xref: /dragonfly/sys/netinet/ip_demux.c (revision 38c2ea22) 
1 /*
2  * Copyright (c) 2003, 2004 Jeffrey M. Hsu.  All rights reserved.
3  * Copyright (c) 2003, 2004 The DragonFly Project.  All rights reserved.
4  *
5  * This code is derived from software contributed to The DragonFly Project
6  * by Jeffrey M. Hsu.
7  *
8  * Redistribution and use in source and binary forms, with or without
9  * modification, are permitted provided that the following conditions
10  * are met:
11  * 1. Redistributions of source code must retain the above copyright
12  *    notice, this list of conditions and the following disclaimer.
13  * 2. Redistributions in binary form must reproduce the above copyright
14  *    notice, this list of conditions and the following disclaimer in the
15  *    documentation and/or other materials provided with the distribution.
16  * 3. Neither the name of The DragonFly Project nor the names of its
17  *    contributors may be used to endorse or promote products derived
18  *    from this software without specific, prior written permission.
19  *
20  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
21  * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
22  * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
23  * FOR A PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE
24  * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
25  * INCIDENTAL, SPECIAL, EXEMPLARY OR CONSEQUENTIAL DAMAGES (INCLUDING,
26  * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
27  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
28  * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
29  * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
30  * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31  * SUCH DAMAGE.
32  */
33 
34 #include "opt_inet.h"
35 #include "opt_rss.h"
36 
37 #include <sys/param.h>
38 #include <sys/systm.h>
39 #include <sys/kernel.h>
40 #include <sys/socket.h>
41 #include <sys/socketvar.h>
42 #include <sys/thread.h>
43 #include <sys/sysctl.h>
44 #include <sys/globaldata.h>
45 
46 #include <net/if.h>
47 #include <net/netisr.h>
48 #include <net/toeplitz2.h>
49 
50 #include <netinet/in_systm.h>
51 #include <netinet/in.h>
52 #include <netinet/in_var.h>
53 #include <netinet/in_pcb.h>
54 #include <netinet/ip.h>
55 #include <netinet/ip_var.h>
56 #include <netinet/tcp.h>
57 #include <netinet/tcpip.h>
58 #include <netinet/tcp_var.h>
59 #include <netinet/udp.h>
60 #include <netinet/udp_var.h>
61 
62 extern int udp_mpsafe_thread;
63 
64 /*
65  * Toeplitz hash functions - the idea is to match the hardware.
66  */
67 static __inline int
68 INP_MPORT_HASH_UDP(in_addr_t faddr, in_addr_t laddr,
69 		   in_port_t fport, in_port_t lport)
70 {
71 	return toeplitz_hash(toeplitz_rawhash_addr(faddr, laddr));
72 }
73 
74 static __inline int
75 INP_MPORT_HASH_TCP(in_addr_t faddr, in_addr_t laddr,
76 		   in_port_t fport, in_port_t lport)
77 {
78 	return toeplitz_hash(
79 	       toeplitz_rawhash_addrport(faddr, laddr, fport, lport));
80 }
81 
82 /*
83  * Map a network address to a processor.
84  */
85 int
86 tcp_addrcpu(in_addr_t faddr, in_port_t fport, in_addr_t laddr, in_port_t lport)
87 {
88 	return (INP_MPORT_HASH_TCP(faddr, laddr, fport, lport));
89 }
90 
91 /*
92  * Not implemented yet, use protocol thread 0
93  */
94 int
95 udp_addrcpu(in_addr_t faddr, in_port_t fport, in_addr_t laddr, in_port_t lport)
96 {
97 #ifdef notyet
98 	return (INP_MPORT_HASH_UDP(faddr, laddr, fport, lport));
99 #else
100 	return 0;
101 #endif
102 }
103 
104 /*
105  * If the packet is a valid IP datagram, upon returning of this function
106  * following things are promised:
107  *
108  * o  IP header (including any possible IP options) and any data preceding
109  *    IP header (usually linker layer header) are in one mbuf (m_len).
110  * o  IP header length is not less than the minimum (sizeof(struct ip)).
111  * o  IP total length is not less than IP header length.
112  * o  IP datagram resides completely in the mbuf chain,
113  *    i.e. pkthdr.len >= IP total length.
114  *
115  * If the packet is a UDP datagram,
116  * o  IP header (including any possible IP options) and UDP header are in
117  *    one mbuf (m_len).
118  * o  IP total length is not less than (IP header length + UDP header length).
119  *
120  * If the packet is a TCP segment,
121  * o  IP header (including any possible IP options) and TCP header (including
122  *    any possible TCP options) are in one mbuf (m_len).
123  * o  TCP header length is not less than the minimum (sizeof(struct tcphdr)).
124  * o  IP total length is not less than (IP header length + TCP header length).
125  */
126 boolean_t
127 ip_lengthcheck(struct mbuf **mp, int hoff)
128 {
129 	struct mbuf *m = *mp;
130 	struct ip *ip;
131 	int len, iphlen, iplen;
132 	struct tcphdr *th;
133 	int thoff;				/* TCP data offset */
134 
135 	len = hoff + sizeof(struct ip);
136 
137 	/* The packet must be at least the size of an IP header. */
138 	if (m->m_pkthdr.len < len) {
139 		ipstat.ips_tooshort++;
140 		goto fail;
141 	}
142 
143 	/* The fixed IP header must reside completely in the first mbuf. */
144 	if (m->m_len < len) {
145 		m = m_pullup(m, len);
146 		if (m == NULL) {
147 			ipstat.ips_toosmall++;
148 			goto fail;
149 		}
150 	}
151 
152 	ip = mtodoff(m, struct ip *, hoff);
153 
154 	/* Bound check the packet's stated IP header length. */
155 	iphlen = ip->ip_hl << 2;
156 	if (iphlen < sizeof(struct ip)) {	/* minimum header length */
157 		ipstat.ips_badhlen++;
158 		goto fail;
159 	}
160 
161 	/* The full IP header must reside completely in the one mbuf. */
162 	if (m->m_len < hoff + iphlen) {
163 		m = m_pullup(m, hoff + iphlen);
164 		if (m == NULL) {
165 			ipstat.ips_badhlen++;
166 			goto fail;
167 		}
168 		ip = mtodoff(m, struct ip *, hoff);
169 	}
170 
171 	iplen = ntohs(ip->ip_len);
172 
173 	/*
174 	 * Check that the amount of data in the buffers is as
175 	 * at least much as the IP header would have us expect.
176 	 */
177 	if (m->m_pkthdr.len < hoff + iplen) {
178 		ipstat.ips_tooshort++;
179 		goto fail;
180 	}
181 
182 	/*
183 	 * Fragments other than the first fragment don't have much
184 	 * length information.
185 	 */
186 	if (ntohs(ip->ip_off) & IP_OFFMASK)
187 		goto ipcheckonly;
188 
189 	/*
190 	 * The TCP/IP or UDP/IP header must be entirely contained within
191 	 * the first fragment of a packet.  Packet filters will break if they
192 	 * aren't.
193 	 *
194 	 * Since the packet will be trimmed to ip_len we must also make sure
195 	 * the potentially trimmed down length is still sufficient to hold
196 	 * the header(s).
197 	 */
198 	switch (ip->ip_p) {
199 	case IPPROTO_TCP:
200 		if (iplen < iphlen + sizeof(struct tcphdr)) {
201 			++tcpstat.tcps_rcvshort;
202 			goto fail;
203 		}
204 		if (m->m_len < hoff + iphlen + sizeof(struct tcphdr)) {
205 			m = m_pullup(m, hoff + iphlen + sizeof(struct tcphdr));
206 			if (m == NULL) {
207 				tcpstat.tcps_rcvshort++;
208 				goto fail;
209 			}
210 			ip = mtodoff(m, struct ip *, hoff);
211 		}
212 		th = (struct tcphdr *)((caddr_t)ip + iphlen);
213 		thoff = th->th_off << 2;
214 		if (thoff < sizeof(struct tcphdr) ||
215 		    thoff + iphlen > ntohs(ip->ip_len)) {
216 			tcpstat.tcps_rcvbadoff++;
217 			goto fail;
218 		}
219 		if (m->m_len < hoff + iphlen + thoff) {
220 			m = m_pullup(m, hoff + iphlen + thoff);
221 			if (m == NULL) {
222 				tcpstat.tcps_rcvshort++;
223 				goto fail;
224 			}
225 		}
226 		break;
227 	case IPPROTO_UDP:
228 		if (iplen < iphlen + sizeof(struct udphdr)) {
229 			++udpstat.udps_hdrops;
230 			goto fail;
231 		}
232 		if (m->m_len < hoff + iphlen + sizeof(struct udphdr)) {
233 			m = m_pullup(m, hoff + iphlen + sizeof(struct udphdr));
234 			if (m == NULL) {
235 				udpstat.udps_hdrops++;
236 				goto fail;
237 			}
238 		}
239 		break;
240 	default:
241 ipcheckonly:
242 		if (iplen < iphlen) {
243 			++ipstat.ips_badlen;
244 			goto fail;
245 		}
246 		break;
247 	}
248 
249 	m->m_flags |= M_LENCHECKED;
250 	*mp = m;
251 	return TRUE;
252 
253 fail:
254 	if (m != NULL)
255 		m_freem(m);
256 	*mp = NULL;
257 	return FALSE;
258 }
259 
260 /*
261  * Assign a protocol processing thread to a packet.  The IP header is at
262  * offset (hoff) in the packet (i.e. the mac header might still be intact).
263  *
264  * This function can blow away the mbuf if the packet is malformed.
265  */
266 void
267 ip_cpufn(struct mbuf **mptr, int hoff, int dir)
268 {
269 	struct ip *ip;
270 	int iphlen;
271 	struct tcphdr *th;
272 	struct udphdr *uh;
273 	struct mbuf *m;
274 	int thoff;				/* TCP data offset */
275 	int cpu;
276 
277 	if (!ip_lengthcheck(mptr, hoff))
278 		return;
279 
280 	m = *mptr;
281 	ip = mtodoff(m, struct ip *, hoff);
282 	iphlen = ip->ip_hl << 2;
283 
284 	/*
285 	 * XXX generic packet handling defrag on CPU 0 for now.
286 	 */
287 	if (ntohs(ip->ip_off) & (IP_MF | IP_OFFMASK)) {
288 		cpu = 0;
289 		goto back;
290 	}
291 
292 	switch (ip->ip_p) {
293 	case IPPROTO_TCP:
294 		th = (struct tcphdr *)((caddr_t)ip + iphlen);
295 		thoff = th->th_off << 2;
296 		cpu = INP_MPORT_HASH_TCP(ip->ip_src.s_addr,
297 					 ip->ip_dst.s_addr,
298 					 th->th_sport,
299 					 th->th_dport);
300 		break;
301 
302 	case IPPROTO_UDP:
303 		uh = (struct udphdr *)((caddr_t)ip + iphlen);
304 
305 		cpu = INP_MPORT_HASH_UDP(ip->ip_src.s_addr,
306 					 ip->ip_dst.s_addr,
307 					 uh->uh_sport,
308 					 uh->uh_dport);
309 		break;
310 
311 	default:
312 		cpu = 0;
313 		break;
314 	}
315 back:
316 	m->m_flags |= M_HASH;
317 	m->m_pkthdr.hash = cpu;
318 }
319 
320 void
321 ip_cpufn_in(struct mbuf **mptr, int hoff)
322 {
323 	ip_cpufn(mptr, hoff, IP_MPORT_IN);
324 }
325 
326 /*
327  * Verify and adjust the hash value of the packet.
328  *
329  * Unlike ip_cpufn(), the packet content is not accessed.  The packet info
330  * (pi) and the hash of the packet (m_pkthdr.hash) is used instead.
331  *
332  * Caller has already made sure that m_pkthdr.hash is valid, i.e. m_flags
333  * has M_HASH set.
334  */
335 void
336 ip_hashcheck(struct mbuf *m, const struct pktinfo *pi)
337 {
338 	KASSERT((m->m_flags & M_HASH), ("no valid packet hash"));
339 	KASSERT(m->m_pkthdr.hash < ncpus2,
340 		("invalid packet hash %#x", m->m_pkthdr.hash));
341 
342 	/*
343 	 * XXX generic packet handling defrag on CPU 0 for now.
344 	 */
345 	if (pi->pi_flags & PKTINFO_FLAG_FRAG) {
346 		m->m_pkthdr.hash = 0;
347 		return;
348 	}
349 
350 	switch (pi->pi_l3proto) {
351 	case IPPROTO_TCP:
352 	case IPPROTO_UDP:
353 		break;
354 
355 	default:
356 		/* Let software calculate the hash */
357 		m->m_flags &= ~M_HASH;
358 		break;
359 	}
360 }
361 
362 /*
363  * This is used to map a socket to a message port for sendmsg() and friends.
364  * It is not called for any other purpose.  In the case of TCP we just return
365  * the port already installed in the socket.
366  */
367 lwkt_port_t
368 tcp_soport(struct socket *so, struct sockaddr *nam,
369 	   struct mbuf **dummy __unused)
370 {
371 	return(so->so_port);
372 }
373 
374 /*
375  * Used to route icmp messages to the proper protocol thread for ctlinput
376  * operation.
377  */
378 lwkt_port_t
379 tcp_ctlport(int cmd, struct sockaddr *sa, void *vip)
380 {
381 	struct ip *ip = vip;
382 	struct tcphdr *th;
383 	struct in_addr faddr;
384 	int cpu;
385 
386 	faddr = ((struct sockaddr_in *)sa)->sin_addr;
387 	if (sa->sa_family != AF_INET || faddr.s_addr == INADDR_ANY)
388 		return(NULL);
389 	if (ip == NULL || PRC_IS_REDIRECT(cmd) || cmd == PRC_HOSTDEAD) {
390 		/*
391 		 * A new message will be allocated later to save necessary
392 		 * information and will be forwarded to all network protocol
393 		 * threads in the following way:
394 		 *
395 		 * (the the thread owns the msgport that we return here)
396 		 * netisr0 <--+
397 		 *    |       |
398 		 *    |       |
399 		 *    |       |
400 		 *    +-------+
401 		 *     sendmsg
402 		 *     [msg is kmalloc()ed]
403 		 *
404 		 *
405 		 * Later on, when the msg is received by netisr0:
406 		 *
407 		 *         forwardmsg         forwardmsg
408 		 * netisr0 ---------> netisr1 ---------> netisrN
409 		 *                                       [msg is kfree()ed]
410 		 */
411 		return cpu0_ctlport(cmd, sa, vip);
412 	} else {
413 		th = (struct tcphdr *)((caddr_t)ip + (ip->ip_hl << 2));
414 		cpu = tcp_addrcpu(faddr.s_addr, th->th_dport,
415 				  ip->ip_src.s_addr, th->th_sport);
416 	}
417 	return(cpu_portfn(cpu));
418 }
419 
420 lwkt_port_t
421 tcp_addrport(in_addr_t faddr, in_port_t fport, in_addr_t laddr, in_port_t lport)
422 {
423 	return(cpu_portfn(tcp_addrcpu(faddr, fport, laddr, lport)));
424 }
425 
426 lwkt_port_t
427 tcp_addrport0(void)
428 {
429 	return(cpu_portfn(0));
430 }
431 
432 lwkt_port_t
433 udp_addrport(in_addr_t faddr, in_port_t fport, in_addr_t laddr, in_port_t lport)
434 {
435 	return(cpu_portfn(udp_addrcpu(faddr, fport, laddr, lport)));
436 }
437 
438 /*
439  * Used to route icmp messages to the proper protocol thread for ctlinput
440  * operation.
441  */
442 lwkt_port_t
443 udp_ctlport(int cmd, struct sockaddr *sa, void *vip)
444 {
445 	struct ip *ip = vip;
446 	struct udphdr *uh;
447 	struct in_addr faddr;
448 	int cpu;
449 
450 	faddr = ((struct sockaddr_in *)sa)->sin_addr;
451 	if (sa->sa_family != AF_INET || faddr.s_addr == INADDR_ANY)
452 		return(NULL);
453 	if (PRC_IS_REDIRECT(cmd)) {
454 		/*
455 		 * See the comment in tcp_ctlport; the only difference
456 		 * is that message is forwarded to UDP protocol theads.
457 		 */
458 		return cpu0_ctlport(cmd, sa, vip);
459 	} else if (ip == NULL || cmd == PRC_HOSTDEAD) {
460 		/*
461 		 * XXX
462 		 * Once UDP inpcbs are CPU localized, we should do
463 		 * the same forwarding as PRC_IS_REDIRECT(cmd)
464 		 */
465 		cpu = 0;
466 	} else {
467 		uh = (struct udphdr *)((caddr_t)ip + (ip->ip_hl << 2));
468 
469 		cpu = udp_addrcpu(faddr.s_addr, ip->ip_src.s_addr,
470 				  uh->uh_dport, uh->uh_sport);
471 	}
472 	return (cpu_portfn(cpu));
473 }
474