svn commit: r248268 - user/andre/tcp-ao/sys/netinet
Andre Oppermann
andre at FreeBSD.org
Thu Mar 14 16:24:52 UTC 2013
Author: andre
Date: Thu Mar 14 16:24:50 2013
New Revision: 248268
URL: http://svnweb.freebsd.org/changeset/base/248268
Log:
Recognize TCP-AO options in tcp_dooptions() and add them in tcp_addoptions().
The necessary definitions and fields are added to struct tcpopt.
Sponsored by: Juniper Networks
Modified:
user/andre/tcp-ao/sys/netinet/tcp.h
user/andre/tcp-ao/sys/netinet/tcp_input.c
user/andre/tcp-ao/sys/netinet/tcp_output.c
user/andre/tcp-ao/sys/netinet/tcp_var.h
Modified: user/andre/tcp-ao/sys/netinet/tcp.h
==============================================================================
--- user/andre/tcp-ao/sys/netinet/tcp.h Thu Mar 14 10:02:59 2013 (r248267)
+++ user/andre/tcp-ao/sys/netinet/tcp.h Thu Mar 14 16:24:50 2013 (r248268)
@@ -98,6 +98,8 @@ struct tcphdr {
#define TCPOPT_SIGNATURE 19 /* Keyed MD5: RFC 2385 */
#define TCPOLEN_SIGNATURE 18
#define TCPOPT_AO 29
+#define TCPOLEN_AO_MIN 4
+#define TCPOLEN_AO_MAX 40
/* Miscellaneous constants */
#define MAX_SACK_BLKS 6 /* Max # SACK blocks stored at receiver side */
Modified: user/andre/tcp-ao/sys/netinet/tcp_input.c
==============================================================================
--- user/andre/tcp-ao/sys/netinet/tcp_input.c Thu Mar 14 10:02:59 2013 (r248267)
+++ user/andre/tcp-ao/sys/netinet/tcp_input.c Thu Mar 14 16:24:50 2013 (r248268)
@@ -3203,6 +3203,16 @@ tcp_dooptions(struct tcpopt *to, u_char
to->to_signature = cp + 2;
break;
#endif
+ case TCPOPT_AO:
+ if (optlen >= TCPOLEN_AO_MIN &&
+ optlen <= TCPOLEN_AO_MAX)
+ continue;
+ to->to_flags |= TOF_AO;
+ to->to_signature = cp + 4;
+ to->to_ao_keyid = *(cp + 2);
+ to->to_ao_nextkeyid = *(cp + 3);
+ to->to_siglen = optlen - 4;
+ break;
case TCPOPT_SACK_PERMITTED:
if (optlen != TCPOLEN_SACK_PERMITTED)
continue;
Modified: user/andre/tcp-ao/sys/netinet/tcp_output.c
==============================================================================
--- user/andre/tcp-ao/sys/netinet/tcp_output.c Thu Mar 14 10:02:59 2013 (r248267)
+++ user/andre/tcp-ao/sys/netinet/tcp_output.c Thu Mar 14 16:24:50 2013 (r248268)
@@ -736,6 +736,9 @@ send:
if (tp->t_flags & TF_SIGNATURE)
to.to_flags |= TOF_SIGNATURE;
#endif /* TCP_SIGNATURE */
+ /* TCP-AO (RFC5925). */
+ if (tp->t_flags & TF_AO)
+ to.to_flags |= TOF_AO;
/* Processing the options. */
hdrlen += optlen = tcp_addoptions(&to, opt);
@@ -1503,6 +1506,26 @@ tcp_addoptions(struct tcpopt *to, u_char
*optp++ = 0;
break;
}
+ case TOF_AO:
+ {
+ int siglen = tcp_ao_siglen(tp);
+
+ while (!optlen || optlen % 4 != 2) {
+ optlen += TCPOLEN_NOP;
+ *optp++ = TCPOPT_NOP;
+ }
+ if (TCP_MAXOLEN - optlen < TCPOLEN_AO_MIN + siglen)
+ continue;
+ optlen += TCPOLEN_AO_MIN;
+ *optp++ = TCPOPT_AO;
+ *optp++ = TCPOLEN_AO_MIN + siglen;
+ *optp++ = tcp_ao_keyid(tp); /* keyid */
+ *optp++ = tcp_ao_nextkeyid(tp); /* nextkeyid */
+ to->to_signature = optp;
+ while (siglen--)
+ *optp++ = 0;
+ break;
+ }
case TOF_SACK:
{
int sackblks = 0;
Modified: user/andre/tcp-ao/sys/netinet/tcp_var.h
==============================================================================
--- user/andre/tcp-ao/sys/netinet/tcp_var.h Thu Mar 14 10:02:59 2013 (r248267)
+++ user/andre/tcp-ao/sys/netinet/tcp_var.h Thu Mar 14 16:24:50 2013 (r248268)
@@ -245,6 +245,7 @@ struct tcpcb {
#define TF_ECN_SND_ECE 0x10000000 /* ECN ECE in queue */
#define TF_CONGRECOVERY 0x20000000 /* congestion recovery mode */
#define TF_WASCRECOVERY 0x40000000 /* was in congestion recovery */
+#define TF_AO 0x80000000 /* require TCP-AO digests (RFC5925)
#define IN_FASTRECOVERY(t_flags) (t_flags & TF_FASTRECOVERY)
#define ENTER_FASTRECOVERY(t_flags) t_flags |= TF_FASTRECOVERY
@@ -297,11 +298,15 @@ struct tcpopt {
#define TOF_TS 0x0010 /* timestamp */
#define TOF_SIGNATURE 0x0040 /* TCP-MD5 signature option (RFC2385) */
#define TOF_SACK 0x0080 /* Peer sent SACK option */
-#define TOF_MAXOPT 0x0100
+#define TOF_AO 0x0100 /* TCP-AO authentication (RFC5925) */
+#define TOF_MAXOPT 0x0200
u_int32_t to_tsval; /* new timestamp */
u_int32_t to_tsecr; /* reflected timestamp */
u_char *to_sacks; /* pointer to the first SACK blocks */
- u_char *to_signature; /* pointer to the TCP-MD5 signature */
+ u_char *to_signature; /* pointer to the MD5/AO signature */
+ u_int8_t to_siglen; /* length of signature */
+ u_int8_t to_ao_keyid /* current TCP-AO keyid */
+ u_int8_t tp_ao_nextkeyid /* receive next TCP-AO keyid */
u_int16_t to_mss; /* maximum segment size */
u_int8_t to_wscale; /* window scaling */
u_int8_t to_nsacks; /* number of SACK blocks */
More information about the svn-src-user
mailing list