xref: /illumos-gate/usr/src/uts/common/sys/pfmod.h (revision 2d6eb4a5) 
17c478bd9Sstevel@tonic-gate /*
27c478bd9Sstevel@tonic-gate  * CDDL HEADER START
37c478bd9Sstevel@tonic-gate  *
47c478bd9Sstevel@tonic-gate  * The contents of this file are subject to the terms of the
5*605445d5Sdg  * Common Development and Distribution License (the "License").
6*605445d5Sdg  * You may not use this file except in compliance with the License.
77c478bd9Sstevel@tonic-gate  *
87c478bd9Sstevel@tonic-gate  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
97c478bd9Sstevel@tonic-gate  * or http://www.opensolaris.org/os/licensing.
107c478bd9Sstevel@tonic-gate  * See the License for the specific language governing permissions
117c478bd9Sstevel@tonic-gate  * and limitations under the License.
127c478bd9Sstevel@tonic-gate  *
137c478bd9Sstevel@tonic-gate  * When distributing Covered Code, include this CDDL HEADER in each
147c478bd9Sstevel@tonic-gate  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
157c478bd9Sstevel@tonic-gate  * If applicable, add the following below this CDDL HEADER, with the
167c478bd9Sstevel@tonic-gate  * fields enclosed by brackets "[]" replaced with your own identifying
177c478bd9Sstevel@tonic-gate  * information: Portions Copyright [yyyy] [name of copyright owner]
187c478bd9Sstevel@tonic-gate  *
197c478bd9Sstevel@tonic-gate  * CDDL HEADER END
207c478bd9Sstevel@tonic-gate  */
217c478bd9Sstevel@tonic-gate /*
22*605445d5Sdg  * Copyright 2006 Sun Microsystems, Inc.  All rights reserved.
23*605445d5Sdg  * Use is subject to license terms.
247c478bd9Sstevel@tonic-gate  */
257c478bd9Sstevel@tonic-gate 
267c478bd9Sstevel@tonic-gate #ifndef	_SYS_PFMOD_H
277c478bd9Sstevel@tonic-gate #define	_SYS_PFMOD_H
287c478bd9Sstevel@tonic-gate 
297c478bd9Sstevel@tonic-gate #ifdef	__cplusplus
307c478bd9Sstevel@tonic-gate extern "C" {
317c478bd9Sstevel@tonic-gate #endif
327c478bd9Sstevel@tonic-gate 
337c478bd9Sstevel@tonic-gate /*
347c478bd9Sstevel@tonic-gate  * Ioctls.
357c478bd9Sstevel@tonic-gate  */
367c478bd9Sstevel@tonic-gate #define	PFIOC		('P' << 8)
377c478bd9Sstevel@tonic-gate #define	PFIOCSETF	(PFIOC|1)	/* replace current packet filter */
387c478bd9Sstevel@tonic-gate 
397c478bd9Sstevel@tonic-gate #define	ENMAXFILTERS	255		/* maximum filter short words */
407c478bd9Sstevel@tonic-gate #define	PF_MAXFILTERS	2047		/* max short words for newpacketfilt */
417c478bd9Sstevel@tonic-gate 
427c478bd9Sstevel@tonic-gate /*
43*605445d5Sdg  * filter structure for SETF
447c478bd9Sstevel@tonic-gate  */
457c478bd9Sstevel@tonic-gate struct packetfilt {
467c478bd9Sstevel@tonic-gate 	uchar_t	Pf_Priority;			/* priority of filter */
477c478bd9Sstevel@tonic-gate 	uchar_t Pf_FilterLen;			/* length of filter cmd list */
487c478bd9Sstevel@tonic-gate 	ushort_t Pf_Filter[ENMAXFILTERS];	/* filter command list */
497c478bd9Sstevel@tonic-gate };
507c478bd9Sstevel@tonic-gate 
517c478bd9Sstevel@tonic-gate /*
527c478bd9Sstevel@tonic-gate  * The extended packet filter structure
537c478bd9Sstevel@tonic-gate  */
547c478bd9Sstevel@tonic-gate struct Pf_ext_packetfilt {
557c478bd9Sstevel@tonic-gate 	uchar_t	Pf_Priority;			/* priority of filter */
567c478bd9Sstevel@tonic-gate 	unsigned int Pf_FilterLen;		/* length of filter cmd list */
577c478bd9Sstevel@tonic-gate 	ushort_t Pf_Filter[PF_MAXFILTERS];	/* filter command list */
587c478bd9Sstevel@tonic-gate };
597c478bd9Sstevel@tonic-gate 
607c478bd9Sstevel@tonic-gate /*
61*605445d5Sdg  * We now allow specification of up to MAXFILTERS (short) words of a filter
62*605445d5Sdg  * command list to be applied to incoming packets to determine if
63*605445d5Sdg  * those packets should be given to a particular open ethernet file.
64*605445d5Sdg  * Alternatively, PF_MAXFILTERS and Pf_ext_packetfilt structure can be
65*605445d5Sdg  * used in case even bigger filter command list is needed.
667c478bd9Sstevel@tonic-gate  *
67*605445d5Sdg  * In this context, "word" means a short (16-bit) integer.
687c478bd9Sstevel@tonic-gate  *
69*605445d5Sdg  * The filter command list is specified using ioctl().  Each filter command
70*605445d5Sdg  * list specifies a sequence of actions that leaves a boolean value on the
71*605445d5Sdg  * top of an internal stack.  There is also an offset register which is
72*605445d5Sdg  * initialized to zero.  Each word of the command list specifies an action
73*605445d5Sdg  * from the set {PUSHLIT, PUSHZERO, PUSHWORD+N, LOAD_OFFSET, BRTR, BRFL, POP}
74*605445d5Sdg  * (see #defines below for definitions), and a binary operator from the set
75*605445d5Sdg  * {EQ, LT, LE, GT, GE, AND, OR, XOR} which operates on the top two elements
76*605445d5Sdg  * of the stack and replaces them with its result.  The special action NOPUSH
77*605445d5Sdg  * and the special operator NOP can be used to only perform the binary
78*605445d5Sdg  * operation or to only push a value on the stack.
797c478bd9Sstevel@tonic-gate  *
80*605445d5Sdg  * If the final value of the filter operation is true, then the packet is
81*605445d5Sdg  * accepted for the open file which specified the filter.
827c478bd9Sstevel@tonic-gate  */
837c478bd9Sstevel@tonic-gate 
84*605445d5Sdg /* these must sum to sizeof (ushort_t)! */
857c478bd9Sstevel@tonic-gate #define	ENF_NBPA	10			/* # bits / action */
867c478bd9Sstevel@tonic-gate #define	ENF_NBPO	 6			/* # bits / operator */
877c478bd9Sstevel@tonic-gate 
88*605445d5Sdg /* binary operators */
897c478bd9Sstevel@tonic-gate #define	ENF_NOP		(0 << ENF_NBPA)
907c478bd9Sstevel@tonic-gate #define	ENF_EQ		(1 << ENF_NBPA)
917c478bd9Sstevel@tonic-gate #define	ENF_LT		(2 << ENF_NBPA)
927c478bd9Sstevel@tonic-gate #define	ENF_LE		(3 << ENF_NBPA)
937c478bd9Sstevel@tonic-gate #define	ENF_GT		(4 << ENF_NBPA)
947c478bd9Sstevel@tonic-gate #define	ENF_GE		(5 << ENF_NBPA)
957c478bd9Sstevel@tonic-gate #define	ENF_AND		(6 << ENF_NBPA)
967c478bd9Sstevel@tonic-gate #define	ENF_OR		(7 << ENF_NBPA)
977c478bd9Sstevel@tonic-gate #define	ENF_XOR		(8 << ENF_NBPA)
987c478bd9Sstevel@tonic-gate #define	ENF_COR		(9 << ENF_NBPA)
997c478bd9Sstevel@tonic-gate #define	ENF_CAND	(10 << ENF_NBPA)
1007c478bd9Sstevel@tonic-gate #define	ENF_CNOR	(11 << ENF_NBPA)
1017c478bd9Sstevel@tonic-gate #define	ENF_CNAND	(12 << ENF_NBPA)
1027c478bd9Sstevel@tonic-gate #define	ENF_NEQ		(13 << ENF_NBPA)
1037c478bd9Sstevel@tonic-gate 
104*605445d5Sdg /* stack actions */
1057c478bd9Sstevel@tonic-gate #define	ENF_NOPUSH	0
106*605445d5Sdg #define	ENF_PUSHLIT	1  /* Push the next word on the stack */
107*605445d5Sdg #define	ENF_PUSHZERO	2  /* Push 0 on the stack */
108*605445d5Sdg #define	ENF_PUSHONE	3  /* Push 1 on the stack */
109*605445d5Sdg #define	ENF_PUSHFFFF	4  /* Push 0xffff on the stack */
110*605445d5Sdg #define	ENF_PUSHFF00	5  /* Push 0xff00 on the stack */
111*605445d5Sdg #define	ENF_PUSH00FF	6  /* Push 0x00ff on the stack */
112*605445d5Sdg #define	ENF_LOAD_OFFSET	7  /* Load the next word into the offset register */
113*605445d5Sdg #define	ENF_BRTR	8  /* Branch if the stack's top element is true */
114*605445d5Sdg #define	ENF_BRFL	9  /* Branch if the stack's top element is false */
115*605445d5Sdg #define	ENF_POP		10 /* Pop the top element from the stack */
1167c478bd9Sstevel@tonic-gate #define	ENF_PUSHWORD	16
1177c478bd9Sstevel@tonic-gate 
1187c478bd9Sstevel@tonic-gate #ifdef	__cplusplus
1197c478bd9Sstevel@tonic-gate }
1207c478bd9Sstevel@tonic-gate #endif
1217c478bd9Sstevel@tonic-gate 
1227c478bd9Sstevel@tonic-gate #endif	/* _SYS_PFMOD_H */
123