Module Name: src
Committed By: rmind
Date: Mon Dec 10 00:32:25 UTC 2012
Modified Files:
src/distrib/sets/lists/base: ad.mips64eb ad.mips64el md.amd64
md.sparc64 shl.mi
src/distrib/sets/lists/comp: shl.mi
src/distrib/sets/lists/modules: md.evbppc mi
src/lib/npf: Makefile
src/sys/modules: Makefile
src/sys/net/npf: files.npf
Added Files:
src/lib/npf/ext_rndblock: Makefile npfext_rndblock.c shlib_version
src/sys/modules/npf_ext_rndblock: Makefile
src/sys/net/npf: npf_ext_rndblock.c
Log Message:
Add NPF "rndblock" extension to randomly drop packets (using a random function
with a percentage or modulo operation). This is a demo module, although it can
be used for packet loss simulation. Example of a procedure in npf.conf:
procedure "somedrop" {
# Drop 1.9% of the traffic
rndblock: percentage 1.9
}
To generate a diff of this commit:
cvs rdiff -u -r1.105 -r1.106 src/distrib/sets/lists/base/ad.mips64eb \
src/distrib/sets/lists/base/ad.mips64el
cvs rdiff -u -r1.181 -r1.182 src/distrib/sets/lists/base/md.amd64
cvs rdiff -u -r1.170 -r1.171 src/distrib/sets/lists/base/md.sparc64
cvs rdiff -u -r1.642 -r1.643 src/distrib/sets/lists/base/shl.mi
cvs rdiff -u -r1.240 -r1.241 src/distrib/sets/lists/comp/shl.mi
cvs rdiff -u -r1.28 -r1.29 src/distrib/sets/lists/modules/md.evbppc
cvs rdiff -u -r1.48 -r1.49 src/distrib/sets/lists/modules/mi
cvs rdiff -u -r1.1 -r1.2 src/lib/npf/Makefile
cvs rdiff -u -r0 -r1.1 src/lib/npf/ext_rndblock/Makefile \
src/lib/npf/ext_rndblock/npfext_rndblock.c \
src/lib/npf/ext_rndblock/shlib_version
cvs rdiff -u -r1.116 -r1.117 src/sys/modules/Makefile
cvs rdiff -u -r0 -r1.1 src/sys/modules/npf_ext_rndblock/Makefile
cvs rdiff -u -r1.8 -r1.9 src/sys/net/npf/files.npf
cvs rdiff -u -r0 -r1.1 src/sys/net/npf/npf_ext_rndblock.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/distrib/sets/lists/base/ad.mips64eb
diff -u src/distrib/sets/lists/base/ad.mips64eb:1.105 src/distrib/sets/lists/base/ad.mips64eb:1.106
--- src/distrib/sets/lists/base/ad.mips64eb:1.105 Sun Dec 9 22:06:21 2012
+++ src/distrib/sets/lists/base/ad.mips64eb Mon Dec 10 00:32:24 2012
@@ -1,4 +1,4 @@
-# $NetBSD: ad.mips64eb,v 1.105 2012/12/09 22:06:21 spz Exp $
+# $NetBSD: ad.mips64eb,v 1.106 2012/12/10 00:32:24 rmind Exp $
./libexec/ld.elf_so-64 base-compat-shlib compat,pic
./libexec/ld.elf_so-o32 base-sysutil-bin compat,pic
./usr/lib/64 base-compat-lib
@@ -297,6 +297,9 @@
./usr/lib/64/npf/ext_normalise.so base-npf-shlib compat,pic
./usr/lib/64/npf/ext_normalise.so.0 base-npf-shlib compat,pic
./usr/lib/64/npf/ext_normalise.so.0.0 base-npf-shlib compat,pic
+./usr/lib/64/npf/ext_rndblock.so base-npf-shlib compat,pic
+./usr/lib/64/npf/ext_rndblock.so.0 base-npf-shlib compat,pic
+./usr/lib/64/npf/ext_rndblock.so.0.0 base-npf-shlib compat,pic
./usr/lib/64/security base-compat-shlib
./usr/lib/64/security/pam_afslog.so.3 base-compat-shlib compat,pic,kerberos,pam
./usr/lib/64/security/pam_chroot.so.3 base-compat-shlib compat,pic,pam
@@ -610,6 +613,9 @@
./usr/lib/o32/npf/ext_normalise.so base-npf-shlib compat,pic
./usr/lib/o32/npf/ext_normalise.so.0 base-npf-shlib compat,pic
./usr/lib/o32/npf/ext_normalise.so.0.0 base-npf-shlib compat,pic
+./usr/lib/o32/npf/ext_rndblock.so base-npf-shlib compat,pic
+./usr/lib/o32/npf/ext_rndblock.so.0 base-npf-shlib compat,pic
+./usr/lib/o32/npf/ext_rndblock.so.0.0 base-npf-shlib compat,pic
./usr/lib/o32/security base-compat-shlib
./usr/lib/o32/security/pam_afslog.so.3 base-compat-shlib compat,pic,kerberos,pam
./usr/lib/o32/security/pam_chroot.so.3 base-compat-shlib compat,pic,pam
Index: src/distrib/sets/lists/base/ad.mips64el
diff -u src/distrib/sets/lists/base/ad.mips64el:1.105 src/distrib/sets/lists/base/ad.mips64el:1.106
--- src/distrib/sets/lists/base/ad.mips64el:1.105 Sun Dec 9 22:06:21 2012
+++ src/distrib/sets/lists/base/ad.mips64el Mon Dec 10 00:32:24 2012
@@ -1,4 +1,4 @@
-# $NetBSD: ad.mips64el,v 1.105 2012/12/09 22:06:21 spz Exp $
+# $NetBSD: ad.mips64el,v 1.106 2012/12/10 00:32:24 rmind Exp $
./libexec/ld.elf_so-64 base-compat-shlib compat,pic
./libexec/ld.elf_so-o32 base-sysutil-bin compat,pic
./usr/lib/64 base-compat-lib
@@ -297,6 +297,9 @@
./usr/lib/64/npf/ext_normalise.so base-npf-shlib compat,pic
./usr/lib/64/npf/ext_normalise.so.0 base-npf-shlib compat,pic
./usr/lib/64/npf/ext_normalise.so.0.0 base-npf-shlib compat,pic
+./usr/lib/64/npf/ext_rndblock.so base-npf-shlib compat,pic
+./usr/lib/64/npf/ext_rndblock.so.0 base-npf-shlib compat,pic
+./usr/lib/64/npf/ext_rndblock.so.0.0 base-npf-shlib compat,pic
./usr/lib/64/security base-compat-shlib
./usr/lib/64/security/pam_afslog.so.3 base-compat-shlib compat,pic,kerberos,pam
./usr/lib/64/security/pam_chroot.so.3 base-compat-shlib compat,pic,pam
@@ -610,6 +613,9 @@
./usr/lib/o32/npf/ext_normalise.so base-npf-shlib compat,pic
./usr/lib/o32/npf/ext_normalise.so.0 base-npf-shlib compat,pic
./usr/lib/o32/npf/ext_normalise.so.0.0 base-npf-shlib compat,pic
+./usr/lib/o32/npf/ext_rndblock.so base-npf-shlib compat,pic
+./usr/lib/o32/npf/ext_rndblock.so.0 base-npf-shlib compat,pic
+./usr/lib/o32/npf/ext_rndblock.so.0.0 base-npf-shlib compat,pic
./usr/lib/o32/security base-compat-shlib
./usr/lib/o32/security/pam_afslog.so.3 base-compat-shlib compat,pic,kerberos,pam
./usr/lib/o32/security/pam_chroot.so.3 base-compat-shlib compat,pic,pam
Index: src/distrib/sets/lists/base/md.amd64
diff -u src/distrib/sets/lists/base/md.amd64:1.181 src/distrib/sets/lists/base/md.amd64:1.182
--- src/distrib/sets/lists/base/md.amd64:1.181 Sun Dec 9 22:06:21 2012
+++ src/distrib/sets/lists/base/md.amd64 Mon Dec 10 00:32:24 2012
@@ -1,4 +1,4 @@
-# $NetBSD: md.amd64,v 1.181 2012/12/09 22:06:21 spz Exp $
+# $NetBSD: md.amd64,v 1.182 2012/12/10 00:32:24 rmind Exp $
./dev/lms0 base-obsolete obsolete
./dev/mms0 base-obsolete obsolete
./libexec/ld.elf_so-i386 base-sys-shlib compat,pic
@@ -300,6 +300,9 @@
./usr/lib/i386/npf/ext_normalise.so base-npf-shlib compat,pic
./usr/lib/i386/npf/ext_normalise.so.0 base-npf-shlib compat,pic
./usr/lib/i386/npf/ext_normalise.so.0.0 base-npf-shlib compat,pic
+./usr/lib/i386/npf/ext_rndblock.so base-npf-shlib compat,pic
+./usr/lib/i386/npf/ext_rndblock.so.0 base-npf-shlib compat,pic
+./usr/lib/i386/npf/ext_rndblock.so.0.0 base-npf-shlib compat,pic
./usr/lib/i386/security base-compat-shlib compat
./usr/lib/i386/security/pam_afslog.so.3 base-compat-shlib compat,pic,kerberos,pam
./usr/lib/i386/security/pam_chroot.so.3 base-compat-shlib compat,pic,pam
Index: src/distrib/sets/lists/base/md.sparc64
diff -u src/distrib/sets/lists/base/md.sparc64:1.170 src/distrib/sets/lists/base/md.sparc64:1.171
--- src/distrib/sets/lists/base/md.sparc64:1.170 Sun Dec 9 22:06:21 2012
+++ src/distrib/sets/lists/base/md.sparc64 Mon Dec 10 00:32:24 2012
@@ -1,4 +1,4 @@
-# $NetBSD: md.sparc64,v 1.170 2012/12/09 22:06:21 spz Exp $
+# $NetBSD: md.sparc64,v 1.171 2012/12/10 00:32:24 rmind Exp $
./libexec/ld.elf_so-sparc base-sysutil-bin compat,pic
./sbin/edlabel base-sysutil-root obsolete
./usr/bin/fdformat base-util-bin
@@ -298,6 +298,9 @@
./usr/lib/sparc/npf/ext_normalise.so base-npf-shlib compat,pic
./usr/lib/sparc/npf/ext_normalise.so.0 base-npf-shlib compat,pic
./usr/lib/sparc/npf/ext_normalise.so.0.0 base-npf-shlib compat,pic
+./usr/lib/sparc/npf/ext_rndblock.so base-npf-shlib compat,pic
+./usr/lib/sparc/npf/ext_rndblock.so.0 base-npf-shlib compat,pic
+./usr/lib/sparc/npf/ext_rndblock.so.0.0 base-npf-shlib compat,pic
./usr/lib/sparc/security base-compat-shlib compat
./usr/lib/sparc/security/pam_afslog.so.3 base-compat-shlib compat,pic,kerberos
./usr/lib/sparc/security/pam_chroot.so.3 base-compat-shlib compat,pic
Index: src/distrib/sets/lists/base/shl.mi
diff -u src/distrib/sets/lists/base/shl.mi:1.642 src/distrib/sets/lists/base/shl.mi:1.643
--- src/distrib/sets/lists/base/shl.mi:1.642 Tue Dec 4 23:38:58 2012
+++ src/distrib/sets/lists/base/shl.mi Mon Dec 10 00:32:24 2012
@@ -1,4 +1,4 @@
-# $NetBSD: shl.mi,v 1.642 2012/12/04 23:38:58 spz Exp $
+# $NetBSD: shl.mi,v 1.643 2012/12/10 00:32:24 rmind Exp $
#
# Note: Don't delete entries from here - mark them as "obsolete" instead,
# unless otherwise stated below.
@@ -741,6 +741,9 @@
./usr/lib/npf/ext_normalise.so base-npf-shlib npf
./usr/lib/npf/ext_normalise.so.0 base-npf-shlib npf
./usr/lib/npf/ext_normalise.so.0.0 base-npf-shlib npf
+./usr/lib/npf/ext_rndblock.so base-npf-shlib npf
+./usr/lib/npf/ext_rndblock.so.0 base-npf-shlib npf
+./usr/lib/npf/ext_rndblock.so.0.0 base-npf-shlib npf
./usr/lib/nss_mdns.so.0 base-obsolete obsolete
./usr/lib/nss_mdnsd.so.0 base-mdns-shlib mdns
./usr/lib/nss_multicast_dns.so.0 base-mdns-shlib mdns
Index: src/distrib/sets/lists/comp/shl.mi
diff -u src/distrib/sets/lists/comp/shl.mi:1.240 src/distrib/sets/lists/comp/shl.mi:1.241
--- src/distrib/sets/lists/comp/shl.mi:1.240 Fri Dec 7 18:36:24 2012
+++ src/distrib/sets/lists/comp/shl.mi Mon Dec 10 00:32:24 2012
@@ -1,4 +1,4 @@
-# $NetBSD: shl.mi,v 1.240 2012/12/07 18:36:24 njoly Exp $
+# $NetBSD: shl.mi,v 1.241 2012/12/10 00:32:24 rmind Exp $
#
# Note: don't delete entries from here - mark them as "obsolete" instead.
#
@@ -460,3 +460,4 @@
./usr/libdata/debug/usr/lib/libzpool.so.0.0.debug comp-zfs-debug zfs,dynamicroot,debug
./usr/libdata/debug/usr/lib/npf/libext_log.so.0.0.debug comp-sys-debug debug,npf
./usr/libdata/debug/usr/lib/npf/libext_normalise.so.0.0.debug comp-sys-debug debug,npf
+./usr/libdata/debug/usr/lib/npf/libext_rndblock.so.0.0.debug comp-sys-debug debug,npf
Index: src/distrib/sets/lists/modules/md.evbppc
diff -u src/distrib/sets/lists/modules/md.evbppc:1.28 src/distrib/sets/lists/modules/md.evbppc:1.29
--- src/distrib/sets/lists/modules/md.evbppc:1.28 Fri Sep 21 08:42:33 2012
+++ src/distrib/sets/lists/modules/md.evbppc Mon Dec 10 00:32:24 2012
@@ -1,4 +1,4 @@
-# $NetBSD: md.evbppc,v 1.28 2012/09/21 08:42:33 martin Exp $
+# $NetBSD: md.evbppc,v 1.29 2012/12/10 00:32:24 rmind Exp $
./stand/powerpc-4xx base-kernel-modules kmod,compatmodules
./stand/powerpc-4xx/@OSRELEASE@ base-kernel-modules kmod,compatmodules
./stand/powerpc-4xx/@OSRELEASE@/modules base-kernel-modules kmod,compatmodules
@@ -116,6 +116,8 @@
./stand/powerpc-4xx/@OSRELEASE@/modules/npf_ext_log/npf_ext_log.kmod base-kernel-modules kmod
./stand/powerpc-4xx/@OSRELEASE@/modules/npf_ext_normalise base-kernel-modules kmod
./stand/powerpc-4xx/@OSRELEASE@/modules/npf_ext_normalise/npf_ext_normalise.kmod base-kernel-modules kmod
+./stand/powerpc-4xx/@OSRELEASE@/modules/npf_ext_rndblock base-kernel-modules kmod
+./stand/powerpc-4xx/@OSRELEASE@/modules/npf_ext_rndblock/npf_ext_rndblock.kmod base-kernel-modules kmod
./stand/powerpc-4xx/@OSRELEASE@/modules/ntfs base-kernel-modules kmod,compatmodules
./stand/powerpc-4xx/@OSRELEASE@/modules/ntfs/ntfs.kmod base-kernel-modules kmod,compatmodules
./stand/powerpc-4xx/@OSRELEASE@/modules/null base-kernel-modules kmod,compatmodules
@@ -307,6 +309,8 @@
./stand/powerpc-booke/@OSRELEASE@/modules/npf_ext_log/npf_ext_log.kmod base-kernel-modules kmod
./stand/powerpc-booke/@OSRELEASE@/modules/npf_ext_normalise base-kernel-modules kmod
./stand/powerpc-booke/@OSRELEASE@/modules/npf_ext_normalise/npf_ext_normalise.kmod base-kernel-modules kmod
+./stand/powerpc-booke/@OSRELEASE@/modules/npf_ext_rndblock base-kernel-modules kmod
+./stand/powerpc-booke/@OSRELEASE@/modules/npf_ext_rndblock/npf_ext_rndblock.kmod base-kernel-modules kmod
./stand/powerpc-booke/@OSRELEASE@/modules/ntfs base-kernel-modules kmod,compatmodules
./stand/powerpc-booke/@OSRELEASE@/modules/ntfs/ntfs.kmod base-kernel-modules kmod,compatmodules
./stand/powerpc-booke/@OSRELEASE@/modules/null base-kernel-modules kmod,compatmodules
Index: src/distrib/sets/lists/modules/mi
diff -u src/distrib/sets/lists/modules/mi:1.48 src/distrib/sets/lists/modules/mi:1.49
--- src/distrib/sets/lists/modules/mi:1.48 Sun Sep 16 13:47:43 2012
+++ src/distrib/sets/lists/modules/mi Mon Dec 10 00:32:24 2012
@@ -1,4 +1,4 @@
-# $NetBSD: mi,v 1.48 2012/09/16 13:47:43 rmind Exp $
+# $NetBSD: mi,v 1.49 2012/12/10 00:32:24 rmind Exp $
#
# Note: don't delete entries from here - mark them as "obsolete" instead.
#
@@ -119,6 +119,8 @@
./@MODULEDIR@/npf_ext_log/npf_ext_log.kmod base-kernel-modules kmod
./@MODULEDIR@/npf_ext_normalise base-kernel-modules kmod
./@MODULEDIR@/npf_ext_normalise/npf_ext_normalise.kmod base-kernel-modules kmod
+./@MODULEDIR@/npf_ext_rndblock base-kernel-modules kmod
+./@MODULEDIR@/npf_ext_rndblock/npf_ext_rndblock.kmod base-kernel-modules kmod
./@MODULEDIR@/ntfs base-kernel-modules kmod
./@MODULEDIR@/ntfs/ntfs.kmod base-kernel-modules kmod
./@MODULEDIR@/null base-kernel-modules kmod
Index: src/lib/npf/Makefile
diff -u src/lib/npf/Makefile:1.1 src/lib/npf/Makefile:1.2
--- src/lib/npf/Makefile:1.1 Sun Sep 16 13:47:41 2012
+++ src/lib/npf/Makefile Mon Dec 10 00:32:24 2012
@@ -1,10 +1,10 @@
-# $NetBSD: Makefile,v 1.1 2012/09/16 13:47:41 rmind Exp $
+# $NetBSD: Makefile,v 1.2 2012/12/10 00:32:24 rmind Exp $
.include <bsd.own.mk>
.if ${MKPIC} != "no"
-SUBDIR= ext_log ext_normalise
+SUBDIR= ext_log ext_normalise ext_rndblock
.endif
Index: src/sys/modules/Makefile
diff -u src/sys/modules/Makefile:1.116 src/sys/modules/Makefile:1.117
--- src/sys/modules/Makefile:1.116 Sun Dec 2 01:05:16 2012
+++ src/sys/modules/Makefile Mon Dec 10 00:32:25 2012
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile,v 1.116 2012/12/02 01:05:16 chs Exp $
+# $NetBSD: Makefile,v 1.117 2012/12/10 00:32:25 rmind Exp $
.include <bsd.own.mk>
@@ -50,6 +50,7 @@ SUBDIR+= npf
SUBDIR+= npf_alg_icmp
SUBDIR+= npf_ext_log
SUBDIR+= npf_ext_normalise
+SUBDIR+= npf_ext_rndblock
SUBDIR+= ntfs
SUBDIR+= null
SUBDIR+= onewire
Index: src/sys/net/npf/files.npf
diff -u src/sys/net/npf/files.npf:1.8 src/sys/net/npf/files.npf:1.9
--- src/sys/net/npf/files.npf:1.8 Sun Sep 16 13:47:41 2012
+++ src/sys/net/npf/files.npf Mon Dec 10 00:32:23 2012
@@ -1,4 +1,4 @@
-# $NetBSD: files.npf,v 1.8 2012/09/16 13:47:41 rmind Exp $
+# $NetBSD: files.npf,v 1.9 2012/12/10 00:32:23 rmind Exp $
#
# Public Domain.
#
@@ -31,6 +31,7 @@ file net/npf/npf_sendpkt.c npf
# Built-in extensions.
file net/npf/npf_ext_log.c npf
file net/npf/npf_ext_normalise.c npf
+file net/npf/npf_ext_rndblock.c npf
# ALGs
file net/npf/npf_alg_icmp.c npf
Added files:
Index: src/lib/npf/ext_rndblock/Makefile
diff -u /dev/null src/lib/npf/ext_rndblock/Makefile:1.1
--- /dev/null Mon Dec 10 00:32:25 2012
+++ src/lib/npf/ext_rndblock/Makefile Mon Dec 10 00:32:24 2012
@@ -0,0 +1,21 @@
+# $NetBSD: Makefile,v 1.1 2012/12/10 00:32:24 rmind Exp $
+
+.include <bsd.own.mk>
+
+LIBISMODULE= yes
+.if defined(MLIBDIR)
+LIBDIR= /usr/lib/${MLIBDIR}/npf
+SHLIBDIR= /usr/lib/${MLIBDIR}/npf
+SHLIBINSTALLDIR=/usr/lib/${MLIBDIR}/npf
+.else
+LIBDIR= /usr/lib/npf
+SHLIBDIR= /usr/lib/npf
+SHLIBINSTALLDIR=/usr/lib/npf
+.endif
+
+LIB= ext_rndblock
+
+SRCS= npfext_rndblock.c
+WARNS= 5
+
+.include <bsd.lib.mk>
Index: src/lib/npf/ext_rndblock/npfext_rndblock.c
diff -u /dev/null src/lib/npf/ext_rndblock/npfext_rndblock.c:1.1
--- /dev/null Mon Dec 10 00:32:25 2012
+++ src/lib/npf/ext_rndblock/npfext_rndblock.c Mon Dec 10 00:32:24 2012
@@ -0,0 +1,97 @@
+/* $NetBSD: npfext_rndblock.c,v 1.1 2012/12/10 00:32:24 rmind Exp $ */
+
+/*-
+ * Copyright (c) 2012 The NetBSD Foundation, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
+ * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <sys/cdefs.h>
+__RCSID("$NetBSD: npfext_rndblock.c,v 1.1 2012/12/10 00:32:24 rmind Exp $");
+
+#include <stdlib.h>
+#include <string.h>
+#include <assert.h>
+#include <errno.h>
+
+#include <npf.h>
+
+int npfext_rndblock_init(void);
+nl_ext_t * npfext_rndblock_construct(const char *);
+int npfext_rndblock_param(nl_ext_t *, const char *, const char *);
+
+int
+npfext_rndblock_init(void)
+{
+ /* Nothing to initialise. */
+ return 0;
+}
+
+nl_ext_t *
+npfext_rndblock_construct(const char *name)
+{
+ assert(strcmp(name, "rndblock") == 0);
+ return npf_ext_construct(name);
+}
+
+int
+npfext_rndblock_param(nl_ext_t *ext, const char *param, const char *val)
+{
+ enum ptype { PARAM_U32 };
+ static const struct param {
+ const char * name;
+ enum ptype type;
+ signed long min;
+ signed long max;
+ } params[] = {
+ { "mod", PARAM_U32, 1, LONG_MAX },
+ { "percentage", PARAM_U32, 1, 9999 },
+ };
+
+ if (val == NULL) {
+ return EINVAL;
+ }
+ for (unsigned i = 0; i < __arraycount(params); i++) {
+ const char *name = params[i].name;
+ long ival;
+
+ if (strcmp(name, param) != 0) {
+ continue;
+ }
+
+ /*
+ * Note: multiply by 100 and convert floating point to
+ * an integer, as 100% is based on 10000 in the kernel.
+ */
+ ival = (i == 1) ? atof(val) * 100 : atol(val);
+ if (ival < params[i].min || ival > params[i].max) {
+ return EINVAL;
+ }
+ assert(params[i].type == PARAM_U32);
+ npf_ext_param_u32(ext, name, ival);
+ return 0;
+ }
+
+ /* Invalid parameter, if not found. */
+ return EINVAL;
+}
Index: src/lib/npf/ext_rndblock/shlib_version
diff -u /dev/null src/lib/npf/ext_rndblock/shlib_version:1.1
--- /dev/null Mon Dec 10 00:32:25 2012
+++ src/lib/npf/ext_rndblock/shlib_version Mon Dec 10 00:32:25 2012
@@ -0,0 +1,4 @@
+# $NetBSD: shlib_version,v 1.1 2012/12/10 00:32:25 rmind Exp $
+
+major=0
+minor=0
Index: src/sys/modules/npf_ext_rndblock/Makefile
diff -u /dev/null src/sys/modules/npf_ext_rndblock/Makefile:1.1
--- /dev/null Mon Dec 10 00:32:25 2012
+++ src/sys/modules/npf_ext_rndblock/Makefile Mon Dec 10 00:32:25 2012
@@ -0,0 +1,11 @@
+# $NetBSD: Makefile,v 1.1 2012/12/10 00:32:25 rmind Exp $
+
+.include "../Makefile.inc"
+
+.PATH: ${S}/net/npf
+
+KMOD= npf_ext_rndblock
+
+SRCS= npf_ext_rndblock.c
+
+.include <bsd.kmodule.mk>
Index: src/sys/net/npf/npf_ext_rndblock.c
diff -u /dev/null src/sys/net/npf/npf_ext_rndblock.c:1.1
--- /dev/null Mon Dec 10 00:32:25 2012
+++ src/sys/net/npf/npf_ext_rndblock.c Mon Dec 10 00:32:23 2012
@@ -0,0 +1,174 @@
+/* $NetBSD: npf_ext_rndblock.c,v 1.1 2012/12/10 00:32:23 rmind Exp $ */
+
+/*-
+ * Copyright (c) 2012 The NetBSD Foundation, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
+ * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ * NPF random blocking extension - kernel module.
+ * This is also a demo extension.
+ */
+
+#include <sys/cdefs.h>
+__KERNEL_RCSID(0, "$NetBSD: npf_ext_rndblock.c,v 1.1 2012/12/10 00:32:23 rmind Exp $");
+
+#include <sys/types.h>
+#include <sys/cprng.h>
+#include <sys/atomic.h>
+#include <sys/module.h>
+#include <sys/kmem.h>
+
+#include "npf.h"
+
+/*
+ * NPF extension module definition and the identifier.
+ */
+NPF_EXT_MODULE(npf_ext_rndblock, "");
+
+#define NPFEXT_RNDBLOCK_VER 1
+
+static void * npf_ext_rndblock_id;
+
+#define PERCENTAGE_BASE 10000
+
+/*
+ * Meta-data structure, containing parameters.
+ */
+typedef struct {
+ unsigned int mod;
+ unsigned long counter;
+ unsigned int percentage;
+} npf_ext_rndblock_t;
+
+/*
+ * npf_ext_rndblock_ctor: a constructor to parse and store any parameters
+ * associated with a rule procedure, which is being newly created.
+ */
+static int
+npf_ext_rndblock_ctor(npf_rproc_t *rp, prop_dictionary_t params)
+{
+ npf_ext_rndblock_t *meta;
+
+ /*
+ * Allocate and a associate a structure for the parameter
+ * and our meta-data.
+ */
+ meta = kmem_zalloc(sizeof(npf_ext_rndblock_t), KM_SLEEP);
+ prop_dictionary_get_uint32(params, "mod", &meta->mod);
+ prop_dictionary_get_uint32(params, "percentage", &meta->percentage);
+ npf_rproc_assign(rp, meta);
+
+ return 0;
+}
+
+/*
+ * npf_ext_rndblock_dtor: a destructor for our rule procedure.
+ */
+static void
+npf_ext_rndblock_dtor(npf_rproc_t *rp, void *meta)
+{
+ /* Free our meta-data, associated with the procedure. */
+ kmem_free(meta, sizeof(npf_ext_rndblock_t));
+}
+
+/*
+ * npf_ext_rndblock: main routine implementing the extension functionality.
+ */
+static void
+npf_ext_rndblock(npf_cache_t *npc, nbuf_t *nbuf, void *meta, int *decision)
+{
+ npf_ext_rndblock_t *rndblock = meta;
+ unsigned long c;
+
+ /* Skip, if already blocking. */
+ if (*decision == NPF_DECISION_BLOCK) {
+ return;
+ }
+
+ /*
+ * Sample demo:
+ *
+ * Drop the packets according to the given module or percentage.
+ *
+ * Rule procedures may be executed concurrently in an SMP system.
+ * Use atomic operation to increment the counter.
+ */
+ c = atomic_inc_ulong_nv(&rndblock->counter);
+
+ if (rndblock->mod) {
+ if ((c % rndblock->mod) == 0) {
+ *decision = NPF_DECISION_BLOCK;
+ }
+ }
+
+ if (rndblock->percentage) {
+ uint32_t w = cprng_fast32() % PERCENTAGE_BASE;
+ if (w <= rndblock->percentage) {
+ *decision = NPF_DECISION_BLOCK;
+ }
+ }
+}
+
+/*
+ * Module interface.
+ */
+static int
+npf_ext_rndblock_modcmd(modcmd_t cmd, void *arg)
+{
+ static const npf_ext_ops_t npf_rndblock_ops = {
+ .version = NPFEXT_RNDBLOCK_VER,
+ .ctx = NULL,
+ .ctor = npf_ext_rndblock_ctor,
+ .dtor = npf_ext_rndblock_dtor,
+ .proc = npf_ext_rndblock
+ };
+
+ switch (cmd) {
+ case MODULE_CMD_INIT:
+ /*
+ * Initialise the NPF extension module. Register the
+ * "rndblock" extensions calls (constructor, destructor,
+ * the processing * routine, etc).
+ */
+ npf_ext_rndblock_id = npf_ext_register("rndblock",
+ &npf_rndblock_ops);
+ return npf_ext_rndblock_id ? 0 : EEXIST;
+
+ case MODULE_CMD_FINI:
+ /*
+ * Unregister our rndblock extension. NPF may return an
+ * if there are references and it cannot drain them.
+ */
+ return npf_ext_unregister(npf_ext_rndblock_id);
+
+ case MODULE_CMD_AUTOUNLOAD:
+ /* Allow auto-unload only if NPF permits it. */
+ return npf_autounload_p() ? 0 : EBUSY;
+
+ default:
+ return ENOTTY;
+ }
+ return 0;
+}
