version 1.7, 2022/08/03 17:07:07
|
version 1.13, 2022/08/13 18:44:02
|
Line 5
|
Line 5
|
#include "fwsync.h" |
#include "fwsync.h" |
|
|
|
|
static int | int |
fwsync_add_state_4(struct ipfw_flow_id *fid, u_int ruleid, u_short rulenum) | fwsync_add_state(const struct fws_proto *pkt) |
{ |
{ |
struct ip_fw *rule = NULL; | struct fws_sndpkt *p; |
struct ip_fw_args args; | |
struct ipfw_dyn_info info; | |
ipfw_insn cmd; | |
|
|
DTRACE(); |
DTRACE(); |
|
|
memset(&cmd, 0, sizeof cmd); | if (!pkt || pkt->fws_addrtype == 1) |
cmd.opcode = O_KEEP_STATE; | return 0; /* skip ethernet packet */ |
memset(&info, 0, sizeof info); | |
memset(&args, 0, sizeof args); | |
memcpy(&args.f_id, fid, sizeof args.f_id); | |
|
|
rule = ipfw_dyn_lookup_state(&args, NULL, 0, &cmd, &info); | p = malloc(sizeof(struct fws_sndpkt), M_FWSYNC, M_NOWAIT | M_ZERO); |
return ipfw_dyn_install_sync_state(fid, rule, ruleid, rulenum); | if (!p) { |
} | return ENOMEM; |
| } else |
| memcpy(&p->sp_proto, pkt, sizeof(struct fws_proto)); |
|
|
static int | mtx_lock(&fws_mtx_u); |
fwsync_add_state_6(struct ipfw_flow_id *fid, u_int ruleid, u_short rulenum) | TAILQ_INSERT_TAIL(&fwsync_updpkt, p, sp_next); |
{ | mtx_unlock(&fws_mtx_u); |
DTRACE(); | |
| |
return 0; |
return 0; |
} |
} |
|
|
|
|
int |
int |
fwsync_add_state(const struct fws_proto *pkt) | fwsync_add_alias(const struct fws_proto *pkt) |
{ |
{ |
struct ipfw_flow_id fid; | struct fws_sndpkt *p; |
|
|
DTRACE(); |
DTRACE(); |
|
|
memset(&fid, 0, sizeof fid); | if (!pkt || pkt->fws_addrtype == 1) |
fid.fib = pkt->fws_fib; | return 0; /* skip ethernet packet */ |
fid.proto = pkt->fws_proto; | |
fid.addr_type = pkt->fws_addrtype; | |
fid.src_port = pkt->fws_sport; | |
fid.dst_port = pkt->fws_dport; | |
switch (pkt->fws_addrtype) { | |
case 4: | |
fid.src_ip = pkt->fws_saddr.s_addr; | |
fid.dst_ip = pkt->fws_daddr.s_addr; | |
break; | |
case 6: | |
memcpy(&fid.src_ip6, &pkt->fws_saddr6, sizeof fid.src_ip6); | |
memcpy(&fid.dst_ip6, &pkt->fws_daddr6, sizeof fid.dst_ip6); | |
fid.flow_id6 = pkt->fws_scopeid; | |
break; | |
default: | |
return EINVAL; | |
} | |
|
|
if (pkt->fws_addrtype == 4) | p = malloc(sizeof(struct fws_sndpkt), M_FWSYNC, M_NOWAIT | M_ZERO); |
fwsync_add_state_4(&fid, pkt->fws_ruleid, pkt->fws_rulenum); | if (!p) { |
else if (pkt->fws_addrtype == 6) | return ENOMEM; |
fwsync_add_state_6(&fid, pkt->fws_ruleid, pkt->fws_rulenum); | } else |
else | memcpy(&p->sp_proto, pkt, sizeof(struct fws_proto)); |
return EINVAL; | |
|
|
|
mtx_lock(&fws_mtx_n); |
|
TAILQ_INSERT_TAIL(&fwsync_natpkt, p, sp_next); |
|
mtx_unlock(&fws_mtx_n); |
return 0; |
return 0; |
} |
} |
|
|
int |
|
fwsync_add_alias(const struct fws_proto *pkt) |
|
{ |
|
DTRACE(); |
|
|
|
return 0; |
|
} |
|
|
|
|
|
void |
void |
fwsync_sndpkt_handler(void *context, int pending) |
fwsync_sndpkt_handler(void *context, int pending) |
{ |
{ |
Line 88 fwsync_sndpkt_handler(void *context, int pending)
|
Line 60 fwsync_sndpkt_handler(void *context, int pending)
|
|
|
DTRACE(); |
DTRACE(); |
|
|
printf("pending=%d\n", pending); |
|
|
|
do { |
do { |
mtx_lock(&fws_mtx_c); |
mtx_lock(&fws_mtx_c); |
pkt = TAILQ_FIRST(&fwsync_sndpkt); |
pkt = TAILQ_FIRST(&fwsync_sndpkt); |
Line 172 fwsync_state_handler(const void *arg, const void *extd
|
Line 142 fwsync_state_handler(const void *arg, const void *extd
|
|
|
spkt->fws_version = FWS_PKTVER_STATE; |
spkt->fws_version = FWS_PKTVER_STATE; |
spkt->fws_fib = pkt->fib; |
spkt->fws_fib = pkt->fib; |
|
spkt->fws_cmdtype = edata->cmdtype; |
|
spkt->fws_kidx = edata->kidx; |
spkt->fws_ruleid = edata->ruleid; |
spkt->fws_ruleid = edata->ruleid; |
spkt->fws_rulenum = edata->rulenum; |
spkt->fws_rulenum = edata->rulenum; |
spkt->fws_proto = pkt->proto; |
spkt->fws_proto = pkt->proto; |
Line 242 fwsync_alias_handler(const void *arg, const void *extd
|
Line 214 fwsync_alias_handler(const void *arg, const void *extd
|
mtx_unlock(&fws_mtx_c); |
mtx_unlock(&fws_mtx_c); |
|
|
taskqueue_enqueue(fws_tq, &fws_sndpkt_task); |
taskqueue_enqueue(fws_tq, &fws_sndpkt_task); |
|
return 0; |
|
} |
|
|
|
int |
|
fwsync_state_sync(const void *arg, const void *extdata) |
|
{ |
|
struct fws_sndpkt *pkt; |
|
struct ipfw_flow_id fid; |
|
struct ip_fw *rule; |
|
int f_pos; |
|
struct ip_fw_chain *chain = &V_layer3_chain; |
|
|
|
DTRACE(); |
|
|
|
mtx_lock(&fws_mtx_u); |
|
pkt = TAILQ_FIRST(&fwsync_updpkt); |
|
if (pkt) |
|
TAILQ_REMOVE(&fwsync_updpkt, pkt, sp_next); |
|
mtx_unlock(&fws_mtx_u); |
|
|
|
if (!pkt) /* update queue is empty */ |
|
return 0; |
|
|
|
if (!(fws_cfg.cfg.on & CFG_SYNC_EDGE)) { |
|
free(pkt, M_FWSYNC); |
|
return EAGAIN; |
|
} |
|
|
|
memset(&fid, 0, sizeof fid); |
|
fid.fib = pkt->sp_proto.fws_fib; |
|
fid.proto = pkt->sp_proto.fws_proto; |
|
fid.addr_type = pkt->sp_proto.fws_addrtype; |
|
fid.src_port = pkt->sp_proto.fws_sport; |
|
fid.dst_port = pkt->sp_proto.fws_dport; |
|
switch (pkt->sp_proto.fws_addrtype) { |
|
case 4: |
|
fid.src_ip = pkt->sp_proto.fws_saddr.s_addr; |
|
fid.dst_ip = pkt->sp_proto.fws_daddr.s_addr; |
|
break; |
|
case 6: |
|
memcpy(&fid.src_ip6, &pkt->sp_proto.fws_saddr6, sizeof fid.src_ip6); |
|
memcpy(&fid.dst_ip6, &pkt->sp_proto.fws_daddr6, sizeof fid.dst_ip6); |
|
fid.flow_id6 = pkt->sp_proto.fws_scopeid; |
|
break; |
|
default: |
|
free(pkt, M_FWSYNC); |
|
return EINVAL; |
|
} |
|
|
|
f_pos = ipfw_find_rule(chain, pkt->sp_proto.fws_ruleid, pkt->sp_proto.fws_rulenum); |
|
rule = chain->map[f_pos]; |
|
ipfw_dyn_install_sync_state(&fid, rule, |
|
pkt->sp_proto.fws_ruleid, pkt->sp_proto.fws_rulenum, |
|
pkt->sp_proto.fws_kidx, pkt->sp_proto.fws_cmdtype); |
|
|
|
free(pkt, M_FWSYNC); |
|
return 0; |
|
} |
|
|
|
int |
|
fwsync_alias_sync(const void *arg, const void *extdata) |
|
{ |
|
struct fws_sndpkt *pkt; |
|
|
|
DTRACE(); |
|
|
|
mtx_lock(&fws_mtx_n); |
|
pkt = TAILQ_FIRST(&fwsync_natpkt); |
|
if (pkt) |
|
TAILQ_REMOVE(&fwsync_natpkt, pkt, sp_next); |
|
mtx_unlock(&fws_mtx_n); |
|
|
|
if (!pkt) /* update queue is empty */ |
|
return 0; |
|
|
|
if (!(fws_cfg.cfg.on & CFG_SYNC_EDGE)) { |
|
free(pkt, M_FWSYNC); |
|
return EAGAIN; |
|
} |
|
|
|
// TODO: xxx |
|
printf("%s: pkt=%p\n", __func__, pkt); |
|
|
|
free(pkt, M_FWSYNC); |
return 0; |
return 0; |
} |
} |