ip_compat.h revision 268937 
1184588Sdfr/*
2184588Sdfr * Copyright (C) 2012 by Darren Reed.
3184588Sdfr *
4184588Sdfr * See the IPFILTER.LICENCE file for details on licencing.
5184588Sdfr *
6184588Sdfr * @(#)ip_compat.h	1.8 1/14/96
7184588Sdfr * $FreeBSD: stable/10/sys/contrib/ipfilter/netinet/ip_compat.h 268937 2014-07-21 06:45:19Z cy $
8184588Sdfr * Id: ip_compat.h,v 2.142.2.57 2007/10/10 09:51:42 darrenr Exp $
9184588Sdfr */
10184588Sdfr
11184588Sdfr#ifndef	__IP_COMPAT_H__
12184588Sdfr#define	__IP_COMPAT_H__
13184588Sdfr
14184588Sdfr#ifndef	__P
15184588Sdfr# ifdef	__STDC__
16184588Sdfr#  define	__P(x)  x
17184588Sdfr# else
18184588Sdfr#  define	__P(x)  ()
19184588Sdfr# endif
20184588Sdfr#endif
21184588Sdfr#ifndef	__STDC__
22184588Sdfr# undef		const
23184588Sdfr# define	const
24184588Sdfr#endif
25184588Sdfr
26184588Sdfr#if defined(_KERNEL) || defined(KERNEL) || defined(__KERNEL__)
27184588Sdfr# undef	KERNEL
28184588Sdfr# undef	_KERNEL
29184588Sdfr# undef 	__KERNEL__
30184588Sdfr# define	KERNEL
31184588Sdfr# define	_KERNEL
32184588Sdfr# define 	__KERNEL__
33184588Sdfr#endif
34244370Srmacklem
35184588Sdfr#define	SOLARIS	(defined(sun) && (defined(__svr4__) || defined(__SVR4)))
36244370Srmacklem
37184588Sdfr
38184588Sdfr#if defined(__SVR4) || defined(__svr4__) || defined(__sgi)
39184588Sdfr# define index   strchr
40184588Sdfr# if !defined(_KERNEL)
41184588Sdfr#  define	bzero(a,b)	memset(a,0,b)
42184588Sdfr#  define	bcmp		memcmp
43184588Sdfr#  define	bcopy(a,b,c)	memmove(b,a,c)
44184588Sdfr# endif
45184588Sdfr#endif
46184588Sdfr
47184588Sdfr#ifndef LIFNAMSIZ
48184588Sdfr# ifdef IF_NAMESIZE
49184588Sdfr#  define	LIFNAMSIZ	IF_NAMESIZE
50244370Srmacklem# else
51184588Sdfr#  ifdef	IFNAMSIZ
52184588Sdfr#   define	LIFNAMSIZ	IFNAMSIZ
53184588Sdfr#  else
54184588Sdfr#   define	LIFNAMSIZ	16
55184588Sdfr#  endif
56184588Sdfr# endif
57244370Srmacklem#endif
58244370Srmacklem
59244370Srmacklem#if defined(__sgi) || defined(bsdi) || defined(__hpux) || defined(hpux)
60244370Srmacklemstruct  ether_addr {
61184588Sdfr        u_char  ether_addr_octet[6];
62184588Sdfr};
63184588Sdfr#endif
64184588Sdfr
65244370Srmacklem# ifdef __STDC__
66244370Srmacklem#  define IPL_EXTERN(ep) ipl##ep
67184588Sdfr# else
68184588Sdfr#  define IPL_EXTERN(ep) ipl/**/ep
69184588Sdfr# endif
70184588Sdfr
71184588Sdfr/*
72184588Sdfr * This is a workaround for <sys/uio.h> troubles on FreeBSD and OpenBSD.
73184588Sdfr */
74184588Sdfr# ifndef _KERNEL
75184588Sdfr#  define ADD_KERNEL
76184588Sdfr#  define _KERNEL
77184588Sdfr#  define KERNEL
78184588Sdfr# endif
79184588Sdfr# include <sys/uio.h>
80184588Sdfr# ifdef ADD_KERNEL
81184588Sdfr#  undef _KERNEL
82184588Sdfr#  undef KERNEL
83184588Sdfr# endif
84184588Sdfr
85184588Sdfr#define	NETBSD_GE_REV(x)	(defined(__NetBSD_Version__) && \
86184588Sdfr				 (__NetBSD_Version__ >= (x)))
87184588Sdfr#define	NETBSD_GT_REV(x)	(defined(__NetBSD_Version__) && \
88184588Sdfr				 (__NetBSD_Version__ > (x)))
89184588Sdfr#define	NETBSD_LT_REV(x)	(defined(__NetBSD_Version__) && \
90184588Sdfr				 (__NetBSD_Version__ < (x)))
91244370Srmacklem#define	FREEBSD_GE_REV(x)	(defined(__FreeBSD_version) && \
92184588Sdfr				 (__FreeBSD_version >= (x)))
93184588Sdfr#define	FREEBSD_GT_REV(x)	(defined(__FreeBSD_version) && \
94184588Sdfr				 (__FreeBSD_version > (x)))
95184588Sdfr#define	FREEBSD_LT_REV(x)	(defined(__FreeBSD_version) && \
96184588Sdfr				 (__FreeBSD_version < (x)))
97184588Sdfr#define	BSDOS_GE_REV(x)		(defined(_BSDI_VERSION) && \
98244370Srmacklem				 (_BSDI_VERSION >= (x)))
99244370Srmacklem#define	BSDOS_GT_REV(x)		(defined(_BSDI_VERSION) && \
100244370Srmacklem				 (_BSDI_VERSION > (x)))
101244370Srmacklem#define	BSDOS_LT_REV(x)		(defined(_BSDI_VERSION) && \
102184588Sdfr				 (_BSDI_VERSION < (x)))
103184588Sdfr#define	OPENBSD_GE_REV(x)	(defined(OpenBSD) && (OpenBSD >= (x)))
104184588Sdfr#define	OPENBSD_GT_REV(x)	(defined(OpenBSD) && (OpenBSD > (x)))
105184588Sdfr#define	OPENBSD_LT_REV(x)	(defined(OpenBSD) && (OpenBSD < (x)))
106244370Srmacklem#define	BSD_GE_YEAR(x)		(defined(BSD) && (BSD >= (x)))
107244370Srmacklem#define	BSD_GT_YEAR(x)		(defined(BSD) && (BSD > (x)))
108184588Sdfr#define	BSD_LT_YEAR(x)		(defined(BSD) && (BSD < (x)))
109184588Sdfr
110184588Sdfr
111184588Sdfr/* ----------------------------------------------------------------------- */
112184588Sdfr/*                                F R E E B S D                            */
113184588Sdfr/* ----------------------------------------------------------------------- */
114184588Sdfr# define HAS_SYS_MD5_H	1
115184588Sdfr# if defined(_KERNEL)
116184588Sdfr#   include "opt_bpf.h"
117184588Sdfr#   include "opt_inet6.h"
118184588Sdfr#  if defined(INET6) && !defined(USE_INET6)
119184588Sdfr#   define USE_INET6
120184588Sdfr#  endif
121184588Sdfr# endif
122184588Sdfr
123184588Sdfr# if defined(_KERNEL)
124184588Sdfr#  include <netinet/ip_var.h>
125184588Sdfr#    define	p_cred	td_ucred
126184588Sdfr#    define	p_uid	td_ucred->cr_ruid
127184588Sdfr
128184588Sdfr/*
129184588Sdfr * When #define'd, the 5.2.1 kernel panics when used with the ftp proxy.
130184588Sdfr * There may be other, safe, kernels but this is not extensively tested yet.
131 */
132#   define HAVE_M_PULLDOWN
133#  if !defined(IPFILTER_LKM) && (__FreeBSD_version >= 300000)
134#   include "opt_ipfilter.h"
135#  endif
136#  define	COPYIN(a,b,c)	copyin((caddr_t)(a), (caddr_t)(b), (c))
137#  define	COPYOUT(a,b,c)	copyout((caddr_t)(a), (caddr_t)(b), (c))
138
139#   define NETBSD_PF
140# else
141#  include <inttypes.h>
142# endif /* _KERNEL */
143
144#  include <sys/selinfo.h>
145#  include <sys/mutex.h>
146#    define	KRWLOCK_FILL_SZ		56
147#    define	KMUTEX_FILL_SZ		56
148#   include <sys/rwlock.h>
149#   define	KMUTEX_T		struct mtx
150#   define	KRWLOCK_T		struct rwlock
151#   ifdef _KERNEL
152#    define	READ_ENTER(x)		rw_rlock(&(x)->ipf_lk)
153#    define	WRITE_ENTER(x)		rw_wlock(&(x)->ipf_lk)
154#    define	MUTEX_DOWNGRADE(x)	rw_downgrade(&(x)->ipf_lk)
155#    define	RWLOCK_INIT(x,y)	rw_init(&(x)->ipf_lk, (y))
156#    define	RW_DESTROY(x)		rw_destroy(&(x)->ipf_lk)
157#    define	RWLOCK_EXIT(x)		do { \
158					    if (rw_wowned(&(x)->ipf_lk)) \
159					    	rw_wunlock(&(x)->ipf_lk); \
160					    else \
161						rw_runlock(&(x)->ipf_lk); \
162					} while (0)
163#   endif
164
165#  include <net/if_var.h>
166#  define	IFNAME(x)	((struct ifnet *)x)->if_xname
167#  define	COPYIFNAME(v, x, b) \
168				(void) strncpy(b, \
169					       ((struct ifnet *)x)->if_xname, \
170					       LIFNAMSIZ)
171
172# ifdef _KERNEL
173#  define	GETKTIME(x)	microtime((struct timeval *)x)
174
175#   include <netinet/in_systm.h>
176#   include <netinet/ip.h>
177#   include <machine/in_cksum.h>
178
179#   define	USE_MUTEXES
180#   define	MUTEX_ENTER(x)		mtx_lock(&(x)->ipf_lk)
181#   define	MUTEX_EXIT(x)		mtx_unlock(&(x)->ipf_lk)
182#   define	MUTEX_INIT(x,y)		mtx_init(&(x)->ipf_lk, (y), NULL,\
183						 MTX_DEF)
184#   define	MUTEX_DESTROY(x)	mtx_destroy(&(x)->ipf_lk)
185#   define	MUTEX_NUKE(x)		bzero((x), sizeof(*(x)))
186/*
187 * Whilst the sx(9) locks on FreeBSD have the right semantics and interface
188 * for what we want to use them for, despite testing showing they work -
189 * with a WITNESS kernel, it generates LOR messages.
190 */
191#   include <machine/atomic.h>
192#   define	ATOMIC_INC(x)		{ mtx_lock(&softc->ipf_rw.ipf_lk); (x)++; \
193					  mtx_unlock(&softc->ipf_rw.ipf_lk); }
194#   define	ATOMIC_DEC(x)		{ mtx_lock(&softc->ipf_rw.ipf_lk); (x)--; \
195					  mtx_unlock(&softc->ipf_rw.ipf_lk); }
196#   define	ATOMIC_INCL(x)		atomic_add_long(&(x), 1)
197#   define	ATOMIC_INC64(x)		ATOMIC_INC(x)
198#   define	ATOMIC_INC32(x)		atomic_add_32((u_int *)&(x), 1)
199#   define	ATOMIC_DECL(x)		atomic_add_long(&(x), -1)
200#   define	ATOMIC_DEC64(x)		ATOMIC_DEC(x)
201#   define	ATOMIC_DEC32(x)		atomic_add_32((u_int *)&(x), -1)
202#   define	SPL_X(x)	;
203#   define	SPL_NET(x)	;
204#   define	SPL_IMP(x)	;
205#   define	SPL_SCHED(x)	;
206#   define	GET_MINOR		dev2unit
207#  define	MSGDSIZE(m)	mbufchainlen(m)
208#  define	M_LEN(m)	(m)->m_len
209#  define	M_ADJ(m,x)	m_adj(m, x)
210#  define	M_COPY(x)	m_copy((x), 0, M_COPYALL)
211#  define	M_DUP(m)	m_dup(m, M_NOWAIT)
212#  define	IPF_PANIC(x,y)	if (x) { printf y; panic("ipf_panic"); }
213typedef struct mbuf mb_t;
214# endif /* _KERNEL */
215
216
217typedef	u_long		ioctlcmd_t;
218typedef	struct uio	uio_t;
219typedef	int		minor_t;
220typedef	u_int32_t	u_32_t;
221# define	U_32_T	1
222
223
224/* ----------------------------------------------------------------------- */
225/*                           G E N E R I C                                 */
226/* ----------------------------------------------------------------------- */
227
228/*
229 * For BSD kernels, if bpf is in the kernel, enable ipfilter to use bpf in
230 * filter rules.
231 */
232#if !defined(IPFILTER_BPF)
233# if (defined(NBPF) && (NBPF > 0)) || (defined(DEV_BPF) && (DEV_BPF > 0)) || \
234     (defined(NBPFILTER) && (NBPFILTER > 0))
235#  define	IPFILTER_BPF
236# endif
237#endif
238
239/*
240 * Userland locking primitives
241 */
242#ifndef _KERNEL
243#if !defined(KMUTEX_FILL_SZ)
244# define	KMUTEX_FILL_SZ	1
245#endif
246#if !defined(KRWLOCK_FILL_SZ)
247# define	KRWLOCK_FILL_SZ	1
248#endif
249#endif
250
251typedef	struct	{
252	char	*eMm_owner;
253	char	*eMm_heldin;
254	u_int	eMm_magic;
255	int	eMm_held;
256	int	eMm_heldat;
257} eMmutex_t;
258
259typedef	struct	{
260	char	*eMrw_owner;
261	char	*eMrw_heldin;
262	u_int	eMrw_magic;
263	short	eMrw_read;
264	short	eMrw_write;
265	int	eMrw_heldat;
266} eMrwlock_t;
267
268typedef union {
269	char	_fill[KMUTEX_FILL_SZ];
270#ifdef KMUTEX_T
271	struct	{
272		KMUTEX_T	ipf_slk;
273		const char	*ipf_lname;
274	} ipf_lkun_s;
275#endif
276	eMmutex_t	ipf_emu;
277} ipfmutex_t;
278
279typedef union {
280	char	_fill[KRWLOCK_FILL_SZ];
281#ifdef KRWLOCK_T
282	struct	{
283		KRWLOCK_T	ipf_slk;
284		const char	*ipf_lname;
285		int		ipf_sr;
286		int		ipf_sw;
287		u_int		ipf_magic;
288	} ipf_lkun_s;
289#endif
290	eMrwlock_t	ipf_emu;
291} ipfrwlock_t;
292
293#define	ipf_lk		ipf_lkun_s.ipf_slk
294#define	ipf_lname	ipf_lkun_s.ipf_lname
295#define	ipf_isr		ipf_lkun_s.ipf_sr
296#define	ipf_isw		ipf_lkun_s.ipf_sw
297#define	ipf_magic	ipf_lkun_s.ipf_magic
298
299#if !defined(__GNUC__) || \
300    (defined(__FreeBSD_version) && (__FreeBSD_version >= 503000))
301# ifndef	INLINE
302#  define	INLINE
303# endif
304#else
305# define	INLINE	__inline__
306#endif
307
308#if defined(__FreeBSD_version) && defined(_KERNEL)
309     CTASSERT(sizeof(ipfrwlock_t) == KRWLOCK_FILL_SZ);
310     CTASSERT(sizeof(ipfmutex_t) == KMUTEX_FILL_SZ);
311#endif
312
313
314/*
315 * In a non-kernel environment, there are a lot of macros that need to be
316 * filled in to be null-ops or to point to some compatibility function,
317 * somewhere in userland.
318 */
319#ifndef _KERNEL
320typedef	struct	mb_s	{
321	struct	mb_s	*mb_next;
322	char		*mb_data;
323	void		*mb_ifp;
324	int		mb_len;
325	int		mb_flags;
326	u_long		mb_buf[2048];
327} mb_t;
328# undef		m_next
329# define	m_next		mb_next
330# undef		m_len
331# define	m_len		mb_len
332# undef		m_flags
333# define	m_flags		mb_flags
334# undef		m_data
335# define	m_data		mb_data
336# undef		M_MCAST
337# define	M_MCAST		0x01
338# undef		M_BCAST
339# define	M_BCAST		0x02
340# undef		M_MBCAST
341# define	M_MBCAST	0x04
342# define	MSGDSIZE(m)	msgdsize(m)
343# define	M_LEN(m)	(m)->mb_len
344# define	M_ADJ(m,x)	(m)->mb_len += x
345# define	M_COPY(m)	dupmbt(m)
346# define	M_DUP(m)	dupmbt(m)
347# define	GETKTIME(x)	gettimeofday((struct timeval *)(x), NULL)
348# define	MTOD(m, t)	((t)(m)->mb_data)
349# define	FREE_MB_T(m)	freembt(m)
350# define	ALLOC_MB_T(m,l)	(m) = allocmbt(l)
351# define	PREP_MB_T(f, m)	do { \
352						(m)->mb_next = *(f)->fin_mp; \
353						*(fin)->fin_mp = (m); \
354						(f)->fin_m = (m); \
355					} while (0)
356# define	SLEEP(x,y)	1;
357# define	WAKEUP(x,y)	;
358# define	POLLWAKEUP(y)	;
359# define	IPF_PANIC(x,y)	;
360# define	PANIC(x,y)	;
361# define	SPL_SCHED(x)	;
362# define	SPL_NET(x)	;
363# define	SPL_IMP(x)	;
364# define	SPL_X(x)	;
365# define	KMALLOC(a,b)	(a) = (b)malloc(sizeof(*a))
366# define	KMALLOCS(a,b,c)	(a) = (b)malloc(c)
367# define	KFREE(x)	free(x)
368# define	KFREES(x,s)	free(x)
369# define	GETIFP(x, v)	get_unit(x,v)
370# define	GETIFMTU_4(x)	2048
371# define	GETIFMTU_6(x)	2048
372# define	COPYIN(a,b,c)	bcopywrap((a), (b), (c))
373# define	COPYOUT(a,b,c)	bcopywrap((a), (b), (c))
374# define	COPYDATA(m, o, l, b)	bcopy(MTOD((mb_t *)m, char *) + (o), \
375					      (b), (l))
376# define	COPYBACK(m, o, l, b)	bcopy((b), \
377					      MTOD((mb_t *)m, char *) + (o), \
378					      (l))
379# define	UIOMOVE(a,b,c,d)	ipfuiomove((caddr_t)a,b,c,d)
380extern	void	m_copydata __P((mb_t *, int, int, caddr_t));
381extern	int	ipfuiomove __P((caddr_t, int, int, struct uio *));
382extern	int	bcopywrap __P((void *, void *, size_t));
383extern	mb_t	*allocmbt __P((size_t));
384extern	mb_t	*dupmbt __P((mb_t *));
385extern	void	freembt __P((mb_t *));
386
387# define	MUTEX_DESTROY(x)	eMmutex_destroy(&(x)->ipf_emu, \
388							__FILE__, __LINE__)
389# define	MUTEX_ENTER(x)		eMmutex_enter(&(x)->ipf_emu, \
390						      __FILE__, __LINE__)
391# define	MUTEX_EXIT(x)		eMmutex_exit(&(x)->ipf_emu, \
392						     __FILE__, __LINE__)
393# define	MUTEX_INIT(x,y)		eMmutex_init(&(x)->ipf_emu, y, \
394						     __FILE__, __LINE__)
395# define	MUTEX_NUKE(x)		bzero((x), sizeof(*(x)))
396
397# define	MUTEX_DOWNGRADE(x)	eMrwlock_downgrade(&(x)->ipf_emu, \
398							   __FILE__, __LINE__)
399# define	READ_ENTER(x)		eMrwlock_read_enter(&(x)->ipf_emu, \
400							    __FILE__, __LINE__)
401# define	RWLOCK_INIT(x, y)	eMrwlock_init(&(x)->ipf_emu, y)
402# define	RWLOCK_EXIT(x)		eMrwlock_exit(&(x)->ipf_emu)
403# define	RW_DESTROY(x)		eMrwlock_destroy(&(x)->ipf_emu)
404# define	WRITE_ENTER(x)		eMrwlock_write_enter(&(x)->ipf_emu, \
405							     __FILE__, \
406							     __LINE__)
407
408# define	USE_MUTEXES		1
409
410extern void eMmutex_destroy __P((eMmutex_t *, char *, int));
411extern void eMmutex_enter __P((eMmutex_t *, char *, int));
412extern void eMmutex_exit __P((eMmutex_t *, char *, int));
413extern void eMmutex_init __P((eMmutex_t *, char *, char *, int));
414extern void eMrwlock_destroy __P((eMrwlock_t *));
415extern void eMrwlock_exit __P((eMrwlock_t *));
416extern void eMrwlock_init __P((eMrwlock_t *, char *));
417extern void eMrwlock_read_enter __P((eMrwlock_t *, char *, int));
418extern void eMrwlock_write_enter __P((eMrwlock_t *, char *, int));
419extern void eMrwlock_downgrade __P((eMrwlock_t *, char *, int));
420
421#endif
422
423extern	mb_t	*allocmbt(size_t);
424
425#define	MAX_IPV4HDR	((0xf << 2) + sizeof(struct icmp) + sizeof(ip_t) + 8)
426
427#ifndef	IP_OFFMASK
428# define	IP_OFFMASK	0x1fff
429#endif
430
431
432/*
433 * On BSD's use quad_t as a guarantee for getting at least a 64bit sized
434 * object.
435 */
436#if !defined(__amd64__) && BSD_GT_YEAR(199306)
437# define	USE_QUAD_T
438# define	U_QUAD_T	unsigned long long
439# define	QUAD_T		long long
440#else /* BSD > 199306 */
441# if !defined(U_QUAD_T)
442#  define	U_QUAD_T	u_long
443#  define	QUAD_T		long
444# endif
445#endif /* BSD > 199306 */
446
447
448#ifdef	USE_INET6
449# if defined(__NetBSD__) || defined(__OpenBSD__) || defined(__FreeBSD__) || \
450     defined(__osf__) || defined(linux)
451#  include <netinet/ip6.h>
452#  include <netinet/icmp6.h>
453#   if defined(_KERNEL) && !defined(__osf__)
454#    include <netinet6/ip6_var.h>
455#   endif
456typedef	struct ip6_hdr	ip6_t;
457# endif
458#endif
459
460#ifndef	MAX
461# define	MAX(a,b)	(((a) > (b)) ? (a) : (b))
462#endif
463
464#if defined(_KERNEL)
465# if defined(MENTAT) && !defined(INSTANCES)
466#  define	COPYDATA	mb_copydata
467#  define	COPYBACK	mb_copyback
468# else
469#  define	COPYDATA	m_copydata
470#  define	COPYBACK	m_copyback
471# endif
472#  if (defined(__NetBSD_Version__) && (__NetBSD_Version__ < 105180000)) || \
473       defined(__FreeBSD__) || (defined(OpenBSD) && (OpenBSD < 200206)) || \
474       defined(_BSDI_VERSION)
475#   include <vm/vm.h>
476#  endif
477#  if !defined(__FreeBSD__) || FREEBSD_GE_REV(300000)
478#   if NETBSD_GE_REV(105180000) || OPENBSD_GE_REV(200111)
479#    include <uvm/uvm_extern.h>
480#   else
481#    include <vm/vm_extern.h>
482extern  vm_map_t        kmem_map;
483#   endif
484#   include <sys/proc.h>
485#  else /* !__FreeBSD__ || (__FreeBSD__ && __FreeBSD_version >= 300000) */
486#   include <vm/vm_kern.h>
487#  endif /* !__FreeBSD__ || (__FreeBSD__ && __FreeBSD_version >= 300000) */
488
489#  ifdef IPFILTER_M_IPFILTER
490#    include <sys/malloc.h>
491MALLOC_DECLARE(M_IPFILTER);
492#    define	_M_IPF		M_IPFILTER
493#  else /* IPFILTER_M_IPFILTER */
494#   ifdef M_PFIL
495#    define	_M_IPF		M_PFIL
496#   else
497#    ifdef M_IPFILTER
498#     define	_M_IPF		M_IPFILTER
499#    else
500#     define	_M_IPF		M_TEMP
501#    endif /* M_IPFILTER */
502#   endif /* M_PFIL */
503#  endif /* IPFILTER_M_IPFILTER */
504#  if !defined(KMALLOC)
505#   define	KMALLOC(a, b)	MALLOC((a), b, sizeof(*(a)), _M_IPF, M_NOWAIT)
506#  endif
507#  if !defined(KMALLOCS)
508#   define	KMALLOCS(a, b, c)	MALLOC((a), b, (c), _M_IPF, M_NOWAIT)
509#  endif
510#  if !defined(KFREE)
511#   define	KFREE(x)	FREE((x), _M_IPF)
512#  endif
513#   if !defined(KFREES)
514#  define	KFREES(x,s)	FREE((x), _M_IPF)
515#  endif
516#  define	UIOMOVE(a,b,c,d)	uiomove((caddr_t)a,b,d)
517#  define	SLEEP(id, n)	tsleep((id), PPAUSE|PCATCH, n, 0)
518#  define	WAKEUP(id,x)	wakeup(id+x)
519#  if !defined(POLLWAKEUP)
520#   define	POLLWAKEUP(x)	selwakeup(softc->ipf_selwait+x)
521#  endif
522#  define	GETIFP(n, v)	ifunit(n)
523#  define	GETIFMTU_4(x)	((struct ifnet *)x)->if_mtu
524#  define	GETIFMTU_6(x)	((struct ifnet *)x)->if_mtu
525
526# if !defined(USE_MUTEXES) && !defined(SPL_NET)
527#  define	SPL_IMP(x)	x = splimp()
528#  define	SPL_NET(x)	x = splnet()
529#  if !defined(SPL_SCHED)
530#   define	SPL_SCHED(x)	x = splsched()
531#  endif
532#  define	SPL_X(x)	(void) splx(x)
533# endif /* !USE_MUTEXES */
534
535# ifndef FREE_MB_T
536#  define	FREE_MB_T(m)	m_freem(m)
537# endif
538# ifndef ALLOC_MB_T
539#  ifdef MGETHDR
540#   define	ALLOC_MB_T(m,l)	do { \
541					MGETHDR((m), M_DONTWAIT, MT_HEADER); \
542					if ((m) != NULL) { \
543						(m)->m_len = (l); \
544						(m)->m_pkthdr.len = (l); \
545					} \
546				} while (0)
547#  else
548#   define	ALLOC_MB_T(m,l)	do { \
549					MGET((m), M_DONTWAIT, MT_HEADER); \
550					if ((m) != NULL) { \
551						(m)->m_len = (l); \
552						(m)->m_pkthdr.len = (l); \
553					} \
554				} while (0)
555#  endif
556# endif
557# ifndef PREP_MB_T
558#  define	PREP_MB_T(f, m)	do { \
559						mb_t *_o = *(f)->fin_mp; \
560						(m)->m_next = _o; \
561						*(fin)->fin_mp = (m); \
562						if (_o->m_flags & M_PKTHDR) { \
563							(m)->m_pkthdr.len += \
564							    _o->m_pkthdr.len; \
565							(m)->m_pkthdr.rcvif = \
566							  _o->m_pkthdr.rcvif; \
567						} \
568					} while (0)
569# endif
570# ifndef M_DUP
571#  ifdef M_COPYALL
572#   define	M_DUP(m)	m_dup(m, 0, M_COPYALL, 0)
573#  else
574#   define	M_DUP(m)	m_dup(m)
575#  endif
576# endif
577
578# ifndef MTOD
579#  define	MTOD(m,t)	mtod(m,t)
580# endif
581
582# ifndef COPYIN
583#  define	COPYIN(a,b,c)	(bcopy((caddr_t)(a), (caddr_t)(b), (c)), 0)
584#  define	COPYOUT(a,b,c)	(bcopy((caddr_t)(a), (caddr_t)(b), (c)), 0)
585# endif
586
587# ifndef KMALLOC
588#  define	KMALLOC(a,b)	(a) = (b)new_kmem_alloc(sizeof(*(a)), \
589							KMEM_NOSLEEP)
590#  define	KMALLOCS(a,b,c)	(a) = (b)new_kmem_alloc((c), KMEM_NOSLEEP)
591# endif
592
593# ifndef	GET_MINOR
594#  define	GET_MINOR(x)	dev2unit(x)
595# endif
596# define	PANIC(x,y)	if (x) panic y
597#endif /* _KERNEL */
598
599#if !defined(IFNAME) && !defined(_KERNEL)
600# define	IFNAME(x)	get_ifname((struct ifnet *)x)
601#endif
602#ifndef	COPYIFNAME
603# define	NEED_FRGETIFNAME
604extern	char	*ipf_getifname __P((struct ifnet *, char *));
605# define	COPYIFNAME(v, x, b) \
606				ipf_getifname((struct ifnet *)x, b)
607#endif
608
609#ifndef ASSERT
610# ifdef _KERNEL
611#  define	ASSERT(x)
612# else
613#  define	ASSERT(x)	do { if (!(x)) abort(); } while (0)
614# endif
615#endif
616
617#ifndef BCOPYIN
618#  define	BCOPYIN(a,b,c)	(bcopy((caddr_t)(a), (caddr_t)(b), (c)), 0)
619#  define	BCOPYOUT(a,b,c)	(bcopy((caddr_t)(a), (caddr_t)(b), (c)), 0)
620#endif
621
622/*
623 * Because the ctype(3) posix definition, if used "safely" in code everywhere,
624 * would mean all normal code that walks through strings needed casts.  Yuck.
625 */
626#define	ISALNUM(x)	isalnum((u_char)(x))
627#define	ISALPHA(x)	isalpha((u_char)(x))
628#define	ISDIGIT(x)	isdigit((u_char)(x))
629#define	ISSPACE(x)	isspace((u_char)(x))
630#define	ISUPPER(x)	isupper((u_char)(x))
631#define	ISXDIGIT(x)	isxdigit((u_char)(x))
632#define	ISLOWER(x)	islower((u_char)(x))
633#define	TOUPPER(x)	toupper((u_char)(x))
634#define	TOLOWER(x)	tolower((u_char)(x))
635
636/*
637 * If mutexes aren't being used, turn all the mutex functions into null-ops.
638 */
639#if !defined(USE_MUTEXES)
640# define	USE_SPL			1
641# undef		RW_DESTROY
642# undef		MUTEX_INIT
643# undef		MUTEX_NUKE
644# undef		MUTEX_DESTROY
645# define	MUTEX_ENTER(x)		;
646# define	READ_ENTER(x)		;
647# define	WRITE_ENTER(x)		;
648# define	MUTEX_DOWNGRADE(x)	;
649# define	RWLOCK_INIT(x, y)	;
650# define	RWLOCK_EXIT(x)		;
651# define	RW_DESTROY(x)		;
652# define	MUTEX_EXIT(x)		;
653# define	MUTEX_INIT(x,y)		;
654# define	MUTEX_DESTROY(x)	;
655# define	MUTEX_NUKE(x)		;
656#endif /* !USE_MUTEXES */
657#ifndef	ATOMIC_INC
658# define	ATOMIC_INC(x)		(x)++
659# define	ATOMIC_DEC(x)		(x)--
660#endif
661
662#if defined(USE_SPL) && defined(_KERNEL)
663# define	SPL_INT(x)	int x
664#else
665# define	SPL_INT(x)
666#endif
667
668/*
669 * If there are no atomic operations for bit sizes defined, define them to all
670 * use a generic one that works for all sizes.
671 */
672#ifndef	ATOMIC_INCL
673# define	ATOMIC_INCL		ATOMIC_INC
674# define	ATOMIC_INC64		ATOMIC_INC
675# define	ATOMIC_INC32		ATOMIC_INC
676# define	ATOMIC_DECL		ATOMIC_DEC
677# define	ATOMIC_DEC64		ATOMIC_DEC
678# define	ATOMIC_DEC32		ATOMIC_DEC
679#endif
680
681#ifndef HDR_T_PRIVATE
682typedef	struct	tcphdr	tcphdr_t;
683typedef	struct	udphdr	udphdr_t;
684#endif
685typedef	struct	icmp	icmphdr_t;
686typedef	struct	ip	ip_t;
687typedef	struct	ether_header	ether_header_t;
688typedef	struct	tcpiphdr	tcpiphdr_t;
689
690#ifndef	FR_GROUPLEN
691# define	FR_GROUPLEN	16
692#endif
693
694#ifndef offsetof
695# define offsetof(t,m) (size_t)((&((t *)0L)->m))
696#endif
697#ifndef stsizeof
698# define stsizeof(t,m)	sizeof(((t *)0L)->m)
699#endif
700
701/*
702 * This set of macros has been brought about because on Tru64 it is not
703 * possible to easily assign or examine values in a structure that are
704 * bit fields.
705 */
706#ifndef IP_V
707# define	IP_V(x)		(x)->ip_v
708#endif
709#ifndef	IP_V_A
710# define	IP_V_A(x,y)	(x)->ip_v = (y)
711#endif
712#ifndef	IP_HL
713# define	IP_HL(x)	(x)->ip_hl
714#endif
715#ifndef	IP_HL_A
716# define	IP_HL_A(x,y)	(x)->ip_hl = ((y) & 0xf)
717#endif
718#ifndef	TCP_X2
719# define	TCP_X2(x)	(x)->th_x2
720#endif
721#ifndef	TCP_X2_A
722# define	TCP_X2_A(x,y)	(x)->th_x2 = (y)
723#endif
724#ifndef	TCP_OFF
725# define	TCP_OFF(x)	(x)->th_off
726#endif
727#ifndef	TCP_OFF_A
728# define	TCP_OFF_A(x,y)	(x)->th_off = (y)
729#endif
730#define	IPMINLEN(i, h)	((i)->ip_len >= (IP_HL(i) * 4 + sizeof(struct h)))
731
732
733/*
734 * XXX - This is one of those *awful* hacks which nobody likes
735 */
736#ifdef	ultrix
737#define	A_A
738#else
739#define	A_A	&
740#endif
741
742#define	TCPF_ALL	(TH_FIN|TH_SYN|TH_RST|TH_PUSH|TH_ACK|TH_URG|\
743			 TH_ECN|TH_CWR)
744
745#if BSD_GE_YEAR(199306) && !defined(m_act)
746# define	m_act	m_nextpkt
747#endif
748
749/*
750 * Security Options for Intenet Protocol (IPSO) as defined in RFC 1108.
751 *
752 * Basic Option
753 *
754 * 00000001   -   (Reserved 4)
755 * 00111101   -   Top Secret
756 * 01011010   -   Secret
757 * 10010110   -   Confidential
758 * 01100110   -   (Reserved 3)
759 * 11001100   -   (Reserved 2)
760 * 10101011   -   Unclassified
761 * 11110001   -   (Reserved 1)
762 */
763#define	IPSO_CLASS_RES4		0x01
764#define	IPSO_CLASS_TOPS		0x3d
765#define	IPSO_CLASS_SECR		0x5a
766#define	IPSO_CLASS_CONF		0x96
767#define	IPSO_CLASS_RES3		0x66
768#define	IPSO_CLASS_RES2		0xcc
769#define	IPSO_CLASS_UNCL		0xab
770#define	IPSO_CLASS_RES1		0xf1
771
772#define	IPSO_AUTH_GENSER	0x80
773#define	IPSO_AUTH_ESI		0x40
774#define	IPSO_AUTH_SCI		0x20
775#define	IPSO_AUTH_NSA		0x10
776#define	IPSO_AUTH_DOE		0x08
777#define	IPSO_AUTH_UN		0x06
778#define	IPSO_AUTH_FTE		0x01
779
780/*
781 * IP option #defines
782 */
783#undef	IPOPT_RR
784#define	IPOPT_RR	7
785#undef	IPOPT_ZSU
786#define	IPOPT_ZSU	10	/* ZSU */
787#undef	IPOPT_MTUP
788#define	IPOPT_MTUP	11	/* MTUP */
789#undef	IPOPT_MTUR
790#define	IPOPT_MTUR	12	/* MTUR */
791#undef	IPOPT_ENCODE
792#define	IPOPT_ENCODE	15	/* ENCODE */
793#undef	IPOPT_TS
794#define	IPOPT_TS	68
795#undef	IPOPT_TR
796#define	IPOPT_TR	82	/* TR */
797#undef	IPOPT_SECURITY
798#define	IPOPT_SECURITY	130
799#undef	IPOPT_LSRR
800#define	IPOPT_LSRR	131
801#undef	IPOPT_E_SEC
802#define	IPOPT_E_SEC	133	/* E-SEC */
803#undef	IPOPT_CIPSO
804#define	IPOPT_CIPSO	134	/* CIPSO */
805#undef	IPOPT_SATID
806#define	IPOPT_SATID	136
807#ifndef	IPOPT_SID
808# define	IPOPT_SID	IPOPT_SATID
809#endif
810#undef	IPOPT_SSRR
811#define	IPOPT_SSRR	137
812#undef	IPOPT_ADDEXT
813#define	IPOPT_ADDEXT	147	/* ADDEXT */
814#undef	IPOPT_VISA
815#define	IPOPT_VISA	142	/* VISA */
816#undef	IPOPT_IMITD
817#define	IPOPT_IMITD	144	/* IMITD */
818#undef	IPOPT_EIP
819#define	IPOPT_EIP	145	/* EIP */
820#undef	IPOPT_RTRALRT
821#define	IPOPT_RTRALRT	148	/* RTRALRT */
822#undef	IPOPT_SDB
823#define	IPOPT_SDB	149
824#undef	IPOPT_NSAPA
825#define	IPOPT_NSAPA	150
826#undef	IPOPT_DPS
827#define	IPOPT_DPS	151
828#undef	IPOPT_UMP
829#define	IPOPT_UMP	152
830#undef	IPOPT_FINN
831#define	IPOPT_FINN	205	/* FINN */
832#undef	IPOPT_AH
833#define	IPOPT_AH	256+IPPROTO_AH
834
835#ifndef TCPOPT_EOL
836# define TCPOPT_EOL		0
837#endif
838#ifndef TCPOPT_NOP
839# define TCPOPT_NOP		1
840#endif
841#ifndef TCPOPT_MAXSEG
842# define TCPOPT_MAXSEG		2
843#endif
844#ifndef TCPOLEN_MAXSEG
845# define TCPOLEN_MAXSEG		4
846#endif
847#ifndef TCPOPT_WINDOW
848# define TCPOPT_WINDOW		3
849#endif
850#ifndef TCPOLEN_WINDOW
851# define TCPOLEN_WINDOW		3
852#endif
853#ifndef TCPOPT_SACK_PERMITTED
854# define TCPOPT_SACK_PERMITTED	4
855#endif
856#ifndef TCPOLEN_SACK_PERMITTED
857# define TCPOLEN_SACK_PERMITTED	2
858#endif
859#ifndef TCPOPT_SACK
860# define TCPOPT_SACK		5
861#endif
862#ifndef TCPOPT_TIMESTAMP
863# define TCPOPT_TIMESTAMP	8
864#endif
865
866#ifndef	ICMP_MINLEN
867# define	ICMP_MINLEN	8
868#endif
869#ifndef	ICMP_ECHOREPLY
870# define	ICMP_ECHOREPLY	0
871#endif
872#ifndef	ICMP_UNREACH
873# define	ICMP_UNREACH	3
874#endif
875#ifndef	ICMP_UNREACH_NET
876# define	ICMP_UNREACH_NET	0
877#endif
878#ifndef	ICMP_UNREACH_HOST
879# define	ICMP_UNREACH_HOST	1
880#endif
881#ifndef	ICMP_UNREACH_PROTOCOL
882# define	ICMP_UNREACH_PROTOCOL	2
883#endif
884#ifndef	ICMP_UNREACH_PORT
885# define	ICMP_UNREACH_PORT	3
886#endif
887#ifndef	ICMP_UNREACH_NEEDFRAG
888# define	ICMP_UNREACH_NEEDFRAG	4
889#endif
890#ifndef	ICMP_UNREACH_SRCFAIL
891# define	ICMP_UNREACH_SRCFAIL	5
892#endif
893#ifndef	ICMP_UNREACH_NET_UNKNOWN
894# define	ICMP_UNREACH_NET_UNKNOWN	6
895#endif
896#ifndef	ICMP_UNREACH_HOST_UNKNOWN
897# define	ICMP_UNREACH_HOST_UNKNOWN	7
898#endif
899#ifndef	ICMP_UNREACH_ISOLATED
900# define	ICMP_UNREACH_ISOLATED	8
901#endif
902#ifndef	ICMP_UNREACH_NET_PROHIB
903# define	ICMP_UNREACH_NET_PROHIB	9
904#endif
905#ifndef	ICMP_UNREACH_HOST_PROHIB
906# define	ICMP_UNREACH_HOST_PROHIB	10
907#endif
908#ifndef	ICMP_UNREACH_TOSNET
909# define	ICMP_UNREACH_TOSNET	11
910#endif
911#ifndef	ICMP_UNREACH_TOSHOST
912# define	ICMP_UNREACH_TOSHOST	12
913#endif
914#ifndef	ICMP_UNREACH_ADMIN_PROHIBIT
915# define	ICMP_UNREACH_ADMIN_PROHIBIT	13
916#endif
917#ifndef	ICMP_UNREACH_FILTER
918# define	ICMP_UNREACH_FILTER	13
919#endif
920#ifndef	ICMP_UNREACH_HOST_PRECEDENCE
921# define	ICMP_UNREACH_HOST_PRECEDENCE	14
922#endif
923#ifndef	ICMP_UNREACH_PRECEDENCE_CUTOFF
924# define	ICMP_UNREACH_PRECEDENCE_CUTOFF	15
925#endif
926#ifndef	ICMP_SOURCEQUENCH
927# define	ICMP_SOURCEQUENCH	4
928#endif
929#ifndef	ICMP_REDIRECT_NET
930# define	ICMP_REDIRECT_NET	0
931#endif
932#ifndef	ICMP_REDIRECT_HOST
933# define	ICMP_REDIRECT_HOST	1
934#endif
935#ifndef	ICMP_REDIRECT_TOSNET
936# define	ICMP_REDIRECT_TOSNET	2
937#endif
938#ifndef	ICMP_REDIRECT_TOSHOST
939# define	ICMP_REDIRECT_TOSHOST	3
940#endif
941#ifndef	ICMP_ALTHOSTADDR
942# define	ICMP_ALTHOSTADDR	6
943#endif
944#ifndef	ICMP_TIMXCEED
945# define	ICMP_TIMXCEED	11
946#endif
947#ifndef	ICMP_TIMXCEED_INTRANS
948# define	ICMP_TIMXCEED_INTRANS	0
949#endif
950#ifndef	ICMP_TIMXCEED_REASS
951# define		ICMP_TIMXCEED_REASS	1
952#endif
953#ifndef	ICMP_PARAMPROB
954# define	ICMP_PARAMPROB	12
955#endif
956#ifndef	ICMP_PARAMPROB_ERRATPTR
957# define	ICMP_PARAMPROB_ERRATPTR	0
958#endif
959#ifndef	ICMP_PARAMPROB_OPTABSENT
960# define	ICMP_PARAMPROB_OPTABSENT	1
961#endif
962#ifndef	ICMP_PARAMPROB_LENGTH
963# define	ICMP_PARAMPROB_LENGTH	2
964#endif
965#ifndef ICMP_TSTAMP
966# define	ICMP_TSTAMP	13
967#endif
968#ifndef ICMP_TSTAMPREPLY
969# define	ICMP_TSTAMPREPLY	14
970#endif
971#ifndef ICMP_IREQ
972# define	ICMP_IREQ	15
973#endif
974#ifndef ICMP_IREQREPLY
975# define	ICMP_IREQREPLY	16
976#endif
977#ifndef	ICMP_MASKREQ
978# define	ICMP_MASKREQ	17
979#endif
980#ifndef ICMP_MASKREPLY
981# define	ICMP_MASKREPLY	18
982#endif
983#ifndef	ICMP_TRACEROUTE
984# define	ICMP_TRACEROUTE	30
985#endif
986#ifndef	ICMP_DATACONVERR
987# define	ICMP_DATACONVERR	31
988#endif
989#ifndef	ICMP_MOBILE_REDIRECT
990# define	ICMP_MOBILE_REDIRECT	32
991#endif
992#ifndef	ICMP_IPV6_WHEREAREYOU
993# define	ICMP_IPV6_WHEREAREYOU	33
994#endif
995#ifndef	ICMP_IPV6_IAMHERE
996# define	ICMP_IPV6_IAMHERE	34
997#endif
998#ifndef	ICMP_MOBILE_REGREQUEST
999# define	ICMP_MOBILE_REGREQUEST	35
1000#endif
1001#ifndef	ICMP_MOBILE_REGREPLY
1002# define	ICMP_MOBILE_REGREPLY	36
1003#endif
1004#ifndef	ICMP_SKIP
1005# define	ICMP_SKIP	39
1006#endif
1007#ifndef	ICMP_PHOTURIS
1008# define	ICMP_PHOTURIS	40
1009#endif
1010#ifndef	ICMP_PHOTURIS_UNKNOWN_INDEX
1011# define	ICMP_PHOTURIS_UNKNOWN_INDEX	1
1012#endif
1013#ifndef	ICMP_PHOTURIS_AUTH_FAILED
1014# define	ICMP_PHOTURIS_AUTH_FAILED	2
1015#endif
1016#ifndef	ICMP_PHOTURIS_DECRYPT_FAILED
1017# define	ICMP_PHOTURIS_DECRYPT_FAILED	3
1018#endif
1019#ifndef	IPVERSION
1020# define	IPVERSION	4
1021#endif
1022#ifndef	IPOPT_MINOFF
1023# define	IPOPT_MINOFF	4
1024#endif
1025#ifndef	IPOPT_COPIED
1026# define	IPOPT_COPIED(x)	((x)&0x80)
1027#endif
1028#ifndef	IPOPT_EOL
1029# define	IPOPT_EOL	0
1030#endif
1031#ifndef	IPOPT_NOP
1032# define	IPOPT_NOP	1
1033#endif
1034#ifndef	IP_MF
1035# define	IP_MF	((u_short)0x2000)
1036#endif
1037#ifndef	ETHERTYPE_IP
1038# define	ETHERTYPE_IP	((u_short)0x0800)
1039#endif
1040#ifndef	TH_FIN
1041# define	TH_FIN	0x01
1042#endif
1043#ifndef	TH_SYN
1044# define	TH_SYN	0x02
1045#endif
1046#ifndef	TH_RST
1047# define	TH_RST	0x04
1048#endif
1049#ifndef	TH_PUSH
1050# define	TH_PUSH	0x08
1051#endif
1052#ifndef	TH_ACK
1053# define	TH_ACK	0x10
1054#endif
1055#ifndef	TH_URG
1056# define	TH_URG	0x20
1057#endif
1058#undef	TH_ACKMASK
1059#define	TH_ACKMASK	(TH_FIN|TH_SYN|TH_RST|TH_ACK)
1060
1061#ifndef	IPOPT_EOL
1062# define	IPOPT_EOL	0
1063#endif
1064#ifndef	IPOPT_NOP
1065# define	IPOPT_NOP	1
1066#endif
1067#ifndef	IPOPT_RR
1068# define	IPOPT_RR	7
1069#endif
1070#ifndef	IPOPT_TS
1071# define	IPOPT_TS	68
1072#endif
1073#ifndef	IPOPT_SECURITY
1074# define	IPOPT_SECURITY	130
1075#endif
1076#ifndef	IPOPT_LSRR
1077# define	IPOPT_LSRR	131
1078#endif
1079#ifndef	IPOPT_SATID
1080# define	IPOPT_SATID	136
1081#endif
1082#ifndef	IPOPT_SSRR
1083# define	IPOPT_SSRR	137
1084#endif
1085#ifndef	IPOPT_SECUR_UNCLASS
1086# define	IPOPT_SECUR_UNCLASS	((u_short)0x0000)
1087#endif
1088#ifndef	IPOPT_SECUR_CONFID
1089# define	IPOPT_SECUR_CONFID	((u_short)0xf135)
1090#endif
1091#ifndef	IPOPT_SECUR_EFTO
1092# define	IPOPT_SECUR_EFTO	((u_short)0x789a)
1093#endif
1094#ifndef	IPOPT_SECUR_MMMM
1095# define	IPOPT_SECUR_MMMM	((u_short)0xbc4d)
1096#endif
1097#ifndef	IPOPT_SECUR_RESTR
1098# define	IPOPT_SECUR_RESTR	((u_short)0xaf13)
1099#endif
1100#ifndef	IPOPT_SECUR_SECRET
1101# define	IPOPT_SECUR_SECRET	((u_short)0xd788)
1102#endif
1103#ifndef IPOPT_SECUR_TOPSECRET
1104# define	IPOPT_SECUR_TOPSECRET	((u_short)0x6bc5)
1105#endif
1106#ifndef IPOPT_OLEN
1107# define	IPOPT_OLEN	1
1108#endif
1109#ifndef	IPPROTO_HOPOPTS
1110# define	IPPROTO_HOPOPTS	0
1111#endif
1112#ifndef	IPPROTO_IPIP
1113# define	IPPROTO_IPIP	4
1114#endif
1115#ifndef	IPPROTO_ENCAP
1116# define	IPPROTO_ENCAP	98
1117#endif
1118#ifndef	IPPROTO_IPV6
1119# define	IPPROTO_IPV6	41
1120#endif
1121#ifndef	IPPROTO_ROUTING
1122# define	IPPROTO_ROUTING	43
1123#endif
1124#ifndef	IPPROTO_FRAGMENT
1125# define	IPPROTO_FRAGMENT	44
1126#endif
1127#ifndef	IPPROTO_GRE
1128# define	IPPROTO_GRE	47	/* GRE encaps RFC 1701 */
1129#endif
1130#ifndef	IPPROTO_ESP
1131# define	IPPROTO_ESP	50
1132#endif
1133#ifndef	IPPROTO_AH
1134# define	IPPROTO_AH	51
1135#endif
1136#ifndef	IPPROTO_ICMPV6
1137# define	IPPROTO_ICMPV6	58
1138#endif
1139#ifndef	IPPROTO_NONE
1140# define	IPPROTO_NONE	59
1141#endif
1142#ifndef	IPPROTO_DSTOPTS
1143# define	IPPROTO_DSTOPTS	60
1144#endif
1145#ifndef	IPPROTO_MOBILITY
1146# define	IPPROTO_MOBILITY	135
1147#endif
1148
1149#ifndef	ICMP_ROUTERADVERT
1150# define	ICMP_ROUTERADVERT	9
1151#endif
1152#ifndef	ICMP_ROUTERSOLICIT
1153# define	ICMP_ROUTERSOLICIT	10
1154#endif
1155#ifndef	ICMP6_DST_UNREACH
1156# define	ICMP6_DST_UNREACH	1
1157#endif
1158#ifndef	ICMP6_PACKET_TOO_BIG
1159# define	ICMP6_PACKET_TOO_BIG	2
1160#endif
1161#ifndef	ICMP6_TIME_EXCEEDED
1162# define	ICMP6_TIME_EXCEEDED	3
1163#endif
1164#ifndef	ICMP6_PARAM_PROB
1165# define	ICMP6_PARAM_PROB	4
1166#endif
1167
1168#ifndef	ICMP6_ECHO_REQUEST
1169# define	ICMP6_ECHO_REQUEST	128
1170#endif
1171#ifndef	ICMP6_ECHO_REPLY
1172# define	ICMP6_ECHO_REPLY	129
1173#endif
1174#ifndef	ICMP6_MEMBERSHIP_QUERY
1175# define	ICMP6_MEMBERSHIP_QUERY	130
1176#endif
1177#ifndef	MLD6_LISTENER_QUERY
1178# define	MLD6_LISTENER_QUERY	130
1179#endif
1180#ifndef	ICMP6_MEMBERSHIP_REPORT
1181# define	ICMP6_MEMBERSHIP_REPORT	131
1182#endif
1183#ifndef	MLD6_LISTENER_REPORT
1184# define	MLD6_LISTENER_REPORT	131
1185#endif
1186#ifndef	ICMP6_MEMBERSHIP_REDUCTION
1187# define	ICMP6_MEMBERSHIP_REDUCTION	132
1188#endif
1189#ifndef	MLD6_LISTENER_DONE
1190# define	MLD6_LISTENER_DONE	132
1191#endif
1192#ifndef	ND_ROUTER_SOLICIT
1193# define	ND_ROUTER_SOLICIT	133
1194#endif
1195#ifndef	ND_ROUTER_ADVERT
1196# define	ND_ROUTER_ADVERT	134
1197#endif
1198#ifndef	ND_NEIGHBOR_SOLICIT
1199# define	ND_NEIGHBOR_SOLICIT	135
1200#endif
1201#ifndef	ND_NEIGHBOR_ADVERT
1202# define	ND_NEIGHBOR_ADVERT	136
1203#endif
1204#ifndef	ND_REDIRECT
1205# define	ND_REDIRECT	137
1206#endif
1207#ifndef	ICMP6_ROUTER_RENUMBERING
1208# define	ICMP6_ROUTER_RENUMBERING	138
1209#endif
1210#ifndef	ICMP6_WRUREQUEST
1211# define	ICMP6_WRUREQUEST	139
1212#endif
1213#ifndef	ICMP6_WRUREPLY
1214# define	ICMP6_WRUREPLY		140
1215#endif
1216#ifndef	ICMP6_FQDN_QUERY
1217# define	ICMP6_FQDN_QUERY	139
1218#endif
1219#ifndef	ICMP6_FQDN_REPLY
1220# define	ICMP6_FQDN_REPLY	140
1221#endif
1222#ifndef	ICMP6_NI_QUERY
1223# define	ICMP6_NI_QUERY		139
1224#endif
1225#ifndef	ICMP6_NI_REPLY
1226# define	ICMP6_NI_REPLY		140
1227#endif
1228#ifndef	MLD6_MTRACE_RESP
1229# define	MLD6_MTRACE_RESP	200
1230#endif
1231#ifndef	MLD6_MTRACE
1232# define	MLD6_MTRACE		201
1233#endif
1234#ifndef	ICMP6_HADISCOV_REQUEST
1235# define	ICMP6_HADISCOV_REQUEST	202
1236#endif
1237#ifndef	ICMP6_HADISCOV_REPLY
1238# define	ICMP6_HADISCOV_REPLY	203
1239#endif
1240#ifndef	ICMP6_MOBILEPREFIX_SOLICIT
1241# define	ICMP6_MOBILEPREFIX_SOLICIT	204
1242#endif
1243#ifndef	ICMP6_MOBILEPREFIX_ADVERT
1244# define	ICMP6_MOBILEPREFIX_ADVERT	205
1245#endif
1246#ifndef	ICMP6_MAXTYPE
1247# define	ICMP6_MAXTYPE		205
1248#endif
1249
1250#ifndef	ICMP6_DST_UNREACH_NOROUTE
1251# define	ICMP6_DST_UNREACH_NOROUTE	0
1252#endif
1253#ifndef	ICMP6_DST_UNREACH_ADMIN
1254# define	ICMP6_DST_UNREACH_ADMIN		1
1255#endif
1256#ifndef	ICMP6_DST_UNREACH_NOTNEIGHBOR
1257# define	ICMP6_DST_UNREACH_NOTNEIGHBOR	2
1258#endif
1259#ifndef	ICMP6_DST_UNREACH_BEYONDSCOPE
1260# define	ICMP6_DST_UNREACH_BEYONDSCOPE	2
1261#endif
1262#ifndef	ICMP6_DST_UNREACH_ADDR
1263# define	ICMP6_DST_UNREACH_ADDR		3
1264#endif
1265#ifndef	ICMP6_DST_UNREACH_NOPORT
1266# define	ICMP6_DST_UNREACH_NOPORT	4
1267#endif
1268#ifndef	ICMP6_TIME_EXCEED_TRANSIT
1269# define	ICMP6_TIME_EXCEED_TRANSIT	0
1270#endif
1271#ifndef	ICMP6_TIME_EXCEED_REASSEMBLY
1272# define	ICMP6_TIME_EXCEED_REASSEMBLY	1
1273#endif
1274
1275#ifndef	ICMP6_NI_SUCCESS
1276# define	ICMP6_NI_SUCCESS	0
1277#endif
1278#ifndef	ICMP6_NI_REFUSED
1279# define	ICMP6_NI_REFUSED	1
1280#endif
1281#ifndef	ICMP6_NI_UNKNOWN
1282# define	ICMP6_NI_UNKNOWN	2
1283#endif
1284
1285#ifndef	ICMP6_ROUTER_RENUMBERING_COMMAND
1286# define	ICMP6_ROUTER_RENUMBERING_COMMAND	0
1287#endif
1288#ifndef	ICMP6_ROUTER_RENUMBERING_RESULT
1289# define	ICMP6_ROUTER_RENUMBERING_RESULT	1
1290#endif
1291#ifndef	ICMP6_ROUTER_RENUMBERING_SEQNUM_RESET
1292# define	ICMP6_ROUTER_RENUMBERING_SEQNUM_RESET	255
1293#endif
1294
1295#ifndef	ICMP6_PARAMPROB_HEADER
1296# define	ICMP6_PARAMPROB_HEADER	0
1297#endif
1298#ifndef	ICMP6_PARAMPROB_NEXTHEADER
1299# define	ICMP6_PARAMPROB_NEXTHEADER	1
1300#endif
1301#ifndef	ICMP6_PARAMPROB_OPTION
1302# define	ICMP6_PARAMPROB_OPTION	2
1303#endif
1304
1305#ifndef	ICMP6_NI_SUBJ_IPV6
1306# define	ICMP6_NI_SUBJ_IPV6	0
1307#endif
1308#ifndef	ICMP6_NI_SUBJ_FQDN
1309# define	ICMP6_NI_SUBJ_FQDN	1
1310#endif
1311#ifndef	ICMP6_NI_SUBJ_IPV4
1312# define	ICMP6_NI_SUBJ_IPV4	2
1313#endif
1314
1315#ifndef	MLD_MTRACE_RESP
1316# define	MLD_MTRACE_RESP		200
1317#endif
1318#ifndef	MLD_MTRACE
1319# define	MLD_MTRACE		201
1320#endif
1321#ifndef	MLD6_MTRACE_RESP
1322# define	MLD6_MTRACE_RESP	MLD_MTRACE_RESP
1323#endif
1324#ifndef	MLD6_MTRACE
1325# define	MLD6_MTRACE		MLD_MTRACE
1326#endif
1327
1328#if !defined(IPV6_FLOWINFO_MASK)
1329# if (BYTE_ORDER == BIG_ENDIAN) || defined(_BIG_ENDIAN)
1330#  define IPV6_FLOWINFO_MASK	0x0fffffff	/* flow info (28 bits) */
1331# else
1332#  if(BYTE_ORDER == LITTLE_ENDIAN) || !defined(_BIG_ENDIAN)
1333#   define IPV6_FLOWINFO_MASK	0xffffff0f	/* flow info (28 bits) */
1334#  endif /* LITTLE_ENDIAN */
1335# endif
1336#endif
1337#if !defined(IPV6_FLOWLABEL_MASK)
1338# if (BYTE_ORDER == BIG_ENDIAN) || defined(_BIG_ENDIAN)
1339#  define IPV6_FLOWLABEL_MASK	0x000fffff	/* flow label (20 bits) */
1340# else
1341#  if (BYTE_ORDER == LITTLE_ENDIAN) || !defined(_BIG_ENDIAN)
1342#   define IPV6_FLOWLABEL_MASK	0xffff0f00	/* flow label (20 bits) */
1343#  endif /* LITTLE_ENDIAN */
1344# endif
1345#endif
1346
1347/*
1348 * ECN is a new addition to TCP - RFC 2481
1349 */
1350#ifndef TH_ECN
1351# define	TH_ECN	0x40
1352#endif
1353#ifndef TH_CWR
1354# define	TH_CWR	0x80
1355#endif
1356#define	TH_ECNALL	(TH_ECN|TH_CWR)
1357
1358/*
1359 * TCP States
1360 */
1361#define IPF_TCPS_LISTEN		0	/* listening for connection */
1362#define IPF_TCPS_SYN_SENT	1	/* active, have sent syn */
1363#define IPF_TCPS_SYN_RECEIVED	2	/* have send and received syn */
1364#define IPF_TCPS_HALF_ESTAB	3	/* for connections not fully "up" */
1365/* states < IPF_TCPS_ESTABLISHED are those where connections not established */
1366#define IPF_TCPS_ESTABLISHED	4	/* established */
1367#define IPF_TCPS_CLOSE_WAIT	5	/* rcvd fin, waiting for close */
1368/* states > IPF_TCPS_CLOSE_WAIT are those where user has closed */
1369#define IPF_TCPS_FIN_WAIT_1	6	/* have closed, sent fin */
1370#define IPF_TCPS_CLOSING	7	/* closed xchd FIN; await FIN ACK */
1371#define IPF_TCPS_LAST_ACK	8	/* had fin and close; await FIN ACK */
1372/* states > IPF_TCPS_CLOSE_WAIT && < IPF_TCPS_FIN_WAIT_2 await ACK of FIN */
1373#define IPF_TCPS_FIN_WAIT_2	9	/* have closed, fin is acked */
1374#define IPF_TCPS_TIME_WAIT	10	/* in 2*msl quiet wait after close */
1375#define IPF_TCPS_CLOSED		11	/* closed */
1376#define IPF_TCP_NSTATES		12
1377
1378#define	TCP_MSL			120
1379
1380#undef	ICMP_MAX_UNREACH
1381#define	ICMP_MAX_UNREACH	14
1382#undef	ICMP_MAXTYPE
1383#define	ICMP_MAXTYPE		18
1384
1385#ifndef	IFNAMSIZ
1386#define	IFNAMSIZ		16
1387#endif
1388
1389#ifndef	LOG_FTP
1390# define	LOG_FTP		(11<<3)
1391#endif
1392#ifndef	LOG_AUTHPRIV
1393# define	LOG_AUTHPRIV	(10<<3)
1394#endif
1395#ifndef	LOG_AUDIT
1396# define	LOG_AUDIT	(13<<3)
1397#endif
1398#ifndef	LOG_NTP
1399# define	LOG_NTP		(12<<3)
1400#endif
1401#ifndef	LOG_SECURITY
1402# define	LOG_SECURITY	(13<<3)
1403#endif
1404#ifndef	LOG_LFMT
1405# define	LOG_LFMT	(14<<3)
1406#endif
1407#ifndef	LOG_CONSOLE
1408# define	LOG_CONSOLE	(14<<3)
1409#endif
1410
1411/*
1412 * ICMP error replies have an IP header (20 bytes), 8 bytes of ICMP data,
1413 * another IP header and then 64 bits of data, totalling 56.  Of course,
1414 * the last 64 bits is dependent on that being available.
1415 */
1416#define	ICMPERR_ICMPHLEN	8
1417#define	ICMPERR_IPICMPHLEN	(20 + 8)
1418#define	ICMPERR_MINPKTLEN	(20 + 8 + 20)
1419#define	ICMPERR_MAXPKTLEN	(20 + 8 + 20 + 8)
1420#define ICMP6ERR_MINPKTLEN	(40 + 8)
1421#define ICMP6ERR_IPICMPHLEN	(40 + 8 + 40)
1422
1423#ifndef MIN
1424# define	MIN(a,b)	(((a)<(b))?(a):(b))
1425#endif
1426
1427#ifdef RESCUE
1428# undef IPFILTER_BPF
1429#endif
1430
1431#ifdef IPF_DEBUG
1432# define	DPRINT(x)	printf x
1433#else
1434# define	DPRINT(x)
1435#endif
1436
1437#ifndef	AF_INET6
1438# define	AF_INET6	26
1439#endif
1440
1441#ifdef DTRACE_PROBE
1442# ifdef _KERNEL
1443#  define	DT(_n)			DTRACE_PROBE(_n)
1444#  define	DT1(_n,_a,_b)		DTRACE_PROBE1(_n,_a,_b)
1445#  define	DT2(_n,_a,_b,_c,_d)	DTRACE_PROBE2(_n,_a,_b,_c,_d)
1446#  define	DT3(_n,_a,_b,_c,_d,_e,_f)	\
1447					DTRACE_PROBE3(_n,_a,_b,_c,_d,_e,_f)
1448#  define	DT4(_n,_a,_b,_c,_d,_e,_f,_g,_h) \
1449				DTRACE_PROBE4(_n,_a,_b,_c,_d,_e,_f,_g,_h)
1450# else
1451#  define	DT(_n)
1452#  define	DT1(_n,_a,_b)
1453#  define	DT2(_n,_a,_b,_c,_d)
1454#  define	DT3(_n,_a,_b,_c,_d,_e,_f)
1455#  define	DT4(_n,_a,_b,_c,_d,_e,_f,_g,_h)
1456# endif
1457#else
1458# define	DT(_n)
1459# define	DT1(_n,_a,_b)
1460# define	DT2(_n,_a,_b,_c,_d)
1461# define	DT3(_n,_a,_b,_c,_d,_e,_f)
1462# define	DT4(_n,_a,_b,_c,_d,_e,_f,_g,_h)
1463#endif
1464
1465struct ip6_routing {
1466	u_char	ip6r_nxt;	/* next header */
1467	u_char	ip6r_len;	/* length in units of 8 octets */
1468	u_char	ip6r_type;	/* always zero */
1469	u_char	ip6r_segleft;	/* segments left */
1470	u_32_t	ip6r_reserved;	/* reserved field */
1471};
1472
1473#endif	/* __IP_COMPAT_H__ */
1474