PERFORCE change 142900 for review

Gleb Kurtsou gk at FreeBSD.org
Wed Jun 4 18:43:43 UTC 2008 

http://perforce.freebsd.org/chv.cgi?CH=142900

Change 142900 by gk at gk_h1 on 2008/06/04 18:43:03

	introduce interface flags IFF_L2FILTER, IFF_L2TAG
	IFF_L2FILTER - perform layer2 filtering on interface
	IFF_L2TAG - add tag containing ethernet header to mbuf
	support flags in ifconfig

Affected files ...

.. //depot/projects/soc2008/gk_l2filter/sbin-ifconfig/ifconfig.c#2 edit
.. //depot/projects/soc2008/gk_l2filter/sys-net/if.h#2 edit
.. //depot/projects/soc2008/gk_l2filter/sys-net/if_bridge.c#3 edit
.. //depot/projects/soc2008/gk_l2filter/sys-net/if_ethersubr.c#3 edit
.. //depot/projects/soc2008/gk_l2filter/sys-netinet/ip_fw_pfil.c#5 edit

Differences ...

==== //depot/projects/soc2008/gk_l2filter/sbin-ifconfig/ifconfig.c#2 (text+ko) ====

@@ -772,7 +772,7 @@
 #define	IFFBITS \
 "\020\1UP\2BROADCAST\3DEBUG\4LOOPBACK\5POINTOPOINT\6SMART\7RUNNING" \
 "\10NOARP\11PROMISC\12ALLMULTI\13OACTIVE\14SIMPLEX\15LINK0\16LINK1\17LINK2" \
-"\20MULTICAST\22PPROMISC\23MONITOR\24STATICARP\25NEEDSGIANT"
+"\20MULTICAST\22PPROMISC\23MONITOR\24STATICARP\25NEEDSGIANT\26L2FILTER\27L2TAG"
 
 #define	IFCAPBITS \
 "\020\1RXCSUM\2TXCSUM\3NETCONS\4VLAN_MTU\5VLAN_HWTAGGING\6JUMBO_MTU\7POLLING" \
@@ -1009,6 +1009,10 @@
 	DEF_CMD("-monitor",	-IFF_MONITOR,	setifflags),
 	DEF_CMD("staticarp",	IFF_STATICARP,	setifflags),
 	DEF_CMD("-staticarp",	-IFF_STATICARP,	setifflags),
+	DEF_CMD("l2filter",	IFF_L2FILTER,	setifflags),
+	DEF_CMD("-l2filter",	-IFF_L2FILTER,	setifflags),
+	DEF_CMD("l2tag",	IFF_L2TAG,	setifflags),
+	DEF_CMD("-l2tag",	-IFF_L2TAG,	setifflags),
 	DEF_CMD("rxcsum",	IFCAP_RXCSUM,	setifcap),
 	DEF_CMD("-rxcsum",	-IFCAP_RXCSUM,	setifcap),
 	DEF_CMD("txcsum",	IFCAP_TXCSUM,	setifcap),

==== //depot/projects/soc2008/gk_l2filter/sys-net/if.h#2 (text+ko) ====

@@ -150,6 +150,8 @@
 #define	IFF_MONITOR	0x40000		/* (n) user-requested monitor mode */
 #define	IFF_STATICARP	0x80000		/* (n) static ARP */
 #define	IFF_NEEDSGIANT	0x100000	/* (i) hold Giant over if_start calls */
+#define	IFF_L2FILTER	0x200000	/* (n) perform layer2 filtering on interface */
+#define	IFF_L2TAG	0x400000	/* (n) tag packets with layer2 header */
 
 /*
  * Old names for driver flags so that user space tools can continue to use

==== //depot/projects/soc2008/gk_l2filter/sys-net/if_bridge.c#3 (text+ko) ====

@@ -339,16 +339,12 @@
 static int pfil_onlyip = 1; /* only pass IP[46] packets when pfil is enabled */
 static int pfil_bridge = 1; /* run pfil hooks on the bridge interface */
 static int pfil_member = 1; /* run pfil hooks on the member interface */
-/* GK_XXX should be if flag */
-static int pfil_layer2 = 0;   /* layer2 filter with PFIL */
 static int pfil_layer2_arp = 0;   /* layer2 filter with PFIL */
 static int pfil_local_phys = 0; /* run pfil hooks on the physical interface for
                                    locally destined packets */
 static int log_stp   = 0;   /* log STP state changes */
 SYSCTL_INT(_net_link_bridge, OID_AUTO, pfil_onlyip, CTLFLAG_RW,
     &pfil_onlyip, 0, "Only pass IP packets when pfil is enabled");
-SYSCTL_INT(_net_link_bridge, OID_AUTO, pfil_layer2, CTLFLAG_RW,
-    &pfil_layer2, 0, "Filter packets through PFIL layer2");
 SYSCTL_INT(_net_link_bridge, OID_AUTO, pfil_layer2_arp, CTLFLAG_RW,
     &pfil_layer2_arp, 0, "Filter ARP packets through PFIL layer2");
 SYSCTL_INT(_net_link_bridge, OID_AUTO, pfil_bridge, CTLFLAG_RW,
@@ -1710,7 +1706,7 @@
 		return;
 	}
 
-	if (PFIL_HOOKED(&ether_pfil_hook) && pfil_layer2 != 0) {
+	if (PFIL_HOOKED(&ether_pfil_hook)) {
 		if (bridge_pfil(&m, sc->sc_ifp, ifp, PFIL_OUT) != 0)
 			return;
 		if (m == NULL)
@@ -2852,7 +2848,7 @@
 	KASSERT(M_WRITABLE(*mp), ("%s: modifying a shared mbuf", __func__));
 #endif
 
-	if (pfil_bridge == 0 && pfil_member == 0 && pfil_layer2 == 0)
+	if (pfil_bridge == 0 && pfil_member == 0 && (ifp->if_flags & IFF_L2FILTER) == 0)
 		return (0); /* filtering is disabled */
 
 	i = min((*mp)->m_pkthdr.len, max_protohdr);
@@ -2913,8 +2909,8 @@
 				goto bad;
 	}
 
-	/* GK_XXX */
-	if (PFIL_HOOKED(&ether_pfil_hook) && pfil_layer2 != 0 && dir == PFIL_OUT && ifp != NULL) {
+	if (PFIL_HOOKED(&ether_pfil_hook) && (ifp->if_flags & IFF_L2FILTER) &&
+			dir == PFIL_OUT && ifp != NULL) {
 		if (pfil_run_hooks(&ether_pfil_hook, mp, ifp, PFIL_OUT, NULL) != 0)
 			return EACCES;
 	}
@@ -2951,14 +2947,12 @@
 
 	error = 0;
 
-	/* GK_XXX */
-	/*
-	 * XXX: conditionally allocate mtag
-	 */
-	mtag_ether_header = m_tag_alloc(MTAG_ETHER, MTAG_ETHER_HEADER, ETHER_HDR_LEN, M_NOWAIT);
-	if (mtag_ether_header != NULL) {
-		memcpy(mtag_ether_header + 1, &eh2, ETHER_HDR_LEN);
-		m_tag_prepend(*mp, mtag_ether_header);
+	if (ifp->if_flags & IFF_L2TAG) {
+		mtag_ether_header = m_tag_alloc(MTAG_ETHER, MTAG_ETHER_HEADER, ETHER_HDR_LEN, M_NOWAIT);
+		if (mtag_ether_header != NULL) {
+			memcpy(mtag_ether_header + 1, &eh2, ETHER_HDR_LEN);
+			m_tag_prepend(*mp, mtag_ether_header);
+		}
 	}
 
 	/*

==== //depot/projects/soc2008/gk_l2filter/sys-net/if_ethersubr.c#3 (text+ko) ====

@@ -381,8 +381,7 @@
 {
 	int error = 0;
 
-	/* GK_XXX */
-	if (PFIL_HOOKED(&ether_pfil_hook))
+	if (PFIL_HOOKED(&ether_pfil_hook) && (ifp->if_flags & IFF_L2FILTER))
 		error = pfil_run_hooks(&ether_pfil_hook, &m, ifp, PFIL_OUT, NULL);
 	if (m == NULL)
 		return 0;	/* consumed e.g. in a pipe */
@@ -605,8 +604,8 @@
 	 * Allow pfil to claim the frame.
 	 * Do not do this for PROMISC frames in case we are re-entered.
 	 */
-	/* GK_XXX */
-	if (PFIL_HOOKED(&ether_pfil_hook) && !(m->m_flags & M_PROMISC)) {
+	if (PFIL_HOOKED(&ether_pfil_hook) && (ifp->if_flags & IFF_L2FILTER) &&
+			!(m->m_flags & M_PROMISC)) {
 		if (pfil_run_hooks(&ether_pfil_hook, &m, ifp, PFIL_IN, NULL) != 0)
 			return;
 	}
@@ -641,13 +640,12 @@
 		return;
 	}
 
-	/*
-	 * XXX: conditionally allocate mtag
-	 */
-	mtag_ether_header = m_tag_alloc(MTAG_ETHER, MTAG_ETHER_HEADER, ETHER_HDR_LEN, M_NOWAIT);
-	if (mtag_ether_header != NULL) {
-		memcpy(mtag_ether_header + 1, eh, ETHER_HDR_LEN);
-		m_tag_prepend(m, mtag_ether_header);
+	if (ifp->if_flags & IFF_L2TAG) {
+		mtag_ether_header = m_tag_alloc(MTAG_ETHER, MTAG_ETHER_HEADER, ETHER_HDR_LEN, M_NOWAIT);
+		if (mtag_ether_header != NULL) {
+			memcpy(mtag_ether_header + 1, eh, ETHER_HDR_LEN);
+			m_tag_prepend(m, mtag_ether_header);
+		}
 	}
 
 	/*

==== //depot/projects/soc2008/gk_l2filter/sys-netinet/ip_fw_pfil.c#5 (text+ko) ====

@@ -449,13 +449,6 @@
 		return 0; /* packet already partially processed */
 
 	args.m = *m0;
-	/*
-	args.oif = ifp;
-	*/
-	/* GK_XXX */
-	/*
-	 * perform layer2 filtering only
-	 */
 	args.flags = IP_FW_ARGS_LAYER2;
 	args.eh = mtod(*m0, struct ether_header *);
 	args.inp = inp;
@@ -502,10 +495,6 @@
 
 	args.m = *m0;
 	args.oif = ifp;
-	/* GK_XXX */
-	/*
-	 * perform layer2 filtering only
-	 */
 	args.flags = IP_FW_ARGS_LAYER2;
 	args.eh = mtod(*m0, struct ether_header *);
 	args.inp = inp;

More information about the p4-projects mailing list