Date: Thu, 14 Mar 2013 16:24:51 +0000 (UTC) From: Andre Oppermann <andre@FreeBSD.org> To: src-committers@freebsd.org, svn-src-user@freebsd.org Subject: svn commit: r248268 - user/andre/tcp-ao/sys/netinet Message-ID: <201303141624.r2EGOp0R032805@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: andre Date: Thu Mar 14 16:24:50 2013 New Revision: 248268 URL: http://svnweb.freebsd.org/changeset/base/248268 Log: Recognize TCP-AO options in tcp_dooptions() and add them in tcp_addoptions(). The necessary definitions and fields are added to struct tcpopt. Sponsored by: Juniper Networks Modified: user/andre/tcp-ao/sys/netinet/tcp.h user/andre/tcp-ao/sys/netinet/tcp_input.c user/andre/tcp-ao/sys/netinet/tcp_output.c user/andre/tcp-ao/sys/netinet/tcp_var.h Modified: user/andre/tcp-ao/sys/netinet/tcp.h ============================================================================== --- user/andre/tcp-ao/sys/netinet/tcp.h Thu Mar 14 10:02:59 2013 (r248267) +++ user/andre/tcp-ao/sys/netinet/tcp.h Thu Mar 14 16:24:50 2013 (r248268) @@ -98,6 +98,8 @@ struct tcphdr { #define TCPOPT_SIGNATURE 19 /* Keyed MD5: RFC 2385 */ #define TCPOLEN_SIGNATURE 18 #define TCPOPT_AO 29 +#define TCPOLEN_AO_MIN 4 +#define TCPOLEN_AO_MAX 40 /* Miscellaneous constants */ #define MAX_SACK_BLKS 6 /* Max # SACK blocks stored at receiver side */ Modified: user/andre/tcp-ao/sys/netinet/tcp_input.c ============================================================================== --- user/andre/tcp-ao/sys/netinet/tcp_input.c Thu Mar 14 10:02:59 2013 (r248267) +++ user/andre/tcp-ao/sys/netinet/tcp_input.c Thu Mar 14 16:24:50 2013 (r248268) @@ -3203,6 +3203,16 @@ tcp_dooptions(struct tcpopt *to, u_char to->to_signature = cp + 2; break; #endif + case TCPOPT_AO: + if (optlen >= TCPOLEN_AO_MIN && + optlen <= TCPOLEN_AO_MAX) + continue; + to->to_flags |= TOF_AO; + to->to_signature = cp + 4; + to->to_ao_keyid = *(cp + 2); + to->to_ao_nextkeyid = *(cp + 3); + to->to_siglen = optlen - 4; + break; case TCPOPT_SACK_PERMITTED: if (optlen != TCPOLEN_SACK_PERMITTED) continue; Modified: user/andre/tcp-ao/sys/netinet/tcp_output.c ============================================================================== --- user/andre/tcp-ao/sys/netinet/tcp_output.c Thu Mar 14 10:02:59 2013 (r248267) +++ user/andre/tcp-ao/sys/netinet/tcp_output.c Thu Mar 14 16:24:50 2013 (r248268) @@ -736,6 +736,9 @@ send: if (tp->t_flags & TF_SIGNATURE) to.to_flags |= TOF_SIGNATURE; #endif /* TCP_SIGNATURE */ + /* TCP-AO (RFC5925). */ + if (tp->t_flags & TF_AO) + to.to_flags |= TOF_AO; /* Processing the options. */ hdrlen += optlen = tcp_addoptions(&to, opt); @@ -1503,6 +1506,26 @@ tcp_addoptions(struct tcpopt *to, u_char *optp++ = 0; break; } + case TOF_AO: + { + int siglen = tcp_ao_siglen(tp); + + while (!optlen || optlen % 4 != 2) { + optlen += TCPOLEN_NOP; + *optp++ = TCPOPT_NOP; + } + if (TCP_MAXOLEN - optlen < TCPOLEN_AO_MIN + siglen) + continue; + optlen += TCPOLEN_AO_MIN; + *optp++ = TCPOPT_AO; + *optp++ = TCPOLEN_AO_MIN + siglen; + *optp++ = tcp_ao_keyid(tp); /* keyid */ + *optp++ = tcp_ao_nextkeyid(tp); /* nextkeyid */ + to->to_signature = optp; + while (siglen--) + *optp++ = 0; + break; + } case TOF_SACK: { int sackblks = 0; Modified: user/andre/tcp-ao/sys/netinet/tcp_var.h ============================================================================== --- user/andre/tcp-ao/sys/netinet/tcp_var.h Thu Mar 14 10:02:59 2013 (r248267) +++ user/andre/tcp-ao/sys/netinet/tcp_var.h Thu Mar 14 16:24:50 2013 (r248268) @@ -245,6 +245,7 @@ struct tcpcb { #define TF_ECN_SND_ECE 0x10000000 /* ECN ECE in queue */ #define TF_CONGRECOVERY 0x20000000 /* congestion recovery mode */ #define TF_WASCRECOVERY 0x40000000 /* was in congestion recovery */ +#define TF_AO 0x80000000 /* require TCP-AO digests (RFC5925) #define IN_FASTRECOVERY(t_flags) (t_flags & TF_FASTRECOVERY) #define ENTER_FASTRECOVERY(t_flags) t_flags |= TF_FASTRECOVERY @@ -297,11 +298,15 @@ struct tcpopt { #define TOF_TS 0x0010 /* timestamp */ #define TOF_SIGNATURE 0x0040 /* TCP-MD5 signature option (RFC2385) */ #define TOF_SACK 0x0080 /* Peer sent SACK option */ -#define TOF_MAXOPT 0x0100 +#define TOF_AO 0x0100 /* TCP-AO authentication (RFC5925) */ +#define TOF_MAXOPT 0x0200 u_int32_t to_tsval; /* new timestamp */ u_int32_t to_tsecr; /* reflected timestamp */ u_char *to_sacks; /* pointer to the first SACK blocks */ - u_char *to_signature; /* pointer to the TCP-MD5 signature */ + u_char *to_signature; /* pointer to the MD5/AO signature */ + u_int8_t to_siglen; /* length of signature */ + u_int8_t to_ao_keyid /* current TCP-AO keyid */ + u_int8_t tp_ao_nextkeyid /* receive next TCP-AO keyid */ u_int16_t to_mss; /* maximum segment size */ u_int8_t to_wscale; /* window scaling */ u_int8_t to_nsacks; /* number of SACK blocks */
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201303141624.r2EGOp0R032805>