Add ability to have mbufs disappear (to another interface) during trunk
authorjakllsch <jakllsch@NetBSD.org>
Mon, 19 May 2014 18:45:51 +0000
branchtrunk
changeset 227170 8542c243c6a8
parent 227169 1864b76965e0
child 227171 93fce846d6f2
Add ability to have mbufs disappear (to another interface) during npf_rproc_run(). For upcoming npf_ext_route extension. Guidance and ok by rmind@.
sys/net/npf/npf.h
sys/net/npf/npf_ext_log.c
sys/net/npf/npf_ext_normalize.c
sys/net/npf/npf_ext_rndblock.c
sys/net/npf/npf_handler.c
sys/net/npf/npf_impl.h
sys/net/npf/npf_rproc.c
--- a/sys/net/npf/npf.h	Mon May 19 17:14:41 2014 +0000
+++ b/sys/net/npf/npf.h	Mon May 19 18:45:51 2014 +0000
@@ -1,4 +1,4 @@
-/*	$NetBSD: npf.h,v 1.38 2014/03/14 11:29:44 rmind Exp $	*/
+/*	$NetBSD: npf.h,v 1.39 2014/05/19 18:45:51 jakllsch Exp $	*/
 
 /*-
  * Copyright (c) 2009-2014 The NetBSD Foundation, Inc.
@@ -188,7 +188,7 @@
 	void *		ctx;
 	int		(*ctor)(npf_rproc_t *, prop_dictionary_t);
 	void		(*dtor)(npf_rproc_t *, void *);
-	void		(*proc)(npf_cache_t *, nbuf_t *, void *, int *);
+	bool		(*proc)(npf_cache_t *, nbuf_t *, void *, int *);
 } npf_ext_ops_t;
 
 void *		npf_ext_register(const char *, const npf_ext_ops_t *);
--- a/sys/net/npf/npf_ext_log.c	Mon May 19 17:14:41 2014 +0000
+++ b/sys/net/npf/npf_ext_log.c	Mon May 19 18:45:51 2014 +0000
@@ -1,4 +1,4 @@
-/*	$NetBSD: npf_ext_log.c,v 1.6 2013/03/11 17:03:55 christos Exp $	*/
+/*	$NetBSD: npf_ext_log.c,v 1.7 2014/05/19 18:45:51 jakllsch Exp $	*/
 
 /*-
  * Copyright (c) 2010-2012 The NetBSD Foundation, Inc.
@@ -34,7 +34,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: npf_ext_log.c,v 1.6 2013/03/11 17:03:55 christos Exp $");
+__KERNEL_RCSID(0, "$NetBSD: npf_ext_log.c,v 1.7 2014/05/19 18:45:51 jakllsch Exp $");
 
 #include <sys/types.h>
 #include <sys/module.h>
@@ -78,7 +78,7 @@
 	kmem_free(meta, sizeof(npf_ext_log_t));
 }
 
-static void
+static bool
 npf_log(npf_cache_t *npc, nbuf_t *nbuf, void *meta, int *decision)
 {
 	struct mbuf *m = nbuf_head_mbuf(nbuf);
@@ -102,7 +102,7 @@
 	if (ifp == NULL) {
 		/* No interface. */
 		KERNEL_UNLOCK_ONE(NULL);
-		return;
+		return true;
 	}
 
 	/* Pass through BPF. */
@@ -110,6 +110,8 @@
 	ifp->if_obytes += m->m_pkthdr.len;
 	bpf_mtap_af(ifp, family, m);
 	KERNEL_UNLOCK_ONE(NULL);
+
+	return true;
 }
 
 /*
--- a/sys/net/npf/npf_ext_normalize.c	Mon May 19 17:14:41 2014 +0000
+++ b/sys/net/npf/npf_ext_normalize.c	Mon May 19 18:45:51 2014 +0000
@@ -1,4 +1,4 @@
-/*	$NetBSD: npf_ext_normalize.c,v 1.1 2013/03/12 20:47:48 christos Exp $	*/
+/*	$NetBSD: npf_ext_normalize.c,v 1.2 2014/05/19 18:45:51 jakllsch Exp $	*/
 
 /*-
  * Copyright (c) 2009-2012 The NetBSD Foundation, Inc.
@@ -27,7 +27,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: npf_ext_normalize.c,v 1.1 2013/03/12 20:47:48 christos Exp $");
+__KERNEL_RCSID(0, "$NetBSD: npf_ext_normalize.c,v 1.2 2014/05/19 18:45:51 jakllsch Exp $");
 
 #include <sys/types.h>
 #include <sys/module.h>
@@ -140,7 +140,7 @@
 /*
  * npf_normalize: the main routine to normalize IPv4 and/or TCP headers.
  */
-static void
+static bool
 npf_normalize(npf_cache_t *npc, nbuf_t *nbuf, void *params, int *decision)
 {
 	npf_normalize_t *np = params;
@@ -150,7 +150,7 @@
 
 	/* Skip, if already blocking. */
 	if (*decision == NPF_DECISION_BLOCK) {
-		return;
+		return true;
 	}
 
 	/* Normalise IPv4.  Nothing to do for IPv6. */
@@ -165,15 +165,15 @@
 	if (maxmss == 0 || !npf_iscached(npc, NPC_TCP) ||
 	    (th->th_flags & TH_SYN) == 0) {
 		/* Not required; done. */
-		return;
+		return true;
 	}
 	mss = 0;
 	if (!npf_fetch_tcpopts(npc, nbuf, &mss, &wscale)) {
-		return;
+		return true;
 	}
 	if (ntohs(mss) <= maxmss) {
 		/* Nothing else to do. */
-		return;
+		return true;
 	}
 	maxmss = htons(maxmss);
 
@@ -182,6 +182,8 @@
 		cksum = npf_fixup16_cksum(th->th_sum, mss, maxmss);
 		th->th_sum = cksum;
 	}
+
+	return true;
 }
 
 static int
--- a/sys/net/npf/npf_ext_rndblock.c	Mon May 19 17:14:41 2014 +0000
+++ b/sys/net/npf/npf_ext_rndblock.c	Mon May 19 18:45:51 2014 +0000
@@ -1,4 +1,4 @@
-/*	$NetBSD: npf_ext_rndblock.c,v 1.3 2013/03/11 17:03:55 christos Exp $	*/
+/*	$NetBSD: npf_ext_rndblock.c,v 1.4 2014/05/19 18:45:51 jakllsch Exp $	*/
 
 /*-
  * Copyright (c) 2012 The NetBSD Foundation, Inc.
@@ -32,7 +32,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: npf_ext_rndblock.c,v 1.3 2013/03/11 17:03:55 christos Exp $");
+__KERNEL_RCSID(0, "$NetBSD: npf_ext_rndblock.c,v 1.4 2014/05/19 18:45:51 jakllsch Exp $");
 
 #include <sys/types.h>
 #include <sys/cprng.h>
@@ -96,7 +96,7 @@
 /*
  * npf_ext_rndblock: main routine implementing the extension functionality.
  */
-static void
+static bool
 npf_ext_rndblock(npf_cache_t *npc, nbuf_t *nbuf, void *meta, int *decision)
 {
 	npf_ext_rndblock_t *rndblock = meta;
@@ -104,7 +104,7 @@
 
 	/* Skip, if already blocking. */
 	if (*decision == NPF_DECISION_BLOCK) {
-		return;
+		return true;
 	}
 
 	/*
@@ -129,6 +129,8 @@
 			*decision = NPF_DECISION_BLOCK;
 		}
 	}
+
+	return true;
 }
 
 /*
--- a/sys/net/npf/npf_handler.c	Mon May 19 17:14:41 2014 +0000
+++ b/sys/net/npf/npf_handler.c	Mon May 19 18:45:51 2014 +0000
@@ -1,4 +1,4 @@
-/*	$NetBSD: npf_handler.c,v 1.29 2014/03/14 11:29:44 rmind Exp $	*/
+/*	$NetBSD: npf_handler.c,v 1.30 2014/05/19 18:45:51 jakllsch Exp $	*/
 
 /*-
  * Copyright (c) 2009-2013 The NetBSD Foundation, Inc.
@@ -36,7 +36,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: npf_handler.c,v 1.29 2014/03/14 11:29:44 rmind Exp $");
+__KERNEL_RCSID(0, "$NetBSD: npf_handler.c,v 1.30 2014/05/19 18:45:51 jakllsch Exp $");
 
 #include <sys/types.h>
 #include <sys/param.h>
@@ -252,8 +252,13 @@
 	 * Execute the rule procedure, if any is associated.
 	 * It may reverse the decision from pass to block.
 	 */
-	if (rp) {
-		npf_rproc_run(&npc, &nbuf, rp, &decision);
+	if (rp && !npf_rproc_run(&npc, &nbuf, rp, &decision)) {
+		if (se) {
+			npf_session_release(se);
+		}
+		npf_rproc_release(rp);
+		*mp = NULL;
+		return 0;
 	}
 out:
 	/*
--- a/sys/net/npf/npf_impl.h	Mon May 19 17:14:41 2014 +0000
+++ b/sys/net/npf/npf_impl.h	Mon May 19 18:45:51 2014 +0000
@@ -1,4 +1,4 @@
-/*	$NetBSD: npf_impl.h,v 1.50 2014/03/14 11:29:44 rmind Exp $	*/
+/*	$NetBSD: npf_impl.h,v 1.51 2014/05/19 18:45:51 jakllsch Exp $	*/
 
 /*-
  * Copyright (c) 2009-2014 The NetBSD Foundation, Inc.
@@ -298,7 +298,7 @@
 npf_rproc_t *	npf_rproc_create(prop_dictionary_t);
 void		npf_rproc_acquire(npf_rproc_t *);
 void		npf_rproc_release(npf_rproc_t *);
-void		npf_rproc_run(npf_cache_t *, nbuf_t *, npf_rproc_t *, int *);
+bool		npf_rproc_run(npf_cache_t *, nbuf_t *, npf_rproc_t *, int *);
 
 /* Session handling interface. */
 void		npf_session_sysinit(void);
--- a/sys/net/npf/npf_rproc.c	Mon May 19 17:14:41 2014 +0000
+++ b/sys/net/npf/npf_rproc.c	Mon May 19 18:45:51 2014 +0000
@@ -1,4 +1,4 @@
-/*	$NetBSD: npf_rproc.c,v 1.9 2013/03/11 01:56:37 christos Exp $	*/
+/*	$NetBSD: npf_rproc.c,v 1.10 2014/05/19 18:45:51 jakllsch Exp $	*/
 
 /*-
  * Copyright (c) 2009-2013 The NetBSD Foundation, Inc.
@@ -330,7 +330,7 @@
  *
  * => Reference on the rule procedure must be held.
  */
-void
+bool
 npf_rproc_run(npf_cache_t *npc, nbuf_t *nbuf, npf_rproc_t *rp, int *decision)
 {
 	const unsigned extcount = rp->rp_ext_count;
@@ -343,10 +343,14 @@
 		const npf_ext_ops_t *extops = ext->ext_ops;
 
 		KASSERT(ext->ext_refcnt > 0);
-		extops->proc(npc, nbuf, rp->rp_ext_meta[i], decision);
+		if (!extops->proc(npc, nbuf, rp->rp_ext_meta[i], decision)) {
+			return false;
+		}
 
 		if (nbuf_flag_p(nbuf, NBUF_DATAREF_RESET)) {
 			npf_recache(npc, nbuf);
 		}
 	}
+
+	return true;
 }