PERFORCE change 126178 for review
Matus Harvan
mharvan at FreeBSD.org
Sat Sep 8 04:09:45 PDT 2007
http://perforce.freebsd.org/chv.cgi?CH=126178
Change 126178 by mharvan at mharvan_peleus on 2007/09/08 11:09:17
TCP LISTENALL patch cleanup
* debugging printfs with #define DIAGNOSTIC
* CTLFLAG_SECURE for the rate limit
* priv_check() for PRIV_NETINET_TCP_LISTENALL
* s/catchall/listenall/g to better descibe the functionality
Affected files ...
.. //depot/projects/soc2007/mharvan-mtund/sys.patches/sys.current.tcp_catchall.patch#2 edit
.. //depot/projects/soc2007/mharvan-mtund/sys.patches/test_catchall/tcatchalld.c#2 edit
.. //depot/projects/soc2007/mharvan-mtund/sys.patches/usr_include.patch#2 edit
Differences ...
==== //depot/projects/soc2007/mharvan-mtund/sys.patches/sys.current.tcp_catchall.patch#2 (text+ko) ====
@@ -1,38 +1,38 @@
-Index: tcp.h
+Index: netinet/tcp.h
===================================================================
RCS file: /home/ncvs/src/sys/netinet/tcp.h,v
retrieving revision 1.40
-diff -u -r1.40 tcp.h
---- tcp.h 25 May 2007 21:28:49 -0000 1.40
-+++ tcp.h 24 Aug 2007 17:21:49 -0000
+diff -d -u -r1.40 tcp.h
+--- netinet/tcp.h 25 May 2007 21:28:49 -0000 1.40
++++ netinet/tcp.h 8 Sep 2007 10:35:57 -0000
@@ -147,6 +147,7 @@
#define TCP_NOOPT 0x08 /* don't use TCP options */
#define TCP_MD5SIG 0x10 /* use MD5 digests (RFC2385) */
#define TCP_INFO 0x20 /* retrieve tcp_info structure */
-+#define TCP_CATCHALL 0x40 /* bind to all unused TCP ports */
++#define TCP_LISTENALL 0x40 /* listen on all unused TCP ports */
#define TCPI_OPT_TIMESTAMPS 0x01
#define TCPI_OPT_SACK 0x02
-Index: tcp_input.c
+Index: netinet/tcp_input.c
===================================================================
RCS file: /home/ncvs/src/sys/netinet/tcp_input.c,v
retrieving revision 1.367
-diff -u -r1.367 tcp_input.c
---- tcp_input.c 30 Jul 2007 11:06:41 -0000 1.367
-+++ tcp_input.c 24 Aug 2007 17:21:51 -0000
+diff -d -u -r1.367 tcp_input.c
+--- netinet/tcp_input.c 30 Jul 2007 11:06:41 -0000 1.367
++++ netinet/tcp_input.c 8 Sep 2007 10:35:57 -0000
@@ -144,9 +144,15 @@
SYSCTL_INT(_net_inet_tcp, OID_AUTO, recvbuf_max, CTLFLAG_RW,
&tcp_autorcvbuf_max, 0, "Max size of automatic receive buffer");
-+static int catchalllim = 5;
-+SYSCTL_INT(_net_inet_tcp, OID_AUTO, catchalllim, CTLFLAG_RW,
-+ &catchalllim, 0,
-+ "Rate limit on sockets created by the TCP_CATCHALL socket");
++static int listenalllim = 5;
++SYSCTL_INT(_net_inet_tcp, OID_AUTO, listenalllim, CTLFLAG_RW | CTLFLAG_SECURE,
++ &listenalllim, 0,
++ "Rate limit on sockets created by the TCP_LISTENALL socket");
+
struct inpcbhead tcb;
#define tcb6 tcb /* for KAME src sync over BSD*'s */
struct inpcbinfo tcbinfo;
-+struct inpcb *inp_tcatchall; /* binding to all unused TCP ports */
++struct inpcb *inp_tlistenall; /* listening on all unused TCP ports */
static void tcp_dooptions(struct tcpopt *, u_char *, int, int);
static void tcp_do_segment(struct mbuf *, struct tcphdr *,
@@ -43,122 +43,129 @@
+ static struct rate {
+ struct timeval lasttime;
+ int curpps;
-+ } catchallr;
++ } listenallr;
+
#ifdef INET6
isipv6 = (mtod(m, struct ip *)->ip_v == 6) ? 1 : 0;
-@@ -460,6 +471,32 @@
+@@ -460,6 +471,36 @@
goto dropunlock;
}
#endif /* IPSEC */
+
-+ /* catchall socket */
-+ if ((inp == NULL) && (inp_tcatchall != NULL)) {
-+ printf("catchall socket used (0x%x)\n",
-+ (unsigned int)inp_tcatchall);
-+ char dbuf[4*sizeof "123"], sbuf[4*sizeof "123"];
++ /* listenall socket */
++ if ((inp == NULL) && (inp_tlistenall != NULL)) {
++#ifdef DIAGNOSTIC
++ printf("listenall socket used (0x%x)\n",
++ (unsigned int)inp_tlistenall);
++ char dbuf[INET_ADDRSTRLEN], sbuf[INET_ADDRSTRLEN];
+ strcpy(dbuf, inet_ntoa(ip->ip_dst));
+ strcpy(sbuf, inet_ntoa(ip->ip_src));
+ printf("\tip_src: %s, sport: %hu\n\tip_dst: %s, dport: %hu\n",
+ sbuf, ntohs(th->th_sport), dbuf, ntohs(th->th_dport));
-+
++#endif
+ /* do rate limiting for SYN packets */
+ if (thflags & TH_SYN) {
-+ if (catchalllim > 0)
-+ if (ppsratecheck(&catchallr.lasttime,
-+ &catchallr.curpps, catchalllim))
-+ inp = inp_tcatchall;
++ if (listenalllim > 0)
++ if (ppsratecheck(&listenallr.lasttime,
++ &listenallr.curpps, listenalllim))
++ inp = inp_tlistenall;
++#ifdef DIAGNOSTIC
+ else
+ printf("ppsratecheck limited "
-+ "tcp_catchall\n");
++ "tcp_listenall\n");
++#endif
++#ifdef DIAGNOSTIC
+ else
-+ printf("ppsratecheck limited tcp_catchall\n");
-+
++ printf("ppsratecheck limited tcp_listenall\n");
++#endif
+ } else
-+ inp = inp_tcatchall;
++ inp = inp_tlistenall;
+ }
/*
* If the INPCB does not exist then all data in the incoming
-Index: tcp_subr.c
+Index: netinet/tcp_subr.c
===================================================================
RCS file: /home/ncvs/src/sys/netinet/tcp_subr.c,v
retrieving revision 1.296
-diff -u -r1.296 tcp_subr.c
---- tcp_subr.c 16 Aug 2007 01:35:55 -0000 1.296
-+++ tcp_subr.c 24 Aug 2007 17:21:54 -0000
+diff -d -u -r1.296 tcp_subr.c
+--- netinet/tcp_subr.c 16 Aug 2007 01:35:55 -0000 1.296
++++ netinet/tcp_subr.c 8 Sep 2007 10:35:57 -0000
@@ -264,6 +264,7 @@
tcp_rexmit_slop = TCPTV_CPU_VAR;
tcp_inflight_rttthresh = TCPTV_INFLIGHT_RTTTHRESH;
tcp_finwait2_timeout = TCPTV_FINWAIT2_TIMEOUT;
-+ inp_tcatchall = NULL;
++ inp_tlistenall = NULL;
INP_INFO_LOCK_INIT(&tcbinfo, "tcp");
LIST_INIT(&tcb);
-Index: tcp_usrreq.c
+Index: netinet/tcp_usrreq.c
===================================================================
RCS file: /home/ncvs/src/sys/netinet/tcp_usrreq.c,v
retrieving revision 1.160
-diff -u -r1.160 tcp_usrreq.c
---- tcp_usrreq.c 30 Jul 2007 11:06:41 -0000 1.160
-+++ tcp_usrreq.c 24 Aug 2007 17:21:55 -0000
-@@ -162,6 +162,11 @@
+diff -d -u -r1.160 tcp_usrreq.c
+--- netinet/tcp_usrreq.c 30 Jul 2007 11:06:41 -0000 1.160
++++ netinet/tcp_usrreq.c 8 Sep 2007 10:35:57 -0000
+@@ -48,6 +48,7 @@
+ #endif /* INET6 */
+ #include <sys/socket.h>
+ #include <sys/socketvar.h>
++#include <sys/priv.h>
+ #include <sys/protosw.h>
+ #include <sys/proc.h>
+ #include <sys/jail.h>
+@@ -162,6 +163,13 @@
KASSERT(so->so_pcb == inp, ("tcp_detach: so_pcb != inp"));
KASSERT(inp->inp_socket == so, ("tcp_detach: inp_socket != so"));
-+ if (inp == inp_tcatchall) {
-+ printf("deactivating TCP_CATCHALL - socket closed\n");
-+ inp_tcatchall = NULL;
++ if (inp == inp_tlistenall) {
++#ifdef DIAGNOSTIC
++ printf("deactivating TCP_LISTENALL - socket closed\n");
++#endif
++ inp_tlistenall = NULL;
+ }
+
tp = intotcpcb(inp);
if (inp->inp_vflag & INP_TIMEWAIT) {
-@@ -1338,6 +1343,36 @@
+@@ -1338,6 +1346,29 @@
error = EINVAL;
break;
-+ case TCP_CATCHALL:
-+ printf("TCP_CATCHALL option code\n");
++ case TCP_LISTENALL:
+ error = sooptcopyin(sopt, &optval, sizeof optval,
+ sizeof optval);
+ if (error)
+ break;
+
-+ printf("TCP_CATCHALL optval: %d\n", optval);
-+ if (optval > 0) { /* enable CATCHALL */
-+ printf("request to enable TCP_CATCHALL\n");
-+ if (inp_tcatchall == NULL) {
-+ printf("enabled TCP_CATCHALL\n");
-+ inp_tcatchall = inp;
-+ } else {
-+ printf("TCP_CATCHALL already enabled, "
-+ "ignoring setsockopt()\n");
++ priv_check(curthread,
++ PRIV_NETINET_TCP_LISTENALL);
++ if (error != 0)
++ break;
++
++ if (optval > 0) /* enable LISTENALL */
++ if (inp_tlistenall == NULL)
++ inp_tlistenall = inp;
++ else
+ error = EBUSY;
-+ }
-+ } else {/* disable CATCHALL */
-+ printf("request to disable TCP_CATCHALL\n");
-+ if (inp_tcatchall == inp) {
-+ printf("disabled TCP_CATCHALL\n");
-+ inp_tcatchall = NULL;
-+ } else {
-+ printf("TCP_CATCHALL already disabled"
-+ ", ignoring setsockopt()\n");
-+ }
-+ }
++
++ else /* disable LISTENALL */
++ if (inp_tlistenall == inp)
++ inp_tlistenall = NULL;
++
+ break;
+
default:
error = ENOPROTOOPT;
break;
-@@ -1371,6 +1406,13 @@
+@@ -1371,6 +1402,13 @@
case TCP_INFO:
tcp_fill_info(tp, &ti);
error = sooptcopyout(sopt, &ti, sizeof ti);
+ break;
-+ case TCP_CATCHALL:
-+ if (inp == inp_tcatchall)
++ case TCP_LISTENALL:
++ if (inp == inp_tlistenall)
+ optval = 1;
+ else
+ optval = 0;
@@ -166,18 +173,33 @@
break;
default:
error = ENOPROTOOPT;
-Index: tcp_var.h
+Index: netinet/tcp_var.h
===================================================================
RCS file: /home/ncvs/src/sys/netinet/tcp_var.h,v
retrieving revision 1.155
-diff -u -r1.155 tcp_var.h
---- tcp_var.h 28 Jul 2007 12:20:39 -0000 1.155
-+++ tcp_var.h 24 Aug 2007 17:21:56 -0000
+diff -d -u -r1.155 tcp_var.h
+--- netinet/tcp_var.h 28 Jul 2007 12:20:39 -0000 1.155
++++ netinet/tcp_var.h 8 Sep 2007 10:35:57 -0000
@@ -493,6 +493,7 @@
extern struct inpcbhead tcb; /* head of queue of active tcpcb's */
extern struct inpcbinfo tcbinfo;
-+extern struct inpcb *inp_tcatchall; /* binding to all unused TCP ports */
++extern struct inpcb *inp_tlistenall; /* listening on all unused TCP ports */
extern struct tcpstat tcpstat; /* tcp statistics */
extern int tcp_log_in_vain;
extern int tcp_mssdflt; /* XXX */
+Index: sys/priv.h
+===================================================================
+RCS file: /home/ncvs/src/sys/sys/priv.h,v
+retrieving revision 1.15
+diff -d -u -r1.15 priv.h
+--- sys/priv.h 18 Jun 2007 07:54:27 -0000 1.15
++++ sys/priv.h 8 Sep 2007 10:35:58 -0000
+@@ -374,6 +374,7 @@
+ #define PRIV_NETINET_ALIFETIME6 502 /* Administer IPv6 address lifetimes. */
+ #define PRIV_NETINET_IPSEC 503 /* Administer IPSEC. */
+ #define PRIV_NETINET_REUSEPORT 504 /* Allow [rapid] port/address reuse. */
++#define PRIV_NETINET_TCP_LISTENALL 505 /* Allow setting TCP_LISTENALL */
+
+ /*
+ * IPX/SPX privileges.
==== //depot/projects/soc2007/mharvan-mtund/sys.patches/test_catchall/tcatchalld.c#2 (text+ko) ====
@@ -180,7 +180,7 @@
{
int fd;
int new_fd;
- char *msg = "Welcome to catchalld\r\n";
+ char *msg = "Welcome to listenalld\r\n";
char buf[1234];
int n, nwrite, nread;
int soval = 1;
@@ -188,8 +188,8 @@
fd = tcp_listen("1234");
- if (0 != setsockopt(fd, IPPROTO_TCP, TCP_CATCHALL, &soval, sizeof(soval)))
- err(EX_UNAVAILABLE, "setsockopt(TCP_CATCHALL) failed");
+ if (0 != setsockopt(fd, IPPROTO_TCP, TCP_LISTENALL, &soval, sizeof(soval)))
+ err(EX_UNAVAILABLE, "setsockopt(TCP_LISTENALL) failed");
while (count > 0) {
new_fd = tcp_accept(fd);
==== //depot/projects/soc2007/mharvan-mtund/sys.patches/usr_include.patch#2 (text+ko) ====
@@ -4,7 +4,7 @@
#define TCP_NOOPT 0x08 /* don't use TCP options */
#define TCP_MD5SIG 0x10 /* use MD5 digests (RFC2385) */
#define TCP_INFO 0x20 /* retrieve tcp_info structure */
-+#define TCP_CATCHALL 0x40 /* bind to all unused TCP ports */
++#define TCP_LISTENALL 0x40 /* bind to all unused TCP ports */
#define TCPI_OPT_TIMESTAMPS 0x01
#define TCPI_OPT_SACK 0x02
More information about the p4-projects
mailing list