From owner-freebsd-net@FreeBSD.ORG Thu Dec 11 12:50:41 2008 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id E81161065672 for ; Thu, 11 Dec 2008 12:50:41 +0000 (UTC) (envelope-from rrs@lakerest.net) Received: from lakerest.net (unknown [IPv6:2001:240:585:2:203:6dff:fe1a:4ddc]) by mx1.freebsd.org (Postfix) with ESMTP id 7FABC8FC17 for ; Thu, 11 Dec 2008 12:50:41 +0000 (UTC) (envelope-from rrs@lakerest.net) Received: from [10.1.1.54] ([10.1.1.54]) (authenticated bits=0) by lakerest.net (8.14.1/8.14.1) with ESMTP id mBBCoeOP099217 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NOT) for ; Thu, 11 Dec 2008 07:50:40 -0500 (EST) (envelope-from rrs@lakerest.net) DKIM-Signature: a=rsa-sha1; c=simple/simple; d=lakerest.net; s=mail; t=1228999840; h=Message-Id:From:To:In-Reply-To:Content-Type: Mime-Version:Subject:Date:References:X-Mailer; b=p6Tt01SimSQEYYSqo0 +5olaZKHbzBExlSxmBG7S8CPgF+YI7RZ2UezFzactNljknNnha/IKILM4h3E1mPKBPc g== Message-Id: <24BD4A21-E10D-4E09-8C33-3FCF930A0495@lakerest.net> From: Randall Stewart To: freebsd-net In-Reply-To: <200811201450.30016.max@love2party.net> Content-Type: multipart/mixed; boundary=Apple-Mail-25--562946916 Mime-Version: 1.0 (Apple Message framework v929.2) Date: Thu, 11 Dec 2008 07:50:39 -0500 References: <49249443.8050707@elischer.org> <76CF7D15-251F-4E43-86BE-AD96F48AF123@lakerest.net> <200811201450.30016.max@love2party.net> X-Mailer: Apple Mail (2.929.2) Subject: Heads up --- Thinking about UDP and tunneling X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 11 Dec 2008 12:50:42 -0000 --Apple-Mail-25--562946916 Content-Type: text/plain; charset=US-ASCII; format=flowed Content-Transfer-Encoding: 7bit All: Ok here is what I have come up with.. going along the lines of Max's suggestion.. its pretty clean I think. Comments would be most welcome.. The only thing possibly a bit dodgy is that 1) UDP has no per-protocol block. 2) Instead of creating one, I am using the block pointer in the inp as the function pointer for the tunneling. What this means if we EVERY did add a per protocol structure for UDP we would need to move the function pointer in there.. The nice thing it does is make it so we have no structural changes to the code... i.e. complete compatibility... no changes to inp or other UDP structures :-) Here is the patch.. please send comments ;-D --Apple-Mail-25--562946916 Content-Disposition: attachment; filename=diff_for_udp Content-Type: application/octet-stream; x-unix-mode=0644; name="diff_for_udp" Content-Transfer-Encoding: 7bit Index: netinet/udp_var.h =================================================================== --- netinet/udp_var.h (revision 185928) +++ netinet/udp_var.h (working copy) @@ -107,6 +107,10 @@ void udp_input(struct mbuf *, int); struct inpcb *udp_notify(struct inpcb *inp, int errno); int udp_shutdown(struct socket *so); + + +typedef void(*udp_tunnel_function)(struct mbuf *, int off); +int udp_set_kernel_tunneling(struct socket *so, udp_tunnel_function f); #endif #endif Index: netinet/udp_usrreq.c =================================================================== --- netinet/udp_usrreq.c (revision 185928) +++ netinet/udp_usrreq.c (working copy) @@ -563,6 +563,18 @@ INP_RUNLOCK(inp); goto badunlocked; } + if (inp->inp_ppcb) { + /* Engage the tunneling protocol + * we must make sure all locks + * are released when we call the + * tunneling protocol. + */ + udp_tunnel_function tunnel_func; + tunnel_func = (udp_tunnel_function)inp->inp_ppcb; + INP_RUNLOCK(inp); + tunnel_func(m, iphlen); + return; + } udp_append(inp, ip, m, iphlen + sizeof(struct udphdr), &udp_in); INP_RUNLOCK(inp); return; @@ -1138,10 +1150,45 @@ INP_INFO_WUNLOCK(&V_udbinfo); inp->inp_vflag |= INP_IPV4; inp->inp_ip_ttl = V_ip_defttl; + /* + * UDP does not have a per-protocol + * pcb (inp->inp_ppcb). We use this + * pointer for kernel tunneling pointer. + * If we ever need to have a protocol + * block we will need to move this + * function pointer there. Null + * in this pointer means "do the normal + * thing". + */ + inp->inp_ppcb = NULL; INP_WUNLOCK(inp); return (0); } +int +udp_set_kernel_tunneling(struct socket *so, udp_tunnel_function f) +{ + struct inpcb *inp; + inp = (struct inpcb *)so->so_pcb; + + if (so->so_type != SOCK_DGRAM) { + /* Not UDP socket... sorry */ + return (ENOTSUP); + } + if (inp == NULL) { + /* NULL INP? */ + return (EINVAL); + } + if (inp->inp_lport == 0) { + /* Not bound */ + return (EINVAL); + } + INP_WLOCK(inp); + inp->inp_ppcb = f; + INP_WUNLOCK(inp); + return (0); +} + static int udp_bind(struct socket *so, struct sockaddr *nam, struct thread *td) { Index: netinet6/udp6_usrreq.c =================================================================== --- netinet6/udp6_usrreq.c (revision 185928) +++ netinet6/udp6_usrreq.c (working copy) @@ -354,6 +354,18 @@ } INP_RLOCK(inp); INP_INFO_RUNLOCK(&V_udbinfo); + if (inp->inp_ppcb) { + /* Engage the tunneling protocol + * we must make sure all locks + * are released when we call the + * tunneling protocol. + */ + udp_tunnel_function tunnel_func; + tunnel_func = (udp_tunnel_function)inp->inp_ppcb; + INP_RUNLOCK(inp); + tunnel_func(m, off); + return (IPPROTO_DONE); + } udp6_append(inp, m, off, &fromsa); INP_RUNLOCK(inp); return (IPPROTO_DONE); --Apple-Mail-25--562946916 Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes Content-Transfer-Encoding: 7bit On Nov 20, 2008, at 8:50 AM, Max Laier wrote: > On Thursday 20 November 2008 14:00:11 Randall Stewart wrote: >> On Nov 19, 2008, at 5:33 PM, Julian Elischer wrote: >>>> Its not new, its the same ip header.. >>>> Its just you go into the mbuf chain and take out >>>> the udp header... >>> >>> well you can't do that at the socket buffer becasue you've discarded >>> the IP header. It may not even be in the mbufs you have. (though >>> it's >>> unlikely). After you've processed the UDP part the IP part is gone >>> so >>> you'd need to intercept the packet way earlier and then do your >>> own UDP processing, (or maybe attach the IP header onto it with a >>> tag). >> >> One would definitely have to do some work in udp_input() not a lot >> from >> what I can tell... but it would take some work. >> >> Maybe good course is to use the socket(9) stuff, but add an option >> that can set a "by-pass function" if the socket is udp... right >> after you establish the INP the packet goes to, if the function is >> set, you engage the bypass... > > This sounds reasonable. One would only have to replace calls to > udp_append in > udp_input with the by-pass function et voila. Should be clean > enough. There > might be some problems with holding the socket lock, though. > > For the record, I don't like all the UDP-tunneling madness either, > but it > seems that we are stuck with it ... so we should at least try to > come up with > a somewhat reasonable implementation for this hackery. > > -- > /"\ Best regards, | mlaier@freebsd.org > \ / Max Laier | ICQ #67774661 > X http://pf4freebsd.love2party.net/ | mlaier@EFnet > / \ ASCII Ribbon Campaign | Against HTML Mail and News > ------------------------------ Randall Stewart 803-317-4952 (cell) 803-345-0391(direct) --Apple-Mail-25--562946916--