ip_fastfwd.c (122702) | ip_fastfwd.c (122759) |
---|---|
1/* 2 * Copyright (c) 2003 Andre Oppermann, Internet Business Solutions AG 3 * All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright --- 12 unchanged lines hidden (view full) --- 21 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 22 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 23 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 24 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 25 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 26 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 27 * SUCH DAMAGE. 28 * | 1/* 2 * Copyright (c) 2003 Andre Oppermann, Internet Business Solutions AG 3 * All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright --- 12 unchanged lines hidden (view full) --- 21 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 22 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 23 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 24 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 25 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 26 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 27 * SUCH DAMAGE. 28 * |
29 * $FreeBSD: head/sys/netinet/ip_fastfwd.c 122702 2003-11-14 21:02:22Z andre $ | 29 * $FreeBSD: head/sys/netinet/ip_fastfwd.c 122759 2003-11-15 17:03:37Z andre $ |
30 */ 31 32/* 33 * ip_fastforward gets its speed from processing the forwarded packet to 34 * completion (if_output on the other side) without any queues or netisr's. 35 * The receiving interface DMAs the packet into memory, the upper half of 36 * driver calls ip_fastforward, we do our routing table lookup and directly 37 * send it off to the outgoing interface which DMAs the packet to the 38 * network card. The only part of the packet we touch with the CPU is the | 30 */ 31 32/* 33 * ip_fastforward gets its speed from processing the forwarded packet to 34 * completion (if_output on the other side) without any queues or netisr's. 35 * The receiving interface DMAs the packet into memory, the upper half of 36 * driver calls ip_fastforward, we do our routing table lookup and directly 37 * send it off to the outgoing interface which DMAs the packet to the 38 * network card. The only part of the packet we touch with the CPU is the |
39 * IP header. We are essentially limited by bus bandwidth and how fast the 40 * network card/driver can set up receives and transmits. | 39 * IP header (unless there are complex firewall rules touching other parts 40 * of the packet, but that is up to you). We are essentially limited by bus 41 * bandwidth and how fast the network card/driver can set up receives and 42 * transmits. |
41 * 42 * We handle basic errors, ip header errors, checksum errors, 43 * destination unreachable, fragmentation and fragmentation needed and 44 * report them via icmp to the sender. 45 * 46 * Else if something is not pure IPv4 unicast forwarding we fall back to 47 * the normal ip_input processing path. We should only be called from 48 * interfaces connected to the outside world. --- 290 unchanged lines hidden (view full) --- 339#endif 340 341 /* 342 * Run through ipfw for input packets 343 */ 344 if (fw_enable && IPFW_LOADED) { 345 bzero(&args, sizeof(args)); 346 args.m = m; | 43 * 44 * We handle basic errors, ip header errors, checksum errors, 45 * destination unreachable, fragmentation and fragmentation needed and 46 * report them via icmp to the sender. 47 * 48 * Else if something is not pure IPv4 unicast forwarding we fall back to 49 * the normal ip_input processing path. We should only be called from 50 * interfaces connected to the outside world. --- 290 unchanged lines hidden (view full) --- 341#endif 342 343 /* 344 * Run through ipfw for input packets 345 */ 346 if (fw_enable && IPFW_LOADED) { 347 bzero(&args, sizeof(args)); 348 args.m = m; |
347 ipfw = 0; | |
348 349 ipfw = ip_fw_chk_ptr(&args); 350 m = args.m; 351 352 M_ASSERTVALID(m); 353 M_ASSERTPKTHDR(m); 354 355 /* --- 167 unchanged lines hidden (view full) --- 523 524 M_ASSERTVALID(m); 525 M_ASSERTPKTHDR(m); 526 527 ip = mtod(m, struct ip *); 528 dest = ip->ip_dst.s_addr; 529#endif 530 if (fw_enable && IPFW_LOADED && !args.next_hop) { | 349 350 ipfw = ip_fw_chk_ptr(&args); 351 m = args.m; 352 353 M_ASSERTVALID(m); 354 M_ASSERTPKTHDR(m); 355 356 /* --- 167 unchanged lines hidden (view full) --- 524 525 M_ASSERTVALID(m); 526 M_ASSERTPKTHDR(m); 527 528 ip = mtod(m, struct ip *); 529 dest = ip->ip_dst.s_addr; 530#endif 531 if (fw_enable && IPFW_LOADED && !args.next_hop) { |
531 bzero(&args, sizeof(args)); | 532 bzero(&args, sizeof(args)); |
532 args.m = m; 533 args.oif = ifp; | 533 args.m = m; 534 args.oif = ifp; |
534 ipfw = 0; | |
535 536 ipfw = ip_fw_chk_ptr(&args); 537 m = args.m; 538 539 M_ASSERTVALID(m); 540 M_ASSERTPKTHDR(m); 541 542 if ((ipfw & IP_FW_PORT_DENY_FLAG) || m == NULL) { --- 19 unchanged lines hidden (view full) --- 562 */ 563 if (ip->ip_off & (IP_MF | IP_OFFMASK)) { 564 MGETHDR(tag, M_DONTWAIT, MT_TAG); 565 if (tag == NULL) { 566 RTFREE(ro.ro_rt); 567 goto drop; 568 } 569 tag->m_flags = PACKET_TAG_DIVERT; | 535 536 ipfw = ip_fw_chk_ptr(&args); 537 m = args.m; 538 539 M_ASSERTVALID(m); 540 M_ASSERTPKTHDR(m); 541 542 if ((ipfw & IP_FW_PORT_DENY_FLAG) || m == NULL) { --- 19 unchanged lines hidden (view full) --- 562 */ 563 if (ip->ip_off & (IP_MF | IP_OFFMASK)) { 564 MGETHDR(tag, M_DONTWAIT, MT_TAG); 565 if (tag == NULL) { 566 RTFREE(ro.ro_rt); 567 goto drop; 568 } 569 tag->m_flags = PACKET_TAG_DIVERT; |
570 tag->m_data = (caddr_t)(u_int32_t)args.divert_rule; | 570 tag->m_data = (caddr_t)(u_long)args.divert_rule; |
571 tag->m_next = m; 572 /* XXX: really bloody hack, see ip_input */ 573 tag->m_nextpkt = (struct mbuf *)1; 574 m = tag; 575 tag = NULL; 576 577 goto droptoours; 578 } --- 228 unchanged lines hidden --- | 571 tag->m_next = m; 572 /* XXX: really bloody hack, see ip_input */ 573 tag->m_nextpkt = (struct mbuf *)1; 574 m = tag; 575 tag = NULL; 576 577 goto droptoours; 578 } --- 228 unchanged lines hidden --- |