Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src NPF:
details: https://anonhg.NetBSD.org/src/rev/9c40bfcc65dc
branches: trunk
changeset: 779840:9c40bfcc65dc
user: rmind <rmind%NetBSD.org@localhost>
date: Fri Jun 22 13:43:17 2012 +0000
description:
NPF:
- Rename some functions for consistency and de-inline them.
- Fix few invalid asserts (add regressoin test).
- Use pserialize(9) for ALG interface.
- Minor fixes, sprinkle many comments.
diffstat:
sys/net/npf/npf.c | 12 +-
sys/net/npf/npf.h | 70 +----------
sys/net/npf/npf_alg.c | 68 ++++++---
sys/net/npf/npf_impl.h | 11 +-
sys/net/npf/npf_inet.c | 156 +++++++++++++++++-----
sys/net/npf/npf_instr.c | 6 +-
sys/net/npf/npf_log.c | 31 ++-
sys/net/npf/npf_nat.c | 10 +-
sys/net/npf/npf_sendpkt.c | 14 +-
sys/net/npf/npf_session.c | 5 +-
sys/net/npf/npf_state.c | 26 ++-
sys/net/npf/npf_state_tcp.c | 12 +-
sys/net/npf/npf_tableset.c | 25 ++-
usr.sbin/npf/npftest/libnpftest/npf_table_test.c | 11 +-
14 files changed, 280 insertions(+), 177 deletions(-)
diffs (truncated from 1086 to 300 lines):
diff -r 38e799d243a7 -r 9c40bfcc65dc sys/net/npf/npf.c
--- a/sys/net/npf/npf.c Fri Jun 22 12:45:43 2012 +0000
+++ b/sys/net/npf/npf.c Fri Jun 22 13:43:17 2012 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: npf.c,v 1.10 2012/03/13 18:40:59 elad Exp $ */
+/* $NetBSD: npf.c,v 1.11 2012/06/22 13:43:17 rmind Exp $ */
/*-
* Copyright (c) 2009-2010 The NetBSD Foundation, Inc.
@@ -34,7 +34,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: npf.c,v 1.10 2012/03/13 18:40:59 elad Exp $");
+__KERNEL_RCSID(0, "$NetBSD: npf.c,v 1.11 2012/06/22 13:43:17 rmind Exp $");
#include <sys/param.h>
#include <sys/types.h>
@@ -48,6 +48,7 @@
#include <sys/percpu.h>
#include <sys/rwlock.h>
#include <sys/socketvar.h>
+#include <sys/sysctl.h>
#include <sys/uio.h>
#include "npf_impl.h"
@@ -80,6 +81,7 @@
static krwlock_t npf_lock __cacheline_aligned;
static npf_core_t * npf_core __cacheline_aligned;
static percpu_t * npf_stats_percpu __read_mostly;
+static struct sysctllog * npf_sysctl __read_mostly;
const struct cdevsw npf_cdevsw = {
npf_dev_open, npf_dev_close, npf_dev_read, nowrite, npf_dev_ioctl,
@@ -99,6 +101,8 @@
rw_init(&npf_lock);
npf_stats_percpu = percpu_alloc(NPF_STATS_SIZE);
+ npf_sysctl = NULL;
+
npf_tableset_sysinit();
npf_session_sysinit();
npf_nat_sysinit();
@@ -144,6 +148,10 @@
npf_nat_sysfini();
npf_session_sysfini();
npf_tableset_sysfini();
+
+ if (npf_sysctl) {
+ sysctl_teardown(&npf_sysctl);
+ }
percpu_free(npf_stats_percpu, NPF_STATS_SIZE);
rw_destroy(&npf_lock);
diff -r 38e799d243a7 -r 9c40bfcc65dc sys/net/npf/npf.h
--- a/sys/net/npf/npf.h Fri Jun 22 12:45:43 2012 +0000
+++ b/sys/net/npf/npf.h Fri Jun 22 13:43:17 2012 +0000
@@ -1,7 +1,7 @@
-/* $NetBSD: npf.h,v 1.16 2012/04/14 19:01:21 rmind Exp $ */
+/* $NetBSD: npf.h,v 1.17 2012/06/22 13:43:17 rmind Exp $ */
/*-
- * Copyright (c) 2009-2011 The NetBSD Foundation, Inc.
+ * Copyright (c) 2009-2012 The NetBSD Foundation, Inc.
* All rights reserved.
*
* This material is based upon work partially supported by The
@@ -110,72 +110,6 @@
} npc_l4;
} npf_cache_t;
-static inline void
-npf_generate_mask(npf_addr_t *dst, const npf_netmask_t omask)
-{
- uint_fast8_t length = omask;
-
- /* Note: maximum length is 32 for IPv4 and 128 for IPv6. */
- KASSERT(length <= NPF_MAX_NETMASK);
-
- for (int i = 0; i < 4; i++) {
- if (length >= 32) {
- dst->s6_addr32[i] = htonl(0xffffffff);
- length -= 32;
- } else {
- dst->s6_addr32[i] = htonl(0xffffffff << (32 - length));
- length = 0;
- }
- }
-}
-
-static inline void
-npf_calculate_masked_addr(npf_addr_t *dst, const npf_addr_t *src,
- const npf_netmask_t omask)
-{
- npf_addr_t mask;
-
- npf_generate_mask(&mask, omask);
- for (int i = 0; i < 4; i++) {
- dst->s6_addr32[i] = src->s6_addr32[i] & mask.s6_addr32[i];
- }
-}
-
-/*
- * npf_compare_cidr: compare two addresses, either IPv4 or IPv6.
- *
- * => If the mask is NULL, ignore it.
- */
-static inline int
-npf_compare_cidr(const npf_addr_t *addr1, const npf_netmask_t mask1,
- const npf_addr_t *addr2, const npf_netmask_t mask2)
-{
- npf_addr_t realmask1, realmask2;
-
- if (mask1 != NPF_NO_NETMASK) {
- npf_generate_mask(&realmask1, mask1);
- }
- if (mask2 != NPF_NO_NETMASK) {
- npf_generate_mask(&realmask2, mask2);
- }
- for (int i = 0; i < 4; i++) {
- const uint32_t x = mask1 != NPF_NO_NETMASK ?
- addr1->s6_addr32[i] & realmask1.s6_addr32[i] :
- addr1->s6_addr32[i];
- const uint32_t y = mask2 != NPF_NO_NETMASK ?
- addr2->s6_addr32[i] & realmask2.s6_addr32[i] :
- addr2->s6_addr32[i];
- if (x < y) {
- return -1;
- }
- if (x > y) {
- return 1;
- }
- }
-
- return 0;
-}
-
static inline bool
npf_iscached(const npf_cache_t *npc, const int inf)
{
diff -r 38e799d243a7 -r 9c40bfcc65dc sys/net/npf/npf_alg.c
--- a/sys/net/npf/npf_alg.c Fri Jun 22 12:45:43 2012 +0000
+++ b/sys/net/npf/npf_alg.c Fri Jun 22 13:43:17 2012 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: npf_alg.c,v 1.3 2012/02/20 00:18:19 rmind Exp $ */
+/* $NetBSD: npf_alg.c,v 1.4 2012/06/22 13:43:17 rmind Exp $ */
/*-
* Copyright (c) 2010 The NetBSD Foundation, Inc.
@@ -31,16 +31,17 @@
/*
* NPF interface for application level gateways (ALGs).
- *
- * XXX: locking
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: npf_alg.c,v 1.3 2012/02/20 00:18:19 rmind Exp $");
+__KERNEL_RCSID(0, "$NetBSD: npf_alg.c,v 1.4 2012/06/22 13:43:17 rmind Exp $");
#include <sys/param.h>
+#include <sys/types.h>
+
#include <sys/kmem.h>
-#include <sys/pool.h>
+#include <sys/pserialize.h>
+#include <sys/mutex.h>
#include <net/pfil.h>
#include "npf_impl.h"
@@ -55,12 +56,16 @@
npf_algfunc_t na_seid_func;
};
-static LIST_HEAD(, npf_alg) nat_alg_list __read_mostly;
+static LIST_HEAD(, npf_alg) nat_alg_list __cacheline_aligned;
+static kmutex_t nat_alg_lock __cacheline_aligned;
+static pserialize_t nat_alg_psz __cacheline_aligned;
void
npf_alg_sysinit(void)
{
+ mutex_init(&nat_alg_lock, MUTEX_DEFAULT, IPL_NONE);
+ nat_alg_psz = pserialize_create();
LIST_INIT(&nat_alg_list);
}
@@ -69,6 +74,8 @@
{
KASSERT(LIST_EMPTY(&nat_alg_list));
+ pserialize_destroy(nat_alg_psz);
+ mutex_destroy(&nat_alg_lock);
}
/*
@@ -88,7 +95,11 @@
alg->na_out_func = out;
alg->na_in_func = in;
alg->na_seid_func = seid;
+
+ mutex_enter(&nat_alg_lock);
LIST_INSERT_HEAD(&nat_alg_list, alg, na_entry);
+ mutex_exit(&nat_alg_lock);
+
return alg;
}
@@ -98,17 +109,15 @@
int
npf_alg_unregister(npf_alg_t *alg)
{
- npf_alg_t *it;
- LIST_FOREACH(it, &nat_alg_list, na_entry) {
- if (alg == it)
- break;
- }
- if (it != NULL) {
- LIST_REMOVE(alg, na_entry);
- }
- /* TODO: Flush relevant sessions. */
+ mutex_enter(&nat_alg_lock);
+ LIST_REMOVE(alg, na_entry);
+ pserialize_perform(nat_alg_psz);
+ mutex_exit(&nat_alg_lock);
+
+ npf_nat_freealg(alg);
kmem_free(alg, sizeof(npf_alg_t));
+
return 0;
}
@@ -119,15 +128,20 @@
npf_alg_match(npf_cache_t *npc, nbuf_t *nbuf, npf_nat_t *nt)
{
npf_alg_t *alg;
- npf_algfunc_t func;
+ bool match = false;
+ int s;
+ s = pserialize_read_enter();
LIST_FOREACH(alg, &nat_alg_list, na_entry) {
- func = alg->na_match_func;
+ npf_algfunc_t func = alg->na_match_func;
+
if (func && func(npc, nbuf, nt)) {
- return true;
+ match = true;
+ break;
}
}
- return false;
+ pserialize_read_exit(s);
+ return match;
}
/*
@@ -137,7 +151,9 @@
npf_alg_exec(npf_cache_t *npc, nbuf_t *nbuf, npf_nat_t *nt, const int di)
{
npf_alg_t *alg;
+ int s;
+ s = pserialize_read_enter();
LIST_FOREACH(alg, &nat_alg_list, na_entry) {
if ((di & PFIL_OUT) != 0 && alg->na_out_func != NULL) {
(alg->na_out_func)(npc, nbuf, nt);
@@ -148,19 +164,25 @@
continue;
}
}
+ pserialize_read_exit(s);
}
bool
npf_alg_sessionid(npf_cache_t *npc, nbuf_t *nbuf, npf_cache_t *key)
{
npf_alg_t *alg;
- npf_algfunc_t func;
+ bool nkey = false;
+ int s;
+ s = pserialize_read_enter();
LIST_FOREACH(alg, &nat_alg_list, na_entry) {
- func = alg->na_seid_func;
+ npf_algfunc_t func = alg->na_seid_func;
+
if (func && func(npc, nbuf, (npf_nat_t *)key)) {
- return true;
+ nkey = true;
+ break;
}
}
- return false;
+ pserialize_read_exit(s);
+ return nkey;
}
Home |
Main Index |
Thread Index |
Old Index