99 # define SIOCSTGSZ _IOWR(r, 82, struct ipfobj)
100 # define SIOCGFRST _IOWR(r, 83, struct ipfobj)
101 # define SIOCSETLG _IOWR(r, 84, int)
102 # define SIOCGETLG _IOWR(r, 85, int)
103 # define SIOCFUNCL _IOWR(r, 86, struct ipfunc_resolve)
104 # define SIOCIPFGETNEXT _IOWR(r, 87, struct ipfobj)
105 # define SIOCIPFGET _IOWR(r, 88, struct ipfobj)
106 # define SIOCIPFSET _IOWR(r, 89, struct ipfobj)
107 # define SIOCIPFL6 _IOWR(r, 90, int)
108 # define SIOCIPFLP _IOWR(r, 91, int)
109 # define SIOCIPFITER _IOWR(r, 92, struct ipfobj)
110 # define SIOCGENITER _IOWR(r, 93, struct ipfobj)
111 # define SIOCGTABL _IOWR(r, 94, struct ipfobj)
112 # define SIOCIPFDELTOK _IOWR(r, 95, int)
113 # define SIOCLOOKUPITER _IOWR(r, 96, struct ipfobj)
114 #endif
115 #define SIOCADDFR SIOCADAFR
116 #define SIOCDELFR SIOCRMAFR
117 #define SIOCINSFR SIOCINAFR
118 # define SIOCIPFZONESET _IOWR('r', 97, struct ipfzoneobj)
119 # define SIOCIPFCFWCFG _IOWR('r', 98, struct ipfcfwcfg)
120
121 /*
122 * What type of table is getting flushed?
123 */
124
125 #define NAT_FLUSH 1
126 #define STATE_FLUSH 2
127
128 /*
129 * What table flush options are available?
130 */
131
132 #define FLUSH_LIST 0
133 #define FLUSH_TABLE_ALL 1 /* Flush entire table */
134 #define FLUSH_TABLE_CLOSING 2 /* Flush "closing" entries" */
135 #define FLUSH_TABLE_EXTRA 3 /* Targetted flush: almost closed, long idle */
136
137 #define VALID_TABLE_FLUSH_OPT(x) ((x) >= 1 && (x) <= 3)
138
139 /*
1172 typedef struct ipfobj {
1173 u_32_t ipfo_rev; /* IPFilter version number */
1174 u_32_t ipfo_size; /* size of object at ipfo_ptr */
1175 void *ipfo_ptr; /* pointer to object */
1176 int ipfo_type; /* type of object being pointed to */
1177 int ipfo_offset; /* bytes from ipfo_ptr where to start */
1178 u_char ipfo_xxxpad[32]; /* reserved for future use */
1179 } ipfobj_t;
1180
1181 /*
1182 * ioctl struct for setting what zone further ioctls will act on. ipfz_gz is a
1183 * boolean: set it to 1 to operate on the GZ-controlled stack.
1184 */
1185 typedef struct ipfzoneobj {
1186 u_32_t ipfz_gz; /* GZ stack boolean */
1187 char ipfz_zonename[ZONENAME_MAX]; /* zone to act on */
1188 } ipfzoneobj_t;
1189
1190 /* ioctl to grab CFW logging parameters */
1191 typedef struct ipfcfwcfg {
1192 uint32_t ipfcfwc_maxevsize;
1193 uint32_t ipfcfwc_evringsize;
1194 } ipfcfwcfg_t;
1195
1196 #if defined(_KERNEL)
1197 /* Set ipfs_zoneid to this if no zone has been set: */
1198 #define IPFS_ZONE_UNSET -2
1199
1200 typedef struct ipf_devstate {
1201 zoneid_t ipfs_zoneid;
1202 minor_t ipfs_minor;
1203 boolean_t ipfs_gz;
1204 } ipf_devstate_t;
1205 #endif
1206
1207 #define IPFOBJ_FRENTRY 0 /* struct frentry */
1208 #define IPFOBJ_IPFSTAT 1 /* struct friostat */
1209 #define IPFOBJ_IPFINFO 2 /* struct fr_info */
1210 #define IPFOBJ_AUTHSTAT 3 /* struct fr_authstat */
1211 #define IPFOBJ_FRAGSTAT 4 /* struct ipfrstat */
1212 #define IPFOBJ_IPNAT 5 /* struct ipnat */
1213 #define IPFOBJ_NATSTAT 6 /* struct natstat */
1570 extern int ipflog __P((fr_info_t *, u_int));
1571 extern int ipllog __P((int, fr_info_t *, void **, size_t *, int *, int,
1572 ipf_stack_t *));
1573 extern void fr_logunload __P((ipf_stack_t *));
1574
1575 /* SmartOS single-FD global-zone state accumulator (see cfw.c) */
1576 extern boolean_t ipf_cfwlog_enabled;
1577 struct ipstate; /* Ugggh. */
1578 extern void ipf_log_cfwlog __P((struct ipstate *, uint_t, ipf_stack_t *));
1579 extern void ipf_block_cfwlog __P((frentry_t *, fr_info_t *, ipf_stack_t *));
1580 #define IFS_CFWLOG(ifs, fr) ((ifs)->ifs_gz_controlled && ipf_cfwlog_enabled &&\
1581 fr != NULL && ((fr)->fr_flags & FR_CFWLOG))
1582 struct cfwev_s; /* See ipf_cfw.h */
1583 extern boolean_t ipf_cfwev_consume __P((struct cfwev_s *, boolean_t));
1584 /* See cfw.c's ipf_cfwev_consume_many() for details. */
1585 typedef uint_t (*cfwmanycb_t) __P((struct cfwev_s *, uint_t, void *));
1586 extern uint_t
1587 ipf_cfwev_consume_many __P((uint_t, boolean_t, cfwmanycb_t, void *));
1588 extern int ipf_cfwlog_read __P((dev_t, struct uio *, struct cred *));
1589 extern int ipf_cfwlog_ioctl __P((dev_t, int, intptr_t, int, cred_t *, int *));
1590
1591 extern frentry_t *fr_acctpkt __P((fr_info_t *, u_32_t *));
1592 extern int fr_copytolog __P((int, char *, int));
1593 extern u_short fr_cksum __P((mb_t *, ip_t *, int, void *));
1594 extern void fr_deinitialise __P((ipf_stack_t *));
1595 extern frentry_t *fr_dolog __P((fr_info_t *, u_32_t *));
1596 extern frentry_t *fr_dstgrpmap __P((fr_info_t *, u_32_t *));
1597 extern void fr_fixskip __P((frentry_t **, frentry_t *, int));
1598 extern void fr_forgetifp __P((void *, ipf_stack_t *));
1599 extern frentry_t *fr_getrulen __P((int, char *, u_32_t,
1600 ipf_stack_t *));
1601 extern void fr_getstat __P((struct friostat *, ipf_stack_t *));
1602 extern int fr_ifpaddr __P((int, int, void *,
1603 struct in_addr *, struct in_addr *,
1604 ipf_stack_t *));
1605 extern int fr_initialise __P((ipf_stack_t *));
1606 extern int fr_lock __P((caddr_t, int *));
1607 extern int fr_makefrip __P((int, ip_t *, fr_info_t *));
1608 extern int fr_matchtag __P((ipftag_t *, ipftag_t *));
1609 extern int fr_matchicmpqueryreply __P((int, icmpinfo_t *,
|
99 # define SIOCSTGSZ _IOWR(r, 82, struct ipfobj)
100 # define SIOCGFRST _IOWR(r, 83, struct ipfobj)
101 # define SIOCSETLG _IOWR(r, 84, int)
102 # define SIOCGETLG _IOWR(r, 85, int)
103 # define SIOCFUNCL _IOWR(r, 86, struct ipfunc_resolve)
104 # define SIOCIPFGETNEXT _IOWR(r, 87, struct ipfobj)
105 # define SIOCIPFGET _IOWR(r, 88, struct ipfobj)
106 # define SIOCIPFSET _IOWR(r, 89, struct ipfobj)
107 # define SIOCIPFL6 _IOWR(r, 90, int)
108 # define SIOCIPFLP _IOWR(r, 91, int)
109 # define SIOCIPFITER _IOWR(r, 92, struct ipfobj)
110 # define SIOCGENITER _IOWR(r, 93, struct ipfobj)
111 # define SIOCGTABL _IOWR(r, 94, struct ipfobj)
112 # define SIOCIPFDELTOK _IOWR(r, 95, int)
113 # define SIOCLOOKUPITER _IOWR(r, 96, struct ipfobj)
114 #endif
115 #define SIOCADDFR SIOCADAFR
116 #define SIOCDELFR SIOCRMAFR
117 #define SIOCINSFR SIOCINAFR
118 # define SIOCIPFZONESET _IOWR('r', 97, struct ipfzoneobj)
119 # define SIOCIPFCFWCFG _IOR('r', 98, struct ipfcfwcfg)
120 # define SIOCIPFCFWNEWSZ _IOWR('r', 99, struct ipfcfwcfg)
121
122 /*
123 * What type of table is getting flushed?
124 */
125
126 #define NAT_FLUSH 1
127 #define STATE_FLUSH 2
128
129 /*
130 * What table flush options are available?
131 */
132
133 #define FLUSH_LIST 0
134 #define FLUSH_TABLE_ALL 1 /* Flush entire table */
135 #define FLUSH_TABLE_CLOSING 2 /* Flush "closing" entries" */
136 #define FLUSH_TABLE_EXTRA 3 /* Targetted flush: almost closed, long idle */
137
138 #define VALID_TABLE_FLUSH_OPT(x) ((x) >= 1 && (x) <= 3)
139
140 /*
1173 typedef struct ipfobj {
1174 u_32_t ipfo_rev; /* IPFilter version number */
1175 u_32_t ipfo_size; /* size of object at ipfo_ptr */
1176 void *ipfo_ptr; /* pointer to object */
1177 int ipfo_type; /* type of object being pointed to */
1178 int ipfo_offset; /* bytes from ipfo_ptr where to start */
1179 u_char ipfo_xxxpad[32]; /* reserved for future use */
1180 } ipfobj_t;
1181
1182 /*
1183 * ioctl struct for setting what zone further ioctls will act on. ipfz_gz is a
1184 * boolean: set it to 1 to operate on the GZ-controlled stack.
1185 */
1186 typedef struct ipfzoneobj {
1187 u_32_t ipfz_gz; /* GZ stack boolean */
1188 char ipfz_zonename[ZONENAME_MAX]; /* zone to act on */
1189 } ipfzoneobj_t;
1190
1191 /* ioctl to grab CFW logging parameters */
1192 typedef struct ipfcfwcfg {
1193 /* CFG => Max event size, NEWSZ => ignored in, like CFG out. */
1194 uint32_t ipfcfwc_maxevsize;
1195 /*
1196 * CFG => Current ring size,
1197 * NEWSZ => New ring size, must be 2^N for 10 <= N <= 31.
1198 */
1199 uint32_t ipfcfwc_evringsize;
1200 /* CFG => Number of event reports, NEWSZ => ignored in, like CFG out. */
1201 uint64_t ipfcfwc_evreports;
1202 /* CFG => Number of event drops, NEWSZ => ignored in, like CFG out. */
1203 uint64_t ipfcfwc_evdrops;
1204 } ipfcfwcfg_t;
1205
1206 #if defined(_KERNEL)
1207 /* Set ipfs_zoneid to this if no zone has been set: */
1208 #define IPFS_ZONE_UNSET -2
1209
1210 typedef struct ipf_devstate {
1211 zoneid_t ipfs_zoneid;
1212 minor_t ipfs_minor;
1213 boolean_t ipfs_gz;
1214 } ipf_devstate_t;
1215 #endif
1216
1217 #define IPFOBJ_FRENTRY 0 /* struct frentry */
1218 #define IPFOBJ_IPFSTAT 1 /* struct friostat */
1219 #define IPFOBJ_IPFINFO 2 /* struct fr_info */
1220 #define IPFOBJ_AUTHSTAT 3 /* struct fr_authstat */
1221 #define IPFOBJ_FRAGSTAT 4 /* struct ipfrstat */
1222 #define IPFOBJ_IPNAT 5 /* struct ipnat */
1223 #define IPFOBJ_NATSTAT 6 /* struct natstat */
1580 extern int ipflog __P((fr_info_t *, u_int));
1581 extern int ipllog __P((int, fr_info_t *, void **, size_t *, int *, int,
1582 ipf_stack_t *));
1583 extern void fr_logunload __P((ipf_stack_t *));
1584
1585 /* SmartOS single-FD global-zone state accumulator (see cfw.c) */
1586 extern boolean_t ipf_cfwlog_enabled;
1587 struct ipstate; /* Ugggh. */
1588 extern void ipf_log_cfwlog __P((struct ipstate *, uint_t, ipf_stack_t *));
1589 extern void ipf_block_cfwlog __P((frentry_t *, fr_info_t *, ipf_stack_t *));
1590 #define IFS_CFWLOG(ifs, fr) ((ifs)->ifs_gz_controlled && ipf_cfwlog_enabled &&\
1591 fr != NULL && ((fr)->fr_flags & FR_CFWLOG))
1592 struct cfwev_s; /* See ipf_cfw.h */
1593 extern boolean_t ipf_cfwev_consume __P((struct cfwev_s *, boolean_t));
1594 /* See cfw.c's ipf_cfwev_consume_many() for details. */
1595 typedef uint_t (*cfwmanycb_t) __P((struct cfwev_s *, uint_t, void *));
1596 extern uint_t
1597 ipf_cfwev_consume_many __P((uint_t, boolean_t, cfwmanycb_t, void *));
1598 extern int ipf_cfwlog_read __P((dev_t, struct uio *, struct cred *));
1599 extern int ipf_cfwlog_ioctl __P((dev_t, int, intptr_t, int, cred_t *, int *));
1600 #define IPF_CFW_RING_ALLOCATE 0
1601 #define IPF_CFW_RING_DESTROY 1
1602 extern int ipf_cfw_ring_resize(uint32_t);
1603
1604 extern frentry_t *fr_acctpkt __P((fr_info_t *, u_32_t *));
1605 extern int fr_copytolog __P((int, char *, int));
1606 extern u_short fr_cksum __P((mb_t *, ip_t *, int, void *));
1607 extern void fr_deinitialise __P((ipf_stack_t *));
1608 extern frentry_t *fr_dolog __P((fr_info_t *, u_32_t *));
1609 extern frentry_t *fr_dstgrpmap __P((fr_info_t *, u_32_t *));
1610 extern void fr_fixskip __P((frentry_t **, frentry_t *, int));
1611 extern void fr_forgetifp __P((void *, ipf_stack_t *));
1612 extern frentry_t *fr_getrulen __P((int, char *, u_32_t,
1613 ipf_stack_t *));
1614 extern void fr_getstat __P((struct friostat *, ipf_stack_t *));
1615 extern int fr_ifpaddr __P((int, int, void *,
1616 struct in_addr *, struct in_addr *,
1617 ipf_stack_t *));
1618 extern int fr_initialise __P((ipf_stack_t *));
1619 extern int fr_lock __P((caddr_t, int *));
1620 extern int fr_makefrip __P((int, ip_t *, fr_info_t *));
1621 extern int fr_matchtag __P((ipftag_t *, ipftag_t *));
1622 extern int fr_matchicmpqueryreply __P((int, icmpinfo_t *,
|