xref: /f-stack/tools/compat/include/net/if_pfsync.h (revision d4a07e70) 
1df6ad731Slogwang /*-
2*d4a07e70Sfengbojiang  * SPDX-License-Identifier: BSD-2-Clause-FreeBSD
3*d4a07e70Sfengbojiang  *
4df6ad731Slogwang  * Copyright (c) 2001 Michael Shalayeff
5df6ad731Slogwang  * All rights reserved.
6df6ad731Slogwang  *
7df6ad731Slogwang  * Redistribution and use in source and binary forms, with or without
8df6ad731Slogwang  * modification, are permitted provided that the following conditions
9df6ad731Slogwang  * are met:
10df6ad731Slogwang  * 1. Redistributions of source code must retain the above copyright
11df6ad731Slogwang  *    notice, this list of conditions and the following disclaimer.
12df6ad731Slogwang  * 2. Redistributions in binary form must reproduce the above copyright
13df6ad731Slogwang  *    notice, this list of conditions and the following disclaimer in the
14df6ad731Slogwang  *    documentation and/or other materials provided with the distribution.
15df6ad731Slogwang  *
16df6ad731Slogwang  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
17df6ad731Slogwang  * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
18df6ad731Slogwang  * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
19df6ad731Slogwang  * IN NO EVENT SHALL THE AUTHOR OR HIS RELATIVES BE LIABLE FOR ANY DIRECT,
20df6ad731Slogwang  * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
21df6ad731Slogwang  * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
22df6ad731Slogwang  * SERVICES; LOSS OF MIND, USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
23df6ad731Slogwang  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
24df6ad731Slogwang  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
25df6ad731Slogwang  * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
26df6ad731Slogwang  * THE POSSIBILITY OF SUCH DAMAGE.
27df6ad731Slogwang  */
28df6ad731Slogwang 
29df6ad731Slogwang /*-
30df6ad731Slogwang  * Copyright (c) 2008 David Gwynne <[email protected]>
31df6ad731Slogwang  *
32df6ad731Slogwang  * Permission to use, copy, modify, and distribute this software for any
33df6ad731Slogwang  * purpose with or without fee is hereby granted, provided that the above
34df6ad731Slogwang  * copyright notice and this permission notice appear in all copies.
35df6ad731Slogwang  *
36df6ad731Slogwang  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
37df6ad731Slogwang  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
38df6ad731Slogwang  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
39df6ad731Slogwang  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
40df6ad731Slogwang  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
41df6ad731Slogwang  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
42df6ad731Slogwang  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
43df6ad731Slogwang  */
44df6ad731Slogwang 
45df6ad731Slogwang /*
46df6ad731Slogwang  *	$OpenBSD: if_pfsync.h,v 1.35 2008/06/29 08:42:15 mcbride Exp $
47df6ad731Slogwang  *	$FreeBSD$
48df6ad731Slogwang  */
49df6ad731Slogwang 
50df6ad731Slogwang #ifndef _NET_IF_PFSYNC_H_
51df6ad731Slogwang #define	_NET_IF_PFSYNC_H_
52df6ad731Slogwang 
53df6ad731Slogwang #define	PFSYNC_VERSION		5
54df6ad731Slogwang #define	PFSYNC_DFLTTL		255
55df6ad731Slogwang 
56df6ad731Slogwang #define	PFSYNC_ACT_CLR		0	/* clear all states */
57df6ad731Slogwang #define	PFSYNC_ACT_INS		1	/* insert state */
58df6ad731Slogwang #define	PFSYNC_ACT_INS_ACK	2	/* ack of insterted state */
59df6ad731Slogwang #define	PFSYNC_ACT_UPD		3	/* update state */
60df6ad731Slogwang #define	PFSYNC_ACT_UPD_C	4	/* "compressed" update state */
61df6ad731Slogwang #define	PFSYNC_ACT_UPD_REQ	5	/* request "uncompressed" state */
62df6ad731Slogwang #define	PFSYNC_ACT_DEL		6	/* delete state */
63df6ad731Slogwang #define	PFSYNC_ACT_DEL_C	7	/* "compressed" delete state */
64df6ad731Slogwang #define	PFSYNC_ACT_INS_F	8	/* insert fragment */
65df6ad731Slogwang #define	PFSYNC_ACT_DEL_F	9	/* delete fragments */
66df6ad731Slogwang #define	PFSYNC_ACT_BUS		10	/* bulk update status */
67df6ad731Slogwang #define	PFSYNC_ACT_TDB		11	/* TDB replay counter update */
68df6ad731Slogwang #define	PFSYNC_ACT_EOF		12	/* end of frame */
69df6ad731Slogwang #define	PFSYNC_ACT_MAX		13
70df6ad731Slogwang 
71df6ad731Slogwang /*
72df6ad731Slogwang  * A pfsync frame is built from a header followed by several sections which
73df6ad731Slogwang  * are all prefixed with their own subheaders. Frames must be terminated with
74df6ad731Slogwang  * an EOF subheader.
75df6ad731Slogwang  *
76df6ad731Slogwang  * | ...			|
77df6ad731Slogwang  * | IP header			|
78df6ad731Slogwang  * +============================+
79df6ad731Slogwang  * | pfsync_header		|
80df6ad731Slogwang  * +----------------------------+
81df6ad731Slogwang  * | pfsync_subheader		|
82df6ad731Slogwang  * +----------------------------+
83df6ad731Slogwang  * | first action fields	|
84df6ad731Slogwang  * | ...			|
85df6ad731Slogwang  * +----------------------------+
86df6ad731Slogwang  * | pfsync_subheader		|
87df6ad731Slogwang  * +----------------------------+
88df6ad731Slogwang  * | second action fields	|
89df6ad731Slogwang  * | ...			|
90df6ad731Slogwang  * +----------------------------+
91df6ad731Slogwang  * | EOF pfsync_subheader	|
92df6ad731Slogwang  * +----------------------------+
93df6ad731Slogwang  * | HMAC			|
94df6ad731Slogwang  * +============================+
95df6ad731Slogwang  */
96df6ad731Slogwang 
97df6ad731Slogwang /*
98df6ad731Slogwang  * Frame header
99df6ad731Slogwang  */
100df6ad731Slogwang 
101df6ad731Slogwang struct pfsync_header {
102df6ad731Slogwang 	u_int8_t			version;
103df6ad731Slogwang 	u_int8_t			_pad;
104df6ad731Slogwang 	u_int16_t			len;
105df6ad731Slogwang 	u_int8_t			pfcksum[PF_MD5_DIGEST_LENGTH];
106df6ad731Slogwang } __packed;
107df6ad731Slogwang 
108df6ad731Slogwang /*
109df6ad731Slogwang  * Frame region subheader
110df6ad731Slogwang  */
111df6ad731Slogwang 
112df6ad731Slogwang struct pfsync_subheader {
113df6ad731Slogwang 	u_int8_t			action;
114df6ad731Slogwang 	u_int8_t			_pad;
115df6ad731Slogwang 	u_int16_t			count;
116df6ad731Slogwang } __packed;
117df6ad731Slogwang 
118df6ad731Slogwang /*
119df6ad731Slogwang  * CLR
120df6ad731Slogwang  */
121df6ad731Slogwang 
122df6ad731Slogwang struct pfsync_clr {
123df6ad731Slogwang 	char				ifname[IFNAMSIZ];
124df6ad731Slogwang 	u_int32_t			creatorid;
125df6ad731Slogwang } __packed;
126df6ad731Slogwang 
127df6ad731Slogwang /*
128df6ad731Slogwang  * INS, UPD, DEL
129df6ad731Slogwang  */
130df6ad731Slogwang 
131df6ad731Slogwang /* these use struct pfsync_state in pfvar.h */
132df6ad731Slogwang 
133df6ad731Slogwang /*
134df6ad731Slogwang  * INS_ACK
135df6ad731Slogwang  */
136df6ad731Slogwang 
137df6ad731Slogwang struct pfsync_ins_ack {
138df6ad731Slogwang 	u_int64_t			id;
139df6ad731Slogwang 	u_int32_t			creatorid;
140df6ad731Slogwang } __packed;
141df6ad731Slogwang 
142df6ad731Slogwang /*
143df6ad731Slogwang  * UPD_C
144df6ad731Slogwang  */
145df6ad731Slogwang 
146df6ad731Slogwang struct pfsync_upd_c {
147df6ad731Slogwang 	u_int64_t			id;
148df6ad731Slogwang 	struct pfsync_state_peer	src;
149df6ad731Slogwang 	struct pfsync_state_peer	dst;
150df6ad731Slogwang 	u_int32_t			creatorid;
151df6ad731Slogwang 	u_int32_t			expire;
152df6ad731Slogwang 	u_int8_t			timeout;
153df6ad731Slogwang 	u_int8_t			_pad[3];
154df6ad731Slogwang } __packed;
155df6ad731Slogwang 
156df6ad731Slogwang /*
157df6ad731Slogwang  * UPD_REQ
158df6ad731Slogwang  */
159df6ad731Slogwang 
160df6ad731Slogwang struct pfsync_upd_req {
161df6ad731Slogwang 	u_int64_t			id;
162df6ad731Slogwang 	u_int32_t			creatorid;
163df6ad731Slogwang } __packed;
164df6ad731Slogwang 
165df6ad731Slogwang /*
166df6ad731Slogwang  * DEL_C
167df6ad731Slogwang  */
168df6ad731Slogwang 
169df6ad731Slogwang struct pfsync_del_c {
170df6ad731Slogwang 	u_int64_t			id;
171df6ad731Slogwang 	u_int32_t			creatorid;
172df6ad731Slogwang } __packed;
173df6ad731Slogwang 
174df6ad731Slogwang /*
175df6ad731Slogwang  * INS_F, DEL_F
176df6ad731Slogwang  */
177df6ad731Slogwang 
178df6ad731Slogwang /* not implemented (yet) */
179df6ad731Slogwang 
180df6ad731Slogwang /*
181df6ad731Slogwang  * BUS
182df6ad731Slogwang  */
183df6ad731Slogwang 
184df6ad731Slogwang struct pfsync_bus {
185df6ad731Slogwang 	u_int32_t			creatorid;
186df6ad731Slogwang 	u_int32_t			endtime;
187df6ad731Slogwang 	u_int8_t			status;
188df6ad731Slogwang #define	PFSYNC_BUS_START			1
189df6ad731Slogwang #define	PFSYNC_BUS_END				2
190df6ad731Slogwang 	u_int8_t			_pad[3];
191df6ad731Slogwang } __packed;
192df6ad731Slogwang 
193df6ad731Slogwang /*
194df6ad731Slogwang  * TDB
195df6ad731Slogwang  */
196df6ad731Slogwang 
197df6ad731Slogwang struct pfsync_tdb {
198df6ad731Slogwang 	u_int32_t			spi;
199df6ad731Slogwang 	union sockaddr_union		dst;
200df6ad731Slogwang 	u_int32_t			rpl;
201df6ad731Slogwang 	u_int64_t			cur_bytes;
202df6ad731Slogwang 	u_int8_t			sproto;
203df6ad731Slogwang 	u_int8_t			updates;
204df6ad731Slogwang 	u_int8_t			_pad[2];
205df6ad731Slogwang } __packed;
206df6ad731Slogwang 
207df6ad731Slogwang #define	PFSYNC_HDRLEN		sizeof(struct pfsync_header)
208df6ad731Slogwang 
209df6ad731Slogwang struct pfsyncstats {
210df6ad731Slogwang 	u_int64_t	pfsyncs_ipackets;	/* total input packets, IPv4 */
211df6ad731Slogwang 	u_int64_t	pfsyncs_ipackets6;	/* total input packets, IPv6 */
212df6ad731Slogwang 	u_int64_t	pfsyncs_badif;		/* not the right interface */
213df6ad731Slogwang 	u_int64_t	pfsyncs_badttl;		/* TTL is not PFSYNC_DFLTTL */
214df6ad731Slogwang 	u_int64_t	pfsyncs_hdrops;		/* packets shorter than hdr */
215df6ad731Slogwang 	u_int64_t	pfsyncs_badver;		/* bad (incl unsupp) version */
216df6ad731Slogwang 	u_int64_t	pfsyncs_badact;		/* bad action */
217df6ad731Slogwang 	u_int64_t	pfsyncs_badlen;		/* data length does not match */
218df6ad731Slogwang 	u_int64_t	pfsyncs_badauth;	/* bad authentication */
219df6ad731Slogwang 	u_int64_t	pfsyncs_stale;		/* stale state */
220df6ad731Slogwang 	u_int64_t	pfsyncs_badval;		/* bad values */
221df6ad731Slogwang 	u_int64_t	pfsyncs_badstate;	/* insert/lookup failed */
222df6ad731Slogwang 
223df6ad731Slogwang 	u_int64_t	pfsyncs_opackets;	/* total output packets, IPv4 */
224df6ad731Slogwang 	u_int64_t	pfsyncs_opackets6;	/* total output packets, IPv6 */
225df6ad731Slogwang 	u_int64_t	pfsyncs_onomem;		/* no memory for an mbuf */
226df6ad731Slogwang 	u_int64_t	pfsyncs_oerrors;	/* ip output error */
227df6ad731Slogwang 
228df6ad731Slogwang 	u_int64_t	pfsyncs_iacts[PFSYNC_ACT_MAX];
229df6ad731Slogwang 	u_int64_t	pfsyncs_oacts[PFSYNC_ACT_MAX];
230df6ad731Slogwang };
231df6ad731Slogwang 
232df6ad731Slogwang /*
233df6ad731Slogwang  * Configuration structure for SIOCSETPFSYNC SIOCGETPFSYNC
234df6ad731Slogwang  */
235df6ad731Slogwang struct pfsyncreq {
236df6ad731Slogwang 	char		 pfsyncr_syncdev[IFNAMSIZ];
237df6ad731Slogwang 	struct in_addr	 pfsyncr_syncpeer;
238df6ad731Slogwang 	int		 pfsyncr_maxupdates;
239df6ad731Slogwang 	int		 pfsyncr_defer;
240df6ad731Slogwang };
241df6ad731Slogwang 
242df6ad731Slogwang #define	SIOCSETPFSYNC   _IOW('i', 247, struct ifreq)
243df6ad731Slogwang #define	SIOCGETPFSYNC   _IOWR('i', 248, struct ifreq)
244df6ad731Slogwang 
245*d4a07e70Sfengbojiang #ifdef _KERNEL
246*d4a07e70Sfengbojiang 
247*d4a07e70Sfengbojiang /*
248*d4a07e70Sfengbojiang  * this shows where a pf state is with respect to the syncing.
249*d4a07e70Sfengbojiang  */
250*d4a07e70Sfengbojiang #define	PFSYNC_S_INS	0x00
251*d4a07e70Sfengbojiang #define	PFSYNC_S_IACK	0x01
252*d4a07e70Sfengbojiang #define	PFSYNC_S_UPD	0x02
253*d4a07e70Sfengbojiang #define	PFSYNC_S_UPD_C	0x03
254*d4a07e70Sfengbojiang #define	PFSYNC_S_DEL	0x04
255*d4a07e70Sfengbojiang #define	PFSYNC_S_COUNT	0x05
256*d4a07e70Sfengbojiang 
257*d4a07e70Sfengbojiang #define	PFSYNC_S_DEFER	0xfe
258*d4a07e70Sfengbojiang #define	PFSYNC_S_NONE	0xff
259*d4a07e70Sfengbojiang 
260*d4a07e70Sfengbojiang #define	PFSYNC_SI_IOCTL		0x01
261*d4a07e70Sfengbojiang #define	PFSYNC_SI_CKSUM		0x02
262*d4a07e70Sfengbojiang #define	PFSYNC_SI_ACK		0x04
263*d4a07e70Sfengbojiang 
264*d4a07e70Sfengbojiang #endif /* _KERNEL */
265*d4a07e70Sfengbojiang 
266df6ad731Slogwang #endif /* _NET_IF_PFSYNC_H_ */
267