Module Name: src
Committed By: rmind
Date: Sun Jun 29 00:05:24 UTC 2014
Modified Files:
src/sys/net/npf: npf.h npf_bpf.c
src/usr.sbin/npf/npfctl: npf_bpf_comp.c
Log Message:
NPF:
- Populate the BPF external memory store with L3 information.
- Eliminate NPF_COP_L3 call and just use the data in the memstore.
- Bump NPF_VERSION.
To generate a diff of this commit:
cvs rdiff -u -r1.41 -r1.42 src/sys/net/npf/npf.h
cvs rdiff -u -r1.8 -r1.9 src/sys/net/npf/npf_bpf.c
cvs rdiff -u -r1.6 -r1.7 src/usr.sbin/npf/npfctl/npf_bpf_comp.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/net/npf/npf.h
diff -u src/sys/net/npf/npf.h:1.41 src/sys/net/npf/npf.h:1.42
--- src/sys/net/npf/npf.h:1.41 Wed Jun 25 00:20:06 2014
+++ src/sys/net/npf/npf.h Sun Jun 29 00:05:24 2014
@@ -1,4 +1,4 @@
-/* $NetBSD: npf.h,v 1.41 2014/06/25 00:20:06 rmind Exp $ */
+/* $NetBSD: npf.h,v 1.42 2014/06/29 00:05:24 rmind Exp $ */
/*-
* Copyright (c) 2009-2014 The NetBSD Foundation, Inc.
@@ -45,7 +45,7 @@
#include <netinet/in_systm.h>
#include <netinet/in.h>
-#define NPF_VERSION 13
+#define NPF_VERSION 14
/*
* Public declarations and definitions.
Index: src/sys/net/npf/npf_bpf.c
diff -u src/sys/net/npf/npf_bpf.c:1.8 src/sys/net/npf/npf_bpf.c:1.9
--- src/sys/net/npf/npf_bpf.c:1.8 Wed Jun 25 00:20:06 2014
+++ src/sys/net/npf/npf_bpf.c Sun Jun 29 00:05:24 2014
@@ -1,4 +1,4 @@
-/* $NetBSD: npf_bpf.c,v 1.8 2014/06/25 00:20:06 rmind Exp $ */
+/* $NetBSD: npf_bpf.c,v 1.9 2014/06/29 00:05:24 rmind Exp $ */
/*-
* Copyright (c) 2009-2013 The NetBSD Foundation, Inc.
@@ -34,7 +34,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: npf_bpf.c,v 1.8 2014/06/25 00:20:06 rmind Exp $");
+__KERNEL_RCSID(0, "$NetBSD: npf_bpf.c,v 1.9 2014/06/29 00:05:24 rmind Exp $");
#include <sys/types.h>
#include <sys/param.h>
@@ -78,7 +78,7 @@ npf_bpf_sysfini(void)
}
void
-npf_bpf_prepare(npf_cache_t *npc, nbuf_t *nbuf, bpf_args_t *args, uint32_t *m)
+npf_bpf_prepare(npf_cache_t *npc, nbuf_t *nbuf, bpf_args_t *args, uint32_t *M)
{
const struct mbuf *mbuf = nbuf_head_mbuf(nbuf);
const size_t pktlen = m_length(mbuf);
@@ -87,19 +87,39 @@ npf_bpf_prepare(npf_cache_t *npc, nbuf_t
args->pkt = (const uint8_t *)mbuf;
args->wirelen = pktlen;
args->buflen = 0;
- args->mem = m;
+ args->mem = M;
args->arg = npc;
+
+ /*
+ * Convert address length to IP version. Just mask out
+ * number 4 or set 6 if higher bits set, such that:
+ *
+ * 0 => 0
+ * 4 => 4 (IPVERSION)
+ * 16 => 6 (IPV6_VERSION >> 4)
+ */
+ const u_int alen = npc->npc_alen;
+ const uint32_t ver = (alen & 4) | ((alen >> 4) * 6);
+
+ /*
+ * Output words in the memory store:
+ * BPF_MW_IPVER IP version (4 or 6).
+ * BPF_MW_L4OFF L4 header offset.
+ * BPF_MW_L4PROTO L4 protocol.
+ */
+ M[BPF_MW_IPVER] = ver;
+ M[BPF_MW_L4OFF] = npc->npc_hlen;
+ M[BPF_MW_L4PROTO] = npc->npc_proto;
}
int
npf_bpf_filter(bpf_args_t *args, const void *code, bpfjit_func_t jcode)
{
-#if 0
/* Execute JIT-compiled code. */
if (__predict_true(jcode)) {
return jcode(npf_bpfctx, args);
}
-#endif
+
/* Execute BPF byte-code. */
return bpf_filter_ext(npf_bpfctx, code, args);
}
@@ -123,35 +143,18 @@ npf_bpf_validate(const void *code, size_
/*
* NPF_COP_L3: fetches layer 3 information.
- *
- * Output words in the memory store:
- * BPF_MW_IPVER IP version (4 or 6).
- * BPF_MW_L4OFF L4 header offset.
- * BPF_MW_L4PROTO L4 protocol.
*/
static uint32_t
npf_cop_l3(const bpf_ctx_t *bc, bpf_args_t *args, uint32_t A)
{
const npf_cache_t * const npc = (const npf_cache_t *)args->arg;
+ const uint32_t ver = (npc->npc_alen & 4) | ((npc->npc_alen >> 4) * 6);
uint32_t * const M = args->mem;
- /*
- * Convert address length to IP version. Just mask out
- * number 4 or set 6 if higher bits set, such that:
- *
- * 0 => 0
- * 4 => 4 (IPVERSION)
- * 16 => 6 (IPV6_VERSION >> 4)
- */
- const u_int alen = npc->npc_alen;
- const uint32_t ver = (alen & 4) | ((alen >> 4) * 6);
-
M[BPF_MW_IPVER] = ver;
M[BPF_MW_L4OFF] = npc->npc_hlen;
M[BPF_MW_L4PROTO] = npc->npc_proto;
-
- /* A <- IP version */
- return ver;
+ return ver; /* A <- IP version */
}
#define SRC_FLAG_BIT (1U << 31)
Index: src/usr.sbin/npf/npfctl/npf_bpf_comp.c
diff -u src/usr.sbin/npf/npfctl/npf_bpf_comp.c:1.6 src/usr.sbin/npf/npfctl/npf_bpf_comp.c:1.7
--- src/usr.sbin/npf/npfctl/npf_bpf_comp.c:1.6 Sat May 31 22:41:37 2014
+++ src/usr.sbin/npf/npfctl/npf_bpf_comp.c Sun Jun 29 00:05:24 2014
@@ -1,4 +1,4 @@
-/* $NetBSD: npf_bpf_comp.c,v 1.6 2014/05/31 22:41:37 rmind Exp $ */
+/* $NetBSD: npf_bpf_comp.c,v 1.7 2014/06/29 00:05:24 rmind Exp $ */
/*-
* Copyright (c) 2010-2014 The NetBSD Foundation, Inc.
@@ -34,7 +34,7 @@
*/
#include <sys/cdefs.h>
-__RCSID("$NetBSD: npf_bpf_comp.c,v 1.6 2014/05/31 22:41:37 rmind Exp $");
+__RCSID("$NetBSD: npf_bpf_comp.c,v 1.7 2014/06/29 00:05:24 rmind Exp $");
#include <stdlib.h>
#include <stdbool.h>
@@ -284,8 +284,7 @@ fetch_l3(npf_bpf_t *ctx, sa_family_t af,
}
/*
- * Call NPF_COP_L3 to fetch L3 information. The coprocessor
- * populates the following words in the scratch memory store:
+ * The memory store is populated with:
* - BPF_MW_IPVER: IP version (4 or 6).
* - BPF_MW_L4OFF: L4 header offset.
* - BPF_MW_L4PROTO: L4 protocol.
@@ -308,21 +307,12 @@ fetch_l3(npf_bpf_t *ctx, sa_family_t af,
* A <- IP version; A == expected-version?
* If no particular version specified, check for non-zero.
*/
- if ((ctx->flags & FETCHED_L3) == 0) {
- struct bpf_insn insns_l3[] = {
- BPF_STMT(BPF_MISC+BPF_COP, NPF_COP_L3),
- BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, ver, jt, jf),
- };
- add_insns(ctx, insns_l3, __arraycount(insns_l3));
- ctx->flags |= FETCHED_L3;
- } else {
- /* IP version is already fetched in BPF_MW_IPVER. */
- struct bpf_insn insns_af[] = {
- BPF_STMT(BPF_LD+BPF_W+BPF_MEM, BPF_MW_IPVER),
- BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, ver, jt, jf),
- };
- add_insns(ctx, insns_af, __arraycount(insns_af));
- }
+ struct bpf_insn insns_af[] = {
+ BPF_STMT(BPF_LD+BPF_W+BPF_MEM, BPF_MW_IPVER),
+ BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, ver, jt, jf),
+ };
+ add_insns(ctx, insns_af, __arraycount(insns_af));
+ ctx->flags |= FETCHED_L3;
ctx->af = af;
if (af) {
