diff options
Diffstat (limited to 'sys/netinet/ip_fw.h')
-rw-r--r-- | sys/netinet/ip_fw.h | 25 |
1 files changed, 22 insertions, 3 deletions
diff --git a/sys/netinet/ip_fw.h b/sys/netinet/ip_fw.h index e3ffe204686d..dcb3bcf783fe 100644 --- a/sys/netinet/ip_fw.h +++ b/sys/netinet/ip_fw.h @@ -319,6 +319,27 @@ struct ipfw_dyn_rule { #define IP_FW_PORT_DENY_FLAG 0x40000 /* + * arguments for calling ip_fw_chk() and dummynet_io(). We put them + * all into a structure because this way it is easier and more + * efficient to pass variables around and extend the interface. + */ +struct ip_fw_args { + struct mbuf *m; /* the mbuf chain */ + struct ifnet *oif; /* output interface */ + struct sockaddr_in *next_hop; /* forward address */ + struct ip_fw *rule; /* matching rule */ + struct ether_header *eh; /* for bridged packets */ + + struct route *ro; /* for dummynet */ + struct sockaddr_in *dst; /* for dummynet */ + int flags; /* for dummynet */ + + struct ipfw_flow_id f_id; /* grabbed from IP header */ + u_int16_t divert_rule; /* divert cookie */ + u_int32_t retval; +}; + +/* * Function definitions. */ void ip_fw_init(void); @@ -326,14 +347,12 @@ void ip_fw_init(void); /* Firewall hooks */ struct ip; struct sockopt; -typedef int ip_fw_chk_t (struct mbuf **m, struct ifnet *oif, - u_int16_t *cookie, struct ip_fw **rule, struct sockaddr_in **next_hop); +typedef int ip_fw_chk_t (struct ip_fw_args *args); typedef int ip_fw_ctl_t (struct sockopt *); extern ip_fw_chk_t *ip_fw_chk_ptr; extern ip_fw_ctl_t *ip_fw_ctl_ptr; extern int fw_one_pass; extern int fw_enable; -extern struct ipfw_flow_id last_pkt; #define IPFW_LOADED (ip_fw_chk_ptr != NULL) #endif /* _KERNEL */ |