1 /* $NetBSD: udp6_usrreq.c,v 1.36 2000/12/09 01:29:50 itojun Exp $ */ 2 /* $KAME: udp6_usrreq.c,v 1.62 2000/10/19 01:11:05 itojun Exp $ */ 3 4 /* 5 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. 6 * All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 1. Redistributions of source code must retain the above copyright 12 * notice, this list of conditions and the following disclaimer. 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 3. Neither the name of the project nor the names of its contributors 17 * may be used to endorse or promote products derived from this software 18 * without specific prior written permission. 19 * 20 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND 21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 23 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 30 * SUCH DAMAGE. 31 */ 32 33 /* 34 * Copyright (c) 1982, 1986, 1989, 1993 35 * The Regents of the University of California. All rights reserved. 36 * 37 * Redistribution and use in source and binary forms, with or without 38 * modification, are permitted provided that the following conditions 39 * are met: 40 * 1. Redistributions of source code must retain the above copyright 41 * notice, this list of conditions and the following disclaimer. 42 * 2. Redistributions in binary form must reproduce the above copyright 43 * notice, this list of conditions and the following disclaimer in the 44 * documentation and/or other materials provided with the distribution. 45 * 3. All advertising materials mentioning features or use of this software 46 * must display the following acknowledgement: 47 * This product includes software developed by the University of 48 * California, Berkeley and its contributors. 49 * 4. Neither the name of the University nor the names of its contributors 50 * may be used to endorse or promote products derived from this software 51 * without specific prior written permission. 52 * 53 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 54 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 55 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 56 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 57 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 58 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 59 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 60 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 61 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 62 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 63 * SUCH DAMAGE. 64 * 65 * @(#)udp_var.h 8.1 (Berkeley) 6/10/93 66 */ 67 68 #include "opt_ipsec.h" 69 70 #include <sys/param.h> 71 #include <sys/malloc.h> 72 #include <sys/mbuf.h> 73 #include <sys/protosw.h> 74 #include <sys/socket.h> 75 #include <sys/socketvar.h> 76 #include <sys/errno.h> 77 #include <sys/stat.h> 78 #include <sys/systm.h> 79 #include <sys/proc.h> 80 #include <sys/syslog.h> 81 82 #include <net/if.h> 83 #include <net/route.h> 84 #include <net/if_types.h> 85 86 #include <netinet/in.h> 87 #include <netinet/in_var.h> 88 #include <netinet/in_systm.h> 89 #include <netinet/ip.h> 90 #include <netinet/ip_var.h> 91 #include <netinet/in_pcb.h> 92 #include <netinet/udp.h> 93 #include <netinet/udp_var.h> 94 #include <netinet/ip6.h> 95 #include <netinet6/ip6_var.h> 96 #include <netinet6/in6_pcb.h> 97 #include <netinet/icmp6.h> 98 #include <netinet6/udp6_var.h> 99 #include <netinet6/ip6protosw.h> 100 101 #ifdef IPSEC 102 #include <netinet6/ipsec.h> 103 #endif /*IPSEC*/ 104 105 #include "faith.h" 106 107 /* 108 * UDP protocol inplementation. 109 * Per RFC 768, August, 1980. 110 */ 111 112 struct in6pcb *udp6_last_in6pcb = &udb6; 113 114 #ifdef UDP6 115 static int in6_mcmatch __P((struct in6pcb *, struct in6_addr *, struct ifnet *)); 116 #endif 117 static void udp6_detach __P((struct in6pcb *)); 118 static void udp6_notify __P((struct in6pcb *, int)); 119 120 void 121 udp6_init() 122 { 123 udb6.in6p_next = udb6.in6p_prev = &udb6; 124 } 125 126 #ifdef UDP6 127 static int 128 in6_mcmatch(in6p, ia6, ifp) 129 struct in6pcb *in6p; 130 register struct in6_addr *ia6; 131 struct ifnet *ifp; 132 { 133 struct ip6_moptions *im6o = in6p->in6p_moptions; 134 struct in6_multi_mship *imm; 135 136 if (im6o == NULL) 137 return 0; 138 139 for (imm = im6o->im6o_memberships.lh_first; imm != NULL; 140 imm = imm->i6mm_chain.le_next) { 141 if ((ifp == NULL || 142 imm->i6mm_maddr->in6m_ifp == ifp) && 143 IN6_ARE_ADDR_EQUAL(&imm->i6mm_maddr->in6m_addr, 144 ia6)) 145 return 1; 146 } 147 return 0; 148 } 149 150 int 151 udp6_input(mp, offp, proto) 152 struct mbuf **mp; 153 int *offp, proto; 154 { 155 struct mbuf *m = *mp; 156 register struct ip6_hdr *ip6; 157 register struct udphdr *uh; 158 register struct in6pcb *in6p; 159 struct mbuf *opts = 0; 160 int off = *offp; 161 u_int32_t plen, ulen; 162 struct sockaddr_in6 udp_in6; 163 164 #if defined(NFAITH) && 0 < NFAITH 165 if (m->m_pkthdr.rcvif) { 166 if (m->m_pkthdr.rcvif->if_type == IFT_FAITH) { 167 /* send icmp6 host unreach? */ 168 m_freem(m); 169 return IPPROTO_DONE; 170 } 171 } 172 #endif 173 udp6stat.udp6s_ipackets++; 174 175 ip6 = mtod(m, struct ip6_hdr *); 176 /* check for jumbogram is done in ip6_input. we can trust pkthdr.len */ 177 plen = m->m_pkthdr.len - off; 178 #ifndef PULLDOWN_TEST 179 IP6_EXTHDR_CHECK(m, off, sizeof(struct udphdr), IPPROTO_DONE); 180 uh = (struct udphdr *)((caddr_t)ip6 + off); 181 #else 182 IP6_EXTHDR_GET(uh, struct udphdr *, m, off, sizeof(struct udphdr)); 183 if (uh == NULL) { 184 udp6stat.udp6s_hdrops++; 185 return IPPROTO_DONE; 186 } 187 #endif 188 ulen = ntohs((u_short)uh->uh_ulen); 189 /* 190 * RFC2675 section 4: jumbograms will have 0 in the UDP header field, 191 * iff payload length > 0xffff. 192 */ 193 if (ulen == 0 && plen > 0xffff) 194 ulen = plen; 195 196 if (plen != ulen) { 197 udp6stat.udp6s_badlen++; 198 goto bad; 199 } 200 201 /* destination port of 0 is illegal, based on RFC768. */ 202 if (uh->uh_dport == 0) 203 goto bad; 204 205 /* Be proactive about malicious use of IPv4 mapped address */ 206 if (IN6_IS_ADDR_V4MAPPED(&ip6->ip6_src) || 207 IN6_IS_ADDR_V4MAPPED(&ip6->ip6_dst)) { 208 /* XXX stat */ 209 goto bad; 210 } 211 212 /* 213 * Checksum extended UDP header and data. 214 */ 215 if (uh->uh_sum == 0) 216 udp6stat.udp6s_nosum++; 217 else if (in6_cksum(m, IPPROTO_UDP, off, ulen) != 0) { 218 udp6stat.udp6s_badsum++; 219 goto bad; 220 } 221 222 if (IN6_IS_ADDR_MULTICAST(&ip6->ip6_dst)) { 223 struct in6pcb *last; 224 225 /* 226 * Deliver a multicast datagram to all sockets 227 * for which the local and remote addresses and ports match 228 * those of the incoming datagram. This allows more than 229 * one process to receive multicasts on the same port. 230 * (This really ought to be done for unicast datagrams as 231 * well, but that would cause problems with existing 232 * applications that open both address-specific sockets and 233 * a wildcard socket listening to the same port -- they would 234 * end up receiving duplicates of every unicast datagram. 235 * Those applications open the multiple sockets to overcome an 236 * inadequacy of the UDP socket interface, but for backwards 237 * compatibility we avoid the problem here rather than 238 * fixing the interface. Maybe 4.5BSD will remedy this?) 239 */ 240 241 /* 242 * In a case that laddr should be set to the link-local 243 * address (this happens in RIPng), the multicast address 244 * specified in the received packet does not match with 245 * laddr. To cure this situation, the matching is relaxed 246 * if the receiving interface is the same as one specified 247 * in the socket and if the destination multicast address 248 * matches one of the multicast groups specified in the socket. 249 */ 250 251 /* 252 * Construct sockaddr format source address. 253 */ 254 bzero(&udp_in6, sizeof(udp_in6)); 255 udp_in6.sin6_len = sizeof(struct sockaddr_in6); 256 udp_in6.sin6_family = AF_INET6; 257 udp_in6.sin6_port = uh->uh_sport; 258 #if 0 /*XXX inbound flowinfo */ 259 udp_in6.sin6_flowinfo = ip6->ip6_flow & IPV6_FLOWINFO_MASK; 260 #endif 261 /* KAME hack: recover scopeid */ 262 (void)in6_recoverscope(&udp_in6, &ip6->ip6_src, 263 m->m_pkthdr.rcvif); 264 265 /* 266 * KAME note: usually we drop udphdr from mbuf here. 267 * We need udphdr for IPsec processing so we do that later. 268 */ 269 270 /* 271 * Locate pcb(s) for datagram. 272 * (Algorithm copied from raw_intr().) 273 */ 274 last = NULL; 275 for (in6p = udb6.in6p_next; 276 in6p != &udb6; 277 in6p = in6p->in6p_next) { 278 if (in6p->in6p_lport != uh->uh_dport) 279 continue; 280 if (!IN6_IS_ADDR_UNSPECIFIED(&in6p->in6p_laddr)) { 281 if (!IN6_ARE_ADDR_EQUAL(&in6p->in6p_laddr, 282 &ip6->ip6_dst) && 283 !in6_mcmatch(in6p, &ip6->ip6_dst, 284 m->m_pkthdr.rcvif)) 285 continue; 286 } 287 if (!IN6_IS_ADDR_UNSPECIFIED(&in6p->in6p_faddr)) { 288 if (!IN6_ARE_ADDR_EQUAL(&in6p->in6p_faddr, 289 &ip6->ip6_src) || 290 in6p->in6p_fport != uh->uh_sport) 291 continue; 292 } 293 294 if (last != NULL) { 295 struct mbuf *n; 296 297 #ifdef IPSEC 298 /* 299 * Check AH/ESP integrity. 300 */ 301 if (ipsec6_in_reject(m, last)) { 302 ipsec6stat.in_polvio++; 303 /* do not inject data into pcb */ 304 } else 305 #endif /*IPSEC*/ 306 if ((n = m_copy(m, 0, M_COPYALL)) != NULL) { 307 /* 308 * KAME NOTE: do not 309 * m_copy(m, offset, ...) above. 310 * sbappendaddr() expects M_PKTHDR, 311 * and m_copy() will copy M_PKTHDR 312 * only if offset is 0. 313 */ 314 if (last->in6p_flags & IN6P_CONTROLOPTS 315 || last->in6p_socket->so_options & SO_TIMESTAMP) { 316 ip6_savecontrol(last, &opts, 317 ip6, n); 318 } 319 320 m_adj(n, off + sizeof(struct udphdr)); 321 if (sbappendaddr(&last->in6p_socket->so_rcv, 322 (struct sockaddr *)&udp_in6, 323 n, opts) == 0) { 324 m_freem(n); 325 if (opts) 326 m_freem(opts); 327 udp6stat.udp6s_fullsock++; 328 } else 329 sorwakeup(last->in6p_socket); 330 opts = 0; 331 } 332 } 333 last = in6p; 334 /* 335 * Don't look for additional matches if this one does 336 * not have either the SO_REUSEPORT or SO_REUSEADDR 337 * socket options set. This heuristic avoids searching 338 * through all pcbs in the common case of a non-shared 339 * port. It assumes that an application will never 340 * clear these options after setting them. 341 */ 342 if ((last->in6p_socket->so_options & 343 (SO_REUSEPORT|SO_REUSEADDR)) == 0) 344 break; 345 } 346 347 if (last == NULL) { 348 /* 349 * No matching pcb found; discard datagram. 350 * (No need to send an ICMP Port Unreachable 351 * for a broadcast or multicast datgram.) 352 */ 353 udp6stat.udp6s_noport++; 354 udp6stat.udp6s_noportmcast++; 355 goto bad; 356 } 357 #ifdef IPSEC 358 /* 359 * Check AH/ESP integrity. 360 */ 361 if (last != NULL && ipsec6_in_reject(m, last)) { 362 ipsec6stat.in_polvio++; 363 goto bad; 364 } 365 #endif /*IPSEC*/ 366 if (last->in6p_flags & IN6P_CONTROLOPTS 367 || last->in6p_socket->so_options & SO_TIMESTAMP) { 368 ip6_savecontrol(last, &opts, ip6, m); 369 } 370 371 m_adj(m, off + sizeof(struct udphdr)); 372 if (sbappendaddr(&last->in6p_socket->so_rcv, 373 (struct sockaddr *)&udp_in6, 374 m, opts) == 0) { 375 udp6stat.udp6s_fullsock++; 376 goto bad; 377 } 378 sorwakeup(last->in6p_socket); 379 return IPPROTO_DONE; 380 } 381 /* 382 * Locate pcb for datagram. 383 */ 384 in6p = udp6_last_in6pcb; 385 if (in6p->in6p_lport != uh->uh_dport || 386 in6p->in6p_fport != uh->uh_sport || 387 !IN6_ARE_ADDR_EQUAL(&in6p->in6p_faddr, &ip6->ip6_src) || 388 !IN6_ARE_ADDR_EQUAL(&in6p->in6p_laddr, &ip6->ip6_dst)) { 389 in6p = in6_pcblookup(&udb6, 390 &ip6->ip6_src, uh->uh_sport, 391 &ip6->ip6_dst, uh->uh_dport, 392 IN6PLOOKUP_WILDCARD); 393 if (in6p) 394 udp6_last_in6pcb = in6p; 395 udp6stat.udp6ps_pcbcachemiss++; 396 } 397 if (in6p == 0) { 398 udp6stat.udp6s_noport++; 399 if (m->m_flags & M_MCAST) { 400 printf("UDP6: M_MCAST is set in a unicast packet.\n"); 401 udp6stat.udp6s_noportmcast++; 402 goto bad; 403 } 404 icmp6_error(m, ICMP6_DST_UNREACH, ICMP6_DST_UNREACH_NOPORT, 0); 405 return IPPROTO_DONE; 406 } 407 #ifdef IPSEC 408 /* 409 * Check AH/ESP integrity. 410 */ 411 if (in6p != NULL && ipsec6_in_reject(m, in6p)) { 412 ipsec6stat.in_polvio++; 413 goto bad; 414 } 415 #endif /*IPSEC*/ 416 417 /* 418 * Construct sockaddr format source address. 419 * Stuff source address and datagram in user buffer. 420 */ 421 bzero(&udp_in6, sizeof(udp_in6)); 422 udp_in6.sin6_len = sizeof(struct sockaddr_in6); 423 udp_in6.sin6_family = AF_INET6; 424 udp_in6.sin6_port = uh->uh_sport; 425 /* KAME hack: recover scopeid */ 426 (void)in6_recoverscope(&udp_in6, &ip6->ip6_src, m->m_pkthdr.rcvif); 427 if (in6p->in6p_flags & IN6P_CONTROLOPTS 428 || in6p->in6p_socket->so_options & SO_TIMESTAMP) { 429 ip6_savecontrol(in6p, &opts, ip6, m); 430 } 431 432 m_adj(m, off + sizeof(struct udphdr)); 433 if (sbappendaddr(&in6p->in6p_socket->so_rcv, 434 (struct sockaddr *)&udp_in6, 435 m, opts) == 0) { 436 udp6stat.udp6s_fullsock++; 437 goto bad; 438 } 439 sorwakeup(in6p->in6p_socket); 440 return IPPROTO_DONE; 441 bad: 442 if (m) 443 m_freem(m); 444 if (opts) 445 m_freem(opts); 446 return IPPROTO_DONE; 447 } 448 #endif 449 450 /* 451 * Notify a udp user of an asynchronous error; 452 * just wake up so that he can collect error status. 453 */ 454 static void 455 udp6_notify(in6p, errno) 456 register struct in6pcb *in6p; 457 int errno; 458 { 459 in6p->in6p_socket->so_error = errno; 460 sorwakeup(in6p->in6p_socket); 461 sowwakeup(in6p->in6p_socket); 462 } 463 464 void 465 udp6_ctlinput(cmd, sa, d) 466 int cmd; 467 struct sockaddr *sa; 468 void *d; 469 { 470 register struct udphdr *uhp; 471 struct udphdr uh; 472 struct sockaddr_in6 sa6; 473 register struct ip6_hdr *ip6; 474 struct mbuf *m; 475 int off; 476 struct in6_addr s; 477 struct in6_addr finaldst; 478 void (*notify) __P((struct in6pcb *, int)) = udp6_notify; 479 480 if (sa->sa_family != AF_INET6 || 481 sa->sa_len != sizeof(struct sockaddr_in6)) 482 return; 483 484 if ((unsigned)cmd >= PRC_NCMDS) 485 return; 486 if (PRC_IS_REDIRECT(cmd)) 487 notify = in6_rtchange, d = NULL; 488 else if (cmd == PRC_HOSTDEAD) 489 d = NULL; 490 else if (cmd == PRC_MSGSIZE) 491 ; /* special code is present, see below */ 492 else if (inet6ctlerrmap[cmd] == 0) 493 return; 494 495 /* if the parameter is from icmp6, decode it. */ 496 if (d != NULL) { 497 struct ip6ctlparam *ip6cp = (struct ip6ctlparam *)d; 498 m = ip6cp->ip6c_m; 499 ip6 = ip6cp->ip6c_ip6; 500 off = ip6cp->ip6c_off; 501 502 /* translate addresses into internal form */ 503 bcopy(ip6cp->ip6c_finaldst, &finaldst, sizeof(finaldst)); 504 if (IN6_IS_ADDR_LINKLOCAL(&finaldst)) { 505 finaldst.s6_addr16[1] = 506 htons(m->m_pkthdr.rcvif->if_index); 507 } 508 bcopy(&ip6->ip6_src, &s, sizeof(s)); 509 if (IN6_IS_ADDR_LINKLOCAL(&s)) 510 s.s6_addr16[1] = htons(m->m_pkthdr.rcvif->if_index); 511 } else { 512 m = NULL; 513 ip6 = NULL; 514 } 515 516 /* translate addresses into internal form */ 517 sa6 = *(struct sockaddr_in6 *)sa; 518 if (IN6_IS_ADDR_LINKLOCAL(&sa6.sin6_addr) && m && m->m_pkthdr.rcvif) 519 sa6.sin6_addr.s6_addr16[1] = htons(m->m_pkthdr.rcvif->if_index); 520 521 if (ip6) { 522 /* 523 * XXX: We assume that when IPV6 is non NULL, 524 * M and OFF are valid. 525 */ 526 527 /* check if we can safely examine src and dst ports */ 528 if (m->m_pkthdr.len < off + sizeof(uh)) 529 return; 530 531 if (m->m_len < off + sizeof(uh)) { 532 /* 533 * this should be rare case, 534 * so we compromise on this copy... 535 */ 536 m_copydata(m, off, sizeof(uh), (caddr_t)&uh); 537 uhp = &uh; 538 } else 539 uhp = (struct udphdr *)(mtod(m, caddr_t) + off); 540 541 if (cmd == PRC_MSGSIZE) { 542 int valid = 0; 543 /* 544 * Check to see if we have a valid UDP socket 545 * corresponding to the address in the ICMPv6 message 546 * payload. 547 */ 548 if (in6_pcblookup_connect(&udb6, &finaldst, 549 uhp->uh_dport, &s, uhp->uh_sport, 0)) 550 valid++; 551 #if 0 552 /* 553 * As the use of sendto(2) is fairly popular, 554 * we may want to allow non-connected pcb too. 555 * But it could be too weak against attacks... 556 * We should at least check if the local address (= s) 557 * is really ours. 558 */ 559 else if (in6_pcblookup_bind(&udb6, &finaldst, 560 uhp->uh_dport, 0)) 561 valid++; 562 #endif 563 564 /* 565 * Now that we've validated that we are actually 566 * communicating with the host indicated in the ICMPv6 567 * message, recalculate the new MTU, and create the 568 * corresponding routing entry. 569 */ 570 icmp6_mtudisc_update((struct ip6ctlparam *)d, valid); 571 572 return; 573 } 574 575 (void) in6_pcbnotify(&udb6, (struct sockaddr *)&sa6, 576 uhp->uh_dport, &s, 577 uhp->uh_sport, cmd, notify); 578 } else { 579 (void) in6_pcbnotify(&udb6, (struct sockaddr *)&sa6, 0, 580 &zeroin6_addr, 0, cmd, notify); 581 } 582 } 583 584 int 585 udp6_output(in6p, m, addr6, control, p) 586 register struct in6pcb *in6p; 587 register struct mbuf *m; 588 struct mbuf *addr6, *control; 589 struct proc *p; 590 { 591 register u_int32_t ulen = m->m_pkthdr.len; 592 u_int32_t plen = sizeof(struct udphdr) + ulen; 593 struct ip6_hdr *ip6; 594 struct udphdr *udp6; 595 struct in6_addr *laddr, *faddr; 596 u_short fport; 597 int error = 0; 598 struct ip6_pktopts opt, *stickyopt = in6p->in6p_outputopts; 599 int priv; 600 int af, hlen; 601 #ifdef INET 602 struct ip *ip; 603 #endif 604 struct sockaddr_in6 tmp; 605 606 priv = 0; 607 if (p && !suser(p->p_ucred, &p->p_acflag)) 608 priv = 1; 609 if (control) { 610 if ((error = ip6_setpktoptions(control, &opt, priv)) != 0) 611 goto release; 612 in6p->in6p_outputopts = &opt; 613 } 614 615 if (addr6) { 616 /* 617 * IPv4 version of udp_output calls in_pcbconnect in this case, 618 * which needs splnet and affects performance. 619 * Since we saw no essential reason for calling in_pcbconnect, 620 * we get rid of such kind of logic, and call in6_selectsrc 621 * and In6_pcbsetport in order to fill in the local address 622 * and the local port. 623 */ 624 struct sockaddr_in6 *sin6 = mtod(addr6, struct sockaddr_in6 *); 625 626 if (addr6->m_len != sizeof(*sin6)) { 627 error = EINVAL; 628 goto release; 629 } 630 if (sin6->sin6_family != AF_INET6) { 631 error = EAFNOSUPPORT; 632 goto release; 633 } 634 if (sin6->sin6_port == 0) { 635 error = EADDRNOTAVAIL; 636 goto release; 637 } 638 639 if (!IN6_IS_ADDR_UNSPECIFIED(&in6p->in6p_faddr)) { 640 error = EISCONN; 641 goto release; 642 } 643 644 /* protect *sin6 from overwrites */ 645 tmp = *sin6; 646 sin6 = &tmp; 647 648 faddr = &sin6->sin6_addr; 649 fport = sin6->sin6_port; /* allow 0 port */ 650 651 /* KAME hack: embed scopeid */ 652 if (in6_embedscope(&sin6->sin6_addr, sin6, in6p, NULL) != 0) { 653 error = EINVAL; 654 goto release; 655 } 656 657 if (!IN6_IS_ADDR_V4MAPPED(faddr)) { 658 laddr = in6_selectsrc(sin6, in6p->in6p_outputopts, 659 in6p->in6p_moptions, 660 &in6p->in6p_route, 661 &in6p->in6p_laddr, &error); 662 } else 663 laddr = &in6p->in6p_laddr; /*XXX*/ 664 if (laddr == NULL) { 665 if (error == 0) 666 error = EADDRNOTAVAIL; 667 goto release; 668 } 669 if (in6p->in6p_lport == 0 && 670 (error = in6_pcbsetport(laddr, in6p)) != 0) 671 goto release; 672 } else { 673 if (IN6_IS_ADDR_UNSPECIFIED(&in6p->in6p_faddr)) { 674 error = ENOTCONN; 675 goto release; 676 } 677 laddr = &in6p->in6p_laddr; 678 faddr = &in6p->in6p_faddr; 679 fport = in6p->in6p_fport; 680 } 681 682 if (!IN6_IS_ADDR_V4MAPPED(faddr)) { 683 af = AF_INET6; 684 hlen = sizeof(struct ip6_hdr); 685 } else { 686 af = AF_INET; 687 hlen = sizeof(struct ip); 688 } 689 690 /* 691 * Calculate data length and get a mbuf 692 * for UDP and IP6 headers. 693 */ 694 M_PREPEND(m, hlen + sizeof(struct udphdr), M_DONTWAIT); 695 if (m == 0) { 696 error = ENOBUFS; 697 goto release; 698 } 699 700 /* 701 * Stuff checksum and output datagram. 702 */ 703 udp6 = (struct udphdr *)(mtod(m, caddr_t) + hlen); 704 udp6->uh_sport = in6p->in6p_lport; /* lport is always set in the PCB */ 705 udp6->uh_dport = fport; 706 if (plen <= 0xffff) 707 udp6->uh_ulen = htons((u_short)plen); 708 else 709 udp6->uh_ulen = 0; 710 udp6->uh_sum = 0; 711 712 switch (af) { 713 case AF_INET6: 714 ip6 = mtod(m, struct ip6_hdr *); 715 ip6->ip6_flow = in6p->in6p_flowinfo & IPV6_FLOWINFO_MASK; 716 ip6->ip6_vfc &= ~IPV6_VERSION_MASK; 717 ip6->ip6_vfc |= IPV6_VERSION; 718 #if 0 /* ip6_plen will be filled in ip6_output. */ 719 ip6->ip6_plen = htons((u_short)plen); 720 #endif 721 ip6->ip6_nxt = IPPROTO_UDP; 722 ip6->ip6_hlim = in6_selecthlim(in6p, 723 in6p->in6p_route.ro_rt ? 724 in6p->in6p_route.ro_rt->rt_ifp : NULL); 725 ip6->ip6_src = *laddr; 726 ip6->ip6_dst = *faddr; 727 728 if ((udp6->uh_sum = in6_cksum(m, IPPROTO_UDP, 729 sizeof(struct ip6_hdr), plen)) == 0) { 730 udp6->uh_sum = 0xffff; 731 } 732 733 udp6stat.udp6s_opackets++; 734 #ifdef IPSEC 735 ipsec_setsocket(m, in6p->in6p_socket); 736 #endif /*IPSEC*/ 737 error = ip6_output(m, in6p->in6p_outputopts, &in6p->in6p_route, 738 0, in6p->in6p_moptions, NULL); 739 break; 740 case AF_INET: 741 #ifdef INET 742 /* can't transmit jumbogram over IPv4 */ 743 if (plen > 0xffff) { 744 error = EMSGSIZE; 745 goto release; 746 } 747 748 ip = mtod(m, struct ip *); 749 750 ip->ip_len = plen; 751 ip->ip_p = IPPROTO_UDP; 752 ip->ip_ttl = in6_selecthlim(in6p, NULL); /*XXX*/ 753 ip->ip_tos = 0; /*XXX*/ 754 bcopy(&laddr->s6_addr[12], &ip->ip_src, sizeof(ip->ip_src)); 755 bcopy(&faddr->s6_addr[12], &ip->ip_dst, sizeof(ip->ip_dst)); 756 757 udp6->uh_sum = 0; 758 if ((udp6->uh_sum = in_cksum(m, ulen)) == 0) 759 udp6->uh_sum = 0xffff; 760 761 udpstat.udps_opackets++; 762 #ifdef IPSEC 763 ipsec_setsocket(m, NULL); /*XXX*/ 764 #endif /*IPSEC*/ 765 error = ip_output(m, NULL, &in6p->in6p_route, 0 /*XXX*/); 766 break; 767 #else 768 error = EAFNOSUPPORT; 769 goto release; 770 #endif 771 } 772 goto releaseopt; 773 774 release: 775 m_freem(m); 776 777 releaseopt: 778 if (control) { 779 in6p->in6p_outputopts = stickyopt; 780 m_freem(control); 781 } 782 return(error); 783 } 784 785 extern int udp6_sendspace; 786 extern int udp6_recvspace; 787 788 int 789 udp6_usrreq(so, req, m, addr6, control, p) 790 struct socket *so; 791 int req; 792 struct mbuf *m, *addr6, *control; 793 struct proc *p; 794 { 795 struct in6pcb *in6p = sotoin6pcb(so); 796 int error = 0; 797 int s; 798 799 /* 800 * MAPPED_ADDR implementation info: 801 * Mapped addr support for PRU_CONTROL is not necessary. 802 * Because typical user of PRU_CONTROL is such as ifconfig, 803 * and they don't associate any addr to their socket. Then 804 * socket family is only hint about the PRU_CONTROL'ed address 805 * family, especially when getting addrs from kernel. 806 * So AF_INET socket need to be used to control AF_INET addrs, 807 * and AF_INET6 socket for AF_INET6 addrs. 808 */ 809 if (req == PRU_CONTROL) 810 return(in6_control(so, (u_long)m, (caddr_t)addr6, 811 (struct ifnet *)control, p)); 812 813 if (req == PRU_PURGEIF) { 814 in6_purgeif((struct ifnet *)control); 815 in6_pcbpurgeif(&udb6, (struct ifnet *)control); 816 return (0); 817 } 818 819 if (in6p == NULL && req != PRU_ATTACH) { 820 error = EINVAL; 821 goto release; 822 } 823 824 switch (req) { 825 case PRU_ATTACH: 826 /* 827 * MAPPED_ADDR implementation spec: 828 * Always attach for IPv6, 829 * and only when necessary for IPv4. 830 */ 831 if (in6p != NULL) { 832 error = EINVAL; 833 break; 834 } 835 s = splsoftnet(); 836 error = in6_pcballoc(so, &udb6); 837 splx(s); 838 if (error) 839 break; 840 error = soreserve(so, udp6_sendspace, udp6_recvspace); 841 if (error) 842 break; 843 in6p = sotoin6pcb(so); 844 in6p->in6p_cksum = -1; /* just to be sure */ 845 #ifdef IPSEC 846 error = ipsec_init_policy(so, &in6p->in6p_sp); 847 if (error != 0) { 848 in6_pcbdetach(in6p); 849 break; 850 } 851 #endif /*IPSEC*/ 852 break; 853 854 case PRU_DETACH: 855 udp6_detach(in6p); 856 break; 857 858 case PRU_BIND: 859 s = splsoftnet(); 860 error = in6_pcbbind(in6p, addr6, p); 861 splx(s); 862 break; 863 864 case PRU_LISTEN: 865 error = EOPNOTSUPP; 866 break; 867 868 case PRU_CONNECT: 869 if (!IN6_IS_ADDR_UNSPECIFIED(&in6p->in6p_faddr)) { 870 error = EISCONN; 871 break; 872 } 873 s = splsoftnet(); 874 error = in6_pcbconnect(in6p, addr6); 875 if (ip6_auto_flowlabel) { 876 in6p->in6p_flowinfo &= ~IPV6_FLOWLABEL_MASK; 877 in6p->in6p_flowinfo |= 878 (htonl(ip6_flow_seq++) & IPV6_FLOWLABEL_MASK); 879 } 880 splx(s); 881 if (error == 0) 882 soisconnected(so); 883 break; 884 885 case PRU_CONNECT2: 886 error = EOPNOTSUPP; 887 break; 888 889 case PRU_ACCEPT: 890 error = EOPNOTSUPP; 891 break; 892 893 case PRU_DISCONNECT: 894 if (IN6_IS_ADDR_UNSPECIFIED(&in6p->in6p_faddr)) { 895 error = ENOTCONN; 896 break; 897 } 898 s = splsoftnet(); 899 in6_pcbdisconnect(in6p); 900 bzero((caddr_t)&in6p->in6p_laddr, sizeof(in6p->in6p_laddr)); 901 splx(s); 902 so->so_state &= ~SS_ISCONNECTED; /* XXX */ 903 break; 904 905 case PRU_SHUTDOWN: 906 socantsendmore(so); 907 break; 908 909 case PRU_SEND: 910 return(udp6_output(in6p, m, addr6, control, p)); 911 912 case PRU_ABORT: 913 soisdisconnected(so); 914 udp6_detach(in6p); 915 break; 916 917 case PRU_SOCKADDR: 918 in6_setsockaddr(in6p, addr6); 919 break; 920 921 case PRU_PEERADDR: 922 in6_setpeeraddr(in6p, addr6); 923 break; 924 925 case PRU_SENSE: 926 /* 927 * stat: don't bother with a blocksize 928 */ 929 return(0); 930 931 case PRU_SENDOOB: 932 case PRU_FASTTIMO: 933 case PRU_SLOWTIMO: 934 case PRU_PROTORCV: 935 case PRU_PROTOSEND: 936 error = EOPNOTSUPP; 937 break; 938 939 case PRU_RCVD: 940 case PRU_RCVOOB: 941 return(EOPNOTSUPP); /* do not free mbuf's */ 942 943 default: 944 panic("udp6_usrreq"); 945 } 946 947 release: 948 if (control) { 949 printf("udp control data unexpectedly retained\n"); 950 m_freem(control); 951 } 952 if (m) 953 m_freem(m); 954 return(error); 955 } 956 957 static void 958 udp6_detach(in6p) 959 struct in6pcb *in6p; 960 { 961 int s = splsoftnet(); 962 963 if (in6p == udp6_last_in6pcb) 964 udp6_last_in6pcb = &udb6; 965 in6_pcbdetach(in6p); 966 splx(s); 967 } 968 969 #include <uvm/uvm_extern.h> 970 #include <sys/sysctl.h> 971 972 int 973 udp6_sysctl(name, namelen, oldp, oldlenp, newp, newlen) 974 int *name; 975 u_int namelen; 976 void *oldp; 977 size_t *oldlenp; 978 void *newp; 979 size_t newlen; 980 { 981 /* All sysctl names at this level are terminal. */ 982 if (namelen != 1) 983 return ENOTDIR; 984 985 switch (name[0]) { 986 987 case UDP6CTL_SENDSPACE: 988 return sysctl_int(oldp, oldlenp, newp, newlen, 989 &udp6_sendspace); 990 case UDP6CTL_RECVSPACE: 991 return sysctl_int(oldp, oldlenp, newp, newlen, 992 &udp6_recvspace); 993 default: 994 return ENOPROTOOPT; 995 } 996 /* NOTREACHED */ 997 } 998