1994-05-24 10:09:53 +00:00
|
|
|
/*
|
|
|
|
* Copyright (c) 1982, 1986, 1988, 1993
|
|
|
|
* The Regents of the University of California. All rights reserved.
|
|
|
|
*
|
|
|
|
* Redistribution and use in source and binary forms, with or without
|
|
|
|
* modification, are permitted provided that the following conditions
|
|
|
|
* are met:
|
|
|
|
* 1. Redistributions of source code must retain the above copyright
|
|
|
|
* notice, this list of conditions and the following disclaimer.
|
|
|
|
* 2. Redistributions in binary form must reproduce the above copyright
|
|
|
|
* notice, this list of conditions and the following disclaimer in the
|
|
|
|
* documentation and/or other materials provided with the distribution.
|
|
|
|
* 4. Neither the name of the University nor the names of its contributors
|
|
|
|
* may be used to endorse or promote products derived from this software
|
|
|
|
* without specific prior written permission.
|
|
|
|
*
|
|
|
|
* THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
|
|
|
|
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
|
|
|
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
|
|
|
* ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
|
|
|
|
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
|
|
|
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
|
|
|
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
|
|
|
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
|
|
|
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
|
|
|
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
|
|
|
* SUCH DAMAGE.
|
|
|
|
*
|
1995-09-21 19:59:43 +00:00
|
|
|
* @(#)raw_ip.c 8.7 (Berkeley) 5/15/95
|
1999-08-28 01:08:13 +00:00
|
|
|
* $FreeBSD$
|
1994-05-24 10:09:53 +00:00
|
|
|
*/
|
|
|
|
|
1999-12-22 19:13:38 +00:00
|
|
|
#include "opt_inet6.h"
|
|
|
|
#include "opt_ipsec.h"
|
2002-07-31 18:30:34 +00:00
|
|
|
#include "opt_mac.h"
|
1999-12-22 19:13:38 +00:00
|
|
|
|
1994-05-24 10:09:53 +00:00
|
|
|
#include <sys/param.h>
|
2004-04-26 19:46:52 +00:00
|
|
|
#include <sys/jail.h>
|
1997-02-18 20:46:36 +00:00
|
|
|
#include <sys/kernel.h>
|
2002-04-30 01:54:54 +00:00
|
|
|
#include <sys/lock.h>
|
2002-08-15 14:27:46 +00:00
|
|
|
#include <sys/mac.h>
|
1994-05-24 10:09:53 +00:00
|
|
|
#include <sys/malloc.h>
|
|
|
|
#include <sys/mbuf.h>
|
2001-10-05 07:06:32 +00:00
|
|
|
#include <sys/proc.h>
|
1994-05-24 10:09:53 +00:00
|
|
|
#include <sys/protosw.h>
|
2002-04-30 01:54:54 +00:00
|
|
|
#include <sys/signalvar.h>
|
1997-02-18 20:46:36 +00:00
|
|
|
#include <sys/socket.h>
|
1994-05-24 10:09:53 +00:00
|
|
|
#include <sys/socketvar.h>
|
2002-04-30 01:54:54 +00:00
|
|
|
#include <sys/sx.h>
|
1997-02-18 20:46:36 +00:00
|
|
|
#include <sys/sysctl.h>
|
2002-04-30 01:54:54 +00:00
|
|
|
#include <sys/systm.h>
|
1998-03-28 10:18:26 +00:00
|
|
|
|
2002-03-20 05:48:55 +00:00
|
|
|
#include <vm/uma.h>
|
1994-05-24 10:09:53 +00:00
|
|
|
|
|
|
|
#include <net/if.h>
|
|
|
|
#include <net/route.h>
|
|
|
|
|
|
|
|
#include <netinet/in.h>
|
|
|
|
#include <netinet/in_systm.h>
|
1995-10-21 02:12:20 +00:00
|
|
|
#include <netinet/in_pcb.h>
|
|
|
|
#include <netinet/in_var.h>
|
2002-04-30 01:54:54 +00:00
|
|
|
#include <netinet/ip.h>
|
1994-05-24 10:09:53 +00:00
|
|
|
#include <netinet/ip_var.h>
|
|
|
|
#include <netinet/ip_mroute.h>
|
|
|
|
|
1994-10-28 15:09:49 +00:00
|
|
|
#include <netinet/ip_fw.h>
|
2001-10-05 05:45:27 +00:00
|
|
|
#include <netinet/ip_dummynet.h>
|
1994-10-28 15:09:49 +00:00
|
|
|
|
2002-10-16 02:25:05 +00:00
|
|
|
#ifdef FAST_IPSEC
|
|
|
|
#include <netipsec/ipsec.h>
|
|
|
|
#endif /*FAST_IPSEC*/
|
|
|
|
|
1999-12-22 19:13:38 +00:00
|
|
|
#ifdef IPSEC
|
|
|
|
#include <netinet6/ipsec.h>
|
|
|
|
#endif /*IPSEC*/
|
|
|
|
|
1999-11-22 02:45:11 +00:00
|
|
|
struct inpcbhead ripcb;
|
|
|
|
struct inpcbinfo ripcbinfo;
|
1994-05-24 10:09:53 +00:00
|
|
|
|
2001-10-05 05:45:27 +00:00
|
|
|
/* control hooks for ipfw and dummynet */
|
2004-08-17 22:05:54 +00:00
|
|
|
ip_fw_ctl_t *ip_fw_ctl_ptr = NULL;
|
|
|
|
ip_dn_ctl_t *ip_dn_ctl_ptr = NULL;
|
2001-10-05 05:45:27 +00:00
|
|
|
|
Massive cleanup of the ip_mroute code.
No functional changes, but:
+ the mrouting module now should behave the same as the compiled-in
version (it did not before, some of the rsvp code was not loaded
properly);
+ netinet/ip_mroute.c is now truly optional;
+ removed some redundant/unused code;
+ changed many instances of '0' to NULL and INADDR_ANY as appropriate;
+ removed several static variables to make the code more SMP-friendly;
+ fixed some minor bugs in the mrouting code (mostly, incorrect return
values from functions).
This commit is also a prerequisite to the addition of support for PIM,
which i would like to put in before DP2 (it does not change any of
the existing APIs, anyways).
Note, in the process we found out that some device drivers fail to
properly handle changes in IFF_ALLMULTI, leading to interesting
behaviour when a multicast router is started. This bug is not
corrected by this commit, and will be fixed with a separate commit.
Detailed changes:
--------------------
netinet/ip_mroute.c all the above.
conf/files make ip_mroute.c optional
net/route.c fix mrt_ioctl hook
netinet/ip_input.c fix ip_mforward hook, move rsvp_input() here
together with other rsvp code, and a couple
of indentation fixes.
netinet/ip_output.c fix ip_mforward and ip_mcast_src hooks
netinet/ip_var.h rsvp function hooks
netinet/raw_ip.c hooks for mrouting and rsvp functions, plus
interface cleanup.
netinet/ip_mroute.h remove an unused and optional field from a struct
Most of the code is from Pavlin Radoslavov and the XORP project
Reviewed by: sam
MFC after: 1 week
2002-11-15 22:53:53 +00:00
|
|
|
/*
|
|
|
|
* hooks for multicast routing. They all default to NULL,
|
|
|
|
* so leave them not initialized and rely on BSS being set to 0.
|
|
|
|
*/
|
|
|
|
|
|
|
|
/* The socket used to communicate with the multicast routing daemon. */
|
|
|
|
struct socket *ip_mrouter;
|
|
|
|
|
|
|
|
/* The various mrouter and rsvp functions */
|
|
|
|
int (*ip_mrouter_set)(struct socket *, struct sockopt *);
|
|
|
|
int (*ip_mrouter_get)(struct socket *, struct sockopt *);
|
|
|
|
int (*ip_mrouter_done)(void);
|
|
|
|
int (*ip_mforward)(struct ip *, struct ifnet *, struct mbuf *,
|
2004-08-16 18:32:07 +00:00
|
|
|
struct ip_moptions *);
|
Massive cleanup of the ip_mroute code.
No functional changes, but:
+ the mrouting module now should behave the same as the compiled-in
version (it did not before, some of the rsvp code was not loaded
properly);
+ netinet/ip_mroute.c is now truly optional;
+ removed some redundant/unused code;
+ changed many instances of '0' to NULL and INADDR_ANY as appropriate;
+ removed several static variables to make the code more SMP-friendly;
+ fixed some minor bugs in the mrouting code (mostly, incorrect return
values from functions).
This commit is also a prerequisite to the addition of support for PIM,
which i would like to put in before DP2 (it does not change any of
the existing APIs, anyways).
Note, in the process we found out that some device drivers fail to
properly handle changes in IFF_ALLMULTI, leading to interesting
behaviour when a multicast router is started. This bug is not
corrected by this commit, and will be fixed with a separate commit.
Detailed changes:
--------------------
netinet/ip_mroute.c all the above.
conf/files make ip_mroute.c optional
net/route.c fix mrt_ioctl hook
netinet/ip_input.c fix ip_mforward hook, move rsvp_input() here
together with other rsvp code, and a couple
of indentation fixes.
netinet/ip_output.c fix ip_mforward and ip_mcast_src hooks
netinet/ip_var.h rsvp function hooks
netinet/raw_ip.c hooks for mrouting and rsvp functions, plus
interface cleanup.
netinet/ip_mroute.h remove an unused and optional field from a struct
Most of the code is from Pavlin Radoslavov and the XORP project
Reviewed by: sam
MFC after: 1 week
2002-11-15 22:53:53 +00:00
|
|
|
int (*mrt_ioctl)(int, caddr_t);
|
|
|
|
int (*legal_vif_num)(int);
|
|
|
|
u_long (*ip_mcast_src)(int);
|
|
|
|
|
|
|
|
void (*rsvp_input_p)(struct mbuf *m, int off);
|
|
|
|
int (*ip_rsvp_vif)(struct socket *, struct sockopt *);
|
|
|
|
void (*ip_rsvp_force_done)(struct socket *);
|
|
|
|
|
1994-05-24 10:09:53 +00:00
|
|
|
/*
|
|
|
|
* Nominal space allocated to a raw ip socket.
|
|
|
|
*/
|
|
|
|
#define RIPSNDQ 8192
|
|
|
|
#define RIPRCVQ 8192
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Raw interface to IP protocol.
|
|
|
|
*/
|
|
|
|
|
|
|
|
/*
|
2002-11-20 19:00:54 +00:00
|
|
|
* Initialize raw connection block q.
|
1994-05-24 10:09:53 +00:00
|
|
|
*/
|
|
|
|
void
|
2002-11-20 19:00:54 +00:00
|
|
|
rip_init()
|
1994-05-24 10:09:53 +00:00
|
|
|
{
|
2002-06-11 10:58:57 +00:00
|
|
|
INP_INFO_LOCK_INIT(&ripcbinfo, "rip");
|
1995-04-09 01:29:31 +00:00
|
|
|
LIST_INIT(&ripcb);
|
|
|
|
ripcbinfo.listhead = &ripcb;
|
|
|
|
/*
|
|
|
|
* XXX We don't use the hash list for raw IP, but it's easier
|
|
|
|
* to allocate a one entry hash list than it is to check all
|
|
|
|
* over the place for hashbase == NULL.
|
|
|
|
*/
|
1997-03-03 09:23:37 +00:00
|
|
|
ripcbinfo.hashbase = hashinit(1, M_PCB, &ripcbinfo.hashmask);
|
Improved connection establishment performance by doing local port lookups via
a hashed port list. In the new scheme, in_pcblookup() goes away and is
replaced by a new routine, in_pcblookup_local() for doing the local port
check. Note that this implementation is space inefficient in that the PCB
struct is now too large to fit into 128 bytes. I might deal with this in the
future by using the new zone allocator, but I wanted these changes to be
extensively tested in their current form first.
Also:
1) Fixed off-by-one errors in the port lookup loops in in_pcbbind().
2) Got rid of some unneeded rehashing. Adding a new routine, in_pcbinshash()
to do the initialial hash insertion.
3) Renamed in_pcblookuphash() to in_pcblookup_hash() for easier readability.
4) Added a new routine, in_pcbremlists() to remove the PCB from the various
hash lists.
5) Added/deleted comments where appropriate.
6) Removed unnecessary splnet() locking. In general, the PCB functions should
be called at splnet()...there are unfortunately a few exceptions, however.
7) Reorganized a few structs for better cache line behavior.
8) Killed my TCP_ACK_HACK kludge. It may come back in a different form in
the future, however.
These changes have been tested on wcarchive for more than a month. In tests
done here, connection establishment overhead is reduced by more than 50
times, thus getting rid of one of the major networking scalability problems.
Still to do: make tcp_fastimo/tcp_slowtimo scale well for systems with a
large number of connections. tcp_fastimo is easy; tcp_slowtimo is difficult.
WARNING: Anything that knows about inpcb and tcpcb structs will have to be
recompiled; at the very least, this includes netstat(1).
1998-01-27 09:15:13 +00:00
|
|
|
ripcbinfo.porthashbase = hashinit(1, M_PCB, &ripcbinfo.porthashmask);
|
2002-03-20 05:48:55 +00:00
|
|
|
ripcbinfo.ipi_zone = uma_zcreate("ripcb", sizeof(struct inpcb),
|
2004-08-11 20:30:08 +00:00
|
|
|
NULL, NULL, NULL, NULL, UMA_ALIGN_PTR, UMA_ZONE_NOFREE);
|
2002-03-20 05:48:55 +00:00
|
|
|
uma_zone_set_max(ripcbinfo.ipi_zone, maxsockets);
|
1994-05-24 10:09:53 +00:00
|
|
|
}
|
|
|
|
|
1995-12-09 20:43:53 +00:00
|
|
|
static struct sockaddr_in ripsrc = { sizeof(ripsrc), AF_INET };
|
2003-09-01 04:23:48 +00:00
|
|
|
|
|
|
|
static int
|
|
|
|
raw_append(struct inpcb *last, struct ip *ip, struct mbuf *n)
|
|
|
|
{
|
|
|
|
int policyfail = 0;
|
|
|
|
|
2004-05-04 00:10:16 +00:00
|
|
|
INP_LOCK_ASSERT(last);
|
|
|
|
|
2004-02-17 14:02:37 +00:00
|
|
|
#if defined(IPSEC) || defined(FAST_IPSEC)
|
2003-09-01 04:23:48 +00:00
|
|
|
/* check AH/ESP integrity. */
|
2004-02-03 18:20:55 +00:00
|
|
|
if (ipsec4_in_reject(n, last)) {
|
2003-09-01 04:23:48 +00:00
|
|
|
policyfail = 1;
|
2004-02-17 14:02:37 +00:00
|
|
|
#ifdef IPSEC
|
2003-09-01 04:23:48 +00:00
|
|
|
ipsecstat.in_polvio++;
|
|
|
|
#endif /*IPSEC*/
|
|
|
|
/* do not inject data to pcb */
|
|
|
|
}
|
2004-02-17 14:02:37 +00:00
|
|
|
#endif /*IPSEC || FAST_IPSEC*/
|
2003-09-01 04:23:48 +00:00
|
|
|
#ifdef MAC
|
Introduce a MAC label reference in 'struct inpcb', which caches
the MAC label referenced from 'struct socket' in the IPv4 and
IPv6-based protocols. This permits MAC labels to be checked during
network delivery operations without dereferencing inp->inp_socket
to get to so->so_label, which will eventually avoid our having to
grab the socket lock during delivery at the network layer.
This change introduces 'struct inpcb' as a labeled object to the
MAC Framework, along with the normal circus of entry points:
initialization, creation from socket, destruction, as well as a
delivery access control check.
For most policies, the inpcb label will simply be a cache of the
socket label, so a new protocol switch method is introduced,
pr_sosetlabel() to notify protocols that the socket layer label
has been updated so that the cache can be updated while holding
appropriate locks. Most protocols implement this using
pru_sosetlabel_null(), but IPv4/IPv6 protocols using inpcbs use
the the worker function in_pcbsosetlabel(), which calls into the
MAC Framework to perform a cache update.
Biba, LOMAC, and MLS implement these entry points, as do the stub
policy, and test policy.
Reviewed by: sam, bms
Obtained from: TrustedBSD Project
Sponsored by: DARPA, Network Associates Laboratories
2003-11-18 00:39:07 +00:00
|
|
|
if (!policyfail && mac_check_inpcb_deliver(last, n) != 0)
|
2003-09-01 04:23:48 +00:00
|
|
|
policyfail = 1;
|
|
|
|
#endif
|
|
|
|
if (!policyfail) {
|
|
|
|
struct mbuf *opts = NULL;
|
Reduce the number of unnecessary unlock-relocks on socket buffer mutexes
associated with performing a wakeup on the socket buffer:
- When performing an sbappend*() followed by a so[rw]wakeup(), explicitly
acquire the socket buffer lock and use the _locked() variants of both
calls. Note that the _locked() sowakeup() versions unlock the mutex on
return. This is done in uipc_send(), divert_packet(), mroute
socket_send(), raw_append(), tcp_reass(), tcp_input(), and udp_append().
- When the socket buffer lock is dropped before a sowakeup(), remove the
explicit unlock and use the _locked() sowakeup() variant. This is done
in soisdisconnecting(), soisdisconnected() when setting the can't send/
receive flags and dropping data, and in uipc_rcvd() which adjusting
back-pressure on the sockets.
For UNIX domain sockets running mpsafe with a contention-intensive SMP
mysql benchmark, this results in a 1.6% query rate improvement due to
reduce mutex costs.
2004-06-26 19:10:39 +00:00
|
|
|
struct socket *so;
|
2003-09-01 04:23:48 +00:00
|
|
|
|
Reduce the number of unnecessary unlock-relocks on socket buffer mutexes
associated with performing a wakeup on the socket buffer:
- When performing an sbappend*() followed by a so[rw]wakeup(), explicitly
acquire the socket buffer lock and use the _locked() variants of both
calls. Note that the _locked() sowakeup() versions unlock the mutex on
return. This is done in uipc_send(), divert_packet(), mroute
socket_send(), raw_append(), tcp_reass(), tcp_input(), and udp_append().
- When the socket buffer lock is dropped before a sowakeup(), remove the
explicit unlock and use the _locked() sowakeup() variant. This is done
in soisdisconnecting(), soisdisconnected() when setting the can't send/
receive flags and dropping data, and in uipc_rcvd() which adjusting
back-pressure on the sockets.
For UNIX domain sockets running mpsafe with a contention-intensive SMP
mysql benchmark, this results in a 1.6% query rate improvement due to
reduce mutex costs.
2004-06-26 19:10:39 +00:00
|
|
|
so = last->inp_socket;
|
2003-09-01 04:23:48 +00:00
|
|
|
if ((last->inp_flags & INP_CONTROLOPTS) ||
|
Reduce the number of unnecessary unlock-relocks on socket buffer mutexes
associated with performing a wakeup on the socket buffer:
- When performing an sbappend*() followed by a so[rw]wakeup(), explicitly
acquire the socket buffer lock and use the _locked() variants of both
calls. Note that the _locked() sowakeup() versions unlock the mutex on
return. This is done in uipc_send(), divert_packet(), mroute
socket_send(), raw_append(), tcp_reass(), tcp_input(), and udp_append().
- When the socket buffer lock is dropped before a sowakeup(), remove the
explicit unlock and use the _locked() sowakeup() variant. This is done
in soisdisconnecting(), soisdisconnected() when setting the can't send/
receive flags and dropping data, and in uipc_rcvd() which adjusting
back-pressure on the sockets.
For UNIX domain sockets running mpsafe with a contention-intensive SMP
mysql benchmark, this results in a 1.6% query rate improvement due to
reduce mutex costs.
2004-06-26 19:10:39 +00:00
|
|
|
(so->so_options & SO_TIMESTAMP))
|
2003-09-01 04:23:48 +00:00
|
|
|
ip_savecontrol(last, &opts, ip, n);
|
Reduce the number of unnecessary unlock-relocks on socket buffer mutexes
associated with performing a wakeup on the socket buffer:
- When performing an sbappend*() followed by a so[rw]wakeup(), explicitly
acquire the socket buffer lock and use the _locked() variants of both
calls. Note that the _locked() sowakeup() versions unlock the mutex on
return. This is done in uipc_send(), divert_packet(), mroute
socket_send(), raw_append(), tcp_reass(), tcp_input(), and udp_append().
- When the socket buffer lock is dropped before a sowakeup(), remove the
explicit unlock and use the _locked() sowakeup() variant. This is done
in soisdisconnecting(), soisdisconnected() when setting the can't send/
receive flags and dropping data, and in uipc_rcvd() which adjusting
back-pressure on the sockets.
For UNIX domain sockets running mpsafe with a contention-intensive SMP
mysql benchmark, this results in a 1.6% query rate improvement due to
reduce mutex costs.
2004-06-26 19:10:39 +00:00
|
|
|
SOCKBUF_LOCK(&so->so_rcv);
|
|
|
|
if (sbappendaddr_locked(&so->so_rcv,
|
2003-09-01 04:23:48 +00:00
|
|
|
(struct sockaddr *)&ripsrc, n, opts) == 0) {
|
|
|
|
/* should notify about lost packet */
|
|
|
|
m_freem(n);
|
|
|
|
if (opts)
|
|
|
|
m_freem(opts);
|
Reduce the number of unnecessary unlock-relocks on socket buffer mutexes
associated with performing a wakeup on the socket buffer:
- When performing an sbappend*() followed by a so[rw]wakeup(), explicitly
acquire the socket buffer lock and use the _locked() variants of both
calls. Note that the _locked() sowakeup() versions unlock the mutex on
return. This is done in uipc_send(), divert_packet(), mroute
socket_send(), raw_append(), tcp_reass(), tcp_input(), and udp_append().
- When the socket buffer lock is dropped before a sowakeup(), remove the
explicit unlock and use the _locked() sowakeup() variant. This is done
in soisdisconnecting(), soisdisconnected() when setting the can't send/
receive flags and dropping data, and in uipc_rcvd() which adjusting
back-pressure on the sockets.
For UNIX domain sockets running mpsafe with a contention-intensive SMP
mysql benchmark, this results in a 1.6% query rate improvement due to
reduce mutex costs.
2004-06-26 19:10:39 +00:00
|
|
|
SOCKBUF_UNLOCK(&so->so_rcv);
|
2003-09-01 04:23:48 +00:00
|
|
|
} else
|
Reduce the number of unnecessary unlock-relocks on socket buffer mutexes
associated with performing a wakeup on the socket buffer:
- When performing an sbappend*() followed by a so[rw]wakeup(), explicitly
acquire the socket buffer lock and use the _locked() variants of both
calls. Note that the _locked() sowakeup() versions unlock the mutex on
return. This is done in uipc_send(), divert_packet(), mroute
socket_send(), raw_append(), tcp_reass(), tcp_input(), and udp_append().
- When the socket buffer lock is dropped before a sowakeup(), remove the
explicit unlock and use the _locked() sowakeup() variant. This is done
in soisdisconnecting(), soisdisconnected() when setting the can't send/
receive flags and dropping data, and in uipc_rcvd() which adjusting
back-pressure on the sockets.
For UNIX domain sockets running mpsafe with a contention-intensive SMP
mysql benchmark, this results in a 1.6% query rate improvement due to
reduce mutex costs.
2004-06-26 19:10:39 +00:00
|
|
|
sorwakeup_locked(so);
|
2003-09-01 04:23:48 +00:00
|
|
|
} else
|
|
|
|
m_freem(n);
|
|
|
|
return policyfail;
|
|
|
|
}
|
|
|
|
|
1994-05-24 10:09:53 +00:00
|
|
|
/*
|
|
|
|
* Setup generic address and protocol structures
|
|
|
|
* for raw_input routine, then pass them along with
|
|
|
|
* mbuf chain.
|
|
|
|
*/
|
|
|
|
void
|
2003-09-01 04:23:48 +00:00
|
|
|
rip_input(struct mbuf *m, int off)
|
1994-05-24 10:09:53 +00:00
|
|
|
{
|
2003-09-01 04:23:48 +00:00
|
|
|
struct ip *ip = mtod(m, struct ip *);
|
2001-09-03 20:03:55 +00:00
|
|
|
int proto = ip->ip_p;
|
2003-09-01 04:23:48 +00:00
|
|
|
struct inpcb *inp, *last;
|
1994-05-24 10:09:53 +00:00
|
|
|
|
2003-09-01 04:23:48 +00:00
|
|
|
INP_INFO_RLOCK(&ripcbinfo);
|
1994-05-24 10:09:53 +00:00
|
|
|
ripsrc.sin_addr = ip->ip_src;
|
2003-09-01 04:23:48 +00:00
|
|
|
last = NULL;
|
1999-12-22 19:13:38 +00:00
|
|
|
LIST_FOREACH(inp, &ripcb, inp_list) {
|
2003-09-01 04:23:48 +00:00
|
|
|
INP_LOCK(inp);
|
|
|
|
if (inp->inp_ip_p && inp->inp_ip_p != proto) {
|
|
|
|
docontinue:
|
|
|
|
INP_UNLOCK(inp);
|
|
|
|
continue;
|
|
|
|
}
|
1999-12-22 19:13:38 +00:00
|
|
|
#ifdef INET6
|
|
|
|
if ((inp->inp_vflag & INP_IPV4) == 0)
|
2003-09-01 04:23:48 +00:00
|
|
|
goto docontinue;
|
1999-12-22 19:13:38 +00:00
|
|
|
#endif
|
2002-11-20 19:00:54 +00:00
|
|
|
if (inp->inp_laddr.s_addr &&
|
2004-08-16 18:32:07 +00:00
|
|
|
inp->inp_laddr.s_addr != ip->ip_dst.s_addr)
|
2003-09-01 04:23:48 +00:00
|
|
|
goto docontinue;
|
2002-11-20 19:00:54 +00:00
|
|
|
if (inp->inp_faddr.s_addr &&
|
2004-08-16 18:32:07 +00:00
|
|
|
inp->inp_faddr.s_addr != ip->ip_src.s_addr)
|
2003-09-01 04:23:48 +00:00
|
|
|
goto docontinue;
|
2004-04-26 19:46:52 +00:00
|
|
|
if (jailed(inp->inp_socket->so_cred))
|
2004-05-03 17:15:34 +00:00
|
|
|
if (htonl(prison_getip(inp->inp_socket->so_cred)) !=
|
|
|
|
ip->ip_dst.s_addr)
|
2004-04-26 19:46:52 +00:00
|
|
|
goto docontinue;
|
1994-05-24 10:09:53 +00:00
|
|
|
if (last) {
|
2003-09-01 04:23:48 +00:00
|
|
|
struct mbuf *n;
|
2001-06-11 12:39:29 +00:00
|
|
|
|
2003-09-01 04:23:48 +00:00
|
|
|
n = m_copy(m, 0, (int)M_COPYALL);
|
|
|
|
if (n != NULL)
|
|
|
|
(void) raw_append(last, ip, n);
|
|
|
|
/* XXX count dropped packet */
|
|
|
|
INP_UNLOCK(last);
|
1994-05-24 10:09:53 +00:00
|
|
|
}
|
1996-11-11 04:56:32 +00:00
|
|
|
last = inp;
|
1994-05-24 10:09:53 +00:00
|
|
|
}
|
2003-09-01 04:23:48 +00:00
|
|
|
if (last != NULL) {
|
|
|
|
if (raw_append(last, ip, m) != 0)
|
2002-07-31 18:30:34 +00:00
|
|
|
ipstat.ips_delivered--;
|
2003-09-01 04:23:48 +00:00
|
|
|
INP_UNLOCK(last);
|
1994-05-24 10:09:53 +00:00
|
|
|
} else {
|
|
|
|
m_freem(m);
|
2001-06-11 12:39:29 +00:00
|
|
|
ipstat.ips_noproto++;
|
|
|
|
ipstat.ips_delivered--;
|
|
|
|
}
|
2003-09-01 04:23:48 +00:00
|
|
|
INP_INFO_RUNLOCK(&ripcbinfo);
|
1995-03-16 16:25:55 +00:00
|
|
|
}
|
|
|
|
|
1994-05-24 10:09:53 +00:00
|
|
|
/*
|
|
|
|
* Generate IP header and pass packet to ip_output.
|
|
|
|
* Tack on options user may have setup with control call.
|
|
|
|
*/
|
|
|
|
int
|
2003-09-01 04:23:48 +00:00
|
|
|
rip_output(struct mbuf *m, struct socket *so, u_long dst)
|
1994-05-24 10:09:53 +00:00
|
|
|
{
|
2003-09-01 04:23:48 +00:00
|
|
|
struct ip *ip;
|
2004-06-03 03:15:29 +00:00
|
|
|
int error;
|
2003-09-01 04:23:48 +00:00
|
|
|
struct inpcb *inp = sotoinpcb(so);
|
2004-09-05 02:34:12 +00:00
|
|
|
int flags = ((so->so_options & SO_DONTROUTE) ? IP_ROUTETOIF : 0) |
|
|
|
|
IP_ALLOWBROADCAST;
|
1994-05-24 10:09:53 +00:00
|
|
|
|
|
|
|
/*
|
|
|
|
* If the user handed us a complete IP packet, use it.
|
|
|
|
* Otherwise, allocate an mbuf for a header and fill it in.
|
|
|
|
*/
|
|
|
|
if ((inp->inp_flags & INP_HDRINCL) == 0) {
|
1996-10-25 17:57:53 +00:00
|
|
|
if (m->m_pkthdr.len + sizeof(struct ip) > IP_MAXPACKET) {
|
|
|
|
m_freem(m);
|
|
|
|
return(EMSGSIZE);
|
|
|
|
}
|
2004-07-20 20:52:30 +00:00
|
|
|
M_PREPEND(m, sizeof(struct ip), M_DONTWAIT);
|
2003-08-26 14:11:48 +00:00
|
|
|
if (m == NULL)
|
|
|
|
return(ENOBUFS);
|
2004-06-03 03:15:29 +00:00
|
|
|
|
|
|
|
INP_LOCK(inp);
|
1994-05-24 10:09:53 +00:00
|
|
|
ip = mtod(m, struct ip *);
|
2001-03-09 12:22:51 +00:00
|
|
|
ip->ip_tos = inp->inp_ip_tos;
|
1994-05-24 10:09:53 +00:00
|
|
|
ip->ip_off = 0;
|
1997-04-03 05:14:45 +00:00
|
|
|
ip->ip_p = inp->inp_ip_p;
|
1994-05-24 10:09:53 +00:00
|
|
|
ip->ip_len = m->m_pkthdr.len;
|
2004-04-26 19:46:52 +00:00
|
|
|
if (jailed(inp->inp_socket->so_cred))
|
|
|
|
ip->ip_src.s_addr =
|
2004-05-03 17:15:34 +00:00
|
|
|
htonl(prison_getip(inp->inp_socket->so_cred));
|
2004-04-26 19:46:52 +00:00
|
|
|
else
|
|
|
|
ip->ip_src = inp->inp_laddr;
|
1994-05-24 10:09:53 +00:00
|
|
|
ip->ip_dst.s_addr = dst;
|
2001-03-09 12:22:51 +00:00
|
|
|
ip->ip_ttl = inp->inp_ip_ttl;
|
1994-05-24 10:09:53 +00:00
|
|
|
} else {
|
1996-10-25 17:57:53 +00:00
|
|
|
if (m->m_pkthdr.len > IP_MAXPACKET) {
|
|
|
|
m_freem(m);
|
|
|
|
return(EMSGSIZE);
|
|
|
|
}
|
2004-06-03 03:15:29 +00:00
|
|
|
INP_LOCK(inp);
|
1994-05-24 10:09:53 +00:00
|
|
|
ip = mtod(m, struct ip *);
|
2004-04-26 19:46:52 +00:00
|
|
|
if (jailed(inp->inp_socket->so_cred)) {
|
|
|
|
if (ip->ip_src.s_addr !=
|
2004-05-03 17:15:34 +00:00
|
|
|
htonl(prison_getip(inp->inp_socket->so_cred))) {
|
2004-06-03 03:15:29 +00:00
|
|
|
INP_UNLOCK(inp);
|
2004-04-26 19:46:52 +00:00
|
|
|
m_freem(m);
|
|
|
|
return (EPERM);
|
|
|
|
}
|
|
|
|
}
|
1996-03-13 08:02:45 +00:00
|
|
|
/* don't allow both user specified and setsockopt options,
|
|
|
|
and don't allow packet length sizes that will crash */
|
2002-10-20 22:52:07 +00:00
|
|
|
if (((ip->ip_hl != (sizeof (*ip) >> 2))
|
1996-07-24 18:46:19 +00:00
|
|
|
&& inp->inp_options)
|
1997-05-22 20:52:56 +00:00
|
|
|
|| (ip->ip_len > m->m_pkthdr.len)
|
2002-10-20 22:52:07 +00:00
|
|
|
|| (ip->ip_len < (ip->ip_hl << 2))) {
|
2004-06-03 03:15:29 +00:00
|
|
|
INP_UNLOCK(inp);
|
1996-03-13 08:02:45 +00:00
|
|
|
m_freem(m);
|
|
|
|
return EINVAL;
|
|
|
|
}
|
1994-05-24 10:09:53 +00:00
|
|
|
if (ip->ip_id == 0)
|
2004-08-14 15:32:40 +00:00
|
|
|
ip->ip_id = ip_newid();
|
1994-05-24 10:09:53 +00:00
|
|
|
/* XXX prevent ip_output from overwriting header fields */
|
|
|
|
flags |= IP_RAWOUTPUT;
|
|
|
|
ipstat.ips_rawout++;
|
|
|
|
}
|
1999-12-22 19:13:38 +00:00
|
|
|
|
2003-08-20 14:46:40 +00:00
|
|
|
if (inp->inp_flags & INP_ONESBCAST)
|
|
|
|
flags |= IP_SENDONES;
|
|
|
|
|
2004-06-03 03:15:29 +00:00
|
|
|
#ifdef MAC
|
|
|
|
mac_create_mbuf_from_inpcb(inp, m);
|
|
|
|
#endif
|
|
|
|
|
|
|
|
error = ip_output(m, inp->inp_options, NULL, flags,
|
|
|
|
inp->inp_moptions, inp);
|
|
|
|
INP_UNLOCK(inp);
|
|
|
|
return error;
|
1994-05-24 10:09:53 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Raw IP socket option processing.
|
2003-07-18 16:10:36 +00:00
|
|
|
*
|
When the access control on creating raw sockets was modified so that
processes in jail could create raw sockets, additional access control
checks were added to raw IP sockets to limit the ways in which those
sockets could be used. Specifically, only the socket option IP_HDRINCL
was permitted in rip_ctloutput(). Other socket options were protected
by a call to suser(). This change was required to prevent processes
in a Jail from modifying system properties such as multicast routing
and firewall rule sets.
However, it also introduced a regression: processes that create a raw
socket with root privilege, but then downgraded credential (i.e., a
daemon giving up root, or a setuid process switching back to the real
uid) could no longer issue other unprivileged generic IP socket option
operations, such as IP_TOS, IP_TTL, and the multicast group membership
options, which prevented multicast routing daemons (and some other
tools) from operating correctly.
This change pushes the access control decision down to the granularity
of individual socket options, rather than all socket options, on raw
IP sockets. When rip_ctloutput() doesn't implement an option, it will
now pass the request directly to in_control() without an access
control check. This should restore the functionality of the generic
IP socket options for raw sockets in the above-described scenarios,
which may be confirmed with the ipsockopt regression test.
RELENG_5 candidate.
Reviewed by: csjp
2004-10-12 16:47:25 +00:00
|
|
|
* IMPORTANT NOTE regarding access control: Traditionally, raw sockets could
|
|
|
|
* only be created by a privileged process, and as such, socket option
|
|
|
|
* operations to manage system properties on any raw socket were allowed to
|
|
|
|
* take place without explicit additional access control checks. However,
|
|
|
|
* raw sockets can now also be created in jail(), and therefore explicit
|
|
|
|
* checks are now required. Likewise, raw sockets can be used by a process
|
|
|
|
* after it gives up privilege, so some caution is required. For options
|
|
|
|
* passed down to the IP layer via ip_ctloutput(), checks are assumed to be
|
|
|
|
* performed in ip_ctloutput() and therefore no check occurs here.
|
|
|
|
* Unilaterally checking suser() here breaks normal IP socket option
|
|
|
|
* operations on raw sockets.
|
|
|
|
*
|
|
|
|
* When adding new socket options here, make sure to add access control
|
|
|
|
* checks here as necessary.
|
1994-05-24 10:09:53 +00:00
|
|
|
*/
|
|
|
|
int
|
2003-09-01 04:23:48 +00:00
|
|
|
rip_ctloutput(struct socket *so, struct sockopt *sopt)
|
1994-05-24 10:09:53 +00:00
|
|
|
{
|
1998-08-23 03:07:17 +00:00
|
|
|
struct inpcb *inp = sotoinpcb(so);
|
|
|
|
int error, optval;
|
1994-05-24 10:09:53 +00:00
|
|
|
|
1998-08-23 03:07:17 +00:00
|
|
|
if (sopt->sopt_level != IPPROTO_IP)
|
1994-05-24 10:09:53 +00:00
|
|
|
return (EINVAL);
|
|
|
|
|
1998-08-23 03:07:17 +00:00
|
|
|
error = 0;
|
|
|
|
switch (sopt->sopt_dir) {
|
|
|
|
case SOPT_GET:
|
|
|
|
switch (sopt->sopt_name) {
|
|
|
|
case IP_HDRINCL:
|
|
|
|
optval = inp->inp_flags & INP_HDRINCL;
|
|
|
|
error = sooptcopyout(sopt, &optval, sizeof optval);
|
|
|
|
break;
|
|
|
|
|
2001-11-04 22:56:25 +00:00
|
|
|
case IP_FW_ADD: /* ADD actually returns the body... */
|
1998-08-23 03:07:17 +00:00
|
|
|
case IP_FW_GET:
|
2004-06-09 20:10:38 +00:00
|
|
|
case IP_FW_TABLE_GETSIZE:
|
|
|
|
case IP_FW_TABLE_LIST:
|
When the access control on creating raw sockets was modified so that
processes in jail could create raw sockets, additional access control
checks were added to raw IP sockets to limit the ways in which those
sockets could be used. Specifically, only the socket option IP_HDRINCL
was permitted in rip_ctloutput(). Other socket options were protected
by a call to suser(). This change was required to prevent processes
in a Jail from modifying system properties such as multicast routing
and firewall rule sets.
However, it also introduced a regression: processes that create a raw
socket with root privilege, but then downgraded credential (i.e., a
daemon giving up root, or a setuid process switching back to the real
uid) could no longer issue other unprivileged generic IP socket option
operations, such as IP_TOS, IP_TTL, and the multicast group membership
options, which prevented multicast routing daemons (and some other
tools) from operating correctly.
This change pushes the access control decision down to the granularity
of individual socket options, rather than all socket options, on raw
IP sockets. When rip_ctloutput() doesn't implement an option, it will
now pass the request directly to in_control() without an access
control check. This should restore the functionality of the generic
IP socket options for raw sockets in the above-described scenarios,
which may be confirmed with the ipsockopt regression test.
RELENG_5 candidate.
Reviewed by: csjp
2004-10-12 16:47:25 +00:00
|
|
|
error = suser(curthread);
|
|
|
|
if (error != 0)
|
|
|
|
return (error);
|
2004-08-17 22:05:54 +00:00
|
|
|
if (ip_fw_ctl_ptr != NULL)
|
1998-08-23 03:07:17 +00:00
|
|
|
error = ip_fw_ctl_ptr(sopt);
|
2001-11-04 22:56:25 +00:00
|
|
|
else
|
|
|
|
error = ENOPROTOOPT;
|
1998-08-23 03:07:17 +00:00
|
|
|
break;
|
|
|
|
|
1998-12-14 18:09:13 +00:00
|
|
|
case IP_DUMMYNET_GET:
|
When the access control on creating raw sockets was modified so that
processes in jail could create raw sockets, additional access control
checks were added to raw IP sockets to limit the ways in which those
sockets could be used. Specifically, only the socket option IP_HDRINCL
was permitted in rip_ctloutput(). Other socket options were protected
by a call to suser(). This change was required to prevent processes
in a Jail from modifying system properties such as multicast routing
and firewall rule sets.
However, it also introduced a regression: processes that create a raw
socket with root privilege, but then downgraded credential (i.e., a
daemon giving up root, or a setuid process switching back to the real
uid) could no longer issue other unprivileged generic IP socket option
operations, such as IP_TOS, IP_TTL, and the multicast group membership
options, which prevented multicast routing daemons (and some other
tools) from operating correctly.
This change pushes the access control decision down to the granularity
of individual socket options, rather than all socket options, on raw
IP sockets. When rip_ctloutput() doesn't implement an option, it will
now pass the request directly to in_control() without an access
control check. This should restore the functionality of the generic
IP socket options for raw sockets in the above-described scenarios,
which may be confirmed with the ipsockopt regression test.
RELENG_5 candidate.
Reviewed by: csjp
2004-10-12 16:47:25 +00:00
|
|
|
error = suser(curthread);
|
|
|
|
if (error != 0)
|
|
|
|
return (error);
|
2004-08-17 22:05:54 +00:00
|
|
|
if (ip_dn_ctl_ptr != NULL)
|
1998-12-14 18:09:13 +00:00
|
|
|
error = ip_dn_ctl_ptr(sopt);
|
2001-11-04 22:56:25 +00:00
|
|
|
else
|
|
|
|
error = ENOPROTOOPT;
|
1998-12-14 18:09:13 +00:00
|
|
|
break ;
|
1998-08-23 03:07:17 +00:00
|
|
|
|
|
|
|
case MRT_INIT:
|
|
|
|
case MRT_DONE:
|
|
|
|
case MRT_ADD_VIF:
|
|
|
|
case MRT_DEL_VIF:
|
|
|
|
case MRT_ADD_MFC:
|
|
|
|
case MRT_DEL_MFC:
|
|
|
|
case MRT_VERSION:
|
|
|
|
case MRT_ASSERT:
|
2003-08-07 18:16:59 +00:00
|
|
|
case MRT_API_SUPPORT:
|
|
|
|
case MRT_API_CONFIG:
|
|
|
|
case MRT_ADD_BW_UPCALL:
|
|
|
|
case MRT_DEL_BW_UPCALL:
|
When the access control on creating raw sockets was modified so that
processes in jail could create raw sockets, additional access control
checks were added to raw IP sockets to limit the ways in which those
sockets could be used. Specifically, only the socket option IP_HDRINCL
was permitted in rip_ctloutput(). Other socket options were protected
by a call to suser(). This change was required to prevent processes
in a Jail from modifying system properties such as multicast routing
and firewall rule sets.
However, it also introduced a regression: processes that create a raw
socket with root privilege, but then downgraded credential (i.e., a
daemon giving up root, or a setuid process switching back to the real
uid) could no longer issue other unprivileged generic IP socket option
operations, such as IP_TOS, IP_TTL, and the multicast group membership
options, which prevented multicast routing daemons (and some other
tools) from operating correctly.
This change pushes the access control decision down to the granularity
of individual socket options, rather than all socket options, on raw
IP sockets. When rip_ctloutput() doesn't implement an option, it will
now pass the request directly to in_control() without an access
control check. This should restore the functionality of the generic
IP socket options for raw sockets in the above-described scenarios,
which may be confirmed with the ipsockopt regression test.
RELENG_5 candidate.
Reviewed by: csjp
2004-10-12 16:47:25 +00:00
|
|
|
error = suser(curthread);
|
|
|
|
if (error != 0)
|
|
|
|
return (error);
|
Massive cleanup of the ip_mroute code.
No functional changes, but:
+ the mrouting module now should behave the same as the compiled-in
version (it did not before, some of the rsvp code was not loaded
properly);
+ netinet/ip_mroute.c is now truly optional;
+ removed some redundant/unused code;
+ changed many instances of '0' to NULL and INADDR_ANY as appropriate;
+ removed several static variables to make the code more SMP-friendly;
+ fixed some minor bugs in the mrouting code (mostly, incorrect return
values from functions).
This commit is also a prerequisite to the addition of support for PIM,
which i would like to put in before DP2 (it does not change any of
the existing APIs, anyways).
Note, in the process we found out that some device drivers fail to
properly handle changes in IFF_ALLMULTI, leading to interesting
behaviour when a multicast router is started. This bug is not
corrected by this commit, and will be fixed with a separate commit.
Detailed changes:
--------------------
netinet/ip_mroute.c all the above.
conf/files make ip_mroute.c optional
net/route.c fix mrt_ioctl hook
netinet/ip_input.c fix ip_mforward hook, move rsvp_input() here
together with other rsvp code, and a couple
of indentation fixes.
netinet/ip_output.c fix ip_mforward and ip_mcast_src hooks
netinet/ip_var.h rsvp function hooks
netinet/raw_ip.c hooks for mrouting and rsvp functions, plus
interface cleanup.
netinet/ip_mroute.h remove an unused and optional field from a struct
Most of the code is from Pavlin Radoslavov and the XORP project
Reviewed by: sam
MFC after: 1 week
2002-11-15 22:53:53 +00:00
|
|
|
error = ip_mrouter_get ? ip_mrouter_get(so, sopt) :
|
|
|
|
EOPNOTSUPP;
|
1998-08-23 03:07:17 +00:00
|
|
|
break;
|
1994-05-24 10:09:53 +00:00
|
|
|
|
1998-08-23 03:07:17 +00:00
|
|
|
default:
|
|
|
|
error = ip_ctloutput(so, sopt);
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
break;
|
|
|
|
|
|
|
|
case SOPT_SET:
|
|
|
|
switch (sopt->sopt_name) {
|
|
|
|
case IP_HDRINCL:
|
|
|
|
error = sooptcopyin(sopt, &optval, sizeof optval,
|
|
|
|
sizeof optval);
|
|
|
|
if (error)
|
|
|
|
break;
|
|
|
|
if (optval)
|
1995-09-21 19:59:43 +00:00
|
|
|
inp->inp_flags |= INP_HDRINCL;
|
|
|
|
else
|
|
|
|
inp->inp_flags &= ~INP_HDRINCL;
|
1998-08-23 03:07:17 +00:00
|
|
|
break;
|
1994-05-24 10:09:53 +00:00
|
|
|
|
2001-11-26 10:05:58 +00:00
|
|
|
case IP_FW_ADD:
|
1998-08-23 03:07:17 +00:00
|
|
|
case IP_FW_DEL:
|
|
|
|
case IP_FW_FLUSH:
|
|
|
|
case IP_FW_ZERO:
|
1999-08-01 16:57:24 +00:00
|
|
|
case IP_FW_RESETLOG:
|
2004-06-09 20:10:38 +00:00
|
|
|
case IP_FW_TABLE_ADD:
|
|
|
|
case IP_FW_TABLE_DEL:
|
|
|
|
case IP_FW_TABLE_FLUSH:
|
When the access control on creating raw sockets was modified so that
processes in jail could create raw sockets, additional access control
checks were added to raw IP sockets to limit the ways in which those
sockets could be used. Specifically, only the socket option IP_HDRINCL
was permitted in rip_ctloutput(). Other socket options were protected
by a call to suser(). This change was required to prevent processes
in a Jail from modifying system properties such as multicast routing
and firewall rule sets.
However, it also introduced a regression: processes that create a raw
socket with root privilege, but then downgraded credential (i.e., a
daemon giving up root, or a setuid process switching back to the real
uid) could no longer issue other unprivileged generic IP socket option
operations, such as IP_TOS, IP_TTL, and the multicast group membership
options, which prevented multicast routing daemons (and some other
tools) from operating correctly.
This change pushes the access control decision down to the granularity
of individual socket options, rather than all socket options, on raw
IP sockets. When rip_ctloutput() doesn't implement an option, it will
now pass the request directly to in_control() without an access
control check. This should restore the functionality of the generic
IP socket options for raw sockets in the above-described scenarios,
which may be confirmed with the ipsockopt regression test.
RELENG_5 candidate.
Reviewed by: csjp
2004-10-12 16:47:25 +00:00
|
|
|
error = suser(curthread);
|
|
|
|
if (error != 0)
|
|
|
|
return (error);
|
2004-08-17 22:05:54 +00:00
|
|
|
if (ip_fw_ctl_ptr != NULL)
|
1998-08-23 03:07:17 +00:00
|
|
|
error = ip_fw_ctl_ptr(sopt);
|
2001-11-04 22:56:25 +00:00
|
|
|
else
|
|
|
|
error = ENOPROTOOPT;
|
1998-08-23 03:07:17 +00:00
|
|
|
break;
|
1995-01-12 13:06:32 +00:00
|
|
|
|
1998-12-14 18:09:13 +00:00
|
|
|
case IP_DUMMYNET_CONFIGURE:
|
|
|
|
case IP_DUMMYNET_DEL:
|
|
|
|
case IP_DUMMYNET_FLUSH:
|
When the access control on creating raw sockets was modified so that
processes in jail could create raw sockets, additional access control
checks were added to raw IP sockets to limit the ways in which those
sockets could be used. Specifically, only the socket option IP_HDRINCL
was permitted in rip_ctloutput(). Other socket options were protected
by a call to suser(). This change was required to prevent processes
in a Jail from modifying system properties such as multicast routing
and firewall rule sets.
However, it also introduced a regression: processes that create a raw
socket with root privilege, but then downgraded credential (i.e., a
daemon giving up root, or a setuid process switching back to the real
uid) could no longer issue other unprivileged generic IP socket option
operations, such as IP_TOS, IP_TTL, and the multicast group membership
options, which prevented multicast routing daemons (and some other
tools) from operating correctly.
This change pushes the access control decision down to the granularity
of individual socket options, rather than all socket options, on raw
IP sockets. When rip_ctloutput() doesn't implement an option, it will
now pass the request directly to in_control() without an access
control check. This should restore the functionality of the generic
IP socket options for raw sockets in the above-described scenarios,
which may be confirmed with the ipsockopt regression test.
RELENG_5 candidate.
Reviewed by: csjp
2004-10-12 16:47:25 +00:00
|
|
|
error = suser(curthread);
|
|
|
|
if (error != 0)
|
|
|
|
return (error);
|
2004-08-17 22:05:54 +00:00
|
|
|
if (ip_dn_ctl_ptr != NULL)
|
1998-12-14 18:09:13 +00:00
|
|
|
error = ip_dn_ctl_ptr(sopt);
|
2001-11-04 22:56:25 +00:00
|
|
|
else
|
|
|
|
error = ENOPROTOOPT ;
|
1998-12-14 18:09:13 +00:00
|
|
|
break ;
|
1996-08-21 21:37:07 +00:00
|
|
|
|
1998-08-23 03:07:17 +00:00
|
|
|
case IP_RSVP_ON:
|
When the access control on creating raw sockets was modified so that
processes in jail could create raw sockets, additional access control
checks were added to raw IP sockets to limit the ways in which those
sockets could be used. Specifically, only the socket option IP_HDRINCL
was permitted in rip_ctloutput(). Other socket options were protected
by a call to suser(). This change was required to prevent processes
in a Jail from modifying system properties such as multicast routing
and firewall rule sets.
However, it also introduced a regression: processes that create a raw
socket with root privilege, but then downgraded credential (i.e., a
daemon giving up root, or a setuid process switching back to the real
uid) could no longer issue other unprivileged generic IP socket option
operations, such as IP_TOS, IP_TTL, and the multicast group membership
options, which prevented multicast routing daemons (and some other
tools) from operating correctly.
This change pushes the access control decision down to the granularity
of individual socket options, rather than all socket options, on raw
IP sockets. When rip_ctloutput() doesn't implement an option, it will
now pass the request directly to in_control() without an access
control check. This should restore the functionality of the generic
IP socket options for raw sockets in the above-described scenarios,
which may be confirmed with the ipsockopt regression test.
RELENG_5 candidate.
Reviewed by: csjp
2004-10-12 16:47:25 +00:00
|
|
|
error = suser(curthread);
|
|
|
|
if (error != 0)
|
|
|
|
return (error);
|
1998-08-23 03:07:17 +00:00
|
|
|
error = ip_rsvp_init(so);
|
|
|
|
break;
|
1994-09-06 22:42:31 +00:00
|
|
|
|
1998-08-23 03:07:17 +00:00
|
|
|
case IP_RSVP_OFF:
|
When the access control on creating raw sockets was modified so that
processes in jail could create raw sockets, additional access control
checks were added to raw IP sockets to limit the ways in which those
sockets could be used. Specifically, only the socket option IP_HDRINCL
was permitted in rip_ctloutput(). Other socket options were protected
by a call to suser(). This change was required to prevent processes
in a Jail from modifying system properties such as multicast routing
and firewall rule sets.
However, it also introduced a regression: processes that create a raw
socket with root privilege, but then downgraded credential (i.e., a
daemon giving up root, or a setuid process switching back to the real
uid) could no longer issue other unprivileged generic IP socket option
operations, such as IP_TOS, IP_TTL, and the multicast group membership
options, which prevented multicast routing daemons (and some other
tools) from operating correctly.
This change pushes the access control decision down to the granularity
of individual socket options, rather than all socket options, on raw
IP sockets. When rip_ctloutput() doesn't implement an option, it will
now pass the request directly to in_control() without an access
control check. This should restore the functionality of the generic
IP socket options for raw sockets in the above-described scenarios,
which may be confirmed with the ipsockopt regression test.
RELENG_5 candidate.
Reviewed by: csjp
2004-10-12 16:47:25 +00:00
|
|
|
error = suser(curthread);
|
|
|
|
if (error != 0)
|
|
|
|
return (error);
|
1998-08-23 03:07:17 +00:00
|
|
|
error = ip_rsvp_done();
|
|
|
|
break;
|
1994-09-06 22:42:31 +00:00
|
|
|
|
1998-08-23 03:07:17 +00:00
|
|
|
case IP_RSVP_VIF_ON:
|
|
|
|
case IP_RSVP_VIF_OFF:
|
When the access control on creating raw sockets was modified so that
processes in jail could create raw sockets, additional access control
checks were added to raw IP sockets to limit the ways in which those
sockets could be used. Specifically, only the socket option IP_HDRINCL
was permitted in rip_ctloutput(). Other socket options were protected
by a call to suser(). This change was required to prevent processes
in a Jail from modifying system properties such as multicast routing
and firewall rule sets.
However, it also introduced a regression: processes that create a raw
socket with root privilege, but then downgraded credential (i.e., a
daemon giving up root, or a setuid process switching back to the real
uid) could no longer issue other unprivileged generic IP socket option
operations, such as IP_TOS, IP_TTL, and the multicast group membership
options, which prevented multicast routing daemons (and some other
tools) from operating correctly.
This change pushes the access control decision down to the granularity
of individual socket options, rather than all socket options, on raw
IP sockets. When rip_ctloutput() doesn't implement an option, it will
now pass the request directly to in_control() without an access
control check. This should restore the functionality of the generic
IP socket options for raw sockets in the above-described scenarios,
which may be confirmed with the ipsockopt regression test.
RELENG_5 candidate.
Reviewed by: csjp
2004-10-12 16:47:25 +00:00
|
|
|
error = suser(curthread);
|
|
|
|
if (error != 0)
|
|
|
|
return (error);
|
Massive cleanup of the ip_mroute code.
No functional changes, but:
+ the mrouting module now should behave the same as the compiled-in
version (it did not before, some of the rsvp code was not loaded
properly);
+ netinet/ip_mroute.c is now truly optional;
+ removed some redundant/unused code;
+ changed many instances of '0' to NULL and INADDR_ANY as appropriate;
+ removed several static variables to make the code more SMP-friendly;
+ fixed some minor bugs in the mrouting code (mostly, incorrect return
values from functions).
This commit is also a prerequisite to the addition of support for PIM,
which i would like to put in before DP2 (it does not change any of
the existing APIs, anyways).
Note, in the process we found out that some device drivers fail to
properly handle changes in IFF_ALLMULTI, leading to interesting
behaviour when a multicast router is started. This bug is not
corrected by this commit, and will be fixed with a separate commit.
Detailed changes:
--------------------
netinet/ip_mroute.c all the above.
conf/files make ip_mroute.c optional
net/route.c fix mrt_ioctl hook
netinet/ip_input.c fix ip_mforward hook, move rsvp_input() here
together with other rsvp code, and a couple
of indentation fixes.
netinet/ip_output.c fix ip_mforward and ip_mcast_src hooks
netinet/ip_var.h rsvp function hooks
netinet/raw_ip.c hooks for mrouting and rsvp functions, plus
interface cleanup.
netinet/ip_mroute.h remove an unused and optional field from a struct
Most of the code is from Pavlin Radoslavov and the XORP project
Reviewed by: sam
MFC after: 1 week
2002-11-15 22:53:53 +00:00
|
|
|
error = ip_rsvp_vif ?
|
|
|
|
ip_rsvp_vif(so, sopt) : EINVAL;
|
1998-08-23 03:07:17 +00:00
|
|
|
break;
|
|
|
|
|
|
|
|
case MRT_INIT:
|
|
|
|
case MRT_DONE:
|
|
|
|
case MRT_ADD_VIF:
|
|
|
|
case MRT_DEL_VIF:
|
|
|
|
case MRT_ADD_MFC:
|
|
|
|
case MRT_DEL_MFC:
|
|
|
|
case MRT_VERSION:
|
|
|
|
case MRT_ASSERT:
|
2003-08-07 18:16:59 +00:00
|
|
|
case MRT_API_SUPPORT:
|
|
|
|
case MRT_API_CONFIG:
|
|
|
|
case MRT_ADD_BW_UPCALL:
|
|
|
|
case MRT_DEL_BW_UPCALL:
|
When the access control on creating raw sockets was modified so that
processes in jail could create raw sockets, additional access control
checks were added to raw IP sockets to limit the ways in which those
sockets could be used. Specifically, only the socket option IP_HDRINCL
was permitted in rip_ctloutput(). Other socket options were protected
by a call to suser(). This change was required to prevent processes
in a Jail from modifying system properties such as multicast routing
and firewall rule sets.
However, it also introduced a regression: processes that create a raw
socket with root privilege, but then downgraded credential (i.e., a
daemon giving up root, or a setuid process switching back to the real
uid) could no longer issue other unprivileged generic IP socket option
operations, such as IP_TOS, IP_TTL, and the multicast group membership
options, which prevented multicast routing daemons (and some other
tools) from operating correctly.
This change pushes the access control decision down to the granularity
of individual socket options, rather than all socket options, on raw
IP sockets. When rip_ctloutput() doesn't implement an option, it will
now pass the request directly to in_control() without an access
control check. This should restore the functionality of the generic
IP socket options for raw sockets in the above-described scenarios,
which may be confirmed with the ipsockopt regression test.
RELENG_5 candidate.
Reviewed by: csjp
2004-10-12 16:47:25 +00:00
|
|
|
error = suser(curthread);
|
|
|
|
if (error != 0)
|
|
|
|
return (error);
|
Massive cleanup of the ip_mroute code.
No functional changes, but:
+ the mrouting module now should behave the same as the compiled-in
version (it did not before, some of the rsvp code was not loaded
properly);
+ netinet/ip_mroute.c is now truly optional;
+ removed some redundant/unused code;
+ changed many instances of '0' to NULL and INADDR_ANY as appropriate;
+ removed several static variables to make the code more SMP-friendly;
+ fixed some minor bugs in the mrouting code (mostly, incorrect return
values from functions).
This commit is also a prerequisite to the addition of support for PIM,
which i would like to put in before DP2 (it does not change any of
the existing APIs, anyways).
Note, in the process we found out that some device drivers fail to
properly handle changes in IFF_ALLMULTI, leading to interesting
behaviour when a multicast router is started. This bug is not
corrected by this commit, and will be fixed with a separate commit.
Detailed changes:
--------------------
netinet/ip_mroute.c all the above.
conf/files make ip_mroute.c optional
net/route.c fix mrt_ioctl hook
netinet/ip_input.c fix ip_mforward hook, move rsvp_input() here
together with other rsvp code, and a couple
of indentation fixes.
netinet/ip_output.c fix ip_mforward and ip_mcast_src hooks
netinet/ip_var.h rsvp function hooks
netinet/raw_ip.c hooks for mrouting and rsvp functions, plus
interface cleanup.
netinet/ip_mroute.h remove an unused and optional field from a struct
Most of the code is from Pavlin Radoslavov and the XORP project
Reviewed by: sam
MFC after: 1 week
2002-11-15 22:53:53 +00:00
|
|
|
error = ip_mrouter_set ? ip_mrouter_set(so, sopt) :
|
|
|
|
EOPNOTSUPP;
|
1998-08-23 03:07:17 +00:00
|
|
|
break;
|
|
|
|
|
|
|
|
default:
|
|
|
|
error = ip_ctloutput(so, sopt);
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
break;
|
1994-05-24 10:09:53 +00:00
|
|
|
}
|
1998-08-23 03:07:17 +00:00
|
|
|
|
|
|
|
return (error);
|
1994-05-24 10:09:53 +00:00
|
|
|
}
|
|
|
|
|
1997-02-13 19:46:45 +00:00
|
|
|
/*
|
|
|
|
* This function exists solely to receive the PRC_IFDOWN messages which
|
|
|
|
* are sent by if_down(). It looks for an ifaddr whose ifa_addr is sa,
|
|
|
|
* and calls in_ifadown() to remove all routes corresponding to that address.
|
|
|
|
* It also receives the PRC_IFUP messages from if_up() and reinstalls the
|
|
|
|
* interface routes.
|
|
|
|
*/
|
|
|
|
void
|
2003-09-01 04:23:48 +00:00
|
|
|
rip_ctlinput(int cmd, struct sockaddr *sa, void *vip)
|
1997-02-13 19:46:45 +00:00
|
|
|
{
|
|
|
|
struct in_ifaddr *ia;
|
|
|
|
struct ifnet *ifp;
|
|
|
|
int err;
|
|
|
|
int flags;
|
|
|
|
|
1998-08-23 03:07:17 +00:00
|
|
|
switch (cmd) {
|
1997-02-13 19:46:45 +00:00
|
|
|
case PRC_IFDOWN:
|
2001-03-16 20:00:53 +00:00
|
|
|
TAILQ_FOREACH(ia, &in_ifaddrhead, ia_link) {
|
1997-02-13 19:46:45 +00:00
|
|
|
if (ia->ia_ifa.ifa_addr == sa
|
|
|
|
&& (ia->ia_flags & IFA_ROUTE)) {
|
|
|
|
/*
|
|
|
|
* in_ifscrub kills the interface route.
|
|
|
|
*/
|
|
|
|
in_ifscrub(ia->ia_ifp, ia);
|
|
|
|
/*
|
|
|
|
* in_ifadown gets rid of all the rest of
|
|
|
|
* the routes. This is not quite the right
|
|
|
|
* thing to do, but at least if we are running
|
|
|
|
* a routing process they will come back.
|
|
|
|
*/
|
2001-05-11 14:37:34 +00:00
|
|
|
in_ifadown(&ia->ia_ifa, 0);
|
1997-02-13 19:46:45 +00:00
|
|
|
break;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
break;
|
|
|
|
|
|
|
|
case PRC_IFUP:
|
2001-03-16 20:00:53 +00:00
|
|
|
TAILQ_FOREACH(ia, &in_ifaddrhead, ia_link) {
|
1997-02-13 19:46:45 +00:00
|
|
|
if (ia->ia_ifa.ifa_addr == sa)
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
if (ia == 0 || (ia->ia_flags & IFA_ROUTE))
|
|
|
|
return;
|
|
|
|
flags = RTF_UP;
|
|
|
|
ifp = ia->ia_ifa.ifa_ifp;
|
|
|
|
|
|
|
|
if ((ifp->if_flags & IFF_LOOPBACK)
|
|
|
|
|| (ifp->if_flags & IFF_POINTOPOINT))
|
|
|
|
flags |= RTF_HOST;
|
|
|
|
|
|
|
|
err = rtinit(&ia->ia_ifa, RTM_ADD, flags);
|
|
|
|
if (err == 0)
|
|
|
|
ia->ia_flags |= IFA_ROUTE;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
1999-11-22 02:45:11 +00:00
|
|
|
u_long rip_sendspace = RIPSNDQ;
|
|
|
|
u_long rip_recvspace = RIPRCVQ;
|
1995-10-21 02:12:20 +00:00
|
|
|
|
1999-11-22 02:45:11 +00:00
|
|
|
SYSCTL_INT(_net_inet_raw, OID_AUTO, maxdgram, CTLFLAG_RW,
|
1999-05-03 23:57:32 +00:00
|
|
|
&rip_sendspace, 0, "Maximum outgoing raw IP datagram size");
|
1999-11-22 02:45:11 +00:00
|
|
|
SYSCTL_INT(_net_inet_raw, OID_AUTO, recvspace, CTLFLAG_RW,
|
2004-01-27 22:17:39 +00:00
|
|
|
&rip_recvspace, 0, "Maximum space for incoming raw IP datagrams");
|
1995-10-21 02:12:20 +00:00
|
|
|
|
1997-02-18 20:46:36 +00:00
|
|
|
static int
|
2001-09-12 08:38:13 +00:00
|
|
|
rip_attach(struct socket *so, int proto, struct thread *td)
|
1997-02-18 20:46:36 +00:00
|
|
|
{
|
|
|
|
struct inpcb *inp;
|
2003-09-01 04:23:48 +00:00
|
|
|
int error;
|
1997-02-18 20:46:36 +00:00
|
|
|
|
2003-09-01 04:23:48 +00:00
|
|
|
/* XXX why not lower? */
|
|
|
|
INP_INFO_WLOCK(&ripcbinfo);
|
1997-02-18 20:46:36 +00:00
|
|
|
inp = sotoinpcb(so);
|
2003-09-01 04:23:48 +00:00
|
|
|
if (inp) {
|
|
|
|
/* XXX counter, printf */
|
|
|
|
INP_INFO_WUNLOCK(&ripcbinfo);
|
|
|
|
return EINVAL;
|
|
|
|
}
|
2004-04-26 19:46:52 +00:00
|
|
|
if (td && jailed(td->td_ucred) && !jail_allow_raw_sockets) {
|
|
|
|
INP_INFO_WUNLOCK(&ripcbinfo);
|
|
|
|
return (EPERM);
|
|
|
|
}
|
2004-07-26 07:24:04 +00:00
|
|
|
if (td && (error = suser_cred(td->td_ucred, SUSER_ALLOWJAIL)) != 0) {
|
2003-09-01 04:23:48 +00:00
|
|
|
INP_INFO_WUNLOCK(&ripcbinfo);
|
1997-04-27 20:01:29 +00:00
|
|
|
return error;
|
2003-09-01 04:23:48 +00:00
|
|
|
}
|
|
|
|
if (proto >= IPPROTO_MAX || proto < 0) {
|
|
|
|
INP_INFO_WUNLOCK(&ripcbinfo);
|
2002-10-29 16:46:13 +00:00
|
|
|
return EPROTONOSUPPORT;
|
2003-09-01 04:23:48 +00:00
|
|
|
}
|
2002-10-29 16:46:13 +00:00
|
|
|
|
1999-12-22 19:13:38 +00:00
|
|
|
error = soreserve(so, rip_sendspace, rip_recvspace);
|
2003-09-01 04:23:48 +00:00
|
|
|
if (error) {
|
|
|
|
INP_INFO_WUNLOCK(&ripcbinfo);
|
1999-12-22 19:13:38 +00:00
|
|
|
return error;
|
2003-09-01 04:23:48 +00:00
|
|
|
}
|
2004-03-27 20:41:32 +00:00
|
|
|
error = in_pcballoc(so, &ripcbinfo, "rawinp");
|
2003-09-01 04:23:48 +00:00
|
|
|
if (error) {
|
|
|
|
INP_INFO_WUNLOCK(&ripcbinfo);
|
1997-02-18 20:46:36 +00:00
|
|
|
return error;
|
2003-09-01 04:23:48 +00:00
|
|
|
}
|
1997-02-18 20:46:36 +00:00
|
|
|
inp = (struct inpcb *)so->so_pcb;
|
2003-09-01 04:23:48 +00:00
|
|
|
INP_LOCK(inp);
|
|
|
|
INP_INFO_WUNLOCK(&ripcbinfo);
|
1999-12-22 19:13:38 +00:00
|
|
|
inp->inp_vflag |= INP_IPV4;
|
1997-04-03 05:14:45 +00:00
|
|
|
inp->inp_ip_p = proto;
|
2001-03-09 12:22:51 +00:00
|
|
|
inp->inp_ip_ttl = ip_defttl;
|
2003-09-01 04:23:48 +00:00
|
|
|
INP_UNLOCK(inp);
|
1997-02-18 20:46:36 +00:00
|
|
|
return 0;
|
|
|
|
}
|
1994-05-24 10:09:53 +00:00
|
|
|
|
2003-11-08 22:53:41 +00:00
|
|
|
static void
|
|
|
|
rip_pcbdetach(struct socket *so, struct inpcb *inp)
|
|
|
|
{
|
|
|
|
INP_INFO_WLOCK_ASSERT(&ripcbinfo);
|
|
|
|
INP_LOCK_ASSERT(inp);
|
|
|
|
|
|
|
|
if (so == ip_mrouter && ip_mrouter_done)
|
|
|
|
ip_mrouter_done();
|
|
|
|
if (ip_rsvp_force_done)
|
|
|
|
ip_rsvp_force_done(so);
|
|
|
|
if (so == ip_rsvpd)
|
|
|
|
ip_rsvp_done();
|
|
|
|
in_pcbdetach(inp);
|
|
|
|
}
|
|
|
|
|
1997-02-18 20:46:36 +00:00
|
|
|
static int
|
|
|
|
rip_detach(struct socket *so)
|
|
|
|
{
|
|
|
|
struct inpcb *inp;
|
|
|
|
|
2003-09-01 04:23:48 +00:00
|
|
|
INP_INFO_WLOCK(&ripcbinfo);
|
1997-02-18 20:46:36 +00:00
|
|
|
inp = sotoinpcb(so);
|
2003-09-01 04:23:48 +00:00
|
|
|
if (inp == 0) {
|
|
|
|
/* XXX counter, printf */
|
|
|
|
INP_INFO_WUNLOCK(&ripcbinfo);
|
|
|
|
return EINVAL;
|
|
|
|
}
|
|
|
|
INP_LOCK(inp);
|
2003-11-08 22:53:41 +00:00
|
|
|
rip_pcbdetach(so, inp);
|
2003-09-01 04:23:48 +00:00
|
|
|
INP_INFO_WUNLOCK(&ripcbinfo);
|
1997-02-18 20:46:36 +00:00
|
|
|
return 0;
|
|
|
|
}
|
1994-05-24 10:09:53 +00:00
|
|
|
|
1997-02-18 20:46:36 +00:00
|
|
|
static int
|
|
|
|
rip_abort(struct socket *so)
|
|
|
|
{
|
2003-11-08 22:53:41 +00:00
|
|
|
struct inpcb *inp;
|
|
|
|
|
|
|
|
INP_INFO_WLOCK(&ripcbinfo);
|
|
|
|
inp = sotoinpcb(so);
|
|
|
|
if (inp == 0) {
|
|
|
|
INP_INFO_WUNLOCK(&ripcbinfo);
|
|
|
|
return EINVAL; /* ??? possible? panic instead? */
|
|
|
|
}
|
|
|
|
INP_LOCK(inp);
|
1997-02-18 20:46:36 +00:00
|
|
|
soisdisconnected(so);
|
2003-01-18 01:10:55 +00:00
|
|
|
if (so->so_state & SS_NOFDREF)
|
2003-11-08 22:53:41 +00:00
|
|
|
rip_pcbdetach(so, inp);
|
2003-11-17 19:21:53 +00:00
|
|
|
else
|
|
|
|
INP_UNLOCK(inp);
|
2003-11-08 22:53:41 +00:00
|
|
|
INP_INFO_WUNLOCK(&ripcbinfo);
|
2003-01-18 01:10:55 +00:00
|
|
|
return 0;
|
1997-02-18 20:46:36 +00:00
|
|
|
}
|
1994-05-24 10:09:53 +00:00
|
|
|
|
1997-02-18 20:46:36 +00:00
|
|
|
static int
|
|
|
|
rip_disconnect(struct socket *so)
|
|
|
|
{
|
2002-05-31 11:52:35 +00:00
|
|
|
if ((so->so_state & SS_ISCONNECTED) == 0)
|
1997-02-18 20:46:36 +00:00
|
|
|
return ENOTCONN;
|
|
|
|
return rip_abort(so);
|
|
|
|
}
|
1994-05-24 10:09:53 +00:00
|
|
|
|
1997-02-18 20:46:36 +00:00
|
|
|
static int
|
2001-09-12 08:38:13 +00:00
|
|
|
rip_bind(struct socket *so, struct sockaddr *nam, struct thread *td)
|
1997-02-18 20:46:36 +00:00
|
|
|
{
|
1997-08-16 19:16:27 +00:00
|
|
|
struct sockaddr_in *addr = (struct sockaddr_in *)nam;
|
2003-11-08 22:53:41 +00:00
|
|
|
struct inpcb *inp;
|
1997-02-18 20:46:36 +00:00
|
|
|
|
1997-08-16 19:16:27 +00:00
|
|
|
if (nam->sa_len != sizeof(*addr))
|
1997-02-18 20:46:36 +00:00
|
|
|
return EINVAL;
|
|
|
|
|
2004-04-26 19:46:52 +00:00
|
|
|
if (jailed(td->td_ucred)) {
|
2004-05-03 17:15:34 +00:00
|
|
|
if (addr->sin_addr.s_addr == INADDR_ANY)
|
2004-04-26 19:46:52 +00:00
|
|
|
addr->sin_addr.s_addr =
|
2004-05-03 17:15:34 +00:00
|
|
|
htonl(prison_getip(td->td_ucred));
|
|
|
|
if (htonl(prison_getip(td->td_ucred)) != addr->sin_addr.s_addr)
|
2004-04-26 19:46:52 +00:00
|
|
|
return (EADDRNOTAVAIL);
|
|
|
|
}
|
|
|
|
|
2003-11-08 22:53:41 +00:00
|
|
|
if (TAILQ_EMPTY(&ifnet) ||
|
|
|
|
(addr->sin_family != AF_INET && addr->sin_family != AF_IMPLINK) ||
|
2002-11-20 19:00:54 +00:00
|
|
|
(addr->sin_addr.s_addr &&
|
1997-02-18 20:46:36 +00:00
|
|
|
ifa_ifwithaddr((struct sockaddr *)addr) == 0))
|
|
|
|
return EADDRNOTAVAIL;
|
2003-11-08 22:53:41 +00:00
|
|
|
|
|
|
|
INP_INFO_WLOCK(&ripcbinfo);
|
|
|
|
inp = sotoinpcb(so);
|
|
|
|
if (inp == 0) {
|
|
|
|
INP_INFO_WUNLOCK(&ripcbinfo);
|
|
|
|
return EINVAL;
|
|
|
|
}
|
|
|
|
INP_LOCK(inp);
|
1997-02-18 20:46:36 +00:00
|
|
|
inp->inp_laddr = addr->sin_addr;
|
2003-11-08 22:53:41 +00:00
|
|
|
INP_UNLOCK(inp);
|
|
|
|
INP_INFO_WUNLOCK(&ripcbinfo);
|
1997-02-18 20:46:36 +00:00
|
|
|
return 0;
|
|
|
|
}
|
1994-05-24 10:09:53 +00:00
|
|
|
|
1997-02-18 20:46:36 +00:00
|
|
|
static int
|
2001-09-12 08:38:13 +00:00
|
|
|
rip_connect(struct socket *so, struct sockaddr *nam, struct thread *td)
|
1997-02-18 20:46:36 +00:00
|
|
|
{
|
1997-08-16 19:16:27 +00:00
|
|
|
struct sockaddr_in *addr = (struct sockaddr_in *)nam;
|
2003-11-08 22:53:41 +00:00
|
|
|
struct inpcb *inp;
|
1997-02-18 20:46:36 +00:00
|
|
|
|
1997-08-16 19:16:27 +00:00
|
|
|
if (nam->sa_len != sizeof(*addr))
|
1997-02-18 20:46:36 +00:00
|
|
|
return EINVAL;
|
|
|
|
if (TAILQ_EMPTY(&ifnet))
|
|
|
|
return EADDRNOTAVAIL;
|
2003-11-08 22:53:41 +00:00
|
|
|
if (addr->sin_family != AF_INET && addr->sin_family != AF_IMPLINK)
|
1997-02-18 20:46:36 +00:00
|
|
|
return EAFNOSUPPORT;
|
2003-11-08 22:53:41 +00:00
|
|
|
|
|
|
|
INP_INFO_WLOCK(&ripcbinfo);
|
|
|
|
inp = sotoinpcb(so);
|
|
|
|
if (inp == 0) {
|
|
|
|
INP_INFO_WUNLOCK(&ripcbinfo);
|
|
|
|
return EINVAL;
|
|
|
|
}
|
|
|
|
INP_LOCK(inp);
|
1997-02-18 20:46:36 +00:00
|
|
|
inp->inp_faddr = addr->sin_addr;
|
|
|
|
soisconnected(so);
|
2003-11-08 22:53:41 +00:00
|
|
|
INP_UNLOCK(inp);
|
|
|
|
INP_INFO_WUNLOCK(&ripcbinfo);
|
1997-02-18 20:46:36 +00:00
|
|
|
return 0;
|
|
|
|
}
|
1994-05-24 10:09:53 +00:00
|
|
|
|
1997-02-18 20:46:36 +00:00
|
|
|
static int
|
|
|
|
rip_shutdown(struct socket *so)
|
|
|
|
{
|
2003-11-08 22:53:41 +00:00
|
|
|
struct inpcb *inp;
|
|
|
|
|
|
|
|
INP_INFO_RLOCK(&ripcbinfo);
|
|
|
|
inp = sotoinpcb(so);
|
|
|
|
if (inp == 0) {
|
|
|
|
INP_INFO_RUNLOCK(&ripcbinfo);
|
|
|
|
return EINVAL;
|
|
|
|
}
|
|
|
|
INP_LOCK(inp);
|
|
|
|
INP_INFO_RUNLOCK(&ripcbinfo);
|
1997-02-18 20:46:36 +00:00
|
|
|
socantsendmore(so);
|
2003-11-08 22:53:41 +00:00
|
|
|
INP_UNLOCK(inp);
|
1997-02-18 20:46:36 +00:00
|
|
|
return 0;
|
|
|
|
}
|
1994-05-24 10:09:53 +00:00
|
|
|
|
1997-02-18 20:46:36 +00:00
|
|
|
static int
|
1997-08-16 19:16:27 +00:00
|
|
|
rip_send(struct socket *so, int flags, struct mbuf *m, struct sockaddr *nam,
|
2001-09-12 08:38:13 +00:00
|
|
|
struct mbuf *control, struct thread *td)
|
1997-02-18 20:46:36 +00:00
|
|
|
{
|
2003-11-08 22:53:41 +00:00
|
|
|
struct inpcb *inp;
|
|
|
|
u_long dst;
|
|
|
|
int ret;
|
1994-05-24 10:09:53 +00:00
|
|
|
|
2003-11-08 22:53:41 +00:00
|
|
|
INP_INFO_WLOCK(&ripcbinfo);
|
|
|
|
inp = sotoinpcb(so);
|
1997-02-18 20:46:36 +00:00
|
|
|
if (so->so_state & SS_ISCONNECTED) {
|
|
|
|
if (nam) {
|
2003-11-08 22:53:41 +00:00
|
|
|
INP_INFO_WUNLOCK(&ripcbinfo);
|
1997-02-18 20:46:36 +00:00
|
|
|
m_freem(m);
|
|
|
|
return EISCONN;
|
1994-05-24 10:09:53 +00:00
|
|
|
}
|
1997-02-18 20:46:36 +00:00
|
|
|
dst = inp->inp_faddr.s_addr;
|
|
|
|
} else {
|
|
|
|
if (nam == NULL) {
|
2003-11-08 22:53:41 +00:00
|
|
|
INP_INFO_WUNLOCK(&ripcbinfo);
|
1997-02-18 20:46:36 +00:00
|
|
|
m_freem(m);
|
|
|
|
return ENOTCONN;
|
|
|
|
}
|
1997-08-16 19:16:27 +00:00
|
|
|
dst = ((struct sockaddr_in *)nam)->sin_addr.s_addr;
|
1994-05-24 10:09:53 +00:00
|
|
|
}
|
2003-11-08 22:53:41 +00:00
|
|
|
ret = rip_output(m, so, dst);
|
|
|
|
INP_INFO_WUNLOCK(&ripcbinfo);
|
|
|
|
return ret;
|
1994-05-24 10:09:53 +00:00
|
|
|
}
|
1997-02-18 20:46:36 +00:00
|
|
|
|
1998-05-15 20:11:40 +00:00
|
|
|
static int
|
2000-07-04 11:25:35 +00:00
|
|
|
rip_pcblist(SYSCTL_HANDLER_ARGS)
|
1998-05-15 20:11:40 +00:00
|
|
|
{
|
2003-09-01 04:23:48 +00:00
|
|
|
int error, i, n;
|
1998-05-15 20:11:40 +00:00
|
|
|
struct inpcb *inp, **inp_list;
|
|
|
|
inp_gen_t gencnt;
|
|
|
|
struct xinpgen xig;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* The process of preparing the TCB list is too time-consuming and
|
|
|
|
* resource-intensive to repeat twice on every request.
|
|
|
|
*/
|
|
|
|
if (req->oldptr == 0) {
|
|
|
|
n = ripcbinfo.ipi_count;
|
|
|
|
req->oldidx = 2 * (sizeof xig)
|
|
|
|
+ (n + n/8) * sizeof(struct xinpcb);
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (req->newptr != 0)
|
|
|
|
return EPERM;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* OK, now we're committed to doing something.
|
|
|
|
*/
|
2003-09-01 04:23:48 +00:00
|
|
|
INP_INFO_RLOCK(&ripcbinfo);
|
1998-05-15 20:11:40 +00:00
|
|
|
gencnt = ripcbinfo.ipi_gencnt;
|
|
|
|
n = ripcbinfo.ipi_count;
|
2003-09-01 04:23:48 +00:00
|
|
|
INP_INFO_RUNLOCK(&ripcbinfo);
|
1998-05-15 20:11:40 +00:00
|
|
|
|
|
|
|
xig.xig_len = sizeof xig;
|
|
|
|
xig.xig_count = n;
|
|
|
|
xig.xig_gen = gencnt;
|
|
|
|
xig.xig_sogen = so_gencnt;
|
|
|
|
error = SYSCTL_OUT(req, &xig, sizeof xig);
|
|
|
|
if (error)
|
|
|
|
return error;
|
|
|
|
|
2003-02-19 05:47:46 +00:00
|
|
|
inp_list = malloc(n * sizeof *inp_list, M_TEMP, M_WAITOK);
|
1998-05-15 20:11:40 +00:00
|
|
|
if (inp_list == 0)
|
|
|
|
return ENOMEM;
|
|
|
|
|
2003-09-01 04:23:48 +00:00
|
|
|
INP_INFO_RLOCK(&ripcbinfo);
|
2001-02-04 13:13:25 +00:00
|
|
|
for (inp = LIST_FIRST(ripcbinfo.listhead), i = 0; inp && i < n;
|
|
|
|
inp = LIST_NEXT(inp, inp_list)) {
|
2003-09-01 04:23:48 +00:00
|
|
|
INP_LOCK(inp);
|
2003-09-17 21:13:16 +00:00
|
|
|
if (inp->inp_gencnt <= gencnt &&
|
|
|
|
cr_canseesocket(req->td->td_ucred, inp->inp_socket) == 0) {
|
2003-09-01 04:23:48 +00:00
|
|
|
/* XXX held references? */
|
1998-05-15 20:11:40 +00:00
|
|
|
inp_list[i++] = inp;
|
2001-10-05 07:06:32 +00:00
|
|
|
}
|
2003-09-01 04:23:48 +00:00
|
|
|
INP_UNLOCK(inp);
|
1998-05-15 20:11:40 +00:00
|
|
|
}
|
2003-09-01 04:23:48 +00:00
|
|
|
INP_INFO_RUNLOCK(&ripcbinfo);
|
1998-05-15 20:11:40 +00:00
|
|
|
n = i;
|
|
|
|
|
|
|
|
error = 0;
|
|
|
|
for (i = 0; i < n; i++) {
|
|
|
|
inp = inp_list[i];
|
|
|
|
if (inp->inp_gencnt <= gencnt) {
|
|
|
|
struct xinpcb xi;
|
|
|
|
xi.xi_len = sizeof xi;
|
|
|
|
/* XXX should avoid extra copy */
|
|
|
|
bcopy(inp, &xi.xi_inp, sizeof *inp);
|
|
|
|
if (inp->inp_socket)
|
|
|
|
sotoxsocket(inp->inp_socket, &xi.xi_socket);
|
|
|
|
error = SYSCTL_OUT(req, &xi, sizeof xi);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
if (!error) {
|
|
|
|
/*
|
|
|
|
* Give the user an updated idea of our state.
|
|
|
|
* If the generation differs from what we told
|
|
|
|
* her before, she knows that something happened
|
|
|
|
* while we were processing this request, and it
|
|
|
|
* might be necessary to retry.
|
|
|
|
*/
|
2003-09-01 04:23:48 +00:00
|
|
|
INP_INFO_RLOCK(&ripcbinfo);
|
1998-05-15 20:11:40 +00:00
|
|
|
xig.xig_gen = ripcbinfo.ipi_gencnt;
|
|
|
|
xig.xig_sogen = so_gencnt;
|
|
|
|
xig.xig_count = ripcbinfo.ipi_count;
|
2003-09-01 04:23:48 +00:00
|
|
|
INP_INFO_RUNLOCK(&ripcbinfo);
|
1998-05-15 20:11:40 +00:00
|
|
|
error = SYSCTL_OUT(req, &xig, sizeof xig);
|
|
|
|
}
|
|
|
|
free(inp_list, M_TEMP);
|
|
|
|
return error;
|
|
|
|
}
|
|
|
|
|
2002-06-10 20:05:46 +00:00
|
|
|
/*
|
|
|
|
* This is the wrapper function for in_setsockaddr. We just pass down
|
|
|
|
* the pcbinfo for in_setpeeraddr to lock.
|
|
|
|
*/
|
|
|
|
static int
|
|
|
|
rip_sockaddr(struct socket *so, struct sockaddr **nam)
|
|
|
|
{
|
|
|
|
return (in_setsockaddr(so, nam, &ripcbinfo));
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* This is the wrapper function for in_setpeeraddr. We just pass down
|
|
|
|
* the pcbinfo for in_setpeeraddr to lock.
|
|
|
|
*/
|
|
|
|
static int
|
|
|
|
rip_peeraddr(struct socket *so, struct sockaddr **nam)
|
|
|
|
{
|
|
|
|
return (in_setpeeraddr(so, nam, &ripcbinfo));
|
|
|
|
}
|
|
|
|
|
|
|
|
|
1998-05-15 20:11:40 +00:00
|
|
|
SYSCTL_PROC(_net_inet_raw, OID_AUTO/*XXX*/, pcblist, CTLFLAG_RD, 0, 0,
|
|
|
|
rip_pcblist, "S,xinpcb", "List of active raw IP sockets");
|
|
|
|
|
1997-02-18 20:46:36 +00:00
|
|
|
struct pr_usrreqs rip_usrreqs = {
|
|
|
|
rip_abort, pru_accept_notsupp, rip_attach, rip_bind, rip_connect,
|
|
|
|
pru_connect2_notsupp, in_control, rip_detach, rip_disconnect,
|
2002-06-10 20:05:46 +00:00
|
|
|
pru_listen_notsupp, rip_peeraddr, pru_rcvd_notsupp,
|
1999-11-22 02:45:11 +00:00
|
|
|
pru_rcvoob_notsupp, rip_send, pru_sense_null, rip_shutdown,
|
Introduce a MAC label reference in 'struct inpcb', which caches
the MAC label referenced from 'struct socket' in the IPv4 and
IPv6-based protocols. This permits MAC labels to be checked during
network delivery operations without dereferencing inp->inp_socket
to get to so->so_label, which will eventually avoid our having to
grab the socket lock during delivery at the network layer.
This change introduces 'struct inpcb' as a labeled object to the
MAC Framework, along with the normal circus of entry points:
initialization, creation from socket, destruction, as well as a
delivery access control check.
For most policies, the inpcb label will simply be a cache of the
socket label, so a new protocol switch method is introduced,
pr_sosetlabel() to notify protocols that the socket layer label
has been updated so that the cache can be updated while holding
appropriate locks. Most protocols implement this using
pru_sosetlabel_null(), but IPv4/IPv6 protocols using inpcbs use
the the worker function in_pcbsosetlabel(), which calls into the
MAC Framework to perform a cache update.
Biba, LOMAC, and MLS implement these entry points, as do the stub
policy, and test policy.
Reviewed by: sam, bms
Obtained from: TrustedBSD Project
Sponsored by: DARPA, Network Associates Laboratories
2003-11-18 00:39:07 +00:00
|
|
|
rip_sockaddr, sosend, soreceive, sopoll, in_pcbsosetlabel
|
1997-02-18 20:46:36 +00:00
|
|
|
};
|