socsvn commit: r272258 - soc2014/dpl/netmap-ipfwjit/sys/netpfil/ipfw
dpl at FreeBSD.org
dpl at FreeBSD.org
Tue Aug 12 09:23:47 UTC 2014
Author: dpl
Date: Tue Aug 12 09:23:45 2014
New Revision: 272258
URL: http://svnweb.FreeBSD.org/socsvn/?view=rev&rev=272258
Log:
Use inspect_pkt()
Modified:
soc2014/dpl/netmap-ipfwjit/sys/netpfil/ipfw/ip_fw2.c
soc2014/dpl/netmap-ipfwjit/sys/netpfil/ipfw/jit.cc
Modified: soc2014/dpl/netmap-ipfwjit/sys/netpfil/ipfw/ip_fw2.c
==============================================================================
--- soc2014/dpl/netmap-ipfwjit/sys/netpfil/ipfw/ip_fw2.c Tue Aug 12 08:49:58 2014 (r272257)
+++ soc2014/dpl/netmap-ipfwjit/sys/netpfil/ipfw/ip_fw2.c Tue Aug 12 09:23:45 2014 (r272258)
@@ -406,259 +406,8 @@
proto = args->f_id.proto = 0; /* mark f_id invalid */
/* XXX 0 is a valid proto: IP/IPv6 Hop-by-Hop Option */
-/*
- * PULLUP_TO(len, p, T) makes sure that len + sizeof(T) is contiguous,
- * then it sets p to point at the offset "len" in the mbuf. WARNING: the
- * pointer might become stale after other pullups (but we never use it
- * this way).
- */
-#define PULLUP_TO(_len, p, T) PULLUP_LEN(_len, p, sizeof(T))
-#define PULLUP_LEN(_len, p, T) \
-do { \
- int x = (_len) + T; \
- if ((m)->m_len < x) { \
- args->m = m = m_pullup(m, x); \
- if (m == NULL) \
- goto pullup_failed; \
- } \
- p = (mtod(m, char *) + (_len)); \
-} while (0)
-
- /*
- * if we have an ether header,
- */
- if (args->eh)
- etype = ntohs(args->eh->ether_type);
-
- /* Identify IP packets and fill up variables. */
- if (pktlen >= sizeof(struct ip6_hdr) &&
- (args->eh == NULL || etype == ETHERTYPE_IPV6) && ip->ip_v == 6) {
- struct ip6_hdr *ip6 = (struct ip6_hdr *)ip;
- is_ipv6 = 1;
- args->f_id.addr_type = 6;
- hlen = sizeof(struct ip6_hdr);
- proto = ip6->ip6_nxt;
-
- /* Search extension headers to find upper layer protocols */
- while (ulp == NULL && offset == 0) {
- switch (proto) {
- case IPPROTO_ICMPV6:
- PULLUP_TO(hlen, ulp, struct icmp6_hdr);
- icmp6_type = ICMP6(ulp)->icmp6_type;
- break;
-
- case IPPROTO_TCP:
- PULLUP_TO(hlen, ulp, struct tcphdr);
- dst_port = TCP(ulp)->th_dport;
- src_port = TCP(ulp)->th_sport;
- /* save flags for dynamic rules */
- args->f_id._flags = TCP(ulp)->th_flags;
- break;
-
- case IPPROTO_SCTP:
- PULLUP_TO(hlen, ulp, struct sctphdr);
- src_port = SCTP(ulp)->src_port;
- dst_port = SCTP(ulp)->dest_port;
- break;
-
- case IPPROTO_UDP:
- PULLUP_TO(hlen, ulp, struct udphdr);
- dst_port = UDP(ulp)->uh_dport;
- src_port = UDP(ulp)->uh_sport;
- break;
-
- case IPPROTO_HOPOPTS: /* RFC 2460 */
- PULLUP_TO(hlen, ulp, struct ip6_hbh);
- ext_hd |= EXT_HOPOPTS;
- hlen += (((struct ip6_hbh *)ulp)->ip6h_len + 1) << 3;
- proto = ((struct ip6_hbh *)ulp)->ip6h_nxt;
- ulp = NULL;
- break;
-
- case IPPROTO_ROUTING: /* RFC 2460 */
- PULLUP_TO(hlen, ulp, struct ip6_rthdr);
- switch (((struct ip6_rthdr *)ulp)->ip6r_type) {
- case 0:
- ext_hd |= EXT_RTHDR0;
- break;
- case 2:
- ext_hd |= EXT_RTHDR2;
- break;
- default:
- if (V_fw_verbose)
- printf("IPFW2: IPV6 - Unknown "
- "Routing Header type(%d)\n",
- ((struct ip6_rthdr *)
- ulp)->ip6r_type);
- if (V_fw_deny_unknown_exthdrs)
- return (IP_FW_DENY);
- break;
- }
- ext_hd |= EXT_ROUTING;
- hlen += (((struct ip6_rthdr *)ulp)->ip6r_len + 1) << 3;
- proto = ((struct ip6_rthdr *)ulp)->ip6r_nxt;
- ulp = NULL;
- break;
-
- case IPPROTO_FRAGMENT: /* RFC 2460 */
- PULLUP_TO(hlen, ulp, struct ip6_frag);
- ext_hd |= EXT_FRAGMENT;
- hlen += sizeof (struct ip6_frag);
- proto = ((struct ip6_frag *)ulp)->ip6f_nxt;
- offset = ((struct ip6_frag *)ulp)->ip6f_offlg &
- IP6F_OFF_MASK;
- ip6f_mf = ((struct ip6_frag *)ulp)->ip6f_offlg &
- IP6F_MORE_FRAG;
- if (V_fw_permit_single_frag6 == 0 &&
- offset == 0 && ip6f_mf == 0) {
- if (V_fw_verbose)
- printf("IPFW2: IPV6 - Invalid "
- "Fragment Header\n");
- if (V_fw_deny_unknown_exthdrs)
- return (IP_FW_DENY);
- break;
- }
- args->f_id.extra =
- ntohl(((struct ip6_frag *)ulp)->ip6f_ident);
- ulp = NULL;
- break;
-
- case IPPROTO_DSTOPTS: /* RFC 2460 */
- PULLUP_TO(hlen, ulp, struct ip6_hbh);
- ext_hd |= EXT_DSTOPTS;
- hlen += (((struct ip6_hbh *)ulp)->ip6h_len + 1) << 3;
- proto = ((struct ip6_hbh *)ulp)->ip6h_nxt;
- ulp = NULL;
- break;
-
- case IPPROTO_AH: /* RFC 2402 */
- PULLUP_TO(hlen, ulp, struct ip6_ext);
- ext_hd |= EXT_AH;
- hlen += (((struct ip6_ext *)ulp)->ip6e_len + 2) << 2;
- proto = ((struct ip6_ext *)ulp)->ip6e_nxt;
- ulp = NULL;
- break;
-
- case IPPROTO_ESP: /* RFC 2406 */
- PULLUP_TO(hlen, ulp, uint32_t); /* SPI, Seq# */
- /* Anything past Seq# is variable length and
- * data past this ext. header is encrypted. */
- ext_hd |= EXT_ESP;
- break;
-
- case IPPROTO_NONE: /* RFC 2460 */
- /*
- * Packet ends here, and IPv6 header has
- * already been pulled up. If ip6e_len!=0
- * then octets must be ignored.
- */
- ulp = ip; /* non-NULL to get out of loop. */
- break;
-
- case IPPROTO_OSPFIGP:
- /* XXX OSPF header check? */
- PULLUP_TO(hlen, ulp, struct ip6_ext);
- break;
-
- case IPPROTO_PIM:
- /* XXX PIM header check? */
- PULLUP_TO(hlen, ulp, struct pim);
- break;
-
- case IPPROTO_CARP:
- PULLUP_TO(hlen, ulp, struct carp_header);
- if (((struct carp_header *)ulp)->carp_version !=
- CARP_VERSION)
- return (IP_FW_DENY);
- if (((struct carp_header *)ulp)->carp_type !=
- CARP_ADVERTISEMENT)
- return (IP_FW_DENY);
- break;
-
- case IPPROTO_IPV6: /* RFC 2893 */
- PULLUP_TO(hlen, ulp, struct ip6_hdr);
- break;
-
- case IPPROTO_IPV4: /* RFC 2893 */
- PULLUP_TO(hlen, ulp, struct ip);
- break;
-
- default:
- if (V_fw_verbose)
- printf("IPFW2: IPV6 - Unknown "
- "Extension Header(%d), ext_hd=%x\n",
- proto, ext_hd);
- if (V_fw_deny_unknown_exthdrs)
- return (IP_FW_DENY);
- PULLUP_TO(hlen, ulp, struct ip6_ext);
- break;
- } /*switch */
- }
- ip = mtod(m, struct ip *);
- ip6 = (struct ip6_hdr *)ip;
- args->f_id.src_ip6 = ip6->ip6_src;
- args->f_id.dst_ip6 = ip6->ip6_dst;
- args->f_id.src_ip = 0;
- args->f_id.dst_ip = 0;
- args->f_id.flow_id6 = ntohl(ip6->ip6_flow);
- } else if (pktlen >= sizeof(struct ip) &&
- (args->eh == NULL || etype == ETHERTYPE_IP) && ip->ip_v == 4) {
- is_ipv4 = 1;
- hlen = ip->ip_hl << 2;
- args->f_id.addr_type = 4;
-
- /*
- * Collect parameters into local variables for faster matching.
- */
- proto = ip->ip_p;
- src_ip = ip->ip_src;
- dst_ip = ip->ip_dst;
- offset = ntohs(ip->ip_off) & IP_OFFMASK;
- iplen = ntohs(ip->ip_len);
- pktlen = iplen < pktlen ? iplen : pktlen;
-
- if (offset == 0) {
- switch (proto) {
- case IPPROTO_TCP:
- PULLUP_TO(hlen, ulp, struct tcphdr);
- dst_port = TCP(ulp)->th_dport;
- src_port = TCP(ulp)->th_sport;
- /* save flags for dynamic rules */
- args->f_id._flags = TCP(ulp)->th_flags;
- break;
-
- case IPPROTO_SCTP:
- PULLUP_TO(hlen, ulp, struct sctphdr);
- src_port = SCTP(ulp)->src_port;
- dst_port = SCTP(ulp)->dest_port;
- break;
-
- case IPPROTO_UDP:
- PULLUP_TO(hlen, ulp, struct udphdr);
- dst_port = UDP(ulp)->uh_dport;
- src_port = UDP(ulp)->uh_sport;
- break;
-
- case IPPROTO_ICMP:
- PULLUP_TO(hlen, ulp, struct icmphdr);
- //args->f_id.flags = ICMP(ulp)->icmp_type;
- break;
-
- default:
- break;
- }
- }
-
- ip = mtod(m, struct ip *);
- args->f_id.src_ip = ntohl(src_ip.s_addr);
- args->f_id.dst_ip = ntohl(dst_ip.s_addr);
- }
-#undef PULLUP_TO
- if (proto) { /* we may have port numbers, store them */
- args->f_id.proto = proto;
- args->f_id.src_port = src_port = ntohs(src_port);
- args->f_id.dst_port = dst_port = ntohs(dst_port);
- }
+ // Fill in some variables.
+ inspect_pkt(args, ip, m, scr_ip, dst_ip, src_port, dst_port, &etype, &ext_hd, &iplen, &pktlen, &is_ipv4, &is_ipv6, &hlen, &proto, &icmp6_type, &ip6f_mf, &offset, &ulp);
IPFW_PF_RLOCK(chain);
if (! V_ipfw_vnet_ready) { /* shutting down, leave NOW. */
Modified: soc2014/dpl/netmap-ipfwjit/sys/netpfil/ipfw/jit.cc
==============================================================================
--- soc2014/dpl/netmap-ipfwjit/sys/netpfil/ipfw/jit.cc Tue Aug 12 08:49:58 2014 (r272257)
+++ soc2014/dpl/netmap-ipfwjit/sys/netpfil/ipfw/jit.cc Tue Aug 12 09:23:45 2014 (r272258)
@@ -281,7 +281,7 @@
irb.SetInsertPoint(entry);
// Get struct types, and store vars
setEnv(args, chain);
- // Emitting the code for each rule/action now->
+ // Create the code related to the pullup_failed Basic Block.
}
~ipfwJIT()
{
@@ -300,8 +300,8 @@
int
emit_lookpkt()
{
- // If it returns zero, we have to goto pullup_failed.
- irb.CreateCall(inspect_pkt);
+ // If it returns one, we have to goto pullup_failed.
+ CreateCondBr(CreateICmpEQ(irb.CreateCall(inspect_pkt), ConstantInt::get(int32Ty, 1)), pullup_failed, startiter);
return (0);
}
More information about the svn-soc-all
mailing list