The branch stable/14 has been updated by markj:
URL:
https://cgit.FreeBSD.org/src/commit/?id=ff45a1ca2e7a06cbbae3722f0a37733421d07023
commit ff45a1ca2e7a06cbbae3722f0a37733421d07023
Author: Mark Johnston <ma...@freebsd.org>
AuthorDate: 2025-02-06 14:14:23 +0000
Commit: Mark Johnston <ma...@freebsd.org>
CommitDate: 2025-02-21 01:04:49 +0000
inpcb: Add a flags parameter to in_pcbbind()
Add a flag, INPBIND_FIB, which means that the inpcb is local to its FIB
number. When this flag is specified, duplicate bindings are permitted,
so long as each FIB contains at most one inpcb bound to the same
address/port. If an inpcb is bound with this flag, it'll have the
INP_BOUNDFIB flag set.
No functional change intended.
Reviewed by: glebius
MFC after: 2 weeks
Sponsored by: Klara, Inc.
Sponsored by: Stormshield
Differential Revision: https://reviews.freebsd.org/D48661
(cherry picked from commit bbd0084baf7539c7042ce94f8c6770210f83f765)
---
sys/netinet/in_pcb.c | 37 +++++++++++++++++++++++++------------
sys/netinet/in_pcb.h | 9 +++++----
sys/netinet/tcp_usrreq.c | 10 +++++-----
sys/netinet/udp_usrreq.c | 4 ++--
sys/netinet6/in6_pcb.c | 18 +++++++++++++-----
sys/netinet6/in6_pcb.h | 2 +-
sys/netinet6/udp6_usrreq.c | 4 ++--
7 files changed, 53 insertions(+), 31 deletions(-)
diff --git a/sys/netinet/in_pcb.c b/sys/netinet/in_pcb.c
index 84229ce39eb2..25b1d51e4a79 100644
--- a/sys/netinet/in_pcb.c
+++ b/sys/netinet/in_pcb.c
@@ -256,7 +256,7 @@ static void in_pcbremhash(struct inpcb *);
static struct inpcblbgroup *
in_pcblbgroup_alloc(struct ucred *cred, u_char vflag, uint16_t port,
- const union in_dependaddr *addr, int size, uint8_t numa_domain)
+ const union in_dependaddr *addr, int size, uint8_t numa_domain, int fib)
{
struct inpcblbgroup *grp;
size_t bytes;
@@ -269,6 +269,7 @@ in_pcblbgroup_alloc(struct ucred *cred, u_char vflag,
uint16_t port,
grp->il_vflag = vflag;
grp->il_lport = port;
grp->il_numa_domain = numa_domain;
+ grp->il_fibnum = fib;
grp->il_dependladdr = *addr;
grp->il_inpsiz = size;
return (grp);
@@ -319,7 +320,7 @@ in_pcblbgroup_resize(struct inpcblbgrouphead *hdr,
grp = in_pcblbgroup_alloc(old_grp->il_cred, old_grp->il_vflag,
old_grp->il_lport, &old_grp->il_dependladdr, size,
- old_grp->il_numa_domain);
+ old_grp->il_numa_domain, old_grp->il_fibnum);
if (grp == NULL)
return (NULL);
@@ -347,12 +348,16 @@ in_pcbinslbgrouphash(struct inpcb *inp, uint8_t
numa_domain)
struct inpcblbgrouphead *hdr;
struct inpcblbgroup *grp;
uint32_t idx;
+ int fib;
pcbinfo = inp->inp_pcbinfo;
INP_WLOCK_ASSERT(inp);
INP_HASH_WLOCK_ASSERT(pcbinfo);
+ fib = (inp->inp_flags & INP_BOUNDFIB) != 0 ?
+ inp->inp_inc.inc_fibnum : RT_ALL_FIBS;
+
#ifdef INET6
/*
* Don't allow IPv4 mapped INET6 wild socket.
@@ -371,6 +376,7 @@ in_pcbinslbgrouphash(struct inpcb *inp, uint8_t numa_domain)
grp->il_vflag == inp->inp_vflag &&
grp->il_lport == inp->inp_lport &&
grp->il_numa_domain == numa_domain &&
+ grp->il_fibnum == fib &&
memcmp(&grp->il_dependladdr,
&inp->inp_inc.inc_ie.ie_dependladdr,
sizeof(grp->il_dependladdr)) == 0) {
@@ -381,7 +387,7 @@ in_pcbinslbgrouphash(struct inpcb *inp, uint8_t numa_domain)
/* Create new load balance group. */
grp = in_pcblbgroup_alloc(inp->inp_cred, inp->inp_vflag,
inp->inp_lport, &inp->inp_inc.inc_ie.ie_dependladdr,
- INPCBLBGROUP_SIZMIN, numa_domain);
+ INPCBLBGROUP_SIZMIN, numa_domain, fib);
if (grp == NULL)
return (ENOBUFS);
in_pcblbgroup_insert(grp, inp);
@@ -675,7 +681,8 @@ out:
#ifdef INET
int
-in_pcbbind(struct inpcb *inp, struct sockaddr_in *sin, struct ucred *cred)
+in_pcbbind(struct inpcb *inp, struct sockaddr_in *sin, int flags,
+ struct ucred *cred)
{
int anonport, error;
@@ -690,12 +697,13 @@ in_pcbbind(struct inpcb *inp, struct sockaddr_in *sin,
struct ucred *cred)
return (EINVAL);
anonport = sin == NULL || sin->sin_port == 0;
error = in_pcbbind_setup(inp, sin, &inp->inp_laddr.s_addr,
- &inp->inp_lport, cred);
+ &inp->inp_lport, flags, cred);
if (error)
return (error);
if (in_pcbinshash(inp) != 0) {
inp->inp_laddr.s_addr = INADDR_ANY;
inp->inp_lport = 0;
+ inp->inp_flags &= ~INP_BOUNDFIB;
return (EAGAIN);
}
if (anonport)
@@ -869,7 +877,8 @@ in_pcb_lport(struct inpcb *inp, struct in_addr *laddrp,
u_short *lportp,
*/
static int
in_pcbbind_avail(struct inpcb *inp, const struct in_addr laddr,
- const u_short lport, int sooptions, int lookupflags, struct ucred *cred)
+ const u_short lport, const int fib, int sooptions, int lookupflags,
+ struct ucred *cred)
{
int reuseport, reuseport_lb;
@@ -940,8 +949,8 @@ in_pcbbind_avail(struct inpcb *inp, const struct in_addr
laddr,
(inp->inp_cred->cr_uid != t->inp_cred->cr_uid))
return (EADDRINUSE);
}
- t = in_pcblookup_local(inp->inp_pcbinfo, laddr, lport,
- RT_ALL_FIBS, lookupflags, cred);
+ t = in_pcblookup_local(inp->inp_pcbinfo, laddr, lport, fib,
+ lookupflags, cred);
if (t != NULL && ((reuseport | reuseport_lb) &
t->inp_socket->so_options) == 0) {
#ifdef INET6
@@ -967,13 +976,12 @@ in_pcbbind_avail(struct inpcb *inp, const struct in_addr
laddr,
*/
int
in_pcbbind_setup(struct inpcb *inp, struct sockaddr_in *sin, in_addr_t *laddrp,
- u_short *lportp, struct ucred *cred)
+ u_short *lportp, int flags, struct ucred *cred)
{
struct socket *so = inp->inp_socket;
struct in_addr laddr;
u_short lport = 0;
- int lookupflags, sooptions;
- int error;
+ int error, fib, lookupflags, sooptions;
/*
* No state changes, so read locks are sufficient here.
@@ -1009,8 +1017,11 @@ in_pcbbind_setup(struct inpcb *inp, struct sockaddr_in
*sin, in_addr_t *laddrp,
}
laddr = sin->sin_addr;
+ fib = (flags & INPBIND_FIB) != 0 ? inp->inp_inc.inc_fibnum :
+ RT_ALL_FIBS;
+
/* See if this address/port combo is available. */
- error = in_pcbbind_avail(inp, laddr, lport, sooptions,
+ error = in_pcbbind_avail(inp, laddr, lport, fib, sooptions,
lookupflags, cred);
if (error != 0)
return (error);
@@ -1024,6 +1035,8 @@ in_pcbbind_setup(struct inpcb *inp, struct sockaddr_in
*sin, in_addr_t *laddrp,
}
*laddrp = laddr.s_addr;
*lportp = lport;
+ if ((flags & INPBIND_FIB) != 0)
+ inp->inp_flags |= INP_BOUNDFIB;
return (0);
}
diff --git a/sys/netinet/in_pcb.h b/sys/netinet/in_pcb.h
index 4844bbee3b54..edc05322d211 100644
--- a/sys/netinet/in_pcb.h
+++ b/sys/netinet/in_pcb.h
@@ -436,7 +436,7 @@ struct inpcblbgroup {
uint16_t il_lport; /* (c) */
u_char il_vflag; /* (c) */
uint8_t il_numa_domain;
- uint32_t il_pad2;
+ int il_fibnum;
union in_dependaddr il_dependladdr; /* (c) */
#define il_laddr il_dependladdr.id46_addr.ia46_addr4
#define il6_laddr il_dependladdr.id6_addr
@@ -578,7 +578,7 @@ void inp_4tuple_get(struct inpcb *inp, uint32_t
*laddr, uint16_t *lp,
#define INP_DROPPED 0x04000000 /* protocol drop flag */
#define INP_SOCKREF 0x08000000 /* strong socket reference */
#define INP_RESERVED_0 0x10000000 /* reserved field */
-#define INP_RESERVED_1 0x20000000 /* reserved field */
+#define INP_BOUNDFIB 0x20000000 /* Bound to a specific FIB.
*/
#define IN6P_RFC2292 0x40000000 /* used RFC2292 API on the
socket */
#define IN6P_MTU 0x80000000 /* receive path MTU */
@@ -665,9 +665,10 @@ void in_pcbstorage_destroy(void *);
void in_pcbpurgeif0(struct inpcbinfo *, struct ifnet *);
int in_pcballoc(struct socket *, struct inpcbinfo *);
-int in_pcbbind(struct inpcb *, struct sockaddr_in *, struct ucred *);
+#define INPBIND_FIB 0x0001 /* bind to the PCB's FIB only */
+int in_pcbbind(struct inpcb *, struct sockaddr_in *, int, struct ucred *);
int in_pcbbind_setup(struct inpcb *, struct sockaddr_in *, in_addr_t *,
- u_short *, struct ucred *);
+ u_short *, int, struct ucred *);
int in_pcbconnect(struct inpcb *, struct sockaddr_in *, struct ucred *,
bool);
int in_pcbconnect_setup(struct inpcb *, struct sockaddr_in *, in_addr_t *,
diff --git a/sys/netinet/tcp_usrreq.c b/sys/netinet/tcp_usrreq.c
index 6bc11c6bbd13..34a4bc15ff0d 100644
--- a/sys/netinet/tcp_usrreq.c
+++ b/sys/netinet/tcp_usrreq.c
@@ -264,7 +264,7 @@ tcp_usr_bind(struct socket *so, struct sockaddr *nam,
struct thread *td)
goto out;
}
INP_HASH_WLOCK(&V_tcbinfo);
- error = in_pcbbind(inp, sinp, td->td_ucred);
+ error = in_pcbbind(inp, sinp, 0, td->td_ucred);
INP_HASH_WUNLOCK(&V_tcbinfo);
out:
tcp_bblog_pru(tp, PRU_BIND, error);
@@ -332,13 +332,13 @@ tcp6_usr_bind(struct socket *so, struct sockaddr *nam,
struct thread *td)
}
inp->inp_vflag |= INP_IPV4;
inp->inp_vflag &= ~INP_IPV6;
- error = in_pcbbind(inp, &sin, td->td_ucred);
+ error = in_pcbbind(inp, &sin, 0, td->td_ucred);
INP_HASH_WUNLOCK(&V_tcbinfo);
goto out;
}
}
#endif
- error = in6_pcbbind(inp, sin6, td->td_ucred);
+ error = in6_pcbbind(inp, sin6, 0, td->td_ucred);
INP_HASH_WUNLOCK(&V_tcbinfo);
out:
if (error != 0)
@@ -378,7 +378,7 @@ tcp_usr_listen(struct socket *so, int backlog, struct
thread *td)
}
if (inp->inp_lport == 0) {
INP_HASH_WLOCK(&V_tcbinfo);
- error = in_pcbbind(inp, NULL, td->td_ucred);
+ error = in_pcbbind(inp, NULL, 0, td->td_ucred);
INP_HASH_WUNLOCK(&V_tcbinfo);
}
if (error == 0) {
@@ -435,7 +435,7 @@ tcp6_usr_listen(struct socket *so, int backlog, struct
thread *td)
inp->inp_vflag &= ~INP_IPV4;
if ((inp->inp_flags & IN6P_IPV6_V6ONLY) == 0)
inp->inp_vflag |= INP_IPV4;
- error = in6_pcbbind(inp, NULL, td->td_ucred);
+ error = in6_pcbbind(inp, NULL, 0, td->td_ucred);
}
INP_HASH_WUNLOCK(&V_tcbinfo);
if (error == 0) {
diff --git a/sys/netinet/udp_usrreq.c b/sys/netinet/udp_usrreq.c
index 47f7eb65f119..75af0055c680 100644
--- a/sys/netinet/udp_usrreq.c
+++ b/sys/netinet/udp_usrreq.c
@@ -1218,7 +1218,7 @@ udp_send(struct socket *so, int flags, struct mbuf *m,
struct sockaddr *addr,
inp->inp_vflag &= ~INP_IPV6;
}
INP_HASH_WLOCK(pcbinfo);
- error = in_pcbbind_setup(inp, &src, &laddr.s_addr, &lport,
+ error = in_pcbbind_setup(inp, &src, &laddr.s_addr, &lport, 0,
td->td_ucred);
INP_HASH_WUNLOCK(pcbinfo);
if ((flags & PRUS_IPV6) != 0)
@@ -1568,7 +1568,7 @@ udp_bind(struct socket *so, struct sockaddr *nam, struct
thread *td)
INP_WLOCK(inp);
INP_HASH_WLOCK(pcbinfo);
- error = in_pcbbind(inp, sinp, td->td_ucred);
+ error = in_pcbbind(inp, sinp, 0, td->td_ucred);
INP_HASH_WUNLOCK(pcbinfo);
INP_WUNLOCK(inp);
return (error);
diff --git a/sys/netinet6/in6_pcb.c b/sys/netinet6/in6_pcb.c
index 9584dcf7474c..e692ab755c25 100644
--- a/sys/netinet6/in6_pcb.c
+++ b/sys/netinet6/in6_pcb.c
@@ -166,7 +166,7 @@ in6_pcbsetport(struct in6_addr *laddr, struct inpcb *inp,
struct ucred *cred)
* Determine whether the inpcb can be bound to the specified address/port
tuple.
*/
static int
-in6_pcbbind_avail(struct inpcb *inp, const struct sockaddr_in6 *sin6,
+in6_pcbbind_avail(struct inpcb *inp, const struct sockaddr_in6 *sin6, int fib,
int sooptions, int lookupflags, struct ucred *cred)
{
const struct in6_addr *laddr;
@@ -277,7 +277,7 @@ in6_pcbbind_avail(struct inpcb *inp, const struct
sockaddr_in6 *sin6,
#endif
}
t = in6_pcblookup_local(inp->inp_pcbinfo, laddr, lport,
- RT_ALL_FIBS, lookupflags, cred);
+ fib, lookupflags, cred);
if (t != NULL && ((reuseport | reuseport_lb) &
t->inp_socket->so_options) == 0)
return (EADDRINUSE);
@@ -302,11 +302,12 @@ in6_pcbbind_avail(struct inpcb *inp, const struct
sockaddr_in6 *sin6,
}
int
-in6_pcbbind(struct inpcb *inp, struct sockaddr_in6 *sin6, struct ucred *cred)
+in6_pcbbind(struct inpcb *inp, struct sockaddr_in6 *sin6, int flags,
+ struct ucred *cred)
{
struct socket *so = inp->inp_socket;
u_short lport = 0;
- int error, lookupflags, sooptions;
+ int error, fib, lookupflags, sooptions;
INP_WLOCK_ASSERT(inp);
INP_HASH_WLOCK_ASSERT(inp->inp_pcbinfo);
@@ -335,8 +336,11 @@ in6_pcbbind(struct inpcb *inp, struct sockaddr_in6 *sin6,
struct ucred *cred)
((inp->inp_flags & IN6P_IPV6_V6ONLY) != 0))) != 0)
return (error);
+ fib = (flags & INPBIND_FIB) != 0 ? inp->inp_inc.inc_fibnum :
+ RT_ALL_FIBS;
+
/* See if this address/port combo is available. */
- error = in6_pcbbind_avail(inp, sin6, sooptions, lookupflags,
+ error = in6_pcbbind_avail(inp, sin6, fib, sooptions,
lookupflags,
cred);
if (error != 0)
return (error);
@@ -344,15 +348,19 @@ in6_pcbbind(struct inpcb *inp, struct sockaddr_in6 *sin6,
struct ucred *cred)
lport = sin6->sin6_port;
inp->in6p_laddr = sin6->sin6_addr;
}
+ if ((flags & INPBIND_FIB) != 0)
+ inp->inp_flags |= INP_BOUNDFIB;
if (lport == 0) {
if ((error = in6_pcbsetport(&inp->in6p_laddr, inp, cred)) != 0)
{
/* Undo an address bind that may have occurred. */
+ inp->inp_flags &= ~INP_BOUNDFIB;
inp->in6p_laddr = in6addr_any;
return (error);
}
} else {
inp->inp_lport = lport;
if (in_pcbinshash(inp) != 0) {
+ inp->inp_flags &= ~INP_BOUNDFIB;
inp->in6p_laddr = in6addr_any;
inp->inp_lport = 0;
return (EAGAIN);
diff --git a/sys/netinet6/in6_pcb.h b/sys/netinet6/in6_pcb.h
index 5118b4b412a4..5a24d1398b47 100644
--- a/sys/netinet6/in6_pcb.h
+++ b/sys/netinet6/in6_pcb.h
@@ -72,7 +72,7 @@
void in6_pcbpurgeif0(struct inpcbinfo *, struct ifnet *);
void in6_losing(struct inpcb *);
-int in6_pcbbind(struct inpcb *, struct sockaddr_in6 *, struct ucred *);
+int in6_pcbbind(struct inpcb *, struct sockaddr_in6 *, int, struct ucred *);
int in6_pcbconnect(struct inpcb *, struct sockaddr_in6 *, struct ucred *,
bool);
void in6_pcbdisconnect(struct inpcb *);
diff --git a/sys/netinet6/udp6_usrreq.c b/sys/netinet6/udp6_usrreq.c
index c8b38c24d193..5b902129920b 100644
--- a/sys/netinet6/udp6_usrreq.c
+++ b/sys/netinet6/udp6_usrreq.c
@@ -1050,13 +1050,13 @@ udp6_bind(struct socket *so, struct sockaddr *nam,
struct thread *td)
in6_sin6_2_sin(&sin, sin6_p);
inp->inp_vflag |= INP_IPV4;
inp->inp_vflag &= ~INP_IPV6;
- error = in_pcbbind(inp, &sin, td->td_ucred);
+ error = in_pcbbind(inp, &sin, 0, td->td_ucred);
goto out;
}
#endif
}
- error = in6_pcbbind(inp, sin6_p, td->td_ucred);
+ error = in6_pcbbind(inp, sin6_p, 0, td->td_ucred);
#ifdef INET
out:
#endif
