17c478bd9Sstevel@tonic-gate /* 27c478bd9Sstevel@tonic-gate * CDDL HEADER START 37c478bd9Sstevel@tonic-gate * 47c478bd9Sstevel@tonic-gate * The contents of this file are subject to the terms of the 5*605445d5Sdg199075 * Common Development and Distribution License (the "License"). 6*605445d5Sdg199075 * You may not use this file except in compliance with the License. 77c478bd9Sstevel@tonic-gate * 87c478bd9Sstevel@tonic-gate * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 97c478bd9Sstevel@tonic-gate * or http://www.opensolaris.org/os/licensing. 107c478bd9Sstevel@tonic-gate * See the License for the specific language governing permissions 117c478bd9Sstevel@tonic-gate * and limitations under the License. 127c478bd9Sstevel@tonic-gate * 137c478bd9Sstevel@tonic-gate * When distributing Covered Code, include this CDDL HEADER in each 147c478bd9Sstevel@tonic-gate * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 157c478bd9Sstevel@tonic-gate * If applicable, add the following below this CDDL HEADER, with the 167c478bd9Sstevel@tonic-gate * fields enclosed by brackets "[]" replaced with your own identifying 177c478bd9Sstevel@tonic-gate * information: Portions Copyright [yyyy] [name of copyright owner] 187c478bd9Sstevel@tonic-gate * 197c478bd9Sstevel@tonic-gate * CDDL HEADER END 207c478bd9Sstevel@tonic-gate */ 217c478bd9Sstevel@tonic-gate /* 22*605445d5Sdg199075 * Copyright 2006 Sun Microsystems, Inc. All rights reserved. 23*605445d5Sdg199075 * Use is subject to license terms. 247c478bd9Sstevel@tonic-gate */ 257c478bd9Sstevel@tonic-gate 267c478bd9Sstevel@tonic-gate #ifndef _SYS_PFMOD_H 277c478bd9Sstevel@tonic-gate #define _SYS_PFMOD_H 287c478bd9Sstevel@tonic-gate 297c478bd9Sstevel@tonic-gate #pragma ident "%Z%%M% %I% %E% SMI" 307c478bd9Sstevel@tonic-gate 317c478bd9Sstevel@tonic-gate #ifdef __cplusplus 327c478bd9Sstevel@tonic-gate extern "C" { 337c478bd9Sstevel@tonic-gate #endif 347c478bd9Sstevel@tonic-gate 357c478bd9Sstevel@tonic-gate /* 367c478bd9Sstevel@tonic-gate * Ioctls. 377c478bd9Sstevel@tonic-gate */ 387c478bd9Sstevel@tonic-gate #define PFIOC ('P' << 8) 397c478bd9Sstevel@tonic-gate #define PFIOCSETF (PFIOC|1) /* replace current packet filter */ 407c478bd9Sstevel@tonic-gate 417c478bd9Sstevel@tonic-gate #define ENMAXFILTERS 255 /* maximum filter short words */ 427c478bd9Sstevel@tonic-gate #define PF_MAXFILTERS 2047 /* max short words for newpacketfilt */ 437c478bd9Sstevel@tonic-gate 447c478bd9Sstevel@tonic-gate /* 457c478bd9Sstevel@tonic-gate * filter structure for SETF 467c478bd9Sstevel@tonic-gate */ 477c478bd9Sstevel@tonic-gate struct packetfilt { 487c478bd9Sstevel@tonic-gate uchar_t Pf_Priority; /* priority of filter */ 497c478bd9Sstevel@tonic-gate uchar_t Pf_FilterLen; /* length of filter cmd list */ 507c478bd9Sstevel@tonic-gate ushort_t Pf_Filter[ENMAXFILTERS]; /* filter command list */ 517c478bd9Sstevel@tonic-gate }; 527c478bd9Sstevel@tonic-gate 537c478bd9Sstevel@tonic-gate /* 547c478bd9Sstevel@tonic-gate * The extended packet filter structure 557c478bd9Sstevel@tonic-gate */ 567c478bd9Sstevel@tonic-gate struct Pf_ext_packetfilt { 577c478bd9Sstevel@tonic-gate uchar_t Pf_Priority; /* priority of filter */ 587c478bd9Sstevel@tonic-gate unsigned int Pf_FilterLen; /* length of filter cmd list */ 597c478bd9Sstevel@tonic-gate ushort_t Pf_Filter[PF_MAXFILTERS]; /* filter command list */ 607c478bd9Sstevel@tonic-gate }; 617c478bd9Sstevel@tonic-gate 627c478bd9Sstevel@tonic-gate /* 637c478bd9Sstevel@tonic-gate * We now allow specification of up to MAXFILTERS (short) words of a filter 647c478bd9Sstevel@tonic-gate * command list to be applied to incoming packets to determine if 657c478bd9Sstevel@tonic-gate * those packets should be given to a particular open ethernet file. 667c478bd9Sstevel@tonic-gate * Alternatively, PF_MAXFILTERS and Pf_ext_packetfilt structure can be 677c478bd9Sstevel@tonic-gate * used in case even bigger filter command list is needed. 687c478bd9Sstevel@tonic-gate * 697c478bd9Sstevel@tonic-gate * In this context, "word" means a short (16-bit) integer. 707c478bd9Sstevel@tonic-gate * 71*605445d5Sdg199075 * The filter command list is specified using ioctl(). Each filter command 72*605445d5Sdg199075 * list specifies a sequence of actions that leaves a boolean value on the 73*605445d5Sdg199075 * top of an internal stack. There is also an offset register which is 74*605445d5Sdg199075 * initialized to zero. Each word of the command list specifies an action 75*605445d5Sdg199075 * from the set {PUSHLIT, PUSHZERO, PUSHWORD+N, LOAD_OFFSET, BRTR, BRFL, POP} 76*605445d5Sdg199075 * (see #defines below for definitions), and a binary operator from the set 77*605445d5Sdg199075 * {EQ, LT, LE, GT, GE, AND, OR, XOR} which operates on the top two elements 78*605445d5Sdg199075 * of the stack and replaces them with its result. The special action NOPUSH 79*605445d5Sdg199075 * and the special operator NOP can be used to only perform the binary 80*605445d5Sdg199075 * operation or to only push a value on the stack. 817c478bd9Sstevel@tonic-gate * 827c478bd9Sstevel@tonic-gate * If the final value of the filter operation is true, then the packet is 837c478bd9Sstevel@tonic-gate * accepted for the open file which specified the filter. 847c478bd9Sstevel@tonic-gate */ 857c478bd9Sstevel@tonic-gate 867c478bd9Sstevel@tonic-gate /* these must sum to sizeof (ushort_t)! */ 877c478bd9Sstevel@tonic-gate #define ENF_NBPA 10 /* # bits / action */ 887c478bd9Sstevel@tonic-gate #define ENF_NBPO 6 /* # bits / operator */ 897c478bd9Sstevel@tonic-gate 907c478bd9Sstevel@tonic-gate /* binary operators */ 917c478bd9Sstevel@tonic-gate #define ENF_NOP (0 << ENF_NBPA) 927c478bd9Sstevel@tonic-gate #define ENF_EQ (1 << ENF_NBPA) 937c478bd9Sstevel@tonic-gate #define ENF_LT (2 << ENF_NBPA) 947c478bd9Sstevel@tonic-gate #define ENF_LE (3 << ENF_NBPA) 957c478bd9Sstevel@tonic-gate #define ENF_GT (4 << ENF_NBPA) 967c478bd9Sstevel@tonic-gate #define ENF_GE (5 << ENF_NBPA) 977c478bd9Sstevel@tonic-gate #define ENF_AND (6 << ENF_NBPA) 987c478bd9Sstevel@tonic-gate #define ENF_OR (7 << ENF_NBPA) 997c478bd9Sstevel@tonic-gate #define ENF_XOR (8 << ENF_NBPA) 1007c478bd9Sstevel@tonic-gate #define ENF_COR (9 << ENF_NBPA) 1017c478bd9Sstevel@tonic-gate #define ENF_CAND (10 << ENF_NBPA) 1027c478bd9Sstevel@tonic-gate #define ENF_CNOR (11 << ENF_NBPA) 1037c478bd9Sstevel@tonic-gate #define ENF_CNAND (12 << ENF_NBPA) 1047c478bd9Sstevel@tonic-gate #define ENF_NEQ (13 << ENF_NBPA) 1057c478bd9Sstevel@tonic-gate 1067c478bd9Sstevel@tonic-gate /* stack actions */ 1077c478bd9Sstevel@tonic-gate #define ENF_NOPUSH 0 108*605445d5Sdg199075 #define ENF_PUSHLIT 1 /* Push the next word on the stack */ 109*605445d5Sdg199075 #define ENF_PUSHZERO 2 /* Push 0 on the stack */ 110*605445d5Sdg199075 #define ENF_PUSHONE 3 /* Push 1 on the stack */ 111*605445d5Sdg199075 #define ENF_PUSHFFFF 4 /* Push 0xffff on the stack */ 112*605445d5Sdg199075 #define ENF_PUSHFF00 5 /* Push 0xff00 on the stack */ 113*605445d5Sdg199075 #define ENF_PUSH00FF 6 /* Push 0x00ff on the stack */ 114*605445d5Sdg199075 #define ENF_LOAD_OFFSET 7 /* Load the next word into the offset register */ 115*605445d5Sdg199075 #define ENF_BRTR 8 /* Branch if the stack's top element is true */ 116*605445d5Sdg199075 #define ENF_BRFL 9 /* Branch if the stack's top element is false */ 117*605445d5Sdg199075 #define ENF_POP 10 /* Pop the top element from the stack */ 1187c478bd9Sstevel@tonic-gate #define ENF_PUSHWORD 16 1197c478bd9Sstevel@tonic-gate 1207c478bd9Sstevel@tonic-gate #ifdef __cplusplus 1217c478bd9Sstevel@tonic-gate } 1227c478bd9Sstevel@tonic-gate #endif 1237c478bd9Sstevel@tonic-gate 1247c478bd9Sstevel@tonic-gate #endif /* _SYS_PFMOD_H */ 125