2 * Copyright (c) 2015-2019 Nicira, Inc.
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at:
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
17 #ifndef CONNTRACK_PRIVATE_H
18 #define CONNTRACK_PRIVATE_H 1
20 #include <sys/types.h>
21 #include <netinet/in.h>
22 #include <netinet/ip6.h>
25 #include "conntrack.h"
28 #include "openvswitch/hmap.h"
29 #include "openvswitch/list.h"
30 #include "openvswitch/types.h"
32 #include "unaligned.h"
33 #include "dp-packet.h"
47 /* Verify that there is no padding in struct ct_endpoint, to facilitate
48 * hashing in ct_endpoint_hash_add(). */
49 BUILD_ASSERT_DECL(sizeof(struct ct_endpoint
) == sizeof(union ct_addr
) + 4);
51 /* Changes to this structure need to be reflected in conn_key_hash()
52 * and conn_key_cmp(). */
54 struct ct_endpoint src
;
55 struct ct_endpoint dst
;
62 /* This is used for alg expectations; an expectation is a
63 * context created in preparation for establishing a data
64 * connection. The expectation is created by the control
67 /* Node in alg_expectations. */
68 struct hmap_node node
;
69 /* Node in alg_expectation_refs. */
70 struct hindex_node node_ref
;
71 /* Key of data connection to be created. */
73 /* Corresponding key of the control connection. */
74 struct conn_key parent_key
;
75 /* The NAT replacement address to be used by the data connection. */
76 union ct_addr alg_nat_repl_addr
;
77 /* The data connection inherits the parent control
78 * connection label and mark. */
79 ovs_u128 parent_label
;
81 /* True if for NAT application, the alg replaces the dest address;
82 * otherwise, the source address is replaced. */
86 enum OVS_PACKED_ENUM ct_conn_type
{
94 struct conn_key rev_key
;
95 struct conn_key parent_key
; /* Only used for orig_tuple support. */
96 struct ovs_list exp_node
;
97 struct cmap_node cm_node
;
98 struct nat_action_info_t
*nat_info
;
100 struct conn
*nat_conn
; /* The NAT 'conn' context, if there is one. */
103 struct ovs_mutex lock
; /* Guards all mutable fields. */
105 long long expiration
;
109 /* Immutable data. */
110 int32_t admit_zone
; /* The zone for managing zone limit counts. */
111 uint32_t zone_limit_seq
; /* Used to disambiguate zone limit counts. */
114 bool seq_skew_dir
; /* TCP sequence skew direction due to NATTing of FTP
115 * control messages; true if reply direction. */
116 bool cleaned
; /* True if cleaned from expiry lists. */
118 /* Immutable data. */
119 bool alg_related
; /* True if alg data connection. */
120 enum ct_conn_type conn_type
;
122 uint32_t tp_id
; /* Timeout policy ID. */
132 /* Timeouts: all the possible timeout states passed to update_expiration()
133 * are listed here. The name will be prefix by CT_TM_ and the value is in
135 #define CT_TIMEOUTS \
136 CT_TIMEOUT(TCP_FIRST_PACKET) \
137 CT_TIMEOUT(TCP_OPENING) \
138 CT_TIMEOUT(TCP_ESTABLISHED) \
139 CT_TIMEOUT(TCP_CLOSING) \
140 CT_TIMEOUT(TCP_FIN_WAIT) \
141 CT_TIMEOUT(TCP_CLOSED) \
142 CT_TIMEOUT(OTHER_FIRST) \
143 CT_TIMEOUT(OTHER_MULTIPLE) \
144 CT_TIMEOUT(OTHER_BIDIR) \
145 CT_TIMEOUT(ICMP_FIRST) \
146 CT_TIMEOUT(ICMP_REPLY)
149 #define CT_TIMEOUT(NAME) CT_TM_##NAME,
156 struct ovs_mutex ct_lock
; /* Protects 2 following fields. */
157 struct cmap conns OVS_GUARDED
;
158 struct ovs_list exp_lists
[N_CT_TM
] OVS_GUARDED
;
159 struct hmap zone_limits OVS_GUARDED
;
160 struct hmap timeout_policies OVS_GUARDED
;
161 uint32_t hash_basis
; /* Salt for hashing a connection key. */
162 pthread_t clean_thread
; /* Periodically cleans up connection tracker. */
163 struct latch clean_thread_exit
; /* To destroy the 'clean_thread'. */
165 /* Counting connections. */
166 atomic_count n_conn
; /* Number of connections currently tracked. */
167 atomic_uint n_conn_limit
; /* Max connections tracked. */
169 /* Expectations for application level gateways (created by control
170 * connections to help create data connections, e.g. for FTP). */
171 struct ovs_rwlock resources_lock
; /* Protects fields below. */
172 struct hmap alg_expectations OVS_GUARDED
; /* Holds struct
174 struct hindex alg_expectation_refs OVS_GUARDED
; /* For lookup from
175 * control context. */
177 struct ipf
*ipf
; /* Fragmentation handling context. */
178 uint32_t zone_limit_seq
; /* Used to disambiguate zone limit counts. */
179 atomic_bool tcp_seq_chk
; /* Check TCP sequence numbers. */
182 /* Lock acquisition order:
185 * 3. 'resources_lock'
188 extern struct ct_l4_proto ct_proto_tcp
;
189 extern struct ct_l4_proto ct_proto_other
;
190 extern struct ct_l4_proto ct_proto_icmp4
;
191 extern struct ct_l4_proto ct_proto_icmp6
;
194 struct conn
*(*new_conn
)(struct conntrack
*ct
, struct dp_packet
*pkt
,
195 long long now
, uint32_t tp_id
);
196 bool (*valid_new
)(struct dp_packet
*pkt
);
197 enum ct_update_res (*conn_update
)(struct conntrack
*ct
, struct conn
*conn
,
198 struct dp_packet
*pkt
, bool reply
,
200 void (*conn_get_protoinfo
)(const struct conn
*,
201 struct ct_dpif_protoinfo
*);
204 static inline uint32_t
205 tcp_payload_length(struct dp_packet
*pkt
)
207 const char *tcp_payload
= dp_packet_get_tcp_payload(pkt
);
209 return ((char *) dp_packet_tail(pkt
) - dp_packet_l2_pad_size(pkt
)
216 #endif /* conntrack-private.h */