xref: /freebsd/sys/net/if_pfsync.h (revision d7d962ead0b6e5e8a39202d0590022082bf5bfb6) 
1 /*-
2  * SPDX-License-Identifier: BSD-2-Clause-FreeBSD
3  *
4  * Copyright (c) 2001 Michael Shalayeff
5  * All rights reserved.
6  *
7  * Redistribution and use in source and binary forms, with or without
8  * modification, are permitted provided that the following conditions
9  * are met:
10  * 1. Redistributions of source code must retain the above copyright
11  *    notice, this list of conditions and the following disclaimer.
12  * 2. Redistributions in binary form must reproduce the above copyright
13  *    notice, this list of conditions and the following disclaimer in the
14  *    documentation and/or other materials provided with the distribution.
15  *
16  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
17  * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
18  * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
19  * IN NO EVENT SHALL THE AUTHOR OR HIS RELATIVES BE LIABLE FOR ANY DIRECT,
20  * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
21  * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
22  * SERVICES; LOSS OF MIND, USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
23  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
24  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
25  * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
26  * THE POSSIBILITY OF SUCH DAMAGE.
27  */
28 
29 /*-
30  * Copyright (c) 2008 David Gwynne <dlg@openbsd.org>
31  *
32  * Permission to use, copy, modify, and distribute this software for any
33  * purpose with or without fee is hereby granted, provided that the above
34  * copyright notice and this permission notice appear in all copies.
35  *
36  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
37  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
38  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
39  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
40  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
41  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
42  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
43  */
44 
45 /*
46  *	$OpenBSD: if_pfsync.h,v 1.35 2008/06/29 08:42:15 mcbride Exp $
47  *	$FreeBSD$
48  */
49 
50 #ifndef _NET_IF_PFSYNC_H_
51 #define	_NET_IF_PFSYNC_H_
52 
53 #define	PFSYNC_VERSION		5
54 #define	PFSYNC_DFLTTL		255
55 
56 #define	PFSYNC_ACT_CLR		0	/* clear all states */
57 #define	PFSYNC_ACT_INS		1	/* insert state */
58 #define	PFSYNC_ACT_INS_ACK	2	/* ack of inserted state */
59 #define	PFSYNC_ACT_UPD		3	/* update state */
60 #define	PFSYNC_ACT_UPD_C	4	/* "compressed" update state */
61 #define	PFSYNC_ACT_UPD_REQ	5	/* request "uncompressed" state */
62 #define	PFSYNC_ACT_DEL		6	/* delete state */
63 #define	PFSYNC_ACT_DEL_C	7	/* "compressed" delete state */
64 #define	PFSYNC_ACT_INS_F	8	/* insert fragment */
65 #define	PFSYNC_ACT_DEL_F	9	/* delete fragments */
66 #define	PFSYNC_ACT_BUS		10	/* bulk update status */
67 #define	PFSYNC_ACT_TDB		11	/* TDB replay counter update */
68 #define	PFSYNC_ACT_EOF		12	/* end of frame */
69 #define	PFSYNC_ACT_MAX		13
70 
71 /*
72  * A pfsync frame is built from a header followed by several sections which
73  * are all prefixed with their own subheaders. Frames must be terminated with
74  * an EOF subheader.
75  *
76  * | ...			|
77  * | IP header			|
78  * +============================+
79  * | pfsync_header		|
80  * +----------------------------+
81  * | pfsync_subheader		|
82  * +----------------------------+
83  * | first action fields	|
84  * | ...			|
85  * +----------------------------+
86  * | pfsync_subheader		|
87  * +----------------------------+
88  * | second action fields	|
89  * | ...			|
90  * +----------------------------+
91  * | EOF pfsync_subheader	|
92  * +----------------------------+
93  * | HMAC			|
94  * +============================+
95  */
96 
97 /*
98  * Frame header
99  */
100 
101 struct pfsync_header {
102 	u_int8_t			version;
103 	u_int8_t			_pad;
104 	u_int16_t			len;
105 	u_int8_t			pfcksum[PF_MD5_DIGEST_LENGTH];
106 } __packed;
107 
108 /*
109  * Frame region subheader
110  */
111 
112 struct pfsync_subheader {
113 	u_int8_t			action;
114 	u_int8_t			_pad;
115 	u_int16_t			count;
116 } __packed;
117 
118 /*
119  * CLR
120  */
121 
122 struct pfsync_clr {
123 	char				ifname[IFNAMSIZ];
124 	u_int32_t			creatorid;
125 } __packed;
126 
127 /*
128  * INS, UPD, DEL
129  */
130 
131 /* these use struct pfsync_state in pfvar.h */
132 
133 /*
134  * INS_ACK
135  */
136 
137 struct pfsync_ins_ack {
138 	u_int64_t			id;
139 	u_int32_t			creatorid;
140 } __packed;
141 
142 /*
143  * UPD_C
144  */
145 
146 struct pfsync_upd_c {
147 	u_int64_t			id;
148 	struct pfsync_state_peer	src;
149 	struct pfsync_state_peer	dst;
150 	u_int32_t			creatorid;
151 	u_int32_t			expire;
152 	u_int8_t			timeout;
153 	u_int8_t			_pad[3];
154 } __packed;
155 
156 /*
157  * UPD_REQ
158  */
159 
160 struct pfsync_upd_req {
161 	u_int64_t			id;
162 	u_int32_t			creatorid;
163 } __packed;
164 
165 /*
166  * DEL_C
167  */
168 
169 struct pfsync_del_c {
170 	u_int64_t			id;
171 	u_int32_t			creatorid;
172 } __packed;
173 
174 /*
175  * INS_F, DEL_F
176  */
177 
178 /* not implemented (yet) */
179 
180 /*
181  * BUS
182  */
183 
184 struct pfsync_bus {
185 	u_int32_t			creatorid;
186 	u_int32_t			endtime;
187 	u_int8_t			status;
188 #define	PFSYNC_BUS_START			1
189 #define	PFSYNC_BUS_END				2
190 	u_int8_t			_pad[3];
191 } __packed;
192 
193 /*
194  * TDB
195  */
196 
197 struct pfsync_tdb {
198 	u_int32_t			spi;
199 	union sockaddr_union		dst;
200 	u_int32_t			rpl;
201 	u_int64_t			cur_bytes;
202 	u_int8_t			sproto;
203 	u_int8_t			updates;
204 	u_int8_t			_pad[2];
205 } __packed;
206 
207 #define	PFSYNC_HDRLEN		sizeof(struct pfsync_header)
208 
209 struct pfsyncstats {
210 	u_int64_t	pfsyncs_ipackets;	/* total input packets, IPv4 */
211 	u_int64_t	pfsyncs_ipackets6;	/* total input packets, IPv6 */
212 	u_int64_t	pfsyncs_badif;		/* not the right interface */
213 	u_int64_t	pfsyncs_badttl;		/* TTL is not PFSYNC_DFLTTL */
214 	u_int64_t	pfsyncs_hdrops;		/* packets shorter than hdr */
215 	u_int64_t	pfsyncs_badver;		/* bad (incl unsupp) version */
216 	u_int64_t	pfsyncs_badact;		/* bad action */
217 	u_int64_t	pfsyncs_badlen;		/* data length does not match */
218 	u_int64_t	pfsyncs_badauth;	/* bad authentication */
219 	u_int64_t	pfsyncs_stale;		/* stale state */
220 	u_int64_t	pfsyncs_badval;		/* bad values */
221 	u_int64_t	pfsyncs_badstate;	/* insert/lookup failed */
222 
223 	u_int64_t	pfsyncs_opackets;	/* total output packets, IPv4 */
224 	u_int64_t	pfsyncs_opackets6;	/* total output packets, IPv6 */
225 	u_int64_t	pfsyncs_onomem;		/* no memory for an mbuf */
226 	u_int64_t	pfsyncs_oerrors;	/* ip output error */
227 
228 	u_int64_t	pfsyncs_iacts[PFSYNC_ACT_MAX];
229 	u_int64_t	pfsyncs_oacts[PFSYNC_ACT_MAX];
230 };
231 
232 /*
233  * Configuration structure for SIOCSETPFSYNC SIOCGETPFSYNC
234  */
235 struct pfsyncreq {
236 	char		 pfsyncr_syncdev[IFNAMSIZ];
237 	struct in_addr	 pfsyncr_syncpeer;
238 	int		 pfsyncr_maxupdates;
239 #define	PFSYNCF_OK		0x00000001
240 #define	PFSYNCF_DEFER		0x00000002
241 	int		 pfsyncr_defer;
242 };
243 
244 #define	SIOCSETPFSYNC   _IOW('i', 247, struct ifreq)
245 #define	SIOCGETPFSYNC   _IOWR('i', 248, struct ifreq)
246 
247 #ifdef _KERNEL
248 
249 /*
250  * this shows where a pf state is with respect to the syncing.
251  */
252 #define	PFSYNC_S_INS	0x00
253 #define	PFSYNC_S_IACK	0x01
254 #define	PFSYNC_S_UPD	0x02
255 #define	PFSYNC_S_UPD_C	0x03
256 #define	PFSYNC_S_DEL	0x04
257 #define	PFSYNC_S_COUNT	0x05
258 
259 #define	PFSYNC_S_DEFER	0xfe
260 #define	PFSYNC_S_NONE	0xff
261 
262 #define	PFSYNC_SI_IOCTL		0x01
263 #define	PFSYNC_SI_CKSUM		0x02
264 #define	PFSYNC_SI_ACK		0x04
265 
266 #endif /* _KERNEL */
267 
268 #endif /* _NET_IF_PFSYNC_H_ */
269