From owner-svn-soc-all@FreeBSD.ORG Wed Jul 30 11:06:01 2014 Return-Path: Delivered-To: svn-soc-all@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 4E9F8D74 for ; Wed, 30 Jul 2014 11:06:01 +0000 (UTC) Received: from socsvn.freebsd.org (socsvn.freebsd.org [IPv6:2001:1900:2254:206a::50:2]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 3AFB22CF4 for ; Wed, 30 Jul 2014 11:06:01 +0000 (UTC) Received: from socsvn.freebsd.org ([127.0.1.124]) by socsvn.freebsd.org (8.14.9/8.14.9) with ESMTP id s6UB61Iv004343 for ; Wed, 30 Jul 2014 11:06:01 GMT (envelope-from dpl@FreeBSD.org) Received: (from www@localhost) by socsvn.freebsd.org (8.14.9/8.14.9/Submit) id s6UB60KA004332 for svn-soc-all@FreeBSD.org; Wed, 30 Jul 2014 11:06:00 GMT (envelope-from dpl@FreeBSD.org) Date: Wed, 30 Jul 2014 11:06:00 GMT Message-Id: <201407301106.s6UB60KA004332@socsvn.freebsd.org> X-Authentication-Warning: socsvn.freebsd.org: www set sender to dpl@FreeBSD.org using -f From: dpl@FreeBSD.org To: svn-soc-all@FreeBSD.org Subject: socsvn commit: r271600 - soc2014/dpl/netmap-ipfwjit/sys/netpfil/ipfw MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-soc-all@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: SVN commit messages for the entire Summer of Code repository List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 30 Jul 2014 11:06:01 -0000 Author: dpl Date: Wed Jul 30 11:05:59 2014 New Revision: 271600 URL: http://svnweb.FreeBSD.org/socsvn/?view=rev&rev=271600 Log: Refactored some of the ip_fw2.c code, to be compiled to bitcode and used by the JIT Modified: soc2014/dpl/netmap-ipfwjit/sys/netpfil/ipfw/ip_fw2.c soc2014/dpl/netmap-ipfwjit/sys/netpfil/ipfw/ip_fw_rules.h soc2014/dpl/netmap-ipfwjit/sys/netpfil/ipfw/jit.cc Modified: soc2014/dpl/netmap-ipfwjit/sys/netpfil/ipfw/ip_fw2.c ============================================================================== --- soc2014/dpl/netmap-ipfwjit/sys/netpfil/ipfw/ip_fw2.c Wed Jul 30 09:17:40 2014 (r271599) +++ soc2014/dpl/netmap-ipfwjit/sys/netpfil/ipfw/ip_fw2.c Wed Jul 30 11:05:59 2014 (r271600) @@ -105,7 +105,7 @@ */ /* ipfw_vnet_ready controls when we are open for business */ -static VNET_DEFINE(int, ipfw_vnet_ready) = 0; +VNET_DEFINE(int, ipfw_vnet_ready) = 0; #define V_ipfw_vnet_ready VNET(ipfw_vnet_ready) static VNET_DEFINE(int, fw_deny_unknown_exthdrs); @@ -657,21 +657,7 @@ /* Returns -1 on error */ if (lockcheckvnet(chain)) return (IP_FW_PASS); - if (args->rule.slot) { - /* - * Packet has already been tagged as a result of a previous - * match on rule args->rule aka args->rule_id (PIPE, QUEUE, - * REASS, NETGRAPH, DIVERT/TEE...) - * Validate the slot and continue from the next one - * if still present, otherwise do a lookup. - */ - f_pos = (args->rule.chain_id == chain->id) ? - args->rule.slot : - ipfw_find_rule(chain, args->rule.rulenum, - args->rule.rule_id); - } else { - f_pos = 0; - } + getfpos(args, chain, &f_pos); /* * Now scan the rules, and parse microinstructions for each rule. @@ -1139,7 +1125,7 @@ retval = IP_FW_DENY; printf("ipfw: ouch!, skip past end of rules, denying packet\n"); } - IPFW_PF_RUNLOCK(chain); + unlockvnet(chain); #ifdef __FreeBSD__ if (ucred_cache != NULL) crfree(ucred_cache); Modified: soc2014/dpl/netmap-ipfwjit/sys/netpfil/ipfw/ip_fw_rules.h ============================================================================== --- soc2014/dpl/netmap-ipfwjit/sys/netpfil/ipfw/ip_fw_rules.h Wed Jul 30 09:17:40 2014 (r271599) +++ soc2014/dpl/netmap-ipfwjit/sys/netpfil/ipfw/ip_fw_rules.h Wed Jul 30 11:05:59 2014 (r271600) @@ -45,6 +45,9 @@ /* This macro needs the calling function to have a tablearg argument */ #define IP_FW_ARG_TABLEARG(a) (((a) == IP_FW_TABLEARG) ? tablearg : (a)) +/* Needed vars defined at ip_fw2.c */ +VNET_DECLARE(int, V_ipfw_vnet_ready); + /* * Auxiliar functions. */ @@ -1937,3 +1940,32 @@ return 0; } +static IPFW_RULES_INLINE void +unlockvnet(struct ip_fw_chain *chain) +{ + IPFW_PF_RUNLOCK(chain); +} + +/* + * Function to be called just after + * lockcheckvnet(); + */ +static IPFW_RULES_INLINE int +getfpos(struct ip_fw_args *args, struct ip_fw_chain *chain, int *f_pos) +{ + if (args->rule.slot) { + /* + * Packet has already been tagged as a result of a previous + * match on rule args->rule aka args->rule_id (PIPE, QUEUE, + * REASS, NETGRAPH, DIVERT/TEE...) + * Validate the slot and continue from the next one + * if still present, otherwise do a lookup. + */ + *f_pos = (args->rule.chain_id == chain->id) ? + args->rule.slot : + ipfw_find_rule(chain, args->rule.rulenum, + args->rule.rule_id); + } else { + *f_pos = 0; + } +} Modified: soc2014/dpl/netmap-ipfwjit/sys/netpfil/ipfw/jit.cc ============================================================================== --- soc2014/dpl/netmap-ipfwjit/sys/netpfil/ipfw/jit.cc Wed Jul 30 09:17:40 2014 (r271599) +++ soc2014/dpl/netmap-ipfwjit/sys/netpfil/ipfw/jit.cc Wed Jul 30 11:05:59 2014 (r271600) @@ -48,22 +48,32 @@ int loadStub(std::string funcname) { - return 0; + return (0); + } + + int + setVars() + { + return (0); } }; extern "C" funcptr compile_code(struct ip_fw_args *args) { - jitCompiler("ip_fw_rules.bc"); + struct ip_fw_chain *chain = &V_layer3_chain; - int f_pos = 0; /* index of current rule in the array */ + auto comp = jitCompiler("ip_fw_rules.bc"); - // Now I have to load the stubs of the loaded rules. + // XXX Now I have to load the stubs of the loaded rules. // For that, I need a table: RULE, "functname", #args + lockcheckvnet(chain); // Iterate through the rules. + /* When we're done, or if there's an error. */ + unlockvnet(chain); + /* // Get the stub (prototype) for the cell function F = Mod->getFunction("cell"); @@ -105,5 +115,5 @@ } */ - return 0; + return (0); }