Source-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[src/trunk]: src Add support for CDB based NPF tables.



details:   https://anonhg.NetBSD.org/src/rev/79af07e9edfd
branches:  trunk
changeset: 326594:79af07e9edfd
user:      rmind <rmind%NetBSD.org@localhost>
date:      Thu Feb 06 02:51:28 2014 +0000

description:
Add support for CDB based NPF tables.

diffstat:

 lib/libnpf/npf.c                                 |   20 ++-
 lib/libnpf/npf.h                                 |    3 +-
 sys/net/npf/npf.h                                |    3 +-
 sys/net/npf/npf_ctl.c                            |   80 ++++++---
 sys/net/npf/npf_impl.h                           |    4 +-
 sys/net/npf/npf_tableset.c                       |  189 ++++++++++++++++------
 usr.sbin/npf/npfctl/npf.conf.5                   |   13 +-
 usr.sbin/npf/npfctl/npf_build.c                  |   67 ++++++-
 usr.sbin/npf/npfctl/npf_parse.y                  |    4 +-
 usr.sbin/npf/npfctl/npf_scan.l                   |    3 +-
 usr.sbin/npf/npftest/libnpftest/npf_table_test.c |   37 +++-
 usr.sbin/npf/npftest/libnpftest/npf_test.h       |    2 +-
 usr.sbin/npf/npftest/npftest.c                   |   57 ++++++-
 usr.sbin/npf/npftest/npftest.h                   |    2 +-
 14 files changed, 368 insertions(+), 116 deletions(-)

diffs (truncated from 1054 to 300 lines):

diff -r 79b90a4753c3 -r 79af07e9edfd lib/libnpf/npf.c
--- a/lib/libnpf/npf.c  Wed Feb 05 23:10:41 2014 +0000
+++ b/lib/libnpf/npf.c  Thu Feb 06 02:51:28 2014 +0000
@@ -1,7 +1,7 @@
-/*     $NetBSD: npf.c,v 1.25 2014/02/03 02:21:52 rmind Exp $   */
+/*     $NetBSD: npf.c,v 1.26 2014/02/06 02:51:28 rmind Exp $   */
 
 /*-
- * Copyright (c) 2010-2013 The NetBSD Foundation, Inc.
+ * Copyright (c) 2010-2014 The NetBSD Foundation, Inc.
  * All rights reserved.
  *
  * This material is based upon work partially supported by The
@@ -30,7 +30,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: npf.c,v 1.25 2014/02/03 02:21:52 rmind Exp $");
+__KERNEL_RCSID(0, "$NetBSD: npf.c,v 1.26 2014/02/06 02:51:28 rmind Exp $");
 
 #include <sys/types.h>
 #include <netinet/in_systm.h>
@@ -961,6 +961,20 @@
        return 0;
 }
 
+int
+npf_table_setdata(nl_table_t *tl, const void *blob, size_t len)
+{
+       prop_dictionary_t tldict = tl->ntl_dict;
+       prop_data_t bobj;
+
+       if ((bobj = prop_data_create_data(blob, len)) == NULL) {
+               return ENOMEM;
+       }
+       prop_dictionary_set(tldict, "data", bobj);
+       prop_object_release(bobj);
+       return 0;
+}
+
 static bool
 _npf_table_exists_p(nl_config_t *ncf, const char *name)
 {
diff -r 79b90a4753c3 -r 79af07e9edfd lib/libnpf/npf.h
--- a/lib/libnpf/npf.h  Wed Feb 05 23:10:41 2014 +0000
+++ b/lib/libnpf/npf.h  Thu Feb 06 02:51:28 2014 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: npf.h,v 1.22 2014/02/03 02:21:52 rmind Exp $   */
+/*     $NetBSD: npf.h,v 1.23 2014/02/06 02:51:28 rmind Exp $   */
 
 /*-
  * Copyright (c) 2011-2013 The NetBSD Foundation, Inc.
@@ -111,6 +111,7 @@
 nl_table_t *   npf_table_create(const char *, u_int, int);
 int            npf_table_add_entry(nl_table_t *, int,
                    const npf_addr_t *, const npf_netmask_t);
+int            npf_table_setdata(nl_table_t *, const void *, size_t);
 int            npf_table_insert(nl_config_t *, nl_table_t *);
 void           npf_table_destroy(nl_table_t *);
 
diff -r 79b90a4753c3 -r 79af07e9edfd sys/net/npf/npf.h
--- a/sys/net/npf/npf.h Wed Feb 05 23:10:41 2014 +0000
+++ b/sys/net/npf/npf.h Thu Feb 06 02:51:28 2014 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: npf.h,v 1.34 2013/12/06 01:33:37 rmind Exp $   */
+/*     $NetBSD: npf.h,v 1.35 2014/02/06 02:51:28 rmind Exp $   */
 
 /*-
  * Copyright (c) 2009-2013 The NetBSD Foundation, Inc.
@@ -239,6 +239,7 @@
 /* Table types. */
 #define        NPF_TABLE_HASH                  1
 #define        NPF_TABLE_TREE                  2
+#define        NPF_TABLE_CDB                   3
 
 #define        NPF_TABLE_MAXNAMELEN            32
 
diff -r 79b90a4753c3 -r 79af07e9edfd sys/net/npf/npf_ctl.c
--- a/sys/net/npf/npf_ctl.c     Wed Feb 05 23:10:41 2014 +0000
+++ b/sys/net/npf/npf_ctl.c     Thu Feb 06 02:51:28 2014 +0000
@@ -1,7 +1,7 @@
-/*     $NetBSD: npf_ctl.c,v 1.32 2013/11/12 00:46:34 rmind Exp $       */
+/*     $NetBSD: npf_ctl.c,v 1.33 2014/02/06 02:51:28 rmind Exp $       */
 
 /*-
- * Copyright (c) 2009-2013 The NetBSD Foundation, Inc.
+ * Copyright (c) 2009-2014 The NetBSD Foundation, Inc.
  * All rights reserved.
  *
  * This material is based upon work partially supported by The
@@ -37,7 +37,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: npf_ctl.c,v 1.32 2013/11/12 00:46:34 rmind Exp $");
+__KERNEL_RCSID(0, "$NetBSD: npf_ctl.c,v 1.33 2014/02/06 02:51:28 rmind Exp $");
 
 #include <sys/param.h>
 #include <sys/conf.h>
@@ -77,6 +77,34 @@
 }
 
 static int __noinline
+npf_mk_table_entries(npf_table_t *t, prop_array_t entries)
+{
+       prop_object_iterator_t eit;
+       prop_dictionary_t ent;
+       int error = 0;
+
+       /* Fill all the entries. */
+       eit = prop_array_iterator(entries);
+       while ((ent = prop_object_iterator_next(eit)) != NULL) {
+               const npf_addr_t *addr;
+               npf_netmask_t mask;
+               int alen;
+
+               /* Get address and mask.  Add a table entry. */
+               prop_object_t obj = prop_dictionary_get(ent, "addr");
+               addr = (const npf_addr_t *)prop_data_data_nocopy(obj);
+               prop_dictionary_get_uint8(ent, "mask", &mask);
+               alen = prop_data_size(obj);
+
+               error = npf_table_insert(t, alen, addr, mask);
+               if (error)
+                       break;
+       }
+       prop_object_iterator_release(eit);
+       return error;
+}
+
+static int __noinline
 npf_mk_tables(npf_tableset_t *tblset, prop_array_t tables,
     prop_dictionary_t errdict)
 {
@@ -92,9 +120,6 @@
 
        it = prop_array_iterator(tables);
        while ((tbldict = prop_object_iterator_next(it)) != NULL) {
-               prop_dictionary_t ent;
-               prop_object_iterator_t eit;
-               prop_array_t entries;
                const char *name;
                npf_table_t *t;
                u_int tid;
@@ -121,8 +146,25 @@
                        break;
                }
 
+               /* Get the entries or binary data. */
+               prop_array_t entries = prop_dictionary_get(tbldict, "entries");
+               if (prop_object_type(entries) != PROP_TYPE_ARRAY) {
+                       NPF_ERR_DEBUG(errdict);
+                       error = EINVAL;
+                       break;
+               }
+               prop_object_t obj = prop_dictionary_get(tbldict, "data");
+               void *blob = prop_data_data(obj);
+               size_t size = prop_data_size(obj);
+
+               if (type == NPF_TABLE_CDB && (blob == NULL || size == 0)) {
+                       NPF_ERR_DEBUG(errdict);
+                       error = EINVAL;
+                       break;
+               }
+
                /* Create and insert the table. */
-               t = npf_table_create(name, tid, type, 1024);    /* XXX */
+               t = npf_table_create(name, tid, type, blob, size);
                if (t == NULL) {
                        NPF_ERR_DEBUG(errdict);
                        error = ENOMEM;
@@ -131,32 +173,10 @@
                error = npf_tableset_insert(tblset, t);
                KASSERT(error == 0);
 
-               /* Entries. */
-               entries = prop_dictionary_get(tbldict, "entries");
-               if (prop_object_type(entries) != PROP_TYPE_ARRAY) {
+               if ((error = npf_mk_table_entries(t, entries)) != 0) {
                        NPF_ERR_DEBUG(errdict);
-                       error = EINVAL;
                        break;
                }
-               eit = prop_array_iterator(entries);
-               while ((ent = prop_object_iterator_next(eit)) != NULL) {
-                       const npf_addr_t *addr;
-                       npf_netmask_t mask;
-                       int alen;
-
-                       /* Get address and mask.  Add a table entry. */
-                       prop_object_t obj = prop_dictionary_get(ent, "addr");
-                       addr = (const npf_addr_t *)prop_data_data_nocopy(obj);
-                       prop_dictionary_get_uint8(ent, "mask", &mask);
-                       alen = prop_data_size(obj);
-
-                       error = npf_table_insert(t, alen, addr, mask);
-                       if (error)
-                               break;
-               }
-               prop_object_iterator_release(eit);
-               if (error)
-                       break;
        }
        prop_object_iterator_release(it);
        /*
diff -r 79b90a4753c3 -r 79af07e9edfd sys/net/npf/npf_impl.h
--- a/sys/net/npf/npf_impl.h    Wed Feb 05 23:10:41 2014 +0000
+++ b/sys/net/npf/npf_impl.h    Thu Feb 06 02:51:28 2014 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: npf_impl.h,v 1.45 2013/12/06 01:33:37 rmind Exp $      */
+/*     $NetBSD: npf_impl.h,v 1.46 2014/02/06 02:51:28 rmind Exp $      */
 
 /*-
  * Copyright (c) 2009-2013 The NetBSD Foundation, Inc.
@@ -229,7 +229,7 @@
 void           npf_tableset_reload(npf_tableset_t *, npf_tableset_t *);
 void           npf_tableset_syncdict(const npf_tableset_t *, prop_dictionary_t);
 
-npf_table_t *  npf_table_create(const char *, u_int, int, size_t);
+npf_table_t *  npf_table_create(const char *, u_int, int, void *, size_t);
 void           npf_table_destroy(npf_table_t *);
 
 int            npf_table_check(npf_tableset_t *, const char *, u_int, int);
diff -r 79b90a4753c3 -r 79af07e9edfd sys/net/npf/npf_tableset.c
--- a/sys/net/npf/npf_tableset.c        Wed Feb 05 23:10:41 2014 +0000
+++ b/sys/net/npf/npf_tableset.c        Thu Feb 06 02:51:28 2014 +0000
@@ -1,7 +1,7 @@
-/*     $NetBSD: npf_tableset.c,v 1.20 2013/11/22 00:25:51 rmind Exp $  */
+/*     $NetBSD: npf_tableset.c,v 1.21 2014/02/06 02:51:28 rmind Exp $  */
 
 /*-
- * Copyright (c) 2009-2013 The NetBSD Foundation, Inc.
+ * Copyright (c) 2009-2014 The NetBSD Foundation, Inc.
  * All rights reserved.
  *
  * This material is based upon work partially supported by The
@@ -41,14 +41,16 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: npf_tableset.c,v 1.20 2013/11/22 00:25:51 rmind Exp $");
+__KERNEL_RCSID(0, "$NetBSD: npf_tableset.c,v 1.21 2014/02/06 02:51:28 rmind Exp $");
 
 #include <sys/param.h>
 #include <sys/types.h>
 
 #include <sys/atomic.h>
 #include <sys/hash.h>
+#include <sys/cdbr.h>
 #include <sys/kmem.h>
+#include <sys/malloc.h>
 #include <sys/pool.h>
 #include <sys/queue.h>
 #include <sys/rwlock.h>
@@ -59,9 +61,9 @@
 
 typedef struct npf_tblent {
        union {
-               LIST_ENTRY(npf_tblent) hashq;
-               pt_node_t       node;
-       } te_entry;
+               LIST_ENTRY(npf_tblent) te_hashent;
+               pt_node_t       te_node;
+       } /* C11 */;
        int                     te_alen;
        npf_addr_t              te_addr;
 } npf_tblent_t;
@@ -70,12 +72,23 @@
 
 struct npf_table {
        /*
-        * The storage type can be: a) hash b) tree.
+        * The storage type can be: a) hash b) tree c) cdb.
         * There are separate trees for IPv4 and IPv6.
         */
-       struct npf_hashl *      t_hashl;
-       u_long                  t_hashmask;
-       pt_tree_t               t_tree[2];
+       union {
+               struct {
+                       struct npf_hashl *t_hashl;
+                       u_long          t_hashmask;
+               };
+               struct {
+                       pt_tree_t       t_tree[2];
+               };
+               struct {
+                       void *          t_blob;
+                       size_t          t_bsize;
+                       struct cdbr *   t_cdb;
+               };
+       } /* C11 */;
 
        /*
         * Table ID, type and lock.  The ID may change during the
@@ -237,7 +250,7 @@
                KASSERT(npf_config_locked_p());
                ot->t_id = tid;
 
-               /* Destroy the new table (we hold only reference). */



Home | Main Index | Thread Index | Old Index