socsvn commit: r271600 - soc2014/dpl/netmap-ipfwjit/sys/netpfil/ipfw

Wed Jul 30 11:06:01 UTC 2014

Author: dpl
Date: Wed Jul 30 11:05:59 2014
New Revision: 271600
URL: http://svnweb.FreeBSD.org/socsvn/?view=rev&rev=271600

Log:
  Refactored some of the ip_fw2.c code, to be compiled to bitcode and used by the JIT

Modified:
  soc2014/dpl/netmap-ipfwjit/sys/netpfil/ipfw/ip_fw2.c
  soc2014/dpl/netmap-ipfwjit/sys/netpfil/ipfw/ip_fw_rules.h
  soc2014/dpl/netmap-ipfwjit/sys/netpfil/ipfw/jit.cc

Modified: soc2014/dpl/netmap-ipfwjit/sys/netpfil/ipfw/ip_fw2.c
==============================================================================

--- soc2014/dpl/netmap-ipfwjit/sys/netpfil/ipfw/ip_fw2.c	Wed Jul 30 09:17:40 2014	(r271599)
+++ soc2014/dpl/netmap-ipfwjit/sys/netpfil/ipfw/ip_fw2.c	Wed Jul 30 11:05:59 2014	(r271600)
@@ -105,7 +105,7 @@
  */
 
 /* ipfw_vnet_ready controls when we are open for business */
-static VNET_DEFINE(int, ipfw_vnet_ready) = 0;
+VNET_DEFINE(int, ipfw_vnet_ready) = 0;
 #define	V_ipfw_vnet_ready	VNET(ipfw_vnet_ready)
 
 static VNET_DEFINE(int, fw_deny_unknown_exthdrs);
@@ -657,21 +657,7 @@
 	/* Returns -1 on error */
 	if (lockcheckvnet(chain))
 		return (IP_FW_PASS);
-	if (args->rule.slot) {
-		/*
-		 * Packet has already been tagged as a result of a previous
-		 * match on rule args->rule aka args->rule_id (PIPE, QUEUE,
-		 * REASS, NETGRAPH, DIVERT/TEE...)
-		 * Validate the slot and continue from the next one
-		 * if still present, otherwise do a lookup.
-		 */
-		f_pos = (args->rule.chain_id == chain->id) ?
-		    args->rule.slot :
-		    ipfw_find_rule(chain, args->rule.rulenum,
-			args->rule.rule_id);
-	} else {
-		f_pos = 0;
-	}
+	getfpos(args, chain, &f_pos);
 
 	/*
 	 * Now scan the rules, and parse microinstructions for each rule.
@@ -1139,7 +1125,7 @@
 		retval = IP_FW_DENY;
 		printf("ipfw: ouch!, skip past end of rules, denying packet\n");
 	}
-	IPFW_PF_RUNLOCK(chain);
+	unlockvnet(chain);
 #ifdef __FreeBSD__
 	if (ucred_cache != NULL)
 		crfree(ucred_cache);

Modified: soc2014/dpl/netmap-ipfwjit/sys/netpfil/ipfw/ip_fw_rules.h
==============================================================================
--- soc2014/dpl/netmap-ipfwjit/sys/netpfil/ipfw/ip_fw_rules.h	Wed Jul 30 09:17:40 2014	(r271599)
+++ soc2014/dpl/netmap-ipfwjit/sys/netpfil/ipfw/ip_fw_rules.h	Wed Jul 30 11:05:59 2014	(r271600)
@@ -45,6 +45,9 @@
 /* This macro needs the calling function to have a tablearg argument */
 #define	IP_FW_ARG_TABLEARG(a)	(((a) == IP_FW_TABLEARG) ? tablearg : (a))
 
+/* Needed vars defined at ip_fw2.c */
+VNET_DECLARE(int, V_ipfw_vnet_ready);
+
 /*
  * Auxiliar functions.
  */
@@ -1937,3 +1940,32 @@
 	return 0;
 }
 
+static IPFW_RULES_INLINE void
+unlockvnet(struct ip_fw_chain *chain)
+{
+	IPFW_PF_RUNLOCK(chain);
+}
+
+/*
+ * Function to be called just after
+ * lockcheckvnet();
+ */
+static IPFW_RULES_INLINE int
+getfpos(struct ip_fw_args *args, struct ip_fw_chain *chain, int *f_pos)
+{
+	if (args->rule.slot) {
+		/*
+		 * Packet has already been tagged as a result of a previous
+		 * match on rule args->rule aka args->rule_id (PIPE, QUEUE,
+		 * REASS, NETGRAPH, DIVERT/TEE...)
+		 * Validate the slot and continue from the next one
+		 * if still present, otherwise do a lookup.
+		 */
+		*f_pos = (args->rule.chain_id == chain->id) ?
+		    args->rule.slot :
+		    ipfw_find_rule(chain, args->rule.rulenum,
+			args->rule.rule_id);
+	} else {
+		*f_pos = 0;
+	}
+}

Modified: soc2014/dpl/netmap-ipfwjit/sys/netpfil/ipfw/jit.cc
==============================================================================
--- soc2014/dpl/netmap-ipfwjit/sys/netpfil/ipfw/jit.cc	Wed Jul 30 09:17:40 2014	(r271599)
+++ soc2014/dpl/netmap-ipfwjit/sys/netpfil/ipfw/jit.cc	Wed Jul 30 11:05:59 2014	(r271600)
@@ -48,22 +48,32 @@
 		int
 		loadStub(std::string funcname)
 		{
-			return 0;
+			return (0);
+		}
+
+		int
+		setVars()
+		{
+			return (0);
 		}
 };
 
 extern "C" funcptr
 compile_code(struct ip_fw_args *args)
 {
-	jitCompiler("ip_fw_rules.bc");
+	struct ip_fw_chain *chain = &V_layer3_chain;
 
-	int f_pos = 0;		/* index of current rule in the array */
+	auto comp = jitCompiler("ip_fw_rules.bc");
 
-	// Now I have to load the stubs of the loaded rules.
+	// XXX Now I have to load the stubs of the loaded rules.
 	// For that, I need a table: RULE, "functname", #args
+	lockcheckvnet(chain);
 
 	// Iterate through the rules.
 
+	/* When we're done, or if there's an error. */
+	unlockvnet(chain);
+
 	/*
 	// Get the stub (prototype) for the cell function
 	F = Mod->getFunction("cell");
@@ -105,5 +115,5 @@
 	}
 
 	*/
-	return 0;
+	return (0);
 }
