D20555.diff
No OneTemporary
Actions

Size

12 KB

Referenced Files

None

Subscribers

None

D20555.diff
View Options

	Index: head/share/man/man9/Makefile
	===================================================================
	--- head/share/man/man9/Makefile
	+++ head/share/man/man9/Makefile
	@@ -1996,6 +1996,7 @@
	sysctl.9 SYSCTL_ADD_S64.9 \
	sysctl.9 SYSCTL_ADD_STRING.9 \
	sysctl.9 SYSCTL_ADD_STRUCT.9 \
	+ sysctl.9 SYSCTL_ADD_TIMEVAL_SEC.9 \
	sysctl.9 SYSCTL_ADD_U8.9 \
	sysctl.9 SYSCTL_ADD_U16.9 \
	sysctl.9 SYSCTL_ADD_U32.9 \
	@@ -2024,6 +2025,7 @@
	sysctl.9 SYSCTL_S64.9 \
	sysctl.9 SYSCTL_STRING.9 \
	sysctl.9 SYSCTL_STRUCT.9 \
	+ sysctl.9 SYSCTL_TIMEVAL_SEC.9 \
	sysctl.9 SYSCTL_U8.9 \
	sysctl.9 SYSCTL_U16.9 \
	sysctl.9 SYSCTL_U32.9 \
	Index: head/share/man/man9/sysctl.9
	===================================================================
	--- head/share/man/man9/sysctl.9
	+++ head/share/man/man9/sysctl.9
	@@ -50,6 +50,7 @@
	.Nm SYSCTL_ADD_STRING ,
	.Nm SYSCTL_ADD_CONST_STRING ,
	.Nm SYSCTL_ADD_STRUCT ,
	+.Nm SYSCTL_ADD_TIMEVAL_SEC ,
	.Nm SYSCTL_ADD_U8 ,
	.Nm SYSCTL_ADD_U16 ,
	.Nm SYSCTL_ADD_U32 ,
	@@ -86,6 +87,7 @@
	.Nm SYSCTL_STRING ,
	.Nm SYSCTL_CONST_STRING ,
	.Nm SYSCTL_STRUCT ,
	+.Nm SYSCTL_TIMEVAL_SEC ,
	.Nm SYSCTL_U8 ,
	.Nm SYSCTL_U16 ,
	.Nm SYSCTL_U32 ,
	@@ -315,6 +317,16 @@
	.Fa "const char *descr"
	.Fc
	.Ft struct sysctl_oid *
	+.Fo SYSCTL_ADD_TIMEVAL_SEC
	+.Fa "struct sysctl_ctx_list *ctx"
	+.Fa "struct sysctl_oid_list *parent"
	+.Fa "int number"
	+.Fa "const char *name"
	+.Fa "int ctlflags"
	+.Fa "struct timeval *ptr"
	+.Fa "const char *descr"
	+.Fc
	+.Ft struct sysctl_oid *
	.Fo SYSCTL_ADD_U8
	.Fa "struct sysctl_ctx_list *ctx"
	.Fa "struct sysctl_oid_list *parent"
	@@ -460,6 +472,7 @@
	.Fn SYSCTL_STRING parent number name ctlflags arg len descr
	.Fn SYSCTL_CONST_STRING parent number name ctlflags arg descr
	.Fn SYSCTL_STRUCT parent number name ctlflags ptr struct_type descr
	+.Fn SYSCTL_TIMEVAL_SEC parent number name ctlflags ptr descr
	.Fn SYSCTL_U8 parent number name ctlflags ptr val descr
	.Fn SYSCTL_U16 parent number name ctlflags ptr val descr
	.Fn SYSCTL_U32 parent number name ctlflags ptr val descr
	@@ -649,6 +662,21 @@
	These nodes do not export the raw value of the associated variable.
	Instead, they export a 64-bit integer containing a count of either
	milliseconds (the MSEC variants) or microseconds (the USEC variants).
	+.Pp
	+The
	+.Fn SYSCTL_ADD_TIMEVAL_SEC
	+function and
	+.Fn SYSCTL_TIMEVAL_SEC
	+macro create nodes which export an in-kernel variable of type
	+.Vt struct timeval .
	+These nodes do not export full value of the associated structure.
	+Instead, they export a count in seconds as a simple integer which is
	+stored in the
	+.Fa tv_sec
	+field of the associated variable.
	+This function and macro are intended to be used with variables which
	+store a non-negative interval rather than an absolute time.
	+As a result, they reject attempts to store negative values.
	.Sh CREATING ROOT NODES
	Sysctl MIBs or OIDs are created in a hierarchical tree.
	The nodes at the bottom of the tree are called root nodes, and have no
	@@ -731,6 +759,7 @@
	.Fn SYSCTL_STRING ,
	.Fn SYSCTL_CONST_STRING ,
	.Fn SYSCTL_STRUCT ,
	+.Fn SYSCTL_TIMEVAL_SEC ,
	.Fn SYSCTL_U8 ,
	.Fn SYSCTL_U16 ,
	.Fn SYSCTL_U32 ,
	@@ -764,6 +793,7 @@
	.Fn SYSCTL_ADD_STRING ,
	.Fn SYSCTL_ADD_CONST_STRING ,
	.Fn SYSCTL_ADD_STRUCT ,
	+.Fn SYSCTL_ADD_TIMEVAL_SEC ,
	.Fn SYSCTL_ADD_U8 ,
	.Fn SYSCTL_ADD_U16 ,
	.Fn SYSCTL_ADD_U32 ,
	Index: head/sys/kern/kern_sysctl.c
	===================================================================
	--- head/sys/kern/kern_sysctl.c
	+++ head/sys/kern/kern_sysctl.c
	@@ -1732,6 +1732,29 @@
	return (0);
	}

	+/*
	+ * Convert seconds to a struct timeval. Intended for use with
	+ * intervals and thus does not permit negative seconds.
	+ */
	+int
	+sysctl_sec_to_timeval(SYSCTL_HANDLER_ARGS)
	+{
	+ struct timeval *tv;
	+ int error, secs;
	+
	+ tv = arg1;
	+ secs = tv->tv_sec;
	+
	+ error = sysctl_handle_int(oidp, &secs, 0, req);
	+ if (error \|\| req->newptr == NULL)
	+ return (error);
	+
	+ if (secs < 0)
	+ return (EINVAL);
	+ tv->tv_sec = secs;
	+
	+ return (0);
	+}

	/*
	* Transfer functions to/from kernel space.
	Index: head/sys/kgssapi/krb5/kcrypto.h
	===================================================================
	--- head/sys/kgssapi/krb5/kcrypto.h
	+++ head/sys/kgssapi/krb5/kcrypto.h
	@@ -101,6 +101,7 @@
	extern struct krb5_encryption_class krb5_aes256_encryption_class;
	extern struct krb5_encryption_class krb5_arcfour_encryption_class;
	extern struct krb5_encryption_class krb5_arcfour_56_encryption_class;
	+extern struct timeval krb5_warn_interval;

	static __inline void
	krb5_set_key(struct krb5_key_state ks, const void keydata)
	Index: head/sys/kgssapi/krb5/kcrypto.c
	===================================================================
	--- head/sys/kgssapi/krb5/kcrypto.c
	+++ head/sys/kgssapi/krb5/kcrypto.c
	@@ -34,6 +34,7 @@
	#include <sys/malloc.h>
	#include <sys/kobj.h>
	#include <sys/mbuf.h>
	+#include <sys/sysctl.h>

	#include <kgssapi/gssapi.h>
	#include <kgssapi/gssapi_impl.h>
	@@ -49,6 +50,11 @@
	&krb5_arcfour_56_encryption_class,
	NULL
	};
	+
	+struct timeval krb5_warn_interval = { .tv_sec = 3600, .tv_usec = 0 };
	+SYSCTL_TIMEVAL_SEC(_kern, OID_AUTO, kgssapi_warn_interval, CTLFLAG_RW,
	+ &krb5_warn_interval,
	+ "Delay in seconds between warnings of deprecated KGSSAPI crypto.");

	struct krb5_encryption_class *
	krb5_find_encryption_class(int etype)
	Index: head/sys/kgssapi/krb5/kcrypto_arcfour.c
	===================================================================
	--- head/sys/kgssapi/krb5/kcrypto_arcfour.c
	+++ head/sys/kgssapi/krb5/kcrypto_arcfour.c
	@@ -47,10 +47,9 @@
	arcfour_init(struct krb5_key_state *ks)
	{
	static struct timeval lastwarn;
	- static struct timeval warninterval = { .tv_sec = 3600, .tv_usec = 0 };

	ks->ks_priv = NULL;
	- if (ratecheck(&lastwarn, &warninterval))
	+ if (ratecheck(&lastwarn, &krb5_warn_interval))
	gone_in(13, "RC4 cipher for Kerberos GSS");
	}

	Index: head/sys/kgssapi/krb5/kcrypto_des.c
	===================================================================
	--- head/sys/kgssapi/krb5/kcrypto_des.c
	+++ head/sys/kgssapi/krb5/kcrypto_des.c
	@@ -54,13 +54,12 @@
	des1_init(struct krb5_key_state *ks)
	{
	static struct timeval lastwarn;
	- static struct timeval warninterval = { .tv_sec = 3600, .tv_usec = 0 };
	struct des1_state *ds;

	ds = malloc(sizeof(struct des1_state), M_GSSAPI, M_WAITOK\|M_ZERO);
	mtx_init(&ds->ds_lock, "gss des lock", NULL, MTX_DEF);
	ks->ks_priv = ds;
	- if (ratecheck(&lastwarn, &warninterval))
	+ if (ratecheck(&lastwarn, &krb5_warn_interval))
	gone_in(13, "DES cipher for Kerberos GSS");
	}

	Index: head/sys/kgssapi/krb5/kcrypto_des3.c
	===================================================================
	--- head/sys/kgssapi/krb5/kcrypto_des3.c
	+++ head/sys/kgssapi/krb5/kcrypto_des3.c
	@@ -55,13 +55,12 @@
	des3_init(struct krb5_key_state *ks)
	{
	static struct timeval lastwarn;
	- static struct timeval warninterval = { .tv_sec = 3600, .tv_usec = 0 };
	struct des3_state *ds;

	ds = malloc(sizeof(struct des3_state), M_GSSAPI, M_WAITOK\|M_ZERO);
	mtx_init(&ds->ds_lock, "gss des3 lock", NULL, MTX_DEF);
	ks->ks_priv = ds;
	- if (ratecheck(&lastwarn, &warninterval))
	+ if (ratecheck(&lastwarn, &krb5_warn_interval))
	gone_in(13, "DES3 cipher for Kerberos GSS");
	}

	Index: head/sys/netipsec/ipsec.h
	===================================================================
	--- head/sys/netipsec/ipsec.h
	+++ head/sys/netipsec/ipsec.h
	@@ -287,6 +287,8 @@
	VNET_DECLARE(int, async_crypto);
	VNET_DECLARE(int, natt_cksum_policy);

	+extern struct timeval ipsec_warn_interval;
	+
	#define IPSECSTAT_INC(name) \
	VNET_PCPUSTAT_ADD(struct ipsecstat, ipsec4stat, name, 1)
	#define V_ip4_esp_trans_deflev VNET(ip4_esp_trans_deflev)
	Index: head/sys/netipsec/ipsec.c
	===================================================================
	--- head/sys/netipsec/ipsec.c
	+++ head/sys/netipsec/ipsec.c
	@@ -216,6 +216,11 @@
	SYSCTL_VNET_PCPUSTAT(_net_inet_ipsec, OID_AUTO, ipsecstats, struct ipsecstat,
	ipsec4stat, "IPsec IPv4 statistics.");

	+struct timeval ipsec_warn_interval = { .tv_sec = 1, .tv_usec = 0 };
	+SYSCTL_TIMEVAL_SEC(_net_inet_ipsec, OID_AUTO, crypto_warn_interval, CTLFLAG_RW,
	+ &ipsec_warn_interval,
	+ "Delay in seconds between warnings of deprecated IPsec crypto algorithms.");
	+
	#ifdef REGRESSION
	/*
	* When set to 1, IPsec will send packets with the same sequence number.
	Index: head/sys/netipsec/xform_ah.c
	===================================================================
	--- head/sys/netipsec/xform_ah.c
	+++ head/sys/netipsec/xform_ah.c
	@@ -109,7 +109,6 @@

	static unsigned char ipseczeroes[256]; /* larger than an ip6 extension hdr */
	static struct timeval md5warn, ripewarn, kpdkmd5warn, kpdksha1warn;
	-static struct timeval warninterval = { .tv_sec = 1, .tv_usec = 0 };

	static int ah_input_cb(struct cryptop*);
	static int ah_output_cb(struct cryptop*);
	@@ -189,19 +188,19 @@

	switch (sav->alg_auth) {
	case SADB_AALG_MD5HMAC:
	- if (ratecheck(&md5warn, &warninterval))
	+ if (ratecheck(&md5warn, &ipsec_warn_interval))
	gone_in(13, "MD5-HMAC authenticator for IPsec");
	break;
	case SADB_X_AALG_RIPEMD160HMAC:
	- if (ratecheck(&ripewarn, &warninterval))
	+ if (ratecheck(&ripewarn, &ipsec_warn_interval))
	gone_in(13, "RIPEMD160-HMAC authenticator for IPsec");
	break;
	case SADB_X_AALG_MD5:
	- if (ratecheck(&kpdkmd5warn, &warninterval))
	+ if (ratecheck(&kpdkmd5warn, &ipsec_warn_interval))
	gone_in(13, "Keyed-MD5 authenticator for IPsec");
	break;
	case SADB_X_AALG_SHA:
	- if (ratecheck(&kpdksha1warn, &warninterval))
	+ if (ratecheck(&kpdksha1warn, &ipsec_warn_interval))
	gone_in(13, "Keyed-SHA1 authenticator for IPsec");
	break;
	}
	Index: head/sys/netipsec/xform_esp.c
	===================================================================
	--- head/sys/netipsec/xform_esp.c
	+++ head/sys/netipsec/xform_esp.c
	@@ -95,7 +95,6 @@
	"ESP statistics (struct espstat, netipsec/esp_var.h");

	static struct timeval deswarn, blfwarn, castwarn, camelliawarn;
	-static struct timeval warninterval = { .tv_sec = 1, .tv_usec = 0 };

	static int esp_input_cb(struct cryptop *op);
	static int esp_output_cb(struct cryptop *crp);
	@@ -162,19 +161,19 @@

	switch (sav->alg_enc) {
	case SADB_EALG_DESCBC:
	- if (ratecheck(&deswarn, &warninterval))
	+ if (ratecheck(&deswarn, &ipsec_warn_interval))
	gone_in(13, "DES cipher for IPsec");
	break;
	case SADB_X_EALG_BLOWFISHCBC:
	- if (ratecheck(&blfwarn, &warninterval))
	+ if (ratecheck(&blfwarn, &ipsec_warn_interval))
	gone_in(13, "Blowfish cipher for IPsec");
	break;
	case SADB_X_EALG_CAST128CBC:
	- if (ratecheck(&castwarn, &warninterval))
	+ if (ratecheck(&castwarn, &ipsec_warn_interval))
	gone_in(13, "CAST cipher for IPsec");
	break;
	case SADB_X_EALG_CAMELLIACBC:
	- if (ratecheck(&camelliawarn, &warninterval))
	+ if (ratecheck(&camelliawarn, &ipsec_warn_interval))
	gone_in(13, "Camellia cipher for IPsec");
	break;
	}
	Index: head/sys/opencrypto/cryptodev.c
	===================================================================
	--- head/sys/opencrypto/cryptodev.c
	+++ head/sys/opencrypto/cryptodev.c
	@@ -146,6 +146,11 @@
	#define CIOCGSESSION232 _IOWR('c', 106, struct session2_op32)
	#define CIOCKEY232 _IOWR('c', 107, struct crypt_kop32)

	+static struct timeval warninterval = { .tv_sec = 60, .tv_usec = 0 };
	+SYSCTL_TIMEVAL_SEC(_kern, OID_AUTO, cryptodev_warn_interval, CTLFLAG_RW,
	+ &warninterval,
	+ "Delay in seconds between warnings of deprecated /dev/crypto algorithms");
	+
	static void
	session_op_from_32(const struct session_op32 from, struct session_op to)
	{
	@@ -388,7 +393,6 @@
	#endif
	static struct timeval arc4warn, blfwarn, castwarn, deswarn, md5warn;
	static struct timeval skipwarn, tdeswarn;
	- static struct timeval warninterval = { .tv_sec = 60, .tv_usec = 0 };

	switch (cmd) {
	case CIOCGSESSION:
	Index: head/sys/sys/sysctl.h
	===================================================================
	--- head/sys/sys/sysctl.h
	+++ head/sys/sys/sysctl.h
	@@ -218,6 +218,7 @@

	int sysctl_msec_to_sbintime(SYSCTL_HANDLER_ARGS);
	int sysctl_usec_to_sbintime(SYSCTL_HANDLER_ARGS);
	+int sysctl_sec_to_timeval(SYSCTL_HANDLER_ARGS);

	int sysctl_dpcpu_int(SYSCTL_HANDLER_ARGS);
	int sysctl_dpcpu_long(SYSCTL_HANDLER_ARGS);
	@@ -854,6 +855,24 @@
	sysctl_add_oid(ctx, parent, nbr, name, \
	CTLTYPE_INT \| CTLFLAG_MPSAFE \| CTLFLAG_RD \| (access), \
	__ptr, 0, sysctl_msec_to_sbintime, "Q", __DESCR(descr), \
	+ NULL); \
	+})
	+
	+/* OID expressing a struct timeval as seconds */
	+#define SYSCTL_TIMEVAL_SEC(parent, nbr, name, access, ptr, descr) \
	+ SYSCTL_OID(parent, nbr, name, \
	+ CTLTYPE_INT \| CTLFLAG_MPSAFE \| CTLFLAG_RD \| (access), \
	+ (ptr), 0, sysctl_sec_to_timeval, "I", descr); \
	+ CTASSERT(((access) & CTLTYPE) == 0 \|\| \
	+ ((access) & SYSCTL_CT_ASSERT_MASK) == CTLTYPE_INT)
	+#define SYSCTL_ADD_TIMEVAL_SEC(ctx, parent, nbr, name, access, ptr, descr) \
	+({ \
	+ struct timeval *__ptr = (ptr); \
	+ CTASSERT(((access) & CTLTYPE) == 0 \|\| \
	+ ((access) & SYSCTL_CT_ASSERT_MASK) == CTLTYPE_INT); \
	+ sysctl_add_oid(ctx, parent, nbr, name, \
	+ CTLTYPE_INT \| CTLFLAG_MPSAFE \| CTLFLAG_RD \| (access), \
	+ __ptr, 0, sysctl_sec_to_timeval, "I", __DESCR(descr), \
	NULL); \
	})

File Metadata

Mime Type: text/plain
Expires: Sun, Feb 16, 2:51 PM (15 h, 50 m)
Storage Engine: blob
Storage Format: Raw Data
Storage Handle: 16675074
Default Alt Text: D20555.diff (12 KB)

D20555.diffNo OneTemporaryActions

D20555.diffView Options

File Metadata

Event Timeline

D20555.diff
No OneTemporary
Actions

D20555.diff
View Options