Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src npftest: add a stream processor, which prints out the TCP st...
details: https://anonhg.NetBSD.org/src/rev/932401cf046b
branches: trunk
changeset: 779489:932401cf046b
user: rmind <rmind%NetBSD.org@localhost>
date: Wed May 30 21:38:03 2012 +0000
description:
npftest: add a stream processor, which prints out the TCP state information.
A tool for debugging connection tracking from tcpdump -w captured data.
diffstat:
sys/net/npf/npf_ctl.c | 32 +----
sys/net/npf/npf_handler.c | 6 +-
sys/net/npf/npf_impl.h | 10 +-
sys/net/npf/npf_state.c | 5 +-
sys/net/npf/npf_state_tcp.c | 15 +-
sys/rump/dev/lib/libnpf/Makefile | 3 +-
usr.sbin/npf/npftest/Makefile | 7 +-
usr.sbin/npf/npftest/libnpftest/Makefile | 2 +
usr.sbin/npf/npftest/libnpftest/npf_mbuf_subr.c | 8 +-
usr.sbin/npf/npftest/libnpftest/npf_test.h | 6 +-
usr.sbin/npf/npftest/libnpftest/npf_test_subr.c | 74 ++++++++++++
usr.sbin/npf/npftest/npfstream.c | 117 ++++++++++++++++++++
usr.sbin/npf/npftest/npftest.c | 138 +++++++++++++++++++++--
usr.sbin/npf/npftest/npftest.h | 7 +
14 files changed, 365 insertions(+), 65 deletions(-)
diffs (truncated from 765 to 300 lines):
diff -r 08961be4d05d -r 932401cf046b sys/net/npf/npf_ctl.c
--- a/sys/net/npf/npf_ctl.c Wed May 30 21:30:07 2012 +0000
+++ b/sys/net/npf/npf_ctl.c Wed May 30 21:38:03 2012 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: npf_ctl.c,v 1.14 2012/03/11 18:27:59 rmind Exp $ */
+/* $NetBSD: npf_ctl.c,v 1.15 2012/05/30 21:38:03 rmind Exp $ */
/*-
* Copyright (c) 2009-2012 The NetBSD Foundation, Inc.
@@ -37,7 +37,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: npf_ctl.c,v 1.14 2012/03/11 18:27:59 rmind Exp $");
+__KERNEL_RCSID(0, "$NetBSD: npf_ctl.c,v 1.15 2012/05/30 21:38:03 rmind Exp $");
#include <sys/param.h>
#include <sys/conf.h>
@@ -434,15 +434,14 @@
int error;
/* Retrieve the dictionary. */
-#ifdef _KERNEL
+#ifndef _NPF_TESTING
error = prop_dictionary_copyin_ioctl(pref, cmd, &npf_dict);
if (error)
return error;
#else
- npf_dict = prop_dictionary_internalize_from_file(data);
- if (npf_dict == NULL)
- return EINVAL;
+ npf_dict = (prop_dictionary_t)pref;
#endif
+
/* Dictionary for error reporting. */
errdict = prop_dictionary_create();
@@ -507,7 +506,7 @@
/* Error report. */
prop_dictionary_set_int32(errdict, "errno", error);
-#ifdef _KERNEL
+#ifndef _NPF_TESTING
prop_dictionary_copyout_ioctl(pref, cmd, errdict);
#endif
prop_object_release(errdict);
@@ -544,17 +543,11 @@
const char *name;
int error;
-#ifdef _KERNEL
/* Retrieve and construct the rule. */
error = prop_dictionary_copyin_ioctl(pref, cmd, &dict);
if (error) {
return error;
}
-#else
- dict = prop_dictionary_internalize_from_file(data);
- if (dict == NULL)
- return EINVAL;
-#endif
/* Dictionary for error reporting. */
errdict = prop_dictionary_create();
@@ -580,9 +573,7 @@
/* Error report. */
prop_dictionary_set_int32(errdict, "errno", error);
-#ifdef _KERNEL
prop_dictionary_copyout_ioctl(pref, cmd, errdict);
-#endif
prop_object_release(errdict);
return error;
}
@@ -612,11 +603,7 @@
/* Set the session list, NAT policy list and export the dictionary. */
prop_dictionary_set(sesdict, "session-list", selist);
prop_dictionary_set(sesdict, "nat-policy-list", nplist);
-#ifdef _KERNEL
error = prop_dictionary_copyout_ioctl(pref, cmd, sesdict);
-#else
- error = prop_dictionary_externalize_to_file(sesdict, data) ? 0 : errno;
-#endif
fail:
prop_object_release(sesdict);
return error;
@@ -636,15 +623,10 @@
int error;
/* Retrieve the dictionary containing session and NAT policy lists. */
-#ifdef _KERNEL
error = prop_dictionary_copyin_ioctl(pref, cmd, &sesdict);
if (error)
return error;
-#else
- sesdict = prop_dictionary_internalize_from_file(data);
- if (sesdict == NULL)
- return EINVAL;
-#endif
+
/*
* Note: session objects contain the references to the NAT policy
* entries. Therefore, no need to directly access it.
diff -r 08961be4d05d -r 932401cf046b sys/net/npf/npf_handler.c
--- a/sys/net/npf/npf_handler.c Wed May 30 21:30:07 2012 +0000
+++ b/sys/net/npf/npf_handler.c Wed May 30 21:38:03 2012 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: npf_handler.c,v 1.16 2012/05/06 02:45:25 rmind Exp $ */
+/* $NetBSD: npf_handler.c,v 1.17 2012/05/30 21:38:03 rmind Exp $ */
/*-
* Copyright (c) 2009-2012 The NetBSD Foundation, Inc.
@@ -34,7 +34,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: npf_handler.c,v 1.16 2012/05/06 02:45:25 rmind Exp $");
+__KERNEL_RCSID(0, "$NetBSD: npf_handler.c,v 1.17 2012/05/30 21:38:03 rmind Exp $");
#include <sys/types.h>
#include <sys/param.h>
@@ -61,8 +61,6 @@
static struct pfil_head * npf_ph_inet = NULL;
static struct pfil_head * npf_ph_inet6 = NULL;
-int npf_packet_handler(void *, struct mbuf **, ifnet_t *, int);
-
/*
* npf_ifhook: hook handling interface changes.
*/
diff -r 08961be4d05d -r 932401cf046b sys/net/npf/npf_impl.h
--- a/sys/net/npf/npf_impl.h Wed May 30 21:30:07 2012 +0000
+++ b/sys/net/npf/npf_impl.h Wed May 30 21:38:03 2012 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: npf_impl.h,v 1.14 2012/05/06 02:45:25 rmind Exp $ */
+/* $NetBSD: npf_impl.h,v 1.15 2012/05/30 21:38:03 rmind Exp $ */
/*-
* Copyright (c) 2009-2012 The NetBSD Foundation, Inc.
@@ -115,6 +115,13 @@
npf_tcpstate_t nst_tcpst[2];
} npf_state_t;
+#if defined(_NPF_TESTING)
+void npf_state_sample(npf_state_t *, bool);
+#define NPF_TCP_STATE_SAMPLE(n, r) npf_state_sample(n, r)
+#else
+#define NPF_TCP_STATE_SAMPLE(n, r)
+#endif
+
/*
* INTERFACES.
*/
@@ -149,6 +156,7 @@
int npf_pfil_register(void);
void npf_pfil_unregister(void);
bool npf_pfil_registered_p(void);
+int npf_packet_handler(void *, struct mbuf **, ifnet_t *, int);
void npf_log_packet(npf_cache_t *, nbuf_t *, int);
/* Protocol helpers. */
diff -r 08961be4d05d -r 932401cf046b sys/net/npf/npf_state.c
--- a/sys/net/npf/npf_state.c Wed May 30 21:30:07 2012 +0000
+++ b/sys/net/npf/npf_state.c Wed May 30 21:38:03 2012 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: npf_state.c,v 1.6 2011/11/29 20:05:30 rmind Exp $ */
+/* $NetBSD: npf_state.c,v 1.7 2012/05/30 21:38:03 rmind Exp $ */
/*-
* Copyright (c) 2010-2011 The NetBSD Foundation, Inc.
@@ -34,7 +34,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: npf_state.c,v 1.6 2011/11/29 20:05:30 rmind Exp $");
+__KERNEL_RCSID(0, "$NetBSD: npf_state.c,v 1.7 2012/05/30 21:38:03 rmind Exp $");
#include <sys/param.h>
#include <sys/systm.h>
@@ -134,6 +134,7 @@
default:
ret = false;
}
+ NPF_TCP_STATE_SAMPLE(nst, ret);
mutex_exit(&nst->nst_lock);
if (__predict_false(!ret)) {
diff -r 08961be4d05d -r 932401cf046b sys/net/npf/npf_state_tcp.c
--- a/sys/net/npf/npf_state_tcp.c Wed May 30 21:30:07 2012 +0000
+++ b/sys/net/npf/npf_state_tcp.c Wed May 30 21:38:03 2012 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: npf_state_tcp.c,v 1.4 2012/04/03 22:14:12 rmind Exp $ */
+/* $NetBSD: npf_state_tcp.c,v 1.5 2012/05/30 21:38:03 rmind Exp $ */
/*-
* Copyright (c) 2010-2011 The NetBSD Foundation, Inc.
@@ -34,7 +34,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: npf_state_tcp.c,v 1.4 2012/04/03 22:14:12 rmind Exp $");
+__KERNEL_RCSID(0, "$NetBSD: npf_state_tcp.c,v 1.5 2012/05/30 21:38:03 rmind Exp $");
#include <sys/param.h>
#include <sys/types.h>
@@ -50,13 +50,6 @@
#include "npf_impl.h"
-#if defined(_NPF_TESTING)
-void npf_state_sample(npf_state_t *);
-#define NPF_TCP_STATE_SAMPLE(nst) npf_state_sample(nst)
-#else
-#define NPF_TCP_STATE_SAMPLE(nst)
-#endif
-
/*
* NPF TCP states. Note: these states are different from the TCP FSM
* states of RFC 793. The packet filter is a man-in-the-middle.
@@ -389,8 +382,6 @@
end = fstate->nst_end;
seq = end;
}
-
- NPF_TCP_STATE_SAMPLE(nst);
#if 0
/* Strict in-order sequence for RST packets. */
if (((tcpfl & TH_RST) != 0) && (fstate->nst_end - seq) > 1) {
@@ -463,6 +454,7 @@
} else {
nstate = NPF_TCPS_CLOSED;
}
+
/* Determine whether TCP packet really belongs to this connection. */
if (!npf_tcp_inwindow(npc, nbuf, nst, di)) {
return false;
@@ -470,6 +462,7 @@
if (__predict_true(nstate == NPF_TCPS_OK)) {
return true;
}
+
nst->nst_state = nstate;
return true;
}
diff -r 08961be4d05d -r 932401cf046b sys/rump/dev/lib/libnpf/Makefile
--- a/sys/rump/dev/lib/libnpf/Makefile Wed May 30 21:30:07 2012 +0000
+++ b/sys/rump/dev/lib/libnpf/Makefile Wed May 30 21:38:03 2012 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile,v 1.2 2012/04/14 19:01:22 rmind Exp $
+# $NetBSD: Makefile,v 1.3 2012/05/30 21:38:03 rmind Exp $
#
# Public Domain.
#
@@ -16,6 +16,7 @@
WARNS= 4
+CPPFLAGS+= -D_NPF_TESTING
CPPFLAGS+= -I${.CURDIR}/../../../librump/rumpvfs
.include <bsd.lib.mk>
diff -r 08961be4d05d -r 932401cf046b usr.sbin/npf/npftest/Makefile
--- a/usr.sbin/npf/npftest/Makefile Wed May 30 21:30:07 2012 +0000
+++ b/usr.sbin/npf/npftest/Makefile Wed May 30 21:38:03 2012 +0000
@@ -5,15 +5,16 @@
PROG= npftest
-SRCS= npftest.c
+SRCS= npftest.c npfstream.c
CPPFLAGS+= -I${.CURDIR}
LIBNPFTEST!= cd ${.CURDIR}/libnpftest && ${MAKE} -V .OBJDIR
DPADD+= ${LIBNPFTEST}/libnpftest.a
LDADD+= -L${LIBNPFTEST} -lnpftest
-LDADD+= -lrump -lrumpvfs -lrumpnet -lrump -lrumpnet_net
-LDADD+= -lrumpnet_virtif -lrumpdev_npf -lpthread
+LDADD+= -lrump -lrumpvfs -lrumpnet -lrumpnet_net -lrumpdev_npf
+
+LDADD+= -lpcap -lprop -lpthread
WARNS= 4
NOMAN= # no man page
diff -r 08961be4d05d -r 932401cf046b usr.sbin/npf/npftest/libnpftest/Makefile
--- a/usr.sbin/npf/npftest/libnpftest/Makefile Wed May 30 21:30:07 2012 +0000
+++ b/usr.sbin/npf/npftest/libnpftest/Makefile Wed May 30 21:38:03 2012 +0000
@@ -8,12 +8,14 @@
LIB= npftest
LIBISPRIVATE= yes
+SRCS+= npf_test_subr.c
SRCS+= npf_mbuf_subr.c
SRCS+= npf_nbuf_test.c
SRCS+= npf_processor_test.c
SRCS+= npf_table_test.c
+CPPFLAGS+= -D_NPF_TESTING
CPPFLAGS+= -I${.CURDIR}/../../../../sys/net/npf
Home |
Main Index |
Thread Index |
Old Index