diff options
Diffstat (limited to 'sys/netgraph')
| -rw-r--r-- | sys/netgraph/bluetooth/include/ng_hci.h | 2 | ||||
| -rw-r--r-- | sys/netgraph/bluetooth/socket/ng_btsocket_rfcomm.c | 4 | ||||
| -rw-r--r-- | sys/netgraph/ng_device.c | 106 | ||||
| -rw-r--r-- | sys/netgraph/ng_nat.c | 95 | ||||
| -rw-r--r-- | sys/netgraph/ng_parse.c | 4 |
5 files changed, 131 insertions, 80 deletions
diff --git a/sys/netgraph/bluetooth/include/ng_hci.h b/sys/netgraph/bluetooth/include/ng_hci.h index 44a14e62f4ed..ce3291770740 100644 --- a/sys/netgraph/bluetooth/include/ng_hci.h +++ b/sys/netgraph/bluetooth/include/ng_hci.h @@ -448,7 +448,7 @@ typedef struct { typedef bdaddr_t * bdaddr_p; /* Any BD_ADDR. Note: This is actually 7 bytes (count '\0' terminator) */ -#define NG_HCI_BDADDR_ANY ((bdaddr_p) "\000\000\000\000\000\000") +#define NG_HCI_BDADDR_ANY (&(const bdaddr_t){"\000\000\000\000\000\000"}) /* HCI status return parameter */ typedef struct { diff --git a/sys/netgraph/bluetooth/socket/ng_btsocket_rfcomm.c b/sys/netgraph/bluetooth/socket/ng_btsocket_rfcomm.c index 6c0a6fda1fb1..73a0897857b2 100644 --- a/sys/netgraph/bluetooth/socket/ng_btsocket_rfcomm.c +++ b/sys/netgraph/bluetooth/socket/ng_btsocket_rfcomm.c @@ -113,7 +113,7 @@ static void ng_btsocket_rfcomm_connect_cfm static int ng_btsocket_rfcomm_session_create (ng_btsocket_rfcomm_session_p *sp, struct socket *l2so, - bdaddr_p src, bdaddr_p dst, struct thread *td); + const bdaddr_t *src, const bdaddr_t *dst, struct thread *td); static int ng_btsocket_rfcomm_session_accept (ng_btsocket_rfcomm_session_p s0); static int ng_btsocket_rfcomm_session_connect @@ -1250,7 +1250,7 @@ ng_btsocket_rfcomm_connect_cfm(ng_btsocket_rfcomm_session_p s) static int ng_btsocket_rfcomm_session_create(ng_btsocket_rfcomm_session_p *sp, - struct socket *l2so, bdaddr_p src, bdaddr_p dst, + struct socket *l2so, const bdaddr_t *src, const bdaddr_t *dst, struct thread *td) { ng_btsocket_rfcomm_session_p s = NULL; diff --git a/sys/netgraph/ng_device.c b/sys/netgraph/ng_device.c index e4fcdfc635cb..582f877ff3ed 100644 --- a/sys/netgraph/ng_device.c +++ b/sys/netgraph/ng_device.c @@ -32,26 +32,27 @@ */ #if 0 -#define DBG do { printf("ng_device: %s\n", __func__ ); } while (0) +#define DBG do { printf("ng_device: %s\n", __func__); } while (0) #else #define DBG do {} while (0) #endif #include <sys/param.h> +#include <sys/systm.h> #include <sys/conf.h> +#include <sys/epoch.h> +#include <sys/fcntl.h> +#include <sys/filio.h> #include <sys/ioccom.h> #include <sys/kernel.h> #include <sys/malloc.h> #include <sys/mbuf.h> #include <sys/poll.h> #include <sys/proc.h> -#include <sys/epoch.h> #include <sys/queue.h> #include <sys/socket.h> #include <sys/syslog.h> -#include <sys/systm.h> #include <sys/uio.h> -#include <sys/vnode.h> #include <net/ethernet.h> #include <net/if.h> @@ -135,9 +136,7 @@ static d_close_t ngdclose; static d_open_t ngdopen; static d_read_t ngdread; static d_write_t ngdwrite; -#if 0 static d_ioctl_t ngdioctl; -#endif static d_poll_t ngdpoll; static struct cdevsw ngd_cdevsw = { @@ -146,16 +145,16 @@ static struct cdevsw ngd_cdevsw = { .d_close = ngdclose, .d_read = ngdread, .d_write = ngdwrite, -#if 0 .d_ioctl = ngdioctl, -#endif .d_poll = ngdpoll, .d_name = NG_DEVICE_DEVNAME, }; -/****************************************************************************** +/* + ***************************************************************************** * Netgraph methods - ******************************************************************************/ + ***************************************************************************** + */ /* * Handle loading and unloading for this node type. @@ -205,13 +204,13 @@ ng_device_constructor(node_p node) priv->ngddev = make_dev(&ngd_cdevsw, priv->unit, UID_ROOT, GID_WHEEL, 0600, NG_DEVICE_DEVNAME "%d", priv->unit); - if(priv->ngddev == NULL) { - printf("%s(): make_dev() failed\n",__func__); + if (priv->ngddev == NULL) { + printf("%s(): make_dev() failed\n", __func__); mtx_destroy(&priv->ngd_mtx); mtx_destroy(&priv->readq.ifq_mtx); free_unr(ngd_unit, priv->unit); free(priv, M_NETGRAPH); - return(EINVAL); + return (EINVAL); } /* XXX: race here? */ priv->ngddev->si_drv1 = priv; @@ -221,7 +220,7 @@ ng_device_constructor(node_p node) log(LOG_WARNING, "%s: can't acquire netgraph name\n", devtoname(priv->ngddev)); - return(0); + return (0); } /* @@ -289,7 +288,7 @@ ng_device_newhook(node_p node, hook_p hook, const char *name) priv->hook = hook; - return(0); + return (0); } /* @@ -322,7 +321,7 @@ ng_device_rcvdata(hook_p hook, item_p item) } mtx_unlock(&priv->ngd_mtx); - return(0); + return (0); } /* @@ -347,7 +346,7 @@ ng_device_disconnect(hook_p hook) ng_rmnode_self(NG_HOOK_NODE(hook)); - return(0); + return (0); } /* @@ -360,9 +359,11 @@ ng_device_shutdown(node_p node) return (0); } -/****************************************************************************** +/* + ***************************************************************************** * Device methods - ******************************************************************************/ + ***************************************************************************** + */ /* * the device is opened @@ -370,7 +371,7 @@ ng_device_shutdown(node_p node) static int ngdopen(struct cdev *dev, int flag, int mode, struct thread *td) { - priv_p priv = (priv_p )dev->si_drv1; + priv_p priv = (priv_p)dev->si_drv1; DBG; @@ -378,7 +379,7 @@ ngdopen(struct cdev *dev, int flag, int mode, struct thread *td) priv->flags |= NGDF_OPEN; mtx_unlock(&priv->ngd_mtx); - return(0); + return (0); } /* @@ -387,14 +388,44 @@ ngdopen(struct cdev *dev, int flag, int mode, struct thread *td) static int ngdclose(struct cdev *dev, int flag, int mode, struct thread *td) { - priv_p priv = (priv_p )dev->si_drv1; + priv_p priv = (priv_p)dev->si_drv1; DBG; mtx_lock(&priv->ngd_mtx); priv->flags &= ~NGDF_OPEN; mtx_unlock(&priv->ngd_mtx); - return(0); + return (0); +} + +/* + * Process IOCTLs + * + * At this stage we only return success on FIONBIO to allow setting the device + * as non-blocking. + * + */ +static int +ngdioctl(struct cdev *dev, u_long cmd, caddr_t data, int flag, + struct thread *td) +{ + int error; + + switch (cmd) { + case FIONBIO: + error = 0; + break; + case FIOASYNC: + if (*(int *)data != 0) + error = EINVAL; + else + error = 0; + break; + default: + error = ENOTTY; + } + + return (error); } #if 0 /* @@ -408,21 +439,22 @@ ngdclose(struct cdev *dev, int flag, int mode, struct thread *td) * */ static int -ngdioctl(struct cdev *dev, u_long cmd, caddr_t addr, int flag, struct thread *td) +ngdioctl(struct cdev *dev, u_long cmd, caddr_t addr, int flag, + struct thread *td) { struct ngd_softc *sc = &ngd_softc; - struct ngd_connection * connection = NULL; - struct ngd_connection * tmp; + struct ngd_connection *connection = NULL; + struct ngd_connection *tmp; int error = 0; struct ng_mesg *msg; - struct ngd_param_s * datap; + struct ngd_param_s *datap; DBG; NG_MKMESSAGE(msg, NGM_DEVICE_COOKIE, cmd, sizeof(struct ngd_param_s), M_NOWAIT); if (msg == NULL) { - printf("%s(): msg == NULL\n",__func__); + printf("%s(): msg == NULL\n", __func__); goto nomsg; } @@ -431,12 +463,12 @@ ngdioctl(struct cdev *dev, u_long cmd, caddr_t addr, int flag, struct thread *td datap->p = addr; NG_SEND_MSG_HOOK(error, sc->node, msg, connection->active_hook, 0); - if(error) - printf("%s(): NG_SEND_MSG_HOOK error: %d\n",__func__,error); + if (error) + printf("%s(): NG_SEND_MSG_HOOK error: %d\n", __func__, error); nomsg: - return(0); + return (0); } #endif /* if 0 */ @@ -447,7 +479,7 @@ nomsg: static int ngdread(struct cdev *dev, struct uio *uio, int flag) { - priv_p priv = (priv_p )dev->si_drv1; + priv_p priv = (priv_p)dev->si_drv1; struct mbuf *m; int len, error = 0; @@ -457,7 +489,7 @@ ngdread(struct cdev *dev, struct uio *uio, int flag) do { IF_DEQUEUE(&priv->readq, m); if (m == NULL) { - if (flag & IO_NDELAY) + if (flag & O_NONBLOCK) return (EWOULDBLOCK); mtx_lock(&priv->ngd_mtx); priv->flags |= NGDF_RWAIT; @@ -483,14 +515,14 @@ ngdread(struct cdev *dev, struct uio *uio, int flag) /* * This function is called when our device is written to. - * We read the data from userland into mbuf chain and pass it to the remote hook. - * + * We read the data from userland into mbuf chain and pass it to the remote + * hook. */ static int ngdwrite(struct cdev *dev, struct uio *uio, int flag) { struct epoch_tracker et; - priv_p priv = (priv_p )dev->si_drv1; + priv_p priv = (priv_p)dev->si_drv1; struct mbuf *m; int error = 0; @@ -520,7 +552,7 @@ ngdwrite(struct cdev *dev, struct uio *uio, int flag) static int ngdpoll(struct cdev *dev, int events, struct thread *td) { - priv_p priv = (priv_p )dev->si_drv1; + priv_p priv = (priv_p)dev->si_drv1; int revents = 0; if (events & (POLLIN | POLLRDNORM) && diff --git a/sys/netgraph/ng_nat.c b/sys/netgraph/ng_nat.c index defbe817becd..8b82d777caeb 100644 --- a/sys/netgraph/ng_nat.c +++ b/sys/netgraph/ng_nat.c @@ -818,7 +818,8 @@ ng_nat_rcvdata(hook_p hook, item_p item ) if (ip->ip_v != IPVERSION) goto send; /* other IP version, let it pass */ - if (m->m_pkthdr.len < ipofs + ntohs(ip->ip_len)) + uint16_t ip_len = ntohs(ip->ip_len); + if (m->m_pkthdr.len < (ipofs + ip_len)) goto send; /* packet too short (i.e. fragmented or broken) */ /* @@ -852,50 +853,68 @@ ng_nat_rcvdata(hook_p hook, item_p item ) if (rval == PKT_ALIAS_RESPOND) m->m_flags |= M_SKIP_FIREWALL; - m->m_pkthdr.len = m->m_len = ntohs(ip->ip_len) + ipofs; - if ((ip->ip_off & htons(IP_OFFMASK)) == 0 && - ip->ip_p == IPPROTO_TCP) { - struct tcphdr *th = (struct tcphdr *)((caddr_t)ip + - (ip->ip_hl << 2)); + /* Re-read just in case it has been updated */ + ip_len = ntohs(ip->ip_len); + int new_m_len = ip_len + ipofs; + if (new_m_len > (m->m_len + M_TRAILINGSPACE(m))) { /* - * Here is our terrible HACK. - * - * Sometimes LibAlias edits contents of TCP packet. - * In this case it needs to recompute full TCP - * checksum. However, the problem is that LibAlias - * doesn't have any idea about checksum offloading - * in kernel. To workaround this, we do not do - * checksumming in LibAlias, but only mark the - * packets with TH_RES1 in the th_x2 field. If we - * receive a marked packet, we calculate correct - * checksum for it aware of offloading. - * - * Why do I do such a terrible hack instead of - * recalculating checksum for each packet? - * Because the previous checksum was not checked! - * Recalculating checksums for EVERY packet will - * hide ALL transmission errors. Yes, marked packets - * still suffer from this problem. But, sigh, natd(8) - * has this problem, too. + * This is just a safety railguard to make sure LibAlias has not + * screwed the IP packet up somehow, should probably be KASSERT() + * at some point. Calling in_delayed_cksum() will parse IP packet + * again and reliably panic if there is less data than the IP + * header declares, there might be some other places too. */ + log(LOG_ERR, "ng_nat_rcvdata: outgoing packet corrupted, " + "not enough data: expected %d, available (%d - %d)\n", + ip_len, m->m_len + (int)M_TRAILINGSPACE(m), ipofs); + NG_FREE_ITEM(item); + return (ENXIO); + } + + m->m_pkthdr.len = m->m_len = new_m_len; - if (tcp_get_flags(th) & TH_RES1) { - uint16_t ip_len = ntohs(ip->ip_len); + if ((ip->ip_off & htons(IP_OFFMASK)) != 0 || ip->ip_p != IPPROTO_TCP) + goto send; - tcp_set_flags(th, tcp_get_flags(th) & ~TH_RES1); - th->th_sum = in_pseudo(ip->ip_src.s_addr, - ip->ip_dst.s_addr, htons(IPPROTO_TCP + - ip_len - (ip->ip_hl << 2))); + uint16_t pl_offset = ip->ip_hl << 2; + struct tcphdr *th = (struct tcphdr *)((caddr_t)ip + pl_offset); - if ((m->m_pkthdr.csum_flags & CSUM_TCP) == 0) { - m->m_pkthdr.csum_data = offsetof(struct tcphdr, - th_sum); - in_delayed_cksum(m); - } - } - } + /* + * Here is our terrible HACK. + * + * Sometimes LibAlias edits contents of TCP packet. + * In this case it needs to recompute full TCP + * checksum. However, the problem is that LibAlias + * doesn't have any idea about checksum offloading + * in kernel. To workaround this, we do not do + * checksumming in LibAlias, but only mark the + * packets with TH_RES1 in the th_x2 field. If we + * receive a marked packet, we calculate correct + * checksum for it aware of offloading. + * + * Why do I do such a terrible hack instead of + * recalculating checksum for each packet? + * Because the previous checksum was not checked! + * Recalculating checksums for EVERY packet will + * hide ALL transmission errors. Yes, marked packets + * still suffer from this problem. But, sigh, natd(8) + * has this problem, too. + */ + + if (!(tcp_get_flags(th) & TH_RES1)) + goto send; + + tcp_set_flags(th, tcp_get_flags(th) & ~TH_RES1); + th->th_sum = in_pseudo(ip->ip_src.s_addr, ip->ip_dst.s_addr, + htons(IPPROTO_TCP + ip_len - pl_offset)); + + if ((m->m_pkthdr.csum_flags & CSUM_TCP) != 0) + goto send; + + m->m_pkthdr.csum_data = offsetof(struct tcphdr, th_sum); + in_delayed_cksum_o(m, ipofs); send: if (hook == priv->in) diff --git a/sys/netgraph/ng_parse.c b/sys/netgraph/ng_parse.c index 448ecc92f075..5e1a1bb47ac0 100644 --- a/sys/netgraph/ng_parse.c +++ b/sys/netgraph/ng_parse.c @@ -1199,14 +1199,14 @@ ng_parse_composite(const struct ng_parse_type *type, const char *s, int *off, const u_char *const start, u_char *const buf, int *buflen, const enum comptype ctype) { - const int num = ng_get_composite_len(type, start, buf, ctype); int nextIndex = 0; /* next implicit array index */ u_int index; /* field or element index */ int *foff; /* field value offsets in string */ int align, len, blen, error = 0; /* Initialize */ - if (num < 0) + const int num = ng_get_composite_len(type, start, buf, ctype); + if (num < 0 || num > INT_MAX / sizeof(*foff)) return (EINVAL); foff = malloc(num * sizeof(*foff), M_NETGRAPH_PARSE, M_NOWAIT | M_ZERO); if (foff == NULL) { |