xref: /dragonfly/sys/netgraph/etf/ng_etf.c (revision 71126e33) 
1 /*-
2  * ng_etf.c  Ethertype filter
3  *
4  * Copyright (c) 2001, FreeBSD Incorporated
5  * All rights reserved.
6  *
7  * Redistribution and use in source and binary forms, with or without
8  * modification, are permitted provided that the following conditions
9  * are met:
10  * 1. Redistributions of source code must retain the above copyright
11  *    notice unmodified, this list of conditions, and the following
12  *    disclaimer.
13  * 2. Redistributions in binary form must reproduce the above copyright
14  *    notice, this list of conditions and the following disclaimer in the
15  *    documentation and/or other materials provided with the distribution.
16  *
17  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
18  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
19  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
20  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
21  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
22  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
23  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
24  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
25  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
26  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
27  * SUCH DAMAGE.
28  *
29  * Author: Julian Elischer <julian@freebsd.org>
30  *
31  * $FreeBSD: src/sys/netgraph/ng_etf.c,v 1.1.2.2 2002/07/02 23:44:02 archie Exp $
32  * $DragonFly: src/sys/netgraph/etf/ng_etf.c,v 1.3 2003/08/07 21:17:31 dillon Exp $
33  */
34 
35 #include <sys/param.h>
36 #include <sys/systm.h>
37 #include <sys/kernel.h>
38 #include <sys/mbuf.h>
39 #include <sys/malloc.h>
40 #include <sys/ctype.h>
41 #include <sys/errno.h>
42 #include <sys/queue.h>
43 #include <sys/syslog.h>
44 
45 #include <net/ethernet.h>
46 
47 #include <netgraph/ng_message.h>
48 #include <netgraph/ng_parse.h>
49 #include "ng_etf.h"
50 #include <netgraph/netgraph.h>
51 
52 /* If you do complicated mallocs you may want to do this */
53 /* and use it for your mallocs */
54 #ifdef NG_SEPARATE_MALLOC
55 MALLOC_DEFINE(M_NETGRAPH_ETF, "netgraph_etf", "netgraph etf node ");
56 #else
57 #define M_NETGRAPH_ETF M_NETGRAPH
58 #endif
59 
60 /*
61  * This section contains the netgraph method declarations for the
62  * etf node. These methods define the netgraph 'type'.
63  */
64 
65 static ng_constructor_t	ng_etf_constructor;
66 static ng_rcvmsg_t	ng_etf_rcvmsg;
67 static ng_shutdown_t	ng_etf_shutdown;
68 static ng_newhook_t	ng_etf_newhook;
69 static ng_connect_t	ng_etf_connect;
70 static ng_rcvdata_t	ng_etf_rcvdata;	 /* note these are both ng_rcvdata_t */
71 static ng_disconnect_t	ng_etf_disconnect;
72 
73 /* Parse type for struct ng_etfstat */
74 static const struct ng_parse_struct_field ng_etf_stat_type_fields[]
75 	= NG_ETF_STATS_TYPE_INFO;
76 static const struct ng_parse_type ng_etf_stat_type = {
77 	&ng_parse_struct_type,
78 	&ng_etf_stat_type_fields
79 };
80 /* Parse type for struct ng_setfilter */
81 static const struct ng_parse_struct_field ng_etf_filter_type_fields[]
82 	= NG_ETF_FILTER_TYPE_INFO;
83 static const struct ng_parse_type ng_etf_filter_type = {
84 	&ng_parse_struct_type,
85 	&ng_etf_filter_type_fields
86 };
87 
88 /* List of commands and how to convert arguments to/from ASCII */
89 static const struct ng_cmdlist ng_etf_cmdlist[] = {
90 	{
91 	  NGM_ETF_COOKIE,
92 	  NGM_ETF_GET_STATUS,
93 	  "getstatus",
94 	  NULL,
95 	  &ng_etf_stat_type,
96 	},
97 	{
98 	  NGM_ETF_COOKIE,
99 	  NGM_ETF_SET_FLAG,
100 	  "setflag",
101 	  &ng_parse_int32_type,
102 	  NULL
103 	},
104 	{
105 	  NGM_ETF_COOKIE,
106 	  NGM_ETF_SET_FILTER,
107 	  "setfilter",
108 	  &ng_etf_filter_type,
109 	  NULL
110 	},
111 	{ 0 }
112 };
113 
114 /* Netgraph node type descriptor */
115 static struct ng_type typestruct = {
116 	NG_ABI_VERSION,
117 	NG_ETF_NODE_TYPE,
118 	NULL,
119 	ng_etf_constructor,
120 	ng_etf_rcvmsg,
121 	ng_etf_shutdown,
122 	ng_etf_newhook,
123 	NULL,
124 	ng_etf_connect,
125 	ng_etf_rcvdata,
126 	ng_etf_rcvdata,
127 	ng_etf_disconnect,
128 	ng_etf_cmdlist
129 };
130 NETGRAPH_INIT(etf, &typestruct);
131 
132 /* Information we store for each hook on each node */
133 struct ETF_hookinfo {
134 	hook_p  hook;
135 };
136 
137 struct filter {
138 	LIST_ENTRY(filter) next;
139 	u_int16_t	ethertype;	/* network order ethertype */
140 	hook_p		match_hook;	/* Hook to use on a match */
141 };
142 
143 #define HASHSIZE 16 /* Dont change this without changing HASH() */
144 #define HASH(et) ((((et)>>12)+((et)>>8)+((et)>>4)+(et)) & 0x0f)
145 LIST_HEAD(filterhead, filter);
146 
147 /* Information we store for each node */
148 struct ETF {
149 	struct ETF_hookinfo downstream_hook;
150 	struct ETF_hookinfo nomatch_hook;
151 	node_p		node;		/* back pointer to node */
152 	u_int   	packets_in;	/* packets in from downstream */
153 	u_int   	packets_out;	/* packets out towards downstream */
154 	u_int32_t	flags;
155 	struct filterhead hashtable[HASHSIZE];
156 };
157 typedef struct ETF *etf_p;
158 
159 static struct filter *
160 ng_etf_findentry(etf_p etfp, u_int16_t ethertype)
161 {
162 	struct filterhead *chain = etfp->hashtable + HASH(ethertype);
163 	struct filter *fil;
164 
165 
166 	LIST_FOREACH(fil, chain, next) {
167 		if (fil->ethertype == ethertype) {
168 			return (fil);
169 		}
170 	}
171 	return (NULL);
172 }
173 
174 
175 /*
176  * Allocate the private data structure. The generic node has already
177  * been created. Link them together. We arrive with a reference to the node
178  * i.e. the reference count is incremented for us already.
179  */
180 static int
181 ng_etf_constructor(node_p *nodep)
182 {
183 	etf_p privdata;
184 	int error, i;
185 
186 	/* Initialize private descriptor */
187 	MALLOC(privdata, etf_p, sizeof(*privdata), M_NETGRAPH_ETF,
188 		M_NOWAIT | M_ZERO);
189 	if (privdata == NULL)
190 		return (ENOMEM);
191 	for (i = 0; i < HASHSIZE; i++) {
192 		LIST_INIT((privdata->hashtable + i));
193 	}
194 
195 	/* Call the 'generic' (ie, superclass) node constructor */
196 	if ((error = ng_make_node_common(&typestruct, nodep))) {
197 		FREE(privdata, M_NETGRAPH);
198 		return (error);
199 	}
200 	/* Link structs together; this counts as our one reference to node */
201 	NG_NODE_SET_PRIVATE((*nodep), privdata);
202 	privdata->node = *nodep;
203 	return (0);
204 }
205 
206 /*
207  * Give our ok for a hook to be added...
208  * All names are ok. Two names are special.
209  */
210 static int
211 ng_etf_newhook(node_p node, hook_p hook, const char *name)
212 {
213 	const etf_p etfp = NG_NODE_PRIVATE(node);
214 	struct ETF_hookinfo *hpriv;
215 
216 	if (strcmp(name, NG_ETF_HOOK_DOWNSTREAM) == 0) {
217 		etfp->downstream_hook.hook = hook;
218 		NG_HOOK_SET_PRIVATE(hook, &etfp->downstream_hook);
219 		etfp->packets_in = 0;
220 		etfp->packets_out = 0;
221 	} else if (strcmp(name, NG_ETF_HOOK_NOMATCH) == 0) {
222 		etfp->nomatch_hook.hook = hook;
223 		NG_HOOK_SET_PRIVATE(hook, &etfp->nomatch_hook);
224 	} else {
225 		/*
226 		 * Any other hook name is valid and can
227 		 * later be associated with a filter rule.
228 		 */
229 		MALLOC(hpriv, struct ETF_hookinfo *, sizeof(*hpriv),
230 			M_NETGRAPH_ETF, M_NOWAIT | M_ZERO);
231 		if (hpriv == NULL) {
232 			return (ENOMEM);
233 		}
234 
235 		NG_HOOK_SET_PRIVATE(hook, hpriv);
236 		hpriv->hook = hook;
237 	}
238 	return(0);
239 }
240 
241 /*
242  * Get a netgraph control message.
243  * We actually recieve a queue item that has a pointer to the message.
244  * If we free the item, the message will be freed too, unless we remove
245  * it from the item using NGI_GET_MSG();
246  * The return address is also stored in the item, as an ng_ID_t,
247  * accessible as NGI_RETADDR(item);
248  * Check it is one we understand. If needed, send a response.
249  * We could save the address for an async action later, but don't here.
250  * Always free the message.
251  * The response should be in a malloc'd region that the caller can 'free'.
252  * The NG_MKRESPONSE macro does all this for us.
253  * A response is not required.
254  * Theoretically you could respond defferently to old message types if
255  * the cookie in the header didn't match what we consider to be current
256  * (so that old userland programs could continue to work).
257  */
258 static int
259 ng_etf_rcvmsg(node_p node, struct ng_mesg *msg,
260     const char *retaddr, struct ng_mesg **rptr)
261 {
262 	const etf_p etfp = NG_NODE_PRIVATE(node);
263 	struct ng_mesg *resp = NULL;
264 	int error = 0;
265 
266 	/* Deal with message according to cookie and command */
267 	switch (msg->header.typecookie) {
268 	case NGM_ETF_COOKIE:
269 		switch (msg->header.cmd) {
270 		case NGM_ETF_GET_STATUS:
271 		    {
272 			struct ng_etfstat *stats;
273 
274 			NG_MKRESPONSE(resp, msg, sizeof(*stats), M_NOWAIT);
275 			if (!resp) {
276 				error = ENOMEM;
277 				break;
278 			}
279 			stats = (struct ng_etfstat *) resp->data;
280 			stats->packets_in = etfp->packets_in;
281 			stats->packets_out = etfp->packets_out;
282 			break;
283 		    }
284 		case NGM_ETF_SET_FLAG:
285 			if (msg->header.arglen != sizeof(u_int32_t)) {
286 				error = EINVAL;
287 				break;
288 			}
289 			etfp->flags = *((u_int32_t *) msg->data);
290 			break;
291 		case NGM_ETF_SET_FILTER:
292 			{
293 				struct ng_etffilter *f;
294 				struct filter *fil;
295 				hook_p  hook;
296 
297 				/* Check message long enough for this command */
298 				if (msg->header.arglen != sizeof(*f)) {
299 					error = EINVAL;
300 					break;
301 				}
302 
303 				/* Make sure hook referenced exists */
304 				f = (struct ng_etffilter *)msg->data;
305 				hook = ng_findhook(node, f->matchhook);
306 				if (hook == NULL) {
307 					error = ENOENT;
308 					break;
309 				}
310 
311 				/* and is not the downstream hook */
312 				if (hook == etfp->downstream_hook.hook) {
313 					error = EINVAL;
314 					break;
315 				}
316 
317 				/* Check we don't already trap this ethertype */
318 				if (ng_etf_findentry(etfp,
319 						htons(f->ethertype))) {
320 					error = EEXIST;
321 					break;
322 				}
323 
324 				/*
325 				 * Ok, make the filter and put it in the
326 				 * hashtable ready for matching.
327 				 */
328 				MALLOC(fil, struct filter *, sizeof(*fil),
329 					M_NETGRAPH_ETF, M_NOWAIT | M_ZERO);
330 				if (fil == NULL) {
331 					return (ENOMEM);
332 				}
333 
334 				fil->match_hook = hook;
335 				fil->ethertype = htons(f->ethertype);
336 				LIST_INSERT_HEAD( etfp->hashtable
337 					+ HASH(fil->ethertype),
338 						fil, next);
339 			}
340 			break;
341 		default:
342 			error = EINVAL;		/* unknown command */
343 			break;
344 		}
345 		break;
346 	default:
347 		error = EINVAL;			/* unknown cookie type */
348 		break;
349 	}
350 
351 	/* Take care of synchronous response, if any */
352 	NG_RESPOND_MSG(error, node, retaddr, resp, rptr);
353 	/* Free the message and return */
354 	NG_FREE_MSG(msg);
355 	return(error);
356 }
357 
358 /*
359  * Receive data, and do something with it.
360  * Actually we receive a queue item which holds the data.
361  * If we free the item it wil also froo the data and metadata unless
362  * we have previously disassociated them using the NGI_GET_etf() macros.
363  * Possibly send it out on another link after processing.
364  * Possibly do something different if it comes from different
365  * hooks. the caller will never free m or meta, so
366  * if we use up this data or abort we must free BOTH of these.
367  *
368  * If we want, we may decide to force this data to be queued and reprocessed
369  * at the netgraph NETISR time.
370  * We would do that by setting the HK_QUEUE flag on our hook. We would do that
371  * in the connect() method.
372  */
373 static int
374 ng_etf_rcvdata(hook_p hook, struct mbuf *m, meta_p meta)
375 {
376 	const etf_p etfp = NG_NODE_PRIVATE(NG_HOOK_NODE(hook));
377 	struct ether_header *eh;
378 	int error = 0;
379 	u_int16_t ethertype;
380 	struct filter *fil;
381 
382 	if (NG_HOOK_PRIVATE(hook) == NULL) { /* Shouldn't happen but.. */
383 		NG_FREE_DATA(m, meta);
384 	}
385 
386 	/*
387 	 * Everything not from the downstream hook goes to the
388 	 * downstream hook. But only if it matches the ethertype
389 	 * of the source hook. Un matching must go to/from 'nomatch'.
390 	 */
391 
392 	/* Make sure we have an entire header */
393 	if (m->m_len < sizeof(*eh) ) {
394 		m = m_pullup(m, sizeof(*eh));
395 		if (m == NULL) {
396 			NG_FREE_META(meta);
397 			return(EINVAL);
398 		}
399 	}
400 
401 	eh = mtod(m, struct ether_header *);
402 	ethertype = eh->ether_type;
403 	fil = ng_etf_findentry(etfp, ethertype);
404 
405 	/*
406 	 * if from downstream, select between a match hook or
407 	 * the nomatch hook
408 	 */
409 	if (hook == etfp->downstream_hook.hook) {
410 		etfp->packets_in++;
411 		if (fil && fil->match_hook) {
412 			NG_SEND_DATA(error, fil->match_hook, m, meta);
413 		} else {
414 			NG_SEND_DATA(error, etfp->nomatch_hook.hook, m, meta);
415 		}
416 	} else {
417 		/*
418 		 * It must be heading towards the downstream.
419 		 * Check that it's ethertype matches
420 		 * the filters for it's input hook.
421 		 * If it doesn't have one, check it's from nomatch.
422 		 */
423 		if ((fil && (fil->match_hook != hook))
424 		|| ((fil == NULL) && (hook != etfp->nomatch_hook.hook))) {
425 			NG_FREE_DATA(m, meta);
426 			return (EPROTOTYPE);
427 		}
428 		NG_SEND_DATA( error, etfp->downstream_hook.hook, m, meta);
429 		if (error == 0) {
430 			etfp->packets_out++;
431 		}
432 	}
433 	return (error);
434 }
435 
436 /*
437  * Do local shutdown processing..
438  * All our links and the name have already been removed.
439  */
440 static int
441 ng_etf_shutdown(node_p node)
442 {
443 	const etf_p privdata = NG_NODE_PRIVATE(node);
444 
445 	NG_NODE_SET_PRIVATE(node, NULL);
446 	NG_NODE_UNREF(privdata->node);
447 	FREE(privdata, M_NETGRAPH_ETF);
448 	return (0);
449 }
450 
451 /*
452  * This is called once we've already connected a new hook to the other node.
453  * It gives us a chance to balk at the last minute.
454  */
455 static int
456 ng_etf_connect(hook_p hook)
457 {
458 	return (0);
459 }
460 
461 /*
462  * Hook disconnection
463  *
464  * For this type, removal of the last link destroys the node
465  */
466 static int
467 ng_etf_disconnect(hook_p hook)
468 {
469 	const etf_p etfp = NG_NODE_PRIVATE(NG_HOOK_NODE(hook));
470 	int i;
471 	struct filter *fil;
472 
473 	/* purge any rules that refer to this filter */
474 	for (i = 0; i < HASHSIZE; i++) {
475 		LIST_FOREACH(fil, (etfp->hashtable + i), next) {
476 			if (fil->match_hook == hook) {
477 				LIST_REMOVE(fil, next);
478 			}
479 		}
480 	}
481 
482 	/* If it's not one of the special hooks, then free it */
483 	if (hook == etfp->downstream_hook.hook) {
484 		etfp->downstream_hook.hook = NULL;
485 	} else if (hook == etfp->nomatch_hook.hook) {
486 		etfp->nomatch_hook.hook = NULL;
487 	} else {
488 		if (NG_HOOK_PRIVATE(hook)) /* Paranoia */
489 			FREE(NG_HOOK_PRIVATE(hook), M_NETGRAPH_ETF);
490 	}
491 
492 	NG_HOOK_SET_PRIVATE(hook, NULL);
493 
494 	if ((NG_NODE_NUMHOOKS(NG_HOOK_NODE(hook)) == 0)
495 	&& (NG_NODE_IS_VALID(NG_HOOK_NODE(hook)))) /* already shutting down? */
496 		ng_rmnode(NG_HOOK_NODE(hook));
497 	return (0);
498 }
499 
500