1 /*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21
22 /*
23 * Copyright 2009 Sun Microsystems, Inc. All rights reserved.
24 * Use is subject to license terms.
25 */
26
27 /*
28 * Copyright (c) 2016, Joyent, Inc. All rights reserved.
29 */
30
31 #ifndef _SYS_NETSTACK_H
32 #define _SYS_NETSTACK_H
33
34 #include <sys/kstat.h>
35 #include <sys/cred.h>
36 #include <sys/mutex.h>
37
38 #ifdef __cplusplus
39 extern "C" {
40 #endif
41
42 /*
43 * This allows various pieces in and around IP to have a separate instance
44 * for each instance of IP. This is used to support zones that have an
45 * exclusive stack.
46 * Pieces of software far removed from IP (e.g., kernel software
47 * sitting on top of TCP or UDP) probably should not use the netstack
48 * support; if such software wants to support separate zones it
49 * can do that using the zones framework (zone_key_create() etc)
50 * whether there is a shared IP stack or and exclusive IP stack underneath.
51 */
52
53 /*
54 * Each netstack has an identifier. We reuse the zoneid allocation for
55 * this but have a separate typedef. Thus the shared stack (used by
56 * the global zone and other shared stack zones) have a zero ID, and
57 * the exclusive stacks have a netstackid that is the same as their zoneid.
58 */
59 typedef id_t netstackid_t;
60
61 #define GLOBAL_NETSTACKID 0
62
63 /*
64 * One for each module which uses netstack support.
65 * Used in netstack_register().
66 *
67 * The order of these is important for some modules both for
68 * the creation (which done in ascending order) and destruction (which is
69 * done in in decending order).
70 */
71 #define NS_ALL -1 /* Match all */
72 #define NS_DLS 0
73 #define NS_IPTUN 1
74 #define NS_STR 2 /* autopush list etc */
75 #define NS_HOOK 3
76 #define NS_NETI 4
77 #define NS_ARP 5
78 #define NS_IP 6
79 #define NS_ICMP 7
80 #define NS_UDP 8
81 #define NS_TCP 9
82 #define NS_SCTP 10
83 #define NS_RTS 11
84 #define NS_IPSEC 12
85 #define NS_KEYSOCK 13
86 #define NS_SPDSOCK 14
87 #define NS_IPSECAH 15
88 #define NS_IPSECESP 16
89 #define NS_IPNET 17
90 #define NS_ILB 18
91 #define NS_MAX (NS_ILB+1)
92
93 /*
94 * State maintained for each module which tracks the state of
95 * the create, shutdown and destroy callbacks.
96 *
97 * Keeps track of pending actions to avoid holding locks when
98 * calling into the create/shutdown/destroy functions in the module.
99 */
100 #ifdef _KERNEL
101 typedef struct {
102 uint16_t nms_flags;
103 kcondvar_t nms_cv;
104 } nm_state_t;
105
106 /*
107 * nms_flags
108 */
109 #define NSS_CREATE_NEEDED 0x0001
110 #define NSS_CREATE_INPROGRESS 0x0002
111 #define NSS_CREATE_COMPLETED 0x0004
112 #define NSS_SHUTDOWN_NEEDED 0x0010
113 #define NSS_SHUTDOWN_INPROGRESS 0x0020
114 #define NSS_SHUTDOWN_COMPLETED 0x0040
115 #define NSS_DESTROY_NEEDED 0x0100
116 #define NSS_DESTROY_INPROGRESS 0x0200
117 #define NSS_DESTROY_COMPLETED 0x0400
118
119 #define NSS_CREATE_ALL \
120 (NSS_CREATE_NEEDED|NSS_CREATE_INPROGRESS|NSS_CREATE_COMPLETED)
121 #define NSS_SHUTDOWN_ALL \
122 (NSS_SHUTDOWN_NEEDED|NSS_SHUTDOWN_INPROGRESS|NSS_SHUTDOWN_COMPLETED)
123 #define NSS_DESTROY_ALL \
124 (NSS_DESTROY_NEEDED|NSS_DESTROY_INPROGRESS|NSS_DESTROY_COMPLETED)
125
126 #define NSS_ALL_INPROGRESS \
127 (NSS_CREATE_INPROGRESS|NSS_SHUTDOWN_INPROGRESS|NSS_DESTROY_INPROGRESS)
128 #else
129 /* User-level compile like IP Filter needs a netstack_t. Dummy */
130 typedef uint_t nm_state_t;
131 #endif /* _KERNEL */
132
133 /*
134 * One for every netstack in the system.
135 * We use a union so that the compilar and lint can provide type checking -
136 * in principle we could have
137 * #define netstack_arp netstack_modules[NS_ARP]
138 * etc, but that would imply void * types hence no type checking by the
139 * compiler.
140 *
141 * All the fields in netstack_t except netstack_next are protected by
142 * netstack_lock. netstack_next is protected by netstack_g_lock.
143 */
144 struct netstack {
145 union {
146 void *nu_modules[NS_MAX];
147 struct {
148 struct dls_stack *nu_dls;
149 struct iptun_stack *nu_iptun;
150 struct str_stack *nu_str;
151 struct hook_stack *nu_hook;
152 struct neti_stack *nu_neti;
153 struct arp_stack *nu_arp;
154 struct ip_stack *nu_ip;
155 struct icmp_stack *nu_icmp;
156 struct udp_stack *nu_udp;
157 struct tcp_stack *nu_tcp;
158 struct sctp_stack *nu_sctp;
159 struct rts_stack *nu_rts;
160 struct ipsec_stack *nu_ipsec;
161 struct keysock_stack *nu_keysock;
162 struct spd_stack *nu_spdsock;
163 struct ipsecah_stack *nu_ipsecah;
164 struct ipsecesp_stack *nu_ipsecesp;
165 struct ipnet_stack *nu_ipnet;
166 struct ilb_stack *nu_ilb;
167 } nu_s;
168 } netstack_u;
169 #define netstack_modules netstack_u.nu_modules
170 #define netstack_dls netstack_u.nu_s.nu_dls
171 #define netstack_iptun netstack_u.nu_s.nu_iptun
172 #define netstack_str netstack_u.nu_s.nu_str
173 #define netstack_hook netstack_u.nu_s.nu_hook
174 #define netstack_neti netstack_u.nu_s.nu_neti
175 #define netstack_arp netstack_u.nu_s.nu_arp
176 #define netstack_ip netstack_u.nu_s.nu_ip
177 #define netstack_icmp netstack_u.nu_s.nu_icmp
178 #define netstack_udp netstack_u.nu_s.nu_udp
179 #define netstack_tcp netstack_u.nu_s.nu_tcp
180 #define netstack_sctp netstack_u.nu_s.nu_sctp
181 #define netstack_rts netstack_u.nu_s.nu_rts
182 #define netstack_ipsec netstack_u.nu_s.nu_ipsec
183 #define netstack_keysock netstack_u.nu_s.nu_keysock
184 #define netstack_spdsock netstack_u.nu_s.nu_spdsock
185 #define netstack_ipsecah netstack_u.nu_s.nu_ipsecah
186 #define netstack_ipsecesp netstack_u.nu_s.nu_ipsecesp
187 #define netstack_ipnet netstack_u.nu_s.nu_ipnet
188 #define netstack_ilb netstack_u.nu_s.nu_ilb
189
190 nm_state_t netstack_m_state[NS_MAX]; /* module state */
191
192 kmutex_t netstack_lock;
193 struct netstack *netstack_next;
194 netstackid_t netstack_stackid;
195 int netstack_numzones; /* Number of zones using this */
196 int netstack_refcnt; /* Number of hold-rele */
197 int netstack_flags; /* See below */
198
199 #ifdef _KERNEL
200 /* Needed to ensure that we run the callback functions in order */
201 kcondvar_t netstack_cv;
202 #endif
203 };
204 typedef struct netstack netstack_t;
205
206 /* netstack_flags values */
207 #define NSF_UNINIT 0x01 /* Not initialized */
208 #define NSF_CLOSING 0x02 /* Going away */
209 #define NSF_ZONE_CREATE 0x04 /* create callbacks inprog */
210 #define NSF_ZONE_SHUTDOWN 0x08 /* shutdown callbacks */
211 #define NSF_ZONE_DESTROY 0x10 /* destroy callbacks */
212
213 #define NSF_ZONE_INPROGRESS \
214 (NSF_ZONE_CREATE|NSF_ZONE_SHUTDOWN|NSF_ZONE_DESTROY)
215
216 /*
217 * One for each of the NS_* values.
218 */
219 struct netstack_registry {
220 int nr_flags; /* 0 if nothing registered */
221 void *(*nr_create)(netstackid_t, netstack_t *);
222 void (*nr_shutdown)(netstackid_t, void *);
223 void (*nr_destroy)(netstackid_t, void *);
224 };
225
226 /* nr_flags values */
227 #define NRF_REGISTERED 0x01
228 #define NRF_DYING 0x02 /* No new creates */
229
230 /*
231 * To support kstat_create_netstack() using kstat_add_zone we need
232 * to track both
233 * - all zoneids that use the global/shared stack
234 * - all kstats that have been added for the shared stack
235 */
236
237 extern void netstack_init(void);
238 extern void netstack_hold(netstack_t *);
239 extern void netstack_rele(netstack_t *);
240 extern netstack_t *netstack_find_by_cred(const cred_t *);
241 extern netstack_t *netstack_find_by_stackid(netstackid_t);
242 extern netstack_t *netstack_find_by_zoneid(zoneid_t);
243 extern boolean_t netstack_inuse_by_stackid(netstackid_t stackid);
244
245 extern zoneid_t netstackid_to_zoneid(netstackid_t);
246 extern zoneid_t netstack_get_zoneid(netstack_t *);
247 extern netstackid_t zoneid_to_netstackid(zoneid_t);
248
249 extern netstack_t *netstack_get_current(void);
250
251 /*
252 * Register interest in changes to the set of netstacks.
253 * The createfn and destroyfn are required, but the shutdownfn can be
254 * NULL.
255 * Note that due to the current zsd implementation, when the create
256 * function is called the zone isn't fully present, thus functions
257 * like zone_find_by_* will fail, hence the create function can not
258 * use many zones kernel functions including zcmn_err().
259 */
260 extern void netstack_register(int,
261 void *(*)(netstackid_t, netstack_t *),
262 void (*)(netstackid_t, void *),
263 void (*)(netstackid_t, void *));
264 extern void netstack_unregister(int);
265 extern kstat_t *kstat_create_netstack(char *, int, char *, char *, uchar_t,
266 uint_t, uchar_t, netstackid_t);
267 extern void kstat_delete_netstack(kstat_t *, netstackid_t);
268
269 /*
270 * Simple support for walking all the netstacks.
271 * The caller of netstack_next() needs to call netstack_rele() when
272 * done with a netstack.
273 */
274 typedef int netstack_handle_t;
275
276 extern void netstack_next_init(netstack_handle_t *);
277 extern void netstack_next_fini(netstack_handle_t *);
278 extern netstack_t *netstack_next(netstack_handle_t *);
279
280 #ifdef __cplusplus
281 }
282 #endif
283
284
285 #endif /* _SYS_NETSTACK_H */