xref: /freebsd/sys/netpfil/ipfw/ip_fw_table.h (revision b0c13e7e2446fde7c559d2b15cc3c2f8d8b959f8) 
1 /*-
2  * Copyright (c) 2002-2009 Luigi Rizzo, Universita` di Pisa
3  *
4  * Redistribution and use in source and binary forms, with or without
5  * modification, are permitted provided that the following conditions
6  * are met:
7  * 1. Redistributions of source code must retain the above copyright
8  *    notice, this list of conditions and the following disclaimer.
9  * 2. Redistributions in binary form must reproduce the above copyright
10  *    notice, this list of conditions and the following disclaimer in the
11  *    documentation and/or other materials provided with the distribution.
12  *
13  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
14  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
15  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
16  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
17  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
18  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
19  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
20  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
21  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
22  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
23  * SUCH DAMAGE.
24  */
25 
26 #ifndef _IPFW2_TABLE_H
27 #define _IPFW2_TABLE_H
28 
29 /*
30  * Internal constants and data structures used by ipfw tables
31  * not meant to be exported outside the kernel.
32  */
33 #ifdef _KERNEL
34 
35 /*
36  * Table has the following `type` concepts:
37  *
38  * `no.type` represents lookup key type (addr, ifp, uid, etc..)
39  * vmask represents bitmask of table values which are present at the moment.
40  * Special IPFW_VTYPE_LEGACY ( (uint32_t)-1 ) represents old
41  * single-value-for-all approach.
42  */
43 struct table_config {
44 	struct named_object	no;
45 	uint8_t		tflags;		/* type flags */
46 	uint8_t		locked;		/* 1 if locked from changes */
47 	uint8_t		linked;		/* 1 if already linked */
48 	uint8_t		ochanged;	/* used by set swapping */
49 	uint8_t		vshared;	/* 1 if using shared value array */
50 	uint8_t		spare[3];
51 	uint32_t	count;		/* Number of records */
52 	uint32_t	limit;		/* Max number of records */
53 	uint32_t	vmask;		/* bitmask with supported values */
54 	uint32_t	ocount;		/* used by set swapping */
55 	uint64_t	gencnt;		/* generation count */
56 	char		tablename[64];	/* table name */
57 	struct table_algo	*ta;	/* Callbacks for given algo */
58 	void		*astate;	/* algorithm state */
59 	struct table_info {
60 		table_lookup_t	*lookup;/* Lookup function */
61 		void		*state;	/* Lookup radix/other structure */
62 		void		*xstate;/* eXtended state */
63 		u_long		data;	/* Hints for given func */
64 	} ti_copy;	/* data to put to table_info */
65 	struct namedobj_instance	*vi;
66 };
67 
68 struct tables_config {
69 	struct namedobj_instance	*namehash;
70 	struct namedobj_instance	*valhash;
71 	uint32_t			val_size;
72 	uint32_t			algo_count;
73 	struct table_algo 		*algo[256];
74 	struct table_algo		*def_algo[IPFW_TABLE_MAXTYPE + 1];
75 };
76 #define	CHAIN_TO_TCFG(chain)	((struct tables_config *)(chain)->tblcfg)
77 
78 struct tentry_info {
79 	void		*paddr;
80 	struct table_value	*pvalue;
81 	void		*ptv;		/* Temporary field to hold obj	*/
82 	uint8_t		masklen;	/* mask length			*/
83 	uint8_t		subtype;
84 	uint16_t	flags;		/* record flags			*/
85 	uint32_t	value;		/* value index			*/
86 };
87 #define	TEI_FLAGS_UPDATE	0x0001	/* Add or update rec if exists	*/
88 #define	TEI_FLAGS_UPDATED	0x0002	/* Entry has been updated	*/
89 #define	TEI_FLAGS_COMPAT	0x0004	/* Called from old ABI		*/
90 #define	TEI_FLAGS_DONTADD	0x0008	/* Do not create new rec	*/
91 #define	TEI_FLAGS_ADDED		0x0010	/* Entry was added		*/
92 #define	TEI_FLAGS_DELETED	0x0020	/* Entry was deleted		*/
93 #define	TEI_FLAGS_LIMIT		0x0040	/* Limit was hit		*/
94 #define	TEI_FLAGS_ERROR		0x0080	/* Unknown request error	*/
95 #define	TEI_FLAGS_NOTFOUND	0x0100	/* Entry was not found		*/
96 #define	TEI_FLAGS_EXISTS	0x0200	/* Entry already exists		*/
97 
98 typedef int (ta_init)(struct ip_fw_chain *ch, void **ta_state,
99     struct table_info *ti, char *data, uint8_t tflags);
100 typedef void (ta_destroy)(void *ta_state, struct table_info *ti);
101 typedef int (ta_prepare_add)(struct ip_fw_chain *ch, struct tentry_info *tei,
102     void *ta_buf);
103 typedef int (ta_prepare_del)(struct ip_fw_chain *ch, struct tentry_info *tei,
104     void *ta_buf);
105 typedef int (ta_add)(void *ta_state, struct table_info *ti,
106     struct tentry_info *tei, void *ta_buf, uint32_t *pnum);
107 typedef int (ta_del)(void *ta_state, struct table_info *ti,
108     struct tentry_info *tei, void *ta_buf, uint32_t *pnum);
109 typedef void (ta_flush_entry)(struct ip_fw_chain *ch, struct tentry_info *tei,
110     void *ta_buf);
111 
112 typedef int (ta_need_modify)(void *ta_state, struct table_info *ti,
113     uint32_t count, uint64_t *pflags);
114 typedef int (ta_prepare_mod)(void *ta_buf, uint64_t *pflags);
115 typedef int (ta_fill_mod)(void *ta_state, struct table_info *ti,
116     void *ta_buf, uint64_t *pflags);
117 typedef void (ta_modify)(void *ta_state, struct table_info *ti,
118     void *ta_buf, uint64_t pflags);
119 typedef void (ta_flush_mod)(void *ta_buf);
120 
121 typedef void (ta_change_ti)(void *ta_state, struct table_info *ti);
122 typedef void (ta_print_config)(void *ta_state, struct table_info *ti, char *buf,
123     size_t bufsize);
124 
125 typedef int ta_foreach_f(void *node, void *arg);
126 typedef void ta_foreach(void *ta_state, struct table_info *ti, ta_foreach_f *f,
127   void *arg);
128 typedef int ta_dump_tentry(void *ta_state, struct table_info *ti, void *e,
129     ipfw_obj_tentry *tent);
130 typedef int ta_find_tentry(void *ta_state, struct table_info *ti,
131     ipfw_obj_tentry *tent);
132 typedef void ta_dump_tinfo(void *ta_state, struct table_info *ti,
133     ipfw_ta_tinfo *tinfo);
134 typedef uint32_t ta_get_count(void *ta_state, struct table_info *ti);
135 
136 struct table_algo {
137 	char		name[16];
138 	uint32_t	idx;
139 	uint32_t	type;
140 	uint32_t	refcnt;
141 	uint32_t	flags;
142 	uint32_t	vlimit;
143 	size_t		ta_buf_size;
144 	ta_init		*init;
145 	ta_destroy	*destroy;
146 	ta_prepare_add	*prepare_add;
147 	ta_prepare_del	*prepare_del;
148 	ta_add		*add;
149 	ta_del		*del;
150 	ta_flush_entry	*flush_entry;
151 	ta_find_tentry	*find_tentry;
152 	ta_need_modify	*need_modify;
153 	ta_prepare_mod	*prepare_mod;
154 	ta_fill_mod	*fill_mod;
155 	ta_modify	*modify;
156 	ta_flush_mod	*flush_mod;
157 	ta_change_ti	*change_ti;
158 	ta_foreach	*foreach;
159 	ta_dump_tentry	*dump_tentry;
160 	ta_print_config	*print_config;
161 	ta_dump_tinfo	*dump_tinfo;
162 	ta_get_count	*get_count;
163 };
164 #define	TA_FLAG_DEFAULT		0x01	/* Algo is default for given type */
165 #define	TA_FLAG_READONLY	0x02	/* Algo does not support modifications*/
166 #define	TA_FLAG_EXTCOUNTER	0x04	/* Algo has external counter available*/
167 
168 int ipfw_add_table_algo(struct ip_fw_chain *ch, struct table_algo *ta,
169     size_t size, int *idx);
170 void ipfw_del_table_algo(struct ip_fw_chain *ch, int idx);
171 
172 void ipfw_table_algo_init(struct ip_fw_chain *chain);
173 void ipfw_table_algo_destroy(struct ip_fw_chain *chain);
174 
175 MALLOC_DECLARE(M_IPFW_TBL);
176 /* Exported to support legacy opcodes */
177 int add_table_entry(struct ip_fw_chain *ch, struct tid_info *ti,
178     struct tentry_info *tei, uint8_t flags, uint32_t count);
179 int del_table_entry(struct ip_fw_chain *ch, struct tid_info *ti,
180     struct tentry_info *tei, uint8_t flags, uint32_t count);
181 int flush_table(struct ip_fw_chain *ch, struct tid_info *ti);
182 
183 /* ipfw_table_value.c functions */
184 struct table_config;
185 void ipfw_table_value_init(struct ip_fw_chain *ch, int first);
186 void ipfw_table_value_destroy(struct ip_fw_chain *ch, int last);
187 int ipfw_link_table_values(struct ip_fw_chain *ch, struct table_config *tc,
188     struct tentry_info *tei, uint32_t count, uint8_t flags);
189 void ipfw_garbage_table_values(struct ip_fw_chain *ch, struct table_config *tc,
190     struct tentry_info *tei, uint32_t count, int rollback);
191 void ipfw_import_table_value_v1(ipfw_table_value *iv);
192 void ipfw_export_table_value_v1(struct table_value *v, ipfw_table_value *iv);
193 void ipfw_unref_table_values(struct ip_fw_chain *ch, struct table_config *tc,
194     struct table_algo *ta, void *astate, struct table_info *ti);
195 
196 int ipfw_rewrite_table_uidx(struct ip_fw_chain *chain,
197     struct rule_check_info *ci);
198 int ipfw_mark_table_kidx(struct ip_fw_chain *chain, struct ip_fw *rule,
199     uint32_t *bmask);
200 int ipfw_export_table_ntlv(struct ip_fw_chain *ch, uint32_t kidx,
201     struct sockopt_data *sd);
202 void ipfw_unref_rule_tables(struct ip_fw_chain *chain, struct ip_fw *rule);
203 struct namedobj_instance *ipfw_get_table_objhash(struct ip_fw_chain *ch);
204 
205 /* utility functions  */
206 int ipfw_move_tables_sets(struct ip_fw_chain *ch, ipfw_range_tlv *rt,
207     uint32_t new_set);
208 void ipfw_swap_tables_sets(struct ip_fw_chain *ch, uint32_t old_set,
209     uint32_t new_set, int mv);
210 int ipfw_foreach_table_tentry(struct ip_fw_chain *ch, uint32_t kidx,
211     ta_foreach_f f, void *arg);
212 
213 #endif /* _KERNEL */
214 #endif /* _IPFW2_TABLE_H */
215