MBUF_TAGS(9) OpenBSD Kernel Manual MBUF_TAGS(9)NAME
mbuf_tags - a framework for generic packet attributes
SYNOPSIS
#include <sys/mbuf.h>
struct m_tag *
m_tag_get(int type, int len, int flags);
struct m_tag *
m_tag_find(struct mbuf *mbuf, int type, struct m_tag *tag);
void
m_tag_prepend(struct mbuf *mbuf, struct m_tag *tag);
void
m_tag_delete(struct mbuf *mbuf, struct m_tag *tag);
struct m_tag *
m_tag_copy(struct m_tag *tag);
void
m_tag_delete_chain(struct mbuf *mbuf);
void
m_tag_init(struct mbuf *mbuf);
int
m_tag_copy_chain(struct mbuf *mbuf, struct mbuf *mbuf2);
struct m_tag *
m_tag_first(struct mbuf *mbuf);
struct m_tag *
m_tag_next(struct mbuf *mbuf, struct m_tag *tag);
DESCRIPTION
These functions allow the manipulation of generic packet attributes.
They are used by the kernel to keep track of operations done or scheduled
to happen to packets. These attributes are attached to mbuf packet
headers.
Mbuf tags get allocated using malloc(9), thus, due to the performance
impact, mbuf tags should be used with care.
m_tag_get() allocates a new tag of type type with len bytes of space
following the tag header itself. The flag argument is passed directly to
malloc(9). If successful, m_tag_get() returns a memory buffer of (len +
sizeof (struct m_tag)) bytes. The first sizeof(struct m_tag) bytes
contain a struct m_tag:
struct m_tag {
SLIST_ENTRY(m_tag) m_tag_link; /* List of packet tags */
u_int16_t m_tag_id; /* Tag ID */
u_int16_t m_tag_len; /* Length of data */
};
The m_tag_link field is used to link tags together (see queue(3) for more
details). The m_tag_id and m_tag_len fields are set to type and len
respectively. Following this structure are len bytes of space that can
be used to store tag-specific information.
The currently defined tag types are:
PACKET_TAG_NONE
This should never be used.
PACKET_TAG_IPSEC_IN_DONE
Used by ipsec(4) to indicate successful processing
performed on an input packet. The tag contains a struct
tdb_ident, as defined in sys/netinet/ip_ipsp.h, identifying
the security association under which the packet arrived.
PACKET_TAG_IPSEC_OUT_DONE
Used by IPsec to indicate that an output packet has been
IPsec-processed. The tag contains a struct tdb_ident
identifying the security association applied to the packet.
This tag is primarily used to detect and avoid loops in
IPsec processing on output.
PACKET_TAG_IPSEC_IN_CRYPTO_DONE
Used by network cards that implement on-board IPsec
processing to indicate that the crypto processing of an
IPsec packet has been done. The tag contains a struct
tdb_ident identifying the security association under which
the packet arrived.
PACKET_TAG_IPSEC_OUT_CRYPTO_NEEDED
Used by the IPsec stack to signal to network cards that
implement on-board IPsec processing that such processing is
needed. The tag contains a struct tdb_ident identifying
the security association that should be applied. The
packet is already formatted for the appropriate security
protocol.
PACKET_TAG_IPSEC_IN_COULD_DO_CRYPTO
Used by network cards that implement on-board IPsec
processing to indicate to the IPsec stack that
cryptographic processing could be deferred to hardware.
The tag contains a struct tdb_ident identifying the
security association that could be offloaded to the network
card.
PACKET_TAG_IPSEC_PENDING_TDB
Used by the IPsec stack to keep track of IPsec processing
that should happen to the packet on output. The tag
contains a struct tdb_ident identifying the security
association that should be applied at the next loop of
IPsec processing.
PACKET_TAG_BRIDGE
Used by the bridge(4) code to detect loops in bridge
processing. The tag contains a pointer to the bridge
interface that already forwarded the frame.
PACKET_TAG_GIF
Used by the gif(4) interface to detect loops in processing.
The tag contains a pointer to the gif interface that
already processed the packet.
PACKET_TAG_GRE
Used by the gre(4) interface to detect loops in processing.
The tag contains a pointer to the gre interface that
already processed the packet.
PACKET_TAG_IN_PACKET_CHECKSUM
Used by network cards that can compute complete packet
checksums to pass that information to higher-level
protocols. The tag contains the 2 byte checksum of the
packet.
m_tag_find() finds an instance of a tag of type type attached to packet
mbuf. If tag is NULL, the first such tag is returned. Otherwise, the
first tag of type type after tag is returned. If no such tag is found,
NULL is returned.
m_tag_prepend() adds the new tag tag at the head of the tag list for
packet mbuf.
m_tag_delete() removes and then de-allocates tag tag from the list of
tags of packet mbuf.
m_tag_copy() creates an unlinked copy of tag tag.
m_tag_delete_chain() deletes all tags attached to packet mbuf.
m_tag_init() initializes the tag storage for packet mbuf.
m_tag_copy_chain() copies all tags from packet mbuf to packet mbuf2. On
success, it returns 0. Otherwise, it returns ENOMEM.
m_tag_first() returns the first tag attached to packet mbuf.
m_tag_next() returns the tag following tag in packet mbuf.
The M_MOVE_PKTHDR() and M_MOVE_HDR() macros defined in sys/sys/mbuf.h
move the tags from the old to the new mbuf. The M_DUP_PKTHDR() and
M_DUP_HDR() macros create copies of the tag chain for the new mbuf.
CODE REFERENCES
The tag-manipulating code is contained in the file sys/kern/uipc_mbuf2.c.
SEE ALSObridge(4), gif(4), gre(4), ipsec(4), malloc(9)HISTORY
The packet tags first appeared in OpenBSD 2.9 and were written by Angelos
D. Keromytis <angelos@openbsd.org>.
OpenBSD 4.9 January 29, 2011 OpenBSD 4.9