Module Name: src
Committed By: rmind
Date: Mon Aug 11 01:54:13 UTC 2014
Modified Files:
src/sys/net/npf: npf_conf.c npf_ctl.c npf_impl.h npf_rproc.c
npf_ruleset.c npf_tableset.c
Log Message:
NPF: finish up the rework of npfctl_save() mechanism.
To generate a diff of this commit:
cvs rdiff -u -r1.7 -r1.8 src/sys/net/npf/npf_conf.c
cvs rdiff -u -r1.37 -r1.38 src/sys/net/npf/npf_ctl.c
cvs rdiff -u -r1.57 -r1.58 src/sys/net/npf/npf_impl.h
cvs rdiff -u -r1.11 -r1.12 src/sys/net/npf/npf_rproc.c
cvs rdiff -u -r1.36 -r1.37 src/sys/net/npf/npf_ruleset.c
cvs rdiff -u -r1.21 -r1.22 src/sys/net/npf/npf_tableset.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/net/npf/npf_conf.c
diff -u src/sys/net/npf/npf_conf.c:1.7 src/sys/net/npf/npf_conf.c:1.8
--- src/sys/net/npf/npf_conf.c:1.7 Wed Jul 23 01:25:34 2014
+++ src/sys/net/npf/npf_conf.c Mon Aug 11 01:54:12 2014
@@ -1,4 +1,4 @@
-/* $NetBSD: npf_conf.c,v 1.7 2014/07/23 01:25:34 rmind Exp $ */
+/* $NetBSD: npf_conf.c,v 1.8 2014/08/11 01:54:12 rmind Exp $ */
/*-
* Copyright (c) 2013 The NetBSD Foundation, Inc.
@@ -48,7 +48,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: npf_conf.c,v 1.7 2014/07/23 01:25:34 rmind Exp $");
+__KERNEL_RCSID(0, "$NetBSD: npf_conf.c,v 1.8 2014/08/11 01:54:12 rmind Exp $");
#include <sys/param.h>
#include <sys/types.h>
@@ -66,7 +66,6 @@ typedef struct {
npf_tableset_t * n_tables;
npf_ruleset_t * n_nat_rules;
npf_rprocset_t * n_rprocs;
- prop_dictionary_t n_dict;
bool n_default_pass;
} npf_config_t;
@@ -77,7 +76,6 @@ static pserialize_t npf_config_psz __c
void
npf_config_init(void)
{
- prop_dictionary_t dict;
npf_ruleset_t *rlset, *nset;
npf_rprocset_t *rpset;
npf_tableset_t *tset;
@@ -86,19 +84,17 @@ npf_config_init(void)
npf_config_psz = pserialize_create();
/* Load the empty configuration. */
- dict = prop_dictionary_create();
tset = npf_tableset_create(0);
rpset = npf_rprocset_create();
rlset = npf_ruleset_create(0);
nset = npf_ruleset_create(0);
- npf_config_load(dict, rlset, tset, nset, rpset, NULL, true);
+ npf_config_load(rlset, tset, nset, rpset, NULL, true);
KASSERT(npf_config != NULL);
}
static void
npf_config_destroy(npf_config_t *nc)
{
- prop_object_release(nc->n_dict);
npf_ruleset_destroy(nc->n_rules);
npf_ruleset_destroy(nc->n_nat_rules);
npf_rprocset_destroy(nc->n_rprocs);
@@ -127,8 +123,8 @@ npf_config_fini(void)
* Performs the necessary synchronisation and destroys the old config.
*/
void
-npf_config_load(prop_dictionary_t dict, npf_ruleset_t *rset,
- npf_tableset_t *tset, npf_ruleset_t *nset, npf_rprocset_t *rpset,
+npf_config_load(npf_ruleset_t *rset, npf_tableset_t *tset,
+ npf_ruleset_t *nset, npf_rprocset_t *rpset,
npf_conndb_t *conns, bool flush)
{
npf_config_t *nc, *onc;
@@ -138,7 +134,6 @@ npf_config_load(prop_dictionary_t dict,
nc->n_tables = tset;
nc->n_nat_rules = nset;
nc->n_rprocs = rpset;
- nc->n_dict = dict;
nc->n_default_pass = flush;
/*
@@ -185,9 +180,6 @@ npf_config_load(prop_dictionary_t dict,
* If not flushing - enable the connection tracking.
*/
npf_conn_load(conns, !flush);
-
- /* Sync the config proplib data. */
- npf_tableset_syncdict(tset, dict);
mutex_exit(&npf_config_lock);
/* Finally, it is safe to destroy the old config. */
@@ -261,10 +253,10 @@ npf_config_tableset(void)
return npf_config->n_tables;
}
-prop_dictionary_t
-npf_config_dict(void)
+npf_rprocset_t *
+npf_config_rprocs(void)
{
- return npf_config->n_dict;
+ return npf_config->n_rprocs;
}
bool
Index: src/sys/net/npf/npf_ctl.c
diff -u src/sys/net/npf/npf_ctl.c:1.37 src/sys/net/npf/npf_ctl.c:1.38
--- src/sys/net/npf/npf_ctl.c:1.37 Sun Aug 10 19:09:43 2014
+++ src/sys/net/npf/npf_ctl.c Mon Aug 11 01:54:12 2014
@@ -1,4 +1,4 @@
-/* $NetBSD: npf_ctl.c,v 1.37 2014/08/10 19:09:43 rmind Exp $ */
+/* $NetBSD: npf_ctl.c,v 1.38 2014/08/11 01:54:12 rmind Exp $ */
/*-
* Copyright (c) 2009-2014 The NetBSD Foundation, Inc.
@@ -37,7 +37,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: npf_ctl.c,v 1.37 2014/08/10 19:09:43 rmind Exp $");
+__KERNEL_RCSID(0, "$NetBSD: npf_ctl.c,v 1.38 2014/08/11 01:54:12 rmind Exp $");
#include <sys/param.h>
#include <sys/conf.h>
@@ -181,7 +181,6 @@ npf_mk_tables(npf_tableset_t *tblset, pr
NPF_ERR_DEBUG(errdict);
break;
}
- prop_dictionary_remove(tbldict, "entries");
}
prop_object_iterator_release(it);
/*
@@ -555,7 +554,6 @@ npfctl_load(u_long cmd, void *data)
if (error) {
goto fail;
}
- prop_dictionary_remove(npf_dict, "nat");
/* Tables. */
tables = prop_dictionary_get(npf_dict, "tables");
@@ -597,7 +595,6 @@ npfctl_load(u_long cmd, void *data)
if (error) {
goto fail;
}
- prop_dictionary_remove(npf_dict, "conn-list");
}
flush = false;
@@ -606,7 +603,7 @@ npfctl_load(u_long cmd, void *data)
/*
* Finally - perform the load.
*/
- npf_config_load(npf_dict, rlset, tblset, nset, rpset, conndb, flush);
+ npf_config_load(rlset, tblset, nset, rpset, conndb, flush);
/* Done. Since data is consumed now, we shall not destroy it. */
tblset = NULL;
@@ -630,9 +627,7 @@ fail:
if (tblset) {
npf_tableset_destroy(tblset);
}
- if (error) {
- prop_object_release(npf_dict);
- }
+ prop_object_release(npf_dict);
/* Error report. */
#ifndef _NPF_TESTING
@@ -653,12 +648,15 @@ int
npfctl_save(u_long cmd, void *data)
{
struct plistref *pref = data;
- prop_array_t conlist, natlist;
- prop_dictionary_t npf_dict;
+ prop_array_t rulelist, natlist, tables, rprocs, conlist;
+ prop_dictionary_t npf_dict = NULL;
int error;
- conlist = prop_array_create();
+ rulelist = prop_array_create();
natlist = prop_array_create();
+ tables = prop_array_create();
+ rprocs = prop_array_create();
+ conlist = prop_array_create();
/*
* Serialise the connections and NAT policies.
@@ -668,21 +666,42 @@ npfctl_save(u_long cmd, void *data)
if (error) {
goto out;
}
+ error = npf_ruleset_export(npf_config_ruleset(), rulelist);
+ if (error) {
+ goto out;
+ }
error = npf_ruleset_export(npf_config_natset(), natlist);
if (error) {
goto out;
}
- npf_dict = npf_config_dict();
+ error = npf_tableset_export(npf_config_tableset(), tables);
+ if (error) {
+ goto out;
+ }
+ error = npf_rprocset_export(npf_config_rprocs(), rprocs);
+ if (error) {
+ goto out;
+ }
+ npf_dict = prop_dictionary_create();
+ prop_dictionary_set_uint32(npf_dict, "version", NPF_VERSION);
+ prop_dictionary_set_and_rel(npf_dict, "rules", rulelist);
prop_dictionary_set_and_rel(npf_dict, "nat", natlist);
+ prop_dictionary_set_and_rel(npf_dict, "tables", tables);
+ prop_dictionary_set_and_rel(npf_dict, "rprocs", rprocs);
prop_dictionary_set_and_rel(npf_dict, "conn-list", conlist);
prop_dictionary_set_bool(npf_dict, "active", npf_pfil_registered_p());
error = prop_dictionary_copyout_ioctl(pref, cmd, npf_dict);
out:
npf_config_exit();
- if (error) {
- prop_object_release(conlist);
+ if (!npf_dict) {
+ prop_object_release(rulelist);
prop_object_release(natlist);
+ prop_object_release(tables);
+ prop_object_release(rprocs);
+ prop_object_release(conlist);
+ } else {
+ prop_object_release(npf_dict);
}
return error;
}
Index: src/sys/net/npf/npf_impl.h
diff -u src/sys/net/npf/npf_impl.h:1.57 src/sys/net/npf/npf_impl.h:1.58
--- src/sys/net/npf/npf_impl.h:1.57 Sun Aug 10 19:09:43 2014
+++ src/sys/net/npf/npf_impl.h Mon Aug 11 01:54:12 2014
@@ -1,4 +1,4 @@
-/* $NetBSD: npf_impl.h,v 1.57 2014/08/10 19:09:43 rmind Exp $ */
+/* $NetBSD: npf_impl.h,v 1.58 2014/08/11 01:54:12 rmind Exp $ */
/*-
* Copyright (c) 2009-2014 The NetBSD Foundation, Inc.
@@ -149,13 +149,12 @@ bool npf_config_locked_p(void);
int npf_config_read_enter(void);
void npf_config_read_exit(int);
-void npf_config_load(prop_dictionary_t, npf_ruleset_t *,
- npf_tableset_t *, npf_ruleset_t *, npf_rprocset_t *,
- npf_conndb_t *, bool);
+void npf_config_load(npf_ruleset_t *, npf_tableset_t *,
+ npf_ruleset_t *, npf_rprocset_t *, npf_conndb_t *, bool);
npf_ruleset_t * npf_config_ruleset(void);
npf_ruleset_t * npf_config_natset(void);
npf_tableset_t *npf_config_tableset(void);
-prop_dictionary_t npf_config_dict(void);
+npf_rprocset_t *npf_config_rprocs(void);
bool npf_default_pass(void);
int npf_worker_sysinit(void);
@@ -237,7 +236,7 @@ int npf_tableset_insert(npf_tableset_t
npf_table_t * npf_tableset_getbyname(npf_tableset_t *, const char *);
npf_table_t * npf_tableset_getbyid(npf_tableset_t *, u_int);
void npf_tableset_reload(npf_tableset_t *, npf_tableset_t *);
-void npf_tableset_syncdict(const npf_tableset_t *, prop_dictionary_t);
+int npf_tableset_export(const npf_tableset_t *, prop_array_t);
npf_table_t * npf_table_create(const char *, u_int, int, void *, size_t);
void npf_table_destroy(npf_table_t *);
@@ -292,6 +291,7 @@ npf_rprocset_t *npf_rprocset_create(void
void npf_rprocset_destroy(npf_rprocset_t *);
npf_rproc_t * npf_rprocset_lookup(npf_rprocset_t *, const char *);
void npf_rprocset_insert(npf_rprocset_t *, npf_rproc_t *);
+int npf_rprocset_export(const npf_rprocset_t *, prop_array_t);
npf_rproc_t * npf_rproc_create(prop_dictionary_t);
void npf_rproc_acquire(npf_rproc_t *);
Index: src/sys/net/npf/npf_rproc.c
diff -u src/sys/net/npf/npf_rproc.c:1.11 src/sys/net/npf/npf_rproc.c:1.12
--- src/sys/net/npf/npf_rproc.c:1.11 Sun Jul 20 00:37:41 2014
+++ src/sys/net/npf/npf_rproc.c Mon Aug 11 01:54:12 2014
@@ -1,4 +1,4 @@
-/* $NetBSD: npf_rproc.c,v 1.11 2014/07/20 00:37:41 rmind Exp $ */
+/* $NetBSD: npf_rproc.c,v 1.12 2014/08/11 01:54:12 rmind Exp $ */
/*-
* Copyright (c) 2009-2013 The NetBSD Foundation, Inc.
@@ -261,6 +261,22 @@ npf_rprocset_insert(npf_rprocset_t *rpse
LIST_INSERT_HEAD(&rpset->rps_list, rp, rp_entry);
}
+int
+npf_rprocset_export(const npf_rprocset_t *rpset, prop_array_t rprocs)
+{
+ prop_dictionary_t rpdict;
+ const npf_rproc_t *rp;
+
+ LIST_FOREACH(rp, &rpset->rps_list, rp_entry) {
+ rpdict = prop_dictionary_create();
+ prop_dictionary_set_cstring(rpdict, "name", rp->rp_name);
+ prop_dictionary_set_uint32(rpdict, "flags", rp->rp_flags);
+ prop_array_add(rprocs, rpdict);
+ prop_object_release(rpdict);
+ }
+ return 0;
+}
+
/*
* npf_rproc_create: construct a new rule procedure, lookup and associate
* the extension calls with it.
Index: src/sys/net/npf/npf_ruleset.c
diff -u src/sys/net/npf/npf_ruleset.c:1.36 src/sys/net/npf/npf_ruleset.c:1.37
--- src/sys/net/npf/npf_ruleset.c:1.36 Sun Aug 10 19:09:43 2014
+++ src/sys/net/npf/npf_ruleset.c Mon Aug 11 01:54:12 2014
@@ -1,4 +1,4 @@
-/* $NetBSD: npf_ruleset.c,v 1.36 2014/08/10 19:09:43 rmind Exp $ */
+/* $NetBSD: npf_ruleset.c,v 1.37 2014/08/11 01:54:12 rmind Exp $ */
/*-
* Copyright (c) 2009-2013 The NetBSD Foundation, Inc.
@@ -34,7 +34,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: npf_ruleset.c,v 1.36 2014/08/10 19:09:43 rmind Exp $");
+__KERNEL_RCSID(0, "$NetBSD: npf_ruleset.c,v 1.37 2014/08/11 01:54:12 rmind Exp $");
#include <sys/param.h>
#include <sys/types.h>
@@ -115,7 +115,11 @@ struct npf_rule {
prop_data_t r_info;
};
-static int npf_rule_export(const npf_rule_t *, prop_dictionary_t);
+#define SKIPTO_ADJ_FLAG (1U << 31)
+#define SKIPTO_MASK (SKIPTO_ADJ_FLAG - 1)
+
+static int npf_rule_export(const npf_ruleset_t *,
+ const npf_rule_t *, prop_dictionary_t);
/*
* Private attributes - must be in the NPF_RULE_PRIVMASK range.
@@ -193,7 +197,7 @@ npf_ruleset_insert(npf_ruleset_t *rlset,
rlset->rs_nitems++;
if (rl->r_skip_to < ++n) {
- rl->r_skip_to = n;
+ rl->r_skip_to = SKIPTO_ADJ_FLAG | n;
}
}
@@ -342,12 +346,13 @@ npf_ruleset_list(npf_ruleset_t *rlset, c
rldict = prop_dictionary_create();
KASSERT(rl->r_parent == rg);
- if (npf_rule_export(rl, rldict) ||
- !prop_array_add(rules, rldict)) {
+ if (npf_rule_export(rlset, rl, rldict)) {
prop_object_release(rldict);
prop_object_release(rules);
return NULL;
}
+ prop_array_add(rules, rldict);
+ prop_object_release(rldict);
}
if (!prop_dictionary_set(rgdict, "rules", rules)) {
@@ -377,17 +382,19 @@ npf_ruleset_flush(npf_ruleset_t *rlset,
int
npf_ruleset_export(const npf_ruleset_t *rlset, prop_array_t rules)
{
- const npf_rule_t *rl;
+ const u_int nitems = rlset->rs_nitems;
int error = 0;
+ u_int n = 0;
KASSERT(npf_config_locked_p());
- LIST_FOREACH(rl, &rlset->rs_all, r_aentry) {
+ while (n < nitems) {
+ const npf_rule_t *rl = rlset->rs_rules[n];
const npf_natpolicy_t *natp = rl->r_natp;
prop_dictionary_t rldict;
rldict = prop_dictionary_create();
- if ((error = npf_rule_export(rl, rldict)) != 0) {
+ if ((error = npf_rule_export(rlset, rl, rldict)) != 0) {
prop_object_release(rldict);
break;
}
@@ -395,10 +402,9 @@ npf_ruleset_export(const npf_ruleset_t *
prop_object_release(rldict);
break;
}
- if (!prop_array_add(rules, rldict)) {
- prop_object_release(rldict);
- return ENOMEM;
- }
+ prop_array_add(rules, rldict);
+ prop_object_release(rldict);
+ n++;
}
return error;
}
@@ -625,14 +631,18 @@ npf_rule_alloc(prop_dictionary_t rldict)
}
static int
-npf_rule_export(const npf_rule_t *rl, prop_dictionary_t rldict)
+npf_rule_export(const npf_ruleset_t *rlset, const npf_rule_t *rl,
+ prop_dictionary_t rldict)
{
+ u_int skip_to = 0;
prop_data_t d;
prop_dictionary_set_uint32(rldict, "attr", rl->r_attr);
prop_dictionary_set_int32(rldict, "prio", rl->r_priority);
- prop_dictionary_set_uint32(rldict, "skip-to", rl->r_skip_to);
-
+ if ((rl->r_skip_to & SKIPTO_ADJ_FLAG) == 0) {
+ skip_to = rl->r_skip_to & SKIPTO_MASK;
+ }
+ prop_dictionary_set_uint32(rldict, "skip-to", skip_to);
prop_dictionary_set_int32(rldict, "code-type", rl->r_type);
if (rl->r_code) {
d = prop_data_create_data(rl->r_code, rl->r_clen);
@@ -652,7 +662,9 @@ npf_rule_export(const npf_rule_t *rl, pr
d = prop_data_create_data(rl->r_key, NPF_RULE_MAXKEYLEN);
prop_dictionary_set_and_rel(rldict, "key", d);
}
- prop_dictionary_set(rldict, "info", rl->r_info);
+ if (rl->r_info) {
+ prop_dictionary_set(rldict, "info", rl->r_info);
+ }
return 0;
}
@@ -836,7 +848,7 @@ npf_ruleset_inspect(npf_cache_t *npc, co
while (n < nitems) {
npf_rule_t *rl = rlset->rs_rules[n];
- const u_int skip_to = rl->r_skip_to;
+ const u_int skip_to = rl->r_skip_to & SKIPTO_MASK;
const uint32_t attr = rl->r_attr;
KASSERT(!nbuf_flag_p(nbuf, NBUF_DATAREF_RESET));
Index: src/sys/net/npf/npf_tableset.c
diff -u src/sys/net/npf/npf_tableset.c:1.21 src/sys/net/npf/npf_tableset.c:1.22
--- src/sys/net/npf/npf_tableset.c:1.21 Thu Feb 6 02:51:28 2014
+++ src/sys/net/npf/npf_tableset.c Mon Aug 11 01:54:12 2014
@@ -1,4 +1,4 @@
-/* $NetBSD: npf_tableset.c,v 1.21 2014/02/06 02:51:28 rmind Exp $ */
+/* $NetBSD: npf_tableset.c,v 1.22 2014/08/11 01:54:12 rmind Exp $ */
/*-
* Copyright (c) 2009-2014 The NetBSD Foundation, Inc.
@@ -41,7 +41,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: npf_tableset.c,v 1.21 2014/02/06 02:51:28 rmind Exp $");
+__KERNEL_RCSID(0, "$NetBSD: npf_tableset.c,v 1.22 2014/08/11 01:54:12 rmind Exp $");
#include <sys/param.h>
#include <sys/types.h>
@@ -256,10 +256,9 @@ npf_tableset_reload(npf_tableset_t *nts,
}
}
-void
-npf_tableset_syncdict(const npf_tableset_t *ts, prop_dictionary_t ndict)
+int
+npf_tableset_export(const npf_tableset_t *ts, prop_array_t tables)
{
- prop_array_t tables = prop_array_create();
const npf_table_t *t;
KASSERT(npf_config_locked_p());
@@ -276,9 +275,7 @@ npf_tableset_syncdict(const npf_tableset
prop_array_add(tables, tdict);
prop_object_release(tdict);
}
- prop_dictionary_remove(ndict, "tables");
- prop_dictionary_set(ndict, "tables", tables);
- prop_object_release(tables);
+ return 0;
}
/*
