FreeBSD kernel kern code
uipc_accf.c
Go to the documentation of this file.
1/*-
2 * SPDX-License-Identifier: BSD-2-Clause-FreeBSD
3 *
4 * Copyright (c) 2000 Paycounter, Inc.
5 * Copyright (c) 2005 Robert N. M. Watson
6 * Author: Alfred Perlstein <alfred@paycounter.com>, <alfred@FreeBSD.org>
7 * All rights reserved.
8 *
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
11 * are met:
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 * 2. Redistributions in binary form must reproduce the above copyright
15 * notice, this list of conditions and the following disclaimer in the
16 * documentation and/or other materials provided with the distribution.
17 *
18 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
19 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
20 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
21 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
22 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
23 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
24 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
25 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
26 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
27 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
28 * SUCH DAMAGE.
29 */
30
31#include <sys/cdefs.h>
32__FBSDID("$FreeBSD$");
33
34#define ACCEPT_FILTER_MOD
35
36#include "opt_param.h"
37#include <sys/param.h>
38#include <sys/systm.h>
39#include <sys/domain.h>
40#include <sys/kernel.h>
41#include <sys/lock.h>
42#include <sys/malloc.h>
43#include <sys/mbuf.h>
44#include <sys/module.h>
45#include <sys/mutex.h>
46#include <sys/protosw.h>
47#include <sys/sysctl.h>
48#include <sys/socket.h>
49#include <sys/socketvar.h>
50#include <sys/queue.h>
51
52static struct mtx accept_filter_mtx;
53MTX_SYSINIT(accept_filter, &accept_filter_mtx, "accept_filter_mtx",
54 MTX_DEF);
55#define ACCEPT_FILTER_LOCK() mtx_lock(&accept_filter_mtx)
56#define ACCEPT_FILTER_UNLOCK() mtx_unlock(&accept_filter_mtx)
57
58static SLIST_HEAD(, accept_filter) accept_filtlsthd =
59 SLIST_HEAD_INITIALIZER(accept_filtlsthd);
60
61MALLOC_DEFINE(M_ACCF, "accf", "accept filter data");
62
63static int unloadable = 0;
64
65SYSCTL_NODE(_net, OID_AUTO, accf, CTLFLAG_RW | CTLFLAG_MPSAFE, 0,
66 "Accept filters");
67SYSCTL_INT(_net_accf, OID_AUTO, unloadable, CTLFLAG_RW, &unloadable, 0,
68 "Allow unload of accept filters (not recommended)");
69
70/*
71 * Must be passed a malloc'd structure so we don't explode if the kld is
72 * unloaded, we leak the struct on deallocation to deal with this, but if a
73 * filter is loaded with the same name as a leaked one we re-use the entry.
74 */
75int
76accept_filt_add(struct accept_filter *filt)
77{
78 struct accept_filter *p;
79
80 ACCEPT_FILTER_LOCK();
81 SLIST_FOREACH(p, &accept_filtlsthd, accf_next)
82 if (strcmp(p->accf_name, filt->accf_name) == 0) {
83 if (p->accf_callback != NULL) {
84 ACCEPT_FILTER_UNLOCK();
85 return (EEXIST);
86 } else {
87 p->accf_callback = filt->accf_callback;
88 ACCEPT_FILTER_UNLOCK();
89 free(filt, M_ACCF);
90 return (0);
91 }
92 }
93
94 if (p == NULL)
95 SLIST_INSERT_HEAD(&accept_filtlsthd, filt, accf_next);
96 ACCEPT_FILTER_UNLOCK();
97 return (0);
98}
99
100int
101accept_filt_del(char *name)
102{
103 struct accept_filter *p;
104
105 p = accept_filt_get(name);
106 if (p == NULL)
107 return (ENOENT);
108
109 p->accf_callback = NULL;
110 return (0);
111}
112
113struct accept_filter *
114accept_filt_get(char *name)
115{
116 struct accept_filter *p;
117
118 ACCEPT_FILTER_LOCK();
119 SLIST_FOREACH(p, &accept_filtlsthd, accf_next)
120 if (strcmp(p->accf_name, name) == 0)
121 break;
122 ACCEPT_FILTER_UNLOCK();
123
124 return (p);
125}
126
127int
128accept_filt_generic_mod_event(module_t mod, int event, void *data)
129{
130 struct accept_filter *p;
131 struct accept_filter *accfp = (struct accept_filter *) data;
132 int error;
133
134 switch (event) {
135 case MOD_LOAD:
136 p = malloc(sizeof(*p), M_ACCF, M_WAITOK);
137 bcopy(accfp, p, sizeof(*p));
138 error = accept_filt_add(p);
139 break;
140
141 case MOD_UNLOAD:
142 /*
143 * Do not support unloading yet. we don't keep track of
144 * refcounts and unloading an accept filter callback and then
145 * having it called is a bad thing. A simple fix would be to
146 * track the refcount in the struct accept_filter.
147 */
148 if (unloadable != 0) {
149 error = accept_filt_del(accfp->accf_name);
150 } else
151 error = EOPNOTSUPP;
152 break;
153
154 case MOD_SHUTDOWN:
155 error = 0;
156 break;
157
158 default:
159 error = EOPNOTSUPP;
160 break;
161 }
162
163 return (error);
164}
165
166int
167accept_filt_getopt(struct socket *so, struct sockopt *sopt)
168{
169 struct accept_filter_arg *afap;
170 int error;
171
172 error = 0;
173 afap = malloc(sizeof(*afap), M_TEMP, M_WAITOK | M_ZERO);
174 SOCK_LOCK(so);
175 if (!SOLISTENING(so)) {
176 error = EINVAL;
177 goto out;
178 }
179 if (so->sol_accept_filter == NULL) {
180 error = EINVAL;
181 goto out;
182 }
183 strcpy(afap->af_name, so->sol_accept_filter->accf_name);
184 if (so->sol_accept_filter_str != NULL)
185 strcpy(afap->af_arg, so->sol_accept_filter_str);
186out:
187 SOCK_UNLOCK(so);
188 if (error == 0)
189 error = sooptcopyout(sopt, afap, sizeof(*afap));
190 free(afap, M_TEMP);
191 return (error);
192}
193
194int
195accept_filt_setopt(struct socket *so, struct sockopt *sopt)
196{
197 struct accept_filter_arg *afap;
198 struct accept_filter *afp;
199 char *accept_filter_str = NULL;
200 void *accept_filter_arg = NULL;
201 int error;
202
203 /*
204 * Handle the simple delete case first.
205 */
206 if (sopt == NULL || sopt->sopt_val == NULL) {
207 struct socket *sp, *sp1;
208 int wakeup;
209
210 SOCK_LOCK(so);
211 if (!SOLISTENING(so)) {
212 SOCK_UNLOCK(so);
213 return (EINVAL);
214 }
215 if (so->sol_accept_filter == NULL) {
216 SOCK_UNLOCK(so);
217 return (0);
218 }
219 if (so->sol_accept_filter->accf_destroy != NULL)
220 so->sol_accept_filter->accf_destroy(so);
221 if (so->sol_accept_filter_str != NULL)
222 free(so->sol_accept_filter_str, M_ACCF);
223 so->sol_accept_filter = NULL;
224 so->sol_accept_filter_arg = NULL;
225 so->sol_accept_filter_str = NULL;
226 so->so_options &= ~SO_ACCEPTFILTER;
227
228 /*
229 * Move from incomplete queue to complete only those
230 * connections, that are blocked by us.
231 */
232 wakeup = 0;
233 TAILQ_FOREACH_SAFE(sp, &so->sol_incomp, so_list, sp1) {
234 SOCK_LOCK(sp);
235 if (sp->so_options & SO_ACCEPTFILTER) {
236 TAILQ_REMOVE(&so->sol_incomp, sp, so_list);
237 TAILQ_INSERT_TAIL(&so->sol_comp, sp, so_list);
238 sp->so_qstate = SQ_COMP;
239 sp->so_options &= ~SO_ACCEPTFILTER;
240 so->sol_incqlen--;
241 so->sol_qlen++;
242 wakeup = 1;
243 }
244 SOCK_UNLOCK(sp);
245 }
246 if (wakeup)
247 solisten_wakeup(so); /* unlocks */
248 else
249 SOLISTEN_UNLOCK(so);
250 return (0);
251 }
252
253 /*
254 * Pre-allocate any memory we may need later to avoid blocking at
255 * untimely moments. This does not optimize for invalid arguments.
256 */
257 afap = malloc(sizeof(*afap), M_TEMP, M_WAITOK);
258 error = sooptcopyin(sopt, afap, sizeof *afap, sizeof *afap);
259 afap->af_name[sizeof(afap->af_name)-1] = '\0';
260 afap->af_arg[sizeof(afap->af_arg)-1] = '\0';
261 if (error) {
262 free(afap, M_TEMP);
263 return (error);
264 }
265 afp = accept_filt_get(afap->af_name);
266 if (afp == NULL) {
267 free(afap, M_TEMP);
268 return (ENOENT);
269 }
270 if (afp->accf_create != NULL && afap->af_name[0] != '\0') {
271 size_t len = strlen(afap->af_name) + 1;
272 accept_filter_str = malloc(len, M_ACCF, M_WAITOK);
273 strcpy(accept_filter_str, afap->af_name);
274 }
275
276 /*
277 * Require a listen socket; don't try to replace an existing filter
278 * without first removing it.
279 */
280 SOCK_LOCK(so);
281 if (!SOLISTENING(so) || so->sol_accept_filter != NULL) {
282 error = EINVAL;
283 goto out;
284 }
285
286 /*
287 * Invoke the accf_create() method of the filter if required. The
288 * socket mutex is held over this call, so create methods for filters
289 * can't block.
290 */
291 if (afp->accf_create != NULL) {
292 accept_filter_arg = afp->accf_create(so, afap->af_arg);
293 if (accept_filter_arg == NULL) {
294 error = EINVAL;
295 goto out;
296 }
297 }
298 so->sol_accept_filter = afp;
299 so->sol_accept_filter_arg = accept_filter_arg;
300 so->sol_accept_filter_str = accept_filter_str;
301 accept_filter_str = NULL;
302 so->so_options |= SO_ACCEPTFILTER;
303out:
304 SOCK_UNLOCK(so);
305 if (accept_filter_str != NULL)
306 free(accept_filter_str, M_ACCF);
307 free(afap, M_TEMP);
308 return (error);
309}
name
const char * name
Definition: kern_fail.c:145
MALLOC_DEFINE
MALLOC_DEFINE(M_BINMISC, KMOD_NAME, "misc binary image activator")
SYSCTL_NODE
SYSCTL_NODE(_kern, OID_AUTO, binmisc, CTLFLAG_RW|CTLFLAG_MPSAFE, 0, "Image activator for miscellaneous binaries")
SYSCTL_INT
SYSCTL_INT(ASLR_NODE_OID, OID_AUTO, enable, CTLFLAG_RWTUN, &__elfN(aslr_enabled), 0, ": enable address map randomization")
malloc
void *() malloc(size_t size, struct malloc_type *mtp, int flags)
Definition: kern_malloc.c:632
free
void free(void *addr, struct malloc_type *mtp)
Definition: kern_malloc.c:907
wakeup
void wakeup(const void *ident)
Definition: kern_synch.c:349
data
uint32_t * data
Definition: msi_if.m:90
accept_filt_generic_mod_event
int accept_filt_generic_mod_event(module_t mod, int event, void *data)
Definition: uipc_accf.c:128
accept_filt_getopt
int accept_filt_getopt(struct socket *so, struct sockopt *sopt)
Definition: uipc_accf.c:167
ACCEPT_FILTER_LOCK
#define ACCEPT_FILTER_LOCK()
Definition: uipc_accf.c:55
accept_filt_setopt
int accept_filt_setopt(struct socket *so, struct sockopt *sopt)
Definition: uipc_accf.c:195
__FBSDID
__FBSDID("$FreeBSD$")
ACCEPT_FILTER_UNLOCK
#define ACCEPT_FILTER_UNLOCK()
Definition: uipc_accf.c:56
accept_filt_del
int accept_filt_del(char *name)
Definition: uipc_accf.c:101
accept_filt_get
struct accept_filter * accept_filt_get(char *name)
Definition: uipc_accf.c:114
MTX_SYSINIT
MTX_SYSINIT(accept_filter, &accept_filter_mtx, "accept_filter_mtx", MTX_DEF)
accept_filter_mtx
static struct mtx accept_filter_mtx
Definition: uipc_accf.c:52
SLIST_HEAD
static SLIST_HEAD(accept_filter)
Definition: uipc_accf.c:58
mtx
struct mtx mtx
Definition: uipc_ktls.c:0
unloadable
static int unloadable
Definition: uipc_mqueue.c:220
solisten_wakeup
void solisten_wakeup(struct socket *sol)
Definition: uipc_socket.c:1027
sooptcopyin
int sooptcopyin(struct sockopt *sopt, void *buf, size_t len, size_t minlen)
Definition: uipc_socket.c:3015
sooptcopyout
int sooptcopyout(struct sockopt *sopt, const void *buf, size_t len)
Definition: uipc_socket.c:3265