sendmail/sendmail-8.18.1-qos.patch
Jaroslav Škarvada 26448b1eab New version
Resolves: rhbz#2228229
  Resolves: CVE-2023-51765
2024-01-31 16:41:27 +01:00

247 lines
6.8 KiB
Diff

diff --git a/cf/cf/submit.mc b/cf/cf/submit.mc
index 6e2b360..45df0e6 100644
--- a/cf/cf/submit.mc
+++ b/cf/cf/submit.mc
@@ -22,6 +22,8 @@ define(`__OSTYPE__',`')dnl dirty hack to keep proto.m4 from complaining
define(`_USE_DECNET_SYNTAX_', `1')dnl support DECnet
define(`confTIME_ZONE', `USE_TZ')dnl
define(`confDONT_INIT_GROUPS', `True')dnl
+dnl # If you're operating in a DSCP/RFC-4594 environment with QoS
+dnl define(`confINET_QOS', `AF11')dnl
define(`confPID_FILE', `/run/sm-client.pid')dnl
dnl define(`confDIRECT_SUBMISSION_MODIFIERS',`C')dnl
FEATURE(`use_ct_file')dnl
diff --git a/cf/m4/proto.m4 b/cf/m4/proto.m4
index 58708e3..fb0264a 100644
--- a/cf/m4/proto.m4
+++ b/cf/m4/proto.m4
@@ -266,6 +266,9 @@ _OPTION(SevenBitInput, `confSEVEN_BIT_INPUT', `False')
# 8-bit data handling
_OPTION(EightBitMode, `confEIGHT_BIT_HANDLING', `pass8')
+# DSCP marking of traffic (IP_TOS)
+_OPTION(InetQoS, `confINET_QOS', `none')
+
# wait for alias file rebuild (default units: minutes)
_OPTION(AliasWait, `confALIAS_WAIT', `5m')
diff --git a/sendmail/conf.c b/sendmail/conf.c
index 762e0d2..75c5e12 100644
--- a/sendmail/conf.c
+++ b/sendmail/conf.c
@@ -6728,6 +6728,10 @@ char *FFRCompileOptions[] =
/* Check to make sure key fields were read from qf */
"_FFR_QF_PARANOIA",
#endif
+#if _FFR_QOS && defined(SOL_IP) && defined(IP_TOS)
+ /* QoS */
+ "_FFR_QOS",
+#endif /* _FFR_QOS && defined(SOL_IP) && defined(IP_TOS) */
#if _FFR_QUEUE_GROUP_SORTORDER
/* Allow QueueSortOrder per queue group. */
/* XXX: Still need to actually use qgrp->qg_sortorder */
diff --git a/sendmail/daemon.c b/sendmail/daemon.c
index d37c508..5fa284a 100644
--- a/sendmail/daemon.c
+++ b/sendmail/daemon.c
@@ -124,6 +124,10 @@ static int NDaemons = 0; /* actual number of daemons */
static time_t NextDiskSpaceCheck = 0;
+#if _FFR_QOS && defined(SOL_IP) && defined(IP_TOS)
+int InetQoS = 0; /* none by default */
+#endif /* _FFR_QOS && defined(SOL_IP) && defined(IP_TOS) */
+
/*
** GETREQUESTS -- open mail IPC port and get requests.
**
@@ -1166,6 +1170,16 @@ opendaemonsocket(d, firsttime)
(void) setsockopt(d->d_socket, SOL_SOCKET,
SO_KEEPALIVE, (char *)&on, sizeof(on));
+#if _FFR_QOS && defined(SOL_IP) && defined(IP_TOS)
+ if (InetQoS != 0x00
+ && (d->d_addr.sa.sa_family == AF_INET
+ || (d->d_addr.sin6.sin6_family == AF_INET6 && IN6_IS_ADDR_V4MAPPED(d->d_addr.sin6.sin6_addr.s6_addr32)))) {
+ if (setsockopt(d->d_socket, SOL_IP,
+ IP_TOS, (char *)&InetQoS, sizeof(InetQoS)) < 0)
+ syserr("opendaemonsock: daemon %s: setsockopt(IP_TOS)", d->d_name);
+ }
+#endif /* _FFR_QOS && defined(SOL_IP) && defined(IP_TOS) */
+
#ifdef SO_RCVBUF
if (d->d_tcprcvbufsize > 0)
{
@@ -2730,6 +2744,16 @@ gothostent:
return EX_TEMPFAIL;
}
+#if _FFR_QOS && defined(SOL_IP) && defined(IP_TOS)
+ if (InetQoS != 0x00
+ && (family == AF_INET
+ || (family == AF_INET6 && IN6_IS_ADDR_V4MAPPED(addr.sin6.sin6_addr.s6_addr32))))
+ {
+ if (setsockopt(s, SOL_IP, IP_TOS,
+ (char *)&InetQoS, sizeof(InetQoS)) < 0)
+ syserr("makeconnection: setsockopt(IP_TOS)");
+ }
+#endif /* _FFR_QOS && defined(SOL_IP) && defined(IP_TOS) */
#ifdef SO_SNDBUF
if (ClientSettings[family].d_tcpsndbufsize > 0)
{
diff --git a/sendmail/readcf.c b/sendmail/readcf.c
index 24b0a6f..9406160 100644
--- a/sendmail/readcf.c
+++ b/sendmail/readcf.c
@@ -24,6 +24,7 @@ SM_RCSID("@(#)$Id: readcf.c,v 8.692 2013-11-22 20:51:56 ca Exp $")
#if NETINET || NETINET6
# include <arpa/inet.h>
+# include <netinet/ip.h>
#endif
@@ -3135,8 +3136,8 @@ static struct optioninfo
# define O_RCPTTHROTDELAY 0xe6
{ "BadRcptThrottleDelay", O_RCPTTHROTDELAY, OI_SAFE },
#endif
-#if 0 && _FFR_QOS && defined(SOL_IP) && defined(IP_TOS)
-# define O_INETQOS 0xe7 /* reserved for FFR_QOS */
+#if _FFR_QOS && defined(SOL_IP) && defined(IP_TOS)
+# define O_INETQOS 0xe7
{ "InetQoS", O_INETQOS, OI_NONE },
#endif
#if STARTTLS && _FFR_FIPSMODE
@@ -3211,6 +3212,77 @@ static struct optioninfo
{ NULL, '\0', OI_NONE }
};
+#ifdef O_INETQOS
+static struct qosmap
+{
+ char *name; /* name of the setting */
+ int value; /* corresponding setsockopt() value */
+} QoSMap[] = {
+#ifdef IPTOS_CLASS_CS0
+ { "CS0", IPTOS_CLASS_CS0 },
+#endif
+#ifdef IPTOS_CLASS_CS1
+ { "CS1", IPTOS_CLASS_CS1 },
+#endif
+#ifdef IPTOS_DSCP_AF11
+ { "AF11", IPTOS_DSCP_AF11 },
+#endif
+#ifdef IPTOS_DSCP_AF12
+ { "AF12", IPTOS_DSCP_AF12 },
+#endif
+#ifdef IPTOS_DSCP_AF13
+ { "AF13", IPTOS_DSCP_AF13 },
+#endif
+#ifdef IPTOS_CLASS_CS2
+ { "CS2", IPTOS_CLASS_CS2 },
+#endif
+#ifdef IPTOS_DSCP_AF21
+ { "AF21", IPTOS_DSCP_AF21 },
+#endif
+#ifdef IPTOS_DSCP_AF22
+ { "AF22", IPTOS_DSCP_AF22 },
+#endif
+#ifdef IPTOS_DSCP_AF23
+ { "AF23", IPTOS_DSCP_AF23 },
+#endif
+#ifdef IPTOS_CLASS_CS3
+ { "CS3", IPTOS_CLASS_CS3 },
+#endif
+#ifdef IPTOS_DSCP_AF31
+ { "AF31", IPTOS_DSCP_AF31 },
+#endif
+#ifdef IPTOS_DSCP_AF32
+ { "AF32", IPTOS_DSCP_AF32 },
+#endif
+#ifdef IPTOS_DSCP_AF33
+ { "AF33", IPTOS_DSCP_AF33 },
+#endif
+#ifdef IPTOS_CLASS_CS4
+ { "CS4", IPTOS_CLASS_CS4 },
+#endif
+#ifdef IPTOS_DSCP_AF41
+ { "AF41", IPTOS_DSCP_AF41 },
+#endif
+#ifdef IPTOS_DSCP_AF42
+ { "AF42", IPTOS_DSCP_AF42 },
+#endif
+#ifdef IPTOS_DSCP_AF43
+ { "AF43", IPTOS_DSCP_AF43 },
+#endif
+#ifdef IPTOS_CLASS_CS5
+ { "CS5", IPTOS_CLASS_CS5 },
+#endif
+#ifdef IPTOS_CLASS_CS6
+ { "CS6", IPTOS_CLASS_CS6 },
+#endif
+#ifdef IPTOS_CLASS_CS7
+ { "CS7", IPTOS_CLASS_CS7 },
+#endif
+ { "none", 0x00 },
+ { NULL, 0 }
+};
+#endif
+
# define CANONIFY(val)
# define SET_OPT_DEFAULT(opt, val) opt = val
@@ -4946,6 +5018,33 @@ setoption(opt, val, safe, sticky, e)
break;
#endif
+#ifdef O_INETQOS
+ case O_INETQOS:
+ {
+ struct qosmap *qmp;
+ InetQoS = -1;
+
+ for (qmp = QoSMap; qmp->name != NULL; ++qmp) {
+ if (!strcmp(val, qmp->name)) {
+ InetQoS = qmp->value;
+ break;
+ }
+ }
+
+ /*
+ ** we could allow writing it as a hex value, but
+ ** we don't at this time.
+ **/
+ if (qmp->name == NULL) {
+ (void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
+ "Warning: Option: %s unknown parameter '%s'\n",
+ OPTNAME, val);
+ break;
+ }
+ break;
+ }
+#endif
+
default:
if (tTd(37, 1))
{
diff --git a/sendmail/sendmail.h b/sendmail/sendmail.h
index 0f6d01d..5910a8b 100644
--- a/sendmail/sendmail.h
+++ b/sendmail/sendmail.h
@@ -2725,6 +2725,15 @@ EXTERN SOCKADDR ConnectOnlyTo; /* override connection address (for testing) */
EXTERN SOCKADDR RealHostAddr; /* address of host we are talking to */
extern const SM_EXC_TYPE_T EtypeQuickAbort; /* type of a QuickAbort exception */
+#if _FFR_QOS
+# if !defined(SOL_IP) && defined(IPPROTO_IP)
+# define SOL_IP IPPROTO_IP
+# endif
+# if defined(SOL_IP) && defined(IP_TOS)
+extern int InetQoS; /* QoS mapping */
+# endif
+#endif
+
#if _FFR_BLANKENV_MACV
EXTERN int Hacks; /* bit field of run-time enabled "hacks" */
# define H_LOOKUP_MACRO_IN_BLANKENV 0x0001