1 /* $NetBSD: npf_rproc.c,v 1.6 2013/02/09 03:35:32 rmind Exp $ */ 2 3 /*- 4 * Copyright (c) 2009-2013 The NetBSD Foundation, Inc. 5 * All rights reserved. 6 * 7 * This material is based upon work partially supported by The 8 * NetBSD Foundation under a contract with Mindaugas Rasiukevicius. 9 * 10 * Redistribution and use in source and binary forms, with or without 11 * modification, are permitted provided that the following conditions 12 * are met: 13 * 1. Redistributions of source code must retain the above copyright 14 * notice, this list of conditions and the following disclaimer. 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in the 17 * documentation and/or other materials provided with the distribution. 18 * 19 * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS 20 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 21 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 22 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS 23 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 24 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 25 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 26 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 27 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 28 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 29 * POSSIBILITY OF SUCH DAMAGE. 30 */ 31 32 /* 33 * NPF extension and rule procedure interface. 34 */ 35 36 #include <sys/cdefs.h> 37 __KERNEL_RCSID(0, "$NetBSD"); 38 39 #include <sys/param.h> 40 #include <sys/types.h> 41 42 #include <sys/atomic.h> 43 #include <sys/kmem.h> 44 #include <sys/mutex.h> 45 46 #include "npf_impl.h" 47 48 #define EXT_NAME_LEN 32 49 50 typedef struct npf_ext { 51 char ext_callname[EXT_NAME_LEN]; 52 LIST_ENTRY(npf_ext) ext_entry; 53 const npf_ext_ops_t * ext_ops; 54 unsigned ext_refcnt; 55 } npf_ext_t; 56 57 struct npf_rprocset { 58 LIST_HEAD(, npf_rproc) rps_list; 59 }; 60 61 #define RPROC_NAME_LEN 32 62 #define RPROC_EXT_COUNT 16 63 64 struct npf_rproc { 65 /* Flags and reference count. */ 66 uint32_t rp_flags; 67 u_int rp_refcnt; 68 69 /* Associated extensions and their metadata . */ 70 unsigned rp_ext_count; 71 npf_ext_t * rp_ext[RPROC_EXT_COUNT]; 72 void * rp_ext_meta[RPROC_EXT_COUNT]; 73 74 /* Name of the procedure and list entry. */ 75 char rp_name[RPROC_NAME_LEN]; 76 LIST_ENTRY(npf_rproc) rp_entry; 77 }; 78 79 static LIST_HEAD(, npf_ext) ext_list __cacheline_aligned; 80 static kmutex_t ext_lock __cacheline_aligned; 81 82 void 83 npf_ext_sysinit(void) 84 { 85 mutex_init(&ext_lock, MUTEX_DEFAULT, IPL_NONE); 86 LIST_INIT(&ext_list); 87 } 88 89 void 90 npf_ext_sysfini(void) 91 { 92 KASSERT(LIST_EMPTY(&ext_list)); 93 mutex_destroy(&ext_lock); 94 } 95 96 /* 97 * NPF extension management for the rule procedures. 98 */ 99 100 static npf_ext_t * 101 npf_ext_lookup(const char *name) 102 { 103 npf_ext_t *ext = NULL; 104 105 KASSERT(mutex_owned(&ext_lock)); 106 107 LIST_FOREACH(ext, &ext_list, ext_entry) 108 if (strcmp(ext->ext_callname, name) == 0) 109 break; 110 return ext; 111 } 112 113 void * 114 npf_ext_register(const char *name, const npf_ext_ops_t *ops) 115 { 116 npf_ext_t *ext; 117 118 ext = kmem_zalloc(sizeof(npf_ext_t), KM_SLEEP); 119 strlcpy(ext->ext_callname, name, EXT_NAME_LEN); 120 ext->ext_ops = ops; 121 122 mutex_enter(&ext_lock); 123 if (npf_ext_lookup(name)) { 124 mutex_exit(&ext_lock); 125 kmem_free(ext, sizeof(npf_ext_t)); 126 return NULL; 127 } 128 LIST_INSERT_HEAD(&ext_list, ext, ext_entry); 129 mutex_exit(&ext_lock); 130 131 return (void *)ext; 132 } 133 134 int 135 npf_ext_unregister(void *extid) 136 { 137 npf_ext_t *ext = extid; 138 139 /* 140 * Check if in-use first (re-check with the lock held). 141 */ 142 if (ext->ext_refcnt) { 143 return EBUSY; 144 } 145 146 mutex_enter(&ext_lock); 147 if (ext->ext_refcnt) { 148 mutex_exit(&ext_lock); 149 return EBUSY; 150 } 151 KASSERT(npf_ext_lookup(ext->ext_callname)); 152 LIST_REMOVE(ext, ext_entry); 153 mutex_exit(&ext_lock); 154 155 kmem_free(ext, sizeof(npf_ext_t)); 156 return 0; 157 } 158 159 int 160 npf_ext_construct(const char *name, npf_rproc_t *rp, prop_dictionary_t params) 161 { 162 const npf_ext_ops_t *extops; 163 npf_ext_t *ext; 164 unsigned i; 165 int error; 166 167 if (rp->rp_ext_count >= RPROC_EXT_COUNT) { 168 return ENOSPC; 169 } 170 171 mutex_enter(&ext_lock); 172 ext = npf_ext_lookup(name); 173 if (ext) { 174 atomic_inc_uint(&ext->ext_refcnt); 175 } 176 mutex_exit(&ext_lock); 177 178 if (!ext) { 179 return ENOENT; 180 } 181 182 extops = ext->ext_ops; 183 KASSERT(extops != NULL); 184 185 error = extops->ctor(rp, params); 186 if (error) { 187 atomic_dec_uint(&ext->ext_refcnt); 188 return error; 189 } 190 i = rp->rp_ext_count++; 191 rp->rp_ext[i] = ext; 192 return 0; 193 } 194 195 /* 196 * Rule procedure management. 197 */ 198 199 npf_rprocset_t * 200 npf_rprocset_create(void) 201 { 202 npf_rprocset_t *rpset; 203 204 rpset = kmem_zalloc(sizeof(npf_rprocset_t), KM_SLEEP); 205 LIST_INIT(&rpset->rps_list); 206 return rpset; 207 } 208 209 void 210 npf_rprocset_destroy(npf_rprocset_t *rpset) 211 { 212 npf_rproc_t *rp; 213 214 while ((rp = LIST_FIRST(&rpset->rps_list)) != NULL) { 215 LIST_REMOVE(rp, rp_entry); 216 npf_rproc_release(rp); 217 } 218 kmem_free(rpset, sizeof(npf_rprocset_t)); 219 } 220 221 /* 222 * npf_rproc_lookup: find a rule procedure by the name. 223 */ 224 npf_rproc_t * 225 npf_rprocset_lookup(npf_rprocset_t *rpset, const char *name) 226 { 227 npf_rproc_t *rp; 228 229 LIST_FOREACH(rp, &rpset->rps_list, rp_entry) { 230 if (strncmp(rp->rp_name, name, RPROC_NAME_LEN) == 0) 231 break; 232 } 233 return rp; 234 } 235 236 /* 237 * npf_rproc_insert: insert a new rule procedure into the set. 238 */ 239 void 240 npf_rprocset_insert(npf_rprocset_t *rpset, npf_rproc_t *rp) 241 { 242 LIST_INSERT_HEAD(&rpset->rps_list, rp, rp_entry); 243 } 244 245 /* 246 * npf_rproc_create: construct a new rule procedure, lookup and associate 247 * the extension calls with it. 248 */ 249 npf_rproc_t * 250 npf_rproc_create(prop_dictionary_t rpdict) 251 { 252 const char *name; 253 npf_rproc_t *rp; 254 255 if (!prop_dictionary_get_cstring_nocopy(rpdict, "name", &name)) { 256 return NULL; 257 } 258 259 rp = kmem_intr_zalloc(sizeof(npf_rproc_t), KM_SLEEP); 260 rp->rp_refcnt = 1; 261 262 strlcpy(rp->rp_name, name, RPROC_NAME_LEN); 263 prop_dictionary_get_uint32(rpdict, "flags", &rp->rp_flags); 264 return rp; 265 } 266 267 /* 268 * npf_rproc_acquire: acquire the reference on the rule procedure. 269 */ 270 void 271 npf_rproc_acquire(npf_rproc_t *rp) 272 { 273 atomic_inc_uint(&rp->rp_refcnt); 274 } 275 276 /* 277 * npf_rproc_release: drop the reference count and destroy the rule 278 * procedure on the last reference. 279 */ 280 void 281 npf_rproc_release(npf_rproc_t *rp) 282 { 283 284 KASSERT(rp->rp_refcnt > 0); 285 if (atomic_dec_uint_nv(&rp->rp_refcnt) != 0) { 286 return; 287 } 288 /* XXXintr */ 289 for (unsigned i = 0; i < rp->rp_ext_count; i++) { 290 npf_ext_t *ext = rp->rp_ext[i]; 291 const npf_ext_ops_t *extops = ext->ext_ops; 292 293 extops->dtor(rp, rp->rp_ext_meta[i]); 294 atomic_dec_uint(&ext->ext_refcnt); 295 } 296 kmem_intr_free(rp, sizeof(npf_rproc_t)); 297 } 298 299 void 300 npf_rproc_assign(npf_rproc_t *rp, void *params) 301 { 302 unsigned i = rp->rp_ext_count; 303 304 /* Note: params may be NULL. */ 305 KASSERT(i < RPROC_EXT_COUNT); 306 rp->rp_ext_meta[i] = params; 307 } 308 309 /* 310 * npf_rproc_run: run the rule procedure by executing each extension call. 311 * 312 * => Reference on the rule procedure must be held. 313 */ 314 void 315 npf_rproc_run(npf_cache_t *npc, nbuf_t *nbuf, npf_rproc_t *rp, int *decision) 316 { 317 const unsigned extcount = rp->rp_ext_count; 318 319 KASSERT(!nbuf_flag_p(nbuf, NBUF_DATAREF_RESET)); 320 KASSERT(rp->rp_refcnt > 0); 321 322 for (unsigned i = 0; i < extcount; i++) { 323 const npf_ext_t *ext = rp->rp_ext[i]; 324 const npf_ext_ops_t *extops = ext->ext_ops; 325 326 KASSERT(ext->ext_refcnt > 0); 327 extops->proc(npc, nbuf, rp->rp_ext_meta[i], decision); 328 329 if (nbuf_flag_p(nbuf, NBUF_DATAREF_RESET)) { 330 npf_recache(npc, nbuf); 331 } 332 } 333 } 334