Re: [PATCH libnetfilter_queue 1/2] src: doc: Major re-work of user packet buffer documentation

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi Pablo,

On Mon, Nov 18, 2019 at 02:36:37PM +1100, Duncan Roe wrote:
> Divide functions into a hierarchy:
>  top-level: Functions all programs that modify data will use
>  2nd-level: Rarely-used functions
>  3rd-level: Functions not to use (should have been declared static)
> Only the top-level functions appear on the "User-space network packet buffer"
> page, which looks a lot less daunting than it used to.
>
> Parameter descriptions all match prototypes
>
> All non-void functions have a "Returns" paragraph
>
> Code change:
>
>  pktb_alloc: set errno to EPROTONOSUPPORT before doing error return because
>              protocol is not supported
>
> Detailed other updates (top-level)
>
>  pktb_alloc: - Add "Errors" para
>              - Add "See also" para
>
>  pktb_data, pktb_len: Add "appropriate use" line
>
>  pktb_mangle: Add warning to use a different function unless mangling MAC hddr
>
>  pktb_mangled: Add usage hint line
>
> Detailed other updates (2nd-level)
>
>  pktb_mac_header: Point out only for AF_BRIDGE
>
>  pktb_tailroom: Point out no dynamic expansion
>
>  pktb_transport_header: Add note that programmer must code to set this
>
> Signed-off-by: Duncan Roe <duncan_roe@xxxxxxxxxxxxxxx>
> ---
>  src/extra/pktbuff.c | 154 +++++++++++++++++++++++++++++++++++++++-------------
>  1 file changed, 117 insertions(+), 37 deletions(-)
>
> diff --git a/src/extra/pktbuff.c b/src/extra/pktbuff.c
> index f1f8323..26d7ca8 100644
> --- a/src/extra/pktbuff.c
> +++ b/src/extra/pktbuff.c
> @@ -9,6 +9,7 @@
>   * This code has been sponsored by Vyatta Inc. <http://www.vyatta.com>
>   */
>
> +#include <errno.h>
>  #include <stdlib.h>
>  #include <string.h> /* for memcpy */
>  #include <stdbool.h>
> @@ -30,7 +31,8 @@
>
>  /**
>   * pktb_alloc - allocate a new packet buffer
> - * \param family Indicate what family, eg. AF_BRIDGE, AF_INET, AF_INET6, ...
> + * \param family Indicate what family. Currently supported families are
> + * AF_BRIDGE, AF_INET & AF_INET6.
>   * \param data Pointer to packet data
>   * \param len Packet length
>   * \param extra Extra memory in the tail to be allocated (for mangling)
> @@ -38,7 +40,13 @@
>   * This function returns a packet buffer that contains the packet data and
>   * some extra memory room in the tail (if requested).
>   *
> - * \return a pointer to a new queue handle or NULL on failure.
> + * \return Pointer to a new userspace packet buffer or NULL on failure.
> + * \par Errors
> + * __ENOMEM__ From __calloc__()
> + * \n
> + * __EPROTONOSUPPORT__ _family_ was __AF_BRIDGE__ and this is not an IP packet
> + * (v4 or v6)
> + * \sa __calloc__(3)
>   */
>  EXPORT_SYMBOL
>  struct pkt_buff *pktb_alloc(int family, void *data, size_t len, size_t extra)
> @@ -78,6 +86,7 @@ struct pkt_buff *pktb_alloc(int family, void *data, size_t len, size_t extra)
>  			break;
>  		default:
>  			/* This protocol is unsupported. */
> +			errno = EPROTONOSUPPORT;
>  			free(pktb);
>  			return NULL;
>  		}
> @@ -88,8 +97,12 @@ struct pkt_buff *pktb_alloc(int family, void *data, size_t len, size_t extra)
>  }
>
>  /**
> - * pktb_data - return pointer to the beginning of the packet buffer
> - * \param pktb Pointer to packet buffer
> + * pktb_data - get pointer to network packet
> + * \param pktb Pointer to userspace packet buffer
> + * \return Pointer to start of network packet data within __pktb__
> + * \par
> + * It is appropriate to use _pktb_data_ as the second argument of
> + * nfq_nlmsg_verdict_put_pkt()
>   */
>  EXPORT_SYMBOL
>  uint8_t *pktb_data(struct pkt_buff *pktb)
> @@ -99,7 +112,11 @@ uint8_t *pktb_data(struct pkt_buff *pktb)
>
>  /**
>   * pktb_len - return length of the packet buffer
> - * \param pktb Pointer to packet buffer
> + * \param pktb Pointer to userspace packet buffer
> + * \return Length of packet contained within __pktb__
> + * \par
> + * It is appropriate to use _pktb_len_ as the third argument of
> + * nfq_nlmsg_verdict_put_pkt()
>   */
>  EXPORT_SYMBOL
>  uint32_t pktb_len(struct pkt_buff *pktb)
> @@ -109,7 +126,7 @@ uint32_t pktb_len(struct pkt_buff *pktb)
>
>  /**
>   * pktb_free - release packet buffer
> - * \param pktb Pointer to packet buffer
> + * \param pktb Pointer to userspace packet buffer
>   */
>  EXPORT_SYMBOL
>  void pktb_free(struct pkt_buff *pktb)
> @@ -118,8 +135,35 @@ void pktb_free(struct pkt_buff *pktb)
>  }
>
>  /**
> - * pktb_push - update pointer to the beginning of the packet buffer
> - * \param pktb Pointer to packet buffer
> + * \defgroup otherfns Other functions
> + *
> + * The library provides a number of other functions which many user-space
> + * programs will never need. These divide into 2 groups:
> + * \n
> + * 1. Functions to get values of members of opaque __struct pktbuff__, described
> + * below
> + * \n
> + * 2. Internal functions, described in Module __Internal functions__
> + *
> + * @{
> + */
> +
> +/**
> + * \defgroup uselessfns Internal functions
> + *
> + * \warning Do not use these functions. Instead, always use the mangle
> + * function appropriate to the level at which you are working.
> + * \n
> + * pktb_mangle() uses all the below functions except _pktb_pull_, which is not
> + * used by anything.
> + *
> + * @{
> + */
> +
> +/**
> + * pktb_push - decrement pointer to packet buffer
> + * \param pktb Pointer to userspace packet buffer
> + * \param len Number of bytes to subtract from packet start address
>   */
>  EXPORT_SYMBOL
>  void pktb_push(struct pkt_buff *pktb, unsigned int len)
> @@ -129,8 +173,9 @@ void pktb_push(struct pkt_buff *pktb, unsigned int len)
>  }
>
>  /**
> - * pktb_pull - update pointer to the beginning of the packet buffer
> - * \param pktb Pointer to packet buffer
> + * pktb_pull - increment pointer to packet buffer
> + * \param pktb Pointer to userspace packet buffer
> + * \param len Number of bytes to add to packet start address
>   */
>  EXPORT_SYMBOL
>  void pktb_pull(struct pkt_buff *pktb, unsigned int len)
> @@ -141,7 +186,8 @@ void pktb_pull(struct pkt_buff *pktb, unsigned int len)
>
>  /**
>   * pktb_put - add extra bytes to the tail of the packet buffer
> - * \param pktb Pointer to packet buffer
> + * \param pktb Pointer to userspace packet buffer
> + * \param len Number of bytes to add to packet tail (and length)
>   */
>  EXPORT_SYMBOL
>  void pktb_put(struct pkt_buff *pktb, unsigned int len)
> @@ -152,7 +198,8 @@ void pktb_put(struct pkt_buff *pktb, unsigned int len)
>
>  /**
>   * pktb_trim - set new length for this packet buffer
> - * \param pktb Pointer to packet buffer
> + * \param pktb Pointer to userspace packet buffer
> + * \param len New packet length (tail is adjusted to reflect this)
>   */
>  EXPORT_SYMBOL
>  void pktb_trim(struct pkt_buff *pktb, unsigned int len)
> @@ -162,8 +209,17 @@ void pktb_trim(struct pkt_buff *pktb, unsigned int len)
>  }
>
>  /**
> - * pktb_tailroom - get room in bytes in the tail of the packet buffer
> - * \param pktb Pointer to packet buffer
> + * @}
> + */
> +
> +/**
> + * pktb_tailroom - get room available for packet expansion
> + * \param pktb Pointer to userspace packet buffer
> + * \return room in bytes after the tail of the packet buffer
> + * \n
> + * This starts off as the __extra__ argument to pktb_alloc().
> + * Programmers should ensure this __extra__ argument is sufficient for any
> + * packet mangle, as packet buffers cannot be expanded dynamically.
>   */
>  EXPORT_SYMBOL
>  unsigned int pktb_tailroom(struct pkt_buff *pktb)
> @@ -172,8 +228,11 @@ unsigned int pktb_tailroom(struct pkt_buff *pktb)
>  }
>
>  /**
> - * pktb_mac_header - return pointer to layer 2 header (if any)
> - * \param pktb Pointer to packet buffer
> + * pktb_mac_header - get address of layer 2 header (if any)
> + * \param pktb Pointer to userspace packet buffer
> + * \return Pointer to MAC header or NULL if no such header present.
> + * \n
> + * Only packet buffers in family __AF_BRIDGE__ have a non-NULL MAC header.
>   */
>  EXPORT_SYMBOL
>  uint8_t *pktb_mac_header(struct pkt_buff *pktb)
> @@ -182,8 +241,10 @@ uint8_t *pktb_mac_header(struct pkt_buff *pktb)
>  }
>
>  /**
> - * pktb_network_header - return pointer to layer 3 header
> - * \param pktb Pointer to packet buffer
> + * pktb_network_header - get address of layer 3 header
> + * \param pktb Pointer to userspace packet buffer
> + * \return Pointer to layer 3 header or NULL if the packet buffer was created
> + * with an unsupported family
>   */
>  EXPORT_SYMBOL
>  uint8_t *pktb_network_header(struct pkt_buff *pktb)
> @@ -192,8 +253,13 @@ uint8_t *pktb_network_header(struct pkt_buff *pktb)
>  }
>
>  /**
> - * pktb_transport_header - return pointer to layer 4 header (if any)
> - * \param pktb Pointer to packet buffer
> + * pktb_transport_header - get address of layer 4 header (if known)
> + * \param pktb Pointer to userspace packet buffer
> + * \return Pointer to layer 4 header or NULL if not (yet) set
> + * \note
> + * Unlike the lower-level headers, it is the programmer's responsibility to
> + * create the level 4 (transport) header pointer by caling e.g.
> + * nfq_ip_set_transport_header()
>   */
>  EXPORT_SYMBOL
>  uint8_t *pktb_transport_header(struct pkt_buff *pktb)
> @@ -201,6 +267,10 @@ uint8_t *pktb_transport_header(struct pkt_buff *pktb)
>  	return pktb->transport_header;
>  }
>
> +/**
> + * @}
> + */
> +
>  static int pktb_expand_tail(struct pkt_buff *pkt, int extra)
>  {
>  	/* No room in packet, cannot mangle it. We don't support dynamic
> @@ -228,19 +298,24 @@ static int enlarge_pkt(struct pkt_buff *pkt, unsigned int extra)
>
>  /**
>   * pktb_mangle - adjust contents of a packet
> - * \param pkt Pointer to packet buffer
> + * \param pktb Pointer to userspace packet buffer
>   * \param dataoff Offset to layer 4 header. Specify zero to access layer 3 (IP)
> - * header
> + * header (layer 2 for family \b AF_BRIDGE)
>   * \param match_offset Further offset to content that you want to mangle
>   * \param match_len Length of the existing content you want to mangle
>   * \param rep_buffer Pointer to data you want to use to replace current content
>   * \param rep_len Length of data you want to use to replace current content
>   * \returns 1 for success and 0 for failure. Failure will occur if the \b extra
> - * argument to the pktb_alloc() call that created \b pkt is less than the excess
> - * of \b rep_len over \b match_len
> + * argument to the pktb_alloc() call that created \b pktb is less than the
> + * excess of \b rep_len over \b match_len
> + \warning pktb_mangle does not update any checksums. Developers should use the
> + appropriate mangler for the protocol level: nfq_ip_mangle(),
> + nfq_tcp_mangle_ipv4() or nfq_udp_mangle_ipv4(). IPv6 versions are planned.
> + \n
> + It is appropriate to use pktb_mangle to change the MAC header.
>   */
>  EXPORT_SYMBOL
> -int pktb_mangle(struct pkt_buff *pkt,
> +int pktb_mangle(struct pkt_buff *pktb,
>  		unsigned int dataoff,
>  		unsigned int match_offset,
>  		unsigned int match_len,
> @@ -250,39 +325,44 @@ int pktb_mangle(struct pkt_buff *pkt,
>  	unsigned char *data;
>
>  	if (rep_len > match_len &&
> -	    rep_len - match_len > pktb_tailroom(pkt) &&
> -	    !enlarge_pkt(pkt, rep_len - match_len))
> +	    rep_len - match_len > pktb_tailroom(pktb) &&
> +	    !enlarge_pkt(pktb, rep_len - match_len))
>  		return 0;
>
> -	data = pkt->network_header + dataoff;
> +	data = pktb->network_header + dataoff;
>
>  	/* move post-replacement */
>  	memmove(data + match_offset + rep_len,
>  		data + match_offset + match_len,
> -		pkt->tail - (pkt->network_header + dataoff +
> +		pktb->tail - (pktb->network_header + dataoff +
>  			     match_offset + match_len));
>
>  	/* insert data from buffer */
>  	memcpy(data + match_offset, rep_buffer, rep_len);
>
> -	/* update pkt info */
> +	/* update packet info */
>  	if (rep_len > match_len)
> -		pktb_put(pkt, rep_len - match_len);
> +		pktb_put(pktb, rep_len - match_len);
>  	else
> -		pktb_trim(pkt, pkt->len + rep_len - match_len);
> +		pktb_trim(pktb, pktb->len + rep_len - match_len);
>
> -	pkt->mangled = true;
> +	pktb->mangled = true;
>  	return 1;
>  }
>
>  /**
> - * pktb_mangled - return true if packet has been mangled
> - * \param pktb Pointer to packet buffer
> + * pktb_mangled - test whether packet has been mangled
> + * \param pktb Pointer to userspace packet buffer
> + * \return __true__ if packet has been mangled (modified), else __false__
> + * \par
> + * When assembling a verdict, it is not necessary to return the contents of
> + * un-modified packets. Use _pktb_mangled_ to decide whether packet contents
> + * need to be returned.
>   */
>  EXPORT_SYMBOL
> -bool pktb_mangled(const struct pkt_buff *pkt)
> +bool pktb_mangled(const struct pkt_buff *pktb)
>  {
> -	return pkt->mangled;
> +	return pktb->mangled;
>  }
>
>  /**
> --
> 2.14.5
>
Did you forget about this one?

Cheers ... Duncan.



[Index of Archives]     [Netfitler Users]     [Berkeley Packet Filter]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux