Aren/NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

NPF:

Browse Source 
- Populate the BPF external memory store with L3 information.
- Eliminate NPF_COP_L3 call and just use the data in the memstore.
- Bump NPF_VERSION.
This commit is contained in:
rmind 2014-06-29 00:05:24 +00:00
parent 01e782f371
commit 9c7a886e44
3 changed files with 39 additions and 46 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
sys/net/npf/npf.h
View File

@ -1,4 +1,4 @@
/* $NetBSD: npf.h,v 1.41 2014/06/25 00:20:06 rmind Exp $ */
/* $NetBSD: npf.h,v 1.42 2014/06/29 00:05:24 rmind Exp $ */
/*-
* Copyright (c) 2009-2014 The NetBSD Foundation, Inc.
@ -45,7 +45,7 @@
#include <netinet/in_systm.h>
#include <netinet/in.h>
#define NPF_VERSION 13
#define NPF_VERSION 14
/*
* Public declarations and definitions.

53
sys/net/npf/npf_bpf.c
View File

@ -1,4 +1,4 @@
/* $NetBSD: npf_bpf.c,v 1.8 2014/06/25 00:20:06 rmind Exp $ */
/* $NetBSD: npf_bpf.c,v 1.9 2014/06/29 00:05:24 rmind Exp $ */
/*-
* Copyright (c) 2009-2013 The NetBSD Foundation, Inc.
@ -34,7 +34,7 @@
*/
#include <sys/cdefs.h>
__KERNEL_RCSID(0, "$NetBSD: npf_bpf.c,v 1.8 2014/06/25 00:20:06 rmind Exp $");
__KERNEL_RCSID(0, "$NetBSD: npf_bpf.c,v 1.9 2014/06/29 00:05:24 rmind Exp $");
#include <sys/types.h>
#include <sys/param.h>
@ -78,7 +78,7 @@ npf_bpf_sysfini(void)
}
void
npf_bpf_prepare(npf_cache_t *npc, nbuf_t *nbuf, bpf_args_t *args, uint32_t *m)
npf_bpf_prepare(npf_cache_t *npc, nbuf_t *nbuf, bpf_args_t *args, uint32_t *M)
{
const struct mbuf *mbuf = nbuf_head_mbuf(nbuf);
const size_t pktlen = m_length(mbuf);
@ -87,19 +87,39 @@ npf_bpf_prepare(npf_cache_t *npc, nbuf_t *nbuf, bpf_args_t *args, uint32_t *m)
args->pkt = (const uint8_t *)mbuf;
args->wirelen = pktlen;
args->buflen = 0;
args->mem = m;
args->mem = M;
args->arg = npc;
/*
* Convert address length to IP version. Just mask out
* number 4 or set 6 if higher bits set, such that:
*
* 0 => 0
* 4 => 4 (IPVERSION)
* 16 => 6 (IPV6_VERSION >> 4)
*/
const u_int alen = npc->npc_alen;
const uint32_t ver = (alen & 4) | ((alen >> 4) * 6);
/*
* Output words in the memory store:
* BPF_MW_IPVER IP version (4 or 6).
* BPF_MW_L4OFF L4 header offset.
* BPF_MW_L4PROTO L4 protocol.
*/
M[BPF_MW_IPVER] = ver;
M[BPF_MW_L4OFF] = npc->npc_hlen;
M[BPF_MW_L4PROTO] = npc->npc_proto;
}
int
npf_bpf_filter(bpf_args_t *args, const void *code, bpfjit_func_t jcode)
{
#if 0
/* Execute JIT-compiled code. */
if (__predict_true(jcode)) {
return jcode(npf_bpfctx, args);
}
#endif
/* Execute BPF byte-code. */
return bpf_filter_ext(npf_bpfctx, code, args);
}
@ -123,35 +143,18 @@ npf_bpf_validate(const void *code, size_t len)
/*
* NPF_COP_L3: fetches layer 3 information.
*
* Output words in the memory store:
* BPF_MW_IPVER IP version (4 or 6).
* BPF_MW_L4OFF L4 header offset.
* BPF_MW_L4PROTO L4 protocol.
*/
static uint32_t
npf_cop_l3(const bpf_ctx_t *bc, bpf_args_t *args, uint32_t A)
{
const npf_cache_t * const npc = (const npf_cache_t *)args->arg;
const uint32_t ver = (npc->npc_alen & 4) | ((npc->npc_alen >> 4) * 6);
uint32_t * const M = args->mem;
/*
* Convert address length to IP version. Just mask out
* number 4 or set 6 if higher bits set, such that:
*
* 0 => 0
* 4 => 4 (IPVERSION)
* 16 => 6 (IPV6_VERSION >> 4)
*/
const u_int alen = npc->npc_alen;
const uint32_t ver = (alen & 4) | ((alen >> 4) * 6);
M[BPF_MW_IPVER] = ver;
M[BPF_MW_L4OFF] = npc->npc_hlen;
M[BPF_MW_L4PROTO] = npc->npc_proto;
/* A <- IP version */
return ver;
return ver; /* A <- IP version */
}
#define SRC_FLAG_BIT (1U << 31)

28
usr.sbin/npf/npfctl/npf_bpf_comp.c
View File

@ -1,4 +1,4 @@
/* $NetBSD: npf_bpf_comp.c,v 1.6 2014/05/31 22:41:37 rmind Exp $ */
/* $NetBSD: npf_bpf_comp.c,v 1.7 2014/06/29 00:05:24 rmind Exp $ */
/*-
* Copyright (c) 2010-2014 The NetBSD Foundation, Inc.
@ -34,7 +34,7 @@
*/
#include <sys/cdefs.h>
__RCSID("$NetBSD: npf_bpf_comp.c,v 1.6 2014/05/31 22:41:37 rmind Exp $");
__RCSID("$NetBSD: npf_bpf_comp.c,v 1.7 2014/06/29 00:05:24 rmind Exp $");
#include <stdlib.h>
#include <stdbool.h>
@ -284,8 +284,7 @@ fetch_l3(npf_bpf_t *ctx, sa_family_t af, u_int flags)
}
/*
* Call NPF_COP_L3 to fetch L3 information. The coprocessor
* populates the following words in the scratch memory store:
* The memory store is populated with:
* - BPF_MW_IPVER: IP version (4 or 6).
* - BPF_MW_L4OFF: L4 header offset.
* - BPF_MW_L4PROTO: L4 protocol.
@ -308,21 +307,12 @@ fetch_l3(npf_bpf_t *ctx, sa_family_t af, u_int flags)
* A <- IP version; A == expected-version?
* If no particular version specified, check for non-zero.
*/
if ((ctx->flags & FETCHED_L3) == 0) {
struct bpf_insn insns_l3[] = {
BPF_STMT(BPF_MISC+BPF_COP, NPF_COP_L3),
BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, ver, jt, jf),
};
add_insns(ctx, insns_l3, __arraycount(insns_l3));
ctx->flags |= FETCHED_L3;
} else {
/* IP version is already fetched in BPF_MW_IPVER. */
struct bpf_insn insns_af[] = {
BPF_STMT(BPF_LD+BPF_W+BPF_MEM, BPF_MW_IPVER),
BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, ver, jt, jf),
};
add_insns(ctx, insns_af, __arraycount(insns_af));
}
struct bpf_insn insns_af[] = {
BPF_STMT(BPF_LD+BPF_W+BPF_MEM, BPF_MW_IPVER),
BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, ver, jt, jf),
};
add_insns(ctx, insns_af, __arraycount(insns_af));
ctx->flags |= FETCHED_L3;
ctx->af = af;
if (af) {