Source-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[src/trunk]: src - Rework NPF's nbuf interface: use advancing and ensuring as...



details:   https://anonhg.NetBSD.org/src/rev/d75a6804a5ba
branches:  trunk
changeset: 783483:d75a6804a5ba
user:      rmind <rmind%NetBSD.org@localhost>
date:      Mon Dec 24 19:05:42 2012 +0000

description:
- Rework NPF's nbuf interface: use advancing and ensuring as a main method.
  Eliminate unnecessary copy and simplify.  Adapt regression tests.
- Simplify ICMP ALG a little.  While here, handle ICMP ECHO for traceroute.
- Minor fixes, misc cleanup.

diffstat:

 sys/net/npf/npf.h                                    |   60 +-
 sys/net/npf/npf_alg.c                                |   64 +-
 sys/net/npf/npf_alg_icmp.c                           |  347 +++++++-------
 sys/net/npf/npf_ext_log.c                            |    6 +-
 sys/net/npf/npf_ext_normalise.c                      |   64 +--
 sys/net/npf/npf_handler.c                            |  112 ++-
 sys/net/npf/npf_impl.h                               |   82 +-
 sys/net/npf/npf_inet.c                               |  447 ++++++++----------
 sys/net/npf/npf_instr.c                              |  133 +---
 sys/net/npf/npf_mbuf.c                               |  301 ++++++------
 sys/net/npf/npf_nat.c                                |   51 +-
 sys/net/npf/npf_processor.c                          |   63 +-
 sys/net/npf/npf_ruleset.c                            |   12 +-
 sys/net/npf/npf_sendpkt.c                            |   19 +-
 sys/net/npf/npf_session.c                            |  150 +++--
 sys/net/npf/npf_state.c                              |   10 +-
 sys/net/npf/npf_state_tcp.c                          |   13 +-
 usr.sbin/npf/npfctl/npfctl.c                         |    8 +-
 usr.sbin/npf/npftest/README                          |    6 +-
 usr.sbin/npf/npftest/libnpftest/npf_mbuf_subr.c      |    7 +-
 usr.sbin/npf/npftest/libnpftest/npf_nat_test.c       |   15 +-
 usr.sbin/npf/npftest/libnpftest/npf_nbuf_test.c      |   59 +-
 usr.sbin/npf/npftest/libnpftest/npf_processor_test.c |   37 +-
 usr.sbin/npf/npftest/libnpftest/npf_rule_test.c      |   12 +-
 usr.sbin/npf/npftest/libnpftest/npf_state_test.c     |   15 +-
 25 files changed, 1029 insertions(+), 1064 deletions(-)

diffs (truncated from 3951 to 300 lines):

diff -r 71ef2ae3d461 -r d75a6804a5ba sys/net/npf/npf.h
--- a/sys/net/npf/npf.h Mon Dec 24 14:50:04 2012 +0000
+++ b/sys/net/npf/npf.h Mon Dec 24 19:05:42 2012 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: npf.h,v 1.24 2012/12/23 21:01:03 rmind Exp $   */
+/*     $NetBSD: npf.h,v 1.25 2012/12/24 19:05:42 rmind Exp $   */
 
 /*-
  * Copyright (c) 2009-2012 The NetBSD Foundation, Inc.
@@ -69,6 +69,7 @@
 /*
  * Packet information cache.
  */
+#include <net/if.h>
 #include <netinet/ip.h>
 #include <netinet/ip6.h>
 #include <netinet/tcp.h>
@@ -86,6 +87,8 @@
 #define        NPC_ICMP        0x40    /* ICMP header. */
 #define        NPC_ICMP_ID     0x80    /* ICMP with query ID. */
 
+#define        NPC_ALG_EXEC    0x100   /* ALG execution. */
+
 #define        NPC_IP46        (NPC_IP4|NPC_IP6)
 
 typedef struct {
@@ -95,20 +98,21 @@
        npf_addr_t *            npc_srcip;
        npf_addr_t *            npc_dstip;
        /* Size (v4 or v6) of IP addresses. */
-       int                     npc_alen;
-       u_int                   npc_hlen;
-       int                     npc_next_proto;
+       uint8_t                 npc_alen;
+       uint8_t                 npc_hlen;
+       uint16_t                npc_proto;
        /* IPv4, IPv6. */
        union {
-               struct ip       v4;
-               struct ip6_hdr  v6;
+               struct ip *             v4;
+               struct ip6_hdr *        v6;
        } npc_ip;
        /* TCP, UDP, ICMP. */
        union {
-               struct tcphdr           tcp;
-               struct udphdr           udp;
-               struct icmp             icmp;
-               struct icmp6_hdr        icmp6;
+               struct tcphdr *         tcp;
+               struct udphdr *         udp;
+               struct icmp *           icmp;
+               struct icmp6_hdr *      icmp6;
+               void *                  hdr;
        } npc_l4;
 } npf_cache_t;
 
@@ -123,7 +127,7 @@
 npf_cache_ipproto(const npf_cache_t *npc)
 {
        KASSERT(npf_iscached(npc, NPC_IP46));
-       return npc->npc_next_proto;
+       return npc->npc_proto;
 }
 
 static inline u_int
@@ -137,16 +141,31 @@
  * Network buffer interface.
  */
 
-typedef void   nbuf_t;
+#define        NBUF_DATAREF_RESET      0x01
+
+typedef struct {
+       struct mbuf *   nb_mbuf0;
+       struct mbuf *   nb_mbuf;
+       void *          nb_nptr;
+       const ifnet_t * nb_ifp;
+       int             nb_flags;
+} nbuf_t;
 
-void *         nbuf_dataptr(void *);
-void *         nbuf_advance(nbuf_t **, void *, u_int);
-int            nbuf_advfetch(nbuf_t **, void **, u_int, size_t, void *);
-int            nbuf_advstore(nbuf_t **, void **, u_int, size_t, void *);
-int            nbuf_fetch_datum(nbuf_t *, void *, size_t, void *);
-int            nbuf_store_datum(nbuf_t *, void *, size_t, void *);
+void           nbuf_init(nbuf_t *, struct mbuf *, const ifnet_t *);
+void           nbuf_reset(nbuf_t *);
+struct mbuf *  nbuf_head_mbuf(nbuf_t *);
+
+bool           nbuf_flag_p(const nbuf_t *, int);
+void           nbuf_unset_flag(nbuf_t *, int);
 
-void           nbuf_cksum_barrier(nbuf_t *);
+void *         nbuf_dataptr(nbuf_t *);
+size_t         nbuf_offset(const nbuf_t *);
+void *         nbuf_advance(nbuf_t *, size_t, size_t);
+
+void *         nbuf_ensure_contig(nbuf_t *, size_t);
+void *         nbuf_ensure_writable(nbuf_t *, size_t);
+
+bool           nbuf_cksum_barrier(nbuf_t *, int);
 int            nbuf_add_tag(nbuf_t *, uint32_t, uint32_t);
 int            nbuf_find_tag(nbuf_t *, uint32_t, void **);
 
@@ -264,6 +283,9 @@
        NPF_STAT_REASSFAIL,
        /* Other errors. */
        NPF_STAT_ERROR,
+       /* nbuf non-contiguous cases. */
+       NPF_STAT_NBUF_NONCONTIG,
+       NPF_STAT_NBUF_CONTIG_FAIL,
        /* Count (last). */
        NPF_STATS_COUNT
 } npf_stats_t;
diff -r 71ef2ae3d461 -r d75a6804a5ba sys/net/npf/npf_alg.c
--- a/sys/net/npf/npf_alg.c     Mon Dec 24 14:50:04 2012 +0000
+++ b/sys/net/npf/npf_alg.c     Mon Dec 24 19:05:42 2012 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: npf_alg.c,v 1.5 2012/07/15 00:23:00 rmind Exp $        */
+/*     $NetBSD: npf_alg.c,v 1.6 2012/12/24 19:05:42 rmind Exp $        */
 
 /*-
  * Copyright (c) 2010 The NetBSD Foundation, Inc.
@@ -34,7 +34,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: npf_alg.c,v 1.5 2012/07/15 00:23:00 rmind Exp $");
+__KERNEL_RCSID(0, "$NetBSD: npf_alg.c,v 1.6 2012/12/24 19:05:42 rmind Exp $");
 
 #include <sys/param.h>
 #include <sys/types.h>
@@ -48,17 +48,16 @@
 
 /* NAT ALG structure for registration. */
 struct npf_alg {
-       LIST_ENTRY(npf_alg)             na_entry;
-       npf_alg_t *                     na_bptr;
-       npf_algfunc_t                   na_match_func;
-       npf_algfunc_t                   na_out_func;
-       npf_algfunc_t                   na_in_func;
-       npf_algfunc_t                   na_seid_func;
+       LIST_ENTRY(npf_alg)     na_entry;
+       npf_alg_t *             na_bptr;
+       npf_alg_func_t          na_match_func;
+       npf_alg_func_t          na_tr_func;
+       npf_alg_sfunc_t         na_se_func;
 };
 
-static LIST_HEAD(, npf_alg)            nat_alg_list    __cacheline_aligned;
-static kmutex_t                                nat_alg_lock    __cacheline_aligned;
-static pserialize_t                    nat_alg_psz     __cacheline_aligned;
+static LIST_HEAD(, npf_alg)    nat_alg_list    __cacheline_aligned;
+static kmutex_t                        nat_alg_lock    __cacheline_aligned;
+static pserialize_t            nat_alg_psz     __cacheline_aligned;
 
 void
 npf_alg_sysinit(void)
@@ -84,17 +83,16 @@
  * XXX: Protected by module lock, but unify serialisation later.
  */
 npf_alg_t *
-npf_alg_register(npf_algfunc_t match, npf_algfunc_t out, npf_algfunc_t in,
-    npf_algfunc_t seid)
+npf_alg_register(npf_alg_func_t mfunc, npf_alg_func_t tfunc,
+    npf_alg_sfunc_t sfunc)
 {
        npf_alg_t *alg;
 
        alg = kmem_zalloc(sizeof(npf_alg_t), KM_SLEEP);
        alg->na_bptr = alg;
-       alg->na_match_func = match;
-       alg->na_out_func = out;
-       alg->na_in_func = in;
-       alg->na_seid_func = seid;
+       alg->na_match_func = mfunc;
+       alg->na_tr_func = tfunc;
+       alg->na_se_func = sfunc;
 
        mutex_enter(&nat_alg_lock);
        LIST_INSERT_HEAD(&nat_alg_list, alg, na_entry);
@@ -127,7 +125,7 @@
  * npf_alg_match: call ALG matching inspectors, determine if any ALG matches.
  */
 bool
-npf_alg_match(npf_cache_t *npc, nbuf_t *nbuf, npf_nat_t *nt)
+npf_alg_match(npf_cache_t *npc, nbuf_t *nbuf, npf_nat_t *nt, int di)
 {
        npf_alg_t *alg;
        bool match = false;
@@ -135,9 +133,9 @@
 
        s = pserialize_read_enter();
        LIST_FOREACH(alg, &nat_alg_list, na_entry) {
-               npf_algfunc_t func = alg->na_match_func;
+               npf_alg_func_t func = alg->na_match_func;
 
-               if (func && func(npc, nbuf, nt)) {
+               if (func && func(npc, nbuf, nt, di)) {
                        match = true;
                        break;
                }
@@ -150,41 +148,37 @@
  * npf_alg_exec: execute ALG hooks for translation.
  */
 void
-npf_alg_exec(npf_cache_t *npc, nbuf_t *nbuf, npf_nat_t *nt, const int di)
+npf_alg_exec(npf_cache_t *npc, nbuf_t *nbuf, npf_nat_t *nt, int di)
 {
        npf_alg_t *alg;
        int s;
 
        s = pserialize_read_enter();
        LIST_FOREACH(alg, &nat_alg_list, na_entry) {
-               if ((di & PFIL_OUT) != 0 && alg->na_out_func != NULL) {
-                       (alg->na_out_func)(npc, nbuf, nt);
-                       continue;
-               }
-               if ((di & PFIL_IN) != 0 && alg->na_in_func != NULL) {
-                       (alg->na_in_func)(npc, nbuf, nt);
-                       continue;
+               npf_alg_func_t func;
+
+               if ((func = alg->na_tr_func) != NULL) {
+                       (func)(npc, nbuf, nt, di);
                }
        }
        pserialize_read_exit(s);
 }
 
-bool
-npf_alg_sessionid(npf_cache_t *npc, nbuf_t *nbuf, npf_cache_t *key)
+npf_session_t *
+npf_alg_session(npf_cache_t *npc, nbuf_t *nbuf, int di)
 {
+       npf_session_t *se = NULL;
        npf_alg_t *alg;
-       bool nkey = false;
        int s;
 
        s = pserialize_read_enter();
        LIST_FOREACH(alg, &nat_alg_list, na_entry) {
-               npf_algfunc_t func = alg->na_seid_func;
+               npf_alg_sfunc_t func = alg->na_se_func;
 
-               if (func && func(npc, nbuf, (npf_nat_t *)key)) {
-                       nkey = true;
+               if (func && (se = func(npc, nbuf, di)) != NULL) {
                        break;
                }
        }
        pserialize_read_exit(s);
-       return nkey;
+       return se;
 }
diff -r 71ef2ae3d461 -r d75a6804a5ba sys/net/npf/npf_alg_icmp.c
--- a/sys/net/npf/npf_alg_icmp.c        Mon Dec 24 14:50:04 2012 +0000
+++ b/sys/net/npf/npf_alg_icmp.c        Mon Dec 24 19:05:42 2012 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: npf_alg_icmp.c,v 1.13 2012/09/16 13:44:14 rmind Exp $  */
+/*     $NetBSD: npf_alg_icmp.c,v 1.14 2012/12/24 19:05:42 rmind Exp $  */
 
 /*-
  * Copyright (c) 2010 The NetBSD Foundation, Inc.
@@ -34,7 +34,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: npf_alg_icmp.c,v 1.13 2012/09/16 13:44:14 rmind Exp $");
+__KERNEL_RCSID(0, "$NetBSD: npf_alg_icmp.c,v 1.14 2012/12/24 19:05:42 rmind Exp $");
 
 #include <sys/param.h>
 #include <sys/module.h>
@@ -57,18 +57,18 @@
  * Traceroute criteria.
  *
  * IANA assigned base port: 33434.  However, common practice is to increase
- * the port, thus monitor [33434-33484] range.  Additional filter is TTL < 50.
+ * the port, thus monitor [33434-33484] range.  Additional filter is low TTL.
  */
 
 #define        TR_BASE_PORT    33434
 #define        TR_PORT_RANGE   33484
-#define        TR_MAX_TTL      50
+#define        TR_MAX_TTL      48
 
 static npf_alg_t *     alg_icmp        __read_mostly;
 
-static bool            npfa_icmp_match(npf_cache_t *, nbuf_t *, void *);
-static bool            npfa_icmp_natin(npf_cache_t *, nbuf_t *, void *);
-static bool            npfa_icmp_session(npf_cache_t *, nbuf_t *, void *);
+static bool    npfa_icmp_match(npf_cache_t *, nbuf_t *, npf_nat_t *, int);
+static bool    npfa_icmp_nat(npf_cache_t *, nbuf_t *, npf_nat_t *, int);
+static npf_session_t *npfa_icmp_session(npf_cache_t *, nbuf_t *, int);
 
 /*
  * npf_alg_icmp_{init,fini,modcmd}: ICMP ALG initialization, destruction
@@ -79,8 +79,8 @@



Home | Main Index | Thread Index | Old Index