xref: /titanic_50/usr/src/uts/common/inet/optcom.h (revision 7ef4fcfb0fc7aacd7f0f1de691689e450eb7325e)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License, Version 1.0 only
6  * (the "License").  You may not use this file except in compliance
7  * with the License.
8  *
9  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10  * or http://www.opensolaris.org/os/licensing.
11  * See the License for the specific language governing permissions
12  * and limitations under the License.
13  *
14  * When distributing Covered Code, include this CDDL HEADER in each
15  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16  * If applicable, add the following below this CDDL HEADER, with the
17  * fields enclosed by brackets "[]" replaced with your own identifying
18  * information: Portions Copyright [yyyy] [name of copyright owner]
19  *
20  * CDDL HEADER END
21  */
22 /*
23  * Copyright 2005 Sun Microsystems, Inc.  All rights reserved.
24  * Use is subject to license terms.
25  */
26 /* Copyright (c) 1990 Mentat Inc. */
27 
28 #ifndef	_INET_OPTCOM_H
29 #define	_INET_OPTCOM_H
30 
31 #pragma ident	"%Z%%M%	%I%	%E% SMI"
32 
33 #ifdef	__cplusplus
34 extern "C" {
35 #endif
36 
37 #if defined(_KERNEL) && defined(__STDC__)
38 
39 /* Options Description Structure */
40 typedef struct opdes_s {
41 	t_uscalar_t	opdes_name;	/* option name */
42 	t_uscalar_t	opdes_level;	/* option "level" */
43 	int	opdes_access_nopriv;	/* permissions for non-privileged */
44 	int	opdes_access_priv;	/* permissions for privileged */
45 	int	opdes_access_req_priv;	/* required privilege, OP_NP if none */
46 	int	opdes_props;	/* properties of associated with option */
47 	t_uscalar_t	opdes_size;	/* length of option */
48 					/* [ or maxlen if variable */
49 			/* length(OP_VARLEN) property set for option] */
50 	union {
51 		/*
52 		 *
53 		 * Note: C semantics:
54 		 * static initializer of "union" type assume
55 		 * the constant on RHS is of the type of the
56 		 * first member of the union. So what comes first
57 		 * is important.
58 		 */
59 #define	OPDES_DEFSZ_MAX		64
60 		int64_t  opdes_def_int64;
61 		char	opdes_def_charbuf[OPDES_DEFSZ_MAX];
62 	} opdes_def;
63 } opdes_t;
64 
65 #define	opdes_default	opdes_def.opdes_def_int64
66 #define	opdes_defbuf	opdes_def.opdes_def_charbuf
67 /*
68  * Flags to set in opdes_acces_{all,priv} fields in opdes_t
69  *
70  *	OA_R	read access
71  *	OA_W	write access
72  *	OA_RW	read-write access
73  *	OA_X	execute access
74  *
75  * Note: - semantics "execute" access used for operations excuted using
76  *		option management interface
77  *	- no bits set means this option is not visible. Some options may not
78  *	  even be visible to all but priviliged users.
79  */
80 #define	OA_R	0x1
81 #define	OA_W	0x2
82 #define	OA_X	0x4
83 
84 /*
85  * Utility macros to test permissions needed to compose more
86  * complex ones. (Only a few really used directly in code).
87  */
88 #define	OA_RW	(OA_R|OA_W)
89 #define	OA_WX	(OA_W|OA_X)
90 #define	OA_RX	(OA_R|OA_X)
91 #define	OA_RWX	(OA_R|OA_W|OA_X)
92 
93 #define	OA_ANY_ACCESS(x) ((x)->opdes_access_nopriv|(x)->opdes_access_priv)
94 #define	OA_R_NOPRIV(x)	((x)->opdes_access_nopriv & OA_R)
95 #define	OA_R_ANYPRIV(x)	(OA_ANY_ACCESS(x) & OA_R)
96 #define	OA_W_NOPRIV(x)	((x)->opdes_access_nopriv & OA_W)
97 #define	OA_X_ANYPRIV(x)	(OA_ANY_ACCESS(x) & OA_X)
98 #define	OA_X_NOPRIV(x)	((x)->opdes_access_nopriv & OA_X)
99 #define	OA_W_ANYPRIV(x)	(OA_ANY_ACCESS(x) & OA_W)
100 #define	OA_WX_NOPRIV(x)	((x)->opdes_access_nopriv & OA_WX)
101 #define	OA_WX_ANYPRIV(x)	(OA_ANY_ACCESS(x) & OA_WX)
102 #define	OA_RWX_ANYPRIV(x)	(OA_ANY_ACCESS(x) & OA_RWX)
103 #define	OA_RONLY_NOPRIV(x)	(((x)->opdes_access_nopriv & OA_RWX) == OA_R)
104 #define	OA_RONLY_ANYPRIV(x)	((OA_ANY_ACCESS(x) & OA_RWX) == OA_R)
105 
106 #define	OP_NP		(-1)			/* No privilege required */
107 #define	OP_CONFIG	(0)			/* Network configuration */
108 #define	OP_RAW		(1)			/* Raw packets */
109 #define	OP_PRIVPORT	(2)			/* Privileged ports */
110 
111 
112 /*
113  * Following macros supply the option and their privilege and
114  * are used to determine permissions.
115  */
116 #define	OA_POLICY_OK(x, c) \
117 		(secpolicy_net((c), (x)->opdes_access_req_priv, B_FALSE) == 0)
118 
119 #define	OA_POLICY_ONLY_OK(x, c) \
120 		(secpolicy_net((c), (x)->opdes_access_req_priv, B_TRUE) == 0)
121 
122 #define	OA_MATCHED_PRIV(x, c)	((x)->opdes_access_req_priv != OP_NP && \
123 		OA_POLICY_ONLY_OK((x), (c)))
124 
125 #define	OA_READ_PERMISSION(x, c)	(OA_R_NOPRIV(x) || \
126 		(OA_R_ANYPRIV(x) && OA_POLICY_OK((x), (c))))
127 
128 #define	OA_WRITE_OR_EXECUTE(x, c)	(OA_WX_NOPRIV(x) || \
129 		(OA_WX_ANYPRIV(x) && OA_POLICY_OK((x), (c))))
130 
131 #define	OA_READONLY_PERMISSION(x, c)	(OA_RONLY_NOPRIV(x) || \
132 		(OA_RONLY_ANYPRIV(x) && OA_POLICY_OK((x), (c))))
133 
134 #define	OA_WRITE_PERMISSION(x, c)	(OA_W_NOPRIV(x) || \
135 		(OA_W_ANYPRIV(x) && OA_POLICY_ONLY_OK((x), (c))))
136 
137 #define	OA_EXECUTE_PERMISSION(x, c)	(OA_X_NOPRIV(x) || \
138 		(OA_X_ANYPRIV(x) && OA_POLICY_ONLY_OK((x), (c))))
139 
140 #define	OA_NO_PERMISSION(x, c)		(OA_MATCHED_PRIV((x), (c)) ? \
141 		((x)->opdes_access_priv == 0) : ((x)->opdes_access_nopriv == 0))
142 
143 /*
144  * Other properties set in opdes_props field.
145  */
146 #define	OP_PASSNEXT	0x1	/* to pass option to next module or not */
147 #define	OP_VARLEN	0x2	/* option is varible length  */
148 #define	OP_NOT_ABSREQ	0x4	/* option is not a "absolute requirement" */
149 				/* i.e. failure to negotiate does not */
150 				/* abort primitive ("ignore" semantics ok) */
151 #define	OP_NODEFAULT	0x8	/* no concept of "default value"  */
152 #define	OP_DEF_FN	0x10	/* call a "default function" to get default */
153 				/* value, not from static table  */
154 
155 
156 /*
157  * Structure to represent attributed of option management specific
158  * to one particular layer of "transport".
159  */
160 
161 typedef	t_uscalar_t optlevel_t;
162 
163 typedef int (*opt_def_fn)(queue_t *, int, int, uchar_t *);
164 typedef int (*opt_get_fn)(queue_t *, int, int, uchar_t *);
165 typedef int (*opt_set_fn)(queue_t *, uint_t, int, int, uint_t, uchar_t *,
166     uint_t *, uchar_t *, void *, cred_t *, mblk_t *);
167 
168 typedef struct optdb_obj {
169 	opt_def_fn	odb_deffn;	/* default value function */
170 	opt_get_fn	odb_getfn;	/* get function */
171 	opt_set_fn	odb_setfn;	/* set function */
172 	boolean_t	odb_topmost_tpiprovider; /* whether topmost tpi */
173 					/* provider or downstream */
174 	uint_t		odb_opt_arr_cnt; /* count of number of options in db */
175 	opdes_t		*odb_opt_des_arr; /* option descriptors in db */
176 	uint_t		odb_valid_levels_arr_cnt;
177 					/* count of option levels supported */
178 	optlevel_t	*odb_valid_levels_arr;
179 					/* array of option levels supported */
180 } optdb_obj_t;
181 
182 /*
183  * This is used to restart option processing. This goes inside an M_CTL
184  * which is prepended to the packet. IP may need to become exclusive on
185  * an ill for setting some options. For dg. IP_ADD_MEMBERSHIP. Since
186  * there can be more than 1 option packed in an option buffer, we need to
187  * remember where to restart option processing after resuming from a wait
188  * for exclusive condition in IP.
189  */
190 typedef struct opt_restart_s {
191 	struct	opthdr	*or_start;		/* start of option buffer */
192 	struct	opthdr	*or_end;		/* end of option buffer */
193 	struct	opthdr	*or_ropt;		/* restart option here */
194 	t_uscalar_t	or_worst_status;	/* Used by tpi_optcom_req */
195 	t_uscalar_t	or_type;		/* svr4 or tpi optcom variant */
196 	int		or_private;		/* currently used by CGTP */
197 } opt_restart_t;
198 /*
199  * Values for "optset_context" parameter passed to
200  * transport specific "setfn()" routines
201  */
202 #define	SETFN_OPTCOM_CHECKONLY		1 /* "checkonly" semantics T_CHECK */
203 #define	SETFN_OPTCOM_NEGOTIATE		2 /* semantics for T_*_OPTCOM_REQ */
204 #define	SETFN_UD_NEGOTIATE		3 /* semantics for T_UNITDATA_REQ */
205 #define	SETFN_CONN_NEGOTIATE		4 /* semantics for T_CONN_*_REQ */
206 
207 /*
208  * Object to represent database of options to search passed to
209  * {sock,tpi}optcom_req() interface routine to take care of option
210  * management and associated methods.
211  */
212 extern optdb_obj_t tcp_opt_obj;
213 extern optdb_obj_t udp_opt_obj;
214 extern optdb_obj_t ip_opt_obj;
215 
216 extern uint_t	tcp_max_optsize;
217 extern uint_t	udp_max_optsize;
218 
219 /*
220  * Function prototypes
221  */
222 extern void optcom_err_ack(queue_t *, mblk_t *, t_scalar_t, int);
223 extern int svr4_optcom_req(queue_t *, mblk_t *, cred_t *, optdb_obj_t *);
224 extern int tpi_optcom_req(queue_t *, mblk_t *, cred_t *, optdb_obj_t *);
225 extern int  tpi_optcom_buf(queue_t *, mblk_t *, t_scalar_t *, t_scalar_t,
226     cred_t *, optdb_obj_t *, void *, int *);
227 extern t_uscalar_t optcom_max_optsize(opdes_t *, uint_t);
228 
229 #endif	/* defined(_KERNEL) && defined(__STDC__) */
230 
231 #ifdef	__cplusplus
232 }
233 #endif
234 
235 #endif	/* _INET_OPTCOM_H */
236