FreeBSD/Linux Kernel Cross Reference
sys/netinet/ip_flow.c
1 /* $NetBSD: ip_flow.c,v 1.36 2006/10/06 03:20:47 mrg Exp $ */
2
3 /*-
4 * Copyright (c) 1998 The NetBSD Foundation, Inc.
5 * All rights reserved.
6 *
7 * This code is derived from software contributed to The NetBSD Foundation
8 * by the 3am Software Foundry ("3am"). It was developed by Matt Thomas.
9 *
10 * Redistribution and use in source and binary forms, with or without
11 * modification, are permitted provided that the following conditions
12 * are met:
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in the
17 * documentation and/or other materials provided with the distribution.
18 * 3. All advertising materials mentioning features or use of this software
19 * must display the following acknowledgement:
20 * This product includes software developed by the NetBSD
21 * Foundation, Inc. and its contributors.
22 * 4. Neither the name of The NetBSD Foundation nor the names of its
23 * contributors may be used to endorse or promote products derived
24 * from this software without specific prior written permission.
25 *
26 * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
27 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
28 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
29 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
30 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
31 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
32 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
33 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
34 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
35 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
36 * POSSIBILITY OF SUCH DAMAGE.
37 */
38
39 #include <sys/cdefs.h>
40 __KERNEL_RCSID(0, "$NetBSD: ip_flow.c,v 1.36 2006/10/06 03:20:47 mrg Exp $");
41
42 #include <sys/param.h>
43 #include <sys/systm.h>
44 #include <sys/malloc.h>
45 #include <sys/mbuf.h>
46 #include <sys/domain.h>
47 #include <sys/protosw.h>
48 #include <sys/socket.h>
49 #include <sys/socketvar.h>
50 #include <sys/errno.h>
51 #include <sys/time.h>
52 #include <sys/kernel.h>
53 #include <sys/pool.h>
54 #include <sys/sysctl.h>
55
56 #include <net/if.h>
57 #include <net/if_dl.h>
58 #include <net/route.h>
59 #include <net/pfil.h>
60
61 #include <netinet/in.h>
62 #include <netinet/in_systm.h>
63 #include <netinet/ip.h>
64 #include <netinet/in_pcb.h>
65 #include <netinet/in_var.h>
66 #include <netinet/ip_var.h>
67
68 POOL_INIT(ipflow_pool, sizeof(struct ipflow), 0, 0, 0, "ipflowpl", NULL);
69
70 LIST_HEAD(ipflowhead, ipflow);
71
72 #define IPFLOW_TIMER (5 * PR_SLOWHZ)
73 #define IPFLOW_HASHSIZE (1 << IPFLOW_HASHBITS)
74
75 static struct ipflowhead ipflowtable[IPFLOW_HASHSIZE];
76 static struct ipflowhead ipflowlist;
77 static int ipflow_inuse;
78
79 #define IPFLOW_INSERT(bucket, ipf) \
80 do { \
81 LIST_INSERT_HEAD((bucket), (ipf), ipf_hash); \
82 LIST_INSERT_HEAD(&ipflowlist, (ipf), ipf_list); \
83 } while (/*CONSTCOND*/ 0)
84
85 #define IPFLOW_REMOVE(ipf) \
86 do { \
87 LIST_REMOVE((ipf), ipf_hash); \
88 LIST_REMOVE((ipf), ipf_list); \
89 } while (/*CONSTCOND*/ 0)
90
91 #ifndef IPFLOW_MAX
92 #define IPFLOW_MAX 256
93 #endif
94 int ip_maxflows = IPFLOW_MAX;
95
96 static unsigned
97 ipflow_hash(struct in_addr dst, struct in_addr src, unsigned tos)
98 {
99 unsigned hash = tos;
100 int idx;
101 for (idx = 0; idx < 32; idx += IPFLOW_HASHBITS)
102 hash += (dst.s_addr >> (32 - idx)) + (src.s_addr >> idx);
103 return hash & (IPFLOW_HASHSIZE-1);
104 }
105
106 static struct ipflow *
107 ipflow_lookup(const struct ip *ip)
108 {
109 unsigned hash;
110 struct ipflow *ipf;
111
112 hash = ipflow_hash(ip->ip_dst, ip->ip_src, ip->ip_tos);
113
114 LIST_FOREACH(ipf, &ipflowtable[hash], ipf_hash) {
115 if (ip->ip_dst.s_addr == ipf->ipf_dst.s_addr
116 && ip->ip_src.s_addr == ipf->ipf_src.s_addr
117 && ip->ip_tos == ipf->ipf_tos)
118 break;
119 }
120 return ipf;
121 }
122
123 void
124 ipflow_init(void)
125 {
126 int i;
127
128 LIST_INIT(&ipflowlist);
129 for (i = 0; i < IPFLOW_HASHSIZE; i++)
130 LIST_INIT(&ipflowtable[i]);
131 }
132
133 int
134 ipflow_fastforward(struct mbuf *m)
135 {
136 struct ip *ip, ip_store;
137 struct ipflow *ipf;
138 struct rtentry *rt;
139 struct sockaddr *dst;
140 int error;
141 int iplen;
142
143 /*
144 * Are we forwarding packets? Big enough for an IP packet?
145 */
146 if (!ipforwarding || ipflow_inuse == 0 || m->m_len < sizeof(struct ip))
147 return 0;
148
149 /*
150 * Was packet received as a link-level multicast or broadcast?
151 * If so, don't try to fast forward..
152 */
153 if ((m->m_flags & (M_BCAST|M_MCAST)) != 0)
154 return 0;
155
156 /*
157 * IP header with no option and valid version and length
158 */
159 if (IP_HDR_ALIGNED_P(mtod(m, caddr_t)))
160 ip = mtod(m, struct ip *);
161 else {
162 memcpy(&ip_store, mtod(m, caddr_t), sizeof(ip_store));
163 ip = &ip_store;
164 }
165 iplen = ntohs(ip->ip_len);
166 if (ip->ip_v != IPVERSION || ip->ip_hl != (sizeof(struct ip) >> 2) ||
167 iplen < sizeof(struct ip) || iplen > m->m_pkthdr.len)
168 return 0;
169 /*
170 * Find a flow.
171 */
172 if ((ipf = ipflow_lookup(ip)) == NULL)
173 return 0;
174
175 /*
176 * Verify the IP header checksum.
177 */
178 switch (m->m_pkthdr.csum_flags &
179 ((m->m_pkthdr.rcvif->if_csum_flags_rx & M_CSUM_IPv4) |
180 M_CSUM_IPv4_BAD)) {
181 case M_CSUM_IPv4|M_CSUM_IPv4_BAD:
182 return (0);
183
184 case M_CSUM_IPv4:
185 /* Checksum was okay. */
186 break;
187
188 default:
189 /* Must compute it ourselves. */
190 if (in_cksum(m, sizeof(struct ip)) != 0)
191 return (0);
192 break;
193 }
194
195 /*
196 * Route and interface still up?
197 */
198 rt = ipf->ipf_ro.ro_rt;
199 if ((rt->rt_flags & RTF_UP) == 0 ||
200 (rt->rt_ifp->if_flags & IFF_UP) == 0)
201 return 0;
202
203 /*
204 * Packet size OK? TTL?
205 */
206 if (m->m_pkthdr.len > rt->rt_ifp->if_mtu || ip->ip_ttl <= IPTTLDEC)
207 return 0;
208
209 /*
210 * Clear any in-bound checksum flags for this packet.
211 */
212 m->m_pkthdr.csum_flags = 0;
213
214 /*
215 * Everything checks out and so we can forward this packet.
216 * Modify the TTL and incrementally change the checksum.
217 *
218 * This method of adding the checksum works on either endian CPU.
219 * If htons() is inlined, all the arithmetic is folded; otherwise
220 * the htons()s are combined by CSE due to the const attribute.
221 *
222 * Don't bother using HW checksumming here -- the incremental
223 * update is pretty fast.
224 */
225 ip->ip_ttl -= IPTTLDEC;
226 if (ip->ip_sum >= (u_int16_t) ~htons(IPTTLDEC << 8))
227 ip->ip_sum -= ~htons(IPTTLDEC << 8);
228 else
229 ip->ip_sum += htons(IPTTLDEC << 8);
230
231 /*
232 * Done modifying the header; copy it back, if necessary.
233 */
234 if (IP_HDR_ALIGNED_P(mtod(m, caddr_t)) == 0)
235 memcpy(mtod(m, caddr_t), &ip_store, sizeof(ip_store));
236
237 /*
238 * Trim the packet in case it's too long..
239 */
240 if (m->m_pkthdr.len > iplen) {
241 if (m->m_len == m->m_pkthdr.len) {
242 m->m_len = iplen;
243 m->m_pkthdr.len = iplen;
244 } else
245 m_adj(m, iplen - m->m_pkthdr.len);
246 }
247
248 /*
249 * Send the packet on it's way. All we can get back is ENOBUFS
250 */
251 ipf->ipf_uses++;
252 PRT_SLOW_ARM(ipf->ipf_timer, IPFLOW_TIMER);
253
254 if (rt->rt_flags & RTF_GATEWAY)
255 dst = rt->rt_gateway;
256 else
257 dst = &ipf->ipf_ro.ro_dst;
258
259 if ((error = (*rt->rt_ifp->if_output)(rt->rt_ifp, m, dst, rt)) != 0) {
260 if (error == ENOBUFS)
261 ipf->ipf_dropped++;
262 else
263 ipf->ipf_errors++;
264 }
265 return 1;
266 }
267
268 static void
269 ipflow_addstats(struct ipflow *ipf)
270 {
271 ipf->ipf_ro.ro_rt->rt_use += ipf->ipf_uses;
272 ipstat.ips_cantforward += ipf->ipf_errors + ipf->ipf_dropped;
273 ipstat.ips_total += ipf->ipf_uses;
274 ipstat.ips_forward += ipf->ipf_uses;
275 ipstat.ips_fastforward += ipf->ipf_uses;
276 }
277
278 static void
279 ipflow_free(struct ipflow *ipf)
280 {
281 int s;
282 /*
283 * Remove the flow from the hash table (at elevated IPL).
284 * Once it's off the list, we can deal with it at normal
285 * network IPL.
286 */
287 s = splnet();
288 IPFLOW_REMOVE(ipf);
289 splx(s);
290 ipflow_addstats(ipf);
291 RTFREE(ipf->ipf_ro.ro_rt);
292 ipflow_inuse--;
293 s = splnet();
294 pool_put(&ipflow_pool, ipf);
295 splx(s);
296 }
297
298 struct ipflow *
299 ipflow_reap(int just_one)
300 {
301 while (just_one || ipflow_inuse > ip_maxflows) {
302 struct ipflow *ipf, *maybe_ipf = NULL;
303 int s;
304
305 ipf = LIST_FIRST(&ipflowlist);
306 while (ipf != NULL) {
307 /*
308 * If this no longer points to a valid route
309 * reclaim it.
310 */
311 if ((ipf->ipf_ro.ro_rt->rt_flags & RTF_UP) == 0)
312 goto done;
313 /*
314 * choose the one that's been least recently
315 * used or has had the least uses in the
316 * last 1.5 intervals.
317 */
318 if (maybe_ipf == NULL ||
319 ipf->ipf_timer < maybe_ipf->ipf_timer ||
320 (ipf->ipf_timer == maybe_ipf->ipf_timer &&
321 ipf->ipf_last_uses + ipf->ipf_uses <
322 maybe_ipf->ipf_last_uses +
323 maybe_ipf->ipf_uses))
324 maybe_ipf = ipf;
325 ipf = LIST_NEXT(ipf, ipf_list);
326 }
327 ipf = maybe_ipf;
328 done:
329 /*
330 * Remove the entry from the flow table.
331 */
332 s = splnet();
333 IPFLOW_REMOVE(ipf);
334 splx(s);
335 ipflow_addstats(ipf);
336 RTFREE(ipf->ipf_ro.ro_rt);
337 if (just_one)
338 return ipf;
339 pool_put(&ipflow_pool, ipf);
340 ipflow_inuse--;
341 }
342 return NULL;
343 }
344
345 void
346 ipflow_slowtimo(void)
347 {
348 struct ipflow *ipf, *next_ipf;
349
350 for (ipf = LIST_FIRST(&ipflowlist); ipf != NULL; ipf = next_ipf) {
351 next_ipf = LIST_NEXT(ipf, ipf_list);
352 if (PRT_SLOW_ISEXPIRED(ipf->ipf_timer)) {
353 ipflow_free(ipf);
354 } else {
355 ipf->ipf_last_uses = ipf->ipf_uses;
356 ipf->ipf_ro.ro_rt->rt_use += ipf->ipf_uses;
357 ipstat.ips_total += ipf->ipf_uses;
358 ipstat.ips_forward += ipf->ipf_uses;
359 ipstat.ips_fastforward += ipf->ipf_uses;
360 ipf->ipf_uses = 0;
361 }
362 }
363 }
364
365 void
366 ipflow_create(const struct route *ro, struct mbuf *m)
367 {
368 const struct ip *const ip = mtod(m, struct ip *);
369 struct ipflow *ipf;
370 unsigned hash;
371 int s;
372
373 /*
374 * Don't create cache entries for ICMP messages.
375 */
376 if (ip_maxflows == 0 || ip->ip_p == IPPROTO_ICMP)
377 return;
378 /*
379 * See if an existing flow struct exists. If so remove it from it's
380 * list and free the old route. If not, try to malloc a new one
381 * (if we aren't at our limit).
382 */
383 ipf = ipflow_lookup(ip);
384 if (ipf == NULL) {
385 if (ipflow_inuse >= ip_maxflows) {
386 ipf = ipflow_reap(1);
387 } else {
388 s = splnet();
389 ipf = pool_get(&ipflow_pool, PR_NOWAIT);
390 splx(s);
391 if (ipf == NULL)
392 return;
393 ipflow_inuse++;
394 }
395 bzero((caddr_t) ipf, sizeof(*ipf));
396 } else {
397 s = splnet();
398 IPFLOW_REMOVE(ipf);
399 splx(s);
400 ipflow_addstats(ipf);
401 RTFREE(ipf->ipf_ro.ro_rt);
402 ipf->ipf_uses = ipf->ipf_last_uses = 0;
403 ipf->ipf_errors = ipf->ipf_dropped = 0;
404 }
405
406 /*
407 * Fill in the updated information.
408 */
409 ipf->ipf_ro = *ro;
410 ro->ro_rt->rt_refcnt++;
411 ipf->ipf_dst = ip->ip_dst;
412 ipf->ipf_src = ip->ip_src;
413 ipf->ipf_tos = ip->ip_tos;
414 PRT_SLOW_ARM(ipf->ipf_timer, IPFLOW_TIMER);
415 ipf->ipf_start = time_uptime;
416 /*
417 * Insert into the approriate bucket of the flow table.
418 */
419 hash = ipflow_hash(ip->ip_dst, ip->ip_src, ip->ip_tos);
420 s = splnet();
421 IPFLOW_INSERT(&ipflowtable[hash], ipf);
422 splx(s);
423 }
424
425 void
426 ipflow_invalidate_all(void)
427 {
428 struct ipflow *ipf, *next_ipf;
429 int s;
430
431 s = splnet();
432 for (ipf = LIST_FIRST(&ipflowlist); ipf != NULL; ipf = next_ipf) {
433 next_ipf = LIST_NEXT(ipf, ipf_list);
434 ipflow_free(ipf);
435 }
436 splx(s);
437 }
Cache object: 2a86633d5f15ffad5efad51779008fdf
|