| // Copyright 2019 The Chromium OS Authors. All rights reserved. |
| // Use of this source code is governed by a BSD-style license that can be |
| // found in the LICENSE file. |
| |
| syntax = "proto3"; |
| option optimize_for = LITE_RUNTIME; |
| |
| // This file defines messages for notifying the networking daemon about guest |
| // lifetime (startup, teardown) events. |
| package patchpanel; |
| |
| // Notification that the ARC++ container is starting up. |
| // This is informational. The ARC boot and setup sequences do not require |
| // any information or permission from networking to continue. |
| message ArcStartupRequest { |
| // The PID of the ARC++ container. |
| // Required. |
| int32 pid = 1; |
| } |
| |
| // This is an intentionally empty mesage. ARC++ startup does not require |
| // any information from networking to proceed. |
| message ArcStartupResponse { |
| } |
| |
| // Notification that the ARC++ container is shutting down. |
| message ArcShutdownRequest { |
| // The PID of the ARC++ container; must match the PID that was sent at |
| // startup. |
| // Required. |
| int32 pid = 1; |
| } |
| |
| // This is an intentionally empty message. ARC++ startup does not require |
| // any information from networking to proceed. |
| message ArcShutdownResponse { |
| } |
| |
| // Notification that the ARC VM is starting up. |
| // Unlike in the container case, Concierge needs to know which TAP devices |
| // it can use. |
| message ArcVmStartupRequest { |
| // The content ID of the VM. |
| uint32 cid = 1; |
| } |
| |
| // Represents an IPv4 subnet given a base address and prefix length. |
| message IPv4Subnet { |
| // The base address in network order. |
| uint32 base_addr = 1; |
| |
| // The prefix length of the subnet. |
| uint32 prefix_len = 2; |
| } |
| |
| // Represents a network device (physical or virtual) managed by the networking |
| // daemon. |
| message NetworkDevice { |
| // The name of the host device interface. |
| string ifname = 1; |
| |
| // The assigned IPv4 address in network order. |
| uint32 ipv4_addr = 2; |
| |
| // The subnet allocated for this device |
| IPv4Subnet ipv4_subnet = 3; |
| } |
| |
| // Information required by Concierge to continue the ARC VM startup process. |
| message ArcVmStartupResponse { |
| // The list of TAP devices to be used in the VM. |
| repeated NetworkDevice devices = 1; |
| } |
| |
| // Notification that the ARC VM is shutting down. |
| // This message should also be sent if the startup process fails so any |
| // allocated resources are properly freed. |
| message ArcVmShutdownRequest { |
| // The CID of the ARC VM; must match the CID that was sent at |
| // startup. |
| // Required. |
| uint32 cid = 1; |
| } |
| |
| // Intentionally empty response. |
| message ArcVmShutdownResponse { |
| } |
| |
| // Notification that a Termina VM is starting up. |
| message TerminaVmStartupRequest { |
| // The content ID of the VM. |
| uint32 cid = 1; |
| } |
| |
| // Information required by Concierge to continue the Termina VM startup. |
| message TerminaVmStartupResponse { |
| // The TAP device to be used for the VM. |
| NetworkDevice device = 1; |
| |
| // The container subnet to be used for the lxd bridge. |
| IPv4Subnet container_subnet = 2; |
| }; |
| |
| // Notification that the Termina VM is shutting down. |
| // This message must also be sent if the startup process fails so any |
| // allocated resources, including the subnets, are properly freed. |
| message TerminaVmShutdownRequest { |
| // The CID of the Termina VM; must match the PID that was sent at |
| // startup. |
| // Required. |
| uint32 cid = 1; |
| } |
| |
| // Intentionally empty response. |
| message TerminaVmShutdownResponse { |
| } |
| |
| // Notification that a Plugin VM is starting up. |
| message PluginVmStartupRequest { |
| // The unique ID of the VM. |
| uint64 id = 1; |
| |
| // The 1-based index of the desired subnet to allocate for use. |
| // Optional. |
| int32 subnet_index = 2; |
| } |
| |
| // Information required by Concierge to continue the Plugin VM startup. |
| message PluginVmStartupResponse { |
| // The TAP device to be used for the VM. |
| NetworkDevice device = 1; |
| }; |
| |
| // Notification that the Plugin VM is shutting down. |
| // This message must also be sent if the startup process fails so any |
| // allocated resources, including the subnets, are properly freed. |
| message PluginVmShutdownRequest { |
| // The unique ID of the Plugin VM; must match what was sent at startup. |
| // Required. |
| uint64 id = 1; |
| } |
| |
| // Intentionally empty response. |
| message PluginVmShutdownResponse { |
| } |
| |
| // Request to set the VPN routing policy for a socket. The socket file |
| // descriptor must be immediately appended to the DBUS message after the |
| // serialized SetVpnIntentRequest message. The request must be sent before |
| // the socket is connected. |
| message SetVpnIntentRequest { |
| // Possible policies for VPN routing available to system processes. |
| // The enum values defined here are not meaningful with respect to the actual |
| // bits used inside the socket fwmark for encoding the VPN routing intent. |
| enum VpnRoutingPolicy { |
| // Let the routing layer apply the default policy for that process uid. |
| // This is the default policy for newly created sockets. It is in general |
| // incorrect to use this policy for the purpose of clearing any other VPN |
| // policy after the socket became connected. Instead a new socket should |
| // be made. |
| DEFAULT_ROUTING = 0; |
| // The socket traffic is always routed through the VPN if there is one. |
| ROUTE_ON_VPN = 1; |
| // The socket traffic is always routed through the physical network. |
| BYPASS_VPN = 2; |
| } |
| |
| VpnRoutingPolicy policy = 1; |
| } |
| |
| // Response to a SetVpnIntentRequest. |
| message SetVpnIntentResponse { |
| bool success = 1; |
| } |
| |
| // Request for connecting and routing a network namespace. The client must |
| // append a valid file descriptor immediately after the serialized |
| // ConnectNamespaceRequest proto. This file descriptor must remain valid for as |
| // long as the client namespace needs to remain connected. Invalidating the file |
| // descriptor explicitly by closing it or implicitly when the client exits will |
| // trigger the teardown of the routing setup, the veth setup, and the release |
| // of the IPv4 subnet assigned to the namespace. |
| message ConnectNamespaceRequest { |
| // The pid of the client network namespace. |
| int32 pid = 1; |
| |
| // If the client sets this field to the name of a physical network device |
| // managed by shill, the namespace egress traffic routed outside the device |
| // will be routed using the routing table specific to that physical device. |
| // If left empty, the namespace will be routed through the system highest |
| // priority interface (physical or virtual). |
| string outbound_physical_device = 2; |
| |
| // If true, traffic originated from managed OSs (Crostini, ARC, PluginVMs) and |
| // from Chrome can be routed to this namespace, and traffic originated from |
| // this namespace can be routed to these other privilege domains. |
| bool allow_user_traffic = 3; |
| } |
| |
| // Response to a ConnectNamespaceRequest. If the operation failed then all |
| // fields are left set to their default value (empty string or 0). |
| message ConnectNamespaceResponse { |
| // The subnet allocated to the client namespace. |
| IPv4Subnet ipv4_subnet = 1; |
| |
| // Name of the veth interface created in the client namespace. |
| string peer_ifname = 2; |
| |
| // The IPv4 address in network order assigned to the interface inside the |
| // client namespace. |
| uint32 peer_ipv4_address = 3; |
| |
| // Name of the veth interface created in the host namespace. |
| string host_ifname = 4; |
| |
| // The IPv4 address in network order assigned to the interface in the host |
| // namespace. |
| uint32 host_ipv4_address = 5; |
| } |
| |
| // Represents the traffic usage ({tx, rx} x {packets, bytes}) between a source |
| // and a shill device (interface), since the system (CrOS) is booted up. A |
| // counter will keep growing until the system (CrOS) shuts down. |
| // Used in TrafficCountersResponse. |
| message TrafficCounter { |
| // Possible traffic sources. |
| enum Source { |
| UNKNOWN = 0; |
| // Traffic associated with user chronos. |
| CHROME = 1; |
| // Traffic associated with user debugd, cups, and tlsdate, i.e., other user |
| // traffic except for that for user chronos. |
| USER = 2; |
| ARC = 3; |
| CROSVM = 4; |
| PLUGINVM = 5; |
| UPDATE_ENGINE = 6; |
| // As a source, VPN means traffic initiated by the VPN app/program and going |
| // to the underlying physical network (or from physical network to the VPN |
| // app/program). |
| VPN = 7; |
| // All other traffic. |
| SYSTEM = 8; |
| } |
| |
| // Counter values need to be 64bits as 32bits is not enough to account for |
| // more than ~4GB of traffic. |
| uint64 rx_bytes = 1; |
| uint64 tx_bytes = 2; |
| uint64 rx_packets = 3; |
| uint64 tx_packets = 4; |
| |
| Source source = 5; |
| // The shill device (interface) name (e.g., eth0) where the traffic leaves |
| // from or comes in. |
| string device = 6; |
| } |
| |
| // Requests the traffic counters kept by patchpanel. |devices| is the set of |
| // interfaces for which counters should be returned, any unknown interfaces will |
| // be ignored. If |devices| is empty, counters for all known interfaces will be |
| // returned. Note that if an interface once appeared but does not exist now, |
| // counters for it will also be returned. |
| message TrafficCountersRequest { |
| repeated string devices = 1; |
| } |
| |
| // Response to a TrafficCountersRequest. |
| message TrafficCountersResponse { |
| repeated TrafficCounter counters = 1; |
| } |
| |
| // Request for opening and closing firewall port. If the request is valid, |
| // PatchPanel will run iptables commands following the request. |
| message ModifyPortRuleRequest { |
| enum Operation { |
| INVALID_OPERATION = 0; |
| CREATE = 1; |
| DELETE = 2; |
| } |
| |
| enum RuleType { |
| INVALID_RULE_TYPE = 0; |
| ACCESS = 1; // Equivalent of iptables 'ACCEPT' |
| LOCKDOWN = 2; // Equivalent of iptables 'DROP' |
| FORWARDING = 3; // Equivalent of iptables 'DNAT' |
| } |
| |
| enum Protocol { |
| INVALID_PROTOCOL = 0; |
| TCP = 1; |
| UDP = 2; |
| } |
| |
| // Arguments specifying the type of operation, rule and protocol. |
| Operation op = 1; |
| RuleType type = 2; |
| Protocol proto = 3; |
| |
| // A network interface name, or empty if unspecified. This is optional for |
| // ACCESS and FORWARDING, and is ignored for other rule types. |
| string input_ifname = 4; |
| |
| // An IPv4 address, or empty if unspecified. This is optional for FORWARDING, |
| // and is ignored for other rule types. |
| string input_dst_ip = 5; |
| |
| // A port value in-between 1 and 65535. This is required for all rule types. |
| uint32 input_dst_port = 6; |
| |
| // An IPv4 address, or empty if unspecified. This is required for FORWARDING, |
| // and is ignored for other rule types. |
| string dst_ip = 7; |
| |
| // A port value between 1 and 65535. This is required for FORWARDING, and is |
| // ignored for other rule types. |
| uint32 dst_port = 8; |
| } |
| |
| // Response to a ModifyPortRuleRequest. |
| message ModifyPortRuleResponse { |
| bool success = 1; |
| } |
