CVS commit: src/usr.sbin/npf/npfctl

Mon, 04 Nov 2013 17:51:39 -0800 

Module Name:    src
Committed By:   rmind
Date:           Tue Nov  5 01:50:30 UTC 2013

Modified Files:
        src/usr.sbin/npf/npfctl: npf_bpf_comp.c

Log Message:
npfctl: optimise fetch_l3() to avoid unnecessary call to NPF_COP_L3.


To generate a diff of this commit:
cvs rdiff -u -r1.1 -r1.2 src/usr.sbin/npf/npfctl/npf_bpf_comp.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


Modified files:

Index: src/usr.sbin/npf/npfctl/npf_bpf_comp.c
diff -u src/usr.sbin/npf/npfctl/npf_bpf_comp.c:1.1 src/usr.sbin/npf/npfctl/npf_bpf_comp.c:1.2
--- src/usr.sbin/npf/npfctl/npf_bpf_comp.c:1.1	Thu Sep 19 01:04:45 2013
+++ src/usr.sbin/npf/npfctl/npf_bpf_comp.c	Tue Nov  5 01:50:30 2013
@@ -1,4 +1,4 @@
-/*	$NetBSD: npf_bpf_comp.c,v 1.1 2013/09/19 01:04:45 rmind Exp $	*/
+/*	$NetBSD: npf_bpf_comp.c,v 1.2 2013/11/05 01:50:30 rmind Exp $	*/
 
 /*-
  * Copyright (c) 2010-2013 The NetBSD Foundation, Inc.
@@ -34,7 +34,7 @@
  */
 
 #include <sys/cdefs.h>
-__RCSID("$NetBSD: npf_bpf_comp.c,v 1.1 2013/09/19 01:04:45 rmind Exp $");
+__RCSID("$NetBSD: npf_bpf_comp.c,v 1.2 2013/11/05 01:50:30 rmind Exp $");
 
 #include <stdlib.h>
 #include <stdbool.h>
@@ -307,12 +307,21 @@ fetch_l3(npf_bpf_t *ctx, sa_family_t af,
 		 * A <- IP version; A == expected-version?
 		 * If no particular version specified, check for non-zero.
 		 */
-		struct bpf_insn insns_l3[] = {
-			BPF_STMT(BPF_MISC+BPF_COP, NPF_COP_L3),
-			BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, ver, jt, jf),
-		};
-		add_insns(ctx, insns_l3, __arraycount(insns_l3));
-		ctx->flags |= FETCHED_L3;
+		if ((ctx->flags & FETCHED_L3) == 0) {
+			struct bpf_insn insns_l3[] = {
+				BPF_STMT(BPF_MISC+BPF_COP, NPF_COP_L3),
+				BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, ver, jt, jf),
+			};
+			add_insns(ctx, insns_l3, __arraycount(insns_l3));
+			ctx->flags |= FETCHED_L3;
+		} else {
+			/* IP version is already fetched in BPF_MW_IPVER. */
+			struct bpf_insn insns_af[] = {
+				BPF_STMT(BPF_LD+BPF_W+BPF_MEM, BPF_MW_IPVER),
+				BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, ver, jt, jf),
+			};
+			add_insns(ctx, insns_af, __arraycount(insns_af));
+		}
 		ctx->af = af;
 
 		if (af) {
@@ -471,7 +480,7 @@ npfctl_bpf_ports(npf_bpf_t *ctx, u_int o
 	off = (opts & MATCH_SRC) ? sport_off : dport_off;
 
 	/* X <- IP header length */
-	fetch_l3(ctx, 0, X_EQ_L4OFF);
+	fetch_l3(ctx, AF_UNSPEC, X_EQ_L4OFF);
 
 	struct bpf_insn insns_fetch[] = {
 		/* A <- port */
@@ -513,7 +522,7 @@ npfctl_bpf_tcpfl(npf_bpf_t *ctx, uint8_t
 	const u_int tcpfl_off = offsetof(struct tcphdr, th_flags);
 
 	/* X <- IP header length */
-	fetch_l3(ctx, 0, X_EQ_L4OFF);
+	fetch_l3(ctx, AF_UNSPEC, X_EQ_L4OFF);
 
 	struct bpf_insn insns_tf[] = {
 		/* A <- TCP flags */
@@ -554,7 +563,7 @@ npfctl_bpf_icmp(npf_bpf_t *ctx, int type
 	assert(type != -1 || code != -1);
 
 	/* X <- IP header length */
-	fetch_l3(ctx, 0, X_EQ_L4OFF);
+	fetch_l3(ctx, AF_UNSPEC, X_EQ_L4OFF);
 
 	if (type != -1) {
 		struct bpf_insn insns_type[] = {

Reply via email to