Page MenuHomeFreeBSD
Differential D20555

Make the warning intervals for deprecated crypto algorithms tunable.
ClosedPublic
Actions

Authored by jhb on Jun 7 2019, 9:18 PM.
Tags
None
Referenced Files
Unknown Object (File)
Fri, Mar 21, 12:39 PM
Unknown Object (File)
Mar 3 2025, 1:57 PM
Unknown Object (File)
Feb 20 2025, 4:17 PM
Unknown Object (File)
Feb 15 2025, 10:38 PM
Unknown Object (File)
Feb 15 2025, 10:33 PM
Unknown Object (File)
Feb 15 2025, 2:51 PM
Unknown Object (File)
Feb 11 2025, 1:41 AM
Unknown Object (File)
Feb 10 2025, 7:24 PM
View All 89 Files
Subscribers
ae
imp

Details

Reviewers
cem
bjk
jmg
Group Reviewers
manpages
Commits
rS348970: Make the warning intervals for deprecated crypto algorithms tunable.
Summary

New sysctl/tunables can now set the interval (in seconds) between
rate-limited crypto warnings. The new sysctls are:

  • kern.cryptodev_warn_interval for /dev/crypto
  • net.inet.ipsec.crypto_warn_interval for IPsec
  • kern.kgssapi_warn_interval for KGSSAPI
Test Plan
  • tested that the sysctl worked for both cryptodev and IPsec by changing the interval and verifying warnings did or didn't fire when triggering use of a deprecated algorithm
  • did not test kgssapi, but given how identical the code is I expect it to also work

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

jhb created this revision.Jun 7 2019, 9:18 PM
Herald added a subscriber: ae. · View Herald TranscriptJun 7 2019, 9:18 PM
Harbormaster completed remote builds in B24763: Diff 58381.Jun 7 2019, 9:18 PM
jhb added child revisions: D20554: Add warnings to /dev/crypto for deprecated algorithms., D20343: Add warnings for Kerberos GSS algorithms deprecated in RFCs 6649 and 8429..Jun 7 2019, 9:19 PM
jhb removed child revisions: D20343: Add warnings for Kerberos GSS algorithms deprecated in RFCs 6649 and 8429., D20554: Add warnings to /dev/crypto for deprecated algorithms..
jhb added parent revisions: D20554: Add warnings to /dev/crypto for deprecated algorithms., D20343: Add warnings for Kerberos GSS algorithms deprecated in RFCs 6649 and 8429..

Unrelated to this is the fact that the current warning intervals are a bit of a random hodge-podge, IPsec is 1 second, KGSSAPI is 1 hour, /dev/crypto is 1 minute. I am open to suggestions on picking something more sensible for all three.

cem accepted this revision.Jun 8 2019, 4:15 AM
This revision is now accepted and ready to land.Jun 8 2019, 4:15 AM
jhb updated this revision to Diff 58502.Jun 10 2019, 10:46 PM
  • Document the new sysctl node types.
This revision now requires review to proceed.Jun 10 2019, 10:46 PM
Harbormaster completed remote builds in B24804: Diff 58502.Jun 10 2019, 10:46 PM
jhb added a parent revision: D20596: Document sysctl nodes that translate their values..Jun 10 2019, 10:47 PM
cem accepted this revision.Jun 10 2019, 11:01 PM
This revision is now accepted and ready to land.Jun 10 2019, 11:01 PM
Closed by commit rS348970: Make the warning intervals for deprecated crypto algorithms tunable. (authored by jhb). · Explain WhyJun 11 2019, 11:01 PM
This revision was automatically updated to reflect the committed changes.
Herald added a reviewer: jmg. · View Herald TranscriptJun 11 2019, 11:01 PM
Herald added a reviewer: manpages. · View Herald Transcript
Herald added a subscriber: imp. · View Herald Transcript

Revision Contents
Changeset List

PathSize
head/
share/
man/
man9/
2 lines
30 lines
sys/
kern/
23 lines
kgssapi/
krb5/
1 line
6 lines
3 lines
3 lines
3 lines
netipsec/
2 lines
5 lines
9 lines
9 lines
opencrypto/
6 lines
sys/
19 lines

Diff 58549

View Options

head/share/man/man9/Makefile

Show First 20 LinesShow All 1,630 Lines▼ Show 20 Lines INP_WUNLOCK(in6p); \
{ {
struct ip6_pktopts **optp; struct ip6_pktopts **optp;
/* cannot mix with RFC2292 */ /* cannot mix with RFC2292 */
if (OPTBIT(IN6P_RFC2292)) { if (OPTBIT(IN6P_RFC2292)) {
error = EINVAL; error = EINVAL;
break; break;
} }
INP_WLOCK(in6p);
if (in6p->inp_flags & (INP_TIMEWAIT | INP_DROPPED)) {
INP_WUNLOCK(in6p);
return (ECONNRESET);
}
optp = &in6p->in6p_outputopts; optp = &in6p->in6p_outputopts;
error = ip6_pcbopt(IPV6_HOPLIMIT, error = ip6_pcbopt(IPV6_HOPLIMIT,
(u_char *)&optval, sizeof(optval), (u_char *)&optval, sizeof(optval),
optp, (td != NULL) ? td->td_ucred : optp, (td != NULL) ? td->td_ucred :
NULL, uproto); NULL, uproto);
INP_WUNLOCK(in6p);
break; break;
} }
case IPV6_RECVHOPLIMIT: case IPV6_RECVHOPLIMIT:
OPTSET2292_EXCLUSIVE(IN6P_HOPLIMIT); OPTSET2292_EXCLUSIVE(IN6P_HOPLIMIT);
break; break;
case IPV6_RECVHOPOPTS: case IPV6_RECVHOPOPTS:
▲ Show 20 LinesShow All 93 Lines▼ Show 20 Lines#endif
break; break;
} }
error = sooptcopyin(sopt, &optval, error = sooptcopyin(sopt, &optval,
sizeof optval, sizeof optval); sizeof optval, sizeof optval);
if (error) if (error)
break; break;
{ {
struct ip6_pktopts **optp; struct ip6_pktopts **optp;
INP_WLOCK(in6p);
if (in6p->inp_flags & (INP_TIMEWAIT | INP_DROPPED)) {
INP_WUNLOCK(in6p);
return (ECONNRESET);
}
optp = &in6p->in6p_outputopts; optp = &in6p->in6p_outputopts;
error = ip6_pcbopt(optname, error = ip6_pcbopt(optname,
(u_char *)&optval, sizeof(optval), (u_char *)&optval, sizeof(optval),
optp, (td != NULL) ? td->td_ucred : optp, (td != NULL) ? td->td_ucred :
NULL, uproto); NULL, uproto);
INP_WUNLOCK(in6p);
break; break;
} }
case IPV6_2292PKTINFO: case IPV6_2292PKTINFO:
case IPV6_2292HOPLIMIT: case IPV6_2292HOPLIMIT:
case IPV6_2292HOPOPTS: case IPV6_2292HOPOPTS:
case IPV6_2292DSTOPTS: case IPV6_2292DSTOPTS:
case IPV6_2292RTHDR: case IPV6_2292RTHDR:
▲ Show 20 LinesShow All 65 Lines▼ Show 20 Lines#endif
* later. * later.
*/ */
error = sooptcopyin(sopt, optbuf_storage, error = sooptcopyin(sopt, optbuf_storage,
sizeof(optbuf_storage), 0); sizeof(optbuf_storage), 0);
if (error) if (error)
break; break;
optlen = sopt->sopt_valsize; optlen = sopt->sopt_valsize;
optbuf = optbuf_storage; optbuf = optbuf_storage;
INP_WLOCK(in6p);
if (in6p->inp_flags & (INP_TIMEWAIT | INP_DROPPED)) {
INP_WUNLOCK(in6p);
return (ECONNRESET);
}
optp = &in6p->in6p_outputopts; optp = &in6p->in6p_outputopts;
error = ip6_pcbopt(optname, optbuf, optlen, error = ip6_pcbopt(optname, optbuf, optlen,
optp, (td != NULL) ? td->td_ucred : NULL, optp, (td != NULL) ? td->td_ucred : NULL,
uproto); uproto);
INP_WUNLOCK(in6p);
break; break;
} }
#undef OPTSET #undef OPTSET
case IPV6_MULTICAST_IF: case IPV6_MULTICAST_IF:
case IPV6_MULTICAST_HOPS: case IPV6_MULTICAST_HOPS:
case IPV6_MULTICAST_LOOP: case IPV6_MULTICAST_LOOP:
case IPV6_JOIN_GROUP: case IPV6_JOIN_GROUP:
▲ Show 20 LinesShow All 430 Lines▼ Show 20 Lines
static int static int
ip6_pcbopt(int optname, u_char *buf, int len, struct ip6_pktopts **pktopt, ip6_pcbopt(int optname, u_char *buf, int len, struct ip6_pktopts **pktopt,
struct ucred *cred, int uproto) struct ucred *cred, int uproto)
{ {
struct ip6_pktopts *opt; struct ip6_pktopts *opt;
if (*pktopt == NULL) { if (*pktopt == NULL) {
*pktopt = malloc(sizeof(struct ip6_pktopts), M_IP6OPT, *pktopt = malloc(sizeof(struct ip6_pktopts), M_IP6OPT,
M_WAITOK); M_NOWAIT);
if (*pktopt == NULL)
return (ENOBUFS);
ip6_initpktopts(*pktopt); ip6_initpktopts(*pktopt);
} }
opt = *pktopt; opt = *pktopt;
return (ip6_setpktopt(optname, buf, len, opt, cred, 1, 0, uproto)); return (ip6_setpktopt(optname, buf, len, opt, cred, 1, 0, uproto));
} }
#define GET_PKTOPT_VAR(field, lenexpr) do { \ #define GET_PKTOPT_VAR(field, lenexpr) do { \
▲ Show 20 LinesShow All 810 LinesShow Last 20 Lines
View Options

head/share/man/man9/sysctl.9

Show First 20 LinesShow All 1,630 Lines▼ Show 20 Lines INP_WUNLOCK(in6p); \
{ {
struct ip6_pktopts **optp; struct ip6_pktopts **optp;
/* cannot mix with RFC2292 */ /* cannot mix with RFC2292 */
if (OPTBIT(IN6P_RFC2292)) { if (OPTBIT(IN6P_RFC2292)) {
error = EINVAL; error = EINVAL;
break; break;
} }
INP_WLOCK(in6p);
if (in6p->inp_flags & (INP_TIMEWAIT | INP_DROPPED)) {
INP_WUNLOCK(in6p);
return (ECONNRESET);
}
optp = &in6p->in6p_outputopts; optp = &in6p->in6p_outputopts;
error = ip6_pcbopt(IPV6_HOPLIMIT, error = ip6_pcbopt(IPV6_HOPLIMIT,
(u_char *)&optval, sizeof(optval), (u_char *)&optval, sizeof(optval),
optp, (td != NULL) ? td->td_ucred : optp, (td != NULL) ? td->td_ucred :
NULL, uproto); NULL, uproto);
INP_WUNLOCK(in6p);
break; break;
} }
case IPV6_RECVHOPLIMIT: case IPV6_RECVHOPLIMIT:
OPTSET2292_EXCLUSIVE(IN6P_HOPLIMIT); OPTSET2292_EXCLUSIVE(IN6P_HOPLIMIT);
break; break;
case IPV6_RECVHOPOPTS: case IPV6_RECVHOPOPTS:
▲ Show 20 LinesShow All 93 Lines▼ Show 20 Lines#endif
break; break;
} }
error = sooptcopyin(sopt, &optval, error = sooptcopyin(sopt, &optval,
sizeof optval, sizeof optval); sizeof optval, sizeof optval);
if (error) if (error)
break; break;
{ {
struct ip6_pktopts **optp; struct ip6_pktopts **optp;
INP_WLOCK(in6p);
if (in6p->inp_flags & (INP_TIMEWAIT | INP_DROPPED)) {
INP_WUNLOCK(in6p);
return (ECONNRESET);
}
optp = &in6p->in6p_outputopts; optp = &in6p->in6p_outputopts;
error = ip6_pcbopt(optname, error = ip6_pcbopt(optname,
(u_char *)&optval, sizeof(optval), (u_char *)&optval, sizeof(optval),
optp, (td != NULL) ? td->td_ucred : optp, (td != NULL) ? td->td_ucred :
NULL, uproto); NULL, uproto);
INP_WUNLOCK(in6p);
break; break;
} }
case IPV6_2292PKTINFO: case IPV6_2292PKTINFO:
case IPV6_2292HOPLIMIT: case IPV6_2292HOPLIMIT:
case IPV6_2292HOPOPTS: case IPV6_2292HOPOPTS:
case IPV6_2292DSTOPTS: case IPV6_2292DSTOPTS:
case IPV6_2292RTHDR: case IPV6_2292RTHDR:
▲ Show 20 LinesShow All 65 Lines▼ Show 20 Lines#endif
* later. * later.
*/ */
error = sooptcopyin(sopt, optbuf_storage, error = sooptcopyin(sopt, optbuf_storage,
sizeof(optbuf_storage), 0); sizeof(optbuf_storage), 0);
if (error) if (error)
break; break;
optlen = sopt->sopt_valsize; optlen = sopt->sopt_valsize;
optbuf = optbuf_storage; optbuf = optbuf_storage;
INP_WLOCK(in6p);
if (in6p->inp_flags & (INP_TIMEWAIT | INP_DROPPED)) {
INP_WUNLOCK(in6p);
return (ECONNRESET);
}
optp = &in6p->in6p_outputopts; optp = &in6p->in6p_outputopts;
error = ip6_pcbopt(optname, optbuf, optlen, error = ip6_pcbopt(optname, optbuf, optlen,
optp, (td != NULL) ? td->td_ucred : NULL, optp, (td != NULL) ? td->td_ucred : NULL,
uproto); uproto);
INP_WUNLOCK(in6p);
break; break;
} }
#undef OPTSET #undef OPTSET
case IPV6_MULTICAST_IF: case IPV6_MULTICAST_IF:
case IPV6_MULTICAST_HOPS: case IPV6_MULTICAST_HOPS:
case IPV6_MULTICAST_LOOP: case IPV6_MULTICAST_LOOP:
case IPV6_JOIN_GROUP: case IPV6_JOIN_GROUP:
▲ Show 20 LinesShow All 430 Lines▼ Show 20 Lines
static int static int
ip6_pcbopt(int optname, u_char *buf, int len, struct ip6_pktopts **pktopt, ip6_pcbopt(int optname, u_char *buf, int len, struct ip6_pktopts **pktopt,
struct ucred *cred, int uproto) struct ucred *cred, int uproto)
{ {
struct ip6_pktopts *opt; struct ip6_pktopts *opt;
if (*pktopt == NULL) { if (*pktopt == NULL) {
*pktopt = malloc(sizeof(struct ip6_pktopts), M_IP6OPT, *pktopt = malloc(sizeof(struct ip6_pktopts), M_IP6OPT,
M_WAITOK); M_NOWAIT);
if (*pktopt == NULL)
return (ENOBUFS);
ip6_initpktopts(*pktopt); ip6_initpktopts(*pktopt);
} }
opt = *pktopt; opt = *pktopt;
return (ip6_setpktopt(optname, buf, len, opt, cred, 1, 0, uproto)); return (ip6_setpktopt(optname, buf, len, opt, cred, 1, 0, uproto));
} }
#define GET_PKTOPT_VAR(field, lenexpr) do { \ #define GET_PKTOPT_VAR(field, lenexpr) do { \
▲ Show 20 LinesShow All 810 LinesShow Last 20 Lines
View Options

head/sys/kern/kern_sysctl.c

Show First 20 LinesShow All 1,630 Lines▼ Show 20 Lines INP_WUNLOCK(in6p); \
{ {
struct ip6_pktopts **optp; struct ip6_pktopts **optp;
/* cannot mix with RFC2292 */ /* cannot mix with RFC2292 */
if (OPTBIT(IN6P_RFC2292)) { if (OPTBIT(IN6P_RFC2292)) {
error = EINVAL; error = EINVAL;
break; break;
} }
INP_WLOCK(in6p);
if (in6p->inp_flags & (INP_TIMEWAIT | INP_DROPPED)) {
INP_WUNLOCK(in6p);
return (ECONNRESET);
}
optp = &in6p->in6p_outputopts; optp = &in6p->in6p_outputopts;
error = ip6_pcbopt(IPV6_HOPLIMIT, error = ip6_pcbopt(IPV6_HOPLIMIT,
(u_char *)&optval, sizeof(optval), (u_char *)&optval, sizeof(optval),
optp, (td != NULL) ? td->td_ucred : optp, (td != NULL) ? td->td_ucred :
NULL, uproto); NULL, uproto);
INP_WUNLOCK(in6p);
break; break;
} }
case IPV6_RECVHOPLIMIT: case IPV6_RECVHOPLIMIT:
OPTSET2292_EXCLUSIVE(IN6P_HOPLIMIT); OPTSET2292_EXCLUSIVE(IN6P_HOPLIMIT);
break; break;
case IPV6_RECVHOPOPTS: case IPV6_RECVHOPOPTS:
▲ Show 20 LinesShow All 93 Lines▼ Show 20 Lines#endif
break; break;
} }
error = sooptcopyin(sopt, &optval, error = sooptcopyin(sopt, &optval,
sizeof optval, sizeof optval); sizeof optval, sizeof optval);
if (error) if (error)
break; break;
{ {
struct ip6_pktopts **optp; struct ip6_pktopts **optp;
INP_WLOCK(in6p);
if (in6p->inp_flags & (INP_TIMEWAIT | INP_DROPPED)) {
INP_WUNLOCK(in6p);
return (ECONNRESET);
}
optp = &in6p->in6p_outputopts; optp = &in6p->in6p_outputopts;
error = ip6_pcbopt(optname, error = ip6_pcbopt(optname,
(u_char *)&optval, sizeof(optval), (u_char *)&optval, sizeof(optval),
optp, (td != NULL) ? td->td_ucred : optp, (td != NULL) ? td->td_ucred :
NULL, uproto); NULL, uproto);
INP_WUNLOCK(in6p);
break; break;
} }
case IPV6_2292PKTINFO: case IPV6_2292PKTINFO:
case IPV6_2292HOPLIMIT: case IPV6_2292HOPLIMIT:
case IPV6_2292HOPOPTS: case IPV6_2292HOPOPTS:
case IPV6_2292DSTOPTS: case IPV6_2292DSTOPTS:
case IPV6_2292RTHDR: case IPV6_2292RTHDR:
▲ Show 20 LinesShow All 65 Lines▼ Show 20 Lines#endif
* later. * later.
*/ */
error = sooptcopyin(sopt, optbuf_storage, error = sooptcopyin(sopt, optbuf_storage,
sizeof(optbuf_storage), 0); sizeof(optbuf_storage), 0);
if (error) if (error)
break; break;
optlen = sopt->sopt_valsize; optlen = sopt->sopt_valsize;
optbuf = optbuf_storage; optbuf = optbuf_storage;
INP_WLOCK(in6p);
if (in6p->inp_flags & (INP_TIMEWAIT | INP_DROPPED)) {
INP_WUNLOCK(in6p);
return (ECONNRESET);
}
optp = &in6p->in6p_outputopts; optp = &in6p->in6p_outputopts;
error = ip6_pcbopt(optname, optbuf, optlen, error = ip6_pcbopt(optname, optbuf, optlen,
optp, (td != NULL) ? td->td_ucred : NULL, optp, (td != NULL) ? td->td_ucred : NULL,
uproto); uproto);
INP_WUNLOCK(in6p);
break; break;
} }
#undef OPTSET #undef OPTSET
case IPV6_MULTICAST_IF: case IPV6_MULTICAST_IF:
case IPV6_MULTICAST_HOPS: case IPV6_MULTICAST_HOPS:
case IPV6_MULTICAST_LOOP: case IPV6_MULTICAST_LOOP:
case IPV6_JOIN_GROUP: case IPV6_JOIN_GROUP:
▲ Show 20 LinesShow All 430 Lines▼ Show 20 Lines
static int static int
ip6_pcbopt(int optname, u_char *buf, int len, struct ip6_pktopts **pktopt, ip6_pcbopt(int optname, u_char *buf, int len, struct ip6_pktopts **pktopt,
struct ucred *cred, int uproto) struct ucred *cred, int uproto)
{ {
struct ip6_pktopts *opt; struct ip6_pktopts *opt;
if (*pktopt == NULL) { if (*pktopt == NULL) {
*pktopt = malloc(sizeof(struct ip6_pktopts), M_IP6OPT, *pktopt = malloc(sizeof(struct ip6_pktopts), M_IP6OPT,
M_WAITOK); M_NOWAIT);
if (*pktopt == NULL)
return (ENOBUFS);
ip6_initpktopts(*pktopt); ip6_initpktopts(*pktopt);
} }
opt = *pktopt; opt = *pktopt;
return (ip6_setpktopt(optname, buf, len, opt, cred, 1, 0, uproto)); return (ip6_setpktopt(optname, buf, len, opt, cred, 1, 0, uproto));
} }
#define GET_PKTOPT_VAR(field, lenexpr) do { \ #define GET_PKTOPT_VAR(field, lenexpr) do { \
▲ Show 20 LinesShow All 810 LinesShow Last 20 Lines
View Options

head/sys/kgssapi/krb5/kcrypto.h

Show First 20 LinesShow All 1,630 Lines▼ Show 20 Lines INP_WUNLOCK(in6p); \
{ {
struct ip6_pktopts **optp; struct ip6_pktopts **optp;
/* cannot mix with RFC2292 */ /* cannot mix with RFC2292 */
if (OPTBIT(IN6P_RFC2292)) { if (OPTBIT(IN6P_RFC2292)) {
error = EINVAL; error = EINVAL;
break; break;
} }
INP_WLOCK(in6p);
if (in6p->inp_flags & (INP_TIMEWAIT | INP_DROPPED)) {
INP_WUNLOCK(in6p);
return (ECONNRESET);
}
optp = &in6p->in6p_outputopts; optp = &in6p->in6p_outputopts;
error = ip6_pcbopt(IPV6_HOPLIMIT, error = ip6_pcbopt(IPV6_HOPLIMIT,
(u_char *)&optval, sizeof(optval), (u_char *)&optval, sizeof(optval),
optp, (td != NULL) ? td->td_ucred : optp, (td != NULL) ? td->td_ucred :
NULL, uproto); NULL, uproto);
INP_WUNLOCK(in6p);
break; break;
} }
case IPV6_RECVHOPLIMIT: case IPV6_RECVHOPLIMIT:
OPTSET2292_EXCLUSIVE(IN6P_HOPLIMIT); OPTSET2292_EXCLUSIVE(IN6P_HOPLIMIT);
break; break;
case IPV6_RECVHOPOPTS: case IPV6_RECVHOPOPTS:
▲ Show 20 LinesShow All 93 Lines▼ Show 20 Lines#endif
break; break;
} }
error = sooptcopyin(sopt, &optval, error = sooptcopyin(sopt, &optval,
sizeof optval, sizeof optval); sizeof optval, sizeof optval);
if (error) if (error)
break; break;
{ {
struct ip6_pktopts **optp; struct ip6_pktopts **optp;
INP_WLOCK(in6p);
if (in6p->inp_flags & (INP_TIMEWAIT | INP_DROPPED)) {
INP_WUNLOCK(in6p);
return (ECONNRESET);
}
optp = &in6p->in6p_outputopts; optp = &in6p->in6p_outputopts;
error = ip6_pcbopt(optname, error = ip6_pcbopt(optname,
(u_char *)&optval, sizeof(optval), (u_char *)&optval, sizeof(optval),
optp, (td != NULL) ? td->td_ucred : optp, (td != NULL) ? td->td_ucred :
NULL, uproto); NULL, uproto);
INP_WUNLOCK(in6p);
break; break;
} }
case IPV6_2292PKTINFO: case IPV6_2292PKTINFO:
case IPV6_2292HOPLIMIT: case IPV6_2292HOPLIMIT:
case IPV6_2292HOPOPTS: case IPV6_2292HOPOPTS:
case IPV6_2292DSTOPTS: case IPV6_2292DSTOPTS:
case IPV6_2292RTHDR: case IPV6_2292RTHDR:
▲ Show 20 LinesShow All 65 Lines▼ Show 20 Lines#endif
* later. * later.
*/ */
error = sooptcopyin(sopt, optbuf_storage, error = sooptcopyin(sopt, optbuf_storage,
sizeof(optbuf_storage), 0); sizeof(optbuf_storage), 0);
if (error) if (error)
break; break;
optlen = sopt->sopt_valsize; optlen = sopt->sopt_valsize;
optbuf = optbuf_storage; optbuf = optbuf_storage;
INP_WLOCK(in6p);
if (in6p->inp_flags & (INP_TIMEWAIT | INP_DROPPED)) {
INP_WUNLOCK(in6p);
return (ECONNRESET);
}
optp = &in6p->in6p_outputopts; optp = &in6p->in6p_outputopts;
error = ip6_pcbopt(optname, optbuf, optlen, error = ip6_pcbopt(optname, optbuf, optlen,
optp, (td != NULL) ? td->td_ucred : NULL, optp, (td != NULL) ? td->td_ucred : NULL,
uproto); uproto);
INP_WUNLOCK(in6p);
break; break;
} }
#undef OPTSET #undef OPTSET
case IPV6_MULTICAST_IF: case IPV6_MULTICAST_IF:
case IPV6_MULTICAST_HOPS: case IPV6_MULTICAST_HOPS:
case IPV6_MULTICAST_LOOP: case IPV6_MULTICAST_LOOP:
case IPV6_JOIN_GROUP: case IPV6_JOIN_GROUP:
▲ Show 20 LinesShow All 430 Lines▼ Show 20 Lines
static int static int
ip6_pcbopt(int optname, u_char *buf, int len, struct ip6_pktopts **pktopt, ip6_pcbopt(int optname, u_char *buf, int len, struct ip6_pktopts **pktopt,
struct ucred *cred, int uproto) struct ucred *cred, int uproto)
{ {
struct ip6_pktopts *opt; struct ip6_pktopts *opt;
if (*pktopt == NULL) { if (*pktopt == NULL) {
*pktopt = malloc(sizeof(struct ip6_pktopts), M_IP6OPT, *pktopt = malloc(sizeof(struct ip6_pktopts), M_IP6OPT,
M_WAITOK); M_NOWAIT);
if (*pktopt == NULL)
return (ENOBUFS);
ip6_initpktopts(*pktopt); ip6_initpktopts(*pktopt);
} }
opt = *pktopt; opt = *pktopt;
return (ip6_setpktopt(optname, buf, len, opt, cred, 1, 0, uproto)); return (ip6_setpktopt(optname, buf, len, opt, cred, 1, 0, uproto));
} }
#define GET_PKTOPT_VAR(field, lenexpr) do { \ #define GET_PKTOPT_VAR(field, lenexpr) do { \
▲ Show 20 LinesShow All 810 LinesShow Last 20 Lines
View Options

head/sys/kgssapi/krb5/kcrypto.c

Show First 20 LinesShow All 1,630 Lines▼ Show 20 Lines INP_WUNLOCK(in6p); \
{ {
struct ip6_pktopts **optp; struct ip6_pktopts **optp;
/* cannot mix with RFC2292 */ /* cannot mix with RFC2292 */
if (OPTBIT(IN6P_RFC2292)) { if (OPTBIT(IN6P_RFC2292)) {
error = EINVAL; error = EINVAL;
break; break;
} }
INP_WLOCK(in6p);
if (in6p->inp_flags & (INP_TIMEWAIT | INP_DROPPED)) {
INP_WUNLOCK(in6p);
return (ECONNRESET);
}
optp = &in6p->in6p_outputopts; optp = &in6p->in6p_outputopts;
error = ip6_pcbopt(IPV6_HOPLIMIT, error = ip6_pcbopt(IPV6_HOPLIMIT,
(u_char *)&optval, sizeof(optval), (u_char *)&optval, sizeof(optval),
optp, (td != NULL) ? td->td_ucred : optp, (td != NULL) ? td->td_ucred :
NULL, uproto); NULL, uproto);
INP_WUNLOCK(in6p);
break; break;
} }
case IPV6_RECVHOPLIMIT: case IPV6_RECVHOPLIMIT:
OPTSET2292_EXCLUSIVE(IN6P_HOPLIMIT); OPTSET2292_EXCLUSIVE(IN6P_HOPLIMIT);
break; break;
case IPV6_RECVHOPOPTS: case IPV6_RECVHOPOPTS:
▲ Show 20 LinesShow All 93 Lines▼ Show 20 Lines#endif
break; break;
} }
error = sooptcopyin(sopt, &optval, error = sooptcopyin(sopt, &optval,
sizeof optval, sizeof optval); sizeof optval, sizeof optval);
if (error) if (error)
break; break;
{ {
struct ip6_pktopts **optp; struct ip6_pktopts **optp;
INP_WLOCK(in6p);
if (in6p->inp_flags & (INP_TIMEWAIT | INP_DROPPED)) {
INP_WUNLOCK(in6p);
return (ECONNRESET);
}
optp = &in6p->in6p_outputopts; optp = &in6p->in6p_outputopts;
error = ip6_pcbopt(optname, error = ip6_pcbopt(optname,
(u_char *)&optval, sizeof(optval), (u_char *)&optval, sizeof(optval),
optp, (td != NULL) ? td->td_ucred : optp, (td != NULL) ? td->td_ucred :
NULL, uproto); NULL, uproto);
INP_WUNLOCK(in6p);
break; break;
} }
case IPV6_2292PKTINFO: case IPV6_2292PKTINFO:
case IPV6_2292HOPLIMIT: case IPV6_2292HOPLIMIT:
case IPV6_2292HOPOPTS: case IPV6_2292HOPOPTS:
case IPV6_2292DSTOPTS: case IPV6_2292DSTOPTS:
case IPV6_2292RTHDR: case IPV6_2292RTHDR:
▲ Show 20 LinesShow All 65 Lines▼ Show 20 Lines#endif
* later. * later.
*/ */
error = sooptcopyin(sopt, optbuf_storage, error = sooptcopyin(sopt, optbuf_storage,
sizeof(optbuf_storage), 0); sizeof(optbuf_storage), 0);
if (error) if (error)
break; break;
optlen = sopt->sopt_valsize; optlen = sopt->sopt_valsize;
optbuf = optbuf_storage; optbuf = optbuf_storage;
INP_WLOCK(in6p);
if (in6p->inp_flags & (INP_TIMEWAIT | INP_DROPPED)) {
INP_WUNLOCK(in6p);
return (ECONNRESET);
}
optp = &in6p->in6p_outputopts; optp = &in6p->in6p_outputopts;
error = ip6_pcbopt(optname, optbuf, optlen, error = ip6_pcbopt(optname, optbuf, optlen,
optp, (td != NULL) ? td->td_ucred : NULL, optp, (td != NULL) ? td->td_ucred : NULL,
uproto); uproto);
INP_WUNLOCK(in6p);
break; break;
} }
#undef OPTSET #undef OPTSET
case IPV6_MULTICAST_IF: case IPV6_MULTICAST_IF:
case IPV6_MULTICAST_HOPS: case IPV6_MULTICAST_HOPS:
case IPV6_MULTICAST_LOOP: case IPV6_MULTICAST_LOOP:
case IPV6_JOIN_GROUP: case IPV6_JOIN_GROUP:
▲ Show 20 LinesShow All 430 Lines▼ Show 20 Lines
static int static int
ip6_pcbopt(int optname, u_char *buf, int len, struct ip6_pktopts **pktopt, ip6_pcbopt(int optname, u_char *buf, int len, struct ip6_pktopts **pktopt,
struct ucred *cred, int uproto) struct ucred *cred, int uproto)
{ {
struct ip6_pktopts *opt; struct ip6_pktopts *opt;
if (*pktopt == NULL) { if (*pktopt == NULL) {
*pktopt = malloc(sizeof(struct ip6_pktopts), M_IP6OPT, *pktopt = malloc(sizeof(struct ip6_pktopts), M_IP6OPT,
M_WAITOK); M_NOWAIT);
if (*pktopt == NULL)
return (ENOBUFS);
ip6_initpktopts(*pktopt); ip6_initpktopts(*pktopt);
} }
opt = *pktopt; opt = *pktopt;
return (ip6_setpktopt(optname, buf, len, opt, cred, 1, 0, uproto)); return (ip6_setpktopt(optname, buf, len, opt, cred, 1, 0, uproto));
} }
#define GET_PKTOPT_VAR(field, lenexpr) do { \ #define GET_PKTOPT_VAR(field, lenexpr) do { \
▲ Show 20 LinesShow All 810 LinesShow Last 20 Lines
View Options

head/sys/kgssapi/krb5/kcrypto_arcfour.c

Loading...
View Options

head/sys/kgssapi/krb5/kcrypto_des.c

Loading...
View Options

head/sys/kgssapi/krb5/kcrypto_des3.c

Loading...
View Options

head/sys/netipsec/ipsec.h

Loading...
View Options

head/sys/netipsec/ipsec.c

Loading...
View Options

head/sys/netipsec/xform_ah.c

Loading...
View Options

head/sys/netipsec/xform_esp.c

Loading...
View Options

head/sys/opencrypto/cryptodev.c

Loading...
View Options

head/sys/sys/sysctl.h

Loading...