/*- * Copyright (c) 2015 Dmitry Vagin <daemon.hammer@ya.ru> * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * */ #include <sys/cdefs.h> #include "opt_inet.h" #include "opt_inet6.h" #include <sys/param.h> #include <sys/systm.h> #include <sys/kernel.h> #include <sys/endian.h> #include <sys/malloc.h> #include <sys/mbuf.h> #include <sys/socket.h> #include <net/bpf.h> #include <net/ethernet.h> #include <net/if.h> #include <net/if_vlan_var.h> #include <netinet/in.h> #include <netinet/ip.h> #include <netinet/ip6.h> #include <netinet/tcp.h> #include <netinet/udp.h> #include <machine/in_cksum.h> #include <netgraph/ng_message.h> #include <netgraph/ng_parse.h> #include <netgraph/netgraph.h> #include <netgraph/ng_checksum.h> /* private data */ struct ng_checksum_priv { hook_p in; hook_p out; uint8_t dlt; /* DLT_XXX from bpf.h */ struct ng_checksum_config *conf; struct ng_checksum_stats stats; }; typedef struct ng_checksum_priv *priv_p; /* Netgraph methods */ static ng_constructor_t ng_checksum_constructor; static ng_rcvmsg_t ng_checksum_rcvmsg; static ng_shutdown_t ng_checksum_shutdown; static ng_newhook_t ng_checksum_newhook; static ng_rcvdata_t ng_checksum_rcvdata; static ng_disconnect_t ng_checksum_disconnect; #define ERROUT(x) { error = (x); goto done; } static const struct ng_parse_struct_field ng_checksum_config_type_fields[] = NG_CHECKSUM_CONFIG_TYPE; static const struct ng_parse_type ng_checksum_config_type = { &ng_parse_struct_type, &ng_checksum_config_type_fields }; static const struct ng_parse_struct_field ng_checksum_stats_fields[] = NG_CHECKSUM_STATS_TYPE; static const struct ng_parse_type ng_checksum_stats_type = { &ng_parse_struct_type, &ng_checksum_stats_fields }; static const struct ng_cmdlist ng_checksum_cmdlist[] = { { NGM_CHECKSUM_COOKIE, NGM_CHECKSUM_GETDLT, "getdlt", NULL, &ng_parse_uint8_type }, { NGM_CHECKSUM_COOKIE, NGM_CHECKSUM_SETDLT, "setdlt", &ng_parse_uint8_type, NULL }, { NGM_CHECKSUM_COOKIE, NGM_CHECKSUM_GETCONFIG, "getconfig", NULL, &ng_checksum_config_type }, { NGM_CHECKSUM_COOKIE, NGM_CHECKSUM_SETCONFIG, "setconfig", &ng_checksum_config_type, NULL }, { NGM_CHECKSUM_COOKIE, NGM_CHECKSUM_GET_STATS, "getstats", NULL, &ng_checksum_stats_type }, { NGM_CHECKSUM_COOKIE, NGM_CHECKSUM_CLR_STATS, "clrstats", NULL, NULL }, { NGM_CHECKSUM_COOKIE, NGM_CHECKSUM_GETCLR_STATS, "getclrstats", NULL, &ng_checksum_stats_type }, { 0 } }; static struct ng_type typestruct = { .version = NG_ABI_VERSION, .name = NG_CHECKSUM_NODE_TYPE, .constructor = ng_checksum_constructor, .rcvmsg = ng_checksum_rcvmsg, .shutdown = ng_checksum_shutdown, .newhook = ng_checksum_newhook, .rcvdata = ng_checksum_rcvdata, .disconnect = ng_checksum_disconnect, .cmdlist = ng_checksum_cmdlist, }; NETGRAPH_INIT(checksum, &typestruct); static int ng_checksum_constructor(node_p node) { priv_p priv; priv = malloc(sizeof(*priv), M_NETGRAPH, M_WAITOK|M_ZERO); priv->dlt = DLT_RAW; NG_NODE_SET_PRIVATE(node, priv); return (0); } static int ng_checksum_newhook(node_p node, hook_p hook, const char *name) { const priv_p priv = NG_NODE_PRIVATE(node); if (strncmp(name, NG_CHECKSUM_HOOK_IN, strlen(NG_CHECKSUM_HOOK_IN)) == 0) { priv->in = hook; } else if (strncmp(name, NG_CHECKSUM_HOOK_OUT, strlen(NG_CHECKSUM_HOOK_OUT)) == 0) { priv->out = hook; } else return (EINVAL); return (0); } static int ng_checksum_rcvmsg(node_p node, item_p item, hook_p lasthook) { const priv_p priv = NG_NODE_PRIVATE(node); struct ng_checksum_config *conf, *newconf; struct ng_mesg *msg; struct ng_mesg *resp = NULL; int error = 0; NGI_GET_MSG(item, msg); if (msg->header.typecookie != NGM_CHECKSUM_COOKIE) ERROUT(EINVAL); switch (msg->header.cmd) { case NGM_CHECKSUM_GETDLT: NG_MKRESPONSE(resp, msg, sizeof(uint8_t), M_WAITOK); if (resp == NULL) ERROUT(ENOMEM); *((uint8_t *) resp->data) = priv->dlt; break; case NGM_CHECKSUM_SETDLT: if (msg->header.arglen != sizeof(uint8_t)) ERROUT(EINVAL); switch (*(uint8_t *) msg->data) { case DLT_EN10MB: case DLT_RAW: priv->dlt = *(uint8_t *) msg->data; break; default: ERROUT(EINVAL); } break; case NGM_CHECKSUM_GETCONFIG: if (priv->conf == NULL) ERROUT(0); NG_MKRESPONSE(resp, msg, sizeof(struct ng_checksum_config), M_WAITOK); if (resp == NULL) ERROUT(ENOMEM); bcopy(priv->conf, resp->data, sizeof(struct ng_checksum_config)); break; case NGM_CHECKSUM_SETCONFIG: conf = (struct ng_checksum_config *) msg->data; if (msg->header.arglen != sizeof(struct ng_checksum_config)) ERROUT(EINVAL); conf->csum_flags &= NG_CHECKSUM_CSUM_IPV4|NG_CHECKSUM_CSUM_IPV6; conf->csum_offload &= NG_CHECKSUM_CSUM_IPV4|NG_CHECKSUM_CSUM_IPV6; newconf = malloc(sizeof(struct ng_checksum_config), M_NETGRAPH, M_WAITOK|M_ZERO); bcopy(conf, newconf, sizeof(struct ng_checksum_config)); if (priv->conf) free(priv->conf, M_NETGRAPH); priv->conf = newconf; break; case NGM_CHECKSUM_GET_STATS: case NGM_CHECKSUM_CLR_STATS: case NGM_CHECKSUM_GETCLR_STATS: if (msg->header.cmd != NGM_CHECKSUM_CLR_STATS) { NG_MKRESPONSE(resp, msg, sizeof(struct ng_checksum_stats), M_WAITOK); if (resp == NULL) ERROUT(ENOMEM); bcopy(&(priv->stats), resp->data, sizeof(struct ng_checksum_stats)); } if (msg->header.cmd != NGM_CHECKSUM_GET_STATS) bzero(&(priv->stats), sizeof(struct ng_checksum_stats)); break; default: ERROUT(EINVAL); } done: NG_RESPOND_MSG(error, node, item, resp); NG_FREE_MSG(msg); return (error); } #define PULLUP_CHECK(mbuf, length) do { \ pullup_len += length; \ if (((mbuf)->m_pkthdr.len < pullup_len) || \ (pullup_len > MHLEN)) { \ return (EINVAL); \ } \ if ((mbuf)->m_len < pullup_len && \ (((mbuf) = m_pullup((mbuf), pullup_len)) == NULL)) { \ return (ENOBUFS); \ } \ } while (0) #ifdef INET static int checksum_ipv4(priv_p priv, struct mbuf *m, int l3_offset) { struct ip *ip4; int pullup_len; int hlen, plen; int processed = 0; pullup_len = l3_offset; PULLUP_CHECK(m, sizeof(struct ip)); ip4 = (struct ip *) mtodo(m, l3_offset); if (ip4->ip_v != IPVERSION) return (EOPNOTSUPP); hlen = ip4->ip_hl << 2; plen = ntohs(ip4->ip_len); if (hlen < sizeof(struct ip) || m->m_pkthdr.len < l3_offset + plen) return (EINVAL); if (m->m_pkthdr.csum_flags & CSUM_IP) { ip4->ip_sum = 0; if ((priv->conf->csum_offload & CSUM_IP) == 0) { if (hlen == sizeof(struct ip)) ip4->ip_sum = in_cksum_hdr(ip4); else ip4->ip_sum = in_cksum_skip(m, l3_offset + hlen, l3_offset); m->m_pkthdr.csum_flags &= ~CSUM_IP; } processed = 1; } pullup_len = l3_offset + hlen; /* We can not calculate a checksum fragmented packets */ if (ip4->ip_off & htons(IP_MF|IP_OFFMASK)) { m->m_pkthdr.csum_flags &= ~(CSUM_TCP|CSUM_UDP); return (0); } switch (ip4->ip_p) { case IPPROTO_TCP: if (m->m_pkthdr.csum_flags & CSUM_TCP) { struct tcphdr *th; PULLUP_CHECK(m, sizeof(struct tcphdr)); th = (struct tcphdr *) mtodo(m, l3_offset + hlen); th->th_sum = in_pseudo(ip4->ip_src.s_addr, ip4->ip_dst.s_addr, htons(ip4->ip_p + plen - hlen)); if ((priv->conf->csum_offload & CSUM_TCP) == 0) { th->th_sum = in_cksum_skip(m, l3_offset + plen, l3_offset + hlen); m->m_pkthdr.csum_flags &= ~CSUM_TCP; } processed = 1; } m->m_pkthdr.csum_flags &= ~CSUM_UDP; break; case IPPROTO_UDP: if (m->m_pkthdr.csum_flags & CSUM_UDP) { struct udphdr *uh; PULLUP_CHECK(m, sizeof(struct udphdr)); uh = (struct udphdr *) mtodo(m, l3_offset + hlen); uh->uh_sum = in_pseudo(ip4->ip_src.s_addr, ip4->ip_dst.s_addr, htons(ip4->ip_p + plen - hlen)); if ((priv->conf->csum_offload & CSUM_UDP) == 0) { uh->uh_sum = in_cksum_skip(m, l3_offset + plen, l3_offset + hlen); if (uh->uh_sum == 0) uh->uh_sum = 0xffff; m->m_pkthdr.csum_flags &= ~CSUM_UDP; } processed = 1; } m->m_pkthdr.csum_flags &= ~CSUM_TCP; break; default: m->m_pkthdr.csum_flags &= ~(CSUM_TCP|CSUM_UDP); break; } m->m_pkthdr.csum_flags &= ~NG_CHECKSUM_CSUM_IPV6; if (processed) priv->stats.processed++; return (0); } #endif /* INET */ #ifdef INET6 static int checksum_ipv6(priv_p priv, struct mbuf *m, int l3_offset) { struct ip6_hdr *ip6; struct ip6_ext *ip6e = NULL; int pullup_len; int hlen, plen; int nxt; int processed = 0; pullup_len = l3_offset; PULLUP_CHECK(m, sizeof(struct ip6_hdr)); ip6 = (struct ip6_hdr *) mtodo(m, l3_offset); if ((ip6->ip6_vfc & IPV6_VERSION_MASK) != IPV6_VERSION) return (EOPNOTSUPP); hlen = sizeof(struct ip6_hdr); plen = ntohs(ip6->ip6_plen) + hlen; if (m->m_pkthdr.len < l3_offset + plen) return (EINVAL); nxt = ip6->ip6_nxt; for (;;) { switch (nxt) { case IPPROTO_DSTOPTS: case IPPROTO_HOPOPTS: case IPPROTO_ROUTING: PULLUP_CHECK(m, sizeof(struct ip6_ext)); ip6e = (struct ip6_ext *) mtodo(m, l3_offset + hlen); nxt = ip6e->ip6e_nxt; hlen += (ip6e->ip6e_len + 1) << 3; pullup_len = l3_offset + hlen; break; case IPPROTO_AH: PULLUP_CHECK(m, sizeof(struct ip6_ext)); ip6e = (struct ip6_ext *) mtodo(m, l3_offset + hlen); nxt = ip6e->ip6e_nxt; hlen += (ip6e->ip6e_len + 2) << 2; pullup_len = l3_offset + hlen; break; case IPPROTO_FRAGMENT: /* We can not calculate a checksum fragmented packets */ m->m_pkthdr.csum_flags &= ~(CSUM_TCP_IPV6|CSUM_UDP_IPV6); return (0); default: goto loopend; } if (nxt == 0) return (EINVAL); } loopend: switch (nxt) { case IPPROTO_TCP: if (m->m_pkthdr.csum_flags & CSUM_TCP_IPV6) { struct tcphdr *th; PULLUP_CHECK(m, sizeof(struct tcphdr)); th = (struct tcphdr *) mtodo(m, l3_offset + hlen); th->th_sum = in6_cksum_pseudo(ip6, plen - hlen, nxt, 0); if ((priv->conf->csum_offload & CSUM_TCP_IPV6) == 0) { th->th_sum = in_cksum_skip(m, l3_offset + plen, l3_offset + hlen); m->m_pkthdr.csum_flags &= ~CSUM_TCP_IPV6; } processed = 1; } m->m_pkthdr.csum_flags &= ~CSUM_UDP_IPV6; break; case IPPROTO_UDP: if (m->m_pkthdr.csum_flags & CSUM_UDP_IPV6) { struct udphdr *uh; PULLUP_CHECK(m, sizeof(struct udphdr)); uh = (struct udphdr *) mtodo(m, l3_offset + hlen); uh->uh_sum = in6_cksum_pseudo(ip6, plen - hlen, nxt, 0); if ((priv->conf->csum_offload & CSUM_UDP_IPV6) == 0) { uh->uh_sum = in_cksum_skip(m, l3_offset + plen, l3_offset + hlen); if (uh->uh_sum == 0) uh->uh_sum = 0xffff; m->m_pkthdr.csum_flags &= ~CSUM_UDP_IPV6; } processed = 1; } m->m_pkthdr.csum_flags &= ~CSUM_TCP_IPV6; break; default: m->m_pkthdr.csum_flags &= ~(CSUM_TCP_IPV6|CSUM_UDP_IPV6); break; } m->m_pkthdr.csum_flags &= ~NG_CHECKSUM_CSUM_IPV4; if (processed) priv->stats.processed++; return (0); } #endif /* INET6 */ #undef PULLUP_CHECK static int ng_checksum_rcvdata(hook_p hook, item_p item) { const priv_p priv = NG_NODE_PRIVATE(NG_HOOK_NODE(hook)); struct mbuf *m; hook_p out; int error = 0; priv->stats.received++; NGI_GET_M(item, m); #define PULLUP_CHECK(mbuf, length) do { \ pullup_len += length; \ if (((mbuf)->m_pkthdr.len < pullup_len) || \ (pullup_len > MHLEN)) { \ error = EINVAL; \ goto bypass; \ } \ if ((mbuf)->m_len < pullup_len && \ (((mbuf) = m_pullup((mbuf), pullup_len)) == NULL)) { \ error = ENOBUFS; \ goto drop; \ } \ } while (0) if (!(priv->conf && hook == priv->in && m && (m->m_flags & M_PKTHDR))) goto bypass; m->m_pkthdr.csum_flags |= priv->conf->csum_flags; if (m->m_pkthdr.csum_flags & (NG_CHECKSUM_CSUM_IPV4|NG_CHECKSUM_CSUM_IPV6)) { struct ether_header *eh; struct ng_checksum_vlan_header *vh; int pullup_len = 0; uint16_t etype; m = m_unshare(m, M_NOWAIT); if (m == NULL) ERROUT(ENOMEM); switch (priv->dlt) { case DLT_EN10MB: PULLUP_CHECK(m, sizeof(struct ether_header)); eh = mtod(m, struct ether_header *); etype = ntohs(eh->ether_type); for (;;) { /* QinQ support */ switch (etype) { case 0x8100: case 0x88A8: case 0x9100: PULLUP_CHECK(m, sizeof(struct ng_checksum_vlan_header)); vh = (struct ng_checksum_vlan_header *) mtodo(m, pullup_len - sizeof(struct ng_checksum_vlan_header)); etype = ntohs(vh->etype); break; default: goto loopend; } } loopend: #ifdef INET if (etype == ETHERTYPE_IP && (m->m_pkthdr.csum_flags & NG_CHECKSUM_CSUM_IPV4)) { error = checksum_ipv4(priv, m, pullup_len); if (error == ENOBUFS) goto drop; } else #endif #ifdef INET6 if (etype == ETHERTYPE_IPV6 && (m->m_pkthdr.csum_flags & NG_CHECKSUM_CSUM_IPV6)) { error = checksum_ipv6(priv, m, pullup_len); if (error == ENOBUFS) goto drop; } else #endif { m->m_pkthdr.csum_flags &= ~(NG_CHECKSUM_CSUM_IPV4|NG_CHECKSUM_CSUM_IPV6); } break; case DLT_RAW: #ifdef INET if (m->m_pkthdr.csum_flags & NG_CHECKSUM_CSUM_IPV4) { error = checksum_ipv4(priv, m, pullup_len); if (error == 0) goto bypass; else if (error == ENOBUFS) goto drop; } #endif #ifdef INET6 if (m->m_pkthdr.csum_flags & NG_CHECKSUM_CSUM_IPV6) { error = checksum_ipv6(priv, m, pullup_len); if (error == 0) goto bypass; else if (error == ENOBUFS) goto drop; } #endif if (error) m->m_pkthdr.csum_flags &= ~(NG_CHECKSUM_CSUM_IPV4|NG_CHECKSUM_CSUM_IPV6); break; default: ERROUT(EINVAL); } } #undef PULLUP_CHECK bypass: out = NULL; if (hook == priv->in) { /* return frames on 'in' hook if 'out' not connected */ out = priv->out ? priv->out : priv->in; } else if (hook == priv->out && priv->in) { /* pass frames on 'out' hook if 'in' connected */ out = priv->in; } if (out == NULL) ERROUT(0); NG_FWD_NEW_DATA(error, item, out, m); return (error); done: NG_FREE_M(m); drop: NG_FREE_ITEM(item); priv->stats.dropped++; return (error); } static int ng_checksum_shutdown(node_p node) { const priv_p priv = NG_NODE_PRIVATE(node); NG_NODE_SET_PRIVATE(node, NULL); NG_NODE_UNREF(node); if (priv->conf) free(priv->conf, M_NETGRAPH); free(priv, M_NETGRAPH); return (0); } static int ng_checksum_disconnect(hook_p hook) { priv_p priv; priv = NG_NODE_PRIVATE(NG_HOOK_NODE(hook)); if (hook == priv->in) priv->in = NULL; if (hook == priv->out) priv->out = NULL; if (NG_NODE_NUMHOOKS(NG_HOOK_NODE(hook)) == 0 && NG_NODE_IS_VALID(NG_HOOK_NODE(hook))) /* already shutting down? */ ng_rmnode_self(NG_HOOK_NODE(hook)); return (0); }