[TCP]: MD5 Signature Option (RFC2385) support.

Based on implementation by Rick Payne. Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org> Signed-off-by: David S. Miller <davem@davemloft.net>
author: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org> 2006-11-14 22:07:45 -0500
committer: David S. Miller <davem@sunset.davemloft.net> 2006-12-03 00:22:39 -0500
commit: cfb6eeb4c860592edd123fdea908d23c6ad1c7dc (patch)
tree: 361c073622faa540ef6602ef1b0a6e8c0a17fc60 /include/net/tcp.h
parent: bf6bce71eae386dbc37f93af7e5ad173450d9945 (diff)
1 files changed, 143 insertions, 0 deletions
diff --git a/include/net/tcp.h b/include/net/tcp.h
index e1a5d29d0a1f..363960872de0 100644
--- a/include/net/tcp.h
+++ b/include/net/tcp.h
@@ -28,6 +28,7 @@
 #include <linux/percpu.h>
 #include <linux/skbuff.h>
 #include <linux/dmaengine.h>
+#include <linux/crypto.h>
 #include <net/inet_connection_sock.h>
 #include <net/inet_timewait_sock.h>
@@ -161,6 +162,7 @@ extern void tcp_time_wait(struct sock *sk, int state, int timeo);
 #define TCPOPT_SACK_PERM        4       /* SACK Permitted */
 #define TCPOPT_SACK             5       /* SACK Block */
 #define TCPOPT_TIMESTAMP        8       /* Better RTT estimations/PAWS */
+#define TCPOPT_MD5SIG           19      /* MD5 Signature (RFC2385) */
 /*
 *     TCP option lengths
@@ -170,6 +172,7 @@ extern void tcp_time_wait(struct sock *sk, int state, int timeo);
 #define TCPOLEN_WINDOW         3
 #define TCPOLEN_SACK_PERM      2
 #define TCPOLEN_TIMESTAMP      10
+#define TCPOLEN_MD5SIG         18
 /* But this is what stacks really send out. */
 #define TCPOLEN_TSTAMP_ALIGNED          12
@@ -178,6 +181,7 @@ extern void tcp_time_wait(struct sock *sk, int state, int timeo);
 #define TCPOLEN_SACK_BASE               2
 #define TCPOLEN_SACK_BASE_ALIGNED       4
 #define TCPOLEN_SACK_PERBLOCK           8
+#define TCPOLEN_MD5SIG_ALIGNED          20
 /* Flags in tp->nonagle */
 #define TCP_NAGLE_OFF           1       /* Nagle's algo is disabled */
@@ -299,6 +303,8 @@ extern void			tcp_cleanup_rbuf(struct sock *sk, int copied);
 extern int                      tcp_twsk_unique(struct sock *sk,
                                                struct sock *sktw, void *twp);
+extern void                     tcp_twsk_destructor(struct sock *sk);
 static inline void tcp_dec_quickack_mode(struct sock *sk,
                                         const unsigned int pkts)
 {
@@ -1064,6 +1070,114 @@ static inline void clear_all_retrans_hints(struct tcp_sock *tp){
        tp->fastpath_skb_hint = NULL;
 }
+/* MD5 Signature */
+struct crypto_hash;
+/* - key database */
+struct tcp_md5sig_key {
+        u8                      *key;
+        u8                      keylen;
+};
+struct tcp4_md5sig_key {
+        u8                      *key;
+        u16                     keylen;
+        __be32                  addr;
+};
+struct tcp6_md5sig_key {
+        u8                      *key;
+        u16                     keylen;
+#if 0
+        u32                     scope_id;       /* XXX */
+#endif
+        struct in6_addr         addr;
+};
+/* - sock block */
+struct tcp_md5sig_info {
+        struct tcp4_md5sig_key  *keys4;
+#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
+        struct tcp6_md5sig_key  *keys6;
+        u32                     entries6;
+        u32                     alloced6;
+#endif
+        u32                     entries4;
+        u32                     alloced4;
+};
+/* - pseudo header */
+struct tcp4_pseudohdr {
+        __be32          saddr;
+        __be32          daddr;
+        __u8            pad;
+        __u8            protocol;
+        __be16          len;
+};
+struct tcp6_pseudohdr {
+        struct in6_addr saddr;
+        struct in6_addr daddr;
+        __be32          len;
+        __be32          protocol;       /* including padding */
+};
+union tcp_md5sum_block {
+        struct tcp4_pseudohdr ip4;
+#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
+        struct tcp6_pseudohdr ip6;
+#endif
+};
+/* - pool: digest algorithm, hash description and scratch buffer */
+struct tcp_md5sig_pool {
+        struct hash_desc        md5_desc;
+        union tcp_md5sum_block  md5_blk;
+};
+#define TCP_MD5SIG_MAXKEYS      (~(u32)0)       /* really?! */
+/* - functions */
+extern int                      tcp_v4_calc_md5_hash(char *md5_hash,
+                                                     struct tcp_md5sig_key *key,
+                                                     struct sock *sk,
+                                                     struct dst_entry *dst,
+                                                     struct request_sock *req,
+                                                     struct tcphdr *th,
+                                                     int protocol, int tcplen);
+extern struct tcp_md5sig_key    *tcp_v4_md5_lookup(struct sock *sk,
+                                                   struct sock *addr_sk);
+extern int                      tcp_v4_md5_do_add(struct sock *sk,
+                                                  __be32 addr,
+                                                  u8 *newkey,
+                                                  u8 newkeylen);
+extern int                      tcp_v4_md5_do_del(struct sock *sk,
+                                                  u32 addr);
+extern struct tcp_md5sig_pool   **tcp_alloc_md5sig_pool(void);
+extern void                     tcp_free_md5sig_pool(void);
+extern struct tcp_md5sig_pool   *__tcp_get_md5sig_pool(int cpu);
+extern void                     __tcp_put_md5sig_pool(void);
+static inline
+struct tcp_md5sig_pool          *tcp_get_md5sig_pool(void)
+{
+        int cpu = get_cpu();
+        struct tcp_md5sig_pool *ret = __tcp_get_md5sig_pool(cpu);
+        if (!ret)
+                put_cpu();
+        return ret;
+}
+static inline void              tcp_put_md5sig_pool(void)
+{
+        __tcp_put_md5sig_pool();
+        put_cpu();
+}
 /* /proc */
 enum tcp_seq_states {
        TCP_SEQ_STATE_LISTENING,
@@ -1103,6 +1217,35 @@ extern int  tcp4_proc_init(void);
 extern void tcp4_proc_exit(void);
 #endif
+/* TCP af-specific functions */
+struct tcp_sock_af_ops {
+#ifdef CONFIG_TCP_MD5SIG
+        struct tcp_md5sig_key   *(*md5_lookup) (struct sock *sk,
+                                                struct sock *addr_sk);
+        int                     (*calc_md5_hash) (char *location,
+                                                  struct tcp_md5sig_key *md5,
+                                                  struct sock *sk,
+                                                  struct dst_entry *dst,
+                                                  struct request_sock *req,
+                                                  struct tcphdr *th,
+                                                  int protocol, int len);
+        int                     (*md5_add) (struct sock *sk,
+                                            struct sock *addr_sk,
+                                            u8 *newkey,
+                                            u8 len);
+        int                     (*md5_parse) (struct sock *sk,
+                                              char __user *optval,
+                                              int optlen);
+#endif
+};
+struct tcp_request_sock_ops {
+#ifdef CONFIG_TCP_MD5SIG
+        struct tcp_md5sig_key   *(*md5_lookup) (struct sock *sk,
+                                                struct request_sock *req);
+#endif
+};
 extern void tcp_v4_init(struct net_proto_family *ops);
 extern void tcp_init(void);
author	YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>	2006-11-14 22:07:45 -0500
committer	David S. Miller <davem@sunset.davemloft.net>	2006-12-03 00:22:39 -0500
commit	cfb6eeb4c860592edd123fdea908d23c6ad1c7dc (patch)
tree	361c073622faa540ef6602ef1b0a6e8c0a17fc60 /include/net/tcp.h
parent	bf6bce71eae386dbc37f93af7e5ad173450d9945 (diff)

diff --git a/include/net/tcp.h b/include/net/tcp.h index e1a5d29d0a1f..363960872de0 100644 --- a/include/net/tcp.h +++ b/include/net/tcp.h
@@ -28,6 +28,7 @@
28	#include <linux/percpu.h>	28	#include <linux/percpu.h>
29	#include <linux/skbuff.h>	29	#include <linux/skbuff.h>
30	#include <linux/dmaengine.h>	30	#include <linux/dmaengine.h>
		31	#include <linux/crypto.h>
31		32
32	#include <net/inet_connection_sock.h>	33	#include <net/inet_connection_sock.h>
33	#include <net/inet_timewait_sock.h>	34	#include <net/inet_timewait_sock.h>
@@ -161,6 +162,7 @@ extern void tcp_time_wait(struct sock *sk, int state, int timeo);
161	#define TCPOPT_SACK_PERM 4 /* SACK Permitted */	162	#define TCPOPT_SACK_PERM 4 /* SACK Permitted */
162	#define TCPOPT_SACK 5 /* SACK Block */	163	#define TCPOPT_SACK 5 /* SACK Block */
163	#define TCPOPT_TIMESTAMP 8 /* Better RTT estimations/PAWS */	164	#define TCPOPT_TIMESTAMP 8 /* Better RTT estimations/PAWS */
		165	#define TCPOPT_MD5SIG 19 /* MD5 Signature (RFC2385) */
164		166
165	/*	167	/*
166	* TCP option lengths	168	* TCP option lengths
@@ -170,6 +172,7 @@ extern void tcp_time_wait(struct sock *sk, int state, int timeo);
170	#define TCPOLEN_WINDOW 3	172	#define TCPOLEN_WINDOW 3
171	#define TCPOLEN_SACK_PERM 2	173	#define TCPOLEN_SACK_PERM 2
172	#define TCPOLEN_TIMESTAMP 10	174	#define TCPOLEN_TIMESTAMP 10
		175	#define TCPOLEN_MD5SIG 18
173		176
174	/* But this is what stacks really send out. */	177	/* But this is what stacks really send out. */
175	#define TCPOLEN_TSTAMP_ALIGNED 12	178	#define TCPOLEN_TSTAMP_ALIGNED 12
@@ -178,6 +181,7 @@ extern void tcp_time_wait(struct sock *sk, int state, int timeo);
178	#define TCPOLEN_SACK_BASE 2	181	#define TCPOLEN_SACK_BASE 2
179	#define TCPOLEN_SACK_BASE_ALIGNED 4	182	#define TCPOLEN_SACK_BASE_ALIGNED 4
180	#define TCPOLEN_SACK_PERBLOCK 8	183	#define TCPOLEN_SACK_PERBLOCK 8
		184	#define TCPOLEN_MD5SIG_ALIGNED 20
181		185
182	/* Flags in tp->nonagle */	186	/* Flags in tp->nonagle */
183	#define TCP_NAGLE_OFF 1 /* Nagle's algo is disabled */	187	#define TCP_NAGLE_OFF 1 /* Nagle's algo is disabled */
@@ -299,6 +303,8 @@ extern void tcp_cleanup_rbuf(struct sock *sk, int copied);
299	extern int tcp_twsk_unique(struct sock *sk,	303	extern int tcp_twsk_unique(struct sock *sk,
300	struct sock sktw, void twp);	304	struct sock sktw, void twp);
301		305
		306	extern void tcp_twsk_destructor(struct sock *sk);
		307
302	static inline void tcp_dec_quickack_mode(struct sock *sk,	308	static inline void tcp_dec_quickack_mode(struct sock *sk,
303	const unsigned int pkts)	309	const unsigned int pkts)
304	{	310	{
@@ -1064,6 +1070,114 @@ static inline void clear_all_retrans_hints(struct tcp_sock *tp){
1064	tp->fastpath_skb_hint = NULL;	1070	tp->fastpath_skb_hint = NULL;
1065	}	1071	}
1066		1072
		1073	/* MD5 Signature */
		1074	struct crypto_hash;
		1075
		1076	/* - key database */
		1077	struct tcp_md5sig_key {
		1078	u8 *key;
		1079	u8 keylen;
		1080	};
		1081
		1082	struct tcp4_md5sig_key {
		1083	u8 *key;
		1084	u16 keylen;
		1085	__be32 addr;
		1086	};
		1087
		1088	struct tcp6_md5sig_key {
		1089	u8 *key;
		1090	u16 keylen;
		1091	#if 0
		1092	u32 scope_id; /* XXX */
		1093	#endif
		1094	struct in6_addr addr;
		1095	};
		1096
		1097	/* - sock block */
		1098	struct tcp_md5sig_info {
		1099	struct tcp4_md5sig_key *keys4;
		1100	#if defined(CONFIG_IPV6) \|\| defined(CONFIG_IPV6_MODULE)
		1101	struct tcp6_md5sig_key *keys6;
		1102	u32 entries6;
		1103	u32 alloced6;
		1104	#endif
		1105	u32 entries4;
		1106	u32 alloced4;
		1107	};
		1108
		1109	/* - pseudo header */
		1110	struct tcp4_pseudohdr {
		1111	__be32 saddr;
		1112	__be32 daddr;
		1113	__u8 pad;
		1114	__u8 protocol;
		1115	__be16 len;
		1116	};
		1117
		1118	struct tcp6_pseudohdr {
		1119	struct in6_addr saddr;
		1120	struct in6_addr daddr;
		1121	__be32 len;
		1122	__be32 protocol; /* including padding */
		1123	};
		1124
		1125	union tcp_md5sum_block {
		1126	struct tcp4_pseudohdr ip4;
		1127	#if defined(CONFIG_IPV6) \|\| defined(CONFIG_IPV6_MODULE)
		1128	struct tcp6_pseudohdr ip6;
		1129	#endif
		1130	};
		1131
		1132	/* - pool: digest algorithm, hash description and scratch buffer */
		1133	struct tcp_md5sig_pool {
		1134	struct hash_desc md5_desc;
		1135	union tcp_md5sum_block md5_blk;
		1136	};
		1137
		1138	#define TCP_MD5SIG_MAXKEYS (~(u32)0) /* really?! */
		1139
		1140	/* - functions */
		1141	extern int tcp_v4_calc_md5_hash(char *md5_hash,
		1142	struct tcp_md5sig_key *key,
		1143	struct sock *sk,
		1144	struct dst_entry *dst,
		1145	struct request_sock *req,
		1146	struct tcphdr *th,
		1147	int protocol, int tcplen);
		1148	extern struct tcp_md5sig_key tcp_v4_md5_lookup(struct sock sk,
		1149	struct sock *addr_sk);
		1150
		1151	extern int tcp_v4_md5_do_add(struct sock *sk,
		1152	__be32 addr,
		1153	u8 *newkey,
		1154	u8 newkeylen);
		1155
		1156	extern int tcp_v4_md5_do_del(struct sock *sk,
		1157	u32 addr);
		1158
		1159	extern struct tcp_md5sig_pool **tcp_alloc_md5sig_pool(void);
		1160	extern void tcp_free_md5sig_pool(void);
		1161
		1162	extern struct tcp_md5sig_pool *__tcp_get_md5sig_pool(int cpu);
		1163	extern void __tcp_put_md5sig_pool(void);
		1164
		1165	static inline
		1166	struct tcp_md5sig_pool *tcp_get_md5sig_pool(void)
		1167	{
		1168	int cpu = get_cpu();
		1169	struct tcp_md5sig_pool *ret = __tcp_get_md5sig_pool(cpu);
		1170	if (!ret)
		1171	put_cpu();
		1172	return ret;
		1173	}
		1174
		1175	static inline void tcp_put_md5sig_pool(void)
		1176	{
		1177	__tcp_put_md5sig_pool();
		1178	put_cpu();
		1179	}
		1180
1067	/* /proc */	1181	/* /proc */
1068	enum tcp_seq_states {	1182	enum tcp_seq_states {
1069	TCP_SEQ_STATE_LISTENING,	1183	TCP_SEQ_STATE_LISTENING,
@@ -1103,6 +1217,35 @@ extern int tcp4_proc_init(void);
1103	extern void tcp4_proc_exit(void);	1217	extern void tcp4_proc_exit(void);
1104	#endif	1218	#endif
1105		1219
		1220	/* TCP af-specific functions */
		1221	struct tcp_sock_af_ops {
		1222	#ifdef CONFIG_TCP_MD5SIG
		1223	struct tcp_md5sig_key (md5_lookup) (struct sock *sk,
		1224	struct sock *addr_sk);
		1225	int (calc_md5_hash) (char location,
		1226	struct tcp_md5sig_key *md5,
		1227	struct sock *sk,
		1228	struct dst_entry *dst,
		1229	struct request_sock *req,
		1230	struct tcphdr *th,
		1231	int protocol, int len);
		1232	int (md5_add) (struct sock sk,
		1233	struct sock *addr_sk,
		1234	u8 *newkey,
		1235	u8 len);
		1236	int (md5_parse) (struct sock sk,
		1237	char __user *optval,
		1238	int optlen);
		1239	#endif
		1240	};
		1241
		1242	struct tcp_request_sock_ops {
		1243	#ifdef CONFIG_TCP_MD5SIG
		1244	struct tcp_md5sig_key (md5_lookup) (struct sock *sk,
		1245	struct request_sock *req);
		1246	#endif
		1247	};
		1248
1106	extern void tcp_v4_init(struct net_proto_family *ops);	1249	extern void tcp_v4_init(struct net_proto_family *ops);
1107	extern void tcp_init(void);	1250	extern void tcp_init(void);
1108		1251