Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/netbsd-6]: src Pull up following revision(s) (requested by rmind in tick...
details: https://anonhg.NetBSD.org/src/rev/5ef88192d5d6
branches: netbsd-6
changeset: 774258:5ef88192d5d6
user: riz <riz%NetBSD.org@localhost>
date: Tue Jun 26 00:07:16 2012 +0000
description:
Pull up following revision(s) (requested by rmind in ticket #354):
sys/net/npf/npf_state_tcp.c: revision 1.4
sys/net/npf/npf_state_tcp.c: revision 1.5
sys/net/npf/npf_state_tcp.c: revision 1.6
usr.sbin/npf/npftest/npftest.c: revision 1.1
usr.sbin/npf/npftest/libnpftest/npf_mbuf_subr.c: revision 1.1
usr.sbin/npf/npftest/npftest.c: revision 1.2
usr.sbin/npf/npftest/libnpftest/npf_mbuf_subr.c: revision 1.2
usr.sbin/npf/npfctl/npf_data.c: revision 1.11
usr.sbin/npf/npftest/npftest.c: revision 1.3
usr.sbin/npf/npfctl/npf_data.c: revision 1.12
usr.sbin/npf/npftest/npftest.h: revision 1.1
usr.sbin/npf/npfctl/npf_parse.y: revision 1.5
usr.sbin/npf/npfctl/npf_data.c: revision 1.13
sys/net/npf/npf.h: revision 1.16
usr.sbin/npf/npftest/npftest.h: revision 1.2
usr.sbin/npf/npfctl/npf_parse.y: revision 1.6
usr.sbin/npf/npftest/npftest.h: revision 1.3
usr.sbin/npf/npfctl/npf_parse.y: revision 1.7
usr.sbin/npf/npfctl/npf_ncgen.c: revision 1.10
usr.sbin/npf/npfctl/npf_build.c: revision 1.6
usr.sbin/npf/npfctl/npf_parse.y: revision 1.8
usr.sbin/npf/npfctl/npf_build.c: revision 1.7
usr.sbin/npf/npftest/libnpftest/npf_state_test.c: revision 1.1
usr.sbin/npf/npftest/libnpftest/npf_nbuf_test.c: revision 1.1
usr.sbin/npf/npfctl/npf_build.c: revision 1.8
usr.sbin/npf/npftest/libnpftest/npf_table_test.c: revision 1.1
usr.sbin/npf/npfctl/npf_build.c: revision 1.9
usr.sbin/npf/npfctl/npf.conf.5: revision 1.10
usr.sbin/npf/npfctl/npf.conf.5: revision 1.11
usr.sbin/npf/npfctl/npf.conf.5: revision 1.12
sys/net/npf/npf_state.c: revision 1.7
usr.sbin/npf/npfctl/npfctl.c: revision 1.11
usr.sbin/npf/npfctl/npfctl.c: revision 1.12
usr.sbin/npf/npfctl/Makefile: revision 1.7
sys/rump/net/lib/libnet/Makefile: revision 1.14
sys/net/npf/npf_mbuf.c: revision 1.7
usr.sbin/npf/npftest/Makefile: revision 1.1
usr.sbin/npf/npftest/Makefile: revision 1.2
usr.sbin/npf/npftest/libnpftest/Makefile: revision 1.1
usr.sbin/npf/npfctl/npf_scan.l: revision 1.2
usr.sbin/npf/npftest/npfstream.c: revision 1.1
usr.sbin/npf/npftest/libnpftest/Makefile: revision 1.2
usr.sbin/npf/npfctl/npf_scan.l: revision 1.3
usr.sbin/npf/npftest/libnpftest/Makefile: revision 1.3
usr.sbin/npf/npfctl/npfctl.h: revision 1.12
sys/rump/dev/lib/libnpf/Makefile: revision 1.2
usr.sbin/npf/npfctl/npfctl.h: revision 1.14
sys/rump/dev/lib/libnpf/Makefile: revision 1.3
usr.sbin/npf/npfctl/npfctl.h: revision 1.15
usr.sbin/npf/npfctl/npf_ncgen.c: revision 1.9
sys/net/npf/npf_ctl.c: revision 1.15
usr.sbin/npf/npfctl/npf_var.c: revision 1.4
usr.sbin/npf/npfctl/npf_var.h: revision 1.2
usr.sbin/npf/npfctl/npf_var.c: revision 1.5
sys/net/npf/npf_impl.h: revision 1.13
sys/net/npf/npf_sendpkt.c: revision 1.10
sys/net/npf/npf_impl.h: revision 1.14
usr.sbin/npf/npfctl/npf_disassemble.c: revision 1.4
sys/net/npf/npf_impl.h: revision 1.15
sys/net/npf/npf_handler.c: revision 1.16
usr.sbin/npf/npftest/libnpftest/npf_test.h: revision 1.1
usr.sbin/npf/npftest/libnpftest/npf_processor_test.c: revision 1.1
usr.sbin/npf/npfctl/npf_disassemble.c: revision 1.5
sys/net/npf/npf_handler.c: revision 1.17
usr.sbin/npf/npftest/libnpftest/npf_test.h: revision 1.2
sys/net/npf/npf_ncode.h: revision 1.7
usr.sbin/npf/npftest/libnpftest/npf_test_subr.c: revision 1.1
usr.sbin/npf/npftest/libnpftest/npf_test.h: revision 1.3
sys/net/npf/npf_ncode.h: revision 1.8
npf_tcp_inwindow: in a case of negative skew, bump the maximum seen value of
SEQ+LEN in the receiver's side correctly (using ACK from the sender's side).
PR/46265 from Changli Gao.
rumpnet_net: add pfil.c
Update rumpdev_npf; use WARNS=4.
Add initial NPF regression tests integrated with RUMP framework (running the
kernel part of NPF in userland). Other tests will be added once converted to
RUMP framework. All tests are in the public domain.
Some Makefile fixes from christos@.
- Fix double-free case on ICMP return case.
- npf_pfil_register: handle kernels without INET6 option correctly.
- Reduce some #ifdefs.
npfctl(8): add show-config command. Also, update syntax.
npftest: add a stream processor, which prints out the TCP state information.
A tool for debugging connection tracking from tcpdump -w captured data.
npftest: add a module for TCP state tracking and add few test cases.
npf_state_tcp: add an assert; fix some comments while here.
- Rework NPF NAT syntax to be more structured and support future additions
of different types and configurations of NAT.
- npfctl: improve disassemble and show-config command functionality.
- Fix custom ICMP code and type filtering.
make this compile again.
remove error(1) output
Remove superfluous Pp
- make each element of a variable hold a type
- change get_type to take an index, so we can get the individual types of
each element (since primitive elements can be in lists)
- make port_range primitive
- add a routine to convert a variable of primitives to a variable containing
- only port ranges.
remove extra rule that got merged...
diffstat:
sys/net/npf/npf.h | 8 +-
sys/net/npf/npf_ctl.c | 32 +-
sys/net/npf/npf_handler.c | 52 +-
sys/net/npf/npf_impl.h | 18 +-
sys/net/npf/npf_mbuf.c | 8 +-
sys/net/npf/npf_ncode.h | 13 +-
sys/net/npf/npf_sendpkt.c | 51 +-
sys/net/npf/npf_state.c | 5 +-
sys/net/npf/npf_state_tcp.c | 34 +-
sys/rump/dev/lib/libnpf/Makefile | 14 +-
sys/rump/net/lib/libnet/Makefile | 4 +-
usr.sbin/npf/npfctl/Makefile | 3 +-
usr.sbin/npf/npfctl/npf.conf.5 | 49 +-
usr.sbin/npf/npfctl/npf_build.c | 133 +++-
usr.sbin/npf/npfctl/npf_data.c | 54 +-
usr.sbin/npf/npfctl/npf_disassemble.c | 535 ++++++++++++++----
usr.sbin/npf/npfctl/npf_ncgen.c | 12 +-
usr.sbin/npf/npfctl/npf_parse.y | 128 ++--
usr.sbin/npf/npfctl/npf_scan.l | 18 +-
usr.sbin/npf/npfctl/npf_var.c | 52 +-
usr.sbin/npf/npfctl/npf_var.h | 14 +-
usr.sbin/npf/npfctl/npfctl.c | 31 +-
usr.sbin/npf/npfctl/npfctl.h | 39 +-
usr.sbin/npf/npftest/Makefile | 28 +
usr.sbin/npf/npftest/libnpftest/Makefile | 27 +
usr.sbin/npf/npftest/libnpftest/npf_mbuf_subr.c | 112 +++
usr.sbin/npf/npftest/libnpftest/npf_nbuf_test.c | 176 ++++++
usr.sbin/npf/npftest/libnpftest/npf_processor_test.c | 163 +++++
usr.sbin/npf/npftest/libnpftest/npf_state_test.c | 165 +++++
usr.sbin/npf/npftest/libnpftest/npf_table_test.c | 117 ++++
usr.sbin/npf/npftest/libnpftest/npf_test.h | 42 +
usr.sbin/npf/npftest/libnpftest/npf_test_subr.c | 74 ++
usr.sbin/npf/npftest/npfstream.c | 117 ++++
usr.sbin/npf/npftest/npftest.c | 200 +++++++
usr.sbin/npf/npftest/npftest.h | 24 +
35 files changed, 2114 insertions(+), 438 deletions(-)
diffs (truncated from 3842 to 300 lines):
diff -r f8257b23cf18 -r 5ef88192d5d6 sys/net/npf/npf.h
--- a/sys/net/npf/npf.h Mon Jun 25 00:43:40 2012 +0000
+++ b/sys/net/npf/npf.h Tue Jun 26 00:07:16 2012 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: npf.h,v 1.14.2.1 2012/04/03 17:22:52 riz Exp $ */
+/* $NetBSD: npf.h,v 1.14.2.2 2012/06/26 00:07:16 riz Exp $ */
/*-
* Copyright (c) 2009-2011 The NetBSD Foundation, Inc.
@@ -45,10 +45,6 @@
#include <netinet/in_systm.h>
#include <netinet/in.h>
-#ifdef _NPF_TESTING
-#include "testing.h"
-#endif
-
#define NPF_VERSION 4
/*
@@ -62,7 +58,7 @@
#define NPF_MAX_NETMASK (128)
#define NPF_NO_NETMASK ((npf_netmask_t)~0)
-#if defined(_KERNEL) || defined(_NPF_TESTING)
+#if defined(_KERNEL)
/* Network buffer. */
typedef void nbuf_t;
diff -r f8257b23cf18 -r 5ef88192d5d6 sys/net/npf/npf_ctl.c
--- a/sys/net/npf/npf_ctl.c Mon Jun 25 00:43:40 2012 +0000
+++ b/sys/net/npf/npf_ctl.c Tue Jun 26 00:07:16 2012 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: npf_ctl.c,v 1.12.2.1 2012/04/03 17:22:53 riz Exp $ */
+/* $NetBSD: npf_ctl.c,v 1.12.2.2 2012/06/26 00:07:16 riz Exp $ */
/*-
* Copyright (c) 2009-2012 The NetBSD Foundation, Inc.
@@ -37,7 +37,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: npf_ctl.c,v 1.12.2.1 2012/04/03 17:22:53 riz Exp $");
+__KERNEL_RCSID(0, "$NetBSD: npf_ctl.c,v 1.12.2.2 2012/06/26 00:07:16 riz Exp $");
#include <sys/param.h>
#include <sys/conf.h>
@@ -434,15 +434,14 @@
int error;
/* Retrieve the dictionary. */
-#ifdef _KERNEL
+#ifndef _NPF_TESTING
error = prop_dictionary_copyin_ioctl(pref, cmd, &npf_dict);
if (error)
return error;
#else
- npf_dict = prop_dictionary_internalize_from_file(data);
- if (npf_dict == NULL)
- return EINVAL;
+ npf_dict = (prop_dictionary_t)pref;
#endif
+
/* Dictionary for error reporting. */
errdict = prop_dictionary_create();
@@ -507,7 +506,7 @@
/* Error report. */
prop_dictionary_set_int32(errdict, "errno", error);
-#ifdef _KERNEL
+#ifndef _NPF_TESTING
prop_dictionary_copyout_ioctl(pref, cmd, errdict);
#endif
prop_object_release(errdict);
@@ -544,17 +543,11 @@
const char *name;
int error;
-#ifdef _KERNEL
/* Retrieve and construct the rule. */
error = prop_dictionary_copyin_ioctl(pref, cmd, &dict);
if (error) {
return error;
}
-#else
- dict = prop_dictionary_internalize_from_file(data);
- if (dict == NULL)
- return EINVAL;
-#endif
/* Dictionary for error reporting. */
errdict = prop_dictionary_create();
@@ -580,9 +573,7 @@
/* Error report. */
prop_dictionary_set_int32(errdict, "errno", error);
-#ifdef _KERNEL
prop_dictionary_copyout_ioctl(pref, cmd, errdict);
-#endif
prop_object_release(errdict);
return error;
}
@@ -612,11 +603,7 @@
/* Set the session list, NAT policy list and export the dictionary. */
prop_dictionary_set(sesdict, "session-list", selist);
prop_dictionary_set(sesdict, "nat-policy-list", nplist);
-#ifdef _KERNEL
error = prop_dictionary_copyout_ioctl(pref, cmd, sesdict);
-#else
- error = prop_dictionary_externalize_to_file(sesdict, data) ? 0 : errno;
-#endif
fail:
prop_object_release(sesdict);
return error;
@@ -636,15 +623,10 @@
int error;
/* Retrieve the dictionary containing session and NAT policy lists. */
-#ifdef _KERNEL
error = prop_dictionary_copyin_ioctl(pref, cmd, &sesdict);
if (error)
return error;
-#else
- sesdict = prop_dictionary_internalize_from_file(data);
- if (sesdict == NULL)
- return EINVAL;
-#endif
+
/*
* Note: session objects contain the references to the NAT policy
* entries. Therefore, no need to directly access it.
diff -r f8257b23cf18 -r 5ef88192d5d6 sys/net/npf/npf_handler.c
--- a/sys/net/npf/npf_handler.c Mon Jun 25 00:43:40 2012 +0000
+++ b/sys/net/npf/npf_handler.c Tue Jun 26 00:07:16 2012 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: npf_handler.c,v 1.13.2.1 2012/04/03 17:22:53 riz Exp $ */
+/* $NetBSD: npf_handler.c,v 1.13.2.2 2012/06/26 00:07:16 riz Exp $ */
/*-
* Copyright (c) 2009-2012 The NetBSD Foundation, Inc.
@@ -34,7 +34,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: npf_handler.c,v 1.13.2.1 2012/04/03 17:22:53 riz Exp $");
+__KERNEL_RCSID(0, "$NetBSD: npf_handler.c,v 1.13.2.2 2012/06/26 00:07:16 riz Exp $");
#include <sys/types.h>
#include <sys/param.h>
@@ -61,8 +61,6 @@
static struct pfil_head * npf_ph_inet = NULL;
static struct pfil_head * npf_ph_inet6 = NULL;
-int npf_packet_handler(void *, struct mbuf **, ifnet_t *, int);
-
/*
* npf_ifhook: hook handling interface changes.
*/
@@ -236,17 +234,20 @@
* Depending on the flags and protocol, return TCP reset (RST) or
* ICMP destination unreachable.
*/
- if (retfl) {
- npf_return_block(&npc, nbuf, retfl);
+ if (retfl && npf_return_block(&npc, nbuf, retfl)) {
+ *mp = NULL;
}
+
if (error) {
npf_stats_inc(NPF_STAT_ERROR);
} else {
error = ENETUNREACH;
}
- m_freem(*mp);
- *mp = NULL;
+ if (*mp) {
+ m_freem(*mp);
+ *mp = NULL;
+ }
return error;
}
@@ -271,7 +272,7 @@
npf_ph_if = pfil_head_get(PFIL_TYPE_IFNET, 0);
npf_ph_inet = pfil_head_get(PFIL_TYPE_AF, AF_INET);
npf_ph_inet6 = pfil_head_get(PFIL_TYPE_AF, AF_INET6);
- if (npf_ph_if == NULL || npf_ph_inet == NULL || npf_ph_inet6 == NULL) {
+ if (!npf_ph_if || (!npf_ph_inet && !npf_ph_inet6)) {
npf_ph_if = NULL;
error = ENOENT;
goto fail;
@@ -283,13 +284,16 @@
KASSERT(error == 0);
/* Packet IN/OUT handler on all interfaces and IP layer. */
- error = pfil_add_hook(npf_packet_handler, NULL,
- PFIL_WAITOK | PFIL_ALL, npf_ph_inet);
- KASSERT(error == 0);
-
- error = pfil_add_hook(npf_packet_handler, NULL,
- PFIL_WAITOK | PFIL_ALL, npf_ph_inet6);
- KASSERT(error == 0);
+ if (npf_ph_inet) {
+ error = pfil_add_hook(npf_packet_handler, NULL,
+ PFIL_WAITOK | PFIL_ALL, npf_ph_inet);
+ KASSERT(error == 0);
+ }
+ if (npf_ph_inet6) {
+ error = pfil_add_hook(npf_packet_handler, NULL,
+ PFIL_WAITOK | PFIL_ALL, npf_ph_inet6);
+ KASSERT(error == 0);
+ }
fail:
KERNEL_UNLOCK_ONE(NULL);
mutex_exit(softnet_lock);
@@ -308,15 +312,19 @@
KERNEL_LOCK(1, NULL);
if (npf_ph_if) {
- (void)pfil_remove_hook(npf_packet_handler, NULL,
- PFIL_ALL, npf_ph_inet6);
+ (void)pfil_remove_hook(npf_ifhook, NULL,
+ PFIL_IFADDR | PFIL_IFNET, npf_ph_if);
+ }
+ if (npf_ph_inet) {
(void)pfil_remove_hook(npf_packet_handler, NULL,
PFIL_ALL, npf_ph_inet);
- (void)pfil_remove_hook(npf_ifhook, NULL,
- PFIL_IFADDR | PFIL_IFNET, npf_ph_if);
+ }
+ if (npf_ph_inet6) {
+ (void)pfil_remove_hook(npf_packet_handler, NULL,
+ PFIL_ALL, npf_ph_inet6);
+ }
- npf_ph_if = NULL;
- }
+ npf_ph_if = NULL;
KERNEL_UNLOCK_ONE(NULL);
mutex_exit(softnet_lock);
diff -r f8257b23cf18 -r 5ef88192d5d6 sys/net/npf/npf_impl.h
--- a/sys/net/npf/npf_impl.h Mon Jun 25 00:43:40 2012 +0000
+++ b/sys/net/npf/npf_impl.h Tue Jun 26 00:07:16 2012 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: npf_impl.h,v 1.10.2.1 2012/04/03 17:22:53 riz Exp $ */
+/* $NetBSD: npf_impl.h,v 1.10.2.2 2012/06/26 00:07:16 riz Exp $ */
/*-
* Copyright (c) 2009-2012 The NetBSD Foundation, Inc.
@@ -37,7 +37,7 @@
#ifndef _NPF_IMPL_H_
#define _NPF_IMPL_H_
-#if !defined(_KERNEL) && !defined(_NPF_TESTING)
+#if !defined(_KERNEL)
#error "Kernel-level header only"
#endif
@@ -51,10 +51,6 @@
#include "npf.h"
#include "npf_ncode.h"
-#ifdef _NPF_TESTING
-#include "testing.h"
-#endif
-
#ifdef _NPF_DEBUG
#define NPF_PRINTF(x) printf x
#else
@@ -119,6 +115,13 @@
npf_tcpstate_t nst_tcpst[2];
} npf_state_t;
+#if defined(_NPF_TESTING)
+void npf_state_sample(npf_state_t *, bool);
+#define NPF_TCP_STATE_SAMPLE(n, r) npf_state_sample(n, r)
+#else
+#define NPF_TCP_STATE_SAMPLE(n, r)
+#endif
+
/*
* INTERFACES.
*/
@@ -153,6 +156,7 @@
int npf_pfil_register(void);
void npf_pfil_unregister(void);
bool npf_pfil_registered_p(void);
+int npf_packet_handler(void *, struct mbuf **, ifnet_t *, int);
void npf_log_packet(npf_cache_t *, nbuf_t *, int);
/* Protocol helpers. */
@@ -177,7 +181,7 @@
bool npf_fetch_tcpopts(const npf_cache_t *, nbuf_t *,
uint16_t *, int *);
bool npf_normalize(npf_cache_t *, nbuf_t *, bool, bool, u_int, u_int);
-void npf_return_block(npf_cache_t *, nbuf_t *, const int);
+bool npf_return_block(npf_cache_t *, nbuf_t *, const int);
Home |
Main Index |
Thread Index |
Old Index