Révision d29b772d
Ajouté par Ermal il y a presque 10 ans
patches/stable/10/CP_speedup.diff | ||
---|---|---|
300 | 300 |
|
301 | 301 |
/* |
302 | 302 |
diff --git a/sys/netinet/ip_fw.h b/sys/netinet/ip_fw.h |
303 |
index 14b08f5..f868bc4 100644
|
|
303 |
index 14b08f5..2eedd0b 100644
|
|
304 | 304 |
--- a/sys/netinet/ip_fw.h |
305 | 305 |
+++ b/sys/netinet/ip_fw.h |
306 | 306 |
@@ -74,6 +74,8 @@ typedef struct _ip_fw3_opheader { |
... | ... | |
312 | 312 |
|
313 | 313 |
/* |
314 | 314 |
* The kernel representation of ipfw rules is made of a list of |
315 |
@@ -600,7 +602,9 @@ struct _ipfw_dyn_rule {
|
|
315 |
@@ -600,13 +602,16 @@ struct _ipfw_dyn_rule {
|
|
316 | 316 |
|
317 | 317 |
#define IPFW_TABLE_CIDR 1 /* Table for holding IPv4/IPv6 prefixes */ |
318 | 318 |
#define IPFW_TABLE_INTERFACE 2 /* Table for holding interface names */ |
... | ... | |
323 | 323 |
|
324 | 324 |
typedef struct _ipfw_table_entry { |
325 | 325 |
in_addr_t addr; /* network address */ |
326 |
@@ -617,9 +621,26 @@ typedef struct _ipfw_table_xentry { |
|
326 |
u_int32_t value; /* value */ |
|
327 |
u_int16_t tbl; /* table number */ |
|
328 |
u_int8_t masklen; /* mask length */ |
|
329 |
+ uint64_t mac_addr; |
|
330 |
} ipfw_table_entry; |
|
331 |
|
|
332 |
typedef struct _ipfw_table_xentry { |
|
333 |
@@ -617,9 +622,26 @@ typedef struct _ipfw_table_xentry { |
|
327 | 334 |
uint32_t value; /* value */ |
328 | 335 |
union { |
329 | 336 |
/* Longest field needs to be aligned by 4-byte boundary */ |
... | ... | |
616 | 623 |
return 0; |
617 | 624 |
|
618 | 625 |
diff --git a/sys/netpfil/ipfw/ip_fw_private.h b/sys/netpfil/ipfw/ip_fw_private.h |
619 |
index a8d7eea..dd87f26 100644
|
|
626 |
index a8d7eea..4830124 100644
|
|
620 | 627 |
--- a/sys/netpfil/ipfw/ip_fw_private.h |
621 | 628 |
+++ b/sys/netpfil/ipfw/ip_fw_private.h |
622 | 629 |
@@ -101,6 +101,7 @@ struct ip_fw_args { |
... | ... | |
627 | 634 |
struct inpcb *inp; |
628 | 635 |
|
629 | 636 |
struct _ip6dn_args dummypar; /* dummynet->ip6_output */ |
630 |
@@ -304,13 +305,16 @@ void ipfw_reap_rules(struct ip_fw *head);
|
|
637 |
@@ -304,13 +305,17 @@ void ipfw_reap_rules(struct ip_fw *head);
|
|
631 | 638 |
struct radix_node; |
632 | 639 |
int ipfw_lookup_table(struct ip_fw_chain *ch, uint16_t tbl, in_addr_t addr, |
633 | 640 |
uint32_t *val); |
634 | 641 |
-int ipfw_lookup_table_extended(struct ip_fw_chain *ch, uint16_t tbl, void *paddr, |
635 | 642 |
- uint32_t *val, int type); |
643 |
+struct ether_addr; |
|
636 | 644 |
+void *ipfw_lookup_table_extended(struct ip_fw_chain *ch, uint16_t tbl, void *paddr, |
637 | 645 |
+ uint32_t *val, int type, struct ether_addr *); |
638 | 646 |
+void ipfw_count_table_xentry_stats(void *, int); |
... | ... | |
648 | 656 |
uint8_t plen, uint8_t mlen, uint8_t type); |
649 | 657 |
int ipfw_count_table(struct ip_fw_chain *ch, uint32_t tbl, uint32_t *cnt); |
650 | 658 |
diff --git a/sys/netpfil/ipfw/ip_fw_sockopt.c b/sys/netpfil/ipfw/ip_fw_sockopt.c |
651 |
index cb9c89c..e55f455 100644
|
|
659 |
index cb9c89c..d98cac6 100644
|
|
652 | 660 |
--- a/sys/netpfil/ipfw/ip_fw_sockopt.c |
653 | 661 |
+++ b/sys/netpfil/ipfw/ip_fw_sockopt.c |
662 |
@@ -1124,7 +1124,7 @@ ipfw_ctl(struct sockopt *sopt) |
|
663 |
break; |
|
664 |
error = ipfw_add_table_entry(chain, ent.tbl, |
|
665 |
&ent.addr, sizeof(ent.addr), ent.masklen, |
|
666 |
- IPFW_TABLE_CIDR, ent.value); |
|
667 |
+ IPFW_TABLE_CIDR, ent.mac_addr, ent.value); |
|
668 |
} |
|
669 |
break; |
|
670 |
|
|
654 | 671 |
@@ -1162,7 +1162,7 @@ ipfw_ctl(struct sockopt *sopt) |
655 | 672 |
|
656 | 673 |
error = (opt == IP_FW_TABLE_XADD) ? |
657 | 674 |
ipfw_add_table_entry(chain, xent->tbl, &xent->k, |
658 | 675 |
- len, xent->masklen, xent->type, xent->value) : |
659 |
+ len, xent->masklen, xent->type, xentry->mac_addr, xent->value) :
|
|
676 |
+ len, xent->masklen, xent->type, xent->mac_addr, xent->value) : |
|
660 | 677 |
ipfw_del_table_entry(chain, xent->tbl, &xent->k, |
661 | 678 |
len, xent->masklen, xent->type); |
662 | 679 |
} |
... | ... | |
709 | 726 |
{ |
710 | 727 |
ipfw_xtable *tbl; |
711 | 728 |
diff --git a/sys/netpfil/ipfw/ip_fw_table.c b/sys/netpfil/ipfw/ip_fw_table.c |
712 |
index 95cff5c..fd591f6 100644
|
|
729 |
index 95cff5c..e916749 100644
|
|
713 | 730 |
--- a/sys/netpfil/ipfw/ip_fw_table.c |
714 | 731 |
+++ b/sys/netpfil/ipfw/ip_fw_table.c |
715 |
@@ -74,7 +74,11 @@ static MALLOC_DEFINE(M_IPFW_TBL, "ipfw_tbl", "IpFw tables"); |
|
732 |
@@ -59,6 +59,7 @@ __FBSDID("$FreeBSD$"); |
|
733 |
#include <net/route.h> |
|
734 |
#include <net/vnet.h> |
|
735 |
|
|
736 |
+#include <net/ethernet.h> |
|
737 |
#include <netinet/in.h> |
|
738 |
#include <netinet/ip_var.h> /* struct ipfw_rule_ref */ |
|
739 |
#include <netinet/ip_fw.h> |
|
740 |
@@ -74,7 +75,11 @@ static MALLOC_DEFINE(M_IPFW_TBL, "ipfw_tbl", "IpFw tables"); |
|
716 | 741 |
struct table_entry { |
717 | 742 |
struct radix_node rn[2]; |
718 | 743 |
struct sockaddr_in addr, mask; |
... | ... | |
724 | 749 |
}; |
725 | 750 |
|
726 | 751 |
struct xaddr_iface { |
727 |
@@ -83,6 +87,22 @@ struct xaddr_iface {
|
|
752 |
@@ -83,6 +88,22 @@ struct xaddr_iface {
|
|
728 | 753 |
char ifname[IF_NAMESIZE]; /* Interface name */ |
729 | 754 |
}; |
730 | 755 |
|
... | ... | |
747 | 772 |
struct table_xentry { |
748 | 773 |
struct radix_node rn[2]; |
749 | 774 |
union { |
750 |
@@ -90,14 +110,26 @@ struct table_xentry {
|
|
775 |
@@ -90,14 +111,26 @@ struct table_xentry {
|
|
751 | 776 |
struct sockaddr_in6 addr6; |
752 | 777 |
#endif |
753 | 778 |
struct xaddr_iface iface; |
... | ... | |
774 | 799 |
}; |
775 | 800 |
|
776 | 801 |
/* |
777 |
@@ -117,10 +149,17 @@ struct table_xentry {
|
|
802 |
@@ -117,10 +150,17 @@ struct table_xentry {
|
|
778 | 803 |
#define KEY_LEN_INET (offsetof(struct sockaddr_in, sin_addr) + sizeof(in_addr_t)) |
779 | 804 |
#define KEY_LEN_INET6 (offsetof(struct sockaddr_in6, sin6_addr) + sizeof(struct in6_addr)) |
780 | 805 |
#define KEY_LEN_IFACE (offsetof(struct xaddr_iface, ifname)) |
... | ... | |
792 | 817 |
|
793 | 818 |
|
794 | 819 |
#ifdef INET6 |
795 |
@@ -137,7 +176,7 @@ ipv6_writemask(struct in6_addr *addr6, uint8_t mask)
|
|
820 |
@@ -137,7 +177,7 @@ ipv6_writemask(struct in6_addr *addr6, uint8_t mask)
|
|
796 | 821 |
|
797 | 822 |
int |
798 | 823 |
ipfw_add_table_entry(struct ip_fw_chain *ch, uint16_t tbl, void *paddr, |
... | ... | |
801 | 826 |
{ |
802 | 827 |
struct radix_node_head *rnh, **rnh_ptr; |
803 | 828 |
struct table_entry *ent; |
804 |
@@ -161,6 +200,7 @@ ipfw_add_table_entry(struct ip_fw_chain *ch, uint16_t tbl, void *paddr,
|
|
829 |
@@ -161,6 +201,7 @@ ipfw_add_table_entry(struct ip_fw_chain *ch, uint16_t tbl, void *paddr,
|
|
805 | 830 |
return (EINVAL); |
806 | 831 |
ent = malloc(sizeof(*ent), M_IPFW_TBL, M_WAITOK | M_ZERO); |
807 | 832 |
ent->value = value; |
... | ... | |
809 | 834 |
/* Set 'total' structure length */ |
810 | 835 |
KEY_LEN(ent->addr) = KEY_LEN_INET; |
811 | 836 |
KEY_LEN(ent->mask) = KEY_LEN_INET; |
812 |
@@ -182,6 +222,7 @@ ipfw_add_table_entry(struct ip_fw_chain *ch, uint16_t tbl, void *paddr,
|
|
837 |
@@ -182,6 +223,7 @@ ipfw_add_table_entry(struct ip_fw_chain *ch, uint16_t tbl, void *paddr,
|
|
813 | 838 |
return (EINVAL); |
814 | 839 |
xent = malloc(sizeof(*xent), M_IPFW_TBL, M_WAITOK | M_ZERO); |
815 | 840 |
xent->value = value; |
816 |
+ ent->mac_addr = mac_addr; |
|
841 |
+ xent->mac_addr = mac_addr;
|
|
817 | 842 |
/* Set 'total' structure length */ |
818 | 843 |
KEY_LEN(xent->a.addr6) = KEY_LEN_INET6; |
819 | 844 |
KEY_LEN(xent->m.mask6) = KEY_LEN_INET6; |
820 |
@@ -233,6 +274,52 @@ ipfw_add_table_entry(struct ip_fw_chain *ch, uint16_t tbl, void *paddr,
|
|
845 |
@@ -233,6 +275,52 @@ ipfw_add_table_entry(struct ip_fw_chain *ch, uint16_t tbl, void *paddr,
|
|
821 | 846 |
mask_ptr = NULL; |
822 | 847 |
break; |
823 | 848 |
|
... | ... | |
870 | 895 |
default: |
871 | 896 |
return (EINVAL); |
872 | 897 |
} |
873 |
@@ -281,6 +368,19 @@ ipfw_add_table_entry(struct ip_fw_chain *ch, uint16_t tbl, void *paddr,
|
|
898 |
@@ -281,6 +369,19 @@ ipfw_add_table_entry(struct ip_fw_chain *ch, uint16_t tbl, void *paddr,
|
|
874 | 899 |
IPFW_WUNLOCK(ch); |
875 | 900 |
|
876 | 901 |
if (rn == NULL) { |
... | ... | |
890 | 915 |
free(ent_ptr, M_IPFW_TBL); |
891 | 916 |
return (EEXIST); |
892 | 917 |
} |
893 |
@@ -367,6 +467,41 @@ ipfw_del_table_entry(struct ip_fw_chain *ch, uint16_t tbl, void *paddr,
|
|
918 |
@@ -367,6 +468,41 @@ ipfw_del_table_entry(struct ip_fw_chain *ch, uint16_t tbl, void *paddr,
|
|
894 | 919 |
|
895 | 920 |
break; |
896 | 921 |
|
... | ... | |
932 | 957 |
default: |
933 | 958 |
return (EINVAL); |
934 | 959 |
} |
935 |
@@ -552,9 +687,152 @@ ipfw_lookup_table(struct ip_fw_chain *ch, uint16_t tbl, in_addr_t addr,
|
|
960 |
@@ -552,9 +688,152 @@ ipfw_lookup_table(struct ip_fw_chain *ch, uint16_t tbl, in_addr_t addr,
|
|
936 | 961 |
return (0); |
937 | 962 |
} |
938 | 963 |
|
... | ... | |
1086 | 1111 |
{ |
1087 | 1112 |
struct radix_node_head *rnh; |
1088 | 1113 |
struct table_xentry *xent; |
1089 |
@@ -562,15 +840,21 @@ ipfw_lookup_table_extended(struct ip_fw_chain *ch, uint16_t tbl, void *paddr,
|
|
1114 |
@@ -562,15 +841,21 @@ ipfw_lookup_table_extended(struct ip_fw_chain *ch, uint16_t tbl, void *paddr,
|
|
1090 | 1115 |
struct xaddr_iface iface; |
1091 | 1116 |
|
1092 | 1117 |
if (tbl >= V_fw_tables_max) |
... | ... | |
1110 | 1135 |
break; |
1111 | 1136 |
|
1112 | 1137 |
case IPFW_TABLE_INTERFACE: |
1113 |
@@ -581,15 +865,37 @@ ipfw_lookup_table_extended(struct ip_fw_chain *ch, uint16_t tbl, void *paddr,
|
|
1138 |
@@ -581,15 +866,37 @@ ipfw_lookup_table_extended(struct ip_fw_chain *ch, uint16_t tbl, void *paddr,
|
|
1114 | 1139 |
xent = (struct table_xentry *)(rnh->rnh_lookup(&iface, NULL, rnh)); |
1115 | 1140 |
break; |
1116 | 1141 |
|
... | ... | |
1151 | 1176 |
} |
1152 | 1177 |
|
1153 | 1178 |
static int |
1154 |
@@ -698,6 +1004,9 @@ dump_table_xentry_base(struct radix_node *rn, void *arg)
|
|
1179 |
@@ -698,6 +1005,9 @@ dump_table_xentry_base(struct radix_node *rn, void *arg)
|
|
1155 | 1180 |
/* Save IPv4 address as deprecated IPv6 compatible */ |
1156 | 1181 |
xent->k.addr6.s6_addr32[3] = n->addr.sin_addr.s_addr; |
1157 | 1182 |
xent->value = n->value; |
... | ... | |
1161 | 1186 |
tbl->cnt++; |
1162 | 1187 |
return (0); |
1163 | 1188 |
} |
1164 |
@@ -735,12 +1044,31 @@ dump_table_xentry_extended(struct radix_node *rn, void *arg)
|
|
1189 |
@@ -735,12 +1045,31 @@ dump_table_xentry_extended(struct radix_node *rn, void *arg)
|
|
1165 | 1190 |
memcpy(&xent->k, &n->a.iface.ifname, IF_NAMESIZE); |
1166 | 1191 |
break; |
1167 | 1192 |
|
Formats disponibles : Unified diff
Make this build adding needed members