svn commit: r248268 - user/andre/tcp-ao/sys/netinet

Andre Oppermann andre at FreeBSD.org
Thu Mar 14 16:24:52 UTC 2013 

Author: andre
Date: Thu Mar 14 16:24:50 2013
New Revision: 248268
URL: http://svnweb.freebsd.org/changeset/base/248268

Log:
  Recognize TCP-AO options in tcp_dooptions() and add them in tcp_addoptions().
  The necessary definitions and fields are added to struct tcpopt.
  
  Sponsored by:	Juniper Networks

Modified:
  user/andre/tcp-ao/sys/netinet/tcp.h
  user/andre/tcp-ao/sys/netinet/tcp_input.c
  user/andre/tcp-ao/sys/netinet/tcp_output.c
  user/andre/tcp-ao/sys/netinet/tcp_var.h

Modified: user/andre/tcp-ao/sys/netinet/tcp.h
==============================================================================
--- user/andre/tcp-ao/sys/netinet/tcp.h	Thu Mar 14 10:02:59 2013	(r248267)
+++ user/andre/tcp-ao/sys/netinet/tcp.h	Thu Mar 14 16:24:50 2013	(r248268)
@@ -98,6 +98,8 @@ struct tcphdr {
 #define	TCPOPT_SIGNATURE	19		/* Keyed MD5: RFC 2385 */
 #define	   TCPOLEN_SIGNATURE		18
 #define	TCPOPT_AO		29
+#define	   TCPOLEN_AO_MIN		4
+#define	   TCPOLEN_AO_MAX		40
 
 /* Miscellaneous constants */
 #define	MAX_SACK_BLKS	6	/* Max # SACK blocks stored at receiver side */

Modified: user/andre/tcp-ao/sys/netinet/tcp_input.c
==============================================================================
--- user/andre/tcp-ao/sys/netinet/tcp_input.c	Thu Mar 14 10:02:59 2013	(r248267)
+++ user/andre/tcp-ao/sys/netinet/tcp_input.c	Thu Mar 14 16:24:50 2013	(r248268)
@@ -3203,6 +3203,16 @@ tcp_dooptions(struct tcpopt *to, u_char 
 			to->to_signature = cp + 2;
 			break;
 #endif
+		case TCPOPT_AO:
+			if (optlen >= TCPOLEN_AO_MIN &&
+			    optlen <= TCPOLEN_AO_MAX)
+				continue;
+			to->to_flags |= TOF_AO;
+			to->to_signature = cp + 4;
+			to->to_ao_keyid = *(cp + 2);
+			to->to_ao_nextkeyid = *(cp + 3);
+			to->to_siglen = optlen - 4;
+			break;
 		case TCPOPT_SACK_PERMITTED:
 			if (optlen != TCPOLEN_SACK_PERMITTED)
 				continue;

Modified: user/andre/tcp-ao/sys/netinet/tcp_output.c
==============================================================================
--- user/andre/tcp-ao/sys/netinet/tcp_output.c	Thu Mar 14 10:02:59 2013	(r248267)
+++ user/andre/tcp-ao/sys/netinet/tcp_output.c	Thu Mar 14 16:24:50 2013	(r248268)
@@ -736,6 +736,9 @@ send:
 		if (tp->t_flags & TF_SIGNATURE)
 			to.to_flags |= TOF_SIGNATURE;
 #endif /* TCP_SIGNATURE */
+		/* TCP-AO (RFC5925). */
+		if (tp->t_flags & TF_AO)
+			to.to_flags |= TOF_AO;
 
 		/* Processing the options. */
 		hdrlen += optlen = tcp_addoptions(&to, opt);
@@ -1503,6 +1506,26 @@ tcp_addoptions(struct tcpopt *to, u_char
 				 *optp++ = 0;
 			break;
 			}
+		case TOF_AO:
+			{
+			int siglen = tcp_ao_siglen(tp);
+
+			while (!optlen || optlen % 4 != 2) {
+				optlen += TCPOLEN_NOP;
+				*optp++ = TCPOPT_NOP;
+			}
+			if (TCP_MAXOLEN - optlen < TCPOLEN_AO_MIN + siglen)
+				continue;
+			optlen += TCPOLEN_AO_MIN;
+			*optp++ = TCPOPT_AO;
+			*optp++ = TCPOLEN_AO_MIN + siglen;
+			*optp++ = tcp_ao_keyid(tp);	/* keyid */
+			*optp++ = tcp_ao_nextkeyid(tp);	/* nextkeyid */
+			to->to_signature = optp;
+			while (siglen--)
+				*optp++ = 0;
+			break;
+			}
 		case TOF_SACK:
 			{
 			int sackblks = 0;

Modified: user/andre/tcp-ao/sys/netinet/tcp_var.h
==============================================================================
--- user/andre/tcp-ao/sys/netinet/tcp_var.h	Thu Mar 14 10:02:59 2013	(r248267)
+++ user/andre/tcp-ao/sys/netinet/tcp_var.h	Thu Mar 14 16:24:50 2013	(r248268)
@@ -245,6 +245,7 @@ struct tcpcb {
 #define	TF_ECN_SND_ECE	0x10000000	/* ECN ECE in queue */
 #define	TF_CONGRECOVERY	0x20000000	/* congestion recovery mode */
 #define	TF_WASCRECOVERY	0x40000000	/* was in congestion recovery */
+#define	TF_AO		0x80000000	/* require TCP-AO digests (RFC5925)
 
 #define	IN_FASTRECOVERY(t_flags)	(t_flags & TF_FASTRECOVERY)
 #define	ENTER_FASTRECOVERY(t_flags)	t_flags |= TF_FASTRECOVERY
@@ -297,11 +298,15 @@ struct tcpopt {
 #define	TOF_TS		0x0010		/* timestamp */
 #define	TOF_SIGNATURE	0x0040		/* TCP-MD5 signature option (RFC2385) */
 #define	TOF_SACK	0x0080		/* Peer sent SACK option */
-#define	TOF_MAXOPT	0x0100
+#define	TOF_AO		0x0100		/* TCP-AO authentication (RFC5925) */
+#define	TOF_MAXOPT	0x0200
 	u_int32_t	to_tsval;	/* new timestamp */
 	u_int32_t	to_tsecr;	/* reflected timestamp */
 	u_char		*to_sacks;	/* pointer to the first SACK blocks */
-	u_char		*to_signature;	/* pointer to the TCP-MD5 signature */
+	u_char		*to_signature;	/* pointer to the MD5/AO signature */
+	u_int8_t	to_siglen;	/* length of signature */
+	u_int8_t	to_ao_keyid	/* current TCP-AO keyid */
+	u_int8_t	tp_ao_nextkeyid	/* receive next TCP-AO keyid */
 	u_int16_t	to_mss;		/* maximum segment size */
 	u_int8_t	to_wscale;	/* window scaling */
 	u_int8_t	to_nsacks;	/* number of SACK blocks */

More information about the svn-src-user mailing list