search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Merge illumos-gate
[unleashed.git] / include / netinet / ipf_stack.h
bloba239f1c1caf1fd0caa9e990d3375104e889f0714
1 /*
2 * Copyright (C) 1993-2001, 2003 by Darren Reed.
3 *
4 * See the IPFILTER.LICENCE file for details on licencing.
5 *
6 * Copyright 2009 Sun Microsystems, Inc. All rights reserved.
7 * Use is subject to license terms.
8 *
9 * Copyright 2014 Joyent, Inc. All rights reserved.
10 */
11
12 #ifndef __IPF_STACK_H__
13 #define __IPF_STACK_H__
14
15 /* FIXME: appears needed for ip_proxy.h - tcpseq */
16 #include <net/route.h>
17 #include <netinet/in.h>
18 #include <netinet/in_systm.h>
19 #include <netinet/ip.h>
20 #include <netinet/ip_var.h>
21 #include <netinet/tcp.h>
22 #include <netinet/udp.h>
23 #include <netinet/ip_icmp.h>
24 #include <netinet/tcpip.h>
25
26 #include "ip_compat.h"
27 #include "ip_fil.h"
28 #include "ip_nat.h"
29 #include "ip_frag.h"
30 #include "ip_state.h"
31 #include "ip_proxy.h"
32 #include "ip_auth.h"
33 #include "ip_lookup.h"
34 #include "ip_pool.h"
35 #include "ip_htable.h"
36 #include <net/radix.h>
37 #include <sys/neti.h>
38 #include <sys/hook.h>
39
40 /*
41 * IPF stack instances
42 */
43 struct ipf_stack {
44 struct ipf_stack *ifs_next;
45 struct ipf_stack **ifs_pnext;
46 struct ipf_stack *ifs_gz_cont_ifs;
47 netid_t ifs_netid;
48 zoneid_t ifs_zone;
49 boolean_t ifs_gz_controlled;
50
51 /* ipf module */
52 fr_info_t ifs_frcache[2][8];
53
54 filterstats_t ifs_frstats[2];
55 frentry_t *ifs_ipfilter[2][2];
56 frentry_t *ifs_ipfilter6[2][2];
57 frentry_t *ifs_ipacct6[2][2];
58 frentry_t *ifs_ipacct[2][2];
59 #if 0 /* not used */
60 frentry_t *ifs_ipnatrules[2][2];
61 #endif
62 frgroup_t *ifs_ipfgroups[IPL_LOGSIZE][2];
63 int ifs_fr_refcnt;
64 /*
65 * For fr_running:
66 * 0 == loading, 1 = running, -1 = disabled, -2 = unloading
67 */
68 int ifs_fr_running;
69 int ifs_fr_flags;
70 int ifs_fr_active;
71 int ifs_fr_control_forwarding;
72 int ifs_fr_update_ipid;
73 #if 0
74 ushort_t ifs_fr_ip_id;
75 #endif
76 int ifs_fr_chksrc;
77 int ifs_fr_minttl;
78 int ifs_fr_icmpminfragmtu;
79 int ifs_fr_pass;
80 ulong_t ifs_fr_frouteok[2];
81 ulong_t ifs_fr_userifqs;
82 ulong_t ifs_fr_badcoalesces[2];
83 uchar_t ifs_ipf_iss_secret[32];
84 timeout_id_t ifs_fr_timer_id;
85 #if 0
86 timeout_id_t ifs_synctimeoutid;
87 #endif
88 int ifs_ipf_locks_done;
89
90 ipftoken_t *ifs_ipftokenhead;
91 ipftoken_t **ifs_ipftokentail;
92
93 ipfmutex_t ifs_ipl_mutex;
94 ipfmutex_t ifs_ipf_authmx;
95 ipfmutex_t ifs_ipf_rw;
96 ipfmutex_t ifs_ipf_timeoutlock;
97 ipfrwlock_t ifs_ipf_mutex;
98 ipfrwlock_t ifs_ipf_global;
99 ipfrwlock_t ifs_ipf_frcache;
100 ipfrwlock_t ifs_ip_poolrw;
101 ipfrwlock_t ifs_ipf_frag;
102 ipfrwlock_t ifs_ipf_state;
103 ipfrwlock_t ifs_ipf_nat;
104 ipfrwlock_t ifs_ipf_natfrag;
105 ipfmutex_t ifs_ipf_nat_new;
106 ipfmutex_t ifs_ipf_natio;
107 ipfrwlock_t ifs_ipf_auth;
108 ipfmutex_t ifs_ipf_stinsert;
109 ipfrwlock_t ifs_ipf_ipidfrag;
110 ipfrwlock_t ifs_ipf_tokens;
111 kcondvar_t ifs_iplwait;
112 kcondvar_t ifs_ipfauthwait;
113
114 ipftuneable_t *ifs_ipf_tuneables;
115 ipftuneable_t *ifs_ipf_tunelist;
116
117 /* ip_fil_solaris.c */
118 hook_t *ifs_ipfhook4_in;
119 hook_t *ifs_ipfhook4_out;
120 hook_t *ifs_ipfhook4_loop_in;
121 hook_t *ifs_ipfhook4_loop_out;
122 hook_t *ifs_ipfhook4_nicevents;
123 hook_t *ifs_ipfhook6_in;
124 hook_t *ifs_ipfhook6_out;
125 hook_t *ifs_ipfhook6_loop_in;
126 hook_t *ifs_ipfhook6_loop_out;
127 hook_t *ifs_ipfhook6_nicevents;
128
129 /* flags to indicate whether hooks are registered. */
130 boolean_t ifs_hook4_physical_in;
131 boolean_t ifs_hook4_physical_out;
132 boolean_t ifs_hook4_nic_events;
133 boolean_t ifs_hook4_loopback_in;
134 boolean_t ifs_hook4_loopback_out;
135 boolean_t ifs_hook6_physical_in;
136 boolean_t ifs_hook6_physical_out;
137 boolean_t ifs_hook6_nic_events;
138 boolean_t ifs_hook6_loopback_in;
139 boolean_t ifs_hook6_loopback_out;
140
141 int ifs_ipf_loopback;
142 net_handle_t ifs_ipf_ipv4;
143 net_handle_t ifs_ipf_ipv6;
144
145 /* ip_auth.c */
146 int ifs_fr_authsize;
147 int ifs_fr_authused;
148 int ifs_fr_defaultauthage;
149 int ifs_fr_auth_lock;
150 int ifs_fr_auth_init;
151 fr_authstat_t ifs_fr_authstats;
152 frauth_t *ifs_fr_auth;
153 mb_t **ifs_fr_authpkts;
154 int ifs_fr_authstart;
155 int ifs_fr_authend;
156 int ifs_fr_authnext;
157 frauthent_t *ifs_fae_list;
158 frentry_t *ifs_ipauth;
159 frentry_t *ifs_fr_authlist;
160
161 /* ip_frag.c */
162 ipfr_t *ifs_ipfr_list;
163 ipfr_t **ifs_ipfr_tail;
164 ipfr_t **ifs_ipfr_heads;
165
166 ipfr_t *ifs_ipfr_natlist;
167 ipfr_t **ifs_ipfr_nattail;
168 ipfr_t **ifs_ipfr_nattab;
169
170 ipfr_t *ifs_ipfr_ipidlist;
171 ipfr_t **ifs_ipfr_ipidtail;
172 ipfr_t **ifs_ipfr_ipidtab;
173
174 ipfrstat_t ifs_ipfr_stats;
175 int ifs_ipfr_inuse;
176 int ifs_ipfr_size;
177
178 int ifs_fr_ipfrttl;
179 int ifs_fr_frag_lock;
180 int ifs_fr_frag_init;
181 ulong_t ifs_fr_ticks;
182
183 frentry_t ifs_frblock;
184
185 /* ip_htable.c */
186 iphtable_t *ifs_ipf_htables[IPL_LOGSIZE];
187 ulong_t ifs_ipht_nomem[IPL_LOGSIZE];
188 ulong_t ifs_ipf_nhtables[IPL_LOGSIZE];
189 ulong_t ifs_ipf_nhtnodes[IPL_LOGSIZE];
190
191 /* ip_log.c */
192 iplog_t **ifs_iplh[IPL_LOGSIZE];
193 iplog_t *ifs_iplt[IPL_LOGSIZE];
194 iplog_t *ifs_ipll[IPL_LOGSIZE];
195 int ifs_iplused[IPL_LOGSIZE];
196 fr_info_t ifs_iplcrc[IPL_LOGSIZE];
197 int ifs_ipl_suppress;
198 int ifs_ipl_buffer_sz;
199 int ifs_ipl_logmax;
200 int ifs_ipl_logall;
201 int ifs_ipl_log_init;
202 int ifs_ipl_logsize;
203
204 /* ip_lookup.c */
205 ip_pool_stat_t ifs_ippoolstat;
206 int ifs_ip_lookup_inited;
207
208 /* ip_nat.c */
209 /* nat_table[0] -> hashed list sorted by inside (ip, port) */
210 /* nat_table[1] -> hashed list sorted by outside (ip, port) */
211 nat_t **ifs_nat_table[2];
212 nat_t *ifs_nat_instances;
213 ipnat_t *ifs_nat_list;
214 uint_t ifs_ipf_nattable_sz;
215 uint_t ifs_ipf_nattable_max;
216 uint_t ifs_ipf_natrules_sz;
217 uint_t ifs_ipf_rdrrules_sz;
218 uint_t ifs_ipf_hostmap_sz;
219 uint_t ifs_fr_nat_maxbucket;
220 uint_t ifs_fr_nat_maxbucket_reset;
221 uint32_t ifs_nat_masks;
222 uint32_t ifs_rdr_masks;
223 uint32_t ifs_nat6_masks[4];
224 uint32_t ifs_rdr6_masks[4];
225 ipnat_t **ifs_nat_rules;
226 ipnat_t **ifs_rdr_rules;
227 hostmap_t **ifs_maptable;
228 hostmap_t *ifs_ipf_hm_maplist;
229
230 ipftq_t ifs_nat_tqb[IPF_TCP_NSTATES];
231 ipftq_t ifs_nat_udptq;
232 ipftq_t ifs_nat_icmptq;
233 ipftq_t ifs_nat_iptq;
234 ipftq_t *ifs_nat_utqe;
235 int ifs_nat_logging;
236 ulong_t ifs_fr_defnatage;
237 ulong_t ifs_fr_defnatipage;
238 ulong_t ifs_fr_defnaticmpage;
239 natstat_t ifs_nat_stats;
240 int ifs_fr_nat_lock;
241 int ifs_fr_nat_init;
242 uint_t ifs_nat_flush_level_hi;
243 uint_t ifs_nat_flush_level_lo;
244 ulong_t ifs_nat_last_force_flush;
245 int ifs_nat_doflush;
246
247 /* ip_pool.c */
248 ip_pool_stat_t ifs_ipoolstat;
249 ip_pool_t *ifs_ip_pool_list[IPL_LOGSIZE];
250
251 /* ip_proxy.c */
252 ap_session_t *ifs_ap_sess_list;
253 aproxy_t *ifs_ap_proxylist;
254 aproxy_t *ifs_ap_proxies; /* copy of lcl_ap_proxies */
255
256 /* ip_state.c */
257 ipstate_t **ifs_ips_table;
258 ulong_t *ifs_ips_seed;
259 int ifs_ips_num;
260 ulong_t ifs_ips_last_force_flush;
261 uint_t ifs_state_flush_level_hi;
262 uint_t ifs_state_flush_level_lo;
263 ips_stat_t ifs_ips_stats;
264
265 ulong_t ifs_fr_tcpidletimeout;
266 ulong_t ifs_fr_tcpclosewait;
267 ulong_t ifs_fr_tcplastack;
268 ulong_t ifs_fr_tcptimeout;
269 ulong_t ifs_fr_tcpclosed;
270 ulong_t ifs_fr_tcphalfclosed;
271 ulong_t ifs_fr_udptimeout;
272 ulong_t ifs_fr_udpacktimeout;
273 ulong_t ifs_fr_icmptimeout;
274 ulong_t ifs_fr_icmpacktimeout;
275 int ifs_fr_statemax;
276 int ifs_fr_statesize;
277 int ifs_fr_state_doflush;
278 int ifs_fr_state_lock;
279 int ifs_fr_state_maxbucket;
280 int ifs_fr_state_maxbucket_reset;
281 int ifs_fr_state_init;
282 int ifs_fr_enable_active;
283 ipftq_t ifs_ips_tqtqb[IPF_TCP_NSTATES];
284 ipftq_t ifs_ips_udptq;
285 ipftq_t ifs_ips_udpacktq;
286 ipftq_t ifs_ips_iptq;
287 ipftq_t ifs_ips_icmptq;
288 ipftq_t ifs_ips_icmpacktq;
289 ipftq_t ifs_ips_deletetq;
290 ipftq_t *ifs_ips_utqe;
291 int ifs_ipstate_logging;
292 ipstate_t *ifs_ips_list;
293 ulong_t ifs_fr_iptimeout;
294
295 /* radix.c */
296 int ifs_max_keylen;
297 struct radix_mask *ifs_rn_mkfreelist;
298 struct radix_node_head *ifs_mask_rnhead;
299 char *ifs_addmask_key;
300 char *ifs_rn_zeros;
301 char *ifs_rn_ones;
302 #ifdef KERNEL
303 /* kstats for inbound and outbound */
304 kstat_t *ifs_kstatp[2];
305 #endif
306 };
307
308 #endif /* __IPF_STACK_H__ */
Unleashed OS