Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src add /kern/ipsecsa and /kern/ipsecsp, which can be inspected ...
details: https://anonhg.NetBSD.org/src/rev/c1610db27102
branches: trunk
changeset: 551556:c1610db27102
user: itojun <itojun%NetBSD.org@localhost>
date: Mon Sep 08 06:51:53 2003 +0000
description:
add /kern/ipsecsa and /kern/ipsecsp, which can be inspected by setkey(8).
it allows easier access to ipsecsa/sp. it works around problem where
setkey -D does not work with large number of ipsec SAs due to socket buffer
size.
diffstat:
sbin/mount_kernfs/mount_kernfs.8 | 23 +-
sys/lkm/vfs/miscfs/kernfs/Makefile | 4 +-
sys/miscfs/kernfs/files.kernfs | 3 +-
sys/miscfs/kernfs/kernfs.h | 93 +++-
sys/miscfs/kernfs/kernfs_subr.c | 438 +++++++++++++++++++++
sys/miscfs/kernfs/kernfs_vfsops.c | 102 +---
sys/miscfs/kernfs/kernfs_vnops.c | 771 ++++++++++++++++++++++++++----------
sys/netkey/key.c | 65 ++-
sys/netkey/key.h | 6 +-
9 files changed, 1186 insertions(+), 319 deletions(-)
diffs (truncated from 2066 to 300 lines):
diff -r d563242c785c -r c1610db27102 sbin/mount_kernfs/mount_kernfs.8
--- a/sbin/mount_kernfs/mount_kernfs.8 Mon Sep 08 06:41:23 2003 +0000
+++ b/sbin/mount_kernfs/mount_kernfs.8 Mon Sep 08 06:51:53 2003 +0000
@@ -1,4 +1,4 @@
-.\" $NetBSD: mount_kernfs.8,v 1.13 2003/08/07 10:04:28 agc Exp $
+.\" $NetBSD: mount_kernfs.8,v 1.14 2003/09/08 06:52:00 itojun Exp $
.\"
.\" Copyright (c) 1992, 1993, 1994
.\" The Regents of the University of California. All rights reserved.
@@ -33,7 +33,7 @@
.\"
.\" @(#)mount_kernfs.8 8.2 (Berkeley) 3/27/94
.\"
-.Dd March 27, 1994
+.Dd September 8, 2003
.Dt MOUNT_KERNFS 8
.Os
.Sh NAME
@@ -83,6 +83,20 @@
A trailing newline will be stripped from the hostname being written.
.It Pa hz
the frequency of the system clock (decimal ASCII).
+.It Pa ipsecsa
+the directory contains IPsec security associations (SA) in
+.Dv PF_KEY
+format.
+Filenames are SPI in decimal number.
+The content of files can be inspected by using
+.Xr setkey 8 .
+.It Pa ipsecsp
+the directory contains IPsec security policies in
+.Dv PF_KEY
+format.
+Filenames are security policy ID in decimal number.
+The content of files can be inspected by using
+.Xr setkey 8 .
.It Pa loadavg
the 1, 5 and 15 minute load average in kernel fixed-point format.
The final integer is the fix-point scaling factor.
@@ -124,9 +138,11 @@
.Sh SEE ALSO
.Xr mount 2 ,
.Xr unmount 2 ,
+.Xr ipsec 4 ,
.Xr fstab 5 ,
.Xr dmesg 8 ,
.Xr mount 8 ,
+.Xr setkey 8 ,
.Xr syslogd 8
.Sh HISTORY
The
@@ -135,3 +151,6 @@
.Bx 4.4 .
.Sh BUGS
This filesystem may not be NFS-exported.
+.Pp
+.Xr lkm 4
+version does not support IPsec-related files/directories.
diff -r d563242c785c -r c1610db27102 sys/lkm/vfs/miscfs/kernfs/Makefile
--- a/sys/lkm/vfs/miscfs/kernfs/Makefile Mon Sep 08 06:41:23 2003 +0000
+++ b/sys/lkm/vfs/miscfs/kernfs/Makefile Mon Sep 08 06:51:53 2003 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile,v 1.10 2001/12/12 12:06:48 lukem Exp $
+# $NetBSD: Makefile,v 1.11 2003/09/08 06:51:59 itojun Exp $
.include "../Makefile.inc"
@@ -7,6 +7,6 @@
KMOD= kernfs
SRCS= lkminit_vfs.c
-SRCS+= kernfs_vfsops.c kernfs_vnops.c
+SRCS+= kernfs_vfsops.c kernfs_vnops.c kernfs_subr.c
.include <bsd.kmod.mk>
diff -r d563242c785c -r c1610db27102 sys/miscfs/kernfs/files.kernfs
--- a/sys/miscfs/kernfs/files.kernfs Mon Sep 08 06:41:23 2003 +0000
+++ b/sys/miscfs/kernfs/files.kernfs Mon Sep 08 06:51:53 2003 +0000
@@ -1,6 +1,7 @@
-# $NetBSD: files.kernfs,v 1.1 2002/04/16 23:14:07 thorpej Exp $
+# $NetBSD: files.kernfs,v 1.2 2003/09/08 06:51:53 itojun Exp $
deffs fs_kernfs.h KERNFS # XXX
+file miscfs/kernfs/kernfs_subr.c kernfs
file miscfs/kernfs/kernfs_vfsops.c kernfs
file miscfs/kernfs/kernfs_vnops.c kernfs
diff -r d563242c785c -r c1610db27102 sys/miscfs/kernfs/kernfs.h
--- a/sys/miscfs/kernfs/kernfs.h Mon Sep 08 06:41:23 2003 +0000
+++ b/sys/miscfs/kernfs/kernfs.h Mon Sep 08 06:51:53 2003 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: kernfs.h,v 1.17 2003/08/07 16:32:37 agc Exp $ */
+/* $NetBSD: kernfs.h,v 1.18 2003/09/08 06:51:53 itojun Exp $ */
/*
* Copyright (c) 1992, 1993
@@ -37,36 +37,87 @@
#define _PATH_KERNFS "/kern" /* Default mountpoint */
#ifdef _KERNEL
-struct kernfs_mount {
- struct vnode *kf_root; /* Root node */
-};
+#include <sys/queue.h>
+/*
+ * The different types of node in a kernfs filesystem
+ */
+typedef enum {
+ Pkern, /* the filesystem itself (.) */
+ Proot, /* the filesystem root (..) */
+ Pnull, /* none aplicable */
+ Ptime, /* boottime */
+ Pint, /* integer */
+ Pstring, /* string */
+ Phostname, /* hostname */
+ Pavenrun, /* loadavg */
+ Pdevice, /* device file (rootdev/rrootdev) */
+ Pmsgbuf, /* msgbuf */
+ Pipsecsadir, /* ipsec security association (top dir) */
+ Pipsecspdir, /* ipsec security policy (top dir) */
+ Pipsecsa, /* ipsec security association entry */
+ Pipsecsp, /* ipsec security policy entry */
+} kfstype;
+
+/*
+ * control data for the kern file system.
+ */
struct kern_target {
- u_char kt_type;
- u_char kt_namlen;
- const char *kt_name;
- void *kt_data;
-#define KTT_NULL 1
-#define KTT_TIME 5
-#define KTT_INT 17
-#define KTT_STRING 31
-#define KTT_HOSTNAME 47
-#define KTT_AVENRUN 53
-#define KTT_DEVICE 71
-#define KTT_MSGBUF 89
- u_char kt_tag;
- u_char kt_vtype;
- mode_t kt_mode;
+ u_char kt_type;
+ u_char kt_namlen;
+ const char *kt_name;
+ void *kt_data;
+ kfstype kt_tag;
+ u_char kt_vtype;
+ mode_t kt_mode;
};
struct kernfs_node {
- const struct kern_target *kf_kt;
+ LIST_ENTRY(kernfs_node) kfs_hash; /* hash chain */
+ TAILQ_ENTRY(kernfs_node) kfs_list; /* flat list */
+ struct vnode *kfs_vnode; /* vnode associated with this pfsnode */
+ kfstype kfs_type; /* type of procfs node */
+ mode_t kfs_mode; /* mode bits for stat() */
+ long kfs_fileno; /* unique file id */
+ u_int32_t kfs_value; /* SA id or SP id (Pint) */
+ const struct kern_target *kfs_kt;
+ void *kfs_v; /* pointer to secasvar/secpolicy/mbuf */
+ long kfs_cookie; /* fileno cookie */
};
+struct kernfs_mount {
+ TAILQ_HEAD(, kernfs_node) nodelist;
+ long fileno_cookie;
+};
+
+#define UIO_MX 32
+
+#define KERNFS_FILENO(kt, typ, cookie) \
+ ((kt) ? 2 + ((kt) - &kern_targets[0]) \
+ : (((cookie) << 6) | ((typ) + nkern_targets)))
+
#define VFSTOKERNFS(mp) ((struct kernfs_mount *)((mp)->mnt_data))
-#define VTOKERN(vp) ((struct kernfs_node *)(vp)->v_data)
+#define VTOKERN(vp) ((struct kernfs_node *)(vp)->v_data)
+#define KERNFSTOV(kfs) ((kfs)->kfs_vnode)
+extern const struct kern_target kern_targets[];
+extern int nkern_targets;
extern int (**kernfs_vnodeop_p) __P((void *));
extern struct vfsops kernfs_vfsops;
extern dev_t rrootdev;
+
+struct secasvar;
+struct secpolicy;
+
+int kernfs_root __P((struct mount *, struct vnode **));
+
+void kernfs_hashinit __P((void));
+void kernfs_hashreinit __P((void));
+void kernfs_hashdone __P((void));
+int kernfs_freevp __P((struct vnode *));
+int kernfs_allocvp __P((struct mount *, struct vnode **, kfstype,
+ const struct kern_target *, u_int32_t));
+
+void kernfs_revoke_sa __P((struct secasvar *));
+void kernfs_revoke_sp __P((struct secpolicy *));
#endif /* _KERNEL */
diff -r d563242c785c -r c1610db27102 sys/miscfs/kernfs/kernfs_subr.c
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/sys/miscfs/kernfs/kernfs_subr.c Mon Sep 08 06:51:53 2003 +0000
@@ -0,0 +1,438 @@
+/* $NetBSD: kernfs_subr.c,v 1.1 2003/09/08 06:51:53 itojun Exp $ */
+
+/*
+ * Copyright (c) 1993
+ * The Regents of the University of California. All rights reserved.
+ *
+ * This code is derived from software contributed to Berkeley by
+ * Jan-Simon Pendry.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the University nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * @(#)kernfs_subr.c 8.6 (Berkeley) 5/14/95
+ */
+
+/*
+ * Copyright (c) 1994 Christopher G. Demetriou. All rights reserved.
+ * Copyright (c) 1993 Jan-Simon Pendry
+ *
+ * This code is derived from software contributed to Berkeley by
+ * Jan-Simon Pendry.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the University of
+ * California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * @(#)kernfs_subr.c 8.6 (Berkeley) 5/14/95
+ */
+
+#include <sys/cdefs.h>
+__KERNEL_RCSID(0, "$NetBSD: kernfs_subr.c,v 1.1 2003/09/08 06:51:53 itojun Exp $");
+
+#ifdef _KERNEL_OPT
+#include "opt_ipsec.h"
+#endif
+
+#include <sys/param.h>
+#include <sys/systm.h>
+#include <sys/time.h>
+#include <sys/kernel.h>
+#include <sys/proc.h>
+#include <sys/vnode.h>
+#include <sys/malloc.h>
+#include <sys/stat.h>
+#include <sys/file.h>
+#include <sys/filedesc.h>
+#include <sys/mount.h>
Home |
Main Index |
Thread Index |
Old Index