Date: Mon, 11 Aug 2014 16:36:19 GMT From: dpl@FreeBSD.org To: svn-soc-all@FreeBSD.org Subject: socsvn commit: r272216 - soc2014/dpl/netmap-ipfwjit/sys/netpfil/ipfw Message-ID: <201408111636.s7BGaJd4065259@socsvn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: dpl Date: Mon Aug 11 16:36:18 2014 New Revision: 272216 URL: http://svnweb.FreeBSD.org/socsvn/?view=rev&rev=272216 Log: Corrected some wrong first drafts of the emit_* functions. Removed some of the firewall's logic to iterate the rules, and moved some comments to avoid errors. Modified: soc2014/dpl/netmap-ipfwjit/sys/netpfil/ipfw/jit.cc Modified: soc2014/dpl/netmap-ipfwjit/sys/netpfil/ipfw/jit.cc ============================================================================== --- soc2014/dpl/netmap-ipfwjit/sys/netpfil/ipfw/jit.cc Mon Aug 11 16:20:55 2014 (r272215) +++ soc2014/dpl/netmap-ipfwjit/sys/netpfil/ipfw/jit.cc Mon Aug 11 16:36:18 2014 (r272216) @@ -289,26 +289,25 @@ delete mod; } + // Returns the pointer to the compiled function. funcptr - functionPtr() + getFuncPtr() { - MachineCodeInfo machinf; - - ExecutionEngine::runJITOnFunction(func, &machinf); - return ((funcptr)machinf.address()); + return ((funcptr)NULL); } + // Emits all the code necessary to fill in some vars. + // XXX Should we emit that? Or should we create a function call instead? int - emit_nop(int *matchptr) + emit_lookpkt() { - // static IPFW_RULES_INLINE void - // rule_nop(int *match) - // { - // *match = 1; - // } - - *matchptr = 1; + //irb.CreateCall(); + return (0); + } + int + emit_nop() + { irb.CreateStore(ConstantInt::get(int32Ty, 1), match); return (0); } @@ -316,56 +315,21 @@ int emit_forward_mac(u_int8_t opcode) { - // printf("ipfw: opcode %d unimplemented\n", - // opcode); - - Function *printf; - - printf = mod->getFunction("printf"); - irb.CreateCall(printf, "ipfw: opcode %d unimplemented\n", opcode); + printf("Compilation error:\n"); + printf("ipfwjitter: opcode %d unimplemented\n", opcode); + printf("Compilation continues.\n"); return (0); } int emit_jail() { - // static IPFW_RULES_INLINE void - // rule_jail(int * match, u_short offset, uint8_t proto, ipfw_insn *cmd, struct ip_fw_args *args, int ucred_lookup, void *ucred_cache) - // { - // /* - // * We only check offset == 0 && proto != 0, - // * as this ensures that we have a - // * packet with the ports info. - // */ - // if (offset != 0) - // return; - // if (proto == IPPROTO_TCP || - // proto == IPPROTO_UDP) - // *match = check_uidgid( - // (ipfw_insn_u32 *)cmd, - // args, &ucred_lookup, - // #ifdef __FreeBSD__ - // //(struct bsd_ucred **)&ucred_cache); - // (struct ucred **)&ucred_cache); - // #else - // (void *)&ucred_cache); - // #endif - // } - return (0); } int emit_recv() { - // static IPFW_RULES_INLINE void - // rule_recv(int *match, ipfw_insn *cmd, struct mbuf *m, struct ip_fw_chain *chain, uint32_t *tablearg) - // { - // *match = iface_match(m->m_pkthdr.rcvif, (ipfw_insn_if *)cmd, chain, tablearg); - // } - - irb.CreateStore(irb.CreateCall4(/*STUFF GOING HERE*/ match); - return (0); } @@ -392,39 +356,15 @@ struct ip_fw *f; f = chain->map[f_pos]; - if (V_set_disable & (1 << f->set) ) - continue; - skip_or = 0; // For each different command. for (l = f->cmd_len, cmd = f->cmd ; l > 0 ; l -= cmdlen, cmd += cmdlen) { - int match; - /* - * check_body is a jump target used when we find a - * CHECK_STATE, and need to jump to the body of - * the target rule. - */ - /* check_body: */ cmdlen = F_LEN(cmd); - /* - * An OR block (insn_1 || .. || insn_n) has the - * F_OR bit set in all but the last instruction. - * The first match will set "skip_or", and cause - * the following instructions to be skipped until - * past the one with the F_OR bit clear. - */ - if (skip_or) { /* skip this instruction */ - if ((cmd->len & F_OR) == 0) - skip_or = 0; /* next one is good */ - continue; - } - match = 0; /* set to 1 if we succeed */ - switch (cmd->opcode) { case O_NOP: - comp.emit_nop(&match); + comp.emit_nop(); break; case O_FORWARD_MAC: @@ -437,11 +377,11 @@ comp.emit_jail(); break; -/* XXX case O_RECV: comp.emit_recv(); break; +/* XXX case O_XMIT: comp.emit_xmit(); break; @@ -537,8 +477,7 @@ comp.emit_icmp6type(); break; #endif /* INET6 */ - -/* XXX +/* case O_IPOPT: comp.emit_ipopt(); break; @@ -574,9 +513,6 @@ break; case O_TCPOPTS: - /* if (rule_tcpopts(&match, hlen, ulp, proto, offset, cmd, m, args)) - goto pullup_failed; */ -/* XXX comp.emit_tcpopts(); break; @@ -625,9 +561,9 @@ comp.emit_ipsec(); #endif /* otherwise no match */ -/* XXX break; +/* XXX #ifdef INET6 case O_IP6_SRC: comp.emit_ip6_src(); @@ -750,14 +686,14 @@ comp.emit_skipto(); continue; break; /* NOTREACHED */ -/* XXX +/* XXX case O_CALLRETURN: comp.emit_callreturn(); continue; break; /* NOTREACHED */ - /* XXX + case O_REJECT: comp.emit_reject(); /* FALLTHROUGH */ @@ -803,44 +739,13 @@ comp.emit_reass(); break; + */ default: panic("-- unknown opcode %d\n", cmd->opcode); } /* end of switch() on opcodes */ - /* - * if we get here with l=0, then match is irrelevant. - */ - - if (cmd->len & F_NOT) - match = !match; - - if (match) { - if (cmd->len & F_OR) - skip_or = 1; - } else { - if (!(cmd->len & F_OR)) /* not an OR block, */ - break; /* try next rule */ - } - } /* end of inner loop, scan opcodes */ - - if (done) - break; - -/* next_rule:; */ /* try next rule */ - } /* end of outer for, scan rules */ - if (done) { - struct ip_fw *rule = chain->map[f_pos]; - /* Update statistics */ - IPFW_INC_RULE_COUNTER(rule, pktlen); - } else { - retval = IP_FW_DENY; - printf("ipfw: ouch!, skip past end of rules, denying packet\n"); - } - // Once we're done iterating through the rules, return the pointer. - - return (0); -} + return (comp.getFuncPtr()); }
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201408111636.s7BGaJd4065259>