/*
- * Copyright (c) 2002 Apple Computer, Inc. All rights reserved.
+ * Copyright (c) 2008-2013 Apple Inc. All rights reserved.
*
- * @APPLE_LICENSE_HEADER_START@
- *
- * Copyright (c) 1999-2003 Apple Computer, Inc. All Rights Reserved.
+ * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
*
* This file contains Original Code and/or Modifications of Original Code
* as defined in and that are subject to the Apple Public Source License
* Version 2.0 (the 'License'). You may not use this file except in
- * compliance with the License. Please obtain a copy of the License at
- * http://www.opensource.apple.com/apsl/ and read it before using this
- * file.
+ * compliance with the License. The rights granted to you under the License
+ * may not be used to create, or enable the creation or redistribution of,
+ * unlawful or unlicensed copies of an Apple operating system, or to
+ * circumvent, violate, or enable the circumvention or violation of, any
+ * terms of an Apple operating system software license agreement.
+ *
+ * Please obtain a copy of the License at
+ * http://www.opensource.apple.com/apsl/ and read it before using this file.
*
* The Original Code and all software distributed under the License are
* distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
* Please see the License for the specific language governing rights and
* limitations under the License.
*
- * @APPLE_LICENSE_HEADER_END@
+ * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
*/
/*
* Copyright (c) 1993 Daniel Boulet
#ifndef _IP6_FW_H
#define _IP6_FW_H
+#ifdef __APPLE_API_OBSOLETE
+
#include <sys/appleapiopts.h>
+/*
+ * Define IPv6 Firewall event subclass, and associated events.
+ */
+
+/*!
+ @defined KEV_IP6FW_SUBCLASS
+ @discussion The kernel event subclass for IPv6 Firewall.
+*/
+#define KEV_IP6FW_SUBCLASS 2
+
+/*!
+ @defined KEV_IP6FW_ADD
+ @discussion The event code indicating a rule has been added.
+*/
+#define KEV_IP6FW_ADD 1
+
+/*!
+ @defined KEV_IP6FW_DEL
+ @discussion The event code indicating a rule has been removed.
+*/
+#define KEV_IP6FW_DEL 2
+
+/*!
+ @defined KEV_IP6FW_FLUSH
+ @discussion The event code indicating the rule set has been flushed.
+*/
+#define KEV_IP6FW_FLUSH 3
+
+/*!
+ @defined KEV_IP6FW_FLUSH
+ @discussion The event code indicating the enable flag has been changed
+*/
+#define KEV_IP6FW_ENABLE 4
+
+
#include <net/if.h>
-#ifdef __APPLE_API_PRIVATE
-#define IP6_FW_CURRENT_API_VERSION 20 /* Version of this API */
+#define IPV6_FW_CURRENT_API_VERSION 20 /* Version of this API */
/*
* Warning: setsockopt() will fail if sizeof(struct ip_fw) > MLEN (108)
*/
+
struct ip6_fw {
u_int32_t version; /* Version of this structure. Should always be */
/* set to IP6_FW_CURRENT_API_VERSION by clients. */
void *context; /* Context that is usable by user processes to */
/* identify this rule. */
- u_long fw_pcnt,fw_bcnt; /* Packet and byte counters */
+ u_int32_t fw_pcnt,fw_bcnt; /* Packet and byte counters */
struct in6_addr fw_src, fw_dst; /* Source and destination IPv6 addr */
struct in6_addr fw_smsk, fw_dmsk; /* Mask for src and dest IPv6 addr */
u_short fw_number; /* Rule number */
/* count of 0 means match all ports) */
};
+#if defined(BSD_KERNEL_PRIVATE)
+#pragma pack(4)
+
+struct ip6_fw_32 {
+ u_int32_t version; /* Version of this structure. Should always be */
+ /* set to IP6_FW_CURRENT_API_VERSION by clients. */
+ user32_addr_t context; /* Context that is usable by user processes to */
+ /* identify this rule. */
+ u_int32_t fw_pcnt,fw_bcnt; /* Packet and byte counters */
+ struct in6_addr fw_src, fw_dst; /* Source and destination IPv6 addr */
+ struct in6_addr fw_smsk, fw_dmsk; /* Mask for src and dest IPv6 addr */
+ u_short fw_number; /* Rule number */
+ u_short fw_flg; /* Flags word */
+#define IPV6_FW_MAX_PORTS 10 /* A reasonable maximum */
+ u_int fw_ipflg; /* IP flags word */
+ u_short fw_pts[IPV6_FW_MAX_PORTS]; /* Array of port numbers to match */
+ u_char fw_ip6opt,fw_ip6nopt; /* IPv6 options set/unset */
+ u_char fw_tcpf,fw_tcpnf; /* TCP flags set/unset */
+#define IPV6_FW_ICMPTYPES_DIM (256 / (sizeof(unsigned) * 8))
+ unsigned fw_icmp6types[IPV6_FW_ICMPTYPES_DIM]; /* ICMP types bitmap */
+ user32_time_t timestamp; /* timestamp (tv_sec) of last match */
+ union ip6_fw_if fw_in_if, fw_out_if;/* Incoming and outgoing interfaces */
+ union {
+ u_short fu_divert_port; /* Divert/tee port (options IP6DIVERT) */
+ u_short fu_skipto_rule; /* SKIPTO command rule number */
+ u_short fu_reject_code; /* REJECT response code */
+ } fw_un;
+ u_char fw_prot; /* IPv6 protocol */
+ u_char fw_nports; /* N'of src ports and # of dst ports */
+ /* in ports array (dst ports follow */
+ /* src ports; max of 10 ports in all; */
+ /* count of 0 means match all ports) */
+};
+
+#pragma pack()
+
+struct ip6_fw_64 {
+ u_int32_t version; /* Version of this structure. Should always be */
+ /* set to IP6_FW_CURRENT_API_VERSION by clients. */
+ __uint64_t context __attribute__((aligned(8))); /* Context that is usable by user processes to */
+ /* identify this rule. */
+ u_int32_t fw_pcnt,fw_bcnt; /* Packet and byte counters */
+ struct in6_addr fw_src, fw_dst; /* Source and destination IPv6 addr */
+ struct in6_addr fw_smsk, fw_dmsk; /* Mask for src and dest IPv6 addr */
+ u_short fw_number; /* Rule number */
+ u_short fw_flg; /* Flags word */
+#define IPV6_FW_MAX_PORTS 10 /* A reasonable maximum */
+ u_int fw_ipflg; /* IP flags word */
+ u_short fw_pts[IPV6_FW_MAX_PORTS]; /* Array of port numbers to match */
+ u_char fw_ip6opt,fw_ip6nopt; /* IPv6 options set/unset */
+ u_char fw_tcpf,fw_tcpnf; /* TCP flags set/unset */
+#define IPV6_FW_ICMPTYPES_DIM (256 / (sizeof(unsigned) * 8))
+ unsigned fw_icmp6types[IPV6_FW_ICMPTYPES_DIM]; /* ICMP types bitmap */
+ user64_time_t timestamp; /* timestamp (tv_sec) of last match */
+ union ip6_fw_if fw_in_if, fw_out_if;/* Incoming and outgoing interfaces */
+ union {
+ u_short fu_divert_port; /* Divert/tee port (options IP6DIVERT) */
+ u_short fu_skipto_rule; /* SKIPTO command rule number */
+ u_short fu_reject_code; /* REJECT response code */
+ } fw_un;
+ u_char fw_prot; /* IPv6 protocol */
+ u_char fw_nports; /* N'of src ports and # of dst ports */
+ /* in ports array (dst ports follow */
+ /* src ports; max of 10 ports in all; */
+ /* count of 0 means match all ports) */
+};
+
+
+#endif /* BSD_KERNEL_PRIVATE */
+
#define IPV6_FW_GETNSRCP(rule) ((rule)->fw_nports & 0x0f)
#define IPV6_FW_SETNSRCP(rule, n) do { \
(rule)->fw_nports &= ~0x0f; \
/*
* Main firewall chains definitions and global var's definitions.
*/
-#ifdef KERNEL
+#ifdef BSD_KERNEL_PRIVATE
#define M_IP6FW M_IPFW
* Function definitions.
*/
void ip6_fw_init(void);
+void load_ip6fw(void);
/* Firewall hooks */
struct ip6_hdr;
-typedef int ip6_fw_chk_t __P((struct ip6_hdr**, struct ifnet*,
- u_short *, struct mbuf**));
-typedef int ip6_fw_ctl_t __P((int, struct mbuf**));
+struct sockopt;
+typedef int ip6_fw_chk_t(struct ip6_hdr**, struct ifnet*,
+ u_short *, struct mbuf**);
+typedef int ip6_fw_ctl_t(struct sockopt *);
extern ip6_fw_chk_t *ip6_fw_chk_ptr;
extern ip6_fw_ctl_t *ip6_fw_ctl_ptr;
extern int ip6_fw_enable;
-#endif /* KERNEL */
-#endif /* __APPLE_API_PRIVATE */
+#endif /* BSD_KERNEL_PRIVATE */
+#endif /* __APPLE_API_OBSOLETE */
#endif /* _IP6_FW_H */
projects / apple / xnu.git / blobdiff