socsvn commit: r272216 - soc2014/dpl/netmap-ipfwjit/sys/netpfil/ipfw
dpl at FreeBSD.org
dpl at FreeBSD.org
Mon Aug 11 16:36:19 UTC 2014
Author: dpl
Date: Mon Aug 11 16:36:18 2014
New Revision: 272216
URL: http://svnweb.FreeBSD.org/socsvn/?view=rev&rev=272216
Log:
Corrected some wrong first drafts of the emit_* functions. Removed some of the firewall's logic to iterate the rules, and moved some comments to avoid errors.
Modified:
soc2014/dpl/netmap-ipfwjit/sys/netpfil/ipfw/jit.cc
Modified: soc2014/dpl/netmap-ipfwjit/sys/netpfil/ipfw/jit.cc
==============================================================================
--- soc2014/dpl/netmap-ipfwjit/sys/netpfil/ipfw/jit.cc Mon Aug 11 16:20:55 2014 (r272215)
+++ soc2014/dpl/netmap-ipfwjit/sys/netpfil/ipfw/jit.cc Mon Aug 11 16:36:18 2014 (r272216)
@@ -289,26 +289,25 @@
delete mod;
}
+ // Returns the pointer to the compiled function.
funcptr
- functionPtr()
+ getFuncPtr()
{
- MachineCodeInfo machinf;
-
- ExecutionEngine::runJITOnFunction(func, &machinf);
- return ((funcptr)machinf.address());
+ return ((funcptr)NULL);
}
+ // Emits all the code necessary to fill in some vars.
+ // XXX Should we emit that? Or should we create a function call instead?
int
- emit_nop(int *matchptr)
+ emit_lookpkt()
{
- // static IPFW_RULES_INLINE void
- // rule_nop(int *match)
- // {
- // *match = 1;
- // }
-
- *matchptr = 1;
+ //irb.CreateCall();
+ return (0);
+ }
+ int
+ emit_nop()
+ {
irb.CreateStore(ConstantInt::get(int32Ty, 1), match);
return (0);
}
@@ -316,56 +315,21 @@
int
emit_forward_mac(u_int8_t opcode)
{
- // printf("ipfw: opcode %d unimplemented\n",
- // opcode);
-
- Function *printf;
-
- printf = mod->getFunction("printf");
- irb.CreateCall(printf, "ipfw: opcode %d unimplemented\n", opcode);
+ printf("Compilation error:\n");
+ printf("ipfwjitter: opcode %d unimplemented\n", opcode);
+ printf("Compilation continues.\n");
return (0);
}
int
emit_jail()
{
- // static IPFW_RULES_INLINE void
- // rule_jail(int * match, u_short offset, uint8_t proto, ipfw_insn *cmd, struct ip_fw_args *args, int ucred_lookup, void *ucred_cache)
- // {
- // /*
- // * We only check offset == 0 && proto != 0,
- // * as this ensures that we have a
- // * packet with the ports info.
- // */
- // if (offset != 0)
- // return;
- // if (proto == IPPROTO_TCP ||
- // proto == IPPROTO_UDP)
- // *match = check_uidgid(
- // (ipfw_insn_u32 *)cmd,
- // args, &ucred_lookup,
- // #ifdef __FreeBSD__
- // //(struct bsd_ucred **)&ucred_cache);
- // (struct ucred **)&ucred_cache);
- // #else
- // (void *)&ucred_cache);
- // #endif
- // }
-
return (0);
}
int
emit_recv()
{
- // static IPFW_RULES_INLINE void
- // rule_recv(int *match, ipfw_insn *cmd, struct mbuf *m, struct ip_fw_chain *chain, uint32_t *tablearg)
- // {
- // *match = iface_match(m->m_pkthdr.rcvif, (ipfw_insn_if *)cmd, chain, tablearg);
- // }
-
- irb.CreateStore(irb.CreateCall4(/*STUFF GOING HERE*/ match);
-
return (0);
}
@@ -392,39 +356,15 @@
struct ip_fw *f;
f = chain->map[f_pos];
- if (V_set_disable & (1 << f->set) )
- continue;
- skip_or = 0;
// For each different command.
for (l = f->cmd_len, cmd = f->cmd ; l > 0 ;
l -= cmdlen, cmd += cmdlen) {
- int match;
- /*
- * check_body is a jump target used when we find a
- * CHECK_STATE, and need to jump to the body of
- * the target rule.
- */
-
/* check_body: */
cmdlen = F_LEN(cmd);
- /*
- * An OR block (insn_1 || .. || insn_n) has the
- * F_OR bit set in all but the last instruction.
- * The first match will set "skip_or", and cause
- * the following instructions to be skipped until
- * past the one with the F_OR bit clear.
- */
- if (skip_or) { /* skip this instruction */
- if ((cmd->len & F_OR) == 0)
- skip_or = 0; /* next one is good */
- continue;
- }
- match = 0; /* set to 1 if we succeed */
-
switch (cmd->opcode) {
case O_NOP:
- comp.emit_nop(&match);
+ comp.emit_nop();
break;
case O_FORWARD_MAC:
@@ -437,11 +377,11 @@
comp.emit_jail();
break;
-/* XXX
case O_RECV:
comp.emit_recv();
break;
+/* XXX
case O_XMIT:
comp.emit_xmit();
break;
@@ -537,8 +477,7 @@
comp.emit_icmp6type();
break;
#endif /* INET6 */
-
-/* XXX
+/*
case O_IPOPT:
comp.emit_ipopt();
break;
@@ -574,9 +513,6 @@
break;
case O_TCPOPTS:
- /* if (rule_tcpopts(&match, hlen, ulp, proto, offset, cmd, m, args))
- goto pullup_failed; */
-/* XXX
comp.emit_tcpopts();
break;
@@ -625,9 +561,9 @@
comp.emit_ipsec();
#endif
/* otherwise no match */
-/* XXX
break;
+/* XXX
#ifdef INET6
case O_IP6_SRC:
comp.emit_ip6_src();
@@ -750,14 +686,14 @@
comp.emit_skipto();
continue;
break; /* NOTREACHED */
-/* XXX
+/* XXX
case O_CALLRETURN:
comp.emit_callreturn();
continue;
break; /* NOTREACHED */
-
/* XXX
+
case O_REJECT:
comp.emit_reject();
/* FALLTHROUGH */
@@ -803,44 +739,13 @@
comp.emit_reass();
break;
+ */
default:
panic("-- unknown opcode %d\n", cmd->opcode);
} /* end of switch() on opcodes */
- /*
- * if we get here with l=0, then match is irrelevant.
- */
-
- if (cmd->len & F_NOT)
- match = !match;
-
- if (match) {
- if (cmd->len & F_OR)
- skip_or = 1;
- } else {
- if (!(cmd->len & F_OR)) /* not an OR block, */
- break; /* try next rule */
- }
-
} /* end of inner loop, scan opcodes */
-
- if (done)
- break;
-
-/* next_rule:; */ /* try next rule */
-
} /* end of outer for, scan rules */
- if (done) {
- struct ip_fw *rule = chain->map[f_pos];
- /* Update statistics */
- IPFW_INC_RULE_COUNTER(rule, pktlen);
- } else {
- retval = IP_FW_DENY;
- printf("ipfw: ouch!, skip past end of rules, denying packet\n");
- }
-
// Once we're done iterating through the rules, return the pointer.
-
- return (0);
-}
+ return (comp.getFuncPtr());
}
More information about the svn-soc-all
mailing list