xref: /netbsd-src/sys/net/npf/npf_conn.h (revision bdc22b2e01993381dcefeff2bc9b56ca75a4235c) 
1 /*	$NetBSD: npf_conn.h,v 1.13 2017/12/10 00:07:36 rmind Exp $	*/
2 
3 /*-
4  * Copyright (c) 2009-2014 The NetBSD Foundation, Inc.
5  * All rights reserved.
6  *
7  * This material is based upon work partially supported by The
8  * NetBSD Foundation under a contract with Mindaugas Rasiukevicius.
9  *
10  * Redistribution and use in source and binary forms, with or without
11  * modification, are permitted provided that the following conditions
12  * are met:
13  * 1. Redistributions of source code must retain the above copyright
14  *    notice, this list of conditions and the following disclaimer.
15  * 2. Redistributions in binary form must reproduce the above copyright
16  *    notice, this list of conditions and the following disclaimer in the
17  *    documentation and/or other materials provided with the distribution.
18  *
19  * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
20  * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
21  * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
22  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
23  * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
24  * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
25  * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
26  * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
27  * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
28  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
29  * POSSIBILITY OF SUCH DAMAGE.
30  */
31 
32 #ifndef _NPF_CONN_H_
33 #define _NPF_CONN_H_
34 
35 #if !defined(_KERNEL) && !defined(_NPF_STANDALONE)
36 #error "kernel-level header only"
37 #endif
38 
39 #include <sys/types.h>
40 
41 #include "npf_impl.h"
42 
43 typedef struct npf_connkey npf_connkey_t;
44 
45 #if defined(__NPF_CONN_PRIVATE)
46 
47 /*
48  * See npf_conn_conkey() function for the key layout description.
49  */
50 #define	NPF_CONN_NKEYWORDS	(2 + ((sizeof(npf_addr_t) * 2) >> 2))
51 #define	NPF_CONN_GETALEN(key)	((key)->ck_key[0] & 0xffff)
52 #define	NPF_CONN_KEYLEN(key)	(8 + (2 * NPF_CONN_GETALEN(key)))
53 
54 struct npf_connkey {
55 	/* Entry node and back-pointer to the actual connection. */
56 	rb_node_t		ck_rbnode;
57 	uint32_t		ck_key[NPF_CONN_NKEYWORDS];
58 	npf_conn_t *		ck_backptr;
59 };
60 
61 /*
62  * The main connection tracking structure.
63  */
64 
65 struct npf_conn {
66 	/*
67 	 * Connection "forwards" and "backwards" entries, plus the
68 	 * interface ID (if zero, then the state is global).
69 	 */
70 	npf_connkey_t		c_forw_entry;
71 	npf_connkey_t		c_back_entry;
72 	u_int			c_proto;
73 	u_int			c_ifid;
74 
75 	/* Flags and entry in the connection database or G/C list. */
76 	u_int			c_flags;
77 	npf_conn_t *		c_next;
78 
79 	/* Associated rule procedure or NAT (if any). */
80 	npf_rproc_t *		c_rproc;
81 	npf_nat_t *		c_nat;
82 
83 	/*
84 	 * The protocol state, reference count and the last activity
85 	 * time (used to calculate expiration time).
86 	 */
87 	kmutex_t		c_lock;
88 	npf_state_t		c_state;
89 	u_int			c_refcnt;
90 	uint64_t		c_atime;
91 
92 	/*
93 	 * Save the matching rule ID and flags.
94 	 */
95 	uint64_t		c_rid;
96 	u_int			c_retfl;
97 };
98 
99 #endif
100 
101 /*
102  * Connection tracking interface.
103  */
104 void		npf_conn_init(npf_t *, int);
105 void		npf_conn_fini(npf_t *);
106 void		npf_conn_tracking(npf_t *, bool);
107 void		npf_conn_load(npf_t *, npf_conndb_t *, bool);
108 
109 unsigned	npf_conn_conkey(const npf_cache_t *, npf_connkey_t *, bool);
110 npf_conn_t *	npf_conn_lookup(const npf_cache_t *, const int, bool *);
111 npf_conn_t *	npf_conn_inspect(npf_cache_t *, const int, int *);
112 npf_conn_t *	npf_conn_establish(npf_cache_t *, int, bool);
113 void		npf_conn_release(npf_conn_t *);
114 void		npf_conn_expire(npf_conn_t *);
115 bool		npf_conn_pass(const npf_conn_t *, npf_match_info_t *,
116 		    npf_rproc_t **);
117 void		npf_conn_setpass(npf_conn_t *, const npf_match_info_t *,
118 		    npf_rproc_t *);
119 int		npf_conn_setnat(const npf_cache_t *, npf_conn_t *,
120 		    npf_nat_t *, u_int);
121 npf_nat_t *	npf_conn_getnat(npf_conn_t *, const int, bool *);
122 void		npf_conn_gc(npf_t *, npf_conndb_t *, bool, bool);
123 void		npf_conn_worker(npf_t *);
124 int		npf_conn_import(npf_t *, npf_conndb_t *, prop_dictionary_t,
125 		    npf_ruleset_t *);
126 int		npf_conn_find(npf_t *, prop_dictionary_t, prop_dictionary_t *);
127 prop_dictionary_t npf_conn_export(npf_t *, const npf_conn_t *);
128 void		npf_conn_print(const npf_conn_t *);
129 
130 /*
131  * Connection database (aka state table) interface.
132  */
133 npf_conndb_t *	npf_conndb_create(void);
134 void		npf_conndb_destroy(npf_conndb_t *);
135 
136 npf_conn_t *	npf_conndb_lookup(npf_conndb_t *, const npf_connkey_t *,
137 		    bool *);
138 bool		npf_conndb_insert(npf_conndb_t *, npf_connkey_t *,
139 		    npf_conn_t *);
140 npf_conn_t *	npf_conndb_remove(npf_conndb_t *, npf_connkey_t *);
141 
142 void		npf_conndb_enqueue(npf_conndb_t *, npf_conn_t *);
143 void		npf_conndb_dequeue(npf_conndb_t *, npf_conn_t *,
144 		    npf_conn_t *);
145 npf_conn_t *	npf_conndb_getlist(npf_conndb_t *);
146 void		npf_conndb_settail(npf_conndb_t *, npf_conn_t *);
147 int		npf_conndb_export(npf_t *, prop_array_t);
148 
149 #endif	/* _NPF_CONN_H_ */
150