aboutsummaryrefslogtreecommitdiffstats
path: root/include
diff options
context:
space:
mode:
authorDavid Howells <dhowells@redhat.com>2007-04-26 18:48:28 -0400
committerDavid S. Miller <davem@davemloft.net>2007-04-26 18:48:28 -0400
commit17926a79320afa9b95df6b977b40cca6d8713cea (patch)
tree5cedff43b69520ad17b86783d3752053686ec99c /include
parente19dff1fdd99a25819af74cf0710e147fff4fd3a (diff)
[AF_RXRPC]: Provide secure RxRPC sockets for use by userspace and kernel both
Provide AF_RXRPC sockets that can be used to talk to AFS servers, or serve answers to AFS clients. KerberosIV security is fully supported. The patches and some example test programs can be found in: http://people.redhat.com/~dhowells/rxrpc/ This will eventually replace the old implementation of kernel-only RxRPC currently resident in net/rxrpc/. Signed-off-by: David Howells <dhowells@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'include')
-rw-r--r--include/keys/rxrpc-type.h22
-rw-r--r--include/linux/net.h2
-rw-r--r--include/linux/rxrpc.h62
-rw-r--r--include/linux/socket.h5
-rw-r--r--include/net/af_rxrpc.h17
-rw-r--r--include/rxrpc/packet.h85
6 files changed, 189 insertions, 4 deletions
diff --git a/include/keys/rxrpc-type.h b/include/keys/rxrpc-type.h
new file mode 100644
index 000000000000..e2ee73aef0ee
--- /dev/null
+++ b/include/keys/rxrpc-type.h
@@ -0,0 +1,22 @@
1/* RxRPC key type
2 *
3 * Copyright (C) 2007 Red Hat, Inc. All Rights Reserved.
4 * Written by David Howells (dhowells@redhat.com)
5 *
6 * This program is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU General Public License
8 * as published by the Free Software Foundation; either version
9 * 2 of the License, or (at your option) any later version.
10 */
11
12#ifndef _KEYS_RXRPC_TYPE_H
13#define _KEYS_RXRPC_TYPE_H
14
15#include <linux/key.h>
16
17/*
18 * key type for AF_RXRPC keys
19 */
20extern struct key_type key_type_rxrpc;
21
22#endif /* _KEYS_USER_TYPE_H */
diff --git a/include/linux/net.h b/include/linux/net.h
index 4db21e63d8d2..efc45177b503 100644
--- a/include/linux/net.h
+++ b/include/linux/net.h
@@ -24,7 +24,7 @@
24struct poll_table_struct; 24struct poll_table_struct;
25struct inode; 25struct inode;
26 26
27#define NPROTO 33 /* should be enough for now.. */ 27#define NPROTO 34 /* should be enough for now.. */
28 28
29#define SYS_SOCKET 1 /* sys_socket(2) */ 29#define SYS_SOCKET 1 /* sys_socket(2) */
30#define SYS_BIND 2 /* sys_bind(2) */ 30#define SYS_BIND 2 /* sys_bind(2) */
diff --git a/include/linux/rxrpc.h b/include/linux/rxrpc.h
new file mode 100644
index 000000000000..f7b826b565c7
--- /dev/null
+++ b/include/linux/rxrpc.h
@@ -0,0 +1,62 @@
1/* AF_RXRPC parameters
2 *
3 * Copyright (C) 2007 Red Hat, Inc. All Rights Reserved.
4 * Written by David Howells (dhowells@redhat.com)
5 *
6 * This program is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU General Public License
8 * as published by the Free Software Foundation; either version
9 * 2 of the License, or (at your option) any later version.
10 */
11
12#ifndef _LINUX_RXRPC_H
13#define _LINUX_RXRPC_H
14
15#include <linux/in.h>
16#include <linux/in6.h>
17
18/*
19 * RxRPC socket address
20 */
21struct sockaddr_rxrpc {
22 sa_family_t srx_family; /* address family */
23 u16 srx_service; /* service desired */
24 u16 transport_type; /* type of transport socket (SOCK_DGRAM) */
25 u16 transport_len; /* length of transport address */
26 union {
27 sa_family_t family; /* transport address family */
28 struct sockaddr_in sin; /* IPv4 transport address */
29 struct sockaddr_in6 sin6; /* IPv6 transport address */
30 } transport;
31};
32
33/*
34 * RxRPC socket options
35 */
36#define RXRPC_SECURITY_KEY 1 /* [clnt] set client security key */
37#define RXRPC_SECURITY_KEYRING 2 /* [srvr] set ring of server security keys */
38#define RXRPC_EXCLUSIVE_CONNECTION 3 /* [clnt] use exclusive RxRPC connection */
39#define RXRPC_MIN_SECURITY_LEVEL 4 /* minimum security level */
40
41/*
42 * RxRPC control messages
43 * - terminal messages mean that a user call ID tag can be recycled
44 */
45#define RXRPC_USER_CALL_ID 1 /* user call ID specifier */
46#define RXRPC_ABORT 2 /* abort request / notification [terminal] */
47#define RXRPC_ACK 3 /* [Server] RPC op final ACK received [terminal] */
48#define RXRPC_NET_ERROR 5 /* network error received [terminal] */
49#define RXRPC_BUSY 6 /* server busy received [terminal] */
50#define RXRPC_LOCAL_ERROR 7 /* local error generated [terminal] */
51#define RXRPC_NEW_CALL 8 /* [Server] new incoming call notification */
52#define RXRPC_ACCEPT 9 /* [Server] accept request */
53
54/*
55 * RxRPC security levels
56 */
57#define RXRPC_SECURITY_PLAIN 0 /* plain secure-checksummed packets only */
58#define RXRPC_SECURITY_AUTH 1 /* authenticated packets */
59#define RXRPC_SECURITY_ENCRYPT 2 /* encrypted packets */
60
61
62#endif /* _LINUX_RXRPC_H */
diff --git a/include/linux/socket.h b/include/linux/socket.h
index fcd35a210e7f..6e7c9483a6a6 100644
--- a/include/linux/socket.h
+++ b/include/linux/socket.h
@@ -188,7 +188,8 @@ struct ucred {
188#define AF_TIPC 30 /* TIPC sockets */ 188#define AF_TIPC 30 /* TIPC sockets */
189#define AF_BLUETOOTH 31 /* Bluetooth sockets */ 189#define AF_BLUETOOTH 31 /* Bluetooth sockets */
190#define AF_IUCV 32 /* IUCV sockets */ 190#define AF_IUCV 32 /* IUCV sockets */
191#define AF_MAX 33 /* For now.. */ 191#define AF_RXRPC 33 /* RxRPC sockets */
192#define AF_MAX 34 /* For now.. */
192 193
193/* Protocol families, same as address families. */ 194/* Protocol families, same as address families. */
194#define PF_UNSPEC AF_UNSPEC 195#define PF_UNSPEC AF_UNSPEC
@@ -222,6 +223,7 @@ struct ucred {
222#define PF_TIPC AF_TIPC 223#define PF_TIPC AF_TIPC
223#define PF_BLUETOOTH AF_BLUETOOTH 224#define PF_BLUETOOTH AF_BLUETOOTH
224#define PF_IUCV AF_IUCV 225#define PF_IUCV AF_IUCV
226#define PF_RXRPC AF_RXRPC
225#define PF_MAX AF_MAX 227#define PF_MAX AF_MAX
226 228
227/* Maximum queue length specifiable by listen. */ 229/* Maximum queue length specifiable by listen. */
@@ -284,6 +286,7 @@ struct ucred {
284#define SOL_DCCP 269 286#define SOL_DCCP 269
285#define SOL_NETLINK 270 287#define SOL_NETLINK 270
286#define SOL_TIPC 271 288#define SOL_TIPC 271
289#define SOL_RXRPC 272
287 290
288/* IPX options */ 291/* IPX options */
289#define IPX_TYPE 1 292#define IPX_TYPE 1
diff --git a/include/net/af_rxrpc.h b/include/net/af_rxrpc.h
new file mode 100644
index 000000000000..b01ca2589d69
--- /dev/null
+++ b/include/net/af_rxrpc.h
@@ -0,0 +1,17 @@
1/* RxRPC definitions
2 *
3 * Copyright (C) 2006 Red Hat, Inc. All Rights Reserved.
4 * Written by David Howells (dhowells@redhat.com)
5 *
6 * This program is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU General Public License
8 * as published by the Free Software Foundation; either version
9 * 2 of the License, or (at your option) any later version.
10 */
11
12#ifndef _NET_RXRPC_H
13#define _NET_RXRPC_H
14
15#include <linux/rxrpc.h>
16
17#endif /* _NET_RXRPC_H */
diff --git a/include/rxrpc/packet.h b/include/rxrpc/packet.h
index 1447f0aaa0eb..452a9bb02d48 100644
--- a/include/rxrpc/packet.h
+++ b/include/rxrpc/packet.h
@@ -33,7 +33,8 @@ struct rxrpc_header
33#define RXRPC_MAXCALLS 4 /* max active calls per conn */ 33#define RXRPC_MAXCALLS 4 /* max active calls per conn */
34#define RXRPC_CHANNELMASK (RXRPC_MAXCALLS-1) /* mask for channel ID */ 34#define RXRPC_CHANNELMASK (RXRPC_MAXCALLS-1) /* mask for channel ID */
35#define RXRPC_CIDMASK (~RXRPC_CHANNELMASK) /* mask for connection ID */ 35#define RXRPC_CIDMASK (~RXRPC_CHANNELMASK) /* mask for connection ID */
36#define RXRPC_CIDSHIFT 2 /* shift for connection ID */ 36#define RXRPC_CIDSHIFT ilog2(RXRPC_MAXCALLS) /* shift for connection ID */
37#define RXRPC_CID_INC (1 << RXRPC_CIDSHIFT) /* connection ID increment */
37 38
38 __be32 callNumber; /* call ID (0 for connection-level packets) */ 39 __be32 callNumber; /* call ID (0 for connection-level packets) */
39#define RXRPC_PROCESS_MAXCALLS (1<<2) /* maximum number of active calls per conn (power of 2) */ 40#define RXRPC_PROCESS_MAXCALLS (1<<2) /* maximum number of active calls per conn (power of 2) */
@@ -62,7 +63,10 @@ struct rxrpc_header
62 63
63 uint8_t userStatus; /* app-layer defined status */ 64 uint8_t userStatus; /* app-layer defined status */
64 uint8_t securityIndex; /* security protocol ID */ 65 uint8_t securityIndex; /* security protocol ID */
65 __be16 _rsvd; /* reserved (used by kerberos security as cksum) */ 66 union {
67 __be16 _rsvd; /* reserved */
68 __be16 cksum; /* kerberos security checksum */
69 };
66 __be16 serviceId; /* service ID */ 70 __be16 serviceId; /* service ID */
67 71
68} __attribute__((packed)); 72} __attribute__((packed));
@@ -124,4 +128,81 @@ struct rxrpc_ackpacket
124 128
125} __attribute__((packed)); 129} __attribute__((packed));
126 130
131/*
132 * ACK packets can have a further piece of information tagged on the end
133 */
134struct rxrpc_ackinfo {
135 __be32 rxMTU; /* maximum Rx MTU size (bytes) [AFS 3.3] */
136 __be32 maxMTU; /* maximum interface MTU size (bytes) [AFS 3.3] */
137 __be32 rwind; /* Rx window size (packets) [AFS 3.4] */
138 __be32 jumbo_max; /* max packets to stick into a jumbo packet [AFS 3.5] */
139};
140
141/*****************************************************************************/
142/*
143 * Kerberos security type-2 challenge packet
144 */
145struct rxkad_challenge {
146 __be32 version; /* version of this challenge type */
147 __be32 nonce; /* encrypted random number */
148 __be32 min_level; /* minimum security level */
149 __be32 __padding; /* padding to 8-byte boundary */
150} __attribute__((packed));
151
152/*****************************************************************************/
153/*
154 * Kerberos security type-2 response packet
155 */
156struct rxkad_response {
157 __be32 version; /* version of this reponse type */
158 __be32 __pad;
159
160 /* encrypted bit of the response */
161 struct {
162 __be32 epoch; /* current epoch */
163 __be32 cid; /* parent connection ID */
164 __be32 checksum; /* checksum */
165 __be32 securityIndex; /* security type */
166 __be32 call_id[4]; /* encrypted call IDs */
167 __be32 inc_nonce; /* challenge nonce + 1 */
168 __be32 level; /* desired level */
169 } encrypted;
170
171 __be32 kvno; /* Kerberos key version number */
172 __be32 ticket_len; /* Kerberos ticket length */
173} __attribute__((packed));
174
175/*****************************************************************************/
176/*
177 * RxRPC-level abort codes
178 */
179#define RX_CALL_DEAD -1 /* call/conn has been inactive and is shut down */
180#define RX_INVALID_OPERATION -2 /* invalid operation requested / attempted */
181#define RX_CALL_TIMEOUT -3 /* call timeout exceeded */
182#define RX_EOF -4 /* unexpected end of data on read op */
183#define RX_PROTOCOL_ERROR -5 /* low-level protocol error */
184#define RX_USER_ABORT -6 /* generic user abort */
185#define RX_ADDRINUSE -7 /* UDP port in use */
186#define RX_DEBUGI_BADTYPE -8 /* bad debugging packet type */
187
188/*
189 * Rx kerberos security abort codes
190 * - unfortunately we have no generalised security abort codes to say things
191 * like "unsupported security", so we have to use these instead and hope the
192 * other side understands
193 */
194#define RXKADINCONSISTENCY 19270400 /* security module structure inconsistent */
195#define RXKADPACKETSHORT 19270401 /* packet too short for security challenge */
196#define RXKADLEVELFAIL 19270402 /* security level negotiation failed */
197#define RXKADTICKETLEN 19270403 /* ticket length too short or too long */
198#define RXKADOUTOFSEQUENCE 19270404 /* packet had bad sequence number */
199#define RXKADNOAUTH 19270405 /* caller not authorised */
200#define RXKADBADKEY 19270406 /* illegal key: bad parity or weak */
201#define RXKADBADTICKET 19270407 /* security object was passed a bad ticket */
202#define RXKADUNKNOWNKEY 19270408 /* ticket contained unknown key version number */
203#define RXKADEXPIRED 19270409 /* authentication expired */
204#define RXKADSEALEDINCON 19270410 /* sealed data inconsistent */
205#define RXKADDATALEN 19270411 /* user data too long */
206#define RXKADILLEGALLEVEL 19270412 /* caller not authorised to use encrypted conns */
207
127#endif /* _LINUX_RXRPC_PACKET_H */ 208#endif /* _LINUX_RXRPC_PACKET_H */