1/*
2 * NPF initialisation and handler routines.
3 *
4 * Public Domain.
5 */
6
7#ifdef _KERNEL
8#include <sys/types.h>
9#include <sys/cprng.h>
10#include <sys/kmem.h>
11#include <net/if.h>
12#include <net/if_types.h>
13#endif
14
15#include "npf_impl.h"
16#include "npf_test.h"
17
18/* State of the current stream. */
19static npf_state_t	cstream_state;
20static void *		cstream_ptr;
21static bool		cstream_retval;
22
23static long		(*_random_func)(void);
24static int		(*_pton_func)(int, const char *, void *);
25static const char *	(*_ntop_func)(int, const void *, char *, socklen_t);
26
27static void		npf_state_sample(npf_state_t *, bool);
28
29static void		load_npf_config_ifs(nvlist_t *, bool);
30
31#ifndef __NetBSD__
32/*
33 * Standalone NPF: we define the same struct ifnet members
34 * to reduce the npf_ifops_t implementation differences.
35 */
36struct ifnet {
37	char		if_xname[32];
38	void *		if_softc;
39	TAILQ_ENTRY(ifnet) if_list;
40};
41#endif
42
43static TAILQ_HEAD(, ifnet) npftest_ifnet_list =
44    TAILQ_HEAD_INITIALIZER(npftest_ifnet_list);
45
46static const char *	npftest_ifop_getname(npf_t *, ifnet_t *);
47static ifnet_t *	npftest_ifop_lookup(npf_t *, const char *);
48static void		npftest_ifop_flush(npf_t *, void *);
49static void *		npftest_ifop_getmeta(npf_t *, const ifnet_t *);
50static void		npftest_ifop_setmeta(npf_t *, ifnet_t *, void *);
51
52const npf_ifops_t npftest_ifops = {
53	.getname	= npftest_ifop_getname,
54	.lookup		= npftest_ifop_lookup,
55	.flush		= npftest_ifop_flush,
56	.getmeta	= npftest_ifop_getmeta,
57	.setmeta	= npftest_ifop_setmeta,
58};
59
60void
61npf_test_init(int (*pton_func)(int, const char *, void *),
62    const char *(*ntop_func)(int, const void *, char *, socklen_t),
63    long (*rndfunc)(void))
64{
65	npf_t *npf;
66
67#ifdef __NetBSD__
68	// XXX: Workaround for npf_init()
69	if ((npf = npf_getkernctx()) != NULL) {
70		npf_worker_discharge(npf);
71		npf_worker_sysfini();
72	}
73#endif
74	npf = npfk_create(0, &npftest_mbufops, &npftest_ifops, NULL);
75	npfk_thread_register(npf);
76	npf_setkernctx(npf);
77
78	npf_state_setsampler(npf_state_sample);
79	_pton_func = pton_func;
80	_ntop_func = ntop_func;
81	_random_func = rndfunc;
82
83	(void)npf_test_addif(IFNAME_DUMMY, false, false);
84}
85
86void
87npf_test_fini(void)
88{
89	npf_t *npf = npf_getkernctx();
90
91	npfk_thread_unregister(npf);
92	npfk_destroy(npf);
93}
94
95int
96npf_test_load(const void *buf, size_t len, bool verbose)
97{
98	nvlist_t *npf_dict;
99	npf_error_t error;
100	int ret;
101
102	npf_dict = nvlist_unpack(buf, len, 0);
103	if (!npf_dict) {
104		printf("%s: could not unpack the nvlist\n", __func__);
105		return EINVAL;
106	}
107	load_npf_config_ifs(npf_dict, verbose);
108	ret = npfk_load(npf_getkernctx(), npf_dict, &error);
109	nvlist_destroy(npf_dict);
110	return ret;
111}
112
113ifnet_t *
114npf_test_addif(const char *ifname, bool reg, bool verbose)
115{
116	npf_t *npf = npf_getkernctx();
117	ifnet_t *ifp = kmem_zalloc(sizeof(*ifp), KM_SLEEP);
118
119	/*
120	 * This is a "fake" interface with explicitly set index.
121	 * Note: test modules may not setup pfil(9) hooks and if_attach()
122	 * may not trigger npf_ifmap_attach(), so we call it manually.
123	 */
124	strlcpy(ifp->if_xname, ifname, sizeof(ifp->if_xname));
125	TAILQ_INSERT_TAIL(&npftest_ifnet_list, ifp, if_list);
126
127	npfk_ifmap_attach(npf, ifp);
128	if (reg) {
129		npf_ifmap_register(npf, ifname);
130	}
131
132	if (verbose) {
133		printf("+ Interface %s\n", ifname);
134	}
135	return ifp;
136}
137
138ifnet_t *
139npf_test_getif(const char *ifname)
140{
141	ifnet_t *ifp;
142
143	TAILQ_FOREACH(ifp, &npftest_ifnet_list, if_list) {
144		if (!strcmp(ifp->if_xname, ifname))
145			return ifp;
146	}
147	return NULL;
148}
149
150static void
151load_npf_config_ifs(nvlist_t *npf_dict, bool verbose)
152{
153	const nvlist_t * const *iflist;
154	const nvlist_t *dbg_dict;
155	size_t nitems;
156
157	dbg_dict = dnvlist_get_nvlist(npf_dict, "debug", NULL);
158	if (!dbg_dict) {
159		return;
160	}
161	if (!nvlist_exists_nvlist_array(dbg_dict, "interfaces")) {
162		return;
163	}
164	iflist = nvlist_get_nvlist_array(dbg_dict, "interfaces", &nitems);
165	for (unsigned i = 0; i < nitems; i++) {
166		const nvlist_t *ifdict = iflist[i];
167		const char *ifname;
168
169		if ((ifname = nvlist_get_string(ifdict, "name")) != NULL) {
170			(void)npf_test_addif(ifname, true, verbose);
171		}
172	}
173}
174
175static const char *
176npftest_ifop_getname(npf_t *npf __unused, ifnet_t *ifp)
177{
178	return ifp->if_xname;
179}
180
181static ifnet_t *
182npftest_ifop_lookup(npf_t *npf __unused, const char *ifname)
183{
184	return npf_test_getif(ifname);
185}
186
187static void
188npftest_ifop_flush(npf_t *npf __unused, void *arg)
189{
190	ifnet_t *ifp;
191
192	TAILQ_FOREACH(ifp, &npftest_ifnet_list, if_list)
193		ifp->if_softc = arg;
194}
195
196static void *
197npftest_ifop_getmeta(npf_t *npf __unused, const ifnet_t *ifp)
198{
199	return ifp->if_softc;
200}
201
202static void
203npftest_ifop_setmeta(npf_t *npf __unused, ifnet_t *ifp, void *arg)
204{
205	ifp->if_softc = arg;
206}
207
208/*
209 * State sampler - this routine is called from inside of NPF state engine.
210 */
211static void
212npf_state_sample(npf_state_t *nst, bool retval)
213{
214	/* Pointer will serve as an ID. */
215	cstream_ptr = nst;
216	memcpy(&cstream_state, nst, sizeof(npf_state_t));
217	cstream_retval = retval;
218}
219
220int
221npf_test_statetrack(const void *data, size_t len, ifnet_t *ifp,
222    bool forw, int64_t *result)
223{
224	npf_t *npf = npf_getkernctx();
225	struct mbuf *m;
226	int i = 0, error;
227
228	m = mbuf_getwithdata(data, len);
229	error = npfk_packet_handler(npf, &m, ifp, forw ? PFIL_OUT : PFIL_IN);
230	if (error) {
231		assert(m == NULL);
232		return error;
233	}
234	assert(m != NULL);
235	m_freem(m);
236
237	const int di = forw ? NPF_FLOW_FORW : NPF_FLOW_BACK;
238	npf_tcpstate_t *fstate = &cstream_state.nst_tcpst[di];
239	npf_tcpstate_t *tstate = &cstream_state.nst_tcpst[!di];
240
241	result[i++] = (intptr_t)cstream_ptr;
242	result[i++] = cstream_retval;
243	result[i++] = cstream_state.nst_state;
244
245	result[i++] = fstate->nst_end;
246	result[i++] = fstate->nst_maxend;
247	result[i++] = fstate->nst_maxwin;
248	result[i++] = fstate->nst_wscale;
249
250	result[i++] = tstate->nst_end;
251	result[i++] = tstate->nst_maxend;
252	result[i++] = tstate->nst_maxwin;
253	result[i++] = tstate->nst_wscale;
254
255	return 0;
256}
257
258int
259npf_inet_pton(int af, const char *src, void *dst)
260{
261	return _pton_func(af, src, dst);
262}
263
264const char *
265npf_inet_ntop(int af, const void *src, char *dst, socklen_t size)
266{
267	return _ntop_func(af, src, dst, size);
268}
269
270#ifdef _KERNEL
271/*
272 * Need to override cprng_fast32() -- we need deterministic PRNG.
273 */
274uint32_t
275cprng_fast32(void)
276{
277	return (uint32_t)(_random_func ? _random_func() : random());
278}
279#endif
280