/*
- * Copyright (c) 2007-2012 Apple Inc. All rights reserved.
+ * Copyright (c) 2007-2015 Apple Inc. All rights reserved.
*
* @APPLE_OSREFERENCE_LICENSE_HEADER_START@
*
/*
* Copyright (c) 2001 Daniel Hartmeier
+ * NAT64 - Copyright (c) 2010 Viagenie Inc. (http://www.viagenie.ca)
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
#include <net/radix.h>
#include <netinet/in.h>
-
+#include <net/if_var.h>
#ifdef KERNEL
#include <kern/kern_types.h>
#include <kern/zalloc.h>
-#include <kern/lock.h>
+#include <kern/locks.h>
#include <machine/endian.h>
#include <sys/systm.h>
#define be64toh(x) htobe64(x)
-__private_extern__ lck_rw_t *pf_perim_lock;
-__private_extern__ lck_mtx_t *pf_lock;
+extern lck_rw_t *pf_perim_lock;
+extern lck_mtx_t *pf_lock;
struct pool {
struct zone *pool_zone; /* pointer to backend zone */
enum { PF_INOUT, PF_IN, PF_OUT };
enum { PF_PASS, PF_DROP, PF_SCRUB, PF_NOSCRUB, PF_NAT, PF_NONAT,
PF_BINAT, PF_NOBINAT, PF_RDR, PF_NORDR, PF_SYNPROXY_DROP,
- PF_DUMMYNET, PF_NODUMMYNET };
+ PF_DUMMYNET, PF_NODUMMYNET, PF_NAT64, PF_NONAT64 };
enum { PF_RULESET_SCRUB, PF_RULESET_FILTER, PF_RULESET_NAT,
PF_RULESET_BINAT, PF_RULESET_RDR, PF_RULESET_DUMMYNET,
PF_RULESET_MAX };
PFTM_ESP_ESTABLISHED, PFTM_OTHER_FIRST_PACKET, PFTM_OTHER_SINGLE,
PFTM_OTHER_MULTIPLE, PFTM_FRAG, PFTM_INTERVAL,
PFTM_ADAPTIVE_START, PFTM_ADAPTIVE_END, PFTM_SRC_NODE,
- PFTM_TS_DIFF, PFTM_MAX, PFTM_PURGE, PFTM_UNLINKED,
- PFTM_UNTIL_PACKET };
+ PFTM_TS_DIFF, PFTM_MAX, PFTM_PURGE, PFTM_UNLINKED };
/* PFTM default values */
#define PFTM_TCP_FIRST_PACKET_VAL 120 /* First TCP packet */
u_int16_t proxy_port[2];
u_int8_t port_op;
u_int8_t opts;
+ sa_family_t af;
};
u_int64_t packets[2];
u_int64_t bytes[2];
- u_int32_t ticket;
+ u_int64_t ticket;
#define PF_OWNER_NAME_SIZE 64
char owner[PF_OWNER_NAME_SIZE];
u_int32_t priority;
struct pf_state_key_cmp {
struct pf_state_host lan;
struct pf_state_host gwy;
- struct pf_state_host ext;
- sa_family_t af;
+ struct pf_state_host ext_lan;
+ struct pf_state_host ext_gwy;
+ sa_family_t af_lan;
+ sa_family_t af_gwy;
u_int8_t proto;
u_int8_t direction;
u_int8_t proto_variant;
struct pf_state_key {
struct pf_state_host lan;
struct pf_state_host gwy;
- struct pf_state_host ext;
- sa_family_t af;
+ struct pf_state_host ext_lan;
+ struct pf_state_host ext_gwy;
+ sa_family_t af_lan;
+ sa_family_t af_gwy;
u_int8_t proto;
u_int8_t direction;
u_int8_t proto_variant;
struct pf_app_state *app_state;
+ u_int32_t flowsrc;
u_int32_t flowhash;
RB_ENTRY(pf_state_key) entry_lan_ext;
char ifname[IFNAMSIZ];
struct pfsync_state_host lan;
struct pfsync_state_host gwy;
- struct pfsync_state_host ext;
+ struct pfsync_state_host ext_lan;
+ struct pfsync_state_host ext_gwy;
struct pfsync_state_peer src;
struct pfsync_state_peer dst;
struct pf_addr rt_addr;
u_int32_t bytes[2][2];
u_int32_t creatorid;
u_int16_t tag;
- sa_family_t af;
+ sa_family_t af_lan;
+ sa_family_t af_gwy;
u_int8_t proto;
u_int8_t direction;
u_int8_t log;
RB_HEAD(pfi_ifhead, pfi_kif);
/* state tables */
-__private_extern__ struct pf_state_tree_lan_ext pf_statetbl_lan_ext;
-__private_extern__ struct pf_state_tree_ext_gwy pf_statetbl_ext_gwy;
+extern struct pf_state_tree_lan_ext pf_statetbl_lan_ext;
+extern struct pf_state_tree_ext_gwy pf_statetbl_ext_gwy;
/* keep synced with pfi_kif, used in RB_FIND */
struct pfi_kif_cmp {
struct pf_esp_hdr *esp;
void *any;
} hdr;
- struct pf_addr baddr; /* address before translation */
- struct pf_addr naddr; /* address after translation */
+
+ /* XXX TODO: Change baddr and naddr to *saddr */
+ struct pf_addr baddr; /* src address before translation */
+ struct pf_addr bdaddr; /* dst address before translation */
+ struct pf_addr naddr; /* src address after translation */
+ struct pf_addr ndaddr; /* dst address after translation */
struct pf_rule *nat_rule; /* nat/rdr rule applied to packet */
struct pf_addr *src;
struct pf_addr *dst;
int lmw; /* lazy writable offset */
struct pf_mtag *pf_mtag;
u_int16_t *ip_sum;
+ u_int32_t off; /* protocol header offset */
+ u_int32_t hdrlen; /* protocol header length */
u_int32_t p_len; /* total length of payload */
u_int16_t flags; /* Let SCRUB trigger behavior in */
/* state code. Easier than tags */
#define PFDESC_TCP_NORM 0x0001 /* TCP shall be statefully scrubbed */
#define PFDESC_IP_REAS 0x0002 /* IP frags would've been reassembled */
-#define PFDESC_FLOW_ADV 0x0004 /* sender can use flow advisory */
-#define PFDESC_IP_FRAG 0x0008 /* This is a fragment */
+#define PFDESC_IP_FRAG 0x0004 /* This is a fragment */
sa_family_t af;
+ sa_family_t naf; /* address family after translation */
u_int8_t proto;
u_int8_t tos;
+ u_int8_t ttl;
u_int8_t proto_variant;
- mbuf_svc_class_t sc;
+ mbuf_svc_class_t sc; /* mbuf service class (MBUF_SVC) */
+ u_int32_t pktflags; /* mbuf packet flags (PKTF) */
+ u_int32_t flowsrc; /* flow source (FLOWSRC) */
u_int32_t flowhash; /* flow hash to identify the sender */
};
#endif /* KERNEL */
struct pfioc_state_addr_kill psk_src;
struct pfioc_state_addr_kill psk_dst;
char psk_ifname[IFNAMSIZ];
+ char psk_ownername[PF_OWNER_NAME_SIZE];
};
struct pfioc_states {
RB_HEAD(pf_src_tree, pf_src_node);
RB_PROTOTYPE_SC(__private_extern__, pf_src_tree, pf_src_node, entry,
pf_src_compare);
-__private_extern__ struct pf_src_tree tree_src_tracking;
+extern struct pf_src_tree tree_src_tracking;
RB_HEAD(pf_state_tree_id, pf_state);
RB_PROTOTYPE_SC(__private_extern__, pf_state_tree_id, pf_state,
entry_id, pf_state_compare_id);
-__private_extern__ struct pf_state_tree_id tree_id;
-__private_extern__ struct pf_state_queue state_list;
+extern struct pf_state_tree_id tree_id;
+extern struct pf_state_queue state_list;
TAILQ_HEAD(pf_poolqueue, pf_pool);
-__private_extern__ struct pf_poolqueue pf_pools[2];
-__private_extern__ struct pf_palist pf_pabuf;
-__private_extern__ u_int32_t ticket_pabuf;
+extern struct pf_poolqueue pf_pools[2];
+extern struct pf_palist pf_pabuf;
+extern u_int32_t ticket_pabuf;
#if PF_ALTQ
TAILQ_HEAD(pf_altqqueue, pf_altq);
-__private_extern__ struct pf_altqqueue pf_altqs[2];
-__private_extern__ u_int32_t ticket_altqs_active;
-__private_extern__ u_int32_t ticket_altqs_inactive;
-__private_extern__ int altqs_inactive_open;
-__private_extern__ struct pf_altqqueue *pf_altqs_active;
-__private_extern__ struct pf_altqqueue *pf_altqs_inactive;
+extern struct pf_altqqueue pf_altqs[2];
+extern u_int32_t ticket_altqs_active;
+extern u_int32_t ticket_altqs_inactive;
+extern int altqs_inactive_open;
+extern struct pf_altqqueue *pf_altqs_active;
+extern struct pf_altqqueue *pf_altqs_inactive;
#endif /* PF_ALTQ */
-__private_extern__ struct pf_poolqueue *pf_pools_active;
-__private_extern__ struct pf_poolqueue *pf_pools_inactive;
+extern struct pf_poolqueue *pf_pools_active;
+extern struct pf_poolqueue *pf_pools_inactive;
__private_extern__ int pf_tbladdr_setup(struct pf_ruleset *,
struct pf_addr_wrap *);
__private_extern__ void pf_calc_skip_steps(struct pf_rulequeue *);
__private_extern__ u_int32_t pf_calc_state_key_flowhash(struct pf_state_key *);
-__private_extern__ struct pool pf_src_tree_pl, pf_rule_pl;
-__private_extern__ struct pool pf_state_pl, pf_state_key_pl, pf_pooladdr_pl;
-__private_extern__ struct pool pf_state_scrub_pl;
+extern struct pool pf_src_tree_pl, pf_rule_pl;
+extern struct pool pf_state_pl, pf_state_key_pl, pf_pooladdr_pl;
+extern struct pool pf_state_scrub_pl;
#if PF_ALTQ
-__private_extern__ struct pool pf_altq_pl;
+extern struct pool pf_altq_pl;
#endif /* PF_ALTQ */
-__private_extern__ struct pool pf_app_state_pl;
+extern struct pool pf_app_state_pl;
-__private_extern__ struct thread *pf_purge_thread;
+extern struct thread *pf_purge_thread;
__private_extern__ void pfinit(void);
__private_extern__ void pf_purge_thread_fn(void *, wait_result_t);
__private_extern__ u_int16_t pf_cksum_fixup(u_int16_t, u_int16_t, u_int16_t,
u_int8_t);
-__private_extern__ struct ifnet *sync_ifp;
-__private_extern__ struct pf_rule pf_default_rule;
+extern struct ifnet *sync_ifp;
+extern struct pf_rule pf_default_rule;
__private_extern__ void pf_addrcpy(struct pf_addr *, struct pf_addr *,
u_int8_t);
__private_extern__ void pf_rm_rule(struct pf_rulequeue *, struct pf_rule *);
__private_extern__ int pfr_ina_define(struct pfr_table *, user_addr_t,
int, int *, int *, u_int32_t, int);
-__private_extern__ struct pfi_kif *pfi_all;
+extern struct pfi_kif *pfi_all;
__private_extern__ void pfi_initialize(void);
__private_extern__ struct pfi_kif *pfi_kif_get(const char *);
__private_extern__ void pf_qid2qname(u_int32_t, char *);
__private_extern__ void pf_qid_unref(u_int32_t);
-__private_extern__ struct pf_status pf_status;
-__private_extern__ struct pool pf_frent_pl, pf_frag_pl;
+extern struct pf_status pf_status;
+extern struct pool pf_frent_pl, pf_frag_pl;
struct pf_pool_limit {
void *pp;
unsigned limit;
};
-__private_extern__ struct pf_pool_limit pf_pool_limits[PF_LIMIT_MAX];
+extern struct pf_pool_limit pf_pool_limits[PF_LIMIT_MAX];
__private_extern__ int pf_af_hook(struct ifnet *, struct mbuf **,
struct mbuf **, unsigned int, int, struct ip_fw_args *);
-__private_extern__ int pf_ifaddr_hook(struct ifnet *, unsigned long);
+__private_extern__ int pf_ifaddr_hook(struct ifnet *);
__private_extern__ void pf_ifnet_hook(struct ifnet *, int);
/*
* The following are defined with "private extern" storage class for
* kernel, and "extern" for user-space.
*/
-__private_extern__ struct pf_anchor_global pf_anchors;
-__private_extern__ struct pf_anchor pf_main_anchor;
+extern struct pf_anchor_global pf_anchors;
+extern struct pf_anchor pf_main_anchor;
#define pf_main_ruleset pf_main_anchor.ruleset
-__private_extern__ int pf_is_enabled;
+extern int pf_is_enabled;
+extern int16_t pf_nat64_configured;
#define PF_IS_ENABLED (pf_is_enabled != 0)
-__private_extern__ u_int32_t pf_hash_seed;
+extern u_int32_t pf_hash_seed;
#if PF_ALTQ
-__private_extern__ u_int32_t altq_allowed;
+extern u_int32_t altq_allowed;
#endif /* PF_ALTQ */
/* these ruleset functions can be linked into userland programs (pfctl) */
projects / apple / xnu.git / blobdiff