1*10946SSangeeta.Misra@Sun.COM /* 2*10946SSangeeta.Misra@Sun.COM * CDDL HEADER START 3*10946SSangeeta.Misra@Sun.COM * 4*10946SSangeeta.Misra@Sun.COM * The contents of this file are subject to the terms of the 5*10946SSangeeta.Misra@Sun.COM * Common Development and Distribution License (the "License"). 6*10946SSangeeta.Misra@Sun.COM * You may not use this file except in compliance with the License. 7*10946SSangeeta.Misra@Sun.COM * 8*10946SSangeeta.Misra@Sun.COM * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9*10946SSangeeta.Misra@Sun.COM * or http://www.opensolaris.org/os/licensing. 10*10946SSangeeta.Misra@Sun.COM * See the License for the specific language governing permissions 11*10946SSangeeta.Misra@Sun.COM * and limitations under the License. 12*10946SSangeeta.Misra@Sun.COM * 13*10946SSangeeta.Misra@Sun.COM * When distributing Covered Code, include this CDDL HEADER in each 14*10946SSangeeta.Misra@Sun.COM * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15*10946SSangeeta.Misra@Sun.COM * If applicable, add the following below this CDDL HEADER, with the 16*10946SSangeeta.Misra@Sun.COM * fields enclosed by brackets "[]" replaced with your own identifying 17*10946SSangeeta.Misra@Sun.COM * information: Portions Copyright [yyyy] [name of copyright owner] 18*10946SSangeeta.Misra@Sun.COM * 19*10946SSangeeta.Misra@Sun.COM * CDDL HEADER END 20*10946SSangeeta.Misra@Sun.COM */ 21*10946SSangeeta.Misra@Sun.COM 22*10946SSangeeta.Misra@Sun.COM /* 23*10946SSangeeta.Misra@Sun.COM * Copyright 2009 Sun Microsystems, Inc. All rights reserved. 24*10946SSangeeta.Misra@Sun.COM * Use is subject to license terms. 25*10946SSangeeta.Misra@Sun.COM */ 26*10946SSangeeta.Misra@Sun.COM 27*10946SSangeeta.Misra@Sun.COM #ifndef _INET_ILB_CONN_H 28*10946SSangeeta.Misra@Sun.COM #define _INET_ILB_CONN_H 29*10946SSangeeta.Misra@Sun.COM 30*10946SSangeeta.Misra@Sun.COM #ifdef __cplusplus 31*10946SSangeeta.Misra@Sun.COM extern "C" { 32*10946SSangeeta.Misra@Sun.COM #endif 33*10946SSangeeta.Misra@Sun.COM 34*10946SSangeeta.Misra@Sun.COM struct ilb_conn_s; 35*10946SSangeeta.Misra@Sun.COM 36*10946SSangeeta.Misra@Sun.COM /* 37*10946SSangeeta.Misra@Sun.COM * Struct of the conn hash table bucket 38*10946SSangeeta.Misra@Sun.COM * 39*10946SSangeeta.Misra@Sun.COM * ilb_connp: the first conn hash entry in the bucket 40*10946SSangeeta.Misra@Sun.COM * ilb_conn_hash_lock: mutex to protect the list in the bucket 41*10946SSangeeta.Misra@Sun.COM * ilb_conn_cnt: number of conn hash entries in this bucket 42*10946SSangeeta.Misra@Sun.COM */ 43*10946SSangeeta.Misra@Sun.COM typedef struct ilb_conn_hash_s { 44*10946SSangeeta.Misra@Sun.COM struct ilb_conn_s *ilb_connp; 45*10946SSangeeta.Misra@Sun.COM kmutex_t ilb_conn_hash_lock; 46*10946SSangeeta.Misra@Sun.COM uint32_t ilb_conn_cnt; 47*10946SSangeeta.Misra@Sun.COM #if defined(_LP64) || defined(_I32LPx) 48*10946SSangeeta.Misra@Sun.COM char ilb_conn_hash_pad[44]; 49*10946SSangeeta.Misra@Sun.COM #else 50*10946SSangeeta.Misra@Sun.COM char ilb_conn_hash_pad[52]; 51*10946SSangeeta.Misra@Sun.COM #endif 52*10946SSangeeta.Misra@Sun.COM } ilb_conn_hash_t; 53*10946SSangeeta.Misra@Sun.COM 54*10946SSangeeta.Misra@Sun.COM /* 55*10946SSangeeta.Misra@Sun.COM * Extracted rule/server info for faster access without holding a reference 56*10946SSangeeta.Misra@Sun.COM * to a rule or server. 57*10946SSangeeta.Misra@Sun.COM */ 58*10946SSangeeta.Misra@Sun.COM typedef struct ilb_rule_info_s { 59*10946SSangeeta.Misra@Sun.COM ilb_topo_impl_t topo; 60*10946SSangeeta.Misra@Sun.COM ilb_nat_info_t info; 61*10946SSangeeta.Misra@Sun.COM } ilb_rule_info_t; 62*10946SSangeeta.Misra@Sun.COM 63*10946SSangeeta.Misra@Sun.COM /* Info about a TCP connection for tracking */ 64*10946SSangeeta.Misra@Sun.COM struct ilb_tcp_track { 65*10946SSangeeta.Misra@Sun.COM uint32_t ack; 66*10946SSangeeta.Misra@Sun.COM uint32_t fss; 67*10946SSangeeta.Misra@Sun.COM boolean_t fin_sent; 68*10946SSangeeta.Misra@Sun.COM boolean_t fin_acked; 69*10946SSangeeta.Misra@Sun.COM }; 70*10946SSangeeta.Misra@Sun.COM 71*10946SSangeeta.Misra@Sun.COM /* 72*10946SSangeeta.Misra@Sun.COM * Struct to store NAT info of a connection (one direction) 73*10946SSangeeta.Misra@Sun.COM * 74*10946SSangeeta.Misra@Sun.COM * conn_daddr: destination address to be matched to find this info 75*10946SSangeeta.Misra@Sun.COM * conn_saddr: source address to be matched 76*10946SSangeeta.Misra@Sun.COM * conn_dport: destination port to be matched 77*10946SSangeeta.Misra@Sun.COM * conn_sport: source port to be matched 78*10946SSangeeta.Misra@Sun.COM * conn_ip_sum: IP checksum adjustment for NAT 79*10946SSangeeta.Misra@Sun.COM * conn_tp_sum: tranport checksum adjustment for NAT 80*10946SSangeeta.Misra@Sun.COM * conn_tcp_track: TCP connection tracking info 81*10946SSangeeta.Misra@Sun.COM * conn_atime: last access time of this conn cache 82*10946SSangeeta.Misra@Sun.COM * conn_pkt_cnt: packets processed using this conn 83*10946SSangeeta.Misra@Sun.COM * conn_next: next conn info (for conn info linked list) 84*10946SSangeeta.Misra@Sun.COM * conn_prev: previous conn info (for conn info linked list) 85*10946SSangeeta.Misra@Sun.COM * conn_hash: back pointer to the conn hash table bucket 86*10946SSangeeta.Misra@Sun.COM */ 87*10946SSangeeta.Misra@Sun.COM struct ilb_conn_info { 88*10946SSangeeta.Misra@Sun.COM in6_addr_t conn_daddr; 89*10946SSangeeta.Misra@Sun.COM in6_addr_t conn_saddr; 90*10946SSangeeta.Misra@Sun.COM in_port_t conn_dport; 91*10946SSangeeta.Misra@Sun.COM in_port_t conn_sport; 92*10946SSangeeta.Misra@Sun.COM uint32_t conn_ip_sum; 93*10946SSangeeta.Misra@Sun.COM uint32_t conn_tp_sum; 94*10946SSangeeta.Misra@Sun.COM 95*10946SSangeeta.Misra@Sun.COM struct ilb_tcp_track conn_tcp_track; 96*10946SSangeeta.Misra@Sun.COM 97*10946SSangeeta.Misra@Sun.COM /* Last access time */ 98*10946SSangeeta.Misra@Sun.COM int64_t conn_atime; 99*10946SSangeeta.Misra@Sun.COM uint64_t conn_pkt_cnt; 100*10946SSangeeta.Misra@Sun.COM 101*10946SSangeeta.Misra@Sun.COM struct ilb_conn_s *conn_next; 102*10946SSangeeta.Misra@Sun.COM struct ilb_conn_s *conn_prev; 103*10946SSangeeta.Misra@Sun.COM ilb_conn_hash_t *conn_hash; 104*10946SSangeeta.Misra@Sun.COM }; 105*10946SSangeeta.Misra@Sun.COM 106*10946SSangeeta.Misra@Sun.COM /* 107*10946SSangeeta.Misra@Sun.COM * Struct (an entry in the conn hash table) to store a NAT info of a 108*10946SSangeeta.Misra@Sun.COM * connection (both directions, client to server and server to client) 109*10946SSangeeta.Misra@Sun.COM * 110*10946SSangeeta.Misra@Sun.COM * conn_l4: transport protocol used in this NAT connection 111*10946SSangeeta.Misra@Sun.COM * conn_expry: expiry time of this entry 112*10946SSangeeta.Misra@Sun.COM * conn_cr_time: creation time of this entry 113*10946SSangeeta.Misra@Sun.COM * conn_c2s: client to back end server info 114*10946SSangeeta.Misra@Sun.COM * conn_s2c_ back end server to client info 115*10946SSangeeta.Misra@Sun.COM * conn_server: pointer to the back end server structure 116*10946SSangeeta.Misra@Sun.COM * conn_rule_cache: rule information needed for this entry (copied from 117*10946SSangeeta.Misra@Sun.COM * the ilb_rule_t struct) 118*10946SSangeeta.Misra@Sun.COM * conn_sticky: pointer to the sticky info of this client, used to do 119*10946SSangeeta.Misra@Sun.COM * reference counting on the sticky info. 120*10946SSangeeta.Misra@Sun.COM * conn_gc: indicates whether this entry needs to be garbage collected 121*10946SSangeeta.Misra@Sun.COM */ 122*10946SSangeeta.Misra@Sun.COM typedef struct ilb_conn_s { 123*10946SSangeeta.Misra@Sun.COM int conn_l4; 124*10946SSangeeta.Misra@Sun.COM 125*10946SSangeeta.Misra@Sun.COM int64_t conn_expiry; 126*10946SSangeeta.Misra@Sun.COM int64_t conn_cr_time; 127*10946SSangeeta.Misra@Sun.COM 128*10946SSangeeta.Misra@Sun.COM /* Client to server, hash and check info */ 129*10946SSangeeta.Misra@Sun.COM struct ilb_conn_info conn_c2s; 130*10946SSangeeta.Misra@Sun.COM #define conn_c2s_daddr conn_c2s.conn_daddr 131*10946SSangeeta.Misra@Sun.COM #define conn_c2s_saddr conn_c2s.conn_saddr 132*10946SSangeeta.Misra@Sun.COM #define conn_c2s_dport conn_c2s.conn_dport 133*10946SSangeeta.Misra@Sun.COM #define conn_c2s_sport conn_c2s.conn_sport 134*10946SSangeeta.Misra@Sun.COM #define conn_c2s_next conn_c2s.conn_next 135*10946SSangeeta.Misra@Sun.COM #define conn_c2s_prev conn_c2s.conn_prev 136*10946SSangeeta.Misra@Sun.COM #define conn_c2s_hash conn_c2s.conn_hash 137*10946SSangeeta.Misra@Sun.COM #define conn_c2s_atime conn_c2s.conn_atime 138*10946SSangeeta.Misra@Sun.COM #define conn_c2s_pkt_cnt conn_c2s.conn_pkt_cnt 139*10946SSangeeta.Misra@Sun.COM #define conn_c2s_ip_sum conn_c2s.conn_ip_sum 140*10946SSangeeta.Misra@Sun.COM #define conn_c2s_tp_sum conn_c2s.conn_tp_sum 141*10946SSangeeta.Misra@Sun.COM #define conn_c2s_tcp_ack conn_c2s.conn_tcp_track.ack 142*10946SSangeeta.Misra@Sun.COM #define conn_c2s_tcp_fss conn_c2s.conn_tcp_track.fss 143*10946SSangeeta.Misra@Sun.COM #define conn_c2s_tcp_fin_sent conn_c2s.conn_tcp_track.fin_sent 144*10946SSangeeta.Misra@Sun.COM #define conn_c2s_tcp_fin_acked conn_c2s.conn_tcp_track.fin_acked 145*10946SSangeeta.Misra@Sun.COM 146*10946SSangeeta.Misra@Sun.COM /* Server to client, hash and check info */ 147*10946SSangeeta.Misra@Sun.COM struct ilb_conn_info conn_s2c; 148*10946SSangeeta.Misra@Sun.COM #define conn_s2c_daddr conn_s2c.conn_daddr 149*10946SSangeeta.Misra@Sun.COM #define conn_s2c_saddr conn_s2c.conn_saddr 150*10946SSangeeta.Misra@Sun.COM #define conn_s2c_dport conn_s2c.conn_dport 151*10946SSangeeta.Misra@Sun.COM #define conn_s2c_sport conn_s2c.conn_sport 152*10946SSangeeta.Misra@Sun.COM #define conn_s2c_next conn_s2c.conn_next 153*10946SSangeeta.Misra@Sun.COM #define conn_s2c_prev conn_s2c.conn_prev 154*10946SSangeeta.Misra@Sun.COM #define conn_s2c_hash conn_s2c.conn_hash 155*10946SSangeeta.Misra@Sun.COM #define conn_s2c_atime conn_s2c.conn_atime 156*10946SSangeeta.Misra@Sun.COM #define conn_s2c_pkt_cnt conn_s2c.conn_pkt_cnt 157*10946SSangeeta.Misra@Sun.COM #define conn_s2c_ip_sum conn_s2c.conn_ip_sum 158*10946SSangeeta.Misra@Sun.COM #define conn_s2c_tp_sum conn_s2c.conn_tp_sum 159*10946SSangeeta.Misra@Sun.COM #define conn_s2c_tcp_ack conn_s2c.conn_tcp_track.ack 160*10946SSangeeta.Misra@Sun.COM #define conn_s2c_tcp_fss conn_s2c.conn_tcp_track.fss 161*10946SSangeeta.Misra@Sun.COM #define conn_s2c_tcp_fin_sent conn_s2c.conn_tcp_track.fin_sent 162*10946SSangeeta.Misra@Sun.COM #define conn_s2c_tcp_fin_acked conn_s2c.conn_tcp_track.fin_acked 163*10946SSangeeta.Misra@Sun.COM 164*10946SSangeeta.Misra@Sun.COM ilb_server_t *conn_server; 165*10946SSangeeta.Misra@Sun.COM ilb_rule_info_t conn_rule_cache; 166*10946SSangeeta.Misra@Sun.COM 167*10946SSangeeta.Misra@Sun.COM /* 168*10946SSangeeta.Misra@Sun.COM * If the rule is sticky enabled, all ilb_conn_t created from this 169*10946SSangeeta.Misra@Sun.COM * rule will have conn_sticky set to the ilb_sticky_t entry. Otherwise 170*10946SSangeeta.Misra@Sun.COM * conn_sticky is NULL. 171*10946SSangeeta.Misra@Sun.COM */ 172*10946SSangeeta.Misra@Sun.COM struct ilb_sticky_s *conn_sticky; 173*10946SSangeeta.Misra@Sun.COM 174*10946SSangeeta.Misra@Sun.COM boolean_t conn_gc; 175*10946SSangeeta.Misra@Sun.COM } ilb_conn_t; 176*10946SSangeeta.Misra@Sun.COM 177*10946SSangeeta.Misra@Sun.COM /* 178*10946SSangeeta.Misra@Sun.COM * Struct of the sticky hash table bucket 179*10946SSangeeta.Misra@Sun.COM * 180*10946SSangeeta.Misra@Sun.COM * sticky_head: the sticky hash list of this bucket 181*10946SSangeeta.Misra@Sun.COM * sticky_lock: mutex to protect the list 182*10946SSangeeta.Misra@Sun.COM * sticki_cnt: number of sticky hash entries in this bucket 183*10946SSangeeta.Misra@Sun.COM */ 184*10946SSangeeta.Misra@Sun.COM typedef struct ilb_sticky_hash_s { 185*10946SSangeeta.Misra@Sun.COM list_t sticky_head; 186*10946SSangeeta.Misra@Sun.COM kmutex_t sticky_lock; 187*10946SSangeeta.Misra@Sun.COM uint32_t sticky_cnt; 188*10946SSangeeta.Misra@Sun.COM #if defined(_LP64) || defined(_I32LPx) 189*10946SSangeeta.Misra@Sun.COM char sticky_pad[20]; 190*10946SSangeeta.Misra@Sun.COM #else 191*10946SSangeeta.Misra@Sun.COM char sticky_pad[36]; 192*10946SSangeeta.Misra@Sun.COM #endif 193*10946SSangeeta.Misra@Sun.COM } ilb_sticky_hash_t; 194*10946SSangeeta.Misra@Sun.COM 195*10946SSangeeta.Misra@Sun.COM /* 196*10946SSangeeta.Misra@Sun.COM * Struct to store sticky info of a client. 197*10946SSangeeta.Misra@Sun.COM * 198*10946SSangeeta.Misra@Sun.COM * rule_instance: the rule instance for this entry, for look up purpose 199*10946SSangeeta.Misra@Sun.COM * rule_name: the rule name for this entry 200*10946SSangeeta.Misra@Sun.COM * server: the back end server for this client 201*10946SSangeeta.Misra@Sun.COM * src: the client source address 202*10946SSangeeta.Misra@Sun.COM * expire: the expiry time of this entry 203*10946SSangeeta.Misra@Sun.COM * atime: the last access time of this entry 204*10946SSangeeta.Misra@Sun.COM * nat_src_idx: the index to the NAT source array for this client 205*10946SSangeeta.Misra@Sun.COM * refcnt: reference count 206*10946SSangeeta.Misra@Sun.COM * list: linked list node 207*10946SSangeeta.Misra@Sun.COM * hash: back pointer to the sticky hash buckey of this entry 208*10946SSangeeta.Misra@Sun.COM */ 209*10946SSangeeta.Misra@Sun.COM typedef struct ilb_sticky_s { 210*10946SSangeeta.Misra@Sun.COM uint_t rule_instance; 211*10946SSangeeta.Misra@Sun.COM char rule_name[ILB_RULE_NAMESZ]; 212*10946SSangeeta.Misra@Sun.COM ilb_server_t *server; 213*10946SSangeeta.Misra@Sun.COM in6_addr_t src; 214*10946SSangeeta.Misra@Sun.COM int64_t expiry; 215*10946SSangeeta.Misra@Sun.COM int64_t atime; 216*10946SSangeeta.Misra@Sun.COM int nat_src_idx; 217*10946SSangeeta.Misra@Sun.COM 218*10946SSangeeta.Misra@Sun.COM uint32_t refcnt; 219*10946SSangeeta.Misra@Sun.COM list_node_t list; 220*10946SSangeeta.Misra@Sun.COM ilb_sticky_hash_t *hash; 221*10946SSangeeta.Misra@Sun.COM } ilb_sticky_t; 222*10946SSangeeta.Misra@Sun.COM 223*10946SSangeeta.Misra@Sun.COM extern void ilb_conn_hash_init(ilb_stack_t *); 224*10946SSangeeta.Misra@Sun.COM extern void ilb_conn_hash_fini(ilb_stack_t *); 225*10946SSangeeta.Misra@Sun.COM extern void ilb_conn_cache_fini(void); 226*10946SSangeeta.Misra@Sun.COM extern void ilb_sticky_hash_init(ilb_stack_t *); 227*10946SSangeeta.Misra@Sun.COM extern void ilb_sticky_hash_fini(ilb_stack_t *); 228*10946SSangeeta.Misra@Sun.COM extern void ilb_sticky_cache_fini(void); 229*10946SSangeeta.Misra@Sun.COM 230*10946SSangeeta.Misra@Sun.COM extern boolean_t ilb_check_conn(ilb_stack_t *, int, void *, int, void *, 231*10946SSangeeta.Misra@Sun.COM in6_addr_t *, in6_addr_t *, in_port_t, in_port_t, uint32_t, in6_addr_t *); 232*10946SSangeeta.Misra@Sun.COM extern boolean_t ilb_check_icmp_conn(ilb_stack_t *, mblk_t *, int, void *, 233*10946SSangeeta.Misra@Sun.COM void *, in6_addr_t *); 234*10946SSangeeta.Misra@Sun.COM extern int ilb_conn_add(ilb_stack_t *, ilb_rule_t *, ilb_server_t *, 235*10946SSangeeta.Misra@Sun.COM in6_addr_t *, in_port_t, in6_addr_t *, in_port_t, ilb_nat_info_t *, 236*10946SSangeeta.Misra@Sun.COM uint32_t *, uint32_t *, struct ilb_sticky_s *); 237*10946SSangeeta.Misra@Sun.COM 238*10946SSangeeta.Misra@Sun.COM extern ilb_server_t *ilb_sticky_find_add(ilb_stack_t *, ilb_rule_t *, 239*10946SSangeeta.Misra@Sun.COM in6_addr_t *, ilb_server_t *, struct ilb_sticky_s **, uint16_t *); 240*10946SSangeeta.Misra@Sun.COM void ilb_sticky_refrele(struct ilb_sticky_s *); 241*10946SSangeeta.Misra@Sun.COM 242*10946SSangeeta.Misra@Sun.COM #ifdef __cplusplus 243*10946SSangeeta.Misra@Sun.COM } 244*10946SSangeeta.Misra@Sun.COM #endif 245*10946SSangeeta.Misra@Sun.COM 246*10946SSangeeta.Misra@Sun.COM #endif /* _INET_ILB_CONN_H */ 247