Source-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[src/trunk]: src - Expire all sessions on flush.



details:   https://anonhg.NetBSD.org/src/rev/a3862d524816
branches:  trunk
changeset: 772752:a3862d524816
user:      rmind <rmind%NetBSD.org@localhost>
date:      Sun Jan 15 00:49:47 2012 +0000

description:
- Expire all sessions on flush.
- Enable checking for zero mask in IP{4,6}MATCH after npfctl changes.
- Make locking symmetric for npf_ruleset_inspect().
- Sync function prototypes in npf(3) man page with reality.
- Rename NPF_TABLE_RBTREE to NPF_TABLE_TREE.

diffstat:

 lib/libnpf/npf.3                |  20 ++++++++++++--------
 lib/libnpf/npf.c                |  26 ++++++++++++++++++++++----
 lib/libnpf/npf.h                |   3 ++-
 sys/net/npf/npf.c               |   7 ++-----
 sys/net/npf/npf.h               |   4 ++--
 sys/net/npf/npf_ctl.c           |  11 +++++++++--
 sys/net/npf/npf_handler.c       |   5 +++--
 sys/net/npf/npf_instr.c         |  13 ++++---------
 sys/net/npf/npf_nat.c           |   5 +++--
 sys/net/npf/npf_processor.c     |  11 ++++++-----
 sys/net/npf/npf_ruleset.c       |  10 +++-------
 sys/net/npf/npf_tableset.c      |  18 +++++++++---------
 usr.sbin/npf/npfctl/npf_build.c |  19 ++-----------------
 usr.sbin/npf/npfctl/npf_parse.y |   4 ++--
 usr.sbin/npf/npfctl/npf_var.c   |  11 ++++++-----
 usr.sbin/npf/npfctl/npfctl.c    |   6 +++---
 usr.sbin/npf/npfctl/npfctl.h    |   3 +--
 17 files changed, 91 insertions(+), 85 deletions(-)

diffs (truncated from 656 to 300 lines):

diff -r 2a0651b6ff0b -r a3862d524816 lib/libnpf/npf.3
--- a/lib/libnpf/npf.3  Sun Jan 15 00:25:33 2012 +0000
+++ b/lib/libnpf/npf.3  Sun Jan 15 00:49:47 2012 +0000
@@ -1,6 +1,6 @@
-.\"    $NetBSD: npf.3,v 1.3 2011/03/22 07:28:41 jruoho Exp $
+.\"    $NetBSD: npf.3,v 1.4 2012/01/15 00:49:47 rmind Exp $
 .\"
-.\" Copyright (c) 2011 The NetBSD Foundation, Inc.
+.\" Copyright (c) 2011-2012 The NetBSD Foundation, Inc.
 .\" All rights reserved.
 .\"
 .\" This material is based upon work partially supported by The
@@ -27,7 +27,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 .\" POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd March 22, 2011
+.Dd January 14, 2012
 .Dt NPF 3
 .Os
 .Sh NAME
@@ -44,6 +44,8 @@
 .Fn npf_config_submit "nl_config_t *ncf" "int fd"
 .Ft void
 .Fn npf_config_destroy "nl_config_t *ncf"
+.Ft int
+.Fn npf_config_flush "int fd"
 .\" ---
 .Ft nl_rule_t *
 .Fn npf_rule_create "char *name" "uint32_t attr" "u_int if_idx"
@@ -67,13 +69,13 @@
 .Fn npf_rproc_insert "nl_config_t *ncf" "nl_rproc_t *rp"
 .\" ---
 .Ft nl_nat_t *
-.Fn npf_nat_create "int type" "int flags" "u_int if_idx" \
+.Fn npf_nat_create "int type" "u_int flags" "u_int if_idx" \
 "npf_addr_t *addr" "int af" "in_port_t port"
 .Ft int
 .Fn npf_nat_insert "nl_config_t *ncf" "nl_nat_t *nt" "pri_t pri"
 .\" ---
 .Ft nl_table_t *
-.Fn npf_table_create "int index" "int type"
+.Fn npf_table_create "u_int id" "int type"
 .Ft int
 .Fn npf_table_add_entry "nl_table_t *tl" "in_addr_t addr" "in_addr_t mask"
 .Ft bool
@@ -84,7 +86,7 @@
 .Fn npf_table_destroy "nl_table_t *tl"
 .\" ---
 .Ft int
-.Fn npf_update_rule "int fd" "char *rname" "nl_rule_t *rl"
+.Fn npf_update_rule "int fd" "const char *rname" "nl_rule_t *rl"
 .Ft int
 .Fn npf_sessions_send "int fd" "const char *fpath"
 .Ft int
@@ -109,6 +111,8 @@
 .It Fn npf_config_destroy "ncf"
 Destroy the configuration
 .Fa ncf .
+.It Fn npf_config_flush "fd"
+Flush the current configuration.
 .El
 .\" ---
 .Ss Rule interface
@@ -247,10 +251,10 @@
 .It Fn npf_table_create "index" "type"
 Create NPF table of specified type.
 The following types are supported:
-.Bl -tag -width "NPF_TABLE_RBTREE "
+.Bl -tag -width "NPF_TABLE_TREE "
 .It Dv NPF_TABLE_HASH
 Indicates to use hash table for storage.
-.It Dv NPF_TABLE_RBTREE
+.It Dv NPF_TABLE_TREE
 Indicates to use red-black tree for storage.
 Table is identified by
 .Fa index ,
diff -r 2a0651b6ff0b -r a3862d524816 lib/libnpf/npf.c
--- a/lib/libnpf/npf.c  Sun Jan 15 00:25:33 2012 +0000
+++ b/lib/libnpf/npf.c  Sun Jan 15 00:49:47 2012 +0000
@@ -1,7 +1,7 @@
-/*     $NetBSD: npf.c,v 1.5 2011/11/26 23:42:27 christos Exp $ */
+/*     $NetBSD: npf.c,v 1.6 2012/01/15 00:49:47 rmind Exp $    */
 
 /*-
- * Copyright (c) 2010-2011 The NetBSD Foundation, Inc.
+ * Copyright (c) 2010-2012 The NetBSD Foundation, Inc.
  * All rights reserved.
  *
  * This material is based upon work partially supported by The
@@ -30,7 +30,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: npf.c,v 1.5 2011/11/26 23:42:27 christos Exp $");
+__KERNEL_RCSID(0, "$NetBSD: npf.c,v 1.6 2012/01/15 00:49:47 rmind Exp $");
 
 #include <sys/types.h>
 #include <netinet/in_systm.h>
@@ -56,6 +56,7 @@
        pri_t                   ncf_nat_pri;
        /* Custom file to externalise property-list. */
        const char *            ncf_plist;
+       bool                    ncf_flush;
 };
 
 struct nl_rule {
@@ -92,6 +93,7 @@
        ncf->ncf_nat_pri = 1;
 
        ncf->ncf_plist = NULL;
+       ncf->ncf_flush = false;
 
        return ncf;
 }
@@ -111,6 +113,7 @@
        prop_dictionary_set(npf_dict, "rprocs", ncf->ncf_rproc_list);
        prop_dictionary_set(npf_dict, "tables", ncf->ncf_table_list);
        prop_dictionary_set(npf_dict, "translation", ncf->ncf_nat_list);
+       prop_dictionary_set_bool(npf_dict, "flush", ncf->ncf_flush);
 
        if (plist) {
                if (!prop_dictionary_externalize_to_file(npf_dict, plist)) {
@@ -123,6 +126,22 @@
        return error;
 }
 
+int
+npf_config_flush(int fd)
+{
+       nl_config_t *ncf;
+       int error;
+
+       ncf = npf_config_create();
+       if (ncf == NULL) {
+               return ENOMEM;
+       }
+       ncf->ncf_flush = true;
+       error = npf_config_submit(ncf, fd);
+       npf_config_destroy(ncf);
+       return error;
+}
+
 void
 npf_config_destroy(nl_config_t *ncf)
 {
@@ -510,7 +529,6 @@
  */
 
 int
-/*ARGSUSED*/
 npf_update_rule(int fd, const char *rname __unused, nl_rule_t *rl)
 {
        prop_dictionary_t rldict = rl->nrl_dict;
diff -r 2a0651b6ff0b -r a3862d524816 lib/libnpf/npf.h
--- a/lib/libnpf/npf.h  Sun Jan 15 00:25:33 2012 +0000
+++ b/lib/libnpf/npf.h  Sun Jan 15 00:49:47 2012 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: npf.h,v 1.4 2011/11/26 23:42:27 christos Exp $ */
+/*     $NetBSD: npf.h,v 1.5 2012/01/15 00:49:47 rmind Exp $    */
 
 /*-
  * Copyright (c) 2011 The NetBSD Foundation, Inc.
@@ -63,6 +63,7 @@
 nl_config_t *  npf_config_create(void);
 int            npf_config_submit(nl_config_t *, int);
 void           npf_config_destroy(nl_config_t *);
+int            npf_config_flush(int);
 #ifdef _NPF_PRIVATE
 void           _npf_config_setsubmit(nl_config_t *, const char *);
 #endif
diff -r 2a0651b6ff0b -r a3862d524816 sys/net/npf/npf.c
--- a/sys/net/npf/npf.c Sun Jan 15 00:25:33 2012 +0000
+++ b/sys/net/npf/npf.c Sun Jan 15 00:49:47 2012 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: npf.c,v 1.6 2011/11/06 13:08:04 tron Exp $     */
+/*     $NetBSD: npf.c,v 1.7 2012/01/15 00:49:48 rmind Exp $    */
 
 /*-
  * Copyright (c) 2009-2010 The NetBSD Foundation, Inc.
@@ -34,7 +34,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: npf.c,v 1.6 2011/11/06 13:08:04 tron Exp $");
+__KERNEL_RCSID(0, "$NetBSD: npf.c,v 1.7 2012/01/15 00:49:48 rmind Exp $");
 
 #include <sys/param.h>
 #include <sys/types.h>
@@ -285,9 +285,6 @@
        /* Unlock.  Everything goes "live" now. */
        rw_exit(&npf_lock);
 
-       /* Turn on/off session tracking accordingly. */
-       npf_session_tracking(true);
-
        if (onc) {
                /* Destroy unloaded structures. */
                npf_core_destroy(onc);
diff -r 2a0651b6ff0b -r a3862d524816 sys/net/npf/npf.h
--- a/sys/net/npf/npf.h Sun Jan 15 00:25:33 2012 +0000
+++ b/sys/net/npf/npf.h Sun Jan 15 00:49:47 2012 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: npf.h,v 1.11 2011/11/29 20:05:30 rmind Exp $   */
+/*     $NetBSD: npf.h,v 1.12 2012/01/15 00:49:48 rmind Exp $   */
 
 /*-
  * Copyright (c) 2009-2011 The NetBSD Foundation, Inc.
@@ -248,7 +248,7 @@
 
 /* Table types. */
 #define        NPF_TABLE_HASH                  1
-#define        NPF_TABLE_RBTREE                2
+#define        NPF_TABLE_TREE                  2
 
 /* Layers. */
 #define        NPF_LAYER_2                     2
diff -r 2a0651b6ff0b -r a3862d524816 sys/net/npf/npf_ctl.c
--- a/sys/net/npf/npf_ctl.c     Sun Jan 15 00:25:33 2012 +0000
+++ b/sys/net/npf/npf_ctl.c     Sun Jan 15 00:49:47 2012 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: npf_ctl.c,v 1.10 2011/11/29 20:05:30 rmind Exp $       */
+/*     $NetBSD: npf_ctl.c,v 1.11 2012/01/15 00:49:48 rmind Exp $       */
 
 /*-
  * Copyright (c) 2009-2011 The NetBSD Foundation, Inc.
@@ -37,7 +37,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: npf_ctl.c,v 1.10 2011/11/29 20:05:30 rmind Exp $");
+__KERNEL_RCSID(0, "$NetBSD: npf_ctl.c,v 1.11 2012/01/15 00:49:48 rmind Exp $");
 
 #include <sys/param.h>
 #include <sys/conf.h>
@@ -376,6 +376,7 @@
        npf_ruleset_t *rlset = NULL;
        npf_ruleset_t *nset = NULL;
        prop_dictionary_t dict;
+       bool flush;
        int error;
 
        /* Retrieve the dictionary. */
@@ -413,12 +414,18 @@
                goto fail;
        }
 
+       flush = false;
+       prop_dictionary_get_bool(dict, "flush", &flush);
+
        /*
         * Finally - reload ruleset, tableset and NAT policies.
         * Operation will be performed as a single transaction.
         */
        npf_reload(rlset, tblset, nset);
 
+       /* Turn on/off session tracking accordingly. */
+       npf_session_tracking(!flush);
+
        /* Done.  Since data is consumed now, we shall not destroy it. */
        tblset = NULL;
        rlset = NULL;
diff -r 2a0651b6ff0b -r a3862d524816 sys/net/npf/npf_handler.c
--- a/sys/net/npf/npf_handler.c Sun Jan 15 00:25:33 2012 +0000
+++ b/sys/net/npf/npf_handler.c Sun Jan 15 00:49:47 2012 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: npf_handler.c,v 1.11 2011/11/29 20:05:30 rmind Exp $   */
+/*     $NetBSD: npf_handler.c,v 1.12 2012/01/15 00:49:48 rmind Exp $   */
 
 /*-
  * Copyright (c) 2009-2010 The NetBSD Foundation, Inc.
@@ -34,7 +34,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: npf_handler.c,v 1.11 2011/11/29 20:05:30 rmind Exp $");
+__KERNEL_RCSID(0, "$NetBSD: npf_handler.c,v 1.12 2012/01/15 00:49:48 rmind Exp $");
 
 #include <sys/param.h>
 #include <sys/systm.h>
@@ -156,6 +156,7 @@
        rlset = npf_core_ruleset();
        rl = npf_ruleset_inspect(&npc, nbuf, rlset, ifp, di, NPF_LAYER_3);
        if (rl == NULL) {
+               npf_core_exit();
                if (default_pass) {
                        npf_stats_inc(NPF_STAT_PASS_DEFAULT);
                        goto pass;
diff -r 2a0651b6ff0b -r a3862d524816 sys/net/npf/npf_instr.c
--- a/sys/net/npf/npf_instr.c   Sun Jan 15 00:25:33 2012 +0000
+++ b/sys/net/npf/npf_instr.c   Sun Jan 15 00:49:47 2012 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: npf_instr.c,v 1.8 2011/11/29 20:05:30 rmind Exp $      */
+/*     $NetBSD: npf_instr.c,v 1.9 2012/01/15 00:49:48 rmind Exp $      */
 
 /*-
  * Copyright (c) 2009-2010 The NetBSD Foundation, Inc.
@@ -34,7 +34,7 @@
  */
 



Home | Main Index | Thread Index | Old Index