1 /* $NetBSD: in6_pcb.c,v 1.110 2009/05/26 00:17:56 pooka Exp $ */ 2 /* $KAME: in6_pcb.c,v 1.84 2001/02/08 18:02:08 itojun Exp $ */ 3 4 /* 5 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. 6 * All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 1. Redistributions of source code must retain the above copyright 12 * notice, this list of conditions and the following disclaimer. 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 3. Neither the name of the project nor the names of its contributors 17 * may be used to endorse or promote products derived from this software 18 * without specific prior written permission. 19 * 20 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND 21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 23 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 30 * SUCH DAMAGE. 31 */ 32 33 /* 34 * Copyright (c) 1982, 1986, 1991, 1993 35 * The Regents of the University of California. All rights reserved. 36 * 37 * Redistribution and use in source and binary forms, with or without 38 * modification, are permitted provided that the following conditions 39 * are met: 40 * 1. Redistributions of source code must retain the above copyright 41 * notice, this list of conditions and the following disclaimer. 42 * 2. Redistributions in binary form must reproduce the above copyright 43 * notice, this list of conditions and the following disclaimer in the 44 * documentation and/or other materials provided with the distribution. 45 * 3. Neither the name of the University nor the names of its contributors 46 * may be used to endorse or promote products derived from this software 47 * without specific prior written permission. 48 * 49 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 50 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 51 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 52 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 53 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 54 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 55 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 56 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 57 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 58 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 59 * SUCH DAMAGE. 60 * 61 * @(#)in_pcb.c 8.2 (Berkeley) 1/4/94 62 */ 63 64 #include <sys/cdefs.h> 65 __KERNEL_RCSID(0, "$NetBSD: in6_pcb.c,v 1.110 2009/05/26 00:17:56 pooka Exp $"); 66 67 #include "opt_inet.h" 68 #include "opt_ipsec.h" 69 70 #include <sys/param.h> 71 #include <sys/systm.h> 72 #include <sys/malloc.h> 73 #include <sys/mbuf.h> 74 #include <sys/protosw.h> 75 #include <sys/socket.h> 76 #include <sys/socketvar.h> 77 #include <sys/ioctl.h> 78 #include <sys/errno.h> 79 #include <sys/time.h> 80 #include <sys/proc.h> 81 #include <sys/kauth.h> 82 #include <sys/domain.h> 83 #include <sys/once.h> 84 85 #include <net/if.h> 86 #include <net/route.h> 87 88 #include <netinet/in.h> 89 #include <netinet/in_var.h> 90 #include <netinet/in_systm.h> 91 #include <netinet/ip.h> 92 #include <netinet/in_pcb.h> 93 #include <netinet/ip6.h> 94 #include <netinet6/ip6_var.h> 95 #include <netinet6/in6_pcb.h> 96 #include <netinet6/scope6_var.h> 97 #include <netinet6/nd6.h> 98 99 #include "faith.h" 100 101 #ifdef IPSEC 102 #include <netinet6/ipsec.h> 103 #include <netkey/key.h> 104 #endif /* IPSEC */ 105 106 #ifdef FAST_IPSEC 107 #include <netipsec/ipsec.h> 108 #include <netipsec/ipsec6.h> 109 #include <netipsec/key.h> 110 #endif /* FAST_IPSEC */ 111 112 const struct in6_addr zeroin6_addr; 113 114 #define IN6PCBHASH_PORT(table, lport) \ 115 &(table)->inpt_porthashtbl[ntohs(lport) & (table)->inpt_porthash] 116 #define IN6PCBHASH_BIND(table, laddr, lport) \ 117 &(table)->inpt_bindhashtbl[ \ 118 (((laddr)->s6_addr32[0] ^ (laddr)->s6_addr32[1] ^ \ 119 (laddr)->s6_addr32[2] ^ (laddr)->s6_addr32[3]) + ntohs(lport)) & \ 120 (table)->inpt_bindhash] 121 #define IN6PCBHASH_CONNECT(table, faddr, fport, laddr, lport) \ 122 &(table)->inpt_bindhashtbl[ \ 123 ((((faddr)->s6_addr32[0] ^ (faddr)->s6_addr32[1] ^ \ 124 (faddr)->s6_addr32[2] ^ (faddr)->s6_addr32[3]) + ntohs(fport)) + \ 125 (((laddr)->s6_addr32[0] ^ (laddr)->s6_addr32[1] ^ \ 126 (laddr)->s6_addr32[2] ^ (laddr)->s6_addr32[3]) + \ 127 ntohs(lport))) & (table)->inpt_bindhash] 128 129 int ip6_anonportmin = IPV6PORT_ANONMIN; 130 int ip6_anonportmax = IPV6PORT_ANONMAX; 131 int ip6_lowportmin = IPV6PORT_RESERVEDMIN; 132 int ip6_lowportmax = IPV6PORT_RESERVEDMAX; 133 134 static struct pool in6pcb_pool; 135 136 static int 137 in6pcb_poolinit(void) 138 { 139 140 pool_init(&in6pcb_pool, sizeof(struct in6pcb), 0, 0, 0, "in6pcbpl", 141 NULL, IPL_SOFTNET); 142 return 0; 143 } 144 145 void 146 in6_pcbinit(struct inpcbtable *table, int bindhashsize, int connecthashsize) 147 { 148 static ONCE_DECL(control); 149 150 in_pcbinit(table, bindhashsize, connecthashsize); 151 table->inpt_lastport = (u_int16_t)ip6_anonportmax; 152 153 RUN_ONCE(&control, in6pcb_poolinit); 154 } 155 156 int 157 in6_pcballoc(struct socket *so, void *v) 158 { 159 struct inpcbtable *table = v; 160 struct in6pcb *in6p; 161 int s; 162 #if defined(IPSEC) || defined(FAST_IPSEC) 163 int error; 164 #endif 165 166 s = splnet(); 167 in6p = pool_get(&in6pcb_pool, PR_NOWAIT); 168 splx(s); 169 if (in6p == NULL) 170 return (ENOBUFS); 171 memset((void *)in6p, 0, sizeof(*in6p)); 172 in6p->in6p_af = AF_INET6; 173 in6p->in6p_table = table; 174 in6p->in6p_socket = so; 175 in6p->in6p_hops = -1; /* use kernel default */ 176 in6p->in6p_icmp6filt = NULL; 177 #if defined(IPSEC) || defined(FAST_IPSEC) 178 error = ipsec_init_pcbpolicy(so, &in6p->in6p_sp); 179 if (error != 0) { 180 s = splnet(); 181 pool_put(&in6pcb_pool, in6p); 182 splx(s); 183 return error; 184 } 185 #endif /* IPSEC */ 186 s = splnet(); 187 CIRCLEQ_INSERT_HEAD(&table->inpt_queue, (struct inpcb_hdr*)in6p, 188 inph_queue); 189 LIST_INSERT_HEAD(IN6PCBHASH_PORT(table, in6p->in6p_lport), 190 &in6p->in6p_head, inph_lhash); 191 in6_pcbstate(in6p, IN6P_ATTACHED); 192 splx(s); 193 if (ip6_v6only) 194 in6p->in6p_flags |= IN6P_IPV6_V6ONLY; 195 so->so_pcb = (void *)in6p; 196 return (0); 197 } 198 199 /* 200 * Bind address from sin6 to in6p. 201 */ 202 static int 203 in6_pcbbind_addr(struct in6pcb *in6p, struct sockaddr_in6 *sin6, struct lwp *l) 204 { 205 int error; 206 207 /* 208 * We should check the family, but old programs 209 * incorrectly fail to intialize it. 210 */ 211 if (sin6->sin6_family != AF_INET6) 212 return (EAFNOSUPPORT); 213 214 #ifndef INET 215 if (IN6_IS_ADDR_V4MAPPED(&sin6->sin6_addr)) 216 return (EADDRNOTAVAIL); 217 #endif 218 219 if ((error = sa6_embedscope(sin6, ip6_use_defzone)) != 0) 220 return (error); 221 222 if (IN6_IS_ADDR_V4MAPPED(&sin6->sin6_addr)) { 223 if ((in6p->in6p_flags & IN6P_IPV6_V6ONLY) != 0) 224 return (EINVAL); 225 if (sin6->sin6_addr.s6_addr32[3]) { 226 struct sockaddr_in sin; 227 228 memset(&sin, 0, sizeof(sin)); 229 sin.sin_len = sizeof(sin); 230 sin.sin_family = AF_INET; 231 bcopy(&sin6->sin6_addr.s6_addr32[3], 232 &sin.sin_addr, sizeof(sin.sin_addr)); 233 if (ifa_ifwithaddr((struct sockaddr *)&sin) == 0) 234 return EADDRNOTAVAIL; 235 } 236 } else if (!IN6_IS_ADDR_UNSPECIFIED(&sin6->sin6_addr)) { 237 struct ifaddr *ia = NULL; 238 239 if ((in6p->in6p_flags & IN6P_FAITH) == 0 && 240 (ia = ifa_ifwithaddr((struct sockaddr *)sin6)) == 0) 241 return (EADDRNOTAVAIL); 242 243 /* 244 * bind to an anycast address might accidentally 245 * cause sending a packet with an anycast source 246 * address, so we forbid it. 247 * 248 * We should allow to bind to a deprecated address, 249 * since the application dare to use it. 250 * But, can we assume that they are careful enough 251 * to check if the address is deprecated or not? 252 * Maybe, as a safeguard, we should have a setsockopt 253 * flag to control the bind(2) behavior against 254 * deprecated addresses (default: forbid bind(2)). 255 */ 256 if (ia && 257 ((struct in6_ifaddr *)ia)->ia6_flags & 258 (IN6_IFF_ANYCAST|IN6_IFF_NOTREADY|IN6_IFF_DETACHED)) 259 return (EADDRNOTAVAIL); 260 } 261 262 263 in6p->in6p_laddr = sin6->sin6_addr; 264 265 266 return (0); 267 } 268 269 /* 270 * Bind port from sin6 to in6p. 271 */ 272 static int 273 in6_pcbbind_port(struct in6pcb *in6p, struct sockaddr_in6 *sin6, struct lwp *l) 274 { 275 struct inpcbtable *table = in6p->in6p_table; 276 struct socket *so = in6p->in6p_socket; 277 int wild = 0, reuseport = (so->so_options & SO_REUSEPORT); 278 int error; 279 280 if ((so->so_options & (SO_REUSEADDR|SO_REUSEPORT)) == 0 && 281 ((so->so_proto->pr_flags & PR_CONNREQUIRED) == 0 || 282 (so->so_options & SO_ACCEPTCONN) == 0)) 283 wild = 1; 284 285 if (sin6->sin6_port != 0) { 286 enum kauth_network_req req; 287 288 #ifndef IPNOPRIVPORTS 289 if (ntohs(sin6->sin6_port) < IPV6PORT_RESERVED) 290 req = KAUTH_REQ_NETWORK_BIND_PRIVPORT; 291 else 292 #endif /* IPNOPRIVPORTS */ 293 req = KAUTH_REQ_NETWORK_BIND_PORT; 294 295 error = kauth_authorize_network(l->l_cred, KAUTH_NETWORK_BIND, 296 req, so, sin6, NULL); 297 if (error) 298 return (EACCES); 299 } 300 301 if (IN6_IS_ADDR_MULTICAST(&sin6->sin6_addr)) { 302 /* 303 * Treat SO_REUSEADDR as SO_REUSEPORT for multicast; 304 * allow compepte duplication of binding if 305 * SO_REUSEPORT is set, or if SO_REUSEADDR is set 306 * and a multicast address is bound on both 307 * new and duplicated sockets. 308 */ 309 if (so->so_options & SO_REUSEADDR) 310 reuseport = SO_REUSEADDR|SO_REUSEPORT; 311 } 312 313 if (sin6->sin6_port != 0) { 314 if (IN6_IS_ADDR_V4MAPPED(&sin6->sin6_addr)) { 315 #ifdef INET 316 struct inpcb *t; 317 318 t = in_pcblookup_port(table, 319 *(struct in_addr *)&sin6->sin6_addr.s6_addr32[3], 320 sin6->sin6_port, wild); 321 if (t && (reuseport & t->inp_socket->so_options) == 0) 322 return (EADDRINUSE); 323 #else 324 return (EADDRNOTAVAIL); 325 #endif 326 } 327 328 { 329 struct in6pcb *t; 330 331 t = in6_pcblookup_port(table, &sin6->sin6_addr, 332 sin6->sin6_port, wild); 333 if (t && (reuseport & t->in6p_socket->so_options) == 0) 334 return (EADDRINUSE); 335 } 336 } 337 338 if (sin6->sin6_port == 0) { 339 int e; 340 e = in6_pcbsetport(sin6, in6p, l); 341 if (e != 0) 342 return (e); 343 } else { 344 in6p->in6p_lport = sin6->sin6_port; 345 in6_pcbstate(in6p, IN6P_BOUND); 346 } 347 348 LIST_REMOVE(&in6p->in6p_head, inph_lhash); 349 LIST_INSERT_HEAD(IN6PCBHASH_PORT(table, in6p->in6p_lport), 350 &in6p->in6p_head, inph_lhash); 351 352 return (0); 353 } 354 355 int 356 in6_pcbbind(void *v, struct mbuf *nam, struct lwp *l) 357 { 358 struct in6pcb *in6p = v; 359 struct sockaddr_in6 lsin6; 360 struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)NULL; 361 int error; 362 363 if (in6p->in6p_af != AF_INET6) 364 return (EINVAL); 365 366 /* 367 * If we already have a local port or a local address it means we're 368 * bounded. 369 */ 370 if (in6p->in6p_lport || !IN6_IS_ADDR_UNSPECIFIED(&in6p->in6p_laddr)) 371 return (EINVAL); 372 373 if (nam != NULL) { 374 /* We were provided a sockaddr_in6 to use. */ 375 sin6 = mtod(nam, struct sockaddr_in6 *); 376 if (nam->m_len != sizeof(*sin6)) 377 return (EINVAL); 378 } else { 379 /* We always bind to *something*, even if it's "anything". */ 380 lsin6 = *((const struct sockaddr_in6 *) 381 in6p->in6p_socket->so_proto->pr_domain->dom_sa_any); 382 sin6 = &lsin6; 383 } 384 385 /* Bind address. */ 386 error = in6_pcbbind_addr(in6p, sin6, l); 387 if (error) 388 return (error); 389 390 /* Bind port. */ 391 error = in6_pcbbind_port(in6p, sin6, l); 392 if (error) { 393 /* 394 * Reset the address here to "any" so we don't "leak" the 395 * in6pcb. 396 */ 397 in6p->in6p_laddr = in6addr_any; 398 399 return (error); 400 } 401 402 403 #if 0 404 in6p->in6p_flowinfo = 0; /* XXX */ 405 #endif 406 return (0); 407 } 408 409 /* 410 * Connect from a socket to a specified address. 411 * Both address and port must be specified in argument sin6. 412 * If don't have a local address for this socket yet, 413 * then pick one. 414 */ 415 int 416 in6_pcbconnect(void *v, struct mbuf *nam, struct lwp *l) 417 { 418 struct rtentry *rt; 419 struct in6pcb *in6p = v; 420 struct in6_addr *in6a = NULL; 421 struct sockaddr_in6 *sin6 = mtod(nam, struct sockaddr_in6 *); 422 struct ifnet *ifp = NULL; /* outgoing interface */ 423 int error = 0; 424 int scope_ambiguous = 0; 425 #ifdef INET 426 struct in6_addr mapped; 427 #endif 428 struct sockaddr_in6 tmp; 429 430 (void)&in6a; /* XXX fool gcc */ 431 432 if (in6p->in6p_af != AF_INET6) 433 return (EINVAL); 434 435 if (nam->m_len != sizeof(*sin6)) 436 return (EINVAL); 437 if (sin6->sin6_family != AF_INET6) 438 return (EAFNOSUPPORT); 439 if (sin6->sin6_port == 0) 440 return (EADDRNOTAVAIL); 441 442 if (sin6->sin6_scope_id == 0 && !ip6_use_defzone) 443 scope_ambiguous = 1; 444 if ((error = sa6_embedscope(sin6, ip6_use_defzone)) != 0) 445 return(error); 446 447 /* sanity check for mapped address case */ 448 if (IN6_IS_ADDR_V4MAPPED(&sin6->sin6_addr)) { 449 if ((in6p->in6p_flags & IN6P_IPV6_V6ONLY) != 0) 450 return EINVAL; 451 if (IN6_IS_ADDR_UNSPECIFIED(&in6p->in6p_laddr)) 452 in6p->in6p_laddr.s6_addr16[5] = htons(0xffff); 453 if (!IN6_IS_ADDR_V4MAPPED(&in6p->in6p_laddr)) 454 return EINVAL; 455 } else 456 { 457 if (IN6_IS_ADDR_V4MAPPED(&in6p->in6p_laddr)) 458 return EINVAL; 459 } 460 461 /* protect *sin6 from overwrites */ 462 tmp = *sin6; 463 sin6 = &tmp; 464 465 /* Source address selection. */ 466 if (IN6_IS_ADDR_V4MAPPED(&in6p->in6p_laddr) && 467 in6p->in6p_laddr.s6_addr32[3] == 0) { 468 #ifdef INET 469 struct sockaddr_in sin, *sinp; 470 471 memset(&sin, 0, sizeof(sin)); 472 sin.sin_len = sizeof(sin); 473 sin.sin_family = AF_INET; 474 memcpy(&sin.sin_addr, &sin6->sin6_addr.s6_addr32[3], 475 sizeof(sin.sin_addr)); 476 sinp = in_selectsrc(&sin, &in6p->in6p_route, 477 in6p->in6p_socket->so_options, NULL, &error); 478 if (sinp == 0) { 479 if (error == 0) 480 error = EADDRNOTAVAIL; 481 return (error); 482 } 483 memset(&mapped, 0, sizeof(mapped)); 484 mapped.s6_addr16[5] = htons(0xffff); 485 memcpy(&mapped.s6_addr32[3], &sinp->sin_addr, sizeof(sinp->sin_addr)); 486 in6a = &mapped; 487 #else 488 return EADDRNOTAVAIL; 489 #endif 490 } else { 491 /* 492 * XXX: in6_selectsrc might replace the bound local address 493 * with the address specified by setsockopt(IPV6_PKTINFO). 494 * Is it the intended behavior? 495 */ 496 in6a = in6_selectsrc(sin6, in6p->in6p_outputopts, 497 in6p->in6p_moptions, 498 &in6p->in6p_route, 499 &in6p->in6p_laddr, &ifp, &error); 500 if (ifp && scope_ambiguous && 501 (error = in6_setscope(&sin6->sin6_addr, ifp, NULL)) != 0) { 502 return(error); 503 } 504 505 if (in6a == 0) { 506 if (error == 0) 507 error = EADDRNOTAVAIL; 508 return (error); 509 } 510 } 511 if (ifp == NULL && (rt = rtcache_validate(&in6p->in6p_route)) != NULL) 512 ifp = rt->rt_ifp; 513 514 in6p->in6p_ip6.ip6_hlim = (u_int8_t)in6_selecthlim(in6p, ifp); 515 516 if (in6_pcblookup_connect(in6p->in6p_table, &sin6->sin6_addr, 517 sin6->sin6_port, 518 IN6_IS_ADDR_UNSPECIFIED(&in6p->in6p_laddr) ? in6a : &in6p->in6p_laddr, 519 in6p->in6p_lport, 0)) 520 return (EADDRINUSE); 521 if (IN6_IS_ADDR_UNSPECIFIED(&in6p->in6p_laddr) || 522 (IN6_IS_ADDR_V4MAPPED(&in6p->in6p_laddr) && 523 in6p->in6p_laddr.s6_addr32[3] == 0)) 524 { 525 if (in6p->in6p_lport == 0) { 526 error = in6_pcbbind(in6p, (struct mbuf *)0, l); 527 if (error != 0) 528 return error; 529 } 530 in6p->in6p_laddr = *in6a; 531 } 532 in6p->in6p_faddr = sin6->sin6_addr; 533 in6p->in6p_fport = sin6->sin6_port; 534 in6_pcbstate(in6p, IN6P_CONNECTED); 535 in6p->in6p_flowinfo &= ~IPV6_FLOWLABEL_MASK; 536 if (ip6_auto_flowlabel) 537 in6p->in6p_flowinfo |= 538 (htonl(ip6_randomflowlabel()) & IPV6_FLOWLABEL_MASK); 539 #if defined(IPSEC) || defined(FAST_IPSEC) 540 if (in6p->in6p_socket->so_type == SOCK_STREAM) 541 ipsec_pcbconn(in6p->in6p_sp); 542 #endif 543 return (0); 544 } 545 546 void 547 in6_pcbdisconnect(struct in6pcb *in6p) 548 { 549 memset((void *)&in6p->in6p_faddr, 0, sizeof(in6p->in6p_faddr)); 550 in6p->in6p_fport = 0; 551 in6_pcbstate(in6p, IN6P_BOUND); 552 in6p->in6p_flowinfo &= ~IPV6_FLOWLABEL_MASK; 553 #if defined(IPSEC) || defined(FAST_IPSEC) 554 ipsec_pcbdisconn(in6p->in6p_sp); 555 #endif 556 if (in6p->in6p_socket->so_state & SS_NOFDREF) 557 in6_pcbdetach(in6p); 558 } 559 560 void 561 in6_pcbdetach(struct in6pcb *in6p) 562 { 563 struct socket *so = in6p->in6p_socket; 564 int s; 565 566 if (in6p->in6p_af != AF_INET6) 567 return; 568 569 #if defined(IPSEC) || defined(FAST_IPSEC) 570 ipsec6_delete_pcbpolicy(in6p); 571 #endif /* IPSEC */ 572 so->so_pcb = 0; 573 if (in6p->in6p_options) 574 m_freem(in6p->in6p_options); 575 if (in6p->in6p_outputopts != NULL) { 576 ip6_clearpktopts(in6p->in6p_outputopts, -1); 577 free(in6p->in6p_outputopts, M_IP6OPT); 578 } 579 rtcache_free(&in6p->in6p_route); 580 ip6_freemoptions(in6p->in6p_moptions); 581 s = splnet(); 582 in6_pcbstate(in6p, IN6P_ATTACHED); 583 LIST_REMOVE(&in6p->in6p_head, inph_lhash); 584 CIRCLEQ_REMOVE(&in6p->in6p_table->inpt_queue, &in6p->in6p_head, 585 inph_queue); 586 pool_put(&in6pcb_pool, in6p); 587 splx(s); 588 sofree(so); /* drops the socket's lock */ 589 mutex_enter(softnet_lock); /* reacquire it */ 590 } 591 592 void 593 in6_setsockaddr(struct in6pcb *in6p, struct mbuf *nam) 594 { 595 struct sockaddr_in6 *sin6; 596 597 if (in6p->in6p_af != AF_INET6) 598 return; 599 600 nam->m_len = sizeof(*sin6); 601 sin6 = mtod(nam, struct sockaddr_in6 *); 602 sockaddr_in6_init(sin6, &in6p->in6p_laddr, in6p->in6p_lport, 0, 0); 603 (void)sa6_recoverscope(sin6); /* XXX: should catch errors */ 604 } 605 606 void 607 in6_setpeeraddr(struct in6pcb *in6p, struct mbuf *nam) 608 { 609 struct sockaddr_in6 *sin6; 610 611 if (in6p->in6p_af != AF_INET6) 612 return; 613 614 nam->m_len = sizeof(*sin6); 615 sin6 = mtod(nam, struct sockaddr_in6 *); 616 sockaddr_in6_init(sin6, &in6p->in6p_faddr, in6p->in6p_fport, 0, 0); 617 (void)sa6_recoverscope(sin6); /* XXX: should catch errors */ 618 } 619 620 /* 621 * Pass some notification to all connections of a protocol 622 * associated with address dst. The local address and/or port numbers 623 * may be specified to limit the search. The "usual action" will be 624 * taken, depending on the ctlinput cmd. The caller must filter any 625 * cmds that are uninteresting (e.g., no error in the map). 626 * Call the protocol specific routine (if any) to report 627 * any errors for each matching socket. 628 * 629 * Must be called at splsoftnet. 630 * 631 * Note: src (4th arg) carries the flowlabel value on the original IPv6 632 * header, in sin6_flowinfo member. 633 */ 634 int 635 in6_pcbnotify(struct inpcbtable *table, const struct sockaddr *dst, 636 u_int fport_arg, const struct sockaddr *src, u_int lport_arg, int cmd, 637 void *cmdarg, void (*notify)(struct in6pcb *, int)) 638 { 639 struct rtentry *rt; 640 struct in6pcb *in6p, *nin6p; 641 struct sockaddr_in6 sa6_src; 642 const struct sockaddr_in6 *sa6_dst; 643 u_int16_t fport = fport_arg, lport = lport_arg; 644 int errno; 645 int nmatch = 0; 646 u_int32_t flowinfo; 647 648 if ((unsigned)cmd >= PRC_NCMDS || dst->sa_family != AF_INET6) 649 return 0; 650 651 sa6_dst = (const struct sockaddr_in6 *)dst; 652 if (IN6_IS_ADDR_UNSPECIFIED(&sa6_dst->sin6_addr)) 653 return 0; 654 655 /* 656 * note that src can be NULL when we get notify by local fragmentation. 657 */ 658 sa6_src = (src == NULL) ? sa6_any : *(const struct sockaddr_in6 *)src; 659 flowinfo = sa6_src.sin6_flowinfo; 660 661 /* 662 * Redirects go to all references to the destination, 663 * and use in6_rtchange to invalidate the route cache. 664 * Dead host indications: also use in6_rtchange to invalidate 665 * the cache, and deliver the error to all the sockets. 666 * Otherwise, if we have knowledge of the local port and address, 667 * deliver only to that socket. 668 */ 669 if (PRC_IS_REDIRECT(cmd) || cmd == PRC_HOSTDEAD) { 670 fport = 0; 671 lport = 0; 672 memset((void *)&sa6_src.sin6_addr, 0, sizeof(sa6_src.sin6_addr)); 673 674 if (cmd != PRC_HOSTDEAD) 675 notify = in6_rtchange; 676 } 677 678 errno = inet6ctlerrmap[cmd]; 679 for (in6p = (struct in6pcb *)CIRCLEQ_FIRST(&table->inpt_queue); 680 in6p != (void *)&table->inpt_queue; 681 in6p = nin6p) { 682 nin6p = (struct in6pcb *)CIRCLEQ_NEXT(in6p, in6p_queue); 683 684 if (in6p->in6p_af != AF_INET6) 685 continue; 686 687 /* 688 * Under the following condition, notify of redirects 689 * to the pcb, without making address matches against inpcb. 690 * - redirect notification is arrived. 691 * - the inpcb is unconnected. 692 * - the inpcb is caching !RTF_HOST routing entry. 693 * - the ICMPv6 notification is from the gateway cached in the 694 * inpcb. i.e. ICMPv6 notification is from nexthop gateway 695 * the inpcb used very recently. 696 * 697 * This is to improve interaction between netbsd/openbsd 698 * redirect handling code, and inpcb route cache code. 699 * without the clause, !RTF_HOST routing entry (which carries 700 * gateway used by inpcb right before the ICMPv6 redirect) 701 * will be cached forever in unconnected inpcb. 702 * 703 * There still is a question regarding to what is TRT: 704 * - On bsdi/freebsd, RTF_HOST (cloned) routing entry will be 705 * generated on packet output. inpcb will always cache 706 * RTF_HOST routing entry so there's no need for the clause 707 * (ICMPv6 redirect will update RTF_HOST routing entry, 708 * and inpcb is caching it already). 709 * However, bsdi/freebsd are vulnerable to local DoS attacks 710 * due to the cloned routing entries. 711 * - Specwise, "destination cache" is mentioned in RFC2461. 712 * Jinmei says that it implies bsdi/freebsd behavior, itojun 713 * is not really convinced. 714 * - Having hiwat/lowat on # of cloned host route (redirect/ 715 * pmtud) may be a good idea. netbsd/openbsd has it. see 716 * icmp6_mtudisc_update(). 717 */ 718 if ((PRC_IS_REDIRECT(cmd) || cmd == PRC_HOSTDEAD) && 719 IN6_IS_ADDR_UNSPECIFIED(&in6p->in6p_laddr) && 720 (rt = rtcache_validate(&in6p->in6p_route)) != NULL && 721 !(rt->rt_flags & RTF_HOST)) { 722 const struct sockaddr_in6 *dst6; 723 724 dst6 = (const struct sockaddr_in6 *) 725 rtcache_getdst(&in6p->in6p_route); 726 if (dst6 == NULL) 727 ; 728 else if (IN6_ARE_ADDR_EQUAL(&dst6->sin6_addr, 729 &sa6_dst->sin6_addr)) 730 goto do_notify; 731 } 732 733 /* 734 * If the error designates a new path MTU for a destination 735 * and the application (associated with this socket) wanted to 736 * know the value, notify. Note that we notify for all 737 * disconnected sockets if the corresponding application 738 * wanted. This is because some UDP applications keep sending 739 * sockets disconnected. 740 * XXX: should we avoid to notify the value to TCP sockets? 741 */ 742 if (cmd == PRC_MSGSIZE && (in6p->in6p_flags & IN6P_MTU) != 0 && 743 (IN6_IS_ADDR_UNSPECIFIED(&in6p->in6p_faddr) || 744 IN6_ARE_ADDR_EQUAL(&in6p->in6p_faddr, &sa6_dst->sin6_addr))) { 745 ip6_notify_pmtu(in6p, (const struct sockaddr_in6 *)dst, 746 (u_int32_t *)cmdarg); 747 } 748 749 /* 750 * Detect if we should notify the error. If no source and 751 * destination ports are specified, but non-zero flowinfo and 752 * local address match, notify the error. This is the case 753 * when the error is delivered with an encrypted buffer 754 * by ESP. Otherwise, just compare addresses and ports 755 * as usual. 756 */ 757 if (lport == 0 && fport == 0 && flowinfo && 758 in6p->in6p_socket != NULL && 759 flowinfo == (in6p->in6p_flowinfo & IPV6_FLOWLABEL_MASK) && 760 IN6_ARE_ADDR_EQUAL(&in6p->in6p_laddr, &sa6_src.sin6_addr)) 761 goto do_notify; 762 else if (!IN6_ARE_ADDR_EQUAL(&in6p->in6p_faddr, 763 &sa6_dst->sin6_addr) || 764 in6p->in6p_socket == 0 || 765 (lport && in6p->in6p_lport != lport) || 766 (!IN6_IS_ADDR_UNSPECIFIED(&sa6_src.sin6_addr) && 767 !IN6_ARE_ADDR_EQUAL(&in6p->in6p_laddr, 768 &sa6_src.sin6_addr)) || 769 (fport && in6p->in6p_fport != fport)) 770 continue; 771 772 do_notify: 773 if (notify) 774 (*notify)(in6p, errno); 775 nmatch++; 776 } 777 return nmatch; 778 } 779 780 void 781 in6_pcbpurgeif0(struct inpcbtable *table, struct ifnet *ifp) 782 { 783 struct in6pcb *in6p, *nin6p; 784 struct ip6_moptions *im6o; 785 struct in6_multi_mship *imm, *nimm; 786 787 for (in6p = (struct in6pcb *)CIRCLEQ_FIRST(&table->inpt_queue); 788 in6p != (void *)&table->inpt_queue; 789 in6p = nin6p) { 790 nin6p = (struct in6pcb *)CIRCLEQ_NEXT(in6p, in6p_queue); 791 if (in6p->in6p_af != AF_INET6) 792 continue; 793 794 im6o = in6p->in6p_moptions; 795 if (im6o) { 796 /* 797 * Unselect the outgoing interface if it is being 798 * detached. 799 */ 800 if (im6o->im6o_multicast_ifp == ifp) 801 im6o->im6o_multicast_ifp = NULL; 802 803 /* 804 * Drop multicast group membership if we joined 805 * through the interface being detached. 806 * XXX controversial - is it really legal for kernel 807 * to force this? 808 */ 809 for (imm = im6o->im6o_memberships.lh_first; 810 imm != NULL; imm = nimm) { 811 nimm = imm->i6mm_chain.le_next; 812 if (imm->i6mm_maddr->in6m_ifp == ifp) { 813 LIST_REMOVE(imm, i6mm_chain); 814 in6_leavegroup(imm); 815 } 816 } 817 } 818 } 819 } 820 821 void 822 in6_pcbpurgeif(struct inpcbtable *table, struct ifnet *ifp) 823 { 824 struct rtentry *rt; 825 struct in6pcb *in6p, *nin6p; 826 827 for (in6p = (struct in6pcb *)CIRCLEQ_FIRST(&table->inpt_queue); 828 in6p != (void *)&table->inpt_queue; 829 in6p = nin6p) { 830 nin6p = (struct in6pcb *)CIRCLEQ_NEXT(in6p, in6p_queue); 831 if (in6p->in6p_af != AF_INET6) 832 continue; 833 if ((rt = rtcache_validate(&in6p->in6p_route)) != NULL && 834 rt->rt_ifp == ifp) 835 in6_rtchange(in6p, 0); 836 } 837 } 838 839 /* 840 * Check for alternatives when higher level complains 841 * about service problems. For now, invalidate cached 842 * routing information. If the route was created dynamically 843 * (by a redirect), time to try a default gateway again. 844 */ 845 void 846 in6_losing(struct in6pcb *in6p) 847 { 848 struct rtentry *rt; 849 struct rt_addrinfo info; 850 851 if (in6p->in6p_af != AF_INET6) 852 return; 853 854 if ((rt = rtcache_validate(&in6p->in6p_route)) == NULL) 855 return; 856 857 memset(&info, 0, sizeof(info)); 858 info.rti_info[RTAX_DST] = rtcache_getdst(&in6p->in6p_route); 859 info.rti_info[RTAX_GATEWAY] = rt->rt_gateway; 860 info.rti_info[RTAX_NETMASK] = rt_mask(rt); 861 rt_missmsg(RTM_LOSING, &info, rt->rt_flags, 0); 862 if (rt->rt_flags & RTF_DYNAMIC) { 863 (void)rtrequest(RTM_DELETE, rt_getkey(rt), 864 rt->rt_gateway, rt_mask(rt), rt->rt_flags, NULL); 865 } 866 /* 867 * A new route can be allocated 868 * the next time output is attempted. 869 */ 870 rtcache_free(&in6p->in6p_route); 871 } 872 873 /* 874 * After a routing change, flush old routing. A new route can be 875 * allocated the next time output is attempted. 876 */ 877 void 878 in6_rtchange(struct in6pcb *in6p, int errno) 879 { 880 if (in6p->in6p_af != AF_INET6) 881 return; 882 883 rtcache_free(&in6p->in6p_route); 884 /* 885 * A new route can be allocated the next time 886 * output is attempted. 887 */ 888 } 889 890 struct in6pcb * 891 in6_pcblookup_port(struct inpcbtable *table, struct in6_addr *laddr6, 892 u_int lport_arg, int lookup_wildcard) 893 { 894 struct inpcbhead *head; 895 struct inpcb_hdr *inph; 896 struct in6pcb *in6p, *match = 0; 897 int matchwild = 3, wildcard; 898 u_int16_t lport = lport_arg; 899 900 head = IN6PCBHASH_PORT(table, lport); 901 LIST_FOREACH(inph, head, inph_lhash) { 902 in6p = (struct in6pcb *)inph; 903 if (in6p->in6p_af != AF_INET6) 904 continue; 905 906 if (in6p->in6p_lport != lport) 907 continue; 908 wildcard = 0; 909 if (IN6_IS_ADDR_V4MAPPED(&in6p->in6p_faddr)) { 910 if ((in6p->in6p_flags & IN6P_IPV6_V6ONLY) != 0) 911 continue; 912 } 913 if (!IN6_IS_ADDR_UNSPECIFIED(&in6p->in6p_faddr)) 914 wildcard++; 915 if (IN6_IS_ADDR_V4MAPPED(&in6p->in6p_laddr)) { 916 if ((in6p->in6p_flags & IN6P_IPV6_V6ONLY) != 0) 917 continue; 918 if (!IN6_IS_ADDR_V4MAPPED(laddr6)) 919 continue; 920 921 /* duplicate of IPv4 logic */ 922 wildcard = 0; 923 if (IN6_IS_ADDR_V4MAPPED(&in6p->in6p_faddr) && 924 in6p->in6p_faddr.s6_addr32[3]) 925 wildcard++; 926 if (!in6p->in6p_laddr.s6_addr32[3]) { 927 if (laddr6->s6_addr32[3]) 928 wildcard++; 929 } else { 930 if (!laddr6->s6_addr32[3]) 931 wildcard++; 932 else { 933 if (in6p->in6p_laddr.s6_addr32[3] != 934 laddr6->s6_addr32[3]) 935 continue; 936 } 937 } 938 } else if (IN6_IS_ADDR_UNSPECIFIED(&in6p->in6p_laddr)) { 939 if (IN6_IS_ADDR_V4MAPPED(laddr6)) { 940 if ((in6p->in6p_flags & IN6P_IPV6_V6ONLY) != 0) 941 continue; 942 } 943 if (!IN6_IS_ADDR_UNSPECIFIED(laddr6)) 944 wildcard++; 945 } else { 946 if (IN6_IS_ADDR_V4MAPPED(laddr6)) { 947 if ((in6p->in6p_flags & IN6P_IPV6_V6ONLY) != 0) 948 continue; 949 } 950 if (IN6_IS_ADDR_UNSPECIFIED(laddr6)) 951 wildcard++; 952 else { 953 if (!IN6_ARE_ADDR_EQUAL(&in6p->in6p_laddr, 954 laddr6)) 955 continue; 956 } 957 } 958 if (wildcard && !lookup_wildcard) 959 continue; 960 if (wildcard < matchwild) { 961 match = in6p; 962 matchwild = wildcard; 963 if (matchwild == 0) 964 break; 965 } 966 } 967 return (match); 968 } 969 #undef continue 970 971 /* 972 * WARNING: return value (rtentry) could be IPv4 one if in6pcb is connected to 973 * IPv4 mapped address. 974 */ 975 struct rtentry * 976 in6_pcbrtentry(struct in6pcb *in6p) 977 { 978 struct rtentry *rt; 979 struct route *ro; 980 union { 981 const struct sockaddr *sa; 982 const struct sockaddr_in6 *sa6; 983 #ifdef INET 984 const struct sockaddr_in *sa4; 985 #endif 986 } cdst; 987 988 ro = &in6p->in6p_route; 989 990 if (in6p->in6p_af != AF_INET6) 991 return (NULL); 992 993 cdst.sa = rtcache_getdst(ro); 994 if (cdst.sa == NULL) 995 ; 996 #ifdef INET 997 else if (cdst.sa->sa_family == AF_INET) { 998 KASSERT(IN6_IS_ADDR_V4MAPPED(&in6p->in6p_faddr)); 999 if (cdst.sa4->sin_addr.s_addr != in6p->in6p_faddr.s6_addr32[3]) 1000 rtcache_free(ro); 1001 } 1002 #endif 1003 else { 1004 if (!IN6_ARE_ADDR_EQUAL(&cdst.sa6->sin6_addr, 1005 &in6p->in6p_faddr)) 1006 rtcache_free(ro); 1007 } 1008 if ((rt = rtcache_validate(ro)) == NULL) 1009 rt = rtcache_update(ro, 1); 1010 #ifdef INET 1011 if (rt == NULL && IN6_IS_ADDR_V4MAPPED(&in6p->in6p_faddr)) { 1012 union { 1013 struct sockaddr dst; 1014 struct sockaddr_in dst4; 1015 } u; 1016 struct in_addr addr; 1017 1018 addr.s_addr = in6p->in6p_faddr.s6_addr32[3]; 1019 1020 sockaddr_in_init(&u.dst4, &addr, 0); 1021 rtcache_setdst(ro, &u.dst); 1022 1023 rt = rtcache_init(ro); 1024 } else 1025 #endif 1026 if (rt == NULL && !IN6_IS_ADDR_UNSPECIFIED(&in6p->in6p_faddr)) { 1027 union { 1028 struct sockaddr dst; 1029 struct sockaddr_in6 dst6; 1030 } u; 1031 1032 sockaddr_in6_init(&u.dst6, &in6p->in6p_faddr, 0, 0, 0); 1033 rtcache_setdst(ro, &u.dst); 1034 1035 rt = rtcache_init(ro); 1036 } 1037 return rt; 1038 } 1039 1040 struct in6pcb * 1041 in6_pcblookup_connect(struct inpcbtable *table, const struct in6_addr *faddr6, 1042 u_int fport_arg, const struct in6_addr *laddr6, u_int lport_arg, 1043 int faith) 1044 { 1045 struct inpcbhead *head; 1046 struct inpcb_hdr *inph; 1047 struct in6pcb *in6p; 1048 u_int16_t fport = fport_arg, lport = lport_arg; 1049 1050 head = IN6PCBHASH_CONNECT(table, faddr6, fport, laddr6, lport); 1051 LIST_FOREACH(inph, head, inph_hash) { 1052 in6p = (struct in6pcb *)inph; 1053 if (in6p->in6p_af != AF_INET6) 1054 continue; 1055 1056 /* find exact match on both source and dest */ 1057 if (in6p->in6p_fport != fport) 1058 continue; 1059 if (in6p->in6p_lport != lport) 1060 continue; 1061 if (IN6_IS_ADDR_UNSPECIFIED(&in6p->in6p_faddr)) 1062 continue; 1063 if (!IN6_ARE_ADDR_EQUAL(&in6p->in6p_faddr, faddr6)) 1064 continue; 1065 if (IN6_IS_ADDR_UNSPECIFIED(&in6p->in6p_laddr)) 1066 continue; 1067 if (!IN6_ARE_ADDR_EQUAL(&in6p->in6p_laddr, laddr6)) 1068 continue; 1069 if ((IN6_IS_ADDR_V4MAPPED(laddr6) || 1070 IN6_IS_ADDR_V4MAPPED(faddr6)) && 1071 (in6p->in6p_flags & IN6P_IPV6_V6ONLY)) 1072 continue; 1073 return in6p; 1074 } 1075 return NULL; 1076 } 1077 1078 struct in6pcb * 1079 in6_pcblookup_bind(struct inpcbtable *table, const struct in6_addr *laddr6, 1080 u_int lport_arg, int faith) 1081 { 1082 struct inpcbhead *head; 1083 struct inpcb_hdr *inph; 1084 struct in6pcb *in6p; 1085 u_int16_t lport = lport_arg; 1086 #ifdef INET 1087 struct in6_addr zero_mapped; 1088 #endif 1089 1090 head = IN6PCBHASH_BIND(table, laddr6, lport); 1091 LIST_FOREACH(inph, head, inph_hash) { 1092 in6p = (struct in6pcb *)inph; 1093 if (in6p->in6p_af != AF_INET6) 1094 continue; 1095 1096 if (faith && (in6p->in6p_flags & IN6P_FAITH) == 0) 1097 continue; 1098 if (in6p->in6p_fport != 0) 1099 continue; 1100 if (in6p->in6p_lport != lport) 1101 continue; 1102 if (IN6_IS_ADDR_V4MAPPED(laddr6) && 1103 (in6p->in6p_flags & IN6P_IPV6_V6ONLY) != 0) 1104 continue; 1105 if (IN6_ARE_ADDR_EQUAL(&in6p->in6p_laddr, laddr6)) 1106 goto out; 1107 } 1108 #ifdef INET 1109 if (IN6_IS_ADDR_V4MAPPED(laddr6)) { 1110 memset(&zero_mapped, 0, sizeof(zero_mapped)); 1111 zero_mapped.s6_addr16[5] = 0xffff; 1112 head = IN6PCBHASH_BIND(table, &zero_mapped, lport); 1113 LIST_FOREACH(inph, head, inph_hash) { 1114 in6p = (struct in6pcb *)inph; 1115 if (in6p->in6p_af != AF_INET6) 1116 continue; 1117 1118 if (faith && (in6p->in6p_flags & IN6P_FAITH) == 0) 1119 continue; 1120 if (in6p->in6p_fport != 0) 1121 continue; 1122 if (in6p->in6p_lport != lport) 1123 continue; 1124 if ((in6p->in6p_flags & IN6P_IPV6_V6ONLY) != 0) 1125 continue; 1126 if (IN6_ARE_ADDR_EQUAL(&in6p->in6p_laddr, &zero_mapped)) 1127 goto out; 1128 } 1129 } 1130 #endif 1131 head = IN6PCBHASH_BIND(table, &zeroin6_addr, lport); 1132 LIST_FOREACH(inph, head, inph_hash) { 1133 in6p = (struct in6pcb *)inph; 1134 if (in6p->in6p_af != AF_INET6) 1135 continue; 1136 1137 if (faith && (in6p->in6p_flags & IN6P_FAITH) == 0) 1138 continue; 1139 if (in6p->in6p_fport != 0) 1140 continue; 1141 if (in6p->in6p_lport != lport) 1142 continue; 1143 if (IN6_IS_ADDR_V4MAPPED(laddr6) && 1144 (in6p->in6p_flags & IN6P_IPV6_V6ONLY) != 0) 1145 continue; 1146 if (IN6_ARE_ADDR_EQUAL(&in6p->in6p_laddr, &zeroin6_addr)) 1147 goto out; 1148 } 1149 return (NULL); 1150 1151 out: 1152 inph = &in6p->in6p_head; 1153 if (inph != LIST_FIRST(head)) { 1154 LIST_REMOVE(inph, inph_hash); 1155 LIST_INSERT_HEAD(head, inph, inph_hash); 1156 } 1157 return in6p; 1158 } 1159 1160 void 1161 in6_pcbstate(struct in6pcb *in6p, int state) 1162 { 1163 1164 if (in6p->in6p_af != AF_INET6) 1165 return; 1166 1167 if (in6p->in6p_state > IN6P_ATTACHED) 1168 LIST_REMOVE(&in6p->in6p_head, inph_hash); 1169 1170 switch (state) { 1171 case IN6P_BOUND: 1172 LIST_INSERT_HEAD(IN6PCBHASH_BIND(in6p->in6p_table, 1173 &in6p->in6p_laddr, in6p->in6p_lport), &in6p->in6p_head, 1174 inph_hash); 1175 break; 1176 case IN6P_CONNECTED: 1177 LIST_INSERT_HEAD(IN6PCBHASH_CONNECT(in6p->in6p_table, 1178 &in6p->in6p_faddr, in6p->in6p_fport, 1179 &in6p->in6p_laddr, in6p->in6p_lport), &in6p->in6p_head, 1180 inph_hash); 1181 break; 1182 } 1183 1184 in6p->in6p_state = state; 1185 } 1186