Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src NPF: add support for specifying the interfaces before they a...
details: https://anonhg.NetBSD.org/src/rev/634440aafc1a
branches: trunk
changeset: 791192:634440aafc1a
user: rmind <rmind%NetBSD.org@localhost>
date: Fri Nov 08 00:38:26 2013 +0000
description:
NPF: add support for specifying the interfaces before they are attached.
If an interface is or gets detached, all associated rules and connections
will be deactivated (it might be useful to have an option to invalidate
the associated connections). Once the interface is reattached they will
become active.
Bump NPF_VERSION.
diffstat:
lib/libnpf/npf.3 | 20 +-
lib/libnpf/npf.c | 63 ++------
lib/libnpf/npf.h | 11 +-
sys/modules/npf/Makefile | 11 +-
sys/net/npf/files.npf | 3 +-
sys/net/npf/npf.c | 7 +-
sys/net/npf/npf.h | 5 +-
sys/net/npf/npf_conf.c | 13 +-
sys/net/npf/npf_ctl.c | 8 +-
sys/net/npf/npf_handler.c | 77 ++++++---
sys/net/npf/npf_if.c | 177 +++++++++++++++++++++++
sys/net/npf/npf_impl.h | 13 +-
sys/net/npf/npf_mbuf.c | 8 +-
sys/net/npf/npf_ruleset.c | 18 +-
sys/net/npf/npf_session.c | 16 +-
sys/rump/net/lib/libnpf/Makefile | 12 +-
usr.sbin/npf/npfctl/npf_build.c | 50 ++---
usr.sbin/npf/npfctl/npf_data.c | 47 +++++-
usr.sbin/npf/npfctl/npf_parse.y | 44 ++--
usr.sbin/npf/npfctl/npf_show.c | 19 +-
usr.sbin/npf/npfctl/npfctl.h | 20 +-
usr.sbin/npf/npftest/libnpftest/npf_bpf_test.c | 4 +-
usr.sbin/npf/npftest/libnpftest/npf_nbuf_test.c | 4 +-
usr.sbin/npf/npftest/libnpftest/npf_state_test.c | 4 +-
usr.sbin/npf/npftest/libnpftest/npf_test.h | 7 +-
usr.sbin/npf/npftest/libnpftest/npf_test_subr.c | 38 ++--
usr.sbin/npf/npftest/npfstream.c | 10 +-
usr.sbin/npf/npftest/npftest.c | 21 +-
usr.sbin/npf/npftest/npftest.h | 10 +-
29 files changed, 484 insertions(+), 256 deletions(-)
diffs (truncated from 1808 to 300 lines):
diff -r cf1482920929 -r 634440aafc1a lib/libnpf/npf.3
--- a/lib/libnpf/npf.3 Thu Nov 07 21:45:04 2013 +0000
+++ b/lib/libnpf/npf.3 Fri Nov 08 00:38:26 2013 +0000
@@ -1,4 +1,4 @@
-.\" $NetBSD: npf.3,v 1.9 2013/09/19 17:29:06 rmind Exp $
+.\" $NetBSD: npf.3,v 1.10 2013/11/08 00:38:27 rmind Exp $
.\"
.\" Copyright (c) 2011-2013 The NetBSD Foundation, Inc.
.\" All rights reserved.
@@ -27,7 +27,7 @@
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
.\" POSSIBILITY OF SUCH DAMAGE.
.\"
-.Dd September 19, 2013
+.Dd November 7, 2013
.Dt NPF 3
.Os
.Sh NAME
@@ -48,7 +48,7 @@
.Fn npf_config_flush "int fd"
.\" ---
.Ft nl_rule_t *
-.Fn npf_rule_create "char *name" "uint32_t attr" "u_int if_idx"
+.Fn npf_rule_create "char *name" "uint32_t attr" "const char *ifname"
.Ft int
.Fn npf_rule_setcode "nl_rule_t *rl" "int type" "const void *code" "size_t len"
.Ft int
@@ -72,7 +72,7 @@
.Fn npf_rproc_insert "nl_config_t *ncf" "nl_rproc_t *rp"
.\" ---
.Ft nl_nat_t *
-.Fn npf_nat_create "int type" "u_int flags" "u_int if_idx" \
+.Fn npf_nat_create "int type" "u_int flags" "const char *ifname" \
"npf_addr_t *addr" "int af" "in_port_t port"
.Ft int
.Fn npf_nat_insert "nl_config_t *ncf" "nl_nat_t *nt" "pri_t pri"
@@ -114,7 +114,7 @@
.\" ---
.Ss Rule interface
.Bl -tag -width 4n
-.It Fn npf_rule_create "name" "attr" "if_idx"
+.It Fn npf_rule_create "name" "attr" "ifname"
Create a rule with a given name, attribute and priorty.
Name can be
.Dv NULL ,
@@ -143,11 +143,9 @@
.El
.Pp
Interface is specified by
-.Fa if_idx ,
-which is a numeral representation of an
-interface, given by
-.Xr if_nametoindex 3 .
-Zero indicates any interface.
+.Fa ifname ,
+which is a string.
+NULL indicates any interface.
.\" ---
.It Fn npf_rule_setcode "rl" "type" "code" "len"
Assign compiled code for the rule specified by
@@ -217,7 +215,7 @@
.\" -----
.Ss Translation interface
.Bl -tag -width 4n
-.It Fn npf_nat_create "type" "flags" "if_idx" "addr" "af" "port"
+.It Fn npf_nat_create "type" "flags" "ifname" "addr" "af" "port"
Create a NAT translation policy of a specified type.
There are two types:
.Bl -tag -width "NPF_NAT_PORTMAP "
diff -r cf1482920929 -r 634440aafc1a lib/libnpf/npf.c
--- a/lib/libnpf/npf.c Thu Nov 07 21:45:04 2013 +0000
+++ b/lib/libnpf/npf.c Fri Nov 08 00:38:26 2013 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: npf.c,v 1.21 2013/09/19 01:49:07 rmind Exp $ */
+/* $NetBSD: npf.c,v 1.22 2013/11/08 00:38:27 rmind Exp $ */
/*-
* Copyright (c) 2010-2013 The NetBSD Foundation, Inc.
@@ -30,7 +30,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: npf.c,v 1.21 2013/09/19 01:49:07 rmind Exp $");
+__KERNEL_RCSID(0, "$NetBSD: npf.c,v 1.22 2013/11/08 00:38:27 rmind Exp $");
#include <sys/types.h>
#include <netinet/in_systm.h>
@@ -437,7 +437,7 @@
*/
nl_rule_t *
-npf_rule_create(const char *name, uint32_t attr, u_int if_idx)
+npf_rule_create(const char *name, uint32_t attr, const char *ifname)
{
prop_dictionary_t rldict;
nl_rule_t *rl;
@@ -456,8 +456,8 @@
}
prop_dictionary_set_uint32(rldict, "attributes", attr);
- if (if_idx) {
- prop_dictionary_set_uint32(rldict, "interface", if_idx);
+ if (ifname) {
+ prop_dictionary_set_cstring(rldict, "interface", ifname);
}
rl->nrl_dict = rldict;
return rl;
@@ -631,14 +631,14 @@
return attr;
}
-unsigned
+const char *
npf_rule_getinterface(nl_rule_t *rl)
{
prop_dictionary_t rldict = rl->nrl_dict;
- unsigned if_idx = 0;
+ const char *ifname = NULL;
- prop_dictionary_get_uint32(rldict, "interface", &if_idx);
- return if_idx;
+ prop_dictionary_get_cstring_nocopy(rldict, "interface", &ifname);
+ return ifname;
}
const void *
@@ -801,7 +801,7 @@
*/
nl_nat_t *
-npf_nat_create(int type, u_int flags, u_int if_idx,
+npf_nat_create(int type, u_int flags, const char *ifname,
npf_addr_t *addr, int af, in_port_t port)
{
nl_rule_t *rl;
@@ -822,7 +822,7 @@
(type == NPF_NATOUT ? NPF_RULE_OUT : NPF_RULE_IN);
/* Create a rule for NAT policy. Next, will add translation data. */
- rl = npf_rule_create(NULL, attr, if_idx);
+ rl = npf_rule_create(NULL, attr, ifname);
if (rl == NULL) {
return NULL;
}
@@ -1123,49 +1123,18 @@
}
void
-_npf_debug_addif(nl_config_t *ncf, struct ifaddrs *ifa, u_int if_idx)
+_npf_debug_addif(nl_config_t *ncf, const char *ifname)
{
prop_dictionary_t ifdict, dbg = _npf_debug_initonce(ncf);
prop_array_t iflist = prop_dictionary_get(dbg, "interfaces");
+ u_int if_idx = if_nametoindex(ifname);
- if (_npf_prop_array_lookup(iflist, "name", ifa->ifa_name)) {
+ if (_npf_prop_array_lookup(iflist, "name", ifname)) {
return;
}
-
ifdict = prop_dictionary_create();
- prop_dictionary_set_cstring(ifdict, "name", ifa->ifa_name);
- prop_dictionary_set_uint32(ifdict, "flags", ifa->ifa_flags);
- if (!if_idx) {
- if_idx = if_nametoindex(ifa->ifa_name);
- }
- prop_dictionary_set_uint32(ifdict, "idx", if_idx);
-
- const struct sockaddr *sa = ifa->ifa_addr;
- npf_addr_t addr;
- size_t alen = 0;
-
- switch (sa ? sa->sa_family : -1) {
- case AF_INET: {
- const struct sockaddr_in *sin = (const void *)sa;
- alen = sizeof(sin->sin_addr);
- memcpy(&addr, &sin->sin_addr, alen);
- break;
- }
- case AF_INET6: {
- const struct sockaddr_in6 *sin6 = (const void *)sa;
- alen = sizeof(sin6->sin6_addr);
- memcpy(&addr, &sin6->sin6_addr, alen);
- break;
- }
- default:
- break;
- }
-
- if (alen) {
- prop_data_t addrdata = prop_data_create_data(&addr, alen);
- prop_dictionary_set(ifdict, "addr", addrdata);
- prop_object_release(addrdata);
- }
+ prop_dictionary_set_cstring(ifdict, "name", ifname);
+ prop_dictionary_set_uint32(ifdict, "index", if_idx);
prop_array_add(iflist, ifdict);
prop_object_release(ifdict);
}
diff -r cf1482920929 -r 634440aafc1a lib/libnpf/npf.h
--- a/lib/libnpf/npf.h Thu Nov 07 21:45:04 2013 +0000
+++ b/lib/libnpf/npf.h Fri Nov 08 00:38:26 2013 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: npf.h,v 1.18 2013/09/19 01:49:07 rmind Exp $ */
+/* $NetBSD: npf.h,v 1.19 2013/11/08 00:38:27 rmind Exp $ */
/*-
* Copyright (c) 2011-2013 The NetBSD Foundation, Inc.
@@ -88,7 +88,7 @@
void npf_ext_param_u32(nl_ext_t *, const char *, uint32_t);
void npf_ext_param_bool(nl_ext_t *, const char *, bool);
-nl_rule_t * npf_rule_create(const char *, uint32_t, u_int);
+nl_rule_t * npf_rule_create(const char *, uint32_t, const char *);
int npf_rule_setcode(nl_rule_t *, int, const void *, size_t);
int npf_rule_setprio(nl_rule_t *, pri_t);
int npf_rule_setproc(nl_rule_t *, const char *);
@@ -104,7 +104,8 @@
bool npf_rproc_exists_p(nl_config_t *, const char *);
int npf_rproc_insert(nl_config_t *, nl_rproc_t *);
-nl_nat_t * npf_nat_create(int, u_int, u_int, npf_addr_t *, int, in_port_t);
+nl_nat_t * npf_nat_create(int, u_int, const char *,
+ npf_addr_t *, int, in_port_t);
int npf_nat_insert(nl_config_t *, nl_nat_t *, pri_t);
nl_table_t * npf_table_create(u_int, int);
@@ -124,7 +125,7 @@
nl_rule_t * npf_rule_iterate(nl_config_t *, unsigned *);
const char * npf_rule_getname(nl_rule_t *);
uint32_t npf_rule_getattr(nl_rule_t *);
-unsigned npf_rule_getinterface(nl_rule_t *);
+const char * npf_rule_getinterface(nl_rule_t *);
const void * npf_rule_getinfo(nl_rule_t *, size_t *);
const char * npf_rule_getproc(nl_rule_t *);
@@ -142,7 +143,7 @@
void _npf_config_error(nl_config_t *, nl_error_t *);
void _npf_config_setsubmit(nl_config_t *, const char *);
int _npf_ruleset_list(int, const char *, nl_config_t *);
-void _npf_debug_addif(nl_config_t *, struct ifaddrs *, u_int);
+void _npf_debug_addif(nl_config_t *, const char *);
/* The ALG interface is experimental */
int _npf_alg_load(nl_config_t *, const char *);
diff -r cf1482920929 -r 634440aafc1a sys/modules/npf/Makefile
--- a/sys/modules/npf/Makefile Thu Nov 07 21:45:04 2013 +0000
+++ b/sys/modules/npf/Makefile Fri Nov 08 00:38:26 2013 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile,v 1.15 2013/09/19 01:49:07 rmind Exp $
+# $NetBSD: Makefile,v 1.16 2013/11/08 00:38:26 rmind Exp $
#
# Public Domain.
#
@@ -9,10 +9,11 @@
KMOD= npf
-SRCS= npf.c npf_alg.c npf_conf.c npf_ctl.c npf_handler.c npf_bpf.c
-SRCS+= npf_inet.c npf_mbuf.c npf_nat.c npf_ruleset.c npf_rproc.c
-SRCS+= npf_sendpkt.c npf_session.c npf_state.c npf_state_tcp.c
-SRCS+= npf_tableset.c npf_tableset_ptree.c npf_worker.c
+SRCS= npf.c npf_alg.c npf_conf.c npf_ctl.c npf_handler.c
+SRCS+= npf_bpf.c npf_if.c npf_inet.c npf_mbuf.c npf_nat.c
+SRCS+= npf_ruleset.c npf_rproc.c npf_sendpkt.c npf_session.c
+SRCS+= npf_state.c npf_state_tcp.c npf_tableset.c
+SRCS+= npf_tableset_ptree.c npf_worker.c
CPPFLAGS+= -DINET6
diff -r cf1482920929 -r 634440aafc1a sys/net/npf/files.npf
--- a/sys/net/npf/files.npf Thu Nov 07 21:45:04 2013 +0000
+++ b/sys/net/npf/files.npf Fri Nov 08 00:38:26 2013 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: files.npf,v 1.15 2013/09/19 01:49:07 rmind Exp $
+# $NetBSD: files.npf,v 1.16 2013/11/08 00:38:26 rmind Exp $
#
# Public Domain.
#
@@ -20,6 +20,7 @@
file net/npf/npf_rproc.c npf
file net/npf/npf_tableset.c npf
file net/npf/npf_tableset_ptree.c npf
+file net/npf/npf_if.c npf
file net/npf/npf_inet.c npf
file net/npf/npf_session.c npf
file net/npf/npf_state.c npf
diff -r cf1482920929 -r 634440aafc1a sys/net/npf/npf.c
--- a/sys/net/npf/npf.c Thu Nov 07 21:45:04 2013 +0000
+++ b/sys/net/npf/npf.c Fri Nov 08 00:38:26 2013 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: npf.c,v 1.17 2013/09/19 01:04:46 rmind Exp $ */
+/* $NetBSD: npf.c,v 1.18 2013/11/08 00:38:26 rmind Exp $ */
/*-
* Copyright (c) 2009-2013 The NetBSD Foundation, Inc.
@@ -34,7 +34,7 @@
*/
#include <sys/cdefs.h>
Home |
Main Index |
Thread Index |
Old Index