/*-
* SPDX-License-Identifier: BSD-2-Clause-FreeBSD
*
* Copyright (c) 2022 Michael Pounov <misho@elwix.org>, CloudSigma AG
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include "fwsync.h"
int
fwsync_add_state(const struct fws_proto *pkt)
{
struct fws_sndpkt *p;
DTRACE();
if (!pkt || pkt->fws_addrtype == 1)
return 0; /* skip ethernet packet */
p = malloc(sizeof(struct fws_sndpkt), M_FWSYNC, M_NOWAIT | M_ZERO);
if (!p) {
return ENOMEM;
} else
memcpy(&p->sp_proto, pkt, sizeof(struct fws_proto));
mtx_lock(&fws_mtx_u);
TAILQ_INSERT_TAIL(&fwsync_updpkt, p, sp_next);
mtx_unlock(&fws_mtx_u);
return 0;
}
int
fwsync_add_alias(const struct fws_proto *pkt)
{
struct fws_sndpkt *p;
DTRACE();
if (!pkt || pkt->fws_addrtype == 1 || pkt->fws_addrtype == 6)
return 0; /* skip packet */
p = malloc(sizeof(struct fws_sndpkt), M_FWSYNC, M_NOWAIT | M_ZERO);
if (!p) {
return ENOMEM;
} else
memcpy(&p->sp_proto, pkt, sizeof(struct fws_proto));
mtx_lock(&fws_mtx_n);
TAILQ_INSERT_TAIL(&fwsync_natpkt, p, sp_next);
mtx_unlock(&fws_mtx_n);
return 0;
}
void
fwsync_sndpkt_handler(void *context, int pending)
{
struct fws_sndpkt *pkt;
struct mbuf *m2, *m;
int e;
DTRACE();
do {
mtx_lock(&fws_mtx_c);
pkt = TAILQ_FIRST(&fwsync_sndpkt);
if (pkt)
TAILQ_REMOVE(&fwsync_sndpkt, pkt, sp_next);
mtx_unlock(&fws_mtx_c);
if (!pkt) /* sending queue is empty */
break;
if (!(fws_cfg.cfg.on & CFG_SYNC_COLLECTOR)) {
free(pkt, M_FWSYNC);
continue;
}
m = m_gethdr(M_NOWAIT, MT_DATA);
if (!m) {
free(pkt, M_FWSYNC);
continue;
}
memcpy(mtod(m, struct fws_proto *), &pkt->sp_proto, sizeof pkt->sp_proto);
m->m_len = sizeof pkt->sp_proto;
m_fixhdr(m);
if ((fws_ctx.config & (CTX_COLLECTOR_2_ONLINE | CTX_COLLECTOR_2_READY)) ==
(CTX_COLLECTOR_2_ONLINE | CTX_COLLECTOR_2_READY)) {
m2 = m_copypacket(m, M_NOWAIT);
if (!m2) {
printf("error in copypacket for second collector\n");
goto out;
}
e = sosend(fws_ctx.sockz[CFG_SYNC_ADDR_COLLECTOR_2],
&fws_cfg.cfg_addr[CFG_SYNC_ADDR_COLLECTOR_2].addr, NULL,
m2, NULL, 0, curthread);
if (e && e != EAGAIN)
printf("error in collector %d handler #%d\n", CFG_SYNC_ADDR_COLLECTOR_2, e);
}
if ((fws_ctx.config & (CTX_COLLECTOR_1_ONLINE | CTX_COLLECTOR_1_READY)) ==
(CTX_COLLECTOR_1_ONLINE | CTX_COLLECTOR_1_READY)) {
m2 = m_copypacket(m, M_NOWAIT);
if (!m2) {
printf("error in copypacket for first collector\n");
goto out;
}
e = sosend(fws_ctx.sockz[CFG_SYNC_ADDR_COLLECTOR_1],
&fws_cfg.cfg_addr[CFG_SYNC_ADDR_COLLECTOR_1].addr, NULL,
m2, NULL, 0, curthread);
if (e && e != EAGAIN)
printf("error in collector %d handler #%d\n", CFG_SYNC_ADDR_COLLECTOR_1, e);
}
out:
m_freem(m);
free(pkt, M_FWSYNC);
} while (--pending);
}
int
fwsync_state_handler(const void *arg, const void *extdata)
{
const struct ipfw_flow_id *pkt = arg;
const struct ipfw_dyn_hook_extdata *edata = extdata;
struct fws_proto *spkt;
struct fws_sndpkt *p;
DTRACE();
if (!pkt || pkt->addr_type == 1)
return 0; /* skip ethernet packet */
mtx_lock(&fws_mtx_c);
p = malloc(sizeof(struct fws_sndpkt), M_FWSYNC, M_NOWAIT | M_ZERO);
if (!p) {
mtx_unlock(&fws_mtx_c);
return 0;
} else
spkt = &p->sp_proto;
spkt->fws_version = FWS_PKTVER_STATE;
spkt->fws_fib = pkt->fib;
spkt->fws_cmdtype = edata->cmdtype;
spkt->fws_kidx = edata->kidx;
spkt->fws_ruleid = edata->ruleid;
spkt->fws_rulenum = edata->rulenum;
spkt->fws_proto = pkt->proto;
spkt->fws_addrtype = pkt->addr_type;
spkt->fws_sport = pkt->src_port;
spkt->fws_dport = pkt->dst_port;
switch (pkt->addr_type) {
case 4:
spkt->fws_saddr.s_addr = pkt->src_ip;
spkt->fws_daddr.s_addr = pkt->dst_ip;
spkt->fws_scopeid = 0;
break;
case 6:
memcpy(&spkt->fws_saddr6, &pkt->src_ip6, sizeof spkt->fws_saddr6);
memcpy(&spkt->fws_daddr6, &pkt->dst_ip6, sizeof spkt->fws_daddr6);
spkt->fws_scopeid = pkt->flow_id6;
break;
default:
free(p, M_FWSYNC);
mtx_unlock(&fws_mtx_c);
return EINVAL;
}
TAILQ_INSERT_TAIL(&fwsync_sndpkt, p, sp_next);
fws_acct.states[0]++;
mtx_unlock(&fws_mtx_c);
taskqueue_enqueue(fws_tq, &fws_sndpkt_task);
return 0;
}
int
fwsync_alias_handler(const void *arg, const void *extdata)
{
const struct alias_link *lnk = arg;
struct fws_proto *spkt;
struct fws_sndpkt *p;
DTRACE();
if (!lnk || lnk->link_type >= IPPROTO_MAX)
return 0;
mtx_lock(&fws_mtx_c);
p = malloc(sizeof(struct fws_sndpkt), M_FWSYNC, M_NOWAIT | M_ZERO);
if (!p) {
mtx_unlock(&fws_mtx_c);
return 0;
} else
spkt = &p->sp_proto;
spkt->fws_version = FWS_PKTVER_ALIAS;
spkt->fws_proto = lnk->link_type;
spkt->fws_addrtype = 4;
spkt->fws_sport = lnk->src_port;
spkt->fws_dport = lnk->dst_port;
spkt->fws_aport = lnk->alias_port;
spkt->fws_pport = lnk->proxy_port;
spkt->fws_saddr.s_addr = lnk->src_addr.s_addr;
spkt->fws_daddr.s_addr = lnk->dst_addr.s_addr;
spkt->fws_aaddr.s_addr = lnk->alias_addr.s_addr;
spkt->fws_paddr.s_addr = lnk->proxy_addr.s_addr;
TAILQ_INSERT_TAIL(&fwsync_sndpkt, p, sp_next);
fws_acct.aliases[0]++;
mtx_unlock(&fws_mtx_c);
taskqueue_enqueue(fws_tq, &fws_sndpkt_task);
return 0;
}
int
fwsync_state_sync(const void *arg, const void *extdata)
{
struct fws_sndpkt *pkt;
struct ipfw_flow_id fid;
struct ip_fw *rule;
int f_pos;
struct ip_fw_chain *chain = &V_layer3_chain;
DTRACE();
mtx_lock(&fws_mtx_u);
pkt = TAILQ_FIRST(&fwsync_updpkt);
if (pkt) {
TAILQ_REMOVE(&fwsync_updpkt, pkt, sp_next);
fws_acct.states[1]++;
}
mtx_unlock(&fws_mtx_u);
if (!pkt) /* update queue is empty */
return 0;
if (!(fws_cfg.cfg.on & CFG_SYNC_EDGE)) {
free(pkt, M_FWSYNC);
return EAGAIN;
}
memset(&fid, 0, sizeof fid);
fid.fib = pkt->sp_proto.fws_fib;
fid.proto = pkt->sp_proto.fws_proto;
fid.addr_type = pkt->sp_proto.fws_addrtype;
fid.src_port = pkt->sp_proto.fws_sport;
fid.dst_port = pkt->sp_proto.fws_dport;
switch (pkt->sp_proto.fws_addrtype) {
case 4:
fid.src_ip = pkt->sp_proto.fws_saddr.s_addr;
fid.dst_ip = pkt->sp_proto.fws_daddr.s_addr;
break;
case 6:
memcpy(&fid.src_ip6, &pkt->sp_proto.fws_saddr6, sizeof fid.src_ip6);
memcpy(&fid.dst_ip6, &pkt->sp_proto.fws_daddr6, sizeof fid.dst_ip6);
fid.flow_id6 = pkt->sp_proto.fws_scopeid;
break;
default:
free(pkt, M_FWSYNC);
return EINVAL;
}
f_pos = ipfw_find_rule(chain, pkt->sp_proto.fws_ruleid, pkt->sp_proto.fws_rulenum);
rule = chain->map[f_pos];
ipfw_dyn_install_sync_state(&fid, rule,
pkt->sp_proto.fws_ruleid, pkt->sp_proto.fws_rulenum,
pkt->sp_proto.fws_kidx, pkt->sp_proto.fws_cmdtype);
free(pkt, M_FWSYNC);
return 0;
}
int
fwsync_alias_sync(const void *arg, const void *extdata)
{
struct fws_sndpkt *pkt;
const struct cfg_nat *t = arg;
DTRACE();
mtx_lock(&fws_mtx_n);
while ((pkt = TAILQ_FIRST(&fwsync_natpkt))) {
TAILQ_REMOVE(&fwsync_natpkt, pkt, sp_next);
fws_acct.aliases[1]++;
if (!(fws_cfg.cfg.on & CFG_SYNC_EDGE)) {
free(pkt, M_FWSYNC);
continue;
}
if (t) {
LIBALIAS_LOCK(t->lib);
AddLink(t->lib, pkt->sp_proto.fws_saddr,
pkt->sp_proto.fws_daddr,
pkt->sp_proto.fws_aaddr,
pkt->sp_proto.fws_sport,
pkt->sp_proto.fws_dport,
pkt->sp_proto.fws_aport,
pkt->sp_proto.fws_linktype | LINK_SYNC_MASK);
LIBALIAS_UNLOCK(t->lib);
}
free(pkt, M_FWSYNC);
}
mtx_unlock(&fws_mtx_n);
return 0;
}
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to fwsync_workers.c CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / fwsync / driver