Module Name: src
Committed By: rmind
Date: Thu Sep 19 01:49:07 UTC 2013
Modified Files:
src/distrib/sets/lists/comp: mi
src/lib/libnpf: npf.c npf.h
src/sys/modules/npf: Makefile
src/sys/net/npf: Makefile files.npf npf_ctl.c npf_impl.h npf_ruleset.c
src/sys/rump/net/lib/libnpf: Makefile
src/usr.sbin/npf/npfctl: npfctl.h
src/usr.sbin/npf/npftest: npftest.c npftest.h
src/usr.sbin/npf/npftest/libnpftest: Makefile npf_rule_test.c
npf_test.h
Removed Files:
src/sys/net/npf: npf_instr.c npf_ncode.h npf_processor.c
src/usr.sbin/npf/npfctl: npf_disassemble.c npf_ncgen.c
src/usr.sbin/npf/npftest/libnpftest: npf_processor_test.c
Log Message:
NPF: G/C n-code in favour of BPF byte-code. Delete lots of code, mmm!
To generate a diff of this commit:
cvs rdiff -u -r1.1836 -r1.1837 src/distrib/sets/lists/comp/mi
cvs rdiff -u -r1.20 -r1.21 src/lib/libnpf/npf.c
cvs rdiff -u -r1.17 -r1.18 src/lib/libnpf/npf.h
cvs rdiff -u -r1.14 -r1.15 src/sys/modules/npf/Makefile
cvs rdiff -u -r1.1 -r1.2 src/sys/net/npf/Makefile
cvs rdiff -u -r1.14 -r1.15 src/sys/net/npf/files.npf
cvs rdiff -u -r1.28 -r1.29 src/sys/net/npf/npf_ctl.c
cvs rdiff -u -r1.32 -r1.33 src/sys/net/npf/npf_impl.h
cvs rdiff -u -r1.16 -r0 src/sys/net/npf/npf_instr.c
cvs rdiff -u -r1.11 -r0 src/sys/net/npf/npf_ncode.h
cvs rdiff -u -r1.15 -r0 src/sys/net/npf/npf_processor.c
cvs rdiff -u -r1.24 -r1.25 src/sys/net/npf/npf_ruleset.c
cvs rdiff -u -r1.7 -r1.8 src/sys/rump/net/lib/libnpf/Makefile
cvs rdiff -u -r1.18 -r0 src/usr.sbin/npf/npfctl/npf_disassemble.c
cvs rdiff -u -r1.15 -r0 src/usr.sbin/npf/npfctl/npf_ncgen.c
cvs rdiff -u -r1.30 -r1.31 src/usr.sbin/npf/npfctl/npfctl.h
cvs rdiff -u -r1.9 -r1.10 src/usr.sbin/npf/npftest/npftest.c
cvs rdiff -u -r1.6 -r1.7 src/usr.sbin/npf/npftest/npftest.h
cvs rdiff -u -r1.5 -r1.6 src/usr.sbin/npf/npftest/libnpftest/Makefile
cvs rdiff -u -r1.4 -r0 \
src/usr.sbin/npf/npftest/libnpftest/npf_processor_test.c
cvs rdiff -u -r1.8 -r1.9 src/usr.sbin/npf/npftest/libnpftest/npf_rule_test.c
cvs rdiff -u -r1.7 -r1.8 src/usr.sbin/npf/npftest/libnpftest/npf_test.h
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/distrib/sets/lists/comp/mi
diff -u src/distrib/sets/lists/comp/mi:1.1836 src/distrib/sets/lists/comp/mi:1.1837
--- src/distrib/sets/lists/comp/mi:1.1836 Tue Sep 10 16:51:24 2013
+++ src/distrib/sets/lists/comp/mi Thu Sep 19 01:49:07 2013
@@ -1,4 +1,4 @@
-# $NetBSD: mi,v 1.1836 2013/09/10 16:51:24 pooka Exp $
+# $NetBSD: mi,v 1.1837 2013/09/19 01:49:07 rmind Exp $
#
# Note: don't delete entries from here - mark them as "obsolete" instead.
#
@@ -1980,7 +1980,7 @@
./usr/include/net/net_stats.h comp-c-include
./usr/include/net/netisr.h comp-c-include
./usr/include/net/npf.h comp-c-include
-./usr/include/net/npf_ncode.h comp-c-include
+./usr/include/net/npf_ncode.h comp-obsolete obsolete
./usr/include/net/pfil.h comp-c-include
./usr/include/net/pfkeyv2.h comp-c-include
./usr/include/net/pfvar.h comp-c-include
Index: src/lib/libnpf/npf.c
diff -u src/lib/libnpf/npf.c:1.20 src/lib/libnpf/npf.c:1.21
--- src/lib/libnpf/npf.c:1.20 Thu Sep 19 01:04:46 2013
+++ src/lib/libnpf/npf.c Thu Sep 19 01:49:07 2013
@@ -1,4 +1,4 @@
-/* $NetBSD: npf.c,v 1.20 2013/09/19 01:04:46 rmind Exp $ */
+/* $NetBSD: npf.c,v 1.21 2013/09/19 01:49:07 rmind Exp $ */
/*-
* Copyright (c) 2010-2013 The NetBSD Foundation, Inc.
@@ -30,7 +30,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: npf.c,v 1.20 2013/09/19 01:04:46 rmind Exp $");
+__KERNEL_RCSID(0, "$NetBSD: npf.c,v 1.21 2013/09/19 01:49:07 rmind Exp $");
#include <sys/types.h>
#include <netinet/in_systm.h>
@@ -661,53 +661,6 @@ npf_rule_getproc(nl_rule_t *rl)
return rpname;
}
-#if 1
-static int
-_npf_rule_foreach1(prop_array_t rules, nl_rule_callback_t func)
-{
- prop_dictionary_t rldict;
- prop_object_iterator_t it;
- unsigned reduce[16], n;
- unsigned nlevel;
-
- if (!rules || prop_object_type(rules) != PROP_TYPE_ARRAY) {
- return ENOENT;
- }
- it = prop_array_iterator(rules);
- if (it == NULL) {
- return ENOMEM;
- }
-
- nlevel = 0;
- reduce[nlevel] = 0;
- n = 0;
-
- while ((rldict = prop_object_iterator_next(it)) != NULL) {
- nl_rule_t nrl = { .nrl_dict = rldict };
- uint32_t skipto = 0;
-
- prop_dictionary_get_uint32(rldict, "skip-to", &skipto);
- (*func)(&nrl, nlevel);
- if (skipto) {
- nlevel++;
- reduce[nlevel] = skipto;
- }
- if (reduce[nlevel] == ++n) {
- assert(nlevel > 0);
- nlevel--;
- }
- }
- prop_object_iterator_release(it);
- return 0;
-}
-
-int
-_npf_rule_foreach(nl_config_t *ncf, nl_rule_callback_t func)
-{
- return _npf_rule_foreach1(ncf->ncf_rules_list, func);
-}
-#endif
-
int
_npf_ruleset_list(int fd, const char *rname, nl_config_t *ncf)
{
@@ -734,31 +687,6 @@ _npf_ruleset_list(int fd, const char *rn
return error;
}
-#if 1
-pri_t
-_npf_rule_getinfo(nl_rule_t *nrl, const char **rname, uint32_t *attr,
- u_int *if_idx)
-{
- prop_dictionary_t rldict = nrl->nrl_dict;
- pri_t prio;
-
- prop_dictionary_get_cstring_nocopy(rldict, "name", rname);
- prop_dictionary_get_uint32(rldict, "attributes", attr);
- prop_dictionary_get_int32(rldict, "priority", &prio);
- prop_dictionary_get_uint32(rldict, "interface", if_idx);
- return prio;
-}
-
-const void *
-_npf_rule_ncode(nl_rule_t *nrl, size_t *size)
-{
- prop_dictionary_t rldict = nrl->nrl_dict;
- prop_object_t obj = prop_dictionary_get(rldict, "code");
- *size = prop_data_size(obj);
- return prop_data_data_nocopy(obj);
-}
-#endif
-
void
npf_rule_destroy(nl_rule_t *rl)
{
@@ -959,30 +887,6 @@ npf_nat_getmap(nl_nat_t *nt, npf_addr_t
prop_dictionary_get_uint16(rldict, "translation-port", port);
}
-#if 1
-int
-_npf_nat_foreach(nl_config_t *ncf, nl_rule_callback_t func)
-{
- return _npf_rule_foreach1(ncf->ncf_nat_list, func);
-}
-
-void
-_npf_nat_getinfo(nl_nat_t *nt, int *type, u_int *flags, npf_addr_t *addr,
- size_t *alen, in_port_t *port)
-{
- prop_dictionary_t rldict = nt->nrl_dict;
-
- prop_dictionary_get_int32(rldict, "type", type);
- prop_dictionary_get_uint32(rldict, "flags", flags);
-
- prop_object_t obj = prop_dictionary_get(rldict, "translation-ip");
- *alen = prop_data_size(obj);
- memcpy(addr, prop_data_data_nocopy(obj), *alen);
-
- prop_dictionary_get_uint16(rldict, "translation-port", port);
-}
-#endif
-
/*
* TABLE INTERFACE.
*/
@@ -1133,26 +1037,6 @@ npf_table_destroy(nl_table_t *tl)
free(tl);
}
-#if 1
-void
-_npf_table_foreach(nl_config_t *ncf, nl_table_callback_t func)
-{
- prop_dictionary_t tldict;
- prop_object_iterator_t it;
-
- it = prop_array_iterator(ncf->ncf_table_list);
- while ((tldict = prop_object_iterator_next(it)) != NULL) {
- u_int id;
- int type;
-
- prop_dictionary_get_uint32(tldict, "id", &id);
- prop_dictionary_get_int32(tldict, "type", &type);
- (*func)(id, type);
- }
- prop_object_iterator_release(it);
-}
-#endif
-
/*
* ALG INTERFACE.
*/
Index: src/lib/libnpf/npf.h
diff -u src/lib/libnpf/npf.h:1.17 src/lib/libnpf/npf.h:1.18
--- src/lib/libnpf/npf.h:1.17 Thu Sep 19 01:04:46 2013
+++ src/lib/libnpf/npf.h Thu Sep 19 01:49:07 2013
@@ -1,4 +1,4 @@
-/* $NetBSD: npf.h,v 1.17 2013/09/19 01:04:46 rmind Exp $ */
+/* $NetBSD: npf.h,v 1.18 2013/09/19 01:49:07 rmind Exp $ */
/*-
* Copyright (c) 2011-2013 The NetBSD Foundation, Inc.
@@ -142,16 +142,6 @@ const char * npf_rproc_getname(nl_rproc_
void _npf_config_error(nl_config_t *, nl_error_t *);
void _npf_config_setsubmit(nl_config_t *, const char *);
int _npf_ruleset_list(int, const char *, nl_config_t *);
-#if 1
-int _npf_rule_foreach(nl_config_t *, nl_rule_callback_t);
-pri_t _npf_rule_getinfo(nl_rule_t *, const char **, uint32_t *,
- u_int *);
-const void * _npf_rule_ncode(nl_rule_t *, size_t *);
-int _npf_nat_foreach(nl_config_t *, nl_rule_callback_t);
-void _npf_nat_getinfo(nl_nat_t *, int *, u_int *, npf_addr_t *,
- size_t *, in_port_t *);
-void _npf_table_foreach(nl_config_t *, nl_table_callback_t);
-#endif
void _npf_debug_addif(nl_config_t *, struct ifaddrs *, u_int);
/* The ALG interface is experimental */
Index: src/sys/modules/npf/Makefile
diff -u src/sys/modules/npf/Makefile:1.14 src/sys/modules/npf/Makefile:1.15
--- src/sys/modules/npf/Makefile:1.14 Thu Sep 19 01:04:46 2013
+++ src/sys/modules/npf/Makefile Thu Sep 19 01:49:07 2013
@@ -1,4 +1,7 @@
-# $NetBSD: Makefile,v 1.14 2013/09/19 01:04:46 rmind Exp $
+# $NetBSD: Makefile,v 1.15 2013/09/19 01:49:07 rmind Exp $
+#
+# Public Domain.
+#
.include "../Makefile.inc"
@@ -6,10 +9,9 @@
KMOD= npf
-SRCS= npf.c npf_alg.c npf_conf.c npf_ctl.c npf_handler.c
-SRCS+= npf_bpf.c npf_inet.c npf_instr.c npf_mbuf.c npf_nat.c
-SRCS+= npf_processor.c npf_ruleset.c npf_rproc.c npf_sendpkt.c
-SRCS+= npf_session.c npf_state.c npf_state_tcp.c
+SRCS= npf.c npf_alg.c npf_conf.c npf_ctl.c npf_handler.c npf_bpf.c
+SRCS+= npf_inet.c npf_mbuf.c npf_nat.c npf_ruleset.c npf_rproc.c
+SRCS+= npf_sendpkt.c npf_session.c npf_state.c npf_state_tcp.c
SRCS+= npf_tableset.c npf_tableset_ptree.c npf_worker.c
CPPFLAGS+= -DINET6
Index: src/sys/net/npf/Makefile
diff -u src/sys/net/npf/Makefile:1.1 src/sys/net/npf/Makefile:1.2
--- src/sys/net/npf/Makefile:1.1 Sun Aug 22 18:56:22 2010
+++ src/sys/net/npf/Makefile Thu Sep 19 01:49:07 2013
@@ -1,9 +1,9 @@
-# $NetBSD: Makefile,v 1.1 2010/08/22 18:56:22 rmind Exp $
+# $NetBSD: Makefile,v 1.2 2013/09/19 01:49:07 rmind Exp $
#
# Public Domain.
#
INCSDIR= /usr/include/net
-INCS= npf.h npf_ncode.h
+INCS= npf.h
.include <bsd.kinc.mk>
Index: src/sys/net/npf/files.npf
diff -u src/sys/net/npf/files.npf:1.14 src/sys/net/npf/files.npf:1.15
--- src/sys/net/npf/files.npf:1.14 Thu Sep 19 01:04:46 2013
+++ src/sys/net/npf/files.npf Thu Sep 19 01:49:07 2013
@@ -1,4 +1,4 @@
-# $NetBSD: files.npf,v 1.14 2013/09/19 01:04:46 rmind Exp $
+# $NetBSD: files.npf,v 1.15 2013/09/19 01:49:07 rmind Exp $
#
# Public Domain.
#
@@ -14,9 +14,7 @@ file net/npf/npf.c npf
file net/npf/npf_conf.c npf
file net/npf/npf_ctl.c npf
file net/npf/npf_handler.c npf
-file net/npf/npf_instr.c npf
file net/npf/npf_mbuf.c npf
-file net/npf/npf_processor.c npf
file net/npf/npf_bpf.c npf
file net/npf/npf_ruleset.c npf
file net/npf/npf_rproc.c npf
Index: src/sys/net/npf/npf_ctl.c
diff -u src/sys/net/npf/npf_ctl.c:1.28 src/sys/net/npf/npf_ctl.c:1.29
--- src/sys/net/npf/npf_ctl.c:1.28 Thu Sep 19 01:04:46 2013
+++ src/sys/net/npf/npf_ctl.c Thu Sep 19 01:49:07 2013
@@ -1,4 +1,4 @@
-/* $NetBSD: npf_ctl.c,v 1.28 2013/09/19 01:04:46 rmind Exp $ */
+/* $NetBSD: npf_ctl.c,v 1.29 2013/09/19 01:49:07 rmind Exp $ */
/*-
* Copyright (c) 2009-2013 The NetBSD Foundation, Inc.
@@ -37,7 +37,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: npf_ctl.c,v 1.28 2013/09/19 01:04:46 rmind Exp $");
+__KERNEL_RCSID(0, "$NetBSD: npf_ctl.c,v 1.29 2013/09/19 01:49:07 rmind Exp $");
#include <sys/param.h>
#include <sys/conf.h>
@@ -46,7 +46,6 @@ __KERNEL_RCSID(0, "$NetBSD: npf_ctl.c,v
#include <prop/proplib.h>
-#include "npf_ncode.h"
#include "npf_impl.h"
#if defined(DEBUG) || defined(DIAGNOSTIC)
@@ -250,37 +249,21 @@ npf_mk_code(prop_object_t obj, int type,
prop_dictionary_t errdict)
{
const void *cptr;
- int cerr, errat;
size_t clen;
void *bc;
+ if (type != NPF_CODE_BPF) {
+ return ENOTSUP;
+ }
cptr = prop_data_data_nocopy(obj);
if (cptr == NULL || (clen = prop_data_size(obj)) == 0) {
NPF_ERR_DEBUG(errdict);
return EINVAL;
}
-
- switch (type) {
- case NPF_CODE_NC:
- if (clen > NPF_NCODE_LIMIT) {
- NPF_ERR_DEBUG(errdict);
- return ERANGE;
- }
- if ((cerr = npf_ncode_validate(cptr, clen, &errat)) != 0) {
- prop_dictionary_set_int32(errdict, "code-error", cerr);
- prop_dictionary_set_int32(errdict, "code-errat", errat);
- return EINVAL;
- }
- break;
- case NPF_CODE_BPF:
- if (!npf_bpf_validate(cptr, clen)) {
- return EINVAL;
- }
- break;
- default:
- return ENOTSUP;
+ if (!npf_bpf_validate(cptr, clen)) {
+ NPF_ERR_DEBUG(errdict);
+ return EINVAL;
}
-
bc = kmem_alloc(clen, KM_SLEEP);
memcpy(bc, cptr, clen);
Index: src/sys/net/npf/npf_impl.h
diff -u src/sys/net/npf/npf_impl.h:1.32 src/sys/net/npf/npf_impl.h:1.33
--- src/sys/net/npf/npf_impl.h:1.32 Thu Sep 19 01:04:46 2013
+++ src/sys/net/npf/npf_impl.h Thu Sep 19 01:49:07 2013
@@ -1,4 +1,4 @@
-/* $NetBSD: npf_impl.h,v 1.32 2013/09/19 01:04:46 rmind Exp $ */
+/* $NetBSD: npf_impl.h,v 1.33 2013/09/19 01:49:07 rmind Exp $ */
/*-
* Copyright (c) 2009-2013 The NetBSD Foundation, Inc.
@@ -59,7 +59,6 @@
#include <net/if.h>
#include "npf.h"
-#include "npf_ncode.h"
#ifdef _NPF_DEBUG
#define NPF_PRINTF(x) printf x
@@ -101,7 +100,6 @@ typedef bool (*npf_alg_func_t)(npf_cache
typedef npf_session_t *(*npf_alg_sfunc_t)(npf_cache_t *, nbuf_t *, int);
typedef void (*npf_workfunc_t)(void);
-#define NPF_NCODE_LIMIT 1024
#define NPF_TABLE_SLOTS 32
/*
@@ -203,18 +201,6 @@ int npf_bpf_filter(npf_cache_t *, nbuf_
const void *, bpfjit_function_t);
bool npf_bpf_validate(const void *, size_t);
-/* Complex instructions. */
-int npf_match_ether(nbuf_t *, int, uint16_t, uint32_t *);
-int npf_match_proto(const npf_cache_t *, uint32_t);
-int npf_match_table(const npf_cache_t *, int, u_int);
-int npf_match_ipmask(const npf_cache_t *, int,
- const npf_addr_t *, npf_netmask_t);
-int npf_match_tcp_ports(const npf_cache_t *, int, uint32_t);
-int npf_match_udp_ports(const npf_cache_t *, int, uint32_t);
-int npf_match_icmp4(const npf_cache_t *, uint32_t);
-int npf_match_icmp6(const npf_cache_t *, uint32_t);
-int npf_match_tcpfl(const npf_cache_t *, uint32_t);
-
/* Tableset interface. */
void npf_tableset_sysinit(void);
void npf_tableset_sysfini(void);
@@ -352,7 +338,6 @@ npf_session_t * npf_alg_session(npf_cach
/* Debugging routines. */
void npf_addr_dump(const npf_addr_t *);
-void npf_rulenc_dump(const npf_rule_t *);
void npf_sessions_dump(void);
void npf_state_dump(const npf_state_t *);
void npf_nat_dump(const npf_nat_t *);
Index: src/sys/net/npf/npf_ruleset.c
diff -u src/sys/net/npf/npf_ruleset.c:1.24 src/sys/net/npf/npf_ruleset.c:1.25
--- src/sys/net/npf/npf_ruleset.c:1.24 Thu Sep 19 01:04:46 2013
+++ src/sys/net/npf/npf_ruleset.c Thu Sep 19 01:49:07 2013
@@ -1,4 +1,4 @@
-/* $NetBSD: npf_ruleset.c,v 1.24 2013/09/19 01:04:46 rmind Exp $ */
+/* $NetBSD: npf_ruleset.c,v 1.25 2013/09/19 01:49:07 rmind Exp $ */
/*-
* Copyright (c) 2009-2013 The NetBSD Foundation, Inc.
@@ -34,7 +34,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: npf_ruleset.c,v 1.24 2013/09/19 01:04:46 rmind Exp $");
+__KERNEL_RCSID(0, "$NetBSD: npf_ruleset.c,v 1.25 2013/09/19 01:49:07 rmind Exp $");
#include <sys/param.h>
#include <sys/types.h>
@@ -50,7 +50,6 @@ __KERNEL_RCSID(0, "$NetBSD: npf_ruleset.
#include <net/pfil.h>
#include <net/if.h>
-#include "npf_ncode.h"
#include "npf_impl.h"
struct npf_ruleset {
@@ -498,7 +497,7 @@ npf_ruleset_natreload(npf_ruleset_t *nrl
}
/*
- * npf_rule_alloc: allocate a rule and copy n-code from user-space.
+ * npf_rule_alloc: allocate a rule and initialise it.
*/
npf_rule_t *
npf_rule_alloc(prop_dictionary_t rldict)
@@ -555,13 +554,13 @@ npf_rule_alloc(prop_dictionary_t rldict)
void
npf_rule_setcode(npf_rule_t *rl, const int type, void *code, size_t size)
{
+ KASSERT(type == NPF_CODE_BPF);
rl->r_type = type;
rl->r_code = code;
rl->r_clen = size;
#if 0
/* Perform BPF JIT if possible. */
- if (type == NPF_CODE_BPF && (membar_consumer(),
- bpfjit_module_ops.bj_generate_code != NULL)) {
+ if (membar_consumer(), bpfjit_module_ops.bj_generate_code != NULL) {
KASSERT(rl->r_jcode == NULL);
rl->r_jcode = bpfjit_module_ops.bj_generate_code(code, size);
rl->r_code = NULL;
@@ -663,7 +662,6 @@ npf_rule_inspect(npf_cache_t *npc, nbuf_
const int di_mask, const int layer)
{
const ifnet_t *ifp = nbuf->nb_ifp;
- const void *code;
/* Match the interface. */
if (rl->r_ifid && rl->r_ifid != ifp->if_index) {
@@ -682,16 +680,8 @@ npf_rule_inspect(npf_cache_t *npc, nbuf_
KASSERT(rl->r_code == NULL);
return true;
}
-
- switch (rl->r_type) {
- case NPF_CODE_BPF:
- return npf_bpf_filter(npc, nbuf, rl->r_code, rl->r_jcode) != 0;
- case NPF_CODE_NC:
- return npf_ncode_process(npc, code, nbuf, layer) == 0;
- default:
- KASSERT(false);
- }
- return false;
+ KASSERT(rl->r_type == NPF_CODE_BPF);
+ return npf_bpf_filter(npc, nbuf, rl->r_code, rl->r_jcode) != 0;
}
/*
@@ -721,7 +711,7 @@ npf_rule_reinspect(npf_cache_t *npc, nbu
/*
* npf_ruleset_inspect: inspect the packet against the given ruleset.
*
- * Loop through the rules in the set and run n-code processor of each rule
+ * Loop through the rules in the set and run the byte-code of each rule
* against the packet (nbuf chain). If sub-ruleset is found, inspect it.
*
* => Caller is responsible for nbuf chain protection.
@@ -797,21 +787,3 @@ npf_rule_conclude(const npf_rule_t *rl,
*retfl = rl->r_attr;
return (rl->r_attr & NPF_RULE_PASS) ? 0 : ENETUNREACH;
}
-
-#if defined(DDB) || defined(_NPF_TESTING)
-
-void
-npf_rulenc_dump(const npf_rule_t *rl)
-{
- const uint32_t *op = rl->r_code;
- size_t n = rl->r_clen;
-
- while (n) {
- printf("\t> |0x%02x|\n", (uint32_t)*op);
- op++;
- n -= sizeof(*op);
- }
- printf("-> %s\n", (rl->r_attr & NPF_RULE_PASS) ? "pass" : "block");
-}
-
-#endif
Index: src/sys/rump/net/lib/libnpf/Makefile
diff -u src/sys/rump/net/lib/libnpf/Makefile:1.7 src/sys/rump/net/lib/libnpf/Makefile:1.8
--- src/sys/rump/net/lib/libnpf/Makefile:1.7 Sun Jun 2 02:20:04 2013
+++ src/sys/rump/net/lib/libnpf/Makefile Thu Sep 19 01:49:07 2013
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile,v 1.7 2013/06/02 02:20:04 rmind Exp $
+# $NetBSD: Makefile,v 1.8 2013/09/19 01:49:07 rmind Exp $
#
# Public Domain.
#
@@ -7,10 +7,9 @@
LIB= rumpnet_npf
-SRCS= npf.c npf_alg.c npf_conf.c npf_ctl.c npf_handler.c
-SRCS+= npf_inet.c npf_instr.c npf_mbuf.c npf_nat.c
-SRCS+= npf_processor.c npf_ruleset.c npf_rproc.c npf_sendpkt.c
-SRCS+= npf_session.c npf_state.c npf_state_tcp.c
+SRCS= npf.c npf_alg.c npf_conf.c npf_ctl.c npf_handler.c npf_bpf.c
+SRCS+= npf_inet.c npf_mbuf.c npf_nat.c npf_ruleset.c npf_rproc.c
+SRCS+= npf_sendpkt.c npf_session.c npf_state.c npf_state_tcp.c
SRCS+= npf_tableset.c npf_tableset_ptree.c npf_worker.c
SRCS+= if_npflog.c
Index: src/usr.sbin/npf/npfctl/npfctl.h
diff -u src/usr.sbin/npf/npfctl/npfctl.h:1.30 src/usr.sbin/npf/npfctl/npfctl.h:1.31
--- src/usr.sbin/npf/npfctl/npfctl.h:1.30 Thu Sep 19 01:04:45 2013
+++ src/usr.sbin/npf/npfctl/npfctl.h Thu Sep 19 01:49:07 2013
@@ -1,4 +1,4 @@
-/* $NetBSD: npfctl.h,v 1.30 2013/09/19 01:04:45 rmind Exp $ */
+/* $NetBSD: npfctl.h,v 1.31 2013/09/19 01:49:07 rmind Exp $ */
/*-
* Copyright (c) 2009-2013 The NetBSD Foundation, Inc.
@@ -141,83 +141,32 @@ int npf_extmod_param(npf_extmod_t *, nl
* BFF byte-code generation interface.
*/
-#define NPFCTL_USE_BPF 1
-
typedef struct npf_bpf npf_bpf_t;
#define MATCH_DST 0x01
#define MATCH_SRC 0x02
enum {
- BM_IPVER,
- BM_PROTO,
- BM_SRC_CIDR,
- BM_SRC_TABLE,
- BM_DST_CIDR,
- BM_DST_TABLE,
- BM_SRC_PORTS,
- BM_DST_PORTS,
- BM_TCPFL,
- BM_ICMP_TYPE,
+ BM_IPVER, BM_PROTO, BM_SRC_CIDR, BM_SRC_TABLE, BM_DST_CIDR,
+ BM_DST_TABLE, BM_SRC_PORTS, BM_DST_PORTS, BM_TCPFL, BM_ICMP_TYPE,
BM_ICMP_CODE,
};
-npf_bpf_t *npfctl_bpf_create(void);
+npf_bpf_t * npfctl_bpf_create(void);
struct bpf_program *npfctl_bpf_complete(npf_bpf_t *);
-const void *npfctl_bpf_bmarks(npf_bpf_t *, size_t *);
-void npfctl_bpf_destroy(npf_bpf_t *);
-
-void npfctl_bpf_group(npf_bpf_t *);
-void npfctl_bpf_endgroup(npf_bpf_t *);
-
-void npfctl_bpf_proto(npf_bpf_t *, sa_family_t, int);
-void npfctl_bpf_cidr(npf_bpf_t *, u_int, sa_family_t,
- const npf_addr_t *, const npf_netmask_t);
-void npfctl_bpf_ports(npf_bpf_t *, u_int, in_port_t, in_port_t);
-void npfctl_bpf_tcpfl(npf_bpf_t *, uint8_t, uint8_t);
-void npfctl_bpf_icmp(npf_bpf_t *, int, int);
-void npfctl_bpf_table(npf_bpf_t *, u_int, u_int);
-
-/*
- * N-code generation interface.
- */
-
-typedef struct nc_ctx nc_ctx_t;
-
-#define NC_MATCH_DST 0x01
-#define NC_MATCH_SRC 0x02
-
-#define NC_MATCH_TCP 0x04
-#define NC_MATCH_UDP 0x08
-#define NC_MATCH_ICMP 0x10
-#define NC_MATCH_ICMP6 0x20
-
-nc_ctx_t * npfctl_ncgen_create(void);
-void * npfctl_ncgen_complete(nc_ctx_t *, size_t *);
-void npfctl_ncgen_print(const void *, size_t);
-
-void npfctl_ncgen_group(nc_ctx_t *);
-void npfctl_ncgen_endgroup(nc_ctx_t *);
-
-void npfctl_gennc_v4cidr(nc_ctx_t *, int, const npf_addr_t *,
- const npf_netmask_t);
-void npfctl_gennc_v6cidr(nc_ctx_t *, int, const npf_addr_t *,
- const npf_netmask_t);
-void npfctl_gennc_ports(nc_ctx_t *, int, in_port_t, in_port_t);
-void npfctl_gennc_icmp(nc_ctx_t *, int, int);
-void npfctl_gennc_icmp6(nc_ctx_t *, int, int);
-void npfctl_gennc_tbl(nc_ctx_t *, int, u_int);
-void npfctl_gennc_tcpfl(nc_ctx_t *, uint8_t, uint8_t);
-void npfctl_gennc_proto(nc_ctx_t *ctx, uint8_t, uint8_t);
-
-/*
- * N-code disassembler.
- */
+const void * npfctl_bpf_bmarks(npf_bpf_t *, size_t *);
+void npfctl_bpf_destroy(npf_bpf_t *);
-typedef struct nc_inf nc_inf_t;
+void npfctl_bpf_group(npf_bpf_t *);
+void npfctl_bpf_endgroup(npf_bpf_t *);
-nc_inf_t * npfctl_ncode_disinf(FILE *);
-int npfctl_ncode_disassemble(nc_inf_t *, const void *, size_t);
+void npfctl_bpf_proto(npf_bpf_t *, sa_family_t, int);
+void npfctl_bpf_cidr(npf_bpf_t *, u_int, sa_family_t,
+ const npf_addr_t *, const npf_netmask_t);
+void npfctl_bpf_ports(npf_bpf_t *, u_int, in_port_t, in_port_t);
+void npfctl_bpf_tcpfl(npf_bpf_t *, uint8_t, uint8_t);
+void npfctl_bpf_icmp(npf_bpf_t *, int, int);
+void npfctl_bpf_table(npf_bpf_t *, u_int, u_int);
/*
* Configuration building interface.
Index: src/usr.sbin/npf/npftest/npftest.c
diff -u src/usr.sbin/npf/npftest/npftest.c:1.9 src/usr.sbin/npf/npftest/npftest.c:1.10
--- src/usr.sbin/npf/npftest/npftest.c:1.9 Thu Sep 19 01:04:45 2013
+++ src/usr.sbin/npf/npftest/npftest.c Thu Sep 19 01:49:07 2013
@@ -1,4 +1,4 @@
-/* $NetBSD: npftest.c,v 1.9 2013/09/19 01:04:45 rmind Exp $ */
+/* $NetBSD: npftest.c,v 1.10 2013/09/19 01:49:07 rmind Exp $ */
/*
* NPF testing framework.
@@ -52,7 +52,7 @@ __dead static void
describe_tests(void)
{
printf( "nbuf\tbasic npf mbuf handling\n"
- "processor\tncode processing\n"
+ "bpf\tBPF coprocessor\n"
"table\ttable handling\n"
"state\tstate handling and processing\n"
"rule\trule processing\n"
@@ -227,12 +227,6 @@ main(int argc, char **argv)
tname_matched = true;
}
- if (!testname || strcmp("processor", testname) == 0) {
- ok = rumpns_npf_processor_test(verbose);
- fail |= result("processor", ok);
- tname_matched = true;
- }
-
if (!testname || strcmp("table", testname) == 0) {
ok = rumpns_npf_table_test(verbose);
fail |= result("table", ok);
Index: src/usr.sbin/npf/npftest/npftest.h
diff -u src/usr.sbin/npf/npftest/npftest.h:1.6 src/usr.sbin/npf/npftest/npftest.h:1.7
--- src/usr.sbin/npf/npftest/npftest.h:1.6 Thu Sep 19 01:04:45 2013
+++ src/usr.sbin/npf/npftest/npftest.h Thu Sep 19 01:49:07 2013
@@ -18,7 +18,6 @@ int rumpns_npf_test_handlepkt(const voi
unsigned, bool, int64_t *);
bool rumpns_npf_nbuf_test(bool);
-bool rumpns_npf_processor_test(bool);
bool rumpns_npf_bpf_test(bool);
bool rumpns_npf_table_test(bool);
bool rumpns_npf_state_test(bool);
Index: src/usr.sbin/npf/npftest/libnpftest/Makefile
diff -u src/usr.sbin/npf/npftest/libnpftest/Makefile:1.5 src/usr.sbin/npf/npftest/libnpftest/Makefile:1.6
--- src/usr.sbin/npf/npftest/libnpftest/Makefile:1.5 Thu Sep 19 01:04:45 2013
+++ src/usr.sbin/npf/npftest/libnpftest/Makefile Thu Sep 19 01:49:07 2013
@@ -12,7 +12,6 @@ SRCS+= npf_test_subr.c
SRCS+= npf_mbuf_subr.c
SRCS+= npf_nbuf_test.c
-SRCS+= npf_processor_test.c
SRCS+= npf_bpf_test.c
SRCS+= npf_table_test.c
SRCS+= npf_state_test.c
Index: src/usr.sbin/npf/npftest/libnpftest/npf_rule_test.c
diff -u src/usr.sbin/npf/npftest/libnpftest/npf_rule_test.c:1.8 src/usr.sbin/npf/npftest/libnpftest/npf_rule_test.c:1.9
--- src/usr.sbin/npf/npftest/libnpftest/npf_rule_test.c:1.8 Thu Sep 19 01:04:46 2013
+++ src/usr.sbin/npf/npftest/libnpftest/npf_rule_test.c Thu Sep 19 01:49:07 2013
@@ -1,4 +1,4 @@
-/* $NetBSD: npf_rule_test.c,v 1.8 2013/09/19 01:04:46 rmind Exp $ */
+/* $NetBSD: npf_rule_test.c,v 1.9 2013/09/19 01:49:07 rmind Exp $ */
/*
* NPF ruleset test.
@@ -89,9 +89,6 @@ npf_rule_raw_test(bool verbose, struct m
rl = npf_ruleset_inspect(&npc, &nbuf, npf_config_ruleset(),
di, NPF_LAYER_3);
if (rl) {
- if (verbose) {
- npf_rulenc_dump(rl);
- }
error = npf_rule_conclude(rl, &retfl);
} else {
error = ENOENT;
Index: src/usr.sbin/npf/npftest/libnpftest/npf_test.h
diff -u src/usr.sbin/npf/npftest/libnpftest/npf_test.h:1.7 src/usr.sbin/npf/npftest/libnpftest/npf_test.h:1.8
--- src/usr.sbin/npf/npftest/libnpftest/npf_test.h:1.7 Thu Sep 19 01:04:46 2013
+++ src/usr.sbin/npf/npftest/libnpftest/npf_test.h Thu Sep 19 01:49:07 2013
@@ -39,7 +39,6 @@ void * mbuf_return_hdrs(struct mbuf *,
void mbuf_icmp_append(struct mbuf *, struct mbuf *);
bool npf_nbuf_test(bool);
-bool npf_processor_test(bool);
bool npf_bpf_test(bool);
bool npf_table_test(bool);
bool npf_state_test(bool);
