1 /*
2 * Copyright (C) 1995-1997 by Darren Reed.
3 *
4 * Redistribution and use in source and binary forms are permitted
5 * provided that this notice is preserved and due credit is given
6 * to the original author and the contributors.
7 *
8 * @(#)ip_state.h 1.3 1/12/96 (C) 1995 Darren Reed
9 * $FreeBSD$
10 */
11 #ifndef __IP_STATE_H__
12 #define __IP_STATE_H__
13
14 #define IPSTATE_SIZE 257
15 #define IPSTATE_MAX 2048 /* Maximum number of states held */
16
17 #define PAIRS(s1,d1,s2,d2) ((((s1) == (s2)) && ((d1) == (d2))) ||\
18 (((s1) == (d2)) && ((d1) == (s2))))
19 #define IPPAIR(s1,d1,s2,d2) PAIRS((s1).s_addr, (d1).s_addr, \
20 (s2).s_addr, (d2).s_addr)
21
22
23 typedef struct udpstate {
24 u_short us_sport;
25 u_short us_dport;
26 } udpstate_t;
27
28 typedef struct icmpstate {
29 u_short ics_id;
30 u_short ics_seq;
31 u_char ics_type;
32 } icmpstate_t;
33
34 typedef struct tcpstate {
35 u_short ts_sport;
36 u_short ts_dport;
37 u_long ts_seq;
38 u_long ts_ack;
39 u_short ts_swin;
40 u_short ts_dwin;
41 u_char ts_state[2];
42 } tcpstate_t;
43
44 typedef struct ipstate {
45 struct ipstate *is_next;
46 u_long is_age;
47 u_int is_pass;
48 U_QUAD_T is_pkts;
49 U_QUAD_T is_bytes;
50 void *is_ifpin;
51 void *is_ifpout;
52 struct in_addr is_src;
53 struct in_addr is_dst;
54 u_char is_p;
55 u_char is_flags;
56 u_32_t is_opt;
57 u_32_t is_optmsk;
58 u_short is_sec;
59 u_short is_secmsk;
60 u_short is_auth;
61 u_short is_authmsk;
62 union {
63 icmpstate_t is_ics;
64 tcpstate_t is_ts;
65 udpstate_t is_us;
66 } is_ps;
67 } ipstate_t;
68
69 #define is_icmp is_ps.is_ics
70 #define is_tcp is_ps.is_ts
71 #define is_udp is_ps.is_us
72 #define is_seq is_tcp.ts_seq
73 #define is_ack is_tcp.ts_ack
74 #define is_dwin is_tcp.ts_dwin
75 #define is_swin is_tcp.ts_swin
76 #define is_sport is_tcp.ts_sport
77 #define is_dport is_tcp.ts_dport
78 #define is_state is_tcp.ts_state
79
80 #define TH_OPENING (TH_SYN|TH_ACK)
81
82
83 typedef struct ipslog {
84 U_QUAD_T isl_pkts;
85 U_QUAD_T isl_bytes;
86 struct in_addr isl_src;
87 struct in_addr isl_dst;
88 u_char isl_p;
89 u_char isl_flags;
90 u_short isl_type;
91 union {
92 u_short isl_filler[2];
93 u_short isl_ports[2];
94 u_short isl_icmp;
95 } isl_ps;
96 } ipslog_t;
97
98 #define isl_sport isl_ps.isl_ports[0]
99 #define isl_dport isl_ps.isl_ports[1]
100 #define isl_itype isl_ps.isl_icmp
101
102 #define ISL_NEW 0
103 #define ISL_EXPIRE 0xffff
104 #define ISL_FLUSH 0xfffe
105
106
107 typedef struct ips_stat {
108 u_long iss_hits;
109 u_long iss_miss;
110 u_long iss_max;
111 u_long iss_tcp;
112 u_long iss_udp;
113 u_long iss_icmp;
114 u_long iss_nomem;
115 u_long iss_expire;
116 u_long iss_fin;
117 u_long iss_active;
118 u_long iss_logged;
119 u_long iss_logfail;
120 ipstate_t **iss_table;
121 } ips_stat_t;
122
123
124 extern u_long fr_tcpidletimeout;
125 extern u_long fr_tcpclosewait;
126 extern u_long fr_tcplastack;
127 extern u_long fr_tcptimeout;
128 extern u_long fr_tcpclosed;
129 extern u_long fr_udptimeout;
130 extern u_long fr_icmptimeout;
131 extern int fr_tcpstate __P((ipstate_t *, fr_info_t *, ip_t *, tcphdr_t *));
132 extern int fr_addstate __P((ip_t *, fr_info_t *, u_int));
133 extern int fr_checkstate __P((ip_t *, fr_info_t *));
134 extern void fr_timeoutstate __P((void));
135 extern void fr_tcp_age __P((u_long *, u_char *, ip_t *, fr_info_t *, int));
136 extern void fr_stateunload __P((void));
137 extern void ipstate_log __P((struct ipstate *, u_short));
138 #if defined(__NetBSD__) || defined(__OpenBSD__)
139 extern int fr_state_ioctl __P((caddr_t, u_long, int));
140 #else
141 extern int fr_state_ioctl __P((caddr_t, int, int));
142 #endif
143
144 #endif /* __IP_STATE_H__ */
Cache object: 5a6498123f7e99f8c36d4f6d4255fe36
|