Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/sys/net/npf Add ability to have mbufs disappear (to another ...
details: https://anonhg.NetBSD.org/src/rev/5b4d1e9ccd66
branches: trunk
changeset: 329325:5b4d1e9ccd66
user: jakllsch <jakllsch%NetBSD.org@localhost>
date: Mon May 19 18:45:51 2014 +0000
description:
Add ability to have mbufs disappear (to another interface) during
npf_rproc_run(). For upcoming npf_ext_route extension.
Guidance and ok by rmind@.
diffstat:
sys/net/npf/npf.h | 4 ++--
sys/net/npf/npf_ext_log.c | 10 ++++++----
sys/net/npf/npf_ext_normalize.c | 16 +++++++++-------
sys/net/npf/npf_ext_rndblock.c | 10 ++++++----
sys/net/npf/npf_handler.c | 13 +++++++++----
sys/net/npf/npf_impl.h | 4 ++--
sys/net/npf/npf_rproc.c | 10 +++++++---
7 files changed, 41 insertions(+), 26 deletions(-)
diffs (258 lines):
diff -r 895ba628ecaa -r 5b4d1e9ccd66 sys/net/npf/npf.h
--- a/sys/net/npf/npf.h Mon May 19 17:14:41 2014 +0000
+++ b/sys/net/npf/npf.h Mon May 19 18:45:51 2014 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: npf.h,v 1.38 2014/03/14 11:29:44 rmind Exp $ */
+/* $NetBSD: npf.h,v 1.39 2014/05/19 18:45:51 jakllsch Exp $ */
/*-
* Copyright (c) 2009-2014 The NetBSD Foundation, Inc.
@@ -188,7 +188,7 @@
void * ctx;
int (*ctor)(npf_rproc_t *, prop_dictionary_t);
void (*dtor)(npf_rproc_t *, void *);
- void (*proc)(npf_cache_t *, nbuf_t *, void *, int *);
+ bool (*proc)(npf_cache_t *, nbuf_t *, void *, int *);
} npf_ext_ops_t;
void * npf_ext_register(const char *, const npf_ext_ops_t *);
diff -r 895ba628ecaa -r 5b4d1e9ccd66 sys/net/npf/npf_ext_log.c
--- a/sys/net/npf/npf_ext_log.c Mon May 19 17:14:41 2014 +0000
+++ b/sys/net/npf/npf_ext_log.c Mon May 19 18:45:51 2014 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: npf_ext_log.c,v 1.6 2013/03/11 17:03:55 christos Exp $ */
+/* $NetBSD: npf_ext_log.c,v 1.7 2014/05/19 18:45:51 jakllsch Exp $ */
/*-
* Copyright (c) 2010-2012 The NetBSD Foundation, Inc.
@@ -34,7 +34,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: npf_ext_log.c,v 1.6 2013/03/11 17:03:55 christos Exp $");
+__KERNEL_RCSID(0, "$NetBSD: npf_ext_log.c,v 1.7 2014/05/19 18:45:51 jakllsch Exp $");
#include <sys/types.h>
#include <sys/module.h>
@@ -78,7 +78,7 @@
kmem_free(meta, sizeof(npf_ext_log_t));
}
-static void
+static bool
npf_log(npf_cache_t *npc, nbuf_t *nbuf, void *meta, int *decision)
{
struct mbuf *m = nbuf_head_mbuf(nbuf);
@@ -102,7 +102,7 @@
if (ifp == NULL) {
/* No interface. */
KERNEL_UNLOCK_ONE(NULL);
- return;
+ return true;
}
/* Pass through BPF. */
@@ -110,6 +110,8 @@
ifp->if_obytes += m->m_pkthdr.len;
bpf_mtap_af(ifp, family, m);
KERNEL_UNLOCK_ONE(NULL);
+
+ return true;
}
/*
diff -r 895ba628ecaa -r 5b4d1e9ccd66 sys/net/npf/npf_ext_normalize.c
--- a/sys/net/npf/npf_ext_normalize.c Mon May 19 17:14:41 2014 +0000
+++ b/sys/net/npf/npf_ext_normalize.c Mon May 19 18:45:51 2014 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: npf_ext_normalize.c,v 1.1 2013/03/12 20:47:48 christos Exp $ */
+/* $NetBSD: npf_ext_normalize.c,v 1.2 2014/05/19 18:45:51 jakllsch Exp $ */
/*-
* Copyright (c) 2009-2012 The NetBSD Foundation, Inc.
@@ -27,7 +27,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: npf_ext_normalize.c,v 1.1 2013/03/12 20:47:48 christos Exp $");
+__KERNEL_RCSID(0, "$NetBSD: npf_ext_normalize.c,v 1.2 2014/05/19 18:45:51 jakllsch Exp $");
#include <sys/types.h>
#include <sys/module.h>
@@ -140,7 +140,7 @@
/*
* npf_normalize: the main routine to normalize IPv4 and/or TCP headers.
*/
-static void
+static bool
npf_normalize(npf_cache_t *npc, nbuf_t *nbuf, void *params, int *decision)
{
npf_normalize_t *np = params;
@@ -150,7 +150,7 @@
/* Skip, if already blocking. */
if (*decision == NPF_DECISION_BLOCK) {
- return;
+ return true;
}
/* Normalise IPv4. Nothing to do for IPv6. */
@@ -165,15 +165,15 @@
if (maxmss == 0 || !npf_iscached(npc, NPC_TCP) ||
(th->th_flags & TH_SYN) == 0) {
/* Not required; done. */
- return;
+ return true;
}
mss = 0;
if (!npf_fetch_tcpopts(npc, nbuf, &mss, &wscale)) {
- return;
+ return true;
}
if (ntohs(mss) <= maxmss) {
/* Nothing else to do. */
- return;
+ return true;
}
maxmss = htons(maxmss);
@@ -182,6 +182,8 @@
cksum = npf_fixup16_cksum(th->th_sum, mss, maxmss);
th->th_sum = cksum;
}
+
+ return true;
}
static int
diff -r 895ba628ecaa -r 5b4d1e9ccd66 sys/net/npf/npf_ext_rndblock.c
--- a/sys/net/npf/npf_ext_rndblock.c Mon May 19 17:14:41 2014 +0000
+++ b/sys/net/npf/npf_ext_rndblock.c Mon May 19 18:45:51 2014 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: npf_ext_rndblock.c,v 1.3 2013/03/11 17:03:55 christos Exp $ */
+/* $NetBSD: npf_ext_rndblock.c,v 1.4 2014/05/19 18:45:51 jakllsch Exp $ */
/*-
* Copyright (c) 2012 The NetBSD Foundation, Inc.
@@ -32,7 +32,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: npf_ext_rndblock.c,v 1.3 2013/03/11 17:03:55 christos Exp $");
+__KERNEL_RCSID(0, "$NetBSD: npf_ext_rndblock.c,v 1.4 2014/05/19 18:45:51 jakllsch Exp $");
#include <sys/types.h>
#include <sys/cprng.h>
@@ -96,7 +96,7 @@
/*
* npf_ext_rndblock: main routine implementing the extension functionality.
*/
-static void
+static bool
npf_ext_rndblock(npf_cache_t *npc, nbuf_t *nbuf, void *meta, int *decision)
{
npf_ext_rndblock_t *rndblock = meta;
@@ -104,7 +104,7 @@
/* Skip, if already blocking. */
if (*decision == NPF_DECISION_BLOCK) {
- return;
+ return true;
}
/*
@@ -129,6 +129,8 @@
*decision = NPF_DECISION_BLOCK;
}
}
+
+ return true;
}
/*
diff -r 895ba628ecaa -r 5b4d1e9ccd66 sys/net/npf/npf_handler.c
--- a/sys/net/npf/npf_handler.c Mon May 19 17:14:41 2014 +0000
+++ b/sys/net/npf/npf_handler.c Mon May 19 18:45:51 2014 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: npf_handler.c,v 1.29 2014/03/14 11:29:44 rmind Exp $ */
+/* $NetBSD: npf_handler.c,v 1.30 2014/05/19 18:45:51 jakllsch Exp $ */
/*-
* Copyright (c) 2009-2013 The NetBSD Foundation, Inc.
@@ -36,7 +36,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: npf_handler.c,v 1.29 2014/03/14 11:29:44 rmind Exp $");
+__KERNEL_RCSID(0, "$NetBSD: npf_handler.c,v 1.30 2014/05/19 18:45:51 jakllsch Exp $");
#include <sys/types.h>
#include <sys/param.h>
@@ -252,8 +252,13 @@
* Execute the rule procedure, if any is associated.
* It may reverse the decision from pass to block.
*/
- if (rp) {
- npf_rproc_run(&npc, &nbuf, rp, &decision);
+ if (rp && !npf_rproc_run(&npc, &nbuf, rp, &decision)) {
+ if (se) {
+ npf_session_release(se);
+ }
+ npf_rproc_release(rp);
+ *mp = NULL;
+ return 0;
}
out:
/*
diff -r 895ba628ecaa -r 5b4d1e9ccd66 sys/net/npf/npf_impl.h
--- a/sys/net/npf/npf_impl.h Mon May 19 17:14:41 2014 +0000
+++ b/sys/net/npf/npf_impl.h Mon May 19 18:45:51 2014 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: npf_impl.h,v 1.50 2014/03/14 11:29:44 rmind Exp $ */
+/* $NetBSD: npf_impl.h,v 1.51 2014/05/19 18:45:51 jakllsch Exp $ */
/*-
* Copyright (c) 2009-2014 The NetBSD Foundation, Inc.
@@ -298,7 +298,7 @@
npf_rproc_t * npf_rproc_create(prop_dictionary_t);
void npf_rproc_acquire(npf_rproc_t *);
void npf_rproc_release(npf_rproc_t *);
-void npf_rproc_run(npf_cache_t *, nbuf_t *, npf_rproc_t *, int *);
+bool npf_rproc_run(npf_cache_t *, nbuf_t *, npf_rproc_t *, int *);
/* Session handling interface. */
void npf_session_sysinit(void);
diff -r 895ba628ecaa -r 5b4d1e9ccd66 sys/net/npf/npf_rproc.c
--- a/sys/net/npf/npf_rproc.c Mon May 19 17:14:41 2014 +0000
+++ b/sys/net/npf/npf_rproc.c Mon May 19 18:45:51 2014 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: npf_rproc.c,v 1.9 2013/03/11 01:56:37 christos Exp $ */
+/* $NetBSD: npf_rproc.c,v 1.10 2014/05/19 18:45:51 jakllsch Exp $ */
/*-
* Copyright (c) 2009-2013 The NetBSD Foundation, Inc.
@@ -330,7 +330,7 @@
*
* => Reference on the rule procedure must be held.
*/
-void
+bool
npf_rproc_run(npf_cache_t *npc, nbuf_t *nbuf, npf_rproc_t *rp, int *decision)
{
const unsigned extcount = rp->rp_ext_count;
@@ -343,10 +343,14 @@
const npf_ext_ops_t *extops = ext->ext_ops;
KASSERT(ext->ext_refcnt > 0);
- extops->proc(npc, nbuf, rp->rp_ext_meta[i], decision);
+ if (!extops->proc(npc, nbuf, rp->rp_ext_meta[i], decision)) {
+ return false;
+ }
if (nbuf_flag_p(nbuf, NBUF_DATAREF_RESET)) {
npf_recache(npc, nbuf);
}
}
+
+ return true;
}
Home |
Main Index |
Thread Index |
Old Index