xref: /openbsd-src/sys/net/pfvar_priv.h (revision f1dd7b858388b4a23f4f67a4957ec5ff656ebbe8) 
1 /*	$OpenBSD: pfvar_priv.h,v 1.6 2021/02/09 14:06:19 patrick Exp $	*/
2 
3 /*
4  * Copyright (c) 2001 Daniel Hartmeier
5  * Copyright (c) 2002 - 2013 Henning Brauer <henning@openbsd.org>
6  * Copyright (c) 2016 Alexander Bluhm <bluhm@openbsd.org>
7  * All rights reserved.
8  *
9  * Redistribution and use in source and binary forms, with or without
10  * modification, are permitted provided that the following conditions
11  * are met:
12  *
13  *    - Redistributions of source code must retain the above copyright
14  *      notice, this list of conditions and the following disclaimer.
15  *    - Redistributions in binary form must reproduce the above
16  *      copyright notice, this list of conditions and the following
17  *      disclaimer in the documentation and/or other materials provided
18  *      with the distribution.
19  *
20  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
21  * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
22  * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
23  * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
24  * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
25  * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
26  * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
27  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
28  * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
30  * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
31  * POSSIBILITY OF SUCH DAMAGE.
32  *
33  */
34 
35 #ifndef _NET_PFVAR_PRIV_H_
36 #define _NET_PFVAR_PRIV_H_
37 
38 #ifdef _KERNEL
39 
40 #include <sys/rwlock.h>
41 
42 extern struct rwlock pf_lock;
43 
44 struct pf_pdesc {
45 	struct {
46 		int	 done;
47 		uid_t	 uid;
48 		gid_t	 gid;
49 		pid_t	 pid;
50 	}		 lookup;
51 	u_int64_t	 tot_len;	/* Make Mickey money */
52 
53 	struct pf_addr	 nsaddr;	/* src address after NAT */
54 	struct pf_addr	 ndaddr;	/* dst address after NAT */
55 
56 	struct pfi_kif	*kif;		/* incoming interface */
57 	struct mbuf	*m;		/* mbuf containing the packet */
58 	struct pf_addr	*src;		/* src address */
59 	struct pf_addr	*dst;		/* dst address */
60 	u_int16_t	*pcksum;	/* proto cksum */
61 	u_int16_t	*sport;
62 	u_int16_t	*dport;
63 	u_int16_t	 osport;
64 	u_int16_t	 odport;
65 	u_int16_t	 nsport;	/* src port after NAT */
66 	u_int16_t	 ndport;	/* dst port after NAT */
67 
68 	u_int32_t	 off;		/* protocol header offset */
69 	u_int32_t	 hdrlen;	/* protocol header length */
70 	u_int32_t	 p_len;		/* length of protocol payload */
71 	u_int32_t	 extoff;	/* extentsion header offset */
72 	u_int32_t	 fragoff;	/* fragment header offset */
73 	u_int32_t	 jumbolen;	/* length from v6 jumbo header */
74 	u_int32_t	 badopts;	/* v4 options or v6 routing headers */
75 
76 	u_int16_t	 rdomain;	/* original routing domain */
77 	u_int16_t	 virtual_proto;
78 #define PF_VPROTO_FRAGMENT	256
79 	sa_family_t	 af;
80 	sa_family_t	 naf;
81 	u_int8_t	 proto;
82 	u_int8_t	 tos;
83 	u_int8_t	 ttl;
84 	u_int8_t	 dir;		/* direction */
85 	u_int8_t	 sidx;		/* key index for source */
86 	u_int8_t	 didx;		/* key index for destination */
87 	u_int8_t	 destchg;	/* flag set when destination changed */
88 	u_int8_t	 pflog;		/* flags for packet logging */
89 	union {
90 		struct tcphdr			tcp;
91 		struct udphdr			udp;
92 		struct icmp			icmp;
93 #ifdef INET6
94 		struct icmp6_hdr		icmp6;
95 		struct mld_hdr			mld;
96 		struct nd_neighbor_solicit	nd_ns;
97 #endif /* INET6 */
98 	} hdr;
99 };
100 
101 extern struct task	pf_purge_task;
102 extern struct timeout	pf_purge_to;
103 
104 struct pf_state		*pf_state_ref(struct pf_state *);
105 void			 pf_state_unref(struct pf_state *);
106 
107 extern struct rwlock	pf_lock;
108 extern struct rwlock	pf_state_lock;
109 
110 #define PF_LOCK()		do {			\
111 		NET_ASSERT_LOCKED();			\
112 		rw_enter_write(&pf_lock);		\
113 	} while (0)
114 
115 #define PF_UNLOCK()		do {			\
116 		PF_ASSERT_LOCKED();			\
117 		rw_exit_write(&pf_lock);		\
118 	} while (0)
119 
120 #define PF_ASSERT_LOCKED()	do {			\
121 		if (rw_status(&pf_lock) != RW_WRITE)	\
122 			splassert_fail(RW_WRITE,	\
123 			    rw_status(&pf_lock),__func__);\
124 	} while (0)
125 
126 #define PF_ASSERT_UNLOCKED()	do {			\
127 		if (rw_status(&pf_lock) == RW_WRITE)	\
128 			splassert_fail(0, rw_status(&pf_lock), __func__);\
129 	} while (0)
130 
131 #define PF_STATE_ENTER_READ()	do {			\
132 		rw_enter_read(&pf_state_lock);		\
133 	} while (0)
134 
135 #define PF_STATE_EXIT_READ()	do {			\
136 		rw_exit_read(&pf_state_lock);		\
137 	} while (0)
138 
139 #define PF_STATE_ENTER_WRITE()	do {			\
140 		rw_enter_write(&pf_state_lock);		\
141 	} while (0)
142 
143 #define PF_STATE_EXIT_WRITE()	do {			\
144 		PF_ASSERT_STATE_LOCKED();		\
145 		rw_exit_write(&pf_state_lock);		\
146 	} while (0)
147 
148 #define PF_ASSERT_STATE_LOCKED()	do {		\
149 		if (rw_status(&pf_state_lock) != RW_WRITE)\
150 			splassert_fail(RW_WRITE,	\
151 			    rw_status(&pf_state_lock), __func__);\
152 	} while (0)
153 
154 extern void			 pf_purge_timeout(void *);
155 extern void			 pf_purge(void *);
156 #endif /* _KERNEL */
157 
158 #endif /* _NET_PFVAR_PRIV_H_ */
159