npf_rproc.c revision 1.15
1 1.15 christos /* $NetBSD: npf_rproc.c,v 1.15 2016/12/28 21:55:04 christos Exp $ */ 2 1.1 rmind 3 1.1 rmind /*- 4 1.6 rmind * Copyright (c) 2009-2013 The NetBSD Foundation, Inc. 5 1.1 rmind * All rights reserved. 6 1.1 rmind * 7 1.1 rmind * This material is based upon work partially supported by The 8 1.1 rmind * NetBSD Foundation under a contract with Mindaugas Rasiukevicius. 9 1.1 rmind * 10 1.1 rmind * Redistribution and use in source and binary forms, with or without 11 1.1 rmind * modification, are permitted provided that the following conditions 12 1.1 rmind * are met: 13 1.1 rmind * 1. Redistributions of source code must retain the above copyright 14 1.1 rmind * notice, this list of conditions and the following disclaimer. 15 1.1 rmind * 2. Redistributions in binary form must reproduce the above copyright 16 1.1 rmind * notice, this list of conditions and the following disclaimer in the 17 1.1 rmind * documentation and/or other materials provided with the distribution. 18 1.1 rmind * 19 1.1 rmind * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS 20 1.1 rmind * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 21 1.1 rmind * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 22 1.1 rmind * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS 23 1.1 rmind * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 24 1.1 rmind * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 25 1.1 rmind * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 26 1.1 rmind * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 27 1.1 rmind * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 28 1.1 rmind * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 29 1.1 rmind * POSSIBILITY OF SUCH DAMAGE. 30 1.1 rmind */ 31 1.1 rmind 32 1.1 rmind /* 33 1.3 rmind * NPF extension and rule procedure interface. 34 1.1 rmind */ 35 1.1 rmind 36 1.14 christos #ifdef _KERNEL 37 1.1 rmind #include <sys/cdefs.h> 38 1.1 rmind __KERNEL_RCSID(0, "$NetBSD"); 39 1.1 rmind 40 1.1 rmind #include <sys/param.h> 41 1.2 rmind #include <sys/types.h> 42 1.1 rmind 43 1.1 rmind #include <sys/atomic.h> 44 1.1 rmind #include <sys/kmem.h> 45 1.3 rmind #include <sys/mutex.h> 46 1.7 christos #include <sys/module.h> 47 1.14 christos #endif 48 1.1 rmind 49 1.1 rmind #include "npf_impl.h" 50 1.1 rmind 51 1.3 rmind #define EXT_NAME_LEN 32 52 1.3 rmind 53 1.3 rmind typedef struct npf_ext { 54 1.3 rmind char ext_callname[EXT_NAME_LEN]; 55 1.3 rmind LIST_ENTRY(npf_ext) ext_entry; 56 1.3 rmind const npf_ext_ops_t * ext_ops; 57 1.3 rmind unsigned ext_refcnt; 58 1.3 rmind } npf_ext_t; 59 1.3 rmind 60 1.6 rmind struct npf_rprocset { 61 1.6 rmind LIST_HEAD(, npf_rproc) rps_list; 62 1.6 rmind }; 63 1.6 rmind 64 1.3 rmind #define RPROC_NAME_LEN 32 65 1.3 rmind #define RPROC_EXT_COUNT 16 66 1.1 rmind 67 1.1 rmind struct npf_rproc { 68 1.6 rmind /* Flags and reference count. */ 69 1.6 rmind uint32_t rp_flags; 70 1.1 rmind u_int rp_refcnt; 71 1.6 rmind 72 1.3 rmind /* Associated extensions and their metadata . */ 73 1.3 rmind unsigned rp_ext_count; 74 1.3 rmind npf_ext_t * rp_ext[RPROC_EXT_COUNT]; 75 1.3 rmind void * rp_ext_meta[RPROC_EXT_COUNT]; 76 1.6 rmind 77 1.6 rmind /* Name of the procedure and list entry. */ 78 1.6 rmind char rp_name[RPROC_NAME_LEN]; 79 1.6 rmind LIST_ENTRY(npf_rproc) rp_entry; 80 1.1 rmind }; 81 1.1 rmind 82 1.3 rmind void 83 1.14 christos npf_ext_init(npf_t *npf) 84 1.3 rmind { 85 1.14 christos mutex_init(&npf->ext_lock, MUTEX_DEFAULT, IPL_NONE); 86 1.14 christos LIST_INIT(&npf->ext_list); 87 1.3 rmind } 88 1.3 rmind 89 1.3 rmind void 90 1.14 christos npf_ext_fini(npf_t *npf) 91 1.3 rmind { 92 1.14 christos KASSERT(LIST_EMPTY(&npf->ext_list)); 93 1.14 christos mutex_destroy(&npf->ext_lock); 94 1.3 rmind } 95 1.3 rmind 96 1.3 rmind /* 97 1.3 rmind * NPF extension management for the rule procedures. 98 1.3 rmind */ 99 1.3 rmind 100 1.8 christos static const char npf_ext_prefix[] = "npf_ext_"; 101 1.8 christos #define NPF_EXT_PREFLEN (sizeof(npf_ext_prefix) - 1) 102 1.8 christos 103 1.3 rmind static npf_ext_t * 104 1.14 christos npf_ext_lookup(npf_t *npf, const char *name, bool autoload) 105 1.3 rmind { 106 1.8 christos npf_ext_t *ext; 107 1.8 christos char modname[RPROC_NAME_LEN + NPF_EXT_PREFLEN]; 108 1.9 christos int error; 109 1.3 rmind 110 1.14 christos KASSERT(mutex_owned(&npf->ext_lock)); 111 1.3 rmind 112 1.8 christos again: 113 1.14 christos LIST_FOREACH(ext, &npf->ext_list, ext_entry) 114 1.3 rmind if (strcmp(ext->ext_callname, name) == 0) 115 1.3 rmind break; 116 1.8 christos 117 1.9 christos if (ext != NULL || !autoload) 118 1.8 christos return ext; 119 1.8 christos 120 1.14 christos mutex_exit(&npf->ext_lock); 121 1.9 christos autoload = false; 122 1.8 christos snprintf(modname, sizeof(modname), "%s%s", npf_ext_prefix, name); 123 1.8 christos error = module_autoload(modname, MODULE_CLASS_MISC); 124 1.14 christos mutex_enter(&npf->ext_lock); 125 1.8 christos 126 1.8 christos if (error) 127 1.8 christos return NULL; 128 1.8 christos goto again; 129 1.3 rmind } 130 1.3 rmind 131 1.3 rmind void * 132 1.14 christos npf_ext_register(npf_t *npf, const char *name, const npf_ext_ops_t *ops) 133 1.3 rmind { 134 1.3 rmind npf_ext_t *ext; 135 1.3 rmind 136 1.3 rmind ext = kmem_zalloc(sizeof(npf_ext_t), KM_SLEEP); 137 1.3 rmind strlcpy(ext->ext_callname, name, EXT_NAME_LEN); 138 1.3 rmind ext->ext_ops = ops; 139 1.3 rmind 140 1.14 christos mutex_enter(&npf->ext_lock); 141 1.14 christos if (npf_ext_lookup(npf, name, false)) { 142 1.14 christos mutex_exit(&npf->ext_lock); 143 1.3 rmind kmem_free(ext, sizeof(npf_ext_t)); 144 1.3 rmind return NULL; 145 1.3 rmind } 146 1.14 christos LIST_INSERT_HEAD(&npf->ext_list, ext, ext_entry); 147 1.14 christos mutex_exit(&npf->ext_lock); 148 1.3 rmind 149 1.3 rmind return (void *)ext; 150 1.3 rmind } 151 1.3 rmind 152 1.3 rmind int 153 1.14 christos npf_ext_unregister(npf_t *npf, void *extid) 154 1.3 rmind { 155 1.3 rmind npf_ext_t *ext = extid; 156 1.3 rmind 157 1.3 rmind /* 158 1.3 rmind * Check if in-use first (re-check with the lock held). 159 1.3 rmind */ 160 1.3 rmind if (ext->ext_refcnt) { 161 1.3 rmind return EBUSY; 162 1.3 rmind } 163 1.3 rmind 164 1.14 christos mutex_enter(&npf->ext_lock); 165 1.3 rmind if (ext->ext_refcnt) { 166 1.14 christos mutex_exit(&npf->ext_lock); 167 1.3 rmind return EBUSY; 168 1.3 rmind } 169 1.14 christos KASSERT(npf_ext_lookup(npf, ext->ext_callname, false)); 170 1.3 rmind LIST_REMOVE(ext, ext_entry); 171 1.14 christos mutex_exit(&npf->ext_lock); 172 1.3 rmind 173 1.3 rmind kmem_free(ext, sizeof(npf_ext_t)); 174 1.3 rmind return 0; 175 1.3 rmind } 176 1.3 rmind 177 1.3 rmind int 178 1.14 christos npf_ext_construct(npf_t *npf, const char *name, 179 1.14 christos npf_rproc_t *rp, prop_dictionary_t params) 180 1.3 rmind { 181 1.3 rmind const npf_ext_ops_t *extops; 182 1.3 rmind npf_ext_t *ext; 183 1.3 rmind unsigned i; 184 1.3 rmind int error; 185 1.3 rmind 186 1.3 rmind if (rp->rp_ext_count >= RPROC_EXT_COUNT) { 187 1.3 rmind return ENOSPC; 188 1.3 rmind } 189 1.3 rmind 190 1.14 christos mutex_enter(&npf->ext_lock); 191 1.14 christos ext = npf_ext_lookup(npf, name, true); 192 1.3 rmind if (ext) { 193 1.3 rmind atomic_inc_uint(&ext->ext_refcnt); 194 1.3 rmind } 195 1.14 christos mutex_exit(&npf->ext_lock); 196 1.4 mlelstv 197 1.3 rmind if (!ext) { 198 1.3 rmind return ENOENT; 199 1.3 rmind } 200 1.3 rmind 201 1.4 mlelstv extops = ext->ext_ops; 202 1.4 mlelstv KASSERT(extops != NULL); 203 1.4 mlelstv 204 1.3 rmind error = extops->ctor(rp, params); 205 1.3 rmind if (error) { 206 1.3 rmind atomic_dec_uint(&ext->ext_refcnt); 207 1.3 rmind return error; 208 1.3 rmind } 209 1.3 rmind i = rp->rp_ext_count++; 210 1.3 rmind rp->rp_ext[i] = ext; 211 1.3 rmind return 0; 212 1.3 rmind } 213 1.3 rmind 214 1.3 rmind /* 215 1.3 rmind * Rule procedure management. 216 1.3 rmind */ 217 1.3 rmind 218 1.6 rmind npf_rprocset_t * 219 1.6 rmind npf_rprocset_create(void) 220 1.6 rmind { 221 1.6 rmind npf_rprocset_t *rpset; 222 1.6 rmind 223 1.6 rmind rpset = kmem_zalloc(sizeof(npf_rprocset_t), KM_SLEEP); 224 1.6 rmind LIST_INIT(&rpset->rps_list); 225 1.6 rmind return rpset; 226 1.6 rmind } 227 1.6 rmind 228 1.6 rmind void 229 1.6 rmind npf_rprocset_destroy(npf_rprocset_t *rpset) 230 1.6 rmind { 231 1.6 rmind npf_rproc_t *rp; 232 1.6 rmind 233 1.6 rmind while ((rp = LIST_FIRST(&rpset->rps_list)) != NULL) { 234 1.6 rmind LIST_REMOVE(rp, rp_entry); 235 1.6 rmind npf_rproc_release(rp); 236 1.6 rmind } 237 1.6 rmind kmem_free(rpset, sizeof(npf_rprocset_t)); 238 1.6 rmind } 239 1.6 rmind 240 1.6 rmind /* 241 1.6 rmind * npf_rproc_lookup: find a rule procedure by the name. 242 1.6 rmind */ 243 1.6 rmind npf_rproc_t * 244 1.6 rmind npf_rprocset_lookup(npf_rprocset_t *rpset, const char *name) 245 1.6 rmind { 246 1.6 rmind npf_rproc_t *rp; 247 1.6 rmind 248 1.6 rmind LIST_FOREACH(rp, &rpset->rps_list, rp_entry) { 249 1.6 rmind if (strncmp(rp->rp_name, name, RPROC_NAME_LEN) == 0) 250 1.6 rmind break; 251 1.6 rmind } 252 1.8 christos return rp; 253 1.6 rmind } 254 1.6 rmind 255 1.6 rmind /* 256 1.6 rmind * npf_rproc_insert: insert a new rule procedure into the set. 257 1.6 rmind */ 258 1.6 rmind void 259 1.6 rmind npf_rprocset_insert(npf_rprocset_t *rpset, npf_rproc_t *rp) 260 1.6 rmind { 261 1.6 rmind LIST_INSERT_HEAD(&rpset->rps_list, rp, rp_entry); 262 1.6 rmind } 263 1.6 rmind 264 1.12 rmind int 265 1.12 rmind npf_rprocset_export(const npf_rprocset_t *rpset, prop_array_t rprocs) 266 1.12 rmind { 267 1.12 rmind prop_dictionary_t rpdict; 268 1.12 rmind const npf_rproc_t *rp; 269 1.12 rmind 270 1.12 rmind LIST_FOREACH(rp, &rpset->rps_list, rp_entry) { 271 1.12 rmind rpdict = prop_dictionary_create(); 272 1.13 christos prop_array_t extcalls = prop_array_create(); 273 1.13 christos prop_dictionary_set_and_rel(rpdict, "extcalls", extcalls); 274 1.12 rmind prop_dictionary_set_cstring(rpdict, "name", rp->rp_name); 275 1.12 rmind prop_dictionary_set_uint32(rpdict, "flags", rp->rp_flags); 276 1.12 rmind prop_array_add(rprocs, rpdict); 277 1.12 rmind prop_object_release(rpdict); 278 1.12 rmind } 279 1.12 rmind return 0; 280 1.12 rmind } 281 1.12 rmind 282 1.3 rmind /* 283 1.3 rmind * npf_rproc_create: construct a new rule procedure, lookup and associate 284 1.3 rmind * the extension calls with it. 285 1.3 rmind */ 286 1.1 rmind npf_rproc_t * 287 1.1 rmind npf_rproc_create(prop_dictionary_t rpdict) 288 1.1 rmind { 289 1.3 rmind const char *name; 290 1.1 rmind npf_rproc_t *rp; 291 1.3 rmind 292 1.3 rmind if (!prop_dictionary_get_cstring_nocopy(rpdict, "name", &name)) { 293 1.3 rmind return NULL; 294 1.3 rmind } 295 1.1 rmind 296 1.2 rmind rp = kmem_intr_zalloc(sizeof(npf_rproc_t), KM_SLEEP); 297 1.1 rmind rp->rp_refcnt = 1; 298 1.1 rmind 299 1.3 rmind strlcpy(rp->rp_name, name, RPROC_NAME_LEN); 300 1.1 rmind prop_dictionary_get_uint32(rpdict, "flags", &rp->rp_flags); 301 1.1 rmind return rp; 302 1.1 rmind } 303 1.1 rmind 304 1.3 rmind /* 305 1.3 rmind * npf_rproc_acquire: acquire the reference on the rule procedure. 306 1.3 rmind */ 307 1.1 rmind void 308 1.1 rmind npf_rproc_acquire(npf_rproc_t *rp) 309 1.1 rmind { 310 1.1 rmind atomic_inc_uint(&rp->rp_refcnt); 311 1.1 rmind } 312 1.1 rmind 313 1.3 rmind /* 314 1.15 christos * npf_rproc_getname: return the name of the given rproc 315 1.15 christos */ 316 1.15 christos const char * 317 1.15 christos npf_rproc_getname(const npf_rproc_t *rp) 318 1.15 christos { 319 1.15 christos return rp->rp_name; 320 1.15 christos } 321 1.15 christos 322 1.15 christos /* 323 1.3 rmind * npf_rproc_release: drop the reference count and destroy the rule 324 1.3 rmind * procedure on the last reference. 325 1.3 rmind */ 326 1.1 rmind void 327 1.1 rmind npf_rproc_release(npf_rproc_t *rp) 328 1.1 rmind { 329 1.1 rmind 330 1.1 rmind KASSERT(rp->rp_refcnt > 0); 331 1.1 rmind if (atomic_dec_uint_nv(&rp->rp_refcnt) != 0) { 332 1.1 rmind return; 333 1.1 rmind } 334 1.3 rmind /* XXXintr */ 335 1.3 rmind for (unsigned i = 0; i < rp->rp_ext_count; i++) { 336 1.3 rmind npf_ext_t *ext = rp->rp_ext[i]; 337 1.3 rmind const npf_ext_ops_t *extops = ext->ext_ops; 338 1.3 rmind 339 1.3 rmind extops->dtor(rp, rp->rp_ext_meta[i]); 340 1.3 rmind atomic_dec_uint(&ext->ext_refcnt); 341 1.3 rmind } 342 1.2 rmind kmem_intr_free(rp, sizeof(npf_rproc_t)); 343 1.1 rmind } 344 1.1 rmind 345 1.1 rmind void 346 1.3 rmind npf_rproc_assign(npf_rproc_t *rp, void *params) 347 1.1 rmind { 348 1.3 rmind unsigned i = rp->rp_ext_count; 349 1.3 rmind 350 1.3 rmind /* Note: params may be NULL. */ 351 1.3 rmind KASSERT(i < RPROC_EXT_COUNT); 352 1.3 rmind rp->rp_ext_meta[i] = params; 353 1.3 rmind } 354 1.3 rmind 355 1.3 rmind /* 356 1.3 rmind * npf_rproc_run: run the rule procedure by executing each extension call. 357 1.3 rmind * 358 1.3 rmind * => Reference on the rule procedure must be held. 359 1.3 rmind */ 360 1.10 jakllsch bool 361 1.11 rmind npf_rproc_run(npf_cache_t *npc, npf_rproc_t *rp, int *decision) 362 1.3 rmind { 363 1.3 rmind const unsigned extcount = rp->rp_ext_count; 364 1.1 rmind 365 1.11 rmind KASSERT(!nbuf_flag_p(npc->npc_nbuf, NBUF_DATAREF_RESET)); 366 1.1 rmind KASSERT(rp->rp_refcnt > 0); 367 1.1 rmind 368 1.3 rmind for (unsigned i = 0; i < extcount; i++) { 369 1.3 rmind const npf_ext_t *ext = rp->rp_ext[i]; 370 1.3 rmind const npf_ext_ops_t *extops = ext->ext_ops; 371 1.1 rmind 372 1.3 rmind KASSERT(ext->ext_refcnt > 0); 373 1.11 rmind if (!extops->proc(npc, rp->rp_ext_meta[i], decision)) { 374 1.10 jakllsch return false; 375 1.10 jakllsch } 376 1.5 rmind 377 1.11 rmind if (nbuf_flag_p(npc->npc_nbuf, NBUF_DATAREF_RESET)) { 378 1.11 rmind npf_recache(npc); 379 1.5 rmind } 380 1.1 rmind } 381 1.10 jakllsch 382 1.10 jakllsch return true; 383 1.1 rmind } 384
Indexes created Sun Sep 21 20:09:37 GMT 2025