Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/netbsd-9]: src Pull up following revision(s) (requested by rmind in tick...
details: https://anonhg.NetBSD.org/src/rev/a1355b6e29cd
branches: netbsd-9
changeset: 962904:a1355b6e29cd
user: martin <martin%NetBSD.org@localhost>
date: Sun Sep 01 13:21:39 2019 +0000
description:
Pull up following revision(s) (requested by rmind in ticket #141):
usr.sbin/npf/npfctl/npf_bpf_comp.c: revision 1.15
sys/net/npf/npf_alg.c: revision 1.21
sys/net/npf/npf.h: revision 1.62
sys/net/npf/npf_ctl.c: revision 1.57
sys/net/npf/npf_ctl.c: revision 1.58
sys/net/npf/npf_os.c: revision 1.16
sys/net/npf/npf_os.c: revision 1.17
sys/net/npf/npf_conf.c: revision 1.15
sys/net/npf/npf_impl.h: revision 1.78
sys/sys/mbuf.h: revision 1.220
sys/net/npf/npf_impl.h: revision 1.79
sys/net/npf/npf.c: revision 1.41
usr.sbin/npf/npftest/libnpftest/npf_rule_test.c: revision 1.19
sys/net/npf/npf_nat.c: revision 1.48
sys/net/npf/npf_handler.c: revision 1.48
sys/net/npf/npf_ifaddr.c: revision 1.6
- npfctl_load_nvlist: simplify the config loading logic.
- Fix a small race condition in npf_nat_getaddr().
- Rework pserialize/EBR wrappers, make it easier to maintain.
Move PACKET_TAG_NPF where it belongs to.
Make npfctl_switch() and pfil private to OS-specific module.
diffstat:
sys/net/npf/npf.c | 12 +-
sys/net/npf/npf.h | 5 +-
sys/net/npf/npf_alg.c | 28 ++--
sys/net/npf/npf_conf.c | 106 ++++++++---------
sys/net/npf/npf_ctl.c | 141 ++++++++---------------
sys/net/npf/npf_handler.c | 9 +-
sys/net/npf/npf_ifaddr.c | 11 +-
sys/net/npf/npf_impl.h | 52 +++++---
sys/net/npf/npf_nat.c | 18 ++-
sys/net/npf/npf_os.c | 90 ++++++++++++++-
sys/sys/mbuf.h | 3 +-
usr.sbin/npf/npfctl/npf_bpf_comp.c | 14 +-
usr.sbin/npf/npftest/libnpftest/npf_rule_test.c | 4 +-
13 files changed, 274 insertions(+), 219 deletions(-)
diffs (truncated from 1282 to 300 lines):
diff -r 31a64e5a8ae2 -r a1355b6e29cd sys/net/npf/npf.c
--- a/sys/net/npf/npf.c Sun Sep 01 13:18:39 2019 +0000
+++ b/sys/net/npf/npf.c Sun Sep 01 13:21:39 2019 +0000
@@ -33,7 +33,7 @@
#ifdef _KERNEL
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: npf.c,v 1.38.2.2 2019/08/13 14:35:55 martin Exp $");
+__KERNEL_RCSID(0, "$NetBSD: npf.c,v 1.38.2.3 2019/09/01 13:21:39 martin Exp $");
#include <sys/param.h>
#include <sys/types.h>
@@ -72,7 +72,7 @@
npf_t *npf;
npf = kmem_zalloc(sizeof(npf_t), KM_SLEEP);
- npf->qsbr = pserialize_create();
+ npf->ebr = npf_ebr_create();
npf->stats_percpu = percpu_alloc(NPF_STATS_SIZE);
npf->mbufops = mbufops;
@@ -111,7 +111,7 @@
npf_state_sysfini(npf);
npf_param_fini(npf);
- pserialize_destroy(npf->qsbr);
+ npf_ebr_destroy(npf->ebr);
percpu_free(npf->stats_percpu, NPF_STATS_SIZE);
kmem_free(npf, sizeof(npf_t));
}
@@ -131,14 +131,14 @@
__dso_public void
npfk_thread_register(npf_t *npf)
{
- pserialize_register(npf->qsbr);
+ npf_ebr_register(npf->ebr);
}
__dso_public void
npfk_thread_unregister(npf_t *npf)
{
- pserialize_perform(npf->qsbr);
- pserialize_unregister(npf->qsbr);
+ npf_ebr_full_sync(npf->ebr);
+ npf_ebr_unregister(npf->ebr);
}
void
diff -r 31a64e5a8ae2 -r a1355b6e29cd sys/net/npf/npf.h
--- a/sys/net/npf/npf.h Sun Sep 01 13:18:39 2019 +0000
+++ b/sys/net/npf/npf.h Sun Sep 01 13:21:39 2019 +0000
@@ -253,8 +253,9 @@
#define NPF_LAYER_2 2
#define NPF_LAYER_3 3
-/* XXX mbuf.h: just for now. */
-#define PACKET_TAG_NPF 10
+/*
+ * Flags passed via nbuf tags.
+ */
#define NPF_NTAG_PASS 0x0001
/*
diff -r 31a64e5a8ae2 -r a1355b6e29cd sys/net/npf/npf_alg.c
--- a/sys/net/npf/npf_alg.c Sun Sep 01 13:18:39 2019 +0000
+++ b/sys/net/npf/npf_alg.c Sun Sep 01 13:21:39 2019 +0000
@@ -33,13 +33,12 @@
#ifdef _KERNEL
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: npf_alg.c,v 1.20 2019/07/23 00:52:01 rmind Exp $");
+__KERNEL_RCSID(0, "$NetBSD: npf_alg.c,v 1.20.2.1 2019/09/01 13:21:39 martin Exp $");
#include <sys/param.h>
#include <sys/types.h>
#include <sys/kmem.h>
-#include <sys/pserialize.h>
#include <sys/module.h>
#endif
@@ -185,7 +184,7 @@
afuncs->match = NULL;
afuncs->translate = NULL;
afuncs->inspect = NULL;
- pserialize_perform(npf->qsbr);
+ npf_ebr_full_sync(npf->ebr);
/* Finally, unregister the ALG. */
npf_ruleset_freealg(npf_config_natset(npf), alg);
@@ -210,13 +209,14 @@
bool
npf_alg_match(npf_cache_t *npc, npf_nat_t *nt, int di)
{
- npf_algset_t *aset = npc->npc_ctx->algset;
+ npf_t *npf = npc->npc_ctx;
+ npf_algset_t *aset = npf->algset;
bool match = false;
int s;
KASSERTMSG(npf_iscached(npc, NPC_IP46), "expecting protocol number");
- s = pserialize_read_enter();
+ s = npf_ebr_enter(npf->ebr);
for (unsigned i = 0; i < aset->alg_count; i++) {
const npfa_funcs_t *f = &aset->alg_funcs[i];
@@ -225,7 +225,7 @@
break;
}
}
- pserialize_read_exit(s);
+ npf_ebr_exit(npf->ebr, s);
return match;
}
@@ -243,12 +243,13 @@
void
npf_alg_exec(npf_cache_t *npc, npf_nat_t *nt, bool forw)
{
- npf_algset_t *aset = npc->npc_ctx->algset;
+ npf_t *npf = npc->npc_ctx;
+ npf_algset_t *aset = npf->algset;
int s;
KASSERTMSG(npf_iscached(npc, NPC_IP46), "expecting protocol number");
- s = pserialize_read_enter();
+ s = npf_ebr_enter(npf->ebr);
for (unsigned i = 0; i < aset->alg_count; i++) {
const npfa_funcs_t *f = &aset->alg_funcs[i];
@@ -256,11 +257,11 @@
f->translate(npc, nt, forw);
}
}
- pserialize_read_exit(s);
+ npf_ebr_exit(npf->ebr, s);
}
/*
- * npf_alg_conn: query ALGs giving which may perform a custom state lookup.
+ * npf_alg_conn: query ALGs which may perform a custom state lookup.
*
* The purpose of ALG connection inspection function is to provide
* ALGs with a mechanism to override the regular connection state
@@ -279,11 +280,12 @@
npf_conn_t *
npf_alg_conn(npf_cache_t *npc, int di)
{
- npf_algset_t *aset = npc->npc_ctx->algset;
+ npf_t *npf = npc->npc_ctx;
+ npf_algset_t *aset = npf->algset;
npf_conn_t *con = NULL;
int s;
- s = pserialize_read_enter();
+ s = npf_ebr_enter(npf->ebr);
for (unsigned i = 0; i < aset->alg_count; i++) {
const npfa_funcs_t *f = &aset->alg_funcs[i];
@@ -292,7 +294,7 @@
if ((con = f->inspect(npc, di)) != NULL)
break;
}
- pserialize_read_exit(s);
+ npf_ebr_exit(npf->ebr, s);
return con;
}
diff -r 31a64e5a8ae2 -r a1355b6e29cd sys/net/npf/npf_conf.c
--- a/sys/net/npf/npf_conf.c Sun Sep 01 13:18:39 2019 +0000
+++ b/sys/net/npf/npf_conf.c Sun Sep 01 13:21:39 2019 +0000
@@ -47,53 +47,57 @@
#ifdef _KERNEL
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: npf_conf.c,v 1.13.2.1 2019/08/13 14:35:55 martin Exp $");
+__KERNEL_RCSID(0, "$NetBSD: npf_conf.c,v 1.13.2.2 2019/09/01 13:21:39 martin Exp $");
#include <sys/param.h>
#include <sys/types.h>
#include <sys/atomic.h>
#include <sys/kmem.h>
-#include <sys/pserialize.h>
#include <sys/mutex.h>
#endif
#include "npf_impl.h"
#include "npf_conn.h"
-struct npf_config {
- npf_ruleset_t * n_rules;
- npf_tableset_t * n_tables;
- npf_ruleset_t * n_nat_rules;
- npf_rprocset_t * n_rprocs;
- bool n_default_pass;
-};
-
void
npf_config_init(npf_t *npf)
{
- npf_ruleset_t *rlset, *nset;
- npf_rprocset_t *rpset;
- npf_tableset_t *tset;
+ npf_config_t *nc;
mutex_init(&npf->config_lock, MUTEX_DEFAULT, IPL_SOFTNET);
+ nc = npf_config_create();
- /* Load the empty configuration. */
- tset = npf_tableset_create(0);
- rpset = npf_rprocset_create();
- rlset = npf_ruleset_create(0);
- nset = npf_ruleset_create(0);
- npf_config_load(npf, rlset, tset, nset, rpset, NULL, true);
+ /*
+ * Load an empty configuration.
+ */
+ nc->ruleset = npf_ruleset_create(0);
+ nc->nat_ruleset = npf_ruleset_create(0);
+ nc->rule_procs = npf_rprocset_create();
+ nc->tableset = npf_tableset_create(0);
+ nc->default_pass = true;
+
+ npf_config_load(npf, nc, NULL, true);
KASSERT(npf->config != NULL);
}
-static void
+npf_config_t *
+npf_config_create(void)
+{
+ return kmem_zalloc(sizeof(npf_config_t), KM_SLEEP);
+}
+
+void
npf_config_destroy(npf_config_t *nc)
{
- npf_ruleset_destroy(nc->n_rules);
- npf_ruleset_destroy(nc->n_nat_rules);
- npf_rprocset_destroy(nc->n_rprocs);
- npf_tableset_destroy(nc->n_tables);
+ /*
+ * Note: the rulesets must be destroyed first, in order to drop
+ * any references to the tableset.
+ */
+ npf_ruleset_destroy(nc->ruleset);
+ npf_ruleset_destroy(nc->nat_ruleset);
+ npf_rprocset_destroy(nc->rule_procs);
+ npf_tableset_destroy(nc->tableset);
kmem_free(nc, sizeof(npf_config_t));
}
@@ -105,7 +109,7 @@
/* Flush the connections. */
mutex_enter(&npf->config_lock);
npf_conn_tracking(npf, false);
- pserialize_perform(npf->qsbr);
+ npf_ebr_full_sync(npf->ebr);
npf_conn_load(npf, cd, false);
npf_ifmap_flush(npf);
mutex_exit(&npf->config_lock);
@@ -119,19 +123,12 @@
* Performs the necessary synchronisation and destroys the old config.
*/
void
-npf_config_load(npf_t *npf, npf_ruleset_t *rset, npf_tableset_t *tset,
- npf_ruleset_t *nset, npf_rprocset_t *rpset,
- npf_conndb_t *conns, bool flush)
+npf_config_load(npf_t *npf, npf_config_t *nc, npf_conndb_t *conns, bool flush)
{
const bool load = conns != NULL;
- npf_config_t *nc, *onc;
+ npf_config_t *onc;
- nc = kmem_zalloc(sizeof(npf_config_t), KM_SLEEP);
- nc->n_rules = rset;
- nc->n_tables = tset;
- nc->n_nat_rules = nset;
- nc->n_rprocs = rpset;
- nc->n_default_pass = flush;
+ nc->default_pass = flush;
/*
* Acquire the lock and perform the first phase:
@@ -140,9 +137,9 @@
*/
mutex_enter(&npf->config_lock);
if ((onc = npf->config) != NULL) {
- npf_ruleset_reload(npf, rset, onc->n_rules, load);
- npf_tableset_reload(npf, tset, onc->n_tables);
- npf_ruleset_reload(npf, nset, onc->n_nat_rules, load);
+ npf_ruleset_reload(npf, nc->ruleset, onc->ruleset, load);
+ npf_tableset_reload(npf, nc->tableset, onc->tableset);
+ npf_ruleset_reload(npf, nc->nat_ruleset, onc->nat_ruleset, load);
}
/*
Home |
Main Index |
Thread Index |
Old Index