[src/trunk]: src Implement NPF table listing and preservation of entries on r...

To: source-changes-hg%NetBSD.org@localhost
Subject: [src/trunk]: src Implement NPF table listing and preservation of entries on r...
From: rmind <rmind%NetBSD.org@localhost>
Date: Mon, 06 Apr 2020 23:49:24 +0000
details:   https://anonhg.NetBSD.org/src/rev/315fe97f953c
branches:  trunk
changeset: 782335:315fe97f953c
user:      rmind <rmind%NetBSD.org@localhost>
date:      Mon Oct 29 02:27:11 2012 +0000

description:
Implement NPF table listing and preservation of entries on reload.
Bump the version.

diffstat:

 sys/net/npf/npf.c                                |    8 +-
 sys/net/npf/npf.h                                |   24 +-
 sys/net/npf/npf_ctl.c                            |   23 +-
 sys/net/npf/npf_impl.h                           |   11 +-
 sys/net/npf/npf_tableset.c                       |  238 ++++++++++++++--------
 usr.sbin/npf/npfctl/npf_disassemble.c            |   31 +--
 usr.sbin/npf/npfctl/npfctl.c                     |  151 +++++++++++---
 usr.sbin/npf/npfctl/npfctl.h                     |    3 +-
 usr.sbin/npf/npftest/libnpftest/npf_table_test.c |   54 ++--
 9 files changed, 340 insertions(+), 203 deletions(-)

diffs (truncated from 1008 to 300 lines):

diff -r 12b6ff09c2d0 -r 315fe97f953c sys/net/npf/npf.c
--- a/sys/net/npf/npf.c Mon Oct 29 01:36:33 2012 +0000
+++ b/sys/net/npf/npf.c Mon Oct 29 02:27:11 2012 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: npf.c,v 1.13 2012/09/16 13:47:41 rmind Exp $   */
+/*     $NetBSD: npf.c,v 1.14 2012/10/29 02:27:11 rmind Exp $   */
 
 /*-
  * Copyright (c) 2009-2012 The NetBSD Foundation, Inc.
@@ -34,7 +34,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: npf.c,v 1.13 2012/09/16 13:47:41 rmind Exp $");
+__KERNEL_RCSID(0, "$NetBSD: npf.c,v 1.14 2012/10/29 02:27:11 rmind Exp $");
 
 #include <sys/param.h>
 #include <sys/types.h>
@@ -305,7 +305,9 @@
        rw_enter(&npf_lock, RW_WRITER);
        onc = atomic_swap_ptr(&npf_core, nc);
        if (onc) {
-               /* Reload only necessary NAT policies. */
+               /* Reload only the static tables. */
+               npf_tableset_reload(tset, onc->n_tables);
+               /* Reload only the necessary NAT policies. */
                npf_ruleset_natreload(nset, onc->n_nat_rules);
        }
        /* Unlock.  Everything goes "live" now. */
diff -r 12b6ff09c2d0 -r 315fe97f953c sys/net/npf/npf.h
--- a/sys/net/npf/npf.h Mon Oct 29 01:36:33 2012 +0000
+++ b/sys/net/npf/npf.h Mon Oct 29 02:27:11 2012 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: npf.h,v 1.21 2012/09/16 13:47:41 rmind Exp $   */
+/*     $NetBSD: npf.h,v 1.22 2012/10/29 02:27:11 rmind Exp $   */
 
 /*-
  * Copyright (c) 2009-2012 The NetBSD Foundation, Inc.
@@ -45,7 +45,7 @@
 #include <netinet/in_systm.h>
 #include <netinet/in.h>
 
-#define        NPF_VERSION             6
+#define        NPF_VERSION             7
 
 /*
  * Public declarations and definitions.
@@ -211,15 +211,29 @@
  * IOCTL structures.
  */
 
+#define        NPF_IOCTL_TBLENT_LOOKUP         0
 #define        NPF_IOCTL_TBLENT_ADD            1
 #define        NPF_IOCTL_TBLENT_REM            2
+#define        NPF_IOCTL_TBLENT_LIST           3
+
+typedef struct npf_ioctl_ent {
+       int                     alen;
+       npf_addr_t              addr;
+       npf_netmask_t           mask;
+} npf_ioctl_ent_t;
+
+typedef struct npf_ioctl_buf {
+       void *                  buf;
+       size_t                  len;
+} npf_ioctl_buf_t;
 
 typedef struct npf_ioctl_table {
        int                     nct_action;
        u_int                   nct_tid;
-       int                     nct_alen;
-       npf_addr_t              nct_addr;
-       npf_netmask_t           nct_mask;
+       union {
+               npf_ioctl_ent_t ent;
+               npf_ioctl_buf_t buf;
+       } nct_data;
 } npf_ioctl_table_t;
 
 typedef enum {
diff -r 12b6ff09c2d0 -r 315fe97f953c sys/net/npf/npf_ctl.c
--- a/sys/net/npf/npf_ctl.c     Mon Oct 29 01:36:33 2012 +0000
+++ b/sys/net/npf/npf_ctl.c     Mon Oct 29 02:27:11 2012 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: npf_ctl.c,v 1.18 2012/09/16 13:47:41 rmind Exp $       */
+/*     $NetBSD: npf_ctl.c,v 1.19 2012/10/29 02:27:12 rmind Exp $       */
 
 /*-
  * Copyright (c) 2009-2012 The NetBSD Foundation, Inc.
@@ -37,7 +37,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: npf_ctl.c,v 1.18 2012/09/16 13:47:41 rmind Exp $");
+__KERNEL_RCSID(0, "$NetBSD: npf_ctl.c,v 1.19 2012/10/29 02:27:12 rmind Exp $");
 
 #include <sys/param.h>
 #include <sys/conf.h>
@@ -710,24 +710,33 @@
 int
 npfctl_table(void *data)
 {
-       npf_ioctl_table_t *nct = data;
+       const npf_ioctl_table_t *nct = data;
        npf_tableset_t *tblset;
        int error;
 
        npf_core_enter(); /* XXXSMP */
        tblset = npf_core_tableset();
        switch (nct->nct_action) {
+       case NPF_IOCTL_TBLENT_LOOKUP:
+               error = npf_table_lookup(tblset, nct->nct_tid,
+                   nct->nct_data.ent.alen, &nct->nct_data.ent.addr);
        case NPF_IOCTL_TBLENT_ADD:
                error = npf_table_insert(tblset, nct->nct_tid,
-                   nct->nct_alen, &nct->nct_addr, nct->nct_mask);
+                   nct->nct_data.ent.alen, &nct->nct_data.ent.addr,
+                   nct->nct_data.ent.mask);
                break;
        case NPF_IOCTL_TBLENT_REM:
                error = npf_table_remove(tblset, nct->nct_tid,
-                   nct->nct_alen, &nct->nct_addr, nct->nct_mask);
+                   nct->nct_data.ent.alen, &nct->nct_data.ent.addr,
+                   nct->nct_data.ent.mask);
+               break;
+       case NPF_IOCTL_TBLENT_LIST:
+               error = npf_table_list(tblset, nct->nct_tid,
+                   nct->nct_data.buf.buf, nct->nct_data.buf.len);
                break;
        default:
-               error = npf_table_lookup(tblset, nct->nct_tid,
-                   nct->nct_alen, &nct->nct_addr);
+               error = EINVAL;
+               break;
        }
        npf_core_exit(); /* XXXSMP */
        return error;
diff -r 12b6ff09c2d0 -r 315fe97f953c sys/net/npf/npf_impl.h
--- a/sys/net/npf/npf_impl.h    Mon Oct 29 01:36:33 2012 +0000
+++ b/sys/net/npf/npf_impl.h    Mon Oct 29 02:27:11 2012 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: npf_impl.h,v 1.23 2012/09/16 13:47:41 rmind Exp $      */
+/*     $NetBSD: npf_impl.h,v 1.24 2012/10/29 02:27:12 rmind Exp $      */
 
 /*-
  * Copyright (c) 2009-2012 The NetBSD Foundation, Inc.
@@ -81,11 +81,9 @@
 typedef struct npf_session     npf_session_t;
 
 struct npf_sehash;
-struct npf_tblent;
 struct npf_table;
 
 typedef struct npf_sehash      npf_sehash_t;
-typedef struct npf_tblent      npf_tblent_t;
 typedef struct npf_table       npf_table_t;
 
 typedef npf_table_t *          npf_tableset_t;
@@ -208,15 +206,11 @@
 npf_tableset_t *npf_tableset_create(void);
 void           npf_tableset_destroy(npf_tableset_t *);
 int            npf_tableset_insert(npf_tableset_t *, npf_table_t *);
-npf_tableset_t *npf_tableset_reload(npf_tableset_t *);
+void           npf_tableset_reload(npf_tableset_t *, npf_tableset_t *);
 
 npf_table_t *  npf_table_create(u_int, int, size_t);
 void           npf_table_destroy(npf_table_t *);
-void           npf_table_ref(npf_table_t *);
-void           npf_table_unref(npf_table_t *);
 
-npf_table_t *  npf_table_get(npf_tableset_t *, u_int);
-void           npf_table_put(npf_table_t *);
 int            npf_table_check(const npf_tableset_t *, u_int, int);
 int            npf_table_insert(npf_tableset_t *, u_int,
                    const int, const npf_addr_t *, const npf_netmask_t);
@@ -224,6 +218,7 @@
                    const int, const npf_addr_t *, const npf_netmask_t);
 int            npf_table_lookup(npf_tableset_t *, u_int,
                    const int, const npf_addr_t *);
+int            npf_table_list(npf_tableset_t *, u_int, void *, size_t);
 
 /* Ruleset interface. */
 npf_ruleset_t *        npf_ruleset_create(void);
diff -r 12b6ff09c2d0 -r 315fe97f953c sys/net/npf/npf_tableset.c
--- a/sys/net/npf/npf_tableset.c        Mon Oct 29 01:36:33 2012 +0000
+++ b/sys/net/npf/npf_tableset.c        Mon Oct 29 02:27:11 2012 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: npf_tableset.c,v 1.14 2012/08/12 03:35:14 rmind Exp $  */
+/*     $NetBSD: npf_tableset.c,v 1.15 2012/10/29 02:27:12 rmind Exp $  */
 
 /*-
  * Copyright (c) 2009-2012 The NetBSD Foundation, Inc.
@@ -32,13 +32,16 @@
 /*
  * NPF tableset module.
  *
- * TODO:
- * - Dynamic hash growing/shrinking (i.e. re-hash functionality), maybe?
- * - Dynamic array resize.
+ * Notes
+ *
+ *     The tableset is an array of tables.  After the creation, the array
+ *     is immutable.  The caller is responsible to synchronise the access
+ *     to the tableset.  The table can either be a hash or a tree.  Its
+ *     entries are protected by a read-write lock.
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: npf_tableset.c,v 1.14 2012/08/12 03:35:14 rmind Exp $");
+__KERNEL_RCSID(0, "$NetBSD: npf_tableset.c,v 1.15 2012/10/29 02:27:12 rmind Exp $");
 
 #include <sys/param.h>
 #include <sys/types.h>
@@ -58,14 +61,14 @@
  * Table structures.
  */
 
-struct npf_tblent {
+typedef struct npf_tblent {
        union {
                LIST_ENTRY(npf_tblent) hashq;
                pt_node_t       node;
        } te_entry;
        int                     te_alen;
        npf_addr_t              te_addr;
-};
+} npf_tblent_t;
 
 LIST_HEAD(npf_hashl, npf_tblent);
 
@@ -74,12 +77,15 @@
        /* Lock and reference count. */
        krwlock_t               t_lock;
        u_int                   t_refcnt;
+       /* Total number of items. */
+       u_int                   t_nitems;
        /* Table ID. */
        u_int                   t_id;
        /* The storage type can be: a) hash b) tree. */
        int                     t_type;
        struct npf_hashl *      t_hashl;
        u_long                  t_hashmask;
+       /* Separate trees for IPv4 and IPv6. */
        pt_tree_t               t_tree[2];
 };
 
@@ -126,7 +132,7 @@
         */
        for (tid = 0; tid < NPF_TABLE_SLOTS; tid++) {
                t = tblset[tid];
-               if (t != NULL) {
+               if (t && --t->t_refcnt == 0) {
                        npf_table_destroy(t);
                }
        }
@@ -148,6 +154,7 @@
 
        if (tblset[tid] == NULL) {
                tblset[tid] = t;
+               t->t_refcnt++;
                error = 0;
        } else {
                error = EEXIST;
@@ -156,6 +163,30 @@
 }
 
 /*
+ * npf_tableset_reload: iterate all tables and if the new table is of the
+ * same type and has no items, then we preserve the old one and its entries.
+ *
+ * => The caller is responsible for providing synchronisation.
+ */
+void
+npf_tableset_reload(npf_tableset_t *ntset, npf_tableset_t *otset)
+{
+       for (int i = 0; i < NPF_TABLE_SLOTS; i++) {
+               npf_table_t *t = ntset[i], *ot = otset[i];
+
+               if (t == NULL || ot == NULL) {
+                       continue;
+               }
+               if (t->t_nitems || t->t_type != ot->t_type) {
+                       continue;
+               }
+               ntset[i] = ot;
+               ot->t_refcnt++;
+               npf_table_destroy(t);
+       }
+}
+
+/*
  * Few helper routines.
  */
 
@@ -228,8 +259,8 @@
        }
        rw_init(&t->t_lock);
        t->t_type = type;
-       t->t_refcnt = 1;
        t->t_id = tid;
Prev by Date: [src/trunk]: src/sys/dev/pci Don't use old NBPFILTER macro and use new bpf_mt...
Next by Date: [src/trunk]: src/sys/arch/powerpc/booke Change a KASSERT to a KASSERTMSG.
Previous by Thread: [src/trunk]: src/sys/dev/pci Don't use old NBPFILTER macro and use new bpf_mt...
Next by Thread: [src/trunk]: src/sys/arch/powerpc/booke Change a KASSERT to a KASSERTMSG.
Indexes:
Home | Main Index | Thread Index | Old Index