npf_test_subr.c revision 1.18
1 1.1 rmind /* 2 1.1 rmind * NPF initialisation and handler routines. 3 1.1 rmind * 4 1.1 rmind * Public Domain. 5 1.1 rmind */ 6 1.1 rmind 7 1.12 christos #ifdef _KERNEL 8 1.1 rmind #include <sys/types.h> 9 1.7 rmind #include <sys/cprng.h> 10 1.13 rmind #include <sys/kmem.h> 11 1.1 rmind #include <net/if.h> 12 1.1 rmind #include <net/if_types.h> 13 1.12 christos #endif 14 1.1 rmind 15 1.1 rmind #include "npf_impl.h" 16 1.1 rmind #include "npf_test.h" 17 1.1 rmind 18 1.1 rmind /* State of the current stream. */ 19 1.1 rmind static npf_state_t cstream_state; 20 1.1 rmind static void * cstream_ptr; 21 1.1 rmind static bool cstream_retval; 22 1.1 rmind 23 1.9 rmind static long (*_random_func)(void); 24 1.9 rmind static int (*_pton_func)(int, const char *, void *); 25 1.9 rmind static const char * (*_ntop_func)(int, const void *, char *, socklen_t); 26 1.9 rmind 27 1.4 rmind static void npf_state_sample(npf_state_t *, bool); 28 1.4 rmind 29 1.13 rmind static void load_npf_config_ifs(nvlist_t *, bool); 30 1.13 rmind 31 1.12 christos #ifndef __NetBSD__ 32 1.12 christos /* 33 1.12 christos * Standalone NPF: we define the same struct ifnet members 34 1.12 christos * to reduce the npf_ifops_t implementation differences. 35 1.12 christos */ 36 1.12 christos struct ifnet { 37 1.12 christos char if_xname[32]; 38 1.12 christos void * if_softc; 39 1.12 christos TAILQ_ENTRY(ifnet) if_list; 40 1.12 christos }; 41 1.12 christos #endif 42 1.12 christos 43 1.12 christos static TAILQ_HEAD(, ifnet) npftest_ifnet_list = 44 1.12 christos TAILQ_HEAD_INITIALIZER(npftest_ifnet_list); 45 1.12 christos 46 1.17 rmind static const char * npftest_ifop_getname(npf_t *, ifnet_t *); 47 1.17 rmind static ifnet_t * npftest_ifop_lookup(npf_t *, const char *); 48 1.17 rmind static void npftest_ifop_flush(npf_t *, void *); 49 1.17 rmind static void * npftest_ifop_getmeta(npf_t *, const ifnet_t *); 50 1.17 rmind static void npftest_ifop_setmeta(npf_t *, ifnet_t *, void *); 51 1.12 christos 52 1.15 rmind const npf_ifops_t npftest_ifops = { 53 1.12 christos .getname = npftest_ifop_getname, 54 1.17 rmind .lookup = npftest_ifop_lookup, 55 1.12 christos .flush = npftest_ifop_flush, 56 1.12 christos .getmeta = npftest_ifop_getmeta, 57 1.12 christos .setmeta = npftest_ifop_setmeta, 58 1.12 christos }; 59 1.12 christos 60 1.4 rmind void 61 1.9 rmind npf_test_init(int (*pton_func)(int, const char *, void *), 62 1.9 rmind const char *(*ntop_func)(int, const void *, char *, socklen_t), 63 1.9 rmind long (*rndfunc)(void)) 64 1.4 rmind { 65 1.12 christos npf_t *npf; 66 1.12 christos 67 1.18 rmind #ifdef __NetBSD__ 68 1.18 rmind // XXX: Workaround for npf_init() 69 1.18 rmind if ((npf = npf_getkernctx()) != NULL) { 70 1.18 rmind npf_worker_discharge(npf); 71 1.18 rmind npf_worker_sysfini(); 72 1.18 rmind } 73 1.18 rmind #endif 74 1.16 rmind npfk_sysinit(0); 75 1.17 rmind npf = npfk_create(0, &npftest_mbufops, &npftest_ifops, NULL); 76 1.16 rmind npfk_thread_register(npf); 77 1.12 christos npf_setkernctx(npf); 78 1.12 christos 79 1.4 rmind npf_state_setsampler(npf_state_sample); 80 1.9 rmind _pton_func = pton_func; 81 1.9 rmind _ntop_func = ntop_func; 82 1.9 rmind _random_func = rndfunc; 83 1.15 rmind 84 1.15 rmind (void)npf_test_addif(IFNAME_DUMMY, false, false); 85 1.4 rmind } 86 1.4 rmind 87 1.12 christos void 88 1.12 christos npf_test_fini(void) 89 1.12 christos { 90 1.12 christos npf_t *npf = npf_getkernctx(); 91 1.16 rmind npfk_thread_unregister(npf); 92 1.16 rmind npfk_destroy(npf); 93 1.16 rmind npfk_sysfini(); 94 1.12 christos } 95 1.12 christos 96 1.1 rmind int 97 1.13 rmind npf_test_load(const void *buf, size_t len, bool verbose) 98 1.1 rmind { 99 1.13 rmind nvlist_t *npf_dict; 100 1.13 rmind npf_error_t error; 101 1.17 rmind int ret; 102 1.13 rmind 103 1.13 rmind npf_dict = nvlist_unpack(buf, len, 0); 104 1.13 rmind if (!npf_dict) { 105 1.13 rmind printf("%s: could not unpack the nvlist\n", __func__); 106 1.13 rmind return EINVAL; 107 1.13 rmind } 108 1.13 rmind load_npf_config_ifs(npf_dict, verbose); 109 1.17 rmind ret = npfk_load(npf_getkernctx(), npf_dict, &error); 110 1.17 rmind nvlist_destroy(npf_dict); 111 1.17 rmind return ret; 112 1.1 rmind } 113 1.1 rmind 114 1.6 rmind ifnet_t * 115 1.6 rmind npf_test_addif(const char *ifname, bool reg, bool verbose) 116 1.3 rmind { 117 1.12 christos npf_t *npf = npf_getkernctx(); 118 1.13 rmind ifnet_t *ifp = kmem_zalloc(sizeof(*ifp), KM_SLEEP); 119 1.3 rmind 120 1.3 rmind /* 121 1.3 rmind * This is a "fake" interface with explicitly set index. 122 1.6 rmind * Note: test modules may not setup pfil(9) hooks and if_attach() 123 1.6 rmind * may not trigger npf_ifmap_attach(), so we call it manually. 124 1.3 rmind */ 125 1.3 rmind strlcpy(ifp->if_xname, ifname, sizeof(ifp->if_xname)); 126 1.12 christos TAILQ_INSERT_TAIL(&npftest_ifnet_list, ifp, if_list); 127 1.6 rmind 128 1.16 rmind npfk_ifmap_attach(npf, ifp); 129 1.6 rmind if (reg) { 130 1.12 christos npf_ifmap_register(npf, ifname); 131 1.6 rmind } 132 1.6 rmind 133 1.6 rmind if (verbose) { 134 1.6 rmind printf("+ Interface %s\n", ifname); 135 1.6 rmind } 136 1.6 rmind return ifp; 137 1.3 rmind } 138 1.3 rmind 139 1.17 rmind ifnet_t * 140 1.17 rmind npf_test_getif(const char *ifname) 141 1.17 rmind { 142 1.17 rmind ifnet_t *ifp; 143 1.17 rmind 144 1.17 rmind TAILQ_FOREACH(ifp, &npftest_ifnet_list, if_list) { 145 1.17 rmind if (!strcmp(ifp->if_xname, ifname)) 146 1.17 rmind return ifp; 147 1.17 rmind } 148 1.17 rmind return NULL; 149 1.17 rmind } 150 1.17 rmind 151 1.13 rmind static void 152 1.13 rmind load_npf_config_ifs(nvlist_t *npf_dict, bool verbose) 153 1.13 rmind { 154 1.13 rmind const nvlist_t * const *iflist; 155 1.13 rmind const nvlist_t *dbg_dict; 156 1.13 rmind size_t nitems; 157 1.13 rmind 158 1.13 rmind dbg_dict = dnvlist_get_nvlist(npf_dict, "debug", NULL); 159 1.13 rmind if (!dbg_dict) { 160 1.13 rmind return; 161 1.13 rmind } 162 1.13 rmind if (!nvlist_exists_nvlist_array(dbg_dict, "interfaces")) { 163 1.13 rmind return; 164 1.13 rmind } 165 1.13 rmind iflist = nvlist_get_nvlist_array(dbg_dict, "interfaces", &nitems); 166 1.13 rmind for (unsigned i = 0; i < nitems; i++) { 167 1.13 rmind const nvlist_t *ifdict = iflist[i]; 168 1.13 rmind const char *ifname; 169 1.13 rmind 170 1.13 rmind if ((ifname = nvlist_get_string(ifdict, "name")) != NULL) { 171 1.13 rmind (void)npf_test_addif(ifname, true, verbose); 172 1.13 rmind } 173 1.13 rmind } 174 1.13 rmind } 175 1.13 rmind 176 1.12 christos static const char * 177 1.17 rmind npftest_ifop_getname(npf_t *npf __unused, ifnet_t *ifp) 178 1.12 christos { 179 1.12 christos return ifp->if_xname; 180 1.12 christos } 181 1.12 christos 182 1.17 rmind static ifnet_t * 183 1.17 rmind npftest_ifop_lookup(npf_t *npf __unused, const char *ifname) 184 1.3 rmind { 185 1.17 rmind return npf_test_getif(ifname); 186 1.12 christos } 187 1.12 christos 188 1.12 christos static void 189 1.17 rmind npftest_ifop_flush(npf_t *npf __unused, void *arg) 190 1.12 christos { 191 1.12 christos ifnet_t *ifp; 192 1.12 christos 193 1.12 christos TAILQ_FOREACH(ifp, &npftest_ifnet_list, if_list) 194 1.12 christos ifp->if_softc = arg; 195 1.12 christos } 196 1.12 christos 197 1.12 christos static void * 198 1.17 rmind npftest_ifop_getmeta(npf_t *npf __unused, const ifnet_t *ifp) 199 1.12 christos { 200 1.12 christos return ifp->if_softc; 201 1.12 christos } 202 1.12 christos 203 1.12 christos static void 204 1.17 rmind npftest_ifop_setmeta(npf_t *npf __unused, ifnet_t *ifp, void *arg) 205 1.12 christos { 206 1.12 christos ifp->if_softc = arg; 207 1.3 rmind } 208 1.3 rmind 209 1.1 rmind /* 210 1.1 rmind * State sampler - this routine is called from inside of NPF state engine. 211 1.1 rmind */ 212 1.4 rmind static void 213 1.1 rmind npf_state_sample(npf_state_t *nst, bool retval) 214 1.1 rmind { 215 1.1 rmind /* Pointer will serve as an ID. */ 216 1.1 rmind cstream_ptr = nst; 217 1.1 rmind memcpy(&cstream_state, nst, sizeof(npf_state_t)); 218 1.1 rmind cstream_retval = retval; 219 1.1 rmind } 220 1.1 rmind 221 1.1 rmind int 222 1.6 rmind npf_test_statetrack(const void *data, size_t len, ifnet_t *ifp, 223 1.1 rmind bool forw, int64_t *result) 224 1.1 rmind { 225 1.12 christos npf_t *npf = npf_getkernctx(); 226 1.1 rmind struct mbuf *m; 227 1.1 rmind int i = 0, error; 228 1.1 rmind 229 1.1 rmind m = mbuf_getwithdata(data, len); 230 1.16 rmind error = npfk_packet_handler(npf, &m, ifp, forw ? PFIL_OUT : PFIL_IN); 231 1.1 rmind if (error) { 232 1.1 rmind assert(m == NULL); 233 1.1 rmind return error; 234 1.1 rmind } 235 1.1 rmind assert(m != NULL); 236 1.1 rmind m_freem(m); 237 1.1 rmind 238 1.1 rmind const int di = forw ? NPF_FLOW_FORW : NPF_FLOW_BACK; 239 1.1 rmind npf_tcpstate_t *fstate = &cstream_state.nst_tcpst[di]; 240 1.1 rmind npf_tcpstate_t *tstate = &cstream_state.nst_tcpst[!di]; 241 1.1 rmind 242 1.1 rmind result[i++] = (intptr_t)cstream_ptr; 243 1.1 rmind result[i++] = cstream_retval; 244 1.1 rmind result[i++] = cstream_state.nst_state; 245 1.1 rmind 246 1.1 rmind result[i++] = fstate->nst_end; 247 1.1 rmind result[i++] = fstate->nst_maxend; 248 1.1 rmind result[i++] = fstate->nst_maxwin; 249 1.2 rmind result[i++] = fstate->nst_wscale; 250 1.1 rmind 251 1.1 rmind result[i++] = tstate->nst_end; 252 1.1 rmind result[i++] = tstate->nst_maxend; 253 1.1 rmind result[i++] = tstate->nst_maxwin; 254 1.2 rmind result[i++] = tstate->nst_wscale; 255 1.1 rmind 256 1.1 rmind return 0; 257 1.1 rmind } 258 1.7 rmind 259 1.9 rmind int 260 1.9 rmind npf_inet_pton(int af, const char *src, void *dst) 261 1.9 rmind { 262 1.9 rmind return _pton_func(af, src, dst); 263 1.9 rmind } 264 1.9 rmind 265 1.9 rmind const char * 266 1.9 rmind npf_inet_ntop(int af, const void *src, char *dst, socklen_t size) 267 1.9 rmind { 268 1.9 rmind return _ntop_func(af, src, dst, size); 269 1.9 rmind } 270 1.9 rmind 271 1.12 christos #ifdef _KERNEL 272 1.7 rmind /* 273 1.11 tls * Need to override cprng_fast32() -- we need deterministic PRNG. 274 1.7 rmind */ 275 1.7 rmind uint32_t 276 1.11 tls cprng_fast32(void) 277 1.7 rmind { 278 1.9 rmind return (uint32_t)(_random_func ? _random_func() : random()); 279 1.7 rmind } 280 1.12 christos #endif 281
Indexes created Mon Sep 22 13:09:51 GMT 2025