netpfil/ipfw/ip_fw_table_algo.c

9f7d47b0SAlexander V. Chernikov/*-
*4a77657cSAndrey V. Elsukov * SPDX-License-Identifier: BSD-2-Clause
*4a77657cSAndrey V. Elsukov *
*4a77657cSAndrey V. Elsukov * Copyright (c) 2014-2025 Yandex LLC
1a33e799SAlexander V. Chernikov * Copyright (c) 2014 Alexander V. Chernikov
9f7d47b0SAlexander V. Chernikov *
9f7d47b0SAlexander V. Chernikov * Redistribution and use in source and binary forms, with or without
9f7d47b0SAlexander V. Chernikov * modification, are permitted provided that the following conditions
9f7d47b0SAlexander V. Chernikov * are met:
9f7d47b0SAlexander V. Chernikov * 1. Redistributions of source code must retain the above copyright
9f7d47b0SAlexander V. Chernikov *    notice, this list of conditions and the following disclaimer.
9f7d47b0SAlexander V. Chernikov * 2. Redistributions in binary form must reproduce the above copyright
9f7d47b0SAlexander V. Chernikov *    notice, this list of conditions and the following disclaimer in the
9f7d47b0SAlexander V. Chernikov *    documentation and/or other materials provided with the distribution.
9f7d47b0SAlexander V. Chernikov *
9f7d47b0SAlexander V. Chernikov * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
9f7d47b0SAlexander V. Chernikov * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
9f7d47b0SAlexander V. Chernikov * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
9f7d47b0SAlexander V. Chernikov * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
9f7d47b0SAlexander V. Chernikov * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
9f7d47b0SAlexander V. Chernikov * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
9f7d47b0SAlexander V. Chernikov * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
9f7d47b0SAlexander V. Chernikov * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
9f7d47b0SAlexander V. Chernikov * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
9f7d47b0SAlexander V. Chernikov * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
9f7d47b0SAlexander V. Chernikov * SUCH DAMAGE.
9f7d47b0SAlexander V. Chernikov */
9f7d47b0SAlexander V. Chernikov
9f7d47b0SAlexander V. Chernikov#include <sys/cdefs.h>
9f7d47b0SAlexander V. Chernikov/*
9f7d47b0SAlexander V. Chernikov * Lookup table algorithms.
9f7d47b0SAlexander V. Chernikov *
9f7d47b0SAlexander V. Chernikov */
9f7d47b0SAlexander V. Chernikov
9f7d47b0SAlexander V. Chernikov#include "opt_ipfw.h"
9f7d47b0SAlexander V. Chernikov#include "opt_inet.h"
9f7d47b0SAlexander V. Chernikov#ifndef INET
9f7d47b0SAlexander V. Chernikov#error IPFIREWALL requires INET.
9f7d47b0SAlexander V. Chernikov#endif /* INET */
9f7d47b0SAlexander V. Chernikov#include "opt_inet6.h"
9f7d47b0SAlexander V. Chernikov
9f7d47b0SAlexander V. Chernikov#include <sys/param.h>
9f7d47b0SAlexander V. Chernikov#include <sys/systm.h>
9f7d47b0SAlexander V. Chernikov#include <sys/malloc.h>
9f7d47b0SAlexander V. Chernikov#include <sys/kernel.h>
9f7d47b0SAlexander V. Chernikov#include <sys/lock.h>
9f7d47b0SAlexander V. Chernikov#include <sys/rwlock.h>
d4e1b515SAlexander V. Chernikov#include <sys/rmlock.h>
9f7d47b0SAlexander V. Chernikov#include <sys/socket.h>
9f7d47b0SAlexander V. Chernikov#include <sys/queue.h>
81cac390SArseny Smalyuk#include <net/ethernet.h>
9f7d47b0SAlexander V. Chernikov#include <net/if.h>	/* ip_fw.h requires IFNAMSIZ */
9f7d47b0SAlexander V. Chernikov#include <net/radix.h>
d3b00c08SAlexander V. Chernikov#include <net/route.h>
6ad7446cSAlexander V. Chernikov#include <net/route/nhop.h>
4451d893SAlexander V. Chernikov#include <net/route/route_ctl.h>
9f7d47b0SAlexander V. Chernikov
9f7d47b0SAlexander V. Chernikov#include <netinet/in.h>
004d3e30SAlexander V. Chernikov#include <netinet/in_fib.h>
9f7d47b0SAlexander V. Chernikov#include <netinet/ip_var.h>	/* struct ipfw_rule_ref */
9f7d47b0SAlexander V. Chernikov#include <netinet/ip_fw.h>
004d3e30SAlexander V. Chernikov#include <netinet6/in6_fib.h>
9f7d47b0SAlexander V. Chernikov
9f7d47b0SAlexander V. Chernikov#include <netpfil/ipfw/ip_fw_private.h>
ea761a5dSAlexander V. Chernikov#include <netpfil/ipfw/ip_fw_table.h>
9f7d47b0SAlexander V. Chernikov
301290bcSAlexander V. Chernikov/*
301290bcSAlexander V. Chernikov * IPFW table lookup algorithms.
301290bcSAlexander V. Chernikov *
301290bcSAlexander V. Chernikov * What is needed to add another table algo?
301290bcSAlexander V. Chernikov *
301290bcSAlexander V. Chernikov * Algo init:
301290bcSAlexander V. Chernikov * * struct table_algo has to be filled with:
c21034b7SAlexander V. Chernikov *   name: "type:algoname" format, e.g. "addr:radix". Currently
c21034b7SAlexander V. Chernikov *     there are the following types: "addr", "iface", "number" and "flow".
301290bcSAlexander V. Chernikov *   type: one of IPFW_TABLE_* types
301290bcSAlexander V. Chernikov *   flags: one or more TA_FLAGS_*
301290bcSAlexander V. Chernikov *   ta_buf_size: size of structure used to store add/del item state.
301290bcSAlexander V. Chernikov *     Needs to be less than TA_BUF_SZ.
301290bcSAlexander V. Chernikov *   callbacks: see below for description.
301290bcSAlexander V. Chernikov * * ipfw_add_table_algo / ipfw_del_table_algo has to be called
301290bcSAlexander V. Chernikov *
301290bcSAlexander V. Chernikov * Callbacks description:
301290bcSAlexander V. Chernikov *
301290bcSAlexander V. Chernikov * -init: request to initialize new table instance.
301290bcSAlexander V. Chernikov * typedef int (ta_init)(struct ip_fw_chain *ch, void **ta_state,
301290bcSAlexander V. Chernikov *     struct table_info *ti, char *data, uint8_t tflags);
301290bcSAlexander V. Chernikov * MANDATORY, unlocked. (M_WAITOK). Returns 0 on success.
301290bcSAlexander V. Chernikov *
301290bcSAlexander V. Chernikov *  Allocate all structures needed for normal operations.
301290bcSAlexander V. Chernikov *  * Caller may want to parse @data for some algo-specific
301290bcSAlexander V. Chernikov *    options provided by userland.
301290bcSAlexander V. Chernikov *  * Caller may want to save configuration state pointer to @ta_state
301290bcSAlexander V. Chernikov *  * Caller needs to save desired runtime structure pointer(s)
301290bcSAlexander V. Chernikov *    inside @ti fields. Note that it is not correct to save
301290bcSAlexander V. Chernikov *    @ti pointer at this moment. Use -change_ti hook for that.
301290bcSAlexander V. Chernikov *  * Caller has to fill in ti->lookup to appropriate function
301290bcSAlexander V. Chernikov *    pointer.
301290bcSAlexander V. Chernikov *
301290bcSAlexander V. Chernikov *
301290bcSAlexander V. Chernikov *
301290bcSAlexander V. Chernikov * -destroy: request to destroy table instance.
301290bcSAlexander V. Chernikov * typedef void (ta_destroy)(void *ta_state, struct table_info *ti);
0caab009SAlexander V. Chernikov * MANDATORY, unlocked. (M_WAITOK).
301290bcSAlexander V. Chernikov *
301290bcSAlexander V. Chernikov * Frees all table entries and all tables structures allocated by -init.
301290bcSAlexander V. Chernikov *
301290bcSAlexander V. Chernikov *
301290bcSAlexander V. Chernikov *
301290bcSAlexander V. Chernikov * -prepare_add: request to allocate state for adding new entry.
301290bcSAlexander V. Chernikov * typedef int (ta_prepare_add)(struct ip_fw_chain *ch, struct tentry_info *tei,
301290bcSAlexander V. Chernikov *     void *ta_buf);
301290bcSAlexander V. Chernikov * MANDATORY, unlocked. (M_WAITOK). Returns 0 on success.
301290bcSAlexander V. Chernikov *
13263632SAlexander V. Chernikov * Allocates state and fills it in with all necessary data (EXCEPT value)
13263632SAlexander V. Chernikov * from @tei to minimize operations needed to be done under WLOCK.
13263632SAlexander V. Chernikov * "value" field has to be copied to new entry in @add callback.
301290bcSAlexander V. Chernikov * Buffer ta_buf of size ta->ta_buf_sz may be used to store
301290bcSAlexander V. Chernikov * allocated state.
301290bcSAlexander V. Chernikov *
301290bcSAlexander V. Chernikov *
301290bcSAlexander V. Chernikov *
301290bcSAlexander V. Chernikov * -prepare_del: request to set state for deleting existing entry.
301290bcSAlexander V. Chernikov * typedef int (ta_prepare_del)(struct ip_fw_chain *ch, struct tentry_info *tei,
301290bcSAlexander V. Chernikov *     void *ta_buf);
301290bcSAlexander V. Chernikov * MANDATORY, locked, UH. (M_NOWAIT). Returns 0 on success.
301290bcSAlexander V. Chernikov *
301290bcSAlexander V. Chernikov * Buffer ta_buf of size ta->ta_buf_sz may be used to store
301290bcSAlexander V. Chernikov * allocated state. Caller should use on-stack ta_buf allocation
301290bcSAlexander V. Chernikov * instead of doing malloc().
301290bcSAlexander V. Chernikov *
301290bcSAlexander V. Chernikov *
301290bcSAlexander V. Chernikov *
301290bcSAlexander V. Chernikov * -add: request to insert new entry into runtime/config structures.
301290bcSAlexander V. Chernikov *  typedef int (ta_add)(void *ta_state, struct table_info *ti,
301290bcSAlexander V. Chernikov *     struct tentry_info *tei, void *ta_buf, uint32_t *pnum);
301290bcSAlexander V. Chernikov * MANDATORY, UH+WLOCK. (M_NOWAIT). Returns 0 on success.
301290bcSAlexander V. Chernikov *
301290bcSAlexander V. Chernikov * Insert new entry using previously-allocated state in @ta_buf.
301290bcSAlexander V. Chernikov * * @tei may have the following flags:
301290bcSAlexander V. Chernikov *   TEI_FLAGS_UPDATE: request to add or update entry.
301290bcSAlexander V. Chernikov *   TEI_FLAGS_DONTADD: request to update (but not add) entry.
301290bcSAlexander V. Chernikov * * Caller is required to do the following:
13263632SAlexander V. Chernikov *   copy real entry value from @tei
301290bcSAlexander V. Chernikov *   entry added: return 0, set 1 to @pnum
301290bcSAlexander V. Chernikov *   entry updated: return 0, store 0 to @pnum, store old value in @tei,
301290bcSAlexander V. Chernikov *     add TEI_FLAGS_UPDATED flag to @tei.
301290bcSAlexander V. Chernikov *   entry exists: return EEXIST
301290bcSAlexander V. Chernikov *   entry not found: return ENOENT
301290bcSAlexander V. Chernikov *   other error: return non-zero error code.
301290bcSAlexander V. Chernikov *
301290bcSAlexander V. Chernikov *
301290bcSAlexander V. Chernikov *
301290bcSAlexander V. Chernikov * -del: request to delete existing entry from runtime/config structures.
301290bcSAlexander V. Chernikov *  typedef int (ta_del)(void *ta_state, struct table_info *ti,
301290bcSAlexander V. Chernikov *     struct tentry_info *tei, void *ta_buf, uint32_t *pnum);
301290bcSAlexander V. Chernikov *  MANDATORY, UH+WLOCK. (M_NOWAIT). Returns 0 on success.
301290bcSAlexander V. Chernikov *
301290bcSAlexander V. Chernikov *  Delete entry using previously set up in @ta_buf.
301290bcSAlexander V. Chernikov * * Caller is required to do the following:
13263632SAlexander V. Chernikov *   entry deleted: return 0, set 1 to @pnum, store old value in @tei.
301290bcSAlexander V. Chernikov *   entry not found: return ENOENT
301290bcSAlexander V. Chernikov *   other error: return non-zero error code.
301290bcSAlexander V. Chernikov *
301290bcSAlexander V. Chernikov *
301290bcSAlexander V. Chernikov *
301290bcSAlexander V. Chernikov * -flush_entry: flush entry state created by -prepare_add / -del / others
301290bcSAlexander V. Chernikov *  typedef void (ta_flush_entry)(struct ip_fw_chain *ch,
301290bcSAlexander V. Chernikov *      struct tentry_info *tei, void *ta_buf);
301290bcSAlexander V. Chernikov *  MANDATORY, may be locked. (M_NOWAIT).
301290bcSAlexander V. Chernikov *
301290bcSAlexander V. Chernikov *  Delete state allocated by:
301290bcSAlexander V. Chernikov *  -prepare_add (-add returned EEXIST|UPDATED)
301290bcSAlexander V. Chernikov *  -prepare_del (if any)
301290bcSAlexander V. Chernikov *  -del
301290bcSAlexander V. Chernikov *  * Caller is required to handle empty @ta_buf correctly.
301290bcSAlexander V. Chernikov *
301290bcSAlexander V. Chernikov *
301290bcSAlexander V. Chernikov * -find_tentry: finds entry specified by key @tei
301290bcSAlexander V. Chernikov *  typedef int ta_find_tentry(void *ta_state, struct table_info *ti,
301290bcSAlexander V. Chernikov *      ipfw_obj_tentry *tent);
301290bcSAlexander V. Chernikov *  OPTIONAL, locked (UH). (M_NOWAIT). Returns 0 on success.
301290bcSAlexander V. Chernikov *
301290bcSAlexander V. Chernikov *  Finds entry specified by given key.
a4641f4eSPedro F. Giffuni *  * Caller is required to do the following:
301290bcSAlexander V. Chernikov *    entry found: returns 0, export entry to @tent
301290bcSAlexander V. Chernikov *    entry not found: returns ENOENT
301290bcSAlexander V. Chernikov *
301290bcSAlexander V. Chernikov *
301290bcSAlexander V. Chernikov * -need_modify: checks if @ti has enough space to hold another @count items.
301290bcSAlexander V. Chernikov *  typedef int (ta_need_modify)(void *ta_state, struct table_info *ti,
301290bcSAlexander V. Chernikov *      uint32_t count, uint64_t *pflags);
fd0869d5SAlexander V. Chernikov *  OPTIONAL, locked (UH). (M_NOWAIT). Returns 0 if has.
301290bcSAlexander V. Chernikov *
301290bcSAlexander V. Chernikov *  Checks if given table has enough space to add @count items without
301290bcSAlexander V. Chernikov *  resize. Caller may use @pflags to store desired modification data.
301290bcSAlexander V. Chernikov *
301290bcSAlexander V. Chernikov *
301290bcSAlexander V. Chernikov *
301290bcSAlexander V. Chernikov * -prepare_mod: allocate structures for table modification.
301290bcSAlexander V. Chernikov *  typedef int (ta_prepare_mod)(void *ta_buf, uint64_t *pflags);
fd0869d5SAlexander V. Chernikov * OPTIONAL(need_modify), unlocked. (M_WAITOK). Returns 0 on success.
301290bcSAlexander V. Chernikov *
301290bcSAlexander V. Chernikov * Allocate all needed state for table modification. Caller
301290bcSAlexander V. Chernikov * should use `struct mod_item` to store new state in @ta_buf.
301290bcSAlexander V. Chernikov * Up to TA_BUF_SZ (128 bytes) can be stored in @ta_buf.
301290bcSAlexander V. Chernikov *
301290bcSAlexander V. Chernikov *
301290bcSAlexander V. Chernikov *
301290bcSAlexander V. Chernikov * -fill_mod: copy some data to new state/
301290bcSAlexander V. Chernikov *  typedef int (ta_fill_mod)(void *ta_state, struct table_info *ti,
301290bcSAlexander V. Chernikov *      void *ta_buf, uint64_t *pflags);
fd0869d5SAlexander V. Chernikov * OPTIONAL(need_modify), locked (UH). (M_NOWAIT). Returns 0 on success.
301290bcSAlexander V. Chernikov *
301290bcSAlexander V. Chernikov * Copy as much data as we can to minimize changes under WLOCK.
301290bcSAlexander V. Chernikov * For example, array can be merged inside this callback.
301290bcSAlexander V. Chernikov *
301290bcSAlexander V. Chernikov *
301290bcSAlexander V. Chernikov *
301290bcSAlexander V. Chernikov * -modify: perform final modification.
301290bcSAlexander V. Chernikov *  typedef void (ta_modify)(void *ta_state, struct table_info *ti,
301290bcSAlexander V. Chernikov *      void *ta_buf, uint64_t pflags);
fd0869d5SAlexander V. Chernikov * OPTIONAL(need_modify), locked (UH+WLOCK). (M_NOWAIT).
301290bcSAlexander V. Chernikov *
301290bcSAlexander V. Chernikov * Performs all changes necessary to switch to new structures.
301290bcSAlexander V. Chernikov * * Caller should save old pointers to @ta_buf storage.
301290bcSAlexander V. Chernikov *
301290bcSAlexander V. Chernikov *
301290bcSAlexander V. Chernikov *
301290bcSAlexander V. Chernikov * -flush_mod: flush table modification state.
301290bcSAlexander V. Chernikov *  typedef void (ta_flush_mod)(void *ta_buf);
fd0869d5SAlexander V. Chernikov * OPTIONAL(need_modify), unlocked. (M_WAITOK).
301290bcSAlexander V. Chernikov *
301290bcSAlexander V. Chernikov * Performs flush for the following:
301290bcSAlexander V. Chernikov *   - prepare_mod (modification was not necessary)
301290bcSAlexander V. Chernikov *   - modify (for the old state)
301290bcSAlexander V. Chernikov *
301290bcSAlexander V. Chernikov *
301290bcSAlexander V. Chernikov *
301290bcSAlexander V. Chernikov * -change_gi: monitor table info pointer changes
301290bcSAlexander V. Chernikov * typedef void (ta_change_ti)(void *ta_state, struct table_info *ti);
301290bcSAlexander V. Chernikov * OPTIONAL, locked (UH). (M_NOWAIT).
301290bcSAlexander V. Chernikov *
301290bcSAlexander V. Chernikov * Called on @ti pointer changed. Called immediately after -init
301290bcSAlexander V. Chernikov * to set initial state.
301290bcSAlexander V. Chernikov *
301290bcSAlexander V. Chernikov *
301290bcSAlexander V. Chernikov *
301290bcSAlexander V. Chernikov * -foreach: calls @f for each table entry
301290bcSAlexander V. Chernikov *  typedef void ta_foreach(void *ta_state, struct table_info *ti,
301290bcSAlexander V. Chernikov *      ta_foreach_f *f, void *arg);
301290bcSAlexander V. Chernikov * MANDATORY, locked(UH). (M_NOWAIT).
301290bcSAlexander V. Chernikov *
301290bcSAlexander V. Chernikov * Runs callback with specified argument for each table entry,
301290bcSAlexander V. Chernikov * Typically used for dumping table entries.
301290bcSAlexander V. Chernikov *
301290bcSAlexander V. Chernikov *
301290bcSAlexander V. Chernikov *
301290bcSAlexander V. Chernikov * -dump_tentry: dump table entry in current @tentry format.
301290bcSAlexander V. Chernikov *  typedef int ta_dump_tentry(void *ta_state, struct table_info *ti, void *e,
301290bcSAlexander V. Chernikov *      ipfw_obj_tentry *tent);
301290bcSAlexander V. Chernikov * MANDATORY, locked(UH). (M_NOWAIT). Returns 0 on success.
301290bcSAlexander V. Chernikov *
301290bcSAlexander V. Chernikov * Dumps entry @e to @tent.
301290bcSAlexander V. Chernikov *
301290bcSAlexander V. Chernikov *
a4641f4eSPedro F. Giffuni * -print_config: prints custom algorithm options into buffer.
301290bcSAlexander V. Chernikov *  typedef void (ta_print_config)(void *ta_state, struct table_info *ti,
301290bcSAlexander V. Chernikov *      char *buf, size_t bufsize);
301290bcSAlexander V. Chernikov * OPTIONAL. locked(UH). (M_NOWAIT).
301290bcSAlexander V. Chernikov *
301290bcSAlexander V. Chernikov * Prints custom algorithm options in the format suitable to pass
301290bcSAlexander V. Chernikov * back to -init callback.
301290bcSAlexander V. Chernikov *
301290bcSAlexander V. Chernikov *
301290bcSAlexander V. Chernikov *
301290bcSAlexander V. Chernikov * -dump_tinfo: dumps algo-specific info.
301290bcSAlexander V. Chernikov *  typedef void ta_dump_tinfo(void *ta_state, struct table_info *ti,
301290bcSAlexander V. Chernikov *      ipfw_ta_tinfo *tinfo);
301290bcSAlexander V. Chernikov * OPTIONAL. locked(UH). (M_NOWAIT).
301290bcSAlexander V. Chernikov *
301290bcSAlexander V. Chernikov * Dumps options like items size/hash size, etc.
301290bcSAlexander V. Chernikov */
301290bcSAlexander V. Chernikov
b1d105bcSAlexander V. ChernikovMALLOC_DEFINE(M_IPFW_TBL, "ipfw_tbl", "IpFw tables");
9f7d47b0SAlexander V. Chernikov
0bce0c23SAlexander V. Chernikov/*
0bce0c23SAlexander V. Chernikov * Utility structures/functions common to more than one algo
0bce0c23SAlexander V. Chernikov */
0bce0c23SAlexander V. Chernikov
0bce0c23SAlexander V. Chernikovstruct mod_item {
0bce0c23SAlexander V. Chernikov	void	*main_ptr;
0bce0c23SAlexander V. Chernikov	size_t	size;
0bce0c23SAlexander V. Chernikov	void	*main_ptr6;
0bce0c23SAlexander V. Chernikov	size_t	size6;
0bce0c23SAlexander V. Chernikov};
0bce0c23SAlexander V. Chernikov
68394ec8SAlexander V. Chernikovstatic int badd(const void *key, void *item, void *base, size_t nmemb,
68394ec8SAlexander V. Chernikov    size_t size, int (*compar) (const void *, const void *));
68394ec8SAlexander V. Chernikovstatic int bdel(const void *key, void *base, size_t nmemb, size_t size,
68394ec8SAlexander V. Chernikov    int (*compar) (const void *, const void *));
68394ec8SAlexander V. Chernikov
68394ec8SAlexander V. Chernikov/*
c21034b7SAlexander V. Chernikov * ADDR implementation using radix
68394ec8SAlexander V. Chernikov *
68394ec8SAlexander V. Chernikov */
68394ec8SAlexander V. Chernikov
9f7d47b0SAlexander V. Chernikov/*
9f7d47b0SAlexander V. Chernikov * The radix code expects addr and mask to be array of bytes,
9f7d47b0SAlexander V. Chernikov * with the first byte being the length of the array. rn_inithead
9f7d47b0SAlexander V. Chernikov * is called with the offset in bits of the lookup key within the
9f7d47b0SAlexander V. Chernikov * array. If we use a sockaddr_in as the underlying type,
9f7d47b0SAlexander V. Chernikov * sin_len is conveniently located at offset 0, sin_addr is at
9f7d47b0SAlexander V. Chernikov * offset 4 and normally aligned.
9f7d47b0SAlexander V. Chernikov * But for portability, let's avoid assumption and make the code explicit
9f7d47b0SAlexander V. Chernikov */
9f7d47b0SAlexander V. Chernikov#define KEY_LEN(v)	*((uint8_t *)&(v))
9f7d47b0SAlexander V. Chernikov/*
81cac390SArseny Smalyuk * Do not require radix to compare more than actual IPv4/IPv6/MAC address
9f7d47b0SAlexander V. Chernikov */
9f7d47b0SAlexander V. Chernikov#define KEY_LEN_INET	(offsetof(struct sockaddr_in, sin_addr) + sizeof(in_addr_t))
e0a8b9eeSAlexander V. Chernikov#define KEY_LEN_INET6	(offsetof(struct sa_in6, sin6_addr) + sizeof(struct in6_addr))
81cac390SArseny Smalyuk#define KEY_LEN_MAC	(offsetof(struct sa_mac, mac_addr) + ETHER_ADDR_LEN)
9f7d47b0SAlexander V. Chernikov
9f7d47b0SAlexander V. Chernikov#define OFF_LEN_INET	(8 * offsetof(struct sockaddr_in, sin_addr))
e0a8b9eeSAlexander V. Chernikov#define OFF_LEN_INET6	(8 * offsetof(struct sa_in6, sin6_addr))
81cac390SArseny Smalyuk#define OFF_LEN_MAC	(8 * offsetof(struct sa_mac, mac_addr))
9f7d47b0SAlexander V. Chernikov
81cac390SArseny Smalyukstruct addr_radix_entry {
9f7d47b0SAlexander V. Chernikov	struct radix_node	rn[2];
e0a8b9eeSAlexander V. Chernikov	struct sockaddr_in	addr;
e0a8b9eeSAlexander V. Chernikov	uint32_t		value;
e0a8b9eeSAlexander V. Chernikov	uint8_t			masklen;
e0a8b9eeSAlexander V. Chernikov};
e0a8b9eeSAlexander V. Chernikov
e0a8b9eeSAlexander V. Chernikovstruct sa_in6 {
e0a8b9eeSAlexander V. Chernikov	uint8_t			sin6_len;
e0a8b9eeSAlexander V. Chernikov	uint8_t			sin6_family;
e0a8b9eeSAlexander V. Chernikov	uint8_t			pad[2];
e0a8b9eeSAlexander V. Chernikov	struct in6_addr		sin6_addr;
e0a8b9eeSAlexander V. Chernikov};
e0a8b9eeSAlexander V. Chernikov
81cac390SArseny Smalyukstruct addr_radix_xentry {
e0a8b9eeSAlexander V. Chernikov	struct radix_node	rn[2];
e0a8b9eeSAlexander V. Chernikov	struct sa_in6		addr6;
e0a8b9eeSAlexander V. Chernikov	uint32_t		value;
e0a8b9eeSAlexander V. Chernikov	uint8_t			masklen;
9f7d47b0SAlexander V. Chernikov};
9f7d47b0SAlexander V. Chernikov
81cac390SArseny Smalyukstruct addr_radix_cfg {
5f379342SAlexander V. Chernikov	struct radix_node_head	*head4;
5f379342SAlexander V. Chernikov	struct radix_node_head	*head6;
5f379342SAlexander V. Chernikov	size_t			count4;
5f379342SAlexander V. Chernikov	size_t			count6;
5f379342SAlexander V. Chernikov};
5f379342SAlexander V. Chernikov
81cac390SArseny Smalyukstruct sa_mac {
81cac390SArseny Smalyuk	uint8_t			mac_len;
81cac390SArseny Smalyuk	struct ether_addr	mac_addr;
81cac390SArseny Smalyuk};
81cac390SArseny Smalyuk
c21034b7SAlexander V. Chernikovstruct ta_buf_radix
0bce0c23SAlexander V. Chernikov{
0bce0c23SAlexander V. Chernikov	void *ent_ptr;
0bce0c23SAlexander V. Chernikov	struct sockaddr	*addr_ptr;
0bce0c23SAlexander V. Chernikov	struct sockaddr	*mask_ptr;
0bce0c23SAlexander V. Chernikov	union {
0bce0c23SAlexander V. Chernikov		struct {
0bce0c23SAlexander V. Chernikov			struct sockaddr_in sa;
0bce0c23SAlexander V. Chernikov			struct sockaddr_in ma;
0bce0c23SAlexander V. Chernikov		} a4;
0bce0c23SAlexander V. Chernikov		struct {
0bce0c23SAlexander V. Chernikov			struct sa_in6 sa;
0bce0c23SAlexander V. Chernikov			struct sa_in6 ma;
0bce0c23SAlexander V. Chernikov		} a6;
81cac390SArseny Smalyuk		struct {
81cac390SArseny Smalyuk			struct sa_mac sa;
81cac390SArseny Smalyuk			struct sa_mac ma;
81cac390SArseny Smalyuk		} mac;
0bce0c23SAlexander V. Chernikov	} addr;
0bce0c23SAlexander V. Chernikov};
0bce0c23SAlexander V. Chernikov
81cac390SArseny Smalyukstatic int ta_lookup_addr_radix(struct table_info *ti, void *key, uint32_t keylen,
9fe15d06SAlexander V. Chernikov    uint32_t *val);
81cac390SArseny Smalyukstatic int ta_init_addr_radix(struct ip_fw_chain *ch, void **ta_state,
9fe15d06SAlexander V. Chernikov    struct table_info *ti, char *data, uint8_t tflags);
9fe15d06SAlexander V. Chernikovstatic int flush_radix_entry(struct radix_node *rn, void *arg);
81cac390SArseny Smalyukstatic void ta_destroy_addr_radix(void *ta_state, struct table_info *ti);
81cac390SArseny Smalyukstatic void ta_dump_addr_radix_tinfo(void *ta_state, struct table_info *ti,
9fe15d06SAlexander V. Chernikov    ipfw_ta_tinfo *tinfo);
81cac390SArseny Smalyukstatic int ta_dump_addr_radix_tentry(void *ta_state, struct table_info *ti,
9fe15d06SAlexander V. Chernikov    void *e, ipfw_obj_tentry *tent);
81cac390SArseny Smalyukstatic int ta_find_addr_radix_tentry(void *ta_state, struct table_info *ti,
9fe15d06SAlexander V. Chernikov    ipfw_obj_tentry *tent);
81cac390SArseny Smalyukstatic void ta_foreach_addr_radix(void *ta_state, struct table_info *ti,
9fe15d06SAlexander V. Chernikov    ta_foreach_f *f, void *arg);
81cac390SArseny Smalyukstatic void tei_to_sockaddr_ent_addr(struct tentry_info *tei, struct sockaddr *sa,
9fe15d06SAlexander V. Chernikov    struct sockaddr *ma, int *set_mask);
81cac390SArseny Smalyukstatic int ta_prepare_add_addr_radix(struct ip_fw_chain *ch, struct tentry_info *tei,
9fe15d06SAlexander V. Chernikov    void *ta_buf);
81cac390SArseny Smalyukstatic int ta_add_addr_radix(void *ta_state, struct table_info *ti,
9fe15d06SAlexander V. Chernikov    struct tentry_info *tei, void *ta_buf, uint32_t *pnum);
81cac390SArseny Smalyukstatic int ta_prepare_del_addr_radix(struct ip_fw_chain *ch, struct tentry_info *tei,
9fe15d06SAlexander V. Chernikov    void *ta_buf);
81cac390SArseny Smalyukstatic int ta_del_addr_radix(void *ta_state, struct table_info *ti,
9fe15d06SAlexander V. Chernikov    struct tentry_info *tei, void *ta_buf, uint32_t *pnum);
9fe15d06SAlexander V. Chernikovstatic void ta_flush_radix_entry(struct ip_fw_chain *ch, struct tentry_info *tei,
9fe15d06SAlexander V. Chernikov    void *ta_buf);
9fe15d06SAlexander V. Chernikovstatic int ta_need_modify_radix(void *ta_state, struct table_info *ti,
9fe15d06SAlexander V. Chernikov    uint32_t count, uint64_t *pflags);
9fe15d06SAlexander V. Chernikov
9f7d47b0SAlexander V. Chernikovstatic int
81cac390SArseny Smalyukta_lookup_addr_radix(struct table_info *ti, void *key, uint32_t keylen,
9f7d47b0SAlexander V. Chernikov    uint32_t *val)
9f7d47b0SAlexander V. Chernikov{
9f7d47b0SAlexander V. Chernikov	struct radix_node_head *rnh;
9f7d47b0SAlexander V. Chernikov
9f7d47b0SAlexander V. Chernikov	if (keylen == sizeof(in_addr_t)) {
81cac390SArseny Smalyuk		struct addr_radix_entry *ent;
9f7d47b0SAlexander V. Chernikov		struct sockaddr_in sa;
9f7d47b0SAlexander V. Chernikov		KEY_LEN(sa) = KEY_LEN_INET;
9f7d47b0SAlexander V. Chernikov		sa.sin_addr.s_addr = *((in_addr_t *)key);
9f7d47b0SAlexander V. Chernikov		rnh = (struct radix_node_head *)ti->state;
81cac390SArseny Smalyuk		ent = (struct addr_radix_entry *)(rnh->rnh_matchaddr(&sa, &rnh->rh));
9f7d47b0SAlexander V. Chernikov		if (ent != NULL) {
9f7d47b0SAlexander V. Chernikov			*val = ent->value;
9f7d47b0SAlexander V. Chernikov			return (1);
9f7d47b0SAlexander V. Chernikov		}
81cac390SArseny Smalyuk	} else if (keylen == sizeof(struct in6_addr)) {
81cac390SArseny Smalyuk		struct addr_radix_xentry *xent;
e0a8b9eeSAlexander V. Chernikov		struct sa_in6 sa6;
9f7d47b0SAlexander V. Chernikov		KEY_LEN(sa6) = KEY_LEN_INET6;
9f7d47b0SAlexander V. Chernikov		memcpy(&sa6.sin6_addr, key, sizeof(struct in6_addr));
9f7d47b0SAlexander V. Chernikov		rnh = (struct radix_node_head *)ti->xstate;
81cac390SArseny Smalyuk		xent = (struct addr_radix_xentry *)(rnh->rnh_matchaddr(&sa6, &rnh->rh));
9f7d47b0SAlexander V. Chernikov		if (xent != NULL) {
9f7d47b0SAlexander V. Chernikov			*val = xent->value;
9f7d47b0SAlexander V. Chernikov			return (1);
9f7d47b0SAlexander V. Chernikov		}
9f7d47b0SAlexander V. Chernikov	}
9f7d47b0SAlexander V. Chernikov
9f7d47b0SAlexander V. Chernikov	return (0);
9f7d47b0SAlexander V. Chernikov}
9f7d47b0SAlexander V. Chernikov
9f7d47b0SAlexander V. Chernikov/*
9f7d47b0SAlexander V. Chernikov * New table
9f7d47b0SAlexander V. Chernikov */
9f7d47b0SAlexander V. Chernikovstatic int
81cac390SArseny Smalyukta_init_addr_radix(struct ip_fw_chain *ch, void **ta_state, struct table_info *ti,
914bffb6SAlexander V. Chernikov    char *data, uint8_t tflags)
9f7d47b0SAlexander V. Chernikov{
81cac390SArseny Smalyuk	struct addr_radix_cfg *cfg;
9f7d47b0SAlexander V. Chernikov
9f7d47b0SAlexander V. Chernikov	if (!rn_inithead(&ti->state, OFF_LEN_INET))
9f7d47b0SAlexander V. Chernikov		return (ENOMEM);
9f7d47b0SAlexander V. Chernikov	if (!rn_inithead(&ti->xstate, OFF_LEN_INET6)) {
9f7d47b0SAlexander V. Chernikov		rn_detachhead(&ti->state);
9f7d47b0SAlexander V. Chernikov		return (ENOMEM);
9f7d47b0SAlexander V. Chernikov	}
9f7d47b0SAlexander V. Chernikov
81cac390SArseny Smalyuk	cfg = malloc(sizeof(struct addr_radix_cfg), M_IPFW, M_WAITOK | M_ZERO);
5f379342SAlexander V. Chernikov
5f379342SAlexander V. Chernikov	*ta_state = cfg;
81cac390SArseny Smalyuk	ti->lookup = ta_lookup_addr_radix;
9f7d47b0SAlexander V. Chernikov
9f7d47b0SAlexander V. Chernikov	return (0);
9f7d47b0SAlexander V. Chernikov}
9f7d47b0SAlexander V. Chernikov
9f7d47b0SAlexander V. Chernikovstatic int
a399f8beSAlexander V. Chernikovflush_radix_entry(struct radix_node *rn, void *arg)
9f7d47b0SAlexander V. Chernikov{
9f7d47b0SAlexander V. Chernikov	struct radix_node_head * const rnh = arg;
81cac390SArseny Smalyuk	struct addr_radix_entry *ent;
9f7d47b0SAlexander V. Chernikov
81cac390SArseny Smalyuk	ent = (struct addr_radix_entry *)
61eee0e2SAlexander V. Chernikov	    rnh->rnh_deladdr(rn->rn_key, rn->rn_mask, &rnh->rh);
9f7d47b0SAlexander V. Chernikov	if (ent != NULL)
9f7d47b0SAlexander V. Chernikov		free(ent, M_IPFW_TBL);
9f7d47b0SAlexander V. Chernikov	return (0);
9f7d47b0SAlexander V. Chernikov}
9f7d47b0SAlexander V. Chernikov
9f7d47b0SAlexander V. Chernikovstatic void
81cac390SArseny Smalyukta_destroy_addr_radix(void *ta_state, struct table_info *ti)
9f7d47b0SAlexander V. Chernikov{
81cac390SArseny Smalyuk	struct addr_radix_cfg *cfg;
9f7d47b0SAlexander V. Chernikov	struct radix_node_head *rnh;
9f7d47b0SAlexander V. Chernikov
81cac390SArseny Smalyuk	cfg = (struct addr_radix_cfg *)ta_state;
5f379342SAlexander V. Chernikov
9f7d47b0SAlexander V. Chernikov	rnh = (struct radix_node_head *)(ti->state);
61eee0e2SAlexander V. Chernikov	rnh->rnh_walktree(&rnh->rh, flush_radix_entry, rnh);
9f7d47b0SAlexander V. Chernikov	rn_detachhead(&ti->state);
9f7d47b0SAlexander V. Chernikov
9f7d47b0SAlexander V. Chernikov	rnh = (struct radix_node_head *)(ti->xstate);
61eee0e2SAlexander V. Chernikov	rnh->rnh_walktree(&rnh->rh, flush_radix_entry, rnh);
9f7d47b0SAlexander V. Chernikov	rn_detachhead(&ti->xstate);
5f379342SAlexander V. Chernikov
5f379342SAlexander V. Chernikov	free(cfg, M_IPFW);
5f379342SAlexander V. Chernikov}
5f379342SAlexander V. Chernikov
5f379342SAlexander V. Chernikov/*
5f379342SAlexander V. Chernikov * Provide algo-specific table info
5f379342SAlexander V. Chernikov */
5f379342SAlexander V. Chernikovstatic void
81cac390SArseny Smalyukta_dump_addr_radix_tinfo(void *ta_state, struct table_info *ti, ipfw_ta_tinfo *tinfo)
5f379342SAlexander V. Chernikov{
81cac390SArseny Smalyuk	struct addr_radix_cfg *cfg;
5f379342SAlexander V. Chernikov
81cac390SArseny Smalyuk	cfg = (struct addr_radix_cfg *)ta_state;
5f379342SAlexander V. Chernikov
5f379342SAlexander V. Chernikov	tinfo->flags = IPFW_TATFLAGS_AFDATA | IPFW_TATFLAGS_AFITEM;
5f379342SAlexander V. Chernikov	tinfo->taclass4 = IPFW_TACLASS_RADIX;
5f379342SAlexander V. Chernikov	tinfo->count4 = cfg->count4;
81cac390SArseny Smalyuk	tinfo->itemsize4 = sizeof(struct addr_radix_entry);
5f379342SAlexander V. Chernikov	tinfo->taclass6 = IPFW_TACLASS_RADIX;
5f379342SAlexander V. Chernikov	tinfo->count6 = cfg->count6;
81cac390SArseny Smalyuk	tinfo->itemsize6 = sizeof(struct addr_radix_xentry);
9f7d47b0SAlexander V. Chernikov}
9f7d47b0SAlexander V. Chernikov
9f7d47b0SAlexander V. Chernikovstatic int
81cac390SArseny Smalyukta_dump_addr_radix_tentry(void *ta_state, struct table_info *ti, void *e,
81d3153dSAlexander V. Chernikov    ipfw_obj_tentry *tent)
9f7d47b0SAlexander V. Chernikov{
81cac390SArseny Smalyuk	struct addr_radix_entry *n;
9fe15d06SAlexander V. Chernikov#ifdef INET6
81cac390SArseny Smalyuk	struct addr_radix_xentry *xn;
9fe15d06SAlexander V. Chernikov#endif
9f7d47b0SAlexander V. Chernikov
81cac390SArseny Smalyuk	n = (struct addr_radix_entry *)e;
9f7d47b0SAlexander V. Chernikov
9f7d47b0SAlexander V. Chernikov	/* Guess IPv4/IPv6 radix by sockaddr family */
9f7d47b0SAlexander V. Chernikov	if (n->addr.sin_family == AF_INET) {
81d3153dSAlexander V. Chernikov		tent->k.addr.s_addr = n->addr.sin_addr.s_addr;
e0a8b9eeSAlexander V. Chernikov		tent->masklen = n->masklen;
81d3153dSAlexander V. Chernikov		tent->subtype = AF_INET;
0cba2b28SAlexander V. Chernikov		tent->v.kidx = n->value;
9f7d47b0SAlexander V. Chernikov#ifdef INET6
9f7d47b0SAlexander V. Chernikov	} else {
81cac390SArseny Smalyuk		xn = (struct addr_radix_xentry *)e;
ba3e1361SAndrey V. Elsukov		memcpy(&tent->k.addr6, &xn->addr6.sin6_addr,
ba3e1361SAndrey V. Elsukov		    sizeof(struct in6_addr));
e0a8b9eeSAlexander V. Chernikov		tent->masklen = xn->masklen;
81d3153dSAlexander V. Chernikov		tent->subtype = AF_INET6;
0cba2b28SAlexander V. Chernikov		tent->v.kidx = xn->value;
9f7d47b0SAlexander V. Chernikov#endif
9f7d47b0SAlexander V. Chernikov	}
9f7d47b0SAlexander V. Chernikov
9f7d47b0SAlexander V. Chernikov	return (0);
9f7d47b0SAlexander V. Chernikov}
9f7d47b0SAlexander V. Chernikov
81d3153dSAlexander V. Chernikovstatic int
81cac390SArseny Smalyukta_find_addr_radix_tentry(void *ta_state, struct table_info *ti,
914bffb6SAlexander V. Chernikov    ipfw_obj_tentry *tent)
81d3153dSAlexander V. Chernikov{
81d3153dSAlexander V. Chernikov	struct radix_node_head *rnh;
81d3153dSAlexander V. Chernikov	void *e;
81d3153dSAlexander V. Chernikov
81d3153dSAlexander V. Chernikov	e = NULL;
914bffb6SAlexander V. Chernikov	if (tent->subtype == AF_INET) {
81d3153dSAlexander V. Chernikov		struct sockaddr_in sa;
81d3153dSAlexander V. Chernikov		KEY_LEN(sa) = KEY_LEN_INET;
914bffb6SAlexander V. Chernikov		sa.sin_addr.s_addr = tent->k.addr.s_addr;
81d3153dSAlexander V. Chernikov		rnh = (struct radix_node_head *)ti->state;
61eee0e2SAlexander V. Chernikov		e = rnh->rnh_matchaddr(&sa, &rnh->rh);
81cac390SArseny Smalyuk	} else if (tent->subtype == AF_INET6) {
e0a8b9eeSAlexander V. Chernikov		struct sa_in6 sa6;
81d3153dSAlexander V. Chernikov		KEY_LEN(sa6) = KEY_LEN_INET6;
914bffb6SAlexander V. Chernikov		memcpy(&sa6.sin6_addr, &tent->k.addr6, sizeof(struct in6_addr));
81d3153dSAlexander V. Chernikov		rnh = (struct radix_node_head *)ti->xstate;
61eee0e2SAlexander V. Chernikov		e = rnh->rnh_matchaddr(&sa6, &rnh->rh);
81d3153dSAlexander V. Chernikov	}
81d3153dSAlexander V. Chernikov
81d3153dSAlexander V. Chernikov	if (e != NULL) {
81cac390SArseny Smalyuk		ta_dump_addr_radix_tentry(ta_state, ti, e, tent);
81d3153dSAlexander V. Chernikov		return (0);
81d3153dSAlexander V. Chernikov	}
81d3153dSAlexander V. Chernikov
81d3153dSAlexander V. Chernikov	return (ENOENT);
81d3153dSAlexander V. Chernikov}
81d3153dSAlexander V. Chernikov
9f7d47b0SAlexander V. Chernikovstatic void
81cac390SArseny Smalyukta_foreach_addr_radix(void *ta_state, struct table_info *ti, ta_foreach_f *f,
9f7d47b0SAlexander V. Chernikov    void *arg)
9f7d47b0SAlexander V. Chernikov{
9f7d47b0SAlexander V. Chernikov	struct radix_node_head *rnh;
9f7d47b0SAlexander V. Chernikov
9f7d47b0SAlexander V. Chernikov	rnh = (struct radix_node_head *)(ti->state);
61eee0e2SAlexander V. Chernikov	rnh->rnh_walktree(&rnh->rh, (walktree_f_t *)f, arg);
9f7d47b0SAlexander V. Chernikov
9f7d47b0SAlexander V. Chernikov	rnh = (struct radix_node_head *)(ti->xstate);
61eee0e2SAlexander V. Chernikov	rnh->rnh_walktree(&rnh->rh, (walktree_f_t *)f, arg);
9f7d47b0SAlexander V. Chernikov}
9f7d47b0SAlexander V. Chernikov
9f7d47b0SAlexander V. Chernikov#ifdef INET6
d699ee2dSAlexander V. Chernikovstatic inline void ipv6_writemask(struct in6_addr *addr6, uint8_t mask);
d699ee2dSAlexander V. Chernikov
9f7d47b0SAlexander V. Chernikovstatic inline void
9f7d47b0SAlexander V. Chernikovipv6_writemask(struct in6_addr *addr6, uint8_t mask)
9f7d47b0SAlexander V. Chernikov{
9f7d47b0SAlexander V. Chernikov	uint32_t *cp;
9f7d47b0SAlexander V. Chernikov
9f7d47b0SAlexander V. Chernikov	for (cp = (uint32_t *)addr6; mask >= 32; mask -= 32)
9f7d47b0SAlexander V. Chernikov		*cp++ = 0xFFFFFFFF;
37aefa2aSAlexander V. Chernikov	if (mask > 0)
9f7d47b0SAlexander V. Chernikov		*cp = htonl(mask ? ~((1 << (32 - mask)) - 1) : 0);
9f7d47b0SAlexander V. Chernikov}
9f7d47b0SAlexander V. Chernikov#endif
9f7d47b0SAlexander V. Chernikov
2e324d29SAlexander V. Chernikovstatic void
81cac390SArseny Smalyuktei_to_sockaddr_ent_addr(struct tentry_info *tei, struct sockaddr *sa,
2e324d29SAlexander V. Chernikov    struct sockaddr *ma, int *set_mask)
2e324d29SAlexander V. Chernikov{
2e324d29SAlexander V. Chernikov	int mlen;
9fe15d06SAlexander V. Chernikov#ifdef INET
2e324d29SAlexander V. Chernikov	struct sockaddr_in *addr, *mask;
9fe15d06SAlexander V. Chernikov#endif
9fe15d06SAlexander V. Chernikov#ifdef INET6
720ee730SAlexander V. Chernikov	struct sa_in6 *addr6, *mask6;
9fe15d06SAlexander V. Chernikov#endif
2e324d29SAlexander V. Chernikov	in_addr_t a4;
2e324d29SAlexander V. Chernikov
2e324d29SAlexander V. Chernikov	mlen = tei->masklen;
2e324d29SAlexander V. Chernikov
2e324d29SAlexander V. Chernikov	if (tei->subtype == AF_INET) {
2e324d29SAlexander V. Chernikov#ifdef INET
2e324d29SAlexander V. Chernikov		addr = (struct sockaddr_in *)sa;
2e324d29SAlexander V. Chernikov		mask = (struct sockaddr_in *)ma;
2e324d29SAlexander V. Chernikov		/* Set 'total' structure length */
2e324d29SAlexander V. Chernikov		KEY_LEN(*addr) = KEY_LEN_INET;
2e324d29SAlexander V. Chernikov		KEY_LEN(*mask) = KEY_LEN_INET;
2e324d29SAlexander V. Chernikov		addr->sin_family = AF_INET;
2e324d29SAlexander V. Chernikov		mask->sin_addr.s_addr =
2e324d29SAlexander V. Chernikov		    htonl(mlen ? ~((1 << (32 - mlen)) - 1) : 0);
2e324d29SAlexander V. Chernikov		a4 = *((in_addr_t *)tei->paddr);
2e324d29SAlexander V. Chernikov		addr->sin_addr.s_addr = a4 & mask->sin_addr.s_addr;
2e324d29SAlexander V. Chernikov		if (mlen != 32)
2e324d29SAlexander V. Chernikov			*set_mask = 1;
2e324d29SAlexander V. Chernikov		else
2e324d29SAlexander V. Chernikov			*set_mask = 0;
2e324d29SAlexander V. Chernikov#endif
2e324d29SAlexander V. Chernikov#ifdef INET6
2e324d29SAlexander V. Chernikov	} else if (tei->subtype == AF_INET6) {
2e324d29SAlexander V. Chernikov		/* IPv6 case */
720ee730SAlexander V. Chernikov		addr6 = (struct sa_in6 *)sa;
720ee730SAlexander V. Chernikov		mask6 = (struct sa_in6 *)ma;
2e324d29SAlexander V. Chernikov		/* Set 'total' structure length */
2e324d29SAlexander V. Chernikov		KEY_LEN(*addr6) = KEY_LEN_INET6;
2e324d29SAlexander V. Chernikov		KEY_LEN(*mask6) = KEY_LEN_INET6;
2e324d29SAlexander V. Chernikov		addr6->sin6_family = AF_INET6;
2e324d29SAlexander V. Chernikov		ipv6_writemask(&mask6->sin6_addr, mlen);
2e324d29SAlexander V. Chernikov		memcpy(&addr6->sin6_addr, tei->paddr, sizeof(struct in6_addr));
2e324d29SAlexander V. Chernikov		APPLY_MASK(&addr6->sin6_addr, &mask6->sin6_addr);
2e324d29SAlexander V. Chernikov		if (mlen != 128)
2e324d29SAlexander V. Chernikov			*set_mask = 1;
2e324d29SAlexander V. Chernikov		else
2e324d29SAlexander V. Chernikov			*set_mask = 0;
2e324d29SAlexander V. Chernikov#endif
2e324d29SAlexander V. Chernikov	}
d699ee2dSAlexander V. Chernikov}
9f7d47b0SAlexander V. Chernikov
9f7d47b0SAlexander V. Chernikovstatic int
81cac390SArseny Smalyukta_prepare_add_addr_radix(struct ip_fw_chain *ch, struct tentry_info *tei,
68394ec8SAlexander V. Chernikov    void *ta_buf)
9f7d47b0SAlexander V. Chernikov{
c21034b7SAlexander V. Chernikov	struct ta_buf_radix *tb;
81cac390SArseny Smalyuk	struct addr_radix_entry *ent;
d699ee2dSAlexander V. Chernikov#ifdef INET6
81cac390SArseny Smalyuk	struct addr_radix_xentry *xent;
d699ee2dSAlexander V. Chernikov#endif
2e324d29SAlexander V. Chernikov	struct sockaddr *addr, *mask;
2e324d29SAlexander V. Chernikov	int mlen, set_mask;
9f7d47b0SAlexander V. Chernikov
c21034b7SAlexander V. Chernikov	tb = (struct ta_buf_radix *)ta_buf;
9f7d47b0SAlexander V. Chernikov
9f7d47b0SAlexander V. Chernikov	mlen = tei->masklen;
2e324d29SAlexander V. Chernikov	set_mask = 0;
9f7d47b0SAlexander V. Chernikov
ac35ff17SAlexander V. Chernikov	if (tei->subtype == AF_INET) {
9f7d47b0SAlexander V. Chernikov#ifdef INET
9f7d47b0SAlexander V. Chernikov		if (mlen > 32)
9f7d47b0SAlexander V. Chernikov			return (EINVAL);
9f7d47b0SAlexander V. Chernikov		ent = malloc(sizeof(*ent), M_IPFW_TBL, M_WAITOK | M_ZERO);
e0a8b9eeSAlexander V. Chernikov		ent->masklen = mlen;
2e324d29SAlexander V. Chernikov
2e324d29SAlexander V. Chernikov		addr = (struct sockaddr *)&ent->addr;
2e324d29SAlexander V. Chernikov		mask = (struct sockaddr *)&tb->addr.a4.ma;
9f7d47b0SAlexander V. Chernikov		tb->ent_ptr = ent;
9f7d47b0SAlexander V. Chernikov#endif
9f7d47b0SAlexander V. Chernikov#ifdef INET6
ac35ff17SAlexander V. Chernikov	} else if (tei->subtype == AF_INET6) {
9f7d47b0SAlexander V. Chernikov		/* IPv6 case */
9f7d47b0SAlexander V. Chernikov		if (mlen > 128)
9f7d47b0SAlexander V. Chernikov			return (EINVAL);
9f7d47b0SAlexander V. Chernikov		xent = malloc(sizeof(*xent), M_IPFW_TBL, M_WAITOK | M_ZERO);
e0a8b9eeSAlexander V. Chernikov		xent->masklen = mlen;
2e324d29SAlexander V. Chernikov
2e324d29SAlexander V. Chernikov		addr = (struct sockaddr *)&xent->addr6;
2e324d29SAlexander V. Chernikov		mask = (struct sockaddr *)&tb->addr.a6.ma;
9f7d47b0SAlexander V. Chernikov		tb->ent_ptr = xent;
9f7d47b0SAlexander V. Chernikov#endif
9f7d47b0SAlexander V. Chernikov	} else {
9f7d47b0SAlexander V. Chernikov		/* Unknown CIDR type */
9f7d47b0SAlexander V. Chernikov		return (EINVAL);
9f7d47b0SAlexander V. Chernikov	}
9f7d47b0SAlexander V. Chernikov
81cac390SArseny Smalyuk	tei_to_sockaddr_ent_addr(tei, addr, mask, &set_mask);
2e324d29SAlexander V. Chernikov	/* Set pointers */
2e324d29SAlexander V. Chernikov	tb->addr_ptr = addr;
2e324d29SAlexander V. Chernikov	if (set_mask != 0)
2e324d29SAlexander V. Chernikov		tb->mask_ptr = mask;
2e324d29SAlexander V. Chernikov
9f7d47b0SAlexander V. Chernikov	return (0);
9f7d47b0SAlexander V. Chernikov}
9f7d47b0SAlexander V. Chernikov
9f7d47b0SAlexander V. Chernikovstatic int
81cac390SArseny Smalyukta_add_addr_radix(void *ta_state, struct table_info *ti, struct tentry_info *tei,
b6ee846eSAlexander V. Chernikov    void *ta_buf, uint32_t *pnum)
9f7d47b0SAlexander V. Chernikov{
81cac390SArseny Smalyuk	struct addr_radix_cfg *cfg;
9f7d47b0SAlexander V. Chernikov	struct radix_node_head *rnh;
9f7d47b0SAlexander V. Chernikov	struct radix_node *rn;
c21034b7SAlexander V. Chernikov	struct ta_buf_radix *tb;
648e8380SAlexander V. Chernikov	uint32_t *old_value, value;
9f7d47b0SAlexander V. Chernikov
81cac390SArseny Smalyuk	cfg = (struct addr_radix_cfg *)ta_state;
c21034b7SAlexander V. Chernikov	tb = (struct ta_buf_radix *)ta_buf;
9f7d47b0SAlexander V. Chernikov
13263632SAlexander V. Chernikov	/* Save current entry value from @tei */
13263632SAlexander V. Chernikov	if (tei->subtype == AF_INET) {
9f7d47b0SAlexander V. Chernikov		rnh = ti->state;
81cac390SArseny Smalyuk		((struct addr_radix_entry *)tb->ent_ptr)->value = tei->value;
13263632SAlexander V. Chernikov	} else {
9f7d47b0SAlexander V. Chernikov		rnh = ti->xstate;
81cac390SArseny Smalyuk		((struct addr_radix_xentry *)tb->ent_ptr)->value = tei->value;
13263632SAlexander V. Chernikov	}
9f7d47b0SAlexander V. Chernikov
4c0c07a5SAlexander V. Chernikov	/* Search for an entry first */
61eee0e2SAlexander V. Chernikov	rn = rnh->rnh_lookup(tb->addr_ptr, tb->mask_ptr, &rnh->rh);
4c0c07a5SAlexander V. Chernikov	if (rn != NULL) {
ac35ff17SAlexander V. Chernikov		if ((tei->flags & TEI_FLAGS_UPDATE) == 0)
9f7d47b0SAlexander V. Chernikov			return (EEXIST);
ac35ff17SAlexander V. Chernikov		/* Record already exists. Update value if we're asked to */
648e8380SAlexander V. Chernikov		if (tei->subtype == AF_INET)
81cac390SArseny Smalyuk			old_value = &((struct addr_radix_entry *)rn)->value;
648e8380SAlexander V. Chernikov		else
81cac390SArseny Smalyuk			old_value = &((struct addr_radix_xentry *)rn)->value;
648e8380SAlexander V. Chernikov
648e8380SAlexander V. Chernikov		value = *old_value;
648e8380SAlexander V. Chernikov		*old_value = tei->value;
648e8380SAlexander V. Chernikov		tei->value = value;
ac35ff17SAlexander V. Chernikov
ac35ff17SAlexander V. Chernikov		/* Indicate that update has happened instead of addition */
ac35ff17SAlexander V. Chernikov		tei->flags |= TEI_FLAGS_UPDATED;
adea6201SAlexander V. Chernikov		*pnum = 0;
e0a8b9eeSAlexander V. Chernikov
e0a8b9eeSAlexander V. Chernikov		return (0);
ac35ff17SAlexander V. Chernikov	}
ac35ff17SAlexander V. Chernikov
4c0c07a5SAlexander V. Chernikov	if ((tei->flags & TEI_FLAGS_DONTADD) != 0)
4c0c07a5SAlexander V. Chernikov		return (EFBIG);
4c0c07a5SAlexander V. Chernikov
61eee0e2SAlexander V. Chernikov	rn = rnh->rnh_addaddr(tb->addr_ptr, tb->mask_ptr, &rnh->rh,tb->ent_ptr);
4c0c07a5SAlexander V. Chernikov	if (rn == NULL) {
4c0c07a5SAlexander V. Chernikov		/* Unknown error */
4c0c07a5SAlexander V. Chernikov		return (EINVAL);
4c0c07a5SAlexander V. Chernikov	}
4c0c07a5SAlexander V. Chernikov
5f379342SAlexander V. Chernikov	if (tei->subtype == AF_INET)
5f379342SAlexander V. Chernikov		cfg->count4++;
5f379342SAlexander V. Chernikov	else
5f379342SAlexander V. Chernikov		cfg->count6++;
ac35ff17SAlexander V. Chernikov	tb->ent_ptr = NULL;
adea6201SAlexander V. Chernikov	*pnum = 1;
9f7d47b0SAlexander V. Chernikov
9f7d47b0SAlexander V. Chernikov	return (0);
9f7d47b0SAlexander V. Chernikov}
9f7d47b0SAlexander V. Chernikov
9f7d47b0SAlexander V. Chernikovstatic int
81cac390SArseny Smalyukta_prepare_del_addr_radix(struct ip_fw_chain *ch, struct tentry_info *tei,
68394ec8SAlexander V. Chernikov    void *ta_buf)
9f7d47b0SAlexander V. Chernikov{
c21034b7SAlexander V. Chernikov	struct ta_buf_radix *tb;
2e324d29SAlexander V. Chernikov	struct sockaddr *addr, *mask;
2e324d29SAlexander V. Chernikov	int mlen, set_mask;
9f7d47b0SAlexander V. Chernikov
c21034b7SAlexander V. Chernikov	tb = (struct ta_buf_radix *)ta_buf;
9f7d47b0SAlexander V. Chernikov
9f7d47b0SAlexander V. Chernikov	mlen = tei->masklen;
2e324d29SAlexander V. Chernikov	set_mask = 0;
9f7d47b0SAlexander V. Chernikov
ac35ff17SAlexander V. Chernikov	if (tei->subtype == AF_INET) {
e0a8b9eeSAlexander V. Chernikov		if (mlen > 32)
e0a8b9eeSAlexander V. Chernikov			return (EINVAL);
2e324d29SAlexander V. Chernikov
2e324d29SAlexander V. Chernikov		addr = (struct sockaddr *)&tb->addr.a4.sa;
2e324d29SAlexander V. Chernikov		mask = (struct sockaddr *)&tb->addr.a4.ma;
9f7d47b0SAlexander V. Chernikov#ifdef INET6
ac35ff17SAlexander V. Chernikov	} else if (tei->subtype == AF_INET6) {
9f7d47b0SAlexander V. Chernikov		if (mlen > 128)
9f7d47b0SAlexander V. Chernikov			return (EINVAL);
2e324d29SAlexander V. Chernikov
2e324d29SAlexander V. Chernikov		addr = (struct sockaddr *)&tb->addr.a6.sa;
2e324d29SAlexander V. Chernikov		mask = (struct sockaddr *)&tb->addr.a6.ma;
9f7d47b0SAlexander V. Chernikov#endif
9f7d47b0SAlexander V. Chernikov	} else
9f7d47b0SAlexander V. Chernikov		return (EINVAL);
9f7d47b0SAlexander V. Chernikov
81cac390SArseny Smalyuk	tei_to_sockaddr_ent_addr(tei, addr, mask, &set_mask);
2e324d29SAlexander V. Chernikov	tb->addr_ptr = addr;
2e324d29SAlexander V. Chernikov	if (set_mask != 0)
2e324d29SAlexander V. Chernikov		tb->mask_ptr = mask;
2e324d29SAlexander V. Chernikov
9f7d47b0SAlexander V. Chernikov	return (0);
9f7d47b0SAlexander V. Chernikov}
9f7d47b0SAlexander V. Chernikov
9f7d47b0SAlexander V. Chernikovstatic int
81cac390SArseny Smalyukta_del_addr_radix(void *ta_state, struct table_info *ti, struct tentry_info *tei,
b6ee846eSAlexander V. Chernikov    void *ta_buf, uint32_t *pnum)
9f7d47b0SAlexander V. Chernikov{
81cac390SArseny Smalyuk	struct addr_radix_cfg *cfg;
9f7d47b0SAlexander V. Chernikov	struct radix_node_head *rnh;
9f7d47b0SAlexander V. Chernikov	struct radix_node *rn;
c21034b7SAlexander V. Chernikov	struct ta_buf_radix *tb;
9f7d47b0SAlexander V. Chernikov
81cac390SArseny Smalyuk	cfg = (struct addr_radix_cfg *)ta_state;
c21034b7SAlexander V. Chernikov	tb = (struct ta_buf_radix *)ta_buf;
9f7d47b0SAlexander V. Chernikov
ac35ff17SAlexander V. Chernikov	if (tei->subtype == AF_INET)
9f7d47b0SAlexander V. Chernikov		rnh = ti->state;
9f7d47b0SAlexander V. Chernikov	else
9f7d47b0SAlexander V. Chernikov		rnh = ti->xstate;
9f7d47b0SAlexander V. Chernikov
61eee0e2SAlexander V. Chernikov	rn = rnh->rnh_deladdr(tb->addr_ptr, tb->mask_ptr, &rnh->rh);
9f7d47b0SAlexander V. Chernikov
3a845e10SAlexander V. Chernikov	if (rn == NULL)
3a845e10SAlexander V. Chernikov		return (ENOENT);
3a845e10SAlexander V. Chernikov
648e8380SAlexander V. Chernikov	/* Save entry value to @tei */
648e8380SAlexander V. Chernikov	if (tei->subtype == AF_INET)
81cac390SArseny Smalyuk		tei->value = ((struct addr_radix_entry *)rn)->value;
648e8380SAlexander V. Chernikov	else
81cac390SArseny Smalyuk		tei->value = ((struct addr_radix_xentry *)rn)->value;
648e8380SAlexander V. Chernikov
9f7d47b0SAlexander V. Chernikov	tb->ent_ptr = rn;
9f7d47b0SAlexander V. Chernikov
5f379342SAlexander V. Chernikov	if (tei->subtype == AF_INET)
5f379342SAlexander V. Chernikov		cfg->count4--;
5f379342SAlexander V. Chernikov	else
5f379342SAlexander V. Chernikov		cfg->count6--;
adea6201SAlexander V. Chernikov	*pnum = 1;
adea6201SAlexander V. Chernikov
9f7d47b0SAlexander V. Chernikov	return (0);
9f7d47b0SAlexander V. Chernikov}
9f7d47b0SAlexander V. Chernikov
9f7d47b0SAlexander V. Chernikovstatic void
a399f8beSAlexander V. Chernikovta_flush_radix_entry(struct ip_fw_chain *ch, struct tentry_info *tei,
68394ec8SAlexander V. Chernikov    void *ta_buf)
9f7d47b0SAlexander V. Chernikov{
c21034b7SAlexander V. Chernikov	struct ta_buf_radix *tb;
9f7d47b0SAlexander V. Chernikov
c21034b7SAlexander V. Chernikov	tb = (struct ta_buf_radix *)ta_buf;
9f7d47b0SAlexander V. Chernikov
ac35ff17SAlexander V. Chernikov	if (tb->ent_ptr != NULL)
9f7d47b0SAlexander V. Chernikov		free(tb->ent_ptr, M_IPFW_TBL);
9f7d47b0SAlexander V. Chernikov}
9f7d47b0SAlexander V. Chernikov
b6ee846eSAlexander V. Chernikovstatic int
301290bcSAlexander V. Chernikovta_need_modify_radix(void *ta_state, struct table_info *ti, uint32_t count,
b6ee846eSAlexander V. Chernikov    uint64_t *pflags)
b6ee846eSAlexander V. Chernikov{
b6ee846eSAlexander V. Chernikov
b6ee846eSAlexander V. Chernikov	/*
0bce0c23SAlexander V. Chernikov	 * radix does not require additional memory allocations
b6ee846eSAlexander V. Chernikov	 * other than nodes itself. Adding new masks to the tree do
b6ee846eSAlexander V. Chernikov	 * but we don't have any API to call (and we don't known which
b6ee846eSAlexander V. Chernikov	 * sizes do we need).
b6ee846eSAlexander V. Chernikov	 */
301290bcSAlexander V. Chernikov	return (0);
b6ee846eSAlexander V. Chernikov}
b6ee846eSAlexander V. Chernikov
c21034b7SAlexander V. Chernikovstruct table_algo addr_radix = {
c21034b7SAlexander V. Chernikov	.name		= "addr:radix",
c21034b7SAlexander V. Chernikov	.type		= IPFW_TABLE_ADDR,
57a1cf95SAlexander V. Chernikov	.flags		= TA_FLAG_DEFAULT,
c21034b7SAlexander V. Chernikov	.ta_buf_size	= sizeof(struct ta_buf_radix),
81cac390SArseny Smalyuk	.init		= ta_init_addr_radix,
81cac390SArseny Smalyuk	.destroy	= ta_destroy_addr_radix,
81cac390SArseny Smalyuk	.prepare_add	= ta_prepare_add_addr_radix,
81cac390SArseny Smalyuk	.prepare_del	= ta_prepare_del_addr_radix,
81cac390SArseny Smalyuk	.add		= ta_add_addr_radix,
81cac390SArseny Smalyuk	.del		= ta_del_addr_radix,
a399f8beSAlexander V. Chernikov	.flush_entry	= ta_flush_radix_entry,
81cac390SArseny Smalyuk	.foreach	= ta_foreach_addr_radix,
81cac390SArseny Smalyuk	.dump_tentry	= ta_dump_addr_radix_tentry,
81cac390SArseny Smalyuk	.find_tentry	= ta_find_addr_radix_tentry,
81cac390SArseny Smalyuk	.dump_tinfo	= ta_dump_addr_radix_tinfo,
301290bcSAlexander V. Chernikov	.need_modify	= ta_need_modify_radix,
9f7d47b0SAlexander V. Chernikov};
9f7d47b0SAlexander V. Chernikov
9f7d47b0SAlexander V. Chernikov/*
c21034b7SAlexander V. Chernikov * addr:hash cmds
74b941f0SAlexander V. Chernikov *
74b941f0SAlexander V. Chernikov *
74b941f0SAlexander V. Chernikov * ti->data:
74b941f0SAlexander V. Chernikov * [inv.mask4][inv.mask6][log2hsize4][log2hsize6]
74b941f0SAlexander V. Chernikov * [        8][        8[          8][         8]
74b941f0SAlexander V. Chernikov *
74b941f0SAlexander V. Chernikov * inv.mask4: 32 - mask
74b941f0SAlexander V. Chernikov * inv.mask6:
74b941f0SAlexander V. Chernikov * 1) _slow lookup: mask
74b941f0SAlexander V. Chernikov * 2) _aligned: (128 - mask) / 8
74b941f0SAlexander V. Chernikov * 3) _64: 8
ce2817b5SAlexander V. Chernikov *
ce2817b5SAlexander V. Chernikov *
ce2817b5SAlexander V. Chernikov * pflags:
ce2817b5SAlexander V. Chernikov * [v4=1/v6=0][hsize]
ce2817b5SAlexander V. Chernikov * [       32][   32]
74b941f0SAlexander V. Chernikov */
74b941f0SAlexander V. Chernikov
74b941f0SAlexander V. Chernikovstruct chashentry;
74b941f0SAlexander V. Chernikov
74b941f0SAlexander V. ChernikovSLIST_HEAD(chashbhead, chashentry);
74b941f0SAlexander V. Chernikov
74b941f0SAlexander V. Chernikovstruct chash_cfg {
74b941f0SAlexander V. Chernikov	struct chashbhead *head4;
74b941f0SAlexander V. Chernikov	struct chashbhead *head6;
74b941f0SAlexander V. Chernikov	size_t	size4;
74b941f0SAlexander V. Chernikov	size_t	size6;
ce2817b5SAlexander V. Chernikov	size_t	items4;
ce2817b5SAlexander V. Chernikov	size_t	items6;
74b941f0SAlexander V. Chernikov	uint8_t	mask4;
74b941f0SAlexander V. Chernikov	uint8_t	mask6;
74b941f0SAlexander V. Chernikov};
74b941f0SAlexander V. Chernikov
74b941f0SAlexander V. Chernikovstruct chashentry {
74b941f0SAlexander V. Chernikov	SLIST_ENTRY(chashentry)	next;
74b941f0SAlexander V. Chernikov	uint32_t	value;
74b941f0SAlexander V. Chernikov	uint32_t	type;
74b941f0SAlexander V. Chernikov	union {
74b941f0SAlexander V. Chernikov		uint32_t	a4;	/* Host format */
74b941f0SAlexander V. Chernikov		struct in6_addr	a6;	/* Network format */
74b941f0SAlexander V. Chernikov	} a;
74b941f0SAlexander V. Chernikov};
74b941f0SAlexander V. Chernikov
0bce0c23SAlexander V. Chernikovstruct ta_buf_chash
0bce0c23SAlexander V. Chernikov{
0bce0c23SAlexander V. Chernikov	void *ent_ptr;
0bce0c23SAlexander V. Chernikov	struct chashentry ent;
0bce0c23SAlexander V. Chernikov};
0bce0c23SAlexander V. Chernikov
d699ee2dSAlexander V. Chernikov#ifdef INET
9fe15d06SAlexander V. Chernikovstatic __inline uint32_t hash_ip(uint32_t addr, int hsize);
d699ee2dSAlexander V. Chernikov#endif
d699ee2dSAlexander V. Chernikov#ifdef INET6
9fe15d06SAlexander V. Chernikovstatic __inline uint32_t hash_ip6(struct in6_addr *addr6, int hsize);
9fe15d06SAlexander V. Chernikovstatic __inline uint16_t hash_ip64(struct in6_addr *addr6, int hsize);
9fe15d06SAlexander V. Chernikovstatic __inline uint32_t hash_ip6_slow(struct in6_addr *addr6, void *key,
9fe15d06SAlexander V. Chernikov    int mask, int hsize);
9fe15d06SAlexander V. Chernikovstatic __inline uint32_t hash_ip6_al(struct in6_addr *addr6, void *key, int mask,
9fe15d06SAlexander V. Chernikov    int hsize);
d699ee2dSAlexander V. Chernikov#endif
9fe15d06SAlexander V. Chernikovstatic int ta_lookup_chash_slow(struct table_info *ti, void *key, uint32_t keylen,
9fe15d06SAlexander V. Chernikov    uint32_t *val);
9fe15d06SAlexander V. Chernikovstatic int ta_lookup_chash_aligned(struct table_info *ti, void *key,
9fe15d06SAlexander V. Chernikov    uint32_t keylen, uint32_t *val);
9fe15d06SAlexander V. Chernikovstatic int ta_lookup_chash_64(struct table_info *ti, void *key, uint32_t keylen,
9fe15d06SAlexander V. Chernikov    uint32_t *val);
9fe15d06SAlexander V. Chernikovstatic int chash_parse_opts(struct chash_cfg *cfg, char *data);
9fe15d06SAlexander V. Chernikovstatic void ta_print_chash_config(void *ta_state, struct table_info *ti,
9fe15d06SAlexander V. Chernikov    char *buf, size_t bufsize);
9e3a53fdSAlexander V. Chernikovstatic int ta_log2(uint32_t v);
9fe15d06SAlexander V. Chernikovstatic int ta_init_chash(struct ip_fw_chain *ch, void **ta_state,
9fe15d06SAlexander V. Chernikov    struct table_info *ti, char *data, uint8_t tflags);
9fe15d06SAlexander V. Chernikovstatic void ta_destroy_chash(void *ta_state, struct table_info *ti);
9fe15d06SAlexander V. Chernikovstatic void ta_dump_chash_tinfo(void *ta_state, struct table_info *ti,
9fe15d06SAlexander V. Chernikov    ipfw_ta_tinfo *tinfo);
9fe15d06SAlexander V. Chernikovstatic int ta_dump_chash_tentry(void *ta_state, struct table_info *ti,
9fe15d06SAlexander V. Chernikov    void *e, ipfw_obj_tentry *tent);
9fe15d06SAlexander V. Chernikovstatic uint32_t hash_ent(struct chashentry *ent, int af, int mlen,
9fe15d06SAlexander V. Chernikov    uint32_t size);
9fe15d06SAlexander V. Chernikovstatic int tei_to_chash_ent(struct tentry_info *tei, struct chashentry *ent);
9fe15d06SAlexander V. Chernikovstatic int ta_find_chash_tentry(void *ta_state, struct table_info *ti,
9fe15d06SAlexander V. Chernikov    ipfw_obj_tentry *tent);
9fe15d06SAlexander V. Chernikovstatic void ta_foreach_chash(void *ta_state, struct table_info *ti,
9fe15d06SAlexander V. Chernikov    ta_foreach_f *f, void *arg);
9fe15d06SAlexander V. Chernikovstatic int ta_prepare_add_chash(struct ip_fw_chain *ch, struct tentry_info *tei,
9fe15d06SAlexander V. Chernikov    void *ta_buf);
9fe15d06SAlexander V. Chernikovstatic int ta_add_chash(void *ta_state, struct table_info *ti,
9fe15d06SAlexander V. Chernikov    struct tentry_info *tei, void *ta_buf, uint32_t *pnum);
9fe15d06SAlexander V. Chernikovstatic int ta_prepare_del_chash(struct ip_fw_chain *ch, struct tentry_info *tei,
9fe15d06SAlexander V. Chernikov    void *ta_buf);
9fe15d06SAlexander V. Chernikovstatic int ta_del_chash(void *ta_state, struct table_info *ti,
9fe15d06SAlexander V. Chernikov    struct tentry_info *tei, void *ta_buf, uint32_t *pnum);
9fe15d06SAlexander V. Chernikovstatic void ta_flush_chash_entry(struct ip_fw_chain *ch, struct tentry_info *tei,
9fe15d06SAlexander V. Chernikov    void *ta_buf);
9fe15d06SAlexander V. Chernikovstatic int ta_need_modify_chash(void *ta_state, struct table_info *ti,
9fe15d06SAlexander V. Chernikov    uint32_t count, uint64_t *pflags);
9fe15d06SAlexander V. Chernikovstatic int ta_prepare_mod_chash(void *ta_buf, uint64_t *pflags);
9fe15d06SAlexander V. Chernikovstatic int ta_fill_mod_chash(void *ta_state, struct table_info *ti, void *ta_buf,
9fe15d06SAlexander V. Chernikov    uint64_t *pflags);
9fe15d06SAlexander V. Chernikovstatic void ta_modify_chash(void *ta_state, struct table_info *ti, void *ta_buf,
9fe15d06SAlexander V. Chernikov    uint64_t pflags);
9fe15d06SAlexander V. Chernikovstatic void ta_flush_mod_chash(void *ta_buf);
9fe15d06SAlexander V. Chernikov
d699ee2dSAlexander V. Chernikov#ifdef INET
74b941f0SAlexander V. Chernikovstatic __inline uint32_t
74b941f0SAlexander V. Chernikovhash_ip(uint32_t addr, int hsize)
74b941f0SAlexander V. Chernikov{
74b941f0SAlexander V. Chernikov
74b941f0SAlexander V. Chernikov	return (addr % (hsize - 1));
74b941f0SAlexander V. Chernikov}
d699ee2dSAlexander V. Chernikov#endif
74b941f0SAlexander V. Chernikov
d699ee2dSAlexander V. Chernikov#ifdef INET6
74b941f0SAlexander V. Chernikovstatic __inline uint32_t
74b941f0SAlexander V. Chernikovhash_ip6(struct in6_addr *addr6, int hsize)
74b941f0SAlexander V. Chernikov{
74b941f0SAlexander V. Chernikov	uint32_t i;
74b941f0SAlexander V. Chernikov
74b941f0SAlexander V. Chernikov	i = addr6->s6_addr32[0] ^ addr6->s6_addr32[1] ^
74b941f0SAlexander V. Chernikov	    addr6->s6_addr32[2] ^ addr6->s6_addr32[3];
74b941f0SAlexander V. Chernikov
74b941f0SAlexander V. Chernikov	return (i % (hsize - 1));
74b941f0SAlexander V. Chernikov}
74b941f0SAlexander V. Chernikov
74b941f0SAlexander V. Chernikovstatic __inline uint16_t
74b941f0SAlexander V. Chernikovhash_ip64(struct in6_addr *addr6, int hsize)
74b941f0SAlexander V. Chernikov{
74b941f0SAlexander V. Chernikov	uint32_t i;
74b941f0SAlexander V. Chernikov
74b941f0SAlexander V. Chernikov	i = addr6->s6_addr32[0] ^ addr6->s6_addr32[1];
74b941f0SAlexander V. Chernikov
74b941f0SAlexander V. Chernikov	return (i % (hsize - 1));
74b941f0SAlexander V. Chernikov}
74b941f0SAlexander V. Chernikov
74b941f0SAlexander V. Chernikovstatic __inline uint32_t
74b941f0SAlexander V. Chernikovhash_ip6_slow(struct in6_addr *addr6, void *key, int mask, int hsize)
74b941f0SAlexander V. Chernikov{
74b941f0SAlexander V. Chernikov	struct in6_addr mask6;
74b941f0SAlexander V. Chernikov
74b941f0SAlexander V. Chernikov	ipv6_writemask(&mask6, mask);
74b941f0SAlexander V. Chernikov	memcpy(addr6, key, sizeof(struct in6_addr));
74b941f0SAlexander V. Chernikov	APPLY_MASK(addr6, &mask6);
74b941f0SAlexander V. Chernikov	return (hash_ip6(addr6, hsize));
74b941f0SAlexander V. Chernikov}
74b941f0SAlexander V. Chernikov
74b941f0SAlexander V. Chernikovstatic __inline uint32_t
74b941f0SAlexander V. Chernikovhash_ip6_al(struct in6_addr *addr6, void *key, int mask, int hsize)
74b941f0SAlexander V. Chernikov{
74b941f0SAlexander V. Chernikov	uint64_t *paddr;
74b941f0SAlexander V. Chernikov
74b941f0SAlexander V. Chernikov	paddr = (uint64_t *)addr6;
74b941f0SAlexander V. Chernikov	*paddr = 0;
74b941f0SAlexander V. Chernikov	*(paddr + 1) = 0;
74b941f0SAlexander V. Chernikov	memcpy(addr6, key, mask);
74b941f0SAlexander V. Chernikov	return (hash_ip6(addr6, hsize));
74b941f0SAlexander V. Chernikov}
d699ee2dSAlexander V. Chernikov#endif
74b941f0SAlexander V. Chernikov
74b941f0SAlexander V. Chernikovstatic int
74b941f0SAlexander V. Chernikovta_lookup_chash_slow(struct table_info *ti, void *key, uint32_t keylen,
74b941f0SAlexander V. Chernikov    uint32_t *val)
74b941f0SAlexander V. Chernikov{
74b941f0SAlexander V. Chernikov	struct chashbhead *head;
74b941f0SAlexander V. Chernikov	struct chashentry *ent;
74b941f0SAlexander V. Chernikov	uint16_t hash, hsize;
74b941f0SAlexander V. Chernikov	uint8_t imask;
74b941f0SAlexander V. Chernikov
74b941f0SAlexander V. Chernikov	if (keylen == sizeof(in_addr_t)) {
d699ee2dSAlexander V. Chernikov#ifdef INET
74b941f0SAlexander V. Chernikov		head = (struct chashbhead *)ti->state;
74b941f0SAlexander V. Chernikov		imask = ti->data >> 24;
74b941f0SAlexander V. Chernikov		hsize = 1 << ((ti->data & 0xFFFF) >> 8);
74b941f0SAlexander V. Chernikov		uint32_t a;
74b941f0SAlexander V. Chernikov		a = ntohl(*((in_addr_t *)key));
74b941f0SAlexander V. Chernikov		a = a >> imask;
74b941f0SAlexander V. Chernikov		hash = hash_ip(a, hsize);
74b941f0SAlexander V. Chernikov		SLIST_FOREACH(ent, &head[hash], next) {
74b941f0SAlexander V. Chernikov			if (ent->a.a4 == a) {
74b941f0SAlexander V. Chernikov				*val = ent->value;
74b941f0SAlexander V. Chernikov				return (1);
74b941f0SAlexander V. Chernikov			}
74b941f0SAlexander V. Chernikov		}
d699ee2dSAlexander V. Chernikov#endif
74b941f0SAlexander V. Chernikov	} else {
d699ee2dSAlexander V. Chernikov#ifdef INET6
74b941f0SAlexander V. Chernikov		/* IPv6: worst scenario: non-round mask */
74b941f0SAlexander V. Chernikov		struct in6_addr addr6;
74b941f0SAlexander V. Chernikov		head = (struct chashbhead *)ti->xstate;
74b941f0SAlexander V. Chernikov		imask = (ti->data & 0xFF0000) >> 16;
74b941f0SAlexander V. Chernikov		hsize = 1 << (ti->data & 0xFF);
74b941f0SAlexander V. Chernikov		hash = hash_ip6_slow(&addr6, key, imask, hsize);
74b941f0SAlexander V. Chernikov		SLIST_FOREACH(ent, &head[hash], next) {
74b941f0SAlexander V. Chernikov			if (memcmp(&ent->a.a6, &addr6, 16) == 0) {
74b941f0SAlexander V. Chernikov				*val = ent->value;
74b941f0SAlexander V. Chernikov				return (1);
74b941f0SAlexander V. Chernikov			}
74b941f0SAlexander V. Chernikov		}
d699ee2dSAlexander V. Chernikov#endif
74b941f0SAlexander V. Chernikov	}
74b941f0SAlexander V. Chernikov
74b941f0SAlexander V. Chernikov	return (0);
74b941f0SAlexander V. Chernikov}
74b941f0SAlexander V. Chernikov
74b941f0SAlexander V. Chernikovstatic int
74b941f0SAlexander V. Chernikovta_lookup_chash_aligned(struct table_info *ti, void *key, uint32_t keylen,
74b941f0SAlexander V. Chernikov    uint32_t *val)
74b941f0SAlexander V. Chernikov{
74b941f0SAlexander V. Chernikov	struct chashbhead *head;
74b941f0SAlexander V. Chernikov	struct chashentry *ent;
74b941f0SAlexander V. Chernikov	uint16_t hash, hsize;
74b941f0SAlexander V. Chernikov	uint8_t imask;
74b941f0SAlexander V. Chernikov
74b941f0SAlexander V. Chernikov	if (keylen == sizeof(in_addr_t)) {
d699ee2dSAlexander V. Chernikov#ifdef INET
74b941f0SAlexander V. Chernikov		head = (struct chashbhead *)ti->state;
74b941f0SAlexander V. Chernikov		imask = ti->data >> 24;
74b941f0SAlexander V. Chernikov		hsize = 1 << ((ti->data & 0xFFFF) >> 8);
74b941f0SAlexander V. Chernikov		uint32_t a;
74b941f0SAlexander V. Chernikov		a = ntohl(*((in_addr_t *)key));
74b941f0SAlexander V. Chernikov		a = a >> imask;
74b941f0SAlexander V. Chernikov		hash = hash_ip(a, hsize);
74b941f0SAlexander V. Chernikov		SLIST_FOREACH(ent, &head[hash], next) {
74b941f0SAlexander V. Chernikov			if (ent->a.a4 == a) {
74b941f0SAlexander V. Chernikov				*val = ent->value;
74b941f0SAlexander V. Chernikov				return (1);
74b941f0SAlexander V. Chernikov			}
74b941f0SAlexander V. Chernikov		}
d699ee2dSAlexander V. Chernikov#endif
74b941f0SAlexander V. Chernikov	} else {
d699ee2dSAlexander V. Chernikov#ifdef INET6
74b941f0SAlexander V. Chernikov		/* IPv6: aligned to 8bit mask */
74b941f0SAlexander V. Chernikov		struct in6_addr addr6;
74b941f0SAlexander V. Chernikov		uint64_t *paddr, *ptmp;
74b941f0SAlexander V. Chernikov		head = (struct chashbhead *)ti->xstate;
74b941f0SAlexander V. Chernikov		imask = (ti->data & 0xFF0000) >> 16;
74b941f0SAlexander V. Chernikov		hsize = 1 << (ti->data & 0xFF);
74b941f0SAlexander V. Chernikov
74b941f0SAlexander V. Chernikov		hash = hash_ip6_al(&addr6, key, imask, hsize);
74b941f0SAlexander V. Chernikov		paddr = (uint64_t *)&addr6;
74b941f0SAlexander V. Chernikov		SLIST_FOREACH(ent, &head[hash], next) {
74b941f0SAlexander V. Chernikov			ptmp = (uint64_t *)&ent->a.a6;
74b941f0SAlexander V. Chernikov			if (paddr[0] == ptmp[0] && paddr[1] == ptmp[1]) {
74b941f0SAlexander V. Chernikov				*val = ent->value;
74b941f0SAlexander V. Chernikov				return (1);
74b941f0SAlexander V. Chernikov			}
74b941f0SAlexander V. Chernikov		}
d699ee2dSAlexander V. Chernikov#endif
74b941f0SAlexander V. Chernikov	}
74b941f0SAlexander V. Chernikov
74b941f0SAlexander V. Chernikov	return (0);
74b941f0SAlexander V. Chernikov}
74b941f0SAlexander V. Chernikov
74b941f0SAlexander V. Chernikovstatic int
74b941f0SAlexander V. Chernikovta_lookup_chash_64(struct table_info *ti, void *key, uint32_t keylen,
74b941f0SAlexander V. Chernikov    uint32_t *val)
74b941f0SAlexander V. Chernikov{
74b941f0SAlexander V. Chernikov	struct chashbhead *head;
74b941f0SAlexander V. Chernikov	struct chashentry *ent;
74b941f0SAlexander V. Chernikov	uint16_t hash, hsize;
74b941f0SAlexander V. Chernikov	uint8_t imask;
74b941f0SAlexander V. Chernikov
74b941f0SAlexander V. Chernikov	if (keylen == sizeof(in_addr_t)) {
d699ee2dSAlexander V. Chernikov#ifdef INET
74b941f0SAlexander V. Chernikov		head = (struct chashbhead *)ti->state;
74b941f0SAlexander V. Chernikov		imask = ti->data >> 24;
74b941f0SAlexander V. Chernikov		hsize = 1 << ((ti->data & 0xFFFF) >> 8);
74b941f0SAlexander V. Chernikov		uint32_t a;
74b941f0SAlexander V. Chernikov		a = ntohl(*((in_addr_t *)key));
74b941f0SAlexander V. Chernikov		a = a >> imask;
74b941f0SAlexander V. Chernikov		hash = hash_ip(a, hsize);
74b941f0SAlexander V. Chernikov		SLIST_FOREACH(ent, &head[hash], next) {
74b941f0SAlexander V. Chernikov			if (ent->a.a4 == a) {
74b941f0SAlexander V. Chernikov				*val = ent->value;
74b941f0SAlexander V. Chernikov				return (1);
74b941f0SAlexander V. Chernikov			}
74b941f0SAlexander V. Chernikov		}
d699ee2dSAlexander V. Chernikov#endif
74b941f0SAlexander V. Chernikov	} else {
d699ee2dSAlexander V. Chernikov#ifdef INET6
74b941f0SAlexander V. Chernikov		/* IPv6: /64 */
74b941f0SAlexander V. Chernikov		uint64_t a6, *paddr;
74b941f0SAlexander V. Chernikov		head = (struct chashbhead *)ti->xstate;
74b941f0SAlexander V. Chernikov		paddr = (uint64_t *)key;
74b941f0SAlexander V. Chernikov		hsize = 1 << (ti->data & 0xFF);
74b941f0SAlexander V. Chernikov		a6 = *paddr;
74b941f0SAlexander V. Chernikov		hash = hash_ip64((struct in6_addr *)key, hsize);
74b941f0SAlexander V. Chernikov		SLIST_FOREACH(ent, &head[hash], next) {
74b941f0SAlexander V. Chernikov			paddr = (uint64_t *)&ent->a.a6;
74b941f0SAlexander V. Chernikov			if (a6 == *paddr) {
74b941f0SAlexander V. Chernikov				*val = ent->value;
74b941f0SAlexander V. Chernikov				return (1);
74b941f0SAlexander V. Chernikov			}
74b941f0SAlexander V. Chernikov		}
d699ee2dSAlexander V. Chernikov#endif
74b941f0SAlexander V. Chernikov	}
74b941f0SAlexander V. Chernikov
74b941f0SAlexander V. Chernikov	return (0);
74b941f0SAlexander V. Chernikov}
74b941f0SAlexander V. Chernikov
74b941f0SAlexander V. Chernikovstatic int
0bce0c23SAlexander V. Chernikovchash_parse_opts(struct chash_cfg *cfg, char *data)
74b941f0SAlexander V. Chernikov{
74b941f0SAlexander V. Chernikov	char *pdel, *pend, *s;
74b941f0SAlexander V. Chernikov	int mask4, mask6;
74b941f0SAlexander V. Chernikov
0bce0c23SAlexander V. Chernikov	mask4 = cfg->mask4;
0bce0c23SAlexander V. Chernikov	mask6 = cfg->mask6;
74b941f0SAlexander V. Chernikov
74b941f0SAlexander V. Chernikov	if (data == NULL)
74b941f0SAlexander V. Chernikov		return (0);
74b941f0SAlexander V. Chernikov	if ((pdel = strchr(data, ' ')) == NULL)
74b941f0SAlexander V. Chernikov		return (0);
74b941f0SAlexander V. Chernikov	while (*pdel == ' ')
74b941f0SAlexander V. Chernikov		pdel++;
74b941f0SAlexander V. Chernikov	if (strncmp(pdel, "masks=", 6) != 0)
74b941f0SAlexander V. Chernikov		return (EINVAL);
74b941f0SAlexander V. Chernikov	if ((s = strchr(pdel, ' ')) != NULL)
74b941f0SAlexander V. Chernikov		*s++ = '\0';
74b941f0SAlexander V. Chernikov
74b941f0SAlexander V. Chernikov	pdel += 6;
74b941f0SAlexander V. Chernikov	/* Need /XX[,/YY] */
74b941f0SAlexander V. Chernikov	if (*pdel++ != '/')
74b941f0SAlexander V. Chernikov		return (EINVAL);
74b941f0SAlexander V. Chernikov	mask4 = strtol(pdel, &pend, 10);
74b941f0SAlexander V. Chernikov	if (*pend == ',') {
74b941f0SAlexander V. Chernikov		/* ,/YY */
74b941f0SAlexander V. Chernikov		pdel = pend + 1;
74b941f0SAlexander V. Chernikov		if (*pdel++ != '/')
74b941f0SAlexander V. Chernikov			return (EINVAL);
74b941f0SAlexander V. Chernikov		mask6 = strtol(pdel, &pend, 10);
74b941f0SAlexander V. Chernikov		if (*pend != '\0')
74b941f0SAlexander V. Chernikov			return (EINVAL);
74b941f0SAlexander V. Chernikov	} else if (*pend != '\0')
74b941f0SAlexander V. Chernikov		return (EINVAL);
74b941f0SAlexander V. Chernikov
74b941f0SAlexander V. Chernikov	if (mask4 < 0 || mask4 > 32 || mask6 < 0 || mask6 > 128)
74b941f0SAlexander V. Chernikov		return (EINVAL);
74b941f0SAlexander V. Chernikov
0bce0c23SAlexander V. Chernikov	cfg->mask4 = mask4;
0bce0c23SAlexander V. Chernikov	cfg->mask6 = mask6;
74b941f0SAlexander V. Chernikov
74b941f0SAlexander V. Chernikov	return (0);
74b941f0SAlexander V. Chernikov}
74b941f0SAlexander V. Chernikov
74b941f0SAlexander V. Chernikovstatic void
74b941f0SAlexander V. Chernikovta_print_chash_config(void *ta_state, struct table_info *ti, char *buf,
74b941f0SAlexander V. Chernikov    size_t bufsize)
74b941f0SAlexander V. Chernikov{
0bce0c23SAlexander V. Chernikov	struct chash_cfg *cfg;
74b941f0SAlexander V. Chernikov
0bce0c23SAlexander V. Chernikov	cfg = (struct chash_cfg *)ta_state;
74b941f0SAlexander V. Chernikov
0bce0c23SAlexander V. Chernikov	if (cfg->mask4 != 32 || cfg->mask6 != 128)
c21034b7SAlexander V. Chernikov		snprintf(buf, bufsize, "%s masks=/%d,/%d", "addr:hash",
0bce0c23SAlexander V. Chernikov		    cfg->mask4, cfg->mask6);
74b941f0SAlexander V. Chernikov	else
c21034b7SAlexander V. Chernikov		snprintf(buf, bufsize, "%s", "addr:hash");
74b941f0SAlexander V. Chernikov}
74b941f0SAlexander V. Chernikov
914bffb6SAlexander V. Chernikovstatic int
9e3a53fdSAlexander V. Chernikovta_log2(uint32_t v)
914bffb6SAlexander V. Chernikov{
914bffb6SAlexander V. Chernikov	uint32_t r;
914bffb6SAlexander V. Chernikov
914bffb6SAlexander V. Chernikov	r = 0;
914bffb6SAlexander V. Chernikov	while (v >>= 1)
914bffb6SAlexander V. Chernikov		r++;
914bffb6SAlexander V. Chernikov
914bffb6SAlexander V. Chernikov	return (r);
914bffb6SAlexander V. Chernikov}
74b941f0SAlexander V. Chernikov
74b941f0SAlexander V. Chernikov/*
74b941f0SAlexander V. Chernikov * New table.
74b941f0SAlexander V. Chernikov * We assume 'data' to be either NULL or the following format:
c21034b7SAlexander V. Chernikov * 'addr:hash [masks=/32[,/128]]'
74b941f0SAlexander V. Chernikov */
74b941f0SAlexander V. Chernikovstatic int
74b941f0SAlexander V. Chernikovta_init_chash(struct ip_fw_chain *ch, void **ta_state, struct table_info *ti,
914bffb6SAlexander V. Chernikov    char *data, uint8_t tflags)
74b941f0SAlexander V. Chernikov{
74b941f0SAlexander V. Chernikov	int error, i;
914bffb6SAlexander V. Chernikov	uint32_t hsize;
0bce0c23SAlexander V. Chernikov	struct chash_cfg *cfg;
74b941f0SAlexander V. Chernikov
0bce0c23SAlexander V. Chernikov	cfg = malloc(sizeof(struct chash_cfg), M_IPFW, M_WAITOK | M_ZERO);
74b941f0SAlexander V. Chernikov
0bce0c23SAlexander V. Chernikov	cfg->mask4 = 32;
0bce0c23SAlexander V. Chernikov	cfg->mask6 = 128;
74b941f0SAlexander V. Chernikov
0bce0c23SAlexander V. Chernikov	if ((error = chash_parse_opts(cfg, data)) != 0) {
0bce0c23SAlexander V. Chernikov		free(cfg, M_IPFW);
74b941f0SAlexander V. Chernikov		return (error);
74b941f0SAlexander V. Chernikov	}
74b941f0SAlexander V. Chernikov
0bce0c23SAlexander V. Chernikov	cfg->size4 = 128;
0bce0c23SAlexander V. Chernikov	cfg->size6 = 128;
74b941f0SAlexander V. Chernikov
0bce0c23SAlexander V. Chernikov	cfg->head4 = malloc(sizeof(struct chashbhead) * cfg->size4, M_IPFW,
74b941f0SAlexander V. Chernikov	    M_WAITOK | M_ZERO);
0bce0c23SAlexander V. Chernikov	cfg->head6 = malloc(sizeof(struct chashbhead) * cfg->size6, M_IPFW,
74b941f0SAlexander V. Chernikov	    M_WAITOK | M_ZERO);
0bce0c23SAlexander V. Chernikov	for (i = 0; i < cfg->size4; i++)
0bce0c23SAlexander V. Chernikov		SLIST_INIT(&cfg->head4[i]);
0bce0c23SAlexander V. Chernikov	for (i = 0; i < cfg->size6; i++)
0bce0c23SAlexander V. Chernikov		SLIST_INIT(&cfg->head6[i]);
74b941f0SAlexander V. Chernikov
0bce0c23SAlexander V. Chernikov	*ta_state = cfg;
0bce0c23SAlexander V. Chernikov	ti->state = cfg->head4;
0bce0c23SAlexander V. Chernikov	ti->xstate = cfg->head6;
74b941f0SAlexander V. Chernikov
74b941f0SAlexander V. Chernikov	/* Store data depending on v6 mask length */
9e3a53fdSAlexander V. Chernikov	hsize = ta_log2(cfg->size4) << 8 | ta_log2(cfg->size6);
0bce0c23SAlexander V. Chernikov	if (cfg->mask6 == 64) {
0bce0c23SAlexander V. Chernikov		ti->data = (32 - cfg->mask4) << 24 | (128 - cfg->mask6) << 16|
914bffb6SAlexander V. Chernikov		    hsize;
74b941f0SAlexander V. Chernikov		ti->lookup = ta_lookup_chash_64;
0bce0c23SAlexander V. Chernikov	} else if ((cfg->mask6  % 8) == 0) {
0bce0c23SAlexander V. Chernikov		ti->data = (32 - cfg->mask4) << 24 |
0bce0c23SAlexander V. Chernikov		    cfg->mask6 << 13 | hsize;
74b941f0SAlexander V. Chernikov		ti->lookup = ta_lookup_chash_aligned;
74b941f0SAlexander V. Chernikov	} else {
74b941f0SAlexander V. Chernikov		/* don't do that! */
0bce0c23SAlexander V. Chernikov		ti->data = (32 - cfg->mask4) << 24 |
0bce0c23SAlexander V. Chernikov		    cfg->mask6 << 16 | hsize;
74b941f0SAlexander V. Chernikov		ti->lookup = ta_lookup_chash_slow;
74b941f0SAlexander V. Chernikov	}
74b941f0SAlexander V. Chernikov
74b941f0SAlexander V. Chernikov	return (0);
74b941f0SAlexander V. Chernikov}
74b941f0SAlexander V. Chernikov
74b941f0SAlexander V. Chernikovstatic void
74b941f0SAlexander V. Chernikovta_destroy_chash(void *ta_state, struct table_info *ti)
74b941f0SAlexander V. Chernikov{
0bce0c23SAlexander V. Chernikov	struct chash_cfg *cfg;
74b941f0SAlexander V. Chernikov	struct chashentry *ent, *ent_next;
74b941f0SAlexander V. Chernikov	int i;
74b941f0SAlexander V. Chernikov
0bce0c23SAlexander V. Chernikov	cfg = (struct chash_cfg *)ta_state;
74b941f0SAlexander V. Chernikov
0bce0c23SAlexander V. Chernikov	for (i = 0; i < cfg->size4; i++)
0bce0c23SAlexander V. Chernikov		SLIST_FOREACH_SAFE(ent, &cfg->head4[i], next, ent_next)
74b941f0SAlexander V. Chernikov			free(ent, M_IPFW_TBL);
74b941f0SAlexander V. Chernikov
0bce0c23SAlexander V. Chernikov	for (i = 0; i < cfg->size6; i++)
0bce0c23SAlexander V. Chernikov		SLIST_FOREACH_SAFE(ent, &cfg->head6[i], next, ent_next)
74b941f0SAlexander V. Chernikov			free(ent, M_IPFW_TBL);
74b941f0SAlexander V. Chernikov
0bce0c23SAlexander V. Chernikov	free(cfg->head4, M_IPFW);
0bce0c23SAlexander V. Chernikov	free(cfg->head6, M_IPFW);
ce2817b5SAlexander V. Chernikov
0bce0c23SAlexander V. Chernikov	free(cfg, M_IPFW);
74b941f0SAlexander V. Chernikov}
74b941f0SAlexander V. Chernikov
5f379342SAlexander V. Chernikovstatic void
5f379342SAlexander V. Chernikovta_dump_chash_tinfo(void *ta_state, struct table_info *ti, ipfw_ta_tinfo *tinfo)
5f379342SAlexander V. Chernikov{
5f379342SAlexander V. Chernikov	struct chash_cfg *cfg;
5f379342SAlexander V. Chernikov
5f379342SAlexander V. Chernikov	cfg = (struct chash_cfg *)ta_state;
5f379342SAlexander V. Chernikov
5f379342SAlexander V. Chernikov	tinfo->flags = IPFW_TATFLAGS_AFDATA | IPFW_TATFLAGS_AFITEM;
5f379342SAlexander V. Chernikov	tinfo->taclass4 = IPFW_TACLASS_HASH;
5f379342SAlexander V. Chernikov	tinfo->size4 = cfg->size4;
5f379342SAlexander V. Chernikov	tinfo->count4 = cfg->items4;
5f379342SAlexander V. Chernikov	tinfo->itemsize4 = sizeof(struct chashentry);
5f379342SAlexander V. Chernikov	tinfo->taclass6 = IPFW_TACLASS_HASH;
5f379342SAlexander V. Chernikov	tinfo->size6 = cfg->size6;
5f379342SAlexander V. Chernikov	tinfo->count6 = cfg->items6;
5f379342SAlexander V. Chernikov	tinfo->itemsize6 = sizeof(struct chashentry);
5f379342SAlexander V. Chernikov}
5f379342SAlexander V. Chernikov
74b941f0SAlexander V. Chernikovstatic int
74b941f0SAlexander V. Chernikovta_dump_chash_tentry(void *ta_state, struct table_info *ti, void *e,
74b941f0SAlexander V. Chernikov    ipfw_obj_tentry *tent)
74b941f0SAlexander V. Chernikov{
0bce0c23SAlexander V. Chernikov	struct chash_cfg *cfg;
74b941f0SAlexander V. Chernikov	struct chashentry *ent;
74b941f0SAlexander V. Chernikov
0bce0c23SAlexander V. Chernikov	cfg = (struct chash_cfg *)ta_state;
74b941f0SAlexander V. Chernikov	ent = (struct chashentry *)e;
74b941f0SAlexander V. Chernikov
74b941f0SAlexander V. Chernikov	if (ent->type == AF_INET) {
0bce0c23SAlexander V. Chernikov		tent->k.addr.s_addr = htonl(ent->a.a4 << (32 - cfg->mask4));
0bce0c23SAlexander V. Chernikov		tent->masklen = cfg->mask4;
74b941f0SAlexander V. Chernikov		tent->subtype = AF_INET;
0cba2b28SAlexander V. Chernikov		tent->v.kidx = ent->value;
74b941f0SAlexander V. Chernikov#ifdef INET6
74b941f0SAlexander V. Chernikov	} else {
ba3e1361SAndrey V. Elsukov		memcpy(&tent->k.addr6, &ent->a.a6, sizeof(struct in6_addr));
0bce0c23SAlexander V. Chernikov		tent->masklen = cfg->mask6;
74b941f0SAlexander V. Chernikov		tent->subtype = AF_INET6;
0cba2b28SAlexander V. Chernikov		tent->v.kidx = ent->value;
74b941f0SAlexander V. Chernikov#endif
74b941f0SAlexander V. Chernikov	}
74b941f0SAlexander V. Chernikov
74b941f0SAlexander V. Chernikov	return (0);
74b941f0SAlexander V. Chernikov}
74b941f0SAlexander V. Chernikov
ce2817b5SAlexander V. Chernikovstatic uint32_t
ce2817b5SAlexander V. Chernikovhash_ent(struct chashentry *ent, int af, int mlen, uint32_t size)
ce2817b5SAlexander V. Chernikov{
ce2817b5SAlexander V. Chernikov	uint32_t hash;
ce2817b5SAlexander V. Chernikov
d699ee2dSAlexander V. Chernikov	hash = 0;
d699ee2dSAlexander V. Chernikov
ce2817b5SAlexander V. Chernikov	if (af == AF_INET) {
d699ee2dSAlexander V. Chernikov#ifdef INET
ce2817b5SAlexander V. Chernikov		hash = hash_ip(ent->a.a4, size);
d699ee2dSAlexander V. Chernikov#endif
ce2817b5SAlexander V. Chernikov	} else {
d699ee2dSAlexander V. Chernikov#ifdef INET6
ce2817b5SAlexander V. Chernikov		if (mlen == 64)
ce2817b5SAlexander V. Chernikov			hash = hash_ip64(&ent->a.a6, size);
ce2817b5SAlexander V. Chernikov		else
ce2817b5SAlexander V. Chernikov			hash = hash_ip6(&ent->a.a6, size);
d699ee2dSAlexander V. Chernikov#endif
ce2817b5SAlexander V. Chernikov	}
ce2817b5SAlexander V. Chernikov
ce2817b5SAlexander V. Chernikov	return (hash);
ce2817b5SAlexander V. Chernikov}
ce2817b5SAlexander V. Chernikov
ce2817b5SAlexander V. Chernikovstatic int
ce2817b5SAlexander V. Chernikovtei_to_chash_ent(struct tentry_info *tei, struct chashentry *ent)
ce2817b5SAlexander V. Chernikov{
ce2817b5SAlexander V. Chernikov	int mlen;
d699ee2dSAlexander V. Chernikov#ifdef INET6
d699ee2dSAlexander V. Chernikov	struct in6_addr mask6;
d699ee2dSAlexander V. Chernikov#endif
ce2817b5SAlexander V. Chernikov
ce2817b5SAlexander V. Chernikov	mlen = tei->masklen;
ce2817b5SAlexander V. Chernikov
ce2817b5SAlexander V. Chernikov	if (tei->subtype == AF_INET) {
ce2817b5SAlexander V. Chernikov#ifdef INET
ce2817b5SAlexander V. Chernikov		if (mlen > 32)
ce2817b5SAlexander V. Chernikov			return (EINVAL);
ce2817b5SAlexander V. Chernikov		ent->type = AF_INET;
ce2817b5SAlexander V. Chernikov
ce2817b5SAlexander V. Chernikov		/* Calculate masked address */
ce2817b5SAlexander V. Chernikov		ent->a.a4 = ntohl(*((in_addr_t *)tei->paddr)) >> (32 - mlen);
ce2817b5SAlexander V. Chernikov#endif
ce2817b5SAlexander V. Chernikov#ifdef INET6
ce2817b5SAlexander V. Chernikov	} else if (tei->subtype == AF_INET6) {
ce2817b5SAlexander V. Chernikov		/* IPv6 case */
ce2817b5SAlexander V. Chernikov		if (mlen > 128)
ce2817b5SAlexander V. Chernikov			return (EINVAL);
ce2817b5SAlexander V. Chernikov		ent->type = AF_INET6;
ce2817b5SAlexander V. Chernikov
ce2817b5SAlexander V. Chernikov		ipv6_writemask(&mask6, mlen);
ce2817b5SAlexander V. Chernikov		memcpy(&ent->a.a6, tei->paddr, sizeof(struct in6_addr));
ce2817b5SAlexander V. Chernikov		APPLY_MASK(&ent->a.a6, &mask6);
ce2817b5SAlexander V. Chernikov#endif
ce2817b5SAlexander V. Chernikov	} else {
ce2817b5SAlexander V. Chernikov		/* Unknown CIDR type */
ce2817b5SAlexander V. Chernikov		return (EINVAL);
ce2817b5SAlexander V. Chernikov	}
ce2817b5SAlexander V. Chernikov
ce2817b5SAlexander V. Chernikov	return (0);
ce2817b5SAlexander V. Chernikov}
ce2817b5SAlexander V. Chernikov
74b941f0SAlexander V. Chernikovstatic int
914bffb6SAlexander V. Chernikovta_find_chash_tentry(void *ta_state, struct table_info *ti,
914bffb6SAlexander V. Chernikov    ipfw_obj_tentry *tent)
74b941f0SAlexander V. Chernikov{
0bce0c23SAlexander V. Chernikov	struct chash_cfg *cfg;
ce2817b5SAlexander V. Chernikov	struct chashbhead *head;
ce2817b5SAlexander V. Chernikov	struct chashentry ent, *tmp;
ce2817b5SAlexander V. Chernikov	struct tentry_info tei;
ce2817b5SAlexander V. Chernikov	int error;
ce2817b5SAlexander V. Chernikov	uint32_t hash;
74b941f0SAlexander V. Chernikov
0bce0c23SAlexander V. Chernikov	cfg = (struct chash_cfg *)ta_state;
ce2817b5SAlexander V. Chernikov
ce2817b5SAlexander V. Chernikov	memset(&ent, 0, sizeof(ent));
ce2817b5SAlexander V. Chernikov	memset(&tei, 0, sizeof(tei));
ce2817b5SAlexander V. Chernikov
914bffb6SAlexander V. Chernikov	if (tent->subtype == AF_INET) {
914bffb6SAlexander V. Chernikov		tei.paddr = &tent->k.addr;
0bce0c23SAlexander V. Chernikov		tei.masklen = cfg->mask4;
ce2817b5SAlexander V. Chernikov		tei.subtype = AF_INET;
74b941f0SAlexander V. Chernikov
ce2817b5SAlexander V. Chernikov		if ((error = tei_to_chash_ent(&tei, &ent)) != 0)
ce2817b5SAlexander V. Chernikov			return (error);
ce2817b5SAlexander V. Chernikov
0bce0c23SAlexander V. Chernikov		head = cfg->head4;
0bce0c23SAlexander V. Chernikov		hash = hash_ent(&ent, AF_INET, cfg->mask4, cfg->size4);
ce2817b5SAlexander V. Chernikov		/* Check for existence */
ce2817b5SAlexander V. Chernikov		SLIST_FOREACH(tmp, &head[hash], next) {
ce2817b5SAlexander V. Chernikov			if (tmp->a.a4 != ent.a.a4)
ce2817b5SAlexander V. Chernikov				continue;
ce2817b5SAlexander V. Chernikov
ce2817b5SAlexander V. Chernikov			ta_dump_chash_tentry(ta_state, ti, tmp, tent);
74b941f0SAlexander V. Chernikov			return (0);
74b941f0SAlexander V. Chernikov		}
ce2817b5SAlexander V. Chernikov	} else {
914bffb6SAlexander V. Chernikov		tei.paddr = &tent->k.addr6;
0bce0c23SAlexander V. Chernikov		tei.masklen = cfg->mask6;
ce2817b5SAlexander V. Chernikov		tei.subtype = AF_INET6;
ce2817b5SAlexander V. Chernikov
ce2817b5SAlexander V. Chernikov		if ((error = tei_to_chash_ent(&tei, &ent)) != 0)
ce2817b5SAlexander V. Chernikov			return (error);
ce2817b5SAlexander V. Chernikov
0bce0c23SAlexander V. Chernikov		head = cfg->head6;
0bce0c23SAlexander V. Chernikov		hash = hash_ent(&ent, AF_INET6, cfg->mask6, cfg->size6);
ce2817b5SAlexander V. Chernikov		/* Check for existence */
ce2817b5SAlexander V. Chernikov		SLIST_FOREACH(tmp, &head[hash], next) {
ce2817b5SAlexander V. Chernikov			if (memcmp(&tmp->a.a6, &ent.a.a6, 16) != 0)
ce2817b5SAlexander V. Chernikov				continue;
ce2817b5SAlexander V. Chernikov			ta_dump_chash_tentry(ta_state, ti, tmp, tent);
ce2817b5SAlexander V. Chernikov			return (0);
ce2817b5SAlexander V. Chernikov		}
ce2817b5SAlexander V. Chernikov	}
ce2817b5SAlexander V. Chernikov
74b941f0SAlexander V. Chernikov	return (ENOENT);
74b941f0SAlexander V. Chernikov}
74b941f0SAlexander V. Chernikov
74b941f0SAlexander V. Chernikovstatic void
74b941f0SAlexander V. Chernikovta_foreach_chash(void *ta_state, struct table_info *ti, ta_foreach_f *f,
74b941f0SAlexander V. Chernikov    void *arg)
74b941f0SAlexander V. Chernikov{
0bce0c23SAlexander V. Chernikov	struct chash_cfg *cfg;
74b941f0SAlexander V. Chernikov	struct chashentry *ent, *ent_next;
74b941f0SAlexander V. Chernikov	int i;
74b941f0SAlexander V. Chernikov
0bce0c23SAlexander V. Chernikov	cfg = (struct chash_cfg *)ta_state;
74b941f0SAlexander V. Chernikov
0bce0c23SAlexander V. Chernikov	for (i = 0; i < cfg->size4; i++)
0bce0c23SAlexander V. Chernikov		SLIST_FOREACH_SAFE(ent, &cfg->head4[i], next, ent_next)
74b941f0SAlexander V. Chernikov			f(ent, arg);
74b941f0SAlexander V. Chernikov
0bce0c23SAlexander V. Chernikov	for (i = 0; i < cfg->size6; i++)
0bce0c23SAlexander V. Chernikov		SLIST_FOREACH_SAFE(ent, &cfg->head6[i], next, ent_next)
74b941f0SAlexander V. Chernikov			f(ent, arg);
74b941f0SAlexander V. Chernikov}
74b941f0SAlexander V. Chernikov
74b941f0SAlexander V. Chernikovstatic int
74b941f0SAlexander V. Chernikovta_prepare_add_chash(struct ip_fw_chain *ch, struct tentry_info *tei,
74b941f0SAlexander V. Chernikov    void *ta_buf)
74b941f0SAlexander V. Chernikov{
74b941f0SAlexander V. Chernikov	struct ta_buf_chash *tb;
74b941f0SAlexander V. Chernikov	struct chashentry *ent;
ce2817b5SAlexander V. Chernikov	int error;
74b941f0SAlexander V. Chernikov
74b941f0SAlexander V. Chernikov	tb = (struct ta_buf_chash *)ta_buf;
74b941f0SAlexander V. Chernikov
74b941f0SAlexander V. Chernikov	ent = malloc(sizeof(*ent), M_IPFW_TBL, M_WAITOK | M_ZERO);
74b941f0SAlexander V. Chernikov
ce2817b5SAlexander V. Chernikov	error = tei_to_chash_ent(tei, ent);
ce2817b5SAlexander V. Chernikov	if (error != 0) {
ce2817b5SAlexander V. Chernikov		free(ent, M_IPFW_TBL);
ce2817b5SAlexander V. Chernikov		return (error);
74b941f0SAlexander V. Chernikov	}
ce2817b5SAlexander V. Chernikov	tb->ent_ptr = ent;
74b941f0SAlexander V. Chernikov
74b941f0SAlexander V. Chernikov	return (0);
74b941f0SAlexander V. Chernikov}
74b941f0SAlexander V. Chernikov
74b941f0SAlexander V. Chernikovstatic int
74b941f0SAlexander V. Chernikovta_add_chash(void *ta_state, struct table_info *ti, struct tentry_info *tei,
b6ee846eSAlexander V. Chernikov    void *ta_buf, uint32_t *pnum)
74b941f0SAlexander V. Chernikov{
0bce0c23SAlexander V. Chernikov	struct chash_cfg *cfg;
74b941f0SAlexander V. Chernikov	struct chashbhead *head;
74b941f0SAlexander V. Chernikov	struct chashentry *ent, *tmp;
74b941f0SAlexander V. Chernikov	struct ta_buf_chash *tb;
74b941f0SAlexander V. Chernikov	int exists;
648e8380SAlexander V. Chernikov	uint32_t hash, value;
74b941f0SAlexander V. Chernikov
0bce0c23SAlexander V. Chernikov	cfg = (struct chash_cfg *)ta_state;
74b941f0SAlexander V. Chernikov	tb = (struct ta_buf_chash *)ta_buf;
74b941f0SAlexander V. Chernikov	ent = (struct chashentry *)tb->ent_ptr;
74b941f0SAlexander V. Chernikov	hash = 0;
74b941f0SAlexander V. Chernikov	exists = 0;
74b941f0SAlexander V. Chernikov
13263632SAlexander V. Chernikov	/* Read current value from @tei */
13263632SAlexander V. Chernikov	ent->value = tei->value;
13263632SAlexander V. Chernikov
13263632SAlexander V. Chernikov	/* Read cuurrent value */
74b941f0SAlexander V. Chernikov	if (tei->subtype == AF_INET) {
0bce0c23SAlexander V. Chernikov		if (tei->masklen != cfg->mask4)
74b941f0SAlexander V. Chernikov			return (EINVAL);
0bce0c23SAlexander V. Chernikov		head = cfg->head4;
0bce0c23SAlexander V. Chernikov		hash = hash_ent(ent, AF_INET, cfg->mask4, cfg->size4);
ce2817b5SAlexander V. Chernikov
74b941f0SAlexander V. Chernikov		/* Check for existence */
74b941f0SAlexander V. Chernikov		SLIST_FOREACH(tmp, &head[hash], next) {
74b941f0SAlexander V. Chernikov			if (tmp->a.a4 == ent->a.a4) {
74b941f0SAlexander V. Chernikov				exists = 1;
74b941f0SAlexander V. Chernikov				break;
74b941f0SAlexander V. Chernikov			}
74b941f0SAlexander V. Chernikov		}
74b941f0SAlexander V. Chernikov	} else {
0bce0c23SAlexander V. Chernikov		if (tei->masklen != cfg->mask6)
74b941f0SAlexander V. Chernikov			return (EINVAL);
0bce0c23SAlexander V. Chernikov		head = cfg->head6;
0bce0c23SAlexander V. Chernikov		hash = hash_ent(ent, AF_INET6, cfg->mask6, cfg->size6);
74b941f0SAlexander V. Chernikov		/* Check for existence */
74b941f0SAlexander V. Chernikov		SLIST_FOREACH(tmp, &head[hash], next) {
ce2817b5SAlexander V. Chernikov			if (memcmp(&tmp->a.a6, &ent->a.a6, 16) == 0) {
74b941f0SAlexander V. Chernikov				exists = 1;
74b941f0SAlexander V. Chernikov				break;
74b941f0SAlexander V. Chernikov			}
74b941f0SAlexander V. Chernikov		}
74b941f0SAlexander V. Chernikov	}
74b941f0SAlexander V. Chernikov
74b941f0SAlexander V. Chernikov	if (exists == 1) {
74b941f0SAlexander V. Chernikov		if ((tei->flags & TEI_FLAGS_UPDATE) == 0)
74b941f0SAlexander V. Chernikov			return (EEXIST);
74b941f0SAlexander V. Chernikov		/* Record already exists. Update value if we're asked to */
648e8380SAlexander V. Chernikov		value = tmp->value;
74b941f0SAlexander V. Chernikov		tmp->value = tei->value;
648e8380SAlexander V. Chernikov		tei->value = value;
74b941f0SAlexander V. Chernikov		/* Indicate that update has happened instead of addition */
74b941f0SAlexander V. Chernikov		tei->flags |= TEI_FLAGS_UPDATED;
74b941f0SAlexander V. Chernikov		*pnum = 0;
74b941f0SAlexander V. Chernikov	} else {
4c0c07a5SAlexander V. Chernikov		if ((tei->flags & TEI_FLAGS_DONTADD) != 0)
4c0c07a5SAlexander V. Chernikov			return (EFBIG);
74b941f0SAlexander V. Chernikov		SLIST_INSERT_HEAD(&head[hash], ent, next);
74b941f0SAlexander V. Chernikov		tb->ent_ptr = NULL;
74b941f0SAlexander V. Chernikov		*pnum = 1;
ce2817b5SAlexander V. Chernikov
b6ee846eSAlexander V. Chernikov		/* Update counters */
b6ee846eSAlexander V. Chernikov		if (tei->subtype == AF_INET)
0bce0c23SAlexander V. Chernikov			cfg->items4++;
b6ee846eSAlexander V. Chernikov		else
0bce0c23SAlexander V. Chernikov			cfg->items6++;
74b941f0SAlexander V. Chernikov	}
74b941f0SAlexander V. Chernikov
74b941f0SAlexander V. Chernikov	return (0);
74b941f0SAlexander V. Chernikov}
74b941f0SAlexander V. Chernikov
74b941f0SAlexander V. Chernikovstatic int
74b941f0SAlexander V. Chernikovta_prepare_del_chash(struct ip_fw_chain *ch, struct tentry_info *tei,
74b941f0SAlexander V. Chernikov    void *ta_buf)
74b941f0SAlexander V. Chernikov{
74b941f0SAlexander V. Chernikov	struct ta_buf_chash *tb;
74b941f0SAlexander V. Chernikov
74b941f0SAlexander V. Chernikov	tb = (struct ta_buf_chash *)ta_buf;
74b941f0SAlexander V. Chernikov
ce2817b5SAlexander V. Chernikov	return (tei_to_chash_ent(tei, &tb->ent));
74b941f0SAlexander V. Chernikov}
74b941f0SAlexander V. Chernikov
74b941f0SAlexander V. Chernikovstatic int
74b941f0SAlexander V. Chernikovta_del_chash(void *ta_state, struct table_info *ti, struct tentry_info *tei,
b6ee846eSAlexander V. Chernikov    void *ta_buf, uint32_t *pnum)
74b941f0SAlexander V. Chernikov{
0bce0c23SAlexander V. Chernikov	struct chash_cfg *cfg;
74b941f0SAlexander V. Chernikov	struct chashbhead *head;
0bce0c23SAlexander V. Chernikov	struct chashentry *tmp, *tmp_next, *ent;
74b941f0SAlexander V. Chernikov	struct ta_buf_chash *tb;
74b941f0SAlexander V. Chernikov	uint32_t hash;
74b941f0SAlexander V. Chernikov
0bce0c23SAlexander V. Chernikov	cfg = (struct chash_cfg *)ta_state;
74b941f0SAlexander V. Chernikov	tb = (struct ta_buf_chash *)ta_buf;
0bce0c23SAlexander V. Chernikov	ent = &tb->ent;
74b941f0SAlexander V. Chernikov
74b941f0SAlexander V. Chernikov	if (tei->subtype == AF_INET) {
0bce0c23SAlexander V. Chernikov		if (tei->masklen != cfg->mask4)
74b941f0SAlexander V. Chernikov			return (EINVAL);
0bce0c23SAlexander V. Chernikov		head = cfg->head4;
0bce0c23SAlexander V. Chernikov		hash = hash_ent(ent, AF_INET, cfg->mask4, cfg->size4);
74b941f0SAlexander V. Chernikov
0bce0c23SAlexander V. Chernikov		SLIST_FOREACH_SAFE(tmp, &head[hash], next, tmp_next) {
0bce0c23SAlexander V. Chernikov			if (tmp->a.a4 != ent->a.a4)
648e8380SAlexander V. Chernikov				continue;
648e8380SAlexander V. Chernikov
0bce0c23SAlexander V. Chernikov			SLIST_REMOVE(&head[hash], tmp, chashentry, next);
0bce0c23SAlexander V. Chernikov			cfg->items4--;
0bce0c23SAlexander V. Chernikov			tb->ent_ptr = tmp;
0bce0c23SAlexander V. Chernikov			tei->value = tmp->value;
648e8380SAlexander V. Chernikov			*pnum = 1;
74b941f0SAlexander V. Chernikov			return (0);
74b941f0SAlexander V. Chernikov		}
74b941f0SAlexander V. Chernikov	} else {
0bce0c23SAlexander V. Chernikov		if (tei->masklen != cfg->mask6)
74b941f0SAlexander V. Chernikov			return (EINVAL);
0bce0c23SAlexander V. Chernikov		head = cfg->head6;
0bce0c23SAlexander V. Chernikov		hash = hash_ent(ent, AF_INET6, cfg->mask6, cfg->size6);
0bce0c23SAlexander V. Chernikov		SLIST_FOREACH_SAFE(tmp, &head[hash], next, tmp_next) {
0bce0c23SAlexander V. Chernikov			if (memcmp(&tmp->a.a6, &ent->a.a6, 16) != 0)
648e8380SAlexander V. Chernikov				continue;
648e8380SAlexander V. Chernikov
0bce0c23SAlexander V. Chernikov			SLIST_REMOVE(&head[hash], tmp, chashentry, next);
0bce0c23SAlexander V. Chernikov			cfg->items6--;
0bce0c23SAlexander V. Chernikov			tb->ent_ptr = tmp;
0bce0c23SAlexander V. Chernikov			tei->value = tmp->value;
74b941f0SAlexander V. Chernikov			*pnum = 1;
74b941f0SAlexander V. Chernikov			return (0);
74b941f0SAlexander V. Chernikov		}
74b941f0SAlexander V. Chernikov	}
74b941f0SAlexander V. Chernikov
74b941f0SAlexander V. Chernikov	return (ENOENT);
74b941f0SAlexander V. Chernikov}
74b941f0SAlexander V. Chernikov
74b941f0SAlexander V. Chernikovstatic void
74b941f0SAlexander V. Chernikovta_flush_chash_entry(struct ip_fw_chain *ch, struct tentry_info *tei,
74b941f0SAlexander V. Chernikov    void *ta_buf)
74b941f0SAlexander V. Chernikov{
74b941f0SAlexander V. Chernikov	struct ta_buf_chash *tb;
74b941f0SAlexander V. Chernikov
74b941f0SAlexander V. Chernikov	tb = (struct ta_buf_chash *)ta_buf;
74b941f0SAlexander V. Chernikov
74b941f0SAlexander V. Chernikov	if (tb->ent_ptr != NULL)
74b941f0SAlexander V. Chernikov		free(tb->ent_ptr, M_IPFW_TBL);
74b941f0SAlexander V. Chernikov}
74b941f0SAlexander V. Chernikov
ce2817b5SAlexander V. Chernikov/*
ce2817b5SAlexander V. Chernikov * Hash growing callbacks.
ce2817b5SAlexander V. Chernikov */
ce2817b5SAlexander V. Chernikov
b6ee846eSAlexander V. Chernikovstatic int
301290bcSAlexander V. Chernikovta_need_modify_chash(void *ta_state, struct table_info *ti, uint32_t count,
b6ee846eSAlexander V. Chernikov    uint64_t *pflags)
b6ee846eSAlexander V. Chernikov{
b6ee846eSAlexander V. Chernikov	struct chash_cfg *cfg;
b6ee846eSAlexander V. Chernikov	uint64_t data;
b6ee846eSAlexander V. Chernikov
b6ee846eSAlexander V. Chernikov	/*
b6ee846eSAlexander V. Chernikov	 * Since we don't know exact number of IPv4/IPv6 records in @count,
b6ee846eSAlexander V. Chernikov	 * ignore non-zero @count value at all. Check current hash sizes
b6ee846eSAlexander V. Chernikov	 * and return appropriate data.
b6ee846eSAlexander V. Chernikov	 */
b6ee846eSAlexander V. Chernikov
b6ee846eSAlexander V. Chernikov	cfg = (struct chash_cfg *)ta_state;
b6ee846eSAlexander V. Chernikov
b6ee846eSAlexander V. Chernikov	data = 0;
b6ee846eSAlexander V. Chernikov	if (cfg->items4 > cfg->size4 && cfg->size4 < 65536)
b6ee846eSAlexander V. Chernikov		data |= (cfg->size4 * 2) << 16;
b6ee846eSAlexander V. Chernikov	if (cfg->items6 > cfg->size6 && cfg->size6 < 65536)
b6ee846eSAlexander V. Chernikov		data |= cfg->size6 * 2;
b6ee846eSAlexander V. Chernikov
b6ee846eSAlexander V. Chernikov	if (data != 0) {
b6ee846eSAlexander V. Chernikov		*pflags = data;
301290bcSAlexander V. Chernikov		return (1);
b6ee846eSAlexander V. Chernikov	}
b6ee846eSAlexander V. Chernikov
301290bcSAlexander V. Chernikov	return (0);
b6ee846eSAlexander V. Chernikov}
b6ee846eSAlexander V. Chernikov
ce2817b5SAlexander V. Chernikov/*
ce2817b5SAlexander V. Chernikov * Allocate new, larger chash.
ce2817b5SAlexander V. Chernikov */
ce2817b5SAlexander V. Chernikovstatic int
ce2817b5SAlexander V. Chernikovta_prepare_mod_chash(void *ta_buf, uint64_t *pflags)
ce2817b5SAlexander V. Chernikov{
ce2817b5SAlexander V. Chernikov	struct mod_item *mi;
ce2817b5SAlexander V. Chernikov	struct chashbhead *head;
ce2817b5SAlexander V. Chernikov	int i;
ce2817b5SAlexander V. Chernikov
ce2817b5SAlexander V. Chernikov	mi = (struct mod_item *)ta_buf;
ce2817b5SAlexander V. Chernikov
ce2817b5SAlexander V. Chernikov	memset(mi, 0, sizeof(struct mod_item));
b6ee846eSAlexander V. Chernikov	mi->size = (*pflags >> 16) & 0xFFFF;
b6ee846eSAlexander V. Chernikov	mi->size6 = *pflags & 0xFFFF;
b6ee846eSAlexander V. Chernikov	if (mi->size > 0) {
b6ee846eSAlexander V. Chernikov		head = malloc(sizeof(struct chashbhead) * mi->size,
b6ee846eSAlexander V. Chernikov		    M_IPFW, M_WAITOK | M_ZERO);
ce2817b5SAlexander V. Chernikov		for (i = 0; i < mi->size; i++)
ce2817b5SAlexander V. Chernikov			SLIST_INIT(&head[i]);
ce2817b5SAlexander V. Chernikov		mi->main_ptr = head;
b6ee846eSAlexander V. Chernikov	}
b6ee846eSAlexander V. Chernikov
b6ee846eSAlexander V. Chernikov	if (mi->size6 > 0) {
b6ee846eSAlexander V. Chernikov		head = malloc(sizeof(struct chashbhead) * mi->size6,
b6ee846eSAlexander V. Chernikov		    M_IPFW, M_WAITOK | M_ZERO);
b6ee846eSAlexander V. Chernikov		for (i = 0; i < mi->size6; i++)
b6ee846eSAlexander V. Chernikov			SLIST_INIT(&head[i]);
b6ee846eSAlexander V. Chernikov		mi->main_ptr6 = head;
b6ee846eSAlexander V. Chernikov	}
ce2817b5SAlexander V. Chernikov
ce2817b5SAlexander V. Chernikov	return (0);
ce2817b5SAlexander V. Chernikov}
ce2817b5SAlexander V. Chernikov
ce2817b5SAlexander V. Chernikov/*
ce2817b5SAlexander V. Chernikov * Copy data from old runtime array to new one.
ce2817b5SAlexander V. Chernikov */
ce2817b5SAlexander V. Chernikovstatic int
ce2817b5SAlexander V. Chernikovta_fill_mod_chash(void *ta_state, struct table_info *ti, void *ta_buf,
ce2817b5SAlexander V. Chernikov    uint64_t *pflags)
ce2817b5SAlexander V. Chernikov{
ce2817b5SAlexander V. Chernikov
ce2817b5SAlexander V. Chernikov	/* In is not possible to do rehash if we're not holidng WLOCK. */
ce2817b5SAlexander V. Chernikov	return (0);
ce2817b5SAlexander V. Chernikov}
ce2817b5SAlexander V. Chernikov
ce2817b5SAlexander V. Chernikov/*
ce2817b5SAlexander V. Chernikov * Switch old & new arrays.
ce2817b5SAlexander V. Chernikov */
301290bcSAlexander V. Chernikovstatic void
ce2817b5SAlexander V. Chernikovta_modify_chash(void *ta_state, struct table_info *ti, void *ta_buf,
ce2817b5SAlexander V. Chernikov    uint64_t pflags)
ce2817b5SAlexander V. Chernikov{
ce2817b5SAlexander V. Chernikov	struct mod_item *mi;
b6ee846eSAlexander V. Chernikov	struct chash_cfg *cfg;
ce2817b5SAlexander V. Chernikov	struct chashbhead *old_head, *new_head;
ce2817b5SAlexander V. Chernikov	struct chashentry *ent, *ent_next;
ce2817b5SAlexander V. Chernikov	int af, i, mlen;
ce2817b5SAlexander V. Chernikov	uint32_t nhash;
b6ee846eSAlexander V. Chernikov	size_t old_size, new_size;
ce2817b5SAlexander V. Chernikov
ce2817b5SAlexander V. Chernikov	mi = (struct mod_item *)ta_buf;
b6ee846eSAlexander V. Chernikov	cfg = (struct chash_cfg *)ta_state;
ce2817b5SAlexander V. Chernikov
ce2817b5SAlexander V. Chernikov	/* Check which hash we need to grow and do we still need that */
b6ee846eSAlexander V. Chernikov	if (mi->size > 0 && cfg->size4 < mi->size) {
ce2817b5SAlexander V. Chernikov		new_head = (struct chashbhead *)mi->main_ptr;
b6ee846eSAlexander V. Chernikov		new_size = mi->size;
b6ee846eSAlexander V. Chernikov		old_size = cfg->size4;
b6ee846eSAlexander V. Chernikov		old_head = ti->state;
b6ee846eSAlexander V. Chernikov		mlen = cfg->mask4;
b6ee846eSAlexander V. Chernikov		af = AF_INET;
b6ee846eSAlexander V. Chernikov
ce2817b5SAlexander V. Chernikov		for (i = 0; i < old_size; i++) {
ce2817b5SAlexander V. Chernikov			SLIST_FOREACH_SAFE(ent, &old_head[i], next, ent_next) {
b6ee846eSAlexander V. Chernikov				nhash = hash_ent(ent, af, mlen, new_size);
ce2817b5SAlexander V. Chernikov				SLIST_INSERT_HEAD(&new_head[nhash], ent, next);
ce2817b5SAlexander V. Chernikov			}
ce2817b5SAlexander V. Chernikov		}
ce2817b5SAlexander V. Chernikov
ce2817b5SAlexander V. Chernikov		ti->state = new_head;
b6ee846eSAlexander V. Chernikov		cfg->head4 = new_head;
b6ee846eSAlexander V. Chernikov		cfg->size4 = mi->size;
b6ee846eSAlexander V. Chernikov		mi->main_ptr = old_head;
ce2817b5SAlexander V. Chernikov	}
ce2817b5SAlexander V. Chernikov
b6ee846eSAlexander V. Chernikov	if (mi->size6 > 0 && cfg->size6 < mi->size6) {
b6ee846eSAlexander V. Chernikov		new_head = (struct chashbhead *)mi->main_ptr6;
b6ee846eSAlexander V. Chernikov		new_size = mi->size6;
b6ee846eSAlexander V. Chernikov		old_size = cfg->size6;
b6ee846eSAlexander V. Chernikov		old_head = ti->xstate;
b6ee846eSAlexander V. Chernikov		mlen = cfg->mask6;
b6ee846eSAlexander V. Chernikov		af = AF_INET6;
914bffb6SAlexander V. Chernikov
b6ee846eSAlexander V. Chernikov		for (i = 0; i < old_size; i++) {
b6ee846eSAlexander V. Chernikov			SLIST_FOREACH_SAFE(ent, &old_head[i], next, ent_next) {
b6ee846eSAlexander V. Chernikov				nhash = hash_ent(ent, af, mlen, new_size);
b6ee846eSAlexander V. Chernikov				SLIST_INSERT_HEAD(&new_head[nhash], ent, next);
b6ee846eSAlexander V. Chernikov			}
b6ee846eSAlexander V. Chernikov		}
b6ee846eSAlexander V. Chernikov
b6ee846eSAlexander V. Chernikov		ti->xstate = new_head;
b6ee846eSAlexander V. Chernikov		cfg->head6 = new_head;
b6ee846eSAlexander V. Chernikov		cfg->size6 = mi->size6;
b6ee846eSAlexander V. Chernikov		mi->main_ptr6 = old_head;
b6ee846eSAlexander V. Chernikov	}
b6ee846eSAlexander V. Chernikov
b6ee846eSAlexander V. Chernikov	/* Update lower 32 bits with new values */
b6ee846eSAlexander V. Chernikov	ti->data &= 0xFFFFFFFF00000000;
9e3a53fdSAlexander V. Chernikov	ti->data |= ta_log2(cfg->size4) << 8 | ta_log2(cfg->size6);
ce2817b5SAlexander V. Chernikov}
ce2817b5SAlexander V. Chernikov
ce2817b5SAlexander V. Chernikov/*
ce2817b5SAlexander V. Chernikov * Free unneded array.
ce2817b5SAlexander V. Chernikov */
ce2817b5SAlexander V. Chernikovstatic void
ce2817b5SAlexander V. Chernikovta_flush_mod_chash(void *ta_buf)
ce2817b5SAlexander V. Chernikov{
ce2817b5SAlexander V. Chernikov	struct mod_item *mi;
ce2817b5SAlexander V. Chernikov
ce2817b5SAlexander V. Chernikov	mi = (struct mod_item *)ta_buf;
ce2817b5SAlexander V. Chernikov	if (mi->main_ptr != NULL)
ce2817b5SAlexander V. Chernikov		free(mi->main_ptr, M_IPFW);
b6ee846eSAlexander V. Chernikov	if (mi->main_ptr6 != NULL)
b6ee846eSAlexander V. Chernikov		free(mi->main_ptr6, M_IPFW);
ce2817b5SAlexander V. Chernikov}
ce2817b5SAlexander V. Chernikov
c21034b7SAlexander V. Chernikovstruct table_algo addr_hash = {
c21034b7SAlexander V. Chernikov	.name		= "addr:hash",
c21034b7SAlexander V. Chernikov	.type		= IPFW_TABLE_ADDR,
57a1cf95SAlexander V. Chernikov	.ta_buf_size	= sizeof(struct ta_buf_chash),
74b941f0SAlexander V. Chernikov	.init		= ta_init_chash,
74b941f0SAlexander V. Chernikov	.destroy	= ta_destroy_chash,
74b941f0SAlexander V. Chernikov	.prepare_add	= ta_prepare_add_chash,
74b941f0SAlexander V. Chernikov	.prepare_del	= ta_prepare_del_chash,
74b941f0SAlexander V. Chernikov	.add		= ta_add_chash,
74b941f0SAlexander V. Chernikov	.del		= ta_del_chash,
74b941f0SAlexander V. Chernikov	.flush_entry	= ta_flush_chash_entry,
74b941f0SAlexander V. Chernikov	.foreach	= ta_foreach_chash,
74b941f0SAlexander V. Chernikov	.dump_tentry	= ta_dump_chash_tentry,
74b941f0SAlexander V. Chernikov	.find_tentry	= ta_find_chash_tentry,
74b941f0SAlexander V. Chernikov	.print_config	= ta_print_chash_config,
5f379342SAlexander V. Chernikov	.dump_tinfo	= ta_dump_chash_tinfo,
301290bcSAlexander V. Chernikov	.need_modify	= ta_need_modify_chash,
ce2817b5SAlexander V. Chernikov	.prepare_mod	= ta_prepare_mod_chash,
ce2817b5SAlexander V. Chernikov	.fill_mod	= ta_fill_mod_chash,
ce2817b5SAlexander V. Chernikov	.modify		= ta_modify_chash,
ce2817b5SAlexander V. Chernikov	.flush_mod	= ta_flush_mod_chash,
74b941f0SAlexander V. Chernikov};
74b941f0SAlexander V. Chernikov
74b941f0SAlexander V. Chernikov/*
68394ec8SAlexander V. Chernikov * Iface table cmds.
68394ec8SAlexander V. Chernikov *
68394ec8SAlexander V. Chernikov * Implementation:
68394ec8SAlexander V. Chernikov *
68394ec8SAlexander V. Chernikov * Runtime part:
68394ec8SAlexander V. Chernikov * - sorted array of "struct ifidx" pointed by ti->state.
b23d5de9SAlexander V. Chernikov *   Array is allocated with rounding up to IFIDX_CHUNK. Only existing
68394ec8SAlexander V. Chernikov *   interfaces are stored in array, however its allocated size is
68394ec8SAlexander V. Chernikov *   sufficient to hold all table records if needed.
68394ec8SAlexander V. Chernikov * - current array size is stored in ti->data
68394ec8SAlexander V. Chernikov *
68394ec8SAlexander V. Chernikov * Table data:
68394ec8SAlexander V. Chernikov * - "struct iftable_cfg" is allocated to store table state (ta_state).
68394ec8SAlexander V. Chernikov * - All table records are stored inside namedobj instance.
9f7d47b0SAlexander V. Chernikov *
9f7d47b0SAlexander V. Chernikov */
9f7d47b0SAlexander V. Chernikov
68394ec8SAlexander V. Chernikovstruct ifidx {
68394ec8SAlexander V. Chernikov	uint16_t	kidx;
68394ec8SAlexander V. Chernikov	uint16_t	spare;
68394ec8SAlexander V. Chernikov	uint32_t	value;
68394ec8SAlexander V. Chernikov};
0cba2b28SAlexander V. Chernikov#define	DEFAULT_IFIDX_SIZE	64
68394ec8SAlexander V. Chernikov
68394ec8SAlexander V. Chernikovstruct iftable_cfg;
68394ec8SAlexander V. Chernikov
68394ec8SAlexander V. Chernikovstruct ifentry {
68394ec8SAlexander V. Chernikov	struct named_object	no;
68394ec8SAlexander V. Chernikov	struct ipfw_ifc		ic;
68394ec8SAlexander V. Chernikov	struct iftable_cfg	*icfg;
68394ec8SAlexander V. Chernikov	uint32_t		value;
68394ec8SAlexander V. Chernikov	int			linked;
68394ec8SAlexander V. Chernikov};
68394ec8SAlexander V. Chernikov
68394ec8SAlexander V. Chernikovstruct iftable_cfg {
68394ec8SAlexander V. Chernikov	struct namedobj_instance	*ii;
68394ec8SAlexander V. Chernikov	struct ip_fw_chain	*ch;
68394ec8SAlexander V. Chernikov	struct table_info	*ti;
68394ec8SAlexander V. Chernikov	void	*main_ptr;
68394ec8SAlexander V. Chernikov	size_t	size;	/* Number of items allocated in array */
68394ec8SAlexander V. Chernikov	size_t	count;	/* Number of all items */
68394ec8SAlexander V. Chernikov	size_t	used;	/* Number of items _active_ now */
68394ec8SAlexander V. Chernikov};
68394ec8SAlexander V. Chernikov
0bce0c23SAlexander V. Chernikovstruct ta_buf_ifidx
0bce0c23SAlexander V. Chernikov{
0bce0c23SAlexander V. Chernikov	struct ifentry *ife;
0bce0c23SAlexander V. Chernikov	uint32_t value;
0bce0c23SAlexander V. Chernikov};
68394ec8SAlexander V. Chernikov
68394ec8SAlexander V. Chernikovint compare_ifidx(const void *k, const void *v);
9fe15d06SAlexander V. Chernikovstatic struct ifidx * ifidx_find(struct table_info *ti, void *key);
9fe15d06SAlexander V. Chernikovstatic int ta_lookup_ifidx(struct table_info *ti, void *key, uint32_t keylen,
9fe15d06SAlexander V. Chernikov    uint32_t *val);
9fe15d06SAlexander V. Chernikovstatic int ta_init_ifidx(struct ip_fw_chain *ch, void **ta_state,
9fe15d06SAlexander V. Chernikov    struct table_info *ti, char *data, uint8_t tflags);
9fe15d06SAlexander V. Chernikovstatic void ta_change_ti_ifidx(void *ta_state, struct table_info *ti);
b309f085SAndrey V. Elsukovstatic int destroy_ifidx_locked(struct namedobj_instance *ii,
9fe15d06SAlexander V. Chernikov    struct named_object *no, void *arg);
9fe15d06SAlexander V. Chernikovstatic void ta_destroy_ifidx(void *ta_state, struct table_info *ti);
9fe15d06SAlexander V. Chernikovstatic void ta_dump_ifidx_tinfo(void *ta_state, struct table_info *ti,
9fe15d06SAlexander V. Chernikov    ipfw_ta_tinfo *tinfo);
9fe15d06SAlexander V. Chernikovstatic int ta_prepare_add_ifidx(struct ip_fw_chain *ch, struct tentry_info *tei,
9fe15d06SAlexander V. Chernikov    void *ta_buf);
9fe15d06SAlexander V. Chernikovstatic int ta_add_ifidx(void *ta_state, struct table_info *ti,
9fe15d06SAlexander V. Chernikov    struct tentry_info *tei, void *ta_buf, uint32_t *pnum);
9fe15d06SAlexander V. Chernikovstatic int ta_prepare_del_ifidx(struct ip_fw_chain *ch, struct tentry_info *tei,
9fe15d06SAlexander V. Chernikov    void *ta_buf);
9fe15d06SAlexander V. Chernikovstatic int ta_del_ifidx(void *ta_state, struct table_info *ti,
9fe15d06SAlexander V. Chernikov    struct tentry_info *tei, void *ta_buf, uint32_t *pnum);
9fe15d06SAlexander V. Chernikovstatic void ta_flush_ifidx_entry(struct ip_fw_chain *ch,
9fe15d06SAlexander V. Chernikov    struct tentry_info *tei, void *ta_buf);
9fe15d06SAlexander V. Chernikovstatic void if_notifier(struct ip_fw_chain *ch, void *cbdata, uint16_t ifindex);
9fe15d06SAlexander V. Chernikovstatic int ta_need_modify_ifidx(void *ta_state, struct table_info *ti,
9fe15d06SAlexander V. Chernikov    uint32_t count, uint64_t *pflags);
9fe15d06SAlexander V. Chernikovstatic int ta_prepare_mod_ifidx(void *ta_buf, uint64_t *pflags);
9fe15d06SAlexander V. Chernikovstatic int ta_fill_mod_ifidx(void *ta_state, struct table_info *ti,
9fe15d06SAlexander V. Chernikov    void *ta_buf, uint64_t *pflags);
9fe15d06SAlexander V. Chernikovstatic void ta_modify_ifidx(void *ta_state, struct table_info *ti, void *ta_buf,
9fe15d06SAlexander V. Chernikov    uint64_t pflags);
9fe15d06SAlexander V. Chernikovstatic void ta_flush_mod_ifidx(void *ta_buf);
9fe15d06SAlexander V. Chernikovstatic int ta_dump_ifidx_tentry(void *ta_state, struct table_info *ti, void *e,
9fe15d06SAlexander V. Chernikov    ipfw_obj_tentry *tent);
9fe15d06SAlexander V. Chernikovstatic int ta_find_ifidx_tentry(void *ta_state, struct table_info *ti,
9fe15d06SAlexander V. Chernikov    ipfw_obj_tentry *tent);
b309f085SAndrey V. Elsukovstatic int foreach_ifidx(struct namedobj_instance *ii, struct named_object *no,
9fe15d06SAlexander V. Chernikov    void *arg);
9fe15d06SAlexander V. Chernikovstatic void ta_foreach_ifidx(void *ta_state, struct table_info *ti,
9fe15d06SAlexander V. Chernikov    ta_foreach_f *f, void *arg);
68394ec8SAlexander V. Chernikov
68394ec8SAlexander V. Chernikovint
68394ec8SAlexander V. Chernikovcompare_ifidx(const void *k, const void *v)
68394ec8SAlexander V. Chernikov{
d4e1b515SAlexander V. Chernikov	const struct ifidx *ifidx;
68394ec8SAlexander V. Chernikov	uint16_t key;
68394ec8SAlexander V. Chernikov
d4e1b515SAlexander V. Chernikov	key = *((const uint16_t *)k);
d4e1b515SAlexander V. Chernikov	ifidx = (const struct ifidx *)v;
68394ec8SAlexander V. Chernikov
68394ec8SAlexander V. Chernikov	if (key < ifidx->kidx)
68394ec8SAlexander V. Chernikov		return (-1);
68394ec8SAlexander V. Chernikov	else if (key > ifidx->kidx)
68394ec8SAlexander V. Chernikov		return (1);
68394ec8SAlexander V. Chernikov
68394ec8SAlexander V. Chernikov	return (0);
68394ec8SAlexander V. Chernikov}
68394ec8SAlexander V. Chernikov
68394ec8SAlexander V. Chernikov/*
68394ec8SAlexander V. Chernikov * Adds item @item with key @key into ascending-sorted array @base.
68394ec8SAlexander V. Chernikov * Assumes @base has enough additional storage.
68394ec8SAlexander V. Chernikov *
68394ec8SAlexander V. Chernikov * Returns 1 on success, 0 on duplicate key.
68394ec8SAlexander V. Chernikov */
9f7d47b0SAlexander V. Chernikovstatic int
68394ec8SAlexander V. Chernikovbadd(const void *key, void *item, void *base, size_t nmemb,
68394ec8SAlexander V. Chernikov    size_t size, int (*compar) (const void *, const void *))
68394ec8SAlexander V. Chernikov{
68394ec8SAlexander V. Chernikov	int min, max, mid, shift, res;
68394ec8SAlexander V. Chernikov	caddr_t paddr;
68394ec8SAlexander V. Chernikov
68394ec8SAlexander V. Chernikov	if (nmemb == 0) {
68394ec8SAlexander V. Chernikov		memcpy(base, item, size);
68394ec8SAlexander V. Chernikov		return (1);
68394ec8SAlexander V. Chernikov	}
68394ec8SAlexander V. Chernikov
68394ec8SAlexander V. Chernikov	/* Binary search */
68394ec8SAlexander V. Chernikov	min = 0;
68394ec8SAlexander V. Chernikov	max = nmemb - 1;
68394ec8SAlexander V. Chernikov	mid = 0;
68394ec8SAlexander V. Chernikov	while (min <= max) {
68394ec8SAlexander V. Chernikov		mid = (min + max) / 2;
68394ec8SAlexander V. Chernikov		res = compar(key, (const void *)((caddr_t)base + mid * size));
68394ec8SAlexander V. Chernikov		if (res == 0)
68394ec8SAlexander V. Chernikov			return (0);
68394ec8SAlexander V. Chernikov
68394ec8SAlexander V. Chernikov		if (res > 0)
68394ec8SAlexander V. Chernikov			min = mid + 1;
68394ec8SAlexander V. Chernikov		else
68394ec8SAlexander V. Chernikov			max = mid - 1;
68394ec8SAlexander V. Chernikov	}
68394ec8SAlexander V. Chernikov
68394ec8SAlexander V. Chernikov	/* Item not found. */
68394ec8SAlexander V. Chernikov	res = compar(key, (const void *)((caddr_t)base + mid * size));
68394ec8SAlexander V. Chernikov	if (res > 0)
68394ec8SAlexander V. Chernikov		shift = mid + 1;
68394ec8SAlexander V. Chernikov	else
68394ec8SAlexander V. Chernikov		shift = mid;
68394ec8SAlexander V. Chernikov
68394ec8SAlexander V. Chernikov	paddr = (caddr_t)base + shift * size;
68394ec8SAlexander V. Chernikov	if (nmemb > shift)
68394ec8SAlexander V. Chernikov		memmove(paddr + size, paddr, (nmemb - shift) * size);
68394ec8SAlexander V. Chernikov
68394ec8SAlexander V. Chernikov	memcpy(paddr, item, size);
68394ec8SAlexander V. Chernikov
68394ec8SAlexander V. Chernikov	return (1);
68394ec8SAlexander V. Chernikov}
68394ec8SAlexander V. Chernikov
68394ec8SAlexander V. Chernikov/*
68394ec8SAlexander V. Chernikov * Deletes item with key @key from ascending-sorted array @base.
68394ec8SAlexander V. Chernikov *
68394ec8SAlexander V. Chernikov * Returns 1 on success, 0 for non-existent key.
68394ec8SAlexander V. Chernikov */
68394ec8SAlexander V. Chernikovstatic int
68394ec8SAlexander V. Chernikovbdel(const void *key, void *base, size_t nmemb, size_t size,
68394ec8SAlexander V. Chernikov    int (*compar) (const void *, const void *))
68394ec8SAlexander V. Chernikov{
68394ec8SAlexander V. Chernikov	caddr_t item;
68394ec8SAlexander V. Chernikov	size_t sz;
68394ec8SAlexander V. Chernikov
68394ec8SAlexander V. Chernikov	item = (caddr_t)bsearch(key, base, nmemb, size, compar);
68394ec8SAlexander V. Chernikov
68394ec8SAlexander V. Chernikov	if (item == NULL)
68394ec8SAlexander V. Chernikov		return (0);
68394ec8SAlexander V. Chernikov
68394ec8SAlexander V. Chernikov	sz = (caddr_t)base + nmemb * size - item;
68394ec8SAlexander V. Chernikov
68394ec8SAlexander V. Chernikov	if (sz > 0)
68394ec8SAlexander V. Chernikov		memmove(item, item + size, sz);
68394ec8SAlexander V. Chernikov
68394ec8SAlexander V. Chernikov	return (1);
68394ec8SAlexander V. Chernikov}
68394ec8SAlexander V. Chernikov
68394ec8SAlexander V. Chernikovstatic struct ifidx *
68394ec8SAlexander V. Chernikovifidx_find(struct table_info *ti, void *key)
68394ec8SAlexander V. Chernikov{
68394ec8SAlexander V. Chernikov	struct ifidx *ifi;
68394ec8SAlexander V. Chernikov
68394ec8SAlexander V. Chernikov	ifi = bsearch(key, ti->state, ti->data, sizeof(struct ifidx),
68394ec8SAlexander V. Chernikov	    compare_ifidx);
68394ec8SAlexander V. Chernikov
68394ec8SAlexander V. Chernikov	return (ifi);
68394ec8SAlexander V. Chernikov}
68394ec8SAlexander V. Chernikov
68394ec8SAlexander V. Chernikovstatic int
68394ec8SAlexander V. Chernikovta_lookup_ifidx(struct table_info *ti, void *key, uint32_t keylen,
9f7d47b0SAlexander V. Chernikov    uint32_t *val)
9f7d47b0SAlexander V. Chernikov{
68394ec8SAlexander V. Chernikov	struct ifidx *ifi;
9f7d47b0SAlexander V. Chernikov
68394ec8SAlexander V. Chernikov	ifi = ifidx_find(ti, key);
9f7d47b0SAlexander V. Chernikov
68394ec8SAlexander V. Chernikov	if (ifi != NULL) {
68394ec8SAlexander V. Chernikov		*val = ifi->value;
9f7d47b0SAlexander V. Chernikov		return (1);
9f7d47b0SAlexander V. Chernikov	}
9f7d47b0SAlexander V. Chernikov
9f7d47b0SAlexander V. Chernikov	return (0);
9f7d47b0SAlexander V. Chernikov}
9f7d47b0SAlexander V. Chernikov
9f7d47b0SAlexander V. Chernikovstatic int
68394ec8SAlexander V. Chernikovta_init_ifidx(struct ip_fw_chain *ch, void **ta_state, struct table_info *ti,
914bffb6SAlexander V. Chernikov    char *data, uint8_t tflags)
9f7d47b0SAlexander V. Chernikov{
68394ec8SAlexander V. Chernikov	struct iftable_cfg *icfg;
9f7d47b0SAlexander V. Chernikov
68394ec8SAlexander V. Chernikov	icfg = malloc(sizeof(struct iftable_cfg), M_IPFW, M_WAITOK | M_ZERO);
9f7d47b0SAlexander V. Chernikov
*4a77657cSAndrey V. Elsukov	icfg->ii = ipfw_objhash_create(DEFAULT_IFIDX_SIZE, DEFAULT_OBJHASH_SIZE);
0cba2b28SAlexander V. Chernikov	icfg->size = DEFAULT_IFIDX_SIZE;
0bce0c23SAlexander V. Chernikov	icfg->main_ptr = malloc(sizeof(struct ifidx) * icfg->size, M_IPFW,
68394ec8SAlexander V. Chernikov	    M_WAITOK | M_ZERO);
68394ec8SAlexander V. Chernikov	icfg->ch = ch;
9f7d47b0SAlexander V. Chernikov
68394ec8SAlexander V. Chernikov	*ta_state = icfg;
68394ec8SAlexander V. Chernikov	ti->state = icfg->main_ptr;
68394ec8SAlexander V. Chernikov	ti->lookup = ta_lookup_ifidx;
9f7d47b0SAlexander V. Chernikov
9f7d47b0SAlexander V. Chernikov	return (0);
9f7d47b0SAlexander V. Chernikov}
9f7d47b0SAlexander V. Chernikov
68394ec8SAlexander V. Chernikov/*
68394ec8SAlexander V. Chernikov * Handle tableinfo @ti pointer change (on table array resize).
68394ec8SAlexander V. Chernikov */
68394ec8SAlexander V. Chernikovstatic void
68394ec8SAlexander V. Chernikovta_change_ti_ifidx(void *ta_state, struct table_info *ti)
68394ec8SAlexander V. Chernikov{
68394ec8SAlexander V. Chernikov	struct iftable_cfg *icfg;
68394ec8SAlexander V. Chernikov
68394ec8SAlexander V. Chernikov	icfg = (struct iftable_cfg *)ta_state;
68394ec8SAlexander V. Chernikov	icfg->ti = ti;
68394ec8SAlexander V. Chernikov}
9f7d47b0SAlexander V. Chernikov
b309f085SAndrey V. Elsukovstatic int
68394ec8SAlexander V. Chernikovdestroy_ifidx_locked(struct namedobj_instance *ii, struct named_object *no,
68394ec8SAlexander V. Chernikov    void *arg)
9f7d47b0SAlexander V. Chernikov{
68394ec8SAlexander V. Chernikov	struct ifentry *ife;
68394ec8SAlexander V. Chernikov	struct ip_fw_chain *ch;
9f7d47b0SAlexander V. Chernikov
68394ec8SAlexander V. Chernikov	ch = (struct ip_fw_chain *)arg;
68394ec8SAlexander V. Chernikov	ife = (struct ifentry *)no;
68394ec8SAlexander V. Chernikov
68394ec8SAlexander V. Chernikov	ipfw_iface_del_notify(ch, &ife->ic);
0caab009SAlexander V. Chernikov	ipfw_iface_unref(ch, &ife->ic);
68394ec8SAlexander V. Chernikov	free(ife, M_IPFW_TBL);
b309f085SAndrey V. Elsukov	return (0);
9f7d47b0SAlexander V. Chernikov}
9f7d47b0SAlexander V. Chernikov
68394ec8SAlexander V. Chernikov/*
68394ec8SAlexander V. Chernikov * Destroys table @ti
68394ec8SAlexander V. Chernikov */
68394ec8SAlexander V. Chernikovstatic void
68394ec8SAlexander V. Chernikovta_destroy_ifidx(void *ta_state, struct table_info *ti)
9f7d47b0SAlexander V. Chernikov{
68394ec8SAlexander V. Chernikov	struct iftable_cfg *icfg;
68394ec8SAlexander V. Chernikov	struct ip_fw_chain *ch;
68394ec8SAlexander V. Chernikov
68394ec8SAlexander V. Chernikov	icfg = (struct iftable_cfg *)ta_state;
68394ec8SAlexander V. Chernikov	ch = icfg->ch;
68394ec8SAlexander V. Chernikov
68394ec8SAlexander V. Chernikov	if (icfg->main_ptr != NULL)
68394ec8SAlexander V. Chernikov		free(icfg->main_ptr, M_IPFW);
68394ec8SAlexander V. Chernikov
0caab009SAlexander V. Chernikov	IPFW_UH_WLOCK(ch);
68394ec8SAlexander V. Chernikov	ipfw_objhash_foreach(icfg->ii, destroy_ifidx_locked, ch);
0caab009SAlexander V. Chernikov	IPFW_UH_WUNLOCK(ch);
68394ec8SAlexander V. Chernikov
68394ec8SAlexander V. Chernikov	ipfw_objhash_destroy(icfg->ii);
68394ec8SAlexander V. Chernikov
68394ec8SAlexander V. Chernikov	free(icfg, M_IPFW);
68394ec8SAlexander V. Chernikov}
68394ec8SAlexander V. Chernikov
68394ec8SAlexander V. Chernikov/*
5f379342SAlexander V. Chernikov * Provide algo-specific table info
5f379342SAlexander V. Chernikov */
5f379342SAlexander V. Chernikovstatic void
5f379342SAlexander V. Chernikovta_dump_ifidx_tinfo(void *ta_state, struct table_info *ti, ipfw_ta_tinfo *tinfo)
5f379342SAlexander V. Chernikov{
5f379342SAlexander V. Chernikov	struct iftable_cfg *cfg;
5f379342SAlexander V. Chernikov
5f379342SAlexander V. Chernikov	cfg = (struct iftable_cfg *)ta_state;
5f379342SAlexander V. Chernikov
5f379342SAlexander V. Chernikov	tinfo->taclass4 = IPFW_TACLASS_ARRAY;
5f379342SAlexander V. Chernikov	tinfo->size4 = cfg->size;
5f379342SAlexander V. Chernikov	tinfo->count4 = cfg->used;
5f379342SAlexander V. Chernikov	tinfo->itemsize4 = sizeof(struct ifidx);
5f379342SAlexander V. Chernikov}
5f379342SAlexander V. Chernikov
5f379342SAlexander V. Chernikov/*
68394ec8SAlexander V. Chernikov * Prepare state to add to the table:
68394ec8SAlexander V. Chernikov * allocate ifentry and reference needed interface.
68394ec8SAlexander V. Chernikov */
9f7d47b0SAlexander V. Chernikovstatic int
68394ec8SAlexander V. Chernikovta_prepare_add_ifidx(struct ip_fw_chain *ch, struct tentry_info *tei,
68394ec8SAlexander V. Chernikov    void *ta_buf)
68394ec8SAlexander V. Chernikov{
68394ec8SAlexander V. Chernikov	struct ta_buf_ifidx *tb;
68394ec8SAlexander V. Chernikov	char *ifname;
68394ec8SAlexander V. Chernikov	struct ifentry *ife;
68394ec8SAlexander V. Chernikov
68394ec8SAlexander V. Chernikov	tb = (struct ta_buf_ifidx *)ta_buf;
68394ec8SAlexander V. Chernikov
68394ec8SAlexander V. Chernikov	/* Check if string is terminated */
68394ec8SAlexander V. Chernikov	ifname = (char *)tei->paddr;
68394ec8SAlexander V. Chernikov	if (strnlen(ifname, IF_NAMESIZE) == IF_NAMESIZE)
68394ec8SAlexander V. Chernikov		return (EINVAL);
68394ec8SAlexander V. Chernikov
68394ec8SAlexander V. Chernikov	ife = malloc(sizeof(struct ifentry), M_IPFW_TBL, M_WAITOK | M_ZERO);
68394ec8SAlexander V. Chernikov	ife->ic.cb = if_notifier;
68394ec8SAlexander V. Chernikov	ife->ic.cbdata = ife;
68394ec8SAlexander V. Chernikov
8ebca97fSAlexander V. Chernikov	if (ipfw_iface_ref(ch, ifname, &ife->ic) != 0) {
8ebca97fSAlexander V. Chernikov		free(ife, M_IPFW_TBL);
68394ec8SAlexander V. Chernikov		return (EINVAL);
8ebca97fSAlexander V. Chernikov	}
68394ec8SAlexander V. Chernikov
68394ec8SAlexander V. Chernikov	/* Use ipfw_iface 'ifname' field as stable storage */
68394ec8SAlexander V. Chernikov	ife->no.name = ife->ic.iface->ifname;
68394ec8SAlexander V. Chernikov
68394ec8SAlexander V. Chernikov	tb->ife = ife;
68394ec8SAlexander V. Chernikov
68394ec8SAlexander V. Chernikov	return (0);
68394ec8SAlexander V. Chernikov}
68394ec8SAlexander V. Chernikov
68394ec8SAlexander V. Chernikovstatic int
adea6201SAlexander V. Chernikovta_add_ifidx(void *ta_state, struct table_info *ti, struct tentry_info *tei,
b6ee846eSAlexander V. Chernikov    void *ta_buf, uint32_t *pnum)
68394ec8SAlexander V. Chernikov{
68394ec8SAlexander V. Chernikov	struct iftable_cfg *icfg;
68394ec8SAlexander V. Chernikov	struct ifentry *ife, *tmp;
68394ec8SAlexander V. Chernikov	struct ta_buf_ifidx *tb;
68394ec8SAlexander V. Chernikov	struct ipfw_iface *iif;
68394ec8SAlexander V. Chernikov	struct ifidx *ifi;
68394ec8SAlexander V. Chernikov	char *ifname;
648e8380SAlexander V. Chernikov	uint32_t value;
68394ec8SAlexander V. Chernikov
68394ec8SAlexander V. Chernikov	tb = (struct ta_buf_ifidx *)ta_buf;
68394ec8SAlexander V. Chernikov	ifname = (char *)tei->paddr;
68394ec8SAlexander V. Chernikov	icfg = (struct iftable_cfg *)ta_state;
68394ec8SAlexander V. Chernikov	ife = tb->ife;
68394ec8SAlexander V. Chernikov
68394ec8SAlexander V. Chernikov	ife->icfg = icfg;
13263632SAlexander V. Chernikov	ife->value = tei->value;
68394ec8SAlexander V. Chernikov
68394ec8SAlexander V. Chernikov	tmp = (struct ifentry *)ipfw_objhash_lookup_name(icfg->ii, 0, ifname);
68394ec8SAlexander V. Chernikov
68394ec8SAlexander V. Chernikov	if (tmp != NULL) {
68394ec8SAlexander V. Chernikov		if ((tei->flags & TEI_FLAGS_UPDATE) == 0)
68394ec8SAlexander V. Chernikov			return (EEXIST);
68394ec8SAlexander V. Chernikov
648e8380SAlexander V. Chernikov		/* Exchange values in @tmp and @tei */
648e8380SAlexander V. Chernikov		value = tmp->value;
648e8380SAlexander V. Chernikov		tmp->value = tei->value;
648e8380SAlexander V. Chernikov		tei->value = value;
68394ec8SAlexander V. Chernikov
648e8380SAlexander V. Chernikov		iif = tmp->ic.iface;
68394ec8SAlexander V. Chernikov		if (iif->resolved != 0) {
648e8380SAlexander V. Chernikov			/* We have to update runtime value, too */
68394ec8SAlexander V. Chernikov			ifi = ifidx_find(ti, &iif->ifindex);
68394ec8SAlexander V. Chernikov			ifi->value = ife->value;
68394ec8SAlexander V. Chernikov		}
68394ec8SAlexander V. Chernikov
68394ec8SAlexander V. Chernikov		/* Indicate that update has happened instead of addition */
68394ec8SAlexander V. Chernikov		tei->flags |= TEI_FLAGS_UPDATED;
adea6201SAlexander V. Chernikov		*pnum = 0;
68394ec8SAlexander V. Chernikov		return (0);
68394ec8SAlexander V. Chernikov	}
68394ec8SAlexander V. Chernikov
4c0c07a5SAlexander V. Chernikov	if ((tei->flags & TEI_FLAGS_DONTADD) != 0)
4c0c07a5SAlexander V. Chernikov		return (EFBIG);
4c0c07a5SAlexander V. Chernikov
68394ec8SAlexander V. Chernikov	/* Link to internal list */
68394ec8SAlexander V. Chernikov	ipfw_objhash_add(icfg->ii, &ife->no);
68394ec8SAlexander V. Chernikov
68394ec8SAlexander V. Chernikov	/* Link notifier (possible running its callback) */
68394ec8SAlexander V. Chernikov	ipfw_iface_add_notify(icfg->ch, &ife->ic);
68394ec8SAlexander V. Chernikov	icfg->count++;
68394ec8SAlexander V. Chernikov
68394ec8SAlexander V. Chernikov	tb->ife = NULL;
adea6201SAlexander V. Chernikov	*pnum = 1;
68394ec8SAlexander V. Chernikov
68394ec8SAlexander V. Chernikov	return (0);
68394ec8SAlexander V. Chernikov}
68394ec8SAlexander V. Chernikov
68394ec8SAlexander V. Chernikov/*
68394ec8SAlexander V. Chernikov * Prepare to delete key from table.
68394ec8SAlexander V. Chernikov * Do basic interface name checks.
68394ec8SAlexander V. Chernikov */
68394ec8SAlexander V. Chernikovstatic int
68394ec8SAlexander V. Chernikovta_prepare_del_ifidx(struct ip_fw_chain *ch, struct tentry_info *tei,
68394ec8SAlexander V. Chernikov    void *ta_buf)
9f7d47b0SAlexander V. Chernikov{
e0a8b9eeSAlexander V. Chernikov	char *ifname;
9f7d47b0SAlexander V. Chernikov
9f7d47b0SAlexander V. Chernikov	/* Check if string is terminated */
e0a8b9eeSAlexander V. Chernikov	ifname = (char *)tei->paddr;
e0a8b9eeSAlexander V. Chernikov	if (strnlen(ifname, IF_NAMESIZE) == IF_NAMESIZE)
9f7d47b0SAlexander V. Chernikov		return (EINVAL);
9f7d47b0SAlexander V. Chernikov
9f7d47b0SAlexander V. Chernikov	return (0);
9f7d47b0SAlexander V. Chernikov}
9f7d47b0SAlexander V. Chernikov
68394ec8SAlexander V. Chernikov/*
68394ec8SAlexander V. Chernikov * Remove key from both configuration list and
68394ec8SAlexander V. Chernikov * runtime array. Removed interface notification.
68394ec8SAlexander V. Chernikov */
9f7d47b0SAlexander V. Chernikovstatic int
adea6201SAlexander V. Chernikovta_del_ifidx(void *ta_state, struct table_info *ti, struct tentry_info *tei,
b6ee846eSAlexander V. Chernikov    void *ta_buf, uint32_t *pnum)
9f7d47b0SAlexander V. Chernikov{
68394ec8SAlexander V. Chernikov	struct iftable_cfg *icfg;
68394ec8SAlexander V. Chernikov	struct ifentry *ife;
68394ec8SAlexander V. Chernikov	struct ta_buf_ifidx *tb;
68394ec8SAlexander V. Chernikov	char *ifname;
68394ec8SAlexander V. Chernikov	uint16_t ifindex;
60a28b09SMateusz Guzik	int res __diagused;
9f7d47b0SAlexander V. Chernikov
68394ec8SAlexander V. Chernikov	tb = (struct ta_buf_ifidx *)ta_buf;
68394ec8SAlexander V. Chernikov	ifname = (char *)tei->paddr;
68394ec8SAlexander V. Chernikov	icfg = (struct iftable_cfg *)ta_state;
9f7d47b0SAlexander V. Chernikov
68394ec8SAlexander V. Chernikov	ife = (struct ifentry *)ipfw_objhash_lookup_name(icfg->ii, 0, ifname);
9f7d47b0SAlexander V. Chernikov
68394ec8SAlexander V. Chernikov	if (ife == NULL)
81d3153dSAlexander V. Chernikov		return (ENOENT);
9f7d47b0SAlexander V. Chernikov
68394ec8SAlexander V. Chernikov	if (ife->linked != 0) {
68394ec8SAlexander V. Chernikov		/* We have to remove item from runtime */
68394ec8SAlexander V. Chernikov		ifindex = ife->ic.iface->ifindex;
68394ec8SAlexander V. Chernikov
68394ec8SAlexander V. Chernikov		res = bdel(&ifindex, icfg->main_ptr, icfg->used,
68394ec8SAlexander V. Chernikov		    sizeof(struct ifidx), compare_ifidx);
68394ec8SAlexander V. Chernikov
68394ec8SAlexander V. Chernikov		KASSERT(res == 1, ("index %d does not exist", ifindex));
68394ec8SAlexander V. Chernikov		icfg->used--;
68394ec8SAlexander V. Chernikov		ti->data = icfg->used;
68394ec8SAlexander V. Chernikov		ife->linked = 0;
68394ec8SAlexander V. Chernikov	}
68394ec8SAlexander V. Chernikov
68394ec8SAlexander V. Chernikov	/* Unlink from local list */
68394ec8SAlexander V. Chernikov	ipfw_objhash_del(icfg->ii, &ife->no);
0caab009SAlexander V. Chernikov	/* Unlink notifier and deref */
68394ec8SAlexander V. Chernikov	ipfw_iface_del_notify(icfg->ch, &ife->ic);
0caab009SAlexander V. Chernikov	ipfw_iface_unref(icfg->ch, &ife->ic);
68394ec8SAlexander V. Chernikov
68394ec8SAlexander V. Chernikov	icfg->count--;
648e8380SAlexander V. Chernikov	tei->value = ife->value;
68394ec8SAlexander V. Chernikov
68394ec8SAlexander V. Chernikov	tb->ife = ife;
adea6201SAlexander V. Chernikov	*pnum = 1;
68394ec8SAlexander V. Chernikov
9f7d47b0SAlexander V. Chernikov	return (0);
9f7d47b0SAlexander V. Chernikov}
9f7d47b0SAlexander V. Chernikov
68394ec8SAlexander V. Chernikov/*
68394ec8SAlexander V. Chernikov * Flush deleted entry.
68394ec8SAlexander V. Chernikov * Drops interface reference and frees entry.
68394ec8SAlexander V. Chernikov */
9f7d47b0SAlexander V. Chernikovstatic void
68394ec8SAlexander V. Chernikovta_flush_ifidx_entry(struct ip_fw_chain *ch, struct tentry_info *tei,
68394ec8SAlexander V. Chernikov    void *ta_buf)
9f7d47b0SAlexander V. Chernikov{
68394ec8SAlexander V. Chernikov	struct ta_buf_ifidx *tb;
9f7d47b0SAlexander V. Chernikov
68394ec8SAlexander V. Chernikov	tb = (struct ta_buf_ifidx *)ta_buf;
9f7d47b0SAlexander V. Chernikov
0caab009SAlexander V. Chernikov	if (tb->ife != NULL)
68394ec8SAlexander V. Chernikov		free(tb->ife, M_IPFW_TBL);
68394ec8SAlexander V. Chernikov}
68394ec8SAlexander V. Chernikov
68394ec8SAlexander V. Chernikov/*
68394ec8SAlexander V. Chernikov * Handle interface announce/withdrawal for particular table.
68394ec8SAlexander V. Chernikov * Every real runtime array modification happens here.
68394ec8SAlexander V. Chernikov */
68394ec8SAlexander V. Chernikovstatic void
68394ec8SAlexander V. Chernikovif_notifier(struct ip_fw_chain *ch, void *cbdata, uint16_t ifindex)
68394ec8SAlexander V. Chernikov{
68394ec8SAlexander V. Chernikov	struct ifentry *ife;
68394ec8SAlexander V. Chernikov	struct ifidx ifi;
68394ec8SAlexander V. Chernikov	struct iftable_cfg *icfg;
68394ec8SAlexander V. Chernikov	struct table_info *ti;
60a28b09SMateusz Guzik	int res __diagused;
68394ec8SAlexander V. Chernikov
68394ec8SAlexander V. Chernikov	ife = (struct ifentry *)cbdata;
68394ec8SAlexander V. Chernikov	icfg = ife->icfg;
68394ec8SAlexander V. Chernikov	ti = icfg->ti;
68394ec8SAlexander V. Chernikov
68394ec8SAlexander V. Chernikov	KASSERT(ti != NULL, ("ti=NULL, check change_ti handler"));
68394ec8SAlexander V. Chernikov
68394ec8SAlexander V. Chernikov	if (ife->linked == 0 && ifindex != 0) {
68394ec8SAlexander V. Chernikov		/* Interface announce */
68394ec8SAlexander V. Chernikov		ifi.kidx = ifindex;
68394ec8SAlexander V. Chernikov		ifi.spare = 0;
68394ec8SAlexander V. Chernikov		ifi.value = ife->value;
68394ec8SAlexander V. Chernikov		res = badd(&ifindex, &ifi, icfg->main_ptr, icfg->used,
68394ec8SAlexander V. Chernikov		    sizeof(struct ifidx), compare_ifidx);
68394ec8SAlexander V. Chernikov		KASSERT(res == 1, ("index %d already exists", ifindex));
68394ec8SAlexander V. Chernikov		icfg->used++;
68394ec8SAlexander V. Chernikov		ti->data = icfg->used;
68394ec8SAlexander V. Chernikov		ife->linked = 1;
68394ec8SAlexander V. Chernikov	} else if (ife->linked != 0 && ifindex == 0) {
68394ec8SAlexander V. Chernikov		/* Interface withdrawal */
68394ec8SAlexander V. Chernikov		ifindex = ife->ic.iface->ifindex;
68394ec8SAlexander V. Chernikov
68394ec8SAlexander V. Chernikov		res = bdel(&ifindex, icfg->main_ptr, icfg->used,
68394ec8SAlexander V. Chernikov		    sizeof(struct ifidx), compare_ifidx);
68394ec8SAlexander V. Chernikov
68394ec8SAlexander V. Chernikov		KASSERT(res == 1, ("index %d does not exist", ifindex));
68394ec8SAlexander V. Chernikov		icfg->used--;
68394ec8SAlexander V. Chernikov		ti->data = icfg->used;
68394ec8SAlexander V. Chernikov		ife->linked = 0;
68394ec8SAlexander V. Chernikov	}
68394ec8SAlexander V. Chernikov}
68394ec8SAlexander V. Chernikov
68394ec8SAlexander V. Chernikov/*
68394ec8SAlexander V. Chernikov * Table growing callbacks.
68394ec8SAlexander V. Chernikov */
68394ec8SAlexander V. Chernikov
b6ee846eSAlexander V. Chernikovstatic int
301290bcSAlexander V. Chernikovta_need_modify_ifidx(void *ta_state, struct table_info *ti, uint32_t count,
b6ee846eSAlexander V. Chernikov    uint64_t *pflags)
b6ee846eSAlexander V. Chernikov{
b6ee846eSAlexander V. Chernikov	struct iftable_cfg *cfg;
0bce0c23SAlexander V. Chernikov	uint32_t size;
b6ee846eSAlexander V. Chernikov
b6ee846eSAlexander V. Chernikov	cfg = (struct iftable_cfg *)ta_state;
b6ee846eSAlexander V. Chernikov
0bce0c23SAlexander V. Chernikov	size = cfg->size;
0bce0c23SAlexander V. Chernikov	while (size < cfg->count + count)
0bce0c23SAlexander V. Chernikov		size *= 2;
0bce0c23SAlexander V. Chernikov
0bce0c23SAlexander V. Chernikov	if (size != cfg->size) {
0bce0c23SAlexander V. Chernikov		*pflags = size;
301290bcSAlexander V. Chernikov		return (1);
b6ee846eSAlexander V. Chernikov	}
b6ee846eSAlexander V. Chernikov
301290bcSAlexander V. Chernikov	return (0);
b6ee846eSAlexander V. Chernikov}
b6ee846eSAlexander V. Chernikov
68394ec8SAlexander V. Chernikov/*
68394ec8SAlexander V. Chernikov * Allocate ned, larger runtime ifidx array.
68394ec8SAlexander V. Chernikov */
68394ec8SAlexander V. Chernikovstatic int
68394ec8SAlexander V. Chernikovta_prepare_mod_ifidx(void *ta_buf, uint64_t *pflags)
68394ec8SAlexander V. Chernikov{
0bce0c23SAlexander V. Chernikov	struct mod_item *mi;
68394ec8SAlexander V. Chernikov
0bce0c23SAlexander V. Chernikov	mi = (struct mod_item *)ta_buf;
68394ec8SAlexander V. Chernikov
0bce0c23SAlexander V. Chernikov	memset(mi, 0, sizeof(struct mod_item));
68394ec8SAlexander V. Chernikov	mi->size = *pflags;
68394ec8SAlexander V. Chernikov	mi->main_ptr = malloc(sizeof(struct ifidx) * mi->size, M_IPFW,
68394ec8SAlexander V. Chernikov	    M_WAITOK | M_ZERO);
68394ec8SAlexander V. Chernikov
68394ec8SAlexander V. Chernikov	return (0);
68394ec8SAlexander V. Chernikov}
68394ec8SAlexander V. Chernikov
68394ec8SAlexander V. Chernikov/*
68394ec8SAlexander V. Chernikov * Copy data from old runtime array to new one.
68394ec8SAlexander V. Chernikov */
68394ec8SAlexander V. Chernikovstatic int
68394ec8SAlexander V. Chernikovta_fill_mod_ifidx(void *ta_state, struct table_info *ti, void *ta_buf,
68394ec8SAlexander V. Chernikov    uint64_t *pflags)
68394ec8SAlexander V. Chernikov{
0bce0c23SAlexander V. Chernikov	struct mod_item *mi;
68394ec8SAlexander V. Chernikov	struct iftable_cfg *icfg;
68394ec8SAlexander V. Chernikov
0bce0c23SAlexander V. Chernikov	mi = (struct mod_item *)ta_buf;
68394ec8SAlexander V. Chernikov	icfg = (struct iftable_cfg *)ta_state;
68394ec8SAlexander V. Chernikov
68394ec8SAlexander V. Chernikov	/* Check if we still need to grow array */
68394ec8SAlexander V. Chernikov	if (icfg->size >= mi->size) {
68394ec8SAlexander V. Chernikov		*pflags = 0;
68394ec8SAlexander V. Chernikov		return (0);
68394ec8SAlexander V. Chernikov	}
68394ec8SAlexander V. Chernikov
68394ec8SAlexander V. Chernikov	memcpy(mi->main_ptr, icfg->main_ptr, icfg->used * sizeof(struct ifidx));
68394ec8SAlexander V. Chernikov
68394ec8SAlexander V. Chernikov	return (0);
68394ec8SAlexander V. Chernikov}
68394ec8SAlexander V. Chernikov
68394ec8SAlexander V. Chernikov/*
68394ec8SAlexander V. Chernikov * Switch old & new arrays.
68394ec8SAlexander V. Chernikov */
301290bcSAlexander V. Chernikovstatic void
68394ec8SAlexander V. Chernikovta_modify_ifidx(void *ta_state, struct table_info *ti, void *ta_buf,
68394ec8SAlexander V. Chernikov    uint64_t pflags)
68394ec8SAlexander V. Chernikov{
0bce0c23SAlexander V. Chernikov	struct mod_item *mi;
68394ec8SAlexander V. Chernikov	struct iftable_cfg *icfg;
68394ec8SAlexander V. Chernikov	void *old_ptr;
68394ec8SAlexander V. Chernikov
0bce0c23SAlexander V. Chernikov	mi = (struct mod_item *)ta_buf;
68394ec8SAlexander V. Chernikov	icfg = (struct iftable_cfg *)ta_state;
68394ec8SAlexander V. Chernikov
68394ec8SAlexander V. Chernikov	old_ptr = icfg->main_ptr;
68394ec8SAlexander V. Chernikov	icfg->main_ptr = mi->main_ptr;
68394ec8SAlexander V. Chernikov	icfg->size = mi->size;
68394ec8SAlexander V. Chernikov	ti->state = icfg->main_ptr;
68394ec8SAlexander V. Chernikov
68394ec8SAlexander V. Chernikov	mi->main_ptr = old_ptr;
68394ec8SAlexander V. Chernikov}
68394ec8SAlexander V. Chernikov
68394ec8SAlexander V. Chernikov/*
68394ec8SAlexander V. Chernikov * Free unneded array.
68394ec8SAlexander V. Chernikov */
68394ec8SAlexander V. Chernikovstatic void
68394ec8SAlexander V. Chernikovta_flush_mod_ifidx(void *ta_buf)
68394ec8SAlexander V. Chernikov{
0bce0c23SAlexander V. Chernikov	struct mod_item *mi;
68394ec8SAlexander V. Chernikov
0bce0c23SAlexander V. Chernikov	mi = (struct mod_item *)ta_buf;
68394ec8SAlexander V. Chernikov	if (mi->main_ptr != NULL)
68394ec8SAlexander V. Chernikov		free(mi->main_ptr, M_IPFW);
9f7d47b0SAlexander V. Chernikov}
9f7d47b0SAlexander V. Chernikov
9f7d47b0SAlexander V. Chernikovstatic int
68394ec8SAlexander V. Chernikovta_dump_ifidx_tentry(void *ta_state, struct table_info *ti, void *e,
81d3153dSAlexander V. Chernikov    ipfw_obj_tentry *tent)
9f7d47b0SAlexander V. Chernikov{
68394ec8SAlexander V. Chernikov	struct ifentry *ife;
9f7d47b0SAlexander V. Chernikov
68394ec8SAlexander V. Chernikov	ife = (struct ifentry *)e;
68394ec8SAlexander V. Chernikov
81d3153dSAlexander V. Chernikov	tent->masklen = 8 * IF_NAMESIZE;
68394ec8SAlexander V. Chernikov	memcpy(&tent->k, ife->no.name, IF_NAMESIZE);
0cba2b28SAlexander V. Chernikov	tent->v.kidx = ife->value;
9f7d47b0SAlexander V. Chernikov
9f7d47b0SAlexander V. Chernikov	return (0);
9f7d47b0SAlexander V. Chernikov}
9f7d47b0SAlexander V. Chernikov
81d3153dSAlexander V. Chernikovstatic int
914bffb6SAlexander V. Chernikovta_find_ifidx_tentry(void *ta_state, struct table_info *ti,
914bffb6SAlexander V. Chernikov    ipfw_obj_tentry *tent)
81d3153dSAlexander V. Chernikov{
68394ec8SAlexander V. Chernikov	struct iftable_cfg *icfg;
68394ec8SAlexander V. Chernikov	struct ifentry *ife;
68394ec8SAlexander V. Chernikov	char *ifname;
81d3153dSAlexander V. Chernikov
68394ec8SAlexander V. Chernikov	icfg = (struct iftable_cfg *)ta_state;
914bffb6SAlexander V. Chernikov	ifname = tent->k.iface;
81d3153dSAlexander V. Chernikov
68394ec8SAlexander V. Chernikov	if (strnlen(ifname, IF_NAMESIZE) == IF_NAMESIZE)
68394ec8SAlexander V. Chernikov		return (EINVAL);
81d3153dSAlexander V. Chernikov
68394ec8SAlexander V. Chernikov	ife = (struct ifentry *)ipfw_objhash_lookup_name(icfg->ii, 0, ifname);
68394ec8SAlexander V. Chernikov
68394ec8SAlexander V. Chernikov	if (ife != NULL) {
68394ec8SAlexander V. Chernikov		ta_dump_ifidx_tentry(ta_state, ti, ife, tent);
81d3153dSAlexander V. Chernikov		return (0);
81d3153dSAlexander V. Chernikov	}
81d3153dSAlexander V. Chernikov
81d3153dSAlexander V. Chernikov	return (ENOENT);
81d3153dSAlexander V. Chernikov}
81d3153dSAlexander V. Chernikov
68394ec8SAlexander V. Chernikovstruct wa_ifidx {
68394ec8SAlexander V. Chernikov	ta_foreach_f	*f;
68394ec8SAlexander V. Chernikov	void		*arg;
68394ec8SAlexander V. Chernikov};
68394ec8SAlexander V. Chernikov
b309f085SAndrey V. Elsukovstatic int
68394ec8SAlexander V. Chernikovforeach_ifidx(struct namedobj_instance *ii, struct named_object *no,
9f7d47b0SAlexander V. Chernikov    void *arg)
9f7d47b0SAlexander V. Chernikov{
68394ec8SAlexander V. Chernikov	struct ifentry *ife;
68394ec8SAlexander V. Chernikov	struct wa_ifidx *wa;
9f7d47b0SAlexander V. Chernikov
68394ec8SAlexander V. Chernikov	ife = (struct ifentry *)no;
68394ec8SAlexander V. Chernikov	wa = (struct wa_ifidx *)arg;
68394ec8SAlexander V. Chernikov
68394ec8SAlexander V. Chernikov	wa->f(ife, wa->arg);
b309f085SAndrey V. Elsukov	return (0);
9f7d47b0SAlexander V. Chernikov}
9f7d47b0SAlexander V. Chernikov
68394ec8SAlexander V. Chernikovstatic void
68394ec8SAlexander V. Chernikovta_foreach_ifidx(void *ta_state, struct table_info *ti, ta_foreach_f *f,
68394ec8SAlexander V. Chernikov    void *arg)
68394ec8SAlexander V. Chernikov{
68394ec8SAlexander V. Chernikov	struct iftable_cfg *icfg;
68394ec8SAlexander V. Chernikov	struct wa_ifidx wa;
68394ec8SAlexander V. Chernikov
68394ec8SAlexander V. Chernikov	icfg = (struct iftable_cfg *)ta_state;
68394ec8SAlexander V. Chernikov
68394ec8SAlexander V. Chernikov	wa.f = f;
68394ec8SAlexander V. Chernikov	wa.arg = arg;
68394ec8SAlexander V. Chernikov
68394ec8SAlexander V. Chernikov	ipfw_objhash_foreach(icfg->ii, foreach_ifidx, &wa);
68394ec8SAlexander V. Chernikov}
68394ec8SAlexander V. Chernikov
74b941f0SAlexander V. Chernikovstruct table_algo iface_idx = {
adea6201SAlexander V. Chernikov	.name		= "iface:array",
9d099b4fSAlexander V. Chernikov	.type		= IPFW_TABLE_INTERFACE,
57a1cf95SAlexander V. Chernikov	.flags		= TA_FLAG_DEFAULT,
57a1cf95SAlexander V. Chernikov	.ta_buf_size	= sizeof(struct ta_buf_ifidx),
68394ec8SAlexander V. Chernikov	.init		= ta_init_ifidx,
68394ec8SAlexander V. Chernikov	.destroy	= ta_destroy_ifidx,
68394ec8SAlexander V. Chernikov	.prepare_add	= ta_prepare_add_ifidx,
68394ec8SAlexander V. Chernikov	.prepare_del	= ta_prepare_del_ifidx,
68394ec8SAlexander V. Chernikov	.add		= ta_add_ifidx,
68394ec8SAlexander V. Chernikov	.del		= ta_del_ifidx,
68394ec8SAlexander V. Chernikov	.flush_entry	= ta_flush_ifidx_entry,
68394ec8SAlexander V. Chernikov	.foreach	= ta_foreach_ifidx,
68394ec8SAlexander V. Chernikov	.dump_tentry	= ta_dump_ifidx_tentry,
68394ec8SAlexander V. Chernikov	.find_tentry	= ta_find_ifidx_tentry,
5f379342SAlexander V. Chernikov	.dump_tinfo	= ta_dump_ifidx_tinfo,
301290bcSAlexander V. Chernikov	.need_modify	= ta_need_modify_ifidx,
68394ec8SAlexander V. Chernikov	.prepare_mod	= ta_prepare_mod_ifidx,
68394ec8SAlexander V. Chernikov	.fill_mod	= ta_fill_mod_ifidx,
68394ec8SAlexander V. Chernikov	.modify		= ta_modify_ifidx,
68394ec8SAlexander V. Chernikov	.flush_mod	= ta_flush_mod_ifidx,
68394ec8SAlexander V. Chernikov	.change_ti	= ta_change_ti_ifidx,
9f7d47b0SAlexander V. Chernikov};
9f7d47b0SAlexander V. Chernikov
b23d5de9SAlexander V. Chernikov/*
b23d5de9SAlexander V. Chernikov * Number array cmds.
b23d5de9SAlexander V. Chernikov *
b23d5de9SAlexander V. Chernikov * Implementation:
b23d5de9SAlexander V. Chernikov *
b23d5de9SAlexander V. Chernikov * Runtime part:
b23d5de9SAlexander V. Chernikov * - sorted array of "struct numarray" pointed by ti->state.
b23d5de9SAlexander V. Chernikov *   Array is allocated with rounding up to NUMARRAY_CHUNK.
b23d5de9SAlexander V. Chernikov * - current array size is stored in ti->data
b23d5de9SAlexander V. Chernikov *
b23d5de9SAlexander V. Chernikov */
b23d5de9SAlexander V. Chernikov
b23d5de9SAlexander V. Chernikovstruct numarray {
b23d5de9SAlexander V. Chernikov	uint32_t	number;
b23d5de9SAlexander V. Chernikov	uint32_t	value;
b23d5de9SAlexander V. Chernikov};
b23d5de9SAlexander V. Chernikov
b23d5de9SAlexander V. Chernikovstruct numarray_cfg {
b23d5de9SAlexander V. Chernikov	void	*main_ptr;
b23d5de9SAlexander V. Chernikov	size_t	size;	/* Number of items allocated in array */
b23d5de9SAlexander V. Chernikov	size_t	used;	/* Number of items _active_ now */
b23d5de9SAlexander V. Chernikov};
b23d5de9SAlexander V. Chernikov
0bce0c23SAlexander V. Chernikovstruct ta_buf_numarray
0bce0c23SAlexander V. Chernikov{
0bce0c23SAlexander V. Chernikov	struct numarray na;
0bce0c23SAlexander V. Chernikov};
b23d5de9SAlexander V. Chernikov
b23d5de9SAlexander V. Chernikovint compare_numarray(const void *k, const void *v);
9fe15d06SAlexander V. Chernikovstatic struct numarray *numarray_find(struct table_info *ti, void *key);
9fe15d06SAlexander V. Chernikovstatic int ta_lookup_numarray(struct table_info *ti, void *key,
9fe15d06SAlexander V. Chernikov    uint32_t keylen, uint32_t *val);
9fe15d06SAlexander V. Chernikovstatic int ta_init_numarray(struct ip_fw_chain *ch, void **ta_state,
9fe15d06SAlexander V. Chernikov    struct table_info *ti, char *data, uint8_t tflags);
9fe15d06SAlexander V. Chernikovstatic void ta_destroy_numarray(void *ta_state, struct table_info *ti);
9fe15d06SAlexander V. Chernikovstatic void ta_dump_numarray_tinfo(void *ta_state, struct table_info *ti,
9fe15d06SAlexander V. Chernikov    ipfw_ta_tinfo *tinfo);
9fe15d06SAlexander V. Chernikovstatic int ta_prepare_add_numarray(struct ip_fw_chain *ch,
9fe15d06SAlexander V. Chernikov    struct tentry_info *tei, void *ta_buf);
9fe15d06SAlexander V. Chernikovstatic int ta_add_numarray(void *ta_state, struct table_info *ti,
9fe15d06SAlexander V. Chernikov    struct tentry_info *tei, void *ta_buf, uint32_t *pnum);
9fe15d06SAlexander V. Chernikovstatic int ta_del_numarray(void *ta_state, struct table_info *ti,
9fe15d06SAlexander V. Chernikov    struct tentry_info *tei, void *ta_buf, uint32_t *pnum);
9fe15d06SAlexander V. Chernikovstatic void ta_flush_numarray_entry(struct ip_fw_chain *ch,
9fe15d06SAlexander V. Chernikov    struct tentry_info *tei, void *ta_buf);
9fe15d06SAlexander V. Chernikovstatic int ta_need_modify_numarray(void *ta_state, struct table_info *ti,
9fe15d06SAlexander V. Chernikov    uint32_t count, uint64_t *pflags);
9fe15d06SAlexander V. Chernikovstatic int ta_prepare_mod_numarray(void *ta_buf, uint64_t *pflags);
9fe15d06SAlexander V. Chernikovstatic int ta_fill_mod_numarray(void *ta_state, struct table_info *ti,
9fe15d06SAlexander V. Chernikov    void *ta_buf, uint64_t *pflags);
9fe15d06SAlexander V. Chernikovstatic void ta_modify_numarray(void *ta_state, struct table_info *ti,
9fe15d06SAlexander V. Chernikov    void *ta_buf, uint64_t pflags);
9fe15d06SAlexander V. Chernikovstatic void ta_flush_mod_numarray(void *ta_buf);
9fe15d06SAlexander V. Chernikovstatic int ta_dump_numarray_tentry(void *ta_state, struct table_info *ti,
9fe15d06SAlexander V. Chernikov    void *e, ipfw_obj_tentry *tent);
9fe15d06SAlexander V. Chernikovstatic int ta_find_numarray_tentry(void *ta_state, struct table_info *ti,
9fe15d06SAlexander V. Chernikov    ipfw_obj_tentry *tent);
9fe15d06SAlexander V. Chernikovstatic void ta_foreach_numarray(void *ta_state, struct table_info *ti,
9fe15d06SAlexander V. Chernikov    ta_foreach_f *f, void *arg);
b23d5de9SAlexander V. Chernikov
b23d5de9SAlexander V. Chernikovint
b23d5de9SAlexander V. Chernikovcompare_numarray(const void *k, const void *v)
b23d5de9SAlexander V. Chernikov{
d4e1b515SAlexander V. Chernikov	const struct numarray *na;
b23d5de9SAlexander V. Chernikov	uint32_t key;
b23d5de9SAlexander V. Chernikov
d4e1b515SAlexander V. Chernikov	key = *((const uint32_t *)k);
d4e1b515SAlexander V. Chernikov	na = (const struct numarray *)v;
b23d5de9SAlexander V. Chernikov
b23d5de9SAlexander V. Chernikov	if (key < na->number)
b23d5de9SAlexander V. Chernikov		return (-1);
b23d5de9SAlexander V. Chernikov	else if (key > na->number)
b23d5de9SAlexander V. Chernikov		return (1);
b23d5de9SAlexander V. Chernikov
b23d5de9SAlexander V. Chernikov	return (0);
b23d5de9SAlexander V. Chernikov}
b23d5de9SAlexander V. Chernikov
b23d5de9SAlexander V. Chernikovstatic struct numarray *
b23d5de9SAlexander V. Chernikovnumarray_find(struct table_info *ti, void *key)
b23d5de9SAlexander V. Chernikov{
b23d5de9SAlexander V. Chernikov	struct numarray *ri;
b23d5de9SAlexander V. Chernikov
b23d5de9SAlexander V. Chernikov	ri = bsearch(key, ti->state, ti->data, sizeof(struct numarray),
194df014SAndrey V. Elsukov	    compare_numarray);
b23d5de9SAlexander V. Chernikov
b23d5de9SAlexander V. Chernikov	return (ri);
b23d5de9SAlexander V. Chernikov}
b23d5de9SAlexander V. Chernikov
b23d5de9SAlexander V. Chernikovstatic int
b23d5de9SAlexander V. Chernikovta_lookup_numarray(struct table_info *ti, void *key, uint32_t keylen,
b23d5de9SAlexander V. Chernikov    uint32_t *val)
b23d5de9SAlexander V. Chernikov{
b23d5de9SAlexander V. Chernikov	struct numarray *ri;
b23d5de9SAlexander V. Chernikov
b23d5de9SAlexander V. Chernikov	ri = numarray_find(ti, key);
b23d5de9SAlexander V. Chernikov
b23d5de9SAlexander V. Chernikov	if (ri != NULL) {
b23d5de9SAlexander V. Chernikov		*val = ri->value;
b23d5de9SAlexander V. Chernikov		return (1);
b23d5de9SAlexander V. Chernikov	}
b23d5de9SAlexander V. Chernikov
b23d5de9SAlexander V. Chernikov	return (0);
b23d5de9SAlexander V. Chernikov}
b23d5de9SAlexander V. Chernikov
b23d5de9SAlexander V. Chernikovstatic int
b23d5de9SAlexander V. Chernikovta_init_numarray(struct ip_fw_chain *ch, void **ta_state, struct table_info *ti,
914bffb6SAlexander V. Chernikov    char *data, uint8_t tflags)
b23d5de9SAlexander V. Chernikov{
b23d5de9SAlexander V. Chernikov	struct numarray_cfg *cfg;
b23d5de9SAlexander V. Chernikov
b23d5de9SAlexander V. Chernikov	cfg = malloc(sizeof(*cfg), M_IPFW, M_WAITOK | M_ZERO);
b23d5de9SAlexander V. Chernikov
0bce0c23SAlexander V. Chernikov	cfg->size = 16;
b23d5de9SAlexander V. Chernikov	cfg->main_ptr = malloc(sizeof(struct numarray) * cfg->size, M_IPFW,
b23d5de9SAlexander V. Chernikov	    M_WAITOK | M_ZERO);
b23d5de9SAlexander V. Chernikov
b23d5de9SAlexander V. Chernikov	*ta_state = cfg;
b23d5de9SAlexander V. Chernikov	ti->state = cfg->main_ptr;
b23d5de9SAlexander V. Chernikov	ti->lookup = ta_lookup_numarray;
b23d5de9SAlexander V. Chernikov
b23d5de9SAlexander V. Chernikov	return (0);
b23d5de9SAlexander V. Chernikov}
b23d5de9SAlexander V. Chernikov
b23d5de9SAlexander V. Chernikov/*
b23d5de9SAlexander V. Chernikov * Destroys table @ti
b23d5de9SAlexander V. Chernikov */
b23d5de9SAlexander V. Chernikovstatic void
b23d5de9SAlexander V. Chernikovta_destroy_numarray(void *ta_state, struct table_info *ti)
b23d5de9SAlexander V. Chernikov{
b23d5de9SAlexander V. Chernikov	struct numarray_cfg *cfg;
b23d5de9SAlexander V. Chernikov
b23d5de9SAlexander V. Chernikov	cfg = (struct numarray_cfg *)ta_state;
b23d5de9SAlexander V. Chernikov
b23d5de9SAlexander V. Chernikov	if (cfg->main_ptr != NULL)
b23d5de9SAlexander V. Chernikov		free(cfg->main_ptr, M_IPFW);
b23d5de9SAlexander V. Chernikov
b23d5de9SAlexander V. Chernikov	free(cfg, M_IPFW);
b23d5de9SAlexander V. Chernikov}
b23d5de9SAlexander V. Chernikov
b23d5de9SAlexander V. Chernikov/*
5f379342SAlexander V. Chernikov * Provide algo-specific table info
5f379342SAlexander V. Chernikov */
5f379342SAlexander V. Chernikovstatic void
5f379342SAlexander V. Chernikovta_dump_numarray_tinfo(void *ta_state, struct table_info *ti, ipfw_ta_tinfo *tinfo)
5f379342SAlexander V. Chernikov{
5f379342SAlexander V. Chernikov	struct numarray_cfg *cfg;
5f379342SAlexander V. Chernikov
5f379342SAlexander V. Chernikov	cfg = (struct numarray_cfg *)ta_state;
5f379342SAlexander V. Chernikov
5f379342SAlexander V. Chernikov	tinfo->taclass4 = IPFW_TACLASS_ARRAY;
5f379342SAlexander V. Chernikov	tinfo->size4 = cfg->size;
5f379342SAlexander V. Chernikov	tinfo->count4 = cfg->used;
5f379342SAlexander V. Chernikov	tinfo->itemsize4 = sizeof(struct numarray);
5f379342SAlexander V. Chernikov}
5f379342SAlexander V. Chernikov
5f379342SAlexander V. Chernikov/*
b23d5de9SAlexander V. Chernikov * Prepare for addition/deletion to an array.
b23d5de9SAlexander V. Chernikov */
b23d5de9SAlexander V. Chernikovstatic int
b23d5de9SAlexander V. Chernikovta_prepare_add_numarray(struct ip_fw_chain *ch, struct tentry_info *tei,
b23d5de9SAlexander V. Chernikov    void *ta_buf)
b23d5de9SAlexander V. Chernikov{
b23d5de9SAlexander V. Chernikov	struct ta_buf_numarray *tb;
b23d5de9SAlexander V. Chernikov
b23d5de9SAlexander V. Chernikov	tb = (struct ta_buf_numarray *)ta_buf;
b23d5de9SAlexander V. Chernikov
b23d5de9SAlexander V. Chernikov	tb->na.number = *((uint32_t *)tei->paddr);
b23d5de9SAlexander V. Chernikov
b23d5de9SAlexander V. Chernikov	return (0);
b23d5de9SAlexander V. Chernikov}
b23d5de9SAlexander V. Chernikov
b23d5de9SAlexander V. Chernikovstatic int
b23d5de9SAlexander V. Chernikovta_add_numarray(void *ta_state, struct table_info *ti, struct tentry_info *tei,
b6ee846eSAlexander V. Chernikov    void *ta_buf, uint32_t *pnum)
b23d5de9SAlexander V. Chernikov{
b23d5de9SAlexander V. Chernikov	struct numarray_cfg *cfg;
b23d5de9SAlexander V. Chernikov	struct ta_buf_numarray *tb;
b23d5de9SAlexander V. Chernikov	struct numarray *ri;
60a28b09SMateusz Guzik	int res __diagused;
648e8380SAlexander V. Chernikov	uint32_t value;
b23d5de9SAlexander V. Chernikov
b23d5de9SAlexander V. Chernikov	tb = (struct ta_buf_numarray *)ta_buf;
b23d5de9SAlexander V. Chernikov	cfg = (struct numarray_cfg *)ta_state;
b23d5de9SAlexander V. Chernikov
13263632SAlexander V. Chernikov	/* Read current value from @tei */
13263632SAlexander V. Chernikov	tb->na.value = tei->value;
13263632SAlexander V. Chernikov
b23d5de9SAlexander V. Chernikov	ri = numarray_find(ti, &tb->na.number);
b23d5de9SAlexander V. Chernikov
b23d5de9SAlexander V. Chernikov	if (ri != NULL) {
b23d5de9SAlexander V. Chernikov		if ((tei->flags & TEI_FLAGS_UPDATE) == 0)
b23d5de9SAlexander V. Chernikov			return (EEXIST);
b23d5de9SAlexander V. Chernikov
648e8380SAlexander V. Chernikov		/* Exchange values between ri and @tei */
648e8380SAlexander V. Chernikov		value = ri->value;
648e8380SAlexander V. Chernikov		ri->value = tei->value;
648e8380SAlexander V. Chernikov		tei->value = value;
b23d5de9SAlexander V. Chernikov		/* Indicate that update has happened instead of addition */
b23d5de9SAlexander V. Chernikov		tei->flags |= TEI_FLAGS_UPDATED;
b23d5de9SAlexander V. Chernikov		*pnum = 0;
b23d5de9SAlexander V. Chernikov		return (0);
b23d5de9SAlexander V. Chernikov	}
b23d5de9SAlexander V. Chernikov
4c0c07a5SAlexander V. Chernikov	if ((tei->flags & TEI_FLAGS_DONTADD) != 0)
4c0c07a5SAlexander V. Chernikov		return (EFBIG);
4c0c07a5SAlexander V. Chernikov
b23d5de9SAlexander V. Chernikov	res = badd(&tb->na.number, &tb->na, cfg->main_ptr, cfg->used,
b23d5de9SAlexander V. Chernikov	    sizeof(struct numarray), compare_numarray);
b23d5de9SAlexander V. Chernikov
b23d5de9SAlexander V. Chernikov	KASSERT(res == 1, ("number %d already exists", tb->na.number));
b23d5de9SAlexander V. Chernikov	cfg->used++;
b23d5de9SAlexander V. Chernikov	ti->data = cfg->used;
b23d5de9SAlexander V. Chernikov	*pnum = 1;
b23d5de9SAlexander V. Chernikov
b23d5de9SAlexander V. Chernikov	return (0);
b23d5de9SAlexander V. Chernikov}
b23d5de9SAlexander V. Chernikov
b23d5de9SAlexander V. Chernikov/*
b23d5de9SAlexander V. Chernikov * Remove key from both configuration list and
b23d5de9SAlexander V. Chernikov * runtime array. Removed interface notification.
b23d5de9SAlexander V. Chernikov */
b23d5de9SAlexander V. Chernikovstatic int
b23d5de9SAlexander V. Chernikovta_del_numarray(void *ta_state, struct table_info *ti, struct tentry_info *tei,
b6ee846eSAlexander V. Chernikov    void *ta_buf, uint32_t *pnum)
b23d5de9SAlexander V. Chernikov{
b23d5de9SAlexander V. Chernikov	struct numarray_cfg *cfg;
b23d5de9SAlexander V. Chernikov	struct ta_buf_numarray *tb;
b23d5de9SAlexander V. Chernikov	struct numarray *ri;
60a28b09SMateusz Guzik	int res __diagused;
b23d5de9SAlexander V. Chernikov
b23d5de9SAlexander V. Chernikov	tb = (struct ta_buf_numarray *)ta_buf;
b23d5de9SAlexander V. Chernikov	cfg = (struct numarray_cfg *)ta_state;
b23d5de9SAlexander V. Chernikov
b23d5de9SAlexander V. Chernikov	ri = numarray_find(ti, &tb->na.number);
b23d5de9SAlexander V. Chernikov	if (ri == NULL)
b23d5de9SAlexander V. Chernikov		return (ENOENT);
b23d5de9SAlexander V. Chernikov
648e8380SAlexander V. Chernikov	tei->value = ri->value;
648e8380SAlexander V. Chernikov
b23d5de9SAlexander V. Chernikov	res = bdel(&tb->na.number, cfg->main_ptr, cfg->used,
b23d5de9SAlexander V. Chernikov	    sizeof(struct numarray), compare_numarray);
b23d5de9SAlexander V. Chernikov
b23d5de9SAlexander V. Chernikov	KASSERT(res == 1, ("number %u does not exist", tb->na.number));
b23d5de9SAlexander V. Chernikov	cfg->used--;
b23d5de9SAlexander V. Chernikov	ti->data = cfg->used;
b23d5de9SAlexander V. Chernikov	*pnum = 1;
b23d5de9SAlexander V. Chernikov
b23d5de9SAlexander V. Chernikov	return (0);
b23d5de9SAlexander V. Chernikov}
b23d5de9SAlexander V. Chernikov
b23d5de9SAlexander V. Chernikovstatic void
b23d5de9SAlexander V. Chernikovta_flush_numarray_entry(struct ip_fw_chain *ch, struct tentry_info *tei,
b23d5de9SAlexander V. Chernikov    void *ta_buf)
b23d5de9SAlexander V. Chernikov{
b23d5de9SAlexander V. Chernikov
0bce0c23SAlexander V. Chernikov	/* We don't have any state, do nothing */
b23d5de9SAlexander V. Chernikov}
b23d5de9SAlexander V. Chernikov
b23d5de9SAlexander V. Chernikov/*
b23d5de9SAlexander V. Chernikov * Table growing callbacks.
b23d5de9SAlexander V. Chernikov */
b23d5de9SAlexander V. Chernikov
b6ee846eSAlexander V. Chernikovstatic int
301290bcSAlexander V. Chernikovta_need_modify_numarray(void *ta_state, struct table_info *ti, uint32_t count,
b6ee846eSAlexander V. Chernikov    uint64_t *pflags)
b6ee846eSAlexander V. Chernikov{
b6ee846eSAlexander V. Chernikov	struct numarray_cfg *cfg;
0bce0c23SAlexander V. Chernikov	size_t size;
b6ee846eSAlexander V. Chernikov
b6ee846eSAlexander V. Chernikov	cfg = (struct numarray_cfg *)ta_state;
b6ee846eSAlexander V. Chernikov
0bce0c23SAlexander V. Chernikov	size = cfg->size;
0bce0c23SAlexander V. Chernikov	while (size < cfg->used + count)
0bce0c23SAlexander V. Chernikov		size *= 2;
0bce0c23SAlexander V. Chernikov
0bce0c23SAlexander V. Chernikov	if (size != cfg->size) {
0bce0c23SAlexander V. Chernikov		*pflags = size;
301290bcSAlexander V. Chernikov		return (1);
b6ee846eSAlexander V. Chernikov	}
b6ee846eSAlexander V. Chernikov
301290bcSAlexander V. Chernikov	return (0);
b6ee846eSAlexander V. Chernikov}
b6ee846eSAlexander V. Chernikov
b23d5de9SAlexander V. Chernikov/*
b6ee846eSAlexander V. Chernikov * Allocate new, larger runtime array.
b23d5de9SAlexander V. Chernikov */
b23d5de9SAlexander V. Chernikovstatic int
b23d5de9SAlexander V. Chernikovta_prepare_mod_numarray(void *ta_buf, uint64_t *pflags)
b23d5de9SAlexander V. Chernikov{
b23d5de9SAlexander V. Chernikov	struct mod_item *mi;
b23d5de9SAlexander V. Chernikov
b23d5de9SAlexander V. Chernikov	mi = (struct mod_item *)ta_buf;
b23d5de9SAlexander V. Chernikov
b23d5de9SAlexander V. Chernikov	memset(mi, 0, sizeof(struct mod_item));
b23d5de9SAlexander V. Chernikov	mi->size = *pflags;
b23d5de9SAlexander V. Chernikov	mi->main_ptr = malloc(sizeof(struct numarray) * mi->size, M_IPFW,
b23d5de9SAlexander V. Chernikov	    M_WAITOK | M_ZERO);
b23d5de9SAlexander V. Chernikov
b23d5de9SAlexander V. Chernikov	return (0);
b23d5de9SAlexander V. Chernikov}
b23d5de9SAlexander V. Chernikov
b23d5de9SAlexander V. Chernikov/*
b23d5de9SAlexander V. Chernikov * Copy data from old runtime array to new one.
b23d5de9SAlexander V. Chernikov */
b23d5de9SAlexander V. Chernikovstatic int
b23d5de9SAlexander V. Chernikovta_fill_mod_numarray(void *ta_state, struct table_info *ti, void *ta_buf,
b23d5de9SAlexander V. Chernikov    uint64_t *pflags)
b23d5de9SAlexander V. Chernikov{
b23d5de9SAlexander V. Chernikov	struct mod_item *mi;
b23d5de9SAlexander V. Chernikov	struct numarray_cfg *cfg;
b23d5de9SAlexander V. Chernikov
b23d5de9SAlexander V. Chernikov	mi = (struct mod_item *)ta_buf;
b23d5de9SAlexander V. Chernikov	cfg = (struct numarray_cfg *)ta_state;
b23d5de9SAlexander V. Chernikov
b23d5de9SAlexander V. Chernikov	/* Check if we still need to grow array */
b23d5de9SAlexander V. Chernikov	if (cfg->size >= mi->size) {
b23d5de9SAlexander V. Chernikov		*pflags = 0;
b23d5de9SAlexander V. Chernikov		return (0);
b23d5de9SAlexander V. Chernikov	}
b23d5de9SAlexander V. Chernikov
b23d5de9SAlexander V. Chernikov	memcpy(mi->main_ptr, cfg->main_ptr, cfg->used * sizeof(struct numarray));
b23d5de9SAlexander V. Chernikov
b23d5de9SAlexander V. Chernikov	return (0);
b23d5de9SAlexander V. Chernikov}
b23d5de9SAlexander V. Chernikov
b23d5de9SAlexander V. Chernikov/*
b23d5de9SAlexander V. Chernikov * Switch old & new arrays.
b23d5de9SAlexander V. Chernikov */
301290bcSAlexander V. Chernikovstatic void
b23d5de9SAlexander V. Chernikovta_modify_numarray(void *ta_state, struct table_info *ti, void *ta_buf,
b23d5de9SAlexander V. Chernikov    uint64_t pflags)
b23d5de9SAlexander V. Chernikov{
b23d5de9SAlexander V. Chernikov	struct mod_item *mi;
b23d5de9SAlexander V. Chernikov	struct numarray_cfg *cfg;
b23d5de9SAlexander V. Chernikov	void *old_ptr;
b23d5de9SAlexander V. Chernikov
b23d5de9SAlexander V. Chernikov	mi = (struct mod_item *)ta_buf;
b23d5de9SAlexander V. Chernikov	cfg = (struct numarray_cfg *)ta_state;
b23d5de9SAlexander V. Chernikov
b23d5de9SAlexander V. Chernikov	old_ptr = cfg->main_ptr;
b23d5de9SAlexander V. Chernikov	cfg->main_ptr = mi->main_ptr;
b23d5de9SAlexander V. Chernikov	cfg->size = mi->size;
b23d5de9SAlexander V. Chernikov	ti->state = cfg->main_ptr;
b23d5de9SAlexander V. Chernikov
b23d5de9SAlexander V. Chernikov	mi->main_ptr = old_ptr;
b23d5de9SAlexander V. Chernikov}
b23d5de9SAlexander V. Chernikov
b23d5de9SAlexander V. Chernikov/*
b23d5de9SAlexander V. Chernikov * Free unneded array.
b23d5de9SAlexander V. Chernikov */
b23d5de9SAlexander V. Chernikovstatic void
b23d5de9SAlexander V. Chernikovta_flush_mod_numarray(void *ta_buf)
b23d5de9SAlexander V. Chernikov{
b23d5de9SAlexander V. Chernikov	struct mod_item *mi;
b23d5de9SAlexander V. Chernikov
b23d5de9SAlexander V. Chernikov	mi = (struct mod_item *)ta_buf;
b23d5de9SAlexander V. Chernikov	if (mi->main_ptr != NULL)
b23d5de9SAlexander V. Chernikov		free(mi->main_ptr, M_IPFW);
b23d5de9SAlexander V. Chernikov}
b23d5de9SAlexander V. Chernikov
b23d5de9SAlexander V. Chernikovstatic int
b23d5de9SAlexander V. Chernikovta_dump_numarray_tentry(void *ta_state, struct table_info *ti, void *e,
b23d5de9SAlexander V. Chernikov    ipfw_obj_tentry *tent)
b23d5de9SAlexander V. Chernikov{
b23d5de9SAlexander V. Chernikov	struct numarray *na;
b23d5de9SAlexander V. Chernikov
b23d5de9SAlexander V. Chernikov	na = (struct numarray *)e;
b23d5de9SAlexander V. Chernikov
b23d5de9SAlexander V. Chernikov	tent->k.key = na->number;
0cba2b28SAlexander V. Chernikov	tent->v.kidx = na->value;
b23d5de9SAlexander V. Chernikov
b23d5de9SAlexander V. Chernikov	return (0);
b23d5de9SAlexander V. Chernikov}
b23d5de9SAlexander V. Chernikov
b23d5de9SAlexander V. Chernikovstatic int
914bffb6SAlexander V. Chernikovta_find_numarray_tentry(void *ta_state, struct table_info *ti,
914bffb6SAlexander V. Chernikov    ipfw_obj_tentry *tent)
b23d5de9SAlexander V. Chernikov{
b23d5de9SAlexander V. Chernikov	struct numarray *ri;
b23d5de9SAlexander V. Chernikov
914bffb6SAlexander V. Chernikov	ri = numarray_find(ti, &tent->k.key);
b23d5de9SAlexander V. Chernikov
b23d5de9SAlexander V. Chernikov	if (ri != NULL) {
b23d5de9SAlexander V. Chernikov		ta_dump_numarray_tentry(ta_state, ti, ri, tent);
b23d5de9SAlexander V. Chernikov		return (0);
b23d5de9SAlexander V. Chernikov	}
b23d5de9SAlexander V. Chernikov
b23d5de9SAlexander V. Chernikov	return (ENOENT);
b23d5de9SAlexander V. Chernikov}
b23d5de9SAlexander V. Chernikov
b23d5de9SAlexander V. Chernikovstatic void
b23d5de9SAlexander V. Chernikovta_foreach_numarray(void *ta_state, struct table_info *ti, ta_foreach_f *f,
b23d5de9SAlexander V. Chernikov    void *arg)
b23d5de9SAlexander V. Chernikov{
b23d5de9SAlexander V. Chernikov	struct numarray_cfg *cfg;
b23d5de9SAlexander V. Chernikov	struct numarray *array;
b23d5de9SAlexander V. Chernikov	int i;
b23d5de9SAlexander V. Chernikov
b23d5de9SAlexander V. Chernikov	cfg = (struct numarray_cfg *)ta_state;
b23d5de9SAlexander V. Chernikov	array = cfg->main_ptr;
b23d5de9SAlexander V. Chernikov
b23d5de9SAlexander V. Chernikov	for (i = 0; i < cfg->used; i++)
b23d5de9SAlexander V. Chernikov		f(&array[i], arg);
b23d5de9SAlexander V. Chernikov}
b23d5de9SAlexander V. Chernikov
b23d5de9SAlexander V. Chernikovstruct table_algo number_array = {
b23d5de9SAlexander V. Chernikov	.name		= "number:array",
b23d5de9SAlexander V. Chernikov	.type		= IPFW_TABLE_NUMBER,
57a1cf95SAlexander V. Chernikov	.ta_buf_size	= sizeof(struct ta_buf_numarray),
b23d5de9SAlexander V. Chernikov	.init		= ta_init_numarray,
b23d5de9SAlexander V. Chernikov	.destroy	= ta_destroy_numarray,
b23d5de9SAlexander V. Chernikov	.prepare_add	= ta_prepare_add_numarray,
b23d5de9SAlexander V. Chernikov	.prepare_del	= ta_prepare_add_numarray,
b23d5de9SAlexander V. Chernikov	.add		= ta_add_numarray,
b23d5de9SAlexander V. Chernikov	.del		= ta_del_numarray,
b23d5de9SAlexander V. Chernikov	.flush_entry	= ta_flush_numarray_entry,
b23d5de9SAlexander V. Chernikov	.foreach	= ta_foreach_numarray,
b23d5de9SAlexander V. Chernikov	.dump_tentry	= ta_dump_numarray_tentry,
b23d5de9SAlexander V. Chernikov	.find_tentry	= ta_find_numarray_tentry,
5f379342SAlexander V. Chernikov	.dump_tinfo	= ta_dump_numarray_tinfo,
301290bcSAlexander V. Chernikov	.need_modify	= ta_need_modify_numarray,
b23d5de9SAlexander V. Chernikov	.prepare_mod	= ta_prepare_mod_numarray,
b23d5de9SAlexander V. Chernikov	.fill_mod	= ta_fill_mod_numarray,
b23d5de9SAlexander V. Chernikov	.modify		= ta_modify_numarray,
b23d5de9SAlexander V. Chernikov	.flush_mod	= ta_flush_mod_numarray,
b23d5de9SAlexander V. Chernikov};
b23d5de9SAlexander V. Chernikov
914bffb6SAlexander V. Chernikov/*
914bffb6SAlexander V. Chernikov * flow:hash cmds
914bffb6SAlexander V. Chernikov *
914bffb6SAlexander V. Chernikov *
914bffb6SAlexander V. Chernikov * ti->data:
914bffb6SAlexander V. Chernikov * [inv.mask4][inv.mask6][log2hsize4][log2hsize6]
914bffb6SAlexander V. Chernikov * [        8][        8[          8][         8]
914bffb6SAlexander V. Chernikov *
914bffb6SAlexander V. Chernikov * inv.mask4: 32 - mask
914bffb6SAlexander V. Chernikov * inv.mask6:
914bffb6SAlexander V. Chernikov * 1) _slow lookup: mask
914bffb6SAlexander V. Chernikov * 2) _aligned: (128 - mask) / 8
914bffb6SAlexander V. Chernikov * 3) _64: 8
914bffb6SAlexander V. Chernikov *
914bffb6SAlexander V. Chernikov *
914bffb6SAlexander V. Chernikov * pflags:
b6ee846eSAlexander V. Chernikov * [hsize4][hsize6]
b6ee846eSAlexander V. Chernikov * [    16][    16]
914bffb6SAlexander V. Chernikov */
914bffb6SAlexander V. Chernikov
914bffb6SAlexander V. Chernikovstruct fhashentry;
914bffb6SAlexander V. Chernikov
914bffb6SAlexander V. ChernikovSLIST_HEAD(fhashbhead, fhashentry);
914bffb6SAlexander V. Chernikov
914bffb6SAlexander V. Chernikovstruct fhashentry {
914bffb6SAlexander V. Chernikov	SLIST_ENTRY(fhashentry)	next;
914bffb6SAlexander V. Chernikov	uint8_t		af;
914bffb6SAlexander V. Chernikov	uint8_t		proto;
914bffb6SAlexander V. Chernikov	uint16_t	spare0;
914bffb6SAlexander V. Chernikov	uint16_t	dport;
914bffb6SAlexander V. Chernikov	uint16_t	sport;
914bffb6SAlexander V. Chernikov	uint32_t	value;
914bffb6SAlexander V. Chernikov	uint32_t	spare1;
914bffb6SAlexander V. Chernikov};
914bffb6SAlexander V. Chernikov
914bffb6SAlexander V. Chernikovstruct fhashentry4 {
914bffb6SAlexander V. Chernikov	struct fhashentry	e;
914bffb6SAlexander V. Chernikov	struct in_addr		dip;
914bffb6SAlexander V. Chernikov	struct in_addr		sip;
914bffb6SAlexander V. Chernikov};
914bffb6SAlexander V. Chernikov
914bffb6SAlexander V. Chernikovstruct fhashentry6 {
914bffb6SAlexander V. Chernikov	struct fhashentry	e;
914bffb6SAlexander V. Chernikov	struct in6_addr		dip6;
914bffb6SAlexander V. Chernikov	struct in6_addr		sip6;
914bffb6SAlexander V. Chernikov};
914bffb6SAlexander V. Chernikov
914bffb6SAlexander V. Chernikovstruct fhash_cfg {
914bffb6SAlexander V. Chernikov	struct fhashbhead	*head;
914bffb6SAlexander V. Chernikov	size_t			size;
914bffb6SAlexander V. Chernikov	size_t			items;
914bffb6SAlexander V. Chernikov	struct fhashentry4	fe4;
914bffb6SAlexander V. Chernikov	struct fhashentry6	fe6;
914bffb6SAlexander V. Chernikov};
914bffb6SAlexander V. Chernikov
3fe2ef91SAlexander V. Chernikovstruct ta_buf_fhash {
0bce0c23SAlexander V. Chernikov	void	*ent_ptr;
0bce0c23SAlexander V. Chernikov	struct fhashentry6 fe6;
0bce0c23SAlexander V. Chernikov};
0bce0c23SAlexander V. Chernikov
9fe15d06SAlexander V. Chernikovstatic __inline int cmp_flow_ent(struct fhashentry *a,
9fe15d06SAlexander V. Chernikov    struct fhashentry *b, size_t sz);
9fe15d06SAlexander V. Chernikovstatic __inline uint32_t hash_flow4(struct fhashentry4 *f, int hsize);
9fe15d06SAlexander V. Chernikovstatic __inline uint32_t hash_flow6(struct fhashentry6 *f, int hsize);
9fe15d06SAlexander V. Chernikovstatic uint32_t hash_flow_ent(struct fhashentry *ent, uint32_t size);
9fe15d06SAlexander V. Chernikovstatic int ta_lookup_fhash(struct table_info *ti, void *key, uint32_t keylen,
9fe15d06SAlexander V. Chernikov    uint32_t *val);
9fe15d06SAlexander V. Chernikovstatic int ta_init_fhash(struct ip_fw_chain *ch, void **ta_state,
9fe15d06SAlexander V. Chernikovstruct table_info *ti, char *data, uint8_t tflags);
9fe15d06SAlexander V. Chernikovstatic void ta_destroy_fhash(void *ta_state, struct table_info *ti);
9fe15d06SAlexander V. Chernikovstatic void ta_dump_fhash_tinfo(void *ta_state, struct table_info *ti,
9fe15d06SAlexander V. Chernikov    ipfw_ta_tinfo *tinfo);
9fe15d06SAlexander V. Chernikovstatic int ta_dump_fhash_tentry(void *ta_state, struct table_info *ti,
9fe15d06SAlexander V. Chernikov    void *e, ipfw_obj_tentry *tent);
9fe15d06SAlexander V. Chernikovstatic int tei_to_fhash_ent(struct tentry_info *tei, struct fhashentry *ent);
9fe15d06SAlexander V. Chernikovstatic int ta_find_fhash_tentry(void *ta_state, struct table_info *ti,
9fe15d06SAlexander V. Chernikov    ipfw_obj_tentry *tent);
9fe15d06SAlexander V. Chernikovstatic void ta_foreach_fhash(void *ta_state, struct table_info *ti,
9fe15d06SAlexander V. Chernikov    ta_foreach_f *f, void *arg);
9fe15d06SAlexander V. Chernikovstatic int ta_prepare_add_fhash(struct ip_fw_chain *ch,
9fe15d06SAlexander V. Chernikov    struct tentry_info *tei, void *ta_buf);
9fe15d06SAlexander V. Chernikovstatic int ta_add_fhash(void *ta_state, struct table_info *ti,
9fe15d06SAlexander V. Chernikov    struct tentry_info *tei, void *ta_buf, uint32_t *pnum);
9fe15d06SAlexander V. Chernikovstatic int ta_prepare_del_fhash(struct ip_fw_chain *ch, struct tentry_info *tei,
9fe15d06SAlexander V. Chernikov    void *ta_buf);
9fe15d06SAlexander V. Chernikovstatic int ta_del_fhash(void *ta_state, struct table_info *ti,
9fe15d06SAlexander V. Chernikov    struct tentry_info *tei, void *ta_buf, uint32_t *pnum);
9fe15d06SAlexander V. Chernikovstatic void ta_flush_fhash_entry(struct ip_fw_chain *ch, struct tentry_info *tei,
9fe15d06SAlexander V. Chernikov    void *ta_buf);
9fe15d06SAlexander V. Chernikovstatic int ta_need_modify_fhash(void *ta_state, struct table_info *ti,
9fe15d06SAlexander V. Chernikov    uint32_t count, uint64_t *pflags);
9fe15d06SAlexander V. Chernikovstatic int ta_prepare_mod_fhash(void *ta_buf, uint64_t *pflags);
9fe15d06SAlexander V. Chernikovstatic int ta_fill_mod_fhash(void *ta_state, struct table_info *ti,
9fe15d06SAlexander V. Chernikov    void *ta_buf, uint64_t *pflags);
9fe15d06SAlexander V. Chernikovstatic void ta_modify_fhash(void *ta_state, struct table_info *ti, void *ta_buf,
9fe15d06SAlexander V. Chernikov    uint64_t pflags);
9fe15d06SAlexander V. Chernikovstatic void ta_flush_mod_fhash(void *ta_buf);
9fe15d06SAlexander V. Chernikov
914bffb6SAlexander V. Chernikovstatic __inline int
914bffb6SAlexander V. Chernikovcmp_flow_ent(struct fhashentry *a, struct fhashentry *b, size_t sz)
914bffb6SAlexander V. Chernikov{
914bffb6SAlexander V. Chernikov	uint64_t *ka, *kb;
914bffb6SAlexander V. Chernikov
914bffb6SAlexander V. Chernikov	ka = (uint64_t *)(&a->next + 1);
914bffb6SAlexander V. Chernikov	kb = (uint64_t *)(&b->next + 1);
914bffb6SAlexander V. Chernikov
914bffb6SAlexander V. Chernikov	if (*ka == *kb && (memcmp(a + 1, b + 1, sz) == 0))
914bffb6SAlexander V. Chernikov		return (1);
914bffb6SAlexander V. Chernikov
914bffb6SAlexander V. Chernikov	return (0);
914bffb6SAlexander V. Chernikov}
914bffb6SAlexander V. Chernikov
914bffb6SAlexander V. Chernikovstatic __inline uint32_t
914bffb6SAlexander V. Chernikovhash_flow4(struct fhashentry4 *f, int hsize)
914bffb6SAlexander V. Chernikov{
914bffb6SAlexander V. Chernikov	uint32_t i;
914bffb6SAlexander V. Chernikov
914bffb6SAlexander V. Chernikov	i = (f->dip.s_addr) ^ (f->sip.s_addr) ^ (f->e.dport) ^ (f->e.sport);
914bffb6SAlexander V. Chernikov
914bffb6SAlexander V. Chernikov	return (i % (hsize - 1));
914bffb6SAlexander V. Chernikov}
914bffb6SAlexander V. Chernikov
914bffb6SAlexander V. Chernikovstatic __inline uint32_t
914bffb6SAlexander V. Chernikovhash_flow6(struct fhashentry6 *f, int hsize)
914bffb6SAlexander V. Chernikov{
914bffb6SAlexander V. Chernikov	uint32_t i;
914bffb6SAlexander V. Chernikov
914bffb6SAlexander V. Chernikov	i = (f->dip6.__u6_addr.__u6_addr32[2]) ^
914bffb6SAlexander V. Chernikov	    (f->dip6.__u6_addr.__u6_addr32[3]) ^
914bffb6SAlexander V. Chernikov	    (f->sip6.__u6_addr.__u6_addr32[2]) ^
914bffb6SAlexander V. Chernikov	    (f->sip6.__u6_addr.__u6_addr32[3]) ^
914bffb6SAlexander V. Chernikov	    (f->e.dport) ^ (f->e.sport);
914bffb6SAlexander V. Chernikov
914bffb6SAlexander V. Chernikov	return (i % (hsize - 1));
914bffb6SAlexander V. Chernikov}
914bffb6SAlexander V. Chernikov
914bffb6SAlexander V. Chernikovstatic uint32_t
914bffb6SAlexander V. Chernikovhash_flow_ent(struct fhashentry *ent, uint32_t size)
914bffb6SAlexander V. Chernikov{
914bffb6SAlexander V. Chernikov	uint32_t hash;
914bffb6SAlexander V. Chernikov
914bffb6SAlexander V. Chernikov	if (ent->af == AF_INET) {
914bffb6SAlexander V. Chernikov		hash = hash_flow4((struct fhashentry4 *)ent, size);
914bffb6SAlexander V. Chernikov	} else {
914bffb6SAlexander V. Chernikov		hash = hash_flow6((struct fhashentry6 *)ent, size);
914bffb6SAlexander V. Chernikov	}
914bffb6SAlexander V. Chernikov
914bffb6SAlexander V. Chernikov	return (hash);
914bffb6SAlexander V. Chernikov}
914bffb6SAlexander V. Chernikov
914bffb6SAlexander V. Chernikovstatic int
914bffb6SAlexander V. Chernikovta_lookup_fhash(struct table_info *ti, void *key, uint32_t keylen,
914bffb6SAlexander V. Chernikov    uint32_t *val)
914bffb6SAlexander V. Chernikov{
914bffb6SAlexander V. Chernikov	struct fhashbhead *head;
914bffb6SAlexander V. Chernikov	struct fhashentry *ent;
914bffb6SAlexander V. Chernikov	struct fhashentry4 *m4;
914bffb6SAlexander V. Chernikov	struct ipfw_flow_id *id;
*4a77657cSAndrey V. Elsukov	uint32_t hash, hsize;
914bffb6SAlexander V. Chernikov
914bffb6SAlexander V. Chernikov	id = (struct ipfw_flow_id *)key;
914bffb6SAlexander V. Chernikov	head = (struct fhashbhead *)ti->state;
914bffb6SAlexander V. Chernikov	hsize = ti->data;
914bffb6SAlexander V. Chernikov	m4 = (struct fhashentry4 *)ti->xstate;
914bffb6SAlexander V. Chernikov
914bffb6SAlexander V. Chernikov	if (id->addr_type == 4) {
914bffb6SAlexander V. Chernikov		struct fhashentry4 f;
914bffb6SAlexander V. Chernikov
914bffb6SAlexander V. Chernikov		/* Copy hash mask */
914bffb6SAlexander V. Chernikov		f = *m4;
914bffb6SAlexander V. Chernikov
914bffb6SAlexander V. Chernikov		f.dip.s_addr &= id->dst_ip;
914bffb6SAlexander V. Chernikov		f.sip.s_addr &= id->src_ip;
914bffb6SAlexander V. Chernikov		f.e.dport &= id->dst_port;
914bffb6SAlexander V. Chernikov		f.e.sport &= id->src_port;
914bffb6SAlexander V. Chernikov		f.e.proto &= id->proto;
914bffb6SAlexander V. Chernikov		hash = hash_flow4(&f, hsize);
914bffb6SAlexander V. Chernikov		SLIST_FOREACH(ent, &head[hash], next) {
914bffb6SAlexander V. Chernikov			if (cmp_flow_ent(ent, &f.e, 2 * 4) != 0) {
914bffb6SAlexander V. Chernikov				*val = ent->value;
914bffb6SAlexander V. Chernikov				return (1);
914bffb6SAlexander V. Chernikov			}
914bffb6SAlexander V. Chernikov		}
914bffb6SAlexander V. Chernikov	} else if (id->addr_type == 6) {
914bffb6SAlexander V. Chernikov		struct fhashentry6 f;
914bffb6SAlexander V. Chernikov		uint64_t *fp, *idp;
914bffb6SAlexander V. Chernikov
914bffb6SAlexander V. Chernikov		/* Copy hash mask */
914bffb6SAlexander V. Chernikov		f = *((struct fhashentry6 *)(m4 + 1));
914bffb6SAlexander V. Chernikov
914bffb6SAlexander V. Chernikov		/* Handle lack of __u6_addr.__u6_addr64 */
914bffb6SAlexander V. Chernikov		fp = (uint64_t *)&f.dip6;
914bffb6SAlexander V. Chernikov		idp = (uint64_t *)&id->dst_ip6;
914bffb6SAlexander V. Chernikov		/* src IPv6 is stored after dst IPv6 */
914bffb6SAlexander V. Chernikov		*fp++ &= *idp++;
914bffb6SAlexander V. Chernikov		*fp++ &= *idp++;
914bffb6SAlexander V. Chernikov		*fp++ &= *idp++;
914bffb6SAlexander V. Chernikov		*fp &= *idp;
914bffb6SAlexander V. Chernikov		f.e.dport &= id->dst_port;
914bffb6SAlexander V. Chernikov		f.e.sport &= id->src_port;
914bffb6SAlexander V. Chernikov		f.e.proto &= id->proto;
914bffb6SAlexander V. Chernikov		hash = hash_flow6(&f, hsize);
914bffb6SAlexander V. Chernikov		SLIST_FOREACH(ent, &head[hash], next) {
914bffb6SAlexander V. Chernikov			if (cmp_flow_ent(ent, &f.e, 2 * 16) != 0) {
914bffb6SAlexander V. Chernikov				*val = ent->value;
914bffb6SAlexander V. Chernikov				return (1);
914bffb6SAlexander V. Chernikov			}
914bffb6SAlexander V. Chernikov		}
914bffb6SAlexander V. Chernikov	}
914bffb6SAlexander V. Chernikov
914bffb6SAlexander V. Chernikov	return (0);
914bffb6SAlexander V. Chernikov}
914bffb6SAlexander V. Chernikov
914bffb6SAlexander V. Chernikov/*
914bffb6SAlexander V. Chernikov * New table.
914bffb6SAlexander V. Chernikov */
914bffb6SAlexander V. Chernikovstatic int
914bffb6SAlexander V. Chernikovta_init_fhash(struct ip_fw_chain *ch, void **ta_state, struct table_info *ti,
914bffb6SAlexander V. Chernikov    char *data, uint8_t tflags)
914bffb6SAlexander V. Chernikov{
914bffb6SAlexander V. Chernikov	struct fhash_cfg *cfg;
914bffb6SAlexander V. Chernikov	struct fhashentry4 *fe4;
914bffb6SAlexander V. Chernikov	struct fhashentry6 *fe6;
d821d364SPedro F. Giffuni	u_int i;
914bffb6SAlexander V. Chernikov
914bffb6SAlexander V. Chernikov	cfg = malloc(sizeof(struct fhash_cfg), M_IPFW, M_WAITOK | M_ZERO);
914bffb6SAlexander V. Chernikov
914bffb6SAlexander V. Chernikov	cfg->size = 512;
914bffb6SAlexander V. Chernikov
914bffb6SAlexander V. Chernikov	cfg->head = malloc(sizeof(struct fhashbhead) * cfg->size, M_IPFW,
914bffb6SAlexander V. Chernikov	    M_WAITOK | M_ZERO);
914bffb6SAlexander V. Chernikov	for (i = 0; i < cfg->size; i++)
914bffb6SAlexander V. Chernikov		SLIST_INIT(&cfg->head[i]);
914bffb6SAlexander V. Chernikov
914bffb6SAlexander V. Chernikov	/* Fill in fe masks based on @tflags */
914bffb6SAlexander V. Chernikov	fe4 = &cfg->fe4;
914bffb6SAlexander V. Chernikov	fe6 = &cfg->fe6;
914bffb6SAlexander V. Chernikov	if (tflags & IPFW_TFFLAG_SRCIP) {
914bffb6SAlexander V. Chernikov		memset(&fe4->sip, 0xFF, sizeof(fe4->sip));
914bffb6SAlexander V. Chernikov		memset(&fe6->sip6, 0xFF, sizeof(fe6->sip6));
914bffb6SAlexander V. Chernikov	}
914bffb6SAlexander V. Chernikov	if (tflags & IPFW_TFFLAG_DSTIP) {
914bffb6SAlexander V. Chernikov		memset(&fe4->dip, 0xFF, sizeof(fe4->dip));
914bffb6SAlexander V. Chernikov		memset(&fe6->dip6, 0xFF, sizeof(fe6->dip6));
914bffb6SAlexander V. Chernikov	}
914bffb6SAlexander V. Chernikov	if (tflags & IPFW_TFFLAG_SRCPORT) {
914bffb6SAlexander V. Chernikov		memset(&fe4->e.sport, 0xFF, sizeof(fe4->e.sport));
914bffb6SAlexander V. Chernikov		memset(&fe6->e.sport, 0xFF, sizeof(fe6->e.sport));
914bffb6SAlexander V. Chernikov	}
914bffb6SAlexander V. Chernikov	if (tflags & IPFW_TFFLAG_DSTPORT) {
914bffb6SAlexander V. Chernikov		memset(&fe4->e.dport, 0xFF, sizeof(fe4->e.dport));
914bffb6SAlexander V. Chernikov		memset(&fe6->e.dport, 0xFF, sizeof(fe6->e.dport));
914bffb6SAlexander V. Chernikov	}
914bffb6SAlexander V. Chernikov	if (tflags & IPFW_TFFLAG_PROTO) {
914bffb6SAlexander V. Chernikov		memset(&fe4->e.proto, 0xFF, sizeof(fe4->e.proto));
914bffb6SAlexander V. Chernikov		memset(&fe6->e.proto, 0xFF, sizeof(fe6->e.proto));
914bffb6SAlexander V. Chernikov	}
914bffb6SAlexander V. Chernikov
914bffb6SAlexander V. Chernikov	fe4->e.af = AF_INET;
914bffb6SAlexander V. Chernikov	fe6->e.af = AF_INET6;
914bffb6SAlexander V. Chernikov
914bffb6SAlexander V. Chernikov	*ta_state = cfg;
914bffb6SAlexander V. Chernikov	ti->state = cfg->head;
914bffb6SAlexander V. Chernikov	ti->xstate = &cfg->fe4;
914bffb6SAlexander V. Chernikov	ti->data = cfg->size;
914bffb6SAlexander V. Chernikov	ti->lookup = ta_lookup_fhash;
914bffb6SAlexander V. Chernikov
914bffb6SAlexander V. Chernikov	return (0);
914bffb6SAlexander V. Chernikov}
914bffb6SAlexander V. Chernikov
914bffb6SAlexander V. Chernikovstatic void
914bffb6SAlexander V. Chernikovta_destroy_fhash(void *ta_state, struct table_info *ti)
914bffb6SAlexander V. Chernikov{
914bffb6SAlexander V. Chernikov	struct fhash_cfg *cfg;
914bffb6SAlexander V. Chernikov	struct fhashentry *ent, *ent_next;
914bffb6SAlexander V. Chernikov	int i;
914bffb6SAlexander V. Chernikov
914bffb6SAlexander V. Chernikov	cfg = (struct fhash_cfg *)ta_state;
914bffb6SAlexander V. Chernikov
914bffb6SAlexander V. Chernikov	for (i = 0; i < cfg->size; i++)
914bffb6SAlexander V. Chernikov		SLIST_FOREACH_SAFE(ent, &cfg->head[i], next, ent_next)
914bffb6SAlexander V. Chernikov			free(ent, M_IPFW_TBL);
914bffb6SAlexander V. Chernikov
914bffb6SAlexander V. Chernikov	free(cfg->head, M_IPFW);
914bffb6SAlexander V. Chernikov	free(cfg, M_IPFW);
914bffb6SAlexander V. Chernikov}
914bffb6SAlexander V. Chernikov
5f379342SAlexander V. Chernikov/*
5f379342SAlexander V. Chernikov * Provide algo-specific table info
5f379342SAlexander V. Chernikov */
5f379342SAlexander V. Chernikovstatic void
5f379342SAlexander V. Chernikovta_dump_fhash_tinfo(void *ta_state, struct table_info *ti, ipfw_ta_tinfo *tinfo)
5f379342SAlexander V. Chernikov{
5f379342SAlexander V. Chernikov	struct fhash_cfg *cfg;
5f379342SAlexander V. Chernikov
5f379342SAlexander V. Chernikov	cfg = (struct fhash_cfg *)ta_state;
5f379342SAlexander V. Chernikov
5f379342SAlexander V. Chernikov	tinfo->flags = IPFW_TATFLAGS_AFITEM;
5f379342SAlexander V. Chernikov	tinfo->taclass4 = IPFW_TACLASS_HASH;
5f379342SAlexander V. Chernikov	tinfo->size4 = cfg->size;
5f379342SAlexander V. Chernikov	tinfo->count4 = cfg->items;
5f379342SAlexander V. Chernikov	tinfo->itemsize4 = sizeof(struct fhashentry4);
5f379342SAlexander V. Chernikov	tinfo->itemsize6 = sizeof(struct fhashentry6);
5f379342SAlexander V. Chernikov}
5f379342SAlexander V. Chernikov
914bffb6SAlexander V. Chernikovstatic int
914bffb6SAlexander V. Chernikovta_dump_fhash_tentry(void *ta_state, struct table_info *ti, void *e,
914bffb6SAlexander V. Chernikov    ipfw_obj_tentry *tent)
914bffb6SAlexander V. Chernikov{
914bffb6SAlexander V. Chernikov	struct fhashentry *ent;
914bffb6SAlexander V. Chernikov	struct fhashentry4 *fe4;
9fe15d06SAlexander V. Chernikov#ifdef INET6
914bffb6SAlexander V. Chernikov	struct fhashentry6 *fe6;
9fe15d06SAlexander V. Chernikov#endif
914bffb6SAlexander V. Chernikov	struct tflow_entry *tfe;
914bffb6SAlexander V. Chernikov
914bffb6SAlexander V. Chernikov	ent = (struct fhashentry *)e;
914bffb6SAlexander V. Chernikov	tfe = &tent->k.flow;
914bffb6SAlexander V. Chernikov
914bffb6SAlexander V. Chernikov	tfe->af = ent->af;
914bffb6SAlexander V. Chernikov	tfe->proto = ent->proto;
914bffb6SAlexander V. Chernikov	tfe->dport = htons(ent->dport);
914bffb6SAlexander V. Chernikov	tfe->sport = htons(ent->sport);
0cba2b28SAlexander V. Chernikov	tent->v.kidx = ent->value;
914bffb6SAlexander V. Chernikov	tent->subtype = ent->af;
914bffb6SAlexander V. Chernikov
914bffb6SAlexander V. Chernikov	if (ent->af == AF_INET) {
914bffb6SAlexander V. Chernikov		fe4 = (struct fhashentry4 *)ent;
914bffb6SAlexander V. Chernikov		tfe->a.a4.sip.s_addr = htonl(fe4->sip.s_addr);
914bffb6SAlexander V. Chernikov		tfe->a.a4.dip.s_addr = htonl(fe4->dip.s_addr);
914bffb6SAlexander V. Chernikov		tent->masklen = 32;
914bffb6SAlexander V. Chernikov#ifdef INET6
914bffb6SAlexander V. Chernikov	} else {
914bffb6SAlexander V. Chernikov		fe6 = (struct fhashentry6 *)ent;
914bffb6SAlexander V. Chernikov		tfe->a.a6.sip6 = fe6->sip6;
914bffb6SAlexander V. Chernikov		tfe->a.a6.dip6 = fe6->dip6;
914bffb6SAlexander V. Chernikov		tent->masklen = 128;
914bffb6SAlexander V. Chernikov#endif
914bffb6SAlexander V. Chernikov	}
914bffb6SAlexander V. Chernikov
914bffb6SAlexander V. Chernikov	return (0);
914bffb6SAlexander V. Chernikov}
914bffb6SAlexander V. Chernikov
914bffb6SAlexander V. Chernikovstatic int
914bffb6SAlexander V. Chernikovtei_to_fhash_ent(struct tentry_info *tei, struct fhashentry *ent)
914bffb6SAlexander V. Chernikov{
d699ee2dSAlexander V. Chernikov#ifdef INET
914bffb6SAlexander V. Chernikov	struct fhashentry4 *fe4;
d699ee2dSAlexander V. Chernikov#endif
d699ee2dSAlexander V. Chernikov#ifdef INET6
914bffb6SAlexander V. Chernikov	struct fhashentry6 *fe6;
d699ee2dSAlexander V. Chernikov#endif
914bffb6SAlexander V. Chernikov	struct tflow_entry *tfe;
914bffb6SAlexander V. Chernikov
914bffb6SAlexander V. Chernikov	tfe = (struct tflow_entry *)tei->paddr;
914bffb6SAlexander V. Chernikov
914bffb6SAlexander V. Chernikov	ent->af = tei->subtype;
914bffb6SAlexander V. Chernikov	ent->proto = tfe->proto;
914bffb6SAlexander V. Chernikov	ent->dport = ntohs(tfe->dport);
914bffb6SAlexander V. Chernikov	ent->sport = ntohs(tfe->sport);
914bffb6SAlexander V. Chernikov
914bffb6SAlexander V. Chernikov	if (tei->subtype == AF_INET) {
914bffb6SAlexander V. Chernikov#ifdef INET
914bffb6SAlexander V. Chernikov		fe4 = (struct fhashentry4 *)ent;
914bffb6SAlexander V. Chernikov		fe4->sip.s_addr = ntohl(tfe->a.a4.sip.s_addr);
914bffb6SAlexander V. Chernikov		fe4->dip.s_addr = ntohl(tfe->a.a4.dip.s_addr);
914bffb6SAlexander V. Chernikov#endif
914bffb6SAlexander V. Chernikov#ifdef INET6
914bffb6SAlexander V. Chernikov	} else if (tei->subtype == AF_INET6) {
914bffb6SAlexander V. Chernikov		fe6 = (struct fhashentry6 *)ent;
914bffb6SAlexander V. Chernikov		fe6->sip6 = tfe->a.a6.sip6;
914bffb6SAlexander V. Chernikov		fe6->dip6 = tfe->a.a6.dip6;
914bffb6SAlexander V. Chernikov#endif
914bffb6SAlexander V. Chernikov	} else {
914bffb6SAlexander V. Chernikov		/* Unknown CIDR type */
914bffb6SAlexander V. Chernikov		return (EINVAL);
914bffb6SAlexander V. Chernikov	}
914bffb6SAlexander V. Chernikov
914bffb6SAlexander V. Chernikov	return (0);
914bffb6SAlexander V. Chernikov}
914bffb6SAlexander V. Chernikov
914bffb6SAlexander V. Chernikovstatic int
914bffb6SAlexander V. Chernikovta_find_fhash_tentry(void *ta_state, struct table_info *ti,
914bffb6SAlexander V. Chernikov    ipfw_obj_tentry *tent)
914bffb6SAlexander V. Chernikov{
914bffb6SAlexander V. Chernikov	struct fhash_cfg *cfg;
914bffb6SAlexander V. Chernikov	struct fhashbhead *head;
914bffb6SAlexander V. Chernikov	struct fhashentry *ent, *tmp;
914bffb6SAlexander V. Chernikov	struct fhashentry6 fe6;
914bffb6SAlexander V. Chernikov	struct tentry_info tei;
914bffb6SAlexander V. Chernikov	int error;
914bffb6SAlexander V. Chernikov	uint32_t hash;
914bffb6SAlexander V. Chernikov	size_t sz;
914bffb6SAlexander V. Chernikov
914bffb6SAlexander V. Chernikov	cfg = (struct fhash_cfg *)ta_state;
914bffb6SAlexander V. Chernikov
914bffb6SAlexander V. Chernikov	ent = &fe6.e;
914bffb6SAlexander V. Chernikov
914bffb6SAlexander V. Chernikov	memset(&fe6, 0, sizeof(fe6));
914bffb6SAlexander V. Chernikov	memset(&tei, 0, sizeof(tei));
914bffb6SAlexander V. Chernikov
914bffb6SAlexander V. Chernikov	tei.paddr = &tent->k.flow;
914bffb6SAlexander V. Chernikov	tei.subtype = tent->subtype;
914bffb6SAlexander V. Chernikov
914bffb6SAlexander V. Chernikov	if ((error = tei_to_fhash_ent(&tei, ent)) != 0)
914bffb6SAlexander V. Chernikov		return (error);
914bffb6SAlexander V. Chernikov
914bffb6SAlexander V. Chernikov	head = cfg->head;
914bffb6SAlexander V. Chernikov	hash = hash_flow_ent(ent, cfg->size);
914bffb6SAlexander V. Chernikov
914bffb6SAlexander V. Chernikov	if (tei.subtype == AF_INET)
914bffb6SAlexander V. Chernikov		sz = 2 * sizeof(struct in_addr);
914bffb6SAlexander V. Chernikov	else
914bffb6SAlexander V. Chernikov		sz = 2 * sizeof(struct in6_addr);
914bffb6SAlexander V. Chernikov
914bffb6SAlexander V. Chernikov	/* Check for existence */
914bffb6SAlexander V. Chernikov	SLIST_FOREACH(tmp, &head[hash], next) {
914bffb6SAlexander V. Chernikov		if (cmp_flow_ent(tmp, ent, sz) != 0) {
914bffb6SAlexander V. Chernikov			ta_dump_fhash_tentry(ta_state, ti, tmp, tent);
914bffb6SAlexander V. Chernikov			return (0);
914bffb6SAlexander V. Chernikov		}
914bffb6SAlexander V. Chernikov	}
914bffb6SAlexander V. Chernikov
914bffb6SAlexander V. Chernikov	return (ENOENT);
914bffb6SAlexander V. Chernikov}
914bffb6SAlexander V. Chernikov
914bffb6SAlexander V. Chernikovstatic void
914bffb6SAlexander V. Chernikovta_foreach_fhash(void *ta_state, struct table_info *ti, ta_foreach_f *f,
914bffb6SAlexander V. Chernikov    void *arg)
914bffb6SAlexander V. Chernikov{
914bffb6SAlexander V. Chernikov	struct fhash_cfg *cfg;
914bffb6SAlexander V. Chernikov	struct fhashentry *ent, *ent_next;
914bffb6SAlexander V. Chernikov	int i;
914bffb6SAlexander V. Chernikov
914bffb6SAlexander V. Chernikov	cfg = (struct fhash_cfg *)ta_state;
914bffb6SAlexander V. Chernikov
914bffb6SAlexander V. Chernikov	for (i = 0; i < cfg->size; i++)
914bffb6SAlexander V. Chernikov		SLIST_FOREACH_SAFE(ent, &cfg->head[i], next, ent_next)
914bffb6SAlexander V. Chernikov			f(ent, arg);
914bffb6SAlexander V. Chernikov}
914bffb6SAlexander V. Chernikov
914bffb6SAlexander V. Chernikovstatic int
914bffb6SAlexander V. Chernikovta_prepare_add_fhash(struct ip_fw_chain *ch, struct tentry_info *tei,
914bffb6SAlexander V. Chernikov    void *ta_buf)
914bffb6SAlexander V. Chernikov{
914bffb6SAlexander V. Chernikov	struct ta_buf_fhash *tb;
914bffb6SAlexander V. Chernikov	struct fhashentry *ent;
914bffb6SAlexander V. Chernikov	size_t sz;
914bffb6SAlexander V. Chernikov	int error;
914bffb6SAlexander V. Chernikov
914bffb6SAlexander V. Chernikov	tb = (struct ta_buf_fhash *)ta_buf;
914bffb6SAlexander V. Chernikov
914bffb6SAlexander V. Chernikov	if (tei->subtype == AF_INET)
914bffb6SAlexander V. Chernikov		sz = sizeof(struct fhashentry4);
914bffb6SAlexander V. Chernikov	else if (tei->subtype == AF_INET6)
914bffb6SAlexander V. Chernikov		sz = sizeof(struct fhashentry6);
914bffb6SAlexander V. Chernikov	else
914bffb6SAlexander V. Chernikov		return (EINVAL);
914bffb6SAlexander V. Chernikov
914bffb6SAlexander V. Chernikov	ent = malloc(sz, M_IPFW_TBL, M_WAITOK | M_ZERO);
914bffb6SAlexander V. Chernikov
914bffb6SAlexander V. Chernikov	error = tei_to_fhash_ent(tei, ent);
914bffb6SAlexander V. Chernikov	if (error != 0) {
914bffb6SAlexander V. Chernikov		free(ent, M_IPFW_TBL);
914bffb6SAlexander V. Chernikov		return (error);
914bffb6SAlexander V. Chernikov	}
914bffb6SAlexander V. Chernikov	tb->ent_ptr = ent;
914bffb6SAlexander V. Chernikov
914bffb6SAlexander V. Chernikov	return (0);
914bffb6SAlexander V. Chernikov}
914bffb6SAlexander V. Chernikov
914bffb6SAlexander V. Chernikovstatic int
914bffb6SAlexander V. Chernikovta_add_fhash(void *ta_state, struct table_info *ti, struct tentry_info *tei,
b6ee846eSAlexander V. Chernikov    void *ta_buf, uint32_t *pnum)
914bffb6SAlexander V. Chernikov{
914bffb6SAlexander V. Chernikov	struct fhash_cfg *cfg;
914bffb6SAlexander V. Chernikov	struct fhashbhead *head;
914bffb6SAlexander V. Chernikov	struct fhashentry *ent, *tmp;
914bffb6SAlexander V. Chernikov	struct ta_buf_fhash *tb;
914bffb6SAlexander V. Chernikov	int exists;
648e8380SAlexander V. Chernikov	uint32_t hash, value;
914bffb6SAlexander V. Chernikov	size_t sz;
914bffb6SAlexander V. Chernikov
914bffb6SAlexander V. Chernikov	cfg = (struct fhash_cfg *)ta_state;
914bffb6SAlexander V. Chernikov	tb = (struct ta_buf_fhash *)ta_buf;
914bffb6SAlexander V. Chernikov	ent = (struct fhashentry *)tb->ent_ptr;
914bffb6SAlexander V. Chernikov	exists = 0;
914bffb6SAlexander V. Chernikov
13263632SAlexander V. Chernikov	/* Read current value from @tei */
13263632SAlexander V. Chernikov	ent->value = tei->value;
13263632SAlexander V. Chernikov
914bffb6SAlexander V. Chernikov	head = cfg->head;
914bffb6SAlexander V. Chernikov	hash = hash_flow_ent(ent, cfg->size);
914bffb6SAlexander V. Chernikov
914bffb6SAlexander V. Chernikov	if (tei->subtype == AF_INET)
914bffb6SAlexander V. Chernikov		sz = 2 * sizeof(struct in_addr);
914bffb6SAlexander V. Chernikov	else
914bffb6SAlexander V. Chernikov		sz = 2 * sizeof(struct in6_addr);
914bffb6SAlexander V. Chernikov
914bffb6SAlexander V. Chernikov	/* Check for existence */
914bffb6SAlexander V. Chernikov	SLIST_FOREACH(tmp, &head[hash], next) {
914bffb6SAlexander V. Chernikov		if (cmp_flow_ent(tmp, ent, sz) != 0) {
914bffb6SAlexander V. Chernikov			exists = 1;
914bffb6SAlexander V. Chernikov			break;
914bffb6SAlexander V. Chernikov		}
914bffb6SAlexander V. Chernikov	}
914bffb6SAlexander V. Chernikov
914bffb6SAlexander V. Chernikov	if (exists == 1) {
914bffb6SAlexander V. Chernikov		if ((tei->flags & TEI_FLAGS_UPDATE) == 0)
914bffb6SAlexander V. Chernikov			return (EEXIST);
914bffb6SAlexander V. Chernikov		/* Record already exists. Update value if we're asked to */
648e8380SAlexander V. Chernikov		/* Exchange values between tmp and @tei */
648e8380SAlexander V. Chernikov		value = tmp->value;
914bffb6SAlexander V. Chernikov		tmp->value = tei->value;
648e8380SAlexander V. Chernikov		tei->value = value;
914bffb6SAlexander V. Chernikov		/* Indicate that update has happened instead of addition */
914bffb6SAlexander V. Chernikov		tei->flags |= TEI_FLAGS_UPDATED;
914bffb6SAlexander V. Chernikov		*pnum = 0;
914bffb6SAlexander V. Chernikov	} else {
4c0c07a5SAlexander V. Chernikov		if ((tei->flags & TEI_FLAGS_DONTADD) != 0)
4c0c07a5SAlexander V. Chernikov			return (EFBIG);
4c0c07a5SAlexander V. Chernikov
914bffb6SAlexander V. Chernikov		SLIST_INSERT_HEAD(&head[hash], ent, next);
914bffb6SAlexander V. Chernikov		tb->ent_ptr = NULL;
914bffb6SAlexander V. Chernikov		*pnum = 1;
914bffb6SAlexander V. Chernikov
914bffb6SAlexander V. Chernikov		/* Update counters and check if we need to grow hash */
914bffb6SAlexander V. Chernikov		cfg->items++;
914bffb6SAlexander V. Chernikov	}
914bffb6SAlexander V. Chernikov
914bffb6SAlexander V. Chernikov	return (0);
914bffb6SAlexander V. Chernikov}
914bffb6SAlexander V. Chernikov
914bffb6SAlexander V. Chernikovstatic int
914bffb6SAlexander V. Chernikovta_prepare_del_fhash(struct ip_fw_chain *ch, struct tentry_info *tei,
914bffb6SAlexander V. Chernikov    void *ta_buf)
914bffb6SAlexander V. Chernikov{
914bffb6SAlexander V. Chernikov	struct ta_buf_fhash *tb;
914bffb6SAlexander V. Chernikov
914bffb6SAlexander V. Chernikov	tb = (struct ta_buf_fhash *)ta_buf;
914bffb6SAlexander V. Chernikov
914bffb6SAlexander V. Chernikov	return (tei_to_fhash_ent(tei, &tb->fe6.e));
914bffb6SAlexander V. Chernikov}
914bffb6SAlexander V. Chernikov
914bffb6SAlexander V. Chernikovstatic int
914bffb6SAlexander V. Chernikovta_del_fhash(void *ta_state, struct table_info *ti, struct tentry_info *tei,
b6ee846eSAlexander V. Chernikov    void *ta_buf, uint32_t *pnum)
914bffb6SAlexander V. Chernikov{
914bffb6SAlexander V. Chernikov	struct fhash_cfg *cfg;
914bffb6SAlexander V. Chernikov	struct fhashbhead *head;
914bffb6SAlexander V. Chernikov	struct fhashentry *ent, *tmp;
914bffb6SAlexander V. Chernikov	struct ta_buf_fhash *tb;
914bffb6SAlexander V. Chernikov	uint32_t hash;
914bffb6SAlexander V. Chernikov	size_t sz;
914bffb6SAlexander V. Chernikov
914bffb6SAlexander V. Chernikov	cfg = (struct fhash_cfg *)ta_state;
914bffb6SAlexander V. Chernikov	tb = (struct ta_buf_fhash *)ta_buf;
914bffb6SAlexander V. Chernikov	ent = &tb->fe6.e;
914bffb6SAlexander V. Chernikov
914bffb6SAlexander V. Chernikov	head = cfg->head;
914bffb6SAlexander V. Chernikov	hash = hash_flow_ent(ent, cfg->size);
914bffb6SAlexander V. Chernikov
914bffb6SAlexander V. Chernikov	if (tei->subtype == AF_INET)
914bffb6SAlexander V. Chernikov		sz = 2 * sizeof(struct in_addr);
914bffb6SAlexander V. Chernikov	else
914bffb6SAlexander V. Chernikov		sz = 2 * sizeof(struct in6_addr);
914bffb6SAlexander V. Chernikov
914bffb6SAlexander V. Chernikov	/* Check for existence */
914bffb6SAlexander V. Chernikov	SLIST_FOREACH(tmp, &head[hash], next) {
648e8380SAlexander V. Chernikov		if (cmp_flow_ent(tmp, ent, sz) == 0)
648e8380SAlexander V. Chernikov			continue;
648e8380SAlexander V. Chernikov
914bffb6SAlexander V. Chernikov		SLIST_REMOVE(&head[hash], tmp, fhashentry, next);
648e8380SAlexander V. Chernikov		tei->value = tmp->value;
914bffb6SAlexander V. Chernikov		*pnum = 1;
914bffb6SAlexander V. Chernikov		cfg->items--;
648e8380SAlexander V. Chernikov		tb->ent_ptr = tmp;
914bffb6SAlexander V. Chernikov		return (0);
914bffb6SAlexander V. Chernikov	}
914bffb6SAlexander V. Chernikov
914bffb6SAlexander V. Chernikov	return (ENOENT);
914bffb6SAlexander V. Chernikov}
914bffb6SAlexander V. Chernikov
914bffb6SAlexander V. Chernikovstatic void
914bffb6SAlexander V. Chernikovta_flush_fhash_entry(struct ip_fw_chain *ch, struct tentry_info *tei,
914bffb6SAlexander V. Chernikov    void *ta_buf)
914bffb6SAlexander V. Chernikov{
914bffb6SAlexander V. Chernikov	struct ta_buf_fhash *tb;
914bffb6SAlexander V. Chernikov
914bffb6SAlexander V. Chernikov	tb = (struct ta_buf_fhash *)ta_buf;
914bffb6SAlexander V. Chernikov
914bffb6SAlexander V. Chernikov	if (tb->ent_ptr != NULL)
914bffb6SAlexander V. Chernikov		free(tb->ent_ptr, M_IPFW_TBL);
914bffb6SAlexander V. Chernikov}
914bffb6SAlexander V. Chernikov
914bffb6SAlexander V. Chernikov/*
914bffb6SAlexander V. Chernikov * Hash growing callbacks.
914bffb6SAlexander V. Chernikov */
914bffb6SAlexander V. Chernikov
b6ee846eSAlexander V. Chernikovstatic int
301290bcSAlexander V. Chernikovta_need_modify_fhash(void *ta_state, struct table_info *ti, uint32_t count,
b6ee846eSAlexander V. Chernikov    uint64_t *pflags)
b6ee846eSAlexander V. Chernikov{
b6ee846eSAlexander V. Chernikov	struct fhash_cfg *cfg;
b6ee846eSAlexander V. Chernikov
b6ee846eSAlexander V. Chernikov	cfg = (struct fhash_cfg *)ta_state;
b6ee846eSAlexander V. Chernikov
b6ee846eSAlexander V. Chernikov	if (cfg->items > cfg->size && cfg->size < 65536) {
b6ee846eSAlexander V. Chernikov		*pflags = cfg->size * 2;
301290bcSAlexander V. Chernikov		return (1);
b6ee846eSAlexander V. Chernikov	}
b6ee846eSAlexander V. Chernikov
301290bcSAlexander V. Chernikov	return (0);
b6ee846eSAlexander V. Chernikov}
b6ee846eSAlexander V. Chernikov
914bffb6SAlexander V. Chernikov/*
914bffb6SAlexander V. Chernikov * Allocate new, larger fhash.
914bffb6SAlexander V. Chernikov */
914bffb6SAlexander V. Chernikovstatic int
914bffb6SAlexander V. Chernikovta_prepare_mod_fhash(void *ta_buf, uint64_t *pflags)
914bffb6SAlexander V. Chernikov{
914bffb6SAlexander V. Chernikov	struct mod_item *mi;
914bffb6SAlexander V. Chernikov	struct fhashbhead *head;
d821d364SPedro F. Giffuni	u_int i;
914bffb6SAlexander V. Chernikov
914bffb6SAlexander V. Chernikov	mi = (struct mod_item *)ta_buf;
914bffb6SAlexander V. Chernikov
914bffb6SAlexander V. Chernikov	memset(mi, 0, sizeof(struct mod_item));
914bffb6SAlexander V. Chernikov	mi->size = *pflags;
914bffb6SAlexander V. Chernikov	head = malloc(sizeof(struct fhashbhead) * mi->size, M_IPFW,
914bffb6SAlexander V. Chernikov	    M_WAITOK | M_ZERO);
914bffb6SAlexander V. Chernikov	for (i = 0; i < mi->size; i++)
914bffb6SAlexander V. Chernikov		SLIST_INIT(&head[i]);
914bffb6SAlexander V. Chernikov
914bffb6SAlexander V. Chernikov	mi->main_ptr = head;
914bffb6SAlexander V. Chernikov
914bffb6SAlexander V. Chernikov	return (0);
914bffb6SAlexander V. Chernikov}
914bffb6SAlexander V. Chernikov
914bffb6SAlexander V. Chernikov/*
914bffb6SAlexander V. Chernikov * Copy data from old runtime array to new one.
914bffb6SAlexander V. Chernikov */
914bffb6SAlexander V. Chernikovstatic int
914bffb6SAlexander V. Chernikovta_fill_mod_fhash(void *ta_state, struct table_info *ti, void *ta_buf,
914bffb6SAlexander V. Chernikov    uint64_t *pflags)
914bffb6SAlexander V. Chernikov{
914bffb6SAlexander V. Chernikov
914bffb6SAlexander V. Chernikov	/* In is not possible to do rehash if we're not holidng WLOCK. */
914bffb6SAlexander V. Chernikov	return (0);
914bffb6SAlexander V. Chernikov}
914bffb6SAlexander V. Chernikov
914bffb6SAlexander V. Chernikov/*
914bffb6SAlexander V. Chernikov * Switch old & new arrays.
914bffb6SAlexander V. Chernikov */
301290bcSAlexander V. Chernikovstatic void
914bffb6SAlexander V. Chernikovta_modify_fhash(void *ta_state, struct table_info *ti, void *ta_buf,
914bffb6SAlexander V. Chernikov    uint64_t pflags)
914bffb6SAlexander V. Chernikov{
914bffb6SAlexander V. Chernikov	struct mod_item *mi;
914bffb6SAlexander V. Chernikov	struct fhash_cfg *cfg;
914bffb6SAlexander V. Chernikov	struct fhashbhead *old_head, *new_head;
914bffb6SAlexander V. Chernikov	struct fhashentry *ent, *ent_next;
914bffb6SAlexander V. Chernikov	int i;
914bffb6SAlexander V. Chernikov	uint32_t nhash;
914bffb6SAlexander V. Chernikov	size_t old_size;
914bffb6SAlexander V. Chernikov
914bffb6SAlexander V. Chernikov	mi = (struct mod_item *)ta_buf;
914bffb6SAlexander V. Chernikov	cfg = (struct fhash_cfg *)ta_state;
914bffb6SAlexander V. Chernikov
914bffb6SAlexander V. Chernikov	old_size = cfg->size;
914bffb6SAlexander V. Chernikov	old_head = ti->state;
914bffb6SAlexander V. Chernikov
914bffb6SAlexander V. Chernikov	new_head = (struct fhashbhead *)mi->main_ptr;
914bffb6SAlexander V. Chernikov	for (i = 0; i < old_size; i++) {
914bffb6SAlexander V. Chernikov		SLIST_FOREACH_SAFE(ent, &old_head[i], next, ent_next) {
914bffb6SAlexander V. Chernikov			nhash = hash_flow_ent(ent, mi->size);
914bffb6SAlexander V. Chernikov			SLIST_INSERT_HEAD(&new_head[nhash], ent, next);
914bffb6SAlexander V. Chernikov		}
914bffb6SAlexander V. Chernikov	}
914bffb6SAlexander V. Chernikov
914bffb6SAlexander V. Chernikov	ti->state = new_head;
914bffb6SAlexander V. Chernikov	ti->data = mi->size;
914bffb6SAlexander V. Chernikov	cfg->head = new_head;
914bffb6SAlexander V. Chernikov	cfg->size = mi->size;
914bffb6SAlexander V. Chernikov
914bffb6SAlexander V. Chernikov	mi->main_ptr = old_head;
914bffb6SAlexander V. Chernikov}
914bffb6SAlexander V. Chernikov
914bffb6SAlexander V. Chernikov/*
914bffb6SAlexander V. Chernikov * Free unneded array.
914bffb6SAlexander V. Chernikov */
914bffb6SAlexander V. Chernikovstatic void
914bffb6SAlexander V. Chernikovta_flush_mod_fhash(void *ta_buf)
914bffb6SAlexander V. Chernikov{
914bffb6SAlexander V. Chernikov	struct mod_item *mi;
914bffb6SAlexander V. Chernikov
914bffb6SAlexander V. Chernikov	mi = (struct mod_item *)ta_buf;
914bffb6SAlexander V. Chernikov	if (mi->main_ptr != NULL)
914bffb6SAlexander V. Chernikov		free(mi->main_ptr, M_IPFW);
914bffb6SAlexander V. Chernikov}
914bffb6SAlexander V. Chernikov
914bffb6SAlexander V. Chernikovstruct table_algo flow_hash = {
914bffb6SAlexander V. Chernikov	.name		= "flow:hash",
914bffb6SAlexander V. Chernikov	.type		= IPFW_TABLE_FLOW,
57a1cf95SAlexander V. Chernikov	.flags		= TA_FLAG_DEFAULT,
57a1cf95SAlexander V. Chernikov	.ta_buf_size	= sizeof(struct ta_buf_fhash),
914bffb6SAlexander V. Chernikov	.init		= ta_init_fhash,
914bffb6SAlexander V. Chernikov	.destroy	= ta_destroy_fhash,
914bffb6SAlexander V. Chernikov	.prepare_add	= ta_prepare_add_fhash,
914bffb6SAlexander V. Chernikov	.prepare_del	= ta_prepare_del_fhash,
914bffb6SAlexander V. Chernikov	.add		= ta_add_fhash,
914bffb6SAlexander V. Chernikov	.del		= ta_del_fhash,
914bffb6SAlexander V. Chernikov	.flush_entry	= ta_flush_fhash_entry,
914bffb6SAlexander V. Chernikov	.foreach	= ta_foreach_fhash,
914bffb6SAlexander V. Chernikov	.dump_tentry	= ta_dump_fhash_tentry,
914bffb6SAlexander V. Chernikov	.find_tentry	= ta_find_fhash_tentry,
5f379342SAlexander V. Chernikov	.dump_tinfo	= ta_dump_fhash_tinfo,
301290bcSAlexander V. Chernikov	.need_modify	= ta_need_modify_fhash,
914bffb6SAlexander V. Chernikov	.prepare_mod	= ta_prepare_mod_fhash,
914bffb6SAlexander V. Chernikov	.fill_mod	= ta_fill_mod_fhash,
914bffb6SAlexander V. Chernikov	.modify		= ta_modify_fhash,
914bffb6SAlexander V. Chernikov	.flush_mod	= ta_flush_mod_fhash,
914bffb6SAlexander V. Chernikov};
3fe2ef91SAlexander V. Chernikov
d3b00c08SAlexander V. Chernikov/*
d3b00c08SAlexander V. Chernikov * Kernel fibs bindings.
d3b00c08SAlexander V. Chernikov *
d3b00c08SAlexander V. Chernikov * Implementation:
d3b00c08SAlexander V. Chernikov *
d3b00c08SAlexander V. Chernikov * Runtime part:
d3b00c08SAlexander V. Chernikov * - fully relies on route API
d3b00c08SAlexander V. Chernikov * - fib number is stored in ti->data
d3b00c08SAlexander V. Chernikov *
d3b00c08SAlexander V. Chernikov */
d3b00c08SAlexander V. Chernikov
9fe15d06SAlexander V. Chernikovstatic int ta_lookup_kfib(struct table_info *ti, void *key, uint32_t keylen,
9fe15d06SAlexander V. Chernikov    uint32_t *val);
9fe15d06SAlexander V. Chernikovstatic int kfib_parse_opts(int *pfib, char *data);
9fe15d06SAlexander V. Chernikovstatic void ta_print_kfib_config(void *ta_state, struct table_info *ti,
9fe15d06SAlexander V. Chernikov    char *buf, size_t bufsize);
9fe15d06SAlexander V. Chernikovstatic int ta_init_kfib(struct ip_fw_chain *ch, void **ta_state,
9fe15d06SAlexander V. Chernikov    struct table_info *ti, char *data, uint8_t tflags);
9fe15d06SAlexander V. Chernikovstatic void ta_destroy_kfib(void *ta_state, struct table_info *ti);
9fe15d06SAlexander V. Chernikovstatic void ta_dump_kfib_tinfo(void *ta_state, struct table_info *ti,
9fe15d06SAlexander V. Chernikov    ipfw_ta_tinfo *tinfo);
9fe15d06SAlexander V. Chernikovstatic int ta_dump_kfib_tentry(void *ta_state, struct table_info *ti, void *e,
9fe15d06SAlexander V. Chernikov    ipfw_obj_tentry *tent);
4451d893SAlexander V. Chernikovstatic int ta_dump_kfib_tentry_int(int familt, const struct rtentry *rt,
4451d893SAlexander V. Chernikov    ipfw_obj_tentry *tent);
9fe15d06SAlexander V. Chernikovstatic int ta_find_kfib_tentry(void *ta_state, struct table_info *ti,
9fe15d06SAlexander V. Chernikov    ipfw_obj_tentry *tent);
9fe15d06SAlexander V. Chernikovstatic void ta_foreach_kfib(void *ta_state, struct table_info *ti,
9fe15d06SAlexander V. Chernikov    ta_foreach_f *f, void *arg);
9fe15d06SAlexander V. Chernikov
d3b00c08SAlexander V. Chernikovstatic int
d3b00c08SAlexander V. Chernikovta_lookup_kfib(struct table_info *ti, void *key, uint32_t keylen,
d3b00c08SAlexander V. Chernikov    uint32_t *val)
d3b00c08SAlexander V. Chernikov{
004d3e30SAlexander V. Chernikov#ifdef INET
004d3e30SAlexander V. Chernikov	struct in_addr in;
004d3e30SAlexander V. Chernikov#endif
004d3e30SAlexander V. Chernikov	int error;
d3b00c08SAlexander V. Chernikov
89fc126aSAlexander V. Chernikov	error = ENOENT;
004d3e30SAlexander V. Chernikov#ifdef INET
004d3e30SAlexander V. Chernikov	if (keylen == 4) {
004d3e30SAlexander V. Chernikov		in.s_addr = *(in_addr_t *)key;
6ad7446cSAlexander V. Chernikov		NET_EPOCH_ASSERT();
6ad7446cSAlexander V. Chernikov		error = fib4_lookup(ti->data, in, 0, NHR_NONE, 0) != NULL;
004d3e30SAlexander V. Chernikov	}
004d3e30SAlexander V. Chernikov#endif
004d3e30SAlexander V. Chernikov#ifdef INET6
004d3e30SAlexander V. Chernikov	if (keylen == 6)
6ad7446cSAlexander V. Chernikov		error = fib6_lookup(ti->data, (struct in6_addr *)key,
6ad7446cSAlexander V. Chernikov		    0, NHR_NONE, 0) != NULL;
004d3e30SAlexander V. Chernikov#endif
004d3e30SAlexander V. Chernikov
004d3e30SAlexander V. Chernikov	if (error != 0)
d3b00c08SAlexander V. Chernikov		return (0);
d3b00c08SAlexander V. Chernikov
d3b00c08SAlexander V. Chernikov	*val = 0;
d3b00c08SAlexander V. Chernikov
d3b00c08SAlexander V. Chernikov	return (1);
d3b00c08SAlexander V. Chernikov}
d3b00c08SAlexander V. Chernikov
d3b00c08SAlexander V. Chernikov/* Parse 'fib=%d' */
d3b00c08SAlexander V. Chernikovstatic int
d3b00c08SAlexander V. Chernikovkfib_parse_opts(int *pfib, char *data)
d3b00c08SAlexander V. Chernikov{
d3b00c08SAlexander V. Chernikov	char *pdel, *pend, *s;
d3b00c08SAlexander V. Chernikov	int fibnum;
d3b00c08SAlexander V. Chernikov
d3b00c08SAlexander V. Chernikov	if (data == NULL)
d3b00c08SAlexander V. Chernikov		return (0);
d3b00c08SAlexander V. Chernikov	if ((pdel = strchr(data, ' ')) == NULL)
d3b00c08SAlexander V. Chernikov		return (0);
d3b00c08SAlexander V. Chernikov	while (*pdel == ' ')
d3b00c08SAlexander V. Chernikov		pdel++;
d3b00c08SAlexander V. Chernikov	if (strncmp(pdel, "fib=", 4) != 0)
d3b00c08SAlexander V. Chernikov		return (EINVAL);
d3b00c08SAlexander V. Chernikov	if ((s = strchr(pdel, ' ')) != NULL)
d3b00c08SAlexander V. Chernikov		*s++ = '\0';
d3b00c08SAlexander V. Chernikov
d3b00c08SAlexander V. Chernikov	pdel += 4;
d3b00c08SAlexander V. Chernikov	/* Need \d+ */
d3b00c08SAlexander V. Chernikov	fibnum = strtol(pdel, &pend, 10);
d3b00c08SAlexander V. Chernikov	if (*pend != '\0')
d3b00c08SAlexander V. Chernikov		return (EINVAL);
d3b00c08SAlexander V. Chernikov
d3b00c08SAlexander V. Chernikov	*pfib = fibnum;
d3b00c08SAlexander V. Chernikov
d3b00c08SAlexander V. Chernikov	return (0);
d3b00c08SAlexander V. Chernikov}
d3b00c08SAlexander V. Chernikov
d3b00c08SAlexander V. Chernikovstatic void
d3b00c08SAlexander V. Chernikovta_print_kfib_config(void *ta_state, struct table_info *ti, char *buf,
d3b00c08SAlexander V. Chernikov    size_t bufsize)
d3b00c08SAlexander V. Chernikov{
d3b00c08SAlexander V. Chernikov
d3b00c08SAlexander V. Chernikov	if (ti->data != 0)
c21034b7SAlexander V. Chernikov		snprintf(buf, bufsize, "%s fib=%lu", "addr:kfib", ti->data);
d3b00c08SAlexander V. Chernikov	else
c21034b7SAlexander V. Chernikov		snprintf(buf, bufsize, "%s", "addr:kfib");
d3b00c08SAlexander V. Chernikov}
d3b00c08SAlexander V. Chernikov
d3b00c08SAlexander V. Chernikovstatic int
d3b00c08SAlexander V. Chernikovta_init_kfib(struct ip_fw_chain *ch, void **ta_state, struct table_info *ti,
d3b00c08SAlexander V. Chernikov    char *data, uint8_t tflags)
d3b00c08SAlexander V. Chernikov{
d3b00c08SAlexander V. Chernikov	int error, fibnum;
d3b00c08SAlexander V. Chernikov
d3b00c08SAlexander V. Chernikov	fibnum = 0;
d3b00c08SAlexander V. Chernikov	if ((error = kfib_parse_opts(&fibnum, data)) != 0)
d3b00c08SAlexander V. Chernikov		return (error);
d3b00c08SAlexander V. Chernikov
d3b00c08SAlexander V. Chernikov	if (fibnum >= rt_numfibs)
d3b00c08SAlexander V. Chernikov		return (E2BIG);
d3b00c08SAlexander V. Chernikov
d3b00c08SAlexander V. Chernikov	ti->data = fibnum;
d3b00c08SAlexander V. Chernikov	ti->lookup = ta_lookup_kfib;
d3b00c08SAlexander V. Chernikov
d3b00c08SAlexander V. Chernikov	return (0);
d3b00c08SAlexander V. Chernikov}
d3b00c08SAlexander V. Chernikov
d3b00c08SAlexander V. Chernikov/*
d3b00c08SAlexander V. Chernikov * Destroys table @ti
d3b00c08SAlexander V. Chernikov */
d3b00c08SAlexander V. Chernikovstatic void
d3b00c08SAlexander V. Chernikovta_destroy_kfib(void *ta_state, struct table_info *ti)
d3b00c08SAlexander V. Chernikov{
d3b00c08SAlexander V. Chernikov
d3b00c08SAlexander V. Chernikov}
d3b00c08SAlexander V. Chernikov
d3b00c08SAlexander V. Chernikov/*
d3b00c08SAlexander V. Chernikov * Provide algo-specific table info
d3b00c08SAlexander V. Chernikov */
d3b00c08SAlexander V. Chernikovstatic void
d3b00c08SAlexander V. Chernikovta_dump_kfib_tinfo(void *ta_state, struct table_info *ti, ipfw_ta_tinfo *tinfo)
d3b00c08SAlexander V. Chernikov{
d3b00c08SAlexander V. Chernikov
d3b00c08SAlexander V. Chernikov	tinfo->flags = IPFW_TATFLAGS_AFDATA;
d3b00c08SAlexander V. Chernikov	tinfo->taclass4 = IPFW_TACLASS_RADIX;
d3b00c08SAlexander V. Chernikov	tinfo->count4 = 0;
4451d893SAlexander V. Chernikov	tinfo->itemsize4 = 128; /* table is readonly, value does not matter */
d3b00c08SAlexander V. Chernikov	tinfo->taclass6 = IPFW_TACLASS_RADIX;
d3b00c08SAlexander V. Chernikov	tinfo->count6 = 0;
4451d893SAlexander V. Chernikov	tinfo->itemsize6 = 128;
d3b00c08SAlexander V. Chernikov}
d3b00c08SAlexander V. Chernikov
d3b00c08SAlexander V. Chernikovstatic int
4451d893SAlexander V. Chernikovta_dump_kfib_tentry_int(int family, const struct rtentry *rt,
d3b00c08SAlexander V. Chernikov    ipfw_obj_tentry *tent)
d3b00c08SAlexander V. Chernikov{
4451d893SAlexander V. Chernikov	uint32_t scopeid;
4451d893SAlexander V. Chernikov	int plen;
004d3e30SAlexander V. Chernikov
d699ee2dSAlexander V. Chernikov#ifdef INET
4451d893SAlexander V. Chernikov	if (family == AF_INET) {
4451d893SAlexander V. Chernikov		rt_get_inet_prefix_plen(rt, &tent->k.addr, &plen, &scopeid);
4451d893SAlexander V. Chernikov		tent->masklen = plen;
d3b00c08SAlexander V. Chernikov		tent->subtype = AF_INET;
4451d893SAlexander V. Chernikov		tent->v.kidx = 0;
d699ee2dSAlexander V. Chernikov	}
d699ee2dSAlexander V. Chernikov#endif
2616eaa3SAlexander V. Chernikov#ifdef INET6
4451d893SAlexander V. Chernikov	if (family == AF_INET6) {
4451d893SAlexander V. Chernikov		rt_get_inet6_prefix_plen(rt, &tent->k.addr6, &plen, &scopeid);
4451d893SAlexander V. Chernikov		tent->masklen = plen;
d3b00c08SAlexander V. Chernikov		tent->subtype = AF_INET6;
0cba2b28SAlexander V. Chernikov		tent->v.kidx = 0;
d3b00c08SAlexander V. Chernikov	}
d699ee2dSAlexander V. Chernikov#endif
d3b00c08SAlexander V. Chernikov	return (0);
d3b00c08SAlexander V. Chernikov}
d3b00c08SAlexander V. Chernikov
d3b00c08SAlexander V. Chernikovstatic int
d3b00c08SAlexander V. Chernikovta_find_kfib_tentry(void *ta_state, struct table_info *ti,
d3b00c08SAlexander V. Chernikov    ipfw_obj_tentry *tent)
d3b00c08SAlexander V. Chernikov{
3ad80c65SAlexander V. Chernikov	struct rtentry *rt = NULL;
4451d893SAlexander V. Chernikov	struct route_nhop_data rnd;
4451d893SAlexander V. Chernikov	struct epoch_tracker et;
4451d893SAlexander V. Chernikov	int error;
004d3e30SAlexander V. Chernikov
4451d893SAlexander V. Chernikov	NET_EPOCH_ENTER(et);
3ad80c65SAlexander V. Chernikov
3ad80c65SAlexander V. Chernikov	switch (tent->subtype) {
3ad80c65SAlexander V. Chernikov#ifdef INET
3ad80c65SAlexander V. Chernikov	case AF_INET:
4451d893SAlexander V. Chernikov		rt = fib4_lookup_rt(ti->data, tent->k.addr, 0, 0, &rnd);
3ad80c65SAlexander V. Chernikov		break;
3ad80c65SAlexander V. Chernikov#endif
3ad80c65SAlexander V. Chernikov#ifdef INET6
3ad80c65SAlexander V. Chernikov	case AF_INET6:
4451d893SAlexander V. Chernikov		rt = fib6_lookup_rt(ti->data, &tent->k.addr6, 0, 0, &rnd);
3ad80c65SAlexander V. Chernikov		break;
3ad80c65SAlexander V. Chernikov#endif
4451d893SAlexander V. Chernikov	}
4451d893SAlexander V. Chernikov	if (rt != NULL)
4451d893SAlexander V. Chernikov		error = ta_dump_kfib_tentry_int(tent->subtype, rt, tent);
4451d893SAlexander V. Chernikov	else
4451d893SAlexander V. Chernikov		error = ENOENT;
4451d893SAlexander V. Chernikov	NET_EPOCH_EXIT(et);
4451d893SAlexander V. Chernikov
4451d893SAlexander V. Chernikov	return (error);
d3b00c08SAlexander V. Chernikov}
d3b00c08SAlexander V. Chernikov
4451d893SAlexander V. Chernikovstruct kfib_dump_arg {
4451d893SAlexander V. Chernikov	struct rtentry *rt;
4451d893SAlexander V. Chernikov	int		family;
4451d893SAlexander V. Chernikov	ta_foreach_f	*f;
4451d893SAlexander V. Chernikov	void		*arg;
4451d893SAlexander V. Chernikov};
004d3e30SAlexander V. Chernikov
4451d893SAlexander V. Chernikovstatic int
4451d893SAlexander V. Chernikovta_dump_kfib_tentry(void *ta_state, struct table_info *ti, void *e,
4451d893SAlexander V. Chernikov    ipfw_obj_tentry *tent)
4451d893SAlexander V. Chernikov{
4451d893SAlexander V. Chernikov	struct kfib_dump_arg *karg = (struct kfib_dump_arg *)e;
004d3e30SAlexander V. Chernikov
4451d893SAlexander V. Chernikov	return (ta_dump_kfib_tentry_int(karg->family, karg->rt, tent));
4451d893SAlexander V. Chernikov}
4451d893SAlexander V. Chernikov
4451d893SAlexander V. Chernikovstatic int
4451d893SAlexander V. Chernikovwalk_wrapper_f(struct rtentry *rt, void *arg)
4451d893SAlexander V. Chernikov{
4451d893SAlexander V. Chernikov	struct kfib_dump_arg *karg = (struct kfib_dump_arg *)arg;
4451d893SAlexander V. Chernikov
4451d893SAlexander V. Chernikov	karg->rt = rt;
4451d893SAlexander V. Chernikov	return (karg->f(karg, karg->arg));
d3b00c08SAlexander V. Chernikov}
d3b00c08SAlexander V. Chernikov
d3b00c08SAlexander V. Chernikovstatic void
d3b00c08SAlexander V. Chernikovta_foreach_kfib(void *ta_state, struct table_info *ti, ta_foreach_f *f,
d3b00c08SAlexander V. Chernikov    void *arg)
d3b00c08SAlexander V. Chernikov{
4451d893SAlexander V. Chernikov	struct kfib_dump_arg karg = { .f = f, .arg = arg };
d3b00c08SAlexander V. Chernikov
4451d893SAlexander V. Chernikov	karg.family = AF_INET;
4451d893SAlexander V. Chernikov	rib_walk(ti->data, AF_INET, false, walk_wrapper_f, &karg);
4451d893SAlexander V. Chernikov	karg.family = AF_INET6;
4451d893SAlexander V. Chernikov	rib_walk(ti->data, AF_INET6, false, walk_wrapper_f, &karg);
d3b00c08SAlexander V. Chernikov}
d3b00c08SAlexander V. Chernikov
c21034b7SAlexander V. Chernikovstruct table_algo addr_kfib = {
c21034b7SAlexander V. Chernikov	.name		= "addr:kfib",
c21034b7SAlexander V. Chernikov	.type		= IPFW_TABLE_ADDR,
d3b00c08SAlexander V. Chernikov	.flags		= TA_FLAG_READONLY,
d3b00c08SAlexander V. Chernikov	.ta_buf_size	= 0,
d3b00c08SAlexander V. Chernikov	.init		= ta_init_kfib,
d3b00c08SAlexander V. Chernikov	.destroy	= ta_destroy_kfib,
d3b00c08SAlexander V. Chernikov	.foreach	= ta_foreach_kfib,
d3b00c08SAlexander V. Chernikov	.dump_tentry	= ta_dump_kfib_tentry,
d3b00c08SAlexander V. Chernikov	.find_tentry	= ta_find_kfib_tentry,
d3b00c08SAlexander V. Chernikov	.dump_tinfo	= ta_dump_kfib_tinfo,
d3b00c08SAlexander V. Chernikov	.print_config	= ta_print_kfib_config,
d3b00c08SAlexander V. Chernikov};
d3b00c08SAlexander V. Chernikov
81cac390SArseny Smalyukstruct mac_radix_entry {
81cac390SArseny Smalyuk	struct radix_node	rn[2];
*4a77657cSAndrey V. Elsukov	struct sa_mac		sa;
81cac390SArseny Smalyuk	uint32_t		value;
81cac390SArseny Smalyuk	uint8_t			masklen;
81cac390SArseny Smalyuk};
81cac390SArseny Smalyuk
81cac390SArseny Smalyukstruct mac_radix_cfg {
81cac390SArseny Smalyuk	struct radix_node_head	*head;
81cac390SArseny Smalyuk	size_t			count;
81cac390SArseny Smalyuk};
81cac390SArseny Smalyuk
81cac390SArseny Smalyukstatic int
81cac390SArseny Smalyukta_lookup_mac_radix(struct table_info *ti, void *key, uint32_t keylen,
81cac390SArseny Smalyuk    uint32_t *val)
81cac390SArseny Smalyuk{
81cac390SArseny Smalyuk	struct radix_node_head *rnh;
81cac390SArseny Smalyuk
81cac390SArseny Smalyuk	if (keylen == ETHER_ADDR_LEN) {
81cac390SArseny Smalyuk		struct mac_radix_entry *ent;
81cac390SArseny Smalyuk		struct sa_mac sa;
81cac390SArseny Smalyuk		KEY_LEN(sa) = KEY_LEN_MAC;
81cac390SArseny Smalyuk		memcpy(sa.mac_addr.octet, key, ETHER_ADDR_LEN);
81cac390SArseny Smalyuk		rnh = (struct radix_node_head *)ti->state;
81cac390SArseny Smalyuk		ent = (struct mac_radix_entry *)(rnh->rnh_matchaddr(&sa, &rnh->rh));
81cac390SArseny Smalyuk		if (ent != NULL) {
81cac390SArseny Smalyuk			*val = ent->value;
81cac390SArseny Smalyuk			return (1);
81cac390SArseny Smalyuk		}
81cac390SArseny Smalyuk	}
81cac390SArseny Smalyuk	return (0);
81cac390SArseny Smalyuk}
81cac390SArseny Smalyuk
81cac390SArseny Smalyukstatic int
81cac390SArseny Smalyukta_init_mac_radix(struct ip_fw_chain *ch, void **ta_state, struct table_info *ti,
81cac390SArseny Smalyuk    char *data, uint8_t tflags)
81cac390SArseny Smalyuk{
81cac390SArseny Smalyuk	struct mac_radix_cfg *cfg;
81cac390SArseny Smalyuk
81cac390SArseny Smalyuk	if (!rn_inithead(&ti->state, OFF_LEN_MAC))
81cac390SArseny Smalyuk		return (ENOMEM);
81cac390SArseny Smalyuk
81cac390SArseny Smalyuk	cfg = malloc(sizeof(struct mac_radix_cfg), M_IPFW, M_WAITOK | M_ZERO);
81cac390SArseny Smalyuk
81cac390SArseny Smalyuk	*ta_state = cfg;
81cac390SArseny Smalyuk	ti->lookup = ta_lookup_mac_radix;
81cac390SArseny Smalyuk
81cac390SArseny Smalyuk	return (0);
81cac390SArseny Smalyuk}
81cac390SArseny Smalyuk
81cac390SArseny Smalyukstatic void
81cac390SArseny Smalyukta_destroy_mac_radix(void *ta_state, struct table_info *ti)
81cac390SArseny Smalyuk{
81cac390SArseny Smalyuk	struct mac_radix_cfg *cfg;
81cac390SArseny Smalyuk	struct radix_node_head *rnh;
81cac390SArseny Smalyuk
81cac390SArseny Smalyuk	cfg = (struct mac_radix_cfg *)ta_state;
81cac390SArseny Smalyuk
81cac390SArseny Smalyuk	rnh = (struct radix_node_head *)(ti->state);
81cac390SArseny Smalyuk	rnh->rnh_walktree(&rnh->rh, flush_radix_entry, rnh);
81cac390SArseny Smalyuk	rn_detachhead(&ti->state);
81cac390SArseny Smalyuk
81cac390SArseny Smalyuk	free(cfg, M_IPFW);
81cac390SArseny Smalyuk}
81cac390SArseny Smalyuk
81cac390SArseny Smalyukstatic void
81cac390SArseny Smalyuktei_to_sockaddr_ent_mac(struct tentry_info *tei, struct sockaddr *sa,
81cac390SArseny Smalyuk    struct sockaddr *ma, int *set_mask)
81cac390SArseny Smalyuk{
81cac390SArseny Smalyuk	int mlen, i;
81cac390SArseny Smalyuk	struct sa_mac *addr, *mask;
81cac390SArseny Smalyuk	u_char *cp;
81cac390SArseny Smalyuk
81cac390SArseny Smalyuk	mlen = tei->masklen;
81cac390SArseny Smalyuk	addr = (struct sa_mac *)sa;
81cac390SArseny Smalyuk	mask = (struct sa_mac *)ma;
81cac390SArseny Smalyuk	/* Set 'total' structure length */
81cac390SArseny Smalyuk	KEY_LEN(*addr) = KEY_LEN_MAC;
81cac390SArseny Smalyuk	KEY_LEN(*mask) = KEY_LEN_MAC;
81cac390SArseny Smalyuk
81cac390SArseny Smalyuk	for (i = mlen, cp = mask->mac_addr.octet; i >= 8; i -= 8)
81cac390SArseny Smalyuk		*cp++ = 0xFF;
81cac390SArseny Smalyuk	if (i > 0)
81cac390SArseny Smalyuk		*cp = ~((1 << (8 - i)) - 1);
81cac390SArseny Smalyuk
81cac390SArseny Smalyuk	addr->mac_addr = *((struct ether_addr *)tei->paddr);
81cac390SArseny Smalyuk	for (i = 0; i < ETHER_ADDR_LEN; ++i)
81cac390SArseny Smalyuk		addr->mac_addr.octet[i] &= mask->mac_addr.octet[i];
81cac390SArseny Smalyuk
81cac390SArseny Smalyuk	if (mlen != 8 * ETHER_ADDR_LEN)
81cac390SArseny Smalyuk		*set_mask = 1;
81cac390SArseny Smalyuk	else
81cac390SArseny Smalyuk		*set_mask = 0;
81cac390SArseny Smalyuk}
81cac390SArseny Smalyuk
81cac390SArseny Smalyukstatic int
81cac390SArseny Smalyukta_prepare_add_mac_radix(struct ip_fw_chain *ch, struct tentry_info *tei,
81cac390SArseny Smalyuk    void *ta_buf)
81cac390SArseny Smalyuk{
81cac390SArseny Smalyuk	struct ta_buf_radix *tb;
81cac390SArseny Smalyuk	struct mac_radix_entry *ent;
81cac390SArseny Smalyuk	struct sockaddr *addr, *mask;
81cac390SArseny Smalyuk	int mlen, set_mask;
81cac390SArseny Smalyuk
81cac390SArseny Smalyuk	tb = (struct ta_buf_radix *)ta_buf;
81cac390SArseny Smalyuk
81cac390SArseny Smalyuk	mlen = tei->masklen;
81cac390SArseny Smalyuk	set_mask = 0;
81cac390SArseny Smalyuk
81cac390SArseny Smalyuk	if (tei->subtype == AF_LINK) {
81cac390SArseny Smalyuk		if (mlen > 8 * ETHER_ADDR_LEN)
81cac390SArseny Smalyuk			return (EINVAL);
81cac390SArseny Smalyuk		ent = malloc(sizeof(*ent), M_IPFW_TBL, M_WAITOK | M_ZERO);
81cac390SArseny Smalyuk		ent->masklen = mlen;
81cac390SArseny Smalyuk
81cac390SArseny Smalyuk		addr = (struct sockaddr *)&ent->sa;
81cac390SArseny Smalyuk		mask = (struct sockaddr *)&tb->addr.mac.ma;
81cac390SArseny Smalyuk		tb->ent_ptr = ent;
81cac390SArseny Smalyuk	} else {
81cac390SArseny Smalyuk		/* Unknown CIDR type */
81cac390SArseny Smalyuk		return (EINVAL);
81cac390SArseny Smalyuk	}
81cac390SArseny Smalyuk
81cac390SArseny Smalyuk	tei_to_sockaddr_ent_mac(tei, addr, mask, &set_mask);
81cac390SArseny Smalyuk	/* Set pointers */
81cac390SArseny Smalyuk	tb->addr_ptr = addr;
81cac390SArseny Smalyuk	if (set_mask != 0)
81cac390SArseny Smalyuk		tb->mask_ptr = mask;
81cac390SArseny Smalyuk
81cac390SArseny Smalyuk	return (0);
81cac390SArseny Smalyuk}
81cac390SArseny Smalyuk
81cac390SArseny Smalyukstatic int
81cac390SArseny Smalyukta_add_mac_radix(void *ta_state, struct table_info *ti, struct tentry_info *tei,
81cac390SArseny Smalyuk    void *ta_buf, uint32_t *pnum)
81cac390SArseny Smalyuk{
81cac390SArseny Smalyuk	struct mac_radix_cfg *cfg;
81cac390SArseny Smalyuk	struct radix_node_head *rnh;
81cac390SArseny Smalyuk	struct radix_node *rn;
81cac390SArseny Smalyuk	struct ta_buf_radix *tb;
81cac390SArseny Smalyuk	uint32_t *old_value, value;
81cac390SArseny Smalyuk
81cac390SArseny Smalyuk	cfg = (struct mac_radix_cfg *)ta_state;
81cac390SArseny Smalyuk	tb = (struct ta_buf_radix *)ta_buf;
81cac390SArseny Smalyuk
81cac390SArseny Smalyuk	/* Save current entry value from @tei */
81cac390SArseny Smalyuk	rnh = ti->state;
81cac390SArseny Smalyuk	((struct mac_radix_entry *)tb->ent_ptr)->value = tei->value;
81cac390SArseny Smalyuk
81cac390SArseny Smalyuk	/* Search for an entry first */
81cac390SArseny Smalyuk	rn = rnh->rnh_lookup(tb->addr_ptr, tb->mask_ptr, &rnh->rh);
81cac390SArseny Smalyuk	if (rn != NULL) {
81cac390SArseny Smalyuk		if ((tei->flags & TEI_FLAGS_UPDATE) == 0)
81cac390SArseny Smalyuk			return (EEXIST);
81cac390SArseny Smalyuk		/* Record already exists. Update value if we're asked to */
81cac390SArseny Smalyuk		old_value = &((struct mac_radix_entry *)rn)->value;
81cac390SArseny Smalyuk
81cac390SArseny Smalyuk		value = *old_value;
81cac390SArseny Smalyuk		*old_value = tei->value;
81cac390SArseny Smalyuk		tei->value = value;
81cac390SArseny Smalyuk
81cac390SArseny Smalyuk		/* Indicate that update has happened instead of addition */
81cac390SArseny Smalyuk		tei->flags |= TEI_FLAGS_UPDATED;
81cac390SArseny Smalyuk		*pnum = 0;
81cac390SArseny Smalyuk
81cac390SArseny Smalyuk		return (0);
81cac390SArseny Smalyuk	}
81cac390SArseny Smalyuk
81cac390SArseny Smalyuk	if ((tei->flags & TEI_FLAGS_DONTADD) != 0)
81cac390SArseny Smalyuk		return (EFBIG);
81cac390SArseny Smalyuk
81cac390SArseny Smalyuk	rn = rnh->rnh_addaddr(tb->addr_ptr, tb->mask_ptr, &rnh->rh, tb->ent_ptr);
81cac390SArseny Smalyuk	if (rn == NULL) {
81cac390SArseny Smalyuk		/* Unknown error */
81cac390SArseny Smalyuk		return (EINVAL);
81cac390SArseny Smalyuk	}
81cac390SArseny Smalyuk
81cac390SArseny Smalyuk	cfg->count++;
81cac390SArseny Smalyuk	tb->ent_ptr = NULL;
81cac390SArseny Smalyuk	*pnum = 1;
81cac390SArseny Smalyuk
81cac390SArseny Smalyuk	return (0);
81cac390SArseny Smalyuk}
81cac390SArseny Smalyuk
81cac390SArseny Smalyukstatic int
81cac390SArseny Smalyukta_prepare_del_mac_radix(struct ip_fw_chain *ch, struct tentry_info *tei,
81cac390SArseny Smalyuk    void *ta_buf)
81cac390SArseny Smalyuk{
81cac390SArseny Smalyuk	struct ta_buf_radix *tb;
81cac390SArseny Smalyuk	struct sockaddr *addr, *mask;
81cac390SArseny Smalyuk	int mlen, set_mask;
81cac390SArseny Smalyuk
81cac390SArseny Smalyuk	tb = (struct ta_buf_radix *)ta_buf;
81cac390SArseny Smalyuk
81cac390SArseny Smalyuk	mlen = tei->masklen;
81cac390SArseny Smalyuk	set_mask = 0;
81cac390SArseny Smalyuk
81cac390SArseny Smalyuk	if (tei->subtype == AF_LINK) {
81cac390SArseny Smalyuk		if (mlen > 8 * ETHER_ADDR_LEN)
81cac390SArseny Smalyuk			return (EINVAL);
81cac390SArseny Smalyuk
81cac390SArseny Smalyuk		addr = (struct sockaddr *)&tb->addr.mac.sa;
81cac390SArseny Smalyuk		mask = (struct sockaddr *)&tb->addr.mac.ma;
81cac390SArseny Smalyuk	} else
81cac390SArseny Smalyuk		return (EINVAL);
81cac390SArseny Smalyuk
81cac390SArseny Smalyuk	tei_to_sockaddr_ent_mac(tei, addr, mask, &set_mask);
81cac390SArseny Smalyuk	tb->addr_ptr = addr;
81cac390SArseny Smalyuk	if (set_mask != 0)
81cac390SArseny Smalyuk		tb->mask_ptr = mask;
81cac390SArseny Smalyuk
81cac390SArseny Smalyuk	return (0);
81cac390SArseny Smalyuk}
81cac390SArseny Smalyuk
81cac390SArseny Smalyukstatic int
81cac390SArseny Smalyukta_del_mac_radix(void *ta_state, struct table_info *ti, struct tentry_info *tei,
81cac390SArseny Smalyuk    void *ta_buf, uint32_t *pnum)
81cac390SArseny Smalyuk{
81cac390SArseny Smalyuk	struct mac_radix_cfg *cfg;
81cac390SArseny Smalyuk	struct radix_node_head *rnh;
81cac390SArseny Smalyuk	struct radix_node *rn;
81cac390SArseny Smalyuk	struct ta_buf_radix *tb;
81cac390SArseny Smalyuk
81cac390SArseny Smalyuk	cfg = (struct mac_radix_cfg *)ta_state;
81cac390SArseny Smalyuk	tb = (struct ta_buf_radix *)ta_buf;
81cac390SArseny Smalyuk	rnh = ti->state;
81cac390SArseny Smalyuk
81cac390SArseny Smalyuk	rn = rnh->rnh_deladdr(tb->addr_ptr, tb->mask_ptr, &rnh->rh);
81cac390SArseny Smalyuk
81cac390SArseny Smalyuk	if (rn == NULL)
81cac390SArseny Smalyuk		return (ENOENT);
81cac390SArseny Smalyuk
81cac390SArseny Smalyuk	/* Save entry value to @tei */
81cac390SArseny Smalyuk	tei->value = ((struct mac_radix_entry *)rn)->value;
81cac390SArseny Smalyuk
81cac390SArseny Smalyuk	tb->ent_ptr = rn;
81cac390SArseny Smalyuk	cfg->count--;
81cac390SArseny Smalyuk	*pnum = 1;
81cac390SArseny Smalyuk
81cac390SArseny Smalyuk	return (0);
81cac390SArseny Smalyuk}
81cac390SArseny Smalyuk
81cac390SArseny Smalyukstatic void
81cac390SArseny Smalyukta_foreach_mac_radix(void *ta_state, struct table_info *ti, ta_foreach_f *f,
81cac390SArseny Smalyuk    void *arg)
81cac390SArseny Smalyuk{
81cac390SArseny Smalyuk	struct radix_node_head *rnh;
81cac390SArseny Smalyuk
81cac390SArseny Smalyuk	rnh = (struct radix_node_head *)(ti->state);
81cac390SArseny Smalyuk	rnh->rnh_walktree(&rnh->rh, (walktree_f_t *)f, arg);
81cac390SArseny Smalyuk}
81cac390SArseny Smalyuk
81cac390SArseny Smalyukstatic void
81cac390SArseny Smalyukta_dump_mac_radix_tinfo(void *ta_state, struct table_info *ti, ipfw_ta_tinfo *tinfo)
81cac390SArseny Smalyuk{
81cac390SArseny Smalyuk	struct mac_radix_cfg *cfg;
81cac390SArseny Smalyuk
81cac390SArseny Smalyuk	cfg = (struct mac_radix_cfg *)ta_state;
81cac390SArseny Smalyuk
81cac390SArseny Smalyuk	tinfo->flags = IPFW_TATFLAGS_AFDATA | IPFW_TATFLAGS_AFITEM;
81cac390SArseny Smalyuk	tinfo->taclass4 = IPFW_TACLASS_RADIX;
81cac390SArseny Smalyuk	tinfo->count4 = cfg->count;
81cac390SArseny Smalyuk	tinfo->itemsize4 = sizeof(struct mac_radix_entry);
81cac390SArseny Smalyuk}
81cac390SArseny Smalyuk
81cac390SArseny Smalyukstatic int
81cac390SArseny Smalyukta_dump_mac_radix_tentry(void *ta_state, struct table_info *ti, void *e,
81cac390SArseny Smalyuk    ipfw_obj_tentry *tent)
81cac390SArseny Smalyuk{
81cac390SArseny Smalyuk	struct mac_radix_entry *n = (struct mac_radix_entry *)e;
81cac390SArseny Smalyuk
81cac390SArseny Smalyuk	memcpy(tent->k.mac, n->sa.mac_addr.octet, ETHER_ADDR_LEN);
81cac390SArseny Smalyuk	tent->masklen = n->masklen;
81cac390SArseny Smalyuk	tent->subtype = AF_LINK;
81cac390SArseny Smalyuk	tent->v.kidx = n->value;
81cac390SArseny Smalyuk
81cac390SArseny Smalyuk	return (0);
81cac390SArseny Smalyuk}
81cac390SArseny Smalyuk
81cac390SArseny Smalyukstatic int
81cac390SArseny Smalyukta_find_mac_radix_tentry(void *ta_state, struct table_info *ti,
81cac390SArseny Smalyuk    ipfw_obj_tentry *tent)
81cac390SArseny Smalyuk{
81cac390SArseny Smalyuk	struct radix_node_head *rnh;
81cac390SArseny Smalyuk	void *e;
81cac390SArseny Smalyuk
81cac390SArseny Smalyuk	e = NULL;
81cac390SArseny Smalyuk	if (tent->subtype == AF_LINK) {
81cac390SArseny Smalyuk		struct sa_mac sa;
81cac390SArseny Smalyuk		KEY_LEN(sa) = KEY_LEN_MAC;
e012d79cSAndrey V. Elsukov		memcpy(sa.mac_addr.octet, tent->k.mac, ETHER_ADDR_LEN);
81cac390SArseny Smalyuk		rnh = (struct radix_node_head *)ti->state;
81cac390SArseny Smalyuk		e = rnh->rnh_matchaddr(&sa, &rnh->rh);
81cac390SArseny Smalyuk	}
81cac390SArseny Smalyuk
81cac390SArseny Smalyuk	if (e != NULL) {
81cac390SArseny Smalyuk		ta_dump_mac_radix_tentry(ta_state, ti, e, tent);
81cac390SArseny Smalyuk		return (0);
81cac390SArseny Smalyuk	}
81cac390SArseny Smalyuk
81cac390SArseny Smalyuk	return (ENOENT);
81cac390SArseny Smalyuk}
81cac390SArseny Smalyuk
81cac390SArseny Smalyukstruct table_algo mac_radix = {
81cac390SArseny Smalyuk	.name		= "mac:radix",
81cac390SArseny Smalyuk	.type		= IPFW_TABLE_MAC,
81cac390SArseny Smalyuk	.flags		= TA_FLAG_DEFAULT,
81cac390SArseny Smalyuk	.ta_buf_size	= sizeof(struct ta_buf_radix),
81cac390SArseny Smalyuk	.init		= ta_init_mac_radix,
81cac390SArseny Smalyuk	.destroy	= ta_destroy_mac_radix,
81cac390SArseny Smalyuk	.prepare_add	= ta_prepare_add_mac_radix,
81cac390SArseny Smalyuk	.prepare_del	= ta_prepare_del_mac_radix,
81cac390SArseny Smalyuk	.add		= ta_add_mac_radix,
81cac390SArseny Smalyuk	.del		= ta_del_mac_radix,
81cac390SArseny Smalyuk	.flush_entry	= ta_flush_radix_entry,
81cac390SArseny Smalyuk	.foreach	= ta_foreach_mac_radix,
81cac390SArseny Smalyuk	.dump_tentry	= ta_dump_mac_radix_tentry,
81cac390SArseny Smalyuk	.find_tentry	= ta_find_mac_radix_tentry,
81cac390SArseny Smalyuk	.dump_tinfo	= ta_dump_mac_radix_tinfo,
81cac390SArseny Smalyuk	.need_modify	= ta_need_modify_radix,
81cac390SArseny Smalyuk};
81cac390SArseny Smalyuk
9f7d47b0SAlexander V. Chernikovvoid
0b565ac0SAlexander V. Chernikovipfw_table_algo_init(struct ip_fw_chain *ch)
9f7d47b0SAlexander V. Chernikov{
0b565ac0SAlexander V. Chernikov	size_t sz;
0b565ac0SAlexander V. Chernikov
9f7d47b0SAlexander V. Chernikov	/*
9f7d47b0SAlexander V. Chernikov	 * Register all algorithms presented here.
9f7d47b0SAlexander V. Chernikov	 */
0b565ac0SAlexander V. Chernikov	sz = sizeof(struct table_algo);
c21034b7SAlexander V. Chernikov	ipfw_add_table_algo(ch, &addr_radix, sz, &addr_radix.idx);
c21034b7SAlexander V. Chernikov	ipfw_add_table_algo(ch, &addr_hash, sz, &addr_hash.idx);
0b565ac0SAlexander V. Chernikov	ipfw_add_table_algo(ch, &iface_idx, sz, &iface_idx.idx);
b23d5de9SAlexander V. Chernikov	ipfw_add_table_algo(ch, &number_array, sz, &number_array.idx);
914bffb6SAlexander V. Chernikov	ipfw_add_table_algo(ch, &flow_hash, sz, &flow_hash.idx);
c21034b7SAlexander V. Chernikov	ipfw_add_table_algo(ch, &addr_kfib, sz, &addr_kfib.idx);
81cac390SArseny Smalyuk	ipfw_add_table_algo(ch, &mac_radix, sz, &mac_radix.idx);
9f7d47b0SAlexander V. Chernikov}
9f7d47b0SAlexander V. Chernikov
9f7d47b0SAlexander V. Chernikovvoid
0b565ac0SAlexander V. Chernikovipfw_table_algo_destroy(struct ip_fw_chain *ch)
9f7d47b0SAlexander V. Chernikov{
0b565ac0SAlexander V. Chernikov
c21034b7SAlexander V. Chernikov	ipfw_del_table_algo(ch, addr_radix.idx);
c21034b7SAlexander V. Chernikov	ipfw_del_table_algo(ch, addr_hash.idx);
0b565ac0SAlexander V. Chernikov	ipfw_del_table_algo(ch, iface_idx.idx);
b23d5de9SAlexander V. Chernikov	ipfw_del_table_algo(ch, number_array.idx);
914bffb6SAlexander V. Chernikov	ipfw_del_table_algo(ch, flow_hash.idx);
c21034b7SAlexander V. Chernikov	ipfw_del_table_algo(ch, addr_kfib.idx);
81cac390SArseny Smalyuk	ipfw_del_table_algo(ch, mac_radix.idx);
9f7d47b0SAlexander V. Chernikov}