xref: /netbsd-src/sys/net/npf/npf_conn.h (revision 2e2322c9c07009df921d11b1268f8506affbb8ba) 
1 /*	$NetBSD: npf_conn.h,v 1.10 2016/12/10 19:05:45 christos Exp $	*/
2 
3 /*-
4  * Copyright (c) 2009-2014 The NetBSD Foundation, Inc.
5  * All rights reserved.
6  *
7  * This material is based upon work partially supported by The
8  * NetBSD Foundation under a contract with Mindaugas Rasiukevicius.
9  *
10  * Redistribution and use in source and binary forms, with or without
11  * modification, are permitted provided that the following conditions
12  * are met:
13  * 1. Redistributions of source code must retain the above copyright
14  *    notice, this list of conditions and the following disclaimer.
15  * 2. Redistributions in binary form must reproduce the above copyright
16  *    notice, this list of conditions and the following disclaimer in the
17  *    documentation and/or other materials provided with the distribution.
18  *
19  * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
20  * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
21  * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
22  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
23  * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
24  * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
25  * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
26  * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
27  * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
28  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
29  * POSSIBILITY OF SUCH DAMAGE.
30  */
31 
32 #ifndef _NPF_CONN_H_
33 #define _NPF_CONN_H_
34 
35 #if !defined(_KERNEL)
36 #error "kernel-level header only"
37 #endif
38 
39 #include <sys/types.h>
40 
41 #include "npf_impl.h"
42 
43 typedef struct npf_connkey npf_connkey_t;
44 
45 #if defined(__NPF_CONN_PRIVATE)
46 
47 #include <sys/rbtree.h>
48 
49 /*
50  * See npf_conn_conkey() function for the key layout description.
51  */
52 #define	NPF_CONN_NKEYWORDS	(2 + ((sizeof(npf_addr_t) * 2) >> 2))
53 #define	NPF_CONN_GETALEN(key)	((key)->ck_key[0] & 0xffff)
54 #define	NPF_CONN_KEYLEN(key)	(8 + (2 * NPF_CONN_GETALEN(key)))
55 
56 struct npf_connkey {
57 	/* Entry node and back-pointer to the actual connection. */
58 	rb_node_t		ck_rbnode;
59 	uint32_t		ck_key[NPF_CONN_NKEYWORDS];
60 	npf_conn_t *		ck_backptr;
61 };
62 
63 /*
64  * The main connection tracking structure.
65  */
66 
67 struct npf_conn {
68 	/*
69 	 * Connection "forwards" and "backwards" entries, plus the
70 	 * interface ID (if zero, then the state is global).
71 	 */
72 	npf_connkey_t		c_forw_entry;
73 	npf_connkey_t		c_back_entry;
74 	u_int			c_proto;
75 	u_int			c_ifid;
76 
77 	/* Flags and entry in the connection database or G/C list. */
78 	u_int			c_flags;
79 	npf_conn_t *		c_next;
80 
81 	/* Associated rule procedure or NAT (if any). */
82 	npf_rproc_t *		c_rproc;
83 	npf_nat_t *		c_nat;
84 
85 	/*
86 	 * The protocol state, reference count and the last activity
87 	 * time (used to calculate expiration time).
88 	 */
89 	kmutex_t		c_lock;
90 	npf_state_t		c_state;
91 	u_int			c_refcnt;
92 	struct timespec		c_atime;
93 };
94 
95 #endif
96 
97 /*
98  * Connection tracking interface.
99  */
100 void		npf_conn_sysinit(void);
101 void		npf_conn_sysfini(void);
102 void		npf_conn_tracking(bool);
103 void		npf_conn_load(npf_conndb_t *, bool);
104 
105 unsigned	npf_conn_conkey(const npf_cache_t *, npf_connkey_t *, bool);
106 npf_conn_t *	npf_conn_lookup(const npf_cache_t *, const int, bool *);
107 npf_conn_t *	npf_conn_inspect(npf_cache_t *, const int, int *);
108 npf_conn_t *	npf_conn_establish(npf_cache_t *, int, bool);
109 void		npf_conn_release(npf_conn_t *);
110 void		npf_conn_expire(npf_conn_t *);
111 bool		npf_conn_pass(const npf_conn_t *, npf_rproc_t **);
112 void		npf_conn_setpass(npf_conn_t *, npf_rproc_t *);
113 int		npf_conn_setnat(const npf_cache_t *, npf_conn_t *,
114 		    npf_nat_t *, u_int);
115 npf_nat_t *	npf_conn_getnat(npf_conn_t *, const int, bool *);
116 void		npf_conn_gc(npf_conndb_t *, bool, bool);
117 int		npf_conn_import(npf_conndb_t *, prop_dictionary_t,
118 		    npf_ruleset_t *);
119 int		npf_conn_find(prop_dictionary_t, prop_dictionary_t *);
120 prop_dictionary_t npf_conn_export(const npf_conn_t *);
121 void		npf_conn_print(const npf_conn_t *);
122 
123 /*
124  * Connection database (aka state table) interface.
125  */
126 npf_conndb_t *	npf_conndb_create(void);
127 void		npf_conndb_destroy(npf_conndb_t *);
128 
129 npf_conn_t *	npf_conndb_lookup(npf_conndb_t *, const npf_connkey_t *,
130 		    bool *);
131 bool		npf_conndb_insert(npf_conndb_t *, npf_connkey_t *,
132 		    npf_conn_t *);
133 npf_conn_t *	npf_conndb_remove(npf_conndb_t *, const npf_connkey_t *);
134 
135 void		npf_conndb_enqueue(npf_conndb_t *, npf_conn_t *);
136 void		npf_conndb_dequeue(npf_conndb_t *, npf_conn_t *,
137 		    npf_conn_t *);
138 npf_conn_t *	npf_conndb_getlist(npf_conndb_t *);
139 void		npf_conndb_settail(npf_conndb_t *, npf_conn_t *);
140 int		npf_conndb_export(prop_array_t);
141 
142 #endif	/* _NPF_CONN_H_ */
143