--- fwsync/driver/fwsync_workers.c 2022/08/04 00:24:39 1.8 +++ fwsync/driver/fwsync_workers.c 2022/08/13 18:22:55 1.12 @@ -5,82 +5,52 @@ #include "fwsync.h" -static int -fwsync_add_state_4(struct ipfw_flow_id *fid, u_int ruleid, u_short rulenum) +int +fwsync_add_state(const struct fws_proto *pkt) { - struct ip_fw *rule = NULL; - struct ip_fw_args args; - struct ipfw_dyn_info info; - ipfw_insn cmd; + struct fws_sndpkt *p; DTRACE(); - memset(&cmd, 0, sizeof cmd); - cmd.opcode = O_KEEP_STATE; - memset(&info, 0, sizeof info); - memset(&args, 0, sizeof args); - memcpy(&args.f_id, fid, sizeof args.f_id); + if (!pkt || pkt->fws_addrtype == 1) + return 0; /* skip ethernet packet */ - rule = ipfw_dyn_lookup_state(&args, NULL, 0, &cmd, &info); - printf("rule=%p\n", rule); - return 0; -// return ipfw_dyn_install_sync_state(fid, rule, ruleid, rulenum); -} + p = malloc(sizeof(struct fws_sndpkt), M_FWSYNC, M_NOWAIT | M_ZERO); + if (!p) { + return ENOMEM; + } else + memcpy(&p->sp_proto, pkt, sizeof(struct fws_proto)); -static int -fwsync_add_state_6(struct ipfw_flow_id *fid, u_int ruleid, u_short rulenum) -{ - DTRACE(); - + mtx_lock(&fws_mtx_u); + TAILQ_INSERT_TAIL(&fwsync_updpkt, p, sp_next); + mtx_unlock(&fws_mtx_u); return 0; } + int -fwsync_add_state(const struct fws_proto *pkt) +fwsync_add_alias(const struct fws_proto *pkt) { - struct ipfw_flow_id fid; + struct fws_sndpkt *p; DTRACE(); - memset(&fid, 0, sizeof fid); - fid.fib = pkt->fws_fib; - fid.proto = pkt->fws_proto; - fid.addr_type = pkt->fws_addrtype; - fid.src_port = pkt->fws_sport; - fid.dst_port = pkt->fws_dport; - switch (pkt->fws_addrtype) { - case 4: - fid.src_ip = pkt->fws_saddr.s_addr; - fid.dst_ip = pkt->fws_daddr.s_addr; - break; - case 6: - memcpy(&fid.src_ip6, &pkt->fws_saddr6, sizeof fid.src_ip6); - memcpy(&fid.dst_ip6, &pkt->fws_daddr6, sizeof fid.dst_ip6); - fid.flow_id6 = pkt->fws_scopeid; - break; - default: - return EINVAL; - } + if (!pkt || pkt->fws_addrtype == 1) + return 0; /* skip ethernet packet */ - if (pkt->fws_addrtype == 4) - fwsync_add_state_4(&fid, pkt->fws_ruleid, pkt->fws_rulenum); - else if (pkt->fws_addrtype == 6) - fwsync_add_state_6(&fid, pkt->fws_ruleid, pkt->fws_rulenum); - else - return EINVAL; + p = malloc(sizeof(struct fws_sndpkt), M_FWSYNC, M_NOWAIT | M_ZERO); + if (!p) { + return ENOMEM; + } else + memcpy(&p->sp_proto, pkt, sizeof(struct fws_proto)); + mtx_lock(&fws_mtx_n); + TAILQ_INSERT_TAIL(&fwsync_natpkt, p, sp_next); + mtx_unlock(&fws_mtx_n); return 0; } -int -fwsync_add_alias(const struct fws_proto *pkt) -{ - DTRACE(); - return 0; -} - - void fwsync_sndpkt_handler(void *context, int pending) { @@ -90,8 +60,6 @@ fwsync_sndpkt_handler(void *context, int pending) DTRACE(); - printf("pending=%d\n", pending); - do { mtx_lock(&fws_mtx_c); pkt = TAILQ_FIRST(&fwsync_sndpkt); @@ -174,6 +142,8 @@ fwsync_state_handler(const void *arg, const void *extd spkt->fws_version = FWS_PKTVER_STATE; spkt->fws_fib = pkt->fib; + spkt->fws_cmdtype = edata->cmdtype; + spkt->fws_kidx = edata->kidx; spkt->fws_ruleid = edata->ruleid; spkt->fws_rulenum = edata->rulenum; spkt->fws_proto = pkt->proto; @@ -244,5 +214,88 @@ fwsync_alias_handler(const void *arg, const void *extd mtx_unlock(&fws_mtx_c); taskqueue_enqueue(fws_tq, &fws_sndpkt_task); + return 0; +} + +int +fwsync_state_sync(const void *arg, const void *extdata) +{ + struct fws_sndpkt *pkt; + struct ipfw_flow_id fid; + struct ip_fw *rule; + int f_pos; + struct ip_fw_chain *chain = &V_layer3_chain; + + DTRACE(); + + mtx_lock(&fws_mtx_u); + pkt = TAILQ_FIRST(&fwsync_updpkt); + if (pkt) + TAILQ_REMOVE(&fwsync_updpkt, pkt, sp_next); + mtx_unlock(&fws_mtx_u); + + if (!pkt) /* update queue is empty */ + return 0; + + if (!(fws_cfg.cfg.on & CFG_SYNC_EDGE)) { + free(pkt, M_FWSYNC); + return EAGAIN; + } + + memset(&fid, 0, sizeof fid); + fid.fib = pkt->sp_proto.fws_fib; + fid.proto = pkt->sp_proto.fws_proto; + fid.addr_type = pkt->sp_proto.fws_addrtype; + fid.src_port = pkt->sp_proto.fws_sport; + fid.dst_port = pkt->sp_proto.fws_dport; + switch (pkt->sp_proto.fws_addrtype) { + case 4: + fid.src_ip = pkt->sp_proto.fws_saddr.s_addr; + fid.dst_ip = pkt->sp_proto.fws_daddr.s_addr; + break; + case 6: + memcpy(&fid.src_ip6, &pkt->sp_proto.fws_saddr6, sizeof fid.src_ip6); + memcpy(&fid.dst_ip6, &pkt->sp_proto.fws_daddr6, sizeof fid.dst_ip6); + fid.flow_id6 = pkt->sp_proto.fws_scopeid; + break; + default: + free(pkt, M_FWSYNC); + return EINVAL; + } + + f_pos = ipfw_find_rule(chain, pkt->sp_proto.fws_ruleid, pkt->sp_proto.fws_rulenum); + rule = chain->map[f_pos]; + ipfw_dyn_install_sync_state(&fid, rule, + pkt->sp_proto.fws_ruleid, pkt->sp_proto.fws_rulenum, + pkt->sp_proto.fws_kidx, pkt->sp_proto.fws_cmdtype); + + free(pkt, M_FWSYNC); + return 0; +} + +int +fwsync_alias_sync(const void *arg, const void *extdata) +{ + struct fws_sndpkt *pkt; + + DTRACE(); + + mtx_lock(&fws_mtx_n); + pkt = TAILQ_FIRST(&fwsync_natpkt); + if (pkt) + TAILQ_REMOVE(&fwsync_natpkt, pkt, sp_next); + mtx_unlock(&fws_mtx_n); + + if (!pkt) /* update queue is empty */ + return 0; + + if (!(fws_cfg.cfg.on & CFG_SYNC_EDGE)) { + free(pkt, M_FWSYNC); + return EAGAIN; + } + + // TODO: xxx + + free(pkt, M_FWSYNC); return 0; }