1 /*-
2 * Copyright (c) 2002, 2003 Sam Leffler, Errno Consulting
3 * All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in the
12 * documentation and/or other materials provided with the distribution.
13 *
14 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
15 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
16 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
17 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
18 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
19 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
20 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
21 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
22 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
23 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
24 * SUCH DAMAGE.
25 *
26 * $FreeBSD: releng/5.2/sys/netipsec/ipsec_mbuf.c 120585 2003-09-29 22:57:43Z sam $
27 */
28
29 /*
30 * IPsec-specific mbuf routines.
31 */
32
33 #include "opt_param.h"
34
35 #include <sys/param.h>
36 #include <sys/systm.h>
37 #include <sys/mbuf.h>
38 #include <sys/socket.h>
39
40 #include <net/route.h>
41 #include <netinet/in.h>
42
43 #include <netipsec/ipsec.h>
44
45 extern struct mbuf *m_getptr(struct mbuf *, int, int *);
46
47 /*
48 * Create a writable copy of the mbuf chain. While doing this
49 * we compact the chain with a goal of producing a chain with
50 * at most two mbufs. The second mbuf in this chain is likely
51 * to be a cluster. The primary purpose of this work is to create
52 * a writable packet for encryption, compression, etc. The
53 * secondary goal is to linearize the data so the data can be
54 * passed to crypto hardware in the most efficient manner possible.
55 */
56 struct mbuf *
57 m_clone(struct mbuf *m0)
58 {
59 struct mbuf *m, *mprev;
60 struct mbuf *n, *mfirst, *mlast;
61 int len, off;
62
63 IPSEC_ASSERT(m0 != NULL, ("null mbuf"));
64
65 mprev = NULL;
66 for (m = m0; m != NULL; m = mprev->m_next) {
67 /*
68 * Regular mbufs are ignored unless there's a cluster
69 * in front of it that we can use to coalesce. We do
70 * the latter mainly so later clusters can be coalesced
71 * also w/o having to handle them specially (i.e. convert
72 * mbuf+cluster -> cluster). This optimization is heavily
73 * influenced by the assumption that we're running over
74 * Ethernet where MCLBYTES is large enough that the max
75 * packet size will permit lots of coalescing into a
76 * single cluster. This in turn permits efficient
77 * crypto operations, especially when using hardware.
78 */
79 if ((m->m_flags & M_EXT) == 0) {
80 if (mprev && (mprev->m_flags & M_EXT) &&
81 m->m_len <= M_TRAILINGSPACE(mprev)) {
82 /* XXX: this ignores mbuf types */
83 memcpy(mtod(mprev, caddr_t) + mprev->m_len,
84 mtod(m, caddr_t), m->m_len);
85 mprev->m_len += m->m_len;
86 mprev->m_next = m->m_next; /* unlink from chain */
87 m_free(m); /* reclaim mbuf */
88 newipsecstat.ips_mbcoalesced++;
89 } else {
90 mprev = m;
91 }
92 continue;
93 }
94 /*
95 * Writable mbufs are left alone (for now).
96 */
97 if (!MEXT_IS_REF(m)) {
98 mprev = m;
99 continue;
100 }
101
102 /*
103 * Not writable, replace with a copy or coalesce with
104 * the previous mbuf if possible (since we have to copy
105 * it anyway, we try to reduce the number of mbufs and
106 * clusters so that future work is easier).
107 */
108 IPSEC_ASSERT(m->m_flags & M_EXT, ("m_flags 0x%x", m->m_flags));
109 /* NB: we only coalesce into a cluster or larger */
110 if (mprev != NULL && (mprev->m_flags & M_EXT) &&
111 m->m_len <= M_TRAILINGSPACE(mprev)) {
112 /* XXX: this ignores mbuf types */
113 memcpy(mtod(mprev, caddr_t) + mprev->m_len,
114 mtod(m, caddr_t), m->m_len);
115 mprev->m_len += m->m_len;
116 mprev->m_next = m->m_next; /* unlink from chain */
117 m_free(m); /* reclaim mbuf */
118 newipsecstat.ips_clcoalesced++;
119 continue;
120 }
121
122 /*
123 * Allocate new space to hold the copy...
124 */
125 /* XXX why can M_PKTHDR be set past the first mbuf? */
126 if (mprev == NULL && (m->m_flags & M_PKTHDR)) {
127 /*
128 * NB: if a packet header is present we must
129 * allocate the mbuf separately from any cluster
130 * because M_MOVE_PKTHDR will smash the data
131 * pointer and drop the M_EXT marker.
132 */
133 MGETHDR(n, M_DONTWAIT, m->m_type);
134 if (n == NULL) {
135 m_freem(m0);
136 return (NULL);
137 }
138 M_MOVE_PKTHDR(n, m);
139 MCLGET(n, M_DONTWAIT);
140 if ((n->m_flags & M_EXT) == 0) {
141 m_free(n);
142 m_freem(m0);
143 return (NULL);
144 }
145 } else {
146 n = m_getcl(M_DONTWAIT, m->m_type, m->m_flags);
147 if (n == NULL) {
148 m_freem(m0);
149 return (NULL);
150 }
151 }
152 /*
153 * ... and copy the data. We deal with jumbo mbufs
154 * (i.e. m_len > MCLBYTES) by splitting them into
155 * clusters. We could just malloc a buffer and make
156 * it external but too many device drivers don't know
157 * how to break up the non-contiguous memory when
158 * doing DMA.
159 */
160 len = m->m_len;
161 off = 0;
162 mfirst = n;
163 mlast = NULL;
164 for (;;) {
165 int cc = min(len, MCLBYTES);
166 memcpy(mtod(n, caddr_t), mtod(m, caddr_t) + off, cc);
167 n->m_len = cc;
168 if (mlast != NULL)
169 mlast->m_next = n;
170 mlast = n;
171 newipsecstat.ips_clcopied++;
172
173 len -= cc;
174 if (len <= 0)
175 break;
176 off += cc;
177
178 n = m_getcl(M_DONTWAIT, m->m_type, m->m_flags);
179 if (n == NULL) {
180 m_freem(mfirst);
181 m_freem(m0);
182 return (NULL);
183 }
184 }
185 n->m_next = m->m_next;
186 if (mprev == NULL)
187 m0 = mfirst; /* new head of chain */
188 else
189 mprev->m_next = mfirst; /* replace old mbuf */
190 m_free(m); /* release old mbuf */
191 mprev = mfirst;
192 }
193 return (m0);
194 }
195
196 /*
197 * Make space for a new header of length hlen at skip bytes
198 * into the packet. When doing this we allocate new mbufs only
199 * when absolutely necessary. The mbuf where the new header
200 * is to go is returned together with an offset into the mbuf.
201 * If NULL is returned then the mbuf chain may have been modified;
202 * the caller is assumed to always free the chain.
203 */
204 struct mbuf *
205 m_makespace(struct mbuf *m0, int skip, int hlen, int *off)
206 {
207 struct mbuf *m;
208 unsigned remain;
209
210 IPSEC_ASSERT(m0 != NULL, ("null mbuf"));
211 IPSEC_ASSERT(hlen < MHLEN, ("hlen too big: %u", hlen));
212
213 for (m = m0; m && skip > m->m_len; m = m->m_next)
214 skip -= m->m_len;
215 if (m == NULL)
216 return (NULL);
217 /*
218 * At this point skip is the offset into the mbuf m
219 * where the new header should be placed. Figure out
220 * if there's space to insert the new header. If so,
221 * and copying the remainder makese sense then do so.
222 * Otherwise insert a new mbuf in the chain, splitting
223 * the contents of m as needed.
224 */
225 remain = m->m_len - skip; /* data to move */
226 if (hlen > M_TRAILINGSPACE(m)) {
227 struct mbuf *n;
228
229 /* XXX code doesn't handle clusters XXX */
230 IPSEC_ASSERT(remain < MLEN, ("remainder too big: %u", remain));
231 /*
232 * Not enough space in m, split the contents
233 * of m, inserting new mbufs as required.
234 *
235 * NB: this ignores mbuf types.
236 */
237 MGET(n, M_DONTWAIT, MT_DATA);
238 if (n == NULL)
239 return (NULL);
240 n->m_next = m->m_next; /* splice new mbuf */
241 m->m_next = n;
242 newipsecstat.ips_mbinserted++;
243 if (hlen <= M_TRAILINGSPACE(m) + remain) {
244 /*
245 * New header fits in the old mbuf if we copy
246 * the remainder; just do the copy to the new
247 * mbuf and we're good to go.
248 */
249 memcpy(mtod(n, caddr_t),
250 mtod(m, caddr_t) + skip, remain);
251 n->m_len = remain;
252 m->m_len = skip + hlen;
253 *off = skip;
254 } else {
255 /*
256 * No space in the old mbuf for the new header.
257 * Make space in the new mbuf and check the
258 * remainder'd data fits too. If not then we
259 * must allocate an additional mbuf (yech).
260 */
261 n->m_len = 0;
262 if (remain + hlen > M_TRAILINGSPACE(n)) {
263 struct mbuf *n2;
264
265 MGET(n2, M_DONTWAIT, MT_DATA);
266 /* NB: new mbuf is on chain, let caller free */
267 if (n2 == NULL)
268 return (NULL);
269 n2->m_len = 0;
270 memcpy(mtod(n2, caddr_t),
271 mtod(m, caddr_t) + skip, remain);
272 n2->m_len = remain;
273 /* splice in second mbuf */
274 n2->m_next = n->m_next;
275 n->m_next = n2;
276 newipsecstat.ips_mbinserted++;
277 } else {
278 memcpy(mtod(n, caddr_t) + hlen,
279 mtod(m, caddr_t) + skip, remain);
280 n->m_len += remain;
281 }
282 m->m_len -= remain;
283 n->m_len += hlen;
284 m = n; /* header is at front ... */
285 *off = 0; /* ... of new mbuf */
286 }
287 } else {
288 /*
289 * Copy the remainder to the back of the mbuf
290 * so there's space to write the new header.
291 */
292 bcopy(mtod(m, caddr_t) + skip,
293 mtod(m, caddr_t) + skip + hlen, remain);
294 m->m_len += hlen;
295 *off = skip;
296 }
297 m0->m_pkthdr.len += hlen; /* adjust packet length */
298 return m;
299 }
300
301 /*
302 * m_pad(m, n) pads <m> with <n> bytes at the end. The packet header
303 * length is updated, and a pointer to the first byte of the padding
304 * (which is guaranteed to be all in one mbuf) is returned.
305 */
306 caddr_t
307 m_pad(struct mbuf *m, int n)
308 {
309 register struct mbuf *m0, *m1;
310 register int len, pad;
311 caddr_t retval;
312
313 if (n <= 0) { /* No stupid arguments. */
314 DPRINTF(("%s: pad length invalid (%d)\n", __func__, n));
315 m_freem(m);
316 return NULL;
317 }
318
319 len = m->m_pkthdr.len;
320 pad = n;
321 m0 = m;
322
323 while (m0->m_len < len) {
324 len -= m0->m_len;
325 m0 = m0->m_next;
326 }
327
328 if (m0->m_len != len) {
329 DPRINTF(("%s: length mismatch (should be %d instead of %d)\n",
330 __func__, m->m_pkthdr.len,
331 m->m_pkthdr.len + m0->m_len - len));
332
333 m_freem(m);
334 return NULL;
335 }
336
337 /* Check for zero-length trailing mbufs, and find the last one. */
338 for (m1 = m0; m1->m_next; m1 = m1->m_next) {
339 if (m1->m_next->m_len != 0) {
340 DPRINTF(("%s: length mismatch (should be %d instead "
341 "of %d)\n", __func__,
342 m->m_pkthdr.len,
343 m->m_pkthdr.len + m1->m_next->m_len));
344
345 m_freem(m);
346 return NULL;
347 }
348
349 m0 = m1->m_next;
350 }
351
352 if (pad > M_TRAILINGSPACE(m0)) {
353 /* Add an mbuf to the chain. */
354 MGET(m1, M_DONTWAIT, MT_DATA);
355 if (m1 == 0) {
356 m_freem(m0);
357 DPRINTF(("%s: unable to get extra mbuf\n", __func__));
358 return NULL;
359 }
360
361 m0->m_next = m1;
362 m0 = m1;
363 m0->m_len = 0;
364 }
365
366 retval = m0->m_data + m0->m_len;
367 m0->m_len += pad;
368 m->m_pkthdr.len += pad;
369
370 return retval;
371 }
372
373 /*
374 * Remove hlen data at offset skip in the packet. This is used by
375 * the protocols strip protocol headers and associated data (e.g. IV,
376 * authenticator) on input.
377 */
378 int
379 m_striphdr(struct mbuf *m, int skip, int hlen)
380 {
381 struct mbuf *m1;
382 int roff;
383
384 /* Find beginning of header */
385 m1 = m_getptr(m, skip, &roff);
386 if (m1 == NULL)
387 return (EINVAL);
388
389 /* Remove the header and associated data from the mbuf. */
390 if (roff == 0) {
391 /* The header was at the beginning of the mbuf */
392 newipsecstat.ips_input_front++;
393 m_adj(m1, hlen);
394 if ((m1->m_flags & M_PKTHDR) == 0)
395 m->m_pkthdr.len -= hlen;
396 } else if (roff + hlen >= m1->m_len) {
397 struct mbuf *mo;
398
399 /*
400 * Part or all of the header is at the end of this mbuf,
401 * so first let's remove the remainder of the header from
402 * the beginning of the remainder of the mbuf chain, if any.
403 */
404 newipsecstat.ips_input_end++;
405 if (roff + hlen > m1->m_len) {
406 /* Adjust the next mbuf by the remainder */
407 m_adj(m1->m_next, roff + hlen - m1->m_len);
408
409 /* The second mbuf is guaranteed not to have a pkthdr... */
410 m->m_pkthdr.len -= (roff + hlen - m1->m_len);
411 }
412
413 /* Now, let's unlink the mbuf chain for a second...*/
414 mo = m1->m_next;
415 m1->m_next = NULL;
416
417 /* ...and trim the end of the first part of the chain...sick */
418 m_adj(m1, -(m1->m_len - roff));
419 if ((m1->m_flags & M_PKTHDR) == 0)
420 m->m_pkthdr.len -= (m1->m_len - roff);
421
422 /* Finally, let's relink */
423 m1->m_next = mo;
424 } else {
425 /*
426 * The header lies in the "middle" of the mbuf; copy
427 * the remainder of the mbuf down over the header.
428 */
429 newipsecstat.ips_input_middle++;
430 bcopy(mtod(m1, u_char *) + roff + hlen,
431 mtod(m1, u_char *) + roff,
432 m1->m_len - (roff + hlen));
433 m1->m_len -= hlen;
434 m->m_pkthdr.len -= hlen;
435 }
436 return (0);
437 }
438
439 /*
440 * Diagnostic routine to check mbuf alignment as required by the
441 * crypto device drivers (that use DMA).
442 */
443 void
444 m_checkalignment(const char* where, struct mbuf *m0, int off, int len)
445 {
446 int roff;
447 struct mbuf *m = m_getptr(m0, off, &roff);
448 caddr_t addr;
449
450 if (m == NULL)
451 return;
452 printf("%s (off %u len %u): ", where, off, len);
453 addr = mtod(m, caddr_t) + roff;
454 do {
455 int mlen;
456
457 if (((uintptr_t) addr) & 3) {
458 printf("addr misaligned %p,", addr);
459 break;
460 }
461 mlen = m->m_len;
462 if (mlen > len)
463 mlen = len;
464 len -= mlen;
465 if (len && (mlen & 3)) {
466 printf("len mismatch %u,", mlen);
467 break;
468 }
469 m = m->m_next;
470 addr = m ? mtod(m, caddr_t) : NULL;
471 } while (m && len > 0);
472 for (m = m0; m; m = m->m_next)
473 printf(" [%p:%u]", mtod(m, caddr_t), m->m_len);
474 printf("\n");
475 }
Cache object: c98d2c60dd42cbcfe0c181801723dea9
|