Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src - Rework NPF's nbuf interface: use advancing and ensuring as...
details: https://anonhg.NetBSD.org/src/rev/d75a6804a5ba
branches: trunk
changeset: 783483:d75a6804a5ba
user: rmind <rmind%NetBSD.org@localhost>
date: Mon Dec 24 19:05:42 2012 +0000
description:
- Rework NPF's nbuf interface: use advancing and ensuring as a main method.
Eliminate unnecessary copy and simplify. Adapt regression tests.
- Simplify ICMP ALG a little. While here, handle ICMP ECHO for traceroute.
- Minor fixes, misc cleanup.
diffstat:
sys/net/npf/npf.h | 60 +-
sys/net/npf/npf_alg.c | 64 +-
sys/net/npf/npf_alg_icmp.c | 347 +++++++-------
sys/net/npf/npf_ext_log.c | 6 +-
sys/net/npf/npf_ext_normalise.c | 64 +--
sys/net/npf/npf_handler.c | 112 ++-
sys/net/npf/npf_impl.h | 82 +-
sys/net/npf/npf_inet.c | 447 ++++++++----------
sys/net/npf/npf_instr.c | 133 +---
sys/net/npf/npf_mbuf.c | 301 ++++++------
sys/net/npf/npf_nat.c | 51 +-
sys/net/npf/npf_processor.c | 63 +-
sys/net/npf/npf_ruleset.c | 12 +-
sys/net/npf/npf_sendpkt.c | 19 +-
sys/net/npf/npf_session.c | 150 +++--
sys/net/npf/npf_state.c | 10 +-
sys/net/npf/npf_state_tcp.c | 13 +-
usr.sbin/npf/npfctl/npfctl.c | 8 +-
usr.sbin/npf/npftest/README | 6 +-
usr.sbin/npf/npftest/libnpftest/npf_mbuf_subr.c | 7 +-
usr.sbin/npf/npftest/libnpftest/npf_nat_test.c | 15 +-
usr.sbin/npf/npftest/libnpftest/npf_nbuf_test.c | 59 +-
usr.sbin/npf/npftest/libnpftest/npf_processor_test.c | 37 +-
usr.sbin/npf/npftest/libnpftest/npf_rule_test.c | 12 +-
usr.sbin/npf/npftest/libnpftest/npf_state_test.c | 15 +-
25 files changed, 1029 insertions(+), 1064 deletions(-)
diffs (truncated from 3951 to 300 lines):
diff -r 71ef2ae3d461 -r d75a6804a5ba sys/net/npf/npf.h
--- a/sys/net/npf/npf.h Mon Dec 24 14:50:04 2012 +0000
+++ b/sys/net/npf/npf.h Mon Dec 24 19:05:42 2012 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: npf.h,v 1.24 2012/12/23 21:01:03 rmind Exp $ */
+/* $NetBSD: npf.h,v 1.25 2012/12/24 19:05:42 rmind Exp $ */
/*-
* Copyright (c) 2009-2012 The NetBSD Foundation, Inc.
@@ -69,6 +69,7 @@
/*
* Packet information cache.
*/
+#include <net/if.h>
#include <netinet/ip.h>
#include <netinet/ip6.h>
#include <netinet/tcp.h>
@@ -86,6 +87,8 @@
#define NPC_ICMP 0x40 /* ICMP header. */
#define NPC_ICMP_ID 0x80 /* ICMP with query ID. */
+#define NPC_ALG_EXEC 0x100 /* ALG execution. */
+
#define NPC_IP46 (NPC_IP4|NPC_IP6)
typedef struct {
@@ -95,20 +98,21 @@
npf_addr_t * npc_srcip;
npf_addr_t * npc_dstip;
/* Size (v4 or v6) of IP addresses. */
- int npc_alen;
- u_int npc_hlen;
- int npc_next_proto;
+ uint8_t npc_alen;
+ uint8_t npc_hlen;
+ uint16_t npc_proto;
/* IPv4, IPv6. */
union {
- struct ip v4;
- struct ip6_hdr v6;
+ struct ip * v4;
+ struct ip6_hdr * v6;
} npc_ip;
/* TCP, UDP, ICMP. */
union {
- struct tcphdr tcp;
- struct udphdr udp;
- struct icmp icmp;
- struct icmp6_hdr icmp6;
+ struct tcphdr * tcp;
+ struct udphdr * udp;
+ struct icmp * icmp;
+ struct icmp6_hdr * icmp6;
+ void * hdr;
} npc_l4;
} npf_cache_t;
@@ -123,7 +127,7 @@
npf_cache_ipproto(const npf_cache_t *npc)
{
KASSERT(npf_iscached(npc, NPC_IP46));
- return npc->npc_next_proto;
+ return npc->npc_proto;
}
static inline u_int
@@ -137,16 +141,31 @@
* Network buffer interface.
*/
-typedef void nbuf_t;
+#define NBUF_DATAREF_RESET 0x01
+
+typedef struct {
+ struct mbuf * nb_mbuf0;
+ struct mbuf * nb_mbuf;
+ void * nb_nptr;
+ const ifnet_t * nb_ifp;
+ int nb_flags;
+} nbuf_t;
-void * nbuf_dataptr(void *);
-void * nbuf_advance(nbuf_t **, void *, u_int);
-int nbuf_advfetch(nbuf_t **, void **, u_int, size_t, void *);
-int nbuf_advstore(nbuf_t **, void **, u_int, size_t, void *);
-int nbuf_fetch_datum(nbuf_t *, void *, size_t, void *);
-int nbuf_store_datum(nbuf_t *, void *, size_t, void *);
+void nbuf_init(nbuf_t *, struct mbuf *, const ifnet_t *);
+void nbuf_reset(nbuf_t *);
+struct mbuf * nbuf_head_mbuf(nbuf_t *);
+
+bool nbuf_flag_p(const nbuf_t *, int);
+void nbuf_unset_flag(nbuf_t *, int);
-void nbuf_cksum_barrier(nbuf_t *);
+void * nbuf_dataptr(nbuf_t *);
+size_t nbuf_offset(const nbuf_t *);
+void * nbuf_advance(nbuf_t *, size_t, size_t);
+
+void * nbuf_ensure_contig(nbuf_t *, size_t);
+void * nbuf_ensure_writable(nbuf_t *, size_t);
+
+bool nbuf_cksum_barrier(nbuf_t *, int);
int nbuf_add_tag(nbuf_t *, uint32_t, uint32_t);
int nbuf_find_tag(nbuf_t *, uint32_t, void **);
@@ -264,6 +283,9 @@
NPF_STAT_REASSFAIL,
/* Other errors. */
NPF_STAT_ERROR,
+ /* nbuf non-contiguous cases. */
+ NPF_STAT_NBUF_NONCONTIG,
+ NPF_STAT_NBUF_CONTIG_FAIL,
/* Count (last). */
NPF_STATS_COUNT
} npf_stats_t;
diff -r 71ef2ae3d461 -r d75a6804a5ba sys/net/npf/npf_alg.c
--- a/sys/net/npf/npf_alg.c Mon Dec 24 14:50:04 2012 +0000
+++ b/sys/net/npf/npf_alg.c Mon Dec 24 19:05:42 2012 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: npf_alg.c,v 1.5 2012/07/15 00:23:00 rmind Exp $ */
+/* $NetBSD: npf_alg.c,v 1.6 2012/12/24 19:05:42 rmind Exp $ */
/*-
* Copyright (c) 2010 The NetBSD Foundation, Inc.
@@ -34,7 +34,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: npf_alg.c,v 1.5 2012/07/15 00:23:00 rmind Exp $");
+__KERNEL_RCSID(0, "$NetBSD: npf_alg.c,v 1.6 2012/12/24 19:05:42 rmind Exp $");
#include <sys/param.h>
#include <sys/types.h>
@@ -48,17 +48,16 @@
/* NAT ALG structure for registration. */
struct npf_alg {
- LIST_ENTRY(npf_alg) na_entry;
- npf_alg_t * na_bptr;
- npf_algfunc_t na_match_func;
- npf_algfunc_t na_out_func;
- npf_algfunc_t na_in_func;
- npf_algfunc_t na_seid_func;
+ LIST_ENTRY(npf_alg) na_entry;
+ npf_alg_t * na_bptr;
+ npf_alg_func_t na_match_func;
+ npf_alg_func_t na_tr_func;
+ npf_alg_sfunc_t na_se_func;
};
-static LIST_HEAD(, npf_alg) nat_alg_list __cacheline_aligned;
-static kmutex_t nat_alg_lock __cacheline_aligned;
-static pserialize_t nat_alg_psz __cacheline_aligned;
+static LIST_HEAD(, npf_alg) nat_alg_list __cacheline_aligned;
+static kmutex_t nat_alg_lock __cacheline_aligned;
+static pserialize_t nat_alg_psz __cacheline_aligned;
void
npf_alg_sysinit(void)
@@ -84,17 +83,16 @@
* XXX: Protected by module lock, but unify serialisation later.
*/
npf_alg_t *
-npf_alg_register(npf_algfunc_t match, npf_algfunc_t out, npf_algfunc_t in,
- npf_algfunc_t seid)
+npf_alg_register(npf_alg_func_t mfunc, npf_alg_func_t tfunc,
+ npf_alg_sfunc_t sfunc)
{
npf_alg_t *alg;
alg = kmem_zalloc(sizeof(npf_alg_t), KM_SLEEP);
alg->na_bptr = alg;
- alg->na_match_func = match;
- alg->na_out_func = out;
- alg->na_in_func = in;
- alg->na_seid_func = seid;
+ alg->na_match_func = mfunc;
+ alg->na_tr_func = tfunc;
+ alg->na_se_func = sfunc;
mutex_enter(&nat_alg_lock);
LIST_INSERT_HEAD(&nat_alg_list, alg, na_entry);
@@ -127,7 +125,7 @@
* npf_alg_match: call ALG matching inspectors, determine if any ALG matches.
*/
bool
-npf_alg_match(npf_cache_t *npc, nbuf_t *nbuf, npf_nat_t *nt)
+npf_alg_match(npf_cache_t *npc, nbuf_t *nbuf, npf_nat_t *nt, int di)
{
npf_alg_t *alg;
bool match = false;
@@ -135,9 +133,9 @@
s = pserialize_read_enter();
LIST_FOREACH(alg, &nat_alg_list, na_entry) {
- npf_algfunc_t func = alg->na_match_func;
+ npf_alg_func_t func = alg->na_match_func;
- if (func && func(npc, nbuf, nt)) {
+ if (func && func(npc, nbuf, nt, di)) {
match = true;
break;
}
@@ -150,41 +148,37 @@
* npf_alg_exec: execute ALG hooks for translation.
*/
void
-npf_alg_exec(npf_cache_t *npc, nbuf_t *nbuf, npf_nat_t *nt, const int di)
+npf_alg_exec(npf_cache_t *npc, nbuf_t *nbuf, npf_nat_t *nt, int di)
{
npf_alg_t *alg;
int s;
s = pserialize_read_enter();
LIST_FOREACH(alg, &nat_alg_list, na_entry) {
- if ((di & PFIL_OUT) != 0 && alg->na_out_func != NULL) {
- (alg->na_out_func)(npc, nbuf, nt);
- continue;
- }
- if ((di & PFIL_IN) != 0 && alg->na_in_func != NULL) {
- (alg->na_in_func)(npc, nbuf, nt);
- continue;
+ npf_alg_func_t func;
+
+ if ((func = alg->na_tr_func) != NULL) {
+ (func)(npc, nbuf, nt, di);
}
}
pserialize_read_exit(s);
}
-bool
-npf_alg_sessionid(npf_cache_t *npc, nbuf_t *nbuf, npf_cache_t *key)
+npf_session_t *
+npf_alg_session(npf_cache_t *npc, nbuf_t *nbuf, int di)
{
+ npf_session_t *se = NULL;
npf_alg_t *alg;
- bool nkey = false;
int s;
s = pserialize_read_enter();
LIST_FOREACH(alg, &nat_alg_list, na_entry) {
- npf_algfunc_t func = alg->na_seid_func;
+ npf_alg_sfunc_t func = alg->na_se_func;
- if (func && func(npc, nbuf, (npf_nat_t *)key)) {
- nkey = true;
+ if (func && (se = func(npc, nbuf, di)) != NULL) {
break;
}
}
pserialize_read_exit(s);
- return nkey;
+ return se;
}
diff -r 71ef2ae3d461 -r d75a6804a5ba sys/net/npf/npf_alg_icmp.c
--- a/sys/net/npf/npf_alg_icmp.c Mon Dec 24 14:50:04 2012 +0000
+++ b/sys/net/npf/npf_alg_icmp.c Mon Dec 24 19:05:42 2012 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: npf_alg_icmp.c,v 1.13 2012/09/16 13:44:14 rmind Exp $ */
+/* $NetBSD: npf_alg_icmp.c,v 1.14 2012/12/24 19:05:42 rmind Exp $ */
/*-
* Copyright (c) 2010 The NetBSD Foundation, Inc.
@@ -34,7 +34,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: npf_alg_icmp.c,v 1.13 2012/09/16 13:44:14 rmind Exp $");
+__KERNEL_RCSID(0, "$NetBSD: npf_alg_icmp.c,v 1.14 2012/12/24 19:05:42 rmind Exp $");
#include <sys/param.h>
#include <sys/module.h>
@@ -57,18 +57,18 @@
* Traceroute criteria.
*
* IANA assigned base port: 33434. However, common practice is to increase
- * the port, thus monitor [33434-33484] range. Additional filter is TTL < 50.
+ * the port, thus monitor [33434-33484] range. Additional filter is low TTL.
*/
#define TR_BASE_PORT 33434
#define TR_PORT_RANGE 33484
-#define TR_MAX_TTL 50
+#define TR_MAX_TTL 48
static npf_alg_t * alg_icmp __read_mostly;
-static bool npfa_icmp_match(npf_cache_t *, nbuf_t *, void *);
-static bool npfa_icmp_natin(npf_cache_t *, nbuf_t *, void *);
-static bool npfa_icmp_session(npf_cache_t *, nbuf_t *, void *);
+static bool npfa_icmp_match(npf_cache_t *, nbuf_t *, npf_nat_t *, int);
+static bool npfa_icmp_nat(npf_cache_t *, nbuf_t *, npf_nat_t *, int);
+static npf_session_t *npfa_icmp_session(npf_cache_t *, nbuf_t *, int);
/*
* npf_alg_icmp_{init,fini,modcmd}: ICMP ALG initialization, destruction
@@ -79,8 +79,8 @@
Home |
Main Index |
Thread Index |
Old Index