ip_mroute.c revision 1.158
1 /* $NetBSD: ip_mroute.c,v 1.158 2018/05/07 19:34:03 maxv Exp $ */ 2 3 /* 4 * Copyright (c) 1992, 1993 5 * The Regents of the University of California. All rights reserved. 6 * 7 * This code is derived from software contributed to Berkeley by 8 * Stephen Deering of Stanford University. 9 * 10 * Redistribution and use in source and binary forms, with or without 11 * modification, are permitted provided that the following conditions 12 * are met: 13 * 1. Redistributions of source code must retain the above copyright 14 * notice, this list of conditions and the following disclaimer. 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in the 17 * documentation and/or other materials provided with the distribution. 18 * 3. Neither the name of the University nor the names of its contributors 19 * may be used to endorse or promote products derived from this software 20 * without specific prior written permission. 21 * 22 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 23 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 24 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 25 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 26 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 27 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 28 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 29 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 30 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 31 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 32 * SUCH DAMAGE. 33 * 34 * @(#)ip_mroute.c 8.2 (Berkeley) 11/15/93 35 */ 36 37 /* 38 * Copyright (c) 1989 Stephen Deering 39 * 40 * This code is derived from software contributed to Berkeley by 41 * Stephen Deering of Stanford University. 42 * 43 * Redistribution and use in source and binary forms, with or without 44 * modification, are permitted provided that the following conditions 45 * are met: 46 * 1. Redistributions of source code must retain the above copyright 47 * notice, this list of conditions and the following disclaimer. 48 * 2. Redistributions in binary form must reproduce the above copyright 49 * notice, this list of conditions and the following disclaimer in the 50 * documentation and/or other materials provided with the distribution. 51 * 3. All advertising materials mentioning features or use of this software 52 * must display the following acknowledgement: 53 * This product includes software developed by the University of 54 * California, Berkeley and its contributors. 55 * 4. Neither the name of the University nor the names of its contributors 56 * may be used to endorse or promote products derived from this software 57 * without specific prior written permission. 58 * 59 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 60 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 61 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 62 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 63 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 64 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 65 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 66 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 67 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 68 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 69 * SUCH DAMAGE. 70 * 71 * @(#)ip_mroute.c 8.2 (Berkeley) 11/15/93 72 */ 73 74 /* 75 * IP multicast forwarding procedures 76 * 77 * Written by David Waitzman, BBN Labs, August 1988. 78 * Modified by Steve Deering, Stanford, February 1989. 79 * Modified by Mark J. Steiglitz, Stanford, May, 1991 80 * Modified by Van Jacobson, LBL, January 1993 81 * Modified by Ajit Thyagarajan, PARC, August 1993 82 * Modified by Bill Fenner, PARC, April 1994 83 * Modified by Charles M. Hannum, NetBSD, May 1995. 84 * Modified by Ahmed Helmy, SGI, June 1996 85 * Modified by George Edmond Eddy (Rusty), ISI, February 1998 86 * Modified by Pavlin Radoslavov, USC/ISI, May 1998, August 1999, October 2000 87 * Modified by Hitoshi Asaeda, WIDE, August 2000 88 * Modified by Pavlin Radoslavov, ICSI, October 2002 89 * 90 * MROUTING Revision: 1.2 91 * and PIM-SMv2 and PIM-DM support, advanced API support, 92 * bandwidth metering and signaling 93 */ 94 95 #include <sys/cdefs.h> 96 __KERNEL_RCSID(0, "$NetBSD: ip_mroute.c,v 1.158 2018/05/07 19:34:03 maxv Exp $"); 97 98 #ifdef _KERNEL_OPT 99 #include "opt_inet.h" 100 #include "opt_ipsec.h" 101 #include "opt_pim.h" 102 #endif 103 104 #ifdef PIM 105 #define _PIM_VT 1 106 #endif 107 108 #include <sys/param.h> 109 #include <sys/systm.h> 110 #include <sys/callout.h> 111 #include <sys/mbuf.h> 112 #include <sys/socket.h> 113 #include <sys/socketvar.h> 114 #include <sys/errno.h> 115 #include <sys/time.h> 116 #include <sys/kernel.h> 117 #include <sys/kmem.h> 118 #include <sys/ioctl.h> 119 #include <sys/syslog.h> 120 121 #include <net/if.h> 122 #include <net/raw_cb.h> 123 124 #include <netinet/in.h> 125 #include <netinet/in_var.h> 126 #include <netinet/in_systm.h> 127 #include <netinet/ip.h> 128 #include <netinet/ip_var.h> 129 #include <netinet/in_pcb.h> 130 #include <netinet/udp.h> 131 #include <netinet/igmp.h> 132 #include <netinet/igmp_var.h> 133 #include <netinet/ip_mroute.h> 134 #ifdef PIM 135 #include <netinet/pim.h> 136 #include <netinet/pim_var.h> 137 #endif 138 #include <netinet/ip_encap.h> 139 140 #ifdef IPSEC 141 #include <netipsec/ipsec.h> 142 #include <netipsec/key.h> 143 #endif 144 145 #define IP_MULTICASTOPTS 0 146 #define M_PULLUP(m, len) \ 147 do { \ 148 if ((m) && ((m)->m_flags & M_EXT || (m)->m_len < (len))) \ 149 (m) = m_pullup((m), (len)); \ 150 } while (/*CONSTCOND*/ 0) 151 152 /* 153 * Globals. All but ip_mrouter and ip_mrtproto could be static, 154 * except for netstat or debugging purposes. 155 */ 156 struct socket *ip_mrouter = NULL; 157 int ip_mrtproto = IGMP_DVMRP; /* for netstat only */ 158 159 #define MFCHASH(a, g) \ 160 ((((a).s_addr >> 20) ^ ((a).s_addr >> 10) ^ (a).s_addr ^ \ 161 ((g).s_addr >> 20) ^ ((g).s_addr >> 10) ^ (g).s_addr) & mfchash) 162 LIST_HEAD(mfchashhdr, mfc) *mfchashtbl; 163 u_long mfchash; 164 165 u_char nexpire[MFCTBLSIZ]; 166 struct vif viftable[MAXVIFS]; 167 struct mrtstat mrtstat; 168 u_int mrtdebug = 0; /* debug level */ 169 #define DEBUG_MFC 0x02 170 #define DEBUG_FORWARD 0x04 171 #define DEBUG_EXPIRE 0x08 172 #define DEBUG_XMIT 0x10 173 #define DEBUG_PIM 0x20 174 175 #define VIFI_INVALID ((vifi_t) -1) 176 177 u_int tbfdebug = 0; /* tbf debug level */ 178 179 /* vif attachment using sys/netinet/ip_encap.c */ 180 static void vif_input(struct mbuf *, int, int, void *); 181 static int vif_encapcheck(struct mbuf *, int, int, void *); 182 183 static const struct encapsw vif_encapsw = { 184 .encapsw4 = { 185 .pr_input = vif_input, 186 .pr_ctlinput = NULL, 187 } 188 }; 189 190 #define EXPIRE_TIMEOUT (hz / 4) /* 4x / second */ 191 #define UPCALL_EXPIRE 6 /* number of timeouts */ 192 193 /* 194 * Define the token bucket filter structures 195 */ 196 197 #define TBF_REPROCESS (hz / 100) /* 100x / second */ 198 199 static int get_sg_cnt(struct sioc_sg_req *); 200 static int get_vif_cnt(struct sioc_vif_req *); 201 static int ip_mrouter_init(struct socket *, int); 202 static int set_assert(int); 203 static int add_vif(struct vifctl *); 204 static int del_vif(vifi_t *); 205 static void update_mfc_params(struct mfc *, struct mfcctl2 *); 206 static void init_mfc_params(struct mfc *, struct mfcctl2 *); 207 static void expire_mfc(struct mfc *); 208 static int add_mfc(struct sockopt *); 209 #ifdef UPCALL_TIMING 210 static void collate(struct timeval *); 211 #endif 212 static int del_mfc(struct sockopt *); 213 static int set_api_config(struct sockopt *); /* chose API capabilities */ 214 static int socket_send(struct socket *, struct mbuf *, struct sockaddr_in *); 215 static void expire_upcalls(void *); 216 static int ip_mdq(struct mbuf *, struct ifnet *, struct mfc *); 217 static void phyint_send(struct ip *, struct vif *, struct mbuf *); 218 static void encap_send(struct ip *, struct vif *, struct mbuf *); 219 static void tbf_control(struct vif *, struct mbuf *, struct ip *, u_int32_t); 220 static void tbf_queue(struct vif *, struct mbuf *); 221 static void tbf_process_q(struct vif *); 222 static void tbf_reprocess_q(void *); 223 static int tbf_dq_sel(struct vif *, struct ip *); 224 static void tbf_send_packet(struct vif *, struct mbuf *); 225 static void tbf_update_tokens(struct vif *); 226 static int priority(struct vif *, struct ip *); 227 228 /* 229 * Bandwidth monitoring 230 */ 231 static void free_bw_list(struct bw_meter *); 232 static int add_bw_upcall(struct bw_upcall *); 233 static int del_bw_upcall(struct bw_upcall *); 234 static void bw_meter_receive_packet(struct bw_meter *, int , struct timeval *); 235 static void bw_meter_prepare_upcall(struct bw_meter *, struct timeval *); 236 static void bw_upcalls_send(void); 237 static void schedule_bw_meter(struct bw_meter *, struct timeval *); 238 static void unschedule_bw_meter(struct bw_meter *); 239 static void bw_meter_process(void); 240 static void expire_bw_upcalls_send(void *); 241 static void expire_bw_meter_process(void *); 242 243 #ifdef PIM 244 static int pim_register_send(struct ip *, struct vif *, 245 struct mbuf *, struct mfc *); 246 static int pim_register_send_rp(struct ip *, struct vif *, 247 struct mbuf *, struct mfc *); 248 static int pim_register_send_upcall(struct ip *, struct vif *, 249 struct mbuf *, struct mfc *); 250 static struct mbuf *pim_register_prepare(struct ip *, struct mbuf *); 251 #endif 252 253 #define ENCAP_TTL 64 254 #define ENCAP_PROTO IPPROTO_IPIP 255 256 /* prototype IP hdr for encapsulated packets */ 257 static const struct ip multicast_encap_iphdr = { 258 .ip_hl = sizeof(struct ip) >> 2, 259 .ip_v = IPVERSION, 260 .ip_len = sizeof(struct ip), 261 .ip_ttl = ENCAP_TTL, 262 .ip_p = ENCAP_PROTO, 263 }; 264 265 /* 266 * Bandwidth meter variables and constants 267 */ 268 269 /* 270 * Pending timeouts are stored in a hash table, the key being the 271 * expiration time. Periodically, the entries are analysed and processed. 272 */ 273 #define BW_METER_BUCKETS 1024 274 static struct bw_meter *bw_meter_timers[BW_METER_BUCKETS]; 275 struct callout bw_meter_ch; 276 #define BW_METER_PERIOD (hz) /* periodical handling of bw meters */ 277 278 /* 279 * Pending upcalls are stored in a vector which is flushed when 280 * full, or periodically 281 */ 282 static struct bw_upcall bw_upcalls[BW_UPCALLS_MAX]; 283 static u_int bw_upcalls_n; /* # of pending upcalls */ 284 struct callout bw_upcalls_ch; 285 #define BW_UPCALLS_PERIOD (hz) /* periodical flush of bw upcalls */ 286 287 #ifdef PIM 288 struct pimstat pimstat; 289 290 /* 291 * Note: the PIM Register encapsulation adds the following in front of a 292 * data packet: 293 * 294 * struct pim_encap_hdr { 295 * struct ip ip; 296 * struct pim_encap_pimhdr pim; 297 * } 298 */ 299 300 struct pim_encap_pimhdr { 301 struct pim pim; 302 uint32_t flags; 303 }; 304 305 static struct ip pim_encap_iphdr = { 306 .ip_v = IPVERSION, 307 .ip_hl = sizeof(struct ip) >> 2, 308 .ip_len = sizeof(struct ip), 309 .ip_ttl = ENCAP_TTL, 310 .ip_p = IPPROTO_PIM, 311 }; 312 313 static struct pim_encap_pimhdr pim_encap_pimhdr = { 314 { 315 PIM_MAKE_VT(PIM_VERSION, PIM_REGISTER), /* PIM vers and message type */ 316 0, /* reserved */ 317 0, /* checksum */ 318 }, 319 0 /* flags */ 320 }; 321 322 static struct ifnet multicast_register_if; 323 static vifi_t reg_vif_num = VIFI_INVALID; 324 #endif /* PIM */ 325 326 327 /* 328 * Private variables. 329 */ 330 static vifi_t numvifs = 0; 331 332 static struct callout expire_upcalls_ch; 333 334 /* 335 * whether or not special PIM assert processing is enabled. 336 */ 337 static int pim_assert; 338 /* 339 * Rate limit for assert notification messages, in usec 340 */ 341 #define ASSERT_MSG_TIME 3000000 342 343 /* 344 * Kernel multicast routing API capabilities and setup. 345 * If more API capabilities are added to the kernel, they should be 346 * recorded in `mrt_api_support'. 347 */ 348 static const u_int32_t mrt_api_support = (MRT_MFC_FLAGS_DISABLE_WRONGVIF | 349 MRT_MFC_FLAGS_BORDER_VIF | 350 MRT_MFC_RP | 351 MRT_MFC_BW_UPCALL); 352 static u_int32_t mrt_api_config = 0; 353 354 /* 355 * Find a route for a given origin IP address and Multicast group address 356 * Type of service parameter to be added in the future!!! 357 * Statistics are updated by the caller if needed 358 * (mrtstat.mrts_mfc_lookups and mrtstat.mrts_mfc_misses) 359 */ 360 static struct mfc * 361 mfc_find(struct in_addr *o, struct in_addr *g) 362 { 363 struct mfc *rt; 364 365 LIST_FOREACH(rt, &mfchashtbl[MFCHASH(*o, *g)], mfc_hash) { 366 if (in_hosteq(rt->mfc_origin, *o) && 367 in_hosteq(rt->mfc_mcastgrp, *g) && 368 (rt->mfc_stall == NULL)) 369 break; 370 } 371 372 return rt; 373 } 374 375 /* 376 * Macros to compute elapsed time efficiently 377 * Borrowed from Van Jacobson's scheduling code 378 */ 379 #define TV_DELTA(a, b, delta) do { \ 380 int xxs; \ 381 delta = (a).tv_usec - (b).tv_usec; \ 382 xxs = (a).tv_sec - (b).tv_sec; \ 383 switch (xxs) { \ 384 case 2: \ 385 delta += 1000000; \ 386 /* fall through */ \ 387 case 1: \ 388 delta += 1000000; \ 389 /* fall through */ \ 390 case 0: \ 391 break; \ 392 default: \ 393 delta += (1000000 * xxs); \ 394 break; \ 395 } \ 396 } while (/*CONSTCOND*/ 0) 397 398 #ifdef UPCALL_TIMING 399 u_int32_t upcall_data[51]; 400 #endif /* UPCALL_TIMING */ 401 402 /* 403 * Handle MRT setsockopt commands to modify the multicast routing tables. 404 */ 405 int 406 ip_mrouter_set(struct socket *so, struct sockopt *sopt) 407 { 408 int error; 409 int optval; 410 struct vifctl vifc; 411 vifi_t vifi; 412 struct bw_upcall bwuc; 413 414 if (sopt->sopt_name != MRT_INIT && so != ip_mrouter) 415 error = ENOPROTOOPT; 416 else { 417 switch (sopt->sopt_name) { 418 case MRT_INIT: 419 error = sockopt_getint(sopt, &optval); 420 if (error) 421 break; 422 423 error = ip_mrouter_init(so, optval); 424 break; 425 case MRT_DONE: 426 error = ip_mrouter_done(); 427 break; 428 case MRT_ADD_VIF: 429 error = sockopt_get(sopt, &vifc, sizeof(vifc)); 430 if (error) 431 break; 432 error = add_vif(&vifc); 433 break; 434 case MRT_DEL_VIF: 435 error = sockopt_get(sopt, &vifi, sizeof(vifi)); 436 if (error) 437 break; 438 error = del_vif(&vifi); 439 break; 440 case MRT_ADD_MFC: 441 error = add_mfc(sopt); 442 break; 443 case MRT_DEL_MFC: 444 error = del_mfc(sopt); 445 break; 446 case MRT_ASSERT: 447 error = sockopt_getint(sopt, &optval); 448 if (error) 449 break; 450 error = set_assert(optval); 451 break; 452 case MRT_API_CONFIG: 453 error = set_api_config(sopt); 454 break; 455 case MRT_ADD_BW_UPCALL: 456 error = sockopt_get(sopt, &bwuc, sizeof(bwuc)); 457 if (error) 458 break; 459 error = add_bw_upcall(&bwuc); 460 break; 461 case MRT_DEL_BW_UPCALL: 462 error = sockopt_get(sopt, &bwuc, sizeof(bwuc)); 463 if (error) 464 break; 465 error = del_bw_upcall(&bwuc); 466 break; 467 default: 468 error = ENOPROTOOPT; 469 break; 470 } 471 } 472 return error; 473 } 474 475 /* 476 * Handle MRT getsockopt commands 477 */ 478 int 479 ip_mrouter_get(struct socket *so, struct sockopt *sopt) 480 { 481 int error; 482 483 if (so != ip_mrouter) 484 error = ENOPROTOOPT; 485 else { 486 switch (sopt->sopt_name) { 487 case MRT_VERSION: 488 error = sockopt_setint(sopt, 0x0305); /* XXX !!!! */ 489 break; 490 case MRT_ASSERT: 491 error = sockopt_setint(sopt, pim_assert); 492 break; 493 case MRT_API_SUPPORT: 494 error = sockopt_set(sopt, &mrt_api_support, 495 sizeof(mrt_api_support)); 496 break; 497 case MRT_API_CONFIG: 498 error = sockopt_set(sopt, &mrt_api_config, 499 sizeof(mrt_api_config)); 500 break; 501 default: 502 error = ENOPROTOOPT; 503 break; 504 } 505 } 506 return error; 507 } 508 509 /* 510 * Handle ioctl commands to obtain information from the cache 511 */ 512 int 513 mrt_ioctl(struct socket *so, u_long cmd, void *data) 514 { 515 int error; 516 517 if (so != ip_mrouter) 518 error = EINVAL; 519 else 520 switch (cmd) { 521 case SIOCGETVIFCNT: 522 error = get_vif_cnt((struct sioc_vif_req *)data); 523 break; 524 case SIOCGETSGCNT: 525 error = get_sg_cnt((struct sioc_sg_req *)data); 526 break; 527 default: 528 error = EINVAL; 529 break; 530 } 531 532 return error; 533 } 534 535 /* 536 * returns the packet, byte, rpf-failure count for the source group provided 537 */ 538 static int 539 get_sg_cnt(struct sioc_sg_req *req) 540 { 541 int s; 542 struct mfc *rt; 543 544 s = splsoftnet(); 545 rt = mfc_find(&req->src, &req->grp); 546 if (rt == NULL) { 547 splx(s); 548 req->pktcnt = req->bytecnt = req->wrong_if = 0xffffffff; 549 return EADDRNOTAVAIL; 550 } 551 req->pktcnt = rt->mfc_pkt_cnt; 552 req->bytecnt = rt->mfc_byte_cnt; 553 req->wrong_if = rt->mfc_wrong_if; 554 splx(s); 555 556 return 0; 557 } 558 559 /* 560 * returns the input and output packet and byte counts on the vif provided 561 */ 562 static int 563 get_vif_cnt(struct sioc_vif_req *req) 564 { 565 vifi_t vifi = req->vifi; 566 567 if (vifi >= numvifs) 568 return EINVAL; 569 570 req->icount = viftable[vifi].v_pkt_in; 571 req->ocount = viftable[vifi].v_pkt_out; 572 req->ibytes = viftable[vifi].v_bytes_in; 573 req->obytes = viftable[vifi].v_bytes_out; 574 575 return 0; 576 } 577 578 /* 579 * Enable multicast routing 580 */ 581 static int 582 ip_mrouter_init(struct socket *so, int v) 583 { 584 if (mrtdebug) 585 log(LOG_DEBUG, 586 "ip_mrouter_init: so_type = %d, pr_protocol = %d\n", 587 so->so_type, so->so_proto->pr_protocol); 588 589 if (so->so_type != SOCK_RAW || 590 so->so_proto->pr_protocol != IPPROTO_IGMP) 591 return EOPNOTSUPP; 592 593 if (v != 1) 594 return EINVAL; 595 596 if (ip_mrouter != NULL) 597 return EADDRINUSE; 598 599 ip_mrouter = so; 600 601 mfchashtbl = hashinit(MFCTBLSIZ, HASH_LIST, true, &mfchash); 602 memset((void *)nexpire, 0, sizeof(nexpire)); 603 604 pim_assert = 0; 605 606 callout_init(&expire_upcalls_ch, 0); 607 callout_reset(&expire_upcalls_ch, EXPIRE_TIMEOUT, 608 expire_upcalls, NULL); 609 610 callout_init(&bw_upcalls_ch, 0); 611 callout_reset(&bw_upcalls_ch, BW_UPCALLS_PERIOD, 612 expire_bw_upcalls_send, NULL); 613 614 callout_init(&bw_meter_ch, 0); 615 callout_reset(&bw_meter_ch, BW_METER_PERIOD, 616 expire_bw_meter_process, NULL); 617 618 if (mrtdebug) 619 log(LOG_DEBUG, "ip_mrouter_init\n"); 620 621 return 0; 622 } 623 624 /* 625 * Disable multicast routing 626 */ 627 int 628 ip_mrouter_done(void) 629 { 630 vifi_t vifi; 631 struct vif *vifp; 632 int i; 633 int s; 634 635 s = splsoftnet(); 636 637 /* Clear out all the vifs currently in use. */ 638 for (vifi = 0; vifi < numvifs; vifi++) { 639 vifp = &viftable[vifi]; 640 if (!in_nullhost(vifp->v_lcl_addr)) 641 reset_vif(vifp); 642 } 643 644 numvifs = 0; 645 pim_assert = 0; 646 mrt_api_config = 0; 647 648 callout_stop(&expire_upcalls_ch); 649 callout_stop(&bw_upcalls_ch); 650 callout_stop(&bw_meter_ch); 651 652 /* 653 * Free all multicast forwarding cache entries. 654 */ 655 for (i = 0; i < MFCTBLSIZ; i++) { 656 struct mfc *rt, *nrt; 657 658 for (rt = LIST_FIRST(&mfchashtbl[i]); rt; rt = nrt) { 659 nrt = LIST_NEXT(rt, mfc_hash); 660 661 expire_mfc(rt); 662 } 663 } 664 665 memset((void *)nexpire, 0, sizeof(nexpire)); 666 hashdone(mfchashtbl, HASH_LIST, mfchash); 667 mfchashtbl = NULL; 668 669 bw_upcalls_n = 0; 670 memset(bw_meter_timers, 0, sizeof(bw_meter_timers)); 671 672 /* Reset de-encapsulation cache. */ 673 674 ip_mrouter = NULL; 675 676 splx(s); 677 678 if (mrtdebug) 679 log(LOG_DEBUG, "ip_mrouter_done\n"); 680 681 return 0; 682 } 683 684 void 685 ip_mrouter_detach(struct ifnet *ifp) 686 { 687 int vifi, i; 688 struct vif *vifp; 689 struct mfc *rt; 690 struct rtdetq *rte; 691 692 /* XXX not sure about side effect to userland routing daemon */ 693 for (vifi = 0; vifi < numvifs; vifi++) { 694 vifp = &viftable[vifi]; 695 if (vifp->v_ifp == ifp) 696 reset_vif(vifp); 697 } 698 for (i = 0; i < MFCTBLSIZ; i++) { 699 if (nexpire[i] == 0) 700 continue; 701 LIST_FOREACH(rt, &mfchashtbl[i], mfc_hash) { 702 for (rte = rt->mfc_stall; rte; rte = rte->next) { 703 if (rte->ifp == ifp) 704 rte->ifp = NULL; 705 } 706 } 707 } 708 } 709 710 /* 711 * Set PIM assert processing global 712 */ 713 static int 714 set_assert(int i) 715 { 716 pim_assert = !!i; 717 return 0; 718 } 719 720 /* 721 * Configure API capabilities 722 */ 723 static int 724 set_api_config(struct sockopt *sopt) 725 { 726 u_int32_t apival; 727 int i, error; 728 729 /* 730 * We can set the API capabilities only if it is the first operation 731 * after MRT_INIT. I.e.: 732 * - there are no vifs installed 733 * - pim_assert is not enabled 734 * - the MFC table is empty 735 */ 736 error = sockopt_get(sopt, &apival, sizeof(apival)); 737 if (error) 738 return error; 739 if (numvifs > 0) 740 return EPERM; 741 if (pim_assert) 742 return EPERM; 743 for (i = 0; i < MFCTBLSIZ; i++) { 744 if (LIST_FIRST(&mfchashtbl[i]) != NULL) 745 return EPERM; 746 } 747 748 mrt_api_config = apival & mrt_api_support; 749 return 0; 750 } 751 752 /* 753 * Add a vif to the vif table 754 */ 755 static int 756 add_vif(struct vifctl *vifcp) 757 { 758 struct vif *vifp; 759 struct ifnet *ifp; 760 int error, s; 761 struct sockaddr_in sin; 762 763 if (vifcp->vifc_vifi >= MAXVIFS) 764 return EINVAL; 765 if (in_nullhost(vifcp->vifc_lcl_addr)) 766 return EADDRNOTAVAIL; 767 768 vifp = &viftable[vifcp->vifc_vifi]; 769 if (!in_nullhost(vifp->v_lcl_addr)) 770 return EADDRINUSE; 771 772 /* Find the interface with an address in AF_INET family. */ 773 #ifdef PIM 774 if (vifcp->vifc_flags & VIFF_REGISTER) { 775 /* 776 * XXX: Because VIFF_REGISTER does not really need a valid 777 * local interface (e.g. it could be 127.0.0.2), we don't 778 * check its address. 779 */ 780 ifp = NULL; 781 } else 782 #endif 783 { 784 struct ifaddr *ifa; 785 786 sockaddr_in_init(&sin, &vifcp->vifc_lcl_addr, 0); 787 s = pserialize_read_enter(); 788 ifa = ifa_ifwithaddr(sintosa(&sin)); 789 if (ifa == NULL) { 790 pserialize_read_exit(s); 791 return EADDRNOTAVAIL; 792 } 793 ifp = ifa->ifa_ifp; 794 /* FIXME NOMPSAFE */ 795 pserialize_read_exit(s); 796 } 797 798 if (vifcp->vifc_flags & VIFF_TUNNEL) { 799 if (vifcp->vifc_flags & VIFF_SRCRT) { 800 log(LOG_ERR, "source routed tunnels not supported\n"); 801 return EOPNOTSUPP; 802 } 803 804 /* attach this vif to decapsulator dispatch table */ 805 /* 806 * XXX Use addresses in registration so that matching 807 * can be done with radix tree in decapsulator. But, 808 * we need to check inner header for multicast, so 809 * this requires both radix tree lookup and then a 810 * function to check, and this is not supported yet. 811 */ 812 error = encap_lock_enter(); 813 if (error) 814 return error; 815 vifp->v_encap_cookie = encap_attach_func(AF_INET, IPPROTO_IPV4, 816 vif_encapcheck, &vif_encapsw, vifp); 817 encap_lock_exit(); 818 if (!vifp->v_encap_cookie) 819 return EINVAL; 820 821 /* Create a fake encapsulation interface. */ 822 ifp = malloc(sizeof(*ifp), M_MRTABLE, M_WAITOK|M_ZERO); 823 snprintf(ifp->if_xname, sizeof(ifp->if_xname), 824 "mdecap%d", vifcp->vifc_vifi); 825 826 /* Prepare cached route entry. */ 827 memset(&vifp->v_route, 0, sizeof(vifp->v_route)); 828 #ifdef PIM 829 } else if (vifcp->vifc_flags & VIFF_REGISTER) { 830 ifp = &multicast_register_if; 831 if (mrtdebug) 832 log(LOG_DEBUG, "Adding a register vif, ifp: %p\n", 833 (void *)ifp); 834 if (reg_vif_num == VIFI_INVALID) { 835 memset(ifp, 0, sizeof(*ifp)); 836 snprintf(ifp->if_xname, sizeof(ifp->if_xname), 837 "register_vif"); 838 ifp->if_flags = IFF_LOOPBACK; 839 memset(&vifp->v_route, 0, sizeof(vifp->v_route)); 840 reg_vif_num = vifcp->vifc_vifi; 841 } 842 #endif 843 } else { 844 /* Make sure the interface supports multicast. */ 845 if ((ifp->if_flags & IFF_MULTICAST) == 0) 846 return EOPNOTSUPP; 847 848 /* Enable promiscuous reception of all IP multicasts. */ 849 sockaddr_in_init(&sin, &zeroin_addr, 0); 850 error = if_mcast_op(ifp, SIOCADDMULTI, sintosa(&sin)); 851 if (error) 852 return error; 853 } 854 855 s = splsoftnet(); 856 857 /* Define parameters for the tbf structure. */ 858 vifp->tbf_q = NULL; 859 vifp->tbf_t = &vifp->tbf_q; 860 microtime(&vifp->tbf_last_pkt_t); 861 vifp->tbf_n_tok = 0; 862 vifp->tbf_q_len = 0; 863 vifp->tbf_max_q_len = MAXQSIZE; 864 865 vifp->v_flags = vifcp->vifc_flags; 866 vifp->v_threshold = vifcp->vifc_threshold; 867 /* scaling up here allows division by 1024 in critical code */ 868 vifp->v_rate_limit = vifcp->vifc_rate_limit * 1024 / 1000; 869 vifp->v_lcl_addr = vifcp->vifc_lcl_addr; 870 vifp->v_rmt_addr = vifcp->vifc_rmt_addr; 871 vifp->v_ifp = ifp; 872 /* Initialize per vif pkt counters. */ 873 vifp->v_pkt_in = 0; 874 vifp->v_pkt_out = 0; 875 vifp->v_bytes_in = 0; 876 vifp->v_bytes_out = 0; 877 878 callout_init(&vifp->v_repq_ch, 0); 879 880 splx(s); 881 882 /* Adjust numvifs up if the vifi is higher than numvifs. */ 883 if (numvifs <= vifcp->vifc_vifi) 884 numvifs = vifcp->vifc_vifi + 1; 885 886 if (mrtdebug) 887 log(LOG_DEBUG, "add_vif #%d, lcladdr %x, %s %x, thresh %x, rate %d\n", 888 vifcp->vifc_vifi, 889 ntohl(vifcp->vifc_lcl_addr.s_addr), 890 (vifcp->vifc_flags & VIFF_TUNNEL) ? "rmtaddr" : "mask", 891 ntohl(vifcp->vifc_rmt_addr.s_addr), 892 vifcp->vifc_threshold, 893 vifcp->vifc_rate_limit); 894 895 return 0; 896 } 897 898 void 899 reset_vif(struct vif *vifp) 900 { 901 struct mbuf *m, *n; 902 struct ifnet *ifp; 903 struct sockaddr_in sin; 904 905 callout_stop(&vifp->v_repq_ch); 906 907 /* detach this vif from decapsulator dispatch table */ 908 encap_lock_enter(); 909 encap_detach(vifp->v_encap_cookie); 910 encap_lock_exit(); 911 vifp->v_encap_cookie = NULL; 912 913 /* 914 * Free packets queued at the interface 915 */ 916 for (m = vifp->tbf_q; m != NULL; m = n) { 917 n = m->m_nextpkt; 918 m_freem(m); 919 } 920 921 if (vifp->v_flags & VIFF_TUNNEL) 922 free(vifp->v_ifp, M_MRTABLE); 923 else if (vifp->v_flags & VIFF_REGISTER) { 924 #ifdef PIM 925 reg_vif_num = VIFI_INVALID; 926 #endif 927 } else { 928 sockaddr_in_init(&sin, &zeroin_addr, 0); 929 ifp = vifp->v_ifp; 930 if_mcast_op(ifp, SIOCDELMULTI, sintosa(&sin)); 931 } 932 memset((void *)vifp, 0, sizeof(*vifp)); 933 } 934 935 /* 936 * Delete a vif from the vif table 937 */ 938 static int 939 del_vif(vifi_t *vifip) 940 { 941 struct vif *vifp; 942 vifi_t vifi; 943 int s; 944 945 if (*vifip >= numvifs) 946 return EINVAL; 947 948 vifp = &viftable[*vifip]; 949 if (in_nullhost(vifp->v_lcl_addr)) 950 return EADDRNOTAVAIL; 951 952 s = splsoftnet(); 953 954 reset_vif(vifp); 955 956 /* Adjust numvifs down */ 957 for (vifi = numvifs; vifi > 0; vifi--) 958 if (!in_nullhost(viftable[vifi - 1].v_lcl_addr)) 959 break; 960 numvifs = vifi; 961 962 splx(s); 963 964 if (mrtdebug) 965 log(LOG_DEBUG, "del_vif %d, numvifs %d\n", *vifip, numvifs); 966 967 return 0; 968 } 969 970 /* 971 * update an mfc entry without resetting counters and S,G addresses. 972 */ 973 static void 974 update_mfc_params(struct mfc *rt, struct mfcctl2 *mfccp) 975 { 976 int i; 977 978 rt->mfc_parent = mfccp->mfcc_parent; 979 for (i = 0; i < numvifs; i++) { 980 rt->mfc_ttls[i] = mfccp->mfcc_ttls[i]; 981 rt->mfc_flags[i] = mfccp->mfcc_flags[i] & mrt_api_config & 982 MRT_MFC_FLAGS_ALL; 983 } 984 /* set the RP address */ 985 if (mrt_api_config & MRT_MFC_RP) 986 rt->mfc_rp = mfccp->mfcc_rp; 987 else 988 rt->mfc_rp = zeroin_addr; 989 } 990 991 /* 992 * fully initialize an mfc entry from the parameter. 993 */ 994 static void 995 init_mfc_params(struct mfc *rt, struct mfcctl2 *mfccp) 996 { 997 rt->mfc_origin = mfccp->mfcc_origin; 998 rt->mfc_mcastgrp = mfccp->mfcc_mcastgrp; 999 1000 update_mfc_params(rt, mfccp); 1001 1002 /* initialize pkt counters per src-grp */ 1003 rt->mfc_pkt_cnt = 0; 1004 rt->mfc_byte_cnt = 0; 1005 rt->mfc_wrong_if = 0; 1006 timerclear(&rt->mfc_last_assert); 1007 } 1008 1009 static void 1010 expire_mfc(struct mfc *rt) 1011 { 1012 struct rtdetq *rte, *nrte; 1013 1014 free_bw_list(rt->mfc_bw_meter); 1015 1016 for (rte = rt->mfc_stall; rte != NULL; rte = nrte) { 1017 nrte = rte->next; 1018 m_freem(rte->m); 1019 free(rte, M_MRTABLE); 1020 } 1021 1022 LIST_REMOVE(rt, mfc_hash); 1023 free(rt, M_MRTABLE); 1024 } 1025 1026 /* 1027 * Add an mfc entry 1028 */ 1029 static int 1030 add_mfc(struct sockopt *sopt) 1031 { 1032 struct mfcctl2 mfcctl2; 1033 struct mfcctl2 *mfccp; 1034 struct mfc *rt; 1035 u_int32_t hash = 0; 1036 struct rtdetq *rte, *nrte; 1037 u_short nstl; 1038 int s; 1039 int error; 1040 1041 /* 1042 * select data size depending on API version. 1043 */ 1044 mfccp = &mfcctl2; 1045 memset(&mfcctl2, 0, sizeof(mfcctl2)); 1046 1047 if (mrt_api_config & MRT_API_FLAGS_ALL) 1048 error = sockopt_get(sopt, mfccp, sizeof(struct mfcctl2)); 1049 else 1050 error = sockopt_get(sopt, mfccp, sizeof(struct mfcctl)); 1051 1052 if (error) 1053 return error; 1054 1055 s = splsoftnet(); 1056 rt = mfc_find(&mfccp->mfcc_origin, &mfccp->mfcc_mcastgrp); 1057 1058 /* If an entry already exists, just update the fields */ 1059 if (rt) { 1060 if (mrtdebug & DEBUG_MFC) 1061 log(LOG_DEBUG, "add_mfc update o %x g %x p %x\n", 1062 ntohl(mfccp->mfcc_origin.s_addr), 1063 ntohl(mfccp->mfcc_mcastgrp.s_addr), 1064 mfccp->mfcc_parent); 1065 1066 update_mfc_params(rt, mfccp); 1067 1068 splx(s); 1069 return 0; 1070 } 1071 1072 /* 1073 * Find the entry for which the upcall was made and update 1074 */ 1075 nstl = 0; 1076 hash = MFCHASH(mfccp->mfcc_origin, mfccp->mfcc_mcastgrp); 1077 LIST_FOREACH(rt, &mfchashtbl[hash], mfc_hash) { 1078 if (in_hosteq(rt->mfc_origin, mfccp->mfcc_origin) && 1079 in_hosteq(rt->mfc_mcastgrp, mfccp->mfcc_mcastgrp) && 1080 rt->mfc_stall != NULL) { 1081 if (nstl++) 1082 log(LOG_ERR, "add_mfc %s o %x g %x p %x dbx %p\n", 1083 "multiple kernel entries", 1084 ntohl(mfccp->mfcc_origin.s_addr), 1085 ntohl(mfccp->mfcc_mcastgrp.s_addr), 1086 mfccp->mfcc_parent, rt->mfc_stall); 1087 1088 if (mrtdebug & DEBUG_MFC) 1089 log(LOG_DEBUG, "add_mfc o %x g %x p %x dbg %p\n", 1090 ntohl(mfccp->mfcc_origin.s_addr), 1091 ntohl(mfccp->mfcc_mcastgrp.s_addr), 1092 mfccp->mfcc_parent, rt->mfc_stall); 1093 1094 rte = rt->mfc_stall; 1095 init_mfc_params(rt, mfccp); 1096 rt->mfc_stall = NULL; 1097 1098 rt->mfc_expire = 0; /* Don't clean this guy up */ 1099 nexpire[hash]--; 1100 1101 /* free packets Qed at the end of this entry */ 1102 for (; rte != NULL; rte = nrte) { 1103 nrte = rte->next; 1104 if (rte->ifp) { 1105 ip_mdq(rte->m, rte->ifp, rt); 1106 } 1107 m_freem(rte->m); 1108 #ifdef UPCALL_TIMING 1109 collate(&rte->t); 1110 #endif /* UPCALL_TIMING */ 1111 free(rte, M_MRTABLE); 1112 } 1113 } 1114 } 1115 1116 /* 1117 * It is possible that an entry is being inserted without an upcall 1118 */ 1119 if (nstl == 0) { 1120 /* 1121 * No mfc; make a new one 1122 */ 1123 if (mrtdebug & DEBUG_MFC) 1124 log(LOG_DEBUG, "add_mfc no upcall o %x g %x p %x\n", 1125 ntohl(mfccp->mfcc_origin.s_addr), 1126 ntohl(mfccp->mfcc_mcastgrp.s_addr), 1127 mfccp->mfcc_parent); 1128 1129 LIST_FOREACH(rt, &mfchashtbl[hash], mfc_hash) { 1130 if (in_hosteq(rt->mfc_origin, mfccp->mfcc_origin) && 1131 in_hosteq(rt->mfc_mcastgrp, mfccp->mfcc_mcastgrp)) { 1132 init_mfc_params(rt, mfccp); 1133 if (rt->mfc_expire) 1134 nexpire[hash]--; 1135 rt->mfc_expire = 0; 1136 break; /* XXX */ 1137 } 1138 } 1139 if (rt == NULL) { /* no upcall, so make a new entry */ 1140 rt = malloc(sizeof(*rt), M_MRTABLE, M_NOWAIT); 1141 if (rt == NULL) { 1142 splx(s); 1143 return ENOBUFS; 1144 } 1145 1146 init_mfc_params(rt, mfccp); 1147 rt->mfc_expire = 0; 1148 rt->mfc_stall = NULL; 1149 rt->mfc_bw_meter = NULL; 1150 1151 /* insert new entry at head of hash chain */ 1152 LIST_INSERT_HEAD(&mfchashtbl[hash], rt, mfc_hash); 1153 } 1154 } 1155 1156 splx(s); 1157 return 0; 1158 } 1159 1160 #ifdef UPCALL_TIMING 1161 /* 1162 * collect delay statistics on the upcalls 1163 */ 1164 static void 1165 collate(struct timeval *t) 1166 { 1167 u_int32_t d; 1168 struct timeval tp; 1169 u_int32_t delta; 1170 1171 microtime(&tp); 1172 1173 if (timercmp(t, &tp, <)) { 1174 TV_DELTA(tp, *t, delta); 1175 1176 d = delta >> 10; 1177 if (d > 50) 1178 d = 50; 1179 1180 ++upcall_data[d]; 1181 } 1182 } 1183 #endif /* UPCALL_TIMING */ 1184 1185 /* 1186 * Delete an mfc entry 1187 */ 1188 static int 1189 del_mfc(struct sockopt *sopt) 1190 { 1191 struct mfcctl2 mfcctl2; 1192 struct mfcctl2 *mfccp; 1193 struct mfc *rt; 1194 int s; 1195 int error; 1196 1197 /* 1198 * XXX: for deleting MFC entries the information in entries 1199 * of size "struct mfcctl" is sufficient. 1200 */ 1201 1202 mfccp = &mfcctl2; 1203 memset(&mfcctl2, 0, sizeof(mfcctl2)); 1204 1205 error = sockopt_get(sopt, mfccp, sizeof(struct mfcctl)); 1206 if (error) { 1207 /* Try with the size of mfcctl2. */ 1208 error = sockopt_get(sopt, mfccp, sizeof(struct mfcctl2)); 1209 if (error) 1210 return error; 1211 } 1212 1213 if (mrtdebug & DEBUG_MFC) 1214 log(LOG_DEBUG, "del_mfc origin %x mcastgrp %x\n", 1215 ntohl(mfccp->mfcc_origin.s_addr), 1216 ntohl(mfccp->mfcc_mcastgrp.s_addr)); 1217 1218 s = splsoftnet(); 1219 1220 rt = mfc_find(&mfccp->mfcc_origin, &mfccp->mfcc_mcastgrp); 1221 if (rt == NULL) { 1222 splx(s); 1223 return EADDRNOTAVAIL; 1224 } 1225 1226 /* 1227 * free the bw_meter entries 1228 */ 1229 free_bw_list(rt->mfc_bw_meter); 1230 rt->mfc_bw_meter = NULL; 1231 1232 LIST_REMOVE(rt, mfc_hash); 1233 free(rt, M_MRTABLE); 1234 1235 splx(s); 1236 return 0; 1237 } 1238 1239 static int 1240 socket_send(struct socket *s, struct mbuf *mm, struct sockaddr_in *src) 1241 { 1242 if (s) { 1243 if (sbappendaddr(&s->so_rcv, sintosa(src), mm, NULL) != 0) { 1244 sorwakeup(s); 1245 return 0; 1246 } 1247 soroverflow(s); 1248 } 1249 m_freem(mm); 1250 return -1; 1251 } 1252 1253 /* 1254 * IP multicast forwarding function. This function assumes that the packet 1255 * pointed to by "ip" has arrived on (or is about to be sent to) the interface 1256 * pointed to by "ifp", and the packet is to be relayed to other networks 1257 * that have members of the packet's destination IP multicast group. 1258 * 1259 * The packet is returned unscathed to the caller, unless it is 1260 * erroneous, in which case a non-zero return value tells the caller to 1261 * discard it. 1262 */ 1263 1264 #define IP_HDR_LEN 20 /* # bytes of fixed IP header (excluding options) */ 1265 #define TUNNEL_LEN 12 /* # bytes of IP option for tunnel encapsulation */ 1266 1267 int 1268 ip_mforward(struct mbuf *m, struct ifnet *ifp) 1269 { 1270 struct ip *ip = mtod(m, struct ip *); 1271 struct mfc *rt; 1272 static int srctun = 0; 1273 struct mbuf *mm; 1274 struct sockaddr_in sin; 1275 int s; 1276 vifi_t vifi; 1277 1278 if (mrtdebug & DEBUG_FORWARD) 1279 log(LOG_DEBUG, "ip_mforward: src %x, dst %x, ifp %p\n", 1280 ntohl(ip->ip_src.s_addr), ntohl(ip->ip_dst.s_addr), ifp); 1281 1282 /* 1283 * XXX XXX: Why do we check [1] against IPOPT_LSRR? Because we 1284 * expect [0] to be IPOPT_NOP, maybe? In all cases that doesn't 1285 * make a lot of sense, a forged packet can just put two IPOPT_NOPs 1286 * followed by one IPOPT_LSRR, and bypass the check. 1287 */ 1288 if (ip->ip_hl < (IP_HDR_LEN + TUNNEL_LEN) >> 2 || 1289 ((u_char *)(ip + 1))[1] != IPOPT_LSRR) { 1290 /* 1291 * Packet arrived via a physical interface or 1292 * an encapsulated tunnel or a register_vif. 1293 */ 1294 } else { 1295 /* 1296 * Packet arrived through a source-route tunnel. 1297 * Source-route tunnels are no longer supported. 1298 */ 1299 if ((srctun++ % 1000) == 0) 1300 log(LOG_ERR, 1301 "ip_mforward: received source-routed packet from %x\n", 1302 ntohl(ip->ip_src.s_addr)); 1303 return EOPNOTSUPP; 1304 } 1305 1306 /* 1307 * Clear any in-bound checksum flags for this packet. 1308 */ 1309 m->m_pkthdr.csum_flags = 0; 1310 1311 /* 1312 * Don't forward a packet with time-to-live of zero or one, 1313 * or a packet destined to a local-only group. 1314 */ 1315 if (ip->ip_ttl <= 1 || IN_LOCAL_GROUP(ip->ip_dst.s_addr)) 1316 return 0; 1317 1318 /* 1319 * Determine forwarding vifs from the forwarding cache table 1320 */ 1321 s = splsoftnet(); 1322 ++mrtstat.mrts_mfc_lookups; 1323 rt = mfc_find(&ip->ip_src, &ip->ip_dst); 1324 1325 /* Entry exists, so forward if necessary */ 1326 if (rt != NULL) { 1327 splx(s); 1328 return ip_mdq(m, ifp, rt); 1329 } else { 1330 /* 1331 * If we don't have a route for packet's origin, make a copy 1332 * of the packet and send message to routing daemon. 1333 */ 1334 1335 struct mbuf *mb0; 1336 struct rtdetq *rte; 1337 u_int32_t hash; 1338 const int hlen = ip->ip_hl << 2; 1339 #ifdef UPCALL_TIMING 1340 struct timeval tp; 1341 microtime(&tp); 1342 #endif 1343 1344 ++mrtstat.mrts_mfc_misses; 1345 1346 mrtstat.mrts_no_route++; 1347 if (mrtdebug & (DEBUG_FORWARD | DEBUG_MFC)) 1348 log(LOG_DEBUG, "ip_mforward: no rte s %x g %x\n", 1349 ntohl(ip->ip_src.s_addr), 1350 ntohl(ip->ip_dst.s_addr)); 1351 1352 /* 1353 * Allocate mbufs early so that we don't do extra work if we are 1354 * just going to fail anyway. Make sure to pullup the header so 1355 * that other people can't step on it. 1356 */ 1357 rte = malloc(sizeof(*rte), M_MRTABLE, M_NOWAIT); 1358 if (rte == NULL) { 1359 splx(s); 1360 return ENOBUFS; 1361 } 1362 mb0 = m_copypacket(m, M_DONTWAIT); 1363 M_PULLUP(mb0, hlen); 1364 if (mb0 == NULL) { 1365 free(rte, M_MRTABLE); 1366 splx(s); 1367 return ENOBUFS; 1368 } 1369 1370 /* is there an upcall waiting for this flow? */ 1371 hash = MFCHASH(ip->ip_src, ip->ip_dst); 1372 LIST_FOREACH(rt, &mfchashtbl[hash], mfc_hash) { 1373 if (in_hosteq(ip->ip_src, rt->mfc_origin) && 1374 in_hosteq(ip->ip_dst, rt->mfc_mcastgrp) && 1375 rt->mfc_stall != NULL) 1376 break; 1377 } 1378 1379 if (rt == NULL) { 1380 int i; 1381 struct igmpmsg *im; 1382 1383 /* 1384 * Locate the vifi for the incoming interface for 1385 * this packet. 1386 * If none found, drop packet. 1387 */ 1388 for (vifi = 0; vifi < numvifs && 1389 viftable[vifi].v_ifp != ifp; vifi++) 1390 ; 1391 if (vifi >= numvifs) /* vif not found, drop packet */ 1392 goto non_fatal; 1393 1394 /* no upcall, so make a new entry */ 1395 rt = malloc(sizeof(*rt), M_MRTABLE, M_NOWAIT); 1396 if (rt == NULL) 1397 goto fail; 1398 1399 /* 1400 * Make a copy of the header to send to the user level 1401 * process 1402 */ 1403 mm = m_copym(m, 0, hlen, M_DONTWAIT); 1404 M_PULLUP(mm, hlen); 1405 if (mm == NULL) 1406 goto fail1; 1407 1408 /* 1409 * Send message to routing daemon to install 1410 * a route into the kernel table 1411 */ 1412 1413 im = mtod(mm, struct igmpmsg *); 1414 im->im_msgtype = IGMPMSG_NOCACHE; 1415 im->im_mbz = 0; 1416 im->im_vif = vifi; 1417 1418 mrtstat.mrts_upcalls++; 1419 1420 sockaddr_in_init(&sin, &ip->ip_src, 0); 1421 if (socket_send(ip_mrouter, mm, &sin) < 0) { 1422 log(LOG_WARNING, 1423 "ip_mforward: ip_mrouter socket queue full\n"); 1424 ++mrtstat.mrts_upq_sockfull; 1425 fail1: 1426 free(rt, M_MRTABLE); 1427 fail: 1428 free(rte, M_MRTABLE); 1429 m_freem(mb0); 1430 splx(s); 1431 return ENOBUFS; 1432 } 1433 1434 /* insert new entry at head of hash chain */ 1435 rt->mfc_origin = ip->ip_src; 1436 rt->mfc_mcastgrp = ip->ip_dst; 1437 rt->mfc_pkt_cnt = 0; 1438 rt->mfc_byte_cnt = 0; 1439 rt->mfc_wrong_if = 0; 1440 rt->mfc_expire = UPCALL_EXPIRE; 1441 nexpire[hash]++; 1442 for (i = 0; i < numvifs; i++) { 1443 rt->mfc_ttls[i] = 0; 1444 rt->mfc_flags[i] = 0; 1445 } 1446 rt->mfc_parent = -1; 1447 1448 /* clear the RP address */ 1449 rt->mfc_rp = zeroin_addr; 1450 1451 rt->mfc_bw_meter = NULL; 1452 1453 /* link into table */ 1454 LIST_INSERT_HEAD(&mfchashtbl[hash], rt, mfc_hash); 1455 /* Add this entry to the end of the queue */ 1456 rt->mfc_stall = rte; 1457 } else { 1458 /* determine if q has overflowed */ 1459 struct rtdetq **p; 1460 int npkts = 0; 1461 1462 /* 1463 * XXX ouch! we need to append to the list, but we 1464 * only have a pointer to the front, so we have to 1465 * scan the entire list every time. 1466 */ 1467 for (p = &rt->mfc_stall; *p != NULL; p = &(*p)->next) 1468 if (++npkts > MAX_UPQ) { 1469 mrtstat.mrts_upq_ovflw++; 1470 non_fatal: 1471 free(rte, M_MRTABLE); 1472 m_freem(mb0); 1473 splx(s); 1474 return 0; 1475 } 1476 1477 /* Add this entry to the end of the queue */ 1478 *p = rte; 1479 } 1480 1481 rte->next = NULL; 1482 rte->m = mb0; 1483 rte->ifp = ifp; 1484 #ifdef UPCALL_TIMING 1485 rte->t = tp; 1486 #endif 1487 1488 splx(s); 1489 1490 return 0; 1491 } 1492 } 1493 1494 /*ARGSUSED*/ 1495 static void 1496 expire_upcalls(void *v) 1497 { 1498 int i; 1499 1500 /* XXX NOMPSAFE still need softnet_lock */ 1501 mutex_enter(softnet_lock); 1502 KERNEL_LOCK(1, NULL); 1503 1504 for (i = 0; i < MFCTBLSIZ; i++) { 1505 struct mfc *rt, *nrt; 1506 1507 if (nexpire[i] == 0) 1508 continue; 1509 1510 for (rt = LIST_FIRST(&mfchashtbl[i]); rt; rt = nrt) { 1511 nrt = LIST_NEXT(rt, mfc_hash); 1512 1513 if (rt->mfc_expire == 0 || --rt->mfc_expire > 0) 1514 continue; 1515 nexpire[i]--; 1516 1517 /* 1518 * free the bw_meter entries 1519 */ 1520 while (rt->mfc_bw_meter != NULL) { 1521 struct bw_meter *x = rt->mfc_bw_meter; 1522 1523 rt->mfc_bw_meter = x->bm_mfc_next; 1524 kmem_intr_free(x, sizeof(*x)); 1525 } 1526 1527 ++mrtstat.mrts_cache_cleanups; 1528 if (mrtdebug & DEBUG_EXPIRE) 1529 log(LOG_DEBUG, 1530 "expire_upcalls: expiring (%x %x)\n", 1531 ntohl(rt->mfc_origin.s_addr), 1532 ntohl(rt->mfc_mcastgrp.s_addr)); 1533 1534 expire_mfc(rt); 1535 } 1536 } 1537 1538 callout_reset(&expire_upcalls_ch, EXPIRE_TIMEOUT, 1539 expire_upcalls, NULL); 1540 1541 KERNEL_UNLOCK_ONE(NULL); 1542 mutex_exit(softnet_lock); 1543 } 1544 1545 /* 1546 * Macro to send packet on vif. 1547 */ 1548 #define MC_SEND(ip, vifp, m) do { \ 1549 if ((vifp)->v_flags & VIFF_TUNNEL) \ 1550 encap_send((ip), (vifp), (m)); \ 1551 else \ 1552 phyint_send((ip), (vifp), (m)); \ 1553 } while (/*CONSTCOND*/ 0) 1554 1555 /* 1556 * Packet forwarding routine once entry in the cache is made 1557 */ 1558 static int 1559 ip_mdq(struct mbuf *m, struct ifnet *ifp, struct mfc *rt) 1560 { 1561 struct ip *ip = mtod(m, struct ip *); 1562 vifi_t vifi; 1563 struct vif *vifp; 1564 struct sockaddr_in sin; 1565 const int plen = ntohs(ip->ip_len) - (ip->ip_hl << 2); 1566 1567 /* 1568 * Don't forward if it didn't arrive from the parent vif for its origin. 1569 */ 1570 vifi = rt->mfc_parent; 1571 if ((vifi >= numvifs) || (viftable[vifi].v_ifp != ifp)) { 1572 /* came in the wrong interface */ 1573 if (mrtdebug & DEBUG_FORWARD) 1574 log(LOG_DEBUG, "wrong if: ifp %p vifi %d vififp %p\n", 1575 ifp, vifi, 1576 vifi >= numvifs ? 0 : viftable[vifi].v_ifp); 1577 ++mrtstat.mrts_wrong_if; 1578 ++rt->mfc_wrong_if; 1579 1580 /* 1581 * If we are doing PIM assert processing, send a message 1582 * to the routing daemon. 1583 * 1584 * XXX: A PIM-SM router needs the WRONGVIF detection so it 1585 * can complete the SPT switch, regardless of the type 1586 * of the iif (broadcast media, GRE tunnel, etc). 1587 */ 1588 if (pim_assert && (vifi < numvifs) && viftable[vifi].v_ifp) { 1589 struct timeval now; 1590 u_int32_t delta; 1591 1592 #ifdef PIM 1593 if (ifp == &multicast_register_if) 1594 pimstat.pims_rcv_registers_wrongiif++; 1595 #endif 1596 1597 /* Get vifi for the incoming packet */ 1598 for (vifi = 0; 1599 vifi < numvifs && viftable[vifi].v_ifp != ifp; 1600 vifi++) 1601 ; 1602 if (vifi >= numvifs) { 1603 /* The iif is not found: ignore the packet. */ 1604 return 0; 1605 } 1606 1607 if (rt->mfc_flags[vifi] & 1608 MRT_MFC_FLAGS_DISABLE_WRONGVIF) { 1609 /* WRONGVIF disabled: ignore the packet */ 1610 return 0; 1611 } 1612 1613 microtime(&now); 1614 1615 TV_DELTA(rt->mfc_last_assert, now, delta); 1616 1617 if (delta > ASSERT_MSG_TIME) { 1618 struct igmpmsg *im; 1619 const int hlen = ip->ip_hl << 2; 1620 struct mbuf *mm = 1621 m_copym(m, 0, hlen, M_DONTWAIT); 1622 1623 M_PULLUP(mm, hlen); 1624 if (mm == NULL) 1625 return ENOBUFS; 1626 1627 rt->mfc_last_assert = now; 1628 1629 im = mtod(mm, struct igmpmsg *); 1630 im->im_msgtype = IGMPMSG_WRONGVIF; 1631 im->im_mbz = 0; 1632 im->im_vif = vifi; 1633 1634 mrtstat.mrts_upcalls++; 1635 1636 sockaddr_in_init(&sin, &im->im_src, 0); 1637 if (socket_send(ip_mrouter, mm, &sin) < 0) { 1638 log(LOG_WARNING, 1639 "ip_mforward: ip_mrouter socket queue full\n"); 1640 ++mrtstat.mrts_upq_sockfull; 1641 return ENOBUFS; 1642 } 1643 } 1644 } 1645 return 0; 1646 } 1647 1648 /* If I sourced this packet, it counts as output, else it was input. */ 1649 if (in_hosteq(ip->ip_src, viftable[vifi].v_lcl_addr)) { 1650 viftable[vifi].v_pkt_out++; 1651 viftable[vifi].v_bytes_out += plen; 1652 } else { 1653 viftable[vifi].v_pkt_in++; 1654 viftable[vifi].v_bytes_in += plen; 1655 } 1656 rt->mfc_pkt_cnt++; 1657 rt->mfc_byte_cnt += plen; 1658 1659 /* 1660 * For each vif, decide if a copy of the packet should be forwarded. 1661 * Forward if: 1662 * - the ttl exceeds the vif's threshold 1663 * - there are group members downstream on interface 1664 */ 1665 for (vifp = viftable, vifi = 0; vifi < numvifs; vifp++, vifi++) { 1666 if ((rt->mfc_ttls[vifi] > 0) && 1667 (ip->ip_ttl > rt->mfc_ttls[vifi])) { 1668 vifp->v_pkt_out++; 1669 vifp->v_bytes_out += plen; 1670 #ifdef PIM 1671 if (vifp->v_flags & VIFF_REGISTER) 1672 pim_register_send(ip, vifp, m, rt); 1673 else 1674 #endif 1675 MC_SEND(ip, vifp, m); 1676 } 1677 } 1678 1679 /* 1680 * Perform upcall-related bw measuring. 1681 */ 1682 if (rt->mfc_bw_meter != NULL) { 1683 struct bw_meter *x; 1684 struct timeval now; 1685 1686 microtime(&now); 1687 for (x = rt->mfc_bw_meter; x != NULL; x = x->bm_mfc_next) 1688 bw_meter_receive_packet(x, plen, &now); 1689 } 1690 1691 return 0; 1692 } 1693 1694 static void 1695 phyint_send(struct ip *ip, struct vif *vifp, struct mbuf *m) 1696 { 1697 struct mbuf *mb_copy; 1698 const int hlen = ip->ip_hl << 2; 1699 1700 /* 1701 * Make a new reference to the packet; make sure that 1702 * the IP header is actually copied, not just referenced, 1703 * so that ip_output() only scribbles on the copy. 1704 */ 1705 mb_copy = m_copypacket(m, M_DONTWAIT); 1706 M_PULLUP(mb_copy, hlen); 1707 if (mb_copy == NULL) 1708 return; 1709 1710 if (vifp->v_rate_limit <= 0) 1711 tbf_send_packet(vifp, mb_copy); 1712 else 1713 tbf_control(vifp, mb_copy, mtod(mb_copy, struct ip *), 1714 ntohs(ip->ip_len)); 1715 } 1716 1717 static void 1718 encap_send(struct ip *ip, struct vif *vifp, struct mbuf *m) 1719 { 1720 struct mbuf *mb_copy; 1721 struct ip *ip_copy; 1722 int i, len = ntohs(ip->ip_len) + sizeof(multicast_encap_iphdr); 1723 1724 /* Take care of delayed checksums */ 1725 if (m->m_pkthdr.csum_flags & (M_CSUM_TCPv4|M_CSUM_UDPv4)) { 1726 in_delayed_cksum(m); 1727 m->m_pkthdr.csum_flags &= ~(M_CSUM_TCPv4|M_CSUM_UDPv4); 1728 } 1729 1730 /* 1731 * copy the old packet & pullup its IP header into the 1732 * new mbuf so we can modify it. Try to fill the new 1733 * mbuf since if we don't the ethernet driver will. 1734 */ 1735 MGETHDR(mb_copy, M_DONTWAIT, MT_DATA); 1736 if (mb_copy == NULL) 1737 return; 1738 mb_copy->m_data += max_linkhdr; 1739 mb_copy->m_pkthdr.len = len; 1740 mb_copy->m_len = sizeof(multicast_encap_iphdr); 1741 1742 if ((mb_copy->m_next = m_copypacket(m, M_DONTWAIT)) == NULL) { 1743 m_freem(mb_copy); 1744 return; 1745 } 1746 i = MHLEN - max_linkhdr; 1747 if (i > len) 1748 i = len; 1749 mb_copy = m_pullup(mb_copy, i); 1750 if (mb_copy == NULL) 1751 return; 1752 1753 /* 1754 * fill in the encapsulating IP header. 1755 */ 1756 ip_copy = mtod(mb_copy, struct ip *); 1757 *ip_copy = multicast_encap_iphdr; 1758 if (len < IP_MINFRAGSIZE) 1759 ip_copy->ip_id = 0; 1760 else 1761 ip_copy->ip_id = ip_newid(NULL); 1762 ip_copy->ip_len = htons(len); 1763 ip_copy->ip_src = vifp->v_lcl_addr; 1764 ip_copy->ip_dst = vifp->v_rmt_addr; 1765 1766 /* 1767 * turn the encapsulated IP header back into a valid one. 1768 */ 1769 ip = (struct ip *)((char *)ip_copy + sizeof(multicast_encap_iphdr)); 1770 --ip->ip_ttl; 1771 ip->ip_sum = 0; 1772 mb_copy->m_data += sizeof(multicast_encap_iphdr); 1773 ip->ip_sum = in_cksum(mb_copy, ip->ip_hl << 2); 1774 mb_copy->m_data -= sizeof(multicast_encap_iphdr); 1775 1776 if (vifp->v_rate_limit <= 0) 1777 tbf_send_packet(vifp, mb_copy); 1778 else 1779 tbf_control(vifp, mb_copy, ip, ntohs(ip_copy->ip_len)); 1780 } 1781 1782 /* 1783 * De-encapsulate a packet and feed it back through ip input. 1784 */ 1785 static void 1786 vif_input(struct mbuf *m, int off, int proto, void *eparg) 1787 { 1788 struct vif *vifp = eparg; 1789 1790 KASSERT(vifp != NULL); 1791 1792 if (proto != ENCAP_PROTO) { 1793 m_freem(m); 1794 mrtstat.mrts_bad_tunnel++; 1795 return; 1796 } 1797 1798 m_adj(m, off); 1799 m_set_rcvif(m, vifp->v_ifp); 1800 1801 if (__predict_false(!pktq_enqueue(ip_pktq, m, 0))) { 1802 m_freem(m); 1803 } 1804 } 1805 1806 /* 1807 * Check if the packet should be received on the vif denoted by arg. 1808 * (The encap selection code will call this once per vif since each is 1809 * registered separately.) 1810 */ 1811 static int 1812 vif_encapcheck(struct mbuf *m, int off, int proto, void *arg) 1813 { 1814 struct vif *vifp; 1815 struct ip ip; 1816 1817 #ifdef DIAGNOSTIC 1818 if (!arg || proto != IPPROTO_IPV4) 1819 panic("unexpected arg in vif_encapcheck"); 1820 #endif 1821 1822 /* 1823 * Accept the packet only if the inner heaader is multicast 1824 * and the outer header matches a tunnel-mode vif. Order 1825 * checks in the hope that common non-matching packets will be 1826 * rejected quickly. Assume that unicast IPv4 traffic in a 1827 * parallel tunnel (e.g. gif(4)) is unlikely. 1828 */ 1829 1830 /* Obtain the outer IP header and the vif pointer. */ 1831 m_copydata((struct mbuf *)m, 0, sizeof(ip), (void *)&ip); 1832 vifp = (struct vif *)arg; 1833 1834 /* 1835 * The outer source must match the vif's remote peer address. 1836 * For a multicast router with several tunnels, this is the 1837 * only check that will fail on packets in other tunnels, 1838 * assuming the local address is the same. 1839 */ 1840 if (!in_hosteq(vifp->v_rmt_addr, ip.ip_src)) 1841 return 0; 1842 1843 /* The outer destination must match the vif's local address. */ 1844 if (!in_hosteq(vifp->v_lcl_addr, ip.ip_dst)) 1845 return 0; 1846 1847 /* The vif must be of tunnel type. */ 1848 if ((vifp->v_flags & VIFF_TUNNEL) == 0) 1849 return 0; 1850 1851 /* Check that the inner destination is multicast. */ 1852 m_copydata((struct mbuf *)m, off, sizeof(ip), (void *)&ip); 1853 if (!IN_MULTICAST(ip.ip_dst.s_addr)) 1854 return 0; 1855 1856 /* 1857 * We have checked that both the outer src and dst addresses 1858 * match the vif, and that the inner destination is multicast 1859 * (224/5). By claiming more than 64, we intend to 1860 * preferentially take packets that also match a parallel 1861 * gif(4). 1862 */ 1863 return 32 + 32 + 5; 1864 } 1865 1866 /* 1867 * Token bucket filter module 1868 */ 1869 static void 1870 tbf_control(struct vif *vifp, struct mbuf *m, struct ip *ip, u_int32_t len) 1871 { 1872 1873 if (len > MAX_BKT_SIZE) { 1874 /* drop if packet is too large */ 1875 mrtstat.mrts_pkt2large++; 1876 m_freem(m); 1877 return; 1878 } 1879 1880 tbf_update_tokens(vifp); 1881 1882 /* 1883 * If there are enough tokens, and the queue is empty, send this packet 1884 * out immediately. Otherwise, try to insert it on this vif's queue. 1885 */ 1886 if (vifp->tbf_q_len == 0) { 1887 if (len <= vifp->tbf_n_tok) { 1888 vifp->tbf_n_tok -= len; 1889 tbf_send_packet(vifp, m); 1890 } else { 1891 /* queue packet and timeout till later */ 1892 tbf_queue(vifp, m); 1893 callout_reset(&vifp->v_repq_ch, TBF_REPROCESS, 1894 tbf_reprocess_q, vifp); 1895 } 1896 } else { 1897 if (vifp->tbf_q_len >= vifp->tbf_max_q_len && 1898 !tbf_dq_sel(vifp, ip)) { 1899 /* queue full, and couldn't make room */ 1900 mrtstat.mrts_q_overflow++; 1901 m_freem(m); 1902 } else { 1903 /* queue length low enough, or made room */ 1904 tbf_queue(vifp, m); 1905 tbf_process_q(vifp); 1906 } 1907 } 1908 } 1909 1910 /* 1911 * adds a packet to the queue at the interface 1912 */ 1913 static void 1914 tbf_queue(struct vif *vifp, struct mbuf *m) 1915 { 1916 int s = splsoftnet(); 1917 1918 /* insert at tail */ 1919 *vifp->tbf_t = m; 1920 vifp->tbf_t = &m->m_nextpkt; 1921 vifp->tbf_q_len++; 1922 1923 splx(s); 1924 } 1925 1926 /* 1927 * processes the queue at the interface 1928 */ 1929 static void 1930 tbf_process_q(struct vif *vifp) 1931 { 1932 struct mbuf *m; 1933 int len; 1934 int s = splsoftnet(); 1935 1936 /* 1937 * Loop through the queue at the interface and send as many packets 1938 * as possible. 1939 */ 1940 for (m = vifp->tbf_q; m != NULL; m = vifp->tbf_q) { 1941 len = ntohs(mtod(m, struct ip *)->ip_len); 1942 1943 /* determine if the packet can be sent */ 1944 if (len <= vifp->tbf_n_tok) { 1945 /* if so, 1946 * reduce no of tokens, dequeue the packet, 1947 * send the packet. 1948 */ 1949 if ((vifp->tbf_q = m->m_nextpkt) == NULL) 1950 vifp->tbf_t = &vifp->tbf_q; 1951 --vifp->tbf_q_len; 1952 1953 m->m_nextpkt = NULL; 1954 vifp->tbf_n_tok -= len; 1955 tbf_send_packet(vifp, m); 1956 } else 1957 break; 1958 } 1959 splx(s); 1960 } 1961 1962 static void 1963 tbf_reprocess_q(void *arg) 1964 { 1965 struct vif *vifp = arg; 1966 1967 if (ip_mrouter == NULL) 1968 return; 1969 1970 tbf_update_tokens(vifp); 1971 tbf_process_q(vifp); 1972 1973 if (vifp->tbf_q_len != 0) 1974 callout_reset(&vifp->v_repq_ch, TBF_REPROCESS, 1975 tbf_reprocess_q, vifp); 1976 } 1977 1978 /* function that will selectively discard a member of the queue 1979 * based on the precedence value and the priority 1980 */ 1981 static int 1982 tbf_dq_sel(struct vif *vifp, struct ip *ip) 1983 { 1984 u_int p; 1985 struct mbuf **mp, *m; 1986 int s = splsoftnet(); 1987 1988 p = priority(vifp, ip); 1989 1990 for (mp = &vifp->tbf_q, m = *mp; 1991 m != NULL; 1992 mp = &m->m_nextpkt, m = *mp) { 1993 if (p > priority(vifp, mtod(m, struct ip *))) { 1994 if ((*mp = m->m_nextpkt) == NULL) 1995 vifp->tbf_t = mp; 1996 --vifp->tbf_q_len; 1997 1998 m_freem(m); 1999 mrtstat.mrts_drop_sel++; 2000 splx(s); 2001 return 1; 2002 } 2003 } 2004 splx(s); 2005 return 0; 2006 } 2007 2008 static void 2009 tbf_send_packet(struct vif *vifp, struct mbuf *m) 2010 { 2011 int error; 2012 int s = splsoftnet(); 2013 2014 if (vifp->v_flags & VIFF_TUNNEL) { 2015 /* If tunnel options */ 2016 ip_output(m, NULL, &vifp->v_route, IP_FORWARDING, NULL, NULL); 2017 } else { 2018 /* if physical interface option, extract the options and then send */ 2019 struct ip_moptions imo; 2020 2021 imo.imo_multicast_if_index = if_get_index(vifp->v_ifp); 2022 imo.imo_multicast_ttl = mtod(m, struct ip *)->ip_ttl - 1; 2023 imo.imo_multicast_loop = 1; 2024 2025 error = ip_output(m, NULL, NULL, IP_FORWARDING|IP_MULTICASTOPTS, 2026 &imo, NULL); 2027 2028 if (mrtdebug & DEBUG_XMIT) 2029 log(LOG_DEBUG, "phyint_send on vif %ld err %d\n", 2030 (long)(vifp - viftable), error); 2031 } 2032 splx(s); 2033 } 2034 2035 /* determine the current time and then 2036 * the elapsed time (between the last time and time now) 2037 * in milliseconds & update the no. of tokens in the bucket 2038 */ 2039 static void 2040 tbf_update_tokens(struct vif *vifp) 2041 { 2042 struct timeval tp; 2043 u_int32_t tm; 2044 int s = splsoftnet(); 2045 2046 microtime(&tp); 2047 2048 TV_DELTA(tp, vifp->tbf_last_pkt_t, tm); 2049 2050 /* 2051 * This formula is actually 2052 * "time in seconds" * "bytes/second". 2053 * 2054 * (tm / 1000000) * (v_rate_limit * 1000 * (1000/1024) / 8) 2055 * 2056 * The (1000/1024) was introduced in add_vif to optimize 2057 * this divide into a shift. 2058 */ 2059 vifp->tbf_n_tok += tm * vifp->v_rate_limit / 8192; 2060 vifp->tbf_last_pkt_t = tp; 2061 2062 if (vifp->tbf_n_tok > MAX_BKT_SIZE) 2063 vifp->tbf_n_tok = MAX_BKT_SIZE; 2064 2065 splx(s); 2066 } 2067 2068 static int 2069 priority(struct vif *vifp, struct ip *ip) 2070 { 2071 int prio = 50; /* the lowest priority -- default case */ 2072 2073 /* temporary hack; may add general packet classifier some day */ 2074 2075 /* 2076 * XXX XXX: We're reading the UDP header, but we didn't ensure 2077 * it was present in the packet. 2078 */ 2079 2080 /* 2081 * The UDP port space is divided up into four priority ranges: 2082 * [0, 16384) : unclassified - lowest priority 2083 * [16384, 32768) : audio - highest priority 2084 * [32768, 49152) : whiteboard - medium priority 2085 * [49152, 65536) : video - low priority 2086 */ 2087 if (ip->ip_p == IPPROTO_UDP) { 2088 struct udphdr *udp = (struct udphdr *)(((char *)ip) + (ip->ip_hl << 2)); 2089 2090 switch (ntohs(udp->uh_dport) & 0xc000) { 2091 case 0x4000: 2092 prio = 70; 2093 break; 2094 case 0x8000: 2095 prio = 60; 2096 break; 2097 case 0xc000: 2098 prio = 55; 2099 break; 2100 } 2101 2102 if (tbfdebug > 1) 2103 log(LOG_DEBUG, "port %x prio %d\n", 2104 ntohs(udp->uh_dport), prio); 2105 } 2106 2107 return prio; 2108 } 2109 2110 /* 2111 * Code for bandwidth monitors 2112 */ 2113 2114 /* 2115 * Define common interface for timeval-related methods 2116 */ 2117 #define BW_TIMEVALCMP(tvp, uvp, cmp) timercmp((tvp), (uvp), cmp) 2118 #define BW_TIMEVALDECR(vvp, uvp) timersub((vvp), (uvp), (vvp)) 2119 #define BW_TIMEVALADD(vvp, uvp) timeradd((vvp), (uvp), (vvp)) 2120 2121 static uint32_t 2122 compute_bw_meter_flags(struct bw_upcall *req) 2123 { 2124 uint32_t flags = 0; 2125 2126 if (req->bu_flags & BW_UPCALL_UNIT_PACKETS) 2127 flags |= BW_METER_UNIT_PACKETS; 2128 if (req->bu_flags & BW_UPCALL_UNIT_BYTES) 2129 flags |= BW_METER_UNIT_BYTES; 2130 if (req->bu_flags & BW_UPCALL_GEQ) 2131 flags |= BW_METER_GEQ; 2132 if (req->bu_flags & BW_UPCALL_LEQ) 2133 flags |= BW_METER_LEQ; 2134 2135 return flags; 2136 } 2137 2138 /* 2139 * Add a bw_meter entry 2140 */ 2141 static int 2142 add_bw_upcall(struct bw_upcall *req) 2143 { 2144 int s; 2145 struct mfc *mfc; 2146 struct timeval delta = { BW_UPCALL_THRESHOLD_INTERVAL_MIN_SEC, 2147 BW_UPCALL_THRESHOLD_INTERVAL_MIN_USEC }; 2148 struct timeval now; 2149 struct bw_meter *x; 2150 uint32_t flags; 2151 2152 if (!(mrt_api_config & MRT_MFC_BW_UPCALL)) 2153 return EOPNOTSUPP; 2154 2155 /* Test if the flags are valid */ 2156 if (!(req->bu_flags & (BW_UPCALL_UNIT_PACKETS | BW_UPCALL_UNIT_BYTES))) 2157 return EINVAL; 2158 if (!(req->bu_flags & (BW_UPCALL_GEQ | BW_UPCALL_LEQ))) 2159 return EINVAL; 2160 if ((req->bu_flags & (BW_UPCALL_GEQ | BW_UPCALL_LEQ)) 2161 == (BW_UPCALL_GEQ | BW_UPCALL_LEQ)) 2162 return EINVAL; 2163 2164 /* Test if the threshold time interval is valid */ 2165 if (BW_TIMEVALCMP(&req->bu_threshold.b_time, &delta, <)) 2166 return EINVAL; 2167 2168 flags = compute_bw_meter_flags(req); 2169 2170 /* 2171 * Find if we have already same bw_meter entry 2172 */ 2173 s = splsoftnet(); 2174 mfc = mfc_find(&req->bu_src, &req->bu_dst); 2175 if (mfc == NULL) { 2176 splx(s); 2177 return EADDRNOTAVAIL; 2178 } 2179 for (x = mfc->mfc_bw_meter; x != NULL; x = x->bm_mfc_next) { 2180 if ((BW_TIMEVALCMP(&x->bm_threshold.b_time, 2181 &req->bu_threshold.b_time, ==)) && 2182 (x->bm_threshold.b_packets == req->bu_threshold.b_packets) && 2183 (x->bm_threshold.b_bytes == req->bu_threshold.b_bytes) && 2184 (x->bm_flags & BW_METER_USER_FLAGS) == flags) { 2185 splx(s); 2186 return 0; /* XXX Already installed */ 2187 } 2188 } 2189 2190 /* Allocate the new bw_meter entry */ 2191 x = kmem_intr_alloc(sizeof(*x), KM_NOSLEEP); 2192 if (x == NULL) { 2193 splx(s); 2194 return ENOBUFS; 2195 } 2196 2197 /* Set the new bw_meter entry */ 2198 x->bm_threshold.b_time = req->bu_threshold.b_time; 2199 microtime(&now); 2200 x->bm_start_time = now; 2201 x->bm_threshold.b_packets = req->bu_threshold.b_packets; 2202 x->bm_threshold.b_bytes = req->bu_threshold.b_bytes; 2203 x->bm_measured.b_packets = 0; 2204 x->bm_measured.b_bytes = 0; 2205 x->bm_flags = flags; 2206 x->bm_time_next = NULL; 2207 x->bm_time_hash = BW_METER_BUCKETS; 2208 2209 /* Add the new bw_meter entry to the front of entries for this MFC */ 2210 x->bm_mfc = mfc; 2211 x->bm_mfc_next = mfc->mfc_bw_meter; 2212 mfc->mfc_bw_meter = x; 2213 schedule_bw_meter(x, &now); 2214 splx(s); 2215 2216 return 0; 2217 } 2218 2219 static void 2220 free_bw_list(struct bw_meter *list) 2221 { 2222 while (list != NULL) { 2223 struct bw_meter *x = list; 2224 2225 list = list->bm_mfc_next; 2226 unschedule_bw_meter(x); 2227 kmem_intr_free(x, sizeof(*x)); 2228 } 2229 } 2230 2231 /* 2232 * Delete one or multiple bw_meter entries 2233 */ 2234 static int 2235 del_bw_upcall(struct bw_upcall *req) 2236 { 2237 int s; 2238 struct mfc *mfc; 2239 struct bw_meter *x; 2240 2241 if (!(mrt_api_config & MRT_MFC_BW_UPCALL)) 2242 return EOPNOTSUPP; 2243 2244 s = splsoftnet(); 2245 /* Find the corresponding MFC entry */ 2246 mfc = mfc_find(&req->bu_src, &req->bu_dst); 2247 if (mfc == NULL) { 2248 splx(s); 2249 return EADDRNOTAVAIL; 2250 } else if (req->bu_flags & BW_UPCALL_DELETE_ALL) { 2251 /* 2252 * Delete all bw_meter entries for this mfc 2253 */ 2254 struct bw_meter *list; 2255 2256 list = mfc->mfc_bw_meter; 2257 mfc->mfc_bw_meter = NULL; 2258 free_bw_list(list); 2259 splx(s); 2260 return 0; 2261 } else { /* Delete a single bw_meter entry */ 2262 struct bw_meter *prev; 2263 uint32_t flags = 0; 2264 2265 flags = compute_bw_meter_flags(req); 2266 2267 /* Find the bw_meter entry to delete */ 2268 for (prev = NULL, x = mfc->mfc_bw_meter; x != NULL; 2269 prev = x, x = x->bm_mfc_next) { 2270 if ((BW_TIMEVALCMP(&x->bm_threshold.b_time, 2271 &req->bu_threshold.b_time, ==)) && 2272 (x->bm_threshold.b_packets == req->bu_threshold.b_packets) && 2273 (x->bm_threshold.b_bytes == req->bu_threshold.b_bytes) && 2274 (x->bm_flags & BW_METER_USER_FLAGS) == flags) 2275 break; 2276 } 2277 if (x != NULL) { /* Delete entry from the list for this MFC */ 2278 if (prev != NULL) 2279 prev->bm_mfc_next = x->bm_mfc_next; /* remove from middle*/ 2280 else 2281 x->bm_mfc->mfc_bw_meter = x->bm_mfc_next;/* new head of list */ 2282 2283 unschedule_bw_meter(x); 2284 splx(s); 2285 /* Free the bw_meter entry */ 2286 kmem_intr_free(x, sizeof(*x)); 2287 return 0; 2288 } else { 2289 splx(s); 2290 return EINVAL; 2291 } 2292 } 2293 /* NOTREACHED */ 2294 } 2295 2296 /* 2297 * Perform bandwidth measurement processing that may result in an upcall 2298 */ 2299 static void 2300 bw_meter_receive_packet(struct bw_meter *x, int plen, struct timeval *nowp) 2301 { 2302 struct timeval delta; 2303 2304 delta = *nowp; 2305 BW_TIMEVALDECR(&delta, &x->bm_start_time); 2306 2307 if (x->bm_flags & BW_METER_GEQ) { 2308 /* 2309 * Processing for ">=" type of bw_meter entry 2310 */ 2311 if (BW_TIMEVALCMP(&delta, &x->bm_threshold.b_time, >)) { 2312 /* Reset the bw_meter entry */ 2313 x->bm_start_time = *nowp; 2314 x->bm_measured.b_packets = 0; 2315 x->bm_measured.b_bytes = 0; 2316 x->bm_flags &= ~BW_METER_UPCALL_DELIVERED; 2317 } 2318 2319 /* Record that a packet is received */ 2320 x->bm_measured.b_packets++; 2321 x->bm_measured.b_bytes += plen; 2322 2323 /* 2324 * Test if we should deliver an upcall 2325 */ 2326 if (!(x->bm_flags & BW_METER_UPCALL_DELIVERED)) { 2327 if (((x->bm_flags & BW_METER_UNIT_PACKETS) && 2328 (x->bm_measured.b_packets >= x->bm_threshold.b_packets)) || 2329 ((x->bm_flags & BW_METER_UNIT_BYTES) && 2330 (x->bm_measured.b_bytes >= x->bm_threshold.b_bytes))) { 2331 /* Prepare an upcall for delivery */ 2332 bw_meter_prepare_upcall(x, nowp); 2333 x->bm_flags |= BW_METER_UPCALL_DELIVERED; 2334 } 2335 } 2336 } else if (x->bm_flags & BW_METER_LEQ) { 2337 /* 2338 * Processing for "<=" type of bw_meter entry 2339 */ 2340 if (BW_TIMEVALCMP(&delta, &x->bm_threshold.b_time, >)) { 2341 /* 2342 * We are behind time with the multicast forwarding table 2343 * scanning for "<=" type of bw_meter entries, so test now 2344 * if we should deliver an upcall. 2345 */ 2346 if (((x->bm_flags & BW_METER_UNIT_PACKETS) && 2347 (x->bm_measured.b_packets <= x->bm_threshold.b_packets)) || 2348 ((x->bm_flags & BW_METER_UNIT_BYTES) && 2349 (x->bm_measured.b_bytes <= x->bm_threshold.b_bytes))) { 2350 /* Prepare an upcall for delivery */ 2351 bw_meter_prepare_upcall(x, nowp); 2352 } 2353 /* Reschedule the bw_meter entry */ 2354 unschedule_bw_meter(x); 2355 schedule_bw_meter(x, nowp); 2356 } 2357 2358 /* Record that a packet is received */ 2359 x->bm_measured.b_packets++; 2360 x->bm_measured.b_bytes += plen; 2361 2362 /* 2363 * Test if we should restart the measuring interval 2364 */ 2365 if ((x->bm_flags & BW_METER_UNIT_PACKETS && 2366 x->bm_measured.b_packets <= x->bm_threshold.b_packets) || 2367 (x->bm_flags & BW_METER_UNIT_BYTES && 2368 x->bm_measured.b_bytes <= x->bm_threshold.b_bytes)) { 2369 /* Don't restart the measuring interval */ 2370 } else { 2371 /* Do restart the measuring interval */ 2372 /* 2373 * XXX: note that we don't unschedule and schedule, because this 2374 * might be too much overhead per packet. Instead, when we process 2375 * all entries for a given timer hash bin, we check whether it is 2376 * really a timeout. If not, we reschedule at that time. 2377 */ 2378 x->bm_start_time = *nowp; 2379 x->bm_measured.b_packets = 0; 2380 x->bm_measured.b_bytes = 0; 2381 x->bm_flags &= ~BW_METER_UPCALL_DELIVERED; 2382 } 2383 } 2384 } 2385 2386 /* 2387 * Prepare a bandwidth-related upcall 2388 */ 2389 static void 2390 bw_meter_prepare_upcall(struct bw_meter *x, struct timeval *nowp) 2391 { 2392 struct timeval delta; 2393 struct bw_upcall *u; 2394 2395 /* 2396 * Compute the measured time interval 2397 */ 2398 delta = *nowp; 2399 BW_TIMEVALDECR(&delta, &x->bm_start_time); 2400 2401 /* 2402 * If there are too many pending upcalls, deliver them now 2403 */ 2404 if (bw_upcalls_n >= BW_UPCALLS_MAX) 2405 bw_upcalls_send(); 2406 2407 /* 2408 * Set the bw_upcall entry 2409 */ 2410 u = &bw_upcalls[bw_upcalls_n++]; 2411 u->bu_src = x->bm_mfc->mfc_origin; 2412 u->bu_dst = x->bm_mfc->mfc_mcastgrp; 2413 u->bu_threshold.b_time = x->bm_threshold.b_time; 2414 u->bu_threshold.b_packets = x->bm_threshold.b_packets; 2415 u->bu_threshold.b_bytes = x->bm_threshold.b_bytes; 2416 u->bu_measured.b_time = delta; 2417 u->bu_measured.b_packets = x->bm_measured.b_packets; 2418 u->bu_measured.b_bytes = x->bm_measured.b_bytes; 2419 u->bu_flags = 0; 2420 if (x->bm_flags & BW_METER_UNIT_PACKETS) 2421 u->bu_flags |= BW_UPCALL_UNIT_PACKETS; 2422 if (x->bm_flags & BW_METER_UNIT_BYTES) 2423 u->bu_flags |= BW_UPCALL_UNIT_BYTES; 2424 if (x->bm_flags & BW_METER_GEQ) 2425 u->bu_flags |= BW_UPCALL_GEQ; 2426 if (x->bm_flags & BW_METER_LEQ) 2427 u->bu_flags |= BW_UPCALL_LEQ; 2428 } 2429 2430 /* 2431 * Send the pending bandwidth-related upcalls 2432 */ 2433 static void 2434 bw_upcalls_send(void) 2435 { 2436 struct mbuf *m; 2437 int len = bw_upcalls_n * sizeof(bw_upcalls[0]); 2438 struct sockaddr_in k_igmpsrc = { 2439 .sin_len = sizeof(k_igmpsrc), 2440 .sin_family = AF_INET, 2441 }; 2442 static struct igmpmsg igmpmsg = { 2443 0, /* unused1 */ 2444 0, /* unused2 */ 2445 IGMPMSG_BW_UPCALL,/* im_msgtype */ 2446 0, /* im_mbz */ 2447 0, /* im_vif */ 2448 0, /* unused3 */ 2449 { 0 }, /* im_src */ 2450 { 0 } /* im_dst */ 2451 }; 2452 2453 if (bw_upcalls_n == 0) 2454 return; /* No pending upcalls */ 2455 2456 bw_upcalls_n = 0; 2457 2458 /* 2459 * Allocate a new mbuf, initialize it with the header and 2460 * the payload for the pending calls. 2461 */ 2462 MGETHDR(m, M_DONTWAIT, MT_HEADER); 2463 if (m == NULL) { 2464 log(LOG_WARNING, "bw_upcalls_send: cannot allocate mbuf\n"); 2465 return; 2466 } 2467 2468 m->m_len = m->m_pkthdr.len = 0; 2469 m_copyback(m, 0, sizeof(struct igmpmsg), (void *)&igmpmsg); 2470 m_copyback(m, sizeof(struct igmpmsg), len, (void *)&bw_upcalls[0]); 2471 2472 /* 2473 * Send the upcalls 2474 * XXX do we need to set the address in k_igmpsrc ? 2475 */ 2476 mrtstat.mrts_upcalls++; 2477 if (socket_send(ip_mrouter, m, &k_igmpsrc) < 0) { 2478 log(LOG_WARNING, "bw_upcalls_send: ip_mrouter socket queue full\n"); 2479 ++mrtstat.mrts_upq_sockfull; 2480 } 2481 } 2482 2483 /* 2484 * Compute the timeout hash value for the bw_meter entries 2485 */ 2486 #define BW_METER_TIMEHASH(bw_meter, hash) \ 2487 do { \ 2488 struct timeval next_timeval = (bw_meter)->bm_start_time; \ 2489 BW_TIMEVALADD(&next_timeval, &(bw_meter)->bm_threshold.b_time); \ 2490 (hash) = next_timeval.tv_sec; \ 2491 if (next_timeval.tv_usec) \ 2492 (hash)++; /* XXX: make sure we don't timeout early */ \ 2493 (hash) %= BW_METER_BUCKETS; \ 2494 } while (/*CONSTCOND*/ 0) 2495 2496 /* 2497 * Schedule a timer to process periodically bw_meter entry of type "<=" 2498 * by linking the entry in the proper hash bucket. 2499 */ 2500 static void 2501 schedule_bw_meter(struct bw_meter *x, struct timeval *nowp) 2502 { 2503 int time_hash; 2504 2505 if (!(x->bm_flags & BW_METER_LEQ)) 2506 return; /* XXX: we schedule timers only for "<=" entries */ 2507 2508 /* 2509 * Reset the bw_meter entry 2510 */ 2511 x->bm_start_time = *nowp; 2512 x->bm_measured.b_packets = 0; 2513 x->bm_measured.b_bytes = 0; 2514 x->bm_flags &= ~BW_METER_UPCALL_DELIVERED; 2515 2516 /* 2517 * Compute the timeout hash value and insert the entry 2518 */ 2519 BW_METER_TIMEHASH(x, time_hash); 2520 x->bm_time_next = bw_meter_timers[time_hash]; 2521 bw_meter_timers[time_hash] = x; 2522 x->bm_time_hash = time_hash; 2523 } 2524 2525 /* 2526 * Unschedule the periodic timer that processes bw_meter entry of type "<=" 2527 * by removing the entry from the proper hash bucket. 2528 */ 2529 static void 2530 unschedule_bw_meter(struct bw_meter *x) 2531 { 2532 int time_hash; 2533 struct bw_meter *prev, *tmp; 2534 2535 if (!(x->bm_flags & BW_METER_LEQ)) 2536 return; /* XXX: we schedule timers only for "<=" entries */ 2537 2538 /* 2539 * Compute the timeout hash value and delete the entry 2540 */ 2541 time_hash = x->bm_time_hash; 2542 if (time_hash >= BW_METER_BUCKETS) 2543 return; /* Entry was not scheduled */ 2544 2545 for (prev = NULL, tmp = bw_meter_timers[time_hash]; 2546 tmp != NULL; prev = tmp, tmp = tmp->bm_time_next) 2547 if (tmp == x) 2548 break; 2549 2550 if (tmp == NULL) 2551 panic("unschedule_bw_meter: bw_meter entry not found"); 2552 2553 if (prev != NULL) 2554 prev->bm_time_next = x->bm_time_next; 2555 else 2556 bw_meter_timers[time_hash] = x->bm_time_next; 2557 2558 x->bm_time_next = NULL; 2559 x->bm_time_hash = BW_METER_BUCKETS; 2560 } 2561 2562 /* 2563 * Process all "<=" type of bw_meter that should be processed now, 2564 * and for each entry prepare an upcall if necessary. Each processed 2565 * entry is rescheduled again for the (periodic) processing. 2566 * 2567 * This is run periodically (once per second normally). On each round, 2568 * all the potentially matching entries are in the hash slot that we are 2569 * looking at. 2570 */ 2571 static void 2572 bw_meter_process(void) 2573 { 2574 int s; 2575 static uint32_t last_tv_sec; /* last time we processed this */ 2576 2577 uint32_t loops; 2578 int i; 2579 struct timeval now, process_endtime; 2580 2581 microtime(&now); 2582 if (last_tv_sec == now.tv_sec) 2583 return; /* nothing to do */ 2584 2585 loops = now.tv_sec - last_tv_sec; 2586 last_tv_sec = now.tv_sec; 2587 if (loops > BW_METER_BUCKETS) 2588 loops = BW_METER_BUCKETS; 2589 2590 s = splsoftnet(); 2591 /* 2592 * Process all bins of bw_meter entries from the one after the last 2593 * processed to the current one. On entry, i points to the last bucket 2594 * visited, so we need to increment i at the beginning of the loop. 2595 */ 2596 for (i = (now.tv_sec - loops) % BW_METER_BUCKETS; loops > 0; loops--) { 2597 struct bw_meter *x, *tmp_list; 2598 2599 if (++i >= BW_METER_BUCKETS) 2600 i = 0; 2601 2602 /* Disconnect the list of bw_meter entries from the bin */ 2603 tmp_list = bw_meter_timers[i]; 2604 bw_meter_timers[i] = NULL; 2605 2606 /* Process the list of bw_meter entries */ 2607 while (tmp_list != NULL) { 2608 x = tmp_list; 2609 tmp_list = tmp_list->bm_time_next; 2610 2611 /* Test if the time interval is over */ 2612 process_endtime = x->bm_start_time; 2613 BW_TIMEVALADD(&process_endtime, &x->bm_threshold.b_time); 2614 if (BW_TIMEVALCMP(&process_endtime, &now, >)) { 2615 /* Not yet: reschedule, but don't reset */ 2616 int time_hash; 2617 2618 BW_METER_TIMEHASH(x, time_hash); 2619 if (time_hash == i && process_endtime.tv_sec == now.tv_sec) { 2620 /* 2621 * XXX: somehow the bin processing is a bit ahead of time. 2622 * Put the entry in the next bin. 2623 */ 2624 if (++time_hash >= BW_METER_BUCKETS) 2625 time_hash = 0; 2626 } 2627 x->bm_time_next = bw_meter_timers[time_hash]; 2628 bw_meter_timers[time_hash] = x; 2629 x->bm_time_hash = time_hash; 2630 2631 continue; 2632 } 2633 2634 /* 2635 * Test if we should deliver an upcall 2636 */ 2637 if (((x->bm_flags & BW_METER_UNIT_PACKETS) && 2638 (x->bm_measured.b_packets <= x->bm_threshold.b_packets)) || 2639 ((x->bm_flags & BW_METER_UNIT_BYTES) && 2640 (x->bm_measured.b_bytes <= x->bm_threshold.b_bytes))) { 2641 /* Prepare an upcall for delivery */ 2642 bw_meter_prepare_upcall(x, &now); 2643 } 2644 2645 /* 2646 * Reschedule for next processing 2647 */ 2648 schedule_bw_meter(x, &now); 2649 } 2650 } 2651 2652 /* Send all upcalls that are pending delivery */ 2653 bw_upcalls_send(); 2654 2655 splx(s); 2656 } 2657 2658 /* 2659 * A periodic function for sending all upcalls that are pending delivery 2660 */ 2661 static void 2662 expire_bw_upcalls_send(void *unused) 2663 { 2664 int s; 2665 2666 s = splsoftnet(); 2667 bw_upcalls_send(); 2668 splx(s); 2669 2670 callout_reset(&bw_upcalls_ch, BW_UPCALLS_PERIOD, 2671 expire_bw_upcalls_send, NULL); 2672 } 2673 2674 /* 2675 * A periodic function for periodic scanning of the multicast forwarding 2676 * table for processing all "<=" bw_meter entries. 2677 */ 2678 static void 2679 expire_bw_meter_process(void *unused) 2680 { 2681 if (mrt_api_config & MRT_MFC_BW_UPCALL) 2682 bw_meter_process(); 2683 2684 callout_reset(&bw_meter_ch, BW_METER_PERIOD, 2685 expire_bw_meter_process, NULL); 2686 } 2687 2688 /* 2689 * End of bandwidth monitoring code 2690 */ 2691 2692 #ifdef PIM 2693 /* 2694 * Send the packet up to the user daemon, or eventually do kernel encapsulation 2695 */ 2696 static int 2697 pim_register_send(struct ip *ip, struct vif *vifp, struct mbuf *m, 2698 struct mfc *rt) 2699 { 2700 struct mbuf *mb_copy, *mm; 2701 2702 if (mrtdebug & DEBUG_PIM) 2703 log(LOG_DEBUG, "pim_register_send: \n"); 2704 2705 mb_copy = pim_register_prepare(ip, m); 2706 if (mb_copy == NULL) 2707 return ENOBUFS; 2708 2709 /* 2710 * Send all the fragments. Note that the mbuf for each fragment 2711 * is freed by the sending machinery. 2712 */ 2713 for (mm = mb_copy; mm; mm = mb_copy) { 2714 mb_copy = mm->m_nextpkt; 2715 mm->m_nextpkt = NULL; 2716 mm = m_pullup(mm, sizeof(struct ip)); 2717 if (mm != NULL) { 2718 ip = mtod(mm, struct ip *); 2719 if ((mrt_api_config & MRT_MFC_RP) && 2720 !in_nullhost(rt->mfc_rp)) { 2721 pim_register_send_rp(ip, vifp, mm, rt); 2722 } else { 2723 pim_register_send_upcall(ip, vifp, mm, rt); 2724 } 2725 } 2726 } 2727 2728 return 0; 2729 } 2730 2731 /* 2732 * Return a copy of the data packet that is ready for PIM Register 2733 * encapsulation. 2734 * XXX: Note that in the returned copy the IP header is a valid one. 2735 */ 2736 static struct mbuf * 2737 pim_register_prepare(struct ip *ip, struct mbuf *m) 2738 { 2739 struct mbuf *mb_copy = NULL; 2740 int mtu; 2741 2742 /* Take care of delayed checksums */ 2743 if (m->m_pkthdr.csum_flags & (M_CSUM_TCPv4|M_CSUM_UDPv4)) { 2744 in_delayed_cksum(m); 2745 m->m_pkthdr.csum_flags &= ~(M_CSUM_TCPv4|M_CSUM_UDPv4); 2746 } 2747 2748 /* 2749 * Copy the old packet & pullup its IP header into the 2750 * new mbuf so we can modify it. 2751 */ 2752 mb_copy = m_copypacket(m, M_DONTWAIT); 2753 if (mb_copy == NULL) 2754 return NULL; 2755 mb_copy = m_pullup(mb_copy, ip->ip_hl << 2); 2756 if (mb_copy == NULL) 2757 return NULL; 2758 2759 /* take care of the TTL */ 2760 ip = mtod(mb_copy, struct ip *); 2761 --ip->ip_ttl; 2762 2763 /* Compute the MTU after the PIM Register encapsulation */ 2764 mtu = 0xffff - sizeof(pim_encap_iphdr) - sizeof(pim_encap_pimhdr); 2765 2766 if (ntohs(ip->ip_len) <= mtu) { 2767 /* Turn the IP header into a valid one */ 2768 ip->ip_sum = 0; 2769 ip->ip_sum = in_cksum(mb_copy, ip->ip_hl << 2); 2770 } else { 2771 /* Fragment the packet */ 2772 if (ip_fragment(mb_copy, NULL, mtu) != 0) { 2773 /* XXX: mb_copy was freed by ip_fragment() */ 2774 return NULL; 2775 } 2776 } 2777 return mb_copy; 2778 } 2779 2780 /* 2781 * Send an upcall with the data packet to the user-level process. 2782 */ 2783 static int 2784 pim_register_send_upcall(struct ip *ip, struct vif *vifp, 2785 struct mbuf *mb_copy, struct mfc *rt) 2786 { 2787 struct mbuf *mb_first; 2788 int len = ntohs(ip->ip_len); 2789 struct igmpmsg *im; 2790 struct sockaddr_in k_igmpsrc = { 2791 .sin_len = sizeof(k_igmpsrc), 2792 .sin_family = AF_INET, 2793 }; 2794 2795 /* 2796 * Add a new mbuf with an upcall header 2797 */ 2798 MGETHDR(mb_first, M_DONTWAIT, MT_HEADER); 2799 if (mb_first == NULL) { 2800 m_freem(mb_copy); 2801 return ENOBUFS; 2802 } 2803 mb_first->m_data += max_linkhdr; 2804 mb_first->m_pkthdr.len = len + sizeof(struct igmpmsg); 2805 mb_first->m_len = sizeof(struct igmpmsg); 2806 mb_first->m_next = mb_copy; 2807 2808 /* Send message to routing daemon */ 2809 im = mtod(mb_first, struct igmpmsg *); 2810 im->im_msgtype = IGMPMSG_WHOLEPKT; 2811 im->im_mbz = 0; 2812 im->im_vif = vifp - viftable; 2813 im->im_src = ip->ip_src; 2814 im->im_dst = ip->ip_dst; 2815 2816 k_igmpsrc.sin_addr = ip->ip_src; 2817 2818 mrtstat.mrts_upcalls++; 2819 2820 if (socket_send(ip_mrouter, mb_first, &k_igmpsrc) < 0) { 2821 if (mrtdebug & DEBUG_PIM) 2822 log(LOG_WARNING, 2823 "mcast: pim_register_send_upcall: ip_mrouter socket queue full\n"); 2824 ++mrtstat.mrts_upq_sockfull; 2825 return ENOBUFS; 2826 } 2827 2828 /* Keep statistics */ 2829 pimstat.pims_snd_registers_msgs++; 2830 pimstat.pims_snd_registers_bytes += len; 2831 2832 return 0; 2833 } 2834 2835 /* 2836 * Encapsulate the data packet in PIM Register message and send it to the RP. 2837 */ 2838 static int 2839 pim_register_send_rp(struct ip *ip, struct vif *vifp, 2840 struct mbuf *mb_copy, struct mfc *rt) 2841 { 2842 struct mbuf *mb_first; 2843 struct ip *ip_outer; 2844 struct pim_encap_pimhdr *pimhdr; 2845 int len = ntohs(ip->ip_len); 2846 vifi_t vifi = rt->mfc_parent; 2847 2848 if ((vifi >= numvifs) || in_nullhost(viftable[vifi].v_lcl_addr)) { 2849 m_freem(mb_copy); 2850 return EADDRNOTAVAIL; /* The iif vif is invalid */ 2851 } 2852 2853 /* 2854 * Add a new mbuf with the encapsulating header 2855 */ 2856 MGETHDR(mb_first, M_DONTWAIT, MT_HEADER); 2857 if (mb_first == NULL) { 2858 m_freem(mb_copy); 2859 return ENOBUFS; 2860 } 2861 mb_first->m_data += max_linkhdr; 2862 mb_first->m_len = sizeof(pim_encap_iphdr) + sizeof(pim_encap_pimhdr); 2863 mb_first->m_next = mb_copy; 2864 2865 mb_first->m_pkthdr.len = len + mb_first->m_len; 2866 2867 /* 2868 * Fill in the encapsulating IP and PIM header 2869 */ 2870 ip_outer = mtod(mb_first, struct ip *); 2871 *ip_outer = pim_encap_iphdr; 2872 if (mb_first->m_pkthdr.len < IP_MINFRAGSIZE) 2873 ip_outer->ip_id = 0; 2874 else 2875 ip_outer->ip_id = ip_newid(NULL); 2876 ip_outer->ip_len = htons(len + sizeof(pim_encap_iphdr) + 2877 sizeof(pim_encap_pimhdr)); 2878 ip_outer->ip_src = viftable[vifi].v_lcl_addr; 2879 ip_outer->ip_dst = rt->mfc_rp; 2880 /* 2881 * Copy the inner header TOS to the outer header, and take care of the 2882 * IP_DF bit. 2883 */ 2884 ip_outer->ip_tos = ip->ip_tos; 2885 if (ntohs(ip->ip_off) & IP_DF) 2886 ip_outer->ip_off |= htons(IP_DF); 2887 pimhdr = (struct pim_encap_pimhdr *)((char *)ip_outer 2888 + sizeof(pim_encap_iphdr)); 2889 *pimhdr = pim_encap_pimhdr; 2890 /* If the iif crosses a border, set the Border-bit */ 2891 if (rt->mfc_flags[vifi] & MRT_MFC_FLAGS_BORDER_VIF & mrt_api_config) 2892 pimhdr->flags |= htonl(PIM_BORDER_REGISTER); 2893 2894 mb_first->m_data += sizeof(pim_encap_iphdr); 2895 pimhdr->pim.pim_cksum = in_cksum(mb_first, sizeof(pim_encap_pimhdr)); 2896 mb_first->m_data -= sizeof(pim_encap_iphdr); 2897 2898 if (vifp->v_rate_limit == 0) 2899 tbf_send_packet(vifp, mb_first); 2900 else 2901 tbf_control(vifp, mb_first, ip, ntohs(ip_outer->ip_len)); 2902 2903 /* Keep statistics */ 2904 pimstat.pims_snd_registers_msgs++; 2905 pimstat.pims_snd_registers_bytes += len; 2906 2907 return 0; 2908 } 2909 2910 /* 2911 * PIM-SMv2 and PIM-DM messages processing. 2912 * Receives and verifies the PIM control messages, and passes them 2913 * up to the listening socket, using rip_input(). 2914 * The only message with special processing is the PIM_REGISTER message 2915 * (used by PIM-SM): the PIM header is stripped off, and the inner packet 2916 * is passed to if_simloop(). 2917 */ 2918 void 2919 pim_input(struct mbuf *m, ...) 2920 { 2921 struct ip *ip = mtod(m, struct ip *); 2922 struct pim *pim; 2923 int minlen; 2924 int datalen; 2925 int ip_tos; 2926 int proto; 2927 int iphlen; 2928 va_list ap; 2929 2930 va_start(ap, m); 2931 iphlen = va_arg(ap, int); 2932 proto = va_arg(ap, int); 2933 va_end(ap); 2934 2935 datalen = ntohs(ip->ip_len) - iphlen; 2936 2937 /* Keep statistics */ 2938 pimstat.pims_rcv_total_msgs++; 2939 pimstat.pims_rcv_total_bytes += datalen; 2940 2941 /* 2942 * Validate lengths 2943 */ 2944 if (datalen < PIM_MINLEN) { 2945 pimstat.pims_rcv_tooshort++; 2946 log(LOG_ERR, "pim_input: packet size too small %d from %lx\n", 2947 datalen, (u_long)ip->ip_src.s_addr); 2948 m_freem(m); 2949 return; 2950 } 2951 2952 /* 2953 * If the packet is at least as big as a REGISTER, go ahead 2954 * and grab the PIM REGISTER header size, to avoid another 2955 * possible m_pullup() later. 2956 * 2957 * PIM_MINLEN == pimhdr + u_int32_t == 4 + 4 = 8 2958 * PIM_REG_MINLEN == pimhdr + reghdr + encap_iphdr == 4 + 4 + 20 = 28 2959 */ 2960 minlen = iphlen + (datalen >= PIM_REG_MINLEN ? PIM_REG_MINLEN : PIM_MINLEN); 2961 2962 /* 2963 * Get the IP and PIM headers in contiguous memory, and 2964 * possibly the PIM REGISTER header. 2965 */ 2966 if ((m->m_flags & M_EXT || m->m_len < minlen) && 2967 (m = m_pullup(m, minlen)) == NULL) { 2968 log(LOG_ERR, "pim_input: m_pullup failure\n"); 2969 return; 2970 } 2971 ip = mtod(m, struct ip *); 2972 ip_tos = ip->ip_tos; 2973 2974 /* adjust mbuf to point to the PIM header */ 2975 m->m_data += iphlen; 2976 m->m_len -= iphlen; 2977 pim = mtod(m, struct pim *); 2978 2979 /* 2980 * Validate checksum. If PIM REGISTER, exclude the data packet. 2981 * 2982 * XXX: some older PIMv2 implementations don't make this distinction, 2983 * so for compatibility reason perform the checksum over part of the 2984 * message, and if error, then over the whole message. 2985 */ 2986 if (PIM_VT_T(pim->pim_vt) == PIM_REGISTER && in_cksum(m, PIM_MINLEN) == 0) { 2987 /* do nothing, checksum okay */ 2988 } else if (in_cksum(m, datalen)) { 2989 pimstat.pims_rcv_badsum++; 2990 if (mrtdebug & DEBUG_PIM) 2991 log(LOG_DEBUG, "pim_input: invalid checksum\n"); 2992 m_freem(m); 2993 return; 2994 } 2995 2996 /* PIM version check */ 2997 if (PIM_VT_V(pim->pim_vt) < PIM_VERSION) { 2998 pimstat.pims_rcv_badversion++; 2999 log(LOG_ERR, "pim_input: incorrect version %d, expecting %d\n", 3000 PIM_VT_V(pim->pim_vt), PIM_VERSION); 3001 m_freem(m); 3002 return; 3003 } 3004 3005 /* restore mbuf back to the outer IP */ 3006 m->m_data -= iphlen; 3007 m->m_len += iphlen; 3008 3009 if (PIM_VT_T(pim->pim_vt) == PIM_REGISTER) { 3010 /* 3011 * Since this is a REGISTER, we'll make a copy of the register 3012 * headers ip + pim + u_int32 + encap_ip, to be passed up to the 3013 * routing daemon. 3014 */ 3015 int s; 3016 struct sockaddr_in dst = { 3017 .sin_len = sizeof(dst), 3018 .sin_family = AF_INET, 3019 }; 3020 struct mbuf *mcp; 3021 struct ip *encap_ip; 3022 u_int32_t *reghdr; 3023 struct ifnet *vifp; 3024 3025 s = splsoftnet(); 3026 if ((reg_vif_num >= numvifs) || (reg_vif_num == VIFI_INVALID)) { 3027 splx(s); 3028 if (mrtdebug & DEBUG_PIM) 3029 log(LOG_DEBUG, 3030 "pim_input: register vif not set: %d\n", reg_vif_num); 3031 m_freem(m); 3032 return; 3033 } 3034 /* XXX need refcnt? */ 3035 vifp = viftable[reg_vif_num].v_ifp; 3036 splx(s); 3037 3038 /* 3039 * Validate length 3040 */ 3041 if (datalen < PIM_REG_MINLEN) { 3042 pimstat.pims_rcv_tooshort++; 3043 pimstat.pims_rcv_badregisters++; 3044 log(LOG_ERR, 3045 "pim_input: register packet size too small %d from %lx\n", 3046 datalen, (u_long)ip->ip_src.s_addr); 3047 m_freem(m); 3048 return; 3049 } 3050 3051 reghdr = (u_int32_t *)(pim + 1); 3052 encap_ip = (struct ip *)(reghdr + 1); 3053 3054 if (mrtdebug & DEBUG_PIM) { 3055 log(LOG_DEBUG, 3056 "pim_input[register], encap_ip: %lx -> %lx, encap_ip len %d\n", 3057 (u_long)ntohl(encap_ip->ip_src.s_addr), 3058 (u_long)ntohl(encap_ip->ip_dst.s_addr), 3059 ntohs(encap_ip->ip_len)); 3060 } 3061 3062 /* verify the version number of the inner packet */ 3063 if (encap_ip->ip_v != IPVERSION) { 3064 pimstat.pims_rcv_badregisters++; 3065 if (mrtdebug & DEBUG_PIM) { 3066 log(LOG_DEBUG, "pim_input: invalid IP version (%d) " 3067 "of the inner packet\n", encap_ip->ip_v); 3068 } 3069 m_freem(m); 3070 return; 3071 } 3072 3073 /* verify the inner packet doesn't have options */ 3074 if (encap_ip->ip_hl != (sizeof(struct ip) >> 2)) { 3075 pimstat.pims_rcv_badregisters++; 3076 m_freem(m); 3077 return; 3078 } 3079 3080 /* verify the inner packet is destined to a mcast group */ 3081 if (!IN_MULTICAST(encap_ip->ip_dst.s_addr)) { 3082 pimstat.pims_rcv_badregisters++; 3083 if (mrtdebug & DEBUG_PIM) 3084 log(LOG_DEBUG, 3085 "pim_input: inner packet of register is not " 3086 "multicast %lx\n", 3087 (u_long)ntohl(encap_ip->ip_dst.s_addr)); 3088 m_freem(m); 3089 return; 3090 } 3091 3092 /* If a NULL_REGISTER, pass it to the daemon */ 3093 if ((ntohl(*reghdr) & PIM_NULL_REGISTER)) 3094 goto pim_input_to_daemon; 3095 3096 /* 3097 * Copy the TOS from the outer IP header to the inner IP header. 3098 */ 3099 if (encap_ip->ip_tos != ip_tos) { 3100 /* Outer TOS -> inner TOS */ 3101 encap_ip->ip_tos = ip_tos; 3102 /* Recompute the inner header checksum. Sigh... */ 3103 3104 /* adjust mbuf to point to the inner IP header */ 3105 m->m_data += (iphlen + PIM_MINLEN); 3106 m->m_len -= (iphlen + PIM_MINLEN); 3107 3108 encap_ip->ip_sum = 0; 3109 encap_ip->ip_sum = in_cksum(m, encap_ip->ip_hl << 2); 3110 3111 /* restore mbuf to point back to the outer IP header */ 3112 m->m_data -= (iphlen + PIM_MINLEN); 3113 m->m_len += (iphlen + PIM_MINLEN); 3114 } 3115 3116 /* 3117 * Decapsulate the inner IP packet and loopback to forward it 3118 * as a normal multicast packet. Also, make a copy of the 3119 * outer_iphdr + pimhdr + reghdr + encap_iphdr 3120 * to pass to the daemon later, so it can take the appropriate 3121 * actions (e.g., send back PIM_REGISTER_STOP). 3122 * XXX: here m->m_data points to the outer IP header. 3123 */ 3124 mcp = m_copym(m, 0, iphlen + PIM_REG_MINLEN, M_DONTWAIT); 3125 if (mcp == NULL) { 3126 log(LOG_ERR, 3127 "pim_input: pim register: could not copy register head\n"); 3128 m_freem(m); 3129 return; 3130 } 3131 3132 /* Keep statistics */ 3133 /* XXX: registers_bytes include only the encap. mcast pkt */ 3134 pimstat.pims_rcv_registers_msgs++; 3135 pimstat.pims_rcv_registers_bytes += ntohs(encap_ip->ip_len); 3136 3137 /* 3138 * forward the inner ip packet; point m_data at the inner ip. 3139 */ 3140 m_adj(m, iphlen + PIM_MINLEN); 3141 3142 if (mrtdebug & DEBUG_PIM) { 3143 log(LOG_DEBUG, 3144 "pim_input: forwarding decapsulated register: " 3145 "src %lx, dst %lx, vif %d\n", 3146 (u_long)ntohl(encap_ip->ip_src.s_addr), 3147 (u_long)ntohl(encap_ip->ip_dst.s_addr), 3148 reg_vif_num); 3149 } 3150 /* NB: vifp was collected above; can it change on us? */ 3151 looutput(vifp, m, (struct sockaddr *)&dst, NULL); 3152 3153 /* prepare the register head to send to the mrouting daemon */ 3154 m = mcp; 3155 } 3156 3157 pim_input_to_daemon: 3158 /* 3159 * Pass the PIM message up to the daemon; if it is a Register message, 3160 * pass the 'head' only up to the daemon. This includes the 3161 * outer IP header, PIM header, PIM-Register header and the 3162 * inner IP header. 3163 * XXX: the outer IP header pkt size of a Register is not adjust to 3164 * reflect the fact that the inner multicast data is truncated. 3165 */ 3166 rip_input(m, iphlen, proto); 3167 3168 return; 3169 } 3170 #endif /* PIM */ 3171
Indexes created Fri Sep 26 08:10:20 GMT 2025