File: [cvs.NetBSD.org] / src / sys / netinet / ip_flow.c (download)
Revision 1.60, Thu Jan 19 13:13:48 2012 UTC (12 years, 3 months ago) by liamjfoy
Branch: MAIN
CVS Tags: yamt-pagecache-base8, yamt-pagecache-base7, yamt-pagecache-base6, yamt-pagecache-base5, yamt-pagecache-base4, riastradh-drm2-base3, riastradh-drm2-base2, riastradh-drm2-base1, riastradh-drm2-base, riastradh-drm2, netbsd-6-base, netbsd-6-1-RELEASE, netbsd-6-1-RC4, netbsd-6-1-RC3, netbsd-6-1-RC2, netbsd-6-1-RC1, netbsd-6-1-5-RELEASE, netbsd-6-1-4-RELEASE, netbsd-6-1-3-RELEASE, netbsd-6-1-2-RELEASE, netbsd-6-1-1-RELEASE, netbsd-6-1, netbsd-6-0-RELEASE, netbsd-6-0-RC2, netbsd-6-0-RC1, netbsd-6-0-6-RELEASE, netbsd-6-0-5-RELEASE, netbsd-6-0-4-RELEASE, netbsd-6-0-3-RELEASE, netbsd-6-0-2-RELEASE, netbsd-6-0-1-RELEASE, netbsd-6-0, netbsd-6, matt-nb6-plus-nbase, matt-nb6-plus-base, matt-nb6-plus, khorben-n900, jmcneill-usbmp-base9, jmcneill-usbmp-base8, jmcneill-usbmp-base7, jmcneill-usbmp-base6, jmcneill-usbmp-base5, jmcneill-usbmp-base4, jmcneill-usbmp-base3, jmcneill-usbmp-base2, jmcneill-usbmp-base10, agc-symver-base, agc-symver
Branch point for: tls-maxphys, rmind-smpnet
Changes since 1.59: +3 -4
lines
Remove ipf_start from ipf struct
|
/* $NetBSD: ip_flow.c,v 1.60 2012/01/19 13:13:48 liamjfoy Exp $ */
/*-
* Copyright (c) 1998 The NetBSD Foundation, Inc.
* All rights reserved.
*
* This code is derived from software contributed to The NetBSD Foundation
* by the 3am Software Foundry ("3am"). It was developed by Matt Thomas.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
* ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
* TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
* BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*/
#include <sys/cdefs.h>
__KERNEL_RCSID(0, "$NetBSD: ip_flow.c,v 1.60 2012/01/19 13:13:48 liamjfoy Exp $");
#include <sys/param.h>
#include <sys/systm.h>
#include <sys/malloc.h>
#include <sys/mbuf.h>
#include <sys/domain.h>
#include <sys/protosw.h>
#include <sys/socket.h>
#include <sys/socketvar.h>
#include <sys/errno.h>
#include <sys/time.h>
#include <sys/kernel.h>
#include <sys/pool.h>
#include <sys/sysctl.h>
#include <net/if.h>
#include <net/if_dl.h>
#include <net/route.h>
#include <net/pfil.h>
#include <netinet/in.h>
#include <netinet/in_systm.h>
#include <netinet/ip.h>
#include <netinet/in_pcb.h>
#include <netinet/in_var.h>
#include <netinet/ip_var.h>
#include <netinet/ip_private.h>
/*
* Similar code is very well commented in netinet6/ip6_flow.c
*/
struct ipflow {
LIST_ENTRY(ipflow) ipf_list; /* next in active list */
LIST_ENTRY(ipflow) ipf_hash; /* next ipflow in bucket */
struct in_addr ipf_dst; /* destination address */
struct in_addr ipf_src; /* source address */
uint8_t ipf_tos; /* type-of-service */
struct route ipf_ro; /* associated route entry */
u_long ipf_uses; /* number of uses in this period */
u_long ipf_last_uses; /* number of uses in last period */
u_long ipf_dropped; /* ENOBUFS retured by if_output */
u_long ipf_errors; /* other errors returned by if_output */
u_int ipf_timer; /* lifetime timer */
};
#define IPFLOW_HASHBITS 6 /* should not be a multiple of 8 */
static struct pool ipflow_pool;
LIST_HEAD(ipflowhead, ipflow);
#define IPFLOW_TIMER (5 * PR_SLOWHZ)
#define IPFLOW_DEFAULT_HASHSIZE (1 << IPFLOW_HASHBITS)
static struct ipflowhead *ipflowtable = NULL;
static struct ipflowhead ipflowlist;
static int ipflow_inuse;
#define IPFLOW_INSERT(bucket, ipf) \
do { \
LIST_INSERT_HEAD((bucket), (ipf), ipf_hash); \
LIST_INSERT_HEAD(&ipflowlist, (ipf), ipf_list); \
} while (/*CONSTCOND*/ 0)
#define IPFLOW_REMOVE(ipf) \
do { \
LIST_REMOVE((ipf), ipf_hash); \
LIST_REMOVE((ipf), ipf_list); \
} while (/*CONSTCOND*/ 0)
#ifndef IPFLOW_MAX
#define IPFLOW_MAX 256
#endif
int ip_maxflows = IPFLOW_MAX;
int ip_hashsize = IPFLOW_DEFAULT_HASHSIZE;
static size_t
ipflow_hash(const struct ip *ip)
{
size_t hash = ip->ip_tos;
size_t idx;
for (idx = 0; idx < 32; idx += IPFLOW_HASHBITS) {
hash += (ip->ip_dst.s_addr >> (32 - idx)) +
(ip->ip_src.s_addr >> idx);
}
return hash & (ip_hashsize-1);
}
static struct ipflow *
ipflow_lookup(const struct ip *ip)
{
size_t hash;
struct ipflow *ipf;
hash = ipflow_hash(ip);
LIST_FOREACH(ipf, &ipflowtable[hash], ipf_hash) {
if (ip->ip_dst.s_addr == ipf->ipf_dst.s_addr
&& ip->ip_src.s_addr == ipf->ipf_src.s_addr
&& ip->ip_tos == ipf->ipf_tos)
break;
}
return ipf;
}
void
ipflow_poolinit(void)
{
pool_init(&ipflow_pool, sizeof(struct ipflow), 0, 0, 0, "ipflowpl",
NULL, IPL_NET);
}
int
ipflow_init(int table_size)
{
struct ipflowhead *new_table;
size_t i;
new_table = (struct ipflowhead *)malloc(sizeof(struct ipflowhead) *
table_size, M_RTABLE, M_NOWAIT);
if (new_table == NULL)
return 1;
if (ipflowtable != NULL)
free(ipflowtable, M_RTABLE);
ipflowtable = new_table;
ip_hashsize = table_size;
LIST_INIT(&ipflowlist);
for (i = 0; i < ip_hashsize; i++)
LIST_INIT(&ipflowtable[i]);
return 0;
}
int
ipflow_fastforward(struct mbuf *m)
{
struct ip *ip;
struct ip ip_store;
struct ipflow *ipf;
struct rtentry *rt;
const struct sockaddr *dst;
int error;
int iplen;
/*
* Are we forwarding packets? Big enough for an IP packet?
*/
if (!ipforwarding || ipflow_inuse == 0 || m->m_len < sizeof(struct ip))
return 0;
/*
* Was packet received as a link-level multicast or broadcast?
* If so, don't try to fast forward..
*/
if ((m->m_flags & (M_BCAST|M_MCAST)) != 0)
return 0;
/*
* IP header with no option and valid version and length
*/
if (IP_HDR_ALIGNED_P(mtod(m, const void *)))
ip = mtod(m, struct ip *);
else {
memcpy(&ip_store, mtod(m, const void *), sizeof(ip_store));
ip = &ip_store;
}
iplen = ntohs(ip->ip_len);
if (ip->ip_v != IPVERSION || ip->ip_hl != (sizeof(struct ip) >> 2) ||
iplen < sizeof(struct ip) || iplen > m->m_pkthdr.len)
return 0;
/*
* Find a flow.
*/
if ((ipf = ipflow_lookup(ip)) == NULL)
return 0;
/*
* Verify the IP header checksum.
*/
switch (m->m_pkthdr.csum_flags &
((m->m_pkthdr.rcvif->if_csum_flags_rx & M_CSUM_IPv4) |
M_CSUM_IPv4_BAD)) {
case M_CSUM_IPv4|M_CSUM_IPv4_BAD:
return (0);
case M_CSUM_IPv4:
/* Checksum was okay. */
break;
default:
/* Must compute it ourselves. */
if (in_cksum(m, sizeof(struct ip)) != 0)
return (0);
break;
}
/*
* Route and interface still up?
*/
if ((rt = rtcache_validate(&ipf->ipf_ro)) == NULL ||
(rt->rt_ifp->if_flags & IFF_UP) == 0)
return 0;
/*
* Packet size OK? TTL?
*/
if (m->m_pkthdr.len > rt->rt_ifp->if_mtu || ip->ip_ttl <= IPTTLDEC)
return 0;
/*
* Clear any in-bound checksum flags for this packet.
*/
m->m_pkthdr.csum_flags = 0;
/*
* Everything checks out and so we can forward this packet.
* Modify the TTL and incrementally change the checksum.
*
* This method of adding the checksum works on either endian CPU.
* If htons() is inlined, all the arithmetic is folded; otherwise
* the htons()s are combined by CSE due to the const attribute.
*
* Don't bother using HW checksumming here -- the incremental
* update is pretty fast.
*/
ip->ip_ttl -= IPTTLDEC;
if (ip->ip_sum >= (u_int16_t) ~htons(IPTTLDEC << 8))
ip->ip_sum -= ~htons(IPTTLDEC << 8);
else
ip->ip_sum += htons(IPTTLDEC << 8);
/*
* Done modifying the header; copy it back, if necessary.
*
* XXX Use m_copyback_cow(9) here? --dyoung
*/
if (IP_HDR_ALIGNED_P(mtod(m, void *)) == 0)
memcpy(mtod(m, void *), &ip_store, sizeof(ip_store));
/*
* Trim the packet in case it's too long..
*/
if (m->m_pkthdr.len > iplen) {
if (m->m_len == m->m_pkthdr.len) {
m->m_len = iplen;
m->m_pkthdr.len = iplen;
} else
m_adj(m, iplen - m->m_pkthdr.len);
}
/*
* Send the packet on it's way. All we can get back is ENOBUFS
*/
ipf->ipf_uses++;
PRT_SLOW_ARM(ipf->ipf_timer, IPFLOW_TIMER);
if (rt->rt_flags & RTF_GATEWAY)
dst = rt->rt_gateway;
else
dst = rtcache_getdst(&ipf->ipf_ro);
KERNEL_LOCK(1, NULL);
if ((error = (*rt->rt_ifp->if_output)(rt->rt_ifp, m, dst, rt)) != 0) {
if (error == ENOBUFS)
ipf->ipf_dropped++;
else
ipf->ipf_errors++;
}
KERNEL_UNLOCK_ONE(NULL);
return 1;
}
�
static void
ipflow_addstats(struct ipflow *ipf)
{
struct rtentry *rt;
uint64_t *ips;
if ((rt = rtcache_validate(&ipf->ipf_ro)) != NULL)
rt->rt_use += ipf->ipf_uses;
ips = IP_STAT_GETREF();
ips[IP_STAT_CANTFORWARD] += ipf->ipf_errors + ipf->ipf_dropped;
ips[IP_STAT_TOTAL] += ipf->ipf_uses;
ips[IP_STAT_FORWARD] += ipf->ipf_uses;
ips[IP_STAT_FASTFORWARD] += ipf->ipf_uses;
IP_STAT_PUTREF();
}
static void
ipflow_free(struct ipflow *ipf)
{
int s;
/*
* Remove the flow from the hash table (at elevated IPL).
* Once it's off the list, we can deal with it at normal
* network IPL.
*/
s = splnet();
IPFLOW_REMOVE(ipf);
splx(s);
ipflow_addstats(ipf);
rtcache_free(&ipf->ipf_ro);
ipflow_inuse--;
s = splnet();
pool_put(&ipflow_pool, ipf);
splx(s);
}
static struct ipflow *
ipflow_reap(bool just_one)
{
while (just_one || ipflow_inuse > ip_maxflows) {
struct ipflow *ipf, *maybe_ipf = NULL;
int s;
ipf = LIST_FIRST(&ipflowlist);
while (ipf != NULL) {
/*
* If this no longer points to a valid route
* reclaim it.
*/
if (rtcache_validate(&ipf->ipf_ro) == NULL)
goto done;
/*
* choose the one that's been least recently
* used or has had the least uses in the
* last 1.5 intervals.
*/
if (maybe_ipf == NULL ||
ipf->ipf_timer < maybe_ipf->ipf_timer ||
(ipf->ipf_timer == maybe_ipf->ipf_timer &&
ipf->ipf_last_uses + ipf->ipf_uses <
maybe_ipf->ipf_last_uses +
maybe_ipf->ipf_uses))
maybe_ipf = ipf;
ipf = LIST_NEXT(ipf, ipf_list);
}
ipf = maybe_ipf;
done:
/*
* Remove the entry from the flow table.
*/
s = splnet();
IPFLOW_REMOVE(ipf);
splx(s);
ipflow_addstats(ipf);
rtcache_free(&ipf->ipf_ro);
if (just_one)
return ipf;
pool_put(&ipflow_pool, ipf);
ipflow_inuse--;
}
return NULL;
}
void
ipflow_prune(void)
{
(void) ipflow_reap(false);
}
void
ipflow_slowtimo(void)
{
struct rtentry *rt;
struct ipflow *ipf, *next_ipf;
uint64_t *ips;
mutex_enter(softnet_lock);
KERNEL_LOCK(1, NULL);
for (ipf = LIST_FIRST(&ipflowlist); ipf != NULL; ipf = next_ipf) {
next_ipf = LIST_NEXT(ipf, ipf_list);
if (PRT_SLOW_ISEXPIRED(ipf->ipf_timer) ||
(rt = rtcache_validate(&ipf->ipf_ro)) == NULL) {
ipflow_free(ipf);
} else {
ipf->ipf_last_uses = ipf->ipf_uses;
rt->rt_use += ipf->ipf_uses;
ips = IP_STAT_GETREF();
ips[IP_STAT_TOTAL] += ipf->ipf_uses;
ips[IP_STAT_FORWARD] += ipf->ipf_uses;
ips[IP_STAT_FASTFORWARD] += ipf->ipf_uses;
IP_STAT_PUTREF();
ipf->ipf_uses = 0;
}
}
KERNEL_UNLOCK_ONE(NULL);
mutex_exit(softnet_lock);
}
void
ipflow_create(const struct route *ro, struct mbuf *m)
{
const struct ip *const ip = mtod(m, const struct ip *);
struct ipflow *ipf;
size_t hash;
int s;
/*
* Don't create cache entries for ICMP messages.
*/
if (ip_maxflows == 0 || ip->ip_p == IPPROTO_ICMP)
return;
/*
* See if an existing flow struct exists. If so remove it from it's
* list and free the old route. If not, try to malloc a new one
* (if we aren't at our limit).
*/
ipf = ipflow_lookup(ip);
if (ipf == NULL) {
if (ipflow_inuse >= ip_maxflows) {
ipf = ipflow_reap(true);
} else {
s = splnet();
ipf = pool_get(&ipflow_pool, PR_NOWAIT);
splx(s);
if (ipf == NULL)
return;
ipflow_inuse++;
}
memset(ipf, 0, sizeof(*ipf));
} else {
s = splnet();
IPFLOW_REMOVE(ipf);
splx(s);
ipflow_addstats(ipf);
rtcache_free(&ipf->ipf_ro);
ipf->ipf_uses = ipf->ipf_last_uses = 0;
ipf->ipf_errors = ipf->ipf_dropped = 0;
}
/*
* Fill in the updated information.
*/
rtcache_copy(&ipf->ipf_ro, ro);
ipf->ipf_dst = ip->ip_dst;
ipf->ipf_src = ip->ip_src;
ipf->ipf_tos = ip->ip_tos;
PRT_SLOW_ARM(ipf->ipf_timer, IPFLOW_TIMER);
/*
* Insert into the approriate bucket of the flow table.
*/
hash = ipflow_hash(ip);
s = splnet();
IPFLOW_INSERT(&ipflowtable[hash], ipf);
splx(s);
}
int
ipflow_invalidate_all(int new_size)
{
struct ipflow *ipf, *next_ipf;
int s, error;
error = 0;
s = splnet();
for (ipf = LIST_FIRST(&ipflowlist); ipf != NULL; ipf = next_ipf) {
next_ipf = LIST_NEXT(ipf, ipf_list);
ipflow_free(ipf);
}
if (new_size)
error = ipflow_init(new_size);
splx(s);
return error;
}
![[BACK]](/icons/back.gif){kind=icon}
Return to ip_flow.c CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [cvs.NetBSD.org] / src / sys / netinet