1 /*- 2 * SPDX-License-Identifier: BSD-2-Clause 3 * 4 * Copyright (c) 2023 Alexander V. Chernikov <melifaro@FreeBSD.org> 5 * Copyright (c) 2023 Rubicon Communications, LLC (Netgate) 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 2. Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in the 14 * documentation and/or other materials provided with the distribution. 15 * 16 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 17 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 18 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 19 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 20 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 21 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 22 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 23 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 24 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 25 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 26 * SUCH DAMAGE. 27 * 28 */ 29 30 #ifndef _NETPFIL_PF_PF_NL_H_ 31 #define _NETPFIL_PF_PF_NL_H_ 32 33 /* Genetlink family */ 34 #define PFNL_FAMILY_NAME "pfctl" 35 36 /* available commands */ 37 enum { 38 PFNL_CMD_UNSPEC = 0, 39 PFNL_CMD_GETSTATES = 1, 40 PFNL_CMD_GETCREATORS = 2, 41 PFNL_CMD_START = 3, 42 PFNL_CMD_STOP = 4, 43 PFNL_CMD_ADDRULE = 5, 44 __PFNL_CMD_MAX, 45 }; 46 #define PFNL_CMD_MAX (__PFNL_CMD_MAX -1) 47 48 enum pfstate_key_type_t { 49 PF_STK_UNSPEC, 50 PF_STK_ADDR0 = 1, /* ip */ 51 PF_STK_ADDR1 = 2, /* ip */ 52 PF_STK_PORT0 = 3, /* u16 */ 53 PF_STK_PORT1 = 4, /* u16 */ 54 }; 55 56 enum pfstate_peer_type_t { 57 PF_STP_UNSPEC, 58 PF_STP_PFSS_FLAGS = 1, /* u16 */ 59 PF_STP_PFSS_TTL = 2, /* u8 */ 60 PF_STP_SCRUB_FLAG = 3, /* u8 */ 61 PF_STP_PFSS_TS_MOD = 4, /* u32 */ 62 PF_STP_SEQLO = 5, /* u32 */ 63 PF_STP_SEQHI = 6, /* u32 */ 64 PF_STP_SEQDIFF = 7, /* u32 */ 65 PF_STP_MAX_WIN = 8, /* u16 */ 66 PF_STP_MSS = 9, /* u16 */ 67 PF_STP_STATE = 10, /* u8 */ 68 PF_STP_WSCALE = 11, /* u8 */ 69 }; 70 71 enum pfstate_type_t { 72 PF_ST_UNSPEC, 73 PF_ST_ID = 1, /* u32, state id */ 74 PF_ST_CREATORID = 2, /* u32, */ 75 PF_ST_IFNAME = 3, /* string */ 76 PF_ST_ORIG_IFNAME = 4, /* string */ 77 PF_ST_KEY_WIRE = 5, /* nested, pfstate_key_type_t */ 78 PF_ST_KEY_STACK = 6, /* nested, pfstate_key_type_t */ 79 PF_ST_PEER_SRC = 7, /* nested, pfstate_peer_type_t*/ 80 PF_ST_PEER_DST = 8, /* nested, pfstate_peer_type_t */ 81 PF_ST_RT_ADDR = 9, /* ip */ 82 PF_ST_RULE = 10, /* u32 */ 83 PF_ST_ANCHOR = 11, /* u32 */ 84 PF_ST_NAT_RULE = 12, /* u32 */ 85 PF_ST_CREATION = 13, /* u32 */ 86 PF_ST_EXPIRE = 14, /* u32 */ 87 PF_ST_PACKETS0 = 15, /* u64 */ 88 PF_ST_PACKETS1 = 16, /* u64 */ 89 PF_ST_BYTES0 = 17, /* u64 */ 90 PF_ST_BYTES1 = 18, /* u64 */ 91 PF_ST_AF = 19, /* u8 */ 92 PF_ST_PROTO = 21, /* u8 */ 93 PF_ST_DIRECTION = 22, /* u8 */ 94 PF_ST_LOG = 23, /* u8 */ 95 PF_ST_TIMEOUT = 24, /* u8 */ 96 PF_ST_STATE_FLAGS = 25, /* u8 */ 97 PF_ST_SYNC_FLAGS = 26, /* u8 */ 98 PF_ST_UPDATES = 27, /* u8 */ 99 PF_ST_VERSION = 28, /* u64 */ 100 PF_ST_FILTER_ADDR = 29, /* in6_addr */ 101 PF_ST_FILTER_MASK = 30, /* in6_addr */ 102 }; 103 104 enum pf_addr_type_t { 105 PF_AT_UNSPEC, 106 PF_AT_ADDR = 1, /* in6_addr */ 107 PF_AT_MASK = 2, /* in6_addr */ 108 PF_AT_IFNAME = 3, /* string */ 109 PF_AT_TABLENAME = 4, /* string */ 110 PF_AT_TYPE = 5, /* u8 */ 111 PF_AT_IFLAGS = 6, /* u8 */ 112 }; 113 114 enum pfrule_addr_type_t { 115 PF_RAT_UNSPEC, 116 PF_RAT_ADDR = 1, /* nested, pf_addr_type_t */ 117 PF_RAT_SRC_PORT = 2, /* u16 */ 118 PF_RAT_DST_PORT = 3, /* u16 */ 119 PF_RAT_NEG = 4, /* u8 */ 120 PF_RAT_OP = 5, /* u8 */ 121 }; 122 123 enum pf_labels_type_t { 124 PF_LT_UNSPEC, 125 PF_LT_LABEL = 1, /* string */ 126 }; 127 128 enum pf_mape_portset_type_t 129 { 130 PF_MET_UNSPEC, 131 PF_MET_OFFSET = 1, /* u8 */ 132 PF_MET_PSID_LEN = 2, /* u8 */ 133 PF_MET_PSID = 3, /* u16 */ 134 }; 135 136 enum pf_rpool_type_t 137 { 138 PF_PT_UNSPEC, 139 PF_PT_KEY = 1, /* bytes, sizeof(struct pf_poolhashkey) */ 140 PF_PT_COUNTER = 2, /* in6_addr */ 141 PF_PT_TBLIDX = 3, /* u32 */ 142 PF_PT_PROXY_SRC_PORT = 4, /* u16 */ 143 PF_PT_PROXY_DST_PORT = 5, /* u16 */ 144 PF_PT_OPTS = 6, /* u8 */ 145 PF_PT_MAPE = 7, /* nested, pf_mape_portset_type_t */ 146 }; 147 148 enum pf_timeout_type_t { 149 PF_TT_UNSPEC, 150 PF_TT_TIMEOUT = 1, /* u32 */ 151 }; 152 153 enum pf_rule_uid_type_t { 154 PF_RUT_UNSPEC, 155 PF_RUT_UID_LOW = 1, /* u32 */ 156 PF_RUT_UID_HIGH = 2, /* u32 */ 157 PF_RUT_OP = 3, /* u8 */ 158 }; 159 160 enum pf_rule_type_t { 161 PF_RT_UNSPEC, 162 PF_RT_SRC = 1, /* nested, pf_rule_addr_type_t */ 163 PF_RT_DST = 2, /* nested, pf_rule_addr_type_t */ 164 PF_RT_RIDENTIFIER = 3, /* u32 */ 165 PF_RT_LABELS = 4, /* nested, pf_labels_type_t */ 166 PF_RT_IFNAME = 5, /* string */ 167 PF_RT_QNAME = 6, /* string */ 168 PF_RT_PQNAME = 7, /* string */ 169 PF_RT_TAGNAME = 8, /* string */ 170 PF_RT_MATCH_TAGNAME = 9, /* string */ 171 PF_RT_OVERLOAD_TBLNAME = 10, /* string */ 172 PF_RT_RPOOL = 11, /* nested, pf_rpool_type_t */ 173 PF_RT_OS_FINGERPRINT = 12, /* u32 */ 174 PF_RT_RTABLEID = 13, /* u32 */ 175 PF_RT_TIMEOUT = 14, /* nested, pf_timeout_type_t */ 176 PF_RT_MAX_STATES = 15, /* u32 */ 177 PF_RT_MAX_SRC_NODES = 16, /* u32 */ 178 PF_RT_MAX_SRC_STATES = 17, /* u32 */ 179 PF_RT_MAX_SRC_CONN_RATE_LIMIT = 18, /* u32 */ 180 PF_RT_MAX_SRC_CONN_RATE_SECS = 19, /* u32 */ 181 PF_RT_DNPIPE = 20, /* u16 */ 182 PF_RT_DNRPIPE = 21, /* u16 */ 183 PF_RT_DNFLAGS = 22, /* u32 */ 184 PF_RT_NR = 23, /* u32 */ 185 PF_RT_PROB = 24, /* u32 */ 186 PF_RT_CUID = 25, /* u32 */ 187 PF_RT_CPID = 26, /* u32 */ 188 PF_RT_RETURN_ICMP = 27, /* u16 */ 189 PF_RT_RETURN_ICMP6 = 28, /* u16 */ 190 PF_RT_MAX_MSS = 29, /* u16 */ 191 PF_RT_SCRUB_FLAGS = 30, /* u16 */ 192 PF_RT_UID = 31, /* nested, pf_rule_uid_type_t */ 193 PF_RT_GID = 32, /* nested, pf_rule_uid_type_t */ 194 PF_RT_RULE_FLAG = 33, /* u32 */ 195 PF_RT_ACTION = 34, /* u8 */ 196 PF_RT_DIRECTION = 35, /* u8 */ 197 PF_RT_LOG = 36, /* u8 */ 198 PF_RT_LOGIF = 37, /* u8 */ 199 PF_RT_QUICK = 38, /* u8 */ 200 PF_RT_IF_NOT = 39, /* u8 */ 201 PF_RT_MATCH_TAG_NOT = 40, /* u8 */ 202 PF_RT_NATPASS = 41, /* u8 */ 203 PF_RT_KEEP_STATE = 42, /* u8 */ 204 PF_RT_AF = 43, /* u8 */ 205 PF_RT_PROTO = 44, /* u8 */ 206 PF_RT_TYPE = 45, /* u8 */ 207 PF_RT_CODE = 46, /* u8 */ 208 PF_RT_FLAGS = 47, /* u8 */ 209 PF_RT_FLAGSET = 48, /* u8 */ 210 PF_RT_MIN_TTL = 49, /* u8 */ 211 PF_RT_ALLOW_OPTS = 50, /* u8 */ 212 PF_RT_RT = 51, /* u8 */ 213 PF_RT_RETURN_TTL = 52, /* u8 */ 214 PF_RT_TOS = 53, /* u8 */ 215 PF_RT_SET_TOS = 54, /* u8 */ 216 PF_RT_ANCHOR_RELATIVE = 55, /* u8 */ 217 PF_RT_ANCHOR_WILDCARD = 56, /* u8 */ 218 PF_RT_FLUSH = 57, /* u8 */ 219 PF_RT_PRIO = 58, /* u8 */ 220 PF_RT_SET_PRIO = 59, /* u8 */ 221 PF_RT_SET_PRIO_REPLY = 60, /* u8 */ 222 PF_RT_DIVERT_ADDRESS = 61, /* in6_addr */ 223 PF_RT_DIVERT_PORT = 62, /* u16 */ 224 }; 225 226 enum pf_addrule_type_t { 227 PF_ART_UNSPEC, 228 PF_ART_TICKET = 1, /* u32 */ 229 PF_ART_POOL_TICKET = 2, /* u32 */ 230 PF_ART_ANCHOR = 3, /* string */ 231 PF_ART_ANCHOR_CALL = 4, /* string */ 232 PF_ART_RULE = 5, /* nested, pfrule_type_t */ 233 }; 234 235 #ifdef _KERNEL 236 237 void pf_nl_register(void); 238 void pf_nl_unregister(void); 239 240 #endif 241 242 #endif 243