Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src Sync NPF with the version on github: backport standalone NPF...
details: https://anonhg.NetBSD.org/src/rev/e0199a6f0263
branches: trunk
changeset: 349871:e0199a6f0263
user: christos <christos%NetBSD.org@localhost>
date: Mon Dec 26 23:05:05 2016 +0000
description:
Sync NPF with the version on github: backport standalone NPF changes,
which allow us to create and run separate NPF instances. Minor fixes.
(from rmind@)
diffstat:
lib/libnpf/npf.c | 181 +++++---
lib/libnpf/npf.h | 28 +-
sys/compat/netbsd32/netbsd32_ioctl.c | 12 +-
sys/compat/netbsd32/netbsd32_ioctl.h | 14 +-
sys/net/npf/files.npf | 3 +-
sys/net/npf/if_npflog.c | 8 +-
sys/net/npf/npf.c | 313 ++++-----------
sys/net/npf/npf.h | 62 +-
sys/net/npf/npf_alg.c | 129 +++--
sys/net/npf/npf_alg_icmp.c | 11 +-
sys/net/npf/npf_bpf.c | 20 +-
sys/net/npf/npf_conf.c | 110 ++--
sys/net/npf/npf_conn.c | 247 ++++++-----
sys/net/npf/npf_conn.h | 29 +-
sys/net/npf/npf_conndb.c | 30 +-
sys/net/npf/npf_ctl.c | 146 ++++--
sys/net/npf/npf_ext_log.c | 14 +-
sys/net/npf/npf_ext_normalize.c | 11 +-
sys/net/npf/npf_ext_rndblock.c | 13 +-
sys/net/npf/npf_handler.c | 170 +------
sys/net/npf/npf_if.c | 134 +++---
sys/net/npf/npf_impl.h | 184 ++++++--
sys/net/npf/npf_inet.c | 42 +-
sys/net/npf/npf_mbuf.c | 77 ++-
sys/net/npf/npf_nat.c | 27 +-
sys/net/npf/npf_os.c | 461 +++++++++++++++++++++++
sys/net/npf/npf_rproc.c | 60 +-
sys/net/npf/npf_ruleset.c | 48 +-
sys/net/npf/npf_sendpkt.c | 19 +-
sys/net/npf/npf_state.c | 7 +-
sys/net/npf/npf_state_tcp.c | 18 +-
sys/net/npf/npf_tableset.c | 34 +-
sys/net/npf/npf_worker.c | 178 +++++---
sys/net/npf/npfkern.h | 78 +++
sys/rump/net/lib/libnpf/Makefile | 4 +-
usr.sbin/npf/npfctl/npf_bpf_comp.c | 9 +-
usr.sbin/npf/npfctl/npf_build.c | 51 +-
usr.sbin/npf/npfctl/npf_data.c | 15 +-
usr.sbin/npf/npfctl/npf_show.c | 26 +-
usr.sbin/npf/npfctl/npfctl.c | 123 +++--
usr.sbin/npf/npfctl/npfctl.h | 17 +-
usr.sbin/npf/npftest/libnpftest/npf_bpf_test.c | 13 +-
usr.sbin/npf/npftest/libnpftest/npf_mbuf_subr.c | 107 +++++
usr.sbin/npf/npftest/libnpftest/npf_nat_test.c | 14 +-
usr.sbin/npf/npftest/libnpftest/npf_nbuf_test.c | 6 +-
usr.sbin/npf/npftest/libnpftest/npf_perf_test.c | 17 +-
usr.sbin/npf/npftest/libnpftest/npf_rule_test.c | 27 +-
usr.sbin/npf/npftest/libnpftest/npf_state_test.c | 8 +-
usr.sbin/npf/npftest/libnpftest/npf_table_test.c | 119 +++--
usr.sbin/npf/npftest/libnpftest/npf_test.h | 39 +
usr.sbin/npf/npftest/libnpftest/npf_test_subr.c | 101 ++++-
usr.sbin/npf/npftest/npfstream.c | 4 +-
usr.sbin/npf/npftest/npftest.c | 58 +-
usr.sbin/npf/npftest/npftest.h | 19 +
54 files changed, 2347 insertions(+), 1348 deletions(-)
diffs (truncated from 8004 to 300 lines):
diff -r 5a9f332b0a61 -r e0199a6f0263 lib/libnpf/npf.c
--- a/lib/libnpf/npf.c Mon Dec 26 21:54:00 2016 +0000
+++ b/lib/libnpf/npf.c Mon Dec 26 23:05:05 2016 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: npf.c,v 1.39 2016/12/10 21:04:12 christos Exp $ */
+/* $NetBSD: npf.c,v 1.40 2016/12/26 23:05:05 christos Exp $ */
/*-
* Copyright (c) 2010-2015 The NetBSD Foundation, Inc.
@@ -30,7 +30,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: npf.c,v 1.39 2016/12/10 21:04:12 christos Exp $");
+__KERNEL_RCSID(0, "$NetBSD: npf.c,v 1.40 2016/12/26 23:05:05 christos Exp $");
#include <sys/types.h>
#include <netinet/in_systm.h>
@@ -95,8 +95,6 @@
prop_dictionary_t ncf_err;
prop_dictionary_t ncf_debug;
- /* Custom file to externalise property-list. */
- const char * ncf_plist;
bool ncf_flush;
};
@@ -143,7 +141,7 @@
return false;
}
}
-
+
/*
* CONFIGURATION INTERFACE.
*/
@@ -162,31 +160,26 @@
ncf->ncf_rproc_list = prop_array_create();
ncf->ncf_table_list = prop_array_create();
ncf->ncf_nat_list = prop_array_create();
-
- ncf->ncf_plist = NULL;
ncf->ncf_flush = false;
-
return ncf;
}
-int
-npf_config_submit(nl_config_t *ncf, int fd)
+static prop_dictionary_t
+_npf_build_config(nl_config_t *ncf)
{
- const char *plist = ncf->ncf_plist;
prop_dictionary_t npf_dict;
prop_array_t rlset;
- int error = 0;
npf_dict = prop_dictionary_create();
if (npf_dict == NULL) {
- return ENOMEM;
+ return NULL;
}
prop_dictionary_set_uint32(npf_dict, "version", NPF_VERSION);
rlset = _npf_ruleset_transform(ncf->ncf_rules_list);
if (rlset == NULL) {
prop_object_release(npf_dict);
- return ENOMEM;
+ return NULL;
}
prop_object_release(ncf->ncf_rules_list);
ncf->ncf_rules_list = rlset;
@@ -204,26 +197,44 @@
if (ncf->ncf_debug) {
prop_dictionary_set(npf_dict, "debug", ncf->ncf_debug);
}
+ return npf_dict;
+}
- if (plist) {
- if (!prop_dictionary_externalize_to_file(npf_dict, plist)) {
- error = errno;
- }
+int
+npf_config_submit(nl_config_t *ncf, int fd, npf_error_t *errinfo)
+{
+#if !defined(_NPF_STANDALONE)
+ prop_dictionary_t npf_dict;
+ int error = 0;
+
+ npf_dict = _npf_build_config(ncf);
+ if (!npf_dict) {
+ return ENOMEM;
+ }
+ error = prop_dictionary_sendrecv_ioctl(npf_dict, fd,
+ IOC_NPF_LOAD, &ncf->ncf_err);
+ if (error) {
prop_object_release(npf_dict);
+ assert(ncf->ncf_err == NULL);
return error;
}
- if (fd) {
- error = prop_dictionary_sendrecv_ioctl(npf_dict, fd,
- IOC_NPF_LOAD, &ncf->ncf_err);
- if (error) {
- prop_object_release(npf_dict);
- assert(ncf->ncf_err == NULL);
- return error;
- }
- prop_dictionary_get_int32(ncf->ncf_err, "errno", &error);
+ prop_dictionary_get_int32(ncf->ncf_err, "errno", &error);
+ if (error) {
+ memset(errinfo, 0, sizeof(*errinfo));
+
+ prop_dictionary_get_int64(ncf->ncf_err, "id",
+ &errinfo->id);
+ prop_dictionary_get_cstring(ncf->ncf_err,
+ "source-file", &errinfo->source_file);
+ prop_dictionary_get_uint32(ncf->ncf_err,
+ "source-line", &errinfo->source_line);
}
prop_object_release(npf_dict);
return error;
+#else
+ (void)ncf; (void)fd;
+ return ENOTSUP;
+#endif
}
static nl_config_t *
@@ -246,13 +257,17 @@
}
nl_config_t *
-npf_config_retrieve(int fd, bool *active, bool *loaded)
+npf_config_retrieve(int fd)
{
prop_dictionary_t npf_dict;
nl_config_t *ncf;
int error;
+#ifdef _NPF_STANDALONE
+ error = ENOTSUP;
+#else
error = prop_dictionary_recv_ioctl(fd, IOC_NPF_SAVE, &npf_dict);
+#endif
if (error) {
return NULL;
}
@@ -261,30 +276,35 @@
prop_object_release(npf_dict);
return NULL;
}
- prop_dictionary_get_bool(npf_dict, "active", active);
- *loaded = (ncf->ncf_rules_list != NULL);
return ncf;
}
-int
-npf_config_export(const nl_config_t *ncf, const char *path)
+void *
+npf_config_export(nl_config_t *ncf, size_t *length)
{
prop_dictionary_t npf_dict = ncf->ncf_dict;
- int error = 0;
+ void *blob;
- if (!prop_dictionary_externalize_to_file(npf_dict, path)) {
- error = errno;
+ if (!npf_dict && (npf_dict = _npf_build_config(ncf)) == NULL) {
+ errno = ENOMEM;
+ return NULL;
}
- return error;
+ if ((blob = prop_dictionary_externalize(npf_dict)) == NULL) {
+ prop_object_release(npf_dict);
+ return NULL;
+ }
+ prop_object_release(npf_dict);
+ *length = strlen(blob);
+ return blob;
}
nl_config_t *
-npf_config_import(const char *path)
+npf_config_import(const void *blob, size_t len __unused)
{
prop_dictionary_t npf_dict;
nl_config_t *ncf;
- npf_dict = prop_dictionary_internalize_from_file(path);
+ npf_dict = prop_dictionary_internalize(blob);
if (!npf_dict) {
return NULL;
}
@@ -300,6 +320,7 @@
npf_config_flush(int fd)
{
nl_config_t *ncf;
+ npf_error_t errinfo;
int error;
ncf = npf_config_create();
@@ -307,24 +328,33 @@
return ENOMEM;
}
ncf->ncf_flush = true;
- error = npf_config_submit(ncf, fd);
+ error = npf_config_submit(ncf, fd, &errinfo);
npf_config_destroy(ncf);
return error;
}
-void
-_npf_config_error(nl_config_t *ncf, nl_error_t *ne)
+bool
+npf_config_active_p(nl_config_t *ncf)
+{
+ bool active = false;
+ prop_dictionary_get_bool(ncf->ncf_dict, "active", &active);
+ return active;
+}
+
+bool
+npf_config_loaded_p(nl_config_t *ncf)
{
- memset(ne, 0, sizeof(*ne));
- prop_dictionary_get_int32(ncf->ncf_err, "id", &ne->ne_id);
- prop_dictionary_get_cstring(ncf->ncf_err,
- "source-file", &ne->ne_source_file);
- prop_dictionary_get_uint32(ncf->ncf_err,
- "source-line", &ne->ne_source_line);
- prop_dictionary_get_int32(ncf->ncf_err,
- "code-error", &ne->ne_ncode_error);
- prop_dictionary_get_int32(ncf->ncf_err,
- "code-errat", &ne->ne_ncode_errat);
+ return ncf->ncf_rules_list != NULL;
+}
+
+void *
+npf_config_build(nl_config_t *ncf)
+{
+ if (!ncf->ncf_dict && !(ncf->ncf_dict = _npf_build_config(ncf))) {
+ errno = ENOMEM;
+ return NULL;
+ }
+ return (void *)ncf->ncf_dict;
}
void
@@ -346,12 +376,6 @@
free(ncf);
}
-void
-_npf_config_setsubmit(nl_config_t *ncf, const char *plist_file)
-{
- ncf->ncf_plist = plist_file;
-}
-
static bool
_npf_prop_array_lookup(prop_array_t array, const char *key, const char *name)
{
@@ -382,7 +406,11 @@
prop_dictionary_set_cstring(rldict, "ruleset-name", rname);
prop_dictionary_set_uint32(rldict, "command", NPF_CMD_RULE_ADD);
+#ifdef _NPF_STANDALONE
+ error = ENOTSUP;
+#else
error = prop_dictionary_sendrecv_ioctl(rldict, fd, IOC_NPF_RULE, &ret);
+#endif
if (!error) {
prop_dictionary_get_uint64(ret, "id", id);
}
@@ -401,7 +429,11 @@
prop_dictionary_set_cstring(rldict, "ruleset-name", rname);
prop_dictionary_set_uint32(rldict, "command", NPF_CMD_RULE_REMOVE);
prop_dictionary_set_uint64(rldict, "id", id);
+#ifdef _NPF_STANDALONE
+ return ENOTSUP;
+#else
return prop_dictionary_send_ioctl(rldict, fd, IOC_NPF_RULE);
+#endif
}
int
@@ -425,7 +457,11 @@
prop_dictionary_set(rldict, "key", keyobj);
prop_object_release(keyobj);
+#ifdef _NPF_STANDALONE
+ return ENOTSUP;
+#else
return prop_dictionary_send_ioctl(rldict, fd, IOC_NPF_RULE);
+#endif
}
int
@@ -439,7 +475,11 @@
Home |
Main Index |
Thread Index |
Old Index