if_pfsync.h

Version: - FREEBSD - FREEBSD-13-STABLE - FREEBSD-13-0 - FREEBSD-12-STABLE - FREEBSD-12-0 - FREEBSD-11-STABLE - FREEBSD-11-0 - FREEBSD-10-STABLE - FREEBSD-10-0 - FREEBSD-9-STABLE - FREEBSD-9-0 - FREEBSD-8-STABLE - FREEBSD-8-0 - FREEBSD-7-STABLE - FREEBSD-7-0 - FREEBSD-6-STABLE - FREEBSD-6-0 - FREEBSD-5-STABLE - FREEBSD-5-0 - FREEBSD-4-STABLE - FREEBSD-3-STABLE - FREEBSD22 - l41 - OPENBSD - linux-2.6 - MK84 - PLAN9 - xnu-8792
SearchContext: - none - 3 - 10
    1 /*-
    2  * SPDX-License-Identifier: BSD-2-Clause-FreeBSD
    3  *
    4  * Copyright (c) 2001 Michael Shalayeff
    5  * All rights reserved.
    6  *
    7  * Redistribution and use in source and binary forms, with or without
    8  * modification, are permitted provided that the following conditions
    9  * are met:
   10  * 1. Redistributions of source code must retain the above copyright
   11  *    notice, this list of conditions and the following disclaimer.
   12  * 2. Redistributions in binary form must reproduce the above copyright
   13  *    notice, this list of conditions and the following disclaimer in the
   14  *    documentation and/or other materials provided with the distribution.
   15  *
   16  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
   17  * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
   18  * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
   19  * IN NO EVENT SHALL THE AUTHOR OR HIS RELATIVES BE LIABLE FOR ANY DIRECT,
   20  * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
   21  * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
   22  * SERVICES; LOSS OF MIND, USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
   23  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
   24  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
   25  * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
   26  * THE POSSIBILITY OF SUCH DAMAGE.
   27  */
   28 
   29 /*-
   30  * Copyright (c) 2008 David Gwynne <dlg@openbsd.org>
   31  *
   32  * Permission to use, copy, modify, and distribute this software for any
   33  * purpose with or without fee is hereby granted, provided that the above
   34  * copyright notice and this permission notice appear in all copies.
   35  *
   36  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
   37  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
   38  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
   39  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
   40  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
   41  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
   42  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
   43  */
   44 
   45 /*
   46  *      $OpenBSD: if_pfsync.h,v 1.35 2008/06/29 08:42:15 mcbride Exp $
   47  *      $FreeBSD$
   48  */
   49 
   50 #ifndef _NET_IF_PFSYNC_H_
   51 #define _NET_IF_PFSYNC_H_
   52 
   53 #include <sys/types.h>
   54 
   55 #include <net/if.h>
   56 #include <net/pfvar.h>
   57 #include <netpfil/pf/pf.h>
   58 
   59 #define PFSYNC_VERSION          5
   60 #define PFSYNC_DFLTTL           255
   61 
   62 #define PFSYNC_ACT_CLR          0       /* clear all states */
   63 #define PFSYNC_ACT_INS          1       /* insert state */
   64 #define PFSYNC_ACT_INS_ACK      2       /* ack of inserted state */
   65 #define PFSYNC_ACT_UPD          3       /* update state */
   66 #define PFSYNC_ACT_UPD_C        4       /* "compressed" update state */
   67 #define PFSYNC_ACT_UPD_REQ      5       /* request "uncompressed" state */
   68 #define PFSYNC_ACT_DEL          6       /* delete state */
   69 #define PFSYNC_ACT_DEL_C        7       /* "compressed" delete state */
   70 #define PFSYNC_ACT_INS_F        8       /* insert fragment */
   71 #define PFSYNC_ACT_DEL_F        9       /* delete fragments */
   72 #define PFSYNC_ACT_BUS          10      /* bulk update status */
   73 #define PFSYNC_ACT_TDB          11      /* TDB replay counter update */
   74 #define PFSYNC_ACT_EOF          12      /* end of frame */
   75 #define PFSYNC_ACT_MAX          13
   76 
   77 /*
   78  * A pfsync frame is built from a header followed by several sections which
   79  * are all prefixed with their own subheaders. Frames must be terminated with
   80  * an EOF subheader.
   81  *
   82  * | ...                        |
   83  * | IP header                  |
   84  * +============================+
   85  * | pfsync_header              |
   86  * +----------------------------+
   87  * | pfsync_subheader           |
   88  * +----------------------------+
   89  * | first action fields        |
   90  * | ...                        |
   91  * +----------------------------+
   92  * | pfsync_subheader           |
   93  * +----------------------------+
   94  * | second action fields       |
   95  * | ...                        |
   96  * +----------------------------+
   97  * | EOF pfsync_subheader       |
   98  * +----------------------------+
   99  * | HMAC                       |
  100  * +============================+
  101  */
  102 
  103 /*
  104  * Frame header
  105  */
  106 
  107 struct pfsync_header {
  108         u_int8_t                        version;
  109         u_int8_t                        _pad;
  110         u_int16_t                       len;
  111         u_int8_t                        pfcksum[PF_MD5_DIGEST_LENGTH];
  112 } __packed;
  113 
  114 /*
  115  * Frame region subheader
  116  */
  117 
  118 struct pfsync_subheader {
  119         u_int8_t                        action;
  120         u_int8_t                        _pad;
  121         u_int16_t                       count;
  122 } __packed;
  123 
  124 /*
  125  * CLR
  126  */
  127 
  128 struct pfsync_clr {
  129         char                            ifname[IFNAMSIZ];
  130         u_int32_t                       creatorid;
  131 } __packed;
  132 
  133 /*
  134  * INS, UPD, DEL
  135  */
  136 
  137 /* these use struct pfsync_state in pfvar.h */
  138 
  139 /*
  140  * INS_ACK
  141  */
  142 
  143 struct pfsync_ins_ack {
  144         u_int64_t                       id;
  145         u_int32_t                       creatorid;
  146 } __packed;
  147 
  148 /*
  149  * UPD_C
  150  */
  151 
  152 struct pfsync_upd_c {
  153         u_int64_t                       id;
  154         struct pfsync_state_peer        src;
  155         struct pfsync_state_peer        dst;
  156         u_int32_t                       creatorid;
  157         u_int32_t                       expire;
  158         u_int8_t                        timeout;
  159         u_int8_t                        _pad[3];
  160 } __packed;
  161 
  162 /*
  163  * UPD_REQ
  164  */
  165 
  166 struct pfsync_upd_req {
  167         u_int64_t                       id;
  168         u_int32_t                       creatorid;
  169 } __packed;
  170 
  171 /*
  172  * DEL_C
  173  */
  174 
  175 struct pfsync_del_c {
  176         u_int64_t                       id;
  177         u_int32_t                       creatorid;
  178 } __packed;
  179 
  180 /*
  181  * INS_F, DEL_F
  182  */
  183 
  184 /* not implemented (yet) */
  185 
  186 /*
  187  * BUS
  188  */
  189 
  190 struct pfsync_bus {
  191         u_int32_t                       creatorid;
  192         u_int32_t                       endtime;
  193         u_int8_t                        status;
  194 #define PFSYNC_BUS_START                        1
  195 #define PFSYNC_BUS_END                          2
  196         u_int8_t                        _pad[3];
  197 } __packed;
  198 
  199 /*
  200  * TDB
  201  */
  202 
  203 struct pfsync_tdb {
  204         u_int32_t                       spi;
  205         union sockaddr_union            dst;
  206         u_int32_t                       rpl;
  207         u_int64_t                       cur_bytes;
  208         u_int8_t                        sproto;
  209         u_int8_t                        updates;
  210         u_int8_t                        _pad[2];
  211 } __packed;
  212 
  213 #define PFSYNC_HDRLEN           sizeof(struct pfsync_header)
  214 
  215 struct pfsyncstats {
  216         u_int64_t       pfsyncs_ipackets;       /* total input packets, IPv4 */
  217         u_int64_t       pfsyncs_ipackets6;      /* total input packets, IPv6 */
  218         u_int64_t       pfsyncs_badif;          /* not the right interface */
  219         u_int64_t       pfsyncs_badttl;         /* TTL is not PFSYNC_DFLTTL */
  220         u_int64_t       pfsyncs_hdrops;         /* packets shorter than hdr */
  221         u_int64_t       pfsyncs_badver;         /* bad (incl unsupp) version */
  222         u_int64_t       pfsyncs_badact;         /* bad action */
  223         u_int64_t       pfsyncs_badlen;         /* data length does not match */
  224         u_int64_t       pfsyncs_badauth;        /* bad authentication */
  225         u_int64_t       pfsyncs_stale;          /* stale state */
  226         u_int64_t       pfsyncs_badval;         /* bad values */
  227         u_int64_t       pfsyncs_badstate;       /* insert/lookup failed */
  228 
  229         u_int64_t       pfsyncs_opackets;       /* total output packets, IPv4 */
  230         u_int64_t       pfsyncs_opackets6;      /* total output packets, IPv6 */
  231         u_int64_t       pfsyncs_onomem;         /* no memory for an mbuf */
  232         u_int64_t       pfsyncs_oerrors;        /* ip output error */
  233 
  234         u_int64_t       pfsyncs_iacts[PFSYNC_ACT_MAX];
  235         u_int64_t       pfsyncs_oacts[PFSYNC_ACT_MAX];
  236 };
  237 
  238 /*
  239  * Configuration structure for SIOCSETPFSYNC SIOCGETPFSYNC
  240  */
  241 struct pfsyncreq {
  242         char             pfsyncr_syncdev[IFNAMSIZ];
  243         struct in_addr   pfsyncr_syncpeer;
  244         int              pfsyncr_maxupdates;
  245 #define PFSYNCF_OK              0x00000001
  246 #define PFSYNCF_DEFER           0x00000002
  247         int              pfsyncr_defer;
  248 };
  249 
  250 struct pfsync_kstatus {
  251         char                    syncdev[IFNAMSIZ];
  252         struct sockaddr_storage syncpeer;
  253         int                     maxupdates;
  254         int                     flags;
  255 };
  256 
  257 struct pfsyncioc_nv {
  258         void            *data;
  259         size_t           len;   /* The length of the nvlist data. */
  260         size_t           size;  /* The total size of the data buffer. */
  261 };
  262 
  263 #define SIOCSETPFSYNC   _IOW('i', 247, struct ifreq)
  264 #define SIOCGETPFSYNC   _IOWR('i', 248, struct ifreq)
  265 #define SIOCSETPFSYNCNV _IOW('i', 249, struct ifreq)
  266 #define SIOCGETPFSYNCNV _IOWR('i', 250, struct ifreq)
  267 
  268 #ifdef _KERNEL
  269 
  270 /*
  271  * this shows where a pf state is with respect to the syncing.
  272  */
  273 #define PFSYNC_S_INS    0x00
  274 #define PFSYNC_S_IACK   0x01
  275 #define PFSYNC_S_UPD    0x02
  276 #define PFSYNC_S_UPD_C  0x03
  277 #define PFSYNC_S_DEL    0x04
  278 #define PFSYNC_S_COUNT  0x05
  279 
  280 #define PFSYNC_S_DEFER  0xfe
  281 #define PFSYNC_S_NONE   0xff
  282 
  283 #define PFSYNC_SI_IOCTL         0x01
  284 #define PFSYNC_SI_CKSUM         0x02
  285 #define PFSYNC_SI_ACK           0x04
  286 
  287 #endif /* _KERNEL */
  288 
  289 #endif /* _NET_IF_PFSYNC_H_ */
Cache object: bc9025283ac5f1a2816c2e1dc387d3e7
[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]
This page is part of the FreeBSD/Linux Linux Kernel Cross-Reference, and was automatically generated using a modified version of the LXR engine.
FreeBSD/Linux Kernel Cross Reference sys/net/if_pfsync.h

FreeBSD/Linux Kernel Cross Reference
sys/net/if_pfsync.h
