socsvn commit: r270641 - in soc2014/dpl: netmap-ipfw netmap-ipfw/extra netmap-ipfw/extra/sys netmap-ipfw/extra/sys/contrib netmap-ipfw/extra/sys/contrib/pf netmap-ipfw/extra/sys/contrib/pf/net netm...
dpl at FreeBSD.org
dpl at FreeBSD.org
Wed Jul 9 08:52:15 UTC 2014
Author: dpl
Date: Wed Jul 9 08:52:11 2014
New Revision: 270641
URL: http://svnweb.FreeBSD.org/socsvn/?view=rev&rev=270641
Log:
Updated netmap-ipfw to latest version.
Added:
soc2014/dpl/netmap-ipfw/
soc2014/dpl/netmap-ipfw/BSDmakefile
soc2014/dpl/netmap-ipfw/Makefile
soc2014/dpl/netmap-ipfw/Makefile.inc
soc2014/dpl/netmap-ipfw/Makefile.kipfw
soc2014/dpl/netmap-ipfw/README
soc2014/dpl/netmap-ipfw/extra/
soc2014/dpl/netmap-ipfw/extra/expand_number.c
soc2014/dpl/netmap-ipfw/extra/glue.c
soc2014/dpl/netmap-ipfw/extra/glue.h
soc2014/dpl/netmap-ipfw/extra/humanize_number.c
soc2014/dpl/netmap-ipfw/extra/ipfw2_mod.c
soc2014/dpl/netmap-ipfw/extra/linux_defs.h
soc2014/dpl/netmap-ipfw/extra/missing.c
soc2014/dpl/netmap-ipfw/extra/missing.h
soc2014/dpl/netmap-ipfw/extra/netmap_io.c
soc2014/dpl/netmap-ipfw/extra/session.c
soc2014/dpl/netmap-ipfw/extra/sys/
soc2014/dpl/netmap-ipfw/extra/sys/contrib/
soc2014/dpl/netmap-ipfw/extra/sys/contrib/pf/
soc2014/dpl/netmap-ipfw/extra/sys/contrib/pf/net/
soc2014/dpl/netmap-ipfw/extra/sys/contrib/pf/net/pfvar.h
soc2014/dpl/netmap-ipfw/extra/sys/sys/
soc2014/dpl/netmap-ipfw/extra/sys/sys/kernel.h
soc2014/dpl/netmap-ipfw/extra/sys/sys/malloc.h
soc2014/dpl/netmap-ipfw/extra/sys/sys/mbuf.h
soc2014/dpl/netmap-ipfw/extra/sys/sys/module.h
soc2014/dpl/netmap-ipfw/extra/sys/sys/systm.h
soc2014/dpl/netmap-ipfw/extra/sys/sys/taskqueue.h
soc2014/dpl/netmap-ipfw/ipfw/
soc2014/dpl/netmap-ipfw/ipfw/Makefile
soc2014/dpl/netmap-ipfw/ipfw/altq.c
soc2014/dpl/netmap-ipfw/ipfw/dummynet.c
soc2014/dpl/netmap-ipfw/ipfw/ipfw2.c
soc2014/dpl/netmap-ipfw/ipfw/ipfw2.h
soc2014/dpl/netmap-ipfw/ipfw/ipv6.c
soc2014/dpl/netmap-ipfw/ipfw/main.c
soc2014/dpl/netmap-ipfw/ipfw/nat.c
soc2014/dpl/netmap-ipfw/sys/
soc2014/dpl/netmap-ipfw/sys/net/
soc2014/dpl/netmap-ipfw/sys/net/pfil.h
soc2014/dpl/netmap-ipfw/sys/net/radix.c
soc2014/dpl/netmap-ipfw/sys/net/radix.h
soc2014/dpl/netmap-ipfw/sys/netgraph/
soc2014/dpl/netmap-ipfw/sys/netgraph/ng_ipfw.h
soc2014/dpl/netmap-ipfw/sys/netinet/
soc2014/dpl/netmap-ipfw/sys/netinet/in_cksum.c
soc2014/dpl/netmap-ipfw/sys/netinet/ip_dummynet.h
soc2014/dpl/netmap-ipfw/sys/netinet/ip_fw.h
soc2014/dpl/netmap-ipfw/sys/netinet/tcp.h
soc2014/dpl/netmap-ipfw/sys/netinet/udp.h
soc2014/dpl/netmap-ipfw/sys/netpfil/
soc2014/dpl/netmap-ipfw/sys/netpfil/ipfw/
soc2014/dpl/netmap-ipfw/sys/netpfil/ipfw/dn_heap.c
soc2014/dpl/netmap-ipfw/sys/netpfil/ipfw/dn_heap.h
soc2014/dpl/netmap-ipfw/sys/netpfil/ipfw/dn_sched.h
soc2014/dpl/netmap-ipfw/sys/netpfil/ipfw/dn_sched_fifo.c
soc2014/dpl/netmap-ipfw/sys/netpfil/ipfw/dn_sched_prio.c
soc2014/dpl/netmap-ipfw/sys/netpfil/ipfw/dn_sched_qfq.c
soc2014/dpl/netmap-ipfw/sys/netpfil/ipfw/dn_sched_rr.c
soc2014/dpl/netmap-ipfw/sys/netpfil/ipfw/dn_sched_wf2q.c
soc2014/dpl/netmap-ipfw/sys/netpfil/ipfw/ip_dn_glue.c
soc2014/dpl/netmap-ipfw/sys/netpfil/ipfw/ip_dn_io.c
soc2014/dpl/netmap-ipfw/sys/netpfil/ipfw/ip_dn_private.h
soc2014/dpl/netmap-ipfw/sys/netpfil/ipfw/ip_dummynet.c
soc2014/dpl/netmap-ipfw/sys/netpfil/ipfw/ip_fw2.c
soc2014/dpl/netmap-ipfw/sys/netpfil/ipfw/ip_fw_dynamic.c
soc2014/dpl/netmap-ipfw/sys/netpfil/ipfw/ip_fw_log.c
soc2014/dpl/netmap-ipfw/sys/netpfil/ipfw/ip_fw_pfil.c
soc2014/dpl/netmap-ipfw/sys/netpfil/ipfw/ip_fw_private.h
soc2014/dpl/netmap-ipfw/sys/netpfil/ipfw/ip_fw_sockopt.c
soc2014/dpl/netmap-ipfw/sys/netpfil/ipfw/ip_fw_table.c
Modified:
soc2014/dpl/netmap-ipfwjit/BSDmakefile
soc2014/dpl/netmap-ipfwjit/Makefile.kipfw
soc2014/dpl/netmap-ipfwjit/extra/glue.c
soc2014/dpl/netmap-ipfwjit/extra/netmap_io.c
soc2014/dpl/netmap-ipfwjit/extra/session.c
soc2014/dpl/netmap-ipfwjit/extra/sys/sys/mbuf.h
soc2014/dpl/netmap-ipfwjit/sys/netpfil/ipfw/ip_fw_dynamic.c
soc2014/dpl/netmap-ipfwjit/sys/netpfil/ipfw/ip_fw_table.c
Added: soc2014/dpl/netmap-ipfw/BSDmakefile
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ soc2014/dpl/netmap-ipfw/BSDmakefile Wed Jul 9 08:52:11 2014 (r270641)
@@ -0,0 +1,8 @@
+# forward to use gmake
+.PHONY: ipfw kipfw
+
+all:
+ gmake
+
+$(.TARGETS) :
+ gmake MAKE=gmake $(.TARGETS)
Added: soc2014/dpl/netmap-ipfw/Makefile
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ soc2014/dpl/netmap-ipfw/Makefile Wed Jul 9 08:52:11 2014 (r270641)
@@ -0,0 +1,37 @@
+#
+# This is a gnu makefile to build ipfw in userspace.
+# Usage:
+#
+# make NETMAP_INC=/some/place/with/netmap-release/sys
+#
+# build with make NETMAP_INC=/place/with/netmap/sys
+
+SUBDIRS= ipfw dummynet
+.PHONY: ipfw kipfw
+
+include Makefile.inc
+all: ipfw kipfw
+
+ipfw: $(OBJDIR)
+ $(MSG) Building userspace ...
+ @(cd ipfw && $(MAKE) $(MAKECMDGOALS) )
+
+$(OBJDIR):
+ - at mkdir $(OBJDIR)
+
+kipfw: $(OBJDIR)
+ $(MSG) Building datapath ...
+ @(cd $(OBJDIR) && $(MAKE) -f ../Makefile.kipfw && cp kipfw ..)
+
+clean:
+ - at rm -rf $(OBJDIR) kipfw
+ @(cd ipfw && $(MAKE) clean )
+
+tgz:
+ @$(MAKE) clean
+ (cd ..; tar cvzf /tmp/ipfw-user.tgz --exclude .svn ipfw-user)
+
+# compute diffs wrt FreeBSD head tree in BSD_HEAD
+diffs:
+ - at diff -urp --exclude Makefile $(BSD_HEAD)/sbin/ipfw ipfw
+ - at diff -urp --exclude Makefile $(BSD_HEAD)/sys sys
Added: soc2014/dpl/netmap-ipfw/Makefile.inc
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ soc2014/dpl/netmap-ipfw/Makefile.inc Wed Jul 9 08:52:11 2014 (r270641)
@@ -0,0 +1,28 @@
+#
+# this is a gnu makefile
+
+BSD_HEAD ?= /home/luigi/FreeBSD/head
+NETMAP_INC ?= ../netmap-release/sys
+
+OBJDIR=objs
+OSARCH := $(shell uname)
+OSARCH := $(findstring $(OSARCH),FreeBSD Linux Darwin)
+ifeq ($(OSARCH),)
+ OSARCH := Windows
+endif
+
+ifeq ($V,) # no echo
+ MSG=@echo
+ HIDE=@
+else
+ MSG=@\#
+ HIDE=
+endif
+
+# ipfw and kipfw are built in subdirs so the paths for
+# headers refer to one directory up
+INCDIRS += -I ../$(OBJDIR)/include_e -DEMULATE_SYSCTL
+INCDIRS += -I ../sys -I ../extra/sys -I ../extra/sys/contrib/pf
+.c.o:
+ $(MSG) " CC $<"
+ $(HIDE) $(CC) $(CFLAGS) -c $< -o $@
Added: soc2014/dpl/netmap-ipfw/Makefile.kipfw
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ soc2014/dpl/netmap-ipfw/Makefile.kipfw Wed Jul 9 08:52:11 2014 (r270641)
@@ -0,0 +1,166 @@
+# gnu Makefile to build a userland version of the
+# kernel code for ipfw+dummynet
+#
+# The kernel code is compiled with appropriate flags to make
+# it see a kernel-like environment.
+# The userland emulation code is compiler with regular flags.
+
+# M is the current directory, used in recursive builds
+# so we allow it to be overridden
+include ../Makefile.inc
+VPATH = ../extra:../sys/netpfil/ipfw:../sys/netinet:../sys/net
+M ?= $(shell pwd)
+OBJPATH = $(M)/../$(OBJDIR)
+
+ifeq ($(OSARCH),Darwin)
+ CFLAGS2 += -D__BSD_VISIBLE
+ EFILES_. += libutil.h
+ EFILES_sys += condvar.h priv.h _lock.h rmlock.h
+ EFILES_machine += in_cksum.h
+ EFILES_netinet += ip_carp.h pim.h sctp.h
+ EFILES_net += netisr.h vnet.h
+endif
+
+ifeq ($(OSARCH),Linux)
+ CFLAGS2 += -D__BSD_VISIBLE
+ CFLAGS2 += -include ../extra/linux_defs.h
+ CFLAGS2 += -Wno-unused-but-set-variable
+ EFILES_. += libutil.h
+ EFILES_sys += condvar.h priv.h _lock.h rmlock.h
+ EFILES_sys += lock.h ucred.h # taskqueue.h
+ EFILES_sys += sockio.h
+ EFILES_sys += cpuset.h
+ EFILES_machine += in_cksum.h
+ EFILES_netinet += in_pcb.h ip_carp.h pim.h sctp.h tcp_var.h
+ EFILES_net += if_types.h bpf.h netisr.h vnet.h
+ EFILES_linux += module.h
+endif
+
+ifeq ($(OSARCH),Windows)
+ CFLAGS2 += -D__BSD_VISIBLE
+# CFLAGS2 += -include ../extra/linux_defs.h
+ CFLAGS2 += -Wno-unused-but-set-variable
+# EFILES_. += libutil.h
+# EFILES_sys += condvar.h priv.h _lock.h rmlock.h
+# EFILES_sys += lock.h ucred.h # taskqueue.h
+# EFILES_sys += sockio.h
+# EFILES_machine += in_cksum.h
+# EFILES_netinet += in_pcb.h ip_carp.h pim.h sctp.h tcp_var.h
+# EFILES_net += if_types.h bpf.h netisr.h vnet.h
+# EFILES_linux += module.h
+ EFILES_sys += sockio.h
+ EFILES_net += ethernet.h
+ EFILES_sys += condvar.h priv.h socketvar.h ucred.h
+ EFILES_net += vnet.h
+ EFILES_netinet += in_pcb.h ip_carp.h pim.h sctp.h tcp_var.h
+endif
+
+NETMAP_FLAGS = -DWITH_NETMAP -I$(NETMAP_INC)
+
+E_CFLAGS += $(INCDIRS)
+E_CFLAGS += -include $(M)/../extra/glue.h # headers
+E_CFLAGS += -include $(M)/../extra/missing.h # headers
+E_CFLAGS += -O2 -Wall -Werror -fno-strict-aliasing
+E_CFLAGS += -g
+E_CFLAGS += -DKERNEL_SIDE # build the kernel side of the firewall
+E_CFLAGS += -DUSERSPACE # communicate through userspace
+E_CFLAGS += $(EFLAGS) $(NETMAP_FLAGS)
+E_CFLAGS += -DINET
+E_CFLAGS += -DIPFIREWALL_DEFAULT_TO_ACCEPT
+E_CFLAGS += -D_BSD_SOURCE
+# many of the kernel headers need _KERNEL
+E_CFLAGS += -D_KERNEL
+E_CFLAGS += $(CFLAGS2)
+
+#ipfw + dummynet section, other parts are not compiled in
+SRCS_IPFW = ip_fw2.c ip_fw_pfil.c ip_fw_sockopt.c
+SRCS_IPFW += ip_fw_dynamic.c ip_fw_table.c
+SRCS_IPFW += ip_fw_log.c
+SRCS_IPFW += ip_dummynet.c ip_dn_io.c ip_dn_glue.c
+SRCS_IPFW += dn_heap.c
+SRCS_IPFW += dn_sched_fifo.c dn_sched_wf2q.c
+SRCS_IPFW += dn_sched_rr.c dn_sched_qfq.c
+SRCS_IPFW += dn_sched_prio.c
+SRCS_NET = radix.c
+SRCS_NETINET = in_cksum.c
+# Module glue and functions missing in linux
+IPFW_SRCS = $(SRCS_IPFW) $(SRCS_NET) $(SRCS_NETINET)
+IPFW_SRCS += ipfw2_mod.c # bsd_compat.c
+
+IPFW_SRCS += missing.c session.c netmap_io.c
+IPFW_CFLAGS= -DINET
+
+E_CFLAGS += -Dradix
+MOD := kipfw
+
+LIBS= -lpthread
+CFLAGS = $(E_CFLAGS)
+
+IPFW_OBJS= $(IPFW_SRCS:%.c=%.o)
+
+all: include_e $(MOD)
+
+# entries to create empty files
+EFILES_. += opt_inet.h opt_ipsec.h opt_ipdivert.h
+EFILES_. += opt_inet6.h opt_ipfw.h opt_mpath.h
+EFILES_. += opt_mbuf_stress_test.h opt_param.h
+EFILES_. += timeconv.h
+
+EFILES_altq += if_altq.h
+
+EFILES_net += if_var.h route.h if_clone.h
+EFILES_netpfil/pf += pf_mtag.h
+EFILES_netinet += in_var.h ip_var.h udp_var.h
+EFILES_netinet6 += ip6_var.h
+EFILES_sys += proc.h sockopt.h sysctl.h
+# new
+EFILES_sys += mutex.h _mutex.h _rwlock.h rwlock.h
+EFILES_sys += eventhandler.h
+EFILES_sys += jail.h ktr.h
+
+#EFILES += sys/_lock.h sys/_rwlock.h sys/rwlock.h sys/rmlock.h sys/_mutex.h sys/mutex.h
+#EFILES += sys/condvar.h sys/eventhandler.h # sys/domain.h
+#EFILES += sys/limits.h sys/lock.h sys/mutex.h sys/priv.h
+#EFILES += sys/proc.h sys/rwlock.h sys/socket.h sys/socketvar.h
+#EFILES += sys/sysctl.h sys/time.h sys/ucred.h
+
+
+#EFILES += vm/uma_int.h vm/vm_int.h vm/uma_dbg.h
+#EFILES += vm/vm_dbg.h vm/vm_page.h vm/vm.h
+#EFILES += sys/rwlock.h sys/sysctl.h
+
+# first make a list of directories from variable names
+EDIRS= $(subst EFILES_,,$(filter EFILES_%,$(.VARIABLES)))
+# then prepend the directory name to individual files.
+# $(empty) serves to interpret the following space literally,
+# and the ": = " substitution packs spaces into one.
+EFILES = $(foreach i,$(EDIRS),$(subst $(empty) , $(i)/, $(EFILES_$(i): = )))
+
+include_e:
+ - at echo "Building $(OBJPATH)/include_e ..."
+ -$(HIDE) rm -rf $(OBJPATH)/include_e opt_*
+ -$(HIDE) mkdir -p $(OBJPATH)/include_e
+ -$(HIDE) (cd $(OBJPATH)/include_e; mkdir -p $(EDIRS); touch $(EFILES) )
+
+
+$(IPFW_OBJS) : ../extra/glue.h
+
+ip_fw2.o ip_dummynet.o: # EFLAGS= -include missing.h
+
+radix.o:# CFLAGS += -U_KERNEL
+
+# session.o: CFLAGS = -O2
+nm_util.o: CFLAGS = -O2 -Wall -Werror $(NETMAP_FLAGS)
+
+$(MOD): $(IPFW_OBJS)
+ $(MSG) " LD $@"
+ $(HIDE)$(CC) -o $@ $^ $(LIBS)
+
+clean:
+ -rm -f *.o $(DN) $(MOD)
+ -rm -rf include_e
+
+diff:
+ @-(for i in $(SRCS_IPFW) ; do diff -ubw $(BSD_HEAD)/sys/netpfil/ipfw/$$i .; done)
+ @-(for i in $(SRCS_NET) ; do diff -ubw $(BSD_HEAD)/sys/net/$$i . ; done)
+ @-(for i in $(SRCS_NETINET) ; do diff -ubw $(BSD_HEAD)/sys/netinet/$$i .; done)
Added: soc2014/dpl/netmap-ipfw/README
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ soc2014/dpl/netmap-ipfw/README Wed Jul 9 08:52:11 2014 (r270641)
@@ -0,0 +1,76 @@
+# README FILE FOR IPFW-USER ON TOP OF NETMAP
+
+This directory contains a version of ipfw and dummynet that can
+run in userland, using NETMAP as the backend for packet I/O.
+This permits a throughput about 10 times higher than the
+corresponding in-kernel version. I have measured about 6.5 Mpps
+for plain filtering, and 2.2 Mpps going through a pipe.
+Some optimizations are possible when running on netmap pipes,
+or other netmap ports that support zero copy.
+
+To build the code simply run
+ make NETMAP_INC=/some/where/with/netmap-release/sys
+
+pointing to the netmap 'sys' directory
+(the makefile uses gmake underneath)
+
+The base version comes from FreeBSD-HEAD -r '{2012-08-03}'
+(and subsequently updated in late 2013)
+with small modifications listed below
+
+ netinet/ipfw
+ ip_dn_io.c
+ support for on-stack mbufs
+ ip_fw2.c
+ some conditional compilation for functions not
+ available in userspace
+ ip_fw_log.c
+ revise snprintf, SNPARGS (MAC)
+
+
+sbin/ipfw and the kernel counterpart communicate throuugh a
+TCP socket (localhost:5555) carrying the raw data that would
+normally be carried on seg/getsockopt.
+
+For testing purposes, opening a telnet session to port 5556 and
+typing some bytes will start a fake 'infinite source' so you can
+check how fast your ruleset works.
+
+ gmake
+ dummynet/ipfw & # preferably in another window
+ telnet localhost 5556 # type some bytes to start 'traffic'
+
+ sh -c "while true; do ipfw/ipfw show; ipfw/ipfw zero; sleep 1; done"
+
+(on an i7-3400 I get about 15 Mpps)
+
+Real packet I/O is possible using netmap info.iet.unipi.it/~luigi/netmap/
+You can use a couple of VALE switches (part of netmap) to connect
+a source and sink to the userspace firewall, as follows
+
+ s f f d
+ [pkt-gen]-->--[valeA]-->--[kipfw]-->--[valeB]-->--[pkt-gen]
+
+The commands to run (in separate windows) are
+
+ # preliminarly, load the netmap module
+ sudo kldload netmap.ko
+
+ # connect the firewall to two vale switches
+ ./kipfw valeA:f valeB:f &
+
+ # configure ipfw/dummynet
+ ipfw/ipfw show # or other
+
+ # start the sink
+ pkt-gen -i valeB:d -f rx
+
+ # start an infinite source
+ pkt-gen -i valeA:s -f tx
+
+ # plain again with the firewall and enjoy
+ ipfw/ipfw show # or other
+
+On my i7-3400 I get about 6.5 Mpps with a single rule, and about 2.2 Mpps
+when going through a dummynet pipe. This is for a single process handling
+the traffic.
Added: soc2014/dpl/netmap-ipfw/extra/expand_number.c
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ soc2014/dpl/netmap-ipfw/extra/expand_number.c Wed Jul 9 08:52:11 2014 (r270641)
@@ -0,0 +1,101 @@
+/*-
+ * Copyright (c) 2007 Eric Anderson <anderson at FreeBSD.org>
+ * Copyright (c) 2007 Pawel Jakub Dawidek <pjd at FreeBSD.org>
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include <sys/cdefs.h>
+__FBSDID("$FreeBSD: head/lib/libutil/expand_number.c 211343 2010-08-15 18:32:06Z des $");
+
+#include <sys/types.h>
+#include <ctype.h>
+#include <errno.h>
+#include <inttypes.h>
+//#include <libutil.h>
+#include <stdint.h>
+
+/*
+ * Convert an expression of the following forms to a uint64_t.
+ * 1) A positive decimal number.
+ * 2) A positive decimal number followed by a 'b' or 'B' (mult by 1).
+ * 3) A positive decimal number followed by a 'k' or 'K' (mult by 1 << 10).
+ * 4) A positive decimal number followed by a 'm' or 'M' (mult by 1 << 20).
+ * 5) A positive decimal number followed by a 'g' or 'G' (mult by 1 << 30).
+ * 6) A positive decimal number followed by a 't' or 'T' (mult by 1 << 40).
+ * 7) A positive decimal number followed by a 'p' or 'P' (mult by 1 << 50).
+ * 8) A positive decimal number followed by a 'e' or 'E' (mult by 1 << 60).
+ */
+int
+expand_number(const char *buf, uint64_t *num)
+{
+ uint64_t number;
+ unsigned shift;
+ char *endptr;
+
+ number = strtoumax(buf, &endptr, 0);
+
+ if (endptr == buf) {
+ /* No valid digits. */
+ errno = EINVAL;
+ return (-1);
+ }
+
+ switch (tolower((unsigned char)*endptr)) {
+ case 'e':
+ shift = 60;
+ break;
+ case 'p':
+ shift = 50;
+ break;
+ case 't':
+ shift = 40;
+ break;
+ case 'g':
+ shift = 30;
+ break;
+ case 'm':
+ shift = 20;
+ break;
+ case 'k':
+ shift = 10;
+ break;
+ case 'b':
+ case '\0': /* No unit. */
+ *num = number;
+ return (0);
+ default:
+ /* Unrecognized unit. */
+ errno = EINVAL;
+ return (-1);
+ }
+
+ if ((number << shift) >> shift != number) {
+ /* Overflow */
+ errno = ERANGE;
+ return (-1);
+ }
+
+ *num = number << shift;
+ return (0);
+}
Added: soc2014/dpl/netmap-ipfw/extra/glue.c
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ soc2014/dpl/netmap-ipfw/extra/glue.c Wed Jul 9 08:52:11 2014 (r270641)
@@ -0,0 +1,540 @@
+/*
+ * Userland functions missing in linux
+ * taken from /usr/src/lib/libc/stdtime/time32.c
+ */
+
+#include <stdlib.h>
+#include <stdio.h>
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <netinet/in.h> /* sockaddr_in */
+#include <sys/uio.h>
+#include <unistd.h> /* uint* types */
+#include <errno.h>
+#include <string.h> /* bzero */
+#include <arpa/inet.h> /* htonl */
+
+#ifndef HAVE_NAT
+/* dummy nat functions */
+void
+ipfw_show_nat(int ac, char **av)
+{
+ D("unsupported");
+}
+
+void
+ipfw_config_nat(int ac, char **av)
+{
+ D("unsupported");
+}
+#endif /* HAVE_NAT */
+
+#ifdef NEED_STRTONUM
+/* missing in linux and windows */
+long long int
+strtonum(const char *nptr, long long minval, long long maxval,
+ const char **errstr)
+{
+ long long ret;
+ int errno_c = errno; /* save actual errno */
+
+ errno = 0;
+#ifdef TCC
+ ret = strtol(nptr, (char **)errstr, 0);
+#else
+ ret = strtoll(nptr, (char **)errstr, 0);
+#endif
+ /* We accept only a string that represent exactly a number (ie. start
+ * and end with a digit).
+ * FreeBSD version wants errstr==NULL if no error occurs, otherwise
+ * errstr should point to an error string.
+ * For our purspose, we implement only the invalid error, ranges
+ * error aren't checked
+ */
+ if (errno != 0 || nptr == *errstr || **errstr != '\0')
+ *errstr = "invalid";
+ else {
+ *errstr = NULL;
+ errno = errno_c;
+ }
+ return ret;
+}
+
+int
+ishexnumber(int c)
+{
+ return ((c >= '0' && c <= '9') ||
+ (c >= 'a' && c <= 'f') ||
+ (c >= 'A' && c <= 'F') );
+}
+
+#endif /* NEED_STRTONUM */
+
+#ifdef __linux__
+
+
+int optreset; /* missing in linux */
+
+/*
+ * not implemented in linux.
+ * taken from /usr/src/lib/libc/string/strlcpy.c
+ */
+size_t
+strlcpy(dst, src, siz)
+ char *dst;
+ const char *src;
+ size_t siz;
+{
+ char *d = dst;
+ const char *s = src;
+ size_t n = siz;
+
+ /* Copy as many bytes as will fit */
+ if (n != 0 && --n != 0) {
+ do {
+ if ((*d++ = *s++) == 0)
+ break;
+ } while (--n != 0);
+ }
+
+ /* Not enough room in dst, add NUL and traverse rest of src */
+ if (n == 0) {
+ if (siz != 0)
+ *d = '\0'; /* NUL-terminate dst */
+ while (*s++)
+ ;
+ }
+
+ return(s - src - 1); /* count does not include NUL */
+}
+
+
+#endif /* __linux__ */
+
+
+#if defined (EMULATE_SYSCTL)
+//XXX missing prerequisites
+#include <net/if.h> //openwrt
+#include <netinet/ip.h> //openwrt
+#include <netinet/ip_fw.h>
+#include <netinet/ip_dummynet.h>
+int do_cmd(int optname, void *optval, uintptr_t optlen);
+#endif /* EMULATE_SYSCTL */
+
+/*
+ * set or get system information
+ * XXX lock acquisition/serialize calls
+ *
+ * we export this as sys/module/ipfw_mod/parameters/___
+ * This function get or/and set the value of the sysctl passed by
+ * the name parameter. If the old value is not desired,
+ * oldp and oldlenp should be set to NULL.
+ *
+ * XXX
+ * I do not know how this works in FreeBSD in the case
+ * where there are no write permission on the sysctl var.
+ * We read the value and set return variables in any way
+ * but returns -1 on write failures, regardless the
+ * read success.
+ *
+ * Since there is no information on types, in the following
+ * code we assume a length of 4 is a int.
+ *
+ * Returns 0 on success, -1 on errors.
+ */
+int
+sysctlbyname(const char *name, void *oldp, size_t *oldlenp, void *newp,
+ size_t newlen)
+{
+#if defined (EMULATE_SYSCTL)
+ /*
+ * we embed the sysctl request in the usual sockopt mechanics.
+ * the sockopt buffer il filled with a dn_id with IP_DUMMYNET3
+ * command, and the special DN_SYSCTL_GET and DN_SYSCTL_SET
+ * subcommands.
+ * the syntax of this function is fully compatible with
+ * POSIX sysctlby name:
+ * if newp and newlen are != 0 => this is a set
+ * else if oldp and oldlen are != 0 => this is a get
+ * to avoid too much overhead in the module, the whole
+ * sysctltable is returned, and the parsing is done in userland,
+ * a probe request is done to retrieve the size needed to
+ * transfer the table, before the real request
+ * if both old and new params = 0 => this is a print
+ * this is a special request, done only by main()
+ * to implement the extension './ipfw sysctl',
+ * a command that bypasses the normal getopt, and that
+ * is available on those platforms that use this
+ * sysctl emulation.
+ * in this case, a negative oldlen signals that *oldp
+ * is actually a FILE* to print somewhere else than stdout
+ */
+
+ int l;
+ int ret;
+ struct dn_id* oid;
+ struct sysctlhead* entry;
+ char* pstring;
+ char* pdata;
+ FILE* fp;
+
+ if((oldlenp != NULL) && ((int)*oldlenp < 0))
+ fp = (FILE*)oldp;
+ else
+ fp = stdout;
+ if(newp != NULL && newlen != 0)
+ {
+ //this is a set
+ l = sizeof(struct dn_id) + sizeof(struct sysctlhead) + strlen(name)+1 + newlen;
+ oid = malloc(l);
+ if (oid == NULL)
+ return -1;
+ oid->len = l;
+ oid->type = DN_SYSCTL_SET;
+ oid->id = DN_API_VERSION;
+
+ entry = (struct sysctlhead*)(oid+1);
+ pdata = (char*)(entry+1);
+ pstring = pdata + newlen;
+
+ entry->blocklen = ((sizeof(struct sysctlhead) + strlen(name)+1 + newlen) + 3) & ~3;
+ entry->namelen = strlen(name)+1;
+ entry->flags = 0;
+ entry->datalen = newlen;
+
+ bcopy(newp, pdata, newlen);
+ bcopy(name, pstring, strlen(name)+1);
+
+ ret = do_cmd(IP_DUMMYNET3, oid, (uintptr_t)l);
+ if (ret != 0)
+ return -1;
+ }
+ else
+ {
+ //this is a get or a print
+ l = sizeof(struct dn_id);
+ oid = malloc(l);
+ if (oid == NULL)
+ return -1;
+ oid->len = l;
+ oid->type = DN_SYSCTL_GET;
+ oid->id = DN_API_VERSION;
+
+ ret = do_cmd(-IP_DUMMYNET3, oid, (uintptr_t)&l);
+ if (ret != 0)
+ return -1;
+
+ l=oid->id;
+ free(oid);
+ oid = malloc(l);
+ if (oid == NULL)
+ return -1;
+ oid->len = l;
+ oid->type = DN_SYSCTL_GET;
+ oid->id = DN_API_VERSION;
+
+ ret = do_cmd(-IP_DUMMYNET3, oid, (uintptr_t)&l);
+ if (ret != 0)
+ return -1;
+
+ entry = (struct sysctlhead*)(oid+1);
+ while(entry->blocklen != 0)
+ {
+ pdata = (char*)(entry+1);
+ pstring = pdata+entry->datalen;
+
+ //time to check if this is a get or a print
+ if(name != NULL && oldp != NULL && *oldlenp > 0)
+ {
+ //this is a get
+ if(strcmp(name,pstring) == 0)
+ {
+ //match found, sanity chech on len
+ if(*oldlenp < entry->datalen)
+ {
+ printf("%s error: buffer too small\n",__FUNCTION__);
+ return -1;
+ }
+ *oldlenp = entry->datalen;
+ bcopy(pdata, oldp, *oldlenp);
+ return 0;
+ }
+ }
+ else
+ {
+ //this is a print
+ if( name == NULL )
+ goto print;
+ if ( (strncmp(pstring,name,strlen(name)) == 0) && ( pstring[strlen(name)]=='\0' || pstring[strlen(name)]=='.' ) )
+ goto print;
+ else
+ goto skip;
+print:
+ fprintf(fp, "%s: ",pstring);
+ switch( entry->flags >> 2 )
+ {
+ case SYSCTLTYPE_LONG:
+ fprintf(fp, "%li ", *(long*)(pdata));
+ break;
+ case SYSCTLTYPE_UINT:
+ fprintf(fp, "%u ", *(unsigned int*)(pdata));
+ break;
+ case SYSCTLTYPE_ULONG:
+ fprintf(fp, "%lu ", *(unsigned long*)(pdata));
+ break;
+ case SYSCTLTYPE_INT:
+ default:
+ fprintf(fp, "%i ", *(int*)(pdata));
+ }
+ if( (entry->flags & 0x00000003) == CTLFLAG_RD )
+ fprintf(fp, "\t(read only)\n");
+ else
+ fprintf(fp, "\n");
+skip: ;
+ }
+ entry = (struct sysctlhead*)((unsigned char*)entry + entry->blocklen);
+ }
+ free(oid);
+ return 0;
+ }
+ //fallback for invalid options
+ return -1;
+
+#else /* __linux__ */
+ FILE *fp;
+ char *basename = "/sys/module/ipfw_mod/parameters/";
+ char filename[256]; /* full filename */
+ char *varp;
+ int ret = 0; /* return value */
+ int d;
+
+ if (name == NULL) /* XXX set errno */
+ return -1;
+
+ /* locate the filename */
+ varp = strrchr(name, '.');
+ if (varp == NULL) /* XXX set errno */
+ return -1;
+
+ snprintf(filename, sizeof(filename), "%s%s", basename, varp+1);
+
+ /*
+ * XXX we could open the file here, in rw mode
+ * but need to check if a file have write
+ * permissions.
+ */
+
+ /* check parameters */
+ if (oldp && oldlenp) { /* read mode */
+ fp = fopen(filename, "r");
+ if (fp == NULL) {
+ fprintf(stderr, "%s fopen error reading filename %s\n", __FUNCTION__, filename);
+ return -1;
+ }
+ if (*oldlenp == 4) {
+ if (fscanf(fp, "%d", &d) == 1)
+ memcpy(oldp, &d, *oldlenp);
+ else
+ ret = -1;
+ }
+ fclose(fp);
+ }
+
+ if (newp && newlen) { /* write */
+ fp = fopen(filename, "w");
+ if (fp == NULL) {
+ fprintf(stderr, "%s fopen error writing filename %s\n", __FUNCTION__, filename);
+ return -1;
+ }
+ if (newlen == 4) {
+ if (fprintf(fp, "%d", *(int*)newp) < 1)
+ ret = -1;
+ }
+
+ fclose(fp);
+ }
+
+ return ret;
+#endif /* __linux__ */
+}
+
+/*
+ * The following two functions implement getsockopt/setsockopt
+ * replacements to talk over a TCP socket.
+ * Because the calls are synchronous, we can run blocking code
+ * and do not need to play special tricks to be selectable.
+ * The wire protocol for the emulation is the following:
+ * REQUEST: n32 req_size, level, optname; u8 data[req_size]
+ * RESPONSE: n32 resp_size, ret_code; u8 data[resp_size]
+ * data is only present if ret_code == 0
+ *
+ * Return 0 if the message wan sent to the remote
+ * endpoint, -1 on error.
+ *
+ * If the required lenght is greater then the
+ * available buffer size, -1 is returned and
+ * optlen is the required lenght.
+ */
+enum sock_type {GET_SOCKOPT, SET_SOCKOPT};
+
+struct wire_hdr {
+ uint32_t optlen; /* actual data len */
+ uint32_t level; /* or error */
+ uint32_t optname; /* or act len */
+ uint32_t dir; /* in or out */
+};
+
+/* do a complete write of the buffer */
+static int
+writen(int fd, const char *buf, int len)
+{
+ int i;
+
+ for (; len > 0; buf += i, len -= i) {
+ i = write(fd, buf, len);
+ ND("have %d wrote %d", len, i);
+ if (i < 0) {
+ if (errno == EAGAIN)
+ continue;
+ return -1;
+ }
+ }
+ return 0;
+}
+
+/* do a complete read */
+static int
+readn(int fd, char *buf, int len)
+{
+ int i, pos;
+
+ for (pos = 0; pos < len; pos += i) {
+ i = read(fd, buf + pos, len - pos);
+ ND("have %d want %d got %d", pos, len, i);
+ if (i < 0) {
+ if (errno == EAGAIN)
+ continue;
+ return -1;
+ }
+ }
+ ND("full read got %d", pos);
+ return 0;
+}
+
+int
+__sockopt2(int s, int level, int optname, void *optval, socklen_t *optlen,
+ enum sopt_dir dir)
+{
+ struct wire_hdr r;
+ int len = optlen && optval ? *optlen : 0;
+
+ ND("dir %d optlen %d level %d optname %d", dir, len, level, optname);
+ /* send request to the server */
+ r.optlen = htonl(len);
+ r.level = htonl(level);
+ r.optname = htonl(optname);
+ r.dir = htonl(dir);
+
+ if (writen(s, (const char *) &r, sizeof(r)))
+ return -1; /* error writing */
+
+ /* send data, if present */
+ if (len < 0) {
+ fprintf(stderr, "%s invalid args found\n", __FUNCTION__);
+ return -1;
+ } else if (len > 0) {
+ if (writen(s, optval, len))
+ return -1; /* error writing */
+ }
+
+ /* read response size and error code */
+ if (readn(s, (char *)&r, sizeof(r)))
+ return -1; /* error reading */
+ len = ntohl(r.optlen);
+ ND("got header, datalen %d", len);
+ if (len > 0) {
+ if (readn(s, optval, len))
+ return -1; /* error reading */
+ }
+ if (optlen)
+ *optlen = ntohl(r.optlen); /* actual len */
+ return 0; // XXX valid ntohl(r.level);
+}
+
+/*
+ * getsockopt() replacement.
+ */
+int
+getsockopt2(int s, int level, int optname, void *optval,
+ socklen_t *optlen)
+{
+ return __sockopt2(s, level, optname, optval, optlen, SOPT_GET);
+}
+
+/*
+ * setsockopt() replacement
+ */
+int
+setsockopt2(int s, int level, int optname, void *optval,
+ socklen_t optlen)
+{
+ /* optlen not changed, use the local address */
+ return __sockopt2(s, level, optname, optval, &optlen, SOPT_SET);
+}
+
+#ifdef socket
+#undef socket /* we want the real one */
+#endif
+/*
+ * This function replaces the socket() call to connect to
+ * the ipfw control socket.
+ * We actually ignore the paramerers if IPFW_HOST and IPFW_PORT
+ * are defined.
+ */
+int
+do_connect(const char *addr, int port)
+{
+ int conn_fd;
+
+ /* open the socket */
+#ifdef NETLINK
+
+struct rtnl_handle rth;
+
+ conn_fd = socket(PF_NETLINK, SOCK_DGRAM, NETLINK_ROUTE);
+#else
+ struct sockaddr_in server; /* server address */
+ const char *s;
+
+ conn_fd = socket(AF_INET, SOCK_STREAM, 0);
+ if (conn_fd < 0) {
+ perror("socket");
+ return -1;
+ }
+#endif
+#ifndef NETLINK
+ /* fill the sockaddr structure with server address */
+ bzero(&server, sizeof(server));
+ server.sin_family = AF_INET;
+
+ /* override the host if set in the environment */
+ s = getenv("IPFW_HOST");
+ if (s)
+ addr = s;
+ inet_aton(addr, &server.sin_addr);
+ s = getenv("IPFW_PORT");
+ if (s && atoi(s) > 0)
+ port = atoi(s);
+ server.sin_port = htons(port);
+
+ /* connect to the server */
+ if (connect(conn_fd, (struct sockaddr*) &server, sizeof(server)) < 0) {
+ perror("connect");
+ return -1;
+ }
+ if (1)
+ fprintf(stderr, "connected to %s:%d\n",
+ inet_ntoa(server.sin_addr), ntohs(server.sin_port));
+#endif
+ return conn_fd;
+}
Added: soc2014/dpl/netmap-ipfw/extra/glue.h
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ soc2014/dpl/netmap-ipfw/extra/glue.h Wed Jul 9 08:52:11 2014 (r270641)
@@ -0,0 +1,411 @@
+/*
+ * Copyright (c) 2009 Luigi Rizzo, Marta Carbone, Universita` di Pisa
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
*** DIFF OUTPUT TRUNCATED AT 1000 LINES ***
More information about the svn-soc-all
mailing list