xref: /src/sys/netinet/portalgo.c

/*	$NetBSD: portalgo.c,v 1.15 2022/11/04 09:01:53 ozaki-r Exp $	*/

/*
 * Copyright 2011 Vlad Balan
 *
 * Written by Vlad Balan for the NetBSD Foundation.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 *
 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 *
 */

/*
 * see:
 *	RFC 6056 Recommendations for Transport-Protocol Port Randomization
 */

#include <sys/cdefs.h>
__KERNEL_RCSID(0, "$NetBSD: portalgo.c,v 1.15 2022/11/04 09:01:53 ozaki-r Exp $");

#ifdef _KERNEL_OPT
#include "opt_inet.h"
#endif

#include <sys/param.h>
#include <sys/errno.h>
#include <sys/kauth.h>
#include <sys/uidinfo.h>
#include <sys/md5.h>
#include <sys/cprng.h>
#include <sys/bitops.h>

#include <net/if.h>

#include <netinet/in.h>
#include <netinet/in_systm.h>
#include <netinet/ip.h>
#include <netinet/in_pcb.h>
#include <netinet/in_var.h>
#include <netinet/ip_var.h>

#ifdef INET6
#include <netinet/ip6.h>
#include <netinet6/ip6_var.h>
#include <netinet6/in6_pcb.h>
#endif

#include <netinet/tcp_vtw.h>

#include "portalgo.h"

#define NPROTO 2
#define PORTALGO_TCP 0
#define PORTALGO_UDP 1

#define NAF 2
#define PORTALGO_IPV4 0
#define PORTALGO_IPV6 1

#define NRANGES 2
#define PORTALGO_LOWPORT 0
#define PORTALGO_HIGHPORT 1

#if PORTALGO_DEBUG
static bool portalgo_debug = true;
#define DPRINTF if (portalgo_debug) printf
#else
#define DPRINTF while (/*CONSTCOND*/0) printf
#endif

#ifndef PORTALGO_INET4_DEFAULT
#define PORTALGO_INET4_DEFAULT PORTALGO_BSD
#endif
#ifndef PORTALGO_INET6_DEFAULT
#define PORTALGO_INET6_DEFAULT PORTALGO_BSD
#endif

typedef __BITMAP_TYPE(, uint32_t, 0x10000) bitmap;
#ifdef INET
static int inet4_portalgo = PORTALGO_INET4_DEFAULT;
static bitmap inet4_reserve;
#endif
#ifdef INET6
static int inet6_portalgo = PORTALGO_INET6_DEFAULT;
static bitmap inet6_reserve;
#endif

typedef struct {
	const char *name;
	int (*func)(int, uint16_t *, struct inpcb *, kauth_cred_t);
} portalgo_algorithm_t;

static int algo_bsd(int, uint16_t *, struct inpcb *, kauth_cred_t);
static int algo_random_start(int, uint16_t *, struct inpcb *, kauth_cred_t);
static int algo_random_pick(int, uint16_t *, struct inpcb *, kauth_cred_t);
static int algo_hash(int, uint16_t *, struct inpcb *, kauth_cred_t);
static int algo_doublehash(int, uint16_t *, struct inpcb *, kauth_cred_t);
static int algo_randinc(int, uint16_t *, struct inpcb *, kauth_cred_t);

static const portalgo_algorithm_t algos[] = {
	{
		.name = "bsd",
		.func = algo_bsd
	},
	{
		.name = "random_start",
		.func = algo_random_start
	},
	{
		.name = "random_pick",
		.func = algo_random_pick
	},
	{
		.name = "hash",
		.func = algo_hash
	},
	{
		.name = "doublehash",
		.func = algo_doublehash
	},
	{
		.name = "randinc",
		.func = algo_randinc
	}
};

#define NALGOS __arraycount(algos)

static uint16_t portalgo_next_ephemeral[NPROTO][NAF][NRANGES][NALGOS];

/*
 * Access the pcb and copy the values of the last port and the ends of
 * the port range.
 */
static int
pcb_getports(struct inpcb *inp, uint16_t *lastport,
    uint16_t *mymin, uint16_t *mymax, uint16_t **pnext_ephemeral, int algo)
{
	struct inpcbtable * const table = inp->inp_table;
	struct socket *so;
	int portalgo_proto;
	int portalgo_af;
	int portalgo_range;

	so = inp->inp_socket;
	switch (so->so_type) {
	case SOCK_DGRAM: /* UDP or DCCP */
	case SOCK_CONN_DGRAM:
		portalgo_proto = PORTALGO_UDP;
		break;
	case SOCK_STREAM: /* TCP or SCTP */
		portalgo_proto = PORTALGO_TCP;
		break;
	default:
		return EPFNOSUPPORT;
	}

	switch (inp->inp_af) {
#ifdef INET
	case AF_INET: {
		portalgo_af = PORTALGO_IPV4;
		if (inp->inp_flags & INP_LOWPORT) {
			*mymin = lowportmin;
			*mymax = lowportmax;
			*lastport = table->inpt_lastlow;
			portalgo_range = PORTALGO_LOWPORT;
		} else {
			*mymin = anonportmin;
			*mymax = anonportmax;
			*lastport = table->inpt_lastport;
			portalgo_range = PORTALGO_HIGHPORT;
		}
		break;
	}
#endif
#ifdef INET6
	case AF_INET6: {
		portalgo_af = PORTALGO_IPV6;
		if (inp->inp_flags & IN6P_LOWPORT) {
			*mymin = ip6_lowportmin;
			*mymax = ip6_lowportmax;
			*lastport = table->inpt_lastlow;
			portalgo_range = PORTALGO_LOWPORT;
		} else {
			*mymin = ip6_anonportmin;
			*mymax = ip6_anonportmax;
			*lastport = table->inpt_lastport;
			portalgo_range = PORTALGO_HIGHPORT;
		}
		break;
	}
#endif
	default:
		return EAFNOSUPPORT;
	}

	if (*mymin > *mymax) {	/* sanity check */
		u_int16_t swp;

		swp = *mymin;
		*mymin = *mymax;
		*mymax = swp;
	}

	DPRINTF("%s mymin:%d mymax:%d lastport:%d\n", __func__,
	    *mymin, *mymax, *lastport);

	*pnext_ephemeral = &portalgo_next_ephemeral[portalgo_proto]
	    [portalgo_af][portalgo_range][algo];

	DPRINTF("%s portalgo_proto:%d portalgo_af:%d portalgo_range:%d\n",
	    __func__, portalgo_proto, portalgo_af, portalgo_range);
	return 0;
}

/*
 * Check whether the port picked by the port randomizer is available
 * and whether KAUTH approves of our choice. This part of the code
 * shamelessly copied from in_pcb.c.
 */
static bool
check_suitable_port(uint16_t port, struct inpcb *inp, kauth_cred_t cred)
{
	struct inpcbtable * const table = inp->inp_table;
#ifdef INET
	vestigial_inpcb_t vestigial;
#endif
	int error;
#ifdef INET6
	struct socket *so;
	int wild = 0;
#endif

	DPRINTF("%s called for argument %d\n", __func__, port);

	switch (inp->inp_af) {
#ifdef INET
	case AF_INET: { /* IPv4 */
		struct inpcb *pcb;
		struct sockaddr_in sin;

		if (__BITMAP_ISSET(port, &inet4_reserve))
			return false;

		sin.sin_addr = in4p_laddr(inp);
		pcb = inpcb_lookup_local(table, sin.sin_addr, htons(port), 1,
		    &vestigial);

		DPRINTF("%s inpcb_lookup_local returned %p and "
		    "vestigial.valid %d\n",
		    __func__, pcb, vestigial.valid);

		if ((!pcb) && (!vestigial.valid)) {
			enum kauth_network_req req;

			/* We have a free port. Check with the secmodel. */
			if (inp->inp_flags & INP_LOWPORT) {
#ifndef IPNOPRIVPORTS
				req = KAUTH_REQ_NETWORK_BIND_PRIVPORT;
#else
				req = KAUTH_REQ_NETWORK_BIND_PORT;
#endif
			} else
				req = KAUTH_REQ_NETWORK_BIND_PORT;

			sin.sin_port = port;
			error = kauth_authorize_network(cred,
			    KAUTH_NETWORK_BIND,
			    req, inp->inp_socket, &sin, NULL);
			DPRINTF("%s kauth_authorize_network returned %d\n",
			    __func__, error);

			if (error == 0) {
				DPRINTF("%s port approved\n", __func__);
				return true;	/* KAUTH agrees */
			}
		}
		break;
	}
#endif
#ifdef INET6
	case AF_INET6: { /* IPv6 */
		struct sockaddr_in6 sin6;
		void *t;

		if (__BITMAP_ISSET(port, &inet6_reserve))
			return false;

		sin6.sin6_addr = in6p_laddr(inp);
		so = inp->inp_socket;

		/* XXX: this is redundant when called from in6pcb_bind */
		if ((so->so_options & (SO_REUSEADDR|SO_REUSEPORT)) == 0 &&
		    ((so->so_proto->pr_flags & PR_CONNREQUIRED) == 0 ||
			(so->so_options & SO_ACCEPTCONN) == 0))
			wild = 1;

#ifdef INET
		if (IN6_IS_ADDR_V4MAPPED(&sin6.sin6_addr)) {
			t = inpcb_lookup_local(table,
			    *(struct in_addr *)&sin6.sin6_addr.s6_addr32[3],
			    htons(port), wild, &vestigial);
			if (!t && vestigial.valid) {
				DPRINTF("%s inpcb_lookup_local returned "
				    "a result\n", __func__);
				return false;
			}
		} else
#endif
		{
			t = in6pcb_lookup_local(table, &sin6.sin6_addr,
			    htons(port), wild, &vestigial);
			if (!t && vestigial.valid) {
				DPRINTF("%s in6pcb_lookup_local returned "
				    "a result\n", __func__);
				return false;
			}
		}
		if (t == NULL) {
			enum kauth_network_req req;

			/* We have a free port. Check with the secmodel. */
			if (inp->inp_flags & IN6P_LOWPORT) {
#ifndef IPNOPRIVPORTS
				req = KAUTH_REQ_NETWORK_BIND_PRIVPORT;
#else
				req = KAUTH_REQ_NETWORK_BIND_PORT;
#endif
			} else {
				req = KAUTH_REQ_NETWORK_BIND_PORT;
			}

			sin6.sin6_port = port;
			error = kauth_authorize_network(cred,
			    KAUTH_NETWORK_BIND, req, so, &sin6, NULL);
			if (error) {
				/* Secmodel says no. Keep looking. */
				DPRINTF("%s secmodel says no\n", __func__);
				return false;
			}
			DPRINTF("%s port approved\n", __func__);
			return true;
		}
		break;
	}
#endif
	default:
		DPRINTF("%s unknown address family\n", __func__);
		return false;
	}
	return false;
}

/* This is the default BSD algorithm, as described in RFC 6056 */
static int
algo_bsd(int algo, uint16_t *port, struct inpcb *inp, kauth_cred_t cred)
{
	uint16_t count;
	uint16_t mymin, mymax, lastport;
	uint16_t *next_ephemeral;
	int error;

	DPRINTF("%s called\n", __func__);
	error = pcb_getports(inp, &lastport, &mymin, &mymax,
	    &next_ephemeral, algo);
	if (error)
		return error;
	count = mymax - mymin + 1;
	do {
		uint16_t myport = *next_ephemeral;

		if (myport < mymin || mymax < myport)
			myport = mymax;
		*next_ephemeral = myport - 1;
		if (check_suitable_port(myport, inp, cred)) {
			*port = myport;
			DPRINTF("%s returning port %d\n", __func__, *port);
			return 0;
		}
		count--;
	} while (count > 0);

	DPRINTF("%s returning EAGAIN\n", __func__);
	return EAGAIN;
}

/*
 * The straightforward algorithm that increments the port number
 * by a random amount.
 */
static int
algo_random_start(int algo, uint16_t *port, struct inpcb *inp,
    kauth_cred_t cred)
{
	uint16_t count, num_ephemeral;
	uint16_t mymin, mymax, lastport;
	uint16_t *next_ephemeral;
	int error;

	DPRINTF("%s called\n", __func__);

	error = pcb_getports(inp, &lastport, &mymin, &mymax,
	    &next_ephemeral, algo);
	if (error)
		return error;

	num_ephemeral = mymax - mymin + 1;

	DPRINTF("num_ephemeral: %u\n", num_ephemeral);

	*next_ephemeral = mymin + (cprng_fast32() % num_ephemeral);

	DPRINTF("next_ephemeral initially: %u\n", *next_ephemeral);

	count = num_ephemeral;

	do {
		if (check_suitable_port(*next_ephemeral, inp, cred)) {
			*port = *next_ephemeral;
			DPRINTF("%s returning port %d\n", __func__, *port);
			return 0;
		}
		if (*next_ephemeral == mymax) {
			*next_ephemeral = mymin;
		} else
			(*next_ephemeral)++;

		count--;


		DPRINTF("next_ephemeral: %u count: %u\n", *next_ephemeral,
		    count);

	} while (count > 0);

	DPRINTF("%s returning EINVAL\n", __func__);

	return EINVAL;
}

/*
 * Since there is no state kept on the ports tried, we might actually
 * give up before exhausting the free ports.
 */
static int
algo_random_pick(int algo, uint16_t *port, struct inpcb *inp,
    kauth_cred_t cred)
{
	uint16_t count, num_ephemeral;
	uint16_t mymin, mymax, lastport;
	uint16_t *next_ephemeral;
	int error;

	DPRINTF("%s called\n", __func__);

	error = pcb_getports(inp, &lastport, &mymin, &mymax,
	    &next_ephemeral, algo);
	if (error)
		return error;

	num_ephemeral = mymax - mymin + 1;

	DPRINTF("num_ephemeral: %u\n", num_ephemeral);
	*next_ephemeral = mymin + (cprng_fast32() % num_ephemeral);

	DPRINTF("next_ephemeral initially: %u\n", *next_ephemeral);

	count = num_ephemeral;

	do {
		if (check_suitable_port(*next_ephemeral, inp, cred)) {
			*port = *next_ephemeral;
			DPRINTF("%s returning port %d\n", __func__, *port);
			return 0;
		}
		*next_ephemeral = mymin +
		    (cprng_fast32() % num_ephemeral);

		count--;

		DPRINTF("next_ephemeral: %u count: %u\n",
		    *next_ephemeral, count);
	} while (count > 0);

	DPRINTF("%s returning EINVAL\n", __func__);

	return EINVAL;
}

/* This is the implementation from FreeBSD, with tweaks */
static uint16_t
Fhash(const struct inpcb *inp)
{
	MD5_CTX f_ctx;
	uint32_t Ff[4];
	uint32_t secret_f[4];
	uint32_t offset;
	uint16_t soffset[2];

	cprng_fast(secret_f, sizeof(secret_f));

	MD5Init(&f_ctx);
	switch (inp->inp_af) {
#ifdef INET
	case AF_INET: {
		MD5Update(&f_ctx, (const u_char *)&const_in4p_laddr(inp),
		    sizeof(const_in4p_laddr(inp)));
		MD5Update(&f_ctx, (const u_char *)&const_in4p_faddr(inp),
		    sizeof(const_in4p_faddr(inp)));
		MD5Update(&f_ctx, (const u_char *)&inp->inp_fport,
		    sizeof(inp->inp_fport));
		break;
	}
#endif
#ifdef INET6
	case AF_INET6: {
		MD5Update(&f_ctx, (const u_char *)&const_in6p_laddr(inp),
		    sizeof(const_in6p_laddr(inp)));
		MD5Update(&f_ctx, (const u_char *)&const_in6p_faddr(inp),
		    sizeof(const_in6p_faddr(inp)));
		MD5Update(&f_ctx, (const u_char *)&inp->inp_fport,
		    sizeof(inp->inp_fport));
		break;
	}
#endif
	default:
		break;
	}
	MD5Update(&f_ctx, (const u_char *)secret_f, sizeof(secret_f));
	MD5Final((u_char *)&Ff, &f_ctx);

	offset = (Ff[0] ^ Ff[1]) ^ (Ff[2] ^ Ff[3]);

	memcpy(&soffset, &offset, sizeof(soffset));

	return soffset[0] ^ soffset[1];
}

/*
 * Checks whether the tuple is complete. If not, marks the pcb for
 * late binding.
 */
static bool
iscompletetuple(struct inpcb *inp)
{

	switch (inp->inp_af) {
#ifdef INET
	case AF_INET: {
		if (inp->inp_fport == 0 || in_nullhost(in4p_faddr(inp))) {
			DPRINTF("%s fport or faddr missing, delaying port "
			    "to connect/send\n", __func__);
			inp->inp_bindportonsend = true;
			return false;
		} else {
			inp->inp_bindportonsend = false;
		}
		break;
	}
#endif
#ifdef INET6
	case AF_INET6: {
		if (inp->inp_fport == 0 || memcmp(&in6p_faddr(inp),
		    &in6addr_any, sizeof(in6p_faddr(inp))) == 0) {
			DPRINTF("%s fport or faddr missing, delaying port "
			    "to connect/send\n", __func__);
			inp->inp_bindportonsend = true;
			return false;
		} else {
			inp->inp_bindportonsend = false;
		}
		break;
	}
#endif
	default:
		DPRINTF("%s incorrect address family\n", __func__);
		return false;
	}

	return true;
}

static int
algo_hash(int algo, uint16_t *port, struct inpcb *inp,
    kauth_cred_t cred)
{
	uint16_t count, num_ephemeral;
	uint16_t mymin, mymax, lastport;
	uint16_t *next_ephemeral;
	uint16_t offset, myport;
	int error;

	DPRINTF("%s called\n", __func__);

	error = pcb_getports(inp, &lastport, &mymin, &mymax,
	    &next_ephemeral, algo);
	if (error)
		return error;

	if (!iscompletetuple(inp)) {
		*port = 0;
		return 0;
	}

	/* Ephemeral port selection function */
	num_ephemeral = mymax - mymin + 1;

	DPRINTF("num_ephemeral: %d\n", num_ephemeral);

	offset = Fhash(inp);

	count = num_ephemeral;
	do {
		myport = mymin + (*next_ephemeral + offset)
		    % num_ephemeral;

		(*next_ephemeral)++;

		if (check_suitable_port(myport, inp, cred)) {
			*port = myport;
			DPRINTF("%s returning port %d\n", __func__, *port);
			return 0;
		}
		count--;
	} while (count > 0);

	DPRINTF("%s returning EINVAL\n", __func__);

	return EINVAL;
}

static int
algo_doublehash(int algo, uint16_t *port, struct inpcb *inp,
    kauth_cred_t cred)
{
	uint16_t count, num_ephemeral;
	uint16_t mymin, mymax, lastport;
	uint16_t *next_ephemeral;
	uint16_t offset, myport;
	static uint16_t dhtable[8];
	size_t idx;
	int error;

	DPRINTF("%s called\n", __func__);

	error = pcb_getports(inp, &lastport, &mymin, &mymax,
	    &next_ephemeral, algo);
	if (error)
		return error;

	if (!iscompletetuple(inp)) {
		*port = 0;
		return 0;
	}
	/* first time initialization */
	if (dhtable[0] == 0)
		for (size_t i = 0; i < __arraycount(dhtable); i++)
			dhtable[i] = cprng_fast32() & 0xffff;

	/* Ephemeral port selection function */
	num_ephemeral = mymax - mymin + 1;
	offset = Fhash(inp);
	idx = Fhash(inp) % __arraycount(dhtable);	/* G */
	count = num_ephemeral;

	do {
		myport = mymin + (offset + dhtable[idx])
		    % num_ephemeral;
		dhtable[idx]++;

		if (check_suitable_port(myport, inp, cred)) {
			*port = myport;
			DPRINTF("%s returning port %d\n", __func__, *port);
			return 0;
		}
		count--;

	} while (count > 0);

	DPRINTF("%s returning EINVAL\n", __func__);

	return EINVAL;
}

static int
algo_randinc(int algo, uint16_t *port, struct inpcb *inp,
    kauth_cred_t cred)
{
	static const uint16_t N = 500;	/* Determines the trade-off */
	uint16_t count, num_ephemeral;
	uint16_t mymin, mymax, lastport;
	uint16_t *next_ephemeral;
	uint16_t myport;
	int error;

	DPRINTF("%s called\n", __func__);

	error = pcb_getports(inp, &lastport, &mymin, &mymax,
	    &next_ephemeral, algo);
	if (error)
		return error;

	if (*next_ephemeral == 0)
		*next_ephemeral = cprng_fast32() & 0xffff;

	/* Ephemeral port selection function */
	num_ephemeral = mymax - mymin + 1;

	count = num_ephemeral;
	do {
		*next_ephemeral = *next_ephemeral +
		    (cprng_fast32() % N) + 1;
		myport = mymin +
		    (*next_ephemeral % num_ephemeral);

		if (check_suitable_port(myport, inp, cred)) {
			*port = myport;
			DPRINTF("%s returning port %d\n", __func__, *port);
			return 0;
		}
		count--;
	} while (count > 0);

	return EINVAL;
}

/* The generic function called in order to pick a port. */
int
portalgo_randport(uint16_t *port, struct inpcb *inp, kauth_cred_t cred)
{
	int algo, error;
	uint16_t lport;
	int default_algo;

	DPRINTF("%s called\n", __func__);

	if (inp->inp_portalgo == PORTALGO_DEFAULT) {
		switch (inp->inp_af) {
#ifdef INET
		case AF_INET:
			default_algo = inet4_portalgo;
			break;
#endif
#ifdef INET6
		case AF_INET6:
			default_algo = inet6_portalgo;
			break;
#endif
		default:
			return EINVAL;
		}

		if (default_algo == PORTALGO_DEFAULT)
			algo = PORTALGO_BSD;
		else
			algo = default_algo;
	}
	else /* socket specifies the algorithm */
		algo = inp->inp_portalgo;

	KASSERT(algo >= 0);
	KASSERT(algo < NALGOS);

	switch (inp->inp_af) {
#ifdef INET
	case AF_INET: {
		char buf[INET_ADDRSTRLEN];
		DPRINTF("local addr: %s\n", IN_PRINT(buf, &in4p_laddr(inp)));
		DPRINTF("local port: %d\n", inp->inp_lport);
		DPRINTF("foreign addr: %s\n", IN_PRINT(buf, &in4p_faddr(inp)));
		DPRINTF("foreign port: %d\n", inp->inp_fport);
		break;
	}
#endif
#ifdef INET6
	case AF_INET6: {
		char buf[INET6_ADDRSTRLEN];
		DPRINTF("local addr: %s\n", IN6_PRINT(buf, &in6p_laddr(inp)));
		DPRINTF("local port: %d\n", inp->inp_lport);
		DPRINTF("foreign addr: %s\n", IN6_PRINT(buf,
		    &in6p_laddr(inp)));
		DPRINTF("foreign port: %d\n", inp->inp_fport);
		break;
	}
#endif
	default:
		break;
	}

	DPRINTF("%s portalgo = %d\n", __func__, algo);

	error = (*algos[algo].func)(algo, &lport, inp, cred);
	if (error == 0) {
		*port = lport;
	} else if (error != EAGAIN) {
		uint16_t lastport, mymin, mymax, *pnext_ephemeral;

		error = pcb_getports(inp, &lastport, &mymin,
		    &mymax, &pnext_ephemeral, algo);
		if (error)
			return error;
		*port = lastport - 1;
	}
	return error;
}

/* Sets the algorithm to be used globally */
static int
portalgo_algo_name_select(const char *name, int *algo)
{
	size_t ai;

	DPRINTF("%s called\n", __func__);

	for (ai = 0; ai < NALGOS; ai++)
		if (strcmp(algos[ai].name, name) == 0) {
			DPRINTF("%s: found idx %zu\n", __func__, ai);
			*algo = ai;
			return 0;
		}
	return EINVAL;
}

/* Sets the algorithm to be used by the pcb inp. */
int
portalgo_algo_index_select(struct inpcb *inp, int algo)
{

	DPRINTF("%s called with algo %d for pcb %p\n", __func__, algo, inp );

	if ((algo < 0 || algo >= NALGOS) &&
	    (algo != PORTALGO_DEFAULT))
		return EINVAL;

	inp->inp_portalgo = algo;
	return 0;
}

/*
 * The sysctl hook that is supposed to check that we are picking one
 * of the valid algorithms.
 */
static int
sysctl_portalgo_selected(SYSCTLFN_ARGS, int *algo)
{
	struct sysctlnode node;
	int error;
	char newalgo[PORTALGO_MAXLEN];

	DPRINTF("%s called\n", __func__);

	strlcpy(newalgo, algos[*algo].name, sizeof(newalgo));

	node = *rnode;
	node.sysctl_data = newalgo;
	node.sysctl_size = sizeof(newalgo);

	error = sysctl_lookup(SYSCTLFN_CALL(&node));

	DPRINTF("newalgo: %s\n", newalgo);

	if (error || newp == NULL ||
	    strncmp(newalgo, algos[*algo].name, sizeof(newalgo)) == 0)
		return error;

#ifdef KAUTH_NETWORK_SOCKET_PORT_RANDOMIZE
	if (l != NULL && (error = kauth_authorize_system(l->l_cred,
	    KAUTH_NETWORK_SOCKET, KAUTH_NETWORK_SOCKET_PORT_RANDOMIZE, newname,
	    NULL, NULL)) != 0)
		return error;
#endif

	mutex_enter(softnet_lock);
	error = portalgo_algo_name_select(newalgo, algo);
	mutex_exit(softnet_lock);
	return error;
}

static int
sysctl_portalgo_reserve(SYSCTLFN_ARGS, bitmap *bt)
{
	struct sysctlnode node;
	int error;

	DPRINTF("%s called\n", __func__);

	node = *rnode;
	node.sysctl_data = bt;
	node.sysctl_size = sizeof(*bt);

	error = sysctl_lookup(SYSCTLFN_CALL(&node));

	if (error || newp == NULL)
		return error;

#ifdef KAUTH_NETWORK_SOCKET_PORT_RESERVE
	if (l != NULL && (error = kauth_authorize_system(l->l_cred,
	    KAUTH_NETWORK_SOCKET, KAUTH_NETWORK_SOCKET_PORT_RESERVE, bt,
	    NULL, NULL)) != 0)
		return error;
#endif
	return error;
}

#ifdef INET
/*
 * The sysctl hook that is supposed to check that we are picking one
 * of the valid algorithms.
 */
int
sysctl_portalgo_selected4(SYSCTLFN_ARGS)
{

	return sysctl_portalgo_selected(SYSCTLFN_CALL(rnode), &inet4_portalgo);
}

int
sysctl_portalgo_reserve4(SYSCTLFN_ARGS)
{

	return sysctl_portalgo_reserve(SYSCTLFN_CALL(rnode), &inet4_reserve);
}
#endif

#ifdef INET6
int
sysctl_portalgo_selected6(SYSCTLFN_ARGS)
{

	return sysctl_portalgo_selected(SYSCTLFN_CALL(rnode), &inet6_portalgo);
}

int
sysctl_portalgo_reserve6(SYSCTLFN_ARGS)
{
	return sysctl_portalgo_reserve(SYSCTLFN_CALL(rnode), &inet6_reserve);
}
#endif

/*
 * The sysctl hook that returns the available
 * algorithms.
 */
int
sysctl_portalgo_available(SYSCTLFN_ARGS)
{
	size_t ai, len = 0;
	struct sysctlnode node;
	char availalgo[NALGOS * PORTALGO_MAXLEN];

	DPRINTF("%s called\n", __func__);

	availalgo[0] = '\0';

	for (ai = 0; ai < NALGOS; ai++) {
		len = strlcat(availalgo, algos[ai].name, sizeof(availalgo));
		if (ai < NALGOS - 1)
			strlcat(availalgo, " ", sizeof(availalgo));
	}

	DPRINTF("available algos: %s\n", availalgo);

	node = *rnode;
	node.sysctl_data = availalgo;
	node.sysctl_size = len;

	return sysctl_lookup(SYSCTLFN_CALL(&node));
}