Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
freebsd
GitHub Repository: freebsd/freebsd-src
 Path: blob/main/sys/netinet/accf_tls.c
104529 views
1
/*-

2
 * SPDX-License-Identifier: BSD-2-Clause-FreeBSD

3
 *

4
 * Copyright (c) 2018-2024 Netflix

5
 * Author: Maksim Yevmenkin <[email protected]>

6
 *

7
 * Redistribution and use in source and binary forms, with or without

8
 * modification, are permitted provided that the following conditions

9
 * are met:

10
 * 1. Redistributions of source code must retain the above copyright

11
 *    notice, this list of conditions and the following disclaimer.

12
 * 2. Redistributions in binary form must reproduce the above copyright

13
 *    notice, this list of conditions and the following disclaimer in the

14
 *    documentation and/or other materials provided with the distribution.

15
 *

16
 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND

17
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

18
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

19
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

20
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

21
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

22
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

23
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

24
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

25
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

26
 * SUCH DAMAGE.

27
 */

28


29
#define ACCEPT_FILTER_MOD

30


31
#include <sys/param.h>

32
#include <sys/kernel.h>

33
#include <sys/mbuf.h>

34
#include <sys/module.h>

35
#include <sys/signalvar.h>

36
#include <sys/sysctl.h>

37
#include <sys/socketvar.h>

38


39
static int sbfull(struct sockbuf *sb);

40
static uint8_t sbmget8(struct mbuf *m, int offset);

41
static int so_hastls(struct socket *so, void *arg, int waitflag);

42


43
ACCEPT_FILTER_DEFINE(accf_tls, "tlsready", so_hastls, NULL, NULL, 1);

44


45
static int

46
sbfull(struct sockbuf *sb)

47
{

48


49
	return (sbused(sb) >= sb->sb_hiwat || sb->sb_mbcnt >= sb->sb_mbmax);

50
}

51


52
static uint8_t

53
sbmget8(struct mbuf *m, int offset)

54
{

55
	struct mbuf *n = m->m_nextpkt;

56


57
	while (m != NULL && offset >= m->m_len) {

58
		offset -= m->m_len;

59
		m = m->m_next;

60
		if (m == NULL) {

61
			m = n;

62
			n = m->m_nextpkt;

63
		}

64
	}

65


66
	return *(mtod(m, uint8_t *) + offset);

67
}

68


69
static int

70
so_hastls(struct socket *so, void *arg, int waitflag)

71
{

72
	struct sockbuf	*sb = &so->so_rcv;

73
	int		avail;

74
	uint16_t	reclen;

75


76
	if ((sb->sb_state & SBS_CANTRCVMORE) || sbfull(sb))

77
		return (SU_ISCONNECTED); /* can't wait any longer */

78


79
	/*

80
	 * struct {

81
	 * 	ContentType type;		- 1 byte, 0x16 handshake

82
	 * 	ProtocolVersion version;	- 2 bytes (major, minor)

83
	 * 	uint16 length;			- 2 bytes, NBO, 2^14 max

84
	 * 	opaque fragment[TLSPlaintext.length];

85
	 * } TLSPlaintext;

86
	 */

87


88
	/* Did we get at least 5 bytes */

89
	avail = sbavail(sb);

90
	if (avail < 5)

91
		return (SU_OK); /* nope */

92


93
	/* Does this look like TLS handshake? */

94
	if (sbmget8(sb->sb_mb, 0) != 0x16)

95
		return (SU_ISCONNECTED); /* nope */

96


97
	/* Did we get a complete TLS record? */

98
	reclen  = (uint16_t) sbmget8(sb->sb_mb, 3) << 8;

99
	reclen |= (uint16_t) sbmget8(sb->sb_mb, 4);

100


101
	if (reclen <= 16384 && avail < (int) 5 + reclen)

102
		return (SU_OK); /* nope */

103


104
	return (SU_ISCONNECTED);

105
}

106


107