Date: Wed, 30 Jul 2014 11:06:00 GMT From: dpl@FreeBSD.org To: svn-soc-all@FreeBSD.org Subject: socsvn commit: r271600 - soc2014/dpl/netmap-ipfwjit/sys/netpfil/ipfw Message-ID: <201407301106.s6UB60KA004332@socsvn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: dpl Date: Wed Jul 30 11:05:59 2014 New Revision: 271600 URL: http://svnweb.FreeBSD.org/socsvn/?view=rev&rev=271600 Log: Refactored some of the ip_fw2.c code, to be compiled to bitcode and used by the JIT Modified: soc2014/dpl/netmap-ipfwjit/sys/netpfil/ipfw/ip_fw2.c soc2014/dpl/netmap-ipfwjit/sys/netpfil/ipfw/ip_fw_rules.h soc2014/dpl/netmap-ipfwjit/sys/netpfil/ipfw/jit.cc Modified: soc2014/dpl/netmap-ipfwjit/sys/netpfil/ipfw/ip_fw2.c ============================================================================== --- soc2014/dpl/netmap-ipfwjit/sys/netpfil/ipfw/ip_fw2.c Wed Jul 30 09:17:40 2014 (r271599) +++ soc2014/dpl/netmap-ipfwjit/sys/netpfil/ipfw/ip_fw2.c Wed Jul 30 11:05:59 2014 (r271600) @@ -105,7 +105,7 @@ */ /* ipfw_vnet_ready controls when we are open for business */ -static VNET_DEFINE(int, ipfw_vnet_ready) = 0; +VNET_DEFINE(int, ipfw_vnet_ready) = 0; #define V_ipfw_vnet_ready VNET(ipfw_vnet_ready) static VNET_DEFINE(int, fw_deny_unknown_exthdrs); @@ -657,21 +657,7 @@ /* Returns -1 on error */ if (lockcheckvnet(chain)) return (IP_FW_PASS); - if (args->rule.slot) { - /* - * Packet has already been tagged as a result of a previous - * match on rule args->rule aka args->rule_id (PIPE, QUEUE, - * REASS, NETGRAPH, DIVERT/TEE...) - * Validate the slot and continue from the next one - * if still present, otherwise do a lookup. - */ - f_pos = (args->rule.chain_id == chain->id) ? - args->rule.slot : - ipfw_find_rule(chain, args->rule.rulenum, - args->rule.rule_id); - } else { - f_pos = 0; - } + getfpos(args, chain, &f_pos); /* * Now scan the rules, and parse microinstructions for each rule. @@ -1139,7 +1125,7 @@ retval = IP_FW_DENY; printf("ipfw: ouch!, skip past end of rules, denying packet\n"); } - IPFW_PF_RUNLOCK(chain); + unlockvnet(chain); #ifdef __FreeBSD__ if (ucred_cache != NULL) crfree(ucred_cache); Modified: soc2014/dpl/netmap-ipfwjit/sys/netpfil/ipfw/ip_fw_rules.h ============================================================================== --- soc2014/dpl/netmap-ipfwjit/sys/netpfil/ipfw/ip_fw_rules.h Wed Jul 30 09:17:40 2014 (r271599) +++ soc2014/dpl/netmap-ipfwjit/sys/netpfil/ipfw/ip_fw_rules.h Wed Jul 30 11:05:59 2014 (r271600) @@ -45,6 +45,9 @@ /* This macro needs the calling function to have a tablearg argument */ #define IP_FW_ARG_TABLEARG(a) (((a) == IP_FW_TABLEARG) ? tablearg : (a)) +/* Needed vars defined at ip_fw2.c */ +VNET_DECLARE(int, V_ipfw_vnet_ready); + /* * Auxiliar functions. */ @@ -1937,3 +1940,32 @@ return 0; } +static IPFW_RULES_INLINE void +unlockvnet(struct ip_fw_chain *chain) +{ + IPFW_PF_RUNLOCK(chain); +} + +/* + * Function to be called just after + * lockcheckvnet(); + */ +static IPFW_RULES_INLINE int +getfpos(struct ip_fw_args *args, struct ip_fw_chain *chain, int *f_pos) +{ + if (args->rule.slot) { + /* + * Packet has already been tagged as a result of a previous + * match on rule args->rule aka args->rule_id (PIPE, QUEUE, + * REASS, NETGRAPH, DIVERT/TEE...) + * Validate the slot and continue from the next one + * if still present, otherwise do a lookup. + */ + *f_pos = (args->rule.chain_id == chain->id) ? + args->rule.slot : + ipfw_find_rule(chain, args->rule.rulenum, + args->rule.rule_id); + } else { + *f_pos = 0; + } +} Modified: soc2014/dpl/netmap-ipfwjit/sys/netpfil/ipfw/jit.cc ============================================================================== --- soc2014/dpl/netmap-ipfwjit/sys/netpfil/ipfw/jit.cc Wed Jul 30 09:17:40 2014 (r271599) +++ soc2014/dpl/netmap-ipfwjit/sys/netpfil/ipfw/jit.cc Wed Jul 30 11:05:59 2014 (r271600) @@ -48,22 +48,32 @@ int loadStub(std::string funcname) { - return 0; + return (0); + } + + int + setVars() + { + return (0); } }; extern "C" funcptr compile_code(struct ip_fw_args *args) { - jitCompiler("ip_fw_rules.bc"); + struct ip_fw_chain *chain = &V_layer3_chain; - int f_pos = 0; /* index of current rule in the array */ + auto comp = jitCompiler("ip_fw_rules.bc"); - // Now I have to load the stubs of the loaded rules. + // XXX Now I have to load the stubs of the loaded rules. // For that, I need a table: RULE, "functname", #args + lockcheckvnet(chain); // Iterate through the rules. + /* When we're done, or if there's an error. */ + unlockvnet(chain); + /* // Get the stub (prototype) for the cell function F = Mod->getFunction("cell"); @@ -105,5 +115,5 @@ } */ - return 0; + return (0); }
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201407301106.s6UB60KA004332>