xref: /dragonfly/sys/netinet/ip_demux.c (revision 8a93af2a9b3a6586d0d394bec8454562ee76044f)
1 /*
2  * Copyright (c) 2003, 2004 Jeffrey M. Hsu.  All rights reserved.
3  * Copyright (c) 2003, 2004 The DragonFly Project.  All rights reserved.
4  *
5  * This code is derived from software contributed to The DragonFly Project
6  * by Jeffrey M. Hsu.
7  *
8  * Redistribution and use in source and binary forms, with or without
9  * modification, are permitted provided that the following conditions
10  * are met:
11  * 1. Redistributions of source code must retain the above copyright
12  *    notice, this list of conditions and the following disclaimer.
13  * 2. Redistributions in binary form must reproduce the above copyright
14  *    notice, this list of conditions and the following disclaimer in the
15  *    documentation and/or other materials provided with the distribution.
16  * 3. Neither the name of The DragonFly Project nor the names of its
17  *    contributors may be used to endorse or promote products derived
18  *    from this software without specific, prior written permission.
19  *
20  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
21  * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
22  * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
23  * FOR A PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE
24  * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
25  * INCIDENTAL, SPECIAL, EXEMPLARY OR CONSEQUENTIAL DAMAGES (INCLUDING,
26  * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
27  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
28  * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
29  * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
30  * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31  * SUCH DAMAGE.
32  */
33 
34 #include "opt_inet.h"
35 #include "opt_rss.h"
36 
37 #include <sys/param.h>
38 #include <sys/systm.h>
39 #include <sys/kernel.h>
40 #include <sys/socket.h>
41 #include <sys/socketvar.h>
42 #include <sys/thread.h>
43 #include <sys/sysctl.h>
44 #include <sys/globaldata.h>
45 
46 #include <net/if.h>
47 #include <net/netisr2.h>
48 #include <net/toeplitz2.h>
49 
50 #include <netinet/in_systm.h>
51 #include <netinet/in.h>
52 #include <netinet/in_var.h>
53 #include <netinet/in_pcb.h>
54 #include <netinet/ip.h>
55 #include <netinet/ip_var.h>
56 #include <netinet/tcp.h>
57 #include <netinet/tcpip.h>
58 #include <netinet/tcp_var.h>
59 #include <netinet/udp.h>
60 #include <netinet/udp_var.h>
61 
62 struct initport_index {
63           uint32_t  port_index;
64 } __cachealign;
65 static struct initport_index  initport_indices[MAXCPU];
66 
67 /*
68  * Toeplitz hash functions - the idea is to match the hardware.
69  */
70 static __inline int
INP_MPORT_HASH_UDP(in_addr_t faddr,in_addr_t laddr,in_port_t fport,in_port_t lport)71 INP_MPORT_HASH_UDP(in_addr_t faddr, in_addr_t laddr,
72                        in_port_t fport, in_port_t lport)
73 {
74           /*
75            * NOTE: laddr could be multicast, since UDP socket could be
76            * bound to multicast address.
77            */
78           if (IN_MULTICAST(ntohl(faddr)) || IN_MULTICAST(ntohl(laddr))) {
79                     /* XXX handle multicast on CPU0 for now */
80                     return 0;
81           }
82           return toeplitz_hash(toeplitz_rawhash_addr(faddr, laddr));
83 }
84 
85 static __inline int
INP_MPORT_HASH_TCP(in_addr_t faddr,in_addr_t laddr,in_port_t fport,in_port_t lport)86 INP_MPORT_HASH_TCP(in_addr_t faddr, in_addr_t laddr,
87                        in_port_t fport, in_port_t lport)
88 {
89           return toeplitz_hash(
90                  toeplitz_rawhash_addrport(faddr, laddr, fport, lport));
91 }
92 
93 /*
94  * Hash for the network address.
95  */
96 int
tcp_addrhash(in_addr_t faddr,in_port_t fport,in_addr_t laddr,in_port_t lport)97 tcp_addrhash(in_addr_t faddr, in_port_t fport, in_addr_t laddr, in_port_t lport)
98 {
99           return (INP_MPORT_HASH_TCP(faddr, laddr, fport, lport));
100 }
101 
102 int
udp_addrhash(in_addr_t faddr,in_port_t fport,in_addr_t laddr,in_port_t lport)103 udp_addrhash(in_addr_t faddr, in_port_t fport, in_addr_t laddr, in_port_t lport)
104 {
105           return (INP_MPORT_HASH_UDP(faddr, laddr, fport, lport));
106 }
107 
108 /*
109  * Map a network address to a processor.
110  */
111 int
tcp_addrcpu(in_addr_t faddr,in_port_t fport,in_addr_t laddr,in_port_t lport)112 tcp_addrcpu(in_addr_t faddr, in_port_t fport, in_addr_t laddr, in_port_t lport)
113 {
114           return (netisr_hashcpu(INP_MPORT_HASH_TCP(faddr, laddr, fport, lport)));
115 }
116 
117 int
udp_addrcpu(in_addr_t faddr,in_port_t fport,in_addr_t laddr,in_port_t lport)118 udp_addrcpu(in_addr_t faddr, in_port_t fport, in_addr_t laddr, in_port_t lport)
119 {
120           return (netisr_hashcpu(INP_MPORT_HASH_UDP(faddr, laddr, fport, lport)));
121 }
122 
123 /*
124  * If the packet is a valid IP datagram, upon returning of this function
125  * following things are promised:
126  *
127  * o  IP header (including any possible IP options) and any data preceding
128  *    IP header (usually linker layer header) are in one mbuf (m_len).
129  * o  IP header length is not less than the minimum (sizeof(struct ip)).
130  * o  IP total length is not less than IP header length.
131  * o  IP datagram resides completely in the mbuf chain,
132  *    i.e. pkthdr.len >= IP total length.
133  *
134  * If the packet is a UDP datagram,
135  * o  IP header (including any possible IP options) and UDP header are in
136  *    one mbuf (m_len).
137  * o  IP total length is not less than (IP header length + UDP header length).
138  *
139  * If the packet is a TCP segment,
140  * o  IP header (including any possible IP options) and TCP header (including
141  *    any possible TCP options) are in one mbuf (m_len).
142  * o  TCP header length is not less than the minimum (sizeof(struct tcphdr)).
143  * o  IP total length is not less than (IP header length + TCP header length).
144  */
145 boolean_t
ip_lengthcheck(struct mbuf ** mp,int hoff)146 ip_lengthcheck(struct mbuf **mp, int hoff)
147 {
148           struct mbuf *m = *mp;
149           struct ip *ip;
150           int len, iphlen, iplen;
151           struct tcphdr *th;
152           int thoff;                                        /* TCP data offset */
153 
154           len = hoff + sizeof(struct ip);
155 
156           /* The packet must be at least the size of an IP header. */
157           if (m->m_pkthdr.len < len) {
158                     ipstat.ips_tooshort++;
159                     goto fail;
160           }
161 
162           /* The fixed IP header must reside completely in the first mbuf. */
163           if (m->m_len < len) {
164                     m = m_pullup(m, len);
165                     if (m == NULL) {
166                               ipstat.ips_toosmall++;
167                               goto fail;
168                     }
169           }
170 
171           ip = mtodoff(m, struct ip *, hoff);
172 
173           /* Bound check the packet's stated IP header length. */
174           iphlen = ip->ip_hl << 2;
175           if (iphlen < sizeof(struct ip)) {       /* minimum header length */
176                     ipstat.ips_badhlen++;
177                     goto fail;
178           }
179 
180           /* The full IP header must reside completely in the one mbuf. */
181           if (m->m_len < hoff + iphlen) {
182                     m = m_pullup(m, hoff + iphlen);
183                     if (m == NULL) {
184                               ipstat.ips_badhlen++;
185                               goto fail;
186                     }
187                     ip = mtodoff(m, struct ip *, hoff);
188           }
189 
190           iplen = ntohs(ip->ip_len);
191 
192           /*
193            * Check that the amount of data in the buffers is as
194            * at least much as the IP header would have us expect.
195            */
196           if (m->m_pkthdr.len < hoff + iplen) {
197                     ipstat.ips_tooshort++;
198                     goto fail;
199           }
200 
201           /*
202            * Fragments other than the first fragment don't have much
203            * length information.
204            */
205           if (ip->ip_off & htons(IP_OFFMASK))
206                     goto ipcheckonly;
207 
208           /*
209            * The TCP/IP or UDP/IP header must be entirely contained within
210            * the first fragment of a packet.  Packet filters will break if they
211            * aren't.
212            *
213            * Since the packet will be trimmed to ip_len we must also make sure
214            * the potentially trimmed down length is still sufficient to hold
215            * the header(s).
216            */
217           switch (ip->ip_p) {
218           case IPPROTO_TCP:
219                     if (iplen < iphlen + sizeof(struct tcphdr)) {
220                               ++tcpstat.tcps_rcvshort;
221                               goto fail;
222                     }
223                     if (m->m_len < hoff + iphlen + sizeof(struct tcphdr)) {
224                               m = m_pullup(m, hoff + iphlen + sizeof(struct tcphdr));
225                               if (m == NULL) {
226                                         tcpstat.tcps_rcvshort++;
227                                         goto fail;
228                               }
229                               ip = mtodoff(m, struct ip *, hoff);
230                     }
231                     th = (struct tcphdr *)((caddr_t)ip + iphlen);
232                     thoff = th->th_off << 2;
233                     if (thoff < sizeof(struct tcphdr) ||
234                         thoff + iphlen > ntohs(ip->ip_len)) {
235                               tcpstat.tcps_rcvbadoff++;
236                               goto fail;
237                     }
238                     if (m->m_len < hoff + iphlen + thoff) {
239                               m = m_pullup(m, hoff + iphlen + thoff);
240                               if (m == NULL) {
241                                         tcpstat.tcps_rcvshort++;
242                                         goto fail;
243                               }
244                     }
245                     break;
246           case IPPROTO_UDP:
247                     if (iplen < iphlen + sizeof(struct udphdr)) {
248                               ++udp_stat.udps_hdrops;
249                               goto fail;
250                     }
251                     if (m->m_len < hoff + iphlen + sizeof(struct udphdr)) {
252                               m = m_pullup(m, hoff + iphlen + sizeof(struct udphdr));
253                               if (m == NULL) {
254                                         udp_stat.udps_hdrops++;
255                                         goto fail;
256                               }
257                     }
258                     break;
259           default:
260 ipcheckonly:
261                     if (iplen < iphlen) {
262                               ++ipstat.ips_badlen;
263                               goto fail;
264                     }
265                     break;
266           }
267 
268           m->m_flags |= M_LENCHECKED;
269           *mp = m;
270           return TRUE;
271 
272 fail:
273           if (m != NULL)
274                     m_freem(m);
275           *mp = NULL;
276           return FALSE;
277 }
278 
279 /*
280  * Assign a protocol processing thread to a packet.  The IP header is at
281  * offset (hoff) in the packet (i.e. the mac header might still be intact).
282  *
283  * This function can blow away the mbuf if the packet is malformed.
284  */
285 void
ip_hashfn(struct mbuf ** mptr,int hoff)286 ip_hashfn(struct mbuf **mptr, int hoff)
287 {
288           struct ip *ip;
289           int iphlen;
290           struct tcphdr *th;
291           struct udphdr *uh;
292           struct mbuf *m;
293           int hash;
294 
295           if (((*mptr)->m_flags & M_LENCHECKED) == 0) {
296                     if (!ip_lengthcheck(mptr, hoff))
297                               return;
298           }
299 
300           m = *mptr;
301           ip = mtodoff(m, struct ip *, hoff);
302           iphlen = ip->ip_hl << 2;
303 
304           if (ip->ip_off & htons(IP_MF | IP_OFFMASK)) {
305                     hash = toeplitz_hash(toeplitz_rawhash_addr(
306                                   ip->ip_src.s_addr, ip->ip_dst.s_addr));
307                     goto back;
308           }
309 
310           switch (ip->ip_p) {
311           case IPPROTO_TCP:
312                     th = (struct tcphdr *)((caddr_t)ip + iphlen);
313                     hash = INP_MPORT_HASH_TCP(ip->ip_src.s_addr, ip->ip_dst.s_addr,
314                         th->th_sport, th->th_dport);
315                     break;
316 
317           case IPPROTO_UDP:
318                     uh = (struct udphdr *)((caddr_t)ip + iphlen);
319                     hash = INP_MPORT_HASH_UDP(ip->ip_src.s_addr, ip->ip_dst.s_addr,
320                         uh->uh_sport, uh->uh_dport);
321                     break;
322 
323           default:
324                     hash = 0;
325                     break;
326           }
327 back:
328           m_sethash(m, hash);
329 }
330 
331 /*
332  * Verify and adjust the hash value of the packet.
333  *
334  * Unlike ip_hashfn(), the packet content is not accessed.  The packet info
335  * (pi) and the hash of the packet (m_pkthdr.hash) is used instead.
336  *
337  * Caller has already made sure that m_pkthdr.hash is valid, i.e. m_flags
338  * has M_HASH set.
339  */
340 void
ip_hashcheck(struct mbuf * m,const struct pktinfo * pi)341 ip_hashcheck(struct mbuf *m, const struct pktinfo *pi)
342 {
343           KASSERT((m->m_flags & M_HASH), ("no valid packet hash"));
344 
345           switch (pi->pi_l3proto) {
346           case IPPROTO_TCP:
347           case IPPROTO_UDP:
348                     break;
349 
350           default:
351                     /* Let software calculate the hash */
352                     m->m_flags &= ~M_HASH;
353                     break;
354           }
355 }
356 
357 /*
358  * This is used to map a socket to a message port for sendmsg() and friends.
359  * It is not called for any other purpose.  In the case of TCP we just return
360  * the port already installed in the socket.
361  */
362 lwkt_port_t
tcp_soport(struct socket * so,struct sockaddr * nam,struct mbuf ** dummy __unused)363 tcp_soport(struct socket *so, struct sockaddr *nam,
364              struct mbuf **dummy __unused)
365 {
366           return(so->so_port);
367 }
368 
369 /*
370  * Used to route icmp messages to the proper protocol thread for ctlinput
371  * operation.
372  */
373 lwkt_port_t
tcp_ctlport(int cmd,struct sockaddr * sa,void * vip,int * cpuid)374 tcp_ctlport(int cmd, struct sockaddr *sa, void *vip, int *cpuid)
375 {
376           struct ip *ip = vip;
377           inp_notify_t notify;
378           int arg;
379 
380           notify = tcp_get_inpnotify(cmd, sa, &arg, &ip, cpuid);
381           if (notify == NULL)
382                     return NULL;
383 
384           if (*cpuid == netisr_ncpus) {
385                     /*
386                      * Go through all effective netisr CPUs.
387                      *
388                      * A new message will be allocated later to save necessary
389                      * information and will be forwarded to all network protocol
390                      * threads in the following way:
391                      *
392                      * (the the thread owns the msgport that we return here)
393                      * netisr0 <--+
394                      *    |       |
395                      *    |       |
396                      *    |       |
397                      *    +-------+
398                      *     sendmsg
399                      *     [msg is kmalloc()ed]
400                      *
401                      *
402                      * Later on, when the msg is received by netisr0:
403                      *
404                      *         forwardmsg         forwardmsg
405                      * netisr0 ---------> netisr1 ---------> netisrN
406                      *                                       [msg is kfree()ed]
407                      */
408                     return netisr_cpuport(0);
409           } else {
410                     return netisr_cpuport(*cpuid);
411           }
412 }
413 
414 lwkt_port_t
tcp_addrport(in_addr_t faddr,in_port_t fport,in_addr_t laddr,in_port_t lport)415 tcp_addrport(in_addr_t faddr, in_port_t fport, in_addr_t laddr, in_port_t lport)
416 {
417           return(netisr_cpuport(tcp_addrcpu(faddr, fport, laddr, lport)));
418 }
419 
420 lwkt_port_t
tcp_addrport0(void)421 tcp_addrport0(void)
422 {
423           return(netisr_cpuport(0));
424 }
425 
426 lwkt_port_t
udp_addrport(in_addr_t faddr,in_port_t fport,in_addr_t laddr,in_port_t lport)427 udp_addrport(in_addr_t faddr, in_port_t fport, in_addr_t laddr, in_port_t lport)
428 {
429           return(netisr_cpuport(udp_addrcpu(faddr, fport, laddr, lport)));
430 }
431 
432 /*
433  * Used to route icmp messages to the proper protocol thread for ctlinput
434  * operation.
435  */
436 lwkt_port_t
udp_ctlport(int cmd,struct sockaddr * sa,void * vip,int * cpuid)437 udp_ctlport(int cmd, struct sockaddr *sa, void *vip, int *cpuid)
438 {
439           struct ip *ip = vip;
440           inp_notify_t notify;
441 
442           notify = udp_get_inpnotify(cmd, sa, &ip, cpuid);
443           if (notify == NULL)
444                     return NULL;
445 
446           if (*cpuid == netisr_ncpus) {
447                     /*
448                      * Go through all effective netisr CPUs.
449                      *
450                      * See the comment in tcp_ctlport.
451                      */
452                     return netisr_cpuport(0);
453           } else {
454                     return netisr_cpuport(*cpuid);
455           }
456 }
457 
458 static __inline struct lwkt_port *
inp_initport(void)459 inp_initport(void)
460 {
461           int cpu = mycpuid;
462 
463           if (cpu < netisr_ncpus) {
464                     return netisr_cpuport(cpu);
465           } else {
466                     return netisr_cpuport(
467                         ((initport_indices[cpu].port_index++) + (uint32_t)cpu) %
468                         netisr_ncpus);
469           }
470 }
471 
472 struct lwkt_port *
tcp_initport(void)473 tcp_initport(void)
474 {
475           return inp_initport();
476 }
477 
478 struct lwkt_port *
udp_initport(void)479 udp_initport(void)
480 {
481           return inp_initport();
482 }
483