ipclassifier.h revision 3344d7501f5a54d4cb5703f67648ea334c1cec6a
/*
* CDDL HEADER START
*
* The contents of this file are subject to the terms of the
* Common Development and Distribution License (the "License").
* You may not use this file except in compliance with the License.
*
* You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
* See the License for the specific language governing permissions
* and limitations under the License.
*
* When distributing Covered Code, include this CDDL HEADER in each
* file and include the License file at usr/src/OPENSOLARIS.LICENSE.
* If applicable, add the following below this CDDL HEADER, with the
* fields enclosed by brackets "[]" replaced with your own identifying
* information: Portions Copyright [yyyy] [name of copyright owner]
*
* CDDL HEADER END
*/
/*
* Copyright 2010 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
#ifndef _INET_IPCLASSIFIER_H
#define _INET_IPCLASSIFIER_H
#ifdef __cplusplus
extern "C" {
#endif
#include <sys/socket_proto.h>
struct icmph_s;
struct icmp6_hdr;
struct icmp6_hdr *, ip_recv_attr_t *);
/*
* ==============================
* = The CONNECTION =
* ==============================
*/
/*
* The connection structure contains the common information/flags/ref needed.
* Implementation will keep the connection struct, the layers (with their
* respective data for event i.e. tcp_t if event was tcp_input_data) all in one
* contiguous memory location.
*/
/* Conn Flags */
/* Unused 0x00020000 */
/* Unused 0x00040000 */
/* Unused 0x00100000 */
/* Unused 0x00200000 */
/* Unused 0x00400000 */
/* Unused 0x01000000 */
/* Unused 0x02000000 */
/* Unused 0x04000000 */
/* Unused 0x08000000 */
/* Unused 0x10000000 */
/* Unused 0x20000000 */
/* Flags identifying the type of conn */
/* Unused 0x00000040 */
/* Unused 0x10000000 */
#define IPCL_REMOVED 0x00000100
#define IPCL_REUSED 0x00000200
#define IPCL_IS_CONNECTED(connp) \
#define IPCL_IS_BOUND(connp) \
/*
* Can't use conn_proto since we need to tell difference
* between a real TCP socket and a SOCK_RAW, IPPROTO_TCP.
*/
#define IPCL_IS_TCP(connp) \
#define IPCL_IS_SCTP(connp) \
#define IPCL_IS_UDP(connp) \
#define IPCL_IS_RAWIP(connp) \
#define IPCL_IS_RTS(connp) \
#define IPCL_IS_IPTUN(connp) \
typedef struct
{
int ctb_depth;
#define CONN_STACK_DEPTH 15
} conn_trace_t;
typedef struct ip_helper_minor_info_s {
/*
* ip helper stream info
*/
typedef struct ip_helper_stream_info_s {
/*
* Mandatory Access Control mode, in conn_t's conn_mac_mode field.
* CONN_MAC_DEFAULT: strict enforcement of MAC.
* CONN_MAC_AWARE: allows communications between unlabeled systems
* and privileged daemons
* CONN_MAC_IMPLICIT: allows communications without explicit labels
* on the wire with privileged daemons.
*
* CONN_MAC_IMPLICIT is intended specifically for labeled IPsec key management
* in networks which don't pass CIPSO-labeled packets.
*/
#define CONN_MAC_DEFAULT 0
#define CONN_MAC_AWARE 1
#define CONN_MAC_IMPLICIT 2
/*
* conn receive ancillary definition.
*
* These are the set of socket options that make the receive side
* potentially pass up ancillary data items.
* We have a union with an integer so that we can quickly check whether
* any ancillary data items need to be added.
*/
typedef struct crb_s {
union {
struct {
} crbb;
} crbu;
} crb_t;
/*
* The initial fields in the conn_t are setup by the kmem_cache constructor,
* and are preserved when it is freed. Fields after that are bzero'ed when
* the conn_t is freed.
*
* Much of the conn_t is protected by conn_lock.
*
* conn_lock is also used by some ULPs (like UDP and RAWIP) to protect
* their state.
*/
struct conn_s {
union {
void *cp_priv;
/* Fields after this are bzero'ed when the conn_t is freed. */
#define conn_start_clr conn_recv_ancillary
/* Options for receive-side ancillary data */
int conn_lingertime; /* linger time (in seconds) */
unsigned int
conn_pad_to_bit_31 : 12;
struct {
union {
/* Used for classifier match performance */
struct {
} connu_ports;
} u_port;
int conn_rtaware; /* RT_AWARE sockopt value */
unsigned int
conn_spare : 23;
/*
* IP format that packets received for this struct should use.
* Value can be IP4_VERSION or IPV6_VERSION.
* The sending version is encoded using IXAF_IS_IPV4.
*/
/* Written to only once at the time of opening the endpoint */
/*
* The most recent address for sendto. Initially set to zero
* which is always different than then the destination address
* since the send interprets zero as the loopback address.
*/
/*
* When we are not connected conn_saddr might be unspecified.
* We track the source that was used with conn_v6lastdst here.
*/
/* Templates for transmitting packets */
/*
* Header template - conn_ht_ulp is a pointer into conn_ht_iphc.
* Note that ixa_ip_hdr_length indicates the offset of ht_ulp in
* ht_iphc
*
* The header template is maintained for connected endpoints (and
* updated when sticky options are changed) and also for the lastdst.
* There is no conflict between those usages since SOCK_DGRAM and
* SOCK_RAW can not be used to specify a destination address (with
*/
/* Checksum to compensate for source routed packets. Host byte order */
#ifdef CONN_DEBUG
#define CONN_TRACE_MAX 10
int conn_trace_last; /* ndx of last used tracebuf */
#endif
};
/*
* connf_t - connection fanout data.
*
* The hash tables and their linkage (conn_t.{hashnextp, hashprevp} are
* protected by the per-bucket lock. Each conn_t inserted in the list
* points back at the connf_t that heads the bucket.
*/
struct connf_s {
struct conn_s *connf_head;
};
#define CONN_INC_REF(connp) { \
}
#define CONN_INC_REF_LOCKED(connp) { \
}
#define CONN_DEC_REF(connp) { \
/* \
* The squeue framework always does a CONN_DEC_REF after return \
* from TCP. Hence the refcnt must be at least 2 if conn_on_sqp \
* is B_TRUE and conn_ref is being decremented. This is to \
* account for the mblk being currently processed. \
*/ \
/* Refcnt can't increase again, safe to drop lock */ \
} else { \
} \
}
/*
* For use with subsystems within ip which use ALL_ZONES as a wildcard
*/
#define IPCL_ZONEID(connp) \
/*
* For matching between a conn_t and a zoneid.
*/
(((connp)->conn_allzones) || \
/*
* On a labeled system, we must treat bindings to ports
* on shared IP addresses by sockets with MAC exemption
* privilege as being in all zones, as there's
* otherwise no way to identify the right receiver.
*/
#define _IPCL_V4_MATCH_ANY(addr) \
/*
* IPCL_PROTO_MATCH() and IPCL_PROTO_MATCH_V6() only matches conns with
* the specified ira_zoneid or conn_allzones by calling conn_wantpacket.
*/
!(connp)->conn_ipv6_v6only)
!(connp)->conn_ipv6_v6only)
/*
* We compare conn_laddr since it captures both connected and a bind to
* a multicast or broadcast address.
* The caller needs to match the zoneid and also call conn_wantpacket
* for multicast, broadcast, or when conn_incoming_ifindex is set.
*/
!(connp)->conn_ipv6_v6only)
/*
* We compare conn_laddr since it captures both connected and a bind to
* a multicast or broadcast address.
* The caller needs to match the zoneid and also call conn_wantpacket_v6
* for multicast or when conn_incoming_ifindex is set.
*/
#define CONN_G_HASH_SIZE 1024
/* Raw socket hash function. */
/*
* This is similar to IPCL_BIND_MATCH except that the local port check
* is changed to a wildcard port check.
* We compare conn_laddr since it captures both connected and a bind to
* a multicast or broadcast address.
*/
(connp)->conn_lport == 0 && \
(connp)->conn_lport == 0 && \
/* Function prototypes */
extern void ipcl_g_init(void);
extern void ipcl_init(ip_stack_t *);
extern void ipcl_g_destroy(void);
extern void ipcl_destroy(ip_stack_t *);
extern void ipcl_conn_destroy(conn_t *);
void ipcl_hash_remove(conn_t *);
extern int ipcl_bind_insert(conn_t *);
extern int ipcl_bind_insert_v4(conn_t *);
extern int ipcl_bind_insert_v6(conn_t *);
extern int ipcl_conn_insert(conn_t *);
extern int ipcl_conn_insert_v4(conn_t *);
extern int ipcl_conn_insert_v6(conn_t *);
ip_stack_t *);
ip_stack_t *);
void ipcl_globalhash_insert(conn_t *);
void ipcl_globalhash_remove(conn_t *);
ip_stack_t *);
ip_stack_t *);
int conn_trace_ref(conn_t *);
int conn_untrace_ref(conn_t *);
void ipcl_conn_cleanup(conn_t *);
ip_stack_t *);
ip_stack_t *);
extern void ip_free_helper_stream(conn_t *);
#ifdef __cplusplus
}
#endif
#endif /* _INET_IPCLASSIFIER_H */