121 static void nat64lsn_enqueue_job(struct nat64lsn_cfg *cfg,
123 static void nat64lsn_enqueue_jobs(struct nat64lsn_cfg *cfg,
126 static struct nat64lsn_job_item *nat64lsn_create_job(struct nat64lsn_cfg *cfg,
128 static int nat64lsn_request_portgroup(struct nat64lsn_cfg *cfg,
131 static int nat64lsn_request_host(struct nat64lsn_cfg *cfg,
133 static int nat64lsn_translate4(struct nat64lsn_cfg *cfg,
135 static int nat64lsn_translate6(struct nat64lsn_cfg *cfg,
141 static int alloc_host6(struct nat64lsn_cfg *cfg, struct nat64lsn_job_item *ji);
143 static int attach_portgroup(struct nat64lsn_cfg *cfg,
145 static int attach_host6(struct nat64lsn_cfg *cfg, struct nat64lsn_job_item *ji);
153 static unsigned int nat64lsn_periodic_chkstates(struct nat64lsn_cfg *cfg,
321 nat64lsn_translate4(struct nat64lsn_cfg *cfg, const struct ipfw_flow_id *f_id,
338 	if (addr < cfg->prefix4 || addr > cfg->pmask4) {
339 		NAT64STAT_INC(&cfg->base.stats, nomatch4);
340 		return (cfg->nomatch_verdict);
346 		NAT64STAT_INC(&cfg->base.stats, noproto);
347 		return (cfg->nomatch_verdict);
355 				NAT64STAT_INC(&cfg->base.stats, nomem);
358 			NAT64STAT_INC(&cfg->base.stats, noproto);
359 			return (cfg->nomatch_verdict);
362 		if (addr < cfg->prefix4 || addr > cfg->pmask4) {
363 			NAT64STAT_INC(&cfg->base.stats, nomatch4);
364 			return (cfg->nomatch_verdict);
369 	pg = GET_PORTGROUP(cfg, addr, nat_proto, port);
373 		NAT64STAT_INC(&cfg->base.stats, nomatch4);
376 		    _GET_PORTGROUP_IDX(cfg, addr, nat_proto, port));
378 		return (cfg->nomatch_verdict);
405 	if (cfg->base.flags & NAT64_LOG) {
411 	src6 = cfg->base.plat_prefix;
412 	nat64_embed_ip4(&src6, cfg->base.plat_plen, htonl(f_id->src_ip));
414 	    &cfg->base, logdata);
417 		return (cfg->nomatch_verdict);
426 nat64lsn_dump_state(const struct nat64lsn_cfg *cfg,
449 nat64lsn_periodic_check_tcp(const struct nat64lsn_cfg *cfg,
455 		ttl = cfg->st_close_ttl;
457 		ttl = cfg->st_estab_ttl;
459 		ttl = cfg->st_syn_ttl;
461 		ttl = cfg->st_syn_ttl;
473 nat64lsn_periodic_chkstate(const struct nat64lsn_cfg *cfg,
487 			delete = nat64lsn_periodic_check_tcp(cfg, st, age);
490 			if (age > cfg->st_udp_ttl)
494 			if (age > cfg->st_icmp_ttl)
516 st_first(const struct nat64lsn_cfg *cfg, const struct nat64lsn_host *nh,
527 	pg = PORTGROUP_BYSIDX(cfg, nh, sidx->idx);
538 st_next(const struct nat64lsn_cfg *cfg, const struct nat64lsn_host *nh,
553 	pg = PORTGROUP_BYSIDX(cfg, nh, sidx.idx);
573 nat64lsn_periodic_chkstates(struct nat64lsn_cfg *cfg, struct nat64lsn_host *nh)
582 		for (st_first(cfg, nh, &nh->phash[i], &si);
584 		    st_save_cond(&si_prev, &si), st_next(cfg, nh, &si)) {
585 			if (nat64lsn_periodic_chkstate(cfg, si.pg, si.st) == 0)
587 			nat64lsn_dump_state(cfg, si.pg, si.st, "DELETE STATE",
604 	NAT64STAT_ADD(&cfg->base.stats, sdeleted, delcount);
613 stale_pg(const struct nat64lsn_cfg *cfg, const struct nat64lsn_portgroup *pg)
618 	if (GET_AGE(pg->timestamp) < cfg->pg_delete_delay)
628 stale_nh(const struct nat64lsn_cfg *cfg, const struct nat64lsn_host *nh)
633 	if (GET_AGE(nh->timestamp) < cfg->nh_delete_delay)
639 	struct nat64lsn_cfg *cfg;
661 		    stale_nh(d->cfg, nh) ? "stale" : "non-stale", a, curcpu);
663 	if (!stale_nh(d->cfg, nh)) {
668 		if (nat64lsn_periodic_chkstates(d->cfg, nh) != 0)
673 			pg = PORTGROUP_BYSIDX(d->cfg, nh, i + 1);
678 			if (stale_pg(d->cfg, pg) == 0)
693 	ji = nat64lsn_create_job(d->cfg, NULL, JTYPE_DELPORTGROUP);
715 	struct nat64lsn_cfg *cfg;
719 	cfg = (struct nat64lsn_cfg *) data;
720 	ch = cfg->ch;
721 	CURVNET_SET(cfg->vp);
724 	d.cfg = cfg;
730 	I6HASH_FOREACH_SAFE(cfg, nh, tmp, nat64lsn_periodic_chkhost, &d);
733 	nat64lsn_enqueue_jobs(cfg, &d.jhead, d.jlen);
735 	callout_schedule(&cfg->periodic, hz * PERIODIC_DELAY);
743 reinject_mbuf(struct nat64lsn_cfg *cfg, struct nat64lsn_job_item *ji)
753 		NAT64STAT_INC(&cfg->base.stats, dropped);
763 	NAT64STAT_INC(&cfg->base.stats, jreinjected);
765 	nat64lsn_translate6(cfg, &ji->f_id, &ji->m);
812 alloc_host6(struct nat64lsn_cfg *cfg, struct nat64lsn_job_item *ji)
826 		NAT64STAT_INC(&cfg->base.stats, jportfails);
848 find_nh_pg_idx(struct nat64lsn_cfg *cfg, struct nat64lsn_host *nh, int *idx)
853 		if (PORTGROUP_BYSIDX(cfg, nh, i + 1) == NULL) {
862 attach_host6(struct nat64lsn_cfg *cfg, struct nat64lsn_job_item *ji)
867 	I6HASH_FIND(cfg, nh, &ji->haddr);
871 		I6HASH_INSERT(cfg, nh);
872 		cfg->ihcount++;
882 		if (attach_portgroup(cfg, ji) != 0) {
885 			NAT64STAT_INC(&cfg->base.stats, jportfails);
906 find_pg_place_addr(const struct nat64lsn_cfg *cfg, int addr_off,
915 		if (cfg->pg[pg_idx + j] != NULL)
935 find_portgroup_place(struct nat64lsn_cfg *cfg, struct nat64lsn_job_item *ji,
948 		i = ntohl(ji->aaddr) - cfg->prefix4;
949 		if (find_pg_place_addr(cfg, i, nat_proto, aport,
952 			*aaddr = htonl(cfg->prefix4 + i);
958 	i = ji->fhash % (1 << (32 - cfg->plen4));
959 	if (find_pg_place_addr(cfg, i, nat_proto, aport, ppg_idx) != 0) {
961 		*aaddr = htonl(cfg->prefix4 + i);
967 	for (i = 0; i < (1 << (32 - cfg->plen4)); i++) {
968 		if (find_pg_place_addr(cfg, i, nat_proto, aport,
971 			*aaddr = htonl(cfg->prefix4 + i);
980 attach_portgroup(struct nat64lsn_cfg *cfg, struct nat64lsn_job_item *ji)
995 	I6HASH_FIND(cfg, nh, &ji->haddr);
1000 	if (find_portgroup_place(cfg, ji, &aaddr, &aport, &pg_idx) != 0) {
1007 	if (nh->pg_allocated < cfg->max_chunks && ji->spare_idx != NULL) {
1015 	if (find_nh_pg_idx(cfg, nh, &nh_pg_idx) != 0) {
1022 	cfg->pg[pg_idx] = pg;
1023 	cfg->protochunks[pg->nat_proto]++;
1024 	NAT64STAT_INC(&cfg->base.stats, spgcreated);
1032 	PORTGROUP_BYSIDX(cfg, nh, nh_pg_idx + 1) = pg;
1044 consider_del_portgroup(struct nat64lsn_cfg *cfg, struct nat64lsn_job_item *ji)
1051 	I6HASH_FIND(cfg, nh, &ji->haddr);
1063 		pg = PORTGROUP_BYSIDX(cfg, nh, i + 1);
1066 		if (stale_pg(cfg, pg) == 0)
1071 		PORTGROUP_BYSIDX(cfg, nh, i + 1) = NULL;
1073 		idx = _GET_PORTGROUP_IDX(cfg, ntohl(pg->aaddr), pg->nat_proto,
1075 		KASSERT(cfg->pg[idx] == pg, ("Non matched pg"));
1076 		cfg->pg[idx] = NULL;
1077 		cfg->protochunks[pg->nat_proto]--;
1078 		NAT64STAT_INC(&cfg->base.stats, spgdeleted);
1082 		    PORTGROUP_BYSIDX(cfg, nh, nh->pg_used) == NULL)
1092 	if (stale_nh(cfg, nh)) {
1093 		I6HASH_REMOVE(cfg, nh, nh_tmp, &ji->haddr);
1095 		cfg->ihcount--;
1097 		I6HASH_FIND(cfg, nh, &ji->haddr);
1104 		NAT64STAT_INC(&cfg->base.stats, spgdeleted);
1121 	struct nat64lsn_cfg *cfg = (struct nat64lsn_cfg *) data;
1125 	CURVNET_SET(cfg->vp);
1131 	ch = cfg->ch;
1137 	TAILQ_SWAP(&jhead, &cfg->jhead, nat64lsn_job_item, next);
1138 	jcount = cfg->jlen;
1139 	cfg->jlen = 0;
1144 	if (cfg->ihcount > cfg->ihsize && cfg->ihsize < 65536) {
1145 		nhsize = cfg->ihsize;
1146 		for ( ; cfg->ihcount > nhsize && nhsize < 65536; nhsize *= 2)
1148 	} else if (cfg->ihcount < cfg->ihsize * 4) {
1149 		nhsize = cfg->ihsize;
1150 		for ( ; cfg->ihcount < nhsize * 4 && nhsize > 32; nhsize /= 2)
1161 	NAT64STAT_INC(&cfg->base.stats, jcalls);
1177 				if (alloc_host6(cfg, ji) != 0)
1178 					NAT64STAT_INC(&cfg->base.stats,
1183 					NAT64STAT_INC(&cfg->base.stats,
1210 					attach_host6(cfg, ji);
1214 				    attach_portgroup(cfg, ji) != 0)
1215 					NAT64STAT_INC(&cfg->base.stats,
1219 				consider_del_portgroup(cfg, ji);
1240 			reinject_mbuf(cfg, ji);
1249 nat64lsn_create_job(struct nat64lsn_cfg *cfg, const struct ipfw_flow_id *f_id,
1260 	if (cfg->jlen >= cfg->jmaxlen) {
1261 		NAT64STAT_INC(&cfg->base.stats, jmaxlen);
1282 		NAT64STAT_INC(&cfg->base.stats, jnomem);
1298 nat64lsn_enqueue_job(struct nat64lsn_cfg *cfg, struct nat64lsn_job_item *ji)
1305 	TAILQ_INSERT_TAIL(&cfg->jhead, ji, next);
1306 	cfg->jlen++;
1307 	NAT64STAT_INC(&cfg->base.stats, jrequests);
1309 	if (callout_pending(&cfg->jcallout) == 0)
1310 		callout_reset(&cfg->jcallout, 1, nat64lsn_do_request, cfg);
1315 nat64lsn_enqueue_jobs(struct nat64lsn_cfg *cfg,
1324 	TAILQ_CONCAT(&cfg->jhead, jhead, next);
1325 	cfg->jlen += jlen;
1326 	NAT64STAT_ADD(&cfg->base.stats, jrequests, jlen);
1328 	if (callout_pending(&cfg->jcallout) == 0)
1329 		callout_reset(&cfg->jcallout, 1, nat64lsn_do_request, cfg);
1347 nat64lsn_request_host(struct nat64lsn_cfg *cfg,
1356 	ji = nat64lsn_create_job(cfg, f_id, JTYPE_NEWHOST);
1359 		NAT64STAT_INC(&cfg->base.stats, dropped);
1365 		nat64lsn_enqueue_job(cfg, ji);
1366 		NAT64STAT_INC(&cfg->base.stats, jhostsreq);
1373 nat64lsn_request_portgroup(struct nat64lsn_cfg *cfg,
1383 	ji = nat64lsn_create_job(cfg, f_id, JTYPE_NEWPORTGROUP);
1386 		NAT64STAT_INC(&cfg->base.stats, dropped);
1394 		nat64lsn_enqueue_job(cfg, ji);
1395 		NAT64STAT_INC(&cfg->base.stats, jportreq);
1402 nat64lsn_create_state(struct nat64lsn_cfg *cfg, struct nat64lsn_host *nh,
1411 		pg = PORTGROUP_BYSIDX(cfg, nh, i + 1);
1439 			nat64lsn_dump_state(cfg, pg, st, "ALLOC STATE", off);
1441 			NAT64STAT_INC(&cfg->base.stats, screated);
1453 nat64lsn_translate6(struct nat64lsn_cfg *cfg, struct ipfw_flow_id *f_id,
1475 		NAT64STAT_INC(&cfg->base.stats, noproto);
1480 	I6HASH_FIND(cfg, nh, &f_id->src_ip6);
1483 		return (nat64lsn_request_host(cfg, f_id, pm));
1487 	    cfg->base.plat_plen);
1489 	    nat64_check_private_ip4(&cfg->base, kst.u.s.faddr) != 0) {
1490 		NAT64STAT_INC(&cfg->base.stats, dropped);
1500 		NAT64STAT_INC(&cfg->base.stats, dropped);
1528 		pg = PORTGROUP_BYSIDX(cfg, nh, sidx.idx);
1547 		st = nat64lsn_create_state(cfg, nh, nat_proto, &kst, &aaddr);
1550 			if (nh->pg_used >= cfg->max_chunks) {
1558 				    cfg->max_chunks * NAT64_CHUNK_SIZE);
1560 				NAT64STAT_INC(&cfg->base.stats, dropped);
1565 			    nh->pg_allocated < cfg->max_chunks)
1571 			return (nat64lsn_request_portgroup(cfg, f_id,
1577 		pg = PORTGROUP_BYSIDX(cfg, nh, sidx.idx);
1594 	if (cfg->base.flags & NAT64_LOG) {
1600 	action = nat64_do_handle_ip6(*pm, aaddr, aport, &cfg->base, logdata);
1602 		return (cfg->nomatch_verdict);
1619 	struct nat64lsn_cfg *cfg;
1629 	    (cfg = NAT64_LOOKUP(ch, icmd)) == NULL)
1634 		ret = nat64lsn_translate4(cfg, &args->f_id, &args->m);
1637 		ret = nat64lsn_translate6(cfg, &args->f_id, &args->m);
1640 		return (cfg->nomatch_verdict);
1703 nat64lsn_start_instance(struct nat64lsn_cfg *cfg)
1706 	callout_reset(&cfg->periodic, hz * PERIODIC_DELAY,
1707 	    nat64lsn_periodic, cfg);
1713 	struct nat64lsn_cfg *cfg;
1715 	cfg = malloc(sizeof(struct nat64lsn_cfg), M_IPFW, M_WAITOK | M_ZERO);
1716 	TAILQ_INIT(&cfg->jhead);
1717 	cfg->vp = curvnet;
1718 	cfg->ch = ch;
1719 	COUNTER_ARRAY_ALLOC(cfg->base.stats.cnt, NAT64STATS, M_WAITOK);
1721 	cfg->ihsize = NAT64LSN_HSIZE;
1722 	cfg->ih = malloc(sizeof(void *) * cfg->ihsize, M_IPFW,
1725 	cfg->pg = malloc(sizeof(void *) * numaddr * _ADDR_PG_COUNT, M_IPFW,
1728         callout_init(&cfg->periodic, CALLOUT_MPSAFE);
1729         callout_init(&cfg->jcallout, CALLOUT_MPSAFE);
1731 	return (cfg);
1740 nat64lsn_destroy_host(struct nat64lsn_host *nh, struct nat64lsn_cfg *cfg)
1746 		pg = PORTGROUP_BYSIDX(cfg, nh, i);
1749 		cfg->pg[pg->idx] = NULL;
1754 	cfg->ihcount--;
1759 nat64lsn_destroy_instance(struct nat64lsn_cfg *cfg)
1763 	callout_drain(&cfg->jcallout);
1764 	callout_drain(&cfg->periodic);
1765 	I6HASH_FOREACH_SAFE(cfg, nh, tmp, nat64lsn_destroy_host, cfg);
1766 	DPRINTF(DP_OBJ, "instance %s: hosts %d", cfg->name, cfg->ihcount);
1768 	COUNTER_ARRAY_FREE(cfg->base.stats.cnt, NAT64STATS);
1769 	free(cfg->ih, M_IPFW);
1770 	free(cfg->pg, M_IPFW);
1771 	free(cfg, M_IPFW);

Indexes created Thu May 02 11:06:28 MDT 2024