FreeBSD/Linux Kernel Cross Reference
sys/net/if_pfsync.h
1 /* $OpenBSD: if_pfsync.h,v 1.59 2022/11/11 11:47:13 dlg Exp $ */
2
3 /*
4 * Copyright (c) 2001 Michael Shalayeff
5 * All rights reserved.
6 *
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
9 * are met:
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
15 *
16 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
17 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
18 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
19 * IN NO EVENT SHALL THE AUTHOR OR HIS RELATIVES BE LIABLE FOR ANY DIRECT,
20 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
21 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
22 * SERVICES; LOSS OF MIND, USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
23 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
24 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
25 * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
26 * THE POSSIBILITY OF SUCH DAMAGE.
27 */
28
29 /*
30 * Copyright (c) 2008 David Gwynne <dlg@openbsd.org>
31 *
32 * Permission to use, copy, modify, and distribute this software for any
33 * purpose with or without fee is hereby granted, provided that the above
34 * copyright notice and this permission notice appear in all copies.
35 *
36 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
37 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
38 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
39 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
40 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
41 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
42 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
43 */
44
45 #ifndef _NET_IF_PFSYNC_H_
46 #define _NET_IF_PFSYNC_H_
47
48 #define PFSYNC_VERSION 6
49 #define PFSYNC_DFLTTL 255
50
51 #define PFSYNC_ACT_CLR 0 /* clear all states */
52 #define PFSYNC_ACT_OINS 1 /* old insert state */
53 #define PFSYNC_ACT_INS_ACK 2 /* ack of inserted state */
54 #define PFSYNC_ACT_OUPD 3 /* old update state */
55 #define PFSYNC_ACT_UPD_C 4 /* "compressed" update state */
56 #define PFSYNC_ACT_UPD_REQ 5 /* request "uncompressed" state */
57 #define PFSYNC_ACT_DEL 6 /* delete state */
58 #define PFSYNC_ACT_DEL_C 7 /* "compressed" delete state */
59 #define PFSYNC_ACT_INS_F 8 /* insert fragment */
60 #define PFSYNC_ACT_DEL_F 9 /* delete fragments */
61 #define PFSYNC_ACT_BUS 10 /* bulk update status */
62 #define PFSYNC_ACT_OTDB 11 /* old TDB replay counter update */
63 #define PFSYNC_ACT_EOF 12 /* end of frame - DEPRECATED */
64 #define PFSYNC_ACT_INS 13 /* insert state */
65 #define PFSYNC_ACT_UPD 14 /* update state */
66 #define PFSYNC_ACT_TDB 15 /* TDB replay counter update */
67 #define PFSYNC_ACT_MAX 16
68
69 #define PFSYNC_ACTIONS "CLR ST", \
70 "INS ST OLD", \
71 "INS ST ACK", \
72 "UPD ST OLD", \
73 "UPD ST COMP", \
74 "UPD ST REQ", \
75 "DEL ST", \
76 "DEL ST COMP", \
77 "INS FR", \
78 "DEL FR", \
79 "BULK UPD STAT", \
80 "UPD TDB OLD", \
81 "EOF", \
82 "INS ST", \
83 "UPD ST", \
84 "UPD TDB"
85
86 /*
87 * A pfsync frame is built from a header followed by several sections which
88 * are all prefixed with their own subheaders.
89 *
90 * | ... |
91 * | IP header |
92 * +============================+
93 * | pfsync_header |
94 * +----------------------------+
95 * | pfsync_subheader |
96 * +----------------------------+
97 * | first action fields |
98 * | ... |
99 * +----------------------------+
100 * | pfsync_subheader |
101 * +----------------------------+
102 * | second action fields |
103 * | ... |
104 * +============================+
105 */
106
107 /*
108 * Frame header
109 */
110
111 struct pfsync_header {
112 u_int8_t version;
113 u_int8_t _pad;
114 u_int16_t len; /* in bytes */
115 u_int8_t pfcksum[PF_MD5_DIGEST_LENGTH];
116 } __packed;
117
118 /*
119 * Frame region subheader
120 */
121
122 struct pfsync_subheader {
123 u_int8_t action;
124 u_int8_t len; /* in dwords */
125 u_int16_t count;
126 } __packed;
127
128 /*
129 * CLR
130 */
131
132 struct pfsync_clr {
133 char ifname[IFNAMSIZ];
134 u_int32_t creatorid;
135 } __packed;
136
137 /*
138 * OINS, OUPD
139 */
140
141 /* these messages are deprecated */
142
143 /*
144 * INS, UPD, DEL
145 */
146
147 /* these use struct pfsync_state in pfvar.h */
148
149 /*
150 * INS_ACK
151 */
152
153 struct pfsync_ins_ack {
154 u_int64_t id;
155 u_int32_t creatorid;
156 } __packed;
157
158 /*
159 * UPD_C
160 */
161
162 struct pfsync_upd_c {
163 u_int64_t id;
164 struct pfsync_state_peer src;
165 struct pfsync_state_peer dst;
166 u_int32_t creatorid;
167 u_int32_t expire;
168 u_int8_t timeout;
169 u_int8_t state_flags;
170 u_int8_t _pad[2];
171 } __packed;
172
173 /*
174 * UPD_REQ
175 */
176
177 struct pfsync_upd_req {
178 u_int64_t id;
179 u_int32_t creatorid;
180 } __packed;
181
182 /*
183 * DEL_C
184 */
185
186 struct pfsync_del_c {
187 u_int64_t id;
188 u_int32_t creatorid;
189 } __packed;
190
191 /*
192 * INS_F, DEL_F
193 */
194
195 /* not implemented (yet) */
196
197 /*
198 * BUS
199 */
200
201 struct pfsync_bus {
202 u_int32_t creatorid;
203 u_int32_t endtime;
204 u_int8_t status;
205 #define PFSYNC_BUS_START 1
206 #define PFSYNC_BUS_END 2
207 u_int8_t _pad[3];
208 } __packed;
209
210 /*
211 * TDB
212 */
213 struct pfsync_tdb {
214 u_int32_t spi;
215 union sockaddr_union dst;
216 u_int64_t rpl;
217 u_int64_t cur_bytes;
218 u_int8_t sproto;
219 u_int8_t updates;
220 u_int16_t rdomain;
221 } __packed;
222
223 /*
224 * EOF
225 */
226
227 /* this message is deprecated */
228
229
230 #define PFSYNC_HDRLEN sizeof(struct pfsync_header)
231
232
233 /*
234 * Names for PFSYNC sysctl objects
235 */
236 #define PFSYNCCTL_STATS 1 /* PFSYNC stats */
237 #define PFSYNCCTL_MAXID 2
238
239 #define PFSYNCCTL_NAMES { \
240 { 0, 0 }, \
241 { "stats", CTLTYPE_STRUCT }, \
242 }
243
244 struct pfsyncstats {
245 u_int64_t pfsyncs_ipackets; /* total input packets, IPv4 */
246 u_int64_t pfsyncs_ipackets6; /* total input packets, IPv6 */
247 u_int64_t pfsyncs_badif; /* not the right interface */
248 u_int64_t pfsyncs_badttl; /* TTL is not PFSYNC_DFLTTL */
249 u_int64_t pfsyncs_hdrops; /* packets shorter than hdr */
250 u_int64_t pfsyncs_badver; /* bad (incl unsupp) version */
251 u_int64_t pfsyncs_badact; /* bad action */
252 u_int64_t pfsyncs_badlen; /* data length does not match */
253 u_int64_t pfsyncs_badauth; /* bad authentication */
254 u_int64_t pfsyncs_stale; /* stale state */
255 u_int64_t pfsyncs_badval; /* bad values */
256 u_int64_t pfsyncs_badstate; /* insert/lookup failed */
257
258 u_int64_t pfsyncs_opackets; /* total output packets, IPv4 */
259 u_int64_t pfsyncs_opackets6; /* total output packets, IPv6 */
260 u_int64_t pfsyncs_onomem; /* no memory for an mbuf */
261 u_int64_t pfsyncs_oerrors; /* ip output error */
262 };
263
264 /*
265 * Configuration structure for SIOCSETPFSYNC SIOCGETPFSYNC
266 */
267 struct pfsyncreq {
268 char pfsyncr_syncdev[IFNAMSIZ];
269 struct in_addr pfsyncr_syncpeer;
270 int pfsyncr_maxupdates;
271 int pfsyncr_defer;
272 };
273
274 #ifdef _KERNEL
275
276 #include <sys/percpu.h>
277
278 enum pfsync_counters {
279 pfsyncs_ipackets,
280 pfsyncs_ipackets6,
281 pfsyncs_badif,
282 pfsyncs_badttl,
283 pfsyncs_hdrops,
284 pfsyncs_badver,
285 pfsyncs_badact,
286 pfsyncs_badlen,
287 pfsyncs_badauth,
288 pfsyncs_stale,
289 pfsyncs_badval,
290 pfsyncs_badstate,
291 pfsyncs_opackets,
292 pfsyncs_opackets6,
293 pfsyncs_onomem,
294 pfsyncs_oerrors,
295 pfsyncs_ncounters,
296 };
297
298 extern struct cpumem *pfsynccounters;
299
300 struct pfsync_deferral;
301
302 static inline void
303 pfsyncstat_inc(enum pfsync_counters c)
304 {
305 counters_inc(pfsynccounters, c);
306 }
307
308 /*
309 * this shows where a pf state is with respect to the syncing.
310 */
311 #define PFSYNC_S_IACK 0x00
312 #define PFSYNC_S_UPD_C 0x01
313 #define PFSYNC_S_DEL 0x02
314 #define PFSYNC_S_INS 0x03
315 #define PFSYNC_S_UPD 0x04
316 #define PFSYNC_S_COUNT 0x05
317
318 #define PFSYNC_S_DEFER 0xfe
319 #define PFSYNC_S_NONE 0xff
320
321 int pfsync_input(struct mbuf **, int *, int, int);
322 int pfsync_sysctl(int *, u_int, void *, size_t *,
323 void *, size_t);
324
325 #define PFSYNC_SI_IOCTL 0x01
326 #define PFSYNC_SI_CKSUM 0x02
327 #define PFSYNC_SI_ACK 0x04
328 int pfsync_state_import(struct pfsync_state *, int);
329 void pfsync_state_export(struct pfsync_state *,
330 struct pf_state *);
331
332 void pfsync_insert_state(struct pf_state *);
333 void pfsync_update_state(struct pf_state *);
334 void pfsync_delete_state(struct pf_state *);
335 void pfsync_clear_states(u_int32_t, const char *);
336
337 void pfsync_update_tdb(struct tdb *, int);
338 void pfsync_delete_tdb(struct tdb *);
339
340 int pfsync_defer(struct pf_state *, struct mbuf *,
341 struct pfsync_deferral **);
342 void pfsync_undefer(struct pfsync_deferral *, int);
343
344 int pfsync_is_up(void);
345 int pfsync_state_in_use(struct pf_state *);
346
347 void pfsync_iack(struct pf_state *);
348 #endif /* _KERNEL */
349
350 #endif /* _NET_IF_PFSYNC_H_ */
Cache object: a76dd6d1ff610eff439574ea84090439
|