[BACK]Return to if_pfsync.h CVS log [TXT][DIR] Up to [local] / sys / net

Annotation of sys/net/if_pfsync.h, Revision 1.1

1.1     ! nbrk        1: /*     $OpenBSD: if_pfsync.h,v 1.31 2007/05/31 04:11:42 mcbride Exp $  */
        !             2:
        !             3: /*
        !             4:  * Copyright (c) 2001 Michael Shalayeff
        !             5:  * All rights reserved.
        !             6:  *
        !             7:  * Redistribution and use in source and binary forms, with or without
        !             8:  * modification, are permitted provided that the following conditions
        !             9:  * are met:
        !            10:  * 1. Redistributions of source code must retain the above copyright
        !            11:  *    notice, this list of conditions and the following disclaimer.
        !            12:  * 2. Redistributions in binary form must reproduce the above copyright
        !            13:  *    notice, this list of conditions and the following disclaimer in the
        !            14:  *    documentation and/or other materials provided with the distribution.
        !            15:  *
        !            16:  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
        !            17:  * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
        !            18:  * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
        !            19:  * IN NO EVENT SHALL THE AUTHOR OR HIS RELATIVES BE LIABLE FOR ANY DIRECT,
        !            20:  * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
        !            21:  * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
        !            22:  * SERVICES; LOSS OF MIND, USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
        !            23:  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
        !            24:  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
        !            25:  * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
        !            26:  * THE POSSIBILITY OF SUCH DAMAGE.
        !            27:  */
        !            28:
        !            29: #ifndef _NET_IF_PFSYNC_H_
        !            30: #define _NET_IF_PFSYNC_H_
        !            31:
        !            32:
        !            33: #define PFSYNC_ID_LEN  sizeof(u_int64_t)
        !            34:
        !            35: struct pfsync_tdb {
        !            36:        u_int32_t       spi;
        !            37:        union sockaddr_union dst;
        !            38:        u_int32_t       rpl;
        !            39:        u_int64_t       cur_bytes;
        !            40:        u_int8_t        sproto;
        !            41:        u_int8_t        updates;
        !            42:        u_int8_t        pad[2];
        !            43: } __packed;
        !            44:
        !            45: struct pfsync_state_upd {
        !            46:        u_int32_t               id[2];
        !            47:        struct pfsync_state_peer        src;
        !            48:        struct pfsync_state_peer        dst;
        !            49:        u_int32_t               creatorid;
        !            50:        u_int32_t               expire;
        !            51:        u_int8_t                timeout;
        !            52:        u_int8_t                updates;
        !            53:        u_int8_t                pad[6];
        !            54: } __packed;
        !            55:
        !            56: struct pfsync_state_del {
        !            57:        u_int32_t               id[2];
        !            58:        u_int32_t               creatorid;
        !            59:        struct {
        !            60:                u_int8_t        state;
        !            61:        } src;
        !            62:        struct {
        !            63:                u_int8_t        state;
        !            64:        } dst;
        !            65:        u_int8_t                pad[2];
        !            66: } __packed;
        !            67:
        !            68: struct pfsync_state_upd_req {
        !            69:        u_int32_t               id[2];
        !            70:        u_int32_t               creatorid;
        !            71:        u_int32_t               pad;
        !            72: } __packed;
        !            73:
        !            74: struct pfsync_state_clr {
        !            75:        char                    ifname[IFNAMSIZ];
        !            76:        u_int32_t               creatorid;
        !            77:        u_int32_t               pad;
        !            78: } __packed;
        !            79:
        !            80: struct pfsync_state_bus {
        !            81:        u_int32_t               creatorid;
        !            82:        u_int32_t               endtime;
        !            83:        u_int8_t                status;
        !            84: #define PFSYNC_BUS_START       1
        !            85: #define PFSYNC_BUS_END         2
        !            86:        u_int8_t                pad[7];
        !            87: } __packed;
        !            88:
        !            89: #ifdef _KERNEL
        !            90:
        !            91: union sc_statep {
        !            92:        struct pfsync_state     *s;
        !            93:        struct pfsync_state_upd *u;
        !            94:        struct pfsync_state_del *d;
        !            95:        struct pfsync_state_clr *c;
        !            96:        struct pfsync_state_bus *b;
        !            97:        struct pfsync_state_upd_req     *r;
        !            98: };
        !            99:
        !           100: union sc_tdb_statep {
        !           101:        struct pfsync_tdb       *t;
        !           102: };
        !           103:
        !           104: extern int     pfsync_sync_ok;
        !           105:
        !           106: struct pfsync_softc {
        !           107:        struct ifnet             sc_if;
        !           108:        struct ifnet            *sc_sync_ifp;
        !           109:
        !           110:        struct ip_moptions       sc_imo;
        !           111:        struct timeout           sc_tmo;
        !           112:        struct timeout           sc_tdb_tmo;
        !           113:        struct timeout           sc_bulk_tmo;
        !           114:        struct timeout           sc_bulkfail_tmo;
        !           115:        struct in_addr           sc_sync_peer;
        !           116:        struct in_addr           sc_sendaddr;
        !           117:        struct mbuf             *sc_mbuf;       /* current cumulative mbuf */
        !           118:        struct mbuf             *sc_mbuf_net;   /* current cumulative mbuf */
        !           119:        struct mbuf             *sc_mbuf_tdb;   /* dito for TDB updates */
        !           120:        union sc_statep          sc_statep;
        !           121:        union sc_statep          sc_statep_net;
        !           122:        union sc_tdb_statep      sc_statep_tdb;
        !           123:        u_int32_t                sc_ureq_received;
        !           124:        u_int32_t                sc_ureq_sent;
        !           125:        struct pf_state         *sc_bulk_send_next;
        !           126:        struct pf_state         *sc_bulk_terminator;
        !           127:        int                      sc_bulk_tries;
        !           128:        int                      sc_maxcount;   /* number of states in mtu */
        !           129:        int                      sc_maxupdates; /* number of updates/state */
        !           130: };
        !           131:
        !           132: extern struct pfsync_softc     *pfsyncif;
        !           133: #endif
        !           134:
        !           135:
        !           136: struct pfsync_header {
        !           137:        u_int8_t version;
        !           138: #define        PFSYNC_VERSION  3
        !           139:        u_int8_t af;
        !           140:        u_int8_t action;
        !           141: #define        PFSYNC_ACT_CLR          0       /* clear all states */
        !           142: #define        PFSYNC_ACT_INS          1       /* insert state */
        !           143: #define        PFSYNC_ACT_UPD          2       /* update state */
        !           144: #define        PFSYNC_ACT_DEL          3       /* delete state */
        !           145: #define        PFSYNC_ACT_UPD_C        4       /* "compressed" state update */
        !           146: #define        PFSYNC_ACT_DEL_C        5       /* "compressed" state delete */
        !           147: #define        PFSYNC_ACT_INS_F        6       /* insert fragment */
        !           148: #define        PFSYNC_ACT_DEL_F        7       /* delete fragments */
        !           149: #define        PFSYNC_ACT_UREQ         8       /* request "uncompressed" state */
        !           150: #define PFSYNC_ACT_BUS         9       /* Bulk Update Status */
        !           151: #define PFSYNC_ACT_TDB_UPD     10      /* TDB replay counter update */
        !           152: #define        PFSYNC_ACT_MAX          11
        !           153:        u_int8_t count;
        !           154:        u_int8_t pf_chksum[PF_MD5_DIGEST_LENGTH];
        !           155: } __packed;
        !           156:
        !           157: #define PFSYNC_BULKPACKETS     1       /* # of packets per timeout */
        !           158: #define PFSYNC_MAX_BULKTRIES   12
        !           159: #define PFSYNC_HDRLEN  sizeof(struct pfsync_header)
        !           160: #define        PFSYNC_ACTIONS \
        !           161:        "CLR ST", "INS ST", "UPD ST", "DEL ST", \
        !           162:        "UPD ST COMP", "DEL ST COMP", "INS FR", "DEL FR", \
        !           163:        "UPD REQ", "BLK UPD STAT", "TDB UPD"
        !           164:
        !           165: #define PFSYNC_DFLTTL          255
        !           166:
        !           167: struct pfsyncstats {
        !           168:        u_int64_t       pfsyncs_ipackets;       /* total input packets, IPv4 */
        !           169:        u_int64_t       pfsyncs_ipackets6;      /* total input packets, IPv6 */
        !           170:        u_int64_t       pfsyncs_badif;          /* not the right interface */
        !           171:        u_int64_t       pfsyncs_badttl;         /* TTL is not PFSYNC_DFLTTL */
        !           172:        u_int64_t       pfsyncs_hdrops;         /* packets shorter than hdr */
        !           173:        u_int64_t       pfsyncs_badver;         /* bad (incl unsupp) version */
        !           174:        u_int64_t       pfsyncs_badact;         /* bad action */
        !           175:        u_int64_t       pfsyncs_badlen;         /* data length does not match */
        !           176:        u_int64_t       pfsyncs_badauth;        /* bad authentication */
        !           177:        u_int64_t       pfsyncs_stale;          /* stale state */
        !           178:        u_int64_t       pfsyncs_badval;         /* bad values */
        !           179:        u_int64_t       pfsyncs_badstate;       /* insert/lookup failed */
        !           180:
        !           181:        u_int64_t       pfsyncs_opackets;       /* total output packets, IPv4 */
        !           182:        u_int64_t       pfsyncs_opackets6;      /* total output packets, IPv6 */
        !           183:        u_int64_t       pfsyncs_onomem;         /* no memory for an mbuf */
        !           184:        u_int64_t       pfsyncs_oerrors;        /* ip output error */
        !           185: };
        !           186:
        !           187: /*
        !           188:  * Configuration structure for SIOCSETPFSYNC SIOCGETPFSYNC
        !           189:  */
        !           190: struct pfsyncreq {
        !           191:        char             pfsyncr_syncdev[IFNAMSIZ];
        !           192:        struct in_addr   pfsyncr_syncpeer;
        !           193:        int              pfsyncr_maxupdates;
        !           194:        int              pfsyncr_authlevel;
        !           195: };
        !           196:
        !           197:
        !           198: /* for copies to/from network */
        !           199: #define pf_state_peer_hton(s,d) do {           \
        !           200:        (d)->seqlo = htonl((s)->seqlo);         \
        !           201:        (d)->seqhi = htonl((s)->seqhi);         \
        !           202:        (d)->seqdiff = htonl((s)->seqdiff);     \
        !           203:        (d)->max_win = htons((s)->max_win);     \
        !           204:        (d)->mss = htons((s)->mss);             \
        !           205:        (d)->state = (s)->state;                \
        !           206:        (d)->wscale = (s)->wscale;              \
        !           207:        if ((s)->scrub) {                                               \
        !           208:                (d)->scrub.pfss_flags =                                 \
        !           209:                    htons((s)->scrub->pfss_flags & PFSS_TIMESTAMP);     \
        !           210:                (d)->scrub.pfss_ttl = (s)->scrub->pfss_ttl;             \
        !           211:                (d)->scrub.pfss_ts_mod = htonl((s)->scrub->pfss_ts_mod);\
        !           212:                (d)->scrub.scrub_flag = PFSYNC_SCRUB_FLAG_VALID;        \
        !           213:        }                                                               \
        !           214: } while (0)
        !           215:
        !           216: #define pf_state_peer_ntoh(s,d) do {           \
        !           217:        (d)->seqlo = ntohl((s)->seqlo);         \
        !           218:        (d)->seqhi = ntohl((s)->seqhi);         \
        !           219:        (d)->seqdiff = ntohl((s)->seqdiff);     \
        !           220:        (d)->max_win = ntohs((s)->max_win);     \
        !           221:        (d)->mss = ntohs((s)->mss);             \
        !           222:        (d)->state = (s)->state;                \
        !           223:        (d)->wscale = (s)->wscale;              \
        !           224:        if ((s)->scrub.scrub_flag == PFSYNC_SCRUB_FLAG_VALID &&         \
        !           225:            (d)->scrub != NULL) {                                       \
        !           226:                (d)->scrub->pfss_flags =                                \
        !           227:                    ntohs((s)->scrub.pfss_flags) & PFSS_TIMESTAMP;      \
        !           228:                (d)->scrub->pfss_ttl = (s)->scrub.pfss_ttl;             \
        !           229:                (d)->scrub->pfss_ts_mod = ntohl((s)->scrub.pfss_ts_mod);\
        !           230:        }                                                               \
        !           231: } while (0)
        !           232:
        !           233: #define pf_state_host_hton(s,d) do {                           \
        !           234:        bcopy(&(s)->addr, &(d)->addr, sizeof((d)->addr));       \
        !           235:        (d)->port = (s)->port;                                  \
        !           236: } while (0)
        !           237:
        !           238: #define pf_state_host_ntoh(s,d) do {                           \
        !           239:        bcopy(&(s)->addr, &(d)->addr, sizeof((d)->addr));       \
        !           240:        (d)->port = (s)->port;                                  \
        !           241: } while (0)
        !           242:
        !           243: #define pf_state_counter_hton(s,d) do {                                \
        !           244:        d[0] = htonl((s>>32)&0xffffffff);                       \
        !           245:        d[1] = htonl(s&0xffffffff);                             \
        !           246: } while (0)
        !           247:
        !           248: #define pf_state_counter_ntoh(s,d) do {                                \
        !           249:        d = ntohl(s[0]);                                        \
        !           250:        d = d<<32;                                              \
        !           251:        d += ntohl(s[1]);                                       \
        !           252: } while (0)
        !           253:
        !           254: #ifdef _KERNEL
        !           255: void pfsync_input(struct mbuf *, ...);
        !           256: int pfsync_clear_states(u_int32_t, char *);
        !           257: int pfsync_pack_state(u_int8_t, struct pf_state *, int);
        !           258: #define pfsync_insert_state(st)        do {                            \
        !           259:        if ((st->rule.ptr->rule_flag & PFRULE_NOSYNC) ||        \
        !           260:            (st->state_key->proto == IPPROTO_PFSYNC))                   \
        !           261:                st->sync_flags |= PFSTATE_NOSYNC;               \
        !           262:        else if (!st->sync_flags)                               \
        !           263:                pfsync_pack_state(PFSYNC_ACT_INS, (st),         \
        !           264:                    PFSYNC_FLAG_COMPRESS);                      \
        !           265:        st->sync_flags &= ~PFSTATE_FROMSYNC;                    \
        !           266: } while (0)
        !           267: #define pfsync_update_state(st) do {                           \
        !           268:        if (!st->sync_flags)                                    \
        !           269:                pfsync_pack_state(PFSYNC_ACT_UPD, (st),         \
        !           270:                    PFSYNC_FLAG_COMPRESS);                      \
        !           271:        st->sync_flags &= ~PFSTATE_FROMSYNC;                    \
        !           272: } while (0)
        !           273: #define pfsync_delete_state(st) do {                           \
        !           274:        if (!st->sync_flags)                                    \
        !           275:                pfsync_pack_state(PFSYNC_ACT_DEL, (st),         \
        !           276:                    PFSYNC_FLAG_COMPRESS);                      \
        !           277: } while (0)
        !           278: int pfsync_update_tdb(struct tdb *, int);
        !           279: #endif
        !           280:
        !           281: #endif /* _NET_IF_PFSYNC_H_ */

CVSweb