--- fwsync/driver/fwsync_workers.c 2022/06/22 13:01:55 1.1.1.1 +++ fwsync/driver/fwsync_workers.c 2022/08/11 21:59:05 1.10 @@ -5,15 +5,72 @@ #include "fwsync.h" -static void -fwsync_sndpkt(void *context, int pending) +int +fwsync_add_state(const struct fws_proto *pkt) { - struct mbuf *m2, *m = (struct mbuf*) context; + struct fws_sndpkt *p; + + DTRACE(); + + if (!pkt || pkt->fws_addrtype == 1) + return 0; /* skip ethernet packet */ + + p = malloc(sizeof(struct fws_sndpkt), M_FWSYNC, M_NOWAIT | M_ZERO); + if (!p) { + return ENOMEM; + } else + memcpy(&p->sp_proto, pkt, sizeof(struct fws_proto)); + + mtx_lock(&fws_mtx_u); + TAILQ_INSERT_TAIL(&fwsync_updpkt, p, sp_next); + mtx_unlock(&fws_mtx_u); + return 0; +} + + +int +fwsync_add_alias(const struct fws_proto *pkt) +{ + DTRACE(); + + return 0; +} + + +void +fwsync_sndpkt_handler(void *context, int pending) +{ + struct fws_sndpkt *pkt; + struct mbuf *m2, *m; int e; DTRACE(); - if (fws_cfg.cfg.on & CFG_SYNC_COLLECTOR) { + do { + mtx_lock(&fws_mtx_c); + pkt = TAILQ_FIRST(&fwsync_sndpkt); + if (pkt) + TAILQ_REMOVE(&fwsync_sndpkt, pkt, sp_next); + mtx_unlock(&fws_mtx_c); + + if (!pkt) /* sending queue is empty */ + break; + + if (!(fws_cfg.cfg.on & CFG_SYNC_COLLECTOR)) { + free(pkt, M_FWSYNC); + continue; + } + + m = m_gethdr(M_NOWAIT, MT_DATA); + if (!m) { + free(pkt, M_FWSYNC); + continue; + } + + memcpy(mtod(m, struct fws_proto *), &pkt->sp_proto, sizeof pkt->sp_proto); + m->m_len = sizeof pkt->sp_proto; + m_fixhdr(m); + if ((fws_ctx.config & (CTX_COLLECTOR_2_ONLINE | CTX_COLLECTOR_2_READY)) == (CTX_COLLECTOR_2_ONLINE | CTX_COLLECTOR_2_READY)) { m2 = m_copypacket(m, M_NOWAIT); @@ -24,7 +81,7 @@ fwsync_sndpkt(void *context, int pending) e = sosend(fws_ctx.sockz[CFG_SYNC_ADDR_COLLECTOR_2], &fws_cfg.cfg_addr[CFG_SYNC_ADDR_COLLECTOR_2].addr, NULL, m2, NULL, 0, curthread); - if (e != EAGAIN) + if (e && e != EAGAIN) printf("error in collector %d handler #%d\n", CFG_SYNC_ADDR_COLLECTOR_2, e); } @@ -38,38 +95,43 @@ fwsync_sndpkt(void *context, int pending) e = sosend(fws_ctx.sockz[CFG_SYNC_ADDR_COLLECTOR_1], &fws_cfg.cfg_addr[CFG_SYNC_ADDR_COLLECTOR_1].addr, NULL, m2, NULL, 0, curthread); - if (e != EAGAIN) + if (e && e != EAGAIN) printf("error in collector %d handler #%d\n", CFG_SYNC_ADDR_COLLECTOR_1, e); } - } out: - m_freem(m); - + m_freem(m); + free(pkt, M_FWSYNC); + } while (--pending); } int -fwsync_state_handler(const void *arg) +fwsync_state_handler(const void *arg, const void *extdata) { const struct ipfw_flow_id *pkt = arg; + const struct ipfw_dyn_hook_extdata *edata = extdata; struct fws_proto *spkt; - struct mbuf *m; + struct fws_sndpkt *p; DTRACE(); - if (pkt->addr_type == 1) + if (!pkt || pkt->addr_type == 1) return 0; /* skip ethernet packet */ - m = m_gethdr(M_WAITOK, MT_DATA); - if (!m) - return ENOMEM; - else { - spkt = mtod(m, struct fws_proto *); - m->m_len = sizeof(struct fws_proto); - m_fixhdr(m); - } + mtx_lock(&fws_mtx_c); + p = malloc(sizeof(struct fws_sndpkt), M_FWSYNC, M_NOWAIT | M_ZERO); + if (!p) { + mtx_unlock(&fws_mtx_c); + return 0; + } else + spkt = &p->sp_proto; + spkt->fws_version = FWS_PKTVER_STATE; spkt->fws_fib = pkt->fib; + spkt->fws_cmdtype = edata->cmdtype; + spkt->fws_kidx = edata->kidx; + spkt->fws_ruleid = edata->ruleid; + spkt->fws_rulenum = edata->rulenum; spkt->fws_proto = pkt->proto; spkt->fws_addrtype = pkt->addr_type; spkt->fws_sport = pkt->src_port; @@ -87,19 +149,112 @@ fwsync_state_handler(const void *arg) spkt->fws_scopeid = pkt->flow_id6; break; default: - m_free(m); - return 0; + free(p, M_FWSYNC); + mtx_unlock(&fws_mtx_c); + return EINVAL; } - TASK_INIT(&fws_sndpkt_task, 0, fwsync_sndpkt, m); - taskqueue_enqueue(taskqueue_thread, &fws_sndpkt_task); + TAILQ_INSERT_TAIL(&fwsync_sndpkt, p, sp_next); + + mtx_unlock(&fws_mtx_c); + + taskqueue_enqueue(fws_tq, &fws_sndpkt_task); return 0; } int -fwsync_alias_handler(const void *arg) +fwsync_alias_handler(const void *arg, const void *extdata) { + const struct alias_link *lnk = arg; + struct fws_proto *spkt; + struct fws_sndpkt *p; + DTRACE(); + if (!lnk || lnk->link_type >= IPPROTO_MAX) + return 0; + + mtx_lock(&fws_mtx_c); + + p = malloc(sizeof(struct fws_sndpkt), M_FWSYNC, M_NOWAIT | M_ZERO); + if (!p) { + mtx_unlock(&fws_mtx_c); + return 0; + } else + spkt = &p->sp_proto; + + spkt->fws_version = FWS_PKTVER_ALIAS; + spkt->fws_proto = lnk->link_type; + spkt->fws_addrtype = 4; + spkt->fws_sport = lnk->src_port; + spkt->fws_dport = lnk->dst_port; + spkt->fws_aport = lnk->alias_port; + spkt->fws_pport = lnk->proxy_port; + spkt->fws_saddr.s_addr = lnk->src_addr.s_addr; + spkt->fws_daddr.s_addr = lnk->dst_addr.s_addr; + spkt->fws_aaddr.s_addr = lnk->alias_addr.s_addr; + spkt->fws_paddr.s_addr = lnk->proxy_addr.s_addr; + + TAILQ_INSERT_TAIL(&fwsync_sndpkt, p, sp_next); + + mtx_unlock(&fws_mtx_c); + + taskqueue_enqueue(fws_tq, &fws_sndpkt_task); + return 0; +} + +int +fwsync_state_sync(const void *arg, const void *extdata) +{ + struct fws_sndpkt *pkt; + struct ipfw_flow_id fid; + struct ip_fw *rule; + int f_pos; + struct ip_fw_chain *chain = &V_layer3_chain; + + DTRACE(); + + mtx_lock(&fws_mtx_u); + pkt = TAILQ_FIRST(&fwsync_updpkt); + if (pkt) + TAILQ_REMOVE(&fwsync_updpkt, pkt, sp_next); + mtx_unlock(&fws_mtx_u); + + if (!pkt) /* update queue is empty */ + return 0; + + if (!(fws_cfg.cfg.on & CFG_SYNC_EDGE)) { + free(pkt, M_FWSYNC); + return EAGAIN; + } + + memset(&fid, 0, sizeof fid); + fid.fib = pkt->sp_proto.fws_fib; + fid.proto = pkt->sp_proto.fws_proto; + fid.addr_type = pkt->sp_proto.fws_addrtype; + fid.src_port = pkt->sp_proto.fws_sport; + fid.dst_port = pkt->sp_proto.fws_dport; + switch (pkt->sp_proto.fws_addrtype) { + case 4: + fid.src_ip = pkt->sp_proto.fws_saddr.s_addr; + fid.dst_ip = pkt->sp_proto.fws_daddr.s_addr; + break; + case 6: + memcpy(&fid.src_ip6, &pkt->sp_proto.fws_saddr6, sizeof fid.src_ip6); + memcpy(&fid.dst_ip6, &pkt->sp_proto.fws_daddr6, sizeof fid.dst_ip6); + fid.flow_id6 = pkt->sp_proto.fws_scopeid; + break; + default: + free(pkt, M_FWSYNC); + return EINVAL; + } + + f_pos = ipfw_find_rule(chain, pkt->sp_proto.fws_ruleid, pkt->sp_proto.fws_rulenum); + rule = chain->map[f_pos]; + ipfw_dyn_install_sync_state(&fid, rule, + pkt->sp_proto.fws_ruleid, pkt->sp_proto.fws_rulenum, + pkt->sp_proto.fws_kidx, pkt->sp_proto.fws_cmdtype); + + free(pkt, M_FWSYNC); return 0; }