1 /*- 2 * SPDX-License-Identifier: BSD-2-Clause 3 * 4 * Copyright (c) 2023 Alexander V. Chernikov <melifaro@FreeBSD.org> 5 * Copyright (c) 2023 Rubicon Communications, LLC (Netgate) 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 2. Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in the 14 * documentation and/or other materials provided with the distribution. 15 * 16 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 17 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 18 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 19 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 20 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 21 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 22 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 23 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 24 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 25 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 26 * SUCH DAMAGE. 27 * 28 */ 29 30 #ifndef _NETPFIL_PF_PF_NL_H_ 31 #define _NETPFIL_PF_PF_NL_H_ 32 33 /* Genetlink family */ 34 #define PFNL_FAMILY_NAME "pfctl" 35 36 /* available commands */ 37 #define PFNL_CMD_UNSPEC 0 38 #define PFNL_CMD_GETSTATES 1 39 #define PFNL_CMD_GETCREATORS 2 40 #define PFNL_CMD_START 3 41 #define PFNL_CMD_STOP 4 42 #define PFNL_CMD_ADDRULE 5 43 #define PFNL_CMD_GETRULES 6 44 #define PFNL_CMD_GETRULE 7 45 #define PFNL_CMD_CLRSTATES 8 46 #define PFNL_CMD_KILLSTATES 9 47 #define PFNL_CMD_SET_STATUSIF 10 48 #define PFNL_CMD_GET_STATUS 11 49 #define PFNL_CMD_CLEAR_STATUS 12 50 #define PFNL_CMD_NATLOOK 13 51 #define PFNL_CMD_SET_DEBUG 14 52 #define PFNL_CMD_SET_TIMEOUT 15 53 #define PFNL_CMD_GET_TIMEOUT 16 54 #define PFNL_CMD_SET_LIMIT 17 55 #define PFNL_CMD_GET_LIMIT 18 56 #define PFNL_CMD_BEGIN_ADDRS 19 57 #define PFNL_CMD_ADD_ADDR 20 58 #define PFNL_CMD_GET_ADDRS 21 59 #define PFNL_CMD_GET_ADDR 22 60 #define PFNL_CMD_GET_RULESETS 23 61 #define PFNL_CMD_GET_RULESET 24 62 #define PFNL_CMD_GET_SRCNODES 25 63 #define PFNL_CMD_CLEAR_TABLES 26 64 #define PFNL_CMD_ADD_TABLE 27 65 #define PFNL_CMD_DEL_TABLE 28 66 #define PFNL_CMD_GET_TSTATS 29 67 #define PFNL_CMD_CLR_TSTATS 30 68 #define PFNL_CMD_CLR_ADDRS 31 69 #define PFNL_CMD_TABLE_ADD_ADDR 32 70 #define PFNL_CMD_TABLE_DEL_ADDR 33 71 #define PFNL_CMD_TABLE_SET_ADDR 34 72 #define PFNL_CMD_TABLE_GET_ADDR 35 73 #define PFNL_CMD_TABLE_GET_ASTATS 36 74 #define PFNL_CMD_TABLE_CLEAR_ASTATS 37 75 #define PFNL_CMD_STATE_LIMITER_ADD 38 76 #define PFNL_CMD_STATE_LIMITER_GET 39 77 #define PFNL_CMD_STATE_LIMITER_NGET 40 78 #define PFNL_CMD_SOURCE_LIMITER_ADD 41 79 #define PFNL_CMD_SOURCE_LIMITER_GET 42 80 #define PFNL_CMD_SOURCE_LIMITER_NGET 43 81 #define PFNL_CMD_SOURCE_GET 44 82 #define PFNL_CMD_SOURCE_NGET 45 83 #define PFNL_CMD_SOURCE_CLEAR 46 84 #define PFNL_CMD_TABLE_TEST_ADDRS 47 85 86 #define __PFNL_CMD_MAX 48 87 #define PFNL_CMD_MAX (__PFNL_CMD_MAX - 1) 88 89 enum pfstate_key_type_t { 90 PF_STK_UNSPEC, 91 PF_STK_ADDR0 = 1, /* ip */ 92 PF_STK_ADDR1 = 2, /* ip */ 93 PF_STK_PORT0 = 3, /* u16 */ 94 PF_STK_PORT1 = 4, /* u16 */ 95 PF_STK_AF = 5, /* u8 */ 96 PF_STK_PROTO = 6, /* u16 */ 97 }; 98 99 enum pfstate_peer_type_t { 100 PF_STP_UNSPEC, 101 PF_STP_PFSS_FLAGS = 1, /* u16 */ 102 PF_STP_PFSS_TTL = 2, /* u8 */ 103 PF_STP_SCRUB_FLAG = 3, /* u8 */ 104 PF_STP_PFSS_TS_MOD = 4, /* u32 */ 105 PF_STP_SEQLO = 5, /* u32 */ 106 PF_STP_SEQHI = 6, /* u32 */ 107 PF_STP_SEQDIFF = 7, /* u32 */ 108 PF_STP_MAX_WIN = 8, /* u16 */ 109 PF_STP_MSS = 9, /* u16 */ 110 PF_STP_STATE = 10, /* u8 */ 111 PF_STP_WSCALE = 11, /* u8 */ 112 }; 113 114 enum pfstate_type_t { 115 PF_ST_UNSPEC, 116 PF_ST_ID = 1, /* u32, state id */ 117 PF_ST_CREATORID = 2, /* u32, */ 118 PF_ST_IFNAME = 3, /* string */ 119 PF_ST_ORIG_IFNAME = 4, /* string */ 120 PF_ST_KEY_WIRE = 5, /* nested, pfstate_key_type_t */ 121 PF_ST_KEY_STACK = 6, /* nested, pfstate_key_type_t */ 122 PF_ST_PEER_SRC = 7, /* nested, pfstate_peer_type_t*/ 123 PF_ST_PEER_DST = 8, /* nested, pfstate_peer_type_t */ 124 PF_ST_RT_ADDR = 9, /* ip */ 125 PF_ST_RULE = 10, /* u32 */ 126 PF_ST_ANCHOR = 11, /* u32 */ 127 PF_ST_NAT_RULE = 12, /* u32 */ 128 PF_ST_CREATION = 13, /* u32 */ 129 PF_ST_EXPIRE = 14, /* u32 */ 130 PF_ST_PACKETS0 = 15, /* u64 */ 131 PF_ST_PACKETS1 = 16, /* u64 */ 132 PF_ST_BYTES0 = 17, /* u64 */ 133 PF_ST_BYTES1 = 18, /* u64 */ 134 PF_ST_AF = 19, /* u8 */ 135 PF_ST_PROTO = 21, /* u8 */ 136 PF_ST_DIRECTION = 22, /* u8 */ 137 PF_ST_LOG = 23, /* u8 */ 138 PF_ST_TIMEOUT = 24, /* u8 */ 139 PF_ST_STATE_FLAGS = 25, /* u8 */ 140 PF_ST_SYNC_FLAGS = 26, /* u8 */ 141 PF_ST_UPDATES = 27, /* u8 */ 142 PF_ST_VERSION = 28, /* u64 */ 143 PF_ST_FILTER_ADDR = 29, /* in6_addr */ 144 PF_ST_FILTER_MASK = 30, /* in6_addr */ 145 PF_ST_RTABLEID = 31, /* i32 */ 146 PF_ST_MIN_TTL = 32, /* u8 */ 147 PF_ST_MAX_MSS = 33, /* u16 */ 148 PF_ST_DNPIPE = 34, /* u16 */ 149 PF_ST_DNRPIPE = 35, /* u16 */ 150 PF_ST_RT = 36, /* u8 */ 151 PF_ST_RT_IFNAME = 37, /* string */ 152 PF_ST_SRC_NODE_FLAGS = 38, /* u8 */ 153 PF_ST_RT_AF = 39, /* u8 */ 154 PF_ST_INCLUDE_RULE = 40, /* bool */ 155 PF_ST_CREATED_BY_RULE = 41, /* nested, pf_rule_type_t */ 156 }; 157 158 enum pf_addr_type_t { 159 PF_AT_UNSPEC, 160 PF_AT_ADDR = 1, /* in6_addr */ 161 PF_AT_MASK = 2, /* in6_addr */ 162 PF_AT_IFNAME = 3, /* string */ 163 PF_AT_TABLENAME = 4, /* string */ 164 PF_AT_TYPE = 5, /* u8 */ 165 PF_AT_IFLAGS = 6, /* u8 */ 166 PF_AT_TBLCNT = 7, /* u32 */ 167 PF_AT_DYNCNT = 8, /* u32 */ 168 }; 169 170 enum pfrule_addr_type_t { 171 PF_RAT_UNSPEC, 172 PF_RAT_ADDR = 1, /* nested, pf_addr_type_t */ 173 PF_RAT_SRC_PORT = 2, /* u16 */ 174 PF_RAT_DST_PORT = 3, /* u16 */ 175 PF_RAT_NEG = 4, /* u8 */ 176 PF_RAT_OP = 5, /* u8 */ 177 }; 178 179 enum pf_labels_type_t { 180 PF_LT_UNSPEC, 181 PF_LT_LABEL = 1, /* string */ 182 }; 183 184 enum pf_mape_portset_type_t 185 { 186 PF_MET_UNSPEC, 187 PF_MET_OFFSET = 1, /* u8 */ 188 PF_MET_PSID_LEN = 2, /* u8 */ 189 PF_MET_PSID = 3, /* u16 */ 190 }; 191 192 enum pf_rpool_type_t 193 { 194 PF_PT_UNSPEC, 195 PF_PT_KEY = 1, /* bytes, sizeof(struct pf_poolhashkey) */ 196 PF_PT_COUNTER = 2, /* in6_addr */ 197 PF_PT_TBLIDX = 3, /* u32 */ 198 PF_PT_PROXY_SRC_PORT = 4, /* u16 */ 199 PF_PT_PROXY_DST_PORT = 5, /* u16 */ 200 PF_PT_OPTS = 6, /* u8 */ 201 PF_PT_MAPE = 7, /* nested, pf_mape_portset_type_t */ 202 }; 203 204 enum pf_timeout_type_t { 205 PF_TT_UNSPEC, 206 PF_TT_TIMEOUT = 1, /* u32 */ 207 }; 208 209 enum pf_rule_uid_type_t { 210 PF_RUT_UNSPEC, 211 PF_RUT_UID_LOW = 1, /* u32 */ 212 PF_RUT_UID_HIGH = 2, /* u32 */ 213 PF_RUT_OP = 3, /* u8 */ 214 }; 215 216 enum pf_rule_type_t { 217 PF_RT_UNSPEC, 218 PF_RT_SRC = 1, /* nested, pf_rule_addr_type_t */ 219 PF_RT_DST = 2, /* nested, pf_rule_addr_type_t */ 220 PF_RT_RIDENTIFIER = 3, /* u32 */ 221 PF_RT_LABELS = 4, /* nested, pf_labels_type_t */ 222 PF_RT_IFNAME = 5, /* string */ 223 PF_RT_QNAME = 6, /* string */ 224 PF_RT_PQNAME = 7, /* string */ 225 PF_RT_TAGNAME = 8, /* string */ 226 PF_RT_MATCH_TAGNAME = 9, /* string */ 227 PF_RT_OVERLOAD_TBLNAME = 10, /* string */ 228 PF_RT_RPOOL_RDR = 11, /* nested, pf_rpool_type_t */ 229 PF_RT_OS_FINGERPRINT = 12, /* u32 */ 230 PF_RT_RTABLEID = 13, /* u32 */ 231 PF_RT_TIMEOUT = 14, /* nested, pf_timeout_type_t */ 232 PF_RT_MAX_STATES = 15, /* u32 */ 233 PF_RT_MAX_SRC_NODES = 16, /* u32 */ 234 PF_RT_MAX_SRC_STATES = 17, /* u32 */ 235 PF_RT_MAX_SRC_CONN_RATE_LIMIT = 18, /* u32 */ 236 PF_RT_MAX_SRC_CONN_RATE_SECS = 19, /* u32 */ 237 PF_RT_DNPIPE = 20, /* u16 */ 238 PF_RT_DNRPIPE = 21, /* u16 */ 239 PF_RT_DNFLAGS = 22, /* u32 */ 240 PF_RT_NR = 23, /* u32 */ 241 PF_RT_PROB = 24, /* u32 */ 242 PF_RT_CUID = 25, /* u32 */ 243 PF_RT_CPID = 26, /* u32 */ 244 PF_RT_RETURN_ICMP = 27, /* u16 */ 245 PF_RT_RETURN_ICMP6 = 28, /* u16 */ 246 PF_RT_MAX_MSS = 29, /* u16 */ 247 PF_RT_SCRUB_FLAGS = 30, /* u16 */ 248 PF_RT_UID = 31, /* nested, pf_rule_uid_type_t */ 249 PF_RT_GID = 32, /* nested, pf_rule_uid_type_t */ 250 PF_RT_RULE_FLAG = 33, /* u32 */ 251 PF_RT_ACTION = 34, /* u8 */ 252 PF_RT_DIRECTION = 35, /* u8 */ 253 PF_RT_LOG = 36, /* u8 */ 254 PF_RT_LOGIF = 37, /* u8 */ 255 PF_RT_QUICK = 38, /* u8 */ 256 PF_RT_IF_NOT = 39, /* u8 */ 257 PF_RT_MATCH_TAG_NOT = 40, /* u8 */ 258 PF_RT_NATPASS = 41, /* u8 */ 259 PF_RT_KEEP_STATE = 42, /* u8 */ 260 PF_RT_AF = 43, /* u8 */ 261 PF_RT_PROTO = 44, /* u8 */ 262 PF_RT_TYPE = 45, /* u8 */ 263 PF_RT_CODE = 46, /* u8 */ 264 PF_RT_FLAGS = 47, /* u8 */ 265 PF_RT_FLAGSET = 48, /* u8 */ 266 PF_RT_MIN_TTL = 49, /* u8 */ 267 PF_RT_ALLOW_OPTS = 50, /* u8 */ 268 PF_RT_RT = 51, /* u8 */ 269 PF_RT_RETURN_TTL = 52, /* u8 */ 270 PF_RT_TOS = 53, /* u8 */ 271 PF_RT_SET_TOS = 54, /* u8 */ 272 PF_RT_ANCHOR_RELATIVE = 55, /* u8 */ 273 PF_RT_ANCHOR_WILDCARD = 56, /* u8 */ 274 PF_RT_FLUSH = 57, /* u8 */ 275 PF_RT_PRIO = 58, /* u8 */ 276 PF_RT_SET_PRIO = 59, /* u8 */ 277 PF_RT_SET_PRIO_REPLY = 60, /* u8 */ 278 PF_RT_DIVERT_ADDRESS = 61, /* in6_addr */ 279 PF_RT_DIVERT_PORT = 62, /* u16 */ 280 PF_RT_PACKETS_IN = 63, /* u64 */ 281 PF_RT_PACKETS_OUT = 64, /* u64 */ 282 PF_RT_BYTES_IN = 65, /* u64 */ 283 PF_RT_BYTES_OUT = 66, /* u64 */ 284 PF_RT_EVALUATIONS = 67, /* u64 */ 285 PF_RT_TIMESTAMP = 68, /* u64 */ 286 PF_RT_STATES_CUR = 69, /* u64 */ 287 PF_RT_STATES_TOTAL = 70, /* u64 */ 288 PF_RT_SRC_NODES = 71, /* u64 */ 289 PF_RT_ANCHOR_CALL = 72, /* string */ 290 PF_RT_RCV_IFNAME = 73, /* string */ 291 PF_RT_MAX_SRC_CONN = 74, /* u32 */ 292 PF_RT_RPOOL_NAT = 75, /* nested, pf_rpool_type_t */ 293 PF_RT_NAF = 76, /* u8 */ 294 PF_RT_RPOOL_RT = 77, /* nested, pf_rpool_type_t */ 295 PF_RT_RCV_IFNOT = 78, /* bool */ 296 PF_RT_SRC_NODES_LIMIT = 79, /* u64 */ 297 PF_RT_SRC_NODES_NAT = 80, /* u64 */ 298 PF_RT_SRC_NODES_ROUTE = 81, /* u64 */ 299 PF_RT_PKTRATE = 82, /* nested, pf_threshold_type_t */ 300 PF_RT_MAX_PKT_SIZE = 83, /* u16 */ 301 PF_RT_TYPE_2 = 84, /* u16 */ 302 PF_RT_CODE_2 = 85, /* u16 */ 303 PF_RT_EXPTIME = 86, /* time_t */ 304 PF_RT_STATE_LIMIT = 87, /* u8 */ 305 PF_RT_SOURCE_LIMIT = 88, /* u8 */ 306 PF_RT_STATE_LIMIT_ACTION = 89, /* u32 */ 307 PF_RT_SOURCE_LIMIT_ACTION = 90, /* u32 */ 308 }; 309 310 enum pf_addrule_type_t { 311 PF_ART_UNSPEC, 312 PF_ART_TICKET = 1, /* u32 */ 313 PF_ART_POOL_TICKET = 2, /* u32 */ 314 PF_ART_ANCHOR = 3, /* string */ 315 PF_ART_ANCHOR_CALL = 4, /* string */ 316 PF_ART_RULE = 5, /* nested, pfrule_type_t */ 317 }; 318 319 enum pf_getrules_type_t { 320 PF_GR_UNSPEC, 321 PF_GR_ANCHOR = 1, /* string */ 322 PF_GR_ACTION = 2, /* u8 */ 323 PF_GR_NR = 3, /* u32 */ 324 PF_GR_TICKET = 4, /* u32 */ 325 PF_GR_CLEAR = 5, /* u8 */ 326 }; 327 328 enum pf_clear_states_type_t { 329 PF_CS_UNSPEC, 330 PF_CS_CMP_ID = 1, /* u64 */ 331 PF_CS_CMP_CREATORID = 2, /* u32 */ 332 PF_CS_CMP_DIR = 3, /* u8 */ 333 PF_CS_AF = 4, /* u8 */ 334 PF_CS_PROTO = 5, /* u8 */ 335 PF_CS_SRC = 6, /* nested, pf_addr_wrap */ 336 PF_CS_DST = 7, /* nested, pf_addr_wrap */ 337 PF_CS_RT_ADDR = 8, /* nested, pf_addr_wrap */ 338 PF_CS_IFNAME = 9, /* string */ 339 PF_CS_LABEL = 10, /* string */ 340 PF_CS_KILL_MATCH = 11, /* bool */ 341 PF_CS_NAT = 12, /* bool */ 342 PF_CS_KILLED = 13, /* u32 */ 343 }; 344 345 enum pf_set_statusif_types_t { 346 PF_SS_UNSPEC, 347 PF_SS_IFNAME = 1, /* string */ 348 }; 349 350 enum pf_counter_types_t { 351 PF_C_UNSPEC, 352 PF_C_COUNTER = 1, /* u64 */ 353 PF_C_NAME = 2, /* string */ 354 PF_C_ID = 3, /* u32 */ 355 }; 356 357 enum pf_get_status_types_t { 358 PF_GS_UNSPEC, 359 PF_GS_IFNAME = 1, /* string */ 360 PF_GS_RUNNING = 2, /* bool */ 361 PF_GS_SINCE = 3, /* u32 */ 362 PF_GS_DEBUG = 4, /* u32 */ 363 PF_GS_HOSTID = 5, /* u32 */ 364 PF_GS_STATES = 6, /* u32 */ 365 PF_GS_SRC_NODES = 7, /* u32 */ 366 PF_GS_REASSEMBLE = 8, /* u32 */ 367 PF_GS_SYNCOOKIES_ACTIVE = 9, /* bool */ 368 PF_GS_COUNTERS = 10, /* nested, */ 369 PF_GS_LCOUNTERS = 11, /* nested, */ 370 PF_GS_FCOUNTERS = 12, /* nested, */ 371 PF_GS_SCOUNTERS = 13, /* nested, */ 372 PF_GS_CHKSUM = 14, /* byte array */ 373 PF_GS_PCOUNTERS = 15, /* u64 array */ 374 PF_GS_BCOUNTERS = 16, /* u64 array */ 375 PF_GS_NCOUNTERS = 17, /* nested, */ 376 PF_GS_FRAGMENTS = 18, /* u64, */ 377 }; 378 379 enum pf_natlook_types_t { 380 PF_NL_UNSPEC, 381 PF_NL_AF = 1, /* u8 */ 382 PF_NL_DIRECTION = 2, /* u8 */ 383 PF_NL_PROTO = 3, /* u8 */ 384 PF_NL_SRC_ADDR = 4, /* in6_addr */ 385 PF_NL_DST_ADDR = 5, /* in6_addr */ 386 PF_NL_SRC_PORT = 6, /* u16 */ 387 PF_NL_DST_PORT = 7, /* u16 */ 388 }; 389 390 enum pf_set_debug_types_t { 391 PF_SD_UNSPEC, 392 PF_SD_LEVEL = 1, /* u32 */ 393 }; 394 395 enum pf_timeout_types_t { 396 PF_TO_UNSPEC, 397 PF_TO_TIMEOUT = 1, /* u32 */ 398 PF_TO_SECONDS = 2, /* u32 */ 399 }; 400 401 enum pf_limit_types_t { 402 PF_LI_UNSPEC, 403 PF_LI_INDEX = 1, /* u32 */ 404 PF_LI_LIMIT = 2, /* u32 */ 405 }; 406 407 enum pf_begin_addrs_types_t { 408 PF_BA_UNSPEC, 409 PF_BA_TICKET = 1, /* u32 */ 410 }; 411 412 enum pf_pool_addr_types_t { 413 PF_PA_UNSPEC, 414 PF_PA_ADDR = 1, /* nested, pf_addr_wrap */ 415 PF_PA_IFNAME = 2, /* string */ 416 }; 417 418 enum pf_add_addr_types_t { 419 PF_AA_UNSPEC, 420 PF_AA_ACTION = 1, /* u32 */ 421 PF_AA_TICKET = 2, /* u32 */ 422 PF_AA_NR = 3, /* u32 */ 423 PF_AA_R_NUM = 4, /* u32 */ 424 PF_AA_R_ACTION = 5, /* u8 */ 425 PF_AA_R_LAST = 6, /* u8 */ 426 PF_AA_AF = 7, /* u8 */ 427 PF_AA_ANCHOR = 8, /* string */ 428 PF_AA_ADDR = 9, /* nested, pf_pooladdr */ 429 PF_AA_WHICH = 10, /* u32 */ 430 }; 431 432 enum pf_get_rulesets_types_t { 433 PF_RS_UNSPEC, 434 PF_RS_PATH = 1, /* string */ 435 PF_RS_NR = 2, /* u32 */ 436 PF_RS_NAME = 3, /* string */ 437 }; 438 439 enum pf_threshold_types_t { 440 PF_TH_UNSPEC, 441 PF_TH_LIMIT = 1, /* u32 */ 442 PF_TH_SECONDS = 2, /* u32 */ 443 PF_TH_COUNT = 3, /* u32 */ 444 PF_TH_LAST = 4, /* u32 */ 445 }; 446 447 enum pf_srcnodes_types_t { 448 PF_SN_UNSPEC, 449 PF_SN_ADDR = 1, /* nested, pf_addr */ 450 PF_SN_RADDR = 2, /* nested, pf_addr */ 451 PF_SN_RULE_NR = 3, /* u32 */ 452 PF_SN_BYTES_IN = 4, /* u64 */ 453 PF_SN_BYTES_OUT = 5, /* u64 */ 454 PF_SN_PACKETS_IN = 6, /* u64 */ 455 PF_SN_PACKETS_OUT = 7, /* u64 */ 456 PF_SN_STATES = 8, /* u32 */ 457 PF_SN_CONNECTIONS = 9, /* u32 */ 458 PF_SN_AF = 10, /* u8 */ 459 PF_SN_RULE_TYPE = 11, /* u8 */ 460 PF_SN_CREATION = 12, /* u64 */ 461 PF_SN_EXPIRE = 13, /* u64 */ 462 PF_SN_CONNECTION_RATE = 14, /* nested, pf_threshold */ 463 PF_SN_RAF = 15, /* u8 */ 464 PF_SN_NODE_TYPE = 16, /* u8 */ 465 }; 466 467 enum pf_tables_t { 468 PF_T_UNSPEC, 469 PF_T_ANCHOR = 1, /* string */ 470 PF_T_NAME = 2, /* string */ 471 PF_T_TABLE_FLAGS = 3, /* u32 */ 472 PF_T_FLAGS = 4, /* u32 */ 473 PF_T_NBR_DELETED = 5, /* u32 */ 474 PF_T_NBR_ADDED = 6, /* u32 */ 475 }; 476 477 enum pf_tstats_t { 478 PF_TS_UNSPEC, 479 PF_TS_TABLE = 1, /* nested, pfr_table */ 480 PF_TS_PACKETS = 2, /* u64 array */ 481 PF_TS_BYTES = 3, /* u64 array */ 482 PF_TS_MATCH = 4, /* u64 */ 483 PF_TS_NOMATCH = 5, /* u64 */ 484 PF_TS_TZERO = 6, /* u64 */ 485 PF_TS_CNT = 7, /* u64 */ 486 PF_TS_REFCNT = 8, /* u64 array */ 487 PF_TS_NZERO = 9, /* u64 */ 488 }; 489 490 enum pfr_addr_t { 491 PFR_A_UNSPEC, 492 PFR_A_AF = 1, /* uint8_t */ 493 PFR_A_NET = 2, /* uint8_t */ 494 PFR_A_NOT = 3, /* bool */ 495 PFR_A_ADDR = 4, /* in6_addr */ 496 }; 497 498 enum pf_table_addrs_t { 499 PF_TA_UNSPEC, 500 PF_TA_TABLE = 1, /* nested, pf_table_t */ 501 PF_TA_ADDR = 2, /* nested, pfr_addr_t */ 502 PF_TA_FLAGS = 3, /* u32 */ 503 PF_TA_NBR_ADDED = 4, /* u32 */ 504 PF_TA_NBR_DELETED = 5, /* u32 */ 505 PF_TA_NBR_CHANGED = 6, /* u32 */ 506 PF_TA_ADDR_COUNT = 7, /* u32 */ 507 }; 508 509 enum pf_astats_t { 510 PF_AS_UNSPEC, 511 PF_AS_ADDR = 1, /* nested, pfr_addr_t */ 512 PF_AS_PACKETS = 2, /* u64 array */ 513 PF_AS_BYTES = 3, /* u64 array */ 514 PF_AS_TZERO = 4, /* time_t */ 515 }; 516 517 enum pf_table_astats_t { 518 PF_TAS_UNSPEC, 519 PF_TAS_TABLE = 1, /* nested pf_table_t */ 520 PF_TAS_ASTATS = 2, /* nested, pfr_astats_t */ 521 PF_TAS_FLAGS = 3, /* u32 */ 522 PF_TAS_ASTATS_COUNT = 4, /* u32 */ 523 PF_TAS_ASTATS_ZEROED = 5, /* u32 */ 524 }; 525 526 enum pf_limit_rate_t { 527 PF_LR_UNSPEC, 528 PF_LR_LIMIT = 1, /* u32 */ 529 PF_LR_SECONDS = 2, /* u32 */ 530 }; 531 532 enum pf_state_limit_t { 533 PF_SL_UNSPEC, 534 PF_SL_TICKET = 1, /* u32 */ 535 PF_SL_NAME = 2, /* string */ 536 PF_SL_ID = 3, /* u32 */ 537 PF_SL_LIMIT = 4, /* u32 */ 538 PF_SL_RATE = 5, /* nested, pf_limit_rate_t */ 539 PF_SL_DESCR = 6, /* string */ 540 PF_SL_INUSE = 7, /* u32 */ 541 PF_SL_ADMITTED = 8, /* u64 */ 542 PF_SL_HARDLIMITED = 9, /* u64 */ 543 PF_SL_RATELIMITED = 10, /* u64 */ 544 }; 545 546 enum pf_source_limit_t { 547 PF_SCL_UNSPEC, 548 PF_SCL_TICKET = 1, /* u32 */ 549 PF_SCL_NAME = 2, /* string */ 550 PF_SCL_ID = 3, /* u32 */ 551 PF_SCL_ENTRIES = 4, /* u32 */ 552 PF_SCL_LIMIT = 5, /* u32 */ 553 PF_SCL_RATE = 6, /* nested, pf_limit_rate_t */ 554 PF_SCL_OVERLOAD_TBL_NAME = 7, /* string*/ 555 PF_SCL_OVERLOAD_HIGH_WM = 8, /* u32 */ 556 PF_SCL_OVERLOAD_LOW_WM = 9, /* u32 */ 557 PF_SCL_INET_PREFIX = 10, /* u32 */ 558 PF_SCL_INET6_PREFIX = 11, /* u32 */ 559 PF_SCL_DESCR = 12, /* string */ 560 PF_SCL_NENTRIES = 13, /* u32 */ 561 PF_SCL_INUSE = 14, /* u32 */ 562 PF_SCL_ADDR_ALLOCS = 15, /* u64 */ 563 PF_SCL_ADDR_NOMEM = 16, /* u64 */ 564 PF_SCL_ADMITTED = 17, /* u64 */ 565 PF_SCL_ADDRLIMITED = 18, /* u64 */ 566 PF_SCL_HARDLIMITED = 19, /* u64 */ 567 PF_SCL_RATELIMITED = 20, /* u64 */ 568 }; 569 570 enum pf_source_t { 571 PF_SRC_UNSPEC, 572 PF_SRC_NAME = 1, /* string */ 573 PF_SRC_ID = 2, /* u32 */ 574 PF_SRC_AF = 3, /* u8 */ 575 PF_SRC_RDOMAIN = 4, /* u32 */ 576 PF_SRC_ADDR = 5, /* in6_addr */ 577 PF_SRC_INUSE = 6, /* u32 */ 578 PF_SRC_ADMITTED = 7, /* u64 */ 579 PF_SRC_HARDLIMITED = 8, /* u64 */ 580 PF_SRC_RATELIMITED = 9, /* u64 */ 581 PF_SRC_LIMIT = 10, /* u32 */ 582 PF_SRC_INET_PREFIX = 11, /* u32 */ 583 PF_SRC_INET6_PREFIX = 12, /* u32 */ 584 }; 585 586 enum pf_source_clear_t { 587 PF_SC_UNSPEC, 588 PF_SC_NAME = 1, /* string */ 589 PF_SC_ID = 2, /* u32*/ 590 PF_SC_RDOMAIN = 3, /* u32 */ 591 PF_SC_AF = 4, /* u8 */ 592 PF_SC_ADDR = 5, /* in6_addr */ 593 }; 594 595 #ifdef _KERNEL 596 597 void pf_nl_register(void); 598 void pf_nl_unregister(void); 599 600 #endif 601 602 #endif 603