xref: /illumos-gate/usr/src/uts/common/inet/snmpcom.c (revision 63360950109af2ce85a962ca61f40b8782f11100)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright 2007 Sun Microsystems, Inc.  All rights reserved.
23  * Use is subject to license terms.
24  */
25 /* Copyright (c) 1990 Mentat Inc. */
26 
27 #pragma ident	"%Z%%M%	%I%	%E% SMI"
28 
29 /*
30  * This file contains common code for handling Options Management requests
31  * for SNMP/MIB.
32  */
33 
34 #include <sys/types.h>
35 #include <sys/stream.h>
36 #include <sys/stropts.h>
37 #include <sys/errno.h>
38 #define	_SUN_TPI_VERSION 2
39 #include <sys/tihdr.h>
40 #include <sys/ddi.h>
41 #include <sys/cmn_err.h>
42 #include <sys/policy.h>
43 
44 #include <sys/socket.h>
45 #include <netinet/in.h>
46 
47 #include <inet/common.h>
48 #include <inet/mi.h>
49 #include <inet/mib2.h>
50 #include <inet/optcom.h>
51 #include <inet/snmpcom.h>
52 
53 #include <inet/ip.h>
54 #include <inet/ip6.h>
55 #include <inet/tcp.h>
56 #include <inet/udp_impl.h>
57 
58 #define	DEFAULT_LENGTH	sizeof (long)
59 #define	DATA_MBLK_SIZE	1024
60 #define	TOAHDR_SIZE	(sizeof (struct T_optmgmt_ack) +\
61 	sizeof (struct opthdr))
62 
63 /* SNMP Option Request Structure */
64 typedef struct sor_s {
65 	int	sor_group;
66 	int	sor_code;		/* MIB2 index value */
67 	int	sor_size;
68 } sor_t;
69 
70 /*
71  * Validation Table for set requests.
72  */
73 static sor_t	req_arr[] = {
74 	{ MIB2_IP,	1,	sizeof (int)			},
75 	{ MIB2_IP,	2,	sizeof (int)			},
76 	{ MIB2_IP,	21,	sizeof (mib2_ipRouteEntry_t)	},
77 	{ MIB2_IP,	22,	sizeof (mib2_ipNetToMediaEntry_t)},
78 	{ MIB2_TCP,	13,	sizeof (mib2_tcpConnEntry_t)	}
79 };
80 
81 /*
82  * Binary compatibility to what used to be T_CURRENT in older releases.
83  * Unfortunately, the binary chosen for it was different and used by
84  * T_PARTSUCCESS in the new name space. However T_PARTSUCESS is only
85  * anticiapted in new T_OPTMGM_REQ (and not O_T_OPTMGMT_REQ messages).
86  * Only a test for TBADFLAG which uses one of the MIB option levels
87  * may have trouble with this provision for binary compatibility.
88  */
89 #define	OLD_T_CURRENT	0x100	/* same value as T_PARTSUCCESS */
90 
91 /*
92  * MIB info returned in data part of M_PROTO msg.  All info for a single
93  * request is appended in a chain of mblk's off of the M_PROTO T_OPTMGMT_ACK
94  * ctl buffer.
95  */
96 int
97 snmp_append_data(mblk_t *mpdata, char *blob, int len)
98 {
99 
100 	if (!mpdata)
101 		return (0);
102 	while (mpdata->b_cont)
103 		mpdata = mpdata->b_cont;
104 	if (mpdata->b_wptr + len >= mpdata->b_datap->db_lim) {
105 		mpdata->b_cont = allocb(DATA_MBLK_SIZE, BPRI_HI);
106 		mpdata = mpdata->b_cont;
107 		if (!mpdata)
108 			return (0);
109 	}
110 	bcopy(blob, (char *)mpdata->b_wptr, len);
111 	mpdata->b_wptr += len;
112 	return (1);
113 }
114 
115 /*
116  * Need a form which avoids O(n^2) behavior locating the end of the
117  * chain every time.  This is it.
118  */
119 int
120 snmp_append_data2(mblk_t *mpdata, mblk_t **last_mpp, char *blob, int len)
121 {
122 
123 	if (!mpdata)
124 		return (0);
125 	if (*last_mpp == NULL) {
126 		while (mpdata->b_cont)
127 			mpdata = mpdata->b_cont;
128 		*last_mpp = mpdata;
129 	}
130 	if ((*last_mpp)->b_wptr + len >= (*last_mpp)->b_datap->db_lim) {
131 		(*last_mpp)->b_cont = allocb(DATA_MBLK_SIZE, BPRI_HI);
132 		*last_mpp = (*last_mpp)->b_cont;
133 		if (!*last_mpp)
134 			return (0);
135 	}
136 	bcopy(blob, (char *)(*last_mpp)->b_wptr, len);
137 	(*last_mpp)->b_wptr += len;
138 	return (1);
139 }
140 
141 /*
142  * SNMP requests are issued using putmsg() on a stream containing all
143  * relevant modules.  The ctl part contains a O_T_OPTMGMT_REQ message,
144  * and the data part is NULL
145  * to process this msg. If snmpcom_req() returns FALSE, then the module
146  * will try optcom_req to see if its some sort of SOCKET or IP option.
147  * snmpcom_req returns TRUE whenever the first option is recognized as
148  * an SNMP request, even if a bad one.
149  *
150  * "get" is done by a single O_T_OPTMGMT_REQ with MGMT_flags set to T_CURRENT.
151  * All modules respond with one or msg's about what they know.  Responses
152  * are in T_OPTMGMT_ACK format.  The opthdr level/name fields identify what
153  * is begin returned, the len field how big it is (in bytes).  The info
154  * itself is in the data portion of the msg.  Fixed length info returned
155  * in one msg; each table in a separate msg.
156  *
157  * setfn() returns 1 if things ok, 0 if set request invalid or otherwise
158  * messed up.
159  *
160  * If the passed q is at the bottom of the module chain (q_next == NULL,
161  * a ctl msg with req->name, level, len all zero is sent upstream.  This
162  * is and EOD flag to the caller.
163  *
164  * IMPORTANT:
165  * - The msg type is M_PROTO, not M_PCPROTO!!!  This is by design,
166  *   since multiple messages will be sent to stream head and we want
167  *   them queued for reading, not discarded.
168  * - All requests which match a table entry are sent to all get/set functions
169  *   of each module.  The functions must simply ignore requests not meant
170  *   for them: getfn() returns 0, setfn() returns 1.
171  */
172 boolean_t
173 snmpcom_req(queue_t *q, mblk_t *mp, pfi_t setfn, pfi_t getfn, cred_t *credp)
174 {
175 	mblk_t			*mpctl;
176 	struct opthdr		*req;
177 	struct opthdr		*next_req;
178 	struct opthdr		*req_end;
179 	struct opthdr		*req_start;
180 	sor_t			*sreq;
181 	struct T_optmgmt_req	*tor = (struct T_optmgmt_req *)mp->b_rptr;
182 	struct T_optmgmt_ack	*toa;
183 	boolean_t		pass_to_ip = B_FALSE;
184 
185 	if (mp->b_cont) {	/* don't deal with multiple mblk's */
186 		freemsg(mp->b_cont);
187 		mp->b_cont = (mblk_t *)0;
188 		optcom_err_ack(q, mp, TSYSERR, EBADMSG);
189 		return (B_TRUE);
190 	}
191 	if ((mp->b_wptr - mp->b_rptr) < sizeof (struct T_optmgmt_req) ||
192 	    !(req_start = (struct opthdr *)mi_offset_param(mp,
193 		tor->OPT_offset, tor->OPT_length)))
194 		goto bad_req1;
195 	if (! __TPI_OPT_ISALIGNED(req_start))
196 		goto bad_req1;
197 
198 	/*
199 	 * if first option not in the MIB2 or EXPER range, return false so
200 	 * optcom_req can scope things out.  Otherwise it's passed to each
201 	 * calling module to process or ignore as it sees fit.
202 	 */
203 	if ((!(req_start->level >= MIB2_RANGE_START &&
204 			req_start->level <= MIB2_RANGE_END)) &&
205 	    (!(req_start->level >= EXPER_RANGE_START &&
206 			req_start->level <= EXPER_RANGE_END)))
207 		return (B_FALSE);
208 
209 	if (setfn == tcp_snmp_set || setfn == udp_snmp_set ||
210 	    getfn == tcp_snmp_get || getfn == udp_snmp_get)
211 		pass_to_ip = B_TRUE;
212 
213 	switch (tor->MGMT_flags) {
214 
215 	case T_NEGOTIATE:
216 		if (secpolicy_ip_config(credp, B_FALSE) != 0) {
217 			optcom_err_ack(q, mp, TACCES, 0);
218 			return (B_TRUE);
219 		}
220 		req_end = (struct opthdr *)((uchar_t *)req_start +
221 			tor->OPT_length);
222 		for (req = req_start; req < req_end; req = next_req) {
223 			next_req =
224 				(struct opthdr *)((uchar_t *)&req[1] +
225 				_TPI_ALIGN_OPT(req->len));
226 			if (next_req > req_end)
227 				goto bad_req2;
228 			for (sreq = req_arr; sreq < A_END(req_arr); sreq++) {
229 				if (req->level == sreq->sor_group &&
230 				    req->name == sreq->sor_code)
231 					break;
232 			}
233 			if (sreq >= A_END(req_arr))
234 				goto bad_req3;
235 			if (!(*setfn)(q, req->level, req->name,
236 				(uchar_t *)&req[1], req->len))
237 				goto bad_req4;
238 		}
239 		if (q->q_next != NULL)
240 			putnext(q, mp);
241 		else if (pass_to_ip)
242 			ip_output(Q_TO_CONN(q), mp, q, IP_WPUT);
243 		else
244 			freemsg(mp);
245 		return (B_TRUE);
246 
247 	case OLD_T_CURRENT:
248 	case T_CURRENT:
249 		mpctl = allocb(TOAHDR_SIZE, BPRI_MED);
250 		if (!mpctl) {
251 			optcom_err_ack(q, mp, TSYSERR, ENOMEM);
252 			return (B_TRUE);
253 		}
254 		mpctl->b_cont = allocb(DATA_MBLK_SIZE, BPRI_MED);
255 		if (!mpctl->b_cont) {
256 			freemsg(mpctl);
257 			optcom_err_ack(q, mp, TSYSERR, ENOMEM);
258 			return (B_TRUE);
259 		}
260 		mpctl->b_datap->db_type = M_PROTO;
261 		mpctl->b_wptr += TOAHDR_SIZE;
262 		toa = (struct T_optmgmt_ack *)mpctl->b_rptr;
263 		toa->PRIM_type = T_OPTMGMT_ACK;
264 		toa->OPT_offset = sizeof (struct T_optmgmt_ack);
265 		toa->OPT_length = sizeof (struct opthdr);
266 		toa->MGMT_flags = T_SUCCESS;
267 		if (!(*getfn)(q, mpctl))
268 			freemsg(mpctl);
269 		/*
270 		 * all data for this module has now been sent upstream.  If
271 		 * this is bottom module of stream, send up an EOD ctl msg,
272 		 * otherwise pass onto the next guy for processing.
273 		 */
274 		if (q->q_next != NULL) {
275 			putnext(q, mp);
276 			return (B_TRUE);
277 		} else if (pass_to_ip) {
278 			ip_output(Q_TO_CONN(q), mp, q, IP_WPUT);
279 			return (B_TRUE);
280 		}
281 		if (mp->b_cont) {
282 			freemsg(mp->b_cont);
283 			mp->b_cont = NULL;
284 		}
285 		mpctl = reallocb(mp, TOAHDR_SIZE, 1);
286 		if (!mpctl) {
287 			optcom_err_ack(q, mp, TSYSERR, ENOMEM);
288 			return (B_TRUE);
289 		}
290 		mpctl->b_datap->db_type = M_PROTO;
291 		mpctl->b_wptr = mpctl->b_rptr + TOAHDR_SIZE;
292 		toa = (struct T_optmgmt_ack *)mpctl->b_rptr;
293 		toa->PRIM_type = T_OPTMGMT_ACK;
294 		toa->OPT_offset = sizeof (struct T_optmgmt_ack);
295 		toa->OPT_length = sizeof (struct opthdr);
296 		toa->MGMT_flags = T_SUCCESS;
297 		req = (struct opthdr *)&toa[1];
298 		req->level = 0;
299 		req->name = 0;
300 		req->len = 0;
301 		qreply(q, mpctl);
302 		return (B_TRUE);
303 
304 	default:
305 		optcom_err_ack(q, mp, TBADFLAG, 0);
306 		return (B_TRUE);
307 	}
308 
309 bad_req1:;
310 	printf("snmpcom bad_req1\n");
311 	goto bad_req;
312 bad_req2:;
313 	printf("snmpcom bad_req2\n");
314 	goto bad_req;
315 bad_req3:;
316 	printf("snmpcom bad_req3\n");
317 	goto bad_req;
318 bad_req4:;
319 	printf("snmpcom bad_req4\n");
320 	/* FALLTHRU */
321 bad_req:;
322 	optcom_err_ack(q, mp, TBADOPT, 0);
323 	return (B_TRUE);
324 
325 }
326