Commit Graph

89 Commits

Author SHA1 Message Date
ume
3d7c0818ff don't touch after free. 2003-12-10 05:01:41 +00:00
ume
ac33b83fc2 use callout_*() rather than timeout(). 2003-12-07 11:23:59 +00:00
ume
547eb2ea6d missing splx.
this is a NOOP change, and primarily merged for consistency with
-STABLE.

Approved by:	re (rwatson)
2003-11-28 14:34:42 +00:00
rwatson
9c969b771a Introduce a MAC label reference in 'struct inpcb', which caches
the   MAC label referenced from 'struct socket' in the IPv4 and
IPv6-based protocols.  This permits MAC labels to be checked during
network delivery operations without dereferencing inp->inp_socket
to get to so->so_label, which will eventually avoid our having to
grab the socket lock during delivery at the network layer.

This change introduces 'struct inpcb' as a labeled object to the
MAC Framework, along with the normal circus of entry points:
initialization, creation from socket, destruction, as well as a
delivery access control check.

For most policies, the inpcb label will simply be a cache of the
socket label, so a new protocol switch method is introduced,
pr_sosetlabel() to notify protocols that the socket layer label
has been updated so that the cache can be updated while holding
appropriate locks.  Most protocols implement this using
pru_sosetlabel_null(), but IPv4/IPv6 protocols using inpcbs use
the the worker function in_pcbsosetlabel(), which calls into the
MAC Framework to perform a cache update.

Biba, LOMAC, and MLS implement these entry points, as do the stub
policy, and test policy.

Reviewed by:	sam, bms
Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, Network Associates Laboratories
2003-11-18 00:39:07 +00:00
ume
aa4ea0ed16 add sysctl MIB net.key.esp_auth which was wrongly dropped
during recent KAME merge.
2003-11-13 12:26:55 +00:00
ume
bfe58eaccc ipsec_esp_auth is unused when IPSEC_ESP is not defined.
Reported by:	Andre Oppermann <oppermann@pipeline.ch>
2003-11-11 17:25:45 +00:00
ume
373abd9403 - cleanup SP refcnt issue.
- share policy-on-socket for listening socket.
- don't copy policy-on-socket at all.  secpolicy no longer contain
  spidx, which saves a lot of memory.
- deep-copy pcb policy if it is an ipsec policy.  assign ID field to
  all SPD entries.  make it possible for racoon to grab SPD entry on
  pcb.
- fixed the order of searching SA table for packets.
- fixed to get a security association header.  a mode is always needed
  to compare them.
- fixed that the incorrect time was set to
  sadb_comb_{hard|soft}_usetime.
- disallow port spec for tunnel mode policy (as we don't reassemble).
- an user can define a policy-id.
- clear enc/auth key before freeing.
- fixed that the kernel crashed when key_spdacquire() was called
  because key_spdacquire() had been implemented imcopletely.
- preparation for 64bit sequence number.
- maintain ordered list of SA, based on SA id.
- cleanup secasvar management; refcnt is key.c responsibility;
  alloc/free is keydb.c responsibility.
- cleanup, avoid double-loop.
- use hash for spi-based lookup.
- mark persistent SP "persistent".
  XXX in theory refcnt should do the right thing, however, we have
  "spdflush" which would touch all SPs.  another solution would be to
  de-register persistent SPs from sptree.
- u_short -> u_int16_t
- reduce kernel stack usage by auto variable secasindex.
- clarify function name confusion.  ipsec_*_policy ->
  ipsec_*_pcbpolicy.
- avoid variable name confusion.
  (struct inpcbpolicy *)pcb_sp, spp (struct secpolicy **), sp (struct
  secpolicy *)
- count number of ipsec encapsulations on ipsec4_output, so that we
  can tell ip_output() how to handle the packet further.
- When the value of the ul_proto is ICMP or ICMPV6, the port field in
  "src" of the spidx specifies ICMP type, and the port field in "dst"
  of the spidx specifies ICMP code.
- avoid from applying IPsec transport mode to the packets when the
  kernel forwards the packets.

Tested by:	nork
Obtained from:	KAME
2003-11-04 16:02:05 +00:00
ume
f4d1f7a456 correct %d/%u mismatch.
Obtained from:	KAME
2003-11-02 12:28:04 +00:00
ume
5079f19ffa exit(3) with negative value does not make sense'
Obtained from:	KAME
2003-11-02 11:43:07 +00:00
ume
e211c7fba5 make debugging with "setkey -x" a lot easier.
Obtained from:	KAME
2003-11-02 11:26:42 +00:00
ume
315c0ec426 cleanup secasvar management; refcnt is key.c responsibility;
alloc/free is keydb.c responsibility.

Obtained from:	KAME
2003-11-02 10:49:47 +00:00
ume
e1581c03b6 - do not quit from key_sendup() even if writes to non-target
socket fails.
- remove an unneeded function.
- fix pfkey stat.
- fix comment.

Obtained from:	KAME
2003-11-02 09:13:33 +00:00
ume
7a7c6e3d3e mib name was changed by fixing a spelling.
net.key.prefered_oldsa -> net.key.preferred_oldsa

Obtained from:	KAME
2003-10-28 16:16:04 +00:00
ume
75025ec654 drop the code of HAVE_NRL_INPCB part. our system doesn't
use NRL style INPCB.
2003-10-22 18:52:57 +00:00
ume
b8a944acb5 nuke unused ICMPV6CTL_NAMES and KEYCTL_NAMES macros. 2003-10-07 15:14:33 +00:00
ume
36f3985518 Reduce diffs against KAME. No functional change.
Obtained from:	KAME
2003-09-30 10:52:49 +00:00
ume
bc921c081b Reduce diffs against KAME. No functional change.
Obtained from:	KAME
2003-09-30 09:06:58 +00:00
ume
182afdad39 Sync style and comments with latest KAME to reduce diffs.
No functional change.

Obtained from:	KAME
2003-09-30 07:57:05 +00:00
ume
99f18c28fc add /*CONSTCOND*/ to reduce diffs against latest KAME.
Obtained from:	KAME
2003-09-25 13:40:06 +00:00
ume
888cc825c4 panic() doesn't need `\n'.
Obtained from:	KAME
2003-09-25 13:36:51 +00:00
obrien
8b64eb1925 Use __FBSDID(). 2003-06-11 05:37:42 +00:00
des
567ac2b268 Introduce an M_ASSERTPKTHDR() macro which performs the very common task
of asserting that an mbuf has a packet header.  Use it instead of hand-
rolled versions wherever applicable.

Submitted by:	Hiten Pandya <hiten@unixdaemons.com>
2003-04-08 14:25:47 +00:00
imp
cf874b345d Back out M_* changes, per decision of the TRB.
Approved by: trb
2003-02-19 05:47:46 +00:00
ache
61f86586d8 Comment out srandom():
1) Already called in init_main.c:proc0_post()
2) Seed is bad
2003-02-05 15:32:24 +00:00
alfred
bf8e8a6e8f Remove M_TRYWAIT/M_WAITOK/M_WAIT. Callers should use 0.
Merge M_NOWAIT/M_DONTWAIT into a single flag M_NOWAIT.
2003-01-21 08:56:16 +00:00
ume
fa20ded9d1 "struct route" is not sufficient. NetBSD PR 18751
Obtained from:	KAME
MFC after:	1 days
2003-01-08 17:59:24 +00:00
schweikh
d3367c5f5d Correct typos, mostly s/ a / an / where appropriate. Some whitespace cleanup,
especially in troff files.
2003-01-01 18:49:04 +00:00
bmilekic
514c635ee6 o Untangle the confusion with the malloc flags {M_WAITOK, M_NOWAIT} and
the mbuf allocator flags {M_TRYWAIT, M_DONTWAIT}.
o Fix a bpf_compat issue where malloc() was defined to just call
  bpf_alloc() and pass the 'canwait' flag(s) along.  It's been changed
  to call bpf_alloc() but pass the corresponding M_TRYWAIT or M_DONTWAIT
  flag (and only one of those two).

Submitted by: Hiten Pandya <hiten@unixdaemons.com> (hiten->commit_count++)
2002-12-19 22:58:27 +00:00
ume
e555a85c67 - fixed the order of searching SA table for packets.
- comment about deletion of SA that has not been used by reaching
  soft lifetime.

Obtained from:	KAME
MFC after:	2 week
2002-07-10 16:39:38 +00:00
tanimura
cb3347e926 Remove so*_locked(), which were backed out by mistake. 2002-06-18 07:42:02 +00:00
tanimura
e6fa9b9e92 Back out my lats commit of locking down a socket, it conflicts with hsu's work.
Requested by:	hsu
2002-05-31 11:52:35 +00:00
peter
0b506943e6 pacify gcc-3.1's -Wunused checking. 2002-05-24 05:53:57 +00:00
tanimura
92d8381dd5 Lock down a socket, milestone 1.
o Add a mutex (sb_mtx) to struct sockbuf. This protects the data in a
  socket buffer. The mutex in the receive buffer also protects the data
  in struct socket.

o Determine the lock strategy for each members in struct socket.

o Lock down the following members:

  - so_count
  - so_options
  - so_linger
  - so_state

o Remove *_locked() socket APIs.  Make the following socket APIs
  touching the members above now require a locked socket:

 - sodisconnect()
 - soisconnected()
 - soisconnecting()
 - soisdisconnected()
 - soisdisconnecting()
 - sofree()
 - soref()
 - sorele()
 - sorwakeup()
 - sotryfree()
 - sowakeup()
 - sowwakeup()

Reviewed by:	alfred
2002-05-20 05:41:09 +00:00
alfred
798c53d495 Redo the sigio locking.
Turn the sigio sx into a mutex.

Sigio lock is really only needed to protect interrupts from dereferencing
the sigio pointer in an object when the sigio itself is being destroyed.

In order to do this in the most unintrusive manner change pgsigio's
sigio * argument into a **, that way we can lock internally to the
function.
2002-05-01 20:44:46 +00:00
tanimura
89ec521d91 Revert the change of #includes in sys/filedesc.h and sys/socketvar.h.
Requested by:	bde

Since locking sigio_lock is usually followed by calling pgsigio(),
move the declaration of sigio_lock and the definitions of SIGIO_*() to
sys/signalvar.h.

While I am here, sort include files alphabetically, where possible.
2002-04-30 01:54:54 +00:00
tanimura
dbb4756491 Add a global sx sigio_lock to protect the pointer to the sigio object
of a socket.  This avoids lock order reversal caused by locking a
process in pgsigio().

sowakeup() and the callers of it (sowwakeup, soisconnected, etc.) now
require sigio_lock to be locked.  Provide sowwakeup_locked(),
soisconnected_locked(), and so on in case where we have to modify a
socket and wake up a process atomically.
2002-04-27 08:24:29 +00:00
suz
553226e8e1 just merged cosmetic changes from KAME to ease sync between KAME and FreeBSD.
(based on freebsd4-snap-20020128)

Reviewed by:	ume
MFC after:	1 week
2002-04-19 04:46:24 +00:00
alfred
8c4c86de23 Remove __P. 2002-03-20 02:39:27 +00:00
ume
530c747424 missing splx
Obtained from:	KAME
MFC after:	1 week
2002-03-01 13:13:17 +00:00
ume
308fbb2d3e (when new sa is preferred than old sa)
even if we fail to send pfkey message, remove the old sa.

Obtained from:	KAME
MFC after:	1 week
2002-03-01 12:17:21 +00:00
peter
e8f88d4909 Fix warnings 2002-02-28 02:56:29 +00:00
tanimura
a09da29859 Lock struct pgrp, session and sigio.
New locks are:

- pgrpsess_lock which locks the whole pgrps and sessions,
- pg_mtx which protects the pgrp members, and
- s_mtx which protects the session members.

Please refer to sys/proc.h for the coverage of these locks.

Changes on the pgrp/session interface:

- pgfind() needs the pgrpsess_lock held.

- The caller of enterpgrp() is responsible to allocate a new pgrp and
  session.

- Call enterthispgrp() in order to enter an existing pgrp.

- pgsignal() requires a pgrp lock held.

Reviewed by:	jhb, alfred
Tested on:	cvsup.jp.FreeBSD.org
		(which is a quad-CPU machine running -current)
2002-02-23 11:12:57 +00:00
ume
994ac6118a Newer SA is prefered for a out-bound packet than old one
when net.key.prefered_oldsa is set to zero.

Obtained from:	KAME
MFC after:	1 week
2001-12-05 05:40:49 +00:00
ume
a58314c120 Fixed the behavior when there is no inbound policy for the ipsec
tunneled packet.
When there is no suitable inbound policy for the packet of the ipsec
tunnel mode, the kernel never decapsulate the tunneled packet
as the ipsec tunnel mode even when the system wide policy is "none".
Then the kernel leaves the generic tunnel module to process this
packet.  If there is no rule of the generic tunnel, the packet
is rejected and the statistics will be counted up.

Obtained from:	KAME
MFC after:	1 week
2001-11-06 22:45:29 +00:00
ume
6bd8569386 - net.inet.ipsec.esp_auth hasn't been there
- nuke all debug printfs, which are unneeded by now.
- get rid of #ifdef IPSEC_DEBUG in headers
- now that key_debug_level is always defined, there's no need for
  #ifdef IPSEC_DEBUG around sysctl MIB code (net.key.debug).
- switch all debug printf() to ipseclog().

Obtained from:	KAME
MFC after:	1 week
2001-11-05 16:46:24 +00:00
ume
66d7b6370f Unbreak build without INET6.
Reported by:	Christopher N . Harrell <cnh@netvmg.com>
MFC after:	1 week
2001-11-03 20:47:50 +00:00
ume
d30f6152e3 System wide policy should be returned when no policy found in the SPD.
The packet was rejected in ipsec[46]_tunnel_validate().

Obtained from:	KAME
MFC after:	1 week
2001-10-29 16:29:41 +00:00
ume
4ec2993d48 Fixed the value of the prefixlen in the sadb_address structure.
When pfkey message relative to SA is sent, the prefixlen was incorrect.

Obtained from:	KAME
MFC after:	1 week
2001-10-22 20:19:47 +00:00
ume
b44023b126 The behavior of SPDUPDATE has been changed.
SPDUPDATE doesn't depend on whether there is a SP or not.
This change makes `generate_policy on' of racoon work.

Obtained from:	KAME
MFC after:	1 week
2001-10-17 13:01:39 +00:00
julian
5596676e6c KSE Milestone 2
Note ALL MODULES MUST BE RECOMPILED
make the kernel aware that there are smaller units of scheduling than the
process. (but only allow one thread per process at this time).
This is functionally equivalent to teh previousl -current except
that there is a thread associated with each process.

Sorry john! (your next MFC will be a doosie!)

Reviewed by: peter@freebsd.org, dillon@freebsd.org

X-MFC after:    ha ha ha ha
2001-09-12 08:38:13 +00:00