xref: /freebsd/sys/netipsec/ipsec_mbuf.c (revision a64729f5077d77e13b9497cb33ecb3c82e606ee8)
1 /*-
2  * SPDX-License-Identifier: BSD-2-Clause
3  *
4  * Copyright (c) 2002, 2003 Sam Leffler, Errno Consulting
5  * All rights reserved.
6  *
7  * Redistribution and use in source and binary forms, with or without
8  * modification, are permitted provided that the following conditions
9  * are met:
10  * 1. Redistributions of source code must retain the above copyright
11  *    notice, this list of conditions and the following disclaimer.
12  * 2. Redistributions in binary form must reproduce the above copyright
13  *    notice, this list of conditions and the following disclaimer in the
14  *    documentation and/or other materials provided with the distribution.
15  *
16  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
17  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
18  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
19  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
20  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
21  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
22  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
23  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
24  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
25  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
26  * SUCH DAMAGE.
27  */
28 
29 /*
30  * IPsec-specific mbuf routines.
31  */
32 
33 #include "opt_ipsec.h"
34 
35 #include <sys/param.h>
36 #include <sys/systm.h>
37 #include <sys/malloc.h>
38 #include <sys/mbuf.h>
39 #include <sys/socket.h>
40 
41 #include <net/vnet.h>
42 #include <netinet/in.h>
43 #include <netipsec/ipsec.h>
44 
45 /*
46  * Make space for a new header of length hlen at skip bytes
47  * into the packet.  When doing this we allocate new mbufs only
48  * when absolutely necessary.  The mbuf where the new header
49  * is to go is returned together with an offset into the mbuf.
50  * If NULL is returned then the mbuf chain may have been modified;
51  * the caller is assumed to always free the chain.
52  */
53 struct mbuf *
54 m_makespace(struct mbuf *m0, int skip, int hlen, int *off)
55 {
56 	struct mbuf *m;
57 	unsigned remain;
58 
59 	IPSEC_ASSERT(m0 != NULL, ("null mbuf"));
60 	IPSEC_ASSERT(hlen < MHLEN, ("hlen too big: %u", hlen));
61 
62 	for (m = m0; m && skip > m->m_len; m = m->m_next)
63 		skip -= m->m_len;
64 	if (m == NULL)
65 		return (NULL);
66 	/*
67 	 * At this point skip is the offset into the mbuf m
68 	 * where the new header should be placed.  Figure out
69 	 * if there's space to insert the new header.  If so,
70 	 * and copying the remainder makes sense then do so.
71 	 * Otherwise insert a new mbuf in the chain, splitting
72 	 * the contents of m as needed.
73 	 */
74 	remain = m->m_len - skip;		/* data to move */
75 	if (remain > skip &&
76 	    hlen + max_linkhdr < M_LEADINGSPACE(m)) {
77 		/*
78 		 * mbuf has enough free space at the beginning.
79 		 * XXX: which operation is the most heavy - copying of
80 		 *	possible several hundred of bytes or allocation
81 		 *	of new mbuf? We can remove max_linkhdr check
82 		 *	here, but it is possible that this will lead
83 		 *	to allocation of new mbuf in Layer 2 code.
84 		 */
85 		m->m_data -= hlen;
86 		bcopy(mtodo(m, hlen), mtod(m, caddr_t), skip);
87 		m->m_len += hlen;
88 		*off = skip;
89 	} else if (hlen > M_TRAILINGSPACE(m)) {
90 		struct mbuf *n0, *n, **np;
91 		int todo, len, done;
92 
93 		n0 = NULL;
94 		np = &n0;
95 		done = 0;
96 		todo = remain;
97 		while (todo > 0) {
98 			if (todo > MHLEN) {
99 				n = m_getcl(M_NOWAIT, m->m_type, 0);
100 				len = MCLBYTES;
101 			}
102 			else {
103 				n = m_get(M_NOWAIT, m->m_type);
104 				len = MHLEN;
105 			}
106 			if (n == NULL) {
107 				m_freem(n0);
108 				return NULL;
109 			}
110 			*np = n;
111 			np = &n->m_next;
112 			len = min(todo, len);
113 			memcpy(n->m_data, mtod(m, char *) + skip + done, len);
114 			n->m_len = len;
115 			done += len;
116 			todo -= len;
117 		}
118 
119 		if (hlen <= M_TRAILINGSPACE(m) + remain) {
120 			m->m_len = skip + hlen;
121 			*off = skip;
122 			if (n0 != NULL) {
123 				*np = m->m_next;
124 				m->m_next = n0;
125 			}
126 		}
127 		else {
128 			n = m_get(M_NOWAIT, m->m_type);
129 			if (n == NULL) {
130 				m_freem(n0);
131 				return NULL;
132 			}
133 
134 			if ((n->m_next = n0) == NULL)
135 				np = &n->m_next;
136 			n0 = n;
137 
138 			*np = m->m_next;
139 			m->m_next = n0;
140 
141 			n->m_len = hlen;
142 			m->m_len = skip;
143 
144 			m = n;			/* header is at front ... */
145 			*off = 0;		/* ... of new mbuf */
146 		}
147 		IPSECSTAT_INC(ips_mbinserted);
148 	} else {
149 		/*
150 		 * Copy the remainder to the back of the mbuf
151 		 * so there's space to write the new header.
152 		 */
153 		bcopy(mtod(m, caddr_t) + skip,
154 		    mtod(m, caddr_t) + skip + hlen, remain);
155 		m->m_len += hlen;
156 		*off = skip;
157 	}
158 	m0->m_pkthdr.len += hlen;		/* adjust packet length */
159 	return m;
160 }
161 
162 /*
163  * m_pad(m, n) pads <m> with <n> bytes at the end. The packet header
164  * length is updated, and a pointer to the first byte of the padding
165  * (which is guaranteed to be all in one mbuf) is returned.
166  */
167 caddr_t
168 m_pad(struct mbuf *m, int n)
169 {
170 	struct mbuf *m0, *m1;
171 	int len, pad;
172 	caddr_t retval;
173 
174 	if (n <= 0) {  /* No stupid arguments. */
175 		DPRINTF(("%s: pad length invalid (%d)\n", __func__, n));
176 		m_freem(m);
177 		return NULL;
178 	}
179 
180 	len = m->m_pkthdr.len;
181 	pad = n;
182 	m0 = m;
183 
184 	while (m0->m_len < len) {
185 		len -= m0->m_len;
186 		m0 = m0->m_next;
187 	}
188 
189 	if (m0->m_len != len) {
190 		DPRINTF(("%s: length mismatch (should be %d instead of %d)\n",
191 			__func__, m->m_pkthdr.len,
192 			m->m_pkthdr.len + m0->m_len - len));
193 
194 		m_freem(m);
195 		return NULL;
196 	}
197 
198 	/* Check for zero-length trailing mbufs, and find the last one. */
199 	for (m1 = m0; m1->m_next; m1 = m1->m_next) {
200 		if (m1->m_next->m_len != 0) {
201 			DPRINTF(("%s: length mismatch (should be %d instead "
202 				"of %d)\n", __func__,
203 				m->m_pkthdr.len,
204 				m->m_pkthdr.len + m1->m_next->m_len));
205 
206 			m_freem(m);
207 			return NULL;
208 		}
209 
210 		m0 = m1->m_next;
211 	}
212 
213 	if (pad > M_TRAILINGSPACE(m0)) {
214 		/* Add an mbuf to the chain. */
215 		MGET(m1, M_NOWAIT, MT_DATA);
216 		if (m1 == NULL) {
217 			m_freem(m0);
218 			DPRINTF(("%s: unable to get extra mbuf\n", __func__));
219 			return NULL;
220 		}
221 
222 		m0->m_next = m1;
223 		m0 = m1;
224 		m0->m_len = 0;
225 	}
226 
227 	retval = m0->m_data + m0->m_len;
228 	m0->m_len += pad;
229 	m->m_pkthdr.len += pad;
230 
231 	return retval;
232 }
233 
234 /*
235  * Remove hlen data at offset skip in the packet.  This is used by
236  * the protocols strip protocol headers and associated data (e.g. IV,
237  * authenticator) on input.
238  */
239 int
240 m_striphdr(struct mbuf *m, int skip, int hlen)
241 {
242 	struct mbuf *m1;
243 	int roff;
244 
245 	/* Find beginning of header */
246 	m1 = m_getptr(m, skip, &roff);
247 	if (m1 == NULL)
248 		return (EINVAL);
249 
250 	/* Remove the header and associated data from the mbuf. */
251 	if (roff == 0) {
252 		/* The header was at the beginning of the mbuf */
253 		IPSECSTAT_INC(ips_input_front);
254 		m_adj(m1, hlen);
255 		if (m1 != m)
256 			m->m_pkthdr.len -= hlen;
257 	} else if (roff + hlen >= m1->m_len) {
258 		struct mbuf *mo;
259 		int adjlen;
260 
261 		/*
262 		 * Part or all of the header is at the end of this mbuf,
263 		 * so first let's remove the remainder of the header from
264 		 * the beginning of the remainder of the mbuf chain, if any.
265 		 */
266 		IPSECSTAT_INC(ips_input_end);
267 		if (roff + hlen > m1->m_len) {
268 			adjlen = roff + hlen - m1->m_len;
269 
270 			/* Adjust the next mbuf by the remainder */
271 			m_adj(m1->m_next, adjlen);
272 
273 			/* The second mbuf is guaranteed not to have a pkthdr... */
274 			m->m_pkthdr.len -= adjlen;
275 		}
276 
277 		/* Now, let's unlink the mbuf chain for a second...*/
278 		mo = m1->m_next;
279 		m1->m_next = NULL;
280 
281 		/* ...and trim the end of the first part of the chain...sick */
282 		adjlen = m1->m_len - roff;
283 		m_adj(m1, -adjlen);
284 		if (m1 != m)
285 			m->m_pkthdr.len -= adjlen;
286 
287 		/* Finally, let's relink */
288 		m1->m_next = mo;
289 	} else {
290 		/*
291 		 * The header lies in the "middle" of the mbuf; copy
292 		 * the remainder of the mbuf down over the header.
293 		 */
294 		IPSECSTAT_INC(ips_input_middle);
295 		bcopy(mtod(m1, u_char *) + roff + hlen,
296 		      mtod(m1, u_char *) + roff,
297 		      m1->m_len - (roff + hlen));
298 		m1->m_len -= hlen;
299 		m->m_pkthdr.len -= hlen;
300 	}
301 	return (0);
302 }
303 
304 /*
305  * Diagnostic routine to check mbuf alignment as required by the
306  * crypto device drivers (that use DMA).
307  */
308 void
309 m_checkalignment(const char* where, struct mbuf *m0, int off, int len)
310 {
311 	int roff;
312 	struct mbuf *m = m_getptr(m0, off, &roff);
313 	caddr_t addr;
314 
315 	if (m == NULL)
316 		return;
317 	printf("%s (off %u len %u): ", where, off, len);
318 	addr = mtod(m, caddr_t) + roff;
319 	do {
320 		int mlen;
321 
322 		if (((uintptr_t) addr) & 3) {
323 			printf("addr misaligned %p,", addr);
324 			break;
325 		}
326 		mlen = m->m_len;
327 		if (mlen > len)
328 			mlen = len;
329 		len -= mlen;
330 		if (len && (mlen & 3)) {
331 			printf("len mismatch %u,", mlen);
332 			break;
333 		}
334 		m = m->m_next;
335 		addr = m ? mtod(m, caddr_t) : NULL;
336 	} while (m && len > 0);
337 	for (m = m0; m; m = m->m_next)
338 		printf(" [%p:%u]", mtod(m, caddr_t), m->m_len);
339 	printf("\n");
340 }
341