1/* 2 * NPF initialisation and handler routines. 3 * 4 * Public Domain. 5 */ 6 7#ifdef _KERNEL 8#include <sys/types.h> 9#include <sys/cprng.h> 10#include <sys/kmem.h> 11#include <net/if.h> 12#include <net/if_types.h> 13#endif 14 15#include "npf_impl.h" 16#include "npf_test.h" 17 18/* State of the current stream. */ 19static npf_state_t cstream_state; 20static void * cstream_ptr; 21static bool cstream_retval; 22 23static long (*_random_func)(void); 24static int (*_pton_func)(int, const char *, void *); 25static const char * (*_ntop_func)(int, const void *, char *, socklen_t); 26 27static void npf_state_sample(npf_state_t *, bool); 28 29static void load_npf_config_ifs(nvlist_t *, bool); 30 31#ifndef __NetBSD__ 32/* 33 * Standalone NPF: we define the same struct ifnet members 34 * to reduce the npf_ifops_t implementation differences. 35 */ 36struct ifnet { 37 char if_xname[32]; 38 void * if_softc; 39 TAILQ_ENTRY(ifnet) if_list; 40}; 41#endif 42 43static TAILQ_HEAD(, ifnet) npftest_ifnet_list = 44 TAILQ_HEAD_INITIALIZER(npftest_ifnet_list); 45 46static const char * npftest_ifop_getname(npf_t *, ifnet_t *); 47static ifnet_t * npftest_ifop_lookup(npf_t *, const char *); 48static void npftest_ifop_flush(npf_t *, void *); 49static void * npftest_ifop_getmeta(npf_t *, const ifnet_t *); 50static void npftest_ifop_setmeta(npf_t *, ifnet_t *, void *); 51 52const npf_ifops_t npftest_ifops = { 53 .getname = npftest_ifop_getname, 54 .lookup = npftest_ifop_lookup, 55 .flush = npftest_ifop_flush, 56 .getmeta = npftest_ifop_getmeta, 57 .setmeta = npftest_ifop_setmeta, 58}; 59 60void 61npf_test_init(int (*pton_func)(int, const char *, void *), 62 const char *(*ntop_func)(int, const void *, char *, socklen_t), 63 long (*rndfunc)(void)) 64{ 65 npf_t *npf; 66 67#ifdef __NetBSD__ 68 // XXX: Workaround for npf_init() 69 if ((npf = npf_getkernctx()) != NULL) { 70 npf_worker_discharge(npf); 71 npf_worker_sysfini(); 72 } 73#endif 74 npf = npfk_create(0, &npftest_mbufops, &npftest_ifops, NULL); 75 npfk_thread_register(npf); 76 npf_setkernctx(npf); 77 78 npf_state_setsampler(npf_state_sample); 79 _pton_func = pton_func; 80 _ntop_func = ntop_func; 81 _random_func = rndfunc; 82 83 (void)npf_test_addif(IFNAME_DUMMY, false, false); 84} 85 86void 87npf_test_fini(void) 88{ 89 npf_t *npf = npf_getkernctx(); 90 91 npfk_thread_unregister(npf); 92 npfk_destroy(npf); 93} 94 95int 96npf_test_load(const void *buf, size_t len, bool verbose) 97{ 98 nvlist_t *npf_dict; 99 npf_error_t error; 100 int ret; 101 102 npf_dict = nvlist_unpack(buf, len, 0); 103 if (!npf_dict) { 104 printf("%s: could not unpack the nvlist\n", __func__); 105 return EINVAL; 106 } 107 load_npf_config_ifs(npf_dict, verbose); 108 ret = npfk_load(npf_getkernctx(), npf_dict, &error); 109 nvlist_destroy(npf_dict); 110 return ret; 111} 112 113ifnet_t * 114npf_test_addif(const char *ifname, bool reg, bool verbose) 115{ 116 npf_t *npf = npf_getkernctx(); 117 ifnet_t *ifp = kmem_zalloc(sizeof(*ifp), KM_SLEEP); 118 119 /* 120 * This is a "fake" interface with explicitly set index. 121 * Note: test modules may not setup pfil(9) hooks and if_attach() 122 * may not trigger npf_ifmap_attach(), so we call it manually. 123 */ 124 strlcpy(ifp->if_xname, ifname, sizeof(ifp->if_xname)); 125 TAILQ_INSERT_TAIL(&npftest_ifnet_list, ifp, if_list); 126 127 npfk_ifmap_attach(npf, ifp); 128 if (reg) { 129 npf_ifmap_register(npf, ifname); 130 } 131 132 if (verbose) { 133 printf("+ Interface %s\n", ifname); 134 } 135 return ifp; 136} 137 138ifnet_t * 139npf_test_getif(const char *ifname) 140{ 141 ifnet_t *ifp; 142 143 TAILQ_FOREACH(ifp, &npftest_ifnet_list, if_list) { 144 if (!strcmp(ifp->if_xname, ifname)) 145 return ifp; 146 } 147 return NULL; 148} 149 150static void 151load_npf_config_ifs(nvlist_t *npf_dict, bool verbose) 152{ 153 const nvlist_t * const *iflist; 154 const nvlist_t *dbg_dict; 155 size_t nitems; 156 157 dbg_dict = dnvlist_get_nvlist(npf_dict, "debug", NULL); 158 if (!dbg_dict) { 159 return; 160 } 161 if (!nvlist_exists_nvlist_array(dbg_dict, "interfaces")) { 162 return; 163 } 164 iflist = nvlist_get_nvlist_array(dbg_dict, "interfaces", &nitems); 165 for (unsigned i = 0; i < nitems; i++) { 166 const nvlist_t *ifdict = iflist[i]; 167 const char *ifname; 168 169 if ((ifname = nvlist_get_string(ifdict, "name")) != NULL) { 170 (void)npf_test_addif(ifname, true, verbose); 171 } 172 } 173} 174 175static const char * 176npftest_ifop_getname(npf_t *npf __unused, ifnet_t *ifp) 177{ 178 return ifp->if_xname; 179} 180 181static ifnet_t * 182npftest_ifop_lookup(npf_t *npf __unused, const char *ifname) 183{ 184 return npf_test_getif(ifname); 185} 186 187static void 188npftest_ifop_flush(npf_t *npf __unused, void *arg) 189{ 190 ifnet_t *ifp; 191 192 TAILQ_FOREACH(ifp, &npftest_ifnet_list, if_list) 193 ifp->if_softc = arg; 194} 195 196static void * 197npftest_ifop_getmeta(npf_t *npf __unused, const ifnet_t *ifp) 198{ 199 return ifp->if_softc; 200} 201 202static void 203npftest_ifop_setmeta(npf_t *npf __unused, ifnet_t *ifp, void *arg) 204{ 205 ifp->if_softc = arg; 206} 207 208/* 209 * State sampler - this routine is called from inside of NPF state engine. 210 */ 211static void 212npf_state_sample(npf_state_t *nst, bool retval) 213{ 214 /* Pointer will serve as an ID. */ 215 cstream_ptr = nst; 216 memcpy(&cstream_state, nst, sizeof(npf_state_t)); 217 cstream_retval = retval; 218} 219 220int 221npf_test_statetrack(const void *data, size_t len, ifnet_t *ifp, 222 bool forw, int64_t *result) 223{ 224 npf_t *npf = npf_getkernctx(); 225 struct mbuf *m; 226 int i = 0, error; 227 228 m = mbuf_getwithdata(data, len); 229 error = npfk_packet_handler(npf, &m, ifp, forw ? PFIL_OUT : PFIL_IN); 230 if (error) { 231 assert(m == NULL); 232 return error; 233 } 234 assert(m != NULL); 235 m_freem(m); 236 237 const int di = forw ? NPF_FLOW_FORW : NPF_FLOW_BACK; 238 npf_tcpstate_t *fstate = &cstream_state.nst_tcpst[di]; 239 npf_tcpstate_t *tstate = &cstream_state.nst_tcpst[!di]; 240 241 result[i++] = (intptr_t)cstream_ptr; 242 result[i++] = cstream_retval; 243 result[i++] = cstream_state.nst_state; 244 245 result[i++] = fstate->nst_end; 246 result[i++] = fstate->nst_maxend; 247 result[i++] = fstate->nst_maxwin; 248 result[i++] = fstate->nst_wscale; 249 250 result[i++] = tstate->nst_end; 251 result[i++] = tstate->nst_maxend; 252 result[i++] = tstate->nst_maxwin; 253 result[i++] = tstate->nst_wscale; 254 255 return 0; 256} 257 258int 259npf_inet_pton(int af, const char *src, void *dst) 260{ 261 return _pton_func(af, src, dst); 262} 263 264const char * 265npf_inet_ntop(int af, const void *src, char *dst, socklen_t size) 266{ 267 return _ntop_func(af, src, dst, size); 268} 269 270#ifdef _KERNEL 271/* 272 * Need to override cprng_fast32() -- we need deterministic PRNG. 273 */ 274uint32_t 275cprng_fast32(void) 276{ 277 return (uint32_t)(_random_func ? _random_func() : random()); 278} 279#endif 280