Source-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[src/trunk]: src Multiple NPF fixes, add better error reporting from kernel s...



details:   https://anonhg.NetBSD.org/src/rev/375c9eb3c781
branches:  trunk
changeset: 773528:375c9eb3c781
user:      rmind <rmind%NetBSD.org@localhost>
date:      Sun Feb 05 00:37:13 2012 +0000

description:
Multiple NPF fixes, add better error reporting from kernel side, add some
asserts, bump the version.

diffstat:

 lib/libnpf/npf.c                |   51 ++++++++++-
 lib/libnpf/npf.h                |   15 +++-
 sys/net/npf/npf.h               |    8 +-
 sys/net/npf/npf_ctl.c           |  170 ++++++++++++++++++++++++++++-----------
 sys/net/npf/npf_nat.c           |   17 ++-
 sys/net/npf/npf_processor.c     |   13 +-
 usr.sbin/npf/npfctl/npf_build.c |    9 +-
 usr.sbin/npf/npfctl/npfctl.c    |   29 ++++++-
 usr.sbin/npf/npfctl/npfctl.h    |    3 +-
 9 files changed, 236 insertions(+), 79 deletions(-)

diffs (truncated from 807 to 300 lines):

diff -r dfc408cbc989 -r 375c9eb3c781 lib/libnpf/npf.c
--- a/lib/libnpf/npf.c  Sat Feb 04 23:04:15 2012 +0000
+++ b/lib/libnpf/npf.c  Sun Feb 05 00:37:13 2012 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: npf.c,v 1.6 2012/01/15 00:49:47 rmind Exp $    */
+/*     $NetBSD: npf.c,v 1.7 2012/02/05 00:37:13 rmind Exp $    */
 
 /*-
  * Copyright (c) 2010-2012 The NetBSD Foundation, Inc.
@@ -30,7 +30,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: npf.c,v 1.6 2012/01/15 00:49:47 rmind Exp $");
+__KERNEL_RCSID(0, "$NetBSD: npf.c,v 1.7 2012/02/05 00:37:13 rmind Exp $");
 
 #include <sys/types.h>
 #include <netinet/in_systm.h>
@@ -39,6 +39,7 @@
 
 #include <stdlib.h>
 #include <string.h>
+#include <assert.h>
 #include <errno.h>
 #include <err.h>
 
@@ -54,6 +55,8 @@
        /* Priority counters. */
        pri_t                   ncf_rule_pri;
        pri_t                   ncf_nat_pri;
+       /* Error report. */
+       prop_dictionary_t       ncf_err;
        /* Custom file to externalise property-list. */
        const char *            ncf_plist;
        bool                    ncf_flush;
@@ -80,7 +83,7 @@
 {
        nl_config_t *ncf;
 
-       ncf = malloc(sizeof(*ncf));
+       ncf = calloc(1, sizeof(*ncf));
        if (ncf == NULL) {
                return NULL;
        }
@@ -101,8 +104,8 @@
 int
 npf_config_submit(nl_config_t *ncf, int fd)
 {
+       const char *plist = ncf->ncf_plist;
        prop_dictionary_t npf_dict;
-       const char *plist = ncf->ncf_plist;
        int error = 0;
 
        npf_dict = prop_dictionary_create();
@@ -119,9 +122,19 @@
                if (!prop_dictionary_externalize_to_file(npf_dict, plist)) {
                        error = errno;
                }
-       } else {
-               error = prop_dictionary_send_ioctl(npf_dict, fd, IOC_NPF_RELOAD);
+               prop_object_release(npf_dict);
+               return error;
        }
+
+       error = prop_dictionary_sendrecv_ioctl(npf_dict, fd,
+           IOC_NPF_RELOAD, &ncf->ncf_err);
+       if (error) {
+               prop_object_release(npf_dict);
+               assert(ncf->ncf_err == NULL);
+               return error;
+       }
+
+       prop_dictionary_get_int32(ncf->ncf_err, "errno", &error);
        prop_object_release(npf_dict);
        return error;
 }
@@ -143,6 +156,21 @@
 }
 
 void
+_npf_config_error(nl_config_t *ncf, nl_error_t *ne)
+{
+       memset(ne, 0, sizeof(*ne));
+       prop_dictionary_get_int32(ncf->ncf_err, "id", &ne->ne_id);
+       prop_dictionary_get_cstring(ncf->ncf_err,
+           "source-file", &ne->ne_source_file);
+       prop_dictionary_get_uint32(ncf->ncf_err,
+           "source-line", &ne->ne_source_line);
+       prop_dictionary_get_int32(ncf->ncf_err,
+           "ncode-error", &ne->ne_ncode_error);
+       prop_dictionary_get_int32(ncf->ncf_err,
+           "ncode-errat", &ne->ne_ncode_errat);
+}
+
+void
 npf_config_destroy(nl_config_t *ncf)
 {
 
@@ -150,6 +178,9 @@
        prop_object_release(ncf->ncf_rproc_list);
        prop_object_release(ncf->ncf_table_list);
        prop_object_release(ncf->ncf_nat_list);
+       if (ncf->ncf_err) {
+               prop_object_release(ncf->ncf_err);
+       }
        free(ncf);
 }
 
@@ -531,10 +562,14 @@
 int
 npf_update_rule(int fd, const char *rname __unused, nl_rule_t *rl)
 {
-       prop_dictionary_t rldict = rl->nrl_dict;
+       prop_dictionary_t rldict = rl->nrl_dict, errdict = NULL;
        int error;
 
-       error = prop_dictionary_send_ioctl(rldict, fd, IOC_NPF_UPDATE_RULE);
+       error = prop_dictionary_sendrecv_ioctl(rldict, fd,
+           IOC_NPF_UPDATE_RULE, &errdict);
+       if (errdict) {
+               prop_object_release(errdict);
+       }
        return error;
 }
 
diff -r dfc408cbc989 -r 375c9eb3c781 lib/libnpf/npf.h
--- a/lib/libnpf/npf.h  Sat Feb 04 23:04:15 2012 +0000
+++ b/lib/libnpf/npf.h  Sun Feb 05 00:37:13 2012 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: npf.h,v 1.5 2012/01/15 00:49:47 rmind Exp $    */
+/*     $NetBSD: npf.h,v 1.6 2012/02/05 00:37:13 rmind Exp $    */
 
 /*-
  * Copyright (c) 2011 The NetBSD Foundation, Inc.
@@ -53,6 +53,18 @@
 
 typedef struct nl_rule         nl_nat_t;
 
+#ifdef _NPF_PRIVATE
+
+typedef struct {
+       int             ne_id;
+       char *          ne_source_file;
+       u_int           ne_source_line;
+       int             ne_ncode_error;
+       int             ne_ncode_errat;
+} nl_error_t;
+
+#endif
+
 #define        NPF_CODE_NCODE          1
 #define        NPF_CODE_BPF            2
 
@@ -65,6 +77,7 @@
 void           npf_config_destroy(nl_config_t *);
 int            npf_config_flush(int);
 #ifdef _NPF_PRIVATE
+void           _npf_config_error(nl_config_t *, nl_error_t *);
 void           _npf_config_setsubmit(nl_config_t *, const char *);
 #endif
 
diff -r dfc408cbc989 -r 375c9eb3c781 sys/net/npf/npf.h
--- a/sys/net/npf/npf.h Sat Feb 04 23:04:15 2012 +0000
+++ b/sys/net/npf/npf.h Sun Feb 05 00:37:13 2012 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: npf.h,v 1.12 2012/01/15 00:49:48 rmind Exp $   */
+/*     $NetBSD: npf.h,v 1.13 2012/02/05 00:37:13 rmind Exp $   */
 
 /*-
  * Copyright (c) 2009-2011 The NetBSD Foundation, Inc.
@@ -49,7 +49,7 @@
 #include "testing.h"
 #endif
 
-#define        NPF_VERSION             3
+#define        NPF_VERSION             4
 
 /*
  * Public declarations and definitions.
@@ -309,11 +309,11 @@
 
 #define        IOC_NPF_VERSION         _IOR('N', 100, int)
 #define        IOC_NPF_SWITCH          _IOW('N', 101, int)
-#define        IOC_NPF_RELOAD          _IOW('N', 102, struct plistref)
+#define        IOC_NPF_RELOAD          _IOWR('N', 102, struct plistref)
 #define        IOC_NPF_TABLE           _IOW('N', 103, struct npf_ioctl_table)
 #define        IOC_NPF_STATS           _IOW('N', 104, void *)
 #define        IOC_NPF_SESSIONS_SAVE   _IOR('N', 105, struct plistref)
 #define        IOC_NPF_SESSIONS_LOAD   _IOW('N', 106, struct plistref)
-#define        IOC_NPF_UPDATE_RULE     _IOW('N', 107, struct plistref)
+#define        IOC_NPF_UPDATE_RULE     _IOWR('N', 107, struct plistref)
 
 #endif /* _NPF_NET_H_ */
diff -r dfc408cbc989 -r 375c9eb3c781 sys/net/npf/npf_ctl.c
--- a/sys/net/npf/npf_ctl.c     Sat Feb 04 23:04:15 2012 +0000
+++ b/sys/net/npf/npf_ctl.c     Sun Feb 05 00:37:13 2012 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: npf_ctl.c,v 1.11 2012/01/15 00:49:48 rmind Exp $       */
+/*     $NetBSD: npf_ctl.c,v 1.12 2012/02/05 00:37:13 rmind Exp $       */
 
 /*-
  * Copyright (c) 2009-2011 The NetBSD Foundation, Inc.
@@ -37,7 +37,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: npf_ctl.c,v 1.11 2012/01/15 00:49:48 rmind Exp $");
+__KERNEL_RCSID(0, "$NetBSD: npf_ctl.c,v 1.12 2012/02/05 00:37:13 rmind Exp $");
 
 #include <sys/param.h>
 #include <sys/conf.h>
@@ -48,6 +48,14 @@
 #include "npf_ncode.h"
 #include "npf_impl.h"
 
+#if defined(DEBUG) || defined(DIAGNOSTIC)
+#define        NPF_ERR_DEBUG(e) \
+       prop_dictionary_set_cstring_nocopy((e), "source-file", __FILE__); \
+       prop_dictionary_set_uint32((e), "source-line", __LINE__);
+#else
+#define        NPF_ERR_DEBUG(e)
+#endif
+
 /*
  * npfctl_switch: enable or disable packet inspection.
  */
@@ -69,15 +77,18 @@
 }
 
 static int __noinline
-npf_mk_tables(npf_tableset_t *tblset, prop_array_t tables)
+npf_mk_tables(npf_tableset_t *tblset, prop_array_t tables,
+    prop_dictionary_t errdict)
 {
        prop_object_iterator_t it;
        prop_dictionary_t tbldict;
        int error = 0;
 
        /* Tables - array. */
-       if (prop_object_type(tables) != PROP_TYPE_ARRAY)
+       if (prop_object_type(tables) != PROP_TYPE_ARRAY) {
+               NPF_ERR_DEBUG(errdict);
                return EINVAL;
+       }
 
        it = prop_array_iterator(tables);
        while ((tbldict = prop_object_iterator_next(it)) != NULL) {
@@ -90,6 +101,7 @@
 
                /* Table - dictionary. */
                if (prop_object_type(tbldict) != PROP_TYPE_DICTIONARY) {
+                       NPF_ERR_DEBUG(errdict);
                        error = EINVAL;
                        break;
                }
@@ -98,7 +110,7 @@
                prop_dictionary_get_uint32(tbldict, "id", &tid);
                prop_dictionary_get_int32(tbldict, "type", &type);
 
-               /* Validate them. */
+               /* Validate them, check for duplicate IDs. */
                error = npf_table_check(tblset, tid, type);
                if (error)
                        break;
@@ -106,6 +118,7 @@
                /* Create and insert the table. */
                t = npf_table_create(tid, type, 1024);  /* XXX */
                if (t == NULL) {
+                       NPF_ERR_DEBUG(errdict);
                        error = ENOMEM;
                        break;
                }
@@ -115,6 +128,7 @@
                /* Entries. */
                entries = prop_dictionary_get(tbldict, "entries");
                if (prop_object_type(entries) != PROP_TYPE_ARRAY) {
+                       NPF_ERR_DEBUG(errdict);
                        error = EINVAL;
                        break;
                }
@@ -153,6 +167,7 @@
        while ((rpdict = prop_object_iterator_next(it)) != NULL) {
                const char *iname;
                prop_dictionary_get_cstring_nocopy(rpdict, "name", &iname);
+               KASSERT(iname != NULL);
                if (strcmp(rpname, iname) == 0)
                        break;
        }
@@ -170,42 +185,65 @@
 }
 
 static int __noinline
-npf_mk_singlerule(prop_dictionary_t rldict, prop_array_t rps, npf_rule_t **rl)
+npf_mk_ncode(prop_object_t obj, void **code, size_t *csize,
+    prop_dictionary_t errdict)
+{
+       const void *ncptr;
+       int nc_err, errat;
+       size_t nc_size;
+       void *nc;



Home | Main Index | Thread Index | Old Index