diff options
| author | Maciej Żenczykowski <maze@google.com> | 2024-04-14 18:34:32 -0700 |
|---|---|---|
| committer | Maciej Żenczykowski <maze@google.com> | 2024-04-14 18:43:34 -0700 |
| commit | 5a5831c6cc1b510d3370f7d7289f3bc7fa182f4d (patch) | |
| tree | 47c2032cd63bba83d534f0c279b7899f0458c376 | |
| parent | b004229b02d58f2c889edc00dc61b1616b31bf25 (diff) | |
| download | apf-5a5831c6cc1b510d3370f7d7289f3bc7fa182f4d.tar.gz | |
v5: replace PASS_PACKET with EXCEPTION
PASS_PACKET should be replaced with PASS as it is needlessly
verbose - what else would we be passing?
However, the majority of the cases where we return PASS_PACKET
are actually EXCEPTIONs. As such we s/PASS_PACKET/EXCEPTION/,
and we'll follow up with s/EXCEPTION/PASS/ on only the *normal*
cases in the next commit.
Generated via:
sed -r -i 's@PASS_PACKET@EXCEPTION@g' apf_interpreter_source.c
Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: If6496deb62c6070862c8cfc93f594543604b22ba
| -rw-r--r-- | v5/apf_interpreter.c | 50 | ||||
| -rw-r--r-- | v5/apf_interpreter_source.c | 50 |
2 files changed, 50 insertions, 50 deletions
diff --git a/v5/apf_interpreter.c b/v5/apf_interpreter.c index d3104f4..0b12ffd 100644 --- a/v5/apf_interpreter.c +++ b/v5/apf_interpreter.c @@ -580,11 +580,11 @@ extern void APF_TRACE_HOOK(u32 pc, const u32* regs, const u8* program, #endif /* Return code indicating "packet" should accepted. */ -#define PASS_PACKET 1 +#define EXCEPTION 1 /* Return code indicating "packet" should be dropped. */ #define DROP 0 /* Verify an internal condition and accept packet if it fails. */ -#define ASSERT_RETURN(c) if (!(c)) return PASS_PACKET +#define ASSERT_RETURN(c) if (!(c)) return EXCEPTION /* If "c" is of an unsigned type, generate a compile warning that gets promoted to an error. */ /* This makes bounds checking simpler because ">= 0" can be avoided. Otherwise adding */ /* superfluous ">= 0" with unsigned expressions generates compile warnings. */ @@ -681,7 +681,7 @@ static int do_apf_run(apf_context* ctx) { APF_TRACE_HOOK(ctx->pc, ctx->R, ctx->program, ctx->program_len, ctx->packet, ctx->packet_len, ctx->mem.slot, ctx->ram_len); if (ctx->pc == ctx->program_len + 1) return DROP; - if (ctx->pc >= ctx->program_len) return PASS_PACKET; + if (ctx->pc >= ctx->program_len) return EXCEPTION; const u8 bytecode = ctx->program[ctx->pc++]; const u32 opcode = EXTRACT_OPCODE(bytecode); @@ -708,12 +708,12 @@ static int do_apf_run(apf_context* ctx) { u32 pktcopy_src_offset = 0; /* used for various pktdatacopy opcodes */ switch (opcode) { case PASSDROP_OPCODE: { /* APFv6+ */ - if (len_field > 2) return PASS_PACKET; /* max 64K counters (ie. imm < 64K) */ + if (len_field > 2) return EXCEPTION; /* max 64K counters (ie. imm < 64K) */ if (imm) { - if (4 * imm > ctx->ram_len) return PASS_PACKET; + if (4 * imm > ctx->ram_len) return EXCEPTION; counter[-(s32)imm]++; } - return reg_num ? DROP : PASS_PACKET; + return reg_num ? DROP : EXCEPTION; } case LDB_OPCODE: case LDH_OPCODE: @@ -795,10 +795,10 @@ static int do_apf_run(apf_context* ctx) { /* pc is offset of program bytes to compare. */ /* imm is jump target offset. */ /* R0 is offset of packet bytes to compare. */ - if (cmp_imm > 0xFFFF) return PASS_PACKET; + if (cmp_imm > 0xFFFF) return EXCEPTION; Boolean do_jump = !reg_num; /* pc < program_len < ram_len < 2GiB, thus pc + cmp_imm cannot wrap */ - if (!IN_RAM_BOUNDS(ctx->pc + cmp_imm - 1)) return PASS_PACKET; + if (!IN_RAM_BOUNDS(ctx->pc + cmp_imm - 1)) return EXCEPTION; ASSERT_IN_PACKET_BOUNDS(ctx->R[0]); const u32 last_packet_offs = ctx->R[0] + cmp_imm - 1; ASSERT_RETURN(last_packet_offs >= ctx->R[0]); @@ -866,7 +866,7 @@ static int do_apf_run(apf_context* ctx) { if (!ctx->tx_buf) { /* allocate failure */ ctx->tx_buf_len = 0; counter[-3]++; - return PASS_PACKET; + return EXCEPTION; } memset(ctx->tx_buf, 0, ctx->tx_buf_len); ctx->mem.named.tx_buf_offset = 0; @@ -878,7 +878,7 @@ static int do_apf_run(apf_context* ctx) { /* happened and the tx_buf should be deallocated. */ if (pkt_len > ctx->tx_buf_len) { do_discard_buffer(ctx); - return PASS_PACKET; + return EXCEPTION; } /* tx_buf_len cannot be large because we'd run out of RAM, */ /* so the above unsigned comparison effectively guarantees casting pkt_len */ @@ -895,7 +895,7 @@ static int do_apf_run(apf_context* ctx) { partial_csum, csum_start, csum_ofs, (Boolean)reg_num); int ret = apf_internal_do_transmit_buffer(ctx, pkt_len, dscp); - if (ret) { counter[-4]++; return PASS_PACKET; } /* transmit failure */ + if (ret) { counter[-4]++; return EXCEPTION; } /* transmit failure */ break; case EPKTDATACOPYIMM_EXT_OPCODE: /* 41 */ case EPKTDATACOPYR1_EXT_OPCODE: /* 42 */ @@ -939,10 +939,10 @@ static int do_apf_run(apf_context* ctx) { ctx->packet + udp_payload_offset, ctx->packet_len - udp_payload_offset, qtype); - if (match_rst == error_program) return PASS_PACKET; + if (match_rst == error_program) return EXCEPTION; if (match_rst == error_packet) { counter[-5]++; /* increment error dns packet counter */ - return (imm >= JDNSQMATCHSAFE_EXT_OPCODE) ? PASS_PACKET : DROP; + return (imm >= JDNSQMATCHSAFE_EXT_OPCODE) ? EXCEPTION : DROP; } while (ctx->pc + 1 < ctx->program_len && (ctx->program[ctx->pc] || ctx->program[ctx->pc + 1])) { @@ -973,7 +973,7 @@ static int do_apf_run(apf_context* ctx) { Boolean jmp = imm3 & 1; /* =0 jmp on match, =1 jmp on no match */ u8 len = ((imm3 >> 1) & 3) + 1; /* size [1..4] in bytes of an element */ u8 cnt = (imm3 >> 3) + 1; /* number [1..32] of elements in set */ - if (ctx->pc + cnt * len > ctx->program_len) return PASS_PACKET; + if (ctx->pc + cnt * len > ctx->program_len) return EXCEPTION; while (cnt--) { u32 v = 0; int i; @@ -981,18 +981,18 @@ static int do_apf_run(apf_context* ctx) { if (REG == v) jmp ^= True; } if (jmp) ctx->pc += jump_offs; - return PASS_PACKET; + return EXCEPTION; } default: /* Unknown extended opcode */ - return PASS_PACKET; /* Bail out */ + return EXCEPTION; /* Bail out */ } break; case LDDW_OPCODE: case STDW_OPCODE: if (ctx->v6) { - if (!imm) return PASS_PACKET; - if (imm > 0xFFFF) return PASS_PACKET; - if (imm * 4 > ctx->ram_len) return PASS_PACKET; + if (!imm) return EXCEPTION; + if (imm > 0xFFFF) return EXCEPTION; + if (imm * 4 > ctx->ram_len) return EXCEPTION; if (opcode == LDDW_OPCODE) { REG = counter[-(s32)imm]; } else { @@ -1032,10 +1032,10 @@ static int do_apf_run(apf_context* ctx) { break; } default: /* Unknown opcode */ - return PASS_PACKET; /* Bail out */ + return EXCEPTION; /* Bail out */ } } while (instructions_remaining--); - return PASS_PACKET; + return EXCEPTION; } int apf_run(void* ctx, u32* const program, const u32 program_len, @@ -1043,17 +1043,17 @@ int apf_run(void* ctx, u32* const program, const u32 program_len, const u32 packet_len, const u32 filter_age_16384ths) { /* Due to direct 32-bit read/write access to counters at end of ram */ /* APFv6 interpreter requires program & ram_len to be 4 byte aligned. */ - if (3 & (uintptr_t)program) return PASS_PACKET; - if (3 & ram_len) return PASS_PACKET; + if (3 & (uintptr_t)program) return EXCEPTION; + if (3 & ram_len) return EXCEPTION; /* We rely on ram_len + 65536 not overflowing, so require ram_len < 2GiB */ /* Similarly LDDW/STDW have special meaning for negative ram offsets. */ /* We also don't want garbage like program_len == 0xFFFFFFFF */ - if ((program_len | ram_len) >> 31) return PASS_PACKET; + if ((program_len | ram_len) >> 31) return EXCEPTION; /* APFv6 requires at least 5 u32 counters at the end of ram, this makes counter[-5]++ valid */ /* This cannot wrap due to previous check. */ - if (program_len + 20 > ram_len) return PASS_PACKET; + if (program_len + 20 > ram_len) return EXCEPTION; apf_context apf_ctx = { 0 }; apf_ctx.caller_ctx = ctx; diff --git a/v5/apf_interpreter_source.c b/v5/apf_interpreter_source.c index a946344..33c256b 100644 --- a/v5/apf_interpreter_source.c +++ b/v5/apf_interpreter_source.c @@ -50,11 +50,11 @@ extern void APF_TRACE_HOOK(u32 pc, const u32* regs, const u8* program, #endif // Return code indicating "packet" should accepted. -#define PASS_PACKET 1 +#define EXCEPTION 1 // Return code indicating "packet" should be dropped. #define DROP 0 // Verify an internal condition and accept packet if it fails. -#define ASSERT_RETURN(c) if (!(c)) return PASS_PACKET +#define ASSERT_RETURN(c) if (!(c)) return EXCEPTION // If "c" is of an unsigned type, generate a compile warning that gets promoted to an error. // This makes bounds checking simpler because ">= 0" can be avoided. Otherwise adding // superfluous ">= 0" with unsigned expressions generates compile warnings. @@ -151,7 +151,7 @@ static int do_apf_run(apf_context* ctx) { APF_TRACE_HOOK(ctx->pc, ctx->R, ctx->program, ctx->program_len, ctx->packet, ctx->packet_len, ctx->mem.slot, ctx->ram_len); if (ctx->pc == ctx->program_len + 1) return DROP; - if (ctx->pc >= ctx->program_len) return PASS_PACKET; + if (ctx->pc >= ctx->program_len) return EXCEPTION; const u8 bytecode = ctx->program[ctx->pc++]; const u32 opcode = EXTRACT_OPCODE(bytecode); @@ -178,12 +178,12 @@ static int do_apf_run(apf_context* ctx) { u32 pktcopy_src_offset = 0; // used for various pktdatacopy opcodes switch (opcode) { case PASSDROP_OPCODE: { // APFv6+ - if (len_field > 2) return PASS_PACKET; // max 64K counters (ie. imm < 64K) + if (len_field > 2) return EXCEPTION; // max 64K counters (ie. imm < 64K) if (imm) { - if (4 * imm > ctx->ram_len) return PASS_PACKET; + if (4 * imm > ctx->ram_len) return EXCEPTION; counter[-(s32)imm]++; } - return reg_num ? DROP : PASS_PACKET; + return reg_num ? DROP : EXCEPTION; } case LDB_OPCODE: case LDH_OPCODE: @@ -265,10 +265,10 @@ static int do_apf_run(apf_context* ctx) { // pc is offset of program bytes to compare. // imm is jump target offset. // R0 is offset of packet bytes to compare. - if (cmp_imm > 0xFFFF) return PASS_PACKET; + if (cmp_imm > 0xFFFF) return EXCEPTION; bool do_jump = !reg_num; // pc < program_len < ram_len < 2GiB, thus pc + cmp_imm cannot wrap - if (!IN_RAM_BOUNDS(ctx->pc + cmp_imm - 1)) return PASS_PACKET; + if (!IN_RAM_BOUNDS(ctx->pc + cmp_imm - 1)) return EXCEPTION; ASSERT_IN_PACKET_BOUNDS(ctx->R[0]); const u32 last_packet_offs = ctx->R[0] + cmp_imm - 1; ASSERT_RETURN(last_packet_offs >= ctx->R[0]); @@ -336,7 +336,7 @@ static int do_apf_run(apf_context* ctx) { if (!ctx->tx_buf) { // allocate failure ctx->tx_buf_len = 0; counter[-3]++; - return PASS_PACKET; + return EXCEPTION; } memset(ctx->tx_buf, 0, ctx->tx_buf_len); ctx->mem.named.tx_buf_offset = 0; @@ -348,7 +348,7 @@ static int do_apf_run(apf_context* ctx) { // happened and the tx_buf should be deallocated. if (pkt_len > ctx->tx_buf_len) { do_discard_buffer(ctx); - return PASS_PACKET; + return EXCEPTION; } // tx_buf_len cannot be large because we'd run out of RAM, // so the above unsigned comparison effectively guarantees casting pkt_len @@ -365,7 +365,7 @@ static int do_apf_run(apf_context* ctx) { partial_csum, csum_start, csum_ofs, (bool)reg_num); int ret = do_transmit_buffer(ctx, pkt_len, dscp); - if (ret) { counter[-4]++; return PASS_PACKET; } // transmit failure + if (ret) { counter[-4]++; return EXCEPTION; } // transmit failure break; case EPKTDATACOPYIMM_EXT_OPCODE: // 41 case EPKTDATACOPYR1_EXT_OPCODE: // 42 @@ -409,10 +409,10 @@ static int do_apf_run(apf_context* ctx) { ctx->packet + udp_payload_offset, ctx->packet_len - udp_payload_offset, qtype); - if (match_rst == error_program) return PASS_PACKET; + if (match_rst == error_program) return EXCEPTION; if (match_rst == error_packet) { counter[-5]++; // increment error dns packet counter - return (imm >= JDNSQMATCHSAFE_EXT_OPCODE) ? PASS_PACKET : DROP; + return (imm >= JDNSQMATCHSAFE_EXT_OPCODE) ? EXCEPTION : DROP; } while (ctx->pc + 1 < ctx->program_len && (ctx->program[ctx->pc] || ctx->program[ctx->pc + 1])) { @@ -443,7 +443,7 @@ static int do_apf_run(apf_context* ctx) { bool jmp = imm3 & 1; // =0 jmp on match, =1 jmp on no match u8 len = ((imm3 >> 1) & 3) + 1; // size [1..4] in bytes of an element u8 cnt = (imm3 >> 3) + 1; // number [1..32] of elements in set - if (ctx->pc + cnt * len > ctx->program_len) return PASS_PACKET; + if (ctx->pc + cnt * len > ctx->program_len) return EXCEPTION; while (cnt--) { u32 v = 0; int i; @@ -451,18 +451,18 @@ static int do_apf_run(apf_context* ctx) { if (REG == v) jmp ^= true; } if (jmp) ctx->pc += jump_offs; - return PASS_PACKET; + return EXCEPTION; } default: // Unknown extended opcode - return PASS_PACKET; // Bail out + return EXCEPTION; // Bail out } break; case LDDW_OPCODE: case STDW_OPCODE: if (ctx->v6) { - if (!imm) return PASS_PACKET; - if (imm > 0xFFFF) return PASS_PACKET; - if (imm * 4 > ctx->ram_len) return PASS_PACKET; + if (!imm) return EXCEPTION; + if (imm > 0xFFFF) return EXCEPTION; + if (imm * 4 > ctx->ram_len) return EXCEPTION; if (opcode == LDDW_OPCODE) { REG = counter[-(s32)imm]; } else { @@ -502,10 +502,10 @@ static int do_apf_run(apf_context* ctx) { break; } default: // Unknown opcode - return PASS_PACKET; // Bail out + return EXCEPTION; // Bail out } } while (instructions_remaining--); - return PASS_PACKET; + return EXCEPTION; } int apf_run(void* ctx, u32* const program, const u32 program_len, @@ -513,17 +513,17 @@ int apf_run(void* ctx, u32* const program, const u32 program_len, const u32 packet_len, const u32 filter_age_16384ths) { // Due to direct 32-bit read/write access to counters at end of ram // APFv6 interpreter requires program & ram_len to be 4 byte aligned. - if (3 & (uintptr_t)program) return PASS_PACKET; - if (3 & ram_len) return PASS_PACKET; + if (3 & (uintptr_t)program) return EXCEPTION; + if (3 & ram_len) return EXCEPTION; // We rely on ram_len + 65536 not overflowing, so require ram_len < 2GiB // Similarly LDDW/STDW have special meaning for negative ram offsets. // We also don't want garbage like program_len == 0xFFFFFFFF - if ((program_len | ram_len) >> 31) return PASS_PACKET; + if ((program_len | ram_len) >> 31) return EXCEPTION; // APFv6 requires at least 5 u32 counters at the end of ram, this makes counter[-5]++ valid // This cannot wrap due to previous check. - if (program_len + 20 > ram_len) return PASS_PACKET; + if (program_len + 20 > ram_len) return EXCEPTION; apf_context apf_ctx = { 0 }; apf_ctx.caller_ctx = ctx; |