[mirror_ovs.git] / datapath-windows / ovsext / Conntrack.h

/*
 * Copyright (c) 2015, 2016 VMware, Inc.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at:
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

#ifndef __OVS_CONNTRACK_H_
#define __OVS_CONNTRACK_H_ 1

#include "precomp.h"
#include "Actions.h"
#include "Debug.h"
#include "Flow.h"
#include "Actions.h"
#include <stddef.h>

#ifdef OVS_DBG_MOD
#undef OVS_DBG_MOD
#endif
#define OVS_DBG_MOD OVS_DBG_CONTRK

struct ct_addr {
    union {
        ovs_be32 ipv4;
        struct in6_addr ipv6;
        uint32_t ipv4_aligned;
        struct in6_addr ipv6_aligned;
    };
};

struct ct_endpoint {
    struct ct_addr addr;
    union {
        ovs_be16 port;
        struct {
            ovs_be16 icmp_id;
            uint8_t icmp_type;
            uint8_t icmp_code;
        };
    };
    UINT16 pad;
};

typedef enum CT_UPDATE_RES {
    CT_UPDATE_INVALID,
    CT_UPDATE_VALID,
    CT_UPDATE_NEW,
} CT_UPDATE_RES;

/* Metadata mark for masked write to conntrack mark */
typedef struct MD_MARK {
    UINT32 value;
    UINT32 mask;
} MD_MARK;

/* Metadata label for masked write to conntrack label. */
typedef struct MD_LABELS {
    struct ovs_key_ct_labels value;
    struct ovs_key_ct_labels mask;
} MD_LABELS;

typedef enum NAT_ACTION {
    NAT_ACTION_NONE = 0,
    NAT_ACTION_REVERSE = 1 << 0,
    NAT_ACTION_SRC = 1 << 1,
    NAT_ACTION_SRC_PORT = 1 << 2,
    NAT_ACTION_DST = 1 << 3,
    NAT_ACTION_DST_PORT = 1 << 4,
};

typedef struct _OVS_CT_KEY {
    struct ct_endpoint src;
    struct ct_endpoint dst;
    UINT16 dl_type;
    UINT8 nw_proto;
    UINT16 zone;
    UINT64 packetCount;
    UINT64 byteCount;
} OVS_CT_KEY, *POVS_CT_KEY;

typedef struct _NAT_ACTION_INFO {
    struct ct_addr minAddr;
    struct ct_addr maxAddr;
    uint16_t minPort;
    uint16_t maxPort;
    uint16_t natAction;
} NAT_ACTION_INFO, *PNAT_ACTION_INFO;

typedef struct OVS_CT_ENTRY {
    OVS_CT_KEY  key;
    OVS_CT_KEY  rev_key;
    UINT64      expiration;
    LIST_ENTRY  link;
    UINT32      mark;
    UINT64      timestampStart;
    struct ovs_key_ct_labels labels;
    NAT_ACTION_INFO natInfo;
    PVOID       parent; /* Points to main connection */
} OVS_CT_ENTRY, *POVS_CT_ENTRY;

typedef struct OVS_CT_REL_ENTRY {
    OVS_CT_KEY      key;
    POVS_CT_ENTRY   parent;
    UINT64          expiration;
    LIST_ENTRY      link;
} OVS_CT_REL_ENTRY, *POVS_CT_REL_ENTRY;

typedef struct _OVS_CT_THREAD_CTX {
    KEVENT      event;
    PVOID       threadObject;
    UINT32      exit;
} OVS_CT_THREAD_CTX, *POVS_CT_THREAD_CTX;

typedef struct OvsConntrackKeyLookupCtx {
    OVS_CT_KEY      key;
    POVS_CT_ENTRY   entry;
    UINT32          hash;
    BOOLEAN         reply;
    BOOLEAN         related;
} OvsConntrackKeyLookupCtx;

#define CT_HASH_TABLE_SIZE ((UINT32)1 << 10)
#define CT_HASH_TABLE_MASK (CT_HASH_TABLE_SIZE - 1)
#define CT_INTERVAL_SEC 10000000LL //1s
#define CT_ENTRY_TIMEOUT (2 * 60 * CT_INTERVAL_SEC)   // 2m
#define CT_CLEANUP_INTERVAL (2 * 60 * CT_INTERVAL_SEC) // 2m


/* Given POINTER, the address of the given MEMBER in a STRUCT object, returns
   the STRUCT object. */
#define CONTAINER_OF(POINTER, STRUCT, MEMBER)                           \
        ((STRUCT *) (void *) ((char *) (POINTER) - \
         offsetof (STRUCT, MEMBER)))

static __inline void
OvsConntrackUpdateExpiration(OVS_CT_ENTRY *ctEntry,
                             long long now,
                             long long interval)
{
    ctEntry->expiration = now + interval;
}

static __inline UINT32
OvsGetTcpPayloadLength(PNET_BUFFER_LIST nbl)
{
    IPHdr *ipHdr;
    char *ipBuf[sizeof(IPHdr)];
    PNET_BUFFER curNb;
    curNb = NET_BUFFER_LIST_FIRST_NB(nbl);
    UINT32 hdrLen = sizeof(EthHdr);
    NdisAdvanceNetBufferDataStart(curNb, hdrLen, FALSE, NULL);
    ipHdr = NdisGetDataBuffer(curNb, sizeof *ipHdr, (PVOID) &ipBuf,
                              1 /*no align*/, 0);
    if (ipHdr == NULL) {
        NdisRetreatNetBufferDataStart(curNb, hdrLen, 0, NULL);
        return 0;
    }

    TCPHdr *tcp = (TCPHdr *)((PCHAR)ipHdr + ipHdr->ihl * 4);
    NdisRetreatNetBufferDataStart(curNb, hdrLen, 0, NULL);

    return (ntohs(ipHdr->tot_len) - (ipHdr->ihl * 4) - (TCP_HDR_LEN(tcp)));
}

VOID OvsCleanupConntrack(VOID);
NTSTATUS OvsInitConntrack(POVS_SWITCH_CONTEXT context);

NDIS_STATUS OvsExecuteConntrackAction(OvsForwardingContext *fwdCtx,
                                      OvsFlowKey *key,
                                      const PNL_ATTR a);
BOOLEAN OvsConntrackValidateTcpPacket(const TCPHdr *tcp);
BOOLEAN OvsConntrackValidateIcmpPacket(const ICMPHdr *icmp);
OVS_CT_ENTRY * OvsConntrackCreateTcpEntry(const TCPHdr *tcp,
                                          PNET_BUFFER_LIST nbl,
                                          UINT64 now);
NDIS_STATUS OvsCtMapTcpProtoInfoToNl(PNL_BUFFER nlBuf,
                                     OVS_CT_ENTRY *conn_);
OVS_CT_ENTRY * OvsConntrackCreateOtherEntry(UINT64 now);
OVS_CT_ENTRY * OvsConntrackCreateIcmpEntry(UINT64 now);
enum CT_UPDATE_RES OvsConntrackUpdateTcpEntry(OVS_CT_ENTRY* conn_,
                                              const TCPHdr *tcp,
                                              PNET_BUFFER_LIST nbl,
                                              BOOLEAN reply,
                                              UINT64 now);
enum CT_UPDATE_RES OvsConntrackUpdateOtherEntry(OVS_CT_ENTRY *conn_,
                                                BOOLEAN reply,
                                                UINT64 now);
enum CT_UPDATE_RES OvsConntrackUpdateIcmpEntry(OVS_CT_ENTRY* conn_,
                                               BOOLEAN reply,
                                               UINT64 now);
NTSTATUS OvsCreateNlMsgFromCtEntry(POVS_CT_ENTRY entry,
                                   PVOID outBuffer,
                                   UINT32 outBufLen,
                                   UINT8 eventType,
                                   UINT32 nlmsgSeq,
                                   UINT32 nlmsgPid,
                                   UINT8 nfGenVersion,
                                   UINT32 dpIfIndex);

/* Tracking related connections */
NTSTATUS OvsInitCtRelated(POVS_SWITCH_CONTEXT context);
VOID OvsCleanupCtRelated(VOID);
NDIS_STATUS OvsCtRelatedEntryCreate(UINT8 ipProto,
                                    UINT16 dl_type,
                                    UINT32 serverIp,
                                    UINT32 clientIp,
                                    UINT16 serverPort,
                                    UINT16 clientPort,
                                    UINT64 currentTime,
                                    POVS_CT_ENTRY parent);
POVS_CT_ENTRY OvsCtRelatedLookup(OVS_CT_KEY key, UINT64 currentTime);

NDIS_STATUS OvsCtHandleFtp(PNET_BUFFER_LIST curNbl,
                           OvsFlowKey *key,
                           OVS_PACKET_HDR_INFO *layers,
                           UINT64 currentTime,
                           POVS_CT_ENTRY entry,
                           BOOLEAN request);

UINT32 OvsHashCtKey(const OVS_CT_KEY *key);
BOOLEAN OvsCtKeyAreSame(OVS_CT_KEY ctxKey, OVS_CT_KEY entryKey);
POVS_CT_ENTRY OvsCtLookup(OvsConntrackKeyLookupCtx *ctx);


#endif /* __OVS_CONNTRACK_H_ */
Commit	Line	Data
792d377d SV	1	/*
	2	* Copyright (c) 2015, 2016 VMware, Inc.
	3	*
	4	* Licensed under the Apache License, Version 2.0 (the "License");
	5	* you may not use this file except in compliance with the License.
	6	* You may obtain a copy of the License at:
	7	*
	8	* http://www.apache.org/licenses/LICENSE-2.0
	9	*
	10	* Unless required by applicable law or agreed to in writing, software
	11	* distributed under the License is distributed on an "AS IS" BASIS,
	12	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	13	* See the License for the specific language governing permissions and
	14	* limitations under the License.
	15	*/
	16
	17	#ifndef __OVS_CONNTRACK_H_
	18	#define __OVS_CONNTRACK_H_ 1
	19
	20	#include "precomp.h"
b7a6b3a7	21	#include "Actions.h"
5e422c9e	22	#include "Debug.h"
b7a6b3a7	23	#include "Flow.h"
ae584afe	24	#include "Actions.h"
5e422c9e SV	25	#include <stddef.h>
	26
	27	#ifdef OVS_DBG_MOD
	28	#undef OVS_DBG_MOD
	29	#endif
	30	#define OVS_DBG_MOD OVS_DBG_CONTRK
792d377d SV	31
	32	struct ct_addr {
	33	union {
	34	ovs_be32 ipv4;
	35	struct in6_addr ipv6;
	36	uint32_t ipv4_aligned;
	37	struct in6_addr ipv6_aligned;
	38	};
	39	};
	40
	41	struct ct_endpoint {
	42	struct ct_addr addr;
6e83dfd9 SV	43	union {
	44	ovs_be16 port;
	45	struct {
	46	ovs_be16 icmp_id;
	47	uint8_t icmp_type;
	48	uint8_t icmp_code;
	49	};
	50	};
792d377d SV	51	UINT16 pad;
	52	};
	53
	54	typedef enum CT_UPDATE_RES {
	55	CT_UPDATE_INVALID,
	56	CT_UPDATE_VALID,
	57	CT_UPDATE_NEW,
	58	} CT_UPDATE_RES;
	59
	60	/* Metadata mark for masked write to conntrack mark */
	61	typedef struct MD_MARK {
	62	UINT32 value;
	63	UINT32 mask;
	64	} MD_MARK;
	65
	66	/* Metadata label for masked write to conntrack label. */
	67	typedef struct MD_LABELS {
	68	struct ovs_key_ct_labels value;
	69	struct ovs_key_ct_labels mask;
	70	} MD_LABELS;
	71
1ef6b404 AK	72	typedef enum NAT_ACTION {
	73	NAT_ACTION_NONE = 0,
	74	NAT_ACTION_REVERSE = 1 << 0,
	75	NAT_ACTION_SRC = 1 << 1,
	76	NAT_ACTION_SRC_PORT = 1 << 2,
	77	NAT_ACTION_DST = 1 << 3,
	78	NAT_ACTION_DST_PORT = 1 << 4,
	79	};
	80
792d377d SV	81	typedef struct _OVS_CT_KEY {
	82	struct ct_endpoint src;
	83	struct ct_endpoint dst;
	84	UINT16 dl_type;
	85	UINT8 nw_proto;
	86	UINT16 zone;
b50d56a7 SV	87	UINT64 packetCount;
b50d56a7 SV	88	UINT64 byteCount;
792d377d SV	89	} OVS_CT_KEY, *POVS_CT_KEY;
792d377d SV	90
b7a6b3a7 YL	91	typedef struct _NAT_ACTION_INFO {
	92	struct ct_addr minAddr;
	93	struct ct_addr maxAddr;
	94	uint16_t minPort;
	95	uint16_t maxPort;
	96	uint16_t natAction;
	97	} NAT_ACTION_INFO, *PNAT_ACTION_INFO;
	98
792d377d SV	99	typedef struct OVS_CT_ENTRY {
	100	OVS_CT_KEY key;
	101	OVS_CT_KEY rev_key;
	102	UINT64 expiration;
	103	LIST_ENTRY link;
	104	UINT32 mark;
b50d56a7	105	UINT64 timestampStart;
792d377d	106	struct ovs_key_ct_labels labels;
b7a6b3a7	107	NAT_ACTION_INFO natInfo;
e68988b8	108	PVOID parent; /* Points to main connection */
792d377d SV	109	} OVS_CT_ENTRY, *POVS_CT_ENTRY;
792d377d SV	110
5e422c9e SV	111	typedef struct OVS_CT_REL_ENTRY {
	112	OVS_CT_KEY key;
	113	POVS_CT_ENTRY parent;
	114	UINT64 expiration;
	115	LIST_ENTRY link;
	116	} OVS_CT_REL_ENTRY, *POVS_CT_REL_ENTRY;
	117
	118	typedef struct _OVS_CT_THREAD_CTX {
	119	KEVENT event;
	120	PVOID threadObject;
	121	UINT32 exit;
	122	} OVS_CT_THREAD_CTX, *POVS_CT_THREAD_CTX;
	123
792d377d SV	124	typedef struct OvsConntrackKeyLookupCtx {
	125	OVS_CT_KEY key;
	126	POVS_CT_ENTRY entry;
	127	UINT32 hash;
	128	BOOLEAN reply;
	129	BOOLEAN related;
	130	} OvsConntrackKeyLookupCtx;
	131
	132	#define CT_HASH_TABLE_SIZE ((UINT32)1 << 10)
	133	#define CT_HASH_TABLE_MASK (CT_HASH_TABLE_SIZE - 1)
5b37c6ae SV	134	#define CT_INTERVAL_SEC 10000000LL //1s
	135	#define CT_ENTRY_TIMEOUT (2 * 60 * CT_INTERVAL_SEC) // 2m
	136	#define CT_CLEANUP_INTERVAL (2 * 60 * CT_INTERVAL_SEC) // 2m
	137
	138
f6d375ea SV	139	/* Given POINTER, the address of the given MEMBER in a STRUCT object, returns
	140	the STRUCT object. */
	141	#define CONTAINER_OF(POINTER, STRUCT, MEMBER) \
	142	((STRUCT ) (void ) ((char *) (POINTER) - \
	143	offsetof (STRUCT, MEMBER)))
792d377d	144
6e83dfd9 SV	145	static __inline void
	146	OvsConntrackUpdateExpiration(OVS_CT_ENTRY *ctEntry,
	147	long long now,
	148	long long interval)
	149	{
	150	ctEntry->expiration = now + interval;
	151	}
	152
680f666f SV	153	static __inline UINT32
	154	OvsGetTcpPayloadLength(PNET_BUFFER_LIST nbl)
	155	{
	156	IPHdr *ipHdr;
	157	char *ipBuf[sizeof(IPHdr)];
	158	PNET_BUFFER curNb;
	159	curNb = NET_BUFFER_LIST_FIRST_NB(nbl);
	160	UINT32 hdrLen = sizeof(EthHdr);
	161	NdisAdvanceNetBufferDataStart(curNb, hdrLen, FALSE, NULL);
	162	ipHdr = NdisGetDataBuffer(curNb, sizeof *ipHdr, (PVOID) &ipBuf,
	163	1 /no align/, 0);
	164	if (ipHdr == NULL) {
	165	NdisRetreatNetBufferDataStart(curNb, hdrLen, 0, NULL);
	166	return 0;
	167	}
	168
	169	TCPHdr tcp = (TCPHdr )((PCHAR)ipHdr + ipHdr->ihl * 4);
	170	NdisRetreatNetBufferDataStart(curNb, hdrLen, 0, NULL);
	171
	172	return (ntohs(ipHdr->tot_len) - (ipHdr->ihl * 4) - (TCP_HDR_LEN(tcp)));
	173	}
	174
792d377d SV	175	VOID OvsCleanupConntrack(VOID);
	176	NTSTATUS OvsInitConntrack(POVS_SWITCH_CONTEXT context);
	177
ae584afe	178	NDIS_STATUS OvsExecuteConntrackAction(OvsForwardingContext *fwdCtx,
792d377d SV	179	OvsFlowKey *key,
	180	const PNL_ATTR a);
	181	BOOLEAN OvsConntrackValidateTcpPacket(const TCPHdr *tcp);
6e83dfd9	182	BOOLEAN OvsConntrackValidateIcmpPacket(const ICMPHdr *icmp);
f6d375ea SV	183	OVS_CT_ENTRY * OvsConntrackCreateTcpEntry(const TCPHdr *tcp,
	184	PNET_BUFFER_LIST nbl,
	185	UINT64 now);
b50d56a7 SV	186	NDIS_STATUS OvsCtMapTcpProtoInfoToNl(PNL_BUFFER nlBuf,
b50d56a7 SV	187	OVS_CT_ENTRY *conn_);
5b37c6ae	188	OVS_CT_ENTRY * OvsConntrackCreateOtherEntry(UINT64 now);
6e83dfd9	189	OVS_CT_ENTRY * OvsConntrackCreateIcmpEntry(UINT64 now);
f6d375ea	190	enum CT_UPDATE_RES OvsConntrackUpdateTcpEntry(OVS_CT_ENTRY* conn_,
792d377d SV	191	const TCPHdr *tcp,
	192	PNET_BUFFER_LIST nbl,
	193	BOOLEAN reply,
	194	UINT64 now);
6e83dfd9	195	enum CT_UPDATE_RES OvsConntrackUpdateOtherEntry(OVS_CT_ENTRY *conn_,
5b37c6ae SV	196	BOOLEAN reply,
5b37c6ae SV	197	UINT64 now);
6e83dfd9 SV	198	enum CT_UPDATE_RES OvsConntrackUpdateIcmpEntry(OVS_CT_ENTRY* conn_,
	199	BOOLEAN reply,
	200	UINT64 now);
5e422c9e SV	201	NTSTATUS OvsCreateNlMsgFromCtEntry(POVS_CT_ENTRY entry,
	202	PVOID outBuffer,
	203	UINT32 outBufLen,
	204	UINT8 eventType,
	205	UINT32 nlmsgSeq,
	206	UINT32 nlmsgPid,
	207	UINT8 nfGenVersion,
	208	UINT32 dpIfIndex);
	209
	210	/* Tracking related connections */
	211	NTSTATUS OvsInitCtRelated(POVS_SWITCH_CONTEXT context);
	212	VOID OvsCleanupCtRelated(VOID);
	213	NDIS_STATUS OvsCtRelatedEntryCreate(UINT8 ipProto,
	214	UINT16 dl_type,
	215	UINT32 serverIp,
	216	UINT32 clientIp,
	217	UINT16 serverPort,
	218	UINT16 clientPort,
	219	UINT64 currentTime,
	220	POVS_CT_ENTRY parent);
	221	POVS_CT_ENTRY OvsCtRelatedLookup(OVS_CT_KEY key, UINT64 currentTime);
	222
e68988b8 SV	223	NDIS_STATUS OvsCtHandleFtp(PNET_BUFFER_LIST curNbl,
	224	OvsFlowKey *key,
	225	OVS_PACKET_HDR_INFO *layers,
	226	UINT64 currentTime,
	227	POVS_CT_ENTRY entry,
	228	BOOLEAN request);
	229
b7a6b3a7 YL	230	UINT32 OvsHashCtKey(const OVS_CT_KEY *key);
	231	BOOLEAN OvsCtKeyAreSame(OVS_CT_KEY ctxKey, OVS_CT_KEY entryKey);
	232	POVS_CT_ENTRY OvsCtLookup(OvsConntrackKeyLookupCtx *ctx);
	233
	234
5b37c6ae	235	#endif /* __OVS_CONNTRACK_H_ */