git: 0b70e3e78b02 - main - net: add pfil_mbuf_{in,out}

Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: Mateusz Guzik <mjg_at_FreeBSD.org>
Date: Thu, 08 Sep 2022 16:21:30 UTC
The branch main has been updated by mjg:

URL: https://cgit.FreeBSD.org/src/commit/?id=0b70e3e78b0279c66be06dea27bcdaf5eadf663d

commit 0b70e3e78b0279c66be06dea27bcdaf5eadf663d
Author:     Mateusz Guzik <mjg@FreeBSD.org>
AuthorDate: 2022-09-02 16:23:54 +0000
Commit:     Mateusz Guzik <mjg@FreeBSD.org>
CommitDate: 2022-09-08 16:20:43 +0000

    net: add pfil_mbuf_{in,out}
    
    This shaves a lot of branching due to MEMPTR flag.
    
    Reviewed by:    glebius
    Sponsored by:   Rubicon Communications, LLC ("Netgate")
    Differential Revision:  https://reviews.freebsd.org/D36454
---
 sys/net/pfil.c | 36 ++++++++++++++++++++++++++++++++++++
 sys/net/pfil.h |  4 ++++
 2 files changed, 40 insertions(+)

diff --git a/sys/net/pfil.c b/sys/net/pfil.c
index 85a0f031006b..b68fbe8db5c5 100644
--- a/sys/net/pfil.c
+++ b/sys/net/pfil.c
@@ -198,6 +198,42 @@ pfil_run_hooks(struct pfil_head *head, pfil_packet_t p, struct ifnet *ifp,
 	return (rv);
 }
 
+static __always_inline int
+pfil_mbuf_common(pfil_chain_t *pch, pfil_packet_t p, struct ifnet *ifp,
+    int flags, struct inpcb *inp)
+{
+	struct pfil_link *link;
+	pfil_return_t rv;
+
+	NET_EPOCH_ASSERT();
+	KASSERT(flags == PFIL_IN || flags == PFIL_OUT,
+	    ("%s: unsupported flags %d", __func__, flags));
+
+	rv = PFIL_PASS;
+	CK_STAILQ_FOREACH(link, pch, link_chain) {
+		rv = (*link->link_func)(p, ifp, flags, link->link_ruleset, inp);
+		if (rv == PFIL_DROPPED || rv == PFIL_CONSUMED)
+			break;
+	}
+	return (rv);
+}
+
+int
+pfil_mbuf_in(struct pfil_head *head, pfil_packet_t p, struct ifnet *ifp,
+   struct inpcb *inp)
+{
+
+	return (pfil_mbuf_common(&head->head_in, p, ifp, PFIL_IN, inp));
+}
+
+int
+pfil_mbuf_out(struct pfil_head *head, pfil_packet_t p, struct ifnet *ifp,
+    struct inpcb *inp)
+{
+
+	return (pfil_mbuf_common(&head->head_out, p, ifp, PFIL_OUT, inp));
+}
+
 /*
  * pfil_head_register() registers a pfil_head with the packet filter hook
  * mechanism.
diff --git a/sys/net/pfil.h b/sys/net/pfil.h
index 5caee0e715f9..d5e9eadd8b8c 100644
--- a/sys/net/pfil.h
+++ b/sys/net/pfil.h
@@ -194,6 +194,10 @@ void		pfil_head_unregister(pfil_head_t);
 /* Public functions to run the packet inspection by inspection points. */
 int	pfil_run_hooks(struct pfil_head *, pfil_packet_t, struct ifnet *, int,
     struct inpcb *inp);
+int	pfil_mbuf_in(struct pfil_head *, pfil_packet_t, struct ifnet *,
+    struct inpcb *inp);
+int	pfil_mbuf_out(struct pfil_head *, pfil_packet_t, struct ifnet *,
+    struct inpcb *inp);
 /*
  * Minimally exposed structure to avoid function call in case of absence
  * of any filters by protocols and macros to do the check.