1 /* 2 * Copyright (c) 2003, 2004 Jeffrey M. Hsu. All rights reserved. 3 * Copyright (c) 2003, 2004 The DragonFly Project. All rights reserved. 4 * 5 * This code is derived from software contributed to The DragonFly Project 6 * by Jeffrey M. Hsu. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 1. Redistributions of source code must retain the above copyright 12 * notice, this list of conditions and the following disclaimer. 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 3. Neither the name of The DragonFly Project nor the names of its 17 * contributors may be used to endorse or promote products derived 18 * from this software without specific, prior written permission. 19 * 20 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 21 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 22 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 23 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE 24 * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, 25 * INCIDENTAL, SPECIAL, EXEMPLARY OR CONSEQUENTIAL DAMAGES (INCLUDING, 26 * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 27 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED 28 * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 29 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT 30 * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 31 * SUCH DAMAGE. 32 */ 33 34 #include "opt_inet.h" 35 #include "opt_rss.h" 36 37 #include <sys/param.h> 38 #include <sys/systm.h> 39 #include <sys/kernel.h> 40 #include <sys/socket.h> 41 #include <sys/socketvar.h> 42 #include <sys/thread.h> 43 #include <sys/sysctl.h> 44 #include <sys/globaldata.h> 45 46 #include <net/if.h> 47 #include <net/netisr2.h> 48 #include <net/toeplitz2.h> 49 50 #include <netinet/in_systm.h> 51 #include <netinet/in.h> 52 #include <netinet/in_var.h> 53 #include <netinet/in_pcb.h> 54 #include <netinet/ip.h> 55 #include <netinet/ip_var.h> 56 #include <netinet/tcp.h> 57 #include <netinet/tcpip.h> 58 #include <netinet/tcp_var.h> 59 #include <netinet/udp.h> 60 #include <netinet/udp_var.h> 61 62 /* 63 * Toeplitz hash functions - the idea is to match the hardware. 64 */ 65 static __inline int 66 INP_MPORT_HASH_UDP(in_addr_t faddr, in_addr_t laddr, 67 in_port_t fport, in_port_t lport) 68 { 69 return toeplitz_hash(toeplitz_rawhash_addr(faddr, laddr)); 70 } 71 72 static __inline int 73 INP_MPORT_HASH_TCP(in_addr_t faddr, in_addr_t laddr, 74 in_port_t fport, in_port_t lport) 75 { 76 return toeplitz_hash( 77 toeplitz_rawhash_addrport(faddr, laddr, fport, lport)); 78 } 79 80 /* 81 * Map a network address to a processor. 82 */ 83 int 84 tcp_addrcpu(in_addr_t faddr, in_port_t fport, in_addr_t laddr, in_port_t lport) 85 { 86 return (netisr_hashcpu(INP_MPORT_HASH_TCP(faddr, laddr, fport, lport))); 87 } 88 89 /* 90 * Not implemented yet, use protocol thread 0 91 */ 92 int 93 udp_addrcpu(in_addr_t faddr, in_port_t fport, in_addr_t laddr, in_port_t lport) 94 { 95 #ifdef notyet 96 return (netisr_hashcpu(INP_MPORT_HASH_UDP(faddr, laddr, fport, lport))); 97 #else 98 return 0; 99 #endif 100 } 101 102 /* 103 * If the packet is a valid IP datagram, upon returning of this function 104 * following things are promised: 105 * 106 * o IP header (including any possible IP options) and any data preceding 107 * IP header (usually linker layer header) are in one mbuf (m_len). 108 * o IP header length is not less than the minimum (sizeof(struct ip)). 109 * o IP total length is not less than IP header length. 110 * o IP datagram resides completely in the mbuf chain, 111 * i.e. pkthdr.len >= IP total length. 112 * 113 * If the packet is a UDP datagram, 114 * o IP header (including any possible IP options) and UDP header are in 115 * one mbuf (m_len). 116 * o IP total length is not less than (IP header length + UDP header length). 117 * 118 * If the packet is a TCP segment, 119 * o IP header (including any possible IP options) and TCP header (including 120 * any possible TCP options) are in one mbuf (m_len). 121 * o TCP header length is not less than the minimum (sizeof(struct tcphdr)). 122 * o IP total length is not less than (IP header length + TCP header length). 123 */ 124 boolean_t 125 ip_lengthcheck(struct mbuf **mp, int hoff) 126 { 127 struct mbuf *m = *mp; 128 struct ip *ip; 129 int len, iphlen, iplen; 130 struct tcphdr *th; 131 int thoff; /* TCP data offset */ 132 133 len = hoff + sizeof(struct ip); 134 135 /* The packet must be at least the size of an IP header. */ 136 if (m->m_pkthdr.len < len) { 137 ipstat.ips_tooshort++; 138 goto fail; 139 } 140 141 /* The fixed IP header must reside completely in the first mbuf. */ 142 if (m->m_len < len) { 143 m = m_pullup(m, len); 144 if (m == NULL) { 145 ipstat.ips_toosmall++; 146 goto fail; 147 } 148 } 149 150 ip = mtodoff(m, struct ip *, hoff); 151 152 /* Bound check the packet's stated IP header length. */ 153 iphlen = ip->ip_hl << 2; 154 if (iphlen < sizeof(struct ip)) { /* minimum header length */ 155 ipstat.ips_badhlen++; 156 goto fail; 157 } 158 159 /* The full IP header must reside completely in the one mbuf. */ 160 if (m->m_len < hoff + iphlen) { 161 m = m_pullup(m, hoff + iphlen); 162 if (m == NULL) { 163 ipstat.ips_badhlen++; 164 goto fail; 165 } 166 ip = mtodoff(m, struct ip *, hoff); 167 } 168 169 iplen = ntohs(ip->ip_len); 170 171 /* 172 * Check that the amount of data in the buffers is as 173 * at least much as the IP header would have us expect. 174 */ 175 if (m->m_pkthdr.len < hoff + iplen) { 176 ipstat.ips_tooshort++; 177 goto fail; 178 } 179 180 /* 181 * Fragments other than the first fragment don't have much 182 * length information. 183 */ 184 if (ntohs(ip->ip_off) & IP_OFFMASK) 185 goto ipcheckonly; 186 187 /* 188 * The TCP/IP or UDP/IP header must be entirely contained within 189 * the first fragment of a packet. Packet filters will break if they 190 * aren't. 191 * 192 * Since the packet will be trimmed to ip_len we must also make sure 193 * the potentially trimmed down length is still sufficient to hold 194 * the header(s). 195 */ 196 switch (ip->ip_p) { 197 case IPPROTO_TCP: 198 if (iplen < iphlen + sizeof(struct tcphdr)) { 199 ++tcpstat.tcps_rcvshort; 200 goto fail; 201 } 202 if (m->m_len < hoff + iphlen + sizeof(struct tcphdr)) { 203 m = m_pullup(m, hoff + iphlen + sizeof(struct tcphdr)); 204 if (m == NULL) { 205 tcpstat.tcps_rcvshort++; 206 goto fail; 207 } 208 ip = mtodoff(m, struct ip *, hoff); 209 } 210 th = (struct tcphdr *)((caddr_t)ip + iphlen); 211 thoff = th->th_off << 2; 212 if (thoff < sizeof(struct tcphdr) || 213 thoff + iphlen > ntohs(ip->ip_len)) { 214 tcpstat.tcps_rcvbadoff++; 215 goto fail; 216 } 217 if (m->m_len < hoff + iphlen + thoff) { 218 m = m_pullup(m, hoff + iphlen + thoff); 219 if (m == NULL) { 220 tcpstat.tcps_rcvshort++; 221 goto fail; 222 } 223 } 224 break; 225 case IPPROTO_UDP: 226 if (iplen < iphlen + sizeof(struct udphdr)) { 227 ++udp_stat.udps_hdrops; 228 goto fail; 229 } 230 if (m->m_len < hoff + iphlen + sizeof(struct udphdr)) { 231 m = m_pullup(m, hoff + iphlen + sizeof(struct udphdr)); 232 if (m == NULL) { 233 udp_stat.udps_hdrops++; 234 goto fail; 235 } 236 } 237 break; 238 default: 239 ipcheckonly: 240 if (iplen < iphlen) { 241 ++ipstat.ips_badlen; 242 goto fail; 243 } 244 break; 245 } 246 247 m->m_flags |= M_LENCHECKED; 248 *mp = m; 249 return TRUE; 250 251 fail: 252 if (m != NULL) 253 m_freem(m); 254 *mp = NULL; 255 return FALSE; 256 } 257 258 /* 259 * Assign a protocol processing thread to a packet. The IP header is at 260 * offset (hoff) in the packet (i.e. the mac header might still be intact). 261 * 262 * This function can blow away the mbuf if the packet is malformed. 263 */ 264 void 265 ip_hashfn(struct mbuf **mptr, int hoff, int dir) 266 { 267 struct ip *ip; 268 int iphlen; 269 struct tcphdr *th; 270 struct udphdr *uh; 271 struct mbuf *m; 272 int hash; 273 274 if (!ip_lengthcheck(mptr, hoff)) 275 return; 276 277 m = *mptr; 278 ip = mtodoff(m, struct ip *, hoff); 279 iphlen = ip->ip_hl << 2; 280 281 /* 282 * XXX generic packet handling defrag on CPU 0 for now. 283 */ 284 if (ntohs(ip->ip_off) & (IP_MF | IP_OFFMASK)) { 285 hash = 0; 286 goto back; 287 } 288 289 switch (ip->ip_p) { 290 case IPPROTO_TCP: 291 th = (struct tcphdr *)((caddr_t)ip + iphlen); 292 hash = INP_MPORT_HASH_TCP(ip->ip_src.s_addr, ip->ip_dst.s_addr, 293 th->th_sport, th->th_dport); 294 break; 295 296 case IPPROTO_UDP: 297 if (IN_MULTICAST(ntohl(ip->ip_dst.s_addr))) { 298 /* XXX handle multicast on CPU0 for now */ 299 hash = 0; 300 break; 301 } 302 uh = (struct udphdr *)((caddr_t)ip + iphlen); 303 hash = INP_MPORT_HASH_UDP(ip->ip_src.s_addr, ip->ip_dst.s_addr, 304 uh->uh_sport, uh->uh_dport); 305 break; 306 307 default: 308 hash = 0; 309 break; 310 } 311 back: 312 m->m_flags |= M_HASH; 313 m->m_pkthdr.hash = hash; 314 } 315 316 void 317 ip_hashfn_in(struct mbuf **mptr, int hoff) 318 { 319 ip_hashfn(mptr, hoff, IP_MPORT_IN); 320 } 321 322 /* 323 * Verify and adjust the hash value of the packet. 324 * 325 * Unlike ip_hashfn(), the packet content is not accessed. The packet info 326 * (pi) and the hash of the packet (m_pkthdr.hash) is used instead. 327 * 328 * Caller has already made sure that m_pkthdr.hash is valid, i.e. m_flags 329 * has M_HASH set. 330 */ 331 void 332 ip_hashcheck(struct mbuf *m, const struct pktinfo *pi) 333 { 334 KASSERT((m->m_flags & M_HASH), ("no valid packet hash")); 335 336 /* 337 * XXX generic packet handling defrag on CPU 0 for now. 338 */ 339 if (pi->pi_flags & PKTINFO_FLAG_FRAG) { 340 m->m_pkthdr.hash = 0; 341 return; 342 } 343 344 switch (pi->pi_l3proto) { 345 case IPPROTO_TCP: 346 case IPPROTO_UDP: 347 break; 348 349 default: 350 /* Let software calculate the hash */ 351 m->m_flags &= ~M_HASH; 352 break; 353 } 354 } 355 356 /* 357 * This is used to map a socket to a message port for sendmsg() and friends. 358 * It is not called for any other purpose. In the case of TCP we just return 359 * the port already installed in the socket. 360 */ 361 lwkt_port_t 362 tcp_soport(struct socket *so, struct sockaddr *nam, 363 struct mbuf **dummy __unused) 364 { 365 return(so->so_port); 366 } 367 368 /* 369 * Used to route icmp messages to the proper protocol thread for ctlinput 370 * operation. 371 */ 372 lwkt_port_t 373 tcp_ctlport(int cmd, struct sockaddr *sa, void *vip) 374 { 375 struct ip *ip = vip; 376 struct tcphdr *th; 377 struct in_addr faddr; 378 int cpu; 379 380 faddr = ((struct sockaddr_in *)sa)->sin_addr; 381 if (sa->sa_family != AF_INET || faddr.s_addr == INADDR_ANY) 382 return(NULL); 383 if (ip == NULL || PRC_IS_REDIRECT(cmd) || cmd == PRC_HOSTDEAD) { 384 /* 385 * A new message will be allocated later to save necessary 386 * information and will be forwarded to all network protocol 387 * threads in the following way: 388 * 389 * (the the thread owns the msgport that we return here) 390 * netisr0 <--+ 391 * | | 392 * | | 393 * | | 394 * +-------+ 395 * sendmsg 396 * [msg is kmalloc()ed] 397 * 398 * 399 * Later on, when the msg is received by netisr0: 400 * 401 * forwardmsg forwardmsg 402 * netisr0 ---------> netisr1 ---------> netisrN 403 * [msg is kfree()ed] 404 */ 405 return cpu0_ctlport(cmd, sa, vip); 406 } else { 407 th = (struct tcphdr *)((caddr_t)ip + (ip->ip_hl << 2)); 408 cpu = tcp_addrcpu(faddr.s_addr, th->th_dport, 409 ip->ip_src.s_addr, th->th_sport); 410 } 411 return(netisr_cpuport(cpu)); 412 } 413 414 lwkt_port_t 415 tcp_addrport(in_addr_t faddr, in_port_t fport, in_addr_t laddr, in_port_t lport) 416 { 417 return(netisr_cpuport(tcp_addrcpu(faddr, fport, laddr, lport))); 418 } 419 420 lwkt_port_t 421 tcp_addrport0(void) 422 { 423 return(netisr_cpuport(0)); 424 } 425 426 lwkt_port_t 427 udp_addrport(in_addr_t faddr, in_port_t fport, in_addr_t laddr, in_port_t lport) 428 { 429 return(netisr_cpuport(udp_addrcpu(faddr, fport, laddr, lport))); 430 } 431 432 /* 433 * Used to route icmp messages to the proper protocol thread for ctlinput 434 * operation. 435 */ 436 lwkt_port_t 437 udp_ctlport(int cmd, struct sockaddr *sa, void *vip) 438 { 439 struct ip *ip = vip; 440 struct udphdr *uh; 441 struct in_addr faddr; 442 int cpu; 443 444 faddr = ((struct sockaddr_in *)sa)->sin_addr; 445 if (sa->sa_family != AF_INET || faddr.s_addr == INADDR_ANY) 446 return(NULL); 447 if (PRC_IS_REDIRECT(cmd)) { 448 /* 449 * See the comment in tcp_ctlport; the only difference 450 * is that message is forwarded to UDP protocol theads. 451 */ 452 return cpu0_ctlport(cmd, sa, vip); 453 } else if (ip == NULL || cmd == PRC_HOSTDEAD) { 454 /* 455 * XXX 456 * Once UDP inpcbs are CPU localized, we should do 457 * the same forwarding as PRC_IS_REDIRECT(cmd) 458 */ 459 cpu = 0; 460 } else { 461 uh = (struct udphdr *)((caddr_t)ip + (ip->ip_hl << 2)); 462 463 cpu = udp_addrcpu(faddr.s_addr, ip->ip_src.s_addr, 464 uh->uh_dport, uh->uh_sport); 465 } 466 return (netisr_cpuport(cpu)); 467 } 468