Module Name: src
Committed By: rmind
Date: Sat Nov 23 19:32:20 UTC 2013
Modified Files:
src/sys/net/npf: npf_bpf.c npf_impl.h npf_ruleset.c
Log Message:
Move initialisation of bpf_args_t into the npf_ruleset_inspect().
This allows us to reuse the BPF memory store as a cache.
To generate a diff of this commit:
cvs rdiff -u -r1.4 -r1.5 src/sys/net/npf/npf_bpf.c
cvs rdiff -u -r1.42 -r1.43 src/sys/net/npf/npf_impl.h
cvs rdiff -u -r1.28 -r1.29 src/sys/net/npf/npf_ruleset.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/net/npf/npf_bpf.c
diff -u src/sys/net/npf/npf_bpf.c:1.4 src/sys/net/npf/npf_bpf.c:1.5
--- src/sys/net/npf/npf_bpf.c:1.4 Sat Nov 16 01:18:58 2013
+++ src/sys/net/npf/npf_bpf.c Sat Nov 23 19:32:20 2013
@@ -1,4 +1,4 @@
-/* $NetBSD: npf_bpf.c,v 1.4 2013/11/16 01:18:58 rmind Exp $ */
+/* $NetBSD: npf_bpf.c,v 1.5 2013/11/23 19:32:20 rmind Exp $ */
/*-
* Copyright (c) 2009-2013 The NetBSD Foundation, Inc.
@@ -34,7 +34,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: npf_bpf.c,v 1.4 2013/11/16 01:18:58 rmind Exp $");
+__KERNEL_RCSID(0, "$NetBSD: npf_bpf.c,v 1.5 2013/11/23 19:32:20 rmind Exp $");
#include <sys/types.h>
#include <sys/param.h>
@@ -74,33 +74,26 @@ npf_bpf_sysfini(void)
}
int
-npf_bpf_filter(npf_cache_t *npc, nbuf_t *nbuf,
- const void *code, bpfjit_func_t jcode)
+npf_bpf_filter(bpf_args_t *args, const void *code, bpfjit_func_t jcode)
{
- const struct mbuf *m = nbuf_head_mbuf(nbuf);
- const size_t pktlen = m_length(m);
- bpf_args_t args = {
- .pkt = m,
- .wirelen = pktlen,
- .buflen = 0,
- .arg = npc
- };
-
- memset(args.mem, 0, sizeof(uint32_t) * BPF_MEMWORDS);
-
- /* Execute JIT code. */
+#if 0
+ /* Execute JIT-compiled code. */
if (__predict_true(jcode)) {
- return jcode((const unsigned char *)m, pktlen, 0);
+ return jcode(npf_bpfctx, args);
}
-
+#endif
/* Execute BPF byte-code. */
- return bpf_filter_ext(npf_bpfctx, code, &args);
+ return bpf_filter_ext(npf_bpfctx, code, args);
}
void *
npf_bpf_compile(void *code, size_t size)
{
+#if 0
return bpf_jit_generate(npf_bpfctx, code, size);
+#else
+ return NULL;
+#endif
}
bool
Index: src/sys/net/npf/npf_impl.h
diff -u src/sys/net/npf/npf_impl.h:1.42 src/sys/net/npf/npf_impl.h:1.43
--- src/sys/net/npf/npf_impl.h:1.42 Fri Nov 22 01:24:21 2013
+++ src/sys/net/npf/npf_impl.h Sat Nov 23 19:32:20 2013
@@ -1,4 +1,4 @@
-/* $NetBSD: npf_impl.h,v 1.42 2013/11/22 01:24:21 rmind Exp $ */
+/* $NetBSD: npf_impl.h,v 1.43 2013/11/23 19:32:20 rmind Exp $ */
/*-
* Copyright (c) 2009-2013 The NetBSD Foundation, Inc.
@@ -207,8 +207,7 @@ bool npf_return_block(npf_cache_t *, nb
/* BPF interface. */
void npf_bpf_sysinit(void);
void npf_bpf_sysfini(void);
-int npf_bpf_filter(npf_cache_t *, nbuf_t *,
- const void *, bpfjit_func_t);
+int npf_bpf_filter(bpf_args_t *, const void *, bpfjit_func_t);
void * npf_bpf_compile(void *, size_t);
bool npf_bpf_validate(const void *, size_t);
Index: src/sys/net/npf/npf_ruleset.c
diff -u src/sys/net/npf/npf_ruleset.c:1.28 src/sys/net/npf/npf_ruleset.c:1.29
--- src/sys/net/npf/npf_ruleset.c:1.28 Sat Nov 16 01:18:58 2013
+++ src/sys/net/npf/npf_ruleset.c Sat Nov 23 19:32:20 2013
@@ -1,4 +1,4 @@
-/* $NetBSD: npf_ruleset.c,v 1.28 2013/11/16 01:18:58 rmind Exp $ */
+/* $NetBSD: npf_ruleset.c,v 1.29 2013/11/23 19:32:20 rmind Exp $ */
/*-
* Copyright (c) 2009-2013 The NetBSD Foundation, Inc.
@@ -34,7 +34,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: npf_ruleset.c,v 1.28 2013/11/16 01:18:58 rmind Exp $");
+__KERNEL_RCSID(0, "$NetBSD: npf_ruleset.c,v 1.29 2013/11/23 19:32:20 rmind Exp $");
#include <sys/param.h>
#include <sys/types.h>
@@ -659,14 +659,14 @@ npf_rule_setnat(npf_rule_t *rl, npf_natp
/*
* npf_rule_inspect: match the interface, direction and run the filter code.
- * Returns true if rule matches, false otherise.
+ * Returns true if rule matches and false otherwise.
*/
static inline bool
-npf_rule_inspect(npf_cache_t *npc, nbuf_t *nbuf, const npf_rule_t *rl,
- const int di_mask, const int layer)
+npf_rule_inspect(const npf_rule_t *rl, bpf_args_t *bc_args,
+ const int di_mask, const u_int ifid)
{
/* Match the interface. */
- if (rl->r_ifid && rl->r_ifid != nbuf->nb_ifid) {
+ if (rl->r_ifid && rl->r_ifid != ifid) {
return false;
}
@@ -683,7 +683,7 @@ npf_rule_inspect(npf_cache_t *npc, nbuf_
return true;
}
KASSERT(rl->r_type == NPF_CODE_BPF);
- return npf_bpf_filter(npc, nbuf, rl->r_code, rl->r_jcode) != 0;
+ return npf_bpf_filter(bc_args, rl->r_code, rl->r_jcode) != 0;
}
/*
@@ -691,15 +691,15 @@ npf_rule_inspect(npf_cache_t *npc, nbuf_
* This is only for the dynamic rules. Subrules cannot have nested rules.
*/
static npf_rule_t *
-npf_rule_reinspect(npf_cache_t *npc, nbuf_t *nbuf, const npf_rule_t *drl,
- const int di_mask, const int layer)
+npf_rule_reinspect(const npf_rule_t *drl, bpf_args_t *bc_args,
+ const int di_mask, const u_int ifid)
{
npf_rule_t *final_rl = NULL, *rl;
KASSERT(NPF_DYNAMIC_GROUP_P(drl->r_attr));
TAILQ_FOREACH(rl, &drl->r_subset, r_entry) {
- if (!npf_rule_inspect(npc, nbuf, rl, di_mask, layer)) {
+ if (!npf_rule_inspect(rl, bc_args, di_mask, ifid)) {
continue;
}
if (rl->r_attr & NPF_RULE_FINAL) {
@@ -724,9 +724,16 @@ npf_ruleset_inspect(npf_cache_t *npc, nb
{
const int di_mask = (di & PFIL_IN) ? NPF_RULE_IN : NPF_RULE_OUT;
const u_int nitems = rlset->rs_nitems;
+ const u_int ifid = nbuf->nb_ifid;
npf_rule_t *final_rl = NULL;
+ bpf_args_t bc_args;
u_int n = 0;
+ memset(&bc_args, 0, sizeof(bpf_args_t));
+ bc_args.pkt = nbuf_head_mbuf(nbuf);
+ bc_args.wirelen = m_length(bc_args.pkt);
+ bc_args.arg = npc;
+
KASSERT(((di & PFIL_IN) != 0) ^ ((di & PFIL_OUT) != 0));
while (n < nitems) {
@@ -744,7 +751,7 @@ npf_ruleset_inspect(npf_cache_t *npc, nb
}
/* Main inspection of the rule. */
- if (!npf_rule_inspect(npc, nbuf, rl, di_mask, layer)) {
+ if (!npf_rule_inspect(rl, &bc_args, di_mask, ifid)) {
n = skip_to;
continue;
}
@@ -754,7 +761,7 @@ npf_ruleset_inspect(npf_cache_t *npc, nb
* If this is a dynamic rule, re-inspect the subrules.
* If it has any matching rule, then it is final.
*/
- rl = npf_rule_reinspect(npc, nbuf, rl, di_mask, layer);
+ rl = npf_rule_reinspect(rl, &bc_args, di_mask, ifid);
if (rl != NULL) {
final_rl = rl;
break;
