1 /* 2 * Copyright (c) 2003, 2004 Jeffrey M. Hsu. All rights reserved. 3 * Copyright (c) 2003, 2004 The DragonFly Project. All rights reserved. 4 * 5 * This code is derived from software contributed to The DragonFly Project 6 * by Jeffrey M. Hsu. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 1. Redistributions of source code must retain the above copyright 12 * notice, this list of conditions and the following disclaimer. 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 3. Neither the name of The DragonFly Project nor the names of its 17 * contributors may be used to endorse or promote products derived 18 * from this software without specific, prior written permission. 19 * 20 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 21 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 22 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 23 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE 24 * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, 25 * INCIDENTAL, SPECIAL, EXEMPLARY OR CONSEQUENTIAL DAMAGES (INCLUDING, 26 * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 27 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED 28 * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 29 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT 30 * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 31 * SUCH DAMAGE. 32 */ 33 34 #include "opt_inet.h" 35 #include "opt_rss.h" 36 37 #include <sys/param.h> 38 #include <sys/systm.h> 39 #include <sys/kernel.h> 40 #include <sys/socket.h> 41 #include <sys/socketvar.h> 42 #include <sys/thread.h> 43 #include <sys/sysctl.h> 44 #include <sys/globaldata.h> 45 46 #include <net/if.h> 47 #include <net/netisr2.h> 48 #include <net/toeplitz2.h> 49 50 #include <netinet/in_systm.h> 51 #include <netinet/in.h> 52 #include <netinet/in_var.h> 53 #include <netinet/in_pcb.h> 54 #include <netinet/ip.h> 55 #include <netinet/ip_var.h> 56 #include <netinet/tcp.h> 57 #include <netinet/tcpip.h> 58 #include <netinet/tcp_var.h> 59 #include <netinet/udp.h> 60 #include <netinet/udp_var.h> 61 62 struct initport_index { 63 uint32_t port_index; 64 } __cachealign; 65 static struct initport_index initport_indices[MAXCPU]; 66 67 /* 68 * Toeplitz hash functions - the idea is to match the hardware. 69 */ 70 static __inline int 71 INP_MPORT_HASH_UDP(in_addr_t faddr, in_addr_t laddr, 72 in_port_t fport, in_port_t lport) 73 { 74 /* 75 * NOTE: laddr could be multicast, since UDP socket could be 76 * bound to multicast address. 77 */ 78 if (IN_MULTICAST(ntohl(faddr)) || IN_MULTICAST(ntohl(laddr))) { 79 /* XXX handle multicast on CPU0 for now */ 80 return 0; 81 } 82 return toeplitz_hash(toeplitz_rawhash_addr(faddr, laddr)); 83 } 84 85 static __inline int 86 INP_MPORT_HASH_TCP(in_addr_t faddr, in_addr_t laddr, 87 in_port_t fport, in_port_t lport) 88 { 89 return toeplitz_hash( 90 toeplitz_rawhash_addrport(faddr, laddr, fport, lport)); 91 } 92 93 /* 94 * Hash for the network address. 95 */ 96 int 97 tcp_addrhash(in_addr_t faddr, in_port_t fport, in_addr_t laddr, in_port_t lport) 98 { 99 return (INP_MPORT_HASH_TCP(faddr, laddr, fport, lport)); 100 } 101 102 int 103 udp_addrhash(in_addr_t faddr, in_port_t fport, in_addr_t laddr, in_port_t lport) 104 { 105 return (INP_MPORT_HASH_UDP(faddr, laddr, fport, lport)); 106 } 107 108 /* 109 * Map a network address to a processor. 110 */ 111 int 112 tcp_addrcpu(in_addr_t faddr, in_port_t fport, in_addr_t laddr, in_port_t lport) 113 { 114 return (netisr_hashcpu(INP_MPORT_HASH_TCP(faddr, laddr, fport, lport))); 115 } 116 117 int 118 udp_addrcpu(in_addr_t faddr, in_port_t fport, in_addr_t laddr, in_port_t lport) 119 { 120 return (netisr_hashcpu(INP_MPORT_HASH_UDP(faddr, laddr, fport, lport))); 121 } 122 123 /* 124 * If the packet is a valid IP datagram, upon returning of this function 125 * following things are promised: 126 * 127 * o IP header (including any possible IP options) and any data preceding 128 * IP header (usually linker layer header) are in one mbuf (m_len). 129 * o IP header length is not less than the minimum (sizeof(struct ip)). 130 * o IP total length is not less than IP header length. 131 * o IP datagram resides completely in the mbuf chain, 132 * i.e. pkthdr.len >= IP total length. 133 * 134 * If the packet is a UDP datagram, 135 * o IP header (including any possible IP options) and UDP header are in 136 * one mbuf (m_len). 137 * o IP total length is not less than (IP header length + UDP header length). 138 * 139 * If the packet is a TCP segment, 140 * o IP header (including any possible IP options) and TCP header (including 141 * any possible TCP options) are in one mbuf (m_len). 142 * o TCP header length is not less than the minimum (sizeof(struct tcphdr)). 143 * o IP total length is not less than (IP header length + TCP header length). 144 */ 145 boolean_t 146 ip_lengthcheck(struct mbuf **mp, int hoff) 147 { 148 struct mbuf *m = *mp; 149 struct ip *ip; 150 int len, iphlen, iplen; 151 struct tcphdr *th; 152 int thoff; /* TCP data offset */ 153 154 len = hoff + sizeof(struct ip); 155 156 /* The packet must be at least the size of an IP header. */ 157 if (m->m_pkthdr.len < len) { 158 ipstat.ips_tooshort++; 159 goto fail; 160 } 161 162 /* The fixed IP header must reside completely in the first mbuf. */ 163 if (m->m_len < len) { 164 m = m_pullup(m, len); 165 if (m == NULL) { 166 ipstat.ips_toosmall++; 167 goto fail; 168 } 169 } 170 171 ip = mtodoff(m, struct ip *, hoff); 172 173 /* Bound check the packet's stated IP header length. */ 174 iphlen = ip->ip_hl << 2; 175 if (iphlen < sizeof(struct ip)) { /* minimum header length */ 176 ipstat.ips_badhlen++; 177 goto fail; 178 } 179 180 /* The full IP header must reside completely in the one mbuf. */ 181 if (m->m_len < hoff + iphlen) { 182 m = m_pullup(m, hoff + iphlen); 183 if (m == NULL) { 184 ipstat.ips_badhlen++; 185 goto fail; 186 } 187 ip = mtodoff(m, struct ip *, hoff); 188 } 189 190 iplen = ntohs(ip->ip_len); 191 192 /* 193 * Check that the amount of data in the buffers is as 194 * at least much as the IP header would have us expect. 195 */ 196 if (m->m_pkthdr.len < hoff + iplen) { 197 ipstat.ips_tooshort++; 198 goto fail; 199 } 200 201 /* 202 * Fragments other than the first fragment don't have much 203 * length information. 204 */ 205 if (ip->ip_off & htons(IP_OFFMASK)) 206 goto ipcheckonly; 207 208 /* 209 * The TCP/IP or UDP/IP header must be entirely contained within 210 * the first fragment of a packet. Packet filters will break if they 211 * aren't. 212 * 213 * Since the packet will be trimmed to ip_len we must also make sure 214 * the potentially trimmed down length is still sufficient to hold 215 * the header(s). 216 */ 217 switch (ip->ip_p) { 218 case IPPROTO_TCP: 219 if (iplen < iphlen + sizeof(struct tcphdr)) { 220 ++tcpstat.tcps_rcvshort; 221 goto fail; 222 } 223 if (m->m_len < hoff + iphlen + sizeof(struct tcphdr)) { 224 m = m_pullup(m, hoff + iphlen + sizeof(struct tcphdr)); 225 if (m == NULL) { 226 tcpstat.tcps_rcvshort++; 227 goto fail; 228 } 229 ip = mtodoff(m, struct ip *, hoff); 230 } 231 th = (struct tcphdr *)((caddr_t)ip + iphlen); 232 thoff = th->th_off << 2; 233 if (thoff < sizeof(struct tcphdr) || 234 thoff + iphlen > ntohs(ip->ip_len)) { 235 tcpstat.tcps_rcvbadoff++; 236 goto fail; 237 } 238 if (m->m_len < hoff + iphlen + thoff) { 239 m = m_pullup(m, hoff + iphlen + thoff); 240 if (m == NULL) { 241 tcpstat.tcps_rcvshort++; 242 goto fail; 243 } 244 } 245 break; 246 case IPPROTO_UDP: 247 if (iplen < iphlen + sizeof(struct udphdr)) { 248 ++udp_stat.udps_hdrops; 249 goto fail; 250 } 251 if (m->m_len < hoff + iphlen + sizeof(struct udphdr)) { 252 m = m_pullup(m, hoff + iphlen + sizeof(struct udphdr)); 253 if (m == NULL) { 254 udp_stat.udps_hdrops++; 255 goto fail; 256 } 257 } 258 break; 259 default: 260 ipcheckonly: 261 if (iplen < iphlen) { 262 ++ipstat.ips_badlen; 263 goto fail; 264 } 265 break; 266 } 267 268 m->m_flags |= M_LENCHECKED; 269 *mp = m; 270 return TRUE; 271 272 fail: 273 if (m != NULL) 274 m_freem(m); 275 *mp = NULL; 276 return FALSE; 277 } 278 279 /* 280 * Assign a protocol processing thread to a packet. The IP header is at 281 * offset (hoff) in the packet (i.e. the mac header might still be intact). 282 * 283 * This function can blow away the mbuf if the packet is malformed. 284 */ 285 void 286 ip_hashfn(struct mbuf **mptr, int hoff) 287 { 288 struct ip *ip; 289 int iphlen; 290 struct tcphdr *th; 291 struct udphdr *uh; 292 struct mbuf *m; 293 int hash; 294 295 if (((*mptr)->m_flags & M_LENCHECKED) == 0) { 296 if (!ip_lengthcheck(mptr, hoff)) 297 return; 298 } 299 300 m = *mptr; 301 ip = mtodoff(m, struct ip *, hoff); 302 iphlen = ip->ip_hl << 2; 303 304 if (ip->ip_off & htons(IP_MF | IP_OFFMASK)) { 305 hash = toeplitz_hash(toeplitz_rawhash_addr( 306 ip->ip_src.s_addr, ip->ip_dst.s_addr)); 307 goto back; 308 } 309 310 switch (ip->ip_p) { 311 case IPPROTO_TCP: 312 th = (struct tcphdr *)((caddr_t)ip + iphlen); 313 hash = INP_MPORT_HASH_TCP(ip->ip_src.s_addr, ip->ip_dst.s_addr, 314 th->th_sport, th->th_dport); 315 break; 316 317 case IPPROTO_UDP: 318 uh = (struct udphdr *)((caddr_t)ip + iphlen); 319 hash = INP_MPORT_HASH_UDP(ip->ip_src.s_addr, ip->ip_dst.s_addr, 320 uh->uh_sport, uh->uh_dport); 321 break; 322 323 default: 324 hash = 0; 325 break; 326 } 327 back: 328 m_sethash(m, hash); 329 } 330 331 /* 332 * Verify and adjust the hash value of the packet. 333 * 334 * Unlike ip_hashfn(), the packet content is not accessed. The packet info 335 * (pi) and the hash of the packet (m_pkthdr.hash) is used instead. 336 * 337 * Caller has already made sure that m_pkthdr.hash is valid, i.e. m_flags 338 * has M_HASH set. 339 */ 340 void 341 ip_hashcheck(struct mbuf *m, const struct pktinfo *pi) 342 { 343 KASSERT((m->m_flags & M_HASH), ("no valid packet hash")); 344 345 switch (pi->pi_l3proto) { 346 case IPPROTO_TCP: 347 case IPPROTO_UDP: 348 break; 349 350 default: 351 /* Let software calculate the hash */ 352 m->m_flags &= ~M_HASH; 353 break; 354 } 355 } 356 357 /* 358 * This is used to map a socket to a message port for sendmsg() and friends. 359 * It is not called for any other purpose. In the case of TCP we just return 360 * the port already installed in the socket. 361 */ 362 lwkt_port_t 363 tcp_soport(struct socket *so, struct sockaddr *nam, 364 struct mbuf **dummy __unused) 365 { 366 return(so->so_port); 367 } 368 369 /* 370 * Used to route icmp messages to the proper protocol thread for ctlinput 371 * operation. 372 */ 373 lwkt_port_t 374 tcp_ctlport(int cmd, struct sockaddr *sa, void *vip, int *cpuid) 375 { 376 struct ip *ip = vip; 377 inp_notify_t notify; 378 int arg; 379 380 notify = tcp_get_inpnotify(cmd, sa, &arg, &ip, cpuid); 381 if (notify == NULL) 382 return NULL; 383 384 if (*cpuid == netisr_ncpus) { 385 /* 386 * Go through all effective netisr CPUs. 387 * 388 * A new message will be allocated later to save necessary 389 * information and will be forwarded to all network protocol 390 * threads in the following way: 391 * 392 * (the the thread owns the msgport that we return here) 393 * netisr0 <--+ 394 * | | 395 * | | 396 * | | 397 * +-------+ 398 * sendmsg 399 * [msg is kmalloc()ed] 400 * 401 * 402 * Later on, when the msg is received by netisr0: 403 * 404 * forwardmsg forwardmsg 405 * netisr0 ---------> netisr1 ---------> netisrN 406 * [msg is kfree()ed] 407 */ 408 return netisr_cpuport(0); 409 } else { 410 return netisr_cpuport(*cpuid); 411 } 412 } 413 414 lwkt_port_t 415 tcp_addrport(in_addr_t faddr, in_port_t fport, in_addr_t laddr, in_port_t lport) 416 { 417 return(netisr_cpuport(tcp_addrcpu(faddr, fport, laddr, lport))); 418 } 419 420 lwkt_port_t 421 tcp_addrport0(void) 422 { 423 return(netisr_cpuport(0)); 424 } 425 426 lwkt_port_t 427 udp_addrport(in_addr_t faddr, in_port_t fport, in_addr_t laddr, in_port_t lport) 428 { 429 return(netisr_cpuport(udp_addrcpu(faddr, fport, laddr, lport))); 430 } 431 432 /* 433 * Used to route icmp messages to the proper protocol thread for ctlinput 434 * operation. 435 */ 436 lwkt_port_t 437 udp_ctlport(int cmd, struct sockaddr *sa, void *vip, int *cpuid) 438 { 439 struct ip *ip = vip; 440 inp_notify_t notify; 441 442 notify = udp_get_inpnotify(cmd, sa, &ip, cpuid); 443 if (notify == NULL) 444 return NULL; 445 446 if (*cpuid == netisr_ncpus) { 447 /* 448 * Go through all effective netisr CPUs. 449 * 450 * See the comment in tcp_ctlport. 451 */ 452 return netisr_cpuport(0); 453 } else { 454 return netisr_cpuport(*cpuid); 455 } 456 } 457 458 static __inline struct lwkt_port * 459 inp_initport(void) 460 { 461 int cpu = mycpuid; 462 463 if (cpu < netisr_ncpus) { 464 return netisr_cpuport(cpu); 465 } else { 466 return netisr_cpuport( 467 ((initport_indices[cpu].port_index++) + (uint32_t)cpu) % 468 netisr_ncpus); 469 } 470 } 471 472 struct lwkt_port * 473 tcp_initport(void) 474 { 475 return inp_initport(); 476 } 477 478 struct lwkt_port * 479 udp_initport(void) 480 { 481 return inp_initport(); 482 } 483