xref: /haiku/src/libs/compat/freebsd_network/fbsd_uipc_mbuf.c (revision 495060760727dd782c9f8a90db71e5d727f19748)
1 /*-
2  * Copyright (c) 1982, 1986, 1988, 1991, 1993
3  *	The Regents of the University of California.  All rights reserved.
4  *
5  * Redistribution and use in source and binary forms, with or without
6  * modification, are permitted provided that the following conditions
7  * are met:
8  * 1. Redistributions of source code must retain the above copyright
9  *    notice, this list of conditions and the following disclaimer.
10  * 2. Redistributions in binary form must reproduce the above copyright
11  *    notice, this list of conditions and the following disclaimer in the
12  *    documentation and/or other materials provided with the distribution.
13  * 4. Neither the name of the University nor the names of its contributors
14  *    may be used to endorse or promote products derived from this software
15  *    without specific prior written permission.
16  *
17  * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
18  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
19  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
20  * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
21  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
22  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
23  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
24  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
25  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
26  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
27  * SUCH DAMAGE.
28  *
29  *	@(#)uipc_mbuf.c	8.2 (Berkeley) 1/4/94
30  */
31 
32 #include <sys/cdefs.h>
33 __FBSDID("$FreeBSD: stable/11/sys/kern/uipc_mbuf.c 331847 2018-03-31 17:28:30Z avos $");
34 
35 #include <sys/param.h>
36 #include <sys/systm.h>
37 #include <sys/kernel.h>
38 #include <sys/limits.h>
39 #include <sys/lock.h>
40 #include <sys/malloc.h>
41 #include <sys/mbuf.h>
42 #include <sys/sysctl.h>
43 #include <sys/protosw.h>
44 #include <sys/uio.h>
45 
46 #if 0
47 SDT_PROBE_DEFINE5_XLATE(sdt, , , m__init,
48     "struct mbuf *", "mbufinfo_t *",
49     "uint32_t", "uint32_t",
50     "uint16_t", "uint16_t",
51     "uint32_t", "uint32_t",
52     "uint32_t", "uint32_t");
53 
54 SDT_PROBE_DEFINE3_XLATE(sdt, , , m__gethdr,
55     "uint32_t", "uint32_t",
56     "uint16_t", "uint16_t",
57     "struct mbuf *", "mbufinfo_t *");
58 
59 SDT_PROBE_DEFINE3_XLATE(sdt, , , m__get,
60     "uint32_t", "uint32_t",
61     "uint16_t", "uint16_t",
62     "struct mbuf *", "mbufinfo_t *");
63 
64 SDT_PROBE_DEFINE4_XLATE(sdt, , , m__getcl,
65     "uint32_t", "uint32_t",
66     "uint16_t", "uint16_t",
67     "uint32_t", "uint32_t",
68     "struct mbuf *", "mbufinfo_t *");
69 
70 SDT_PROBE_DEFINE3_XLATE(sdt, , , m__clget,
71     "struct mbuf *", "mbufinfo_t *",
72     "uint32_t", "uint32_t",
73     "uint32_t", "uint32_t");
74 
75 SDT_PROBE_DEFINE4_XLATE(sdt, , , m__cljget,
76     "struct mbuf *", "mbufinfo_t *",
77     "uint32_t", "uint32_t",
78     "uint32_t", "uint32_t",
79     "void*", "void*");
80 
81 SDT_PROBE_DEFINE(sdt, , , m__cljset);
82 
83 SDT_PROBE_DEFINE1_XLATE(sdt, , , m__free,
84         "struct mbuf *", "mbufinfo_t *");
85 
86 SDT_PROBE_DEFINE1_XLATE(sdt, , , m__freem,
87     "struct mbuf *", "mbufinfo_t *");
88 
89 #include <security/mac/mac_framework.h>
90 
91 int	max_linkhdr;
92 int	max_protohdr;
93 int	max_hdr;
94 int	max_datalen;
95 #ifdef MBUF_STRESS_TEST
96 int	m_defragpackets;
97 int	m_defragbytes;
98 int	m_defraguseless;
99 int	m_defragfailure;
100 int	m_defragrandomfailures;
101 #endif
102 
103 /*
104  * sysctl(8) exported objects
105  */
106 SYSCTL_INT(_kern_ipc, KIPC_MAX_LINKHDR, max_linkhdr, CTLFLAG_RD,
107 	   &max_linkhdr, 0, "Size of largest link layer header");
108 SYSCTL_INT(_kern_ipc, KIPC_MAX_PROTOHDR, max_protohdr, CTLFLAG_RD,
109 	   &max_protohdr, 0, "Size of largest protocol layer header");
110 SYSCTL_INT(_kern_ipc, KIPC_MAX_HDR, max_hdr, CTLFLAG_RD,
111 	   &max_hdr, 0, "Size of largest link plus protocol header");
112 SYSCTL_INT(_kern_ipc, KIPC_MAX_DATALEN, max_datalen, CTLFLAG_RD,
113 	   &max_datalen, 0, "Minimum space left in mbuf after max_hdr");
114 #ifdef MBUF_STRESS_TEST
115 SYSCTL_INT(_kern_ipc, OID_AUTO, m_defragpackets, CTLFLAG_RD,
116 	   &m_defragpackets, 0, "");
117 SYSCTL_INT(_kern_ipc, OID_AUTO, m_defragbytes, CTLFLAG_RD,
118 	   &m_defragbytes, 0, "");
119 SYSCTL_INT(_kern_ipc, OID_AUTO, m_defraguseless, CTLFLAG_RD,
120 	   &m_defraguseless, 0, "");
121 SYSCTL_INT(_kern_ipc, OID_AUTO, m_defragfailure, CTLFLAG_RD,
122 	   &m_defragfailure, 0, "");
123 SYSCTL_INT(_kern_ipc, OID_AUTO, m_defragrandomfailures, CTLFLAG_RW,
124 	   &m_defragrandomfailures, 0, "");
125 #endif
126 #endif
127 
128 /*
129  * Ensure the correct size of various mbuf parameters.  It could be off due
130  * to compiler-induced padding and alignment artifacts.
131  */
132 CTASSERT(MSIZE - offsetof(struct mbuf, m_dat) == MLEN);
133 CTASSERT(MSIZE - offsetof(struct mbuf, m_pktdat) == MHLEN);
134 
135 /*
136  * mbuf data storage should be 64-bit aligned regardless of architectural
137  * pointer size; check this is the case with and without a packet header.
138  */
139 CTASSERT(offsetof(struct mbuf, m_dat) % 8 == 0);
140 CTASSERT(offsetof(struct mbuf, m_pktdat) % 8 == 0);
141 
142 /*
143  * While the specific values here don't matter too much (i.e., +/- a few
144  * words), we do want to ensure that changes to these values are carefully
145  * reasoned about and properly documented.  This is especially the case as
146  * network-protocol and device-driver modules encode these layouts, and must
147  * be recompiled if the structures change.  Check these values at compile time
148  * against the ones documented in comments in mbuf.h.
149  *
150  * NB: Possibly they should be documented there via #define's and not just
151  * comments.
152  */
153 #ifndef __HAIKU__
154 #if defined(__LP64__)
155 CTASSERT(offsetof(struct mbuf, m_dat) == 32);
156 CTASSERT(sizeof(struct pkthdr) == 56);
157 CTASSERT(sizeof(struct m_ext) == 48);
158 #else
159 CTASSERT(offsetof(struct mbuf, m_dat) == 24);
160 CTASSERT(sizeof(struct pkthdr) == 48);
161 CTASSERT(sizeof(struct m_ext) == 28);
162 #endif
163 #endif
164 
165 /*
166  * Assert that the queue(3) macros produce code of the same size as an old
167  * plain pointer does.
168  */
169 #ifdef INVARIANTS
170 static struct mbuf __used m_assertbuf;
171 CTASSERT(sizeof(m_assertbuf.m_slist) == sizeof(m_assertbuf.m_next));
172 CTASSERT(sizeof(m_assertbuf.m_stailq) == sizeof(m_assertbuf.m_next));
173 CTASSERT(sizeof(m_assertbuf.m_slistpkt) == sizeof(m_assertbuf.m_nextpkt));
174 CTASSERT(sizeof(m_assertbuf.m_stailqpkt) == sizeof(m_assertbuf.m_nextpkt));
175 #endif
176 
177 /*
178  * Attach the cluster from *m to *n, set up m_ext in *n
179  * and bump the refcount of the cluster.
180  */
181 void
182 mb_dupcl(struct mbuf *n, struct mbuf *m)
183 {
184 	volatile u_int *refcnt;
185 
186 	KASSERT(m->m_flags & M_EXT, ("%s: M_EXT not set on %p", __func__, m));
187 	KASSERT(!(n->m_flags & M_EXT), ("%s: M_EXT set on %p", __func__, n));
188 
189 	n->m_ext = m->m_ext;
190 	n->m_flags |= M_EXT;
191 	n->m_flags |= m->m_flags & M_RDONLY;
192 
193 	/* See if this is the mbuf that holds the embedded refcount. */
194 	if (m->m_ext.ext_flags & EXT_FLAG_EMBREF) {
195 		refcnt = n->m_ext.ext_cnt = &m->m_ext.ext_count;
196 		n->m_ext.ext_flags &= ~EXT_FLAG_EMBREF;
197 	} else {
198 		KASSERT(m->m_ext.ext_cnt != NULL,
199 		    ("%s: no refcounting pointer on %p", __func__, m));
200 		refcnt = m->m_ext.ext_cnt;
201 	}
202 
203 	if (*refcnt == 1)
204 		*refcnt += 1;
205 	else
206 		atomic_add_int(refcnt, 1);
207 }
208 
209 void
210 m_demote_pkthdr(struct mbuf *m)
211 {
212 
213 	M_ASSERTPKTHDR(m);
214 
215 	m_tag_delete_chain(m, NULL);
216 	m->m_flags &= ~M_PKTHDR;
217 	bzero(&m->m_pkthdr, sizeof(struct pkthdr));
218 }
219 
220 /*
221  * Clean up mbuf (chain) from any tags and packet headers.
222  * If "all" is set then the first mbuf in the chain will be
223  * cleaned too.
224  */
225 void
226 m_demote(struct mbuf *m0, int all, int flags)
227 {
228 	struct mbuf *m;
229 
230 	for (m = all ? m0 : m0->m_next; m != NULL; m = m->m_next) {
231 		KASSERT(m->m_nextpkt == NULL, ("%s: m_nextpkt in m %p, m0 %p",
232 		    __func__, m, m0));
233 		if (m->m_flags & M_PKTHDR)
234 			m_demote_pkthdr(m);
235 		m->m_flags = m->m_flags & (M_EXT | M_RDONLY | M_NOFREE | flags);
236 	}
237 }
238 
239 /*
240  * Sanity checks on mbuf (chain) for use in KASSERT() and general
241  * debugging.
242  * Returns 0 or panics when bad and 1 on all tests passed.
243  * Sanitize, 0 to run M_SANITY_ACTION, 1 to garble things so they
244  * blow up later.
245  */
246 int
247 m_sanity(struct mbuf *m0, int sanitize)
248 {
249 	struct mbuf *m;
250 	caddr_t a, b;
251 	int pktlen = 0;
252 
253 #ifdef INVARIANTS
254 #define	M_SANITY_ACTION(s)	panic("mbuf %p: " s, m)
255 #else
256 #define	M_SANITY_ACTION(s)	printf("mbuf %p: " s, m)
257 #endif
258 
259 	for (m = m0; m != NULL; m = m->m_next) {
260 		/*
261 		 * Basic pointer checks.  If any of these fails then some
262 		 * unrelated kernel memory before or after us is trashed.
263 		 * No way to recover from that.
264 		 */
265 		a = M_START(m);
266 		b = a + M_SIZE(m);
267 		if ((caddr_t)m->m_data < a)
268 			M_SANITY_ACTION("m_data outside mbuf data range left");
269 		if ((caddr_t)m->m_data > b)
270 			M_SANITY_ACTION("m_data outside mbuf data range right");
271 		if ((caddr_t)m->m_data + m->m_len > b)
272 			M_SANITY_ACTION("m_data + m_len exeeds mbuf space");
273 
274 		/* m->m_nextpkt may only be set on first mbuf in chain. */
275 		if (m != m0 && m->m_nextpkt != NULL) {
276 			if (sanitize) {
277 				m_freem(m->m_nextpkt);
278 				m->m_nextpkt = (struct mbuf *)0xDEADC0DE;
279 			} else
280 				M_SANITY_ACTION("m->m_nextpkt on in-chain mbuf");
281 		}
282 
283 		/* packet length (not mbuf length!) calculation */
284 		if (m0->m_flags & M_PKTHDR)
285 			pktlen += m->m_len;
286 
287 		/* m_tags may only be attached to first mbuf in chain. */
288 		if (m != m0 && m->m_flags & M_PKTHDR &&
289 		    !SLIST_EMPTY(&m->m_pkthdr.tags)) {
290 			if (sanitize) {
291 				m_tag_delete_chain(m, NULL);
292 				/* put in 0xDEADC0DE perhaps? */
293 			} else
294 				M_SANITY_ACTION("m_tags on in-chain mbuf");
295 		}
296 
297 		/* M_PKTHDR may only be set on first mbuf in chain */
298 		if (m != m0 && m->m_flags & M_PKTHDR) {
299 			if (sanitize) {
300 				bzero(&m->m_pkthdr, sizeof(m->m_pkthdr));
301 				m->m_flags &= ~M_PKTHDR;
302 				/* put in 0xDEADCODE and leave hdr flag in */
303 			} else
304 				M_SANITY_ACTION("M_PKTHDR on in-chain mbuf");
305 		}
306 	}
307 	m = m0;
308 	if (pktlen && pktlen != m->m_pkthdr.len) {
309 		if (sanitize)
310 			m->m_pkthdr.len = 0;
311 		else
312 			M_SANITY_ACTION("m_pkthdr.len != mbuf chain length");
313 	}
314 	return 1;
315 
316 #undef	M_SANITY_ACTION
317 }
318 
319 /*
320  * Non-inlined part of m_init().
321  */
322 int
323 m_pkthdr_init(struct mbuf *m, int how)
324 {
325 #ifdef MAC
326 	int error;
327 #endif
328 	m->m_data = m->m_pktdat;
329 	bzero(&m->m_pkthdr, sizeof(m->m_pkthdr));
330 #ifdef MAC
331 	/* If the label init fails, fail the alloc */
332 	error = mac_mbuf_init(m, how);
333 	if (error)
334 		return (error);
335 #endif
336 
337 	return (0);
338 }
339 
340 /*
341  * "Move" mbuf pkthdr from "from" to "to".
342  * "from" must have M_PKTHDR set, and "to" must be empty.
343  */
344 void
345 m_move_pkthdr(struct mbuf *to, struct mbuf *from)
346 {
347 
348 #if 0
349 	/* see below for why these are not enabled */
350 	M_ASSERTPKTHDR(to);
351 	/* Note: with MAC, this may not be a good assertion. */
352 	KASSERT(SLIST_EMPTY(&to->m_pkthdr.tags),
353 	    ("m_move_pkthdr: to has tags"));
354 #endif
355 #ifdef MAC
356 	/*
357 	 * XXXMAC: It could be this should also occur for non-MAC?
358 	 */
359 	if (to->m_flags & M_PKTHDR)
360 		m_tag_delete_chain(to, NULL);
361 #endif
362 	to->m_flags = (from->m_flags & M_COPYFLAGS) | (to->m_flags & M_EXT);
363 	if ((to->m_flags & M_EXT) == 0)
364 		to->m_data = to->m_pktdat;
365 	to->m_pkthdr = from->m_pkthdr;		/* especially tags */
366 	SLIST_INIT(&from->m_pkthdr.tags);	/* purge tags from src */
367 	from->m_flags &= ~M_PKTHDR;
368 }
369 
370 /*
371  * Duplicate "from"'s mbuf pkthdr in "to".
372  * "from" must have M_PKTHDR set, and "to" must be empty.
373  * In particular, this does a deep copy of the packet tags.
374  */
375 int
376 m_dup_pkthdr(struct mbuf *to, const struct mbuf *from, int how)
377 {
378 
379 #if 0
380 	/*
381 	 * The mbuf allocator only initializes the pkthdr
382 	 * when the mbuf is allocated with m_gethdr(). Many users
383 	 * (e.g. m_copy*, m_prepend) use m_get() and then
384 	 * smash the pkthdr as needed causing these
385 	 * assertions to trip.  For now just disable them.
386 	 */
387 	M_ASSERTPKTHDR(to);
388 	/* Note: with MAC, this may not be a good assertion. */
389 	KASSERT(SLIST_EMPTY(&to->m_pkthdr.tags), ("m_dup_pkthdr: to has tags"));
390 #endif
391 	MBUF_CHECKSLEEP(how);
392 #ifdef MAC
393 	if (to->m_flags & M_PKTHDR)
394 		m_tag_delete_chain(to, NULL);
395 #endif
396 	to->m_flags = (from->m_flags & M_COPYFLAGS) | (to->m_flags & M_EXT);
397 	if ((to->m_flags & M_EXT) == 0)
398 		to->m_data = to->m_pktdat;
399 	to->m_pkthdr = from->m_pkthdr;
400 	SLIST_INIT(&to->m_pkthdr.tags);
401 	return (m_tag_copy_chain(to, from, how));
402 }
403 
404 /*
405  * Lesser-used path for M_PREPEND:
406  * allocate new mbuf to prepend to chain,
407  * copy junk along.
408  */
409 struct mbuf *
410 m_prepend(struct mbuf *m, int len, int how)
411 {
412 	struct mbuf *mn;
413 
414 	if (m->m_flags & M_PKTHDR)
415 		mn = m_gethdr(how, m->m_type);
416 	else
417 		mn = m_get(how, m->m_type);
418 	if (mn == NULL) {
419 		m_freem(m);
420 		return (NULL);
421 	}
422 	if (m->m_flags & M_PKTHDR)
423 		m_move_pkthdr(mn, m);
424 	mn->m_next = m;
425 	m = mn;
426 	if (len < M_SIZE(m))
427 		M_ALIGN(m, len);
428 	m->m_len = len;
429 	return (m);
430 }
431 
432 /*
433  * Make a copy of an mbuf chain starting "off0" bytes from the beginning,
434  * continuing for "len" bytes.  If len is M_COPYALL, copy to end of mbuf.
435  * The wait parameter is a choice of M_WAITOK/M_NOWAIT from caller.
436  * Note that the copy is read-only, because clusters are not copied,
437  * only their reference counts are incremented.
438  */
439 struct mbuf *
440 m_copym(struct mbuf *m, int off0, int len, int wait)
441 {
442 	struct mbuf *n, **np;
443 	int off = off0;
444 	struct mbuf *top;
445 	int copyhdr = 0;
446 
447 	KASSERT(off >= 0, ("m_copym, negative off %d", off));
448 	KASSERT(len >= 0, ("m_copym, negative len %d", len));
449 	MBUF_CHECKSLEEP(wait);
450 	if (off == 0 && m->m_flags & M_PKTHDR)
451 		copyhdr = 1;
452 	while (off > 0) {
453 		KASSERT(m != NULL, ("m_copym, offset > size of mbuf chain"));
454 		if (off < m->m_len)
455 			break;
456 		off -= m->m_len;
457 		m = m->m_next;
458 	}
459 	np = &top;
460 	top = NULL;
461 	while (len > 0) {
462 		if (m == NULL) {
463 			KASSERT(len == M_COPYALL,
464 			    ("m_copym, length > size of mbuf chain"));
465 			break;
466 		}
467 		if (copyhdr)
468 			n = m_gethdr(wait, m->m_type);
469 		else
470 			n = m_get(wait, m->m_type);
471 		*np = n;
472 		if (n == NULL)
473 			goto nospace;
474 		if (copyhdr) {
475 			if (!m_dup_pkthdr(n, m, wait))
476 				goto nospace;
477 			if (len == M_COPYALL)
478 				n->m_pkthdr.len -= off0;
479 			else
480 				n->m_pkthdr.len = len;
481 			copyhdr = 0;
482 		}
483 		n->m_len = min(len, m->m_len - off);
484 		if (m->m_flags & M_EXT) {
485 			n->m_data = m->m_data + off;
486 			mb_dupcl(n, m);
487 		} else
488 			bcopy(mtod(m, caddr_t)+off, mtod(n, caddr_t),
489 			    (u_int)n->m_len);
490 		if (len != M_COPYALL)
491 			len -= n->m_len;
492 		off = 0;
493 		m = m->m_next;
494 		np = &n->m_next;
495 	}
496 
497 	return (top);
498 nospace:
499 	m_freem(top);
500 	return (NULL);
501 }
502 
503 /*
504  * Copy an entire packet, including header (which must be present).
505  * An optimization of the common case `m_copym(m, 0, M_COPYALL, how)'.
506  * Note that the copy is read-only, because clusters are not copied,
507  * only their reference counts are incremented.
508  * Preserve alignment of the first mbuf so if the creator has left
509  * some room at the beginning (e.g. for inserting protocol headers)
510  * the copies still have the room available.
511  */
512 struct mbuf *
513 m_copypacket(struct mbuf *m, int how)
514 {
515 	struct mbuf *top, *n, *o;
516 
517 	MBUF_CHECKSLEEP(how);
518 	n = m_get(how, m->m_type);
519 	top = n;
520 	if (n == NULL)
521 		goto nospace;
522 
523 	if (!m_dup_pkthdr(n, m, how))
524 		goto nospace;
525 	n->m_len = m->m_len;
526 	if (m->m_flags & M_EXT) {
527 		n->m_data = m->m_data;
528 		mb_dupcl(n, m);
529 	} else {
530 		n->m_data = n->m_pktdat + (m->m_data - m->m_pktdat );
531 		bcopy(mtod(m, char *), mtod(n, char *), n->m_len);
532 	}
533 
534 	m = m->m_next;
535 	while (m) {
536 		o = m_get(how, m->m_type);
537 		if (o == NULL)
538 			goto nospace;
539 
540 		n->m_next = o;
541 		n = n->m_next;
542 
543 		n->m_len = m->m_len;
544 		if (m->m_flags & M_EXT) {
545 			n->m_data = m->m_data;
546 			mb_dupcl(n, m);
547 		} else {
548 			bcopy(mtod(m, char *), mtod(n, char *), n->m_len);
549 		}
550 
551 		m = m->m_next;
552 	}
553 	return top;
554 nospace:
555 	m_freem(top);
556 	return (NULL);
557 }
558 
559 /*
560  * Copy data from an mbuf chain starting "off" bytes from the beginning,
561  * continuing for "len" bytes, into the indicated buffer.
562  */
563 void
564 m_copydata(const struct mbuf *m, int off, int len, caddr_t cp)
565 {
566 	u_int count;
567 
568 	KASSERT(off >= 0, ("m_copydata, negative off %d", off));
569 	KASSERT(len >= 0, ("m_copydata, negative len %d", len));
570 	while (off > 0) {
571 		KASSERT(m != NULL, ("m_copydata, offset > size of mbuf chain"));
572 		if (off < m->m_len)
573 			break;
574 		off -= m->m_len;
575 		m = m->m_next;
576 	}
577 	while (len > 0) {
578 		KASSERT(m != NULL, ("m_copydata, length > size of mbuf chain"));
579 		count = min(m->m_len - off, len);
580 		bcopy(mtod(m, caddr_t) + off, cp, count);
581 		len -= count;
582 		cp += count;
583 		off = 0;
584 		m = m->m_next;
585 	}
586 }
587 
588 /*
589  * Copy a packet header mbuf chain into a completely new chain, including
590  * copying any mbuf clusters.  Use this instead of m_copypacket() when
591  * you need a writable copy of an mbuf chain.
592  */
593 struct mbuf *
594 m_dup(const struct mbuf *m, int how)
595 {
596 	struct mbuf **p, *top = NULL;
597 	int remain, moff, nsize;
598 
599 	MBUF_CHECKSLEEP(how);
600 	/* Sanity check */
601 	if (m == NULL)
602 		return (NULL);
603 	M_ASSERTPKTHDR(m);
604 
605 	/* While there's more data, get a new mbuf, tack it on, and fill it */
606 	remain = m->m_pkthdr.len;
607 	moff = 0;
608 	p = &top;
609 	while (remain > 0 || top == NULL) {	/* allow m->m_pkthdr.len == 0 */
610 		struct mbuf *n;
611 
612 		/* Get the next new mbuf */
613 		if (remain >= MINCLSIZE) {
614 			n = m_getcl(how, m->m_type, 0);
615 			nsize = MCLBYTES;
616 		} else {
617 			n = m_get(how, m->m_type);
618 			nsize = MLEN;
619 		}
620 		if (n == NULL)
621 			goto nospace;
622 
623 		if (top == NULL) {		/* First one, must be PKTHDR */
624 			if (!m_dup_pkthdr(n, m, how)) {
625 				m_free(n);
626 				goto nospace;
627 			}
628 			if ((n->m_flags & M_EXT) == 0)
629 				nsize = MHLEN;
630 			n->m_flags &= ~M_RDONLY;
631 		}
632 		n->m_len = 0;
633 
634 		/* Link it into the new chain */
635 		*p = n;
636 		p = &n->m_next;
637 
638 		/* Copy data from original mbuf(s) into new mbuf */
639 		while (n->m_len < nsize && m != NULL) {
640 			int chunk = min(nsize - n->m_len, m->m_len - moff);
641 
642 			bcopy(m->m_data + moff, n->m_data + n->m_len, chunk);
643 			moff += chunk;
644 			n->m_len += chunk;
645 			remain -= chunk;
646 			if (moff == m->m_len) {
647 				m = m->m_next;
648 				moff = 0;
649 			}
650 		}
651 
652 		/* Check correct total mbuf length */
653 		KASSERT((remain > 0 && m != NULL) || (remain == 0 && m == NULL),
654 		    	("%s: bogus m_pkthdr.len", __func__));
655 	}
656 	return (top);
657 
658 nospace:
659 	m_freem(top);
660 	return (NULL);
661 }
662 
663 /*
664  * Concatenate mbuf chain n to m.
665  * Both chains must be of the same type (e.g. MT_DATA).
666  * Any m_pkthdr is not updated.
667  */
668 void
669 m_cat(struct mbuf *m, struct mbuf *n)
670 {
671 	while (m->m_next)
672 		m = m->m_next;
673 	while (n) {
674 		if (!M_WRITABLE(m) ||
675 		    M_TRAILINGSPACE(m) < n->m_len) {
676 			/* just join the two chains */
677 			m->m_next = n;
678 			return;
679 		}
680 		/* splat the data from one into the other */
681 		bcopy(mtod(n, caddr_t), mtod(m, caddr_t) + m->m_len,
682 		    (u_int)n->m_len);
683 		m->m_len += n->m_len;
684 		n = m_free(n);
685 	}
686 }
687 
688 /*
689  * Concatenate two pkthdr mbuf chains.
690  */
691 void
692 m_catpkt(struct mbuf *m, struct mbuf *n)
693 {
694 
695 	M_ASSERTPKTHDR(m);
696 	M_ASSERTPKTHDR(n);
697 
698 	m->m_pkthdr.len += n->m_pkthdr.len;
699 	m_demote(n, 1, 0);
700 
701 	m_cat(m, n);
702 }
703 
704 void
705 m_adj(struct mbuf *mp, int req_len)
706 {
707 	int len = req_len;
708 	struct mbuf *m;
709 	int count;
710 
711 	if ((m = mp) == NULL)
712 		return;
713 	if (len >= 0) {
714 		/*
715 		 * Trim from head.
716 		 */
717 		while (m != NULL && len > 0) {
718 			if (m->m_len <= len) {
719 				len -= m->m_len;
720 				m->m_len = 0;
721 				m = m->m_next;
722 			} else {
723 				m->m_len -= len;
724 				m->m_data += len;
725 				len = 0;
726 			}
727 		}
728 		if (mp->m_flags & M_PKTHDR)
729 			mp->m_pkthdr.len -= (req_len - len);
730 	} else {
731 		/*
732 		 * Trim from tail.  Scan the mbuf chain,
733 		 * calculating its length and finding the last mbuf.
734 		 * If the adjustment only affects this mbuf, then just
735 		 * adjust and return.  Otherwise, rescan and truncate
736 		 * after the remaining size.
737 		 */
738 		len = -len;
739 		count = 0;
740 		for (;;) {
741 			count += m->m_len;
742 			if (m->m_next == (struct mbuf *)0)
743 				break;
744 			m = m->m_next;
745 		}
746 		if (m->m_len >= len) {
747 			m->m_len -= len;
748 			if (mp->m_flags & M_PKTHDR)
749 				mp->m_pkthdr.len -= len;
750 			return;
751 		}
752 		count -= len;
753 		if (count < 0)
754 			count = 0;
755 		/*
756 		 * Correct length for chain is "count".
757 		 * Find the mbuf with last data, adjust its length,
758 		 * and toss data from remaining mbufs on chain.
759 		 */
760 		m = mp;
761 		if (m->m_flags & M_PKTHDR)
762 			m->m_pkthdr.len = count;
763 		for (; m; m = m->m_next) {
764 			if (m->m_len >= count) {
765 				m->m_len = count;
766 				if (m->m_next != NULL) {
767 					m_freem(m->m_next);
768 					m->m_next = NULL;
769 				}
770 				break;
771 			}
772 			count -= m->m_len;
773 		}
774 	}
775 }
776 
777 /*
778  * Rearange an mbuf chain so that len bytes are contiguous
779  * and in the data area of an mbuf (so that mtod will work
780  * for a structure of size len).  Returns the resulting
781  * mbuf chain on success, frees it and returns null on failure.
782  * If there is room, it will add up to max_protohdr-len extra bytes to the
783  * contiguous region in an attempt to avoid being called next time.
784  */
785 struct mbuf *
786 m_pullup(struct mbuf *n, int len)
787 {
788 	struct mbuf *m;
789 	int count;
790 	int space;
791 
792 	/*
793 	 * If first mbuf has no cluster, and has room for len bytes
794 	 * without shifting current data, pullup into it,
795 	 * otherwise allocate a new mbuf to prepend to the chain.
796 	 */
797 	if ((n->m_flags & M_EXT) == 0 &&
798 	    n->m_data + len < &n->m_dat[MLEN] && n->m_next) {
799 		if (n->m_len >= len)
800 			return (n);
801 		m = n;
802 		n = n->m_next;
803 		len -= m->m_len;
804 	} else {
805 		if (len > MHLEN)
806 			goto bad;
807 		m = m_get(M_NOWAIT, n->m_type);
808 		if (m == NULL)
809 			goto bad;
810 		if (n->m_flags & M_PKTHDR)
811 			m_move_pkthdr(m, n);
812 	}
813 	space = &m->m_dat[MLEN] - (m->m_data + m->m_len);
814 	do {
815 		count = min(min(max(len, max_protohdr), space), n->m_len);
816 		bcopy(mtod(n, caddr_t), mtod(m, caddr_t) + m->m_len,
817 		  (u_int)count);
818 		len -= count;
819 		m->m_len += count;
820 		n->m_len -= count;
821 		space -= count;
822 		if (n->m_len)
823 			n->m_data += count;
824 		else
825 			n = m_free(n);
826 	} while (len > 0 && n);
827 	if (len > 0) {
828 		(void) m_free(m);
829 		goto bad;
830 	}
831 	m->m_next = n;
832 	return (m);
833 bad:
834 	m_freem(n);
835 	return (NULL);
836 }
837 
838 /*
839  * Like m_pullup(), except a new mbuf is always allocated, and we allow
840  * the amount of empty space before the data in the new mbuf to be specified
841  * (in the event that the caller expects to prepend later).
842  */
843 struct mbuf *
844 m_copyup(struct mbuf *n, int len, int dstoff)
845 {
846 	struct mbuf *m;
847 	int count, space;
848 
849 	if (len > (MHLEN - dstoff))
850 		goto bad;
851 	m = m_get(M_NOWAIT, n->m_type);
852 	if (m == NULL)
853 		goto bad;
854 	if (n->m_flags & M_PKTHDR)
855 		m_move_pkthdr(m, n);
856 	m->m_data += dstoff;
857 	space = &m->m_dat[MLEN] - (m->m_data + m->m_len);
858 	do {
859 		count = min(min(max(len, max_protohdr), space), n->m_len);
860 		memcpy(mtod(m, caddr_t) + m->m_len, mtod(n, caddr_t),
861 		    (unsigned)count);
862 		len -= count;
863 		m->m_len += count;
864 		n->m_len -= count;
865 		space -= count;
866 		if (n->m_len)
867 			n->m_data += count;
868 		else
869 			n = m_free(n);
870 	} while (len > 0 && n);
871 	if (len > 0) {
872 		(void) m_free(m);
873 		goto bad;
874 	}
875 	m->m_next = n;
876 	return (m);
877  bad:
878 	m_freem(n);
879 	return (NULL);
880 }
881 
882 /*
883  * Partition an mbuf chain in two pieces, returning the tail --
884  * all but the first len0 bytes.  In case of failure, it returns NULL and
885  * attempts to restore the chain to its original state.
886  *
887  * Note that the resulting mbufs might be read-only, because the new
888  * mbuf can end up sharing an mbuf cluster with the original mbuf if
889  * the "breaking point" happens to lie within a cluster mbuf. Use the
890  * M_WRITABLE() macro to check for this case.
891  */
892 struct mbuf *
893 m_split(struct mbuf *m0, int len0, int wait)
894 {
895 	struct mbuf *m, *n;
896 	u_int len = len0, remain;
897 
898 	MBUF_CHECKSLEEP(wait);
899 	for (m = m0; m && len > m->m_len; m = m->m_next)
900 		len -= m->m_len;
901 	if (m == NULL)
902 		return (NULL);
903 	remain = m->m_len - len;
904 	if (m0->m_flags & M_PKTHDR && remain == 0) {
905 		n = m_gethdr(wait, m0->m_type);
906 		if (n == NULL)
907 			return (NULL);
908 		n->m_next = m->m_next;
909 		m->m_next = NULL;
910 		n->m_pkthdr.rcvif = m0->m_pkthdr.rcvif;
911 		n->m_pkthdr.len = m0->m_pkthdr.len - len0;
912 		m0->m_pkthdr.len = len0;
913 		return (n);
914 	} else if (m0->m_flags & M_PKTHDR) {
915 		n = m_gethdr(wait, m0->m_type);
916 		if (n == NULL)
917 			return (NULL);
918 		n->m_pkthdr.rcvif = m0->m_pkthdr.rcvif;
919 		n->m_pkthdr.len = m0->m_pkthdr.len - len0;
920 		m0->m_pkthdr.len = len0;
921 		if (m->m_flags & M_EXT)
922 			goto extpacket;
923 		if (remain > MHLEN) {
924 			/* m can't be the lead packet */
925 			M_ALIGN(n, 0);
926 			n->m_next = m_split(m, len, wait);
927 			if (n->m_next == NULL) {
928 				(void) m_free(n);
929 				return (NULL);
930 			} else {
931 				n->m_len = 0;
932 				return (n);
933 			}
934 		} else
935 			M_ALIGN(n, remain);
936 	} else if (remain == 0) {
937 		n = m->m_next;
938 		m->m_next = NULL;
939 		return (n);
940 	} else {
941 		n = m_get(wait, m->m_type);
942 		if (n == NULL)
943 			return (NULL);
944 		M_ALIGN(n, remain);
945 	}
946 extpacket:
947 	if (m->m_flags & M_EXT) {
948 		n->m_data = m->m_data + len;
949 		mb_dupcl(n, m);
950 	} else {
951 		bcopy(mtod(m, caddr_t) + len, mtod(n, caddr_t), remain);
952 	}
953 	n->m_len = remain;
954 	m->m_len = len;
955 	n->m_next = m->m_next;
956 	m->m_next = NULL;
957 	return (n);
958 }
959 /*
960  * Routine to copy from device local memory into mbufs.
961  * Note that `off' argument is offset into first mbuf of target chain from
962  * which to begin copying the data to.
963  */
964 struct mbuf *
965 m_devget(char *buf, int totlen, int off, struct ifnet *ifp,
966     void (*copy)(char *from, caddr_t to, u_int len))
967 {
968 	struct mbuf *m;
969 	struct mbuf *top = NULL, **mp = &top;
970 	int len;
971 
972 	if (off < 0 || off > MHLEN)
973 		return (NULL);
974 
975 	while (totlen > 0) {
976 		if (top == NULL) {	/* First one, must be PKTHDR */
977 			if (totlen + off >= MINCLSIZE) {
978 				m = m_getcl(M_NOWAIT, MT_DATA, M_PKTHDR);
979 				len = MCLBYTES;
980 			} else {
981 				m = m_gethdr(M_NOWAIT, MT_DATA);
982 				len = MHLEN;
983 
984 				/* Place initial small packet/header at end of mbuf */
985 				if (m && totlen + off + max_linkhdr <= MHLEN) {
986 					m->m_data += max_linkhdr;
987 					len -= max_linkhdr;
988 				}
989 			}
990 			if (m == NULL)
991 				return NULL;
992 			m->m_pkthdr.rcvif = ifp;
993 			m->m_pkthdr.len = totlen;
994 		} else {
995 			if (totlen + off >= MINCLSIZE) {
996 				m = m_getcl(M_NOWAIT, MT_DATA, 0);
997 				len = MCLBYTES;
998 			} else {
999 				m = m_get(M_NOWAIT, MT_DATA);
1000 				len = MLEN;
1001 			}
1002 			if (m == NULL) {
1003 				m_freem(top);
1004 				return NULL;
1005 			}
1006 		}
1007 		if (off) {
1008 			m->m_data += off;
1009 			len -= off;
1010 			off = 0;
1011 		}
1012 		m->m_len = len = min(totlen, len);
1013 		if (copy)
1014 			copy(buf, mtod(m, caddr_t), (u_int)len);
1015 		else
1016 			bcopy(buf, mtod(m, caddr_t), (u_int)len);
1017 		buf += len;
1018 		*mp = m;
1019 		mp = &m->m_next;
1020 		totlen -= len;
1021 	}
1022 	return (top);
1023 }
1024 
1025 /*
1026  * Copy data from a buffer back into the indicated mbuf chain,
1027  * starting "off" bytes from the beginning, extending the mbuf
1028  * chain if necessary.
1029  */
1030 void
1031 m_copyback(struct mbuf *m0, int off, int len, c_caddr_t cp)
1032 {
1033 	int mlen;
1034 	struct mbuf *m = m0, *n;
1035 	int totlen = 0;
1036 
1037 	if (m0 == NULL)
1038 		return;
1039 	while (off > (mlen = m->m_len)) {
1040 		off -= mlen;
1041 		totlen += mlen;
1042 		if (m->m_next == NULL) {
1043 			n = m_get(M_NOWAIT, m->m_type);
1044 			if (n == NULL)
1045 				goto out;
1046 			bzero(mtod(n, caddr_t), MLEN);
1047 			n->m_len = min(MLEN, len + off);
1048 			m->m_next = n;
1049 		}
1050 		m = m->m_next;
1051 	}
1052 	while (len > 0) {
1053 		if (m->m_next == NULL && (len > m->m_len - off)) {
1054 			m->m_len += min(len - (m->m_len - off),
1055 			    M_TRAILINGSPACE(m));
1056 		}
1057 		mlen = min (m->m_len - off, len);
1058 		bcopy(cp, off + mtod(m, caddr_t), (u_int)mlen);
1059 		cp += mlen;
1060 		len -= mlen;
1061 		mlen += off;
1062 		off = 0;
1063 		totlen += mlen;
1064 		if (len == 0)
1065 			break;
1066 		if (m->m_next == NULL) {
1067 			n = m_get(M_NOWAIT, m->m_type);
1068 			if (n == NULL)
1069 				break;
1070 			n->m_len = min(MLEN, len);
1071 			m->m_next = n;
1072 		}
1073 		m = m->m_next;
1074 	}
1075 out:	if (((m = m0)->m_flags & M_PKTHDR) && (m->m_pkthdr.len < totlen))
1076 		m->m_pkthdr.len = totlen;
1077 }
1078 
1079 /*
1080  * Append the specified data to the indicated mbuf chain,
1081  * Extend the mbuf chain if the new data does not fit in
1082  * existing space.
1083  *
1084  * Return 1 if able to complete the job; otherwise 0.
1085  */
1086 int
1087 m_append(struct mbuf *m0, int len, c_caddr_t cp)
1088 {
1089 	struct mbuf *m, *n;
1090 	int remainder, space;
1091 
1092 	for (m = m0; m->m_next != NULL; m = m->m_next)
1093 		;
1094 	remainder = len;
1095 	space = M_TRAILINGSPACE(m);
1096 	if (space > 0) {
1097 		/*
1098 		 * Copy into available space.
1099 		 */
1100 		if (space > remainder)
1101 			space = remainder;
1102 		bcopy(cp, mtod(m, caddr_t) + m->m_len, space);
1103 		m->m_len += space;
1104 		cp += space, remainder -= space;
1105 	}
1106 	while (remainder > 0) {
1107 		/*
1108 		 * Allocate a new mbuf; could check space
1109 		 * and allocate a cluster instead.
1110 		 */
1111 		n = m_get(M_NOWAIT, m->m_type);
1112 		if (n == NULL)
1113 			break;
1114 		n->m_len = min(MLEN, remainder);
1115 		bcopy(cp, mtod(n, caddr_t), n->m_len);
1116 		cp += n->m_len, remainder -= n->m_len;
1117 		m->m_next = n;
1118 		m = n;
1119 	}
1120 	if (m0->m_flags & M_PKTHDR)
1121 		m0->m_pkthdr.len += len - remainder;
1122 	return (remainder == 0);
1123 }
1124 
1125 /*
1126  * Apply function f to the data in an mbuf chain starting "off" bytes from
1127  * the beginning, continuing for "len" bytes.
1128  */
1129 int
1130 m_apply(struct mbuf *m, int off, int len,
1131     int (*f)(void *, void *, u_int), void *arg)
1132 {
1133 	u_int count;
1134 	int rval;
1135 
1136 	KASSERT(off >= 0, ("m_apply, negative off %d", off));
1137 	KASSERT(len >= 0, ("m_apply, negative len %d", len));
1138 	while (off > 0) {
1139 		KASSERT(m != NULL, ("m_apply, offset > size of mbuf chain"));
1140 		if (off < m->m_len)
1141 			break;
1142 		off -= m->m_len;
1143 		m = m->m_next;
1144 	}
1145 	while (len > 0) {
1146 		KASSERT(m != NULL, ("m_apply, offset > size of mbuf chain"));
1147 		count = min(m->m_len - off, len);
1148 		rval = (*f)(arg, mtod(m, caddr_t) + off, count);
1149 		if (rval)
1150 			return (rval);
1151 		len -= count;
1152 		off = 0;
1153 		m = m->m_next;
1154 	}
1155 	return (0);
1156 }
1157 
1158 /*
1159  * Return a pointer to mbuf/offset of location in mbuf chain.
1160  */
1161 struct mbuf *
1162 m_getptr(struct mbuf *m, int loc, int *off)
1163 {
1164 
1165 	while (loc >= 0) {
1166 		/* Normal end of search. */
1167 		if (m->m_len > loc) {
1168 			*off = loc;
1169 			return (m);
1170 		} else {
1171 			loc -= m->m_len;
1172 			if (m->m_next == NULL) {
1173 				if (loc == 0) {
1174 					/* Point at the end of valid data. */
1175 					*off = m->m_len;
1176 					return (m);
1177 				}
1178 				return (NULL);
1179 			}
1180 			m = m->m_next;
1181 		}
1182 	}
1183 	return (NULL);
1184 }
1185 
1186 void
1187 m_print(const struct mbuf *m, int maxlen)
1188 {
1189 	int len;
1190 	int pdata;
1191 	const struct mbuf *m2;
1192 
1193 	if (m == NULL) {
1194 		printf("mbuf: %p\n", m);
1195 		return;
1196 	}
1197 
1198 	if (m->m_flags & M_PKTHDR)
1199 		len = m->m_pkthdr.len;
1200 	else
1201 		len = -1;
1202 	m2 = m;
1203 	while (m2 != NULL && (len == -1 || len)) {
1204 		pdata = m2->m_len;
1205 		if (maxlen != -1 && pdata > maxlen)
1206 			pdata = maxlen;
1207 		printf("mbuf: %p len: %d, next: %p, %b%s", m2, m2->m_len,
1208 		    m2->m_next, m2->m_flags, "\20\20freelist\17skipfw"
1209 		    "\11proto5\10proto4\7proto3\6proto2\5proto1\4rdonly"
1210 		    "\3eor\2pkthdr\1ext", pdata ? "" : "\n");
1211 		if (pdata)
1212 			printf(", %*D\n", pdata, (u_char *)m2->m_data, "-");
1213 		if (len != -1)
1214 			len -= m2->m_len;
1215 		m2 = m2->m_next;
1216 	}
1217 	if (len > 0)
1218 		printf("%d bytes unaccounted for.\n", len);
1219 	return;
1220 }
1221 
1222 u_int
1223 m_fixhdr(struct mbuf *m0)
1224 {
1225 	u_int len;
1226 
1227 	len = m_length(m0, NULL);
1228 	m0->m_pkthdr.len = len;
1229 	return (len);
1230 }
1231 
1232 u_int
1233 m_length(struct mbuf *m0, struct mbuf **last)
1234 {
1235 	struct mbuf *m;
1236 	u_int len;
1237 
1238 	len = 0;
1239 	for (m = m0; m != NULL; m = m->m_next) {
1240 		len += m->m_len;
1241 		if (m->m_next == NULL)
1242 			break;
1243 	}
1244 	if (last != NULL)
1245 		*last = m;
1246 	return (len);
1247 }
1248 
1249 /*
1250  * Defragment a mbuf chain, returning the shortest possible
1251  * chain of mbufs and clusters.  If allocation fails and
1252  * this cannot be completed, NULL will be returned, but
1253  * the passed in chain will be unchanged.  Upon success,
1254  * the original chain will be freed, and the new chain
1255  * will be returned.
1256  *
1257  * If a non-packet header is passed in, the original
1258  * mbuf (chain?) will be returned unharmed.
1259  */
1260 struct mbuf *
1261 m_defrag(struct mbuf *m0, int how)
1262 {
1263 	struct mbuf *m_new = NULL, *m_final = NULL;
1264 	int progress = 0, length;
1265 
1266 	MBUF_CHECKSLEEP(how);
1267 	if (!(m0->m_flags & M_PKTHDR))
1268 		return (m0);
1269 
1270 	m_fixhdr(m0); /* Needed sanity check */
1271 
1272 #ifdef MBUF_STRESS_TEST
1273 	if (m_defragrandomfailures) {
1274 		int temp = arc4random() & 0xff;
1275 		if (temp == 0xba)
1276 			goto nospace;
1277 	}
1278 #endif
1279 
1280 	if (m0->m_pkthdr.len > MHLEN)
1281 		m_final = m_getcl(how, MT_DATA, M_PKTHDR);
1282 	else
1283 		m_final = m_gethdr(how, MT_DATA);
1284 
1285 	if (m_final == NULL)
1286 		goto nospace;
1287 
1288 	if (m_dup_pkthdr(m_final, m0, how) == 0)
1289 		goto nospace;
1290 
1291 	m_new = m_final;
1292 
1293 	while (progress < m0->m_pkthdr.len) {
1294 		length = m0->m_pkthdr.len - progress;
1295 		if (length > MCLBYTES)
1296 			length = MCLBYTES;
1297 
1298 		if (m_new == NULL) {
1299 			if (length > MLEN)
1300 				m_new = m_getcl(how, MT_DATA, 0);
1301 			else
1302 				m_new = m_get(how, MT_DATA);
1303 			if (m_new == NULL)
1304 				goto nospace;
1305 		}
1306 
1307 		m_copydata(m0, progress, length, mtod(m_new, caddr_t));
1308 		progress += length;
1309 		m_new->m_len = length;
1310 		if (m_new != m_final)
1311 			m_cat(m_final, m_new);
1312 		m_new = NULL;
1313 	}
1314 #ifdef MBUF_STRESS_TEST
1315 	if (m0->m_next == NULL)
1316 		m_defraguseless++;
1317 #endif
1318 	m_freem(m0);
1319 	m0 = m_final;
1320 #ifdef MBUF_STRESS_TEST
1321 	m_defragpackets++;
1322 	m_defragbytes += m0->m_pkthdr.len;
1323 #endif
1324 	return (m0);
1325 nospace:
1326 #ifdef MBUF_STRESS_TEST
1327 	m_defragfailure++;
1328 #endif
1329 	if (m_final)
1330 		m_freem(m_final);
1331 	return (NULL);
1332 }
1333 
1334 /*
1335  * Defragment an mbuf chain, returning at most maxfrags separate
1336  * mbufs+clusters.  If this is not possible NULL is returned and
1337  * the original mbuf chain is left in it's present (potentially
1338  * modified) state.  We use two techniques: collapsing consecutive
1339  * mbufs and replacing consecutive mbufs by a cluster.
1340  *
1341  * NB: this should really be named m_defrag but that name is taken
1342  */
1343 struct mbuf *
1344 m_collapse(struct mbuf *m0, int how, int maxfrags)
1345 {
1346 	struct mbuf *m, *n, *n2, **prev;
1347 	u_int curfrags;
1348 
1349 	/*
1350 	 * Calculate the current number of frags.
1351 	 */
1352 	curfrags = 0;
1353 	for (m = m0; m != NULL; m = m->m_next)
1354 		curfrags++;
1355 	/*
1356 	 * First, try to collapse mbufs.  Note that we always collapse
1357 	 * towards the front so we don't need to deal with moving the
1358 	 * pkthdr.  This may be suboptimal if the first mbuf has much
1359 	 * less data than the following.
1360 	 */
1361 	m = m0;
1362 again:
1363 	for (;;) {
1364 		n = m->m_next;
1365 		if (n == NULL)
1366 			break;
1367 		if (M_WRITABLE(m) &&
1368 		    n->m_len < M_TRAILINGSPACE(m)) {
1369 			bcopy(mtod(n, void *), mtod(m, char *) + m->m_len,
1370 				n->m_len);
1371 			m->m_len += n->m_len;
1372 			m->m_next = n->m_next;
1373 			m_free(n);
1374 			if (--curfrags <= maxfrags)
1375 				return m0;
1376 		} else
1377 			m = n;
1378 	}
1379 	KASSERT(maxfrags > 1,
1380 		("maxfrags %u, but normal collapse failed", maxfrags));
1381 	/*
1382 	 * Collapse consecutive mbufs to a cluster.
1383 	 */
1384 	prev = &m0->m_next;		/* NB: not the first mbuf */
1385 	while ((n = *prev) != NULL) {
1386 		if ((n2 = n->m_next) != NULL &&
1387 		    n->m_len + n2->m_len < MCLBYTES) {
1388 			m = m_getcl(how, MT_DATA, 0);
1389 			if (m == NULL)
1390 				goto bad;
1391 			bcopy(mtod(n, void *), mtod(m, void *), n->m_len);
1392 			bcopy(mtod(n2, void *), mtod(m, char *) + n->m_len,
1393 				n2->m_len);
1394 			m->m_len = n->m_len + n2->m_len;
1395 			m->m_next = n2->m_next;
1396 			*prev = m;
1397 			m_free(n);
1398 			m_free(n2);
1399 			if (--curfrags <= maxfrags)	/* +1 cl -2 mbufs */
1400 				return m0;
1401 			/*
1402 			 * Still not there, try the normal collapse
1403 			 * again before we allocate another cluster.
1404 			 */
1405 			goto again;
1406 		}
1407 		prev = &n->m_next;
1408 	}
1409 	/*
1410 	 * No place where we can collapse to a cluster; punt.
1411 	 * This can occur if, for example, you request 2 frags
1412 	 * but the packet requires that both be clusters (we
1413 	 * never reallocate the first mbuf to avoid moving the
1414 	 * packet header).
1415 	 */
1416 bad:
1417 	return NULL;
1418 }
1419 
1420 #ifdef MBUF_STRESS_TEST
1421 
1422 /*
1423  * Fragment an mbuf chain.  There's no reason you'd ever want to do
1424  * this in normal usage, but it's great for stress testing various
1425  * mbuf consumers.
1426  *
1427  * If fragmentation is not possible, the original chain will be
1428  * returned.
1429  *
1430  * Possible length values:
1431  * 0	 no fragmentation will occur
1432  * > 0	each fragment will be of the specified length
1433  * -1	each fragment will be the same random value in length
1434  * -2	each fragment's length will be entirely random
1435  * (Random values range from 1 to 256)
1436  */
1437 struct mbuf *
1438 m_fragment(struct mbuf *m0, int how, int length)
1439 {
1440 	struct mbuf *m_first, *m_last;
1441 	int divisor = 255, progress = 0, fraglen;
1442 
1443 	if (!(m0->m_flags & M_PKTHDR))
1444 		return (m0);
1445 
1446 	if (length == 0 || length < -2)
1447 		return (m0);
1448 	if (length > MCLBYTES)
1449 		length = MCLBYTES;
1450 	if (length < 0 && divisor > MCLBYTES)
1451 		divisor = MCLBYTES;
1452 	if (length == -1)
1453 		length = 1 + (arc4random() % divisor);
1454 	if (length > 0)
1455 		fraglen = length;
1456 
1457 	m_fixhdr(m0); /* Needed sanity check */
1458 
1459 	m_first = m_getcl(how, MT_DATA, M_PKTHDR);
1460 	if (m_first == NULL)
1461 		goto nospace;
1462 
1463 	if (m_dup_pkthdr(m_first, m0, how) == 0)
1464 		goto nospace;
1465 
1466 	m_last = m_first;
1467 
1468 	while (progress < m0->m_pkthdr.len) {
1469 		if (length == -2)
1470 			fraglen = 1 + (arc4random() % divisor);
1471 		if (fraglen > m0->m_pkthdr.len - progress)
1472 			fraglen = m0->m_pkthdr.len - progress;
1473 
1474 		if (progress != 0) {
1475 			struct mbuf *m_new = m_getcl(how, MT_DATA, 0);
1476 			if (m_new == NULL)
1477 				goto nospace;
1478 
1479 			m_last->m_next = m_new;
1480 			m_last = m_new;
1481 		}
1482 
1483 		m_copydata(m0, progress, fraglen, mtod(m_last, caddr_t));
1484 		progress += fraglen;
1485 		m_last->m_len = fraglen;
1486 	}
1487 	m_freem(m0);
1488 	m0 = m_first;
1489 	return (m0);
1490 nospace:
1491 	if (m_first)
1492 		m_freem(m_first);
1493 	/* Return the original chain on failure */
1494 	return (m0);
1495 }
1496 
1497 #endif
1498 
1499 #ifndef __HAIKU__
1500 /*
1501  * Copy the contents of uio into a properly sized mbuf chain.
1502  */
1503 struct mbuf *
1504 m_uiotombuf(struct uio *uio, int how, int len, int align, int flags)
1505 {
1506 	struct mbuf *m, *mb;
1507 	int error, length;
1508 	ssize_t total;
1509 	int progress = 0;
1510 
1511 	/*
1512 	 * len can be zero or an arbitrary large value bound by
1513 	 * the total data supplied by the uio.
1514 	 */
1515 	if (len > 0)
1516 		total = min(uio->uio_resid, len);
1517 	else
1518 		total = uio->uio_resid;
1519 
1520 	/*
1521 	 * The smallest unit returned by m_getm2() is a single mbuf
1522 	 * with pkthdr.  We can't align past it.
1523 	 */
1524 	if (align >= MHLEN)
1525 		return (NULL);
1526 
1527 	/*
1528 	 * Give us the full allocation or nothing.
1529 	 * If len is zero return the smallest empty mbuf.
1530 	 */
1531 	m = m_getm2(NULL, max(total + align, 1), how, MT_DATA, flags);
1532 	if (m == NULL)
1533 		return (NULL);
1534 	m->m_data += align;
1535 
1536 	/* Fill all mbufs with uio data and update header information. */
1537 	for (mb = m; mb != NULL; mb = mb->m_next) {
1538 		length = min(M_TRAILINGSPACE(mb), total - progress);
1539 
1540 		error = uiomove(mtod(mb, void *), length, uio);
1541 		if (error) {
1542 			m_freem(m);
1543 			return (NULL);
1544 		}
1545 
1546 		mb->m_len = length;
1547 		progress += length;
1548 		if (flags & M_PKTHDR)
1549 			m->m_pkthdr.len += length;
1550 	}
1551 	KASSERT(progress == total, ("%s: progress != total", __func__));
1552 
1553 	return (m);
1554 }
1555 
1556 /*
1557  * Copy an mbuf chain into a uio limited by len if set.
1558  */
1559 int
1560 m_mbuftouio(struct uio *uio, struct mbuf *m, int len)
1561 {
1562 	int error, length, total;
1563 	int progress = 0;
1564 
1565 	if (len > 0)
1566 		total = min(uio->uio_resid, len);
1567 	else
1568 		total = uio->uio_resid;
1569 
1570 	/* Fill the uio with data from the mbufs. */
1571 	for (; m != NULL; m = m->m_next) {
1572 		length = min(m->m_len, total - progress);
1573 
1574 		error = uiomove(mtod(m, void *), length, uio);
1575 		if (error)
1576 			return (error);
1577 
1578 		progress += length;
1579 	}
1580 
1581 	return (0);
1582 }
1583 #endif
1584 
1585 /*
1586  * Create a writable copy of the mbuf chain.  While doing this
1587  * we compact the chain with a goal of producing a chain with
1588  * at most two mbufs.  The second mbuf in this chain is likely
1589  * to be a cluster.  The primary purpose of this work is to create
1590  * a writable packet for encryption, compression, etc.  The
1591  * secondary goal is to linearize the data so the data can be
1592  * passed to crypto hardware in the most efficient manner possible.
1593  */
1594 struct mbuf *
1595 m_unshare(struct mbuf *m0, int how)
1596 {
1597 	struct mbuf *m, *mprev;
1598 	struct mbuf *n, *mfirst, *mlast;
1599 	int len, off;
1600 
1601 	mprev = NULL;
1602 	for (m = m0; m != NULL; m = mprev->m_next) {
1603 		/*
1604 		 * Regular mbufs are ignored unless there's a cluster
1605 		 * in front of it that we can use to coalesce.  We do
1606 		 * the latter mainly so later clusters can be coalesced
1607 		 * also w/o having to handle them specially (i.e. convert
1608 		 * mbuf+cluster -> cluster).  This optimization is heavily
1609 		 * influenced by the assumption that we're running over
1610 		 * Ethernet where MCLBYTES is large enough that the max
1611 		 * packet size will permit lots of coalescing into a
1612 		 * single cluster.  This in turn permits efficient
1613 		 * crypto operations, especially when using hardware.
1614 		 */
1615 		if ((m->m_flags & M_EXT) == 0) {
1616 			if (mprev && (mprev->m_flags & M_EXT) &&
1617 			    m->m_len <= M_TRAILINGSPACE(mprev)) {
1618 				/* XXX: this ignores mbuf types */
1619 				memcpy(mtod(mprev, caddr_t) + mprev->m_len,
1620 				    mtod(m, caddr_t), m->m_len);
1621 				mprev->m_len += m->m_len;
1622 				mprev->m_next = m->m_next;	/* unlink from chain */
1623 				m_free(m);			/* reclaim mbuf */
1624 #if 0
1625 				newipsecstat.ips_mbcoalesced++;
1626 #endif
1627 			} else {
1628 				mprev = m;
1629 			}
1630 			continue;
1631 		}
1632 		/*
1633 		 * Writable mbufs are left alone (for now).
1634 		 */
1635 		if (M_WRITABLE(m)) {
1636 			mprev = m;
1637 			continue;
1638 		}
1639 
1640 		/*
1641 		 * Not writable, replace with a copy or coalesce with
1642 		 * the previous mbuf if possible (since we have to copy
1643 		 * it anyway, we try to reduce the number of mbufs and
1644 		 * clusters so that future work is easier).
1645 		 */
1646 		KASSERT(m->m_flags & M_EXT, ("m_flags 0x%x", m->m_flags));
1647 		/* NB: we only coalesce into a cluster or larger */
1648 		if (mprev != NULL && (mprev->m_flags & M_EXT) &&
1649 		    m->m_len <= M_TRAILINGSPACE(mprev)) {
1650 			/* XXX: this ignores mbuf types */
1651 			memcpy(mtod(mprev, caddr_t) + mprev->m_len,
1652 			    mtod(m, caddr_t), m->m_len);
1653 			mprev->m_len += m->m_len;
1654 			mprev->m_next = m->m_next;	/* unlink from chain */
1655 			m_free(m);			/* reclaim mbuf */
1656 #if 0
1657 			newipsecstat.ips_clcoalesced++;
1658 #endif
1659 			continue;
1660 		}
1661 
1662 		/*
1663 		 * Allocate new space to hold the copy and copy the data.
1664 		 * We deal with jumbo mbufs (i.e. m_len > MCLBYTES) by
1665 		 * splitting them into clusters.  We could just malloc a
1666 		 * buffer and make it external but too many device drivers
1667 		 * don't know how to break up the non-contiguous memory when
1668 		 * doing DMA.
1669 		 */
1670 		n = m_getcl(how, m->m_type, m->m_flags & M_COPYFLAGS);
1671 		if (n == NULL) {
1672 			m_freem(m0);
1673 			return (NULL);
1674 		}
1675 		if (m->m_flags & M_PKTHDR) {
1676 			KASSERT(mprev == NULL, ("%s: m0 %p, m %p has M_PKTHDR",
1677 			    __func__, m0, m));
1678 			m_move_pkthdr(n, m);
1679 		}
1680 		len = m->m_len;
1681 		off = 0;
1682 		mfirst = n;
1683 		mlast = NULL;
1684 		for (;;) {
1685 			int cc = min(len, MCLBYTES);
1686 			memcpy(mtod(n, caddr_t), mtod(m, caddr_t) + off, cc);
1687 			n->m_len = cc;
1688 			if (mlast != NULL)
1689 				mlast->m_next = n;
1690 			mlast = n;
1691 #if 0
1692 			newipsecstat.ips_clcopied++;
1693 #endif
1694 
1695 			len -= cc;
1696 			if (len <= 0)
1697 				break;
1698 			off += cc;
1699 
1700 			n = m_getcl(how, m->m_type, m->m_flags & M_COPYFLAGS);
1701 			if (n == NULL) {
1702 				m_freem(mfirst);
1703 				m_freem(m0);
1704 				return (NULL);
1705 			}
1706 		}
1707 		n->m_next = m->m_next;
1708 		if (mprev == NULL)
1709 			m0 = mfirst;		/* new head of chain */
1710 		else
1711 			mprev->m_next = mfirst;	/* replace old mbuf */
1712 		m_free(m);			/* release old mbuf */
1713 		mprev = mfirst;
1714 	}
1715 	return (m0);
1716 }
1717 
1718 #ifdef MBUF_PROFILING
1719 
1720 #define MP_BUCKETS 32 /* don't just change this as things may overflow.*/
1721 struct mbufprofile {
1722 	uintmax_t wasted[MP_BUCKETS];
1723 	uintmax_t used[MP_BUCKETS];
1724 	uintmax_t segments[MP_BUCKETS];
1725 } mbprof;
1726 
1727 #define MP_MAXDIGITS 21	/* strlen("16,000,000,000,000,000,000") == 21 */
1728 #define MP_NUMLINES 6
1729 #define MP_NUMSPERLINE 16
1730 #define MP_EXTRABYTES 64	/* > strlen("used:\nwasted:\nsegments:\n") */
1731 /* work out max space needed and add a bit of spare space too */
1732 #define MP_MAXLINE ((MP_MAXDIGITS+1) * MP_NUMSPERLINE)
1733 #define MP_BUFSIZE ((MP_MAXLINE * MP_NUMLINES) + 1 + MP_EXTRABYTES)
1734 
1735 char mbprofbuf[MP_BUFSIZE];
1736 
1737 void
1738 m_profile(struct mbuf *m)
1739 {
1740 	int segments = 0;
1741 	int used = 0;
1742 	int wasted = 0;
1743 
1744 	while (m) {
1745 		segments++;
1746 		used += m->m_len;
1747 		if (m->m_flags & M_EXT) {
1748 			wasted += MHLEN - sizeof(m->m_ext) +
1749 			    m->m_ext.ext_size - m->m_len;
1750 		} else {
1751 			if (m->m_flags & M_PKTHDR)
1752 				wasted += MHLEN - m->m_len;
1753 			else
1754 				wasted += MLEN - m->m_len;
1755 		}
1756 		m = m->m_next;
1757 	}
1758 	/* be paranoid.. it helps */
1759 	if (segments > MP_BUCKETS - 1)
1760 		segments = MP_BUCKETS - 1;
1761 	if (used > 100000)
1762 		used = 100000;
1763 	if (wasted > 100000)
1764 		wasted = 100000;
1765 	/* store in the appropriate bucket */
1766 	/* don't bother locking. if it's slightly off, so what? */
1767 	mbprof.segments[segments]++;
1768 	mbprof.used[fls(used)]++;
1769 	mbprof.wasted[fls(wasted)]++;
1770 }
1771 
1772 static void
1773 mbprof_textify(void)
1774 {
1775 	int offset;
1776 	char *c;
1777 	uint64_t *p;
1778 
1779 	p = &mbprof.wasted[0];
1780 	c = mbprofbuf;
1781 	offset = snprintf(c, MP_MAXLINE + 10,
1782 	    "wasted:\n"
1783 	    "%ju %ju %ju %ju %ju %ju %ju %ju "
1784 	    "%ju %ju %ju %ju %ju %ju %ju %ju\n",
1785 	    p[0], p[1], p[2], p[3], p[4], p[5], p[6], p[7],
1786 	    p[8], p[9], p[10], p[11], p[12], p[13], p[14], p[15]);
1787 #ifdef BIG_ARRAY
1788 	p = &mbprof.wasted[16];
1789 	c += offset;
1790 	offset = snprintf(c, MP_MAXLINE,
1791 	    "%ju %ju %ju %ju %ju %ju %ju %ju "
1792 	    "%ju %ju %ju %ju %ju %ju %ju %ju\n",
1793 	    p[0], p[1], p[2], p[3], p[4], p[5], p[6], p[7],
1794 	    p[8], p[9], p[10], p[11], p[12], p[13], p[14], p[15]);
1795 #endif
1796 	p = &mbprof.used[0];
1797 	c += offset;
1798 	offset = snprintf(c, MP_MAXLINE + 10,
1799 	    "used:\n"
1800 	    "%ju %ju %ju %ju %ju %ju %ju %ju "
1801 	    "%ju %ju %ju %ju %ju %ju %ju %ju\n",
1802 	    p[0], p[1], p[2], p[3], p[4], p[5], p[6], p[7],
1803 	    p[8], p[9], p[10], p[11], p[12], p[13], p[14], p[15]);
1804 #ifdef BIG_ARRAY
1805 	p = &mbprof.used[16];
1806 	c += offset;
1807 	offset = snprintf(c, MP_MAXLINE,
1808 	    "%ju %ju %ju %ju %ju %ju %ju %ju "
1809 	    "%ju %ju %ju %ju %ju %ju %ju %ju\n",
1810 	    p[0], p[1], p[2], p[3], p[4], p[5], p[6], p[7],
1811 	    p[8], p[9], p[10], p[11], p[12], p[13], p[14], p[15]);
1812 #endif
1813 	p = &mbprof.segments[0];
1814 	c += offset;
1815 	offset = snprintf(c, MP_MAXLINE + 10,
1816 	    "segments:\n"
1817 	    "%ju %ju %ju %ju %ju %ju %ju %ju "
1818 	    "%ju %ju %ju %ju %ju %ju %ju %ju\n",
1819 	    p[0], p[1], p[2], p[3], p[4], p[5], p[6], p[7],
1820 	    p[8], p[9], p[10], p[11], p[12], p[13], p[14], p[15]);
1821 #ifdef BIG_ARRAY
1822 	p = &mbprof.segments[16];
1823 	c += offset;
1824 	offset = snprintf(c, MP_MAXLINE,
1825 	    "%ju %ju %ju %ju %ju %ju %ju %ju "
1826 	    "%ju %ju %ju %ju %ju %ju %ju %jju",
1827 	    p[0], p[1], p[2], p[3], p[4], p[5], p[6], p[7],
1828 	    p[8], p[9], p[10], p[11], p[12], p[13], p[14], p[15]);
1829 #endif
1830 }
1831 
1832 static int
1833 mbprof_handler(SYSCTL_HANDLER_ARGS)
1834 {
1835 	int error;
1836 
1837 	mbprof_textify();
1838 	error = SYSCTL_OUT(req, mbprofbuf, strlen(mbprofbuf) + 1);
1839 	return (error);
1840 }
1841 
1842 static int
1843 mbprof_clr_handler(SYSCTL_HANDLER_ARGS)
1844 {
1845 	int clear, error;
1846 
1847 	clear = 0;
1848 	error = sysctl_handle_int(oidp, &clear, 0, req);
1849 	if (error || !req->newptr)
1850 		return (error);
1851 
1852 	if (clear) {
1853 		bzero(&mbprof, sizeof(mbprof));
1854 	}
1855 
1856 	return (error);
1857 }
1858 
1859 
1860 SYSCTL_PROC(_kern_ipc, OID_AUTO, mbufprofile, CTLTYPE_STRING|CTLFLAG_RD,
1861 	    NULL, 0, mbprof_handler, "A", "mbuf profiling statistics");
1862 
1863 SYSCTL_PROC(_kern_ipc, OID_AUTO, mbufprofileclr, CTLTYPE_INT|CTLFLAG_RW,
1864 	    NULL, 0, mbprof_clr_handler, "I", "clear mbuf profiling statistics");
1865 #endif
1866 
1867