mirror of
https://github.com/opnsense/src.git
synced 2026-06-09 08:43:19 -04:00
inpcb: Add a flags parameter to in_pcbbind()
Add a flag, INPBIND_FIB, which means that the inpcb is local to its FIB
number. When this flag is specified, duplicate bindings are permitted,
so long as each FIB contains at most one inpcb bound to the same
address/port. If an inpcb is bound with this flag, it'll have the
INP_BOUNDFIB flag set.
No functional change intended.
Reviewed by: glebius
MFC after: 2 weeks
Sponsored by: Klara, Inc.
Sponsored by: Stormshield
Differential Revision: https://reviews.freebsd.org/D48661
(cherry picked from commit bbd0084baf)
This commit is contained in:
Mark Johnston
parent
062ca7e887
commit
ff45a1ca2e
7 changed files with 53 additions and 31 deletions
|
|
@ -256,7 +256,7 @@ static void in_pcbremhash(struct inpcb *);
|
|||
|
||||
static struct inpcblbgroup *
|
||||
in_pcblbgroup_alloc(struct ucred *cred, u_char vflag, uint16_t port,
|
||||
const union in_dependaddr *addr, int size, uint8_t numa_domain)
|
||||
const union in_dependaddr *addr, int size, uint8_t numa_domain, int fib)
|
||||
{
|
||||
struct inpcblbgroup *grp;
|
||||
size_t bytes;
|
||||
|
|
@ -269,6 +269,7 @@ in_pcblbgroup_alloc(struct ucred *cred, u_char vflag, uint16_t port,
|
|||
grp->il_vflag = vflag;
|
||||
grp->il_lport = port;
|
||||
grp->il_numa_domain = numa_domain;
|
||||
grp->il_fibnum = fib;
|
||||
grp->il_dependladdr = *addr;
|
||||
grp->il_inpsiz = size;
|
||||
return (grp);
|
||||
|
|
@ -319,7 +320,7 @@ in_pcblbgroup_resize(struct inpcblbgrouphead *hdr,
|
|||
|
||||
grp = in_pcblbgroup_alloc(old_grp->il_cred, old_grp->il_vflag,
|
||||
old_grp->il_lport, &old_grp->il_dependladdr, size,
|
||||
old_grp->il_numa_domain);
|
||||
old_grp->il_numa_domain, old_grp->il_fibnum);
|
||||
if (grp == NULL)
|
||||
return (NULL);
|
||||
|
||||
|
|
@ -347,12 +348,16 @@ in_pcbinslbgrouphash(struct inpcb *inp, uint8_t numa_domain)
|
|||
struct inpcblbgrouphead *hdr;
|
||||
struct inpcblbgroup *grp;
|
||||
uint32_t idx;
|
||||
int fib;
|
||||
|
||||
pcbinfo = inp->inp_pcbinfo;
|
||||
|
||||
INP_WLOCK_ASSERT(inp);
|
||||
INP_HASH_WLOCK_ASSERT(pcbinfo);
|
||||
|
||||
fib = (inp->inp_flags & INP_BOUNDFIB) != 0 ?
|
||||
inp->inp_inc.inc_fibnum : RT_ALL_FIBS;
|
||||
|
||||
#ifdef INET6
|
||||
/*
|
||||
* Don't allow IPv4 mapped INET6 wild socket.
|
||||
|
|
@ -371,6 +376,7 @@ in_pcbinslbgrouphash(struct inpcb *inp, uint8_t numa_domain)
|
|||
grp->il_vflag == inp->inp_vflag &&
|
||||
grp->il_lport == inp->inp_lport &&
|
||||
grp->il_numa_domain == numa_domain &&
|
||||
grp->il_fibnum == fib &&
|
||||
memcmp(&grp->il_dependladdr,
|
||||
&inp->inp_inc.inc_ie.ie_dependladdr,
|
||||
sizeof(grp->il_dependladdr)) == 0) {
|
||||
|
|
@ -381,7 +387,7 @@ in_pcbinslbgrouphash(struct inpcb *inp, uint8_t numa_domain)
|
|||
/* Create new load balance group. */
|
||||
grp = in_pcblbgroup_alloc(inp->inp_cred, inp->inp_vflag,
|
||||
inp->inp_lport, &inp->inp_inc.inc_ie.ie_dependladdr,
|
||||
INPCBLBGROUP_SIZMIN, numa_domain);
|
||||
INPCBLBGROUP_SIZMIN, numa_domain, fib);
|
||||
if (grp == NULL)
|
||||
return (ENOBUFS);
|
||||
in_pcblbgroup_insert(grp, inp);
|
||||
|
|
@ -675,7 +681,8 @@ out:
|
|||
|
||||
#ifdef INET
|
||||
int
|
||||
in_pcbbind(struct inpcb *inp, struct sockaddr_in *sin, struct ucred *cred)
|
||||
in_pcbbind(struct inpcb *inp, struct sockaddr_in *sin, int flags,
|
||||
struct ucred *cred)
|
||||
{
|
||||
int anonport, error;
|
||||
|
||||
|
|
@ -690,12 +697,13 @@ in_pcbbind(struct inpcb *inp, struct sockaddr_in *sin, struct ucred *cred)
|
|||
return (EINVAL);
|
||||
anonport = sin == NULL || sin->sin_port == 0;
|
||||
error = in_pcbbind_setup(inp, sin, &inp->inp_laddr.s_addr,
|
||||
&inp->inp_lport, cred);
|
||||
&inp->inp_lport, flags, cred);
|
||||
if (error)
|
||||
return (error);
|
||||
if (in_pcbinshash(inp) != 0) {
|
||||
inp->inp_laddr.s_addr = INADDR_ANY;
|
||||
inp->inp_lport = 0;
|
||||
inp->inp_flags &= ~INP_BOUNDFIB;
|
||||
return (EAGAIN);
|
||||
}
|
||||
if (anonport)
|
||||
|
|
@ -869,7 +877,8 @@ in_pcb_lport(struct inpcb *inp, struct in_addr *laddrp, u_short *lportp,
|
|||
*/
|
||||
static int
|
||||
in_pcbbind_avail(struct inpcb *inp, const struct in_addr laddr,
|
||||
const u_short lport, int sooptions, int lookupflags, struct ucred *cred)
|
||||
const u_short lport, const int fib, int sooptions, int lookupflags,
|
||||
struct ucred *cred)
|
||||
{
|
||||
int reuseport, reuseport_lb;
|
||||
|
||||
|
|
@ -940,8 +949,8 @@ in_pcbbind_avail(struct inpcb *inp, const struct in_addr laddr,
|
|||
(inp->inp_cred->cr_uid != t->inp_cred->cr_uid))
|
||||
return (EADDRINUSE);
|
||||
}
|
||||
t = in_pcblookup_local(inp->inp_pcbinfo, laddr, lport,
|
||||
RT_ALL_FIBS, lookupflags, cred);
|
||||
t = in_pcblookup_local(inp->inp_pcbinfo, laddr, lport, fib,
|
||||
lookupflags, cred);
|
||||
if (t != NULL && ((reuseport | reuseport_lb) &
|
||||
t->inp_socket->so_options) == 0) {
|
||||
#ifdef INET6
|
||||
|
|
@ -967,13 +976,12 @@ in_pcbbind_avail(struct inpcb *inp, const struct in_addr laddr,
|
|||
*/
|
||||
int
|
||||
in_pcbbind_setup(struct inpcb *inp, struct sockaddr_in *sin, in_addr_t *laddrp,
|
||||
u_short *lportp, struct ucred *cred)
|
||||
u_short *lportp, int flags, struct ucred *cred)
|
||||
{
|
||||
struct socket *so = inp->inp_socket;
|
||||
struct in_addr laddr;
|
||||
u_short lport = 0;
|
||||
int lookupflags, sooptions;
|
||||
int error;
|
||||
int error, fib, lookupflags, sooptions;
|
||||
|
||||
/*
|
||||
* No state changes, so read locks are sufficient here.
|
||||
|
|
@ -1009,8 +1017,11 @@ in_pcbbind_setup(struct inpcb *inp, struct sockaddr_in *sin, in_addr_t *laddrp,
|
|||
}
|
||||
laddr = sin->sin_addr;
|
||||
|
||||
fib = (flags & INPBIND_FIB) != 0 ? inp->inp_inc.inc_fibnum :
|
||||
RT_ALL_FIBS;
|
||||
|
||||
/* See if this address/port combo is available. */
|
||||
error = in_pcbbind_avail(inp, laddr, lport, sooptions,
|
||||
error = in_pcbbind_avail(inp, laddr, lport, fib, sooptions,
|
||||
lookupflags, cred);
|
||||
if (error != 0)
|
||||
return (error);
|
||||
|
|
@ -1024,6 +1035,8 @@ in_pcbbind_setup(struct inpcb *inp, struct sockaddr_in *sin, in_addr_t *laddrp,
|
|||
}
|
||||
*laddrp = laddr.s_addr;
|
||||
*lportp = lport;
|
||||
if ((flags & INPBIND_FIB) != 0)
|
||||
inp->inp_flags |= INP_BOUNDFIB;
|
||||
return (0);
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -436,7 +436,7 @@ struct inpcblbgroup {
|
|||
uint16_t il_lport; /* (c) */
|
||||
u_char il_vflag; /* (c) */
|
||||
uint8_t il_numa_domain;
|
||||
uint32_t il_pad2;
|
||||
int il_fibnum;
|
||||
union in_dependaddr il_dependladdr; /* (c) */
|
||||
#define il_laddr il_dependladdr.id46_addr.ia46_addr4
|
||||
#define il6_laddr il_dependladdr.id6_addr
|
||||
|
|
@ -578,7 +578,7 @@ void inp_4tuple_get(struct inpcb *inp, uint32_t *laddr, uint16_t *lp,
|
|||
#define INP_DROPPED 0x04000000 /* protocol drop flag */
|
||||
#define INP_SOCKREF 0x08000000 /* strong socket reference */
|
||||
#define INP_RESERVED_0 0x10000000 /* reserved field */
|
||||
#define INP_RESERVED_1 0x20000000 /* reserved field */
|
||||
#define INP_BOUNDFIB 0x20000000 /* Bound to a specific FIB. */
|
||||
#define IN6P_RFC2292 0x40000000 /* used RFC2292 API on the socket */
|
||||
#define IN6P_MTU 0x80000000 /* receive path MTU */
|
||||
|
||||
|
|
@ -665,9 +665,10 @@ void in_pcbstorage_destroy(void *);
|
|||
|
||||
void in_pcbpurgeif0(struct inpcbinfo *, struct ifnet *);
|
||||
int in_pcballoc(struct socket *, struct inpcbinfo *);
|
||||
int in_pcbbind(struct inpcb *, struct sockaddr_in *, struct ucred *);
|
||||
#define INPBIND_FIB 0x0001 /* bind to the PCB's FIB only */
|
||||
int in_pcbbind(struct inpcb *, struct sockaddr_in *, int, struct ucred *);
|
||||
int in_pcbbind_setup(struct inpcb *, struct sockaddr_in *, in_addr_t *,
|
||||
u_short *, struct ucred *);
|
||||
u_short *, int, struct ucred *);
|
||||
int in_pcbconnect(struct inpcb *, struct sockaddr_in *, struct ucred *,
|
||||
bool);
|
||||
int in_pcbconnect_setup(struct inpcb *, struct sockaddr_in *, in_addr_t *,
|
||||
|
|
|
|||
|
|
@ -264,7 +264,7 @@ tcp_usr_bind(struct socket *so, struct sockaddr *nam, struct thread *td)
|
|||
goto out;
|
||||
}
|
||||
INP_HASH_WLOCK(&V_tcbinfo);
|
||||
error = in_pcbbind(inp, sinp, td->td_ucred);
|
||||
error = in_pcbbind(inp, sinp, 0, td->td_ucred);
|
||||
INP_HASH_WUNLOCK(&V_tcbinfo);
|
||||
out:
|
||||
tcp_bblog_pru(tp, PRU_BIND, error);
|
||||
|
|
@ -332,13 +332,13 @@ tcp6_usr_bind(struct socket *so, struct sockaddr *nam, struct thread *td)
|
|||
}
|
||||
inp->inp_vflag |= INP_IPV4;
|
||||
inp->inp_vflag &= ~INP_IPV6;
|
||||
error = in_pcbbind(inp, &sin, td->td_ucred);
|
||||
error = in_pcbbind(inp, &sin, 0, td->td_ucred);
|
||||
INP_HASH_WUNLOCK(&V_tcbinfo);
|
||||
goto out;
|
||||
}
|
||||
}
|
||||
#endif
|
||||
error = in6_pcbbind(inp, sin6, td->td_ucred);
|
||||
error = in6_pcbbind(inp, sin6, 0, td->td_ucred);
|
||||
INP_HASH_WUNLOCK(&V_tcbinfo);
|
||||
out:
|
||||
if (error != 0)
|
||||
|
|
@ -378,7 +378,7 @@ tcp_usr_listen(struct socket *so, int backlog, struct thread *td)
|
|||
}
|
||||
if (inp->inp_lport == 0) {
|
||||
INP_HASH_WLOCK(&V_tcbinfo);
|
||||
error = in_pcbbind(inp, NULL, td->td_ucred);
|
||||
error = in_pcbbind(inp, NULL, 0, td->td_ucred);
|
||||
INP_HASH_WUNLOCK(&V_tcbinfo);
|
||||
}
|
||||
if (error == 0) {
|
||||
|
|
@ -435,7 +435,7 @@ tcp6_usr_listen(struct socket *so, int backlog, struct thread *td)
|
|||
inp->inp_vflag &= ~INP_IPV4;
|
||||
if ((inp->inp_flags & IN6P_IPV6_V6ONLY) == 0)
|
||||
inp->inp_vflag |= INP_IPV4;
|
||||
error = in6_pcbbind(inp, NULL, td->td_ucred);
|
||||
error = in6_pcbbind(inp, NULL, 0, td->td_ucred);
|
||||
}
|
||||
INP_HASH_WUNLOCK(&V_tcbinfo);
|
||||
if (error == 0) {
|
||||
|
|
|
|||
|
|
@ -1218,7 +1218,7 @@ udp_send(struct socket *so, int flags, struct mbuf *m, struct sockaddr *addr,
|
|||
inp->inp_vflag &= ~INP_IPV6;
|
||||
}
|
||||
INP_HASH_WLOCK(pcbinfo);
|
||||
error = in_pcbbind_setup(inp, &src, &laddr.s_addr, &lport,
|
||||
error = in_pcbbind_setup(inp, &src, &laddr.s_addr, &lport, 0,
|
||||
td->td_ucred);
|
||||
INP_HASH_WUNLOCK(pcbinfo);
|
||||
if ((flags & PRUS_IPV6) != 0)
|
||||
|
|
@ -1568,7 +1568,7 @@ udp_bind(struct socket *so, struct sockaddr *nam, struct thread *td)
|
|||
|
||||
INP_WLOCK(inp);
|
||||
INP_HASH_WLOCK(pcbinfo);
|
||||
error = in_pcbbind(inp, sinp, td->td_ucred);
|
||||
error = in_pcbbind(inp, sinp, 0, td->td_ucred);
|
||||
INP_HASH_WUNLOCK(pcbinfo);
|
||||
INP_WUNLOCK(inp);
|
||||
return (error);
|
||||
|
|
|
|||
|
|
@ -166,7 +166,7 @@ in6_pcbsetport(struct in6_addr *laddr, struct inpcb *inp, struct ucred *cred)
|
|||
* Determine whether the inpcb can be bound to the specified address/port tuple.
|
||||
*/
|
||||
static int
|
||||
in6_pcbbind_avail(struct inpcb *inp, const struct sockaddr_in6 *sin6,
|
||||
in6_pcbbind_avail(struct inpcb *inp, const struct sockaddr_in6 *sin6, int fib,
|
||||
int sooptions, int lookupflags, struct ucred *cred)
|
||||
{
|
||||
const struct in6_addr *laddr;
|
||||
|
|
@ -277,7 +277,7 @@ in6_pcbbind_avail(struct inpcb *inp, const struct sockaddr_in6 *sin6,
|
|||
#endif
|
||||
}
|
||||
t = in6_pcblookup_local(inp->inp_pcbinfo, laddr, lport,
|
||||
RT_ALL_FIBS, lookupflags, cred);
|
||||
fib, lookupflags, cred);
|
||||
if (t != NULL && ((reuseport | reuseport_lb) &
|
||||
t->inp_socket->so_options) == 0)
|
||||
return (EADDRINUSE);
|
||||
|
|
@ -302,11 +302,12 @@ in6_pcbbind_avail(struct inpcb *inp, const struct sockaddr_in6 *sin6,
|
|||
}
|
||||
|
||||
int
|
||||
in6_pcbbind(struct inpcb *inp, struct sockaddr_in6 *sin6, struct ucred *cred)
|
||||
in6_pcbbind(struct inpcb *inp, struct sockaddr_in6 *sin6, int flags,
|
||||
struct ucred *cred)
|
||||
{
|
||||
struct socket *so = inp->inp_socket;
|
||||
u_short lport = 0;
|
||||
int error, lookupflags, sooptions;
|
||||
int error, fib, lookupflags, sooptions;
|
||||
|
||||
INP_WLOCK_ASSERT(inp);
|
||||
INP_HASH_WLOCK_ASSERT(inp->inp_pcbinfo);
|
||||
|
|
@ -335,8 +336,11 @@ in6_pcbbind(struct inpcb *inp, struct sockaddr_in6 *sin6, struct ucred *cred)
|
|||
((inp->inp_flags & IN6P_IPV6_V6ONLY) != 0))) != 0)
|
||||
return (error);
|
||||
|
||||
fib = (flags & INPBIND_FIB) != 0 ? inp->inp_inc.inc_fibnum :
|
||||
RT_ALL_FIBS;
|
||||
|
||||
/* See if this address/port combo is available. */
|
||||
error = in6_pcbbind_avail(inp, sin6, sooptions, lookupflags,
|
||||
error = in6_pcbbind_avail(inp, sin6, fib, sooptions, lookupflags,
|
||||
cred);
|
||||
if (error != 0)
|
||||
return (error);
|
||||
|
|
@ -344,15 +348,19 @@ in6_pcbbind(struct inpcb *inp, struct sockaddr_in6 *sin6, struct ucred *cred)
|
|||
lport = sin6->sin6_port;
|
||||
inp->in6p_laddr = sin6->sin6_addr;
|
||||
}
|
||||
if ((flags & INPBIND_FIB) != 0)
|
||||
inp->inp_flags |= INP_BOUNDFIB;
|
||||
if (lport == 0) {
|
||||
if ((error = in6_pcbsetport(&inp->in6p_laddr, inp, cred)) != 0) {
|
||||
/* Undo an address bind that may have occurred. */
|
||||
inp->inp_flags &= ~INP_BOUNDFIB;
|
||||
inp->in6p_laddr = in6addr_any;
|
||||
return (error);
|
||||
}
|
||||
} else {
|
||||
inp->inp_lport = lport;
|
||||
if (in_pcbinshash(inp) != 0) {
|
||||
inp->inp_flags &= ~INP_BOUNDFIB;
|
||||
inp->in6p_laddr = in6addr_any;
|
||||
inp->inp_lport = 0;
|
||||
return (EAGAIN);
|
||||
|
|
|
|||
|
|
@ -72,7 +72,7 @@
|
|||
|
||||
void in6_pcbpurgeif0(struct inpcbinfo *, struct ifnet *);
|
||||
void in6_losing(struct inpcb *);
|
||||
int in6_pcbbind(struct inpcb *, struct sockaddr_in6 *, struct ucred *);
|
||||
int in6_pcbbind(struct inpcb *, struct sockaddr_in6 *, int, struct ucred *);
|
||||
int in6_pcbconnect(struct inpcb *, struct sockaddr_in6 *, struct ucred *,
|
||||
bool);
|
||||
void in6_pcbdisconnect(struct inpcb *);
|
||||
|
|
|
|||
|
|
@ -1050,13 +1050,13 @@ udp6_bind(struct socket *so, struct sockaddr *nam, struct thread *td)
|
|||
in6_sin6_2_sin(&sin, sin6_p);
|
||||
inp->inp_vflag |= INP_IPV4;
|
||||
inp->inp_vflag &= ~INP_IPV6;
|
||||
error = in_pcbbind(inp, &sin, td->td_ucred);
|
||||
error = in_pcbbind(inp, &sin, 0, td->td_ucred);
|
||||
goto out;
|
||||
}
|
||||
#endif
|
||||
}
|
||||
|
||||
error = in6_pcbbind(inp, sin6_p, td->td_ucred);
|
||||
error = in6_pcbbind(inp, sin6_p, 0, td->td_ucred);
|
||||
#ifdef INET
|
||||
out:
|
||||
#endif
|
||||
|
|
|
|||
Loading…
Reference in a new issue