1 /*- 2 * Copyright (c) 2002-2009 Luigi Rizzo, Universita` di Pisa 3 * 4 * Redistribution and use in source and binary forms, with or without 5 * modification, are permitted provided that the following conditions 6 * are met: 7 * 1. Redistributions of source code must retain the above copyright 8 * notice, this list of conditions and the following disclaimer. 9 * 2. Redistributions in binary form must reproduce the above copyright 10 * notice, this list of conditions and the following disclaimer in the 11 * documentation and/or other materials provided with the distribution. 12 * 13 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 14 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 15 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 16 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 17 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 18 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 19 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 20 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 21 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 22 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 23 * SUCH DAMAGE. 24 * 25 * $FreeBSD$ 26 */ 27 28 #ifndef _IPFW2_TABLE_H 29 #define _IPFW2_TABLE_H 30 31 /* 32 * Internal constants and data structures used by ipfw tables 33 * not meant to be exported outside the kernel. 34 */ 35 #ifdef _KERNEL 36 37 struct table_algo; 38 struct tables_config { 39 struct namedobj_instance *namehash; 40 struct namedobj_instance *valhash; 41 uint32_t val_size; 42 uint32_t algo_count; 43 struct table_algo *algo[256]; 44 struct table_algo *def_algo[IPFW_TABLE_MAXTYPE + 1]; 45 TAILQ_HEAD(op_state_l,op_state) state_list; 46 }; 47 #define CHAIN_TO_TCFG(chain) ((struct tables_config *)(chain)->tblcfg) 48 49 struct table_info { 50 table_lookup_t *lookup; /* Lookup function */ 51 void *state; /* Lookup radix/other structure */ 52 void *xstate; /* eXtended state */ 53 u_long data; /* Hints for given func */ 54 }; 55 56 /* Internal structures for handling sockopt data */ 57 struct tid_info { 58 uint32_t set; /* table set */ 59 uint16_t uidx; /* table index */ 60 uint8_t type; /* table type */ 61 uint8_t atype; 62 void *tlvs; /* Pointer to first TLV */ 63 int tlen; /* Total TLV size block */ 64 }; 65 66 struct table_value; 67 struct tentry_info { 68 void *paddr; 69 struct table_value *pvalue; 70 void *ptv; /* Temporary field to hold obj */ 71 uint8_t masklen; /* mask length */ 72 uint8_t subtype; 73 uint16_t flags; /* record flags */ 74 uint32_t value; /* value index */ 75 }; 76 #define TEI_FLAGS_UPDATE 0x0001 /* Add or update rec if exists */ 77 #define TEI_FLAGS_UPDATED 0x0002 /* Entry has been updated */ 78 #define TEI_FLAGS_COMPAT 0x0004 /* Called from old ABI */ 79 #define TEI_FLAGS_DONTADD 0x0008 /* Do not create new rec */ 80 #define TEI_FLAGS_ADDED 0x0010 /* Entry was added */ 81 #define TEI_FLAGS_DELETED 0x0020 /* Entry was deleted */ 82 #define TEI_FLAGS_LIMIT 0x0040 /* Limit was hit */ 83 #define TEI_FLAGS_ERROR 0x0080 /* Unknown request error */ 84 #define TEI_FLAGS_NOTFOUND 0x0100 /* Entry was not found */ 85 #define TEI_FLAGS_EXISTS 0x0200 /* Entry already exists */ 86 87 typedef int (ta_init)(struct ip_fw_chain *ch, void **ta_state, 88 struct table_info *ti, char *data, uint8_t tflags); 89 typedef void (ta_destroy)(void *ta_state, struct table_info *ti); 90 typedef int (ta_prepare_add)(struct ip_fw_chain *ch, struct tentry_info *tei, 91 void *ta_buf); 92 typedef int (ta_prepare_del)(struct ip_fw_chain *ch, struct tentry_info *tei, 93 void *ta_buf); 94 typedef int (ta_add)(void *ta_state, struct table_info *ti, 95 struct tentry_info *tei, void *ta_buf, uint32_t *pnum); 96 typedef int (ta_del)(void *ta_state, struct table_info *ti, 97 struct tentry_info *tei, void *ta_buf, uint32_t *pnum); 98 typedef void (ta_flush_entry)(struct ip_fw_chain *ch, struct tentry_info *tei, 99 void *ta_buf); 100 101 typedef int (ta_need_modify)(void *ta_state, struct table_info *ti, 102 uint32_t count, uint64_t *pflags); 103 typedef int (ta_prepare_mod)(void *ta_buf, uint64_t *pflags); 104 typedef int (ta_fill_mod)(void *ta_state, struct table_info *ti, 105 void *ta_buf, uint64_t *pflags); 106 typedef void (ta_modify)(void *ta_state, struct table_info *ti, 107 void *ta_buf, uint64_t pflags); 108 typedef void (ta_flush_mod)(void *ta_buf); 109 110 typedef void (ta_change_ti)(void *ta_state, struct table_info *ti); 111 typedef void (ta_print_config)(void *ta_state, struct table_info *ti, char *buf, 112 size_t bufsize); 113 114 typedef int ta_foreach_f(void *node, void *arg); 115 typedef void ta_foreach(void *ta_state, struct table_info *ti, ta_foreach_f *f, 116 void *arg); 117 typedef int ta_dump_tentry(void *ta_state, struct table_info *ti, void *e, 118 ipfw_obj_tentry *tent); 119 typedef int ta_find_tentry(void *ta_state, struct table_info *ti, 120 ipfw_obj_tentry *tent); 121 typedef void ta_dump_tinfo(void *ta_state, struct table_info *ti, 122 ipfw_ta_tinfo *tinfo); 123 typedef uint32_t ta_get_count(void *ta_state, struct table_info *ti); 124 125 struct table_algo { 126 char name[16]; 127 uint32_t idx; 128 uint32_t type; 129 uint32_t refcnt; 130 uint32_t flags; 131 uint32_t vlimit; 132 size_t ta_buf_size; 133 ta_init *init; 134 ta_destroy *destroy; 135 ta_prepare_add *prepare_add; 136 ta_prepare_del *prepare_del; 137 ta_add *add; 138 ta_del *del; 139 ta_flush_entry *flush_entry; 140 ta_find_tentry *find_tentry; 141 ta_need_modify *need_modify; 142 ta_prepare_mod *prepare_mod; 143 ta_fill_mod *fill_mod; 144 ta_modify *modify; 145 ta_flush_mod *flush_mod; 146 ta_change_ti *change_ti; 147 ta_foreach *foreach; 148 ta_dump_tentry *dump_tentry; 149 ta_print_config *print_config; 150 ta_dump_tinfo *dump_tinfo; 151 ta_get_count *get_count; 152 }; 153 #define TA_FLAG_DEFAULT 0x01 /* Algo is default for given type */ 154 #define TA_FLAG_READONLY 0x02 /* Algo does not support modifications*/ 155 #define TA_FLAG_EXTCOUNTER 0x04 /* Algo has external counter available*/ 156 157 int ipfw_add_table_algo(struct ip_fw_chain *ch, struct table_algo *ta, 158 size_t size, int *idx); 159 void ipfw_del_table_algo(struct ip_fw_chain *ch, int idx); 160 161 void ipfw_table_algo_init(struct ip_fw_chain *chain); 162 void ipfw_table_algo_destroy(struct ip_fw_chain *chain); 163 164 MALLOC_DECLARE(M_IPFW_TBL); 165 /* Exported to support legacy opcodes */ 166 int add_table_entry(struct ip_fw_chain *ch, struct tid_info *ti, 167 struct tentry_info *tei, uint8_t flags, uint32_t count); 168 int del_table_entry(struct ip_fw_chain *ch, struct tid_info *ti, 169 struct tentry_info *tei, uint8_t flags, uint32_t count); 170 int flush_table(struct ip_fw_chain *ch, struct tid_info *ti); 171 void ipfw_import_table_value_legacy(uint32_t value, struct table_value *v); 172 uint32_t ipfw_export_table_value_legacy(struct table_value *v); 173 int ipfw_get_table_size(struct ip_fw_chain *ch, ip_fw3_opheader *op3, 174 struct sockopt_data *sd); 175 176 /* ipfw_table_value.c functions */ 177 struct table_config; 178 struct tableop_state; 179 void ipfw_table_value_init(struct ip_fw_chain *ch, int first); 180 void ipfw_table_value_destroy(struct ip_fw_chain *ch, int last); 181 int ipfw_link_table_values(struct ip_fw_chain *ch, struct tableop_state *ts); 182 void ipfw_garbage_table_values(struct ip_fw_chain *ch, struct table_config *tc, 183 struct tentry_info *tei, uint32_t count, int rollback); 184 void ipfw_import_table_value_v1(ipfw_table_value *iv); 185 void ipfw_export_table_value_v1(struct table_value *v, ipfw_table_value *iv); 186 void ipfw_unref_table_values(struct ip_fw_chain *ch, struct table_config *tc, 187 struct table_algo *ta, void *astate, struct table_info *ti); 188 void rollback_table_values(struct tableop_state *ts); 189 190 int ipfw_rewrite_table_uidx(struct ip_fw_chain *chain, 191 struct rule_check_info *ci); 192 int ipfw_rewrite_table_kidx(struct ip_fw_chain *chain, 193 struct ip_fw_rule0 *rule); 194 int ipfw_mark_table_kidx(struct ip_fw_chain *chain, struct ip_fw *rule, 195 uint32_t *bmask); 196 int ipfw_export_table_ntlv(struct ip_fw_chain *ch, uint16_t kidx, 197 struct sockopt_data *sd); 198 void ipfw_unref_rule_tables(struct ip_fw_chain *chain, struct ip_fw *rule); 199 200 /* utility functions */ 201 int ipfw_check_table_name(char *name); 202 int ipfw_move_tables_sets(struct ip_fw_chain *ch, ipfw_range_tlv *rt, 203 uint32_t new_set); 204 void ipfw_swap_tables_sets(struct ip_fw_chain *ch, uint32_t old_set, 205 uint32_t new_set, int mv); 206 int ipfw_foreach_table_tentry(struct ip_fw_chain *ch, uint16_t kidx, 207 ta_foreach_f f, void *arg); 208 209 /* internal functions */ 210 void tc_ref(struct table_config *tc); 211 void tc_unref(struct table_config *tc); 212 213 struct op_state; 214 typedef void (op_rollback_f)(void *object, struct op_state *state); 215 struct op_state { 216 TAILQ_ENTRY(op_state) next; /* chain link */ 217 op_rollback_f *func; 218 }; 219 220 struct tableop_state { 221 struct op_state opstate; 222 struct ip_fw_chain *ch; 223 struct table_config *tc; 224 struct table_algo *ta; 225 struct tentry_info *tei; 226 uint32_t count; 227 uint32_t vmask; 228 int vshared; 229 int modified; 230 }; 231 232 void add_toperation_state(struct ip_fw_chain *ch, struct tableop_state *ts); 233 void del_toperation_state(struct ip_fw_chain *ch, struct tableop_state *ts); 234 void rollback_toperation_state(struct ip_fw_chain *ch, void *object); 235 236 /* Legacy interfaces */ 237 int ipfw_count_table(struct ip_fw_chain *ch, struct tid_info *ti, 238 uint32_t *cnt); 239 int ipfw_count_xtable(struct ip_fw_chain *ch, struct tid_info *ti, 240 uint32_t *cnt); 241 int ipfw_dump_table_legacy(struct ip_fw_chain *ch, struct tid_info *ti, 242 ipfw_table *tbl); 243 244 245 #endif /* _KERNEL */ 246 #endif /* _IPFW2_TABLE_H */ 247