1245134Sglebius/*- 2126258Smlaier * Copyright (c) 2001 Michael Shalayeff 3126258Smlaier * All rights reserved. 4126258Smlaier * 5126258Smlaier * Redistribution and use in source and binary forms, with or without 6126258Smlaier * modification, are permitted provided that the following conditions 7126258Smlaier * are met: 8126258Smlaier * 1. Redistributions of source code must retain the above copyright 9126258Smlaier * notice, this list of conditions and the following disclaimer. 10126258Smlaier * 2. Redistributions in binary form must reproduce the above copyright 11126258Smlaier * notice, this list of conditions and the following disclaimer in the 12126258Smlaier * documentation and/or other materials provided with the distribution. 13126258Smlaier * 14126258Smlaier * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 15126258Smlaier * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 16126258Smlaier * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 17126258Smlaier * IN NO EVENT SHALL THE AUTHOR OR HIS RELATIVES BE LIABLE FOR ANY DIRECT, 18126258Smlaier * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 19126258Smlaier * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 20126258Smlaier * SERVICES; LOSS OF MIND, USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 21126258Smlaier * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 22126258Smlaier * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING 23126258Smlaier * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF 24126258Smlaier * THE POSSIBILITY OF SUCH DAMAGE. 25126258Smlaier */ 26126258Smlaier 27245134Sglebius/*- 28223637Sbz * Copyright (c) 2008 David Gwynne <dlg@openbsd.org> 29223637Sbz * 30223637Sbz * Permission to use, copy, modify, and distribute this software for any 31223637Sbz * purpose with or without fee is hereby granted, provided that the above 32223637Sbz * copyright notice and this permission notice appear in all copies. 33223637Sbz * 34223637Sbz * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 35223637Sbz * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 36223637Sbz * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 37223637Sbz * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 38223637Sbz * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 39223637Sbz * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 40223637Sbz * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 41223637Sbz */ 42223637Sbz 43245134Sglebius/* 44245134Sglebius * $OpenBSD: if_pfsync.h,v 1.35 2008/06/29 08:42:15 mcbride Exp $ 45245134Sglebius * $FreeBSD$ 46245134Sglebius */ 47245134Sglebius 48245134Sglebius 49126258Smlaier#ifndef _NET_IF_PFSYNC_H_ 50223637Sbz#define _NET_IF_PFSYNC_H_ 51126258Smlaier 52223637Sbz#define PFSYNC_VERSION 5 53223637Sbz#define PFSYNC_DFLTTL 255 54130613Smlaier 55223637Sbz#define PFSYNC_ACT_CLR 0 /* clear all states */ 56223637Sbz#define PFSYNC_ACT_INS 1 /* insert state */ 57223637Sbz#define PFSYNC_ACT_INS_ACK 2 /* ack of insterted state */ 58223637Sbz#define PFSYNC_ACT_UPD 3 /* update state */ 59223637Sbz#define PFSYNC_ACT_UPD_C 4 /* "compressed" update state */ 60223637Sbz#define PFSYNC_ACT_UPD_REQ 5 /* request "uncompressed" state */ 61223637Sbz#define PFSYNC_ACT_DEL 6 /* delete state */ 62223637Sbz#define PFSYNC_ACT_DEL_C 7 /* "compressed" delete state */ 63223637Sbz#define PFSYNC_ACT_INS_F 8 /* insert fragment */ 64223637Sbz#define PFSYNC_ACT_DEL_F 9 /* delete fragments */ 65223637Sbz#define PFSYNC_ACT_BUS 10 /* bulk update status */ 66223637Sbz#define PFSYNC_ACT_TDB 11 /* TDB replay counter update */ 67223637Sbz#define PFSYNC_ACT_EOF 12 /* end of frame */ 68223637Sbz#define PFSYNC_ACT_MAX 13 69130613Smlaier 70223637Sbz/* 71223637Sbz * A pfsync frame is built from a header followed by several sections which 72223637Sbz * are all prefixed with their own subheaders. Frames must be terminated with 73223637Sbz * an EOF subheader. 74223637Sbz * 75223637Sbz * | ... | 76223637Sbz * | IP header | 77223637Sbz * +============================+ 78223637Sbz * | pfsync_header | 79223637Sbz * +----------------------------+ 80223637Sbz * | pfsync_subheader | 81223637Sbz * +----------------------------+ 82223637Sbz * | first action fields | 83223637Sbz * | ... | 84223637Sbz * +----------------------------+ 85223637Sbz * | pfsync_subheader | 86223637Sbz * +----------------------------+ 87223637Sbz * | second action fields | 88223637Sbz * | ... | 89223637Sbz * +----------------------------+ 90223637Sbz * | EOF pfsync_subheader | 91223637Sbz * +----------------------------+ 92223637Sbz * | HMAC | 93223637Sbz * +============================+ 94223637Sbz */ 95223637Sbz 96223637Sbz/* 97223637Sbz * Frame header 98223637Sbz */ 99223637Sbz 100223637Sbzstruct pfsync_header { 101223637Sbz u_int8_t version; 102223637Sbz u_int8_t _pad; 103223637Sbz u_int16_t len; 104223637Sbz u_int8_t pfcksum[PF_MD5_DIGEST_LENGTH]; 105130613Smlaier} __packed; 106130613Smlaier 107223637Sbz/* 108223637Sbz * Frame region subheader 109223637Sbz */ 110223637Sbz 111223637Sbzstruct pfsync_subheader { 112223637Sbz u_int8_t action; 113223637Sbz u_int8_t _pad; 114223637Sbz u_int16_t count; 115130613Smlaier} __packed; 116130613Smlaier 117223637Sbz/* 118223637Sbz * CLR 119223637Sbz */ 120223637Sbz 121223637Sbzstruct pfsync_clr { 122223637Sbz char ifname[IFNAMSIZ]; 123223637Sbz u_int32_t creatorid; 124130613Smlaier} __packed; 125130613Smlaier 126223637Sbz/* 127223637Sbz * INS, UPD, DEL 128223637Sbz */ 129145836Smlaier 130223637Sbz/* these use struct pfsync_state in pfvar.h */ 131223637Sbz 132223637Sbz/* 133223637Sbz * INS_ACK 134223637Sbz */ 135223637Sbz 136223637Sbzstruct pfsync_ins_ack { 137223637Sbz u_int64_t id; 138223637Sbz u_int32_t creatorid; 139171168Smlaier} __packed; 140171168Smlaier 141223637Sbz/* 142223637Sbz * UPD_C 143223637Sbz */ 144223637Sbz 145223637Sbzstruct pfsync_upd_c { 146223637Sbz u_int64_t id; 147130613Smlaier struct pfsync_state_peer src; 148130613Smlaier struct pfsync_state_peer dst; 149223637Sbz u_int32_t creatorid; 150223637Sbz u_int32_t expire; 151223637Sbz u_int8_t timeout; 152223637Sbz u_int8_t _pad[3]; 153130613Smlaier} __packed; 154130613Smlaier 155223637Sbz/* 156223637Sbz * UPD_REQ 157223637Sbz */ 158130613Smlaier 159223637Sbzstruct pfsync_upd_req { 160223637Sbz u_int64_t id; 161223637Sbz u_int32_t creatorid; 162130613Smlaier} __packed; 163130613Smlaier 164223637Sbz/* 165223637Sbz * DEL_C 166223637Sbz */ 167130613Smlaier 168223637Sbzstruct pfsync_del_c { 169223637Sbz u_int64_t id; 170223637Sbz u_int32_t creatorid; 171130613Smlaier} __packed; 172130613Smlaier 173240233Sglebius/* 174223637Sbz * INS_F, DEL_F 175223637Sbz */ 176130613Smlaier 177223637Sbz/* not implemented (yet) */ 178130613Smlaier 179223637Sbz/* 180223637Sbz * BUS 181223637Sbz */ 182171168Smlaier 183223637Sbzstruct pfsync_bus { 184223637Sbz u_int32_t creatorid; 185223637Sbz u_int32_t endtime; 186223637Sbz u_int8_t status; 187223637Sbz#define PFSYNC_BUS_START 1 188223637Sbz#define PFSYNC_BUS_END 2 189223637Sbz u_int8_t _pad[3]; 190223637Sbz} __packed; 191130613Smlaier 192223637Sbz/* 193223637Sbz * TDB 194223637Sbz */ 195126258Smlaier 196223637Sbzstruct pfsync_tdb { 197223637Sbz u_int32_t spi; 198223637Sbz union sockaddr_union dst; 199223637Sbz u_int32_t rpl; 200223637Sbz u_int64_t cur_bytes; 201223637Sbz u_int8_t sproto; 202223637Sbz u_int8_t updates; 203223637Sbz u_int8_t _pad[2]; 204223637Sbz} __packed; 205171168Smlaier 206223637Sbz#define PFSYNC_HDRLEN sizeof(struct pfsync_header) 207126258Smlaier 208223637Sbz/* 209223637Sbz * Names for PFSYNC sysctl objects 210223637Sbz */ 211223637Sbz#define PFSYNCCTL_STATS 1 /* PFSYNC stats */ 212223637Sbz#define PFSYNCCTL_MAXID 2 213223637Sbz 214130613Smlaierstruct pfsyncstats { 215145836Smlaier u_int64_t pfsyncs_ipackets; /* total input packets, IPv4 */ 216145836Smlaier u_int64_t pfsyncs_ipackets6; /* total input packets, IPv6 */ 217145836Smlaier u_int64_t pfsyncs_badif; /* not the right interface */ 218145836Smlaier u_int64_t pfsyncs_badttl; /* TTL is not PFSYNC_DFLTTL */ 219145836Smlaier u_int64_t pfsyncs_hdrops; /* packets shorter than hdr */ 220145836Smlaier u_int64_t pfsyncs_badver; /* bad (incl unsupp) version */ 221145836Smlaier u_int64_t pfsyncs_badact; /* bad action */ 222145836Smlaier u_int64_t pfsyncs_badlen; /* data length does not match */ 223145836Smlaier u_int64_t pfsyncs_badauth; /* bad authentication */ 224145836Smlaier u_int64_t pfsyncs_stale; /* stale state */ 225145836Smlaier u_int64_t pfsyncs_badval; /* bad values */ 226145836Smlaier u_int64_t pfsyncs_badstate; /* insert/lookup failed */ 227130613Smlaier 228145836Smlaier u_int64_t pfsyncs_opackets; /* total output packets, IPv4 */ 229145836Smlaier u_int64_t pfsyncs_opackets6; /* total output packets, IPv6 */ 230145836Smlaier u_int64_t pfsyncs_onomem; /* no memory for an mbuf */ 231145836Smlaier u_int64_t pfsyncs_oerrors; /* ip output error */ 232240233Sglebius 233240233Sglebius u_int64_t pfsyncs_iacts[PFSYNC_ACT_MAX]; 234240233Sglebius u_int64_t pfsyncs_oacts[PFSYNC_ACT_MAX]; 235130613Smlaier}; 236130613Smlaier 237130613Smlaier/* 238130613Smlaier * Configuration structure for SIOCSETPFSYNC SIOCGETPFSYNC 239130613Smlaier */ 240130613Smlaierstruct pfsyncreq { 241145836Smlaier char pfsyncr_syncdev[IFNAMSIZ]; 242145836Smlaier struct in_addr pfsyncr_syncpeer; 243145836Smlaier int pfsyncr_maxupdates; 244233846Sglebius int pfsyncr_defer; 245130613Smlaier}; 246130613Smlaier 247223637Sbz#define SIOCSETPFSYNC _IOW('i', 247, struct ifreq) 248223637Sbz#define SIOCGETPFSYNC _IOWR('i', 248, struct ifreq) 249130613Smlaier 250223637Sbz#ifdef _KERNEL 251126258Smlaier 252223637Sbz/* 253223637Sbz * this shows where a pf state is with respect to the syncing. 254223637Sbz */ 255223637Sbz#define PFSYNC_S_INS 0x00 256223637Sbz#define PFSYNC_S_IACK 0x01 257223637Sbz#define PFSYNC_S_UPD 0x02 258223637Sbz#define PFSYNC_S_UPD_C 0x03 259223637Sbz#define PFSYNC_S_DEL 0x04 260223637Sbz#define PFSYNC_S_COUNT 0x05 261126258Smlaier 262223637Sbz#define PFSYNC_S_DEFER 0xfe 263223637Sbz#define PFSYNC_S_NONE 0xff 264130613Smlaier 265223637Sbz#define PFSYNC_SI_IOCTL 0x01 266223637Sbz#define PFSYNC_SI_CKSUM 0x02 267223637Sbz#define PFSYNC_SI_ACK 0x04 268223637Sbz 269240233Sglebius#endif /* _KERNEL */ 270223637Sbz 271126258Smlaier#endif /* _NET_IF_PFSYNC_H_ */ 272