git: 5c75dfdf6056 - main - pf: SDTs for ether rule matching

From: Kristof Provost <kp_at_FreeBSD.org>
Date: Wed, 02 Mar 2022 16:00:44 UTC
The branch main has been updated by kp:

URL: https://cgit.FreeBSD.org/src/commit/?id=5c75dfdf6056f68d8d750b52b385018b5be31e13

commit 5c75dfdf6056f68d8d750b52b385018b5be31e13
Author:     Kristof Provost <kp@FreeBSD.org>
AuthorDate: 2021-02-16 09:08:26 +0000
Commit:     Kristof Provost <kp@FreeBSD.org>
CommitDate: 2022-03-02 16:00:04 +0000

    pf: SDTs for ether rule matching
    
    Add static DTrace probe points to allow debugging of ether rule
    matching.
    
    Reviewed by:    mjg
    Sponsored by:   Rubicon Communications, LLC ("Netgate")
    Differential Revision:  https://reviews.freebsd.org/D31741
---
 sys/netpfil/pf/pf.c | 39 +++++++++++++++++++++++++++++++++++----
 1 file changed, 35 insertions(+), 4 deletions(-)

diff --git a/sys/netpfil/pf/pf.c b/sys/netpfil/pf/pf.c
index c45880a6974b..8bf309caf7d4 100644
--- a/sys/netpfil/pf/pf.c
+++ b/sys/netpfil/pf/pf.c
@@ -129,6 +129,15 @@ SDT_PROBE_DEFINE5(pf, ip, state, lookup, "struct pfi_kkif *",
     "struct pf_state_key_cmp *", "int", "struct pf_pdesc *",
     "struct pf_kstate *");
 
+SDT_PROBE_DEFINE3(pf, eth, test_rule, entry, "int", "struct ifnet *",
+    "struct mbuf *");
+SDT_PROBE_DEFINE2(pf, eth, test_rule, test, "int", "struct pf_keth_rule *");
+SDT_PROBE_DEFINE3(pf, eth, test_rule, mismatch,
+    "int", "struct pf_keth_rule *", "char *");
+SDT_PROBE_DEFINE2(pf, eth, test_rule, match, "int", "struct pf_keth_rule *");
+SDT_PROBE_DEFINE2(pf, eth, test_rule, final_match,
+    "int", "struct pf_keth_rule *");
+
 /*
  * Global variables
  */
@@ -3720,6 +3729,8 @@ pf_test_eth_rule(int dir, struct pfi_kkif *kif, struct mbuf *m)
 	MPASS(kif->pfik_ifp->if_vnet == curvnet);
 	NET_EPOCH_ASSERT();
 
+	SDT_PROBE3(pf, eth, test_rule, entry, dir, kif->pfik_ifp, m);
+
 	e = mtod(m, struct ether_header *);
 
 	settings = ck_pr_load_ptr(&V_pf_keth);
@@ -3728,21 +3739,39 @@ pf_test_eth_rule(int dir, struct pfi_kkif *kif, struct mbuf *m)
 
 	while (r != NULL) {
 		counter_u64_add(r->evaluations, 1);
-		if (pfi_kkif_match(r->kif, kif) == r->ifnot)
+		SDT_PROBE2(pf, eth, test_rule, test, r->nr, r);
+
+		if (pfi_kkif_match(r->kif, kif) == r->ifnot) {
+			SDT_PROBE3(pf, eth, test_rule, mismatch, r->nr, r,
+			    "kif");
 			r = r->skip[PFE_SKIP_IFP].ptr;
-		else if (r->direction && r->direction != dir)
+		}
+		else if (r->direction && r->direction != dir) {
+			SDT_PROBE3(pf, eth, test_rule, mismatch, r->nr, r,
+			    "dir");
 			r = r->skip[PFE_SKIP_DIR].ptr;
-		else if (r->proto && r->proto != ntohs(e->ether_type))
+		}
+		else if (r->proto && r->proto != ntohs(e->ether_type)) {
+			SDT_PROBE3(pf, eth, test_rule, mismatch, r->nr, r,
+			    "proto");
 			r = r->skip[PFE_SKIP_PROTO].ptr;
-		else if (! pf_match_eth_addr(e->ether_shost, &r->src))
+		}
+		else if (! pf_match_eth_addr(e->ether_shost, &r->src)) {
+			SDT_PROBE3(pf, eth, test_rule, mismatch, r->nr, r,
+			    "src");
 			r = r->skip[PFE_SKIP_SRC_ADDR].ptr;
+		}
 		else if (! pf_match_eth_addr(e->ether_dhost, &r->dst)) {
+			SDT_PROBE3(pf, eth, test_rule, mismatch, r->nr, r,
+			    "dst");
 			r = TAILQ_NEXT(r, entries);
 		}
 		else {
 			/* Rule matches */
 			rm = r;
 
+			SDT_PROBE2(pf, eth, test_rule, match, r->nr, r);
+
 			if (r->quick)
 				break;
 
@@ -3752,6 +3781,8 @@ pf_test_eth_rule(int dir, struct pfi_kkif *kif, struct mbuf *m)
 
 	r = rm;
 
+	SDT_PROBE2(pf, eth, test_rule, final_match, (r != NULL ? r->nr : -1), r);
+
 	/* Default to pass. */
 	if (r == NULL)
 		return (PF_PASS);