xref: /freebsd/sys/netpfil/ipfw/ip_fw_table.h (revision 38d120bc13ac1de5b739b67b87016b9122149374)
1 /*-
2  * Copyright (c) 2002-2009 Luigi Rizzo, Universita` di Pisa
3  *
4  * Redistribution and use in source and binary forms, with or without
5  * modification, are permitted provided that the following conditions
6  * are met:
7  * 1. Redistributions of source code must retain the above copyright
8  *    notice, this list of conditions and the following disclaimer.
9  * 2. Redistributions in binary form must reproduce the above copyright
10  *    notice, this list of conditions and the following disclaimer in the
11  *    documentation and/or other materials provided with the distribution.
12  *
13  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
14  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
15  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
16  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
17  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
18  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
19  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
20  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
21  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
22  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
23  * SUCH DAMAGE.
24  *
25  * $FreeBSD$
26  */
27 
28 #ifndef _IPFW2_TABLE_H
29 #define _IPFW2_TABLE_H
30 
31 /*
32  * Internal constants and data structures used by ipfw tables
33  * not meant to be exported outside the kernel.
34  */
35 #ifdef _KERNEL
36 
37 struct table_algo;
38 struct tables_config {
39 	struct namedobj_instance	*namehash;
40 	struct namedobj_instance	*valhash;
41 	uint32_t			val_size;
42 	uint32_t			algo_count;
43 	struct table_algo 		*algo[256];
44 	struct table_algo		*def_algo[IPFW_TABLE_MAXTYPE + 1];
45 	TAILQ_HEAD(op_state_l,op_state)	state_list;
46 };
47 #define	CHAIN_TO_TCFG(chain)	((struct tables_config *)(chain)->tblcfg)
48 
49 struct table_info {
50 	table_lookup_t	*lookup;	/* Lookup function */
51 	void		*state;		/* Lookup radix/other structure */
52 	void		*xstate;	/* eXtended state */
53 	u_long		data;		/* Hints for given func */
54 };
55 
56 /* Internal structures for handling sockopt data */
57 struct tid_info {
58 	uint32_t	set;	/* table set */
59 	uint16_t	uidx;	/* table index */
60 	uint8_t		type;	/* table type */
61 	uint8_t		atype;
62 	void		*tlvs;	/* Pointer to first TLV */
63 	int		tlen;	/* Total TLV size block */
64 };
65 
66 struct table_value;
67 struct tentry_info {
68 	void		*paddr;
69 	struct table_value	*pvalue;
70 	void		*ptv;		/* Temporary field to hold obj	*/
71 	uint8_t		masklen;	/* mask length			*/
72 	uint8_t		subtype;
73 	uint16_t	flags;		/* record flags			*/
74 	uint32_t	value;		/* value index			*/
75 };
76 #define	TEI_FLAGS_UPDATE	0x0001	/* Add or update rec if exists	*/
77 #define	TEI_FLAGS_UPDATED	0x0002	/* Entry has been updated	*/
78 #define	TEI_FLAGS_COMPAT	0x0004	/* Called from old ABI		*/
79 #define	TEI_FLAGS_DONTADD	0x0008	/* Do not create new rec	*/
80 #define	TEI_FLAGS_ADDED		0x0010	/* Entry was added		*/
81 #define	TEI_FLAGS_DELETED	0x0020	/* Entry was deleted		*/
82 #define	TEI_FLAGS_LIMIT		0x0040	/* Limit was hit		*/
83 #define	TEI_FLAGS_ERROR		0x0080	/* Unknown request error	*/
84 #define	TEI_FLAGS_NOTFOUND	0x0100	/* Entry was not found		*/
85 #define	TEI_FLAGS_EXISTS	0x0200	/* Entry already exists		*/
86 
87 typedef int (ta_init)(struct ip_fw_chain *ch, void **ta_state,
88     struct table_info *ti, char *data, uint8_t tflags);
89 typedef void (ta_destroy)(void *ta_state, struct table_info *ti);
90 typedef int (ta_prepare_add)(struct ip_fw_chain *ch, struct tentry_info *tei,
91     void *ta_buf);
92 typedef int (ta_prepare_del)(struct ip_fw_chain *ch, struct tentry_info *tei,
93     void *ta_buf);
94 typedef int (ta_add)(void *ta_state, struct table_info *ti,
95     struct tentry_info *tei, void *ta_buf, uint32_t *pnum);
96 typedef int (ta_del)(void *ta_state, struct table_info *ti,
97     struct tentry_info *tei, void *ta_buf, uint32_t *pnum);
98 typedef void (ta_flush_entry)(struct ip_fw_chain *ch, struct tentry_info *tei,
99     void *ta_buf);
100 
101 typedef int (ta_need_modify)(void *ta_state, struct table_info *ti,
102     uint32_t count, uint64_t *pflags);
103 typedef int (ta_prepare_mod)(void *ta_buf, uint64_t *pflags);
104 typedef int (ta_fill_mod)(void *ta_state, struct table_info *ti,
105     void *ta_buf, uint64_t *pflags);
106 typedef void (ta_modify)(void *ta_state, struct table_info *ti,
107     void *ta_buf, uint64_t pflags);
108 typedef void (ta_flush_mod)(void *ta_buf);
109 
110 typedef void (ta_change_ti)(void *ta_state, struct table_info *ti);
111 typedef void (ta_print_config)(void *ta_state, struct table_info *ti, char *buf,
112     size_t bufsize);
113 
114 typedef int ta_foreach_f(void *node, void *arg);
115 typedef void ta_foreach(void *ta_state, struct table_info *ti, ta_foreach_f *f,
116   void *arg);
117 typedef int ta_dump_tentry(void *ta_state, struct table_info *ti, void *e,
118     ipfw_obj_tentry *tent);
119 typedef int ta_find_tentry(void *ta_state, struct table_info *ti,
120     ipfw_obj_tentry *tent);
121 typedef void ta_dump_tinfo(void *ta_state, struct table_info *ti,
122     ipfw_ta_tinfo *tinfo);
123 typedef uint32_t ta_get_count(void *ta_state, struct table_info *ti);
124 
125 struct table_algo {
126 	char		name[16];
127 	uint32_t	idx;
128 	uint32_t	type;
129 	uint32_t	refcnt;
130 	uint32_t	flags;
131 	uint32_t	vlimit;
132 	size_t		ta_buf_size;
133 	ta_init		*init;
134 	ta_destroy	*destroy;
135 	ta_prepare_add	*prepare_add;
136 	ta_prepare_del	*prepare_del;
137 	ta_add		*add;
138 	ta_del		*del;
139 	ta_flush_entry	*flush_entry;
140 	ta_find_tentry	*find_tentry;
141 	ta_need_modify	*need_modify;
142 	ta_prepare_mod	*prepare_mod;
143 	ta_fill_mod	*fill_mod;
144 	ta_modify	*modify;
145 	ta_flush_mod	*flush_mod;
146 	ta_change_ti	*change_ti;
147 	ta_foreach	*foreach;
148 	ta_dump_tentry	*dump_tentry;
149 	ta_print_config	*print_config;
150 	ta_dump_tinfo	*dump_tinfo;
151 	ta_get_count	*get_count;
152 };
153 #define	TA_FLAG_DEFAULT		0x01	/* Algo is default for given type */
154 #define	TA_FLAG_READONLY	0x02	/* Algo does not support modifications*/
155 #define	TA_FLAG_EXTCOUNTER	0x04	/* Algo has external counter available*/
156 
157 int ipfw_add_table_algo(struct ip_fw_chain *ch, struct table_algo *ta,
158     size_t size, int *idx);
159 void ipfw_del_table_algo(struct ip_fw_chain *ch, int idx);
160 
161 void ipfw_table_algo_init(struct ip_fw_chain *chain);
162 void ipfw_table_algo_destroy(struct ip_fw_chain *chain);
163 
164 MALLOC_DECLARE(M_IPFW_TBL);
165 /* Exported to support legacy opcodes */
166 int add_table_entry(struct ip_fw_chain *ch, struct tid_info *ti,
167     struct tentry_info *tei, uint8_t flags, uint32_t count);
168 int del_table_entry(struct ip_fw_chain *ch, struct tid_info *ti,
169     struct tentry_info *tei, uint8_t flags, uint32_t count);
170 int flush_table(struct ip_fw_chain *ch, struct tid_info *ti);
171 void ipfw_import_table_value_legacy(uint32_t value, struct table_value *v);
172 uint32_t ipfw_export_table_value_legacy(struct table_value *v);
173 int ipfw_get_table_size(struct ip_fw_chain *ch, ip_fw3_opheader *op3,
174     struct sockopt_data *sd);
175 
176 /* ipfw_table_value.c functions */
177 struct table_config;
178 struct tableop_state;
179 void ipfw_table_value_init(struct ip_fw_chain *ch, int first);
180 void ipfw_table_value_destroy(struct ip_fw_chain *ch, int last);
181 int ipfw_link_table_values(struct ip_fw_chain *ch, struct tableop_state *ts);
182 void ipfw_garbage_table_values(struct ip_fw_chain *ch, struct table_config *tc,
183     struct tentry_info *tei, uint32_t count, int rollback);
184 void ipfw_import_table_value_v1(ipfw_table_value *iv);
185 void ipfw_export_table_value_v1(struct table_value *v, ipfw_table_value *iv);
186 void ipfw_unref_table_values(struct ip_fw_chain *ch, struct table_config *tc,
187     struct table_algo *ta, void *astate, struct table_info *ti);
188 void rollback_table_values(struct tableop_state *ts);
189 
190 int ipfw_rewrite_table_uidx(struct ip_fw_chain *chain,
191     struct rule_check_info *ci);
192 int ipfw_rewrite_table_kidx(struct ip_fw_chain *chain,
193     struct ip_fw_rule0 *rule);
194 int ipfw_mark_table_kidx(struct ip_fw_chain *chain, struct ip_fw *rule,
195     uint32_t *bmask);
196 int ipfw_export_table_ntlv(struct ip_fw_chain *ch, uint16_t kidx,
197     struct sockopt_data *sd);
198 void ipfw_unref_rule_tables(struct ip_fw_chain *chain, struct ip_fw *rule);
199 
200 /* utility functions  */
201 int ipfw_check_table_name(char *name);
202 int ipfw_move_tables_sets(struct ip_fw_chain *ch, ipfw_range_tlv *rt,
203     uint32_t new_set);
204 void ipfw_swap_tables_sets(struct ip_fw_chain *ch, uint32_t old_set,
205     uint32_t new_set, int mv);
206 int ipfw_foreach_table_tentry(struct ip_fw_chain *ch, uint16_t kidx,
207     ta_foreach_f f, void *arg);
208 
209 /* internal functions */
210 void tc_ref(struct table_config *tc);
211 void tc_unref(struct table_config *tc);
212 
213 struct op_state;
214 typedef void (op_rollback_f)(void *object, struct op_state *state);
215 struct op_state {
216 	TAILQ_ENTRY(op_state)	next;	/* chain link */
217 	op_rollback_f		*func;
218 };
219 
220 struct tableop_state {
221 	struct op_state	opstate;
222 	struct ip_fw_chain *ch;
223 	struct table_config *tc;
224 	struct table_algo *ta;
225 	struct tentry_info *tei;
226 	uint32_t count;
227 	uint32_t vmask;
228 	int vshared;
229 	int modified;
230 };
231 
232 void add_toperation_state(struct ip_fw_chain *ch, struct tableop_state *ts);
233 void del_toperation_state(struct ip_fw_chain *ch, struct tableop_state *ts);
234 void rollback_toperation_state(struct ip_fw_chain *ch, void *object);
235 
236 /* Legacy interfaces */
237 int ipfw_count_table(struct ip_fw_chain *ch, struct tid_info *ti,
238     uint32_t *cnt);
239 int ipfw_count_xtable(struct ip_fw_chain *ch, struct tid_info *ti,
240     uint32_t *cnt);
241 int ipfw_dump_table_legacy(struct ip_fw_chain *ch, struct tid_info *ti,
242     ipfw_table *tbl);
243 
244 
245 #endif /* _KERNEL */
246 #endif /* _IPFW2_TABLE_H */
247