svn commit: r193441 - in user/luigi/ipfw_80: sbin/ipfw sys/conf
sys/modules/dummynet sys/modules/ipfw sys/modules/ipfw_nat
sys/net sys/netgraph sys/netinet sys/netinet/ipfw
Luigi Rizzo
luigi at FreeBSD.org
Thu Jun 4 16:20:21 UTC 2009
Author: luigi
Date: Thu Jun 4 16:20:19 2009
New Revision: 193441
URL: http://svn.freebsd.org/changeset/base/193441
Log:
Prepare to move ipfw and dummynet in a private subdir,
and split headers to separate kernel and userland stuff.
Submitted by: Marta Carbone (partly, for her gsoc project)
Added:
user/luigi/ipfw_80/sys/netinet/ipfw/
user/luigi/ipfw_80/sys/netinet/ipfw/ip_dummynet.c (contents, props changed)
- copied, changed from r193385, user/luigi/ipfw_80/sys/netinet/ip_dummynet.c
user/luigi/ipfw_80/sys/netinet/ipfw/ip_dummynet_var.h
user/luigi/ipfw_80/sys/netinet/ipfw/ip_fw2.c (contents, props changed)
- copied, changed from r193385, user/luigi/ipfw_80/sys/netinet/ip_fw2.c
user/luigi/ipfw_80/sys/netinet/ipfw/ip_fw_nat.c (contents, props changed)
- copied, changed from r193385, user/luigi/ipfw_80/sys/netinet/ip_fw_nat.c
user/luigi/ipfw_80/sys/netinet/ipfw/ip_fw_pfil.c (contents, props changed)
- copied, changed from r193385, user/luigi/ipfw_80/sys/netinet/ip_fw_pfil.c
user/luigi/ipfw_80/sys/netinet/ipfw/ip_fw_var.h
Deleted:
user/luigi/ipfw_80/sys/netinet/ip_dummynet.c
user/luigi/ipfw_80/sys/netinet/ip_fw2.c
user/luigi/ipfw_80/sys/netinet/ip_fw_nat.c
user/luigi/ipfw_80/sys/netinet/ip_fw_pfil.c
Modified:
user/luigi/ipfw_80/sbin/ipfw/dummynet.c
user/luigi/ipfw_80/sys/conf/files
user/luigi/ipfw_80/sys/modules/dummynet/Makefile
user/luigi/ipfw_80/sys/modules/ipfw/Makefile
user/luigi/ipfw_80/sys/modules/ipfw_nat/Makefile
user/luigi/ipfw_80/sys/net/if_bridge.c
user/luigi/ipfw_80/sys/net/if_ethersubr.c
user/luigi/ipfw_80/sys/netgraph/ng_ipfw.c
user/luigi/ipfw_80/sys/netinet/ip_divert.c
user/luigi/ipfw_80/sys/netinet/ip_dummynet.h
user/luigi/ipfw_80/sys/netinet/ip_fw.h
user/luigi/ipfw_80/sys/netinet/ip_input.c
user/luigi/ipfw_80/sys/netinet/ip_var.h
user/luigi/ipfw_80/sys/netinet/raw_ip.c
Modified: user/luigi/ipfw_80/sbin/ipfw/dummynet.c
==============================================================================
--- user/luigi/ipfw_80/sbin/ipfw/dummynet.c Thu Jun 4 16:18:07 2009 (r193440)
+++ user/luigi/ipfw_80/sbin/ipfw/dummynet.c Thu Jun 4 16:20:19 2009 (r193441)
@@ -314,8 +314,10 @@ ipfw_list_pipes(void *data, uint nbytes,
print_extra_delay_parms(p, prefix);
print_flowset_parms(&(p->fs), prefix);
+#if 0
if (co.verbose)
printf(" V %20llu\n", align_uint64(&p->V) >> MY_M);
+#endif
q = (struct dn_flow_queue *)(p+1);
list_queues(&(p->fs), q);
Modified: user/luigi/ipfw_80/sys/conf/files
==============================================================================
--- user/luigi/ipfw_80/sys/conf/files Thu Jun 4 16:18:07 2009 (r193440)
+++ user/luigi/ipfw_80/sys/conf/files Thu Jun 4 16:20:19 2009 (r193441)
@@ -2332,14 +2332,14 @@ netinet/in_proto.c optional inet \
compile-with "${NORMAL_C} -I$S/contrib/pf"
netinet/in_rmx.c optional inet
netinet/ip_divert.c optional ipdivert
-netinet/ip_dummynet.c optional dummynet
+netinet/ipfw/ip_dummynet.c optional dummynet
netinet/ip_ecn.c optional inet | inet6
netinet/ip_encap.c optional inet | inet6
netinet/ip_fastfwd.c optional inet
-netinet/ip_fw2.c optional ipfirewall \
+netinet/ipfw/ip_fw2.c optional ipfirewall \
compile-with "${NORMAL_C} -I$S/contrib/pf"
-netinet/ip_fw_pfil.c optional ipfirewall
-netinet/ip_fw_nat.c optional ipfirewall_nat
+netinet/ipfw/ip_fw_pfil.c optional ipfirewall
+netinet/ipfw/ip_fw_nat.c optional ipfirewall_nat
netinet/ip_icmp.c optional inet
netinet/ip_input.c optional inet
netinet/ip_ipsec.c optional ipsec
Modified: user/luigi/ipfw_80/sys/modules/dummynet/Makefile
==============================================================================
--- user/luigi/ipfw_80/sys/modules/dummynet/Makefile Thu Jun 4 16:18:07 2009 (r193440)
+++ user/luigi/ipfw_80/sys/modules/dummynet/Makefile Thu Jun 4 16:20:19 2009 (r193441)
@@ -2,7 +2,7 @@
.include <bsd.own.mk>
-.PATH: ${.CURDIR}/../../netinet
+.PATH: ${.CURDIR}/../../netinet/ipfw
KMOD= dummynet
SRCS= ip_dummynet.c
SRCS+= opt_inet6.h
Modified: user/luigi/ipfw_80/sys/modules/ipfw/Makefile
==============================================================================
--- user/luigi/ipfw_80/sys/modules/ipfw/Makefile Thu Jun 4 16:18:07 2009 (r193440)
+++ user/luigi/ipfw_80/sys/modules/ipfw/Makefile Thu Jun 4 16:20:19 2009 (r193441)
@@ -2,7 +2,7 @@
.include <bsd.own.mk>
-.PATH: ${.CURDIR}/../../netinet
+.PATH: ${.CURDIR}/../../netinet/ipfw
KMOD= ipfw
SRCS= ip_fw2.c ip_fw_pfil.c
Modified: user/luigi/ipfw_80/sys/modules/ipfw_nat/Makefile
==============================================================================
--- user/luigi/ipfw_80/sys/modules/ipfw_nat/Makefile Thu Jun 4 16:18:07 2009 (r193440)
+++ user/luigi/ipfw_80/sys/modules/ipfw_nat/Makefile Thu Jun 4 16:20:19 2009 (r193441)
@@ -1,6 +1,6 @@
# $FreeBSD$
-.PATH: ${.CURDIR}/../../netinet
+.PATH: ${.CURDIR}/../../netinet/ipfw
KMOD= ipfw_nat
SRCS= ip_fw_nat.c
Modified: user/luigi/ipfw_80/sys/net/if_bridge.c
==============================================================================
--- user/luigi/ipfw_80/sys/net/if_bridge.c Thu Jun 4 16:18:07 2009 (r193440)
+++ user/luigi/ipfw_80/sys/net/if_bridge.c Thu Jun 4 16:20:19 2009 (r193441)
@@ -134,7 +134,9 @@ __FBSDID("$FreeBSD$");
#include <net/route.h>
#include <netinet/ip_fw.h>
+#include <netinet/ipfw/ip_fw_var.h>
#include <netinet/ip_dummynet.h>
+#include <netinet/ipfw/ip_dummynet_var.h>
/*
* Size of the route hash table. Must be a power of two.
Modified: user/luigi/ipfw_80/sys/net/if_ethersubr.c
==============================================================================
--- user/luigi/ipfw_80/sys/net/if_ethersubr.c Thu Jun 4 16:18:07 2009 (r193440)
+++ user/luigi/ipfw_80/sys/net/if_ethersubr.c Thu Jun 4 16:20:19 2009 (r193441)
@@ -74,7 +74,9 @@
#include <netinet/in_var.h>
#include <netinet/if_ether.h>
#include <netinet/ip_fw.h>
+#include <netinet/ipfw/ip_fw_var.h>
#include <netinet/ip_dummynet.h>
+#include <netinet/ipfw/ip_dummynet_var.h>
#include <netinet/vinet.h>
#endif
#ifdef INET6
@@ -108,6 +110,8 @@ extern u_char aarp_org_code[3];
#include <security/mac/mac_framework.h>
+
+
#ifdef CTASSERT
CTASSERT(sizeof (struct ether_header) == ETHER_ADDR_LEN * 2 + 2);
CTASSERT(sizeof (struct ether_addr) == ETHER_ADDR_LEN);
Modified: user/luigi/ipfw_80/sys/netgraph/ng_ipfw.c
==============================================================================
--- user/luigi/ipfw_80/sys/netgraph/ng_ipfw.c Thu Jun 4 16:18:07 2009 (r193440)
+++ user/luigi/ipfw_80/sys/netgraph/ng_ipfw.c Thu Jun 4 16:20:19 2009 (r193441)
@@ -44,6 +44,7 @@
#include <netinet/in_systm.h>
#include <netinet/in_var.h>
#include <netinet/ip_fw.h>
+#include <netinet/ipfw/ip_fw_var.h>
#include <netinet/ip.h>
#include <netinet/ip_var.h>
Modified: user/luigi/ipfw_80/sys/netinet/ip_divert.c
==============================================================================
--- user/luigi/ipfw_80/sys/netinet/ip_divert.c Thu Jun 4 16:18:07 2009 (r193440)
+++ user/luigi/ipfw_80/sys/netinet/ip_divert.c Thu Jun 4 16:20:19 2009 (r193441)
@@ -76,6 +76,7 @@ __FBSDID("$FreeBSD$");
#include <netinet/ip_divert.h>
#include <netinet/ip_var.h>
#include <netinet/ip_fw.h>
+#include <netinet/ipfw/ip_fw_var.h>
#include <netinet/vinet.h>
#ifdef SCTP
#include <netinet/sctp_crc32.h>
Modified: user/luigi/ipfw_80/sys/netinet/ip_dummynet.h
==============================================================================
--- user/luigi/ipfw_80/sys/netinet/ip_dummynet.h Thu Jun 4 16:18:07 2009 (r193440)
+++ user/luigi/ipfw_80/sys/netinet/ip_dummynet.h Thu Jun 4 16:20:19 2009 (r193441)
@@ -1,5 +1,5 @@
/*-
- * Copyright (c) 1998-2002 Luigi Rizzo, Universita` di Pisa
+ * Copyright (c) 1998-2009 Luigi Rizzo, Universita` di Pisa
* Portions Copyright (c) 2000 Akamba Corp.
* All rights reserved
*
@@ -37,40 +37,7 @@
* use here is pretty simple anyways.
*/
-/*
- * We start with a heap, which is used in the scheduler to decide when
- * to transmit packets etc.
- *
- * The key for the heap is used for two different values:
- *
- * 1. timer ticks- max 10K/second, so 32 bits are enough;
- *
- * 2. virtual times. These increase in steps of len/x, where len is the
- * packet length, and x is either the weight of the flow, or the
- * sum of all weights.
- * If we limit to max 1000 flows and a max weight of 100, then
- * x needs 17 bits. The packet size is 16 bits, so we can easily
- * overflow if we do not allow errors.
- * So we use a key "dn_key" which is 64 bits. Some macros are used to
- * compare key values and handle wraparounds.
- * MAX64 returns the largest of two key values.
- * MY_M is used as a shift count when doing fixed point arithmetic
- * (a better name would be useful...).
- */
typedef u_int64_t dn_key ; /* sorting key */
-#define DN_KEY_LT(a,b) ((int64_t)((a)-(b)) < 0)
-#define DN_KEY_LEQ(a,b) ((int64_t)((a)-(b)) <= 0)
-#define DN_KEY_GT(a,b) ((int64_t)((a)-(b)) > 0)
-#define DN_KEY_GEQ(a,b) ((int64_t)((a)-(b)) >= 0)
-#define MAX64(x,y) (( (int64_t) ( (y)-(x) )) > 0 ) ? (y) : (x)
-#define MY_M 16 /* number of left shift to obtain a larger precision */
-
-/*
- * XXX With this scaling, max 1000 flows, max weight 100, 1Gbit/s, the
- * virtual time wraps every 15 days.
- */
-
-
/*
* The maximum hash table size for queues. This value must be a power
* of 2.
@@ -104,31 +71,6 @@ struct dn_heap {
struct dn_heap_entry *p ; /* really an array of "size" entries */
} ;
-#ifdef _KERNEL
-/*
- * Packets processed by dummynet have an mbuf tag associated with
- * them that carries their dummynet state. This is used within
- * the dummynet code as well as outside when checking for special
- * processing requirements.
- */
-struct dn_pkt_tag {
- struct ip_fw *rule; /* matching rule */
- int dn_dir; /* action when packet comes out. */
-#define DN_TO_IP_OUT 1
-#define DN_TO_IP_IN 2
-/* Obsolete: #define DN_TO_BDG_FWD 3 */
-#define DN_TO_ETH_DEMUX 4
-#define DN_TO_ETH_OUT 5
-#define DN_TO_IP6_IN 6
-#define DN_TO_IP6_OUT 7
-#define DN_TO_IFB_FWD 8
-
- dn_key output_time; /* when the pkt is due for delivery */
- struct ifnet *ifp; /* interface, for ip_output */
- struct _ip6dn_args ip6opt; /* XXX ipv6 options */
-};
-#endif /* _KERNEL */
-
/*
* Overall structure of dummynet (with WF2Q+):
@@ -214,9 +156,9 @@ struct dn_flow_queue {
* With large bandwidth and large delays, extra_bits (and also numbytes)
* can become very large, so better play safe and use 64 bit
*/
- dn_key numbytes ; /* credit for transmission (dynamic queues) */
- dn_key extra_bits; /* extra bits simulating unavailable channel */
-
+ uint64_t numbytes ; /* credit for transmission (dynamic queues) */
+ int64_t extra_bits; /* extra bits simulating unavailable channel */
+
u_int64_t tot_pkts ; /* statistics counters */
u_int64_t tot_bytes ;
u_int32_t drops ;
@@ -338,7 +280,7 @@ struct dn_pipe { /* a pipe */
int sum; /* sum of weights of all active sessions */
/* Same as in dn_flow_queue, numbytes can become large */
- dn_key numbytes; /* bits I can transmit (more or less). */
+ int64_t numbytes; /* bits I can transmit (more or less). */
dn_key sched_time ; /* time pipe was scheduled in ready_heap */
@@ -370,30 +312,4 @@ struct dn_pipe_max {
int samples[ED_MAX_SAMPLES_NO];
};
-SLIST_HEAD(dn_pipe_head, dn_pipe);
-
-#ifdef _KERNEL
-typedef int ip_dn_ctl_t(struct sockopt *); /* raw_ip.c */
-typedef void ip_dn_ruledel_t(void *); /* ip_fw.c */
-typedef int ip_dn_io_t(struct mbuf **m, int dir, struct ip_fw_args *fwa);
-extern ip_dn_ctl_t *ip_dn_ctl_ptr;
-extern ip_dn_ruledel_t *ip_dn_ruledel_ptr;
-extern ip_dn_io_t *ip_dn_io_ptr;
-#define DUMMYNET_LOADED (ip_dn_io_ptr != NULL)
-
-/*
- * Return the IPFW rule associated with the dummynet tag; if any.
- * Make sure that the dummynet tag is not reused by lower layers.
- */
-static __inline struct ip_fw *
-ip_dn_claim_rule(struct mbuf *m)
-{
- struct m_tag *mtag = m_tag_find(m, PACKET_TAG_DUMMYNET, NULL);
- if (mtag != NULL) {
- mtag->m_tag_id = PACKET_TAG_NONE;
- return (((struct dn_pkt_tag *)(mtag+1))->rule);
- } else
- return (NULL);
-}
-#endif
#endif /* _IP_DUMMYNET_H */
Modified: user/luigi/ipfw_80/sys/netinet/ip_fw.h
==============================================================================
--- user/luigi/ipfw_80/sys/netinet/ip_fw.h Thu Jun 4 16:18:07 2009 (r193440)
+++ user/luigi/ipfw_80/sys/netinet/ip_fw.h Thu Jun 4 16:20:19 2009 (r193441)
@@ -1,5 +1,5 @@
/*-
- * Copyright (c) 2002 Luigi Rizzo, Universita` di Pisa
+ * Copyright (c) 2002-2009 Luigi Rizzo, Universita` di Pisa
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -29,6 +29,10 @@
#define _IPFW2_H
/*
+ * User visible definitions related to ipfw, including instruction opcodes.
+ */
+
+/*
* The default rule number. By the design of ip_fw, the default rule
* is the last one, so its number can also serve as the highest number
* allowed for a rule. The ip_fw code relies on both meanings of this
@@ -560,207 +564,4 @@ typedef struct _ipfw_table {
#define IP_FW_TABLEARG 65535
-/*
- * Main firewall chains definitions and global var's definitions.
- */
-#ifdef _KERNEL
-
-/* Return values from ipfw_chk() */
-enum {
- IP_FW_PASS = 0,
- IP_FW_DENY,
- IP_FW_DIVERT,
- IP_FW_TEE,
- IP_FW_DUMMYNET,
- IP_FW_NETGRAPH,
- IP_FW_NGTEE,
- IP_FW_NAT,
- IP_FW_REASS,
-};
-
-/* flags for divert mtag */
-#define IP_FW_DIVERT_LOOPBACK_FLAG 0x00080000
-#define IP_FW_DIVERT_OUTPUT_FLAG 0x00100000
-
-/*
- * Structure for collecting parameters to dummynet for ip6_output forwarding
- */
-struct _ip6dn_args {
- struct ip6_pktopts *opt_or;
- struct route_in6 ro_or;
- int flags_or;
- struct ip6_moptions *im6o_or;
- struct ifnet *origifp_or;
- struct ifnet *ifp_or;
- struct sockaddr_in6 dst_or;
- u_long mtu_or;
- struct route_in6 ro_pmtu_or;
-};
-
-/*
- * Arguments for calling ipfw_chk() and dummynet_io(). We put them
- * all into a structure because this way it is easier and more
- * efficient to pass variables around and extend the interface.
- */
-struct ip_fw_args {
- struct mbuf *m; /* the mbuf chain */
- struct ifnet *oif; /* output interface */
- struct sockaddr_in *next_hop; /* forward address */
- struct ip_fw *rule; /* matching rule */
- struct ether_header *eh; /* for bridged packets */
-
- struct ipfw_flow_id f_id; /* grabbed from IP header */
- u_int32_t cookie; /* a cookie depending on rule action */
- struct inpcb *inp;
-
- struct _ip6dn_args dummypar; /* dummynet->ip6_output */
- struct sockaddr_in hopstore; /* store here if cannot use a pointer */
-};
-
-/*
- * Function definitions.
- */
-
-/* Firewall hooks */
-struct sockopt;
-struct dn_flow_set;
-
-int ipfw_check_in(void *, struct mbuf **, struct ifnet *, int, struct inpcb *inp);
-int ipfw_check_out(void *, struct mbuf **, struct ifnet *, int, struct inpcb *inp);
-
-int ipfw_chk(struct ip_fw_args *);
-
-int ipfw_init(void);
-void ipfw_destroy(void);
-#ifdef NOTYET
-void ipfw_nat_destroy(void);
-#endif
-
-typedef int ip_fw_ctl_t(struct sockopt *);
-extern ip_fw_ctl_t *ip_fw_ctl_ptr;
-
-#ifdef VIMAGE_GLOBALS
-extern int fw_one_pass;
-extern int fw_enable;
-#ifdef INET6
-extern int fw6_enable;
-#endif
-#endif
-
-/* For kernel ipfw_ether and ipfw_bridge. */
-typedef int ip_fw_chk_t(struct ip_fw_args *args);
-extern ip_fw_chk_t *ip_fw_chk_ptr;
-#define IPFW_LOADED (ip_fw_chk_ptr != NULL)
-
-struct ip_fw_chain {
- struct ip_fw *rules; /* list of rules */
- struct ip_fw *reap; /* list of rules to reap */
- LIST_HEAD(, cfg_nat) nat; /* list of nat entries */
- struct radix_node_head *tables[IPFW_TABLES_MAX];
- struct rwlock rwmtx;
-};
-
-#ifdef IPFW_INTERNAL
-
-#define IPFW_LOCK_INIT(_chain) \
- rw_init(&(_chain)->rwmtx, "IPFW static rules")
-#define IPFW_LOCK_DESTROY(_chain) rw_destroy(&(_chain)->rwmtx)
-#define IPFW_WLOCK_ASSERT(_chain) rw_assert(&(_chain)->rwmtx, RA_WLOCKED)
-
-#define IPFW_RLOCK(p) rw_rlock(&(p)->rwmtx)
-#define IPFW_RUNLOCK(p) rw_runlock(&(p)->rwmtx)
-#define IPFW_WLOCK(p) rw_wlock(&(p)->rwmtx)
-#define IPFW_WUNLOCK(p) rw_wunlock(&(p)->rwmtx)
-
-#define LOOKUP_NAT(l, i, p) do { \
- LIST_FOREACH((p), &(l.nat), _next) { \
- if ((p)->id == (i)) { \
- break; \
- } \
- } \
- } while (0)
-
-typedef int ipfw_nat_t(struct ip_fw_args *, struct cfg_nat *, struct mbuf *);
-typedef int ipfw_nat_cfg_t(struct sockopt *);
-#endif
-
-struct eventhandler_entry;
-/*
- * Stack virtualization support.
- */
-struct vnet_ipfw {
- int _fw_enable;
- int _fw6_enable;
- u_int32_t _set_disable;
- int _fw_deny_unknown_exthdrs;
- int _fw_verbose;
- int _verbose_limit;
- int _autoinc_step;
- ipfw_dyn_rule ** _ipfw_dyn_v;
- uma_zone_t _ipfw_dyn_rule_zone;
- struct ip_fw_chain _layer3_chain;
- u_int32_t _dyn_buckets;
- u_int32_t _curr_dyn_buckets;
- u_int32_t _dyn_ack_lifetime;
- u_int32_t _dyn_syn_lifetime;
- u_int32_t _dyn_fin_lifetime;
- u_int32_t _dyn_rst_lifetime;
- u_int32_t _dyn_udp_lifetime;
- u_int32_t _dyn_short_lifetime;
- u_int32_t _dyn_keepalive_interval;
- u_int32_t _dyn_keepalive_period;
- u_int32_t _dyn_keepalive;
- u_int32_t _static_count;
- u_int32_t _static_len;
- u_int32_t _dyn_count;
- u_int32_t _dyn_max;
- u_int64_t _norule_counter;
- struct callout _ipfw_timeout;
- struct eventhandler_entry *_ifaddr_event_tag;
-};
-
-#ifndef VIMAGE
-#ifndef VIMAGE_GLOBALS
-extern struct vnet_ipfw vnet_ipfw_0;
-#endif
-#endif
-
-/*
- * Symbol translation macros
- */
-#define INIT_VNET_IPFW(vnet) \
- INIT_FROM_VNET(vnet, VNET_MOD_IPFW, struct vnet_ipfw, vnet_ipfw)
-
-#define VNET_IPFW(sym) VSYM(vnet_ipfw, sym)
-
-#define V_fw_enable VNET_IPFW(fw_enable)
-#define V_fw6_enable VNET_IPFW(fw6_enable)
-#define V_set_disable VNET_IPFW(set_disable)
-#define V_fw_deny_unknown_exthdrs VNET_IPFW(fw_deny_unknown_exthdrs)
-#define V_fw_verbose VNET_IPFW(fw_verbose)
-#define V_verbose_limit VNET_IPFW(verbose_limit)
-#define V_autoinc_step VNET_IPFW(autoinc_step)
-#define V_ipfw_dyn_v VNET_IPFW(ipfw_dyn_v)
-#define V_ipfw_dyn_rule_zone VNET_IPFW(ipfw_dyn_rule_zone)
-#define V_layer3_chain VNET_IPFW(layer3_chain)
-#define V_dyn_buckets VNET_IPFW(dyn_buckets)
-#define V_curr_dyn_buckets VNET_IPFW(curr_dyn_buckets)
-#define V_dyn_ack_lifetime VNET_IPFW(dyn_ack_lifetime)
-#define V_dyn_syn_lifetime VNET_IPFW(dyn_syn_lifetime)
-#define V_dyn_fin_lifetime VNET_IPFW(dyn_fin_lifetime)
-#define V_dyn_rst_lifetime VNET_IPFW(dyn_rst_lifetime)
-#define V_dyn_udp_lifetime VNET_IPFW(dyn_udp_lifetime)
-#define V_dyn_short_lifetime VNET_IPFW(dyn_short_lifetime)
-#define V_dyn_keepalive_interval VNET_IPFW(dyn_keepalive_interval)
-#define V_dyn_keepalive_period VNET_IPFW(dyn_keepalive_period)
-#define V_dyn_keepalive VNET_IPFW(dyn_keepalive)
-#define V_static_count VNET_IPFW(static_count)
-#define V_static_len VNET_IPFW(static_len)
-#define V_dyn_count VNET_IPFW(dyn_count)
-#define V_dyn_max VNET_IPFW(dyn_max)
-#define V_norule_counter VNET_IPFW(norule_counter)
-#define V_ipfw_timeout VNET_IPFW(ipfw_timeout)
-#define V_ifaddr_event_tag VNET_IPFW(ifaddr_event_tag)
-
-#endif /* _KERNEL */
#endif /* _IPFW2_H */
Modified: user/luigi/ipfw_80/sys/netinet/ip_input.c
==============================================================================
--- user/luigi/ipfw_80/sys/netinet/ip_input.c Thu Jun 4 16:18:07 2009 (r193440)
+++ user/luigi/ipfw_80/sys/netinet/ip_input.c Thu Jun 4 16:20:19 2009 (r193441)
@@ -85,10 +85,6 @@ __FBSDID("$FreeBSD$");
#include <sys/socketvar.h>
-/* XXX: Temporary until ipfw_ether and ipfw_bridge are converted. */
-#include <netinet/ip_fw.h>
-#include <netinet/ip_dummynet.h>
-
#include <security/mac/mac_framework.h>
#ifdef CTASSERT
Modified: user/luigi/ipfw_80/sys/netinet/ip_var.h
==============================================================================
--- user/luigi/ipfw_80/sys/netinet/ip_var.h Thu Jun 4 16:18:07 2009 (r193440)
+++ user/luigi/ipfw_80/sys/netinet/ip_var.h Thu Jun 4 16:20:19 2009 (r193441)
@@ -173,7 +173,8 @@ extern int ipstealth; /* stealth forwar
extern int rsvp_on;
extern struct socket *ip_rsvpd; /* reservation protocol daemon */
extern struct socket *ip_mrouter; /* multicast routing daemon */
-#endif
+#endif /* VIMAGE_GLOBALS */
+
extern u_char ip_protox[];
extern int (*legal_vif_num)(int);
extern u_long (*ip_mcast_src)(int);
@@ -223,6 +224,24 @@ extern struct pfil_head inet_pfil_hook;
void in_delayed_cksum(struct mbuf *m);
+/* Prototypes for ipfw and dummynet hooks */
+typedef int ip_fw_ctl_t(struct sockopt *);
+extern ip_fw_ctl_t *ip_fw_ctl_ptr;
+/* For kernel ipfw_ether and ipfw_bridge. */
+struct ip_fw_args;
+typedef int ip_fw_chk_t(struct ip_fw_args *args);
+extern ip_fw_chk_t *ip_fw_chk_ptr;
+#define IPFW_LOADED (ip_fw_chk_ptr != NULL)
+
+typedef int ip_dn_ctl_t(struct sockopt *); /* raw_ip.c */
+typedef void ip_dn_ruledel_t(void *); /* ip_fw.c */
+typedef int ip_dn_io_t(struct mbuf **m, int dir, struct ip_fw_args *fwa);
+extern ip_dn_ctl_t *ip_dn_ctl_ptr;
+extern ip_dn_ruledel_t *ip_dn_ruledel_ptr;
+extern ip_dn_io_t *ip_dn_io_ptr;
+#define DUMMYNET_LOADED (ip_dn_io_ptr != NULL)
+
+
#endif /* _KERNEL */
#endif /* !_NETINET_IP_VAR_H_ */
Copied and modified: user/luigi/ipfw_80/sys/netinet/ipfw/ip_dummynet.c (from r193385, user/luigi/ipfw_80/sys/netinet/ip_dummynet.c)
==============================================================================
--- user/luigi/ipfw_80/sys/netinet/ip_dummynet.c Wed Jun 3 16:10:08 2009 (r193385, copy source)
+++ user/luigi/ipfw_80/sys/netinet/ipfw/ip_dummynet.c Thu Jun 4 16:20:19 2009 (r193441)
@@ -77,7 +77,9 @@ __FBSDID("$FreeBSD$");
#include <netinet/in.h>
#include <netinet/ip.h> /* ip_len, ip_off */
#include <netinet/ip_fw.h>
+#include <netinet/ipfw/ip_fw_var.h>
#include <netinet/ip_dummynet.h>
+#include <netinet/ipfw/ip_dummynet_var.h>
#include <netinet/ip_var.h> /* ip_output(), IP_FORWARDING */
#include <netinet/if_ether.h> /* various ether_* routines */
Added: user/luigi/ipfw_80/sys/netinet/ipfw/ip_dummynet_var.h
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ user/luigi/ipfw_80/sys/netinet/ipfw/ip_dummynet_var.h Thu Jun 4 16:20:19 2009 (r193441)
@@ -0,0 +1,322 @@
+/*-
+ * Copyright (c) 1998-2009 Luigi Rizzo, Universita` di Pisa
+ * Portions Copyright (c) 2000 Akamba Corp.
+ * All rights reserved
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * $FreeBSD: head/sys/netinet/ip_dummynet.h 193435 2009-06-04 12:27:57Z luigi $
+ */
+
+#ifndef _IP_DUMMYNET_VAR_H
+#define _IP_DUMMYNET_VAR_H
+
+/*
+ * Kernel-visible parts of dummynet data structures.
+ * Users of this file will often also need netinet/ip_dummynet.h.
+ * Definition of dummynet data structures. In the structures, I decided
+ * not to use the macros in <sys/queue.h> in the hope of making the code
+ * easier to port to other architectures. The type of lists and queue we
+ * use here is pretty simple anyways.
+ */
+
+/*
+ * We start with a heap, which is used in the scheduler to decide when
+ * to transmit packets etc.
+ *
+ * The key for the heap is used for two different values:
+ *
+ * 1. timer ticks- max 10K/second, so 32 bits are enough;
+ *
+ * 2. virtual times. These increase in steps of len/x, where len is the
+ * packet length, and x is either the weight of the flow, or the
+ * sum of all weights.
+ * If we limit to max 1000 flows and a max weight of 100, then
+ * x needs 17 bits. The packet size is 16 bits, so we can easily
+ * overflow if we do not allow errors.
+ * So we use a key "dn_key" which is 64 bits. Some macros are used to
+ * compare key values and handle wraparounds.
+ * MAX64 returns the largest of two key values.
+ * MY_M is used as a shift count when doing fixed point arithmetic
+ * (a better name would be useful...).
+ */
+#define DN_KEY_LT(a,b) ((int64_t)((a)-(b)) < 0)
+#define DN_KEY_LEQ(a,b) ((int64_t)((a)-(b)) <= 0)
+#define DN_KEY_GT(a,b) ((int64_t)((a)-(b)) > 0)
+#define DN_KEY_GEQ(a,b) ((int64_t)((a)-(b)) >= 0)
+#define MAX64(x,y) (( (int64_t) ( (y)-(x) )) > 0 ) ? (y) : (x)
+#define MY_M 16 /* number of left shift to obtain a larger precision */
+
+/*
+ * XXX With this scaling, max 1000 flows, max weight 100, 1Gbit/s, the
+ * virtual time wraps every 15 days.
+ */
+
+
+/*
+ * The maximum hash table size for queues. This value must be a power
+ * of 2.
+ */
+#define DN_MAX_HASH_SIZE 65536
+
+/*
+ * Packets processed by dummynet have an mbuf tag associated with
+ * them that carries their dummynet state. This is used within
+ * the dummynet code as well as outside when checking for special
+ * processing requirements.
+ */
+struct dn_pkt_tag {
+ struct ip_fw *rule; /* matching rule */
+ int dn_dir; /* action when packet comes out. */
+#define DN_TO_IP_OUT 1
+#define DN_TO_IP_IN 2
+/* Obsolete: #define DN_TO_BDG_FWD 3 */
+#define DN_TO_ETH_DEMUX 4
+#define DN_TO_ETH_OUT 5
+#define DN_TO_IP6_IN 6
+#define DN_TO_IP6_OUT 7
+#define DN_TO_IFB_FWD 8
+
+ dn_key output_time; /* when the pkt is due for delivery */
+ struct ifnet *ifp; /* interface, for ip_output */
+ struct _ip6dn_args ip6opt; /* XXX ipv6 options */
+};
+
+#if 0
+/*
+ * Stuff already defined in the userland visible part.
+ * We keep it here because when the userland representation changes,
+ * the in-kernel representation might remain the same.
+ */
+
+
+/*
+ * per flow queue. This contains the flow identifier, the queue
+ * of packets, counters, and parameters used to support both RED and
+ * WF2Q+.
+ *
+ * A dn_flow_queue is created and initialized whenever a packet for
+ * a new flow arrives.
+ */
+struct dn_flow_queue {
+ struct dn_flow_queue *next ;
+ struct ipfw_flow_id id ;
+
+ struct mbuf *head, *tail ; /* queue of packets */
+ u_int len ;
+ u_int len_bytes ;
+
+ /*
+ * When we emulate MAC overheads, or channel unavailability due
+ * to other traffic on a shared medium, we augment the packet at
+ * the head of the queue with an 'extra_bits' field representsing
+ * the additional delay the packet will be subject to:
+ * extra_bits = bw*unavailable_time.
+ * With large bandwidth and large delays, extra_bits (and also numbytes)
+ * can become very large, so better play safe and use 64 bit
+ */
+ uint64_t numbytes ; /* credit for transmission (dynamic queues) */
+ int64_t extra_bits; /* extra bits simulating unavailable channel */
+
+ u_int64_t tot_pkts ; /* statistics counters */
+ u_int64_t tot_bytes ;
+ u_int32_t drops ;
+
+ int hash_slot ; /* debugging/diagnostic */
+
+ /* RED parameters */
+ int avg ; /* average queue length est. (scaled) */
+ int count ; /* arrivals since last RED drop */
+ int random ; /* random value (scaled) */
+ dn_key q_time; /* start of queue idle time */
+
+ /* WF2Q+ support */
+ struct dn_flow_set *fs ; /* parent flow set */
+ int heap_pos ; /* position (index) of struct in heap */
+ dn_key sched_time ; /* current time when queue enters ready_heap */
+
+ dn_key S,F ; /* start time, finish time */
+ /*
+ * Setting F < S means the timestamp is invalid. We only need
+ * to test this when the queue is empty.
+ */
+} ;
+
+/*
+ * flow_set descriptor. Contains the "template" parameters for the
+ * queue configuration, and pointers to the hash table of dn_flow_queue's.
+ *
+ * The hash table is an array of lists -- we identify the slot by
+ * hashing the flow-id, then scan the list looking for a match.
+ * The size of the hash table (buckets) is configurable on a per-queue
+ * basis.
+ *
+ * A dn_flow_set is created whenever a new queue or pipe is created (in the
+ * latter case, the structure is located inside the struct dn_pipe).
+ */
+struct dn_flow_set {
+ SLIST_ENTRY(dn_flow_set) next; /* linked list in a hash slot */
+
+ u_short fs_nr ; /* flow_set number */
+ u_short flags_fs;
+#define DN_HAVE_FLOW_MASK 0x0001
+#define DN_IS_RED 0x0002
+#define DN_IS_GENTLE_RED 0x0004
+#define DN_QSIZE_IS_BYTES 0x0008 /* queue size is measured in bytes */
+#define DN_NOERROR 0x0010 /* do not report ENOBUFS on drops */
+#define DN_HAS_PROFILE 0x0020 /* the pipe has a delay profile. */
+#define DN_IS_PIPE 0x4000
+#define DN_IS_QUEUE 0x8000
+
+ struct dn_pipe *pipe ; /* pointer to parent pipe */
+ u_short parent_nr ; /* parent pipe#, 0 if local to a pipe */
+
+ int weight ; /* WFQ queue weight */
+ int qsize ; /* queue size in slots or bytes */
+ int plr ; /* pkt loss rate (2^31-1 means 100%) */
+
+ struct ipfw_flow_id flow_mask ;
+
+ /* hash table of queues onto this flow_set */
+ int rq_size ; /* number of slots */
+ int rq_elements ; /* active elements */
+ struct dn_flow_queue **rq; /* array of rq_size entries */
+
+ u_int32_t last_expired ; /* do not expire too frequently */
+ int backlogged ; /* #active queues for this flowset */
+
+ /* RED parameters */
+#define SCALE_RED 16
+#define SCALE(x) ( (x) << SCALE_RED )
+#define SCALE_VAL(x) ( (x) >> SCALE_RED )
+#define SCALE_MUL(x,y) ( ( (x) * (y) ) >> SCALE_RED )
+ int w_q ; /* queue weight (scaled) */
+ int max_th ; /* maximum threshold for queue (scaled) */
+ int min_th ; /* minimum threshold for queue (scaled) */
+ int max_p ; /* maximum value for p_b (scaled) */
+ u_int c_1 ; /* max_p/(max_th-min_th) (scaled) */
+ u_int c_2 ; /* max_p*min_th/(max_th-min_th) (scaled) */
+ u_int c_3 ; /* for GRED, (1-max_p)/max_th (scaled) */
+ u_int c_4 ; /* for GRED, 1 - 2*max_p (scaled) */
+ u_int * w_q_lookup ; /* lookup table for computing (1-w_q)^t */
+ u_int lookup_depth ; /* depth of lookup table */
+ int lookup_step ; /* granularity inside the lookup table */
+ int lookup_weight ; /* equal to (1-w_q)^t / (1-w_q)^(t+1) */
+ int avg_pkt_size ; /* medium packet size */
+ int max_pkt_size ; /* max packet size */
+};
+SLIST_HEAD(dn_flow_set_head, dn_flow_set);
+
+/*
+ * Pipe descriptor. Contains global parameters, delay-line queue,
+ * and the flow_set used for fixed-rate queues.
+ *
+ * For WF2Q+ support it also has 3 heaps holding dn_flow_queue:
+ * not_eligible_heap, for queues whose start time is higher
+ * than the virtual time. Sorted by start time.
+ * scheduler_heap, for queues eligible for scheduling. Sorted by
+ * finish time.
+ * idle_heap, all flows that are idle and can be removed. We
+ * do that on each tick so we do not slow down too much
+ * operations during forwarding.
+ *
+ */
+struct dn_pipe { /* a pipe */
+ SLIST_ENTRY(dn_pipe) next; /* linked list in a hash slot */
+
+ int pipe_nr ; /* number */
+ int bandwidth; /* really, bytes/tick. */
+ int delay ; /* really, ticks */
+
+ struct mbuf *head, *tail ; /* packets in delay line */
+
+ /* WF2Q+ */
+ struct dn_heap scheduler_heap ; /* top extract - key Finish time*/
+ struct dn_heap not_eligible_heap; /* top extract- key Start time */
+ struct dn_heap idle_heap ; /* random extract - key Start=Finish time */
+
+ dn_key V ; /* virtual time */
+ int sum; /* sum of weights of all active sessions */
+
+ /* Same as in dn_flow_queue, numbytes can become large */
+ int64_t numbytes; /* bits I can transmit (more or less). */
+
+ dn_key sched_time ; /* time pipe was scheduled in ready_heap */
+
+ /*
+ * When the tx clock come from an interface (if_name[0] != '\0'), its name
+ * is stored below, whereas the ifp is filled when the rule is configured.
+ */
+ char if_name[IFNAMSIZ];
+ struct ifnet *ifp ;
+ int ready ; /* set if ifp != NULL and we got a signal from it */
+
+ struct dn_flow_set fs ; /* used with fixed-rate flows */
+
+ /* fields to simulate a delay profile */
+
+#define ED_MAX_NAME_LEN 32
+ char name[ED_MAX_NAME_LEN];
+ int loss_level;
+ int samples_no;
+ int *samples;
+};
+
+/* dn_pipe_max is used to pass pipe configuration from userland onto
+ * kernel space and back
+ */
+#define ED_MAX_SAMPLES_NO 1024
+struct dn_pipe_max {
+ struct dn_pipe pipe;
+ int samples[ED_MAX_SAMPLES_NO];
+};
+#endif /* kernel version of pipes/queues, already defined in userland */
+
+SLIST_HEAD(dn_pipe_head, dn_pipe);
+
+#if 0
+typedef int ip_dn_ctl_t(struct sockopt *); /* raw_ip.c */
+typedef void ip_dn_ruledel_t(void *); /* ip_fw.c */
+typedef int ip_dn_io_t(struct mbuf **m, int dir, struct ip_fw_args *fwa);
+extern ip_dn_ctl_t *ip_dn_ctl_ptr;
+extern ip_dn_ruledel_t *ip_dn_ruledel_ptr;
+extern ip_dn_io_t *ip_dn_io_ptr;
+#define DUMMYNET_LOADED (ip_dn_io_ptr != NULL)
+#endif
+
+#ifdef _KERNEL
+/*
+ * Return the IPFW rule associated with the dummynet tag; if any.
+ * Make sure that the dummynet tag is not reused by lower layers.
+ */
+static __inline struct ip_fw *
+ip_dn_claim_rule(struct mbuf *m)
+{
+ struct m_tag *mtag = m_tag_find(m, PACKET_TAG_DUMMYNET, NULL);
+ if (mtag != NULL) {
+ mtag->m_tag_id = PACKET_TAG_NONE;
+ return (((struct dn_pkt_tag *)(mtag+1))->rule);
+ } else
+ return (NULL);
+}
+#endif
+#endif /* _IP_DUMMYNET_VAR_H */
Copied and modified: user/luigi/ipfw_80/sys/netinet/ipfw/ip_fw2.c (from r193385, user/luigi/ipfw_80/sys/netinet/ip_fw2.c)
==============================================================================
--- user/luigi/ipfw_80/sys/netinet/ip_fw2.c Wed Jun 3 16:10:08 2009 (r193385, copy source)
+++ user/luigi/ipfw_80/sys/netinet/ipfw/ip_fw2.c Thu Jun 4 16:20:19 2009 (r193441)
@@ -82,8 +82,10 @@ __FBSDID("$FreeBSD$");
#include <netinet/ip_var.h>
#include <netinet/ip_icmp.h>
#include <netinet/ip_fw.h>
+#include <netinet/ipfw/ip_fw_var.h>
#include <netinet/ip_divert.h>
#include <netinet/ip_dummynet.h>
+#include <netinet/ipfw/ip_dummynet_var.h>
#include <netinet/ip_carp.h>
#include <netinet/pim.h>
#include <netinet/tcp_var.h>
Copied and modified: user/luigi/ipfw_80/sys/netinet/ipfw/ip_fw_nat.c (from r193385, user/luigi/ipfw_80/sys/netinet/ip_fw_nat.c)
==============================================================================
--- user/luigi/ipfw_80/sys/netinet/ip_fw_nat.c Wed Jun 3 16:10:08 2009 (r193385, copy source)
+++ user/luigi/ipfw_80/sys/netinet/ipfw/ip_fw_nat.c Thu Jun 4 16:20:19 2009 (r193441)
@@ -58,6 +58,7 @@ __FBSDID("$FreeBSD$");
#include <netinet/ip_var.h>
#include <netinet/ip_icmp.h>
#include <netinet/ip_fw.h>
+#include <netinet/ipfw/ip_fw_var.h>
#include <netinet/tcp.h>
#include <netinet/tcp_timer.h>
#include <netinet/tcp_var.h>
Copied and modified: user/luigi/ipfw_80/sys/netinet/ipfw/ip_fw_pfil.c (from r193385, user/luigi/ipfw_80/sys/netinet/ip_fw_pfil.c)
==============================================================================
--- user/luigi/ipfw_80/sys/netinet/ip_fw_pfil.c Wed Jun 3 16:10:08 2009 (r193385, copy source)
+++ user/luigi/ipfw_80/sys/netinet/ipfw/ip_fw_pfil.c Thu Jun 4 16:20:19 2009 (r193441)
@@ -60,8 +60,10 @@ __FBSDID("$FreeBSD$");
#include <netinet/ip.h>
#include <netinet/ip_var.h>
#include <netinet/ip_fw.h>
+#include <netinet/ipfw/ip_fw_var.h>
#include <netinet/ip_divert.h>
#include <netinet/ip_dummynet.h>
+#include <netinet/ipfw/ip_dummynet_var.h>
#include <netinet/vinet.h>
#include <netgraph/ng_ipfw.h>
Added: user/luigi/ipfw_80/sys/netinet/ipfw/ip_fw_var.h
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ user/luigi/ipfw_80/sys/netinet/ipfw/ip_fw_var.h Thu Jun 4 16:20:19 2009 (r193441)
@@ -0,0 +1,252 @@
+/*-
+ * Copyright (c) 2002-2009 Luigi Rizzo, Universita` di Pisa
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * $FreeBSD: user/luigi/ipfw_80/sys/netinet/ip_fw.h 191738 2009-05-02 08:16:26Z zec $
+ */
+
+#ifndef _IPFW2_VAR_H
+#define _IPFW2_VAR_H
+
+/*
+ * Kernel side of ipfw data structures.
+ */
+/*
+ * The default rule number. By the design of ip_fw, the default rule
+ * is the last one, so its number can also serve as the highest number
+ * allowed for a rule. The ip_fw code relies on both meanings of this
+ * constant.
+ */
+#define IPFW_DEFAULT_RULE 65535
+
+/*
+ * The number of ipfw tables. The maximum allowed table number is the
+ * (IPFW_TABLES_MAX - 1).
+ */
+#define IPFW_TABLES_MAX 128
+
+
+#define MTAG_IPFW 1148380143 /* IPFW-tagged cookie */
+
+/* Apply ipv6 mask on ipv6 addr */
+#define APPLY_MASK(addr,mask) \
+ (addr)->__u6_addr.__u6_addr32[0] &= (mask)->__u6_addr.__u6_addr32[0]; \
+ (addr)->__u6_addr.__u6_addr32[1] &= (mask)->__u6_addr.__u6_addr32[1]; \
+ (addr)->__u6_addr.__u6_addr32[2] &= (mask)->__u6_addr.__u6_addr32[2]; \
+ (addr)->__u6_addr.__u6_addr32[3] &= (mask)->__u6_addr.__u6_addr32[3];
+
+
+/*
+ * Main firewall chains definitions and global var's definitions.
+ */
+
+/* Return values from ipfw_chk() */
+enum {
+ IP_FW_PASS = 0,
+ IP_FW_DENY,
+ IP_FW_DIVERT,
+ IP_FW_TEE,
+ IP_FW_DUMMYNET,
+ IP_FW_NETGRAPH,
+ IP_FW_NGTEE,
+ IP_FW_NAT,
+ IP_FW_REASS,
+};
+
+/* flags for divert mtag */
+#define IP_FW_DIVERT_LOOPBACK_FLAG 0x00080000
+#define IP_FW_DIVERT_OUTPUT_FLAG 0x00100000
+
+/*
+ * Structure for collecting parameters to dummynet for ip6_output forwarding
+ */
+struct _ip6dn_args {
+ struct ip6_pktopts *opt_or;
+ struct route_in6 ro_or;
+ int flags_or;
+ struct ip6_moptions *im6o_or;
+ struct ifnet *origifp_or;
+ struct ifnet *ifp_or;
+ struct sockaddr_in6 dst_or;
+ u_long mtu_or;
+ struct route_in6 ro_pmtu_or;
*** DIFF OUTPUT TRUNCATED AT 1000 LINES ***
More information about the svn-src-user
mailing list