socsvn commit: r272369 - soc2014/dpl/netmap-ipfwjit/sys/netpfil/ipfw

Wed Aug 13 16:52:53 UTC 2014

Author: dpl
Date: Wed Aug 13 16:52:52 2014
New Revision: 272369
URL: http://svnweb.FreeBSD.org/socsvn/?view=rev&rev=272369

Log:
  Added emit_check_tag() function, which compiles stuff done before iterating the rules.

Modified:
  soc2014/dpl/netmap-ipfwjit/sys/netpfil/ipfw/ip_fw_rules.h
  soc2014/dpl/netmap-ipfwjit/sys/netpfil/ipfw/jit.cc

Modified: soc2014/dpl/netmap-ipfwjit/sys/netpfil/ipfw/ip_fw_rules.h
==============================================================================

--- soc2014/dpl/netmap-ipfwjit/sys/netpfil/ipfw/ip_fw_rules.h	Wed Aug 13 15:50:16 2014	(r272368)
+++ soc2014/dpl/netmap-ipfwjit/sys/netpfil/ipfw/ip_fw_rules.h	Wed Aug 13 16:52:52 2014	(r272369)
@@ -59,6 +59,7 @@
 
 // Functions used by JIT, external.
 int printf(const char * restrict format, ...);
+int ipfw_find_rule(struct ip_fw_chain *chain, uint32_t key, uint32_t id);
 
 static VNET_DEFINE(int, fw_deny_unknown_exthdrs);
 #define	V_fw_deny_unknown_exthdrs	VNET(fw_deny_unknown_exthdrs)

Modified: soc2014/dpl/netmap-ipfwjit/sys/netpfil/ipfw/jit.cc
==============================================================================
--- soc2014/dpl/netmap-ipfwjit/sys/netpfil/ipfw/jit.cc	Wed Aug 13 15:50:16 2014	(r272368)
+++ soc2014/dpl/netmap-ipfwjit/sys/netpfil/ipfw/jit.cc	Wed Aug 13 16:52:52 2014	(r272369)
@@ -102,6 +102,7 @@
 	Function *inspect_pkt;
 
 	// Auxiliary functions used by our JITed code.
+	// All this are used from our bitcode.
 	Function *is_icmp_query;
 	Function *flags_match;
 	Function *ipopts_match;
@@ -123,6 +124,7 @@
 
 	// Not pkg-filtering related funcs.
 	Function *printfFunc;
+	Function *ipfw_find_rule;
 
 	// Used structs.
 	StructType *ifnetTy;
@@ -172,7 +174,7 @@
 
 	// Create the needed variables to perform pkt filtering.
 	void
-	setEnv(struct ip_fw_args *args, struct ip_fw_chain *chain)
+	setEnv()
 	{
 		// Get function arguments.
 		// (struct ip_fw_args *, struct ip_fw_chain *)
@@ -245,6 +247,10 @@
 		check_uidgid = mod->getFunction("check_uidgid");
 		set_match = mod->getFunction("set_match");
 		jump_fast = mod->getFunction("jump_fast");
+
+		// Functions declared at bitcode.
+		printfFunc = mod->getFunction("printf");
+		ipfw_find_rule = mod->getFunction("ipfw_find_rule");
 	}
 
 	// Allocate and initialize vars.
@@ -371,6 +377,55 @@
 		irb.CreateRet(ConstantInt::get(int32Ty, IP_FW_DENY));
 	}
 
+	void
+	emit_check_tag()
+	{
+		BasicBlock *tagged, *nottagged;
+		BasicBlock *yes, *no;
+
+		// if (args->rule.slot) {
+		// 	/*
+		// 	 * Packet has already been tagged as a result of a previous
+		// 	 * match on rule args->rule aka args->rule_id (PIPE, QUEUE,
+		// 	 * REASS, NETGRAPH, DIVERT/TEE...)
+		// 	 * Validate the slot and continue from the next one
+		// 	 * if still present, otherwise do a lookup.
+		// 	 */
+		// 	f_pos = (args->rule.chain_id == chain->id) ?
+		// 		args->rule.slot :
+		// 		ipfw_find_rule(chain, args->rule.rulenum,
+		// 		args->rule.rule_id);
+		// } else {
+		// 	f_pos = 0;
+		// }
+
+		irb.SetInsertPoint(check_tag);
+
+		// if (args->rule.slot)
+		irb.CreateCondBr(irb.CreateICmpEQ(irb.CreateInBoundsGEP(argsptr, {ConstantInt::get(int32Ty, 4),ConstantInt::get(int32Ty, 0)}), ConstantInt::get(int32Ty, 0)), nottagged, tagged);
+		// if (args->rule.chain_id == chain->id)
+		irb.SetInsertPoint(tagged);
+		irb.CreateCondBr(irb.CreateICmpEQ(irb.CreateInBoundsGEP(argsptr, {ConstantInt::get(int32Ty, 4), ConstantInt::get(int32Ty, 3)}), irb.CreateInBoundsGEP(chainptr, ConstantInt::get(int32Ty, 12))), yes, no);
+
+		// f_pos = args->rule.slot;
+		irb.SetInsertPoint(yes);
+		irb.CreateStore(irb.CreateInBoundsGEP(argsptr, {ConstantInt::get(int32Ty, 4),ConstantInt::get(int32Ty, 0)}), f_pos);
+		irb.CreateBr(nottagged);
+
+		// else fpos = ipfw_find_rule(chain, args->rule.rulenum, args->rule.rule_id)
+		irb.SetInsertPoint(no);
+		irb.CreateStore(irb.CreateCall3(ipfw_find_rule, chainptr, irb.CreateInBoundsGEP(argsptr, {ConstantInt::get(int32Ty, 4), ConstantInt::get(int32Ty, 1)}), irb.CreateInBoundsGEP(argsptr, {ConstantInt::get(int32Ty, 4), ConstantInt::get(int32Ty, 2)})), f_pos);
+
+		// Branch to nottagged because it
+		// only finishes the check_tag BasicBlock.
+		irb.CreateBr(nottagged);
+
+		// else f_pos = 0;
+		// Since f_pos is initialized by default as 0, we only br.
+		irb.SetInsertPoint(nottagged);
+		irb.CreateBr(startrules);
+	}
+
 	public:
 	ipfwJIT(struct ip_fw_args *args, struct ip_fw_chain *chain): irb(con)
 	{
@@ -380,8 +435,6 @@
 		func = mod->getFunction("ipfw_chk_jit");
 		func->setLinkage(GlobalValue::ExternalLinkage);
 
-		printfFunc = mod->getFunction("printf");
-
 		// Create statics BasicBlocks.
 		entry = BasicBlock::Create(con, "entry", func);
 		pullup_failed = BasicBlock::Create(con, "pullup_failed", func);
