifndef	ICMP6_MEMBERSHIP_REPORT
2233 # define	ICMP6_MEMBERSHIP_REPORT	131
2234 #endif
2235 #ifndef	MLD6_LISTENER_REPORT
2236 # define	MLD6_LISTENER_REPORT	131
2237 #endif
2238 #ifndef	ICMP6_MEMBERSHIP_REDUCTION
2239 # define	ICMP6_MEMBERSHIP_REDUCTION	132
2240 #endif
2241 #ifndef	MLD6_LISTENER_DONE
2242 # define	MLD6_LISTENER_DONE	132
2243 #endif
2244 #ifndef	ND_ROUTER_SOLICIT
2245 # define	ND_ROUTER_SOLICIT	133
2246 #endif
2247 #ifndef	ND_ROUTER_ADVERT
2248 # define	ND_ROUTER_ADVERT	134
2249 #endif
2250 #ifndef	ND_NEIGHBOR_SOLICIT
2251 # define	ND_NEIGHBOR_SOLICIT	135
2252 #endif
2253 #ifndef	ND_NEIGHBOR_ADVERT
2254 # define	ND_NEIGHBOR_ADVERT	136
2255 #endif
2256 #ifndef	ND_REDIRECT
2257 # define	ND_REDIRECT	137
2258 #endif
2259 #ifndef	ICMP6_ROUTER_RENUMBERING
2260 # define	ICMP6_ROUTER_RENUMBERING	138
2261 #endif
2262 #ifndef	ICMP6_WRUREQUEST
2263 # define	ICMP6_WRUREQUEST	139
2264 #endif
2265 #ifndef	ICMP6_WRUREPLY
2266 # define	ICMP6_WRUREPLY		140
2267 #endif
2268 #ifndef	ICMP6_FQDN_QUERY
2269 # define	ICMP6_FQDN_QUERY	139
2270 #endif
2271 #ifndef	ICMP6_FQDN_REPLY
2272 # define	ICMP6_FQDN_REPLY	140
2273 #endif
2274 #ifndef	ICMP6_NI_QUERY
2275 # define	ICMP6_NI_QUERY		139
2276 #endif
2277 #ifndef	ICMP6_NI_REPLY
2278 # define	ICMP6_NI_REPLY		140
2279 #endif
2280 #ifndef	MLD6_MTRACE_RESP
2281 # define	MLD6_MTRACE_RESP	200
2282 #endif
2283 #ifndef	MLD6_MTRACE
2284 # define	MLD6_MTRACE		201
2285 #endif
2286 #ifndef	ICMP6_HADISCOV_REQUEST
2287 # define	ICMP6_HADISCOV_REQUEST	202
2288 #endif
2289 #ifndef	ICMP6_HADISCOV_REPLY
2290 # define	ICMP6_HADISCOV_REPLY	203
2291 #endif
2292 #ifndef	ICMP6_MOBILEPREFIX_SOLICIT
2293 # define	ICMP6_MOBILEPREFIX_SOLICIT	204
2294 #endif
2295 #ifndef	ICMP6_MOBILEPREFIX_ADVERT
2296 # define	ICMP6_MOBILEPREFIX_ADVERT	205
2297 #endif
2298 #ifndef	ICMP6_MAXTYPE
2299 # define	ICMP6_MAXTYPE		205
2300 #endif
2301 
2302 #ifndef	ICMP6_DST_UNREACH_NOROUTE
2303 # define	ICMP6_DST_UNREACH_NOROUTE	0
2304 #endif
2305 #ifndef	ICMP6_DST_UNREACH_ADMIN
2306 # define	ICMP6_DST_UNREACH_ADMIN		1
2307 #endif
2308 #ifndef	ICMP6_DST_UNREACH_NOTNEIGHBOR
2309 # define	ICMP6_DST_UNREACH_NOTNEIGHBOR	2
2310 #endif
2311 #ifndef	ICMP6_DST_UNREACH_BEYONDSCOPE
2312 # define	ICMP6_DST_UNREACH_BEYONDSCOPE	2
2313 #endif
2314 #ifndef	ICMP6_DST_UNREACH_ADDR
2315 # define	ICMP6_DST_UNREACH_ADDR		3
2316 #endif
2317 #ifndef	ICMP6_DST_UNREACH_NOPORT
2318 # define	ICMP6_DST_UNREACH_NOPORT	4
2319 #endif
2320 #ifndef	ICMP6_TIME_EXCEED_TRANSIT
2321 # define	ICMP6_TIME_EXCEED_TRANSIT	0
2322 #endif
2323 #ifndef	ICMP6_TIME_EXCEED_REASSEMBLY
2324 # define	ICMP6_TIME_EXCEED_REASSEMBLY	1
2325 #endif
2326 
2327 #ifndef	ICMP6_NI_SUCCESS
2328 # define	ICMP6_NI_SUCCESS	0
2329 #endif
2330 #ifndef	ICMP6_NI_REFUSED
2331 # define	ICMP6_NI_REFUSED	1
2332 #endif
2333 #ifndef	ICMP6_NI_UNKNOWN
2334 # define	ICMP6_NI_UNKNOWN	2
2335 #endif
2336 
2337 #ifndef	ICMP6_ROUTER_RENUMBERING_COMMAND
2338 # define	ICMP6_ROUTER_RENUMBERING_COMMAND	0
2339 #endif
2340 #ifndef	ICMP6_ROUTER_RENUMBERING_RESULT
2341 # define	ICMP6_ROUTER_RENUMBERING_RESULT	1
2342 #endif
2343 #ifndef	ICMP6_ROUTER_RENUMBERING_SEQNUM_RESET
2344 # define	ICMP6_ROUTER_RENUMBERING_SEQNUM_RESET	255
2345 #endif
2346 
2347 #ifndef	ICMP6_PARAMPROB_HEADER
2348 # define	ICMP6_PARAMPROB_HEADER	0
2349 #endif
2350 #ifndef	ICMP6_PARAMPROB_NEXTHEADER
2351 # define	ICMP6_PARAMPROB_NEXTHEADER	1
2352 #endif
2353 #ifndef	ICMP6_PARAMPROB_OPTION
2354 # define	ICMP6_PARAMPROB_OPTION	2
2355 #endif
2356 
2357 #ifndef	ICMP6_NI_SUBJ_IPV6
2358 # define	ICMP6_NI_SUBJ_IPV6	0
2359 #endif
2360 #ifndef	ICMP6_NI_SUBJ_FQDN
2361 # define	ICMP6_NI_SUBJ_FQDN	1
2362 #endif
2363 #ifndef	ICMP6_NI_SUBJ_IPV4
2364 # define	ICMP6_NI_SUBJ_IPV4	2
2365 #endif
2366 
2367 /*
2368  * ECN is a new addition to TCP - RFC 2481
2369  */
2370 #ifndef TH_ECN
2371 # define	TH_ECN	0x40
2372 #endif
2373 #ifndef TH_CWR
2374 # define	TH_CWR	0x80
2375 #endif
2376 #define	TH_ECNALL	(TH_ECN|TH_CWR)
2377 
2378 /*
2379  * TCP States
2380  */
2381 #define IPF_TCPS_CLOSED		0	/* closed */
2382 #define IPF_TCPS_LISTEN		1	/* listening for connection */
2383 #define IPF_TCPS_SYN_SENT	2	/* active, have sent syn */
2384 #define IPF_TCPS_SYN_RECEIVED	3	/* have send and received syn */
2385 #define IPF_TCPS_HALF_ESTAB	4	/* for connections not fully "up" */
2386 /* states < IPF_TCPS_ESTABLISHED are those where connections not established */
2387 #define IPF_TCPS_ESTABLISHED	5	/* established */
2388 #define IPF_TCPS_CLOSE_WAIT	6	/* rcvd fin, waiting for close */
2389 /* states > IPF_TCPS_CLOSE_WAIT are those where user has closed */
2390 #define IPF_TCPS_FIN_WAIT_1	7	/* have closed, sent fin */
2391 #define IPF_TCPS_CLOSING	8	/* closed xchd FIN; await FIN ACK */
2392 #define IPF_TCPS_LAST_ACK	9	/* had fin and close; await FIN ACK */
2393 /* states > IPF_TCPS_CLOSE_WAIT && < IPF_TCPS_FIN_WAIT_2 await ACK of FIN */
2394 #define IPF_TCPS_FIN_WAIT_2	10	/* have closed, fin is acked */
2395 #define IPF_TCPS_TIME_WAIT	11	/* in 2*msl quiet wait after close */
2396 #define IPF_TCP_NSTATES		12
2397 
2398 #define	TCP_MSL			120
2399 
2400 #undef	ICMP_MAX_UNREACH
2401 #define	ICMP_MAX_UNREACH	14
2402 #undef	ICMP_MAXTYPE
2403 #define	ICMP_MAXTYPE		18
2404 
2405 #ifndef	IFNAMSIZ
2406 #define	IFNAMSIZ		16
2407 #endif
2408 
2409 #ifndef	LOG_FTP
2410 # define	LOG_FTP		(11<<3)
2411 #endif
2412 #ifndef	LOG_AUTHPRIV
2413 # define	LOG_AUTHPRIV	(10<<3)
2414 #endif
2415 #ifndef	LOG_AUDIT
2416 # define	LOG_AUDIT	(13<<3)
2417 #endif
2418 #ifndef	LOG_NTP
2419 # define	LOG_NTP		(12<<3)
2420 #endif
2421 #ifndef	LOG_SECURITY
2422 # define	LOG_SECURITY	(13<<3)
2423 #endif
2424 #ifndef	LOG_LFMT
2425 # define	LOG_LFMT	(14<<3)
2426 #endif
2427 #ifndef	LOG_CONSOLE
2428 # define	LOG_CONSOLE	(14<<3)
2429 #endif
2430 
2431 /*
2432  * ICMP error replies have an IP header (20 bytes), 8 bytes of ICMP data,
2433  * another IP header and then 64 bits of data, totalling 56.  Of course,
2434  * the last 64 bits is dependent on that being available.
2435  */
2436 #define	ICMPERR_ICMPHLEN	8
2437 #define	ICMPERR_IPICMPHLEN	(20 + 8)
2438 #define	ICMPERR_MINPKTLEN	(20 + 8 + 20)
2439 #define	ICMPERR_MAXPKTLEN	(20 + 8 + 20 + 8)
2440 #define ICMP6ERR_MINPKTLEN	(40 + 8)
2441 #define ICMP6ERR_IPICMPHLEN	(40 + 8 + 40)
2442 
2443 #ifndef MIN
2444 # define	MIN(a,b)	(((a)<(b))?(a):(b))
2445 #endif
2446 
2447 #ifdef IPF_DEBUG
2448 # define	DPRINT(x)	printf x
2449 #else
2450 # define	DPRINT(x)
2451 #endif
2452 
2453 #ifdef RESCUE
2454 # undef IPFILTER_BPF
2455 #endif
2456 
2457 #endif	/* __IP_COMPAT_H__ */
2458