Annotation of fwsync/driver/fwsync_workers.c, revision 1.19
1.16 misho 1: /*-
2: * SPDX-License-Identifier: BSD-2-Clause-FreeBSD
3: *
4: * Copyright (c) 2022 Michael Pounov <misho@elwix.org>, CloudSigma AG
5: *
6: * Redistribution and use in source and binary forms, with or without
7: * modification, are permitted provided that the following conditions
8: * are met:
9: * 1. Redistributions of source code must retain the above copyright
10: * notice, this list of conditions and the following disclaimer.
11: * 2. Redistributions in binary form must reproduce the above copyright
12: * notice, this list of conditions and the following disclaimer in the
13: * documentation and/or other materials provided with the distribution.
14: *
15: * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
16: * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
17: * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
18: * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
19: * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
20: * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
21: * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
22: * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
23: * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
24: * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
25: * SUCH DAMAGE.
26: */
1.1 misho 27: #include "fwsync.h"
28:
29:
1.6 misho 30: int
31: fwsync_add_state(const struct fws_proto *pkt)
32: {
1.9 misho 33: struct fws_sndpkt *p;
1.7 misho 34:
1.6 misho 35: DTRACE();
36:
1.9 misho 37: if (!pkt || pkt->fws_addrtype == 1)
38: return 0; /* skip ethernet packet */
1.7 misho 39:
1.9 misho 40: p = malloc(sizeof(struct fws_sndpkt), M_FWSYNC, M_NOWAIT | M_ZERO);
41: if (!p) {
42: return ENOMEM;
43: } else
44: memcpy(&p->sp_proto, pkt, sizeof(struct fws_proto));
1.6 misho 45:
1.9 misho 46: mtx_lock(&fws_mtx_u);
47: TAILQ_INSERT_TAIL(&fwsync_updpkt, p, sp_next);
48: mtx_unlock(&fws_mtx_u);
1.6 misho 49: return 0;
50: }
51:
1.9 misho 52:
1.6 misho 53: int
54: fwsync_add_alias(const struct fws_proto *pkt)
55: {
1.11 misho 56: struct fws_sndpkt *p;
57:
1.6 misho 58: DTRACE();
59:
1.18 misho 60: if (!pkt || pkt->fws_addrtype == 1 || pkt->fws_addrtype == 6)
61: return 0; /* skip packet */
1.11 misho 62:
63: p = malloc(sizeof(struct fws_sndpkt), M_FWSYNC, M_NOWAIT | M_ZERO);
64: if (!p) {
65: return ENOMEM;
66: } else
67: memcpy(&p->sp_proto, pkt, sizeof(struct fws_proto));
68:
69: mtx_lock(&fws_mtx_n);
70: TAILQ_INSERT_TAIL(&fwsync_natpkt, p, sp_next);
71: mtx_unlock(&fws_mtx_n);
1.6 misho 72: return 0;
73: }
74:
75:
1.2 misho 76: void
1.3 misho 77: fwsync_sndpkt_handler(void *context, int pending)
1.1 misho 78: {
1.2 misho 79: struct fws_sndpkt *pkt;
80: struct mbuf *m2, *m;
1.1 misho 81: int e;
82:
83: DTRACE();
84:
1.2 misho 85: do {
86: mtx_lock(&fws_mtx_c);
87: pkt = TAILQ_FIRST(&fwsync_sndpkt);
1.4 misho 88: if (pkt)
89: TAILQ_REMOVE(&fwsync_sndpkt, pkt, sp_next);
1.2 misho 90: mtx_unlock(&fws_mtx_c);
91:
1.4 misho 92: if (!pkt) /* sending queue is empty */
93: break;
94:
95: if (!(fws_cfg.cfg.on & CFG_SYNC_COLLECTOR)) {
96: free(pkt, M_FWSYNC);
1.2 misho 97: continue;
1.4 misho 98: }
1.2 misho 99:
100: m = m_gethdr(M_NOWAIT, MT_DATA);
1.4 misho 101: if (!m) {
102: free(pkt, M_FWSYNC);
1.2 misho 103: continue;
1.4 misho 104: }
1.2 misho 105:
106: memcpy(mtod(m, struct fws_proto *), &pkt->sp_proto, sizeof pkt->sp_proto);
107: m->m_len = sizeof pkt->sp_proto;
108: m_fixhdr(m);
109:
1.1 misho 110: if ((fws_ctx.config & (CTX_COLLECTOR_2_ONLINE | CTX_COLLECTOR_2_READY)) ==
111: (CTX_COLLECTOR_2_ONLINE | CTX_COLLECTOR_2_READY)) {
112: m2 = m_copypacket(m, M_NOWAIT);
113: if (!m2) {
114: printf("error in copypacket for second collector\n");
115: goto out;
116: }
117: e = sosend(fws_ctx.sockz[CFG_SYNC_ADDR_COLLECTOR_2],
118: &fws_cfg.cfg_addr[CFG_SYNC_ADDR_COLLECTOR_2].addr, NULL,
119: m2, NULL, 0, curthread);
1.2 misho 120: if (e && e != EAGAIN)
1.1 misho 121: printf("error in collector %d handler #%d\n", CFG_SYNC_ADDR_COLLECTOR_2, e);
122: }
123:
124: if ((fws_ctx.config & (CTX_COLLECTOR_1_ONLINE | CTX_COLLECTOR_1_READY)) ==
125: (CTX_COLLECTOR_1_ONLINE | CTX_COLLECTOR_1_READY)) {
126: m2 = m_copypacket(m, M_NOWAIT);
127: if (!m2) {
128: printf("error in copypacket for first collector\n");
129: goto out;
130: }
131: e = sosend(fws_ctx.sockz[CFG_SYNC_ADDR_COLLECTOR_1],
132: &fws_cfg.cfg_addr[CFG_SYNC_ADDR_COLLECTOR_1].addr, NULL,
133: m2, NULL, 0, curthread);
1.2 misho 134: if (e && e != EAGAIN)
1.1 misho 135: printf("error in collector %d handler #%d\n", CFG_SYNC_ADDR_COLLECTOR_1, e);
136: }
137: out:
1.2 misho 138: m_freem(m);
1.4 misho 139: free(pkt, M_FWSYNC);
1.2 misho 140: } while (--pending);
1.1 misho 141: }
142:
143: int
1.7 misho 144: fwsync_state_handler(const void *arg, const void *extdata)
1.1 misho 145: {
1.4 misho 146: const struct ipfw_flow_id *pkt = arg;
1.7 misho 147: const struct ipfw_dyn_hook_extdata *edata = extdata;
1.1 misho 148: struct fws_proto *spkt;
1.2 misho 149: struct fws_sndpkt *p;
1.1 misho 150:
151: DTRACE();
152:
1.4 misho 153: if (!pkt || pkt->addr_type == 1)
1.1 misho 154: return 0; /* skip ethernet packet */
155:
1.2 misho 156: mtx_lock(&fws_mtx_c);
157:
1.5 misho 158: p = malloc(sizeof(struct fws_sndpkt), M_FWSYNC, M_NOWAIT | M_ZERO);
1.2 misho 159: if (!p) {
160: mtx_unlock(&fws_mtx_c);
161: return 0;
162: } else
163: spkt = &p->sp_proto;
1.1 misho 164:
165: spkt->fws_version = FWS_PKTVER_STATE;
166: spkt->fws_fib = pkt->fib;
1.9 misho 167: spkt->fws_cmdtype = edata->cmdtype;
168: spkt->fws_kidx = edata->kidx;
1.7 misho 169: spkt->fws_ruleid = edata->ruleid;
170: spkt->fws_rulenum = edata->rulenum;
1.1 misho 171: spkt->fws_proto = pkt->proto;
172: spkt->fws_addrtype = pkt->addr_type;
173: spkt->fws_sport = pkt->src_port;
174: spkt->fws_dport = pkt->dst_port;
175:
176: switch (pkt->addr_type) {
177: case 4:
178: spkt->fws_saddr.s_addr = pkt->src_ip;
179: spkt->fws_daddr.s_addr = pkt->dst_ip;
180: spkt->fws_scopeid = 0;
181: break;
182: case 6:
183: memcpy(&spkt->fws_saddr6, &pkt->src_ip6, sizeof spkt->fws_saddr6);
184: memcpy(&spkt->fws_daddr6, &pkt->dst_ip6, sizeof spkt->fws_daddr6);
185: spkt->fws_scopeid = pkt->flow_id6;
186: break;
187: default:
1.2 misho 188: free(p, M_FWSYNC);
189: mtx_unlock(&fws_mtx_c);
190: return EINVAL;
1.1 misho 191: }
192:
1.2 misho 193: TAILQ_INSERT_TAIL(&fwsync_sndpkt, p, sp_next);
194:
1.19 ! misho 195: fws_acct.states[0]++;
! 196:
1.2 misho 197: mtx_unlock(&fws_mtx_c);
198:
199: taskqueue_enqueue(fws_tq, &fws_sndpkt_task);
1.1 misho 200: return 0;
201: }
202:
203: int
1.7 misho 204: fwsync_alias_handler(const void *arg, const void *extdata)
1.1 misho 205: {
1.4 misho 206: const struct alias_link *lnk = arg;
207: struct fws_proto *spkt;
208: struct fws_sndpkt *p;
209:
1.1 misho 210: DTRACE();
211:
1.4 misho 212: if (!lnk || lnk->link_type >= IPPROTO_MAX)
213: return 0;
214:
215: mtx_lock(&fws_mtx_c);
216:
1.5 misho 217: p = malloc(sizeof(struct fws_sndpkt), M_FWSYNC, M_NOWAIT | M_ZERO);
1.4 misho 218: if (!p) {
219: mtx_unlock(&fws_mtx_c);
220: return 0;
221: } else
222: spkt = &p->sp_proto;
223:
224: spkt->fws_version = FWS_PKTVER_ALIAS;
225: spkt->fws_proto = lnk->link_type;
226: spkt->fws_addrtype = 4;
227: spkt->fws_sport = lnk->src_port;
228: spkt->fws_dport = lnk->dst_port;
229: spkt->fws_aport = lnk->alias_port;
230: spkt->fws_pport = lnk->proxy_port;
231: spkt->fws_saddr.s_addr = lnk->src_addr.s_addr;
232: spkt->fws_daddr.s_addr = lnk->dst_addr.s_addr;
233: spkt->fws_aaddr.s_addr = lnk->alias_addr.s_addr;
234: spkt->fws_paddr.s_addr = lnk->proxy_addr.s_addr;
235:
236: TAILQ_INSERT_TAIL(&fwsync_sndpkt, p, sp_next);
237:
1.19 ! misho 238: fws_acct.aliases[0]++;
! 239:
1.4 misho 240: mtx_unlock(&fws_mtx_c);
241:
242: taskqueue_enqueue(fws_tq, &fws_sndpkt_task);
1.1 misho 243: return 0;
244: }
1.9 misho 245:
246: int
247: fwsync_state_sync(const void *arg, const void *extdata)
248: {
249: struct fws_sndpkt *pkt;
250: struct ipfw_flow_id fid;
1.10 misho 251: struct ip_fw *rule;
252: int f_pos;
253: struct ip_fw_chain *chain = &V_layer3_chain;
1.9 misho 254:
255: DTRACE();
256:
257: mtx_lock(&fws_mtx_u);
258: pkt = TAILQ_FIRST(&fwsync_updpkt);
1.19 ! misho 259: if (pkt) {
1.9 misho 260: TAILQ_REMOVE(&fwsync_updpkt, pkt, sp_next);
1.19 ! misho 261: fws_acct.states[1]++;
! 262: }
1.9 misho 263: mtx_unlock(&fws_mtx_u);
264:
265: if (!pkt) /* update queue is empty */
266: return 0;
267:
268: if (!(fws_cfg.cfg.on & CFG_SYNC_EDGE)) {
269: free(pkt, M_FWSYNC);
270: return EAGAIN;
271: }
272:
273: memset(&fid, 0, sizeof fid);
274: fid.fib = pkt->sp_proto.fws_fib;
275: fid.proto = pkt->sp_proto.fws_proto;
276: fid.addr_type = pkt->sp_proto.fws_addrtype;
277: fid.src_port = pkt->sp_proto.fws_sport;
278: fid.dst_port = pkt->sp_proto.fws_dport;
279: switch (pkt->sp_proto.fws_addrtype) {
280: case 4:
281: fid.src_ip = pkt->sp_proto.fws_saddr.s_addr;
282: fid.dst_ip = pkt->sp_proto.fws_daddr.s_addr;
283: break;
284: case 6:
285: memcpy(&fid.src_ip6, &pkt->sp_proto.fws_saddr6, sizeof fid.src_ip6);
286: memcpy(&fid.dst_ip6, &pkt->sp_proto.fws_daddr6, sizeof fid.dst_ip6);
287: fid.flow_id6 = pkt->sp_proto.fws_scopeid;
288: break;
289: default:
290: free(pkt, M_FWSYNC);
291: return EINVAL;
292: }
293:
1.10 misho 294: f_pos = ipfw_find_rule(chain, pkt->sp_proto.fws_ruleid, pkt->sp_proto.fws_rulenum);
295: rule = chain->map[f_pos];
296: ipfw_dyn_install_sync_state(&fid, rule,
297: pkt->sp_proto.fws_ruleid, pkt->sp_proto.fws_rulenum,
298: pkt->sp_proto.fws_kidx, pkt->sp_proto.fws_cmdtype);
1.9 misho 299:
300: free(pkt, M_FWSYNC);
301: return 0;
302: }
1.12 misho 303:
304: int
305: fwsync_alias_sync(const void *arg, const void *extdata)
306: {
307: struct fws_sndpkt *pkt;
1.14 misho 308: const struct cfg_nat *t = arg;
1.12 misho 309:
310: DTRACE();
311:
312: mtx_lock(&fws_mtx_n);
1.18 misho 313: while ((pkt = TAILQ_FIRST(&fwsync_natpkt))) {
1.12 misho 314: TAILQ_REMOVE(&fwsync_natpkt, pkt, sp_next);
1.19 ! misho 315: fws_acct.aliases[1]++;
1.12 misho 316:
1.18 misho 317: if (!(fws_cfg.cfg.on & CFG_SYNC_EDGE)) {
318: free(pkt, M_FWSYNC);
319: continue;
320: }
321:
322: if (t) {
323: LIBALIAS_LOCK(t->lib);
324: AddLink(t->lib, pkt->sp_proto.fws_saddr,
325: pkt->sp_proto.fws_daddr,
326: pkt->sp_proto.fws_aaddr,
327: pkt->sp_proto.fws_sport,
328: pkt->sp_proto.fws_dport,
329: pkt->sp_proto.fws_aport,
330: pkt->sp_proto.fws_linktype | LINK_SYNC_MASK);
331: LIBALIAS_UNLOCK(t->lib);
332: }
1.12 misho 333:
334: free(pkt, M_FWSYNC);
335: }
1.18 misho 336: mtx_unlock(&fws_mtx_n);
1.12 misho 337:
338: return 0;
339: }
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>