The branch main has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=5c75dfdf6056f68d8d750b52b385018b5be31e13
commit 5c75dfdf6056f68d8d750b52b385018b5be31e13 Author: Kristof Provost <[email protected]> AuthorDate: 2021-02-16 09:08:26 +0000 Commit: Kristof Provost <[email protected]> CommitDate: 2022-03-02 16:00:04 +0000 pf: SDTs for ether rule matching Add static DTrace probe points to allow debugging of ether rule matching. Reviewed by: mjg Sponsored by: Rubicon Communications, LLC ("Netgate") Differential Revision: https://reviews.freebsd.org/D31741 --- sys/netpfil/pf/pf.c | 39 +++++++++++++++++++++++++++++++++++---- 1 file changed, 35 insertions(+), 4 deletions(-) diff --git a/sys/netpfil/pf/pf.c b/sys/netpfil/pf/pf.c index c45880a6974b..8bf309caf7d4 100644 --- a/sys/netpfil/pf/pf.c +++ b/sys/netpfil/pf/pf.c @@ -129,6 +129,15 @@ SDT_PROBE_DEFINE5(pf, ip, state, lookup, "struct pfi_kkif *", "struct pf_state_key_cmp *", "int", "struct pf_pdesc *", "struct pf_kstate *"); +SDT_PROBE_DEFINE3(pf, eth, test_rule, entry, "int", "struct ifnet *", + "struct mbuf *"); +SDT_PROBE_DEFINE2(pf, eth, test_rule, test, "int", "struct pf_keth_rule *"); +SDT_PROBE_DEFINE3(pf, eth, test_rule, mismatch, + "int", "struct pf_keth_rule *", "char *"); +SDT_PROBE_DEFINE2(pf, eth, test_rule, match, "int", "struct pf_keth_rule *"); +SDT_PROBE_DEFINE2(pf, eth, test_rule, final_match, + "int", "struct pf_keth_rule *"); + /* * Global variables */ @@ -3720,6 +3729,8 @@ pf_test_eth_rule(int dir, struct pfi_kkif *kif, struct mbuf *m) MPASS(kif->pfik_ifp->if_vnet == curvnet); NET_EPOCH_ASSERT(); + SDT_PROBE3(pf, eth, test_rule, entry, dir, kif->pfik_ifp, m); + e = mtod(m, struct ether_header *); settings = ck_pr_load_ptr(&V_pf_keth); @@ -3728,21 +3739,39 @@ pf_test_eth_rule(int dir, struct pfi_kkif *kif, struct mbuf *m) while (r != NULL) { counter_u64_add(r->evaluations, 1); - if (pfi_kkif_match(r->kif, kif) == r->ifnot) + SDT_PROBE2(pf, eth, test_rule, test, r->nr, r); + + if (pfi_kkif_match(r->kif, kif) == r->ifnot) { + SDT_PROBE3(pf, eth, test_rule, mismatch, r->nr, r, + "kif"); r = r->skip[PFE_SKIP_IFP].ptr; - else if (r->direction && r->direction != dir) + } + else if (r->direction && r->direction != dir) { + SDT_PROBE3(pf, eth, test_rule, mismatch, r->nr, r, + "dir"); r = r->skip[PFE_SKIP_DIR].ptr; - else if (r->proto && r->proto != ntohs(e->ether_type)) + } + else if (r->proto && r->proto != ntohs(e->ether_type)) { + SDT_PROBE3(pf, eth, test_rule, mismatch, r->nr, r, + "proto"); r = r->skip[PFE_SKIP_PROTO].ptr; - else if (! pf_match_eth_addr(e->ether_shost, &r->src)) + } + else if (! pf_match_eth_addr(e->ether_shost, &r->src)) { + SDT_PROBE3(pf, eth, test_rule, mismatch, r->nr, r, + "src"); r = r->skip[PFE_SKIP_SRC_ADDR].ptr; + } else if (! pf_match_eth_addr(e->ether_dhost, &r->dst)) { + SDT_PROBE3(pf, eth, test_rule, mismatch, r->nr, r, + "dst"); r = TAILQ_NEXT(r, entries); } else { /* Rule matches */ rm = r; + SDT_PROBE2(pf, eth, test_rule, match, r->nr, r); + if (r->quick) break; @@ -3752,6 +3781,8 @@ pf_test_eth_rule(int dir, struct pfi_kkif *kif, struct mbuf *m) r = rm; + SDT_PROBE2(pf, eth, test_rule, final_match, (r != NULL ? r->nr : -1), r); + /* Default to pass. */ if (r == NULL) return (PF_PASS);
