Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/netbsd-6]: src Pull up following revision(s) (requested by rmind in tick...
details: https://anonhg.NetBSD.org/src/rev/645651635128
branches: netbsd-6
changeset: 775616:645651635128
user: riz <riz%NetBSD.org@localhost>
date: Mon Jan 07 16:51:07 2013 +0000
description:
Pull up following revision(s) (requested by rmind in ticket #776):
usr.sbin/npf/npfctl/npf.conf.5: revision 1.26
usr.sbin/npf/npfctl/npfctl.c: revision 1.26
dist/pf/usr.sbin/ftp-proxy/npf.c: revision 1.2
lib/libnpf/npf.c: revision 1.15
sys/net/npf/npf_ctl.c: revision 1.20
lib/libnpf/npf.h: revision 1.12
lib/libnpf/npf.3: revision 1.6
lib/libnpf/npf.3: revision 1.7
usr.sbin/npf/npfctl/npf_build.c: revision 1.17
sys/net/npf/npf.h: revision 1.24
- Add NPF version check in proplist as well, not only ioctl. Bump the version.
- Fix a bug in table entry lookup.
- Updates/fixes to the man pages. Misc.
Remove a superfluous quote and fix a recurring typo.
ftp-proxy: disable NPF bits for now; it will be re-done.
diffstat:
dist/pf/usr.sbin/ftp-proxy/npf.c | 7 ++++++-
lib/libnpf/npf.3 | 40 ++++++++++++++--------------------------
lib/libnpf/npf.c | 29 +++++++++++++++++++++--------
lib/libnpf/npf.h | 12 ++++++------
sys/net/npf/npf.h | 4 ++--
sys/net/npf/npf_ctl.c | 13 ++++++++++---
usr.sbin/npf/npfctl/npf.conf.5 | 7 +++++--
usr.sbin/npf/npfctl/npf_build.c | 7 ++++---
usr.sbin/npf/npfctl/npfctl.c | 10 +++++++---
9 files changed, 75 insertions(+), 54 deletions(-)
diffs (truncated from 404 to 300 lines):
diff -r 033633900b4d -r 645651635128 dist/pf/usr.sbin/ftp-proxy/npf.c
--- a/dist/pf/usr.sbin/ftp-proxy/npf.c Mon Jan 07 16:45:30 2013 +0000
+++ b/dist/pf/usr.sbin/ftp-proxy/npf.c Mon Jan 07 16:51:07 2013 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: npf.c,v 1.1 2011/02/02 02:20:26 rmind Exp $ */
+/* $NetBSD: npf.c,v 1.1.8.1 2013/01/07 16:51:07 riz Exp $ */
/*
* Copyright (c) 2011 The NetBSD Foundation, Inc.
@@ -311,6 +311,7 @@
static int
npf_do_commit(void)
{
+#if 0
nl_rule_t *group;
fp_ent_t *fpe;
pri_t pri;
@@ -327,6 +328,10 @@
npf_update_rule(npf_fd, NPF_FP_RULE_TAG, group);
npf_rule_destroy(group);
return 0;
+#else
+ errno = ENOTSUP;
+ return -1;
+#endif
}
static int
diff -r 033633900b4d -r 645651635128 lib/libnpf/npf.3
--- a/lib/libnpf/npf.3 Mon Jan 07 16:45:30 2013 +0000
+++ b/lib/libnpf/npf.3 Mon Jan 07 16:51:07 2013 +0000
@@ -1,4 +1,4 @@
-.\" $NetBSD: npf.3,v 1.4.2.1 2012/07/05 17:48:44 riz Exp $
+.\" $NetBSD: npf.3,v 1.4.2.2 2013/01/07 16:51:08 riz Exp $
.\"
.\" Copyright (c) 2011-2012 The NetBSD Foundation, Inc.
.\" All rights reserved.
@@ -27,7 +27,7 @@
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
.\" POSSIBILITY OF SUCH DAMAGE.
.\"
-.Dd July 1, 2012
+.Dd December 23, 2012
.Dt NPF 3
.Os
.Sh NAME
@@ -77,20 +77,14 @@
.Ft nl_table_t *
.Fn npf_table_create "u_int id" "int type"
.Ft int
-.Fn npf_table_add_entry "nl_table_t *tl" "in_addr_t addr" "in_addr_t mask"
+.Fn npf_table_add_entry "nl_table_t *tl" "int af" \
+"in_addr_t addr" "in_addr_t mask"
.Ft bool
.Fn npf_table_exists_p "nl_config_t *ncf" "u_int tid"
.Ft int
.Fn npf_table_insert "nl_config_t *ncf" "nl_table_t *tl"
.Ft void
.Fn npf_table_destroy "nl_table_t *tl"
-.\" ---
-.Ft int
-.Fn npf_update_rule "int fd" "const char *rname" "nl_rule_t *rl"
-.Ft int
-.Fn npf_sessions_send "int fd" "const char *fpath"
-.Ft int
-.Fn npf_sessions_recv "int fd" "const char *fpath"
.\" -----
.Sh DESCRIPTION
The
@@ -236,7 +230,7 @@
Translation address is specified by
.Fa addr ,
and its family by
-.Fa fa .
+.Fa af .
Family must be either
.Dv AF_INET
for IPv4 or
@@ -261,13 +255,20 @@
which should be in the range between 1 and
.Dv NPF_MAX_TABLE_ID .
.El
-.It Fn npf_table_add_entry "tl" "addr" "mask"
-Add an entry of IPv4 address and mask, specified by
+.It Fn npf_table_add_entry "tl" "af" "addr" "mask"
+Add an entry of IP address and mask, specified by
.Fa addr
and
.Fa mask ,
to the table specified by
.Fa tl .
+Family, specified by
+.Fa af ,
+must be either
+.Dv AF_INET
+for IPv4 or
+.Dv AF_INET6
+for IPv6 address.
.It Fn npf_table_exists_p "ncf" "name"
Determine whether table with ID
.Fa tid
@@ -285,19 +286,6 @@
Destroy the specified table.
.El
.\" -----
-.Ss Session interface
-.Bl -tag -width 4n
-.It Fn npf_update_rule "fd" "rname" "rl"
-.It Fn npf_sessions_send "fd" "fpath"
-Read the file specified by
-.Fa fpath ,
-and send sessions saved in it to the kernel.
-.It Fn npf_sessions_recv "fd" "fpath"
-Receive currently loaded session from the kernel, and save them to a file
-specified by
-.Fa fpath .
-.El
-.\" -----
.Sh SEE ALSO
.Xr npfctl 8 ,
.Xr npf_ncode 9
diff -r 033633900b4d -r 645651635128 lib/libnpf/npf.c
--- a/lib/libnpf/npf.c Mon Jan 07 16:45:30 2013 +0000
+++ b/lib/libnpf/npf.c Mon Jan 07 16:51:07 2013 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: npf.c,v 1.7.2.7 2012/11/19 18:16:17 riz Exp $ */
+/* $NetBSD: npf.c,v 1.7.2.8 2013/01/07 16:51:08 riz Exp $ */
/*-
* Copyright (c) 2010-2012 The NetBSD Foundation, Inc.
@@ -30,7 +30,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: npf.c,v 1.7.2.7 2012/11/19 18:16:17 riz Exp $");
+__KERNEL_RCSID(0, "$NetBSD: npf.c,v 1.7.2.8 2013/01/07 16:51:08 riz Exp $");
#include <sys/types.h>
#include <netinet/in_systm.h>
@@ -121,14 +121,15 @@
if (npf_dict == NULL) {
return ENOMEM;
}
- if (ncf->ncf_debug) {
- prop_dictionary_set(npf_dict, "debug", ncf->ncf_debug);
- }
+ prop_dictionary_set_uint32(npf_dict, "version", NPF_VERSION);
prop_dictionary_set(npf_dict, "rules", ncf->ncf_rules_list);
prop_dictionary_set(npf_dict, "rprocs", ncf->ncf_rproc_list);
prop_dictionary_set(npf_dict, "tables", ncf->ncf_table_list);
prop_dictionary_set(npf_dict, "translation", ncf->ncf_nat_list);
prop_dictionary_set_bool(npf_dict, "flush", ncf->ncf_flush);
+ if (ncf->ncf_debug) {
+ prop_dictionary_set(npf_dict, "debug", ncf->ncf_debug);
+ }
if (plist) {
if (!prop_dictionary_externalize_to_file(npf_dict, plist)) {
@@ -664,24 +665,36 @@
}
int
-npf_table_add_entry(nl_table_t *tl, const int alen,
- const npf_addr_t *addr, const npf_netmask_t mask)
+npf_table_add_entry(nl_table_t *tl, int af, const npf_addr_t *addr,
+ const npf_netmask_t mask)
{
prop_dictionary_t tldict = tl->ntl_dict, entdict;
prop_array_t tblents;
prop_data_t addrdata;
+ unsigned alen;
/* Create the table entry. */
entdict = prop_dictionary_create();
if (entdict == NULL) {
return ENOMEM;
}
+
+ switch (af) {
+ case AF_INET:
+ alen = sizeof(struct in_addr);
+ break;
+ case AF_INET6:
+ alen = sizeof(struct in6_addr);
+ break;
+ default:
+ return EINVAL;
+ }
+
addrdata = prop_data_create_data(addr, alen);
prop_dictionary_set(entdict, "addr", addrdata);
prop_dictionary_set_uint8(entdict, "mask", mask);
prop_object_release(addrdata);
- /* Insert the entry. */
tblents = prop_dictionary_get(tldict, "entries");
prop_array_add(tblents, entdict);
prop_object_release(entdict);
diff -r 033633900b4d -r 645651635128 lib/libnpf/npf.h
--- a/lib/libnpf/npf.h Mon Jan 07 16:45:30 2013 +0000
+++ b/lib/libnpf/npf.h Mon Jan 07 16:51:07 2013 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: npf.h,v 1.6.2.5 2012/11/18 22:38:25 riz Exp $ */
+/* $NetBSD: npf.h,v 1.6.2.6 2013/01/07 16:51:08 riz Exp $ */
/*-
* Copyright (c) 2011-2012 The NetBSD Foundation, Inc.
@@ -103,20 +103,20 @@
int npf_nat_insert(nl_config_t *, nl_nat_t *, pri_t);
nl_table_t * npf_table_create(u_int, int);
-int npf_table_add_entry(nl_table_t *, const int,
+int npf_table_add_entry(nl_table_t *, int,
const npf_addr_t *, const npf_netmask_t);
bool npf_table_exists_p(nl_config_t *, u_int);
int npf_table_insert(nl_config_t *, nl_table_t *);
void npf_table_destroy(nl_table_t *);
+#ifdef _NPF_PRIVATE
+
+#include <ifaddrs.h>
+
int npf_update_rule(int, const char *, nl_rule_t *);
int npf_sessions_send(int, const char *);
int npf_sessions_recv(int, const char *);
-#ifdef _NPF_PRIVATE
-
-#include <ifaddrs.h>
-
void _npf_config_error(nl_config_t *, nl_error_t *);
void _npf_config_setsubmit(nl_config_t *, const char *);
int _npf_rule_foreach(nl_config_t *, nl_rule_callback_t);
diff -r 033633900b4d -r 645651635128 sys/net/npf/npf.h
--- a/sys/net/npf/npf.h Mon Jan 07 16:45:30 2013 +0000
+++ b/sys/net/npf/npf.h Mon Jan 07 16:51:07 2013 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: npf.h,v 1.14.2.9 2012/12/16 18:19:52 riz Exp $ */
+/* $NetBSD: npf.h,v 1.14.2.10 2013/01/07 16:51:08 riz Exp $ */
/*-
* Copyright (c) 2009-2012 The NetBSD Foundation, Inc.
@@ -45,7 +45,7 @@
#include <netinet/in_systm.h>
#include <netinet/in.h>
-#define NPF_VERSION 7
+#define NPF_VERSION 8
/*
* Public declarations and definitions.
diff -r 033633900b4d -r 645651635128 sys/net/npf/npf_ctl.c
--- a/sys/net/npf/npf_ctl.c Mon Jan 07 16:45:30 2013 +0000
+++ b/sys/net/npf/npf_ctl.c Mon Jan 07 16:51:07 2013 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: npf_ctl.c,v 1.12.2.6 2012/11/24 04:34:42 riz Exp $ */
+/* $NetBSD: npf_ctl.c,v 1.12.2.7 2013/01/07 16:51:08 riz Exp $ */
/*-
* Copyright (c) 2009-2012 The NetBSD Foundation, Inc.
@@ -37,7 +37,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: npf_ctl.c,v 1.12.2.6 2012/11/24 04:34:42 riz Exp $");
+__KERNEL_RCSID(0, "$NetBSD: npf_ctl.c,v 1.12.2.7 2013/01/07 16:51:08 riz Exp $");
#include <sys/param.h>
#include <sys/conf.h>
@@ -458,6 +458,7 @@
npf_tableset_t *tblset = NULL;
npf_ruleset_t *rlset = NULL;
npf_ruleset_t *nset = NULL;
+ uint32_t ver = 0;
bool flush;
int error;
@@ -470,8 +471,13 @@
npf_dict = (prop_dictionary_t)pref;
#endif
- /* Dictionary for error reporting. */
+ /* Dictionary for error reporting and version check. */
errdict = prop_dictionary_create();
+ prop_dictionary_get_uint32(npf_dict, "version", &ver);
+ if (ver != NPF_VERSION) {
+ error = EPROGMISMATCH;
+ goto fail;
+ }
/* NAT policies. */
nset = npf_ruleset_create();
@@ -720,6 +726,7 @@
case NPF_IOCTL_TBLENT_LOOKUP:
error = npf_table_lookup(tblset, nct->nct_tid,
nct->nct_data.ent.alen, &nct->nct_data.ent.addr);
+ break;
case NPF_IOCTL_TBLENT_ADD:
error = npf_table_insert(tblset, nct->nct_tid,
nct->nct_data.ent.alen, &nct->nct_data.ent.addr,
Home |
Main Index |
Thread Index |
Old Index