git: 0b70e3e78b02 - main - net: add pfil_mbuf_{in,out}
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Thu, 08 Sep 2022 16:21:30 UTC
The branch main has been updated by mjg: URL: https://cgit.FreeBSD.org/src/commit/?id=0b70e3e78b0279c66be06dea27bcdaf5eadf663d commit 0b70e3e78b0279c66be06dea27bcdaf5eadf663d Author: Mateusz Guzik <mjg@FreeBSD.org> AuthorDate: 2022-09-02 16:23:54 +0000 Commit: Mateusz Guzik <mjg@FreeBSD.org> CommitDate: 2022-09-08 16:20:43 +0000 net: add pfil_mbuf_{in,out} This shaves a lot of branching due to MEMPTR flag. Reviewed by: glebius Sponsored by: Rubicon Communications, LLC ("Netgate") Differential Revision: https://reviews.freebsd.org/D36454 --- sys/net/pfil.c | 36 ++++++++++++++++++++++++++++++++++++ sys/net/pfil.h | 4 ++++ 2 files changed, 40 insertions(+) diff --git a/sys/net/pfil.c b/sys/net/pfil.c index 85a0f031006b..b68fbe8db5c5 100644 --- a/sys/net/pfil.c +++ b/sys/net/pfil.c @@ -198,6 +198,42 @@ pfil_run_hooks(struct pfil_head *head, pfil_packet_t p, struct ifnet *ifp, return (rv); } +static __always_inline int +pfil_mbuf_common(pfil_chain_t *pch, pfil_packet_t p, struct ifnet *ifp, + int flags, struct inpcb *inp) +{ + struct pfil_link *link; + pfil_return_t rv; + + NET_EPOCH_ASSERT(); + KASSERT(flags == PFIL_IN || flags == PFIL_OUT, + ("%s: unsupported flags %d", __func__, flags)); + + rv = PFIL_PASS; + CK_STAILQ_FOREACH(link, pch, link_chain) { + rv = (*link->link_func)(p, ifp, flags, link->link_ruleset, inp); + if (rv == PFIL_DROPPED || rv == PFIL_CONSUMED) + break; + } + return (rv); +} + +int +pfil_mbuf_in(struct pfil_head *head, pfil_packet_t p, struct ifnet *ifp, + struct inpcb *inp) +{ + + return (pfil_mbuf_common(&head->head_in, p, ifp, PFIL_IN, inp)); +} + +int +pfil_mbuf_out(struct pfil_head *head, pfil_packet_t p, struct ifnet *ifp, + struct inpcb *inp) +{ + + return (pfil_mbuf_common(&head->head_out, p, ifp, PFIL_OUT, inp)); +} + /* * pfil_head_register() registers a pfil_head with the packet filter hook * mechanism. diff --git a/sys/net/pfil.h b/sys/net/pfil.h index 5caee0e715f9..d5e9eadd8b8c 100644 --- a/sys/net/pfil.h +++ b/sys/net/pfil.h @@ -194,6 +194,10 @@ void pfil_head_unregister(pfil_head_t); /* Public functions to run the packet inspection by inspection points. */ int pfil_run_hooks(struct pfil_head *, pfil_packet_t, struct ifnet *, int, struct inpcb *inp); +int pfil_mbuf_in(struct pfil_head *, pfil_packet_t, struct ifnet *, + struct inpcb *inp); +int pfil_mbuf_out(struct pfil_head *, pfil_packet_t, struct ifnet *, + struct inpcb *inp); /* * Minimally exposed structure to avoid function call in case of absence * of any filters by protocols and macros to do the check.