Module Name: src
Committed By: rmind
Date: Sun Aug 11 20:26:34 UTC 2019
Modified Files:
src/sys/net/npf: npf.c npf_conf.c npf_conn.h npf_ctl.c npf_handler.c
npf_if.c npf_impl.h npf_inet.c npf_nat.c npf_os.c npf_params.c
npf_portmap.c npf_worker.c npfkern.h
src/usr.sbin/npf/npftest/libnpftest: npf_conn_test.c npf_nat_test.c
npf_perf_test.c npf_rule_test.c npf_test_subr.c
Log Message:
Adjust some internal NPF APIs:
* npfkern: use the npfk_ prefix.
* NPF portmap: amend the API so it could be used elsewhere.
* Make npf_connkey_t public.
To generate a diff of this commit:
cvs rdiff -u -r1.39 -r1.40 src/sys/net/npf/npf.c
cvs rdiff -u -r1.13 -r1.14 src/sys/net/npf/npf_conf.c \
src/sys/net/npf/npf_os.c
cvs rdiff -u -r1.17 -r1.18 src/sys/net/npf/npf_conn.h
cvs rdiff -u -r1.54 -r1.55 src/sys/net/npf/npf_ctl.c \
src/sys/net/npf/npf_inet.c
cvs rdiff -u -r1.46 -r1.47 src/sys/net/npf/npf_handler.c \
src/sys/net/npf/npf_nat.c
cvs rdiff -u -r1.9 -r1.10 src/sys/net/npf/npf_if.c
cvs rdiff -u -r1.75 -r1.76 src/sys/net/npf/npf_impl.h
cvs rdiff -u -r1.1 -r1.2 src/sys/net/npf/npf_params.c
cvs rdiff -u -r1.3 -r1.4 src/sys/net/npf/npf_portmap.c \
src/sys/net/npf/npfkern.h
cvs rdiff -u -r1.6 -r1.7 src/sys/net/npf/npf_worker.c
cvs rdiff -u -r1.2 -r1.3 src/usr.sbin/npf/npftest/libnpftest/npf_conn_test.c
cvs rdiff -u -r1.12 -r1.13 src/usr.sbin/npf/npftest/libnpftest/npf_nat_test.c
cvs rdiff -u -r1.8 -r1.9 src/usr.sbin/npf/npftest/libnpftest/npf_perf_test.c
cvs rdiff -u -r1.17 -r1.18 \
src/usr.sbin/npf/npftest/libnpftest/npf_rule_test.c
cvs rdiff -u -r1.15 -r1.16 \
src/usr.sbin/npf/npftest/libnpftest/npf_test_subr.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/net/npf/npf.c
diff -u src/sys/net/npf/npf.c:1.39 src/sys/net/npf/npf.c:1.40
--- src/sys/net/npf/npf.c:1.39 Tue Aug 6 11:40:15 2019
+++ src/sys/net/npf/npf.c Sun Aug 11 20:26:33 2019
@@ -33,7 +33,7 @@
#ifdef _KERNEL
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: npf.c,v 1.39 2019/08/06 11:40:15 christos Exp $");
+__KERNEL_RCSID(0, "$NetBSD: npf.c,v 1.40 2019/08/11 20:26:33 rmind Exp $");
#include <sys/param.h>
#include <sys/types.h>
@@ -49,7 +49,7 @@ __KERNEL_RCSID(0, "$NetBSD: npf.c,v 1.39
static __read_mostly npf_t * npf_kernel_ctx = NULL;
__dso_public int
-npf_sysinit(unsigned nworkers)
+npfk_sysinit(unsigned nworkers)
{
npf_bpf_sysinit();
npf_tableset_sysinit();
@@ -58,7 +58,7 @@ npf_sysinit(unsigned nworkers)
}
__dso_public void
-npf_sysfini(void)
+npfk_sysfini(void)
{
npf_worker_sysfini();
npf_nat_sysfini();
@@ -67,7 +67,7 @@ npf_sysfini(void)
}
__dso_public npf_t *
-npf_create(int flags, const npf_mbufops_t *mbufops, const npf_ifops_t *ifops)
+npfk_create(int flags, const npf_mbufops_t *mbufops, const npf_ifops_t *ifops)
{
npf_t *npf;
@@ -94,7 +94,7 @@ npf_create(int flags, const npf_mbufops_
}
__dso_public void
-npf_destroy(npf_t *npf)
+npfk_destroy(npf_t *npf)
{
/*
* Destroy the current configuration. Note: at this point all
@@ -117,25 +117,25 @@ npf_destroy(npf_t *npf)
}
__dso_public int
-npf_load(npf_t *npf, void *config_ref, npf_error_t *err)
+npfk_load(npf_t *npf, void *config_ref, npf_error_t *err)
{
return npfctl_load(npf, 0, config_ref);
}
__dso_public void
-npf_gc(npf_t *npf)
+npfk_gc(npf_t *npf)
{
npf_conn_worker(npf);
}
__dso_public void
-npf_thread_register(npf_t *npf)
+npfk_thread_register(npf_t *npf)
{
pserialize_register(npf->qsbr);
}
__dso_public void
-npf_thread_unregister(npf_t *npf)
+npfk_thread_unregister(npf_t *npf)
{
pserialize_perform(npf->qsbr);
pserialize_unregister(npf->qsbr);
@@ -198,14 +198,14 @@ npf_stats_clear_cb(void *mem, void *arg,
*/
__dso_public void
-npf_stats(npf_t *npf, uint64_t *buf)
+npfk_stats(npf_t *npf, uint64_t *buf)
{
memset(buf, 0, NPF_STATS_SIZE);
percpu_foreach(npf->stats_percpu, npf_stats_collect, buf);
}
__dso_public void
-npf_stats_clear(npf_t *npf)
+npfk_stats_clear(npf_t *npf)
{
percpu_foreach(npf->stats_percpu, npf_stats_clear_cb, NULL);
}
Index: src/sys/net/npf/npf_conf.c
diff -u src/sys/net/npf/npf_conf.c:1.13 src/sys/net/npf/npf_conf.c:1.14
--- src/sys/net/npf/npf_conf.c:1.13 Tue Jul 23 00:52:01 2019
+++ src/sys/net/npf/npf_conf.c Sun Aug 11 20:26:33 2019
@@ -47,7 +47,7 @@
#ifdef _KERNEL
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: npf_conf.c,v 1.13 2019/07/23 00:52:01 rmind Exp $");
+__KERNEL_RCSID(0, "$NetBSD: npf_conf.c,v 1.14 2019/08/11 20:26:33 rmind Exp $");
#include <sys/param.h>
#include <sys/types.h>
@@ -169,7 +169,7 @@ npf_config_load(npf_t *npf, npf_ruleset_
/* Synchronise: drain all references. */
pserialize_perform(npf->qsbr);
if (flush) {
- npf_portmap_flush(npf);
+ npf_portmap_flush(npf->portmap);
npf_ifmap_flush(npf);
}
Index: src/sys/net/npf/npf_os.c
diff -u src/sys/net/npf/npf_os.c:1.13 src/sys/net/npf/npf_os.c:1.14
--- src/sys/net/npf/npf_os.c:1.13 Sat Aug 10 21:13:54 2019
+++ src/sys/net/npf/npf_os.c Sun Aug 11 20:26:34 2019
@@ -33,7 +33,7 @@
#ifdef _KERNEL
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: npf_os.c,v 1.13 2019/08/10 21:13:54 rmind Exp $");
+__KERNEL_RCSID(0, "$NetBSD: npf_os.c,v 1.14 2019/08/11 20:26:34 rmind Exp $");
#ifdef _KERNEL_OPT
#include "pf.h"
@@ -135,8 +135,8 @@ npf_fini(void)
devsw_detach(NULL, &npf_cdevsw);
#endif
npf_pfil_unregister(true);
- npf_destroy(npf);
- npf_sysfini();
+ npfk_destroy(npf);
+ npfk_sysfini();
return 0;
}
@@ -146,10 +146,10 @@ npf_init(void)
npf_t *npf;
int error = 0;
- error = npf_sysinit(nworkers);
+ error = npfk_sysinit(nworkers);
if (error)
return error;
- npf = npf_create(0, NULL, &kern_ifops);
+ npf = npfk_create(0, NULL, &kern_ifops);
npf_setkernctx(npf);
npf_pfil_register(true);
@@ -219,7 +219,7 @@ npf_stats_export(npf_t *npf, void *data)
int error;
fullst = kmem_alloc(NPF_STATS_SIZE, KM_SLEEP);
- npf_stats(npf, fullst); /* will zero the buffer */
+ npfk_stats(npf, fullst); /* will zero the buffer */
error = copyout(fullst, uptr, NPF_STATS_SIZE);
kmem_free(fullst, NPF_STATS_SIZE);
return error;
@@ -337,10 +337,10 @@ npf_ifop_setmeta(ifnet_t *ifp, void *arg
* Wrapper of the main packet handler to pass the kernel NPF context.
*/
static int
-npfkern_packet_handler(void *arg, struct mbuf **mp, ifnet_t *ifp, int di)
+npfos_packet_handler(void *arg, struct mbuf **mp, ifnet_t *ifp, int di)
{
npf_t *npf = npf_getkernctx();
- return npf_packet_handler(npf, mp, ifp, di);
+ return npfk_packet_handler(npf, mp, ifp, di);
}
/*
@@ -354,11 +354,11 @@ npf_ifhook(void *arg, unsigned long cmd,
switch (cmd) {
case PFIL_IFNET_ATTACH:
- npf_ifmap_attach(npf, ifp);
+ npfk_ifmap_attach(npf, ifp);
npf_ifaddr_sync(npf, ifp);
break;
case PFIL_IFNET_DETACH:
- npf_ifmap_detach(npf, ifp);
+ npfk_ifmap_detach(npf, ifp);
npf_ifaddr_flush(npf, ifp);
break;
}
@@ -434,12 +434,12 @@ npf_pfil_register(bool init)
/* Packet IN/OUT handlers for IP layer. */
if (npf_ph_inet) {
- error = pfil_add_hook(npfkern_packet_handler, npf,
+ error = pfil_add_hook(npfos_packet_handler, npf,
PFIL_ALL, npf_ph_inet);
KASSERT(error == 0);
}
if (npf_ph_inet6) {
- error = pfil_add_hook(npfkern_packet_handler, npf,
+ error = pfil_add_hook(npfos_packet_handler, npf,
PFIL_ALL, npf_ph_inet6);
KASSERT(error == 0);
}
@@ -473,11 +473,11 @@ npf_pfil_unregister(bool fini)
PFIL_IFADDR, npf_ph_if);
}
if (npf_ph_inet) {
- (void)pfil_remove_hook(npfkern_packet_handler, npf,
+ (void)pfil_remove_hook(npfos_packet_handler, npf,
PFIL_ALL, npf_ph_inet);
}
if (npf_ph_inet6) {
- (void)pfil_remove_hook(npfkern_packet_handler, npf,
+ (void)pfil_remove_hook(npfos_packet_handler, npf,
PFIL_ALL, npf_ph_inet6);
}
pfil_registered = false;
Index: src/sys/net/npf/npf_conn.h
diff -u src/sys/net/npf/npf_conn.h:1.17 src/sys/net/npf/npf_conn.h:1.18
--- src/sys/net/npf/npf_conn.h:1.17 Tue Aug 6 11:40:15 2019
+++ src/sys/net/npf/npf_conn.h Sun Aug 11 20:26:33 2019
@@ -38,8 +38,6 @@
#include "npf_impl.h"
-typedef struct npf_connkey npf_connkey_t;
-
#if defined(__NPF_CONN_PRIVATE)
/*
@@ -91,6 +89,8 @@ struct npf_conn {
uint32_t c_keys[];
};
+#endif
+
/*
* Connection key interface.
*
@@ -104,10 +104,10 @@ struct npf_conn {
#define NPF_CONNKEY_ALEN(key) ((key)->ck_key[0] & 0xffff)
#define NPF_CONNKEY_LEN(key) (8 + (NPF_CONNKEY_ALEN(key) * 2))
-struct npf_connkey {
+typedef struct npf_connkey {
/* Warning: ck_key has a variable length -- see above. */
uint32_t ck_key[NPF_CONNKEY_MAXWORDS];
-};
+} npf_connkey_t;
unsigned npf_conn_conkey(const npf_cache_t *, npf_connkey_t *, bool);
npf_connkey_t * npf_conn_getforwkey(npf_conn_t *);
@@ -119,8 +119,6 @@ unsigned npf_connkey_import(const nvlist
nvlist_t * npf_connkey_export(const npf_connkey_t *);
void npf_connkey_print(const npf_connkey_t *);
-#endif
-
/*
* Connection tracking interface.
*/
@@ -140,7 +138,7 @@ bool npf_conn_pass(const npf_conn_t *,
void npf_conn_setpass(npf_conn_t *, const npf_match_info_t *,
npf_rproc_t *);
int npf_conn_setnat(const npf_cache_t *, npf_conn_t *,
- npf_nat_t *, u_int);
+ npf_nat_t *, unsigned);
npf_nat_t * npf_conn_getnat(npf_conn_t *, const int, bool *);
bool npf_conn_expired(npf_t *, const npf_conn_t *, uint64_t);
void npf_conn_remove(npf_conndb_t *, npf_conn_t *);
Index: src/sys/net/npf/npf_ctl.c
diff -u src/sys/net/npf/npf_ctl.c:1.54 src/sys/net/npf/npf_ctl.c:1.55
--- src/sys/net/npf/npf_ctl.c:1.54 Tue Jul 23 00:52:01 2019
+++ src/sys/net/npf/npf_ctl.c Sun Aug 11 20:26:33 2019
@@ -36,7 +36,7 @@
#ifdef _KERNEL
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: npf_ctl.c,v 1.54 2019/07/23 00:52:01 rmind Exp $");
+__KERNEL_RCSID(0, "$NetBSD: npf_ctl.c,v 1.55 2019/08/11 20:26:33 rmind Exp $");
#include <sys/param.h>
#include <sys/conf.h>
@@ -121,7 +121,7 @@ npf_mk_params(npf_t *npf, nvlist_t *npf_
val = (int)nvlist_get_number(params, name);
if (set) {
/* Actually set the parameter. */
- error = npf_param_set(npf, name, val);
+ error = npfk_param_set(npf, name, val);
KASSERT(error == 0);
continue;
}
Index: src/sys/net/npf/npf_inet.c
diff -u src/sys/net/npf/npf_inet.c:1.54 src/sys/net/npf/npf_inet.c:1.55
--- src/sys/net/npf/npf_inet.c:1.54 Tue Jul 23 00:52:01 2019
+++ src/sys/net/npf/npf_inet.c Sun Aug 11 20:26:34 2019
@@ -38,7 +38,7 @@
#ifdef _KERNEL
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: npf_inet.c,v 1.54 2019/07/23 00:52:01 rmind Exp $");
+__KERNEL_RCSID(0, "$NetBSD: npf_inet.c,v 1.55 2019/08/11 20:26:34 rmind Exp $");
#include <sys/param.h>
#include <sys/types.h>
@@ -712,7 +712,9 @@ npf_rwrcksum(const npf_cache_t *npc, u_i
const npf_addr_t *oaddr = npc->npc_ips[which];
const int proto = npc->npc_proto;
const int alen = npc->npc_alen;
- uint16_t *ocksum;
+ uint16_t cksum, *ocksum;
+ struct tcphdr *th;
+ struct udphdr *uh;
in_port_t oport;
KASSERT(npf_iscached(npc, NPC_LAYER4));
@@ -729,41 +731,43 @@ npf_rwrcksum(const npf_cache_t *npc, u_i
KASSERT(npf_iscached(npc, NPC_IP6));
}
- /* Nothing else to do for ICMP. */
- if (proto == IPPROTO_ICMP || proto == IPPROTO_ICMPV6) {
- return true;
- }
- KASSERT(npf_iscached(npc, NPC_TCP) || npf_iscached(npc, NPC_UDP));
-
/*
* Calculate TCP/UDP checksum:
* - Skip if UDP and the current checksum is zero.
* - Fixup the IP address change.
* - Fixup the port change, if required (non-zero).
*/
- if (proto == IPPROTO_TCP) {
- struct tcphdr *th = npc->npc_l4.tcp;
-
+ switch (proto) {
+ case IPPROTO_TCP:
+ KASSERT(npf_iscached(npc, NPC_TCP));
+ th = npc->npc_l4.tcp;
ocksum = &th->th_sum;
oport = (which == NPF_SRC) ? th->th_sport : th->th_dport;
- } else {
- struct udphdr *uh = npc->npc_l4.udp;
-
- KASSERT(proto == IPPROTO_UDP);
+ break;
+ case IPPROTO_UDP:
+ KASSERT(npf_iscached(npc, NPC_UDP));
+ uh = npc->npc_l4.udp;
ocksum = &uh->uh_sum;
if (*ocksum == 0) {
/* No need to update. */
return true;
}
oport = (which == NPF_SRC) ? uh->uh_sport : uh->uh_dport;
+ break;
+ case IPPROTO_ICMP:
+ case IPPROTO_ICMPV6:
+ default:
+ /* Nothing else to do for ICMP. */
+ return true;
}
- uint16_t cksum = npf_addr_cksum(*ocksum, alen, oaddr, addr);
+ /*
+ * Update and rewrite the TCP/UDP checksum.
+ */
+ cksum = npf_addr_cksum(*ocksum, alen, oaddr, addr);
if (port) {
cksum = npf_fixup16_cksum(cksum, oport, port);
}
-
- /* Rewrite TCP/UDP checksum. */
memcpy(ocksum, &cksum, sizeof(uint16_t));
return true;
}
Index: src/sys/net/npf/npf_handler.c
diff -u src/sys/net/npf/npf_handler.c:1.46 src/sys/net/npf/npf_handler.c:1.47
--- src/sys/net/npf/npf_handler.c:1.46 Tue Jul 23 00:52:01 2019
+++ src/sys/net/npf/npf_handler.c Sun Aug 11 20:26:33 2019
@@ -35,7 +35,7 @@
#ifdef _KERNEL
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: npf_handler.c,v 1.46 2019/07/23 00:52:01 rmind Exp $");
+__KERNEL_RCSID(0, "$NetBSD: npf_handler.c,v 1.47 2019/08/11 20:26:33 rmind Exp $");
#include <sys/types.h>
#include <sys/param.h>
@@ -112,12 +112,12 @@ npf_reassembly(npf_t *npf, npf_cache_t *
}
/*
- * npf_packet_handler: main packet handling routine for layer 3.
+ * npfk_packet_handler: main packet handling routine for layer 3.
*
* Note: packet flow and inspection logic is in strict order.
*/
__dso_public int
-npf_packet_handler(npf_t *npf, struct mbuf **mp, ifnet_t *ifp, int di)
+npfk_packet_handler(npf_t *npf, struct mbuf **mp, ifnet_t *ifp, int di)
{
nbuf_t nbuf;
npf_cache_t npc;
Index: src/sys/net/npf/npf_nat.c
diff -u src/sys/net/npf/npf_nat.c:1.46 src/sys/net/npf/npf_nat.c:1.47
--- src/sys/net/npf/npf_nat.c:1.46 Tue Jul 23 00:52:01 2019
+++ src/sys/net/npf/npf_nat.c Sun Aug 11 20:26:34 2019
@@ -67,7 +67,7 @@
#ifdef _KERNEL
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: npf_nat.c,v 1.46 2019/07/23 00:52:01 rmind Exp $");
+__KERNEL_RCSID(0, "$NetBSD: npf_nat.c,v 1.47 2019/08/11 20:26:34 rmind Exp $");
#include <sys/param.h>
#include <sys/types.h>
@@ -514,7 +514,8 @@ npf_nat_create(npf_cache_t *npc, npf_nat
/* Get a new port for translation. */
if ((np->n_flags & NPF_NAT_PORTMAP) != 0) {
- nt->nt_tport = npf_portmap_get(np->n_npfctx, alen, taddr);
+ npf_portmap_t *pm = np->n_npfctx->portmap;
+ nt->nt_tport = npf_portmap_get(pm, alen, taddr);
} else {
nt->nt_tport = np->n_tport;
}
@@ -745,7 +746,8 @@ npf_nat_destroy(npf_nat_t *nt)
/* Return taken port to the portmap. */
if ((np->n_flags & NPF_NAT_PORTMAP) != 0 && nt->nt_tport) {
- npf_portmap_put(npf, nt->nt_alen, &nt->nt_taddr, nt->nt_tport);
+ npf_portmap_t *pm = npf->portmap;
+ npf_portmap_put(pm, nt->nt_alen, &nt->nt_taddr, nt->nt_tport);
}
npf_stats_inc(np->n_npfctx, NPF_STAT_NAT_DESTROY);
@@ -804,10 +806,14 @@ npf_nat_import(npf_t *npf, const nvlist_
nt->nt_tport = dnvlist_get_number(nat, "tport", 0);
/* Take a specific port from port-map. */
- if ((np->n_flags & NPF_NAT_PORTMAP) != 0 && nt->nt_tport &&
- !npf_portmap_take(npf, nt->nt_alen, &nt->nt_taddr, nt->nt_tport)) {
- pool_cache_put(nat_cache, nt);
- return NULL;
+ if ((np->n_flags & NPF_NAT_PORTMAP) != 0 && nt->nt_tport) {
+ npf_portmap_t *pm = npf->portmap;
+
+ if (!npf_portmap_take(pm, nt->nt_alen,
+ &nt->nt_taddr, nt->nt_tport)) {
+ pool_cache_put(nat_cache, nt);
+ return NULL;
+ }
}
npf_stats_inc(npf, NPF_STAT_NAT_CREATE);
Index: src/sys/net/npf/npf_if.c
diff -u src/sys/net/npf/npf_if.c:1.9 src/sys/net/npf/npf_if.c:1.10
--- src/sys/net/npf/npf_if.c:1.9 Sat Sep 29 14:41:36 2018
+++ src/sys/net/npf/npf_if.c Sun Aug 11 20:26:33 2019
@@ -44,7 +44,7 @@
#ifdef _KERNEL
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: npf_if.c,v 1.9 2018/09/29 14:41:36 rmind Exp $");
+__KERNEL_RCSID(0, "$NetBSD: npf_if.c,v 1.10 2019/08/11 20:26:33 rmind Exp $");
#include <sys/param.h>
#include <sys/types.h>
@@ -181,7 +181,7 @@ npf_ifmap_getname(npf_t *npf, const u_in
}
__dso_public void
-npf_ifmap_attach(npf_t *npf, ifnet_t *ifp)
+npfk_ifmap_attach(npf_t *npf, ifnet_t *ifp)
{
const npf_ifops_t *ifops = npf->ifops;
u_int i;
@@ -193,7 +193,7 @@ npf_ifmap_attach(npf_t *npf, ifnet_t *if
}
__dso_public void
-npf_ifmap_detach(npf_t *npf, ifnet_t *ifp)
+npfk_ifmap_detach(npf_t *npf, ifnet_t *ifp)
{
/* Diagnostic. */
npf_config_enter(npf);
Index: src/sys/net/npf/npf_impl.h
diff -u src/sys/net/npf/npf_impl.h:1.75 src/sys/net/npf/npf_impl.h:1.76
--- src/sys/net/npf/npf_impl.h:1.75 Tue Jul 23 00:52:01 2019
+++ src/sys/net/npf/npf_impl.h Sun Aug 11 20:26:34 2019
@@ -185,7 +185,6 @@ typedef enum {
NPF_PARAMS_CONNDB = 0,
NPF_PARAMS_GENERIC_STATE,
NPF_PARAMS_TCP_STATE,
- NPF_PARAMS_PORTMAP,
NPF_PARAMS_COUNT
} npf_paramgroup_t;
@@ -461,10 +460,13 @@ int npf_state_tcp_timeout(npf_t *, cons
void npf_portmap_init(npf_t *);
void npf_portmap_fini(npf_t *);
-in_port_t npf_portmap_get(npf_t *, int, const npf_addr_t *);
-bool npf_portmap_take(npf_t *, int, const npf_addr_t *, in_port_t);
-void npf_portmap_put(npf_t *, int, const npf_addr_t *, in_port_t);
-void npf_portmap_flush(npf_t *);
+npf_portmap_t * npf_portmap_create(int, int);
+void npf_portmap_destroy(npf_portmap_t *);
+
+in_port_t npf_portmap_get(npf_portmap_t *, int, const npf_addr_t *);
+bool npf_portmap_take(npf_portmap_t *, int, const npf_addr_t *, in_port_t);
+void npf_portmap_put(npf_portmap_t *, int, const npf_addr_t *, in_port_t);
+void npf_portmap_flush(npf_portmap_t *);
/* NAT. */
void npf_nat_sysinit(void);
Index: src/sys/net/npf/npf_params.c
diff -u src/sys/net/npf/npf_params.c:1.1 src/sys/net/npf/npf_params.c:1.2
--- src/sys/net/npf/npf_params.c:1.1 Tue Jul 23 00:52:01 2019
+++ src/sys/net/npf/npf_params.c Sun Aug 11 20:26:34 2019
@@ -26,7 +26,7 @@
#ifdef _KERNEL
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: npf_params.c,v 1.1 2019/07/23 00:52:01 rmind Exp $");
+__KERNEL_RCSID(0, "$NetBSD: npf_params.c,v 1.2 2019/08/11 20:26:34 rmind Exp $");
#include <sys/param.h>
#include <sys/types.h>
@@ -175,7 +175,7 @@ npf_param_check(npf_t *npf, const char *
}
__dso_public int
-npf_param_get(npf_t *npf, const char *name, int *val)
+npfk_param_get(npf_t *npf, const char *name, int *val)
{
npf_param_t *param;
@@ -187,7 +187,7 @@ npf_param_get(npf_t *npf, const char *na
}
__dso_public int
-npf_param_set(npf_t *npf, const char *name, int val)
+npfk_param_set(npf_t *npf, const char *name, int val)
{
npf_param_t *param;
Index: src/sys/net/npf/npf_portmap.c
diff -u src/sys/net/npf/npf_portmap.c:1.3 src/sys/net/npf/npf_portmap.c:1.4
--- src/sys/net/npf/npf_portmap.c:1.3 Thu Jul 25 01:00:28 2019
+++ src/sys/net/npf/npf_portmap.c Sun Aug 11 20:26:34 2019
@@ -35,7 +35,7 @@
#ifdef _KERNEL
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: npf_portmap.c,v 1.3 2019/07/25 01:00:28 rmind Exp $");
+__KERNEL_RCSID(0, "$NetBSD: npf_portmap.c,v 1.4 2019/08/11 20:26:34 rmind Exp $");
#include <sys/param.h>
#include <sys/types.h>
@@ -95,63 +95,73 @@ typedef struct bitmap {
unsigned addr_len;
} bitmap_t;
+#define NPF_PORTMAP_MINPORT 1024
+#define NPF_PORTMAP_MAXPORT 65535
+
struct npf_portmap {
thmap_t * addr_map;
LIST_HEAD(, bitmap) bitmap_list;
kmutex_t list_lock;
+ int min_port;
+ int max_port;
};
-typedef struct {
- int min_port;
- int max_port;
-} npf_portmap_params_t;
-
static kmutex_t portmap_lock;
void
npf_portmap_init(npf_t *npf)
{
- npf_portmap_params_t *params = npf_param_allocgroup(npf,
- NPF_PARAMS_PORTMAP, sizeof(npf_portmap_params_t));
+ npf_portmap_t *pm = npf_portmap_create(
+ NPF_PORTMAP_MINPORT, NPF_PORTMAP_MAXPORT);
npf_param_t param_map[] = {
{
"portmap.min_port",
- ¶ms->min_port,
- .default_val = 1024,
+ &pm->min_port,
+ .default_val = NPF_PORTMAP_MINPORT,
.min = 1024, .max = 65535
},
{
"portmap.max_port",
- ¶ms->max_port,
- .default_val = 65535,
+ &pm->max_port,
+ .default_val = NPF_PORTMAP_MAXPORT,
.min = 1024, .max = 65535
}
};
npf_param_register(npf, param_map, __arraycount(param_map));
-
- npf->portmap = kmem_zalloc(sizeof(npf_portmap_t), KM_SLEEP);
- mutex_init(&npf->portmap->list_lock, MUTEX_DEFAULT, IPL_SOFTNET);
- npf->portmap->addr_map = thmap_create(0, NULL, THMAP_NOCOPY);
-
mutex_init(&portmap_lock, MUTEX_DEFAULT, IPL_SOFTNET);
+ npf->portmap = pm;
}
void
npf_portmap_fini(npf_t *npf)
{
- const size_t len = sizeof(npf_portmap_params_t);
- npf_portmap_t *pm = npf->portmap;
+ npf_portmap_destroy(npf->portmap);
+ mutex_destroy(&portmap_lock);
+ npf->portmap = NULL; // diagnostic
+}
+
+npf_portmap_t *
+npf_portmap_create(int min_port, int max_port)
+{
+ npf_portmap_t *pm;
- npf_param_freegroup(npf, NPF_PARAMS_PORTMAP, len);
+ pm = kmem_zalloc(sizeof(npf_portmap_t), KM_SLEEP);
+ mutex_init(&pm->list_lock, MUTEX_DEFAULT, IPL_SOFTNET);
+ pm->addr_map = thmap_create(0, NULL, THMAP_NOCOPY);
+ pm->min_port = min_port;
+ pm->max_port = max_port;
+ return pm;
+}
- npf_portmap_flush(npf);
+void
+npf_portmap_destroy(npf_portmap_t *pm)
+{
+ npf_portmap_flush(pm);
KASSERT(LIST_EMPTY(&pm->bitmap_list));
thmap_destroy(pm->addr_map);
mutex_destroy(&pm->list_lock);
kmem_free(pm, sizeof(npf_portmap_t));
-
- mutex_destroy(&portmap_lock);
}
/////////////////////////////////////////////////////////////////////////
@@ -406,9 +416,8 @@ again:
/////////////////////////////////////////////////////////////////////////
static bitmap_t *
-npf_portmap_autoget(npf_t *npf, unsigned alen, const npf_addr_t *addr)
+npf_portmap_autoget(npf_portmap_t *pm, unsigned alen, const npf_addr_t *addr)
{
- npf_portmap_t *pm = npf->portmap;
bitmap_t *bm;
KASSERT(pm && pm->addr_map);
@@ -456,9 +465,8 @@ npf_portmap_autoget(npf_t *npf, unsigned
* need to acquire locks.
*/
void
-npf_portmap_flush(npf_t *npf)
+npf_portmap_flush(npf_portmap_t *pm)
{
- npf_portmap_t *pm = npf->portmap;
bitmap_t *bm;
while ((bm = LIST_FIRST(&pm->bitmap_list)) != NULL) {
@@ -486,28 +494,27 @@ npf_portmap_flush(npf_t *npf)
* => Zero indicates a failure.
*/
in_port_t
-npf_portmap_get(npf_t *npf, int alen, const npf_addr_t *addr)
+npf_portmap_get(npf_portmap_t *pm, int alen, const npf_addr_t *addr)
{
- const npf_portmap_params_t *params = npf->params[NPF_PARAMS_PORTMAP];
- const unsigned port_delta = params->max_port - params->min_port;
+ const unsigned port_delta = pm->max_port - pm->min_port;
unsigned bit, target;
bitmap_t *bm;
- bm = npf_portmap_autoget(npf, alen, addr);
+ bm = npf_portmap_autoget(pm, alen, addr);
if (bm == NULL) {
/* No memory. */
return 0;
}
/* Randomly select a port. */
- target = params->min_port + (cprng_fast32() % port_delta);
+ target = pm->min_port + (cprng_fast32() % port_delta);
bit = target;
next:
if (bitmap_set(bm, bit)) {
/* Success. */
return htons(bit);
}
- bit = params->min_port + ((bit + 1) % port_delta);
+ bit = pm->min_port + ((bit + 1) % port_delta);
if (target != bit) {
/* Next.. */
goto next;
@@ -520,13 +527,13 @@ next:
* npf_portmap_take: allocate a specific port in the portmap.
*/
bool
-npf_portmap_take(npf_t *npf, int alen, const npf_addr_t *addr, in_port_t port)
+npf_portmap_take(npf_portmap_t *pm, int alen,
+ const npf_addr_t *addr, in_port_t port)
{
- const npf_portmap_params_t *params = npf->params[NPF_PARAMS_PORTMAP];
- bitmap_t *bm = npf_portmap_autoget(npf, alen, addr);
+ bitmap_t *bm = npf_portmap_autoget(pm, alen, addr);
port = ntohs(port);
- if (!bm || port < params->min_port || port > params->max_port) {
+ if (!bm || port < pm->min_port || port > pm->max_port) {
/* Out of memory / invalid port. */
return false;
}
@@ -539,11 +546,12 @@ npf_portmap_take(npf_t *npf, int alen, c
* => The port value should be in network byte-order.
*/
void
-npf_portmap_put(npf_t *npf, int alen, const npf_addr_t *addr, in_port_t port)
+npf_portmap_put(npf_portmap_t *pm, int alen,
+ const npf_addr_t *addr, in_port_t port)
{
bitmap_t *bm;
- bm = npf_portmap_autoget(npf, alen, addr);
+ bm = npf_portmap_autoget(pm, alen, addr);
if (bm) {
port = ntohs(port);
bitmap_clr(bm, port);
Index: src/sys/net/npf/npfkern.h
diff -u src/sys/net/npf/npfkern.h:1.3 src/sys/net/npf/npfkern.h:1.4
--- src/sys/net/npf/npfkern.h:1.3 Tue Jul 23 00:52:01 2019
+++ src/sys/net/npf/npfkern.h Sun Aug 11 20:26:34 2019
@@ -61,23 +61,23 @@ typedef struct {
bool (*ensure_writable)(struct mbuf **, size_t);
} npf_mbufops_t;
-int npf_sysinit(unsigned);
-void npf_sysfini(void);
+int npfk_sysinit(unsigned);
+void npfk_sysfini(void);
-npf_t * npf_create(int, const npf_mbufops_t *, const npf_ifops_t *);
-int npf_load(npf_t *, void *, npf_error_t *);
-void npf_gc(npf_t *);
-void npf_destroy(npf_t *);
+npf_t * npfk_create(int, const npf_mbufops_t *, const npf_ifops_t *);
+int npfk_load(npf_t *, void *, npf_error_t *);
+void npfk_gc(npf_t *);
+void npfk_destroy(npf_t *);
-void npf_thread_register(npf_t *);
-void npf_thread_unregister(npf_t *);
-int npf_packet_handler(npf_t *, struct mbuf **, struct ifnet *, int);
-void npf_ifmap_attach(npf_t *, struct ifnet *);
-void npf_ifmap_detach(npf_t *, struct ifnet *);
-int npf_param_get(npf_t *, const char *, int *);
-int npf_param_set(npf_t *, const char *, int);
-void npf_stats(npf_t *, uint64_t *);
-void npf_stats_clear(npf_t *);
+void npfk_thread_register(npf_t *);
+void npfk_thread_unregister(npf_t *);
+int npfk_packet_handler(npf_t *, struct mbuf **, struct ifnet *, int);
+void npfk_ifmap_attach(npf_t *, struct ifnet *);
+void npfk_ifmap_detach(npf_t *, struct ifnet *);
+int npfk_param_get(npf_t *, const char *, int *);
+int npfk_param_set(npf_t *, const char *, int);
+void npfk_stats(npf_t *, uint64_t *);
+void npfk_stats_clear(npf_t *);
/*
* ALGs.
Index: src/sys/net/npf/npf_worker.c
diff -u src/sys/net/npf/npf_worker.c:1.6 src/sys/net/npf/npf_worker.c:1.7
--- src/sys/net/npf/npf_worker.c:1.6 Sat Jan 19 21:19:32 2019
+++ src/sys/net/npf/npf_worker.c Sun Aug 11 20:26:34 2019
@@ -29,7 +29,7 @@
#ifdef _KERNEL
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: npf_worker.c,v 1.6 2019/01/19 21:19:32 rmind Exp $");
+__KERNEL_RCSID(0, "$NetBSD: npf_worker.c,v 1.7 2019/08/11 20:26:34 rmind Exp $");
#include <sys/param.h>
#include <sys/types.h>
@@ -198,7 +198,7 @@ npf_worker(void *arg)
npf_workfunc_t work;
if (!npf->sync_registered) {
- npf_thread_register(npf);
+ npfk_thread_register(npf);
npf->sync_registered = true;
}
Index: src/usr.sbin/npf/npftest/libnpftest/npf_conn_test.c
diff -u src/usr.sbin/npf/npftest/libnpftest/npf_conn_test.c:1.2 src/usr.sbin/npf/npftest/libnpftest/npf_conn_test.c:1.3
--- src/usr.sbin/npf/npftest/libnpftest/npf_conn_test.c:1.2 Tue Jul 23 00:52:02 2019
+++ src/usr.sbin/npf/npftest/libnpftest/npf_conn_test.c Sun Aug 11 20:26:34 2019
@@ -113,7 +113,7 @@ run_gc_tests(void)
int val;
/* Check the default value. */
- npf_param_get(npf_getkernctx(), "gc.step", &val);
+ npfk_param_get(npf_getkernctx(), "gc.step", &val);
CHECK_TRUE(val == 256);
/* Empty => GC => 0 in conndb. */
@@ -145,7 +145,7 @@ run_gc_tests(void)
CHECK_TRUE(ok);
/* 512 expired => GC => 127 in conndb. */
- npf_param_set(npf_getkernctx(), "gc.step", 128);
+ npfk_param_set(npf_getkernctx(), "gc.step", 128);
ok = run_conn_gc(0, 512, 384);
CHECK_TRUE(ok);
Index: src/usr.sbin/npf/npftest/libnpftest/npf_nat_test.c
diff -u src/usr.sbin/npf/npftest/libnpftest/npf_nat_test.c:1.12 src/usr.sbin/npf/npftest/libnpftest/npf_nat_test.c:1.13
--- src/usr.sbin/npf/npftest/libnpftest/npf_nat_test.c:1.12 Tue Jul 23 00:52:02 2019
+++ src/usr.sbin/npf/npftest/libnpftest/npf_nat_test.c Sun Aug 11 20:26:34 2019
@@ -230,7 +230,7 @@ npf_nat_test(bool verbose)
}
m = mbuf_get_pkt(t->af, IPPROTO_UDP,
t->src, t->dst, t->sport, t->dport);
- error = npf_packet_handler(npf, &m, ifp, t->di);
+ error = npfk_packet_handler(npf, &m, ifp, t->di);
ret = checkresult(verbose, i, m, ifp, error);
if (m) {
m_freem(m);
Index: src/usr.sbin/npf/npftest/libnpftest/npf_perf_test.c
diff -u src/usr.sbin/npf/npftest/libnpftest/npf_perf_test.c:1.8 src/usr.sbin/npf/npftest/libnpftest/npf_perf_test.c:1.9
--- src/usr.sbin/npf/npftest/libnpftest/npf_perf_test.c:1.8 Tue Jul 23 00:52:02 2019
+++ src/usr.sbin/npf/npftest/libnpftest/npf_perf_test.c Sun Aug 11 20:26:34 2019
@@ -42,7 +42,7 @@ worker(void *arg)
while (!done) {
int error;
- error = npf_packet_handler(npf, &m, ifp, PFIL_OUT);
+ error = npfk_packet_handler(npf, &m, ifp, PFIL_OUT);
KASSERT(error == 0); (void)error;
n++;
}
Index: src/usr.sbin/npf/npftest/libnpftest/npf_rule_test.c
diff -u src/usr.sbin/npf/npftest/libnpftest/npf_rule_test.c:1.17 src/usr.sbin/npf/npftest/libnpftest/npf_rule_test.c:1.18
--- src/usr.sbin/npf/npftest/libnpftest/npf_rule_test.c:1.17 Tue Jul 23 00:52:02 2019
+++ src/usr.sbin/npf/npftest/libnpftest/npf_rule_test.c Sun Aug 11 20:26:34 2019
@@ -92,7 +92,7 @@ run_handler_testcase(unsigned i)
int error;
m = mbuf_get_pkt(AF_INET, IPPROTO_UDP, t->src, t->dst, 9000, 9000);
- error = npf_packet_handler(npf, &m, ifp, t->di);
+ error = npfk_packet_handler(npf, &m, ifp, t->di);
if (m) {
m_freem(m);
}
Index: src/usr.sbin/npf/npftest/libnpftest/npf_test_subr.c
diff -u src/usr.sbin/npf/npftest/libnpftest/npf_test_subr.c:1.15 src/usr.sbin/npf/npftest/libnpftest/npf_test_subr.c:1.16
--- src/usr.sbin/npf/npftest/libnpftest/npf_test_subr.c:1.15 Tue Jul 23 00:52:02 2019
+++ src/usr.sbin/npf/npftest/libnpftest/npf_test_subr.c Sun Aug 11 20:26:34 2019
@@ -63,9 +63,9 @@ npf_test_init(int (*pton_func)(int, cons
{
npf_t *npf;
- npf_sysinit(0);
- npf = npf_create(0, &npftest_mbufops, &npftest_ifops);
- npf_thread_register(npf);
+ npfk_sysinit(0);
+ npf = npfk_create(0, &npftest_mbufops, &npftest_ifops);
+ npfk_thread_register(npf);
npf_setkernctx(npf);
npf_state_setsampler(npf_state_sample);
@@ -80,9 +80,9 @@ void
npf_test_fini(void)
{
npf_t *npf = npf_getkernctx();
- npf_thread_unregister(npf);
- npf_destroy(npf);
- npf_sysfini();
+ npfk_thread_unregister(npf);
+ npfk_destroy(npf);
+ npfk_sysfini();
}
int
@@ -99,7 +99,7 @@ npf_test_load(const void *buf, size_t le
load_npf_config_ifs(npf_dict, verbose);
// Note: npf_dict will be consumed by npf_load().
- return npf_load(npf_getkernctx(), npf_dict, &error);
+ return npfk_load(npf_getkernctx(), npf_dict, &error);
}
ifnet_t *
@@ -116,7 +116,7 @@ npf_test_addif(const char *ifname, bool
strlcpy(ifp->if_xname, ifname, sizeof(ifp->if_xname));
TAILQ_INSERT_TAIL(&npftest_ifnet_list, ifp, if_list);
- npf_ifmap_attach(npf, ifp);
+ npfk_ifmap_attach(npf, ifp);
if (reg) {
npf_ifmap_register(npf, ifname);
}
@@ -212,7 +212,7 @@ npf_test_statetrack(const void *data, si
int i = 0, error;
m = mbuf_getwithdata(data, len);
- error = npf_packet_handler(npf, &m, ifp, forw ? PFIL_OUT : PFIL_IN);
+ error = npfk_packet_handler(npf, &m, ifp, forw ? PFIL_OUT : PFIL_IN);
if (error) {
assert(m == NULL);
return error;
