ip_fw.h File Reference
This graph shows which files directly or indirectly include this file:
Go to the source code of this file.
Macros | |
| #define | IPFW_DEFAULT_RULE 65535 |
| #define | RESVD_SET 31 /*set for default and persistent rules*/ |
| #define | IPFW_MAX_SETS 32 /* Number of sets supported by ipfw*/ |
| #define | IPFW_ARG_MIN 1 |
| #define | IPFW_ARG_MAX 65534 |
| #define | IP_FW_TABLEARG 65535 /* Compat value for old clients */ |
| #define | IP_FW_TARG 0 /* Current tablearg value */ |
| #define | IP_FW_NAT44_GLOBAL 65535 /* arg1 value for "nat global" */ |
| #define | IPFW_CALLSTACK_SIZE 16 |
| #define | IP_FW_TABLE_XADD 86 /* add entry */ |
| #define | IP_FW_TABLE_XDEL 87 /* delete entry */ |
| #define | IP_FW_TABLE_XGETSIZE 88 /* get table size (deprecated) */ |
| #define | IP_FW_TABLE_XLIST 89 /* list table contents */ |
| #define | IP_FW_TABLE_XDESTROY 90 /* destroy table */ |
| #define | IP_FW_TABLES_XLIST 92 /* list all tables */ |
| #define | IP_FW_TABLE_XINFO 93 /* request info for one table */ |
| #define | IP_FW_TABLE_XFLUSH 94 /* flush table data */ |
| #define | IP_FW_TABLE_XCREATE 95 /* create new table */ |
| #define | IP_FW_TABLE_XMODIFY 96 /* modify existing table */ |
| #define | IP_FW_XGET 97 /* Retrieve configuration */ |
| #define | IP_FW_XADD 98 /* add rule */ |
| #define | IP_FW_XDEL 99 /* del rule */ |
| #define | IP_FW_XMOVE 100 /* move rules to different set */ |
| #define | IP_FW_XZERO 101 /* clear accounting */ |
| #define | IP_FW_XRESETLOG 102 /* zero rules logs */ |
| #define | IP_FW_SET_SWAP 103 /* Swap between 2 sets */ |
| #define | IP_FW_SET_MOVE 104 /* Move one set to another one */ |
| #define | IP_FW_SET_ENABLE 105 /* Enable/disable sets */ |
| #define | IP_FW_TABLE_XFIND 106 /* finds an entry */ |
| #define | IP_FW_XIFLIST 107 /* list tracked interfaces */ |
| #define | IP_FW_TABLES_ALIST 108 /* list table algorithms */ |
| #define | IP_FW_TABLE_XSWAP 109 /* swap two tables */ |
| #define | IP_FW_TABLE_VLIST 110 /* dump table value hash */ |
| #define | IP_FW_NAT44_XCONFIG 111 /* Create/modify NAT44 instance */ |
| #define | IP_FW_NAT44_DESTROY 112 /* Destroys NAT44 instance */ |
| #define | IP_FW_NAT44_XGETCONFIG 113 /* Get NAT44 instance config */ |
| #define | IP_FW_NAT44_LIST_NAT 114 /* List all NAT44 instances */ |
| #define | IP_FW_NAT44_XGETLOG 115 /* Get log from NAT44 instance */ |
| #define | IP_FW_DUMP_SOPTCODES 116 /* Dump available sopts/versions */ |
| #define | IP_FW_DUMP_SRVOBJECTS 117 /* Dump existing named objects */ |
| #define | IP_FW_NAT64STL_CREATE 130 /* Create stateless NAT64 instance */ |
| #define | IP_FW_NAT64STL_DESTROY 131 /* Destroy stateless NAT64 instance */ |
| #define | IP_FW_NAT64STL_CONFIG 132 /* Modify stateless NAT64 instance */ |
| #define | IP_FW_NAT64STL_LIST 133 /* List stateless NAT64 instances */ |
| #define | IP_FW_NAT64STL_STATS 134 /* Get NAT64STL instance statistics */ |
| #define | IP_FW_NAT64STL_RESET_STATS 135 /* Reset NAT64STL instance statistics */ |
| #define | IP_FW_NAT64LSN_CREATE 140 /* Create stateful NAT64 instance */ |
| #define | IP_FW_NAT64LSN_DESTROY 141 /* Destroy stateful NAT64 instance */ |
| #define | IP_FW_NAT64LSN_CONFIG 142 /* Modify stateful NAT64 instance */ |
| #define | IP_FW_NAT64LSN_LIST 143 /* List stateful NAT64 instances */ |
| #define | IP_FW_NAT64LSN_STATS 144 /* Get NAT64LSN instance statistics */ |
| #define | IP_FW_NAT64LSN_LIST_STATES 145 /* Get stateful NAT64 states */ |
| #define | IP_FW_NAT64LSN_RESET_STATS 146 /* Reset NAT64LSN instance statistics */ |
| #define | IP_FW_NPTV6_CREATE 150 /* Create NPTv6 instance */ |
| #define | IP_FW_NPTV6_DESTROY 151 /* Destroy NPTv6 instance */ |
| #define | IP_FW_NPTV6_CONFIG 152 /* Modify NPTv6 instance */ |
| #define | IP_FW_NPTV6_LIST 153 /* List NPTv6 instances */ |
| #define | IP_FW_NPTV6_STATS 154 /* Get NPTv6 instance statistics */ |
| #define | IP_FW_NPTV6_RESET_STATS 155 /* Reset NPTv6 instance statistics */ |
| #define | IP_FW_NAT64CLAT_CREATE 160 /* Create clat NAT64 instance */ |
| #define | IP_FW_NAT64CLAT_DESTROY 161 /* Destroy clat NAT64 instance */ |
| #define | IP_FW_NAT64CLAT_CONFIG 162 /* Modify clat NAT64 instance */ |
| #define | IP_FW_NAT64CLAT_LIST 163 /* List clat NAT64 instances */ |
| #define | IP_FW_NAT64CLAT_STATS 164 /* Get NAT64CLAT instance statistics */ |
| #define | IP_FW_NAT64CLAT_RESET_STATS 165 /* Reset NAT64CLAT instance statistics */ |
| #define | EXT_FRAGMENT 0x1 |
| #define | EXT_HOPOPTS 0x2 |
| #define | EXT_ROUTING 0x4 |
| #define | EXT_AH 0x8 |
| #define | EXT_ESP 0x10 |
| #define | EXT_DSTOPTS 0x20 |
| #define | EXT_RTHDR0 0x40 |
| #define | EXT_RTHDR2 0x80 |
| #define | F_NOT 0x80 |
| #define | F_OR 0x40 |
| #define | F_LEN_MASK 0x3f |
| #define | F_LEN(cmd) ((cmd)->len & F_LEN_MASK) |
| #define | F_INSN_SIZE(t) ((sizeof (t))/sizeof(u_int32_t)) |
| #define | DYN_SRC_ADDR 0x1 |
| #define | DYN_SRC_PORT 0x2 |
| #define | DYN_DST_ADDR 0x4 |
| #define | DYN_DST_PORT 0x8 |
| #define | NAT44_REDIR_ADDR 0x01 |
| #define | NAT44_REDIR_PORT 0x02 |
| #define | NAT44_REDIR_PROTO 0x04 |
| #define | APPLY_MASK(addr, mask) |
| #define | IPFW_RULE_NOOPT 0x01 /* Has no options in body */ |
| #define | IPFW_RULE_JUSTOPTS 0x02 /* new format of rule body */ |
| #define | ACTION_PTR(rule) (ipfw_insn *)( (u_int32_t *)((rule)->cmd) + ((rule)->act_ofs) ) |
| #define | RULESIZE(rule) (sizeof(*(rule)) + (rule)->cmd_len * 4 - 4) |
| #define | IS_IP4_FLOW_ID(id) ((id)->addr_type == 4) |
| #define | IS_IP6_FLOW_ID(id) ((id)->addr_type == 6) |
| #define | IPFW_DYN_ORPHANED 0x40000 /* state's parent rule was deleted */ |
| #define | IP_FW_IPOPT_LSRR 0x01 |
| #define | IP_FW_IPOPT_SSRR 0x02 |
| #define | IP_FW_IPOPT_RR 0x04 |
| #define | IP_FW_IPOPT_TS 0x08 |
| #define | IP_FW_TCPOPT_MSS 0x01 |
| #define | IP_FW_TCPOPT_WINDOW 0x02 |
| #define | IP_FW_TCPOPT_SACK 0x04 |
| #define | IP_FW_TCPOPT_TS 0x08 |
| #define | IP_FW_TCPOPT_CC 0x10 |
| #define | ICMP_REJECT_RST 0x100 /* fake ICMP code (send a TCP RST) */ |
| #define | ICMP6_UNREACH_RST 0x100 /* fake ICMPv6 code (send a TCP RST) */ |
| #define | ICMP_REJECT_ABORT 0x101 /* fake ICMP code (send an SCTP ABORT) */ |
| #define | ICMP6_UNREACH_ABORT 0x101 /* fake ICMPv6 code (send an SCTP ABORT) */ |
| #define | IPFW_TABLE_ADDR 1 /* Table for holding IPv4/IPv6 prefixes */ |
| #define | IPFW_TABLE_INTERFACE 2 /* Table for holding interface names */ |
| #define | IPFW_TABLE_NUMBER 3 /* Table for holding ports/uid/gid/etc */ |
| #define | IPFW_TABLE_FLOW 4 /* Table for holding flow data */ |
| #define | IPFW_TABLE_MAXTYPE 4 /* Maximum valid number */ |
| #define | IPFW_TABLE_CIDR IPFW_TABLE_ADDR /* compat */ |
| #define | IPFW_VTYPE_LEGACY 0xFFFFFFFF /* All data is filled in */ |
| #define | IPFW_VTYPE_SKIPTO 0x00000001 /* skipto/call/callreturn */ |
| #define | IPFW_VTYPE_PIPE 0x00000002 /* pipe/queue */ |
| #define | IPFW_VTYPE_FIB 0x00000004 /* setfib */ |
| #define | IPFW_VTYPE_NAT 0x00000008 /* nat */ |
| #define | IPFW_VTYPE_DSCP 0x00000010 /* dscp */ |
| #define | IPFW_VTYPE_TAG 0x00000020 /* tag/untag */ |
| #define | IPFW_VTYPE_DIVERT 0x00000040 /* divert/tee */ |
| #define | IPFW_VTYPE_NETGRAPH 0x00000080 /* netgraph/ngtee */ |
| #define | IPFW_VTYPE_LIMIT 0x00000100 /* limit */ |
| #define | IPFW_VTYPE_NH4 0x00000200 /* IPv4 nexthop */ |
| #define | IPFW_VTYPE_NH6 0x00000400 /* IPv6 nexthop */ |
| #define | IPFW_TCF_INET 0x01 /* CIDR flags: IPv4 record */ |
| #define | IPFW_TLV_TBL_NAME 1 |
| #define | IPFW_TLV_TBLNAME_LIST 2 |
| #define | IPFW_TLV_RULE_LIST 3 |
| #define | IPFW_TLV_DYNSTATE_LIST 4 |
| #define | IPFW_TLV_TBL_ENT 5 |
| #define | IPFW_TLV_DYN_ENT 6 |
| #define | IPFW_TLV_RULE_ENT 7 |
| #define | IPFW_TLV_TBLENT_LIST 8 |
| #define | IPFW_TLV_RANGE 9 |
| #define | IPFW_TLV_EACTION 10 |
| #define | IPFW_TLV_COUNTERS 11 |
| #define | IPFW_TLV_OBJDATA 12 |
| #define | IPFW_TLV_STATE_NAME 14 |
| #define | IPFW_TLV_EACTION_BASE 1000 |
| #define | IPFW_TLV_EACTION_NAME(arg) (IPFW_TLV_EACTION_BASE + (arg)) |
| #define | IPFW_TF_UPDATE 0x01 /* Update record if exists */ |
| #define | IPFW_CTF_ATOMIC 0x01 /* Perform atomic operation */ |
| #define | IPFW_TR_IGNORED 0 /* Entry was ignored (rollback) */ |
| #define | IPFW_TR_ADDED 1 /* Entry was successfully added */ |
| #define | IPFW_TR_UPDATED 2 /* Entry was successfully updated*/ |
| #define | IPFW_TR_DELETED 3 /* Entry was successfully deleted*/ |
| #define | IPFW_TR_LIMIT 4 /* Entry was ignored (limit) */ |
| #define | IPFW_TR_NOTFOUND 5 /* Entry was not found */ |
| #define | IPFW_TR_EXISTS 6 /* Entry already exists */ |
| #define | IPFW_TR_ERROR 7 /* Request has failed (unknown) */ |
| #define | IPFW_DF_LAST 0x01 /* Last state in chain */ |
| #define | IPFW_RCFLAG_RANGE 0x01 /* rule range is set */ |
| #define | IPFW_RCFLAG_ALL 0x02 /* match ALL rules */ |
| #define | IPFW_RCFLAG_SET 0x04 /* match rules in given set */ |
| #define | IPFW_RCFLAG_DYNAMIC 0x08 /* match only dynamic states */ |
| #define | IPFW_RCFLAG_USER |
| #define | IPFW_RCFLAG_DEFAULT 0x0100 /* Do not skip defaul rule */ |
| #define | IPFW_TACLASS_HASH 1 /* algo is based on hash */ |
| #define | IPFW_TACLASS_ARRAY 2 /* algo is based on array */ |
| #define | IPFW_TACLASS_RADIX 3 /* algo is based on radix tree */ |
| #define | IPFW_TATFLAGS_DATA 0x0001 /* Has data filled in */ |
| #define | IPFW_TATFLAGS_AFDATA 0x0002 /* Separate data per AF */ |
| #define | IPFW_TATFLAGS_AFITEM 0x0004 /* diff. items per AF */ |
| #define | IPFW_TGFLAGS_LOCKED 0x01 /* Tables is locked from changes*/ |
| #define | IPFW_TFFLAG_SRCIP 0x01 |
| #define | IPFW_TFFLAG_DSTIP 0x02 |
| #define | IPFW_TFFLAG_SRCPORT 0x04 |
| #define | IPFW_TFFLAG_DSTPORT 0x08 |
| #define | IPFW_TFFLAG_PROTO 0x10 |
| #define | IPFW_TMFLAGS_LIMIT 0x0002 /* Change limit value */ |
| #define | IPFW_TMFLAGS_LOCK 0x0004 /* Change table lock state */ |
| #define | IPFW_IFFLAG_RESOLVED 0x01 /* Interface exists */ |
| #define | IPFW_CFG_GET_STATIC 0x01 |
| #define | IPFW_CFG_GET_STATES 0x02 |
| #define | IPFW_CFG_GET_COUNTERS 0x04 |
Functions | |
| struct _ipfw_dyn_rule | __aligned (8) |
Variables | |
| ipfw_dyn_rule * | next |
| struct ip_fw * | rule |
| ipfw_dyn_rule * | parent |
| u_int64_t | pcnt |
| u_int64_t | bcnt |
| struct ipfw_flow_id | id |
| u_int32_t | expire |
| u_int32_t | bucket |
| u_int32_t | state |
| u_int32_t | ack_fwd |
| u_int32_t | ack_rev |
| u_int16_t | dyn_type |
| u_int16_t | count |
| u_int16_t | kidx |
Macro Definition Documentation
◆ ACTION_PTR
◆ APPLY_MASK
| #define APPLY_MASK | ( | addr, | |
| mask | |||
| ) |
Value:
do { \
(addr)->__u6_addr.__u6_addr32[0] &= (mask)->__u6_addr.__u6_addr32[0]; \
(addr)->__u6_addr.__u6_addr32[1] &= (mask)->__u6_addr.__u6_addr32[1]; \
(addr)->__u6_addr.__u6_addr32[2] &= (mask)->__u6_addr.__u6_addr32[2]; \
(addr)->__u6_addr.__u6_addr32[3] &= (mask)->__u6_addr.__u6_addr32[3]; \
} while (0)
◆ DYN_DST_ADDR
◆ DYN_DST_PORT
◆ DYN_SRC_ADDR
◆ DYN_SRC_PORT
◆ EXT_AH
◆ EXT_DSTOPTS
◆ EXT_ESP
◆ EXT_FRAGMENT
◆ EXT_HOPOPTS
◆ EXT_ROUTING
◆ EXT_RTHDR0
◆ EXT_RTHDR2
◆ F_INSN_SIZE
◆ F_LEN
| #define F_LEN | ( | cmd | ) | ((cmd)->len & F_LEN_MASK) |
◆ F_LEN_MASK
◆ F_NOT
◆ F_OR
◆ ICMP6_UNREACH_ABORT
| #define ICMP6_UNREACH_ABORT 0x101 /* fake ICMPv6 code (send an SCTP ABORT) */ |
◆ ICMP6_UNREACH_RST
| #define ICMP6_UNREACH_RST 0x100 /* fake ICMPv6 code (send a TCP RST) */ |
◆ ICMP_REJECT_ABORT
| #define ICMP_REJECT_ABORT 0x101 /* fake ICMP code (send an SCTP ABORT) */ |
◆ ICMP_REJECT_RST
| #define ICMP_REJECT_RST 0x100 /* fake ICMP code (send a TCP RST) */ |
◆ IP_FW_DUMP_SOPTCODES
| #define IP_FW_DUMP_SOPTCODES 116 /* Dump available sopts/versions */ |
◆ IP_FW_DUMP_SRVOBJECTS
| #define IP_FW_DUMP_SRVOBJECTS 117 /* Dump existing named objects */ |
◆ IP_FW_IPOPT_LSRR
◆ IP_FW_IPOPT_RR
◆ IP_FW_IPOPT_SSRR
◆ IP_FW_IPOPT_TS
◆ IP_FW_NAT44_DESTROY
| #define IP_FW_NAT44_DESTROY 112 /* Destroys NAT44 instance */ |
◆ IP_FW_NAT44_GLOBAL
| #define IP_FW_NAT44_GLOBAL 65535 /* arg1 value for "nat global" */ |
◆ IP_FW_NAT44_LIST_NAT
| #define IP_FW_NAT44_LIST_NAT 114 /* List all NAT44 instances */ |
◆ IP_FW_NAT44_XCONFIG
| #define IP_FW_NAT44_XCONFIG 111 /* Create/modify NAT44 instance */ |
◆ IP_FW_NAT44_XGETCONFIG
| #define IP_FW_NAT44_XGETCONFIG 113 /* Get NAT44 instance config */ |
◆ IP_FW_NAT44_XGETLOG
| #define IP_FW_NAT44_XGETLOG 115 /* Get log from NAT44 instance */ |
◆ IP_FW_NAT64CLAT_CONFIG
| #define IP_FW_NAT64CLAT_CONFIG 162 /* Modify clat NAT64 instance */ |
◆ IP_FW_NAT64CLAT_CREATE
| #define IP_FW_NAT64CLAT_CREATE 160 /* Create clat NAT64 instance */ |
◆ IP_FW_NAT64CLAT_DESTROY
| #define IP_FW_NAT64CLAT_DESTROY 161 /* Destroy clat NAT64 instance */ |
◆ IP_FW_NAT64CLAT_LIST
| #define IP_FW_NAT64CLAT_LIST 163 /* List clat NAT64 instances */ |
◆ IP_FW_NAT64CLAT_RESET_STATS
| #define IP_FW_NAT64CLAT_RESET_STATS 165 /* Reset NAT64CLAT instance statistics */ |
◆ IP_FW_NAT64CLAT_STATS
| #define IP_FW_NAT64CLAT_STATS 164 /* Get NAT64CLAT instance statistics */ |
◆ IP_FW_NAT64LSN_CONFIG
| #define IP_FW_NAT64LSN_CONFIG 142 /* Modify stateful NAT64 instance */ |
◆ IP_FW_NAT64LSN_CREATE
| #define IP_FW_NAT64LSN_CREATE 140 /* Create stateful NAT64 instance */ |
◆ IP_FW_NAT64LSN_DESTROY
| #define IP_FW_NAT64LSN_DESTROY 141 /* Destroy stateful NAT64 instance */ |
◆ IP_FW_NAT64LSN_LIST
| #define IP_FW_NAT64LSN_LIST 143 /* List stateful NAT64 instances */ |
◆ IP_FW_NAT64LSN_LIST_STATES
| #define IP_FW_NAT64LSN_LIST_STATES 145 /* Get stateful NAT64 states */ |
◆ IP_FW_NAT64LSN_RESET_STATS
| #define IP_FW_NAT64LSN_RESET_STATS 146 /* Reset NAT64LSN instance statistics */ |
◆ IP_FW_NAT64LSN_STATS
| #define IP_FW_NAT64LSN_STATS 144 /* Get NAT64LSN instance statistics */ |
◆ IP_FW_NAT64STL_CONFIG
| #define IP_FW_NAT64STL_CONFIG 132 /* Modify stateless NAT64 instance */ |
◆ IP_FW_NAT64STL_CREATE
| #define IP_FW_NAT64STL_CREATE 130 /* Create stateless NAT64 instance */ |
◆ IP_FW_NAT64STL_DESTROY
| #define IP_FW_NAT64STL_DESTROY 131 /* Destroy stateless NAT64 instance */ |
◆ IP_FW_NAT64STL_LIST
| #define IP_FW_NAT64STL_LIST 133 /* List stateless NAT64 instances */ |
◆ IP_FW_NAT64STL_RESET_STATS
| #define IP_FW_NAT64STL_RESET_STATS 135 /* Reset NAT64STL instance statistics */ |
◆ IP_FW_NAT64STL_STATS
| #define IP_FW_NAT64STL_STATS 134 /* Get NAT64STL instance statistics */ |
◆ IP_FW_NPTV6_CONFIG
◆ IP_FW_NPTV6_CREATE
◆ IP_FW_NPTV6_DESTROY
| #define IP_FW_NPTV6_DESTROY 151 /* Destroy NPTv6 instance */ |
◆ IP_FW_NPTV6_LIST
◆ IP_FW_NPTV6_RESET_STATS
| #define IP_FW_NPTV6_RESET_STATS 155 /* Reset NPTv6 instance statistics */ |
◆ IP_FW_NPTV6_STATS
| #define IP_FW_NPTV6_STATS 154 /* Get NPTv6 instance statistics */ |
◆ IP_FW_SET_ENABLE
◆ IP_FW_SET_MOVE
◆ IP_FW_SET_SWAP
◆ IP_FW_TABLE_VLIST
◆ IP_FW_TABLE_XADD
◆ IP_FW_TABLE_XCREATE
◆ IP_FW_TABLE_XDEL
◆ IP_FW_TABLE_XDESTROY
◆ IP_FW_TABLE_XFIND
◆ IP_FW_TABLE_XFLUSH
◆ IP_FW_TABLE_XGETSIZE
| #define IP_FW_TABLE_XGETSIZE 88 /* get table size (deprecated) */ |
◆ IP_FW_TABLE_XINFO
| #define IP_FW_TABLE_XINFO 93 /* request info for one table */ |
◆ IP_FW_TABLE_XLIST
◆ IP_FW_TABLE_XMODIFY
◆ IP_FW_TABLE_XSWAP
◆ IP_FW_TABLEARG
| #define IP_FW_TABLEARG 65535 /* Compat value for old clients */ |
◆ IP_FW_TABLES_ALIST
◆ IP_FW_TABLES_XLIST
◆ IP_FW_TARG
◆ IP_FW_TCPOPT_CC
◆ IP_FW_TCPOPT_MSS
◆ IP_FW_TCPOPT_SACK
◆ IP_FW_TCPOPT_TS
◆ IP_FW_TCPOPT_WINDOW
◆ IP_FW_XADD
◆ IP_FW_XDEL
◆ IP_FW_XGET
◆ IP_FW_XIFLIST
◆ IP_FW_XMOVE
◆ IP_FW_XRESETLOG
◆ IP_FW_XZERO
◆ IPFW_ARG_MAX
◆ IPFW_ARG_MIN
◆ IPFW_CALLSTACK_SIZE
◆ IPFW_CFG_GET_COUNTERS
◆ IPFW_CFG_GET_STATES
◆ IPFW_CFG_GET_STATIC
◆ IPFW_CTF_ATOMIC
◆ IPFW_DEFAULT_RULE
◆ IPFW_DF_LAST
◆ IPFW_DYN_ORPHANED
◆ IPFW_IFFLAG_RESOLVED
◆ IPFW_MAX_SETS
| #define IPFW_MAX_SETS 32 /* Number of sets supported by ipfw*/ |
◆ IPFW_RCFLAG_ALL
◆ IPFW_RCFLAG_DEFAULT
| #define IPFW_RCFLAG_DEFAULT 0x0100 /* Do not skip defaul rule */ |
◆ IPFW_RCFLAG_DYNAMIC
| #define IPFW_RCFLAG_DYNAMIC 0x08 /* match only dynamic states */ |
◆ IPFW_RCFLAG_RANGE
◆ IPFW_RCFLAG_SET
◆ IPFW_RCFLAG_USER
| #define IPFW_RCFLAG_USER |
Value:
(IPFW_RCFLAG_RANGE | IPFW_RCFLAG_ALL | \
IPFW_RCFLAG_SET | IPFW_RCFLAG_DYNAMIC)
◆ IPFW_RULE_JUSTOPTS
| #define IPFW_RULE_JUSTOPTS 0x02 /* new format of rule body */ |
◆ IPFW_RULE_NOOPT
◆ IPFW_TABLE_ADDR
| #define IPFW_TABLE_ADDR 1 /* Table for holding IPv4/IPv6 prefixes */ |
◆ IPFW_TABLE_CIDR
| #define IPFW_TABLE_CIDR IPFW_TABLE_ADDR /* compat */ |
◆ IPFW_TABLE_FLOW
◆ IPFW_TABLE_INTERFACE
| #define IPFW_TABLE_INTERFACE 2 /* Table for holding interface names */ |
◆ IPFW_TABLE_MAXTYPE
◆ IPFW_TABLE_NUMBER
| #define IPFW_TABLE_NUMBER 3 /* Table for holding ports/uid/gid/etc */ |
◆ IPFW_TACLASS_ARRAY
◆ IPFW_TACLASS_HASH
◆ IPFW_TACLASS_RADIX
| #define IPFW_TACLASS_RADIX 3 /* algo is based on radix tree */ |
◆ IPFW_TATFLAGS_AFDATA
| #define IPFW_TATFLAGS_AFDATA 0x0002 /* Separate data per AF */ |
◆ IPFW_TATFLAGS_AFITEM
| #define IPFW_TATFLAGS_AFITEM 0x0004 /* diff. items per AF */ |
◆ IPFW_TATFLAGS_DATA
◆ IPFW_TCF_INET
◆ IPFW_TF_UPDATE
◆ IPFW_TFFLAG_DSTIP
◆ IPFW_TFFLAG_DSTPORT
◆ IPFW_TFFLAG_PROTO
◆ IPFW_TFFLAG_SRCIP
◆ IPFW_TFFLAG_SRCPORT
◆ IPFW_TGFLAGS_LOCKED
| #define IPFW_TGFLAGS_LOCKED 0x01 /* Tables is locked from changes*/ |
◆ IPFW_TLV_COUNTERS
◆ IPFW_TLV_DYN_ENT
◆ IPFW_TLV_DYNSTATE_LIST
◆ IPFW_TLV_EACTION
◆ IPFW_TLV_EACTION_BASE
◆ IPFW_TLV_EACTION_NAME
| #define IPFW_TLV_EACTION_NAME | ( | arg | ) | (IPFW_TLV_EACTION_BASE + (arg)) |
◆ IPFW_TLV_OBJDATA
◆ IPFW_TLV_RANGE
◆ IPFW_TLV_RULE_ENT
◆ IPFW_TLV_RULE_LIST
◆ IPFW_TLV_STATE_NAME
◆ IPFW_TLV_TBL_ENT
◆ IPFW_TLV_TBL_NAME
◆ IPFW_TLV_TBLENT_LIST
◆ IPFW_TLV_TBLNAME_LIST
◆ IPFW_TMFLAGS_LIMIT
◆ IPFW_TMFLAGS_LOCK
| #define IPFW_TMFLAGS_LOCK 0x0004 /* Change table lock state */ |
◆ IPFW_TR_ADDED
◆ IPFW_TR_DELETED
| #define IPFW_TR_DELETED 3 /* Entry was successfully deleted*/ |
◆ IPFW_TR_ERROR
◆ IPFW_TR_EXISTS
◆ IPFW_TR_IGNORED
| #define IPFW_TR_IGNORED 0 /* Entry was ignored (rollback) */ |
◆ IPFW_TR_LIMIT
◆ IPFW_TR_NOTFOUND
◆ IPFW_TR_UPDATED
| #define IPFW_TR_UPDATED 2 /* Entry was successfully updated*/ |
◆ IPFW_VTYPE_DIVERT
◆ IPFW_VTYPE_DSCP
◆ IPFW_VTYPE_FIB
◆ IPFW_VTYPE_LEGACY
| #define IPFW_VTYPE_LEGACY 0xFFFFFFFF /* All data is filled in */ |
◆ IPFW_VTYPE_LIMIT
◆ IPFW_VTYPE_NAT
◆ IPFW_VTYPE_NETGRAPH
◆ IPFW_VTYPE_NH4
◆ IPFW_VTYPE_NH6
◆ IPFW_VTYPE_PIPE
◆ IPFW_VTYPE_SKIPTO
| #define IPFW_VTYPE_SKIPTO 0x00000001 /* skipto/call/callreturn */ |
◆ IPFW_VTYPE_TAG
◆ IS_IP4_FLOW_ID
◆ IS_IP6_FLOW_ID
◆ NAT44_REDIR_ADDR
◆ NAT44_REDIR_PORT
◆ NAT44_REDIR_PROTO
◆ RESVD_SET
| #define RESVD_SET 31 /*set for default and persistent rules*/ |
◆ RULESIZE
Typedef Documentation
◆ ip_fw3_opheader
| typedef struct _ip_fw3_opheader ip_fw3_opheader |
◆ ipfw_cfg_lheader
| typedef struct _ipfw_cfg_lheader ipfw_cfg_lheader |
◆ ipfw_dyn_rule
| typedef struct _ipfw_dyn_rule ipfw_dyn_rule |
◆ ipfw_iface_info
| typedef struct _ipfw_iface_info ipfw_iface_info |
◆ ipfw_insn
| typedef struct _ipfw_insn ipfw_insn |
◆ ipfw_insn_altq
| typedef struct _ipfw_insn_altq ipfw_insn_altq |
◆ ipfw_insn_icmp6
| typedef struct _ipfw_insn_icmp6 ipfw_insn_icmp6 |
◆ ipfw_insn_if
| typedef struct _ipfw_insn_if ipfw_insn_if |
◆ ipfw_insn_ip
| typedef struct _ipfw_insn_ip ipfw_insn_ip |
◆ ipfw_insn_ip6
| typedef struct _ipfw_insn_ip6 ipfw_insn_ip6 |
◆ ipfw_insn_limit
| typedef struct _ipfw_insn_limit ipfw_insn_limit |
◆ ipfw_insn_log
| typedef struct _ipfw_insn_log ipfw_insn_log |
◆ ipfw_insn_mac
| typedef struct _ipfw_insn_mac ipfw_insn_mac |
◆ ipfw_insn_nat
| typedef struct _ipfw_insn_nat ipfw_insn_nat |
◆ ipfw_insn_sa
| typedef struct _ipfw_insn_sa ipfw_insn_sa |
◆ ipfw_insn_sa6
| typedef struct _ipfw_insn_sa6 ipfw_insn_sa6 |
◆ ipfw_insn_u16
| typedef struct _ipfw_insn_u16 ipfw_insn_u16 |
◆ ipfw_insn_u32
| typedef struct _ipfw_insn_u32 ipfw_insn_u32 |
◆ ipfw_obj_ctlv
| typedef struct _ipfw_obj_ctlv ipfw_obj_ctlv |
◆ ipfw_obj_data
| typedef struct _ipfw_obj_data ipfw_obj_data |
◆ ipfw_obj_dyntlv
| typedef struct _ipfw_obj_dyntlv ipfw_obj_dyntlv |
◆ ipfw_obj_header
| typedef struct _ipfw_obj_header ipfw_obj_header |
◆ ipfw_obj_lheader
| typedef struct _ipfw_obj_lheader ipfw_obj_lheader |
◆ ipfw_obj_ntlv
| typedef struct _ipfw_obj_ntlv ipfw_obj_ntlv |
◆ ipfw_obj_tentry
| typedef struct _ipfw_obj_tentry ipfw_obj_tentry |
◆ ipfw_obj_tlv
| typedef struct _ipfw_obj_tlv ipfw_obj_tlv |
◆ ipfw_range_header
| typedef struct _ipfw_range_header ipfw_range_header |
◆ ipfw_range_tlv
| typedef struct _ipfw_range_tlv ipfw_range_tlv |
◆ ipfw_sopt_info
| typedef struct _ipfw_sopt_info ipfw_sopt_info |
◆ ipfw_ta_info
| typedef struct _ipfw_ta_info ipfw_ta_info |
◆ ipfw_ta_tinfo
| typedef struct _ipfw_ta_tinfo ipfw_ta_tinfo |
◆ ipfw_table
| typedef struct _ipfw_table ipfw_table |
◆ ipfw_table_entry
| typedef struct _ipfw_table_entry ipfw_table_entry |
◆ ipfw_table_value
| typedef struct _ipfw_table_value ipfw_table_value |
◆ ipfw_table_xentry
| typedef struct _ipfw_table_xentry ipfw_table_xentry |
◆ ipfw_xtable
| typedef struct _ipfw_xtable ipfw_xtable |
◆ ipfw_xtable_info
| typedef struct _ipfw_xtable_info ipfw_xtable_info |
Enumeration Type Documentation
◆ ipfw_opcodes
| enum ipfw_opcodes |
Function Documentation
◆ __aligned()
| struct _ipfw_dyn_rule __aligned | ( | 8 | ) |
Variable Documentation
◆ ack_fwd
◆ ack_rev
◆ bcnt
◆ bucket
| u_int32_t bucket |
Definition at line 9 of file ip_fw.h.
Referenced by ipq_drop(), ipq_free(), ipq_reuse(), ipq_timeout(), sctp_allocate_vrf(), sctp_find_vrf(), tcp_lro_active_insert(), and tcp_lro_rx_common().
◆ count
| u_int16_t count |
Definition at line 18 of file ip_fw.h.
Referenced by AliasHandleQuestion(), AliasHandleResource(), bbr_log_type_rwnd_collapse(), bsearch4_init(), carp_ioctl(), ctf_decay_count(), ip_reass(), ipreass_drain(), ipreass_drain_tomax(), lradix4_init(), sctp_copy_skeylist(), sctp_inpcb_bind_locked(), sctp_local_addr_count(), sctp_m_getptr(), sctp_serialize_auth_chunks(), tcp_init_hptsi(), tcp_log_free_entries(), tcp_log_free_log_common(), tcp_log_logs_to_buf(), and tcp_usr_ready().
◆ dyn_type
◆ expire
| u_int32_t expire |
Definition at line 8 of file ip_fw.h.
Referenced by AddLink(), CleanupAliasData(), CleanupLink(), DeleteLink(), and SetExpire().
◆ id
| struct ipfw_flow_id id |
Definition at line 7 of file ip_fw.h.
Referenced by sctp_aloc_a_assoc_id(), sctp_asconf_error_response(), sctp_asconf_success_response(), sctp_findasoc_ep_asocid_locked(), sctp_getopt(), and sctp_handle_asconf_ack().
◆ kidx
◆ next
| ipfw_dyn_rule* next |
Definition at line 0 of file ip_fw.h.
Referenced by arpresolve_full(), DeleteLink(), igmp_fasttimo_vnet(), igmp_ifdetach(), in_purgemaddrs(), inp_next(), ip_reass(), rack_add_deferred_option(), rack_apply_deferred_options(), rack_fini(), rack_log_map_chg(), rack_proc_sack_blk(), sctp_add_to_readq(), sctp_asconf_find_param(), sctp_asconf_process_param_ack(), sctp_asconf_queue_mgmt(), sctp_asconf_queue_sa_delete(), sctp_asconf_send_nat_state_update(), sctp_audit_stream_queues_for_size(), sctp_compose_asconf(), sctp_copy_skeylist(), sctp_deact_sharedkey_ep(), sctp_delete_sharedkey(), sctp_delete_sharedkey_ep(), sctp_drain_mbufs(), sctp_find_sharedkey(), sctp_free_assoc(), sctp_handle_asconf(), sctp_handle_asconf_ack(), sctp_handle_forward_tsn(), sctp_inpcb_free(), sctp_insert_sharedkey(), sctp_is_there_unsent_data(), sctp_lower_sosend(), sctp_move_chunks_from_net(), sctp_move_to_outqueue(), sctp_msg_append(), sctp_notify_partial_delivery_indication(), sctp_process_a_data_chunk(), sctp_process_cookie_existing(), sctp_process_init(), sctp_process_init_ack(), sctp_pull_off_control_to_new_inp(), sctp_report_all_outbound(), sctp_reset_a_control(), sctp_send_asconf_ack(), sctp_send_str_reset_req(), sctp_sorecvmsg(), sctp_ss_fcfs_init(), tcp_log_drain(), tcp_lro_active_insert(), tcp_lro_active_remove(), tcp_lro_flush(), tcp_lro_flush_inactive(), tcp_lro_init_args(), and tcp_lro_rx_common().
◆ parent
| ipfw_dyn_rule* parent |
◆ pcnt
◆ rule
| struct ip_fw* rule |
Definition at line 1 of file ip_fw.h.
Referenced by ClearAllFWHoles(), ClearFWHole(), fill_rule(), and PunchFWHole().
◆ state
| u_int32_t state |
Definition at line 10 of file ip_fw.h.
Referenced by alias_rtsp_out(), carp_set_state(), LibAliasProxyRule(), ParseFtp227Reply(), ParseFtp229Reply(), ParseFtpEprtCommand(), ParseFtpPortCommand(), sctp_can_peel_off(), sctp_do_peeloff(), sctp_notify_assoc_change(), sctp_notify_peer_addr_change(), SetStateIn(), SetStateOut(), tcp_log_event_(), and tcp_log_state_change().
