2 * SPDX-License-Identifier: BSD-2-Clause-FreeBSD
4 * Copyright (c) 2020 Yandex LLC
5 * Copyright (c) 2020 Andrey V. Elsukov <ae@FreeBSD.org>
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
16 * THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND
17 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
18 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
19 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE
20 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
21 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
22 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
23 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
24 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
25 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 #pragma D depends_on provider ipfw
33 /* ipfw_chk() return values */
34 #pragma D binding "1.0" IP_FW_PASS
35 inline int IP_FW_PASS = 0;
36 #pragma D binding "1.0" IP_FW_DENY
37 inline int IP_FW_DENY = 1;
38 #pragma D binding "1.0" IP_FW_DIVERT
39 inline int IP_FW_DIVERT = 2;
40 #pragma D binding "1.0" IP_FW_TEE
41 inline int IP_FW_TEE = 3;
42 #pragma D binding "1.0" IP_FW_DUMMYNET
43 inline int IP_FW_DUMMYNET = 4;
44 #pragma D binding "1.0" IP_FW_NETGRAPH
45 inline int IP_FW_NETGRAPH = 5;
46 #pragma D binding "1.0" IP_FW_NGTEE
47 inline int IP_FW_NGTEE = 6;
48 #pragma D binding "1.0" IP_FW_NAT
49 inline int IP_FW_NAT = 7;
50 #pragma D binding "1.0" IP_FW_REASS
51 inline int IP_FW_REASS = 8;
52 #pragma D binding "1.0" IP_FW_NAT64
53 inline int IP_FW_NAT64 = 9;
55 #pragma D binding "1.0" ipfw_retcodes
56 inline string ipfw_retcodes[int ret] =
57 ret == IP_FW_PASS ? "PASS" :
58 ret == IP_FW_DENY ? "DENY" :
59 ret == IP_FW_DIVERT ? "DIVERT" :
60 ret == IP_FW_TEE ? "TEE" :
61 ret == IP_FW_DUMMYNET ? "DUMMYNET" :
62 ret == IP_FW_NETGRAPH ? "NETGRAPH" :
63 ret == IP_FW_NGTEE ? "NGTEE" :
64 ret == IP_FW_NAT ? "NAT" :
65 ret == IP_FW_REASS ? "REASS" :
66 ret == IP_FW_NAT64 ? "NAT64" :
69 /* ip_fw_args flags */
70 #pragma D binding "1.0" IPFW_ARGS_ETHER
71 inline int IPFW_ARGS_ETHER = 0x0001; /* valid ethernet header */
72 #pragma D binding "1.0" IPFW_ARGS_NH4
73 inline int IPFW_ARGS_NH4 = 0x0002; /* IPv4 next hop in hopstore */
74 #pragma D binding "1.0" IPFW_ARGS_NH6
75 inline int IPFW_ARGS_NH6 = 0x0004; /* IPv6 next hop in hopstore */
76 #pragma D binding "1.0" IPFW_ARGS_NH4PTR
77 inline int IPFW_ARGS_NH4PTR = 0x0008; /* IPv4 next hop in next_hop */
78 #pragma D binding "1.0" IPFW_ARGS_NH6PTR
79 inline int IPFW_ARGS_NH6PTR = 0x0010; /* IPv6 next hop in next_hop6 */
80 #pragma D binding "1.0" IPFW_ARGS_REF
81 inline int IPFW_ARGS_REF = 0x0020; /* valid ipfw_rule_ref */
83 /* ipfw_rule_ref.info */
84 #pragma D binding "1.0" IPFW_INFO_MASK
85 inline int IPFW_INFO_MASK = 0x0000ffff;
86 #pragma D binding "1.0" IPFW_INFO_OUT
87 inline int IPFW_INFO_OUT = 0x00000000;
88 #pragma D binding "1.0" IPFW_INFO_IN
89 inline int IPFW_INFO_IN = 0x80000000;
90 #pragma D binding "1.0" IPFW_ONEPASS
91 inline int IPFW_ONEPASS = 0x40000000;
92 #pragma D binding "1.0" IPFW_IS_MASK
93 inline int IPFW_IS_MASK = 0x30000000;
94 #pragma D binding "1.0" IPFW_IS_DIVERT
95 inline int IPFW_IS_DIVERT = 0x20000000;
96 #pragma D binding "1.0" IPFW_IS_DUMMYNET
97 inline int IPFW_IS_DUMMYNET = 0x10000000;
98 #pragma D binding "1.0" IPFW_IS_PIPE
99 inline int IPFW_IS_PIPE = 0x08000000;
101 typedef struct ipfw_match_info {
109 struct ip6_hdr *ip6p;
115 uint16_t fib; /* XXX */
116 in_addr_t dst_ip; /* in network byte order */
117 in_addr_t src_ip; /* in network byte order */
118 struct in6_addr dst_ip6;
119 struct in6_addr src_ip6;
121 uint16_t dst_port; /* in host byte order */
122 uint16_t src_port; /* in host byte order */
124 uint32_t flowid; /* IPv6 flowid */
135 #pragma D binding "1.0" translator
136 translator ipfw_match_info_t < struct ip_fw_args *p > {
142 /* Initialize IP pointer corresponding to addr_type */
143 ipp = (p->m != NULL) ? (struct ip *)p->m->m_data : NULL;
144 ip6p = (p->m != NULL) ? (struct ip6_hdr *)p->m->m_data : NULL;
146 /* fill f_id fields */
147 addr_type = p->f_id.addr_type;
148 proto = p->f_id.proto;
149 proto_flags = p->f_id._flags;
151 /* f_id.fib keeps truncated fibnum, use mbuf's fibnum if possible */
152 fib = p->m != NULL ? p->m->m_pkthdr.fibnum : p->f_id.fib;
155 * ipfw_chk() keeps IPv4 addresses in host byte order. But for
156 * dtrace script it is useful to have them in network byte order,
157 * because inet_ntoa() uses address in network byte order.
159 dst_ip = htonl(p->f_id.dst_ip);
160 src_ip = htonl(p->f_id.src_ip);
162 dst_ip6 = p->f_id.dst_ip6;
163 src_ip6 = p->f_id.src_ip6;
165 dst_port = p->f_id.dst_port;
166 src_port = p->f_id.src_port;
168 flowid = p->f_id.flow_id6;
169 extra = p->f_id.extra;
172 slot = (p->flags & IPFW_ARGS_REF) ? p->rule.slot : 0;
173 rulenum = (p->flags & IPFW_ARGS_REF) ? p->rule.rulenum : 0;
174 rule_id = (p->flags & IPFW_ARGS_REF) ? p->rule.rule_id : 0;
175 chain_id = (p->flags & IPFW_ARGS_REF) ? p->rule.chain_id : 0;
176 match_info = (p->flags & IPFW_ARGS_REF) ? p->rule.info : 0;
179 typedef struct ipfw_rule_info {
191 #pragma D binding "1.0" translator
192 translator ipfw_rule_info_t < struct ip_fw *r > {
193 act_ofs = r->act_ofs;
194 cmd_len = r->cmd_len;
195 rulenum = r->rulenum;
199 cached_id = r->cached_id;
200 cached_pos = r->cached_pos;