Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src - Convert NPF dynamic rule ID to just incremented 64-bit cou...
details: https://anonhg.NetBSD.org/src/rev/ab57be0999e6
branches: trunk
changeset: 784987:ab57be0999e6
user: rmind <rmind%NetBSD.org@localhost>
date: Sat Feb 16 21:11:12 2013 +0000
description:
- Convert NPF dynamic rule ID to just incremented 64-bit counter.
- Fix multiple bugs. Also, update the man page.
diffstat:
lib/libnpf/npf.c | 15 +--
lib/libnpf/npf.h | 6 +-
sys/net/npf/npf_ctl.c | 15 ++--
sys/net/npf/npf_impl.h | 5 +-
sys/net/npf/npf_ruleset.c | 79 ++++++++++++++++--------
usr.sbin/npf/npfctl/npf_build.c | 7 +-
usr.sbin/npf/npfctl/npf_disassemble.c | 7 +-
usr.sbin/npf/npfctl/npfctl.8 | 11 ++-
usr.sbin/npf/npfctl/npfctl.c | 19 +++--
usr.sbin/npf/npfctl/npfctl.h | 4 +-
usr.sbin/npf/npftest/libnpftest/npf_rule_test.c | 6 +-
11 files changed, 107 insertions(+), 67 deletions(-)
diffs (truncated from 596 to 300 lines):
diff -r 750a0bfe2f5a -r ab57be0999e6 lib/libnpf/npf.c
--- a/lib/libnpf/npf.c Sat Feb 16 18:06:43 2013 +0000
+++ b/lib/libnpf/npf.c Sat Feb 16 21:11:12 2013 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: npf.c,v 1.17 2013/02/10 23:47:37 rmind Exp $ */
+/* $NetBSD: npf.c,v 1.18 2013/02/16 21:11:16 rmind Exp $ */
/*-
* Copyright (c) 2010-2013 The NetBSD Foundation, Inc.
@@ -30,7 +30,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: npf.c,v 1.17 2013/02/10 23:47:37 rmind Exp $");
+__KERNEL_RCSID(0, "$NetBSD: npf.c,v 1.18 2013/02/16 21:11:16 rmind Exp $");
#include <sys/types.h>
#include <netinet/in_systm.h>
@@ -263,25 +263,23 @@
*/
int
-npf_ruleset_add(int fd, const char *rname, nl_rule_t *rl, uintptr_t *id)
+npf_ruleset_add(int fd, const char *rname, nl_rule_t *rl, uint64_t *id)
{
prop_dictionary_t rldict = rl->nrl_dict;
prop_dictionary_t ret;
- uint64_t id64;
int error;
prop_dictionary_set_cstring(rldict, "ruleset-name", rname);
prop_dictionary_set_uint32(rldict, "command", NPF_CMD_RULE_ADD);
error = prop_dictionary_sendrecv_ioctl(rldict, fd, IOC_NPF_RULE, &ret);
if (!error) {
- prop_dictionary_get_uint64(ret, "id", &id64);
- *id = (uintptr_t)id64;
+ prop_dictionary_get_uint64(ret, "id", id);
}
return error;
}
int
-npf_ruleset_remove(int fd, const char *rname, uintptr_t id)
+npf_ruleset_remove(int fd, const char *rname, uint64_t id)
{
prop_dictionary_t rldict;
@@ -291,8 +289,7 @@
}
prop_dictionary_set_cstring(rldict, "ruleset-name", rname);
prop_dictionary_set_uint32(rldict, "command", NPF_CMD_RULE_REMOVE);
- __CTASSERT(sizeof(uintptr_t) <= sizeof(uint64_t));
- prop_dictionary_set_uint64(rldict, "id", (uint64_t)id);
+ prop_dictionary_set_uint64(rldict, "id", id);
return prop_dictionary_send_ioctl(rldict, fd, IOC_NPF_RULE);
}
diff -r 750a0bfe2f5a -r ab57be0999e6 lib/libnpf/npf.h
--- a/lib/libnpf/npf.h Sat Feb 16 18:06:43 2013 +0000
+++ b/lib/libnpf/npf.h Sat Feb 16 21:11:12 2013 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: npf.h,v 1.14 2013/02/10 23:47:38 rmind Exp $ */
+/* $NetBSD: npf.h,v 1.15 2013/02/16 21:11:17 rmind Exp $ */
/*-
* Copyright (c) 2011-2013 The NetBSD Foundation, Inc.
@@ -79,8 +79,8 @@
nl_config_t * npf_config_retrieve(int, bool *, bool *);
int npf_config_flush(int);
-int npf_ruleset_add(int, const char *, nl_rule_t *, uintptr_t *);
-int npf_ruleset_remove(int, const char *, uintptr_t);
+int npf_ruleset_add(int, const char *, nl_rule_t *, uint64_t *);
+int npf_ruleset_remove(int, const char *, uint64_t);
int npf_ruleset_remkey(int, const char *, const void *, size_t);
int npf_ruleset_flush(int, const char *);
diff -r 750a0bfe2f5a -r ab57be0999e6 sys/net/npf/npf_ctl.c
--- a/sys/net/npf/npf_ctl.c Sat Feb 16 18:06:43 2013 +0000
+++ b/sys/net/npf/npf_ctl.c Sat Feb 16 21:11:12 2013 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: npf_ctl.c,v 1.22 2013/02/10 23:47:37 rmind Exp $ */
+/* $NetBSD: npf_ctl.c,v 1.23 2013/02/16 21:11:12 rmind Exp $ */
/*-
* Copyright (c) 2009-2013 The NetBSD Foundation, Inc.
@@ -37,7 +37,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: npf_ctl.c,v 1.22 2013/02/10 23:47:37 rmind Exp $");
+__KERNEL_RCSID(0, "$NetBSD: npf_ctl.c,v 1.23 2013/02/16 21:11:12 rmind Exp $");
#include <sys/param.h>
#include <sys/conf.h>
@@ -558,8 +558,6 @@
return EINVAL;
}
retdict = prop_dictionary_create();
- prop_dictionary_set_uint64(retdict, "id",
- (uint64_t)(uintptr_t)rl);
}
npf_config_enter();
@@ -569,19 +567,20 @@
case NPF_CMD_RULE_ADD: {
if ((error = npf_ruleset_add(rlset, ruleset_name, rl)) == 0) {
/* Success. */
+ uint64_t id = npf_rule_getid(rl);
+ prop_dictionary_set_uint64(retdict, "id", id);
rl = NULL;
}
break;
}
case NPF_CMD_RULE_REMOVE: {
- uint64_t id64;
+ uint64_t id;
- CTASSERT(sizeof(uintptr_t) <= sizeof(uint64_t));
- if (!prop_dictionary_get_uint64(npf_rule, "id", &id64)) {
+ if (!prop_dictionary_get_uint64(npf_rule, "id", &id)) {
error = EINVAL;
break;
}
- error = npf_ruleset_remove(rlset, ruleset_name, (uintptr_t)id64);
+ error = npf_ruleset_remove(rlset, ruleset_name, id);
break;
}
case NPF_CMD_RULE_REMKEY: {
diff -r 750a0bfe2f5a -r ab57be0999e6 sys/net/npf/npf_impl.h
--- a/sys/net/npf/npf_impl.h Sat Feb 16 18:06:43 2013 +0000
+++ b/sys/net/npf/npf_impl.h Sat Feb 16 21:11:12 2013 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: npf_impl.h,v 1.27 2013/02/10 23:47:37 rmind Exp $ */
+/* $NetBSD: npf_impl.h,v 1.28 2013/02/16 21:11:12 rmind Exp $ */
/*-
* Copyright (c) 2009-2013 The NetBSD Foundation, Inc.
@@ -232,7 +232,7 @@
void npf_ruleset_freealg(npf_ruleset_t *, npf_alg_t *);
int npf_ruleset_add(npf_ruleset_t *, const char *, npf_rule_t *);
-int npf_ruleset_remove(npf_ruleset_t *, const char *, uintptr_t);
+int npf_ruleset_remove(npf_ruleset_t *, const char *, uint64_t);
int npf_ruleset_remkey(npf_ruleset_t *, const char *,
const void *, size_t);
prop_dictionary_t npf_ruleset_list(npf_ruleset_t *, const char *);
@@ -248,6 +248,7 @@
void npf_rule_setcode(npf_rule_t *, int, void *, size_t);
void npf_rule_setrproc(npf_rule_t *, npf_rproc_t *);
void npf_rule_free(npf_rule_t *);
+uint64_t npf_rule_getid(const npf_rule_t *);
npf_natpolicy_t *npf_rule_getnat(const npf_rule_t *);
void npf_rule_setnat(npf_rule_t *, npf_natpolicy_t *);
npf_rproc_t * npf_rule_getrproc(npf_rule_t *);
diff -r 750a0bfe2f5a -r ab57be0999e6 sys/net/npf/npf_ruleset.c
--- a/sys/net/npf/npf_ruleset.c Sat Feb 16 18:06:43 2013 +0000
+++ b/sys/net/npf/npf_ruleset.c Sat Feb 16 21:11:12 2013 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: npf_ruleset.c,v 1.18 2013/02/10 23:47:37 rmind Exp $ */
+/* $NetBSD: npf_ruleset.c,v 1.19 2013/02/16 21:11:13 rmind Exp $ */
/*-
* Copyright (c) 2009-2013 The NetBSD Foundation, Inc.
@@ -34,7 +34,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: npf_ruleset.c,v 1.18 2013/02/10 23:47:37 rmind Exp $");
+__KERNEL_RCSID(0, "$NetBSD: npf_ruleset.c,v 1.19 2013/02/16 21:11:13 rmind Exp $");
#include <sys/param.h>
#include <sys/types.h>
@@ -61,6 +61,9 @@
LIST_HEAD(, npf_rule) rs_dynamic;
LIST_HEAD(, npf_rule) rs_gc;
+ /* Unique ID counter. */
+ uint64_t rs_idcnt;
+
/* Number of array slots and active rules. */
u_int rs_slots;
u_int rs_nitems;
@@ -100,7 +103,8 @@
npf_rule_t * r_parent;
} /* C11 */;
- /* Dictionary. */
+ /* Rule ID and the original dictionary. */
+ uint64_t r_id;
prop_dictionary_t r_dict;
/* Rule name and all-list entry. */
@@ -114,6 +118,9 @@
#define NPF_DYNAMIC_GROUP_P(attr) \
(((attr) & NPF_DYNAMIC_GROUP) == NPF_DYNAMIC_GROUP)
+#define NPF_DYNAMIC_RULE_P(attr) \
+ (((attr) & NPF_DYNAMIC_GROUP) == NPF_RULE_DYNAMIC)
+
npf_ruleset_t *
npf_ruleset_create(size_t slots)
{
@@ -121,9 +128,11 @@
npf_ruleset_t *rlset;
rlset = kmem_zalloc(len, KM_SLEEP);
- rlset->rs_slots = slots;
LIST_INIT(&rlset->rs_dynamic);
LIST_INIT(&rlset->rs_all);
+ LIST_INIT(&rlset->rs_gc);
+ rlset->rs_slots = slots;
+
return rlset;
}
@@ -133,7 +142,7 @@
if (NPF_DYNAMIC_GROUP_P(rl->r_attr)) {
LIST_REMOVE(rl, r_dentry);
}
- if ((rl->r_attr & NPF_DYNAMIC_GROUP) == NPF_RULE_DYNAMIC) {
+ if (NPF_DYNAMIC_RULE_P(rl->r_attr)) {
npf_rule_t *rg = rl->r_parent;
TAILQ_REMOVE(&rg->r_subset, rl, r_entry);
}
@@ -201,11 +210,14 @@
rg = npf_ruleset_lookup(rlset, rname);
if (rg == NULL) {
- return ENOENT;
+ return ESRCH;
+ }
+ if (!NPF_DYNAMIC_RULE_P(rl->r_attr)) {
+ return EINVAL;
}
- /* Dynamic rule. */
- rl->r_attr |= NPF_RULE_DYNAMIC;
+ /* Dynamic rule - assign a unique ID and save the parent. */
+ rl->r_id = ++rlset->rs_idcnt;
rl->r_parent = rg;
/*
@@ -248,22 +260,22 @@
}
int
-npf_ruleset_remove(npf_ruleset_t *rlset, const char *rname, uintptr_t id)
+npf_ruleset_remove(npf_ruleset_t *rlset, const char *rname, uint64_t id)
{
npf_rule_t *rg, *rl;
if ((rg = npf_ruleset_lookup(rlset, rname)) == NULL) {
- return ENOENT;
+ return ESRCH;
}
TAILQ_FOREACH(rl, &rg->r_subset, r_entry) {
/* Compare ID. On match, remove and return. */
- if ((uintptr_t)rl == id) {
+ if (rl->r_id == id) {
npf_ruleset_unlink(rlset, rl);
LIST_INSERT_HEAD(&rlset->rs_gc, rl, r_aentry);
- break;
+ return 0;
}
}
- return 0;
+ return ENOENT;
}
int
@@ -275,7 +287,7 @@
KASSERT(len && len <= NPF_RULE_MAXKEYLEN);
if ((rg = npf_ruleset_lookup(rlset, rname)) == NULL) {
- return ENOENT;
+ return ESRCH;
}
/* Find the last in the list. */
@@ -284,10 +296,10 @@
if (memcmp(rl->r_key, key, len) == 0) {
npf_ruleset_unlink(rlset, rl);
LIST_INSERT_HEAD(&rlset->rs_gc, rl, r_aentry);
- break;
+ return 0;
}
}
- return 0;
+ return ENOENT;
}
prop_dictionary_t
@@ -311,9 +323,11 @@
TAILQ_FOREACH(rl, &rg->r_subset, r_entry) {
if (rl->r_dict && !prop_array_add(rules, rl->r_dict)) {
prop_object_release(rldict);
+ prop_object_release(rules);
return NULL;
}
Home |
Main Index |
Thread Index |
Old Index