PERFORCE change 142665 for review
Julian Elischer
julian at FreeBSD.org
Sun Jun 1 06:50:39 UTC 2008
http://perforce.freebsd.org/chv.cgi?CH=142665
Change 142665 by julian at julian_trafmon1 on 2008/06/01 06:49:56
Make things compile if ipfw nat is included.
This doesn't mean it works.
Affected files ...
.. //depot/projects/vimage/src/sys/netinet/ip_fw.h#11 edit
.. //depot/projects/vimage/src/sys/netinet/ip_fw2.c#33 edit
.. //depot/projects/vimage/src/sys/netinet/ip_fw_nat.c#2 edit
Differences ...
==== //depot/projects/vimage/src/sys/netinet/ip_fw.h#11 (text+ko) ====
@@ -647,6 +647,7 @@
int ipfw_init(void);
void ipfw_destroy(void);
+void ipfw_nat_destroy(void);
typedef int ip_fw_ctl_t(struct sockopt *);
extern ip_fw_ctl_t *ip_fw_ctl_ptr;
@@ -771,6 +772,7 @@
#define V_norule_counter VNET_IPFW(norule_counter)
#define V_ipfw_timeout VNET_IPFW(ipfw_timeout)
+#define V_ifaddr_event_tag VNET_IPFW(ifaddr_event_tag)
#endif /* _KERNEL */
#endif /* _IPFW2_H */
==== //depot/projects/vimage/src/sys/netinet/ip_fw2.c#33 (text+ko) ====
@@ -4703,7 +4703,7 @@
#endif
#ifdef IPFIREWALL_NAT
- EVENTHANDLER_DEREGISTER(ifaddr_event, ifaddr_event_tag);
+ ipfw_nat_destroy();
#endif
IPFW_DYN_LOCK_DESTROY();
uma_zdestroy(ipfw_dyn_rule_zone);
==== //depot/projects/vimage/src/sys/netinet/ip_fw_nat.c#2 (text+ko) ====
@@ -24,6 +24,7 @@
* SUCH DAMAGE.
*/
+#include "opt_vimage.h"
#include <sys/cdefs.h>
__FBSDID("$FreeBSD: src/sys/netinet/ip_fw_nat.c,v 1.2 2008/03/03 22:32:01 piso Exp $");
@@ -45,6 +46,7 @@
#include <sys/sysctl.h>
#include <sys/syslog.h>
#include <sys/ucred.h>
+#include <sys/vimage.h>
#include <netinet/libalias/alias.h>
#include <netinet/libalias/alias_local.h>
@@ -52,6 +54,7 @@
#define IPFW_INTERNAL /* Access to protected data structures in ip_fw.h. */
#include <net/if.h>
+#include <net/vnet.h>
#include <netinet/in.h>
#include <netinet/ip.h>
#include <netinet/ip_var.h>
@@ -63,12 +66,15 @@
#include <netinet/tcpip.h>
#include <netinet/udp.h>
#include <netinet/udp_var.h>
+#include <netinet/vinet.h>
#include <machine/in_cksum.h> /* XXX for in_cksum */
MALLOC_DECLARE(M_IPFW);
-extern struct ip_fw_chain layer3_chain;
+#ifndef VIMAGE
+extern struct ip_fw_chain V_layer3_chain;
+#endif
static eventhandler_tag ifaddr_event_tag;
@@ -81,12 +87,13 @@
static void
ifaddr_change(void *arg __unused, struct ifnet *ifp)
{
+ INIT_VNET_IPFW(curvnet);
struct cfg_nat *ptr;
struct ifaddr *ifa;
- IPFW_WLOCK(&layer3_chain);
+ IPFW_WLOCK(&V_layer3_chain);
/* Check every nat entry... */
- LIST_FOREACH(ptr, &layer3_chain.nat, _next) {
+ LIST_FOREACH(ptr, &V_layer3_chain.nat, _next) {
/* ...using nic 'ifp->if_xname' as dynamic alias address. */
if (strncmp(ptr->if_name, ifp->if_xname, IF_NAMESIZE) == 0) {
mtx_lock(&ifp->if_addr_mtx);
@@ -102,16 +109,17 @@
mtx_unlock(&ifp->if_addr_mtx);
}
}
- IPFW_WUNLOCK(&layer3_chain);
+ IPFW_WUNLOCK(&V_layer3_chain);
}
static void
flush_nat_ptrs(const int i)
{
+ INIT_VNET_IPFW(curvnet);
struct ip_fw *rule;
- IPFW_WLOCK_ASSERT(&layer3_chain);
- for (rule = layer3_chain.rules; rule; rule = rule->next) {
+ IPFW_WLOCK_ASSERT(&V_layer3_chain);
+ for (rule = V_layer3_chain.rules; rule; rule = rule->next) {
ipfw_insn_nat *cmd = (ipfw_insn_nat *)ACTION_PTR(rule);
if (cmd->o.opcode != O_NAT)
continue;
@@ -121,12 +129,12 @@
}
#define HOOK_NAT(b, p) do { \
- IPFW_WLOCK_ASSERT(&layer3_chain); \
+ IPFW_WLOCK_ASSERT(&V_layer3_chain); \
LIST_INSERT_HEAD(b, p, _next); \
} while (0)
#define UNHOOK_NAT(p) do { \
- IPFW_WLOCK_ASSERT(&layer3_chain); \
+ IPFW_WLOCK_ASSERT(&V_layer3_chain); \
LIST_REMOVE(p, _next); \
} while (0)
@@ -402,6 +410,7 @@
static int
ipfw_nat_cfg(struct sockopt *sopt)
{
+ INIT_VNET_IPFW(curvnet);
struct cfg_nat *ptr, *ser_n;
char *buf;
@@ -413,20 +422,20 @@
/*
* Find/create nat rule.
*/
- IPFW_WLOCK(&layer3_chain);
- LOOKUP_NAT(layer3_chain, ser_n->id, ptr);
+ IPFW_WLOCK(&V_layer3_chain);
+ LOOKUP_NAT(V_layer3_chain, ser_n->id, ptr);
if (ptr == NULL) {
/* New rule: allocate and init new instance. */
ptr = malloc(sizeof(struct cfg_nat),
M_IPFW, M_NOWAIT | M_ZERO);
if (ptr == NULL) {
- IPFW_WUNLOCK(&layer3_chain);
+ IPFW_WUNLOCK(&V_layer3_chain);
free(buf, M_IPFW);
return (ENOSPC);
}
ptr->lib = LibAliasInit(NULL);
if (ptr->lib == NULL) {
- IPFW_WUNLOCK(&layer3_chain);
+ IPFW_WUNLOCK(&V_layer3_chain);
free(ptr, M_IPFW);
free(buf, M_IPFW);
return (EINVAL);
@@ -437,7 +446,7 @@
UNHOOK_NAT(ptr);
flush_nat_ptrs(ser_n->id);
}
- IPFW_WUNLOCK(&layer3_chain);
+ IPFW_WUNLOCK(&V_layer3_chain);
/*
* Basic nat configuration.
@@ -463,28 +472,29 @@
/* Add new entries. */
add_redir_spool_cfg(&buf[(sizeof(struct cfg_nat))], ptr);
free(buf, M_IPFW);
- IPFW_WLOCK(&layer3_chain);
- HOOK_NAT(&layer3_chain.nat, ptr);
- IPFW_WUNLOCK(&layer3_chain);
+ IPFW_WLOCK(&V_layer3_chain);
+ HOOK_NAT(&V_layer3_chain.nat, ptr);
+ IPFW_WUNLOCK(&V_layer3_chain);
return (0);
}
static int
ipfw_nat_del(struct sockopt *sopt)
{
+ INIT_VNET_IPFW(curvnet);
struct cfg_nat *ptr;
int i;
sooptcopyin(sopt, &i, sizeof i, sizeof i);
- IPFW_WLOCK(&layer3_chain);
- LOOKUP_NAT(layer3_chain, i, ptr);
+ IPFW_WLOCK(&V_layer3_chain);
+ LOOKUP_NAT(V_layer3_chain, i, ptr);
if (ptr == NULL) {
- IPFW_WUNLOCK(&layer3_chain);
+ IPFW_WUNLOCK(&V_layer3_chain);
return (EINVAL);
}
UNHOOK_NAT(ptr);
flush_nat_ptrs(i);
- IPFW_WUNLOCK(&layer3_chain);
+ IPFW_WUNLOCK(&V_layer3_chain);
del_redir_spool_cfg(ptr, &ptr->redir_chain);
LibAliasUninit(ptr->lib);
free(ptr, M_IPFW);
@@ -494,6 +504,7 @@
static int
ipfw_nat_get_cfg(struct sockopt *sopt)
{
+ INIT_VNET_IPFW(curvnet);
uint8_t *data;
struct cfg_nat *n;
struct cfg_redir *r;
@@ -504,9 +515,9 @@
off = sizeof(nat_cnt);
data = malloc(NAT_BUF_LEN, M_IPFW, M_WAITOK | M_ZERO);
- IPFW_RLOCK(&layer3_chain);
+ IPFW_RLOCK(&V_layer3_chain);
/* Serialize all the data. */
- LIST_FOREACH(n, &layer3_chain.nat, _next) {
+ LIST_FOREACH(n, &V_layer3_chain.nat, _next) {
nat_cnt++;
if (off + SOF_NAT < NAT_BUF_LEN) {
bcopy(n, &data[off], SOF_NAT);
@@ -533,12 +544,12 @@
goto nospace;
}
bcopy(&nat_cnt, data, sizeof(nat_cnt));
- IPFW_RUNLOCK(&layer3_chain);
+ IPFW_RUNLOCK(&V_layer3_chain);
sooptcopyout(sopt, data, NAT_BUF_LEN);
free(data, M_IPFW);
return (0);
nospace:
- IPFW_RUNLOCK(&layer3_chain);
+ IPFW_RUNLOCK(&V_layer3_chain);
printf("serialized data buffer not big enough:"
"please increase NAT_BUF_LEN\n");
free(data, M_IPFW);
@@ -548,6 +559,7 @@
static int
ipfw_nat_get_log(struct sockopt *sopt)
{
+ INIT_VNET_IPFW(curvnet);
uint8_t *data;
struct cfg_nat *ptr;
int i, size, cnt, sof;
@@ -556,16 +568,16 @@
sof = LIBALIAS_BUF_SIZE;
cnt = 0;
- IPFW_RLOCK(&layer3_chain);
+ IPFW_RLOCK(&V_layer3_chain);
size = i = 0;
- LIST_FOREACH(ptr, &layer3_chain.nat, _next) {
+ LIST_FOREACH(ptr, &V_layer3_chain.nat, _next) {
if (ptr->lib->logDesc == NULL)
continue;
cnt++;
size = cnt * (sof + sizeof(int));
data = realloc(data, size, M_IPFW, M_NOWAIT | M_ZERO);
if (data == NULL) {
- IPFW_RUNLOCK(&layer3_chain);
+ IPFW_RUNLOCK(&V_layer3_chain);
return (ENOSPC);
}
bcopy(&ptr->id, &data[i], sizeof(int));
@@ -573,7 +585,7 @@
bcopy(ptr->lib->logDesc, &data[i], sof);
i += sof;
}
- IPFW_RUNLOCK(&layer3_chain);
+ IPFW_RUNLOCK(&V_layer3_chain);
sooptcopyout(sopt, data, size);
free(data, M_IPFW);
return(0);
@@ -582,27 +594,29 @@
static void
ipfw_nat_init(void)
{
+ INIT_VNET_IPFW(curvnet);
- IPFW_WLOCK(&layer3_chain);
+ IPFW_WLOCK(&V_layer3_chain);
/* init ipfw hooks */
ipfw_nat_ptr = ipfw_nat;
ipfw_nat_cfg_ptr = ipfw_nat_cfg;
ipfw_nat_del_ptr = ipfw_nat_del;
ipfw_nat_get_cfg_ptr = ipfw_nat_get_cfg;
ipfw_nat_get_log_ptr = ipfw_nat_get_log;
- IPFW_WUNLOCK(&layer3_chain);
+ IPFW_WUNLOCK(&V_layer3_chain);
ifaddr_event_tag = EVENTHANDLER_REGISTER(ifaddr_event, ifaddr_change,
NULL, EVENTHANDLER_PRI_ANY);
}
-static void
+void
ipfw_nat_destroy(void)
{
+ INIT_VNET_IPFW(curvnet);
struct ip_fw *rule;
struct cfg_nat *ptr, *ptr_temp;
- IPFW_WLOCK(&layer3_chain);
- LIST_FOREACH_SAFE(ptr, &layer3_chain.nat, _next, ptr_temp) {
+ IPFW_WLOCK(&V_layer3_chain);
+ LIST_FOREACH_SAFE(ptr, &V_layer3_chain.nat, _next, ptr_temp) {
LIST_REMOVE(ptr, _next);
del_redir_spool_cfg(ptr, &ptr->redir_chain);
LibAliasUninit(ptr->lib);
@@ -610,14 +624,14 @@
}
EVENTHANDLER_DEREGISTER(ifaddr_event, ifaddr_event_tag);
/* flush all nat ptrs */
- for (rule = layer3_chain.rules; rule; rule = rule->next) {
+ for (rule = V_layer3_chain.rules; rule; rule = rule->next) {
ipfw_insn_nat *cmd = (ipfw_insn_nat *)ACTION_PTR(rule);
if (cmd->o.opcode == O_NAT)
cmd->nat = NULL;
}
/* deregister ipfw_nat */
ipfw_nat_ptr = NULL;
- IPFW_WUNLOCK(&layer3_chain);
+ IPFW_WUNLOCK(&V_layer3_chain);
}
static int
More information about the p4-projects
mailing list