driver_nl80211: use Linux socket filter to improve performance

TX status information for all transmitted data frames is not going to
be sent to hostapd anymore, so the CPU load with high traffic load is
going to be significantly reduced.
This commit is contained in:
Johannes Berg 2009-01-27 12:28:05 +02:00 committed by Jouni Malinen
parent 7ce3304ab3
commit 9616af520b
2 changed files with 152 additions and 0 deletions

View File

@ -3,6 +3,7 @@ ChangeLog for hostapd
????-??-?? - v0.7.0
* increased hostapd_cli ping interval to 5 seconds and made this
configurable with a new command line options (-G<seconds>)
* driver_nl80211: use Linux socket filter to improve performance
2009-01-06 - v0.6.7
* added support for Wi-Fi Protected Setup (WPS)

View File

@ -27,6 +27,7 @@
#include <net/if.h>
#include <netpacket/packet.h>
#include "wireless_copy.h"
#include <linux/filter.h>
#include <net/if_arp.h>
#include "hostapd.h"
@ -1876,6 +1877,150 @@ static void handle_monitor_read(int sock, void *eloop_ctx, void *sock_ctx)
}
/*
* we post-process the filter code later and rewrite
* this to the offset to the last instruction
*/
#define PASS 0xFF
#define FAIL 0xFE
static struct sock_filter msock_filter_insns[] = {
/*
* do a little-endian load of the radiotap length field
*/
/* load lower byte into A */
BPF_STMT(BPF_LD | BPF_B | BPF_ABS, 2),
/* put it into X (== index register) */
BPF_STMT(BPF_MISC| BPF_TAX, 0),
/* load upper byte into A */
BPF_STMT(BPF_LD | BPF_B | BPF_ABS, 3),
/* left-shift it by 8 */
BPF_STMT(BPF_ALU | BPF_LSH | BPF_K, 8),
/* or with X */
BPF_STMT(BPF_ALU | BPF_OR | BPF_X, 0),
/* put result into X */
BPF_STMT(BPF_MISC| BPF_TAX, 0),
/*
* Allow management frames through, this also gives us those
* management frames that we sent ourselves with status
*/
/* load the lower byte of the IEEE 802.11 frame control field */
BPF_STMT(BPF_LD | BPF_B | BPF_IND, 0),
/* mask off frame type and version */
BPF_STMT(BPF_ALU | BPF_AND | BPF_K, 0xF),
/* accept frame if it's both 0, fall through otherwise */
BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 0, PASS, 0),
/*
* TODO: add a bit to radiotap RX flags that indicates
* that the sending station is not associated, then
* add a filter here that filters on our DA and that flag
* to allow us to deauth frames to that bad station.
*
* Not a regression -- we didn't do it before either.
*/
#if 0
/*
* drop non-data frames, WDS frames
*/
/* load the lower byte of the frame control field */
BPF_STMT(BPF_LD | BPF_B | BPF_IND, 0),
/* mask off QoS bit */
BPF_STMT(BPF_ALU | BPF_AND | BPF_K, 0x0c),
/* drop non-data frames */
BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 8, 0, FAIL),
/* load the upper byte of the frame control field */
BPF_STMT(BPF_LD | BPF_B | BPF_IND, 0),
/* mask off toDS/fromDS */
BPF_STMT(BPF_ALU | BPF_AND | BPF_K, 0x03),
/* drop WDS frames */
BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 3, FAIL, 0),
#endif
/*
* add header length to index
*/
/* load the lower byte of the frame control field */
BPF_STMT(BPF_LD | BPF_B | BPF_IND, 0),
/* mask off QoS bit */
BPF_STMT(BPF_ALU | BPF_AND | BPF_K, 0x80),
/* right shift it by 6 to give 0 or 2 */
BPF_STMT(BPF_ALU | BPF_RSH | BPF_K, 6),
/* add data frame header length */
BPF_STMT(BPF_ALU | BPF_ADD | BPF_K, 24),
/* add index, was start of 802.11 header */
BPF_STMT(BPF_ALU | BPF_ADD | BPF_X, 0),
/* move to index, now start of LL header */
BPF_STMT(BPF_MISC | BPF_TAX, 0),
/*
* Accept empty data frames, we use those for
* polling activity.
*/
BPF_STMT(BPF_LD | BPF_W | BPF_LEN, 0),
BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_X, 0, PASS, 0),
/*
* Accept EAPOL frames
*/
BPF_STMT(BPF_LD | BPF_W | BPF_IND, 0),
BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 0xAAAA0300, 0, FAIL),
BPF_STMT(BPF_LD | BPF_W | BPF_IND, 4),
BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 0x0000888E, PASS, FAIL),
/* keep these last two statements or change the code below */
/* return 0 == "DROP" */
BPF_STMT(BPF_RET | BPF_K, 0),
/* return ~0 == "keep all" */
BPF_STMT(BPF_RET | BPF_K, ~0),
};
static struct sock_fprog msock_filter = {
.len = sizeof(msock_filter_insns)/sizeof(msock_filter_insns[0]),
.filter = msock_filter_insns,
};
static int add_monitor_filter(int s)
{
int idx;
/* rewrite all PASS/FAIL jump offsets */
for (idx = 0; idx < msock_filter.len; idx++) {
struct sock_filter *insn = &msock_filter_insns[idx];
if (BPF_CLASS(insn->code) == BPF_JMP) {
if (insn->code == (BPF_JMP|BPF_JA)) {
if (insn->k == PASS)
insn->k = msock_filter.len - idx - 2;
else if (insn->k == FAIL)
insn->k = msock_filter.len - idx - 3;
}
if (insn->jt == PASS)
insn->jt = msock_filter.len - idx - 2;
else if (insn->jt == FAIL)
insn->jt = msock_filter.len - idx - 3;
if (insn->jf == PASS)
insn->jf = msock_filter.len - idx - 2;
else if (insn->jf == FAIL)
insn->jf = msock_filter.len - idx - 3;
}
}
if (setsockopt(s, SOL_SOCKET, SO_ATTACH_FILTER,
&msock_filter, sizeof(msock_filter))) {
perror("SO_ATTACH_FILTER");
return -1;
}
return 0;
}
static int nl80211_create_monitor_interface(struct i802_driver_data *drv)
{
char buf[IFNAMSIZ];
@ -1904,6 +2049,12 @@ static int nl80211_create_monitor_interface(struct i802_driver_data *drv)
goto error;
}
if (add_monitor_filter(drv->monitor_sock)) {
wpa_printf(MSG_INFO, "Failed to set socket filter for monitor "
"interface; do filtering in user space");
/* This works, but will cost in performance. */
}
if (bind(drv->monitor_sock, (struct sockaddr *) &ll,
sizeof(ll)) < 0) {
perror("monitor socket bind");