Add inet6 part of the rfc6056 code contributed by Vlad Balan as part of

Google SoC-2011
This commit is contained in:
christos 2011-09-24 17:22:14 +00:00
parent bf93cf8726
commit 5ec72efbaa
7 changed files with 154 additions and 98 deletions

View File

@ -1,4 +1,4 @@
/* $NetBSD: in6_pcb.c,v 1.115 2011/08/31 18:31:03 plunky Exp $ */
/* $NetBSD: in6_pcb.c,v 1.116 2011/09/24 17:22:14 christos Exp $ */
/* $KAME: in6_pcb.c,v 1.84 2001/02/08 18:02:08 itojun Exp $ */
/*
@ -62,7 +62,7 @@
*/
#include <sys/cdefs.h>
__KERNEL_RCSID(0, "$NetBSD: in6_pcb.c,v 1.115 2011/08/31 18:31:03 plunky Exp $");
__KERNEL_RCSID(0, "$NetBSD: in6_pcb.c,v 1.116 2011/09/24 17:22:14 christos Exp $");
#include "opt_inet.h"
#include "opt_ipsec.h"
@ -91,6 +91,7 @@ __KERNEL_RCSID(0, "$NetBSD: in6_pcb.c,v 1.115 2011/08/31 18:31:03 plunky Exp $")
#include <netinet/ip.h>
#include <netinet/in_pcb.h>
#include <netinet/ip6.h>
#include <netinet/rfc6056.h>
#include <netinet6/ip6_var.h>
#include <netinet6/in6_pcb.h>
#include <netinet6/scope6_var.h>
@ -176,6 +177,8 @@ in6_pcballoc(struct socket *so, void *v)
in6p->in6p_socket = so;
in6p->in6p_hops = -1; /* use kernel default */
in6p->in6p_icmp6filt = NULL;
in6p->in6p_rfc6056algo = RFC6056_ALGO_DEFAULT;
in6p->in6p_bindportonsend = false;
#if defined(IPSEC) || defined(FAST_IPSEC)
error = ipsec_init_pcbpolicy(so, &in6p->in6p_sp);
if (error != 0) {
@ -547,6 +550,18 @@ in6_pcbconnect(void *v, struct mbuf *nam, struct lwp *l)
}
in6p->in6p_faddr = sin6->sin6_addr;
in6p->in6p_fport = sin6->sin6_port;
/* Late bind, if needed */
if (in6p->in6p_bindportonsend) {
struct sockaddr_in6 lsin = *((const struct sockaddr_in6 *)
in6p->in6p_socket->so_proto->pr_domain->dom_sa_any);
lsin.sin6_addr = in6p->in6p_laddr;
lsin.sin6_port = 0;
if ((error = in6_pcbbind_port(in6p, &lsin, l)) != 0)
return error;
}
in6_pcbstate(in6p, IN6P_CONNECTED);
in6p->in6p_flowinfo &= ~IPV6_FLOWLABEL_MASK;
if (ip6_auto_flowlabel)

View File

@ -1,4 +1,4 @@
/* $NetBSD: in6_pcb.h,v 1.35 2011/05/03 18:28:45 dyoung Exp $ */
/* $NetBSD: in6_pcb.h,v 1.36 2011/09/24 17:22:14 christos Exp $ */
/* $KAME: in6_pcb.h,v 1.45 2001/02/09 05:59:46 itojun Exp $ */
/*
@ -78,14 +78,15 @@ struct icmp6_filter;
struct in6pcb {
struct inpcb_hdr in6p_head;
#define in6p_hash in6p_head.inph_hash
#define in6p_queue in6p_head.inph_queue
#define in6p_af in6p_head.inph_af
#define in6p_ppcb in6p_head.inph_ppcb
#define in6p_state in6p_head.inph_state
#define in6p_socket in6p_head.inph_socket
#define in6p_table in6p_head.inph_table
#define in6p_sp in6p_head.inph_sp
#define in6p_hash in6p_head.inph_hash
#define in6p_queue in6p_head.inph_queue
#define in6p_af in6p_head.inph_af
#define in6p_ppcb in6p_head.inph_ppcb
#define in6p_state in6p_head.inph_state
#define in6p_rfc6056algo in6p_head.inph_rfc6056algo
#define in6p_socket in6p_head.inph_socket
#define in6p_table in6p_head.inph_table
#define in6p_sp in6p_head.inph_sp
struct route in6p_route; /* placeholder for routing entry */
u_int16_t in6p_fport; /* foreign port */
u_int16_t in6p_lport; /* local port */
@ -98,6 +99,7 @@ struct in6pcb {
struct ip6_moptions *in6p_moptions; /* IP6 multicast options */
struct icmp6_filter *in6p_icmp6filt;
int in6p_cksum; /* IPV6_CHECKSUM setsockopt */
bool in6p_bindportonsend;
};
#define in6p_faddr in6p_ip6.ip6_dst

View File

@ -1,4 +1,4 @@
/* $NetBSD: in6_proto.c,v 1.92 2011/05/24 18:07:11 spz Exp $ */
/* $NetBSD: in6_proto.c,v 1.93 2011/09/24 17:22:14 christos Exp $ */
/* $KAME: in6_proto.c,v 1.66 2000/10/10 15:35:47 itojun Exp $ */
/*
@ -62,7 +62,7 @@
*/
#include <sys/cdefs.h>
__KERNEL_RCSID(0, "$NetBSD: in6_proto.c,v 1.92 2011/05/24 18:07:11 spz Exp $");
__KERNEL_RCSID(0, "$NetBSD: in6_proto.c,v 1.93 2011/09/24 17:22:14 christos Exp $");
#include "opt_gateway.h"
#include "opt_inet.h"
@ -168,13 +168,13 @@ PR_WRAP_CTLINPUT(tcp6_ctlinput)
#define tcp6_ctlinput tcp6_ctlinput_wrapper
PR_WRAP_CTLOUTPUT(rip6_ctloutput)
PR_WRAP_CTLOUTPUT(ip6_ctloutput)
PR_WRAP_CTLOUTPUT(tcp_ctloutput)
PR_WRAP_CTLOUTPUT(udp6_ctloutput)
PR_WRAP_CTLOUTPUT(icmp6_ctloutput)
#define rip6_ctloutput rip6_ctloutput_wrapper
#define ip6_ctloutput ip6_ctloutput_wrapper
#define tcp_ctloutput tcp_ctloutput_wrapper
#define udp6_ctloutput udp6_ctloutput_wrapper
#define icmp6_ctloutput icmp6_ctloutput_wrapper
#if defined(IPSEC) || defined(FAST_IPSEC)
@ -203,7 +203,7 @@ const struct ip6protosw inet6sw[] = {
.pr_flags = PR_ATOMIC|PR_ADDR|PR_PURGEIF,
.pr_input = udp6_input,
.pr_ctlinput = udp6_ctlinput,
.pr_ctloutput = ip6_ctloutput,
.pr_ctloutput = udp6_ctloutput,
.pr_usrreq = udp6_usrreq,
.pr_init = udp6_init,
},

View File

@ -1,4 +1,4 @@
/* $NetBSD: in6_src.c,v 1.51 2011/05/17 04:39:57 dholland Exp $ */
/* $NetBSD: in6_src.c,v 1.52 2011/09/24 17:22:14 christos Exp $ */
/* $KAME: in6_src.c,v 1.159 2005/10/19 01:40:32 t-momose Exp $ */
/*
@ -66,7 +66,7 @@
*/
#include <sys/cdefs.h>
__KERNEL_RCSID(0, "$NetBSD: in6_src.c,v 1.51 2011/05/17 04:39:57 dholland Exp $");
__KERNEL_RCSID(0, "$NetBSD: in6_src.c,v 1.52 2011/09/24 17:22:14 christos Exp $");
#include "opt_inet.h"
@ -93,6 +93,7 @@ __KERNEL_RCSID(0, "$NetBSD: in6_src.c,v 1.51 2011/05/17 04:39:57 dholland Exp $"
#include <netinet/in_systm.h>
#include <netinet/ip.h>
#include <netinet/in_pcb.h>
#include <netinet/rfc6056.h>
#include <netinet6/in6_var.h>
#include <netinet/ip6.h>
#include <netinet6/in6_pcb.h>
@ -801,35 +802,20 @@ in6_pcbsetport(struct sockaddr_in6 *sin6, struct in6pcb *in6p, struct lwp *l)
{
struct socket *so = in6p->in6p_socket;
struct inpcbtable *table = in6p->in6p_table;
int cnt;
u_int16_t minport, maxport;
u_int16_t lport, *lastport;
int wild = 0;
void *t;
int error;
enum kauth_network_req req;
/* XXX: this is redundant when called from in6_pcbbind */
if ((so->so_options & (SO_REUSEADDR|SO_REUSEPORT)) == 0 &&
((so->so_proto->pr_flags & PR_CONNREQUIRED) == 0 ||
(so->so_options & SO_ACCEPTCONN) == 0))
wild = 1;
int error = 0;
if (in6p->in6p_flags & IN6P_LOWPORT) {
#ifndef IPNOPRIVPORTS
req = KAUTH_REQ_NETWORK_BIND_PRIVPORT;
#else
req = KAUTH_REQ_NETWORK_BIND_PORT;
#endif
minport = ip6_lowportmin;
maxport = ip6_lowportmax;
lastport = &table->inpt_lastlow;
} else {
req = KAUTH_REQ_NETWORK_BIND_PORT;
minport = ip6_anonportmin;
maxport = ip6_anonportmax;
lastport = &table->inpt_lastport;
}
@ -839,52 +825,13 @@ in6_pcbsetport(struct sockaddr_in6 *sin6, struct in6pcb *in6p, struct lwp *l)
if (error)
return (EACCES);
if (minport > maxport) { /* sanity check */
u_int16_t swp;
swp = minport;
minport = maxport;
maxport = swp;
}
lport = *lastport - 1;
for (cnt = maxport - minport + 1; cnt; cnt--, lport--) {
vestigial_inpcb_t vestige;
if (lport < minport || lport > maxport)
lport = maxport;
#ifdef INET
if (IN6_IS_ADDR_V4MAPPED(&sin6->sin6_addr)) {
t = in_pcblookup_port(table,
*(struct in_addr *)&sin6->sin6_addr.s6_addr32[3],
htons(lport), wild, &vestige);
if (!t && vestige.valid)
continue;
} else
#endif
{
t = in6_pcblookup_port(table, &sin6->sin6_addr,
htons(lport), wild, &vestige);
if (!t && vestige.valid)
continue;
}
if (t == 0) {
/* We have a free port. Check with the secmodel. */
sin6->sin6_port = lport;
error = kauth_authorize_network(l->l_cred,
KAUTH_NETWORK_BIND, req, so, sin6, NULL);
if (error) {
/* Secmodel says no. Keep looking. */
continue;
}
/*
* Use RFC6056 randomized port selection
*/
error = rfc6056_randport(&lport, &in6p->in6p_head, l->l_cred);
if (error)
return error;
goto found;
}
}
return (EAGAIN);
found:
in6p->in6p_flags |= IN6P_ANONPORT;
*lastport = lport;
in6p->in6p_lport = htons(lport);

View File

@ -1,4 +1,4 @@
/* $NetBSD: udp6_output.c,v 1.42 2011/08/31 18:31:03 plunky Exp $ */
/* $NetBSD: udp6_output.c,v 1.43 2011/09/24 17:22:14 christos Exp $ */
/* $KAME: udp6_output.c,v 1.43 2001/10/15 09:19:52 itojun Exp $ */
/*
@ -62,7 +62,7 @@
*/
#include <sys/cdefs.h>
__KERNEL_RCSID(0, "$NetBSD: udp6_output.c,v 1.42 2011/08/31 18:31:03 plunky Exp $");
__KERNEL_RCSID(0, "$NetBSD: udp6_output.c,v 1.43 2011/09/24 17:22:14 christos Exp $");
#include "opt_inet.h"
@ -182,10 +182,9 @@ udp6_output(struct in6pcb * const in6p, struct mbuf *m,
/*
* IPv4 version of udp_output calls in_pcbconnect in this case,
* which needs splnet and affects performance.
* Since we saw no essential reason for calling in_pcbconnect,
* we get rid of such kind of logic, and call in6_selectsrc
* and in6_pcbsetport in order to fill in the local address
* and the local port.
* We have to do this as well, since in6_pcbsetport needs to
* know the foreign address for some of the algorithms that
* it employs.
*/
if (sin6->sin6_port == 0) {
error = EADDRNOTAVAIL;
@ -292,7 +291,9 @@ udp6_output(struct in6pcb * const in6p, struct mbuf *m,
error = sa6_recoverscope(&lsin6);
if (error)
goto release;
error = in6_pcbsetport(&lsin6, in6p, l);
error = in6_pcbconnect(in6p, addr6, l);
if (error)
goto release;
}

View File

@ -1,4 +1,4 @@
/* $NetBSD: udp6_usrreq.c,v 1.89 2011/05/03 18:28:45 dyoung Exp $ */
/* $NetBSD: udp6_usrreq.c,v 1.90 2011/09/24 17:22:14 christos Exp $ */
/* $KAME: udp6_usrreq.c,v 1.86 2001/05/27 17:33:00 itojun Exp $ */
/*
@ -62,7 +62,9 @@
*/
#include <sys/cdefs.h>
__KERNEL_RCSID(0, "$NetBSD: udp6_usrreq.c,v 1.89 2011/05/03 18:28:45 dyoung Exp $");
__KERNEL_RCSID(0, "$NetBSD: udp6_usrreq.c,v 1.90 2011/09/24 17:22:14 christos Exp $");
#include "opt_inet.h"
#include <sys/param.h>
#include <sys/malloc.h>
@ -75,6 +77,7 @@ __KERNEL_RCSID(0, "$NetBSD: udp6_usrreq.c,v 1.89 2011/05/03 18:28:45 dyoung Exp
#include <sys/systm.h>
#include <sys/proc.h>
#include <sys/syslog.h>
#include <sys/domain.h>
#include <sys/sysctl.h>
#include <net/if.h>
@ -89,6 +92,7 @@ __KERNEL_RCSID(0, "$NetBSD: udp6_usrreq.c,v 1.89 2011/05/03 18:28:45 dyoung Exp
#include <netinet/in_pcb.h>
#include <netinet/udp.h>
#include <netinet/udp_var.h>
#include <netinet/rfc6056.h>
#include <netinet/ip6.h>
#include <netinet6/ip6_var.h>
#include <netinet6/in6_pcb.h>
@ -254,6 +258,71 @@ udp6_ctlinput(int cmd, const struct sockaddr *sa, void *d)
return NULL;
}
int
udp6_ctloutput(int op, struct socket *so, struct sockopt *sopt)
{
int s;
int error = 0;
struct inpcb *inp;
int family;
int optval;
family = so->so_proto->pr_domain->dom_family;
s = splsoftnet();
switch (family) {
#ifdef INET
case PF_INET:
if (sopt->sopt_level != IPPROTO_UDP) {
error = ip_ctloutput(op, so, sopt);
goto end;
}
break;
#endif
#ifdef INET6
case PF_INET6:
if (sopt->sopt_level != IPPROTO_UDP) {
error = ip6_ctloutput(op, so, sopt);
goto end;
}
break;
#endif
default:
error = EAFNOSUPPORT;
goto end;
}
switch (op) {
case PRCO_SETOPT:
inp = sotoinpcb(so);
switch (sopt->sopt_name) {
case UDP_RFC6056ALGO:
error = sockopt_getint(sopt, &optval);
if (error)
break;
error = rfc6056_algo_index_select(
(struct inpcb_hdr *)inp, optval);
break;
default:
error = ENOPROTOOPT;
break;
}
break;
default:
error = EINVAL;
break;
}
end:
splx(s);
return error;
}
extern int udp6_sendspace;
extern int udp6_recvspace;
@ -419,6 +488,8 @@ sysctl_net_inet6_udp6_stats(SYSCTLFN_ARGS)
static void
sysctl_net_inet6_udp6_setup(struct sysctllog **clog)
{
const struct sysctlnode *rfc6056_node;
sysctl_createv(clog, 0, NULL, NULL,
CTLFLAG_PERMANENT,
CTLTYPE_NODE, "net", NULL,
@ -471,6 +542,25 @@ sysctl_net_inet6_udp6_setup(struct sysctllog **clog)
sysctl_net_inet6_udp6_stats, 0, NULL, 0,
CTL_NET, PF_INET6, IPPROTO_UDP, UDP6CTL_STATS,
CTL_EOL);
/* RFC6056 subtree */
sysctl_createv(clog, 0, NULL, &rfc6056_node,
CTLFLAG_PERMANENT,
CTLTYPE_NODE, "rfc6056",
SYSCTL_DESCR("RFC 6056"),
NULL, 0, NULL, 0,
CTL_NET, PF_INET6, IPPROTO_UDP, CTL_CREATE, CTL_EOL);
sysctl_createv(clog, 0, &rfc6056_node, NULL,
CTLFLAG_PERMANENT,
CTLTYPE_STRING, "available",
SYSCTL_DESCR("RFC 6056 available algorithms"),
sysctl_rfc6056_available, 0, NULL, RFC6056_MAXLEN,
CTL_CREATE, CTL_EOL);
sysctl_createv(clog, 0, &rfc6056_node, NULL,
CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
CTLTYPE_STRING, "selected",
SYSCTL_DESCR("RFC 6056 selected algorithm"),
sysctl_rfc6056_selected6, 0, NULL, RFC6056_MAXLEN,
CTL_CREATE, CTL_EOL);
}
void

View File

@ -1,4 +1,4 @@
/* $NetBSD: udp6_var.h,v 1.23 2008/04/24 11:38:38 ad Exp $ */
/* $NetBSD: udp6_var.h,v 1.24 2011/09/24 17:22:14 christos Exp $ */
/* $KAME: udp6_var.h,v 1.11 2000/06/05 00:14:31 itojun Exp $ */
/*
@ -84,11 +84,12 @@
/*
* Names for UDP6 sysctl objects
*/
#define UDP6CTL_SENDSPACE 1 /* default send buffer */
#define UDP6CTL_RECVSPACE 2 /* default recv buffer */
#define UDP6CTL_SENDSPACE 1 /* default send buffer */
#define UDP6CTL_RECVSPACE 2 /* default recv buffer */
#define UDP6CTL_LOOPBACKCKSUM 3 /* do UDP checksum on loopback? */
#define UDP6CTL_STATS 4 /* udp6 statistics */
#define UDP6CTL_MAXID 5
#define UDP6CTL_STATS 4 /* udp6 statistics */
#define UDP6CTL_RFC6056 5 /* RFC 6056 algorithm selection */
#define UDP6CTL_MAXID 6
#define UDP6CTL_NAMES { \
{ 0, 0 }, \
@ -100,14 +101,14 @@
#ifdef _KERNEL
void *udp6_ctlinput(int, const struct sockaddr *, void *);
int udp6_ctloutput(int, struct socket *, struct sockopt *);
void udp6_init(void);
int udp6_input(struct mbuf **, int *, int);
int udp6_output(struct in6pcb *, struct mbuf *, struct mbuf *,
struct mbuf *, struct lwp *);
struct mbuf *, struct lwp *);
int udp6_sysctl(int *, u_int, void *, size_t *, void *, size_t);
int udp6_usrreq(struct socket *,
int, struct mbuf *, struct mbuf *, struct mbuf *,
struct lwp *);
int udp6_usrreq(struct socket *, int, struct mbuf *, struct mbuf *,
struct mbuf *, struct lwp *);
void udp6_statinc(u_int);
#endif /* _KERNEL */