1 /* 2 * Copyright (c) 2024 Huawei Device Co., Ltd. 3 * Licensed under the Apache License, Version 2.0 (the "License"); 4 * you may not use this file except in compliance with the License. 5 * You may obtain a copy of the License at 6 * 7 * http://www.apache.org/licenses/LICENSE-2.0 8 * 9 * Unless required by applicable law or agreed to in writing, software 10 * distributed under the License is distributed on an "AS IS" BASIS, 11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 * See the License for the specific language governing permissions and 13 * limitations under the License. 14 */ 15 #ifndef NET_FIREWALL_TYPES_H 16 #define NET_FIREWALL_TYPES_H 17 18 #include <linux/types.h> 19 #include <linux/bpf.h> 20 #include <sys/socket.h> 21 22 #ifdef __cplusplus 23 #include <netinet/in.h> 24 #else 25 #include <linux/in6.h> 26 #endif 27 28 #define USER_ID_DIVIDOR 200000 29 #define DEFAULT_USER_ID 100 30 #define BITMAP_LEN 63 31 #define IPV4_MAX_PREFIXLEN 32 32 #define IPV6_MAX_PREFIXLEN 128 33 34 #define DNS_PORT 53 35 #define DNS_QR_DEFALUT_MASK 15 36 #define DNS_QRS_IPV4_TYPE 1 37 #define DNS_QRS_IPV4_LEN 4 38 #define DNS_QRS_IPV6_TYPE 28 39 #define DNS_QRS_IPV6_LEN 16 40 #define DNS_DOMAIN_LEN 253 41 #define DNS_ANSWER_CNT 32 42 #define PROTOCOL_SAT_EXPAK 64 43 44 struct bitmap { 45 __u32 val[BITMAP_LEN]; 46 }; 47 48 typedef __u32 *bitmap_ptr; 49 typedef __u32 bitmap_t[BITMAP_LEN]; 50 #define BITMAP_BITS (BITMAP_LEN * 32) 51 52 enum stream_dir { 53 INVALID = -1, 54 INGRESS = 1, 55 EGRESS, 56 }; 57 58 enum event_type { 59 EVENT_INTERCEPT = 1, 60 EVENT_DEBUG, 61 EVENT_TUPLE_DEBUG, 62 }; 63 64 enum debug_type { 65 DBG_GENERIC, /* Generic, no message, useful to dump random integers */ 66 DBG_MATCH_SPORT, 67 DBG_MATCH_DPORT, 68 DBG_MATCH_PROTO, 69 DBG_MATCH_APPUID, 70 DBG_MATCH_UID, 71 DBG_ACTION_KEY, 72 DBG_MATCH_ACTION, 73 DBG_CT_LOOKUP, 74 DBG_MATCH_DOMAIN, 75 DBG_MATCH_DOMAIN_ACTION, 76 }; 77 78 struct domain_hash_key { 79 __u8 data[DNS_DOMAIN_LEN]; 80 }; 81 82 struct defalut_action_value { 83 enum sk_action inaction; 84 enum sk_action outaction; 85 }; 86 87 struct domain_value { 88 __u32 appuid; 89 __u32 uid; 90 }; 91 92 struct debug_event { 93 enum debug_type type; 94 enum stream_dir dir; 95 __u32 arg1; 96 __u32 arg2; 97 __u32 arg3; 98 __u32 arg4; 99 __u32 arg5; 100 }; 101 102 struct intercept_event { 103 enum stream_dir dir; 104 __u32 family; 105 __u8 protocol; 106 union { 107 struct { 108 __be32 saddr; 109 __be32 daddr; 110 } ipv4; 111 struct { 112 struct in6_addr saddr; 113 struct in6_addr daddr; 114 } ipv6; 115 }; 116 __be16 sport; 117 __be16 dport; 118 __u32 appuid; 119 }; 120 121 struct match_tuple { 122 enum stream_dir dir; 123 __u32 family; 124 __u8 protocol; 125 union { 126 struct { 127 __be32 saddr; 128 __be32 daddr; 129 } ipv4; 130 struct { 131 struct in6_addr saddr; 132 struct in6_addr daddr; 133 } ipv6; 134 }; 135 __be16 sport; 136 __be16 dport; 137 __u32 appuid; 138 __u32 uid; 139 __u16 rst; 140 __u32 ifindex; 141 }; 142 143 144 struct event { 145 enum event_type type; 146 union { 147 struct debug_event debug; 148 struct intercept_event intercept; 149 struct match_tuple tuple; 150 }; 151 __u32 len; 152 }; 153 154 typedef __u8 loop_back_val; 155 typedef __be32 ip4_key; 156 typedef struct in6_addr ip6_key; 157 typedef __u8 action_key; 158 typedef struct bitmap action_val; 159 typedef __be16 port_key; 160 typedef __u8 proto_key; 161 typedef __u32 appuid_key; 162 typedef __u32 uid_key; 163 164 typedef enum { 165 CURRENT_USER_ID_KEY = 1, 166 } current_user_id_key; 167 168 typedef enum { 169 DEFAULT_ACT_IN_KEY = 1, 170 DEFAULT_ACT_OUT_KEY = 2, 171 } default_action_key; 172 173 struct ipv4_lpm_key { 174 __u32 prefixlen; 175 ip4_key data; 176 }; 177 178 struct ipv6_lpm_key { 179 __u32 prefixlen; 180 ip6_key data; 181 }; 182 183 struct dnshdr { 184 __be16 id; 185 __be16 flag; 186 __be16 qdcount; 187 __be16 ancount; 188 __be16 nscount; 189 __be16 arcount; 190 }; 191 192 #endif // NET_FIREWALL_TYPES_H 193