diff options
| author | Ted Unangst <tedu@cvs.openbsd.org> | 2004-05-30 22:23:54 +0000 |
|---|---|---|
| committer | Ted Unangst <tedu@cvs.openbsd.org> | 2004-05-30 22:23:54 +0000 |
| commit | 853dc29baeebbd393803d2adfeb4a7485573fcd2 (patch) | |
| tree | 3ce0bfdc3827558109bf29ca8bdb70a70c5bc108 /usr.sbin | |
| parent | b6390f028bc86799a401b2326240e4be080af6a3 (diff) | |
only call getprotobynumber() when necessary. from freebsd (dds@)
testing jmc todd. ok deraadt
Diffstat (limited to 'usr.sbin')
| -rw-r--r-- | usr.sbin/ppp/ppp/ip.c | 55 |
1 files changed, 42 insertions, 13 deletions
diff --git a/usr.sbin/ppp/ppp/ip.c b/usr.sbin/ppp/ppp/ip.c index 2293e566939..6c1084c9990 100644 --- a/usr.sbin/ppp/ppp/ip.c +++ b/usr.sbin/ppp/ppp/ip.c @@ -25,7 +25,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $OpenBSD: ip.c,v 1.36 2002/06/15 08:02:00 brian Exp $ + * $OpenBSD: ip.c,v 1.37 2004/05/30 22:23:53 tedu Exp $ */ #include <sys/param.h> @@ -162,6 +162,38 @@ PortMatch(int op, u_short pport, u_short rport) } /* + * Return a text string representing the cproto protocol number. + * + * The purpose of this routine is calculate this result, for + * the many times it is needed in FilterCheck, only on demand + * (i.e. when the corresponding logging functions are invoked). + * + * This optimization saves, over the previous implementation, which + * calculated prototxt at the beginning of FilterCheck, an + * open/read/close system call sequence per packet, approximately + * halving the ppp system overhead and reducing the overall (u + s) + * time by 38%. + * + * The caching performed here is just a side effect. + */ +static const char * +prototxt(int cproto) +{ + static int oproto = -1; + static char protobuff[16] = "-1"; + struct protoent *pe; + + if (cproto == oproto) + return protobuff; + if ((pe = getprotobynumber(cproto)) == NULL) + snprintf(protobuff, sizeof protobuff, "%d", cproto); + else + snprintf(protobuff, sizeof protobuff, "%s", pe->p_name); + oproto = cproto; + return (protobuff); +} + +/* * Check a packet against the given filter * Returns 0 to accept the packet, non-zero to drop the packet. * If psecs is not NULL, populate it with the timeout associated @@ -187,8 +219,7 @@ FilterCheck(const unsigned char *packet, u_int32_t family, int match; /* true if condition matched */ int mindata; /* minimum data size or zero */ const struct filterent *fp = filter->rule; - char dbuff[100], dstip[16], prototxt[16]; - struct protoent *pe; + char dbuff[100], dstip[16]; struct ncpaddr srcaddr, dstaddr; const char *payload; /* IP payload */ int datalen; /* IP datagram length */ @@ -239,10 +270,6 @@ FilterCheck(const unsigned char *packet, u_int32_t family, cproto = pip->ip_p; } - if ((pe = getprotobynumber(cproto)) == NULL) - snprintf(prototxt, sizeof prototxt, "%d", cproto); - else - snprintf(prototxt, sizeof prototxt, "%s", pe->p_name); gotinfo = estab = syn = finrst = didname = 0; sport = dport = 0; @@ -356,7 +383,7 @@ FilterCheck(const unsigned char *packet, u_int32_t family, if (datalen < mindata) { log_Printf(LogFILTER, " error: proto %s must be at least" - " %d octets\n", prototxt, mindata); + " %d octets\n", prototxt(cproto), mindata); return 1; } @@ -367,7 +394,8 @@ FilterCheck(const unsigned char *packet, u_int32_t family, ", estab = %d, syn = %d, finrst = %d", estab, syn, finrst); } - log_Printf(LogDEBUG, " Filter: proto = %s, %s\n", prototxt, dbuff); + log_Printf(LogDEBUG, " Filter: proto = %s, %s\n", prototxt(cproto), + dbuff); } gotinfo = 1; } @@ -424,8 +452,9 @@ FilterCheck(const unsigned char *packet, u_int32_t family, if (log_IsKept(LogFILTER)) { snprintf(dstip, sizeof dstip, "%s", ncpaddr_ntoa(&dstaddr)); log_Printf(LogFILTER, "%sbound rule = %d accept %s " - "src = %s:%d dst = %s:%d\n", filter->name, n, prototxt, - ncpaddr_ntoa(&srcaddr), sport, dstip, dport); + "src = %s:%d dst = %s:%d\n", filter->name, n, + prototxt(cproto), ncpaddr_ntoa(&srcaddr), + sport, dstip, dport); } } return 0; @@ -434,7 +463,7 @@ FilterCheck(const unsigned char *packet, u_int32_t family, snprintf(dstip, sizeof dstip, "%s", ncpaddr_ntoa(&dstaddr)); log_Printf(LogFILTER, "%sbound rule = %d deny %s src = %s/%d dst = %s/%d\n", - filter->name, n, prototxt, + filter->name, n, prototxt(cproto), ncpaddr_ntoa(&srcaddr), sport, dstip, dport); } return 1; @@ -450,7 +479,7 @@ FilterCheck(const unsigned char *packet, u_int32_t family, snprintf(dstip, sizeof dstip, "%s", ncpaddr_ntoa(&dstaddr)); log_Printf(LogFILTER, "%sbound rule = implicit deny %s src = %s/%d dst = %s/%d\n", - filter->name, prototxt, ncpaddr_ntoa(&srcaddr), sport, + filter->name, prototxt(cproto), ncpaddr_ntoa(&srcaddr), sport, dstip, dport); } |