1 /*- 2 * SPDX-License-Identifier: BSD-2-Clause 3 * 4 * Copyright (c) 2023 Alexander V. Chernikov <melifaro@FreeBSD.org> 5 * Copyright (c) 2023 Rubicon Communications, LLC (Netgate) 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 2. Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in the 14 * documentation and/or other materials provided with the distribution. 15 * 16 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 17 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 18 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 19 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 20 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 21 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 22 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 23 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 24 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 25 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 26 * SUCH DAMAGE. 27 * 28 */ 29 30 #ifndef _NETPFIL_PF_PF_NL_H_ 31 #define _NETPFIL_PF_PF_NL_H_ 32 33 /* Genetlink family */ 34 #define PFNL_FAMILY_NAME "pfctl" 35 36 /* available commands */ 37 enum { 38 PFNL_CMD_UNSPEC = 0, 39 PFNL_CMD_GETSTATES = 1, 40 PFNL_CMD_GETCREATORS = 2, 41 PFNL_CMD_START = 3, 42 PFNL_CMD_STOP = 4, 43 PFNL_CMD_ADDRULE = 5, 44 PFNL_CMD_GETRULES = 6, 45 PFNL_CMD_GETRULE = 7, 46 PFNL_CMD_CLRSTATES = 8, 47 PFNL_CMD_KILLSTATES = 9, 48 PFNL_CMD_SET_STATUSIF = 10, 49 PFNL_CMD_GET_STATUS = 11, 50 PFNL_CMD_CLEAR_STATUS = 12, 51 PFNL_CMD_NATLOOK = 13, 52 PFNL_CMD_SET_DEBUG = 14, 53 PFNL_CMD_SET_TIMEOUT = 15, 54 PFNL_CMD_GET_TIMEOUT = 16, 55 PFNL_CMD_SET_LIMIT = 17, 56 PFNL_CMD_GET_LIMIT = 18, 57 PFNL_CMD_BEGIN_ADDRS = 19, 58 PFNL_CMD_ADD_ADDR = 20, 59 PFNL_CMD_GET_ADDRS = 21, 60 PFNL_CMD_GET_ADDR = 22, 61 PFNL_CMD_GET_RULESETS = 23, 62 PFNL_CMD_GET_RULESET = 24, 63 PFNL_CMD_GET_SRCNODES = 25, 64 PFNL_CMD_CLEAR_TABLES = 26, 65 PFNL_CMD_ADD_TABLE = 27, 66 PFNL_CMD_DEL_TABLE = 28, 67 PFNL_CMD_GET_TSTATS = 29, 68 PFNL_CMD_CLR_TSTATS = 30, 69 PFNL_CMD_CLR_ADDRS = 31, 70 PFNL_CMD_TABLE_ADD_ADDR = 32, 71 PFNL_CMD_TABLE_DEL_ADDR = 33, 72 PFNL_CMD_TABLE_SET_ADDR = 34, 73 PFNL_CMD_TABLE_GET_ADDR = 35, 74 PFNL_CMD_TABLE_GET_ASTATS = 36, 75 PFNL_CMD_TABLE_CLEAR_ASTATS = 37, 76 PFNL_CMD_STATE_LIMITER_ADD = 38, 77 PFNL_CMD_STATE_LIMITER_GET = 39, 78 PFNL_CMD_STATE_LIMITER_NGET = 40, 79 PFNL_CMD_SOURCE_LIMITER_ADD = 41, 80 PFNL_CMD_SOURCE_LIMITER_GET = 42, 81 PFNL_CMD_SOURCE_LIMITER_NGET = 43, 82 PFNL_CMD_SOURCE_GET = 44, 83 PFNL_CMD_SOURCE_NGET = 45, 84 PFNL_CMD_SOURCE_CLEAR = 46, 85 PFNL_CMD_TABLE_TEST_ADDRS = 47, 86 __PFNL_CMD_MAX, 87 }; 88 #define PFNL_CMD_MAX (__PFNL_CMD_MAX -1) 89 90 enum pfstate_key_type_t { 91 PF_STK_UNSPEC, 92 PF_STK_ADDR0 = 1, /* ip */ 93 PF_STK_ADDR1 = 2, /* ip */ 94 PF_STK_PORT0 = 3, /* u16 */ 95 PF_STK_PORT1 = 4, /* u16 */ 96 PF_STK_AF = 5, /* u8 */ 97 PF_STK_PROTO = 6, /* u16 */ 98 }; 99 100 enum pfstate_peer_type_t { 101 PF_STP_UNSPEC, 102 PF_STP_PFSS_FLAGS = 1, /* u16 */ 103 PF_STP_PFSS_TTL = 2, /* u8 */ 104 PF_STP_SCRUB_FLAG = 3, /* u8 */ 105 PF_STP_PFSS_TS_MOD = 4, /* u32 */ 106 PF_STP_SEQLO = 5, /* u32 */ 107 PF_STP_SEQHI = 6, /* u32 */ 108 PF_STP_SEQDIFF = 7, /* u32 */ 109 PF_STP_MAX_WIN = 8, /* u16 */ 110 PF_STP_MSS = 9, /* u16 */ 111 PF_STP_STATE = 10, /* u8 */ 112 PF_STP_WSCALE = 11, /* u8 */ 113 }; 114 115 enum pfstate_type_t { 116 PF_ST_UNSPEC, 117 PF_ST_ID = 1, /* u32, state id */ 118 PF_ST_CREATORID = 2, /* u32, */ 119 PF_ST_IFNAME = 3, /* string */ 120 PF_ST_ORIG_IFNAME = 4, /* string */ 121 PF_ST_KEY_WIRE = 5, /* nested, pfstate_key_type_t */ 122 PF_ST_KEY_STACK = 6, /* nested, pfstate_key_type_t */ 123 PF_ST_PEER_SRC = 7, /* nested, pfstate_peer_type_t*/ 124 PF_ST_PEER_DST = 8, /* nested, pfstate_peer_type_t */ 125 PF_ST_RT_ADDR = 9, /* ip */ 126 PF_ST_RULE = 10, /* u32 */ 127 PF_ST_ANCHOR = 11, /* u32 */ 128 PF_ST_NAT_RULE = 12, /* u32 */ 129 PF_ST_CREATION = 13, /* u32 */ 130 PF_ST_EXPIRE = 14, /* u32 */ 131 PF_ST_PACKETS0 = 15, /* u64 */ 132 PF_ST_PACKETS1 = 16, /* u64 */ 133 PF_ST_BYTES0 = 17, /* u64 */ 134 PF_ST_BYTES1 = 18, /* u64 */ 135 PF_ST_AF = 19, /* u8 */ 136 PF_ST_PROTO = 21, /* u8 */ 137 PF_ST_DIRECTION = 22, /* u8 */ 138 PF_ST_LOG = 23, /* u8 */ 139 PF_ST_TIMEOUT = 24, /* u8 */ 140 PF_ST_STATE_FLAGS = 25, /* u8 */ 141 PF_ST_SYNC_FLAGS = 26, /* u8 */ 142 PF_ST_UPDATES = 27, /* u8 */ 143 PF_ST_VERSION = 28, /* u64 */ 144 PF_ST_FILTER_ADDR = 29, /* in6_addr */ 145 PF_ST_FILTER_MASK = 30, /* in6_addr */ 146 PF_ST_RTABLEID = 31, /* i32 */ 147 PF_ST_MIN_TTL = 32, /* u8 */ 148 PF_ST_MAX_MSS = 33, /* u16 */ 149 PF_ST_DNPIPE = 34, /* u16 */ 150 PF_ST_DNRPIPE = 35, /* u16 */ 151 PF_ST_RT = 36, /* u8 */ 152 PF_ST_RT_IFNAME = 37, /* string */ 153 PF_ST_SRC_NODE_FLAGS = 38, /* u8 */ 154 PF_ST_RT_AF = 39, /* u8 */ 155 }; 156 157 enum pf_addr_type_t { 158 PF_AT_UNSPEC, 159 PF_AT_ADDR = 1, /* in6_addr */ 160 PF_AT_MASK = 2, /* in6_addr */ 161 PF_AT_IFNAME = 3, /* string */ 162 PF_AT_TABLENAME = 4, /* string */ 163 PF_AT_TYPE = 5, /* u8 */ 164 PF_AT_IFLAGS = 6, /* u8 */ 165 PF_AT_TBLCNT = 7, /* u32 */ 166 PF_AT_DYNCNT = 8, /* u32 */ 167 }; 168 169 enum pfrule_addr_type_t { 170 PF_RAT_UNSPEC, 171 PF_RAT_ADDR = 1, /* nested, pf_addr_type_t */ 172 PF_RAT_SRC_PORT = 2, /* u16 */ 173 PF_RAT_DST_PORT = 3, /* u16 */ 174 PF_RAT_NEG = 4, /* u8 */ 175 PF_RAT_OP = 5, /* u8 */ 176 }; 177 178 enum pf_labels_type_t { 179 PF_LT_UNSPEC, 180 PF_LT_LABEL = 1, /* string */ 181 }; 182 183 enum pf_mape_portset_type_t 184 { 185 PF_MET_UNSPEC, 186 PF_MET_OFFSET = 1, /* u8 */ 187 PF_MET_PSID_LEN = 2, /* u8 */ 188 PF_MET_PSID = 3, /* u16 */ 189 }; 190 191 enum pf_rpool_type_t 192 { 193 PF_PT_UNSPEC, 194 PF_PT_KEY = 1, /* bytes, sizeof(struct pf_poolhashkey) */ 195 PF_PT_COUNTER = 2, /* in6_addr */ 196 PF_PT_TBLIDX = 3, /* u32 */ 197 PF_PT_PROXY_SRC_PORT = 4, /* u16 */ 198 PF_PT_PROXY_DST_PORT = 5, /* u16 */ 199 PF_PT_OPTS = 6, /* u8 */ 200 PF_PT_MAPE = 7, /* nested, pf_mape_portset_type_t */ 201 }; 202 203 enum pf_timeout_type_t { 204 PF_TT_UNSPEC, 205 PF_TT_TIMEOUT = 1, /* u32 */ 206 }; 207 208 enum pf_rule_uid_type_t { 209 PF_RUT_UNSPEC, 210 PF_RUT_UID_LOW = 1, /* u32 */ 211 PF_RUT_UID_HIGH = 2, /* u32 */ 212 PF_RUT_OP = 3, /* u8 */ 213 }; 214 215 enum pf_rule_type_t { 216 PF_RT_UNSPEC, 217 PF_RT_SRC = 1, /* nested, pf_rule_addr_type_t */ 218 PF_RT_DST = 2, /* nested, pf_rule_addr_type_t */ 219 PF_RT_RIDENTIFIER = 3, /* u32 */ 220 PF_RT_LABELS = 4, /* nested, pf_labels_type_t */ 221 PF_RT_IFNAME = 5, /* string */ 222 PF_RT_QNAME = 6, /* string */ 223 PF_RT_PQNAME = 7, /* string */ 224 PF_RT_TAGNAME = 8, /* string */ 225 PF_RT_MATCH_TAGNAME = 9, /* string */ 226 PF_RT_OVERLOAD_TBLNAME = 10, /* string */ 227 PF_RT_RPOOL_RDR = 11, /* nested, pf_rpool_type_t */ 228 PF_RT_OS_FINGERPRINT = 12, /* u32 */ 229 PF_RT_RTABLEID = 13, /* u32 */ 230 PF_RT_TIMEOUT = 14, /* nested, pf_timeout_type_t */ 231 PF_RT_MAX_STATES = 15, /* u32 */ 232 PF_RT_MAX_SRC_NODES = 16, /* u32 */ 233 PF_RT_MAX_SRC_STATES = 17, /* u32 */ 234 PF_RT_MAX_SRC_CONN_RATE_LIMIT = 18, /* u32 */ 235 PF_RT_MAX_SRC_CONN_RATE_SECS = 19, /* u32 */ 236 PF_RT_DNPIPE = 20, /* u16 */ 237 PF_RT_DNRPIPE = 21, /* u16 */ 238 PF_RT_DNFLAGS = 22, /* u32 */ 239 PF_RT_NR = 23, /* u32 */ 240 PF_RT_PROB = 24, /* u32 */ 241 PF_RT_CUID = 25, /* u32 */ 242 PF_RT_CPID = 26, /* u32 */ 243 PF_RT_RETURN_ICMP = 27, /* u16 */ 244 PF_RT_RETURN_ICMP6 = 28, /* u16 */ 245 PF_RT_MAX_MSS = 29, /* u16 */ 246 PF_RT_SCRUB_FLAGS = 30, /* u16 */ 247 PF_RT_UID = 31, /* nested, pf_rule_uid_type_t */ 248 PF_RT_GID = 32, /* nested, pf_rule_uid_type_t */ 249 PF_RT_RULE_FLAG = 33, /* u32 */ 250 PF_RT_ACTION = 34, /* u8 */ 251 PF_RT_DIRECTION = 35, /* u8 */ 252 PF_RT_LOG = 36, /* u8 */ 253 PF_RT_LOGIF = 37, /* u8 */ 254 PF_RT_QUICK = 38, /* u8 */ 255 PF_RT_IF_NOT = 39, /* u8 */ 256 PF_RT_MATCH_TAG_NOT = 40, /* u8 */ 257 PF_RT_NATPASS = 41, /* u8 */ 258 PF_RT_KEEP_STATE = 42, /* u8 */ 259 PF_RT_AF = 43, /* u8 */ 260 PF_RT_PROTO = 44, /* u8 */ 261 PF_RT_TYPE = 45, /* u8 */ 262 PF_RT_CODE = 46, /* u8 */ 263 PF_RT_FLAGS = 47, /* u8 */ 264 PF_RT_FLAGSET = 48, /* u8 */ 265 PF_RT_MIN_TTL = 49, /* u8 */ 266 PF_RT_ALLOW_OPTS = 50, /* u8 */ 267 PF_RT_RT = 51, /* u8 */ 268 PF_RT_RETURN_TTL = 52, /* u8 */ 269 PF_RT_TOS = 53, /* u8 */ 270 PF_RT_SET_TOS = 54, /* u8 */ 271 PF_RT_ANCHOR_RELATIVE = 55, /* u8 */ 272 PF_RT_ANCHOR_WILDCARD = 56, /* u8 */ 273 PF_RT_FLUSH = 57, /* u8 */ 274 PF_RT_PRIO = 58, /* u8 */ 275 PF_RT_SET_PRIO = 59, /* u8 */ 276 PF_RT_SET_PRIO_REPLY = 60, /* u8 */ 277 PF_RT_DIVERT_ADDRESS = 61, /* in6_addr */ 278 PF_RT_DIVERT_PORT = 62, /* u16 */ 279 PF_RT_PACKETS_IN = 63, /* u64 */ 280 PF_RT_PACKETS_OUT = 64, /* u64 */ 281 PF_RT_BYTES_IN = 65, /* u64 */ 282 PF_RT_BYTES_OUT = 66, /* u64 */ 283 PF_RT_EVALUATIONS = 67, /* u64 */ 284 PF_RT_TIMESTAMP = 68, /* u64 */ 285 PF_RT_STATES_CUR = 69, /* u64 */ 286 PF_RT_STATES_TOTAL = 70, /* u64 */ 287 PF_RT_SRC_NODES = 71, /* u64 */ 288 PF_RT_ANCHOR_CALL = 72, /* string */ 289 PF_RT_RCV_IFNAME = 73, /* string */ 290 PF_RT_MAX_SRC_CONN = 74, /* u32 */ 291 PF_RT_RPOOL_NAT = 75, /* nested, pf_rpool_type_t */ 292 PF_RT_NAF = 76, /* u8 */ 293 PF_RT_RPOOL_RT = 77, /* nested, pf_rpool_type_t */ 294 PF_RT_RCV_IFNOT = 78, /* bool */ 295 PF_RT_SRC_NODES_LIMIT = 79, /* u64 */ 296 PF_RT_SRC_NODES_NAT = 80, /* u64 */ 297 PF_RT_SRC_NODES_ROUTE = 81, /* u64 */ 298 PF_RT_PKTRATE = 82, /* nested, pf_threshold_type_t */ 299 PF_RT_MAX_PKT_SIZE = 83, /* u16 */ 300 PF_RT_TYPE_2 = 84, /* u16 */ 301 PF_RT_CODE_2 = 85, /* u16 */ 302 PF_RT_EXPTIME = 86, /* time_t */ 303 PF_RT_STATE_LIMIT = 87, /* u8 */ 304 PF_RT_SOURCE_LIMIT = 88, /* u8 */ 305 PF_RT_STATE_LIMIT_ACTION = 89, /* u32 */ 306 PF_RT_SOURCE_LIMIT_ACTION = 90, /* u32 */ 307 }; 308 309 enum pf_addrule_type_t { 310 PF_ART_UNSPEC, 311 PF_ART_TICKET = 1, /* u32 */ 312 PF_ART_POOL_TICKET = 2, /* u32 */ 313 PF_ART_ANCHOR = 3, /* string */ 314 PF_ART_ANCHOR_CALL = 4, /* string */ 315 PF_ART_RULE = 5, /* nested, pfrule_type_t */ 316 }; 317 318 enum pf_getrules_type_t { 319 PF_GR_UNSPEC, 320 PF_GR_ANCHOR = 1, /* string */ 321 PF_GR_ACTION = 2, /* u8 */ 322 PF_GR_NR = 3, /* u32 */ 323 PF_GR_TICKET = 4, /* u32 */ 324 PF_GR_CLEAR = 5, /* u8 */ 325 }; 326 327 enum pf_clear_states_type_t { 328 PF_CS_UNSPEC, 329 PF_CS_CMP_ID = 1, /* u64 */ 330 PF_CS_CMP_CREATORID = 2, /* u32 */ 331 PF_CS_CMP_DIR = 3, /* u8 */ 332 PF_CS_AF = 4, /* u8 */ 333 PF_CS_PROTO = 5, /* u8 */ 334 PF_CS_SRC = 6, /* nested, pf_addr_wrap */ 335 PF_CS_DST = 7, /* nested, pf_addr_wrap */ 336 PF_CS_RT_ADDR = 8, /* nested, pf_addr_wrap */ 337 PF_CS_IFNAME = 9, /* string */ 338 PF_CS_LABEL = 10, /* string */ 339 PF_CS_KILL_MATCH = 11, /* bool */ 340 PF_CS_NAT = 12, /* bool */ 341 PF_CS_KILLED = 13, /* u32 */ 342 }; 343 344 enum pf_set_statusif_types_t { 345 PF_SS_UNSPEC, 346 PF_SS_IFNAME = 1, /* string */ 347 }; 348 349 enum pf_counter_types_t { 350 PF_C_UNSPEC, 351 PF_C_COUNTER = 1, /* u64 */ 352 PF_C_NAME = 2, /* string */ 353 PF_C_ID = 3, /* u32 */ 354 }; 355 356 enum pf_get_status_types_t { 357 PF_GS_UNSPEC, 358 PF_GS_IFNAME = 1, /* string */ 359 PF_GS_RUNNING = 2, /* bool */ 360 PF_GS_SINCE = 3, /* u32 */ 361 PF_GS_DEBUG = 4, /* u32 */ 362 PF_GS_HOSTID = 5, /* u32 */ 363 PF_GS_STATES = 6, /* u32 */ 364 PF_GS_SRC_NODES = 7, /* u32 */ 365 PF_GS_REASSEMBLE = 8, /* u32 */ 366 PF_GS_SYNCOOKIES_ACTIVE = 9, /* bool */ 367 PF_GS_COUNTERS = 10, /* nested, */ 368 PF_GS_LCOUNTERS = 11, /* nested, */ 369 PF_GS_FCOUNTERS = 12, /* nested, */ 370 PF_GS_SCOUNTERS = 13, /* nested, */ 371 PF_GS_CHKSUM = 14, /* byte array */ 372 PF_GS_PCOUNTERS = 15, /* u64 array */ 373 PF_GS_BCOUNTERS = 16, /* u64 array */ 374 PF_GS_NCOUNTERS = 17, /* nested, */ 375 PF_GS_FRAGMENTS = 18, /* u64, */ 376 }; 377 378 enum pf_natlook_types_t { 379 PF_NL_UNSPEC, 380 PF_NL_AF = 1, /* u8 */ 381 PF_NL_DIRECTION = 2, /* u8 */ 382 PF_NL_PROTO = 3, /* u8 */ 383 PF_NL_SRC_ADDR = 4, /* in6_addr */ 384 PF_NL_DST_ADDR = 5, /* in6_addr */ 385 PF_NL_SRC_PORT = 6, /* u16 */ 386 PF_NL_DST_PORT = 7, /* u16 */ 387 }; 388 389 enum pf_set_debug_types_t { 390 PF_SD_UNSPEC, 391 PF_SD_LEVEL = 1, /* u32 */ 392 }; 393 394 enum pf_timeout_types_t { 395 PF_TO_UNSPEC, 396 PF_TO_TIMEOUT = 1, /* u32 */ 397 PF_TO_SECONDS = 2, /* u32 */ 398 }; 399 400 enum pf_limit_types_t { 401 PF_LI_UNSPEC, 402 PF_LI_INDEX = 1, /* u32 */ 403 PF_LI_LIMIT = 2, /* u32 */ 404 }; 405 406 enum pf_begin_addrs_types_t { 407 PF_BA_UNSPEC, 408 PF_BA_TICKET = 1, /* u32 */ 409 }; 410 411 enum pf_pool_addr_types_t { 412 PF_PA_UNSPEC, 413 PF_PA_ADDR = 1, /* nested, pf_addr_wrap */ 414 PF_PA_IFNAME = 2, /* string */ 415 }; 416 417 enum pf_add_addr_types_t { 418 PF_AA_UNSPEC, 419 PF_AA_ACTION = 1, /* u32 */ 420 PF_AA_TICKET = 2, /* u32 */ 421 PF_AA_NR = 3, /* u32 */ 422 PF_AA_R_NUM = 4, /* u32 */ 423 PF_AA_R_ACTION = 5, /* u8 */ 424 PF_AA_R_LAST = 6, /* u8 */ 425 PF_AA_AF = 7, /* u8 */ 426 PF_AA_ANCHOR = 8, /* string */ 427 PF_AA_ADDR = 9, /* nested, pf_pooladdr */ 428 PF_AA_WHICH = 10, /* u32 */ 429 }; 430 431 enum pf_get_rulesets_types_t { 432 PF_RS_UNSPEC, 433 PF_RS_PATH = 1, /* string */ 434 PF_RS_NR = 2, /* u32 */ 435 PF_RS_NAME = 3, /* string */ 436 }; 437 438 enum pf_threshold_types_t { 439 PF_TH_UNSPEC, 440 PF_TH_LIMIT = 1, /* u32 */ 441 PF_TH_SECONDS = 2, /* u32 */ 442 PF_TH_COUNT = 3, /* u32 */ 443 PF_TH_LAST = 4, /* u32 */ 444 }; 445 446 enum pf_srcnodes_types_t { 447 PF_SN_UNSPEC, 448 PF_SN_ADDR = 1, /* nested, pf_addr */ 449 PF_SN_RADDR = 2, /* nested, pf_addr */ 450 PF_SN_RULE_NR = 3, /* u32 */ 451 PF_SN_BYTES_IN = 4, /* u64 */ 452 PF_SN_BYTES_OUT = 5, /* u64 */ 453 PF_SN_PACKETS_IN = 6, /* u64 */ 454 PF_SN_PACKETS_OUT = 7, /* u64 */ 455 PF_SN_STATES = 8, /* u32 */ 456 PF_SN_CONNECTIONS = 9, /* u32 */ 457 PF_SN_AF = 10, /* u8 */ 458 PF_SN_RULE_TYPE = 11, /* u8 */ 459 PF_SN_CREATION = 12, /* u64 */ 460 PF_SN_EXPIRE = 13, /* u64 */ 461 PF_SN_CONNECTION_RATE = 14, /* nested, pf_threshold */ 462 PF_SN_RAF = 15, /* u8 */ 463 PF_SN_NODE_TYPE = 16, /* u8 */ 464 }; 465 466 enum pf_tables_t { 467 PF_T_UNSPEC, 468 PF_T_ANCHOR = 1, /* string */ 469 PF_T_NAME = 2, /* string */ 470 PF_T_TABLE_FLAGS = 3, /* u32 */ 471 PF_T_FLAGS = 4, /* u32 */ 472 PF_T_NBR_DELETED = 5, /* u32 */ 473 PF_T_NBR_ADDED = 6, /* u32 */ 474 }; 475 476 enum pf_tstats_t { 477 PF_TS_UNSPEC, 478 PF_TS_TABLE = 1, /* nested, pfr_table */ 479 PF_TS_PACKETS = 2, /* u64 array */ 480 PF_TS_BYTES = 3, /* u64 array */ 481 PF_TS_MATCH = 4, /* u64 */ 482 PF_TS_NOMATCH = 5, /* u64 */ 483 PF_TS_TZERO = 6, /* u64 */ 484 PF_TS_CNT = 7, /* u64 */ 485 PF_TS_REFCNT = 8, /* u64 array */ 486 PF_TS_NZERO = 9, /* u64 */ 487 }; 488 489 enum pfr_addr_t { 490 PFR_A_UNSPEC, 491 PFR_A_AF = 1, /* uint8_t */ 492 PFR_A_NET = 2, /* uint8_t */ 493 PFR_A_NOT = 3, /* bool */ 494 PFR_A_ADDR = 4, /* in6_addr */ 495 }; 496 497 enum pf_table_addrs_t { 498 PF_TA_UNSPEC, 499 PF_TA_TABLE = 1, /* nested, pf_table_t */ 500 PF_TA_ADDR = 2, /* nested, pfr_addr_t */ 501 PF_TA_FLAGS = 3, /* u32 */ 502 PF_TA_NBR_ADDED = 4, /* u32 */ 503 PF_TA_NBR_DELETED = 5, /* u32 */ 504 PF_TA_NBR_CHANGED = 6, /* u32 */ 505 PF_TA_ADDR_COUNT = 7, /* u32 */ 506 }; 507 508 enum pf_astats_t { 509 PF_AS_UNSPEC, 510 PF_AS_ADDR = 1, /* nested, pfr_addr_t */ 511 PF_AS_PACKETS = 2, /* u64 array */ 512 PF_AS_BYTES = 3, /* u64 array */ 513 PF_AS_TZERO = 4, /* time_t */ 514 }; 515 516 enum pf_table_astats_t { 517 PF_TAS_UNSPEC, 518 PF_TAS_TABLE = 1, /* nested pf_table_t */ 519 PF_TAS_ASTATS = 2, /* nested, pfr_astats_t */ 520 PF_TAS_FLAGS = 3, /* u32 */ 521 PF_TAS_ASTATS_COUNT = 4, /* u32 */ 522 PF_TAS_ASTATS_ZEROED = 5, /* u32 */ 523 }; 524 525 enum pf_limit_rate_t { 526 PF_LR_UNSPEC, 527 PF_LR_LIMIT = 1, /* u32 */ 528 PF_LR_SECONDS = 2, /* u32 */ 529 }; 530 531 enum pf_state_limit_t { 532 PF_SL_UNSPEC, 533 PF_SL_TICKET = 1, /* u32 */ 534 PF_SL_NAME = 2, /* string */ 535 PF_SL_ID = 3, /* u32 */ 536 PF_SL_LIMIT = 4, /* u32 */ 537 PF_SL_RATE = 5, /* nested, pf_limit_rate_t */ 538 PF_SL_DESCR = 6, /* string */ 539 PF_SL_INUSE = 7, /* u32 */ 540 PF_SL_ADMITTED = 8, /* u64 */ 541 PF_SL_HARDLIMITED = 9, /* u64 */ 542 PF_SL_RATELIMITED = 10, /* u64 */ 543 }; 544 545 enum pf_source_limit_t { 546 PF_SCL_UNSPEC, 547 PF_SCL_TICKET = 1, /* u32 */ 548 PF_SCL_NAME = 2, /* string */ 549 PF_SCL_ID = 3, /* u32 */ 550 PF_SCL_ENTRIES = 4, /* u32 */ 551 PF_SCL_LIMIT = 5, /* u32 */ 552 PF_SCL_RATE = 6, /* nested, pf_limit_rate_t */ 553 PF_SCL_OVERLOAD_TBL_NAME = 7, /* string*/ 554 PF_SCL_OVERLOAD_HIGH_WM = 8, /* u32 */ 555 PF_SCL_OVERLOAD_LOW_WM = 9, /* u32 */ 556 PF_SCL_INET_PREFIX = 10, /* u32 */ 557 PF_SCL_INET6_PREFIX = 11, /* u32 */ 558 PF_SCL_DESCR = 12, /* string */ 559 PF_SCL_NENTRIES = 13, /* u32 */ 560 PF_SCL_INUSE = 14, /* u32 */ 561 PF_SCL_ADDR_ALLOCS = 15, /* u64 */ 562 PF_SCL_ADDR_NOMEM = 16, /* u64 */ 563 PF_SCL_ADMITTED = 17, /* u64 */ 564 PF_SCL_ADDRLIMITED = 18, /* u64 */ 565 PF_SCL_HARDLIMITED = 19, /* u64 */ 566 PF_SCL_RATELIMITED = 20, /* u64 */ 567 }; 568 569 enum pf_source_t { 570 PF_SRC_UNSPEC, 571 PF_SRC_NAME = 1, /* string */ 572 PF_SRC_ID = 2, /* u32 */ 573 PF_SRC_AF = 3, /* u8 */ 574 PF_SRC_RDOMAIN = 4, /* u32 */ 575 PF_SRC_ADDR = 5, /* in6_addr */ 576 PF_SRC_INUSE = 6, /* u32 */ 577 PF_SRC_ADMITTED = 7, /* u64 */ 578 PF_SRC_HARDLIMITED = 8, /* u64 */ 579 PF_SRC_RATELIMITED = 9, /* u64 */ 580 PF_SRC_LIMIT = 10, /* u32 */ 581 PF_SRC_INET_PREFIX = 11, /* u32 */ 582 PF_SRC_INET6_PREFIX = 12, /* u32 */ 583 }; 584 585 enum pf_source_clear_t { 586 PF_SC_UNSPEC, 587 PF_SC_NAME = 1, /* string */ 588 PF_SC_ID = 2, /* u32*/ 589 PF_SC_RDOMAIN = 3, /* u32 */ 590 PF_SC_AF = 4, /* u8 */ 591 PF_SC_ADDR = 5, /* in6_addr */ 592 }; 593 594 #ifdef _KERNEL 595 596 void pf_nl_register(void); 597 void pf_nl_unregister(void); 598 599 #endif 600 601 #endif 602