CVS commit: src/sys/net/npf

Sun, 17 Mar 2013 17:15:05 -0700 

Module Name:    src
Committed By:   rmind
Date:           Mon Mar 18 00:14:57 UTC 2013

Modified Files:
        src/sys/net/npf: npf_session.c

Log Message:
Add npf_session_trackable_p() and npf_session_fillent() for the common code.
Simplify.  No functional change.


To generate a diff of this commit:
cvs rdiff -u -r1.21 -r1.22 src/sys/net/npf/npf_session.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


Modified files:

Index: src/sys/net/npf/npf_session.c
diff -u src/sys/net/npf/npf_session.c:1.21 src/sys/net/npf/npf_session.c:1.22
--- src/sys/net/npf/npf_session.c:1.21	Sat Feb  9 03:35:32 2013
+++ src/sys/net/npf/npf_session.c	Mon Mar 18 00:14:57 2013
@@ -1,4 +1,4 @@
-/*	$NetBSD: npf_session.c,v 1.21 2013/02/09 03:35:32 rmind Exp $	*/
+/*	$NetBSD: npf_session.c,v 1.22 2013/03/18 00:14:57 rmind Exp $	*/
 
 /*-
  * Copyright (c) 2010-2012 The NetBSD Foundation, Inc.
@@ -80,7 +80,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: npf_session.c,v 1.21 2013/02/09 03:35:32 rmind Exp $");
+__KERNEL_RCSID(0, "$NetBSD: npf_session.c,v 1.22 2013/03/18 00:14:57 rmind Exp $");
 
 #include <sys/param.h>
 #include <sys/types.h>
@@ -452,56 +452,86 @@ npf_session_tracking(bool track)
 	return 0;
 }
 
+static bool
+npf_session_trackable_p(const npf_cache_t *npc)
+{
+	/*
+	 * Check if session tracking is on.  Also, if layer 3 and 4 are not
+	 * cached - protocol is not supported or packet is invalid.
+	 */
+	if (sess_tracking == SESS_TRACKING_OFF) {
+		return false;
+	}
+	if (!npf_iscached(npc, NPC_IP46) || !npf_iscached(npc, NPC_LAYER4)) {
+		return false;
+	}
+	return true;
+}
+
 /*
- * npf_session_lookup: lookup for an established session (connection).
- *
- * => If found, we will hold a reference for the caller.
+ * npf_session_fillent: fill a session entry with the protocol data.
  */
-npf_session_t *
-npf_session_lookup(const npf_cache_t *npc, const nbuf_t *nbuf,
-    const int di, bool *forw)
+static bool
+npf_session_fillent(const npf_cache_t *npc, npf_sentry_t *sen)
 {
-	const u_int proto = npc->npc_proto;
-	const ifnet_t *ifp = nbuf->nb_ifp;
-	npf_sentry_t senkey, *sen;
-	npf_session_t *se;
-	npf_sehash_t *sh;
-	int flags;
+	const struct tcphdr *th;
+	const struct udphdr *uh;
 
-	switch (proto) {
-	case IPPROTO_TCP: {
-		const struct tcphdr *th = npc->npc_l4.tcp;
-		senkey.se_src_id = th->th_sport;
-		senkey.se_dst_id = th->th_dport;
+	switch (npc->npc_proto) {
+	case IPPROTO_TCP:
+		KASSERT(npf_iscached(npc, NPC_TCP));
+		th = npc->npc_l4.tcp;
+		sen->se_src_id = th->th_sport;
+		sen->se_dst_id = th->th_dport;
 		break;
-	}
-	case IPPROTO_UDP: {
-		const struct udphdr *uh = npc->npc_l4.udp;
-		senkey.se_src_id = uh->uh_sport;
-		senkey.se_dst_id = uh->uh_dport;
+	case IPPROTO_UDP:
+		KASSERT(npf_iscached(npc, NPC_UDP));
+		uh = npc->npc_l4.udp;
+		sen->se_src_id = uh->uh_sport;
+		sen->se_dst_id = uh->uh_dport;
 		break;
-	}
 	case IPPROTO_ICMP:
 		if (npf_iscached(npc, NPC_ICMP_ID)) {
 			const struct icmp *ic = npc->npc_l4.icmp;
-			senkey.se_src_id = ic->icmp_id;
-			senkey.se_dst_id = ic->icmp_id;
+			sen->se_src_id = ic->icmp_id;
+			sen->se_dst_id = ic->icmp_id;
 			break;
 		}
-		return NULL;
+		return false;
 	case IPPROTO_ICMPV6:
 		if (npf_iscached(npc, NPC_ICMP_ID)) {
 			const struct icmp6_hdr *ic6 = npc->npc_l4.icmp6;
-			senkey.se_src_id = ic6->icmp6_id;
-			senkey.se_dst_id = ic6->icmp6_id;
+			sen->se_src_id = ic6->icmp6_id;
+			sen->se_dst_id = ic6->icmp6_id;
 			break;
 		}
-		return NULL;
+		return false;
 	default:
 		/* Unsupported protocol. */
-		return NULL;
+		return false;
 	}
+	return true;
+}
 
+/*
+ * npf_session_lookup: lookup for an established session (connection).
+ *
+ * => If found, we will hold a reference for the caller.
+ */
+npf_session_t *
+npf_session_lookup(const npf_cache_t *npc, const nbuf_t *nbuf,
+    const int di, bool *forw)
+{
+	const u_int proto = npc->npc_proto;
+	const ifnet_t *ifp = nbuf->nb_ifp;
+	npf_sentry_t senkey, *sen;
+	npf_session_t *se;
+	npf_sehash_t *sh;
+	int flags;
+
+	if (!npf_session_fillent(npc, &senkey)) {
+		return NULL;
+	}
 	KASSERT(npc->npc_srcip && npc->npc_dstip && npc->npc_alen > 0);
 	memcpy(&senkey.se_src_addr, npc->npc_srcip, npc->npc_alen);
 	memcpy(&senkey.se_dst_addr, npc->npc_dstip, npc->npc_alen);
@@ -571,15 +601,7 @@ npf_session_inspect(npf_cache_t *npc, nb
 	bool forw;
 
 	KASSERT(!nbuf_flag_p(nbuf, NBUF_DATAREF_RESET));
-
-	/*
-	 * Check if session tracking is on.  Also, if layer 3 and 4 are not
-	 * cached - protocol is not supported or packet is invalid.
-	 */
-	if (sess_tracking == SESS_TRACKING_OFF) {
-		return NULL;
-	}
-	if (!npf_iscached(npc, NPC_IP46) || !npf_iscached(npc, NPC_LAYER4)) {
+	if (!npf_session_trackable_p(npc)) {
 		return NULL;
 	}
 
@@ -620,24 +642,14 @@ npf_session_t *
 npf_session_establish(npf_cache_t *npc, nbuf_t *nbuf, const int di)
 {
 	const ifnet_t *ifp = nbuf->nb_ifp;
-	const struct tcphdr *th;
-	const struct udphdr *uh;
 	npf_sentry_t *fw, *bk;
 	npf_sehash_t *sh;
 	npf_session_t *se;
-	u_int proto, alen;
+	u_int alen;
 	bool ok;
 
 	KASSERT(!nbuf_flag_p(nbuf, NBUF_DATAREF_RESET));
-
-	/*
-	 * Check if session tracking is on.  Also, if layer 3 and 4 are not
-	 * cached - protocol is not supported or packet is invalid.
-	 */
-	if (sess_tracking == SESS_TRACKING_OFF) {
-		return NULL;
-	}
-	if (!npf_iscached(npc, NPC_IP46) || !npf_iscached(npc, NPC_LAYER4)) {
+	if (!npf_session_trackable_p(npc)) {
 		return NULL;
 	}
 
@@ -669,55 +681,15 @@ npf_session_establish(npf_cache_t *npc, 
 	memcpy(&fw->se_dst_addr, npc->npc_dstip, alen);
 
 	/* Protocol and interface. */
-	proto = npc->npc_proto;
 	memset(&se->s_common_id, 0, sizeof(npf_secomid_t));
-	se->s_common_id.proto = proto;
+	se->s_common_id.proto = npc->npc_proto;
 	se->s_common_id.if_idx = ifp->if_index;
 
-	switch (proto) {
-	case IPPROTO_TCP:
-		KASSERT(npf_iscached(npc, NPC_TCP));
-		th = npc->npc_l4.tcp;
-		/* Additional IDs: ports. */
-		fw->se_src_id = th->th_sport;
-		fw->se_dst_id = th->th_dport;
-		break;
-	case IPPROTO_UDP:
-		KASSERT(npf_iscached(npc, NPC_UDP));
-		/* Additional IDs: ports. */
-		uh = npc->npc_l4.udp;
-		fw->se_src_id = uh->uh_sport;
-		fw->se_dst_id = uh->uh_dport;
-		break;
-	case IPPROTO_ICMP:
-		if (npf_iscached(npc, NPC_ICMP_ID)) {
-			/* ICMP query ID. */
-			const struct icmp *ic = npc->npc_l4.icmp;
-			fw->se_src_id = ic->icmp_id;
-			fw->se_dst_id = ic->icmp_id;
-			break;
-		}
-		ok = false;
-		goto out;
-	case IPPROTO_ICMPV6:
-		if (npf_iscached(npc, NPC_ICMP_ID)) {
-			/* ICMP query ID. */
-			const struct icmp6_hdr *ic6 = npc->npc_l4.icmp6;
-			fw->se_src_id = ic6->icmp6_id;
-			fw->se_dst_id = ic6->icmp6_id;
-			break;
-		}
-		ok = false;
-		goto out;
-	default:
-		/* Unsupported. */
-		ok = false;
-		goto out;
+	/* Setup "forwards" entry. */
+	if (!npf_session_fillent(npc, fw)) {
+		return NULL;
 	}
 
-	/* Set last activity time for a new session. */
-	getnanouptime(&se->s_atime);
-
 	/* Setup inverted "backwards". */
 	bk = &se->s_back_entry;
 	memcpy(&bk->se_src_addr, &fw->se_dst_addr, alen);
@@ -729,6 +701,9 @@ npf_session_establish(npf_cache_t *npc, 
 	fw->se_backptr = bk->se_backptr = se;
 	fw->se_alen = bk->se_alen = alen;
 
+	/* Set last activity time for a new session. */
+	getnanouptime(&se->s_atime);
+
 	/*
 	 * Insert the session and both entries into the tree.
 	 */

Reply via email to