1*dbed73cbSSangeeta Misra /* 2*dbed73cbSSangeeta Misra * CDDL HEADER START 3*dbed73cbSSangeeta Misra * 4*dbed73cbSSangeeta Misra * The contents of this file are subject to the terms of the 5*dbed73cbSSangeeta Misra * Common Development and Distribution License (the "License"). 6*dbed73cbSSangeeta Misra * You may not use this file except in compliance with the License. 7*dbed73cbSSangeeta Misra * 8*dbed73cbSSangeeta Misra * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9*dbed73cbSSangeeta Misra * or http://www.opensolaris.org/os/licensing. 10*dbed73cbSSangeeta Misra * See the License for the specific language governing permissions 11*dbed73cbSSangeeta Misra * and limitations under the License. 12*dbed73cbSSangeeta Misra * 13*dbed73cbSSangeeta Misra * When distributing Covered Code, include this CDDL HEADER in each 14*dbed73cbSSangeeta Misra * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15*dbed73cbSSangeeta Misra * If applicable, add the following below this CDDL HEADER, with the 16*dbed73cbSSangeeta Misra * fields enclosed by brackets "[]" replaced with your own identifying 17*dbed73cbSSangeeta Misra * information: Portions Copyright [yyyy] [name of copyright owner] 18*dbed73cbSSangeeta Misra * 19*dbed73cbSSangeeta Misra * CDDL HEADER END 20*dbed73cbSSangeeta Misra */ 21*dbed73cbSSangeeta Misra 22*dbed73cbSSangeeta Misra /* 23*dbed73cbSSangeeta Misra * Copyright 2009 Sun Microsystems, Inc. All rights reserved. 24*dbed73cbSSangeeta Misra * Use is subject to license terms. 25*dbed73cbSSangeeta Misra */ 26*dbed73cbSSangeeta Misra 27*dbed73cbSSangeeta Misra #ifndef _INET_ILB_CONN_H 28*dbed73cbSSangeeta Misra #define _INET_ILB_CONN_H 29*dbed73cbSSangeeta Misra 30*dbed73cbSSangeeta Misra #ifdef __cplusplus 31*dbed73cbSSangeeta Misra extern "C" { 32*dbed73cbSSangeeta Misra #endif 33*dbed73cbSSangeeta Misra 34*dbed73cbSSangeeta Misra struct ilb_conn_s; 35*dbed73cbSSangeeta Misra 36*dbed73cbSSangeeta Misra /* 37*dbed73cbSSangeeta Misra * Struct of the conn hash table bucket 38*dbed73cbSSangeeta Misra * 39*dbed73cbSSangeeta Misra * ilb_connp: the first conn hash entry in the bucket 40*dbed73cbSSangeeta Misra * ilb_conn_hash_lock: mutex to protect the list in the bucket 41*dbed73cbSSangeeta Misra * ilb_conn_cnt: number of conn hash entries in this bucket 42*dbed73cbSSangeeta Misra */ 43*dbed73cbSSangeeta Misra typedef struct ilb_conn_hash_s { 44*dbed73cbSSangeeta Misra struct ilb_conn_s *ilb_connp; 45*dbed73cbSSangeeta Misra kmutex_t ilb_conn_hash_lock; 46*dbed73cbSSangeeta Misra uint32_t ilb_conn_cnt; 47*dbed73cbSSangeeta Misra #if defined(_LP64) || defined(_I32LPx) 48*dbed73cbSSangeeta Misra char ilb_conn_hash_pad[44]; 49*dbed73cbSSangeeta Misra #else 50*dbed73cbSSangeeta Misra char ilb_conn_hash_pad[52]; 51*dbed73cbSSangeeta Misra #endif 52*dbed73cbSSangeeta Misra } ilb_conn_hash_t; 53*dbed73cbSSangeeta Misra 54*dbed73cbSSangeeta Misra /* 55*dbed73cbSSangeeta Misra * Extracted rule/server info for faster access without holding a reference 56*dbed73cbSSangeeta Misra * to a rule or server. 57*dbed73cbSSangeeta Misra */ 58*dbed73cbSSangeeta Misra typedef struct ilb_rule_info_s { 59*dbed73cbSSangeeta Misra ilb_topo_impl_t topo; 60*dbed73cbSSangeeta Misra ilb_nat_info_t info; 61*dbed73cbSSangeeta Misra } ilb_rule_info_t; 62*dbed73cbSSangeeta Misra 63*dbed73cbSSangeeta Misra /* Info about a TCP connection for tracking */ 64*dbed73cbSSangeeta Misra struct ilb_tcp_track { 65*dbed73cbSSangeeta Misra uint32_t ack; 66*dbed73cbSSangeeta Misra uint32_t fss; 67*dbed73cbSSangeeta Misra boolean_t fin_sent; 68*dbed73cbSSangeeta Misra boolean_t fin_acked; 69*dbed73cbSSangeeta Misra }; 70*dbed73cbSSangeeta Misra 71*dbed73cbSSangeeta Misra /* 72*dbed73cbSSangeeta Misra * Struct to store NAT info of a connection (one direction) 73*dbed73cbSSangeeta Misra * 74*dbed73cbSSangeeta Misra * conn_daddr: destination address to be matched to find this info 75*dbed73cbSSangeeta Misra * conn_saddr: source address to be matched 76*dbed73cbSSangeeta Misra * conn_dport: destination port to be matched 77*dbed73cbSSangeeta Misra * conn_sport: source port to be matched 78*dbed73cbSSangeeta Misra * conn_ip_sum: IP checksum adjustment for NAT 79*dbed73cbSSangeeta Misra * conn_tp_sum: tranport checksum adjustment for NAT 80*dbed73cbSSangeeta Misra * conn_tcp_track: TCP connection tracking info 81*dbed73cbSSangeeta Misra * conn_atime: last access time of this conn cache 82*dbed73cbSSangeeta Misra * conn_pkt_cnt: packets processed using this conn 83*dbed73cbSSangeeta Misra * conn_next: next conn info (for conn info linked list) 84*dbed73cbSSangeeta Misra * conn_prev: previous conn info (for conn info linked list) 85*dbed73cbSSangeeta Misra * conn_hash: back pointer to the conn hash table bucket 86*dbed73cbSSangeeta Misra */ 87*dbed73cbSSangeeta Misra struct ilb_conn_info { 88*dbed73cbSSangeeta Misra in6_addr_t conn_daddr; 89*dbed73cbSSangeeta Misra in6_addr_t conn_saddr; 90*dbed73cbSSangeeta Misra in_port_t conn_dport; 91*dbed73cbSSangeeta Misra in_port_t conn_sport; 92*dbed73cbSSangeeta Misra uint32_t conn_ip_sum; 93*dbed73cbSSangeeta Misra uint32_t conn_tp_sum; 94*dbed73cbSSangeeta Misra 95*dbed73cbSSangeeta Misra struct ilb_tcp_track conn_tcp_track; 96*dbed73cbSSangeeta Misra 97*dbed73cbSSangeeta Misra /* Last access time */ 98*dbed73cbSSangeeta Misra int64_t conn_atime; 99*dbed73cbSSangeeta Misra uint64_t conn_pkt_cnt; 100*dbed73cbSSangeeta Misra 101*dbed73cbSSangeeta Misra struct ilb_conn_s *conn_next; 102*dbed73cbSSangeeta Misra struct ilb_conn_s *conn_prev; 103*dbed73cbSSangeeta Misra ilb_conn_hash_t *conn_hash; 104*dbed73cbSSangeeta Misra }; 105*dbed73cbSSangeeta Misra 106*dbed73cbSSangeeta Misra /* 107*dbed73cbSSangeeta Misra * Struct (an entry in the conn hash table) to store a NAT info of a 108*dbed73cbSSangeeta Misra * connection (both directions, client to server and server to client) 109*dbed73cbSSangeeta Misra * 110*dbed73cbSSangeeta Misra * conn_l4: transport protocol used in this NAT connection 111*dbed73cbSSangeeta Misra * conn_expry: expiry time of this entry 112*dbed73cbSSangeeta Misra * conn_cr_time: creation time of this entry 113*dbed73cbSSangeeta Misra * conn_c2s: client to back end server info 114*dbed73cbSSangeeta Misra * conn_s2c_ back end server to client info 115*dbed73cbSSangeeta Misra * conn_server: pointer to the back end server structure 116*dbed73cbSSangeeta Misra * conn_rule_cache: rule information needed for this entry (copied from 117*dbed73cbSSangeeta Misra * the ilb_rule_t struct) 118*dbed73cbSSangeeta Misra * conn_sticky: pointer to the sticky info of this client, used to do 119*dbed73cbSSangeeta Misra * reference counting on the sticky info. 120*dbed73cbSSangeeta Misra * conn_gc: indicates whether this entry needs to be garbage collected 121*dbed73cbSSangeeta Misra */ 122*dbed73cbSSangeeta Misra typedef struct ilb_conn_s { 123*dbed73cbSSangeeta Misra int conn_l4; 124*dbed73cbSSangeeta Misra 125*dbed73cbSSangeeta Misra int64_t conn_expiry; 126*dbed73cbSSangeeta Misra int64_t conn_cr_time; 127*dbed73cbSSangeeta Misra 128*dbed73cbSSangeeta Misra /* Client to server, hash and check info */ 129*dbed73cbSSangeeta Misra struct ilb_conn_info conn_c2s; 130*dbed73cbSSangeeta Misra #define conn_c2s_daddr conn_c2s.conn_daddr 131*dbed73cbSSangeeta Misra #define conn_c2s_saddr conn_c2s.conn_saddr 132*dbed73cbSSangeeta Misra #define conn_c2s_dport conn_c2s.conn_dport 133*dbed73cbSSangeeta Misra #define conn_c2s_sport conn_c2s.conn_sport 134*dbed73cbSSangeeta Misra #define conn_c2s_next conn_c2s.conn_next 135*dbed73cbSSangeeta Misra #define conn_c2s_prev conn_c2s.conn_prev 136*dbed73cbSSangeeta Misra #define conn_c2s_hash conn_c2s.conn_hash 137*dbed73cbSSangeeta Misra #define conn_c2s_atime conn_c2s.conn_atime 138*dbed73cbSSangeeta Misra #define conn_c2s_pkt_cnt conn_c2s.conn_pkt_cnt 139*dbed73cbSSangeeta Misra #define conn_c2s_ip_sum conn_c2s.conn_ip_sum 140*dbed73cbSSangeeta Misra #define conn_c2s_tp_sum conn_c2s.conn_tp_sum 141*dbed73cbSSangeeta Misra #define conn_c2s_tcp_ack conn_c2s.conn_tcp_track.ack 142*dbed73cbSSangeeta Misra #define conn_c2s_tcp_fss conn_c2s.conn_tcp_track.fss 143*dbed73cbSSangeeta Misra #define conn_c2s_tcp_fin_sent conn_c2s.conn_tcp_track.fin_sent 144*dbed73cbSSangeeta Misra #define conn_c2s_tcp_fin_acked conn_c2s.conn_tcp_track.fin_acked 145*dbed73cbSSangeeta Misra 146*dbed73cbSSangeeta Misra /* Server to client, hash and check info */ 147*dbed73cbSSangeeta Misra struct ilb_conn_info conn_s2c; 148*dbed73cbSSangeeta Misra #define conn_s2c_daddr conn_s2c.conn_daddr 149*dbed73cbSSangeeta Misra #define conn_s2c_saddr conn_s2c.conn_saddr 150*dbed73cbSSangeeta Misra #define conn_s2c_dport conn_s2c.conn_dport 151*dbed73cbSSangeeta Misra #define conn_s2c_sport conn_s2c.conn_sport 152*dbed73cbSSangeeta Misra #define conn_s2c_next conn_s2c.conn_next 153*dbed73cbSSangeeta Misra #define conn_s2c_prev conn_s2c.conn_prev 154*dbed73cbSSangeeta Misra #define conn_s2c_hash conn_s2c.conn_hash 155*dbed73cbSSangeeta Misra #define conn_s2c_atime conn_s2c.conn_atime 156*dbed73cbSSangeeta Misra #define conn_s2c_pkt_cnt conn_s2c.conn_pkt_cnt 157*dbed73cbSSangeeta Misra #define conn_s2c_ip_sum conn_s2c.conn_ip_sum 158*dbed73cbSSangeeta Misra #define conn_s2c_tp_sum conn_s2c.conn_tp_sum 159*dbed73cbSSangeeta Misra #define conn_s2c_tcp_ack conn_s2c.conn_tcp_track.ack 160*dbed73cbSSangeeta Misra #define conn_s2c_tcp_fss conn_s2c.conn_tcp_track.fss 161*dbed73cbSSangeeta Misra #define conn_s2c_tcp_fin_sent conn_s2c.conn_tcp_track.fin_sent 162*dbed73cbSSangeeta Misra #define conn_s2c_tcp_fin_acked conn_s2c.conn_tcp_track.fin_acked 163*dbed73cbSSangeeta Misra 164*dbed73cbSSangeeta Misra ilb_server_t *conn_server; 165*dbed73cbSSangeeta Misra ilb_rule_info_t conn_rule_cache; 166*dbed73cbSSangeeta Misra 167*dbed73cbSSangeeta Misra /* 168*dbed73cbSSangeeta Misra * If the rule is sticky enabled, all ilb_conn_t created from this 169*dbed73cbSSangeeta Misra * rule will have conn_sticky set to the ilb_sticky_t entry. Otherwise 170*dbed73cbSSangeeta Misra * conn_sticky is NULL. 171*dbed73cbSSangeeta Misra */ 172*dbed73cbSSangeeta Misra struct ilb_sticky_s *conn_sticky; 173*dbed73cbSSangeeta Misra 174*dbed73cbSSangeeta Misra boolean_t conn_gc; 175*dbed73cbSSangeeta Misra } ilb_conn_t; 176*dbed73cbSSangeeta Misra 177*dbed73cbSSangeeta Misra /* 178*dbed73cbSSangeeta Misra * Struct of the sticky hash table bucket 179*dbed73cbSSangeeta Misra * 180*dbed73cbSSangeeta Misra * sticky_head: the sticky hash list of this bucket 181*dbed73cbSSangeeta Misra * sticky_lock: mutex to protect the list 182*dbed73cbSSangeeta Misra * sticki_cnt: number of sticky hash entries in this bucket 183*dbed73cbSSangeeta Misra */ 184*dbed73cbSSangeeta Misra typedef struct ilb_sticky_hash_s { 185*dbed73cbSSangeeta Misra list_t sticky_head; 186*dbed73cbSSangeeta Misra kmutex_t sticky_lock; 187*dbed73cbSSangeeta Misra uint32_t sticky_cnt; 188*dbed73cbSSangeeta Misra #if defined(_LP64) || defined(_I32LPx) 189*dbed73cbSSangeeta Misra char sticky_pad[20]; 190*dbed73cbSSangeeta Misra #else 191*dbed73cbSSangeeta Misra char sticky_pad[36]; 192*dbed73cbSSangeeta Misra #endif 193*dbed73cbSSangeeta Misra } ilb_sticky_hash_t; 194*dbed73cbSSangeeta Misra 195*dbed73cbSSangeeta Misra /* 196*dbed73cbSSangeeta Misra * Struct to store sticky info of a client. 197*dbed73cbSSangeeta Misra * 198*dbed73cbSSangeeta Misra * rule_instance: the rule instance for this entry, for look up purpose 199*dbed73cbSSangeeta Misra * rule_name: the rule name for this entry 200*dbed73cbSSangeeta Misra * server: the back end server for this client 201*dbed73cbSSangeeta Misra * src: the client source address 202*dbed73cbSSangeeta Misra * expire: the expiry time of this entry 203*dbed73cbSSangeeta Misra * atime: the last access time of this entry 204*dbed73cbSSangeeta Misra * nat_src_idx: the index to the NAT source array for this client 205*dbed73cbSSangeeta Misra * refcnt: reference count 206*dbed73cbSSangeeta Misra * list: linked list node 207*dbed73cbSSangeeta Misra * hash: back pointer to the sticky hash buckey of this entry 208*dbed73cbSSangeeta Misra */ 209*dbed73cbSSangeeta Misra typedef struct ilb_sticky_s { 210*dbed73cbSSangeeta Misra uint_t rule_instance; 211*dbed73cbSSangeeta Misra char rule_name[ILB_RULE_NAMESZ]; 212*dbed73cbSSangeeta Misra ilb_server_t *server; 213*dbed73cbSSangeeta Misra in6_addr_t src; 214*dbed73cbSSangeeta Misra int64_t expiry; 215*dbed73cbSSangeeta Misra int64_t atime; 216*dbed73cbSSangeeta Misra int nat_src_idx; 217*dbed73cbSSangeeta Misra 218*dbed73cbSSangeeta Misra uint32_t refcnt; 219*dbed73cbSSangeeta Misra list_node_t list; 220*dbed73cbSSangeeta Misra ilb_sticky_hash_t *hash; 221*dbed73cbSSangeeta Misra } ilb_sticky_t; 222*dbed73cbSSangeeta Misra 223*dbed73cbSSangeeta Misra extern void ilb_conn_hash_init(ilb_stack_t *); 224*dbed73cbSSangeeta Misra extern void ilb_conn_hash_fini(ilb_stack_t *); 225*dbed73cbSSangeeta Misra extern void ilb_conn_cache_fini(void); 226*dbed73cbSSangeeta Misra extern void ilb_sticky_hash_init(ilb_stack_t *); 227*dbed73cbSSangeeta Misra extern void ilb_sticky_hash_fini(ilb_stack_t *); 228*dbed73cbSSangeeta Misra extern void ilb_sticky_cache_fini(void); 229*dbed73cbSSangeeta Misra 230*dbed73cbSSangeeta Misra extern boolean_t ilb_check_conn(ilb_stack_t *, int, void *, int, void *, 231*dbed73cbSSangeeta Misra in6_addr_t *, in6_addr_t *, in_port_t, in_port_t, uint32_t, in6_addr_t *); 232*dbed73cbSSangeeta Misra extern boolean_t ilb_check_icmp_conn(ilb_stack_t *, mblk_t *, int, void *, 233*dbed73cbSSangeeta Misra void *, in6_addr_t *); 234*dbed73cbSSangeeta Misra extern int ilb_conn_add(ilb_stack_t *, ilb_rule_t *, ilb_server_t *, 235*dbed73cbSSangeeta Misra in6_addr_t *, in_port_t, in6_addr_t *, in_port_t, ilb_nat_info_t *, 236*dbed73cbSSangeeta Misra uint32_t *, uint32_t *, struct ilb_sticky_s *); 237*dbed73cbSSangeeta Misra 238*dbed73cbSSangeeta Misra extern ilb_server_t *ilb_sticky_find_add(ilb_stack_t *, ilb_rule_t *, 239*dbed73cbSSangeeta Misra in6_addr_t *, ilb_server_t *, struct ilb_sticky_s **, uint16_t *); 240*dbed73cbSSangeeta Misra void ilb_sticky_refrele(struct ilb_sticky_s *); 241*dbed73cbSSangeeta Misra 242*dbed73cbSSangeeta Misra #ifdef __cplusplus 243*dbed73cbSSangeeta Misra } 244*dbed73cbSSangeeta Misra #endif 245*dbed73cbSSangeeta Misra 246*dbed73cbSSangeeta Misra #endif /* _INET_ILB_CONN_H */ 247