lib/conntrack.h

   1 /*
   2  * Copyright (c) 2015, 2016, 2017, 2019 Nicira, Inc.
   3  *
   4  * Licensed under the Apache License, Version 2.0 (the "License");
   5  * you may not use this file except in compliance with the License.
   6  * You may obtain a copy of the License at:
   7  *
   8  *     http://www.apache.org/licenses/LICENSE-2.0
   9  *
  10  * Unless required by applicable law or agreed to in writing, software
  11  * distributed under the License is distributed on an "AS IS" BASIS,
  12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  13  * See the License for the specific language governing permissions and
  14  * limitations under the License.
  15  */
  16
  17 #ifndef CONNTRACK_H
  18 #define CONNTRACK_H 1
  19
  20 #include <stdbool.h>
  21
  22 #include "cmap.h"
  23 #include "ct-dpif.h"
  24 #include "latch.h"
  25 #include "odp-netlink.h"
  26 #include "openvswitch/hmap.h"
  27 #include "openvswitch/list.h"
  28 #include "openvswitch/thread.h"
  29 #include "openvswitch/types.h"
  30 #include "ovs-atomic.h"
  31 #include "ovs-thread.h"
  32 #include "packets.h"
  33 #include "hindex.h"
  34
  35 /* Userspace connection tracker
  36  * ============================
  37  *
  38  * This is a connection tracking module that keeps all the state in userspace.
  39  *
  40  * Usage
  41  * =====
  42  *
  43  *     struct conntrack *ct;
  44  *
  45  * Initialization:
  46  *
  47  *     ct = conntrack_init();
  48  *
  49  * To send a group of packets through the connection tracker:
  50  *
  51  *     conntrack_execute(ct, pkt_batch, ...);
  52  *
  53  * Thread-safety:
  54  *
  55  * conntrack_execute() can be called by multiple threads simultaneoulsy.
  56  *
  57  * Shutdown:
  58  *
  59  *    1/ Shutdown packet input to the datapath
  60  *    2/ Destroy PMD threads after quiescence.
  61  *    3/ conntrack_destroy(ct);
  62  */
  63
  64 struct dp_packet_batch;
  65
  66 struct conntrack;
  67
  68 union ct_addr {
  69     ovs_be32 ipv4;
  70     struct in6_addr ipv6;
  71 };
  72
  73 enum nat_action_e {
  74     NAT_ACTION_SRC = 1 << 0,
  75     NAT_ACTION_SRC_PORT = 1 << 1,
  76     NAT_ACTION_DST = 1 << 2,
  77     NAT_ACTION_DST_PORT = 1 << 3,
  78 };
  79
  80 struct nat_action_info_t {
  81     union ct_addr min_addr;
  82     union ct_addr max_addr;
  83     uint16_t min_port;
  84     uint16_t max_port;
  85     uint16_t nat_action;
  86 };
  87
  88 struct conntrack *conntrack_init(void);
  89 void conntrack_destroy(struct conntrack *);
  90
  91 int conntrack_execute(struct conntrack *ct, struct dp_packet_batch *pkt_batch,
  92                       ovs_be16 dl_type, bool force, bool commit, uint16_t zone,
  93                       const uint32_t *setmark,
  94                       const struct ovs_key_ct_labels *setlabel,
  95                       ovs_be16 tp_src, ovs_be16 tp_dst, const char *helper,
  96                       const struct nat_action_info_t *nat_action_info,
  97                       long long now, uint32_t tp_id);
  98 void conntrack_clear(struct dp_packet *packet);
  99
 100 struct conntrack_dump {
 101     struct conntrack *ct;
 102     unsigned bucket;
 103     struct cmap_position cm_pos;
 104     bool filter_zone;
 105     uint16_t zone;
 106 };
 107
 108 struct conntrack_zone_limit {
 109     int32_t zone;
 110     uint32_t limit;
 111     uint32_t count;
 112     uint32_t zone_limit_seq; /* Used to disambiguate zone limit counts. */
 113 };
 114
 115 struct timeout_policy {
 116     struct hmap_node node;
 117     struct ct_dpif_timeout_policy policy;
 118 };
 119
 120 enum {
 121     INVALID_ZONE = -2,
 122     DEFAULT_ZONE = -1, /* Default zone for zone limit management. */
 123     MIN_ZONE = 0,
 124     MAX_ZONE = 0xFFFF,
 125 };
 126
 127 struct ct_dpif_entry;
 128 struct ct_dpif_tuple;
 129
 130 int conntrack_dump_start(struct conntrack *, struct conntrack_dump *,
 131                          const uint16_t *pzone, int *);
 132 int conntrack_dump_next(struct conntrack_dump *, struct ct_dpif_entry *);
 133 int conntrack_dump_done(struct conntrack_dump *);
 134
 135 int conntrack_flush(struct conntrack *, const uint16_t *zone);
 136 int conntrack_flush_tuple(struct conntrack *, const struct ct_dpif_tuple *,
 137                           uint16_t zone);
 138 int conntrack_set_maxconns(struct conntrack *ct, uint32_t maxconns);
 139 int conntrack_get_maxconns(struct conntrack *ct, uint32_t *maxconns);
 140 int conntrack_get_nconns(struct conntrack *ct, uint32_t *nconns);
 141 int conntrack_set_tcp_seq_chk(struct conntrack *ct, bool enabled);
 142 bool conntrack_get_tcp_seq_chk(struct conntrack *ct);
 143 struct ipf *conntrack_ipf_ctx(struct conntrack *ct);
 144 struct conntrack_zone_limit zone_limit_get(struct conntrack *ct,
 145                                            int32_t zone);
 146 int zone_limit_update(struct conntrack *ct, int32_t zone, uint32_t limit);
 147 int zone_limit_delete(struct conntrack *ct, uint16_t zone);
 148 \f
 149 #endif /* conntrack.h */