socsvn commit: r269415 - soc2014/dpl/netmap-ipfw/sys/netpfil/ipfw
dpl at FreeBSD.org
dpl at FreeBSD.org
Wed Jun 11 18:53:55 UTC 2014
Author: dpl
Date: Wed Jun 11 18:53:53 2014
New Revision: 269415
URL: http://svnweb.FreeBSD.org/socsvn/?view=rev&rev=269415
Log:
Finished with the first set of opcodes.
Modified:
soc2014/dpl/netmap-ipfw/sys/netpfil/ipfw/ip_fw2.c
soc2014/dpl/netmap-ipfw/sys/netpfil/ipfw/ip_rules.h
Modified: soc2014/dpl/netmap-ipfw/sys/netpfil/ipfw/ip_fw2.c
==============================================================================
--- soc2014/dpl/netmap-ipfw/sys/netpfil/ipfw/ip_fw2.c Wed Jun 11 18:39:53 2014 (r269414)
+++ soc2014/dpl/netmap-ipfw/sys/netpfil/ipfw/ip_fw2.c Wed Jun 11 18:53:53 2014 (r269415)
@@ -1617,12 +1617,12 @@
break;
case O_IP6:
- match = is_ipv6;
+ rule_ip6(&match, is_ipv6);
break;
#endif
case O_IP4:
- match = is_ipv4;
+ rule_ip4(&match, is_ipv4);
break;
case O_TAG: {
Modified: soc2014/dpl/netmap-ipfw/sys/netpfil/ipfw/ip_rules.h
==============================================================================
--- soc2014/dpl/netmap-ipfw/sys/netpfil/ipfw/ip_rules.h Wed Jun 11 18:39:53 2014 (r269414)
+++ soc2014/dpl/netmap-ipfw/sys/netpfil/ipfw/ip_rules.h Wed Jun 11 18:53:53 2014 (r269415)
@@ -679,34 +679,130 @@
inline void
rule_ip6(int *match, int is_ipv6)
{
+ *match = is_ipv6;
}
#endif
inline void
rule_ip4(int *match, int is_ipv4)
{
+ *match = is_ipv4;
}
inline void
-rule_tag(int *match, ipfw_insn *cmd, struct mbuf *m, tag, )
+rule_tag(int *match, ipfw_insn *cmd, struct mbuf *m)
{
-}
+ struct m_tag *mtag;
+ uint32_t tag = IP_FW_ARG_TABLEARG(cmd->arg1);
-inline void
-rule_fib(int *match, struct ip_fw_args *args, ipfw_insn *cmd)
-{
+ /* Packet is already tagged with this tag? */
+ mtag = m_tag_locate(m, MTAG_IPFW, tag, NULL);
+
+ /* We have `untag' action when F_NOT flag is
+ * present. And we must remove this mtag from
+ * mbuf and reset `match' to zero (`match' will
+ * be inversed later).
+ * Otherwise we should allocate new mtag and
+ * push it into mbuf.
+ */
+ if (cmd->len & F_NOT) { /* `untag' action */
+ if (mtag != NULL)
+ m_tag_delete(m, mtag);
+ *match = 0;
+ } else {
+ if (mtag == NULL) {
+ mtag = m_tag_alloc( MTAG_IPFW,
+ tag, 0, M_NOWAIT);
+ if (mtag != NULL)
+ m_tag_prepend(m, mtag);
+ }
+ *match = 1;
+ }
}
-#ifndef USERSPACE
inline void
-rule_sockarg(int *match, int is_ipv6 uint8_t proto, struct ip_fw_args *args, tcbinfo, udbinfo, inp, scr_ip, uint16_t src_port, struct in_addr *dst_ip, uint16_t dst_port, uint32_t *tablearg)
+rule_fib(int *match, struct ip_fw_args *args, ipfw_insn *cmd)
{
+ if (args->f_id.fib == cmd->arg1)
+ *match = 1;
}
-#endif /* !USERSPACE */
inline void
-rule_tagged(int *match, ipfw_insn *cmd, int *cmdlen, struct mbuf *m, ipfw, tag)
+rule_sockarg(int *match, int is_ipv6 uint8_t proto, struct ip_fw_args *args, struct in_addr *dst_ip, struct in_addr *src_ip, uint16_t dst_port, uint16_t src_port, uint32_t *tablearg)
{
+#ifndef USERSPACE /* not supported in userspace */
+ struct inpcb *inp = args->inp;
+ struct inpcbinfo *pi;
+
+ if (is_ipv6) /* XXX can we remove this ? */
+ break;
+
+ if (proto == IPPROTO_TCP)
+ pi = &V_tcbinfo;
+ else if (proto == IPPROTO_UDP)
+ pi = &V_udbinfo;
+ else
+ break;
+
+ /*
+ * XXXRW: so_user_cookie should almost
+ * certainly be inp_user_cookie?
+ */
+
+ /* For incomming packet, lookup up the
+ inpcb using the src/dest ip/port tuple */
+ if (inp == NULL) {
+ inp = in_pcblookup(pi,
+ src_ip, htons(src_port),
+ dst_ip, htons(dst_port),
+ INPLOOKUP_RLOCKPCB, NULL);
+ if (inp != NULL) {
+ tablearg =
+ inp->inp_socket->so_user_cookie;
+ if (tablearg)
+ *match = 1;
+ INP_RUNLOCK(inp);
+ }
+ } else {
+ if (inp->inp_socket) {
+ tablearg =
+ inp->inp_socket->so_user_cookie;
+ if (tablearg)
+ *match = 1;
+ }
+ }
+#endif /* !USERSPACE */
+}
+
+inline void
+rule_tagged(int *match, ipfw_insn *cmd, int cmdlen, struct mbuf *m)
+{
+ struct m_tag *mtag;
+ uint32_t tag = IP_FW_ARG_TABLEARG(cmd->arg1);
+
+ if (cmdlen == 1) {
+ *match = m_tag_locate(m, MTAG_IPFW,
+ tag, NULL) != NULL;
+ break;
+ }
+
+ /* we have ranges */
+ for (mtag = m_tag_first(m);
+ mtag != NULL && !(*match);
+ mtag = m_tag_next(m, mtag)) {
+ uint16_t *p;
+ int i;
+
+ if (mtag->m_tag_cookie != MTAG_IPFW)
+ continue;
+
+ p = ((ipfw_insn_u16 *)cmd)->ports;
+ i = cmdlen - 1;
+ for(; !(*match) && i > 0; i--, p += 2)
+ *match =
+ mtag->m_tag_id >= p[0] &&
+ mtag->m_tag_id <= p[1];
+ }
}
/*
More information about the svn-soc-all
mailing list