Changeset View
Changeset View
Standalone View
Standalone View
sys/netpfil/ipfw/nat64/nat64lsn_control.c
/*- | /*- | ||||
* Copyright (c) 2015 Yandex LLC | * SPDX-License-Identifier: BSD-2-Clause-FreeBSD | ||||
* | |||||
* Copyright (c) 2015-2019 Yandex LLC | |||||
* Copyright (c) 2015 Alexander V. Chernikov <melifaro@FreeBSD.org> | * Copyright (c) 2015 Alexander V. Chernikov <melifaro@FreeBSD.org> | ||||
* Copyright (c) 2016 Andrey V. Elsukov <ae@FreeBSD.org> | * Copyright (c) 2015-2019 Andrey V. Elsukov <ae@FreeBSD.org> | ||||
* All rights reserved. | |||||
* | * | ||||
* Redistribution and use in source and binary forms, with or without | * Redistribution and use in source and binary forms, with or without | ||||
* modification, are permitted provided that the following conditions | * modification, are permitted provided that the following conditions | ||||
* are met: | * are met: | ||||
* | * | ||||
* 1. Redistributions of source code must retain the above copyright | * 1. Redistributions of source code must retain the above copyright | ||||
* notice, this list of conditions and the following disclaimer. | * notice, this list of conditions and the following disclaimer. | ||||
* 2. Redistributions in binary form must reproduce the above copyright | * 2. Redistributions in binary form must reproduce the above copyright | ||||
Show All 13 Lines | |||||
*/ | */ | ||||
#include <sys/cdefs.h> | #include <sys/cdefs.h> | ||||
__FBSDID("$FreeBSD$"); | __FBSDID("$FreeBSD$"); | ||||
#include <sys/param.h> | #include <sys/param.h> | ||||
#include <sys/systm.h> | #include <sys/systm.h> | ||||
#include <sys/counter.h> | #include <sys/counter.h> | ||||
#include <sys/ck.h> | |||||
#include <sys/epoch.h> | |||||
#include <sys/errno.h> | #include <sys/errno.h> | ||||
#include <sys/kernel.h> | #include <sys/kernel.h> | ||||
#include <sys/lock.h> | #include <sys/lock.h> | ||||
#include <sys/malloc.h> | #include <sys/malloc.h> | ||||
#include <sys/mbuf.h> | #include <sys/mbuf.h> | ||||
#include <sys/module.h> | #include <sys/module.h> | ||||
#include <sys/rmlock.h> | #include <sys/rmlock.h> | ||||
#include <sys/rwlock.h> | #include <sys/rwlock.h> | ||||
#include <sys/socket.h> | #include <sys/socket.h> | ||||
#include <sys/sockopt.h> | #include <sys/sockopt.h> | ||||
#include <sys/queue.h> | |||||
#include <net/if.h> | #include <net/if.h> | ||||
#include <net/pfil.h> | |||||
#include <netinet/in.h> | #include <netinet/in.h> | ||||
#include <netinet/ip.h> | #include <netinet/ip.h> | ||||
#include <netinet/ip_var.h> | #include <netinet/ip_var.h> | ||||
#include <netinet/ip_fw.h> | #include <netinet/ip_fw.h> | ||||
#include <netinet6/ip_fw_nat64.h> | #include <netinet6/ip_fw_nat64.h> | ||||
#include <netpfil/ipfw/ip_fw_private.h> | #include <netpfil/ipfw/ip_fw_private.h> | ||||
Show All 12 Lines | nat64lsn_find(struct namedobj_instance *ni, const char *name, uint8_t set) | ||||
return (cfg); | return (cfg); | ||||
} | } | ||||
static void | static void | ||||
nat64lsn_default_config(ipfw_nat64lsn_cfg *uc) | nat64lsn_default_config(ipfw_nat64lsn_cfg *uc) | ||||
{ | { | ||||
if (uc->max_ports == 0) | |||||
uc->max_ports = NAT64LSN_MAX_PORTS; | |||||
else | |||||
uc->max_ports = roundup(uc->max_ports, NAT64_CHUNK_SIZE); | |||||
if (uc->max_ports > NAT64_CHUNK_SIZE * NAT64LSN_MAXPGPTR) | |||||
uc->max_ports = NAT64_CHUNK_SIZE * NAT64LSN_MAXPGPTR; | |||||
if (uc->jmaxlen == 0) | if (uc->jmaxlen == 0) | ||||
uc->jmaxlen = NAT64LSN_JMAXLEN; | uc->jmaxlen = NAT64LSN_JMAXLEN; | ||||
if (uc->jmaxlen > 65536) | if (uc->jmaxlen > 65536) | ||||
uc->jmaxlen = 65536; | uc->jmaxlen = 65536; | ||||
if (uc->nh_delete_delay == 0) | if (uc->nh_delete_delay == 0) | ||||
uc->nh_delete_delay = NAT64LSN_HOST_AGE; | uc->nh_delete_delay = NAT64LSN_HOST_AGE; | ||||
if (uc->pg_delete_delay == 0) | if (uc->pg_delete_delay == 0) | ||||
uc->pg_delete_delay = NAT64LSN_PG_AGE; | uc->pg_delete_delay = NAT64LSN_PG_AGE; | ||||
if (uc->st_syn_ttl == 0) | if (uc->st_syn_ttl == 0) | ||||
uc->st_syn_ttl = NAT64LSN_TCP_SYN_AGE; | uc->st_syn_ttl = NAT64LSN_TCP_SYN_AGE; | ||||
if (uc->st_close_ttl == 0) | if (uc->st_close_ttl == 0) | ||||
uc->st_close_ttl = NAT64LSN_TCP_FIN_AGE; | uc->st_close_ttl = NAT64LSN_TCP_FIN_AGE; | ||||
if (uc->st_estab_ttl == 0) | if (uc->st_estab_ttl == 0) | ||||
uc->st_estab_ttl = NAT64LSN_TCP_EST_AGE; | uc->st_estab_ttl = NAT64LSN_TCP_EST_AGE; | ||||
if (uc->st_udp_ttl == 0) | if (uc->st_udp_ttl == 0) | ||||
uc->st_udp_ttl = NAT64LSN_UDP_AGE; | uc->st_udp_ttl = NAT64LSN_UDP_AGE; | ||||
if (uc->st_icmp_ttl == 0) | if (uc->st_icmp_ttl == 0) | ||||
uc->st_icmp_ttl = NAT64LSN_ICMP_AGE; | uc->st_icmp_ttl = NAT64LSN_ICMP_AGE; | ||||
if (uc->states_chunks == 0) | |||||
uc->states_chunks = 1; | |||||
else if (uc->states_chunks >= 128) | |||||
uc->states_chunks = 128; | |||||
else if (!powerof2(uc->states_chunks)) | |||||
uc->states_chunks = 1 << fls(uc->states_chunks); | |||||
} | } | ||||
/* | /* | ||||
* Creates new nat64lsn instance. | * Creates new nat64lsn instance. | ||||
* Data layout (v0)(current): | * Data layout (v0)(current): | ||||
* Request: [ ipfw_obj_lheader ipfw_nat64lsn_cfg ] | * Request: [ ipfw_obj_lheader ipfw_nat64lsn_cfg ] | ||||
* | * | ||||
* Returns 0 on success | * Returns 0 on success | ||||
Show All 12 Lines | if (sd->valsize != sizeof(*olh) + sizeof(*uc)) | ||||
return (EINVAL); | return (EINVAL); | ||||
olh = (ipfw_obj_lheader *)sd->kbuf; | olh = (ipfw_obj_lheader *)sd->kbuf; | ||||
uc = (ipfw_nat64lsn_cfg *)(olh + 1); | uc = (ipfw_nat64lsn_cfg *)(olh + 1); | ||||
if (ipfw_check_object_name_generic(uc->name) != 0) | if (ipfw_check_object_name_generic(uc->name) != 0) | ||||
return (EINVAL); | return (EINVAL); | ||||
if (uc->agg_prefix_len > 127 || uc->set >= IPFW_MAX_SETS) | if (uc->set >= IPFW_MAX_SETS) | ||||
return (EINVAL); | return (EINVAL); | ||||
if (uc->plen4 > 32) | if (uc->plen4 > 32) | ||||
return (EINVAL); | return (EINVAL); | ||||
if (nat64_check_prefix6(&uc->prefix6, uc->plen6) != 0) | if (nat64_check_prefix6(&uc->prefix6, uc->plen6) != 0 && | ||||
!IN6_IS_ADDR_UNSPECIFIED(&uc->prefix6)) | |||||
return (EINVAL); | return (EINVAL); | ||||
/* XXX: Check prefix4 to be global */ | /* XXX: Check prefix4 to be global */ | ||||
addr4 = ntohl(uc->prefix4.s_addr); | addr4 = ntohl(uc->prefix4.s_addr); | ||||
mask4 = ~((1 << (32 - uc->plen4)) - 1); | mask4 = ~((1 << (32 - uc->plen4)) - 1); | ||||
if ((addr4 & mask4) != addr4) | if ((addr4 & mask4) != addr4) | ||||
return (EINVAL); | return (EINVAL); | ||||
if (uc->min_port == 0) | |||||
uc->min_port = NAT64_MIN_PORT; | |||||
if (uc->max_port == 0) | |||||
uc->max_port = 65535; | |||||
if (uc->min_port > uc->max_port) | |||||
return (EINVAL); | |||||
uc->min_port = roundup(uc->min_port, NAT64_CHUNK_SIZE); | |||||
uc->max_port = roundup(uc->max_port, NAT64_CHUNK_SIZE); | |||||
nat64lsn_default_config(uc); | nat64lsn_default_config(uc); | ||||
ni = CHAIN_TO_SRV(ch); | ni = CHAIN_TO_SRV(ch); | ||||
IPFW_UH_RLOCK(ch); | IPFW_UH_RLOCK(ch); | ||||
if (nat64lsn_find(ni, uc->name, uc->set) != NULL) { | if (nat64lsn_find(ni, uc->name, uc->set) != NULL) { | ||||
IPFW_UH_RUNLOCK(ch); | IPFW_UH_RUNLOCK(ch); | ||||
return (EEXIST); | return (EEXIST); | ||||
} | } | ||||
IPFW_UH_RUNLOCK(ch); | IPFW_UH_RUNLOCK(ch); | ||||
cfg = nat64lsn_init_instance(ch, 1 << (32 - uc->plen4)); | cfg = nat64lsn_init_instance(ch, addr4, uc->plen4); | ||||
strlcpy(cfg->name, uc->name, sizeof(cfg->name)); | strlcpy(cfg->name, uc->name, sizeof(cfg->name)); | ||||
cfg->no.name = cfg->name; | cfg->no.name = cfg->name; | ||||
cfg->no.etlv = IPFW_TLV_NAT64LSN_NAME; | cfg->no.etlv = IPFW_TLV_NAT64LSN_NAME; | ||||
cfg->no.set = uc->set; | cfg->no.set = uc->set; | ||||
cfg->base.prefix6 = uc->prefix6; | cfg->base.plat_prefix = uc->prefix6; | ||||
cfg->base.plen6 = uc->plen6; | cfg->base.plat_plen = uc->plen6; | ||||
cfg->base.flags = uc->flags & NAT64LSN_FLAGSMASK; | cfg->base.flags = (uc->flags & NAT64LSN_FLAGSMASK) | NAT64_PLATPFX; | ||||
if (IN6_IS_ADDR_WKPFX(&cfg->base.prefix6)) | if (IN6_IS_ADDR_WKPFX(&cfg->base.plat_prefix)) | ||||
cfg->base.flags |= NAT64_WKPFX; | cfg->base.flags |= NAT64_WKPFX; | ||||
else if (IN6_IS_ADDR_UNSPECIFIED(&cfg->base.plat_prefix)) | |||||
cfg->base.flags |= NAT64LSN_ANYPREFIX; | |||||
cfg->prefix4 = addr4; | cfg->states_chunks = uc->states_chunks; | ||||
cfg->pmask4 = addr4 | ~mask4; | |||||
cfg->plen4 = uc->plen4; | |||||
cfg->max_chunks = uc->max_ports / NAT64_CHUNK_SIZE; | |||||
cfg->agg_prefix_len = uc->agg_prefix_len; | |||||
cfg->agg_prefix_max = uc->agg_prefix_max; | |||||
cfg->min_chunk = uc->min_port / NAT64_CHUNK_SIZE; | |||||
cfg->max_chunk = uc->max_port / NAT64_CHUNK_SIZE; | |||||
cfg->jmaxlen = uc->jmaxlen; | cfg->jmaxlen = uc->jmaxlen; | ||||
cfg->nh_delete_delay = uc->nh_delete_delay; | cfg->host_delete_delay = uc->nh_delete_delay; | ||||
cfg->pg_delete_delay = uc->pg_delete_delay; | cfg->pg_delete_delay = uc->pg_delete_delay; | ||||
cfg->st_syn_ttl = uc->st_syn_ttl; | cfg->st_syn_ttl = uc->st_syn_ttl; | ||||
cfg->st_close_ttl = uc->st_close_ttl; | cfg->st_close_ttl = uc->st_close_ttl; | ||||
cfg->st_estab_ttl = uc->st_estab_ttl; | cfg->st_estab_ttl = uc->st_estab_ttl; | ||||
cfg->st_udp_ttl = uc->st_udp_ttl; | cfg->st_udp_ttl = uc->st_udp_ttl; | ||||
cfg->st_icmp_ttl = uc->st_icmp_ttl; | cfg->st_icmp_ttl = uc->st_icmp_ttl; | ||||
cfg->nomatch_verdict = IP_FW_DENY; | cfg->nomatch_verdict = IP_FW_DENY; | ||||
▲ Show 20 Lines • Show All 49 Lines • ▼ Show 20 Lines | if (sd->valsize != sizeof(*oh)) | ||||
return (EINVAL); | return (EINVAL); | ||||
oh = (ipfw_obj_header *)op3; | oh = (ipfw_obj_header *)op3; | ||||
IPFW_UH_WLOCK(ch); | IPFW_UH_WLOCK(ch); | ||||
cfg = nat64lsn_find(CHAIN_TO_SRV(ch), oh->ntlv.name, oh->ntlv.set); | cfg = nat64lsn_find(CHAIN_TO_SRV(ch), oh->ntlv.name, oh->ntlv.set); | ||||
if (cfg == NULL) { | if (cfg == NULL) { | ||||
IPFW_UH_WUNLOCK(ch); | IPFW_UH_WUNLOCK(ch); | ||||
return (ESRCH); | return (ENOENT); | ||||
} | } | ||||
if (cfg->no.refcnt > 0) { | if (cfg->no.refcnt > 0) { | ||||
IPFW_UH_WUNLOCK(ch); | IPFW_UH_WUNLOCK(ch); | ||||
return (EBUSY); | return (EBUSY); | ||||
} | } | ||||
ipfw_reset_eaction_instance(ch, V_nat64lsn_eid, cfg->no.kidx); | ipfw_reset_eaction_instance(ch, V_nat64lsn_eid, cfg->no.kidx); | ||||
SRV_OBJECT(ch, cfg->no.kidx) = NULL; | SRV_OBJECT(ch, cfg->no.kidx) = NULL; | ||||
nat64lsn_detach_config(ch, cfg); | nat64lsn_detach_config(ch, cfg); | ||||
IPFW_UH_WUNLOCK(ch); | IPFW_UH_WUNLOCK(ch); | ||||
nat64lsn_destroy_instance(cfg); | nat64lsn_destroy_instance(cfg); | ||||
return (0); | return (0); | ||||
} | } | ||||
#define __COPY_STAT_FIELD(_cfg, _stats, _field) \ | #define __COPY_STAT_FIELD(_cfg, _stats, _field) \ | ||||
(_stats)->_field = NAT64STAT_FETCH(&(_cfg)->base.stats, _field) | (_stats)->_field = NAT64STAT_FETCH(&(_cfg)->base.stats, _field) | ||||
static void | static void | ||||
export_stats(struct ip_fw_chain *ch, struct nat64lsn_cfg *cfg, | export_stats(struct ip_fw_chain *ch, struct nat64lsn_cfg *cfg, | ||||
struct ipfw_nat64lsn_stats *stats) | struct ipfw_nat64lsn_stats *stats) | ||||
{ | { | ||||
struct nat64lsn_alias *alias; | |||||
int i, j; | |||||
__COPY_STAT_FIELD(cfg, stats, opcnt64); | __COPY_STAT_FIELD(cfg, stats, opcnt64); | ||||
__COPY_STAT_FIELD(cfg, stats, opcnt46); | __COPY_STAT_FIELD(cfg, stats, opcnt46); | ||||
__COPY_STAT_FIELD(cfg, stats, ofrags); | __COPY_STAT_FIELD(cfg, stats, ofrags); | ||||
__COPY_STAT_FIELD(cfg, stats, ifrags); | __COPY_STAT_FIELD(cfg, stats, ifrags); | ||||
__COPY_STAT_FIELD(cfg, stats, oerrors); | __COPY_STAT_FIELD(cfg, stats, oerrors); | ||||
__COPY_STAT_FIELD(cfg, stats, noroute4); | __COPY_STAT_FIELD(cfg, stats, noroute4); | ||||
__COPY_STAT_FIELD(cfg, stats, noroute6); | __COPY_STAT_FIELD(cfg, stats, noroute6); | ||||
Show All 11 Lines | export_stats(struct ip_fw_chain *ch, struct nat64lsn_cfg *cfg, | ||||
__COPY_STAT_FIELD(cfg, stats, jmaxlen); | __COPY_STAT_FIELD(cfg, stats, jmaxlen); | ||||
__COPY_STAT_FIELD(cfg, stats, jnomem); | __COPY_STAT_FIELD(cfg, stats, jnomem); | ||||
__COPY_STAT_FIELD(cfg, stats, jreinjected); | __COPY_STAT_FIELD(cfg, stats, jreinjected); | ||||
__COPY_STAT_FIELD(cfg, stats, screated); | __COPY_STAT_FIELD(cfg, stats, screated); | ||||
__COPY_STAT_FIELD(cfg, stats, sdeleted); | __COPY_STAT_FIELD(cfg, stats, sdeleted); | ||||
__COPY_STAT_FIELD(cfg, stats, spgcreated); | __COPY_STAT_FIELD(cfg, stats, spgcreated); | ||||
__COPY_STAT_FIELD(cfg, stats, spgdeleted); | __COPY_STAT_FIELD(cfg, stats, spgdeleted); | ||||
stats->hostcount = cfg->ihcount; | stats->hostcount = cfg->hosts_count; | ||||
stats->tcpchunks = cfg->protochunks[NAT_PROTO_TCP]; | for (i = 0; i < (1 << (32 - cfg->plen4)); i++) { | ||||
stats->udpchunks = cfg->protochunks[NAT_PROTO_UDP]; | alias = &cfg->aliases[i]; | ||||
stats->icmpchunks = cfg->protochunks[NAT_PROTO_ICMP]; | for (j = 0; j < 32 && ISSET32(alias->tcp_chunkmask, j); j++) | ||||
stats->tcpchunks += bitcount32(alias->tcp_pgmask[j]); | |||||
for (j = 0; j < 32 && ISSET32(alias->udp_chunkmask, j); j++) | |||||
stats->udpchunks += bitcount32(alias->udp_pgmask[j]); | |||||
for (j = 0; j < 32 && ISSET32(alias->icmp_chunkmask, j); j++) | |||||
stats->icmpchunks += bitcount32(alias->icmp_pgmask[j]); | |||||
} | } | ||||
} | |||||
#undef __COPY_STAT_FIELD | #undef __COPY_STAT_FIELD | ||||
static void | static void | ||||
nat64lsn_export_config(struct ip_fw_chain *ch, struct nat64lsn_cfg *cfg, | nat64lsn_export_config(struct ip_fw_chain *ch, struct nat64lsn_cfg *cfg, | ||||
ipfw_nat64lsn_cfg *uc) | ipfw_nat64lsn_cfg *uc) | ||||
{ | { | ||||
uc->flags = cfg->base.flags & NAT64LSN_FLAGSMASK; | uc->flags = cfg->base.flags & NAT64LSN_FLAGSMASK; | ||||
uc->max_ports = cfg->max_chunks * NAT64_CHUNK_SIZE; | uc->states_chunks = cfg->states_chunks; | ||||
uc->agg_prefix_len = cfg->agg_prefix_len; | |||||
uc->agg_prefix_max = cfg->agg_prefix_max; | |||||
uc->jmaxlen = cfg->jmaxlen; | uc->jmaxlen = cfg->jmaxlen; | ||||
uc->nh_delete_delay = cfg->nh_delete_delay; | uc->nh_delete_delay = cfg->host_delete_delay; | ||||
uc->pg_delete_delay = cfg->pg_delete_delay; | uc->pg_delete_delay = cfg->pg_delete_delay; | ||||
uc->st_syn_ttl = cfg->st_syn_ttl; | uc->st_syn_ttl = cfg->st_syn_ttl; | ||||
uc->st_close_ttl = cfg->st_close_ttl; | uc->st_close_ttl = cfg->st_close_ttl; | ||||
uc->st_estab_ttl = cfg->st_estab_ttl; | uc->st_estab_ttl = cfg->st_estab_ttl; | ||||
uc->st_udp_ttl = cfg->st_udp_ttl; | uc->st_udp_ttl = cfg->st_udp_ttl; | ||||
uc->st_icmp_ttl = cfg->st_icmp_ttl; | uc->st_icmp_ttl = cfg->st_icmp_ttl; | ||||
uc->prefix4.s_addr = htonl(cfg->prefix4); | uc->prefix4.s_addr = htonl(cfg->prefix4); | ||||
uc->prefix6 = cfg->base.prefix6; | uc->prefix6 = cfg->base.plat_prefix; | ||||
uc->plen4 = cfg->plen4; | uc->plen4 = cfg->plen4; | ||||
uc->plen6 = cfg->base.plen6; | uc->plen6 = cfg->base.plat_plen; | ||||
uc->set = cfg->no.set; | uc->set = cfg->no.set; | ||||
strlcpy(uc->name, cfg->no.name, sizeof(uc->name)); | strlcpy(uc->name, cfg->no.name, sizeof(uc->name)); | ||||
} | } | ||||
struct nat64_dump_arg { | struct nat64_dump_arg { | ||||
struct ip_fw_chain *ch; | struct ip_fw_chain *ch; | ||||
struct sockopt_data *sd; | struct sockopt_data *sd; | ||||
}; | }; | ||||
▲ Show 20 Lines • Show All 81 Lines • ▼ Show 20 Lines | if (ipfw_check_object_name_generic(oh->ntlv.name) != 0 || | ||||
return (EINVAL); | return (EINVAL); | ||||
ni = CHAIN_TO_SRV(ch); | ni = CHAIN_TO_SRV(ch); | ||||
if (sd->sopt->sopt_dir == SOPT_GET) { | if (sd->sopt->sopt_dir == SOPT_GET) { | ||||
IPFW_UH_RLOCK(ch); | IPFW_UH_RLOCK(ch); | ||||
cfg = nat64lsn_find(ni, oh->ntlv.name, oh->ntlv.set); | cfg = nat64lsn_find(ni, oh->ntlv.name, oh->ntlv.set); | ||||
if (cfg == NULL) { | if (cfg == NULL) { | ||||
IPFW_UH_RUNLOCK(ch); | IPFW_UH_RUNLOCK(ch); | ||||
return (EEXIST); | return (ENOENT); | ||||
} | } | ||||
nat64lsn_export_config(ch, cfg, uc); | nat64lsn_export_config(ch, cfg, uc); | ||||
IPFW_UH_RUNLOCK(ch); | IPFW_UH_RUNLOCK(ch); | ||||
return (0); | return (0); | ||||
} | } | ||||
nat64lsn_default_config(uc); | nat64lsn_default_config(uc); | ||||
IPFW_UH_WLOCK(ch); | IPFW_UH_WLOCK(ch); | ||||
cfg = nat64lsn_find(ni, oh->ntlv.name, oh->ntlv.set); | cfg = nat64lsn_find(ni, oh->ntlv.name, oh->ntlv.set); | ||||
if (cfg == NULL) { | if (cfg == NULL) { | ||||
IPFW_UH_WUNLOCK(ch); | IPFW_UH_WUNLOCK(ch); | ||||
return (EEXIST); | return (ENOENT); | ||||
} | } | ||||
/* | /* | ||||
* For now allow to change only following values: | * For now allow to change only following values: | ||||
* jmaxlen, nh_del_age, pg_del_age, tcp_syn_age, tcp_close_age, | * jmaxlen, nh_del_age, pg_del_age, tcp_syn_age, tcp_close_age, | ||||
* tcp_est_age, udp_age, icmp_age, flags, max_ports. | * tcp_est_age, udp_age, icmp_age, flags, states_chunks. | ||||
*/ | */ | ||||
cfg->max_chunks = uc->max_ports / NAT64_CHUNK_SIZE; | cfg->states_chunks = uc->states_chunks; | ||||
cfg->jmaxlen = uc->jmaxlen; | cfg->jmaxlen = uc->jmaxlen; | ||||
cfg->nh_delete_delay = uc->nh_delete_delay; | cfg->host_delete_delay = uc->nh_delete_delay; | ||||
cfg->pg_delete_delay = uc->pg_delete_delay; | cfg->pg_delete_delay = uc->pg_delete_delay; | ||||
cfg->st_syn_ttl = uc->st_syn_ttl; | cfg->st_syn_ttl = uc->st_syn_ttl; | ||||
cfg->st_close_ttl = uc->st_close_ttl; | cfg->st_close_ttl = uc->st_close_ttl; | ||||
cfg->st_estab_ttl = uc->st_estab_ttl; | cfg->st_estab_ttl = uc->st_estab_ttl; | ||||
cfg->st_udp_ttl = uc->st_udp_ttl; | cfg->st_udp_ttl = uc->st_udp_ttl; | ||||
cfg->st_icmp_ttl = uc->st_icmp_ttl; | cfg->st_icmp_ttl = uc->st_icmp_ttl; | ||||
cfg->base.flags &= ~NAT64LSN_FLAGSMASK; | cfg->base.flags &= ~NAT64LSN_FLAGSMASK; | ||||
cfg->base.flags |= uc->flags & NAT64LSN_FLAGSMASK; | cfg->base.flags |= uc->flags & NAT64LSN_FLAGSMASK; | ||||
Show All 30 Lines | nat64lsn_stats(struct ip_fw_chain *ch, ip_fw3_opheader *op, | ||||
if (oh == NULL) | if (oh == NULL) | ||||
return (EINVAL); | return (EINVAL); | ||||
memset(&stats, 0, sizeof(stats)); | memset(&stats, 0, sizeof(stats)); | ||||
IPFW_UH_RLOCK(ch); | IPFW_UH_RLOCK(ch); | ||||
cfg = nat64lsn_find(CHAIN_TO_SRV(ch), oh->ntlv.name, oh->ntlv.set); | cfg = nat64lsn_find(CHAIN_TO_SRV(ch), oh->ntlv.name, oh->ntlv.set); | ||||
if (cfg == NULL) { | if (cfg == NULL) { | ||||
IPFW_UH_RUNLOCK(ch); | IPFW_UH_RUNLOCK(ch); | ||||
return (ESRCH); | return (ENOENT); | ||||
} | } | ||||
export_stats(ch, cfg, &stats); | export_stats(ch, cfg, &stats); | ||||
IPFW_UH_RUNLOCK(ch); | IPFW_UH_RUNLOCK(ch); | ||||
ctlv = (ipfw_obj_ctlv *)(oh + 1); | ctlv = (ipfw_obj_ctlv *)(oh + 1); | ||||
memset(ctlv, 0, sizeof(*ctlv)); | memset(ctlv, 0, sizeof(*ctlv)); | ||||
ctlv->head.type = IPFW_TLV_COUNTERS; | ctlv->head.type = IPFW_TLV_COUNTERS; | ||||
Show All 25 Lines | nat64lsn_reset_stats(struct ip_fw_chain *ch, ip_fw3_opheader *op, | ||||
if (ipfw_check_object_name_generic(oh->ntlv.name) != 0 || | if (ipfw_check_object_name_generic(oh->ntlv.name) != 0 || | ||||
oh->ntlv.set >= IPFW_MAX_SETS) | oh->ntlv.set >= IPFW_MAX_SETS) | ||||
return (EINVAL); | return (EINVAL); | ||||
IPFW_UH_WLOCK(ch); | IPFW_UH_WLOCK(ch); | ||||
cfg = nat64lsn_find(CHAIN_TO_SRV(ch), oh->ntlv.name, oh->ntlv.set); | cfg = nat64lsn_find(CHAIN_TO_SRV(ch), oh->ntlv.name, oh->ntlv.set); | ||||
if (cfg == NULL) { | if (cfg == NULL) { | ||||
IPFW_UH_WUNLOCK(ch); | IPFW_UH_WUNLOCK(ch); | ||||
return (ESRCH); | return (ENOENT); | ||||
} | } | ||||
COUNTER_ARRAY_ZERO(cfg->base.stats.cnt, NAT64STATS); | COUNTER_ARRAY_ZERO(cfg->base.stats.cnt, NAT64STATS); | ||||
IPFW_UH_WUNLOCK(ch); | IPFW_UH_WUNLOCK(ch); | ||||
return (0); | return (0); | ||||
} | } | ||||
/* | /* | ||||
* Reply: [ ipfw_obj_header ipfw_obj_data [ ipfw_nat64lsn_stg | * Reply: [ ipfw_obj_header ipfw_obj_data [ ipfw_nat64lsn_stg | ||||
* ipfw_nat64lsn_state x count, ... ] ] | * ipfw_nat64lsn_state x count, ... ] ] | ||||
*/ | */ | ||||
static int | static int | ||||
export_pg_states(struct nat64lsn_cfg *cfg, struct nat64lsn_portgroup *pg, | nat64lsn_export_states_v1(struct nat64lsn_cfg *cfg, union nat64lsn_pgidx *idx, | ||||
ipfw_nat64lsn_stg *stg, struct sockopt_data *sd) | struct nat64lsn_pg *pg, struct sockopt_data *sd, uint32_t *ret_count) | ||||
{ | { | ||||
ipfw_nat64lsn_state *ste; | ipfw_nat64lsn_state_v1 *s; | ||||
struct nat64lsn_state *st; | struct nat64lsn_state *state; | ||||
int i, count; | uint64_t mask; | ||||
uint32_t i, count; | |||||
NAT64_LOCK(pg->host); | /* validate user input */ | ||||
count = 0; | if (idx->chunk > pg->chunks_count - 1) | ||||
for (i = 0; i < 64; i++) { | return (EINVAL); | ||||
if (PG_IS_BUSY_IDX(pg, i)) | |||||
count++; | |||||
} | |||||
DPRINTF(DP_STATE, "EXPORT PG %d, count %d", pg->idx, count); | |||||
if (count == 0) { | mask = pg->chunks_count == 1 ? ~pg->freemask : | ||||
stg->count = 0; | ~pg->freemask_chunk[idx->chunk]; | ||||
NAT64_UNLOCK(pg->host); | count = bitcount64(mask); | ||||
return (0); | if (count == 0) | ||||
} | return (0); /* Try next PG/chunk */ | ||||
ste = (ipfw_nat64lsn_state *)ipfw_get_sopt_space(sd, | |||||
count * sizeof(ipfw_nat64lsn_state)); | |||||
if (ste == NULL) { | |||||
NAT64_UNLOCK(pg->host); | |||||
return (1); | |||||
} | |||||
stg->alias4.s_addr = pg->aaddr; | DPRINTF(DP_STATE, "EXPORT PG 0x%16jx, count %d", | ||||
stg->proto = nat64lsn_rproto_map[pg->nat_proto]; | (uintmax_t)idx->index, count); | ||||
stg->flags = 0; | |||||
stg->host6 = pg->host->addr; | s = (ipfw_nat64lsn_state_v1 *)ipfw_get_sopt_space(sd, | ||||
stg->count = count; | count * sizeof(ipfw_nat64lsn_state_v1)); | ||||
if (s == NULL) | |||||
return (ENOMEM); | |||||
for (i = 0; i < 64; i++) { | for (i = 0; i < 64; i++) { | ||||
if (PG_IS_FREE_IDX(pg, i)) | if (!ISSET64(mask, i)) | ||||
continue; | continue; | ||||
st = &pg->states[i]; | state = pg->chunks_count == 1 ? &pg->states->state[i] : | ||||
ste->daddr.s_addr = st->u.s.faddr; | &pg->states_chunk[idx->chunk]->state[i]; | ||||
ste->dport = st->u.s.fport; | |||||
ste->aport = pg->aport + i; | |||||
ste->sport = st->u.s.lport; | |||||
ste->flags = st->flags; /* XXX filter flags */ | |||||
ste->idle = GET_AGE(st->timestamp); | |||||
ste++; | |||||
} | |||||
NAT64_UNLOCK(pg->host); | |||||
s->host6 = state->host->addr; | |||||
s->daddr.s_addr = htonl(state->ip_dst); | |||||
s->dport = state->dport; | |||||
s->sport = state->sport; | |||||
s->aport = state->aport; | |||||
s->flags = (uint8_t)(state->flags & 7); | |||||
s->proto = state->proto; | |||||
s->idle = GET_AGE(state->timestamp); | |||||
s++; | |||||
} | |||||
*ret_count = count; | |||||
return (0); | return (0); | ||||
} | } | ||||
#define LAST_IDX 0xFF | |||||
static int | static int | ||||
get_next_idx(struct nat64lsn_cfg *cfg, uint32_t *addr, uint8_t *nat_proto, | nat64lsn_next_pgidx(struct nat64lsn_cfg *cfg, struct nat64lsn_pg *pg, | ||||
uint16_t *port) | union nat64lsn_pgidx *idx) | ||||
{ | { | ||||
if (*port < 65536 - NAT64_CHUNK_SIZE) { | /* First iterate over chunks */ | ||||
*port += NAT64_CHUNK_SIZE; | if (pg != NULL) { | ||||
if (idx->chunk < pg->chunks_count - 1) { | |||||
idx->chunk++; | |||||
return (0); | return (0); | ||||
} | } | ||||
*port = 0; | } | ||||
idx->chunk = 0; | |||||
if (*nat_proto < NAT_MAX_PROTO - 1) { | /* Then over PGs */ | ||||
*nat_proto += 1; | if (idx->port < UINT16_MAX - 64) { | ||||
idx->port += 64; | |||||
return (0); | return (0); | ||||
} | } | ||||
*nat_proto = 1; | idx->port = NAT64_MIN_PORT; | ||||
/* Then over supported protocols */ | |||||
if (*addr < cfg->pmask4) { | switch (idx->proto) { | ||||
*addr += 1; | case IPPROTO_ICMP: | ||||
idx->proto = IPPROTO_TCP; | |||||
return (0); | return (0); | ||||
case IPPROTO_TCP: | |||||
idx->proto = IPPROTO_UDP; | |||||
return (0); | |||||
default: | |||||
idx->proto = IPPROTO_ICMP; | |||||
} | } | ||||
/* And then over IPv4 alias addresses */ | |||||
/* End of space. */ | if (idx->addr < cfg->pmask4) { | ||||
return (1); | idx->addr++; | ||||
return (1); /* New states group is needed */ | |||||
} | } | ||||
idx->index = LAST_IDX; | |||||
return (-1); /* No more states */ | |||||
} | |||||
#define PACK_IDX(addr, proto, port) \ | static struct nat64lsn_pg* | ||||
((uint64_t)addr << 32) | ((uint32_t)port << 16) | (proto << 8) | nat64lsn_get_pg_byidx(struct nat64lsn_cfg *cfg, union nat64lsn_pgidx *idx) | ||||
#define UNPACK_IDX(idx, addr, proto, port) \ | |||||
(addr) = (uint32_t)((idx) >> 32); \ | |||||
(port) = (uint16_t)(((idx) >> 16) & 0xFFFF); \ | |||||
(proto) = (uint8_t)(((idx) >> 8) & 0xFF) | |||||
static struct nat64lsn_portgroup * | |||||
get_next_pg(struct nat64lsn_cfg *cfg, uint32_t *addr, uint8_t *nat_proto, | |||||
uint16_t *port) | |||||
{ | { | ||||
struct nat64lsn_portgroup *pg; | struct nat64lsn_alias *alias; | ||||
uint64_t pre_pack, post_pack; | int pg_idx; | ||||
pg = NULL; | alias = &cfg->aliases[idx->addr & ((1 << (32 - cfg->plen4)) - 1)]; | ||||
pre_pack = PACK_IDX(*addr, *nat_proto, *port); | MPASS(alias->addr == idx->addr); | ||||
for (;;) { | |||||
if (get_next_idx(cfg, addr, nat_proto, port) != 0) { | |||||
/* End of states */ | |||||
return (pg); | |||||
} | |||||
pg = GET_PORTGROUP(cfg, *addr, *nat_proto, *port); | pg_idx = (idx->port - NAT64_MIN_PORT) / 64; | ||||
if (pg != NULL) | switch (idx->proto) { | ||||
case IPPROTO_ICMP: | |||||
if (ISSET32(alias->icmp_pgmask[pg_idx / 32], pg_idx % 32)) | |||||
return (alias->icmp[pg_idx / 32]->pgptr[pg_idx % 32]); | |||||
break; | break; | ||||
case IPPROTO_TCP: | |||||
if (ISSET32(alias->tcp_pgmask[pg_idx / 32], pg_idx % 32)) | |||||
return (alias->tcp[pg_idx / 32]->pgptr[pg_idx % 32]); | |||||
break; | |||||
case IPPROTO_UDP: | |||||
if (ISSET32(alias->udp_pgmask[pg_idx / 32], pg_idx % 32)) | |||||
return (alias->udp[pg_idx / 32]->pgptr[pg_idx % 32]); | |||||
break; | |||||
} | } | ||||
return (NULL); | |||||
post_pack = PACK_IDX(*addr, *nat_proto, *port); | |||||
if (pre_pack == post_pack) | |||||
DPRINTF(DP_STATE, "XXX: PACK_IDX %u %d %d", | |||||
*addr, *nat_proto, *port); | |||||
return (pg); | |||||
} | } | ||||
static NAT64NOINLINE struct nat64lsn_portgroup * | /* | ||||
get_first_pg(struct nat64lsn_cfg *cfg, uint32_t *addr, uint8_t *nat_proto, | * Lists nat64lsn states. | ||||
uint16_t *port) | * Data layout (v0): | ||||
* Request: [ ipfw_obj_header ipfw_obj_data [ uint64_t ]] | |||||
* Reply: [ ipfw_obj_header ipfw_obj_data [ | |||||
* ipfw_nat64lsn_stg ipfw_nat64lsn_state x N] ] | |||||
* | |||||
* Returns 0 on success | |||||
*/ | |||||
static int | |||||
nat64lsn_states_v0(struct ip_fw_chain *ch, ip_fw3_opheader *op3, | |||||
struct sockopt_data *sd) | |||||
{ | { | ||||
struct nat64lsn_portgroup *pg; | |||||
pg = GET_PORTGROUP(cfg, *addr, *nat_proto, *port); | /* TODO: implement states listing for old ipfw(8) binaries */ | ||||
if (pg == NULL) | return (EOPNOTSUPP); | ||||
pg = get_next_pg(cfg, addr, nat_proto, port); | |||||
return (pg); | |||||
} | } | ||||
/* | /* | ||||
* Lists nat64lsn states. | * Lists nat64lsn states. | ||||
* Data layout (v0)(current): | * Data layout (v1)(current): | ||||
* Request: [ ipfw_obj_header ipfw_obj_data [ uint64_t ]] | * Request: [ ipfw_obj_header ipfw_obj_data [ uint64_t ]] | ||||
* Reply: [ ipfw_obj_header ipfw_obj_data [ | * Reply: [ ipfw_obj_header ipfw_obj_data [ | ||||
* ipfw_nat64lsn_stg ipfw_nat64lsn_state x N] ] | * ipfw_nat64lsn_stg_v1 ipfw_nat64lsn_state_v1 x N] ] | ||||
* | * | ||||
* Returns 0 on success | * Returns 0 on success | ||||
*/ | */ | ||||
static int | static int | ||||
nat64lsn_states(struct ip_fw_chain *ch, ip_fw3_opheader *op3, | nat64lsn_states_v1(struct ip_fw_chain *ch, ip_fw3_opheader *op3, | ||||
struct sockopt_data *sd) | struct sockopt_data *sd) | ||||
{ | { | ||||
ipfw_obj_header *oh; | ipfw_obj_header *oh; | ||||
ipfw_obj_data *od; | ipfw_obj_data *od; | ||||
ipfw_nat64lsn_stg *stg; | ipfw_nat64lsn_stg_v1 *stg; | ||||
struct nat64lsn_cfg *cfg; | struct nat64lsn_cfg *cfg; | ||||
struct nat64lsn_portgroup *pg, *pg_next; | struct nat64lsn_pg *pg; | ||||
uint64_t next_idx; | union nat64lsn_pgidx idx; | ||||
size_t sz; | size_t sz; | ||||
uint32_t addr, states; | uint32_t count, total; | ||||
uint16_t port; | int ret; | ||||
uint8_t nat_proto; | |||||
sz = sizeof(ipfw_obj_header) + sizeof(ipfw_obj_data) + | sz = sizeof(ipfw_obj_header) + sizeof(ipfw_obj_data) + | ||||
sizeof(uint64_t); | sizeof(uint64_t); | ||||
/* Check minimum header size */ | /* Check minimum header size */ | ||||
if (sd->valsize < sz) | if (sd->valsize < sz) | ||||
return (EINVAL); | return (EINVAL); | ||||
oh = (ipfw_obj_header *)sd->kbuf; | oh = (ipfw_obj_header *)sd->kbuf; | ||||
od = (ipfw_obj_data *)(oh + 1); | od = (ipfw_obj_data *)(oh + 1); | ||||
if (od->head.type != IPFW_TLV_OBJDATA || | if (od->head.type != IPFW_TLV_OBJDATA || | ||||
od->head.length != sz - sizeof(ipfw_obj_header)) | od->head.length != sz - sizeof(ipfw_obj_header)) | ||||
return (EINVAL); | return (EINVAL); | ||||
next_idx = *(uint64_t *)(od + 1); | idx.index = *(uint64_t *)(od + 1); | ||||
/* Translate index to the request position to start from */ | if (idx.index != 0 && idx.proto != IPPROTO_ICMP && | ||||
UNPACK_IDX(next_idx, addr, nat_proto, port); | idx.proto != IPPROTO_TCP && idx.proto != IPPROTO_UDP) | ||||
if (nat_proto >= NAT_MAX_PROTO) | |||||
return (EINVAL); | return (EINVAL); | ||||
if (nat_proto == 0 && addr != 0) | if (idx.index == LAST_IDX) | ||||
return (EINVAL); | return (EINVAL); | ||||
IPFW_UH_RLOCK(ch); | IPFW_UH_RLOCK(ch); | ||||
cfg = nat64lsn_find(CHAIN_TO_SRV(ch), oh->ntlv.name, oh->ntlv.set); | cfg = nat64lsn_find(CHAIN_TO_SRV(ch), oh->ntlv.name, oh->ntlv.set); | ||||
if (cfg == NULL) { | if (cfg == NULL) { | ||||
IPFW_UH_RUNLOCK(ch); | IPFW_UH_RUNLOCK(ch); | ||||
return (ESRCH); | return (ENOENT); | ||||
} | } | ||||
/* Fill in starting point */ | if (idx.index == 0) { /* Fill in starting point */ | ||||
if (addr == 0) { | idx.addr = cfg->prefix4; | ||||
addr = cfg->prefix4; | idx.proto = IPPROTO_ICMP; | ||||
nat_proto = 1; | idx.port = NAT64_MIN_PORT; | ||||
port = 0; | |||||
} | } | ||||
if (addr < cfg->prefix4 || addr > cfg->pmask4) { | if (idx.addr < cfg->prefix4 || idx.addr > cfg->pmask4 || | ||||
idx.port < NAT64_MIN_PORT) { | |||||
IPFW_UH_RUNLOCK(ch); | IPFW_UH_RUNLOCK(ch); | ||||
DPRINTF(DP_GENERIC | DP_STATE, "XXX: %ju %u %u", | |||||
(uintmax_t)next_idx, addr, cfg->pmask4); | |||||
return (EINVAL); | return (EINVAL); | ||||
} | } | ||||
sz = sizeof(ipfw_obj_header) + sizeof(ipfw_obj_data) + | sz = sizeof(ipfw_obj_header) + sizeof(ipfw_obj_data) + | ||||
sizeof(ipfw_nat64lsn_stg); | sizeof(ipfw_nat64lsn_stg_v1); | ||||
if (sd->valsize < sz) | if (sd->valsize < sz) { | ||||
IPFW_UH_RUNLOCK(ch); | |||||
return (ENOMEM); | return (ENOMEM); | ||||
} | |||||
oh = (ipfw_obj_header *)ipfw_get_sopt_space(sd, sz); | oh = (ipfw_obj_header *)ipfw_get_sopt_space(sd, sz); | ||||
od = (ipfw_obj_data *)(oh + 1); | od = (ipfw_obj_data *)(oh + 1); | ||||
od->head.type = IPFW_TLV_OBJDATA; | od->head.type = IPFW_TLV_OBJDATA; | ||||
od->head.length = sz - sizeof(ipfw_obj_header); | od->head.length = sz - sizeof(ipfw_obj_header); | ||||
stg = (ipfw_nat64lsn_stg *)(od + 1); | stg = (ipfw_nat64lsn_stg_v1 *)(od + 1); | ||||
stg->count = total = 0; | |||||
pg = get_first_pg(cfg, &addr, &nat_proto, &port); | stg->next.index = idx.index; | ||||
if (pg == NULL) { | /* | ||||
/* No states */ | * Acquire CALLOUT_LOCK to avoid races with expiration code. | ||||
stg->next_idx = 0xFF; | * Thus states, hosts and PGs will not expire while we hold it. | ||||
stg->count = 0; | */ | ||||
IPFW_UH_RUNLOCK(ch); | CALLOUT_LOCK(cfg); | ||||
return (0); | ret = 0; | ||||
do { | |||||
pg = nat64lsn_get_pg_byidx(cfg, &idx); | |||||
if (pg != NULL) { | |||||
count = 0; | |||||
ret = nat64lsn_export_states_v1(cfg, &idx, pg, | |||||
sd, &count); | |||||
if (ret != 0) | |||||
break; | |||||
if (count > 0) { | |||||
stg->count += count; | |||||
total += count; | |||||
/* Update total size of reply */ | |||||
od->head.length += | |||||
count * sizeof(ipfw_nat64lsn_state_v1); | |||||
sz += count * sizeof(ipfw_nat64lsn_state_v1); | |||||
} | } | ||||
states = 0; | stg->alias4.s_addr = htonl(idx.addr); | ||||
pg_next = NULL; | |||||
while (pg != NULL) { | |||||
pg_next = get_next_pg(cfg, &addr, &nat_proto, &port); | |||||
if (pg_next == NULL) | |||||
stg->next_idx = 0xFF; | |||||
else | |||||
stg->next_idx = PACK_IDX(addr, nat_proto, port); | |||||
if (export_pg_states(cfg, pg, stg, sd) != 0) { | |||||
IPFW_UH_RUNLOCK(ch); | |||||
return (states == 0 ? ENOMEM: 0); | |||||
} | } | ||||
states += stg->count; | /* Determine new index */ | ||||
od->head.length += stg->count * sizeof(ipfw_nat64lsn_state); | switch (nat64lsn_next_pgidx(cfg, pg, &idx)) { | ||||
sz += stg->count * sizeof(ipfw_nat64lsn_state); | case -1: | ||||
if (pg_next != NULL) { | ret = ENOENT; /* End of search */ | ||||
sz += sizeof(ipfw_nat64lsn_stg); | |||||
if (sd->valsize < sz) | |||||
break; | break; | ||||
stg = (ipfw_nat64lsn_stg *)ipfw_get_sopt_space(sd, | case 1: /* | ||||
sizeof(ipfw_nat64lsn_stg)); | * Next alias address, new group may be needed. | ||||
* If states count is zero, use this group. | |||||
*/ | |||||
if (stg->count == 0) | |||||
continue; | |||||
/* Otherwise try to create new group */ | |||||
sz += sizeof(ipfw_nat64lsn_stg_v1); | |||||
if (sd->valsize < sz) { | |||||
ret = ENOMEM; | |||||
break; | |||||
} | } | ||||
pg = pg_next; | /* Save next index in current group */ | ||||
stg->next.index = idx.index; | |||||
stg = (ipfw_nat64lsn_stg_v1 *)ipfw_get_sopt_space(sd, | |||||
sizeof(ipfw_nat64lsn_stg_v1)); | |||||
od->head.length += sizeof(ipfw_nat64lsn_stg_v1); | |||||
stg->count = 0; | |||||
break; | |||||
} | } | ||||
stg->next.index = idx.index; | |||||
} while (ret == 0); | |||||
CALLOUT_UNLOCK(cfg); | |||||
IPFW_UH_RUNLOCK(ch); | IPFW_UH_RUNLOCK(ch); | ||||
return (0); | return ((total > 0 || idx.index == LAST_IDX) ? 0: ret); | ||||
} | } | ||||
static struct ipfw_sopt_handler scodes[] = { | static struct ipfw_sopt_handler scodes[] = { | ||||
{ IP_FW_NAT64LSN_CREATE, 0, HDIR_BOTH, nat64lsn_create }, | { IP_FW_NAT64LSN_CREATE, 0, HDIR_BOTH, nat64lsn_create }, | ||||
{ IP_FW_NAT64LSN_DESTROY,0, HDIR_SET, nat64lsn_destroy }, | { IP_FW_NAT64LSN_DESTROY,0, HDIR_SET, nat64lsn_destroy }, | ||||
{ IP_FW_NAT64LSN_CONFIG, 0, HDIR_BOTH, nat64lsn_config }, | { IP_FW_NAT64LSN_CONFIG, 0, HDIR_BOTH, nat64lsn_config }, | ||||
{ IP_FW_NAT64LSN_LIST, 0, HDIR_GET, nat64lsn_list }, | { IP_FW_NAT64LSN_LIST, 0, HDIR_GET, nat64lsn_list }, | ||||
{ IP_FW_NAT64LSN_STATS, 0, HDIR_GET, nat64lsn_stats }, | { IP_FW_NAT64LSN_STATS, 0, HDIR_GET, nat64lsn_stats }, | ||||
{ IP_FW_NAT64LSN_RESET_STATS,0, HDIR_SET, nat64lsn_reset_stats }, | { IP_FW_NAT64LSN_RESET_STATS,0, HDIR_SET, nat64lsn_reset_stats }, | ||||
{ IP_FW_NAT64LSN_LIST_STATES,0, HDIR_GET, nat64lsn_states }, | { IP_FW_NAT64LSN_LIST_STATES,0, HDIR_GET, nat64lsn_states_v0 }, | ||||
{ IP_FW_NAT64LSN_LIST_STATES,1, HDIR_GET, nat64lsn_states_v1 }, | |||||
}; | }; | ||||
static int | static int | ||||
nat64lsn_classify(ipfw_insn *cmd, uint16_t *puidx, uint8_t *ptype) | nat64lsn_classify(ipfw_insn *cmd, uint16_t *puidx, uint8_t *ptype) | ||||
{ | { | ||||
ipfw_insn *icmd; | ipfw_insn *icmd; | ||||
icmd = cmd - 1; | icmd = cmd - 1; | ||||
▲ Show 20 Lines • Show All 114 Lines • Show Last 20 Lines |