Aren
/
NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

NPF: pass ALG functions via npfa_funcs_t structure.

This commit is contained in:
rmind 2014-02-16 22:10:40 +00:00
parent 4a9f1015e5
commit ef728b81cb
3 changed files with 79 additions and 76 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

50
sys/net/npf/npf_alg.c
View File

@ -1,4 +1,4 @@
/* $NetBSD: npf_alg.c,v 1.10 2013/12/06 01:33:37 rmind Exp $ */
/* $NetBSD: npf_alg.c,v 1.11 2014/02/16 22:10:40 rmind Exp $ */
/*-
* Copyright (c) 2010-2013 The NetBSD Foundation, Inc.
@ -34,7 +34,7 @@
*/
#include <sys/cdefs.h>
__KERNEL_RCSID(0, "$NetBSD: npf_alg.c,v 1.10 2013/12/06 01:33:37 rmind Exp $");
__KERNEL_RCSID(0, "$NetBSD: npf_alg.c,v 1.11 2014/02/16 22:10:40 rmind Exp $");
#include <sys/param.h>
#include <sys/types.h>
@ -63,10 +63,8 @@ static pserialize_t alg_psz __cacheline_aligned;
static npf_alg_t alg_list[NPF_MAX_ALGS] __read_mostly;
static u_int alg_count __read_mostly;
/* Session, matching and translation functions. */
static npf_alg_sfunc_t alg_sfunc[NPF_MAX_ALGS] __read_mostly;
static npf_alg_func_t alg_mfunc[NPF_MAX_ALGS] __read_mostly;
static npf_alg_func_t alg_tfunc[NPF_MAX_ALGS] __read_mostly;
/* Matching, inspection and translation functions. */
static npfa_funcs_t alg_funcs[NPF_MAX_ALGS] __read_mostly;
static const char alg_prefix[] = "npf_alg_";
#define NPF_EXT_PREFLEN (sizeof(alg_prefix) - 1)
@ -75,12 +73,9 @@ void
npf_alg_sysinit(void)
{
alg_psz = pserialize_create();
memset(&alg_list, 0, sizeof(alg_list));
memset(alg_list, 0, sizeof(alg_list));
memset(alg_funcs, 0, sizeof(alg_funcs));
alg_count = 0;
memset(&alg_mfunc, 0, sizeof(alg_mfunc));
memset(&alg_tfunc, 0, sizeof(alg_tfunc));
memset(&alg_sfunc, 0, sizeof(alg_sfunc));
}
void
@ -129,8 +124,7 @@ npf_alg_construct(const char *name)
* npf_alg_register: register application-level gateway.
*/
npf_alg_t *
npf_alg_register(const char *name, npf_alg_func_t mfunc, npf_alg_func_t tfunc,
npf_alg_sfunc_t sfunc)
npf_alg_register(const char *name, const npfa_funcs_t *funcs)
{
npf_alg_t *alg;
u_int i;
@ -158,12 +152,13 @@ npf_alg_register(const char *name, npf_alg_func_t mfunc, npf_alg_func_t tfunc,
alg->na_slot = i;
/* Assign the functions. */
alg_mfunc[i] = mfunc;
alg_tfunc[i] = tfunc;
alg_sfunc[i] = sfunc;
alg_funcs[i].match = funcs->match;
alg_funcs[i].translate = funcs->translate;
alg_funcs[i].inspect = funcs->inspect;
alg_count = MAX(alg_count, i + 1);
npf_config_exit();
return alg;
}
@ -177,9 +172,9 @@ npf_alg_unregister(npf_alg_t *alg)
/* Deactivate the functions first. */
npf_config_enter();
alg_mfunc[i] = NULL;
alg_tfunc[i] = NULL;
alg_sfunc[i] = NULL;
alg_funcs[i].match = NULL;
alg_funcs[i].translate = NULL;
alg_funcs[i].inspect = NULL;
pserialize_perform(alg_psz);
/* Finally, unregister the ALG. */
@ -201,9 +196,9 @@ npf_alg_match(npf_cache_t *npc, nbuf_t *nbuf, npf_nat_t *nt, int di)
s = pserialize_read_enter();
for (u_int i = 0; i < alg_count; i++) {
npf_alg_func_t func = alg_mfunc[i];
const npfa_funcs_t *f = &alg_funcs[i];
if (func && func(npc, nbuf, nt, di)) {
if (f->match && f->match(npc, nbuf, nt, di)) {
match = true;
break;
}
@ -222,10 +217,10 @@ npf_alg_exec(npf_cache_t *npc, nbuf_t *nbuf, npf_nat_t *nt, bool forw)
s = pserialize_read_enter();
for (u_int i = 0; i < alg_count; i++) {
npf_alg_func_t func;
const npfa_funcs_t *f = &alg_funcs[i];
if ((func = alg_tfunc[i]) != NULL) {
func(npc, nbuf, nt, (int)forw);
if (f->translate) {
f->translate(npc, nbuf, nt, forw);
}
}
pserialize_read_exit(s);
@ -239,11 +234,12 @@ npf_alg_session(npf_cache_t *npc, nbuf_t *nbuf, int di)
s = pserialize_read_enter();
for (u_int i = 0; i < alg_count; i++) {
npf_alg_sfunc_t func = alg_sfunc[i];
const npfa_funcs_t *f = &alg_funcs[i];
if (func && (se = func(npc, nbuf, di)) != NULL) {
if (f->inspect)
continue;
if ((se = f->inspect(npc, nbuf, di)) != NULL)
break;
}
}
pserialize_read_exit(s);
return se;

88
sys/net/npf/npf_alg_icmp.c
View File

@ -1,4 +1,4 @@
/* $NetBSD: npf_alg_icmp.c,v 1.18 2013/12/06 01:33:37 rmind Exp $ */
/* $NetBSD: npf_alg_icmp.c,v 1.19 2014/02/16 22:10:40 rmind Exp $ */
/*-
* Copyright (c) 2010 The NetBSD Foundation, Inc.
@ -34,7 +34,7 @@
*/
#include <sys/cdefs.h>
__KERNEL_RCSID(0, "$NetBSD: npf_alg_icmp.c,v 1.18 2013/12/06 01:33:37 rmind Exp $");
__KERNEL_RCSID(0, "$NetBSD: npf_alg_icmp.c,v 1.19 2014/02/16 22:10:40 rmind Exp $");
#include <sys/param.h>
#include <sys/module.h>
@ -65,48 +65,8 @@ MODULE(MODULE_CLASS_MISC, npf_alg_icmp, "npf");
static npf_alg_t * alg_icmp __read_mostly;
static bool npfa_icmp_match(npf_cache_t *, nbuf_t *, npf_nat_t *, int);
static bool npfa_icmp_nat(npf_cache_t *, nbuf_t *, npf_nat_t *, int);
static npf_session_t *npfa_icmp_session(npf_cache_t *, nbuf_t *, int);
/*
* npf_alg_icmp_{init,fini,modcmd}: ICMP ALG initialization, destruction
* and module interface.
*/
static int
npf_alg_icmp_init(void)
{
alg_icmp = npf_alg_register("icmp", npfa_icmp_match,
npfa_icmp_nat, npfa_icmp_session);
return alg_icmp ? 0 : ENOMEM;
}
static int
npf_alg_icmp_fini(void)
{
KASSERT(alg_icmp != NULL);
return npf_alg_unregister(alg_icmp);
}
static int
npf_alg_icmp_modcmd(modcmd_t cmd, void *arg)
{
switch (cmd) {
case MODULE_CMD_INIT:
return npf_alg_icmp_init();
case MODULE_CMD_FINI:
return npf_alg_icmp_fini();
case MODULE_CMD_AUTOUNLOAD:
return EBUSY;
default:
return ENOTTY;
}
return 0;
}
/*
* npfa_icmp_match: match inspector - determines ALG case and associates
* npfa_icmp_match: matching insperctor determines ALG case and associates
* our ALG with the NAT entry.
*/
static bool
@ -343,7 +303,7 @@ npfa_icmp_session(npf_cache_t *npc, nbuf_t *nbuf, int di)
* which is embedded in ICMP packet. Note: backwards stream only.
*/
static bool
npfa_icmp_nat(npf_cache_t *npc, nbuf_t *nbuf, npf_nat_t *nt, int forw)
npfa_icmp_nat(npf_cache_t *npc, nbuf_t *nbuf, npf_nat_t *nt, bool forw)
{
npf_cache_t enpc;
@ -435,3 +395,43 @@ npfa_icmp_nat(npf_cache_t *npc, nbuf_t *nbuf, npf_nat_t *nt, int forw)
ic->icmp_cksum = cksum;
return true;
}
/*
* npf_alg_icmp_{init,fini,modcmd}: ICMP ALG initialization, destruction
* and module interface.
*/
static int
npf_alg_icmp_init(void)
{
static const npfa_funcs_t icmp = {
.match = npfa_icmp_match,
.translate = npfa_icmp_nat,
.inspect = npfa_icmp_session,
};
alg_icmp = npf_alg_register("icmp", &icmp);
return alg_icmp ? 0 : ENOMEM;
}
static int
npf_alg_icmp_fini(void)
{
KASSERT(alg_icmp != NULL);
return npf_alg_unregister(alg_icmp);
}
static int
npf_alg_icmp_modcmd(modcmd_t cmd, void *arg)
{
switch (cmd) {
case MODULE_CMD_INIT:
return npf_alg_icmp_init();
case MODULE_CMD_FINI:
return npf_alg_icmp_fini();
case MODULE_CMD_AUTOUNLOAD:
return EBUSY;
default:
return ENOTTY;
}
return 0;
}

17
sys/net/npf/npf_impl.h
View File

@ -1,4 +1,4 @@
/* $NetBSD: npf_impl.h,v 1.47 2014/02/13 03:34:40 rmind Exp $ */
/* $NetBSD: npf_impl.h,v 1.48 2014/02/16 22:10:40 rmind Exp $ */
/*-
* Copyright (c) 2009-2014 The NetBSD Foundation, Inc.
@ -96,8 +96,6 @@ typedef struct npf_tableset npf_tableset_t;
* DEFINITIONS.
*/
typedef bool (*npf_alg_func_t)(npf_cache_t *, nbuf_t *, npf_nat_t *, int);
typedef npf_session_t *(*npf_alg_sfunc_t)(npf_cache_t *, nbuf_t *, int);
typedef void (*npf_workfunc_t)(void);
/*
@ -130,6 +128,16 @@ typedef struct {
npf_tcpstate_t nst_tcpst[2];
} npf_state_t;
/*
* ALG FUNCTIONS.
*/
typedef struct {
bool (*match)(npf_cache_t *, nbuf_t *, npf_nat_t *, int);
bool (*translate)(npf_cache_t *, nbuf_t *, npf_nat_t *, bool);
npf_session_t * (*inspect)(npf_cache_t *, nbuf_t *, int);
} npfa_funcs_t;
/*
* INTERFACES.
*/
@ -345,8 +353,7 @@ npf_nat_t * npf_nat_restore(prop_dictionary_t, npf_session_t *);
/* ALG interface. */
void npf_alg_sysinit(void);
void npf_alg_sysfini(void);
npf_alg_t * npf_alg_register(const char *, npf_alg_func_t, npf_alg_func_t,
npf_alg_sfunc_t);
npf_alg_t * npf_alg_register(const char *, const npfa_funcs_t *);
int npf_alg_unregister(npf_alg_t *);
npf_alg_t * npf_alg_construct(const char *);
bool npf_alg_match(npf_cache_t *, nbuf_t *, npf_nat_t *, int);