Fix a couple of NULL dereferences in error paths.
[dragonfly.git] / sys / netinet / ip_demux.c
blobc94b07f442d473f8db635a8961d46287ddfbdc69
1 /*
2 * Copyright (c) 2003, 2004 Jeffrey M. Hsu. All rights reserved.
3 * Copyright (c) 2003, 2004 The DragonFly Project. All rights reserved.
5 * This code is derived from software contributed to The DragonFly Project
6 * by Jeffrey M. Hsu.
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 * 3. Neither the name of The DragonFly Project nor the names of its
17 * contributors may be used to endorse or promote products derived
18 * from this software without specific, prior written permission.
20 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
21 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
22 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
23 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
24 * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
25 * INCIDENTAL, SPECIAL, EXEMPLARY OR CONSEQUENTIAL DAMAGES (INCLUDING,
26 * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
27 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
28 * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
29 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
30 * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 * SUCH DAMAGE.
34 #include "opt_inet.h"
35 #include "opt_rss.h"
37 #include <sys/param.h>
38 #include <sys/systm.h>
39 #include <sys/kernel.h>
40 #include <sys/socket.h>
41 #include <sys/socketvar.h>
42 #include <sys/thread.h>
43 #include <sys/sysctl.h>
44 #include <sys/globaldata.h>
46 #include <net/if.h>
47 #include <net/netisr2.h>
48 #include <net/toeplitz2.h>
50 #include <netinet/in_systm.h>
51 #include <netinet/in.h>
52 #include <netinet/in_var.h>
53 #include <netinet/in_pcb.h>
54 #include <netinet/ip.h>
55 #include <netinet/ip_var.h>
56 #include <netinet/tcp.h>
57 #include <netinet/tcpip.h>
58 #include <netinet/tcp_var.h>
59 #include <netinet/udp.h>
60 #include <netinet/udp_var.h>
62 struct initport_index {
63 uint32_t port_index;
64 } __cachealign;
65 static struct initport_index initport_indices[MAXCPU];
68 * Toeplitz hash functions - the idea is to match the hardware.
70 static __inline int
71 INP_MPORT_HASH_UDP(in_addr_t faddr, in_addr_t laddr,
72 in_port_t fport, in_port_t lport)
75 * NOTE: laddr could be multicast, since UDP socket could be
76 * bound to multicast address.
78 if (IN_MULTICAST(ntohl(faddr)) || IN_MULTICAST(ntohl(laddr))) {
79 /* XXX handle multicast on CPU0 for now */
80 return 0;
82 return toeplitz_hash(toeplitz_rawhash_addr(faddr, laddr));
85 static __inline int
86 INP_MPORT_HASH_TCP(in_addr_t faddr, in_addr_t laddr,
87 in_port_t fport, in_port_t lport)
89 return toeplitz_hash(
90 toeplitz_rawhash_addrport(faddr, laddr, fport, lport));
94 * Hash for the network address.
96 int
97 tcp_addrhash(in_addr_t faddr, in_port_t fport, in_addr_t laddr, in_port_t lport)
99 return (INP_MPORT_HASH_TCP(faddr, laddr, fport, lport));
103 udp_addrhash(in_addr_t faddr, in_port_t fport, in_addr_t laddr, in_port_t lport)
105 return (INP_MPORT_HASH_UDP(faddr, laddr, fport, lport));
109 * Map a network address to a processor.
112 tcp_addrcpu(in_addr_t faddr, in_port_t fport, in_addr_t laddr, in_port_t lport)
114 return (netisr_hashcpu(INP_MPORT_HASH_TCP(faddr, laddr, fport, lport)));
118 udp_addrcpu(in_addr_t faddr, in_port_t fport, in_addr_t laddr, in_port_t lport)
120 return (netisr_hashcpu(INP_MPORT_HASH_UDP(faddr, laddr, fport, lport)));
124 * If the packet is a valid IP datagram, upon returning of this function
125 * following things are promised:
127 * o IP header (including any possible IP options) and any data preceding
128 * IP header (usually linker layer header) are in one mbuf (m_len).
129 * o IP header length is not less than the minimum (sizeof(struct ip)).
130 * o IP total length is not less than IP header length.
131 * o IP datagram resides completely in the mbuf chain,
132 * i.e. pkthdr.len >= IP total length.
134 * If the packet is a UDP datagram,
135 * o IP header (including any possible IP options) and UDP header are in
136 * one mbuf (m_len).
137 * o IP total length is not less than (IP header length + UDP header length).
139 * If the packet is a TCP segment,
140 * o IP header (including any possible IP options) and TCP header (including
141 * any possible TCP options) are in one mbuf (m_len).
142 * o TCP header length is not less than the minimum (sizeof(struct tcphdr)).
143 * o IP total length is not less than (IP header length + TCP header length).
145 boolean_t
146 ip_lengthcheck(struct mbuf **mp, int hoff)
148 struct mbuf *m = *mp;
149 struct ip *ip;
150 int len, iphlen, iplen;
151 struct tcphdr *th;
152 int thoff; /* TCP data offset */
154 len = hoff + sizeof(struct ip);
156 /* The packet must be at least the size of an IP header. */
157 if (m->m_pkthdr.len < len) {
158 ipstat.ips_tooshort++;
159 goto fail;
162 /* The fixed IP header must reside completely in the first mbuf. */
163 if (m->m_len < len) {
164 m = m_pullup(m, len);
165 if (m == NULL) {
166 ipstat.ips_toosmall++;
167 goto fail;
171 ip = mtodoff(m, struct ip *, hoff);
173 /* Bound check the packet's stated IP header length. */
174 iphlen = ip->ip_hl << 2;
175 if (iphlen < sizeof(struct ip)) { /* minimum header length */
176 ipstat.ips_badhlen++;
177 goto fail;
180 /* The full IP header must reside completely in the one mbuf. */
181 if (m->m_len < hoff + iphlen) {
182 m = m_pullup(m, hoff + iphlen);
183 if (m == NULL) {
184 ipstat.ips_badhlen++;
185 goto fail;
187 ip = mtodoff(m, struct ip *, hoff);
190 iplen = ntohs(ip->ip_len);
193 * Check that the amount of data in the buffers is as
194 * at least much as the IP header would have us expect.
196 if (m->m_pkthdr.len < hoff + iplen) {
197 ipstat.ips_tooshort++;
198 goto fail;
202 * Fragments other than the first fragment don't have much
203 * length information.
205 if (ntohs(ip->ip_off) & IP_OFFMASK)
206 goto ipcheckonly;
209 * The TCP/IP or UDP/IP header must be entirely contained within
210 * the first fragment of a packet. Packet filters will break if they
211 * aren't.
213 * Since the packet will be trimmed to ip_len we must also make sure
214 * the potentially trimmed down length is still sufficient to hold
215 * the header(s).
217 switch (ip->ip_p) {
218 case IPPROTO_TCP:
219 if (iplen < iphlen + sizeof(struct tcphdr)) {
220 ++tcpstat.tcps_rcvshort;
221 goto fail;
223 if (m->m_len < hoff + iphlen + sizeof(struct tcphdr)) {
224 m = m_pullup(m, hoff + iphlen + sizeof(struct tcphdr));
225 if (m == NULL) {
226 tcpstat.tcps_rcvshort++;
227 goto fail;
229 ip = mtodoff(m, struct ip *, hoff);
231 th = (struct tcphdr *)((caddr_t)ip + iphlen);
232 thoff = th->th_off << 2;
233 if (thoff < sizeof(struct tcphdr) ||
234 thoff + iphlen > ntohs(ip->ip_len)) {
235 tcpstat.tcps_rcvbadoff++;
236 goto fail;
238 if (m->m_len < hoff + iphlen + thoff) {
239 m = m_pullup(m, hoff + iphlen + thoff);
240 if (m == NULL) {
241 tcpstat.tcps_rcvshort++;
242 goto fail;
245 break;
246 case IPPROTO_UDP:
247 if (iplen < iphlen + sizeof(struct udphdr)) {
248 ++udp_stat.udps_hdrops;
249 goto fail;
251 if (m->m_len < hoff + iphlen + sizeof(struct udphdr)) {
252 m = m_pullup(m, hoff + iphlen + sizeof(struct udphdr));
253 if (m == NULL) {
254 udp_stat.udps_hdrops++;
255 goto fail;
258 break;
259 default:
260 ipcheckonly:
261 if (iplen < iphlen) {
262 ++ipstat.ips_badlen;
263 goto fail;
265 break;
268 m->m_flags |= M_LENCHECKED;
269 *mp = m;
270 return TRUE;
272 fail:
273 if (m != NULL)
274 m_freem(m);
275 *mp = NULL;
276 return FALSE;
280 * Assign a protocol processing thread to a packet. The IP header is at
281 * offset (hoff) in the packet (i.e. the mac header might still be intact).
283 * This function can blow away the mbuf if the packet is malformed.
285 void
286 ip_hashfn(struct mbuf **mptr, int hoff)
288 struct ip *ip;
289 int iphlen;
290 struct tcphdr *th;
291 struct udphdr *uh;
292 struct mbuf *m;
293 int hash;
295 if (((*mptr)->m_flags & M_LENCHECKED) == 0) {
296 if (!ip_lengthcheck(mptr, hoff))
297 return;
300 m = *mptr;
301 ip = mtodoff(m, struct ip *, hoff);
302 iphlen = ip->ip_hl << 2;
304 if (ntohs(ip->ip_off) & (IP_MF | IP_OFFMASK)) {
305 hash = toeplitz_hash(toeplitz_rawhash_addr(
306 ip->ip_src.s_addr, ip->ip_dst.s_addr));
307 goto back;
310 switch (ip->ip_p) {
311 case IPPROTO_TCP:
312 th = (struct tcphdr *)((caddr_t)ip + iphlen);
313 hash = INP_MPORT_HASH_TCP(ip->ip_src.s_addr, ip->ip_dst.s_addr,
314 th->th_sport, th->th_dport);
315 break;
317 case IPPROTO_UDP:
318 uh = (struct udphdr *)((caddr_t)ip + iphlen);
319 hash = INP_MPORT_HASH_UDP(ip->ip_src.s_addr, ip->ip_dst.s_addr,
320 uh->uh_sport, uh->uh_dport);
321 break;
323 default:
324 hash = 0;
325 break;
327 back:
328 m_sethash(m, hash);
332 * Verify and adjust the hash value of the packet.
334 * Unlike ip_hashfn(), the packet content is not accessed. The packet info
335 * (pi) and the hash of the packet (m_pkthdr.hash) is used instead.
337 * Caller has already made sure that m_pkthdr.hash is valid, i.e. m_flags
338 * has M_HASH set.
340 void
341 ip_hashcheck(struct mbuf *m, const struct pktinfo *pi)
343 KASSERT((m->m_flags & M_HASH), ("no valid packet hash"));
345 switch (pi->pi_l3proto) {
346 case IPPROTO_TCP:
347 case IPPROTO_UDP:
348 break;
350 default:
351 /* Let software calculate the hash */
352 m->m_flags &= ~M_HASH;
353 break;
358 * This is used to map a socket to a message port for sendmsg() and friends.
359 * It is not called for any other purpose. In the case of TCP we just return
360 * the port already installed in the socket.
362 lwkt_port_t
363 tcp_soport(struct socket *so, struct sockaddr *nam,
364 struct mbuf **dummy __unused)
366 return(so->so_port);
370 * Used to route icmp messages to the proper protocol thread for ctlinput
371 * operation.
373 lwkt_port_t
374 tcp_ctlport(int cmd, struct sockaddr *sa, void *vip, int *cpuid)
376 struct ip *ip = vip;
377 inp_notify_t notify;
378 int arg;
380 notify = tcp_get_inpnotify(cmd, sa, &arg, &ip, cpuid);
381 if (notify == NULL)
382 return NULL;
384 if (*cpuid == netisr_ncpus) {
386 * Go through all effective netisr CPUs.
388 * A new message will be allocated later to save necessary
389 * information and will be forwarded to all network protocol
390 * threads in the following way:
392 * (the the thread owns the msgport that we return here)
393 * netisr0 <--+
394 * | |
395 * | |
396 * | |
397 * +-------+
398 * sendmsg
399 * [msg is kmalloc()ed]
402 * Later on, when the msg is received by netisr0:
404 * forwardmsg forwardmsg
405 * netisr0 ---------> netisr1 ---------> netisrN
406 * [msg is kfree()ed]
408 return netisr_cpuport(0);
409 } else {
410 return netisr_cpuport(*cpuid);
414 lwkt_port_t
415 tcp_addrport(in_addr_t faddr, in_port_t fport, in_addr_t laddr, in_port_t lport)
417 return(netisr_cpuport(tcp_addrcpu(faddr, fport, laddr, lport)));
420 lwkt_port_t
421 tcp_addrport0(void)
423 return(netisr_cpuport(0));
426 lwkt_port_t
427 udp_addrport(in_addr_t faddr, in_port_t fport, in_addr_t laddr, in_port_t lport)
429 return(netisr_cpuport(udp_addrcpu(faddr, fport, laddr, lport)));
433 * Used to route icmp messages to the proper protocol thread for ctlinput
434 * operation.
436 lwkt_port_t
437 udp_ctlport(int cmd, struct sockaddr *sa, void *vip, int *cpuid)
439 struct ip *ip = vip;
440 inp_notify_t notify;
442 notify = udp_get_inpnotify(cmd, sa, &ip, cpuid);
443 if (notify == NULL)
444 return NULL;
446 if (*cpuid == netisr_ncpus) {
448 * Go through all effective netisr CPUs.
450 * See the comment in tcp_ctlport.
452 return netisr_cpuport(0);
453 } else {
454 return netisr_cpuport(*cpuid);
458 static __inline struct lwkt_port *
459 inp_initport(void)
461 int cpu = mycpuid;
463 if (cpu < netisr_ncpus) {
464 return netisr_cpuport(cpu);
465 } else {
466 return netisr_cpuport(
467 ((initport_indices[cpu].port_index++) + (uint32_t)cpu) %
468 netisr_ncpus);
472 struct lwkt_port *
473 tcp_initport(void)
475 return inp_initport();
478 struct lwkt_port *
479 udp_initport(void)
481 return inp_initport();