inet/ilb/ilb_conn.h

/*
 * CDDL HEADER START
 *
 * The contents of this file are subject to the terms of the
 * Common Development and Distribution License (the "License").
 * You may not use this file except in compliance with the License.
 *
 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
 * or http://www.opensolaris.org/os/licensing.
 * See the License for the specific language governing permissions
 * and limitations under the License.
 *
 * When distributing Covered Code, include this CDDL HEADER in each
 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
 * If applicable, add the following below this CDDL HEADER, with the
 * fields enclosed by brackets "[]" replaced with your own identifying
 * information: Portions Copyright [yyyy] [name of copyright owner]
 *
 * CDDL HEADER END
 */

/*
 * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
 * Use is subject to license terms.
 */

#ifndef _INET_ILB_CONN_H
#define	_INET_ILB_CONN_H

#ifdef __cplusplus
extern "C" {
#endif

struct ilb_conn_s;

/*
 * Struct of the conn hash table bucket
 *
 * ilb_connp: the first conn hash entry in the bucket
 * ilb_conn_hash_lock: mutex to protect the list in the bucket
 * ilb_conn_cnt: number of conn hash entries in this bucket
 */
typedef struct ilb_conn_hash_s {
	struct ilb_conn_s	*ilb_connp;
	kmutex_t		ilb_conn_hash_lock;
	uint32_t		 ilb_conn_cnt;
#if defined(_LP64) || defined(_I32LPx)
	char			ilb_conn_hash_pad[44];
#else
	char			ilb_conn_hash_pad[52];
#endif
} ilb_conn_hash_t;

/*
 * Extracted rule/server info for faster access without holding a reference
 * to a rule or server.
 */
typedef struct ilb_rule_info_s {
	ilb_topo_impl_t		topo;
	ilb_nat_info_t		info;
} ilb_rule_info_t;

/* Info about a TCP connection for tracking */
struct ilb_tcp_track {
	uint32_t		ack;
	uint32_t		fss;
	boolean_t		fin_sent;
	boolean_t		fin_acked;
};

/*
 * Struct to store NAT info of a connection (one direction)
 *
 * conn_daddr: destination address to be matched to find this info
 * conn_saddr: source address to be matched
 * conn_dport: destination port to be matched
 * conn_sport: source port to be matched
 * conn_ip_sum: IP checksum adjustment for NAT
 * conn_tp_sum: tranport checksum adjustment for NAT
 * conn_tcp_track: TCP connection tracking info
 * conn_atime: last access time of this conn cache
 * conn_pkt_cnt: packets processed using this conn
 * conn_next: next conn info (for conn info linked list)
 * conn_prev: previous conn info (for conn info linked list)
 * conn_hash: back pointer to the conn hash table bucket
 */
struct ilb_conn_info {
	in6_addr_t		conn_daddr;
	in6_addr_t		conn_saddr;
	in_port_t		conn_dport;
	in_port_t		conn_sport;
	uint32_t		conn_ip_sum;
	uint32_t		conn_tp_sum;

	struct ilb_tcp_track	conn_tcp_track;

	/* Last access time */
	int64_t			conn_atime;
	uint64_t		conn_pkt_cnt;

	struct ilb_conn_s	*conn_next;
	struct ilb_conn_s	*conn_prev;
	ilb_conn_hash_t		*conn_hash;
};

/*
 * Struct (an entry in the conn hash table) to store a NAT info of a
 * connection (both directions, client to server and server to client)
 *
 * conn_l4: transport protocol used in this NAT connection
 * conn_expry: expiry time of this entry
 * conn_cr_time: creation time of this entry
 * conn_c2s: client to back end server info
 * conn_s2c_ back end server to client info
 * conn_server: pointer to the back end server structure
 * conn_rule_cache: rule information needed for this entry (copied from
 *                  the ilb_rule_t struct)
 * conn_sticky: pointer to the sticky info of this client, used to do
 *              reference counting on the sticky info.
 * conn_gc: indicates whether this entry needs to be garbage collected
 */
typedef struct ilb_conn_s {
	int			conn_l4;

	int64_t			conn_expiry;
	int64_t			conn_cr_time;

	/* Client to server, hash and check info */
	struct ilb_conn_info	conn_c2s;
#define	conn_c2s_daddr		conn_c2s.conn_daddr
#define	conn_c2s_saddr		conn_c2s.conn_saddr
#define	conn_c2s_dport		conn_c2s.conn_dport
#define	conn_c2s_sport		conn_c2s.conn_sport
#define	conn_c2s_next		conn_c2s.conn_next
#define	conn_c2s_prev		conn_c2s.conn_prev
#define	conn_c2s_hash		conn_c2s.conn_hash
#define	conn_c2s_atime		conn_c2s.conn_atime
#define	conn_c2s_pkt_cnt	conn_c2s.conn_pkt_cnt
#define	conn_c2s_ip_sum		conn_c2s.conn_ip_sum
#define	conn_c2s_tp_sum		conn_c2s.conn_tp_sum
#define	conn_c2s_tcp_ack	conn_c2s.conn_tcp_track.ack
#define	conn_c2s_tcp_fss	conn_c2s.conn_tcp_track.fss
#define	conn_c2s_tcp_fin_sent	conn_c2s.conn_tcp_track.fin_sent
#define	conn_c2s_tcp_fin_acked	conn_c2s.conn_tcp_track.fin_acked

	/* Server to client, hash and check info */
	struct ilb_conn_info	conn_s2c;
#define	conn_s2c_daddr		conn_s2c.conn_daddr
#define	conn_s2c_saddr		conn_s2c.conn_saddr
#define	conn_s2c_dport		conn_s2c.conn_dport
#define	conn_s2c_sport		conn_s2c.conn_sport
#define	conn_s2c_next		conn_s2c.conn_next
#define	conn_s2c_prev		conn_s2c.conn_prev
#define	conn_s2c_hash		conn_s2c.conn_hash
#define	conn_s2c_atime		conn_s2c.conn_atime
#define	conn_s2c_pkt_cnt	conn_s2c.conn_pkt_cnt
#define	conn_s2c_ip_sum		conn_s2c.conn_ip_sum
#define	conn_s2c_tp_sum		conn_s2c.conn_tp_sum
#define	conn_s2c_tcp_ack	conn_s2c.conn_tcp_track.ack
#define	conn_s2c_tcp_fss	conn_s2c.conn_tcp_track.fss
#define	conn_s2c_tcp_fin_sent	conn_s2c.conn_tcp_track.fin_sent
#define	conn_s2c_tcp_fin_acked	conn_s2c.conn_tcp_track.fin_acked

	ilb_server_t		*conn_server;
	ilb_rule_info_t		conn_rule_cache;

	/*
	 * If the rule is sticky enabled, all ilb_conn_t created from this
	 * rule will have conn_sticky set to the ilb_sticky_t entry.  Otherwise
	 * conn_sticky is NULL.
	 */
	struct ilb_sticky_s	*conn_sticky;

	boolean_t		conn_gc;
} ilb_conn_t;

/*
 * Struct of the sticky hash table bucket
 *
 * sticky_head: the sticky hash list of this bucket
 * sticky_lock: mutex to protect the list
 * sticki_cnt: number of sticky hash entries in this bucket
 */
typedef struct ilb_sticky_hash_s {
	list_t			sticky_head;
	kmutex_t		sticky_lock;
	uint32_t		sticky_cnt;
#if defined(_LP64) || defined(_I32LPx)
	char			sticky_pad[20];
#else
	char			sticky_pad[36];
#endif
} ilb_sticky_hash_t;

/*
 * Struct to store sticky info of a client.
 *
 * rule_instance: the rule instance for this entry, for look up purpose
 * rule_name: the rule name for this entry
 * server: the back end server for this client
 * src: the client source address
 * expire: the expiry time of this entry
 * atime: the last access time of this entry
 * nat_src_idx: the index to the NAT source array for this client
 * refcnt: reference count
 * list: linked list node
 * hash: back pointer to the sticky hash buckey of this entry
 */
typedef struct ilb_sticky_s {
	uint_t			rule_instance;
	char			rule_name[ILB_RULE_NAMESZ];
	ilb_server_t		*server;
	in6_addr_t		src;
	int64_t			expiry;
	int64_t			atime;
	int			nat_src_idx;

	uint32_t		refcnt;
	list_node_t		list;
	ilb_sticky_hash_t	*hash;
} ilb_sticky_t;

extern void ilb_conn_hash_init(ilb_stack_t *);
extern void ilb_conn_hash_fini(ilb_stack_t *);
extern void ilb_conn_cache_fini(void);
extern void ilb_sticky_hash_init(ilb_stack_t *);
extern void ilb_sticky_hash_fini(ilb_stack_t *);
extern void ilb_sticky_cache_fini(void);

extern boolean_t ilb_check_conn(ilb_stack_t *, int, void *, int, void *,
    in6_addr_t *, in6_addr_t *, in_port_t, in_port_t, uint32_t, in6_addr_t *);
extern boolean_t ilb_check_icmp_conn(ilb_stack_t *, mblk_t *, int, void *,
    void *, in6_addr_t *);
extern int ilb_conn_add(ilb_stack_t *, ilb_rule_t *, ilb_server_t *,
    in6_addr_t *, in_port_t, in6_addr_t *, in_port_t, ilb_nat_info_t *,
    uint32_t *, uint32_t *, struct ilb_sticky_s *);

extern ilb_server_t *ilb_sticky_find_add(ilb_stack_t *, ilb_rule_t *,
    in6_addr_t *, ilb_server_t *, struct ilb_sticky_s **, uint16_t *);
void ilb_sticky_refrele(struct ilb_sticky_s *);

#ifdef __cplusplus
}
#endif

#endif /* _INET_ILB_CONN_H */