2 * SPDX-License-Identifier: BSD-2-Clause-FreeBSD
4 * Copyright (c) 2006 Vadim Goncharov <vadimnuclight@tpu.ru>
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
10 * 1. Redistributions of source code must retain the above copyright
11 * notice unmodified, this list of conditions, and the following
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
17 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
18 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
19 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
20 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
21 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
22 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
23 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
24 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
25 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
26 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
29 * Portions Copyright (c) 1999 Whistle Communications, Inc.
30 * (ng_bpf by Archie Cobbs <archie@freebsd.org>)
36 * TAG NETGRAPH NODE TYPE
38 * This node type accepts an arbitrary number of hooks. Each hook can be
39 * configured for an mbuf_tags(9) definition and two hook names: a hook
40 * for matched packets, and a hook for packets, that didn't match. Incoming
41 * packets are examined for configured tag, matched packets are delivered
42 * out via first hook, and not matched out via second. If corresponding hook
43 * is not configured, packets are dropped.
45 * A hook can also have an outgoing tag definition configured, so that
46 * all packets leaving the hook will be unconditionally appended with newly
49 * Both hooks can be set to null tag definitions (that is, with zeroed
50 * fields), so that packet tags are unmodified on output or all packets
51 * are unconditionally forwarded to non-matching hook on input. There is
52 * also a possibility to replace tags by specifying strip flag on input
53 * and replacing tag on corresponding output tag (or simply remove tag if
54 * no tag specified on output).
56 * If compiled with NG_TAG_DEBUG, each hook also keeps statistics about
57 * how many packets have matched, etc.
60 #include <sys/param.h>
61 #include <sys/systm.h>
62 #include <sys/errno.h>
63 #include <sys/kernel.h>
64 #include <sys/malloc.h>
66 #include <sys/stddef.h>
68 #include <netgraph/ng_message.h>
69 #include <netgraph/netgraph.h>
70 #include <netgraph/ng_parse.h>
71 #include <netgraph/ng_tag.h>
73 #ifdef NG_SEPARATE_MALLOC
74 static MALLOC_DEFINE(M_NETGRAPH_TAG, "netgraph_tag", "netgraph tag node");
76 #define M_NETGRAPH_TAG M_NETGRAPH
79 #define ERROUT(x) do { error = (x); goto done; } while (0)
82 * Per hook private info.
84 * We've separated API and ABI here, to make easier changes in this node,
85 * if needed. If you want to change representation, please do not break API.
86 * We still keep API structures in memory to simplify access to them for
87 * GET* messages, but most of data is accessed in internal representation
88 * only. The reason for this is to speed things up - if data will be
89 * accessed from API structures, there would be double pointer dereferencing
90 * in the code, which almost necessarily leads to CPU cache misses and
93 * We also do another optimization by using resolved pointers to
94 * destination hooks instead of expensive ng_findhook().
96 struct ng_tag_hookinfo {
97 hook_p hi_match; /* matching hook pointer */
98 hook_p hi_nonmatch; /* non-matching hook pointer */
99 uint32_t in_tag_cookie;
100 uint32_t out_tag_cookie;
104 uint16_t out_tag_len;
108 struct ng_tag_hookin *in;
109 struct ng_tag_hookout *out;
111 struct ng_tag_hookstat stats;
114 typedef struct ng_tag_hookinfo *hinfo_p;
116 /* Netgraph methods. */
117 static ng_constructor_t ng_tag_constructor;
118 static ng_rcvmsg_t ng_tag_rcvmsg;
119 static ng_shutdown_t ng_tag_shutdown;
120 static ng_newhook_t ng_tag_newhook;
121 static ng_rcvdata_t ng_tag_rcvdata;
122 static ng_disconnect_t ng_tag_disconnect;
124 /* Internal helper functions. */
125 static int ng_tag_setdata_in(hook_p hook, const struct ng_tag_hookin *hp);
126 static int ng_tag_setdata_out(hook_p hook, const struct ng_tag_hookout *hp);
128 /* Parse types for the field 'tag_data' in structs ng_tag_hookin and out. */
130 ng_tag_hookinary_getLength(const struct ng_parse_type *type,
131 const u_char *start, const u_char *buf)
133 const struct ng_tag_hookin *hp;
135 hp = (const struct ng_tag_hookin *)
136 (buf - offsetof(struct ng_tag_hookin, tag_data));
137 return (hp->tag_len);
141 ng_tag_hookoutary_getLength(const struct ng_parse_type *type,
142 const u_char *start, const u_char *buf)
144 const struct ng_tag_hookout *hp;
146 hp = (const struct ng_tag_hookout *)
147 (buf - offsetof(struct ng_tag_hookout, tag_data));
148 return (hp->tag_len);
151 static const struct ng_parse_type ng_tag_hookinary_type = {
152 &ng_parse_bytearray_type,
153 &ng_tag_hookinary_getLength
156 static const struct ng_parse_type ng_tag_hookoutary_type = {
157 &ng_parse_bytearray_type,
158 &ng_tag_hookoutary_getLength
161 /* Parse type for struct ng_tag_hookin. */
162 static const struct ng_parse_struct_field ng_tag_hookin_type_fields[]
163 = NG_TAG_HOOKIN_TYPE_INFO(&ng_tag_hookinary_type);
164 static const struct ng_parse_type ng_tag_hookin_type = {
165 &ng_parse_struct_type,
166 &ng_tag_hookin_type_fields
169 /* Parse type for struct ng_tag_hookout. */
170 static const struct ng_parse_struct_field ng_tag_hookout_type_fields[]
171 = NG_TAG_HOOKOUT_TYPE_INFO(&ng_tag_hookoutary_type);
172 static const struct ng_parse_type ng_tag_hookout_type = {
173 &ng_parse_struct_type,
174 &ng_tag_hookout_type_fields
178 /* Parse type for struct ng_tag_hookstat. */
179 static const struct ng_parse_struct_field ng_tag_hookstat_type_fields[]
180 = NG_TAG_HOOKSTAT_TYPE_INFO;
181 static const struct ng_parse_type ng_tag_hookstat_type = {
182 &ng_parse_struct_type,
183 &ng_tag_hookstat_type_fields
187 /* List of commands and how to convert arguments to/from ASCII. */
188 static const struct ng_cmdlist ng_tag_cmdlist[] = {
200 &ng_parse_hookbuf_type,
207 &ng_tag_hookout_type,
214 &ng_parse_hookbuf_type,
222 &ng_parse_hookbuf_type,
223 &ng_tag_hookstat_type
229 &ng_parse_hookbuf_type,
234 NGM_TAG_GETCLR_STATS,
236 &ng_parse_hookbuf_type,
237 &ng_tag_hookstat_type
243 /* Netgraph type descriptor. */
244 static struct ng_type typestruct = {
245 .version = NG_ABI_VERSION,
246 .name = NG_TAG_NODE_TYPE,
247 .constructor = ng_tag_constructor,
248 .rcvmsg = ng_tag_rcvmsg,
249 .shutdown = ng_tag_shutdown,
250 .newhook = ng_tag_newhook,
251 .rcvdata = ng_tag_rcvdata,
252 .disconnect = ng_tag_disconnect,
253 .cmdlist = ng_tag_cmdlist,
255 NETGRAPH_INIT(tag, &typestruct);
258 * This are default API structures (initialized to zeroes) which are
259 * returned in response to GET* messages when no configuration was made.
260 * One could ask why to have this structures at all when we have
261 * ng_tag_hookinfo initialized to zero and don't need in and out structures
262 * at all to operate. Unfortunatelly, we have to return thisHook field
263 * in response to messages so the fastest and simpliest way is to have
264 * this default structures and initialize thisHook once at hook creation
265 * rather than to do it on every response.
268 /* Default tag values for a hook that matches nothing. */
269 static const struct ng_tag_hookin ng_tag_default_in = {
270 { '\0' }, /* to be filled in at hook creation time */
279 /* Default tag values for a hook that adds nothing */
280 static const struct ng_tag_hookout ng_tag_default_out = {
281 { '\0' }, /* to be filled in at hook creation time */
290 * We don't keep any per-node private data - we do it on per-hook basis.
293 ng_tag_constructor(node_p node)
302 ng_tag_newhook(node_p node, hook_p hook, const char *name)
307 /* Create hook private structure. */
308 hip = malloc(sizeof(*hip), M_NETGRAPH_TAG, M_NOWAIT | M_ZERO);
311 NG_HOOK_SET_PRIVATE(hook, hip);
314 * After M_ZERO both in and out hook pointers are set to NULL,
315 * as well as all members and pointers to in and out API
316 * structures, so we need to set explicitly only thisHook field
317 * in that structures (after allocating them, of course).
320 /* Attach the default IN data. */
321 if ((error = ng_tag_setdata_in(hook, &ng_tag_default_in)) != 0) {
322 free(hip, M_NETGRAPH_TAG);
326 /* Attach the default OUT data. */
327 if ((error = ng_tag_setdata_out(hook, &ng_tag_default_out)) != 0) {
328 free(hip, M_NETGRAPH_TAG);
333 * Set hook name. This is done only once at hook creation time
334 * since hook name can't change, rather than to do it on every
335 * response to messages requesting API structures with data who
338 strncpy(hip->in->thisHook, name, sizeof(hip->in->thisHook) - 1);
339 hip->in->thisHook[sizeof(hip->in->thisHook) - 1] = '\0';
340 strncpy(hip->out->thisHook, name, sizeof(hip->out->thisHook) - 1);
341 hip->out->thisHook[sizeof(hip->out->thisHook) - 1] = '\0';
346 * Receive a control message.
349 ng_tag_rcvmsg(node_p node, item_p item, hook_p lasthook)
352 struct ng_mesg *resp = NULL;
355 NGI_GET_MSG(item, msg);
356 switch (msg->header.typecookie) {
358 switch (msg->header.cmd) {
359 case NGM_TAG_SET_HOOKIN:
361 struct ng_tag_hookin *const
362 hp = (struct ng_tag_hookin *)msg->data;
366 if (msg->header.arglen < sizeof(*hp)
367 || msg->header.arglen !=
368 NG_TAG_HOOKIN_SIZE(hp->tag_len))
372 if ((hook = ng_findhook(node, hp->thisHook)) == NULL)
375 /* Set new tag values. */
376 if ((error = ng_tag_setdata_in(hook, hp)) != 0)
381 case NGM_TAG_SET_HOOKOUT:
383 struct ng_tag_hookout *const
384 hp = (struct ng_tag_hookout *)msg->data;
388 if (msg->header.arglen < sizeof(*hp)
389 || msg->header.arglen !=
390 NG_TAG_HOOKOUT_SIZE(hp->tag_len))
394 if ((hook = ng_findhook(node, hp->thisHook)) == NULL)
397 /* Set new tag values. */
398 if ((error = ng_tag_setdata_out(hook, hp)) != 0)
403 case NGM_TAG_GET_HOOKIN:
405 struct ng_tag_hookin *hp;
409 if (msg->header.arglen == 0)
411 msg->data[msg->header.arglen - 1] = '\0';
414 if ((hook = ng_findhook(node, msg->data)) == NULL)
417 /* Build response. */
418 hp = ((hinfo_p)NG_HOOK_PRIVATE(hook))->in;
419 NG_MKRESPONSE(resp, msg,
420 NG_TAG_HOOKIN_SIZE(hp->tag_len), M_WAITOK);
421 /* M_WAITOK can't return NULL. */
422 bcopy(hp, resp->data,
423 NG_TAG_HOOKIN_SIZE(hp->tag_len));
427 case NGM_TAG_GET_HOOKOUT:
429 struct ng_tag_hookout *hp;
433 if (msg->header.arglen == 0)
435 msg->data[msg->header.arglen - 1] = '\0';
438 if ((hook = ng_findhook(node, msg->data)) == NULL)
441 /* Build response. */
442 hp = ((hinfo_p)NG_HOOK_PRIVATE(hook))->out;
443 NG_MKRESPONSE(resp, msg,
444 NG_TAG_HOOKOUT_SIZE(hp->tag_len), M_WAITOK);
445 /* M_WAITOK can't return NULL. */
446 bcopy(hp, resp->data,
447 NG_TAG_HOOKOUT_SIZE(hp->tag_len));
452 case NGM_TAG_GET_STATS:
453 case NGM_TAG_CLR_STATS:
454 case NGM_TAG_GETCLR_STATS:
456 struct ng_tag_hookstat *stats;
460 if (msg->header.arglen == 0)
462 msg->data[msg->header.arglen - 1] = '\0';
465 if ((hook = ng_findhook(node, msg->data)) == NULL)
467 stats = &((hinfo_p)NG_HOOK_PRIVATE(hook))->stats;
469 /* Build response (if desired). */
470 if (msg->header.cmd != NGM_TAG_CLR_STATS) {
472 msg, sizeof(*stats), M_WAITOK);
473 /* M_WAITOK can't return NULL. */
474 bcopy(stats, resp->data, sizeof(*stats));
477 /* Clear stats (if desired). */
478 if (msg->header.cmd != NGM_TAG_GET_STATS)
479 bzero(stats, sizeof(*stats));
482 #endif /* NG_TAG_DEBUG */
494 NG_RESPOND_MSG(error, node, item, resp);
500 * Receive data on a hook.
502 * Apply the filter, and then drop or forward packet as appropriate.
505 ng_tag_rcvdata(hook_p hook, item_p item)
508 struct m_tag *tag = NULL;
509 const hinfo_p hip = NG_HOOK_PRIVATE(hook);
510 uint16_t type, tag_len;
515 int found = 0, error = 0;
517 m = NGI_M(item); /* 'item' still owns it.. we are peeking */
518 totlen = m->m_pkthdr.len;
521 hip->stats.recvFrames++;
522 hip->stats.recvOctets += totlen;
525 /* Looking up incoming tag. */
526 cookie = hip->in_tag_cookie;
527 type = hip->in_tag_id;
528 tag_len = hip->in_tag_len;
531 * We treat case of all zeroes specially (that is, cookie and
532 * type are equal to zero), as we assume that such tag
533 * can never occur in the wild. So we don't waste time trying
534 * to find such tag (for example, these are zeroes after hook
535 * creation in default structures).
537 if ((cookie != 0) || (type != 0)) {
538 tag = m_tag_locate(m, cookie, type, NULL);
539 while (tag != NULL) {
540 if (memcmp((void *)(tag + 1),
541 hip->in_tag_data, tag_len) == 0) {
545 tag = m_tag_locate(m, cookie, type, tag);
549 /* See if we got a match and find destination hook. */
552 hip->stats.recvMatchFrames++;
553 hip->stats.recvMatchOctets += totlen;
556 m_tag_delete(m, tag);
557 dest = hip->hi_match;
559 dest = hip->hi_nonmatch;
565 /* Deliver frame out destination hook. */
566 dhip = NG_HOOK_PRIVATE(dest);
569 dhip->stats.xmitOctets += totlen;
570 dhip->stats.xmitFrames++;
573 cookie = dhip->out_tag_cookie;
574 type = dhip->out_tag_id;
575 tag_len = dhip->out_tag_len;
577 if ((cookie != 0) || (type != 0)) {
578 tag = m_tag_alloc(cookie, type, tag_len, M_NOWAIT);
579 /* XXX may be free the mbuf if tag allocation failed? */
582 /* copy tag data to its place */
583 memcpy((void *)(tag + 1),
584 dhip->out_tag_data, tag_len);
586 m_tag_prepend(m, tag);
590 NG_FWD_ITEM_HOOK(error, item, dest);
595 * Shutdown processing.
598 ng_tag_shutdown(node_p node)
605 * Hook disconnection.
607 * We must check all hooks, since they may reference this one.
610 ng_tag_disconnect(hook_p hook)
612 const hinfo_p hip = NG_HOOK_PRIVATE(hook);
613 node_p node = NG_HOOK_NODE(hook);
616 KASSERT(hip != NULL, ("%s: null info", __func__));
618 LIST_FOREACH(hook2, &node->nd_hooks, hk_hooks) {
619 hinfo_p priv = NG_HOOK_PRIVATE(hook2);
621 if (priv->hi_match == hook)
622 priv->hi_match = NULL;
623 if (priv->hi_nonmatch == hook)
624 priv->hi_nonmatch = NULL;
627 free(hip->in, M_NETGRAPH_TAG);
628 free(hip->out, M_NETGRAPH_TAG);
629 free(hip, M_NETGRAPH_TAG);
630 NG_HOOK_SET_PRIVATE(hook, NULL); /* for good measure */
631 if ((NG_NODE_NUMHOOKS(NG_HOOK_NODE(hook)) == 0) &&
632 (NG_NODE_IS_VALID(NG_HOOK_NODE(hook)))) {
633 ng_rmnode_self(NG_HOOK_NODE(hook));
638 /************************************************************************
640 ************************************************************************/
643 * Set the IN tag values associated with a hook.
646 ng_tag_setdata_in(hook_p hook, const struct ng_tag_hookin *hp0)
648 const hinfo_p hip = NG_HOOK_PRIVATE(hook);
649 struct ng_tag_hookin *hp;
652 /* Make a copy of the tag values and data. */
653 size = NG_TAG_HOOKIN_SIZE(hp0->tag_len);
654 hp = malloc(size, M_NETGRAPH_TAG, M_WAITOK);
655 /* M_WAITOK can't return NULL. */
656 bcopy(hp0, hp, size);
658 /* Free previous tag, if any, and assign new one. */
660 free(hip->in, M_NETGRAPH_TAG);
664 * Resolve hook names to pointers.
666 * As ng_findhook() is expensive operation to do it on every packet
667 * after tag matching check, we do it here and use resolved pointers
670 * XXX The drawback is that user can configure a hook to use
671 * ifMatch/ifNotMatch hooks that do not yet exist and will be added
672 * by user later, so that resolved pointers will be NULL even
673 * if the hook already exists, causing node to drop packets and
674 * user to report bugs. We could do check for this situation on
675 * every hook creation with pointers correction, but that involves
676 * re-resolving for all pointers in all hooks, up to O(n^2) operations,
677 * so we better document this in man page for user not to do
678 * configuration before creating all hooks.
680 hip->hi_match = ng_findhook(NG_HOOK_NODE(hook), hip->in->ifMatch);
681 hip->hi_nonmatch = ng_findhook(NG_HOOK_NODE(hook), hip->in->ifNotMatch);
683 /* Fill internal values from API structures. */
684 hip->in_tag_cookie = hip->in->tag_cookie;
685 hip->in_tag_id = hip->in->tag_id;
686 hip->in_tag_len = hip->in->tag_len;
687 hip->strip = hip->in->strip;
688 hip->in_tag_data = (void*)(hip->in->tag_data);
693 * Set the OUT tag values associated with a hook.
696 ng_tag_setdata_out(hook_p hook, const struct ng_tag_hookout *hp0)
698 const hinfo_p hip = NG_HOOK_PRIVATE(hook);
699 struct ng_tag_hookout *hp;
702 /* Make a copy of the tag values and data. */
703 size = NG_TAG_HOOKOUT_SIZE(hp0->tag_len);
704 hp = malloc(size, M_NETGRAPH_TAG, M_WAITOK);
705 /* M_WAITOK can't return NULL. */
706 bcopy(hp0, hp, size);
708 /* Free previous tag, if any, and assign new one. */
709 if (hip->out != NULL)
710 free(hip->out, M_NETGRAPH_TAG);
713 /* Fill internal values from API structures. */
714 hip->out_tag_cookie = hip->out->tag_cookie;
715 hip->out_tag_id = hip->out->tag_id;
716 hip->out_tag_len = hip->out->tag_len;
717 hip->out_tag_data = (void*)(hip->out->tag_data);