From owner-p4-projects@FreeBSD.ORG Wed Jun 4 18:43:43 2008 Return-Path: Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id 441141065672; Wed, 4 Jun 2008 18:43:43 +0000 (UTC) Delivered-To: perforce@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 05A77106566C for ; Wed, 4 Jun 2008 18:43:43 +0000 (UTC) (envelope-from gk@FreeBSD.org) Received: from repoman.freebsd.org (repoman.freebsd.org [IPv6:2001:4f8:fff6::29]) by mx1.freebsd.org (Postfix) with ESMTP id DEA698FC16 for ; Wed, 4 Jun 2008 18:43:42 +0000 (UTC) (envelope-from gk@FreeBSD.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.14.1/8.14.1) with ESMTP id m54IhgJS029344 for ; Wed, 4 Jun 2008 18:43:42 GMT (envelope-from gk@FreeBSD.org) Received: (from perforce@localhost) by repoman.freebsd.org (8.14.1/8.14.1/Submit) id m54IhgZH029342 for perforce@freebsd.org; Wed, 4 Jun 2008 18:43:42 GMT (envelope-from gk@FreeBSD.org) Date: Wed, 4 Jun 2008 18:43:42 GMT Message-Id: <200806041843.m54IhgZH029342@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to gk@FreeBSD.org using -f From: Gleb Kurtsou To: Perforce Change Reviews Cc: Subject: PERFORCE change 142900 for review X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 04 Jun 2008 18:43:43 -0000 http://perforce.freebsd.org/chv.cgi?CH=142900 Change 142900 by gk@gk_h1 on 2008/06/04 18:43:03 introduce interface flags IFF_L2FILTER, IFF_L2TAG IFF_L2FILTER - perform layer2 filtering on interface IFF_L2TAG - add tag containing ethernet header to mbuf support flags in ifconfig Affected files ... .. //depot/projects/soc2008/gk_l2filter/sbin-ifconfig/ifconfig.c#2 edit .. //depot/projects/soc2008/gk_l2filter/sys-net/if.h#2 edit .. //depot/projects/soc2008/gk_l2filter/sys-net/if_bridge.c#3 edit .. //depot/projects/soc2008/gk_l2filter/sys-net/if_ethersubr.c#3 edit .. //depot/projects/soc2008/gk_l2filter/sys-netinet/ip_fw_pfil.c#5 edit Differences ... ==== //depot/projects/soc2008/gk_l2filter/sbin-ifconfig/ifconfig.c#2 (text+ko) ==== @@ -772,7 +772,7 @@ #define IFFBITS \ "\020\1UP\2BROADCAST\3DEBUG\4LOOPBACK\5POINTOPOINT\6SMART\7RUNNING" \ "\10NOARP\11PROMISC\12ALLMULTI\13OACTIVE\14SIMPLEX\15LINK0\16LINK1\17LINK2" \ -"\20MULTICAST\22PPROMISC\23MONITOR\24STATICARP\25NEEDSGIANT" +"\20MULTICAST\22PPROMISC\23MONITOR\24STATICARP\25NEEDSGIANT\26L2FILTER\27L2TAG" #define IFCAPBITS \ "\020\1RXCSUM\2TXCSUM\3NETCONS\4VLAN_MTU\5VLAN_HWTAGGING\6JUMBO_MTU\7POLLING" \ @@ -1009,6 +1009,10 @@ DEF_CMD("-monitor", -IFF_MONITOR, setifflags), DEF_CMD("staticarp", IFF_STATICARP, setifflags), DEF_CMD("-staticarp", -IFF_STATICARP, setifflags), + DEF_CMD("l2filter", IFF_L2FILTER, setifflags), + DEF_CMD("-l2filter", -IFF_L2FILTER, setifflags), + DEF_CMD("l2tag", IFF_L2TAG, setifflags), + DEF_CMD("-l2tag", -IFF_L2TAG, setifflags), DEF_CMD("rxcsum", IFCAP_RXCSUM, setifcap), DEF_CMD("-rxcsum", -IFCAP_RXCSUM, setifcap), DEF_CMD("txcsum", IFCAP_TXCSUM, setifcap), ==== //depot/projects/soc2008/gk_l2filter/sys-net/if.h#2 (text+ko) ==== @@ -150,6 +150,8 @@ #define IFF_MONITOR 0x40000 /* (n) user-requested monitor mode */ #define IFF_STATICARP 0x80000 /* (n) static ARP */ #define IFF_NEEDSGIANT 0x100000 /* (i) hold Giant over if_start calls */ +#define IFF_L2FILTER 0x200000 /* (n) perform layer2 filtering on interface */ +#define IFF_L2TAG 0x400000 /* (n) tag packets with layer2 header */ /* * Old names for driver flags so that user space tools can continue to use ==== //depot/projects/soc2008/gk_l2filter/sys-net/if_bridge.c#3 (text+ko) ==== @@ -339,16 +339,12 @@ static int pfil_onlyip = 1; /* only pass IP[46] packets when pfil is enabled */ static int pfil_bridge = 1; /* run pfil hooks on the bridge interface */ static int pfil_member = 1; /* run pfil hooks on the member interface */ -/* GK_XXX should be if flag */ -static int pfil_layer2 = 0; /* layer2 filter with PFIL */ static int pfil_layer2_arp = 0; /* layer2 filter with PFIL */ static int pfil_local_phys = 0; /* run pfil hooks on the physical interface for locally destined packets */ static int log_stp = 0; /* log STP state changes */ SYSCTL_INT(_net_link_bridge, OID_AUTO, pfil_onlyip, CTLFLAG_RW, &pfil_onlyip, 0, "Only pass IP packets when pfil is enabled"); -SYSCTL_INT(_net_link_bridge, OID_AUTO, pfil_layer2, CTLFLAG_RW, - &pfil_layer2, 0, "Filter packets through PFIL layer2"); SYSCTL_INT(_net_link_bridge, OID_AUTO, pfil_layer2_arp, CTLFLAG_RW, &pfil_layer2_arp, 0, "Filter ARP packets through PFIL layer2"); SYSCTL_INT(_net_link_bridge, OID_AUTO, pfil_bridge, CTLFLAG_RW, @@ -1710,7 +1706,7 @@ return; } - if (PFIL_HOOKED(ðer_pfil_hook) && pfil_layer2 != 0) { + if (PFIL_HOOKED(ðer_pfil_hook)) { if (bridge_pfil(&m, sc->sc_ifp, ifp, PFIL_OUT) != 0) return; if (m == NULL) @@ -2852,7 +2848,7 @@ KASSERT(M_WRITABLE(*mp), ("%s: modifying a shared mbuf", __func__)); #endif - if (pfil_bridge == 0 && pfil_member == 0 && pfil_layer2 == 0) + if (pfil_bridge == 0 && pfil_member == 0 && (ifp->if_flags & IFF_L2FILTER) == 0) return (0); /* filtering is disabled */ i = min((*mp)->m_pkthdr.len, max_protohdr); @@ -2913,8 +2909,8 @@ goto bad; } - /* GK_XXX */ - if (PFIL_HOOKED(ðer_pfil_hook) && pfil_layer2 != 0 && dir == PFIL_OUT && ifp != NULL) { + if (PFIL_HOOKED(ðer_pfil_hook) && (ifp->if_flags & IFF_L2FILTER) && + dir == PFIL_OUT && ifp != NULL) { if (pfil_run_hooks(ðer_pfil_hook, mp, ifp, PFIL_OUT, NULL) != 0) return EACCES; } @@ -2951,14 +2947,12 @@ error = 0; - /* GK_XXX */ - /* - * XXX: conditionally allocate mtag - */ - mtag_ether_header = m_tag_alloc(MTAG_ETHER, MTAG_ETHER_HEADER, ETHER_HDR_LEN, M_NOWAIT); - if (mtag_ether_header != NULL) { - memcpy(mtag_ether_header + 1, &eh2, ETHER_HDR_LEN); - m_tag_prepend(*mp, mtag_ether_header); + if (ifp->if_flags & IFF_L2TAG) { + mtag_ether_header = m_tag_alloc(MTAG_ETHER, MTAG_ETHER_HEADER, ETHER_HDR_LEN, M_NOWAIT); + if (mtag_ether_header != NULL) { + memcpy(mtag_ether_header + 1, &eh2, ETHER_HDR_LEN); + m_tag_prepend(*mp, mtag_ether_header); + } } /* ==== //depot/projects/soc2008/gk_l2filter/sys-net/if_ethersubr.c#3 (text+ko) ==== @@ -381,8 +381,7 @@ { int error = 0; - /* GK_XXX */ - if (PFIL_HOOKED(ðer_pfil_hook)) + if (PFIL_HOOKED(ðer_pfil_hook) && (ifp->if_flags & IFF_L2FILTER)) error = pfil_run_hooks(ðer_pfil_hook, &m, ifp, PFIL_OUT, NULL); if (m == NULL) return 0; /* consumed e.g. in a pipe */ @@ -605,8 +604,8 @@ * Allow pfil to claim the frame. * Do not do this for PROMISC frames in case we are re-entered. */ - /* GK_XXX */ - if (PFIL_HOOKED(ðer_pfil_hook) && !(m->m_flags & M_PROMISC)) { + if (PFIL_HOOKED(ðer_pfil_hook) && (ifp->if_flags & IFF_L2FILTER) && + !(m->m_flags & M_PROMISC)) { if (pfil_run_hooks(ðer_pfil_hook, &m, ifp, PFIL_IN, NULL) != 0) return; } @@ -641,13 +640,12 @@ return; } - /* - * XXX: conditionally allocate mtag - */ - mtag_ether_header = m_tag_alloc(MTAG_ETHER, MTAG_ETHER_HEADER, ETHER_HDR_LEN, M_NOWAIT); - if (mtag_ether_header != NULL) { - memcpy(mtag_ether_header + 1, eh, ETHER_HDR_LEN); - m_tag_prepend(m, mtag_ether_header); + if (ifp->if_flags & IFF_L2TAG) { + mtag_ether_header = m_tag_alloc(MTAG_ETHER, MTAG_ETHER_HEADER, ETHER_HDR_LEN, M_NOWAIT); + if (mtag_ether_header != NULL) { + memcpy(mtag_ether_header + 1, eh, ETHER_HDR_LEN); + m_tag_prepend(m, mtag_ether_header); + } } /* ==== //depot/projects/soc2008/gk_l2filter/sys-netinet/ip_fw_pfil.c#5 (text+ko) ==== @@ -449,13 +449,6 @@ return 0; /* packet already partially processed */ args.m = *m0; - /* - args.oif = ifp; - */ - /* GK_XXX */ - /* - * perform layer2 filtering only - */ args.flags = IP_FW_ARGS_LAYER2; args.eh = mtod(*m0, struct ether_header *); args.inp = inp; @@ -502,10 +495,6 @@ args.m = *m0; args.oif = ifp; - /* GK_XXX */ - /* - * perform layer2 filtering only - */ args.flags = IP_FW_ARGS_LAYER2; args.eh = mtod(*m0, struct ether_header *); args.inp = inp;