1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
| | /* SPDX-License-Identifier: GPL-2.0-or-later
* Copyright Red Hat
* Author: Stefano Brivio <sbrivio@redhat.com>
* Author: David Gibson <david@gibson.dropbear.id.au>
*/
#ifndef FWD_H
#define FWD_H
#include <assert.h>
#include <stdbool.h>
#include <stddef.h>
#include <stdint.h>
#include <netinet/in.h>
#include "bitmap.h"
#include "inany.h"
#include "fwd_rule.h"
struct flowside;
/* Number of ports for both TCP and UDP */
#define NUM_PORTS (1U << 16)
void fwd_probe_ephemeral(void);
void fwd_port_map_ephemeral(uint8_t *map);
#define FWD_RULE_BITS 8
#define MAX_FWD_RULES MAX_FROM_BITS(FWD_RULE_BITS)
#define FWD_NO_HINT (-1)
/**
* struct fwd_listen_ref - information about a single listening socket
* @port: Bound port number of the socket
* @pif: pif in which the socket is listening
* @rule: Index of forwarding rule
*/
struct fwd_listen_ref {
in_port_t port;
uint8_t pif;
unsigned rule :FWD_RULE_BITS;
};
/* Maximum number of listening sockets (per pif)
*
* Rationale: This lets us listen on every port for two addresses and two
* protocols (which we need for -T auto -U auto without SO_BINDTODEVICE), plus a
* comfortable number of extras.
*/
#define MAX_LISTEN_SOCKS (NUM_PORTS * 5)
/**
* struct fwd_table - Forwarding state (per initiating pif)
* @count: Number of forwarding rules
* @rules: Array of forwarding rules
* @rulesocks: Pointers to socket arrays per-rule
* @sock_count: Number of entries used in @socks
* @socks: Listening sockets for forwarding
*/
struct fwd_table {
unsigned count;
struct fwd_rule rules[MAX_FWD_RULES];
int *rulesocks[MAX_FWD_RULES];
unsigned sock_count;
int socks[MAX_LISTEN_SOCKS];
};
#define PORT_BITMAP_SIZE DIV_ROUND_UP(NUM_PORTS, 8)
/**
* struct fwd_scan - Port scanning state for a protocol+direction
* @scan4: /proc/net fd to scan for IPv4 ports when in AUTO mode
* @scan6: /proc/net fd to scan for IPv6 ports when in AUTO mode
* @map: Bitmap describing which ports are forwarded
*/
struct fwd_scan {
int scan4;
int scan6;
uint8_t map[PORT_BITMAP_SIZE];
};
#define FWD_PORT_SCAN_INTERVAL 1000 /* ms */
void fwd_rule_init(struct ctx *c);
int fwd_rule_add(struct fwd_table *fwd, const struct fwd_rule *new);
const struct fwd_rule *fwd_rule_search(const struct fwd_table *fwd,
const struct flowside *ini,
uint8_t proto, int hint);
void fwd_scan_ports_init(struct ctx *c);
void fwd_scan_ports_timer(struct ctx * c, const struct timespec *now);
int fwd_listen_sync(const struct ctx *c, uint8_t pif,
const struct fwd_scan *tcp, const struct fwd_scan *udp);
void fwd_listen_close(const struct fwd_table *fwd);
int fwd_listen_init(const struct ctx *c);
bool nat_inbound(const struct ctx *c, const union inany_addr *addr,
union inany_addr *translated);
uint8_t fwd_nat_from_tap(const struct ctx *c, uint8_t proto,
const struct flowside *ini, struct flowside *tgt);
uint8_t fwd_nat_from_splice(const struct fwd_rule *rule, uint8_t proto,
const struct flowside *ini, struct flowside *tgt);
uint8_t fwd_nat_from_host(const struct ctx *c,
const struct fwd_rule *rule, uint8_t proto,
const struct flowside *ini, struct flowside *tgt);
void fwd_neigh_table_update(const struct ctx *c, const union inany_addr *addr,
const uint8_t *mac, bool permanent);
void fwd_neigh_table_free(const struct ctx *c,
const union inany_addr *addr);
void fwd_neigh_mac_get(const struct ctx *c, const union inany_addr *addr,
uint8_t *mac);
void fwd_neigh_table_init(const struct ctx *c);
#endif /* FWD_H */
|