rtems/rtems-libbsd
1
0
Fork 0
mirror of https://git.rtems.org/rtems-libbsd/ synced 2025-07-23 06:52:37 +08:00
Code Issues Packages Projects Releases Wiki Activity

Remove unused files

Browse Source 
Files moved in FreeBSD to "sys/netpfil/ipfw".
This commit is contained in:
Sebastian Huber 2016-06-09 14:38:31 +02:00
parent 1bb23f0889
commit 17232fe551
19 changed files with 0 additions and 14007 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

552
freebsd/sys/netinet/ipfw/dn_heap.c
View File

@ -1,552 +0,0 @@
#include <machine/rtems-bsd-kernel-space.h>
/*-
* Copyright (c) 1998-2002,2010 Luigi Rizzo, Universita` di Pisa
* All rights reserved
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
/*
* Binary heap and hash tables, used in dummynet
*
* $FreeBSD$
*/
#include <sys/cdefs.h>
#include <rtems/bsd/sys/param.h>
#ifdef _KERNEL
__FBSDID("$FreeBSD$");
#include <sys/systm.h>
#include <sys/malloc.h>
#include <sys/kernel.h>
#include <netinet/ipfw/dn_heap.h>
#ifndef log
#define log(x, arg...)
#endif
#else /* !_KERNEL */
#include <stdio.h>
#include <dn_test.h>
#include <strings.h>
#include <stdlib.h>
#include "dn_heap.h"
#define log(x, arg...) fprintf(stderr, ## arg)
#define panic(x...) fprintf(stderr, ## x), exit(1)
#define MALLOC_DEFINE(a, b, c)
static void *my_malloc(int s) { return malloc(s); }
static void my_free(void *p) { free(p); }
#define malloc(s, t, w) my_malloc(s)
#define free(p, t) my_free(p)
#endif /* !_KERNEL */
MALLOC_DEFINE(M_DN_HEAP, "dummynet", "dummynet heap");
/*
* Heap management functions.
*
* In the heap, first node is element 0. Children of i are 2i+1 and 2i+2.
* Some macros help finding parent/children so we can optimize them.
*
* heap_init() is called to expand the heap when needed.
* Increment size in blocks of 16 entries.
* Returns 1 on error, 0 on success
*/
#define HEAP_FATHER(x) ( ( (x) - 1 ) / 2 )
#define HEAP_LEFT(x) ( (x)+(x) + 1 )
#define HEAP_SWAP(a, b, buffer) { buffer = a ; a = b ; b = buffer ; }
#define HEAP_INCREMENT 15
static int
heap_resize(struct dn_heap *h, unsigned int new_size)
{
struct dn_heap_entry *p;
if (h->size >= new_size ) /* have enough room */
return 0;
#if 1 /* round to the next power of 2 */
new_size |= new_size >> 1;
new_size |= new_size >> 2;
new_size |= new_size >> 4;
new_size |= new_size >> 8;
new_size |= new_size >> 16;
#else
new_size = (new_size + HEAP_INCREMENT ) & ~HEAP_INCREMENT;
#endif
p = malloc(new_size * sizeof(*p), M_DN_HEAP, M_NOWAIT);
if (p == NULL) {
printf("--- %s, resize %d failed\n", __func__, new_size );
return 1; /* error */
}
if (h->size > 0) {
bcopy(h->p, p, h->size * sizeof(*p) );
free(h->p, M_DN_HEAP);
}
h->p = p;
h->size = new_size;
return 0;
}
int
heap_init(struct dn_heap *h, int size, int ofs)
{
if (heap_resize(h, size))
return 1;
h->elements = 0;
h->ofs = ofs;
return 0;
}
/*
* Insert element in heap. Normally, p != NULL, we insert p in
* a new position and bubble up. If p == NULL, then the element is
* already in place, and key is the position where to start the
* bubble-up.
* Returns 1 on failure (cannot allocate new heap entry)
*
* If ofs > 0 the position (index, int) of the element in the heap is
* also stored in the element itself at the given offset in bytes.
*/
#define SET_OFFSET(h, i) do { \
if (h->ofs > 0) \
*((int32_t *)((char *)(h->p[i].object) + h->ofs)) = i; \
} while (0)
/*
* RESET_OFFSET is used for sanity checks. It sets ofs
* to an invalid value.
*/
#define RESET_OFFSET(h, i) do { \
if (h->ofs > 0) \
*((int32_t *)((char *)(h->p[i].object) + h->ofs)) = -16; \
} while (0)
int
heap_insert(struct dn_heap *h, uint64_t key1, void *p)
{
int son = h->elements;
//log("%s key %llu p %p\n", __FUNCTION__, key1, p);
if (p == NULL) { /* data already there, set starting point */
son = key1;
} else { /* insert new element at the end, possibly resize */
son = h->elements;
if (son == h->size) /* need resize... */
// XXX expand by 16 or so
if (heap_resize(h, h->elements+16) )
return 1; /* failure... */
h->p[son].object = p;
h->p[son].key = key1;
h->elements++;
}
/* make sure that son >= father along the path */
while (son > 0) {
int father = HEAP_FATHER(son);
struct dn_heap_entry tmp;
if (DN_KEY_LT( h->p[father].key, h->p[son].key ) )
break; /* found right position */
/* son smaller than father, swap and repeat */
HEAP_SWAP(h->p[son], h->p[father], tmp);
SET_OFFSET(h, son);
son = father;
}
SET_OFFSET(h, son);
return 0;
}
/*
* remove top element from heap, or obj if obj != NULL
*/
void
heap_extract(struct dn_heap *h, void *obj)
{
int child, father, max = h->elements - 1;
if (max < 0) {
printf("--- %s: empty heap 0x%p\n", __FUNCTION__, h);
return;
}
if (obj == NULL)
father = 0; /* default: move up smallest child */
else { /* extract specific element, index is at offset */
if (h->ofs <= 0)
panic("%s: extract from middle not set on %p\n",
__FUNCTION__, h);
father = *((int *)((char *)obj + h->ofs));
if (father < 0 || father >= h->elements) {
panic("%s: father %d out of bound 0..%d\n",
__FUNCTION__, father, h->elements);
}
}
/*
* below, father is the index of the empty element, which
* we replace at each step with the smallest child until we
* reach the bottom level.
*/
// XXX why removing RESET_OFFSET increases runtime by 10% ?
RESET_OFFSET(h, father);
while ( (child = HEAP_LEFT(father)) <= max ) {
if (child != max &&
DN_KEY_LT(h->p[child+1].key, h->p[child].key) )
child++; /* take right child, otherwise left */
h->p[father] = h->p[child];
SET_OFFSET(h, father);
father = child;
}
h->elements--;
if (father != max) {
/*
* Fill hole with last entry and bubble up,
* reusing the insert code
*/
h->p[father] = h->p[max];
heap_insert(h, father, NULL);
}
}
#if 0
/*
* change object position and update references
* XXX this one is never used!
*/
static void
heap_move(struct dn_heap *h, uint64_t new_key, void *object)
{
int temp, i, max = h->elements-1;
struct dn_heap_entry *p, buf;
if (h->ofs <= 0)
panic("cannot move items on this heap");
p = h->p; /* shortcut */
i = *((int *)((char *)object + h->ofs));
if (DN_KEY_LT(new_key, p[i].key) ) { /* must move up */
p[i].key = new_key;
for (; i>0 &&
DN_KEY_LT(new_key, p[(temp = HEAP_FATHER(i))].key);
i = temp ) { /* bubble up */
HEAP_SWAP(p[i], p[temp], buf);
SET_OFFSET(h, i);
}
} else { /* must move down */
p[i].key = new_key;
while ( (temp = HEAP_LEFT(i)) <= max ) {
/* found left child */
if (temp != max &&
DN_KEY_LT(p[temp+1].key, p[temp].key))
temp++; /* select child with min key */
if (DN_KEY_LT(>p[temp].key, new_key)) {
/* go down */
HEAP_SWAP(p[i], p[temp], buf);
SET_OFFSET(h, i);
} else
break;
i = temp;
}
}
SET_OFFSET(h, i);
}
#endif /* heap_move, unused */
/*
* heapify() will reorganize data inside an array to maintain the
* heap property. It is needed when we delete a bunch of entries.
*/
static void
heapify(struct dn_heap *h)
{
int i;
for (i = 0; i < h->elements; i++ )
heap_insert(h, i , NULL);
}
int
heap_scan(struct dn_heap *h, int (*fn)(void *, uintptr_t),
uintptr_t arg)
{
int i, ret, found;
for (i = found = 0 ; i < h->elements ;) {
ret = fn(h->p[i].object, arg);
if (ret & HEAP_SCAN_DEL) {
h->elements-- ;
h->p[i] = h->p[h->elements] ;
found++ ;
} else
i++ ;
if (ret & HEAP_SCAN_END)
break;
}
if (found)
heapify(h);
return found;
}
/*
* cleanup the heap and free data structure
*/
void
heap_free(struct dn_heap *h)
{
if (h->size >0 )
free(h->p, M_DN_HEAP);
bzero(h, sizeof(*h) );
}
/*
* hash table support.
*/
struct dn_ht {
int buckets; /* how many buckets, really buckets - 1*/
int entries; /* how many entries */
int ofs; /* offset of link field */
uint32_t (*hash)(uintptr_t, int, void *arg);
int (*match)(void *_el, uintptr_t key, int, void *);
void *(*newh)(uintptr_t, int, void *);
void **ht; /* bucket heads */
};
/*
* Initialize, allocating bucket pointers inline.
* Recycle previous record if possible.
* If the 'newh' function is not supplied, we assume that the
* key passed to ht_find is the same object to be stored in.
*/
struct dn_ht *
dn_ht_init(struct dn_ht *ht, int buckets, int ofs,
uint32_t (*h)(uintptr_t, int, void *),
int (*match)(void *, uintptr_t, int, void *),
void *(*newh)(uintptr_t, int, void *))
{
int l;
/*
* Notes about rounding bucket size to a power of two.
* Given the original bucket size, we compute the nearest lower and
* higher power of two, minus 1 (respectively b_min and b_max) because
* this value will be used to do an AND with the index returned
* by hash function.
* To choice between these two values, the original bucket size is
* compared with b_min. If the original size is greater than 4/3 b_min,
* we round the bucket size to b_max, else to b_min.
* This ratio try to round to the nearest power of two, advantaging
* the greater size if the different between two power is relatively
* big.
* Rounding the bucket size to a power of two avoid the use of
* module when calculating the correct bucket.
* The ht->buckets variable store the bucket size - 1 to simply
* do an AND between the index returned by hash function and ht->bucket
* instead of a module.
*/
int b_min; /* min buckets */
int b_max; /* max buckets */
int b_ori; /* original buckets */
if (h == NULL || match == NULL) {
printf("--- missing hash or match function");
return NULL;
}
if (buckets < 1 || buckets > 65536)
return NULL;
b_ori = buckets;
/* calculate next power of 2, - 1*/
buckets |= buckets >> 1;
buckets |= buckets >> 2;
buckets |= buckets >> 4;
buckets |= buckets >> 8;
buckets |= buckets >> 16;
b_max = buckets; /* Next power */
b_min = buckets >> 1; /* Previous power */
/* Calculate the 'nearest' bucket size */
if (b_min * 4000 / 3000 < b_ori)
buckets = b_max;
else
buckets = b_min;
if (ht) { /* see if we can reuse */
if (buckets <= ht->buckets) {
ht->buckets = buckets;
} else {
/* free pointers if not allocated inline */
if (ht->ht != (void *)(ht + 1))
free(ht->ht, M_DN_HEAP);
free(ht, M_DN_HEAP);
ht = NULL;
}
}
if (ht == NULL) {
/* Allocate buckets + 1 entries because buckets is use to
* do the AND with the index returned by hash function
*/
l = sizeof(*ht) + (buckets + 1) * sizeof(void **);
ht = malloc(l, M_DN_HEAP, M_NOWAIT | M_ZERO);
}
if (ht) {
ht->ht = (void **)(ht + 1);
ht->buckets = buckets;
ht->ofs = ofs;
ht->hash = h;
ht->match = match;
ht->newh = newh;
}
return ht;
}
/* dummy callback for dn_ht_free to unlink all */
static int
do_del(void *obj, void *arg)
{
return DNHT_SCAN_DEL;
}
void
dn_ht_free(struct dn_ht *ht, int flags)
{
if (ht == NULL)
return;
if (flags & DNHT_REMOVE) {
(void)dn_ht_scan(ht, do_del, NULL);
} else {
if (ht->ht && ht->ht != (void *)(ht + 1))
free(ht->ht, M_DN_HEAP);
free(ht, M_DN_HEAP);
}
}
int
dn_ht_entries(struct dn_ht *ht)
{
return ht ? ht->entries : 0;
}
/* lookup and optionally create or delete element */
void *
dn_ht_find(struct dn_ht *ht, uintptr_t key, int flags, void *arg)
{
int i;
void **pp, *p;
if (ht == NULL) /* easy on an empty hash */
return NULL;
i = (ht->buckets == 1) ? 0 :
(ht->hash(key, flags, arg) & ht->buckets);
for (pp = &ht->ht[i]; (p = *pp); pp = (void **)((char *)p + ht->ofs)) {
if (flags & DNHT_MATCH_PTR) {
if (key == (uintptr_t)p)
break;
} else if (ht->match(p, key, flags, arg)) /* found match */
break;
}
if (p) {
if (flags & DNHT_REMOVE) {
/* link in the next element */
*pp = *(void **)((char *)p + ht->ofs);
*(void **)((char *)p + ht->ofs) = NULL;
ht->entries--;
}
} else if (flags & DNHT_INSERT) {
// printf("%s before calling new, bucket %d ofs %d\n",
// __FUNCTION__, i, ht->ofs);
p = ht->newh ? ht->newh(key, flags, arg) : (void *)key;
// printf("%s newh returns %p\n", __FUNCTION__, p);
if (p) {
ht->entries++;
*(void **)((char *)p + ht->ofs) = ht->ht[i];
ht->ht[i] = p;
}
}
return p;
}
/*
* do a scan with the option to delete the object. Extract next before
* running the callback because the element may be destroyed there.
*/
int
dn_ht_scan(struct dn_ht *ht, int (*fn)(void *, void *), void *arg)
{
int i, ret, found = 0;
void **curp, *cur, *next;
if (ht == NULL || fn == NULL)
return 0;
for (i = 0; i <= ht->buckets; i++) {
curp = &ht->ht[i];
while ( (cur = *curp) != NULL) {
next = *(void **)((char *)cur + ht->ofs);
ret = fn(cur, arg);
if (ret & DNHT_SCAN_DEL) {
found++;
ht->entries--;
*curp = next;
} else {
curp = (void **)((char *)cur + ht->ofs);
}
if (ret & DNHT_SCAN_END)
return found;
}
}
return found;
}
/*
* Similar to dn_ht_scan(), except thah the scan is performed only
* in the bucket 'bucket'. The function returns a correct bucket number if
* the original is invalid
*/
int
dn_ht_scan_bucket(struct dn_ht *ht, int *bucket, int (*fn)(void *, void *),
void *arg)
{
int i, ret, found = 0;
void **curp, *cur, *next;
if (ht == NULL || fn == NULL)
return 0;
if (*bucket > ht->buckets)
*bucket = 0;
i = *bucket;
curp = &ht->ht[i];
while ( (cur = *curp) != NULL) {
next = *(void **)((char *)cur + ht->ofs);
ret = fn(cur, arg);
if (ret & DNHT_SCAN_DEL) {
found++;
ht->entries--;
*curp = next;
} else {
curp = (void **)((char *)cur + ht->ofs);
}
if (ret & DNHT_SCAN_END)
return found;
}
return found;
}

191
freebsd/sys/netinet/ipfw/dn_heap.h
View File

@ -1,191 +0,0 @@
/*-
* Copyright (c) 1998-2010 Luigi Rizzo, Universita` di Pisa
* All rights reserved
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
/*
* Binary heap and hash tables, header file
*
* $FreeBSD$
*/
#ifndef _IP_DN_HEAP_H
#define _IP_DN_HEAP_H
#define DN_KEY_LT(a,b) ((int64_t)((a)-(b)) < 0)
#define DN_KEY_LEQ(a,b) ((int64_t)((a)-(b)) <= 0)
/*
* This module implements a binary heap supporting random extraction.
*
* A heap entry contains an uint64_t key and a pointer to object.
* DN_KEY_LT(a,b) returns true if key 'a' is smaller than 'b'
*
* The heap is a struct dn_heap plus a dynamically allocated
* array of dn_heap_entry entries. 'size' represents the size of
* the array, 'elements' count entries in use. The topmost
* element has the smallest key.
* The heap supports ordered insert, and extract from the top.
* To extract an object from the middle of the heap, we the object
* must reserve an 'int32_t' to store the position of the object
* in the heap itself, and the location of this field must be
* passed as an argument to heap_init() -- use -1 if the feature
* is not used.
*/
struct dn_heap_entry {
uint64_t key; /* sorting key, smallest comes first */
void *object; /* object pointer */
};
struct dn_heap {
int size; /* the size of the array */
int elements; /* elements in use */
int ofs; /* offset in the object of heap index */
struct dn_heap_entry *p; /* array of "size" entries */
};
enum {
HEAP_SCAN_DEL = 1,
HEAP_SCAN_END = 2,
};
/*
* heap_init() reinitializes the heap setting the size and the offset
* of the index for random extraction (use -1 if not used).
* The 'elements' counter is set to 0.
*
* SET_HEAP_OFS() indicates where, in the object, is stored the index
* for random extractions from the heap.
*
* heap_free() frees the memory associated to a heap.
*
* heap_insert() adds a key-pointer pair to the heap
*
* HEAP_TOP() returns a pointer to the top element of the heap,
* but makes no checks on its existance (XXX should we change ?)
*
* heap_extract() removes the entry at the top, returing the pointer.
* (the key should have been read before).
*
* heap_scan() invokes a callback on each entry of the heap.
* The callback can return a combination of HEAP_SCAN_DEL and
* HEAP_SCAN_END. HEAP_SCAN_DEL means the current element must
* be removed, and HEAP_SCAN_END means to terminate the scan.
* heap_scan() returns the number of elements removed.
* Because the order is not guaranteed, we should use heap_scan()
* only as a last resort mechanism.
*/
#define HEAP_TOP(h) ((h)->p)
#define SET_HEAP_OFS(h, n) do { (h)->ofs = n; } while (0)
int heap_init(struct dn_heap *h, int size, int ofs);
int heap_insert(struct dn_heap *h, uint64_t key1, void *p);
void heap_extract(struct dn_heap *h, void *obj);
void heap_free(struct dn_heap *h);
int heap_scan(struct dn_heap *, int (*)(void *, uintptr_t), uintptr_t);
/*------------------------------------------------------
* This module implements a generic hash table with support for
* running callbacks on the entire table. To avoid allocating
* memory during hash table operations, objects must reserve
* space for a link field. XXX if the heap is moderately full,
* an SLIST suffices, and we can tolerate the cost of a hash
* computation on each removal.
*
* dn_ht_init() initializes the table, setting the number of
* buckets, the offset of the link field, the main callbacks.
* Callbacks are:
*
* hash(key, flags, arg) called to return a bucket index.
* match(obj, key, flags, arg) called to determine if key
* matches the current 'obj' in the heap
* newh(key, flags, arg) optional, used to allocate a new
* object during insertions.
*
* dn_ht_free() frees the heap or unlink elements.
* DNHT_REMOVE unlink elements, 0 frees the heap.
* You need two calls to do both.
*
* dn_ht_find() is the main lookup function, which can also be
* used to insert or delete elements in the hash table.
* The final 'arg' is passed to all callbacks.
*
* dn_ht_scan() is used to invoke a callback on all entries of
* the heap, or possibly on just one bucket. The callback
* is invoked with a pointer to the object, and must return
* one of DNHT_SCAN_DEL or DNHT_SCAN_END to request the
* removal of the object from the heap and the end of the
* scan, respectively.
*
* dn_ht_scan_bucket() is similar to dn_ht_scan(), except that it scans
* only the specific bucket of the table. The bucket is a in-out
* parameter and return a valid bucket number if the original
* is invalid.
*
* A combination of flags can be used to modify the operation
* of the dn_ht_find(), and of the callbacks:
*
* DNHT_KEY_IS_OBJ means the key is the object pointer.
* It is usally of interest for the hash and match functions.
*
* DNHT_MATCH_PTR during a lookup, match pointers instead
* of calling match(). Normally used when removing specific
* entries. Does not imply KEY_IS_OBJ as the latter _is_ used
* by the match function.
*
* DNHT_INSERT insert the element if not found.
* Calls new() to allocates a new object unless
* DNHT_KEY_IS_OBJ is set.
*
* DNHT_UNIQUE only insert if object not found.
* XXX should it imply DNHT_INSERT ?
*
* DNHT_REMOVE remove objects if we find them.
*/
struct dn_ht; /* should be opaque */
struct dn_ht *dn_ht_init(struct dn_ht *, int buckets, int ofs,
uint32_t (*hash)(uintptr_t, int, void *),
int (*match)(void *, uintptr_t, int, void *),
void *(*newh)(uintptr_t, int, void *));
void dn_ht_free(struct dn_ht *, int flags);
void *dn_ht_find(struct dn_ht *, uintptr_t, int, void *);
int dn_ht_scan(struct dn_ht *, int (*)(void *, void *), void *);
int dn_ht_scan_bucket(struct dn_ht *, int * , int (*)(void *, void *), void *);
int dn_ht_entries(struct dn_ht *);
enum { /* flags values.
* first two are returned by the scan callback to indicate
* to delete the matching element or to end the scan
*/
DNHT_SCAN_DEL = 0x0001,
DNHT_SCAN_END = 0x0002,
DNHT_KEY_IS_OBJ = 0x0004, /* key is the obj pointer */
DNHT_MATCH_PTR = 0x0008, /* match by pointer, not match() */
DNHT_INSERT = 0x0010, /* insert if not found */
DNHT_UNIQUE = 0x0020, /* report error if already there */
DNHT_REMOVE = 0x0040, /* remove on find or dn_ht_free */
};
#endif /* _IP_DN_HEAP_H */

189
freebsd/sys/netinet/ipfw/dn_sched.h
View File

@ -1,189 +0,0 @@
/*
* Copyright (c) 2010 Riccardo Panicucci, Luigi Rizzo, Universita` di Pisa
* All rights reserved
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
/*
* The API to write a packet scheduling algorithm for dummynet.
*
* $FreeBSD$
*/
#ifndef _DN_SCHED_H
#define _DN_SCHED_H
#define DN_MULTIQUEUE 0x01
/*
* Descriptor for a scheduling algorithm.
* Contains all function pointers for a given scheduler
* This is typically created when a module is loaded, and stored
* in a global list of schedulers.
*/
struct dn_alg {
uint32_t type; /* the scheduler type */
const char *name; /* scheduler name */
uint32_t flags; /* DN_MULTIQUEUE if supports multiple queues */
/*
* The following define the size of 3 optional data structures
* that may need to be allocated at runtime, and are appended
* to each of the base data structures: scheduler, sched.inst,
* and queue. We don't have a per-flowset structure.
*/
/* + parameters attached to the template, e.g.
* default queue sizes, weights, quantum size, and so on;
*/
size_t schk_datalen;
/* + per-instance parameters, such as timestamps,
* containers for queues, etc;
*/
size_t si_datalen;
size_t q_datalen; /* per-queue parameters (e.g. S,F) */
/*
* Methods implemented by the scheduler:
* enqueue enqueue packet 'm' on scheduler 's', queue 'q'.
* q is NULL for !MULTIQUEUE.
* Return 0 on success, 1 on drop (packet consumed anyways).
* Note that q should be interpreted only as a hint
* on the flow that the mbuf belongs to: while a
* scheduler will normally enqueue m into q, it is ok
* to leave q alone and put the mbuf elsewhere.
* This function is called in two cases:
* - when a new packet arrives to the scheduler;
* - when a scheduler is reconfigured. In this case the
* call is issued by the new_queue callback, with a
* non empty queue (q) and m pointing to the first
* mbuf in the queue. For this reason, the function
* should internally check for (m != q->mq.head)
* before calling dn_enqueue().
*
* dequeue Called when scheduler instance 's' can
* dequeue a packet. Return NULL if none are available.
* XXX what about non work-conserving ?
*
* config called on 'sched X config ...', normally writes
* in the area of size sch_arg
*
* destroy called on 'sched delete', frees everything
* in sch_arg (other parts are handled by more specific
* functions)
*
* new_sched called when a new instance is created, e.g.
* to create the local queue for !MULTIQUEUE, set V or
* copy parameters for WFQ, and so on.
*
* free_sched called when deleting an instance, cleans
* extra data in the per-instance area.
*
* new_fsk called when a flowset is linked to a scheduler,
* e.g. to validate parameters such as weights etc.
* free_fsk when a flowset is unlinked from a scheduler.
* (probably unnecessary)
*
* new_queue called to set the per-queue parameters,
* e.g. S and F, adjust sum of weights in the parent, etc.
*
* The new_queue callback is normally called from when
* creating a new queue. In some cases (such as a
* scheduler change or reconfiguration) it can be called
* with a non empty queue. In this case, the queue
* In case of non empty queue, the new_queue callback could
* need to call the enqueue function. In this case,
* the callback should eventually call enqueue() passing
* as m the first element in the queue.
*
* free_queue actions related to a queue removal, e.g. undo
* all the above. If the queue has data in it, also remove
* from the scheduler. This can e.g. happen during a reconfigure.
*/
int (*enqueue)(struct dn_sch_inst *, struct dn_queue *,
struct mbuf *);
struct mbuf * (*dequeue)(struct dn_sch_inst *);
int (*config)(struct dn_schk *);
int (*destroy)(struct dn_schk*);
int (*new_sched)(struct dn_sch_inst *);
int (*free_sched)(struct dn_sch_inst *);
int (*new_fsk)(struct dn_fsk *f);
int (*free_fsk)(struct dn_fsk *f);
int (*new_queue)(struct dn_queue *q);
int (*free_queue)(struct dn_queue *q);
/* run-time fields */
int ref_count; /* XXX number of instances in the system */
SLIST_ENTRY(dn_alg) next; /* Next scheduler in the list */
};
/* MSVC does not support initializers so we need this ugly macro */
#ifdef _WIN32
#define _SI(fld)
#else
#define _SI(fld) fld
#endif
/*
* Additionally, dummynet exports some functions and macros
* to be used by schedulers:
*/
void dn_free_pkts(struct mbuf *mnext);
int dn_enqueue(struct dn_queue *q, struct mbuf* m, int drop);
/* bound a variable between min and max */
int ipdn_bound_var(int *v, int dflt, int lo, int hi, const char *msg);
/*
* Extract the head of a queue, update stats. Must be the very last
* thing done on a dequeue as the queue itself may go away.
*/
static __inline struct mbuf*
dn_dequeue(struct dn_queue *q)
{
struct mbuf *m = q->mq.head;
if (m == NULL)
return NULL;
q->mq.head = m->m_nextpkt;
q->ni.length--;
q->ni.len_bytes -= m->m_pkthdr.len;
if (q->_si) {
q->_si->ni.length--;
q->_si->ni.len_bytes -= m->m_pkthdr.len;
}
if (q->ni.length == 0) /* queue is now idle */
q->q_time = dn_cfg.curr_time;
return m;
}
int dn_sched_modevent(module_t mod, int cmd, void *arg);
#define DECLARE_DNSCHED_MODULE(name, dnsched) \
static moduledata_t name##_mod = { \
#name, dn_sched_modevent, dnsched \
}; \
DECLARE_MODULE(name, name##_mod, \
SI_SUB_PROTO_IFATTACHDOMAIN, SI_ORDER_ANY); \
MODULE_DEPEND(name, dummynet, 3, 3, 3);
#endif /* _DN_SCHED_H */

122
freebsd/sys/netinet/ipfw/dn_sched_fifo.c
View File

@ -1,122 +0,0 @@
#include <machine/rtems-bsd-kernel-space.h>
/*
* Copyright (c) 2010 Riccardo Panicucci, Universita` di Pisa
* All rights reserved
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
/*
* $FreeBSD$
*/
#ifdef _KERNEL
#include <sys/malloc.h>
#include <sys/socket.h>
#include <sys/socketvar.h>
#include <sys/kernel.h>
#include <sys/mbuf.h>
#include <sys/module.h>
#include <net/if.h> /* IFNAMSIZ */
#include <netinet/in.h>
#include <netinet/ip_var.h> /* ipfw_rule_ref */
#include <netinet/ip_fw.h> /* flow_id */
#include <netinet/ip_dummynet.h>
#include <netinet/ipfw/dn_heap.h>
#include <netinet/ipfw/ip_dn_private.h>
#include <netinet/ipfw/dn_sched.h>
#else
#include <dn_test.h>
#endif
/*
* This file implements a FIFO scheduler for a single queue.
* The queue is allocated as part of the scheduler instance,
* and there is a single flowset is in the template which stores
* queue size and policy.
* Enqueue and dequeue use the default library functions.
*/
static int
fifo_enqueue(struct dn_sch_inst *si, struct dn_queue *q, struct mbuf *m)
{
/* XXX if called with q != NULL and m=NULL, this is a
* re-enqueue from an existing scheduler, which we should
* handle.
*/
return dn_enqueue((struct dn_queue *)(si+1), m, 0);
}
static struct mbuf *
fifo_dequeue(struct dn_sch_inst *si)
{
return dn_dequeue((struct dn_queue *)(si + 1));
}
static int
fifo_new_sched(struct dn_sch_inst *si)
{
/* This scheduler instance contains the queue */
struct dn_queue *q = (struct dn_queue *)(si + 1);
set_oid(&q->ni.oid, DN_QUEUE, sizeof(*q));
q->_si = si;
q->fs = si->sched->fs;
return 0;
}
static int
fifo_free_sched(struct dn_sch_inst *si)
{
struct dn_queue *q = (struct dn_queue *)(si + 1);
dn_free_pkts(q->mq.head);
bzero(q, sizeof(*q));
return 0;
}
/*
* FIFO scheduler descriptor
* contains the type of the scheduler, the name, the size of extra
* data structures, and function pointers.
*/
static struct dn_alg fifo_desc = {
_SI( .type = ) DN_SCHED_FIFO,
_SI( .name = ) "FIFO",
_SI( .flags = ) 0,
_SI( .schk_datalen = ) 0,
_SI( .si_datalen = ) sizeof(struct dn_queue),
_SI( .q_datalen = ) 0,
_SI( .enqueue = ) fifo_enqueue,
_SI( .dequeue = ) fifo_dequeue,
_SI( .config = ) NULL,
_SI( .destroy = ) NULL,
_SI( .new_sched = ) fifo_new_sched,
_SI( .free_sched = ) fifo_free_sched,
_SI( .new_fsk = ) NULL,
_SI( .free_fsk = ) NULL,
_SI( .new_queue = ) NULL,
_SI( .free_queue = ) NULL,
};
DECLARE_DNSCHED_MODULE(dn_fifo, &fifo_desc);

231
freebsd/sys/netinet/ipfw/dn_sched_prio.c
View File

@ -1,231 +0,0 @@
#include <machine/rtems-bsd-kernel-space.h>
/*
* Copyright (c) 2010 Riccardo Panicucci, Universita` di Pisa
* All rights reserved
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
/*
* $FreeBSD$
*/
#ifdef _KERNEL
#include <sys/malloc.h>
#include <sys/socket.h>
#include <sys/socketvar.h>
#include <sys/kernel.h>
#include <sys/mbuf.h>
#include <sys/module.h>
#include <net/if.h> /* IFNAMSIZ */
#include <netinet/in.h>
#include <netinet/ip_var.h> /* ipfw_rule_ref */
#include <netinet/ip_fw.h> /* flow_id */
#include <netinet/ip_dummynet.h>
#include <netinet/ipfw/dn_heap.h>
#include <netinet/ipfw/ip_dn_private.h>
#include <netinet/ipfw/dn_sched.h>
#else
#include <dn_test.h>
#endif
#define DN_SCHED_PRIO 5 //XXX
#if !defined(_KERNEL) || !defined(__linux__)
#define test_bit(ix, pData) ((*pData) & (1<<(ix)))
#define __set_bit(ix, pData) (*pData) |= (1<<(ix))
#define __clear_bit(ix, pData) (*pData) &= ~(1<<(ix))
#endif
#ifdef __MIPSEL__
#define __clear_bit(ix, pData) (*pData) &= ~(1<<(ix))
#endif
/* Size of the array of queues pointers. */
#define BITMAP_T unsigned long
#define MAXPRIO (sizeof(BITMAP_T) * 8)
/*
* The scheduler instance contains an array of pointers to queues,
* one for each priority, and a bitmap listing backlogged queues.
*/
struct prio_si {
BITMAP_T bitmap; /* array bitmap */
struct dn_queue *q_array[MAXPRIO]; /* Array of queues pointers */
};
/*
* If a queue with the same priority is already backlogged, use
* that one instead of the queue passed as argument.
*/
static int
prio_enqueue(struct dn_sch_inst *_si, struct dn_queue *q, struct mbuf *m)
{
struct prio_si *si = (struct prio_si *)(_si + 1);
int prio = q->fs->fs.par[0];
if (test_bit(prio, &si->bitmap) == 0) {
/* No queue with this priority, insert */
__set_bit(prio, &si->bitmap);
si->q_array[prio] = q;
} else { /* use the existing queue */
q = si->q_array[prio];
}
if (dn_enqueue(q, m, 0))
return 1;
return 0;
}
/*
* Packets are dequeued only from the highest priority queue.
* The function ffs() return the lowest bit in the bitmap that rapresent
* the array index (-1) which contains the pointer to the highest priority
* queue.
* After the dequeue, if this queue become empty, it is index is removed
* from the bitmap.
* Scheduler is idle if the bitmap is empty
*
* NOTE: highest priority is 0, lowest is sched->max_prio_q
*/
static struct mbuf *
prio_dequeue(struct dn_sch_inst *_si)
{
struct prio_si *si = (struct prio_si *)(_si + 1);
struct mbuf *m;
struct dn_queue *q;
int prio;
if (si->bitmap == 0) /* scheduler idle */
return NULL;
prio = ffs(si->bitmap) - 1;
/* Take the highest priority queue in the scheduler */
q = si->q_array[prio];
// assert(q)
m = dn_dequeue(q);
if (q->mq.head == NULL) {
/* Queue is now empty, remove from scheduler
* and mark it
*/
si->q_array[prio] = NULL;
__clear_bit(prio, &si->bitmap);
}
return m;
}
static int
prio_new_sched(struct dn_sch_inst *_si)
{
struct prio_si *si = (struct prio_si *)(_si + 1);
bzero(si->q_array, sizeof(si->q_array));
si->bitmap = 0;
return 0;
}
static int
prio_new_fsk(struct dn_fsk *fs)
{
/* Check if the prioritiy is between 0 and MAXPRIO-1 */
ipdn_bound_var(&fs->fs.par[0], 0, 0, MAXPRIO - 1, "PRIO priority");
return 0;
}
static int
prio_new_queue(struct dn_queue *q)
{
struct prio_si *si = (struct prio_si *)(q->_si + 1);
int prio = q->fs->fs.par[0];
struct dn_queue *oldq;
q->ni.oid.subtype = DN_SCHED_PRIO;
if (q->mq.head == NULL)
return 0;
/* Queue already full, must insert in the scheduler or append
* mbufs to existing queue. This partly duplicates prio_enqueue
*/
if (test_bit(prio, &si->bitmap) == 0) {
/* No queue with this priority, insert */
__set_bit(prio, &si->bitmap);
si->q_array[prio] = q;
} else if ( (oldq = si->q_array[prio]) != q) {
/* must append to the existing queue.
* can simply append q->mq.head to q2->...
* and add the counters to those of q2
*/
oldq->mq.tail->m_nextpkt = q->mq.head;
oldq->mq.tail = q->mq.tail;
oldq->ni.length += q->ni.length;
q->ni.length = 0;
oldq->ni.len_bytes += q->ni.len_bytes;
q->ni.len_bytes = 0;
q->mq.tail = q->mq.head = NULL;
}
return 0;
}
static int
prio_free_queue(struct dn_queue *q)
{
int prio = q->fs->fs.par[0];
struct prio_si *si = (struct prio_si *)(q->_si + 1);
if (si->q_array[prio] == q) {
si->q_array[prio] = NULL;
__clear_bit(prio, &si->bitmap);
}
return 0;
}
static struct dn_alg prio_desc = {
_SI( .type = ) DN_SCHED_PRIO,
_SI( .name = ) "PRIO",
_SI( .flags = ) DN_MULTIQUEUE,
/* we need extra space in the si and the queue */
_SI( .schk_datalen = ) 0,
_SI( .si_datalen = ) sizeof(struct prio_si),
_SI( .q_datalen = ) 0,
_SI( .enqueue = ) prio_enqueue,
_SI( .dequeue = ) prio_dequeue,
_SI( .config = ) NULL,
_SI( .destroy = ) NULL,
_SI( .new_sched = ) prio_new_sched,
_SI( .free_sched = ) NULL,
_SI( .new_fsk = ) prio_new_fsk,
_SI( .free_fsk = ) NULL,
_SI( .new_queue = ) prio_new_queue,
_SI( .free_queue = ) prio_free_queue,
};
DECLARE_DNSCHED_MODULE(dn_prio, &prio_desc);

866
freebsd/sys/netinet/ipfw/dn_sched_qfq.c
View File

@ -1,866 +0,0 @@
#include <machine/rtems-bsd-kernel-space.h>
/*
* Copyright (c) 2010 Fabio Checconi, Luigi Rizzo, Paolo Valente
* All rights reserved
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
/*
* $FreeBSD$
*/
#ifdef _KERNEL
#include <sys/malloc.h>
#include <sys/socket.h>
#include <sys/socketvar.h>
#include <sys/kernel.h>
#include <sys/mbuf.h>
#include <sys/module.h>
#include <net/if.h> /* IFNAMSIZ */
#include <netinet/in.h>
#include <netinet/ip_var.h> /* ipfw_rule_ref */
#include <netinet/ip_fw.h> /* flow_id */
#include <netinet/ip_dummynet.h>
#include <netinet/ipfw/dn_heap.h>
#include <netinet/ipfw/ip_dn_private.h>
#include <netinet/ipfw/dn_sched.h>
#else
#include <dn_test.h>
#endif
#ifdef QFQ_DEBUG
struct qfq_sched;
static void dump_sched(struct qfq_sched *q, const char *msg);
#define NO(x) x
#else
#define NO(x)
#endif
#define DN_SCHED_QFQ 4 // XXX Where?
typedef unsigned long bitmap;
/*
* bitmaps ops are critical. Some linux versions have __fls
* and the bitmap ops. Some machines have ffs
*/
#if defined(_WIN32)
int fls(unsigned int n)
{
int i = 0;
for (i = 0; n > 0; n >>= 1, i++)
;
return i;
}
#endif
#if !defined(_KERNEL) || defined( __FreeBSD__ ) || defined(_WIN32)
static inline unsigned long __fls(unsigned long word)
{
return fls(word) - 1;
}
#endif
#if !defined(_KERNEL) || !defined(__linux__)
#ifdef QFQ_DEBUG
int test_bit(int ix, bitmap *p)
{
if (ix < 0 || ix > 31)
D("bad index %d", ix);
return *p & (1<<ix);
}
void __set_bit(int ix, bitmap *p)
{
if (ix < 0 || ix > 31)
D("bad index %d", ix);
*p |= (1<<ix);
}
void __clear_bit(int ix, bitmap *p)
{
if (ix < 0 || ix > 31)
D("bad index %d", ix);
*p &= ~(1<<ix);
}
#else /* !QFQ_DEBUG */
/* XXX do we have fast version, or leave it to the compiler ? */
#define test_bit(ix, pData) ((*pData) & (1<<(ix)))
#define __set_bit(ix, pData) (*pData) |= (1<<(ix))
#define __clear_bit(ix, pData) (*pData) &= ~(1<<(ix))
#endif /* !QFQ_DEBUG */
#endif /* !__linux__ */
#ifdef __MIPSEL__
#define __clear_bit(ix, pData) (*pData) &= ~(1<<(ix))
#endif
/*-------------------------------------------*/
/*
Virtual time computations.
S, F and V are all computed in fixed point arithmetic with
FRAC_BITS decimal bits.
QFQ_MAX_INDEX is the maximum index allowed for a group. We need
one bit per index.
QFQ_MAX_WSHIFT is the maximum power of two supported as a weight.
The layout of the bits is as below:
[ MTU_SHIFT ][ FRAC_BITS ]
[ MAX_INDEX ][ MIN_SLOT_SHIFT ]
^.__grp->index = 0
*.__grp->slot_shift
where MIN_SLOT_SHIFT is derived by difference from the others.
The max group index corresponds to Lmax/w_min, where
Lmax=1<<MTU_SHIFT, w_min = 1 .
From this, and knowing how many groups (MAX_INDEX) we want,
we can derive the shift corresponding to each group.
Because we often need to compute
F = S + len/w_i and V = V + len/wsum
instead of storing w_i store the value
inv_w = (1<<FRAC_BITS)/w_i
so we can do F = S + len * inv_w * wsum.
We use W_TOT in the formulas so we can easily move between
static and adaptive weight sum.
The per-scheduler-instance data contain all the data structures
for the scheduler: bitmaps and bucket lists.
*/
/*
* Maximum number of consecutive slots occupied by backlogged classes
* inside a group. This is approx lmax/lmin + 5.
* XXX check because it poses constraints on MAX_INDEX
*/
#define QFQ_MAX_SLOTS 32
/*
* Shifts used for class<->group mapping. Class weights are
* in the range [1, QFQ_MAX_WEIGHT], we to map each class i to the
* group with the smallest index that can support the L_i / r_i
* configured for the class.
*
* grp->index is the index of the group; and grp->slot_shift
* is the shift for the corresponding (scaled) sigma_i.
*
* When computing the group index, we do (len<<FP_SHIFT)/weight,
* then compute an FLS (which is like a log2()), and if the result
* is below the MAX_INDEX region we use 0 (which is the same as
* using a larger len).
*/
#define QFQ_MAX_INDEX 19
#define QFQ_MAX_WSHIFT 16 /* log2(max_weight) */
#define QFQ_MAX_WEIGHT (1<<QFQ_MAX_WSHIFT)
#define QFQ_MAX_WSUM (2*QFQ_MAX_WEIGHT)
//#define IWSUM (q->i_wsum)
#define IWSUM ((1<<FRAC_BITS)/QFQ_MAX_WSUM)
#define FRAC_BITS 30 /* fixed point arithmetic */
#define ONE_FP (1UL << FRAC_BITS)
#define QFQ_MTU_SHIFT 11 /* log2(max_len) */
#define QFQ_MIN_SLOT_SHIFT (FRAC_BITS + QFQ_MTU_SHIFT - QFQ_MAX_INDEX)
/*
* Possible group states, also indexes for the bitmaps array in
* struct qfq_queue. We rely on ER, IR, EB, IB being numbered 0..3
*/
enum qfq_state { ER, IR, EB, IB, QFQ_MAX_STATE };
struct qfq_group;
/*
* additional queue info. Some of this info should come from
* the flowset, we copy them here for faster processing.
* This is an overlay of the struct dn_queue
*/
struct qfq_class {
struct dn_queue _q;
uint64_t S, F; /* flow timestamps (exact) */
struct qfq_class *next; /* Link for the slot list. */
/* group we belong to. In principle we would need the index,
* which is log_2(lmax/weight), but we never reference it
* directly, only the group.
*/
struct qfq_group *grp;
/* these are copied from the flowset. */
uint32_t inv_w; /* ONE_FP/weight */
uint32_t lmax; /* Max packet size for this flow. */
};
/* Group descriptor, see the paper for details.
* Basically this contains the bucket lists
*/
struct qfq_group {
uint64_t S, F; /* group timestamps (approx). */
unsigned int slot_shift; /* Slot shift. */
unsigned int index; /* Group index. */
unsigned int front; /* Index of the front slot. */
bitmap full_slots; /* non-empty slots */
/* Array of lists of active classes. */
struct qfq_class *slots[QFQ_MAX_SLOTS];
};
/* scheduler instance descriptor. */
struct qfq_sched {
uint64_t V; /* Precise virtual time. */
uint32_t wsum; /* weight sum */
NO(uint32_t i_wsum; /* ONE_FP/w_sum */
uint32_t _queued; /* debugging */
uint32_t loops; /* debugging */)
bitmap bitmaps[QFQ_MAX_STATE]; /* Group bitmaps. */
struct qfq_group groups[QFQ_MAX_INDEX + 1]; /* The groups. */
};
/*---- support functions ----------------------------*/
/* Generic comparison function, handling wraparound. */
static inline int qfq_gt(uint64_t a, uint64_t b)
{
return (int64_t)(a - b) > 0;
}
/* Round a precise timestamp to its slotted value. */
static inline uint64_t qfq_round_down(uint64_t ts, unsigned int shift)
{
return ts & ~((1ULL << shift) - 1);
}
/* return the pointer to the group with lowest index in the bitmap */
static inline struct qfq_group *qfq_ffs(struct qfq_sched *q,
unsigned long bitmap)
{
int index = ffs(bitmap) - 1; // zero-based
return &q->groups[index];
}
/*
* Calculate a flow index, given its weight and maximum packet length.
* index = log_2(maxlen/weight) but we need to apply the scaling.
* This is used only once at flow creation.
*/
static int qfq_calc_index(uint32_t inv_w, unsigned int maxlen)
{
uint64_t slot_size = (uint64_t)maxlen *inv_w;
unsigned long size_map;
int index = 0;
size_map = (unsigned long)(slot_size >> QFQ_MIN_SLOT_SHIFT);
if (!size_map)
goto out;
index = __fls(size_map) + 1; // basically a log_2()
index -= !(slot_size - (1ULL << (index + QFQ_MIN_SLOT_SHIFT - 1)));
if (index < 0)
index = 0;
out:
ND("W = %d, L = %d, I = %d\n", ONE_FP/inv_w, maxlen, index);
return index;
}
/*---- end support functions ----*/
/*-------- API calls --------------------------------*/
/*
* Validate and copy parameters from flowset.
*/
static int
qfq_new_queue(struct dn_queue *_q)
{
struct qfq_sched *q = (struct qfq_sched *)(_q->_si + 1);
struct qfq_class *cl = (struct qfq_class *)_q;
int i;
uint32_t w; /* approximated weight */
/* import parameters from the flowset. They should be correct
* already.
*/
w = _q->fs->fs.par[0];
cl->lmax = _q->fs->fs.par[1];
if (!w || w > QFQ_MAX_WEIGHT) {
w = 1;
D("rounding weight to 1");
}
cl->inv_w = ONE_FP/w;
w = ONE_FP/cl->inv_w;
if (q->wsum + w > QFQ_MAX_WSUM)
return EINVAL;
i = qfq_calc_index(cl->inv_w, cl->lmax);
cl->grp = &q->groups[i];
q->wsum += w;
// XXX cl->S = q->V; ?
// XXX compute q->i_wsum
return 0;
}
/* remove an empty queue */
static int
qfq_free_queue(struct dn_queue *_q)
{
struct qfq_sched *q = (struct qfq_sched *)(_q->_si + 1);
struct qfq_class *cl = (struct qfq_class *)_q;
if (cl->inv_w) {
q->wsum -= ONE_FP/cl->inv_w;
cl->inv_w = 0; /* reset weight to avoid run twice */
}
return 0;
}
/* Calculate a mask to mimic what would be ffs_from(). */
static inline unsigned long
mask_from(unsigned long bitmap, int from)
{
return bitmap & ~((1UL << from) - 1);
}
/*
* The state computation relies on ER=0, IR=1, EB=2, IB=3
* First compute eligibility comparing grp->S, q->V,
* then check if someone is blocking us and possibly add EB
*/
static inline unsigned int
qfq_calc_state(struct qfq_sched *q, struct qfq_group *grp)
{
/* if S > V we are not eligible */
unsigned int state = qfq_gt(grp->S, q->V);
unsigned long mask = mask_from(q->bitmaps[ER], grp->index);
struct qfq_group *next;
if (mask) {
next = qfq_ffs(q, mask);
if (qfq_gt(grp->F, next->F))
state |= EB;
}
return state;
}
/*
* In principle
* q->bitmaps[dst] |= q->bitmaps[src] & mask;
* q->bitmaps[src] &= ~mask;
* but we should make sure that src != dst
*/
static inline void
qfq_move_groups(struct qfq_sched *q, unsigned long mask, int src, int dst)
{
q->bitmaps[dst] |= q->bitmaps[src] & mask;
q->bitmaps[src] &= ~mask;
}
static inline void
qfq_unblock_groups(struct qfq_sched *q, int index, uint64_t old_finish)
{
unsigned long mask = mask_from(q->bitmaps[ER], index + 1);
struct qfq_group *next;
if (mask) {
next = qfq_ffs(q, mask);
if (!qfq_gt(next->F, old_finish))
return;
}
mask = (1UL << index) - 1;
qfq_move_groups(q, mask, EB, ER);
qfq_move_groups(q, mask, IB, IR);
}
/*
* perhaps
*
old_V ^= q->V;
old_V >>= QFQ_MIN_SLOT_SHIFT;
if (old_V) {
...
}
*
*/
static inline void
qfq_make_eligible(struct qfq_sched *q, uint64_t old_V)
{
unsigned long mask, vslot, old_vslot;
vslot = q->V >> QFQ_MIN_SLOT_SHIFT;
old_vslot = old_V >> QFQ_MIN_SLOT_SHIFT;
if (vslot != old_vslot) {
mask = (2UL << (__fls(vslot ^ old_vslot))) - 1;
qfq_move_groups(q, mask, IR, ER);
qfq_move_groups(q, mask, IB, EB);
}
}
/*
* XXX we should make sure that slot becomes less than 32.
* This is guaranteed by the input values.
* roundedS is always cl->S rounded on grp->slot_shift bits.
*/
static inline void
qfq_slot_insert(struct qfq_group *grp, struct qfq_class *cl, uint64_t roundedS)
{
uint64_t slot = (roundedS - grp->S) >> grp->slot_shift;
unsigned int i = (grp->front + slot) % QFQ_MAX_SLOTS;
cl->next = grp->slots[i];
grp->slots[i] = cl;
__set_bit(slot, &grp->full_slots);
}
/*
* remove the entry from the slot
*/
static inline void
qfq_front_slot_remove(struct qfq_group *grp)
{
struct qfq_class **h = &grp->slots[grp->front];
*h = (*h)->next;
if (!*h)
__clear_bit(0, &grp->full_slots);
}
/*
* Returns the first full queue in a group. As a side effect,
* adjust the bucket list so the first non-empty bucket is at
* position 0 in full_slots.
*/
static inline struct qfq_class *
qfq_slot_scan(struct qfq_group *grp)
{
int i;
ND("grp %d full %x", grp->index, grp->full_slots);
if (!grp->full_slots)
return NULL;
i = ffs(grp->full_slots) - 1; // zero-based
if (i > 0) {
grp->front = (grp->front + i) % QFQ_MAX_SLOTS;
grp->full_slots >>= i;
}
return grp->slots[grp->front];
}
/*
* adjust the bucket list. When the start time of a group decreases,
* we move the index down (modulo QFQ_MAX_SLOTS) so we don't need to
* move the objects. The mask of occupied slots must be shifted
* because we use ffs() to find the first non-empty slot.
* This covers decreases in the group's start time, but what about
* increases of the start time ?
* Here too we should make sure that i is less than 32
*/
static inline void
qfq_slot_rotate(struct qfq_sched *q, struct qfq_group *grp, uint64_t roundedS)
{
unsigned int i = (grp->S - roundedS) >> grp->slot_shift;
grp->full_slots <<= i;
grp->front = (grp->front - i) % QFQ_MAX_SLOTS;
}
static inline void
qfq_update_eligible(struct qfq_sched *q, uint64_t old_V)
{
bitmap ineligible;
ineligible = q->bitmaps[IR] | q->bitmaps[IB];
if (ineligible) {
if (!q->bitmaps[ER]) {
struct qfq_group *grp;
grp = qfq_ffs(q, ineligible);
if (qfq_gt(grp->S, q->V))
q->V = grp->S;
}
qfq_make_eligible(q, old_V);
}
}
/*
* Updates the class, returns true if also the group needs to be updated.
*/
static inline int
qfq_update_class(struct qfq_sched *q, struct qfq_group *grp,
struct qfq_class *cl)
{
cl->S = cl->F;
if (cl->_q.mq.head == NULL) {
qfq_front_slot_remove(grp);
} else {
unsigned int len;
uint64_t roundedS;
len = cl->_q.mq.head->m_pkthdr.len;
cl->F = cl->S + (uint64_t)len * cl->inv_w;
roundedS = qfq_round_down(cl->S, grp->slot_shift);
if (roundedS == grp->S)
return 0;
qfq_front_slot_remove(grp);
qfq_slot_insert(grp, cl, roundedS);
}
return 1;
}
static struct mbuf *
qfq_dequeue(struct dn_sch_inst *si)
{
struct qfq_sched *q = (struct qfq_sched *)(si + 1);
struct qfq_group *grp;
struct qfq_class *cl;
struct mbuf *m;
uint64_t old_V;
NO(q->loops++;)
if (!q->bitmaps[ER]) {
NO(if (q->queued)
dump_sched(q, "start dequeue");)
return NULL;
}
grp = qfq_ffs(q, q->bitmaps[ER]);
cl = grp->slots[grp->front];
/* extract from the first bucket in the bucket list */
m = dn_dequeue(&cl->_q);
if (!m) {
D("BUG/* non-workconserving leaf */");
return NULL;
}
NO(q->queued--;)
old_V = q->V;
q->V += (uint64_t)m->m_pkthdr.len * IWSUM;
ND("m is %p F 0x%llx V now 0x%llx", m, cl->F, q->V);
if (qfq_update_class(q, grp, cl)) {
uint64_t old_F = grp->F;
cl = qfq_slot_scan(grp);
if (!cl) { /* group gone, remove from ER */
__clear_bit(grp->index, &q->bitmaps[ER]);
// grp->S = grp->F + 1; // XXX debugging only
} else {
uint64_t roundedS = qfq_round_down(cl->S, grp->slot_shift);
unsigned int s;
if (grp->S == roundedS)
goto skip_unblock;
grp->S = roundedS;
grp->F = roundedS + (2ULL << grp->slot_shift);
/* remove from ER and put in the new set */
__clear_bit(grp->index, &q->bitmaps[ER]);
s = qfq_calc_state(q, grp);
__set_bit(grp->index, &q->bitmaps[s]);
}
/* we need to unblock even if the group has gone away */
qfq_unblock_groups(q, grp->index, old_F);
}
skip_unblock:
qfq_update_eligible(q, old_V);
NO(if (!q->bitmaps[ER] && q->queued)
dump_sched(q, "end dequeue");)
return m;
}
/*
* Assign a reasonable start time for a new flow k in group i.
* Admissible values for \hat(F) are multiples of \sigma_i
* no greater than V+\sigma_i . Larger values mean that
* we had a wraparound so we consider the timestamp to be stale.
*
* If F is not stale and F >= V then we set S = F.
* Otherwise we should assign S = V, but this may violate
* the ordering in ER. So, if we have groups in ER, set S to
* the F_j of the first group j which would be blocking us.
* We are guaranteed not to move S backward because
* otherwise our group i would still be blocked.
*/
static inline void
qfq_update_start(struct qfq_sched *q, struct qfq_class *cl)
{
unsigned long mask;
uint32_t limit, roundedF;
int slot_shift = cl->grp->slot_shift;
roundedF = qfq_round_down(cl->F, slot_shift);
limit = qfq_round_down(q->V, slot_shift) + (1UL << slot_shift);
if (!qfq_gt(cl->F, q->V) || qfq_gt(roundedF, limit)) {
/* timestamp was stale */
mask = mask_from(q->bitmaps[ER], cl->grp->index);
if (mask) {
struct qfq_group *next = qfq_ffs(q, mask);
if (qfq_gt(roundedF, next->F)) {
cl->S = next->F;
return;
}
}
cl->S = q->V;
} else { /* timestamp is not stale */
cl->S = cl->F;
}
}
static int
qfq_enqueue(struct dn_sch_inst *si, struct dn_queue *_q, struct mbuf *m)
{
struct qfq_sched *q = (struct qfq_sched *)(si + 1);
struct qfq_group *grp;
struct qfq_class *cl = (struct qfq_class *)_q;
uint64_t roundedS;
int s;
NO(q->loops++;)
DX(4, "len %d flow %p inv_w 0x%x grp %d", m->m_pkthdr.len,
_q, cl->inv_w, cl->grp->index);
/* XXX verify that the packet obeys the parameters */
if (m != _q->mq.head) {
if (dn_enqueue(_q, m, 0)) /* packet was dropped */
return 1;
NO(q->queued++;)
if (m != _q->mq.head)
return 0;
}
/* If reach this point, queue q was idle */
grp = cl->grp;
qfq_update_start(q, cl); /* adjust start time */
/* compute new finish time and rounded start. */
cl->F = cl->S + (uint64_t)(m->m_pkthdr.len) * cl->inv_w;
roundedS = qfq_round_down(cl->S, grp->slot_shift);
/*
* insert cl in the correct bucket.
* If cl->S >= grp->S we don't need to adjust the
* bucket list and simply go to the insertion phase.
* Otherwise grp->S is decreasing, we must make room
* in the bucket list, and also recompute the group state.
* Finally, if there were no flows in this group and nobody
* was in ER make sure to adjust V.
*/
if (grp->full_slots) {
if (!qfq_gt(grp->S, cl->S))
goto skip_update;
/* create a slot for this cl->S */
qfq_slot_rotate(q, grp, roundedS);
/* group was surely ineligible, remove */
__clear_bit(grp->index, &q->bitmaps[IR]);
__clear_bit(grp->index, &q->bitmaps[IB]);
} else if (!q->bitmaps[ER] && qfq_gt(roundedS, q->V))
q->V = roundedS;
grp->S = roundedS;
grp->F = roundedS + (2ULL << grp->slot_shift); // i.e. 2\sigma_i
s = qfq_calc_state(q, grp);
__set_bit(grp->index, &q->bitmaps[s]);
ND("new state %d 0x%x", s, q->bitmaps[s]);
ND("S %llx F %llx V %llx", cl->S, cl->F, q->V);
skip_update:
qfq_slot_insert(grp, cl, roundedS);
return 0;
}
#if 0
static inline void
qfq_slot_remove(struct qfq_sched *q, struct qfq_group *grp,
struct qfq_class *cl, struct qfq_class **pprev)
{
unsigned int i, offset;
uint64_t roundedS;
roundedS = qfq_round_down(cl->S, grp->slot_shift);
offset = (roundedS - grp->S) >> grp->slot_shift;
i = (grp->front + offset) % QFQ_MAX_SLOTS;
#ifdef notyet
if (!pprev) {
pprev = &grp->slots[i];
while (*pprev && *pprev != cl)
pprev = &(*pprev)->next;
}
#endif
*pprev = cl->next;
if (!grp->slots[i])
__clear_bit(offset, &grp->full_slots);
}
/*
* called to forcibly destroy a queue.
* If the queue is not in the front bucket, or if it has
* other queues in the front bucket, we can simply remove
* the queue with no other side effects.
* Otherwise we must propagate the event up.
* XXX description to be completed.
*/
static void
qfq_deactivate_class(struct qfq_sched *q, struct qfq_class *cl,
struct qfq_class **pprev)
{
struct qfq_group *grp = &q->groups[cl->index];
unsigned long mask;
uint64_t roundedS;
int s;
cl->F = cl->S; // not needed if the class goes away.
qfq_slot_remove(q, grp, cl, pprev);
if (!grp->full_slots) {
/* nothing left in the group, remove from all sets.
* Do ER last because if we were blocking other groups
* we must unblock them.
*/
__clear_bit(grp->index, &q->bitmaps[IR]);
__clear_bit(grp->index, &q->bitmaps[EB]);
__clear_bit(grp->index, &q->bitmaps[IB]);
if (test_bit(grp->index, &q->bitmaps[ER]) &&
!(q->bitmaps[ER] & ~((1UL << grp->index) - 1))) {
mask = q->bitmaps[ER] & ((1UL << grp->index) - 1);
if (mask)
mask = ~((1UL << __fls(mask)) - 1);
else
mask = ~0UL;
qfq_move_groups(q, mask, EB, ER);
qfq_move_groups(q, mask, IB, IR);
}
__clear_bit(grp->index, &q->bitmaps[ER]);
} else if (!grp->slots[grp->front]) {
cl = qfq_slot_scan(grp);
roundedS = qfq_round_down(cl->S, grp->slot_shift);
if (grp->S != roundedS) {
__clear_bit(grp->index, &q->bitmaps[ER]);
__clear_bit(grp->index, &q->bitmaps[IR]);
__clear_bit(grp->index, &q->bitmaps[EB]);
__clear_bit(grp->index, &q->bitmaps[IB]);
grp->S = roundedS;
grp->F = roundedS + (2ULL << grp->slot_shift);
s = qfq_calc_state(q, grp);
__set_bit(grp->index, &q->bitmaps[s]);
}
}
qfq_update_eligible(q, q->V);
}
#endif
static int
qfq_new_fsk(struct dn_fsk *f)
{
ipdn_bound_var(&f->fs.par[0], 1, 1, QFQ_MAX_WEIGHT, "qfq weight");
ipdn_bound_var(&f->fs.par[1], 1500, 1, 2000, "qfq maxlen");
ND("weight %d len %d\n", f->fs.par[0], f->fs.par[1]);
return 0;
}
/*
* initialize a new scheduler instance
*/
static int
qfq_new_sched(struct dn_sch_inst *si)
{
struct qfq_sched *q = (struct qfq_sched *)(si + 1);
struct qfq_group *grp;
int i;
for (i = 0; i <= QFQ_MAX_INDEX; i++) {
grp = &q->groups[i];
grp->index = i;
grp->slot_shift = QFQ_MTU_SHIFT + FRAC_BITS -
(QFQ_MAX_INDEX - i);
}
return 0;
}
/*
* QFQ scheduler descriptor
*/
static struct dn_alg qfq_desc = {
_SI( .type = ) DN_SCHED_QFQ,
_SI( .name = ) "QFQ",
_SI( .flags = ) DN_MULTIQUEUE,
_SI( .schk_datalen = ) 0,
_SI( .si_datalen = ) sizeof(struct qfq_sched),
_SI( .q_datalen = ) sizeof(struct qfq_class) - sizeof(struct dn_queue),
_SI( .enqueue = ) qfq_enqueue,
_SI( .dequeue = ) qfq_dequeue,
_SI( .config = ) NULL,
_SI( .destroy = ) NULL,
_SI( .new_sched = ) qfq_new_sched,
_SI( .free_sched = ) NULL,
_SI( .new_fsk = ) qfq_new_fsk,
_SI( .free_fsk = ) NULL,
_SI( .new_queue = ) qfq_new_queue,
_SI( .free_queue = ) qfq_free_queue,
};
DECLARE_DNSCHED_MODULE(dn_qfq, &qfq_desc);
#ifdef QFQ_DEBUG
static void
dump_groups(struct qfq_sched *q, uint32_t mask)
{
int i, j;
for (i = 0; i < QFQ_MAX_INDEX + 1; i++) {
struct qfq_group *g = &q->groups[i];
if (0 == (mask & (1<<i)))
continue;
for (j = 0; j < QFQ_MAX_SLOTS; j++) {
if (g->slots[j])
D(" bucket %d %p", j, g->slots[j]);
}
D("full_slots 0x%x", g->full_slots);
D(" %2d S 0x%20llx F 0x%llx %c", i,
g->S, g->F,
mask & (1<<i) ? '1' : '0');
}
}
static void
dump_sched(struct qfq_sched *q, const char *msg)
{
D("--- in %s: ---", msg);
ND("loops %d queued %d V 0x%llx", q->loops, q->queued, q->V);
D(" ER 0x%08x", q->bitmaps[ER]);
D(" EB 0x%08x", q->bitmaps[EB]);
D(" IR 0x%08x", q->bitmaps[IR]);
D(" IB 0x%08x", q->bitmaps[IB]);
dump_groups(q, 0xffffffff);
};
#endif /* QFQ_DEBUG */

309
freebsd/sys/netinet/ipfw/dn_sched_rr.c
View File

@ -1,309 +0,0 @@
#include <machine/rtems-bsd-kernel-space.h>
/*
* Copyright (c) 2010 Riccardo Panicucci, Universita` di Pisa
* All rights reserved
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
/*
* $FreeBSD$
*/
#ifdef _KERNEL
#include <sys/malloc.h>
#include <sys/socket.h>
#include <sys/socketvar.h>
#include <sys/kernel.h>
#include <sys/mbuf.h>
#include <sys/module.h>
#include <net/if.h> /* IFNAMSIZ */
#include <netinet/in.h>
#include <netinet/ip_var.h> /* ipfw_rule_ref */
#include <netinet/ip_fw.h> /* flow_id */
#include <netinet/ip_dummynet.h>
#include <netinet/ipfw/dn_heap.h>
#include <netinet/ipfw/ip_dn_private.h>
#include <netinet/ipfw/dn_sched.h>
#else
#include <dn_test.h>
#endif
#define DN_SCHED_RR 3 // XXX Where?
struct rr_queue {
struct dn_queue q; /* Standard queue */
int status; /* 1: queue is in the list */
int credit; /* Number of bytes to transmit */
int quantum; /* quantum * C */
struct rr_queue *qnext; /* */
};
/* struct rr_schk contains global config parameters
* and is right after dn_schk
*/
struct rr_schk {
int min_q; /* Min quantum */
int max_q; /* Max quantum */
int q_bytes; /* Bytes per quantum */
};
/* per-instance round robin list, right after dn_sch_inst */
struct rr_si {
struct rr_queue *head, *tail; /* Pointer to current queue */
};
/* Append a queue to the rr list */
static inline void
rr_append(struct rr_queue *q, struct rr_si *si)
{
q->status = 1; /* mark as in-rr_list */
q->credit = q->quantum; /* initialize credit */
/* append to the tail */
if (si->head == NULL)
si->head = q;
else
si->tail->qnext = q;
si->tail = q; /* advance the tail pointer */
q->qnext = si->head; /* make it circular */
}
/* Remove the head queue from circular list. */
static inline void
rr_remove_head(struct rr_si *si)
{
if (si->head == NULL)
return; /* empty queue */
si->head->status = 0;
if (si->head == si->tail) {
si->head = si->tail = NULL;
return;
}
si->head = si->head->qnext;
si->tail->qnext = si->head;
}
/* Remove a queue from circular list.
* XXX see if ti can be merge with remove_queue()
*/
static inline void
remove_queue_q(struct rr_queue *q, struct rr_si *si)
{
struct rr_queue *prev;
if (q->status != 1)
return;
if (q == si->head) {
rr_remove_head(si);
return;
}
for (prev = si->head; prev; prev = prev->qnext) {
if (prev->qnext != q)
continue;
prev->qnext = q->qnext;
if (q == si->tail)
si->tail = prev;
q->status = 0;
break;
}
}
static inline void
next_pointer(struct rr_si *si)
{
if (si->head == NULL)
return; /* empty queue */
si->head = si->head->qnext;
si->tail = si->tail->qnext;
}
static int
rr_enqueue(struct dn_sch_inst *_si, struct dn_queue *q, struct mbuf *m)
{
struct rr_si *si;
struct rr_queue *rrq;
if (m != q->mq.head) {
if (dn_enqueue(q, m, 0)) /* packet was dropped */
return 1;
if (m != q->mq.head)
return 0;
}
/* If reach this point, queue q was idle */
si = (struct rr_si *)(_si + 1);
rrq = (struct rr_queue *)q;
if (rrq->status == 1) /* Queue is already in the queue list */
return 0;
/* Insert the queue in the queue list */
rr_append(rrq, si);
return 0;
}
static struct mbuf *
rr_dequeue(struct dn_sch_inst *_si)
{
/* Access scheduler instance private data */
struct rr_si *si = (struct rr_si *)(_si + 1);
struct rr_queue *rrq;
uint64_t len;
while ( (rrq = si->head) ) {
struct mbuf *m = rrq->q.mq.head;
if ( m == NULL) {
/* empty queue, remove from list */
rr_remove_head(si);
continue;
}
len = m->m_pkthdr.len;
if (len > rrq->credit) {
/* Packet too big */
rrq->credit += rrq->quantum;
/* Try next queue */
next_pointer(si);
} else {
rrq->credit -= len;
return dn_dequeue(&rrq->q);
}
}
/* no packet to dequeue*/
return NULL;
}
static int
rr_config(struct dn_schk *_schk)
{
struct rr_schk *schk = (struct rr_schk *)(_schk + 1);
ND("called");
/* use reasonable quantums (64..2k bytes, default 1500) */
schk->min_q = 64;
schk->max_q = 2048;
schk->q_bytes = 1500; /* quantum */
return 0;
}
static int
rr_new_sched(struct dn_sch_inst *_si)
{
struct rr_si *si = (struct rr_si *)(_si + 1);
ND("called");
si->head = si->tail = NULL;
return 0;
}
static int
rr_free_sched(struct dn_sch_inst *_si)
{
ND("called");
/* Nothing to do? */
return 0;
}
static int
rr_new_fsk(struct dn_fsk *fs)
{
struct rr_schk *schk = (struct rr_schk *)(fs->sched + 1);
/* par[0] is the weight, par[1] is the quantum step */
ipdn_bound_var(&fs->fs.par[0], 1,
1, 65536, "RR weight");
ipdn_bound_var(&fs->fs.par[1], schk->q_bytes,
schk->min_q, schk->max_q, "RR quantum");
return 0;
}
static int
rr_new_queue(struct dn_queue *_q)
{
struct rr_queue *q = (struct rr_queue *)_q;
_q->ni.oid.subtype = DN_SCHED_RR;
q->quantum = _q->fs->fs.par[0] * _q->fs->fs.par[1];
ND("called, q->quantum %d", q->quantum);
q->credit = q->quantum;
q->status = 0;
if (_q->mq.head != NULL) {
/* Queue NOT empty, insert in the queue list */
rr_append(q, (struct rr_si *)(_q->_si + 1));
}
return 0;
}
static int
rr_free_queue(struct dn_queue *_q)
{
struct rr_queue *q = (struct rr_queue *)_q;
ND("called");
if (q->status == 1) {
struct rr_si *si = (struct rr_si *)(_q->_si + 1);
remove_queue_q(q, si);
}
return 0;
}
/*
* RR scheduler descriptor
* contains the type of the scheduler, the name, the size of the
* structures and function pointers.
*/
static struct dn_alg rr_desc = {
_SI( .type = ) DN_SCHED_RR,
_SI( .name = ) "RR",
_SI( .flags = ) DN_MULTIQUEUE,
_SI( .schk_datalen = ) 0,
_SI( .si_datalen = ) sizeof(struct rr_si),
_SI( .q_datalen = ) sizeof(struct rr_queue) - sizeof(struct dn_queue),
_SI( .enqueue = ) rr_enqueue,
_SI( .dequeue = ) rr_dequeue,
_SI( .config = ) rr_config,
_SI( .destroy = ) NULL,
_SI( .new_sched = ) rr_new_sched,
_SI( .free_sched = ) rr_free_sched,
_SI( .new_fsk = ) rr_new_fsk,
_SI( .free_fsk = ) NULL,
_SI( .new_queue = ) rr_new_queue,
_SI( .free_queue = ) rr_free_queue,
};
DECLARE_DNSCHED_MODULE(dn_rr, &rr_desc);

375
freebsd/sys/netinet/ipfw/dn_sched_wf2q.c
View File

@ -1,375 +0,0 @@
#include <machine/rtems-bsd-kernel-space.h>
/*
* Copyright (c) 2010 Riccardo Panicucci, Universita` di Pisa
* Copyright (c) 2000-2002 Luigi Rizzo, Universita` di Pisa
* All rights reserved
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
/*
* $FreeBSD$
*/
#ifdef _KERNEL
#include <sys/malloc.h>
#include <sys/socket.h>
#include <sys/socketvar.h>
#include <sys/kernel.h>
#include <sys/mbuf.h>
#include <sys/module.h>
#include <net/if.h> /* IFNAMSIZ */
#include <netinet/in.h>
#include <netinet/ip_var.h> /* ipfw_rule_ref */
#include <netinet/ip_fw.h> /* flow_id */
#include <netinet/ip_dummynet.h>
#include <netinet/ipfw/dn_heap.h>
#include <netinet/ipfw/ip_dn_private.h>
#include <netinet/ipfw/dn_sched.h>
#else
#include <dn_test.h>
#endif
#ifndef MAX64
#define MAX64(x,y) (( (int64_t) ( (y)-(x) )) > 0 ) ? (y) : (x)
#endif
/*
* timestamps are computed on 64 bit using fixed point arithmetic.
* LMAX_BITS, WMAX_BITS are the max number of bits for the packet len
* and sum of weights, respectively. FRAC_BITS is the number of
* fractional bits. We want FRAC_BITS >> WMAX_BITS to avoid too large
* errors when computing the inverse, FRAC_BITS < 32 so we can do 1/w
* using an unsigned 32-bit division, and to avoid wraparounds we need
* LMAX_BITS + WMAX_BITS + FRAC_BITS << 64
* As an example
* FRAC_BITS = 26, LMAX_BITS=14, WMAX_BITS = 19
*/
#ifndef FRAC_BITS
#define FRAC_BITS 28 /* shift for fixed point arithmetic */
#define ONE_FP (1UL << FRAC_BITS)
#endif
/*
* Private information for the scheduler instance:
* sch_heap (key is Finish time) returns the next queue to serve
* ne_heap (key is Start time) stores not-eligible queues
* idle_heap (key=start/finish time) stores idle flows. It must
* support extract-from-middle.
* A flow is only in 1 of the three heaps.
* XXX todo: use a more efficient data structure, e.g. a tree sorted
* by F with min_subtree(S) in each node
*/
struct wf2qp_si {
struct dn_heap sch_heap; /* top extract - key Finish time */
struct dn_heap ne_heap; /* top extract - key Start time */
struct dn_heap idle_heap; /* random extract - key Start=Finish time */
uint64_t V; /* virtual time */
uint32_t inv_wsum; /* inverse of sum of weights */
uint32_t wsum; /* sum of weights */
};
struct wf2qp_queue {
struct dn_queue _q;
uint64_t S, F; /* start time, finish time */
uint32_t inv_w; /* ONE_FP / weight */
int32_t heap_pos; /* position (index) of struct in heap */
};
/*
* This file implements a WF2Q+ scheduler as it has been in dummynet
* since 2000.
* The scheduler supports per-flow queues and has O(log N) complexity.
*
* WF2Q+ needs to drain entries from the idle heap so that we
* can keep the sum of weights up to date. We can do it whenever
* we get a chance, or periodically, or following some other
* strategy. The function idle_check() drains at most N elements
* from the idle heap.
*/
static void
idle_check(struct wf2qp_si *si, int n, int force)
{
struct dn_heap *h = &si->idle_heap;
while (n-- > 0 && h->elements > 0 &&
(force || DN_KEY_LT(HEAP_TOP(h)->key, si->V))) {
struct dn_queue *q = HEAP_TOP(h)->object;
struct wf2qp_queue *alg_fq = (struct wf2qp_queue *)q;
heap_extract(h, NULL);
/* XXX to let the flowset delete the queue we should
* mark it as 'unused' by the scheduler.
*/
alg_fq->S = alg_fq->F + 1; /* Mark timestamp as invalid. */
si->wsum -= q->fs->fs.par[0]; /* adjust sum of weights */
if (si->wsum > 0)
si->inv_wsum = ONE_FP/si->wsum;
}
}
static int
wf2qp_enqueue(struct dn_sch_inst *_si, struct dn_queue *q, struct mbuf *m)
{
struct dn_fsk *fs = q->fs;
struct wf2qp_si *si = (struct wf2qp_si *)(_si + 1);
struct wf2qp_queue *alg_fq;
uint64_t len = m->m_pkthdr.len;
if (m != q->mq.head) {
if (dn_enqueue(q, m, 0)) /* packet was dropped */
return 1;
if (m != q->mq.head) /* queue was already busy */
return 0;
}
/* If reach this point, queue q was idle */
alg_fq = (struct wf2qp_queue *)q;
if (DN_KEY_LT(alg_fq->F, alg_fq->S)) {
/* F<S means timestamps are invalid ->brand new queue. */
alg_fq->S = si->V; /* init start time */
si->wsum += fs->fs.par[0]; /* add weight of new queue. */
si->inv_wsum = ONE_FP/si->wsum;
} else { /* if it was idle then it was in the idle heap */
heap_extract(&si->idle_heap, q);
alg_fq->S = MAX64(alg_fq->F, si->V); /* compute new S */
}
alg_fq->F = alg_fq->S + len * alg_fq->inv_w;
/* if nothing is backlogged, make sure this flow is eligible */
if (si->ne_heap.elements == 0 && si->sch_heap.elements == 0)
si->V = MAX64(alg_fq->S, si->V);
/*
* Look at eligibility. A flow is not eligibile if S>V (when
* this happens, it means that there is some other flow already
* scheduled for the same pipe, so the sch_heap cannot be
* empty). If the flow is not eligible we just store it in the
* ne_heap. Otherwise, we store in the sch_heap.
* Note that for all flows in sch_heap (SCH), S_i <= V,
* and for all flows in ne_heap (NEH), S_i > V.
* So when we need to compute max(V, min(S_i)) forall i in
* SCH+NEH, we only need to look into NEH.
*/
if (DN_KEY_LT(si->V, alg_fq->S)) {
/* S>V means flow Not eligible. */
if (si->sch_heap.elements == 0)
D("++ ouch! not eligible but empty scheduler!");
heap_insert(&si->ne_heap, alg_fq->S, q);
} else {
heap_insert(&si->sch_heap, alg_fq->F, q);
}
return 0;
}
/* XXX invariant: sch > 0 || V >= min(S in neh) */
static struct mbuf *
wf2qp_dequeue(struct dn_sch_inst *_si)
{
/* Access scheduler instance private data */
struct wf2qp_si *si = (struct wf2qp_si *)(_si + 1);
struct mbuf *m;
struct dn_queue *q;
struct dn_heap *sch = &si->sch_heap;
struct dn_heap *neh = &si->ne_heap;
struct wf2qp_queue *alg_fq;
if (sch->elements == 0 && neh->elements == 0) {
/* we have nothing to do. We could kill the idle heap
* altogether and reset V
*/
idle_check(si, 0x7fffffff, 1);
si->V = 0;
si->wsum = 0; /* should be set already */
return NULL; /* quick return if nothing to do */
}
idle_check(si, 1, 0); /* drain something from the idle heap */
/* make sure at least one element is eligible, bumping V
* and moving entries that have become eligible.
* We need to repeat the first part twice, before and
* after extracting the candidate, or enqueue() will
* find the data structure in a wrong state.
*/
m = NULL;
for(;;) {
/*
* Compute V = max(V, min(S_i)). Remember that all elements
* in sch have by definition S_i <= V so if sch is not empty,
* V is surely the max and we must not update it. Conversely,
* if sch is empty we only need to look at neh.
* We don't need to move the queues, as it will be done at the
* next enqueue
*/
if (sch->elements == 0 && neh->elements > 0) {
si->V = MAX64(si->V, HEAP_TOP(neh)->key);
}
while (neh->elements > 0 &&
DN_KEY_LEQ(HEAP_TOP(neh)->key, si->V)) {
q = HEAP_TOP(neh)->object;
alg_fq = (struct wf2qp_queue *)q;
heap_extract(neh, NULL);
heap_insert(sch, alg_fq->F, q);
}
if (m) /* pkt found in previous iteration */
break;
/* ok we have at least one eligible pkt */
q = HEAP_TOP(sch)->object;
alg_fq = (struct wf2qp_queue *)q;
m = dn_dequeue(q);
heap_extract(sch, NULL); /* Remove queue from heap. */
si->V += (uint64_t)(m->m_pkthdr.len) * si->inv_wsum;
alg_fq->S = alg_fq->F; /* Update start time. */
if (q->mq.head == 0) { /* not backlogged any more. */
heap_insert(&si->idle_heap, alg_fq->F, q);
} else { /* Still backlogged. */
/* Update F, store in neh or sch */
uint64_t len = q->mq.head->m_pkthdr.len;
alg_fq->F += len * alg_fq->inv_w;
if (DN_KEY_LEQ(alg_fq->S, si->V)) {
heap_insert(sch, alg_fq->F, q);
} else {
heap_insert(neh, alg_fq->S, q);
}
}
}
return m;
}
static int
wf2qp_new_sched(struct dn_sch_inst *_si)
{
struct wf2qp_si *si = (struct wf2qp_si *)(_si + 1);
int ofs = offsetof(struct wf2qp_queue, heap_pos);
/* all heaps support extract from middle */
if (heap_init(&si->idle_heap, 16, ofs) ||
heap_init(&si->sch_heap, 16, ofs) ||
heap_init(&si->ne_heap, 16, ofs)) {
heap_free(&si->ne_heap);
heap_free(&si->sch_heap);
heap_free(&si->idle_heap);
return ENOMEM;
}
return 0;
}
static int
wf2qp_free_sched(struct dn_sch_inst *_si)
{
struct wf2qp_si *si = (struct wf2qp_si *)(_si + 1);
heap_free(&si->sch_heap);
heap_free(&si->ne_heap);
heap_free(&si->idle_heap);
return 0;
}
static int
wf2qp_new_fsk(struct dn_fsk *fs)
{
ipdn_bound_var(&fs->fs.par[0], 1,
1, 100, "WF2Q+ weight");
return 0;
}
static int
wf2qp_new_queue(struct dn_queue *_q)
{
struct wf2qp_queue *q = (struct wf2qp_queue *)_q;
_q->ni.oid.subtype = DN_SCHED_WF2QP;
q->F = 0; /* not strictly necessary */
q->S = q->F + 1; /* mark timestamp as invalid. */
q->inv_w = ONE_FP / _q->fs->fs.par[0];
if (_q->mq.head != NULL) {
wf2qp_enqueue(_q->_si, _q, _q->mq.head);
}
return 0;
}
/*
* Called when the infrastructure removes a queue (e.g. flowset
* is reconfigured). Nothing to do if we did not 'own' the queue,
* otherwise remove it from the right heap and adjust the sum
* of weights.
*/
static int
wf2qp_free_queue(struct dn_queue *q)
{
struct wf2qp_queue *alg_fq = (struct wf2qp_queue *)q;
struct wf2qp_si *si = (struct wf2qp_si *)(q->_si + 1);
if (alg_fq->S >= alg_fq->F + 1)
return 0; /* nothing to do, not in any heap */
si->wsum -= q->fs->fs.par[0];
if (si->wsum > 0)
si->inv_wsum = ONE_FP/si->wsum;
/* extract from the heap. XXX TODO we may need to adjust V
* to make sure the invariants hold.
*/
if (q->mq.head == NULL) {
heap_extract(&si->idle_heap, q);
} else if (DN_KEY_LT(si->V, alg_fq->S)) {
heap_extract(&si->ne_heap, q);
} else {
heap_extract(&si->sch_heap, q);
}
return 0;
}
/*
* WF2Q+ scheduler descriptor
* contains the type of the scheduler, the name, the size of the
* structures and function pointers.
*/
static struct dn_alg wf2qp_desc = {
_SI( .type = ) DN_SCHED_WF2QP,
_SI( .name = ) "WF2Q+",
_SI( .flags = ) DN_MULTIQUEUE,
/* we need extra space in the si and the queue */
_SI( .schk_datalen = ) 0,
_SI( .si_datalen = ) sizeof(struct wf2qp_si),
_SI( .q_datalen = ) sizeof(struct wf2qp_queue) -
sizeof(struct dn_queue),
_SI( .enqueue = ) wf2qp_enqueue,
_SI( .dequeue = ) wf2qp_dequeue,
_SI( .config = ) NULL,
_SI( .destroy = ) NULL,
_SI( .new_sched = ) wf2qp_new_sched,
_SI( .free_sched = ) wf2qp_free_sched,
_SI( .new_fsk = ) wf2qp_new_fsk,
_SI( .free_fsk = ) NULL,
_SI( .new_queue = ) wf2qp_new_queue,
_SI( .free_queue = ) wf2qp_free_queue,
};
DECLARE_DNSCHED_MODULE(dn_wf2qp, &wf2qp_desc);

847
freebsd/sys/netinet/ipfw/ip_dn_glue.c
View File

@ -1,847 +0,0 @@
#include <machine/rtems-bsd-kernel-space.h>
/*-
* Copyright (c) 2010 Riccardo Panicucci, Universita` di Pisa
* All rights reserved
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
/*
* $FreeBSD$
*
* Binary compatibility support for /sbin/ipfw RELENG_7 and RELENG_8
*/
#include <rtems/bsd/local/opt_inet6.h>
#include <rtems/bsd/sys/param.h>
#include <sys/systm.h>
#include <sys/malloc.h>
#include <sys/mbuf.h>
#include <sys/kernel.h>
#include <rtems/bsd/sys/lock.h>
#include <sys/module.h>
#include <sys/priv.h>
#include <sys/proc.h>
#include <sys/rwlock.h>
#include <sys/socket.h>
#include <sys/socketvar.h>
#include <sys/time.h>
#include <sys/taskqueue.h>
#include <net/if.h> /* IFNAMSIZ, struct ifaddr, ifq head, lock.h mutex.h */
#include <netinet/in.h>
#include <netinet/ip_var.h> /* ip_output(), IP_FORWARDING */
#include <netinet/ip_fw.h>
#include <netinet/ipfw/ip_fw_private.h>
#include <netinet/ipfw/dn_heap.h>
#include <netinet/ip_dummynet.h>
#include <netinet/ipfw/ip_dn_private.h>
#include <netinet/ipfw/dn_sched.h>
/* FREEBSD7.2 ip_dummynet.h r191715*/
struct dn_heap_entry7 {
int64_t key; /* sorting key. Topmost element is smallest one */
void *object; /* object pointer */
};
struct dn_heap7 {
int size;
int elements;
int offset; /* XXX if > 0 this is the offset of direct ptr to obj */
struct dn_heap_entry7 *p; /* really an array of "size" entries */
};
/* Common to 7.2 and 8 */
struct dn_flow_set {
SLIST_ENTRY(dn_flow_set) next; /* linked list in a hash slot */
u_short fs_nr ; /* flow_set number */
u_short flags_fs;
#define DNOLD_HAVE_FLOW_MASK 0x0001
#define DNOLD_IS_RED 0x0002
#define DNOLD_IS_GENTLE_RED 0x0004
#define DNOLD_QSIZE_IS_BYTES 0x0008 /* queue size is measured in bytes */
#define DNOLD_NOERROR 0x0010 /* do not report ENOBUFS on drops */
#define DNOLD_HAS_PROFILE 0x0020 /* the pipe has a delay profile. */
#define DNOLD_IS_PIPE 0x4000
#define DNOLD_IS_QUEUE 0x8000
struct dn_pipe7 *pipe ; /* pointer to parent pipe */
u_short parent_nr ; /* parent pipe#, 0 if local to a pipe */
int weight ; /* WFQ queue weight */
int qsize ; /* queue size in slots or bytes */
int plr ; /* pkt loss rate (2^31-1 means 100%) */
struct ipfw_flow_id flow_mask ;
/* hash table of queues onto this flow_set */
int rq_size ; /* number of slots */
int rq_elements ; /* active elements */
struct dn_flow_queue7 **rq; /* array of rq_size entries */
u_int32_t last_expired ; /* do not expire too frequently */
int backlogged ; /* #active queues for this flowset */
/* RED parameters */
#define SCALE_RED 16
#define SCALE(x) ( (x) << SCALE_RED )
#define SCALE_VAL(x) ( (x) >> SCALE_RED )
#define SCALE_MUL(x,y) ( ( (x) * (y) ) >> SCALE_RED )
int w_q ; /* queue weight (scaled) */
int max_th ; /* maximum threshold for queue (scaled) */
int min_th ; /* minimum threshold for queue (scaled) */
int max_p ; /* maximum value for p_b (scaled) */
u_int c_1 ; /* max_p/(max_th-min_th) (scaled) */
u_int c_2 ; /* max_p*min_th/(max_th-min_th) (scaled) */
u_int c_3 ; /* for GRED, (1-max_p)/max_th (scaled) */
u_int c_4 ; /* for GRED, 1 - 2*max_p (scaled) */
u_int * w_q_lookup ; /* lookup table for computing (1-w_q)^t */
u_int lookup_depth ; /* depth of lookup table */
int lookup_step ; /* granularity inside the lookup table */
int lookup_weight ; /* equal to (1-w_q)^t / (1-w_q)^(t+1) */
int avg_pkt_size ; /* medium packet size */
int max_pkt_size ; /* max packet size */
};
SLIST_HEAD(dn_flow_set_head, dn_flow_set);
#define DN_IS_PIPE 0x4000
#define DN_IS_QUEUE 0x8000
struct dn_flow_queue7 {
struct dn_flow_queue7 *next ;
struct ipfw_flow_id id ;
struct mbuf *head, *tail ; /* queue of packets */
u_int len ;
u_int len_bytes ;
u_long numbytes;
u_int64_t tot_pkts ; /* statistics counters */
u_int64_t tot_bytes ;
u_int32_t drops ;
int hash_slot ; /* debugging/diagnostic */
/* RED parameters */
int avg ; /* average queue length est. (scaled) */
int count ; /* arrivals since last RED drop */
int random ; /* random value (scaled) */
u_int32_t q_time; /* start of queue idle time */
/* WF2Q+ support */
struct dn_flow_set *fs ; /* parent flow set */
int heap_pos ; /* position (index) of struct in heap */
int64_t sched_time ; /* current time when queue enters ready_heap */
int64_t S,F ; /* start time, finish time */
};
struct dn_pipe7 { /* a pipe */
SLIST_ENTRY(dn_pipe7) next; /* linked list in a hash slot */
int pipe_nr ; /* number */
int bandwidth; /* really, bytes/tick. */
int delay ; /* really, ticks */
struct mbuf *head, *tail ; /* packets in delay line */
/* WF2Q+ */
struct dn_heap7 scheduler_heap ; /* top extract - key Finish time*/
struct dn_heap7 not_eligible_heap; /* top extract- key Start time */
struct dn_heap7 idle_heap ; /* random extract - key Start=Finish time */
int64_t V ; /* virtual time */
int sum; /* sum of weights of all active sessions */
int numbytes;
int64_t sched_time ; /* time pipe was scheduled in ready_heap */
/*
* When the tx clock come from an interface (if_name[0] != '\0'), its name
* is stored below, whereas the ifp is filled when the rule is configured.
*/
char if_name[IFNAMSIZ];
struct ifnet *ifp ;
int ready ; /* set if ifp != NULL and we got a signal from it */
struct dn_flow_set fs ; /* used with fixed-rate flows */
};
SLIST_HEAD(dn_pipe_head7, dn_pipe7);
/* FREEBSD8 ip_dummynet.h r196045 */
struct dn_flow_queue8 {
struct dn_flow_queue8 *next ;
struct ipfw_flow_id id ;
struct mbuf *head, *tail ; /* queue of packets */
u_int len ;
u_int len_bytes ;
uint64_t numbytes ; /* credit for transmission (dynamic queues) */
int64_t extra_bits; /* extra bits simulating unavailable channel */
u_int64_t tot_pkts ; /* statistics counters */
u_int64_t tot_bytes ;
u_int32_t drops ;
int hash_slot ; /* debugging/diagnostic */
/* RED parameters */
int avg ; /* average queue length est. (scaled) */
int count ; /* arrivals since last RED drop */
int random ; /* random value (scaled) */
int64_t idle_time; /* start of queue idle time */
/* WF2Q+ support */
struct dn_flow_set *fs ; /* parent flow set */
int heap_pos ; /* position (index) of struct in heap */
int64_t sched_time ; /* current time when queue enters ready_heap */
int64_t S,F ; /* start time, finish time */
};
struct dn_pipe8 { /* a pipe */
SLIST_ENTRY(dn_pipe8) next; /* linked list in a hash slot */
int pipe_nr ; /* number */
int bandwidth; /* really, bytes/tick. */
int delay ; /* really, ticks */
struct mbuf *head, *tail ; /* packets in delay line */
/* WF2Q+ */
struct dn_heap7 scheduler_heap ; /* top extract - key Finish time*/
struct dn_heap7 not_eligible_heap; /* top extract- key Start time */
struct dn_heap7 idle_heap ; /* random extract - key Start=Finish time */
int64_t V ; /* virtual time */
int sum; /* sum of weights of all active sessions */
/* Same as in dn_flow_queue, numbytes can become large */
int64_t numbytes; /* bits I can transmit (more or less). */
uint64_t burst; /* burst size, scaled: bits * hz */
int64_t sched_time ; /* time pipe was scheduled in ready_heap */
int64_t idle_time; /* start of pipe idle time */
char if_name[IFNAMSIZ];
struct ifnet *ifp ;
int ready ; /* set if ifp != NULL and we got a signal from it */
struct dn_flow_set fs ; /* used with fixed-rate flows */
/* fields to simulate a delay profile */
#define ED_MAX_NAME_LEN 32
char name[ED_MAX_NAME_LEN];
int loss_level;
int samples_no;
int *samples;
};
#define ED_MAX_SAMPLES_NO 1024
struct dn_pipe_max8 {
struct dn_pipe8 pipe;
int samples[ED_MAX_SAMPLES_NO];
};
SLIST_HEAD(dn_pipe_head8, dn_pipe8);
/*
* Changes from 7.2 to 8:
* dn_pipe:
* numbytes from int to int64_t
* add burst (int64_t)
* add idle_time (int64_t)
* add profile
* add struct dn_pipe_max
* add flag DN_HAS_PROFILE
*
* dn_flow_queue
* numbytes from u_long to int64_t
* add extra_bits (int64_t)
* q_time from u_int32_t to int64_t and name idle_time
*
* dn_flow_set unchanged
*
*/
/* NOTE:XXX copied from dummynet.c */
#define O_NEXT(p, len) ((void *)((char *)p + len))
static void
oid_fill(struct dn_id *oid, int len, int type, uintptr_t id)
{
oid->len = len;
oid->type = type;
oid->subtype = 0;
oid->id = id;
}
/* make room in the buffer and move the pointer forward */
static void *
o_next(struct dn_id **o, int len, int type)
{
struct dn_id *ret = *o;
oid_fill(ret, len, type, 0);
*o = O_NEXT(*o, len);
return ret;
}
static size_t pipesize7 = sizeof(struct dn_pipe7);
static size_t pipesize8 = sizeof(struct dn_pipe8);
static size_t pipesizemax8 = sizeof(struct dn_pipe_max8);
/* Indicate 'ipfw' version
* 1: from FreeBSD 7.2
* 0: from FreeBSD 8
* -1: unknow (for now is unused)
*
* It is update when a IP_DUMMYNET_DEL or IP_DUMMYNET_CONFIGURE request arrives
* NOTE: if a IP_DUMMYNET_GET arrives and the 'ipfw' version is unknow,
* it is suppose to be the FreeBSD 8 version.
*/
static int is7 = 0;
static int
convertflags2new(int src)
{
int dst = 0;
if (src & DNOLD_HAVE_FLOW_MASK)
dst |= DN_HAVE_MASK;
if (src & DNOLD_QSIZE_IS_BYTES)
dst |= DN_QSIZE_BYTES;
if (src & DNOLD_NOERROR)
dst |= DN_NOERROR;
if (src & DNOLD_IS_RED)
dst |= DN_IS_RED;
if (src & DNOLD_IS_GENTLE_RED)
dst |= DN_IS_GENTLE_RED;
if (src & DNOLD_HAS_PROFILE)
dst |= DN_HAS_PROFILE;
return dst;
}
static int
convertflags2old(int src)
{
int dst = 0;
if (src & DN_HAVE_MASK)
dst |= DNOLD_HAVE_FLOW_MASK;
if (src & DN_IS_RED)
dst |= DNOLD_IS_RED;
if (src & DN_IS_GENTLE_RED)
dst |= DNOLD_IS_GENTLE_RED;
if (src & DN_NOERROR)
dst |= DNOLD_NOERROR;
if (src & DN_HAS_PROFILE)
dst |= DNOLD_HAS_PROFILE;
if (src & DN_QSIZE_BYTES)
dst |= DNOLD_QSIZE_IS_BYTES;
return dst;
}
static int
dn_compat_del(void *v)
{
struct dn_pipe7 *p = (struct dn_pipe7 *) v;
struct dn_pipe8 *p8 = (struct dn_pipe8 *) v;
struct {
struct dn_id oid;
uintptr_t a[1]; /* add more if we want a list */
} cmd;
/* XXX DN_API_VERSION ??? */
oid_fill((void *)&cmd, sizeof(cmd), DN_CMD_DELETE, DN_API_VERSION);
if (is7) {
if (p->pipe_nr == 0 && p->fs.fs_nr == 0)
return EINVAL;
if (p->pipe_nr != 0 && p->fs.fs_nr != 0)
return EINVAL;
} else {
if (p8->pipe_nr == 0 && p8->fs.fs_nr == 0)
return EINVAL;
if (p8->pipe_nr != 0 && p8->fs.fs_nr != 0)
return EINVAL;
}
if (p->pipe_nr != 0) { /* pipe x delete */
cmd.a[0] = p->pipe_nr;
cmd.oid.subtype = DN_LINK;
} else { /* queue x delete */
cmd.oid.subtype = DN_FS;
cmd.a[0] = (is7) ? p->fs.fs_nr : p8->fs.fs_nr;
}
return do_config(&cmd, cmd.oid.len);
}
static int
dn_compat_config_queue(struct dn_fs *fs, void* v)
{
struct dn_pipe7 *p7 = (struct dn_pipe7 *)v;
struct dn_pipe8 *p8 = (struct dn_pipe8 *)v;
struct dn_flow_set *f;
if (is7)
f = &p7->fs;
else
f = &p8->fs;
fs->fs_nr = f->fs_nr;
fs->sched_nr = f->parent_nr;
fs->flow_mask = f->flow_mask;
fs->buckets = f->rq_size;
fs->qsize = f->qsize;
fs->plr = f->plr;
fs->par[0] = f->weight;
fs->flags = convertflags2new(f->flags_fs);
if (fs->flags & DN_IS_GENTLE_RED || fs->flags & DN_IS_RED) {
fs->w_q = f->w_q;
fs->max_th = f->max_th;
fs->min_th = f->min_th;
fs->max_p = f->max_p;
}
return 0;
}
static int
dn_compat_config_pipe(struct dn_sch *sch, struct dn_link *p,
struct dn_fs *fs, void* v)
{
struct dn_pipe7 *p7 = (struct dn_pipe7 *)v;
struct dn_pipe8 *p8 = (struct dn_pipe8 *)v;
int i = p7->pipe_nr;
sch->sched_nr = i;
sch->oid.subtype = 0;
p->link_nr = i;
fs->fs_nr = i + 2*DN_MAX_ID;
fs->sched_nr = i + DN_MAX_ID;
/* Common to 7 and 8 */
p->bandwidth = p7->bandwidth;
p->delay = p7->delay;
if (!is7) {
/* FreeBSD 8 has burst */
p->burst = p8->burst;
}
/* fill the fifo flowset */
dn_compat_config_queue(fs, v);
fs->fs_nr = i + 2*DN_MAX_ID;
fs->sched_nr = i + DN_MAX_ID;
/* Move scheduler related parameter from fs to sch */
sch->buckets = fs->buckets; /*XXX*/
fs->buckets = 0;
if (fs->flags & DN_HAVE_MASK) {
sch->flags |= DN_HAVE_MASK;
fs->flags &= ~DN_HAVE_MASK;
sch->sched_mask = fs->flow_mask;
bzero(&fs->flow_mask, sizeof(struct ipfw_flow_id));
}
return 0;
}
static int
dn_compat_config_profile(struct dn_profile *pf, struct dn_link *p,
void *v)
{
struct dn_pipe8 *p8 = (struct dn_pipe8 *)v;
p8->samples = &(((struct dn_pipe_max8 *)p8)->samples[0]);
pf->link_nr = p->link_nr;
pf->loss_level = p8->loss_level;
// pf->bandwidth = p->bandwidth; //XXX bandwidth redundant?
pf->samples_no = p8->samples_no;
strncpy(pf->name, p8->name,sizeof(pf->name));
bcopy(p8->samples, pf->samples, sizeof(pf->samples));
return 0;
}
/*
* If p->pipe_nr != 0 the command is 'pipe x config', so need to create
* the three main struct, else only a flowset is created
*/
static int
dn_compat_configure(void *v)
{
struct dn_id *buf = NULL, *base;
struct dn_sch *sch = NULL;
struct dn_link *p = NULL;
struct dn_fs *fs = NULL;
struct dn_profile *pf = NULL;
int lmax;
int error;
struct dn_pipe7 *p7 = (struct dn_pipe7 *)v;
struct dn_pipe8 *p8 = (struct dn_pipe8 *)v;
int i; /* number of object to configure */
lmax = sizeof(struct dn_id); /* command header */
lmax += sizeof(struct dn_sch) + sizeof(struct dn_link) +
sizeof(struct dn_fs) + sizeof(struct dn_profile);
base = buf = malloc(lmax, M_DUMMYNET, M_WAIT|M_ZERO);
o_next(&buf, sizeof(struct dn_id), DN_CMD_CONFIG);
base->id = DN_API_VERSION;
/* pipe_nr is the same in p7 and p8 */
i = p7->pipe_nr;
if (i != 0) { /* pipe config */
sch = o_next(&buf, sizeof(*sch), DN_SCH);
p = o_next(&buf, sizeof(*p), DN_LINK);
fs = o_next(&buf, sizeof(*fs), DN_FS);
error = dn_compat_config_pipe(sch, p, fs, v);
if (error) {
free(buf, M_DUMMYNET);
return error;
}
if (!is7 && p8->samples_no > 0) {
/* Add profiles*/
pf = o_next(&buf, sizeof(*pf), DN_PROFILE);
error = dn_compat_config_profile(pf, p, v);
if (error) {
free(buf, M_DUMMYNET);
return error;
}
}
} else { /* queue config */
fs = o_next(&buf, sizeof(*fs), DN_FS);
error = dn_compat_config_queue(fs, v);
if (error) {
free(buf, M_DUMMYNET);
return error;
}
}
error = do_config(base, (char *)buf - (char *)base);
if (buf)
free(buf, M_DUMMYNET);
return error;
}
int
dn_compat_calc_size(struct dn_parms dn_cfg)
{
int need = 0;
/* XXX use FreeBSD 8 struct size */
/* NOTE:
* - half scheduler: schk_count/2
* - all flowset: fsk_count
* - all flowset queues: queue_count
* - all pipe queue: si_count
*/
need += dn_cfg.schk_count * sizeof(struct dn_pipe8) / 2;
need += dn_cfg.fsk_count * sizeof(struct dn_flow_set);
need += dn_cfg.si_count * sizeof(struct dn_flow_queue8);
need += dn_cfg.queue_count * sizeof(struct dn_flow_queue8);
return need;
}
int
dn_c_copy_q (void *_ni, void *arg)
{
struct copy_args *a = arg;
struct dn_flow_queue7 *fq7 = (struct dn_flow_queue7 *)*a->start;
struct dn_flow_queue8 *fq8 = (struct dn_flow_queue8 *)*a->start;
struct dn_flow *ni = (struct dn_flow *)_ni;
int size = 0;
/* XXX hash slot not set */
/* No difference between 7.2/8 */
fq7->len = ni->length;
fq7->len_bytes = ni->len_bytes;
fq7->id = ni->fid;
if (is7) {
size = sizeof(struct dn_flow_queue7);
fq7->tot_pkts = ni->tot_pkts;
fq7->tot_bytes = ni->tot_bytes;
fq7->drops = ni->drops;
} else {
size = sizeof(struct dn_flow_queue8);
fq8->tot_pkts = ni->tot_pkts;
fq8->tot_bytes = ni->tot_bytes;
fq8->drops = ni->drops;
}
*a->start += size;
return 0;
}
int
dn_c_copy_pipe(struct dn_schk *s, struct copy_args *a, int nq)
{
struct dn_link *l = &s->link;
struct dn_fsk *f = s->fs;
struct dn_pipe7 *pipe7 = (struct dn_pipe7 *)*a->start;
struct dn_pipe8 *pipe8 = (struct dn_pipe8 *)*a->start;
struct dn_flow_set *fs;
int size = 0;
if (is7) {
fs = &pipe7->fs;
size = sizeof(struct dn_pipe7);
} else {
fs = &pipe8->fs;
size = sizeof(struct dn_pipe8);
}
/* These 4 field are the same in pipe7 and pipe8 */
pipe7->next.sle_next = (struct dn_pipe7 *)DN_IS_PIPE;
pipe7->bandwidth = l->bandwidth;
pipe7->delay = l->delay * 1000 / hz;
pipe7->pipe_nr = l->link_nr - DN_MAX_ID;
if (!is7) {
if (s->profile) {
struct dn_profile *pf = s->profile;
strncpy(pipe8->name, pf->name, sizeof(pf->name));
pipe8->loss_level = pf->loss_level;
pipe8->samples_no = pf->samples_no;
}
pipe8->burst = div64(l->burst , 8 * hz);
}
fs->flow_mask = s->sch.sched_mask;
fs->rq_size = s->sch.buckets ? s->sch.buckets : 1;
fs->parent_nr = l->link_nr - DN_MAX_ID;
fs->qsize = f->fs.qsize;
fs->plr = f->fs.plr;
fs->w_q = f->fs.w_q;
fs->max_th = f->max_th;
fs->min_th = f->min_th;
fs->max_p = f->fs.max_p;
fs->rq_elements = nq;
fs->flags_fs = convertflags2old(f->fs.flags);
*a->start += size;
return 0;
}
int
dn_compat_copy_pipe(struct copy_args *a, void *_o)
{
int have = a->end - *a->start;
int need = 0;
int pipe_size = sizeof(struct dn_pipe8);
int queue_size = sizeof(struct dn_flow_queue8);
int n_queue = 0; /* number of queues */
struct dn_schk *s = (struct dn_schk *)_o;
/* calculate needed space:
* - struct dn_pipe
* - if there are instances, dn_queue * n_instances
*/
n_queue = (s->sch.flags & DN_HAVE_MASK ? dn_ht_entries(s->siht) :
(s->siht ? 1 : 0));
need = pipe_size + queue_size * n_queue;
if (have < need) {
D("have %d < need %d", have, need);
return 1;
}
/* copy pipe */
dn_c_copy_pipe(s, a, n_queue);
/* copy queues */
if (s->sch.flags & DN_HAVE_MASK)
dn_ht_scan(s->siht, dn_c_copy_q, a);
else if (s->siht)
dn_c_copy_q(s->siht, a);
return 0;
}
int
dn_c_copy_fs(struct dn_fsk *f, struct copy_args *a, int nq)
{
struct dn_flow_set *fs = (struct dn_flow_set *)*a->start;
fs->next.sle_next = (struct dn_flow_set *)DN_IS_QUEUE;
fs->fs_nr = f->fs.fs_nr;
fs->qsize = f->fs.qsize;
fs->plr = f->fs.plr;
fs->w_q = f->fs.w_q;
fs->max_th = f->max_th;
fs->min_th = f->min_th;
fs->max_p = f->fs.max_p;
fs->flow_mask = f->fs.flow_mask;
fs->rq_elements = nq;
fs->rq_size = (f->fs.buckets ? f->fs.buckets : 1);
fs->parent_nr = f->fs.sched_nr;
fs->weight = f->fs.par[0];
fs->flags_fs = convertflags2old(f->fs.flags);
*a->start += sizeof(struct dn_flow_set);
return 0;
}
int
dn_compat_copy_queue(struct copy_args *a, void *_o)
{
int have = a->end - *a->start;
int need = 0;
int fs_size = sizeof(struct dn_flow_set);
int queue_size = sizeof(struct dn_flow_queue8);
struct dn_fsk *fs = (struct dn_fsk *)_o;
int n_queue = 0; /* number of queues */
n_queue = (fs->fs.flags & DN_HAVE_MASK ? dn_ht_entries(fs->qht) :
(fs->qht ? 1 : 0));
need = fs_size + queue_size * n_queue;
if (have < need) {
D("have < need");
return 1;
}
/* copy flowset */
dn_c_copy_fs(fs, a, n_queue);
/* copy queues */
if (fs->fs.flags & DN_HAVE_MASK)
dn_ht_scan(fs->qht, dn_c_copy_q, a);
else if (fs->qht)
dn_c_copy_q(fs->qht, a);
return 0;
}
int
copy_data_helper_compat(void *_o, void *_arg)
{
struct copy_args *a = _arg;
if (a->type == DN_COMPAT_PIPE) {
struct dn_schk *s = _o;
if (s->sch.oid.subtype != 1 || s->sch.sched_nr <= DN_MAX_ID) {
return 0; /* not old type */
}
/* copy pipe parameters, and if instance exists, copy
* other parameters and eventually queues.
*/
if(dn_compat_copy_pipe(a, _o))
return DNHT_SCAN_END;
} else if (a->type == DN_COMPAT_QUEUE) {
struct dn_fsk *fs = _o;
if (fs->fs.fs_nr >= DN_MAX_ID)
return 0;
if (dn_compat_copy_queue(a, _o))
return DNHT_SCAN_END;
}
return 0;
}
/* Main function to manage old requests */
int
ip_dummynet_compat(struct sockopt *sopt)
{
int error=0;
void *v = NULL;
struct dn_id oid;
/* Lenght of data, used to found ipfw version... */
int len = sopt->sopt_valsize;
/* len can be 0 if command was dummynet_flush */
if (len == pipesize7) {
D("setting compatibility with FreeBSD 7.2");
is7 = 1;
}
else if (len == pipesize8 || len == pipesizemax8) {
D("setting compatibility with FreeBSD 8");
is7 = 0;
}
switch (sopt->sopt_name) {
default:
printf("dummynet: -- unknown option %d", sopt->sopt_name);
error = EINVAL;
break;
case IP_DUMMYNET_FLUSH:
oid_fill(&oid, sizeof(oid), DN_CMD_FLUSH, DN_API_VERSION);
do_config(&oid, oid.len);
break;
case IP_DUMMYNET_DEL:
v = malloc(len, M_TEMP, M_WAITOK);
error = sooptcopyin(sopt, v, len, len);
if (error)
break;
error = dn_compat_del(v);
free(v, M_TEMP);
break;
case IP_DUMMYNET_CONFIGURE:
v = malloc(len, M_TEMP, M_WAITOK);
error = sooptcopyin(sopt, v, len, len);
if (error)
break;
error = dn_compat_configure(v);
free(v, M_TEMP);
break;
case IP_DUMMYNET_GET: {
void *buf;
int ret;
int original_size = sopt->sopt_valsize;
int size;
ret = dummynet_get(sopt, &buf);
if (ret)
return 0;//XXX ?
size = sopt->sopt_valsize;
sopt->sopt_valsize = original_size;
D("size=%d, buf=%p", size, buf);
ret = sooptcopyout(sopt, buf, size);
if (ret)
printf(" %s ERROR sooptcopyout\n", __FUNCTION__);
if (buf)
free(buf, M_DUMMYNET);
}
}
return error;
}

849
freebsd/sys/netinet/ipfw/ip_dn_io.c
View File

@ -1,849 +0,0 @@
#include <machine/rtems-bsd-kernel-space.h>
/*-
* Copyright (c) 2010 Luigi Rizzo, Riccardo Panicucci, Universita` di Pisa
* All rights reserved
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
/*
* Dummynet portions related to packet handling.
*/
#include <sys/cdefs.h>
__FBSDID("$FreeBSD$");
#include <rtems/bsd/local/opt_inet6.h>
#include <rtems/bsd/sys/param.h>
#include <sys/systm.h>
#include <sys/malloc.h>
#include <sys/mbuf.h>
#include <sys/kernel.h>
#include <rtems/bsd/sys/lock.h>
#include <sys/module.h>
#include <sys/priv.h>
#include <sys/proc.h>
#include <sys/rwlock.h>
#include <sys/socket.h>
#include <sys/time.h>
#include <sys/sysctl.h>
#include <net/if.h> /* IFNAMSIZ, struct ifaddr, ifq head, lock.h mutex.h */
#include <net/netisr.h>
#include <net/vnet.h>
#include <netinet/in.h>
#include <netinet/ip.h> /* ip_len, ip_off */
#include <netinet/ip_var.h> /* ip_output(), IP_FORWARDING */
#include <netinet/ip_fw.h>
#include <netinet/ipfw/ip_fw_private.h>
#include <netinet/ipfw/dn_heap.h>
#include <netinet/ip_dummynet.h>
#include <netinet/ipfw/ip_dn_private.h>
#include <netinet/ipfw/dn_sched.h>
#include <netinet/if_ether.h> /* various ether_* routines */
#include <netinet/ip6.h> /* for ip6_input, ip6_output prototypes */
#include <netinet6/ip6_var.h>
/*
* We keep a private variable for the simulation time, but we could
* probably use an existing one ("softticks" in sys/kern/kern_timeout.c)
* instead of dn_cfg.curr_time
*/
struct dn_parms dn_cfg;
//VNET_DEFINE(struct dn_parms, _base_dn_cfg);
static long tick_last; /* Last tick duration (usec). */
static long tick_delta; /* Last vs standard tick diff (usec). */
static long tick_delta_sum; /* Accumulated tick difference (usec).*/
static long tick_adjustment; /* Tick adjustments done. */
static long tick_lost; /* Lost(coalesced) ticks number. */
/* Adjusted vs non-adjusted curr_time difference (ticks). */
static long tick_diff;
static unsigned long io_pkt;
static unsigned long io_pkt_fast;
static unsigned long io_pkt_drop;
/*
* We use a heap to store entities for which we have pending timer events.
* The heap is checked at every tick and all entities with expired events
* are extracted.
*/
MALLOC_DEFINE(M_DUMMYNET, "dummynet", "dummynet heap");
extern void (*bridge_dn_p)(struct mbuf *, struct ifnet *);
#ifdef SYSCTL_NODE
SYSBEGIN(f4)
SYSCTL_DECL(_net_inet);
SYSCTL_DECL(_net_inet_ip);
SYSCTL_NODE(_net_inet_ip, OID_AUTO, dummynet, CTLFLAG_RW, 0, "Dummynet");
/* wrapper to pass dn_cfg fields to SYSCTL_* */
//#define DC(x) (&(VNET_NAME(_base_dn_cfg).x))
#define DC(x) (&(dn_cfg.x))
/* parameters */
static int
sysctl_hash_size(SYSCTL_HANDLER_ARGS)
{
int error, value;
value = dn_cfg.hash_size;
error = sysctl_handle_int(oidp, &value, 0, req);
if (error != 0 || req->newptr == NULL)
return (error);
if (value < 16 || value > 65536)
return (EINVAL);
dn_cfg.hash_size = value;
return (0);
}
SYSCTL_PROC(_net_inet_ip_dummynet, OID_AUTO, hash_size,
CTLTYPE_INT | CTLFLAG_RW, 0, 0, sysctl_hash_size,
"I", "Default hash table size");
static int
sysctl_limits(SYSCTL_HANDLER_ARGS)
{
int error;
long value;
if (arg2 != 0)
value = dn_cfg.slot_limit;
else
value = dn_cfg.byte_limit;
error = sysctl_handle_long(oidp, &value, 0, req);
if (error != 0 || req->newptr == NULL)
return (error);
if (arg2 != 0) {
if (value < 1)
return (EINVAL);
dn_cfg.slot_limit = value;
} else {
if (value < 1500)
return (EINVAL);
dn_cfg.byte_limit = value;
}
return (0);
}
SYSCTL_PROC(_net_inet_ip_dummynet, OID_AUTO, pipe_slot_limit,
CTLTYPE_LONG | CTLFLAG_RW, 0, 1, sysctl_limits,
"L", "Upper limit in slots for pipe queue.");
SYSCTL_PROC(_net_inet_ip_dummynet, OID_AUTO, pipe_byte_limit,
CTLTYPE_LONG | CTLFLAG_RW, 0, 0, sysctl_limits,
"L", "Upper limit in bytes for pipe queue.");
SYSCTL_INT(_net_inet_ip_dummynet, OID_AUTO, io_fast,
CTLFLAG_RW, DC(io_fast), 0, "Enable fast dummynet io.");
SYSCTL_INT(_net_inet_ip_dummynet, OID_AUTO, debug,
CTLFLAG_RW, DC(debug), 0, "Dummynet debug level");
SYSCTL_UINT(_net_inet_ip_dummynet, OID_AUTO, expire,
CTLFLAG_RW, DC(expire), 0, "Expire empty queues/pipes");
SYSCTL_UINT(_net_inet_ip_dummynet, OID_AUTO, expire_cycle,
CTLFLAG_RD, DC(expire_cycle), 0, "Expire cycle for queues/pipes");
/* RED parameters */
SYSCTL_INT(_net_inet_ip_dummynet, OID_AUTO, red_lookup_depth,
CTLFLAG_RD, DC(red_lookup_depth), 0, "Depth of RED lookup table");
SYSCTL_INT(_net_inet_ip_dummynet, OID_AUTO, red_avg_pkt_size,
CTLFLAG_RD, DC(red_avg_pkt_size), 0, "RED Medium packet size");
SYSCTL_INT(_net_inet_ip_dummynet, OID_AUTO, red_max_pkt_size,
CTLFLAG_RD, DC(red_max_pkt_size), 0, "RED Max packet size");
/* time adjustment */
SYSCTL_LONG(_net_inet_ip_dummynet, OID_AUTO, tick_delta,
CTLFLAG_RD, &tick_delta, 0, "Last vs standard tick difference (usec).");
SYSCTL_LONG(_net_inet_ip_dummynet, OID_AUTO, tick_delta_sum,
CTLFLAG_RD, &tick_delta_sum, 0, "Accumulated tick difference (usec).");
SYSCTL_LONG(_net_inet_ip_dummynet, OID_AUTO, tick_adjustment,
CTLFLAG_RD, &tick_adjustment, 0, "Tick adjustments done.");
SYSCTL_LONG(_net_inet_ip_dummynet, OID_AUTO, tick_diff,
CTLFLAG_RD, &tick_diff, 0,
"Adjusted vs non-adjusted curr_time difference (ticks).");
SYSCTL_LONG(_net_inet_ip_dummynet, OID_AUTO, tick_lost,
CTLFLAG_RD, &tick_lost, 0,
"Number of ticks coalesced by dummynet taskqueue.");
/* statistics */
SYSCTL_INT(_net_inet_ip_dummynet, OID_AUTO, schk_count,
CTLFLAG_RD, DC(schk_count), 0, "Number of schedulers");
SYSCTL_INT(_net_inet_ip_dummynet, OID_AUTO, si_count,
CTLFLAG_RD, DC(si_count), 0, "Number of scheduler instances");
SYSCTL_INT(_net_inet_ip_dummynet, OID_AUTO, fsk_count,
CTLFLAG_RD, DC(fsk_count), 0, "Number of flowsets");
SYSCTL_INT(_net_inet_ip_dummynet, OID_AUTO, queue_count,
CTLFLAG_RD, DC(queue_count), 0, "Number of queues");
SYSCTL_ULONG(_net_inet_ip_dummynet, OID_AUTO, io_pkt,
CTLFLAG_RD, &io_pkt, 0,
"Number of packets passed to dummynet.");
SYSCTL_ULONG(_net_inet_ip_dummynet, OID_AUTO, io_pkt_fast,
CTLFLAG_RD, &io_pkt_fast, 0,
"Number of packets bypassed dummynet scheduler.");
SYSCTL_ULONG(_net_inet_ip_dummynet, OID_AUTO, io_pkt_drop,
CTLFLAG_RD, &io_pkt_drop, 0,
"Number of packets dropped by dummynet.");
#undef DC
SYSEND
#endif
static void dummynet_send(struct mbuf *);
/*
* Packets processed by dummynet have an mbuf tag associated with
* them that carries their dummynet state.
* Outside dummynet, only the 'rule' field is relevant, and it must
* be at the beginning of the structure.
*/
struct dn_pkt_tag {
struct ipfw_rule_ref rule; /* matching rule */
/* second part, dummynet specific */
int dn_dir; /* action when packet comes out.*/
/* see ip_fw_private.h */
uint64_t output_time; /* when the pkt is due for delivery*/
struct ifnet *ifp; /* interface, for ip_output */
struct _ip6dn_args ip6opt; /* XXX ipv6 options */
};
/*
* Return the mbuf tag holding the dummynet state (it should
* be the first one on the list).
*/
static struct dn_pkt_tag *
dn_tag_get(struct mbuf *m)
{
struct m_tag *mtag = m_tag_first(m);
KASSERT(mtag != NULL &&
mtag->m_tag_cookie == MTAG_ABI_COMPAT &&
mtag->m_tag_id == PACKET_TAG_DUMMYNET,
("packet on dummynet queue w/o dummynet tag!"));
return (struct dn_pkt_tag *)(mtag+1);
}
static inline void
mq_append(struct mq *q, struct mbuf *m)
{
if (q->head == NULL)
q->head = m;
else
q->tail->m_nextpkt = m;
q->tail = m;
m->m_nextpkt = NULL;
}
/*
* Dispose a list of packet. Use a functions so if we need to do
* more work, this is a central point to do it.
*/
void dn_free_pkts(struct mbuf *mnext)
{
struct mbuf *m;
while ((m = mnext) != NULL) {
mnext = m->m_nextpkt;
FREE_PKT(m);
}
}
static int
red_drops (struct dn_queue *q, int len)
{
/*
* RED algorithm
*
* RED calculates the average queue size (avg) using a low-pass filter
* with an exponential weighted (w_q) moving average:
* avg <- (1-w_q) * avg + w_q * q_size
* where q_size is the queue length (measured in bytes or * packets).
*
* If q_size == 0, we compute the idle time for the link, and set
* avg = (1 - w_q)^(idle/s)
* where s is the time needed for transmitting a medium-sized packet.
*
* Now, if avg < min_th the packet is enqueued.
* If avg > max_th the packet is dropped. Otherwise, the packet is
* dropped with probability P function of avg.
*/
struct dn_fsk *fs = q->fs;
int64_t p_b = 0;
/* Queue in bytes or packets? */
uint32_t q_size = (fs->fs.flags & DN_QSIZE_BYTES) ?
q->ni.len_bytes : q->ni.length;
/* Average queue size estimation. */
if (q_size != 0) {
/* Queue is not empty, avg <- avg + (q_size - avg) * w_q */
int diff = SCALE(q_size) - q->avg;
int64_t v = SCALE_MUL((int64_t)diff, (int64_t)fs->w_q);
q->avg += (int)v;
} else {
/*
* Queue is empty, find for how long the queue has been
* empty and use a lookup table for computing
* (1 - * w_q)^(idle_time/s) where s is the time to send a
* (small) packet.
* XXX check wraps...
*/
if (q->avg) {
u_int t = div64((dn_cfg.curr_time - q->q_time), fs->lookup_step);
q->avg = (t < fs->lookup_depth) ?
SCALE_MUL(q->avg, fs->w_q_lookup[t]) : 0;
}
}
/* Should i drop? */
if (q->avg < fs->min_th) {
q->count = -1;
return (0); /* accept packet */
}
if (q->avg >= fs->max_th) { /* average queue >= max threshold */
if (fs->fs.flags & DN_IS_GENTLE_RED) {
/*
* According to Gentle-RED, if avg is greater than
* max_th the packet is dropped with a probability
* p_b = c_3 * avg - c_4
* where c_3 = (1 - max_p) / max_th
* c_4 = 1 - 2 * max_p
*/
p_b = SCALE_MUL((int64_t)fs->c_3, (int64_t)q->avg) -
fs->c_4;
} else {
q->count = -1;
return (1);
}
} else if (q->avg > fs->min_th) {
/*
* We compute p_b using the linear dropping function
* p_b = c_1 * avg - c_2
* where c_1 = max_p / (max_th - min_th)
* c_2 = max_p * min_th / (max_th - min_th)
*/
p_b = SCALE_MUL((int64_t)fs->c_1, (int64_t)q->avg) - fs->c_2;
}
if (fs->fs.flags & DN_QSIZE_BYTES)
p_b = div64((p_b * len) , fs->max_pkt_size);
if (++q->count == 0)
q->random = random() & 0xffff;
else {
/*
* q->count counts packets arrived since last drop, so a greater
* value of q->count means a greater packet drop probability.
*/
if (SCALE_MUL(p_b, SCALE((int64_t)q->count)) > q->random) {
q->count = 0;
/* After a drop we calculate a new random value. */
q->random = random() & 0xffff;
return (1); /* drop */
}
}
/* End of RED algorithm. */
return (0); /* accept */
}
/*
* Enqueue a packet in q, subject to space and queue management policy
* (whose parameters are in q->fs).
* Update stats for the queue and the scheduler.
* Return 0 on success, 1 on drop. The packet is consumed anyways.
*/
int
dn_enqueue(struct dn_queue *q, struct mbuf* m, int drop)
{
struct dn_fs *f;
struct dn_flow *ni; /* stats for scheduler instance */
uint64_t len;
if (q->fs == NULL || q->_si == NULL) {
printf("%s fs %p si %p, dropping\n",
__FUNCTION__, q->fs, q->_si);
FREE_PKT(m);
return 1;
}
f = &(q->fs->fs);
ni = &q->_si->ni;
len = m->m_pkthdr.len;
/* Update statistics, then check reasons to drop pkt. */
q->ni.tot_bytes += len;
q->ni.tot_pkts++;
ni->tot_bytes += len;
ni->tot_pkts++;
if (drop)
goto drop;
if (f->plr && random() < f->plr)
goto drop;
if (f->flags & DN_IS_RED && red_drops(q, m->m_pkthdr.len))
goto drop;
if (f->flags & DN_QSIZE_BYTES) {
if (q->ni.len_bytes > f->qsize)
goto drop;
} else if (q->ni.length >= f->qsize) {
goto drop;
}
mq_append(&q->mq, m);
q->ni.length++;
q->ni.len_bytes += len;
ni->length++;
ni->len_bytes += len;
return 0;
drop:
io_pkt_drop++;
q->ni.drops++;
ni->drops++;
FREE_PKT(m);
return 1;
}
/*
* Fetch packets from the delay line which are due now. If there are
* leftover packets, reinsert the delay line in the heap.
* Runs under scheduler lock.
*/
static void
transmit_event(struct mq *q, struct delay_line *dline, uint64_t now)
{
struct mbuf *m;
struct dn_pkt_tag *pkt = NULL;
dline->oid.subtype = 0; /* not in heap */
while ((m = dline->mq.head) != NULL) {
pkt = dn_tag_get(m);
if (!DN_KEY_LEQ(pkt->output_time, now))
break;
dline->mq.head = m->m_nextpkt;
mq_append(q, m);
}
if (m != NULL) {
dline->oid.subtype = 1; /* in heap */
heap_insert(&dn_cfg.evheap, pkt->output_time, dline);
}
}
/*
* Convert the additional MAC overheads/delays into an equivalent
* number of bits for the given data rate. The samples are
* in milliseconds so we need to divide by 1000.
*/
static uint64_t
extra_bits(struct mbuf *m, struct dn_schk *s)
{
int index;
uint64_t bits;
struct dn_profile *pf = s->profile;
if (!pf || pf->samples_no == 0)
return 0;
index = random() % pf->samples_no;
bits = div64((uint64_t)pf->samples[index] * s->link.bandwidth, 1000);
if (index >= pf->loss_level) {
struct dn_pkt_tag *dt = dn_tag_get(m);
if (dt)
dt->dn_dir = DIR_DROP;
}
return bits;
}
/*
* Send traffic from a scheduler instance due by 'now'.
* Return a pointer to the head of the queue.
*/
static struct mbuf *
serve_sched(struct mq *q, struct dn_sch_inst *si, uint64_t now)
{
struct mq def_q;
struct dn_schk *s = si->sched;
struct mbuf *m = NULL;
int delay_line_idle = (si->dline.mq.head == NULL);
int done, bw;
if (q == NULL) {
q = &def_q;
q->head = NULL;
}
bw = s->link.bandwidth;
si->kflags &= ~DN_ACTIVE;
if (bw > 0)
si->credit += (now - si->sched_time) * bw;
else
si->credit = 0;
si->sched_time = now;
done = 0;
while (si->credit >= 0 && (m = s->fp->dequeue(si)) != NULL) {
uint64_t len_scaled;
done++;
len_scaled = (bw == 0) ? 0 : hz *
(m->m_pkthdr.len * 8 + extra_bits(m, s));
si->credit -= len_scaled;
/* Move packet in the delay line */
dn_tag_get(m)->output_time = dn_cfg.curr_time + s->link.delay ;
mq_append(&si->dline.mq, m);
}
/*
* If credit >= 0 the instance is idle, mark time.
* Otherwise put back in the heap, and adjust the output
* time of the last inserted packet, m, which was too early.
*/
if (si->credit >= 0) {
si->idle_time = now;
} else {
uint64_t t;
KASSERT (bw > 0, ("bw=0 and credit<0 ?"));
t = div64(bw - 1 - si->credit, bw);
if (m)
dn_tag_get(m)->output_time += t;
si->kflags |= DN_ACTIVE;
heap_insert(&dn_cfg.evheap, now + t, si);
}
if (delay_line_idle && done)
transmit_event(q, &si->dline, now);
return q->head;
}
/*
* The timer handler for dummynet. Time is computed in ticks, but
* but the code is tolerant to the actual rate at which this is called.
* Once complete, the function reschedules itself for the next tick.
*/
void
dummynet_task(void *context, int pending)
{
struct timeval t;
struct mq q = { NULL, NULL }; /* queue to accumulate results */
CURVNET_SET((struct vnet *)context);
DN_BH_WLOCK();
/* Update number of lost(coalesced) ticks. */
tick_lost += pending - 1;
getmicrouptime(&t);
/* Last tick duration (usec). */
tick_last = (t.tv_sec - dn_cfg.prev_t.tv_sec) * 1000000 +
(t.tv_usec - dn_cfg.prev_t.tv_usec);
/* Last tick vs standard tick difference (usec). */
tick_delta = (tick_last * hz - 1000000) / hz;
/* Accumulated tick difference (usec). */
tick_delta_sum += tick_delta;
dn_cfg.prev_t = t;
/*
* Adjust curr_time if the accumulated tick difference is
* greater than the 'standard' tick. Since curr_time should
* be monotonically increasing, we do positive adjustments
* as required, and throttle curr_time in case of negative
* adjustment.
*/
dn_cfg.curr_time++;
if (tick_delta_sum - tick >= 0) {
int diff = tick_delta_sum / tick;
dn_cfg.curr_time += diff;
tick_diff += diff;
tick_delta_sum %= tick;
tick_adjustment++;
} else if (tick_delta_sum + tick <= 0) {
dn_cfg.curr_time--;
tick_diff--;
tick_delta_sum += tick;
tick_adjustment++;
}
/* serve pending events, accumulate in q */
for (;;) {
struct dn_id *p; /* generic parameter to handler */
if (dn_cfg.evheap.elements == 0 ||
DN_KEY_LT(dn_cfg.curr_time, HEAP_TOP(&dn_cfg.evheap)->key))
break;
p = HEAP_TOP(&dn_cfg.evheap)->object;
heap_extract(&dn_cfg.evheap, NULL);
if (p->type == DN_SCH_I) {
serve_sched(&q, (struct dn_sch_inst *)p, dn_cfg.curr_time);
} else { /* extracted a delay line */
transmit_event(&q, (struct delay_line *)p, dn_cfg.curr_time);
}
}
if (dn_cfg.expire && ++dn_cfg.expire_cycle >= dn_cfg.expire) {
dn_cfg.expire_cycle = 0;
dn_drain_scheduler();
dn_drain_queue();
}
DN_BH_WUNLOCK();
dn_reschedule();
if (q.head != NULL)
dummynet_send(q.head);
CURVNET_RESTORE();
}
/*
* forward a chain of packets to the proper destination.
* This runs outside the dummynet lock.
*/
static void
dummynet_send(struct mbuf *m)
{
struct mbuf *n;
for (; m != NULL; m = n) {
struct ifnet *ifp = NULL; /* gcc 3.4.6 complains */
struct m_tag *tag;
int dst;
n = m->m_nextpkt;
m->m_nextpkt = NULL;
tag = m_tag_first(m);
if (tag == NULL) { /* should not happen */
dst = DIR_DROP;
} else {
struct dn_pkt_tag *pkt = dn_tag_get(m);
/* extract the dummynet info, rename the tag
* to carry reinject info.
*/
dst = pkt->dn_dir;
ifp = pkt->ifp;
tag->m_tag_cookie = MTAG_IPFW_RULE;
tag->m_tag_id = 0;
}
switch (dst) {
case DIR_OUT:
SET_HOST_IPLEN(mtod(m, struct ip *));
ip_output(m, NULL, NULL, IP_FORWARDING, NULL, NULL);
break ;
case DIR_IN :
/* put header in network format for ip_input() */
//SET_NET_IPLEN(mtod(m, struct ip *));
netisr_dispatch(NETISR_IP, m);
break;
#ifdef INET6
case DIR_IN | PROTO_IPV6:
netisr_dispatch(NETISR_IPV6, m);
break;
case DIR_OUT | PROTO_IPV6:
ip6_output(m, NULL, NULL, IPV6_FORWARDING, NULL, NULL, NULL);
break;
#endif
case DIR_FWD | PROTO_IFB: /* DN_TO_IFB_FWD: */
if (bridge_dn_p != NULL)
((*bridge_dn_p)(m, ifp));
else
printf("dummynet: if_bridge not loaded\n");
break;
case DIR_IN | PROTO_LAYER2: /* DN_TO_ETH_DEMUX: */
/*
* The Ethernet code assumes the Ethernet header is
* contiguous in the first mbuf header.
* Insure this is true.
*/
if (m->m_len < ETHER_HDR_LEN &&
(m = m_pullup(m, ETHER_HDR_LEN)) == NULL) {
printf("dummynet/ether: pullup failed, "
"dropping packet\n");
break;
}
ether_demux(m->m_pkthdr.rcvif, m);
break;
case DIR_OUT | PROTO_LAYER2: /* N_TO_ETH_OUT: */
ether_output_frame(ifp, m);
break;
case DIR_DROP:
/* drop the packet after some time */
FREE_PKT(m);
break;
default:
printf("dummynet: bad switch %d!\n", dst);
FREE_PKT(m);
break;
}
}
}
static inline int
tag_mbuf(struct mbuf *m, int dir, struct ip_fw_args *fwa)
{
struct dn_pkt_tag *dt;
struct m_tag *mtag;
mtag = m_tag_get(PACKET_TAG_DUMMYNET,
sizeof(*dt), M_NOWAIT | M_ZERO);
if (mtag == NULL)
return 1; /* Cannot allocate packet header. */
m_tag_prepend(m, mtag); /* Attach to mbuf chain. */
dt = (struct dn_pkt_tag *)(mtag + 1);
dt->rule = fwa->rule;
dt->rule.info &= IPFW_ONEPASS; /* only keep this info */
dt->dn_dir = dir;
dt->ifp = fwa->oif;
/* dt->output tame is updated as we move through */
dt->output_time = dn_cfg.curr_time;
return 0;
}
/*
* dummynet hook for packets.
* We use the argument to locate the flowset fs and the sched_set sch
* associated to it. The we apply flow_mask and sched_mask to
* determine the queue and scheduler instances.
*
* dir where shall we send the packet after dummynet.
* *m0 the mbuf with the packet
* ifp the 'ifp' parameter from the caller.
* NULL in ip_input, destination interface in ip_output,
*/
int
dummynet_io(struct mbuf **m0, int dir, struct ip_fw_args *fwa)
{
struct mbuf *m = *m0;
struct dn_fsk *fs = NULL;
struct dn_sch_inst *si;
struct dn_queue *q = NULL; /* default */
int fs_id = (fwa->rule.info & IPFW_INFO_MASK) +
((fwa->rule.info & IPFW_IS_PIPE) ? 2*DN_MAX_ID : 0);
DN_BH_WLOCK();
io_pkt++;
/* we could actually tag outside the lock, but who cares... */
if (tag_mbuf(m, dir, fwa))
goto dropit;
if (dn_cfg.busy) {
/* if the upper half is busy doing something expensive,
* lets queue the packet and move forward
*/
mq_append(&dn_cfg.pending, m);
m = *m0 = NULL; /* consumed */
goto done; /* already active, nothing to do */
}
/* XXX locate_flowset could be optimised with a direct ref. */
fs = dn_ht_find(dn_cfg.fshash, fs_id, 0, NULL);
if (fs == NULL)
goto dropit; /* This queue/pipe does not exist! */
if (fs->sched == NULL) /* should not happen */
goto dropit;
/* find scheduler instance, possibly applying sched_mask */
si = ipdn_si_find(fs->sched, &(fwa->f_id));
if (si == NULL)
goto dropit;
/*
* If the scheduler supports multiple queues, find the right one
* (otherwise it will be ignored by enqueue).
*/
if (fs->sched->fp->flags & DN_MULTIQUEUE) {
q = ipdn_q_find(fs, si, &(fwa->f_id));
if (q == NULL)
goto dropit;
}
if (fs->sched->fp->enqueue(si, q, m)) {
/* packet was dropped by enqueue() */
m = *m0 = NULL;
goto dropit;
}
if (si->kflags & DN_ACTIVE) {
m = *m0 = NULL; /* consumed */
goto done; /* already active, nothing to do */
}
/* compute the initial allowance */
if (si->idle_time < dn_cfg.curr_time) {
/* Do this only on the first packet on an idle pipe */
struct dn_link *p = &fs->sched->link;
si->sched_time = dn_cfg.curr_time;
si->credit = dn_cfg.io_fast ? p->bandwidth : 0;
if (p->burst) {
uint64_t burst = (dn_cfg.curr_time - si->idle_time) * p->bandwidth;
if (burst > p->burst)
burst = p->burst;
si->credit += burst;
}
}
/* pass through scheduler and delay line */
m = serve_sched(NULL, si, dn_cfg.curr_time);
/* optimization -- pass it back to ipfw for immediate send */
/* XXX Don't call dummynet_send() if scheduler return the packet
* just enqueued. This avoid a lock order reversal.
*
*/
if (/*dn_cfg.io_fast &&*/ m == *m0 && (dir & PROTO_LAYER2) == 0 ) {
/* fast io, rename the tag * to carry reinject info. */
struct m_tag *tag = m_tag_first(m);
tag->m_tag_cookie = MTAG_IPFW_RULE;
tag->m_tag_id = 0;
io_pkt_fast++;
if (m->m_nextpkt != NULL) {
printf("dummynet: fast io: pkt chain detected!\n");
m->m_nextpkt = NULL;
}
m = NULL;
} else {
*m0 = NULL;
}
done:
DN_BH_WUNLOCK();
if (m)
dummynet_send(m);
return 0;
dropit:
io_pkt_drop++;
DN_BH_WUNLOCK();
if (m)
FREE_PKT(m);
*m0 = NULL;
return (fs && (fs->fs.flags & DN_NOERROR)) ? 0 : ENOBUFS;
}

406
freebsd/sys/netinet/ipfw/ip_dn_private.h
View File

@ -1,406 +0,0 @@
/*-
* Copyright (c) 2010 Luigi Rizzo, Riccardo Panicucci, Universita` di Pisa
* All rights reserved
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
/*
* internal dummynet APIs.
*
* $FreeBSD$
*/
#ifndef _IP_DN_PRIVATE_H
#define _IP_DN_PRIVATE_H
/* debugging support
* use ND() to remove debugging, D() to print a line,
* DX(level, ...) to print above a certain level
* If you redefine D() you are expected to redefine all.
*/
#ifndef D
#define ND(fmt, ...) do {} while (0)
#define D1(fmt, ...) do {} while (0)
#define D(fmt, ...) printf("%-10s " fmt "\n", \
__FUNCTION__, ## __VA_ARGS__)
#define DX(lev, fmt, ...) do { \
if (dn_cfg.debug > lev) D(fmt, ## __VA_ARGS__); } while (0)
#endif
MALLOC_DECLARE(M_DUMMYNET);
#ifndef FREE_PKT
#define FREE_PKT(m) m_freem(m)
#endif
#ifndef __linux__
#define div64(a, b) ((int64_t)(a) / (int64_t)(b))
#endif
#define DN_LOCK_INIT() do { \
mtx_init(&dn_cfg.uh_mtx, "dn_uh", NULL, MTX_DEF); \
mtx_init(&dn_cfg.bh_mtx, "dn_bh", NULL, MTX_DEF); \
} while (0)
#define DN_LOCK_DESTROY() do { \
mtx_destroy(&dn_cfg.uh_mtx); \
mtx_destroy(&dn_cfg.bh_mtx); \
} while (0)
#if 0 /* not used yet */
#define DN_UH_RLOCK() mtx_lock(&dn_cfg.uh_mtx)
#define DN_UH_RUNLOCK() mtx_unlock(&dn_cfg.uh_mtx)
#define DN_UH_WLOCK() mtx_lock(&dn_cfg.uh_mtx)
#define DN_UH_WUNLOCK() mtx_unlock(&dn_cfg.uh_mtx)
#define DN_UH_LOCK_ASSERT() mtx_assert(&dn_cfg.uh_mtx, MA_OWNED)
#endif
#define DN_BH_RLOCK() mtx_lock(&dn_cfg.uh_mtx)
#define DN_BH_RUNLOCK() mtx_unlock(&dn_cfg.uh_mtx)
#define DN_BH_WLOCK() mtx_lock(&dn_cfg.uh_mtx)
#define DN_BH_WUNLOCK() mtx_unlock(&dn_cfg.uh_mtx)
#define DN_BH_LOCK_ASSERT() mtx_assert(&dn_cfg.uh_mtx, MA_OWNED)
SLIST_HEAD(dn_schk_head, dn_schk);
SLIST_HEAD(dn_sch_inst_head, dn_sch_inst);
SLIST_HEAD(dn_fsk_head, dn_fsk);
SLIST_HEAD(dn_queue_head, dn_queue);
SLIST_HEAD(dn_alg_head, dn_alg);
struct mq { /* a basic queue of packets*/
struct mbuf *head, *tail;
};
static inline void
set_oid(struct dn_id *o, int type, int len)
{
o->type = type;
o->len = len;
o->subtype = 0;
};
/*
* configuration and global data for a dummynet instance
*
* When a configuration is modified from userland, 'id' is incremented
* so we can use the value to check for stale pointers.
*/
struct dn_parms {
uint32_t id; /* configuration version */
/* defaults (sysctl-accessible) */
int red_lookup_depth;
int red_avg_pkt_size;
int red_max_pkt_size;
int hash_size;
int max_hash_size;
long byte_limit; /* max queue sizes */
long slot_limit;
int io_fast;
int debug;
/* timekeeping */
struct timeval prev_t; /* last time dummynet_tick ran */
struct dn_heap evheap; /* scheduled events */
/* counters of objects -- used for reporting space */
int schk_count;
int si_count;
int fsk_count;
int queue_count;
/* ticks and other stuff */
uint64_t curr_time;
/* flowsets and schedulers are in hash tables, with 'hash_size'
* buckets. fshash is looked up at every packet arrival
* so better be generous if we expect many entries.
*/
struct dn_ht *fshash;
struct dn_ht *schedhash;
/* list of flowsets without a scheduler -- use sch_chain */
struct dn_fsk_head fsu; /* list of unlinked flowsets */
struct dn_alg_head schedlist; /* list of algorithms */
/* Store the fs/sch to scan when draining. The value is the
* bucket number of the hash table. Expire can be disabled
* with net.inet.ip.dummynet.expire=0, or it happens every
* expire ticks.
**/
int drain_fs;
int drain_sch;
uint32_t expire;
uint32_t expire_cycle; /* tick count */
int init_done;
/* if the upper half is busy doing something long,
* can set the busy flag and we will enqueue packets in
* a queue for later processing.
*/
int busy;
struct mq pending;
#ifdef _KERNEL
/*
* This file is normally used in the kernel, unless we do
* some userland tests, in which case we do not need a mtx.
* uh_mtx arbitrates between system calls and also
* protects fshash, schedhash and fsunlinked.
* These structures are readonly for the lower half.
* bh_mtx protects all other structures which may be
* modified upon packet arrivals
*/
#if defined( __linux__ ) || defined( _WIN32 )
spinlock_t uh_mtx;
spinlock_t bh_mtx;
#else
struct mtx uh_mtx;
struct mtx bh_mtx;
#endif
#endif /* _KERNEL */
};
/*
* Delay line, contains all packets on output from a link.
* Every scheduler instance has one.
*/
struct delay_line {
struct dn_id oid;
struct dn_sch_inst *si;
struct mq mq;
};
/*
* The kernel side of a flowset. It is linked in a hash table
* of flowsets, and in a list of children of their parent scheduler.
* qht is either the queue or (if HAVE_MASK) a hash table queues.
* Note that the mask to use is the (flow_mask|sched_mask), which
* changes as we attach/detach schedulers. So we store it here.
*
* XXX If we want to add scheduler-specific parameters, we need to
* put them in external storage because the scheduler may not be
* available when the fsk is created.
*/
struct dn_fsk { /* kernel side of a flowset */
struct dn_fs fs;
SLIST_ENTRY(dn_fsk) fsk_next; /* hash chain for fshash */
struct ipfw_flow_id fsk_mask;
/* qht is a hash table of queues, or just a single queue
* a bit in fs.flags tells us which one
*/
struct dn_ht *qht;
struct dn_schk *sched; /* Sched we are linked to */
SLIST_ENTRY(dn_fsk) sch_chain; /* list of fsk attached to sched */
/* bucket index used by drain routine to drain queues for this
* flowset
*/
int drain_bucket;
/* Parameter realted to RED / GRED */
/* original values are in dn_fs*/
int w_q ; /* queue weight (scaled) */
int max_th ; /* maximum threshold for queue (scaled) */
int min_th ; /* minimum threshold for queue (scaled) */
int max_p ; /* maximum value for p_b (scaled) */
u_int c_1 ; /* max_p/(max_th-min_th) (scaled) */
u_int c_2 ; /* max_p*min_th/(max_th-min_th) (scaled) */
u_int c_3 ; /* for GRED, (1-max_p)/max_th (scaled) */
u_int c_4 ; /* for GRED, 1 - 2*max_p (scaled) */
u_int * w_q_lookup ; /* lookup table for computing (1-w_q)^t */
u_int lookup_depth ; /* depth of lookup table */
int lookup_step ; /* granularity inside the lookup table */
int lookup_weight ; /* equal to (1-w_q)^t / (1-w_q)^(t+1) */
int avg_pkt_size ; /* medium packet size */
int max_pkt_size ; /* max packet size */
};
/*
* A queue is created as a child of a flowset unless it belongs to
* a !MULTIQUEUE scheduler. It is normally in a hash table in the
* flowset. fs always points to the parent flowset.
* si normally points to the sch_inst, unless the flowset has been
* detached from the scheduler -- in this case si == NULL and we
* should not enqueue.
*/
struct dn_queue {
struct dn_flow ni; /* oid, flow_id, stats */
struct mq mq; /* packets queue */
struct dn_sch_inst *_si; /* owner scheduler instance */
SLIST_ENTRY(dn_queue) q_next; /* hash chain list for qht */
struct dn_fsk *fs; /* parent flowset. */
/* RED parameters */
int avg; /* average queue length est. (scaled) */
int count; /* arrivals since last RED drop */
int random; /* random value (scaled) */
uint64_t q_time; /* start of queue idle time */
};
/*
* The kernel side of a scheduler. Contains the userland config,
* a link, pointer to extra config arguments from command line,
* kernel flags, and a pointer to the scheduler methods.
* It is stored in a hash table, and holds a list of all
* flowsets and scheduler instances.
* XXX sch must be at the beginning, see schk_hash().
*/
struct dn_schk {
struct dn_sch sch;
struct dn_alg *fp; /* Pointer to scheduler functions */
struct dn_link link; /* The link, embedded */
struct dn_profile *profile; /* delay profile, if any */
struct dn_id *cfg; /* extra config arguments */
SLIST_ENTRY(dn_schk) schk_next; /* hash chain for schedhash */
struct dn_fsk_head fsk_list; /* all fsk linked to me */
struct dn_fsk *fs; /* Flowset for !MULTIQUEUE */
/* bucket index used by the drain routine to drain the scheduler
* instance for this flowset.
*/
int drain_bucket;
/* Hash table of all instances (through sch.sched_mask)
* or single instance if no mask. Always valid.
*/
struct dn_ht *siht;
};
/*
* Scheduler instance.
* Contains variables and all queues relative to a this instance.
* This struct is created a runtime.
*/
struct dn_sch_inst {
struct dn_flow ni; /* oid, flowid and stats */
SLIST_ENTRY(dn_sch_inst) si_next; /* hash chain for siht */
struct delay_line dline;
struct dn_schk *sched; /* the template */
int kflags; /* DN_ACTIVE */
int64_t credit; /* bits I can transmit (more or less). */
uint64_t sched_time; /* time link was scheduled in ready_heap */
uint64_t idle_time; /* start of scheduler instance idle time */
/* q_count is the number of queues that this instance is using.
* The counter is incremented or decremented when
* a reference from the queue is created or deleted.
* It is used to make sure that a scheduler instance can be safely
* deleted by the drain routine. See notes below.
*/
int q_count;
};
/*
* NOTE about object drain.
* The system will automatically (XXX check when) drain queues and
* scheduler instances when they are idle.
* A queue is idle when it has no packets; an instance is idle when
* it is not in the evheap heap, and the corresponding delay line is empty.
* A queue can be safely deleted when it is idle because of the scheduler
* function xxx_free_queue() will remove any references to it.
* An instance can be only deleted when no queues reference it. To be sure
* of that, a counter (q_count) stores the number of queues that are pointing
* to the instance.
*
* XXX
* Order of scan:
* - take all flowset in a bucket for the flowset hash table
* - take all queues in a bucket for the flowset
* - increment the queue bucket
* - scan next flowset bucket
* Nothing is done if a bucket contains no entries.
*
* The same schema is used for sceduler instances
*/
/* kernel-side flags. Linux has DN_DELETE in fcntl.h
*/
enum {
/* 1 and 2 are reserved for the SCAN flags */
DN_DESTROY = 0x0004, /* destroy */
DN_DELETE_FS = 0x0008, /* destroy flowset */
DN_DETACH = 0x0010,
DN_ACTIVE = 0x0020, /* object is in evheap */
DN_F_DLINE = 0x0040, /* object is a delay line */
DN_F_SCHI = 0x00C0, /* object is a sched.instance */
DN_QHT_IS_Q = 0x0100, /* in flowset, qht is a single queue */
};
extern struct dn_parms dn_cfg;
//VNET_DECLARE(struct dn_parms, _base_dn_cfg);
//#define dn_cfg VNET(_base_dn_cfg)
int dummynet_io(struct mbuf **, int , struct ip_fw_args *);
void dummynet_task(void *context, int pending);
void dn_reschedule(void);
struct dn_queue *ipdn_q_find(struct dn_fsk *, struct dn_sch_inst *,
struct ipfw_flow_id *);
struct dn_sch_inst *ipdn_si_find(struct dn_schk *, struct ipfw_flow_id *);
/*
* copy_range is a template for requests for ranges of pipes/queues/scheds.
* The number of ranges is variable and can be derived by o.len.
* As a default, we use a small number of entries so that the struct
* fits easily on the stack and is sufficient for most common requests.
*/
#define DEFAULT_RANGES 5
struct copy_range {
struct dn_id o;
uint32_t r[ 2 * DEFAULT_RANGES ];
};
struct copy_args {
char **start;
char *end;
int flags;
int type;
struct copy_range *extra; /* extra filtering */
};
struct sockopt;
int ip_dummynet_compat(struct sockopt *sopt);
int dummynet_get(struct sockopt *sopt, void **compat);
int dn_c_copy_q (void *_ni, void *arg);
int dn_c_copy_pipe(struct dn_schk *s, struct copy_args *a, int nq);
int dn_c_copy_fs(struct dn_fsk *f, struct copy_args *a, int nq);
int dn_compat_copy_queue(struct copy_args *a, void *_o);
int dn_compat_copy_pipe(struct copy_args *a, void *_o);
int copy_data_helper_compat(void *_o, void *_arg);
int dn_compat_calc_size(struct dn_parms dn_cfg);
int do_config(void *p, int l);
/* function to drain idle object */
void dn_drain_scheduler(void);
void dn_drain_queue(void);
#endif /* _IP_DN_PRIVATE_H */

2312
freebsd/sys/netinet/ipfw/ip_dummynet.c
View File

File diff suppressed because it is too large Load Diff

2707
freebsd/sys/netinet/ipfw/ip_fw2.c
View File

File diff suppressed because it is too large Load Diff

456
freebsd/sys/netinet/ipfw/ip_fw_log.c
View File

@ -1,456 +0,0 @@
#include <machine/rtems-bsd-kernel-space.h>
/*-
* Copyright (c) 2002-2009 Luigi Rizzo, Universita` di Pisa
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include <sys/cdefs.h>
__FBSDID("$FreeBSD$");
/*
* Logging support for ipfw
*/
#include <rtems/bsd/local/opt_ipfw.h>
#include <rtems/bsd/local/opt_inet.h>
#ifndef INET
#error IPFIREWALL requires INET.
#endif /* INET */
#include <rtems/bsd/local/opt_inet6.h>
#include <rtems/bsd/sys/param.h>
#include <sys/systm.h>
#include <sys/mbuf.h>
#include <sys/kernel.h>
#include <sys/socket.h>
#include <sys/sysctl.h>
#include <sys/syslog.h>
#include <net/ethernet.h> /* for ETHERTYPE_IP */
#include <net/if.h>
#include <net/vnet.h>
#include <net/if_types.h> /* for IFT_ETHER */
#include <net/bpf.h> /* for BPF */
#include <netinet/in.h>
#include <netinet/ip.h>
#include <netinet/ip_icmp.h>
#include <netinet/ip_var.h>
#include <netinet/ip_fw.h>
#include <netinet/ipfw/ip_fw_private.h>
#include <netinet/tcp_var.h>
#include <netinet/udp.h>
#include <netinet/ip6.h>
#include <netinet/icmp6.h>
#ifdef INET6
#include <netinet6/in6_var.h> /* ip6_sprintf() */
#endif
#ifdef MAC
#include <security/mac/mac_framework.h>
#endif
/*
* L3HDR maps an ipv4 pointer into a layer3 header pointer of type T
* Other macros just cast void * into the appropriate type
*/
#define L3HDR(T, ip) ((T *)((u_int32_t *)(ip) + (ip)->ip_hl))
#define TCP(p) ((struct tcphdr *)(p))
#define SCTP(p) ((struct sctphdr *)(p))
#define UDP(p) ((struct udphdr *)(p))
#define ICMP(p) ((struct icmphdr *)(p))
#define ICMP6(p) ((struct icmp6_hdr *)(p))
#define SNPARGS(buf, len) buf + len, sizeof(buf) > len ? sizeof(buf) - len : 0
#define SNP(buf) buf, sizeof(buf)
#ifdef WITHOUT_BPF
void
ipfw_log_bpf(int onoff)
{
}
#else /* !WITHOUT_BPF */
static struct ifnet *log_if; /* hook to attach to bpf */
/* we use this dummy function for all ifnet callbacks */
static int
log_dummy(struct ifnet *ifp, u_long cmd, caddr_t addr)
{
return EINVAL;
}
static int
ipfw_log_output(struct ifnet *ifp, struct mbuf *m,
struct sockaddr *dst, struct route *ro)
{
if (m != NULL)
m_freem(m);
return EINVAL;
}
static void
ipfw_log_start(struct ifnet* ifp)
{
panic("ipfw_log_start() must not be called");
}
static const u_char ipfwbroadcastaddr[6] =
{ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
void
ipfw_log_bpf(int onoff)
{
struct ifnet *ifp;
if (onoff) {
if (log_if)
return;
ifp = if_alloc(IFT_ETHER);
if (ifp == NULL)
return;
if_initname(ifp, "ipfw", 0);
ifp->if_mtu = 65536;
ifp->if_flags = IFF_UP | IFF_SIMPLEX | IFF_MULTICAST;
ifp->if_init = (void *)log_dummy;
ifp->if_ioctl = log_dummy;
ifp->if_start = ipfw_log_start;
ifp->if_output = ipfw_log_output;
ifp->if_addrlen = 6;
ifp->if_hdrlen = 14;
if_attach(ifp);
ifp->if_broadcastaddr = ipfwbroadcastaddr;
ifp->if_baudrate = IF_Mbps(10);
bpfattach(ifp, DLT_EN10MB, 14);
log_if = ifp;
} else {
if (log_if) {
ether_ifdetach(log_if);
if_free(log_if);
}
log_if = NULL;
}
}
#endif /* !WITHOUT_BPF */
/*
* We enter here when we have a rule with O_LOG.
* XXX this function alone takes about 2Kbytes of code!
*/
void
ipfw_log(struct ip_fw *f, u_int hlen, struct ip_fw_args *args,
struct mbuf *m, struct ifnet *oif, u_short offset, uint32_t tablearg,
struct ip *ip)
{
char *action;
int limit_reached = 0;
char action2[40], proto[128], fragment[32];
if (V_fw_verbose == 0) {
#ifndef WITHOUT_BPF
if (log_if == NULL || log_if->if_bpf == NULL)
return;
if (args->eh) /* layer2, use orig hdr */
BPF_MTAP2(log_if, args->eh, ETHER_HDR_LEN, m);
else
/* Add fake header. Later we will store
* more info in the header.
*/
BPF_MTAP2(log_if, "DDDDDDSSSSSS\x08\x00", ETHER_HDR_LEN, m);
#endif /* !WITHOUT_BPF */
return;
}
/* the old 'log' function */
fragment[0] = '\0';
proto[0] = '\0';
if (f == NULL) { /* bogus pkt */
if (V_verbose_limit != 0 && V_norule_counter >= V_verbose_limit)
return;
V_norule_counter++;
if (V_norule_counter == V_verbose_limit)
limit_reached = V_verbose_limit;
action = "Refuse";
} else { /* O_LOG is the first action, find the real one */
ipfw_insn *cmd = ACTION_PTR(f);
ipfw_insn_log *l = (ipfw_insn_log *)cmd;
if (l->max_log != 0 && l->log_left == 0)
return;
l->log_left--;
if (l->log_left == 0)
limit_reached = l->max_log;
cmd += F_LEN(cmd); /* point to first action */
if (cmd->opcode == O_ALTQ) {
ipfw_insn_altq *altq = (ipfw_insn_altq *)cmd;
snprintf(SNPARGS(action2, 0), "Altq %d",
altq->qid);
cmd += F_LEN(cmd);
}
if (cmd->opcode == O_PROB)
cmd += F_LEN(cmd);
if (cmd->opcode == O_TAG)
cmd += F_LEN(cmd);
action = action2;
switch (cmd->opcode) {
case O_DENY:
action = "Deny";
break;
case O_REJECT:
if (cmd->arg1==ICMP_REJECT_RST)
action = "Reset";
else if (cmd->arg1==ICMP_UNREACH_HOST)
action = "Reject";
else
snprintf(SNPARGS(action2, 0), "Unreach %d",
cmd->arg1);
break;
case O_UNREACH6:
if (cmd->arg1==ICMP6_UNREACH_RST)
action = "Reset";
else
snprintf(SNPARGS(action2, 0), "Unreach %d",
cmd->arg1);
break;
case O_ACCEPT:
action = "Accept";
break;
case O_COUNT:
action = "Count";
break;
case O_DIVERT:
snprintf(SNPARGS(action2, 0), "Divert %d",
cmd->arg1);
break;
case O_TEE:
snprintf(SNPARGS(action2, 0), "Tee %d",
cmd->arg1);
break;
case O_SETFIB:
snprintf(SNPARGS(action2, 0), "SetFib %d",
cmd->arg1);
break;
case O_SKIPTO:
snprintf(SNPARGS(action2, 0), "SkipTo %d",
cmd->arg1);
break;
case O_PIPE:
snprintf(SNPARGS(action2, 0), "Pipe %d",
cmd->arg1);
break;
case O_QUEUE:
snprintf(SNPARGS(action2, 0), "Queue %d",
cmd->arg1);
break;
case O_FORWARD_IP: {
ipfw_insn_sa *sa = (ipfw_insn_sa *)cmd;
int len;
struct in_addr dummyaddr;
if (sa->sa.sin_addr.s_addr == INADDR_ANY)
dummyaddr.s_addr = htonl(tablearg);
else
dummyaddr.s_addr = sa->sa.sin_addr.s_addr;
len = snprintf(SNPARGS(action2, 0), "Forward to %s",
inet_ntoa(dummyaddr));
if (sa->sa.sin_port)
snprintf(SNPARGS(action2, len), ":%d",
sa->sa.sin_port);
}
break;
case O_NETGRAPH:
snprintf(SNPARGS(action2, 0), "Netgraph %d",
cmd->arg1);
break;
case O_NGTEE:
snprintf(SNPARGS(action2, 0), "Ngtee %d",
cmd->arg1);
break;
case O_NAT:
action = "Nat";
break;
case O_REASS:
action = "Reass";
break;
case O_CALLRETURN:
if (cmd->len & F_NOT)
action = "Return";
else
snprintf(SNPARGS(action2, 0), "Call %d",
cmd->arg1);
break;
default:
action = "UNKNOWN";
break;
}
}
if (hlen == 0) { /* non-ip */
snprintf(SNPARGS(proto, 0), "MAC");
} else {
int len;
#ifdef INET6
char src[INET6_ADDRSTRLEN + 2], dst[INET6_ADDRSTRLEN + 2];
#else
char src[INET_ADDRSTRLEN], dst[INET_ADDRSTRLEN];
#endif
struct icmphdr *icmp;
struct tcphdr *tcp;
struct udphdr *udp;
#ifdef INET6
struct ip6_hdr *ip6 = NULL;
struct icmp6_hdr *icmp6;
u_short ip6f_mf;
#endif
src[0] = '\0';
dst[0] = '\0';
#ifdef INET6
ip6f_mf = offset & IP6F_MORE_FRAG;
offset &= IP6F_OFF_MASK;
if (IS_IP6_FLOW_ID(&(args->f_id))) {
char ip6buf[INET6_ADDRSTRLEN];
snprintf(src, sizeof(src), "[%s]",
ip6_sprintf(ip6buf, &args->f_id.src_ip6));
snprintf(dst, sizeof(dst), "[%s]",
ip6_sprintf(ip6buf, &args->f_id.dst_ip6));
ip6 = (struct ip6_hdr *)ip;
tcp = (struct tcphdr *)(((char *)ip) + hlen);
udp = (struct udphdr *)(((char *)ip) + hlen);
} else
#endif
{
tcp = L3HDR(struct tcphdr, ip);
udp = L3HDR(struct udphdr, ip);
inet_ntoa_r(ip->ip_src, src);
inet_ntoa_r(ip->ip_dst, dst);
}
switch (args->f_id.proto) {
case IPPROTO_TCP:
len = snprintf(SNPARGS(proto, 0), "TCP %s", src);
if (offset == 0)
snprintf(SNPARGS(proto, len), ":%d %s:%d",
ntohs(tcp->th_sport),
dst,
ntohs(tcp->th_dport));
else
snprintf(SNPARGS(proto, len), " %s", dst);
break;
case IPPROTO_UDP:
len = snprintf(SNPARGS(proto, 0), "UDP %s", src);
if (offset == 0)
snprintf(SNPARGS(proto, len), ":%d %s:%d",
ntohs(udp->uh_sport),
dst,
ntohs(udp->uh_dport));
else
snprintf(SNPARGS(proto, len), " %s", dst);
break;
case IPPROTO_ICMP:
icmp = L3HDR(struct icmphdr, ip);
if (offset == 0)
len = snprintf(SNPARGS(proto, 0),
"ICMP:%u.%u ",
icmp->icmp_type, icmp->icmp_code);
else
len = snprintf(SNPARGS(proto, 0), "ICMP ");
len += snprintf(SNPARGS(proto, len), "%s", src);
snprintf(SNPARGS(proto, len), " %s", dst);
break;
#ifdef INET6
case IPPROTO_ICMPV6:
icmp6 = (struct icmp6_hdr *)(((char *)ip) + hlen);
if (offset == 0)
len = snprintf(SNPARGS(proto, 0),
"ICMPv6:%u.%u ",
icmp6->icmp6_type, icmp6->icmp6_code);
else
len = snprintf(SNPARGS(proto, 0), "ICMPv6 ");
len += snprintf(SNPARGS(proto, len), "%s", src);
snprintf(SNPARGS(proto, len), " %s", dst);
break;
#endif
default:
len = snprintf(SNPARGS(proto, 0), "P:%d %s",
args->f_id.proto, src);
snprintf(SNPARGS(proto, len), " %s", dst);
break;
}
#ifdef INET6
if (IS_IP6_FLOW_ID(&(args->f_id))) {
if (offset & (IP6F_OFF_MASK | IP6F_MORE_FRAG))
snprintf(SNPARGS(fragment, 0),
" (frag %08x:%d@%d%s)",
args->f_id.extra,
ntohs(ip6->ip6_plen) - hlen,
ntohs(offset) << 3, ip6f_mf ? "+" : "");
} else
#endif
{
int ipoff, iplen;
ipoff = ntohs(ip->ip_off);
iplen = ntohs(ip->ip_len);
if (ipoff & (IP_MF | IP_OFFMASK))
snprintf(SNPARGS(fragment, 0),
" (frag %d:%d@%d%s)",
ntohs(ip->ip_id), iplen - (ip->ip_hl << 2),
offset << 3,
(ipoff & IP_MF) ? "+" : "");
}
}
#ifdef __FreeBSD__
if (oif || m->m_pkthdr.rcvif)
log(LOG_SECURITY | LOG_INFO,
"ipfw: %d %s %s %s via %s%s\n",
f ? f->rulenum : -1,
action, proto, oif ? "out" : "in",
oif ? oif->if_xname : m->m_pkthdr.rcvif->if_xname,
fragment);
else
#endif
log(LOG_SECURITY | LOG_INFO,
"ipfw: %d %s %s [no if info]%s\n",
f ? f->rulenum : -1,
action, proto, fragment);
if (limit_reached)
log(LOG_SECURITY | LOG_NOTICE,
"ipfw: limit %d reached on entry %d\n",
limit_reached, f ? f->rulenum : -1);
}
/* end of file */

663
freebsd/sys/netinet/ipfw/ip_fw_nat.c
View File

@ -1,663 +0,0 @@
#include <machine/rtems-bsd-kernel-space.h>
/*-
* Copyright (c) 2008 Paolo Pisati
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include <sys/cdefs.h>
__FBSDID("$FreeBSD$");
#include <rtems/bsd/sys/param.h>
#include <sys/systm.h>
#include <sys/eventhandler.h>
#include <sys/malloc.h>
#include <sys/kernel.h>
#include <rtems/bsd/sys/lock.h>
#include <sys/module.h>
#include <sys/rwlock.h>
#define IPFW_INTERNAL /* Access to protected data structures in ip_fw.h. */
#include <netinet/libalias/alias.h>
#include <netinet/libalias/alias_local.h>
#include <net/if.h>
#include <netinet/in.h>
#include <netinet/ip.h>
#include <netinet/ip_var.h>
#include <netinet/ip_fw.h>
#include <netinet/ipfw/ip_fw_private.h>
#include <netinet/tcp.h>
#include <netinet/udp.h>
#include <machine/in_cksum.h> /* XXX for in_cksum */
static VNET_DEFINE(eventhandler_tag, ifaddr_event_tag);
#define V_ifaddr_event_tag VNET(ifaddr_event_tag)
static void
ifaddr_change(void *arg __unused, struct ifnet *ifp)
{
struct cfg_nat *ptr;
struct ifaddr *ifa;
struct ip_fw_chain *chain;
chain = &V_layer3_chain;
IPFW_WLOCK(chain);
/* Check every nat entry... */
LIST_FOREACH(ptr, &chain->nat, _next) {
/* ...using nic 'ifp->if_xname' as dynamic alias address. */
if (strncmp(ptr->if_name, ifp->if_xname, IF_NAMESIZE) != 0)
continue;
if_addr_rlock(ifp);
TAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) {
if (ifa->ifa_addr == NULL)
continue;
if (ifa->ifa_addr->sa_family != AF_INET)
continue;
ptr->ip = ((struct sockaddr_in *)
(ifa->ifa_addr))->sin_addr;
LibAliasSetAddress(ptr->lib, ptr->ip);
}
if_addr_runlock(ifp);
}
IPFW_WUNLOCK(chain);
}
/*
* delete the pointers for nat entry ix, or all of them if ix < 0
*/
static void
flush_nat_ptrs(struct ip_fw_chain *chain, const int ix)
{
int i;
ipfw_insn_nat *cmd;
IPFW_WLOCK_ASSERT(chain);
for (i = 0; i < chain->n_rules; i++) {
cmd = (ipfw_insn_nat *)ACTION_PTR(chain->map[i]);
/* XXX skip log and the like ? */
if (cmd->o.opcode == O_NAT && cmd->nat != NULL &&
(ix < 0 || cmd->nat->id == ix))
cmd->nat = NULL;
}
}
static void
del_redir_spool_cfg(struct cfg_nat *n, struct redir_chain *head)
{
struct cfg_redir *r, *tmp_r;
struct cfg_spool *s, *tmp_s;
int i, num;
LIST_FOREACH_SAFE(r, head, _next, tmp_r) {
num = 1; /* Number of alias_link to delete. */
switch (r->mode) {
case REDIR_PORT:
num = r->pport_cnt;
/* FALLTHROUGH */
case REDIR_ADDR:
case REDIR_PROTO:
/* Delete all libalias redirect entry. */
for (i = 0; i < num; i++)
LibAliasRedirectDelete(n->lib, r->alink[i]);
/* Del spool cfg if any. */
LIST_FOREACH_SAFE(s, &r->spool_chain, _next, tmp_s) {
LIST_REMOVE(s, _next);
free(s, M_IPFW);
}
free(r->alink, M_IPFW);
LIST_REMOVE(r, _next);
free(r, M_IPFW);
break;
default:
printf("unknown redirect mode: %u\n", r->mode);
/* XXX - panic?!?!? */
break;
}
}
}
static void
add_redir_spool_cfg(char *buf, struct cfg_nat *ptr)
{
struct cfg_redir *r, *ser_r;
struct cfg_spool *s, *ser_s;
int cnt, off, i;
for (cnt = 0, off = 0; cnt < ptr->redir_cnt; cnt++) {
ser_r = (struct cfg_redir *)&buf[off];
r = malloc(SOF_REDIR, M_IPFW, M_WAITOK | M_ZERO);
memcpy(r, ser_r, SOF_REDIR);
LIST_INIT(&r->spool_chain);
off += SOF_REDIR;
r->alink = malloc(sizeof(struct alias_link *) * r->pport_cnt,
M_IPFW, M_WAITOK | M_ZERO);
switch (r->mode) {
case REDIR_ADDR:
r->alink[0] = LibAliasRedirectAddr(ptr->lib, r->laddr,
r->paddr);
break;
case REDIR_PORT:
for (i = 0 ; i < r->pport_cnt; i++) {
/* If remotePort is all ports, set it to 0. */
u_short remotePortCopy = r->rport + i;
if (r->rport_cnt == 1 && r->rport == 0)
remotePortCopy = 0;
r->alink[i] = LibAliasRedirectPort(ptr->lib,
r->laddr, htons(r->lport + i), r->raddr,
htons(remotePortCopy), r->paddr,
htons(r->pport + i), r->proto);
if (r->alink[i] == NULL) {
r->alink[0] = NULL;
break;
}
}
break;
case REDIR_PROTO:
r->alink[0] = LibAliasRedirectProto(ptr->lib ,r->laddr,
r->raddr, r->paddr, r->proto);
break;
default:
printf("unknown redirect mode: %u\n", r->mode);
break;
}
/* XXX perhaps return an error instead of panic ? */
if (r->alink[0] == NULL)
panic("LibAliasRedirect* returned NULL");
/* LSNAT handling. */
for (i = 0; i < r->spool_cnt; i++) {
ser_s = (struct cfg_spool *)&buf[off];
s = malloc(SOF_REDIR, M_IPFW, M_WAITOK | M_ZERO);
memcpy(s, ser_s, SOF_SPOOL);
LibAliasAddServer(ptr->lib, r->alink[0],
s->addr, htons(s->port));
off += SOF_SPOOL;
/* Hook spool entry. */
LIST_INSERT_HEAD(&r->spool_chain, s, _next);
}
/* And finally hook this redir entry. */
LIST_INSERT_HEAD(&ptr->redir_chain, r, _next);
}
}
static int
ipfw_nat(struct ip_fw_args *args, struct cfg_nat *t, struct mbuf *m)
{
struct mbuf *mcl;
struct ip *ip;
/* XXX - libalias duct tape */
int ldt, retval, found;
struct ip_fw_chain *chain;
char *c;
ldt = 0;
retval = 0;
mcl = m_megapullup(m, m->m_pkthdr.len);
if (mcl == NULL) {
args->m = NULL;
return (IP_FW_DENY);
}
ip = mtod(mcl, struct ip *);
/*
* XXX - Libalias checksum offload 'duct tape':
*
* locally generated packets have only pseudo-header checksum
* calculated and libalias will break it[1], so mark them for
* later fix. Moreover there are cases when libalias modifies
* tcp packet data[2], mark them for later fix too.
*
* [1] libalias was never meant to run in kernel, so it does
* not have any knowledge about checksum offloading, and
* expects a packet with a full internet checksum.
* Unfortunately, packets generated locally will have just the
* pseudo header calculated, and when libalias tries to adjust
* the checksum it will actually compute a wrong value.
*
* [2] when libalias modifies tcp's data content, full TCP
* checksum has to be recomputed: the problem is that
* libalias does not have any idea about checksum offloading.
* To work around this, we do not do checksumming in LibAlias,
* but only mark the packets in th_x2 field. If we receive a
* marked packet, we calculate correct checksum for it
* aware of offloading. Why such a terrible hack instead of
* recalculating checksum for each packet?
* Because the previous checksum was not checked!
* Recalculating checksums for EVERY packet will hide ALL
* transmission errors. Yes, marked packets still suffer from
* this problem. But, sigh, natd(8) has this problem, too.
*
* TODO: -make libalias mbuf aware (so
* it can handle delayed checksum and tso)
*/
if (mcl->m_pkthdr.rcvif == NULL &&
mcl->m_pkthdr.csum_flags & CSUM_DELAY_DATA)
ldt = 1;
c = mtod(mcl, char *);
/* Check if this is 'global' instance */
if (t == NULL) {
if (args->oif == NULL) {
/* Wrong direction, skip processing */
args->m = mcl;
return (IP_FW_NAT);
}
found = 0;
chain = &V_layer3_chain;
IPFW_RLOCK(chain);
/* Check every nat entry... */
LIST_FOREACH(t, &chain->nat, _next) {
if ((t->mode & PKT_ALIAS_SKIP_GLOBAL) != 0)
continue;
retval = LibAliasOutTry(t->lib, c,
mcl->m_len + M_TRAILINGSPACE(mcl), 0);
if (retval == PKT_ALIAS_OK) {
/* Nat instance recognises state */
found = 1;
break;
}
}
IPFW_RUNLOCK(chain);
if (found != 1) {
/* No instance found, return ignore */
args->m = mcl;
return (IP_FW_NAT);
}
} else {
if (args->oif == NULL)
retval = LibAliasIn(t->lib, c,
mcl->m_len + M_TRAILINGSPACE(mcl));
else
retval = LibAliasOut(t->lib, c,
mcl->m_len + M_TRAILINGSPACE(mcl));
}
/*
* We drop packet when:
* 1. libalias returns PKT_ALIAS_ERROR;
* 2. For incoming packets:
* a) for unresolved fragments;
* b) libalias returns PKT_ALIAS_IGNORED and
* PKT_ALIAS_DENY_INCOMING flag is set.
*/
if (retval == PKT_ALIAS_ERROR ||
(args->oif == NULL && (retval == PKT_ALIAS_UNRESOLVED_FRAGMENT ||
(retval == PKT_ALIAS_IGNORED &&
(t->mode & PKT_ALIAS_DENY_INCOMING) != 0)))) {
/* XXX - should i add some logging? */
m_free(mcl);
args->m = NULL;
return (IP_FW_DENY);
}
if (retval == PKT_ALIAS_RESPOND)
mcl->m_flags |= M_SKIP_FIREWALL;
mcl->m_pkthdr.len = mcl->m_len = ntohs(ip->ip_len);
/*
* XXX - libalias checksum offload
* 'duct tape' (see above)
*/
if ((ip->ip_off & htons(IP_OFFMASK)) == 0 &&
ip->ip_p == IPPROTO_TCP) {
struct tcphdr *th;
th = (struct tcphdr *)(ip + 1);
if (th->th_x2)
ldt = 1;
}
if (ldt) {
struct tcphdr *th;
struct udphdr *uh;
u_short cksum;
ip->ip_len = ntohs(ip->ip_len);
cksum = in_pseudo(ip->ip_src.s_addr, ip->ip_dst.s_addr,
htons(ip->ip_p + ip->ip_len - (ip->ip_hl << 2)));
switch (ip->ip_p) {
case IPPROTO_TCP:
th = (struct tcphdr *)(ip + 1);
/*
* Maybe it was set in
* libalias...
*/
th->th_x2 = 0;
th->th_sum = cksum;
mcl->m_pkthdr.csum_data =
offsetof(struct tcphdr, th_sum);
break;
case IPPROTO_UDP:
uh = (struct udphdr *)(ip + 1);
uh->uh_sum = cksum;
mcl->m_pkthdr.csum_data =
offsetof(struct udphdr, uh_sum);
break;
}
/* No hw checksum offloading: do it ourselves */
if ((mcl->m_pkthdr.csum_flags & CSUM_DELAY_DATA) == 0) {
in_delayed_cksum(mcl);
mcl->m_pkthdr.csum_flags &= ~CSUM_DELAY_DATA;
}
ip->ip_len = htons(ip->ip_len);
}
args->m = mcl;
return (IP_FW_NAT);
}
static struct cfg_nat *
lookup_nat(struct nat_list *l, int nat_id)
{
struct cfg_nat *res;
LIST_FOREACH(res, l, _next) {
if (res->id == nat_id)
break;
}
return res;
}
static int
ipfw_nat_cfg(struct sockopt *sopt)
{
struct cfg_nat *cfg, *ptr;
char *buf;
struct ip_fw_chain *chain = &V_layer3_chain;
size_t len;
int gencnt, error = 0;
len = sopt->sopt_valsize;
buf = malloc(len, M_TEMP, M_WAITOK | M_ZERO);
if ((error = sooptcopyin(sopt, buf, len, sizeof(struct cfg_nat))) != 0)
goto out;
cfg = (struct cfg_nat *)buf;
if (cfg->id < 0) {
error = EINVAL;
goto out;
}
/*
* Find/create nat rule.
*/
IPFW_WLOCK(chain);
gencnt = chain->gencnt;
ptr = lookup_nat(&chain->nat, cfg->id);
if (ptr == NULL) {
IPFW_WUNLOCK(chain);
/* New rule: allocate and init new instance. */
ptr = malloc(sizeof(struct cfg_nat), M_IPFW, M_WAITOK | M_ZERO);
ptr->lib = LibAliasInit(NULL);
LIST_INIT(&ptr->redir_chain);
} else {
/* Entry already present: temporarily unhook it. */
LIST_REMOVE(ptr, _next);
flush_nat_ptrs(chain, cfg->id);
IPFW_WUNLOCK(chain);
}
/*
* Basic nat configuration.
*/
ptr->id = cfg->id;
/*
* XXX - what if this rule doesn't nat any ip and just
* redirect?
* do we set aliasaddress to 0.0.0.0?
*/
ptr->ip = cfg->ip;
ptr->redir_cnt = cfg->redir_cnt;
ptr->mode = cfg->mode;
LibAliasSetMode(ptr->lib, cfg->mode, cfg->mode);
LibAliasSetAddress(ptr->lib, ptr->ip);
memcpy(ptr->if_name, cfg->if_name, IF_NAMESIZE);
/*
* Redir and LSNAT configuration.
*/
/* Delete old cfgs. */
del_redir_spool_cfg(ptr, &ptr->redir_chain);
/* Add new entries. */
add_redir_spool_cfg(&buf[(sizeof(struct cfg_nat))], ptr);
IPFW_WLOCK(chain);
/* Extra check to avoid race with another ipfw_nat_cfg() */
if (gencnt != chain->gencnt &&
((cfg = lookup_nat(&chain->nat, ptr->id)) != NULL))
LIST_REMOVE(cfg, _next);
LIST_INSERT_HEAD(&chain->nat, ptr, _next);
chain->gencnt++;
IPFW_WUNLOCK(chain);
out:
free(buf, M_TEMP);
return (error);
}
static int
ipfw_nat_del(struct sockopt *sopt)
{
struct cfg_nat *ptr;
struct ip_fw_chain *chain = &V_layer3_chain;
int i;
sooptcopyin(sopt, &i, sizeof i, sizeof i);
/* XXX validate i */
IPFW_WLOCK(chain);
ptr = lookup_nat(&chain->nat, i);
if (ptr == NULL) {
IPFW_WUNLOCK(chain);
return (EINVAL);
}
LIST_REMOVE(ptr, _next);
flush_nat_ptrs(chain, i);
IPFW_WUNLOCK(chain);
del_redir_spool_cfg(ptr, &ptr->redir_chain);
LibAliasUninit(ptr->lib);
free(ptr, M_IPFW);
return (0);
}
static int
ipfw_nat_get_cfg(struct sockopt *sopt)
{
struct ip_fw_chain *chain = &V_layer3_chain;
struct cfg_nat *n;
struct cfg_redir *r;
struct cfg_spool *s;
char *data;
int gencnt, nat_cnt, len, error;
nat_cnt = 0;
len = sizeof(nat_cnt);
IPFW_RLOCK(chain);
retry:
gencnt = chain->gencnt;
/* Estimate memory amount */
LIST_FOREACH(n, &chain->nat, _next) {
nat_cnt++;
len += sizeof(struct cfg_nat);
LIST_FOREACH(r, &n->redir_chain, _next) {
len += sizeof(struct cfg_redir);
LIST_FOREACH(s, &r->spool_chain, _next)
len += sizeof(struct cfg_spool);
}
}
IPFW_RUNLOCK(chain);
data = malloc(len, M_TEMP, M_WAITOK | M_ZERO);
bcopy(&nat_cnt, data, sizeof(nat_cnt));
nat_cnt = 0;
len = sizeof(nat_cnt);
IPFW_RLOCK(chain);
if (gencnt != chain->gencnt) {
free(data, M_TEMP);
goto retry;
}
/* Serialize all the data. */
LIST_FOREACH(n, &chain->nat, _next) {
bcopy(n, &data[len], sizeof(struct cfg_nat));
len += sizeof(struct cfg_nat);
LIST_FOREACH(r, &n->redir_chain, _next) {
bcopy(r, &data[len], sizeof(struct cfg_redir));
len += sizeof(struct cfg_redir);
LIST_FOREACH(s, &r->spool_chain, _next) {
bcopy(s, &data[len], sizeof(struct cfg_spool));
len += sizeof(struct cfg_spool);
}
}
}
IPFW_RUNLOCK(chain);
error = sooptcopyout(sopt, data, len);
free(data, M_TEMP);
return (error);
}
static int
ipfw_nat_get_log(struct sockopt *sopt)
{
uint8_t *data;
struct cfg_nat *ptr;
int i, size;
struct ip_fw_chain *chain;
chain = &V_layer3_chain;
IPFW_RLOCK(chain);
/* one pass to count, one to copy the data */
i = 0;
LIST_FOREACH(ptr, &chain->nat, _next) {
if (ptr->lib->logDesc == NULL)
continue;
i++;
}
size = i * (LIBALIAS_BUF_SIZE + sizeof(int));
data = malloc(size, M_IPFW, M_NOWAIT | M_ZERO);
if (data == NULL) {
IPFW_RUNLOCK(chain);
return (ENOSPC);
}
i = 0;
LIST_FOREACH(ptr, &chain->nat, _next) {
if (ptr->lib->logDesc == NULL)
continue;
bcopy(&ptr->id, &data[i], sizeof(int));
i += sizeof(int);
bcopy(ptr->lib->logDesc, &data[i], LIBALIAS_BUF_SIZE);
i += LIBALIAS_BUF_SIZE;
}
IPFW_RUNLOCK(chain);
sooptcopyout(sopt, data, size);
free(data, M_IPFW);
return(0);
}
static void
ipfw_nat_init(void)
{
IPFW_WLOCK(&V_layer3_chain);
/* init ipfw hooks */
ipfw_nat_ptr = ipfw_nat;
lookup_nat_ptr = lookup_nat;
ipfw_nat_cfg_ptr = ipfw_nat_cfg;
ipfw_nat_del_ptr = ipfw_nat_del;
ipfw_nat_get_cfg_ptr = ipfw_nat_get_cfg;
ipfw_nat_get_log_ptr = ipfw_nat_get_log;
IPFW_WUNLOCK(&V_layer3_chain);
V_ifaddr_event_tag = EVENTHANDLER_REGISTER(
ifaddr_event, ifaddr_change,
NULL, EVENTHANDLER_PRI_ANY);
}
static void
ipfw_nat_destroy(void)
{
struct cfg_nat *ptr, *ptr_temp;
struct ip_fw_chain *chain;
chain = &V_layer3_chain;
IPFW_WLOCK(chain);
LIST_FOREACH_SAFE(ptr, &chain->nat, _next, ptr_temp) {
LIST_REMOVE(ptr, _next);
del_redir_spool_cfg(ptr, &ptr->redir_chain);
LibAliasUninit(ptr->lib);
free(ptr, M_IPFW);
}
EVENTHANDLER_DEREGISTER(ifaddr_event, V_ifaddr_event_tag);
flush_nat_ptrs(chain, -1 /* flush all */);
/* deregister ipfw_nat */
ipfw_nat_ptr = NULL;
lookup_nat_ptr = NULL;
ipfw_nat_cfg_ptr = NULL;
ipfw_nat_del_ptr = NULL;
ipfw_nat_get_cfg_ptr = NULL;
ipfw_nat_get_log_ptr = NULL;
IPFW_WUNLOCK(chain);
}
static int
ipfw_nat_modevent(module_t mod, int type, void *unused)
{
int err = 0;
switch (type) {
case MOD_LOAD:
ipfw_nat_init();
break;
case MOD_UNLOAD:
ipfw_nat_destroy();
break;
default:
return EOPNOTSUPP;
break;
}
return err;
}
static moduledata_t ipfw_nat_mod = {
"ipfw_nat",
ipfw_nat_modevent,
0
};
DECLARE_MODULE(ipfw_nat, ipfw_nat_mod, SI_SUB_PROTO_IFATTACHDOMAIN, SI_ORDER_ANY);
MODULE_DEPEND(ipfw_nat, libalias, 1, 1, 1);
MODULE_DEPEND(ipfw_nat, ipfw, 2, 2, 2);
MODULE_VERSION(ipfw_nat, 1);
/* end of file */

415
freebsd/sys/netinet/ipfw/ip_fw_pfil.c
View File

@ -1,415 +0,0 @@
#include <machine/rtems-bsd-kernel-space.h>
/*-
* Copyright (c) 2004 Andre Oppermann, Internet Business Solutions AG
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include <sys/cdefs.h>
__FBSDID("$FreeBSD$");
#include <rtems/bsd/local/opt_ipfw.h>
#include <rtems/bsd/local/opt_inet.h>
#include <rtems/bsd/local/opt_inet6.h>
#ifndef INET
#error IPFIREWALL requires INET.
#endif /* INET */
#include <rtems/bsd/sys/param.h>
#include <sys/systm.h>
#include <sys/malloc.h>
#include <sys/mbuf.h>
#include <sys/module.h>
#include <sys/kernel.h>
#include <rtems/bsd/sys/lock.h>
#include <sys/rwlock.h>
#include <sys/socket.h>
#include <sys/sysctl.h>
#include <net/if.h>
#include <net/route.h>
#include <net/pfil.h>
#include <net/vnet.h>
#include <netinet/in.h>
#include <netinet/in_systm.h>
#include <netinet/ip.h>
#include <netinet/ip_var.h>
#include <netinet/ip_fw.h>
#include <netinet/ipfw/ip_fw_private.h>
#include <netgraph/ng_ipfw.h>
#include <machine/in_cksum.h>
static VNET_DEFINE(int, fw_enable) = 1;
#define V_fw_enable VNET(fw_enable)
#ifdef INET6
static VNET_DEFINE(int, fw6_enable) = 1;
#define V_fw6_enable VNET(fw6_enable)
#endif
int ipfw_chg_hook(SYSCTL_HANDLER_ARGS);
/* Forward declarations. */
static int ipfw_divert(struct mbuf **, int, struct ipfw_rule_ref *, int);
#ifdef SYSCTL_NODE
SYSBEGIN(f1)
SYSCTL_DECL(_net_inet_ip_fw);
SYSCTL_VNET_PROC(_net_inet_ip_fw, OID_AUTO, enable,
CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_SECURE3, &VNET_NAME(fw_enable), 0,
ipfw_chg_hook, "I", "Enable ipfw");
#ifdef INET6
SYSCTL_DECL(_net_inet6_ip6_fw);
SYSCTL_VNET_PROC(_net_inet6_ip6_fw, OID_AUTO, enable,
CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_SECURE3, &VNET_NAME(fw6_enable), 0,
ipfw_chg_hook, "I", "Enable ipfw+6");
#endif /* INET6 */
SYSEND
#endif /* SYSCTL_NODE */
/*
* The pfilter hook to pass packets to ipfw_chk and then to
* dummynet, divert, netgraph or other modules.
* The packet may be consumed.
*/
int
ipfw_check_hook(void *arg, struct mbuf **m0, struct ifnet *ifp, int dir,
struct inpcb *inp)
{
struct ip_fw_args args;
struct m_tag *tag;
int ipfw;
int ret;
/* all the processing now uses ip_len in net format */
if (mtod(*m0, struct ip *)->ip_v == 4)
SET_NET_IPLEN(mtod(*m0, struct ip *));
/* convert dir to IPFW values */
dir = (dir == PFIL_IN) ? DIR_IN : DIR_OUT;
bzero(&args, sizeof(args));
again:
/*
* extract and remove the tag if present. If we are left
* with onepass, optimize the outgoing path.
*/
tag = m_tag_locate(*m0, MTAG_IPFW_RULE, 0, NULL);
if (tag != NULL) {
args.rule = *((struct ipfw_rule_ref *)(tag+1));
m_tag_delete(*m0, tag);
if (args.rule.info & IPFW_ONEPASS) {
if (mtod(*m0, struct ip *)->ip_v == 4)
SET_HOST_IPLEN(mtod(*m0, struct ip *));
return (0);
}
}
args.m = *m0;
args.oif = dir == DIR_OUT ? ifp : NULL;
args.inp = inp;
ipfw = ipfw_chk(&args);
*m0 = args.m;
KASSERT(*m0 != NULL || ipfw == IP_FW_DENY, ("%s: m0 is NULL",
__func__));
/* breaking out of the switch means drop */
ret = 0; /* default return value for pass */
switch (ipfw) {
case IP_FW_PASS:
/* next_hop may be set by ipfw_chk */
if (args.next_hop == NULL)
break; /* pass */
#if !defined(IPFIREWALL_FORWARD) || (!defined(INET6) && !defined(INET))
ret = EACCES;
#else
{
struct m_tag *fwd_tag;
/* Incoming packets should not be tagged so we do not
* m_tag_find. Outgoing packets may be tagged, so we
* reuse the tag if present.
*/
fwd_tag = (dir == DIR_IN) ? NULL :
m_tag_find(*m0, PACKET_TAG_IPFORWARD, NULL);
if (fwd_tag != NULL) {
m_tag_unlink(*m0, fwd_tag);
} else {
fwd_tag = m_tag_get(PACKET_TAG_IPFORWARD,
sizeof(struct sockaddr_in), M_NOWAIT);
if (fwd_tag == NULL) {
ret = EACCES;
break; /* i.e. drop */
}
}
bcopy(args.next_hop, (fwd_tag+1), sizeof(struct sockaddr_in));
m_tag_prepend(*m0, fwd_tag);
if (in_localip(args.next_hop->sin_addr))
(*m0)->m_flags |= M_FASTFWD_OURS;
}
#endif /* IPFIREWALL_FORWARD */
break;
case IP_FW_DENY:
ret = EACCES;
break; /* i.e. drop */
case IP_FW_DUMMYNET:
ret = EACCES;
if (ip_dn_io_ptr == NULL)
break; /* i.e. drop */
if (mtod(*m0, struct ip *)->ip_v == 4)
ret = ip_dn_io_ptr(m0, dir, &args);
else if (mtod(*m0, struct ip *)->ip_v == 6)
ret = ip_dn_io_ptr(m0, dir | PROTO_IPV6, &args);
else
break; /* drop it */
/*
* XXX should read the return value.
* dummynet normally eats the packet and sets *m0=NULL
* unless the packet can be sent immediately. In this
* case args is updated and we should re-run the
* check without clearing args.
*/
if (*m0 != NULL)
goto again;
break;
case IP_FW_TEE:
case IP_FW_DIVERT:
if (ip_divert_ptr == NULL) {
ret = EACCES;
break; /* i.e. drop */
}
ret = ipfw_divert(m0, dir, &args.rule,
(ipfw == IP_FW_TEE) ? 1 : 0);
/* continue processing for the original packet (tee). */
if (*m0)
goto again;
break;
case IP_FW_NGTEE:
case IP_FW_NETGRAPH:
if (ng_ipfw_input_p == NULL) {
ret = EACCES;
break; /* i.e. drop */
}
ret = ng_ipfw_input_p(m0, dir, &args,
(ipfw == IP_FW_NGTEE) ? 1 : 0);
if (ipfw == IP_FW_NGTEE) /* ignore errors for NGTEE */
goto again; /* continue with packet */
break;
case IP_FW_NAT:
/* honor one-pass in case of successful nat */
if (V_fw_one_pass)
break; /* ret is already 0 */
goto again;
case IP_FW_REASS:
goto again; /* continue with packet */
default:
KASSERT(0, ("%s: unknown retval", __func__));
}
if (ret != 0) {
if (*m0)
FREE_PKT(*m0);
*m0 = NULL;
}
if (*m0 && mtod(*m0, struct ip *)->ip_v == 4)
SET_HOST_IPLEN(mtod(*m0, struct ip *));
return ret;
}
/* do the divert, return 1 on error 0 on success */
static int
ipfw_divert(struct mbuf **m0, int incoming, struct ipfw_rule_ref *rule,
int tee)
{
/*
* ipfw_chk() has already tagged the packet with the divert tag.
* If tee is set, copy packet and return original.
* If not tee, consume packet and send it to divert socket.
*/
struct mbuf *clone;
struct ip *ip;
struct m_tag *tag;
/* Cloning needed for tee? */
if (tee == 0) {
clone = *m0; /* use the original mbuf */
*m0 = NULL;
} else {
clone = m_dup(*m0, M_DONTWAIT);
/* If we cannot duplicate the mbuf, we sacrifice the divert
* chain and continue with the tee-ed packet.
*/
if (clone == NULL)
return 1;
}
/*
* Divert listeners can normally handle non-fragmented packets,
* but we can only reass in the non-tee case.
* This means that listeners on a tee rule may get fragments,
* and have to live with that.
* Note that we now have the 'reass' ipfw option so if we care
* we can do it before a 'tee'.
*/
ip = mtod(clone, struct ip *);
if (!tee && ntohs(ip->ip_off) & (IP_MF | IP_OFFMASK)) {
int hlen;
struct mbuf *reass;
SET_HOST_IPLEN(ip); /* ip_reass wants host order */
reass = ip_reass(clone); /* Reassemble packet. */
if (reass == NULL)
return 0; /* not an error */
/* if reass = NULL then it was consumed by ip_reass */
/*
* IP header checksum fixup after reassembly and leave header
* in network byte order.
*/
ip = mtod(reass, struct ip *);
hlen = ip->ip_hl << 2;
SET_NET_IPLEN(ip);
ip->ip_sum = 0;
if (hlen == sizeof(struct ip))
ip->ip_sum = in_cksum_hdr(ip);
else
ip->ip_sum = in_cksum(reass, hlen);
clone = reass;
}
/* attach a tag to the packet with the reinject info */
tag = m_tag_alloc(MTAG_IPFW_RULE, 0,
sizeof(struct ipfw_rule_ref), M_NOWAIT);
if (tag == NULL) {
FREE_PKT(clone);
return 1;
}
*((struct ipfw_rule_ref *)(tag+1)) = *rule;
m_tag_prepend(clone, tag);
/* Do the dirty job... */
ip_divert_ptr(clone, incoming);
return 0;
}
/*
* attach or detach hooks for a given protocol family
*/
static int
ipfw_hook(int onoff, int pf)
{
struct pfil_head *pfh;
pfh = pfil_head_get(PFIL_TYPE_AF, pf);
if (pfh == NULL)
return ENOENT;
(void) (onoff ? pfil_add_hook : pfil_remove_hook)
(ipfw_check_hook, NULL, PFIL_IN | PFIL_OUT | PFIL_WAITOK, pfh);
return 0;
}
int
ipfw_attach_hooks(int arg)
{
int error = 0;
if (arg == 0) /* detach */
ipfw_hook(0, AF_INET);
else if (V_fw_enable && ipfw_hook(1, AF_INET) != 0) {
error = ENOENT; /* see ip_fw_pfil.c::ipfw_hook() */
printf("ipfw_hook() error\n");
}
#ifdef INET6
if (arg == 0) /* detach */
ipfw_hook(0, AF_INET6);
else if (V_fw6_enable && ipfw_hook(1, AF_INET6) != 0) {
error = ENOENT;
printf("ipfw6_hook() error\n");
}
#endif
return error;
}
int
ipfw_chg_hook(SYSCTL_HANDLER_ARGS)
{
int enable;
int oldenable;
int error;
int af;
if (arg1 == &VNET_NAME(fw_enable)) {
enable = V_fw_enable;
af = AF_INET;
}
#ifdef INET6
else if (arg1 == &VNET_NAME(fw6_enable)) {
enable = V_fw6_enable;
af = AF_INET6;
}
#endif
else
return (EINVAL);
oldenable = enable;
error = sysctl_handle_int(oidp, &enable, 0, req);
if (error)
return (error);
enable = (enable) ? 1 : 0;
if (enable == oldenable)
return (0);
error = ipfw_hook(enable, af);
if (error)
return (error);
if (af == AF_INET)
V_fw_enable = enable;
#ifdef INET6
else if (af == AF_INET6)
V_fw6_enable = enable;
#endif
return (0);
}
/* end of file */

312
freebsd/sys/netinet/ipfw/ip_fw_private.h
View File

@ -1,312 +0,0 @@
/*-
* Copyright (c) 2002-2009 Luigi Rizzo, Universita` di Pisa
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $FreeBSD$
*/
#ifndef _IPFW2_PRIVATE_H
#define _IPFW2_PRIVATE_H
/*
* Internal constants and data structures used by ipfw components
* and not meant to be exported outside the kernel.
*/
#ifdef _KERNEL
/*
* For platforms that do not have SYSCTL support, we wrap the
* SYSCTL_* into a function (one per file) to collect the values
* into an array at module initialization. The wrapping macros,
* SYSBEGIN() and SYSEND, are empty in the default case.
*/
#ifndef SYSBEGIN
#define SYSBEGIN(x)
#endif
#ifndef SYSEND
#define SYSEND
#endif
/* Return values from ipfw_chk() */
enum {
IP_FW_PASS = 0,
IP_FW_DENY,
IP_FW_DIVERT,
IP_FW_TEE,
IP_FW_DUMMYNET,
IP_FW_NETGRAPH,
IP_FW_NGTEE,
IP_FW_NAT,
IP_FW_REASS,
};
/*
* Structure for collecting parameters to dummynet for ip6_output forwarding
*/
struct _ip6dn_args {
struct ip6_pktopts *opt_or;
struct route_in6 ro_or;
int flags_or;
struct ip6_moptions *im6o_or;
struct ifnet *origifp_or;
struct ifnet *ifp_or;
struct sockaddr_in6 dst_or;
u_long mtu_or;
struct route_in6 ro_pmtu_or;
};
/*
* Arguments for calling ipfw_chk() and dummynet_io(). We put them
* all into a structure because this way it is easier and more
* efficient to pass variables around and extend the interface.
*/
struct ip_fw_args {
struct mbuf *m; /* the mbuf chain */
struct ifnet *oif; /* output interface */
struct sockaddr_in *next_hop; /* forward address */
/*
* On return, it points to the matching rule.
* On entry, rule.slot > 0 means the info is valid and
* contains the starting rule for an ipfw search.
* If chain_id == chain->id && slot >0 then jump to that slot.
* Otherwise, we locate the first rule >= rulenum:rule_id
*/
struct ipfw_rule_ref rule; /* match/restart info */
struct ether_header *eh; /* for bridged packets */
struct ipfw_flow_id f_id; /* grabbed from IP header */
//uint32_t cookie; /* a cookie depending on rule action */
struct inpcb *inp;
struct _ip6dn_args dummypar; /* dummynet->ip6_output */
struct sockaddr_in hopstore; /* store here if cannot use a pointer */
};
MALLOC_DECLARE(M_IPFW);
/*
* Hooks sometime need to know the direction of the packet
* (divert, dummynet, netgraph, ...)
* We use a generic definition here, with bit0-1 indicating the
* direction, bit 2 indicating layer2 or 3, bit 3-4 indicating the
* specific protocol
* indicating the protocol (if necessary)
*/
enum {
DIR_MASK = 0x3,
DIR_OUT = 0,
DIR_IN = 1,
DIR_FWD = 2,
DIR_DROP = 3,
PROTO_LAYER2 = 0x4, /* set for layer 2 */
/* PROTO_DEFAULT = 0, */
PROTO_IPV4 = 0x08,
PROTO_IPV6 = 0x10,
PROTO_IFB = 0x0c, /* layer2 + ifbridge */
/* PROTO_OLDBDG = 0x14, unused, old bridge */
};
/* wrapper for freeing a packet, in case we need to do more work */
#ifndef FREE_PKT
#if defined(__linux__) || defined(_WIN32)
#define FREE_PKT(m) netisr_dispatch(-1, m)
#else
#define FREE_PKT(m) m_freem(m)
#endif
#endif /* !FREE_PKT */
/*
* Function definitions.
*/
/* attach (arg = 1) or detach (arg = 0) hooks */
int ipfw_attach_hooks(int);
#ifdef NOTYET
void ipfw_nat_destroy(void);
#endif
/* In ip_fw_log.c */
struct ip;
void ipfw_log_bpf(int);
void ipfw_log(struct ip_fw *f, u_int hlen, struct ip_fw_args *args,
struct mbuf *m, struct ifnet *oif, u_short offset, uint32_t tablearg,
struct ip *ip);
VNET_DECLARE(u_int64_t, norule_counter);
#define V_norule_counter VNET(norule_counter)
VNET_DECLARE(int, verbose_limit);
#define V_verbose_limit VNET(verbose_limit)
/* In ip_fw_dynamic.c */
enum { /* result for matching dynamic rules */
MATCH_REVERSE = 0,
MATCH_FORWARD,
MATCH_NONE,
MATCH_UNKNOWN,
};
/*
* The lock for dynamic rules is only used once outside the file,
* and only to release the result of lookup_dyn_rule().
* Eventually we may implement it with a callback on the function.
*/
void ipfw_dyn_unlock(void);
struct tcphdr;
struct mbuf *ipfw_send_pkt(struct mbuf *, struct ipfw_flow_id *,
u_int32_t, u_int32_t, int);
int ipfw_install_state(struct ip_fw *rule, ipfw_insn_limit *cmd,
struct ip_fw_args *args, uint32_t tablearg);
ipfw_dyn_rule *ipfw_lookup_dyn_rule(struct ipfw_flow_id *pkt,
int *match_direction, struct tcphdr *tcp);
void ipfw_remove_dyn_children(struct ip_fw *rule);
void ipfw_get_dynamic(char **bp, const char *ep);
void ipfw_dyn_attach(void); /* uma_zcreate .... */
void ipfw_dyn_detach(void); /* uma_zdestroy ... */
void ipfw_dyn_init(void); /* per-vnet initialization */
void ipfw_dyn_uninit(int); /* per-vnet deinitialization */
int ipfw_dyn_len(void);
/* common variables */
VNET_DECLARE(int, fw_one_pass);
#define V_fw_one_pass VNET(fw_one_pass)
VNET_DECLARE(int, fw_verbose);
#define V_fw_verbose VNET(fw_verbose)
VNET_DECLARE(struct ip_fw_chain, layer3_chain);
#define V_layer3_chain VNET(layer3_chain)
VNET_DECLARE(u_int32_t, set_disable);
#define V_set_disable VNET(set_disable)
VNET_DECLARE(int, autoinc_step);
#define V_autoinc_step VNET(autoinc_step)
VNET_DECLARE(unsigned int, fw_tables_max);
#define V_fw_tables_max VNET(fw_tables_max)
struct ip_fw_chain {
struct ip_fw *rules; /* list of rules */
struct ip_fw *reap; /* list of rules to reap */
struct ip_fw *default_rule;
int n_rules; /* number of static rules */
int static_len; /* total len of static rules */
struct ip_fw **map; /* array of rule ptrs to ease lookup */
LIST_HEAD(nat_list, cfg_nat) nat; /* list of nat entries */
struct radix_node_head **tables; /* IPv4 tables */
struct radix_node_head **xtables; /* extended tables */
uint8_t *tabletype; /* Array of table types */
#if defined( __linux__ ) || defined( _WIN32 )
spinlock_t rwmtx;
spinlock_t uh_lock;
#else
struct rwlock rwmtx;
struct rwlock uh_lock; /* lock for upper half */
#endif
uint32_t id; /* ruleset id */
uint32_t gencnt; /* generation count */
};
struct sockopt; /* used by tcp_var.h */
/*
* The lock is heavily used by ip_fw2.c (the main file) and ip_fw_nat.c
* so the variable and the macros must be here.
*/
#define IPFW_LOCK_INIT(_chain) do { \
rw_init(&(_chain)->rwmtx, "IPFW static rules"); \
rw_init(&(_chain)->uh_lock, "IPFW UH lock"); \
} while (0)
#define IPFW_LOCK_DESTROY(_chain) do { \
rw_destroy(&(_chain)->rwmtx); \
rw_destroy(&(_chain)->uh_lock); \
} while (0)
#define IPFW_WLOCK_ASSERT(_chain) rw_assert(&(_chain)->rwmtx, RA_WLOCKED)
#define IPFW_RLOCK(p) rw_rlock(&(p)->rwmtx)
#define IPFW_RUNLOCK(p) rw_runlock(&(p)->rwmtx)
#define IPFW_WLOCK(p) rw_wlock(&(p)->rwmtx)
#define IPFW_WUNLOCK(p) rw_wunlock(&(p)->rwmtx)
#define IPFW_UH_RLOCK(p) rw_rlock(&(p)->uh_lock)
#define IPFW_UH_RUNLOCK(p) rw_runlock(&(p)->uh_lock)
#define IPFW_UH_WLOCK(p) rw_wlock(&(p)->uh_lock)
#define IPFW_UH_WUNLOCK(p) rw_wunlock(&(p)->uh_lock)
/* In ip_fw_sockopt.c */
int ipfw_find_rule(struct ip_fw_chain *chain, uint32_t key, uint32_t id);
int ipfw_add_rule(struct ip_fw_chain *chain, struct ip_fw *input_rule);
int ipfw_ctl(struct sockopt *sopt);
int ipfw_chk(struct ip_fw_args *args);
void ipfw_reap_rules(struct ip_fw *head);
/* In ip_fw_pfil */
int ipfw_check_hook(void *arg, struct mbuf **m0, struct ifnet *ifp, int dir,
struct inpcb *inp);
/* In ip_fw_table.c */
struct radix_node;
int ipfw_lookup_table(struct ip_fw_chain *ch, uint16_t tbl, in_addr_t addr,
uint32_t *val);
int ipfw_lookup_table_extended(struct ip_fw_chain *ch, uint16_t tbl, void *paddr,
uint32_t *val, int type);
int ipfw_init_tables(struct ip_fw_chain *ch);
void ipfw_destroy_tables(struct ip_fw_chain *ch);
int ipfw_flush_table(struct ip_fw_chain *ch, uint16_t tbl);
int ipfw_add_table_entry(struct ip_fw_chain *ch, uint16_t tbl, void *paddr,
uint8_t plen, uint8_t mlen, uint8_t type, uint32_t value);
int ipfw_del_table_entry(struct ip_fw_chain *ch, uint16_t tbl, void *paddr,
uint8_t plen, uint8_t mlen, uint8_t type);
int ipfw_count_table(struct ip_fw_chain *ch, uint32_t tbl, uint32_t *cnt);
int ipfw_dump_table_entry(struct radix_node *rn, void *arg);
int ipfw_dump_table(struct ip_fw_chain *ch, ipfw_table *tbl);
int ipfw_count_xtable(struct ip_fw_chain *ch, uint32_t tbl, uint32_t *cnt);
int ipfw_dump_xtable(struct ip_fw_chain *ch, ipfw_xtable *tbl);
int ipfw_resize_tables(struct ip_fw_chain *ch, unsigned int ntables);
/* In ip_fw_nat.c -- XXX to be moved to ip_var.h */
extern struct cfg_nat *(*lookup_nat_ptr)(struct nat_list *, int);
typedef int ipfw_nat_t(struct ip_fw_args *, struct cfg_nat *, struct mbuf *);
typedef int ipfw_nat_cfg_t(struct sockopt *);
extern ipfw_nat_t *ipfw_nat_ptr;
#define IPFW_NAT_LOADED (ipfw_nat_ptr != NULL)
extern ipfw_nat_cfg_t *ipfw_nat_cfg_ptr;
extern ipfw_nat_cfg_t *ipfw_nat_del_ptr;
extern ipfw_nat_cfg_t *ipfw_nat_get_cfg_ptr;
extern ipfw_nat_cfg_t *ipfw_nat_get_log_ptr;
#endif /* _KERNEL */
#endif /* _IPFW2_PRIVATE_H */

1442
freebsd/sys/netinet/ipfw/ip_fw_sockopt.c
View File

File diff suppressed because it is too large Load Diff

763
freebsd/sys/netinet/ipfw/ip_fw_table.c
View File

@ -1,763 +0,0 @@
#include <machine/rtems-bsd-kernel-space.h>
/*-
* Copyright (c) 2004 Ruslan Ermilov and Vsevolod Lobko.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include <sys/cdefs.h>
__FBSDID("$FreeBSD$");
/*
* Lookup table support for ipfw
*
* Lookup tables are implemented (at the moment) using the radix
* tree used for routing tables. Tables store key-value entries, where
* keys are network prefixes (addr/masklen), and values are integers.
* As a degenerate case we can interpret keys as 32-bit integers
* (with a /32 mask).
*
* The table is protected by the IPFW lock even for manipulation coming
* from userland, because operations are typically fast.
*/
#include <rtems/bsd/local/opt_ipfw.h>
#include <rtems/bsd/local/opt_inet.h>
#ifndef INET
#error IPFIREWALL requires INET.
#endif /* INET */
#include <rtems/bsd/local/opt_inet6.h>
#include <rtems/bsd/sys/param.h>
#include <sys/systm.h>
#include <sys/malloc.h>
#include <sys/kernel.h>
#include <rtems/bsd/sys/lock.h>
#include <sys/rwlock.h>
#include <sys/socket.h>
#include <net/if.h> /* ip_fw.h requires IFNAMSIZ */
#include <net/radix.h>
#include <net/route.h>
#include <net/vnet.h>
#include <netinet/in.h>
#include <netinet/ip_var.h> /* struct ipfw_rule_ref */
#include <netinet/ip_fw.h>
#include <sys/queue.h> /* LIST_HEAD */
#include <netinet/ipfw/ip_fw_private.h>
#ifdef MAC
#include <security/mac/mac_framework.h>
#endif
MALLOC_DEFINE(M_IPFW_TBL, "ipfw_tbl", "IpFw tables");
struct table_entry {
struct radix_node rn[2];
struct sockaddr_in addr, mask;
u_int32_t value;
};
struct xaddr_iface {
uint8_t if_len; /* length of this struct */
uint8_t pad[7]; /* Align name */
char ifname[IF_NAMESIZE]; /* Interface name */
};
struct table_xentry {
struct radix_node rn[2];
union {
#ifdef INET6
struct sockaddr_in6 addr6;
#endif
struct xaddr_iface iface;
} a;
union {
#ifdef INET6
struct sockaddr_in6 mask6;
#endif
struct xaddr_iface ifmask;
} m;
u_int32_t value;
};
/*
* The radix code expects addr and mask to be array of bytes,
* with the first byte being the length of the array. rn_inithead
* is called with the offset in bits of the lookup key within the
* array. If we use a sockaddr_in as the underlying type,
* sin_len is conveniently located at offset 0, sin_addr is at
* offset 4 and normally aligned.
* But for portability, let's avoid assumption and make the code explicit
*/
#define KEY_LEN(v) *((uint8_t *)&(v))
#define KEY_OFS (8*offsetof(struct sockaddr_in, sin_addr))
/*
* Do not require radix to compare more than actual IPv4/IPv6 address
*/
#define KEY_LEN_INET (offsetof(struct sockaddr_in, sin_addr) + sizeof(in_addr_t))
#define KEY_LEN_INET6 (offsetof(struct sockaddr_in6, sin6_addr) + sizeof(struct in6_addr))
#define KEY_LEN_IFACE (offsetof(struct xaddr_iface, ifname))
#define OFF_LEN_INET (8 * offsetof(struct sockaddr_in, sin_addr))
#define OFF_LEN_INET6 (8 * offsetof(struct sockaddr_in6, sin6_addr))
#define OFF_LEN_IFACE (8 * offsetof(struct xaddr_iface, ifname))
static inline void
ipv6_writemask(struct in6_addr *addr6, uint8_t mask)
{
uint32_t *cp;
for (cp = (uint32_t *)addr6; mask >= 32; mask -= 32)
*cp++ = 0xFFFFFFFF;
*cp = htonl(mask ? ~((1 << (32 - mask)) - 1) : 0);
}
int
ipfw_add_table_entry(struct ip_fw_chain *ch, uint16_t tbl, void *paddr,
uint8_t plen, uint8_t mlen, uint8_t type, uint32_t value)
{
struct radix_node_head *rnh, **rnh_ptr;
struct table_entry *ent;
struct table_xentry *xent;
struct radix_node *rn;
in_addr_t addr;
int offset;
void *ent_ptr;
struct sockaddr *addr_ptr, *mask_ptr;
char c;
if (tbl >= V_fw_tables_max)
return (EINVAL);
switch (type) {
case IPFW_TABLE_CIDR:
if (plen == sizeof(in_addr_t)) {
#ifdef INET
/* IPv4 case */
if (mlen > 32)
return (EINVAL);
ent = malloc(sizeof(*ent), M_IPFW_TBL, M_WAITOK | M_ZERO);
ent->value = value;
/* Set 'total' structure length */
KEY_LEN(ent->addr) = KEY_LEN_INET;
KEY_LEN(ent->mask) = KEY_LEN_INET;
/* Set offset of IPv4 address in bits */
offset = OFF_LEN_INET;
ent->mask.sin_addr.s_addr = htonl(mlen ? ~((1 << (32 - mlen)) - 1) : 0);
addr = *((in_addr_t *)paddr);
ent->addr.sin_addr.s_addr = addr & ent->mask.sin_addr.s_addr;
/* Set pointers */
rnh_ptr = &ch->tables[tbl];
ent_ptr = ent;
addr_ptr = (struct sockaddr *)&ent->addr;
mask_ptr = (struct sockaddr *)&ent->mask;
#endif
#ifdef INET6
} else if (plen == sizeof(struct in6_addr)) {
/* IPv6 case */
if (mlen > 128)
return (EINVAL);
xent = malloc(sizeof(*xent), M_IPFW_TBL, M_WAITOK | M_ZERO);
xent->value = value;
/* Set 'total' structure length */
KEY_LEN(xent->a.addr6) = KEY_LEN_INET6;
KEY_LEN(xent->m.mask6) = KEY_LEN_INET6;
/* Set offset of IPv6 address in bits */
offset = OFF_LEN_INET6;
ipv6_writemask(&xent->m.mask6.sin6_addr, mlen);
memcpy(&xent->a.addr6.sin6_addr, paddr, sizeof(struct in6_addr));
APPLY_MASK(&xent->a.addr6.sin6_addr, &xent->m.mask6.sin6_addr);
/* Set pointers */
rnh_ptr = &ch->xtables[tbl];
ent_ptr = xent;
addr_ptr = (struct sockaddr *)&xent->a.addr6;
mask_ptr = (struct sockaddr *)&xent->m.mask6;
#endif
} else {
/* Unknown CIDR type */
return (EINVAL);
}
break;
case IPFW_TABLE_INTERFACE:
/* Check if string is terminated */
c = ((char *)paddr)[IF_NAMESIZE - 1];
((char *)paddr)[IF_NAMESIZE - 1] = '\0';
if (((mlen = strlen((char *)paddr)) == IF_NAMESIZE - 1) && (c != '\0'))
return (EINVAL);
/* Include last \0 into comparison */
mlen++;
xent = malloc(sizeof(*xent), M_IPFW_TBL, M_WAITOK | M_ZERO);
xent->value = value;
/* Set 'total' structure length */
KEY_LEN(xent->a.iface) = KEY_LEN_IFACE + mlen;
KEY_LEN(xent->m.ifmask) = KEY_LEN_IFACE + mlen;
/* Set offset of interface name in bits */
offset = OFF_LEN_IFACE;
memcpy(xent->a.iface.ifname, paddr, mlen);
/* Assume direct match */
/* TODO: Add interface pattern matching */
#if 0
memset(xent->m.ifmask.ifname, 0xFF, IF_NAMESIZE);
mask_ptr = (struct sockaddr *)&xent->m.ifmask;
#endif
/* Set pointers */
rnh_ptr = &ch->xtables[tbl];
ent_ptr = xent;
addr_ptr = (struct sockaddr *)&xent->a.iface;
mask_ptr = NULL;
break;
default:
return (EINVAL);
}
IPFW_WLOCK(ch);
/* Check if tabletype is valid */
if ((ch->tabletype[tbl] != 0) && (ch->tabletype[tbl] != type)) {
IPFW_WUNLOCK(ch);
free(ent_ptr, M_IPFW_TBL);
return (EINVAL);
}
/* Check if radix tree exists */
if ((rnh = *rnh_ptr) == NULL) {
IPFW_WUNLOCK(ch);
/* Create radix for a new table */
if (!rn_inithead((void **)&rnh, offset)) {
free(ent_ptr, M_IPFW_TBL);
return (ENOMEM);
}
IPFW_WLOCK(ch);
if (*rnh_ptr != NULL) {
/* Tree is already attached by other thread */
rn_detachhead((void **)&rnh);
rnh = *rnh_ptr;
/* Check table type another time */
if (ch->tabletype[tbl] != type) {
IPFW_WUNLOCK(ch);
free(ent_ptr, M_IPFW_TBL);
return (EINVAL);
}
} else {
*rnh_ptr = rnh;
/*
* Set table type. It can be set already
* (if we have IPv6-only table) but setting
* it another time does not hurt
*/
ch->tabletype[tbl] = type;
}
}
rn = rnh->rnh_addaddr(addr_ptr, mask_ptr, rnh, ent_ptr);
IPFW_WUNLOCK(ch);
if (rn == NULL) {
free(ent_ptr, M_IPFW_TBL);
return (EEXIST);
}
return (0);
}
int
ipfw_del_table_entry(struct ip_fw_chain *ch, uint16_t tbl, void *paddr,
uint8_t plen, uint8_t mlen, uint8_t type)
{
struct radix_node_head *rnh, **rnh_ptr;
struct table_entry *ent;
in_addr_t addr;
struct sockaddr_in sa, mask;
struct sockaddr *sa_ptr, *mask_ptr;
char c;
if (tbl >= V_fw_tables_max)
return (EINVAL);
switch (type) {
case IPFW_TABLE_CIDR:
if (plen == sizeof(in_addr_t)) {
/* Set 'total' structure length */
KEY_LEN(sa) = KEY_LEN_INET;
KEY_LEN(mask) = KEY_LEN_INET;
mask.sin_addr.s_addr = htonl(mlen ? ~((1 << (32 - mlen)) - 1) : 0);
addr = *((in_addr_t *)paddr);
sa.sin_addr.s_addr = addr & mask.sin_addr.s_addr;
rnh_ptr = &ch->tables[tbl];
sa_ptr = (struct sockaddr *)&sa;
mask_ptr = (struct sockaddr *)&mask;
#ifdef INET6
} else if (plen == sizeof(struct in6_addr)) {
/* IPv6 case */
if (mlen > 128)
return (EINVAL);
struct sockaddr_in6 sa6, mask6;
memset(&sa6, 0, sizeof(struct sockaddr_in6));
memset(&mask6, 0, sizeof(struct sockaddr_in6));
/* Set 'total' structure length */
KEY_LEN(sa6) = KEY_LEN_INET6;
KEY_LEN(mask6) = KEY_LEN_INET6;
ipv6_writemask(&mask6.sin6_addr, mlen);
memcpy(&sa6.sin6_addr, paddr, sizeof(struct in6_addr));
APPLY_MASK(&sa6.sin6_addr, &mask6.sin6_addr);
rnh_ptr = &ch->xtables[tbl];
sa_ptr = (struct sockaddr *)&sa6;
mask_ptr = (struct sockaddr *)&mask6;
#endif
} else {
/* Unknown CIDR type */
return (EINVAL);
}
break;
case IPFW_TABLE_INTERFACE:
/* Check if string is terminated */
c = ((char *)paddr)[IF_NAMESIZE - 1];
((char *)paddr)[IF_NAMESIZE - 1] = '\0';
if (((mlen = strlen((char *)paddr)) == IF_NAMESIZE - 1) && (c != '\0'))
return (EINVAL);
struct xaddr_iface ifname, ifmask;
memset(&ifname, 0, sizeof(ifname));
/* Include last \0 into comparison */
mlen++;
/* Set 'total' structure length */
KEY_LEN(ifname) = KEY_LEN_IFACE + mlen;
KEY_LEN(ifmask) = KEY_LEN_IFACE + mlen;
/* Assume direct match */
/* FIXME: Add interface pattern matching */
#if 0
memset(ifmask.ifname, 0xFF, IF_NAMESIZE);
mask_ptr = (struct sockaddr *)&ifmask;
#endif
mask_ptr = NULL;
memcpy(ifname.ifname, paddr, mlen);
/* Set pointers */
rnh_ptr = &ch->xtables[tbl];
sa_ptr = (struct sockaddr *)&ifname;
break;
default:
return (EINVAL);
}
IPFW_WLOCK(ch);
if ((rnh = *rnh_ptr) == NULL) {
IPFW_WUNLOCK(ch);
return (ESRCH);
}
if (ch->tabletype[tbl] != type) {
IPFW_WUNLOCK(ch);
return (EINVAL);
}
ent = (struct table_entry *)rnh->rnh_deladdr(sa_ptr, mask_ptr, rnh);
IPFW_WUNLOCK(ch);
if (ent == NULL)
return (ESRCH);
free(ent, M_IPFW_TBL);
return (0);
}
static int
flush_table_entry(struct radix_node *rn, void *arg)
{
struct radix_node_head * const rnh = arg;
struct table_entry *ent;
ent = (struct table_entry *)
rnh->rnh_deladdr(rn->rn_key, rn->rn_mask, rnh);
if (ent != NULL)
free(ent, M_IPFW_TBL);
return (0);
}
int
ipfw_flush_table(struct ip_fw_chain *ch, uint16_t tbl)
{
struct radix_node_head *rnh, *xrnh;
if (tbl >= V_fw_tables_max)
return (EINVAL);
/*
* We free both (IPv4 and extended) radix trees and
* clear table type here to permit table to be reused
* for different type without module reload
*/
IPFW_WLOCK(ch);
/* Set IPv4 table pointer to zero */
if ((rnh = ch->tables[tbl]) != NULL)
ch->tables[tbl] = NULL;
/* Set extended table pointer to zero */
if ((xrnh = ch->xtables[tbl]) != NULL)
ch->xtables[tbl] = NULL;
/* Zero table type */
ch->tabletype[tbl] = 0;
IPFW_WUNLOCK(ch);
if (rnh != NULL) {
rnh->rnh_walktree(rnh, flush_table_entry, rnh);
rn_detachhead((void **)&rnh);
}
if (xrnh != NULL) {
xrnh->rnh_walktree(xrnh, flush_table_entry, xrnh);
rn_detachhead((void **)&xrnh);
}
return (0);
}
void
ipfw_destroy_tables(struct ip_fw_chain *ch)
{
uint16_t tbl;
/* Flush all tables */
for (tbl = 0; tbl < V_fw_tables_max; tbl++)
ipfw_flush_table(ch, tbl);
/* Free pointers itself */
free(ch->tables, M_IPFW);
free(ch->xtables, M_IPFW);
free(ch->tabletype, M_IPFW);
}
int
ipfw_init_tables(struct ip_fw_chain *ch)
{
/* Allocate pointers */
ch->tables = malloc(V_fw_tables_max * sizeof(void *), M_IPFW, M_WAITOK | M_ZERO);
ch->xtables = malloc(V_fw_tables_max * sizeof(void *), M_IPFW, M_WAITOK | M_ZERO);
ch->tabletype = malloc(V_fw_tables_max * sizeof(uint8_t), M_IPFW, M_WAITOK | M_ZERO);
return (0);
}
int
ipfw_resize_tables(struct ip_fw_chain *ch, unsigned int ntables)
{
struct radix_node_head **tables, **xtables, *rnh;
struct radix_node_head **tables_old, **xtables_old;
uint8_t *tabletype, *tabletype_old;
unsigned int ntables_old, tbl;
/* Check new value for validity */
if (ntables > IPFW_TABLES_MAX)
ntables = IPFW_TABLES_MAX;
/* Allocate new pointers */
tables = malloc(ntables * sizeof(void *), M_IPFW, M_WAITOK | M_ZERO);
xtables = malloc(ntables * sizeof(void *), M_IPFW, M_WAITOK | M_ZERO);
tabletype = malloc(ntables * sizeof(uint8_t), M_IPFW, M_WAITOK | M_ZERO);
IPFW_WLOCK(ch);
tbl = (ntables >= V_fw_tables_max) ? V_fw_tables_max : ntables;
/* Copy old table pointers */
memcpy(tables, ch->tables, sizeof(void *) * tbl);
memcpy(xtables, ch->xtables, sizeof(void *) * tbl);
memcpy(tabletype, ch->tabletype, sizeof(uint8_t) * tbl);
/* Change pointers and number of tables */
tables_old = ch->tables;
xtables_old = ch->xtables;
tabletype_old = ch->tabletype;
ch->tables = tables;
ch->xtables = xtables;
ch->tabletype = tabletype;
ntables_old = V_fw_tables_max;
V_fw_tables_max = ntables;
IPFW_WUNLOCK(ch);
/* Check if we need to destroy radix trees */
if (ntables < ntables_old) {
for (tbl = ntables; tbl < ntables_old; tbl++) {
if ((rnh = tables_old[tbl]) != NULL) {
rnh->rnh_walktree(rnh, flush_table_entry, rnh);
rn_detachhead((void **)&rnh);
}
if ((rnh = xtables_old[tbl]) != NULL) {
rnh->rnh_walktree(rnh, flush_table_entry, rnh);
rn_detachhead((void **)&rnh);
}
}
}
/* Free old pointers */
free(tables_old, M_IPFW);
free(xtables_old, M_IPFW);
free(tabletype_old, M_IPFW);
return (0);
}
int
ipfw_lookup_table(struct ip_fw_chain *ch, uint16_t tbl, in_addr_t addr,
uint32_t *val)
{
struct radix_node_head *rnh;
struct table_entry *ent;
struct sockaddr_in sa;
if (tbl >= V_fw_tables_max)
return (0);
if ((rnh = ch->tables[tbl]) == NULL)
return (0);
KEY_LEN(sa) = KEY_LEN_INET;
sa.sin_addr.s_addr = addr;
ent = (struct table_entry *)(rnh->rnh_lookup(&sa, NULL, rnh));
if (ent != NULL) {
*val = ent->value;
return (1);
}
return (0);
}
int
ipfw_lookup_table_extended(struct ip_fw_chain *ch, uint16_t tbl, void *paddr,
uint32_t *val, int type)
{
struct radix_node_head *rnh;
struct table_xentry *xent;
struct sockaddr_in6 sa6;
struct xaddr_iface iface;
if (tbl >= V_fw_tables_max)
return (0);
if ((rnh = ch->xtables[tbl]) == NULL)
return (0);
switch (type) {
case IPFW_TABLE_CIDR:
KEY_LEN(sa6) = KEY_LEN_INET6;
memcpy(&sa6.sin6_addr, paddr, sizeof(struct in6_addr));
xent = (struct table_xentry *)(rnh->rnh_lookup(&sa6, NULL, rnh));
break;
case IPFW_TABLE_INTERFACE:
KEY_LEN(iface) = KEY_LEN_IFACE +
strlcpy(iface.ifname, (char *)paddr, IF_NAMESIZE) + 1;
/* Assume direct match */
/* FIXME: Add interface pattern matching */
xent = (struct table_xentry *)(rnh->rnh_lookup(&iface, NULL, rnh));
break;
default:
return (0);
}
if (xent != NULL) {
*val = xent->value;
return (1);
}
return (0);
}
static int
count_table_entry(struct radix_node *rn, void *arg)
{
u_int32_t * const cnt = arg;
(*cnt)++;
return (0);
}
int
ipfw_count_table(struct ip_fw_chain *ch, uint32_t tbl, uint32_t *cnt)
{
struct radix_node_head *rnh;
if (tbl >= V_fw_tables_max)
return (EINVAL);
*cnt = 0;
if ((rnh = ch->tables[tbl]) == NULL)
return (0);
rnh->rnh_walktree(rnh, count_table_entry, cnt);
return (0);
}
static int
dump_table_entry(struct radix_node *rn, void *arg)
{
struct table_entry * const n = (struct table_entry *)rn;
ipfw_table * const tbl = arg;
ipfw_table_entry *ent;
if (tbl->cnt == tbl->size)
return (1);
ent = &tbl->ent[tbl->cnt];
ent->tbl = tbl->tbl;
if (in_nullhost(n->mask.sin_addr))
ent->masklen = 0;
else
ent->masklen = 33 - ffs(ntohl(n->mask.sin_addr.s_addr));
ent->addr = n->addr.sin_addr.s_addr;
ent->value = n->value;
tbl->cnt++;
return (0);
}
int
ipfw_dump_table(struct ip_fw_chain *ch, ipfw_table *tbl)
{
struct radix_node_head *rnh;
if (tbl->tbl >= V_fw_tables_max)
return (EINVAL);
tbl->cnt = 0;
if ((rnh = ch->tables[tbl->tbl]) == NULL)
return (0);
rnh->rnh_walktree(rnh, dump_table_entry, tbl);
return (0);
}
static int
count_table_xentry(struct radix_node *rn, void *arg)
{
uint32_t * const cnt = arg;
(*cnt) += sizeof(ipfw_table_xentry);
return (0);
}
int
ipfw_count_xtable(struct ip_fw_chain *ch, uint32_t tbl, uint32_t *cnt)
{
struct radix_node_head *rnh;
if (tbl >= V_fw_tables_max)
return (EINVAL);
*cnt = 0;
if ((rnh = ch->tables[tbl]) != NULL)
rnh->rnh_walktree(rnh, count_table_xentry, cnt);
if ((rnh = ch->xtables[tbl]) != NULL)
rnh->rnh_walktree(rnh, count_table_xentry, cnt);
/* Return zero if table is empty */
if (*cnt > 0)
(*cnt) += sizeof(ipfw_xtable);
return (0);
}
static int
dump_table_xentry_base(struct radix_node *rn, void *arg)
{
struct table_entry * const n = (struct table_entry *)rn;
ipfw_xtable * const tbl = arg;
ipfw_table_xentry *xent;
/* Out of memory, returning */
if (tbl->cnt == tbl->size)
return (1);
xent = &tbl->xent[tbl->cnt];
xent->len = sizeof(ipfw_table_xentry);
xent->tbl = tbl->tbl;
if (in_nullhost(n->mask.sin_addr))
xent->masklen = 0;
else
xent->masklen = 33 - ffs(ntohl(n->mask.sin_addr.s_addr));
/* Save IPv4 address as deprecated IPv6 compatible */
xent->k.addr6.s6_addr32[3] = n->addr.sin_addr.s_addr;
xent->value = n->value;
tbl->cnt++;
return (0);
}
static int
dump_table_xentry_extended(struct radix_node *rn, void *arg)
{
struct table_xentry * const n = (struct table_xentry *)rn;
ipfw_xtable * const tbl = arg;
ipfw_table_xentry *xent;
#ifdef INET6
int i;
uint32_t *v;
#endif
/* Out of memory, returning */
if (tbl->cnt == tbl->size)
return (1);
xent = &tbl->xent[tbl->cnt];
xent->len = sizeof(ipfw_table_xentry);
xent->tbl = tbl->tbl;
switch (tbl->type) {
#ifdef INET6
case IPFW_TABLE_CIDR:
/* Count IPv6 mask */
v = (uint32_t *)&n->m.mask6.sin6_addr;
for (i = 0; i < sizeof(struct in6_addr) / 4; i++, v++)
xent->masklen += bitcount32(*v);
memcpy(&xent->k, &n->a.addr6.sin6_addr, sizeof(struct in6_addr));
break;
#endif
case IPFW_TABLE_INTERFACE:
/* Assume exact mask */
xent->masklen = 8 * IF_NAMESIZE;
memcpy(&xent->k, &n->a.iface.ifname, IF_NAMESIZE);
break;
default:
/* unknown, skip entry */
return (0);
}
xent->value = n->value;
tbl->cnt++;
return (0);
}
int
ipfw_dump_xtable(struct ip_fw_chain *ch, ipfw_xtable *tbl)
{
struct radix_node_head *rnh;
if (tbl->tbl >= V_fw_tables_max)
return (EINVAL);
tbl->cnt = 0;
tbl->type = ch->tabletype[tbl->tbl];
if ((rnh = ch->tables[tbl->tbl]) != NULL)
rnh->rnh_walktree(rnh, dump_table_xentry_base, tbl);
if ((rnh = ch->xtables[tbl->tbl]) != NULL)
rnh->rnh_walktree(rnh, dump_table_xentry_extended, tbl);
return (0);
}
/* end of file */