forked from microsoft/xdp-for-windows
-
Notifications
You must be signed in to change notification settings - Fork 0
/
program.h
253 lines (231 loc) · 6.61 KB
/
program.h
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
//
// Copyright (c) Microsoft Corporation.
// Licensed under the MIT License.
//
#ifndef XDPPROGRAM_H
#define XDPPROGRAM_H
#include <in6addr.h>
#include <inaddr.h>
#ifdef __cplusplus
extern "C" {
#endif
#pragma warning(push)
#pragma warning(disable:4201) // nonstandard extension used: nameless struct/union
typedef enum _XDP_MATCH_TYPE {
//
// Match all frames.
//
XDP_MATCH_ALL,
//
// Match all UDP frames.
//
XDP_MATCH_UDP,
//
// Match frames with a specific UDP port number as their destination port.
// The port number is specified by field Port in XDP_MATCH_PATTERN.
//
XDP_MATCH_UDP_DST,
//
// Match IPv4 frames based on their destination address, using an IP address mask.
// The address mask is specified by field IpMask in XDP_MATCH_PATTERN.
//
XDP_MATCH_IPV4_DST_MASK,
//
// Match IPv6 frames based on their destination address, using an IP address mask.
// The address mask is specified by field IpMask in XDP_MATCH_PATTERN.
//
XDP_MATCH_IPV6_DST_MASK,
//
// Match UDP destination port and QUIC source connection IDs in long header
// QUIC packets. The supplied buffer must match the CID at the given offset.
//
XDP_MATCH_QUIC_FLOW_SRC_CID,
//
// Match UDP destination port and QUIC destination connection IDs in short
// header QUIC packets. The supplied buffer must match the CID at the given
// offset.
//
XDP_MATCH_QUIC_FLOW_DST_CID,
//
// Match frames with a specific source and destination IPv4 addresses and UDP
// port numbers.
//
XDP_MATCH_IPV4_UDP_TUPLE,
//
// Match frames with a specific source and destination IPv6 addresses and UDP
// port numbers.
//
XDP_MATCH_IPV6_UDP_TUPLE,
//
// Match frames with a destination UDP port enabled in the port set.
//
XDP_MATCH_UDP_PORT_SET,
//
// Match IPv4 frames matching the destination address and the destination
// UDP port enabled in the port set.
//
XDP_MATCH_IPV4_UDP_PORT_SET,
//
// Match IPv6 frames matching the destination address and the destination
// UDP port enabled in the port set.
//
XDP_MATCH_IPV6_UDP_PORT_SET,
//
// Match IPv4 frames matching the destination address and the destination
// TCP port enabled in the port set.
//
XDP_MATCH_IPV4_TCP_PORT_SET,
//
// Match IPv6 frames matching the destination address and the destination
// TCP port enabled in the port set.
//
XDP_MATCH_IPV6_TCP_PORT_SET,
//
// Match frames with a specific TCP port number as their destination port.
// The port number is specified by field Port in XDP_MATCH_PATTERN.
//
XDP_MATCH_TCP_DST,
//
// Match TCP destination port and QUIC source connection IDs in long header
// QUIC packets. The supplied buffer must match the CID at the given offset.
//
XDP_MATCH_TCP_QUIC_FLOW_SRC_CID,
//
// Match TCP destination port and QUIC destination connection IDs in short
// header QUIC packets. The supplied buffer must match the CID at the given
// offset.
//
XDP_MATCH_TCP_QUIC_FLOW_DST_CID,
//
// Match frames with a specific TCP port number as their destination port and
// TCP control flags (SYN, FIN and RST). The port number is specified by field
// Port in XDP_MATCH_PATTERN.
//
XDP_MATCH_TCP_CONTROL_DST,
} XDP_MATCH_TYPE;
typedef union _XDP_INET_ADDR {
IN_ADDR Ipv4;
IN6_ADDR Ipv6;
} XDP_INET_ADDR;
typedef struct _XDP_IP_ADDRESS_MASK {
XDP_INET_ADDR Mask;
XDP_INET_ADDR Address;
} XDP_IP_ADDRESS_MASK;
typedef struct _XDP_TUPLE {
XDP_INET_ADDR SourceAddress;
XDP_INET_ADDR DestinationAddress;
UINT16 SourcePort;
UINT16 DestinationPort;
} XDP_TUPLE;
#define QUIC_MAX_CID_LENGTH 20
typedef struct _XDP_QUIC_FLOW {
UINT16 UdpPort;
UCHAR CidLength;
UCHAR CidOffset;
UCHAR CidData[QUIC_MAX_CID_LENGTH]; // Max allowed per QUIC v1 RFC
} XDP_QUIC_FLOW;
#define XDP_PORT_SET_BUFFER_SIZE ((MAXUINT16 + 1) / 8)
typedef struct _XDP_PORT_SET {
//
// A port is mapped to the N/8th byte and the N%8th bit. The underlying
// buffer must be 8-byte aligned. The buffer size (in bytes) must be
// XDP_PORT_SET_BUFFER_SIZE. The port is represented in network order.
//
UINT8 *PortSet;
VOID *Reserved;
} XDP_PORT_SET;
typedef struct _XDP_IP_PORT_SET {
XDP_INET_ADDR Address;
XDP_PORT_SET PortSet;
} XDP_IP_PORT_SET;
//
// Defines a pattern to match frames.
//
typedef union _XDP_MATCH_PATTERN {
//
// Match on port number.
//
UINT16 Port;
//
// Match on a partial IP address.
// The bitwise AND operation is applied to:
// * the Mask field of XDP_IP_ADDRESS_MASK and
// * the IP address of the frame.
// The result is compared to the Address field of XDP_IP_ADDRESS_MASK.
//
XDP_IP_ADDRESS_MASK IpMask;
//
// Match on source and destination IP addresses and ports.
//
XDP_TUPLE Tuple;
//
// Match on UDP port and QUIC connection ID.
//
XDP_QUIC_FLOW QuicFlow;
//
// Match on destination port.
//
XDP_PORT_SET PortSet;
//
// Match on destination IP address and port.
//
XDP_IP_PORT_SET IpPortSet;
} XDP_MATCH_PATTERN;
typedef enum _XDP_RULE_ACTION {
//
// Frame must be dropped.
//
XDP_PROGRAM_ACTION_DROP,
//
// Frame must be allowed to continue.
//
XDP_PROGRAM_ACTION_PASS,
//
// Frame must be redirected to the target specified in XDP_REDIRECT_PARAMS.
//
XDP_PROGRAM_ACTION_REDIRECT,
//
// The frame's ethernet source and destination addresses are swapped and the
// frame is directed onto the return path. For native XDP drivers, this
// results in an XDP_RX_ACTION_TX.
//
XDP_PROGRAM_ACTION_L2FWD,
//
// Reserved for internal use: the action is determined by the specified
// eBPF program.
//
XDP_PROGRAM_ACTION_EBPF,
} XDP_RULE_ACTION;
//
// Target types for a redirect action.
//
typedef enum _XDP_REDIRECT_TARGET_TYPE {
//
// Redirect frames to an XDP socket.
//
XDP_REDIRECT_TARGET_TYPE_XSK,
} XDP_REDIRECT_TARGET_TYPE;
typedef struct _XDP_REDIRECT_PARAMS {
XDP_REDIRECT_TARGET_TYPE TargetType;
HANDLE Target;
} XDP_REDIRECT_PARAMS;
typedef struct _XDP_EBPF_PARAMS {
HANDLE Target;
} XDP_EBPF_PARAMS;
//
// XDP program rule.
//
typedef struct _XDP_RULE {
XDP_MATCH_TYPE Match;
XDP_MATCH_PATTERN Pattern;
XDP_RULE_ACTION Action;
union {
XDP_REDIRECT_PARAMS Redirect;
XDP_EBPF_PARAMS Ebpf;
};
} XDP_RULE;
#pragma warning(pop)
#ifdef __cplusplus
} // extern "C"
#endif
#endif