From owner-svn-soc-all@FreeBSD.ORG Tue Aug 12 13:59:32 2014 Return-Path: Delivered-To: svn-soc-all@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 0F4EC96B for ; Tue, 12 Aug 2014 13:59:32 +0000 (UTC) Received: from socsvn.freebsd.org (socsvn.freebsd.org [IPv6:2001:1900:2254:206a::50:2]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id EF24223F5 for ; Tue, 12 Aug 2014 13:59:31 +0000 (UTC) Received: from socsvn.freebsd.org ([127.0.1.124]) by socsvn.freebsd.org (8.14.9/8.14.9) with ESMTP id s7CDxVV7084973 for ; Tue, 12 Aug 2014 13:59:31 GMT (envelope-from dpl@FreeBSD.org) Received: (from www@localhost) by socsvn.freebsd.org (8.14.9/8.14.9/Submit) id s7CDxV67084946 for svn-soc-all@FreeBSD.org; Tue, 12 Aug 2014 13:59:31 GMT (envelope-from dpl@FreeBSD.org) Date: Tue, 12 Aug 2014 13:59:31 GMT Message-Id: <201408121359.s7CDxV67084946@socsvn.freebsd.org> X-Authentication-Warning: socsvn.freebsd.org: www set sender to dpl@FreeBSD.org using -f From: dpl@FreeBSD.org To: svn-soc-all@FreeBSD.org Subject: socsvn commit: r272284 - soc2014/dpl/netmap-ipfwjit/sys/netpfil/ipfw MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-soc-all@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: SVN commit messages for the entire Summer of Code repository List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 12 Aug 2014 13:59:32 -0000 Author: dpl Date: Tue Aug 12 13:59:30 2014 New Revision: 272284 URL: http://svnweb.FreeBSD.org/socsvn/?view=rev&rev=272284 Log: Corrected the NULL pointers, added a optimize function, and moved some of the code out of compile-time, to make our lifes easier. Modified: soc2014/dpl/netmap-ipfwjit/sys/netpfil/ipfw/ip_fw2.c soc2014/dpl/netmap-ipfwjit/sys/netpfil/ipfw/jit.cc Modified: soc2014/dpl/netmap-ipfwjit/sys/netpfil/ipfw/ip_fw2.c ============================================================================== --- soc2014/dpl/netmap-ipfwjit/sys/netpfil/ipfw/ip_fw2.c Tue Aug 12 12:45:30 2014 (r272283) +++ soc2014/dpl/netmap-ipfwjit/sys/netpfil/ipfw/ip_fw2.c Tue Aug 12 13:59:30 2014 (r272284) @@ -266,6 +266,15 @@ { struct ip_fw_chain *chain = &V_layer3_chain; + /* Read comment below about this variable. */ + struct mbuf *m = args->m; + + if (m->m_flags & M_SKIP_FIREWALL || (! V_ipfw_vnet_ready)) + return (IP_FW_PASS); /* accept */ + + args->f_id.fib = M_GETFIB(m); /* note mbuf not altered) */ + + /* If we haven't, JIT-compile the actions to be executed per-rule */ if (compiledfuncptr == 0) { IPFW_PF_RLOCK(chain); @@ -302,7 +311,6 @@ * (Until we start using L3offset, the packet is * supposed to start with the ip header). */ - struct mbuf *m = args->m; struct ip *ip = mtod(m, struct ip *); /* @@ -396,13 +404,9 @@ int done = 0; /* flag to exit the outer loop */ - if (m->m_flags & M_SKIP_FIREWALL || (! V_ipfw_vnet_ready)) - return (IP_FW_PASS); /* accept */ - dst_ip.s_addr = 0; /* make sure it is initialized */ src_ip.s_addr = 0; /* make sure it is initialized */ pktlen = m->m_pkthdr.len; - args->f_id.fib = M_GETFIB(m); /* note mbuf not altered) */ proto = args->f_id.proto = 0; /* mark f_id invalid */ /* XXX 0 is a valid proto: IP/IPv6 Hop-by-Hop Option */ Modified: soc2014/dpl/netmap-ipfwjit/sys/netpfil/ipfw/jit.cc ============================================================================== --- soc2014/dpl/netmap-ipfwjit/sys/netpfil/ipfw/jit.cc Tue Aug 12 12:45:30 2014 (r272283) +++ soc2014/dpl/netmap-ipfwjit/sys/netpfil/ipfw/jit.cc Tue Aug 12 13:59:30 2014 (r272284) @@ -40,6 +40,9 @@ LLVMContext con; OwningPtr buffer; IRBuilder<> irb; + + // We'll store the BasicBlock objects for each rule here. + int rule_number; std::vector blocks; // Vars Types @@ -51,7 +54,7 @@ // Basic blocks used BasicBlock *entry; BasicBlock *pullup_failed; - BasicBlock *startiter; + BasicBlock *startrules; // JIT Compiled Vars // Loop control. @@ -77,7 +80,7 @@ Value *src_port; //unsigned Value *dst_port; //unsigned Value *src_ip; - Value *dest_ip; + Value *dst_ip; Value *iplen; //unsigned Value *pktlen; Value *etype; //unsigned @@ -114,7 +117,7 @@ Function *jump_fast; // Not pkg-filtering related funcs. - Function *printf; + Function *printfFunc; // Used structs. StructType *ifnetTy; @@ -190,18 +193,18 @@ #endif /* __FreeBSD__ */ // Create Pointer to StructType types. - ipfw_dyn_rulePtrTy = PointerType::get(ipfw_dyn_ruleTy); - ifnetPtrTy = PointerType::get(ifnetTy); - in_addrPtrTy = PointerType::get(in_addrTy); - ipPtrTy = PointerType::get(ipTy); - ip_fw_argsPtrTy = PointerType::get(ip_fw_argsTy); - ip_fw_chainPtrTy = PointerType::get(ip_fw_chainTy); - ip_fwPtrTy = PointerType::get(ip_fwTy); - ip_fw_insnPtrTy = PointerType::get(_ip_fw_insnTy); - ipfw_insn_ifPtrTy = PointerType::get(_ipfw_insn_ifTy); - mbufPtrTy = PointerType::get(mbufTy); + ipfw_dyn_rulePtrTy = PointerType::get(ipfw_dyn_ruleTy, 0); + ifnetPtrTy = PointerType::get(ifnetTy, 0); + in_addrPtrTy = PointerType::get(in_addrTy, 0); + ipPtrTy = PointerType::get(ipTy, 0); + ip_fw_argsPtrTy = PointerType::get(ip_fw_argsTy, 0); + ip_fw_chainPtrTy = PointerType::get(ip_fw_chainTy, 0); + ip_fwPtrTy = PointerType::get(ip_fwTy, 0); + ip_fw_insnPtrTy = PointerType::get(ip_fw_insnTy, 0); + ipfw_insn_ifPtrTy = PointerType::get(ipfw_insn_ifTy, 0); + mbufPtrTy = PointerType::get(mbufTy, 0); #ifdef __FreeBSD__ - ucredPtrTy = PointerType::get(ucredTy); + ucredPtrTy = PointerType::get(ucredTy, 0); #endif // Allocate vars. @@ -215,15 +218,16 @@ irb.CreateStore(ConstantInt::get(int32Ty, 0), retval); m = irb.CreateAlloca(mbufPtrTy); // Init: args->m - // ip = mtod(m, struct ip *) - // #define mtod(m, t) ((t)((m)->m_data)) + // XXX m = args->m + ip = irb.CreateAlloca(ipPtrTy); + // XXX ip = (struct ip *)((m)->m_data); #ifdef __FreeBSD__ ucred = irb.CreateAlloca(ucredPtrTy); // Init: NULL if type ucred. - irb.CreateStore(ConstantPointerNull::get(null), ucred); + irb.CreateStore(ConstantPointerNull::get(ucredPtrTy), ucred); #else - ucred = irb.CreateAlloca(ucredTy); // Init: NULL if type ucred. + ucred = irb.CreateAlloca(ucredTy); #endif ucred_lookup = irb.CreateAlloca(int32Ty); @@ -241,6 +245,8 @@ irb.CreateStore(ConstantInt::get(int16Ty, 0), ip6f_mf); proto = irb.CreateAlloca(int8Ty); + irb.CreateStore(ConstantInt::get(int8Ty, 0), proto); + // XXX proto = args->f_id.proto = 0 src_port = irb.CreateAlloca(int16Ty); irb.CreateStore(ConstantInt::get(int16Ty, 0), src_port); @@ -248,12 +254,16 @@ irb.CreateStore(ConstantInt::get(int16Ty, 0), dst_port); src_ip = irb.CreateAlloca(in_addrTy); - dest_ip = irb.CreateAlloca(in_addrTy); + dst_ip = irb.CreateAlloca(in_addrTy); + // XXX + //dst_ip.s_addr = 0; + //src_ip.s_addr = 0; iplen = irb.CreateAlloca(int16Ty); irb.CreateStore(ConstantInt::get(int16Ty, 0), iplen); pktlen = irb.CreateAlloca(int32Ty); + //XXX pktlen = m->m_pkthdr.len; etype = irb.CreateAlloca(int16Ty); irb.CreateStore(ConstantInt::get(int32Ty, 0), etype); @@ -262,11 +272,11 @@ irb.CreateStore(ConstantInt::get(int32Ty, MATCH_UNKNOWN), dyn_dir); q = irb.CreateAlloca(ipfw_dyn_rulePtrTy); - irb.CreateStore(ConstantPointerNull::get(null), q); + irb.CreateStore(ConstantPointerNull::get(ipfw_dyn_rulePtrTy), q); // There are no (void *), we use i8* - ulp = irb.CreateAlloca(int8PtrTy); //Init: NULL - irb.CreateStore(ConstantPointerNull::get(null), ulp); + ulp = irb.CreateAlloca(int8PtrTy); + irb.CreateStore(ConstantPointerNull::get(int8PtrTy), ulp); is_ipv4 = irb.CreateAlloca(int32Ty); irb.CreateStore(ConstantInt::get(int32Ty, 0), is_ipv4); @@ -300,14 +310,12 @@ check_uidgid = mod->getFunction("check_uidgid"); set_match = mod->getFunction("set_match"); jump_fast = mod->getFunction("jump_fast"); - - return (0); } void emit_pullup_failed() { - GlobalValue *is_verbose, *str; + Value *is_verbose, *str; BasicBlock *print, *ret; // VNET_DECLARE(int, fw_verbose); @@ -320,14 +328,14 @@ // return (IP_FW_DENY); irb.SetInsertPoint(pullup_failed); - is_verbose = mod.getGlobalVariable("fw_verbose"); + is_verbose = mod->getGlobalVariable("fw_verbose"); str = irb.CreateGlobalString("ipfw: pullup failed\n"); // if (V_fw_verbose) - CreateCondBr(CreateICmpEQ(is_verbose, ConstantInt::get(int32Ty, 0)), ret, print); + irb.CreateCondBr(irb.CreateICmpEQ(is_verbose, ConstantInt::get(int32Ty, 0)), ret, print); // printf("ipfw: pullup failed\n"); irb.SetInsertPoint(print); - irb.CreateCall(printf, str); + irb.CreateCall(printfFunc, str); irb.CreateBr(ret); // return (IP_FW_DENY); @@ -344,12 +352,12 @@ func = mod->getFunction("ipfw_chk_jit"); func->setLinkage(GlobalValue::ExternalLinkage); - printf = mod->getFunction("printf"); + printfFunc = mod->getFunction("printf"); // Create first BasicBlocks. entry = BasicBlock::Create(con, "entry", func); pullup_failed = BasicBlock::Create(con, "pullup_failed", func); - startiter = BasicBlock::Create(con, "startiter", func); + startrules = BasicBlock::Create(con, "startrules", func); // Create the code related to the pullup_failed Basic Block. emit_pullup_failed(); @@ -366,6 +374,12 @@ delete mod; } + void + optimize() + { + return; + } + // Returns the pointer to the compiled function. funcptr getFuncPtr() @@ -377,11 +391,13 @@ int emit_lookpkt() { - // If it returns one, we have to goto pullup_failed. - CreateCondBr(CreateICmpEQ(irb.CreateCall(inspect_pkt), ConstantInt::get(int32Ty, 1)), pullup_failed, startiter); + // If it returns one, goto pullup_failed. + // Else, goto starrules. + irb.CreateCondBr(irb.CreateICmpEQ(irb.CreateCall(inspect_pkt), ConstantInt::get(int32Ty, 1)), pullup_failed, startrules); return (0); } + // Rules int emit_nop() { @@ -638,9 +654,9 @@ comp.emit_ipsec(); #endif /* otherwise no match */ +/* XXX break; -/* XXX #ifdef INET6 case O_IP6_SRC: comp.emit_ip6_src(); @@ -824,5 +840,6 @@ } /* end of outer for, scan rules */ // Once we're done iterating through the rules, return the pointer. + comp.optimize(); return (comp.getFuncPtr()); }