add nat events callbacks

alexk99 · alexk99 · commit 0eeff2e5f7e4 · 2019-07-17T21:41:17.000+03:00
diff --git a/src/kern/npf_conn.c b/src/kern/npf_conn.c
@@ -508,6 +508,18 @@ npf_conn_destroy(npf_t *npf, npf_conn_t *con)
 	if (con->c_nat) {
 		/* Release any NAT structures. */
 		npf_nat_destroy(con->c_nat);
+
+		/* NAT events: execute destroy ipv4 translation callback */
+		if (alen == NPF_IPV4_ALEN &&
+				  npf->nat_events_opts.ipv4_destroy_translation != NULL)
+			npf->nat_events_opts.ipv4_destroy_translation(
+					  npf_conn_key_get_proto(key),
+					  npf_conn_key_ipv4_get_src_addr(key),
+					  npf_conn_key_ipv4_get_src_id(key),
+					  npf_conn_key_ipv4_get_dst_addr(key),
+					  npf_conn_key_ipv4_get_dst_id(key),
+					  npf_nat_gettrans_addr(con->c_nat)->word32[0],
+					  (uint16_t)npf_nat_gettrans_port(con->c_nat));
 	}
 	if (con->c_rproc) {
 		/* Release the rule procedure. */
@@ -543,6 +555,7 @@ npf_conn_setnat(const npf_cache_t *npc, npf_conn_t *con,
 	npf_conn_t *ret __diagused;
 	npf_addr_t *taddr;
 	in_port_t tport;
+	unsigned alen;
 
 	KASSERT(con->c_refcnt > 0);
 
@@ -572,7 +585,8 @@ npf_conn_setnat(const npf_cache_t *npc, npf_conn_t *con,
 
 	/* Remove the "backwards" key. */
 	fw = npf_conn_getforwkey(con);
-	bk = npf_conn_getbackkey(con, NPF_CONNKEY_ALEN(fw));
+	alen = NPF_CONNKEY_ALEN(fw);
+	bk = npf_conn_getbackkey(con, alen);
 	ret = npf_conndb_remove(npf->conn_db, bk);
 	KASSERT(ret == con);
 
@@ -598,6 +612,19 @@ npf_conn_setnat(const npf_cache_t *npc, npf_conn_t *con,
 	/* Associate the NAT entry and release the lock. */
 	con->c_nat = nt;
 	mutex_exit(&con->c_lock);
+
+	/* NAT events: execute create ipv4 translation callback */
+	if (alen == NPF_IPV4_ALEN &&
+			  npf->nat_events_opts.ipv4_create_translation != NULL)
+		npf->nat_events_opts.ipv4_create_translation(
+				  npf_conn_key_get_proto(fw),
+				  npf_conn_key_ipv4_get_src_addr(fw),
+				  npf_conn_key_ipv4_get_src_id(fw),
+				  npf_conn_key_ipv4_get_dst_addr(fw),
+				  npf_conn_key_ipv4_get_dst_id(fw),
+				  npf_nat_gettrans_addr(con->c_nat)->word32[0],
+				  (uint16_t)npf_nat_gettrans_port(con->c_nat));
+
 	return 0;
 }
 
diff --git a/src/kern/npf_conn.h b/src/kern/npf_conn.h
@@ -103,6 +103,9 @@ struct npf_conn {
 #define	NPF_CONNKEY_ALEN(key)	((key)->ck_key[0] & 0xffff)
 #define	NPF_CONNKEY_LEN(key)	(8 + (NPF_CONNKEY_ALEN(key) * 2))
 
+#define	NPF_IPV4_ALEN 4
+#define	NPF_IPV6_ALEN 16
+
 struct npf_connkey {
 	/* Warning: ck_key has a variable length -- see above. */
 	uint32_t		ck_key[NPF_CONNKEY_MAXWORDS];
@@ -114,6 +117,12 @@ npf_connkey_t *	npf_conn_getbackkey(npf_conn_t *, unsigned);
 void		npf_conn_adjkey(npf_connkey_t *, const npf_addr_t *,
 		    const uint16_t, const int);
 
+uint16_t	npf_conn_key_get_proto(const npf_connkey_t *);
+uint16_t	npf_conn_key_ipv4_get_src_id(const npf_connkey_t *);
+uint16_t	npf_conn_key_ipv4_get_dst_id(const npf_connkey_t *);
+uint32_t	npf_conn_key_ipv4_get_src_addr(const npf_connkey_t *);
+uint32_t	npf_conn_key_ipv4_get_dst_addr(const npf_connkey_t *);
+
 unsigned	npf_connkey_import(const nvlist_t *, npf_connkey_t *);
 nvlist_t *	npf_connkey_export(const npf_connkey_t *);
 void		npf_connkey_print(const npf_connkey_t *);
diff --git a/src/kern/npf_connkey.c b/src/kern/npf_connkey.c
@@ -66,6 +66,36 @@ __KERNEL_RCSID(0, "$NetBSD$");
 #include "npf_conn.h"
 #include "npf_impl.h"
 
+uint16_t
+npf_conn_key_get_proto(const npf_connkey_t *key)
+{
+	return (uint16_t) (key->ck_key[0] >> 16);
+}
+
+uint16_t
+npf_conn_key_ipv4_get_src_id(const npf_connkey_t *key)
+{
+	return (uint16_t) (key->ck_key[1] >> 16);
+}
+
+uint16_t
+npf_conn_key_ipv4_get_dst_id(const npf_connkey_t *key)
+{
+	return (uint16_t) (key->ck_key[1] & 0xFFFF);
+}
+
+uint32_t
+npf_conn_key_ipv4_get_src_addr(const npf_connkey_t *key)
+{
+	return key->ck_key[2];
+}
+
+uint32_t
+npf_conn_key_ipv4_get_dst_addr(const npf_connkey_t *key)
+{
+	return key->ck_key[3];
+}
+
 static inline unsigned
 connkey_setkey(npf_connkey_t *key, uint16_t proto, const void *ipv,
     const uint16_t *id, unsigned alen, bool forw)
diff --git a/src/kern/npf_impl.h b/src/kern/npf_impl.h
@@ -202,7 +202,7 @@ struct npf {
 	/* BPF byte-code context. */
 	bpf_ctx_t *		bpfctx;
 	const npf_mbufops_t *	mbufops;
-
+	
 	/* Parameters. */
 	npf_paraminfo_t *	paraminfo;
 	void *			params[NPF_PARAMS_COUNT];
@@ -237,6 +237,9 @@ struct npf {
 
 	/* Statistics. */
 	percpu_t *		stats_percpu;
+	
+	/* NAT events callbacks */
+	npf_nat_events_ops_t nat_events_opts;	
 };
 
 /*
@@ -481,6 +484,8 @@ int		npf_do_nat(npf_cache_t *, npf_conn_t *, const int);
 void		npf_nat_destroy(npf_nat_t *);
 void		npf_nat_getorig(npf_nat_t *, npf_addr_t **, in_port_t *);
 void		npf_nat_gettrans(npf_nat_t *, npf_addr_t **, in_port_t *);
+const npf_addr_t *	npf_nat_gettrans_addr(const npf_nat_t *);
+in_port_t	npf_nat_gettrans_port(const npf_nat_t *);
 void		npf_nat_setalg(npf_nat_t *, npf_alg_t *, uintptr_t);
 
 void		npf_nat_export(nvlist_t *, npf_nat_t *);
diff --git a/src/kern/npf_nat.c b/src/kern/npf_nat.c
@@ -709,6 +709,18 @@ npf_nat_gettrans(npf_nat_t *nt, npf_addr_t **addr, in_port_t *port)
 	*port = nt->nt_tport;
 }
 
+const npf_addr_t *
+npf_nat_gettrans_addr(const npf_nat_t *nt)
+{
+	return &nt->nt_taddr;
+}
+
+in_port_t
+npf_nat_gettrans_port(const npf_nat_t *nt)
+{
+	return nt->nt_tport;
+}
+
 /*
  * npf_nat_getorig: return original IP address and port from translation entry.
  */
@@ -839,3 +851,17 @@ npf_nat_dump(const npf_nat_t *nt)
 }
 
 #endif
+
+__dso_public void
+npf_nat_events_set_create_ipv4_translation_cb(npf_t *npf,
+	npf_nat_event_ipv4_create_translation_t cb)
+{
+	npf->nat_events_opts.ipv4_create_translation = cb;
+}
+
+__dso_public void
+npf_nat_events_set_destroy_ipv4_translation_cb(npf_t *npf,
+	npf_nat_event_ipv4_destroy_translation_t cb)
+{
+	npf->nat_events_opts.ipv4_destroy_translation = cb;
+}
diff --git a/src/kern/npfkern.h b/src/kern/npfkern.h
@@ -61,6 +61,20 @@ typedef struct {
 	bool		(*ensure_writable)(struct mbuf **, size_t);
 } npf_mbufops_t;
 
+/* NAT event callbacks */
+typedef void (*npf_nat_event_ipv4_create_translation_t) (uint16_t proto, 
+		  uint32_t src, uint16_t src_id, uint32_t dst, uint16_t dst_id,
+		  uint32_t tsrc, uint16_t tsrc_id);
+
+typedef void (*npf_nat_event_ipv4_destroy_translation_t) (uint16_t proto, 
+		  uint32_t src, uint16_t src_id, uint32_t dst, uint16_t dst_id,
+		  uint32_t tsrc, uint16_t tsrc_id);
+
+typedef struct {
+	npf_nat_event_ipv4_create_translation_t ipv4_create_translation;
+	npf_nat_event_ipv4_destroy_translation_t ipv4_destroy_translation;
+} npf_nat_events_ops_t;
+
 int	npf_sysinit(unsigned);
 void	npf_sysfini(void);
 
@@ -86,4 +100,10 @@ void	npf_stats_clear(npf_t *);
 int	npf_alg_icmp_init(npf_t *);
 int	npf_alg_icmp_fini(npf_t *);
 
+/* NAT events callbacks */
+void	npf_nat_events_set_create_ipv4_translation_cb(npf_t *,
+		  npf_nat_event_ipv4_create_translation_t);
+void	npf_nat_events_set_destroy_ipv4_translation_cb(npf_t *,
+	npf_nat_event_ipv4_destroy_translation_t);
+
 #endif
