xref: /dragonfly/sys/netinet/ip_demux.c (revision db299a73) 
1 /*
2  * Copyright (c) 2003, 2004 Jeffrey M. Hsu.  All rights reserved.
3  * Copyright (c) 2003, 2004 The DragonFly Project.  All rights reserved.
4  *
5  * This code is derived from software contributed to The DragonFly Project
6  * by Jeffrey M. Hsu.
7  *
8  * Redistribution and use in source and binary forms, with or without
9  * modification, are permitted provided that the following conditions
10  * are met:
11  * 1. Redistributions of source code must retain the above copyright
12  *    notice, this list of conditions and the following disclaimer.
13  * 2. Redistributions in binary form must reproduce the above copyright
14  *    notice, this list of conditions and the following disclaimer in the
15  *    documentation and/or other materials provided with the distribution.
16  * 3. Neither the name of The DragonFly Project nor the names of its
17  *    contributors may be used to endorse or promote products derived
18  *    from this software without specific, prior written permission.
19  *
20  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
21  * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
22  * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
23  * FOR A PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE
24  * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
25  * INCIDENTAL, SPECIAL, EXEMPLARY OR CONSEQUENTIAL DAMAGES (INCLUDING,
26  * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
27  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
28  * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
29  * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
30  * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31  * SUCH DAMAGE.
32  */
33 
34 #include "opt_inet.h"
35 #include "opt_rss.h"
36 
37 #include <sys/param.h>
38 #include <sys/systm.h>
39 #include <sys/kernel.h>
40 #include <sys/socket.h>
41 #include <sys/socketvar.h>
42 #include <sys/thread.h>
43 #include <sys/sysctl.h>
44 #include <sys/globaldata.h>
45 
46 #include <net/if.h>
47 #include <net/netisr2.h>
48 #include <net/toeplitz2.h>
49 
50 #include <netinet/in_systm.h>
51 #include <netinet/in.h>
52 #include <netinet/in_var.h>
53 #include <netinet/in_pcb.h>
54 #include <netinet/ip.h>
55 #include <netinet/ip_var.h>
56 #include <netinet/tcp.h>
57 #include <netinet/tcpip.h>
58 #include <netinet/tcp_var.h>
59 #include <netinet/udp.h>
60 #include <netinet/udp_var.h>
61 
62 /*
63  * Toeplitz hash functions - the idea is to match the hardware.
64  */
65 static __inline int
66 INP_MPORT_HASH_UDP(in_addr_t faddr, in_addr_t laddr,
67 		   in_port_t fport, in_port_t lport)
68 {
69 	return toeplitz_hash(toeplitz_rawhash_addr(faddr, laddr));
70 }
71 
72 static __inline int
73 INP_MPORT_HASH_TCP(in_addr_t faddr, in_addr_t laddr,
74 		   in_port_t fport, in_port_t lport)
75 {
76 	return toeplitz_hash(
77 	       toeplitz_rawhash_addrport(faddr, laddr, fport, lport));
78 }
79 
80 /*
81  * Map a network address to a processor.
82  */
83 int
84 tcp_addrcpu(in_addr_t faddr, in_port_t fport, in_addr_t laddr, in_port_t lport)
85 {
86 	return (netisr_hashcpu(INP_MPORT_HASH_TCP(faddr, laddr, fport, lport)));
87 }
88 
89 /*
90  * Not implemented yet, use protocol thread 0
91  */
92 int
93 udp_addrcpu(in_addr_t faddr, in_port_t fport, in_addr_t laddr, in_port_t lport)
94 {
95 #ifdef notyet
96 	return (netisr_hashcpu(INP_MPORT_HASH_UDP(faddr, laddr, fport, lport)));
97 #else
98 	return 0;
99 #endif
100 }
101 
102 /*
103  * If the packet is a valid IP datagram, upon returning of this function
104  * following things are promised:
105  *
106  * o  IP header (including any possible IP options) and any data preceding
107  *    IP header (usually linker layer header) are in one mbuf (m_len).
108  * o  IP header length is not less than the minimum (sizeof(struct ip)).
109  * o  IP total length is not less than IP header length.
110  * o  IP datagram resides completely in the mbuf chain,
111  *    i.e. pkthdr.len >= IP total length.
112  *
113  * If the packet is a UDP datagram,
114  * o  IP header (including any possible IP options) and UDP header are in
115  *    one mbuf (m_len).
116  * o  IP total length is not less than (IP header length + UDP header length).
117  *
118  * If the packet is a TCP segment,
119  * o  IP header (including any possible IP options) and TCP header (including
120  *    any possible TCP options) are in one mbuf (m_len).
121  * o  TCP header length is not less than the minimum (sizeof(struct tcphdr)).
122  * o  IP total length is not less than (IP header length + TCP header length).
123  */
124 boolean_t
125 ip_lengthcheck(struct mbuf **mp, int hoff)
126 {
127 	struct mbuf *m = *mp;
128 	struct ip *ip;
129 	int len, iphlen, iplen;
130 	struct tcphdr *th;
131 	int thoff;				/* TCP data offset */
132 
133 	len = hoff + sizeof(struct ip);
134 
135 	/* The packet must be at least the size of an IP header. */
136 	if (m->m_pkthdr.len < len) {
137 		ipstat.ips_tooshort++;
138 		goto fail;
139 	}
140 
141 	/* The fixed IP header must reside completely in the first mbuf. */
142 	if (m->m_len < len) {
143 		m = m_pullup(m, len);
144 		if (m == NULL) {
145 			ipstat.ips_toosmall++;
146 			goto fail;
147 		}
148 	}
149 
150 	ip = mtodoff(m, struct ip *, hoff);
151 
152 	/* Bound check the packet's stated IP header length. */
153 	iphlen = ip->ip_hl << 2;
154 	if (iphlen < sizeof(struct ip)) {	/* minimum header length */
155 		ipstat.ips_badhlen++;
156 		goto fail;
157 	}
158 
159 	/* The full IP header must reside completely in the one mbuf. */
160 	if (m->m_len < hoff + iphlen) {
161 		m = m_pullup(m, hoff + iphlen);
162 		if (m == NULL) {
163 			ipstat.ips_badhlen++;
164 			goto fail;
165 		}
166 		ip = mtodoff(m, struct ip *, hoff);
167 	}
168 
169 	iplen = ntohs(ip->ip_len);
170 
171 	/*
172 	 * Check that the amount of data in the buffers is as
173 	 * at least much as the IP header would have us expect.
174 	 */
175 	if (m->m_pkthdr.len < hoff + iplen) {
176 		ipstat.ips_tooshort++;
177 		goto fail;
178 	}
179 
180 	/*
181 	 * Fragments other than the first fragment don't have much
182 	 * length information.
183 	 */
184 	if (ntohs(ip->ip_off) & IP_OFFMASK)
185 		goto ipcheckonly;
186 
187 	/*
188 	 * The TCP/IP or UDP/IP header must be entirely contained within
189 	 * the first fragment of a packet.  Packet filters will break if they
190 	 * aren't.
191 	 *
192 	 * Since the packet will be trimmed to ip_len we must also make sure
193 	 * the potentially trimmed down length is still sufficient to hold
194 	 * the header(s).
195 	 */
196 	switch (ip->ip_p) {
197 	case IPPROTO_TCP:
198 		if (iplen < iphlen + sizeof(struct tcphdr)) {
199 			++tcpstat.tcps_rcvshort;
200 			goto fail;
201 		}
202 		if (m->m_len < hoff + iphlen + sizeof(struct tcphdr)) {
203 			m = m_pullup(m, hoff + iphlen + sizeof(struct tcphdr));
204 			if (m == NULL) {
205 				tcpstat.tcps_rcvshort++;
206 				goto fail;
207 			}
208 			ip = mtodoff(m, struct ip *, hoff);
209 		}
210 		th = (struct tcphdr *)((caddr_t)ip + iphlen);
211 		thoff = th->th_off << 2;
212 		if (thoff < sizeof(struct tcphdr) ||
213 		    thoff + iphlen > ntohs(ip->ip_len)) {
214 			tcpstat.tcps_rcvbadoff++;
215 			goto fail;
216 		}
217 		if (m->m_len < hoff + iphlen + thoff) {
218 			m = m_pullup(m, hoff + iphlen + thoff);
219 			if (m == NULL) {
220 				tcpstat.tcps_rcvshort++;
221 				goto fail;
222 			}
223 		}
224 		break;
225 	case IPPROTO_UDP:
226 		if (iplen < iphlen + sizeof(struct udphdr)) {
227 			++udp_stat.udps_hdrops;
228 			goto fail;
229 		}
230 		if (m->m_len < hoff + iphlen + sizeof(struct udphdr)) {
231 			m = m_pullup(m, hoff + iphlen + sizeof(struct udphdr));
232 			if (m == NULL) {
233 				udp_stat.udps_hdrops++;
234 				goto fail;
235 			}
236 		}
237 		break;
238 	default:
239 ipcheckonly:
240 		if (iplen < iphlen) {
241 			++ipstat.ips_badlen;
242 			goto fail;
243 		}
244 		break;
245 	}
246 
247 	m->m_flags |= M_LENCHECKED;
248 	*mp = m;
249 	return TRUE;
250 
251 fail:
252 	if (m != NULL)
253 		m_freem(m);
254 	*mp = NULL;
255 	return FALSE;
256 }
257 
258 /*
259  * Assign a protocol processing thread to a packet.  The IP header is at
260  * offset (hoff) in the packet (i.e. the mac header might still be intact).
261  *
262  * This function can blow away the mbuf if the packet is malformed.
263  */
264 void
265 ip_hashfn(struct mbuf **mptr, int hoff, int dir)
266 {
267 	struct ip *ip;
268 	int iphlen;
269 	struct tcphdr *th;
270 	struct udphdr *uh;
271 	struct mbuf *m;
272 	int hash;
273 
274 	if (!ip_lengthcheck(mptr, hoff))
275 		return;
276 
277 	m = *mptr;
278 	ip = mtodoff(m, struct ip *, hoff);
279 	iphlen = ip->ip_hl << 2;
280 
281 	/*
282 	 * XXX generic packet handling defrag on CPU 0 for now.
283 	 */
284 	if (ntohs(ip->ip_off) & (IP_MF | IP_OFFMASK)) {
285 		hash = 0;
286 		goto back;
287 	}
288 
289 	switch (ip->ip_p) {
290 	case IPPROTO_TCP:
291 		th = (struct tcphdr *)((caddr_t)ip + iphlen);
292 		hash = INP_MPORT_HASH_TCP(ip->ip_src.s_addr, ip->ip_dst.s_addr,
293 		    th->th_sport, th->th_dport);
294 		break;
295 
296 	case IPPROTO_UDP:
297 		if (IN_MULTICAST(ntohl(ip->ip_dst.s_addr))) {
298 			/* XXX handle multicast on CPU0 for now */
299 			hash = 0;
300 			break;
301 		}
302 		uh = (struct udphdr *)((caddr_t)ip + iphlen);
303 		hash = INP_MPORT_HASH_UDP(ip->ip_src.s_addr, ip->ip_dst.s_addr,
304 		    uh->uh_sport, uh->uh_dport);
305 		break;
306 
307 	default:
308 		hash = 0;
309 		break;
310 	}
311 back:
312 	m->m_flags |= M_HASH;
313 	m->m_pkthdr.hash = hash;
314 }
315 
316 void
317 ip_hashfn_in(struct mbuf **mptr, int hoff)
318 {
319 	ip_hashfn(mptr, hoff, IP_MPORT_IN);
320 }
321 
322 /*
323  * Verify and adjust the hash value of the packet.
324  *
325  * Unlike ip_hashfn(), the packet content is not accessed.  The packet info
326  * (pi) and the hash of the packet (m_pkthdr.hash) is used instead.
327  *
328  * Caller has already made sure that m_pkthdr.hash is valid, i.e. m_flags
329  * has M_HASH set.
330  */
331 void
332 ip_hashcheck(struct mbuf *m, const struct pktinfo *pi)
333 {
334 	KASSERT((m->m_flags & M_HASH), ("no valid packet hash"));
335 
336 	/*
337 	 * XXX generic packet handling defrag on CPU 0 for now.
338 	 */
339 	if (pi->pi_flags & PKTINFO_FLAG_FRAG) {
340 		m->m_pkthdr.hash = 0;
341 		return;
342 	}
343 
344 	switch (pi->pi_l3proto) {
345 	case IPPROTO_TCP:
346 	case IPPROTO_UDP:
347 		break;
348 
349 	default:
350 		/* Let software calculate the hash */
351 		m->m_flags &= ~M_HASH;
352 		break;
353 	}
354 }
355 
356 /*
357  * This is used to map a socket to a message port for sendmsg() and friends.
358  * It is not called for any other purpose.  In the case of TCP we just return
359  * the port already installed in the socket.
360  */
361 lwkt_port_t
362 tcp_soport(struct socket *so, struct sockaddr *nam,
363 	   struct mbuf **dummy __unused)
364 {
365 	return(so->so_port);
366 }
367 
368 /*
369  * Used to route icmp messages to the proper protocol thread for ctlinput
370  * operation.
371  */
372 lwkt_port_t
373 tcp_ctlport(int cmd, struct sockaddr *sa, void *vip)
374 {
375 	struct ip *ip = vip;
376 	struct tcphdr *th;
377 	struct in_addr faddr;
378 	int cpu;
379 
380 	faddr = ((struct sockaddr_in *)sa)->sin_addr;
381 	if (sa->sa_family != AF_INET || faddr.s_addr == INADDR_ANY)
382 		return(NULL);
383 	if (ip == NULL || PRC_IS_REDIRECT(cmd) || cmd == PRC_HOSTDEAD) {
384 		/*
385 		 * A new message will be allocated later to save necessary
386 		 * information and will be forwarded to all network protocol
387 		 * threads in the following way:
388 		 *
389 		 * (the the thread owns the msgport that we return here)
390 		 * netisr0 <--+
391 		 *    |       |
392 		 *    |       |
393 		 *    |       |
394 		 *    +-------+
395 		 *     sendmsg
396 		 *     [msg is kmalloc()ed]
397 		 *
398 		 *
399 		 * Later on, when the msg is received by netisr0:
400 		 *
401 		 *         forwardmsg         forwardmsg
402 		 * netisr0 ---------> netisr1 ---------> netisrN
403 		 *                                       [msg is kfree()ed]
404 		 */
405 		return cpu0_ctlport(cmd, sa, vip);
406 	} else {
407 		th = (struct tcphdr *)((caddr_t)ip + (ip->ip_hl << 2));
408 		cpu = tcp_addrcpu(faddr.s_addr, th->th_dport,
409 				  ip->ip_src.s_addr, th->th_sport);
410 	}
411 	return(netisr_cpuport(cpu));
412 }
413 
414 lwkt_port_t
415 tcp_addrport(in_addr_t faddr, in_port_t fport, in_addr_t laddr, in_port_t lport)
416 {
417 	return(netisr_cpuport(tcp_addrcpu(faddr, fport, laddr, lport)));
418 }
419 
420 lwkt_port_t
421 tcp_addrport0(void)
422 {
423 	return(netisr_cpuport(0));
424 }
425 
426 lwkt_port_t
427 udp_addrport(in_addr_t faddr, in_port_t fport, in_addr_t laddr, in_port_t lport)
428 {
429 	return(netisr_cpuport(udp_addrcpu(faddr, fport, laddr, lport)));
430 }
431 
432 /*
433  * Used to route icmp messages to the proper protocol thread for ctlinput
434  * operation.
435  */
436 lwkt_port_t
437 udp_ctlport(int cmd, struct sockaddr *sa, void *vip)
438 {
439 	struct ip *ip = vip;
440 	struct udphdr *uh;
441 	struct in_addr faddr;
442 	int cpu;
443 
444 	faddr = ((struct sockaddr_in *)sa)->sin_addr;
445 	if (sa->sa_family != AF_INET || faddr.s_addr == INADDR_ANY)
446 		return(NULL);
447 	if (PRC_IS_REDIRECT(cmd)) {
448 		/*
449 		 * See the comment in tcp_ctlport; the only difference
450 		 * is that message is forwarded to UDP protocol theads.
451 		 */
452 		return cpu0_ctlport(cmd, sa, vip);
453 	} else if (ip == NULL || cmd == PRC_HOSTDEAD) {
454 		/*
455 		 * XXX
456 		 * Once UDP inpcbs are CPU localized, we should do
457 		 * the same forwarding as PRC_IS_REDIRECT(cmd)
458 		 */
459 		cpu = 0;
460 	} else {
461 		uh = (struct udphdr *)((caddr_t)ip + (ip->ip_hl << 2));
462 
463 		cpu = udp_addrcpu(faddr.s_addr, ip->ip_src.s_addr,
464 				  uh->uh_dport, uh->uh_sport);
465 	}
466 	return (netisr_cpuport(cpu));
467 }
468