File Manager

003 File Manager

Current Path: /usr/src/sys/netinet

📁 ..
📄 accf_data.c(1.95 KB)
📄 accf_dns.c(3.37 KB)
📄 accf_http.c(8.35 KB)
📁 cc
📄 dccp.h(2.48 KB)
📄 icmp6.h(26.97 KB)
📄 icmp_var.h(3.78 KB)
📄 if_ether.c(41.26 KB)
📄 if_ether.h(4.62 KB)
📄 igmp.c(98.93 KB)
📄 igmp.h(5.36 KB)
📄 igmp_var.h(8.69 KB)
📄 in.c(43.68 KB)
📄 in.h(25.81 KB)
📄 in_cksum.c(4.09 KB)
📄 in_debug.c(3.48 KB)
📄 in_fib.c(8.62 KB)
📄 in_fib.h(2.59 KB)
📄 in_fib_algo.c(18.68 KB)
📄 in_gif.c(11.76 KB)
📄 in_jail.c(10.31 KB)
📄 in_kdtrace.c(5.61 KB)
📄 in_kdtrace.h(3.31 KB)
📄 in_mcast.c(79.22 KB)
📄 in_pcb.c(90.89 KB)
📄 in_pcb.h(34.46 KB)
📄 in_pcbgroup.c(17.28 KB)
📄 in_prot.c(2.35 KB)
📄 in_proto.c(9.36 KB)
📄 in_rmx.c(4.99 KB)
📄 in_rss.c(11.27 KB)
📄 in_rss.h(2.42 KB)
📄 in_systm.h(2.57 KB)
📄 in_var.h(15.4 KB)
📄 ip.h(7.37 KB)
📄 ip6.h(8.93 KB)
📄 ip_carp.c(53.25 KB)
📄 ip_carp.h(6.79 KB)
📄 ip_divert.c(21.74 KB)
📄 ip_divert.h(2.32 KB)
📄 ip_dummynet.h(8.94 KB)
📄 ip_ecn.c(5.83 KB)
📄 ip_ecn.h(2.1 KB)
📄 ip_encap.c(10.59 KB)
📄 ip_encap.h(3.13 KB)
📄 ip_fastfwd.c(13.79 KB)
📄 ip_fw.h(34.29 KB)
📄 ip_gre.c(15.28 KB)
📄 ip_icmp.c(31.15 KB)
📄 ip_icmp.h(8.52 KB)
📄 ip_id.c(9.78 KB)
📄 ip_input.c(37.16 KB)
📄 ip_mroute.c(75.86 KB)
📄 ip_mroute.h(13.66 KB)
📄 ip_options.c(19.9 KB)
📄 ip_options.h(2.61 KB)
📄 ip_output.c(40.67 KB)
📄 ip_reass.c(22.42 KB)
📄 ip_var.h(11.48 KB)
📁 khelp
📁 libalias
📁 netdump
📄 pim.h(4.25 KB)
📄 pim_var.h(3.14 KB)
📄 raw_ip.c(28.58 KB)
📄 sctp.h(22.97 KB)
📄 sctp_asconf.c(100.05 KB)
📄 sctp_asconf.h(3.31 KB)
📄 sctp_auth.c(50.44 KB)
📄 sctp_auth.h(8.52 KB)
📄 sctp_bsd_addr.c(13.89 KB)
📄 sctp_bsd_addr.h(2.45 KB)
📄 sctp_cc_functions.c(68.75 KB)
📄 sctp_constants.h(34.12 KB)
📄 sctp_crc32.c(4.5 KB)
📄 sctp_crc32.h(2.07 KB)
📄 sctp_header.h(17.48 KB)
📄 sctp_indata.c(175.36 KB)
📄 sctp_indata.h(4.18 KB)
📄 sctp_input.c(183.57 KB)
📄 sctp_input.h(2.43 KB)
📄 sctp_kdtrace.c(7.51 KB)
📄 sctp_kdtrace.h(3.6 KB)
📄 sctp_lock_bsd.h(15.64 KB)
📄 sctp_module.c(5.16 KB)
📄 sctp_os.h(2.73 KB)
📄 sctp_os_bsd.h(15.04 KB)
📄 sctp_output.c(362.89 KB)
📄 sctp_output.h(6.38 KB)
📄 sctp_pcb.c(198.87 KB)
📄 sctp_pcb.h(19.31 KB)
📄 sctp_peeloff.c(5.74 KB)
📄 sctp_peeloff.h(2.05 KB)
📄 sctp_ss_functions.c(30.72 KB)
📄 sctp_structs.h(38.29 KB)
📄 sctp_syscalls.c(13.94 KB)
📄 sctp_sysctl.c(37.45 KB)
📄 sctp_sysctl.h(22.9 KB)
📄 sctp_timer.c(47.92 KB)
📄 sctp_timer.h(3.07 KB)
📄 sctp_uio.h(38.07 KB)
📄 sctp_usrreq.c(216.08 KB)
📄 sctp_var.h(12.21 KB)
📄 sctputil.c(212.13 KB)
📄 sctputil.h(11.69 KB)
📄 siftr.c(45.2 KB)
📄 tcp.h(18.3 KB)
📄 tcp_debug.c(5.9 KB)
📄 tcp_debug.h(2.65 KB)
📄 tcp_fastopen.c(37.98 KB)
📄 tcp_fastopen.h(3.7 KB)
📄 tcp_fsm.h(4.25 KB)
📄 tcp_hostcache.c(21.43 KB)
📄 tcp_hostcache.h(2.92 KB)
📄 tcp_hpts.c(57.55 KB)
📄 tcp_hpts.h(9.89 KB)
📄 tcp_input.c(115.95 KB)
📄 tcp_log_buf.c(76.37 KB)
📄 tcp_log_buf.h(14.88 KB)
📄 tcp_lro.c(36.38 KB)
📄 tcp_lro.h(4.43 KB)
📄 tcp_offload.c(5.48 KB)
📄 tcp_offload.h(2.09 KB)
📄 tcp_output.c(60.16 KB)
📄 tcp_pcap.c(12.67 KB)
📄 tcp_pcap.h(1.76 KB)
📄 tcp_ratelimit.c(43.8 KB)
📄 tcp_ratelimit.h(5.07 KB)
📄 tcp_reass.c(30.75 KB)
📄 tcp_sack.c(26.74 KB)
📄 tcp_seq.h(3.57 KB)
📁 tcp_stacks
📄 tcp_stats.c(8.47 KB)
📄 tcp_subr.c(92.74 KB)
📄 tcp_syncache.c(73 KB)
📄 tcp_syncache.h(5.16 KB)
📄 tcp_timer.c(31.04 KB)
📄 tcp_timer.h(9.29 KB)
📄 tcp_timewait.c(19.06 KB)
📄 tcp_usrreq.c(71.35 KB)
📄 tcp_var.h(43.48 KB)
📄 tcpip.h(2.29 KB)
📄 toecore.c(13.51 KB)
📄 toecore.h(5.13 KB)
📄 udp.h(2.49 KB)
📄 udp_usrreq.c(44.57 KB)
📄 udp_var.h(6.48 KB)
📄 udplite.h(1.91 KB)

Editing: ip_id.c

/*-
 * SPDX-License-Identifier: BSD-2-Clause-FreeBSD
 *
 * Copyright (c) 2008 Michael J. Silbersack.
 * All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice unmodified, this list of conditions, and the following
 *    disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 *
 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */

#include <sys/cdefs.h>
__FBSDID("$FreeBSD$");

/*
 * IP ID generation is a fascinating topic.
 *
 * In order to avoid ID collisions during packet reassembly, common sense
 * dictates that the period between reuse of IDs be as large as possible.
 * This leads to the classic implementation of a system-wide counter, thereby
 * ensuring that IDs repeat only once every 2^16 packets.
 *
 * Subsequent security researchers have pointed out that using a global
 * counter makes ID values predictable.  This predictability allows traffic
 * analysis, idle scanning, and even packet injection in specific cases.
 * These results suggest that IP IDs should be as random as possible.
 *
 * The "searchable queues" algorithm used in this IP ID implementation was
 * proposed by Amit Klein.  It is a compromise between the above two
 * viewpoints that has provable behavior that can be tuned to the user's
 * requirements.
 *
 * The basic concept is that we supplement a standard random number generator
 * with a queue of the last L IDs that we have handed out to ensure that all
 * IDs have a period of at least L.
 *
 * To efficiently implement this idea, we keep two data structures: a
 * circular array of IDs of size L and a bitstring of 65536 bits.
 *
 * To start, we ask the RNG for a new ID.  A quick index into the bitstring
 * is used to determine if this is a recently used value.  The process is
 * repeated until a value is returned that is not in the bitstring.
 *
 * Having found a usable ID, we remove the ID stored at the current position
 * in the queue from the bitstring and replace it with our new ID.  Our new
 * ID is then added to the bitstring and the queue pointer is incremented.
 *
 * The lower limit of 512 was chosen because there doesn't seem to be much
 * point to having a smaller value.  The upper limit of 32768 was chosen for
 * two reasons.  First, every step above 32768 decreases the entropy.  Taken
 * to an extreme, 65533 would offer 1 bit of entropy.  Second, the number of
 * attempts it takes the algorithm to find an unused ID drastically
 * increases, killing performance.  The default value of 8192 was chosen
 * because it provides a good tradeoff between randomness and non-repetition.
 *
 * With L=8192, the queue will use 16K of memory.  The bitstring always
 * uses 8K of memory.  No memory is allocated until the use of random ids is
 * enabled.
 */

#include <sys/param.h>
#include <sys/systm.h>
#include <sys/counter.h>
#include <sys/kernel.h>
#include <sys/malloc.h>
#include <sys/lock.h>
#include <sys/mutex.h>
#include <sys/random.h>
#include <sys/smp.h>
#include <sys/sysctl.h>
#include <sys/bitstring.h>

#include <net/vnet.h>

#include <netinet/in.h>
#include <netinet/ip.h>
#include <netinet/ip_var.h>

/*
 * By default we generate IP ID only for non-atomic datagrams, as
 * suggested by RFC6864.  We use per-CPU counter for that, or if
 * user wants to, we can turn on random ID generation.
 */
VNET_DEFINE_STATIC(int, ip_rfc6864) = 1;
VNET_DEFINE_STATIC(int, ip_do_randomid) = 0;
#define	V_ip_rfc6864		VNET(ip_rfc6864)
#define	V_ip_do_randomid	VNET(ip_do_randomid)

/*
 * Random ID state engine.
 */
static MALLOC_DEFINE(M_IPID, "ipid", "randomized ip id state");
VNET_DEFINE_STATIC(uint16_t *, id_array);
VNET_DEFINE_STATIC(bitstr_t *, id_bits);
VNET_DEFINE_STATIC(int, array_ptr);
VNET_DEFINE_STATIC(int, array_size);
VNET_DEFINE_STATIC(int, random_id_collisions);
VNET_DEFINE_STATIC(int, random_id_total);
VNET_DEFINE_STATIC(struct mtx, ip_id_mtx);
#define	V_id_array	VNET(id_array)
#define	V_id_bits	VNET(id_bits)
#define	V_array_ptr	VNET(array_ptr)
#define	V_array_size	VNET(array_size)
#define	V_random_id_collisions	VNET(random_id_collisions)
#define	V_random_id_total	VNET(random_id_total)
#define	V_ip_id_mtx	VNET(ip_id_mtx)

/*
 * Non-random ID state engine is simply a per-cpu counter.
 */
VNET_DEFINE_STATIC(counter_u64_t, ip_id);
#define	V_ip_id		VNET(ip_id)

static int	sysctl_ip_randomid(SYSCTL_HANDLER_ARGS);
static int	sysctl_ip_id_change(SYSCTL_HANDLER_ARGS);
static void	ip_initid(int);
static uint16_t ip_randomid(void);
static void	ipid_sysinit(void);
static void	ipid_sysuninit(void);

SYSCTL_DECL(_net_inet_ip);
SYSCTL_PROC(_net_inet_ip, OID_AUTO, random_id,
    CTLTYPE_INT | CTLFLAG_VNET | CTLFLAG_RW | CTLFLAG_MPSAFE,
    &VNET_NAME(ip_do_randomid), 0, sysctl_ip_randomid, "IU",
    "Assign random ip_id values");
SYSCTL_INT(_net_inet_ip, OID_AUTO, rfc6864, CTLFLAG_VNET | CTLFLAG_RW,
    &VNET_NAME(ip_rfc6864), 0,
    "Use constant IP ID for atomic datagrams");
SYSCTL_PROC(_net_inet_ip, OID_AUTO, random_id_period,
    CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_VNET | CTLFLAG_MPSAFE,
    &VNET_NAME(array_size), 0, sysctl_ip_id_change, "IU", "IP ID Array size");
SYSCTL_INT(_net_inet_ip, OID_AUTO, random_id_collisions,
    CTLFLAG_RD | CTLFLAG_VNET,
    &VNET_NAME(random_id_collisions), 0, "Count of IP ID collisions");
SYSCTL_INT(_net_inet_ip, OID_AUTO, random_id_total, CTLFLAG_RD | CTLFLAG_VNET,
    &VNET_NAME(random_id_total), 0, "Count of IP IDs created");

static int
sysctl_ip_randomid(SYSCTL_HANDLER_ARGS)
{
	int error, new;

new = V_ip_do_randomid;
	error = sysctl_handle_int(oidp, &new, 0, req);
	if (error || req->newptr == NULL)
		return (error);
	if (new != 0 && new != 1)
		return (EINVAL);
	if (new == V_ip_do_randomid)
		return (0);
	if (new == 1 && V_ip_do_randomid == 0)
		ip_initid(8192);
	/* We don't free memory when turning random ID off, due to race. */
	V_ip_do_randomid = new;
	return (0);
}

static int
sysctl_ip_id_change(SYSCTL_HANDLER_ARGS)
{
	int error, new;

new = V_array_size;
	error = sysctl_handle_int(oidp, &new, 0, req);
	if (error == 0 && req->newptr) {
		if (new >= 512 && new <= 32768)
			ip_initid(new);
		else
			error = EINVAL;
	}
	return (error);
}

static void
ip_initid(int new_size)
{
	uint16_t *new_array;
	bitstr_t *new_bits;

new_array = malloc(new_size * sizeof(uint16_t), M_IPID,
	    M_WAITOK | M_ZERO);
	new_bits = malloc(bitstr_size(65536), M_IPID, M_WAITOK | M_ZERO);

mtx_lock(&V_ip_id_mtx);
	if (V_id_array != NULL) {
		free(V_id_array, M_IPID);
		free(V_id_bits, M_IPID);
	}
	V_id_array = new_array;
	V_id_bits = new_bits;
	V_array_size = new_size;
	V_array_ptr = 0;
	V_random_id_collisions = 0;
	V_random_id_total = 0;
	mtx_unlock(&V_ip_id_mtx);
}

static uint16_t
ip_randomid(void)
{
	uint16_t new_id;

mtx_lock(&V_ip_id_mtx);
	/*
	 * To avoid a conflict with the zeros that the array is initially
	 * filled with, we never hand out an id of zero.
	 */
	new_id = 0;
	do {
		if (new_id != 0)
			V_random_id_collisions++;
		arc4rand(&new_id, sizeof(new_id), 0);
	} while (bit_test(V_id_bits, new_id) || new_id == 0);
	bit_clear(V_id_bits, V_id_array[V_array_ptr]);
	bit_set(V_id_bits, new_id);
	V_id_array[V_array_ptr] = new_id;
	V_array_ptr++;
	if (V_array_ptr == V_array_size)
		V_array_ptr = 0;
	V_random_id_total++;
	mtx_unlock(&V_ip_id_mtx);
	return (new_id);
}

void
ip_fillid(struct ip *ip)
{

/*
	 * Per RFC6864 Section 4
	 *
	 * o  Atomic datagrams: (DF==1) && (MF==0) && (frag_offset==0)
	 * o  Non-atomic datagrams: (DF==0) || (MF==1) || (frag_offset>0)
	 */
	if (V_ip_rfc6864 && (ip->ip_off & htons(IP_DF)) == htons(IP_DF))
		ip->ip_id = 0;
	else if (V_ip_do_randomid)
		ip->ip_id = ip_randomid();
	else {
		counter_u64_add(V_ip_id, 1);
		/*
		 * There are two issues about this trick, to be kept in mind.
		 * 1) We can migrate between counter_u64_add() and next
		 *    line, and grab counter from other CPU, resulting in too
		 *    quick ID reuse. This is tolerable in our particular case,
		 *    since probability of such event is much lower then reuse
		 *    of ID due to legitimate overflow, that at modern Internet
		 *    speeds happens all the time.
		 * 2) We are relying on the fact that counter(9) is based on
		 *    UMA_ZONE_PCPU uma(9) zone. We also take only last
		 *    sixteen bits of a counter, so we don't care about the
		 *    fact that machines with 32-bit word update their counters
		 *    not atomically.
		 */
		ip->ip_id = htons((*(uint64_t *)zpcpu_get(V_ip_id)) & 0xffff);
	}
}

static void
ipid_sysinit(void)
{
	int i;

mtx_init(&V_ip_id_mtx, "ip_id_mtx", NULL, MTX_DEF);
	V_ip_id = counter_u64_alloc(M_WAITOK);

CPU_FOREACH(i)
		arc4rand(zpcpu_get_cpu(V_ip_id, i), sizeof(uint64_t), 0);
}
VNET_SYSINIT(ip_id, SI_SUB_PROTO_DOMAIN, SI_ORDER_ANY, ipid_sysinit, NULL);

static void
ipid_sysuninit(void)
{

if (V_id_array != NULL) {
		free(V_id_array, M_IPID);
		free(V_id_bits, M_IPID);
	}
	counter_u64_free(V_ip_id);
	mtx_destroy(&V_ip_id_mtx);
}
VNET_SYSUNINIT(ip_id, SI_SUB_PROTO_DOMAIN, SI_ORDER_THIRD, ipid_sysuninit, NULL);

003 File Manager

Editing: ip_id.c

Upload File

Create Folder