freebsd-skq/share/man/man4/netgraph.4
bapt 5da5395a98 use .Mt to mark up email addresses consistently (final part)
PR:		191174
Submitted by:	Franco Fichtner <franco at lastsummer.de>
2014-06-26 21:46:14 +00:00

1485 lines
44 KiB
Groff

.\" Copyright (c) 1996-1999 Whistle Communications, Inc.
.\" All rights reserved.
.\"
.\" Subject to the following obligations and disclaimer of warranty, use and
.\" redistribution of this software, in source or object code forms, with or
.\" without modifications are expressly permitted by Whistle Communications;
.\" provided, however, that:
.\" 1. Any and all reproductions of the source or object code must include the
.\" copyright notice above and the following disclaimer of warranties; and
.\" 2. No rights are granted, in any manner or form, to use Whistle
.\" Communications, Inc. trademarks, including the mark "WHISTLE
.\" COMMUNICATIONS" on advertising, endorsements, or otherwise except as
.\" such appears in the above copyright notice or in the software.
.\"
.\" THIS SOFTWARE IS BEING PROVIDED BY WHISTLE COMMUNICATIONS "AS IS", AND
.\" TO THE MAXIMUM EXTENT PERMITTED BY LAW, WHISTLE COMMUNICATIONS MAKES NO
.\" REPRESENTATIONS OR WARRANTIES, EXPRESS OR IMPLIED, REGARDING THIS SOFTWARE,
.\" INCLUDING WITHOUT LIMITATION, ANY AND ALL IMPLIED WARRANTIES OF
.\" MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT.
.\" WHISTLE COMMUNICATIONS DOES NOT WARRANT, GUARANTEE, OR MAKE ANY
.\" REPRESENTATIONS REGARDING THE USE OF, OR THE RESULTS OF THE USE OF THIS
.\" SOFTWARE IN TERMS OF ITS CORRECTNESS, ACCURACY, RELIABILITY OR OTHERWISE.
.\" IN NO EVENT SHALL WHISTLE COMMUNICATIONS BE LIABLE FOR ANY DAMAGES
.\" RESULTING FROM OR ARISING OUT OF ANY USE OF THIS SOFTWARE, INCLUDING
.\" WITHOUT LIMITATION, ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
.\" PUNITIVE, OR CONSEQUENTIAL DAMAGES, PROCUREMENT OF SUBSTITUTE GOODS OR
.\" SERVICES, LOSS OF USE, DATA OR PROFITS, HOWEVER CAUSED AND UNDER ANY
.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF WHISTLE COMMUNICATIONS IS ADVISED OF THE POSSIBILITY
.\" OF SUCH DAMAGE.
.\"
.\" Authors: Julian Elischer <julian@FreeBSD.org>
.\" Archie Cobbs <archie@FreeBSD.org>
.\"
.\" $Whistle: netgraph.4,v 1.7 1999/01/28 23:54:52 julian Exp $
.\" $FreeBSD$
.\"
.Dd November 25, 2013
.Dt NETGRAPH 4
.Os
.Sh NAME
.Nm netgraph
.Nd "graph based kernel networking subsystem"
.Sh DESCRIPTION
The
.Nm
system provides a uniform and modular system for the implementation
of kernel objects which perform various networking functions.
The objects, known as
.Em nodes ,
can be arranged into arbitrarily complicated graphs.
Nodes have
.Em hooks
which are used to connect two nodes together, forming the edges in the graph.
Nodes communicate along the edges to process data, implement protocols, etc.
.Pp
The aim of
.Nm
is to supplement rather than replace the existing kernel networking
infrastructure.
It provides:
.Pp
.Bl -bullet -compact
.It
A flexible way of combining protocol and link level drivers.
.It
A modular way to implement new protocols.
.It
A common framework for kernel entities to inter-communicate.
.It
A reasonably fast, kernel-based implementation.
.El
.Ss Nodes and Types
The most fundamental concept in
.Nm
is that of a
.Em node .
All nodes implement a number of predefined methods which allow them
to interact with other nodes in a well defined manner.
.Pp
Each node has a
.Em type ,
which is a static property of the node determined at node creation time.
A node's type is described by a unique
.Tn ASCII
type name.
The type implies what the node does and how it may be connected
to other nodes.
.Pp
In object-oriented language, types are classes, and nodes are instances
of their respective class.
All node types are subclasses of the generic node
type, and hence inherit certain common functionality and capabilities
(e.g., the ability to have an
.Tn ASCII
name).
.Pp
Nodes may be assigned a globally unique
.Tn ASCII
name which can be
used to refer to the node.
The name must not contain the characters
.Ql .\&
or
.Ql \&: ,
and is limited to
.Dv NG_NODESIZ
characters (including the terminating
.Dv NUL
character).
.Pp
Each node instance has a unique
.Em ID number
which is expressed as a 32-bit hexadecimal value.
This value may be used to refer to a node when there is no
.Tn ASCII
name assigned to it.
.Ss Hooks
Nodes are connected to other nodes by connecting a pair of
.Em hooks ,
one from each node.
Data flows bidirectionally between nodes along
connected pairs of hooks.
A node may have as many hooks as it
needs, and may assign whatever meaning it wants to a hook.
.Pp
Hooks have these properties:
.Bl -bullet
.It
A hook has an
.Tn ASCII
name which is unique among all hooks
on that node (other hooks on other nodes may have the same name).
The name must not contain the characters
.Ql .\&
or
.Ql \&: ,
and is
limited to
.Dv NG_HOOKSIZ
characters (including the terminating
.Dv NUL
character).
.It
A hook is always connected to another hook.
That is, hooks are
created at the time they are connected, and breaking an edge by
removing either hook destroys both hooks.
.It
A hook can be set into a state where incoming packets are always queued
by the input queueing system, rather than being delivered directly.
This can be used when the data is sent from an interrupt handler,
and processing must be quick so as not to block other interrupts.
.It
A hook may supply overriding receive data and receive message functions,
which should be used for data and messages received through that hook
in preference to the general node-wide methods.
.El
.Pp
A node may decide to assign special meaning to some hooks.
For example, connecting to the hook named
.Va debug
might trigger
the node to start sending debugging information to that hook.
.Ss Data Flow
Two types of information flow between nodes: data messages and
control messages.
Data messages are passed in
.Vt mbuf chains
along the edges
in the graph, one edge at a time.
The first
.Vt mbuf
in a chain must have the
.Dv M_PKTHDR
flag set.
Each node decides how to handle data received through one of its hooks.
.Pp
Along with data, nodes can also receive control messages.
There are generic and type-specific control messages.
Control messages have a common
header format, followed by type-specific data, and are binary structures
for efficiency.
However, node types may also support conversion of the
type-specific data between binary and
.Tn ASCII
formats,
for debugging and human interface purposes (see the
.Dv NGM_ASCII2BINARY
and
.Dv NGM_BINARY2ASCII
generic control messages below).
Nodes are not required to support these conversions.
.Pp
There are three ways to address a control message.
If there is a sequence of edges connecting the two nodes, the message
may be
.Dq source routed
by specifying the corresponding sequence
of
.Tn ASCII
hook names as the destination address for the message (relative
addressing).
If the destination is adjacent to the source, then the source
node may simply specify (as a pointer in the code) the hook across which the
message should be sent.
Otherwise, the recipient node's global
.Tn ASCII
name
(or equivalent ID-based name) is used as the destination address
for the message (absolute addressing).
The two types of
.Tn ASCII
addressing
may be combined, by specifying an absolute start node and a sequence
of hooks.
Only the
.Tn ASCII
addressing modes are available to control programs outside the kernel;
use of direct pointers is limited to kernel modules.
.Pp
Messages often represent commands that are followed by a reply message
in the reverse direction.
To facilitate this, the recipient of a
control message is supplied with a
.Dq return address
that is suitable for addressing a reply.
.Pp
Each control message contains a 32-bit value, called a
.Dq typecookie ,
indicating the type of the message, i.e.\& how to interpret it.
Typically each type defines a unique typecookie for the messages
that it understands.
However, a node may choose to recognize and
implement more than one type of messages.
.Pp
If a message is delivered to an address that implies that it arrived
at that node through a particular hook (as opposed to having been directly
addressed using its ID or global name) then that hook is identified to the
receiving node.
This allows a message to be re-routed or passed on, should
a node decide that this is required, in much the same way that data packets
are passed around between nodes.
A set of standard
messages for flow control and link management purposes are
defined by the base system that are usually
passed around in this manner.
Flow control message would usually travel
in the opposite direction to the data to which they pertain.
.Ss Netgraph is (Usually) Functional
In order to minimize latency, most
.Nm
operations are functional.
That is, data and control messages are delivered by making function
calls rather than by using queues and mailboxes.
For example, if node
A wishes to send a data
.Vt mbuf
to neighboring node B, it calls the
generic
.Nm
data delivery function.
This function in turn locates
node B and calls B's
.Dq receive data
method.
There are exceptions to this.
.Pp
Each node has an input queue, and some operations can be considered to
be
.Em writers
in that they alter the state of the node.
Obviously, in an SMP
world it would be bad if the state of a node were changed while another
data packet were transiting the node.
For this purpose, the input queue implements a
.Em reader/writer
semantic so that when there is a writer in the node, all other requests
are queued, and while there are readers, a writer, and any following
packets are queued.
In the case where there is no reason to queue the
data, the input method is called directly, as mentioned above.
.Pp
A node may declare that all requests should be considered as writers,
or that requests coming in over a particular hook should be considered to
be a writer, or even that packets leaving or entering across a particular
hook should always be queued, rather than delivered directly (often useful
for interrupt routines who want to get back to the hardware quickly).
By default, all control message packets are considered to be writers
unless specifically declared to be a reader in their definition.
(See
.Dv NGM_READONLY
in
.In netgraph/ng_message.h . )
.Pp
While this mode of operation
results in good performance, it has a few implications for node
developers:
.Bl -bullet
.It
Whenever a node delivers a data or control message, the node
may need to allow for the possibility of receiving a returning
message before the original delivery function call returns.
.It
.Nm Netgraph
provides internal synchronization between nodes.
Data always enters a
.Dq graph
at an
.Em edge node .
An
.Em edge node
is a node that interfaces between
.Nm
and some other part of the system.
Examples of
.Dq edge nodes
include device drivers, the
.Vt socket , ether , tty ,
and
.Vt ksocket
node type.
In these
.Em edge nodes ,
the calling thread directly executes code in the node, and from that code
calls upon the
.Nm
framework to deliver data across some edge
in the graph.
From an execution point of view, the calling thread will execute the
.Nm
framework methods, and if it can acquire a lock to do so,
the input methods of the next node.
This continues until either the data is discarded or queued for some
device or system entity, or the thread is unable to acquire a lock on
the next node.
In that case, the data is queued for the node, and execution rewinds
back to the original calling entity.
The queued data will be picked up and processed by either the current
holder of the lock when they have completed their operations, or by
a special
.Nm
thread that is activated when there are such items
queued.
.It
It is possible for an infinite loop to occur if the graph contains cycles.
.El
.Pp
So far, these issues have not proven problematical in practice.
.Ss Interaction with Other Parts of the Kernel
A node may have a hidden interaction with other components of the
kernel outside of the
.Nm
subsystem, such as device hardware,
kernel protocol stacks, etc.
In fact, one of the benefits of
.Nm
is the ability to join disparate kernel networking entities together in a
consistent communication framework.
.Pp
An example is the
.Vt socket
node type which is both a
.Nm
node and a
.Xr socket 2
in the protocol family
.Dv PF_NETGRAPH .
Socket nodes allow user processes to participate in
.Nm .
Other nodes communicate with socket nodes using the usual methods, and the
node hides the fact that it is also passing information to and from a
cooperating user process.
.Pp
Another example is a device driver that presents
a node interface to the hardware.
.Ss Node Methods
Nodes are notified of the following actions via function calls
to the following node methods,
and may accept or reject that action (by returning the appropriate
error code):
.Bl -tag -width 2n
.It Creation of a new node
The constructor for the type is called.
If creation of a new node is allowed, constructor method may allocate any
special resources it needs.
For nodes that correspond to hardware, this is typically done during the
device attach routine.
Often a global
.Tn ASCII
name corresponding to the
device name is assigned here as well.
.It Creation of a new hook
The hook is created and tentatively
linked to the node, and the node is told about the name that will be
used to describe this hook.
The node sets up any special data structures
it needs, or may reject the connection, based on the name of the hook.
.It Successful connection of two hooks
After both ends have accepted their
hooks, and the links have been made, the nodes get a chance to
find out who their peer is across the link, and can then decide to reject
the connection.
Tear-down is automatic.
This is also the time at which
a node may decide whether to set a particular hook (or its peer) into
the
.Em queueing
mode.
.It Destruction of a hook
The node is notified of a broken connection.
The node may consider some hooks
to be critical to operation and others to be expendable: the disconnection
of one hook may be an acceptable event while for another it
may effect a total shutdown for the node.
.It Preshutdown of a node
This method is called before real shutdown, which is discussed below.
While in this method, the node is fully operational and can send a
.Dq goodbye
message to its peers, or it can exclude itself from the chain and reconnect
its peers together, like the
.Xr ng_tee 4
node type does.
.It Shutdown of a node
This method allows a node to clean up
and to ensure that any actions that need to be performed
at this time are taken.
The method is called by the generic (i.e., superclass)
node destructor which will get rid of the generic components of the node.
Some nodes (usually associated with a piece of hardware) may be
.Em persistent
in that a shutdown breaks all edges and resets the node,
but does not remove it.
In this case, the shutdown method should not
free its resources, but rather, clean up and then call the
.Fn NG_NODE_REVIVE
macro to signal the generic code that the shutdown is aborted.
In the case where the shutdown is started by the node itself due to hardware
removal or unloading (via
.Fn ng_rmnode_self ) ,
it should set the
.Dv NGF_REALLY_DIE
flag to signal to its own shutdown method that it is not to persist.
.El
.Ss Sending and Receiving Data
Two other methods are also supported by all nodes:
.Bl -tag -width 2n
.It Receive data message
A
.Nm
.Em queueable request item ,
usually referred to as an
.Em item ,
is received by this function.
The item contains a pointer to an
.Vt mbuf .
.Pp
The node is notified on which hook the item has arrived,
and can use this information in its processing decision.
The receiving node must always
.Fn NG_FREE_M
the
.Vt mbuf chain
on completion or error, or pass it on to another node
(or kernel module) which will then be responsible for freeing it.
Similarly, the
.Em item
must be freed if it is not to be passed on to another node, by using the
.Fn NG_FREE_ITEM
macro.
If the item still holds references to
.Vt mbufs
at the time of
freeing then they will also be appropriately freed.
Therefore, if there is any chance that the
.Vt mbuf
will be
changed or freed separately from the item, it is very important
that it be retrieved using the
.Fn NGI_GET_M
macro that also removes the reference within the item.
(Or multiple frees of the same object will occur.)
.Pp
If it is only required to examine the contents of the
.Vt mbufs ,
then it is possible to use the
.Fn NGI_M
macro to both read and rewrite
.Vt mbuf
pointer inside the item.
.Pp
If developer needs to pass any meta information along with the
.Vt mbuf chain ,
he should use
.Xr mbuf_tags 9
framework.
.Bf -symbolic
Note that old
.Nm
specific meta-data format is obsoleted now.
.Ef
.Pp
The receiving node may decide to defer the data by queueing it in the
.Nm
NETISR system (see below).
It achieves this by setting the
.Dv HK_QUEUE
flag in the flags word of the hook on which that data will arrive.
The infrastructure will respect that bit and queue the data for delivery at
a later time, rather than deliver it directly.
A node may decide to set
the bit on the
.Em peer
node, so that its own output packets are queued.
.Pp
The node may elect to nominate a different receive data function
for data received on a particular hook, to simplify coding.
It uses the
.Fn NG_HOOK_SET_RCVDATA hook fn
macro to do this.
The function receives the same arguments in every way
other than it will receive all (and only) packets from that hook.
.It Receive control message
This method is called when a control message is addressed to the node.
As with the received data, an
.Em item
is received, with a pointer to the control message.
The message can be examined using the
.Fn NGI_MSG
macro, or completely extracted from the item using the
.Fn NGI_GET_MSG
which also removes the reference within the item.
If the item still holds a reference to the message when it is freed
(using the
.Fn NG_FREE_ITEM
macro), then the message will also be freed appropriately.
If the
reference has been removed, the node must free the message itself using the
.Fn NG_FREE_MSG
macro.
A return address is always supplied, giving the address of the node
that originated the message so a reply message can be sent anytime later.
The return address is retrieved from the
.Em item
using the
.Fn NGI_RETADDR
macro and is of type
.Vt ng_ID_t .
All control messages and replies are
allocated with the
.Xr malloc 9
type
.Dv M_NETGRAPH_MSG ,
however it is more convenient to use the
.Fn NG_MKMESSAGE
and
.Fn NG_MKRESPONSE
macros to allocate and fill out a message.
Messages must be freed using the
.Fn NG_FREE_MSG
macro.
.Pp
If the message was delivered via a specific hook, that hook will
also be made known, which allows the use of such things as flow-control
messages, and status change messages, where the node may want to forward
the message out another hook to that on which it arrived.
.Pp
The node may elect to nominate a different receive message function
for messages received on a particular hook, to simplify coding.
It uses the
.Fn NG_HOOK_SET_RCVMSG hook fn
macro to do this.
The function receives the same arguments in every way
other than it will receive all (and only) messages from that hook.
.El
.Pp
Much use has been made of reference counts, so that nodes being
freed of all references are automatically freed, and this behaviour
has been tested and debugged to present a consistent and trustworthy
framework for the
.Dq type module
writer to use.
.Ss Addressing
The
.Nm
framework provides an unambiguous and simple to use method of specifically
addressing any single node in the graph.
The naming of a node is
independent of its type, in that another node, or external component
need not know anything about the node's type in order to address it so as
to send it a generic message type.
Node and hook names should be
chosen so as to make addresses meaningful.
.Pp
Addresses are either absolute or relative.
An absolute address begins
with a node name or ID, followed by a colon, followed by a sequence of hook
names separated by periods.
This addresses the node reached by starting
at the named node and following the specified sequence of hooks.
A relative address includes only the sequence of hook names, implicitly
starting hook traversal at the local node.
.Pp
There are a couple of special possibilities for the node name.
The name
.Ql .\&
(referred to as
.Ql .: )
always refers to the local node.
Also, nodes that have no global name may be addressed by their ID numbers,
by enclosing the hexadecimal representation of the ID number within
the square brackets.
Here are some examples of valid
.Nm
addresses:
.Bd -literal -offset indent
\&.:
[3f]:
foo:
\&.:hook1
foo:hook1.hook2
[d80]:hook1
.Ed
.Pp
The following set of nodes might be created for a site with
a single physical frame relay line having two active logical DLCI channels,
with RFC 1490 frames on DLCI 16 and PPP frames over DLCI 20:
.Bd -literal
[type SYNC ] [type FRAME] [type RFC1490]
[ "Frame1" ](uplink)<-->(data)[<un-named>](dlci16)<-->(mux)[<un-named> ]
[ A ] [ B ](dlci20)<---+ [ C ]
|
| [ type PPP ]
+>(mux)[<un-named>]
[ D ]
.Ed
.Pp
One could always send a control message to node C from anywhere
by using the name
.Dq Li Frame1:uplink.dlci16 .
In this case, node C would also be notified that the message
reached it via its hook
.Va mux .
Similarly,
.Dq Li Frame1:uplink.dlci20
could reliably be used to reach node D, and node A could refer
to node B as
.Dq Li .:uplink ,
or simply
.Dq Li uplink .
Conversely, B can refer to A as
.Dq Li data .
The address
.Dq Li mux.data
could be used by both nodes C and D to address a message to node A.
.Pp
Note that this is only for
.Em control messages .
In each of these cases, where a relative addressing mode is
used, the recipient is notified of the hook on which the
message arrived, as well as
the originating node.
This allows the option of hop-by-hop distribution of messages and
state information.
Data messages are
.Em only
routed one hop at a time, by specifying the departing
hook, with each node making
the next routing decision.
So when B receives a frame on hook
.Va data ,
it decodes the frame relay header to determine the DLCI,
and then forwards the unwrapped frame to either C or D.
.Pp
In a similar way, flow control messages may be routed in the reverse
direction to outgoing data.
For example a
.Dq "buffer nearly full"
message from
.Dq Li Frame1:
would be passed to node B
which might decide to send similar messages to both nodes
C and D.
The nodes would use
.Em "direct hook pointer"
addressing to route the messages.
The message may have travelled from
.Dq Li Frame1:
to B
as a synchronous reply, saving time and cycles.
.Ss Netgraph Structures
Structures are defined in
.In netgraph/netgraph.h
(for kernel structures only of interest to nodes)
and
.In netgraph/ng_message.h
(for message definitions also of interest to user programs).
.Pp
The two basic object types that are of interest to node authors are
.Em nodes
and
.Em hooks .
These two objects have the following
properties that are also of interest to the node writers.
.Bl -tag -width 2n
.It Vt "struct ng_node"
Node authors should always use the following
.Ic typedef
to declare
their pointers, and should never actually declare the structure.
.Pp
.Fd "typedef struct ng_node *node_p;"
.Pp
The following properties are associated with a node, and can be
accessed in the following manner:
.Bl -tag -width 2n
.It Validity
A driver or interrupt routine may want to check whether
the node is still valid.
It is assumed that the caller holds a reference
on the node so it will not have been freed, however it may have been
disabled or otherwise shut down.
Using the
.Fn NG_NODE_IS_VALID node
macro will return this state.
Eventually it should be almost impossible
for code to run in an invalid node but at this time that work has not been
completed.
.It Node ID Pq Vt ng_ID_t
This property can be retrieved using the macro
.Fn NG_NODE_ID node .
.It Node name
Optional globally unique name,
.Dv NUL
terminated string.
If there
is a value in here, it is the name of the node.
.Bd -literal -offset indent
if (NG_NODE_NAME(node)[0] != '\e0') ...
if (strcmp(NG_NODE_NAME(node), "fred") == 0) ...
.Ed
.It A node dependent opaque cookie
Anything of the pointer type can be placed here.
The macros
.Fn NG_NODE_SET_PRIVATE node value
and
.Fn NG_NODE_PRIVATE node
set and retrieve this property, respectively.
.It Number of hooks
The
.Fn NG_NODE_NUMHOOKS node
macro is used
to retrieve this value.
.It Hooks
The node may have a number of hooks.
A traversal method is provided to allow all the hooks to be
tested for some condition.
.Fn NG_NODE_FOREACH_HOOK node fn arg rethook
where
.Fa fn
is a function that will be called for each hook
with the form
.Fn fn hook arg
and returning 0 to terminate the search.
If the search is terminated, then
.Fa rethook
will be set to the hook at which the search was terminated.
.El
.It Vt "struct ng_hook"
Node authors should always use the following
.Ic typedef
to declare
their hook pointers.
.Pp
.Fd "typedef struct ng_hook *hook_p;"
.Pp
The following properties are associated with a hook, and can be
accessed in the following manner:
.Bl -tag -width 2n
.It A hook dependent opaque cookie
Anything of the pointer type can be placed here.
The macros
.Fn NG_HOOK_SET_PRIVATE hook value
and
.Fn NG_HOOK_PRIVATE hook
set and retrieve this property, respectively.
.It \&An associate node
The macro
.Fn NG_HOOK_NODE hook
finds the associated node.
.It A peer hook Pq Vt hook_p
The other hook in this connected pair.
The
.Fn NG_HOOK_PEER hook
macro finds the peer.
.It References
The
.Fn NG_HOOK_REF hook
and
.Fn NG_HOOK_UNREF hook
macros
increment and decrement the hook reference count accordingly.
After decrement you should always assume the hook has been freed
unless you have another reference still valid.
.It Override receive functions
The
.Fn NG_HOOK_SET_RCVDATA hook fn
and
.Fn NG_HOOK_SET_RCVMSG hook fn
macros can be used to set override methods that will be used in preference
to the generic receive data and receive message functions.
To unset these, use the macros to set them to
.Dv NULL .
They will only be used for data and
messages received on the hook on which they are set.
.El
.Pp
The maintenance of the names, reference counts, and linked list
of hooks for each node is handled automatically by the
.Nm
subsystem.
Typically a node's private info contains a back-pointer to the node or hook
structure, which counts as a new reference that must be included
in the reference count for the node.
When the node constructor is called,
there is already a reference for this calculated in, so that
when the node is destroyed, it should remember to do a
.Fn NG_NODE_UNREF
on the node.
.Pp
From a hook you can obtain the corresponding node, and from
a node, it is possible to traverse all the active hooks.
.Pp
A current example of how to define a node can always be seen in
.Pa src/sys/netgraph/ng_sample.c
and should be used as a starting point for new node writers.
.El
.Ss Netgraph Message Structure
Control messages have the following structure:
.Bd -literal
#define NG_CMDSTRSIZ 32 /* Max command string (including null) */
struct ng_mesg {
struct ng_msghdr {
u_char version; /* Must equal NG_VERSION */
u_char spare; /* Pad to 4 bytes */
uint16_t spare2;
uint32_t arglen; /* Length of cmd/resp data */
uint32_t cmd; /* Command identifier */
uint32_t flags; /* Message status flags */
uint32_t token; /* Reply should have the same token */
uint32_t typecookie; /* Node type understanding this message */
u_char cmdstr[NG_CMDSTRSIZ]; /* cmd string + \0 */
} header;
char data[]; /* placeholder for actual data */
};
#define NG_ABI_VERSION 12 /* Netgraph kernel ABI version */
#define NG_VERSION 8 /* Netgraph message version */
#define NGF_ORIG 0x00000000 /* The msg is the original request */
#define NGF_RESP 0x00000001 /* The message is a response */
.Ed
.Pp
Control messages have the fixed header shown above, followed by a
variable length data section which depends on the type cookie
and the command.
Each field is explained below:
.Bl -tag -width indent
.It Va version
Indicates the version of the
.Nm
message protocol itself.
The current version is
.Dv NG_VERSION .
.It Va arglen
This is the length of any extra arguments, which begin at
.Va data .
.It Va flags
Indicates whether this is a command or a response control message.
.It Va token
The
.Va token
is a means by which a sender can match a reply message to the
corresponding command message; the reply always has the same token.
.It Va typecookie
The corresponding node type's unique 32-bit value.
If a node does not recognize the type cookie it must reject the message
by returning
.Er EINVAL .
.Pp
Each type should have an include file that defines the commands,
argument format, and cookie for its own messages.
The typecookie
ensures that the same header file was included by both sender and
receiver; when an incompatible change in the header file is made,
the typecookie
.Em must
be changed.
The de-facto method for generating unique type cookies is to take the
seconds from the Epoch at the time the header file is written
(i.e., the output of
.Dq Nm date Fl u Li +%s ) .
.Pp
There is a predefined typecookie
.Dv NGM_GENERIC_COOKIE
for the
.Vt generic
node type, and
a corresponding set of generic messages which all nodes understand.
The handling of these messages is automatic.
.It Va cmd
The identifier for the message command.
This is type specific,
and is defined in the same header file as the typecookie.
.It Va cmdstr
Room for a short human readable version of
.Va command
(for debugging purposes only).
.El
.Pp
Some modules may choose to implement messages from more than one
of the header files and thus recognize more than one type cookie.
.Ss Control Message ASCII Form
Control messages are in binary format for efficiency.
However, for
debugging and human interface purposes, and if the node type supports
it, control messages may be converted to and from an equivalent
.Tn ASCII
form.
The
.Tn ASCII
form is similar to the binary form, with two exceptions:
.Bl -enum
.It
The
.Va cmdstr
header field must contain the
.Tn ASCII
name of the command, corresponding to the
.Va cmd
header field.
.It
The arguments field contains a
.Dv NUL Ns
-terminated
.Tn ASCII
string version of the message arguments.
.El
.Pp
In general, the arguments field of a control message can be any
arbitrary C data type.
.Nm Netgraph
includes parsing routines to support
some pre-defined datatypes in
.Tn ASCII
with this simple syntax:
.Bl -bullet
.It
Integer types are represented by base 8, 10, or 16 numbers.
.It
Strings are enclosed in double quotes and respect the normal
C language backslash escapes.
.It
IP addresses have the obvious form.
.It
Arrays are enclosed in square brackets, with the elements listed
consecutively starting at index zero.
An element may have an optional index and equals sign
.Pq Ql =
preceding it.
Whenever an element
does not have an explicit index, the index is implicitly the previous
element's index plus one.
.It
Structures are enclosed in curly braces, and each field is specified
in the form
.Ar fieldname Ns = Ns Ar value .
.It
Any array element or structure field whose value is equal to its
.Dq default value
may be omitted.
For integer types, the default value
is usually zero; for string types, the empty string.
.It
Array elements and structure fields may be specified in any order.
.El
.Pp
Each node type may define its own arbitrary types by providing
the necessary routines to parse and unparse.
.Tn ASCII
forms defined
for a specific node type are documented in the corresponding man page.
.Ss Generic Control Messages
There are a number of standard predefined messages that will work
for any node, as they are supported directly by the framework itself.
These are defined in
.In netgraph/ng_message.h
along with the basic layout of messages and other similar information.
.Bl -tag -width indent
.It Dv NGM_CONNECT
Connect to another node, using the supplied hook names on either end.
.It Dv NGM_MKPEER
Construct a node of the given type and then connect to it using the
supplied hook names.
.It Dv NGM_SHUTDOWN
The target node should disconnect from all its neighbours and shut down.
Persistent nodes such as those representing physical hardware
might not disappear from the node namespace, but only reset themselves.
The node must disconnect all of its hooks.
This may result in neighbors shutting themselves down, and possibly a
cascading shutdown of the entire connected graph.
.It Dv NGM_NAME
Assign a name to a node.
Nodes can exist without having a name, and this
is the default for nodes created using the
.Dv NGM_MKPEER
method.
Such nodes can only be addressed relatively or by their ID number.
.It Dv NGM_RMHOOK
Ask the node to break a hook connection to one of its neighbours.
Both nodes will have their
.Dq disconnect
method invoked.
Either node may elect to totally shut down as a result.
.It Dv NGM_NODEINFO
Asks the target node to describe itself.
The four returned fields
are the node name (if named), the node type, the node ID and the
number of hooks attached.
The ID is an internal number unique to that node.
.It Dv NGM_LISTHOOKS
This returns the information given by
.Dv NGM_NODEINFO ,
but in addition
includes an array of fields describing each link, and the description for
the node at the far end of that link.
.It Dv NGM_LISTNAMES
This returns an array of node descriptions (as for
.Dv NGM_NODEINFO )
where each entry of the array describes a named node.
All named nodes will be described.
.It Dv NGM_LISTNODES
This is the same as
.Dv NGM_LISTNAMES
except that all nodes are listed regardless of whether they have a name or not.
.It Dv NGM_LISTTYPES
This returns a list of all currently installed
.Nm
types.
.It Dv NGM_TEXT_STATUS
The node may return a text formatted status message.
The status information is determined entirely by the node type.
It is the only
.Dq generic
message
that requires any support within the node itself and as such the node may
elect to not support this message.
The text response must be less than
.Dv NG_TEXTRESPONSE
bytes in length (presently 1024).
This can be used to return general
status information in human readable form.
.It Dv NGM_BINARY2ASCII
This message converts a binary control message to its
.Tn ASCII
form.
The entire control message to be converted is contained within the
arguments field of the
.Dv NGM_BINARY2ASCII
message itself.
If successful, the reply will contain the same control
message in
.Tn ASCII
form.
A node will typically only know how to translate messages that it
itself understands, so the target node of the
.Dv NGM_BINARY2ASCII
is often the same node that would actually receive that message.
.It Dv NGM_ASCII2BINARY
The opposite of
.Dv NGM_BINARY2ASCII .
The entire control message to be converted, in
.Tn ASCII
form, is contained
in the arguments section of the
.Dv NGM_ASCII2BINARY
and need only have the
.Va flags , cmdstr ,
and
.Va arglen
header fields filled in, plus the
.Dv NUL Ns
-terminated string version of
the arguments in the arguments field.
If successful, the reply
contains the binary version of the control message.
.El
.Ss Flow Control Messages
In addition to the control messages that affect nodes with respect to the
graph, there are also a number of
.Em flow control
messages defined.
At present these are
.Em not
handled automatically by the system, so
nodes need to handle them if they are going to be used in a graph utilising
flow control, and will be in the likely path of these messages.
The default action of a node that does not understand these messages should
be to pass them onto the next node.
Hopefully some helper functions will assist in this eventually.
These messages are also defined in
.In netgraph/ng_message.h
and have a separate cookie
.Dv NG_FLOW_COOKIE
to help identify them.
They will not be covered in depth here.
.Sh INITIALIZATION
The base
.Nm
code may either be statically compiled
into the kernel or else loaded dynamically as a KLD via
.Xr kldload 8 .
In the former case, include
.Pp
.D1 Cd "options NETGRAPH"
.Pp
in your kernel configuration file.
You may also include selected
node types in the kernel compilation, for example:
.Pp
.D1 Cd "options NETGRAPH"
.D1 Cd "options NETGRAPH_SOCKET"
.D1 Cd "options NETGRAPH_ECHO"
.Pp
Once the
.Nm
subsystem is loaded, individual node types may be loaded at any time
as KLD modules via
.Xr kldload 8 .
Moreover,
.Nm
knows how to automatically do this; when a request to create a new
node of unknown type
.Ar type
is made,
.Nm
will attempt to load the KLD module
.Pa ng_ Ns Ao Ar type Ac Ns Pa .ko .
.Pp
Types can also be installed at boot time, as certain device drivers
may want to export each instance of the device as a
.Nm
node.
.Pp
In general, new types can be installed at any time from within the
kernel by calling
.Fn ng_newtype ,
supplying a pointer to the type's
.Vt "struct ng_type"
structure.
.Pp
The
.Fn NETGRAPH_INIT
macro automates this process by using a linker set.
.Sh EXISTING NODE TYPES
Several node types currently exist.
Each is fully documented in its own man page:
.Bl -tag -width indent
.It SOCKET
The socket type implements two new sockets in the new protocol domain
.Dv PF_NETGRAPH .
The new sockets protocols are
.Dv NG_DATA
and
.Dv NG_CONTROL ,
both of type
.Dv SOCK_DGRAM .
Typically one of each is associated with a socket node.
When both sockets have closed, the node will shut down.
The
.Dv NG_DATA
socket is used for sending and receiving data, while the
.Dv NG_CONTROL
socket is used for sending and receiving control messages.
Data and control messages are passed using the
.Xr sendto 2
and
.Xr recvfrom 2
system calls, using a
.Vt "struct sockaddr_ng"
socket address.
.It HOLE
Responds only to generic messages and is a
.Dq black hole
for data.
Useful for testing.
Always accepts new hooks.
.It ECHO
Responds only to generic messages and always echoes data back through the
hook from which it arrived.
Returns any non-generic messages as their own response.
Useful for testing.
Always accepts new hooks.
.It TEE
This node is useful for
.Dq snooping .
It has 4 hooks:
.Va left , right , left2right ,
and
.Va right2left .
Data entering from the
.Va right
is passed to the
.Va left
and duplicated on
.Va right2left ,
and data entering from the
.Va left
is passed to the
.Va right
and duplicated on
.Va left2right .
Data entering from
.Va left2right
is sent to the
.Va right
and data from
.Va right2left
to
.Va left .
.It RFC1490 MUX
Encapsulates/de-encapsulates frames encoded according to RFC 1490.
Has a hook for the encapsulated packets
.Pq Va downstream
and one hook
for each protocol (i.e., IP, PPP, etc.).
.It FRAME RELAY MUX
Encapsulates/de-encapsulates Frame Relay frames.
Has a hook for the encapsulated packets
.Pq Va downstream
and one hook
for each DLCI.
.It FRAME RELAY LMI
Automatically handles frame relay
.Dq LMI
(link management interface) operations and packets.
Automatically probes and detects which of several LMI standards
is in use at the exchange.
.It TTY
This node is also a line discipline.
It simply converts between
.Vt mbuf
frames and sequential serial data, allowing a TTY to appear as a
.Nm
node.
It has a programmable
.Dq hotkey
character.
.It ASYNC
This node encapsulates and de-encapsulates asynchronous frames
according to RFC 1662.
This is used in conjunction with the TTY node
type for supporting PPP links over asynchronous serial lines.
.It ETHERNET
This node is attached to every Ethernet interface in the system.
It allows capturing raw Ethernet frames from the network, as well as
sending frames out of the interface.
.It INTERFACE
This node is also a system networking interface.
It has hooks representing each protocol family (IP, IPv6)
and appears in the output of
.Xr ifconfig 8 .
The interfaces are named
.Dq Li ng0 ,
.Dq Li ng1 ,
etc.
.It ONE2MANY
This node implements a simple round-robin multiplexer.
It can be used
for example to make several LAN ports act together to get a higher speed
link between two machines.
.It Various PPP related nodes
There is a full multilink PPP implementation that runs in
.Nm .
The
.Pa net/mpd5
port can use these modules to make a very low latency high
capacity PPP system.
It also supports
.Tn PPTP
VPNs using the PPTP node.
.It PPPOE
A server and client side implementation of PPPoE.
Used in conjunction with
either
.Xr ppp 8
or the
.Pa net/mpd5
port.
.It BRIDGE
This node, together with the Ethernet nodes, allows a very flexible
bridging system to be implemented.
.It KSOCKET
This intriguing node looks like a socket to the system but diverts
all data to and from the
.Nm
system for further processing.
This allows
such things as UDP tunnels to be almost trivially implemented from the
command line.
.El
.Pp
Refer to the section at the end of this man page for more nodes types.
.Sh NOTES
Whether a named node exists can be checked by trying to send a control message
to it (e.g.,
.Dv NGM_NODEINFO ) .
If it does not exist,
.Er ENOENT
will be returned.
.Pp
All data messages are
.Vt mbuf chains
with the
.Dv M_PKTHDR
flag set.
.Pp
Nodes are responsible for freeing what they allocate.
There are three exceptions:
.Bl -enum
.It
.Vt Mbufs
sent across a data link are never to be freed by the sender.
In the
case of error, they should be considered freed.
.It
Messages sent using one of
.Fn NG_SEND_MSG_*
family macros are freed by the recipient.
As in the case above, the addresses
associated with the message are freed by whatever allocated them so the
recipient should copy them if it wants to keep that information.
.It
Both control messages and data are delivered and queued with a
.Nm
.Em item .
The item must be freed using
.Fn NG_FREE_ITEM item
or passed on to another node.
.El
.Sh FILES
.Bl -tag -width indent
.It In netgraph/netgraph.h
Definitions for use solely within the kernel by
.Nm
nodes.
.It In netgraph/ng_message.h
Definitions needed by any file that needs to deal with
.Nm
messages.
.It In netgraph/ng_socket.h
Definitions needed to use
.Nm
.Vt socket
type nodes.
.It In netgraph/ng_ Ns Ao Ar type Ac Ns Pa .h
Definitions needed to use
.Nm
.Ar type
nodes, including the type cookie definition.
.It Pa /boot/kernel/netgraph.ko
The
.Nm
subsystem loadable KLD module.
.It Pa /boot/kernel/ng_ Ns Ao Ar type Ac Ns Pa .ko
Loadable KLD module for node type
.Ar type .
.It Pa src/sys/netgraph/ng_sample.c
Skeleton
.Nm
node.
Use this as a starting point for new node types.
.El
.Sh USER MODE SUPPORT
There is a library for supporting user-mode programs that wish
to interact with the
.Nm
system.
See
.Xr netgraph 3
for details.
.Pp
Two user-mode support programs,
.Xr ngctl 8
and
.Xr nghook 8 ,
are available to assist manual configuration and debugging.
.Pp
There are a few useful techniques for debugging new node types.
First, implementing new node types in user-mode first
makes debugging easier.
The
.Vt tee
node type is also useful for debugging, especially in conjunction with
.Xr ngctl 8
and
.Xr nghook 8 .
.Pp
Also look in
.Pa /usr/share/examples/netgraph
for solutions to several
common networking problems, solved using
.Nm .
.Sh SEE ALSO
.Xr socket 2 ,
.Xr netgraph 3 ,
.Xr ng_async 4 ,
.Xr ng_atm 4 ,
.Xr ng_atmllc 4 ,
.Xr ng_bluetooth 4 ,
.Xr ng_bpf 4 ,
.Xr ng_bridge 4 ,
.Xr ng_bt3c 4 ,
.Xr ng_btsocket 4 ,
.Xr ng_car 4 ,
.Xr ng_cisco 4 ,
.Xr ng_device 4 ,
.Xr ng_echo 4 ,
.Xr ng_eiface 4 ,
.Xr ng_etf 4 ,
.Xr ng_ether 4 ,
.Xr ng_frame_relay 4 ,
.Xr ng_gif 4 ,
.Xr ng_gif_demux 4 ,
.Xr ng_h4 4 ,
.Xr ng_hci 4 ,
.Xr ng_hole 4 ,
.Xr ng_hub 4 ,
.Xr ng_iface 4 ,
.Xr ng_ip_input 4 ,
.Xr ng_ipfw 4 ,
.Xr ng_ksocket 4 ,
.Xr ng_l2cap 4 ,
.Xr ng_l2tp 4 ,
.Xr ng_lmi 4 ,
.Xr ng_mppc 4 ,
.Xr ng_nat 4 ,
.Xr ng_netflow 4 ,
.Xr ng_one2many 4 ,
.Xr ng_patch 4 ,
.Xr ng_ppp 4 ,
.Xr ng_pppoe 4 ,
.Xr ng_pptpgre 4 ,
.Xr ng_rfc1490 4 ,
.Xr ng_socket 4 ,
.Xr ng_split 4 ,
.Xr ng_sppp 4 ,
.Xr ng_sscfu 4 ,
.Xr ng_sscop 4 ,
.Xr ng_tee 4 ,
.Xr ng_tty 4 ,
.Xr ng_ubt 4 ,
.Xr ng_UI 4 ,
.Xr ng_uni 4 ,
.Xr ng_vjc 4 ,
.Xr ng_vlan 4 ,
.Xr ngctl 8 ,
.Xr nghook 8
.Sh HISTORY
The
.Nm
system was designed and first implemented at Whistle Communications, Inc.\&
in a version of
.Fx 2.2
customized for the Whistle InterJet.
It first made its debut in the main tree in
.Fx 3.4 .
.Sh AUTHORS
.An -nosplit
.An Julian Elischer Aq Mt julian@FreeBSD.org ,
with contributions by
.An Archie Cobbs Aq Mt archie@FreeBSD.org .