Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/netbsd-6]: src Pull up following revision(s) (requested by rmind in tick...
details: https://anonhg.NetBSD.org/src/rev/b9595c44e3ca
branches: netbsd-6
changeset: 775632:b9595c44e3ca
user: riz <riz%NetBSD.org@localhost>
date: Fri Feb 08 19:18:09 2013 +0000
description:
Pull up following revision(s) (requested by rmind in ticket #777):
usr.sbin/npf/npfctl/npfctl.c: revision 1.27
sys/net/npf/npf_session.c: revision 1.19
usr.sbin/npf/npftest/libnpftest/npf_mbuf_subr.c: revision 1.4
sys/net/npf/npf_rproc.c: revision 1.5
usr.sbin/npf/npftest/README: revision 1.3
sys/sys/mbuf.h: revision 1.151
sys/net/npf/npf_ruleset.c: revision 1.15
usr.sbin/npf/npftest/libnpftest/npf_nbuf_test.c: revision 1.3
sys/net/npf/npf_ruleset.c: revision 1.16
usr.sbin/npf/npftest/libnpftest/npf_state_test.c: revision 1.4
usr.sbin/npf/npftest/libnpftest/npf_nbuf_test.c: revision 1.4
sys/net/npf/npf_inet.c: revision 1.19
sys/net/npf/npf_instr.c: revision 1.15
sys/net/npf/npf_handler.c: revision 1.24
sys/net/npf/npf_handler.c: revision 1.25
sys/net/npf/npf_state_tcp.c: revision 1.12
sys/net/npf/npf_processor.c: revision 1.13
sys/net/npf/npf_impl.h: revision 1.25
sys/net/npf/npf_processor.c: revision 1.14
sys/net/npf/npf_mbuf.c: revision 1.10
sys/net/npf/npf_alg_icmp.c: revision 1.14
sys/net/npf/npf_mbuf.c: revision 1.9
usr.sbin/npf/npftest/libnpftest/npf_nat_test.c: revision 1.2
usr.sbin/npf/npftest/libnpftest/npf_rule_test.c: revision 1.3
sys/net/npf/npf_session.c: revision 1.20
sys/net/npf/npf_alg.c: revision 1.6
sys/kern/uipc_mbuf.c: revision 1.148
sys/net/npf/npf_inet.c: revision 1.20
sys/net/npf/npf.h: revision 1.25
sys/net/npf/npf_nat.c: revision 1.18
sys/net/npf/npf_state.c: revision 1.13
sys/net/npf/npf_sendpkt.c: revision 1.13
sys/net/npf/npf_ext_log.c: revision 1.2
usr.sbin/npf/npftest/libnpftest/npf_processor_test.c: revision 1.4
sys/net/npf/npf_ext_normalise.c: revision 1.2
- Rework NPF's nbuf interface: use advancing and ensuring as a main method.
Eliminate unnecessary copy and simplify. Adapt regression tests.
- Simplify ICMP ALG a little. While here, handle ICMP ECHO for traceroute.
- Minor fixes, misc cleanup.
Silence gcc in npf_recache().
Add m_ensure_contig() routine, which is equivalent to m_pullup, but does not
destroy the mbuf chain on failure (it is kept valid).
- nbuf_ensure_contig: rework to use m_ensure_contig(9), which will not free
the mbuf chain on failure. Fixes some corner cases. Improve regression
test and sprinkle some asserts.
- npf_reassembly: clear nbuf on IPv6 reassembly failure path (partial fix).
The problem was found and fix provided by Anthony Mallet.
diffstat:
sys/kern/uipc_mbuf.c | 76 +-
sys/net/npf/npf.h | 60 +-
sys/net/npf/npf_alg.c | 64 +-
sys/net/npf/npf_alg_icmp.c | 347 +++++++-------
sys/net/npf/npf_ext_log.c | 6 +-
sys/net/npf/npf_ext_normalise.c | 64 +--
sys/net/npf/npf_handler.c | 115 +++-
sys/net/npf/npf_impl.h | 82 +-
sys/net/npf/npf_inet.c | 447 ++++++++----------
sys/net/npf/npf_instr.c | 133 +---
sys/net/npf/npf_mbuf.c | 305 ++++++------
sys/net/npf/npf_nat.c | 51 +-
sys/net/npf/npf_processor.c | 64 +-
sys/net/npf/npf_rproc.c | 7 +-
sys/net/npf/npf_ruleset.c | 15 +-
sys/net/npf/npf_sendpkt.c | 19 +-
sys/net/npf/npf_session.c | 155 +++--
sys/net/npf/npf_state.c | 10 +-
sys/net/npf/npf_state_tcp.c | 13 +-
sys/sys/mbuf.h | 4 +-
usr.sbin/npf/npfctl/npfctl.c | 8 +-
usr.sbin/npf/npftest/README | 6 +-
usr.sbin/npf/npftest/libnpftest/npf_mbuf_subr.c | 7 +-
usr.sbin/npf/npftest/libnpftest/npf_nat_test.c | 15 +-
usr.sbin/npf/npftest/libnpftest/npf_nbuf_test.c | 80 ++-
usr.sbin/npf/npftest/libnpftest/npf_processor_test.c | 37 +-
usr.sbin/npf/npftest/libnpftest/npf_rule_test.c | 12 +-
usr.sbin/npf/npftest/libnpftest/npf_state_test.c | 15 +-
28 files changed, 1120 insertions(+), 1097 deletions(-)
diffs (truncated from 4181 to 300 lines):
diff -r f0f7b9e87ead -r b9595c44e3ca sys/kern/uipc_mbuf.c
--- a/sys/kern/uipc_mbuf.c Sat Feb 02 15:44:21 2013 +0000
+++ b/sys/kern/uipc_mbuf.c Fri Feb 08 19:18:09 2013 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: uipc_mbuf.c,v 1.145 2012/02/10 17:35:47 para Exp $ */
+/* $NetBSD: uipc_mbuf.c,v 1.145.2.1 2013/02/08 19:18:12 riz Exp $ */
/*-
* Copyright (c) 1999, 2001 The NetBSD Foundation, Inc.
@@ -62,7 +62,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: uipc_mbuf.c,v 1.145 2012/02/10 17:35:47 para Exp $");
+__KERNEL_RCSID(0, "$NetBSD: uipc_mbuf.c,v 1.145.2.1 2013/02/08 19:18:12 riz Exp $");
#include "opt_mbuftrace.h"
#include "opt_nmbclusters.h"
@@ -907,21 +907,18 @@
}
/*
- * Rearrange an mbuf chain so that len bytes are contiguous
- * and in the data area of an mbuf (so that mtod and dtom
- * will work for a structure of size len). Returns the resulting
- * mbuf chain on success, frees it and returns null on failure.
- * If there is room, it will add up to max_protohdr-len extra bytes to the
- * contiguous region in an attempt to avoid being called next time.
+ * m_ensure_contig: rearrange an mbuf chain that given length of bytes
+ * would be contiguous and in the data area of an mbuf (therefore, mtod()
+ * would work for a structure of given length).
+ *
+ * => On success, returns true and the resulting mbuf chain; false otherwise.
+ * => The mbuf chain may change, but is always preserved valid.
*/
-int MPFail;
-
-struct mbuf *
-m_pullup(struct mbuf *n, int len)
+bool
+m_ensure_contig(struct mbuf **m0, int len)
{
- struct mbuf *m;
- int count;
- int space;
+ struct mbuf *n = *m0, *m;
+ size_t count, space;
/*
* If first mbuf has no cluster, and has room for len bytes
@@ -930,17 +927,20 @@
*/
if ((n->m_flags & M_EXT) == 0 &&
n->m_data + len < &n->m_dat[MLEN] && n->m_next) {
- if (n->m_len >= len)
- return (n);
+ if (n->m_len >= len) {
+ return true;
+ }
m = n;
n = n->m_next;
len -= m->m_len;
} else {
- if (len > MHLEN)
- goto bad;
+ if (len > MHLEN) {
+ return false;
+ }
MGET(m, M_DONTWAIT, n->m_type);
- if (m == 0)
- goto bad;
+ if (m == NULL) {
+ return false;
+ }
MCLAIM(m, n->m_owner);
m->m_len = 0;
if (n->m_flags & M_PKTHDR) {
@@ -949,7 +949,7 @@
}
space = &m->m_dat[MLEN] - (m->m_data + m->m_len);
do {
- count = min(min(max(len, max_protohdr), space), n->m_len);
+ count = MIN(MIN(MAX(len, max_protohdr), space), n->m_len);
memcpy(mtod(m, char *) + m->m_len, mtod(n, void *),
(unsigned)count);
len -= count;
@@ -961,16 +961,30 @@
else
n = m_free(n);
} while (len > 0 && n);
- if (len > 0) {
- (void) m_free(m);
- goto bad;
- }
+
m->m_next = n;
- return (m);
-bad:
- m_freem(n);
- MPFail++;
- return (NULL);
+ *m0 = m;
+
+ return len <= 0;
+}
+
+/*
+ * m_pullup: same as m_ensure_contig(), but destroys mbuf chain on error.
+ */
+int MPFail;
+
+struct mbuf *
+m_pullup(struct mbuf *n, int len)
+{
+ struct mbuf *m = n;
+
+ if (!m_ensure_contig(&m, len)) {
+ KASSERT(m != NULL);
+ m_freem(m);
+ MPFail++;
+ m = NULL;
+ }
+ return m;
}
/*
diff -r f0f7b9e87ead -r b9595c44e3ca sys/net/npf/npf.h
--- a/sys/net/npf/npf.h Sat Feb 02 15:44:21 2013 +0000
+++ b/sys/net/npf/npf.h Fri Feb 08 19:18:09 2013 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: npf.h,v 1.14.2.10 2013/01/07 16:51:08 riz Exp $ */
+/* $NetBSD: npf.h,v 1.14.2.11 2013/02/08 19:18:11 riz Exp $ */
/*-
* Copyright (c) 2009-2012 The NetBSD Foundation, Inc.
@@ -69,6 +69,7 @@
/*
* Packet information cache.
*/
+#include <net/if.h>
#include <netinet/ip.h>
#include <netinet/ip6.h>
#include <netinet/tcp.h>
@@ -86,6 +87,8 @@
#define NPC_ICMP 0x40 /* ICMP header. */
#define NPC_ICMP_ID 0x80 /* ICMP with query ID. */
+#define NPC_ALG_EXEC 0x100 /* ALG execution. */
+
#define NPC_IP46 (NPC_IP4|NPC_IP6)
typedef struct {
@@ -95,20 +98,21 @@
npf_addr_t * npc_srcip;
npf_addr_t * npc_dstip;
/* Size (v4 or v6) of IP addresses. */
- int npc_alen;
- u_int npc_hlen;
- int npc_next_proto;
+ uint8_t npc_alen;
+ uint8_t npc_hlen;
+ uint16_t npc_proto;
/* IPv4, IPv6. */
union {
- struct ip v4;
- struct ip6_hdr v6;
+ struct ip * v4;
+ struct ip6_hdr * v6;
} npc_ip;
/* TCP, UDP, ICMP. */
union {
- struct tcphdr tcp;
- struct udphdr udp;
- struct icmp icmp;
- struct icmp6_hdr icmp6;
+ struct tcphdr * tcp;
+ struct udphdr * udp;
+ struct icmp * icmp;
+ struct icmp6_hdr * icmp6;
+ void * hdr;
} npc_l4;
} npf_cache_t;
@@ -123,7 +127,7 @@
npf_cache_ipproto(const npf_cache_t *npc)
{
KASSERT(npf_iscached(npc, NPC_IP46));
- return npc->npc_next_proto;
+ return npc->npc_proto;
}
static inline u_int
@@ -137,16 +141,31 @@
* Network buffer interface.
*/
-typedef void nbuf_t;
+#define NBUF_DATAREF_RESET 0x01
+
+typedef struct {
+ struct mbuf * nb_mbuf0;
+ struct mbuf * nb_mbuf;
+ void * nb_nptr;
+ const ifnet_t * nb_ifp;
+ int nb_flags;
+} nbuf_t;
-void * nbuf_dataptr(void *);
-void * nbuf_advance(nbuf_t **, void *, u_int);
-int nbuf_advfetch(nbuf_t **, void **, u_int, size_t, void *);
-int nbuf_advstore(nbuf_t **, void **, u_int, size_t, void *);
-int nbuf_fetch_datum(nbuf_t *, void *, size_t, void *);
-int nbuf_store_datum(nbuf_t *, void *, size_t, void *);
+void nbuf_init(nbuf_t *, struct mbuf *, const ifnet_t *);
+void nbuf_reset(nbuf_t *);
+struct mbuf * nbuf_head_mbuf(nbuf_t *);
+
+bool nbuf_flag_p(const nbuf_t *, int);
+void nbuf_unset_flag(nbuf_t *, int);
-void nbuf_cksum_barrier(nbuf_t *);
+void * nbuf_dataptr(nbuf_t *);
+size_t nbuf_offset(const nbuf_t *);
+void * nbuf_advance(nbuf_t *, size_t, size_t);
+
+void * nbuf_ensure_contig(nbuf_t *, size_t);
+void * nbuf_ensure_writable(nbuf_t *, size_t);
+
+bool nbuf_cksum_barrier(nbuf_t *, int);
int nbuf_add_tag(nbuf_t *, uint32_t, uint32_t);
int nbuf_find_tag(nbuf_t *, uint32_t, void **);
@@ -264,6 +283,9 @@
NPF_STAT_REASSFAIL,
/* Other errors. */
NPF_STAT_ERROR,
+ /* nbuf non-contiguous cases. */
+ NPF_STAT_NBUF_NONCONTIG,
+ NPF_STAT_NBUF_CONTIG_FAIL,
/* Count (last). */
NPF_STATS_COUNT
} npf_stats_t;
diff -r f0f7b9e87ead -r b9595c44e3ca sys/net/npf/npf_alg.c
--- a/sys/net/npf/npf_alg.c Sat Feb 02 15:44:21 2013 +0000
+++ b/sys/net/npf/npf_alg.c Fri Feb 08 19:18:09 2013 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: npf_alg.c,v 1.2.16.3 2012/07/16 22:13:26 riz Exp $ */
+/* $NetBSD: npf_alg.c,v 1.2.16.4 2013/02/08 19:18:11 riz Exp $ */
/*-
* Copyright (c) 2010 The NetBSD Foundation, Inc.
@@ -34,7 +34,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: npf_alg.c,v 1.2.16.3 2012/07/16 22:13:26 riz Exp $");
+__KERNEL_RCSID(0, "$NetBSD: npf_alg.c,v 1.2.16.4 2013/02/08 19:18:11 riz Exp $");
#include <sys/param.h>
#include <sys/types.h>
@@ -48,17 +48,16 @@
/* NAT ALG structure for registration. */
struct npf_alg {
- LIST_ENTRY(npf_alg) na_entry;
- npf_alg_t * na_bptr;
- npf_algfunc_t na_match_func;
- npf_algfunc_t na_out_func;
- npf_algfunc_t na_in_func;
- npf_algfunc_t na_seid_func;
+ LIST_ENTRY(npf_alg) na_entry;
+ npf_alg_t * na_bptr;
+ npf_alg_func_t na_match_func;
+ npf_alg_func_t na_tr_func;
+ npf_alg_sfunc_t na_se_func;
};
-static LIST_HEAD(, npf_alg) nat_alg_list __cacheline_aligned;
-static kmutex_t nat_alg_lock __cacheline_aligned;
-static pserialize_t nat_alg_psz __cacheline_aligned;
+static LIST_HEAD(, npf_alg) nat_alg_list __cacheline_aligned;
+static kmutex_t nat_alg_lock __cacheline_aligned;
+static pserialize_t nat_alg_psz __cacheline_aligned;
void
npf_alg_sysinit(void)
@@ -84,17 +83,16 @@
* XXX: Protected by module lock, but unify serialisation later.
*/
npf_alg_t *
-npf_alg_register(npf_algfunc_t match, npf_algfunc_t out, npf_algfunc_t in,
- npf_algfunc_t seid)
+npf_alg_register(npf_alg_func_t mfunc, npf_alg_func_t tfunc,
+ npf_alg_sfunc_t sfunc)
{
npf_alg_t *alg;
alg = kmem_zalloc(sizeof(npf_alg_t), KM_SLEEP);
alg->na_bptr = alg;
- alg->na_match_func = match;
Home |
Main Index |
Thread Index |
Old Index