From owner-p4-projects@FreeBSD.ORG  Mon Jul 21 09:58:25 2008
Return-Path: <owner-p4-projects@FreeBSD.ORG>
Delivered-To: p4-projects@freebsd.org
Received: by hub.freebsd.org (Postfix, from userid 32767)
	id 7C9AA106567C; Mon, 21 Jul 2008 09:58:25 +0000 (UTC)
Delivered-To: perforce@FreeBSD.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 407751065678
	for <perforce@FreeBSD.org>; Mon, 21 Jul 2008 09:58:25 +0000 (UTC)
	(envelope-from gk@FreeBSD.org)
Received: from repoman.freebsd.org (repoman.freebsd.org
	[IPv6:2001:4f8:fff6::29])
	by mx1.freebsd.org (Postfix) with ESMTP id 209348FC15
	for <perforce@FreeBSD.org>; Mon, 21 Jul 2008 09:58:25 +0000 (UTC)
	(envelope-from gk@FreeBSD.org)
Received: from repoman.freebsd.org (localhost [127.0.0.1])
	by repoman.freebsd.org (8.14.1/8.14.1) with ESMTP id m6L9wPaH084444
	for <perforce@FreeBSD.org>; Mon, 21 Jul 2008 09:58:25 GMT
	(envelope-from gk@FreeBSD.org)
Received: (from perforce@localhost)
	by repoman.freebsd.org (8.14.2/8.14.1/Submit) id m6L9wPGU084442
	for perforce@freebsd.org; Mon, 21 Jul 2008 09:58:25 GMT
	(envelope-from gk@FreeBSD.org)
Date: Mon, 21 Jul 2008 09:58:25 GMT
Message-Id: <200807210958.m6L9wPGU084442@repoman.freebsd.org>
X-Authentication-Warning: repoman.freebsd.org: perforce set sender to
	gk@FreeBSD.org using -f
From: Gleb Kurtsou <gk@FreeBSD.org>
To: Perforce Change Reviews <perforce@FreeBSD.org>
Cc: 
Subject: PERFORCE change 145550 for review
X-BeenThere: p4-projects@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: p4 projects tree changes <p4-projects.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/p4-projects>,
	<mailto:p4-projects-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/p4-projects>
List-Post: <mailto:p4-projects@freebsd.org>
List-Help: <mailto:p4-projects-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/p4-projects>,
	<mailto:p4-projects-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 21 Jul 2008 09:58:25 -0000

http://perforce.freebsd.org/chv.cgi?CH=145550

Change 145550 by gk@gk_h1 on 2008/07/21 09:57:25

	add src_ether and dst_ether to struct pf_pdesc
	use pf_addr_ether to compare addresses in pf_match_addr_ether

Affected files ...

.. //depot/projects/soc2008/gk_l2filter/sys-pf/net/pf.c#3 edit
.. //depot/projects/soc2008/gk_l2filter/sys-pf/net/pfvar.h#3 edit

Differences ...

==== //depot/projects/soc2008/gk_l2filter/sys-pf/net/pf.c#3 (text+ko) ====

@@ -335,7 +335,7 @@
 			    kif, &key, PF_LAN_EXT);			\
 		if (*state == NULL || (*state)->timeout == PFTM_PURGE)	\
 			return (PF_DROP);				\
-		if (!pf_state_check_ether(*state, pd, direction))	\
+		if (!pf_state_match_addr_ether(*state, pd, direction))	\
 			return (PF_DROP);				\
 		if (direction == PF_OUT &&				\
 		    (((*state)->rule.ptr->rt == PF_ROUTETO &&		\
@@ -702,7 +702,7 @@
 }
 
 static __inline int
-pf_addr_ether_pass(struct pf_addr_ether *want, u_int8_t *ea)
+pf_match_addr_ether(struct pf_addr_ether *want, struct pf_addr_ether *a, int match_empty)
 {
 	static struct pf_addr_ether mask = {
 		.octet = { 0xff, 0xff, 0xff, 0xff, 0xff,0xff },
@@ -710,41 +710,33 @@
 	};
 	if ((want->flags & PFAE_CHECK) == 0)
 		return (1);
+	if ((a->flags & PFAE_CHECK) == 0)
+		return (match_empty);
 	if (want->flags & PFAE_MULTICAST) {
-		return (ETHER_IS_MULTICAST(ea));
+		return (ETHER_IS_MULTICAST(a->octet));
 	}
 	
-#define EA_CMP(a) (*((u_int64_t*)(a)) & *((u_int64_t*)&mask))
-	return (EA_CMP(want) == EA_CMP(ea));
+#define EA_CMP(x) (*((u_int64_t*)(x)) & *((u_int64_t*)&mask))
+	return (EA_CMP(want) == EA_CMP(a));
 #undef EA_CMP
 }
 
 static __inline int
-pf_rule_check_ether(struct pf_rule *r, struct pf_pdesc *pd)
+pf_rule_match_addr_ether(struct pf_rule *r, struct pf_pdesc *pd)
 {
-	if (!pd->eh) {
-		if ((r->src.addr_ether.flags & PFAE_CHECK) || 
-				(r->dst.addr_ether.flags & PFAE_CHECK))
-			return (0);
-		return (1);
-	}
-
-	if (pf_addr_ether_pass(&r->src.addr_ether, pd->eh->ether_shost) &&
-		pf_addr_ether_pass(&r->dst.addr_ether, pd->eh->ether_dhost))
+	if (pf_match_addr_ether(&r->src.addr_ether, &pd->src_ether, 0) &&
+		pf_match_addr_ether(&r->dst.addr_ether, &pd->dst_ether, 0))
 		return (1);
 
 	return (0);
 }
 
 static __inline int
-pf_state_check_ether(struct pf_state *state, struct pf_pdesc *pd, int direction)
+pf_state_match_addr_ether(struct pf_state *state, struct pf_pdesc *pd, int direction)
 {
 	struct pf_rule 		*r;
 	struct pf_addr_ether	*src, *dst;
 
-	if (!pd->eh)
-		return (1);
-
 	r = state->rule.ptr;
 
 	if (direction == state->direction) {
@@ -755,8 +747,8 @@
 		dst = &r->src.addr_ether;
 	}
 
-	if (pf_addr_ether_pass(src, pd->eh->ether_shost) &&
-		pf_addr_ether_pass(dst, pd->eh->ether_dhost))
+	if (pf_match_addr_ether(src, &pd->src_ether, 1) &&
+		pf_match_addr_ether(dst, &pd->dst_ether, 1))
 		return (1);
 
 	return (0);
@@ -3419,7 +3411,7 @@
 		else if (r->os_fingerprint != PF_OSFP_ANY && !pf_osfp_match(
 		    pf_osfp_fingerprint(pd, m, off, th), r->os_fingerprint))
 			r = TAILQ_NEXT(r, entries);
-		else if (!pf_rule_check_ether(r, pd))
+		else if (!pf_rule_match_addr_ether(r, pd))
 			r = TAILQ_NEXT(r, entries);
 		else {
 			if (r->tag)
@@ -3840,7 +3832,7 @@
 			r = TAILQ_NEXT(r, entries);
 		else if (r->os_fingerprint != PF_OSFP_ANY)
 			r = TAILQ_NEXT(r, entries);
-		else if (!pf_rule_check_ether(r, pd))
+		else if (!pf_rule_match_addr_ether(r, pd))
 			r = TAILQ_NEXT(r, entries);
 		else {
 			if (r->tag)
@@ -4179,7 +4171,7 @@
 			r = TAILQ_NEXT(r, entries);
 		else if (r->os_fingerprint != PF_OSFP_ANY)
 			r = TAILQ_NEXT(r, entries);
-		else if (!pf_rule_check_ether(r, pd))
+		else if (!pf_rule_match_addr_ether(r, pd))
 			r = TAILQ_NEXT(r, entries);
 		else {
 			if (r->tag)
@@ -4440,7 +4432,7 @@
 			r = TAILQ_NEXT(r, entries);
 		else if (r->os_fingerprint != PF_OSFP_ANY)
 			r = TAILQ_NEXT(r, entries);
-		else if (!pf_rule_check_ether(r, pd))
+		else if (!pf_rule_match_addr_ether(r, pd))
 			r = TAILQ_NEXT(r, entries);
 		else {
 			if (r->tag)
@@ -4667,7 +4659,7 @@
 			r = TAILQ_NEXT(r, entries);
 		else if (r->match_tag && !pf_match_tag(m, r, pd->pf_mtag, &tag))
 			r = TAILQ_NEXT(r, entries);
-		else if (!pf_rule_check_ether(r, pd))
+		else if (!pf_rule_match_addr_ether(r, pd))
 			r = TAILQ_NEXT(r, entries);
 		else {
 			if (r->anchor == NULL) {
@@ -6921,6 +6913,12 @@
 	pd.tos = h->ip_tos;
 	pd.tot_len = ntohs(h->ip_len);
 	pd.eh = eh;
+	if (eh) {
+		memcpy(pd.src_ether.octet, eh->ether_shost, ETHER_ADDR_LEN);
+		pd.src_ether.flags = PFAE_CHECK;
+		memcpy(pd.dst_ether.octet, eh->ether_dhost, ETHER_ADDR_LEN);
+		pd.dst_ether.flags = PFAE_CHECK;
+	}
 
 	/* handle fragments that didn't get reassembled by normalization */
 	if (h->ip_off & htons(IP_MF | IP_OFFMASK)) {

==== //depot/projects/soc2008/gk_l2filter/sys-pf/net/pfvar.h#3 (text+ko) ====

@@ -1063,6 +1063,10 @@
 	struct pf_addr	*dst;
 	struct ether_header
 			*eh;
+	struct pf_addr_ether
+			 src_ether;
+	struct pf_addr_ether
+			 dst_ether;
 	struct pf_mtag	*pf_mtag;
 	u_int16_t	*ip_sum;
 	u_int32_t	 p_len;		/* total length of payload */