Module Name: src
Committed By: christos
Date: Fri Jun 22 14:54:36 UTC 2012
Modified Files:
src/share/man/man4: ip.4 ip6.4 udp.4
src/share/man/man7: rfc6056.7 sysctl.7
src/sys/netinet: in.h ip_input.c ip_output.c rfc6056.h tcp_input.c
udp.h udp_usrreq.c udp_var.h
src/sys/netinet6: in6.h ip6_input.c ip6_output.c udp6_usrreq.c
udp6_var.h
src/tests/net/sys: t_rfc6056.c
Log Message:
PR/46602: Move the rfc6056 port randomization to the IP layer.
To generate a diff of this commit:
cvs rdiff -u -r1.31 -r1.32 src/share/man/man4/ip.4
cvs rdiff -u -r1.28 -r1.29 src/share/man/man4/ip6.4
cvs rdiff -u -r1.12 -r1.13 src/share/man/man4/udp.4
cvs rdiff -u -r1.2 -r1.3 src/share/man/man7/rfc6056.7
cvs rdiff -u -r1.71 -r1.72 src/share/man/man7/sysctl.7
cvs rdiff -u -r1.86 -r1.87 src/sys/netinet/in.h
cvs rdiff -u -r1.300 -r1.301 src/sys/netinet/ip_input.c
cvs rdiff -u -r1.215 -r1.216 src/sys/netinet/ip_output.c
cvs rdiff -u -r1.2 -r1.3 src/sys/netinet/rfc6056.h
cvs rdiff -u -r1.323 -r1.324 src/sys/netinet/tcp_input.c
cvs rdiff -u -r1.15 -r1.16 src/sys/netinet/udp.h
cvs rdiff -u -r1.186 -r1.187 src/sys/netinet/udp_usrreq.c
cvs rdiff -u -r1.37 -r1.38 src/sys/netinet/udp_var.h
cvs rdiff -u -r1.69 -r1.70 src/sys/netinet6/in6.h
cvs rdiff -u -r1.137 -r1.138 src/sys/netinet6/ip6_input.c
cvs rdiff -u -r1.147 -r1.148 src/sys/netinet6/ip6_output.c
cvs rdiff -u -r1.90 -r1.91 src/sys/netinet6/udp6_usrreq.c
cvs rdiff -u -r1.24 -r1.25 src/sys/netinet6/udp6_var.h
cvs rdiff -u -r1.2 -r1.3 src/tests/net/sys/t_rfc6056.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/share/man/man4/ip.4
diff -u src/share/man/man4/ip.4:1.31 src/share/man/man4/ip.4:1.32
--- src/share/man/man4/ip.4:1.31 Thu May 19 17:16:45 2011
+++ src/share/man/man4/ip.4 Fri Jun 22 10:54:34 2012
@@ -1,4 +1,4 @@
-.\" $NetBSD: ip.4,v 1.31 2011/05/19 21:16:45 riastradh Exp $
+.\" $NetBSD: ip.4,v 1.32 2012/06/22 14:54:34 christos Exp $
.\"
.\" Copyright (c) 1983, 1991, 1993
.\" The Regents of the University of California. All rights reserved.
@@ -29,7 +29,7 @@
.\"
.\" @(#)ip.4 8.2 (Berkeley) 11/30/93
.\"
-.Dd May 19, 2011
+.Dd June 20, 2012
.Dt IP 4
.Os
.Sh NAME
@@ -110,6 +110,28 @@ char *buf = ipsec_set_policy(policy, str
setsockopt(s, IPPROTO_IP, IP_IPSEC_POLICY, buf, ipsec_get_policylen(buf));
.Ed
.Pp
+The
+.Dv IP_PORTALGO
+can be used to randomize the port selection.
+Valid algorithms are described in
+.Xr rfc6056 7
+and their respective constants are in
+.In netinet/rfc6056.h .
+For example,
+.Bd -literal
+int algo = RFC6056_ALGO_RANDOM_PICK; /* see \*[Lt]netinet/rfc6056.h\*[Gt] */
+setsockopt(s, IPPROTO_IP, IP_PORTALGO, \*[Am]algo, sizeof(algo));
+.Ed
+.Pp
+The port selection can be also viewed and controlled at a global level for all
+.Tn IP
+sockets using the following
+.Xr sysctl 7
+variables:
+.Dv net.inet.ip.anonportalgo.available
+and
+.Dv net.inet.ip.anonportalgo.selected .
+.Pp
.Dv IP_PORTRANGE
controls how ephemeral ports are allocated for
.Dv SOCK_STREAM
Index: src/share/man/man4/ip6.4
diff -u src/share/man/man4/ip6.4:1.28 src/share/man/man4/ip6.4:1.29
--- src/share/man/man4/ip6.4:1.28 Thu May 19 17:16:45 2011
+++ src/share/man/man4/ip6.4 Fri Jun 22 10:54:34 2012
@@ -1,4 +1,4 @@
-.\" $NetBSD: ip6.4,v 1.28 2011/05/19 21:16:45 riastradh Exp $
+.\" $NetBSD: ip6.4,v 1.29 2012/06/22 14:54:34 christos Exp $
.\" $KAME: ip6.4,v 1.23 2005/01/11 05:56:25 itojun Exp $
.\" $OpenBSD: ip6.4,v 1.21 2005/01/06 03:50:46 itojun Exp $
.\"
@@ -28,7 +28,7 @@
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
-.Dd May 19, 2011
+.Dd June 20, 2012
.Dt IP6 4
.Os
.Sh NAME
@@ -231,6 +231,29 @@ const char *policy = "in ipsec ah/transp
char *buf = ipsec_set_policy(policy, strlen(policy));
setsockopt(s, IPPROTO_IPV6, IPV6_IPSEC_POLICY, buf, ipsec_get_policylen(buf));
.Ed
+.It Dv IPV6_PORTALGO Fa "int *"
+The
+.Dv IP_PORTALGO
+can be used to randomize the port selection.
+Valid algorithms are described in
+.Xr rfc6056 7
+and their respective constants are in
+.In netinet/rfc6056.h .
+For example,
+.Bd -literal
+int algo = RFC6056_ALGO_RANDOM_PICK; /* see \*[Lt]netinet/rfc6056.h\*[Gt] */
+setsockopt(s, IPPROTO_IPV6, IPV6_PORTALGO, \*[Am]algo, sizeof(algo));
+.Ed
+.Pp
+The port selection can be also viewed and controlled at a global level for all
+.Tn IPV6
+sockets using the following
+.Xr sysctl 7
+variables:
+.Dv net.inet.ip6.anonportalgo.available
+and
+.Dv net.inet.ip6.anonportalgo.selected .
+.Pp
.It Dv IPV6_PORTRANGE Fa "int *"
Get or set the allocation policy of ephemeral ports for when the kernel
automatically binds a local address to this socket.
Index: src/share/man/man4/udp.4
diff -u src/share/man/man4/udp.4:1.12 src/share/man/man4/udp.4:1.13
--- src/share/man/man4/udp.4:1.12 Sat Sep 24 14:49:13 2011
+++ src/share/man/man4/udp.4 Fri Jun 22 10:54:34 2012
@@ -1,4 +1,4 @@
-.\" $NetBSD: udp.4,v 1.12 2011/09/24 18:49:13 christos Exp $
+.\" $NetBSD: udp.4,v 1.13 2012/06/22 14:54:34 christos Exp $
.\"
.\" Copyright (c) 1983, 1991, 1993
.\" The Regents of the University of California. All rights reserved.
@@ -29,7 +29,7 @@
.\"
.\" @(#)udp.4 8.1 (Berkeley) 6/5/93
.\"
-.Dd September 24, 2011
+.Dd June 20, 2012
.Dt UDP 4
.Os
.Sh NAME
@@ -119,31 +119,6 @@ from draft-ietf-ipsec-udp-encaps-06
defined in
.In netinet/udp.h .
.Pp
-The
-.Dv UDP_RFC6056ALGO
-can be used to randomize the port selection.
-Valid algorithms are described in
-.Xr rfc6056 7
-and their respective constants are in
-.In netinet/rfc6056.h .
-For example,
-.Bd -literal
-int algo = RFC6056_ALGO_RANDOM_PICK; /* see \*[Lt]netinet/rfc6056.h\*[Gt] */
-setsockopt(s, IPPROTO_UDP, UDP_RFC6056ALGO, \*[Am]algo, sizeof(algo));
-.Ed
-.Pp
-The port selection can be also controlled at a global level for all
-.Tn UDP
-or
-.Tn UDP6
-sockets using the following
-.Xr sysctl 7
-variables:
-.Dv net.inet.udp.rfc6056.selected
-and
-.Dv net.inet6.udp6.rfc6056.selected
-respectively.
-.Pp
Options at the
.Tn IP
transport level may be used with
Index: src/share/man/man7/rfc6056.7
diff -u src/share/man/man7/rfc6056.7:1.2 src/share/man/man7/rfc6056.7:1.3
--- src/share/man/man7/rfc6056.7:1.2 Sat Sep 24 14:47:59 2011
+++ src/share/man/man7/rfc6056.7 Fri Jun 22 10:54:34 2012
@@ -1,4 +1,4 @@
-.\" $NetBSD: rfc6056.7,v 1.2 2011/09/24 18:47:59 wiz Exp $
+.\" $NetBSD: rfc6056.7,v 1.3 2012/06/22 14:54:34 christos Exp $
.\"
.\" Copyright (c) 2011
.\" The NetBSD Foundation. All rights reserved.
@@ -91,18 +91,22 @@ Use random increments in order to select
.Sh SYSCTL CONTROLS
The following sysctl controls are available for selecting the default
port randomization algorithm:
-.Bl -column "net.inet6.udp6.rfc6056.available" "string" "Changeable"
+.Bl -column "net.inet6.udp6.anonportalgo.available" "string" "Changeable"
.It Sy sysctl name Ta Sy Type Ta Sy Changeable
-.It net.inet.udp.rfc6056.available Ta string Ta no
-.It net.inet.udp.rfc6056.selected Ta string Ta yes
-.It net.inet6.udp6.rfc6056.available Ta string Ta no
-.It net.inet6.udp6.rfc6056.selected Ta string Ta yes
+.It net.inet.ip.anonportalgo.available Ta string Ta no
+.It net.inet.ip.anonportalgo.selected Ta string Ta yes
+.It net.inet6.ip6.anonportalgo.available Ta string Ta no
+.It net.inet6.ip6.anonportalgo.selected Ta string Ta yes
.El
.Sh SOCKET OPTIONS
-The socket option
-.Dv UDP_RFC6056ALGO
-at the
-.Dv IPPROTO_UDP
+The
+.Dv IP_PORTSEL
+socket option at the
+.Dv IPPROTO_IP
+level and the
+.Dv IPV6_PORTSEL
+socket option at the
+.Dv IPPROTO_IPV6
level can be used with a string argument specifying the algorithm's
name in order to select the port randomization algorithm
for a specific socket.
Index: src/share/man/man7/sysctl.7
diff -u src/share/man/man7/sysctl.7:1.71 src/share/man/man7/sysctl.7:1.72
--- src/share/man/man7/sysctl.7:1.71 Sat Jun 9 04:22:14 2012
+++ src/share/man/man7/sysctl.7 Fri Jun 22 10:54:35 2012
@@ -1,4 +1,4 @@
-.\" $NetBSD: sysctl.7,v 1.71 2012/06/09 08:22:14 wiz Exp $
+.\" $NetBSD: sysctl.7,v 1.72 2012/06/22 14:54:35 christos Exp $
.\"
.\" Copyright (c) 1993
.\" The Regents of the University of California. All rights reserved.
@@ -29,7 +29,7 @@
.\"
.\" @(#)sysctl.3 8.4 (Berkeley) 5/9/95
.\"
-.Dd June 8, 2012
+.Dd June 20, 2012
.Dt SYSCTL 7
.Os
.Sh NAME
@@ -1223,6 +1223,8 @@ The currently defined protocols and name
.It icmp redirtimeout integer yes
.It icmp bmcastecho integer yes
.It ip allowsrcrt integer yes
+.It ip anonportalgo.selected string yes
+.It ip anonportalgo.available string yes
.It ip anonportmax integer yes
.It ip anonportmin integer yes
.It ip checkinterface integer yes
@@ -1282,8 +1284,6 @@ The currently defined protocols and name
.It udp checksum integer yes
.It udp do_loopback_cksum integer yes
.It udp recvspace integer yes
-.It udp rfc6056.selected string yes
-.It udp rfc6056.available string yes
.It udp sendspace integer yes
.El
.Pp
@@ -1327,6 +1327,10 @@ believes it can send advertisements more
Disabled by default.
.It Li ip.allowsrcrt
If set to 1, the host accepts source routed packets.
+.It Li ip.anonportalgo.available
+The available RFC 6056 port randomization algorithms.
+.It Li ip.anonportalgo.selected
+The currently selected RFC 6056 port randomization algorithm.
.It Li ip.anonportmax
The highest port number to use for TCP and UDP ephemeral port allocation.
This cannot be set to less than 1024 or greater than 65535, and must
@@ -1565,10 +1569,6 @@ Received non-zero UDP checksums are alwa
Disabling UDP checksums is strongly discouraged.
.It Li udp.recvspace
The default UDP receive buffer size.
-.It Li udp.rfc6056.available
-The available RFC 6056 port randomization algorithms.
-.It Li udp.rfc6056.selected
-The currently selected RFC 6056 port randomization algorithm.
.It Li udp.sendspace
The default UDP send buffer size.
.El
@@ -1597,6 +1597,8 @@ The currently defined protocols and name
.It icmp6 rediraccept integer yes
.It icmp6 redirtimeout integer yes
.It ip6 accept_rtadv integer yes
+.It ip6 anonportalgo.selected string yes
+.It ip6 anonportalgo.available string yes
.It ip6 anonportmax integer yes
.It ip6 anonportmin integer yes
.It ip6 auto_flowlabel integer yes
@@ -1621,8 +1623,6 @@ The currently defined protocols and name
.It ip6 v6only integer yes
.It udp6 do_loopback_cksum integer yes
.It udp6 recvspace integer yes
-.It udp6 rfc6056.selected string yes
-.It udp6 rfc6056.available string yes
.It udp6 sendspace integer yes
.El
.Pp
@@ -1634,6 +1634,10 @@ and autoconfigures address prefixes and
The node must be a host
.Pq not a router
for the option to be meaningful.
+.It Li ip6.anonportalgo.available
+The available RFC 6056 port randomization algorithms.
+.It Li ip6.anonportalgo.selected
+The currently selected RFC 6056 port randomization algorithm.
.It Li ip6.anonportmax
The highest port number to use for TCP and UDP ephemeral port allocation.
This cannot be set to less than 1024 or greater than 65535, and must
@@ -1830,10 +1834,6 @@ ICMPv6 redirect.
Perform UDP checksum on loopback.
.It Li udp6.recvspace
Default UDP receive buffer size.
-.It Li udp6.rfc6056.available
-The available RFC 6056 port randomization algorithms for IPv6.
-.It Li udp6.rfc6056.selected
-The currently selected RFC 6056 port randomization algorithm for IPv6.
.It Li udp6.sendspace
Default UDP send buffer size.
.El
Index: src/sys/netinet/in.h
diff -u src/sys/netinet/in.h:1.86 src/sys/netinet/in.h:1.87
--- src/sys/netinet/in.h:1.86 Mon Sep 14 06:36:50 2009
+++ src/sys/netinet/in.h Fri Jun 22 10:54:35 2012
@@ -1,4 +1,4 @@
-/* $NetBSD: in.h,v 1.86 2009/09/14 10:36:50 degroote Exp $ */
+/* $NetBSD: in.h,v 1.87 2012/06/22 14:54:35 christos Exp $ */
/*
* Copyright (c) 1982, 1986, 1990, 1993
@@ -277,6 +277,7 @@ struct ip_opts {
#define IP_MULTICAST_LOOP 11 /* u_char; set/get IP multicast loopback */
#define IP_ADD_MEMBERSHIP 12 /* ip_mreq; add an IP group membership */
#define IP_DROP_MEMBERSHIP 13 /* ip_mreq; drop an IP group membership */
+#define IP_PORTALGO 18 /* int; port selection algo (rfc6056) */
#define IP_PORTRANGE 19 /* int; range to use for ephemeral port */
#define IP_RECVIF 20 /* bool; receive reception if w/dgram */
#define IP_ERRORMTU 21 /* int; get MTU of last xmit = EMSGSIZE */
Index: src/sys/netinet/ip_input.c
diff -u src/sys/netinet/ip_input.c:1.300 src/sys/netinet/ip_input.c:1.301
--- src/sys/netinet/ip_input.c:1.300 Sat Jun 2 17:36:47 2012
+++ src/sys/netinet/ip_input.c Fri Jun 22 10:54:35 2012
@@ -1,4 +1,4 @@
-/* $NetBSD: ip_input.c,v 1.300 2012/06/02 21:36:47 dsl Exp $ */
+/* $NetBSD: ip_input.c,v 1.301 2012/06/22 14:54:35 christos Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -91,7 +91,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ip_input.c,v 1.300 2012/06/02 21:36:47 dsl Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ip_input.c,v 1.301 2012/06/22 14:54:35 christos Exp $");
#include "opt_inet.h"
#include "opt_compat_netbsd.h"
@@ -139,6 +139,7 @@ __KERNEL_RCSID(0, "$NetBSD: ip_input.c,v
#ifdef MROUTING
#include <netinet/ip_mroute.h>
#endif
+#include <netinet/rfc6056.h>
#ifdef FAST_IPSEC
#include <netipsec/ipsec.h>
@@ -1886,6 +1887,27 @@ sysctl_net_inet_ip_setup(struct sysctllo
sysctl_net_inet_ip_stats, 0, NULL, 0,
CTL_NET, PF_INET, IPPROTO_IP, IPCTL_STATS,
CTL_EOL);
+
+ /* anonportalgo RFC6056 subtree */
+ const struct sysctlnode *rfc6056_node;
+ sysctl_createv(clog, 0, NULL, &rfc6056_node,
+ CTLFLAG_PERMANENT,
+ CTLTYPE_NODE, "anonportalgo",
+ SYSCTL_DESCR("Anonymous Port Algorithm Selection (RFC 6056)"),
+ NULL, 0, NULL, 0,
+ CTL_NET, PF_INET, IPPROTO_IP, CTL_CREATE, CTL_EOL);
+ sysctl_createv(clog, 0, &rfc6056_node, NULL,
+ CTLFLAG_PERMANENT,
+ CTLTYPE_STRING, "available",
+ SYSCTL_DESCR("available algorithms"),
+ sysctl_rfc6056_available, 0, NULL, RFC6056_MAXLEN,
+ CTL_CREATE, CTL_EOL);
+ sysctl_createv(clog, 0, &rfc6056_node, NULL,
+ CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
+ CTLTYPE_STRING, "selected",
+ SYSCTL_DESCR("selected algorithm"),
+ sysctl_rfc6056_selected, 0, NULL, RFC6056_MAXLEN,
+ CTL_CREATE, CTL_EOL);
}
void
Index: src/sys/netinet/ip_output.c
diff -u src/sys/netinet/ip_output.c:1.215 src/sys/netinet/ip_output.c:1.216
--- src/sys/netinet/ip_output.c:1.215 Mon Apr 30 18:51:28 2012
+++ src/sys/netinet/ip_output.c Fri Jun 22 10:54:35 2012
@@ -1,4 +1,4 @@
-/* $NetBSD: ip_output.c,v 1.215 2012/04/30 22:51:28 rmind Exp $ */
+/* $NetBSD: ip_output.c,v 1.216 2012/06/22 14:54:35 christos Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -91,7 +91,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ip_output.c,v 1.215 2012/04/30 22:51:28 rmind Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ip_output.c,v 1.216 2012/06/22 14:54:35 christos Exp $");
#include "opt_pfil_hooks.h"
#include "opt_inet.h"
@@ -125,6 +125,7 @@ __KERNEL_RCSID(0, "$NetBSD: ip_output.c,
#include <netinet/ip_var.h>
#include <netinet/ip_private.h>
#include <netinet/in_offload.h>
+#include <netinet/rfc6056.h>
#ifdef MROUTING
#include <netinet/ip_mroute.h>
@@ -1142,13 +1143,20 @@ ip_ctloutput(int op, struct socket *so,
/* INP_UNLOCK(inp); */
break;
+ case IP_PORTALGO:
+ error = sockopt_getint(sopt, &optval);
+ if (error)
+ break;
+
+ error = rfc6056_algo_index_select(
+ (struct inpcb_hdr *)inp, optval);
+ break;
+
#if defined(FAST_IPSEC)
case IP_IPSEC_POLICY:
- {
error = ipsec4_set_policy(inp, sopt->sopt_name,
sopt->sopt_data, sopt->sopt_size, l->l_cred);
break;
- }
#endif /*IPSEC*/
default:
@@ -1258,6 +1266,11 @@ ip_ctloutput(int op, struct socket *so,
break;
+ case IP_PORTALGO:
+ optval = ((struct inpcb_hdr *)inp)->inph_rfc6056algo;
+ error = sockopt_setint(sopt, optval);
+ break;
+
default:
error = ENOPROTOOPT;
break;
Index: src/sys/netinet/rfc6056.h
diff -u src/sys/netinet/rfc6056.h:1.2 src/sys/netinet/rfc6056.h:1.3
--- src/sys/netinet/rfc6056.h:1.2 Sat Sep 24 13:54:19 2011
+++ src/sys/netinet/rfc6056.h Fri Jun 22 10:54:35 2012
@@ -1,4 +1,4 @@
-/* $NetBSD: rfc6056.h,v 1.2 2011/09/24 17:54:19 christos Exp $ */
+/* $NetBSD: rfc6056.h,v 1.3 2012/06/22 14:54:35 christos Exp $ */
/*
* Copyright 2011 Vlad Balan
@@ -33,6 +33,7 @@
#ifdef _KERNEL
#include <sys/sysctl.h>
+struct inpcb_hdr;
int rfc6056_randport(uint16_t *, struct inpcb_hdr *, kauth_cred_t);
int sysctl_rfc6056_selected(SYSCTLFN_ARGS);
int sysctl_rfc6056_selected6(SYSCTLFN_ARGS);
Index: src/sys/netinet/tcp_input.c
diff -u src/sys/netinet/tcp_input.c:1.323 src/sys/netinet/tcp_input.c:1.324
--- src/sys/netinet/tcp_input.c:1.323 Fri Apr 13 11:35:57 2012
+++ src/sys/netinet/tcp_input.c Fri Jun 22 10:54:35 2012
@@ -1,4 +1,4 @@
-/* $NetBSD: tcp_input.c,v 1.323 2012/04/13 15:35:57 yamt Exp $ */
+/* $NetBSD: tcp_input.c,v 1.324 2012/06/22 14:54:35 christos Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -148,7 +148,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: tcp_input.c,v 1.323 2012/04/13 15:35:57 yamt Exp $");
+__KERNEL_RCSID(0, "$NetBSD: tcp_input.c,v 1.324 2012/06/22 14:54:35 christos Exp $");
#include "opt_inet.h"
#include "opt_ipsec.h"
@@ -939,6 +939,11 @@ tcp_input_checksum(int af, struct mbuf *
IFF_LOOPBACK) ||
tcp_do_loopback_cksum)) {
TCP_CSUM_COUNTER_INCR(&tcp_swcsum);
+ if (m->m_len == 0) {
+ printf("mlen = 0 mkthdrlen = %d\n",
+ m->m_pkthdr.len);
+ return 0;
+ }
if (in4_cksum(m, IPPROTO_TCP, toff,
tlen + off) != 0)
goto badcsum;
Index: src/sys/netinet/udp.h
diff -u src/sys/netinet/udp.h:1.15 src/sys/netinet/udp.h:1.16
--- src/sys/netinet/udp.h:1.15 Sat Jan 7 15:20:12 2012
+++ src/sys/netinet/udp.h Fri Jun 22 10:54:35 2012
@@ -1,4 +1,4 @@
-/* $NetBSD: udp.h,v 1.15 2012/01/07 20:20:12 christos Exp $ */
+/* $NetBSD: udp.h,v 1.16 2012/06/22 14:54:35 christos Exp $ */
/*
* Copyright (c) 1982, 1986, 1993
@@ -48,7 +48,6 @@ struct udphdr {
/* socket options for UDP */
#define UDP_ENCAP 100
-#define UDP_RFC6056ALGO 200
/* Encapsulation types */
#define UDP_ENCAP_ESPINUDP_NON_IKE 1 /* draft-ietf-ipsec-nat-t-ike-00/01 */
Index: src/sys/netinet/udp_usrreq.c
diff -u src/sys/netinet/udp_usrreq.c:1.186 src/sys/netinet/udp_usrreq.c:1.187
--- src/sys/netinet/udp_usrreq.c:1.186 Thu Mar 22 16:34:39 2012
+++ src/sys/netinet/udp_usrreq.c Fri Jun 22 10:54:35 2012
@@ -1,4 +1,4 @@
-/* $NetBSD: udp_usrreq.c,v 1.186 2012/03/22 20:34:39 drochner Exp $ */
+/* $NetBSD: udp_usrreq.c,v 1.187 2012/06/22 14:54:35 christos Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -61,7 +61,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: udp_usrreq.c,v 1.186 2012/03/22 20:34:39 drochner Exp $");
+__KERNEL_RCSID(0, "$NetBSD: udp_usrreq.c,v 1.187 2012/06/22 14:54:35 christos Exp $");
#include "opt_inet.h"
#include "opt_compat_netbsd.h"
@@ -96,7 +96,6 @@ __KERNEL_RCSID(0, "$NetBSD: udp_usrreq.c
#include <netinet/udp.h>
#include <netinet/udp_var.h>
#include <netinet/udp_private.h>
-#include <netinet/rfc6056.h>
#ifdef INET6
#include <netinet/ip6.h>
@@ -1080,15 +1079,6 @@ udp_ctloutput(int op, struct socket *so,
}
break;
- case UDP_RFC6056ALGO:
- error = sockopt_getint(sopt, &optval);
- if (error)
- break;
-
- error = rfc6056_algo_index_select(
- (struct inpcb_hdr *)inp, optval);
- break;
-
default:
error = ENOPROTOOPT;
break;
@@ -1377,8 +1367,6 @@ sysctl_net_inet_udp_stats(SYSCTLFN_ARGS)
static void
sysctl_net_inet_udp_setup(struct sysctllog **clog)
{
- const struct sysctlnode *rfc6056_node;
-
sysctl_createv(clog, 0, NULL, NULL,
CTLFLAG_PERMANENT,
CTLTYPE_NODE, "net", NULL,
@@ -1438,25 +1426,6 @@ sysctl_net_inet_udp_setup(struct sysctll
sysctl_net_inet_udp_stats, 0, NULL, 0,
CTL_NET, PF_INET, IPPROTO_UDP, UDPCTL_STATS,
CTL_EOL);
- /* RFC6056 subtree */
- sysctl_createv(clog, 0, NULL, &rfc6056_node,
- CTLFLAG_PERMANENT,
- CTLTYPE_NODE, "rfc6056",
- SYSCTL_DESCR("RFC 6056"),
- NULL, 0, NULL, 0,
- CTL_NET, PF_INET, IPPROTO_UDP, CTL_CREATE, CTL_EOL);
- sysctl_createv(clog, 0, &rfc6056_node, NULL,
- CTLFLAG_PERMANENT,
- CTLTYPE_STRING, "available",
- SYSCTL_DESCR("RFC 6056 available algorithms"),
- sysctl_rfc6056_available, 0, NULL, RFC6056_MAXLEN,
- CTL_CREATE, CTL_EOL);
- sysctl_createv(clog, 0, &rfc6056_node, NULL,
- CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
- CTLTYPE_STRING, "selected",
- SYSCTL_DESCR("RFC 6056 selected algorithm"),
- sysctl_rfc6056_selected, 0, NULL, RFC6056_MAXLEN,
- CTL_CREATE, CTL_EOL);
}
#endif
Index: src/sys/netinet/udp_var.h
diff -u src/sys/netinet/udp_var.h:1.37 src/sys/netinet/udp_var.h:1.38
--- src/sys/netinet/udp_var.h:1.37 Sat Sep 24 13:18:17 2011
+++ src/sys/netinet/udp_var.h Fri Jun 22 10:54:35 2012
@@ -1,4 +1,4 @@
-/* $NetBSD: udp_var.h,v 1.37 2011/09/24 17:18:17 christos Exp $ */
+/* $NetBSD: udp_var.h,v 1.38 2012/06/22 14:54:35 christos Exp $ */
/*
* Copyright (c) 1982, 1986, 1989, 1993
@@ -75,7 +75,6 @@ struct udpiphdr {
#define UDPCTL_RECVSPACE 3 /* default recv buffer */
#define UDPCTL_LOOPBACKCKSUM 4 /* do UDP checksum on loopback */
#define UDPCTL_STATS 5 /* UDP statistics */
-#define UDPCTL_RFC6056 6 /* RFC 6056 algorithm selection */
#define UDPCTL_MAXID 7
#define UDPCTL_NAMES { \
@@ -85,7 +84,6 @@ struct udpiphdr {
{ "recvspace", CTLTYPE_INT }, \
{ "do_loopback_cksum", CTLTYPE_INT }, \
{ "stats", CTLTYPE_STRUCT }, \
- { "rfc6056", CTLTYPE_INT }, \
}
#ifdef _KERNEL
Index: src/sys/netinet6/in6.h
diff -u src/sys/netinet6/in6.h:1.69 src/sys/netinet6/in6.h:1.70
--- src/sys/netinet6/in6.h:1.69 Tue May 24 14:07:11 2011
+++ src/sys/netinet6/in6.h Fri Jun 22 10:54:35 2012
@@ -1,4 +1,4 @@
-/* $NetBSD: in6.h,v 1.69 2011/05/24 18:07:11 spz Exp $ */
+/* $NetBSD: in6.h,v 1.70 2012/06/22 14:54:35 christos Exp $ */
/* $KAME: in6.h,v 1.83 2001/03/29 02:55:07 jinmei Exp $ */
/*
@@ -385,6 +385,7 @@ extern const struct in6_addr in6addr_lin
#define IPV6_LEAVE_GROUP 13 /* ip6_mreq; leave a group membership */
#define IPV6_PORTRANGE 14 /* int; range to choose for unspec port */
#if defined(_NETBSD_SOURCE)
+#define IPV6_PORTALGO 17 /* int; port selection algo (rfc6056) */
#define ICMP6_FILTER 18 /* icmp6_filter; icmp6 filter */
#endif
/* RFC2292 options */
Index: src/sys/netinet6/ip6_input.c
diff -u src/sys/netinet6/ip6_input.c:1.137 src/sys/netinet6/ip6_input.c:1.138
--- src/sys/netinet6/ip6_input.c:1.137 Thu Mar 22 16:34:40 2012
+++ src/sys/netinet6/ip6_input.c Fri Jun 22 10:54:35 2012
@@ -1,4 +1,4 @@
-/* $NetBSD: ip6_input.c,v 1.137 2012/03/22 20:34:40 drochner Exp $ */
+/* $NetBSD: ip6_input.c,v 1.138 2012/06/22 14:54:35 christos Exp $ */
/* $KAME: ip6_input.c,v 1.188 2001/03/29 05:34:31 itojun Exp $ */
/*
@@ -62,7 +62,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ip6_input.c,v 1.137 2012/03/22 20:34:40 drochner Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ip6_input.c,v 1.138 2012/06/22 14:54:35 christos Exp $");
#include "opt_gateway.h"
#include "opt_inet.h"
@@ -103,6 +103,7 @@ __KERNEL_RCSID(0, "$NetBSD: ip6_input.c,
#include <netinet/ip_icmp.h>
#endif /* INET */
#include <netinet/ip6.h>
+#include <netinet/rfc6056.h>
#include <netinet6/in6_var.h>
#include <netinet6/ip6_var.h>
#include <netinet6/ip6_private.h>
@@ -1956,6 +1957,26 @@ sysctl_net_inet6_ip6_setup(struct sysctl
CTL_NET, PF_INET6, IPPROTO_IPV6,
CTL_CREATE, CTL_EOL);
#endif
+ /* anonportalgo RFC6056 subtree */
+ const struct sysctlnode *rfc6056_node;
+ sysctl_createv(clog, 0, NULL, &rfc6056_node,
+ CTLFLAG_PERMANENT,
+ CTLTYPE_NODE, "anonportalgo",
+ SYSCTL_DESCR("Anonymous port algorithm selection (RFC 6056)"),
+ NULL, 0, NULL, 0,
+ CTL_NET, PF_INET6, IPPROTO_IPV6, CTL_CREATE, CTL_EOL);
+ sysctl_createv(clog, 0, &rfc6056_node, NULL,
+ CTLFLAG_PERMANENT,
+ CTLTYPE_STRING, "available",
+ SYSCTL_DESCR("available algorithms"),
+ sysctl_rfc6056_available, 0, NULL, RFC6056_MAXLEN,
+ CTL_CREATE, CTL_EOL);
+ sysctl_createv(clog, 0, &rfc6056_node, NULL,
+ CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
+ CTLTYPE_STRING, "selected",
+ SYSCTL_DESCR("selected algorithm"),
+ sysctl_rfc6056_selected6, 0, NULL, RFC6056_MAXLEN,
+ CTL_CREATE, CTL_EOL);
}
void
Index: src/sys/netinet6/ip6_output.c
diff -u src/sys/netinet6/ip6_output.c:1.147 src/sys/netinet6/ip6_output.c:1.148
--- src/sys/netinet6/ip6_output.c:1.147 Thu Mar 22 16:34:41 2012
+++ src/sys/netinet6/ip6_output.c Fri Jun 22 10:54:35 2012
@@ -1,4 +1,4 @@
-/* $NetBSD: ip6_output.c,v 1.147 2012/03/22 20:34:41 drochner Exp $ */
+/* $NetBSD: ip6_output.c,v 1.148 2012/06/22 14:54:35 christos Exp $ */
/* $KAME: ip6_output.c,v 1.172 2001/03/25 09:55:56 itojun Exp $ */
/*
@@ -62,7 +62,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ip6_output.c,v 1.147 2012/03/22 20:34:41 drochner Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ip6_output.c,v 1.148 2012/06/22 14:54:35 christos Exp $");
#include "opt_inet.h"
#include "opt_inet6.h"
@@ -91,6 +91,7 @@ __KERNEL_RCSID(0, "$NetBSD: ip6_output.c
#include <netinet/ip6.h>
#include <netinet/icmp6.h>
#include <netinet/in_offload.h>
+#include <netinet/rfc6056.h>
#include <netinet6/in6_offload.h>
#include <netinet6/ip6_var.h>
#include <netinet6/ip6_private.h>
@@ -1633,6 +1634,14 @@ else \
}
break;
+ case IPV6_PORTALGO:
+ error = sockopt_getint(sopt, &optval);
+ if (error)
+ break;
+
+ error = rfc6056_algo_index_select(
+ (struct inpcb_hdr *)in6p, optval);
+ break;
#if defined(FAST_IPSEC)
case IPV6_IPSEC_POLICY:
@@ -1818,6 +1827,11 @@ else \
error = ip6_getmoptions(sopt, in6p->in6p_moptions);
break;
+ case IPV6_PORTALGO:
+ optval = ((struct inpcb_hdr *)in6p)->inph_rfc6056algo;
+ error = sockopt_setint(sopt, optval);
+ break;
+
#if defined(FAST_IPSEC)
case IPV6_IPSEC_POLICY:
{
Index: src/sys/netinet6/udp6_usrreq.c
diff -u src/sys/netinet6/udp6_usrreq.c:1.90 src/sys/netinet6/udp6_usrreq.c:1.91
--- src/sys/netinet6/udp6_usrreq.c:1.90 Sat Sep 24 13:22:14 2011
+++ src/sys/netinet6/udp6_usrreq.c Fri Jun 22 10:54:35 2012
@@ -1,4 +1,4 @@
-/* $NetBSD: udp6_usrreq.c,v 1.90 2011/09/24 17:22:14 christos Exp $ */
+/* $NetBSD: udp6_usrreq.c,v 1.91 2012/06/22 14:54:35 christos Exp $ */
/* $KAME: udp6_usrreq.c,v 1.86 2001/05/27 17:33:00 itojun Exp $ */
/*
@@ -62,7 +62,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: udp6_usrreq.c,v 1.90 2011/09/24 17:22:14 christos Exp $");
+__KERNEL_RCSID(0, "$NetBSD: udp6_usrreq.c,v 1.91 2012/06/22 14:54:35 christos Exp $");
#include "opt_inet.h"
@@ -92,7 +92,6 @@ __KERNEL_RCSID(0, "$NetBSD: udp6_usrreq.
#include <netinet/in_pcb.h>
#include <netinet/udp.h>
#include <netinet/udp_var.h>
-#include <netinet/rfc6056.h>
#include <netinet/ip6.h>
#include <netinet6/ip6_var.h>
#include <netinet6/in6_pcb.h>
@@ -263,9 +262,7 @@ udp6_ctloutput(int op, struct socket *so
{
int s;
int error = 0;
- struct inpcb *inp;
int family;
- int optval;
family = so->so_proto->pr_domain->dom_family;
@@ -291,31 +288,7 @@ udp6_ctloutput(int op, struct socket *so
error = EAFNOSUPPORT;
goto end;
}
-
- switch (op) {
- case PRCO_SETOPT:
- inp = sotoinpcb(so);
-
- switch (sopt->sopt_name) {
- case UDP_RFC6056ALGO:
- error = sockopt_getint(sopt, &optval);
- if (error)
- break;
-
- error = rfc6056_algo_index_select(
- (struct inpcb_hdr *)inp, optval);
- break;
-
- default:
- error = ENOPROTOOPT;
- break;
- }
- break;
-
- default:
- error = EINVAL;
- break;
- }
+ error = EINVAL;
end:
splx(s);
@@ -488,8 +461,6 @@ sysctl_net_inet6_udp6_stats(SYSCTLFN_ARG
static void
sysctl_net_inet6_udp6_setup(struct sysctllog **clog)
{
- const struct sysctlnode *rfc6056_node;
-
sysctl_createv(clog, 0, NULL, NULL,
CTLFLAG_PERMANENT,
CTLTYPE_NODE, "net", NULL,
@@ -542,25 +513,6 @@ sysctl_net_inet6_udp6_setup(struct sysct
sysctl_net_inet6_udp6_stats, 0, NULL, 0,
CTL_NET, PF_INET6, IPPROTO_UDP, UDP6CTL_STATS,
CTL_EOL);
- /* RFC6056 subtree */
- sysctl_createv(clog, 0, NULL, &rfc6056_node,
- CTLFLAG_PERMANENT,
- CTLTYPE_NODE, "rfc6056",
- SYSCTL_DESCR("RFC 6056"),
- NULL, 0, NULL, 0,
- CTL_NET, PF_INET6, IPPROTO_UDP, CTL_CREATE, CTL_EOL);
- sysctl_createv(clog, 0, &rfc6056_node, NULL,
- CTLFLAG_PERMANENT,
- CTLTYPE_STRING, "available",
- SYSCTL_DESCR("RFC 6056 available algorithms"),
- sysctl_rfc6056_available, 0, NULL, RFC6056_MAXLEN,
- CTL_CREATE, CTL_EOL);
- sysctl_createv(clog, 0, &rfc6056_node, NULL,
- CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
- CTLTYPE_STRING, "selected",
- SYSCTL_DESCR("RFC 6056 selected algorithm"),
- sysctl_rfc6056_selected6, 0, NULL, RFC6056_MAXLEN,
- CTL_CREATE, CTL_EOL);
}
void
Index: src/sys/netinet6/udp6_var.h
diff -u src/sys/netinet6/udp6_var.h:1.24 src/sys/netinet6/udp6_var.h:1.25
--- src/sys/netinet6/udp6_var.h:1.24 Sat Sep 24 13:22:14 2011
+++ src/sys/netinet6/udp6_var.h Fri Jun 22 10:54:35 2012
@@ -1,4 +1,4 @@
-/* $NetBSD: udp6_var.h,v 1.24 2011/09/24 17:22:14 christos Exp $ */
+/* $NetBSD: udp6_var.h,v 1.25 2012/06/22 14:54:35 christos Exp $ */
/* $KAME: udp6_var.h,v 1.11 2000/06/05 00:14:31 itojun Exp $ */
/*
@@ -88,8 +88,7 @@
#define UDP6CTL_RECVSPACE 2 /* default recv buffer */
#define UDP6CTL_LOOPBACKCKSUM 3 /* do UDP checksum on loopback? */
#define UDP6CTL_STATS 4 /* udp6 statistics */
-#define UDP6CTL_RFC6056 5 /* RFC 6056 algorithm selection */
-#define UDP6CTL_MAXID 6
+#define UDP6CTL_MAXID 5
#define UDP6CTL_NAMES { \
{ 0, 0 }, \
Index: src/tests/net/sys/t_rfc6056.c
diff -u src/tests/net/sys/t_rfc6056.c:1.2 src/tests/net/sys/t_rfc6056.c:1.3
--- src/tests/net/sys/t_rfc6056.c:1.2 Sat Nov 5 15:01:42 2011
+++ src/tests/net/sys/t_rfc6056.c Fri Jun 22 10:54:35 2012
@@ -1,4 +1,4 @@
-/* $NetBSD: t_rfc6056.c,v 1.2 2011/11/05 19:01:42 jruoho Exp $ */
+/* $NetBSD: t_rfc6056.c,v 1.3 2012/06/22 14:54:35 christos Exp $ */
/*-
* Copyright (c) 2011 The NetBSD Foundation, Inc.
@@ -29,7 +29,7 @@
* POSSIBILITY OF SUCH DAMAGE.
*/
#include <sys/cdefs.h>
-__RCSID("$NetBSD: t_rfc6056.c,v 1.2 2011/11/05 19:01:42 jruoho Exp $");
+__RCSID("$NetBSD: t_rfc6056.c,v 1.3 2012/06/22 14:54:35 christos Exp $");
#include <sys/types.h>
#include <sys/socket.h>
@@ -51,7 +51,7 @@ static void
test(const char *hostname, const char *service, int family, int al)
{
static const char hello[] = "hello\n";
- int s, error;
+ int s, error, proto, option;
struct sockaddr_storage ss;
struct addrinfo hints, *res;
@@ -59,6 +59,19 @@ test(const char *hostname, const char *s
hints.ai_family = family;
hints.ai_socktype = SOCK_DGRAM;
+ switch (family) {
+ case AF_INET:
+ proto = IPPROTO_IP;
+ option = IP_PORTALGO;
+ break;
+ case AF_INET6:
+ proto = IPPROTO_IPV6;
+ option = IPV6_PORTALGO;
+ break;
+ default:
+ abort();
+ }
+
error = getaddrinfo(hostname, service, &hints, &res);
if (error)
errx(EXIT_FAILURE, "Cannot get address for %s (%s)",
@@ -68,7 +81,7 @@ test(const char *hostname, const char *s
if (s == -1)
err(EXIT_FAILURE, "socket");
- if (setsockopt(s, IPPROTO_UDP, UDP_RFC6056ALGO, &al, sizeof(al)) == -1)
+ if (setsockopt(s, proto, option, &al, sizeof(al)) == -1)
err(EXIT_FAILURE, "setsockopt");
memset(&ss, 0, sizeof(ss));
@@ -89,7 +102,7 @@ test(const char *hostname, const char *s
if (s == -1)
err(EXIT_FAILURE, "socket");
- if (setsockopt(s, IPPROTO_UDP, UDP_RFC6056ALGO, &al, sizeof(al)) == -1)
+ if (setsockopt(s, proto, option, &al, sizeof(al)) == -1)
err(EXIT_FAILURE, "setsockopt");
if (connect(s, res->ai_addr, res->ai_addrlen) == -1)
