1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 22 /* 23 * Copyright 2009 Sun Microsystems, Inc. All rights reserved. 24 * Use is subject to license terms. 25 */ 26 27 /* 28 * Copyright (c) 2017, Joyent, Inc. All rights reserved. 29 */ 30 31 #ifndef _SYS_NETSTACK_H 32 #define _SYS_NETSTACK_H 33 34 #include <sys/kstat.h> 35 #include <sys/cred.h> 36 #include <sys/mutex.h> 37 38 #ifdef __cplusplus 39 extern "C" { 40 #endif 41 42 /* 43 * This allows various pieces in and around IP to have a separate instance 44 * for each instance of IP. This is used to support zones that have an 45 * exclusive stack. 46 * Pieces of software far removed from IP (e.g., kernel software 47 * sitting on top of TCP or UDP) probably should not use the netstack 48 * support; if such software wants to support separate zones it 49 * can do that using the zones framework (zone_key_create() etc) 50 * whether there is a shared IP stack or and exclusive IP stack underneath. 51 */ 52 53 /* 54 * Each netstack has an identifier. We reuse the zoneid allocation for 55 * this but have a separate typedef. Thus the shared stack (used by 56 * the global zone and other shared stack zones) have a zero ID, and 57 * the exclusive stacks have a netstackid that is the same as their zoneid. 58 */ 59 typedef id_t netstackid_t; 60 61 #define GLOBAL_NETSTACKID 0 62 63 /* 64 * One for each module which uses netstack support. 65 * Used in netstack_register(). 66 * 67 * The order of these is important for some modules both for 68 * the creation (which done in ascending order) and destruction (which is 69 * done in in decending order). 70 */ 71 #define NS_ALL -1 /* Match all */ 72 #define NS_DLS 0 73 #define NS_IPTUN 1 74 #define NS_STR 2 /* autopush list etc */ 75 #define NS_HOOK 3 76 #define NS_NETI 4 77 #define NS_ARP 5 78 #define NS_IP 6 79 #define NS_ICMP 7 80 #define NS_UDP 8 81 #define NS_TCP 9 82 #define NS_SCTP 10 83 #define NS_RTS 11 84 #define NS_IPSEC 12 85 #define NS_KEYSOCK 13 86 #define NS_SPDSOCK 14 87 #define NS_IPSECAH 15 88 #define NS_IPSECESP 16 89 #define NS_IPNET 17 90 #define NS_ILB 18 91 #define NS_MAX (NS_ILB+1) 92 93 /* 94 * State maintained for each module which tracks the state of 95 * the create, shutdown and destroy callbacks. 96 * 97 * Keeps track of pending actions to avoid holding locks when 98 * calling into the create/shutdown/destroy functions in the module. 99 */ 100 #ifdef _KERNEL 101 typedef struct { 102 uint16_t nms_flags; 103 kcondvar_t nms_cv; 104 } nm_state_t; 105 106 /* 107 * nms_flags 108 */ 109 #define NSS_CREATE_NEEDED 0x0001 110 #define NSS_CREATE_INPROGRESS 0x0002 111 #define NSS_CREATE_COMPLETED 0x0004 112 #define NSS_SHUTDOWN_NEEDED 0x0010 113 #define NSS_SHUTDOWN_INPROGRESS 0x0020 114 #define NSS_SHUTDOWN_COMPLETED 0x0040 115 #define NSS_DESTROY_NEEDED 0x0100 116 #define NSS_DESTROY_INPROGRESS 0x0200 117 #define NSS_DESTROY_COMPLETED 0x0400 118 119 #define NSS_CREATE_ALL \ 120 (NSS_CREATE_NEEDED|NSS_CREATE_INPROGRESS|NSS_CREATE_COMPLETED) 121 #define NSS_SHUTDOWN_ALL \ 122 (NSS_SHUTDOWN_NEEDED|NSS_SHUTDOWN_INPROGRESS|NSS_SHUTDOWN_COMPLETED) 123 #define NSS_DESTROY_ALL \ 124 (NSS_DESTROY_NEEDED|NSS_DESTROY_INPROGRESS|NSS_DESTROY_COMPLETED) 125 126 #define NSS_ALL_INPROGRESS \ 127 (NSS_CREATE_INPROGRESS|NSS_SHUTDOWN_INPROGRESS|NSS_DESTROY_INPROGRESS) 128 #else 129 /* User-level compile like IP Filter needs a netstack_t. Dummy */ 130 typedef uint_t nm_state_t; 131 #endif /* _KERNEL */ 132 133 /* 134 * One for every netstack in the system. 135 * We use a union so that the compilar and lint can provide type checking - 136 * in principle we could have 137 * #define netstack_arp netstack_modules[NS_ARP] 138 * etc, but that would imply void * types hence no type checking by the 139 * compiler. 140 * 141 * All the fields in netstack_t except netstack_next are protected by 142 * netstack_lock. netstack_next is protected by netstack_g_lock. 143 */ 144 struct netstack { 145 union { 146 void *nu_modules[NS_MAX]; 147 struct { 148 struct dls_stack *nu_dls; 149 struct iptun_stack *nu_iptun; 150 struct str_stack *nu_str; 151 struct hook_stack *nu_hook; 152 struct neti_stack *nu_neti; 153 struct arp_stack *nu_arp; 154 struct ip_stack *nu_ip; 155 struct icmp_stack *nu_icmp; 156 struct udp_stack *nu_udp; 157 struct tcp_stack *nu_tcp; 158 struct sctp_stack *nu_sctp; 159 struct rts_stack *nu_rts; 160 struct ipsec_stack *nu_ipsec; 161 struct keysock_stack *nu_keysock; 162 struct spd_stack *nu_spdsock; 163 struct ipsecah_stack *nu_ipsecah; 164 struct ipsecesp_stack *nu_ipsecesp; 165 struct ipnet_stack *nu_ipnet; 166 struct ilb_stack *nu_ilb; 167 } nu_s; 168 } netstack_u; 169 #define netstack_modules netstack_u.nu_modules 170 #define netstack_dls netstack_u.nu_s.nu_dls 171 #define netstack_iptun netstack_u.nu_s.nu_iptun 172 #define netstack_str netstack_u.nu_s.nu_str 173 #define netstack_hook netstack_u.nu_s.nu_hook 174 #define netstack_neti netstack_u.nu_s.nu_neti 175 #define netstack_arp netstack_u.nu_s.nu_arp 176 #define netstack_ip netstack_u.nu_s.nu_ip 177 #define netstack_icmp netstack_u.nu_s.nu_icmp 178 #define netstack_udp netstack_u.nu_s.nu_udp 179 #define netstack_tcp netstack_u.nu_s.nu_tcp 180 #define netstack_sctp netstack_u.nu_s.nu_sctp 181 #define netstack_rts netstack_u.nu_s.nu_rts 182 #define netstack_ipsec netstack_u.nu_s.nu_ipsec 183 #define netstack_keysock netstack_u.nu_s.nu_keysock 184 #define netstack_spdsock netstack_u.nu_s.nu_spdsock 185 #define netstack_ipsecah netstack_u.nu_s.nu_ipsecah 186 #define netstack_ipsecesp netstack_u.nu_s.nu_ipsecesp 187 #define netstack_ipnet netstack_u.nu_s.nu_ipnet 188 #define netstack_ilb netstack_u.nu_s.nu_ilb 189 190 nm_state_t netstack_m_state[NS_MAX]; /* module state */ 191 192 kmutex_t netstack_lock; 193 struct netstack *netstack_next; 194 netstackid_t netstack_stackid; 195 int netstack_numzones; /* Number of zones using this */ 196 int netstack_refcnt; /* Number of hold-rele */ 197 int netstack_flags; /* See below */ 198 199 #ifdef _KERNEL 200 /* Needed to ensure that we run the callback functions in order */ 201 kcondvar_t netstack_cv; 202 #endif 203 }; 204 typedef struct netstack netstack_t; 205 206 /* netstack_flags values */ 207 #define NSF_UNINIT 0x01 /* Not initialized */ 208 #define NSF_CLOSING 0x02 /* Going away */ 209 #define NSF_ZONE_CREATE 0x04 /* create callbacks inprog */ 210 #define NSF_ZONE_SHUTDOWN 0x08 /* shutdown callbacks */ 211 #define NSF_ZONE_DESTROY 0x10 /* destroy callbacks */ 212 213 #define NSF_ZONE_INPROGRESS \ 214 (NSF_ZONE_CREATE|NSF_ZONE_SHUTDOWN|NSF_ZONE_DESTROY) 215 216 /* 217 * One for each of the NS_* values. 218 */ 219 struct netstack_registry { 220 int nr_flags; /* 0 if nothing registered */ 221 void *(*nr_create)(netstackid_t, netstack_t *); 222 void (*nr_shutdown)(netstackid_t, void *); 223 void (*nr_destroy)(netstackid_t, void *); 224 }; 225 226 /* nr_flags values */ 227 #define NRF_REGISTERED 0x01 228 #define NRF_DYING 0x02 /* No new creates */ 229 230 /* 231 * To support kstat_create_netstack() using kstat_add_zone we need 232 * to track both 233 * - all zoneids that use the global/shared stack 234 * - all kstats that have been added for the shared stack 235 */ 236 237 extern void netstack_init(void); 238 extern void netstack_hold(netstack_t *); 239 extern netstack_t *netstack_hold_if_active(netstack_t *); 240 extern void netstack_rele(netstack_t *); 241 extern netstack_t *netstack_find_by_cred(const cred_t *); 242 extern netstack_t *netstack_find_by_stackid(netstackid_t); 243 extern netstack_t *netstack_find_by_zoneid(zoneid_t); 244 extern boolean_t netstack_inuse_by_stackid(netstackid_t stackid); 245 246 extern zoneid_t netstackid_to_zoneid(netstackid_t); 247 extern zoneid_t netstack_get_zoneid(netstack_t *); 248 extern netstackid_t zoneid_to_netstackid(zoneid_t); 249 250 extern netstack_t *netstack_get_current(void); 251 252 /* 253 * Register interest in changes to the set of netstacks. 254 * The createfn and destroyfn are required, but the shutdownfn can be 255 * NULL. 256 * Note that due to the current zsd implementation, when the create 257 * function is called the zone isn't fully present, thus functions 258 * like zone_find_by_* will fail, hence the create function can not 259 * use many zones kernel functions including zcmn_err(). 260 */ 261 extern void netstack_register(int, 262 void *(*)(netstackid_t, netstack_t *), 263 void (*)(netstackid_t, void *), 264 void (*)(netstackid_t, void *)); 265 extern void netstack_unregister(int); 266 extern kstat_t *kstat_create_netstack(char *, int, char *, char *, uchar_t, 267 uint_t, uchar_t, netstackid_t); 268 extern void kstat_delete_netstack(kstat_t *, netstackid_t); 269 270 /* 271 * Simple support for walking all the netstacks. 272 * The caller of netstack_next() needs to call netstack_rele() when 273 * done with a netstack. 274 */ 275 typedef int netstack_handle_t; 276 277 extern void netstack_next_init(netstack_handle_t *); 278 extern void netstack_next_fini(netstack_handle_t *); 279 extern netstack_t *netstack_next(netstack_handle_t *); 280 281 #ifdef __cplusplus 282 } 283 #endif 284 285 286 #endif /* _SYS_NETSTACK_H */ 287