Module Name: src Committed By: rmind Date: Sun May 19 20:45:34 UTC 2013
Modified Files: src/sys/net/npf: npf_ctl.c npf_impl.h npf_tableset.c src/usr.sbin/npf/npfctl: npf_build.c npf_parse.y npfctl.c Log Message: - Add NPF table flushing functionality. - Fix line numbering for npfctl debug command. To generate a diff of this commit: cvs rdiff -u -r1.24 -r1.25 src/sys/net/npf/npf_ctl.c cvs rdiff -u -r1.29 -r1.30 src/sys/net/npf/npf_impl.h cvs rdiff -u -r1.17 -r1.18 src/sys/net/npf/npf_tableset.c cvs rdiff -u -r1.23 -r1.24 src/usr.sbin/npf/npfctl/npf_build.c \ src/usr.sbin/npf/npfctl/npf_parse.y cvs rdiff -u -r1.36 -r1.37 src/usr.sbin/npf/npfctl/npfctl.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
Modified files: Index: src/sys/net/npf/npf_ctl.c diff -u src/sys/net/npf/npf_ctl.c:1.24 src/sys/net/npf/npf_ctl.c:1.25 --- src/sys/net/npf/npf_ctl.c:1.24 Wed Mar 20 00:29:47 2013 +++ src/sys/net/npf/npf_ctl.c Sun May 19 20:45:34 2013 @@ -1,4 +1,4 @@ -/* $NetBSD: npf_ctl.c,v 1.24 2013/03/20 00:29:47 christos Exp $ */ +/* $NetBSD: npf_ctl.c,v 1.25 2013/05/19 20:45:34 rmind Exp $ */ /*- * Copyright (c) 2009-2013 The NetBSD Foundation, Inc. @@ -37,7 +37,7 @@ */ #include <sys/cdefs.h> -__KERNEL_RCSID(0, "$NetBSD: npf_ctl.c,v 1.24 2013/03/20 00:29:47 christos Exp $"); +__KERNEL_RCSID(0, "$NetBSD: npf_ctl.c,v 1.25 2013/05/19 20:45:34 rmind Exp $"); #include <sys/param.h> #include <sys/conf.h> @@ -813,6 +813,9 @@ npfctl_table(void *data) error = npf_table_list(tblset, nct->nct_tid, nct->nct_data.buf.buf, nct->nct_data.buf.len); break; + case NPF_CMD_TABLE_FLUSH: + error = npf_table_flush(tblset, nct->nct_tid); + break; default: error = EINVAL; break; Index: src/sys/net/npf/npf_impl.h diff -u src/sys/net/npf/npf_impl.h:1.29 src/sys/net/npf/npf_impl.h:1.30 --- src/sys/net/npf/npf_impl.h:1.29 Wed Mar 20 00:29:47 2013 +++ src/sys/net/npf/npf_impl.h Sun May 19 20:45:34 2013 @@ -1,4 +1,4 @@ -/* $NetBSD: npf_impl.h,v 1.29 2013/03/20 00:29:47 christos Exp $ */ +/* $NetBSD: npf_impl.h,v 1.30 2013/05/19 20:45:34 rmind Exp $ */ /*- * Copyright (c) 2009-2013 The NetBSD Foundation, Inc. @@ -220,6 +220,7 @@ int npf_table_remove(npf_tableset_t *, int npf_table_lookup(npf_tableset_t *, u_int, const int, const npf_addr_t *); int npf_table_list(npf_tableset_t *, u_int, void *, size_t); +int npf_table_flush(npf_tableset_t *, u_int); /* Ruleset interface. */ npf_ruleset_t * npf_ruleset_create(size_t); Index: src/sys/net/npf/npf_tableset.c diff -u src/sys/net/npf/npf_tableset.c:1.17 src/sys/net/npf/npf_tableset.c:1.18 --- src/sys/net/npf/npf_tableset.c:1.17 Sat Feb 9 03:35:32 2013 +++ src/sys/net/npf/npf_tableset.c Sun May 19 20:45:34 2013 @@ -1,4 +1,4 @@ -/* $NetBSD: npf_tableset.c,v 1.17 2013/02/09 03:35:32 rmind Exp $ */ +/* $NetBSD: npf_tableset.c,v 1.18 2013/05/19 20:45:34 rmind Exp $ */ /*- * Copyright (c) 2009-2012 The NetBSD Foundation, Inc. @@ -41,7 +41,7 @@ */ #include <sys/cdefs.h> -__KERNEL_RCSID(0, "$NetBSD: npf_tableset.c,v 1.17 2013/02/09 03:35:32 rmind Exp $"); +__KERNEL_RCSID(0, "$NetBSD: npf_tableset.c,v 1.18 2013/05/19 20:45:34 rmind Exp $"); #include <sys/param.h> #include <sys/types.h> @@ -223,6 +223,19 @@ table_hash_lookup(const npf_table_t *t, } static void +table_hash_destroy(npf_table_t *t) +{ + for (unsigned n = 0; n <= t->t_hashmask; n++) { + npf_tblent_t *ent; + + while ((ent = LIST_FIRST(&t->t_hashl[n])) != NULL) { + LIST_REMOVE(ent, te_entry.hashq); + pool_cache_put(tblent_cache, ent); + } + } +} + +static void table_tree_destroy(pt_tree_t *tree) { npf_tblent_t *ent; @@ -282,14 +295,7 @@ npf_table_destroy(npf_table_t *t) switch (t->t_type) { case NPF_TABLE_HASH: - for (unsigned n = 0; n <= t->t_hashmask; n++) { - npf_tblent_t *ent; - - while ((ent = LIST_FIRST(&t->t_hashl[n])) != NULL) { - LIST_REMOVE(ent, te_entry.hashq); - pool_cache_put(tblent_cache, ent); - } - } + table_hash_destroy(t); hashdone(t->t_hashl, HASH_LIST, t->t_hashmask); break; case NPF_TABLE_TREE: @@ -592,3 +598,34 @@ npf_table_list(npf_tableset_t *tset, u_i return error; } + +/* + * npf_table_flush: remove all table entries. + */ +int +npf_table_flush(npf_tableset_t *tset, u_int tid) +{ + npf_table_t *t; + + if ((u_int)tid >= NPF_TABLE_SLOTS || (t = tset[tid]) == NULL) { + return EINVAL; + } + + rw_enter(&t->t_lock, RW_WRITER); + switch (t->t_type) { + case NPF_TABLE_HASH: + table_hash_destroy(t); + t->t_nitems = 0; + break; + case NPF_TABLE_TREE: + table_tree_destroy(&t->t_tree[0]); + table_tree_destroy(&t->t_tree[1]); + t->t_nitems = 0; + break; + default: + KASSERT(false); + } + rw_exit(&t->t_lock); + + return 0; +} Index: src/usr.sbin/npf/npfctl/npf_build.c diff -u src/usr.sbin/npf/npfctl/npf_build.c:1.23 src/usr.sbin/npf/npfctl/npf_build.c:1.24 --- src/usr.sbin/npf/npfctl/npf_build.c:1.23 Wed Mar 20 00:29:47 2013 +++ src/usr.sbin/npf/npfctl/npf_build.c Sun May 19 20:45:34 2013 @@ -1,4 +1,4 @@ -/* $NetBSD: npf_build.c,v 1.23 2013/03/20 00:29:47 christos Exp $ */ +/* $NetBSD: npf_build.c,v 1.24 2013/05/19 20:45:34 rmind Exp $ */ /*- * Copyright (c) 2011-2013 The NetBSD Foundation, Inc. @@ -34,7 +34,7 @@ */ #include <sys/cdefs.h> -__RCSID("$NetBSD: npf_build.c,v 1.23 2013/03/20 00:29:47 christos Exp $"); +__RCSID("$NetBSD: npf_build.c,v 1.24 2013/05/19 20:45:34 rmind Exp $"); #include <sys/types.h> #include <sys/ioctl.h> @@ -384,8 +384,10 @@ npfctl_build_ncode(nl_rule_t *rl, sa_fam */ code = npfctl_ncgen_complete(nc, &len); if (npf_debug) { + extern char *yytext; extern int yylineno; - printf("RULE AT LINE %d\n", yylineno); + + printf("RULE AT LINE %d\n", yylineno - (int)(*yytext == '\n')); npfctl_ncgen_print(code, len); } assert(code && len > 0); Index: src/usr.sbin/npf/npfctl/npf_parse.y diff -u src/usr.sbin/npf/npfctl/npf_parse.y:1.23 src/usr.sbin/npf/npfctl/npf_parse.y:1.24 --- src/usr.sbin/npf/npfctl/npf_parse.y:1.23 Thu May 9 19:12:03 2013 +++ src/usr.sbin/npf/npfctl/npf_parse.y Sun May 19 20:45:34 2013 @@ -1,4 +1,4 @@ -/* $NetBSD: npf_parse.y,v 1.23 2013/05/09 19:12:03 christos Exp $ */ +/* $NetBSD: npf_parse.y,v 1.24 2013/05/19 20:45:34 rmind Exp $ */ /*- * Copyright (c) 2011-2012 The NetBSD Foundation, Inc. @@ -326,12 +326,13 @@ rproc } ; -alg +alg : ALG STRING { npfctl_build_alg($2); } ; + procs : proc_call SEPLINE procs { @@ -478,6 +479,7 @@ rule_group | group | ruleset | + ; rule : block_or_pass opt_stateful rule_dir opt_final on_ifindex Index: src/usr.sbin/npf/npfctl/npfctl.c diff -u src/usr.sbin/npf/npfctl/npfctl.c:1.36 src/usr.sbin/npf/npfctl/npfctl.c:1.37 --- src/usr.sbin/npf/npfctl/npfctl.c:1.36 Mon Mar 18 02:17:49 2013 +++ src/usr.sbin/npf/npfctl/npfctl.c Sun May 19 20:45:34 2013 @@ -1,4 +1,4 @@ -/* $NetBSD: npfctl.c,v 1.36 2013/03/18 02:17:49 rmind Exp $ */ +/* $NetBSD: npfctl.c,v 1.37 2013/05/19 20:45:34 rmind Exp $ */ /*- * Copyright (c) 2009-2013 The NetBSD Foundation, Inc. @@ -30,7 +30,7 @@ */ #include <sys/cdefs.h> -__RCSID("$NetBSD: npfctl.c,v 1.36 2013/03/18 02:17:49 rmind Exp $"); +__RCSID("$NetBSD: npfctl.c,v 1.37 2013/05/19 20:45:34 rmind Exp $"); #include <sys/ioctl.h> #include <sys/stat.h> @@ -115,10 +115,7 @@ usage(void) const char *progname = getprogname(); fprintf(stderr, - "Usage:\t%s start | stop | flush | show | stats\n", - progname); - fprintf(stderr, - "\t%s sess-load | sess-save\n", + "Usage:\t%s start | stop | flush | show | stats\n", progname); fprintf(stderr, "\t%s validate | reload [<rule-file>]\n", @@ -138,6 +135,9 @@ usage(void) fprintf(stderr, "\t%s table <tid> { list | flush }\n", progname); + fprintf(stderr, + "\t%s sess-load | sess-save\n", + progname); exit(EXIT_FAILURE); } @@ -279,6 +279,7 @@ npfctl_table(int fd, int argc, char **ar { "del", NPF_CMD_TABLE_REMOVE }, { "test", NPF_CMD_TABLE_LOOKUP }, { "list", NPF_CMD_TABLE_LIST }, + { "flush", NPF_CMD_TABLE_FLUSH }, { NULL, 0 } }; npf_ioctl_table_t nct; @@ -302,17 +303,27 @@ npfctl_table(int fd, int argc, char **ar if (tblops[n].cmd == NULL) { errx(EXIT_FAILURE, "invalid command '%s'", cmd); } - if (nct.nct_cmd != NPF_CMD_TABLE_LIST) { + + switch (nct.nct_cmd) { + case NPF_CMD_TABLE_LIST: + case NPF_CMD_TABLE_FLUSH: + break; + default: if (argc < 3) { usage(); } arg = argv[2]; } + again: - if (nct.nct_cmd == NPF_CMD_TABLE_LIST) { + switch (nct.nct_cmd) { + case NPF_CMD_TABLE_LIST: nct.nct_data.buf.buf = ecalloc(1, buflen); nct.nct_data.buf.len = buflen; - } else { + break; + case NPF_CMD_TABLE_FLUSH: + break; + default: if (!npfctl_parse_cidr(arg, &fam, &alen)) { errx(EXIT_FAILURE, "invalid CIDR '%s'", arg); }