[mirror_ovs.git] / lib / conntrack-private.h

/*
 * Copyright (c) 2015, 2016, 2017 Nicira, Inc.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at:
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

#ifndef CONNTRACK_PRIVATE_H
#define CONNTRACK_PRIVATE_H 1

#include <sys/types.h>
#include <netinet/in.h>
#include <netinet/ip6.h>

#include "conntrack.h"
#include "ct-dpif.h"
#include "openvswitch/hmap.h"
#include "openvswitch/list.h"
#include "openvswitch/types.h"
#include "packets.h"
#include "unaligned.h"
#include "dp-packet.h"

struct ct_endpoint {
    struct ct_addr addr;
    union {
        ovs_be16 port;
        struct {
            ovs_be16 icmp_id;
            uint8_t icmp_type;
            uint8_t icmp_code;
        };
    };
};

/* Verify that there is no padding in struct ct_endpoint, to facilitate
 * hashing in ct_endpoint_hash_add(). */
BUILD_ASSERT_DECL(sizeof(struct ct_endpoint) == sizeof(struct ct_addr) + 4);

/* Changes to this structure need to be reflected in conn_key_hash()
 * and conn_key_cmp(). */
struct conn_key {
    struct ct_endpoint src;
    struct ct_endpoint dst;

    ovs_be16 dl_type;
    uint16_t zone;
    uint8_t nw_proto;
};

struct nat_conn_key_node {
    struct hmap_node node;
    struct conn_key key;
    struct conn_key value;
};

/* This is used for alg expectations; an expectation is a
 * context created in preparation for establishing a data
 * connection. The expectation is created by the control
 * connection. */
struct alg_exp_node {
    /* Node in alg_expectations. */
    struct hmap_node node;
    /* Node in alg_expectation_refs. */
    struct hindex_node node_ref;
    /* Key of data connection to be created. */
    struct conn_key key;
    /* Corresponding key of the control connection. */
    struct conn_key master_key;
    /* The NAT replacement address to be used by the data connection. */
    struct ct_addr alg_nat_repl_addr;
    /* The data connection inherits the master control
     * connection label and mark. */
    ovs_u128 master_label;
    uint32_t master_mark;
    /* True if for NAT application, the alg replaces the dest address;
     * otherwise, the source address is replaced.  */
    bool nat_rpl_dst;
};

struct conn {
    struct conn_key key;
    struct conn_key rev_key;
    /* Only used for orig_tuple support. */
    struct conn_key master_key;
    long long expiration;
    struct ovs_list exp_node;
    struct hmap_node node;
    ovs_u128 label;
    /* XXX: consider flattening. */
    struct nat_action_info_t *nat_info;
    char *alg;
    int seq_skew;
    uint32_t mark;
    uint8_t conn_type;
    /* TCP sequence skew due to NATTing of FTP control messages. */
    uint8_t seq_skew_dir;
    /* True if alg data connection. */
    uint8_t alg_related;
};

enum ct_update_res {
    CT_UPDATE_INVALID,
    CT_UPDATE_VALID,
    CT_UPDATE_NEW,
};

enum ct_conn_type {
    CT_CONN_TYPE_DEFAULT,
    CT_CONN_TYPE_UN_NAT,
};

struct ct_l4_proto {
    struct conn *(*new_conn)(struct conntrack_bucket *, struct dp_packet *pkt,
                             long long now);
    bool (*valid_new)(struct dp_packet *pkt);
    enum ct_update_res (*conn_update)(struct conn *conn,
                                      struct conntrack_bucket *,
                                      struct dp_packet *pkt, bool reply,
                                      long long now);
    void (*conn_get_protoinfo)(const struct conn *,
                               struct ct_dpif_protoinfo *);
};

extern struct ct_l4_proto ct_proto_tcp;
extern struct ct_l4_proto ct_proto_other;
extern struct ct_l4_proto ct_proto_icmp4;
extern struct ct_l4_proto ct_proto_icmp6;

extern long long ct_timeout_val[];

static inline void
conn_init_expiration(struct conntrack_bucket *ctb, struct conn *conn,
                        enum ct_timeout tm, long long now)
{
    conn->expiration = now + ct_timeout_val[tm];
    ovs_list_push_back(&ctb->exp_lists[tm], &conn->exp_node);
}

static inline void
conn_update_expiration(struct conntrack_bucket *ctb, struct conn *conn,
                       enum ct_timeout tm, long long now)
{
    ovs_list_remove(&conn->exp_node);
    conn_init_expiration(ctb, conn, tm, now);
}

static inline uint32_t
tcp_payload_length(struct dp_packet *pkt)
{
    const char *tcp_payload = dp_packet_get_tcp_payload(pkt);
    if (tcp_payload) {
        return ((char *) dp_packet_tail(pkt) - dp_packet_l2_pad_size(pkt)
                - tcp_payload);
    } else {
        return 0;
    }
}

#endif /* conntrack-private.h */
Commit	Line	Data
a489b168	1	/*
bd5e81a0	2	* Copyright (c) 2015, 2016, 2017 Nicira, Inc.
a489b168 DDP	3	*
	4	* Licensed under the Apache License, Version 2.0 (the "License");
	5	* you may not use this file except in compliance with the License.
	6	* You may obtain a copy of the License at:
	7	*
	8	* http://www.apache.org/licenses/LICENSE-2.0
	9	*
	10	* Unless required by applicable law or agreed to in writing, software
	11	* distributed under the License is distributed on an "AS IS" BASIS,
	12	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	13	* See the License for the specific language governing permissions and
	14	* limitations under the License.
	15	*/
	16
	17	#ifndef CONNTRACK_PRIVATE_H
	18	#define CONNTRACK_PRIVATE_H 1
	19
	20	#include <sys/types.h>
	21	#include <netinet/in.h>
	22	#include <netinet/ip6.h>
	23
	24	#include "conntrack.h"
4d4e68ed	25	#include "ct-dpif.h"
a489b168 DDP	26	#include "openvswitch/hmap.h"
	27	#include "openvswitch/list.h"
	28	#include "openvswitch/types.h"
	29	#include "packets.h"
	30	#include "unaligned.h"
0e71e47f	31	#include "dp-packet.h"
a489b168	32
a489b168 DDP	33	struct ct_endpoint {
a489b168 DDP	34	struct ct_addr addr;
b269a122 DDP	35	union {
	36	ovs_be16 port;
	37	struct {
	38	ovs_be16 icmp_id;
	39	uint8_t icmp_type;
	40	uint8_t icmp_code;
	41	};
	42	};
a489b168 DDP	43	};
a489b168 DDP	44
92edd073 DB	45	/* Verify that there is no padding in struct ct_endpoint, to facilitate
	46	* hashing in ct_endpoint_hash_add(). */
	47	BUILD_ASSERT_DECL(sizeof(struct ct_endpoint) == sizeof(struct ct_addr) + 4);
	48
bd5e81a0 DB	49	/* Changes to this structure need to be reflected in conn_key_hash()
bd5e81a0 DB	50	* and conn_key_cmp(). */
a489b168 DDP	51	struct conn_key {
	52	struct ct_endpoint src;
	53	struct ct_endpoint dst;
	54
	55	ovs_be16 dl_type;
a489b168	56	uint16_t zone;
bd5e81a0	57	uint8_t nw_proto;
a489b168 DDP	58	};
a489b168 DDP	59
286de272 DB	60	struct nat_conn_key_node {
	61	struct hmap_node node;
	62	struct conn_key key;
	63	struct conn_key value;
	64	};
	65
bd5e81a0 DB	66	/* This is used for alg expectations; an expectation is a
	67	* context created in preparation for establishing a data
	68	* connection. The expectation is created by the control
	69	* connection. */
	70	struct alg_exp_node {
4417ca3d	71	/* Node in alg_expectations. */
bd5e81a0	72	struct hmap_node node;
4417ca3d DB	73	/* Node in alg_expectation_refs. */
4417ca3d DB	74	struct hindex_node node_ref;
bd5e81a0 DB	75	/* Key of data connection to be created. */
	76	struct conn_key key;
	77	/* Corresponding key of the control connection. */
	78	struct conn_key master_key;
	79	/* The NAT replacement address to be used by the data connection. */
	80	struct ct_addr alg_nat_repl_addr;
	81	/* The data connection inherits the master control
	82	* connection label and mark. */
	83	ovs_u128 master_label;
	84	uint32_t master_mark;
be38342d DB	85	/* True if for NAT application, the alg replaces the dest address;
	86	* otherwise, the source address is replaced. */
	87	bool nat_rpl_dst;
bd5e81a0 DB	88	};
bd5e81a0 DB	89
a489b168 DDP	90	struct conn {
	91	struct conn_key key;
	92	struct conn_key rev_key;
bd5e81a0 DB	93	/* Only used for orig_tuple support. */
bd5e81a0 DB	94	struct conn_key master_key;
a489b168 DDP	95	long long expiration;
	96	struct ovs_list exp_node;
	97	struct hmap_node node;
a489b168	98	ovs_u128 label;
286de272 DB	99	/* XXX: consider flattening. */
286de272 DB	100	struct nat_action_info_t *nat_info;
bd5e81a0 DB	101	char *alg;
bd5e81a0 DB	102	int seq_skew;
286de272 DB	103	uint32_t mark;
286de272 DB	104	uint8_t conn_type;
bd5e81a0 DB	105	/* TCP sequence skew due to NATTing of FTP control messages. */
	106	uint8_t seq_skew_dir;
	107	/* True if alg data connection. */
	108	uint8_t alg_related;
a489b168 DDP	109	};
	110
	111	enum ct_update_res {
	112	CT_UPDATE_INVALID,
	113	CT_UPDATE_VALID,
	114	CT_UPDATE_NEW,
	115	};
	116
286de272 DB	117	enum ct_conn_type {
	118	CT_CONN_TYPE_DEFAULT,
	119	CT_CONN_TYPE_UN_NAT,
	120	};
	121
a489b168	122	struct ct_l4_proto {
e6ef6cc6 DDP	123	struct conn (new_conn)(struct conntrack_bucket , struct dp_packet pkt,
e6ef6cc6 DDP	124	long long now);
a489b168	125	bool (valid_new)(struct dp_packet pkt);
e6ef6cc6 DDP	126	enum ct_update_res (conn_update)(struct conn conn,
	127	struct conntrack_bucket *,
	128	struct dp_packet *pkt, bool reply,
	129	long long now);
4d4e68ed DDP	130	void (conn_get_protoinfo)(const struct conn ,
4d4e68ed DDP	131	struct ct_dpif_protoinfo *);
a489b168 DDP	132	};
	133
	134	extern struct ct_l4_proto ct_proto_tcp;
	135	extern struct ct_l4_proto ct_proto_other;
b269a122 DDP	136	extern struct ct_l4_proto ct_proto_icmp4;
b269a122 DDP	137	extern struct ct_l4_proto ct_proto_icmp6;
a489b168 DDP	138
	139	extern long long ct_timeout_val[];
	140
	141	static inline void
e6ef6cc6 DDP	142	conn_init_expiration(struct conntrack_bucket ctb, struct conn conn,
e6ef6cc6 DDP	143	enum ct_timeout tm, long long now)
a489b168 DDP	144	{
a489b168 DDP	145	conn->expiration = now + ct_timeout_val[tm];
e6ef6cc6 DDP	146	ovs_list_push_back(&ctb->exp_lists[tm], &conn->exp_node);
	147	}
	148
	149	static inline void
	150	conn_update_expiration(struct conntrack_bucket ctb, struct conn conn,
	151	enum ct_timeout tm, long long now)
	152	{
	153	ovs_list_remove(&conn->exp_node);
	154	conn_init_expiration(ctb, conn, tm, now);
a489b168 DDP	155	}
a489b168 DDP	156
0e71e47f DB	157	static inline uint32_t
	158	tcp_payload_length(struct dp_packet *pkt)
	159	{
	160	const char *tcp_payload = dp_packet_get_tcp_payload(pkt);
	161	if (tcp_payload) {
	162	return ((char *) dp_packet_tail(pkt) - dp_packet_l2_pad_size(pkt)
	163	- tcp_payload);
	164	} else {
	165	return 0;
	166	}
	167	}
	168
a489b168	169	#endif /* conntrack-private.h */