2 * Copyright (c) 2002, 2003 Sam Leffler, Errno Consulting
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in the
12 * documentation and/or other materials provided with the distribution.
14 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
15 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
16 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
17 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
18 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
19 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
20 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
21 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
22 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
23 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
30 * IPsec-specific mbuf routines.
33 #include "opt_param.h"
35 #include <sys/param.h>
36 #include <sys/systm.h>
38 #include <sys/socket.h>
39 #include <sys/vimage.h>
41 #include <net/route.h>
42 #include <netinet/in.h>
44 #include <netipsec/ipsec.h>
47 * Make space for a new header of length hlen at skip bytes
48 * into the packet. When doing this we allocate new mbufs only
49 * when absolutely necessary. The mbuf where the new header
50 * is to go is returned together with an offset into the mbuf.
51 * If NULL is returned then the mbuf chain may have been modified;
52 * the caller is assumed to always free the chain.
55 m_makespace(struct mbuf *m0, int skip, int hlen, int *off)
57 INIT_VNET_IPSEC(curvnet);
61 IPSEC_ASSERT(m0 != NULL, ("null mbuf"));
62 IPSEC_ASSERT(hlen < MHLEN, ("hlen too big: %u", hlen));
64 for (m = m0; m && skip > m->m_len; m = m->m_next)
69 * At this point skip is the offset into the mbuf m
70 * where the new header should be placed. Figure out
71 * if there's space to insert the new header. If so,
72 * and copying the remainder makese sense then do so.
73 * Otherwise insert a new mbuf in the chain, splitting
74 * the contents of m as needed.
76 remain = m->m_len - skip; /* data to move */
77 if (hlen > M_TRAILINGSPACE(m)) {
80 /* XXX code doesn't handle clusters XXX */
81 IPSEC_ASSERT(remain < MLEN, ("remainder too big: %u", remain));
83 * Not enough space in m, split the contents
84 * of m, inserting new mbufs as required.
86 * NB: this ignores mbuf types.
88 MGET(n, M_DONTWAIT, MT_DATA);
91 n->m_next = m->m_next; /* splice new mbuf */
93 V_ipsec4stat.ips_mbinserted++;
94 if (hlen <= M_TRAILINGSPACE(m) + remain) {
96 * New header fits in the old mbuf if we copy
97 * the remainder; just do the copy to the new
98 * mbuf and we're good to go.
100 memcpy(mtod(n, caddr_t),
101 mtod(m, caddr_t) + skip, remain);
103 m->m_len = skip + hlen;
107 * No space in the old mbuf for the new header.
108 * Make space in the new mbuf and check the
109 * remainder'd data fits too. If not then we
110 * must allocate an additional mbuf (yech).
113 if (remain + hlen > M_TRAILINGSPACE(n)) {
116 MGET(n2, M_DONTWAIT, MT_DATA);
117 /* NB: new mbuf is on chain, let caller free */
121 memcpy(mtod(n2, caddr_t),
122 mtod(m, caddr_t) + skip, remain);
124 /* splice in second mbuf */
125 n2->m_next = n->m_next;
127 V_ipsec4stat.ips_mbinserted++;
129 memcpy(mtod(n, caddr_t) + hlen,
130 mtod(m, caddr_t) + skip, remain);
135 m = n; /* header is at front ... */
136 *off = 0; /* ... of new mbuf */
140 * Copy the remainder to the back of the mbuf
141 * so there's space to write the new header.
143 bcopy(mtod(m, caddr_t) + skip,
144 mtod(m, caddr_t) + skip + hlen, remain);
148 m0->m_pkthdr.len += hlen; /* adjust packet length */
153 * m_pad(m, n) pads <m> with <n> bytes at the end. The packet header
154 * length is updated, and a pointer to the first byte of the padding
155 * (which is guaranteed to be all in one mbuf) is returned.
158 m_pad(struct mbuf *m, int n)
160 INIT_VNET_IPSEC(curvnet);
161 register struct mbuf *m0, *m1;
162 register int len, pad;
165 if (n <= 0) { /* No stupid arguments. */
166 DPRINTF(("%s: pad length invalid (%d)\n", __func__, n));
171 len = m->m_pkthdr.len;
175 while (m0->m_len < len) {
180 if (m0->m_len != len) {
181 DPRINTF(("%s: length mismatch (should be %d instead of %d)\n",
182 __func__, m->m_pkthdr.len,
183 m->m_pkthdr.len + m0->m_len - len));
189 /* Check for zero-length trailing mbufs, and find the last one. */
190 for (m1 = m0; m1->m_next; m1 = m1->m_next) {
191 if (m1->m_next->m_len != 0) {
192 DPRINTF(("%s: length mismatch (should be %d instead "
193 "of %d)\n", __func__,
195 m->m_pkthdr.len + m1->m_next->m_len));
204 if (pad > M_TRAILINGSPACE(m0)) {
205 /* Add an mbuf to the chain. */
206 MGET(m1, M_DONTWAIT, MT_DATA);
209 DPRINTF(("%s: unable to get extra mbuf\n", __func__));
218 retval = m0->m_data + m0->m_len;
220 m->m_pkthdr.len += pad;
226 * Remove hlen data at offset skip in the packet. This is used by
227 * the protocols strip protocol headers and associated data (e.g. IV,
228 * authenticator) on input.
231 m_striphdr(struct mbuf *m, int skip, int hlen)
233 INIT_VNET_IPSEC(curvnet);
237 /* Find beginning of header */
238 m1 = m_getptr(m, skip, &roff);
242 /* Remove the header and associated data from the mbuf. */
244 /* The header was at the beginning of the mbuf */
245 V_ipsec4stat.ips_input_front++;
247 if ((m1->m_flags & M_PKTHDR) == 0)
248 m->m_pkthdr.len -= hlen;
249 } else if (roff + hlen >= m1->m_len) {
253 * Part or all of the header is at the end of this mbuf,
254 * so first let's remove the remainder of the header from
255 * the beginning of the remainder of the mbuf chain, if any.
257 V_ipsec4stat.ips_input_end++;
258 if (roff + hlen > m1->m_len) {
259 /* Adjust the next mbuf by the remainder */
260 m_adj(m1->m_next, roff + hlen - m1->m_len);
262 /* The second mbuf is guaranteed not to have a pkthdr... */
263 m->m_pkthdr.len -= (roff + hlen - m1->m_len);
266 /* Now, let's unlink the mbuf chain for a second...*/
270 /* ...and trim the end of the first part of the chain...sick */
271 m_adj(m1, -(m1->m_len - roff));
272 if ((m1->m_flags & M_PKTHDR) == 0)
273 m->m_pkthdr.len -= (m1->m_len - roff);
275 /* Finally, let's relink */
279 * The header lies in the "middle" of the mbuf; copy
280 * the remainder of the mbuf down over the header.
282 V_ipsec4stat.ips_input_middle++;
283 bcopy(mtod(m1, u_char *) + roff + hlen,
284 mtod(m1, u_char *) + roff,
285 m1->m_len - (roff + hlen));
287 m->m_pkthdr.len -= hlen;
293 * Diagnostic routine to check mbuf alignment as required by the
294 * crypto device drivers (that use DMA).
297 m_checkalignment(const char* where, struct mbuf *m0, int off, int len)
300 struct mbuf *m = m_getptr(m0, off, &roff);
305 printf("%s (off %u len %u): ", where, off, len);
306 addr = mtod(m, caddr_t) + roff;
310 if (((uintptr_t) addr) & 3) {
311 printf("addr misaligned %p,", addr);
318 if (len && (mlen & 3)) {
319 printf("len mismatch %u,", mlen);
323 addr = m ? mtod(m, caddr_t) : NULL;
324 } while (m && len > 0);
325 for (m = m0; m; m = m->m_next)
326 printf(" [%p:%u]", mtod(m, caddr_t), m->m_len);