From owner-svn-src-all@freebsd.org Fri Feb 10 05:16:16 2017 Return-Path: Delivered-To: svn-src-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 4EB8BCD6E9B; Fri, 10 Feb 2017 05:16:16 +0000 (UTC) (envelope-from eri@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 1D7EC1D06; Fri, 10 Feb 2017 05:16:16 +0000 (UTC) (envelope-from eri@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id v1A5GF03068351; Fri, 10 Feb 2017 05:16:15 GMT (envelope-from eri@FreeBSD.org) Received: (from eri@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id v1A5GERJ068339; Fri, 10 Feb 2017 05:16:14 GMT (envelope-from eri@FreeBSD.org) Message-Id: <201702100516.v1A5GERJ068339@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: eri set sender to eri@FreeBSD.org using -f From: =?UTF-8?Q?Ermal_Lu=c3=a7i?= Date: Fri, 10 Feb 2017 05:16:14 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r313524 - in head/sys: netinet netinet6 X-SVN-Group: head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 10 Feb 2017 05:16:16 -0000 Author: eri Date: Fri Feb 10 05:16:14 2017 New Revision: 313524 URL: https://svnweb.freebsd.org/changeset/base/313524 Log: The patch provides the same socket option as Linux IP_ORIGDSTADDR. Unfortunately they will have different integer value due to Linux value being already assigned in FreeBSD. The patch is similar to IP_RECVDSTADDR but also provides the destination port value to the application. This allows/improves implementation of transparent proxies on UDP sockets due to having the whole information on forwarded packets. Sponsored-by: rsync.net Differential Revision: D9235 Reviewed-by: adrian Modified: head/sys/netinet/in.h head/sys/netinet/in_pcb.c head/sys/netinet/in_pcb.h head/sys/netinet/ip_output.c head/sys/netinet/udp_usrreq.c head/sys/netinet6/in6.h head/sys/netinet6/in6_pcb.c head/sys/netinet6/in6_pcb.h head/sys/netinet6/ip6_output.c head/sys/netinet6/raw_ip6.c head/sys/netinet6/udp6_usrreq.c Modified: head/sys/netinet/in.h ============================================================================== --- head/sys/netinet/in.h Fri Feb 10 05:14:19 2017 (r313523) +++ head/sys/netinet/in.h Fri Feb 10 05:16:14 2017 (r313524) @@ -433,6 +433,8 @@ __END_DECLS #define IP_BINDANY 24 /* bool: allow bind to any address */ #define IP_BINDMULTI 25 /* bool: allow multiple listeners on a tuple */ #define IP_RSS_LISTEN_BUCKET 26 /* int; set RSS listen bucket */ +#define IP_ORIGDSTADDR 27 /* bool: receive IP dst addr/port w/dgram */ +#define IP_RECVORIGDSTADDR IP_ORIGDSTADDR /* * Options for controlling the firewall and dummynet. Modified: head/sys/netinet/in_pcb.c ============================================================================== --- head/sys/netinet/in_pcb.c Fri Feb 10 05:14:19 2017 (r313523) +++ head/sys/netinet/in_pcb.c Fri Feb 10 05:16:14 2017 (r313524) @@ -2492,6 +2492,10 @@ db_print_inpflags(int inp_flags) db_printf("%sINP_RECVDSTADDR", comma ? ", " : ""); comma = 1; } + if (inp_flags & INP_ORIGDSTADDR) { + db_printf("%sINP_ORIGDSTADDR", comma ? ", " : ""); + comma = 1; + } if (inp_flags & INP_HDRINCL) { db_printf("%sINP_HDRINCL", comma ? ", " : ""); comma = 1; Modified: head/sys/netinet/in_pcb.h ============================================================================== --- head/sys/netinet/in_pcb.h Fri Feb 10 05:14:19 2017 (r313523) +++ head/sys/netinet/in_pcb.h Fri Feb 10 05:16:14 2017 (r313524) @@ -618,6 +618,7 @@ short inp_so_options(const struct inpcb #define INP_RECVFLOWID 0x00000100 /* populate recv datagram with flow info */ #define INP_RECVRSSBUCKETID 0x00000200 /* populate recv datagram with bucket id */ #define INP_RATE_LIMIT_CHANGED 0x00000400 /* rate limit needs attention */ +#define INP_ORIGDSTADDR 0x00000800 /* receive IP dst address/port */ /* * Flags passed to in_pcblookup*() functions. Modified: head/sys/netinet/ip_output.c ============================================================================== --- head/sys/netinet/ip_output.c Fri Feb 10 05:14:19 2017 (r313523) +++ head/sys/netinet/ip_output.c Fri Feb 10 05:16:14 2017 (r313524) @@ -1065,6 +1065,7 @@ ip_ctloutput(struct socket *so, struct s case IP_MINTTL: case IP_RECVOPTS: case IP_RECVRETOPTS: + case IP_ORIGDSTADDR: case IP_RECVDSTADDR: case IP_RECVTTL: case IP_RECVIF: @@ -1126,6 +1127,10 @@ ip_ctloutput(struct socket *so, struct s OPTSET(INP_RECVDSTADDR); break; + case IP_ORIGDSTADDR: + OPTSET2(INP_ORIGDSTADDR, optval); + break; + case IP_RECVTTL: OPTSET(INP_RECVTTL); break; @@ -1258,6 +1263,7 @@ ip_ctloutput(struct socket *so, struct s case IP_MINTTL: case IP_RECVOPTS: case IP_RECVRETOPTS: + case IP_ORIGDSTADDR: case IP_RECVDSTADDR: case IP_RECVTTL: case IP_RECVIF: @@ -1303,6 +1309,10 @@ ip_ctloutput(struct socket *so, struct s optval = OPTBIT(INP_RECVDSTADDR); break; + case IP_ORIGDSTADDR: + optval = OPTBIT2(INP_ORIGDSTADDR); + break; + case IP_RECVTTL: optval = OPTBIT(INP_RECVTTL); break; Modified: head/sys/netinet/udp_usrreq.c ============================================================================== --- head/sys/netinet/udp_usrreq.c Fri Feb 10 05:14:19 2017 (r313523) +++ head/sys/netinet/udp_usrreq.c Fri Feb 10 05:16:14 2017 (r313524) @@ -304,7 +304,7 @@ udp_append(struct inpcb *inp, struct ip { struct sockaddr *append_sa; struct socket *so; - struct mbuf *opts = NULL; + struct mbuf *tmpopts, *opts = NULL; #ifdef INET6 struct sockaddr_in6 udp_in6; #endif @@ -319,7 +319,7 @@ udp_append(struct inpcb *inp, struct ip if (up->u_tun_func != NULL) { in_pcbref(inp); INP_RUNLOCK(inp); - (*up->u_tun_func)(n, off, inp, (struct sockaddr *)udp_in, + (*up->u_tun_func)(n, off, inp, (struct sockaddr *)&udp_in[0], up->u_tun_ctx); INP_RLOCK(inp); return (in_pcbrele_rlocked(inp)); @@ -355,16 +355,27 @@ udp_append(struct inpcb *inp, struct ip #endif /* INET6 */ ip_savecontrol(inp, &opts, ip, n); } + if (inp->inp_vflag & INP_IPV4 && inp->inp_flags2 & INP_ORIGDSTADDR) { + tmpopts = sbcreatecontrol((caddr_t)&udp_in[1], + sizeof(struct sockaddr_in), IP_ORIGDSTADDR, IPPROTO_IP); + if (tmpopts) { + if (opts) { + tmpopts->m_next = opts; + opts = tmpopts; + } else + opts = tmpopts; + } + } #ifdef INET6 if (inp->inp_vflag & INP_IPV6) { bzero(&udp_in6, sizeof(udp_in6)); udp_in6.sin6_len = sizeof(udp_in6); udp_in6.sin6_family = AF_INET6; - in6_sin_2_v4mapsin6(udp_in, &udp_in6); + in6_sin_2_v4mapsin6(&udp_in[0], &udp_in6); append_sa = (struct sockaddr *)&udp_in6; } else #endif /* INET6 */ - append_sa = (struct sockaddr *)udp_in; + append_sa = (struct sockaddr *)&udp_in[0]; m_adj(n, off); so = inp->inp_socket; @@ -390,7 +401,7 @@ udp_input(struct mbuf **mp, int *offp, i uint16_t len, ip_len; struct inpcbinfo *pcbinfo; struct ip save_ip; - struct sockaddr_in udp_in; + struct sockaddr_in udpin[2]; struct mbuf *m; struct m_tag *fwd_tag; int cscov_partial, iphlen; @@ -435,11 +446,16 @@ udp_input(struct mbuf **mp, int *offp, i * Construct sockaddr format source address. Stuff source address * and datagram in user buffer. */ - bzero(&udp_in, sizeof(udp_in)); - udp_in.sin_len = sizeof(udp_in); - udp_in.sin_family = AF_INET; - udp_in.sin_port = uh->uh_sport; - udp_in.sin_addr = ip->ip_src; + bzero(&udpin[0], sizeof(struct sockaddr_in)); + udpin[0].sin_len = sizeof(struct sockaddr_in); + udpin[0].sin_family = AF_INET; + udpin[0].sin_port = uh->uh_sport; + udpin[0].sin_addr = ip->ip_src; + bzero(&udpin[1], sizeof(struct sockaddr_in)); + udpin[1].sin_len = sizeof(struct sockaddr_in); + udpin[1].sin_family = AF_INET; + udpin[1].sin_port = uh->uh_dport; + udpin[1].sin_addr = ip->ip_dst; /* * Make mbuf data length reflect UDP length. If not enough data to @@ -568,7 +584,7 @@ udp_input(struct mbuf **mp, int *offp, i blocked = imo_multi_filter(imo, ifp, (struct sockaddr *)&group, - (struct sockaddr *)&udp_in); + (struct sockaddr *)&udpin[0]); if (blocked != MCAST_PASS) { if (blocked == MCAST_NOTGMEMBER) IPSTAT_INC(ips_notmember); @@ -587,7 +603,7 @@ udp_input(struct mbuf **mp, int *offp, i UDP_PROBE(receive, NULL, last, ip, last, uh); if (udp_append(last, ip, n, iphlen, - &udp_in)) { + udpin)) { goto inp_lost; } } @@ -620,7 +636,7 @@ udp_input(struct mbuf **mp, int *offp, i goto badunlocked; } UDP_PROBE(receive, NULL, last, ip, last, uh); - if (udp_append(last, ip, m, iphlen, &udp_in) == 0) + if (udp_append(last, ip, m, iphlen, udp_in) == 0) INP_RUNLOCK(last); inp_lost: INP_INFO_RUNLOCK(pcbinfo); @@ -710,7 +726,7 @@ udp_input(struct mbuf **mp, int *offp, i } UDP_PROBE(receive, NULL, inp, ip, inp, uh); - if (udp_append(inp, ip, m, iphlen, &udp_in) == 0) + if (udp_append(inp, ip, m, iphlen, udp_in) == 0) INP_RUNLOCK(inp); return (IPPROTO_DONE); Modified: head/sys/netinet6/in6.h ============================================================================== --- head/sys/netinet6/in6.h Fri Feb 10 05:14:19 2017 (r313523) +++ head/sys/netinet6/in6.h Fri Feb 10 05:16:14 2017 (r313524) @@ -497,6 +497,9 @@ struct route_in6 { #define IPV6_RECVFLOWID 70 /* bool; receive IP6 flowid/flowtype w/ datagram */ #define IPV6_RECVRSSBUCKETID 71 /* bool; receive IP6 RSS bucket id w/ datagram */ +#define IPV6_ORIGDSTADDR 65 /* bool: allow getting dstaddr /port info */ +#define IPV6_RECVORIGDSTADDR IPV6_ORIGDSTADDR + /* * The following option is private; do not use it from user applications. * It is deliberately defined to the same value as IP_MSFILTER. Modified: head/sys/netinet6/in6_pcb.c ============================================================================== --- head/sys/netinet6/in6_pcb.c Fri Feb 10 05:14:19 2017 (r313523) +++ head/sys/netinet6/in6_pcb.c Fri Feb 10 05:16:14 2017 (r313524) @@ -1267,7 +1267,7 @@ in6_pcblookup_mbuf(struct inpcbinfo *pcb } void -init_sin6(struct sockaddr_in6 *sin6, struct mbuf *m) +init_sin6(struct sockaddr_in6 *sin6, struct mbuf *m, int srcordst) { struct ip6_hdr *ip; @@ -1275,7 +1275,7 @@ init_sin6(struct sockaddr_in6 *sin6, str bzero(sin6, sizeof(*sin6)); sin6->sin6_len = sizeof(*sin6); sin6->sin6_family = AF_INET6; - sin6->sin6_addr = ip->ip6_src; + sin6->sin6_addr = srcordst ? ip->ip6_dst : ip->ip6_src; (void)sa6_recoverscope(sin6); /* XXX: should catch errors... */ Modified: head/sys/netinet6/in6_pcb.h ============================================================================== --- head/sys/netinet6/in6_pcb.h Fri Feb 10 05:14:19 2017 (r313523) +++ head/sys/netinet6/in6_pcb.h Fri Feb 10 05:16:14 2017 (r313524) @@ -113,7 +113,7 @@ int in6_mapped_sockaddr(struct socket *s int in6_mapped_peeraddr(struct socket *so, struct sockaddr **nam); int in6_selecthlim(struct in6pcb *, struct ifnet *); int in6_pcbsetport(struct in6_addr *, struct inpcb *, struct ucred *); -void init_sin6(struct sockaddr_in6 *sin6, struct mbuf *m); +void init_sin6(struct sockaddr_in6 *sin6, struct mbuf *m, int); #endif /* _KERNEL */ #endif /* !_NETINET6_IN6_PCB_H_ */ Modified: head/sys/netinet6/ip6_output.c ============================================================================== --- head/sys/netinet6/ip6_output.c Fri Feb 10 05:14:19 2017 (r313523) +++ head/sys/netinet6/ip6_output.c Fri Feb 10 05:16:14 2017 (r313524) @@ -1545,6 +1545,7 @@ ip6_ctloutput(struct socket *so, struct #endif case IPV6_V6ONLY: case IPV6_AUTOFLOWLABEL: + case IPV6_ORIGDSTADDR: case IPV6_BINDANY: case IPV6_BINDMULTI: #ifdef RSS @@ -1730,6 +1731,9 @@ do { \ OPTSET(IN6P_AUTOFLOWLABEL); break; + case IPV6_ORIGDSTADDR: + OPTSET2(INP_ORIGDSTADDR, optval); + break; case IPV6_BINDANY: OPTSET(INP_BINDANY); break; @@ -2018,6 +2022,10 @@ do { \ optval = OPTBIT(IN6P_AUTOFLOWLABEL); break; + case IPV6_ORIGDSTADDR: + optval = OPTBIT2(INP_ORIGDSTADDR); + break; + case IPV6_BINDANY: optval = OPTBIT(INP_BINDANY); break; Modified: head/sys/netinet6/raw_ip6.c ============================================================================== --- head/sys/netinet6/raw_ip6.c Fri Feb 10 05:14:19 2017 (r313523) +++ head/sys/netinet6/raw_ip6.c Fri Feb 10 05:16:14 2017 (r313524) @@ -166,7 +166,7 @@ rip6_input(struct mbuf **mp, int *offp, RIP6STAT_INC(rip6s_ipackets); - init_sin6(&fromsa, m); /* general init */ + init_sin6(&fromsa, m, 0); /* general init */ ifp = m->m_pkthdr.rcvif; Modified: head/sys/netinet6/udp6_usrreq.c ============================================================================== --- head/sys/netinet6/udp6_usrreq.c Fri Feb 10 05:14:19 2017 (r313523) +++ head/sys/netinet6/udp6_usrreq.c Fri Feb 10 05:16:14 2017 (r313524) @@ -137,7 +137,7 @@ udp6_append(struct inpcb *inp, struct mb struct sockaddr_in6 *fromsa) { struct socket *so; - struct mbuf *opts; + struct mbuf *opts = NULL, *tmp_opts; struct udpcb *up; INP_LOCK_ASSERT(inp); @@ -149,7 +149,7 @@ udp6_append(struct inpcb *inp, struct mb if (up->u_tun_func != NULL) { in_pcbref(inp); INP_RUNLOCK(inp); - (*up->u_tun_func)(n, off, inp, (struct sockaddr *)fromsa, + (*up->u_tun_func)(n, off, inp, (struct sockaddr *)&fromsa[0], up->u_tun_ctx); INP_RLOCK(inp); return (in_pcbrele_rlocked(inp)); @@ -173,11 +173,23 @@ udp6_append(struct inpcb *inp, struct mb if (inp->inp_flags & INP_CONTROLOPTS || inp->inp_socket->so_options & SO_TIMESTAMP) ip6_savecontrol(inp, n, &opts); + if (inp->inp_vflag & INP_IPV6 && inp->inp_flags2 & INP_ORIGDSTADDR) { + tmp_opts = sbcreatecontrol((caddr_t)&fromsa[1], + sizeof(struct sockaddr_in6), IP_ORIGDSTADDR, IPPROTO_IPV6); + if (tmp_opts) { + if (opts) { + tmp_opts->m_next = opts; + opts = tmp_opts; + } else + opts = tmp_opts; + } + + } m_adj(n, off + sizeof(struct udphdr)); so = inp->inp_socket; SOCKBUF_LOCK(&so->so_rcv); - if (sbappendaddr_locked(&so->so_rcv, (struct sockaddr *)fromsa, n, + if (sbappendaddr_locked(&so->so_rcv, (struct sockaddr *)&fromsa[0], n, opts) == 0) { SOCKBUF_UNLOCK(&so->so_rcv); m_freem(n); @@ -202,7 +214,7 @@ udp6_input(struct mbuf **mp, int *offp, int off = *offp; int cscov_partial; int plen, ulen; - struct sockaddr_in6 fromsa; + struct sockaddr_in6 fromsa[2]; struct m_tag *fwd_tag; uint16_t uh_sum; uint8_t nxt; @@ -277,8 +289,10 @@ udp6_input(struct mbuf **mp, int *offp, /* * Construct sockaddr format source address. */ - init_sin6(&fromsa, m); - fromsa.sin6_port = uh->uh_sport; + init_sin6(&fromsa[0], m, 0); + fromsa[0].sin6_port = uh->uh_sport; + init_sin6(&fromsa[1], m, 1); + fromsa[1].sin6_port = uh->uh_dport; pcbinfo = udp_get_inpcbinfo(nxt); if (IN6_IS_ADDR_MULTICAST(&ip6->ip6_dst)) { @@ -349,7 +363,7 @@ udp6_input(struct mbuf **mp, int *offp, blocked = im6o_mc_filter(imo, ifp, (struct sockaddr *)&mcaddr, - (struct sockaddr *)&fromsa); + (struct sockaddr *)&fromsa[0]); if (blocked != MCAST_PASS) { if (blocked == MCAST_NOTGMEMBER) IP6STAT_INC(ip6s_notmember); @@ -370,7 +384,7 @@ udp6_input(struct mbuf **mp, int *offp, INP_RLOCK(last); UDP_PROBE(receive, NULL, last, ip6, last, uh); - if (udp6_append(last, n, off, &fromsa)) + if (udp6_append(last, n, off, fromsa)) goto inp_lost; INP_RUNLOCK(last); } @@ -402,7 +416,7 @@ udp6_input(struct mbuf **mp, int *offp, INP_RLOCK(last); INP_INFO_RUNLOCK(pcbinfo); UDP_PROBE(receive, NULL, last, ip6, last, uh); - if (udp6_append(last, m, off, &fromsa) == 0) + if (udp6_append(last, m, off, fromsa) == 0) INP_RUNLOCK(last); inp_lost: return (IPPROTO_DONE); @@ -482,7 +496,7 @@ udp6_input(struct mbuf **mp, int *offp, } } UDP_PROBE(receive, NULL, inp, ip6, inp, uh); - if (udp6_append(inp, m, off, &fromsa) == 0) + if (udp6_append(inp, m, off, fromsa) == 0) INP_RUNLOCK(inp); return (IPPROTO_DONE);