xref: /dragonfly/sys/net/ipfw3_basic/ip_fw3_sync.c (revision fb1dde20d596d2938b7c0e3b7c31acf4a7cb4d0a)
1 /*
2  * Copyright (c) 2016 - 2018 The DragonFly Project.  All rights reserved.
3  *
4  * This code is derived from software contributed to The DragonFly Project
5  * by Bill Yuan <bycn82@dragonflybsd.org>
6  *
7  * Redistribution and use in source and binary forms, with or without
8  * modification, are permitted provided that the following conditions
9  * are met:
10  *
11  * 1. Redistributions of source code must retain the above copyright
12  *    notice, this list of conditions and the following disclaimer.
13  * 2. Redistributions in binary form must reproduce the above copyright
14  *    notice, this list of conditions and the following disclaimer in
15  *    the documentation and/or other materials provided with the
16  *    distribution.
17  * 3. Neither the name of The DragonFly Project nor the names of its
18  *    contributors may be used to endorse or promote products derived
19  *    from this software without specific, prior written permission.
20  *
21  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
22  * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
23  * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
24  * FOR A PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE
25  * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
26  * INCIDENTAL, SPECIAL, EXEMPLARY OR CONSEQUENTIAL DAMAGES (INCLUDING,
27  * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
28  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
29  * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
30  * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
31  * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
32  * SUCH DAMAGE.
33  *
34  */
35 
36 #include <sys/types.h>
37 #include <sys/param.h>
38 #include <sys/systm.h>
39 #include <sys/malloc.h>
40 #include <sys/mbuf.h>
41 #include <sys/kernel.h>
42 #include <sys/proc.h>
43 #include <sys/socket.h>
44 #include <sys/socketvar.h>
45 #include <sys/socketvar2.h>
46 #include <sys/socketops.h>
47 #include <sys/sysctl.h>
48 #include <sys/syslog.h>
49 #include <sys/ucred.h>
50 #include <sys/in_cksum.h>
51 #include <sys/lock.h>
52 #include <sys/kthread.h>
53 
54 #include <net/if.h>
55 #include <net/route.h>
56 #include <net/pfil.h>
57 #include <net/netmsg2.h>
58 #include <net/ethernet.h>
59 
60 #include <netinet/in.h>
61 #include <netinet/in_systm.h>
62 #include <netinet/in_var.h>
63 #include <netinet/in_pcb.h>
64 #include <netinet/ip.h>
65 #include <netinet/ip_var.h>
66 #include <netinet/ip_icmp.h>
67 #include <netinet/tcp.h>
68 #include <netinet/tcp_timer.h>
69 #include <netinet/tcp_var.h>
70 #include <netinet/tcpip.h>
71 #include <netinet/udp.h>
72 #include <netinet/udp_var.h>
73 #include <netinet/ip_divert.h>
74 #include <netinet/if_ether.h>
75 
76 #include <net/ipfw3/ip_fw.h>
77 #include <net/ipfw3_basic/ip_fw3_sync.h>
78 
79 #define LEN_IN_ADDR           sizeof(struct in_addr)
80 
81 MALLOC_DEFINE(M_IPFW3_SYNC, "IPFW3_SYNC", "mem for ipfw3sync");
82 
83 extern struct ipfw3_context             *fw3_ctx[MAXCPU];
84 extern struct ipfw3_sync_context        fw3_sync_ctx;
85 ipfw_sync_send_state_t                            *ipfw_sync_send_state_prt = NULL;
86 ipfw_sync_install_state_t               *ipfw_sync_install_state_prt = NULL;
87 
88 
89 
90 void
ip_fw3_sync_install_state(struct cmd_send_state * cmd)91 ip_fw3_sync_install_state(struct cmd_send_state *cmd)
92 {
93           /* TODO */
94 }
95 
96 /*
97  * ipfw3sync show config
98  */
99 int
ip_fw3_ctl_sync_show_conf(struct sockopt * sopt)100 ip_fw3_ctl_sync_show_conf(struct sockopt *sopt)
101 {
102           struct ipfw3_ioc_sync_context *tmp_sync_ctx;
103           int size;
104 
105           size = 3 * sizeof(int) + fw3_sync_ctx.count * LEN_SYNC_EDGE;
106           if (sopt->sopt_valsize < size) {
107                     /* sopt_val is not big enough */
108                     bzero(sopt->sopt_val, sopt->sopt_valsize);
109                     return 0;
110           }
111           tmp_sync_ctx = (struct ipfw3_ioc_sync_context *)sopt->sopt_val;
112           tmp_sync_ctx->edge_port = fw3_sync_ctx.edge_port;
113           tmp_sync_ctx->hw_same = fw3_sync_ctx.hw_same;
114           tmp_sync_ctx->count = fw3_sync_ctx.count;
115           bcopy(fw3_sync_ctx.edges, tmp_sync_ctx->edges,
116                               fw3_sync_ctx.count * LEN_SYNC_EDGE);
117           sopt->sopt_valsize = size;
118           return 0;
119 }
120 
121 /*
122  * ipfw3sync show status
123  */
124 int
ip_fw3_ctl_sync_show_status(struct sockopt * sopt)125 ip_fw3_ctl_sync_show_status(struct sockopt *sopt)
126 {
127           int *running;
128           running = (int *)sopt->sopt_val;
129           *running = fw3_sync_ctx.running;
130           sopt->sopt_valsize = sizeof(int);
131           return 0;
132 }
133 /*
134  * ipfw3sync config centre
135  */
136 int
ip_fw3_ctl_sync_centre_conf(struct sockopt * sopt)137 ip_fw3_ctl_sync_centre_conf(struct sockopt *sopt)
138 {
139           struct ipfw3_ioc_sync_centre *ioc_centre;
140           int size;
141 
142           ioc_centre = sopt->sopt_val;
143           size = ioc_centre->count * LEN_SYNC_EDGE;
144           if (fw3_sync_ctx.count == 0) {
145                     fw3_sync_ctx.edges = kmalloc(size, M_IPFW3_SYNC, M_NOWAIT | M_ZERO);
146           } else {
147                     fw3_sync_ctx.edges = krealloc(fw3_sync_ctx.edges,
148                                         size, M_TEMP, M_WAITOK);
149           }
150           fw3_sync_ctx.count = ioc_centre->count;
151           bcopy(ioc_centre->edges, fw3_sync_ctx.edges,
152                               ioc_centre->count * LEN_SYNC_EDGE);
153           return 0;
154 }
155 
156 /*
157  * ipfw3sync config edge
158  */
159 int
ip_fw3_ctl_sync_edge_conf(struct sockopt * sopt)160 ip_fw3_ctl_sync_edge_conf(struct sockopt *sopt)
161 {
162           struct ipfw3_ioc_sync_edge *ioc_edge;
163           struct thread *td;
164           size_t size;
165           int error;
166 
167           size = sopt->sopt_valsize;
168           ioc_edge = sopt->sopt_val;
169           if (size != sizeof(struct ipfw3_ioc_sync_edge)) {
170                     return EINVAL;
171           }
172           fw3_sync_ctx.edge_port = ioc_edge->port;
173           fw3_sync_ctx.hw_same = ioc_edge->hw_same;
174 
175           td = curthread->td_proc ? curthread : &thread0;
176           error = socreate(AF_INET, &fw3_sync_ctx.edge_sock,
177                               SOCK_DGRAM, IPPROTO_UDP, td);
178           if (error) {
179                     kprintf("ipfw3sync edge socreate failed: %d\n", error);
180                     return (error);
181           }
182           return 0;
183 }
184 
185 void
ip_fw3_sync_edge_socket_handler(void * dummy)186 ip_fw3_sync_edge_socket_handler(void *dummy)
187 {
188           struct socket *so;
189           struct sockbuf sio;
190           struct sockaddr_in sin;
191           struct mbuf *m;
192           struct sockaddr *sa;
193           int error, flags, *type;
194 
195           so = fw3_sync_ctx.edge_sock;
196           flags = MSG_FBLOCKING;
197 
198           bzero(&sin, sizeof(struct sockaddr_in));
199           sin.sin_family = AF_INET;
200           sin.sin_port = htons(fw3_sync_ctx.edge_port);
201           sin.sin_len = LEN_IN_ADDR;
202           sa = (struct sockaddr *)&sin;
203           while (fw3_sync_ctx.running & 1) {
204                     sbinit(&sio, 1000000000);
205                     error = so_pru_soreceive(so, NULL, NULL, &sio, NULL, &flags);
206                     if (error)
207                               break;
208                     m = sio.sb_mb;
209                     type = (int *)m->m_data;
210                     if (*type == SYNC_TYPE_SEND_TEST) {
211                               struct cmd_send_test *cmd;
212                               cmd = (struct cmd_send_test *)m->m_data;
213                               kprintf("test received %d\n", cmd->num);
214                     } else if (*type == SYNC_TYPE_SEND_STATE) {
215                               struct cmd_send_state *cmd;
216                               cmd = (struct cmd_send_state *)m->m_data;
217                               if (ipfw_sync_install_state_prt != NULL) {
218                                         (*ipfw_sync_install_state_prt)(cmd);
219                               }
220                     } else if (*type == SYNC_TYPE_SEND_NAT) {
221                               /* TODO sync NAT records */
222                               kprintf("nat received\n");
223                     } else {
224                               kprintf("Error ignore\n");
225                     }
226           }
227           soshutdown(fw3_sync_ctx.edge_sock, SHUT_RD);
228           sofree(fw3_sync_ctx.edge_sock);
229           kthread_exit();
230 }
231 
232 int
ip_fw3_ctl_sync_edge_start(struct sockopt * sopt)233 ip_fw3_ctl_sync_edge_start(struct sockopt *sopt)
234 {
235           struct sockaddr_in sin;
236           struct thread *td;
237           int error;
238 
239           if (fw3_sync_ctx.running & 1) {
240                     return 0;
241           }
242           td = curthread->td_proc ? curthread : &thread0;
243           bzero(&sin, sizeof(struct sockaddr_in));
244           sin.sin_family = AF_INET;
245           sin.sin_len = sizeof(struct sockaddr_in);
246           sin.sin_port = htons(fw3_sync_ctx.edge_port);
247           sin.sin_addr.s_addr = INADDR_ANY;
248           error = sobind(fw3_sync_ctx.edge_sock, (struct sockaddr *)&sin, td);
249           if (error) {
250                     if (error != EADDRINUSE) {
251                               kprintf("ipfw3sync edge sobind failed: %d\n", error);
252                     } else {
253                               kprintf("ipfw3sync edge address in use: %d\n", error);
254                     }
255                     return (error);
256           }
257 
258           fw3_sync_ctx.running |= 1;
259           soreference(fw3_sync_ctx.edge_sock);
260           error = kthread_create(ip_fw3_sync_edge_socket_handler, NULL,
261                               &fw3_sync_ctx.edge_td, "sync_edge_thread");
262           if (error) {
263                     panic("ip_fw3_sync_edge_socket_handler:error %d",error);
264           }
265           return 0;
266 }
267 
268 int
ip_fw3_ctl_sync_centre_start(struct sockopt * sopt)269 ip_fw3_ctl_sync_centre_start(struct sockopt *sopt)
270 {
271           struct sockaddr_in sin;
272           struct thread *td;
273           struct ipfw3_sync_edge *edge;
274           int error, i;
275 
276           fw3_sync_ctx.running |= 2;
277           td = curthread->td_proc ? curthread : &thread0;
278 
279           for (i = 0; i < fw3_sync_ctx.count; i++) {
280                     error = socreate(AF_INET, &fw3_sync_ctx.centre_socks[i],
281                                         SOCK_DGRAM, IPPROTO_UDP, td);
282                     if (error) {
283                               kprintf("ipfw3sync centre socreate failed: %d\n",
284                                                   error);
285                               return error;
286                     }
287                     edge = fw3_sync_ctx.edges;
288 
289                     bzero(&sin, sizeof(struct sockaddr_in));
290                     sin.sin_family = AF_INET;
291                     sin.sin_port = htons(edge->port);
292                     sin.sin_addr.s_addr = edge->addr;
293                     sin.sin_len = sizeof(struct sockaddr_in);
294                     error = soconnect(fw3_sync_ctx.centre_socks[i],
295                                         (struct sockaddr *)&sin, td, TRUE);
296                     if (error) {
297                               kprintf("ipfw3sync: centre soconnect failed: %d\n",
298                                                   error);
299                               return error;
300                     }
301           }
302 
303           return 0;
304 }
305 
306 int
ip_fw3_ctl_sync_edge_test(struct sockopt * sopt)307 ip_fw3_ctl_sync_edge_test(struct sockopt *sopt)
308 {
309           return 0;
310 }
311 
312 int
ip_fw3_ctl_sync_centre_test(struct sockopt * sopt)313 ip_fw3_ctl_sync_centre_test(struct sockopt *sopt)
314 {
315           struct cmd_send_test cmd;
316           struct mbuf *m;
317           struct thread *td;
318           int error, i, len, nsize, *num;
319 
320           if (sopt->sopt_valsize != sizeof(int)) {
321                     kprintf("ipfw3sync: invalid centre test parameter\n");
322                     return -1;
323           }
324           if ((fw3_sync_ctx.running & 2) == 0) {
325                     kprintf("ipfw3sync: centre not running\n");
326                     return -1;
327           }
328           num = sopt->sopt_val;
329           len = sizeof(struct cmd_send_test);
330           m = m_getl(len, M_WAITOK, MT_DATA, M_PKTHDR, &nsize);
331           cmd.type = 0;
332           cmd.num = *num;
333           memcpy(m->m_data, &cmd, len);
334 
335           m->m_len = len;
336           m->m_pkthdr.len = len;
337 
338           td = curthread->td_proc ? curthread : &thread0;
339           for (i = 0; i < fw3_sync_ctx.count; i++) {
340                     error = so_pru_sosend(fw3_sync_ctx.centre_socks[i],
341                                         NULL, NULL, m, NULL, 0 ,td);
342                     if (error) {
343                               kprintf("ipfw3sync: centre sosend failed: %d\n", error);
344                               return -1;
345                     }
346           }
347           m_free(m);
348           return 0;
349 }
350 int
ip_fw3_ctl_sync_edge_stop(struct sockopt * sopt)351 ip_fw3_ctl_sync_edge_stop(struct sockopt *sopt)
352 {
353           if (fw3_sync_ctx.running & 1) {
354                     fw3_sync_ctx.running &= 2;
355                     soclose(fw3_sync_ctx.edge_sock, 0);
356           }
357           return 0;
358 }
359 
360 int
ip_fw3_ctl_sync_centre_stop(struct sockopt * sopt)361 ip_fw3_ctl_sync_centre_stop(struct sockopt *sopt)
362 {
363           int i;
364 
365           if (fw3_sync_ctx.running & 2) {
366                     fw3_sync_ctx.running &= 1;
367                     for (i = 0; i < fw3_sync_ctx.count; i++) {
368                               soclose(fw3_sync_ctx.centre_socks[i], 0);
369                     }
370           }
371           return 0;
372 }
373 
374 int
ip_fw3_ctl_sync_edge_clear(struct sockopt * sopt)375 ip_fw3_ctl_sync_edge_clear(struct sockopt *sopt)
376 {
377           return 0;
378 }
379 
380 int
ip_fw3_ctl_sync_centre_clear(struct sockopt * sopt)381 ip_fw3_ctl_sync_centre_clear(struct sockopt *sopt)
382 {
383           return 0;
384 }
385 
386 /*
387  * sockopt handler
388  */
389 int
ip_fw3_ctl_sync_sockopt(struct sockopt * sopt)390 ip_fw3_ctl_sync_sockopt(struct sockopt *sopt)
391 {
392           int error = 0;
393           switch (sopt->sopt_name) {
394                     case IP_FW_SYNC_EDGE_CONF:
395                               error = ip_fw3_ctl_sync_edge_conf(sopt);
396                               break;
397                     case IP_FW_SYNC_CENTRE_CONF:
398                               error = ip_fw3_ctl_sync_centre_conf(sopt);
399                               break;
400                     case IP_FW_SYNC_SHOW_CONF:
401                               error = ip_fw3_ctl_sync_show_conf(sopt);
402                               break;
403                     case IP_FW_SYNC_SHOW_STATUS:
404                               error = ip_fw3_ctl_sync_show_status(sopt);
405                               break;
406                     case IP_FW_SYNC_EDGE_START:
407                               error = ip_fw3_ctl_sync_edge_start(sopt);
408                               break;
409                     case IP_FW_SYNC_CENTRE_START:
410                               error = ip_fw3_ctl_sync_centre_start(sopt);
411                               break;
412                     case IP_FW_SYNC_EDGE_STOP:
413                               error = ip_fw3_ctl_sync_edge_stop(sopt);
414                               break;
415                     case IP_FW_SYNC_CENTRE_STOP:
416                               error = ip_fw3_ctl_sync_centre_stop(sopt);
417                               break;
418                     case IP_FW_SYNC_EDGE_CLEAR:
419                               error = ip_fw3_ctl_sync_edge_clear(sopt);
420                               break;
421                     case IP_FW_SYNC_CENTRE_CLEAR:
422                               error = ip_fw3_ctl_sync_centre_clear(sopt);
423                               break;
424                     case IP_FW_SYNC_EDGE_TEST:
425                               error = ip_fw3_ctl_sync_edge_test(sopt);
426                               break;
427                     case IP_FW_SYNC_CENTRE_TEST:
428                               error = ip_fw3_ctl_sync_centre_test(sopt);
429                               break;
430                     default:
431                               kprintf("ipfw3 sync invalid socket option %d\n",
432                                                   sopt->sopt_name);
433           }
434           return error;
435 }
436 
437 void
ip_fw3_sync_send_state(struct ipfw3_state * state,int cpu,int hash)438 ip_fw3_sync_send_state(struct ipfw3_state *state, int cpu, int hash)
439 {
440           struct mbuf *m;
441           struct thread *td;
442           int error, i, len, nsize;
443           struct cmd_send_state cmd;
444 
445           len = sizeof(struct cmd_send_state);
446           m = m_getl(len, M_WAITOK, MT_DATA, M_PKTHDR, &nsize);
447 
448           cmd.type = 1;
449           cmd.cpu = cpu;
450           cmd.hash = hash;
451 
452           memcpy(m->m_data, &cmd, len);
453 
454           m->m_len = len;
455           m->m_pkthdr.len = len;
456 
457           td = curthread->td_proc ? curthread : &thread0;
458           for (i = 0; i < fw3_sync_ctx.count; i++) {
459                     error = so_pru_sosend(fw3_sync_ctx.centre_socks[i],
460                                         NULL, NULL, m, NULL, 0 ,td);
461                     if (error) {
462                               kprintf("ipfw3sync: centre sosend failed: %d\n", error);
463                               return;
464                     }
465           }
466           return;
467 }
468 
469 void
ip_fw3_sync_modevent(int type)470 ip_fw3_sync_modevent(int type)
471 {
472           switch (type) {
473                     case MOD_LOAD:
474                               ipfw_sync_send_state_prt = ip_fw3_sync_send_state;
475                               break;
476                     case MOD_UNLOAD:
477                               if (fw3_sync_ctx.edges != NULL) {
478                                         kfree(fw3_sync_ctx.edges, M_IPFW3_SYNC);
479                               }
480                               if (fw3_sync_ctx.running & 1) {
481                                         fw3_sync_ctx.running = 0;
482                                         soclose(fw3_sync_ctx.edge_sock, 0);
483                                         fw3_sync_ctx.edge_td = NULL;
484                               }
485                               if (fw3_sync_ctx.running & 2) {
486                                         int i;
487                                         for (i = 0; i < fw3_sync_ctx.count; i++) {
488                                                   soclose(fw3_sync_ctx.centre_socks[i], 0);
489                                         }
490                               }
491                               break;
492                     default:
493                               break;
494           }
495 }
496