Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src - Add NPF table flushing functionality.
details: https://anonhg.NetBSD.org/src/rev/c8a1cabdc2ea
branches: trunk
changeset: 786900:c8a1cabdc2ea
user: rmind <rmind%NetBSD.org@localhost>
date: Sun May 19 20:45:34 2013 +0000
description:
- Add NPF table flushing functionality.
- Fix line numbering for npfctl debug command.
diffstat:
sys/net/npf/npf_ctl.c | 7 +++-
sys/net/npf/npf_impl.h | 3 +-
sys/net/npf/npf_tableset.c | 57 +++++++++++++++++++++++++++++++++-------
usr.sbin/npf/npfctl/npf_build.c | 8 +++--
usr.sbin/npf/npfctl/npf_parse.y | 6 ++-
usr.sbin/npf/npfctl/npfctl.c | 29 ++++++++++++++------
6 files changed, 83 insertions(+), 27 deletions(-)
diffs (275 lines):
diff -r 0634423a6da4 -r c8a1cabdc2ea sys/net/npf/npf_ctl.c
--- a/sys/net/npf/npf_ctl.c Sun May 19 17:07:04 2013 +0000
+++ b/sys/net/npf/npf_ctl.c Sun May 19 20:45:34 2013 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: npf_ctl.c,v 1.24 2013/03/20 00:29:47 christos Exp $ */
+/* $NetBSD: npf_ctl.c,v 1.25 2013/05/19 20:45:34 rmind Exp $ */
/*-
* Copyright (c) 2009-2013 The NetBSD Foundation, Inc.
@@ -37,7 +37,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: npf_ctl.c,v 1.24 2013/03/20 00:29:47 christos Exp $");
+__KERNEL_RCSID(0, "$NetBSD: npf_ctl.c,v 1.25 2013/05/19 20:45:34 rmind Exp $");
#include <sys/param.h>
#include <sys/conf.h>
@@ -813,6 +813,9 @@
error = npf_table_list(tblset, nct->nct_tid,
nct->nct_data.buf.buf, nct->nct_data.buf.len);
break;
+ case NPF_CMD_TABLE_FLUSH:
+ error = npf_table_flush(tblset, nct->nct_tid);
+ break;
default:
error = EINVAL;
break;
diff -r 0634423a6da4 -r c8a1cabdc2ea sys/net/npf/npf_impl.h
--- a/sys/net/npf/npf_impl.h Sun May 19 17:07:04 2013 +0000
+++ b/sys/net/npf/npf_impl.h Sun May 19 20:45:34 2013 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: npf_impl.h,v 1.29 2013/03/20 00:29:47 christos Exp $ */
+/* $NetBSD: npf_impl.h,v 1.30 2013/05/19 20:45:34 rmind Exp $ */
/*-
* Copyright (c) 2009-2013 The NetBSD Foundation, Inc.
@@ -220,6 +220,7 @@
int npf_table_lookup(npf_tableset_t *, u_int,
const int, const npf_addr_t *);
int npf_table_list(npf_tableset_t *, u_int, void *, size_t);
+int npf_table_flush(npf_tableset_t *, u_int);
/* Ruleset interface. */
npf_ruleset_t * npf_ruleset_create(size_t);
diff -r 0634423a6da4 -r c8a1cabdc2ea sys/net/npf/npf_tableset.c
--- a/sys/net/npf/npf_tableset.c Sun May 19 17:07:04 2013 +0000
+++ b/sys/net/npf/npf_tableset.c Sun May 19 20:45:34 2013 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: npf_tableset.c,v 1.17 2013/02/09 03:35:32 rmind Exp $ */
+/* $NetBSD: npf_tableset.c,v 1.18 2013/05/19 20:45:34 rmind Exp $ */
/*-
* Copyright (c) 2009-2012 The NetBSD Foundation, Inc.
@@ -41,7 +41,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: npf_tableset.c,v 1.17 2013/02/09 03:35:32 rmind Exp $");
+__KERNEL_RCSID(0, "$NetBSD: npf_tableset.c,v 1.18 2013/05/19 20:45:34 rmind Exp $");
#include <sys/param.h>
#include <sys/types.h>
@@ -223,6 +223,19 @@
}
static void
+table_hash_destroy(npf_table_t *t)
+{
+ for (unsigned n = 0; n <= t->t_hashmask; n++) {
+ npf_tblent_t *ent;
+
+ while ((ent = LIST_FIRST(&t->t_hashl[n])) != NULL) {
+ LIST_REMOVE(ent, te_entry.hashq);
+ pool_cache_put(tblent_cache, ent);
+ }
+ }
+}
+
+static void
table_tree_destroy(pt_tree_t *tree)
{
npf_tblent_t *ent;
@@ -282,14 +295,7 @@
switch (t->t_type) {
case NPF_TABLE_HASH:
- for (unsigned n = 0; n <= t->t_hashmask; n++) {
- npf_tblent_t *ent;
-
- while ((ent = LIST_FIRST(&t->t_hashl[n])) != NULL) {
- LIST_REMOVE(ent, te_entry.hashq);
- pool_cache_put(tblent_cache, ent);
- }
- }
+ table_hash_destroy(t);
hashdone(t->t_hashl, HASH_LIST, t->t_hashmask);
break;
case NPF_TABLE_TREE:
@@ -592,3 +598,34 @@
return error;
}
+
+/*
+ * npf_table_flush: remove all table entries.
+ */
+int
+npf_table_flush(npf_tableset_t *tset, u_int tid)
+{
+ npf_table_t *t;
+
+ if ((u_int)tid >= NPF_TABLE_SLOTS || (t = tset[tid]) == NULL) {
+ return EINVAL;
+ }
+
+ rw_enter(&t->t_lock, RW_WRITER);
+ switch (t->t_type) {
+ case NPF_TABLE_HASH:
+ table_hash_destroy(t);
+ t->t_nitems = 0;
+ break;
+ case NPF_TABLE_TREE:
+ table_tree_destroy(&t->t_tree[0]);
+ table_tree_destroy(&t->t_tree[1]);
+ t->t_nitems = 0;
+ break;
+ default:
+ KASSERT(false);
+ }
+ rw_exit(&t->t_lock);
+
+ return 0;
+}
diff -r 0634423a6da4 -r c8a1cabdc2ea usr.sbin/npf/npfctl/npf_build.c
--- a/usr.sbin/npf/npfctl/npf_build.c Sun May 19 17:07:04 2013 +0000
+++ b/usr.sbin/npf/npfctl/npf_build.c Sun May 19 20:45:34 2013 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: npf_build.c,v 1.23 2013/03/20 00:29:47 christos Exp $ */
+/* $NetBSD: npf_build.c,v 1.24 2013/05/19 20:45:34 rmind Exp $ */
/*-
* Copyright (c) 2011-2013 The NetBSD Foundation, Inc.
@@ -34,7 +34,7 @@
*/
#include <sys/cdefs.h>
-__RCSID("$NetBSD: npf_build.c,v 1.23 2013/03/20 00:29:47 christos Exp $");
+__RCSID("$NetBSD: npf_build.c,v 1.24 2013/05/19 20:45:34 rmind Exp $");
#include <sys/types.h>
#include <sys/ioctl.h>
@@ -384,8 +384,10 @@
*/
code = npfctl_ncgen_complete(nc, &len);
if (npf_debug) {
+ extern char *yytext;
extern int yylineno;
- printf("RULE AT LINE %d\n", yylineno);
+
+ printf("RULE AT LINE %d\n", yylineno - (int)(*yytext == '\n'));
npfctl_ncgen_print(code, len);
}
assert(code && len > 0);
diff -r 0634423a6da4 -r c8a1cabdc2ea usr.sbin/npf/npfctl/npf_parse.y
--- a/usr.sbin/npf/npfctl/npf_parse.y Sun May 19 17:07:04 2013 +0000
+++ b/usr.sbin/npf/npfctl/npf_parse.y Sun May 19 20:45:34 2013 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: npf_parse.y,v 1.23 2013/05/09 19:12:03 christos Exp $ */
+/* $NetBSD: npf_parse.y,v 1.24 2013/05/19 20:45:34 rmind Exp $ */
/*-
* Copyright (c) 2011-2012 The NetBSD Foundation, Inc.
@@ -326,12 +326,13 @@
}
;
-alg
+alg
: ALG STRING
{
npfctl_build_alg($2);
}
;
+
procs
: proc_call SEPLINE procs
{
@@ -478,6 +479,7 @@
| group
| ruleset
|
+ ;
rule
: block_or_pass opt_stateful rule_dir opt_final on_ifindex
diff -r 0634423a6da4 -r c8a1cabdc2ea usr.sbin/npf/npfctl/npfctl.c
--- a/usr.sbin/npf/npfctl/npfctl.c Sun May 19 17:07:04 2013 +0000
+++ b/usr.sbin/npf/npfctl/npfctl.c Sun May 19 20:45:34 2013 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: npfctl.c,v 1.36 2013/03/18 02:17:49 rmind Exp $ */
+/* $NetBSD: npfctl.c,v 1.37 2013/05/19 20:45:34 rmind Exp $ */
/*-
* Copyright (c) 2009-2013 The NetBSD Foundation, Inc.
@@ -30,7 +30,7 @@
*/
#include <sys/cdefs.h>
-__RCSID("$NetBSD: npfctl.c,v 1.36 2013/03/18 02:17:49 rmind Exp $");
+__RCSID("$NetBSD: npfctl.c,v 1.37 2013/05/19 20:45:34 rmind Exp $");
#include <sys/ioctl.h>
#include <sys/stat.h>
@@ -115,10 +115,7 @@
const char *progname = getprogname();
fprintf(stderr,
- "Usage:\t%s start | stop | flush | show | stats\n",
- progname);
- fprintf(stderr,
- "\t%s sess-load | sess-save\n",
+ "Usage:\t%s start | stop | flush | show | stats\n",
progname);
fprintf(stderr,
"\t%s validate | reload [<rule-file>]\n",
@@ -138,6 +135,9 @@
fprintf(stderr,
"\t%s table <tid> { list | flush }\n",
progname);
+ fprintf(stderr,
+ "\t%s sess-load | sess-save\n",
+ progname);
exit(EXIT_FAILURE);
}
@@ -279,6 +279,7 @@
{ "del", NPF_CMD_TABLE_REMOVE },
{ "test", NPF_CMD_TABLE_LOOKUP },
{ "list", NPF_CMD_TABLE_LIST },
+ { "flush", NPF_CMD_TABLE_FLUSH },
{ NULL, 0 }
};
npf_ioctl_table_t nct;
@@ -302,17 +303,27 @@
if (tblops[n].cmd == NULL) {
errx(EXIT_FAILURE, "invalid command '%s'", cmd);
}
- if (nct.nct_cmd != NPF_CMD_TABLE_LIST) {
+
+ switch (nct.nct_cmd) {
+ case NPF_CMD_TABLE_LIST:
+ case NPF_CMD_TABLE_FLUSH:
+ break;
+ default:
if (argc < 3) {
usage();
}
arg = argv[2];
}
+
again:
- if (nct.nct_cmd == NPF_CMD_TABLE_LIST) {
+ switch (nct.nct_cmd) {
+ case NPF_CMD_TABLE_LIST:
nct.nct_data.buf.buf = ecalloc(1, buflen);
nct.nct_data.buf.len = buflen;
- } else {
+ break;
+ case NPF_CMD_TABLE_FLUSH:
+ break;
+ default:
if (!npfctl_parse_cidr(arg, &fam, &alen)) {
errx(EXIT_FAILURE, "invalid CIDR '%s'", arg);
}
Home |
Main Index |
Thread Index |
Old Index