Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/netbsd-7]: src Pull up following revision(s) (requested by rmind in tick...
details: https://anonhg.NetBSD.org/src/rev/cb7ac0bf40d4
branches: netbsd-7
changeset: 798301:cb7ac0bf40d4
user: martin <martin%NetBSD.org@localhost>
date: Fri Aug 29 11:14:14 2014 +0000
description:
Pull up following revision(s) (requested by rmind in ticket #56):
sys/net/npf/npf_ctl.c: revision 1.39
usr.sbin/npf/npfctl/npfctl.c: revision 1.43
lib/libnpf/npf.c: revision 1.33
lib/libnpf/npf.c: revision 1.34
sys/net/npf/npf_impl.h: revision 1.59
sys/net/npf/npf_ctl.c: revision 1.40
sys/net/npf/npf_conn.c: revision 1.11
sys/net/npf/npf_alg.c: revision 1.15
sys/net/npf/npf_conn.c: revision 1.12
sys/net/npf/npf_nat.c: revision 1.33
sys/net/npf/npf_nat.c: revision 1.34
Add and use npf_alg_export().
npf_conn_import: handle NAT metadata correctly.
npf_nat_newpolicy: restore the policy ID.
npfctl_load: fix error code handling for the limit cases.
npf_config_import: fix the inverted logic.
npfctl_load: improve error handling.
npf_conn_import: add a missing stat counter increment.
npf_nat_import: add a missing reference and make a comment.
npf_config_submit: finally, include the saved connections.
diffstat:
lib/libnpf/npf.c | 16 +++++++++++-----
sys/net/npf/npf_alg.c | 25 +++++++++++++++++++++++--
sys/net/npf/npf_conn.c | 14 ++++++++++----
sys/net/npf/npf_ctl.c | 30 ++++++++++++++++--------------
sys/net/npf/npf_impl.h | 3 ++-
sys/net/npf/npf_nat.c | 15 +++++++++++----
usr.sbin/npf/npfctl/npfctl.c | 11 ++++++++---
7 files changed, 81 insertions(+), 33 deletions(-)
diffs (truncated from 385 to 300 lines):
diff -r e822569fc3c3 -r cb7ac0bf40d4 lib/libnpf/npf.c
--- a/lib/libnpf/npf.c Fri Aug 29 10:20:16 2014 +0000
+++ b/lib/libnpf/npf.c Fri Aug 29 11:14:14 2014 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: npf.c,v 1.32 2014/08/10 19:09:43 rmind Exp $ */
+/* $NetBSD: npf.c,v 1.32.2.1 2014/08/29 11:14:14 martin Exp $ */
/*-
* Copyright (c) 2010-2014 The NetBSD Foundation, Inc.
@@ -30,7 +30,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: npf.c,v 1.32 2014/08/10 19:09:43 rmind Exp $");
+__KERNEL_RCSID(0, "$NetBSD: npf.c,v 1.32.2.1 2014/08/29 11:14:14 martin Exp $");
#include <sys/types.h>
#include <netinet/in_systm.h>
@@ -69,13 +69,14 @@
};
struct nl_config {
- /* Rules, translations, tables, procedures. */
+ /* Rules, translations, procedures, tables, connections. */
prop_dictionary_t ncf_dict;
prop_array_t ncf_alg_list;
prop_array_t ncf_rules_list;
prop_array_t ncf_rproc_list;
prop_array_t ncf_table_list;
prop_array_t ncf_nat_list;
+ prop_array_t ncf_conn_list;
/* Iterators. */
prop_object_iterator_t ncf_rule_iter;
@@ -153,6 +154,10 @@
prop_dictionary_set(npf_dict, "rprocs", ncf->ncf_rproc_list);
prop_dictionary_set(npf_dict, "tables", ncf->ncf_table_list);
prop_dictionary_set(npf_dict, "nat", ncf->ncf_nat_list);
+ if (ncf->ncf_conn_list) {
+ prop_dictionary_set(npf_dict, "conn-list",
+ ncf->ncf_conn_list);
+ }
prop_dictionary_set_bool(npf_dict, "flush", ncf->ncf_flush);
if (ncf->ncf_debug) {
prop_dictionary_set(npf_dict, "debug", ncf->ncf_debug);
@@ -194,6 +199,7 @@
ncf->ncf_rproc_list = prop_dictionary_get(npf_dict, "rprocs");
ncf->ncf_table_list = prop_dictionary_get(npf_dict, "tables");
ncf->ncf_nat_list = prop_dictionary_get(npf_dict, "nat");
+ ncf->ncf_conn_list = prop_dictionary_get(npf_dict, "conn-list");
return ncf;
}
@@ -237,11 +243,11 @@
nl_config_t *ncf;
npf_dict = prop_dictionary_internalize_from_file(path);
- if (npf_dict) {
+ if (!npf_dict) {
return NULL;
}
ncf = _npf_config_consdict(npf_dict);
- if (ncf == NULL) {
+ if (!ncf) {
prop_object_release(npf_dict);
return NULL;
}
diff -r e822569fc3c3 -r cb7ac0bf40d4 sys/net/npf/npf_alg.c
--- a/sys/net/npf/npf_alg.c Fri Aug 29 10:20:16 2014 +0000
+++ b/sys/net/npf/npf_alg.c Fri Aug 29 11:14:14 2014 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: npf_alg.c,v 1.14 2014/07/20 00:37:41 rmind Exp $ */
+/* $NetBSD: npf_alg.c,v 1.14.2.1 2014/08/29 11:14:14 martin Exp $ */
/*-
* Copyright (c) 2010-2013 The NetBSD Foundation, Inc.
@@ -34,7 +34,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: npf_alg.c,v 1.14 2014/07/20 00:37:41 rmind Exp $");
+__KERNEL_RCSID(0, "$NetBSD: npf_alg.c,v 1.14.2.1 2014/08/29 11:14:14 martin Exp $");
#include <sys/param.h>
#include <sys/types.h>
@@ -244,3 +244,24 @@
pserialize_read_exit(s);
return con;
}
+
+prop_array_t
+npf_alg_export(void)
+{
+ prop_array_t alglist = prop_array_create();
+
+ KASSERT(npf_config_locked_p());
+
+ for (u_int i = 0; i < alg_count; i++) {
+ const npf_alg_t *alg = &alg_list[i];
+
+ if (alg->na_name == NULL) {
+ continue;
+ }
+ prop_dictionary_t algdict = prop_dictionary_create();
+ prop_dictionary_set_cstring(algdict, "name", alg->na_name);
+ prop_array_add(alglist, algdict);
+ prop_object_release(algdict);
+ }
+ return alglist;
+}
diff -r e822569fc3c3 -r cb7ac0bf40d4 sys/net/npf/npf_conn.c
--- a/sys/net/npf/npf_conn.c Fri Aug 29 10:20:16 2014 +0000
+++ b/sys/net/npf/npf_conn.c Fri Aug 29 11:14:14 2014 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: npf_conn.c,v 1.10 2014/08/10 19:09:43 rmind Exp $ */
+/* $NetBSD: npf_conn.c,v 1.10.2.1 2014/08/29 11:14:14 martin Exp $ */
/*-
* Copyright (c) 2014 Mindaugas Rasiukevicius <rmind at netbsd org>
@@ -99,7 +99,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: npf_conn.c,v 1.10 2014/08/10 19:09:43 rmind Exp $");
+__KERNEL_RCSID(0, "$NetBSD: npf_conn.c,v 1.10.2.1 2014/08/29 11:14:14 martin Exp $");
#include <sys/param.h>
#include <sys/types.h>
@@ -899,6 +899,7 @@
con = pool_cache_get(conn_cache, PR_WAITOK);
memset(con, 0, sizeof(npf_conn_t));
mutex_init(&con->c_lock, MUTEX_DEFAULT, IPL_SOFTNET);
+ npf_stats_inc(NPF_STAT_CONN_CREATE);
prop_dictionary_get_uint32(cdict, "proto", &con->c_proto);
prop_dictionary_get_uint32(cdict, "flags", &con->c_flags);
@@ -917,8 +918,11 @@
}
memcpy(&con->c_state, d, sizeof(npf_state_t));
- /* Reconstruct NAT association, if any, or return NULL. */
- con->c_nat = npf_nat_import(cdict, natlist, con);
+ /* Reconstruct NAT association, if any. */
+ if ((obj = prop_dictionary_get(cdict, "nat")) != NULL &&
+ (con->c_nat = npf_nat_import(obj, natlist, con)) == NULL) {
+ goto err;
+ }
/*
* Fetch and copy the keys for each direction.
@@ -949,6 +953,8 @@
npf_conndb_remove(cd, fw);
goto err;
}
+
+ NPF_PRINTF(("NPF: imported conn %p\n", con));
npf_conndb_enqueue(cd, con);
return 0;
err:
diff -r e822569fc3c3 -r cb7ac0bf40d4 sys/net/npf/npf_ctl.c
--- a/sys/net/npf/npf_ctl.c Fri Aug 29 10:20:16 2014 +0000
+++ b/sys/net/npf/npf_ctl.c Fri Aug 29 11:14:14 2014 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: npf_ctl.c,v 1.38 2014/08/11 01:54:12 rmind Exp $ */
+/* $NetBSD: npf_ctl.c,v 1.38.2.1 2014/08/29 11:14:14 martin Exp $ */
/*-
* Copyright (c) 2009-2014 The NetBSD Foundation, Inc.
@@ -37,7 +37,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: npf_ctl.c,v 1.38 2014/08/11 01:54:12 rmind Exp $");
+__KERNEL_RCSID(0, "$NetBSD: npf_ctl.c,v 1.38.2.1 2014/08/29 11:14:14 martin Exp $");
#include <sys/param.h>
#include <sys/conf.h>
@@ -84,7 +84,9 @@
prop_dictionary_t ent;
int error = 0;
- /* Fill all the entries. */
+ if (prop_object_type(entries) != PROP_TYPE_ARRAY) {
+ return EINVAL;
+ }
eit = prop_array_iterator(entries);
while ((ent = prop_object_iterator_next(eit)) != NULL) {
const npf_addr_t *addr;
@@ -148,12 +150,7 @@
}
/* Get the entries or binary data. */
- prop_array_t entries = prop_dictionary_get(tbldict, "entries");
- if (prop_object_type(entries) != PROP_TYPE_ARRAY) {
- NPF_ERR_DEBUG(errdict);
- error = EINVAL;
- break;
- }
+ prop_array_t ents = prop_dictionary_get(tbldict, "entries");
prop_object_t obj = prop_dictionary_get(tbldict, "data");
void *blob = prop_data_data(obj);
size_t size = prop_data_size(obj);
@@ -177,7 +174,7 @@
error = npf_tableset_insert(tblset, t);
KASSERT(error == 0);
- if ((error = npf_mk_table_entries(t, entries)) != 0) {
+ if (ents && (error = npf_mk_table_entries(t, ents)) != 0) {
NPF_ERR_DEBUG(errdict);
break;
}
@@ -462,7 +459,7 @@
prop_dictionary_t condict;
prop_object_iterator_t it;
npf_conndb_t *cd;
- int error;
+ int error = 0;
/* Connection list - array */
if (prop_object_type(conlist) != PROP_TYPE_ARRAY) {
@@ -472,8 +469,6 @@
/* Create a connection database. */
cd = npf_conndb_create();
-
- error = 0;
it = prop_array_iterator(conlist);
while ((condict = prop_object_iterator_next(it)) != NULL) {
/* Connection - dictionary. */
@@ -482,7 +477,7 @@
error = EINVAL;
break;
}
- /* Construct and insert real connection structure. */
+ /* Construct and insert the connection. */
error = npf_conn_import(cd, condict, natlist);
if (error) {
NPF_ERR_DEBUG(errdict);
@@ -546,6 +541,7 @@
/* NAT policies. */
natlist = prop_dictionary_get(npf_dict, "nat");
if ((nitems = prop_array_count(natlist)) > NPF_MAX_RULES) {
+ error = E2BIG;
goto fail;
}
@@ -558,6 +554,7 @@
/* Tables. */
tables = prop_dictionary_get(npf_dict, "tables");
if ((nitems = prop_array_count(tables)) > NPF_MAX_TABLES) {
+ error = E2BIG;
goto fail;
}
tblset = npf_tableset_create(nitems);
@@ -569,6 +566,7 @@
/* Rule procedures. */
rprocs = prop_dictionary_get(npf_dict, "rprocs");
if ((nitems = prop_array_count(rprocs)) > NPF_MAX_RPROCS) {
+ error = E2BIG;
goto fail;
}
rpset = npf_rprocset_create();
@@ -580,6 +578,7 @@
/* Rules. */
rules = prop_dictionary_get(npf_dict, "rules");
if ((nitems = prop_array_count(rules)) > NPF_MAX_RULES) {
+ error = E2BIG;
goto fail;
}
@@ -682,8 +681,11 @@
if (error) {
goto out;
}
+ prop_array_t alglist = npf_alg_export();
+
npf_dict = prop_dictionary_create();
prop_dictionary_set_uint32(npf_dict, "version", NPF_VERSION);
+ prop_dictionary_set_and_rel(npf_dict, "algs", alglist);
prop_dictionary_set_and_rel(npf_dict, "rules", rulelist);
prop_dictionary_set_and_rel(npf_dict, "nat", natlist);
prop_dictionary_set_and_rel(npf_dict, "tables", tables);
diff -r e822569fc3c3 -r cb7ac0bf40d4 sys/net/npf/npf_impl.h
--- a/sys/net/npf/npf_impl.h Fri Aug 29 10:20:16 2014 +0000
+++ b/sys/net/npf/npf_impl.h Fri Aug 29 11:14:14 2014 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: npf_impl.h,v 1.58 2014/08/11 01:54:12 rmind Exp $ */
+/* $NetBSD: npf_impl.h,v 1.58.2.1 2014/08/29 11:14:14 martin Exp $ */
/*-
* Copyright (c) 2009-2014 The NetBSD Foundation, Inc.
@@ -338,6 +338,7 @@
bool npf_alg_match(npf_cache_t *, npf_nat_t *, int);
void npf_alg_exec(npf_cache_t *, npf_nat_t *, bool);
npf_conn_t * npf_alg_conn(npf_cache_t *, int);
+prop_array_t npf_alg_export(void);
/* Debugging routines. */
const char * npf_addr_dump(const npf_addr_t *, int);
diff -r e822569fc3c3 -r cb7ac0bf40d4 sys/net/npf/npf_nat.c
Home |
Main Index |
Thread Index |
Old Index