FreeBSD/Linux Kernel Cross Reference
sys/net/if_pfsync.h
1 /*-
2 * SPDX-License-Identifier: BSD-2-Clause-FreeBSD
3 *
4 * Copyright (c) 2001 Michael Shalayeff
5 * All rights reserved.
6 *
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
9 * are met:
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
15 *
16 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
17 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
18 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
19 * IN NO EVENT SHALL THE AUTHOR OR HIS RELATIVES BE LIABLE FOR ANY DIRECT,
20 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
21 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
22 * SERVICES; LOSS OF MIND, USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
23 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
24 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
25 * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
26 * THE POSSIBILITY OF SUCH DAMAGE.
27 */
28
29 /*-
30 * Copyright (c) 2008 David Gwynne <dlg@openbsd.org>
31 *
32 * Permission to use, copy, modify, and distribute this software for any
33 * purpose with or without fee is hereby granted, provided that the above
34 * copyright notice and this permission notice appear in all copies.
35 *
36 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
37 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
38 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
39 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
40 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
41 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
42 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
43 */
44
45 /*
46 * $OpenBSD: if_pfsync.h,v 1.35 2008/06/29 08:42:15 mcbride Exp $
47 * $FreeBSD$
48 */
49
50
51 #ifndef _NET_IF_PFSYNC_H_
52 #define _NET_IF_PFSYNC_H_
53
54 #define PFSYNC_VERSION 5
55 #define PFSYNC_DFLTTL 255
56
57 #define PFSYNC_ACT_CLR 0 /* clear all states */
58 #define PFSYNC_ACT_INS 1 /* insert state */
59 #define PFSYNC_ACT_INS_ACK 2 /* ack of insterted state */
60 #define PFSYNC_ACT_UPD 3 /* update state */
61 #define PFSYNC_ACT_UPD_C 4 /* "compressed" update state */
62 #define PFSYNC_ACT_UPD_REQ 5 /* request "uncompressed" state */
63 #define PFSYNC_ACT_DEL 6 /* delete state */
64 #define PFSYNC_ACT_DEL_C 7 /* "compressed" delete state */
65 #define PFSYNC_ACT_INS_F 8 /* insert fragment */
66 #define PFSYNC_ACT_DEL_F 9 /* delete fragments */
67 #define PFSYNC_ACT_BUS 10 /* bulk update status */
68 #define PFSYNC_ACT_TDB 11 /* TDB replay counter update */
69 #define PFSYNC_ACT_EOF 12 /* end of frame */
70 #define PFSYNC_ACT_MAX 13
71
72 /*
73 * A pfsync frame is built from a header followed by several sections which
74 * are all prefixed with their own subheaders. Frames must be terminated with
75 * an EOF subheader.
76 *
77 * | ... |
78 * | IP header |
79 * +============================+
80 * | pfsync_header |
81 * +----------------------------+
82 * | pfsync_subheader |
83 * +----------------------------+
84 * | first action fields |
85 * | ... |
86 * +----------------------------+
87 * | pfsync_subheader |
88 * +----------------------------+
89 * | second action fields |
90 * | ... |
91 * +----------------------------+
92 * | EOF pfsync_subheader |
93 * +----------------------------+
94 * | HMAC |
95 * +============================+
96 */
97
98 /*
99 * Frame header
100 */
101
102 struct pfsync_header {
103 u_int8_t version;
104 u_int8_t _pad;
105 u_int16_t len;
106 u_int8_t pfcksum[PF_MD5_DIGEST_LENGTH];
107 } __packed;
108
109 /*
110 * Frame region subheader
111 */
112
113 struct pfsync_subheader {
114 u_int8_t action;
115 u_int8_t _pad;
116 u_int16_t count;
117 } __packed;
118
119 /*
120 * CLR
121 */
122
123 struct pfsync_clr {
124 char ifname[IFNAMSIZ];
125 u_int32_t creatorid;
126 } __packed;
127
128 /*
129 * INS, UPD, DEL
130 */
131
132 /* these use struct pfsync_state in pfvar.h */
133
134 /*
135 * INS_ACK
136 */
137
138 struct pfsync_ins_ack {
139 u_int64_t id;
140 u_int32_t creatorid;
141 } __packed;
142
143 /*
144 * UPD_C
145 */
146
147 struct pfsync_upd_c {
148 u_int64_t id;
149 struct pfsync_state_peer src;
150 struct pfsync_state_peer dst;
151 u_int32_t creatorid;
152 u_int32_t expire;
153 u_int8_t timeout;
154 u_int8_t _pad[3];
155 } __packed;
156
157 /*
158 * UPD_REQ
159 */
160
161 struct pfsync_upd_req {
162 u_int64_t id;
163 u_int32_t creatorid;
164 } __packed;
165
166 /*
167 * DEL_C
168 */
169
170 struct pfsync_del_c {
171 u_int64_t id;
172 u_int32_t creatorid;
173 } __packed;
174
175 /*
176 * INS_F, DEL_F
177 */
178
179 /* not implemented (yet) */
180
181 /*
182 * BUS
183 */
184
185 struct pfsync_bus {
186 u_int32_t creatorid;
187 u_int32_t endtime;
188 u_int8_t status;
189 #define PFSYNC_BUS_START 1
190 #define PFSYNC_BUS_END 2
191 u_int8_t _pad[3];
192 } __packed;
193
194 /*
195 * TDB
196 */
197
198 struct pfsync_tdb {
199 u_int32_t spi;
200 union sockaddr_union dst;
201 u_int32_t rpl;
202 u_int64_t cur_bytes;
203 u_int8_t sproto;
204 u_int8_t updates;
205 u_int8_t _pad[2];
206 } __packed;
207
208 #define PFSYNC_HDRLEN sizeof(struct pfsync_header)
209
210 struct pfsyncstats {
211 u_int64_t pfsyncs_ipackets; /* total input packets, IPv4 */
212 u_int64_t pfsyncs_ipackets6; /* total input packets, IPv6 */
213 u_int64_t pfsyncs_badif; /* not the right interface */
214 u_int64_t pfsyncs_badttl; /* TTL is not PFSYNC_DFLTTL */
215 u_int64_t pfsyncs_hdrops; /* packets shorter than hdr */
216 u_int64_t pfsyncs_badver; /* bad (incl unsupp) version */
217 u_int64_t pfsyncs_badact; /* bad action */
218 u_int64_t pfsyncs_badlen; /* data length does not match */
219 u_int64_t pfsyncs_badauth; /* bad authentication */
220 u_int64_t pfsyncs_stale; /* stale state */
221 u_int64_t pfsyncs_badval; /* bad values */
222 u_int64_t pfsyncs_badstate; /* insert/lookup failed */
223
224 u_int64_t pfsyncs_opackets; /* total output packets, IPv4 */
225 u_int64_t pfsyncs_opackets6; /* total output packets, IPv6 */
226 u_int64_t pfsyncs_onomem; /* no memory for an mbuf */
227 u_int64_t pfsyncs_oerrors; /* ip output error */
228
229 u_int64_t pfsyncs_iacts[PFSYNC_ACT_MAX];
230 u_int64_t pfsyncs_oacts[PFSYNC_ACT_MAX];
231 };
232
233 /*
234 * Configuration structure for SIOCSETPFSYNC SIOCGETPFSYNC
235 */
236 struct pfsyncreq {
237 char pfsyncr_syncdev[IFNAMSIZ];
238 struct in_addr pfsyncr_syncpeer;
239 int pfsyncr_maxupdates;
240 #define PFSYNCF_OK 0x00000001
241 #define PFSYNCF_DEFER 0x00000002
242 int pfsyncr_defer;
243 };
244
245 #define SIOCSETPFSYNC _IOW('i', 247, struct ifreq)
246 #define SIOCGETPFSYNC _IOWR('i', 248, struct ifreq)
247
248 #ifdef _KERNEL
249
250 /*
251 * this shows where a pf state is with respect to the syncing.
252 */
253 #define PFSYNC_S_INS 0x00
254 #define PFSYNC_S_IACK 0x01
255 #define PFSYNC_S_UPD 0x02
256 #define PFSYNC_S_UPD_C 0x03
257 #define PFSYNC_S_DEL 0x04
258 #define PFSYNC_S_COUNT 0x05
259
260 #define PFSYNC_S_DEFER 0xfe
261 #define PFSYNC_S_NONE 0xff
262
263 #define PFSYNC_SI_IOCTL 0x01
264 #define PFSYNC_SI_CKSUM 0x02
265 #define PFSYNC_SI_ACK 0x04
266
267 #endif /* _KERNEL */
268
269 #endif /* _NET_IF_PFSYNC_H_ */
Cache object: 48debeb44f87dc3822e3020b48cba792
|