CVS commit: src/sys/net/npf

Mon, 19 May 2014 11:46:30 -0700 

Module Name:    src
Committed By:   jakllsch
Date:           Mon May 19 18:45:51 UTC 2014

Modified Files:
        src/sys/net/npf: npf.h npf_ext_log.c npf_ext_normalize.c
            npf_ext_rndblock.c npf_handler.c npf_impl.h npf_rproc.c

Log Message:
Add ability to have mbufs disappear (to another interface) during
npf_rproc_run().  For upcoming npf_ext_route extension.

Guidance and ok by rmind@.


To generate a diff of this commit:
cvs rdiff -u -r1.38 -r1.39 src/sys/net/npf/npf.h
cvs rdiff -u -r1.6 -r1.7 src/sys/net/npf/npf_ext_log.c
cvs rdiff -u -r1.1 -r1.2 src/sys/net/npf/npf_ext_normalize.c
cvs rdiff -u -r1.3 -r1.4 src/sys/net/npf/npf_ext_rndblock.c
cvs rdiff -u -r1.29 -r1.30 src/sys/net/npf/npf_handler.c
cvs rdiff -u -r1.50 -r1.51 src/sys/net/npf/npf_impl.h
cvs rdiff -u -r1.9 -r1.10 src/sys/net/npf/npf_rproc.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


Modified files:

Index: src/sys/net/npf/npf.h
diff -u src/sys/net/npf/npf.h:1.38 src/sys/net/npf/npf.h:1.39
--- src/sys/net/npf/npf.h:1.38	Fri Mar 14 11:29:44 2014
+++ src/sys/net/npf/npf.h	Mon May 19 18:45:51 2014
@@ -1,4 +1,4 @@
-/*	$NetBSD: npf.h,v 1.38 2014/03/14 11:29:44 rmind Exp $	*/
+/*	$NetBSD: npf.h,v 1.39 2014/05/19 18:45:51 jakllsch Exp $	*/
 
 /*-
  * Copyright (c) 2009-2014 The NetBSD Foundation, Inc.
@@ -188,7 +188,7 @@ typedef struct {
 	void *		ctx;
 	int		(*ctor)(npf_rproc_t *, prop_dictionary_t);
 	void		(*dtor)(npf_rproc_t *, void *);
-	void		(*proc)(npf_cache_t *, nbuf_t *, void *, int *);
+	bool		(*proc)(npf_cache_t *, nbuf_t *, void *, int *);
 } npf_ext_ops_t;
 
 void *		npf_ext_register(const char *, const npf_ext_ops_t *);

Index: src/sys/net/npf/npf_ext_log.c
diff -u src/sys/net/npf/npf_ext_log.c:1.6 src/sys/net/npf/npf_ext_log.c:1.7
--- src/sys/net/npf/npf_ext_log.c:1.6	Mon Mar 11 17:03:55 2013
+++ src/sys/net/npf/npf_ext_log.c	Mon May 19 18:45:51 2014
@@ -1,4 +1,4 @@
-/*	$NetBSD: npf_ext_log.c,v 1.6 2013/03/11 17:03:55 christos Exp $	*/
+/*	$NetBSD: npf_ext_log.c,v 1.7 2014/05/19 18:45:51 jakllsch Exp $	*/
 
 /*-
  * Copyright (c) 2010-2012 The NetBSD Foundation, Inc.
@@ -34,7 +34,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: npf_ext_log.c,v 1.6 2013/03/11 17:03:55 christos Exp $");
+__KERNEL_RCSID(0, "$NetBSD: npf_ext_log.c,v 1.7 2014/05/19 18:45:51 jakllsch Exp $");
 
 #include <sys/types.h>
 #include <sys/module.h>
@@ -78,7 +78,7 @@ npf_log_dtor(npf_rproc_t *rp, void *meta
 	kmem_free(meta, sizeof(npf_ext_log_t));
 }
 
-static void
+static bool
 npf_log(npf_cache_t *npc, nbuf_t *nbuf, void *meta, int *decision)
 {
 	struct mbuf *m = nbuf_head_mbuf(nbuf);
@@ -102,7 +102,7 @@ npf_log(npf_cache_t *npc, nbuf_t *nbuf, 
 	if (ifp == NULL) {
 		/* No interface. */
 		KERNEL_UNLOCK_ONE(NULL);
-		return;
+		return true;
 	}
 
 	/* Pass through BPF. */
@@ -110,6 +110,8 @@ npf_log(npf_cache_t *npc, nbuf_t *nbuf, 
 	ifp->if_obytes += m->m_pkthdr.len;
 	bpf_mtap_af(ifp, family, m);
 	KERNEL_UNLOCK_ONE(NULL);
+
+	return true;
 }
 
 /*

Index: src/sys/net/npf/npf_ext_normalize.c
diff -u src/sys/net/npf/npf_ext_normalize.c:1.1 src/sys/net/npf/npf_ext_normalize.c:1.2
--- src/sys/net/npf/npf_ext_normalize.c:1.1	Tue Mar 12 20:47:48 2013
+++ src/sys/net/npf/npf_ext_normalize.c	Mon May 19 18:45:51 2014
@@ -1,4 +1,4 @@
-/*	$NetBSD: npf_ext_normalize.c,v 1.1 2013/03/12 20:47:48 christos Exp $	*/
+/*	$NetBSD: npf_ext_normalize.c,v 1.2 2014/05/19 18:45:51 jakllsch Exp $	*/
 
 /*-
  * Copyright (c) 2009-2012 The NetBSD Foundation, Inc.
@@ -27,7 +27,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: npf_ext_normalize.c,v 1.1 2013/03/12 20:47:48 christos Exp $");
+__KERNEL_RCSID(0, "$NetBSD: npf_ext_normalize.c,v 1.2 2014/05/19 18:45:51 jakllsch Exp $");
 
 #include <sys/types.h>
 #include <sys/module.h>
@@ -140,7 +140,7 @@ npf_normalize_ip4(npf_cache_t *npc, npf_
 /*
  * npf_normalize: the main routine to normalize IPv4 and/or TCP headers.
  */
-static void
+static bool
 npf_normalize(npf_cache_t *npc, nbuf_t *nbuf, void *params, int *decision)
 {
 	npf_normalize_t *np = params;
@@ -150,7 +150,7 @@ npf_normalize(npf_cache_t *npc, nbuf_t *
 
 	/* Skip, if already blocking. */
 	if (*decision == NPF_DECISION_BLOCK) {
-		return;
+		return true;
 	}
 
 	/* Normalise IPv4.  Nothing to do for IPv6. */
@@ -165,15 +165,15 @@ npf_normalize(npf_cache_t *npc, nbuf_t *
 	if (maxmss == 0 || !npf_iscached(npc, NPC_TCP) ||
 	    (th->th_flags & TH_SYN) == 0) {
 		/* Not required; done. */
-		return;
+		return true;
 	}
 	mss = 0;
 	if (!npf_fetch_tcpopts(npc, nbuf, &mss, &wscale)) {
-		return;
+		return true;
 	}
 	if (ntohs(mss) <= maxmss) {
 		/* Nothing else to do. */
-		return;
+		return true;
 	}
 	maxmss = htons(maxmss);
 
@@ -182,6 +182,8 @@ npf_normalize(npf_cache_t *npc, nbuf_t *
 		cksum = npf_fixup16_cksum(th->th_sum, mss, maxmss);
 		th->th_sum = cksum;
 	}
+
+	return true;
 }
 
 static int

Index: src/sys/net/npf/npf_ext_rndblock.c
diff -u src/sys/net/npf/npf_ext_rndblock.c:1.3 src/sys/net/npf/npf_ext_rndblock.c:1.4
--- src/sys/net/npf/npf_ext_rndblock.c:1.3	Mon Mar 11 17:03:55 2013
+++ src/sys/net/npf/npf_ext_rndblock.c	Mon May 19 18:45:51 2014
@@ -1,4 +1,4 @@
-/*	$NetBSD: npf_ext_rndblock.c,v 1.3 2013/03/11 17:03:55 christos Exp $	*/
+/*	$NetBSD: npf_ext_rndblock.c,v 1.4 2014/05/19 18:45:51 jakllsch Exp $	*/
 
 /*-
  * Copyright (c) 2012 The NetBSD Foundation, Inc.
@@ -32,7 +32,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: npf_ext_rndblock.c,v 1.3 2013/03/11 17:03:55 christos Exp $");
+__KERNEL_RCSID(0, "$NetBSD: npf_ext_rndblock.c,v 1.4 2014/05/19 18:45:51 jakllsch Exp $");
 
 #include <sys/types.h>
 #include <sys/cprng.h>
@@ -96,7 +96,7 @@ npf_ext_rndblock_dtor(npf_rproc_t *rp, v
 /*
  * npf_ext_rndblock: main routine implementing the extension functionality.
  */
-static void
+static bool
 npf_ext_rndblock(npf_cache_t *npc, nbuf_t *nbuf, void *meta, int *decision)
 {
 	npf_ext_rndblock_t *rndblock = meta;
@@ -104,7 +104,7 @@ npf_ext_rndblock(npf_cache_t *npc, nbuf_
 
 	/* Skip, if already blocking. */
 	if (*decision == NPF_DECISION_BLOCK) {
-		return;
+		return true;
 	}
 
 	/*
@@ -129,6 +129,8 @@ npf_ext_rndblock(npf_cache_t *npc, nbuf_
 			*decision = NPF_DECISION_BLOCK;
 		}
 	}
+
+	return true;
 }
 
 /*

Index: src/sys/net/npf/npf_handler.c
diff -u src/sys/net/npf/npf_handler.c:1.29 src/sys/net/npf/npf_handler.c:1.30
--- src/sys/net/npf/npf_handler.c:1.29	Fri Mar 14 11:29:44 2014
+++ src/sys/net/npf/npf_handler.c	Mon May 19 18:45:51 2014
@@ -1,4 +1,4 @@
-/*	$NetBSD: npf_handler.c,v 1.29 2014/03/14 11:29:44 rmind Exp $	*/
+/*	$NetBSD: npf_handler.c,v 1.30 2014/05/19 18:45:51 jakllsch Exp $	*/
 
 /*-
  * Copyright (c) 2009-2013 The NetBSD Foundation, Inc.
@@ -36,7 +36,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: npf_handler.c,v 1.29 2014/03/14 11:29:44 rmind Exp $");
+__KERNEL_RCSID(0, "$NetBSD: npf_handler.c,v 1.30 2014/05/19 18:45:51 jakllsch Exp $");
 
 #include <sys/types.h>
 #include <sys/param.h>
@@ -252,8 +252,13 @@ block:
 	 * Execute the rule procedure, if any is associated.
 	 * It may reverse the decision from pass to block.
 	 */
-	if (rp) {
-		npf_rproc_run(&npc, &nbuf, rp, &decision);
+	if (rp && !npf_rproc_run(&npc, &nbuf, rp, &decision)) {
+		if (se) {
+			npf_session_release(se);
+		}
+		npf_rproc_release(rp);
+		*mp = NULL;
+		return 0;
 	}
 out:
 	/*

Index: src/sys/net/npf/npf_impl.h
diff -u src/sys/net/npf/npf_impl.h:1.50 src/sys/net/npf/npf_impl.h:1.51
--- src/sys/net/npf/npf_impl.h:1.50	Fri Mar 14 11:29:44 2014
+++ src/sys/net/npf/npf_impl.h	Mon May 19 18:45:51 2014
@@ -1,4 +1,4 @@
-/*	$NetBSD: npf_impl.h,v 1.50 2014/03/14 11:29:44 rmind Exp $	*/
+/*	$NetBSD: npf_impl.h,v 1.51 2014/05/19 18:45:51 jakllsch Exp $	*/
 
 /*-
  * Copyright (c) 2009-2014 The NetBSD Foundation, Inc.
@@ -298,7 +298,7 @@ void		npf_rprocset_insert(npf_rprocset_t
 npf_rproc_t *	npf_rproc_create(prop_dictionary_t);
 void		npf_rproc_acquire(npf_rproc_t *);
 void		npf_rproc_release(npf_rproc_t *);
-void		npf_rproc_run(npf_cache_t *, nbuf_t *, npf_rproc_t *, int *);
+bool		npf_rproc_run(npf_cache_t *, nbuf_t *, npf_rproc_t *, int *);
 
 /* Session handling interface. */
 void		npf_session_sysinit(void);

Index: src/sys/net/npf/npf_rproc.c
diff -u src/sys/net/npf/npf_rproc.c:1.9 src/sys/net/npf/npf_rproc.c:1.10
--- src/sys/net/npf/npf_rproc.c:1.9	Mon Mar 11 01:56:37 2013
+++ src/sys/net/npf/npf_rproc.c	Mon May 19 18:45:51 2014
@@ -1,4 +1,4 @@
-/*	$NetBSD: npf_rproc.c,v 1.9 2013/03/11 01:56:37 christos Exp $	*/
+/*	$NetBSD: npf_rproc.c,v 1.10 2014/05/19 18:45:51 jakllsch Exp $	*/
 
 /*-
  * Copyright (c) 2009-2013 The NetBSD Foundation, Inc.
@@ -330,7 +330,7 @@ npf_rproc_assign(npf_rproc_t *rp, void *
  *
  * => Reference on the rule procedure must be held.
  */
-void
+bool
 npf_rproc_run(npf_cache_t *npc, nbuf_t *nbuf, npf_rproc_t *rp, int *decision)
 {
 	const unsigned extcount = rp->rp_ext_count;
@@ -343,10 +343,14 @@ npf_rproc_run(npf_cache_t *npc, nbuf_t *
 		const npf_ext_ops_t *extops = ext->ext_ops;
 
 		KASSERT(ext->ext_refcnt > 0);
-		extops->proc(npc, nbuf, rp->rp_ext_meta[i], decision);
+		if (!extops->proc(npc, nbuf, rp->rp_ext_meta[i], decision)) {
+			return false;
+		}
 
 		if (nbuf_flag_p(nbuf, NBUF_DATAREF_RESET)) {
 			npf_recache(npc, nbuf);
 		}
 	}
+
+	return true;
 }

Reply via email to