socsvn commit: r272284 - soc2014/dpl/netmap-ipfwjit/sys/netpfil/ipfw

dpl at FreeBSD.org dpl at FreeBSD.org
Tue Aug 12 13:59:32 UTC 2014 

Author: dpl
Date: Tue Aug 12 13:59:30 2014
New Revision: 272284
URL: http://svnweb.FreeBSD.org/socsvn/?view=rev&rev=272284

Log:
  Corrected the NULL pointers, added a optimize function, and moved some of the code out of compile-time, to make our lifes easier.
  

Modified:
  soc2014/dpl/netmap-ipfwjit/sys/netpfil/ipfw/ip_fw2.c
  soc2014/dpl/netmap-ipfwjit/sys/netpfil/ipfw/jit.cc

Modified: soc2014/dpl/netmap-ipfwjit/sys/netpfil/ipfw/ip_fw2.c
==============================================================================
--- soc2014/dpl/netmap-ipfwjit/sys/netpfil/ipfw/ip_fw2.c	Tue Aug 12 12:45:30 2014	(r272283)
+++ soc2014/dpl/netmap-ipfwjit/sys/netpfil/ipfw/ip_fw2.c	Tue Aug 12 13:59:30 2014	(r272284)
@@ -266,6 +266,15 @@
 {
 	struct ip_fw_chain *chain = &V_layer3_chain;
 
+	/* Read comment below about this variable. */
+	struct mbuf *m = args->m;
+
+	if (m->m_flags & M_SKIP_FIREWALL || (! V_ipfw_vnet_ready))
+		return (IP_FW_PASS);	/* accept */
+
+	args->f_id.fib = M_GETFIB(m); /* note mbuf not altered) */
+
+
 	/* If we haven't, JIT-compile the actions to be executed per-rule */
 	if (compiledfuncptr == 0) {
 		IPFW_PF_RLOCK(chain);
@@ -302,7 +311,6 @@
 	 *	(Until we start using L3offset, the packet is
 	 *	supposed to start with the ip header).
 	 */
-	struct mbuf *m = args->m;
 	struct ip *ip = mtod(m, struct ip *);
 
 	/*
@@ -396,13 +404,9 @@
 
 	int done = 0;		/* flag to exit the outer loop */
 
-	if (m->m_flags & M_SKIP_FIREWALL || (! V_ipfw_vnet_ready))
-		return (IP_FW_PASS);	/* accept */
-
 	dst_ip.s_addr = 0;		/* make sure it is initialized */
 	src_ip.s_addr = 0;		/* make sure it is initialized */
 	pktlen = m->m_pkthdr.len;
-	args->f_id.fib = M_GETFIB(m); /* note mbuf not altered) */
 	proto = args->f_id.proto = 0;	/* mark f_id invalid */
 		/* XXX 0 is a valid proto: IP/IPv6 Hop-by-Hop Option */
 

Modified: soc2014/dpl/netmap-ipfwjit/sys/netpfil/ipfw/jit.cc
==============================================================================
--- soc2014/dpl/netmap-ipfwjit/sys/netpfil/ipfw/jit.cc	Tue Aug 12 12:45:30 2014	(r272283)
+++ soc2014/dpl/netmap-ipfwjit/sys/netpfil/ipfw/jit.cc	Tue Aug 12 13:59:30 2014	(r272284)
@@ -40,6 +40,9 @@
 	LLVMContext con;
 	OwningPtr<MemoryBuffer> buffer;
 	IRBuilder<> irb;
+
+	// We'll store the BasicBlock objects for each rule here.
+	int rule_number;
 	std::vector<BasicBlock*> blocks;
 
 	// Vars Types
@@ -51,7 +54,7 @@
 	// Basic blocks used
 	BasicBlock *entry;
 	BasicBlock *pullup_failed;
-	BasicBlock *startiter;
+	BasicBlock *startrules;
 
 	// JIT Compiled Vars
 	// Loop control.
@@ -77,7 +80,7 @@
 	Value *src_port; //unsigned
 	Value *dst_port; //unsigned
 	Value *src_ip;
-	Value *dest_ip;
+	Value *dst_ip;
 	Value *iplen; //unsigned
 	Value *pktlen;
 	Value *etype; //unsigned
@@ -114,7 +117,7 @@
 	Function *jump_fast;
 
 	// Not pkg-filtering related funcs.
-	Function *printf;
+	Function *printfFunc;
 
 	// Used structs.
 	StructType *ifnetTy;
@@ -190,18 +193,18 @@
 #endif /* __FreeBSD__ */
 
 		// Create Pointer to StructType types.
-		ipfw_dyn_rulePtrTy = PointerType::get(ipfw_dyn_ruleTy);
-		ifnetPtrTy = PointerType::get(ifnetTy);
-		in_addrPtrTy = PointerType::get(in_addrTy);
-		ipPtrTy = PointerType::get(ipTy);
-		ip_fw_argsPtrTy = PointerType::get(ip_fw_argsTy);
-		ip_fw_chainPtrTy = PointerType::get(ip_fw_chainTy);
-		ip_fwPtrTy = PointerType::get(ip_fwTy);
-		ip_fw_insnPtrTy = PointerType::get(_ip_fw_insnTy);
-		ipfw_insn_ifPtrTy = PointerType::get(_ipfw_insn_ifTy);
-		mbufPtrTy = PointerType::get(mbufTy);
+		ipfw_dyn_rulePtrTy = PointerType::get(ipfw_dyn_ruleTy, 0);
+		ifnetPtrTy = PointerType::get(ifnetTy, 0);
+		in_addrPtrTy = PointerType::get(in_addrTy, 0);
+		ipPtrTy = PointerType::get(ipTy, 0);
+		ip_fw_argsPtrTy = PointerType::get(ip_fw_argsTy, 0);
+		ip_fw_chainPtrTy = PointerType::get(ip_fw_chainTy, 0);
+		ip_fwPtrTy = PointerType::get(ip_fwTy, 0);
+		ip_fw_insnPtrTy = PointerType::get(ip_fw_insnTy, 0);
+		ipfw_insn_ifPtrTy = PointerType::get(ipfw_insn_ifTy, 0);
+		mbufPtrTy = PointerType::get(mbufTy, 0);
 #ifdef __FreeBSD__
-		ucredPtrTy = PointerType::get(ucredTy);
+		ucredPtrTy = PointerType::get(ucredTy, 0);
 #endif
 
 		// Allocate vars.
@@ -215,15 +218,16 @@
 		irb.CreateStore(ConstantInt::get(int32Ty, 0), retval);
 
 		m = irb.CreateAlloca(mbufPtrTy); // Init: args->m
-		// ip = mtod(m, struct ip *)
-		// #define	mtod(m, t)	((t)((m)->m_data))
+		// XXX m = args->m
+
 		ip = irb.CreateAlloca(ipPtrTy);
+		// XXX ip = (struct ip *)((m)->m_data);
 
 #ifdef __FreeBSD__
 		ucred = irb.CreateAlloca(ucredPtrTy); // Init: NULL if type ucred.
-		irb.CreateStore(ConstantPointerNull::get(null), ucred);
+		irb.CreateStore(ConstantPointerNull::get(ucredPtrTy), ucred);
 #else
-		ucred = irb.CreateAlloca(ucredTy); // Init: NULL if type ucred.
+		ucred = irb.CreateAlloca(ucredTy);
 #endif
 
 		ucred_lookup = irb.CreateAlloca(int32Ty);
@@ -241,6 +245,8 @@
 		irb.CreateStore(ConstantInt::get(int16Ty, 0), ip6f_mf);
 
 		proto = irb.CreateAlloca(int8Ty);
+		irb.CreateStore(ConstantInt::get(int8Ty, 0), proto);
+		// XXX proto = args->f_id.proto = 0
 
 		src_port = irb.CreateAlloca(int16Ty);
 		irb.CreateStore(ConstantInt::get(int16Ty, 0), src_port);
@@ -248,12 +254,16 @@
 		irb.CreateStore(ConstantInt::get(int16Ty, 0), dst_port);
 
 		src_ip = irb.CreateAlloca(in_addrTy);
-		dest_ip = irb.CreateAlloca(in_addrTy);
+		dst_ip = irb.CreateAlloca(in_addrTy);
+		// XXX
+		//dst_ip.s_addr = 0;
+		//src_ip.s_addr = 0;
 
 		iplen = irb.CreateAlloca(int16Ty);
 		irb.CreateStore(ConstantInt::get(int16Ty, 0), iplen);
 
 		pktlen = irb.CreateAlloca(int32Ty);
+		//XXX pktlen = m->m_pkthdr.len;
 
 		etype = irb.CreateAlloca(int16Ty);
 		irb.CreateStore(ConstantInt::get(int32Ty, 0), etype);
@@ -262,11 +272,11 @@
 		irb.CreateStore(ConstantInt::get(int32Ty, MATCH_UNKNOWN), dyn_dir);
 
 		q = irb.CreateAlloca(ipfw_dyn_rulePtrTy);
-		irb.CreateStore(ConstantPointerNull::get(null), q);
+		irb.CreateStore(ConstantPointerNull::get(ipfw_dyn_rulePtrTy), q);
 
 		// There are no (void *), we use i8*
-		ulp = irb.CreateAlloca(int8PtrTy); //Init: NULL
-		irb.CreateStore(ConstantPointerNull::get(null), ulp);
+		ulp = irb.CreateAlloca(int8PtrTy);
+		irb.CreateStore(ConstantPointerNull::get(int8PtrTy), ulp);
 
 		is_ipv4 = irb.CreateAlloca(int32Ty);
 		irb.CreateStore(ConstantInt::get(int32Ty, 0), is_ipv4);
@@ -300,14 +310,12 @@
 		check_uidgid = mod->getFunction("check_uidgid");
 		set_match = mod->getFunction("set_match");
 		jump_fast = mod->getFunction("jump_fast");
-
-		return (0);
 	}
 
 	void
 	emit_pullup_failed()
 	{
-		GlobalValue *is_verbose, *str;
+		Value *is_verbose, *str;
 		BasicBlock *print, *ret;
 
 		// VNET_DECLARE(int, fw_verbose);
@@ -320,14 +328,14 @@
 		// 	return (IP_FW_DENY);
 
 		irb.SetInsertPoint(pullup_failed);
-		is_verbose = mod.getGlobalVariable("fw_verbose");
+		is_verbose = mod->getGlobalVariable("fw_verbose");
 		str = irb.CreateGlobalString("ipfw: pullup failed\n");
 
 		// if (V_fw_verbose)
-		CreateCondBr(CreateICmpEQ(is_verbose, ConstantInt::get(int32Ty, 0)), ret, print);
+		irb.CreateCondBr(irb.CreateICmpEQ(is_verbose, ConstantInt::get(int32Ty, 0)), ret, print);
 		// printf("ipfw: pullup failed\n");
 		irb.SetInsertPoint(print);
-		irb.CreateCall(printf, str);
+		irb.CreateCall(printfFunc, str);
 		irb.CreateBr(ret);
 
 		// return (IP_FW_DENY);
@@ -344,12 +352,12 @@
 		func = mod->getFunction("ipfw_chk_jit");
 		func->setLinkage(GlobalValue::ExternalLinkage);
 
-		printf = mod->getFunction("printf");
+		printfFunc = mod->getFunction("printf");
 
 		// Create first BasicBlocks.
 		entry = BasicBlock::Create(con, "entry", func);
 		pullup_failed = BasicBlock::Create(con, "pullup_failed", func);
-		startiter = BasicBlock::Create(con, "startiter", func);
+		startrules = BasicBlock::Create(con, "startrules", func);
 
 		// Create the code related to the pullup_failed Basic Block.
 		emit_pullup_failed();
@@ -366,6 +374,12 @@
 			delete mod;
 	}
 
+	void
+	optimize()
+	{
+		return;
+	}
+
 	// Returns the pointer to the compiled function.
 	funcptr
 	getFuncPtr()
@@ -377,11 +391,13 @@
 	int
 	emit_lookpkt()
 	{
-		// If it returns one, we have to goto pullup_failed.
-		CreateCondBr(CreateICmpEQ(irb.CreateCall(inspect_pkt), ConstantInt::get(int32Ty, 1)), pullup_failed, startiter);
+		// If it returns one, goto pullup_failed.
+		// Else, goto starrules.
+		irb.CreateCondBr(irb.CreateICmpEQ(irb.CreateCall(inspect_pkt), ConstantInt::get(int32Ty, 1)), pullup_failed, startrules);
 		return (0);
 	}
 
+	// Rules
 	int
 	emit_nop()
 	{
@@ -638,9 +654,9 @@
 				comp.emit_ipsec();
 #endif
 				/* otherwise no match */
+/* XXX
 				break;
 
-/* XXX
 #ifdef INET6
 			case O_IP6_SRC:
 				comp.emit_ip6_src();
@@ -824,5 +840,6 @@
 	}		/* end of outer for, scan rules */
 
 	// Once we're done iterating through the rules, return the pointer.
+	comp.optimize();
 	return (comp.getFuncPtr());
 }

More information about the svn-soc-all mailing list