Date: Sun, 1 Jun 2008 06:50:38 GMT From: Julian Elischer <julian@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 142665 for review Message-ID: <200806010650.m516ocNL074317@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=142665 Change 142665 by julian@julian_trafmon1 on 2008/06/01 06:49:56 Make things compile if ipfw nat is included. This doesn't mean it works. Affected files ... .. //depot/projects/vimage/src/sys/netinet/ip_fw.h#11 edit .. //depot/projects/vimage/src/sys/netinet/ip_fw2.c#33 edit .. //depot/projects/vimage/src/sys/netinet/ip_fw_nat.c#2 edit Differences ... ==== //depot/projects/vimage/src/sys/netinet/ip_fw.h#11 (text+ko) ==== @@ -647,6 +647,7 @@ int ipfw_init(void); void ipfw_destroy(void); +void ipfw_nat_destroy(void); typedef int ip_fw_ctl_t(struct sockopt *); extern ip_fw_ctl_t *ip_fw_ctl_ptr; @@ -771,6 +772,7 @@ #define V_norule_counter VNET_IPFW(norule_counter) #define V_ipfw_timeout VNET_IPFW(ipfw_timeout) +#define V_ifaddr_event_tag VNET_IPFW(ifaddr_event_tag) #endif /* _KERNEL */ #endif /* _IPFW2_H */ ==== //depot/projects/vimage/src/sys/netinet/ip_fw2.c#33 (text+ko) ==== @@ -4703,7 +4703,7 @@ #endif #ifdef IPFIREWALL_NAT - EVENTHANDLER_DEREGISTER(ifaddr_event, ifaddr_event_tag); + ipfw_nat_destroy(); #endif IPFW_DYN_LOCK_DESTROY(); uma_zdestroy(ipfw_dyn_rule_zone); ==== //depot/projects/vimage/src/sys/netinet/ip_fw_nat.c#2 (text+ko) ==== @@ -24,6 +24,7 @@ * SUCH DAMAGE. */ +#include "opt_vimage.h" #include <sys/cdefs.h> __FBSDID("$FreeBSD: src/sys/netinet/ip_fw_nat.c,v 1.2 2008/03/03 22:32:01 piso Exp $"); @@ -45,6 +46,7 @@ #include <sys/sysctl.h> #include <sys/syslog.h> #include <sys/ucred.h> +#include <sys/vimage.h> #include <netinet/libalias/alias.h> #include <netinet/libalias/alias_local.h> @@ -52,6 +54,7 @@ #define IPFW_INTERNAL /* Access to protected data structures in ip_fw.h. */ #include <net/if.h> +#include <net/vnet.h> #include <netinet/in.h> #include <netinet/ip.h> #include <netinet/ip_var.h> @@ -63,12 +66,15 @@ #include <netinet/tcpip.h> #include <netinet/udp.h> #include <netinet/udp_var.h> +#include <netinet/vinet.h> #include <machine/in_cksum.h> /* XXX for in_cksum */ MALLOC_DECLARE(M_IPFW); -extern struct ip_fw_chain layer3_chain; +#ifndef VIMAGE +extern struct ip_fw_chain V_layer3_chain; +#endif static eventhandler_tag ifaddr_event_tag; @@ -81,12 +87,13 @@ static void ifaddr_change(void *arg __unused, struct ifnet *ifp) { + INIT_VNET_IPFW(curvnet); struct cfg_nat *ptr; struct ifaddr *ifa; - IPFW_WLOCK(&layer3_chain); + IPFW_WLOCK(&V_layer3_chain); /* Check every nat entry... */ - LIST_FOREACH(ptr, &layer3_chain.nat, _next) { + LIST_FOREACH(ptr, &V_layer3_chain.nat, _next) { /* ...using nic 'ifp->if_xname' as dynamic alias address. */ if (strncmp(ptr->if_name, ifp->if_xname, IF_NAMESIZE) == 0) { mtx_lock(&ifp->if_addr_mtx); @@ -102,16 +109,17 @@ mtx_unlock(&ifp->if_addr_mtx); } } - IPFW_WUNLOCK(&layer3_chain); + IPFW_WUNLOCK(&V_layer3_chain); } static void flush_nat_ptrs(const int i) { + INIT_VNET_IPFW(curvnet); struct ip_fw *rule; - IPFW_WLOCK_ASSERT(&layer3_chain); - for (rule = layer3_chain.rules; rule; rule = rule->next) { + IPFW_WLOCK_ASSERT(&V_layer3_chain); + for (rule = V_layer3_chain.rules; rule; rule = rule->next) { ipfw_insn_nat *cmd = (ipfw_insn_nat *)ACTION_PTR(rule); if (cmd->o.opcode != O_NAT) continue; @@ -121,12 +129,12 @@ } #define HOOK_NAT(b, p) do { \ - IPFW_WLOCK_ASSERT(&layer3_chain); \ + IPFW_WLOCK_ASSERT(&V_layer3_chain); \ LIST_INSERT_HEAD(b, p, _next); \ } while (0) #define UNHOOK_NAT(p) do { \ - IPFW_WLOCK_ASSERT(&layer3_chain); \ + IPFW_WLOCK_ASSERT(&V_layer3_chain); \ LIST_REMOVE(p, _next); \ } while (0) @@ -402,6 +410,7 @@ static int ipfw_nat_cfg(struct sockopt *sopt) { + INIT_VNET_IPFW(curvnet); struct cfg_nat *ptr, *ser_n; char *buf; @@ -413,20 +422,20 @@ /* * Find/create nat rule. */ - IPFW_WLOCK(&layer3_chain); - LOOKUP_NAT(layer3_chain, ser_n->id, ptr); + IPFW_WLOCK(&V_layer3_chain); + LOOKUP_NAT(V_layer3_chain, ser_n->id, ptr); if (ptr == NULL) { /* New rule: allocate and init new instance. */ ptr = malloc(sizeof(struct cfg_nat), M_IPFW, M_NOWAIT | M_ZERO); if (ptr == NULL) { - IPFW_WUNLOCK(&layer3_chain); + IPFW_WUNLOCK(&V_layer3_chain); free(buf, M_IPFW); return (ENOSPC); } ptr->lib = LibAliasInit(NULL); if (ptr->lib == NULL) { - IPFW_WUNLOCK(&layer3_chain); + IPFW_WUNLOCK(&V_layer3_chain); free(ptr, M_IPFW); free(buf, M_IPFW); return (EINVAL); @@ -437,7 +446,7 @@ UNHOOK_NAT(ptr); flush_nat_ptrs(ser_n->id); } - IPFW_WUNLOCK(&layer3_chain); + IPFW_WUNLOCK(&V_layer3_chain); /* * Basic nat configuration. @@ -463,28 +472,29 @@ /* Add new entries. */ add_redir_spool_cfg(&buf[(sizeof(struct cfg_nat))], ptr); free(buf, M_IPFW); - IPFW_WLOCK(&layer3_chain); - HOOK_NAT(&layer3_chain.nat, ptr); - IPFW_WUNLOCK(&layer3_chain); + IPFW_WLOCK(&V_layer3_chain); + HOOK_NAT(&V_layer3_chain.nat, ptr); + IPFW_WUNLOCK(&V_layer3_chain); return (0); } static int ipfw_nat_del(struct sockopt *sopt) { + INIT_VNET_IPFW(curvnet); struct cfg_nat *ptr; int i; sooptcopyin(sopt, &i, sizeof i, sizeof i); - IPFW_WLOCK(&layer3_chain); - LOOKUP_NAT(layer3_chain, i, ptr); + IPFW_WLOCK(&V_layer3_chain); + LOOKUP_NAT(V_layer3_chain, i, ptr); if (ptr == NULL) { - IPFW_WUNLOCK(&layer3_chain); + IPFW_WUNLOCK(&V_layer3_chain); return (EINVAL); } UNHOOK_NAT(ptr); flush_nat_ptrs(i); - IPFW_WUNLOCK(&layer3_chain); + IPFW_WUNLOCK(&V_layer3_chain); del_redir_spool_cfg(ptr, &ptr->redir_chain); LibAliasUninit(ptr->lib); free(ptr, M_IPFW); @@ -494,6 +504,7 @@ static int ipfw_nat_get_cfg(struct sockopt *sopt) { + INIT_VNET_IPFW(curvnet); uint8_t *data; struct cfg_nat *n; struct cfg_redir *r; @@ -504,9 +515,9 @@ off = sizeof(nat_cnt); data = malloc(NAT_BUF_LEN, M_IPFW, M_WAITOK | M_ZERO); - IPFW_RLOCK(&layer3_chain); + IPFW_RLOCK(&V_layer3_chain); /* Serialize all the data. */ - LIST_FOREACH(n, &layer3_chain.nat, _next) { + LIST_FOREACH(n, &V_layer3_chain.nat, _next) { nat_cnt++; if (off + SOF_NAT < NAT_BUF_LEN) { bcopy(n, &data[off], SOF_NAT); @@ -533,12 +544,12 @@ goto nospace; } bcopy(&nat_cnt, data, sizeof(nat_cnt)); - IPFW_RUNLOCK(&layer3_chain); + IPFW_RUNLOCK(&V_layer3_chain); sooptcopyout(sopt, data, NAT_BUF_LEN); free(data, M_IPFW); return (0); nospace: - IPFW_RUNLOCK(&layer3_chain); + IPFW_RUNLOCK(&V_layer3_chain); printf("serialized data buffer not big enough:" "please increase NAT_BUF_LEN\n"); free(data, M_IPFW); @@ -548,6 +559,7 @@ static int ipfw_nat_get_log(struct sockopt *sopt) { + INIT_VNET_IPFW(curvnet); uint8_t *data; struct cfg_nat *ptr; int i, size, cnt, sof; @@ -556,16 +568,16 @@ sof = LIBALIAS_BUF_SIZE; cnt = 0; - IPFW_RLOCK(&layer3_chain); + IPFW_RLOCK(&V_layer3_chain); size = i = 0; - LIST_FOREACH(ptr, &layer3_chain.nat, _next) { + LIST_FOREACH(ptr, &V_layer3_chain.nat, _next) { if (ptr->lib->logDesc == NULL) continue; cnt++; size = cnt * (sof + sizeof(int)); data = realloc(data, size, M_IPFW, M_NOWAIT | M_ZERO); if (data == NULL) { - IPFW_RUNLOCK(&layer3_chain); + IPFW_RUNLOCK(&V_layer3_chain); return (ENOSPC); } bcopy(&ptr->id, &data[i], sizeof(int)); @@ -573,7 +585,7 @@ bcopy(ptr->lib->logDesc, &data[i], sof); i += sof; } - IPFW_RUNLOCK(&layer3_chain); + IPFW_RUNLOCK(&V_layer3_chain); sooptcopyout(sopt, data, size); free(data, M_IPFW); return(0); @@ -582,27 +594,29 @@ static void ipfw_nat_init(void) { + INIT_VNET_IPFW(curvnet); - IPFW_WLOCK(&layer3_chain); + IPFW_WLOCK(&V_layer3_chain); /* init ipfw hooks */ ipfw_nat_ptr = ipfw_nat; ipfw_nat_cfg_ptr = ipfw_nat_cfg; ipfw_nat_del_ptr = ipfw_nat_del; ipfw_nat_get_cfg_ptr = ipfw_nat_get_cfg; ipfw_nat_get_log_ptr = ipfw_nat_get_log; - IPFW_WUNLOCK(&layer3_chain); + IPFW_WUNLOCK(&V_layer3_chain); ifaddr_event_tag = EVENTHANDLER_REGISTER(ifaddr_event, ifaddr_change, NULL, EVENTHANDLER_PRI_ANY); } -static void +void ipfw_nat_destroy(void) { + INIT_VNET_IPFW(curvnet); struct ip_fw *rule; struct cfg_nat *ptr, *ptr_temp; - IPFW_WLOCK(&layer3_chain); - LIST_FOREACH_SAFE(ptr, &layer3_chain.nat, _next, ptr_temp) { + IPFW_WLOCK(&V_layer3_chain); + LIST_FOREACH_SAFE(ptr, &V_layer3_chain.nat, _next, ptr_temp) { LIST_REMOVE(ptr, _next); del_redir_spool_cfg(ptr, &ptr->redir_chain); LibAliasUninit(ptr->lib); @@ -610,14 +624,14 @@ } EVENTHANDLER_DEREGISTER(ifaddr_event, ifaddr_event_tag); /* flush all nat ptrs */ - for (rule = layer3_chain.rules; rule; rule = rule->next) { + for (rule = V_layer3_chain.rules; rule; rule = rule->next) { ipfw_insn_nat *cmd = (ipfw_insn_nat *)ACTION_PTR(rule); if (cmd->o.opcode == O_NAT) cmd->nat = NULL; } /* deregister ipfw_nat */ ipfw_nat_ptr = NULL; - IPFW_WUNLOCK(&layer3_chain); + IPFW_WUNLOCK(&V_layer3_chain); } static int
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200806010650.m516ocNL074317>