xref: /dragonfly/sys/netinet/ip_demux.c (revision f7df6c8e) 
1 /*
2  * Copyright (c) 2003, 2004 Jeffrey M. Hsu.  All rights reserved.
3  * Copyright (c) 2003, 2004 The DragonFly Project.  All rights reserved.
4  *
5  * This code is derived from software contributed to The DragonFly Project
6  * by Jeffrey M. Hsu.
7  *
8  * Redistribution and use in source and binary forms, with or without
9  * modification, are permitted provided that the following conditions
10  * are met:
11  * 1. Redistributions of source code must retain the above copyright
12  *    notice, this list of conditions and the following disclaimer.
13  * 2. Redistributions in binary form must reproduce the above copyright
14  *    notice, this list of conditions and the following disclaimer in the
15  *    documentation and/or other materials provided with the distribution.
16  * 3. Neither the name of The DragonFly Project nor the names of its
17  *    contributors may be used to endorse or promote products derived
18  *    from this software without specific, prior written permission.
19  *
20  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
21  * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
22  * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
23  * FOR A PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE
24  * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
25  * INCIDENTAL, SPECIAL, EXEMPLARY OR CONSEQUENTIAL DAMAGES (INCLUDING,
26  * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
27  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
28  * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
29  * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
30  * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31  * SUCH DAMAGE.
32  */
33 
34 #include "opt_inet.h"
35 #include "opt_rss.h"
36 
37 #include <sys/param.h>
38 #include <sys/systm.h>
39 #include <sys/kernel.h>
40 #include <sys/socket.h>
41 #include <sys/socketvar.h>
42 #include <sys/thread.h>
43 #include <sys/sysctl.h>
44 #include <sys/globaldata.h>
45 
46 #include <net/if.h>
47 #include <net/netisr2.h>
48 #include <net/toeplitz2.h>
49 
50 #include <netinet/in_systm.h>
51 #include <netinet/in.h>
52 #include <netinet/in_var.h>
53 #include <netinet/in_pcb.h>
54 #include <netinet/ip.h>
55 #include <netinet/ip_var.h>
56 #include <netinet/tcp.h>
57 #include <netinet/tcpip.h>
58 #include <netinet/tcp_var.h>
59 #include <netinet/udp.h>
60 #include <netinet/udp_var.h>
61 
62 /*
63  * Toeplitz hash functions - the idea is to match the hardware.
64  */
65 static __inline int
66 INP_MPORT_HASH_UDP(in_addr_t faddr, in_addr_t laddr,
67 		   in_port_t fport, in_port_t lport)
68 {
69 	return toeplitz_hash(toeplitz_rawhash_addr(faddr, laddr));
70 }
71 
72 static __inline int
73 INP_MPORT_HASH_TCP(in_addr_t faddr, in_addr_t laddr,
74 		   in_port_t fport, in_port_t lport)
75 {
76 	return toeplitz_hash(
77 	       toeplitz_rawhash_addrport(faddr, laddr, fport, lport));
78 }
79 
80 /*
81  * Map a network address to a processor.
82  */
83 int
84 tcp_addrcpu(in_addr_t faddr, in_port_t fport, in_addr_t laddr, in_port_t lport)
85 {
86 	return (netisr_hashcpu(INP_MPORT_HASH_TCP(faddr, laddr, fport, lport)));
87 }
88 
89 int
90 udp_addrcpu(in_addr_t faddr, in_port_t fport, in_addr_t laddr, in_port_t lport)
91 {
92 	/*
93 	 * NOTE: laddr could be multicast, since UDP socket could be
94 	 * bound to multicast address.
95 	 */
96 	if (IN_MULTICAST(ntohl(faddr)) || IN_MULTICAST(ntohl(laddr))) {
97 		/* XXX handle multicast on CPU0 for now */
98 		return 0;
99 	}
100 	return (netisr_hashcpu(INP_MPORT_HASH_UDP(faddr, laddr, fport, lport)));
101 }
102 
103 /*
104  * If the packet is a valid IP datagram, upon returning of this function
105  * following things are promised:
106  *
107  * o  IP header (including any possible IP options) and any data preceding
108  *    IP header (usually linker layer header) are in one mbuf (m_len).
109  * o  IP header length is not less than the minimum (sizeof(struct ip)).
110  * o  IP total length is not less than IP header length.
111  * o  IP datagram resides completely in the mbuf chain,
112  *    i.e. pkthdr.len >= IP total length.
113  *
114  * If the packet is a UDP datagram,
115  * o  IP header (including any possible IP options) and UDP header are in
116  *    one mbuf (m_len).
117  * o  IP total length is not less than (IP header length + UDP header length).
118  *
119  * If the packet is a TCP segment,
120  * o  IP header (including any possible IP options) and TCP header (including
121  *    any possible TCP options) are in one mbuf (m_len).
122  * o  TCP header length is not less than the minimum (sizeof(struct tcphdr)).
123  * o  IP total length is not less than (IP header length + TCP header length).
124  */
125 boolean_t
126 ip_lengthcheck(struct mbuf **mp, int hoff)
127 {
128 	struct mbuf *m = *mp;
129 	struct ip *ip;
130 	int len, iphlen, iplen;
131 	struct tcphdr *th;
132 	int thoff;				/* TCP data offset */
133 
134 	len = hoff + sizeof(struct ip);
135 
136 	/* The packet must be at least the size of an IP header. */
137 	if (m->m_pkthdr.len < len) {
138 		ipstat.ips_tooshort++;
139 		goto fail;
140 	}
141 
142 	/* The fixed IP header must reside completely in the first mbuf. */
143 	if (m->m_len < len) {
144 		m = m_pullup(m, len);
145 		if (m == NULL) {
146 			ipstat.ips_toosmall++;
147 			goto fail;
148 		}
149 	}
150 
151 	ip = mtodoff(m, struct ip *, hoff);
152 
153 	/* Bound check the packet's stated IP header length. */
154 	iphlen = ip->ip_hl << 2;
155 	if (iphlen < sizeof(struct ip)) {	/* minimum header length */
156 		ipstat.ips_badhlen++;
157 		goto fail;
158 	}
159 
160 	/* The full IP header must reside completely in the one mbuf. */
161 	if (m->m_len < hoff + iphlen) {
162 		m = m_pullup(m, hoff + iphlen);
163 		if (m == NULL) {
164 			ipstat.ips_badhlen++;
165 			goto fail;
166 		}
167 		ip = mtodoff(m, struct ip *, hoff);
168 	}
169 
170 	iplen = ntohs(ip->ip_len);
171 
172 	/*
173 	 * Check that the amount of data in the buffers is as
174 	 * at least much as the IP header would have us expect.
175 	 */
176 	if (m->m_pkthdr.len < hoff + iplen) {
177 		ipstat.ips_tooshort++;
178 		goto fail;
179 	}
180 
181 	/*
182 	 * Fragments other than the first fragment don't have much
183 	 * length information.
184 	 */
185 	if (ntohs(ip->ip_off) & IP_OFFMASK)
186 		goto ipcheckonly;
187 
188 	/*
189 	 * The TCP/IP or UDP/IP header must be entirely contained within
190 	 * the first fragment of a packet.  Packet filters will break if they
191 	 * aren't.
192 	 *
193 	 * Since the packet will be trimmed to ip_len we must also make sure
194 	 * the potentially trimmed down length is still sufficient to hold
195 	 * the header(s).
196 	 */
197 	switch (ip->ip_p) {
198 	case IPPROTO_TCP:
199 		if (iplen < iphlen + sizeof(struct tcphdr)) {
200 			++tcpstat.tcps_rcvshort;
201 			goto fail;
202 		}
203 		if (m->m_len < hoff + iphlen + sizeof(struct tcphdr)) {
204 			m = m_pullup(m, hoff + iphlen + sizeof(struct tcphdr));
205 			if (m == NULL) {
206 				tcpstat.tcps_rcvshort++;
207 				goto fail;
208 			}
209 			ip = mtodoff(m, struct ip *, hoff);
210 		}
211 		th = (struct tcphdr *)((caddr_t)ip + iphlen);
212 		thoff = th->th_off << 2;
213 		if (thoff < sizeof(struct tcphdr) ||
214 		    thoff + iphlen > ntohs(ip->ip_len)) {
215 			tcpstat.tcps_rcvbadoff++;
216 			goto fail;
217 		}
218 		if (m->m_len < hoff + iphlen + thoff) {
219 			m = m_pullup(m, hoff + iphlen + thoff);
220 			if (m == NULL) {
221 				tcpstat.tcps_rcvshort++;
222 				goto fail;
223 			}
224 		}
225 		break;
226 	case IPPROTO_UDP:
227 		if (iplen < iphlen + sizeof(struct udphdr)) {
228 			++udp_stat.udps_hdrops;
229 			goto fail;
230 		}
231 		if (m->m_len < hoff + iphlen + sizeof(struct udphdr)) {
232 			m = m_pullup(m, hoff + iphlen + sizeof(struct udphdr));
233 			if (m == NULL) {
234 				udp_stat.udps_hdrops++;
235 				goto fail;
236 			}
237 		}
238 		break;
239 	default:
240 ipcheckonly:
241 		if (iplen < iphlen) {
242 			++ipstat.ips_badlen;
243 			goto fail;
244 		}
245 		break;
246 	}
247 
248 	m->m_flags |= M_LENCHECKED;
249 	*mp = m;
250 	return TRUE;
251 
252 fail:
253 	if (m != NULL)
254 		m_freem(m);
255 	*mp = NULL;
256 	return FALSE;
257 }
258 
259 /*
260  * Assign a protocol processing thread to a packet.  The IP header is at
261  * offset (hoff) in the packet (i.e. the mac header might still be intact).
262  *
263  * This function can blow away the mbuf if the packet is malformed.
264  */
265 void
266 ip_hashfn(struct mbuf **mptr, int hoff)
267 {
268 	struct ip *ip;
269 	int iphlen;
270 	struct tcphdr *th;
271 	struct udphdr *uh;
272 	struct mbuf *m;
273 	int hash;
274 
275 	if (!ip_lengthcheck(mptr, hoff))
276 		return;
277 
278 	m = *mptr;
279 	ip = mtodoff(m, struct ip *, hoff);
280 	iphlen = ip->ip_hl << 2;
281 
282 	if (ntohs(ip->ip_off) & (IP_MF | IP_OFFMASK)) {
283 		hash = toeplitz_hash(toeplitz_rawhash_addr(
284 		    ip->ip_src.s_addr, ip->ip_dst.s_addr));
285 		goto back;
286 	}
287 
288 	switch (ip->ip_p) {
289 	case IPPROTO_TCP:
290 		th = (struct tcphdr *)((caddr_t)ip + iphlen);
291 		hash = INP_MPORT_HASH_TCP(ip->ip_src.s_addr, ip->ip_dst.s_addr,
292 		    th->th_sport, th->th_dport);
293 		break;
294 
295 	case IPPROTO_UDP:
296 		if (IN_MULTICAST(ntohl(ip->ip_dst.s_addr))) {
297 			/* XXX handle multicast on CPU0 for now */
298 			hash = 0;
299 			break;
300 		}
301 		uh = (struct udphdr *)((caddr_t)ip + iphlen);
302 		hash = INP_MPORT_HASH_UDP(ip->ip_src.s_addr, ip->ip_dst.s_addr,
303 		    uh->uh_sport, uh->uh_dport);
304 		break;
305 
306 	default:
307 		hash = 0;
308 		break;
309 	}
310 back:
311 	m->m_flags |= M_HASH;
312 	m->m_pkthdr.hash = hash;
313 }
314 
315 /*
316  * Verify and adjust the hash value of the packet.
317  *
318  * Unlike ip_hashfn(), the packet content is not accessed.  The packet info
319  * (pi) and the hash of the packet (m_pkthdr.hash) is used instead.
320  *
321  * Caller has already made sure that m_pkthdr.hash is valid, i.e. m_flags
322  * has M_HASH set.
323  */
324 void
325 ip_hashcheck(struct mbuf *m, const struct pktinfo *pi)
326 {
327 	KASSERT((m->m_flags & M_HASH), ("no valid packet hash"));
328 
329 	switch (pi->pi_l3proto) {
330 	case IPPROTO_TCP:
331 	case IPPROTO_UDP:
332 		break;
333 
334 	default:
335 		/* Let software calculate the hash */
336 		m->m_flags &= ~M_HASH;
337 		break;
338 	}
339 }
340 
341 /*
342  * This is used to map a socket to a message port for sendmsg() and friends.
343  * It is not called for any other purpose.  In the case of TCP we just return
344  * the port already installed in the socket.
345  */
346 lwkt_port_t
347 tcp_soport(struct socket *so, struct sockaddr *nam,
348 	   struct mbuf **dummy __unused)
349 {
350 	return(so->so_port);
351 }
352 
353 /*
354  * Used to route icmp messages to the proper protocol thread for ctlinput
355  * operation.
356  */
357 lwkt_port_t
358 tcp_ctlport(int cmd, struct sockaddr *sa, void *vip)
359 {
360 	struct ip *ip = vip;
361 	inp_notify_t notify;
362 	int cpu, arg;
363 
364 	notify = tcp_get_inpnotify(cmd, sa, &arg, &ip, &cpu);
365 	if (notify == NULL)
366 		return NULL;
367 
368 	if (cpu == ncpus) {
369 		/*
370 		 * Go through all CPUs.
371 		 *
372 		 * A new message will be allocated later to save necessary
373 		 * information and will be forwarded to all network protocol
374 		 * threads in the following way:
375 		 *
376 		 * (the the thread owns the msgport that we return here)
377 		 * netisr0 <--+
378 		 *    |       |
379 		 *    |       |
380 		 *    |       |
381 		 *    +-------+
382 		 *     sendmsg
383 		 *     [msg is kmalloc()ed]
384 		 *
385 		 *
386 		 * Later on, when the msg is received by netisr0:
387 		 *
388 		 *         forwardmsg         forwardmsg
389 		 * netisr0 ---------> netisr1 ---------> netisrN
390 		 *                                       [msg is kfree()ed]
391 		 */
392 		return cpu0_ctlport(cmd, sa, vip);
393 	} else {
394 		return netisr_cpuport(cpu);
395 	}
396 }
397 
398 lwkt_port_t
399 tcp_addrport(in_addr_t faddr, in_port_t fport, in_addr_t laddr, in_port_t lport)
400 {
401 	return(netisr_cpuport(tcp_addrcpu(faddr, fport, laddr, lport)));
402 }
403 
404 lwkt_port_t
405 tcp_addrport0(void)
406 {
407 	return(netisr_cpuport(0));
408 }
409 
410 lwkt_port_t
411 udp_addrport(in_addr_t faddr, in_port_t fport, in_addr_t laddr, in_port_t lport)
412 {
413 	return(netisr_cpuport(udp_addrcpu(faddr, fport, laddr, lport)));
414 }
415 
416 /*
417  * Used to route icmp messages to the proper protocol thread for ctlinput
418  * operation.
419  */
420 lwkt_port_t
421 udp_ctlport(int cmd, struct sockaddr *sa, void *vip)
422 {
423 	struct ip *ip = vip;
424 	inp_notify_t notify;
425 	int cpu;
426 
427 	notify = udp_get_inpnotify(cmd, sa, &ip, &cpu);
428 	if (notify == NULL)
429 		return NULL;
430 
431 	if (cpu == ncpus) {
432 		/*
433 		 * Go through all CPUs.
434 		 *
435 		 * See the comment in tcp_ctlport.
436 		 */
437 		return cpu0_ctlport(cmd, sa, vip);
438 	} else {
439 		return netisr_cpuport(cpu);
440 	}
441 }
442 
443 struct lwkt_port *
444 tcp_initport(void)
445 {
446 	return netisr_cpuport(mycpuid & ncpus2_mask);
447 }
448 
449 struct lwkt_port *
450 udp_initport(void)
451 {
452 	return netisr_cpuport(mycpuid & ncpus2_mask);
453 }
454