svn commit: r269924 - projects/ipfw/sys/netpfil/ipfw
Alexander V. Chernikov
melifaro at FreeBSD.org
Wed Aug 13 09:34:34 UTC 2014
Author: melifaro
Date: Wed Aug 13 09:34:33 2014
New Revision: 269924
URL: http://svnweb.freebsd.org/changeset/base/269924
Log:
* Add jump_linear() function utilizing calculated skipto cache.
* Update description for jump_fast()
* Make jump_fast() users use JUMP() macro which is resolved to
jump_fast() by default.
Modified:
projects/ipfw/sys/netpfil/ipfw/ip_fw2.c
Modified: projects/ipfw/sys/netpfil/ipfw/ip_fw2.c
==============================================================================
--- projects/ipfw/sys/netpfil/ipfw/ip_fw2.c Wed Aug 13 08:24:48 2014 (r269923)
+++ projects/ipfw/sys/netpfil/ipfw/ip_fw2.c Wed Aug 13 09:34:33 2014 (r269924)
@@ -126,6 +126,12 @@ VNET_DEFINE(unsigned int, fw_tables_sets
/* Use 128 tables by default */
static unsigned int default_fw_tables = IPFW_TABLES_DEFAULT;
+static int jump_fast(struct ip_fw_chain *chain, struct ip_fw *f, int num,
+ int tablearg, int jump_backwards);
+static int jump_linear(struct ip_fw_chain *chain, struct ip_fw *f, int num,
+ int tablearg, int jump_backwards);
+#define JUMP(ch, f, num, targ, back) jump_fast(ch, f, num, targ, back)
+
/*
* Each rule belongs to one of 32 different sets (0..31).
* The variable set_disable contains one bit per set.
@@ -798,7 +804,7 @@ set_match(struct ip_fw_args *args, int s
/*
* Helper function to enable cached rule lookups using
- * x_next and next_rule fields in ipfw rule.
+ * cached_id and cached_pos fields in ipfw rule.
*/
static int
jump_fast(struct ip_fw_chain *chain, struct ip_fw *f, int num,
@@ -806,8 +812,8 @@ jump_fast(struct ip_fw_chain *chain, str
{
int f_pos;
- /* If possible use cached f_pos (in f->next_rule),
- * whose version is written in f->next_rule
+ /* If possible use cached f_pos (in f->cached_pos),
+ * whose version is written in f->cached_id
* (horrible hacks to avoid changing the ABI).
*/
if (num != IP_FW_TARG && f->cached_id == chain->id)
@@ -832,6 +838,24 @@ jump_fast(struct ip_fw_chain *chain, str
}
/*
+ * Helper function to enable real fast rule lookups.
+ */
+static int
+jump_linear(struct ip_fw_chain *chain, struct ip_fw *f, int num,
+ int tablearg, int jump_backwards)
+{
+ int f_pos;
+
+ num = IP_FW_ARG_TABLEARG(num);
+ /* make sure we do not jump backward */
+ if (jump_backwards == 0 && num <= f->rulenum)
+ num = f->rulenum + 1;
+ f_pos = chain->idxmap[num];
+
+ return (f_pos);
+}
+
+/*
* The main check routine for the firewall.
*
* All arguments are in args so we can modify them and return them
@@ -2190,7 +2214,7 @@ do { \
case O_SKIPTO:
IPFW_INC_RULE_COUNTER(f, pktlen);
- f_pos = jump_fast(chain, f, cmd->arg1, tablearg, 0);
+ f_pos = JUMP(chain, f, cmd->arg1, tablearg, 0);
/*
* Skip disabled rules, and re-enter
* the inner loop with the correct
@@ -2279,7 +2303,7 @@ do { \
if (IS_CALL) {
stack[mtag->m_tag_id] = f->rulenum;
mtag->m_tag_id++;
- f_pos = jump_fast(chain, f, cmd->arg1,
+ f_pos = JUMP(chain, f, cmd->arg1,
tablearg, 1);
} else { /* `return' action */
mtag->m_tag_id--;
More information about the svn-src-projects
mailing list