Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/netbsd-6]: src Pull up following revision(s) (requested by rmind in tick...
details:   https://anonhg.NetBSD.org/src/rev/b9595c44e3ca
branches:  netbsd-6
changeset: 775632:b9595c44e3ca
user:      riz <riz%NetBSD.org@localhost>
date:      Fri Feb 08 19:18:09 2013 +0000
description:
Pull up following revision(s) (requested by rmind in ticket #777):
        usr.sbin/npf/npfctl/npfctl.c: revision 1.27
        sys/net/npf/npf_session.c: revision 1.19
        usr.sbin/npf/npftest/libnpftest/npf_mbuf_subr.c: revision 1.4
        sys/net/npf/npf_rproc.c: revision 1.5
        usr.sbin/npf/npftest/README: revision 1.3
        sys/sys/mbuf.h: revision 1.151
        sys/net/npf/npf_ruleset.c: revision 1.15
        usr.sbin/npf/npftest/libnpftest/npf_nbuf_test.c: revision 1.3
        sys/net/npf/npf_ruleset.c: revision 1.16
        usr.sbin/npf/npftest/libnpftest/npf_state_test.c: revision 1.4
        usr.sbin/npf/npftest/libnpftest/npf_nbuf_test.c: revision 1.4
        sys/net/npf/npf_inet.c: revision 1.19
        sys/net/npf/npf_instr.c: revision 1.15
        sys/net/npf/npf_handler.c: revision 1.24
        sys/net/npf/npf_handler.c: revision 1.25
        sys/net/npf/npf_state_tcp.c: revision 1.12
        sys/net/npf/npf_processor.c: revision 1.13
        sys/net/npf/npf_impl.h: revision 1.25
        sys/net/npf/npf_processor.c: revision 1.14
        sys/net/npf/npf_mbuf.c: revision 1.10
        sys/net/npf/npf_alg_icmp.c: revision 1.14
        sys/net/npf/npf_mbuf.c: revision 1.9
        usr.sbin/npf/npftest/libnpftest/npf_nat_test.c: revision 1.2
        usr.sbin/npf/npftest/libnpftest/npf_rule_test.c: revision 1.3
        sys/net/npf/npf_session.c: revision 1.20
        sys/net/npf/npf_alg.c: revision 1.6
        sys/kern/uipc_mbuf.c: revision 1.148
        sys/net/npf/npf_inet.c: revision 1.20
        sys/net/npf/npf.h: revision 1.25
        sys/net/npf/npf_nat.c: revision 1.18
        sys/net/npf/npf_state.c: revision 1.13
        sys/net/npf/npf_sendpkt.c: revision 1.13
        sys/net/npf/npf_ext_log.c: revision 1.2
        usr.sbin/npf/npftest/libnpftest/npf_processor_test.c: revision 1.4
        sys/net/npf/npf_ext_normalise.c: revision 1.2
- Rework NPF's nbuf interface: use advancing and ensuring as a main method.
  Eliminate unnecessary copy and simplify.  Adapt regression tests.
- Simplify ICMP ALG a little.  While here, handle ICMP ECHO for traceroute.
- Minor fixes, misc cleanup.
Silence gcc in npf_recache().
Add m_ensure_contig() routine, which is equivalent to m_pullup, but does not
destroy the mbuf chain on failure (it is kept valid).
- nbuf_ensure_contig: rework to use m_ensure_contig(9), which will not free
  the mbuf chain on failure.  Fixes some corner cases.  Improve regression
  test and sprinkle some asserts.
- npf_reassembly: clear nbuf on IPv6 reassembly failure path (partial fix).
  The problem was found and fix provided by Anthony Mallet.
diffstat:
 sys/kern/uipc_mbuf.c                                 |   76 +-
 sys/net/npf/npf.h                                    |   60 +-
 sys/net/npf/npf_alg.c                                |   64 +-
 sys/net/npf/npf_alg_icmp.c                           |  347 +++++++-------
 sys/net/npf/npf_ext_log.c                            |    6 +-
 sys/net/npf/npf_ext_normalise.c                      |   64 +--
 sys/net/npf/npf_handler.c                            |  115 +++-
 sys/net/npf/npf_impl.h                               |   82 +-
 sys/net/npf/npf_inet.c                               |  447 ++++++++----------
 sys/net/npf/npf_instr.c                              |  133 +---
 sys/net/npf/npf_mbuf.c                               |  305 ++++++------
 sys/net/npf/npf_nat.c                                |   51 +-
 sys/net/npf/npf_processor.c                          |   64 +-
 sys/net/npf/npf_rproc.c                              |    7 +-
 sys/net/npf/npf_ruleset.c                            |   15 +-
 sys/net/npf/npf_sendpkt.c                            |   19 +-
 sys/net/npf/npf_session.c                            |  155 +++--
 sys/net/npf/npf_state.c                              |   10 +-
 sys/net/npf/npf_state_tcp.c                          |   13 +-
 sys/sys/mbuf.h                                       |    4 +-
 usr.sbin/npf/npfctl/npfctl.c                         |    8 +-
 usr.sbin/npf/npftest/README                          |    6 +-
 usr.sbin/npf/npftest/libnpftest/npf_mbuf_subr.c      |    7 +-
 usr.sbin/npf/npftest/libnpftest/npf_nat_test.c       |   15 +-
 usr.sbin/npf/npftest/libnpftest/npf_nbuf_test.c      |   80 ++-
 usr.sbin/npf/npftest/libnpftest/npf_processor_test.c |   37 +-
 usr.sbin/npf/npftest/libnpftest/npf_rule_test.c      |   12 +-
 usr.sbin/npf/npftest/libnpftest/npf_state_test.c     |   15 +-
 28 files changed, 1120 insertions(+), 1097 deletions(-)
diffs (truncated from 4181 to 300 lines):
diff -r f0f7b9e87ead -r b9595c44e3ca sys/kern/uipc_mbuf.c
--- a/sys/kern/uipc_mbuf.c      Sat Feb 02 15:44:21 2013 +0000
+++ b/sys/kern/uipc_mbuf.c      Fri Feb 08 19:18:09 2013 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: uipc_mbuf.c,v 1.145 2012/02/10 17:35:47 para Exp $     */
+/*     $NetBSD: uipc_mbuf.c,v 1.145.2.1 2013/02/08 19:18:12 riz Exp $  */
 
 /*-
  * Copyright (c) 1999, 2001 The NetBSD Foundation, Inc.
@@ -62,7 +62,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: uipc_mbuf.c,v 1.145 2012/02/10 17:35:47 para Exp $");
+__KERNEL_RCSID(0, "$NetBSD: uipc_mbuf.c,v 1.145.2.1 2013/02/08 19:18:12 riz Exp $");
 
 #include "opt_mbuftrace.h"
 #include "opt_nmbclusters.h"
@@ -907,21 +907,18 @@
 }
 
 /*
- * Rearrange an mbuf chain so that len bytes are contiguous
- * and in the data area of an mbuf (so that mtod and dtom
- * will work for a structure of size len).  Returns the resulting
- * mbuf chain on success, frees it and returns null on failure.
- * If there is room, it will add up to max_protohdr-len extra bytes to the
- * contiguous region in an attempt to avoid being called next time.
+ * m_ensure_contig: rearrange an mbuf chain that given length of bytes
+ * would be contiguous and in the data area of an mbuf (therefore, mtod()
+ * would work for a structure of given length).
+ *
+ * => On success, returns true and the resulting mbuf chain; false otherwise.
+ * => The mbuf chain may change, but is always preserved valid.
  */
-int MPFail;
-
-struct mbuf *
-m_pullup(struct mbuf *n, int len)
+bool
+m_ensure_contig(struct mbuf **m0, int len)
 {
-       struct mbuf *m;
-       int count;
-       int space;
+       struct mbuf *n = *m0, *m;
+       size_t count, space;
 
        /*
         * If first mbuf has no cluster, and has room for len bytes
@@ -930,17 +927,20 @@
         */
        if ((n->m_flags & M_EXT) == 0 &&
            n->m_data + len < &n->m_dat[MLEN] && n->m_next) {
-               if (n->m_len >= len)
-                       return (n);
+               if (n->m_len >= len) {
+                       return true;
+               }
                m = n;
                n = n->m_next;
                len -= m->m_len;
        } else {
-               if (len > MHLEN)
-                       goto bad;
+               if (len > MHLEN) {
+                       return false;
+               }
                MGET(m, M_DONTWAIT, n->m_type);
-               if (m == 0)
-                       goto bad;
+               if (m == NULL) {
+                       return false;
+               }
                MCLAIM(m, n->m_owner);
                m->m_len = 0;
                if (n->m_flags & M_PKTHDR) {
@@ -949,7 +949,7 @@
        }
        space = &m->m_dat[MLEN] - (m->m_data + m->m_len);
        do {
-               count = min(min(max(len, max_protohdr), space), n->m_len);
+               count = MIN(MIN(MAX(len, max_protohdr), space), n->m_len);
                memcpy(mtod(m, char *) + m->m_len, mtod(n, void *),
                  (unsigned)count);
                len -= count;
@@ -961,16 +961,30 @@
                else
                        n = m_free(n);
        } while (len > 0 && n);
-       if (len > 0) {
-               (void) m_free(m);
-               goto bad;
-       }
+
        m->m_next = n;
-       return (m);
-bad:
-       m_freem(n);
-       MPFail++;
-       return (NULL);
+       *m0 = m;
+
+       return len <= 0;
+}
+
+/*
+ * m_pullup: same as m_ensure_contig(), but destroys mbuf chain on error.
+ */
+int MPFail;
+
+struct mbuf *
+m_pullup(struct mbuf *n, int len)
+{
+       struct mbuf *m = n;
+
+       if (!m_ensure_contig(&m, len)) {
+               KASSERT(m != NULL);
+               m_freem(m);
+               MPFail++;
+               m = NULL;
+       }
+       return m;
 }
 
 /*
diff -r f0f7b9e87ead -r b9595c44e3ca sys/net/npf/npf.h
--- a/sys/net/npf/npf.h Sat Feb 02 15:44:21 2013 +0000
+++ b/sys/net/npf/npf.h Fri Feb 08 19:18:09 2013 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: npf.h,v 1.14.2.10 2013/01/07 16:51:08 riz Exp $        */
+/*     $NetBSD: npf.h,v 1.14.2.11 2013/02/08 19:18:11 riz Exp $        */
 
 /*-
  * Copyright (c) 2009-2012 The NetBSD Foundation, Inc.
@@ -69,6 +69,7 @@
 /*
  * Packet information cache.
  */
+#include <net/if.h>
 #include <netinet/ip.h>
 #include <netinet/ip6.h>
 #include <netinet/tcp.h>
@@ -86,6 +87,8 @@
 #define        NPC_ICMP        0x40    /* ICMP header. */
 #define        NPC_ICMP_ID     0x80    /* ICMP with query ID. */
 
+#define        NPC_ALG_EXEC    0x100   /* ALG execution. */
+
 #define        NPC_IP46        (NPC_IP4|NPC_IP6)
 
 typedef struct {
@@ -95,20 +98,21 @@
        npf_addr_t *            npc_srcip;
        npf_addr_t *            npc_dstip;
        /* Size (v4 or v6) of IP addresses. */
-       int                     npc_alen;
-       u_int                   npc_hlen;
-       int                     npc_next_proto;
+       uint8_t                 npc_alen;
+       uint8_t                 npc_hlen;
+       uint16_t                npc_proto;
        /* IPv4, IPv6. */
        union {
-               struct ip       v4;
-               struct ip6_hdr  v6;
+               struct ip *             v4;
+               struct ip6_hdr *        v6;
        } npc_ip;
        /* TCP, UDP, ICMP. */
        union {
-               struct tcphdr           tcp;
-               struct udphdr           udp;
-               struct icmp             icmp;
-               struct icmp6_hdr        icmp6;
+               struct tcphdr *         tcp;
+               struct udphdr *         udp;
+               struct icmp *           icmp;
+               struct icmp6_hdr *      icmp6;
+               void *                  hdr;
        } npc_l4;
 } npf_cache_t;
 
@@ -123,7 +127,7 @@
 npf_cache_ipproto(const npf_cache_t *npc)
 {
        KASSERT(npf_iscached(npc, NPC_IP46));
-       return npc->npc_next_proto;
+       return npc->npc_proto;
 }
 
 static inline u_int
@@ -137,16 +141,31 @@
  * Network buffer interface.
  */
 
-typedef void   nbuf_t;
+#define        NBUF_DATAREF_RESET      0x01
+
+typedef struct {
+       struct mbuf *   nb_mbuf0;
+       struct mbuf *   nb_mbuf;
+       void *          nb_nptr;
+       const ifnet_t * nb_ifp;
+       int             nb_flags;
+} nbuf_t;
 
-void *         nbuf_dataptr(void *);
-void *         nbuf_advance(nbuf_t **, void *, u_int);
-int            nbuf_advfetch(nbuf_t **, void **, u_int, size_t, void *);
-int            nbuf_advstore(nbuf_t **, void **, u_int, size_t, void *);
-int            nbuf_fetch_datum(nbuf_t *, void *, size_t, void *);
-int            nbuf_store_datum(nbuf_t *, void *, size_t, void *);
+void           nbuf_init(nbuf_t *, struct mbuf *, const ifnet_t *);
+void           nbuf_reset(nbuf_t *);
+struct mbuf *  nbuf_head_mbuf(nbuf_t *);
+
+bool           nbuf_flag_p(const nbuf_t *, int);
+void           nbuf_unset_flag(nbuf_t *, int);
 
-void           nbuf_cksum_barrier(nbuf_t *);
+void *         nbuf_dataptr(nbuf_t *);
+size_t         nbuf_offset(const nbuf_t *);
+void *         nbuf_advance(nbuf_t *, size_t, size_t);
+
+void *         nbuf_ensure_contig(nbuf_t *, size_t);
+void *         nbuf_ensure_writable(nbuf_t *, size_t);
+
+bool           nbuf_cksum_barrier(nbuf_t *, int);
 int            nbuf_add_tag(nbuf_t *, uint32_t, uint32_t);
 int            nbuf_find_tag(nbuf_t *, uint32_t, void **);
 
@@ -264,6 +283,9 @@
        NPF_STAT_REASSFAIL,
        /* Other errors. */
        NPF_STAT_ERROR,
+       /* nbuf non-contiguous cases. */
+       NPF_STAT_NBUF_NONCONTIG,
+       NPF_STAT_NBUF_CONTIG_FAIL,
        /* Count (last). */
        NPF_STATS_COUNT
 } npf_stats_t;
diff -r f0f7b9e87ead -r b9595c44e3ca sys/net/npf/npf_alg.c
--- a/sys/net/npf/npf_alg.c     Sat Feb 02 15:44:21 2013 +0000
+++ b/sys/net/npf/npf_alg.c     Fri Feb 08 19:18:09 2013 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: npf_alg.c,v 1.2.16.3 2012/07/16 22:13:26 riz Exp $     */
+/*     $NetBSD: npf_alg.c,v 1.2.16.4 2013/02/08 19:18:11 riz Exp $     */
 
 /*-
  * Copyright (c) 2010 The NetBSD Foundation, Inc.
@@ -34,7 +34,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: npf_alg.c,v 1.2.16.3 2012/07/16 22:13:26 riz Exp $");
+__KERNEL_RCSID(0, "$NetBSD: npf_alg.c,v 1.2.16.4 2013/02/08 19:18:11 riz Exp $");
 
 #include <sys/param.h>
 #include <sys/types.h>
@@ -48,17 +48,16 @@
 
 /* NAT ALG structure for registration. */
 struct npf_alg {
-       LIST_ENTRY(npf_alg)             na_entry;
-       npf_alg_t *                     na_bptr;
-       npf_algfunc_t                   na_match_func;
-       npf_algfunc_t                   na_out_func;
-       npf_algfunc_t                   na_in_func;
-       npf_algfunc_t                   na_seid_func;
+       LIST_ENTRY(npf_alg)     na_entry;
+       npf_alg_t *             na_bptr;
+       npf_alg_func_t          na_match_func;
+       npf_alg_func_t          na_tr_func;
+       npf_alg_sfunc_t         na_se_func;
 };
 
-static LIST_HEAD(, npf_alg)            nat_alg_list    __cacheline_aligned;
-static kmutex_t                                nat_alg_lock    __cacheline_aligned;
-static pserialize_t                    nat_alg_psz     __cacheline_aligned;
+static LIST_HEAD(, npf_alg)    nat_alg_list    __cacheline_aligned;
+static kmutex_t                        nat_alg_lock    __cacheline_aligned;
+static pserialize_t            nat_alg_psz     __cacheline_aligned;
 
 void
 npf_alg_sysinit(void)
@@ -84,17 +83,16 @@
  * XXX: Protected by module lock, but unify serialisation later.
  */
 npf_alg_t *
-npf_alg_register(npf_algfunc_t match, npf_algfunc_t out, npf_algfunc_t in,
-    npf_algfunc_t seid)
+npf_alg_register(npf_alg_func_t mfunc, npf_alg_func_t tfunc,
+    npf_alg_sfunc_t sfunc)
 {
        npf_alg_t *alg;
 
        alg = kmem_zalloc(sizeof(npf_alg_t), KM_SLEEP);
        alg->na_bptr = alg;
-       alg->na_match_func = match;
Home |
Main Index |
Thread Index |
Old Index