Source-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[src/trunk]: src npfkern/libnpf: Add support for the table replace/swap opera...



details:   https://anonhg.NetBSD.org/src/rev/0f32d1b8bdc7
branches:  trunk
changeset: 453666:0f32d1b8bdc7
user:      rmind <rmind%NetBSD.org@localhost>
date:      Wed Aug 21 21:45:47 2019 +0000

description:
npfkern/libnpf: Add support for the table replace/swap operation.
Contributed by Timshel Knoll-Miller.

diffstat:

 lib/libnpf/libnpf.3        |   26 ++++++-
 lib/libnpf/npf.c           |   71 +++++++++++++++-----
 lib/libnpf/npf.h           |    2 +
 sys/net/npf/npf.h          |    1 +
 sys/net/npf/npf_ctl.c      |  152 ++++++++++++++++++++++++++++++++++----------
 sys/net/npf/npf_impl.h     |    3 +-
 sys/net/npf/npf_os.c       |    5 +-
 sys/net/npf/npf_tableset.c |   15 ++-
 8 files changed, 211 insertions(+), 64 deletions(-)

diffs (truncated from 495 to 300 lines):

diff -r 47f870dd833c -r 0f32d1b8bdc7 lib/libnpf/libnpf.3
--- a/lib/libnpf/libnpf.3       Wed Aug 21 21:41:53 2019 +0000
+++ b/lib/libnpf/libnpf.3       Wed Aug 21 21:45:47 2019 +0000
@@ -1,4 +1,4 @@
-.\"    $NetBSD: libnpf.3,v 1.9 2019/07/23 14:18:20 wiz Exp $
+.\"    $NetBSD: libnpf.3,v 1.10 2019/08/21 21:45:47 rmind Exp $
 .\"
 .\" Copyright (c) 2011-2019 The NetBSD Foundation, Inc.
 .\" All rights reserved.
@@ -27,7 +27,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 .\" POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd April 14, 2019
+.Dd August 21, 2019
 .Dt LIBNPF 3
 .Os
 .Sh NAME
@@ -41,7 +41,7 @@
 .Ft nl_config_t *
 .Fn npf_config_create "void"
 .Ft int
-.Fn npf_config_submit "nl_config_t *ncf" "int fd" "nl_error_t *errinfo"
+.Fn npf_config_submit "nl_config_t *ncf" "int fd" "npf_error_t *errinfo"
 .Ft nl_config_t *
 .Fn npf_config_retrieve "int fd"
 .Ft int
@@ -104,6 +104,8 @@
 "const npf_addr_t *addr" "const npf_netmask_t mask"
 .Ft int
 .Fn npf_table_insert "nl_config_t *ncf" "nl_table_t *tl"
+.Ft int
+.Fn npf_table_replace "int fd" "nl_table_t *tl" "npf_error_t *errinfo"
 .Ft void
 .Fn npf_table_destroy "nl_table_t *tl"
 .\" -----
@@ -347,7 +349,9 @@
 for IPv6 address.
 Additionally,
 .Fa mask
-may be specified to indicate the translation network.
+may be specified to indicate the translation network;
+otherwise, it should be set to
+.Dv NPF_NO_NETMASK .
 In such case, a custom algorithm may need to be specified using the
 .Fn npf_nat_setalgo
 function.
@@ -423,11 +427,25 @@
 for IPv4 or
 .Dv AF_INET6
 for IPv6 address.
+If there is no mask, then
+.Fa mask
+should be set to
+.Dv NPF_NO_NETMASK .
+.\" ---
 .It Fn npf_table_insert "ncf" "tl"
 Add the table to the configuration object.
 This routine performs a check for duplicate table IDs.
 The table must not be referenced after insertion.
 .\" ---
+.It Fn npf_table_replace "fd" "tl" "errinfo"
+Submit the table object, specified by
+.Fa tl ,
+to the kernel, to replace the existing table with the
+corresponding table name and ID.
+On failure, the error information is written into the structure
+specified by
+.Fa errinfo .
+.\" ---
 .It Fn npf_table_destroy "tl"
 Destroy the specified table.
 .El
diff -r 47f870dd833c -r 0f32d1b8bdc7 lib/libnpf/npf.c
--- a/lib/libnpf/npf.c  Wed Aug 21 21:41:53 2019 +0000
+++ b/lib/libnpf/npf.c  Wed Aug 21 21:45:47 2019 +0000
@@ -28,7 +28,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: npf.c,v 1.46 2019/07/23 00:52:01 rmind Exp $");
+__KERNEL_RCSID(0, "$NetBSD: npf.c,v 1.47 2019/08/21 21:45:47 rmind Exp $");
 
 #include <sys/types.h>
 #include <sys/mman.h>
@@ -203,6 +203,30 @@
 }
 
 /*
+ * _npf_extract_error: check the error number field and extract the
+ * error details into the npf_error_t structure.
+ */
+static int
+_npf_extract_error(nvlist_t *resp, npf_error_t *errinfo)
+{
+       int error;
+
+       error = dnvlist_get_number(resp, "errno", 0);
+       if (error && errinfo) {
+               memset(errinfo, 0, sizeof(npf_error_t));
+
+               errinfo->id = dnvlist_get_number(resp, "id", 0);
+               errinfo->error_msg =
+                   dnvlist_take_string(resp, "error-msg", NULL);
+               errinfo->source_file =
+                   dnvlist_take_string(resp, "source-file", NULL);
+               errinfo->source_line =
+                   dnvlist_take_number(resp, "source-line", 0);
+       }
+       return error;
+}
+
+/*
  * CONFIGURATION INTERFACE.
  */
 
@@ -233,17 +257,7 @@
                assert(errnv == NULL);
                return errno;
        }
-       error = dnvlist_get_number(errnv, "errno", 0);
-       if (error && errinfo) {
-               memset(errinfo, 0, sizeof(npf_error_t));
-               errinfo->id = dnvlist_get_number(errnv, "id", 0);
-               errinfo->error_msg =
-                   dnvlist_take_string(errnv, "error-msg", NULL);
-               errinfo->source_file =
-                   dnvlist_take_string(errnv, "source-file", NULL);
-               errinfo->source_line =
-                   dnvlist_take_number(errnv, "source-line", 0);
-       }
+       error = _npf_extract_error(errnv, errinfo);
        nvlist_destroy(errnv);
        return error;
 }
@@ -949,7 +963,7 @@
 }
 
 static inline int
-_npf_table_build(nl_table_t *tl)
+_npf_table_build_const(nl_table_t *tl)
 {
        struct cdbw *cdbw;
        const nvlist_t * const *entries;
@@ -959,6 +973,10 @@
        struct stat sb;
        char sfn[32];
 
+       if (dnvlist_get_number(tl->table_dict, "type", 0) != NPF_TABLE_CONST) {
+               return 0;
+       }
+
        if (!nvlist_exists_nvlist_array(tl->table_dict, "entries")) {
                return 0;
        }
@@ -1050,10 +1068,8 @@
        if (_npf_dataset_lookup(ncf->ncf_dict, "tables", "name", name)) {
                return EEXIST;
        }
-       if (dnvlist_get_number(tl->table_dict, "type", 0) == NPF_TABLE_CONST) {
-               if ((error = _npf_table_build(tl)) != 0) {
-                       return error;
-               }
+       if ((error = _npf_table_build_const(tl)) != 0) {
+               return error;
        }
        nvlist_append_nvlist_array(ncf->ncf_dict, "tables", tl->table_dict);
        nvlist_destroy(tl->table_dict);
@@ -1061,6 +1077,27 @@
        return 0;
 }
 
+int
+npf_table_replace(int fd, nl_table_t *tl, npf_error_t *errinfo)
+{
+       nvlist_t *errnv = NULL;
+       int error;
+
+       /* Ensure const tables are built. */
+       if ((error = _npf_table_build_const(tl)) != 0) {
+               return error;
+       }
+
+       if (nvlist_xfer_ioctl(fd, IOC_NPF_TABLE_REPLACE,
+           tl->table_dict, &errnv) == -1) {
+               assert(errnv == NULL);
+               return errno;
+       }
+       error = _npf_extract_error(errnv, errinfo);
+       nvlist_destroy(errnv);
+       return error;
+}
+
 nl_table_t *
 npf_table_iterate(nl_config_t *ncf, nl_iter_t *iter)
 {
diff -r 47f870dd833c -r 0f32d1b8bdc7 lib/libnpf/npf.h
--- a/lib/libnpf/npf.h  Wed Aug 21 21:41:53 2019 +0000
+++ b/lib/libnpf/npf.h  Wed Aug 21 21:45:47 2019 +0000
@@ -146,6 +146,8 @@
 int            npf_table_insert(nl_config_t *, nl_table_t *);
 void           npf_table_destroy(nl_table_t *);
 
+int            npf_table_replace(int, nl_table_t *, npf_error_t *);
+
 #ifdef _NPF_PRIVATE
 
 #include <ifaddrs.h>
diff -r 47f870dd833c -r 0f32d1b8bdc7 sys/net/npf/npf.h
--- a/sys/net/npf/npf.h Wed Aug 21 21:41:53 2019 +0000
+++ b/sys/net/npf/npf.h Wed Aug 21 21:45:47 2019 +0000
@@ -310,6 +310,7 @@
 #define        IOC_NPF_SAVE            _IOR('N', 105, nvlist_ref_t)
 #define        IOC_NPF_RULE            _IOWR('N', 107, nvlist_ref_t)
 #define        IOC_NPF_CONN_LOOKUP     _IOWR('N', 108, nvlist_ref_t)
+#define        IOC_NPF_TABLE_REPLACE   _IOWR('N', 109, nvlist_ref_t)
 
 /*
  * NPF error report.
diff -r 47f870dd833c -r 0f32d1b8bdc7 sys/net/npf/npf_ctl.c
--- a/sys/net/npf/npf_ctl.c     Wed Aug 21 21:41:53 2019 +0000
+++ b/sys/net/npf/npf_ctl.c     Wed Aug 21 21:45:47 2019 +0000
@@ -36,7 +36,7 @@
 
 #ifdef _KERNEL
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: npf_ctl.c,v 1.55 2019/08/11 20:26:33 rmind Exp $");
+__KERNEL_RCSID(0, "$NetBSD: npf_ctl.c,v 1.56 2019/08/21 21:45:47 rmind Exp $");
 
 #include <sys/param.h>
 #include <sys/conf.h>
@@ -178,6 +178,63 @@
        return error;
 }
 
+/*
+ * npf_mk_table: create a table from provided nvlist.
+ */
+static int __noinline
+npf_mk_table(npf_t *npf, const nvlist_t *tbl_dict, nvlist_t *errdict,
+    npf_tableset_t *tblset, npf_table_t **tblp, bool replacing)
+{
+       npf_table_t *t;
+       const char *name;
+       const void *blob;
+       uint64_t tid;
+       size_t size;
+       int type;
+       int error = 0;
+
+       KASSERT(tblp != NULL);
+
+       /* Table name, ID and type.  Validate them. */
+       name = dnvlist_get_string(tbl_dict, "name", NULL);
+       if (!name) {
+               NPF_ERR_DEBUG(errdict);
+               error = EINVAL;
+               goto out;
+       }
+       tid = dnvlist_get_number(tbl_dict, "id", UINT64_MAX);
+       type = dnvlist_get_number(tbl_dict, "type", UINT64_MAX);
+       error = npf_table_check(tblset, name, tid, type, replacing);
+       if (error) {
+               NPF_ERR_DEBUG(errdict);
+               goto out;
+       }
+
+       /* Get the entries or binary data. */
+       blob = dnvlist_get_binary(tbl_dict, "data", &size, NULL, 0);
+       if (type == NPF_TABLE_CONST && (blob == NULL || size == 0)) {
+               NPF_ERR_DEBUG(errdict);
+               error = EINVAL;
+               goto out;
+       }
+
+       t = npf_table_create(name, (u_int)tid, type, blob, size);
+       if (t == NULL) {
+               NPF_ERR_DEBUG(errdict);
+               error = ENOMEM;
+               goto out;
+       }
+
+       if ((error = npf_mk_table_entries(t, tbl_dict, errdict)) != 0) {
+               npf_table_destroy(t);
+               goto out;
+       }
+
+       *tblp = t;
+out:
+       return error;
+}
+
 static int __noinline
 npf_mk_tables(npf_t *npf, nvlist_t *npf_dict, nvlist_t *errdict,
     npf_tableset_t **tblsetp)
@@ -200,49 +257,15 @@
        tblset = npf_tableset_create(nitems);
        for (unsigned i = 0; i < nitems; i++) {
                const nvlist_t *table = tables[i];
-               const char *name;



Home | Main Index | Thread Index | Old Index