/************************************************************************* * (C) 2022 CloudSigma AG - Sofia/Bulgaria * by Michael Pounov **************************************************************************/ #include "fwsync.h" static int fwsync_add_state_4(struct ipfw_flow_id *fid, u_int ruleid, u_short rulenum) { struct ip_fw *rule = NULL; struct ip_fw_args args; struct ipfw_dyn_info info; ipfw_insn cmd; DTRACE(); memset(&cmd, 0, sizeof cmd); cmd.opcode = O_KEEP_STATE; memset(&info, 0, sizeof info); memset(&args, 0, sizeof args); memcpy(&args.f_id, fid, sizeof args.f_id); rule = ipfw_dyn_lookup_state(&args, NULL, 0, &cmd, &info); return ipfw_dyn_install_sync_state(fid, rule, ruleid, rulenum); } static int fwsync_add_state_6(struct ipfw_flow_id *fid, u_int ruleid, u_short rulenum) { DTRACE(); return 0; } int fwsync_add_state(const struct fws_proto *pkt) { struct ipfw_flow_id fid; DTRACE(); memset(&fid, 0, sizeof fid); fid.fib = pkt->fws_fib; fid.proto = pkt->fws_proto; fid.addr_type = pkt->fws_addrtype; fid.src_port = pkt->fws_sport; fid.dst_port = pkt->fws_dport; switch (pkt->fws_addrtype) { case 4: fid.src_ip = pkt->fws_saddr.s_addr; fid.dst_ip = pkt->fws_daddr.s_addr; break; case 6: memcpy(&fid.src_ip6, &pkt->fws_saddr6, sizeof fid.src_ip6); memcpy(&fid.dst_ip6, &pkt->fws_daddr6, sizeof fid.dst_ip6); fid.flow_id6 = pkt->fws_scopeid; break; default: return EINVAL; } if (pkt->fws_addrtype == 4) fwsync_add_state_4(&fid, pkt->fws_ruleid, pkt->fws_rulenum); else if (pkt->fws_addrtype == 6) fwsync_add_state_6(&fid, pkt->fws_ruleid, pkt->fws_rulenum); else return EINVAL; return 0; } int fwsync_add_alias(const struct fws_proto *pkt) { DTRACE(); return 0; } void fwsync_sndpkt_handler(void *context, int pending) { struct fws_sndpkt *pkt; struct mbuf *m2, *m; int e; DTRACE(); printf("pending=%d\n", pending); do { mtx_lock(&fws_mtx_c); pkt = TAILQ_FIRST(&fwsync_sndpkt); if (pkt) TAILQ_REMOVE(&fwsync_sndpkt, pkt, sp_next); mtx_unlock(&fws_mtx_c); if (!pkt) /* sending queue is empty */ break; if (!(fws_cfg.cfg.on & CFG_SYNC_COLLECTOR)) { free(pkt, M_FWSYNC); continue; } m = m_gethdr(M_NOWAIT, MT_DATA); if (!m) { free(pkt, M_FWSYNC); continue; } memcpy(mtod(m, struct fws_proto *), &pkt->sp_proto, sizeof pkt->sp_proto); m->m_len = sizeof pkt->sp_proto; m_fixhdr(m); if ((fws_ctx.config & (CTX_COLLECTOR_2_ONLINE | CTX_COLLECTOR_2_READY)) == (CTX_COLLECTOR_2_ONLINE | CTX_COLLECTOR_2_READY)) { m2 = m_copypacket(m, M_NOWAIT); if (!m2) { printf("error in copypacket for second collector\n"); goto out; } e = sosend(fws_ctx.sockz[CFG_SYNC_ADDR_COLLECTOR_2], &fws_cfg.cfg_addr[CFG_SYNC_ADDR_COLLECTOR_2].addr, NULL, m2, NULL, 0, curthread); if (e && e != EAGAIN) printf("error in collector %d handler #%d\n", CFG_SYNC_ADDR_COLLECTOR_2, e); } if ((fws_ctx.config & (CTX_COLLECTOR_1_ONLINE | CTX_COLLECTOR_1_READY)) == (CTX_COLLECTOR_1_ONLINE | CTX_COLLECTOR_1_READY)) { m2 = m_copypacket(m, M_NOWAIT); if (!m2) { printf("error in copypacket for first collector\n"); goto out; } e = sosend(fws_ctx.sockz[CFG_SYNC_ADDR_COLLECTOR_1], &fws_cfg.cfg_addr[CFG_SYNC_ADDR_COLLECTOR_1].addr, NULL, m2, NULL, 0, curthread); if (e && e != EAGAIN) printf("error in collector %d handler #%d\n", CFG_SYNC_ADDR_COLLECTOR_1, e); } out: m_freem(m); free(pkt, M_FWSYNC); } while (--pending); } int fwsync_state_handler(const void *arg, const void *extdata) { const struct ipfw_flow_id *pkt = arg; const struct ipfw_dyn_hook_extdata *edata = extdata; struct fws_proto *spkt; struct fws_sndpkt *p; DTRACE(); if (!pkt || pkt->addr_type == 1) return 0; /* skip ethernet packet */ mtx_lock(&fws_mtx_c); p = malloc(sizeof(struct fws_sndpkt), M_FWSYNC, M_NOWAIT | M_ZERO); if (!p) { mtx_unlock(&fws_mtx_c); return 0; } else spkt = &p->sp_proto; spkt->fws_version = FWS_PKTVER_STATE; spkt->fws_fib = pkt->fib; spkt->fws_ruleid = edata->ruleid; spkt->fws_rulenum = edata->rulenum; spkt->fws_proto = pkt->proto; spkt->fws_addrtype = pkt->addr_type; spkt->fws_sport = pkt->src_port; spkt->fws_dport = pkt->dst_port; switch (pkt->addr_type) { case 4: spkt->fws_saddr.s_addr = pkt->src_ip; spkt->fws_daddr.s_addr = pkt->dst_ip; spkt->fws_scopeid = 0; break; case 6: memcpy(&spkt->fws_saddr6, &pkt->src_ip6, sizeof spkt->fws_saddr6); memcpy(&spkt->fws_daddr6, &pkt->dst_ip6, sizeof spkt->fws_daddr6); spkt->fws_scopeid = pkt->flow_id6; break; default: free(p, M_FWSYNC); mtx_unlock(&fws_mtx_c); return EINVAL; } TAILQ_INSERT_TAIL(&fwsync_sndpkt, p, sp_next); mtx_unlock(&fws_mtx_c); taskqueue_enqueue(fws_tq, &fws_sndpkt_task); return 0; } int fwsync_alias_handler(const void *arg, const void *extdata) { const struct alias_link *lnk = arg; struct fws_proto *spkt; struct fws_sndpkt *p; DTRACE(); if (!lnk || lnk->link_type >= IPPROTO_MAX) return 0; mtx_lock(&fws_mtx_c); p = malloc(sizeof(struct fws_sndpkt), M_FWSYNC, M_NOWAIT | M_ZERO); if (!p) { mtx_unlock(&fws_mtx_c); return 0; } else spkt = &p->sp_proto; spkt->fws_version = FWS_PKTVER_ALIAS; spkt->fws_proto = lnk->link_type; spkt->fws_addrtype = 4; spkt->fws_sport = lnk->src_port; spkt->fws_dport = lnk->dst_port; spkt->fws_aport = lnk->alias_port; spkt->fws_pport = lnk->proxy_port; spkt->fws_saddr.s_addr = lnk->src_addr.s_addr; spkt->fws_daddr.s_addr = lnk->dst_addr.s_addr; spkt->fws_aaddr.s_addr = lnk->alias_addr.s_addr; spkt->fws_paddr.s_addr = lnk->proxy_addr.s_addr; TAILQ_INSERT_TAIL(&fwsync_sndpkt, p, sp_next); mtx_unlock(&fws_mtx_c); taskqueue_enqueue(fws_tq, &fws_sndpkt_task); return 0; }