2 * Copyright (C) 2012 by Darren Reed.
4 * See the IPFILTER.LICENCE file for details on licencing.
6 * @(#)ip_compat.h 1.8 1/14/96
8 * Id: ip_compat.h,v 2.142.2.57 2007/10/10 09:51:42 darrenr Exp $
11 #ifndef __IP_COMPAT_H__
12 #define __IP_COMPAT_H__
26 #if defined(_KERNEL) || defined(KERNEL) || defined(__KERNEL__)
35 #define SOLARIS (defined(sun) && (defined(__svr4__) || defined(__SVR4)))
38 #if defined(__SVR4) || defined(__svr4__) || defined(__sgi)
40 # if !defined(_KERNEL)
41 # define bzero(a,b) memset(a,0,b)
43 # define bcopy(a,b,c) memmove(b,a,c)
49 # define LIFNAMSIZ IF_NAMESIZE
52 # define LIFNAMSIZ IFNAMSIZ
59 #if defined(__sgi) || defined(bsdi) || defined(__hpux) || defined(hpux)
61 u_char ether_addr_octet[6];
66 # define IPL_EXTERN(ep) ipl##ep
68 # define IPL_EXTERN(ep) ipl/**/ep
72 * This is a workaround for <sys/uio.h> troubles on FreeBSD and OpenBSD.
85 #define NETBSD_GE_REV(x) (defined(__NetBSD_Version__) && \
86 (__NetBSD_Version__ >= (x)))
87 #define NETBSD_GT_REV(x) (defined(__NetBSD_Version__) && \
88 (__NetBSD_Version__ > (x)))
89 #define NETBSD_LT_REV(x) (defined(__NetBSD_Version__) && \
90 (__NetBSD_Version__ < (x)))
91 #define FREEBSD_GE_REV(x) (defined(__FreeBSD_version) && \
92 (__FreeBSD_version >= (x)))
93 #define FREEBSD_GT_REV(x) (defined(__FreeBSD_version) && \
94 (__FreeBSD_version > (x)))
95 #define FREEBSD_LT_REV(x) (defined(__FreeBSD_version) && \
96 (__FreeBSD_version < (x)))
97 #define BSDOS_GE_REV(x) (defined(_BSDI_VERSION) && \
98 (_BSDI_VERSION >= (x)))
99 #define BSDOS_GT_REV(x) (defined(_BSDI_VERSION) && \
100 (_BSDI_VERSION > (x)))
101 #define BSDOS_LT_REV(x) (defined(_BSDI_VERSION) && \
102 (_BSDI_VERSION < (x)))
103 #define OPENBSD_GE_REV(x) (defined(OpenBSD) && (OpenBSD >= (x)))
104 #define OPENBSD_GT_REV(x) (defined(OpenBSD) && (OpenBSD > (x)))
105 #define OPENBSD_LT_REV(x) (defined(OpenBSD) && (OpenBSD < (x)))
106 #define BSD_GE_YEAR(x) (defined(BSD) && (BSD >= (x)))
107 #define BSD_GT_YEAR(x) (defined(BSD) && (BSD > (x)))
108 #define BSD_LT_YEAR(x) (defined(BSD) && (BSD < (x)))
111 /* ----------------------------------------------------------------------- */
113 /* ----------------------------------------------------------------------- */
114 # define HAS_SYS_MD5_H 1
115 # if defined(_KERNEL)
116 # include "opt_bpf.h"
117 # include "opt_inet6.h"
118 # if defined(INET6) && !defined(USE_INET6)
122 # if !defined(USE_INET6) && !defined(NOINET6)
127 # if defined(_KERNEL)
128 # include <netinet/ip_var.h>
129 # define p_cred td_ucred
130 # define p_uid td_ucred->cr_ruid
133 * When #define'd, the 5.2.1 kernel panics when used with the ftp proxy.
134 * There may be other, safe, kernels but this is not extensively tested yet.
136 # define HAVE_M_PULLDOWN
137 # if !defined(IPFILTER_LKM) && (__FreeBSD_version >= 300000)
138 # include "opt_ipfilter.h"
140 # define COPYIN(a,b,c) copyin((caddr_t)(a), (caddr_t)(b), (c))
141 # define COPYOUT(a,b,c) copyout((caddr_t)(a), (caddr_t)(b), (c))
145 # include <inttypes.h>
146 # endif /* _KERNEL */
148 # include <sys/selinfo.h>
149 # include <sys/lock.h>
150 # include <sys/mutex.h>
151 # define KRWLOCK_FILL_SZ 56
152 # define KMUTEX_FILL_SZ 56
153 # include <sys/rwlock.h>
154 # define KMUTEX_T struct mtx
155 # define KRWLOCK_T struct rwlock
157 # define READ_ENTER(x) rw_rlock(&(x)->ipf_lk)
158 # define WRITE_ENTER(x) rw_wlock(&(x)->ipf_lk)
159 # define MUTEX_DOWNGRADE(x) rw_downgrade(&(x)->ipf_lk)
160 # define RWLOCK_INIT(x,y) rw_init(&(x)->ipf_lk, (y))
161 # define RW_DESTROY(x) rw_destroy(&(x)->ipf_lk)
162 # define RWLOCK_EXIT(x) do { \
163 if (rw_wowned(&(x)->ipf_lk)) \
164 rw_wunlock(&(x)->ipf_lk); \
166 rw_runlock(&(x)->ipf_lk); \
170 # include <net/if_var.h>
171 # define IFNAME(x) ((struct ifnet *)x)->if_xname
172 # define COPYIFNAME(v, x, b) \
174 ((struct ifnet *)x)->if_xname, \
178 # define GETKTIME(x) microtime((struct timeval *)x)
180 # include <netinet/in_systm.h>
181 # include <netinet/ip.h>
182 # include <machine/in_cksum.h>
185 # define MUTEX_ENTER(x) mtx_lock(&(x)->ipf_lk)
186 # define MUTEX_EXIT(x) mtx_unlock(&(x)->ipf_lk)
187 # define MUTEX_INIT(x,y) mtx_init(&(x)->ipf_lk, (y), NULL,\
189 # define MUTEX_DESTROY(x) mtx_destroy(&(x)->ipf_lk)
190 # define MUTEX_NUKE(x) bzero((x), sizeof(*(x)))
192 * Whilst the sx(9) locks on FreeBSD have the right semantics and interface
193 * for what we want to use them for, despite testing showing they work -
194 * with a WITNESS kernel, it generates LOR messages.
196 # include <machine/atomic.h>
197 # define ATOMIC_INC(x) { mtx_lock(&softc->ipf_rw.ipf_lk); (x)++; \
198 mtx_unlock(&softc->ipf_rw.ipf_lk); }
199 # define ATOMIC_DEC(x) { mtx_lock(&softc->ipf_rw.ipf_lk); (x)--; \
200 mtx_unlock(&softc->ipf_rw.ipf_lk); }
201 # define ATOMIC_INCL(x) atomic_add_long(&(x), 1)
202 # define ATOMIC_INC64(x) ATOMIC_INC(x)
203 # define ATOMIC_INC32(x) atomic_add_32((u_int *)&(x), 1)
204 # define ATOMIC_DECL(x) atomic_add_long(&(x), -1)
205 # define ATOMIC_DEC64(x) ATOMIC_DEC(x)
206 # define ATOMIC_DEC32(x) atomic_add_32((u_int *)&(x), -1)
208 # define SPL_NET(x) ;
209 # define SPL_IMP(x) ;
210 # define SPL_SCHED(x) ;
211 # define GET_MINOR dev2unit
212 # define MSGDSIZE(m) mbufchainlen(m)
213 # define M_LEN(m) (m)->m_len
214 # define M_ADJ(m,x) m_adj(m, x)
215 # define M_COPY(x) m_copy((x), 0, M_COPYALL)
216 # define M_DUP(m) m_dup(m, M_NOWAIT)
217 # define IPF_PANIC(x,y) if (x) { printf y; panic("ipf_panic"); }
218 typedef struct mbuf mb_t;
219 # endif /* _KERNEL */
222 typedef u_long ioctlcmd_t;
223 typedef struct uio uio_t;
225 typedef u_int32_t u_32_t;
229 /* ----------------------------------------------------------------------- */
231 /* ----------------------------------------------------------------------- */
234 * For BSD kernels, if bpf is in the kernel, enable ipfilter to use bpf in
237 #if !defined(IPFILTER_BPF)
238 # if (defined(NBPF) && (NBPF > 0)) || (defined(DEV_BPF) && (DEV_BPF > 0)) || \
239 (defined(NBPFILTER) && (NBPFILTER > 0))
240 # define IPFILTER_BPF
245 * Userland locking primitives
248 #if !defined(KMUTEX_FILL_SZ)
249 # define KMUTEX_FILL_SZ 1
251 #if !defined(KRWLOCK_FILL_SZ)
252 # define KRWLOCK_FILL_SZ 1
274 char _fill[KMUTEX_FILL_SZ];
278 const char *ipf_lname;
285 char _fill[KRWLOCK_FILL_SZ];
289 const char *ipf_lname;
298 #define ipf_lk ipf_lkun_s.ipf_slk
299 #define ipf_lname ipf_lkun_s.ipf_lname
300 #define ipf_isr ipf_lkun_s.ipf_sr
301 #define ipf_isw ipf_lkun_s.ipf_sw
302 #define ipf_magic ipf_lkun_s.ipf_magic
304 #if !defined(__GNUC__) || \
305 (defined(__FreeBSD_version) && (__FreeBSD_version >= 503000))
310 # define INLINE __inline__
313 #if defined(__FreeBSD_version) && defined(_KERNEL)
314 CTASSERT(sizeof(ipfrwlock_t) == KRWLOCK_FILL_SZ);
315 CTASSERT(sizeof(ipfmutex_t) == KMUTEX_FILL_SZ);
320 * In a non-kernel environment, there are a lot of macros that need to be
321 * filled in to be null-ops or to point to some compatibility function,
322 * somewhere in userland.
325 typedef struct mb_s {
326 struct mb_s *mb_next;
334 # define m_next mb_next
336 # define m_len mb_len
338 # define m_flags mb_flags
340 # define m_data mb_data
342 # define M_MCAST 0x01
344 # define M_BCAST 0x02
346 # define M_MBCAST 0x04
347 # define MSGDSIZE(m) msgdsize(m)
348 # define M_LEN(m) (m)->mb_len
349 # define M_ADJ(m,x) (m)->mb_len += x
350 # define M_COPY(m) dupmbt(m)
351 # define M_DUP(m) dupmbt(m)
352 # define GETKTIME(x) gettimeofday((struct timeval *)(x), NULL)
353 # define MTOD(m, t) ((t)(m)->mb_data)
354 # define FREE_MB_T(m) freembt(m)
355 # define ALLOC_MB_T(m,l) (m) = allocmbt(l)
356 # define PREP_MB_T(f, m) do { \
357 (m)->mb_next = *(f)->fin_mp; \
358 *(fin)->fin_mp = (m); \
361 # define SLEEP(x,y) 1;
362 # define WAKEUP(x,y) ;
363 # define POLLWAKEUP(y) ;
364 # define IPF_PANIC(x,y) ;
365 # define PANIC(x,y) ;
366 # define SPL_SCHED(x) ;
367 # define SPL_NET(x) ;
368 # define SPL_IMP(x) ;
370 # define KMALLOC(a,b) (a) = (b)malloc(sizeof(*a))
371 # define KMALLOCS(a,b,c) (a) = (b)malloc(c)
372 # define KFREE(x) free(x)
373 # define KFREES(x,s) free(x)
374 # define GETIFP(x, v) get_unit(x,v)
375 # define GETIFMTU_4(x) 2048
376 # define GETIFMTU_6(x) 2048
377 # define COPYIN(a,b,c) bcopywrap((a), (b), (c))
378 # define COPYOUT(a,b,c) bcopywrap((a), (b), (c))
379 # define COPYDATA(m, o, l, b) bcopy(MTOD((mb_t *)m, char *) + (o), \
381 # define COPYBACK(m, o, l, b) bcopy((b), \
382 MTOD((mb_t *)m, char *) + (o), \
384 # define UIOMOVE(a,b,c,d) ipfuiomove((caddr_t)a,b,c,d)
385 extern void m_copydata __P((mb_t *, int, int, caddr_t));
386 extern int ipfuiomove __P((caddr_t, int, int, struct uio *));
387 extern int bcopywrap __P((void *, void *, size_t));
388 extern mb_t *allocmbt __P((size_t));
389 extern mb_t *dupmbt __P((mb_t *));
390 extern void freembt __P((mb_t *));
392 # define MUTEX_DESTROY(x) eMmutex_destroy(&(x)->ipf_emu, \
394 # define MUTEX_ENTER(x) eMmutex_enter(&(x)->ipf_emu, \
396 # define MUTEX_EXIT(x) eMmutex_exit(&(x)->ipf_emu, \
398 # define MUTEX_INIT(x,y) eMmutex_init(&(x)->ipf_emu, y, \
400 # define MUTEX_NUKE(x) bzero((x), sizeof(*(x)))
402 # define MUTEX_DOWNGRADE(x) eMrwlock_downgrade(&(x)->ipf_emu, \
404 # define READ_ENTER(x) eMrwlock_read_enter(&(x)->ipf_emu, \
406 # define RWLOCK_INIT(x, y) eMrwlock_init(&(x)->ipf_emu, y)
407 # define RWLOCK_EXIT(x) eMrwlock_exit(&(x)->ipf_emu)
408 # define RW_DESTROY(x) eMrwlock_destroy(&(x)->ipf_emu)
409 # define WRITE_ENTER(x) eMrwlock_write_enter(&(x)->ipf_emu, \
413 # define USE_MUTEXES 1
415 extern void eMmutex_destroy __P((eMmutex_t *, char *, int));
416 extern void eMmutex_enter __P((eMmutex_t *, char *, int));
417 extern void eMmutex_exit __P((eMmutex_t *, char *, int));
418 extern void eMmutex_init __P((eMmutex_t *, char *, char *, int));
419 extern void eMrwlock_destroy __P((eMrwlock_t *));
420 extern void eMrwlock_exit __P((eMrwlock_t *));
421 extern void eMrwlock_init __P((eMrwlock_t *, char *));
422 extern void eMrwlock_read_enter __P((eMrwlock_t *, char *, int));
423 extern void eMrwlock_write_enter __P((eMrwlock_t *, char *, int));
424 extern void eMrwlock_downgrade __P((eMrwlock_t *, char *, int));
428 extern mb_t *allocmbt(size_t);
430 #define MAX_IPV4HDR ((0xf << 2) + sizeof(struct icmp) + sizeof(ip_t) + 8)
433 # define IP_OFFMASK 0x1fff
438 * On BSD's use quad_t as a guarantee for getting at least a 64bit sized
441 #if !defined(__amd64__) && BSD_GT_YEAR(199306)
443 # define U_QUAD_T unsigned long long
444 # define QUAD_T long long
445 #else /* BSD > 199306 */
446 # if !defined(U_QUAD_T)
447 # define U_QUAD_T u_long
450 #endif /* BSD > 199306 */
454 # if defined(__NetBSD__) || defined(__OpenBSD__) || defined(__FreeBSD__) || \
455 defined(__osf__) || defined(linux)
456 # include <netinet/ip6.h>
457 # include <netinet/icmp6.h>
458 # if defined(_KERNEL) && !defined(__osf__)
459 # include <netinet6/ip6_var.h>
461 typedef struct ip6_hdr ip6_t;
466 # define MAX(a,b) (((a) > (b)) ? (a) : (b))
470 # if defined(MENTAT) && !defined(INSTANCES)
471 # define COPYDATA mb_copydata
472 # define COPYBACK mb_copyback
474 # define COPYDATA m_copydata
475 # define COPYBACK m_copyback
477 # if (defined(__NetBSD_Version__) && (__NetBSD_Version__ < 105180000)) || \
478 defined(__FreeBSD__) || (defined(OpenBSD) && (OpenBSD < 200206)) || \
479 defined(_BSDI_VERSION)
482 # if !defined(__FreeBSD__) || FREEBSD_GE_REV(300000)
483 # if NETBSD_GE_REV(105180000) || OPENBSD_GE_REV(200111)
484 # include <uvm/uvm_extern.h>
486 # include <vm/vm_extern.h>
487 extern vm_map_t kmem_map;
489 # include <sys/proc.h>
490 # else /* !__FreeBSD__ || (__FreeBSD__ && __FreeBSD_version >= 300000) */
491 # include <vm/vm_kern.h>
492 # endif /* !__FreeBSD__ || (__FreeBSD__ && __FreeBSD_version >= 300000) */
494 # ifdef IPFILTER_M_IPFILTER
495 # include <sys/malloc.h>
496 MALLOC_DECLARE(M_IPFILTER);
497 # define _M_IPF M_IPFILTER
498 # else /* IPFILTER_M_IPFILTER */
500 # define _M_IPF M_PFIL
503 # define _M_IPF M_IPFILTER
505 # define _M_IPF M_TEMP
506 # endif /* M_IPFILTER */
508 # endif /* IPFILTER_M_IPFILTER */
509 # if !defined(KMALLOC)
510 # define KMALLOC(a, b) MALLOC((a), b, sizeof(*(a)), _M_IPF, M_NOWAIT)
512 # if !defined(KMALLOCS)
513 # define KMALLOCS(a, b, c) MALLOC((a), b, (c), _M_IPF, M_NOWAIT)
516 # define KFREE(x) FREE((x), _M_IPF)
518 # if !defined(KFREES)
519 # define KFREES(x,s) FREE((x), _M_IPF)
521 # define UIOMOVE(a,b,c,d) uiomove((caddr_t)a,b,d)
522 # define SLEEP(id, n) tsleep((id), PPAUSE|PCATCH, n, 0)
523 # define WAKEUP(id,x) wakeup(id+x)
524 # if !defined(POLLWAKEUP)
525 # define POLLWAKEUP(x) selwakeup(softc->ipf_selwait+x)
527 # define GETIFP(n, v) ifunit(n)
528 # define GETIFMTU_4(x) ((struct ifnet *)x)->if_mtu
529 # define GETIFMTU_6(x) ((struct ifnet *)x)->if_mtu
531 # if !defined(USE_MUTEXES) && !defined(SPL_NET)
532 # define SPL_IMP(x) x = splimp()
533 # define SPL_NET(x) x = splnet()
534 # if !defined(SPL_SCHED)
535 # define SPL_SCHED(x) x = splsched()
537 # define SPL_X(x) (void) splx(x)
538 # endif /* !USE_MUTEXES */
541 # define FREE_MB_T(m) m_freem(m)
545 # define ALLOC_MB_T(m,l) do { \
546 MGETHDR((m), M_NOWAIT, MT_HEADER); \
549 (m)->m_pkthdr.len = (l); \
553 # define ALLOC_MB_T(m,l) do { \
554 MGET((m), M_NOWAIT, MT_HEADER); \
557 (m)->m_pkthdr.len = (l); \
563 # define PREP_MB_T(f, m) do { \
564 mb_t *_o = *(f)->fin_mp; \
566 *(fin)->fin_mp = (m); \
567 if (_o->m_flags & M_PKTHDR) { \
568 (m)->m_pkthdr.len += \
570 (m)->m_pkthdr.rcvif = \
571 _o->m_pkthdr.rcvif; \
577 # define M_DUP(m) m_dup(m, 0, M_COPYALL, 0)
579 # define M_DUP(m) m_dup(m)
584 # define MTOD(m,t) mtod(m,t)
588 # define COPYIN(a,b,c) (bcopy((caddr_t)(a), (caddr_t)(b), (c)), 0)
589 # define COPYOUT(a,b,c) (bcopy((caddr_t)(a), (caddr_t)(b), (c)), 0)
593 # define KMALLOC(a,b) (a) = (b)new_kmem_alloc(sizeof(*(a)), \
595 # define KMALLOCS(a,b,c) (a) = (b)new_kmem_alloc((c), KMEM_NOSLEEP)
599 # define GET_MINOR(x) dev2unit(x)
601 # define PANIC(x,y) if (x) panic y
604 #if !defined(IFNAME) && !defined(_KERNEL)
605 # define IFNAME(x) get_ifname((struct ifnet *)x)
608 # define NEED_FRGETIFNAME
609 extern char *ipf_getifname __P((struct ifnet *, char *));
610 # define COPYIFNAME(v, x, b) \
611 ipf_getifname((struct ifnet *)x, b)
618 # define ASSERT(x) do { if (!(x)) abort(); } while (0)
623 # define BCOPYIN(a,b,c) (bcopy((caddr_t)(a), (caddr_t)(b), (c)), 0)
624 # define BCOPYOUT(a,b,c) (bcopy((caddr_t)(a), (caddr_t)(b), (c)), 0)
628 * Because the ctype(3) posix definition, if used "safely" in code everywhere,
629 * would mean all normal code that walks through strings needed casts. Yuck.
631 #define ISALNUM(x) isalnum((u_char)(x))
632 #define ISALPHA(x) isalpha((u_char)(x))
633 #define ISDIGIT(x) isdigit((u_char)(x))
634 #define ISSPACE(x) isspace((u_char)(x))
635 #define ISUPPER(x) isupper((u_char)(x))
636 #define ISXDIGIT(x) isxdigit((u_char)(x))
637 #define ISLOWER(x) islower((u_char)(x))
638 #define TOUPPER(x) toupper((u_char)(x))
639 #define TOLOWER(x) tolower((u_char)(x))
642 * If mutexes aren't being used, turn all the mutex functions into null-ops.
644 #if !defined(USE_MUTEXES)
649 # undef MUTEX_DESTROY
650 # define MUTEX_ENTER(x) ;
651 # define READ_ENTER(x) ;
652 # define WRITE_ENTER(x) ;
653 # define MUTEX_DOWNGRADE(x) ;
654 # define RWLOCK_INIT(x, y) ;
655 # define RWLOCK_EXIT(x) ;
656 # define RW_DESTROY(x) ;
657 # define MUTEX_EXIT(x) ;
658 # define MUTEX_INIT(x,y) ;
659 # define MUTEX_DESTROY(x) ;
660 # define MUTEX_NUKE(x) ;
661 #endif /* !USE_MUTEXES */
663 # define ATOMIC_INC(x) (x)++
664 # define ATOMIC_DEC(x) (x)--
667 #if defined(USE_SPL) && defined(_KERNEL)
668 # define SPL_INT(x) int x
674 * If there are no atomic operations for bit sizes defined, define them to all
675 * use a generic one that works for all sizes.
678 # define ATOMIC_INCL ATOMIC_INC
679 # define ATOMIC_INC64 ATOMIC_INC
680 # define ATOMIC_INC32 ATOMIC_INC
681 # define ATOMIC_DECL ATOMIC_DEC
682 # define ATOMIC_DEC64 ATOMIC_DEC
683 # define ATOMIC_DEC32 ATOMIC_DEC
686 #ifndef HDR_T_PRIVATE
687 typedef struct tcphdr tcphdr_t;
688 typedef struct udphdr udphdr_t;
690 typedef struct icmp icmphdr_t;
691 typedef struct ip ip_t;
692 typedef struct ether_header ether_header_t;
693 typedef struct tcpiphdr tcpiphdr_t;
696 # define FR_GROUPLEN 16
700 # define offsetof(t,m) (size_t)((&((t *)0L)->m))
703 # define stsizeof(t,m) sizeof(((t *)0L)->m)
707 * This set of macros has been brought about because on Tru64 it is not
708 * possible to easily assign or examine values in a structure that are
712 # define IP_V(x) (x)->ip_v
715 # define IP_V_A(x,y) (x)->ip_v = (y)
718 # define IP_HL(x) (x)->ip_hl
721 # define IP_HL_A(x,y) (x)->ip_hl = ((y) & 0xf)
724 # define TCP_X2(x) (x)->th_x2
727 # define TCP_X2_A(x,y) (x)->th_x2 = (y)
730 # define TCP_OFF(x) (x)->th_off
733 # define TCP_OFF_A(x,y) (x)->th_off = (y)
735 #define IPMINLEN(i, h) ((i)->ip_len >= (IP_HL(i) * 4 + sizeof(struct h)))
739 * XXX - This is one of those *awful* hacks which nobody likes
747 #define TCPF_ALL (TH_FIN|TH_SYN|TH_RST|TH_PUSH|TH_ACK|TH_URG|\
750 #if BSD_GE_YEAR(199306) && !defined(m_act)
751 # define m_act m_nextpkt
755 * Security Options for Intenet Protocol (IPSO) as defined in RFC 1108.
759 * 00000001 - (Reserved 4)
760 * 00111101 - Top Secret
762 * 10010110 - Confidential
763 * 01100110 - (Reserved 3)
764 * 11001100 - (Reserved 2)
765 * 10101011 - Unclassified
766 * 11110001 - (Reserved 1)
768 #define IPSO_CLASS_RES4 0x01
769 #define IPSO_CLASS_TOPS 0x3d
770 #define IPSO_CLASS_SECR 0x5a
771 #define IPSO_CLASS_CONF 0x96
772 #define IPSO_CLASS_RES3 0x66
773 #define IPSO_CLASS_RES2 0xcc
774 #define IPSO_CLASS_UNCL 0xab
775 #define IPSO_CLASS_RES1 0xf1
777 #define IPSO_AUTH_GENSER 0x80
778 #define IPSO_AUTH_ESI 0x40
779 #define IPSO_AUTH_SCI 0x20
780 #define IPSO_AUTH_NSA 0x10
781 #define IPSO_AUTH_DOE 0x08
782 #define IPSO_AUTH_UN 0x06
783 #define IPSO_AUTH_FTE 0x01
791 #define IPOPT_ZSU 10 /* ZSU */
793 #define IPOPT_MTUP 11 /* MTUP */
795 #define IPOPT_MTUR 12 /* MTUR */
797 #define IPOPT_ENCODE 15 /* ENCODE */
801 #define IPOPT_TR 82 /* TR */
802 #undef IPOPT_SECURITY
803 #define IPOPT_SECURITY 130
805 #define IPOPT_LSRR 131
807 #define IPOPT_E_SEC 133 /* E-SEC */
809 #define IPOPT_CIPSO 134 /* CIPSO */
811 #define IPOPT_SATID 136
813 # define IPOPT_SID IPOPT_SATID
816 #define IPOPT_SSRR 137
818 #define IPOPT_ADDEXT 147 /* ADDEXT */
820 #define IPOPT_VISA 142 /* VISA */
822 #define IPOPT_IMITD 144 /* IMITD */
824 #define IPOPT_EIP 145 /* EIP */
826 #define IPOPT_RTRALRT 148 /* RTRALRT */
828 #define IPOPT_SDB 149
830 #define IPOPT_NSAPA 150
832 #define IPOPT_DPS 151
834 #define IPOPT_UMP 152
836 #define IPOPT_FINN 205 /* FINN */
838 #define IPOPT_AH 256+IPPROTO_AH
841 # define TCPOPT_EOL 0
844 # define TCPOPT_NOP 1
846 #ifndef TCPOPT_MAXSEG
847 # define TCPOPT_MAXSEG 2
849 #ifndef TCPOLEN_MAXSEG
850 # define TCPOLEN_MAXSEG 4
852 #ifndef TCPOPT_WINDOW
853 # define TCPOPT_WINDOW 3
855 #ifndef TCPOLEN_WINDOW
856 # define TCPOLEN_WINDOW 3
858 #ifndef TCPOPT_SACK_PERMITTED
859 # define TCPOPT_SACK_PERMITTED 4
861 #ifndef TCPOLEN_SACK_PERMITTED
862 # define TCPOLEN_SACK_PERMITTED 2
865 # define TCPOPT_SACK 5
867 #ifndef TCPOPT_TIMESTAMP
868 # define TCPOPT_TIMESTAMP 8
872 # define ICMP_MINLEN 8
874 #ifndef ICMP_ECHOREPLY
875 # define ICMP_ECHOREPLY 0
878 # define ICMP_UNREACH 3
880 #ifndef ICMP_UNREACH_NET
881 # define ICMP_UNREACH_NET 0
883 #ifndef ICMP_UNREACH_HOST
884 # define ICMP_UNREACH_HOST 1
886 #ifndef ICMP_UNREACH_PROTOCOL
887 # define ICMP_UNREACH_PROTOCOL 2
889 #ifndef ICMP_UNREACH_PORT
890 # define ICMP_UNREACH_PORT 3
892 #ifndef ICMP_UNREACH_NEEDFRAG
893 # define ICMP_UNREACH_NEEDFRAG 4
895 #ifndef ICMP_UNREACH_SRCFAIL
896 # define ICMP_UNREACH_SRCFAIL 5
898 #ifndef ICMP_UNREACH_NET_UNKNOWN
899 # define ICMP_UNREACH_NET_UNKNOWN 6
901 #ifndef ICMP_UNREACH_HOST_UNKNOWN
902 # define ICMP_UNREACH_HOST_UNKNOWN 7
904 #ifndef ICMP_UNREACH_ISOLATED
905 # define ICMP_UNREACH_ISOLATED 8
907 #ifndef ICMP_UNREACH_NET_PROHIB
908 # define ICMP_UNREACH_NET_PROHIB 9
910 #ifndef ICMP_UNREACH_HOST_PROHIB
911 # define ICMP_UNREACH_HOST_PROHIB 10
913 #ifndef ICMP_UNREACH_TOSNET
914 # define ICMP_UNREACH_TOSNET 11
916 #ifndef ICMP_UNREACH_TOSHOST
917 # define ICMP_UNREACH_TOSHOST 12
919 #ifndef ICMP_UNREACH_ADMIN_PROHIBIT
920 # define ICMP_UNREACH_ADMIN_PROHIBIT 13
922 #ifndef ICMP_UNREACH_FILTER
923 # define ICMP_UNREACH_FILTER 13
925 #ifndef ICMP_UNREACH_HOST_PRECEDENCE
926 # define ICMP_UNREACH_HOST_PRECEDENCE 14
928 #ifndef ICMP_UNREACH_PRECEDENCE_CUTOFF
929 # define ICMP_UNREACH_PRECEDENCE_CUTOFF 15
931 #ifndef ICMP_SOURCEQUENCH
932 # define ICMP_SOURCEQUENCH 4
934 #ifndef ICMP_REDIRECT_NET
935 # define ICMP_REDIRECT_NET 0
937 #ifndef ICMP_REDIRECT_HOST
938 # define ICMP_REDIRECT_HOST 1
940 #ifndef ICMP_REDIRECT_TOSNET
941 # define ICMP_REDIRECT_TOSNET 2
943 #ifndef ICMP_REDIRECT_TOSHOST
944 # define ICMP_REDIRECT_TOSHOST 3
946 #ifndef ICMP_ALTHOSTADDR
947 # define ICMP_ALTHOSTADDR 6
949 #ifndef ICMP_TIMXCEED
950 # define ICMP_TIMXCEED 11
952 #ifndef ICMP_TIMXCEED_INTRANS
953 # define ICMP_TIMXCEED_INTRANS 0
955 #ifndef ICMP_TIMXCEED_REASS
956 # define ICMP_TIMXCEED_REASS 1
958 #ifndef ICMP_PARAMPROB
959 # define ICMP_PARAMPROB 12
961 #ifndef ICMP_PARAMPROB_ERRATPTR
962 # define ICMP_PARAMPROB_ERRATPTR 0
964 #ifndef ICMP_PARAMPROB_OPTABSENT
965 # define ICMP_PARAMPROB_OPTABSENT 1
967 #ifndef ICMP_PARAMPROB_LENGTH
968 # define ICMP_PARAMPROB_LENGTH 2
971 # define ICMP_TSTAMP 13
973 #ifndef ICMP_TSTAMPREPLY
974 # define ICMP_TSTAMPREPLY 14
977 # define ICMP_IREQ 15
979 #ifndef ICMP_IREQREPLY
980 # define ICMP_IREQREPLY 16
983 # define ICMP_MASKREQ 17
985 #ifndef ICMP_MASKREPLY
986 # define ICMP_MASKREPLY 18
988 #ifndef ICMP_TRACEROUTE
989 # define ICMP_TRACEROUTE 30
991 #ifndef ICMP_DATACONVERR
992 # define ICMP_DATACONVERR 31
994 #ifndef ICMP_MOBILE_REDIRECT
995 # define ICMP_MOBILE_REDIRECT 32
997 #ifndef ICMP_IPV6_WHEREAREYOU
998 # define ICMP_IPV6_WHEREAREYOU 33
1000 #ifndef ICMP_IPV6_IAMHERE
1001 # define ICMP_IPV6_IAMHERE 34
1003 #ifndef ICMP_MOBILE_REGREQUEST
1004 # define ICMP_MOBILE_REGREQUEST 35
1006 #ifndef ICMP_MOBILE_REGREPLY
1007 # define ICMP_MOBILE_REGREPLY 36
1010 # define ICMP_SKIP 39
1012 #ifndef ICMP_PHOTURIS
1013 # define ICMP_PHOTURIS 40
1015 #ifndef ICMP_PHOTURIS_UNKNOWN_INDEX
1016 # define ICMP_PHOTURIS_UNKNOWN_INDEX 1
1018 #ifndef ICMP_PHOTURIS_AUTH_FAILED
1019 # define ICMP_PHOTURIS_AUTH_FAILED 2
1021 #ifndef ICMP_PHOTURIS_DECRYPT_FAILED
1022 # define ICMP_PHOTURIS_DECRYPT_FAILED 3
1025 # define IPVERSION 4
1027 #ifndef IPOPT_MINOFF
1028 # define IPOPT_MINOFF 4
1030 #ifndef IPOPT_COPIED
1031 # define IPOPT_COPIED(x) ((x)&0x80)
1034 # define IPOPT_EOL 0
1037 # define IPOPT_NOP 1
1040 # define IP_MF ((u_short)0x2000)
1042 #ifndef ETHERTYPE_IP
1043 # define ETHERTYPE_IP ((u_short)0x0800)
1046 # define TH_FIN 0x01
1049 # define TH_SYN 0x02
1052 # define TH_RST 0x04
1055 # define TH_PUSH 0x08
1058 # define TH_ACK 0x10
1061 # define TH_URG 0x20
1064 #define TH_ACKMASK (TH_FIN|TH_SYN|TH_RST|TH_ACK)
1067 # define IPOPT_EOL 0
1070 # define IPOPT_NOP 1
1076 # define IPOPT_TS 68
1078 #ifndef IPOPT_SECURITY
1079 # define IPOPT_SECURITY 130
1082 # define IPOPT_LSRR 131
1085 # define IPOPT_SATID 136
1088 # define IPOPT_SSRR 137
1090 #ifndef IPOPT_SECUR_UNCLASS
1091 # define IPOPT_SECUR_UNCLASS ((u_short)0x0000)
1093 #ifndef IPOPT_SECUR_CONFID
1094 # define IPOPT_SECUR_CONFID ((u_short)0xf135)
1096 #ifndef IPOPT_SECUR_EFTO
1097 # define IPOPT_SECUR_EFTO ((u_short)0x789a)
1099 #ifndef IPOPT_SECUR_MMMM
1100 # define IPOPT_SECUR_MMMM ((u_short)0xbc4d)
1102 #ifndef IPOPT_SECUR_RESTR
1103 # define IPOPT_SECUR_RESTR ((u_short)0xaf13)
1105 #ifndef IPOPT_SECUR_SECRET
1106 # define IPOPT_SECUR_SECRET ((u_short)0xd788)
1108 #ifndef IPOPT_SECUR_TOPSECRET
1109 # define IPOPT_SECUR_TOPSECRET ((u_short)0x6bc5)
1112 # define IPOPT_OLEN 1
1114 #ifndef IPPROTO_HOPOPTS
1115 # define IPPROTO_HOPOPTS 0
1117 #ifndef IPPROTO_IPIP
1118 # define IPPROTO_IPIP 4
1120 #ifndef IPPROTO_ENCAP
1121 # define IPPROTO_ENCAP 98
1123 #ifndef IPPROTO_IPV6
1124 # define IPPROTO_IPV6 41
1126 #ifndef IPPROTO_ROUTING
1127 # define IPPROTO_ROUTING 43
1129 #ifndef IPPROTO_FRAGMENT
1130 # define IPPROTO_FRAGMENT 44
1133 # define IPPROTO_GRE 47 /* GRE encaps RFC 1701 */
1136 # define IPPROTO_ESP 50
1139 # define IPPROTO_AH 51
1141 #ifndef IPPROTO_ICMPV6
1142 # define IPPROTO_ICMPV6 58
1144 #ifndef IPPROTO_NONE
1145 # define IPPROTO_NONE 59
1147 #ifndef IPPROTO_DSTOPTS
1148 # define IPPROTO_DSTOPTS 60
1150 #ifndef IPPROTO_MOBILITY
1151 # define IPPROTO_MOBILITY 135
1154 #ifndef ICMP_ROUTERADVERT
1155 # define ICMP_ROUTERADVERT 9
1157 #ifndef ICMP_ROUTERSOLICIT
1158 # define ICMP_ROUTERSOLICIT 10
1160 #ifndef ICMP6_DST_UNREACH
1161 # define ICMP6_DST_UNREACH 1
1163 #ifndef ICMP6_PACKET_TOO_BIG
1164 # define ICMP6_PACKET_TOO_BIG 2
1166 #ifndef ICMP6_TIME_EXCEEDED
1167 # define ICMP6_TIME_EXCEEDED 3
1169 #ifndef ICMP6_PARAM_PROB
1170 # define ICMP6_PARAM_PROB 4
1173 #ifndef ICMP6_ECHO_REQUEST
1174 # define ICMP6_ECHO_REQUEST 128
1176 #ifndef ICMP6_ECHO_REPLY
1177 # define ICMP6_ECHO_REPLY 129
1179 #ifndef ICMP6_MEMBERSHIP_QUERY
1180 # define ICMP6_MEMBERSHIP_QUERY 130
1182 #ifndef MLD6_LISTENER_QUERY
1183 # define MLD6_LISTENER_QUERY 130
1185 #ifndef ICMP6_MEMBERSHIP_REPORT
1186 # define ICMP6_MEMBERSHIP_REPORT 131
1188 #ifndef MLD6_LISTENER_REPORT
1189 # define MLD6_LISTENER_REPORT 131
1191 #ifndef ICMP6_MEMBERSHIP_REDUCTION
1192 # define ICMP6_MEMBERSHIP_REDUCTION 132
1194 #ifndef MLD6_LISTENER_DONE
1195 # define MLD6_LISTENER_DONE 132
1197 #ifndef ND_ROUTER_SOLICIT
1198 # define ND_ROUTER_SOLICIT 133
1200 #ifndef ND_ROUTER_ADVERT
1201 # define ND_ROUTER_ADVERT 134
1203 #ifndef ND_NEIGHBOR_SOLICIT
1204 # define ND_NEIGHBOR_SOLICIT 135
1206 #ifndef ND_NEIGHBOR_ADVERT
1207 # define ND_NEIGHBOR_ADVERT 136
1210 # define ND_REDIRECT 137
1212 #ifndef ICMP6_ROUTER_RENUMBERING
1213 # define ICMP6_ROUTER_RENUMBERING 138
1215 #ifndef ICMP6_WRUREQUEST
1216 # define ICMP6_WRUREQUEST 139
1218 #ifndef ICMP6_WRUREPLY
1219 # define ICMP6_WRUREPLY 140
1221 #ifndef ICMP6_FQDN_QUERY
1222 # define ICMP6_FQDN_QUERY 139
1224 #ifndef ICMP6_FQDN_REPLY
1225 # define ICMP6_FQDN_REPLY 140
1227 #ifndef ICMP6_NI_QUERY
1228 # define ICMP6_NI_QUERY 139
1230 #ifndef ICMP6_NI_REPLY
1231 # define ICMP6_NI_REPLY 140
1233 #ifndef MLD6_MTRACE_RESP
1234 # define MLD6_MTRACE_RESP 200
1237 # define MLD6_MTRACE 201
1239 #ifndef ICMP6_HADISCOV_REQUEST
1240 # define ICMP6_HADISCOV_REQUEST 202
1242 #ifndef ICMP6_HADISCOV_REPLY
1243 # define ICMP6_HADISCOV_REPLY 203
1245 #ifndef ICMP6_MOBILEPREFIX_SOLICIT
1246 # define ICMP6_MOBILEPREFIX_SOLICIT 204
1248 #ifndef ICMP6_MOBILEPREFIX_ADVERT
1249 # define ICMP6_MOBILEPREFIX_ADVERT 205
1251 #ifndef ICMP6_MAXTYPE
1252 # define ICMP6_MAXTYPE 205
1255 #ifndef ICMP6_DST_UNREACH_NOROUTE
1256 # define ICMP6_DST_UNREACH_NOROUTE 0
1258 #ifndef ICMP6_DST_UNREACH_ADMIN
1259 # define ICMP6_DST_UNREACH_ADMIN 1
1261 #ifndef ICMP6_DST_UNREACH_NOTNEIGHBOR
1262 # define ICMP6_DST_UNREACH_NOTNEIGHBOR 2
1264 #ifndef ICMP6_DST_UNREACH_BEYONDSCOPE
1265 # define ICMP6_DST_UNREACH_BEYONDSCOPE 2
1267 #ifndef ICMP6_DST_UNREACH_ADDR
1268 # define ICMP6_DST_UNREACH_ADDR 3
1270 #ifndef ICMP6_DST_UNREACH_NOPORT
1271 # define ICMP6_DST_UNREACH_NOPORT 4
1273 #ifndef ICMP6_TIME_EXCEED_TRANSIT
1274 # define ICMP6_TIME_EXCEED_TRANSIT 0
1276 #ifndef ICMP6_TIME_EXCEED_REASSEMBLY
1277 # define ICMP6_TIME_EXCEED_REASSEMBLY 1
1280 #ifndef ICMP6_NI_SUCCESS
1281 # define ICMP6_NI_SUCCESS 0
1283 #ifndef ICMP6_NI_REFUSED
1284 # define ICMP6_NI_REFUSED 1
1286 #ifndef ICMP6_NI_UNKNOWN
1287 # define ICMP6_NI_UNKNOWN 2
1290 #ifndef ICMP6_ROUTER_RENUMBERING_COMMAND
1291 # define ICMP6_ROUTER_RENUMBERING_COMMAND 0
1293 #ifndef ICMP6_ROUTER_RENUMBERING_RESULT
1294 # define ICMP6_ROUTER_RENUMBERING_RESULT 1
1296 #ifndef ICMP6_ROUTER_RENUMBERING_SEQNUM_RESET
1297 # define ICMP6_ROUTER_RENUMBERING_SEQNUM_RESET 255
1300 #ifndef ICMP6_PARAMPROB_HEADER
1301 # define ICMP6_PARAMPROB_HEADER 0
1303 #ifndef ICMP6_PARAMPROB_NEXTHEADER
1304 # define ICMP6_PARAMPROB_NEXTHEADER 1
1306 #ifndef ICMP6_PARAMPROB_OPTION
1307 # define ICMP6_PARAMPROB_OPTION 2
1310 #ifndef ICMP6_NI_SUBJ_IPV6
1311 # define ICMP6_NI_SUBJ_IPV6 0
1313 #ifndef ICMP6_NI_SUBJ_FQDN
1314 # define ICMP6_NI_SUBJ_FQDN 1
1316 #ifndef ICMP6_NI_SUBJ_IPV4
1317 # define ICMP6_NI_SUBJ_IPV4 2
1320 #ifndef MLD_MTRACE_RESP
1321 # define MLD_MTRACE_RESP 200
1324 # define MLD_MTRACE 201
1326 #ifndef MLD6_MTRACE_RESP
1327 # define MLD6_MTRACE_RESP MLD_MTRACE_RESP
1330 # define MLD6_MTRACE MLD_MTRACE
1333 #if !defined(IPV6_FLOWINFO_MASK)
1334 # if (BYTE_ORDER == BIG_ENDIAN) || defined(_BIG_ENDIAN)
1335 # define IPV6_FLOWINFO_MASK 0x0fffffff /* flow info (28 bits) */
1337 # if(BYTE_ORDER == LITTLE_ENDIAN) || !defined(_BIG_ENDIAN)
1338 # define IPV6_FLOWINFO_MASK 0xffffff0f /* flow info (28 bits) */
1339 # endif /* LITTLE_ENDIAN */
1342 #if !defined(IPV6_FLOWLABEL_MASK)
1343 # if (BYTE_ORDER == BIG_ENDIAN) || defined(_BIG_ENDIAN)
1344 # define IPV6_FLOWLABEL_MASK 0x000fffff /* flow label (20 bits) */
1346 # if (BYTE_ORDER == LITTLE_ENDIAN) || !defined(_BIG_ENDIAN)
1347 # define IPV6_FLOWLABEL_MASK 0xffff0f00 /* flow label (20 bits) */
1348 # endif /* LITTLE_ENDIAN */
1353 * ECN is a new addition to TCP - RFC 2481
1356 # define TH_ECN 0x40
1359 # define TH_CWR 0x80
1361 #define TH_ECNALL (TH_ECN|TH_CWR)
1366 #define IPF_TCPS_LISTEN 0 /* listening for connection */
1367 #define IPF_TCPS_SYN_SENT 1 /* active, have sent syn */
1368 #define IPF_TCPS_SYN_RECEIVED 2 /* have send and received syn */
1369 #define IPF_TCPS_HALF_ESTAB 3 /* for connections not fully "up" */
1370 /* states < IPF_TCPS_ESTABLISHED are those where connections not established */
1371 #define IPF_TCPS_ESTABLISHED 4 /* established */
1372 #define IPF_TCPS_CLOSE_WAIT 5 /* rcvd fin, waiting for close */
1373 /* states > IPF_TCPS_CLOSE_WAIT are those where user has closed */
1374 #define IPF_TCPS_FIN_WAIT_1 6 /* have closed, sent fin */
1375 #define IPF_TCPS_CLOSING 7 /* closed xchd FIN; await FIN ACK */
1376 #define IPF_TCPS_LAST_ACK 8 /* had fin and close; await FIN ACK */
1377 /* states > IPF_TCPS_CLOSE_WAIT && < IPF_TCPS_FIN_WAIT_2 await ACK of FIN */
1378 #define IPF_TCPS_FIN_WAIT_2 9 /* have closed, fin is acked */
1379 #define IPF_TCPS_TIME_WAIT 10 /* in 2*msl quiet wait after close */
1380 #define IPF_TCPS_CLOSED 11 /* closed */
1381 #define IPF_TCP_NSTATES 12
1385 #undef ICMP_MAX_UNREACH
1386 #define ICMP_MAX_UNREACH 14
1388 #define ICMP_MAXTYPE 18
1395 # define LOG_FTP (11<<3)
1397 #ifndef LOG_AUTHPRIV
1398 # define LOG_AUTHPRIV (10<<3)
1401 # define LOG_AUDIT (13<<3)
1404 # define LOG_NTP (12<<3)
1406 #ifndef LOG_SECURITY
1407 # define LOG_SECURITY (13<<3)
1410 # define LOG_LFMT (14<<3)
1413 # define LOG_CONSOLE (14<<3)
1417 * ICMP error replies have an IP header (20 bytes), 8 bytes of ICMP data,
1418 * another IP header and then 64 bits of data, totalling 56. Of course,
1419 * the last 64 bits is dependent on that being available.
1421 #define ICMPERR_ICMPHLEN 8
1422 #define ICMPERR_IPICMPHLEN (20 + 8)
1423 #define ICMPERR_MINPKTLEN (20 + 8 + 20)
1424 #define ICMPERR_MAXPKTLEN (20 + 8 + 20 + 8)
1425 #define ICMP6ERR_MINPKTLEN (40 + 8)
1426 #define ICMP6ERR_IPICMPHLEN (40 + 8 + 40)
1429 # define MIN(a,b) (((a)<(b))?(a):(b))
1433 # undef IPFILTER_BPF
1437 # define DPRINT(x) printf x
1443 # define AF_INET6 26
1448 # define DT(_n) DTRACE_PROBE(_n)
1449 # define DT1(_n,_a,_b) DTRACE_PROBE1(_n,_a,_b)
1450 # define DT2(_n,_a,_b,_c,_d) DTRACE_PROBE2(_n,_a,_b,_c,_d)
1451 # define DT3(_n,_a,_b,_c,_d,_e,_f) \
1452 DTRACE_PROBE3(_n,_a,_b,_c,_d,_e,_f)
1453 # define DT4(_n,_a,_b,_c,_d,_e,_f,_g,_h) \
1454 DTRACE_PROBE4(_n,_a,_b,_c,_d,_e,_f,_g,_h)
1457 # define DT1(_n,_a,_b)
1458 # define DT2(_n,_a,_b,_c,_d)
1459 # define DT3(_n,_a,_b,_c,_d,_e,_f)
1460 # define DT4(_n,_a,_b,_c,_d,_e,_f,_g,_h)
1464 # define DT1(_n,_a,_b)
1465 # define DT2(_n,_a,_b,_c,_d)
1466 # define DT3(_n,_a,_b,_c,_d,_e,_f)
1467 # define DT4(_n,_a,_b,_c,_d,_e,_f,_g,_h)
1470 struct ip6_routing {
1471 u_char ip6r_nxt; /* next header */
1472 u_char ip6r_len; /* length in units of 8 octets */
1473 u_char ip6r_type; /* always zero */
1474 u_char ip6r_segleft; /* segments left */
1475 u_32_t ip6r_reserved; /* reserved field */
1478 #endif /* __IP_COMPAT_H__ */