1 /* $FreeBSD$ */ 2 /* $NetBSD: pfil.h,v 1.22 2003/06/23 12:57:08 martin Exp $ */ 3 4 /*- 5 * SPDX-License-Identifier: BSD-3-Clause 6 * 7 * Copyright (c) 2019 Gleb Smirnoff <glebius@FreeBSD.org> 8 * Copyright (c) 1996 Matthew R. Green 9 * All rights reserved. 10 * 11 * Redistribution and use in source and binary forms, with or without 12 * modification, are permitted provided that the following conditions 13 * are met: 14 * 1. Redistributions of source code must retain the above copyright 15 * notice, this list of conditions and the following disclaimer. 16 * 2. Redistributions in binary form must reproduce the above copyright 17 * notice, this list of conditions and the following disclaimer in the 18 * documentation and/or other materials provided with the distribution. 19 * 3. The name of the author may not be used to endorse or promote products 20 * derived from this software without specific prior written permission. 21 * 22 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 23 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 24 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 25 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 26 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, 27 * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 28 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED 29 * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 30 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 31 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 32 * SUCH DAMAGE. 33 */ 34 35 #ifndef _NET_PFIL_H_ 36 #define _NET_PFIL_H_ 37 38 #include <sys/ioccom.h> 39 40 enum pfil_types { 41 PFIL_TYPE_IP4, 42 PFIL_TYPE_IP6, 43 PFIL_TYPE_ETHERNET, 44 }; 45 46 #define MAXPFILNAME 64 47 48 struct pfilioc_head { 49 char pio_name[MAXPFILNAME]; 50 int pio_nhooksin; 51 int pio_nhooksout; 52 enum pfil_types pio_type; 53 }; 54 55 struct pfilioc_hook { 56 char pio_module[MAXPFILNAME]; 57 char pio_ruleset[MAXPFILNAME]; 58 int pio_flags; 59 enum pfil_types pio_type; 60 }; 61 62 struct pfilioc_list { 63 u_int pio_nheads; 64 u_int pio_nhooks; 65 struct pfilioc_head *pio_heads; 66 struct pfilioc_hook *pio_hooks; 67 }; 68 69 struct pfilioc_link { 70 char pio_name[MAXPFILNAME]; 71 char pio_module[MAXPFILNAME]; 72 char pio_ruleset[MAXPFILNAME]; 73 int pio_flags; 74 }; 75 76 #define PFILDEV "pfil" 77 #define PFILIOC_LISTHEADS _IOWR('P', 1, struct pfilioc_list) 78 #define PFILIOC_LISTHOOKS _IOWR('P', 2, struct pfilioc_list) 79 #define PFILIOC_LINK _IOW('P', 3, struct pfilioc_link) 80 81 #define PFIL_IN 0x00010000 82 #define PFIL_OUT 0x00020000 83 /* UNUSED 0x00040000 */ 84 #define PFIL_DIR(f) ((f) & (PFIL_IN|PFIL_OUT)) 85 #define PFIL_HEADPTR 0x00100000 86 #define PFIL_HOOKPTR 0x00200000 87 #define PFIL_APPEND 0x00400000 88 #define PFIL_UNLINK 0x00800000 89 90 #ifdef _KERNEL 91 struct mbuf; 92 struct ifnet; 93 struct inpcb; 94 95 typedef enum { 96 PFIL_PASS = 0, 97 PFIL_DROPPED, 98 PFIL_CONSUMED, 99 PFIL_REALLOCED, 100 } pfil_return_t; 101 102 typedef pfil_return_t (*pfil_mbuf_chk_t)(struct mbuf **, struct ifnet *, int, 103 void *, struct inpcb *); 104 typedef pfil_return_t (*pfil_mem_chk_t)(void *, u_int, int, struct ifnet *, 105 void *, struct mbuf **); 106 107 /* 108 * A pfil head is created by a packet intercept point. 109 * 110 * A pfil hook is created by a packet filter. 111 * 112 * Hooks are chained on heads. Historically some hooking happens 113 * automatically, e.g. ipfw(4), pf(4) and ipfilter(4) would register 114 * theirselves on IPv4 and IPv6 input/output. 115 */ 116 117 typedef struct pfil_hook * pfil_hook_t; 118 typedef struct pfil_head * pfil_head_t; 119 120 /* 121 * Give us a chance to modify pfil_xxx_args structures in future. 122 */ 123 #define PFIL_VERSION 2 124 125 /* Argument structure used by packet filters to register themselves. */ 126 struct pfil_hook_args { 127 int pa_version; 128 int pa_flags; 129 enum pfil_types pa_type; 130 pfil_mbuf_chk_t pa_mbuf_chk; 131 pfil_mem_chk_t pa_mem_chk; 132 void *pa_ruleset; 133 const char *pa_modname; 134 const char *pa_rulname; 135 }; 136 137 /* Public functions for pfil hook management by packet filters. */ 138 pfil_hook_t pfil_add_hook(struct pfil_hook_args *); 139 void pfil_remove_hook(pfil_hook_t); 140 141 /* Argument structure used by ioctl() and packet filters to set filters. */ 142 struct pfil_link_args { 143 int pa_version; 144 int pa_flags; 145 union { 146 const char *pa_headname; 147 pfil_head_t pa_head; 148 }; 149 union { 150 struct { 151 const char *pa_modname; 152 const char *pa_rulname; 153 }; 154 pfil_hook_t pa_hook; 155 }; 156 }; 157 158 /* Public function to configure filter chains. Used by ioctl() and filters. */ 159 int pfil_link(struct pfil_link_args *); 160 161 /* Argument structure used by inspection points to register themselves. */ 162 struct pfil_head_args { 163 int pa_version; 164 int pa_flags; 165 enum pfil_types pa_type; 166 const char *pa_headname; 167 }; 168 169 /* Public functions for pfil head management by inspection points. */ 170 pfil_head_t pfil_head_register(struct pfil_head_args *); 171 void pfil_head_unregister(pfil_head_t); 172 173 /* Public functions to run the packet inspection by inspection points. */ 174 int pfil_mem_in(struct pfil_head *, void *, u_int, struct ifnet *, 175 struct mbuf **); 176 int pfil_mem_out(struct pfil_head *, void *, u_int, struct ifnet *, 177 struct mbuf **); 178 int pfil_mbuf_in(struct pfil_head *, struct mbuf **, struct ifnet *, 179 struct inpcb *inp); 180 int pfil_mbuf_out(struct pfil_head *, struct mbuf **, struct ifnet *, 181 struct inpcb *inp); 182 183 /* 184 * Minimally exposed structure to avoid function call in case of absence 185 * of any filters by protocols and macros to do the check. 186 */ 187 struct _pfil_head { 188 int head_nhooksin; 189 int head_nhooksout; 190 }; 191 #define PFIL_HOOKED_IN(p) (((struct _pfil_head *)(p))->head_nhooksin > 0) 192 #define PFIL_HOOKED_OUT(p) (((struct _pfil_head *)(p))->head_nhooksout > 0) 193 194 #endif /* _KERNEL */ 195 #endif /* _NET_PFIL_H_ */ 196