npf_rproc.c revision 1.12
1 1.12 rmind /* $NetBSD: npf_rproc.c,v 1.12 2014/08/11 01:54:12 rmind Exp $ */ 2 1.1 rmind 3 1.1 rmind /*- 4 1.6 rmind * Copyright (c) 2009-2013 The NetBSD Foundation, Inc. 5 1.1 rmind * All rights reserved. 6 1.1 rmind * 7 1.1 rmind * This material is based upon work partially supported by The 8 1.1 rmind * NetBSD Foundation under a contract with Mindaugas Rasiukevicius. 9 1.1 rmind * 10 1.1 rmind * Redistribution and use in source and binary forms, with or without 11 1.1 rmind * modification, are permitted provided that the following conditions 12 1.1 rmind * are met: 13 1.1 rmind * 1. Redistributions of source code must retain the above copyright 14 1.1 rmind * notice, this list of conditions and the following disclaimer. 15 1.1 rmind * 2. Redistributions in binary form must reproduce the above copyright 16 1.1 rmind * notice, this list of conditions and the following disclaimer in the 17 1.1 rmind * documentation and/or other materials provided with the distribution. 18 1.1 rmind * 19 1.1 rmind * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS 20 1.1 rmind * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 21 1.1 rmind * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 22 1.1 rmind * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS 23 1.1 rmind * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 24 1.1 rmind * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 25 1.1 rmind * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 26 1.1 rmind * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 27 1.1 rmind * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 28 1.1 rmind * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 29 1.1 rmind * POSSIBILITY OF SUCH DAMAGE. 30 1.1 rmind */ 31 1.1 rmind 32 1.1 rmind /* 33 1.3 rmind * NPF extension and rule procedure interface. 34 1.1 rmind */ 35 1.1 rmind 36 1.1 rmind #include <sys/cdefs.h> 37 1.1 rmind __KERNEL_RCSID(0, "$NetBSD"); 38 1.1 rmind 39 1.1 rmind #include <sys/param.h> 40 1.2 rmind #include <sys/types.h> 41 1.1 rmind 42 1.1 rmind #include <sys/atomic.h> 43 1.1 rmind #include <sys/kmem.h> 44 1.3 rmind #include <sys/mutex.h> 45 1.7 christos #include <sys/module.h> 46 1.1 rmind 47 1.1 rmind #include "npf_impl.h" 48 1.1 rmind 49 1.3 rmind #define EXT_NAME_LEN 32 50 1.3 rmind 51 1.3 rmind typedef struct npf_ext { 52 1.3 rmind char ext_callname[EXT_NAME_LEN]; 53 1.3 rmind LIST_ENTRY(npf_ext) ext_entry; 54 1.3 rmind const npf_ext_ops_t * ext_ops; 55 1.3 rmind unsigned ext_refcnt; 56 1.3 rmind } npf_ext_t; 57 1.3 rmind 58 1.6 rmind struct npf_rprocset { 59 1.6 rmind LIST_HEAD(, npf_rproc) rps_list; 60 1.6 rmind }; 61 1.6 rmind 62 1.3 rmind #define RPROC_NAME_LEN 32 63 1.3 rmind #define RPROC_EXT_COUNT 16 64 1.1 rmind 65 1.1 rmind struct npf_rproc { 66 1.6 rmind /* Flags and reference count. */ 67 1.6 rmind uint32_t rp_flags; 68 1.1 rmind u_int rp_refcnt; 69 1.6 rmind 70 1.3 rmind /* Associated extensions and their metadata . */ 71 1.3 rmind unsigned rp_ext_count; 72 1.3 rmind npf_ext_t * rp_ext[RPROC_EXT_COUNT]; 73 1.3 rmind void * rp_ext_meta[RPROC_EXT_COUNT]; 74 1.6 rmind 75 1.6 rmind /* Name of the procedure and list entry. */ 76 1.6 rmind char rp_name[RPROC_NAME_LEN]; 77 1.6 rmind LIST_ENTRY(npf_rproc) rp_entry; 78 1.1 rmind }; 79 1.1 rmind 80 1.3 rmind static LIST_HEAD(, npf_ext) ext_list __cacheline_aligned; 81 1.3 rmind static kmutex_t ext_lock __cacheline_aligned; 82 1.3 rmind 83 1.3 rmind void 84 1.3 rmind npf_ext_sysinit(void) 85 1.3 rmind { 86 1.3 rmind mutex_init(&ext_lock, MUTEX_DEFAULT, IPL_NONE); 87 1.3 rmind LIST_INIT(&ext_list); 88 1.3 rmind } 89 1.3 rmind 90 1.3 rmind void 91 1.3 rmind npf_ext_sysfini(void) 92 1.3 rmind { 93 1.3 rmind KASSERT(LIST_EMPTY(&ext_list)); 94 1.3 rmind mutex_destroy(&ext_lock); 95 1.3 rmind } 96 1.3 rmind 97 1.3 rmind /* 98 1.3 rmind * NPF extension management for the rule procedures. 99 1.3 rmind */ 100 1.3 rmind 101 1.8 christos static const char npf_ext_prefix[] = "npf_ext_"; 102 1.8 christos #define NPF_EXT_PREFLEN (sizeof(npf_ext_prefix) - 1) 103 1.8 christos 104 1.3 rmind static npf_ext_t * 105 1.9 christos npf_ext_lookup(const char *name, bool autoload) 106 1.3 rmind { 107 1.8 christos npf_ext_t *ext; 108 1.8 christos char modname[RPROC_NAME_LEN + NPF_EXT_PREFLEN]; 109 1.9 christos int error; 110 1.3 rmind 111 1.3 rmind KASSERT(mutex_owned(&ext_lock)); 112 1.3 rmind 113 1.8 christos again: 114 1.3 rmind LIST_FOREACH(ext, &ext_list, ext_entry) 115 1.3 rmind if (strcmp(ext->ext_callname, name) == 0) 116 1.3 rmind break; 117 1.8 christos 118 1.9 christos if (ext != NULL || !autoload) 119 1.8 christos return ext; 120 1.8 christos 121 1.8 christos mutex_exit(&ext_lock); 122 1.9 christos autoload = false; 123 1.8 christos snprintf(modname, sizeof(modname), "%s%s", npf_ext_prefix, name); 124 1.8 christos error = module_autoload(modname, MODULE_CLASS_MISC); 125 1.8 christos mutex_enter(&ext_lock); 126 1.8 christos 127 1.8 christos if (error) 128 1.8 christos return NULL; 129 1.8 christos goto again; 130 1.3 rmind } 131 1.3 rmind 132 1.3 rmind void * 133 1.3 rmind npf_ext_register(const char *name, const npf_ext_ops_t *ops) 134 1.3 rmind { 135 1.3 rmind npf_ext_t *ext; 136 1.3 rmind 137 1.3 rmind ext = kmem_zalloc(sizeof(npf_ext_t), KM_SLEEP); 138 1.3 rmind strlcpy(ext->ext_callname, name, EXT_NAME_LEN); 139 1.3 rmind ext->ext_ops = ops; 140 1.3 rmind 141 1.3 rmind mutex_enter(&ext_lock); 142 1.9 christos if (npf_ext_lookup(name, false)) { 143 1.3 rmind mutex_exit(&ext_lock); 144 1.3 rmind kmem_free(ext, sizeof(npf_ext_t)); 145 1.3 rmind return NULL; 146 1.3 rmind } 147 1.3 rmind LIST_INSERT_HEAD(&ext_list, ext, ext_entry); 148 1.3 rmind mutex_exit(&ext_lock); 149 1.3 rmind 150 1.3 rmind return (void *)ext; 151 1.3 rmind } 152 1.3 rmind 153 1.3 rmind int 154 1.3 rmind npf_ext_unregister(void *extid) 155 1.3 rmind { 156 1.3 rmind npf_ext_t *ext = extid; 157 1.3 rmind 158 1.3 rmind /* 159 1.3 rmind * Check if in-use first (re-check with the lock held). 160 1.3 rmind */ 161 1.3 rmind if (ext->ext_refcnt) { 162 1.3 rmind return EBUSY; 163 1.3 rmind } 164 1.3 rmind 165 1.3 rmind mutex_enter(&ext_lock); 166 1.3 rmind if (ext->ext_refcnt) { 167 1.3 rmind mutex_exit(&ext_lock); 168 1.3 rmind return EBUSY; 169 1.3 rmind } 170 1.9 christos KASSERT(npf_ext_lookup(ext->ext_callname, false)); 171 1.3 rmind LIST_REMOVE(ext, ext_entry); 172 1.3 rmind mutex_exit(&ext_lock); 173 1.3 rmind 174 1.3 rmind kmem_free(ext, sizeof(npf_ext_t)); 175 1.3 rmind return 0; 176 1.3 rmind } 177 1.3 rmind 178 1.3 rmind int 179 1.3 rmind npf_ext_construct(const char *name, npf_rproc_t *rp, prop_dictionary_t params) 180 1.3 rmind { 181 1.3 rmind const npf_ext_ops_t *extops; 182 1.3 rmind npf_ext_t *ext; 183 1.3 rmind unsigned i; 184 1.3 rmind int error; 185 1.3 rmind 186 1.3 rmind if (rp->rp_ext_count >= RPROC_EXT_COUNT) { 187 1.3 rmind return ENOSPC; 188 1.3 rmind } 189 1.3 rmind 190 1.3 rmind mutex_enter(&ext_lock); 191 1.9 christos ext = npf_ext_lookup(name, true); 192 1.3 rmind if (ext) { 193 1.3 rmind atomic_inc_uint(&ext->ext_refcnt); 194 1.3 rmind } 195 1.3 rmind mutex_exit(&ext_lock); 196 1.4 mlelstv 197 1.3 rmind if (!ext) { 198 1.3 rmind return ENOENT; 199 1.3 rmind } 200 1.3 rmind 201 1.4 mlelstv extops = ext->ext_ops; 202 1.4 mlelstv KASSERT(extops != NULL); 203 1.4 mlelstv 204 1.3 rmind error = extops->ctor(rp, params); 205 1.3 rmind if (error) { 206 1.3 rmind atomic_dec_uint(&ext->ext_refcnt); 207 1.3 rmind return error; 208 1.3 rmind } 209 1.3 rmind i = rp->rp_ext_count++; 210 1.3 rmind rp->rp_ext[i] = ext; 211 1.3 rmind return 0; 212 1.3 rmind } 213 1.3 rmind 214 1.3 rmind /* 215 1.3 rmind * Rule procedure management. 216 1.3 rmind */ 217 1.3 rmind 218 1.6 rmind npf_rprocset_t * 219 1.6 rmind npf_rprocset_create(void) 220 1.6 rmind { 221 1.6 rmind npf_rprocset_t *rpset; 222 1.6 rmind 223 1.6 rmind rpset = kmem_zalloc(sizeof(npf_rprocset_t), KM_SLEEP); 224 1.6 rmind LIST_INIT(&rpset->rps_list); 225 1.6 rmind return rpset; 226 1.6 rmind } 227 1.6 rmind 228 1.6 rmind void 229 1.6 rmind npf_rprocset_destroy(npf_rprocset_t *rpset) 230 1.6 rmind { 231 1.6 rmind npf_rproc_t *rp; 232 1.6 rmind 233 1.6 rmind while ((rp = LIST_FIRST(&rpset->rps_list)) != NULL) { 234 1.6 rmind LIST_REMOVE(rp, rp_entry); 235 1.6 rmind npf_rproc_release(rp); 236 1.6 rmind } 237 1.6 rmind kmem_free(rpset, sizeof(npf_rprocset_t)); 238 1.6 rmind } 239 1.6 rmind 240 1.6 rmind /* 241 1.6 rmind * npf_rproc_lookup: find a rule procedure by the name. 242 1.6 rmind */ 243 1.6 rmind npf_rproc_t * 244 1.6 rmind npf_rprocset_lookup(npf_rprocset_t *rpset, const char *name) 245 1.6 rmind { 246 1.6 rmind npf_rproc_t *rp; 247 1.6 rmind 248 1.6 rmind LIST_FOREACH(rp, &rpset->rps_list, rp_entry) { 249 1.6 rmind if (strncmp(rp->rp_name, name, RPROC_NAME_LEN) == 0) 250 1.6 rmind break; 251 1.6 rmind } 252 1.8 christos return rp; 253 1.6 rmind } 254 1.6 rmind 255 1.6 rmind /* 256 1.6 rmind * npf_rproc_insert: insert a new rule procedure into the set. 257 1.6 rmind */ 258 1.6 rmind void 259 1.6 rmind npf_rprocset_insert(npf_rprocset_t *rpset, npf_rproc_t *rp) 260 1.6 rmind { 261 1.6 rmind LIST_INSERT_HEAD(&rpset->rps_list, rp, rp_entry); 262 1.6 rmind } 263 1.6 rmind 264 1.12 rmind int 265 1.12 rmind npf_rprocset_export(const npf_rprocset_t *rpset, prop_array_t rprocs) 266 1.12 rmind { 267 1.12 rmind prop_dictionary_t rpdict; 268 1.12 rmind const npf_rproc_t *rp; 269 1.12 rmind 270 1.12 rmind LIST_FOREACH(rp, &rpset->rps_list, rp_entry) { 271 1.12 rmind rpdict = prop_dictionary_create(); 272 1.12 rmind prop_dictionary_set_cstring(rpdict, "name", rp->rp_name); 273 1.12 rmind prop_dictionary_set_uint32(rpdict, "flags", rp->rp_flags); 274 1.12 rmind prop_array_add(rprocs, rpdict); 275 1.12 rmind prop_object_release(rpdict); 276 1.12 rmind } 277 1.12 rmind return 0; 278 1.12 rmind } 279 1.12 rmind 280 1.3 rmind /* 281 1.3 rmind * npf_rproc_create: construct a new rule procedure, lookup and associate 282 1.3 rmind * the extension calls with it. 283 1.3 rmind */ 284 1.1 rmind npf_rproc_t * 285 1.1 rmind npf_rproc_create(prop_dictionary_t rpdict) 286 1.1 rmind { 287 1.3 rmind const char *name; 288 1.1 rmind npf_rproc_t *rp; 289 1.3 rmind 290 1.3 rmind if (!prop_dictionary_get_cstring_nocopy(rpdict, "name", &name)) { 291 1.3 rmind return NULL; 292 1.3 rmind } 293 1.1 rmind 294 1.2 rmind rp = kmem_intr_zalloc(sizeof(npf_rproc_t), KM_SLEEP); 295 1.1 rmind rp->rp_refcnt = 1; 296 1.1 rmind 297 1.3 rmind strlcpy(rp->rp_name, name, RPROC_NAME_LEN); 298 1.1 rmind prop_dictionary_get_uint32(rpdict, "flags", &rp->rp_flags); 299 1.1 rmind return rp; 300 1.1 rmind } 301 1.1 rmind 302 1.3 rmind /* 303 1.3 rmind * npf_rproc_acquire: acquire the reference on the rule procedure. 304 1.3 rmind */ 305 1.1 rmind void 306 1.1 rmind npf_rproc_acquire(npf_rproc_t *rp) 307 1.1 rmind { 308 1.1 rmind atomic_inc_uint(&rp->rp_refcnt); 309 1.1 rmind } 310 1.1 rmind 311 1.3 rmind /* 312 1.3 rmind * npf_rproc_release: drop the reference count and destroy the rule 313 1.3 rmind * procedure on the last reference. 314 1.3 rmind */ 315 1.1 rmind void 316 1.1 rmind npf_rproc_release(npf_rproc_t *rp) 317 1.1 rmind { 318 1.1 rmind 319 1.1 rmind KASSERT(rp->rp_refcnt > 0); 320 1.1 rmind if (atomic_dec_uint_nv(&rp->rp_refcnt) != 0) { 321 1.1 rmind return; 322 1.1 rmind } 323 1.3 rmind /* XXXintr */ 324 1.3 rmind for (unsigned i = 0; i < rp->rp_ext_count; i++) { 325 1.3 rmind npf_ext_t *ext = rp->rp_ext[i]; 326 1.3 rmind const npf_ext_ops_t *extops = ext->ext_ops; 327 1.3 rmind 328 1.3 rmind extops->dtor(rp, rp->rp_ext_meta[i]); 329 1.3 rmind atomic_dec_uint(&ext->ext_refcnt); 330 1.3 rmind } 331 1.2 rmind kmem_intr_free(rp, sizeof(npf_rproc_t)); 332 1.1 rmind } 333 1.1 rmind 334 1.1 rmind void 335 1.3 rmind npf_rproc_assign(npf_rproc_t *rp, void *params) 336 1.1 rmind { 337 1.3 rmind unsigned i = rp->rp_ext_count; 338 1.3 rmind 339 1.3 rmind /* Note: params may be NULL. */ 340 1.3 rmind KASSERT(i < RPROC_EXT_COUNT); 341 1.3 rmind rp->rp_ext_meta[i] = params; 342 1.3 rmind } 343 1.3 rmind 344 1.3 rmind /* 345 1.3 rmind * npf_rproc_run: run the rule procedure by executing each extension call. 346 1.3 rmind * 347 1.3 rmind * => Reference on the rule procedure must be held. 348 1.3 rmind */ 349 1.10 jakllsch bool 350 1.11 rmind npf_rproc_run(npf_cache_t *npc, npf_rproc_t *rp, int *decision) 351 1.3 rmind { 352 1.3 rmind const unsigned extcount = rp->rp_ext_count; 353 1.1 rmind 354 1.11 rmind KASSERT(!nbuf_flag_p(npc->npc_nbuf, NBUF_DATAREF_RESET)); 355 1.1 rmind KASSERT(rp->rp_refcnt > 0); 356 1.1 rmind 357 1.3 rmind for (unsigned i = 0; i < extcount; i++) { 358 1.3 rmind const npf_ext_t *ext = rp->rp_ext[i]; 359 1.3 rmind const npf_ext_ops_t *extops = ext->ext_ops; 360 1.1 rmind 361 1.3 rmind KASSERT(ext->ext_refcnt > 0); 362 1.11 rmind if (!extops->proc(npc, rp->rp_ext_meta[i], decision)) { 363 1.10 jakllsch return false; 364 1.10 jakllsch } 365 1.5 rmind 366 1.11 rmind if (nbuf_flag_p(npc->npc_nbuf, NBUF_DATAREF_RESET)) { 367 1.11 rmind npf_recache(npc); 368 1.5 rmind } 369 1.1 rmind } 370 1.10 jakllsch 371 1.10 jakllsch return true; 372 1.1 rmind } 373
Indexes created Mon Sep 22 13:09:51 GMT 2025