X-Git-Url: https://git.saurik.com/apple/xnu.git/blobdiff_plain/b0d623f7f2ae71ed96e60569f61f9a9a27016e80..39236c6e673c41db228275375ab7fdb0f837b292:/bsd/netinet/ip_fw2.h diff --git a/bsd/netinet/ip_fw2.h b/bsd/netinet/ip_fw2.h index 0485bcbc2..5e7a3ffdf 100644 --- a/bsd/netinet/ip_fw2.h +++ b/bsd/netinet/ip_fw2.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2008 Apple Inc. All rights reserved. + * Copyright (c) 2008-2013 Apple Inc. All rights reserved. * * @APPLE_OSREFERENCE_LICENSE_HEADER_START@ * @@ -55,6 +55,7 @@ #ifndef _IPFW2_H #define _IPFW2_H +#ifdef __APPLE_API_OBSOLETE /* * Define IP Firewall event subclass, and associated events. @@ -414,6 +415,40 @@ struct ipfw_flow_id { */ typedef struct _ipfw_dyn_rule ipfw_dyn_rule; +#ifdef XNU_KERNEL_PRIVATE + +#include + +/* + * Note: + * The internal version of "struct _ipfw_dyn_rule" differs from + * its external version because the field "id" is of type + * "struct ip_flow_id" in the internal version. The type of the + * field "id" for the external version is "ipfw_dyn_rule for + * backwards compatibility reasons. + */ + +struct _ipfw_dyn_rule { + ipfw_dyn_rule *next; /* linked list of rules. */ + struct ip_fw *rule; /* pointer to rule */ + /* 'rule' is used to pass up the rule number (from the parent) */ + + ipfw_dyn_rule *parent; /* pointer to parent rule */ + u_int64_t pcnt; /* packet match counter */ + u_int64_t bcnt; /* byte match counter */ + struct ip_flow_id id; /* (masked) flow id */ + u_int32_t expire; /* expire time */ + u_int32_t bucket; /* which bucket in hash table */ + u_int32_t state; /* state of this rule (typically a + * combination of TCP flags) + */ + u_int32_t ack_fwd; /* most recent ACKs in forward */ + u_int32_t ack_rev; /* and reverse directions (used */ + /* to generate keepalives) */ + u_int16_t dyn_type; /* rule type */ + u_int16_t count; /* refcount */ +}; +#else /* XNU_KERNEL_PRIVATE */ struct _ipfw_dyn_rule { ipfw_dyn_rule *next; /* linked list of rules. */ struct ip_fw *rule; /* pointer to rule */ @@ -434,6 +469,7 @@ struct _ipfw_dyn_rule { u_int16_t dyn_type; /* rule type */ u_int16_t count; /* refcount */ }; +#endif /* XNU_KERNEL_PRIVATE */ /* * Definitions for IP option names. @@ -457,7 +493,7 @@ struct _ipfw_dyn_rule { /* * Main firewall chains definitions and global var's definitions. */ -#ifdef KERNEL +#ifdef BSD_KERNEL_PRIVATE #pragma pack(4) struct ip_fw_32{ @@ -581,38 +617,19 @@ typedef struct _ipfw_insn_pipe_32{ } ipfw_insn_pipe_32; -#endif /* KERNEL */ +#define IPFW_DEFAULT_RULE 65535 -#ifdef KERNEL #if IPFIREWALL #define IP_FW_PORT_DYNT_FLAG 0x10000 #define IP_FW_PORT_TEE_FLAG 0x20000 #define IP_FW_PORT_DENY_FLAG 0x40000 -/* - * Arguments for calling ipfw_chk() and dummynet_io(). We put them - * all into a structure because this way it is easier and more - * efficient to pass variables around and extend the interface. - */ -struct ip_fw_args { - struct mbuf *m; /* the mbuf chain */ - struct ifnet *oif; /* output interface */ - struct sockaddr_in *next_hop; /* forward address */ - struct ip_fw *rule; /* matching rule */ - struct ether_header *eh; /* for bridged packets */ - - struct route *ro; /* for dummynet */ - struct sockaddr_in *dst; /* for dummynet */ - int flags; /* for dummynet */ - struct ip_out_args *ipoa; /* for dummynet */ - - struct ipfw_flow_id f_id; /* grabbed from IP header */ - u_int16_t divert_rule; /* divert cookie */ - u_int32_t retval; -}; -//struct ip_fw_args; - +#ifdef PRIVATE +#include +#else +struct ip_fw_args; +#endif /* * Function definitions. */ @@ -632,6 +649,7 @@ extern int fw_one_pass; extern int fw_enable; #define IPFW_LOADED (ip_fw_chk_ptr != NULL) #endif /* IPFIREWALL */ -#endif /* KERNEL */ +#endif /* BSD_KERNEL_PRIVATE */ +#endif /* __APPLE_API_OBSOLETE */ #endif /* _IPFW2_H */