Module Name: src
Committed By: rmind
Date: Sat Feb 16 21:11:17 UTC 2013
Modified Files:
src/lib/libnpf: npf.c npf.h
src/sys/net/npf: npf_ctl.c npf_impl.h npf_ruleset.c
src/usr.sbin/npf/npfctl: npf_build.c npf_disassemble.c npfctl.8
npfctl.c npfctl.h
src/usr.sbin/npf/npftest/libnpftest: npf_rule_test.c
Log Message:
- Convert NPF dynamic rule ID to just incremented 64-bit counter.
- Fix multiple bugs. Also, update the man page.
To generate a diff of this commit:
cvs rdiff -u -r1.17 -r1.18 src/lib/libnpf/npf.c
cvs rdiff -u -r1.14 -r1.15 src/lib/libnpf/npf.h
cvs rdiff -u -r1.22 -r1.23 src/sys/net/npf/npf_ctl.c
cvs rdiff -u -r1.27 -r1.28 src/sys/net/npf/npf_impl.h
cvs rdiff -u -r1.18 -r1.19 src/sys/net/npf/npf_ruleset.c
cvs rdiff -u -r1.20 -r1.21 src/usr.sbin/npf/npfctl/npf_build.c
cvs rdiff -u -r1.16 -r1.17 src/usr.sbin/npf/npfctl/npf_disassemble.c
cvs rdiff -u -r1.12 -r1.13 src/usr.sbin/npf/npfctl/npfctl.8
cvs rdiff -u -r1.30 -r1.31 src/usr.sbin/npf/npfctl/npfctl.c
cvs rdiff -u -r1.26 -r1.27 src/usr.sbin/npf/npfctl/npfctl.h
cvs rdiff -u -r1.5 -r1.6 src/usr.sbin/npf/npftest/libnpftest/npf_rule_test.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/lib/libnpf/npf.c
diff -u src/lib/libnpf/npf.c:1.17 src/lib/libnpf/npf.c:1.18
--- src/lib/libnpf/npf.c:1.17 Sun Feb 10 23:47:37 2013
+++ src/lib/libnpf/npf.c Sat Feb 16 21:11:16 2013
@@ -1,4 +1,4 @@
-/* $NetBSD: npf.c,v 1.17 2013/02/10 23:47:37 rmind Exp $ */
+/* $NetBSD: npf.c,v 1.18 2013/02/16 21:11:16 rmind Exp $ */
/*-
* Copyright (c) 2010-2013 The NetBSD Foundation, Inc.
@@ -30,7 +30,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: npf.c,v 1.17 2013/02/10 23:47:37 rmind Exp $");
+__KERNEL_RCSID(0, "$NetBSD: npf.c,v 1.18 2013/02/16 21:11:16 rmind Exp $");
#include <sys/types.h>
#include <netinet/in_systm.h>
@@ -263,25 +263,23 @@ _npf_prop_array_lookup(prop_array_t arra
*/
int
-npf_ruleset_add(int fd, const char *rname, nl_rule_t *rl, uintptr_t *id)
+npf_ruleset_add(int fd, const char *rname, nl_rule_t *rl, uint64_t *id)
{
prop_dictionary_t rldict = rl->nrl_dict;
prop_dictionary_t ret;
- uint64_t id64;
int error;
prop_dictionary_set_cstring(rldict, "ruleset-name", rname);
prop_dictionary_set_uint32(rldict, "command", NPF_CMD_RULE_ADD);
error = prop_dictionary_sendrecv_ioctl(rldict, fd, IOC_NPF_RULE, &ret);
if (!error) {
- prop_dictionary_get_uint64(ret, "id", &id64);
- *id = (uintptr_t)id64;
+ prop_dictionary_get_uint64(ret, "id", id);
}
return error;
}
int
-npf_ruleset_remove(int fd, const char *rname, uintptr_t id)
+npf_ruleset_remove(int fd, const char *rname, uint64_t id)
{
prop_dictionary_t rldict;
@@ -291,8 +289,7 @@ npf_ruleset_remove(int fd, const char *r
}
prop_dictionary_set_cstring(rldict, "ruleset-name", rname);
prop_dictionary_set_uint32(rldict, "command", NPF_CMD_RULE_REMOVE);
- __CTASSERT(sizeof(uintptr_t) <= sizeof(uint64_t));
- prop_dictionary_set_uint64(rldict, "id", (uint64_t)id);
+ prop_dictionary_set_uint64(rldict, "id", id);
return prop_dictionary_send_ioctl(rldict, fd, IOC_NPF_RULE);
}
Index: src/lib/libnpf/npf.h
diff -u src/lib/libnpf/npf.h:1.14 src/lib/libnpf/npf.h:1.15
--- src/lib/libnpf/npf.h:1.14 Sun Feb 10 23:47:38 2013
+++ src/lib/libnpf/npf.h Sat Feb 16 21:11:17 2013
@@ -1,4 +1,4 @@
-/* $NetBSD: npf.h,v 1.14 2013/02/10 23:47:38 rmind Exp $ */
+/* $NetBSD: npf.h,v 1.15 2013/02/16 21:11:17 rmind Exp $ */
/*-
* Copyright (c) 2011-2013 The NetBSD Foundation, Inc.
@@ -79,8 +79,8 @@ void npf_config_destroy(nl_config_t *);
nl_config_t * npf_config_retrieve(int, bool *, bool *);
int npf_config_flush(int);
-int npf_ruleset_add(int, const char *, nl_rule_t *, uintptr_t *);
-int npf_ruleset_remove(int, const char *, uintptr_t);
+int npf_ruleset_add(int, const char *, nl_rule_t *, uint64_t *);
+int npf_ruleset_remove(int, const char *, uint64_t);
int npf_ruleset_remkey(int, const char *, const void *, size_t);
int npf_ruleset_flush(int, const char *);
Index: src/sys/net/npf/npf_ctl.c
diff -u src/sys/net/npf/npf_ctl.c:1.22 src/sys/net/npf/npf_ctl.c:1.23
--- src/sys/net/npf/npf_ctl.c:1.22 Sun Feb 10 23:47:37 2013
+++ src/sys/net/npf/npf_ctl.c Sat Feb 16 21:11:12 2013
@@ -1,4 +1,4 @@
-/* $NetBSD: npf_ctl.c,v 1.22 2013/02/10 23:47:37 rmind Exp $ */
+/* $NetBSD: npf_ctl.c,v 1.23 2013/02/16 21:11:12 rmind Exp $ */
/*-
* Copyright (c) 2009-2013 The NetBSD Foundation, Inc.
@@ -37,7 +37,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: npf_ctl.c,v 1.22 2013/02/10 23:47:37 rmind Exp $");
+__KERNEL_RCSID(0, "$NetBSD: npf_ctl.c,v 1.23 2013/02/16 21:11:12 rmind Exp $");
#include <sys/param.h>
#include <sys/conf.h>
@@ -558,8 +558,6 @@ npfctl_rule(u_long cmd, void *data)
return EINVAL;
}
retdict = prop_dictionary_create();
- prop_dictionary_set_uint64(retdict, "id",
- (uint64_t)(uintptr_t)rl);
}
npf_config_enter();
@@ -569,19 +567,20 @@ npfctl_rule(u_long cmd, void *data)
case NPF_CMD_RULE_ADD: {
if ((error = npf_ruleset_add(rlset, ruleset_name, rl)) == 0) {
/* Success. */
+ uint64_t id = npf_rule_getid(rl);
+ prop_dictionary_set_uint64(retdict, "id", id);
rl = NULL;
}
break;
}
case NPF_CMD_RULE_REMOVE: {
- uint64_t id64;
+ uint64_t id;
- CTASSERT(sizeof(uintptr_t) <= sizeof(uint64_t));
- if (!prop_dictionary_get_uint64(npf_rule, "id", &id64)) {
+ if (!prop_dictionary_get_uint64(npf_rule, "id", &id)) {
error = EINVAL;
break;
}
- error = npf_ruleset_remove(rlset, ruleset_name, (uintptr_t)id64);
+ error = npf_ruleset_remove(rlset, ruleset_name, id);
break;
}
case NPF_CMD_RULE_REMKEY: {
Index: src/sys/net/npf/npf_impl.h
diff -u src/sys/net/npf/npf_impl.h:1.27 src/sys/net/npf/npf_impl.h:1.28
--- src/sys/net/npf/npf_impl.h:1.27 Sun Feb 10 23:47:37 2013
+++ src/sys/net/npf/npf_impl.h Sat Feb 16 21:11:12 2013
@@ -1,4 +1,4 @@
-/* $NetBSD: npf_impl.h,v 1.27 2013/02/10 23:47:37 rmind Exp $ */
+/* $NetBSD: npf_impl.h,v 1.28 2013/02/16 21:11:12 rmind Exp $ */
/*-
* Copyright (c) 2009-2013 The NetBSD Foundation, Inc.
@@ -232,7 +232,7 @@ npf_rule_t * npf_ruleset_sharepm(npf_rul
void npf_ruleset_freealg(npf_ruleset_t *, npf_alg_t *);
int npf_ruleset_add(npf_ruleset_t *, const char *, npf_rule_t *);
-int npf_ruleset_remove(npf_ruleset_t *, const char *, uintptr_t);
+int npf_ruleset_remove(npf_ruleset_t *, const char *, uint64_t);
int npf_ruleset_remkey(npf_ruleset_t *, const char *,
const void *, size_t);
prop_dictionary_t npf_ruleset_list(npf_ruleset_t *, const char *);
@@ -248,6 +248,7 @@ npf_rule_t * npf_rule_alloc(prop_diction
void npf_rule_setcode(npf_rule_t *, int, void *, size_t);
void npf_rule_setrproc(npf_rule_t *, npf_rproc_t *);
void npf_rule_free(npf_rule_t *);
+uint64_t npf_rule_getid(const npf_rule_t *);
npf_natpolicy_t *npf_rule_getnat(const npf_rule_t *);
void npf_rule_setnat(npf_rule_t *, npf_natpolicy_t *);
npf_rproc_t * npf_rule_getrproc(npf_rule_t *);
Index: src/sys/net/npf/npf_ruleset.c
diff -u src/sys/net/npf/npf_ruleset.c:1.18 src/sys/net/npf/npf_ruleset.c:1.19
--- src/sys/net/npf/npf_ruleset.c:1.18 Sun Feb 10 23:47:37 2013
+++ src/sys/net/npf/npf_ruleset.c Sat Feb 16 21:11:13 2013
@@ -1,4 +1,4 @@
-/* $NetBSD: npf_ruleset.c,v 1.18 2013/02/10 23:47:37 rmind Exp $ */
+/* $NetBSD: npf_ruleset.c,v 1.19 2013/02/16 21:11:13 rmind Exp $ */
/*-
* Copyright (c) 2009-2013 The NetBSD Foundation, Inc.
@@ -34,7 +34,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: npf_ruleset.c,v 1.18 2013/02/10 23:47:37 rmind Exp $");
+__KERNEL_RCSID(0, "$NetBSD: npf_ruleset.c,v 1.19 2013/02/16 21:11:13 rmind Exp $");
#include <sys/param.h>
#include <sys/types.h>
@@ -61,6 +61,9 @@ struct npf_ruleset {
LIST_HEAD(, npf_rule) rs_dynamic;
LIST_HEAD(, npf_rule) rs_gc;
+ /* Unique ID counter. */
+ uint64_t rs_idcnt;
+
/* Number of array slots and active rules. */
u_int rs_slots;
u_int rs_nitems;
@@ -100,7 +103,8 @@ struct npf_rule {
npf_rule_t * r_parent;
} /* C11 */;
- /* Dictionary. */
+ /* Rule ID and the original dictionary. */
+ uint64_t r_id;
prop_dictionary_t r_dict;
/* Rule name and all-list entry. */
@@ -114,6 +118,9 @@ struct npf_rule {
#define NPF_DYNAMIC_GROUP_P(attr) \
(((attr) & NPF_DYNAMIC_GROUP) == NPF_DYNAMIC_GROUP)
+#define NPF_DYNAMIC_RULE_P(attr) \
+ (((attr) & NPF_DYNAMIC_GROUP) == NPF_RULE_DYNAMIC)
+
npf_ruleset_t *
npf_ruleset_create(size_t slots)
{
@@ -121,9 +128,11 @@ npf_ruleset_create(size_t slots)
npf_ruleset_t *rlset;
rlset = kmem_zalloc(len, KM_SLEEP);
- rlset->rs_slots = slots;
LIST_INIT(&rlset->rs_dynamic);
LIST_INIT(&rlset->rs_all);
+ LIST_INIT(&rlset->rs_gc);
+ rlset->rs_slots = slots;
+
return rlset;
}
@@ -133,7 +142,7 @@ npf_ruleset_unlink(npf_ruleset_t *rlset,
if (NPF_DYNAMIC_GROUP_P(rl->r_attr)) {
LIST_REMOVE(rl, r_dentry);
}
- if ((rl->r_attr & NPF_DYNAMIC_GROUP) == NPF_RULE_DYNAMIC) {
+ if (NPF_DYNAMIC_RULE_P(rl->r_attr)) {
npf_rule_t *rg = rl->r_parent;
TAILQ_REMOVE(&rg->r_subset, rl, r_entry);
}
@@ -201,11 +210,14 @@ npf_ruleset_add(npf_ruleset_t *rlset, co
rg = npf_ruleset_lookup(rlset, rname);
if (rg == NULL) {
- return ENOENT;
+ return ESRCH;
+ }
+ if (!NPF_DYNAMIC_RULE_P(rl->r_attr)) {
+ return EINVAL;
}
- /* Dynamic rule. */
- rl->r_attr |= NPF_RULE_DYNAMIC;
+ /* Dynamic rule - assign a unique ID and save the parent. */
+ rl->r_id = ++rlset->rs_idcnt;
rl->r_parent = rg;
/*
@@ -248,22 +260,22 @@ npf_ruleset_add(npf_ruleset_t *rlset, co
}
int
-npf_ruleset_remove(npf_ruleset_t *rlset, const char *rname, uintptr_t id)
+npf_ruleset_remove(npf_ruleset_t *rlset, const char *rname, uint64_t id)
{
npf_rule_t *rg, *rl;
if ((rg = npf_ruleset_lookup(rlset, rname)) == NULL) {
- return ENOENT;
+ return ESRCH;
}
TAILQ_FOREACH(rl, &rg->r_subset, r_entry) {
/* Compare ID. On match, remove and return. */
- if ((uintptr_t)rl == id) {
+ if (rl->r_id == id) {
npf_ruleset_unlink(rlset, rl);
LIST_INSERT_HEAD(&rlset->rs_gc, rl, r_aentry);
- break;
+ return 0;
}
}
- return 0;
+ return ENOENT;
}
int
@@ -275,7 +287,7 @@ npf_ruleset_remkey(npf_ruleset_t *rlset,
KASSERT(len && len <= NPF_RULE_MAXKEYLEN);
if ((rg = npf_ruleset_lookup(rlset, rname)) == NULL) {
- return ENOENT;
+ return ESRCH;
}
/* Find the last in the list. */
@@ -284,10 +296,10 @@ npf_ruleset_remkey(npf_ruleset_t *rlset,
if (memcmp(rl->r_key, key, len) == 0) {
npf_ruleset_unlink(rlset, rl);
LIST_INSERT_HEAD(&rlset->rs_gc, rl, r_aentry);
- break;
+ return 0;
}
}
- return 0;
+ return ENOENT;
}
prop_dictionary_t
@@ -311,9 +323,11 @@ npf_ruleset_list(npf_ruleset_t *rlset, c
TAILQ_FOREACH(rl, &rg->r_subset, r_entry) {
if (rl->r_dict && !prop_array_add(rules, rl->r_dict)) {
prop_object_release(rldict);
+ prop_object_release(rules);
return NULL;
}
}
+
if (!prop_dictionary_set(rldict, "rules", rules)) {
prop_object_release(rldict);
rldict = NULL;
@@ -328,7 +342,7 @@ npf_ruleset_flush(npf_ruleset_t *rlset,
npf_rule_t *rg, *rl;
if ((rg = npf_ruleset_lookup(rlset, rname)) == NULL) {
- return ENOENT;
+ return ESRCH;
}
while ((rl = TAILQ_FIRST(&rg->r_subset)) != NULL) {
npf_ruleset_unlink(rlset, rl);
@@ -356,29 +370,34 @@ npf_ruleset_gc(npf_ruleset_t *rlset)
void
npf_ruleset_reload(npf_ruleset_t *rlset, npf_ruleset_t *arlset)
{
- npf_rule_t *rl;
+ npf_rule_t *rg;
KASSERT(npf_config_locked_p());
- LIST_FOREACH(rl, &rlset->rs_dynamic, r_dentry) {
- npf_rule_t *arl, *it;
+ LIST_FOREACH(rg, &rlset->rs_dynamic, r_dentry) {
+ npf_rule_t *arg, *rl;
- if ((arl = npf_ruleset_lookup(arlset, rl->r_name)) == NULL) {
+ if ((arg = npf_ruleset_lookup(arlset, rg->r_name)) == NULL) {
continue;
}
/*
* Copy the list-head structure and move the rules from the
* old ruleset to the new by reinserting to a new all-rules
- * list. Note that the rules are still active and therefore
- * accessible for inspection via the old ruleset.
+ * list and resetting the parent rule. Note that the rules
+ * are still active and therefore accessible for inspection
+ * via the old ruleset.
*/
- memcpy(&rl->r_subset, &arl->r_subset, sizeof(rl->r_subset));
- TAILQ_FOREACH(it, &rl->r_subset, r_entry) {
+ memcpy(&rg->r_subset, &arg->r_subset, sizeof(rg->r_subset));
+ TAILQ_FOREACH(rl, &rg->r_subset, r_entry) {
LIST_REMOVE(rl, r_aentry);
LIST_INSERT_HEAD(&rlset->rs_all, rl, r_aentry);
+ rl->r_parent = rg;
}
}
+
+ /* Inherit the ID counter. */
+ rlset->rs_idcnt = arlset->rs_idcnt;
}
/*
@@ -506,7 +525,7 @@ npf_rule_alloc(prop_dictionary_t rldict)
memcpy(rl->r_key, key, len);
}
- if ((rl->r_attr & NPF_DYNAMIC_GROUP) == NPF_RULE_DYNAMIC) {
+ if (NPF_DYNAMIC_RULE_P(rl->r_attr)) {
rl->r_dict = prop_dictionary_copy(rldict);
}
@@ -565,10 +584,18 @@ npf_rule_free(npf_rule_t *rl)
}
/*
+ * npf_rule_getid: return the unique ID of a rule.
* npf_rule_getrproc: acquire a reference and return rule procedure, if any.
* npf_rule_getnat: get NAT policy assigned to the rule.
*/
+uint64_t
+npf_rule_getid(const npf_rule_t *rl)
+{
+ KASSERT(NPF_DYNAMIC_RULE_P(rl->r_attr));
+ return rl->r_id;
+}
+
npf_rproc_t *
npf_rule_getrproc(npf_rule_t *rl)
{
Index: src/usr.sbin/npf/npfctl/npf_build.c
diff -u src/usr.sbin/npf/npfctl/npf_build.c:1.20 src/usr.sbin/npf/npfctl/npf_build.c:1.21
--- src/usr.sbin/npf/npfctl/npf_build.c:1.20 Mon Feb 11 00:00:20 2013
+++ src/usr.sbin/npf/npfctl/npf_build.c Sat Feb 16 21:11:14 2013
@@ -1,4 +1,4 @@
-/* $NetBSD: npf_build.c,v 1.20 2013/02/11 00:00:20 rmind Exp $ */
+/* $NetBSD: npf_build.c,v 1.21 2013/02/16 21:11:14 rmind Exp $ */
/*-
* Copyright (c) 2011-2013 The NetBSD Foundation, Inc.
@@ -34,7 +34,7 @@
*/
#include <sys/cdefs.h>
-__RCSID("$NetBSD: npf_build.c,v 1.20 2013/02/11 00:00:20 rmind Exp $");
+__RCSID("$NetBSD: npf_build.c,v 1.21 2013/02/16 21:11:14 rmind Exp $");
#include <sys/types.h>
#include <sys/ioctl.h>
@@ -501,12 +501,13 @@ npfctl_build_group_end(void)
* if any, and insert into the ruleset of current group, or set the rule.
*/
void
-npfctl_build_rule(int attr, u_int if_idx, sa_family_t family,
+npfctl_build_rule(uint32_t attr, u_int if_idx, sa_family_t family,
const opt_proto_t *op, const filt_opts_t *fopts, const char *rproc)
{
nl_rule_t *rl;
attr |= (npf_conf ? 0 : NPF_RULE_DYNAMIC);
+
rl = npf_rule_create(NULL, attr, if_idx);
npfctl_build_ncode(rl, family, op, fopts, false);
if (rproc) {
Index: src/usr.sbin/npf/npfctl/npf_disassemble.c
diff -u src/usr.sbin/npf/npfctl/npf_disassemble.c:1.16 src/usr.sbin/npf/npfctl/npf_disassemble.c:1.17
--- src/usr.sbin/npf/npfctl/npf_disassemble.c:1.16 Sun Feb 10 23:47:37 2013
+++ src/usr.sbin/npf/npfctl/npf_disassemble.c Sat Feb 16 21:11:14 2013
@@ -1,4 +1,4 @@
-/* $NetBSD: npf_disassemble.c,v 1.16 2013/02/10 23:47:37 rmind Exp $ */
+/* $NetBSD: npf_disassemble.c,v 1.17 2013/02/16 21:11:14 rmind Exp $ */
/*-
* Copyright (c) 2012 The NetBSD Foundation, Inc.
@@ -35,7 +35,7 @@
* FIXME: config generation should be redesigned..
*/
#include <sys/cdefs.h>
-__RCSID("$NetBSD: npf_disassemble.c,v 1.16 2013/02/10 23:47:37 rmind Exp $");
+__RCSID("$NetBSD: npf_disassemble.c,v 1.17 2013/02/16 21:11:14 rmind Exp $");
#include <stdio.h>
#include <stdlib.h>
@@ -611,6 +611,9 @@ npfctl_show_rule(nl_rule_t *nrl, unsigne
if (ifname) {
printf(", interface %s", ifname);
}
+ if (rg.rg_attr & NPF_RULE_DYNAMIC) {
+ printf(", dynamic");
+ }
puts(") {");
return;
}
Index: src/usr.sbin/npf/npfctl/npfctl.8
diff -u src/usr.sbin/npf/npfctl/npfctl.8:1.12 src/usr.sbin/npf/npfctl/npfctl.8:1.13
--- src/usr.sbin/npf/npfctl/npfctl.8:1.12 Sat Feb 9 03:35:33 2013
+++ src/usr.sbin/npf/npfctl/npfctl.8 Sat Feb 16 21:11:15 2013
@@ -1,4 +1,4 @@
-.\" $NetBSD: npfctl.8,v 1.12 2013/02/09 03:35:33 rmind Exp $
+.\" $NetBSD: npfctl.8,v 1.13 2013/02/16 21:11:15 rmind Exp $
.\"
.\" Copyright (c) 2009-2013 The NetBSD Foundation, Inc.
.\" All rights reserved.
@@ -27,7 +27,7 @@
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
.\" POSSIBILITY OF SUCH DAMAGE.
.\"
-.Dd January 11, 2013
+.Dd February 16, 2013
.Dt NPFCTL 8
.Os
.Sh NAME
@@ -93,6 +93,7 @@ On success, returns a unique identifier
the rule with
.Ic rem-id
command.
+The identifier is alphanumeric string.
.It Ic rule Ar name Ic rem Aq rule-syntax
Remove a rule from a dynamic ruleset specified by
.Ar name .
@@ -106,6 +107,12 @@ Remove a rule specified by unique
.Ar id
from a dynamic ruleset specified by
.Ar name .
+.It Ic rule Ar name Ic list
+List all rules in the dynamic ruleset specified by
+.Ar name .
+.It Ic rule Ar name Ic flush
+Remove all rules from the dynamic ruleset specified by
+.Ar name .
.\" ---
.It Ic table Ar tid Ic add Aq Ar addr/mask
In table
Index: src/usr.sbin/npf/npfctl/npfctl.c
diff -u src/usr.sbin/npf/npfctl/npfctl.c:1.30 src/usr.sbin/npf/npfctl/npfctl.c:1.31
--- src/usr.sbin/npf/npfctl/npfctl.c:1.30 Sun Feb 10 23:47:37 2013
+++ src/usr.sbin/npf/npfctl/npfctl.c Sat Feb 16 21:11:15 2013
@@ -1,4 +1,4 @@
-/* $NetBSD: npfctl.c,v 1.30 2013/02/10 23:47:37 rmind Exp $ */
+/* $NetBSD: npfctl.c,v 1.31 2013/02/16 21:11:15 rmind Exp $ */
/*-
* Copyright (c) 2009-2013 The NetBSD Foundation, Inc.
@@ -30,7 +30,7 @@
*/
#include <sys/cdefs.h>
-__RCSID("$NetBSD: npfctl.c,v 1.30 2013/02/10 23:47:37 rmind Exp $");
+__RCSID("$NetBSD: npfctl.c,v 1.31 2013/02/16 21:11:15 rmind Exp $");
#include <sys/ioctl.h>
#include <sys/stat.h>
@@ -124,6 +124,9 @@ usage(void)
"\t%s rule \"rule-name\" rem-id <rule-id>\n",
progname);
fprintf(stderr,
+ "\t%s rule \"rule-name\" { list | flush }\n",
+ progname);
+ fprintf(stderr,
"\t%s table <tid> { add | rem | test } <address/mask>\n",
progname);
fprintf(stderr,
@@ -411,7 +414,7 @@ npfctl_rule(int fd, int argc, char **arg
const char *ruleset_name = argv[0];
const char *cmd = argv[1];
int error, action = 0;
- uintptr_t rule_id;
+ uint64_t rule_id;
nl_rule_t *rl;
for (int n = 0; ruleops[n].cmd != NULL; n++) {
@@ -441,7 +444,7 @@ npfctl_rule(int fd, int argc, char **arg
error = npf_ruleset_remkey(fd, ruleset_name, key, sizeof(key));
break;
case NPF_CMD_RULE_REMOVE:
- rule_id = (uintptr_t)strtoull(argv[0], NULL, 16);
+ rule_id = strtoull(argv[0], NULL, 16);
error = npf_ruleset_remove(fd, ruleset_name, rule_id);
break;
case NPF_CMD_RULE_LIST:
@@ -458,15 +461,15 @@ npfctl_rule(int fd, int argc, char **arg
case 0:
/* Success. */
break;
+ case ESRCH:
+ errx(EXIT_FAILURE, "ruleset \"%s\" not found", ruleset_name);
case ENOENT:
- errx(EXIT_FAILURE, "ruleset \"%s\" or the specified rule in "
- "it not found", ruleset_name);
- break;
+ errx(EXIT_FAILURE, "rule was not found");
default:
errx(EXIT_FAILURE, "rule operation: %s", strerror(error));
}
if (action == NPF_CMD_RULE_ADD) {
- printf("OK %" PRIXPTR "\n", rule_id);
+ printf("OK %" PRIx64 "\n", rule_id);
}
exit(EXIT_SUCCESS);
}
Index: src/usr.sbin/npf/npfctl/npfctl.h
diff -u src/usr.sbin/npf/npfctl/npfctl.h:1.26 src/usr.sbin/npf/npfctl/npfctl.h:1.27
--- src/usr.sbin/npf/npfctl/npfctl.h:1.26 Sun Feb 10 23:47:37 2013
+++ src/usr.sbin/npf/npfctl/npfctl.h Sat Feb 16 21:11:15 2013
@@ -1,4 +1,4 @@
-/* $NetBSD: npfctl.h,v 1.26 2013/02/10 23:47:37 rmind Exp $ */
+/* $NetBSD: npfctl.h,v 1.27 2013/02/16 21:11:15 rmind Exp $ */
/*-
* Copyright (c) 2009-2013 The NetBSD Foundation, Inc.
@@ -195,7 +195,7 @@ unsigned long npfctl_debug_addif(const c
void npfctl_build_rproc(const char *, npfvar_t *);
void npfctl_build_group(const char *, int, u_int, bool);
void npfctl_build_group_end(void);
-void npfctl_build_rule(int, u_int, sa_family_t,
+void npfctl_build_rule(uint32_t, u_int, sa_family_t,
const opt_proto_t *, const filt_opts_t *, const char *);
void npfctl_build_natseg(int, int, u_int, const addr_port_t *,
const addr_port_t *, const filt_opts_t *);
Index: src/usr.sbin/npf/npftest/libnpftest/npf_rule_test.c
diff -u src/usr.sbin/npf/npftest/libnpftest/npf_rule_test.c:1.5 src/usr.sbin/npf/npftest/libnpftest/npf_rule_test.c:1.6
--- src/usr.sbin/npf/npftest/libnpftest/npf_rule_test.c:1.5 Mon Feb 11 02:52:32 2013
+++ src/usr.sbin/npf/npftest/libnpftest/npf_rule_test.c Sat Feb 16 21:11:16 2013
@@ -1,4 +1,4 @@
-/* $NetBSD: npf_rule_test.c,v 1.5 2013/02/11 02:52:32 rmind Exp $ */
+/* $NetBSD: npf_rule_test.c,v 1.6 2013/02/16 21:11:16 rmind Exp $ */
/*
* NPF ruleset test.
@@ -130,6 +130,7 @@ npf_rule_test(bool verbose)
npf_ruleset_t *rlset;
npf_rule_t *rl;
bool fail = false;
+ uint64_t id;
int error;
for (unsigned i = 0; i < __arraycount(test_cases); i++) {
@@ -171,7 +172,8 @@ npf_rule_test(bool verbose)
error = npf_test_first(verbose);
fail |= (error != RESULT_BLOCK);
- error = npf_ruleset_remove(rlset, "test-rules", (uintptr_t)rl);
+ id = npf_rule_getid(rl);
+ error = npf_ruleset_remove(rlset, "test-rules", id);
fail |= error != 0;
npf_config_exit();
