From nobody Fri Oct 07 14:56:23 2022 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4MkWbW68knz4dvcY; Fri, 7 Oct 2022 14:56:23 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4MkWbW5gMfz3yrc; Fri, 7 Oct 2022 14:56:23 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1665154583; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=rsd6Nt+RERwRBhcNu5nPwMS+9B/NecTDIW+D5WDTnWc=; b=t17O5bS6KxWZ7GrgvL0lrtIcx4jh0QLKjBXH8uicO4RBX/F68/iVBvIjzBBqfJWEM/OXdj hG5CUKlIvuL2ywpVv5fTOfbzlVLmdyiZFo+7ALdaCi54N35xH3X7qaqOtT4LIzErSEsNYT zmQ8bbiJy0qidHYGktBoBYB/rheHpEzUOD30kqyPII54hghXzXzJhXDpcHIFj+/FFVgJrT wWeFLT6P8bBrnNk31Xw+Tl6Xi+91x1XgbYzeHAPCilfxqXaEc5my7KN12XBshESd/g0mQ4 R9BR9prk2p+ZXRapABDlZ3ydAz0dmMZW/biLQ7RtG1DXhTuhrYgxMJQT/TkbLw== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4MkWbW4lwMzdTN; Fri, 7 Oct 2022 14:56:23 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 297EuNDR010595; Fri, 7 Oct 2022 14:56:23 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 297EuNqS010594; Fri, 7 Oct 2022 14:56:23 GMT (envelope-from git) Date: Fri, 7 Oct 2022 14:56:23 GMT Message-Id: <202210071456.297EuNqS010594@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Richard Scheffenegger Subject: git: 9c6558383546 - main - siftr: apply filter early on List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-main@freebsd.org X-BeenThere: dev-commits-src-main@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: rscheff X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 9c6558383546fd3eb0fb934625c4c5ade901a6cd Auto-Submitted: auto-generated ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1665154583; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=rsd6Nt+RERwRBhcNu5nPwMS+9B/NecTDIW+D5WDTnWc=; b=ecILlUZ5cYR02Z8x6gvL/MqAmQQFL9lBQfTLWInhoRc4+xBjhG9DbPJYT7UqBgyN6/Xr9U VcqszPiJq8EUcwgGfBLM7sxsFBNd15QuCV7PMfAeb5995aS8VCNre4b8Z7DG0/NmW3j8zJ GwVYbW7lt/Z8t8O6YrKaEOCs4ssomsNUo2YTJyapUoIFxdzXBlK9ImjyLF2OlDJSrvxSKY HNgWLnNn7ibI0ChwsWrti/A02zuiFjVRnqi7xIUD/sKpLLEcewT0BoqzrBQYMtoI2qoki9 opJQeLE+8ojVkZsOUxirzhm3TAExkKGEAZGY+yYdfGCN/klDDp/aTpYQGlcDSg== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1665154583; a=rsa-sha256; cv=none; b=bAsZoL/dkobSAAWfVIG8rT2sSVhYrkFBOE5e9dg+SsTOxHmng+fpoJbLyMgQZlJO3Xtz4k 5iwCDrQaHbhiALNdE02n7tJuTK6HGGv1iytAyMGVdBuey4QPx8DAWKi+d0kWecbe6pbXYz UPIwwx8NuwfJoPji5RDabWUxGUAiCh9oqmVMqaVomRPFCtDF0kzPfzWVaZG3Q3VW40NfH0 SrX24LNIacLlWcKZAMU5E14bp7D++OYG6Qe/83Z3JTn2Qn0qo8EBvQDuN6TBnPuMEeAcNW C1HEP0vBWlXYU2wva4p5fr6AhfRuyEnjWHgKnDpsYLvXko4eRfwtAxCAVlUPTQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none X-ThisMailContainsUnwantedMimeParts: N The branch main has been updated by rscheff: URL: https://cgit.FreeBSD.org/src/commit/?id=9c6558383546fd3eb0fb934625c4c5ade901a6cd commit 9c6558383546fd3eb0fb934625c4c5ade901a6cd Author: Richard Scheffenegger AuthorDate: 2022-10-06 23:31:48 +0000 Commit: Richard Scheffenegger CommitDate: 2022-10-06 23:39:41 +0000 siftr: apply filter early on Quickly check TCP port filter, before investing into expensive operations. No functional change. Obtained from: guest-ccui Reviewed By: #transport, tuexen, guest-ccui Sponsored by: NetApp, Inc. Differential Revision: https://reviews.freebsd.org/D36842 --- sys/netinet/siftr.c | 70 ++++++++++++++++++++++++++--------------------------- 1 file changed, 35 insertions(+), 35 deletions(-) diff --git a/sys/netinet/siftr.c b/sys/netinet/siftr.c index c025c06d7f32..e21d15212979 100644 --- a/sys/netinet/siftr.c +++ b/sys/netinet/siftr.c @@ -853,6 +853,24 @@ siftr_chkpkt(struct mbuf **m, struct ifnet *ifp, int flags, if (ip->ip_p != IPPROTO_TCP) goto ret; + /* + * Create a tcphdr struct starting at the correct offset + * in the IP packet. ip->ip_hl gives the ip header length + * in 4-byte words, so multiply it to get the size in bytes. + */ + ip_hl = (ip->ip_hl << 2); + th = (struct tcphdr *)((caddr_t)ip + ip_hl); + + /* + * Only pkts selected by the tcp port filter + * can be inserted into the pkt_queue + */ + if ((siftr_port_filter != 0) && + (siftr_port_filter != ntohs(th->th_sport)) && + (siftr_port_filter != ntohs(th->th_dport))) { + goto ret; + } + /* * If a kernel subsystem reinjects packets into the stack, our pfil * hook will be called multiple times for the same packet. @@ -866,14 +884,6 @@ siftr_chkpkt(struct mbuf **m, struct ifnet *ifp, int flags, else ss->n_out++; - /* - * Create a tcphdr struct starting at the correct offset - * in the IP packet. ip->ip_hl gives the ip header length - * in 4-byte words, so multiply it to get the size in bytes. - */ - ip_hl = (ip->ip_hl << 2); - th = (struct tcphdr *)((caddr_t)ip + ip_hl); - /* * If the pfil hooks don't provide a pointer to the * inpcb, we need to find it ourselves and lock it. @@ -907,15 +917,6 @@ siftr_chkpkt(struct mbuf **m, struct ifnet *ifp, int flags, goto inp_unlock; } - /* - * Only pkts selected by the tcp port filter - * can be inserted into the pkt_queue - */ - if ((siftr_port_filter != 0) && - (siftr_port_filter != ntohs(inp->inp_lport)) && - (siftr_port_filter != ntohs(inp->inp_fport))) { - goto inp_unlock; - } pn = malloc(sizeof(struct pkt_node), M_SIFTR_PKTNODE, M_NOWAIT|M_ZERO); @@ -1038,6 +1039,23 @@ siftr_chkpkt6(struct mbuf **m, struct ifnet *ifp, int flags, if (ip6->ip6_nxt != IPPROTO_TCP) goto ret6; + /* + * Create a tcphdr struct starting at the correct offset + * in the ipv6 packet. + */ + ip6_hl = sizeof(struct ip6_hdr); + th = (struct tcphdr *)((caddr_t)ip6 + ip6_hl); + + /* + * Only pkts selected by the tcp port filter + * can be inserted into the pkt_queue + */ + if ((siftr_port_filter != 0) && + (siftr_port_filter != ntohs(th->th_sport)) && + (siftr_port_filter != ntohs(th->th_dport))) { + goto ret6; + } + /* * If a kernel subsystem reinjects packets into the stack, our pfil * hook will be called multiple times for the same packet. @@ -1051,15 +1069,6 @@ siftr_chkpkt6(struct mbuf **m, struct ifnet *ifp, int flags, else ss->n_out++; - ip6_hl = sizeof(struct ip6_hdr); - - /* - * Create a tcphdr struct starting at the correct offset - * in the ipv6 packet. ip->ip_hl gives the ip header length - * in 4-byte words, so multiply it to get the size in bytes. - */ - th = (struct tcphdr *)((caddr_t)ip6 + ip6_hl); - /* * For inbound packets, the pfil hooks don't provide a pointer to the * inpcb, so we need to find it ourselves and lock it. @@ -1091,15 +1100,6 @@ siftr_chkpkt6(struct mbuf **m, struct ifnet *ifp, int flags, goto inp_unlock6; } - /* - * Only pkts selected by the tcp port filter - * can be inserted into the pkt_queue - */ - if ((siftr_port_filter != 0) && - (siftr_port_filter != ntohs(inp->inp_lport)) && - (siftr_port_filter != ntohs(inp->inp_fport))) { - goto inp_unlock6; - } pn = malloc(sizeof(struct pkt_node), M_SIFTR_PKTNODE, M_NOWAIT|M_ZERO);