Now available: The Design and Implementation of the FreeBSD Operating System (Second Edition)
[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]
FreeBSD/Linux Kernel Cross Reference
sys/net/if_pfsync.h
Version:
- FREEBSD - FREEBSD-13-STABLE - FREEBSD-13-0 - FREEBSD-12-STABLE - FREEBSD-12-0 - FREEBSD-11-STABLE - FREEBSD-11-0 - FREEBSD-10-STABLE - FREEBSD-10-0 - FREEBSD-9-STABLE - FREEBSD-9-0 - FREEBSD-8-STABLE - FREEBSD-8-0 - FREEBSD-7-STABLE - FREEBSD-7-0 - FREEBSD-6-STABLE - FREEBSD-6-0 - FREEBSD-5-STABLE - FREEBSD-5-0 - FREEBSD-4-STABLE - FREEBSD-3-STABLE - FREEBSD22 - l41 - OPENBSD - linux-2.6 - MK84 - PLAN9 - xnu-8792
SearchContext: - none - 3 - 10
SearchContext: - none - 3 - 10
1 /* $OpenBSD: if_pfsync.h,v 1.59 2022/11/11 11:47:13 dlg Exp $ */ 2 3 /* 4 * Copyright (c) 2001 Michael Shalayeff 5 * All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 2. Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in the 14 * documentation and/or other materials provided with the distribution. 15 * 16 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 17 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 18 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 19 * IN NO EVENT SHALL THE AUTHOR OR HIS RELATIVES BE LIABLE FOR ANY DIRECT, 20 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 21 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 22 * SERVICES; LOSS OF MIND, USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 23 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 24 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING 25 * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF 26 * THE POSSIBILITY OF SUCH DAMAGE. 27 */ 28 29 /* 30 * Copyright (c) 2008 David Gwynne <dlg@openbsd.org> 31 * 32 * Permission to use, copy, modify, and distribute this software for any 33 * purpose with or without fee is hereby granted, provided that the above 34 * copyright notice and this permission notice appear in all copies. 35 * 36 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 37 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 38 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 39 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 40 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 41 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 42 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 43 */ 44 45 #ifndef _NET_IF_PFSYNC_H_ 46 #define _NET_IF_PFSYNC_H_ 47 48 #define PFSYNC_VERSION 6 49 #define PFSYNC_DFLTTL 255 50 51 #define PFSYNC_ACT_CLR 0 /* clear all states */ 52 #define PFSYNC_ACT_OINS 1 /* old insert state */ 53 #define PFSYNC_ACT_INS_ACK 2 /* ack of inserted state */ 54 #define PFSYNC_ACT_OUPD 3 /* old update state */ 55 #define PFSYNC_ACT_UPD_C 4 /* "compressed" update state */ 56 #define PFSYNC_ACT_UPD_REQ 5 /* request "uncompressed" state */ 57 #define PFSYNC_ACT_DEL 6 /* delete state */ 58 #define PFSYNC_ACT_DEL_C 7 /* "compressed" delete state */ 59 #define PFSYNC_ACT_INS_F 8 /* insert fragment */ 60 #define PFSYNC_ACT_DEL_F 9 /* delete fragments */ 61 #define PFSYNC_ACT_BUS 10 /* bulk update status */ 62 #define PFSYNC_ACT_OTDB 11 /* old TDB replay counter update */ 63 #define PFSYNC_ACT_EOF 12 /* end of frame - DEPRECATED */ 64 #define PFSYNC_ACT_INS 13 /* insert state */ 65 #define PFSYNC_ACT_UPD 14 /* update state */ 66 #define PFSYNC_ACT_TDB 15 /* TDB replay counter update */ 67 #define PFSYNC_ACT_MAX 16 68 69 #define PFSYNC_ACTIONS "CLR ST", \ 70 "INS ST OLD", \ 71 "INS ST ACK", \ 72 "UPD ST OLD", \ 73 "UPD ST COMP", \ 74 "UPD ST REQ", \ 75 "DEL ST", \ 76 "DEL ST COMP", \ 77 "INS FR", \ 78 "DEL FR", \ 79 "BULK UPD STAT", \ 80 "UPD TDB OLD", \ 81 "EOF", \ 82 "INS ST", \ 83 "UPD ST", \ 84 "UPD TDB" 85 86 /* 87 * A pfsync frame is built from a header followed by several sections which 88 * are all prefixed with their own subheaders. 89 * 90 * | ... | 91 * | IP header | 92 * +============================+ 93 * | pfsync_header | 94 * +----------------------------+ 95 * | pfsync_subheader | 96 * +----------------------------+ 97 * | first action fields | 98 * | ... | 99 * +----------------------------+ 100 * | pfsync_subheader | 101 * +----------------------------+ 102 * | second action fields | 103 * | ... | 104 * +============================+ 105 */ 106 107 /* 108 * Frame header 109 */ 110 111 struct pfsync_header { 112 u_int8_t version; 113 u_int8_t _pad; 114 u_int16_t len; /* in bytes */ 115 u_int8_t pfcksum[PF_MD5_DIGEST_LENGTH]; 116 } __packed; 117 118 /* 119 * Frame region subheader 120 */ 121 122 struct pfsync_subheader { 123 u_int8_t action; 124 u_int8_t len; /* in dwords */ 125 u_int16_t count; 126 } __packed; 127 128 /* 129 * CLR 130 */ 131 132 struct pfsync_clr { 133 char ifname[IFNAMSIZ]; 134 u_int32_t creatorid; 135 } __packed; 136 137 /* 138 * OINS, OUPD 139 */ 140 141 /* these messages are deprecated */ 142 143 /* 144 * INS, UPD, DEL 145 */ 146 147 /* these use struct pfsync_state in pfvar.h */ 148 149 /* 150 * INS_ACK 151 */ 152 153 struct pfsync_ins_ack { 154 u_int64_t id; 155 u_int32_t creatorid; 156 } __packed; 157 158 /* 159 * UPD_C 160 */ 161 162 struct pfsync_upd_c { 163 u_int64_t id; 164 struct pfsync_state_peer src; 165 struct pfsync_state_peer dst; 166 u_int32_t creatorid; 167 u_int32_t expire; 168 u_int8_t timeout; 169 u_int8_t state_flags; 170 u_int8_t _pad[2]; 171 } __packed; 172 173 /* 174 * UPD_REQ 175 */ 176 177 struct pfsync_upd_req { 178 u_int64_t id; 179 u_int32_t creatorid; 180 } __packed; 181 182 /* 183 * DEL_C 184 */ 185 186 struct pfsync_del_c { 187 u_int64_t id; 188 u_int32_t creatorid; 189 } __packed; 190 191 /* 192 * INS_F, DEL_F 193 */ 194 195 /* not implemented (yet) */ 196 197 /* 198 * BUS 199 */ 200 201 struct pfsync_bus { 202 u_int32_t creatorid; 203 u_int32_t endtime; 204 u_int8_t status; 205 #define PFSYNC_BUS_START 1 206 #define PFSYNC_BUS_END 2 207 u_int8_t _pad[3]; 208 } __packed; 209 210 /* 211 * TDB 212 */ 213 struct pfsync_tdb { 214 u_int32_t spi; 215 union sockaddr_union dst; 216 u_int64_t rpl; 217 u_int64_t cur_bytes; 218 u_int8_t sproto; 219 u_int8_t updates; 220 u_int16_t rdomain; 221 } __packed; 222 223 /* 224 * EOF 225 */ 226 227 /* this message is deprecated */ 228 229 230 #define PFSYNC_HDRLEN sizeof(struct pfsync_header) 231 232 233 /* 234 * Names for PFSYNC sysctl objects 235 */ 236 #define PFSYNCCTL_STATS 1 /* PFSYNC stats */ 237 #define PFSYNCCTL_MAXID 2 238 239 #define PFSYNCCTL_NAMES { \ 240 { 0, 0 }, \ 241 { "stats", CTLTYPE_STRUCT }, \ 242 } 243 244 struct pfsyncstats { 245 u_int64_t pfsyncs_ipackets; /* total input packets, IPv4 */ 246 u_int64_t pfsyncs_ipackets6; /* total input packets, IPv6 */ 247 u_int64_t pfsyncs_badif; /* not the right interface */ 248 u_int64_t pfsyncs_badttl; /* TTL is not PFSYNC_DFLTTL */ 249 u_int64_t pfsyncs_hdrops; /* packets shorter than hdr */ 250 u_int64_t pfsyncs_badver; /* bad (incl unsupp) version */ 251 u_int64_t pfsyncs_badact; /* bad action */ 252 u_int64_t pfsyncs_badlen; /* data length does not match */ 253 u_int64_t pfsyncs_badauth; /* bad authentication */ 254 u_int64_t pfsyncs_stale; /* stale state */ 255 u_int64_t pfsyncs_badval; /* bad values */ 256 u_int64_t pfsyncs_badstate; /* insert/lookup failed */ 257 258 u_int64_t pfsyncs_opackets; /* total output packets, IPv4 */ 259 u_int64_t pfsyncs_opackets6; /* total output packets, IPv6 */ 260 u_int64_t pfsyncs_onomem; /* no memory for an mbuf */ 261 u_int64_t pfsyncs_oerrors; /* ip output error */ 262 }; 263 264 /* 265 * Configuration structure for SIOCSETPFSYNC SIOCGETPFSYNC 266 */ 267 struct pfsyncreq { 268 char pfsyncr_syncdev[IFNAMSIZ]; 269 struct in_addr pfsyncr_syncpeer; 270 int pfsyncr_maxupdates; 271 int pfsyncr_defer; 272 }; 273 274 #ifdef _KERNEL 275 276 #include <sys/percpu.h> 277 278 enum pfsync_counters { 279 pfsyncs_ipackets, 280 pfsyncs_ipackets6, 281 pfsyncs_badif, 282 pfsyncs_badttl, 283 pfsyncs_hdrops, 284 pfsyncs_badver, 285 pfsyncs_badact, 286 pfsyncs_badlen, 287 pfsyncs_badauth, 288 pfsyncs_stale, 289 pfsyncs_badval, 290 pfsyncs_badstate, 291 pfsyncs_opackets, 292 pfsyncs_opackets6, 293 pfsyncs_onomem, 294 pfsyncs_oerrors, 295 pfsyncs_ncounters, 296 }; 297 298 extern struct cpumem *pfsynccounters; 299 300 struct pfsync_deferral; 301 302 static inline void 303 pfsyncstat_inc(enum pfsync_counters c) 304 { 305 counters_inc(pfsynccounters, c); 306 } 307 308 /* 309 * this shows where a pf state is with respect to the syncing. 310 */ 311 #define PFSYNC_S_IACK 0x00 312 #define PFSYNC_S_UPD_C 0x01 313 #define PFSYNC_S_DEL 0x02 314 #define PFSYNC_S_INS 0x03 315 #define PFSYNC_S_UPD 0x04 316 #define PFSYNC_S_COUNT 0x05 317 318 #define PFSYNC_S_DEFER 0xfe 319 #define PFSYNC_S_NONE 0xff 320 321 int pfsync_input(struct mbuf **, int *, int, int); 322 int pfsync_sysctl(int *, u_int, void *, size_t *, 323 void *, size_t); 324 325 #define PFSYNC_SI_IOCTL 0x01 326 #define PFSYNC_SI_CKSUM 0x02 327 #define PFSYNC_SI_ACK 0x04 328 int pfsync_state_import(struct pfsync_state *, int); 329 void pfsync_state_export(struct pfsync_state *, 330 struct pf_state *); 331 332 void pfsync_insert_state(struct pf_state *); 333 void pfsync_update_state(struct pf_state *); 334 void pfsync_delete_state(struct pf_state *); 335 void pfsync_clear_states(u_int32_t, const char *); 336 337 void pfsync_update_tdb(struct tdb *, int); 338 void pfsync_delete_tdb(struct tdb *); 339 340 int pfsync_defer(struct pf_state *, struct mbuf *, 341 struct pfsync_deferral **); 342 void pfsync_undefer(struct pfsync_deferral *, int); 343 344 int pfsync_is_up(void); 345 int pfsync_state_in_use(struct pf_state *); 346 347 void pfsync_iack(struct pf_state *); 348 #endif /* _KERNEL */ 349 350 #endif /* _NET_IF_PFSYNC_H_ */
Cache object: a76dd6d1ff610eff439574ea84090439
[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]