FreeBSD/Linux Kernel Cross Reference
sys/netinet/ip_flow.c
1 /* $NetBSD: ip_flow.c,v 1.29 2005/02/03 22:43:34 perry Exp $ */
2
3 /*-
4 * Copyright (c) 1998 The NetBSD Foundation, Inc.
5 * All rights reserved.
6 *
7 * This code is derived from software contributed to The NetBSD Foundation
8 * by the 3am Software Foundry ("3am"). It was developed by Matt Thomas.
9 *
10 * Redistribution and use in source and binary forms, with or without
11 * modification, are permitted provided that the following conditions
12 * are met:
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in the
17 * documentation and/or other materials provided with the distribution.
18 * 3. All advertising materials mentioning features or use of this software
19 * must display the following acknowledgement:
20 * This product includes software developed by the NetBSD
21 * Foundation, Inc. and its contributors.
22 * 4. Neither the name of The NetBSD Foundation nor the names of its
23 * contributors may be used to endorse or promote products derived
24 * from this software without specific prior written permission.
25 *
26 * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
27 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
28 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
29 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
30 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
31 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
32 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
33 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
34 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
35 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
36 * POSSIBILITY OF SUCH DAMAGE.
37 */
38
39 #include <sys/cdefs.h>
40 __KERNEL_RCSID(0, "$NetBSD: ip_flow.c,v 1.29 2005/02/03 22:43:34 perry Exp $");
41
42 #include <sys/param.h>
43 #include <sys/systm.h>
44 #include <sys/malloc.h>
45 #include <sys/mbuf.h>
46 #include <sys/domain.h>
47 #include <sys/protosw.h>
48 #include <sys/socket.h>
49 #include <sys/socketvar.h>
50 #include <sys/errno.h>
51 #include <sys/time.h>
52 #include <sys/kernel.h>
53 #include <sys/pool.h>
54 #include <sys/sysctl.h>
55
56 #include <net/if.h>
57 #include <net/if_dl.h>
58 #include <net/route.h>
59 #include <net/pfil.h>
60
61 #include <netinet/in.h>
62 #include <netinet/in_systm.h>
63 #include <netinet/ip.h>
64 #include <netinet/in_pcb.h>
65 #include <netinet/in_var.h>
66 #include <netinet/ip_var.h>
67
68 POOL_INIT(ipflow_pool, sizeof(struct ipflow), 0, 0, 0, "ipflowpl", NULL);
69
70 LIST_HEAD(ipflowhead, ipflow);
71
72 #define IPFLOW_TIMER (5 * PR_SLOWHZ)
73 #define IPFLOW_HASHSIZE (1 << IPFLOW_HASHBITS)
74
75 static struct ipflowhead ipflowtable[IPFLOW_HASHSIZE];
76 static struct ipflowhead ipflowlist;
77 static int ipflow_inuse;
78
79 #define IPFLOW_INSERT(bucket, ipf) \
80 do { \
81 LIST_INSERT_HEAD((bucket), (ipf), ipf_hash); \
82 LIST_INSERT_HEAD(&ipflowlist, (ipf), ipf_list); \
83 } while (/*CONSTCOND*/ 0)
84
85 #define IPFLOW_REMOVE(ipf) \
86 do { \
87 LIST_REMOVE((ipf), ipf_hash); \
88 LIST_REMOVE((ipf), ipf_list); \
89 } while (/*CONSTCOND*/ 0)
90
91 #ifndef IPFLOW_MAX
92 #define IPFLOW_MAX 256
93 #endif
94 int ip_maxflows = IPFLOW_MAX;
95
96 static unsigned
97 ipflow_hash(struct in_addr dst, struct in_addr src, unsigned tos)
98 {
99 unsigned hash = tos;
100 int idx;
101 for (idx = 0; idx < 32; idx += IPFLOW_HASHBITS)
102 hash += (dst.s_addr >> (32 - idx)) + (src.s_addr >> idx);
103 return hash & (IPFLOW_HASHSIZE-1);
104 }
105
106 static struct ipflow *
107 ipflow_lookup(const struct ip *ip)
108 {
109 unsigned hash;
110 struct ipflow *ipf;
111
112 hash = ipflow_hash(ip->ip_dst, ip->ip_src, ip->ip_tos);
113
114 ipf = LIST_FIRST(&ipflowtable[hash]);
115 while (ipf != NULL) {
116 if (ip->ip_dst.s_addr == ipf->ipf_dst.s_addr
117 && ip->ip_src.s_addr == ipf->ipf_src.s_addr
118 && ip->ip_tos == ipf->ipf_tos)
119 break;
120 ipf = LIST_NEXT(ipf, ipf_hash);
121 }
122 return ipf;
123 }
124
125 void
126 ipflow_init(void)
127 {
128 int i;
129
130 LIST_INIT(&ipflowlist);
131 for (i = 0; i < IPFLOW_HASHSIZE; i++)
132 LIST_INIT(&ipflowtable[i]);
133 }
134
135 int
136 ipflow_fastforward(struct mbuf *m)
137 {
138 struct ip *ip, ip_store;
139 struct ipflow *ipf;
140 struct rtentry *rt;
141 struct sockaddr *dst;
142 int error;
143 int iplen;
144
145 /*
146 * Are we forwarding packets? Big enough for an IP packet?
147 */
148 if (!ipforwarding || ipflow_inuse == 0 || m->m_len < sizeof(struct ip))
149 return 0;
150
151 /*
152 * Was packet received as a link-level multicast or broadcast?
153 * If so, don't try to fast forward..
154 */
155 if ((m->m_flags & (M_BCAST|M_MCAST)) != 0)
156 return 0;
157
158 /*
159 * IP header with no option and valid version and length
160 */
161 if (IP_HDR_ALIGNED_P(mtod(m, caddr_t)))
162 ip = mtod(m, struct ip *);
163 else {
164 memcpy(&ip_store, mtod(m, caddr_t), sizeof(ip_store));
165 ip = &ip_store;
166 }
167 iplen = ntohs(ip->ip_len);
168 if (ip->ip_v != IPVERSION || ip->ip_hl != (sizeof(struct ip) >> 2) ||
169 iplen < sizeof(struct ip) || iplen > m->m_pkthdr.len)
170 return 0;
171 /*
172 * Find a flow.
173 */
174 if ((ipf = ipflow_lookup(ip)) == NULL)
175 return 0;
176
177 /*
178 * Verify the IP header checksum.
179 */
180 switch (m->m_pkthdr.csum_flags &
181 ((m->m_pkthdr.rcvif->if_csum_flags_rx & M_CSUM_IPv4) |
182 M_CSUM_IPv4_BAD)) {
183 case M_CSUM_IPv4|M_CSUM_IPv4_BAD:
184 return (0);
185
186 case M_CSUM_IPv4:
187 /* Checksum was okay. */
188 break;
189
190 default:
191 /* Must compute it ourselves. */
192 if (in_cksum(m, sizeof(struct ip)) != 0)
193 return (0);
194 break;
195 }
196
197 /*
198 * Route and interface still up?
199 */
200 rt = ipf->ipf_ro.ro_rt;
201 if ((rt->rt_flags & RTF_UP) == 0 ||
202 (rt->rt_ifp->if_flags & IFF_UP) == 0)
203 return 0;
204
205 /*
206 * Packet size OK? TTL?
207 */
208 if (m->m_pkthdr.len > rt->rt_ifp->if_mtu || ip->ip_ttl <= IPTTLDEC)
209 return 0;
210
211 /*
212 * Clear any in-bound checksum flags for this packet.
213 */
214 m->m_pkthdr.csum_flags = 0;
215
216 /*
217 * Everything checks out and so we can forward this packet.
218 * Modify the TTL and incrementally change the checksum.
219 *
220 * This method of adding the checksum works on either endian CPU.
221 * If htons() is inlined, all the arithmetic is folded; otherwise
222 * the htons()s are combined by CSE due to the __const__ attribute.
223 *
224 * Don't bother using HW checksumming here -- the incremental
225 * update is pretty fast.
226 */
227 ip->ip_ttl -= IPTTLDEC;
228 if (ip->ip_sum >= (u_int16_t) ~htons(IPTTLDEC << 8))
229 ip->ip_sum -= ~htons(IPTTLDEC << 8);
230 else
231 ip->ip_sum += htons(IPTTLDEC << 8);
232
233 /*
234 * Done modifying the header; copy it back, if necessary.
235 */
236 if (IP_HDR_ALIGNED_P(mtod(m, caddr_t)) == 0)
237 memcpy(mtod(m, caddr_t), &ip_store, sizeof(ip_store));
238
239 /*
240 * Trim the packet in case it's too long..
241 */
242 if (m->m_pkthdr.len > iplen) {
243 if (m->m_len == m->m_pkthdr.len) {
244 m->m_len = iplen;
245 m->m_pkthdr.len = iplen;
246 } else
247 m_adj(m, iplen - m->m_pkthdr.len);
248 }
249
250 /*
251 * Send the packet on it's way. All we can get back is ENOBUFS
252 */
253 ipf->ipf_uses++;
254 PRT_SLOW_ARM(ipf->ipf_timer, IPFLOW_TIMER);
255
256 if (rt->rt_flags & RTF_GATEWAY)
257 dst = rt->rt_gateway;
258 else
259 dst = &ipf->ipf_ro.ro_dst;
260
261 if ((error = (*rt->rt_ifp->if_output)(rt->rt_ifp, m, dst, rt)) != 0) {
262 if (error == ENOBUFS)
263 ipf->ipf_dropped++;
264 else
265 ipf->ipf_errors++;
266 }
267 return 1;
268 }
269
270 static void
271 ipflow_addstats(struct ipflow *ipf)
272 {
273 ipf->ipf_ro.ro_rt->rt_use += ipf->ipf_uses;
274 ipstat.ips_cantforward += ipf->ipf_errors + ipf->ipf_dropped;
275 ipstat.ips_forward += ipf->ipf_uses;
276 ipstat.ips_fastforward += ipf->ipf_uses;
277 }
278
279 static void
280 ipflow_free(struct ipflow *ipf)
281 {
282 int s;
283 /*
284 * Remove the flow from the hash table (at elevated IPL).
285 * Once it's off the list, we can deal with it at normal
286 * network IPL.
287 */
288 s = splnet();
289 IPFLOW_REMOVE(ipf);
290 splx(s);
291 ipflow_addstats(ipf);
292 RTFREE(ipf->ipf_ro.ro_rt);
293 ipflow_inuse--;
294 pool_put(&ipflow_pool, ipf);
295 }
296
297 struct ipflow *
298 ipflow_reap(int just_one)
299 {
300 while (just_one || ipflow_inuse > ip_maxflows) {
301 struct ipflow *ipf, *maybe_ipf = NULL;
302 int s;
303
304 ipf = LIST_FIRST(&ipflowlist);
305 while (ipf != NULL) {
306 /*
307 * If this no longer points to a valid route
308 * reclaim it.
309 */
310 if ((ipf->ipf_ro.ro_rt->rt_flags & RTF_UP) == 0)
311 goto done;
312 /*
313 * choose the one that's been least recently
314 * used or has had the least uses in the
315 * last 1.5 intervals.
316 */
317 if (maybe_ipf == NULL ||
318 ipf->ipf_timer < maybe_ipf->ipf_timer ||
319 (ipf->ipf_timer == maybe_ipf->ipf_timer &&
320 ipf->ipf_last_uses + ipf->ipf_uses <
321 maybe_ipf->ipf_last_uses +
322 maybe_ipf->ipf_uses))
323 maybe_ipf = ipf;
324 ipf = LIST_NEXT(ipf, ipf_list);
325 }
326 ipf = maybe_ipf;
327 done:
328 /*
329 * Remove the entry from the flow table.
330 */
331 s = splnet();
332 IPFLOW_REMOVE(ipf);
333 splx(s);
334 ipflow_addstats(ipf);
335 RTFREE(ipf->ipf_ro.ro_rt);
336 if (just_one)
337 return ipf;
338 pool_put(&ipflow_pool, ipf);
339 ipflow_inuse--;
340 }
341 return NULL;
342 }
343
344 void
345 ipflow_slowtimo(void)
346 {
347 struct ipflow *ipf, *next_ipf;
348
349 ipf = LIST_FIRST(&ipflowlist);
350 while (ipf != NULL) {
351 next_ipf = LIST_NEXT(ipf, ipf_list);
352 if (PRT_SLOW_ISEXPIRED(ipf->ipf_timer)) {
353 ipflow_free(ipf);
354 } else {
355 ipf->ipf_last_uses = ipf->ipf_uses;
356 ipf->ipf_ro.ro_rt->rt_use += ipf->ipf_uses;
357 ipstat.ips_forward += ipf->ipf_uses;
358 ipstat.ips_fastforward += ipf->ipf_uses;
359 ipf->ipf_uses = 0;
360 }
361 ipf = next_ipf;
362 }
363 }
364
365 void
366 ipflow_create(const struct route *ro, struct mbuf *m)
367 {
368 const struct ip *const ip = mtod(m, struct ip *);
369 struct ipflow *ipf;
370 unsigned hash;
371 int s;
372
373 /*
374 * Don't create cache entries for ICMP messages.
375 */
376 if (ip_maxflows == 0 || ip->ip_p == IPPROTO_ICMP)
377 return;
378 /*
379 * See if an existing flow struct exists. If so remove it from it's
380 * list and free the old route. If not, try to malloc a new one
381 * (if we aren't at our limit).
382 */
383 ipf = ipflow_lookup(ip);
384 if (ipf == NULL) {
385 if (ipflow_inuse >= ip_maxflows) {
386 ipf = ipflow_reap(1);
387 } else {
388 ipf = pool_get(&ipflow_pool, PR_NOWAIT);
389 if (ipf == NULL)
390 return;
391 ipflow_inuse++;
392 }
393 bzero((caddr_t) ipf, sizeof(*ipf));
394 } else {
395 s = splnet();
396 IPFLOW_REMOVE(ipf);
397 splx(s);
398 ipflow_addstats(ipf);
399 RTFREE(ipf->ipf_ro.ro_rt);
400 ipf->ipf_uses = ipf->ipf_last_uses = 0;
401 ipf->ipf_errors = ipf->ipf_dropped = 0;
402 }
403
404 /*
405 * Fill in the updated information.
406 */
407 ipf->ipf_ro = *ro;
408 ro->ro_rt->rt_refcnt++;
409 ipf->ipf_dst = ip->ip_dst;
410 ipf->ipf_src = ip->ip_src;
411 ipf->ipf_tos = ip->ip_tos;
412 PRT_SLOW_ARM(ipf->ipf_timer, IPFLOW_TIMER);
413 ipf->ipf_start = time.tv_sec;
414 /*
415 * Insert into the approriate bucket of the flow table.
416 */
417 hash = ipflow_hash(ip->ip_dst, ip->ip_src, ip->ip_tos);
418 s = splnet();
419 IPFLOW_INSERT(&ipflowtable[hash], ipf);
420 splx(s);
421 }
422
423 void
424 ipflow_invalidate_all(void)
425 {
426 struct ipflow *ipf, *next_ipf;
427 int s;
428
429 s = splnet();
430 ipf = LIST_FIRST(&ipflowlist);
431 for (ipf = LIST_FIRST(&ipflowlist); ipf != NULL; ipf = next_ipf) {
432 next_ipf = LIST_NEXT(ipf, ipf_list);
433 ipflow_free(ipf);
434 }
435 splx(s);
436 }
Cache object: 21885983b703a683fcdb70b8c8a072d5
|