[access lists] use arrays to access per-protocol functions

Signed-off-by: Fabio M. Di Nitto <fdinitto@redhat.com>

libknet/Makefile.am

@@ -33,6 +33,7 @@ sources			= \
 			  links.c \
 			  links_acl.c \
 			  links_acl_ip.c \
+			  links_acl_loopback.c \
 			  logging.c \
 			  netutils.c \
 			  threads_common.c \
@@ -65,6 +66,7 @@ noinst_HEADERS		= \
 			  links.h \
 			  links_acl.h \
 			  links_acl_ip.h \
+			  links_acl_loopback.h \
 			  logging.h \
 			  netutils.h \
 			  onwire.h \

libknet/internals.h

@@ -265,10 +265,8 @@ extern pthread_rwlock_t shlib_rwlock;       /* global shared lib load lock */
  * to use for access lists and other operations
  */
 
-typedef enum {
-	LOOPBACK,
-	IP_PROTO
-} transport_proto;
+#define TRANSPORT_PROTO_LOOPBACK 0
+#define TRANSPORT_PROTO_IP_PROTO 1
 
 /*
  * some transports like SCTP can filter incoming
@@ -299,7 +297,7 @@ typedef struct knet_transport_ops {
 	const uint8_t transport_id;
 	const uint8_t built_in;
 
-	transport_proto transport_protocol;
+	uint8_t transport_protocol;
 	transport_acl transport_acl_type;
 
 /*

libknet/links_acl.c

@@ -19,6 +19,12 @@
 #include "transport_common.h"
 #include "links_acl.h"
 #include "links_acl_ip.h"
+#include "links_acl_loopback.h"
+
+static check_ops_t proto_check_modules_cmds[] = {
+	{ TRANSPORT_PROTO_LOOPBACK, loopbackcheck_validate, loopbackcheck_add, loopbackcheck_rm, loopbackcheck_rmall },
+	{ TRANSPORT_PROTO_IP_PROTO, ipcheck_validate, ipcheck_addip, ipcheck_rmip, ipcheck_rmall }
+};
 
 /*
  * all those functions will return errno from the
@@ -29,76 +35,31 @@ int check_add(knet_handle_t knet_h, int sock, uint8_t transport,
 	      struct sockaddr_storage *ip1, struct sockaddr_storage *ip2,
 	      check_type_t type, check_acceptreject_t acceptreject)
 {
-	int err = -1;
-
-	switch(transport_get_proto(knet_h, transport)) {
-		case LOOPBACK:
-			errno = 0;
-			err = 0;
-			break;
-		case IP_PROTO:
-			err = ipcheck_addip(&knet_h->knet_transport_fd_tracker[sock].access_list_match_entry_head,
-					    ip1, ip2, type, acceptreject);
-			break;
-		default:
-			break;
-	}
-	return err;
+	return proto_check_modules_cmds[transport_get_proto(knet_h, transport)].protocheck_add(
+			&knet_h->knet_transport_fd_tracker[sock].access_list_match_entry_head,
+			ip1, ip2, type, acceptreject);
 }
 
 int check_rm(knet_handle_t knet_h, int sock, uint8_t transport,
 	     struct sockaddr_storage *ip1, struct sockaddr_storage *ip2,
 	     check_type_t type, check_acceptreject_t acceptreject)
 {
-	int err = -1;
-
-	switch(transport_get_proto(knet_h, transport)) {
-		case LOOPBACK:
-			errno = 0;
-			err = 0;
-			break;
-		case IP_PROTO:
-			err = ipcheck_rmip(&knet_h->knet_transport_fd_tracker[sock].access_list_match_entry_head,
-					   ip1, ip2, type, acceptreject);
-			break;
-		default:
-			break;
-	}
-	return err;
+	return proto_check_modules_cmds[transport_get_proto(knet_h, transport)].protocheck_rm(
+			&knet_h->knet_transport_fd_tracker[sock].access_list_match_entry_head,
+			ip1, ip2, type, acceptreject);
 }
 
 void check_rmall(knet_handle_t knet_h, int sock, uint8_t transport)
 {
-	switch(transport_get_proto(knet_h, transport)) {
-		case LOOPBACK:
-			return;
-			break;
-		case IP_PROTO:
-			ipcheck_rmall(&knet_h->knet_transport_fd_tracker[sock].access_list_match_entry_head);
-			break;
-		default:
-			break;
-	}
+	proto_check_modules_cmds[transport_get_proto(knet_h, transport)].protocheck_rmall(
+		&knet_h->knet_transport_fd_tracker[sock].access_list_match_entry_head);
 }
 
 /*
  * return 0 to reject and 1 to accept a packet
  */
 int check_validate(knet_handle_t knet_h, int sock, uint8_t transport, struct sockaddr_storage *checkip)
 {
-	switch(transport_get_proto(knet_h, transport)) {
-		case LOOPBACK:
-			errno = 0;
-			return 1;
-			break;
-		case IP_PROTO:
-			return ipcheck_validate(&knet_h->knet_transport_fd_tracker[sock].access_list_match_entry_head, checkip);
-			break;
-		default:
-			break;
-	}
-	/*
-	 * reject by default
-	 */
-	return 0;
+	return proto_check_modules_cmds[transport_get_proto(knet_h, transport)].protocheck_validate(
+			&knet_h->knet_transport_fd_tracker[sock].access_list_match_entry_head, checkip);
 }

libknet/links_acl.h

@@ -22,6 +22,22 @@ typedef enum {
 	CHECK_REJECT
 } check_acceptreject_t;
 
+typedef struct {
+	uint8_t				transport_proto;
+
+	int (*protocheck_validate)	(void *fd_tracker_match_entry_head, struct sockaddr_storage *checkip);
+
+	int (*protocheck_add)		(void *fd_tracker_match_entry_head,
+					 struct sockaddr_storage *ip1, struct sockaddr_storage *ip2,
+					 check_type_t type, check_acceptreject_t acceptreject);
+
+	int (*protocheck_rm)		(void *fd_tracker_match_entry_head,
+					 struct sockaddr_storage *ip1, struct sockaddr_storage *ip2,
+					 check_type_t type, check_acceptreject_t acceptreject);
+
+	void (*protocheck_rmall)	(void *fd_tracker_match_entry_head);
+} check_ops_t;
+
 int check_add(knet_handle_t knet_h, int sock, uint8_t transport,
 	      struct sockaddr_storage *ip1, struct sockaddr_storage *ip2,
 	      check_type_t type, check_acceptreject_t acceptreject);

libknet/links_acl_loopback.c

@@ -0,0 +1,41 @@
+/*
+ * Copyright (C) 2016-2018 Red Hat, Inc.  All rights reserved.
+ *
+ * Author: Christine Caulfield <ccaulfie@redhat.com>
+ *
+ * This software licensed under GPL-2.0+, LGPL-2.0+
+ */
+
+#include "config.h"
+
+#include <errno.h>
+
+#include "internals.h"
+#include "logging.h"
+#include "transports.h"
+#include "links_acl.h"
+#include "links_acl_loopback.h"
+
+int loopbackcheck_validate(void *fd_tracker_match_entry_head, struct sockaddr_storage *checkip)
+{
+	return 1;
+}
+
+void loopbackcheck_rmall(void *fd_tracker_match_entry_head)
+{
+	return;
+}
+
+int loopbackcheck_rm(void *fd_tracker_match_entry_head,
+		     struct sockaddr_storage *ip1, struct sockaddr_storage *ip2,
+		     check_type_t type, check_acceptreject_t acceptreject)
+{
+	return 0;
+}
+
+int loopbackcheck_add(void *fd_tracker_match_entry_head,
+		      struct sockaddr_storage *ip1, struct sockaddr_storage *ip2,
+		      check_type_t type, check_acceptreject_t acceptreject)
+{
+	return 0;
+}

libknet/links_acl_loopback.h

@@ -0,0 +1,27 @@
+/*
+ * Copyright (C) 2016-2018 Red Hat, Inc.  All rights reserved.
+ *
+ * Author: Christine Caulfield <ccaulfie@redhat.com>
+ *
+ * This software licensed under GPL-2.0+, LGPL-2.0+
+ */
+
+#ifndef __KNET_LINKS_ACL_LOOPBACK_H__
+#define __KNET_LINKS_ACL_LOOPBACK_H__
+
+#include "internals.h"
+#include "links_acl.h"
+
+int loopbackcheck_validate(void *fd_tracker_match_entry_head, struct sockaddr_storage *checkip);
+
+int loopbackcheck_add(void *fd_tracker_match_entry_head,
+		      struct sockaddr_storage *ip1, struct sockaddr_storage *ip2,
+		      check_type_t type, check_acceptreject_t acceptreject);
+
+int loopbackcheck_rm(void *fd_tracker_match_entry_head,
+		     struct sockaddr_storage *ip1, struct sockaddr_storage *ip2,
+		     check_type_t type, check_acceptreject_t acceptreject);
+
+void loopbackcheck_rmall(void *fd_tracker_match_entry_head);
+
+#endif

libknet/tests/Makefile.am

@@ -79,7 +79,8 @@ int_links_acl_test_SOURCES = int_links_acl.c \
 			     ../transport_sctp.c \
 			     ../transport_udp.c \
 			     ../links_acl.c \
-			     ../links_acl_ip.c
+			     ../links_acl_ip.c \
+			     ../links_acl_loopback.c
 
 int_timediff_test_SOURCES = int_timediff.c
 

libknet/transports.c

@@ -30,11 +30,11 @@
 #define empty_module -1, -1, 0, 0, 0, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL },
 
 static knet_transport_ops_t transport_modules_cmd[KNET_MAX_TRANSPORTS] = {
-	{ "LOOPBACK", KNET_TRANSPORT_LOOPBACK, 1, LOOPBACK, USE_NO_ACL, TRANSPORT_PROTO_NOT_CONNECTION_ORIENTED, KNET_PMTUD_LOOPBACK_OVERHEAD, loopback_transport_init, loopback_transport_free, loopback_transport_link_set_config, loopback_transport_link_clear_config, loopback_transport_link_dyn_connect, loopback_transport_rx_sock_error, loopback_transport_tx_sock_error, loopback_transport_rx_is_data },
-	{ "UDP", KNET_TRANSPORT_UDP, 1, IP_PROTO, USE_GENERIC_ACL, TRANSPORT_PROTO_NOT_CONNECTION_ORIENTED, KNET_PMTUD_UDP_OVERHEAD, udp_transport_init, udp_transport_free, udp_transport_link_set_config, udp_transport_link_clear_config, udp_transport_link_dyn_connect, udp_transport_rx_sock_error, udp_transport_tx_sock_error, udp_transport_rx_is_data },
+	{ "LOOPBACK", KNET_TRANSPORT_LOOPBACK, 1, TRANSPORT_PROTO_LOOPBACK, USE_NO_ACL, TRANSPORT_PROTO_NOT_CONNECTION_ORIENTED, KNET_PMTUD_LOOPBACK_OVERHEAD, loopback_transport_init, loopback_transport_free, loopback_transport_link_set_config, loopback_transport_link_clear_config, loopback_transport_link_dyn_connect, loopback_transport_rx_sock_error, loopback_transport_tx_sock_error, loopback_transport_rx_is_data },
+	{ "UDP", KNET_TRANSPORT_UDP, 1, TRANSPORT_PROTO_IP_PROTO, USE_GENERIC_ACL, TRANSPORT_PROTO_NOT_CONNECTION_ORIENTED, KNET_PMTUD_UDP_OVERHEAD, udp_transport_init, udp_transport_free, udp_transport_link_set_config, udp_transport_link_clear_config, udp_transport_link_dyn_connect, udp_transport_rx_sock_error, udp_transport_tx_sock_error, udp_transport_rx_is_data },
 	{ "SCTP", KNET_TRANSPORT_SCTP,
 #ifdef HAVE_NETINET_SCTP_H
-				       1, IP_PROTO, USE_PROTO_ACL, TRANSPORT_PROTO_IS_CONNECTION_ORIENTED, KNET_PMTUD_SCTP_OVERHEAD, sctp_transport_init, sctp_transport_free, sctp_transport_link_set_config, sctp_transport_link_clear_config, sctp_transport_link_dyn_connect, sctp_transport_rx_sock_error, sctp_transport_tx_sock_error, sctp_transport_rx_is_data },
+				       1, TRANSPORT_PROTO_IP_PROTO, USE_PROTO_ACL, TRANSPORT_PROTO_IS_CONNECTION_ORIENTED, KNET_PMTUD_SCTP_OVERHEAD, sctp_transport_init, sctp_transport_free, sctp_transport_link_set_config, sctp_transport_link_clear_config, sctp_transport_link_dyn_connect, sctp_transport_rx_sock_error, sctp_transport_tx_sock_error, sctp_transport_rx_is_data },
 #else
 empty_module
 #endif