|
version 1.8, 2022/08/04 00:24:39
|
version 1.19.2.1, 2022/08/27 14:29:12
|
|
Line 1
|
Line 1
|
| /************************************************************************* | /*- |
| * (C) 2022 CloudSigma AG - Sofia/Bulgaria | * SPDX-License-Identifier: BSD-2-Clause-FreeBSD |
| * by Michael Pounov <misho@elwix.org> | * |
| **************************************************************************/ | * Copyright (c) 2022 Michael Pounov <misho@elwix.org>, CloudSigma AG |
| | * |
| | * Redistribution and use in source and binary forms, with or without |
| | * modification, are permitted provided that the following conditions |
| | * are met: |
| | * 1. Redistributions of source code must retain the above copyright |
| | * notice, this list of conditions and the following disclaimer. |
| | * 2. Redistributions in binary form must reproduce the above copyright |
| | * notice, this list of conditions and the following disclaimer in the |
| | * documentation and/or other materials provided with the distribution. |
| | * |
| | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND |
| | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
| | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE |
| | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE |
| | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL |
| | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS |
| | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
| | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT |
| | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY |
| | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF |
| | * SUCH DAMAGE. |
| | */ |
| #include "fwsync.h" |
#include "fwsync.h" |
| |
|
| |
|
| static int | int |
| fwsync_add_state_4(struct ipfw_flow_id *fid, u_int ruleid, u_short rulenum) | fwsync_add_state(const struct fws_proto *pkt) |
| { |
{ |
| struct ip_fw *rule = NULL; | struct fws_sndpkt *p; |
| struct ip_fw_args args; | |
| struct ipfw_dyn_info info; | |
| ipfw_insn cmd; | |
| |
|
| DTRACE(); |
DTRACE(); |
| |
|
| memset(&cmd, 0, sizeof cmd); | if (!pkt || pkt->fws_addrtype == 1) |
| cmd.opcode = O_KEEP_STATE; | return 0; /* skip ethernet packet */ |
| memset(&info, 0, sizeof info); | |
| memset(&args, 0, sizeof args); | |
| memcpy(&args.f_id, fid, sizeof args.f_id); | |
| |
|
| rule = ipfw_dyn_lookup_state(&args, NULL, 0, &cmd, &info); | p = malloc(sizeof(struct fws_sndpkt), M_FWSYNC, M_NOWAIT | M_ZERO); |
| printf("rule=%p\n", rule); | if (!p) { |
| return 0; | return ENOMEM; |
| // return ipfw_dyn_install_sync_state(fid, rule, ruleid, rulenum); | } else |
| } | memcpy(&p->sp_proto, pkt, sizeof(struct fws_proto)); |
| |
|
| static int | mtx_lock(&fws_mtx_u); |
| fwsync_add_state_6(struct ipfw_flow_id *fid, u_int ruleid, u_short rulenum) | TAILQ_INSERT_TAIL(&fwsync_updpkt, p, sp_next); |
| { | mtx_unlock(&fws_mtx_u); |
| DTRACE(); | |
| |
| return 0; |
return 0; |
| } |
} |
| |
|
| |
|
| int |
int |
| fwsync_add_state(const struct fws_proto *pkt) | fwsync_add_alias(const struct fws_proto *pkt) |
| { |
{ |
| struct ipfw_flow_id fid; | struct fws_sndpkt *p; |
| |
|
| DTRACE(); |
DTRACE(); |
| |
|
| memset(&fid, 0, sizeof fid); | if (!pkt || pkt->fws_addrtype == 1 || pkt->fws_addrtype == 6) |
| fid.fib = pkt->fws_fib; | return 0; /* skip packet */ |
| fid.proto = pkt->fws_proto; | |
| fid.addr_type = pkt->fws_addrtype; | |
| fid.src_port = pkt->fws_sport; | |
| fid.dst_port = pkt->fws_dport; | |
| switch (pkt->fws_addrtype) { | |
| case 4: | |
| fid.src_ip = pkt->fws_saddr.s_addr; | |
| fid.dst_ip = pkt->fws_daddr.s_addr; | |
| break; | |
| case 6: | |
| memcpy(&fid.src_ip6, &pkt->fws_saddr6, sizeof fid.src_ip6); | |
| memcpy(&fid.dst_ip6, &pkt->fws_daddr6, sizeof fid.dst_ip6); | |
| fid.flow_id6 = pkt->fws_scopeid; | |
| break; | |
| default: | |
| return EINVAL; | |
| } | |
| |
|
| if (pkt->fws_addrtype == 4) | p = malloc(sizeof(struct fws_sndpkt), M_FWSYNC, M_NOWAIT | M_ZERO); |
| fwsync_add_state_4(&fid, pkt->fws_ruleid, pkt->fws_rulenum); | if (!p) { |
| else if (pkt->fws_addrtype == 6) | return ENOMEM; |
| fwsync_add_state_6(&fid, pkt->fws_ruleid, pkt->fws_rulenum); | } else |
| else | memcpy(&p->sp_proto, pkt, sizeof(struct fws_proto)); |
| return EINVAL; | |
| |
|
| |
mtx_lock(&fws_mtx_n); |
| |
TAILQ_INSERT_TAIL(&fwsync_natpkt, p, sp_next); |
| |
mtx_unlock(&fws_mtx_n); |
| return 0; |
return 0; |
| } |
} |
| |
|
| int |
|
| fwsync_add_alias(const struct fws_proto *pkt) |
|
| { |
|
| DTRACE(); |
|
| |
|
| return 0; |
|
| } |
|
| |
|
| |
|
| void |
void |
| fwsync_sndpkt_handler(void *context, int pending) |
fwsync_sndpkt_handler(void *context, int pending) |
| { |
{ |
|
Line 90 fwsync_sndpkt_handler(void *context, int pending)
|
Line 82 fwsync_sndpkt_handler(void *context, int pending)
|
| |
|
| DTRACE(); |
DTRACE(); |
| |
|
| printf("pending=%d\n", pending); |
|
| |
|
| do { |
do { |
| mtx_lock(&fws_mtx_c); |
mtx_lock(&fws_mtx_c); |
| pkt = TAILQ_FIRST(&fwsync_sndpkt); |
pkt = TAILQ_FIRST(&fwsync_sndpkt); |
|
Line 127 fwsync_sndpkt_handler(void *context, int pending)
|
Line 117 fwsync_sndpkt_handler(void *context, int pending)
|
| e = sosend(fws_ctx.sockz[CFG_SYNC_ADDR_COLLECTOR_2], |
e = sosend(fws_ctx.sockz[CFG_SYNC_ADDR_COLLECTOR_2], |
| &fws_cfg.cfg_addr[CFG_SYNC_ADDR_COLLECTOR_2].addr, NULL, |
&fws_cfg.cfg_addr[CFG_SYNC_ADDR_COLLECTOR_2].addr, NULL, |
| m2, NULL, 0, curthread); |
m2, NULL, 0, curthread); |
| if (e && e != EAGAIN) | if (e && e != EAGAIN && e != EACCES) |
| printf("error in collector %d handler #%d\n", CFG_SYNC_ADDR_COLLECTOR_2, e); |
printf("error in collector %d handler #%d\n", CFG_SYNC_ADDR_COLLECTOR_2, e); |
| } |
} |
| |
|
|
Line 141 fwsync_sndpkt_handler(void *context, int pending)
|
Line 131 fwsync_sndpkt_handler(void *context, int pending)
|
| e = sosend(fws_ctx.sockz[CFG_SYNC_ADDR_COLLECTOR_1], |
e = sosend(fws_ctx.sockz[CFG_SYNC_ADDR_COLLECTOR_1], |
| &fws_cfg.cfg_addr[CFG_SYNC_ADDR_COLLECTOR_1].addr, NULL, |
&fws_cfg.cfg_addr[CFG_SYNC_ADDR_COLLECTOR_1].addr, NULL, |
| m2, NULL, 0, curthread); |
m2, NULL, 0, curthread); |
| if (e && e != EAGAIN) | if (e && e != EAGAIN && e != EACCES) |
| printf("error in collector %d handler #%d\n", CFG_SYNC_ADDR_COLLECTOR_1, e); |
printf("error in collector %d handler #%d\n", CFG_SYNC_ADDR_COLLECTOR_1, e); |
| } |
} |
| out: |
out: |
|
Line 174 fwsync_state_handler(const void *arg, const void *extd
|
Line 164 fwsync_state_handler(const void *arg, const void *extd
|
| |
|
| spkt->fws_version = FWS_PKTVER_STATE; |
spkt->fws_version = FWS_PKTVER_STATE; |
| spkt->fws_fib = pkt->fib; |
spkt->fws_fib = pkt->fib; |
| |
spkt->fws_cmdtype = edata->cmdtype; |
| |
spkt->fws_kidx = edata->kidx; |
| spkt->fws_ruleid = edata->ruleid; |
spkt->fws_ruleid = edata->ruleid; |
| spkt->fws_rulenum = edata->rulenum; |
spkt->fws_rulenum = edata->rulenum; |
| spkt->fws_proto = pkt->proto; |
spkt->fws_proto = pkt->proto; |
|
Line 200 fwsync_state_handler(const void *arg, const void *extd
|
Line 192 fwsync_state_handler(const void *arg, const void *extd
|
| |
|
| TAILQ_INSERT_TAIL(&fwsync_sndpkt, p, sp_next); |
TAILQ_INSERT_TAIL(&fwsync_sndpkt, p, sp_next); |
| |
|
| |
fws_acct.states[0]++; |
| |
|
| mtx_unlock(&fws_mtx_c); |
mtx_unlock(&fws_mtx_c); |
| |
|
| taskqueue_enqueue(fws_tq, &fws_sndpkt_task); |
taskqueue_enqueue(fws_tq, &fws_sndpkt_task); |
|
Line 241 fwsync_alias_handler(const void *arg, const void *extd
|
Line 235 fwsync_alias_handler(const void *arg, const void *extd
|
| |
|
| TAILQ_INSERT_TAIL(&fwsync_sndpkt, p, sp_next); |
TAILQ_INSERT_TAIL(&fwsync_sndpkt, p, sp_next); |
| |
|
| |
fws_acct.aliases[0]++; |
| |
|
| mtx_unlock(&fws_mtx_c); |
mtx_unlock(&fws_mtx_c); |
| |
|
| taskqueue_enqueue(fws_tq, &fws_sndpkt_task); |
taskqueue_enqueue(fws_tq, &fws_sndpkt_task); |
| |
return 0; |
| |
} |
| |
|
| |
int |
| |
fwsync_state_sync(const void *arg, const void *extdata) |
| |
{ |
| |
struct fws_sndpkt *pkt; |
| |
struct ipfw_flow_id fid; |
| |
struct ip_fw *rule; |
| |
int f_pos; |
| |
struct ip_fw_chain *chain = &V_layer3_chain; |
| |
|
| |
DTRACE(); |
| |
|
| |
mtx_lock(&fws_mtx_u); |
| |
pkt = TAILQ_FIRST(&fwsync_updpkt); |
| |
if (pkt) { |
| |
TAILQ_REMOVE(&fwsync_updpkt, pkt, sp_next); |
| |
fws_acct.states[1]++; |
| |
} |
| |
mtx_unlock(&fws_mtx_u); |
| |
|
| |
if (!pkt) /* update queue is empty */ |
| |
return 0; |
| |
|
| |
if (!(fws_cfg.cfg.on & CFG_SYNC_EDGE)) { |
| |
free(pkt, M_FWSYNC); |
| |
return EAGAIN; |
| |
} |
| |
|
| |
memset(&fid, 0, sizeof fid); |
| |
fid.fib = pkt->sp_proto.fws_fib; |
| |
fid.proto = pkt->sp_proto.fws_proto; |
| |
fid.addr_type = pkt->sp_proto.fws_addrtype; |
| |
fid.src_port = pkt->sp_proto.fws_sport; |
| |
fid.dst_port = pkt->sp_proto.fws_dport; |
| |
switch (pkt->sp_proto.fws_addrtype) { |
| |
case 4: |
| |
fid.src_ip = pkt->sp_proto.fws_saddr.s_addr; |
| |
fid.dst_ip = pkt->sp_proto.fws_daddr.s_addr; |
| |
break; |
| |
case 6: |
| |
memcpy(&fid.src_ip6, &pkt->sp_proto.fws_saddr6, sizeof fid.src_ip6); |
| |
memcpy(&fid.dst_ip6, &pkt->sp_proto.fws_daddr6, sizeof fid.dst_ip6); |
| |
fid.flow_id6 = pkt->sp_proto.fws_scopeid; |
| |
break; |
| |
default: |
| |
free(pkt, M_FWSYNC); |
| |
return EINVAL; |
| |
} |
| |
|
| |
f_pos = ipfw_find_rule(chain, pkt->sp_proto.fws_ruleid, pkt->sp_proto.fws_rulenum); |
| |
rule = chain->map[f_pos]; |
| |
ipfw_dyn_install_sync_state(&fid, rule, |
| |
pkt->sp_proto.fws_ruleid, pkt->sp_proto.fws_rulenum, |
| |
pkt->sp_proto.fws_kidx, pkt->sp_proto.fws_cmdtype); |
| |
|
| |
free(pkt, M_FWSYNC); |
| |
return 0; |
| |
} |
| |
|
| |
int |
| |
fwsync_alias_sync(const void *arg, const void *extdata) |
| |
{ |
| |
struct fws_sndpkt *pkt; |
| |
const struct cfg_nat *t = arg; |
| |
|
| |
DTRACE(); |
| |
|
| |
mtx_lock(&fws_mtx_n); |
| |
while ((pkt = TAILQ_FIRST(&fwsync_natpkt))) { |
| |
TAILQ_REMOVE(&fwsync_natpkt, pkt, sp_next); |
| |
fws_acct.aliases[1]++; |
| |
|
| |
if (!(fws_cfg.cfg.on & CFG_SYNC_EDGE)) { |
| |
free(pkt, M_FWSYNC); |
| |
continue; |
| |
} |
| |
|
| |
if (t) { |
| |
LIBALIAS_LOCK(t->lib); |
| |
AddLink(t->lib, pkt->sp_proto.fws_saddr, |
| |
pkt->sp_proto.fws_daddr, |
| |
pkt->sp_proto.fws_aaddr, |
| |
pkt->sp_proto.fws_sport, |
| |
pkt->sp_proto.fws_dport, |
| |
pkt->sp_proto.fws_aport, |
| |
pkt->sp_proto.fws_linktype | LINK_SYNC_MASK); |
| |
LIBALIAS_UNLOCK(t->lib); |
| |
} |
| |
|
| |
free(pkt, M_FWSYNC); |
| |
} |
| |
mtx_unlock(&fws_mtx_n); |
| |
|
| return 0; |
return 0; |
| } |
} |
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to fwsync_workers.c CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / fwsync / driver