Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. =================================================================== RCS file: /ftp/cvs/cvsroot/src/sys/netinet/ip_input.c,v rcsdiff: /ftp/cvs/cvsroot/src/sys/netinet/ip_input.c,v: warning: Unknown phrases like `commitid ...;' are present. retrieving revision 1.307.2.3 retrieving revision 1.319 diff -u -p -r1.307.2.3 -r1.319 --- src/sys/netinet/ip_input.c 2014/05/18 17:46:13 1.307.2.3 +++ src/sys/netinet/ip_input.c 2014/06/16 00:33:39 1.319 @@ -1,4 +1,4 @@ -/* $NetBSD: ip_input.c,v 1.307.2.3 2014/05/18 17:46:13 rmind Exp $ */ +/* $NetBSD: ip_input.c,v 1.319 2014/06/16 00:33:39 ozaki-r Exp $ */ /* * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. @@ -91,7 +91,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: ip_input.c,v 1.307.2.3 2014/05/18 17:46:13 rmind Exp $"); +__KERNEL_RCSID(0, "$NetBSD: ip_input.c,v 1.319 2014/06/16 00:33:39 ozaki-r Exp $"); #include "opt_inet.h" #include "opt_compat_netbsd.h" @@ -103,6 +103,7 @@ __KERNEL_RCSID(0, "$NetBSD: ip_input.c,v #include #include +#include #include #include #include @@ -118,6 +119,7 @@ __KERNEL_RCSID(0, "$NetBSD: ip_input.c,v #include #include #include +#include #include #include @@ -210,18 +212,18 @@ int ip_do_randomid = 0; * to the loopback interface instead of the interface where the * packets for those addresses are received. */ -int ip_checkinterface = 0; +static int ip_checkinterface __read_mostly = 0; struct rttimer_queue *ip_mtudisc_timeout_q = NULL; -struct ifqueue ipintrq; +pktqueue_t * ip_pktq __read_mostly; +pfil_head_t * inet_pfil_hook __read_mostly; +ipid_state_t * ip_ids __read_mostly; +percpu_t * ipstat_percpu __read_mostly; -ipid_state_t * ip_ids; -uint16_t ip_id; - -percpu_t *ipstat_percpu; +static struct route ipforward_rt __cacheline_aligned; -pfil_head_t *inet_pfil_hook; +uint16_t ip_id; #ifdef INET_CSUM_COUNTERS #include @@ -264,6 +266,11 @@ static struct ip_srcrt { static int ip_drainwanted; +struct sockaddr_in ipaddr = { + .sin_len = sizeof(ipaddr), + .sin_family = AF_INET, +}; + static void save_rte(u_char *, struct in_addr); #ifdef MBUFTRACE @@ -271,10 +278,17 @@ struct mowner ip_rx_mowner = MOWNER_INIT struct mowner ip_tx_mowner = MOWNER_INIT("internet", "tx"); #endif +static void ipintr(void *); +static void ip_input(struct mbuf *); +static void ip_forward(struct mbuf *, int); static bool ip_dooptions(struct mbuf *); static struct in_ifaddr *ip_rtaddr(struct in_addr); static void sysctl_net_inet_ip_setup(struct sysctllog **); +/* XXX: Not yet enabled. */ +#define SOFTNET_LOCK() KASSERT(mutex_owned(softnet_lock)) +#define SOFTNET_UNLOCK() KASSERT(mutex_owned(softnet_lock)) + /* * IP initialization: fill in IP protocol switch table. * All protocols not implemented in kernel go to raw IP protocol handler. @@ -290,6 +304,9 @@ ip_init(void) pr = pffindproto(PF_INET, IPPROTO_RAW, SOCK_RAW); KASSERT(pr != NULL); + ip_pktq = pktq_create(IFQ_MAXLEN, ipintr, NULL); + KASSERT(ip_pktq != NULL); + for (u_int i = 0; i < IPPROTO_MAX; i++) { ip_protox[i] = pr - inetsw; } @@ -304,8 +321,6 @@ ip_init(void) ip_ids = ip_id_init(); ip_id = time_second & 0xfffff; - ipintrq.ifq_maxlen = IFQ_MAXLEN; - ip_mtudisc_timeout_q = rt_timer_queue_create(ip_mtudisc_timeout); #ifdef GATEWAY ipflow_init(); @@ -323,57 +338,28 @@ ip_init(void) ipstat_percpu = percpu_alloc(sizeof(uint64_t) * IP_NSTATS); } -struct sockaddr_in ipaddr = { - .sin_len = sizeof(ipaddr), - .sin_family = AF_INET, -}; - -static struct route ipforward_rt; - /* - * IP software interrupt routine + * IP software interrupt routine. */ -void -ipintr(void) +static void +ipintr(void *arg __unused) { - int s; struct mbuf *m; - struct ifqueue lcl_intrq; - memset(&lcl_intrq, 0, sizeof(lcl_intrq)); + KASSERT(cpu_softintr_p()); mutex_enter(softnet_lock); - KERNEL_LOCK(1, NULL); - if (!IF_IS_EMPTY(&ipintrq)) { - s = splnet(); - - /* Take existing queue onto stack */ - lcl_intrq = ipintrq; - - /* Zero out global queue, preserving maxlen and drops */ - ipintrq.ifq_head = NULL; - ipintrq.ifq_tail = NULL; - ipintrq.ifq_len = 0; - ipintrq.ifq_maxlen = lcl_intrq.ifq_maxlen; - ipintrq.ifq_drops = lcl_intrq.ifq_drops; - - splx(s); - } - KERNEL_UNLOCK_ONE(NULL); - while (!IF_IS_EMPTY(&lcl_intrq)) { - IF_DEQUEUE(&lcl_intrq, m); - if (m == NULL) - break; + while ((m = pktq_dequeue(ip_pktq)) != NULL) { ip_input(m); } mutex_exit(softnet_lock); } /* - * Ip input routine. Checksum and byte swap header. If fragmented + * IP input routine. Checksum and byte swap header. If fragmented * try to reassemble. Process options. Pass to next level. */ -void +static void ip_input(struct mbuf *m) { struct ip *ip = NULL; @@ -383,17 +369,25 @@ ip_input(struct mbuf *m) int downmatch; int checkif; int srcrt = 0; + ifnet_t *ifp; + + KASSERTMSG(cpu_softintr_p(), "ip_input: not in the software " + "interrupt handler; synchronization assumptions violated"); MCLAIM(m, &ip_rx_mowner); KASSERT((m->m_flags & M_PKTHDR) != 0); + ifp = m->m_pkthdr.rcvif; /* * If no IP addresses have been set yet but the interfaces * are receiving, can't do anything with incoming packets yet. + * Note: we pre-check without locks held. */ - if (TAILQ_FIRST(&in_ifaddrhead) == 0) + if (!TAILQ_FIRST(&in_ifaddrhead)) { goto bad; + } IP_STATINC(IP_STAT_TOTAL); + /* * If the IP header is not aligned, slurp it up into a new * mbuf with space for link headers, in the event we forward @@ -443,14 +437,14 @@ ip_input(struct mbuf *m) /* 127/8 must not appear on wire - RFC1122 */ if ((ntohl(ip->ip_dst.s_addr) >> IN_CLASSA_NSHIFT) == IN_LOOPBACKNET || (ntohl(ip->ip_src.s_addr) >> IN_CLASSA_NSHIFT) == IN_LOOPBACKNET) { - if ((m->m_pkthdr.rcvif->if_flags & IFF_LOOPBACK) == 0) { + if ((ifp->if_flags & IFF_LOOPBACK) == 0) { IP_STATINC(IP_STAT_BADADDR); goto bad; } } switch (m->m_pkthdr.csum_flags & - ((m->m_pkthdr.rcvif->if_csum_flags_rx & M_CSUM_IPv4) | + ((ifp->if_csum_flags_rx & M_CSUM_IPv4) | M_CSUM_IPv4_BAD)) { case M_CSUM_IPv4|M_CSUM_IPv4_BAD: INET_CSUM_COUNTER_INCR(&ip_hwcsum_bad); @@ -466,8 +460,8 @@ ip_input(struct mbuf *m) * Must compute it ourselves. Maybe skip checksum on * loopback interfaces. */ - if (__predict_true(!(m->m_pkthdr.rcvif->if_flags & - IFF_LOOPBACK) || ip_do_loopback_cksum)) { + if (__predict_true(!(ifp->if_flags & IFF_LOOPBACK) || + ip_do_loopback_cksum)) { INET_CSUM_COUNTER_INCR(&ip_swcsum); if (in_cksum(m, hlen) != 0) goto badcsum; @@ -517,26 +511,24 @@ ip_input(struct mbuf *m) * Note that filters must _never_ set this flag, as another filter * in the list may have previously cleared it. */ - /* - * let ipfilter look at packet on the wire, - * not the decapsulated packet. - */ #if defined(IPSEC) - if (!ipsec_indone(m)) + if (!ipsec_used || !ipsec_indone(m)) #else if (1) #endif { - struct in_addr odst; + struct in_addr odst = ip->ip_dst; + bool freed; - odst = ip->ip_dst; - if (pfil_run_hooks(inet_pfil_hook, &m, m->m_pkthdr.rcvif, - PFIL_IN) != 0) - return; - if (m == NULL) + SOFTNET_LOCK(); + freed = pfil_run_hooks(inet_pfil_hook, &m, ifp, PFIL_IN) != 0; + SOFTNET_UNLOCK(); + if (freed || m == NULL) { return; + } ip = mtod(m, struct ip *); hlen = ip->ip_hl << 2; + /* * XXX The setting of "srcrt" here is to prevent ip_forward() * from generating ICMP redirects for packets that have @@ -556,9 +548,14 @@ ip_input(struct mbuf *m) #ifdef ALTQ /* XXX Temporary until ALTQ is changed to use a pfil hook */ - if (altq_input != NULL && (*altq_input)(m, AF_INET) == 0) { - /* packet dropped by traffic conditioner */ - return; + if (altq_input) { + SOFTNET_LOCK(); + if ((*altq_input)(m, AF_INET) == 0) { + /* Packet dropped by traffic conditioner. */ + SOFTNET_UNLOCK(); + return; + } + SOFTNET_UNLOCK(); } #endif @@ -589,8 +586,7 @@ ip_input(struct mbuf *m) * we get finer grain control. */ checkif = ip_checkinterface && (ipforwarding == 0) && - (m->m_pkthdr.rcvif != NULL) && - ((m->m_pkthdr.rcvif->if_flags & IFF_LOOPBACK) == 0); + (ifp->if_flags & IFF_LOOPBACK) == 0; /* * Check our list of addresses, to see if the packet is for us. @@ -602,7 +598,7 @@ ip_input(struct mbuf *m) downmatch = 0; LIST_FOREACH(ia, &IN_IFADDR_HASH(ip->ip_dst.s_addr), ia_hash) { if (in_hosteq(ia->ia_addr.sin_addr, ip->ip_dst)) { - if (checkif && ia->ia_ifp != m->m_pkthdr.rcvif) + if (checkif && ia->ia_ifp != ifp) continue; if ((ia->ia_ifp->if_flags & IFF_UP) != 0) break; @@ -612,8 +608,8 @@ ip_input(struct mbuf *m) } if (ia != NULL) goto ours; - if (m->m_pkthdr.rcvif && m->m_pkthdr.rcvif->if_flags & IFF_BROADCAST) { - IFADDR_FOREACH(ifa, m->m_pkthdr.rcvif) { + if (ifp->if_flags & IFF_BROADCAST) { + IFADDR_FOREACH(ifa, ifp) { if (ifa->ifa_addr->sa_family != AF_INET) continue; ia = ifatoia(ifa); @@ -635,7 +631,6 @@ ip_input(struct mbuf *m) } } if (IN_MULTICAST(ip->ip_dst.s_addr)) { - struct in_multi *inm; #ifdef MROUTING extern struct socket *ip_mrouter; @@ -652,19 +647,23 @@ ip_input(struct mbuf *m) * as expected when ip_mforward() is called from * ip_output().) */ - if (ip_mforward(m, m->m_pkthdr.rcvif) != 0) { + SOFTNET_LOCK(); + if (ip_mforward(m, ifp) != 0) { + SOFTNET_UNLOCK(); IP_STATINC(IP_STAT_CANTFORWARD); m_freem(m); return; } + SOFTNET_UNLOCK(); /* * The process-level routing demon needs to receive * all multicast IGMP packets, whether or not this * host belongs to their destination groups. */ - if (ip->ip_p == IPPROTO_IGMP) + if (ip->ip_p == IPPROTO_IGMP) { goto ours; + } IP_STATINC(IP_STAT_CANTFORWARD); } #endif @@ -672,8 +671,7 @@ ip_input(struct mbuf *m) * See if we belong to the destination multicast group on the * arrival interface. */ - IN_LOOKUP_MULTI(ip->ip_dst, m->m_pkthdr.rcvif, inm); - if (inm == NULL) { + if (!in_multi_group(ip->ip_dst, ifp, 0)) { IP_STATINC(IP_STAT_CANTFORWARD); m_freem(m); return; @@ -704,9 +702,14 @@ ip_input(struct mbuf *m) } #ifdef IPSEC /* Perform IPsec, if any. */ - if (ipsec4_input(m, IP_FORWARDING | (ip_directedbcast ? - IP_ALLOWBROADCAST : 0)) != 0) { - goto bad; + if (ipsec_used) { + SOFTNET_LOCK(); + if (ipsec4_input(m, IP_FORWARDING | + (ip_directedbcast ? IP_ALLOWBROADCAST : 0)) != 0) { + SOFTNET_UNLOCK(); + goto bad; + } + SOFTNET_UNLOCK(); } #endif ip_forward(m, srcrt); @@ -743,10 +746,14 @@ ours: * Note that we do not visit this with protocols with PCB layer * code - like UDP/TCP/raw IP. */ - if ((inetsw[ip_protox[ip->ip_p]].pr_flags & PR_LASTHDR) != 0) { + if (ipsec_used && + (inetsw[ip_protox[ip->ip_p]].pr_flags & PR_LASTHDR) != 0) { + SOFTNET_LOCK(); if (ipsec4_input(m, 0) != 0) { + SOFTNET_UNLOCK(); goto bad; } + SOFTNET_UNLOCK(); } #endif @@ -758,12 +765,13 @@ ours: ia->ia_ifa.ifa_data.ifad_inbytes += ntohs(ip->ip_len); #endif IP_STATINC(IP_STAT_DELIVERED); - { - int off = hlen, nh = ip->ip_p; + const int off = hlen, nh = ip->ip_p; + + SOFTNET_LOCK(); (*inetsw[ip_protox[nh]].pr_input)(m, off, nh); + SOFTNET_UNLOCK(); return; - } bad: m_freem(m); return; @@ -1048,7 +1056,10 @@ ip_rtaddr(struct in_addr dst) sockaddr_in_init(&u.dst4, &dst, 0); - if ((rt = rtcache_lookup(&ipforward_rt, &u.dst)) == NULL) + SOFTNET_LOCK(); + rt = rtcache_lookup(&ipforward_rt, &u.dst); + SOFTNET_UNLOCK(); + if (rt == NULL) return NULL; return ifatoia(rt->rt_ifa); @@ -1166,7 +1177,7 @@ ip_drainstub(void) * The srcrt parameter indicates whether the packet is being forwarded * via a source route. */ -void +static void ip_forward(struct mbuf *m, int srcrt) { struct ip *ip = mtod(m, struct ip *); @@ -1179,6 +1190,9 @@ ip_forward(struct mbuf *m, int srcrt) struct sockaddr_in dst4; } u; + KASSERTMSG(cpu_softintr_p(), "ip_forward: not in the software " + "interrupt handler; synchronization assumptions violated"); + /* * We are now in the output path. */ @@ -1195,14 +1209,20 @@ ip_forward(struct mbuf *m, int srcrt) m_freem(m); return; } + + SOFTNET_LOCK(); + if (ip->ip_ttl <= IPTTLDEC) { icmp_error(m, ICMP_TIMXCEED, ICMP_TIMXCEED_INTRANS, dest, 0); + SOFTNET_UNLOCK(); return; } sockaddr_in_init(&u.dst4, &ip->ip_dst, 0); + if ((rt = rtcache_lookup(&ipforward_rt, &u.dst)) == NULL) { icmp_error(m, ICMP_UNREACH, ICMP_UNREACH_NET, dest, 0); + SOFTNET_UNLOCK(); return; } @@ -1266,11 +1286,14 @@ ip_forward(struct mbuf *m, int srcrt) #endif m_freem(mcopy); } + SOFTNET_UNLOCK(); return; } } - if (mcopy == NULL) + if (mcopy == NULL) { + SOFTNET_UNLOCK(); return; + } switch (error) { @@ -1294,7 +1317,8 @@ ip_forward(struct mbuf *m, int srcrt) if ((rt = rtcache_validate(&ipforward_rt)) != NULL) destmtu = rt->rt_ifp->if_mtu; #ifdef IPSEC - (void)ipsec4_forward(mcopy, &destmtu); + if (ipsec_used) + (void)ipsec4_forward(mcopy, &destmtu); #endif IP_STATINC(IP_STAT_CANTFRAG); break; @@ -1308,16 +1332,20 @@ ip_forward(struct mbuf *m, int srcrt) */ if (mcopy) m_freem(mcopy); + SOFTNET_UNLOCK(); return; } icmp_error(mcopy, type, code, dest, destmtu); + SOFTNET_UNLOCK(); } void -ip_savecontrol(inpcb_t *inp, struct mbuf **mp, struct ip *ip, struct mbuf *m) +ip_savecontrol(struct inpcb *inp, struct mbuf **mp, struct ip *ip, + struct mbuf *m) { - struct socket *so = inpcb_get_socket(inp); - int inpflags = inpcb_get_flags(inp); + struct socket *so = inp->inp_socket; + ifnet_t *ifp = m->m_pkthdr.rcvif; + int inpflags = inp->inp_flags; if (so->so_options & SO_TIMESTAMP #ifdef SO_OTIMESTAMP @@ -1349,7 +1377,7 @@ ip_savecontrol(inpcb_t *inp, struct mbuf if (inpflags & INP_RECVPKTINFO) { struct in_pktinfo ipi; ipi.ipi_addr = ip->ip_src; - ipi.ipi_ifindex = m->m_pkthdr.rcvif->if_index; + ipi.ipi_ifindex = ifp->if_index; *mp = sbcreatecontrol((void *) &ipi, sizeof(ipi), IP_RECVPKTINFO, IPPROTO_IP); if (*mp) @@ -1358,7 +1386,7 @@ ip_savecontrol(inpcb_t *inp, struct mbuf if (inpflags & INP_PKTINFO) { struct in_pktinfo ipi; ipi.ipi_addr = ip->ip_dst; - ipi.ipi_ifindex = m->m_pkthdr.rcvif->if_index; + ipi.ipi_ifindex = ifp->if_index; *mp = sbcreatecontrol((void *) &ipi, sizeof(ipi), IP_PKTINFO, IPPROTO_IP); if (*mp) @@ -1367,8 +1395,8 @@ ip_savecontrol(inpcb_t *inp, struct mbuf if (inpflags & INP_RECVIF) { struct sockaddr_dl sdl; - sockaddr_dl_init(&sdl, sizeof(sdl), m->m_pkthdr.rcvif ? - m->m_pkthdr.rcvif->if_index : 0, 0, NULL, 0, NULL, 0); + sockaddr_dl_init(&sdl, sizeof(sdl), ifp ? + ifp->if_index : 0, 0, NULL, 0, NULL, 0); *mp = sbcreatecontrol(&sdl, sdl.sdl_len, IP_RECVIF, IPPROTO_IP); if (*mp) mp = &(*mp)->m_next;