From owner-svn-soc-all@FreeBSD.ORG Wed Aug 13 16:52:53 2014 Return-Path: Delivered-To: svn-soc-all@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id B78B3EE2 for ; Wed, 13 Aug 2014 16:52:53 +0000 (UTC) Received: from socsvn.freebsd.org (socsvn.freebsd.org [IPv6:2001:1900:2254:206a::50:2]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 9874820DB for ; Wed, 13 Aug 2014 16:52:53 +0000 (UTC) Received: from socsvn.freebsd.org ([127.0.1.124]) by socsvn.freebsd.org (8.14.9/8.14.9) with ESMTP id s7DGqr8J006969 for ; Wed, 13 Aug 2014 16:52:53 GMT (envelope-from dpl@FreeBSD.org) Received: (from www@localhost) by socsvn.freebsd.org (8.14.9/8.14.9/Submit) id s7DGqqL7006748 for svn-soc-all@FreeBSD.org; Wed, 13 Aug 2014 16:52:52 GMT (envelope-from dpl@FreeBSD.org) Date: Wed, 13 Aug 2014 16:52:52 GMT Message-Id: <201408131652.s7DGqqL7006748@socsvn.freebsd.org> X-Authentication-Warning: socsvn.freebsd.org: www set sender to dpl@FreeBSD.org using -f From: dpl@FreeBSD.org To: svn-soc-all@FreeBSD.org Subject: socsvn commit: r272369 - soc2014/dpl/netmap-ipfwjit/sys/netpfil/ipfw MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-soc-all@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: SVN commit messages for the entire Summer of Code repository List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 13 Aug 2014 16:52:53 -0000 Author: dpl Date: Wed Aug 13 16:52:52 2014 New Revision: 272369 URL: http://svnweb.FreeBSD.org/socsvn/?view=rev&rev=272369 Log: Added emit_check_tag() function, which compiles stuff done before iterating the rules. Modified: soc2014/dpl/netmap-ipfwjit/sys/netpfil/ipfw/ip_fw_rules.h soc2014/dpl/netmap-ipfwjit/sys/netpfil/ipfw/jit.cc Modified: soc2014/dpl/netmap-ipfwjit/sys/netpfil/ipfw/ip_fw_rules.h ============================================================================== --- soc2014/dpl/netmap-ipfwjit/sys/netpfil/ipfw/ip_fw_rules.h Wed Aug 13 15:50:16 2014 (r272368) +++ soc2014/dpl/netmap-ipfwjit/sys/netpfil/ipfw/ip_fw_rules.h Wed Aug 13 16:52:52 2014 (r272369) @@ -59,6 +59,7 @@ // Functions used by JIT, external. int printf(const char * restrict format, ...); +int ipfw_find_rule(struct ip_fw_chain *chain, uint32_t key, uint32_t id); static VNET_DEFINE(int, fw_deny_unknown_exthdrs); #define V_fw_deny_unknown_exthdrs VNET(fw_deny_unknown_exthdrs) Modified: soc2014/dpl/netmap-ipfwjit/sys/netpfil/ipfw/jit.cc ============================================================================== --- soc2014/dpl/netmap-ipfwjit/sys/netpfil/ipfw/jit.cc Wed Aug 13 15:50:16 2014 (r272368) +++ soc2014/dpl/netmap-ipfwjit/sys/netpfil/ipfw/jit.cc Wed Aug 13 16:52:52 2014 (r272369) @@ -102,6 +102,7 @@ Function *inspect_pkt; // Auxiliary functions used by our JITed code. + // All this are used from our bitcode. Function *is_icmp_query; Function *flags_match; Function *ipopts_match; @@ -123,6 +124,7 @@ // Not pkg-filtering related funcs. Function *printfFunc; + Function *ipfw_find_rule; // Used structs. StructType *ifnetTy; @@ -172,7 +174,7 @@ // Create the needed variables to perform pkt filtering. void - setEnv(struct ip_fw_args *args, struct ip_fw_chain *chain) + setEnv() { // Get function arguments. // (struct ip_fw_args *, struct ip_fw_chain *) @@ -245,6 +247,10 @@ check_uidgid = mod->getFunction("check_uidgid"); set_match = mod->getFunction("set_match"); jump_fast = mod->getFunction("jump_fast"); + + // Functions declared at bitcode. + printfFunc = mod->getFunction("printf"); + ipfw_find_rule = mod->getFunction("ipfw_find_rule"); } // Allocate and initialize vars. @@ -371,6 +377,55 @@ irb.CreateRet(ConstantInt::get(int32Ty, IP_FW_DENY)); } + void + emit_check_tag() + { + BasicBlock *tagged, *nottagged; + BasicBlock *yes, *no; + + // if (args->rule.slot) { + // /* + // * Packet has already been tagged as a result of a previous + // * match on rule args->rule aka args->rule_id (PIPE, QUEUE, + // * REASS, NETGRAPH, DIVERT/TEE...) + // * Validate the slot and continue from the next one + // * if still present, otherwise do a lookup. + // */ + // f_pos = (args->rule.chain_id == chain->id) ? + // args->rule.slot : + // ipfw_find_rule(chain, args->rule.rulenum, + // args->rule.rule_id); + // } else { + // f_pos = 0; + // } + + irb.SetInsertPoint(check_tag); + + // if (args->rule.slot) + irb.CreateCondBr(irb.CreateICmpEQ(irb.CreateInBoundsGEP(argsptr, {ConstantInt::get(int32Ty, 4),ConstantInt::get(int32Ty, 0)}), ConstantInt::get(int32Ty, 0)), nottagged, tagged); + // if (args->rule.chain_id == chain->id) + irb.SetInsertPoint(tagged); + irb.CreateCondBr(irb.CreateICmpEQ(irb.CreateInBoundsGEP(argsptr, {ConstantInt::get(int32Ty, 4), ConstantInt::get(int32Ty, 3)}), irb.CreateInBoundsGEP(chainptr, ConstantInt::get(int32Ty, 12))), yes, no); + + // f_pos = args->rule.slot; + irb.SetInsertPoint(yes); + irb.CreateStore(irb.CreateInBoundsGEP(argsptr, {ConstantInt::get(int32Ty, 4),ConstantInt::get(int32Ty, 0)}), f_pos); + irb.CreateBr(nottagged); + + // else fpos = ipfw_find_rule(chain, args->rule.rulenum, args->rule.rule_id) + irb.SetInsertPoint(no); + irb.CreateStore(irb.CreateCall3(ipfw_find_rule, chainptr, irb.CreateInBoundsGEP(argsptr, {ConstantInt::get(int32Ty, 4), ConstantInt::get(int32Ty, 1)}), irb.CreateInBoundsGEP(argsptr, {ConstantInt::get(int32Ty, 4), ConstantInt::get(int32Ty, 2)})), f_pos); + + // Branch to nottagged because it + // only finishes the check_tag BasicBlock. + irb.CreateBr(nottagged); + + // else f_pos = 0; + // Since f_pos is initialized by default as 0, we only br. + irb.SetInsertPoint(nottagged); + irb.CreateBr(startrules); + } + public: ipfwJIT(struct ip_fw_args *args, struct ip_fw_chain *chain): irb(con) { @@ -380,8 +435,6 @@ func = mod->getFunction("ipfw_chk_jit"); func->setLinkage(GlobalValue::ExternalLinkage); - printfFunc = mod->getFunction("printf"); - // Create statics BasicBlocks. entry = BasicBlock::Create(con, "entry", func); pullup_failed = BasicBlock::Create(con, "pullup_failed", func);