Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src Add support for CDB based NPF tables.
details: https://anonhg.NetBSD.org/src/rev/79af07e9edfd
branches: trunk
changeset: 326594:79af07e9edfd
user: rmind <rmind%NetBSD.org@localhost>
date: Thu Feb 06 02:51:28 2014 +0000
description:
Add support for CDB based NPF tables.
diffstat:
lib/libnpf/npf.c | 20 ++-
lib/libnpf/npf.h | 3 +-
sys/net/npf/npf.h | 3 +-
sys/net/npf/npf_ctl.c | 80 ++++++---
sys/net/npf/npf_impl.h | 4 +-
sys/net/npf/npf_tableset.c | 189 ++++++++++++++++------
usr.sbin/npf/npfctl/npf.conf.5 | 13 +-
usr.sbin/npf/npfctl/npf_build.c | 67 ++++++-
usr.sbin/npf/npfctl/npf_parse.y | 4 +-
usr.sbin/npf/npfctl/npf_scan.l | 3 +-
usr.sbin/npf/npftest/libnpftest/npf_table_test.c | 37 +++-
usr.sbin/npf/npftest/libnpftest/npf_test.h | 2 +-
usr.sbin/npf/npftest/npftest.c | 57 ++++++-
usr.sbin/npf/npftest/npftest.h | 2 +-
14 files changed, 368 insertions(+), 116 deletions(-)
diffs (truncated from 1054 to 300 lines):
diff -r 79b90a4753c3 -r 79af07e9edfd lib/libnpf/npf.c
--- a/lib/libnpf/npf.c Wed Feb 05 23:10:41 2014 +0000
+++ b/lib/libnpf/npf.c Thu Feb 06 02:51:28 2014 +0000
@@ -1,7 +1,7 @@
-/* $NetBSD: npf.c,v 1.25 2014/02/03 02:21:52 rmind Exp $ */
+/* $NetBSD: npf.c,v 1.26 2014/02/06 02:51:28 rmind Exp $ */
/*-
- * Copyright (c) 2010-2013 The NetBSD Foundation, Inc.
+ * Copyright (c) 2010-2014 The NetBSD Foundation, Inc.
* All rights reserved.
*
* This material is based upon work partially supported by The
@@ -30,7 +30,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: npf.c,v 1.25 2014/02/03 02:21:52 rmind Exp $");
+__KERNEL_RCSID(0, "$NetBSD: npf.c,v 1.26 2014/02/06 02:51:28 rmind Exp $");
#include <sys/types.h>
#include <netinet/in_systm.h>
@@ -961,6 +961,20 @@
return 0;
}
+int
+npf_table_setdata(nl_table_t *tl, const void *blob, size_t len)
+{
+ prop_dictionary_t tldict = tl->ntl_dict;
+ prop_data_t bobj;
+
+ if ((bobj = prop_data_create_data(blob, len)) == NULL) {
+ return ENOMEM;
+ }
+ prop_dictionary_set(tldict, "data", bobj);
+ prop_object_release(bobj);
+ return 0;
+}
+
static bool
_npf_table_exists_p(nl_config_t *ncf, const char *name)
{
diff -r 79b90a4753c3 -r 79af07e9edfd lib/libnpf/npf.h
--- a/lib/libnpf/npf.h Wed Feb 05 23:10:41 2014 +0000
+++ b/lib/libnpf/npf.h Thu Feb 06 02:51:28 2014 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: npf.h,v 1.22 2014/02/03 02:21:52 rmind Exp $ */
+/* $NetBSD: npf.h,v 1.23 2014/02/06 02:51:28 rmind Exp $ */
/*-
* Copyright (c) 2011-2013 The NetBSD Foundation, Inc.
@@ -111,6 +111,7 @@
nl_table_t * npf_table_create(const char *, u_int, int);
int npf_table_add_entry(nl_table_t *, int,
const npf_addr_t *, const npf_netmask_t);
+int npf_table_setdata(nl_table_t *, const void *, size_t);
int npf_table_insert(nl_config_t *, nl_table_t *);
void npf_table_destroy(nl_table_t *);
diff -r 79b90a4753c3 -r 79af07e9edfd sys/net/npf/npf.h
--- a/sys/net/npf/npf.h Wed Feb 05 23:10:41 2014 +0000
+++ b/sys/net/npf/npf.h Thu Feb 06 02:51:28 2014 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: npf.h,v 1.34 2013/12/06 01:33:37 rmind Exp $ */
+/* $NetBSD: npf.h,v 1.35 2014/02/06 02:51:28 rmind Exp $ */
/*-
* Copyright (c) 2009-2013 The NetBSD Foundation, Inc.
@@ -239,6 +239,7 @@
/* Table types. */
#define NPF_TABLE_HASH 1
#define NPF_TABLE_TREE 2
+#define NPF_TABLE_CDB 3
#define NPF_TABLE_MAXNAMELEN 32
diff -r 79b90a4753c3 -r 79af07e9edfd sys/net/npf/npf_ctl.c
--- a/sys/net/npf/npf_ctl.c Wed Feb 05 23:10:41 2014 +0000
+++ b/sys/net/npf/npf_ctl.c Thu Feb 06 02:51:28 2014 +0000
@@ -1,7 +1,7 @@
-/* $NetBSD: npf_ctl.c,v 1.32 2013/11/12 00:46:34 rmind Exp $ */
+/* $NetBSD: npf_ctl.c,v 1.33 2014/02/06 02:51:28 rmind Exp $ */
/*-
- * Copyright (c) 2009-2013 The NetBSD Foundation, Inc.
+ * Copyright (c) 2009-2014 The NetBSD Foundation, Inc.
* All rights reserved.
*
* This material is based upon work partially supported by The
@@ -37,7 +37,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: npf_ctl.c,v 1.32 2013/11/12 00:46:34 rmind Exp $");
+__KERNEL_RCSID(0, "$NetBSD: npf_ctl.c,v 1.33 2014/02/06 02:51:28 rmind Exp $");
#include <sys/param.h>
#include <sys/conf.h>
@@ -77,6 +77,34 @@
}
static int __noinline
+npf_mk_table_entries(npf_table_t *t, prop_array_t entries)
+{
+ prop_object_iterator_t eit;
+ prop_dictionary_t ent;
+ int error = 0;
+
+ /* Fill all the entries. */
+ eit = prop_array_iterator(entries);
+ while ((ent = prop_object_iterator_next(eit)) != NULL) {
+ const npf_addr_t *addr;
+ npf_netmask_t mask;
+ int alen;
+
+ /* Get address and mask. Add a table entry. */
+ prop_object_t obj = prop_dictionary_get(ent, "addr");
+ addr = (const npf_addr_t *)prop_data_data_nocopy(obj);
+ prop_dictionary_get_uint8(ent, "mask", &mask);
+ alen = prop_data_size(obj);
+
+ error = npf_table_insert(t, alen, addr, mask);
+ if (error)
+ break;
+ }
+ prop_object_iterator_release(eit);
+ return error;
+}
+
+static int __noinline
npf_mk_tables(npf_tableset_t *tblset, prop_array_t tables,
prop_dictionary_t errdict)
{
@@ -92,9 +120,6 @@
it = prop_array_iterator(tables);
while ((tbldict = prop_object_iterator_next(it)) != NULL) {
- prop_dictionary_t ent;
- prop_object_iterator_t eit;
- prop_array_t entries;
const char *name;
npf_table_t *t;
u_int tid;
@@ -121,8 +146,25 @@
break;
}
+ /* Get the entries or binary data. */
+ prop_array_t entries = prop_dictionary_get(tbldict, "entries");
+ if (prop_object_type(entries) != PROP_TYPE_ARRAY) {
+ NPF_ERR_DEBUG(errdict);
+ error = EINVAL;
+ break;
+ }
+ prop_object_t obj = prop_dictionary_get(tbldict, "data");
+ void *blob = prop_data_data(obj);
+ size_t size = prop_data_size(obj);
+
+ if (type == NPF_TABLE_CDB && (blob == NULL || size == 0)) {
+ NPF_ERR_DEBUG(errdict);
+ error = EINVAL;
+ break;
+ }
+
/* Create and insert the table. */
- t = npf_table_create(name, tid, type, 1024); /* XXX */
+ t = npf_table_create(name, tid, type, blob, size);
if (t == NULL) {
NPF_ERR_DEBUG(errdict);
error = ENOMEM;
@@ -131,32 +173,10 @@
error = npf_tableset_insert(tblset, t);
KASSERT(error == 0);
- /* Entries. */
- entries = prop_dictionary_get(tbldict, "entries");
- if (prop_object_type(entries) != PROP_TYPE_ARRAY) {
+ if ((error = npf_mk_table_entries(t, entries)) != 0) {
NPF_ERR_DEBUG(errdict);
- error = EINVAL;
break;
}
- eit = prop_array_iterator(entries);
- while ((ent = prop_object_iterator_next(eit)) != NULL) {
- const npf_addr_t *addr;
- npf_netmask_t mask;
- int alen;
-
- /* Get address and mask. Add a table entry. */
- prop_object_t obj = prop_dictionary_get(ent, "addr");
- addr = (const npf_addr_t *)prop_data_data_nocopy(obj);
- prop_dictionary_get_uint8(ent, "mask", &mask);
- alen = prop_data_size(obj);
-
- error = npf_table_insert(t, alen, addr, mask);
- if (error)
- break;
- }
- prop_object_iterator_release(eit);
- if (error)
- break;
}
prop_object_iterator_release(it);
/*
diff -r 79b90a4753c3 -r 79af07e9edfd sys/net/npf/npf_impl.h
--- a/sys/net/npf/npf_impl.h Wed Feb 05 23:10:41 2014 +0000
+++ b/sys/net/npf/npf_impl.h Thu Feb 06 02:51:28 2014 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: npf_impl.h,v 1.45 2013/12/06 01:33:37 rmind Exp $ */
+/* $NetBSD: npf_impl.h,v 1.46 2014/02/06 02:51:28 rmind Exp $ */
/*-
* Copyright (c) 2009-2013 The NetBSD Foundation, Inc.
@@ -229,7 +229,7 @@
void npf_tableset_reload(npf_tableset_t *, npf_tableset_t *);
void npf_tableset_syncdict(const npf_tableset_t *, prop_dictionary_t);
-npf_table_t * npf_table_create(const char *, u_int, int, size_t);
+npf_table_t * npf_table_create(const char *, u_int, int, void *, size_t);
void npf_table_destroy(npf_table_t *);
int npf_table_check(npf_tableset_t *, const char *, u_int, int);
diff -r 79b90a4753c3 -r 79af07e9edfd sys/net/npf/npf_tableset.c
--- a/sys/net/npf/npf_tableset.c Wed Feb 05 23:10:41 2014 +0000
+++ b/sys/net/npf/npf_tableset.c Thu Feb 06 02:51:28 2014 +0000
@@ -1,7 +1,7 @@
-/* $NetBSD: npf_tableset.c,v 1.20 2013/11/22 00:25:51 rmind Exp $ */
+/* $NetBSD: npf_tableset.c,v 1.21 2014/02/06 02:51:28 rmind Exp $ */
/*-
- * Copyright (c) 2009-2013 The NetBSD Foundation, Inc.
+ * Copyright (c) 2009-2014 The NetBSD Foundation, Inc.
* All rights reserved.
*
* This material is based upon work partially supported by The
@@ -41,14 +41,16 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: npf_tableset.c,v 1.20 2013/11/22 00:25:51 rmind Exp $");
+__KERNEL_RCSID(0, "$NetBSD: npf_tableset.c,v 1.21 2014/02/06 02:51:28 rmind Exp $");
#include <sys/param.h>
#include <sys/types.h>
#include <sys/atomic.h>
#include <sys/hash.h>
+#include <sys/cdbr.h>
#include <sys/kmem.h>
+#include <sys/malloc.h>
#include <sys/pool.h>
#include <sys/queue.h>
#include <sys/rwlock.h>
@@ -59,9 +61,9 @@
typedef struct npf_tblent {
union {
- LIST_ENTRY(npf_tblent) hashq;
- pt_node_t node;
- } te_entry;
+ LIST_ENTRY(npf_tblent) te_hashent;
+ pt_node_t te_node;
+ } /* C11 */;
int te_alen;
npf_addr_t te_addr;
} npf_tblent_t;
@@ -70,12 +72,23 @@
struct npf_table {
/*
- * The storage type can be: a) hash b) tree.
+ * The storage type can be: a) hash b) tree c) cdb.
* There are separate trees for IPv4 and IPv6.
*/
- struct npf_hashl * t_hashl;
- u_long t_hashmask;
- pt_tree_t t_tree[2];
+ union {
+ struct {
+ struct npf_hashl *t_hashl;
+ u_long t_hashmask;
+ };
+ struct {
+ pt_tree_t t_tree[2];
+ };
+ struct {
+ void * t_blob;
+ size_t t_bsize;
+ struct cdbr * t_cdb;
+ };
+ } /* C11 */;
/*
* Table ID, type and lock. The ID may change during the
@@ -237,7 +250,7 @@
KASSERT(npf_config_locked_p());
ot->t_id = tid;
- /* Destroy the new table (we hold only reference). */
Home |
Main Index |
Thread Index |
Old Index