Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/sys/net/npf NPF: finish up the rework of npfctl_save() mecha...
details: https://anonhg.NetBSD.org/src/rev/00921d0e155a
branches: trunk
changeset: 331450:00921d0e155a
user: rmind <rmind%NetBSD.org@localhost>
date: Mon Aug 11 01:54:12 2014 +0000
description:
NPF: finish up the rework of npfctl_save() mechanism.
diffstat:
sys/net/npf/npf_conf.c | 24 +++++++---------------
sys/net/npf/npf_ctl.c | 49 +++++++++++++++++++++++++++++++--------------
sys/net/npf/npf_impl.h | 12 +++++-----
sys/net/npf/npf_rproc.c | 18 +++++++++++++++-
sys/net/npf/npf_ruleset.c | 48 ++++++++++++++++++++++++++++----------------
sys/net/npf/npf_tableset.c | 13 ++++-------
6 files changed, 100 insertions(+), 64 deletions(-)
diffs (truncated from 477 to 300 lines):
diff -r 3e1127356ffe -r 00921d0e155a sys/net/npf/npf_conf.c
--- a/sys/net/npf/npf_conf.c Mon Aug 11 00:31:22 2014 +0000
+++ b/sys/net/npf/npf_conf.c Mon Aug 11 01:54:12 2014 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: npf_conf.c,v 1.7 2014/07/23 01:25:34 rmind Exp $ */
+/* $NetBSD: npf_conf.c,v 1.8 2014/08/11 01:54:12 rmind Exp $ */
/*-
* Copyright (c) 2013 The NetBSD Foundation, Inc.
@@ -48,7 +48,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: npf_conf.c,v 1.7 2014/07/23 01:25:34 rmind Exp $");
+__KERNEL_RCSID(0, "$NetBSD: npf_conf.c,v 1.8 2014/08/11 01:54:12 rmind Exp $");
#include <sys/param.h>
#include <sys/types.h>
@@ -66,7 +66,6 @@
npf_tableset_t * n_tables;
npf_ruleset_t * n_nat_rules;
npf_rprocset_t * n_rprocs;
- prop_dictionary_t n_dict;
bool n_default_pass;
} npf_config_t;
@@ -77,7 +76,6 @@
void
npf_config_init(void)
{
- prop_dictionary_t dict;
npf_ruleset_t *rlset, *nset;
npf_rprocset_t *rpset;
npf_tableset_t *tset;
@@ -86,19 +84,17 @@
npf_config_psz = pserialize_create();
/* Load the empty configuration. */
- dict = prop_dictionary_create();
tset = npf_tableset_create(0);
rpset = npf_rprocset_create();
rlset = npf_ruleset_create(0);
nset = npf_ruleset_create(0);
- npf_config_load(dict, rlset, tset, nset, rpset, NULL, true);
+ npf_config_load(rlset, tset, nset, rpset, NULL, true);
KASSERT(npf_config != NULL);
}
static void
npf_config_destroy(npf_config_t *nc)
{
- prop_object_release(nc->n_dict);
npf_ruleset_destroy(nc->n_rules);
npf_ruleset_destroy(nc->n_nat_rules);
npf_rprocset_destroy(nc->n_rprocs);
@@ -127,8 +123,8 @@
* Performs the necessary synchronisation and destroys the old config.
*/
void
-npf_config_load(prop_dictionary_t dict, npf_ruleset_t *rset,
- npf_tableset_t *tset, npf_ruleset_t *nset, npf_rprocset_t *rpset,
+npf_config_load(npf_ruleset_t *rset, npf_tableset_t *tset,
+ npf_ruleset_t *nset, npf_rprocset_t *rpset,
npf_conndb_t *conns, bool flush)
{
npf_config_t *nc, *onc;
@@ -138,7 +134,6 @@
nc->n_tables = tset;
nc->n_nat_rules = nset;
nc->n_rprocs = rpset;
- nc->n_dict = dict;
nc->n_default_pass = flush;
/*
@@ -185,9 +180,6 @@
* If not flushing - enable the connection tracking.
*/
npf_conn_load(conns, !flush);
-
- /* Sync the config proplib data. */
- npf_tableset_syncdict(tset, dict);
mutex_exit(&npf_config_lock);
/* Finally, it is safe to destroy the old config. */
@@ -261,10 +253,10 @@
return npf_config->n_tables;
}
-prop_dictionary_t
-npf_config_dict(void)
+npf_rprocset_t *
+npf_config_rprocs(void)
{
- return npf_config->n_dict;
+ return npf_config->n_rprocs;
}
bool
diff -r 3e1127356ffe -r 00921d0e155a sys/net/npf/npf_ctl.c
--- a/sys/net/npf/npf_ctl.c Mon Aug 11 00:31:22 2014 +0000
+++ b/sys/net/npf/npf_ctl.c Mon Aug 11 01:54:12 2014 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: npf_ctl.c,v 1.37 2014/08/10 19:09:43 rmind Exp $ */
+/* $NetBSD: npf_ctl.c,v 1.38 2014/08/11 01:54:12 rmind Exp $ */
/*-
* Copyright (c) 2009-2014 The NetBSD Foundation, Inc.
@@ -37,7 +37,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: npf_ctl.c,v 1.37 2014/08/10 19:09:43 rmind Exp $");
+__KERNEL_RCSID(0, "$NetBSD: npf_ctl.c,v 1.38 2014/08/11 01:54:12 rmind Exp $");
#include <sys/param.h>
#include <sys/conf.h>
@@ -181,7 +181,6 @@
NPF_ERR_DEBUG(errdict);
break;
}
- prop_dictionary_remove(tbldict, "entries");
}
prop_object_iterator_release(it);
/*
@@ -555,7 +554,6 @@
if (error) {
goto fail;
}
- prop_dictionary_remove(npf_dict, "nat");
/* Tables. */
tables = prop_dictionary_get(npf_dict, "tables");
@@ -597,7 +595,6 @@
if (error) {
goto fail;
}
- prop_dictionary_remove(npf_dict, "conn-list");
}
flush = false;
@@ -606,7 +603,7 @@
/*
* Finally - perform the load.
*/
- npf_config_load(npf_dict, rlset, tblset, nset, rpset, conndb, flush);
+ npf_config_load(rlset, tblset, nset, rpset, conndb, flush);
/* Done. Since data is consumed now, we shall not destroy it. */
tblset = NULL;
@@ -630,9 +627,7 @@
if (tblset) {
npf_tableset_destroy(tblset);
}
- if (error) {
- prop_object_release(npf_dict);
- }
+ prop_object_release(npf_dict);
/* Error report. */
#ifndef _NPF_TESTING
@@ -653,12 +648,15 @@
npfctl_save(u_long cmd, void *data)
{
struct plistref *pref = data;
- prop_array_t conlist, natlist;
- prop_dictionary_t npf_dict;
+ prop_array_t rulelist, natlist, tables, rprocs, conlist;
+ prop_dictionary_t npf_dict = NULL;
int error;
+ rulelist = prop_array_create();
+ natlist = prop_array_create();
+ tables = prop_array_create();
+ rprocs = prop_array_create();
conlist = prop_array_create();
- natlist = prop_array_create();
/*
* Serialise the connections and NAT policies.
@@ -668,21 +666,42 @@
if (error) {
goto out;
}
+ error = npf_ruleset_export(npf_config_ruleset(), rulelist);
+ if (error) {
+ goto out;
+ }
error = npf_ruleset_export(npf_config_natset(), natlist);
if (error) {
goto out;
}
- npf_dict = npf_config_dict();
+ error = npf_tableset_export(npf_config_tableset(), tables);
+ if (error) {
+ goto out;
+ }
+ error = npf_rprocset_export(npf_config_rprocs(), rprocs);
+ if (error) {
+ goto out;
+ }
+ npf_dict = prop_dictionary_create();
+ prop_dictionary_set_uint32(npf_dict, "version", NPF_VERSION);
+ prop_dictionary_set_and_rel(npf_dict, "rules", rulelist);
prop_dictionary_set_and_rel(npf_dict, "nat", natlist);
+ prop_dictionary_set_and_rel(npf_dict, "tables", tables);
+ prop_dictionary_set_and_rel(npf_dict, "rprocs", rprocs);
prop_dictionary_set_and_rel(npf_dict, "conn-list", conlist);
prop_dictionary_set_bool(npf_dict, "active", npf_pfil_registered_p());
error = prop_dictionary_copyout_ioctl(pref, cmd, npf_dict);
out:
npf_config_exit();
- if (error) {
+ if (!npf_dict) {
+ prop_object_release(rulelist);
+ prop_object_release(natlist);
+ prop_object_release(tables);
+ prop_object_release(rprocs);
prop_object_release(conlist);
- prop_object_release(natlist);
+ } else {
+ prop_object_release(npf_dict);
}
return error;
}
diff -r 3e1127356ffe -r 00921d0e155a sys/net/npf/npf_impl.h
--- a/sys/net/npf/npf_impl.h Mon Aug 11 00:31:22 2014 +0000
+++ b/sys/net/npf/npf_impl.h Mon Aug 11 01:54:12 2014 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: npf_impl.h,v 1.57 2014/08/10 19:09:43 rmind Exp $ */
+/* $NetBSD: npf_impl.h,v 1.58 2014/08/11 01:54:12 rmind Exp $ */
/*-
* Copyright (c) 2009-2014 The NetBSD Foundation, Inc.
@@ -149,13 +149,12 @@
int npf_config_read_enter(void);
void npf_config_read_exit(int);
-void npf_config_load(prop_dictionary_t, npf_ruleset_t *,
- npf_tableset_t *, npf_ruleset_t *, npf_rprocset_t *,
- npf_conndb_t *, bool);
+void npf_config_load(npf_ruleset_t *, npf_tableset_t *,
+ npf_ruleset_t *, npf_rprocset_t *, npf_conndb_t *, bool);
npf_ruleset_t * npf_config_ruleset(void);
npf_ruleset_t * npf_config_natset(void);
npf_tableset_t *npf_config_tableset(void);
-prop_dictionary_t npf_config_dict(void);
+npf_rprocset_t *npf_config_rprocs(void);
bool npf_default_pass(void);
int npf_worker_sysinit(void);
@@ -237,7 +236,7 @@
npf_table_t * npf_tableset_getbyname(npf_tableset_t *, const char *);
npf_table_t * npf_tableset_getbyid(npf_tableset_t *, u_int);
void npf_tableset_reload(npf_tableset_t *, npf_tableset_t *);
-void npf_tableset_syncdict(const npf_tableset_t *, prop_dictionary_t);
+int npf_tableset_export(const npf_tableset_t *, prop_array_t);
npf_table_t * npf_table_create(const char *, u_int, int, void *, size_t);
void npf_table_destroy(npf_table_t *);
@@ -292,6 +291,7 @@
void npf_rprocset_destroy(npf_rprocset_t *);
npf_rproc_t * npf_rprocset_lookup(npf_rprocset_t *, const char *);
void npf_rprocset_insert(npf_rprocset_t *, npf_rproc_t *);
+int npf_rprocset_export(const npf_rprocset_t *, prop_array_t);
npf_rproc_t * npf_rproc_create(prop_dictionary_t);
void npf_rproc_acquire(npf_rproc_t *);
diff -r 3e1127356ffe -r 00921d0e155a sys/net/npf/npf_rproc.c
--- a/sys/net/npf/npf_rproc.c Mon Aug 11 00:31:22 2014 +0000
+++ b/sys/net/npf/npf_rproc.c Mon Aug 11 01:54:12 2014 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: npf_rproc.c,v 1.11 2014/07/20 00:37:41 rmind Exp $ */
+/* $NetBSD: npf_rproc.c,v 1.12 2014/08/11 01:54:12 rmind Exp $ */
/*-
* Copyright (c) 2009-2013 The NetBSD Foundation, Inc.
@@ -261,6 +261,22 @@
LIST_INSERT_HEAD(&rpset->rps_list, rp, rp_entry);
}
+int
+npf_rprocset_export(const npf_rprocset_t *rpset, prop_array_t rprocs)
+{
+ prop_dictionary_t rpdict;
+ const npf_rproc_t *rp;
+
+ LIST_FOREACH(rp, &rpset->rps_list, rp_entry) {
+ rpdict = prop_dictionary_create();
+ prop_dictionary_set_cstring(rpdict, "name", rp->rp_name);
+ prop_dictionary_set_uint32(rpdict, "flags", rp->rp_flags);
+ prop_array_add(rprocs, rpdict);
+ prop_object_release(rpdict);
+ }
+ return 0;
+}
+
/*
* npf_rproc_create: construct a new rule procedure, lookup and associate
* the extension calls with it.
Home |
Main Index |
Thread Index |
Old Index