From nobody Tue Apr 12 08:05:15 2022 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4DC8E11D31F2; Tue, 12 Apr 2022 08:05:16 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4KcyvJ1X6fz3FtY; Tue, 12 Apr 2022 08:05:16 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1649750716; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=MNEAtoXabF06+CmRSNUI9cMVTd7bj1rCmRbBBZEIs7k=; b=yGdFXd92G2R88EuWrXnATl7YNbUZ+zsxdHrjYZstff0ItcP+AsVBj/c1LadRyYV6r5p+Cv R63nI40yMf8dJNRNkVvNC8M1Em2rVbZF6lVrD4HW5vwwIpVBuY2dg5uLUD0Jc4Cmk/CLqh iM0m0yncOlQXOSYxxedmyJ/D34ZsbbDyXNpaJObcB2tnlca4tpkvt6pDGob7iz4qfDyKKF qif4OEddBzyR9LLNAhBRL4LPjNJ2ge3phFtHs9NY6UBNJL6ZL2hM150vUNasCXGoeJPSyb WhkeXt26529Q+pqqPa+X3nvJCTl9a1UxlFiqNnVZNFkIfvKthcU0TiY9gUKZmw== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 0BCFE13A70; Tue, 12 Apr 2022 08:05:16 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 23C85FlF012520; Tue, 12 Apr 2022 08:05:15 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 23C85Fn2012519; Tue, 12 Apr 2022 08:05:15 GMT (envelope-from git) Date: Tue, 12 Apr 2022 08:05:15 GMT Message-Id: <202204120805.23C85Fn2012519@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Kristof Provost Subject: git: 742e7210d00b - main - udp: allow udp_tun_func_t() to indicate it did not eat the packet List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-main@freebsd.org X-BeenThere: dev-commits-src-main@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kp X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 742e7210d00b359d81b9c778ab520003704e9b6c Auto-Submitted: auto-generated ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1649750716; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=MNEAtoXabF06+CmRSNUI9cMVTd7bj1rCmRbBBZEIs7k=; b=f2MXV2Rjm49Hp0EoyTnaFC875XM7ZQFDHqUvZ09dckNZkYkWPXMD6+NZo1f/5V7GWJOT1h 6EobhQ3r6ZXaBvn3GFP00xUdhocdpP2srbGphk+pneRpByWm7BvAjXh44pFZg6t2qxn0Jm gxGWq12pdIn9CcRXDSTgPSbp8WVDMkVjuoUsq/fItE532zayhSQwP0Y3D5yP4LAHkTK8UV MMacDIbNRUNu9d5Sv08srLRXJnbg0A03SY0sOj4TwF+lpQKXxPRAS+fp19ahJ1v+KkHpej y20mUMM30StqGVhu035YfiNc1gvKLEe7DVRV9J5qIh5s9DPARP2zwNscT+lWuQ== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1649750716; a=rsa-sha256; cv=none; b=hHct5WLt/vwD+cR7/WEsHTpXPDGgDgljcBhdQeMwxdkF1E9KcuQ7stmyRCe6+g6xY9C1BJ YvRWZtHkoqyhriHc+ALCeQYzlel/1xPWrcfOTsvO6esjS1oy1KwjimRjcdFWxm994wt9/w VcUfambVfvK4ih51d5lrS4Mm80CyL2nqzpvgPhXQ6WGp0HqyWYGa9qQil0LCIizohNb2Qe 6/pfrv7s8p35yB+9qLqldOdM1YJgWiW2ynF5S5rb4+ajCngjMQL0hUJ2JY4GKRV1IjeUn6 PVsUC+bo6DFizeOAVRAoeKACe9PL8Lt76z5eXAWzCEGW9GIGrqCkxXJEf3XVEg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none X-ThisMailContainsUnwantedMimeParts: N The branch main has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=742e7210d00b359d81b9c778ab520003704e9b6c commit 742e7210d00b359d81b9c778ab520003704e9b6c Author: Kristof Provost AuthorDate: 2022-04-11 13:58:28 +0000 Commit: Kristof Provost CommitDate: 2022-04-12 08:04:59 +0000 udp: allow udp_tun_func_t() to indicate it did not eat the packet Allow udp tunnel functions to indicate they have not taken ownership of the packet, and that normal UDP processing should continue. This is especially useful for scenarios where the kernel has taken ownership of a socket that was originally created by userspace. It allows the tunnel function to pass through certain packets for userspace processing. The primary user of this is if_ovpn, when it receives messages from unknown peers (which might be a new client). Reviewed by: tuexen Sponsored by: Rubicon Communications, LLC ("Netgate") Differential Revision: https://reviews.freebsd.org/D34883 --- sys/net/if_vxlan.c | 6 ++++-- sys/netinet/ip_gre.c | 6 ++++-- sys/netinet/sctputil.c | 6 ++++-- sys/netinet/tcp_subr.c | 6 ++++-- sys/netinet/udp_usrreq.c | 6 ++++-- sys/netinet/udp_var.h | 5 ++++- sys/netinet6/ip6_gre.c | 8 +++++--- 7 files changed, 29 insertions(+), 14 deletions(-) diff --git a/sys/net/if_vxlan.c b/sys/net/if_vxlan.c index 291c7b591766..99efbe255695 100644 --- a/sys/net/if_vxlan.c +++ b/sys/net/if_vxlan.c @@ -363,7 +363,7 @@ static int vxlan_encap6(struct vxlan_softc *, const union vxlan_sockaddr *, struct mbuf *); static int vxlan_transmit(struct ifnet *, struct mbuf *); static void vxlan_qflush(struct ifnet *); -static void vxlan_rcv_udp_packet(struct mbuf *, int, struct inpcb *, +static bool vxlan_rcv_udp_packet(struct mbuf *, int, struct inpcb *, const struct sockaddr *, void *); static int vxlan_input(struct vxlan_socket *, uint32_t, struct mbuf **, const struct sockaddr *); @@ -2758,7 +2758,7 @@ vxlan_qflush(struct ifnet *ifp __unused) { } -static void +static bool vxlan_rcv_udp_packet(struct mbuf *m, int offset, struct inpcb *inpcb, const struct sockaddr *srcsa, void *xvso) { @@ -2802,6 +2802,8 @@ vxlan_rcv_udp_packet(struct mbuf *m, int offset, struct inpcb *inpcb, out: if (m != NULL) m_freem(m); + + return (true); } static int diff --git a/sys/netinet/ip_gre.c b/sys/netinet/ip_gre.c index a70452026642..93261a094a36 100644 --- a/sys/netinet/ip_gre.c +++ b/sys/netinet/ip_gre.c @@ -219,7 +219,7 @@ in_gre_srcaddr(void *arg __unused, const struct sockaddr *sa, } } -static void +static bool in_gre_udp_input(struct mbuf *m, int off, struct inpcb *inp, const struct sockaddr *sa, void *ctx) { @@ -237,9 +237,11 @@ in_gre_udp_input(struct mbuf *m, int off, struct inpcb *inp, } if (sc != NULL && (GRE2IFP(sc)->if_flags & IFF_UP) != 0){ gre_input(m, off + sizeof(struct udphdr), IPPROTO_UDP, sc); - return; + return (true); } m_freem(m); + + return (true); } static int diff --git a/sys/netinet/sctputil.c b/sys/netinet/sctputil.c index e0ac9e23fc68..7b82a2ce6d86 100644 --- a/sys/netinet/sctputil.c +++ b/sys/netinet/sctputil.c @@ -7094,7 +7094,7 @@ sctp_log_trace(uint32_t subsys, const char *str SCTP_UNUSED, uint32_t a, uint32_ } #endif -static void +static bool sctp_recv_udp_tunneled_packet(struct mbuf *m, int off, struct inpcb *inp, const struct sockaddr *sa SCTP_UNUSED, void *ctx SCTP_UNUSED) { @@ -7172,9 +7172,11 @@ sctp_recv_udp_tunneled_packet(struct mbuf *m, int off, struct inpcb *inp, goto out; break; } - return; + return (true); out: m_freem(m); + + return (true); } #ifdef INET diff --git a/sys/netinet/tcp_subr.c b/sys/netinet/tcp_subr.c index 95c34c581e59..348a8bb7151e 100644 --- a/sys/netinet/tcp_subr.c +++ b/sys/netinet/tcp_subr.c @@ -590,7 +590,7 @@ tcp_switch_back_to_default(struct tcpcb *tp) } } -static void +static bool tcp_recv_udp_tunneled_packet(struct mbuf *m, int off, struct inpcb *inp, const struct sockaddr *sa, void *ctx) { @@ -659,9 +659,11 @@ tcp_recv_udp_tunneled_packet(struct mbuf *m, int off, struct inpcb *inp, goto out; break; } - return; + return (true); out: m_freem(m); + + return (true); } static int diff --git a/sys/netinet/udp_usrreq.c b/sys/netinet/udp_usrreq.c index f216e993b4f3..f35ba81f3936 100644 --- a/sys/netinet/udp_usrreq.c +++ b/sys/netinet/udp_usrreq.c @@ -278,6 +278,7 @@ udp_append(struct inpcb *inp, struct ip *ip, struct mbuf *n, int off, struct sockaddr_in6 udp_in6; #endif struct udpcb *up; + bool filtered; INP_LOCK_ASSERT(inp); @@ -288,10 +289,11 @@ udp_append(struct inpcb *inp, struct ip *ip, struct mbuf *n, int off, if (up->u_tun_func != NULL) { in_pcbref(inp); INP_RUNLOCK(inp); - (*up->u_tun_func)(n, off, inp, (struct sockaddr *)&udp_in[0], + filtered = (*up->u_tun_func)(n, off, inp, (struct sockaddr *)&udp_in[0], up->u_tun_ctx); INP_RLOCK(inp); - return (in_pcbrele_rlocked(inp)); + if (filtered) + return (in_pcbrele_rlocked(inp)); } off += sizeof(struct udphdr); diff --git a/sys/netinet/udp_var.h b/sys/netinet/udp_var.h index cd9c4fd47e4f..9db5494ab82b 100644 --- a/sys/netinet/udp_var.h +++ b/sys/netinet/udp_var.h @@ -36,6 +36,7 @@ #ifndef _NETINET_UDP_VAR_H_ #define _NETINET_UDP_VAR_H_ +#include #include #include @@ -60,7 +61,8 @@ struct udpiphdr { struct inpcb; struct mbuf; -typedef void(*udp_tun_func_t)(struct mbuf *, int, struct inpcb *, +#ifdef _KERNEL +typedef bool(*udp_tun_func_t)(struct mbuf *, int, struct inpcb *, const struct sockaddr *, void *); typedef void(*udp_tun_icmp_t)(int, struct sockaddr *, void *, void *); @@ -78,6 +80,7 @@ struct udpcb { #define intoudpcb(ip) ((struct udpcb *)(ip)->inp_ppcb) #define sotoudpcb(so) (intoudpcb(sotoinpcb(so))) +#endif /* IPsec: ESP in UDP tunneling: */ #define UF_ESPINUDP_NON_IKE 0x00000001 /* w/ non-IKE marker .. */ diff --git a/sys/netinet6/ip6_gre.c b/sys/netinet6/ip6_gre.c index eb3f92d55adc..9057a95e109b 100644 --- a/sys/netinet6/ip6_gre.c +++ b/sys/netinet6/ip6_gre.c @@ -212,7 +212,7 @@ in6_gre_srcaddr(void *arg __unused, const struct sockaddr *sa, } } -static void +static bool in6_gre_udp_input(struct mbuf *m, int off, struct inpcb *inp, const struct sockaddr *sa, void *ctx) { @@ -226,7 +226,7 @@ in6_gre_udp_input(struct mbuf *m, int off, struct inpcb *inp, dst = *(const struct sockaddr_in6 *)sa; if (sa6_embedscope(&dst, 0)) { m_freem(m); - return; + return (true); } CK_LIST_FOREACH(sc, &gs->list, chain) { if (IN6_ARE_ADDR_EQUAL(&sc->gre_oip6.ip6_dst, &dst.sin6_addr)) @@ -234,9 +234,11 @@ in6_gre_udp_input(struct mbuf *m, int off, struct inpcb *inp, } if (sc != NULL && (GRE2IFP(sc)->if_flags & IFF_UP) != 0){ gre_input(m, off + sizeof(struct udphdr), IPPROTO_UDP, sc); - return; + return (true); } m_freem(m); + + return (true); } static int