socsvn commit: r273858 - soc2014/dpl/netmap-ipfwjit/sys/netpfil/ipfw
dpl at FreeBSD.org
dpl at FreeBSD.org
Tue Sep 9 17:02:35 UTC 2014
Author: dpl
Date: Tue Sep 9 17:02:34 2014
New Revision: 273858
URL: http://svnweb.FreeBSD.org/socsvn/?view=rev&rev=273858
Log:
Added IP src filtering, still to test, included struct definition at ip_fw_rules.h
Modified:
soc2014/dpl/netmap-ipfwjit/sys/netpfil/ipfw/ip_fw_rules.c
soc2014/dpl/netmap-ipfwjit/sys/netpfil/ipfw/jit.cc
Modified: soc2014/dpl/netmap-ipfwjit/sys/netpfil/ipfw/ip_fw_rules.c
==============================================================================
--- soc2014/dpl/netmap-ipfwjit/sys/netpfil/ipfw/ip_fw_rules.c Tue Sep 9 16:57:02 2014 (r273857)
+++ soc2014/dpl/netmap-ipfwjit/sys/netpfil/ipfw/ip_fw_rules.c Tue Sep 9 17:02:34 2014 (r273858)
@@ -82,6 +82,8 @@
struct ip_fw_chain;
struct ip_fw;
struct _ipfw_insn;
+struct _ipfw_insn_ip;
+struct _ipfw_insn_u16;
struct _ipfw_insn_if;
struct _ipfw_dyn_rule;
Modified: soc2014/dpl/netmap-ipfwjit/sys/netpfil/ipfw/jit.cc
==============================================================================
--- soc2014/dpl/netmap-ipfwjit/sys/netpfil/ipfw/jit.cc Tue Sep 9 16:57:02 2014 (r273857)
+++ soc2014/dpl/netmap-ipfwjit/sys/netpfil/ipfw/jit.cc Tue Sep 9 17:02:34 2014 (r273858)
@@ -154,6 +154,7 @@
StructType *Ip_fwTy;
StructType *Ipfw_insnTy;
StructType *IpfwInsnU16Ty;
+ StructType *IpfwInsnIpTy;
StructType *Ipfw_dyn_ruleTy;
StructType *Ipfw_insn_ifTy;
StructType *MbufTy;
@@ -168,6 +169,7 @@
PointerType *Ip_fwPtrTy;
PointerType *Ipfw_insnPtrTy;
PointerType *IpfwInsnU16PtrTy;
+ PointerType *IpfwInsnIpPtrTy;
PointerType *Ipfw_dyn_rulePtrTy;
PointerType *Ipfw_insn_ifPtrTy;
PointerType *MbufPtrTy;
@@ -234,6 +236,7 @@
Ip_fwTy = mod->getTypeByName("struct.ip_fw");
Ipfw_insnTy = mod->getTypeByName("struct._ipfw_insn");
IpfwInsnU16Ty = mod->getTypeByName("struct._ipfw_insn_u16");
+ IpfwInsnIpTy = mod->getTypeByName("struct._ipfw_insn_ip");
Ipfw_insn_ifTy = mod->getTypeByName("struct._ipfw_insn_if");
Ipfw_dyn_ruleTy = mod->getTypeByName("struct._ipfw_dyn_rule");
#ifdef __FreeBSD__
@@ -252,6 +255,7 @@
Ip_fwPtrTy = PointerType::getUnqual(Ip_fwTy);
Ipfw_insnPtrTy = PointerType::getUnqual(Ipfw_insnTy);
IpfwInsnU16PtrTy = PointerType::getUnqual(IpfwInsnU16Ty);
+ IpfwInsnIpPtrTy = PointerType::getUnqual(IpfwInsnIpTy);
Ipfw_insn_ifPtrTy = PointerType::getUnqual(Ipfw_insn_ifTy);
Ipfw_dyn_rulePtrTy = PointerType::getUnqual(Ipfw_dyn_ruleTy);
#ifdef __FreeBSD__
@@ -1077,6 +1081,23 @@
void
emit_ip_src()
{
+ // match = is_ipv4 &&
+ // (((ipfw_insn_ip *)cmd)->addr.s_addr ==
+ // src_ip.s_addr);
+
+ // ((ipfw_insn_ip *)cmd)->addr.s_addr
+ // addr only has one element (s_adddr) we only need one GEP.
+ Value *CmdL = Irb.CreateLoad(Cmd);
+ Value *CmdLBitC = Irb.CreateBitCast(CmdL, IpfwInsnIpPtrTy);
+ Value *CmdSAddr = Irb.CreateStructGEP(CmdLBitC, 1);
+ Value *CmdSAddrL = Irb.CreateLoad(CmdSAddr);
+
+ // src_ip.s_addr
+ Value *SrcIpL = Irb.CreateLoad(SrcIp);
+ Value *SrcAddr = Irb.CreateStructGEP(SrcIpL, 0);
+ Value *Comp = Irb.CreateICmpEQ(CmdSAddrL, SrcAddr);
+
+ Value *NewMatch = Irb.CreateAnd(Comp, IsIpv4);
}
// XXX Not tested.
@@ -1155,7 +1176,7 @@
BasicBlock *Dst = BasicBlock::Create(Con, "R_Dst", Func);
BasicBlock *Loop = BasicBlock::Create(Con, "R_Loop", Func);
BasicBlock *ContLoop = BasicBlock::Create(Con, "R_ContLoop", Func);
- Value Comp;
+ Value *Comp;
// Perform allocations at the beginning.
Value *X = Irb.CreateAlloca(Int16Ty, nullptr, "x");
@@ -1163,9 +1184,9 @@
Value *I = Irb.CreateAlloca(Int32Ty, nullptr, "i");
// p = ((ipfw_insn_u16 *)cmd)->ports;
// XXX TODO Ensure correctness.
- CmdLBitC = Irb.CreateBitCast(Cmd, IpfwInsnU16PtrTy);
- Value *Ports = Irb.CreateStructGEP(CMDLBitC, 1);
- Irb.CreateStore(PortsPtr, P);
+ Value *CmdLBitC = Irb.CreateBitCast(Cmd, IpfwInsnU16PtrTy);
+ Value *Ports = Irb.CreateStructGEP(CmdLBitC, 1);
+ Irb.CreateStore(Ports, P);
Value *PL = Irb.CreateLoad(P);
// (proto == IPPROTO_UDP || proto == IPPROTO_TCP)
@@ -1176,11 +1197,11 @@
// (Offset == 0)
Value *Comp3 = Irb.CreateICmpEQ(Offset, ConstantInt::get(Offset->getType(), 0));
// (OrComps && Comp3)
- Value *Comp = Irb.CreateAnd(OrComps, Comp3);
+ Comp = Irb.CreateAnd(OrComps, Comp3);
Irb.CreateCondBr(Comp, Yes, Out);
// yes:
- Irb.SetInserPoint(Yes);
+ Irb.SetInsertPoint(Yes);
// if (cmd->opcode == O_IP_SRCPORT)
Value *CmdL = Irb.CreateLoad(Cmd);
Value *OpcodePtr = Irb.CreateStructGEP(CmdL, 0);
@@ -1188,31 +1209,31 @@
Comp = Irb.CreateICmpEQ(Opcode, ConstantInt::get(Opcode->getType(), O_IP_SRCPORT));
Irb.CreateCondBr(Comp, Src, Dst);
- Irb.SetInserPoint(Src);
+ Irb.SetInsertPoint(Src);
// u_int16_t x = src_port;
Irb.CreateStore(SrcPort, X);
Irb.CreateBr(Loop);
- Irb.SetInserPoint(Dst);
+ Irb.SetInsertPoint(Dst);
// u_int16_t x = dst_port;
Irb.CreateStore(DstPort, X);
Irb.CreateBr(Loop);
- Irb.SetInserPoint(Loop);
+ Irb.SetInsertPoint(Loop);
// Loop initialisation
// i = cmdlen - 1;
// cmdlen: signed
- Value *Sub = Irb.CreateNSWSub(CmdLen, ConstantInt::get(CmdLen->getType(), 1);
+ Value *Sub = Irb.CreateNSWSub(CmdLen, ConstantInt::get(CmdLen->getType(), 1));
Irb.CreateStore(Sub, I);
Irb.CreateBr(ContLoop);
// Check condition
- Irb.SetInserPoint(ContLoop);
+ Irb.SetInsertPoint(ContLoop);
// while((!match) && (i>0)) {
Value *IL = Irb.CreateLoad(I);
Value *MatchL = Irb.CreateLoad(Match);
- Comp1 = Irb.CreateICmpEQ(MatchL, ConstantInt::get(Match->getType(), 0)
- Comp2 = Irb.CreateICmpSGT(IL, ConstantInt::get(I->getType(), 0)
+ Comp1 = Irb.CreateICmpEQ(MatchL, ConstantInt::get(Match->getType(), 0));
+ Comp2 = Irb.CreateICmpSGT(IL, ConstantInt::get(I->getType(), 0));
Value *BreakCond = Irb.CreateAnd(Comp1, Comp2);
Irb.CreateCondBr(BreakCond, ContLoop, Out);
@@ -1230,7 +1251,7 @@
Value *ILD = Irb.CreateNSWSub(IL, ConstantInt::get(I->getType(), 1));
Irb.CreateStore(ILD, I);
// p += 2;
- Value PGEP = Irb.CreateInBoundsGEP(PL, ConstantInt::get(Int32Ty, 2));
+ Value *PGEP = Irb.CreateInBoundsGEP(PL, ConstantInt::get(Int32Ty, 2));
Irb.CreateStore(PGEP, P);
Irb.CreateBr(ContLoop);
More information about the svn-soc-all
mailing list