xref: /freebsd/sys/netipsec/ipsec_mbuf.c (revision 2be1a816b9ff69588e55be0a84cbe2a31efc0f2f) 
1 /*-
2  * Copyright (c) 2002, 2003 Sam Leffler, Errno Consulting
3  * All rights reserved.
4  *
5  * Redistribution and use in source and binary forms, with or without
6  * modification, are permitted provided that the following conditions
7  * are met:
8  * 1. Redistributions of source code must retain the above copyright
9  *    notice, this list of conditions and the following disclaimer.
10  * 2. Redistributions in binary form must reproduce the above copyright
11  *    notice, this list of conditions and the following disclaimer in the
12  *    documentation and/or other materials provided with the distribution.
13  *
14  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
15  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
16  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
17  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
18  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
19  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
20  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
21  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
22  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
23  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
24  * SUCH DAMAGE.
25  *
26  * $FreeBSD$
27  */
28 
29 /*
30  * IPsec-specific mbuf routines.
31  */
32 
33 #include "opt_param.h"
34 
35 #include <sys/param.h>
36 #include <sys/systm.h>
37 #include <sys/mbuf.h>
38 #include <sys/socket.h>
39 
40 #include <net/route.h>
41 #include <netinet/in.h>
42 
43 #include <netipsec/ipsec.h>
44 
45 /*
46  * Make space for a new header of length hlen at skip bytes
47  * into the packet.  When doing this we allocate new mbufs only
48  * when absolutely necessary.  The mbuf where the new header
49  * is to go is returned together with an offset into the mbuf.
50  * If NULL is returned then the mbuf chain may have been modified;
51  * the caller is assumed to always free the chain.
52  */
53 struct mbuf *
54 m_makespace(struct mbuf *m0, int skip, int hlen, int *off)
55 {
56 	struct mbuf *m;
57 	unsigned remain;
58 
59 	IPSEC_ASSERT(m0 != NULL, ("null mbuf"));
60 	IPSEC_ASSERT(hlen < MHLEN, ("hlen too big: %u", hlen));
61 
62 	for (m = m0; m && skip > m->m_len; m = m->m_next)
63 		skip -= m->m_len;
64 	if (m == NULL)
65 		return (NULL);
66 	/*
67 	 * At this point skip is the offset into the mbuf m
68 	 * where the new header should be placed.  Figure out
69 	 * if there's space to insert the new header.  If so,
70 	 * and copying the remainder makese sense then do so.
71 	 * Otherwise insert a new mbuf in the chain, splitting
72 	 * the contents of m as needed.
73 	 */
74 	remain = m->m_len - skip;		/* data to move */
75 	if (hlen > M_TRAILINGSPACE(m)) {
76 		struct mbuf *n;
77 
78 		/* XXX code doesn't handle clusters XXX */
79 		IPSEC_ASSERT(remain < MLEN, ("remainder too big: %u", remain));
80 		/*
81 		 * Not enough space in m, split the contents
82 		 * of m, inserting new mbufs as required.
83 		 *
84 		 * NB: this ignores mbuf types.
85 		 */
86 		MGET(n, M_DONTWAIT, MT_DATA);
87 		if (n == NULL)
88 			return (NULL);
89 		n->m_next = m->m_next;		/* splice new mbuf */
90 		m->m_next = n;
91 		ipsec4stat.ips_mbinserted++;
92 		if (hlen <= M_TRAILINGSPACE(m) + remain) {
93 			/*
94 			 * New header fits in the old mbuf if we copy
95 			 * the remainder; just do the copy to the new
96 			 * mbuf and we're good to go.
97 			 */
98 			memcpy(mtod(n, caddr_t),
99 			       mtod(m, caddr_t) + skip, remain);
100 			n->m_len = remain;
101 			m->m_len = skip + hlen;
102 			*off = skip;
103 		} else {
104 			/*
105 			 * No space in the old mbuf for the new header.
106 			 * Make space in the new mbuf and check the
107 			 * remainder'd data fits too.  If not then we
108 			 * must allocate an additional mbuf (yech).
109 			 */
110 			n->m_len = 0;
111 			if (remain + hlen > M_TRAILINGSPACE(n)) {
112 				struct mbuf *n2;
113 
114 				MGET(n2, M_DONTWAIT, MT_DATA);
115 				/* NB: new mbuf is on chain, let caller free */
116 				if (n2 == NULL)
117 					return (NULL);
118 				n2->m_len = 0;
119 				memcpy(mtod(n2, caddr_t),
120 				       mtod(m, caddr_t) + skip, remain);
121 				n2->m_len = remain;
122 				/* splice in second mbuf */
123 				n2->m_next = n->m_next;
124 				n->m_next = n2;
125 				ipsec4stat.ips_mbinserted++;
126 			} else {
127 				memcpy(mtod(n, caddr_t) + hlen,
128 				       mtod(m, caddr_t) + skip, remain);
129 				n->m_len += remain;
130 			}
131 			m->m_len -= remain;
132 			n->m_len += hlen;
133 			m = n;			/* header is at front ... */
134 			*off = 0;		/* ... of new mbuf */
135 		}
136 	} else {
137 		/*
138 		 * Copy the remainder to the back of the mbuf
139 		 * so there's space to write the new header.
140 		 */
141 		bcopy(mtod(m, caddr_t) + skip,
142 		      mtod(m, caddr_t) + skip + hlen, remain);
143 		m->m_len += hlen;
144 		*off = skip;
145 	}
146 	m0->m_pkthdr.len += hlen;		/* adjust packet length */
147 	return m;
148 }
149 
150 /*
151  * m_pad(m, n) pads <m> with <n> bytes at the end. The packet header
152  * length is updated, and a pointer to the first byte of the padding
153  * (which is guaranteed to be all in one mbuf) is returned.
154  */
155 caddr_t
156 m_pad(struct mbuf *m, int n)
157 {
158 	register struct mbuf *m0, *m1;
159 	register int len, pad;
160 	caddr_t retval;
161 
162 	if (n <= 0) {  /* No stupid arguments. */
163 		DPRINTF(("%s: pad length invalid (%d)\n", __func__, n));
164 		m_freem(m);
165 		return NULL;
166 	}
167 
168 	len = m->m_pkthdr.len;
169 	pad = n;
170 	m0 = m;
171 
172 	while (m0->m_len < len) {
173 		len -= m0->m_len;
174 		m0 = m0->m_next;
175 	}
176 
177 	if (m0->m_len != len) {
178 		DPRINTF(("%s: length mismatch (should be %d instead of %d)\n",
179 			__func__, m->m_pkthdr.len,
180 			m->m_pkthdr.len + m0->m_len - len));
181 
182 		m_freem(m);
183 		return NULL;
184 	}
185 
186 	/* Check for zero-length trailing mbufs, and find the last one. */
187 	for (m1 = m0; m1->m_next; m1 = m1->m_next) {
188 		if (m1->m_next->m_len != 0) {
189 			DPRINTF(("%s: length mismatch (should be %d instead "
190 				"of %d)\n", __func__,
191 				m->m_pkthdr.len,
192 				m->m_pkthdr.len + m1->m_next->m_len));
193 
194 			m_freem(m);
195 			return NULL;
196 		}
197 
198 		m0 = m1->m_next;
199 	}
200 
201 	if (pad > M_TRAILINGSPACE(m0)) {
202 		/* Add an mbuf to the chain. */
203 		MGET(m1, M_DONTWAIT, MT_DATA);
204 		if (m1 == 0) {
205 			m_freem(m0);
206 			DPRINTF(("%s: unable to get extra mbuf\n", __func__));
207 			return NULL;
208 		}
209 
210 		m0->m_next = m1;
211 		m0 = m1;
212 		m0->m_len = 0;
213 	}
214 
215 	retval = m0->m_data + m0->m_len;
216 	m0->m_len += pad;
217 	m->m_pkthdr.len += pad;
218 
219 	return retval;
220 }
221 
222 /*
223  * Remove hlen data at offset skip in the packet.  This is used by
224  * the protocols strip protocol headers and associated data (e.g. IV,
225  * authenticator) on input.
226  */
227 int
228 m_striphdr(struct mbuf *m, int skip, int hlen)
229 {
230 	struct mbuf *m1;
231 	int roff;
232 
233 	/* Find beginning of header */
234 	m1 = m_getptr(m, skip, &roff);
235 	if (m1 == NULL)
236 		return (EINVAL);
237 
238 	/* Remove the header and associated data from the mbuf. */
239 	if (roff == 0) {
240 		/* The header was at the beginning of the mbuf */
241 		ipsec4stat.ips_input_front++;
242 		m_adj(m1, hlen);
243 		if ((m1->m_flags & M_PKTHDR) == 0)
244 			m->m_pkthdr.len -= hlen;
245 	} else if (roff + hlen >= m1->m_len) {
246 		struct mbuf *mo;
247 
248 		/*
249 		 * Part or all of the header is at the end of this mbuf,
250 		 * so first let's remove the remainder of the header from
251 		 * the beginning of the remainder of the mbuf chain, if any.
252 		 */
253 		ipsec4stat.ips_input_end++;
254 		if (roff + hlen > m1->m_len) {
255 			/* Adjust the next mbuf by the remainder */
256 			m_adj(m1->m_next, roff + hlen - m1->m_len);
257 
258 			/* The second mbuf is guaranteed not to have a pkthdr... */
259 			m->m_pkthdr.len -= (roff + hlen - m1->m_len);
260 		}
261 
262 		/* Now, let's unlink the mbuf chain for a second...*/
263 		mo = m1->m_next;
264 		m1->m_next = NULL;
265 
266 		/* ...and trim the end of the first part of the chain...sick */
267 		m_adj(m1, -(m1->m_len - roff));
268 		if ((m1->m_flags & M_PKTHDR) == 0)
269 			m->m_pkthdr.len -= (m1->m_len - roff);
270 
271 		/* Finally, let's relink */
272 		m1->m_next = mo;
273 	} else {
274 		/*
275 		 * The header lies in the "middle" of the mbuf; copy
276 		 * the remainder of the mbuf down over the header.
277 		 */
278 		ipsec4stat.ips_input_middle++;
279 		bcopy(mtod(m1, u_char *) + roff + hlen,
280 		      mtod(m1, u_char *) + roff,
281 		      m1->m_len - (roff + hlen));
282 		m1->m_len -= hlen;
283 		m->m_pkthdr.len -= hlen;
284 	}
285 	return (0);
286 }
287 
288 /*
289  * Diagnostic routine to check mbuf alignment as required by the
290  * crypto device drivers (that use DMA).
291  */
292 void
293 m_checkalignment(const char* where, struct mbuf *m0, int off, int len)
294 {
295 	int roff;
296 	struct mbuf *m = m_getptr(m0, off, &roff);
297 	caddr_t addr;
298 
299 	if (m == NULL)
300 		return;
301 	printf("%s (off %u len %u): ", where, off, len);
302 	addr = mtod(m, caddr_t) + roff;
303 	do {
304 		int mlen;
305 
306 		if (((uintptr_t) addr) & 3) {
307 			printf("addr misaligned %p,", addr);
308 			break;
309 		}
310 		mlen = m->m_len;
311 		if (mlen > len)
312 			mlen = len;
313 		len -= mlen;
314 		if (len && (mlen & 3)) {
315 			printf("len mismatch %u,", mlen);
316 			break;
317 		}
318 		m = m->m_next;
319 		addr = m ? mtod(m, caddr_t) : NULL;
320 	} while (m && len > 0);
321 	for (m = m0; m; m = m->m_next)
322 		printf(" [%p:%u]", mtod(m, caddr_t), m->m_len);
323 	printf("\n");
324 }
325