diff options
Diffstat (limited to 'freebsd/sys/contrib/pf/net/if_pfsync.h')
-rw-r--r-- | freebsd/sys/contrib/pf/net/if_pfsync.h | 324 |
1 files changed, 0 insertions, 324 deletions
diff --git a/freebsd/sys/contrib/pf/net/if_pfsync.h b/freebsd/sys/contrib/pf/net/if_pfsync.h deleted file mode 100644 index 17259b78..00000000 --- a/freebsd/sys/contrib/pf/net/if_pfsync.h +++ /dev/null @@ -1,324 +0,0 @@ -/* $OpenBSD: if_pfsync.h,v 1.35 2008/06/29 08:42:15 mcbride Exp $ */ - -/* - * Copyright (c) 2001 Michael Shalayeff - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - * IN NO EVENT SHALL THE AUTHOR OR HIS RELATIVES BE LIABLE FOR ANY DIRECT, - * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR - * SERVICES; LOSS OF MIND, USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING - * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF - * THE POSSIBILITY OF SUCH DAMAGE. - */ - -/* - * Copyright (c) 2008 David Gwynne <dlg@openbsd.org> - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -#ifndef _NET_IF_PFSYNC_H_ -#define _NET_IF_PFSYNC_H_ - -#define PFSYNC_VERSION 5 -#define PFSYNC_DFLTTL 255 - -#define PFSYNC_ACT_CLR 0 /* clear all states */ -#define PFSYNC_ACT_INS 1 /* insert state */ -#define PFSYNC_ACT_INS_ACK 2 /* ack of insterted state */ -#define PFSYNC_ACT_UPD 3 /* update state */ -#define PFSYNC_ACT_UPD_C 4 /* "compressed" update state */ -#define PFSYNC_ACT_UPD_REQ 5 /* request "uncompressed" state */ -#define PFSYNC_ACT_DEL 6 /* delete state */ -#define PFSYNC_ACT_DEL_C 7 /* "compressed" delete state */ -#define PFSYNC_ACT_INS_F 8 /* insert fragment */ -#define PFSYNC_ACT_DEL_F 9 /* delete fragments */ -#define PFSYNC_ACT_BUS 10 /* bulk update status */ -#define PFSYNC_ACT_TDB 11 /* TDB replay counter update */ -#define PFSYNC_ACT_EOF 12 /* end of frame */ -#define PFSYNC_ACT_MAX 13 - -#define PFSYNC_ACTIONS "CLR ST", \ - "INS ST", \ - "INS ST ACK", \ - "UPD ST", \ - "UPD ST COMP", \ - "UPD ST REQ", \ - "DEL ST", \ - "DEL ST COMP", \ - "INS FR", \ - "DEL FR", \ - "BULK UPD STAT", \ - "TDB UPD", \ - "EOF" - -#define PFSYNC_HMAC_LEN 20 - -/* - * A pfsync frame is built from a header followed by several sections which - * are all prefixed with their own subheaders. Frames must be terminated with - * an EOF subheader. - * - * | ... | - * | IP header | - * +============================+ - * | pfsync_header | - * +----------------------------+ - * | pfsync_subheader | - * +----------------------------+ - * | first action fields | - * | ... | - * +----------------------------+ - * | pfsync_subheader | - * +----------------------------+ - * | second action fields | - * | ... | - * +----------------------------+ - * | EOF pfsync_subheader | - * +----------------------------+ - * | HMAC | - * +============================+ - */ - -/* - * Frame header - */ - -struct pfsync_header { - u_int8_t version; - u_int8_t _pad; - u_int16_t len; - u_int8_t pfcksum[PF_MD5_DIGEST_LENGTH]; -} __packed; - -/* - * Frame region subheader - */ - -struct pfsync_subheader { - u_int8_t action; - u_int8_t _pad; - u_int16_t count; -} __packed; - -/* - * CLR - */ - -struct pfsync_clr { - char ifname[IFNAMSIZ]; - u_int32_t creatorid; -} __packed; - -/* - * INS, UPD, DEL - */ - -/* these use struct pfsync_state in pfvar.h */ - -/* - * INS_ACK - */ - -struct pfsync_ins_ack { - u_int64_t id; - u_int32_t creatorid; -} __packed; - -/* - * UPD_C - */ - -struct pfsync_upd_c { - u_int64_t id; - struct pfsync_state_peer src; - struct pfsync_state_peer dst; - u_int32_t creatorid; - u_int32_t expire; - u_int8_t timeout; - u_int8_t _pad[3]; -} __packed; - -/* - * UPD_REQ - */ - -struct pfsync_upd_req { - u_int64_t id; - u_int32_t creatorid; -} __packed; - -/* - * DEL_C - */ - -struct pfsync_del_c { - u_int64_t id; - u_int32_t creatorid; -} __packed; - -/* - * INS_F, DEL_F - */ - -/* not implemented (yet) */ - -/* - * BUS - */ - -struct pfsync_bus { - u_int32_t creatorid; - u_int32_t endtime; - u_int8_t status; -#define PFSYNC_BUS_START 1 -#define PFSYNC_BUS_END 2 - u_int8_t _pad[3]; -} __packed; - -/* - * TDB - */ - -struct pfsync_tdb { - u_int32_t spi; - union sockaddr_union dst; - u_int32_t rpl; - u_int64_t cur_bytes; - u_int8_t sproto; - u_int8_t updates; - u_int8_t _pad[2]; -} __packed; - -/* - * EOF - */ - -struct pfsync_eof { - u_int8_t hmac[PFSYNC_HMAC_LEN]; -} __packed; - -#define PFSYNC_HDRLEN sizeof(struct pfsync_header) - - - -/* - * Names for PFSYNC sysctl objects - */ -#define PFSYNCCTL_STATS 1 /* PFSYNC stats */ -#define PFSYNCCTL_MAXID 2 - -#define PFSYNCCTL_NAMES { \ - { 0, 0 }, \ - { "stats", CTLTYPE_STRUCT }, \ -} - -struct pfsyncstats { - u_int64_t pfsyncs_ipackets; /* total input packets, IPv4 */ - u_int64_t pfsyncs_ipackets6; /* total input packets, IPv6 */ - u_int64_t pfsyncs_badif; /* not the right interface */ - u_int64_t pfsyncs_badttl; /* TTL is not PFSYNC_DFLTTL */ - u_int64_t pfsyncs_hdrops; /* packets shorter than hdr */ - u_int64_t pfsyncs_badver; /* bad (incl unsupp) version */ - u_int64_t pfsyncs_badact; /* bad action */ - u_int64_t pfsyncs_badlen; /* data length does not match */ - u_int64_t pfsyncs_badauth; /* bad authentication */ - u_int64_t pfsyncs_stale; /* stale state */ - u_int64_t pfsyncs_badval; /* bad values */ - u_int64_t pfsyncs_badstate; /* insert/lookup failed */ - - u_int64_t pfsyncs_opackets; /* total output packets, IPv4 */ - u_int64_t pfsyncs_opackets6; /* total output packets, IPv6 */ - u_int64_t pfsyncs_onomem; /* no memory for an mbuf */ - u_int64_t pfsyncs_oerrors; /* ip output error */ -}; - -/* - * Configuration structure for SIOCSETPFSYNC SIOCGETPFSYNC - */ -struct pfsyncreq { - char pfsyncr_syncdev[IFNAMSIZ]; - struct in_addr pfsyncr_syncpeer; - int pfsyncr_maxupdates; - int pfsyncr_authlevel; -}; - -#ifdef __FreeBSD__ -#define SIOCSETPFSYNC _IOW('i', 247, struct ifreq) -#define SIOCGETPFSYNC _IOWR('i', 248, struct ifreq) -#endif - -#ifdef _KERNEL - -/* - * this shows where a pf state is with respect to the syncing. - */ -#define PFSYNC_S_INS 0x00 -#define PFSYNC_S_IACK 0x01 -#define PFSYNC_S_UPD 0x02 -#define PFSYNC_S_UPD_C 0x03 -#define PFSYNC_S_DEL 0x04 -#define PFSYNC_S_COUNT 0x05 - -#define PFSYNC_S_DEFER 0xfe -#define PFSYNC_S_NONE 0xff - -#ifdef __FreeBSD__ -void pfsync_input(struct mbuf *, __unused int); -#else -void pfsync_input(struct mbuf *, ...); -#endif -int pfsync_sysctl(int *, u_int, void *, size_t *, - void *, size_t); - -#define PFSYNC_SI_IOCTL 0x01 -#define PFSYNC_SI_CKSUM 0x02 -#define PFSYNC_SI_ACK 0x04 -int pfsync_state_import(struct pfsync_state *, u_int8_t); -#ifndef __FreeBSD__ -void pfsync_state_export(struct pfsync_state *, - struct pf_state *); -#endif - -void pfsync_insert_state(struct pf_state *); -void pfsync_update_state(struct pf_state *); -void pfsync_delete_state(struct pf_state *); -void pfsync_clear_states(u_int32_t, const char *); - -#ifdef notyet -void pfsync_update_tdb(struct tdb *, int); -void pfsync_delete_tdb(struct tdb *); -#endif - -int pfsync_defer(struct pf_state *, struct mbuf *); - -int pfsync_up(void); -int pfsync_state_in_use(struct pf_state *); -#endif - -#endif /* _NET_IF_PFSYNC_H_ */ |