Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src Implement dynamic NPF extensions interface. An extension co...
details: https://anonhg.NetBSD.org/src/rev/b59a2fb1d8f7
branches: trunk
changeset: 781579:b59a2fb1d8f7
user: rmind <rmind%NetBSD.org@localhost>
date: Sun Sep 16 13:47:41 2012 +0000
description:
Implement dynamic NPF extensions interface. An extension consists of
dynamically loaded module (.so) supplementing npfctl(8) and a kernel
module. Move normalisation and logging functionality into their own
extensions. More improvements to come.
diffstat:
distrib/sets/lists/base/shl.mi | 8 +-
distrib/sets/lists/modules/mi | 6 +-
lib/Makefile | 3 +-
lib/libnpf/Makefile | 6 +-
lib/libnpf/npf.c | 104 ++++++++---
lib/libnpf/npf.h | 19 +-
lib/npf/Makefile | 11 +
lib/npf/Makefile.inc | 8 +
lib/npf/ext_log/Makefile | 13 +
lib/npf/ext_log/npfext_log.c | 75 +++++++++
lib/npf/ext_log/shlib_version | 4 +
lib/npf/ext_normalise/Makefile | 13 +
lib/npf/ext_normalise/npfext_normalise.c | 100 ++++++++++++
lib/npf/ext_normalise/shlib_version | 4 +
sys/modules/Makefile | 4 +-
sys/modules/npf/Makefile | 4 +-
sys/modules/npf_ext_log/Makefile | 11 +
sys/modules/npf_ext_normalise/Makefile | 11 +
sys/net/npf/files.npf | 7 +-
sys/net/npf/npf.c | 18 +-
sys/net/npf/npf.h | 52 ++++-
sys/net/npf/npf_ctl.c | 83 ++++++---
sys/net/npf/npf_ext_log.c | 254 ++++++++++++++++++++++++++++++
sys/net/npf/npf_ext_normalise.c | 255 +++++++++++++++++++++++++++++++
sys/net/npf/npf_handler.c | 9 +-
sys/net/npf/npf_impl.h | 14 +-
sys/net/npf/npf_inet.c | 118 +--------------
sys/net/npf/npf_log.c | 180 ---------------------
sys/net/npf/npf_rproc.c | 229 ++++++++++++++++++++++-----
sys/rump/net/lib/libnpf/Makefile | 10 +-
usr.sbin/npf/npfctl/Makefile | 8 +-
usr.sbin/npf/npfctl/npf_build.c | 81 +++------
usr.sbin/npf/npfctl/npf_extmod.c | 127 +++++++++++++++
usr.sbin/npf/npfctl/npf_parse.y | 75 ++++-----
usr.sbin/npf/npfctl/npf_scan.l | 10 +-
usr.sbin/npf/npfctl/npf_var.h | 32 ++-
usr.sbin/npf/npfctl/npfctl.c | 8 +-
usr.sbin/npf/npfctl/npfctl.h | 28 ++-
38 files changed, 1424 insertions(+), 578 deletions(-)
diffs (truncated from 2825 to 300 lines):
diff -r d903bffc5ca3 -r b59a2fb1d8f7 distrib/sets/lists/base/shl.mi
--- a/distrib/sets/lists/base/shl.mi Sun Sep 16 13:46:49 2012 +0000
+++ b/distrib/sets/lists/base/shl.mi Sun Sep 16 13:47:41 2012 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: shl.mi,v 1.635 2012/08/08 14:08:02 christos Exp $
+# $NetBSD: shl.mi,v 1.636 2012/09/16 13:47:43 rmind Exp $
#
# Note: Don't delete entries from here - mark them as "obsolete" instead,
# unless otherwise stated below.
@@ -726,6 +726,12 @@
./usr/lib/libzpool_pic.a base-zfs-shlib zfs,dynamicroot
./usr/lib/lua/5.1/gpio.so base-sys-shlib
./usr/lib/lua/5.1/sqlite.so base-sys-shlib
+./usr/lib/npf/ext_log.so base-npf-shlib npf
+./usr/lib/npf/ext_log.so.0 base-npf-shlib npf
+./usr/lib/npf/ext_log.so.0.0 base-npf-shlib npf
+./usr/lib/npf/ext_normalise.so base-npf-shlib npf
+./usr/lib/npf/ext_normalise.so.0 base-npf-shlib npf
+./usr/lib/npf/ext_normalise.so.0.0 base-npf-shlib npf
./usr/lib/nss_mdns.so.0 base-obsolete obsolete
./usr/lib/nss_mdnsd.so.0 base-mdns-shlib mdns
./usr/lib/nss_multicast_dns.so.0 base-mdns-shlib mdns
diff -r d903bffc5ca3 -r b59a2fb1d8f7 distrib/sets/lists/modules/mi
--- a/distrib/sets/lists/modules/mi Sun Sep 16 13:46:49 2012 +0000
+++ b/distrib/sets/lists/modules/mi Sun Sep 16 13:47:41 2012 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: mi,v 1.47 2012/08/06 10:44:08 martin Exp $
+# $NetBSD: mi,v 1.48 2012/09/16 13:47:43 rmind Exp $
#
# Note: don't delete entries from here - mark them as "obsolete" instead.
#
@@ -115,6 +115,10 @@
./@MODULEDIR@/npf/npf.kmod base-kernel-modules kmod
./@MODULEDIR@/npf_alg_icmp base-kernel-modules kmod
./@MODULEDIR@/npf_alg_icmp/npf_alg_icmp.kmod base-kernel-modules kmod
+./@MODULEDIR@/npf_ext_log base-kernel-modules kmod
+./@MODULEDIR@/npf_ext_log/npf_ext_log.kmod base-kernel-modules kmod
+./@MODULEDIR@/npf_ext_normalise base-kernel-modules kmod
+./@MODULEDIR@/npf_ext_normalise/npf_ext_normalise.kmod base-kernel-modules kmod
./@MODULEDIR@/ntfs base-kernel-modules kmod
./@MODULEDIR@/ntfs/ntfs.kmod base-kernel-modules kmod
./@MODULEDIR@/null base-kernel-modules kmod
diff -r d903bffc5ca3 -r b59a2fb1d8f7 lib/Makefile
--- a/lib/Makefile Sun Sep 16 13:46:49 2012 +0000
+++ b/lib/Makefile Sun Sep 16 13:47:41 2012 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile,v 1.188 2012/08/17 16:22:27 joerg Exp $
+# $NetBSD: Makefile,v 1.189 2012/09/16 13:47:41 rmind Exp $
# from: @(#)Makefile 5.25.1.1 (Berkeley) 5/7/91
.include <bsd.own.mk>
@@ -110,6 +110,7 @@
.if (${MKNPF} != "no")
SUBDIR+= libnpf # depends on libprop
+SUBDIR+= npf
.endif
.if (${MKCRYPTO} != "no")
diff -r d903bffc5ca3 -r b59a2fb1d8f7 lib/libnpf/Makefile
--- a/lib/libnpf/Makefile Sun Sep 16 13:46:49 2012 +0000
+++ b/lib/libnpf/Makefile Sun Sep 16 13:47:41 2012 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile,v 1.2 2012/03/21 05:37:42 matt Exp $
+# $NetBSD: Makefile,v 1.3 2012/09/16 13:47:42 rmind Exp $
.include <bsd.own.mk>
@@ -14,7 +14,7 @@
LDADD+= -lprop
DPADD+= ${LIBPROP}
-WARNS?= 5
-NOLINT= # defined (note: deliberately)
+WARNS= 5
+NOLINT= # disabled deliberately
.include <bsd.lib.mk>
diff -r d903bffc5ca3 -r b59a2fb1d8f7 lib/libnpf/npf.c
--- a/lib/libnpf/npf.c Sun Sep 16 13:46:49 2012 +0000
+++ b/lib/libnpf/npf.c Sun Sep 16 13:47:41 2012 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: npf.c,v 1.12 2012/08/15 18:44:56 rmind Exp $ */
+/* $NetBSD: npf.c,v 1.13 2012/09/16 13:47:42 rmind Exp $ */
/*-
* Copyright (c) 2010-2012 The NetBSD Foundation, Inc.
@@ -30,7 +30,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: npf.c,v 1.12 2012/08/15 18:44:56 rmind Exp $");
+__KERNEL_RCSID(0, "$NetBSD: npf.c,v 1.13 2012/09/16 13:47:42 rmind Exp $");
#include <sys/types.h>
#include <netinet/in_systm.h>
@@ -78,6 +78,11 @@
prop_dictionary_t ntl_dict;
};
+struct nl_ext {
+ const char * nxt_name;
+ prop_dictionary_t nxt_dict;
+};
+
/*
* CONFIGURATION INTERFACE.
*/
@@ -250,6 +255,43 @@
}
/*
+ * NPF EXTENSION INTERFACE.
+ */
+
+nl_ext_t *
+npf_ext_construct(const char *name)
+{
+ nl_ext_t *ext;
+
+ ext = malloc(sizeof(*ext));
+ if (ext == NULL) {
+ return NULL;
+ }
+ ext->nxt_name = strdup(name);
+ if (ext->nxt_name == NULL) {
+ free(ext);
+ return NULL;
+ }
+ ext->nxt_dict = prop_dictionary_create();
+
+ return ext;
+}
+
+void
+npf_ext_param_u32(nl_ext_t *ext, const char *key, uint32_t val)
+{
+ prop_dictionary_t extdict = ext->nxt_dict;
+ prop_dictionary_set_uint32(extdict, key, val);
+}
+
+void
+npf_ext_param_bool(nl_ext_t *ext, const char *key, bool val)
+{
+ prop_dictionary_t extdict = ext->nxt_dict;
+ prop_dictionary_set_bool(extdict, key, val);
+}
+
+/*
* RULE INTERFACE.
*/
@@ -367,6 +409,7 @@
subrules = prop_dictionary_get(rldict, "subrules");
(void)_npf_rule_foreach1(subrules, nlevel + 1, func);
+ prop_object_release(subrules);
}
prop_object_iterator_release(it);
return 0;
@@ -428,6 +471,7 @@
npf_rproc_create(const char *name)
{
prop_dictionary_t rpdict;
+ prop_array_t extcalls;
nl_rproc_t *nrp;
nrp = malloc(sizeof(nl_rproc_t));
@@ -440,10 +484,36 @@
return NULL;
}
prop_dictionary_set_cstring(rpdict, "name", name);
+
+ extcalls = prop_array_create();
+ if (extcalls == NULL) {
+ prop_object_release(rpdict);
+ free(nrp);
+ return NULL;
+ }
+ prop_dictionary_set(rpdict, "extcalls", extcalls);
+ prop_object_release(extcalls);
+
nrp->nrp_dict = rpdict;
return nrp;
}
+int
+npf_rproc_extcall(nl_rproc_t *rp, nl_ext_t *ext)
+{
+ prop_dictionary_t rpdict = rp->nrp_dict;
+ prop_dictionary_t extdict = ext->nxt_dict;
+ prop_array_t extcalls;
+
+ extcalls = prop_dictionary_get(rpdict, "extcalls");
+ if (_npf_prop_array_lookup(extcalls, "name", ext->nxt_name)) {
+ return EEXIST;
+ }
+ prop_dictionary_set_cstring(extdict, "name", ext->nxt_name);
+ prop_array_add(extcalls, extdict);
+ return 0;
+}
+
bool
npf_rproc_exists_p(nl_config_t *ncf, const char *name)
{
@@ -452,36 +522,6 @@
}
int
-_npf_rproc_setnorm(nl_rproc_t *rp, bool rnd, bool no_df, u_int minttl,
- u_int maxmss)
-{
- prop_dictionary_t rpdict = rp->nrp_dict;
- uint32_t fl = 0;
-
- prop_dictionary_set_bool(rpdict, "randomize-id", rnd);
- prop_dictionary_set_bool(rpdict, "no-df", no_df);
- prop_dictionary_set_uint32(rpdict, "min-ttl", minttl);
- prop_dictionary_set_uint32(rpdict, "max-mss", maxmss);
-
- prop_dictionary_get_uint32(rpdict, "flags", &fl);
- prop_dictionary_set_uint32(rpdict, "flags", fl | NPF_RPROC_NORMALIZE);
- return 0;
-}
-
-int
-_npf_rproc_setlog(nl_rproc_t *rp, u_int if_idx)
-{
- prop_dictionary_t rpdict = rp->nrp_dict;
- uint32_t fl = 0;
-
- prop_dictionary_set_uint32(rpdict, "log-interface", if_idx);
-
- prop_dictionary_get_uint32(rpdict, "flags", &fl);
- prop_dictionary_set_uint32(rpdict, "flags", fl | NPF_RPROC_LOG);
- return 0;
-}
-
-int
npf_rproc_insert(nl_config_t *ncf, nl_rproc_t *rp)
{
prop_dictionary_t rpdict = rp->nrp_dict;
diff -r d903bffc5ca3 -r b59a2fb1d8f7 lib/libnpf/npf.h
--- a/lib/libnpf/npf.h Sun Sep 16 13:46:49 2012 +0000
+++ b/lib/libnpf/npf.h Sun Sep 16 13:47:41 2012 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: npf.h,v 1.10 2012/08/12 03:35:14 rmind Exp $ */
+/* $NetBSD: npf.h,v 1.11 2012/09/16 13:47:42 rmind Exp $ */
/*-
* Copyright (c) 2011-2012 The NetBSD Foundation, Inc.
@@ -35,10 +35,6 @@
#include <sys/types.h>
#include <net/npf.h>
-#ifdef _NPF_TESTING
-#include "testing.h"
-#endif
-
__BEGIN_DECLS
struct nl_config;
@@ -53,6 +49,12 @@
typedef struct nl_rule nl_nat_t;
+typedef struct nl_ext nl_ext_t;
+
+typedef int (*npfext_initfunc_t)(void);
+typedef nl_ext_t *(*npfext_consfunc_t)(const char *);
+typedef int (*npfext_paramfunc_t)(nl_ext_t *, const char *, const char *);
+
#ifdef _NPF_PRIVATE
typedef struct {
@@ -81,6 +83,10 @@
nl_config_t * npf_config_retrieve(int, bool *, bool *);
int npf_config_flush(int);
+nl_ext_t * npf_ext_construct(const char *name);
+void npf_ext_param_u32(nl_ext_t *, const char *, uint32_t);
+void npf_ext_param_bool(nl_ext_t *, const char *, bool);
+
nl_rule_t * npf_rule_create(const char *, uint32_t, u_int);
int npf_rule_setcode(nl_rule_t *, int, const void *, size_t);
int npf_rule_setproc(nl_config_t *, nl_rule_t *, const char *);
@@ -89,6 +95,7 @@
void npf_rule_destroy(nl_rule_t *);
nl_rproc_t * npf_rproc_create(const char *);
+int npf_rproc_extcall(nl_rproc_t *, nl_ext_t *);
bool npf_rproc_exists_p(nl_config_t *, const char *);
int npf_rproc_insert(nl_config_t *, nl_rproc_t *);
@@ -120,8 +127,6 @@
int _npf_nat_foreach(nl_config_t *, nl_rule_callback_t);
void _npf_nat_getinfo(nl_nat_t *, int *, u_int *, npf_addr_t *,
size_t *, in_port_t *);
-int _npf_rproc_setnorm(nl_rproc_t *, bool, bool, u_int, u_int);
-int _npf_rproc_setlog(nl_rproc_t *, u_int);
Home |
Main Index |
Thread Index |
Old Index