xnu-792.18.15.tar.gz

[apple/xnu.git] / bsd / netinet6 / ip6_fw.h

diff --git a/bsd/netinet6/ip6_fw.h b/bsd/netinet6/ip6_fw.h
index 59c1fd933608da65c7b9b5f3796f36f7e6d743c1..0e38eeee72a30e27b5c3157bfbd2ec751cb9d324 100644 (file)
--- a/bsd/netinet6/ip6_fw.h
+++ b/bsd/netinet6/ip6_fw.h
@@ -1,5 +1,30 @@
-/*     $KAME: ip6_fw.h,v 1.2 2000/02/22 14:04:21 itojun Exp $  */
-
+/*
+ * Copyright (c) 2002 Apple Computer, Inc. All rights reserved.
+ *
+ * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
+ * 
+ * This file contains Original Code and/or Modifications of Original Code
+ * as defined in and that are subject to the Apple Public Source License
+ * Version 2.0 (the 'License'). You may not use this file except in
+ * compliance with the License. The rights granted to you under the License
+ * may not be used to create, or enable the creation or redistribution of,
+ * unlawful or unlicensed copies of an Apple operating system, or to
+ * circumvent, violate, or enable the circumvention or violation of, any
+ * terms of an Apple operating system software license agreement.
+ * 
+ * Please obtain a copy of the License at
+ * http://www.opensource.apple.com/apsl/ and read it before using this file.
+ * 
+ * The Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
+ * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
+ * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
+ * Please see the License for the specific language governing rights and
+ * limitations under the License.
+ * 
+ * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
+ */

 /*
  * Copyright (c) 1993 Daniel Boulet
  * Copyright (c) 1994 Ugen J.S.Antsilevich
 /*
  * Copyright (c) 1993 Daniel Boulet
  * Copyright (c) 1994 Ugen J.S.Antsilevich


@@ -17,9 +42,13 @@
 
 #ifndef _IP6_FW_H
 #define _IP6_FW_H
 
 #ifndef _IP6_FW_H
 #define _IP6_FW_H

+#include <sys/appleapiopts.h>

 
 #include <net/if.h>
 
 
 #include <net/if.h>
 

+#define IPV6_FW_CURRENT_API_VERSION 20 /* Version of this API */
+
+

 /*
  * This union structure identifies an interface, either explicitly
  * by name or implicitly by IP address. The flags IP_FW_F_IIFNAME
 /*
  * This union structure identifies an interface, either explicitly
  * by name or implicitly by IP address. The flags IP_FW_F_IIFNAME


@@ -36,8 +65,8 @@
 union ip6_fw_if {
     struct in6_addr fu_via_ip6;        /* Specified by IPv6 address */
     struct {                   /* Specified by interface name */
 union ip6_fw_if {
     struct in6_addr fu_via_ip6;        /* Specified by IPv6 address */
     struct {                   /* Specified by interface name */

-#define FW_IFNLEN     IFNAMSIZ
-           char  name[FW_IFNLEN];
+#define IP6FW_IFNLEN     IFNAMSIZ
+           char  name[IP6FW_IFNLEN];

            short unit;         /* -1 means match any unit */
     } fu_via_if;
 };
            short unit;         /* -1 means match any unit */
     } fu_via_if;
 };


@@ -52,16 +81,21 @@ union ip6_fw_if {
  */
 
 struct ip6_fw {
  */
 
 struct ip6_fw {

+       u_int32_t version;              /* Version of this structure.  Should always be */
+                                                       /* set to IP6_FW_CURRENT_API_VERSION by clients. */
+       void *context;                  /* Context that is usable by user processes to */
+                                                       /* identify this rule. */

     u_long fw_pcnt,fw_bcnt;            /* Packet and byte counters */
     struct in6_addr fw_src, fw_dst;    /* Source and destination IPv6 addr */
     struct in6_addr fw_smsk, fw_dmsk;  /* Mask for src and dest IPv6 addr */
     u_short fw_number;                 /* Rule number */
     u_short fw_flg;                    /* Flags word */
 #define IPV6_FW_MAX_PORTS      10      /* A reasonable maximum */
     u_long fw_pcnt,fw_bcnt;            /* Packet and byte counters */
     struct in6_addr fw_src, fw_dst;    /* Source and destination IPv6 addr */
     struct in6_addr fw_smsk, fw_dmsk;  /* Mask for src and dest IPv6 addr */
     u_short fw_number;                 /* Rule number */
     u_short fw_flg;                    /* Flags word */
 #define IPV6_FW_MAX_PORTS      10      /* A reasonable maximum */

+    u_int fw_ipflg;                    /* IP flags word */

     u_short fw_pts[IPV6_FW_MAX_PORTS]; /* Array of port numbers to match */
     u_char fw_ip6opt,fw_ip6nopt;       /* IPv6 options set/unset */
     u_char fw_tcpf,fw_tcpnf;           /* TCP flags set/unset */
     u_short fw_pts[IPV6_FW_MAX_PORTS]; /* Array of port numbers to match */
     u_char fw_ip6opt,fw_ip6nopt;       /* IPv6 options set/unset */
     u_char fw_tcpf,fw_tcpnf;           /* TCP flags set/unset */

-#define IPV6_FW_ICMPTYPES_DIM (32 / (sizeof(unsigned) * 8))
+#define IPV6_FW_ICMPTYPES_DIM (256 / (sizeof(unsigned) * 8))

     unsigned fw_icmp6types[IPV6_FW_ICMPTYPES_DIM]; /* ICMP types bitmap */
     long timestamp;                    /* timestamp (tv_sec) of last match */
     union ip6_fw_if fw_in_if, fw_out_if;/* Incoming and outgoing interfaces */
     unsigned fw_icmp6types[IPV6_FW_ICMPTYPES_DIM]; /* ICMP types bitmap */
     long timestamp;                    /* timestamp (tv_sec) of last match */
     union ip6_fw_if fw_in_if, fw_out_if;/* Incoming and outgoing interfaces */


@@ -136,6 +170,11 @@ struct ip6_fw_chain {
 
 #define IPV6_FW_F_MASK 0xFFFF  /* All possible flag bits mask          */
 
 
 #define IPV6_FW_F_MASK 0xFFFF  /* All possible flag bits mask          */
 

+/* 
+ * Flags for the 'fw_ipflg' field, for comparing values of ip and its protocols. */
+#define        IPV6_FW_IF_TCPEST 0x00000020    /* established TCP connection   */
+#define IPV6_FW_IF_TCPMSK 0x00000020   /* mask of all TCP values */
+

 /*
  * For backwards compatibility with rules specifying "via iface" but
  * not restricted to only "in" or "out" packets, we define this combination
 /*
  * For backwards compatibility with rules specifying "via iface" but
  * not restricted to only "in" or "out" packets, we define this combination


@@ -170,36 +209,14 @@ struct ip6_fw_chain {
 #define IPV6_FW_TCPF_PSH       TH_PUSH
 #define IPV6_FW_TCPF_ACK       TH_ACK
 #define IPV6_FW_TCPF_URG       TH_URG
 #define IPV6_FW_TCPF_PSH       TH_PUSH
 #define IPV6_FW_TCPF_ACK       TH_ACK
 #define IPV6_FW_TCPF_URG       TH_URG

-#define IPV6_FW_TCPF_ESTAB     0x40
-
-/*
- * Names for IPV6_FW sysctl objects
- */
-#define IP6FWCTL_DEBUG                 1
-#define IP6FWCTL_VERBOSE       2
-#define IP6FWCTL_VERBLIMIT     3 
-#define IP6FWCTL_MAXID          4
-
-#define IP6FWCTL_NAMES { \
-        { 0, 0 }, \
-        { 0, 0 }, \
-        { "debug", CTLTYPE_INT }, \
-        { "verbose", CTLTYPE_INT }, \
-        { "verbose_limit", CTLTYPE_INT }, \
-}
-
-#define IP6FWCTL_VARS { \
-        0, \
-        0, \
-        &fw6_debug,   \
-        &fw6_verbose,  \
-        &fw6_verbose_limit, \
-}

 
 /*
  * Main firewall chains definitions and global var's definitions.
  */
 
 /*
  * Main firewall chains definitions and global var's definitions.
  */

-#if KERNEL
+#ifdef KERNEL_PRIVATE
+
+#define M_IP6FW M_IPFW
+

 
 /*
  * Function definitions.
 
 /*
  * Function definitions.


@@ -208,12 +225,14 @@ void ip6_fw_init(void);
 
 /* Firewall hooks */
 struct ip6_hdr;
 
 /* Firewall hooks */
 struct ip6_hdr;

-typedef        int ip6_fw_chk_t __P((struct ip6_hdr**, struct ifnet*,
-                               u_short *, struct mbuf**));
-typedef        int ip6_fw_ctl_t __P((int, struct mbuf**));
+struct sockopt;
+typedef        int ip6_fw_chk_t(struct ip6_hdr**, struct ifnet*,
+                               u_short *, struct mbuf**);
+typedef        int ip6_fw_ctl_t(struct sockopt *);

 extern ip6_fw_chk_t *ip6_fw_chk_ptr;
 extern ip6_fw_ctl_t *ip6_fw_ctl_ptr;
 extern ip6_fw_chk_t *ip6_fw_chk_ptr;
 extern ip6_fw_ctl_t *ip6_fw_ctl_ptr;

+extern int ip6_fw_enable;

 
 

-#endif /* KERNEL */
+#endif /* KERNEL_PRIVATE */

 
 #endif /* _IP6_FW_H */
 
 #endif /* _IP6_FW_H */