1 /*
2 * Copyright (c) 2024 Apple Inc. All rights reserved.
3 *
4 * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. The rights granted to you under the License
10 * may not be used to create, or enable the creation or redistribution of,
11 * unlawful or unlicensed copies of an Apple operating system, or to
12 * circumvent, violate, or enable the circumvention or violation of, any
13 * terms of an Apple operating system software license agreement.
14 *
15 * Please obtain a copy of the License at
16 * http://www.opensource.apple.com/apsl/ and read it before using this file.
17 *
18 * The Original Code and all software distributed under the License are
19 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
20 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
21 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
22 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
23 * Please see the License for the specific language governing rights and
24 * limitations under the License.
25 *
26 * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
27 */
28
29 #ifndef _NET_DROPTAP_H_
30 #define _NET_DROPTAP_H_
31
32 #ifdef PRIVATE
33 #include <net/pktap.h>
34
35 #define DROPTAP_IFNAME "droptap"
36 #define DROPTAP_IFXNAMESIZE (IF_NAMESIZE + 8)
37
38 #define DROPTAP_DROPFUNC_MAXLEN 64
39
40 /*
41 * Droptap header is a special type of pktap header with droptap-specific
42 * metadata.
43 */
44 struct droptap_header {
45 struct pktap_header dth_pktap_hdr;
46 uint32_t dth_dropreason;
47 uint8_t dth_dropfunc_size;
48 uint16_t dth_dropline;
49 char dth_dropfunc[DROPTAP_DROPFUNC_MAXLEN];
50 };
51
52 /*
53 * If we do not want to store function name and line number, client should pass
54 * NULL to dropfunc, and then droptap internally sets dth_dropfunc_size to 0 and
55 * copies fields up to dth_dropfunc_size to bpf.
56 */
57 #define DROPTAP_HDR_SIZE(dtaphdr) \
58 (((dtaphdr)->dth_dropfunc_size == 0) ? \
59 (__offsetof(struct droptap_header, dth_dropfunc_size) + sizeof((dtaphdr)->dth_dropfunc_size)) : \
60 (__offsetof(struct droptap_header, dth_dropfunc) + (dtaphdr)->dth_dropfunc_size + 1))
61
62 /*
63 * Drop Reason is a 32-bit encoding of drop code, domain, and component.
64 *
65 * Reserved Component Domain Drop Code
66 * ╭─────────┬─────────┬─────────────┬───────────────╮
67 * │ 4 │ 4 │ 8 │ 16 │
68 * ╰─────────┴─────────┴─────────────┴───────────────╯
69 * ╰─────────────────────────────────────────────────╯
70 * Drop Reason
71 *
72 * [ 15:0] Drop Code: Specific reason why the drop happened (e.g. AQM full)
73 * [23:16] Domain : Which domain the drop happened (e.g. Flowswitch, TCP, IP)
74 * [27:24] Component: Which component the drop happened (e.g. Skywalk, BSD, driver)
75 * [31:28] Reserved : Reserved for future use
76 *
77 */
78 #define DROP_COMPONENT_MASK 0x0f000000
79 #define DROP_COMPONENT_OFFSET 24
80 #define DROP_COMPONENT_MAX 0x0f
81 #define DROP_DOMAIN_MASK 0x00ff0000
82 #define DROP_DOMAIN_OFFSET 16
83 #define DROP_DOMAIN_MAX 0xff
84 #define DROP_CODE_MASK 0x0000ffff
85 #define DROP_CODE_OFFSET 0
86 #define DROP_CODE_MAX 0xffff
87
88 /* 32-bit Drop Reason */
89 #define DROP_REASON(component, domain, code) \
90 (((unsigned)((component) & 0x0f) << DROP_COMPONENT_OFFSET) | \
91 ((unsigned)((domain) & 0xff) << DROP_DOMAIN_OFFSET) | \
92 ((unsigned)((code) & 0xffff) << DROP_CODE_OFFSET))
93
94 /* All components */
95 #define DROPTAP_SKYWALK 1
96 #define DROPTAP_BSD 2
97
98 /* All domains for Skywalk component */
99 #define DROPTAP_FSW 1
100 #define DROPTAP_NETIF 2
101 #define _DROPTAP_PAD_3 3
102 #define _DROPTAP_PAD_4 4
103 #define DROPTAP_AQM 5
104
105 /* All domains for BSD component */
106 #define DROPTAP_TCP 1
107 #define DROPTAP_UDP 2
108 #define DROPTAP_IP 3
109 #define DROPTAP_SOCK 4
110 #define DROPTAP_DLIL 5
111 #define DROPTAP_IPSEC 6
112 #define DROPTAP_IP6 7
113 #define DROPTAP_MPTCP 8
114 #define DROPTAP_PF 9
115 #define DROPTAP_BRIDGE 10
116
117 #define DROPTAP_UNSPEC 0
118
119 #define DROP_REASON_LIST \
120 X(DROP_REASON_UNSPECIFIED, DROPTAP_UNSPEC, DROPTAP_UNSPEC, DROPTAP_UNSPEC, "Drop reason not specified") \
121 /* Skywalk component */ \
122 X(DROP_REASON_FSW_PP_ALLOC_FAILED, DROPTAP_SKYWALK, DROPTAP_FSW, 1, "Flowswitch packet alloc failed") \
123 X(DROP_REASON_RX_DST_RING_FULL, DROPTAP_SKYWALK, DROPTAP_FSW, 2, "Flowswitch Rx destination ring full") \
124 X(DROP_REASON_FSW_QUIESCED, DROPTAP_SKYWALK, DROPTAP_FSW, 3, "Flowswitch detached") \
125 X(DROP_REASON_FSW_IFNET_NOT_ATTACHED, DROPTAP_SKYWALK, DROPTAP_FSW, 4, "Flowswitch ifnet not attached") \
126 X(DROP_REASON_FSW_DEMUX_FAILED, DROPTAP_SKYWALK, DROPTAP_FSW, 5, "Flowswitch demux error") \
127 X(DROP_REASON_FSW_TX_DEVPORT_NOT_ATTACHED, DROPTAP_SKYWALK, DROPTAP_FSW, 6, "Flowswitch destination nexus port inactive") \
128 X(DROP_REASON_FSW_TX_FLOW_EXTRACT_FAILED, DROPTAP_SKYWALK, DROPTAP_FSW, 7, "Flowswitch flow extract error") \
129 X(DROP_REASON_FSW_TX_FRAG_BAD_CONT, DROPTAP_SKYWALK, DROPTAP_FSW, 8, "Flowswitch invalid continuation fragment") \
130 X(DROP_REASON_FSW_TX_FLOW_NOT_FOUND, DROPTAP_SKYWALK, DROPTAP_FSW, 9, "Flowswitch flow lookup failed") \
131 X(DROP_REASON_FSW_TX_RESOLV_PENDING, DROPTAP_SKYWALK, DROPTAP_FSW, 10, "Flowswitch resolution pending") \
132 X(DROP_REASON_FSW_TX_RESOLV_FAILED, DROPTAP_SKYWALK, DROPTAP_FSW, 11, "Flowswitch resolution failed") \
133 X(DROP_REASON_FSW_FLOW_NONVIABLE, DROPTAP_SKYWALK, DROPTAP_FSW, 12, "Flowswitch flow not viable") \
134 X(DROP_REASON_FSW_RX_RING_NOT_FOUND, DROPTAP_SKYWALK, DROPTAP_FSW, 13, "Flowswitch Rx ring not found") \
135 X(DROP_REASON_FSW_RX_PKT_NOT_FINALIZED, DROPTAP_SKYWALK, DROPTAP_FSW, 14, "Flowswitch packet not finalized") \
136 X(DROP_REASON_FSW_FLOW_TRACK_ERR, DROPTAP_SKYWALK, DROPTAP_FSW, 15, "Flowswitch flow tracker error") \
137 X(DROP_REASON_FSW_PKT_COPY_FAILED, DROPTAP_SKYWALK, DROPTAP_FSW, 16, "Flowswitch packet copy failed") \
138 X(DROP_REASON_FSW_GSO_FAILED, DROPTAP_SKYWALK, DROPTAP_FSW, 17, "Flowswitch GSO failed") \
139 X(DROP_REASON_FSW_GSO_NOMEM_PKT, DROPTAP_SKYWALK, DROPTAP_FSW, 18, "Flowswitch GSO not enough packet memory") \
140 X(DROP_REASON_FSW_GSO_NOMEM_MBUF, DROPTAP_SKYWALK, DROPTAP_FSW, 19, "Flowswitch GSO not enough mbuf memory") \
141 X(DROP_REASON_FSW_DST_NXPORT_INVALID, DROPTAP_SKYWALK, DROPTAP_FSW, 20, "Flowswitch dst nexus port invalid") \
142 X(DROP_REASON_FSW_DEMUX_L2_MULTI_L3_UNI, DROPTAP_SKYWALK, DROPTAP_FSW, 21, "Flowswitch demux l2 multicast l3 unicast") \
143 X(DROP_REASON_AQM_FULL, DROPTAP_SKYWALK, DROPTAP_AQM, 1, "AQM full") \
144 X(DROP_REASON_AQM_COMPRESSED, DROPTAP_SKYWALK, DROPTAP_AQM, 2, "AQM compressed") \
145 X(DROP_REASON_AQM_BK_SYS_THROTTLED, DROPTAP_SKYWALK, DROPTAP_AQM, 3, "AQM BK_SYS throttled") \
146 X(DROP_REASON_AQM_PURGE_FLOW, DROPTAP_SKYWALK, DROPTAP_AQM, 4, "AQM purge flow") \
147 X(DROP_REASON_AQM_DROP, DROPTAP_SKYWALK, DROPTAP_AQM, 5, "AQM drop") \
148 X(DROP_REASON_AQM_HIGH_DELAY, DROPTAP_SKYWALK, DROPTAP_AQM, 6, "AQM drop due to high delay") \
149 /* Socket */ \
150 X(DROP_REASON_FULL_SOCK_RCVBUF, DROPTAP_BSD, DROPTAP_SOCK, 1, "Socket receive buffer full") \
151 /* DLIL */ \
152 X(DROP_REASON_DLIL_BURST_LIMIT, DROPTAP_BSD, DROPTAP_DLIL, 1, "DLIL burst limit exceeded") \
153 X(DROP_REASON_DLIL_ENQUEUE_INVALID, DROPTAP_BSD, DROPTAP_DLIL, 2, "DLIL enqueue invalid") \
154 X(DROP_REASON_DLIL_ENQUEUE_IF_NOT_ATTACHED, DROPTAP_BSD, DROPTAP_DLIL, 3, "DLIL enqueue interface not fully attached") \
155 X(DROP_REASON_DLIL_ENQUEUE_IF_NOT_UP, DROPTAP_BSD, DROPTAP_DLIL, 4, "DLIL enqueue interface not up") \
156 X(DROP_REASON_DLIL_IF_FILTER, DROPTAP_BSD, DROPTAP_DLIL, 5, "DLIL interface filter") \
157 X(DROP_REASON_DLIL_IF_DATAMOV_BEGIN, DROPTAP_BSD, DROPTAP_DLIL, 6, "DLIL interface datamove begin") \
158 X(DROP_REASON_DLIL_CLAT64, DROPTAP_BSD, DROPTAP_DLIL, 7, "DLIL CLAT46") \
159 X(DROP_REASON_DLIL_PROMISC, DROPTAP_BSD, DROPTAP_DLIL, 8, "DLIL promiscuous") \
160 X(DROP_REASON_DLIL_NO_PROTO, DROPTAP_BSD, DROPTAP_DLIL, 9, "DLIL no protocol") \
161 X(DROP_REASON_DLIL_PRE_OUTPUT, DROPTAP_BSD, DROPTAP_DLIL, 10, "DLIL pre output") \
162 X(DROP_REASON_DLIL_IF_FRAMER, DROPTAP_BSD, DROPTAP_DLIL, 11, "DLIL interface framer") \
163 X(DROP_REASON_DLIL_TSO_NOT_OK, DROPTAP_BSD, DROPTAP_DLIL, 12, "DLIL interface TSO not OK") \
164 /* MPTCP */ \
165 X(DROP_REASON_MPTCP_INPUT_MALFORMED, DROPTAP_BSD, DROPTAP_MPTCP,1, "MPTCP input packet malformed") \
166 X(DROP_REASON_MPTCP_REASSEMBLY_ALLOC, DROPTAP_BSD, DROPTAP_MPTCP,2, "MPTCP reassembly allocation") \
167 /* PF */ \
168 X(DROP_REASON_PF_UNSPECIFIED, DROPTAP_BSD, DROPTAP_PF, 1, "PF unspecified reason") \
169 X(DROP_REASON_PF_UNDERSIZED, DROPTAP_BSD, DROPTAP_PF, 2, "PF undersized") \
170 X(DROP_REASON_PF_NO_ROUTE, DROPTAP_BSD, DROPTAP_PF, 3, "PF no route") \
171 X(DROP_REASON_PF_NULL_IFP, DROPTAP_BSD, DROPTAP_PF, 4, "PF NULL ifp") \
172 X(DROP_REASON_PF_NO_TSO, DROPTAP_BSD, DROPTAP_PF, 5, "PF No TSO?") \
173 X(DROP_REASON_PF_CANNOT_FRAGMENT, DROPTAP_BSD, DROPTAP_PF, 6, "PF Cannot fragment") \
174 X(DROP_REASON_PF_OVERLAPPING_FRAGMENT, DROPTAP_BSD, DROPTAP_PF, 7, "PF overlapping fragment") \
175 X(DROP_REASON_PF_BAD_FRAGMENT, DROPTAP_BSD, DROPTAP_PF, 8, "PF overlapping fragment") \
176 X(DROP_REASON_PF_MEM_ALLOC, DROPTAP_BSD, DROPTAP_PF, 9, "PF memory allocation") \
177 X(DROP_REASON_PF_DROP, DROPTAP_BSD, DROPTAP_PF, 10, "PF drop") \
178 /* BRIDGE */ \
179 X(DROP_REASON_BRIDGE_UNSPECIFIED, DROPTAP_BSD, DROPTAP_BRIDGE, 1, "Bridge unspecified reason") \
180 X(DROP_REASON_BRIDGE_CHECKSUM, DROPTAP_BSD, DROPTAP_BRIDGE, 2, "Bridge checksum") \
181 X(DROP_REASON_BRIDGE_NOT_RUNNING, DROPTAP_BSD, DROPTAP_BRIDGE, 3, "Bridge not running") \
182 X(DROP_REASON_BRIDGE_PRIVATE_SEGMENT, DROPTAP_BSD, DROPTAP_BRIDGE, 4, "Bridge private segment") \
183 X(DROP_REASON_BRIDGE_NO_PROTO, DROPTAP_BSD, DROPTAP_BRIDGE, 5, "Bridge unknown protocol") \
184 X(DROP_REASON_BRIDGE_BAD_PROTO, DROPTAP_BSD, DROPTAP_BRIDGE, 6, "Bridge bad protocol") \
185 X(DROP_REASON_BRIDGE_MAC_NAT_FAILURE, DROPTAP_BSD, DROPTAP_BRIDGE, 7, "Bridge NAT failure") \
186 X(DROP_REASON_BRIDGE_HOST_FILTER, DROPTAP_BSD, DROPTAP_BRIDGE, 8, "Bridge host filter") \
187 X(DROP_REASON_BRIDGE_HWASSIST, DROPTAP_BSD, DROPTAP_BRIDGE, 9, "Bridge HW assisst") \
188 X(DROP_REASON_BRIDGE_NOREF, DROPTAP_BSD, DROPTAP_BRIDGE, 10, "Bridge noref") \
189 X(DROP_REASON_BRIDGE_PF, DROPTAP_BSD, DROPTAP_BRIDGE, 11, "Bridge PF") \
190 X(DROP_REASON_BRIDGE_LOOP, DROPTAP_BSD, DROPTAP_BRIDGE, 12, "Bridge loop") \
191 X(DROP_REASON_BRIDGE_NOT_A_MEMBER, DROPTAP_BSD, DROPTAP_BRIDGE, 13, "Bridge not a member") \
192 /* TCP */ \
193 X(DROP_REASON_TCP_RST, DROPTAP_BSD, DROPTAP_TCP, 1, "TCP connection reset") \
194 X(DROP_REASON_TCP_REASSEMBLY_ALLOC, DROPTAP_BSD, DROPTAP_TCP, 2, "TCP reassembly allocation") \
195 X(DROP_REASON_TCP_NECP, DROPTAP_BSD, DROPTAP_TCP, 3, "TCP NECP not allowed") \
196 X(DROP_REASON_TCP_PKT_UNSENT, DROPTAP_BSD, DROPTAP_TCP, 4, "TCP unsent packet") \
197 X(DROP_REASON_TCP_SRC_ADDR_NOT_AVAIL, DROPTAP_BSD, DROPTAP_TCP, 5, "TCP source address not available") \
198 X(DROP_REASON_TCP_REASS_OVERFLOW, DROPTAP_BSD, DROPTAP_TCP, 6, "TCP reassembly queue overflow") \
199 X(DROP_REASON_TCP_CHECKSUM_INCORRECT, DROPTAP_BSD, DROPTAP_TCP, 7, "TCP checksum incorrect") \
200 X(DROP_REASON_TCP_SRC_ADDR_UNSPECIFIED, DROPTAP_BSD, DROPTAP_TCP, 8, "TCP source address unspecified") \
201 X(DROP_REASON_TCP_OFFSET_INCORRECT, DROPTAP_BSD, DROPTAP_TCP, 9, "TCP offset incorrect") \
202 X(DROP_REASON_TCP_SYN_FIN, DROPTAP_BSD, DROPTAP_TCP, 10, "TCP SYN with FIN") \
203 X(DROP_REASON_TCP_NO_SOCK, DROPTAP_BSD, DROPTAP_TCP, 11, "TCP no socket") \
204 X(DROP_REASON_TCP_PCB_MISMATCH, DROPTAP_BSD, DROPTAP_TCP, 12, "TCP protocol control block mismatch") \
205 X(DROP_REASON_TCP_NO_PCB, DROPTAP_BSD, DROPTAP_TCP, 13, "TCP no protocol control block") \
206 X(DROP_REASON_TCP_CLOSED, DROPTAP_BSD, DROPTAP_TCP, 14, "TCP state CLOSED") \
207 X(DROP_REASON_TCP_FLAGS_INCORRECT, DROPTAP_BSD, DROPTAP_TCP, 15, "TCP flags incorrect") \
208 X(DROP_REASON_TCP_LISTENER_CLOSING, DROPTAP_BSD, DROPTAP_TCP, 16, "TCP listener closing") \
209 X(DROP_REASON_TCP_SYN_RST, DROPTAP_BSD, DROPTAP_TCP, 17, "TCP SYN with RST") \
210 X(DROP_REASON_TCP_SYN_ACK_LISTENER, DROPTAP_BSD, DROPTAP_TCP, 18, "TCP SYN with ACK for listener") \
211 X(DROP_REASON_TCP_LISTENER_NO_SYN, DROPTAP_BSD, DROPTAP_TCP, 19, "TCP no SYN for listener") \
212 X(DROP_REASON_TCP_SAME_PORT, DROPTAP_BSD, DROPTAP_TCP, 20, "TCP same source and destination ports") \
213 X(DROP_REASON_TCP_BCAST_MCAST, DROPTAP_BSD, DROPTAP_TCP, 21, "TCP address not unicast") \
214 X(DROP_REASON_TCP_DEPRECATED_ADDR, DROPTAP_BSD, DROPTAP_TCP, 22, "TCP address deprecated") \
215 X(DROP_REASON_TCP_LISTENER_DROP, DROPTAP_BSD, DROPTAP_TCP, 23, "TCP listener drop") \
216 X(DROP_REASON_TCP_PCB_HASH_FAILED, DROPTAP_BSD, DROPTAP_TCP, 24, "TCP protocol control block hash") \
217 X(DROP_REASON_TCP_CONTENT_FILTER_ATTACH, DROPTAP_BSD, DROPTAP_TCP, 25, "TCP control filter attach") \
218 X(DROP_REASON_TCP_BIND_IN_PROGRESS, DROPTAP_BSD, DROPTAP_TCP, 26, "TCP bind in progress") \
219 X(DROP_REASON_TCP_MEM_ALLOC, DROPTAP_BSD, DROPTAP_TCP, 27, "TCP memory allocation") \
220 X(DROP_REASON_TCP_PCB_CONNECT, DROPTAP_BSD, DROPTAP_TCP, 28, "TCP protocol control block connect") \
221 X(DROP_REASON_TCP_SYN_RECEIVED_BAD_ACK, DROPTAP_BSD, DROPTAP_TCP, 29, "TCP SYN_RECEIVED bad ACK") \
222 X(DROP_REASON_TCP_SYN_SENT_BAD_ACK, DROPTAP_BSD, DROPTAP_TCP, 30, "TCP SYN_SENT bad ACK") \
223 X(DROP_REASON_TCP_SYN_SENT_NO_SYN, DROPTAP_BSD, DROPTAP_TCP, 31, "TCP SYN_SENT no SYN") \
224 X(DROP_REASON_TCP_ACK_TOOMUCH, DROPTAP_BSD, DROPTAP_TCP, 32, "TCP ACK rate limit") \
225 X(DROP_REASON_TCP_OLD_ACK, DROPTAP_BSD, DROPTAP_TCP, 33, "TCP challenge ACK") \
226 X(DROP_REASON_TCP_SYN_DATA_INVALID, DROPTAP_BSD, DROPTAP_TCP, 34, "TCP SYN data invalid") \
227 X(DROP_REASON_TCP_SYN_RECEIVED_BAD_SEQ, DROPTAP_BSD, DROPTAP_TCP, 35, "TCP SYN_RECEIVED bad sequence number") \
228 X(DROP_REASON_TCP_RECV_AFTER_CLOSE, DROPTAP_BSD, DROPTAP_TCP, 36, "TCP receive after close") \
229 X(DROP_REASON_TCP_BAD_ACK, DROPTAP_BSD, DROPTAP_TCP, 37, "TCP bad ACK") \
230 X(DROP_REASON_TCP_BAD_RST, DROPTAP_BSD, DROPTAP_TCP, 38, "TCP bad RST") \
231 X(DROP_REASON_TCP_PAWS, DROPTAP_BSD, DROPTAP_TCP, 39, "TCP PAWS") \
232 X(DROP_REASON_TCP_REASS_MEMORY_PRESSURE, DROPTAP_BSD, DROPTAP_TCP, 40, "TCP reassembly queue memory pressure") \
233 X(DROP_REASON_TCP_CREATE_SERVER_SOCKET, DROPTAP_BSD, DROPTAP_TCP, 41, "TCP create server socket failed") \
234 X(DROP_REASON_TCP_INSEQ_MEMORY_PRESSURE, DROPTAP_BSD, DROPTAP_TCP, 42, "TCP in-seq input under memory pressure") \
235 /* IP */ \
236 X(DROP_REASON_IP_UNKNOWN_MULTICAST_GROUP, DROPTAP_BSD, DROPTAP_IP, 2, "IP unknown multicast group join") \
237 X(DROP_REASON_IP_INVALID_ADDR, DROPTAP_BSD, DROPTAP_IP, 3, "Invalid IP address") \
238 X(DROP_REASON_IP_TOO_SHORT, DROPTAP_BSD, DROPTAP_IP, 4, "IP packet too short") \
239 X(DROP_REASON_IP_TOO_SMALL, DROPTAP_BSD, DROPTAP_IP, 5, "IP header too small") \
240 X(DROP_REASON_IP_RCV_IF_NO_MATCH, DROPTAP_BSD, DROPTAP_IP, 6, "IP receive interface no match") \
241 X(DROP_REASON_IP_CANNOT_FORWARD, DROPTAP_BSD, DROPTAP_IP, 7, "IP cannot forward") \
242 X(DROP_REASON_IP_BAD_VERSION, DROPTAP_BSD, DROPTAP_IP, 8, "IP bad version") \
243 X(DROP_REASON_IP_BAD_CHECKSUM, DROPTAP_BSD, DROPTAP_IP, 9, "IP bad checksum") \
244 X(DROP_REASON_IP_BAD_HDR_LENGTH, DROPTAP_BSD, DROPTAP_IP, 10, "IP bad header length") \
245 X(DROP_REASON_IP_BAD_LENGTH, DROPTAP_BSD, DROPTAP_IP, 11, "IP bad length") \
246 X(DROP_REASON_IP_BAD_TTL, DROPTAP_BSD, DROPTAP_IP, 12, "IP bad TTL") \
247 X(DROP_REASON_IP_NO_PROTO, DROPTAP_BSD, DROPTAP_IP, 13, "IP unknown protocol") \
248 X(DROP_REASON_IP_FRAG_NOT_ACCEPTED, DROPTAP_BSD, DROPTAP_IP, 14, "IP fragment not accepted") \
249 X(DROP_REASON_IP_FRAG_DROPPED, DROPTAP_BSD, DROPTAP_IP, 15, "IP fragment dropped") \
250 X(DROP_REASON_IP_FRAG_TIMEOUT, DROPTAP_BSD, DROPTAP_IP, 16, "IP fragment timeout") \
251 X(DROP_REASON_IP_FRAG_TOO_MANY, DROPTAP_BSD, DROPTAP_IP, 17, "IP fragment too many") \
252 X(DROP_REASON_IP_FRAG_TOO_LONG, DROPTAP_BSD, DROPTAP_IP, 18, "IP fragment too long") \
253 X(DROP_REASON_IP_FRAG_DRAINED, DROPTAP_BSD, DROPTAP_IP, 19, "IP fragment drained") \
254 X(DROP_REASON_IP_FILTER_DROP, DROPTAP_BSD, DROPTAP_IP, 20, "IP filter drop") \
255 X(DROP_REASON_IP_FRAG_TOO_SMALL, DROPTAP_BSD, DROPTAP_IP, 21, "IP too small to fragment") \
256 X(DROP_REASON_IP_FRAG_NO_MEM, DROPTAP_BSD, DROPTAP_IP, 22, "IP no memory for fragmentation") \
257 X(DROP_REASON_IP_CANNOT_FRAGMENT, DROPTAP_BSD, DROPTAP_IP, 23, "IP cannot fragment") \
258 X(DROP_REASON_IP_OUTBOUND_IPSEC_POLICY, DROPTAP_BSD, DROPTAP_IP, 24, "IP outbound IPsec policy") \
259 X(DROP_REASON_IP_ZERO_NET, DROPTAP_BSD, DROPTAP_IP, 25, "IP to network zero") \
260 X(DROP_REASON_IP_SRC_ADDR_NO_AVAIL, DROPTAP_BSD, DROPTAP_IP, 26, "IP source address not available") \
261 X(DROP_REASON_IP_DST_ADDR_NO_AVAIL, DROPTAP_BSD, DROPTAP_IP, 27, "IP destination address not available") \
262 X(DROP_REASON_IP_TO_RESTRICTED_IF, DROPTAP_BSD, DROPTAP_IP, 28, "IP packet to a restricted interface") \
263 X(DROP_REASON_IP_NO_ROUTE, DROPTAP_BSD, DROPTAP_IP, 29, "IP no route") \
264 X(DROP_REASON_IP_IF_CANNOT_MULTICAST, DROPTAP_BSD, DROPTAP_IP, 30, "IP multicast not supported by interface") \
265 X(DROP_REASON_IP_SRC_ADDR_ANY, DROPTAP_BSD, DROPTAP_IP, 31, "IP source address any") \
266 X(DROP_REASON_IP_IF_CANNOT_BROADCAST, DROPTAP_BSD, DROPTAP_IP, 32, "IP broadcast not supported by interface") \
267 X(DROP_REASON_IP_BROADCAST_NOT_ALLOWED, DROPTAP_BSD, DROPTAP_IP, 33, "IP broadcast not allowed") \
268 X(DROP_REASON_IP_BROADCAST_TOO_BIG, DROPTAP_BSD, DROPTAP_IP, 34, "IP broadcast too big for MTU") \
269 X(DROP_REASON_IP_FILTER_TSO, DROPTAP_BSD, DROPTAP_IP, 35, "TSO packet to IP filter") \
270 X(DROP_REASON_IP_NECP_POLICY_NO_ALLOW_IF, DROPTAP_BSD, DROPTAP_IP, 36, "NECP not allowed on interface") \
271 X(DROP_REASON_IP_NECP_POLICY_DROP, DROPTAP_BSD, DROPTAP_IP, 37, "NECP drop") \
272 X(DROP_REASON_IP_NECP_POLICY_SOCKET_DIVERT, DROPTAP_BSD, DROPTAP_IP, 38, "NECP socket divert") \
273 X(DROP_REASON_IP_NECP_POLICY_TUN_NO_ALLOW_IF, DROPTAP_BSD, DROPTAP_IP, 39, "NECP tunnel not allowed on interface") \
274 X(DROP_REASON_IP_NECP_POLICY_TUN_REBIND_NO_ALLOW_IF, DROPTAP_BSD, DROPTAP_IP, 40, "NECP rebind not allowed on interface") \
275 X(DROP_REASON_IP_NECP_POLICY_TUN_NO_REBIND_IF, DROPTAP_BSD, DROPTAP_IP, 41, "NECP rebind not allowed on interface") \
276 X(DROP_REASON_IP_NECP_NO_ALLOW_IF, DROPTAP_BSD, DROPTAP_IP, 42, "NECP packet not allowed on interface") \
277 X(DROP_REASON_IP_ENOBUFS, DROPTAP_BSD, DROPTAP_IP, 43, "IP No buffer space available") \
278 X(DROP_REASON_IP_ILLEGAL_PORT, DROPTAP_BSD, DROPTAP_IP, 44, "IP Illegal port") \
279 X(DROP_REASON_IP_UNREACHABLE_PORT, DROPTAP_BSD, DROPTAP_IP, 45, "IP Unreachable port") \
280 X(DROP_REASON_IP_MULTICAST_NO_PORT, DROPTAP_BSD, DROPTAP_IP, 46, "IP Multicast no port") \
281 X(DROP_REASON_IP_EISCONN, DROPTAP_BSD, DROPTAP_IP, 47, "IP Socket is already connected") \
282 X(DROP_REASON_IP_EAFNOSUPPORT, DROPTAP_BSD, DROPTAP_IP, 48, "IP Address family not supported by protocol family") \
283 X(DROP_REASON_IP_NO_SOCK, DROPTAP_BSD, DROPTAP_IP, 49, "IP No matching sock") \
284 /* IPsec */ \
285 X(DROP_REASON_IPSEC_REJECT, DROPTAP_BSD, DROPTAP_IPSEC,1, "IPsec reject") \
286 /* IPv6 */ \
287 X(DROP_REASON_IP6_OPT_DISCARD, DROPTAP_BSD, DROPTAP_IP6, 1, "IPv6 discard option") \
288 X(DROP_REASON_IP6_IF_IPV6_DISABLED, DROPTAP_BSD, DROPTAP_IP6, 2, "IPv6 is disabled on the interface") \
289 X(DROP_REASON_IP6_BAD_SCOPE, DROPTAP_BSD, DROPTAP_IP6, 3, "IPv6 bad scope") \
290 X(DROP_REASON_IP6_UNPROXIED_NS, DROPTAP_BSD, DROPTAP_IP6, 4, "IPv6 unproxied mistargeted Neighbor Solicitation") \
291 X(DROP_REASON_IP6_BAD_OPTION, DROPTAP_BSD, DROPTAP_IP6, 5, "IPv6 bad option") \
292 X(DROP_REASON_IP6_TOO_MANY_OPTIONS, DROPTAP_BSD, DROPTAP_IP6, 6, "IPv6 too many header options") \
293 X(DROP_REASON_IP6_BAD_PATH_MTU, DROPTAP_BSD, DROPTAP_IP6, 7, "IPv6 bad path MTU") \
294 X(DROP_REASON_IP6_NO_PREFERRED_SRC_ADDR, DROPTAP_BSD, DROPTAP_IP6, 8, "IPv6 no preferred source address") \
295 X(DROP_REASON_IP6_BAD_HLIM, DROPTAP_BSD, DROPTAP_IP6, 9, "IPv6 bad HLIM") \
296 X(DROP_REASON_IP6_BAD_DAD, DROPTAP_BSD, DROPTAP_IP6, 10, "IPv6 bad DAD") \
297 X(DROP_REASON_IP6_NO_ND6ALT_IF, DROPTAP_BSD, DROPTAP_IP6, 11, "IPv6 no ND6ALT interface") \
298 X(DROP_REASON_IP6_BAD_ND_STATE, DROPTAP_BSD, DROPTAP_IP6, 12, "IPv6 Bad ND state") \
299 X(DROP_REASON_IP6_ONLY, DROPTAP_BSD, DROPTAP_IP6, 13, "IPv6 Only") \
300 X(DROP_REASON_IP6_ADDR_UNSPECIFIED, DROPTAP_BSD, DROPTAP_IP6, 14, "IPv6 Address is unspecified") \
301 X(DROP_REASON_IP6_FRAG_OVERLAPPING, DROPTAP_BSD, DROPTAP_IP6, 15, "IPv6 Fragment overlaping") \
302 X(DROP_REASON_IP6_FRAG_MIXED_CE, DROPTAP_BSD, DROPTAP_IP6, 16, "IPv6 Fragment mixed CE bits") \
303 X(DROP_REASON_IP6_RA_NOT_LL, DROPTAP_BSD, DROPTAP_IP6, 17, "IPv6 RA src is not LL") \
304 X(DROP_REASON_IP6_RA_BAD_LLADDR_LEN, DROPTAP_BSD, DROPTAP_IP6, 18, "IPv6 RA bad LL length") \
305 X(DROP_REASON_IP6_RS_BAD_LLADDR_LEN, DROPTAP_BSD, DROPTAP_IP6, 19, "IPv6 RS bad LL length") \
306 X(DROP_REASON_IP6_MEM_ALLOC, DROPTAP_BSD, DROPTAP_IP6, 20, "IPv6 memory allocation") \
307 X(DROP_REASON_IP6_TOO_BIG, DROPTAP_BSD, DROPTAP_IP6, 21, "IPv6 too big for MTU") \
308 X(DROP_REASON_IP6_POSSIBLE_LOOP, DROPTAP_BSD, DROPTAP_IP6, 22, "IPv6 possible loop") \
309 X(DROP_REASON_IP6_ICMP_DROP, DROPTAP_BSD, DROPTAP_IP6, 23, "IPv6 ICMPv6 drop") \
310 X(DROP_REASON_IP6_BAD_NI, DROPTAP_BSD, DROPTAP_IP6, 24, "IPv6 bad NI") \
311 X(DROP_REASON_IP6_NS_FROM_NON_NEIGHBOR, DROPTAP_BSD, DROPTAP_IP6, 25, "IPv6 NS from non-neighbor") \
312 X(DROP_REASON_IP6_NS_TO_MULTICAST, DROPTAP_BSD, DROPTAP_IP6, 26, "IPv6 NS targeting multicast") \
313 X(DROP_REASON_IP6_NS_BAD_ND_OPT, DROPTAP_BSD, DROPTAP_IP6, 27, "IPv6 NS with invalid ND opt") \
314 X(DROP_REASON_IP6_NS_BAD_LLADDR_LEN, DROPTAP_BSD, DROPTAP_IP6, 28, "IPv6 NS bad LL length") \
315 X(DROP_REASON_IP6_NS_DUPLICATE_ADDRESS, DROPTAP_BSD, DROPTAP_IP6, 29, "IPv6 NS duplicate address") \
316 X(DROP_REASON_IP6_NS_INVALID_TARGET, DROPTAP_BSD, DROPTAP_IP6, 30, "IPv6 NS invalid target") \
317 X(DROP_REASON_IP6_NA_INVALID_TARGET, DROPTAP_BSD, DROPTAP_IP6, 31, "IPv6 NA invalid target") \
318 X(DROP_REASON_IP6_NA_DST_MULTICAST, DROPTAP_BSD, DROPTAP_IP6, 32, "IPv6 NA destination is multicast") \
319 X(DROP_REASON_IP6_NA_UNKNOWN_SRC_ADDR, DROPTAP_BSD, DROPTAP_IP6, 33, "IPv6 NA destination is multicast") \
320 X(DROP_REASON_IP6_NA_BAD_LLADDR_LEN, DROPTAP_BSD, DROPTAP_IP6, 34, "IPv6 NA bad LL length") \
321 X(DROP_REASON_IP6_NA_NOT_CACHED_SCOPED, DROPTAP_BSD, DROPTAP_IP6, 35, "IPv6 NA not cached scoped ") \
322 X(DROP_REASON_IP6_NA_NOT_CACHED, DROPTAP_BSD, DROPTAP_IP6, 36, "IPv6 NA not cached") \
323 X(DROP_REASON_IP6_NA_MISSING_LLADDR_OPT, DROPTAP_BSD, DROPTAP_IP6, 37, "IPv6 NA missing lladdr opt") \
324 X(DROP_REASON_IP6_NA_MISSING_ROUTE, DROPTAP_BSD, DROPTAP_IP6, 38, "IPv6 NA missing route info") \
325 X(DROP_REASON_IP6_BAD_UDP_CHECKSUM, DROPTAP_BSD, DROPTAP_IP6, 39, "IPv6 invalid UDP checksum") \
326 X(DROP_REASON_IP6_ILLEGAL_PORT, DROPTAP_BSD, DROPTAP_IP6, 40, "IPv6 Illegal port") \
327 /* UDP */ \
328 X(DROP_REASON_UDP_SET_PORT_FAILURE, DROPTAP_BSD, DROPTAP_UDP, 1, "UDP failed to set ephemeral port ") \
329 X(DROP_REASON_UDP_DST_PORT_ZERO, DROPTAP_BSD, DROPTAP_UDP, 2, "UDP destination port zero") \
330 X(DROP_REASON_UDP_BAD_LENGTH, DROPTAP_BSD, DROPTAP_UDP, 3, "UDP bad length") \
331 X(DROP_REASON_UDP_BAD_CHECKSUM, DROPTAP_BSD, DROPTAP_UDP, 4, "UDP bad checksum") \
332 X(DROP_REASON_UDP_PORT_UNREACHEABLE, DROPTAP_BSD, DROPTAP_UDP, 5, "UDP port unreachable") \
333 X(DROP_REASON_UDP_SOCKET_CLOSING, DROPTAP_BSD, DROPTAP_UDP, 6, "UDP socket closing") \
334 X(DROP_REASON_UDP_NECP, DROPTAP_BSD, DROPTAP_UDP, 7, "UDP denied by NECP") \
335 X(DROP_REASON_UDP_CANNOT_SAVE_CONTROL, DROPTAP_BSD, DROPTAP_UDP, 8, "UDP cannot save control mbufs") \
336 X(DROP_REASON_UDP_IPSEC, DROPTAP_BSD, DROPTAP_UDP, 9, "UDP IPsec") \
337 X(DROP_REASON_UDP_PACKET_SHORTER_THAN_HEADER, DROPTAP_BSD, DROPTAP_UDP, 10, "UDP packet shorter than header") \
338 X(DROP_REASON_UDP_NAT_KEEPALIVE, DROPTAP_BSD, DROPTAP_UDP, 11, "UDP NAT keepalive") \
339 X(DROP_REASON_UDP_PCB_GARBAGE_COLLECTED, DROPTAP_BSD, DROPTAP_UDP, 12, "UDP PCB garbage collected") \
340
341 typedef enum drop_reason : uint32_t {
342 #define X(reason, component, domain, code, ...) \
343 reason = DROP_REASON(component, domain, code),
344 DROP_REASON_LIST
345 #undef X
346 } drop_reason_t;
347
348 __attribute__((always_inline))
349 static inline const char *
drop_reason_str(drop_reason_t value)350 drop_reason_str(drop_reason_t value)
351 {
352 switch (value) {
353 #define X(reason, ...) \
354 case (reason): return #reason;
355 DROP_REASON_LIST
356 #undef X
357 default:
358 return NULL;
359 }
360 ;
361 }
362
363 #ifdef BSD_KERNEL_PRIVATE
364
365 #define DROPTAP_FLAG_DIR_IN 0x0001
366 #define DROPTAP_FLAG_DIR_OUT 0x0002
367 #define DROPTAP_FLAG_L2_MISSING 0x0004
368
369 extern uint32_t droptap_total_tap_count;
370 extern uint32_t droptap_verbose;
371
372 extern void droptap_init(void);
373 #if SKYWALK
374 #include <skywalk/os_skywalk.h>
375 extern void droptap_input_packet(kern_packet_t, drop_reason_t, const char *,
376 uint16_t, uint16_t, struct ifnet *, pid_t, const char *,
377 pid_t, const char *, uint8_t, uint32_t);
378 extern void droptap_output_packet(kern_packet_t, drop_reason_t, const char *,
379 uint16_t, uint16_t, struct ifnet *, pid_t, const char *, pid_t, const char *,
380 uint8_t, uint32_t);
381 typedef void
382 (*drop_func_t)(kern_packet_t, drop_reason_t, const char *, uint16_t, uint16_t,
383 struct ifnet *, pid_t, const char *, pid_t, const char *,
384 uint8_t, uint32_t);
385 #endif /* SKYWALK */
386 extern void droptap_input_mbuf(struct mbuf *, drop_reason_t, const char *,
387 uint16_t, uint16_t, struct ifnet *, char *);
388 extern void droptap_output_mbuf(struct mbuf *, drop_reason_t, const char *,
389 uint16_t, uint16_t, struct ifnet *);
390
391
392 #endif /* BSD_KERNEL_PRIVATE */
393 #endif /* PRIVATE */
394 #endif /* _NET_DROPTAP_H */
395