The Design and Implementation of the FreeBSD Operating System, Second Edition
Now available: The Design and Implementation of the FreeBSD Operating System (Second Edition)


[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]

FreeBSD/Linux Kernel Cross Reference
sys/net/if_pfsync.h

Version: -  FREEBSD  -  FREEBSD-13-STABLE  -  FREEBSD-13-0  -  FREEBSD-12-STABLE  -  FREEBSD-12-0  -  FREEBSD-11-STABLE  -  FREEBSD-11-0  -  FREEBSD-10-STABLE  -  FREEBSD-10-0  -  FREEBSD-9-STABLE  -  FREEBSD-9-0  -  FREEBSD-8-STABLE  -  FREEBSD-8-0  -  FREEBSD-7-STABLE  -  FREEBSD-7-0  -  FREEBSD-6-STABLE  -  FREEBSD-6-0  -  FREEBSD-5-STABLE  -  FREEBSD-5-0  -  FREEBSD-4-STABLE  -  FREEBSD-3-STABLE  -  FREEBSD22  -  l41  -  OPENBSD  -  linux-2.6  -  MK84  -  PLAN9  -  xnu-8792 
SearchContext: -  none  -  3  -  10 

    1 /*-
    2  * Copyright (c) 2001 Michael Shalayeff
    3  * All rights reserved.
    4  *
    5  * Redistribution and use in source and binary forms, with or without
    6  * modification, are permitted provided that the following conditions
    7  * are met:
    8  * 1. Redistributions of source code must retain the above copyright
    9  *    notice, this list of conditions and the following disclaimer.
   10  * 2. Redistributions in binary form must reproduce the above copyright
   11  *    notice, this list of conditions and the following disclaimer in the
   12  *    documentation and/or other materials provided with the distribution.
   13  *
   14  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
   15  * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
   16  * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
   17  * IN NO EVENT SHALL THE AUTHOR OR HIS RELATIVES BE LIABLE FOR ANY DIRECT,
   18  * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
   19  * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
   20  * SERVICES; LOSS OF MIND, USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
   21  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
   22  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
   23  * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
   24  * THE POSSIBILITY OF SUCH DAMAGE.
   25  */
   26 
   27 /*-
   28  * Copyright (c) 2008 David Gwynne <dlg@openbsd.org>
   29  *
   30  * Permission to use, copy, modify, and distribute this software for any
   31  * purpose with or without fee is hereby granted, provided that the above
   32  * copyright notice and this permission notice appear in all copies.
   33  *
   34  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
   35  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
   36  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
   37  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
   38  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
   39  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
   40  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
   41  */
   42 
   43 /*
   44  *      $OpenBSD: if_pfsync.h,v 1.35 2008/06/29 08:42:15 mcbride Exp $
   45  *      $FreeBSD: releng/11.2/sys/net/if_pfsync.h 262489 2014-02-25 18:44:33Z jhb $
   46  */
   47 
   48 
   49 #ifndef _NET_IF_PFSYNC_H_
   50 #define _NET_IF_PFSYNC_H_
   51 
   52 #define PFSYNC_VERSION          5
   53 #define PFSYNC_DFLTTL           255
   54 
   55 #define PFSYNC_ACT_CLR          0       /* clear all states */
   56 #define PFSYNC_ACT_INS          1       /* insert state */
   57 #define PFSYNC_ACT_INS_ACK      2       /* ack of insterted state */
   58 #define PFSYNC_ACT_UPD          3       /* update state */
   59 #define PFSYNC_ACT_UPD_C        4       /* "compressed" update state */
   60 #define PFSYNC_ACT_UPD_REQ      5       /* request "uncompressed" state */
   61 #define PFSYNC_ACT_DEL          6       /* delete state */
   62 #define PFSYNC_ACT_DEL_C        7       /* "compressed" delete state */
   63 #define PFSYNC_ACT_INS_F        8       /* insert fragment */
   64 #define PFSYNC_ACT_DEL_F        9       /* delete fragments */
   65 #define PFSYNC_ACT_BUS          10      /* bulk update status */
   66 #define PFSYNC_ACT_TDB          11      /* TDB replay counter update */
   67 #define PFSYNC_ACT_EOF          12      /* end of frame */
   68 #define PFSYNC_ACT_MAX          13
   69 
   70 /*
   71  * A pfsync frame is built from a header followed by several sections which
   72  * are all prefixed with their own subheaders. Frames must be terminated with
   73  * an EOF subheader.
   74  *
   75  * | ...                        |
   76  * | IP header                  |
   77  * +============================+
   78  * | pfsync_header              |
   79  * +----------------------------+
   80  * | pfsync_subheader           |
   81  * +----------------------------+
   82  * | first action fields        |
   83  * | ...                        |
   84  * +----------------------------+
   85  * | pfsync_subheader           |
   86  * +----------------------------+
   87  * | second action fields       |
   88  * | ...                        |
   89  * +----------------------------+
   90  * | EOF pfsync_subheader       |
   91  * +----------------------------+
   92  * | HMAC                       |
   93  * +============================+
   94  */
   95 
   96 /*
   97  * Frame header
   98  */
   99 
  100 struct pfsync_header {
  101         u_int8_t                        version;
  102         u_int8_t                        _pad;
  103         u_int16_t                       len;
  104         u_int8_t                        pfcksum[PF_MD5_DIGEST_LENGTH];
  105 } __packed;
  106 
  107 /*
  108  * Frame region subheader
  109  */
  110 
  111 struct pfsync_subheader {
  112         u_int8_t                        action;
  113         u_int8_t                        _pad;
  114         u_int16_t                       count;
  115 } __packed;
  116 
  117 /*
  118  * CLR
  119  */
  120 
  121 struct pfsync_clr {
  122         char                            ifname[IFNAMSIZ];
  123         u_int32_t                       creatorid;
  124 } __packed;
  125 
  126 /*
  127  * INS, UPD, DEL
  128  */
  129 
  130 /* these use struct pfsync_state in pfvar.h */
  131 
  132 /*
  133  * INS_ACK
  134  */
  135 
  136 struct pfsync_ins_ack {
  137         u_int64_t                       id;
  138         u_int32_t                       creatorid;
  139 } __packed;
  140 
  141 /*
  142  * UPD_C
  143  */
  144 
  145 struct pfsync_upd_c {
  146         u_int64_t                       id;
  147         struct pfsync_state_peer        src;
  148         struct pfsync_state_peer        dst;
  149         u_int32_t                       creatorid;
  150         u_int32_t                       expire;
  151         u_int8_t                        timeout;
  152         u_int8_t                        _pad[3];
  153 } __packed;
  154 
  155 /*
  156  * UPD_REQ
  157  */
  158 
  159 struct pfsync_upd_req {
  160         u_int64_t                       id;
  161         u_int32_t                       creatorid;
  162 } __packed;
  163 
  164 /*
  165  * DEL_C
  166  */
  167 
  168 struct pfsync_del_c {
  169         u_int64_t                       id;
  170         u_int32_t                       creatorid;
  171 } __packed;
  172 
  173 /*
  174  * INS_F, DEL_F
  175  */
  176 
  177 /* not implemented (yet) */
  178 
  179 /*
  180  * BUS
  181  */
  182 
  183 struct pfsync_bus {
  184         u_int32_t                       creatorid;
  185         u_int32_t                       endtime;
  186         u_int8_t                        status;
  187 #define PFSYNC_BUS_START                        1
  188 #define PFSYNC_BUS_END                          2
  189         u_int8_t                        _pad[3];
  190 } __packed;
  191 
  192 /*
  193  * TDB
  194  */
  195 
  196 struct pfsync_tdb {
  197         u_int32_t                       spi;
  198         union sockaddr_union            dst;
  199         u_int32_t                       rpl;
  200         u_int64_t                       cur_bytes;
  201         u_int8_t                        sproto;
  202         u_int8_t                        updates;
  203         u_int8_t                        _pad[2];
  204 } __packed;
  205 
  206 #define PFSYNC_HDRLEN           sizeof(struct pfsync_header)
  207 
  208 struct pfsyncstats {
  209         u_int64_t       pfsyncs_ipackets;       /* total input packets, IPv4 */
  210         u_int64_t       pfsyncs_ipackets6;      /* total input packets, IPv6 */
  211         u_int64_t       pfsyncs_badif;          /* not the right interface */
  212         u_int64_t       pfsyncs_badttl;         /* TTL is not PFSYNC_DFLTTL */
  213         u_int64_t       pfsyncs_hdrops;         /* packets shorter than hdr */
  214         u_int64_t       pfsyncs_badver;         /* bad (incl unsupp) version */
  215         u_int64_t       pfsyncs_badact;         /* bad action */
  216         u_int64_t       pfsyncs_badlen;         /* data length does not match */
  217         u_int64_t       pfsyncs_badauth;        /* bad authentication */
  218         u_int64_t       pfsyncs_stale;          /* stale state */
  219         u_int64_t       pfsyncs_badval;         /* bad values */
  220         u_int64_t       pfsyncs_badstate;       /* insert/lookup failed */
  221 
  222         u_int64_t       pfsyncs_opackets;       /* total output packets, IPv4 */
  223         u_int64_t       pfsyncs_opackets6;      /* total output packets, IPv6 */
  224         u_int64_t       pfsyncs_onomem;         /* no memory for an mbuf */
  225         u_int64_t       pfsyncs_oerrors;        /* ip output error */
  226 
  227         u_int64_t       pfsyncs_iacts[PFSYNC_ACT_MAX];
  228         u_int64_t       pfsyncs_oacts[PFSYNC_ACT_MAX];
  229 };
  230 
  231 /*
  232  * Configuration structure for SIOCSETPFSYNC SIOCGETPFSYNC
  233  */
  234 struct pfsyncreq {
  235         char             pfsyncr_syncdev[IFNAMSIZ];
  236         struct in_addr   pfsyncr_syncpeer;
  237         int              pfsyncr_maxupdates;
  238         int              pfsyncr_defer;
  239 };
  240 
  241 #define SIOCSETPFSYNC   _IOW('i', 247, struct ifreq)
  242 #define SIOCGETPFSYNC   _IOWR('i', 248, struct ifreq)
  243 
  244 #ifdef _KERNEL
  245 
  246 /*
  247  * this shows where a pf state is with respect to the syncing.
  248  */
  249 #define PFSYNC_S_INS    0x00
  250 #define PFSYNC_S_IACK   0x01
  251 #define PFSYNC_S_UPD    0x02
  252 #define PFSYNC_S_UPD_C  0x03
  253 #define PFSYNC_S_DEL    0x04
  254 #define PFSYNC_S_COUNT  0x05
  255 
  256 #define PFSYNC_S_DEFER  0xfe
  257 #define PFSYNC_S_NONE   0xff
  258 
  259 #define PFSYNC_SI_IOCTL         0x01
  260 #define PFSYNC_SI_CKSUM         0x02
  261 #define PFSYNC_SI_ACK           0x04
  262 
  263 #endif /* _KERNEL */
  264 
  265 #endif /* _NET_IF_PFSYNC_H_ */

Cache object: 6fea6a936b5ff573d0db5cc7ff69ad3c


[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]


This page is part of the FreeBSD/Linux Linux Kernel Cross-Reference, and was automatically generated using a modified version of the LXR engine.