optcom.c revision bd670b35a010421b6e1a5536c34453a827007c81
/*
* CDDL HEADER START
*
* The contents of this file are subject to the terms of the
* Common Development and Distribution License (the "License").
* You may not use this file except in compliance with the License.
*
* You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
* See the License for the specific language governing permissions
* and limitations under the License.
*
* When distributing Covered Code, include this CDDL HEADER in each
* file and include the License file at usr/src/OPENSOLARIS.LICENSE.
* If applicable, add the following below this CDDL HEADER, with the
* fields enclosed by brackets "[]" replaced with your own identifying
* information: Portions Copyright [yyyy] [name of copyright owner]
*
* CDDL HEADER END
*/
/*
* Copyright 2009 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
/* Copyright (c) 1990 Mentat Inc. */
/*
* This file contains common code for handling Options Management requests.
*/
#define _SUN_TPI_VERSION 2
#include <sys/socketvar.h>
#include "optcom.h"
#include <inet/ipclassifier.h>
#include <inet/proto_set.h>
/*
* Function prototypes
*/
size_t *);
/* Common code for sending back a T_ERROR_ACK. */
void
{
}
/*
* The option management routines svr4_optcom_req() and tpi_optcom_req() use
* callback functions as arguments. Here is the expected interfaces
* assumed from the callback functions
*
*
* (1) deffn(q, optlevel, optname, optvalp)
*
* - Function only called when default value comes from protocol
* specific code and not the option database table (indicated by
* OP_DEF_FN property in option database.)
* - Error return is -1. Valid returns are >=0.
* - When valid, the return value represents the length used for storing
* the default value of the option.
* - Error return implies the called routine did not recognize this
* option. Something downstream could so input is left unchanged
* in request buffer.
*
* (2) getfn(q, optlevel, optname, optvalp)
*
* - Error return is -1. Valid returns are >=0.
* - When valid, the return value represents the length used for storing
* the actual value of the option.
* - Error return implies the called routine did not recognize this
* option. Something downstream could so input is left unchanged
* in request buffer.
*
* (3) setfn(q, optset_context, optlevel, optname, inlen, invalp,
* outlenp, outvalp, attrp, cr);
*
* - OK return is 0, Error code is returned as a non-zero argument.
* - If negative it is ignored by svr4_optcom_req(). If positive, error
* is returned. A negative return implies that option, while handled on
* this stack is not handled at this level and will be handled further
* downstream.
* - Both negative and positive errors are treats as errors in an
* identical manner by tpi_optcom_req(). The errors affect "status"
* field of each option's T_opthdr. If sucessfull, an appropriate sucess
* result is carried. If error, it instantiated to "failure" at the
* topmost level and left unchanged at other levels. (This "failure" can
* turn to a success at another level).
* - optset_context passed for tpi_optcom_req(). It is interpreted as:
* - SETFN_OPTCOM_CHECKONLY
* semantics are to pretend to set the value and report
* back if it would be successful.
* This is used with T_CHECK semantics in XTI
* - SETFN_OPTCOM_NEGOTIATE
* set the value. Call from option management primitive
* T_OPTMGMT_REQ when T_NEGOTIATE flags is used.
* - SETFN_UD_NEGOTIATE
* option request came riding on UNITDATA primitive most often
* has "this datagram" semantics to influence prpoerties
* affecting an outgoig datagram or associated with recived
* datagram
* [ Note: XTI permits this use outside of "this datagram"
* semantics also and permits setting "management related"
* options in this context and its test suite enforces it ]
* - SETFN_CONN_NEGOTATE
* most often has "this connection" (negotiation during
* "connection estblishment") semantics.
* [ Note: XTI permits use of these outside of "this connection"
* semantics and permits "management related" options in this
* context and its test suite enforces it. ]
*
* - inlen, invalp is the option length,value requested to be set.
* - outlenp, outvalp represent return parameters which contain the
* value set and it might be different from one passed on input.
* - attrp points to a data structure that's used by v6 modules to
* store ancillary data options or sticky options.
* - cr points to the caller's credentials
* - the caller might pass same buffers for input and output and the
* routine should protect against this case by not updating output
* buffers until it is done referencing input buffers and any other
* issues (e.g. not use bcopy() if we do not trust what it does).
* - If option is not known, it returns error. We randomly pick EINVAL.
* It can however get called with options that are handled downstream
* opr upstream so for svr4_optcom_req(), it does not return error for
* negative return values.
*
*/
/*
* Upper Level Protocols call this routine when they receive
* a T_SVR4_OPTMGMT_REQ message. They supply callback functions
* for setting a new value for a single options, getting the
* current value for a single option, and checking for support
* of a single option. svr4_optcom_req validates the option management
* buffer passed in, and calls the appropriate routines to do the
* job requested.
* XXX Code below needs some restructuring after we have some more
* macros to support 'struct opthdr' in the headers.
*/
void
{
int len;
struct T_optmgmt_ack *toa;
struct T_optmgmt_req *tor;
int error;
/* Verify message integrity. */
goto bad_opt;
/* Verify MGMT_flags legal */
switch (tor->MGMT_flags) {
case T_DEFAULT:
case T_NEGOTIATE:
case T_CURRENT:
case T_CHECK:
/* OK - legal request flags */
break;
default:
return;
}
/* Is it a request for default option settings? */
/*
* Note: XXX TLI and TPI specification was unclear about
* semantics of T_DEFAULT and the following historical note
* and its interpretation is incorrect (it implies a request
* for default values of only the identified options not all.
* The semantics have been explained better in XTI spec.)
* However, we do not modify (comment or code) here to keep
* compatibility.
* We can rethink this if it ever becomes an issue.
* ----historical comment start------
* As we understand it, the input buffer is meaningless
* so we ditch the message. A T_DEFAULT request is a
* request to obtain a buffer containing defaults for
* all supported options, so we allocate a maximum length
* reply.
* ----historical comment end -------
*/
/* T_DEFAULT not passed down */
if (!mp) {
no_mem:;
return;
}
/* Initialize the T_optmgmt_ack header. */
/* TODO: Is T_DEFAULT the right thing to put in MGMT_flags? */
/* Now walk the table of options passed in */
/*
* All the options in the table of options passed
* in are by definition supported by the protocol
* calling this function.
*/
continue;
/*
* Fill length and value from table.
*
* Default value not instantiated from function
* (or the protocol specific function failed it;
* In this interpretation of T_DEFAULT, this is
* the best we can do)
*/
switch (optd->opdes_size) {
/*
* Since options are guaranteed aligned only
* on a 4 byte boundary (t_scalar_t) any
* option that is greater in size will default
* to the bcopy below
*/
case sizeof (int32_t):
break;
case sizeof (int16_t):
break;
case sizeof (int8_t):
break;
default:
/*
* other length but still assume
* fixed - use bcopy
*/
break;
}
}
else
}
/* Now record the final length. */
/* Ship it back. */
return;
}
/* T_DEFAULT processing complete - no more T_DEFAULT */
/*
* For T_NEGOTIATE, T_CURRENT, and T_CHECK requests, we make a
* pass through the input buffer validating the details and
* making sure each option is supported by the protocol.
*/
goto bad_opt;
if (!__TPI_OPT_ISALIGNED(opt_start))
goto bad_opt;
tor->OPT_length);
/*
* Verify we have room to reference the option header
* fields in the option buffer.
*/
goto bad_opt;
/*
* We now compute pointer to next option in buffer 'next_opt'
* The next_opt computation above below 'opt->len' initialized
* by application which cannot be trusted. The usual value
* too large will be captured by the loop termination condition
* above. We check for the following which it will miss.
* -pointer space wraparound arithmetic overflow
* -last option in buffer with 'opt->len' being too large
* (only reason 'next_opt' should equal or exceed
* 'opt_end' for last option is roundup unless length is
*/
goto bad_opt;
/* sanity check */
goto bad_opt;
cr);
if (error < 0) {
return;
} else if (error > 0) {
return;
}
} /* end for loop scanning option buffer */
/* Now complete the operation as required. */
switch (tor->MGMT_flags) {
case T_CHECK:
/*
* Historically used same as T_CURRENT (which was added to
* standard later). Code retained for compatibility.
*/
/* FALLTHROUGH */
case T_CURRENT:
/*
* Allocate a maximum size reply. Perhaps we are supposed to
* assume that the input buffer includes space for the answers
* as well as the opthdrs, but we don't know that for sure.
* So, instead, we create a new output buffer, using the
* input buffer only as a list of options.
*/
if (!mp1)
goto no_mem;
/* Initialize the header. */
/*
* Walk through the input buffer again, this time adding
* entries to the output buffer for each option requested.
* Note, sanity of option header, last option etc, verified
* in first pass.
*/
/*
* Failure means option is not recognized. Copy input
* buffer as is
*/
if (len < 0) {
} else {
}
} /* end for loop */
/* Record the final length. */
/* Ditch the input buffer. */
break;
case T_NEGOTIATE:
/*
* Here we are expecting that the response buffer is exactly
* the same size as the input buffer. We pass each opthdr
* to the protocol's set function. If the protocol doesn't
* like it, it can update the value in it return argument.
*/
/*
* Pass each negotiated option through the protocol set
* function.
* Note: sanity check on option header values done in first
* pass and not repeated here.
*/
int error;
/*
* Treat positive "errors" as real.
* Note: negative errors are to be treated as
* non-fatal by svr4_optcom_req() and are
* returned by setfn() when it is passed an
* option it does not handle. Since the option
* passed proto_opt_lookup(), it is implied that
* it is valid but was either handled upstream
* or will be handled downstream.
*/
if (error > 0) {
return;
}
/*
* error < 0 means option is not recognized.
*/
}
break;
default:
return;
}
/* Set common fields in the header. */
return;
bad_opt:;
}
/*
*/
void
{
struct T_optmgmt_ack *toa;
struct T_optmgmt_req *tor =
/* Verify message integrity. */
return;
}
/* Verify MGMT_flags legal */
switch (tor->MGMT_flags) {
case T_DEFAULT:
case T_NEGOTIATE:
case T_CURRENT:
case T_CHECK:
/* OK - legal request flags */
break;
default:
return;
}
/*
* In this design, there are two passes required on the input buffer
* mostly to accomodate variable length options and "T_ALLOPT" option
* which has the semantics "all options of the specified level".
*
* For T_DEFAULT, T_NEGOTIATE, T_CURRENT, and T_CHECK requests, we make
* a pass through the input buffer validating the details and making
* sure each option is supported by the protocol. We also determine the
* length of the option buffer to return. (Variable length options and
* T_ALLOPT mean that length can be different for output buffer).
*/
toa_len = 0; /* initial value */
/*
* First pass, we do the following
* - estimate cumulative length needed for results
* - set "status" field based on permissions, option header check
* etc.
*/
&toa_len)) != 0) {
return;
}
/*
* A validation phase of the input buffer is done. We have also
* obtained the length requirement and and other details about the
* input and we liked input buffer so far. We make another scan
* through the input now and generate the output necessary to complete
* the operation.
*/
if (!toa_mp) {
return;
}
/*
* Set initial values for generating output.
*/
/*
* This routine makes another pass through the option buffer this
* time acting on the request based on "status" result in the
* first pass. It also performs "expansion" of T_ALLOPT into
* all options of a certain level and acts on each for this request.
*/
&worst_status)) != 0) {
return;
}
/*
* Following code relies on the coincidence that T_optmgmt_req
* and T_optmgmt_ack are identical in binary representation
*/
sizeof (struct T_optmgmt_ack)));
}
/*
* Following routine makes a pass through option buffer in mp and performs the
* following tasks.
* - estimate cumulative length needed for results
* - set "status" field based on permissions, option header check
* etc.
*/
static t_scalar_t
{
struct T_optmgmt_req *tor =
return (TBADOPT);
}
if (!__TPI_TOPT_ISALIGNED(opt_start))
return (TBADOPT);
/*
* Validate the option for length and alignment
* before accessing anything in it.
*/
return (TBADOPT);
/* Find the option in the opt_arr. */
/*
* Option not found
*
* Verify if level is "valid" or not.
* Note: This check is required by XTI
*
* TPI provider always initializes
* the "not supported" (or whatever) status
* for the options. Other levels leave status
* unchanged if they do not understand an
* option.
*/
return (TBADOPT);
/*
* level is valid - initialize
* option as not supported
*/
continue;
}
} else {
/*
* Handle T_ALLOPT case as a special case.
* Note: T_ALLOPT does not mean anything
* for T_CHECK operation.
*/
allopt_len = 0;
opt_arr, opt_arr_cnt)) == 0)) {
/*
* This is confusing but correct !
* It is not valid to to use T_ALLOPT with
* T_CHECK flag.
*
* opt_level_allopts_lengths() is used to verify
* that "level" associated with the T_ALLOPT is
* supported.
*
*/
continue;
}
*toa_lenp += allopt_len;
continue;
}
/* Additional checks dependent on operation. */
switch (tor->MGMT_flags) {
case T_DEFAULT:
case T_CURRENT:
/*
* The proto_opt_lookup() routine call above approved of
* this option so we can work on the status for it
* based on the permissions for the operation. (This
* can override any status for it set at higher levels)
* We assume this override is OK since chkfn at this
* level approved of this option.
*
* T_CURRENT semantics:
* The read access is required. Else option
* status is T_NOTSUPPORT.
*
* T_DEFAULT semantics:
* Note: specification is not clear on this but we
* interpret T_DEFAULT semantics such that access to
* read value is required for access even the default
* value. Otherwise the option status is T_NOTSUPPORT.
*/
/* skip to next */
continue;
}
/*
* We know that read access is set. If no other access
* is set, then status is T_READONLY.
*/
else
/*
* Option passes all checks. Make room for it in the
* ack. Note: size stored in table does not include
* space for option header.
*/
break;
case T_CHECK:
case T_NEGOTIATE:
/*
* T_NEGOTIATE semantics:
* If for fixed length option value on input is not the
* same as value supplied, then status is T_FAILURE.
*
* T_CHECK semantics:
* If value is supplied, semantics same as T_NEGOTIATE.
* It is however ok not to supply a value with T_CHECK.
*/
/*
* Implies "value" is specified in T_CHECK or
* it is a T_NEGOTIATE request.
* Verify size.
* Note: This can override anything about this
* option request done at a higher level.
*/
/* bad size */
continue;
}
}
/*
* The proto_opt_lookup() routine above() approved of
* this option so we can work on the status for it based
* on the permissions for the operation. (This can
* override anything set at a higher level).
*
* T_CHECK/T_NEGOTIATE semantics:
* Set status to T_READONLY if read is the only access
* permitted
*/
/* skip to next */
continue;
}
/*
* T_CHECK/T_NEGOTIATE semantics:
* If write (or execute) access is not set, then status
* is T_NOTSUPPORT.
*/
/* skip to next option */
continue;
}
/*
* Option passes all checks. Make room for it in the
* ack and set success in status.
* Note: size stored in table does not include header
* length.
*/
break;
default:
return (TBADFLAG);
}
} /* for loop scanning input buffer */
return (0); /* OK return */
}
/*
* This routine makes another pass through the option buffer this
* time acting on the request based on "status" result in the
* first pass. It also performs "expansion" of T_ALLOPT into
* all options of a certain level and acts on each for this request.
*/
static t_scalar_t
{
int failed_option;
sizeof (struct T_optmgmt_ack); /* assumed int32_t aligned */
/*
* Set initial values for scanning input
*/
return (TBADOPT);
/* verified in first pass */
/*
* If the first pass in process_topthdrs_first_pass()
* has marked the option as a failure case for the MGMT_flags
* semantics then there is not much to do.
*
* Note: For all practical purposes, T_READONLY status is
*/
if (failed_option) {
/*
* input values, even if present, are to be ignored.
* Note: Specification is not clear on this, but we
* interpret that even though we ignore the values, we
* can return them as is. So we process them similar to
* T_CHECK/T_NEGOTIATE case which has the semantics to
* return the values as is. XXX If interpretation is
* ever determined incorrect fill in appropriate code
*
* According to T_CHECK/T_NEGOTIATE semantics,
* in the case of T_NOTSUPPORT/T_FAILURE/T_READONLY,
* the semantics are to return the "value" part of
* option untouched. So here we copy the option
* head including value part if any to output.
*/
/* skip to process next option in buffer */
continue;
} /* end if "failed option" */
/*
* The status is T_SUCCESS or T_READONLY
* We process the value part here
*/
switch (tor->MGMT_flags) {
case T_DEFAULT:
/*
* We fill default value from table or protocol specific
* function. If this call fails, we pass input through.
*/
}
break;
case T_CURRENT:
dbobjp);
break;
case T_CHECK:
case T_NEGOTIATE:
else /* T_NEGOTIATE */
break;
default:
return (TBADFLAG);
}
} /* end for loop scanning option buffer */
return (0); /* OK return */
}
static t_uscalar_t
{
/*
* Return the "worst" among the arguments "status" and
* "current_worst_status".
*
* Note: Tracking "worst_status" can be made a bit simpler
* if we use the property that status codes are bitwise
* distinct.
*
* The pecking order is
*
* T_SUCCESS ..... best
* T_PARTSUCCESS
* T_FAILURE
* T_READONLY
* T_NOTSUPPORT... worst
*/
if (status == current_worst_status)
return (current_worst_status);
switch (current_worst_status) {
case T_SUCCESS:
if (status == T_PARTSUCCESS)
return (T_PARTSUCCESS);
/* FALLTHROUGH */
case T_PARTSUCCESS:
return (T_FAILURE);
/* FALLTHROUGH */
case T_FAILURE:
if (status == T_READONLY)
return (T_READONLY);
/* FALLTHROUGH */
case T_READONLY:
if (status == T_NOTSUPPORT)
return (T_NOTSUPPORT);
/* FALLTHROUGH */
case T_NOTSUPPORT:
default:
return (current_worst_status);
}
}
static int
{
/*
* lookup the option in the table and fill default value
*/
/* Calling routine should have verified it it exists */
/* header only, no default "value" part */
} else {
int deflen;
if (deflen >= 0) {
} else {
/*
* return error, this should 'pass
* through' the option and maybe some
* other level will fill it in or
* already did.
* (No change in 'resptrp' upto here)
*/
return (-1);
}
} else {
/* fill length and value part */
switch (optd->opdes_size) {
/*
* Since options are guaranteed aligned only
* on a 4 byte boundary (t_scalar_t) any
* option that is greater in size will default
* to the bcopy below
*/
case sizeof (int32_t):
break;
case sizeof (int16_t):
break;
case sizeof (int8_t):
break;
default:
/*
* other length but still assume
* fixed - use bcopy
*/
optd->opdes_size);
break;
}
sizeof (struct T_opthdr));
}
}
return (0); /* OK return */
}
/*
* T_ALLOPT processing
*
* lookup and stuff default values of all the options of the
* level specified
*/
continue;
/*
*
* T_DEFAULT semantics:
* XXX: we interpret T_DEFAULT semantics such that access to
* read value is required for access even the default value.
* Else option is ignored for T_ALLOPT request.
*/
/* skip this one */
continue;
/*
* Found option of same level as T_ALLOPT request
* that we can return.
*/
/*
* T_DEFAULT semantics:
* We know that read access is set. If no other access is set,
* then status is T_READONLY
*/
} else {
/*
* Note: *worst_statusp has to be T_SUCCESS or
* worse so no need to adjust
*/
}
/* header only, no value part */
} else {
int deflen;
if (deflen >= 0) {
sizeof (struct T_opthdr));
} else {
/*
* deffn failed.
* return just the header as T_ALLOPT
* expansion.
* Some other level deffn may
* supply value part.
*/
}
} else {
/*
* fill length and value part from
* table
*/
switch (optd->opdes_size) {
/*
* Since options are guaranteed aligned only
* on a 4 byte boundary (t_scalar_t) any
* option that is greater in size will default
* to the bcopy below
*/
case sizeof (int32_t):
break;
case sizeof (int16_t):
break;
case sizeof (int8_t):
break;
default:
/*
* other length but still assume
* fixed - use bcopy
*/
optd->opdes_size);
}
sizeof (struct T_opthdr));
}
}
}
return (0);
}
static void
{
int optlen;
/*
* We call getfn to get the current value of an option. The call may
* fail in which case we copy the values from the input buffer. Maybe
* something downstream will fill it in or something upstream did.
*/
if (optlen >= 0) {
sizeof (struct T_opthdr));
} else {
/* failed - reset "*resptrp" pointer */
}
} else { /* T_ALLOPT processing */
/* scan and get all options */
/* skip other levels */
continue;
/* skip this one */
continue;
/* get option of this level */
*resptrp);
if (optlen >= 0) {
/* success */
sizeof (struct T_opthdr));
else
} else {
/*
* failed, return as T_FAILURE and null value
* part. Maybe something downstream will
* handle this one and fill in a value. Here
* it is just part of T_ALLOPT expansion.
*/
}
} /* end for loop */
}
/*
* getfn failed and does not want to handle this option.
*/
}
}
static void
{
int error;
if (error) {
/* failed - reset "*resptrp" */
} else {
/*
* success - "value" already filled in setfn()
*/
sizeof (struct T_opthdr));
}
} else { /* T_ALLOPT processing */
/* only for T_NEGOTIATE case */
/* scan and set all options to default value */
/* skip other levels */
continue;
/*
* skip this one too. Does not make sense to
* set anything to default value for "execute"
* options.
*/
continue;
}
/*
* Return with T_READONLY status (and no value
* part). Note: spec is not clear but
* XTI test suite needs this.
*/
continue;
}
/*
* It is not read only or execute type
* the it must have write permission
*/
/*
* Option of "no default value" so it does not
* make sense to try to set it. We just return
* header with status of T_SUCCESS
* XXX should this be failure ?
*/
continue; /* skip setting */
}
/* XXX - skip these too */
continue; /* skip setting */
}
} else {
}
/* set option of this level */
if (error) {
/*
* failed, return as T_FAILURE and null value
* part. Maybe something downstream will
* handle this one and fill in a value. Here
* it is just part of T_ALLOPT expansion.
*/
} else {
/* success */
}
} /* end for loop */
/* END T_ALLOPT */
}
/*
* setfn failed and does not want to handle this option.
*/
}
}
/*
* The following routines process options buffer passed with
* T_CONN_REQ, T_CONN_RES and T_UNITDATA_REQ.
* This routine does the consistency check applied to the
* sanity of formatting of multiple options packed in the
* buffer.
*
* XTI brain damage alert:
* XTI interface adopts the notion of an option being an
* "absolute requirement" from OSI transport service (but applies
* it to all transports including Internet transports).
* The main effect of that is action on failure to "negotiate" a
* requested option to the exact requested value
*
* - if the option is an "absolute requirement", the primitive
* is aborted (e.g T_DISCON_REQ or T_UDERR generated)
* - if the option is NOT and "absolute requirement" it can
* just be ignored.
*
* We would not support "negotiating" of options on connection
* primitives for Internet transports. However just in case we
* forced to in order to pass strange test suites, the design here
* tries to support these notions.
*
* tpi_optcom_buf(q, mp, opt_lenp, opt_offset, cred, dbobjp, thisdg_attrs,
* *is_absreq_failurep)
*
* - Verify the option buffer, if formatted badly, return error 1
*
* - If it is a "permissions" failure (read-only), return error 2
*
* - Else, process the option "in place", the following can happen,
* - if a "privileged" option, mark it as "ignored".
* - if "not supported", mark "ignored"
* - if "supported" attempt negotiation and fill result in
* the outcome
* - if "absolute requirement", set "*is_absreq_failurep"
* - if NOT an "absolute requirement", then our
* interpretation is to mark is at ignored if
* negotiation fails (Spec allows partial success
* as in OSI protocols but not failure)
*
* Then delete "ignored" options from option buffer and return success.
*
*/
int
void *thisdg_attrs, int *is_absreq_failurep)
{
int error = 0;
copy_mp_head = NULL;
*is_absreq_failurep = 0;
case T_CONN_REQ:
case T_CONN_RES:
break;
case T_UNITDATA_REQ:
break;
default:
/*
* should never get here, all possible TPI primitives
* where this can be called from should be accounted
* for in the cases above
*/
return (EINVAL);
}
error = ENOPROTOOPT;
goto error_ret;
}
if (!__TPI_TOPT_ISALIGNED(opt_start)) {
error = ENOPROTOOPT;
goto error_ret;
}
+ *opt_lenp);
goto error_ret;
}
/*
* Validate the option for length and alignment
* before accessing anything in it
*/
error = ENOPROTOOPT;
goto error_ret;
}
/* Find the option in the opt_arr. */
/*
* Option not found
*/
continue;
}
/*
* Weird but as in XTI spec.
* Sec 6.3.6 "Privileged and ReadOnly Options"
* Permission problems (e.g.readonly) fail with bad access
* BUT "privileged" option request from those NOT PRIVILEGED
* are to be merely "ignored".
* XXX Prevents "probing" of privileged options ?
*/
goto error_ret;
}
/*
* For privileged options, we DO perform
* access checks as is common sense
*/
if (!OA_WX_ANYPRIV(optd)) {
goto error_ret;
}
} else {
/*
* For non privileged, we fail instead following
* "ignore" semantics dictated by XTI spec for
* permissions problems.
* Sec 6.3.6 "Privileged and ReadOnly Options"
* XXX Should we do "ignore" semantics ?
*/
continue;
}
}
/*
*
* If the negotiation fails, for options that
* are "absolute requirement", it is a fatal error.
* For options that are NOT "absolute requirements",
* and the value fails to negotiate, the XTI spec
* only considers the possibility of partial success
* (T_PARTSUCCES - not likely for Internet protocols).
* The spec is in denial about complete failure
* (T_FAILURE) to negotiate for options that are
* carried on T_CONN_REQ/T_CONN_RES/T_UNITDATA
* We interpret the T_FAILURE to negotiate an option
* that is NOT an absolute requirement that it is safe
* to ignore it.
*/
/* verify length */
/* bad size */
/* option is absolute requirement */
*is_absreq_failurep = 1;
goto error_ret;
}
continue;
}
/*
* verified generic attributes. Now call set function.
* Note: We assume the following to simplify code.
* XXX If this is found not to be valid, this routine
* will need to be rewritten. At this point it would
* be premature to introduce more complexity than is
* needed.
* Assumption: For variable length options, we assume
* that the value returned will be same or less length
* (size does not increase). This makes it OK to pass the
* same space for output as it is on input.
*/
thisdg_attrs, cr);
/*
* Space on output more than space on input. Should
* More of a restriction than an error in our
* implementation. Will see if we can live with this
* otherwise code will get more hairy with multiple
* passes.
*/
goto error_ret;
}
if (error != 0) {
/* option is absolute requirement. */
*is_absreq_failurep = 1;
goto error_ret;
}
/*
* failed - but option "not an absolute
* requirement"
*/
continue;
}
/*
* Fill in the only possible successful result
* (Note: TPI allows for T_PARTSUCCESS - partial
* sucess result code which is relevant in OSI world
* and not possible in Internet code)
*/
/*
* Add T_SUCCESS result code options to the "output" options.
* No T_FAILURES or T_NOTSUPPORT here as they are to be
* ignored.
* This code assumes output option buffer will
* be <= input option buffer.
*
* Copy option header+value
*/
}
/*
* Overwrite the input mblk option buffer now with the output
* and update length, and contents in original mbl
* (offset remains unchanged).
*/
if (*opt_lenp > 0) {
}
if (copy_mp_head != NULL)
return (error);
}
static boolean_t
{
for (olp = valid_level_arr;
olp++) {
return (B_TRUE);
}
return (B_FALSE);
}
/*
* Compute largest possible size for an option buffer containing
* all options in one buffer.
*
* XXX TBD, investigate use of opt_bloated_maxsize() to avoid
* wastefully large buffer allocation.
*/
static size_t
{
/*
* Scan opt_arr computing aggregate length
* requirement for storing values of all
* options.
* Note: we do not filter for permissions
* etc. This will be >= the real aggregate
* length required (upper bound).
*/
optd++) {
allopt_len += sizeof (struct T_opthdr) +
}
}
return (allopt_len); /* 0 implies level not found */
}
/*
* Compute largest possible size for an option buffer containing
* all options in one buffer - a (theoretical?) worst case scenario
* for certain cases.
*/
{
}
return (max_optbuf_len);
}
/*
* Compute largest possible size for OPT_size for a transport.
* Heuristic used is to add all but certain extremely large
* size options; this is done by calling opt_bloated_maxsize().
* The large size options excluded are presumed to be
* never accessed through the (theoretical?) worst case code paths
*/
{
if (!opt_bloated_maxsize(optd)) {
(t_uscalar_t)sizeof (struct T_opthdr) +
}
}
return (max_optbuf_len);
}
/*
* The theoretical model used in optcom_max_optsize() and
* opt_level_allopts_lengths() accounts for the worst case of all
* possible options for the theoretical cases and results in wasteful
* memory allocations for certain theoretically correct usage scenarios.
* In practice, the "features" they support are rarely, if ever,
* used and even then only by test suites for those features (VSU, VST).
* However, they result in large allocations due to the increased transport
* instance data structures for applications.
*
* The following routine opt_bloated_maxsize() supports a hack that avoids
* paying the tax for the bloated options by excluding them and pretending
* they don't exist for certain features without affecting features that
* do use them.
*
* XXX Currently implemented only for optcom_max_optsize()
* (to reduce risk late in release).
* TBD for future, investigate use in optcom_level_allopts_lengths() and
* all the instances of T_ALLOPT processing to exclude "bloated options".
* level options which are the only ones that fit the "bloated maxsize"
* option profile now.
*/
static boolean_t
{
return (B_FALSE);
switch (optd->opdes_name) {
case IPV6_HOPOPTS:
case IPV6_DSTOPTS:
case IPV6_RTHDRDSTOPTS:
case IPV6_RTHDR:
case IPV6_PATHMTU:
return (B_TRUE);
default:
break;
}
return (B_FALSE);
}
/*
* optlen is the length of the option content
* Caller should check the optlen is at least sizeof (struct T_opthdr)
*/
static boolean_t
{
/*
* Verify length.
* Value specified should match length of fixed length option or be
* less than maxlen of variable length option.
*/
return (B_TRUE);
} else {
/* fixed length option */
return (B_TRUE);
}
return (B_FALSE);
}
/*
* This routine manages the allocation and free of the space for
* an extension header or option. Returns failure if memory
* can not be allocated.
*/
int
{
/* Unchanged length - no need to reallocate */
return (0);
}
if (inlen > 0) {
/* Allocate new buffer before free */
return (ENOMEM);
} else {
}
/* Free old buffer */
if (*optlenp != 0)
if (inlen > 0)
return (0);
}
int
{
int error = EOPNOTSUPP;
/* Find the option in the opt_arr. */
return (EINVAL);
}
return (EACCES);
}
/*
* For privileged options, we DO perform
* access checks as is common sense
*/
if (!OA_WX_ANYPRIV(optd)) {
return (EACCES);
}
} else {
/*
* For non privileged, we fail instead following
* "ignore" semantics dictated by XTI spec for
* permissions problems.
*/
return (EACCES);
}
}
if (error > 0) {
return (error);
return (EINVAL);
} else {
/*
* error can be -ve if the protocol wants to
* pass the option to IP. We donot pass auxiliary
* options to IP.
*/
error = 0;
}
}
return (error);
}