Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src NPF: add support for table naming and remove NPF_TABLE_SLOTS...
details: https://anonhg.NetBSD.org/src/rev/b64ab7970200
branches: trunk
changeset: 791290:b64ab7970200
user: rmind <rmind%NetBSD.org@localhost>
date: Tue Nov 12 00:46:34 2013 +0000
description:
NPF: add support for table naming and remove NPF_TABLE_SLOTS (there is
just an arbitrary sanity limit of NPF_MAX_TABLES currently set to 128).
Few misc fixes. Bump NPF_VERSION.
diffstat:
lib/libnpf/npf.3 | 12 +-
lib/libnpf/npf.c | 19 +-
lib/libnpf/npf.h | 5 +-
sys/net/npf/npf.h | 8 +-
sys/net/npf/npf_bpf.c | 10 +-
sys/net/npf/npf_conf.c | 6 +-
sys/net/npf/npf_ctl.c | 75 +++++---
sys/net/npf/npf_impl.h | 32 +-
sys/net/npf/npf_tableset.c | 207 ++++++++++++----------
usr.sbin/npf/npfctl/npf.conf.5 | 36 ++-
usr.sbin/npf/npfctl/npf_build.c | 14 +-
usr.sbin/npf/npfctl/npf_scan.l | 8 +-
usr.sbin/npf/npfctl/npf_show.c | 49 +++-
usr.sbin/npf/npfctl/npfctl.c | 9 +-
usr.sbin/npf/npftest/libnpftest/npf_table_test.c | 83 +++++---
15 files changed, 342 insertions(+), 231 deletions(-)
diffs (truncated from 1483 to 300 lines):
diff -r 5234982d5d46 -r b64ab7970200 lib/libnpf/npf.3
--- a/lib/libnpf/npf.3 Tue Nov 12 00:10:29 2013 +0000
+++ b/lib/libnpf/npf.3 Tue Nov 12 00:46:34 2013 +0000
@@ -1,4 +1,4 @@
-.\" $NetBSD: npf.3,v 1.11 2013/11/08 13:17:45 wiz Exp $
+.\" $NetBSD: npf.3,v 1.12 2013/11/12 00:46:34 rmind Exp $
.\"
.\" Copyright (c) 2011-2013 The NetBSD Foundation, Inc.
.\" All rights reserved.
@@ -27,7 +27,7 @@
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
.\" POSSIBILITY OF SUCH DAMAGE.
.\"
-.Dd November 7, 2013
+.Dd November 12, 2013
.Dt NPF 3
.Os
.Sh NAME
@@ -78,7 +78,7 @@
.Fn npf_nat_insert "nl_config_t *ncf" "nl_nat_t *nt" "pri_t pri"
.\" ---
.Ft nl_table_t *
-.Fn npf_table_create "u_int id" "int type"
+.Fn npf_table_create "const char *name", "u_int id" "int type"
.Ft int
.Fn npf_table_add_entry "nl_table_t *tl" "int af" \
"in_addr_t addr" "in_addr_t mask"
@@ -261,7 +261,7 @@
.\" -----
.Ss Table interface
.Bl -tag -width 4n
-.It Fn npf_table_create "index" "type"
+.It Fn npf_table_create "name" "index" "type"
Create NPF table of specified type.
The following types are supported:
.Bl -tag -width "NPF_TABLE_TREE "
@@ -269,7 +269,9 @@
Indicates to use hash table for storage.
.It Dv NPF_TABLE_TREE
Indicates to use red-black tree for storage.
-Table is identified by
+Table is identified by the
+.Fa name
+and
.Fa index ,
which should be in the range between 1 and
.Dv NPF_MAX_TABLE_ID .
diff -r 5234982d5d46 -r b64ab7970200 lib/libnpf/npf.c
--- a/lib/libnpf/npf.c Tue Nov 12 00:10:29 2013 +0000
+++ b/lib/libnpf/npf.c Tue Nov 12 00:46:34 2013 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: npf.c,v 1.22 2013/11/08 00:38:27 rmind Exp $ */
+/* $NetBSD: npf.c,v 1.23 2013/11/12 00:46:34 rmind Exp $ */
/*-
* Copyright (c) 2010-2013 The NetBSD Foundation, Inc.
@@ -30,7 +30,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: npf.c,v 1.22 2013/11/08 00:38:27 rmind Exp $");
+__KERNEL_RCSID(0, "$NetBSD: npf.c,v 1.23 2013/11/12 00:46:34 rmind Exp $");
#include <sys/types.h>
#include <netinet/in_systm.h>
@@ -892,7 +892,7 @@
*/
nl_table_t *
-npf_table_create(u_int id, int type)
+npf_table_create(const char *name, u_int id, int type)
{
prop_dictionary_t tldict;
prop_array_t tblents;
@@ -907,6 +907,7 @@
free(tl);
return NULL;
}
+ prop_dictionary_set_cstring(tldict, "name", name);
prop_dictionary_set_uint32(tldict, "id", id);
prop_dictionary_set_int32(tldict, "type", type);
@@ -1014,12 +1015,22 @@
npf_table_getid(nl_table_t *tl)
{
prop_dictionary_t tldict = tl->ntl_dict;
- u_int id = 0;
+ unsigned id = (unsigned)-1;
prop_dictionary_get_uint32(tldict, "id", &id);
return id;
}
+const char *
+npf_table_getname(nl_table_t *tl)
+{
+ prop_dictionary_t tldict = tl->ntl_dict;
+ const char *tname = NULL;
+
+ prop_dictionary_get_cstring_nocopy(tldict, "name", &tname);
+ return tname;
+}
+
int
npf_table_gettype(nl_table_t *tl)
{
diff -r 5234982d5d46 -r b64ab7970200 lib/libnpf/npf.h
--- a/lib/libnpf/npf.h Tue Nov 12 00:10:29 2013 +0000
+++ b/lib/libnpf/npf.h Tue Nov 12 00:46:34 2013 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: npf.h,v 1.19 2013/11/08 00:38:27 rmind Exp $ */
+/* $NetBSD: npf.h,v 1.20 2013/11/12 00:46:34 rmind Exp $ */
/*-
* Copyright (c) 2011-2013 The NetBSD Foundation, Inc.
@@ -108,7 +108,7 @@
npf_addr_t *, int, in_port_t);
int npf_nat_insert(nl_config_t *, nl_nat_t *, pri_t);
-nl_table_t * npf_table_create(u_int, int);
+nl_table_t * npf_table_create(const char *, u_int, int);
int npf_table_add_entry(nl_table_t *, int,
const npf_addr_t *, const npf_netmask_t);
bool npf_table_exists_p(nl_config_t *, u_int);
@@ -130,6 +130,7 @@
const char * npf_rule_getproc(nl_rule_t *);
nl_table_t * npf_table_iterate(nl_config_t *);
+const char * npf_table_getname(nl_table_t *);
unsigned npf_table_getid(nl_table_t *);
int npf_table_gettype(nl_table_t *);
diff -r 5234982d5d46 -r b64ab7970200 sys/net/npf/npf.h
--- a/sys/net/npf/npf.h Tue Nov 12 00:10:29 2013 +0000
+++ b/sys/net/npf/npf.h Tue Nov 12 00:46:34 2013 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: npf.h,v 1.32 2013/11/08 00:38:26 rmind Exp $ */
+/* $NetBSD: npf.h,v 1.33 2013/11/12 00:46:34 rmind Exp $ */
/*-
* Copyright (c) 2009-2013 The NetBSD Foundation, Inc.
@@ -45,7 +45,7 @@
#include <netinet/in_systm.h>
#include <netinet/in.h>
-#define NPF_VERSION 11
+#define NPF_VERSION 12
/*
* Public declarations and definitions.
@@ -231,6 +231,8 @@
#define NPF_TABLE_HASH 1
#define NPF_TABLE_TREE 2
+#define NPF_TABLE_MAXNAMELEN 32
+
/* Layers. */
#define NPF_LAYER_2 2
#define NPF_LAYER_3 3
@@ -272,7 +274,7 @@
typedef struct npf_ioctl_table {
int nct_cmd;
- u_int nct_tid;
+ const char * nct_name;
union {
npf_ioctl_ent_t ent;
npf_ioctl_buf_t buf;
diff -r 5234982d5d46 -r b64ab7970200 sys/net/npf/npf_bpf.c
--- a/sys/net/npf/npf_bpf.c Tue Nov 12 00:10:29 2013 +0000
+++ b/sys/net/npf/npf_bpf.c Tue Nov 12 00:46:34 2013 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: npf_bpf.c,v 1.1 2013/09/19 01:04:46 rmind Exp $ */
+/* $NetBSD: npf_bpf.c,v 1.2 2013/11/12 00:46:34 rmind Exp $ */
/*-
* Copyright (c) 2009-2013 The NetBSD Foundation, Inc.
@@ -34,7 +34,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: npf_bpf.c,v 1.1 2013/09/19 01:04:46 rmind Exp $");
+__KERNEL_RCSID(0, "$NetBSD: npf_bpf.c,v 1.2 2013/11/12 00:46:34 rmind Exp $");
#include <sys/types.h>
#include <sys/param.h>
@@ -145,11 +145,15 @@
npf_tableset_t *tblset = npf_config_tableset();
const uint32_t tid = A & (SRC_FLAG_BIT - 1);
const npf_addr_t *addr;
+ npf_table_t *t;
KASSERT(npc != NULL);
KASSERT(npf_iscached(npc, NPC_IP46));
memset(M, 0, sizeof(uint32_t) * BPF_MEMWORDS);
+ if ((t = npf_tableset_getbyid(tblset, tid)) == NULL) {
+ return 0;
+ }
addr = (A & SRC_FLAG_BIT) ? npc->npc_srcip : npc->npc_dstip;
- return npf_table_lookup(tblset, tid, npc->npc_alen, addr) == 0;
+ return npf_table_lookup(t, npc->npc_alen, addr) == 0;
}
diff -r 5234982d5d46 -r b64ab7970200 sys/net/npf/npf_conf.c
--- a/sys/net/npf/npf_conf.c Tue Nov 12 00:10:29 2013 +0000
+++ b/sys/net/npf/npf_conf.c Tue Nov 12 00:46:34 2013 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: npf_conf.c,v 1.3 2013/11/08 00:38:26 rmind Exp $ */
+/* $NetBSD: npf_conf.c,v 1.4 2013/11/12 00:46:34 rmind Exp $ */
/*-
* Copyright (c) 2013 The NetBSD Foundation, Inc.
@@ -48,7 +48,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: npf_conf.c,v 1.3 2013/11/08 00:38:26 rmind Exp $");
+__KERNEL_RCSID(0, "$NetBSD: npf_conf.c,v 1.4 2013/11/12 00:46:34 rmind Exp $");
#include <sys/param.h>
#include <sys/types.h>
@@ -86,7 +86,7 @@
/* Load the empty configuration. */
dict = prop_dictionary_create();
- tset = npf_tableset_create();
+ tset = npf_tableset_create(0);
rpset = npf_rprocset_create();
rlset = npf_ruleset_create(0);
nset = npf_ruleset_create(0);
diff -r 5234982d5d46 -r b64ab7970200 sys/net/npf/npf_ctl.c
--- a/sys/net/npf/npf_ctl.c Tue Nov 12 00:10:29 2013 +0000
+++ b/sys/net/npf/npf_ctl.c Tue Nov 12 00:46:34 2013 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: npf_ctl.c,v 1.31 2013/11/08 00:38:26 rmind Exp $ */
+/* $NetBSD: npf_ctl.c,v 1.32 2013/11/12 00:46:34 rmind Exp $ */
/*-
* Copyright (c) 2009-2013 The NetBSD Foundation, Inc.
@@ -37,7 +37,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: npf_ctl.c,v 1.31 2013/11/08 00:38:26 rmind Exp $");
+__KERNEL_RCSID(0, "$NetBSD: npf_ctl.c,v 1.32 2013/11/12 00:46:34 rmind Exp $");
#include <sys/param.h>
#include <sys/conf.h>
@@ -95,6 +95,7 @@
prop_dictionary_t ent;
prop_object_iterator_t eit;
prop_array_t entries;
+ const char *name;
npf_table_t *t;
u_int tid;
int type;
@@ -106,17 +107,22 @@
break;
}
- /* Table ID and type. */
+ /* Table name, ID and type. Validate them. */
+ if (!prop_dictionary_get_cstring_nocopy(tbldict, "name", &name)) {
+ NPF_ERR_DEBUG(errdict);
+ error = EINVAL;
+ break;
+ }
prop_dictionary_get_uint32(tbldict, "id", &tid);
prop_dictionary_get_int32(tbldict, "type", &type);
-
- /* Validate them, check for duplicate IDs. */
- error = npf_table_check(tblset, tid, type);
- if (error)
+ error = npf_table_check(tblset, name, tid, type);
+ if (error) {
+ NPF_ERR_DEBUG(errdict);
break;
+ }
/* Create and insert the table. */
- t = npf_table_create(tid, type, 1024); /* XXX */
+ t = npf_table_create(name, tid, type, 1024); /* XXX */
if (t == NULL) {
NPF_ERR_DEBUG(errdict);
error = ENOMEM;
@@ -144,7 +150,7 @@
prop_dictionary_get_uint8(ent, "mask", &mask);
alen = prop_data_size(obj);
- error = npf_table_insert(tblset, tid, alen, addr, mask);
+ error = npf_table_insert(t, alen, addr, mask);
if (error)
break;
}
@@ -478,16 +484,22 @@
}
/* Tables. */
- tblset = npf_tableset_create();
tables = prop_dictionary_get(npf_dict, "tables");
Home |
Main Index |
Thread Index |
Old Index