1 /* 2 * Copyright (c) 2004 The DragonFly Project. All rights reserved. 3 * 4 * Copyright (c) 1982, 1986, 1991, 1993 5 * The Regents of the University of California. All rights reserved. 6 * (c) UNIX System Laboratories, Inc. 7 * All or some portions of this file are derived from material licensed 8 * to the University of California by American Telephone and Telegraph 9 * Co. or Unix System Laboratories, Inc. and are reproduced herein with 10 * the permission of UNIX System Laboratories, Inc. 11 * 12 * Redistribution and use in source and binary forms, with or without 13 * modification, are permitted provided that the following conditions 14 * are met: 15 * 1. Redistributions of source code must retain the above copyright 16 * notice, this list of conditions and the following disclaimer. 17 * 2. Redistributions in binary form must reproduce the above copyright 18 * notice, this list of conditions and the following disclaimer in the 19 * documentation and/or other materials provided with the distribution. 20 * 3. Neither the name of the University nor the names of its contributors 21 * may be used to endorse or promote products derived from this software 22 * without specific prior written permission. 23 * 24 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 25 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 26 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 27 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 28 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 29 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 30 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 31 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 32 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 33 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 34 * SUCH DAMAGE. 35 * 36 * @(#)kern_subr.c 8.3 (Berkeley) 1/21/94 37 */ 38 39 #include <sys/param.h> 40 #include <sys/systm.h> 41 #include <sys/socket.h> 42 #include <sys/socketvar.h> 43 #include <sys/proc.h> 44 #include <sys/malloc.h> 45 #include <sys/queue.h> 46 #include <sys/kernel.h> 47 #include <sys/resourcevar.h> 48 #include <vm/vm_zone.h> 49 50 #include <net/if.h> 51 52 #include <netinet/in.h> 53 #include <netinet/in_var.h> 54 #include <netinet/tcp.h> 55 56 #include <net/pf/pfvar.h> 57 #include <sys/md5.h> 58 #include <sys/random.h> 59 60 /* 61 * This implements additional functions used by pf which can not be ported 62 * easyly. At this point it boils down to mostly the Net/OpenBSD hook 63 * implementation. 64 * 65 * BEWARE: this is not locked! Required locking is done by the caller. 66 */ 67 68 void * 69 hook_establish(struct hook_desc_head *head, int tail, void (*fn)(void *), 70 void *arg) 71 { 72 struct hook_desc *hdp; 73 74 hdp = kmalloc(sizeof (*hdp), M_DEVBUF, M_WAITOK); 75 if (hdp == NULL) 76 return (NULL); 77 78 hdp->hd_fn = fn; 79 hdp->hd_arg = arg; 80 if (tail) 81 TAILQ_INSERT_TAIL(head, hdp, hd_list); 82 else 83 TAILQ_INSERT_HEAD(head, hdp, hd_list); 84 85 return (hdp); 86 } 87 88 void 89 hook_disestablish(struct hook_desc_head *head, void *vhook) 90 { 91 struct hook_desc *hdp; 92 93 #ifdef DIAGNOSTIC 94 for (hdp = TAILQ_FIRST(head); hdp != NULL; 95 hdp = TAILQ_NEXT(hdp, hd_list)) 96 if (hdp == vhook) 97 break; 98 if (hdp == NULL) 99 panic("hook_disestablish: hook not established"); 100 #endif 101 hdp = vhook; 102 TAILQ_REMOVE(head, hdp, hd_list); 103 kfree(hdp, M_DEVBUF); 104 } 105 106 /* 107 * Run hooks. Startup hooks are invoked right after scheduler_start but 108 * before root is mounted. Shutdown hooks are invoked immediately before the 109 * system is halted or rebooted, i.e. after file systems unmounted, 110 * after crash dump done, etc. 111 */ 112 void 113 dohooks(struct hook_desc_head *head, int flags) 114 { 115 struct hook_desc *hdp; 116 117 if ((flags & HOOK_REMOVE) == 0) { 118 TAILQ_FOREACH(hdp, head, hd_list) { 119 (*hdp->hd_fn)(hdp->hd_arg); 120 } 121 } else { 122 while ((hdp = TAILQ_FIRST(head)) != NULL) { 123 TAILQ_REMOVE(head, hdp, hd_list); 124 (*hdp->hd_fn)(hdp->hd_arg); 125 if ((flags & HOOK_FREE) != 0) 126 kfree(hdp, M_DEVBUF); 127 } 128 } 129 } 130 131 132 /* 133 * Following is where TCP initial sequence number generation occurs. 134 * 135 * There are two places where we must use initial sequence numbers: 136 * 1. In SYN-ACK packets. 137 * 2. In SYN packets. 138 * 139 * All ISNs for SYN-ACK packets are generated by the syncache. See 140 * tcp_syncache.c for details. 141 * 142 * The ISNs in SYN packets must be monotonic; TIME_WAIT recycling 143 * depends on this property. In addition, these ISNs should be 144 * unguessable so as to prevent connection hijacking. To satisfy 145 * the requirements of this situation, the algorithm outlined in 146 * RFC 1948 is used, with only small modifications. 147 * 148 * Implementation details: 149 * 150 * Time is based off the system timer, and is corrected so that it 151 * increases by one megabyte per second. This allows for proper 152 * recycling on high speed LANs while still leaving over an hour 153 * before rollover. 154 * 155 * As reading the *exact* system time is too expensive to be done 156 * whenever setting up a TCP connection, we increment the time 157 * offset in two ways. First, a small random positive increment 158 * is added to isn_offset for each connection that is set up. 159 * Second, the function tcp_isn_tick fires once per clock tick 160 * and increments isn_offset as necessary so that sequence numbers 161 * are incremented at approximately ISN_BYTES_PER_SECOND. The 162 * random positive increments serve only to ensure that the same 163 * exact sequence number is never sent out twice (as could otherwise 164 * happen when a port is recycled in less than the system tick 165 * interval.) 166 * 167 * net.inet.tcp.isn_reseed_interval controls the number of seconds 168 * between seeding of isn_secret. This is normally set to zero, 169 * as reseeding should not be necessary. 170 * 171 * Locking of the global variables isn_secret, isn_last_reseed, isn_offset, 172 * isn_offset_old, and isn_ctx is performed using the TCP pcbinfo lock. In 173 * general, this means holding an exclusive (write) lock. 174 */ 175 176 #define ISN_BYTES_PER_SECOND 1048576 177 #define ISN_STATIC_INCREMENT 4096 178 #define ISN_RANDOM_INCREMENT (4096 - 1) 179 180 /* wrapper functions for pool_* */ 181 void * 182 pool_get(vm_zone_t *pp, int flags) 183 { 184 void *retval; 185 retval = zalloc(*(pp)); 186 187 if (flags & PR_ZERO) 188 bzero(retval, (*pp)->zsize); 189 190 return retval; 191 } 192