version 1.9, 2022/08/10 00:03:50
|
version 1.19.2.1, 2022/08/27 14:29:12
|
Line 1
|
Line 1
|
/************************************************************************* | /*- |
* (C) 2022 CloudSigma AG - Sofia/Bulgaria | * SPDX-License-Identifier: BSD-2-Clause-FreeBSD |
* by Michael Pounov <misho@elwix.org> | * |
**************************************************************************/ | * Copyright (c) 2022 Michael Pounov <misho@elwix.org>, CloudSigma AG |
| * |
| * Redistribution and use in source and binary forms, with or without |
| * modification, are permitted provided that the following conditions |
| * are met: |
| * 1. Redistributions of source code must retain the above copyright |
| * notice, this list of conditions and the following disclaimer. |
| * 2. Redistributions in binary form must reproduce the above copyright |
| * notice, this list of conditions and the following disclaimer in the |
| * documentation and/or other materials provided with the distribution. |
| * |
| * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND |
| * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
| * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE |
| * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE |
| * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL |
| * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS |
| * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
| * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT |
| * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY |
| * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF |
| * SUCH DAMAGE. |
| */ |
#include "fwsync.h" |
#include "fwsync.h" |
|
|
|
|
static int |
|
fwsync_add_state_4(struct ipfw_flow_id *fid, u_int ruleid, u_short rulenum, |
|
u_short kidx, u_char cmdtype) |
|
{ |
|
struct ip_fw *rule = NULL; |
|
|
|
DTRACE(); |
|
|
|
return ipfw_dyn_install_sync_state(fid, rule, ruleid, rulenum, kidx, cmdtype); |
|
} |
|
|
|
static int |
|
fwsync_add_state_6(struct ipfw_flow_id *fid, u_int ruleid, u_short rulenum, |
|
u_short kidx, u_char cmdtype) |
|
{ |
|
DTRACE(); |
|
|
|
return 0; |
|
} |
|
|
|
int |
int |
fwsync_add_state(const struct fws_proto *pkt) |
fwsync_add_state(const struct fws_proto *pkt) |
{ |
{ |
Line 51 fwsync_add_state(const struct fws_proto *pkt)
|
Line 53 fwsync_add_state(const struct fws_proto *pkt)
|
int |
int |
fwsync_add_alias(const struct fws_proto *pkt) |
fwsync_add_alias(const struct fws_proto *pkt) |
{ |
{ |
|
struct fws_sndpkt *p; |
|
|
DTRACE(); |
DTRACE(); |
|
|
|
if (!pkt || pkt->fws_addrtype == 1 || pkt->fws_addrtype == 6) |
|
return 0; /* skip packet */ |
|
|
|
p = malloc(sizeof(struct fws_sndpkt), M_FWSYNC, M_NOWAIT | M_ZERO); |
|
if (!p) { |
|
return ENOMEM; |
|
} else |
|
memcpy(&p->sp_proto, pkt, sizeof(struct fws_proto)); |
|
|
|
mtx_lock(&fws_mtx_n); |
|
TAILQ_INSERT_TAIL(&fwsync_natpkt, p, sp_next); |
|
mtx_unlock(&fws_mtx_n); |
return 0; |
return 0; |
} |
} |
|
|
Line 101 fwsync_sndpkt_handler(void *context, int pending)
|
Line 117 fwsync_sndpkt_handler(void *context, int pending)
|
e = sosend(fws_ctx.sockz[CFG_SYNC_ADDR_COLLECTOR_2], |
e = sosend(fws_ctx.sockz[CFG_SYNC_ADDR_COLLECTOR_2], |
&fws_cfg.cfg_addr[CFG_SYNC_ADDR_COLLECTOR_2].addr, NULL, |
&fws_cfg.cfg_addr[CFG_SYNC_ADDR_COLLECTOR_2].addr, NULL, |
m2, NULL, 0, curthread); |
m2, NULL, 0, curthread); |
if (e && e != EAGAIN) | if (e && e != EAGAIN && e != EACCES) |
printf("error in collector %d handler #%d\n", CFG_SYNC_ADDR_COLLECTOR_2, e); |
printf("error in collector %d handler #%d\n", CFG_SYNC_ADDR_COLLECTOR_2, e); |
} |
} |
|
|
Line 115 fwsync_sndpkt_handler(void *context, int pending)
|
Line 131 fwsync_sndpkt_handler(void *context, int pending)
|
e = sosend(fws_ctx.sockz[CFG_SYNC_ADDR_COLLECTOR_1], |
e = sosend(fws_ctx.sockz[CFG_SYNC_ADDR_COLLECTOR_1], |
&fws_cfg.cfg_addr[CFG_SYNC_ADDR_COLLECTOR_1].addr, NULL, |
&fws_cfg.cfg_addr[CFG_SYNC_ADDR_COLLECTOR_1].addr, NULL, |
m2, NULL, 0, curthread); |
m2, NULL, 0, curthread); |
if (e && e != EAGAIN) | if (e && e != EAGAIN && e != EACCES) |
printf("error in collector %d handler #%d\n", CFG_SYNC_ADDR_COLLECTOR_1, e); |
printf("error in collector %d handler #%d\n", CFG_SYNC_ADDR_COLLECTOR_1, e); |
} |
} |
out: |
out: |
Line 176 fwsync_state_handler(const void *arg, const void *extd
|
Line 192 fwsync_state_handler(const void *arg, const void *extd
|
|
|
TAILQ_INSERT_TAIL(&fwsync_sndpkt, p, sp_next); |
TAILQ_INSERT_TAIL(&fwsync_sndpkt, p, sp_next); |
|
|
|
fws_acct.states[0]++; |
|
|
mtx_unlock(&fws_mtx_c); |
mtx_unlock(&fws_mtx_c); |
|
|
taskqueue_enqueue(fws_tq, &fws_sndpkt_task); |
taskqueue_enqueue(fws_tq, &fws_sndpkt_task); |
Line 217 fwsync_alias_handler(const void *arg, const void *extd
|
Line 235 fwsync_alias_handler(const void *arg, const void *extd
|
|
|
TAILQ_INSERT_TAIL(&fwsync_sndpkt, p, sp_next); |
TAILQ_INSERT_TAIL(&fwsync_sndpkt, p, sp_next); |
|
|
|
fws_acct.aliases[0]++; |
|
|
mtx_unlock(&fws_mtx_c); |
mtx_unlock(&fws_mtx_c); |
|
|
taskqueue_enqueue(fws_tq, &fws_sndpkt_task); |
taskqueue_enqueue(fws_tq, &fws_sndpkt_task); |
Line 228 fwsync_state_sync(const void *arg, const void *extdata
|
Line 248 fwsync_state_sync(const void *arg, const void *extdata
|
{ |
{ |
struct fws_sndpkt *pkt; |
struct fws_sndpkt *pkt; |
struct ipfw_flow_id fid; |
struct ipfw_flow_id fid; |
|
struct ip_fw *rule; |
|
int f_pos; |
|
struct ip_fw_chain *chain = &V_layer3_chain; |
|
|
DTRACE(); |
DTRACE(); |
|
|
mtx_lock(&fws_mtx_u); |
mtx_lock(&fws_mtx_u); |
pkt = TAILQ_FIRST(&fwsync_updpkt); |
pkt = TAILQ_FIRST(&fwsync_updpkt); |
if (pkt) | if (pkt) { |
TAILQ_REMOVE(&fwsync_updpkt, pkt, sp_next); |
TAILQ_REMOVE(&fwsync_updpkt, pkt, sp_next); |
|
fws_acct.states[1]++; |
|
} |
mtx_unlock(&fws_mtx_u); |
mtx_unlock(&fws_mtx_u); |
|
|
if (!pkt) /* update queue is empty */ |
if (!pkt) /* update queue is empty */ |
Line 266 fwsync_state_sync(const void *arg, const void *extdata
|
Line 291 fwsync_state_sync(const void *arg, const void *extdata
|
return EINVAL; |
return EINVAL; |
} |
} |
|
|
if (pkt->sp_proto.fws_addrtype == 4) | f_pos = ipfw_find_rule(chain, pkt->sp_proto.fws_ruleid, pkt->sp_proto.fws_rulenum); |
fwsync_add_state_4(&fid, pkt->sp_proto.fws_ruleid, pkt->sp_proto.fws_rulenum, | rule = chain->map[f_pos]; |
pkt->sp_proto.fws_kidx, pkt->sp_proto.fws_cmdtype); | ipfw_dyn_install_sync_state(&fid, rule, |
else if (pkt->sp_proto.fws_addrtype == 6) | pkt->sp_proto.fws_ruleid, pkt->sp_proto.fws_rulenum, |
fwsync_add_state_6(&fid, pkt->sp_proto.fws_ruleid, pkt->sp_proto.fws_rulenum, | pkt->sp_proto.fws_kidx, pkt->sp_proto.fws_cmdtype); |
pkt->sp_proto.fws_kidx, pkt->sp_proto.fws_cmdtype); | |
|
|
free(pkt, M_FWSYNC); |
free(pkt, M_FWSYNC); |
|
return 0; |
|
} |
|
|
|
int |
|
fwsync_alias_sync(const void *arg, const void *extdata) |
|
{ |
|
struct fws_sndpkt *pkt; |
|
const struct cfg_nat *t = arg; |
|
|
|
DTRACE(); |
|
|
|
mtx_lock(&fws_mtx_n); |
|
while ((pkt = TAILQ_FIRST(&fwsync_natpkt))) { |
|
TAILQ_REMOVE(&fwsync_natpkt, pkt, sp_next); |
|
fws_acct.aliases[1]++; |
|
|
|
if (!(fws_cfg.cfg.on & CFG_SYNC_EDGE)) { |
|
free(pkt, M_FWSYNC); |
|
continue; |
|
} |
|
|
|
if (t) { |
|
LIBALIAS_LOCK(t->lib); |
|
AddLink(t->lib, pkt->sp_proto.fws_saddr, |
|
pkt->sp_proto.fws_daddr, |
|
pkt->sp_proto.fws_aaddr, |
|
pkt->sp_proto.fws_sport, |
|
pkt->sp_proto.fws_dport, |
|
pkt->sp_proto.fws_aport, |
|
pkt->sp_proto.fws_linktype | LINK_SYNC_MASK); |
|
LIBALIAS_UNLOCK(t->lib); |
|
} |
|
|
|
free(pkt, M_FWSYNC); |
|
} |
|
mtx_unlock(&fws_mtx_n); |
|
|
return 0; |
return 0; |
} |
} |