1 /*
2 * NPF initialisation and handler routines.
3 *
4 * Public Domain.
5 */
6
7 #ifdef _KERNEL
8 #include <sys/types.h>
9 #include <sys/cprng.h>
10 #include <sys/kmem.h>
11 #include <net/if.h>
12 #include <net/if_types.h>
13 #endif
14
15 #include "npf_impl.h"
16 #include "npf_test.h"
17
18 /* State of the current stream. */
19 static npf_state_t cstream_state;
20 static void * cstream_ptr;
21 static bool cstream_retval;
22
23 static long (*_random_func)(void);
24 static int (*_pton_func)(int, const char *, void *);
25 static const char * (*_ntop_func)(int, const void *, char *, socklen_t);
26
27 static void npf_state_sample(npf_state_t *, bool);
28
29 static void load_npf_config_ifs(nvlist_t *, bool);
30
31 #ifndef __NetBSD__
32 /*
33 * Standalone NPF: we define the same struct ifnet members
34 * to reduce the npf_ifops_t implementation differences.
35 */
36 struct ifnet {
37 char if_xname[32];
38 void * if_softc;
39 TAILQ_ENTRY(ifnet) if_list;
40 };
41 #endif
42
43 static TAILQ_HEAD(, ifnet) npftest_ifnet_list =
44 TAILQ_HEAD_INITIALIZER(npftest_ifnet_list);
45
46 static const char * npftest_ifop_getname(npf_t *, ifnet_t *);
47 static ifnet_t * npftest_ifop_lookup(npf_t *, const char *);
48 static void npftest_ifop_flush(npf_t *, void *);
49 static void * npftest_ifop_getmeta(npf_t *, const ifnet_t *);
50 static void npftest_ifop_setmeta(npf_t *, ifnet_t *, void *);
51
52 const npf_ifops_t npftest_ifops = {
53 .getname = npftest_ifop_getname,
54 .lookup = npftest_ifop_lookup,
55 .flush = npftest_ifop_flush,
56 .getmeta = npftest_ifop_getmeta,
57 .setmeta = npftest_ifop_setmeta,
58 };
59
60 void
npf_test_init(int (* pton_func)(int,const char *,void *),const char * (* ntop_func)(int,const void *,char *,socklen_t),long (* rndfunc)(void))61 npf_test_init(int (*pton_func)(int, const char *, void *),
62 const char *(*ntop_func)(int, const void *, char *, socklen_t),
63 long (*rndfunc)(void))
64 {
65 npf_t *npf;
66
67 #ifdef __NetBSD__
68 // XXX: Workaround for npf_init()
69 if ((npf = npf_getkernctx()) != NULL) {
70 npf_worker_discharge(npf);
71 npf_worker_sysfini();
72 }
73 #endif
74 npf = npfk_create(0, &npftest_mbufops, &npftest_ifops, NULL);
75 npfk_thread_register(npf);
76 npf_setkernctx(npf);
77
78 npf_state_setsampler(npf_state_sample);
79 _pton_func = pton_func;
80 _ntop_func = ntop_func;
81 _random_func = rndfunc;
82
83 (void)npf_test_addif(IFNAME_DUMMY, false, false);
84 }
85
86 void
npf_test_fini(void)87 npf_test_fini(void)
88 {
89 npf_t *npf = npf_getkernctx();
90
91 npfk_thread_unregister(npf);
92 npfk_destroy(npf);
93 }
94
95 int
npf_test_load(const void * buf,size_t len,bool verbose)96 npf_test_load(const void *buf, size_t len, bool verbose)
97 {
98 nvlist_t *npf_dict;
99 npf_error_t error;
100 int ret;
101
102 npf_dict = nvlist_unpack(buf, len, 0);
103 if (!npf_dict) {
104 printf("%s: could not unpack the nvlist\n", __func__);
105 return EINVAL;
106 }
107 load_npf_config_ifs(npf_dict, verbose);
108 ret = npfk_load(npf_getkernctx(), npf_dict, &error);
109 nvlist_destroy(npf_dict);
110 return ret;
111 }
112
113 ifnet_t *
npf_test_addif(const char * ifname,bool reg,bool verbose)114 npf_test_addif(const char *ifname, bool reg, bool verbose)
115 {
116 npf_t *npf = npf_getkernctx();
117 ifnet_t *ifp = kmem_zalloc(sizeof(*ifp), KM_SLEEP);
118
119 /*
120 * This is a "fake" interface with explicitly set index.
121 * Note: test modules may not setup pfil(9) hooks and if_attach()
122 * may not trigger npf_ifmap_attach(), so we call it manually.
123 */
124 strlcpy(ifp->if_xname, ifname, sizeof(ifp->if_xname));
125 TAILQ_INSERT_TAIL(&npftest_ifnet_list, ifp, if_list);
126
127 npfk_ifmap_attach(npf, ifp);
128 if (reg) {
129 npf_ifmap_register(npf, ifname);
130 }
131
132 if (verbose) {
133 printf("+ Interface %s\n", ifname);
134 }
135 return ifp;
136 }
137
138 ifnet_t *
npf_test_getif(const char * ifname)139 npf_test_getif(const char *ifname)
140 {
141 ifnet_t *ifp;
142
143 TAILQ_FOREACH(ifp, &npftest_ifnet_list, if_list) {
144 if (!strcmp(ifp->if_xname, ifname))
145 return ifp;
146 }
147 return NULL;
148 }
149
150 static void
load_npf_config_ifs(nvlist_t * npf_dict,bool verbose)151 load_npf_config_ifs(nvlist_t *npf_dict, bool verbose)
152 {
153 const nvlist_t * const *iflist;
154 const nvlist_t *dbg_dict;
155 size_t nitems;
156
157 dbg_dict = dnvlist_get_nvlist(npf_dict, "debug", NULL);
158 if (!dbg_dict) {
159 return;
160 }
161 if (!nvlist_exists_nvlist_array(dbg_dict, "interfaces")) {
162 return;
163 }
164 iflist = nvlist_get_nvlist_array(dbg_dict, "interfaces", &nitems);
165 for (unsigned i = 0; i < nitems; i++) {
166 const nvlist_t *ifdict = iflist[i];
167 const char *ifname;
168
169 if ((ifname = nvlist_get_string(ifdict, "name")) != NULL) {
170 (void)npf_test_addif(ifname, true, verbose);
171 }
172 }
173 }
174
175 static const char *
npftest_ifop_getname(npf_t * npf __unused,ifnet_t * ifp)176 npftest_ifop_getname(npf_t *npf __unused, ifnet_t *ifp)
177 {
178 return ifp->if_xname;
179 }
180
181 static ifnet_t *
npftest_ifop_lookup(npf_t * npf __unused,const char * ifname)182 npftest_ifop_lookup(npf_t *npf __unused, const char *ifname)
183 {
184 return npf_test_getif(ifname);
185 }
186
187 static void
npftest_ifop_flush(npf_t * npf __unused,void * arg)188 npftest_ifop_flush(npf_t *npf __unused, void *arg)
189 {
190 ifnet_t *ifp;
191
192 TAILQ_FOREACH(ifp, &npftest_ifnet_list, if_list)
193 ifp->if_softc = arg;
194 }
195
196 static void *
npftest_ifop_getmeta(npf_t * npf __unused,const ifnet_t * ifp)197 npftest_ifop_getmeta(npf_t *npf __unused, const ifnet_t *ifp)
198 {
199 return ifp->if_softc;
200 }
201
202 static void
npftest_ifop_setmeta(npf_t * npf __unused,ifnet_t * ifp,void * arg)203 npftest_ifop_setmeta(npf_t *npf __unused, ifnet_t *ifp, void *arg)
204 {
205 ifp->if_softc = arg;
206 }
207
208 /*
209 * State sampler - this routine is called from inside of NPF state engine.
210 */
211 static void
npf_state_sample(npf_state_t * nst,bool retval)212 npf_state_sample(npf_state_t *nst, bool retval)
213 {
214 /* Pointer will serve as an ID. */
215 cstream_ptr = nst;
216 memcpy(&cstream_state, nst, sizeof(npf_state_t));
217 cstream_retval = retval;
218 }
219
220 int
npf_test_statetrack(const void * data,size_t len,ifnet_t * ifp,bool forw,int64_t * result)221 npf_test_statetrack(const void *data, size_t len, ifnet_t *ifp,
222 bool forw, int64_t *result)
223 {
224 npf_t *npf = npf_getkernctx();
225 struct mbuf *m;
226 int i = 0, error;
227
228 m = mbuf_getwithdata(data, len);
229 error = npfk_packet_handler(npf, &m, ifp, forw ? PFIL_OUT : PFIL_IN);
230 if (error) {
231 assert(m == NULL);
232 return error;
233 }
234 assert(m != NULL);
235 m_freem(m);
236
237 const int di = forw ? NPF_FLOW_FORW : NPF_FLOW_BACK;
238 npf_tcpstate_t *fstate = &cstream_state.nst_tcpst[di];
239 npf_tcpstate_t *tstate = &cstream_state.nst_tcpst[!di];
240
241 result[i++] = (intptr_t)cstream_ptr;
242 result[i++] = cstream_retval;
243 result[i++] = cstream_state.nst_state;
244
245 result[i++] = fstate->nst_end;
246 result[i++] = fstate->nst_maxend;
247 result[i++] = fstate->nst_maxwin;
248 result[i++] = fstate->nst_wscale;
249
250 result[i++] = tstate->nst_end;
251 result[i++] = tstate->nst_maxend;
252 result[i++] = tstate->nst_maxwin;
253 result[i++] = tstate->nst_wscale;
254
255 return 0;
256 }
257
258 int
npf_inet_pton(int af,const char * src,void * dst)259 npf_inet_pton(int af, const char *src, void *dst)
260 {
261 return _pton_func(af, src, dst);
262 }
263
264 const char *
npf_inet_ntop(int af,const void * src,char * dst,socklen_t size)265 npf_inet_ntop(int af, const void *src, char *dst, socklen_t size)
266 {
267 return _ntop_func(af, src, dst, size);
268 }
269
270 #ifdef _KERNEL
271 /*
272 * Need to override cprng_fast32() -- we need deterministic PRNG.
273 */
274 uint32_t
cprng_fast32(void)275 cprng_fast32(void)
276 {
277 return (uint32_t)(_random_func ? _random_func() : random());
278 }
279 #endif
280