Date: Sat, 4 May 2013 18:24:30 +0000 (UTC) From: "Alexander V. Chernikov" <melifaro@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r250246 - head/sys/netpfil/ipfw Message-ID: <201305041824.r44IOUUO087896@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: melifaro Date: Sat May 4 18:24:30 2013 New Revision: 250246 URL: http://svnweb.freebsd.org/changeset/base/250246 Log: Use unified method for accessing / updating cached rule pointers. MFC after: 2 weeks Modified: head/sys/netpfil/ipfw/ip_fw2.c Modified: head/sys/netpfil/ipfw/ip_fw2.c ============================================================================== --- head/sys/netpfil/ipfw/ip_fw2.c Sat May 4 17:21:44 2013 (r250245) +++ head/sys/netpfil/ipfw/ip_fw2.c Sat May 4 18:24:30 2013 (r250246) @@ -780,6 +780,38 @@ set_match(struct ip_fw_args *args, int s } /* + * Helper function to enable cached rule lookups using + * x_next and next_rule fields in ipfw rule. + */ +static int +jump_fast(struct ip_fw_chain *chain, struct ip_fw *f, int num, + int tablearg, int jump_backwards) +{ + int f_pos; + + /* If possible use cached f_pos (in f->next_rule), + * whose version is written in f->next_rule + * (horrible hacks to avoid changing the ABI). + */ + if (num != IP_FW_TABLEARG && (uintptr_t)f->x_next == chain->id) + f_pos = (uintptr_t)f->next_rule; + else { + int i = IP_FW_ARG_TABLEARG(num); + /* make sure we do not jump backward */ + if (jump_backwards == 0 && i <= f->rulenum) + i = f->rulenum + 1; + f_pos = ipfw_find_rule(chain, i, 0); + /* update the cache */ + if (num != IP_FW_TABLEARG) { + f->next_rule = (void *)(uintptr_t)f_pos; + f->x_next = (void *)(uintptr_t)chain->id; + } + } + + return (f_pos); +} + +/* * The main check routine for the firewall. * * All arguments are in args so we can modify them and return them @@ -2123,27 +2155,7 @@ do { \ case O_SKIPTO: IPFW_INC_RULE_COUNTER(f, pktlen); - /* If possible use cached f_pos (in f->next_rule), - * whose version is written in f->next_rule - * (horrible hacks to avoid changing the ABI). - */ - if (cmd->arg1 != IP_FW_TABLEARG && - (uintptr_t)f->x_next == chain->id) { - f_pos = (uintptr_t)f->next_rule; - } else { - int i = IP_FW_ARG_TABLEARG(cmd->arg1); - /* make sure we do not jump backward */ - if (i <= f->rulenum) - i = f->rulenum + 1; - f_pos = ipfw_find_rule(chain, i, 0); - /* update the cache */ - if (cmd->arg1 != IP_FW_TABLEARG) { - f->next_rule = - (void *)(uintptr_t)f_pos; - f->x_next = - (void *)(uintptr_t)chain->id; - } - } + f_pos = jump_fast(chain, f, cmd->arg1, tablearg, 0); /* * Skip disabled rules, and re-enter * the inner loop with the correct @@ -2232,25 +2244,8 @@ do { \ if (IS_CALL) { stack[mtag->m_tag_id] = f->rulenum; mtag->m_tag_id++; - if (cmd->arg1 != IP_FW_TABLEARG && - (uintptr_t)f->x_next == chain->id) { - f_pos = (uintptr_t)f->next_rule; - } else { - jmpto = IP_FW_ARG_TABLEARG( - cmd->arg1); - f_pos = ipfw_find_rule(chain, - jmpto, 0); - /* update the cache */ - if (cmd->arg1 != - IP_FW_TABLEARG) { - f->next_rule = - (void *)(uintptr_t) - f_pos; - f->x_next = - (void *)(uintptr_t) - chain->id; - } - } + f_pos = jump_fast(chain, f, cmd->arg1, + tablearg, 1); } else { /* `return' action */ mtag->m_tag_id--; jmpto = stack[mtag->m_tag_id] + 1;
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201305041824.r44IOUUO087896>