mbuf_tags - a framework for generic packet attributes
#include <sys/mbuf.h>
struct m_tag *
m_tag_get(int type, int len, int flags);
void
m_tag_free(struct m_tag *tag);
struct m_tag *
m_tag_find(struct mbuf *mbuf, int type, struct m_tag *tag);
void
m_tag_prepend(struct mbuf *mbuf, struct m_tag *tag);
void
m_tag_unlink(struct mbuf *mbuf, struct m_tag *tag);
void
m_tag_delete(struct mbuf *mbuf, struct m_tag *tag);
struct m_tag *
m_tag_copy(struct m_tag *tag);
void
m_tag_delete_chain(struct mbuf *mbuf, struct m_tag *tag);
void
m_tag_init(struct mbuf *mbuf);
int
m_tag_copy_chain(struct mbuf *mbuf, struct mbuf *mbuf2);
struct m_tag *
m_tag_first(struct mbuf *mbuf);
struct m_tag *
m_tag_next(struct mbuf *mbuf, struct m_tag *tag);
These functions allow the manipulation of generic packet attributes.
They are used by the kernel to keep track of operations done
or scheduled
to happen to packets. These attributes are attached to mbuf
packet headers.
m_tag_get() allocates a new tag of type type with len bytes
of space following
the tag header itself. The flag argument is passed
directly to
malloc(9). If successful, m_tag_get() returns a memory
buffer of (len +
sizeof (struct m_tag)) bytes. The first sizeof(struct
m_tag) bytes contain
a struct m_tag:
struct m_tag {
SLIST_ENTRY(m_tag) m_tag_link; /* List of
packet tags */
u_int16_t m_tag_id; /* Tag ID */
u_int16_t m_tag_len; /* Length of
data */
};
The m_tag_link field is used to link tags together (see
queue(3) for more
details). The m_tag_id and m_tag_len fields are set to type
and len respectively.
Following this structure are len bytes of space
that can be
used to store tag-specific information.
The currently defined tag types are:
PACKET_TAG_NONE
This should never be used.
PACKET_TAG_IPSEC_IN_DONE
Used by ipsec(4) to indicate successful processing performed
on an input packet. The tag contains a
struct
tdb_ident, as defined in
sys/netinet/ip_ipsp.h, identifying
the security association under which the packet arrived.
PACKET_TAG_IPSEC_OUT_DONE
Used by IPsec to indicate that an output packet has been
IPsec-processed. The tag contains a struct
tdb_ident identifying
the security association applied to
the packet.
This tag is primarily used to detect and avoid
loops in
IPsec processing on output.
PACKET_TAG_IPSEC_IN_CRYPTO_DONE
Used by network cards that implement on-board
IPsec processing
to indicate that the crypto processing
of an IPsec
packet has been done. The tag contains a
struct tdb_ident
identifying the security association under
which the packet
arrived.
PACKET_TAG_IPSEC_OUT_CRYPTO_NEEDED
Used by the IPsec stack to signal to network
cards that implement
on-board IPsec processing that such
processing is
needed. The tag contains a struct tdb_ident
identifying
the security association that should be applied. The packet
is already formatted for the appropriate
security protocol.
PACKET_TAG_IPSEC_IN_COULD_DO_CRYPTO
Used by network cards that implement on-board
IPsec processing
to indicate to the IPsec stack that
cryptographic
processing could be deferred to hardware. The
tag contains
a struct tdb_ident identifying the security
association
that could be offloaded to the network card.
PACKET_TAG_IPSEC_PENDING_TDB
Used by the IPsec stack to keep track of IPsec
processing
that should happen to the packet on output.
The tag contains
a struct tdb_ident identifying the security association
that should be applied at the next loop
of IPsec processing.
PACKET_TAG_BRIDGE
Used by the bridge(4) code to detect loops in
bridge processing.
The tag contains a pointer to the
bridge interface
that already forwarded the frame.
PACKET_TAG_GIF
Used by the gif(4) interface to detect loops
in processing.
The tag contains a pointer to the gif interface that already
processed the packet.
PACKET_TAG_GRE
Used by the gre(4) interface to detect loops
in processing.
The tag contains a pointer to the gre interface that already
processed the packet.
PACKET_TAG_IN_PACKET_CHECKSUM
Used by network cards that can compute complete packet
checksums to pass that information to higherlevel protocols.
The tag contains the 2 byte checksum of
the packet.
PACKET_TAG_PF_GENERATED
Used to mark packets generated by the packet
filter pf(4).
Packets with this tag are not tested by pf but
passed unconditionally.
Contains no data.
PACKET_TAG_PF_ROUTED
Used to mark packets routed by the packet filter pf(4).
Packets with this tag are not tested by pf
more than once
to prevent loops caused by subsequent matching
routing
rules. Contains no data.
PACKET_TAG_PF_FRAGCACHE
Used to mark fragmented packets cached by the
packet filter
pf(4). Packets with this tag have been cached
by the fragment
cache already and will short circuit it
if processed
again. If they were to re-enter the fragcache, they would
be indistinguishable from a duplicate of a
previous packet
and would be dropped. Contains no data.
PACKET_TAG_PF_QID
Used by pf(4) for queueing. The tag contains
the ID of the
queue this packet should go to.
PACKET_TAG_PF_TAG
Used by pf(4) to tag packets and filtering on
those later
on.
PACKET_TAG_PF_TRANSLATE_LOCALHOST
Used by pf(4) to mark TCP and UDP packets
redirected to
loopback addresses. The functions tcp_input()
and udp_input()
reverse the order of lookups in
in_pcblookup_listen(),
when this tag is present, so unspecific
listeners
are matched before specific ones. This prevents external
connections from appearing local to daemons
such as
portmap(8) listening on both unspecific and
specific loopback
sockets in order to grant higher privileges to local
users.
m_tag_free() de-allocates a tag.
m_tag_find() finds an instance of a tag of type type attached to packet
mbuf. If tag is NULL, the first such tag is returned. Otherwise, the
first tag of type type after tag is returned. If no such
tag is found,
NULL is returned.
m_tag_prepend() adds the new tag tag at the head of the tag
list for
packet mbuf.
m_tag_unlink() removes tag tag from the list of tags of
packet mbuf.
m_tag_delete() removes and then de-allocates tag tag from
the list of
tags of packet mbuf.
m_tag_copy() creates an unlinked copy of tag tag.
m_tag_delete_chain() deletes all tags attached to packet
mbuf following
tag tag. If tag is NULL, all tags are deleted.
m_tag_init() initializes the tag storage for packet mbuf.
m_tag_copy_chain() copies all tags from packet mbuf to packet mbuf2. On
success, it returns 1. Otherwise, it returns 0.
m_tag_first() returns the first tag attached to packet mbuf.
m_tag_next() returns the tag following tag in packet mbuf.
The M_MOVE_PKTHDR() and M_MOVE_HDR() macros defined in
sys/sys/mbuf.h
move the tags from the old to the new mbuf. The
M_DUP_PKTHDR() and
M_DUP_HDR() macros create copies of the tag chain for the
new mbuf.
The tag-manipulating code is contained in the file
sys/kern/uipc_mbuf2.c.
bridge(4), gif(4), gre(4), ipsec(4), pf(4), malloc(9)
The packet tags first appeared in OpenBSD 2.9 and were written by Angelos
D. Keromytis <angelos@openbsd.org>.
OpenBSD 3.6 June 25, 2001
[ Back ] |