--- fwsync/driver/fwsync_workers.c 2022/08/10 00:03:50 1.9 +++ fwsync/driver/fwsync_workers.c 2022/08/18 13:42:37 1.17 @@ -1,30 +1,32 @@ -/************************************************************************* -* (C) 2022 CloudSigma AG - Sofia/Bulgaria -* by Michael Pounov -**************************************************************************/ +/*- + * SPDX-License-Identifier: BSD-2-Clause-FreeBSD + * + * Copyright (c) 2022 Michael Pounov , CloudSigma AG + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ #include "fwsync.h" -static int -fwsync_add_state_4(struct ipfw_flow_id *fid, u_int ruleid, u_short rulenum, - u_short kidx, u_char cmdtype) -{ - struct ip_fw *rule = NULL; - - DTRACE(); - - return ipfw_dyn_install_sync_state(fid, rule, ruleid, rulenum, kidx, cmdtype); -} - -static int -fwsync_add_state_6(struct ipfw_flow_id *fid, u_int ruleid, u_short rulenum, - u_short kidx, u_char cmdtype) -{ - DTRACE(); - - return 0; -} - int fwsync_add_state(const struct fws_proto *pkt) { @@ -51,8 +53,22 @@ fwsync_add_state(const struct fws_proto *pkt) int fwsync_add_alias(const struct fws_proto *pkt) { + struct fws_sndpkt *p; + DTRACE(); + if (!pkt || pkt->fws_addrtype == 1) + return 0; /* skip ethernet packet */ + + p = malloc(sizeof(struct fws_sndpkt), M_FWSYNC, M_NOWAIT | M_ZERO); + if (!p) { + return ENOMEM; + } else + memcpy(&p->sp_proto, pkt, sizeof(struct fws_proto)); + + mtx_lock(&fws_mtx_n); + TAILQ_INSERT_TAIL(&fwsync_natpkt, p, sp_next); + mtx_unlock(&fws_mtx_n); return 0; } @@ -228,6 +244,9 @@ fwsync_state_sync(const void *arg, const void *extdata { struct fws_sndpkt *pkt; struct ipfw_flow_id fid; + struct ip_fw *rule; + int f_pos; + struct ip_fw_chain *chain = &V_layer3_chain; DTRACE(); @@ -266,12 +285,43 @@ fwsync_state_sync(const void *arg, const void *extdata return EINVAL; } - if (pkt->sp_proto.fws_addrtype == 4) - fwsync_add_state_4(&fid, pkt->sp_proto.fws_ruleid, pkt->sp_proto.fws_rulenum, - pkt->sp_proto.fws_kidx, pkt->sp_proto.fws_cmdtype); - else if (pkt->sp_proto.fws_addrtype == 6) - fwsync_add_state_6(&fid, pkt->sp_proto.fws_ruleid, pkt->sp_proto.fws_rulenum, - pkt->sp_proto.fws_kidx, pkt->sp_proto.fws_cmdtype); + f_pos = ipfw_find_rule(chain, pkt->sp_proto.fws_ruleid, pkt->sp_proto.fws_rulenum); + rule = chain->map[f_pos]; + ipfw_dyn_install_sync_state(&fid, rule, + pkt->sp_proto.fws_ruleid, pkt->sp_proto.fws_rulenum, + pkt->sp_proto.fws_kidx, pkt->sp_proto.fws_cmdtype); + + free(pkt, M_FWSYNC); + return 0; +} + +int +fwsync_alias_sync(const void *arg, const void *extdata) +{ + struct fws_sndpkt *pkt; + const struct cfg_nat *t = arg; + + DTRACE(); + + mtx_lock(&fws_mtx_n); + pkt = TAILQ_FIRST(&fwsync_natpkt); + if (pkt) + TAILQ_REMOVE(&fwsync_natpkt, pkt, sp_next); + mtx_unlock(&fws_mtx_n); + + if (!pkt) /* update queue is empty */ + return 0; + + if (!(fws_cfg.cfg.on & CFG_SYNC_EDGE)) { + free(pkt, M_FWSYNC); + return EAGAIN; + } + + LIBALIAS_LOCK(t->lib); + AddLink(t->lib, pkt->sp_proto.fws_saddr, pkt->sp_proto.fws_daddr, pkt->sp_proto.fws_aaddr, + pkt->sp_proto.fws_sport, pkt->sp_proto.fws_dport, pkt->sp_proto.fws_aport, + pkt->sp_proto.fws_linktype | LINK_SYNC_MASK); + LIBALIAS_UNLOCK(t->lib); free(pkt, M_FWSYNC); return 0;