another sneak peek of issue #60, moved some functions of filtering to…

… session_db

include/nat64/mod/bib.h

@@ -34,9 +34,6 @@ struct bib_entry {
 	/** A reference counter related to this BIB. */
 	struct kref refcounter;
 
-	/** Session counter related to this BIB. */
-	atomic_t sessions_counter;
-
 	struct rb_node tree6_hook;
 	struct rb_node tree4_hook;
 };
@@ -74,13 +71,5 @@ int bib_return(struct bib_entry *bib);
  * Warning: Careful with this one; "bib" cannot be NULL.
  */
 void bib_kfree(struct bib_entry *bib);
-/**
- * Helper function, intended to increment a BIB session counter
- */
-void bib_inc_session(struct bib_entry *bib);
-/**
- * Helper function, intended to decrement a BIB session counter
- */
-void bib_dec_session(struct bib_entry *bib);
 
 #endif /* _NF_NAT64_BIB_H */

include/nat64/mod/bib_db.h

@@ -12,6 +12,8 @@
 #include <linux/spinlock.h>
 #include "nat64/comm/types.h"
 #include "nat64/mod/bib.h"
+#include "nat64/mod/packet.h"
+
 
 /**
  * Initializes the three tables (UDP, TCP and ICMP).
@@ -70,13 +72,12 @@ int bibdb_get_by_ipv6(struct ipv6_tuple_address *addr, l4_protocol l4_proto,
  * If the "in_bib" is added to the table, "tree_bib" will point to "in_bib",
  * otherwise "tree_bib" will point to a session of the table.
  *
- * @param in_bib entry row to be added to the table.
+ * @param entry row to be added to the table.
  * @param l4_proto identifier of the table to add "entry" to.
- * @param tree_bib pointer to the bib of the table.
  * @return whether the entry could be inserted or not. It will not be inserted if some dynamic
  *		memory allocation failed.
  */
-int bibdb_add(struct bib_entry *in_bib, l4_protocol l4_proto, struct bib_entry **tree_bib);
+int bibdb_add(struct bib_entry *entry, l4_protocol l4_proto);
 /**
  * Attempts to remove the "entry" entry from the BIB table whose protocol is "l4_proto".
  * Even though the entry is removed from the table, it is not kfreed.
@@ -95,8 +96,10 @@ int bibdb_remove(struct bib_entry *entry, l4_protocol l4_proto);
  * Asume que el candado ya se reservó.
  */
 int bibdb_for_each(l4_protocol l4_proto, int (*func)(struct bib_entry *, void *), void *arg);
-int bibdb_for_each_ipv6(l4_protocol l4_proto, struct in6_addr *addr,
-		int (*func)(struct bib_entry *, void *), void *arg);
+//int bibdb_for_each_ipv6(l4_protocol l4_proto, struct in6_addr *addr,
+//		int (*func)(struct bib_entry *, void *), void *arg);
 int bibdb_count(l4_protocol proto, __u64 *result);
 
+int bibdb_get_or_create_ipv6(struct fragment *frag, struct tuple *tuple, struct bib_entry **bib);
+
 #endif /* _NF_NAT64_BIB_DB_H */

include/nat64/mod/filtering_and_updating.h

@@ -13,6 +13,7 @@
 #include "nat64/comm/types.h"
 #include "nat64/comm/config_proto.h"
 #include "nat64/mod/packet.h"
+#include "nat64/mod/session.h"
 
 
 int filtering_init(void);
@@ -23,5 +24,6 @@ int set_filtering_config(__u32 operation, struct filtering_config *new_config);
 
 verdict filtering_and_updating(struct fragment *frag, struct tuple *tuple);
 
+void set_tcp_trans_timer(struct session_entry *session);
 
 #endif /* _NF_NAT64_FILTERING_H */

include/nat64/mod/rbtree.h

@@ -48,7 +48,6 @@
 	({ \
 		struct rb_node **new = &((root)->rb_node), *parent = NULL; \
 		int error = 0; \
-		type *tmp_entry = NULL; \
 		\
 		/* Figure out where to put new node */ \
 		while (*new) { \
@@ -62,7 +61,6 @@
 				new = &((*new)->rb_right); \
 			} else { \
 				error = -EEXIST; \
-				tmp_entry = this; \
 				break; \
 			} \
 		} \
@@ -71,10 +69,9 @@
 		if (!error) { \
 			rb_link_node(&(entry)->hook_name, parent, new); \
 			rb_insert_color(&(entry)->hook_name, root); \
-			tmp_entry = entry; \
 		} \
 		\
-		tmp_entry; \
+		error; \
 	})
 
 /**
@@ -110,5 +107,35 @@
 		(root)->rb_node = NULL; \
 	}
 
+/**
+ * This is just a stock search on a Red-Black tree.
+ *
+ * I can't find a way to turn this into a function; if you want to read a cleaner version of it,
+ * see https://www.kernel.org/doc/Documentation/rbtree.txt.
+ */
+#define rbtree_find_node(expected, root, compare_cb, type, hook_name, parent, new) \
+	({ \
+		int err = 0; \
+		new = &((root)->rb_node); \
+		parent = NULL; \
+		\
+		/* Figure out where to put new node */ \
+		while (*new) { \
+			type *entry = rb_entry(*new, type, hook_name); \
+			int comparison = compare_cb(entry, expected); \
+			\
+			parent = *new; \
+			if (comparison < 0) { \
+				new = &((*new)->rb_left); \
+			} else if (comparison > 0) { \
+				new = &((*new)->rb_right); \
+			} else { \
+				err = -EEXIST; \
+				break; \
+			} \
+		} \
+		err; \
+	})
+
 
 #endif /* _NF_NAT64_RBTREE_H */

include/nat64/mod/session.h

@@ -12,6 +12,31 @@
 #include "nat64/comm/types.h"
 //#include "nat64/mod/bib.h"
 
+/** The states from the TCP state machine; RFC 6146 section 3.5.2. */
+enum tcp_states {
+	/** No traffic has been seen; state is fictional. */
+	CLOSED = 0,
+	/** A SYN packet arrived from the IPv6 side; some IPv4 node is trying to start a connection. */
+	V6_INIT,
+	/** A SYN packet arrived from the IPv4 side; some IPv4 node is trying to start a connection. */
+	V4_INIT,
+	/** The handshake is complete and the sides are exchanging upper-layer data. */
+	ESTABLISHED,
+	/**
+	 * The IPv4 node wants to terminate the connection. Data can still flow.
+	 * Awaiting a IPv6 FIN...
+	 */
+	V4_FIN_RCV,
+	/**
+	 * The IPv6 node wants to terminate the connection. Data can still flow.
+	 * Awaiting a IPv4 FIN...
+	 */
+	V6_FIN_RCV,
+	/** Both sides issued a FIN. Packets can still flow for a short time. */
+	V4_FIN_V6_FIN_RCV,
+	/** The session might die in a short while. */
+	TRANS,
+};
 
 /**
  * A row, intended to be part of one of the session tables.

include/nat64/mod/session_db.h

@@ -14,6 +14,14 @@
 #include "nat64/mod/session.h"
 #include "nat64/mod/bib.h"
 
+typedef enum timer_type {
+	TIMERTYPE_UDP = 0,
+	TIMERTYPE_TCP_EST = 1,
+	TIMERTYPE_TCP_TRANS = 2,
+	TIMERTYPE_TCP_SYN = 3,
+	TIMERTYPE_ICMP = 4,
+#define TIMER_TYPE_COUNT 5
+} timer_type;
 
 /**
  * Initializes the three tables (UDP, TCP and ICMP).
@@ -86,12 +94,11 @@ bool sessiondb_allow(struct tuple *tuple);
  * if the in_session is added to the table, "tree_session" will point to "in_session",
  * otherwise "tree_session" will point to a session of the table.
  *
- * @param in_session entry row to be added to the table.
- * @param tree_session a pointer to a valid session of the table.
+ * @param entry row to be added to the table.
  * @return whether the entry could be inserted or not. It will not be inserted
  *		if some dynamic memory allocation failed.
  */
-int sessiondb_add(struct session_entry *in_session, struct session_entry **tree_session);
+int sessiondb_add(struct session_entry *session);
 /**
  * Destroys the session table's reference to "entry". It does NOT kfree "entry".
  * Also, it removes "entry" regardless of whether it is static or not.
@@ -111,9 +118,18 @@ int sessiondb_count(l4_protocol proto, __u64 *result);
 /**
  * this functions is used in statics_routes to delete every session of the bib
  */
-int sessiondb_for_each_ipv4(l4_protocol l4_proto, struct ipv4_tuple_address *addr,
+int sessiondb_delete_by_ipv4(l4_protocol l4_proto, struct ipv4_tuple_address *addr,
 		struct bib_entry *bib);
-int sessiondb_for_each_ipv6(l4_protocol l4_proto, struct ipv6_tuple_address *addr,
+int sessiondb_delete_by_ipv6(l4_protocol l4_proto, struct ipv6_tuple_address *addr,
 		struct bib_entry *bib);
 
+int sessiondb_get_or_create_ipv6(struct tuple *tuple, struct bib_entry *bib, struct session_entry **session);
+int sessiondb_get_or_create_ipv4(struct tuple *tuple, struct bib_entry *bib, struct session_entry **session);
+
+/**
+ * Helper of the set_*_timer functions. Safely updates "session"->dying_time and moves it from its
+ * original location to the end of "list".
+ */
+void sessiondb_update_timer(struct session_entry *session, timer_type type, __u64 ttl);
+
 #endif /* _NF_NAT64_SESSION_DB_H */

mod/Kbuild

@@ -16,7 +16,9 @@ jool-objs += poolnum.o
 jool-objs += pool6.o
 jool-objs += pool4.o
 jool-objs += bib.o
+jool-objs += bib_db.o
 jool-objs += session.o
+jool-objs += session_db.o
 jool-objs += static_routes.o
 jool-objs += config.o
 jool-objs += config_proto.o

mod/bib.c

@@ -3,6 +3,8 @@
 #include <net/ipv6.h>
 #include "nat64/mod/pool4.h"
 #include "nat64/mod/rbtree.h"
+#include "nat64/mod/bib_db.h"
+#include "nat64/mod/icmp_wrapper.h"
 
 
 /********************************************
@@ -19,9 +21,13 @@ static struct kmem_cache *entry_cache;
 static void bib_release(struct kref *ref)
 {
 	struct bib_entry *bib = container_of(ref, struct bib_entry, refcounter);
-	if (atomic_read(&bib->sessions_counter) != 0) {
-		log_err(ERR_ILLEGAL_NONE, "Bug: BIB session counter must be 0 when refcounter is 0");
+	int error = 0;
+	error = bibdb_remove(bib, bib->l4_proto);
+	if (error) {
+		log_err(ERR_INCOMPLETE_REMOVE, "Error when trying to release the bib");
+//		return; /* should we delete(kfree) the BIB? at this point bibrefcount = 0 */
 	}
+	log_debug("BIB released");
 	bib_kfree(bib);
 }
 
@@ -57,7 +63,6 @@ struct bib_entry *bib_create(struct ipv4_tuple_address *ipv4, struct ipv6_tuple_
 	result->ipv6 = *ipv6;
 	result->l4_proto = l4_proto;
 	result->is_static = is_static;
-	atomic_set(&result->sessions_counter, 0);
 	RB_CLEAR_NODE(&result->tree6_hook);
 	RB_CLEAR_NODE(&result->tree4_hook);
 
@@ -74,20 +79,9 @@ void bib_get(struct bib_entry *bib)
 	kref_get(&bib->refcounter);
 }
 
-void bib_inc_session(struct bib_entry *bib)
-{
-	atomic_inc(&bib->sessions_counter);
-}
-
-void bib_dec_session(struct bib_entry *bib)
-{
-	atomic_dec(&bib->sessions_counter);
-	if (atomic_read(&bib->sessions_counter) < 0)
-		log_err(-EINVAL, "Session counter is less than zero");
-}
-
 void bib_kfree(struct bib_entry *bib)
 {
+	log_debug("BIB kfree");
 	pool4_return(bib->l4_proto, &bib->ipv4);
 	kmem_cache_free(entry_cache, bib);
 }