Add npf_tableset_syncdict() to sync the table IDs in the proplib dictionary,
as they can change on reload now. Also, fix table name checking in npfctl.
This commit is contained in:
rmind
parent
1b624a35bb
commit
805a41fbfe
@ -1,4 +1,4 @@
|
||||
/* $NetBSD: npf.c,v 1.23 2013/11/12 00:46:34 rmind Exp $ */
|
||||
/* $NetBSD: npf.c,v 1.24 2013/11/22 00:25:51 rmind Exp $ */
|
||||
|
||||
/*-
|
||||
* Copyright (c) 2010-2013 The NetBSD Foundation, Inc.
|
||||
@ -30,7 +30,7 @@
|
||||
*/
|
||||
|
||||
#include <sys/cdefs.h>
|
||||
__KERNEL_RCSID(0, "$NetBSD: npf.c,v 1.23 2013/11/12 00:46:34 rmind Exp $");
|
||||
__KERNEL_RCSID(0, "$NetBSD: npf.c,v 1.24 2013/11/22 00:25:51 rmind Exp $");
|
||||
|
||||
#include <sys/types.h>
|
||||
#include <netinet/in_systm.h>
|
||||
@ -962,15 +962,17 @@ npf_table_add_entry(nl_table_t *tl, int af, const npf_addr_t *addr,
|
||||
}
|
||||
|
||||
bool
|
||||
npf_table_exists_p(nl_config_t *ncf, u_int tid)
|
||||
npf_table_exists_p(nl_config_t *ncf, const char *name)
|
||||
{
|
||||
prop_dictionary_t tldict;
|
||||
prop_object_iterator_t it;
|
||||
u_int i;
|
||||
|
||||
it = prop_array_iterator(ncf->ncf_table_list);
|
||||
while ((tldict = prop_object_iterator_next(it)) != NULL) {
|
||||
if (prop_dictionary_get_uint32(tldict, "id", &i) && tid == i)
|
||||
const char *tname = NULL;
|
||||
|
||||
if (prop_dictionary_get_cstring_nocopy(tldict, "name", &tname)
|
||||
&& strcmp(tname, name) == 0)
|
||||
break;
|
||||
}
|
||||
prop_object_iterator_release(it);
|
||||
@ -981,12 +983,12 @@ int
|
||||
npf_table_insert(nl_config_t *ncf, nl_table_t *tl)
|
||||
{
|
||||
prop_dictionary_t tldict = tl->ntl_dict;
|
||||
u_int tid;
|
||||
const char *name = NULL;
|
||||
|
||||
if (!prop_dictionary_get_uint32(tldict, "id", &tid)) {
|
||||
if (!prop_dictionary_get_cstring_nocopy(tldict, "name", &name)) {
|
||||
return EINVAL;
|
||||
}
|
||||
if (npf_table_exists_p(ncf, tid)) {
|
||||
if (npf_table_exists_p(ncf, name)) {
|
||||
return EEXIST;
|
||||
}
|
||||
prop_array_add(ncf->ncf_table_list, tldict);
|
||||
|
||||
@ -1,4 +1,4 @@
|
||||
/* $NetBSD: npf.h,v 1.20 2013/11/12 00:46:34 rmind Exp $ */
|
||||
/* $NetBSD: npf.h,v 1.21 2013/11/22 00:25:51 rmind Exp $ */
|
||||
|
||||
/*-
|
||||
* Copyright (c) 2011-2013 The NetBSD Foundation, Inc.
|
||||
@ -111,7 +111,7 @@ int npf_nat_insert(nl_config_t *, nl_nat_t *, pri_t);
|
||||
nl_table_t * npf_table_create(const char *, u_int, int);
|
||||
int npf_table_add_entry(nl_table_t *, int,
|
||||
const npf_addr_t *, const npf_netmask_t);
|
||||
bool npf_table_exists_p(nl_config_t *, u_int);
|
||||
bool npf_table_exists_p(nl_config_t *, const char *);
|
||||
int npf_table_insert(nl_config_t *, nl_table_t *);
|
||||
void npf_table_destroy(nl_table_t *);
|
||||
|
||||
|
||||
@ -1,4 +1,4 @@
|
||||
/* $NetBSD: npf_conf.c,v 1.4 2013/11/12 00:46:34 rmind Exp $ */
|
||||
/* $NetBSD: npf_conf.c,v 1.5 2013/11/22 00:25:51 rmind Exp $ */
|
||||
|
||||
/*-
|
||||
* Copyright (c) 2013 The NetBSD Foundation, Inc.
|
||||
@ -48,7 +48,7 @@
|
||||
*/
|
||||
|
||||
#include <sys/cdefs.h>
|
||||
__KERNEL_RCSID(0, "$NetBSD: npf_conf.c,v 1.4 2013/11/12 00:46:34 rmind Exp $");
|
||||
__KERNEL_RCSID(0, "$NetBSD: npf_conf.c,v 1.5 2013/11/22 00:25:51 rmind Exp $");
|
||||
|
||||
#include <sys/param.h>
|
||||
#include <sys/types.h>
|
||||
@ -166,6 +166,9 @@ npf_config_reload(prop_dictionary_t dict, npf_ruleset_t *rset,
|
||||
if (flush) {
|
||||
npf_ifmap_flush();
|
||||
}
|
||||
|
||||
/* Sync the config proplib data. */
|
||||
npf_tableset_syncdict(tset, dict);
|
||||
mutex_exit(&npf_config_lock);
|
||||
|
||||
/* Finally, it is safe to destroy the old config. */
|
||||
|
||||
@ -1,4 +1,4 @@
|
||||
/* $NetBSD: npf_impl.h,v 1.40 2013/11/16 01:18:58 rmind Exp $ */
|
||||
/* $NetBSD: npf_impl.h,v 1.41 2013/11/22 00:25:51 rmind Exp $ */
|
||||
|
||||
/*-
|
||||
* Copyright (c) 2009-2013 The NetBSD Foundation, Inc.
|
||||
@ -224,6 +224,7 @@ int npf_tableset_insert(npf_tableset_t *, npf_table_t *);
|
||||
npf_table_t * npf_tableset_getbyname(npf_tableset_t *, const char *);
|
||||
npf_table_t * npf_tableset_getbyid(npf_tableset_t *, u_int);
|
||||
void npf_tableset_reload(npf_tableset_t *, npf_tableset_t *);
|
||||
void npf_tableset_syncdict(const npf_tableset_t *, prop_dictionary_t);
|
||||
|
||||
npf_table_t * npf_table_create(const char *, u_int, int, size_t);
|
||||
void npf_table_destroy(npf_table_t *);
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
/* $NetBSD: npf_tableset.c,v 1.19 2013/11/12 00:46:34 rmind Exp $ */
|
||||
/* $NetBSD: npf_tableset.c,v 1.20 2013/11/22 00:25:51 rmind Exp $ */
|
||||
|
||||
/*-
|
||||
* Copyright (c) 2009-2012 The NetBSD Foundation, Inc.
|
||||
* Copyright (c) 2009-2013 The NetBSD Foundation, Inc.
|
||||
* All rights reserved.
|
||||
*
|
||||
* This material is based upon work partially supported by The
|
||||
@ -41,7 +41,7 @@
|
||||
*/
|
||||
|
||||
#include <sys/cdefs.h>
|
||||
__KERNEL_RCSID(0, "$NetBSD: npf_tableset.c,v 1.19 2013/11/12 00:46:34 rmind Exp $");
|
||||
__KERNEL_RCSID(0, "$NetBSD: npf_tableset.c,v 1.20 2013/11/22 00:25:51 rmind Exp $");
|
||||
|
||||
#include <sys/param.h>
|
||||
#include <sys/types.h>
|
||||
@ -243,6 +243,31 @@ npf_tableset_reload(npf_tableset_t *nts, npf_tableset_t *ots)
|
||||
}
|
||||
}
|
||||
|
||||
void
|
||||
npf_tableset_syncdict(const npf_tableset_t *ts, prop_dictionary_t ndict)
|
||||
{
|
||||
prop_array_t tables = prop_array_create();
|
||||
const npf_table_t *t;
|
||||
|
||||
KASSERT(npf_config_locked_p());
|
||||
|
||||
for (u_int tid = 0; tid < ts->ts_nitems; tid++) {
|
||||
if ((t = ts->ts_map[tid]) == NULL) {
|
||||
continue;
|
||||
}
|
||||
prop_dictionary_t tdict = prop_dictionary_create();
|
||||
prop_dictionary_set_cstring(tdict, "name", t->t_name);
|
||||
prop_dictionary_set_uint32(tdict, "type", t->t_type);
|
||||
prop_dictionary_set_uint32(tdict, "id", tid);
|
||||
|
||||
prop_array_add(tables, tdict);
|
||||
prop_object_release(tdict);
|
||||
}
|
||||
prop_dictionary_remove(ndict, "tables");
|
||||
prop_dictionary_set(ndict, "tables", tables);
|
||||
prop_object_release(tables);
|
||||
}
|
||||
|
||||
/*
|
||||
* Few helper routines.
|
||||
*/
|
||||
@ -377,7 +402,7 @@ npf_table_check(npf_tableset_t *ts, const char *name, u_int tid, int type)
|
||||
return ENAMETOOLONG;
|
||||
}
|
||||
if (npf_tableset_getbyname(ts, name)) {
|
||||
return EINVAL;
|
||||
return EEXIST;
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
|
||||
@ -1,4 +1,4 @@
|
||||
/* $NetBSD: npf_build.c,v 1.30 2013/11/19 00:28:41 rmind Exp $ */
|
||||
/* $NetBSD: npf_build.c,v 1.31 2013/11/22 00:25:51 rmind Exp $ */
|
||||
|
||||
/*-
|
||||
* Copyright (c) 2011-2013 The NetBSD Foundation, Inc.
|
||||
@ -34,7 +34,7 @@
|
||||
*/
|
||||
|
||||
#include <sys/cdefs.h>
|
||||
__RCSID("$NetBSD: npf_build.c,v 1.30 2013/11/19 00:28:41 rmind Exp $");
|
||||
__RCSID("$NetBSD: npf_build.c,v 1.31 2013/11/22 00:25:51 rmind Exp $");
|
||||
|
||||
#include <sys/types.h>
|
||||
#include <sys/ioctl.h>
|
||||
@ -124,9 +124,9 @@ npfctl_debug_addif(const char *ifname)
|
||||
}
|
||||
|
||||
bool
|
||||
npfctl_table_exists_p(const char *id)
|
||||
npfctl_table_exists_p(const char *name)
|
||||
{
|
||||
return npf_table_exists_p(npf_conf, atoi(id));
|
||||
return npf_conf ? npf_table_exists_p(npf_conf, name) : false;
|
||||
}
|
||||
|
||||
static in_port_t
|
||||
|
||||
@ -1,4 +1,4 @@
|
||||
/* $NetBSD: npf_data.c,v 1.22 2013/11/19 00:28:41 rmind Exp $ */
|
||||
/* $NetBSD: npf_data.c,v 1.23 2013/11/22 00:25:51 rmind Exp $ */
|
||||
|
||||
/*-
|
||||
* Copyright (c) 2009-2012 The NetBSD Foundation, Inc.
|
||||
@ -31,7 +31,7 @@
|
||||
*/
|
||||
|
||||
#include <sys/cdefs.h>
|
||||
__RCSID("$NetBSD: npf_data.c,v 1.22 2013/11/19 00:28:41 rmind Exp $");
|
||||
__RCSID("$NetBSD: npf_data.c,v 1.23 2013/11/22 00:25:51 rmind Exp $");
|
||||
|
||||
#include <sys/types.h>
|
||||
#include <sys/null.h>
|
||||
@ -221,13 +221,13 @@ npfctl_parse_fam_addr_mask(const char *addr, const char *mask,
|
||||
}
|
||||
|
||||
npfvar_t *
|
||||
npfctl_parse_table_id(const char *id)
|
||||
npfctl_parse_table_id(const char *name)
|
||||
{
|
||||
if (!npfctl_table_exists_p(id)) {
|
||||
yyerror("table '%s' is not defined", id);
|
||||
if (!npfctl_table_exists_p(name)) {
|
||||
yyerror("table '%s' is not defined", name);
|
||||
return NULL;
|
||||
}
|
||||
return npfvar_create_from_string(NPFVAR_TABLE, id);
|
||||
return npfvar_create_from_string(NPFVAR_TABLE, name);
|
||||
}
|
||||
|
||||
/*
|
||||
|
||||
@ -1,4 +1,4 @@
|
||||
/* $NetBSD: npf_show.c,v 1.6 2013/11/19 17:01:45 christos Exp $ */
|
||||
/* $NetBSD: npf_show.c,v 1.7 2013/11/22 00:25:51 rmind Exp $ */
|
||||
|
||||
/*-
|
||||
* Copyright (c) 2013 The NetBSD Foundation, Inc.
|
||||
@ -36,7 +36,7 @@
|
||||
*/
|
||||
|
||||
#include <sys/cdefs.h>
|
||||
__RCSID("$NetBSD: npf_show.c,v 1.6 2013/11/19 17:01:45 christos Exp $");
|
||||
__RCSID("$NetBSD: npf_show.c,v 1.7 2013/11/22 00:25:51 rmind Exp $");
|
||||
|
||||
#include <sys/socket.h>
|
||||
#include <netinet/in.h>
|
||||
@ -158,13 +158,12 @@ print_table(npf_conf_info_t *ctx, const uint32_t *words)
|
||||
char *p;
|
||||
|
||||
while ((tl = npf_table_iterate(ctx->conf)) != NULL) {
|
||||
if (npf_table_getid(tl) == tid)
|
||||
break;
|
||||
if (npf_table_getid(tl) == tid) {
|
||||
easprintf(&p, "%s", npf_table_getname(tl));
|
||||
return p;
|
||||
}
|
||||
}
|
||||
if (tl == NULL)
|
||||
errx(EXIT_FAILURE, "table id %u not found", tid);
|
||||
easprintf(&p, "%s", npf_table_getname(tl));
|
||||
return p;
|
||||
abort();
|
||||
}
|
||||
|
||||
static char *
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user