From owner-svn-soc-all@FreeBSD.ORG Fri Sep 5 11:18:11 2014 Return-Path: Delivered-To: svn-soc-all@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 2BB8CEEC for ; Fri, 5 Sep 2014 11:18:11 +0000 (UTC) Received: from socsvn.freebsd.org (socsvn.freebsd.org [IPv6:2001:1900:2254:206a::50:2]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 1746114A4 for ; Fri, 5 Sep 2014 11:18:11 +0000 (UTC) Received: from socsvn.freebsd.org ([127.0.1.124]) by socsvn.freebsd.org (8.14.9/8.14.9) with ESMTP id s85BIAJQ073069 for ; Fri, 5 Sep 2014 11:18:10 GMT (envelope-from dpl@FreeBSD.org) Received: (from www@localhost) by socsvn.freebsd.org (8.14.9/8.14.9/Submit) id s85BIAw7073065 for svn-soc-all@FreeBSD.org; Fri, 5 Sep 2014 11:18:10 GMT (envelope-from dpl@FreeBSD.org) Date: Fri, 5 Sep 2014 11:18:10 GMT Message-Id: <201409051118.s85BIAw7073065@socsvn.freebsd.org> X-Authentication-Warning: socsvn.freebsd.org: www set sender to dpl@FreeBSD.org using -f From: dpl@FreeBSD.org To: svn-soc-all@FreeBSD.org Subject: socsvn commit: r273685 - soc2014/dpl/netmap-ipfwjit/sys/netpfil/ipfw MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-soc-all@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: SVN commit messages for the entire Summer of Code repository List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 05 Sep 2014 11:18:11 -0000 Author: dpl Date: Fri Sep 5 11:18:09 2014 New Revision: 273685 URL: http://svnweb.FreeBSD.org/socsvn/?view=rev&rev=273685 Log: Moved JIT compilation to the ipfw_chk handler. Modified: soc2014/dpl/netmap-ipfwjit/sys/netpfil/ipfw/ip_fw2.c soc2014/dpl/netmap-ipfwjit/sys/netpfil/ipfw/ip_fw_pfil.c Modified: soc2014/dpl/netmap-ipfwjit/sys/netpfil/ipfw/ip_fw2.c ============================================================================== --- soc2014/dpl/netmap-ipfwjit/sys/netpfil/ipfw/ip_fw2.c Fri Sep 5 07:42:34 2014 (r273684) +++ soc2014/dpl/netmap-ipfwjit/sys/netpfil/ipfw/ip_fw2.c Fri Sep 5 11:18:09 2014 (r273685) @@ -124,12 +124,6 @@ /* Use 128 tables by default */ static unsigned int default_fw_tables = IPFW_TABLES_DEFAULT; -/* JIT compiling API */ -funcptr compile_code(struct ip_fw_args *, struct ip_fw_chain *); - -/* Pointer to the actual compiled code */ -int (*compiledfuncptr)(struct ip_fw_args *, struct ip_fw_chain *) = 0; - /* * Each rule belongs to one of 32 different sets (0..31). * The variable set_disable contains one bit per set. @@ -271,19 +265,6 @@ args->f_id.fib = M_GETFIB(m); /* note mbuf not altered) */ - - /* If we haven't, JIT-compile the actions to be executed per-rule */ - if (compiledfuncptr == 0) { - IPFW_PF_RLOCK(chain); - if (! V_ipfw_vnet_ready) { /* shutting down, leave NOW. */ - IPFW_PF_RUNLOCK(chain); - return (IP_FW_PASS); /* accept */ - } - compiledfuncptr = compile_code(args, chain); - IPFW_PF_RUNLOCK(chain); - } else - return compiledfuncptr(args, chain); - /* * Local variables holding state while processing a packet: * Modified: soc2014/dpl/netmap-ipfwjit/sys/netpfil/ipfw/ip_fw_pfil.c ============================================================================== --- soc2014/dpl/netmap-ipfwjit/sys/netpfil/ipfw/ip_fw_pfil.c Fri Sep 5 07:42:34 2014 (r273684) +++ soc2014/dpl/netmap-ipfwjit/sys/netpfil/ipfw/ip_fw_pfil.c Fri Sep 5 11:18:09 2014 (r273685) @@ -87,8 +87,19 @@ int ipfw_check_frame(void *, struct mbuf **, struct ifnet *, int, struct inpcb *); -#ifdef SYSCTL_NODE +/* JIT compilation */ +typedef int (*funcptr)(); +funcptr compile_code(struct ip_fw_args *, struct ip_fw_chain *); +/* Pointer to the actual compiled code */ +int (*compiledfuncptr)(struct ip_fw_args *, struct ip_fw_chain *) = 0; +struct ip_fw_chain *chain = &V_layer3_chain; + +/* ipfw_vnet_ready controls when we are open for business */ +VNET_DEFINE(int, ipfw_vnet_ready); +#define V_ipfw_vnet_ready VNET(ipfw_vnet_ready) + +#ifdef SYSCTL_NODE SYSBEGIN(f1) SYSCTL_DECL(_net_inet_ip_fw); @@ -108,10 +119,38 @@ ipfw_chg_hook, "I", "Pass ether pkts through firewall"); SYSEND - #endif /* SYSCTL_NODE */ /* + * Handles the compilation and execution of the + * JIT compiled code. + * + * dpl TODO: Threaded compilation. + */ +int +ipfw_chk_wrapper(struct ip_fw_args *args) +{ + int ret; + + /* If we haven't, JIT-compile the actions to be executed per-rule */ + if (compiledfuncptr == 0) { + IPFW_PF_RLOCK(chain); + if (! V_ipfw_vnet_ready) { /* shutting down, leave NOW. */ + IPFW_PF_RUNLOCK(chain); + return (IP_FW_PASS); /* accept */ + } + compiledfuncptr = compile_code(args, chain); + ret = compiledfuncptr(args, chain); + IPFW_PF_RUNLOCK(chain); + } else { + IPFW_PF_RLOCK(chain); + ret = compiledfuncptr(args, chain); + IPFW_PF_RUNLOCK(chain); + } + return (ret); +} + +/* * The pfilter hook to pass packets to ipfw_chk and then to * dummynet, divert, netgraph or other modules. * The packet may be consumed. @@ -146,7 +185,7 @@ args.oif = dir == DIR_OUT ? ifp : NULL; args.inp = inp; - ipfw = ipfw_chk(&args); + ipfw = ipfw_chk_wrapper(&args); *m0 = args.m; KASSERT(*m0 != NULL || ipfw == IP_FW_DENY, ("%s: m0 is NULL", @@ -339,7 +378,7 @@ args.next_hop6 = NULL; /* we do not support forward yet */ args.eh = &save_eh; /* MAC header for bridged/MAC packets */ args.inp = NULL; /* used by ipfw uid/gid/jail rules */ - i = ipfw_chk(&args); + i = ipfw_chk_wrapper(&args); m = args.m; if (m != NULL) { /*