Lines Matching +full:cfg +full:-
1 /*-
2 * SPDX-License-Identifier: BSD-2-Clause
4 * Copyright (c) 2015-2019 Yandex LLC
6 * Copyright (c) 2015-2019 Andrey V. Elsukov <ae@FreeBSD.org>
76 if (uc->jmaxlen == 0) in nat64lsn_default_config()
77 uc->jmaxlen = NAT64LSN_JMAXLEN; in nat64lsn_default_config()
78 if (uc->jmaxlen > 65536) in nat64lsn_default_config()
79 uc->jmaxlen = 65536; in nat64lsn_default_config()
80 if (uc->nh_delete_delay == 0) in nat64lsn_default_config()
81 uc->nh_delete_delay = NAT64LSN_HOST_AGE; in nat64lsn_default_config()
82 if (uc->pg_delete_delay == 0) in nat64lsn_default_config()
83 uc->pg_delete_delay = NAT64LSN_PG_AGE; in nat64lsn_default_config()
84 if (uc->st_syn_ttl == 0) in nat64lsn_default_config()
85 uc->st_syn_ttl = NAT64LSN_TCP_SYN_AGE; in nat64lsn_default_config()
86 if (uc->st_close_ttl == 0) in nat64lsn_default_config()
87 uc->st_close_ttl = NAT64LSN_TCP_FIN_AGE; in nat64lsn_default_config()
88 if (uc->st_estab_ttl == 0) in nat64lsn_default_config()
89 uc->st_estab_ttl = NAT64LSN_TCP_EST_AGE; in nat64lsn_default_config()
90 if (uc->st_udp_ttl == 0) in nat64lsn_default_config()
91 uc->st_udp_ttl = NAT64LSN_UDP_AGE; in nat64lsn_default_config()
92 if (uc->st_icmp_ttl == 0) in nat64lsn_default_config()
93 uc->st_icmp_ttl = NAT64LSN_ICMP_AGE; in nat64lsn_default_config()
95 if (uc->states_chunks == 0) in nat64lsn_default_config()
96 uc->states_chunks = 1; in nat64lsn_default_config()
97 else if (uc->states_chunks >= 128) in nat64lsn_default_config()
98 uc->states_chunks = 128; in nat64lsn_default_config()
99 else if (!powerof2(uc->states_chunks)) in nat64lsn_default_config()
100 uc->states_chunks = 1 << fls(uc->states_chunks); in nat64lsn_default_config()
117 struct nat64lsn_cfg *cfg; in nat64lsn_create() local
121 if (sd->valsize != sizeof(*olh) + sizeof(*uc)) in nat64lsn_create()
124 olh = (ipfw_obj_lheader *)sd->kbuf; in nat64lsn_create()
127 if (ipfw_check_object_name_generic(uc->name) != 0) in nat64lsn_create()
130 if (uc->set >= IPFW_MAX_SETS) in nat64lsn_create()
133 if (uc->plen4 > 32) in nat64lsn_create()
141 if (nat64_check_prefix6(&uc->prefix6, uc->plen6) != 0 && in nat64lsn_create()
142 IN6_IS_ADDR_UNSPECIFIED(&uc->prefix6) && in nat64lsn_create()
143 nat64_check_prefixlen(uc->plen6) != 0) in nat64lsn_create()
147 addr4 = ntohl(uc->prefix4.s_addr); in nat64lsn_create()
148 mask4 = ~((1 << (32 - uc->plen4)) - 1); in nat64lsn_create()
156 if (nat64lsn_find(ni, uc->name, uc->set) != NULL) { in nat64lsn_create()
164 strlcpy(i->name, uc->name, sizeof(i->name)); in nat64lsn_create()
165 i->no.name = i->name; in nat64lsn_create()
166 i->no.etlv = IPFW_TLV_NAT64LSN_NAME; in nat64lsn_create()
167 i->no.set = uc->set; in nat64lsn_create()
169 cfg = nat64lsn_init_config(ch, addr4, uc->plen4); in nat64lsn_create()
170 cfg->base.plat_prefix = uc->prefix6; in nat64lsn_create()
171 cfg->base.plat_plen = uc->plen6; in nat64lsn_create()
172 cfg->base.flags = (uc->flags & NAT64LSN_FLAGSMASK) | NAT64_PLATPFX; in nat64lsn_create()
173 if (IN6_IS_ADDR_WKPFX(&cfg->base.plat_prefix)) in nat64lsn_create()
174 cfg->base.flags |= NAT64_WKPFX; in nat64lsn_create()
175 else if (IN6_IS_ADDR_UNSPECIFIED(&cfg->base.plat_prefix)) in nat64lsn_create()
176 cfg->base.flags |= NAT64LSN_ANYPREFIX; in nat64lsn_create()
178 cfg->states_chunks = uc->states_chunks; in nat64lsn_create()
179 cfg->jmaxlen = uc->jmaxlen; in nat64lsn_create()
180 cfg->host_delete_delay = uc->nh_delete_delay; in nat64lsn_create()
181 cfg->pg_delete_delay = uc->pg_delete_delay; in nat64lsn_create()
182 cfg->st_syn_ttl = uc->st_syn_ttl; in nat64lsn_create()
183 cfg->st_close_ttl = uc->st_close_ttl; in nat64lsn_create()
184 cfg->st_estab_ttl = uc->st_estab_ttl; in nat64lsn_create()
185 cfg->st_udp_ttl = uc->st_udp_ttl; in nat64lsn_create()
186 cfg->st_icmp_ttl = uc->st_icmp_ttl; in nat64lsn_create()
187 cfg->nomatch_verdict = IP_FW_DENY; in nat64lsn_create()
191 if (nat64lsn_find(ni, uc->name, uc->set) != NULL) { in nat64lsn_create()
193 nat64lsn_destroy_config(cfg); in nat64lsn_create()
198 if (ipfw_objhash_alloc_idx(ni, &i->no.kidx) != 0) { in nat64lsn_create()
200 nat64lsn_destroy_config(cfg); in nat64lsn_create()
204 ipfw_objhash_add(ni, &i->no); in nat64lsn_create()
207 i->cfg = cfg; in nat64lsn_create()
208 SRV_OBJECT(ch, i->no.kidx) = i; in nat64lsn_create()
209 nat64lsn_start_instance(cfg); in nat64lsn_create()
221 SRV_OBJECT(ch, i->no.kidx) = NULL; in nat64lsn_detach_instance()
222 ipfw_objhash_del(CHAIN_TO_SRV(ch), &i->no); in nat64lsn_detach_instance()
223 ipfw_objhash_free_idx(CHAIN_TO_SRV(ch), i->no.kidx); in nat64lsn_detach_instance()
240 if (sd->valsize != sizeof(*oh)) in nat64lsn_destroy()
246 i = nat64lsn_find(CHAIN_TO_SRV(ch), oh->ntlv.name, oh->ntlv.set); in nat64lsn_destroy()
252 if (i->no.refcnt > 0) { in nat64lsn_destroy()
257 ipfw_reset_eaction_instance(ch, V_nat64lsn_eid, i->no.kidx); in nat64lsn_destroy()
261 nat64lsn_destroy_config(i->cfg); in nat64lsn_destroy()
267 (_stats)->_field = NAT64STAT_FETCH(&(_cfg)->base.stats, _field)
269 export_stats(struct ip_fw_chain *ch, struct nat64lsn_cfg *cfg, in export_stats() argument
275 __COPY_STAT_FIELD(cfg, stats, opcnt64); in export_stats()
276 __COPY_STAT_FIELD(cfg, stats, opcnt46); in export_stats()
277 __COPY_STAT_FIELD(cfg, stats, ofrags); in export_stats()
278 __COPY_STAT_FIELD(cfg, stats, ifrags); in export_stats()
279 __COPY_STAT_FIELD(cfg, stats, oerrors); in export_stats()
280 __COPY_STAT_FIELD(cfg, stats, noroute4); in export_stats()
281 __COPY_STAT_FIELD(cfg, stats, noroute6); in export_stats()
282 __COPY_STAT_FIELD(cfg, stats, nomatch4); in export_stats()
283 __COPY_STAT_FIELD(cfg, stats, noproto); in export_stats()
284 __COPY_STAT_FIELD(cfg, stats, nomem); in export_stats()
285 __COPY_STAT_FIELD(cfg, stats, dropped); in export_stats()
287 __COPY_STAT_FIELD(cfg, stats, jcalls); in export_stats()
288 __COPY_STAT_FIELD(cfg, stats, jrequests); in export_stats()
289 __COPY_STAT_FIELD(cfg, stats, jhostsreq); in export_stats()
290 __COPY_STAT_FIELD(cfg, stats, jportreq); in export_stats()
291 __COPY_STAT_FIELD(cfg, stats, jhostfails); in export_stats()
292 __COPY_STAT_FIELD(cfg, stats, jportfails); in export_stats()
293 __COPY_STAT_FIELD(cfg, stats, jmaxlen); in export_stats()
294 __COPY_STAT_FIELD(cfg, stats, jnomem); in export_stats()
295 __COPY_STAT_FIELD(cfg, stats, jreinjected); in export_stats()
296 __COPY_STAT_FIELD(cfg, stats, screated); in export_stats()
297 __COPY_STAT_FIELD(cfg, stats, sdeleted); in export_stats()
298 __COPY_STAT_FIELD(cfg, stats, spgcreated); in export_stats()
299 __COPY_STAT_FIELD(cfg, stats, spgdeleted); in export_stats()
301 stats->hostcount = cfg->hosts_count; in export_stats()
302 for (i = 0; i < (1 << (32 - cfg->plen4)); i++) { in export_stats()
303 alias = &cfg->aliases[i]; in export_stats()
304 stats->tcpchunks += alias->tcp_pgcount; in export_stats()
305 stats->udpchunks += alias->udp_pgcount; in export_stats()
306 stats->icmpchunks += alias->icmp_pgcount; in export_stats()
315 struct nat64lsn_cfg *cfg; in nat64lsn_export_config() local
317 strlcpy(uc->name, i->no.name, sizeof(uc->name)); in nat64lsn_export_config()
318 uc->set = i->no.set; in nat64lsn_export_config()
319 cfg = i->cfg; in nat64lsn_export_config()
321 uc->flags = cfg->base.flags & NAT64LSN_FLAGSMASK; in nat64lsn_export_config()
322 uc->states_chunks = cfg->states_chunks; in nat64lsn_export_config()
323 uc->jmaxlen = cfg->jmaxlen; in nat64lsn_export_config()
324 uc->nh_delete_delay = cfg->host_delete_delay; in nat64lsn_export_config()
325 uc->pg_delete_delay = cfg->pg_delete_delay; in nat64lsn_export_config()
326 uc->st_syn_ttl = cfg->st_syn_ttl; in nat64lsn_export_config()
327 uc->st_close_ttl = cfg->st_close_ttl; in nat64lsn_export_config()
328 uc->st_estab_ttl = cfg->st_estab_ttl; in nat64lsn_export_config()
329 uc->st_udp_ttl = cfg->st_udp_ttl; in nat64lsn_export_config()
330 uc->st_icmp_ttl = cfg->st_icmp_ttl; in nat64lsn_export_config()
331 uc->prefix4.s_addr = htonl(cfg->prefix4); in nat64lsn_export_config()
332 uc->prefix6 = cfg->base.plat_prefix; in nat64lsn_export_config()
333 uc->plen4 = cfg->plen4; in nat64lsn_export_config()
334 uc->plen6 = cfg->base.plat_plen; in nat64lsn_export_config()
350 uc = (struct _ipfw_nat64lsn_cfg *)ipfw_get_sopt_space(da->sd, in export_config_cb()
352 nat64lsn_export_config(da->ch, in export_config_cb()
373 if (sd->valsize < sizeof(ipfw_obj_lheader)) in nat64lsn_list()
379 olh->count = ipfw_objhash_count_type(CHAIN_TO_SRV(ch), in nat64lsn_list()
381 olh->objsize = sizeof(ipfw_nat64lsn_cfg); in nat64lsn_list()
382 olh->size = sizeof(*olh) + olh->count * olh->objsize; in nat64lsn_list()
384 if (sd->valsize < olh->size) { in nat64lsn_list()
413 struct nat64lsn_cfg *cfg; in nat64lsn_config() local
416 if (sd->valsize != sizeof(*oh) + sizeof(*uc)) in nat64lsn_config()
423 if (ipfw_check_object_name_generic(oh->ntlv.name) != 0 || in nat64lsn_config()
424 oh->ntlv.set >= IPFW_MAX_SETS) in nat64lsn_config()
428 if (sd->sopt->sopt_dir == SOPT_GET) { in nat64lsn_config()
430 i = nat64lsn_find(ni, oh->ntlv.name, oh->ntlv.set); in nat64lsn_config()
443 i = nat64lsn_find(ni, oh->ntlv.name, oh->ntlv.set); in nat64lsn_config()
454 cfg = i->cfg; in nat64lsn_config()
455 cfg->states_chunks = uc->states_chunks; in nat64lsn_config()
456 cfg->jmaxlen = uc->jmaxlen; in nat64lsn_config()
457 cfg->host_delete_delay = uc->nh_delete_delay; in nat64lsn_config()
458 cfg->pg_delete_delay = uc->pg_delete_delay; in nat64lsn_config()
459 cfg->st_syn_ttl = uc->st_syn_ttl; in nat64lsn_config()
460 cfg->st_close_ttl = uc->st_close_ttl; in nat64lsn_config()
461 cfg->st_estab_ttl = uc->st_estab_ttl; in nat64lsn_config()
462 cfg->st_udp_ttl = uc->st_udp_ttl; in nat64lsn_config()
463 cfg->st_icmp_ttl = uc->st_icmp_ttl; in nat64lsn_config()
464 cfg->base.flags &= ~NAT64LSN_FLAGSMASK; in nat64lsn_config()
465 cfg->base.flags |= uc->flags & NAT64LSN_FLAGSMASK; in nat64lsn_config()
491 if (sd->valsize % sizeof(uint64_t)) in nat64lsn_stats()
493 if (sd->valsize < sz) in nat64lsn_stats()
501 i = nat64lsn_find(CHAIN_TO_SRV(ch), oh->ntlv.name, oh->ntlv.set); in nat64lsn_stats()
507 export_stats(ch, i->cfg, &stats); in nat64lsn_stats()
512 ctlv->head.type = IPFW_TLV_COUNTERS; in nat64lsn_stats()
513 ctlv->head.length = sz - sizeof(ipfw_obj_header); in nat64lsn_stats()
514 ctlv->count = sizeof(stats) / sizeof(uint64_t); in nat64lsn_stats()
515 ctlv->objsize = sizeof(uint64_t); in nat64lsn_stats()
516 ctlv->version = IPFW_NAT64_VERSION; in nat64lsn_stats()
535 if (sd->valsize != sizeof(*oh)) in nat64lsn_reset_stats()
537 oh = (ipfw_obj_header *)sd->kbuf; in nat64lsn_reset_stats()
538 if (ipfw_check_object_name_generic(oh->ntlv.name) != 0 || in nat64lsn_reset_stats()
539 oh->ntlv.set >= IPFW_MAX_SETS) in nat64lsn_reset_stats()
543 i = nat64lsn_find(CHAIN_TO_SRV(ch), oh->ntlv.name, oh->ntlv.set); in nat64lsn_reset_stats()
548 COUNTER_ARRAY_ZERO(i->cfg->base.stats.cnt, NAT64STATS); in nat64lsn_reset_stats()
564 nat64lsn_export_states(struct nat64lsn_cfg *cfg, union nat64lsn_pgidx *idx, in nat64lsn_export_states() argument
573 if (idx->chunk > pg->chunks_count - 1) in nat64lsn_export_states()
576 FREEMASK_COPY(pg, idx->chunk, freemask); in nat64lsn_export_states()
577 count = 64 - bitcount64(freemask); in nat64lsn_export_states()
582 (uintmax_t)idx->index, count); in nat64lsn_export_states()
592 state = pg->chunks_count == 1 ? &pg->states->state[i] : in nat64lsn_export_states()
593 &pg->states_chunk[idx->chunk]->state[i]; in nat64lsn_export_states()
595 s->host6 = state->host->addr; in nat64lsn_export_states()
596 s->daddr.s_addr = htonl(state->ip_dst); in nat64lsn_export_states()
597 s->dport = state->dport; in nat64lsn_export_states()
598 s->sport = state->sport; in nat64lsn_export_states()
599 s->aport = state->aport; in nat64lsn_export_states()
600 s->flags = (uint8_t)(state->flags & 7); in nat64lsn_export_states()
601 s->proto = state->proto; in nat64lsn_export_states()
602 s->idle = GET_AGE(state->timestamp); in nat64lsn_export_states()
611 nat64lsn_next_pgidx(struct nat64lsn_cfg *cfg, struct nat64lsn_pg *pg, in nat64lsn_next_pgidx() argument
617 if (idx->chunk < pg->chunks_count - 1) { in nat64lsn_next_pgidx()
618 idx->chunk++; in nat64lsn_next_pgidx()
622 idx->chunk = 0; in nat64lsn_next_pgidx()
624 if (idx->port < UINT16_MAX - 64) { in nat64lsn_next_pgidx()
625 idx->port += 64; in nat64lsn_next_pgidx()
628 idx->port = NAT64_MIN_PORT; in nat64lsn_next_pgidx()
630 switch (idx->proto) { in nat64lsn_next_pgidx()
632 idx->proto = IPPROTO_TCP; in nat64lsn_next_pgidx()
635 idx->proto = IPPROTO_UDP; in nat64lsn_next_pgidx()
638 idx->proto = IPPROTO_ICMP; in nat64lsn_next_pgidx()
641 if (idx->addr < cfg->pmask4) { in nat64lsn_next_pgidx()
642 idx->addr++; in nat64lsn_next_pgidx()
645 idx->index = LAST_IDX; in nat64lsn_next_pgidx()
646 return (-1); /* No more states */ in nat64lsn_next_pgidx()
650 nat64lsn_get_pg_byidx(struct nat64lsn_cfg *cfg, union nat64lsn_pgidx *idx) in nat64lsn_get_pg_byidx() argument
655 alias = &cfg->aliases[idx->addr & ((1 << (32 - cfg->plen4)) - 1)]; in nat64lsn_get_pg_byidx()
656 MPASS(alias->addr == idx->addr); in nat64lsn_get_pg_byidx()
658 pg_idx = (idx->port - NAT64_MIN_PORT) / 64; in nat64lsn_get_pg_byidx()
659 switch (idx->proto) { in nat64lsn_get_pg_byidx()
661 if (ISSET32(alias->icmp_pgmask[pg_idx / 32], pg_idx % 32)) in nat64lsn_get_pg_byidx()
662 return (alias->icmp[pg_idx / 32]->pgptr[pg_idx % 32]); in nat64lsn_get_pg_byidx()
665 if (ISSET32(alias->tcp_pgmask[pg_idx / 32], pg_idx % 32)) in nat64lsn_get_pg_byidx()
666 return (alias->tcp[pg_idx / 32]->pgptr[pg_idx % 32]); in nat64lsn_get_pg_byidx()
669 if (ISSET32(alias->udp_pgmask[pg_idx / 32], pg_idx % 32)) in nat64lsn_get_pg_byidx()
670 return (alias->udp[pg_idx / 32]->pgptr[pg_idx % 32]); in nat64lsn_get_pg_byidx()
693 struct nat64lsn_cfg *cfg; in nat64lsn_states() local
703 if (sd->valsize < sz) in nat64lsn_states()
706 oh = (ipfw_obj_header *)sd->kbuf; in nat64lsn_states()
708 if (od->head.type != IPFW_TLV_OBJDATA || in nat64lsn_states()
709 od->head.length != sz - sizeof(ipfw_obj_header)) in nat64lsn_states()
720 i = nat64lsn_find(CHAIN_TO_SRV(ch), oh->ntlv.name, oh->ntlv.set); in nat64lsn_states()
725 cfg = i->cfg; in nat64lsn_states()
727 idx.addr = cfg->prefix4; in nat64lsn_states()
731 if (idx.addr < cfg->prefix4 || idx.addr > cfg->pmask4 || in nat64lsn_states()
738 if (sd->valsize < sz) { in nat64lsn_states()
744 od->head.type = IPFW_TLV_OBJDATA; in nat64lsn_states()
745 od->head.length = sz - sizeof(ipfw_obj_header); in nat64lsn_states()
747 stg->count = total = 0; in nat64lsn_states()
748 stg->next.index = idx.index; in nat64lsn_states()
753 CALLOUT_LOCK(cfg); in nat64lsn_states()
756 pg = nat64lsn_get_pg_byidx(cfg, &idx); in nat64lsn_states()
759 ret = nat64lsn_export_states(cfg, &idx, pg, in nat64lsn_states()
764 stg->count += count; in nat64lsn_states()
767 od->head.length += in nat64lsn_states()
771 stg->alias4.s_addr = htonl(idx.addr); in nat64lsn_states()
774 switch (nat64lsn_next_pgidx(cfg, pg, &idx)) { in nat64lsn_states()
775 case -1: in nat64lsn_states()
782 if (stg->count == 0) in nat64lsn_states()
786 if (sd->valsize < sz) { in nat64lsn_states()
791 stg->next.index = idx.index; in nat64lsn_states()
794 od->head.length += sizeof(ipfw_nat64lsn_stg_v1); in nat64lsn_states()
795 stg->count = 0; in nat64lsn_states()
798 stg->next.index = idx.index; in nat64lsn_states()
800 CALLOUT_UNLOCK(cfg); in nat64lsn_states()
815 #define NAT64LSN_ARE_EQUAL(v) (cfg0->v == cfg1->v)
820 if ((cfg0->base.flags & cfg1->base.flags & NAT64LSN_ALLOW_SWAPCONF) && in nat64lsn_cmp_configs()
825 IN6_ARE_ADDR_EQUAL(&cfg0->base.plat_prefix, in nat64lsn_cmp_configs()
826 &cfg1->base.plat_prefix)) in nat64lsn_cmp_configs()
836 struct nat64lsn_cfg *cfg; in nat64lsn_swap_configs() local
838 cfg = i0->cfg; in nat64lsn_swap_configs()
839 i0->cfg = i1->cfg; in nat64lsn_swap_configs()
840 i1->cfg = cfg; in nat64lsn_swap_configs()
864 if (no->set == sets[0]) { in nat64lsn_swap_sets_cb()
870 if ((i0->cfg->base.flags & NAT64LSN_ALLOW_SWAPCONF) && in nat64lsn_swap_sets_cb()
871 (i1 = nat64lsn_find(ni, no->name, sets[1])) != NULL) { in nat64lsn_swap_sets_cb()
873 if (nat64lsn_cmp_configs(i0->cfg, i1->cfg) == 0) { in nat64lsn_swap_sets_cb()
909 i = (struct nat64lsn_instance *)SRV_OBJECT(ch, no->kidx); in destroy_config_cb()
911 nat64lsn_destroy_config(i->cfg); in destroy_config_cb()