2 * Copyright (C) 2012 by Darren Reed.
4 * See the IPFILTER.LICENCE file for details on licencing.
6 * @(#)ip_compat.h 1.8 1/14/96
8 * Id: ip_compat.h,v 2.142.2.57 2007/10/10 09:51:42 darrenr Exp $
11 #ifndef __IP_COMPAT_H__
12 #define __IP_COMPAT_H__
14 #if defined(_KERNEL) || defined(KERNEL) || defined(__KERNEL__)
24 # if defined(sun) && defined(__SVR4)
34 # if !defined(_KERNEL)
35 # define bzero(a,b) memset(a,0,b)
37 # define bcopy(a,b,c) memmove(b,a,c)
43 # define LIFNAMSIZ IF_NAMESIZE
46 # define LIFNAMSIZ IFNAMSIZ
54 # define IPL_EXTERN(ep) ipl##ep
57 * This is a workaround for <sys/uio.h> troubles on FreeBSD and OpenBSD.
70 #define NETBSD_GE_REV(x) (defined(__NetBSD_Version__) && \
71 (__NetBSD_Version__ >= (x)))
72 #define NETBSD_GT_REV(x) (defined(__NetBSD_Version__) && \
73 (__NetBSD_Version__ > (x)))
74 #define NETBSD_LT_REV(x) (defined(__NetBSD_Version__) && \
75 (__NetBSD_Version__ < (x)))
78 /* ----------------------------------------------------------------------- */
80 /* ----------------------------------------------------------------------- */
81 #define HAS_SYS_MD5_H 1
84 # include "opt_inet6.h"
85 # if defined(INET6) && !defined(USE_INET6)
89 # if !defined(USE_INET6) && !defined(NOINET6)
95 # include <netinet/ip_var.h>
96 # define p_cred td_ucred
97 # define p_uid td_ucred->cr_ruid
100 * When #define'd, the 5.2.1 kernel panics when used with the ftp proxy.
101 * There may be other, safe, kernels but this is not extensively tested yet.
103 # define HAVE_M_PULLDOWN
104 # if !defined(IPFILTER_LKM) && defined(__FreeBSD__)
105 # include "opt_ipfilter.h"
107 # define COPYIN(a,b,c) copyin((caddr_t)(a), (caddr_t)(b), (c))
108 # define COPYOUT(a,b,c) copyout((caddr_t)(a), (caddr_t)(b), (c))
111 # include <inttypes.h>
114 #include <sys/selinfo.h>
115 #include <sys/lock.h>
116 #include <sys/malloc.h>
117 #include <sys/mutex.h>
118 #define KRWLOCK_FILL_SZ 56
119 #define KMUTEX_FILL_SZ 56
120 #include <sys/rwlock.h>
121 #define KMUTEX_T struct mtx
122 #define KRWLOCK_T struct rwlock
125 # define READ_ENTER(x) rw_rlock(&(x)->ipf_lk)
126 # define WRITE_ENTER(x) rw_wlock(&(x)->ipf_lk)
127 # define MUTEX_DOWNGRADE(x) rw_downgrade(&(x)->ipf_lk)
128 # define MUTEX_TRY_UPGRADE(x) rw_try_upgrade(&(x)->ipf_lk)
129 # define RWLOCK_INIT(x,y) rw_init(&(x)->ipf_lk, (y))
130 # define RW_DESTROY(x) rw_destroy(&(x)->ipf_lk)
131 # define RWLOCK_EXIT(x) do { \
132 if (rw_wowned(&(x)->ipf_lk)) \
133 rw_wunlock(&(x)->ipf_lk); \
135 rw_runlock(&(x)->ipf_lk); \
137 # include <net/if_var.h>
138 # define GETKTIME(x) microtime((struct timeval *)x)
139 # define if_addrlist if_addrhead
141 # include <netinet/in_systm.h>
142 # include <netinet/ip.h>
143 # include <machine/in_cksum.h>
146 # define MUTEX_ENTER(x) mtx_lock(&(x)->ipf_lk)
147 # define MUTEX_EXIT(x) mtx_unlock(&(x)->ipf_lk)
148 # define MUTEX_INIT(x,y) mtx_init(&(x)->ipf_lk, (y), NULL,\
150 # define MUTEX_DESTROY(x) mtx_destroy(&(x)->ipf_lk)
151 # define MUTEX_NUKE(x) bzero((x), sizeof(*(x)))
153 * Whilst the sx(9) locks on FreeBSD have the right semantics and interface
154 * for what we want to use them for, despite testing showing they work -
155 * with a WITNESS kernel, it generates LOR messages.
157 # include <machine/atomic.h>
158 # define ATOMIC_INC(x) { mtx_lock(&softc->ipf_rw.ipf_lk); (x)++; \
159 mtx_unlock(&softc->ipf_rw.ipf_lk); }
160 # define ATOMIC_DEC(x) { mtx_lock(&softc->ipf_rw.ipf_lk); (x)--; \
161 mtx_unlock(&softc->ipf_rw.ipf_lk); }
162 # define ATOMIC_INCL(x) atomic_add_long(&(x), 1)
163 # define ATOMIC_INC64(x) ATOMIC_INC(x)
164 # define ATOMIC_INC32(x) atomic_add_32((u_int *)&(x), 1)
165 # define ATOMIC_DECL(x) atomic_add_long(&(x), -1)
166 # define ATOMIC_DEC64(x) ATOMIC_DEC(x)
167 # define ATOMIC_DEC32(x) atomic_add_32((u_int *)&(x), -1)
169 # define SPL_NET(x) ;
170 # define SPL_IMP(x) ;
171 # define SPL_SCHED(x) ;
172 # define GET_MINOR dev2unit
173 # define MSGDSIZE(m) mbufchainlen(m)
174 # define M_LEN(m) (m)->m_len
175 # define M_ADJ(m,x) m_adj(m, x)
176 # define M_COPY(x) m_copym((x), 0, M_COPYALL, M_NOWAIT)
177 # define M_DUP(m) m_dup(m, M_NOWAIT)
178 # define IPF_PANIC(x,y) if (x) { printf y; panic("ipf_panic"); }
179 typedef struct mbuf mb_t;
182 # ifndef _NET_IF_VAR_H_
184 * Userland emulation of struct ifnet.
189 char if_xname[IFNAMSIZ];
190 STAILQ_HEAD(, ifaddr) if_addrlist;
191 int (*if_output)(struct ifnet *, struct mbuf *,
192 const struct sockaddr *, struct route *);
194 # endif /* _NET_IF_VAR_H_ */
197 #define IFNAME(x) ((struct ifnet *)x)->if_xname
198 #define COPYIFNAME(v, x, b) \
200 ((struct ifnet *)x)->if_xname, \
203 typedef u_long ioctlcmd_t;
204 typedef struct uio uio_t;
206 typedef u_int32_t u_32_t;
210 /* ----------------------------------------------------------------------- */
212 /* ----------------------------------------------------------------------- */
215 * For BSD kernels, if bpf is in the kernel, enable ipfilter to use bpf in
218 #if !defined(IPFILTER_BPF)
219 # if (defined(NBPF) && (NBPF > 0)) || (defined(DEV_BPF) && (DEV_BPF > 0)) || \
220 (defined(NBPFILTER) && (NBPFILTER > 0))
221 # define IPFILTER_BPF
226 * Userland locking primitives
229 # if !defined(KMUTEX_FILL_SZ)
230 # define KMUTEX_FILL_SZ 1
232 # if !defined(KRWLOCK_FILL_SZ)
233 # define KRWLOCK_FILL_SZ 1
255 char _fill[KMUTEX_FILL_SZ];
259 const char *ipf_lname;
266 char _fill[KRWLOCK_FILL_SZ];
270 const char *ipf_lname;
279 #define ipf_lk ipf_lkun_s.ipf_slk
280 #define ipf_lname ipf_lkun_s.ipf_lname
281 #define ipf_isr ipf_lkun_s.ipf_sr
282 #define ipf_isw ipf_lkun_s.ipf_sw
283 #define ipf_magic ipf_lkun_s.ipf_magic
285 #if !defined(__GNUC__) || defined(__FreeBSD__)
290 # define INLINE __inline__
293 #if defined(__FreeBSD__) && defined(_KERNEL)
294 CTASSERT(sizeof(ipfrwlock_t) == KRWLOCK_FILL_SZ);
295 CTASSERT(sizeof(ipfmutex_t) == KMUTEX_FILL_SZ);
300 * In a non-kernel environment, there are a lot of macros that need to be
301 * filled in to be null-ops or to point to some compatibility function,
302 * somewhere in userland.
305 typedef struct mb_s {
306 struct mb_s *mb_next;
314 # define m_next mb_next
316 # define m_len mb_len
318 # define m_flags mb_flags
320 # define m_data mb_data
322 # define M_MCAST 0x01
324 # define M_BCAST 0x02
326 # define M_MBCAST 0x04
327 # define MSGDSIZE(m) msgdsize(m)
328 # define M_LEN(m) (m)->mb_len
329 # define M_ADJ(m,x) (m)->mb_len += x
330 # define M_COPY(m) dupmbt(m)
331 # define M_DUP(m) dupmbt(m)
332 # define GETKTIME(x) gettimeofday((struct timeval *)(x), NULL)
333 # define MTOD(m, t) ((t)(m)->mb_data)
334 # define FREE_MB_T(m) freembt(m)
335 # define ALLOC_MB_T(m,l) (m) = allocmbt(l)
336 # define PREP_MB_T(f, m) do { \
337 (m)->mb_next = *(f)->fin_mp; \
338 *(fin)->fin_mp = (m); \
341 # define SLEEP(x,y) 1;
342 # define WAKEUP(x,y) ;
343 # define POLLWAKEUP(y) ;
344 # define IPF_PANIC(x,y) ;
345 # define PANIC(x,y) ;
346 # define SPL_SCHED(x) ;
347 # define SPL_NET(x) ;
348 # define SPL_IMP(x) ;
350 # define KMALLOC(a,b) (a) = (b)malloc(sizeof(*a))
351 # define KMALLOCS(a,b,c) (a) = (b)malloc(c)
352 # define KFREE(x) free(x)
353 # define KFREES(x,s) free(x)
354 # define GETIFP(x, v) get_unit(x,v)
355 # define GETIFMTU_4(x) 2048
356 # define GETIFMTU_6(x) 2048
357 # define COPYIN(a,b,c) bcopywrap((a), (b), (c))
358 # define COPYOUT(a,b,c) bcopywrap((a), (b), (c))
359 # define COPYDATA(m, o, l, b) bcopy(MTOD((mb_t *)m, char *) + (o), \
361 # define COPYBACK(m, o, l, b) bcopy((b), \
362 MTOD((mb_t *)m, char *) + (o), \
364 # define UIOMOVE(a,b,c,d) ipfuiomove((caddr_t)a,b,c,d)
365 extern void m_copydata(mb_t *, int, int, caddr_t);
366 extern int ipfuiomove(caddr_t, int, int, struct uio *);
367 extern int bcopywrap(void *, void *, size_t);
368 extern mb_t *allocmbt(size_t);
369 extern mb_t *dupmbt(mb_t *);
370 extern void freembt(mb_t *);
372 # define MUTEX_DESTROY(x) eMmutex_destroy(&(x)->ipf_emu, \
374 # define MUTEX_ENTER(x) eMmutex_enter(&(x)->ipf_emu, \
376 # define MUTEX_EXIT(x) eMmutex_exit(&(x)->ipf_emu, \
378 # define MUTEX_INIT(x,y) eMmutex_init(&(x)->ipf_emu, y, \
380 # define MUTEX_NUKE(x) bzero((x), sizeof(*(x)))
382 # define MUTEX_DOWNGRADE(x) eMrwlock_downgrade(&(x)->ipf_emu, \
384 # define MUTEX_TRY_UPGRADE(x) eMrwlock_try_upgrade(&(x)->ipf_emu, \
386 # define READ_ENTER(x) eMrwlock_read_enter(&(x)->ipf_emu, \
388 # define RWLOCK_INIT(x, y) eMrwlock_init(&(x)->ipf_emu, y)
389 # define RWLOCK_EXIT(x) eMrwlock_exit(&(x)->ipf_emu)
390 # define RW_DESTROY(x) eMrwlock_destroy(&(x)->ipf_emu)
391 # define WRITE_ENTER(x) eMrwlock_write_enter(&(x)->ipf_emu, \
395 # define USE_MUTEXES 1
397 extern void eMmutex_destroy(eMmutex_t *, char *, int);
398 extern void eMmutex_enter(eMmutex_t *, char *, int);
399 extern void eMmutex_exit(eMmutex_t *, char *, int);
400 extern void eMmutex_init(eMmutex_t *, char *, char *, int);
401 extern void eMrwlock_destroy(eMrwlock_t *);
402 extern void eMrwlock_exit(eMrwlock_t *);
403 extern void eMrwlock_init(eMrwlock_t *, char *);
404 extern void eMrwlock_read_enter(eMrwlock_t *, char *, int);
405 extern void eMrwlock_write_enter(eMrwlock_t *, char *, int);
406 extern void eMrwlock_downgrade(eMrwlock_t *, char *, int);
410 extern mb_t *allocmbt(size_t);
412 #define MAX_IPV4HDR ((0xf << 2) + sizeof(struct icmp) + sizeof(ip_t) + 8)
415 # define IP_OFFMASK 0x1fff
420 * On BSD's use quad_t as a guarantee for getting at least a 64bit sized
423 #if !defined(__amd64__) && !SOLARIS
425 # define U_QUAD_T unsigned long long
426 # define QUAD_T long long
428 # if !defined(U_QUAD_T)
429 # define U_QUAD_T u_long
436 # if defined(__NetBSD__) || defined(__FreeBSD__)
437 # include <netinet/ip6.h>
438 # include <netinet/icmp6.h>
439 # if defined(_KERNEL)
440 # include <netinet6/ip6_var.h>
442 typedef struct ip6_hdr ip6_t;
447 # define MAX(a,b) (((a) > (b)) ? (a) : (b))
451 # if SOLARIS && !defined(INSTANCES)
452 # define COPYDATA mb_copydata
453 # define COPYBACK mb_copyback
455 # define COPYDATA m_copydata
456 # define COPYBACK m_copyback
458 # if (defined(__NetBSD_Version__) && (__NetBSD_Version__ < 105180000)) || \
462 # if NETBSD_GE_REV(105180000)
463 # include <uvm/uvm_extern.h>
465 # include <vm/vm_extern.h>
466 extern vm_map_t kmem_map;
468 # include <sys/proc.h>
470 # ifdef IPFILTER_M_IPFILTER
471 # include <sys/malloc.h>
472 MALLOC_DECLARE(M_IPFILTER);
473 # define _M_IPF M_IPFILTER
474 # else /* IPFILTER_M_IPFILTER */
476 # define _M_IPF M_PFIL
479 # define _M_IPF M_IPFILTER
481 # define _M_IPF M_TEMP
482 # endif /* M_IPFILTER */
484 # endif /* IPFILTER_M_IPFILTER */
485 # if !defined(KMALLOC)
486 # define KMALLOC(a, b) (a) = (b)malloc(sizeof(*(a)), _M_IPF, M_NOWAIT)
488 # if !defined(KMALLOCS)
489 # define KMALLOCS(a, b, c) (a) = (b)malloc((c), _M_IPF, M_NOWAIT)
492 # define KFREE(x) free((x), _M_IPF)
494 # if !defined(KFREES)
495 # define KFREES(x,s) free((x), _M_IPF)
497 # define UIOMOVE(a,b,c,d) uiomove((caddr_t)a,b,d)
498 # define SLEEP(id, n) tsleep((id), PPAUSE|PCATCH, n, 0)
499 # define WAKEUP(id,x) wakeup(id+x)
500 # if !defined(POLLWAKEUP)
501 # define POLLWAKEUP(x) selwakeup(softc->ipf_selwait+x)
503 # define GETIFP(n, v) ifunit(n)
504 # define GETIFMTU_4(x) ((struct ifnet *)x)->if_mtu
505 # define GETIFMTU_6(x) ((struct ifnet *)x)->if_mtu
507 # if !defined(USE_MUTEXES) && !defined(SPL_NET)
508 # define SPL_IMP(x) x = splimp()
509 # define SPL_NET(x) x = splnet()
510 # if !defined(SPL_SCHED)
511 # define SPL_SCHED(x) x = splsched()
513 # define SPL_X(x) (void) splx(x)
514 # endif /* !USE_MUTEXES */
517 # define FREE_MB_T(m) m_freem(m)
521 # define ALLOC_MB_T(m,l) do { \
522 MGETHDR((m), M_NOWAIT, MT_HEADER); \
525 (m)->m_pkthdr.len = (l); \
529 # define ALLOC_MB_T(m,l) do { \
530 MGET((m), M_NOWAIT, MT_HEADER); \
533 (m)->m_pkthdr.len = (l); \
539 # define PREP_MB_T(f, m) do { \
540 mb_t *_o = *(f)->fin_mp; \
542 *(fin)->fin_mp = (m); \
543 if (_o->m_flags & M_PKTHDR) { \
544 (m)->m_pkthdr.len += \
546 (m)->m_pkthdr.rcvif = \
547 _o->m_pkthdr.rcvif; \
553 # define M_DUP(m) m_dup(m, 0, M_COPYALL, 0)
555 # define M_DUP(m) m_dup(m)
560 # define MTOD(m,t) mtod(m,t)
564 # define COPYIN(a,b,c) (bcopy((caddr_t)(a), (caddr_t)(b), (c)), 0)
565 # define COPYOUT(a,b,c) (bcopy((caddr_t)(a), (caddr_t)(b), (c)), 0)
568 # if SOLARIS && !defined(KMALLOC)
569 # define KMALLOC(a,b) (a) = (b)new_kmem_alloc(sizeof(*(a)), \
571 # define KMALLOCS(a,b,c) (a) = (b)new_kmem_alloc((c), KMEM_NOSLEEP)
575 # define GET_MINOR(x) dev2unit(x)
577 # define PANIC(x,y) if (x) panic y
580 #if !defined(IFNAME) && !defined(_KERNEL)
581 # define IFNAME(x) get_ifname((struct ifnet *)x)
584 # define NEED_FRGETIFNAME
585 extern char *ipf_getifname(struct ifnet *, char *);
586 # define COPYIFNAME(v, x, b) \
587 ipf_getifname((struct ifnet *)x, b)
594 # define ASSERT(x) do { if (!(x)) abort(); } while (0)
599 # define BCOPYIN(a,b,c) (bcopy((caddr_t)(a), (caddr_t)(b), (c)), 0)
600 # define BCOPYOUT(a,b,c) (bcopy((caddr_t)(a), (caddr_t)(b), (c)), 0)
604 * Because the ctype(3) posix definition, if used "safely" in code everywhere,
605 * would mean all normal code that walks through strings needed casts. Yuck.
607 #define ISALNUM(x) isalnum((u_char)(x))
608 #define ISALPHA(x) isalpha((u_char)(x))
609 #define ISDIGIT(x) isdigit((u_char)(x))
610 #define ISSPACE(x) isspace((u_char)(x))
611 #define ISUPPER(x) isupper((u_char)(x))
612 #define ISXDIGIT(x) isxdigit((u_char)(x))
613 #define ISLOWER(x) islower((u_char)(x))
614 #define TOUPPER(x) toupper((u_char)(x))
615 #define TOLOWER(x) tolower((u_char)(x))
618 * If mutexes aren't being used, turn all the mutex functions into null-ops.
620 #if !defined(USE_MUTEXES)
625 # undef MUTEX_DESTROY
626 # define MUTEX_ENTER(x) ;
627 # define READ_ENTER(x) ;
628 # define WRITE_ENTER(x) ;
629 # define MUTEX_DOWNGRADE(x) ;
630 # define MUTEX_TRY_UPGRADE(x) ;
631 # define RWLOCK_INIT(x, y) ;
632 # define RWLOCK_EXIT(x) ;
633 # define RW_DESTROY(x) ;
634 # define MUTEX_EXIT(x) ;
635 # define MUTEX_INIT(x,y) ;
636 # define MUTEX_DESTROY(x) ;
637 # define MUTEX_NUKE(x) ;
638 #endif /* !USE_MUTEXES */
640 # define ATOMIC_INC(x) (x)++
641 # define ATOMIC_DEC(x) (x)--
644 #if defined(USE_SPL) && defined(_KERNEL)
645 # define SPL_INT(x) int x
651 * If there are no atomic operations for bit sizes defined, define them to all
652 * use a generic one that works for all sizes.
655 # define ATOMIC_INCL ATOMIC_INC
656 # define ATOMIC_INC64 ATOMIC_INC
657 # define ATOMIC_INC32 ATOMIC_INC
658 # define ATOMIC_DECL ATOMIC_DEC
659 # define ATOMIC_DEC64 ATOMIC_DEC
660 # define ATOMIC_DEC32 ATOMIC_DEC
663 #ifndef HDR_T_PRIVATE
664 typedef struct tcphdr tcphdr_t;
665 typedef struct udphdr udphdr_t;
667 typedef struct icmp icmphdr_t;
668 typedef struct ip ip_t;
669 typedef struct ether_header ether_header_t;
670 typedef struct tcpiphdr tcpiphdr_t;
673 # define FR_GROUPLEN 16
677 # define offsetof(t,m) (size_t)((&((t *)0L)->m))
680 # define stsizeof(t,m) sizeof(((t *)0L)->m)
684 * This set of macros has been brought about because on Tru64 it is not
685 * possible to easily assign or examine values in a structure that are
689 # define IP_V(x) (x)->ip_v
692 # define IP_V_A(x,y) (x)->ip_v = (y)
695 # define IP_HL(x) (x)->ip_hl
698 # define IP_HL_A(x,y) (x)->ip_hl = ((y) & 0xf)
701 # define TCP_X2(x) (x)->th_x2
704 # define TCP_X2_A(x,y) (x)->th_x2 = (y)
707 # define TCP_OFF(x) (x)->th_off
710 # define TCP_OFF_A(x,y) (x)->th_off = (y)
712 #define IPMINLEN(i, h) ((i)->ip_len >= (IP_HL(i) * 4 + sizeof(struct h)))
714 #define TCPF_ALL (TH_FIN|TH_SYN|TH_RST|TH_PUSH|TH_ACK|TH_URG|\
717 #if !SOLARIS && !defined(m_act)
718 # define m_act m_nextpkt
722 * Security Options for Intenet Protocol (IPSO) as defined in RFC 1108.
726 * 00000001 - (Reserved 4)
727 * 00111101 - Top Secret
729 * 10010110 - Confidential
730 * 01100110 - (Reserved 3)
731 * 11001100 - (Reserved 2)
732 * 10101011 - Unclassified
733 * 11110001 - (Reserved 1)
735 #define IPSO_CLASS_RES4 0x01
736 #define IPSO_CLASS_TOPS 0x3d
737 #define IPSO_CLASS_SECR 0x5a
738 #define IPSO_CLASS_CONF 0x96
739 #define IPSO_CLASS_RES3 0x66
740 #define IPSO_CLASS_RES2 0xcc
741 #define IPSO_CLASS_UNCL 0xab
742 #define IPSO_CLASS_RES1 0xf1
744 #define IPSO_AUTH_GENSER 0x80
745 #define IPSO_AUTH_ESI 0x40
746 #define IPSO_AUTH_SCI 0x20
747 #define IPSO_AUTH_NSA 0x10
748 #define IPSO_AUTH_DOE 0x08
749 #define IPSO_AUTH_UN 0x06
750 #define IPSO_AUTH_FTE 0x01
758 #define IPOPT_ZSU 10 /* ZSU */
760 #define IPOPT_MTUP 11 /* MTUP */
762 #define IPOPT_MTUR 12 /* MTUR */
764 #define IPOPT_ENCODE 15 /* ENCODE */
768 #define IPOPT_TR 82 /* TR */
769 #undef IPOPT_SECURITY
770 #define IPOPT_SECURITY 130
772 #define IPOPT_LSRR 131
774 #define IPOPT_E_SEC 133 /* E-SEC */
776 #define IPOPT_CIPSO 134 /* CIPSO */
778 #define IPOPT_SATID 136
780 # define IPOPT_SID IPOPT_SATID
783 #define IPOPT_SSRR 137
785 #define IPOPT_ADDEXT 147 /* ADDEXT */
787 #define IPOPT_VISA 142 /* VISA */
789 #define IPOPT_IMITD 144 /* IMITD */
791 #define IPOPT_EIP 145 /* EIP */
793 #define IPOPT_RTRALRT 148 /* RTRALRT */
795 #define IPOPT_SDB 149
797 #define IPOPT_NSAPA 150
799 #define IPOPT_DPS 151
801 #define IPOPT_UMP 152
803 #define IPOPT_FINN 205 /* FINN */
805 #define IPOPT_AH 256+IPPROTO_AH
807 #define ICMP_UNREACH_ADMIN_PROHIBIT ICMP_UNREACH_FILTER_PROHIB
808 #define ICMP_UNREACH_FILTER ICMP_UNREACH_FILTER_PROHIB
814 # define IPOPT_MINOFF 4
817 # define IPOPT_COPIED(x) ((x)&0x80)
826 # define IP_MF ((u_short)0x2000)
829 # define ETHERTYPE_IP ((u_short)0x0800)
841 # define TH_PUSH 0x08
850 #define TH_ACKMASK (TH_FIN|TH_SYN|TH_RST|TH_ACK)
864 #ifndef IPOPT_SECURITY
865 # define IPOPT_SECURITY 130
868 # define IPOPT_LSRR 131
871 # define IPOPT_SATID 136
874 # define IPOPT_SSRR 137
876 #ifndef IPOPT_SECUR_UNCLASS
877 # define IPOPT_SECUR_UNCLASS ((u_short)0x0000)
879 #ifndef IPOPT_SECUR_CONFID
880 # define IPOPT_SECUR_CONFID ((u_short)0xf135)
882 #ifndef IPOPT_SECUR_EFTO
883 # define IPOPT_SECUR_EFTO ((u_short)0x789a)
885 #ifndef IPOPT_SECUR_MMMM
886 # define IPOPT_SECUR_MMMM ((u_short)0xbc4d)
888 #ifndef IPOPT_SECUR_RESTR
889 # define IPOPT_SECUR_RESTR ((u_short)0xaf13)
891 #ifndef IPOPT_SECUR_SECRET
892 # define IPOPT_SECUR_SECRET ((u_short)0xd788)
894 #ifndef IPOPT_SECUR_TOPSECRET
895 # define IPOPT_SECUR_TOPSECRET ((u_short)0x6bc5)
898 # define IPOPT_OLEN 1
900 #ifndef IPPROTO_HOPOPTS
901 # define IPPROTO_HOPOPTS 0
904 # define IPPROTO_IPIP 4
906 #ifndef IPPROTO_ENCAP
907 # define IPPROTO_ENCAP 98
910 # define IPPROTO_IPV6 41
912 #ifndef IPPROTO_ROUTING
913 # define IPPROTO_ROUTING 43
915 #ifndef IPPROTO_FRAGMENT
916 # define IPPROTO_FRAGMENT 44
919 # define IPPROTO_GRE 47 /* GRE encaps RFC 1701 */
922 # define IPPROTO_ESP 50
925 # define IPPROTO_AH 51
927 #ifndef IPPROTO_ICMPV6
928 # define IPPROTO_ICMPV6 58
931 # define IPPROTO_NONE 59
933 #ifndef IPPROTO_DSTOPTS
934 # define IPPROTO_DSTOPTS 60
936 #ifndef IPPROTO_MOBILITY
937 # define IPPROTO_MOBILITY 135
940 #ifndef ICMP_ROUTERADVERT
941 # define ICMP_ROUTERADVERT 9
943 #ifndef ICMP_ROUTERSOLICIT
944 # define ICMP_ROUTERSOLICIT 10
946 #ifndef ICMP6_DST_UNREACH
947 # define ICMP6_DST_UNREACH 1
949 #ifndef ICMP6_PACKET_TOO_BIG
950 # define ICMP6_PACKET_TOO_BIG 2
952 #ifndef ICMP6_TIME_EXCEEDED
953 # define ICMP6_TIME_EXCEEDED 3
955 #ifndef ICMP6_PARAM_PROB
956 # define ICMP6_PARAM_PROB 4
959 #ifndef ICMP6_ECHO_REQUEST
960 # define ICMP6_ECHO_REQUEST 128
962 #ifndef ICMP6_ECHO_REPLY
963 # define ICMP6_ECHO_REPLY 129
965 #ifndef ICMP6_MEMBERSHIP_QUERY
966 # define ICMP6_MEMBERSHIP_QUERY 130
968 #ifndef MLD6_LISTENER_QUERY
969 # define MLD6_LISTENER_QUERY 130
971 #ifndef ICMP6_MEMBERSHIP_REPORT
972 # define ICMP6_MEMBERSHIP_REPORT 131
974 #ifndef MLD6_LISTENER_REPORT
975 # define MLD6_LISTENER_REPORT 131
977 #ifndef ICMP6_MEMBERSHIP_REDUCTION
978 # define ICMP6_MEMBERSHIP_REDUCTION 132
980 #ifndef MLD6_LISTENER_DONE
981 # define MLD6_LISTENER_DONE 132
983 #ifndef ND_ROUTER_SOLICIT
984 # define ND_ROUTER_SOLICIT 133
986 #ifndef ND_ROUTER_ADVERT
987 # define ND_ROUTER_ADVERT 134
989 #ifndef ND_NEIGHBOR_SOLICIT
990 # define ND_NEIGHBOR_SOLICIT 135
992 #ifndef ND_NEIGHBOR_ADVERT
993 # define ND_NEIGHBOR_ADVERT 136
996 # define ND_REDIRECT 137
998 #ifndef ICMP6_ROUTER_RENUMBERING
999 # define ICMP6_ROUTER_RENUMBERING 138
1001 #ifndef ICMP6_WRUREQUEST
1002 # define ICMP6_WRUREQUEST 139
1004 #ifndef ICMP6_WRUREPLY
1005 # define ICMP6_WRUREPLY 140
1007 #ifndef ICMP6_FQDN_QUERY
1008 # define ICMP6_FQDN_QUERY 139
1010 #ifndef ICMP6_FQDN_REPLY
1011 # define ICMP6_FQDN_REPLY 140
1013 #ifndef ICMP6_NI_QUERY
1014 # define ICMP6_NI_QUERY 139
1016 #ifndef ICMP6_NI_REPLY
1017 # define ICMP6_NI_REPLY 140
1019 #ifndef MLD6_MTRACE_RESP
1020 # define MLD6_MTRACE_RESP 200
1023 # define MLD6_MTRACE 201
1025 #ifndef ICMP6_HADISCOV_REQUEST
1026 # define ICMP6_HADISCOV_REQUEST 202
1028 #ifndef ICMP6_HADISCOV_REPLY
1029 # define ICMP6_HADISCOV_REPLY 203
1031 #ifndef ICMP6_MOBILEPREFIX_SOLICIT
1032 # define ICMP6_MOBILEPREFIX_SOLICIT 204
1034 #ifndef ICMP6_MOBILEPREFIX_ADVERT
1035 # define ICMP6_MOBILEPREFIX_ADVERT 205
1037 #ifndef ICMP6_MAXTYPE
1038 # define ICMP6_MAXTYPE 205
1041 #ifndef ICMP6_DST_UNREACH_NOROUTE
1042 # define ICMP6_DST_UNREACH_NOROUTE 0
1044 #ifndef ICMP6_DST_UNREACH_ADMIN
1045 # define ICMP6_DST_UNREACH_ADMIN 1
1047 #ifndef ICMP6_DST_UNREACH_NOTNEIGHBOR
1048 # define ICMP6_DST_UNREACH_NOTNEIGHBOR 2
1050 #ifndef ICMP6_DST_UNREACH_BEYONDSCOPE
1051 # define ICMP6_DST_UNREACH_BEYONDSCOPE 2
1053 #ifndef ICMP6_DST_UNREACH_ADDR
1054 # define ICMP6_DST_UNREACH_ADDR 3
1056 #ifndef ICMP6_DST_UNREACH_NOPORT
1057 # define ICMP6_DST_UNREACH_NOPORT 4
1059 #ifndef ICMP6_TIME_EXCEED_TRANSIT
1060 # define ICMP6_TIME_EXCEED_TRANSIT 0
1062 #ifndef ICMP6_TIME_EXCEED_REASSEMBLY
1063 # define ICMP6_TIME_EXCEED_REASSEMBLY 1
1066 #ifndef ICMP6_NI_SUCCESS
1067 # define ICMP6_NI_SUCCESS 0
1069 #ifndef ICMP6_NI_REFUSED
1070 # define ICMP6_NI_REFUSED 1
1072 #ifndef ICMP6_NI_UNKNOWN
1073 # define ICMP6_NI_UNKNOWN 2
1076 #ifndef ICMP6_ROUTER_RENUMBERING_COMMAND
1077 # define ICMP6_ROUTER_RENUMBERING_COMMAND 0
1079 #ifndef ICMP6_ROUTER_RENUMBERING_RESULT
1080 # define ICMP6_ROUTER_RENUMBERING_RESULT 1
1082 #ifndef ICMP6_ROUTER_RENUMBERING_SEQNUM_RESET
1083 # define ICMP6_ROUTER_RENUMBERING_SEQNUM_RESET 255
1086 #ifndef ICMP6_PARAMPROB_HEADER
1087 # define ICMP6_PARAMPROB_HEADER 0
1089 #ifndef ICMP6_PARAMPROB_NEXTHEADER
1090 # define ICMP6_PARAMPROB_NEXTHEADER 1
1092 #ifndef ICMP6_PARAMPROB_OPTION
1093 # define ICMP6_PARAMPROB_OPTION 2
1096 #ifndef ICMP6_NI_SUBJ_IPV6
1097 # define ICMP6_NI_SUBJ_IPV6 0
1099 #ifndef ICMP6_NI_SUBJ_FQDN
1100 # define ICMP6_NI_SUBJ_FQDN 1
1102 #ifndef ICMP6_NI_SUBJ_IPV4
1103 # define ICMP6_NI_SUBJ_IPV4 2
1106 #ifndef MLD_MTRACE_RESP
1107 # define MLD_MTRACE_RESP 200
1110 # define MLD_MTRACE 201
1112 #ifndef MLD6_MTRACE_RESP
1113 # define MLD6_MTRACE_RESP MLD_MTRACE_RESP
1116 # define MLD6_MTRACE MLD_MTRACE
1119 #if !defined(IPV6_FLOWINFO_MASK)
1120 # if (BYTE_ORDER == BIG_ENDIAN) || defined(_BIG_ENDIAN)
1121 # define IPV6_FLOWINFO_MASK 0x0fffffff /* flow info (28 bits) */
1123 # if(BYTE_ORDER == LITTLE_ENDIAN) || !defined(_BIG_ENDIAN)
1124 # define IPV6_FLOWINFO_MASK 0xffffff0f /* flow info (28 bits) */
1125 # endif /* LITTLE_ENDIAN */
1128 #if !defined(IPV6_FLOWLABEL_MASK)
1129 # if (BYTE_ORDER == BIG_ENDIAN) || defined(_BIG_ENDIAN)
1130 # define IPV6_FLOWLABEL_MASK 0x000fffff /* flow label (20 bits) */
1132 # if (BYTE_ORDER == LITTLE_ENDIAN) || !defined(_BIG_ENDIAN)
1133 # define IPV6_FLOWLABEL_MASK 0xffff0f00 /* flow label (20 bits) */
1134 # endif /* LITTLE_ENDIAN */
1139 * ECN is a new addition to TCP - RFC 2481
1142 # define TH_ECN 0x40
1145 # define TH_CWR 0x80
1147 #define TH_ECNALL (TH_ECN|TH_CWR)
1152 #define IPF_TCPS_LISTEN 0 /* listening for connection */
1153 #define IPF_TCPS_SYN_SENT 1 /* active, have sent syn */
1154 #define IPF_TCPS_SYN_RECEIVED 2 /* have send and received syn */
1155 #define IPF_TCPS_HALF_ESTAB 3 /* for connections not fully "up" */
1156 /* states < IPF_TCPS_ESTABLISHED are those where connections not established */
1157 #define IPF_TCPS_ESTABLISHED 4 /* established */
1158 #define IPF_TCPS_CLOSE_WAIT 5 /* rcvd fin, waiting for close */
1159 /* states > IPF_TCPS_CLOSE_WAIT are those where user has closed */
1160 #define IPF_TCPS_FIN_WAIT_1 6 /* have closed, sent fin */
1161 #define IPF_TCPS_CLOSING 7 /* closed xchd FIN; await FIN ACK */
1162 #define IPF_TCPS_LAST_ACK 8 /* had fin and close; await FIN ACK */
1163 /* states > IPF_TCPS_CLOSE_WAIT && < IPF_TCPS_FIN_WAIT_2 await ACK of FIN */
1164 #define IPF_TCPS_FIN_WAIT_2 9 /* have closed, fin is acked */
1165 #define IPF_TCPS_TIME_WAIT 10 /* in 2*msl quiet wait after close */
1166 #define IPF_TCPS_CLOSED 11 /* closed */
1167 #define IPF_TCP_NSTATES 12
1171 #undef ICMP_MAX_UNREACH
1172 #define ICMP_MAX_UNREACH 14
1174 #define ICMP_MAXTYPE 18
1177 # define LOG_FTP (11<<3)
1179 #ifndef LOG_AUTHPRIV
1180 # define LOG_AUTHPRIV (10<<3)
1183 # define LOG_AUDIT (13<<3)
1186 # define LOG_NTP (12<<3)
1188 #ifndef LOG_SECURITY
1189 # define LOG_SECURITY (13<<3)
1192 # define LOG_LFMT (14<<3)
1195 # define LOG_CONSOLE (14<<3)
1199 * ICMP error replies have an IP header (20 bytes), 8 bytes of ICMP data,
1200 * another IP header and then 64 bits of data, totalling 56. Of course,
1201 * the last 64 bits is dependent on that being available.
1203 #define ICMPERR_ICMPHLEN 8
1204 #define ICMPERR_IPICMPHLEN (20 + 8)
1205 #define ICMPERR_MINPKTLEN (20 + 8 + 20)
1206 #define ICMPERR_MAXPKTLEN (20 + 8 + 20 + 8)
1207 #define ICMP6ERR_MINPKTLEN (40 + 8)
1208 #define ICMP6ERR_IPICMPHLEN (40 + 8 + 40)
1211 # define MIN(a,b) (((a)<(b))?(a):(b))
1215 # undef IPFILTER_BPF
1219 # define DPRINT(x) printf x
1226 # define DT(_n) DTRACE_PROBE(_n)
1227 # define DT1(_n,_a,_b) DTRACE_PROBE1(_n,_a,_b)
1228 # define DT2(_n,_a,_b,_c,_d) DTRACE_PROBE2(_n,_a,_b,_c,_d)
1229 # define DT3(_n,_a,_b,_c,_d,_e,_f) \
1230 DTRACE_PROBE3(_n,_a,_b,_c,_d,_e,_f)
1231 # define DT4(_n,_a,_b,_c,_d,_e,_f,_g,_h) \
1232 DTRACE_PROBE4(_n,_a,_b,_c,_d,_e,_f,_g,_h)
1235 # define DT1(_n,_a,_b)
1236 # define DT2(_n,_a,_b,_c,_d)
1237 # define DT3(_n,_a,_b,_c,_d,_e,_f)
1238 # define DT4(_n,_a,_b,_c,_d,_e,_f,_g,_h)
1242 # define DT1(_n,_a,_b)
1243 # define DT2(_n,_a,_b,_c,_d)
1244 # define DT3(_n,_a,_b,_c,_d,_e,_f)
1245 # define DT4(_n,_a,_b,_c,_d,_e,_f,_g,_h)
1248 struct ip6_routing {
1249 u_char ip6r_nxt; /* next header */
1250 u_char ip6r_len; /* length in units of 8 octets */
1251 u_char ip6r_type; /* always zero */
1252 u_char ip6r_segleft; /* segments left */
1253 u_32_t ip6r_reserved; /* reserved field */
1256 #endif /* __IP_COMPAT_H__ */