socsvn commit: r269415 - soc2014/dpl/netmap-ipfw/sys/netpfil/ipfw

Wed Jun 11 18:53:55 UTC 2014

Author: dpl
Date: Wed Jun 11 18:53:53 2014
New Revision: 269415
URL: http://svnweb.FreeBSD.org/socsvn/?view=rev&rev=269415

Log:
  Finished with the first set of opcodes.
  

Modified:
  soc2014/dpl/netmap-ipfw/sys/netpfil/ipfw/ip_fw2.c
  soc2014/dpl/netmap-ipfw/sys/netpfil/ipfw/ip_rules.h

Modified: soc2014/dpl/netmap-ipfw/sys/netpfil/ipfw/ip_fw2.c
==============================================================================

--- soc2014/dpl/netmap-ipfw/sys/netpfil/ipfw/ip_fw2.c	Wed Jun 11 18:39:53 2014	(r269414)
+++ soc2014/dpl/netmap-ipfw/sys/netpfil/ipfw/ip_fw2.c	Wed Jun 11 18:53:53 2014	(r269415)
@@ -1617,12 +1617,12 @@
 				break;
 
 			case O_IP6:
-				match = is_ipv6;
+				rule_ip6(&match, is_ipv6);
 				break;
 #endif
 
 			case O_IP4:
-				match = is_ipv4;
+				rule_ip4(&match, is_ipv4);
 				break;
 
 			case O_TAG: {

Modified: soc2014/dpl/netmap-ipfw/sys/netpfil/ipfw/ip_rules.h
==============================================================================
--- soc2014/dpl/netmap-ipfw/sys/netpfil/ipfw/ip_rules.h	Wed Jun 11 18:39:53 2014	(r269414)
+++ soc2014/dpl/netmap-ipfw/sys/netpfil/ipfw/ip_rules.h	Wed Jun 11 18:53:53 2014	(r269415)
@@ -679,34 +679,130 @@
 inline void
 rule_ip6(int *match, int is_ipv6)
 {
+	*match = is_ipv6;
 }
 #endif
 
 inline void
 rule_ip4(int *match, int is_ipv4)
 {
+	*match = is_ipv4;
 }
 
 inline void
-rule_tag(int *match, ipfw_insn *cmd, struct mbuf *m, tag, )
+rule_tag(int *match, ipfw_insn *cmd, struct mbuf *m)
 {
-}
+	struct m_tag *mtag;
+	uint32_t tag = IP_FW_ARG_TABLEARG(cmd->arg1);
 
-inline void
-rule_fib(int *match, struct ip_fw_args *args, ipfw_insn *cmd)
-{
+	/* Packet is already tagged with this tag? */
+	mtag = m_tag_locate(m, MTAG_IPFW, tag, NULL);
+
+	/* We have `untag' action when F_NOT flag is
+	 * present. And we must remove this mtag from
+	 * mbuf and reset `match' to zero (`match' will
+	 * be inversed later).
+	 * Otherwise we should allocate new mtag and
+	 * push it into mbuf.
+	 */
+	if (cmd->len & F_NOT) { /* `untag' action */
+		if (mtag != NULL)
+			m_tag_delete(m, mtag);
+		*match = 0;
+	} else {
+		if (mtag == NULL) {
+			mtag = m_tag_alloc( MTAG_IPFW,
+			    tag, 0, M_NOWAIT);
+			if (mtag != NULL)
+				m_tag_prepend(m, mtag);
+		}
+		*match = 1;
+	}
 }
 
-#ifndef USERSPACE
 inline void
-rule_sockarg(int *match, int is_ipv6 uint8_t proto, struct ip_fw_args *args, tcbinfo, udbinfo, inp, scr_ip, uint16_t src_port, struct in_addr *dst_ip, uint16_t dst_port, uint32_t *tablearg)
+rule_fib(int *match, struct ip_fw_args *args, ipfw_insn *cmd)
 {
+	if (args->f_id.fib == cmd->arg1)
+		*match = 1;
 }
-#endif /* !USERSPACE */				
 
 inline void
-rule_tagged(int *match, ipfw_insn *cmd, int *cmdlen, struct mbuf *m, ipfw, tag)
+rule_sockarg(int *match, int is_ipv6 uint8_t proto, struct ip_fw_args *args, struct in_addr *dst_ip, struct in_addr *src_ip, uint16_t dst_port, uint16_t src_port, uint32_t *tablearg)
 {
+#ifndef USERSPACE	/* not supported in userspace */
+	struct inpcb *inp = args->inp;
+	struct inpcbinfo *pi;
+	
+	if (is_ipv6) /* XXX can we remove this ? */
+		break;
+
+	if (proto == IPPROTO_TCP)
+		pi = &V_tcbinfo;
+	else if (proto == IPPROTO_UDP)
+		pi = &V_udbinfo;
+	else
+		break;
+
+	/*
+	 * XXXRW: so_user_cookie should almost
+	 * certainly be inp_user_cookie?
+	 */
+
+	/* For incomming packet, lookup up the 
+	inpcb using the src/dest ip/port tuple */
+	if (inp == NULL) {
+		inp = in_pcblookup(pi, 
+			src_ip, htons(src_port),
+			dst_ip, htons(dst_port),
+			INPLOOKUP_RLOCKPCB, NULL);
+		if (inp != NULL) {
+			tablearg =
+			    inp->inp_socket->so_user_cookie;
+			if (tablearg)
+				*match = 1;
+			INP_RUNLOCK(inp);
+		}
+	} else {
+		if (inp->inp_socket) {
+			tablearg =
+			    inp->inp_socket->so_user_cookie;
+			if (tablearg)
+				*match = 1;
+		}
+	}
+#endif /* !USERSPACE */
+}
+
+inline void
+rule_tagged(int *match, ipfw_insn *cmd, int cmdlen, struct mbuf *m)
+{
+	struct m_tag *mtag;
+	uint32_t tag = IP_FW_ARG_TABLEARG(cmd->arg1);
+
+	if (cmdlen == 1) {
+		*match = m_tag_locate(m, MTAG_IPFW,
+		    tag, NULL) != NULL;
+		break;
+	}
+
+	/* we have ranges */
+	for (mtag = m_tag_first(m);
+	    mtag != NULL && !(*match);
+	    mtag = m_tag_next(m, mtag)) {
+		uint16_t *p;
+		int i;
+
+		if (mtag->m_tag_cookie != MTAG_IPFW)
+			continue;
+
+		p = ((ipfw_insn_u16 *)cmd)->ports;
+		i = cmdlen - 1;
+		for(; !(*match) && i > 0; i--, p += 2)
+			*match =
+			    mtag->m_tag_id >= p[0] &&
+			    mtag->m_tag_id <= p[1];
+	}
 }
 
 /*
