Index: share/man/man4/ip.4 =================================================================== RCS file: /cvsroot/src/share/man/man4/ip.4,v retrieving revision 1.31 diff -u -p -u -r1.31 ip.4 --- share/man/man4/ip.4 19 May 2011 21:16:45 -0000 1.31 +++ share/man/man4/ip.4 20 Jun 2012 18:56:35 -0000 @@ -29,7 +29,7 @@ .\" .\" @(#)ip.4 8.2 (Berkeley) 11/30/93 .\" -.Dd May 19, 2011 +.Dd June 20, 2012 .Dt IP 4 .Os .Sh NAME @@ -110,6 +110,28 @@ char *buf = ipsec_set_policy(policy, str setsockopt(s, IPPROTO_IP, IP_IPSEC_POLICY, buf, ipsec_get_policylen(buf)); .Ed .Pp +The +.Dv IP_PORTALGO +can be used to randomize the port selection. +Valid algorithms are described in +.Xr rfc6056 7 +and their respective constants are in +.In netinet/rfc6056.h . +For example, +.Bd -literal +int algo = RFC6056_ALGO_RANDOM_PICK; /* see \*[Lt]netinet/rfc6056.h\*[Gt] */ +setsockopt(s, IPPROTO_IP, IP_PORTALGO, \*[Am]algo, sizeof(algo)); +.Ed +.Pp +The port selection can be also viewed and controlled at a global level for all +.Tn IP +sockets using the following +.Xr sysctl 7 +variables: +.Dv net.inet.ip.anonportalgo.available +and +.Dv net.inet.ip.anonportalgo.selected . +.Pp .Dv IP_PORTRANGE controls how ephemeral ports are allocated for .Dv SOCK_STREAM Index: share/man/man4/ip6.4 =================================================================== RCS file: /cvsroot/src/share/man/man4/ip6.4,v retrieving revision 1.28 diff -u -p -u -r1.28 ip6.4 --- share/man/man4/ip6.4 19 May 2011 21:16:45 -0000 1.28 +++ share/man/man4/ip6.4 20 Jun 2012 18:56:36 -0000 @@ -28,7 +28,7 @@ .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. -.Dd May 19, 2011 +.Dd June 20, 2012 .Dt IP6 4 .Os .Sh NAME @@ -231,6 +231,29 @@ const char *policy = "in ipsec ah/transp char *buf = ipsec_set_policy(policy, strlen(policy)); setsockopt(s, IPPROTO_IPV6, IPV6_IPSEC_POLICY, buf, ipsec_get_policylen(buf)); .Ed +.It Dv IPV6_PORTALGO Fa "int *" +The +.Dv IP_PORTALGO +can be used to randomize the port selection. +Valid algorithms are described in +.Xr rfc6056 7 +and their respective constants are in +.In netinet/rfc6056.h . +For example, +.Bd -literal +int algo = RFC6056_ALGO_RANDOM_PICK; /* see \*[Lt]netinet/rfc6056.h\*[Gt] */ +setsockopt(s, IPPROTO_IPV6, IPV6_PORTALGO, \*[Am]algo, sizeof(algo)); +.Ed +.Pp +The port selection can be also viewed and controlled at a global level for all +.Tn IPV6 +sockets using the following +.Xr sysctl 7 +variables: +.Dv net.inet.ip6.anonportalgo.available +and +.Dv net.inet.ip6.anonportalgo.selected . +.Pp .It Dv IPV6_PORTRANGE Fa "int *" Get or set the allocation policy of ephemeral ports for when the kernel automatically binds a local address to this socket. Index: share/man/man4/udp.4 =================================================================== RCS file: /cvsroot/src/share/man/man4/udp.4,v retrieving revision 1.12 diff -u -p -u -r1.12 udp.4 --- share/man/man4/udp.4 24 Sep 2011 18:49:13 -0000 1.12 +++ share/man/man4/udp.4 20 Jun 2012 18:56:36 -0000 @@ -29,7 +29,7 @@ .\" .\" @(#)udp.4 8.1 (Berkeley) 6/5/93 .\" -.Dd September 24, 2011 +.Dd June 20, 2012 .Dt UDP 4 .Os .Sh NAME @@ -119,31 +119,6 @@ from draft-ietf-ipsec-udp-encaps-06 defined in .In netinet/udp.h . .Pp -The -.Dv UDP_RFC6056ALGO -can be used to randomize the port selection. -Valid algorithms are described in -.Xr rfc6056 7 -and their respective constants are in -.In netinet/rfc6056.h . -For example, -.Bd -literal -int algo = RFC6056_ALGO_RANDOM_PICK; /* see \*[Lt]netinet/rfc6056.h\*[Gt] */ -setsockopt(s, IPPROTO_UDP, UDP_RFC6056ALGO, \*[Am]algo, sizeof(algo)); -.Ed -.Pp -The port selection can be also controlled at a global level for all -.Tn UDP -or -.Tn UDP6 -sockets using the following -.Xr sysctl 7 -variables: -.Dv net.inet.udp.rfc6056.selected -and -.Dv net.inet6.udp6.rfc6056.selected -respectively. -.Pp Options at the .Tn IP transport level may be used with Index: share/man/man7/rfc6056.7 =================================================================== RCS file: /cvsroot/src/share/man/man7/rfc6056.7,v retrieving revision 1.2 diff -u -p -u -r1.2 rfc6056.7 --- share/man/man7/rfc6056.7 24 Sep 2011 18:47:59 -0000 1.2 +++ share/man/man7/rfc6056.7 20 Jun 2012 18:56:36 -0000 @@ -91,18 +91,22 @@ Use random increments in order to select .Sh SYSCTL CONTROLS The following sysctl controls are available for selecting the default port randomization algorithm: -.Bl -column "net.inet6.udp6.rfc6056.available" "string" "Changeable" +.Bl -column "net.inet6.udp6.anonportalgo.available" "string" "Changeable" .It Sy sysctl name Ta Sy Type Ta Sy Changeable -.It net.inet.udp.rfc6056.available Ta string Ta no -.It net.inet.udp.rfc6056.selected Ta string Ta yes -.It net.inet6.udp6.rfc6056.available Ta string Ta no -.It net.inet6.udp6.rfc6056.selected Ta string Ta yes +.It net.inet.ip.anonportalgo.available Ta string Ta no +.It net.inet.ip.anonportalgo.selected Ta string Ta yes +.It net.inet6.ip6.anonportalgo.available Ta string Ta no +.It net.inet6.ip6.anonportalgo.selected Ta string Ta yes .El .Sh SOCKET OPTIONS -The socket option -.Dv UDP_RFC6056ALGO -at the -.Dv IPPROTO_UDP +The +.Dv IP_PORTSEL +socket option at the +.Dv IPPROTO_IP +level and the +.Dv IPV6_PORTSEL +socket option at the +.Dv IPPROTO_IPV6 level can be used with a string argument specifying the algorithm's name in order to select the port randomization algorithm for a specific socket. Index: share/man/man7/sysctl.7 =================================================================== RCS file: /cvsroot/src/share/man/man7/sysctl.7,v retrieving revision 1.71 diff -u -p -u -r1.71 sysctl.7 --- share/man/man7/sysctl.7 9 Jun 2012 08:22:14 -0000 1.71 +++ share/man/man7/sysctl.7 20 Jun 2012 18:56:37 -0000 @@ -29,7 +29,7 @@ .\" .\" @(#)sysctl.3 8.4 (Berkeley) 5/9/95 .\" -.Dd June 8, 2012 +.Dd June 20, 2012 .Dt SYSCTL 7 .Os .Sh NAME @@ -1223,6 +1223,8 @@ The currently defined protocols and name .It icmp redirtimeout integer yes .It icmp bmcastecho integer yes .It ip allowsrcrt integer yes +.It ip anonportalgo.selected string yes +.It ip anonportalgo.available string yes .It ip anonportmax integer yes .It ip anonportmin integer yes .It ip checkinterface integer yes @@ -1282,8 +1284,6 @@ The currently defined protocols and name .It udp checksum integer yes .It udp do_loopback_cksum integer yes .It udp recvspace integer yes -.It udp rfc6056.selected string yes -.It udp rfc6056.available string yes .It udp sendspace integer yes .El .Pp @@ -1327,6 +1327,10 @@ believes it can send advertisements more Disabled by default. .It Li ip.allowsrcrt If set to 1, the host accepts source routed packets. +.It Li ip.anonportalgo.available +The available RFC 6056 port randomization algorithms. +.It Li ip.anonportalgo.selected +The currently selected RFC 6056 port randomization algorithm. .It Li ip.anonportmax The highest port number to use for TCP and UDP ephemeral port allocation. This cannot be set to less than 1024 or greater than 65535, and must @@ -1565,10 +1569,6 @@ Received non-zero UDP checksums are alwa Disabling UDP checksums is strongly discouraged. .It Li udp.recvspace The default UDP receive buffer size. -.It Li udp.rfc6056.available -The available RFC 6056 port randomization algorithms. -.It Li udp.rfc6056.selected -The currently selected RFC 6056 port randomization algorithm. .It Li udp.sendspace The default UDP send buffer size. .El @@ -1597,6 +1597,8 @@ The currently defined protocols and name .It icmp6 rediraccept integer yes .It icmp6 redirtimeout integer yes .It ip6 accept_rtadv integer yes +.It ip6 anonportalgo.selected string yes +.It ip6 anonportalgo.available string yes .It ip6 anonportmax integer yes .It ip6 anonportmin integer yes .It ip6 auto_flowlabel integer yes @@ -1621,8 +1623,6 @@ The currently defined protocols and name .It ip6 v6only integer yes .It udp6 do_loopback_cksum integer yes .It udp6 recvspace integer yes -.It udp6 rfc6056.selected string yes -.It udp6 rfc6056.available string yes .It udp6 sendspace integer yes .El .Pp @@ -1634,6 +1634,10 @@ and autoconfigures address prefixes and The node must be a host .Pq not a router for the option to be meaningful. +.It Li ip6.anonportalgo.available +The available RFC 6056 port randomization algorithms. +.It Li ip6.anonportalgo.selected +The currently selected RFC 6056 port randomization algorithm. .It Li ip6.anonportmax The highest port number to use for TCP and UDP ephemeral port allocation. This cannot be set to less than 1024 or greater than 65535, and must @@ -1830,10 +1834,6 @@ ICMPv6 redirect. Perform UDP checksum on loopback. .It Li udp6.recvspace Default UDP receive buffer size. -.It Li udp6.rfc6056.available -The available RFC 6056 port randomization algorithms for IPv6. -.It Li udp6.rfc6056.selected -The currently selected RFC 6056 port randomization algorithm for IPv6. .It Li udp6.sendspace Default UDP send buffer size. .El Index: sys/netinet/in.h =================================================================== RCS file: /cvsroot/src/sys/netinet/in.h,v retrieving revision 1.86 diff -u -p -u -r1.86 in.h --- sys/netinet/in.h 14 Sep 2009 10:36:50 -0000 1.86 +++ sys/netinet/in.h 20 Jun 2012 18:56:49 -0000 @@ -277,6 +277,7 @@ struct ip_opts { #define IP_MULTICAST_LOOP 11 /* u_char; set/get IP multicast loopback */ #define IP_ADD_MEMBERSHIP 12 /* ip_mreq; add an IP group membership */ #define IP_DROP_MEMBERSHIP 13 /* ip_mreq; drop an IP group membership */ +#define IP_PORTALGO 18 /* int; port selection algo (rfc6056) */ #define IP_PORTRANGE 19 /* int; range to use for ephemeral port */ #define IP_RECVIF 20 /* bool; receive reception if w/dgram */ #define IP_ERRORMTU 21 /* int; get MTU of last xmit = EMSGSIZE */ Index: sys/netinet/ip_input.c =================================================================== RCS file: /cvsroot/src/sys/netinet/ip_input.c,v retrieving revision 1.300 diff -u -p -u -r1.300 ip_input.c --- sys/netinet/ip_input.c 2 Jun 2012 21:36:47 -0000 1.300 +++ sys/netinet/ip_input.c 20 Jun 2012 18:56:49 -0000 @@ -139,6 +139,7 @@ __KERNEL_RCSID(0, "$NetBSD: ip_input.c,v #ifdef MROUTING #include #endif +#include #ifdef FAST_IPSEC #include @@ -1886,6 +1887,27 @@ sysctl_net_inet_ip_setup(struct sysctllo sysctl_net_inet_ip_stats, 0, NULL, 0, CTL_NET, PF_INET, IPPROTO_IP, IPCTL_STATS, CTL_EOL); + + /* anonportalgo RFC6056 subtree */ + const struct sysctlnode *rfc6056_node; + sysctl_createv(clog, 0, NULL, &rfc6056_node, + CTLFLAG_PERMANENT, + CTLTYPE_NODE, "anonportalgo", + SYSCTL_DESCR("Anonymous Port Algorithm Selection (RFC 6056)"), + NULL, 0, NULL, 0, + CTL_NET, PF_INET, IPPROTO_IP, CTL_CREATE, CTL_EOL); + sysctl_createv(clog, 0, &rfc6056_node, NULL, + CTLFLAG_PERMANENT, + CTLTYPE_STRING, "available", + SYSCTL_DESCR("available algorithms"), + sysctl_rfc6056_available, 0, NULL, RFC6056_MAXLEN, + CTL_CREATE, CTL_EOL); + sysctl_createv(clog, 0, &rfc6056_node, NULL, + CTLFLAG_PERMANENT|CTLFLAG_READWRITE, + CTLTYPE_STRING, "selected", + SYSCTL_DESCR("selected algorithm"), + sysctl_rfc6056_selected, 0, NULL, RFC6056_MAXLEN, + CTL_CREATE, CTL_EOL); } void Index: sys/netinet/ip_output.c =================================================================== RCS file: /cvsroot/src/sys/netinet/ip_output.c,v retrieving revision 1.215 diff -u -p -u -r1.215 ip_output.c --- sys/netinet/ip_output.c 30 Apr 2012 22:51:28 -0000 1.215 +++ sys/netinet/ip_output.c 20 Jun 2012 18:56:49 -0000 @@ -125,6 +125,7 @@ __KERNEL_RCSID(0, "$NetBSD: ip_output.c, #include #include #include +#include #ifdef MROUTING #include @@ -1142,13 +1143,20 @@ ip_ctloutput(int op, struct socket *so, /* INP_UNLOCK(inp); */ break; + case IP_PORTALGO: + error = sockopt_getint(sopt, &optval); + if (error) + break; + + error = rfc6056_algo_index_select( + (struct inpcb_hdr *)inp, optval); + break; + #if defined(FAST_IPSEC) case IP_IPSEC_POLICY: - { error = ipsec4_set_policy(inp, sopt->sopt_name, sopt->sopt_data, sopt->sopt_size, l->l_cred); break; - } #endif /*IPSEC*/ default: @@ -1258,6 +1266,11 @@ ip_ctloutput(int op, struct socket *so, break; + case IP_PORTALGO: + optval = ((struct inpcb_hdr *)inp)->inph_rfc6056algo; + error = sockopt_setint(sopt, optval); + break; + default: error = ENOPROTOOPT; break; Index: sys/netinet/rfc6056.h =================================================================== RCS file: /cvsroot/src/sys/netinet/rfc6056.h,v retrieving revision 1.2 diff -u -p -u -r1.2 rfc6056.h --- sys/netinet/rfc6056.h 24 Sep 2011 17:54:19 -0000 1.2 +++ sys/netinet/rfc6056.h 20 Jun 2012 18:56:49 -0000 @@ -33,6 +33,7 @@ #ifdef _KERNEL #include +struct inpcb_hdr; int rfc6056_randport(uint16_t *, struct inpcb_hdr *, kauth_cred_t); int sysctl_rfc6056_selected(SYSCTLFN_ARGS); int sysctl_rfc6056_selected6(SYSCTLFN_ARGS); Index: sys/netinet/tcp_input.c =================================================================== RCS file: /cvsroot/src/sys/netinet/tcp_input.c,v retrieving revision 1.323 diff -u -p -u -r1.323 tcp_input.c --- sys/netinet/tcp_input.c 13 Apr 2012 15:35:57 -0000 1.323 +++ sys/netinet/tcp_input.c 20 Jun 2012 18:56:51 -0000 @@ -939,6 +939,11 @@ tcp_input_checksum(int af, struct mbuf * IFF_LOOPBACK) || tcp_do_loopback_cksum)) { TCP_CSUM_COUNTER_INCR(&tcp_swcsum); + if (m->m_len == 0) { + printf("mlen = 0 mkthdrlen = %d\n", + m->m_pkthdr.len); + return 0; + } if (in4_cksum(m, IPPROTO_TCP, toff, tlen + off) != 0) goto badcsum; Index: sys/netinet/udp.h =================================================================== RCS file: /cvsroot/src/sys/netinet/udp.h,v retrieving revision 1.15 diff -u -p -u -r1.15 udp.h --- sys/netinet/udp.h 7 Jan 2012 20:20:12 -0000 1.15 +++ sys/netinet/udp.h 20 Jun 2012 18:56:51 -0000 @@ -48,7 +48,6 @@ struct udphdr { /* socket options for UDP */ #define UDP_ENCAP 100 -#define UDP_RFC6056ALGO 200 /* Encapsulation types */ #define UDP_ENCAP_ESPINUDP_NON_IKE 1 /* draft-ietf-ipsec-nat-t-ike-00/01 */ Index: sys/netinet/udp_usrreq.c =================================================================== RCS file: /cvsroot/src/sys/netinet/udp_usrreq.c,v retrieving revision 1.186 diff -u -p -u -r1.186 udp_usrreq.c --- sys/netinet/udp_usrreq.c 22 Mar 2012 20:34:39 -0000 1.186 +++ sys/netinet/udp_usrreq.c 20 Jun 2012 18:56:51 -0000 @@ -96,7 +96,6 @@ __KERNEL_RCSID(0, "$NetBSD: udp_usrreq.c #include #include #include -#include #ifdef INET6 #include @@ -1080,15 +1079,6 @@ udp_ctloutput(int op, struct socket *so, } break; - case UDP_RFC6056ALGO: - error = sockopt_getint(sopt, &optval); - if (error) - break; - - error = rfc6056_algo_index_select( - (struct inpcb_hdr *)inp, optval); - break; - default: error = ENOPROTOOPT; break; @@ -1377,8 +1367,6 @@ sysctl_net_inet_udp_stats(SYSCTLFN_ARGS) static void sysctl_net_inet_udp_setup(struct sysctllog **clog) { - const struct sysctlnode *rfc6056_node; - sysctl_createv(clog, 0, NULL, NULL, CTLFLAG_PERMANENT, CTLTYPE_NODE, "net", NULL, @@ -1438,25 +1426,6 @@ sysctl_net_inet_udp_setup(struct sysctll sysctl_net_inet_udp_stats, 0, NULL, 0, CTL_NET, PF_INET, IPPROTO_UDP, UDPCTL_STATS, CTL_EOL); - /* RFC6056 subtree */ - sysctl_createv(clog, 0, NULL, &rfc6056_node, - CTLFLAG_PERMANENT, - CTLTYPE_NODE, "rfc6056", - SYSCTL_DESCR("RFC 6056"), - NULL, 0, NULL, 0, - CTL_NET, PF_INET, IPPROTO_UDP, CTL_CREATE, CTL_EOL); - sysctl_createv(clog, 0, &rfc6056_node, NULL, - CTLFLAG_PERMANENT, - CTLTYPE_STRING, "available", - SYSCTL_DESCR("RFC 6056 available algorithms"), - sysctl_rfc6056_available, 0, NULL, RFC6056_MAXLEN, - CTL_CREATE, CTL_EOL); - sysctl_createv(clog, 0, &rfc6056_node, NULL, - CTLFLAG_PERMANENT|CTLFLAG_READWRITE, - CTLTYPE_STRING, "selected", - SYSCTL_DESCR("RFC 6056 selected algorithm"), - sysctl_rfc6056_selected, 0, NULL, RFC6056_MAXLEN, - CTL_CREATE, CTL_EOL); } #endif Index: sys/netinet/udp_var.h =================================================================== RCS file: /cvsroot/src/sys/netinet/udp_var.h,v retrieving revision 1.37 diff -u -p -u -r1.37 udp_var.h --- sys/netinet/udp_var.h 24 Sep 2011 17:18:17 -0000 1.37 +++ sys/netinet/udp_var.h 20 Jun 2012 18:56:51 -0000 @@ -75,7 +75,6 @@ struct udpiphdr { #define UDPCTL_RECVSPACE 3 /* default recv buffer */ #define UDPCTL_LOOPBACKCKSUM 4 /* do UDP checksum on loopback */ #define UDPCTL_STATS 5 /* UDP statistics */ -#define UDPCTL_RFC6056 6 /* RFC 6056 algorithm selection */ #define UDPCTL_MAXID 7 #define UDPCTL_NAMES { \ @@ -85,7 +84,6 @@ struct udpiphdr { { "recvspace", CTLTYPE_INT }, \ { "do_loopback_cksum", CTLTYPE_INT }, \ { "stats", CTLTYPE_STRUCT }, \ - { "rfc6056", CTLTYPE_INT }, \ } #ifdef _KERNEL Index: sys/netinet6/in6.h =================================================================== RCS file: /cvsroot/src/sys/netinet6/in6.h,v retrieving revision 1.69 diff -u -p -u -r1.69 in6.h --- sys/netinet6/in6.h 24 May 2011 18:07:11 -0000 1.69 +++ sys/netinet6/in6.h 20 Jun 2012 18:56:51 -0000 @@ -385,6 +385,7 @@ extern const struct in6_addr in6addr_lin #define IPV6_LEAVE_GROUP 13 /* ip6_mreq; leave a group membership */ #define IPV6_PORTRANGE 14 /* int; range to choose for unspec port */ #if defined(_NETBSD_SOURCE) +#define IPV6_PORTALGO 17 /* int; port selection algo (rfc6056) */ #define ICMP6_FILTER 18 /* icmp6_filter; icmp6 filter */ #endif /* RFC2292 options */ Index: sys/netinet6/ip6_input.c =================================================================== RCS file: /cvsroot/src/sys/netinet6/ip6_input.c,v retrieving revision 1.137 diff -u -p -u -r1.137 ip6_input.c --- sys/netinet6/ip6_input.c 22 Mar 2012 20:34:40 -0000 1.137 +++ sys/netinet6/ip6_input.c 20 Jun 2012 18:56:52 -0000 @@ -103,6 +103,7 @@ __KERNEL_RCSID(0, "$NetBSD: ip6_input.c, #include #endif /* INET */ #include +#include #include #include #include @@ -1956,6 +1957,26 @@ sysctl_net_inet6_ip6_setup(struct sysctl CTL_NET, PF_INET6, IPPROTO_IPV6, CTL_CREATE, CTL_EOL); #endif + /* anonportalgo RFC6056 subtree */ + const struct sysctlnode *rfc6056_node; + sysctl_createv(clog, 0, NULL, &rfc6056_node, + CTLFLAG_PERMANENT, + CTLTYPE_NODE, "anonportalgo", + SYSCTL_DESCR("Anonymous port algorithm selection (RFC 6056)"), + NULL, 0, NULL, 0, + CTL_NET, PF_INET6, IPPROTO_IPV6, CTL_CREATE, CTL_EOL); + sysctl_createv(clog, 0, &rfc6056_node, NULL, + CTLFLAG_PERMANENT, + CTLTYPE_STRING, "available", + SYSCTL_DESCR("available algorithms"), + sysctl_rfc6056_available, 0, NULL, RFC6056_MAXLEN, + CTL_CREATE, CTL_EOL); + sysctl_createv(clog, 0, &rfc6056_node, NULL, + CTLFLAG_PERMANENT|CTLFLAG_READWRITE, + CTLTYPE_STRING, "selected", + SYSCTL_DESCR("selected algorithm"), + sysctl_rfc6056_selected6, 0, NULL, RFC6056_MAXLEN, + CTL_CREATE, CTL_EOL); } void Index: sys/netinet6/ip6_output.c =================================================================== RCS file: /cvsroot/src/sys/netinet6/ip6_output.c,v retrieving revision 1.147 diff -u -p -u -r1.147 ip6_output.c --- sys/netinet6/ip6_output.c 22 Mar 2012 20:34:41 -0000 1.147 +++ sys/netinet6/ip6_output.c 20 Jun 2012 18:56:52 -0000 @@ -91,6 +91,7 @@ __KERNEL_RCSID(0, "$NetBSD: ip6_output.c #include #include #include +#include #include #include #include @@ -1633,6 +1634,14 @@ else \ } break; + case IPV6_PORTALGO: + error = sockopt_getint(sopt, &optval); + if (error) + break; + + error = rfc6056_algo_index_select( + (struct inpcb_hdr *)in6p, optval); + break; #if defined(FAST_IPSEC) case IPV6_IPSEC_POLICY: @@ -1818,6 +1827,11 @@ else \ error = ip6_getmoptions(sopt, in6p->in6p_moptions); break; + case IPV6_PORTALGO: + optval = ((struct inpcb_hdr *)in6p)->inph_rfc6056algo; + error = sockopt_setint(sopt, optval); + break; + #if defined(FAST_IPSEC) case IPV6_IPSEC_POLICY: { Index: sys/netinet6/udp6_usrreq.c =================================================================== RCS file: /cvsroot/src/sys/netinet6/udp6_usrreq.c,v retrieving revision 1.90 diff -u -p -u -r1.90 udp6_usrreq.c --- sys/netinet6/udp6_usrreq.c 24 Sep 2011 17:22:14 -0000 1.90 +++ sys/netinet6/udp6_usrreq.c 20 Jun 2012 18:56:52 -0000 @@ -92,7 +92,6 @@ __KERNEL_RCSID(0, "$NetBSD: udp6_usrreq. #include #include #include -#include #include #include #include @@ -263,9 +262,7 @@ udp6_ctloutput(int op, struct socket *so { int s; int error = 0; - struct inpcb *inp; int family; - int optval; family = so->so_proto->pr_domain->dom_family; @@ -291,31 +288,7 @@ udp6_ctloutput(int op, struct socket *so error = EAFNOSUPPORT; goto end; } - - switch (op) { - case PRCO_SETOPT: - inp = sotoinpcb(so); - - switch (sopt->sopt_name) { - case UDP_RFC6056ALGO: - error = sockopt_getint(sopt, &optval); - if (error) - break; - - error = rfc6056_algo_index_select( - (struct inpcb_hdr *)inp, optval); - break; - - default: - error = ENOPROTOOPT; - break; - } - break; - - default: - error = EINVAL; - break; - } + error = EINVAL; end: splx(s); @@ -488,8 +461,6 @@ sysctl_net_inet6_udp6_stats(SYSCTLFN_ARG static void sysctl_net_inet6_udp6_setup(struct sysctllog **clog) { - const struct sysctlnode *rfc6056_node; - sysctl_createv(clog, 0, NULL, NULL, CTLFLAG_PERMANENT, CTLTYPE_NODE, "net", NULL, @@ -542,25 +513,6 @@ sysctl_net_inet6_udp6_setup(struct sysct sysctl_net_inet6_udp6_stats, 0, NULL, 0, CTL_NET, PF_INET6, IPPROTO_UDP, UDP6CTL_STATS, CTL_EOL); - /* RFC6056 subtree */ - sysctl_createv(clog, 0, NULL, &rfc6056_node, - CTLFLAG_PERMANENT, - CTLTYPE_NODE, "rfc6056", - SYSCTL_DESCR("RFC 6056"), - NULL, 0, NULL, 0, - CTL_NET, PF_INET6, IPPROTO_UDP, CTL_CREATE, CTL_EOL); - sysctl_createv(clog, 0, &rfc6056_node, NULL, - CTLFLAG_PERMANENT, - CTLTYPE_STRING, "available", - SYSCTL_DESCR("RFC 6056 available algorithms"), - sysctl_rfc6056_available, 0, NULL, RFC6056_MAXLEN, - CTL_CREATE, CTL_EOL); - sysctl_createv(clog, 0, &rfc6056_node, NULL, - CTLFLAG_PERMANENT|CTLFLAG_READWRITE, - CTLTYPE_STRING, "selected", - SYSCTL_DESCR("RFC 6056 selected algorithm"), - sysctl_rfc6056_selected6, 0, NULL, RFC6056_MAXLEN, - CTL_CREATE, CTL_EOL); } void Index: sys/netinet6/udp6_var.h =================================================================== RCS file: /cvsroot/src/sys/netinet6/udp6_var.h,v retrieving revision 1.24 diff -u -p -u -r1.24 udp6_var.h --- sys/netinet6/udp6_var.h 24 Sep 2011 17:22:14 -0000 1.24 +++ sys/netinet6/udp6_var.h 20 Jun 2012 18:56:53 -0000 @@ -88,8 +88,7 @@ #define UDP6CTL_RECVSPACE 2 /* default recv buffer */ #define UDP6CTL_LOOPBACKCKSUM 3 /* do UDP checksum on loopback? */ #define UDP6CTL_STATS 4 /* udp6 statistics */ -#define UDP6CTL_RFC6056 5 /* RFC 6056 algorithm selection */ -#define UDP6CTL_MAXID 6 +#define UDP6CTL_MAXID 5 #define UDP6CTL_NAMES { \ { 0, 0 }, \ Index: tests/net/sys/t_rfc6056.c =================================================================== RCS file: /cvsroot/src/tests/net/sys/t_rfc6056.c,v retrieving revision 1.2 diff -u -p -u -r1.2 t_rfc6056.c --- tests/net/sys/t_rfc6056.c 5 Nov 2011 19:01:42 -0000 1.2 +++ tests/net/sys/t_rfc6056.c 20 Jun 2012 18:56:58 -0000 @@ -51,7 +51,7 @@ static void test(const char *hostname, const char *service, int family, int al) { static const char hello[] = "hello\n"; - int s, error; + int s, error, proto, option; struct sockaddr_storage ss; struct addrinfo hints, *res; @@ -59,6 +59,19 @@ test(const char *hostname, const char *s hints.ai_family = family; hints.ai_socktype = SOCK_DGRAM; + switch (family) { + case AF_INET: + proto = IPPROTO_IP; + option = IP_PORTALGO; + break; + case AF_INET6: + proto = IPPROTO_IPV6; + option = IPV6_PORTALGO; + break; + default: + abort(); + } + error = getaddrinfo(hostname, service, &hints, &res); if (error) errx(EXIT_FAILURE, "Cannot get address for %s (%s)", @@ -68,7 +81,7 @@ test(const char *hostname, const char *s if (s == -1) err(EXIT_FAILURE, "socket"); - if (setsockopt(s, IPPROTO_UDP, UDP_RFC6056ALGO, &al, sizeof(al)) == -1) + if (setsockopt(s, proto, option, &al, sizeof(al)) == -1) err(EXIT_FAILURE, "setsockopt"); memset(&ss, 0, sizeof(ss)); @@ -89,7 +102,7 @@ test(const char *hostname, const char *s if (s == -1) err(EXIT_FAILURE, "socket"); - if (setsockopt(s, IPPROTO_UDP, UDP_RFC6056ALGO, &al, sizeof(al)) == -1) + if (setsockopt(s, proto, option, &al, sizeof(al)) == -1) err(EXIT_FAILURE, "setsockopt"); if (connect(s, res->ai_addr, res->ai_addrlen) == -1)