Author: ae
Date: Tue Nov 10 12:13:18 2020
New Revision: 367553
URL: https://svnweb.freebsd.org/changeset/base/367553
Log:
MFC r366908 (modified for stable/12 KBI):
Add dtrace SDT probe ipfw:::rule-matched.
It helps to reduce complexity with debugging of large ipfw rulesets.
Also define several constants and translators, that can by used by
dtrace scripts with this probe.
Obtained from: Yandex LLC
Sponsored by: Yandex LLC
Differential Revision: https://reviews.freebsd.org/D26879
Added:
stable/12/share/dtrace/ipfw.d
- copied, changed from r366908, head/share/dtrace/ipfw.d
Modified:
stable/12/share/dtrace/Makefile
stable/12/sys/netpfil/ipfw/ip_fw2.c
Directory Properties:
stable/12/ (props changed)
Modified: stable/12/share/dtrace/Makefile
==============================================================================
--- stable/12/share/dtrace/Makefile Tue Nov 10 11:32:01 2020
(r367552)
+++ stable/12/share/dtrace/Makefile Tue Nov 10 12:13:18 2020
(r367553)
@@ -21,7 +21,7 @@ SCRIPTS= blocking \
SCRIPTSDIR= ${SHAREDIR}/dtrace
-DSRCS= mbuf.d
+DSRCS= mbuf.d ipfw.d
FILES= ${DSRCS}
FILESDIR= /usr/lib/dtrace
Copied and modified: stable/12/share/dtrace/ipfw.d (from r366908,
head/share/dtrace/ipfw.d)
==============================================================================
--- head/share/dtrace/ipfw.d Wed Oct 21 15:01:33 2020 (r366908, copy
source)
+++ stable/12/share/dtrace/ipfw.d Tue Nov 10 12:13:18 2020
(r367553)
@@ -68,29 +68,17 @@ inline string ipfw_retcodes[int ret] =
/* ip_fw_args flags */
#pragma D binding "1.0" IPFW_ARGS_ETHER
-inline int IPFW_ARGS_ETHER = 0x00010000; /* valid ethernet header */
+inline int IPFW_ARGS_ETHER = 0x0001; /* valid ethernet header */
#pragma D binding "1.0" IPFW_ARGS_NH4
-inline int IPFW_ARGS_NH4 = 0x00020000; /* IPv4 next hop in hopstore */
+inline int IPFW_ARGS_NH4 = 0x0002; /* IPv4 next hop in hopstore */
#pragma D binding "1.0" IPFW_ARGS_NH6
-inline int IPFW_ARGS_NH6 = 0x00040000; /* IPv6 next hop in hopstore */
+inline int IPFW_ARGS_NH6 = 0x0004; /* IPv6 next hop in hopstore */
#pragma D binding "1.0" IPFW_ARGS_NH4PTR
-inline int IPFW_ARGS_NH4PTR = 0x00080000; /* IPv4 next hop in next_hop */
+inline int IPFW_ARGS_NH4PTR = 0x0008; /* IPv4 next hop in next_hop */
#pragma D binding "1.0" IPFW_ARGS_NH6PTR
-inline int IPFW_ARGS_NH6PTR = 0x00100000; /* IPv6 next hop in next_hop6 */
+inline int IPFW_ARGS_NH6PTR = 0x0010; /* IPv6 next hop in next_hop6 */
#pragma D binding "1.0" IPFW_ARGS_REF
-inline int IPFW_ARGS_REF = 0x00200000; /* valid ipfw_rule_ref */
-#pragma D binding "1.0" IPFW_ARGS_IN
-inline int IPFW_ARGS_IN = 0x00400000; /* called on input */
-#pragma D binding "1.0" IPFW_ARGS_OUT
-inline int IPFW_ARGS_OUT = 0x00800000; /* called on output */
-#pragma D binding "1.0" IPFW_ARGS_IP4
-inline int IPFW_ARGS_IP4 = 0x01000000; /* belongs to v4 ISR */
-#pragma D binding "1.0" IPFW_ARGS_IP6
-inline int IPFW_ARGS_IP6 = 0x02000000; /* belongs to v6 ISR */
-#pragma D binding "1.0" IPFW_ARGS_DROP
-inline int IPFW_ARGS_DROP = 0x04000000; /* drop it (dummynet) */
-#pragma D binding "1.0" IPFW_ARGS_LENMASK
-inline int IPFW_ARGS_LENMASK = 0x0000ffff; /* length of data in *mem */
+inline int IPFW_ARGS_REF = 0x0020; /* valid ipfw_rule_ref */
/* ipfw_rule_ref.info */
#pragma D binding "1.0" IPFW_INFO_MASK
@@ -147,17 +135,13 @@ typedef struct ipfw_match_info {
#pragma D binding "1.0" translator
translator ipfw_match_info_t < struct ip_fw_args *p > {
flags = p->flags;
- m = (p->flags & IPFW_ARGS_LENMASK) ? NULL : p->m;
- mem = (p->flags & IPFW_ARGS_LENMASK) ? p->mem : NULL;
+ m = p->m;
+ mem = NULL;
inp = p->inp;
- ifp = p->ifp;
+ ifp = p->oif;
/* Initialize IP pointer corresponding to addr_type */
- ipp = (p->flags & IPFW_ARGS_IP4) ?
- (p->flags & IPFW_ARGS_LENMASK) ? (struct ip *)p->mem :
- (p->m != NULL) ? (struct ip *)p->m->m_data : NULL : NULL;
- ip6p = (p->flags & IPFW_ARGS_IP6) ?
- (p->flags & IPFW_ARGS_LENMASK) ? (struct ip6_hdr *)p->mem :
- (p->m != NULL) ? (struct ip6_hdr *)p->m->m_data : NULL : NULL;
+ ipp = (p->m != NULL) ? (struct ip *)p->m->m_data : NULL;
+ ip6p = (p->m != NULL) ? (struct ip6_hdr *)p->m->m_data : NULL;
/* fill f_id fields */
addr_type = p->f_id.addr_type;
Modified: stable/12/sys/netpfil/ipfw/ip_fw2.c
==============================================================================
--- stable/12/sys/netpfil/ipfw/ip_fw2.c Tue Nov 10 11:32:01 2020
(r367552)
+++ stable/12/sys/netpfil/ipfw/ip_fw2.c Tue Nov 10 12:13:18 2020
(r367553)
@@ -55,6 +55,7 @@ __FBSDID("$FreeBSD$");
#include <sys/proc.h>
#include <sys/rwlock.h>
#include <sys/rmlock.h>
+#include <sys/sdt.h>
#include <sys/socket.h>
#include <sys/socketvar.h>
#include <sys/sysctl.h>
@@ -105,6 +106,18 @@ __FBSDID("$FreeBSD$");
#include <security/mac/mac_framework.h>
#endif
+#define IPFW_PROBE(probe, arg0, arg1, arg2, arg3, arg4, arg5)
\
+ SDT_PROBE6(ipfw, , , probe, arg0, arg1, arg2, arg3, arg4, arg5)
+
+SDT_PROVIDER_DEFINE(ipfw);
+SDT_PROBE_DEFINE6(ipfw, , , rule__matched,
+ "int", /* retval */
+ "int", /* af */
+ "void *", /* src addr */
+ "void *", /* dst addr */
+ "struct ip_fw_args *", /* args */
+ "struct ip_fw *" /* rule */);
+
/*
* static variables followed by global ones.
* All ipfw global variables are here.
@@ -3188,6 +3201,13 @@ do { \
struct ip_fw *rule = chain->map[f_pos];
/* Update statistics */
IPFW_INC_RULE_COUNTER(rule, pktlen);
+ IPFW_PROBE(rule__matched, retval,
+ is_ipv4 ? AF_INET : AF_INET6,
+ is_ipv4 ? (uintptr_t)&src_ip :
+ (uintptr_t)&args->f_id.src_ip6,
+ is_ipv4 ? (uintptr_t)&dst_ip :
+ (uintptr_t)&args->f_id.dst_ip6,
+ args, rule);
} else {
retval = IP_FW_DENY;
printf("ipfw: ouch!, skip past end of rules, denying packet\n");
_______________________________________________
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
