1 3448 dh155122 /* 2 3448 dh155122 * Copyright (C) 1993-2001, 2003 by Darren Reed. 3 3448 dh155122 * 4 3448 dh155122 * See the IPFILTER.LICENCE file for details on licencing. 5 3448 dh155122 * 6 9876 Darren * Copyright 2009 Sun Microsystems, Inc. All rights reserved. 7 3448 dh155122 * Use is subject to license terms. 8 3448 dh155122 */ 9 3448 dh155122 10 3448 dh155122 #ifndef __IPF_STACK_H__ 11 3448 dh155122 #define __IPF_STACK_H__ 12 3448 dh155122 13 3448 dh155122 /* FIXME: appears needed for ip_proxy.h - tcpseq */ 14 3448 dh155122 #include <net/route.h> 15 3448 dh155122 #include <netinet/in.h> 16 3448 dh155122 #include <netinet/in_systm.h> 17 3448 dh155122 #include <netinet/ip.h> 18 3448 dh155122 #include <netinet/ip_var.h> 19 3448 dh155122 #include <netinet/tcp.h> 20 3448 dh155122 #include <netinet/udp.h> 21 3448 dh155122 #include <netinet/ip_icmp.h> 22 3448 dh155122 #include <netinet/tcpip.h> 23 3448 dh155122 24 3448 dh155122 #include "ip_compat.h" 25 3448 dh155122 #include "ip_fil.h" 26 3448 dh155122 #include "ip_nat.h" 27 3448 dh155122 #include "ip_frag.h" 28 3448 dh155122 #include "ip_state.h" 29 3448 dh155122 #include "ip_proxy.h" 30 3448 dh155122 #include "ip_auth.h" 31 3448 dh155122 #include "ip_lookup.h" 32 3448 dh155122 #include "ip_pool.h" 33 3448 dh155122 #include "ip_htable.h" 34 3448 dh155122 #include <net/radix.h> 35 3448 dh155122 #include <sys/neti.h> 36 3448 dh155122 #include <sys/hook.h> 37 3448 dh155122 38 3448 dh155122 /* 39 3448 dh155122 * IPF stack instances 40 3448 dh155122 */ 41 3448 dh155122 struct ipf_stack { 42 7513 Darren struct ipf_stack *ifs_next; 43 7513 Darren struct ipf_stack **ifs_pnext; 44 7513 Darren netid_t ifs_netid; 45 7513 Darren zoneid_t ifs_zone; 46 3448 dh155122 47 3448 dh155122 /* ipf module */ 48 10587 Alexandr fr_info_t ifs_frcache[2][8]; 49 3448 dh155122 50 3448 dh155122 filterstats_t ifs_frstats[2]; 51 3448 dh155122 frentry_t *ifs_ipfilter[2][2]; 52 3448 dh155122 frentry_t *ifs_ipfilter6[2][2]; 53 3448 dh155122 frentry_t *ifs_ipacct6[2][2]; 54 3448 dh155122 frentry_t *ifs_ipacct[2][2]; 55 3448 dh155122 #if 0 /* not used */ 56 3448 dh155122 frentry_t *ifs_ipnatrules[2][2]; 57 3448 dh155122 #endif 58 3448 dh155122 frgroup_t *ifs_ipfgroups[IPL_LOGSIZE][2]; 59 3448 dh155122 int ifs_fr_refcnt; 60 3448 dh155122 /* 61 3448 dh155122 * For fr_running: 62 3448 dh155122 * 0 == loading, 1 = running, -1 = disabled, -2 = unloading 63 3448 dh155122 */ 64 3448 dh155122 int ifs_fr_running; 65 3448 dh155122 int ifs_fr_flags; 66 3448 dh155122 int ifs_fr_active; 67 3448 dh155122 int ifs_fr_control_forwarding; 68 3448 dh155122 int ifs_fr_update_ipid; 69 3448 dh155122 #if 0 70 3448 dh155122 ushort_t ifs_fr_ip_id; 71 3448 dh155122 #endif 72 3448 dh155122 int ifs_fr_chksrc; 73 3448 dh155122 int ifs_fr_minttl; 74 3448 dh155122 int ifs_fr_icmpminfragmtu; 75 3448 dh155122 int ifs_fr_pass; 76 3448 dh155122 ulong_t ifs_fr_frouteok[2]; 77 3448 dh155122 ulong_t ifs_fr_userifqs; 78 3448 dh155122 ulong_t ifs_fr_badcoalesces[2]; 79 3448 dh155122 uchar_t ifs_ipf_iss_secret[32]; 80 3448 dh155122 timeout_id_t ifs_fr_timer_id; 81 3448 dh155122 #if 0 82 3448 dh155122 timeout_id_t ifs_synctimeoutid; 83 3448 dh155122 #endif 84 3448 dh155122 int ifs_ipf_locks_done; 85 3448 dh155122 86 3448 dh155122 ipftoken_t *ifs_ipftokenhead; 87 3448 dh155122 ipftoken_t **ifs_ipftokentail; 88 3448 dh155122 89 3448 dh155122 ipfmutex_t ifs_ipl_mutex; 90 3448 dh155122 ipfmutex_t ifs_ipf_authmx; 91 3448 dh155122 ipfmutex_t ifs_ipf_rw; 92 3448 dh155122 ipfmutex_t ifs_ipf_timeoutlock; 93 3448 dh155122 ipfrwlock_t ifs_ipf_mutex; 94 3448 dh155122 ipfrwlock_t ifs_ipf_global; 95 10587 Alexandr ipfrwlock_t ifs_ipf_frcache; 96 3448 dh155122 ipfrwlock_t ifs_ip_poolrw; 97 3448 dh155122 ipfrwlock_t ifs_ipf_frag; 98 3448 dh155122 ipfrwlock_t ifs_ipf_state; 99 3448 dh155122 ipfrwlock_t ifs_ipf_nat; 100 3448 dh155122 ipfrwlock_t ifs_ipf_natfrag; 101 3448 dh155122 ipfmutex_t ifs_ipf_nat_new; 102 3448 dh155122 ipfmutex_t ifs_ipf_natio; 103 3448 dh155122 ipfrwlock_t ifs_ipf_auth; 104 3448 dh155122 ipfmutex_t ifs_ipf_stinsert; 105 3448 dh155122 ipfrwlock_t ifs_ipf_ipidfrag; 106 3448 dh155122 ipfrwlock_t ifs_ipf_tokens; 107 3448 dh155122 kcondvar_t ifs_iplwait; 108 3448 dh155122 kcondvar_t ifs_ipfauthwait; 109 3448 dh155122 110 3448 dh155122 ipftuneable_t *ifs_ipf_tuneables; 111 3448 dh155122 ipftuneable_t *ifs_ipf_tunelist; 112 3448 dh155122 113 3448 dh155122 /* ip_fil_solaris.c */ 114 7513 Darren hook_t *ifs_ipfhook4_in; 115 7513 Darren hook_t *ifs_ipfhook4_out; 116 7513 Darren hook_t *ifs_ipfhook4_loop_in; 117 7513 Darren hook_t *ifs_ipfhook4_loop_out; 118 7513 Darren hook_t *ifs_ipfhook4_nicevents; 119 7513 Darren hook_t *ifs_ipfhook6_in; 120 7513 Darren hook_t *ifs_ipfhook6_out; 121 7513 Darren hook_t *ifs_ipfhook6_loop_in; 122 7513 Darren hook_t *ifs_ipfhook6_loop_out; 123 7513 Darren hook_t *ifs_ipfhook6_nicevents; 124 3448 dh155122 125 3448 dh155122 /* flags to indicate whether hooks are registered. */ 126 3448 dh155122 boolean_t ifs_hook4_physical_in; 127 3448 dh155122 boolean_t ifs_hook4_physical_out; 128 3448 dh155122 boolean_t ifs_hook4_nic_events; 129 3448 dh155122 boolean_t ifs_hook4_loopback_in; 130 3448 dh155122 boolean_t ifs_hook4_loopback_out; 131 3448 dh155122 boolean_t ifs_hook6_physical_in; 132 3448 dh155122 boolean_t ifs_hook6_physical_out; 133 3448 dh155122 boolean_t ifs_hook6_nic_events; 134 3448 dh155122 boolean_t ifs_hook6_loopback_in; 135 3448 dh155122 boolean_t ifs_hook6_loopback_out; 136 3448 dh155122 137 3448 dh155122 int ifs_ipf_loopback; 138 7513 Darren net_handle_t ifs_ipf_ipv4; 139 7513 Darren net_handle_t ifs_ipf_ipv6; 140 3448 dh155122 141 3448 dh155122 /* ip_auth.c */ 142 3448 dh155122 int ifs_fr_authsize; 143 3448 dh155122 int ifs_fr_authused; 144 3448 dh155122 int ifs_fr_defaultauthage; 145 3448 dh155122 int ifs_fr_auth_lock; 146 3448 dh155122 int ifs_fr_auth_init; 147 3448 dh155122 fr_authstat_t ifs_fr_authstats; 148 3448 dh155122 frauth_t *ifs_fr_auth; 149 3448 dh155122 mb_t **ifs_fr_authpkts; 150 3448 dh155122 int ifs_fr_authstart; 151 3448 dh155122 int ifs_fr_authend; 152 3448 dh155122 int ifs_fr_authnext; 153 3448 dh155122 frauthent_t *ifs_fae_list; 154 3448 dh155122 frentry_t *ifs_ipauth; 155 3448 dh155122 frentry_t *ifs_fr_authlist; 156 3448 dh155122 157 3448 dh155122 /* ip_frag.c */ 158 3448 dh155122 ipfr_t *ifs_ipfr_list; 159 3448 dh155122 ipfr_t **ifs_ipfr_tail; 160 3448 dh155122 ipfr_t **ifs_ipfr_heads; 161 3448 dh155122 162 3448 dh155122 ipfr_t *ifs_ipfr_natlist; 163 3448 dh155122 ipfr_t **ifs_ipfr_nattail; 164 3448 dh155122 ipfr_t **ifs_ipfr_nattab; 165 3448 dh155122 166 3448 dh155122 ipfr_t *ifs_ipfr_ipidlist; 167 3448 dh155122 ipfr_t **ifs_ipfr_ipidtail; 168 3448 dh155122 ipfr_t **ifs_ipfr_ipidtab; 169 3448 dh155122 170 3448 dh155122 ipfrstat_t ifs_ipfr_stats; 171 3448 dh155122 int ifs_ipfr_inuse; 172 3448 dh155122 int ifs_ipfr_size; 173 3448 dh155122 174 3448 dh155122 int ifs_fr_ipfrttl; 175 3448 dh155122 int ifs_fr_frag_lock; 176 3448 dh155122 int ifs_fr_frag_init; 177 3448 dh155122 ulong_t ifs_fr_ticks; 178 3448 dh155122 179 3448 dh155122 frentry_t ifs_frblock; 180 3448 dh155122 181 3448 dh155122 /* ip_htable.c */ 182 3448 dh155122 iphtable_t *ifs_ipf_htables[IPL_LOGSIZE]; 183 3448 dh155122 ulong_t ifs_ipht_nomem[IPL_LOGSIZE]; 184 3448 dh155122 ulong_t ifs_ipf_nhtables[IPL_LOGSIZE]; 185 3448 dh155122 ulong_t ifs_ipf_nhtnodes[IPL_LOGSIZE]; 186 3448 dh155122 187 3448 dh155122 /* ip_log.c */ 188 3448 dh155122 iplog_t **ifs_iplh[IPL_LOGSIZE]; 189 3448 dh155122 iplog_t *ifs_iplt[IPL_LOGSIZE]; 190 3448 dh155122 iplog_t *ifs_ipll[IPL_LOGSIZE]; 191 3448 dh155122 int ifs_iplused[IPL_LOGSIZE]; 192 3448 dh155122 fr_info_t ifs_iplcrc[IPL_LOGSIZE]; 193 3448 dh155122 int ifs_ipl_suppress; 194 3448 dh155122 int ifs_ipl_buffer_sz; 195 3448 dh155122 int ifs_ipl_logmax; 196 3448 dh155122 int ifs_ipl_logall; 197 3448 dh155122 int ifs_ipl_log_init; 198 3448 dh155122 int ifs_ipl_logsize; 199 3448 dh155122 200 3448 dh155122 /* ip_lookup.c */ 201 3448 dh155122 ip_pool_stat_t ifs_ippoolstat; 202 3448 dh155122 int ifs_ip_lookup_inited; 203 3448 dh155122 204 3448 dh155122 /* ip_nat.c */ 205 3448 dh155122 /* nat_table[0] -> hashed list sorted by inside (ip, port) */ 206 3448 dh155122 /* nat_table[1] -> hashed list sorted by outside (ip, port) */ 207 3448 dh155122 nat_t **ifs_nat_table[2]; 208 3448 dh155122 nat_t *ifs_nat_instances; 209 3448 dh155122 ipnat_t *ifs_nat_list; 210 3448 dh155122 uint_t ifs_ipf_nattable_sz; 211 3448 dh155122 uint_t ifs_ipf_nattable_max; 212 3448 dh155122 uint_t ifs_ipf_natrules_sz; 213 3448 dh155122 uint_t ifs_ipf_rdrrules_sz; 214 3448 dh155122 uint_t ifs_ipf_hostmap_sz; 215 3448 dh155122 uint_t ifs_fr_nat_maxbucket; 216 3448 dh155122 uint_t ifs_fr_nat_maxbucket_reset; 217 3448 dh155122 uint32_t ifs_nat_masks; 218 3448 dh155122 uint32_t ifs_rdr_masks; 219 7176 yx160601 uint32_t ifs_nat6_masks[4]; 220 7176 yx160601 uint32_t ifs_rdr6_masks[4]; 221 3448 dh155122 ipnat_t **ifs_nat_rules; 222 3448 dh155122 ipnat_t **ifs_rdr_rules; 223 3448 dh155122 hostmap_t **ifs_maptable; 224 3448 dh155122 hostmap_t *ifs_ipf_hm_maplist; 225 3448 dh155122 226 3448 dh155122 ipftq_t ifs_nat_tqb[IPF_TCP_NSTATES]; 227 3448 dh155122 ipftq_t ifs_nat_udptq; 228 3448 dh155122 ipftq_t ifs_nat_icmptq; 229 3448 dh155122 ipftq_t ifs_nat_iptq; 230 3448 dh155122 ipftq_t *ifs_nat_utqe; 231 3448 dh155122 int ifs_nat_logging; 232 3448 dh155122 ulong_t ifs_fr_defnatage; 233 3448 dh155122 ulong_t ifs_fr_defnatipage; 234 3448 dh155122 ulong_t ifs_fr_defnaticmpage; 235 3448 dh155122 natstat_t ifs_nat_stats; 236 3448 dh155122 int ifs_fr_nat_lock; 237 3448 dh155122 int ifs_fr_nat_init; 238 8170 John uint_t ifs_nat_flush_level_hi; 239 8170 John uint_t ifs_nat_flush_level_lo; 240 4817 an207044 ulong_t ifs_nat_last_force_flush; 241 4817 an207044 int ifs_nat_doflush; 242 3448 dh155122 243 3448 dh155122 /* ip_pool.c */ 244 3448 dh155122 ip_pool_stat_t ifs_ipoolstat; 245 3448 dh155122 ip_pool_t *ifs_ip_pool_list[IPL_LOGSIZE]; 246 3448 dh155122 247 3448 dh155122 /* ip_proxy.c */ 248 3448 dh155122 ap_session_t *ifs_ap_sess_list; 249 3448 dh155122 aproxy_t *ifs_ap_proxylist; 250 3448 dh155122 aproxy_t *ifs_ap_proxies; /* copy of lcl_ap_proxies */ 251 3448 dh155122 252 3448 dh155122 /* ip_state.c */ 253 3448 dh155122 ipstate_t **ifs_ips_table; 254 3448 dh155122 ulong_t *ifs_ips_seed; 255 3448 dh155122 int ifs_ips_num; 256 3448 dh155122 ulong_t ifs_ips_last_force_flush; 257 8170 John uint_t ifs_state_flush_level_hi; 258 8170 John uint_t ifs_state_flush_level_lo; 259 3448 dh155122 ips_stat_t ifs_ips_stats; 260 3448 dh155122 261 3448 dh155122 ulong_t ifs_fr_tcpidletimeout; 262 3448 dh155122 ulong_t ifs_fr_tcpclosewait; 263 3448 dh155122 ulong_t ifs_fr_tcplastack; 264 3448 dh155122 ulong_t ifs_fr_tcptimeout; 265 3448 dh155122 ulong_t ifs_fr_tcpclosed; 266 3448 dh155122 ulong_t ifs_fr_tcphalfclosed; 267 3448 dh155122 ulong_t ifs_fr_udptimeout; 268 3448 dh155122 ulong_t ifs_fr_udpacktimeout; 269 3448 dh155122 ulong_t ifs_fr_icmptimeout; 270 3448 dh155122 ulong_t ifs_fr_icmpacktimeout; 271 3448 dh155122 int ifs_fr_statemax; 272 3448 dh155122 int ifs_fr_statesize; 273 3448 dh155122 int ifs_fr_state_doflush; 274 3448 dh155122 int ifs_fr_state_lock; 275 3448 dh155122 int ifs_fr_state_maxbucket; 276 3448 dh155122 int ifs_fr_state_maxbucket_reset; 277 3448 dh155122 int ifs_fr_state_init; 278 9876 Darren int ifs_fr_enable_active; 279 3448 dh155122 ipftq_t ifs_ips_tqtqb[IPF_TCP_NSTATES]; 280 3448 dh155122 ipftq_t ifs_ips_udptq; 281 3448 dh155122 ipftq_t ifs_ips_udpacktq; 282 3448 dh155122 ipftq_t ifs_ips_iptq; 283 3448 dh155122 ipftq_t ifs_ips_icmptq; 284 3448 dh155122 ipftq_t ifs_ips_icmpacktq; 285 4431 an207044 ipftq_t ifs_ips_deletetq; 286 3448 dh155122 ipftq_t *ifs_ips_utqe; 287 3448 dh155122 int ifs_ipstate_logging; 288 3448 dh155122 ipstate_t *ifs_ips_list; 289 3448 dh155122 ulong_t ifs_fr_iptimeout; 290 3448 dh155122 291 3448 dh155122 /* radix.c */ 292 3448 dh155122 int ifs_max_keylen; 293 3448 dh155122 struct radix_mask *ifs_rn_mkfreelist; 294 3448 dh155122 struct radix_node_head *ifs_mask_rnhead; 295 3448 dh155122 char *ifs_addmask_key; 296 3448 dh155122 char *ifs_rn_zeros; 297 3448 dh155122 char *ifs_rn_ones; 298 3448 dh155122 #ifdef KERNEL 299 3448 dh155122 /* kstats for inbound and outbound */ 300 3448 dh155122 kstat_t *ifs_kstatp[2]; 301 3448 dh155122 #endif 302 3448 dh155122 }; 303 3448 dh155122 304 3448 dh155122 #endif /* __IPF_STACK_H__ */ 305
Indexes created Sat Nov 28 12:39:51 UTC 2009
Terms of Use |
Privacy |
Trademarks |
Copyright Policy |
Site Guidelines |
Help
Your use of this web site or any of its content or software indicates your agreement to be bound by these Terms of Use.
Copyright © 1995-2008 Sun Microsystems, Inc.