Support for VNET in SCTP (hopefully)
This commit is contained in:
parent
3282c51713
commit
482444b4a5
Notes:
svn2git
2020-12-20 02:59:44 +00:00
svn path=/head/; revision=197288
@ -881,7 +881,7 @@ sctp_handle_asconf(struct mbuf *m, unsigned int offset,
|
||||
/* we probably don't need these operations */
|
||||
(void)sa6_recoverscope(from6);
|
||||
sa6_embedscope(from6,
|
||||
MODULE_GLOBAL(MOD_INET6, ip6_use_defzone));
|
||||
MODULE_GLOBAL(ip6_use_defzone));
|
||||
|
||||
break;
|
||||
}
|
||||
|
@ -126,7 +126,7 @@ sctp_gather_internal_ifa_flags(struct sctp_ifa *ifa)
|
||||
|
||||
ifa6 = (struct in6_ifaddr *)ifa->ifa;
|
||||
ifa->flags = ifa6->ia6_flags;
|
||||
if (!MODULE_GLOBAL(MOD_INET6, ip6_use_deprecated)) {
|
||||
if (!MODULE_GLOBAL(ip6_use_deprecated)) {
|
||||
if (ifa->flags &
|
||||
IN6_IFF_DEPRECATED) {
|
||||
ifa->localifa_flags |= SCTP_ADDR_IFA_UNUSEABLE;
|
||||
@ -206,7 +206,7 @@ sctp_init_ifns_for_vrf(int vrfid)
|
||||
struct sctp_ifa *sctp_ifa;
|
||||
uint32_t ifa_flags;
|
||||
|
||||
TAILQ_FOREACH(ifn, &MODULE_GLOBAL(MOD_NET, ifnet), if_list) {
|
||||
TAILQ_FOREACH(ifn, &MODULE_GLOBAL(ifnet), if_list) {
|
||||
IF_ADDR_LOCK(ifn);
|
||||
TAILQ_FOREACH(ifa, &ifn->if_addrlist, ifa_list) {
|
||||
if (ifa->ifa_addr == NULL) {
|
||||
@ -336,7 +336,7 @@ void
|
||||
struct ifnet *ifn;
|
||||
struct ifaddr *ifa;
|
||||
|
||||
TAILQ_FOREACH(ifn, &MODULE_GLOBAL(MOD_NET, ifnet), if_list) {
|
||||
TAILQ_FOREACH(ifn, &MODULE_GLOBAL(ifnet), if_list) {
|
||||
if (!(*pred) (ifn)) {
|
||||
continue;
|
||||
}
|
||||
|
@ -5873,7 +5873,7 @@ sctp_input_with_port(struct mbuf *i_pak, int off, uint16_t port)
|
||||
* idea, so I will leave it in place.
|
||||
*/
|
||||
if (inp && ipsec4_in_reject(m, &inp->ip_inp.inp)) {
|
||||
MODULE_GLOBAL(MOD_IPSEC, ipsec4stat).in_polvio++;
|
||||
MODULE_GLOBAL(ipsec4stat).in_polvio++;
|
||||
SCTP_STAT_INCR(sctps_hdrops);
|
||||
goto bad;
|
||||
}
|
||||
|
@ -78,9 +78,7 @@ __FBSDID("$FreeBSD$");
|
||||
#include <netinet/ip_icmp.h>
|
||||
#include <netinet/icmp_var.h>
|
||||
|
||||
#ifdef VIMAGE
|
||||
#error "SCTP is not yet compatible with VIMAGE."
|
||||
#endif
|
||||
#include <net/vnet.h>
|
||||
|
||||
#ifdef IPSEC
|
||||
#include <netipsec/ipsec.h>
|
||||
@ -137,25 +135,20 @@ MALLOC_DECLARE(SCTP_M_SOCKOPT);
|
||||
#define SCTP_CTR6 CTR6
|
||||
#endif
|
||||
|
||||
#define SCTP_BASE_INFO(__m) system_base_info.sctppcbinfo.__m
|
||||
#define SCTP_BASE_STATS system_base_info.sctpstat
|
||||
#define SCTP_BASE_STAT(__m) system_base_info.sctpstat.__m
|
||||
#define SCTP_BASE_SYSCTL(__m) system_base_info.sctpsysctl.__m
|
||||
#define SCTP_BASE_VAR(__m) system_base_info.__m
|
||||
|
||||
/*
|
||||
* Macros to expand out globals defined by various modules
|
||||
* to either a real global or a virtualized instance of one,
|
||||
* depending on whether VIMAGE is defined.
|
||||
*/
|
||||
/* first define modules that supply us information */
|
||||
#define MOD_NET net
|
||||
#define MOD_INET inet
|
||||
#define MOD_INET6 inet6
|
||||
#define MOD_IPSEC ipsec
|
||||
|
||||
/* then define the macro(s) that hook into the vimage macros */
|
||||
#define MODULE_GLOBAL(__MODULE, __SYMBOL) V_ ## __SYMBOL
|
||||
#define MODULE_GLOBAL(__SYMBOL) V_ ## __SYMBOL
|
||||
|
||||
#define V_system_base_info VNET_NAME(system_base_info)
|
||||
#define SCTP_BASE_INFO(__m) V_system_base_info.sctppcbinfo.__m
|
||||
#define SCTP_BASE_STATS V_system_base_info.sctpstat
|
||||
#define SCTP_BASE_STAT(__m) V_system_base_info.sctpstat.__m
|
||||
#define SCTP_BASE_SYSCTL(__m) V_system_base_info.sctpsysctl.__m
|
||||
#define SCTP_BASE_VAR(__m) V_system_base_info.__m
|
||||
|
||||
/*
|
||||
*
|
||||
|
@ -3829,7 +3829,7 @@ sctp_lowlevel_chunk_output(struct sctp_inpcb *inp,
|
||||
sin6 = &tmp;
|
||||
|
||||
/* KAME hack: embed scopeid */
|
||||
if (sa6_embedscope(sin6, MODULE_GLOBAL(MOD_INET6, ip6_use_defzone)) != 0) {
|
||||
if (sa6_embedscope(sin6, MODULE_GLOBAL(ip6_use_defzone)) != 0) {
|
||||
SCTP_LTRACE_ERR_RET_PKT(m, inp, stcb, net, SCTP_FROM_SCTP_OUTPUT, EINVAL);
|
||||
return (EINVAL);
|
||||
}
|
||||
@ -3883,7 +3883,7 @@ sctp_lowlevel_chunk_output(struct sctp_inpcb *inp,
|
||||
if (net->src_addr_selected == 0) {
|
||||
sin6 = (struct sockaddr_in6 *)&net->ro._l_addr;
|
||||
/* KAME hack: embed scopeid */
|
||||
if (sa6_embedscope(sin6, MODULE_GLOBAL(MOD_INET6, ip6_use_defzone)) != 0) {
|
||||
if (sa6_embedscope(sin6, MODULE_GLOBAL(ip6_use_defzone)) != 0) {
|
||||
SCTP_LTRACE_ERR_RET_PKT(m, inp, stcb, net, SCTP_FROM_SCTP_OUTPUT, EINVAL);
|
||||
return (EINVAL);
|
||||
}
|
||||
@ -3906,7 +3906,7 @@ sctp_lowlevel_chunk_output(struct sctp_inpcb *inp,
|
||||
} else {
|
||||
sin6 = (struct sockaddr_in6 *)&ro->ro_dst;
|
||||
/* KAME hack: embed scopeid */
|
||||
if (sa6_embedscope(sin6, MODULE_GLOBAL(MOD_INET6, ip6_use_defzone)) != 0) {
|
||||
if (sa6_embedscope(sin6, MODULE_GLOBAL(ip6_use_defzone)) != 0) {
|
||||
SCTP_LTRACE_ERR_RET_PKT(m, inp, stcb, net, SCTP_FROM_SCTP_OUTPUT, EINVAL);
|
||||
return (EINVAL);
|
||||
}
|
||||
@ -5143,7 +5143,7 @@ sctp_send_initiate_ack(struct sctp_inpcb *inp, struct sctp_tcb *stcb,
|
||||
*/
|
||||
(void)sa6_recoverscope(sin6);
|
||||
stc.scope_id = sin6->sin6_scope_id;
|
||||
sa6_embedscope(sin6, MODULE_GLOBAL(MOD_INET6, ip6_use_defzone));
|
||||
sa6_embedscope(sin6, MODULE_GLOBAL(ip6_use_defzone));
|
||||
stc.loopback_scope = 1;
|
||||
stc.local_scope = 0;
|
||||
stc.site_scope = 1;
|
||||
@ -5179,7 +5179,7 @@ sctp_send_initiate_ack(struct sctp_inpcb *inp, struct sctp_tcb *stcb,
|
||||
*/
|
||||
(void)sa6_recoverscope(sin6);
|
||||
stc.scope_id = sin6->sin6_scope_id;
|
||||
sa6_embedscope(sin6, MODULE_GLOBAL(MOD_INET6, ip6_use_defzone));
|
||||
sa6_embedscope(sin6, MODULE_GLOBAL(ip6_use_defzone));
|
||||
} else if (IN6_IS_ADDR_SITELOCAL(&sin6->sin6_addr)) {
|
||||
/*
|
||||
* If the new destination is
|
||||
@ -10768,7 +10768,7 @@ sctp_send_shutdown_complete2(struct mbuf *m, int iphlen, struct sctphdr *sh,
|
||||
|
||||
/* Fill in the IPv6 header for the ABORT */
|
||||
ip6_out->ip6_flow = ip6->ip6_flow;
|
||||
ip6_out->ip6_hlim = MODULE_GLOBAL(MOD_INET6, ip6_defhlim);
|
||||
ip6_out->ip6_hlim = MODULE_GLOBAL(ip6_defhlim);
|
||||
if (port) {
|
||||
ip6_out->ip6_nxt = IPPROTO_UDP;
|
||||
} else {
|
||||
@ -11787,7 +11787,7 @@ sctp_send_abort(struct mbuf *m, int iphlen, struct sctphdr *sh, uint32_t vtag,
|
||||
|
||||
/* Fill in the IP6 header for the ABORT */
|
||||
ip6_out->ip6_flow = ip6->ip6_flow;
|
||||
ip6_out->ip6_hlim = MODULE_GLOBAL(MOD_INET6, ip6_defhlim);
|
||||
ip6_out->ip6_hlim = MODULE_GLOBAL(ip6_defhlim);
|
||||
if (port) {
|
||||
ip6_out->ip6_nxt = IPPROTO_UDP;
|
||||
} else {
|
||||
@ -12014,7 +12014,7 @@ sctp_send_operr_to(struct mbuf *m, int iphlen, struct mbuf *scm, uint32_t vtag,
|
||||
|
||||
/* Fill in the IP6 header for the ABORT */
|
||||
ip6_out->ip6_flow = ip6->ip6_flow;
|
||||
ip6_out->ip6_hlim = MODULE_GLOBAL(MOD_INET6, ip6_defhlim);
|
||||
ip6_out->ip6_hlim = MODULE_GLOBAL(ip6_defhlim);
|
||||
if (port) {
|
||||
ip6_out->ip6_nxt = IPPROTO_UDP;
|
||||
} else {
|
||||
@ -13759,7 +13759,7 @@ sctp_v6src_match_nexthop(struct sockaddr_in6 *src6, sctp_route_t * ro)
|
||||
return (0);
|
||||
|
||||
/* get prefix entry of address */
|
||||
LIST_FOREACH(pfx, &MODULE_GLOBAL(MOD_INET6, nd_prefix), ndpr_entry) {
|
||||
LIST_FOREACH(pfx, &MODULE_GLOBAL(nd_prefix), ndpr_entry) {
|
||||
if (pfx->ndpr_stateflags & NDPRF_DETACHED)
|
||||
continue;
|
||||
if (IN6_ARE_MASKED_ADDR_EQUAL(&pfx->ndpr_prefix.sin6_addr,
|
||||
|
@ -48,7 +48,7 @@ __FBSDID("$FreeBSD$");
|
||||
#include <netinet/udp.h>
|
||||
|
||||
|
||||
struct sctp_base_info system_base_info;
|
||||
VNET_DEFINE(struct sctp_base_info, system_base_info);
|
||||
|
||||
/* FIX: we don't handle multiple link local scopes */
|
||||
/* "scopeless" replacement IN6_ARE_ADDR_EQUAL */
|
||||
@ -59,11 +59,11 @@ SCTP6_ARE_ADDR_EQUAL(struct sockaddr_in6 *a, struct sockaddr_in6 *b)
|
||||
struct sockaddr_in6 tmp_a, tmp_b;
|
||||
|
||||
memcpy(&tmp_a, a, sizeof(struct sockaddr_in6));
|
||||
if (sa6_embedscope(&tmp_a, MODULE_GLOBAL(MOD_INET6, ip6_use_defzone)) != 0) {
|
||||
if (sa6_embedscope(&tmp_a, MODULE_GLOBAL(ip6_use_defzone)) != 0) {
|
||||
return 0;
|
||||
}
|
||||
memcpy(&tmp_b, b, sizeof(struct sockaddr_in6));
|
||||
if (sa6_embedscope(&tmp_b, MODULE_GLOBAL(MOD_INET6, ip6_use_defzone)) != 0) {
|
||||
if (sa6_embedscope(&tmp_b, MODULE_GLOBAL(ip6_use_defzone)) != 0) {
|
||||
return 0;
|
||||
}
|
||||
return (IN6_ARE_ADDR_EQUAL(&tmp_a.sin6_addr, &tmp_b.sin6_addr));
|
||||
@ -2008,7 +2008,7 @@ sctp_findassociation_addr(struct mbuf *m, int iphlen, int offset,
|
||||
/* Get the scopes in properly to the sin6 addr's */
|
||||
/* we probably don't need these operations */
|
||||
(void)sa6_recoverscope(from6);
|
||||
sa6_embedscope(from6, MODULE_GLOBAL(MOD_INET6, ip6_use_defzone));
|
||||
sa6_embedscope(from6, MODULE_GLOBAL(ip6_use_defzone));
|
||||
break;
|
||||
}
|
||||
#endif
|
||||
@ -2049,7 +2049,7 @@ sctp_findassociation_addr(struct mbuf *m, int iphlen, int offset,
|
||||
/* Get the scopes in properly to the sin6 addr's */
|
||||
/* we probably don't need these operations */
|
||||
(void)sa6_recoverscope(to6);
|
||||
sa6_embedscope(to6, MODULE_GLOBAL(MOD_INET6, ip6_use_defzone));
|
||||
sa6_embedscope(to6, MODULE_GLOBAL(ip6_use_defzone));
|
||||
break;
|
||||
}
|
||||
#endif
|
||||
@ -2316,7 +2316,7 @@ sctp_inpcb_alloc(struct socket *so, uint32_t vrf_id)
|
||||
}
|
||||
#endif /* IPSEC */
|
||||
SCTP_INCR_EP_COUNT();
|
||||
inp->ip_inp.inp.inp_ip_ttl = MODULE_GLOBAL(MOD_INET, ip_defttl);
|
||||
inp->ip_inp.inp.inp_ip_ttl = MODULE_GLOBAL(ip_defttl);
|
||||
SCTP_INP_INFO_WUNLOCK();
|
||||
|
||||
so->so_pcb = (caddr_t)inp;
|
||||
@ -2688,7 +2688,7 @@ sctp_inpcb_bind(struct socket *so, struct sockaddr *addr,
|
||||
if (!IN6_IS_ADDR_UNSPECIFIED(&sin6->sin6_addr)) {
|
||||
bindall = 0;
|
||||
/* KAME hack: embed scopeid */
|
||||
if (sa6_embedscope(sin6, MODULE_GLOBAL(MOD_INET6, ip6_use_defzone)) != 0) {
|
||||
if (sa6_embedscope(sin6, MODULE_GLOBAL(ip6_use_defzone)) != 0) {
|
||||
SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PCB, EINVAL);
|
||||
return (EINVAL);
|
||||
}
|
||||
@ -2814,8 +2814,8 @@ sctp_inpcb_bind(struct socket *so, struct sockaddr *addr,
|
||||
int done;
|
||||
|
||||
if (ip_inp->inp_flags & INP_HIGHPORT) {
|
||||
first = MODULE_GLOBAL(MOD_INET, ipport_hifirstauto);
|
||||
last = MODULE_GLOBAL(MOD_INET, ipport_hilastauto);
|
||||
first = MODULE_GLOBAL(ipport_hifirstauto);
|
||||
last = MODULE_GLOBAL(ipport_hilastauto);
|
||||
} else if (ip_inp->inp_flags & INP_LOWPORT) {
|
||||
if (p && (error =
|
||||
priv_check(p, PRIV_NETINET_RESERVEDPORT)
|
||||
@ -2826,11 +2826,11 @@ sctp_inpcb_bind(struct socket *so, struct sockaddr *addr,
|
||||
SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PCB, error);
|
||||
return (error);
|
||||
}
|
||||
first = MODULE_GLOBAL(MOD_INET, ipport_lowfirstauto);
|
||||
last = MODULE_GLOBAL(MOD_INET, ipport_lowlastauto);
|
||||
first = MODULE_GLOBAL(ipport_lowfirstauto);
|
||||
last = MODULE_GLOBAL(ipport_lowlastauto);
|
||||
} else {
|
||||
first = MODULE_GLOBAL(MOD_INET, ipport_firstauto);
|
||||
last = MODULE_GLOBAL(MOD_INET, ipport_lastauto);
|
||||
first = MODULE_GLOBAL(ipport_firstauto);
|
||||
last = MODULE_GLOBAL(ipport_lastauto);
|
||||
}
|
||||
if (first > last) {
|
||||
uint16_t temp;
|
||||
@ -3756,7 +3756,7 @@ sctp_add_remote_addr(struct sctp_tcb *stcb, struct sockaddr *newaddr,
|
||||
struct sockaddr_in6 *sin6;
|
||||
|
||||
sin6 = (struct sockaddr_in6 *)&net->ro._l_addr;
|
||||
(void)sa6_embedscope(sin6, MODULE_GLOBAL(MOD_INET6, ip6_use_defzone));
|
||||
(void)sa6_embedscope(sin6, MODULE_GLOBAL(ip6_use_defzone));
|
||||
sin6->sin6_scope_id = 0;
|
||||
}
|
||||
#endif
|
||||
|
@ -462,7 +462,7 @@ struct sctp_tcb {
|
||||
* goes with the base info. sctp_pcb.c has
|
||||
* the real definition.
|
||||
*/
|
||||
extern struct sctp_base_info system_base_info;
|
||||
VNET_DECLARE(struct sctp_base_info, system_base_info);
|
||||
|
||||
#ifdef INET6
|
||||
int SCTP6_ARE_ADDR_EQUAL(struct sockaddr_in6 *a, struct sockaddr_in6 *b);
|
||||
|
@ -1773,7 +1773,7 @@ sctp_pathmtu_timer(struct sctp_inpcb *inp,
|
||||
struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)&net->ro._l_addr;
|
||||
|
||||
/* KAME hack: embed scopeid */
|
||||
(void)sa6_embedscope(sin6, MODULE_GLOBAL(MOD_INET6, ip6_use_defzone));
|
||||
(void)sa6_embedscope(sin6, MODULE_GLOBAL(ip6_use_defzone));
|
||||
}
|
||||
#endif
|
||||
|
||||
|
@ -544,7 +544,7 @@ sctp_attach(struct socket *so, int proto, struct thread *p)
|
||||
inp->sctp_flags &= ~SCTP_PCB_FLAGS_BOUND_V6; /* I'm not v6! */
|
||||
ip_inp = &inp->ip_inp.inp;
|
||||
ip_inp->inp_vflag |= INP_IPV4;
|
||||
ip_inp->inp_ip_ttl = MODULE_GLOBAL(MOD_INET, ip_defttl);
|
||||
ip_inp->inp_ip_ttl = MODULE_GLOBAL(ip_defttl);
|
||||
#ifdef IPSEC
|
||||
error = ipsec_init_policy(so, &ip_inp->inp_sp);
|
||||
#ifdef SCTP_LOG_CLOSING
|
||||
|
@ -223,7 +223,7 @@ sctp6_input(struct mbuf **i_pak, int *offp, int proto)
|
||||
*/
|
||||
if (in6p_ip && (ipsec6_in_reject(m, in6p_ip))) {
|
||||
/* XXX */
|
||||
MODULE_GLOBAL(MOD_IPSEC, ipsec6stat).in_polvio++;
|
||||
MODULE_GLOBAL(ipsec6stat).in_polvio++;
|
||||
goto bad;
|
||||
}
|
||||
#endif /* IPSEC */
|
||||
@ -695,7 +695,7 @@ sctp6_attach(struct socket *so, int proto, struct thread *p)
|
||||
* socket as well, because the socket may be bound to an IPv6
|
||||
* wildcard address, which may match an IPv4-mapped IPv6 address.
|
||||
*/
|
||||
inp6->inp_ip_ttl = MODULE_GLOBAL(MOD_INET, ip_defttl);
|
||||
inp6->inp_ip_ttl = MODULE_GLOBAL(ip_defttl);
|
||||
#endif
|
||||
/*
|
||||
* Hmm what about the IPSEC stuff that is missing here but in
|
||||
@ -859,7 +859,7 @@ sctp6_send(struct socket *so, int flags, struct mbuf *m, struct sockaddr *addr,
|
||||
}
|
||||
}
|
||||
if (IN6_IS_ADDR_V4MAPPED(&sin6->sin6_addr)) {
|
||||
if (!MODULE_GLOBAL(MOD_INET6, ip6_v6only)) {
|
||||
if (!MODULE_GLOBAL(ip6_v6only)) {
|
||||
struct sockaddr_in sin;
|
||||
|
||||
/* convert v4-mapped into v4 addr and send */
|
||||
@ -990,7 +990,7 @@ sctp6_connect(struct socket *so, struct sockaddr *addr, struct thread *p)
|
||||
}
|
||||
}
|
||||
if (IN6_IS_ADDR_V4MAPPED(&sin6->sin6_addr)) {
|
||||
if (!MODULE_GLOBAL(MOD_INET6, ip6_v6only)) {
|
||||
if (!MODULE_GLOBAL(ip6_v6only)) {
|
||||
/* convert v4-mapped into v4 addr */
|
||||
in6_sin6_2_sin((struct sockaddr_in *)&ss, sin6);
|
||||
addr = (struct sockaddr *)&ss;
|
||||
|
Loading…
Reference in New Issue
Block a user