Date: Wed, 11 Jun 2014 18:53:54 GMT From: dpl@FreeBSD.org To: svn-soc-all@FreeBSD.org Subject: socsvn commit: r269415 - soc2014/dpl/netmap-ipfw/sys/netpfil/ipfw Message-ID: <201406111853.s5BIrsCp060127@socsvn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: dpl Date: Wed Jun 11 18:53:53 2014 New Revision: 269415 URL: http://svnweb.FreeBSD.org/socsvn/?view=rev&rev=269415 Log: Finished with the first set of opcodes. Modified: soc2014/dpl/netmap-ipfw/sys/netpfil/ipfw/ip_fw2.c soc2014/dpl/netmap-ipfw/sys/netpfil/ipfw/ip_rules.h Modified: soc2014/dpl/netmap-ipfw/sys/netpfil/ipfw/ip_fw2.c ============================================================================== --- soc2014/dpl/netmap-ipfw/sys/netpfil/ipfw/ip_fw2.c Wed Jun 11 18:39:53 2014 (r269414) +++ soc2014/dpl/netmap-ipfw/sys/netpfil/ipfw/ip_fw2.c Wed Jun 11 18:53:53 2014 (r269415) @@ -1617,12 +1617,12 @@ break; case O_IP6: - match = is_ipv6; + rule_ip6(&match, is_ipv6); break; #endif case O_IP4: - match = is_ipv4; + rule_ip4(&match, is_ipv4); break; case O_TAG: { Modified: soc2014/dpl/netmap-ipfw/sys/netpfil/ipfw/ip_rules.h ============================================================================== --- soc2014/dpl/netmap-ipfw/sys/netpfil/ipfw/ip_rules.h Wed Jun 11 18:39:53 2014 (r269414) +++ soc2014/dpl/netmap-ipfw/sys/netpfil/ipfw/ip_rules.h Wed Jun 11 18:53:53 2014 (r269415) @@ -679,34 +679,130 @@ inline void rule_ip6(int *match, int is_ipv6) { + *match = is_ipv6; } #endif inline void rule_ip4(int *match, int is_ipv4) { + *match = is_ipv4; } inline void -rule_tag(int *match, ipfw_insn *cmd, struct mbuf *m, tag, ) +rule_tag(int *match, ipfw_insn *cmd, struct mbuf *m) { -} + struct m_tag *mtag; + uint32_t tag = IP_FW_ARG_TABLEARG(cmd->arg1); -inline void -rule_fib(int *match, struct ip_fw_args *args, ipfw_insn *cmd) -{ + /* Packet is already tagged with this tag? */ + mtag = m_tag_locate(m, MTAG_IPFW, tag, NULL); + + /* We have `untag' action when F_NOT flag is + * present. And we must remove this mtag from + * mbuf and reset `match' to zero (`match' will + * be inversed later). + * Otherwise we should allocate new mtag and + * push it into mbuf. + */ + if (cmd->len & F_NOT) { /* `untag' action */ + if (mtag != NULL) + m_tag_delete(m, mtag); + *match = 0; + } else { + if (mtag == NULL) { + mtag = m_tag_alloc( MTAG_IPFW, + tag, 0, M_NOWAIT); + if (mtag != NULL) + m_tag_prepend(m, mtag); + } + *match = 1; + } } -#ifndef USERSPACE inline void -rule_sockarg(int *match, int is_ipv6 uint8_t proto, struct ip_fw_args *args, tcbinfo, udbinfo, inp, scr_ip, uint16_t src_port, struct in_addr *dst_ip, uint16_t dst_port, uint32_t *tablearg) +rule_fib(int *match, struct ip_fw_args *args, ipfw_insn *cmd) { + if (args->f_id.fib == cmd->arg1) + *match = 1; } -#endif /* !USERSPACE */ inline void -rule_tagged(int *match, ipfw_insn *cmd, int *cmdlen, struct mbuf *m, ipfw, tag) +rule_sockarg(int *match, int is_ipv6 uint8_t proto, struct ip_fw_args *args, struct in_addr *dst_ip, struct in_addr *src_ip, uint16_t dst_port, uint16_t src_port, uint32_t *tablearg) { +#ifndef USERSPACE /* not supported in userspace */ + struct inpcb *inp = args->inp; + struct inpcbinfo *pi; + + if (is_ipv6) /* XXX can we remove this ? */ + break; + + if (proto == IPPROTO_TCP) + pi = &V_tcbinfo; + else if (proto == IPPROTO_UDP) + pi = &V_udbinfo; + else + break; + + /* + * XXXRW: so_user_cookie should almost + * certainly be inp_user_cookie? + */ + + /* For incomming packet, lookup up the + inpcb using the src/dest ip/port tuple */ + if (inp == NULL) { + inp = in_pcblookup(pi, + src_ip, htons(src_port), + dst_ip, htons(dst_port), + INPLOOKUP_RLOCKPCB, NULL); + if (inp != NULL) { + tablearg = + inp->inp_socket->so_user_cookie; + if (tablearg) + *match = 1; + INP_RUNLOCK(inp); + } + } else { + if (inp->inp_socket) { + tablearg = + inp->inp_socket->so_user_cookie; + if (tablearg) + *match = 1; + } + } +#endif /* !USERSPACE */ +} + +inline void +rule_tagged(int *match, ipfw_insn *cmd, int cmdlen, struct mbuf *m) +{ + struct m_tag *mtag; + uint32_t tag = IP_FW_ARG_TABLEARG(cmd->arg1); + + if (cmdlen == 1) { + *match = m_tag_locate(m, MTAG_IPFW, + tag, NULL) != NULL; + break; + } + + /* we have ranges */ + for (mtag = m_tag_first(m); + mtag != NULL && !(*match); + mtag = m_tag_next(m, mtag)) { + uint16_t *p; + int i; + + if (mtag->m_tag_cookie != MTAG_IPFW) + continue; + + p = ((ipfw_insn_u16 *)cmd)->ports; + i = cmdlen - 1; + for(; !(*match) && i > 0; i--, p += 2) + *match = + mtag->m_tag_id >= p[0] && + mtag->m_tag_id <= p[1]; + } } /*
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201406111853.s5BIrsCp060127>