xref: /netbsd-src/usr.sbin/npf/npftest/libnpftest/npf_test_subr.c (revision 53d1339bf7f9c7367b35a9e1ebe693f9b047a47b) 
1 /*
2  * NPF initialisation and handler routines.
3  *
4  * Public Domain.
5  */
6 
7 #ifdef _KERNEL
8 #include <sys/types.h>
9 #include <sys/cprng.h>
10 #include <sys/kmem.h>
11 #include <net/if.h>
12 #include <net/if_types.h>
13 #endif
14 
15 #include "npf_impl.h"
16 #include "npf_test.h"
17 
18 /* State of the current stream. */
19 static npf_state_t	cstream_state;
20 static void *		cstream_ptr;
21 static bool		cstream_retval;
22 
23 static long		(*_random_func)(void);
24 static int		(*_pton_func)(int, const char *, void *);
25 static const char *	(*_ntop_func)(int, const void *, char *, socklen_t);
26 
27 static void		npf_state_sample(npf_state_t *, bool);
28 
29 static void		load_npf_config_ifs(nvlist_t *, bool);
30 
31 #ifndef __NetBSD__
32 /*
33  * Standalone NPF: we define the same struct ifnet members
34  * to reduce the npf_ifops_t implementation differences.
35  */
36 struct ifnet {
37 	char		if_xname[32];
38 	void *		if_softc;
39 	TAILQ_ENTRY(ifnet) if_list;
40 };
41 #endif
42 
43 static TAILQ_HEAD(, ifnet) npftest_ifnet_list =
44     TAILQ_HEAD_INITIALIZER(npftest_ifnet_list);
45 
46 static const char *	npftest_ifop_getname(npf_t *, ifnet_t *);
47 static ifnet_t *	npftest_ifop_lookup(npf_t *, const char *);
48 static void		npftest_ifop_flush(npf_t *, void *);
49 static void *		npftest_ifop_getmeta(npf_t *, const ifnet_t *);
50 static void		npftest_ifop_setmeta(npf_t *, ifnet_t *, void *);
51 
52 const npf_ifops_t npftest_ifops = {
53 	.getname	= npftest_ifop_getname,
54 	.lookup		= npftest_ifop_lookup,
55 	.flush		= npftest_ifop_flush,
56 	.getmeta	= npftest_ifop_getmeta,
57 	.setmeta	= npftest_ifop_setmeta,
58 };
59 
60 void
61 npf_test_init(int (*pton_func)(int, const char *, void *),
62     const char *(*ntop_func)(int, const void *, char *, socklen_t),
63     long (*rndfunc)(void))
64 {
65 	npf_t *npf;
66 
67 #ifdef __NetBSD__
68 	// XXX: Workaround for npf_init()
69 	if ((npf = npf_getkernctx()) != NULL) {
70 		npf_worker_discharge(npf);
71 		npf_worker_sysfini();
72 	}
73 #endif
74 	npf = npfk_create(0, &npftest_mbufops, &npftest_ifops, NULL);
75 	npfk_thread_register(npf);
76 	npf_setkernctx(npf);
77 
78 	npf_state_setsampler(npf_state_sample);
79 	_pton_func = pton_func;
80 	_ntop_func = ntop_func;
81 	_random_func = rndfunc;
82 
83 	(void)npf_test_addif(IFNAME_DUMMY, false, false);
84 }
85 
86 void
87 npf_test_fini(void)
88 {
89 	npf_t *npf = npf_getkernctx();
90 
91 	npfk_thread_unregister(npf);
92 	npfk_destroy(npf);
93 }
94 
95 int
96 npf_test_load(const void *buf, size_t len, bool verbose)
97 {
98 	nvlist_t *npf_dict;
99 	npf_error_t error;
100 	int ret;
101 
102 	npf_dict = nvlist_unpack(buf, len, 0);
103 	if (!npf_dict) {
104 		printf("%s: could not unpack the nvlist\n", __func__);
105 		return EINVAL;
106 	}
107 	load_npf_config_ifs(npf_dict, verbose);
108 	ret = npfk_load(npf_getkernctx(), npf_dict, &error);
109 	nvlist_destroy(npf_dict);
110 	return ret;
111 }
112 
113 ifnet_t *
114 npf_test_addif(const char *ifname, bool reg, bool verbose)
115 {
116 	npf_t *npf = npf_getkernctx();
117 	ifnet_t *ifp = kmem_zalloc(sizeof(*ifp), KM_SLEEP);
118 
119 	/*
120 	 * This is a "fake" interface with explicitly set index.
121 	 * Note: test modules may not setup pfil(9) hooks and if_attach()
122 	 * may not trigger npf_ifmap_attach(), so we call it manually.
123 	 */
124 	strlcpy(ifp->if_xname, ifname, sizeof(ifp->if_xname));
125 	TAILQ_INSERT_TAIL(&npftest_ifnet_list, ifp, if_list);
126 
127 	npfk_ifmap_attach(npf, ifp);
128 	if (reg) {
129 		npf_ifmap_register(npf, ifname);
130 	}
131 
132 	if (verbose) {
133 		printf("+ Interface %s\n", ifname);
134 	}
135 	return ifp;
136 }
137 
138 ifnet_t *
139 npf_test_getif(const char *ifname)
140 {
141 	ifnet_t *ifp;
142 
143 	TAILQ_FOREACH(ifp, &npftest_ifnet_list, if_list) {
144 		if (!strcmp(ifp->if_xname, ifname))
145 			return ifp;
146 	}
147 	return NULL;
148 }
149 
150 static void
151 load_npf_config_ifs(nvlist_t *npf_dict, bool verbose)
152 {
153 	const nvlist_t * const *iflist;
154 	const nvlist_t *dbg_dict;
155 	size_t nitems;
156 
157 	dbg_dict = dnvlist_get_nvlist(npf_dict, "debug", NULL);
158 	if (!dbg_dict) {
159 		return;
160 	}
161 	if (!nvlist_exists_nvlist_array(dbg_dict, "interfaces")) {
162 		return;
163 	}
164 	iflist = nvlist_get_nvlist_array(dbg_dict, "interfaces", &nitems);
165 	for (unsigned i = 0; i < nitems; i++) {
166 		const nvlist_t *ifdict = iflist[i];
167 		const char *ifname;
168 
169 		if ((ifname = nvlist_get_string(ifdict, "name")) != NULL) {
170 			(void)npf_test_addif(ifname, true, verbose);
171 		}
172 	}
173 }
174 
175 static const char *
176 npftest_ifop_getname(npf_t *npf __unused, ifnet_t *ifp)
177 {
178 	return ifp->if_xname;
179 }
180 
181 static ifnet_t *
182 npftest_ifop_lookup(npf_t *npf __unused, const char *ifname)
183 {
184 	return npf_test_getif(ifname);
185 }
186 
187 static void
188 npftest_ifop_flush(npf_t *npf __unused, void *arg)
189 {
190 	ifnet_t *ifp;
191 
192 	TAILQ_FOREACH(ifp, &npftest_ifnet_list, if_list)
193 		ifp->if_softc = arg;
194 }
195 
196 static void *
197 npftest_ifop_getmeta(npf_t *npf __unused, const ifnet_t *ifp)
198 {
199 	return ifp->if_softc;
200 }
201 
202 static void
203 npftest_ifop_setmeta(npf_t *npf __unused, ifnet_t *ifp, void *arg)
204 {
205 	ifp->if_softc = arg;
206 }
207 
208 /*
209  * State sampler - this routine is called from inside of NPF state engine.
210  */
211 static void
212 npf_state_sample(npf_state_t *nst, bool retval)
213 {
214 	/* Pointer will serve as an ID. */
215 	cstream_ptr = nst;
216 	memcpy(&cstream_state, nst, sizeof(npf_state_t));
217 	cstream_retval = retval;
218 }
219 
220 int
221 npf_test_statetrack(const void *data, size_t len, ifnet_t *ifp,
222     bool forw, int64_t *result)
223 {
224 	npf_t *npf = npf_getkernctx();
225 	struct mbuf *m;
226 	int i = 0, error;
227 
228 	m = mbuf_getwithdata(data, len);
229 	error = npfk_packet_handler(npf, &m, ifp, forw ? PFIL_OUT : PFIL_IN);
230 	if (error) {
231 		assert(m == NULL);
232 		return error;
233 	}
234 	assert(m != NULL);
235 	m_freem(m);
236 
237 	const int di = forw ? NPF_FLOW_FORW : NPF_FLOW_BACK;
238 	npf_tcpstate_t *fstate = &cstream_state.nst_tcpst[di];
239 	npf_tcpstate_t *tstate = &cstream_state.nst_tcpst[!di];
240 
241 	result[i++] = (intptr_t)cstream_ptr;
242 	result[i++] = cstream_retval;
243 	result[i++] = cstream_state.nst_state;
244 
245 	result[i++] = fstate->nst_end;
246 	result[i++] = fstate->nst_maxend;
247 	result[i++] = fstate->nst_maxwin;
248 	result[i++] = fstate->nst_wscale;
249 
250 	result[i++] = tstate->nst_end;
251 	result[i++] = tstate->nst_maxend;
252 	result[i++] = tstate->nst_maxwin;
253 	result[i++] = tstate->nst_wscale;
254 
255 	return 0;
256 }
257 
258 int
259 npf_inet_pton(int af, const char *src, void *dst)
260 {
261 	return _pton_func(af, src, dst);
262 }
263 
264 const char *
265 npf_inet_ntop(int af, const void *src, char *dst, socklen_t size)
266 {
267 	return _ntop_func(af, src, dst, size);
268 }
269 
270 #ifdef _KERNEL
271 /*
272  * Need to override cprng_fast32() -- we need deterministic PRNG.
273  */
274 uint32_t
275 cprng_fast32(void)
276 {
277 	return (uint32_t)(_random_func ? _random_func() : random());
278 }
279 #endif
280