1 /* $NetBSD: ipsec_mbuf.c,v 1.7.24.1 2008/02/04 20:50:46 riz Exp $ */
2 /*-
3 * Copyright (c) 2002, 2003 Sam Leffler, Errno Consulting
4 * All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 * 2. Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in the
13 * documentation and/or other materials provided with the distribution.
14 *
15 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
16 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
17 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
18 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
19 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
20 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
21 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
22 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
23 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
24 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
25 * SUCH DAMAGE.
26 *
27 * $FreeBSD: /repoman/r/ncvs/src/sys/netipsec/ipsec_mbuf.c,v 1.5.2.2 2003/03/28 20:32:53 sam Exp $
28 */
29
30 #include <sys/cdefs.h>
31 __KERNEL_RCSID(0, "$NetBSD: ipsec_mbuf.c,v 1.7.24.1 2008/02/04 20:50:46 riz Exp $");
32
33 /*
34 * IPsec-specific mbuf routines.
35 */
36
37 #ifdef __FreeBSD__
38 #include "opt_param.h"
39 #endif
40
41 #include <sys/param.h>
42 #include <sys/systm.h>
43 #include <sys/mbuf.h>
44 #include <sys/socket.h>
45
46 #include <net/route.h>
47 #include <netinet/in.h>
48
49 #include <netipsec/ipsec.h>
50 #include <netipsec/ipsec_var.h>
51
52 #include <netipsec/ipsec_osdep.h>
53 #include <net/net_osdep.h>
54
55 extern struct mbuf *m_getptr(struct mbuf *, int, int *);
56
57 /*
58 * Create a writable copy of the mbuf chain. While doing this
59 * we compact the chain with a goal of producing a chain with
60 * at most two mbufs. The second mbuf in this chain is likely
61 * to be a cluster. The primary purpose of this work is to create
62 * a writable packet for encryption, compression, etc. The
63 * secondary goal is to linearize the data so the data can be
64 * passed to crypto hardware in the most efficient manner possible.
65 */
66 struct mbuf *
67 m_clone(struct mbuf *m0)
68 {
69 struct mbuf *m, *mprev;
70 struct mbuf *n, *mfirst, *mlast;
71 int len, off;
72
73 IPSEC_ASSERT(m0 != NULL, ("m_clone: null mbuf"));
74
75 mprev = NULL;
76 for (m = m0; m != NULL; m = mprev->m_next) {
77 /*
78 * Regular mbufs are ignored unless there's a cluster
79 * in front of it that we can use to coalesce. We do
80 * the latter mainly so later clusters can be coalesced
81 * also w/o having to handle them specially (i.e. convert
82 * mbuf+cluster -> cluster). This optimization is heavily
83 * influenced by the assumption that we're running over
84 * Ethernet where MCLBYTES is large enough that the max
85 * packet size will permit lots of coalescing into a
86 * single cluster. This in turn permits efficient
87 * crypto operations, especially when using hardware.
88 */
89 if ((m->m_flags & M_EXT) == 0) {
90 if (mprev && (mprev->m_flags & M_EXT) &&
91 m->m_len <= M_TRAILINGSPACE(mprev)) {
92 /* XXX: this ignores mbuf types */
93 memcpy(mtod(mprev, caddr_t) + mprev->m_len,
94 mtod(m, caddr_t), m->m_len);
95 mprev->m_len += m->m_len;
96 mprev->m_next = m->m_next; /* unlink from chain */
97 m_free(m); /* reclaim mbuf */
98 newipsecstat.ips_mbcoalesced++;
99 } else {
100 mprev = m;
101 }
102 continue;
103 }
104 /*
105 * Writable mbufs are left alone (for now). Note
106 * that for 4.x systems it's not possible to identify
107 * whether or not mbufs with external buffers are
108 * writable unless they use clusters.
109 */
110 if (M_EXT_WRITABLE(m)) {
111 mprev = m;
112 continue;
113 }
114
115 /*
116 * Not writable, replace with a copy or coalesce with
117 * the previous mbuf if possible (since we have to copy
118 * it anyway, we try to reduce the number of mbufs and
119 * clusters so that future work is easier).
120 */
121 IPSEC_ASSERT(m->m_flags & M_EXT,
122 ("m_clone: m_flags 0x%x", m->m_flags));
123 /* NB: we only coalesce into a cluster or larger */
124 if (mprev != NULL && (mprev->m_flags & M_EXT) &&
125 m->m_len <= M_TRAILINGSPACE(mprev)) {
126 /* XXX: this ignores mbuf types */
127 memcpy(mtod(mprev, caddr_t) + mprev->m_len,
128 mtod(m, caddr_t), m->m_len);
129 mprev->m_len += m->m_len;
130 mprev->m_next = m->m_next; /* unlink from chain */
131 m_free(m); /* reclaim mbuf */
132 newipsecstat.ips_clcoalesced++;
133 continue;
134 }
135
136 /*
137 * Allocate new space to hold the copy...
138 */
139 /* XXX why can M_PKTHDR be set past the first mbuf? */
140 if (mprev == NULL && (m->m_flags & M_PKTHDR)) {
141 /*
142 * NB: if a packet header is present we must
143 * allocate the mbuf separately from any cluster
144 * because M_MOVE_PKTHDR will smash the data
145 * pointer and drop the M_EXT marker.
146 */
147 MGETHDR(n, M_DONTWAIT, m->m_type);
148 if (n == NULL) {
149 m_freem(m0);
150 return (NULL);
151 }
152 M_MOVE_PKTHDR(n, m);
153 MCLGET(n, M_DONTWAIT);
154 if ((n->m_flags & M_EXT) == 0) {
155 m_free(n);
156 m_freem(m0);
157 return (NULL);
158 }
159 } else {
160 n = m_getcl(M_DONTWAIT, m->m_type, m->m_flags);
161 if (n == NULL) {
162 m_freem(m0);
163 return (NULL);
164 }
165 }
166 /*
167 * ... and copy the data. We deal with jumbo mbufs
168 * (i.e. m_len > MCLBYTES) by splitting them into
169 * clusters. We could just malloc a buffer and make
170 * it external but too many device drivers don't know
171 * how to break up the non-contiguous memory when
172 * doing DMA.
173 */
174 len = m->m_len;
175 off = 0;
176 mfirst = n;
177 mlast = NULL;
178 for (;;) {
179 int cc = min(len, MCLBYTES);
180 memcpy(mtod(n, caddr_t), mtod(m, caddr_t) + off, cc);
181 n->m_len = cc;
182 if (mlast != NULL)
183 mlast->m_next = n;
184 mlast = n;
185 newipsecstat.ips_clcopied++;
186
187 len -= cc;
188 if (len <= 0)
189 break;
190 off += cc;
191
192 n = m_getcl(M_DONTWAIT, m->m_type, m->m_flags);
193 if (n == NULL) {
194 m_freem(mfirst);
195 m_freem(m0);
196 return (NULL);
197 }
198 }
199 n->m_next = m->m_next;
200 if (mprev == NULL)
201 m0 = mfirst; /* new head of chain */
202 else
203 mprev->m_next = mfirst; /* replace old mbuf */
204 m_free(m); /* release old mbuf */
205 mprev = mfirst;
206 }
207 return (m0);
208 }
209
210 /*
211 * Make space for a new header of length hlen at skip bytes
212 * into the packet. When doing this we allocate new mbufs only
213 * when absolutely necessary. The mbuf where the new header
214 * is to go is returned together with an offset into the mbuf.
215 * If NULL is returned then the mbuf chain may have been modified;
216 * the caller is assumed to always free the chain.
217 */
218 struct mbuf *
219 m_makespace(struct mbuf *m0, int skip, int hlen, int *off)
220 {
221 struct mbuf *m;
222 unsigned remain;
223
224 IPSEC_ASSERT(m0 != NULL, ("m_dmakespace: null mbuf"));
225 IPSEC_ASSERT(hlen < MHLEN, ("m_makespace: hlen too big: %u", hlen));
226
227 for (m = m0; m && skip > m->m_len; m = m->m_next)
228 skip -= m->m_len;
229 if (m == NULL)
230 return (NULL);
231 /*
232 * At this point skip is the offset into the mbuf m
233 * where the new header should be placed. Figure out
234 * if there's space to insert the new header. If so,
235 * and copying the remainder makese sense then do so.
236 * Otherwise insert a new mbuf in the chain, splitting
237 * the contents of m as needed.
238 */
239 remain = m->m_len - skip; /* data to move */
240 if (hlen > M_TRAILINGSPACE(m)) {
241 struct mbuf *n0, *n, **np;
242 int todo, len, done, alloc;
243
244 n0 = NULL;
245 np = &n0;
246 alloc = 0;
247 done = 0;
248 todo = remain;
249 while (todo > 0) {
250 if (todo > MHLEN) {
251 n = m_getcl(M_DONTWAIT, m->m_type, 0);
252 len = MCLBYTES;
253 }
254 else {
255 n = m_get(M_DONTWAIT, m->m_type);
256 len = MHLEN;
257 }
258 if (n == NULL) {
259 m_freem(n0);
260 return NULL;
261 }
262 *np = n;
263 np = &n->m_next;
264 alloc++;
265 len = min(todo, len);
266 memcpy(n->m_data, mtod(m, char *) + skip + done, len);
267 n->m_len = len;
268 done += len;
269 todo -= len;
270 }
271
272 if (hlen <= M_TRAILINGSPACE(m) + remain) {
273 m->m_len = skip + hlen;
274 *off = skip;
275 if (n0 != NULL) {
276 *np = m->m_next;
277 m->m_next = n0;
278 }
279 }
280 else {
281 n = m_get(M_DONTWAIT, m->m_type);
282 if (n == NULL) {
283 m_freem(n0);
284 return NULL;
285 }
286 alloc++;
287
288 if ((n->m_next = n0) == NULL)
289 np = &n->m_next;
290 n0 = n;
291
292 *np = m->m_next;
293 m->m_next = n0;
294
295 n->m_len = hlen;
296 m->m_len = skip;
297
298 m = n; /* header is at front ... */
299 *off = 0; /* ... of new mbuf */
300 }
301
302 newipsecstat.ips_mbinserted += alloc;
303 } else {
304 /*
305 * Copy the remainder to the back of the mbuf
306 * so there's space to write the new header.
307 */
308 /* XXX can this be memcpy? does it handle overlap? */
309 ovbcopy(mtod(m, caddr_t) + skip,
310 mtod(m, caddr_t) + skip + hlen, remain);
311 m->m_len += hlen;
312 *off = skip;
313 }
314 m0->m_pkthdr.len += hlen; /* adjust packet length */
315 return m;
316 }
317
318 /*
319 * m_pad(m, n) pads <m> with <n> bytes at the end. The packet header
320 * length is updated, and a pointer to the first byte of the padding
321 * (which is guaranteed to be all in one mbuf) is returned.
322 */
323 caddr_t
324 m_pad(struct mbuf *m, int n)
325 {
326 register struct mbuf *m0, *m1;
327 register int len, pad;
328 caddr_t retval;
329
330 if (n <= 0) { /* No stupid arguments. */
331 DPRINTF(("m_pad: pad length invalid (%d)\n", n));
332 m_freem(m);
333 return NULL;
334 }
335
336 len = m->m_pkthdr.len;
337 pad = n;
338 m0 = m;
339
340 while (m0->m_len < len) {
341 IPSEC_ASSERT(m0->m_next != NULL, ("m_pad: m0 null, len %u m_len %u", len, m0->m_len));/*XXX*/
342 len -= m0->m_len;
343 m0 = m0->m_next;
344 }
345
346 if (m0->m_len != len) {
347 DPRINTF(("m_pad: length mismatch (should be %d instead of %d)\n",
348 m->m_pkthdr.len, m->m_pkthdr.len + m0->m_len - len));
349
350 m_freem(m);
351 return NULL;
352 }
353
354 /* Check for zero-length trailing mbufs, and find the last one. */
355 for (m1 = m0; m1->m_next; m1 = m1->m_next) {
356 if (m1->m_next->m_len != 0) {
357 DPRINTF(("m_pad: length mismatch (should be %d "
358 "instead of %d)\n",
359 m->m_pkthdr.len,
360 m->m_pkthdr.len + m1->m_next->m_len));
361
362 m_freem(m);
363 return NULL;
364 }
365
366 m0 = m1->m_next;
367 }
368
369 if (pad > M_TRAILINGSPACE(m0)) {
370 /* Add an mbuf to the chain. */
371 MGET(m1, M_DONTWAIT, MT_DATA);
372 if (m1 == 0) {
373 m_freem(m0);
374 DPRINTF(("m_pad: unable to get extra mbuf\n"));
375 return NULL;
376 }
377
378 m0->m_next = m1;
379 m0 = m1;
380 m0->m_len = 0;
381 }
382
383 retval = m0->m_data + m0->m_len;
384 m0->m_len += pad;
385 m->m_pkthdr.len += pad;
386
387 return retval;
388 }
389
390 /*
391 * Remove hlen data at offset skip in the packet. This is used by
392 * the protocols strip protocol headers and associated data (e.g. IV,
393 * authenticator) on input.
394 */
395 int
396 m_striphdr(struct mbuf *m, int skip, int hlen)
397 {
398 struct mbuf *m1;
399 int roff;
400
401 /* Find beginning of header */
402 m1 = m_getptr(m, skip, &roff);
403 if (m1 == NULL)
404 return (EINVAL);
405
406 /* Remove the header and associated data from the mbuf. */
407 if (roff == 0) {
408 /* The header was at the beginning of the mbuf */
409 newipsecstat.ips_input_front++;
410 m_adj(m1, hlen);
411 if ((m1->m_flags & M_PKTHDR) == 0)
412 m->m_pkthdr.len -= hlen;
413 } else if (roff + hlen >= m1->m_len) {
414 struct mbuf *mo;
415
416 /*
417 * Part or all of the header is at the end of this mbuf,
418 * so first let's remove the remainder of the header from
419 * the beginning of the remainder of the mbuf chain, if any.
420 */
421 newipsecstat.ips_input_end++;
422 if (roff + hlen > m1->m_len) {
423 /* Adjust the next mbuf by the remainder */
424 m_adj(m1->m_next, roff + hlen - m1->m_len);
425
426 /* The second mbuf is guaranteed not to have a pkthdr... */
427 m->m_pkthdr.len -= (roff + hlen - m1->m_len);
428 }
429
430 /* Now, let's unlink the mbuf chain for a second...*/
431 mo = m1->m_next;
432 m1->m_next = NULL;
433
434 /* ...and trim the end of the first part of the chain...sick */
435 m_adj(m1, -(m1->m_len - roff));
436 if ((m1->m_flags & M_PKTHDR) == 0)
437 m->m_pkthdr.len -= (m1->m_len - roff);
438
439 /* Finally, let's relink */
440 m1->m_next = mo;
441 } else {
442 /*
443 * The header lies in the "middle" of the mbuf; copy
444 * the remainder of the mbuf down over the header.
445 */
446 newipsecstat.ips_input_middle++;
447 ovbcopy(mtod(m1, u_char *) + roff + hlen,
448 mtod(m1, u_char *) + roff,
449 m1->m_len - (roff + hlen));
450 m1->m_len -= hlen;
451 m->m_pkthdr.len -= hlen;
452 }
453 return (0);
454 }
455
456 /*
457 * Diagnostic routine to check mbuf alignment as required by the
458 * crypto device drivers (that use DMA).
459 */
460 void
461 m_checkalignment(const char* where, struct mbuf *m0, int off, int len)
462 {
463 int roff;
464 struct mbuf *m = m_getptr(m0, off, &roff);
465 caddr_t addr;
466
467 if (m == NULL)
468 return;
469 printf("%s (off %u len %u): ", where, off, len);
470 addr = mtod(m, caddr_t) + roff;
471 do {
472 int mlen;
473
474 if (((uintptr_t) addr) & 3) {
475 printf("addr misaligned %p,", addr);
476 break;
477 }
478 mlen = m->m_len;
479 if (mlen > len)
480 mlen = len;
481 len -= mlen;
482 if (len && (mlen & 3)) {
483 printf("len mismatch %u,", mlen);
484 break;
485 }
486 m = m->m_next;
487 addr = m ? mtod(m, caddr_t) : NULL;
488 } while (m && len > 0);
489 for (m = m0; m; m = m->m_next)
490 printf(" [%p:%u]", mtod(m, caddr_t), m->m_len);
491 printf("\n");
492 }
Cache object: 635d6e276b4d2991cf9c97e41c07e6ce
|