1 /* $OpenBSD: in_pcb.c,v 1.268 2022/06/28 09:32:27 bluhm Exp $ */ 2 /* $NetBSD: in_pcb.c,v 1.25 1996/02/13 23:41:53 christos Exp $ */ 3 4 /* 5 * Copyright (c) 1982, 1986, 1991, 1993 6 * The Regents of the University of California. All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 1. Redistributions of source code must retain the above copyright 12 * notice, this list of conditions and the following disclaimer. 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 3. Neither the name of the University nor the names of its contributors 17 * may be used to endorse or promote products derived from this software 18 * without specific prior written permission. 19 * 20 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 23 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 30 * SUCH DAMAGE. 31 * 32 * @(#)COPYRIGHT 1.1 (NRL) 17 January 1995 33 * 34 * NRL grants permission for redistribution and use in source and binary 35 * forms, with or without modification, of the software and documentation 36 * created at NRL provided that the following conditions are met: 37 * 38 * 1. Redistributions of source code must retain the above copyright 39 * notice, this list of conditions and the following disclaimer. 40 * 2. Redistributions in binary form must reproduce the above copyright 41 * notice, this list of conditions and the following disclaimer in the 42 * documentation and/or other materials provided with the distribution. 43 * 3. All advertising materials mentioning features or use of this software 44 * must display the following acknowledgements: 45 * This product includes software developed by the University of 46 * California, Berkeley and its contributors. 47 * This product includes software developed at the Information 48 * Technology Division, US Naval Research Laboratory. 49 * 4. Neither the name of the NRL nor the names of its contributors 50 * may be used to endorse or promote products derived from this software 51 * without specific prior written permission. 52 * 53 * THE SOFTWARE PROVIDED BY NRL IS PROVIDED BY NRL AND CONTRIBUTORS ``AS 54 * IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 55 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A 56 * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL NRL OR 57 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, 58 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, 59 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR 60 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF 61 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 62 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 63 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 64 * 65 * The views and conclusions contained in the software and documentation 66 * are those of the authors and should not be interpreted as representing 67 * official policies, either expressed or implied, of the US Naval 68 * Research Laboratory (NRL). 69 */ 70 71 #include "pf.h" 72 73 #include <sys/param.h> 74 #include <sys/systm.h> 75 #include <sys/mbuf.h> 76 #include <sys/protosw.h> 77 #include <sys/socket.h> 78 #include <sys/socketvar.h> 79 #include <sys/domain.h> 80 #include <sys/mount.h> 81 #include <sys/pool.h> 82 #include <sys/proc.h> 83 84 #include <net/if.h> 85 #include <net/if_var.h> 86 #include <net/pfvar.h> 87 #include <net/route.h> 88 89 #include <netinet/in.h> 90 #include <netinet/in_var.h> 91 #include <netinet/ip.h> 92 #include <netinet/ip_var.h> 93 #include <netinet/in_pcb.h> 94 #ifdef IPSEC 95 #include <netinet/ip_esp.h> 96 #endif /* IPSEC */ 97 98 #include "stoeplitz.h" 99 #if NSTOEPLITZ > 0 100 #include <net/toeplitz.h> 101 #endif 102 103 const struct in_addr zeroin_addr; 104 105 union { 106 struct in_addr za_in; 107 struct in6_addr za_in6; 108 } zeroin46_addr; 109 110 /* 111 * These configure the range of local port addresses assigned to 112 * "unspecified" outgoing connections/packets/whatever. 113 */ 114 int ipport_firstauto = IPPORT_RESERVED; 115 int ipport_lastauto = IPPORT_USERRESERVED; 116 int ipport_hifirstauto = IPPORT_HIFIRSTAUTO; 117 int ipport_hilastauto = IPPORT_HILASTAUTO; 118 119 struct baddynamicports baddynamicports; 120 struct baddynamicports rootonlyports; 121 struct pool inpcb_pool; 122 123 void in_pcbrehash_locked(struct inpcb *); 124 int in_pcbresize(struct inpcbtable *, int); 125 126 #define INPCBHASH_LOADFACTOR(_x) (((_x) * 3) / 4) 127 128 struct inpcbhead *in_pcbhash(struct inpcbtable *, int, 129 const struct in_addr *, u_short, const struct in_addr *, u_short); 130 struct inpcbhead *in_pcblhash(struct inpcbtable *, int, u_short); 131 132 /* 133 * in_pcb is used for inet and inet6. in6_pcb only contains special 134 * IPv6 cases. So the internet initializer is used for both domains. 135 */ 136 void 137 in_init(void) 138 { 139 pool_init(&inpcb_pool, sizeof(struct inpcb), 0, 140 IPL_SOFTNET, 0, "inpcb", NULL); 141 } 142 143 struct inpcbhead * 144 in_pcbhash(struct inpcbtable *table, int rdom, 145 const struct in_addr *faddr, u_short fport, 146 const struct in_addr *laddr, u_short lport) 147 { 148 SIPHASH_CTX ctx; 149 u_int32_t nrdom = htonl(rdom); 150 151 SipHash24_Init(&ctx, &table->inpt_key); 152 SipHash24_Update(&ctx, &nrdom, sizeof(nrdom)); 153 SipHash24_Update(&ctx, faddr, sizeof(*faddr)); 154 SipHash24_Update(&ctx, &fport, sizeof(fport)); 155 SipHash24_Update(&ctx, laddr, sizeof(*laddr)); 156 SipHash24_Update(&ctx, &lport, sizeof(lport)); 157 158 return (&table->inpt_hashtbl[SipHash24_End(&ctx) & table->inpt_mask]); 159 } 160 161 struct inpcbhead * 162 in_pcblhash(struct inpcbtable *table, int rdom, u_short lport) 163 { 164 SIPHASH_CTX ctx; 165 u_int32_t nrdom = htonl(rdom); 166 167 SipHash24_Init(&ctx, &table->inpt_lkey); 168 SipHash24_Update(&ctx, &nrdom, sizeof(nrdom)); 169 SipHash24_Update(&ctx, &lport, sizeof(lport)); 170 171 return (&table->inpt_lhashtbl[SipHash24_End(&ctx) & table->inpt_lmask]); 172 } 173 174 void 175 in_pcbinit(struct inpcbtable *table, int hashsize) 176 { 177 mtx_init(&table->inpt_mtx, IPL_SOFTNET); 178 TAILQ_INIT(&table->inpt_queue); 179 table->inpt_hashtbl = hashinit(hashsize, M_PCB, M_WAITOK, 180 &table->inpt_mask); 181 table->inpt_lhashtbl = hashinit(hashsize, M_PCB, M_WAITOK, 182 &table->inpt_lmask); 183 table->inpt_count = 0; 184 table->inpt_size = hashsize; 185 arc4random_buf(&table->inpt_key, sizeof(table->inpt_key)); 186 arc4random_buf(&table->inpt_lkey, sizeof(table->inpt_lkey)); 187 } 188 189 /* 190 * Check if the specified port is invalid for dynamic allocation. 191 */ 192 int 193 in_baddynamic(u_int16_t port, u_int16_t proto) 194 { 195 switch (proto) { 196 case IPPROTO_TCP: 197 return (DP_ISSET(baddynamicports.tcp, port)); 198 case IPPROTO_UDP: 199 #ifdef IPSEC 200 /* Cannot preset this as it is a sysctl */ 201 if (port == udpencap_port) 202 return (1); 203 #endif 204 return (DP_ISSET(baddynamicports.udp, port)); 205 default: 206 return (0); 207 } 208 } 209 210 int 211 in_rootonly(u_int16_t port, u_int16_t proto) 212 { 213 switch (proto) { 214 case IPPROTO_TCP: 215 return (port < IPPORT_RESERVED || 216 DP_ISSET(rootonlyports.tcp, port)); 217 case IPPROTO_UDP: 218 return (port < IPPORT_RESERVED || 219 DP_ISSET(rootonlyports.udp, port)); 220 default: 221 return (0); 222 } 223 } 224 225 int 226 in_pcballoc(struct socket *so, struct inpcbtable *table) 227 { 228 struct inpcb *inp; 229 struct inpcbhead *head; 230 231 NET_ASSERT_LOCKED(); 232 233 inp = pool_get(&inpcb_pool, PR_NOWAIT|PR_ZERO); 234 if (inp == NULL) 235 return (ENOBUFS); 236 inp->inp_table = table; 237 inp->inp_socket = so; 238 refcnt_init_trace(&inp->inp_refcnt, DT_REFCNT_IDX_INPCB); 239 inp->inp_seclevel[SL_AUTH] = IPSEC_AUTH_LEVEL_DEFAULT; 240 inp->inp_seclevel[SL_ESP_TRANS] = IPSEC_ESP_TRANS_LEVEL_DEFAULT; 241 inp->inp_seclevel[SL_ESP_NETWORK] = IPSEC_ESP_NETWORK_LEVEL_DEFAULT; 242 inp->inp_seclevel[SL_IPCOMP] = IPSEC_IPCOMP_LEVEL_DEFAULT; 243 inp->inp_rtableid = curproc->p_p->ps_rtableid; 244 inp->inp_hops = -1; 245 #ifdef INET6 246 /* 247 * Small change in this function to set the INP_IPV6 flag so routines 248 * outside pcb-specific routines don't need to use sotopf(), and all 249 * of its pointer chasing, later. 250 */ 251 if (sotopf(so) == PF_INET6) 252 inp->inp_flags = INP_IPV6; 253 inp->inp_cksum6 = -1; 254 #endif /* INET6 */ 255 256 mtx_enter(&table->inpt_mtx); 257 if (table->inpt_count++ > INPCBHASH_LOADFACTOR(table->inpt_size)) 258 (void)in_pcbresize(table, table->inpt_size * 2); 259 TAILQ_INSERT_HEAD(&table->inpt_queue, inp, inp_queue); 260 head = in_pcblhash(table, inp->inp_rtableid, inp->inp_lport); 261 LIST_INSERT_HEAD(head, inp, inp_lhash); 262 #ifdef INET6 263 if (sotopf(so) == PF_INET6) 264 head = in6_pcbhash(table, rtable_l2(inp->inp_rtableid), 265 &inp->inp_faddr6, inp->inp_fport, 266 &inp->inp_laddr6, inp->inp_lport); 267 else 268 #endif /* INET6 */ 269 head = in_pcbhash(table, rtable_l2(inp->inp_rtableid), 270 &inp->inp_faddr, inp->inp_fport, 271 &inp->inp_laddr, inp->inp_lport); 272 LIST_INSERT_HEAD(head, inp, inp_hash); 273 mtx_leave(&table->inpt_mtx); 274 275 so->so_pcb = inp; 276 277 return (0); 278 } 279 280 int 281 in_pcbbind(struct inpcb *inp, struct mbuf *nam, struct proc *p) 282 { 283 struct socket *so = inp->inp_socket; 284 u_int16_t lport = 0; 285 int wild = 0; 286 void *laddr = &zeroin46_addr; 287 int error; 288 289 if (inp->inp_lport) 290 return (EINVAL); 291 292 if ((so->so_options & (SO_REUSEADDR|SO_REUSEPORT)) == 0 && 293 ((so->so_proto->pr_flags & PR_CONNREQUIRED) == 0 || 294 (so->so_options & SO_ACCEPTCONN) == 0)) 295 wild = INPLOOKUP_WILDCARD; 296 297 switch (sotopf(so)) { 298 #ifdef INET6 299 case PF_INET6: 300 if (!IN6_IS_ADDR_UNSPECIFIED(&inp->inp_laddr6)) 301 return (EINVAL); 302 wild |= INPLOOKUP_IPV6; 303 304 if (nam) { 305 struct sockaddr_in6 *sin6; 306 307 if ((error = in6_nam2sin6(nam, &sin6))) 308 return (error); 309 if ((error = in6_pcbaddrisavail(inp, sin6, wild, p))) 310 return (error); 311 laddr = &sin6->sin6_addr; 312 lport = sin6->sin6_port; 313 } 314 break; 315 #endif 316 case PF_INET: 317 if (inp->inp_laddr.s_addr != INADDR_ANY) 318 return (EINVAL); 319 320 if (nam) { 321 struct sockaddr_in *sin; 322 323 if ((error = in_nam2sin(nam, &sin))) 324 return (error); 325 if ((error = in_pcbaddrisavail(inp, sin, wild, p))) 326 return (error); 327 laddr = &sin->sin_addr; 328 lport = sin->sin_port; 329 } 330 break; 331 default: 332 return (EINVAL); 333 } 334 335 if (lport == 0) { 336 if ((error = in_pcbpickport(&lport, laddr, wild, inp, p))) 337 return (error); 338 } else { 339 if (in_rootonly(ntohs(lport), so->so_proto->pr_protocol) && 340 suser(p) != 0) 341 return (EACCES); 342 } 343 if (nam) { 344 switch (sotopf(so)) { 345 #ifdef INET6 346 case PF_INET6: 347 inp->inp_laddr6 = *(struct in6_addr *)laddr; 348 break; 349 #endif 350 case PF_INET: 351 inp->inp_laddr = *(struct in_addr *)laddr; 352 break; 353 } 354 } 355 inp->inp_lport = lport; 356 in_pcbrehash(inp); 357 return (0); 358 } 359 360 int 361 in_pcbaddrisavail(struct inpcb *inp, struct sockaddr_in *sin, int wild, 362 struct proc *p) 363 { 364 struct socket *so = inp->inp_socket; 365 struct inpcbtable *table = inp->inp_table; 366 u_int16_t lport = sin->sin_port; 367 int reuseport = (so->so_options & SO_REUSEPORT); 368 369 if (IN_MULTICAST(sin->sin_addr.s_addr)) { 370 /* 371 * Treat SO_REUSEADDR as SO_REUSEPORT for multicast; 372 * allow complete duplication of binding if 373 * SO_REUSEPORT is set, or if SO_REUSEADDR is set 374 * and a multicast address is bound on both 375 * new and duplicated sockets. 376 */ 377 if (so->so_options & (SO_REUSEADDR|SO_REUSEPORT)) 378 reuseport = SO_REUSEADDR|SO_REUSEPORT; 379 } else if (sin->sin_addr.s_addr != INADDR_ANY) { 380 /* 381 * we must check that we are binding to an address we 382 * own except when: 383 * - SO_BINDANY is set or 384 * - we are binding a UDP socket to 255.255.255.255 or 385 * - we are binding a UDP socket to one of our broadcast 386 * addresses 387 */ 388 if (!ISSET(so->so_options, SO_BINDANY) && 389 !(so->so_type == SOCK_DGRAM && 390 sin->sin_addr.s_addr == INADDR_BROADCAST) && 391 !(so->so_type == SOCK_DGRAM && 392 in_broadcast(sin->sin_addr, inp->inp_rtableid))) { 393 struct ifaddr *ia; 394 395 sin->sin_port = 0; 396 memset(sin->sin_zero, 0, sizeof(sin->sin_zero)); 397 ia = ifa_ifwithaddr(sintosa(sin), inp->inp_rtableid); 398 sin->sin_port = lport; 399 400 if (ia == NULL) 401 return (EADDRNOTAVAIL); 402 } 403 } 404 if (lport) { 405 struct inpcb *t; 406 407 if (so->so_euid && !IN_MULTICAST(sin->sin_addr.s_addr)) { 408 t = in_pcblookup_local(table, &sin->sin_addr, lport, 409 INPLOOKUP_WILDCARD, inp->inp_rtableid); 410 if (t && (so->so_euid != t->inp_socket->so_euid)) 411 return (EADDRINUSE); 412 } 413 t = in_pcblookup_local(table, &sin->sin_addr, lport, 414 wild, inp->inp_rtableid); 415 if (t && (reuseport & t->inp_socket->so_options) == 0) 416 return (EADDRINUSE); 417 } 418 419 return (0); 420 } 421 422 int 423 in_pcbpickport(u_int16_t *lport, void *laddr, int wild, struct inpcb *inp, 424 struct proc *p) 425 { 426 struct socket *so = inp->inp_socket; 427 struct inpcbtable *table = inp->inp_table; 428 u_int16_t first, last, lower, higher, candidate, localport; 429 int count; 430 431 if (inp->inp_flags & INP_HIGHPORT) { 432 first = ipport_hifirstauto; /* sysctl */ 433 last = ipport_hilastauto; 434 } else if (inp->inp_flags & INP_LOWPORT) { 435 if (suser(p)) 436 return (EACCES); 437 first = IPPORT_RESERVED-1; /* 1023 */ 438 last = 600; /* not IPPORT_RESERVED/2 */ 439 } else { 440 first = ipport_firstauto; /* sysctl */ 441 last = ipport_lastauto; 442 } 443 if (first < last) { 444 lower = first; 445 higher = last; 446 } else { 447 lower = last; 448 higher = first; 449 } 450 451 /* 452 * Simple check to ensure all ports are not used up causing 453 * a deadlock here. 454 */ 455 456 count = higher - lower; 457 candidate = lower + arc4random_uniform(count); 458 459 do { 460 if (count-- < 0) /* completely used? */ 461 return (EADDRNOTAVAIL); 462 ++candidate; 463 if (candidate < lower || candidate > higher) 464 candidate = lower; 465 localport = htons(candidate); 466 } while (in_baddynamic(candidate, so->so_proto->pr_protocol) || 467 in_pcblookup_local(table, laddr, localport, wild, 468 inp->inp_rtableid)); 469 *lport = localport; 470 471 return (0); 472 } 473 474 /* 475 * Connect from a socket to a specified address. 476 * Both address and port must be specified in argument sin. 477 * If don't have a local address for this socket yet, 478 * then pick one. 479 */ 480 int 481 in_pcbconnect(struct inpcb *inp, struct mbuf *nam) 482 { 483 struct in_addr ina; 484 struct sockaddr_in *sin; 485 int error; 486 487 #ifdef INET6 488 if (sotopf(inp->inp_socket) == PF_INET6) 489 return (in6_pcbconnect(inp, nam)); 490 KASSERT((inp->inp_flags & INP_IPV6) == 0); 491 #endif /* INET6 */ 492 493 if ((error = in_nam2sin(nam, &sin))) 494 return (error); 495 if (sin->sin_port == 0) 496 return (EADDRNOTAVAIL); 497 error = in_pcbselsrc(&ina, sin, inp); 498 if (error) 499 return (error); 500 501 if (in_pcbhashlookup(inp->inp_table, sin->sin_addr, sin->sin_port, 502 ina, inp->inp_lport, inp->inp_rtableid) != NULL) 503 return (EADDRINUSE); 504 505 KASSERT(inp->inp_laddr.s_addr == INADDR_ANY || inp->inp_lport); 506 507 if (inp->inp_laddr.s_addr == INADDR_ANY) { 508 if (inp->inp_lport == 0) { 509 error = in_pcbbind(inp, NULL, curproc); 510 if (error) 511 return (error); 512 if (in_pcbhashlookup(inp->inp_table, sin->sin_addr, 513 sin->sin_port, ina, inp->inp_lport, 514 inp->inp_rtableid) != NULL) { 515 inp->inp_lport = 0; 516 return (EADDRINUSE); 517 } 518 } 519 inp->inp_laddr = ina; 520 } 521 inp->inp_faddr = sin->sin_addr; 522 inp->inp_fport = sin->sin_port; 523 in_pcbrehash(inp); 524 #if NSTOEPLITZ > 0 525 inp->inp_flowid = stoeplitz_ip4port(inp->inp_faddr.s_addr, 526 inp->inp_laddr.s_addr, inp->inp_fport, inp->inp_lport); 527 #endif 528 return (0); 529 } 530 531 void 532 in_pcbdisconnect(struct inpcb *inp) 533 { 534 #if NPF > 0 535 if (inp->inp_pf_sk) { 536 pf_remove_divert_state(inp->inp_pf_sk); 537 /* pf_remove_divert_state() may have detached the state */ 538 pf_inp_unlink(inp); 539 } 540 #endif 541 switch (sotopf(inp->inp_socket)) { 542 #ifdef INET6 543 case PF_INET6: 544 inp->inp_faddr6 = in6addr_any; 545 break; 546 #endif 547 case PF_INET: 548 inp->inp_faddr.s_addr = INADDR_ANY; 549 break; 550 } 551 552 inp->inp_fport = 0; 553 inp->inp_flowid = 0; 554 in_pcbrehash(inp); 555 if (inp->inp_socket->so_state & SS_NOFDREF) 556 in_pcbdetach(inp); 557 } 558 559 void 560 in_pcbdetach(struct inpcb *inp) 561 { 562 struct socket *so = inp->inp_socket; 563 struct inpcbtable *table = inp->inp_table; 564 565 NET_ASSERT_LOCKED(); 566 567 so->so_pcb = NULL; 568 /* 569 * As long as the NET_LOCK() is the default lock for Internet 570 * sockets, do not release it to not introduce new sleeping 571 * points. 572 */ 573 sofree(so, 1); 574 m_freem(inp->inp_options); 575 if (inp->inp_route.ro_rt) { 576 rtfree(inp->inp_route.ro_rt); 577 inp->inp_route.ro_rt = NULL; 578 } 579 #ifdef INET6 580 if (inp->inp_flags & INP_IPV6) { 581 ip6_freepcbopts(inp->inp_outputopts6); 582 ip6_freemoptions(inp->inp_moptions6); 583 } else 584 #endif 585 ip_freemoptions(inp->inp_moptions); 586 #if NPF > 0 587 if (inp->inp_pf_sk) { 588 pf_remove_divert_state(inp->inp_pf_sk); 589 /* pf_remove_divert_state() may have detached the state */ 590 pf_inp_unlink(inp); 591 } 592 #endif 593 mtx_enter(&table->inpt_mtx); 594 LIST_REMOVE(inp, inp_lhash); 595 LIST_REMOVE(inp, inp_hash); 596 TAILQ_REMOVE(&table->inpt_queue, inp, inp_queue); 597 table->inpt_count--; 598 mtx_leave(&table->inpt_mtx); 599 600 in_pcbunref(inp); 601 } 602 603 struct inpcb * 604 in_pcbref(struct inpcb *inp) 605 { 606 if (inp != NULL) 607 refcnt_take(&inp->inp_refcnt); 608 return inp; 609 } 610 611 void 612 in_pcbunref(struct inpcb *inp) 613 { 614 if (refcnt_rele(&inp->inp_refcnt)) { 615 KASSERT((LIST_NEXT(inp, inp_hash) == NULL) || 616 (LIST_NEXT(inp, inp_hash) == _Q_INVALID)); 617 KASSERT((LIST_NEXT(inp, inp_lhash) == NULL) || 618 (LIST_NEXT(inp, inp_lhash) == _Q_INVALID)); 619 KASSERT((TAILQ_NEXT(inp, inp_queue) == NULL) || 620 (TAILQ_NEXT(inp, inp_queue) == _Q_INVALID)); 621 pool_put(&inpcb_pool, inp); 622 } 623 } 624 625 void 626 in_setsockaddr(struct inpcb *inp, struct mbuf *nam) 627 { 628 struct sockaddr_in *sin; 629 630 nam->m_len = sizeof(*sin); 631 sin = mtod(nam, struct sockaddr_in *); 632 memset(sin, 0, sizeof(*sin)); 633 sin->sin_family = AF_INET; 634 sin->sin_len = sizeof(*sin); 635 sin->sin_port = inp->inp_lport; 636 sin->sin_addr = inp->inp_laddr; 637 } 638 639 void 640 in_setpeeraddr(struct inpcb *inp, struct mbuf *nam) 641 { 642 struct sockaddr_in *sin; 643 644 #ifdef INET6 645 if (sotopf(inp->inp_socket) == PF_INET6) { 646 in6_setpeeraddr(inp, nam); 647 return; 648 } 649 #endif /* INET6 */ 650 651 nam->m_len = sizeof(*sin); 652 sin = mtod(nam, struct sockaddr_in *); 653 memset(sin, 0, sizeof(*sin)); 654 sin->sin_family = AF_INET; 655 sin->sin_len = sizeof(*sin); 656 sin->sin_port = inp->inp_fport; 657 sin->sin_addr = inp->inp_faddr; 658 } 659 660 /* 661 * Pass some notification to all connections of a protocol 662 * associated with address dst. The "usual action" will be 663 * taken, depending on the ctlinput cmd. The caller must filter any 664 * cmds that are uninteresting (e.g., no error in the map). 665 * Call the protocol specific routine (if any) to report 666 * any errors for each matching socket. 667 */ 668 void 669 in_pcbnotifyall(struct inpcbtable *table, struct sockaddr *dst, u_int rtable, 670 int errno, void (*notify)(struct inpcb *, int)) 671 { 672 SIMPLEQ_HEAD(, inpcb) inpcblist; 673 struct inpcb *inp; 674 struct in_addr faddr; 675 u_int rdomain; 676 677 NET_ASSERT_WLOCKED(); 678 679 if (dst->sa_family != AF_INET) 680 return; 681 faddr = satosin(dst)->sin_addr; 682 if (faddr.s_addr == INADDR_ANY) 683 return; 684 if (notify == NULL) 685 return; 686 687 SIMPLEQ_INIT(&inpcblist); 688 rdomain = rtable_l2(rtable); 689 mtx_enter(&table->inpt_mtx); 690 TAILQ_FOREACH(inp, &table->inpt_queue, inp_queue) { 691 #ifdef INET6 692 if (inp->inp_flags & INP_IPV6) 693 continue; 694 #endif 695 if (inp->inp_faddr.s_addr != faddr.s_addr || 696 rtable_l2(inp->inp_rtableid) != rdomain || 697 inp->inp_socket == NULL) { 698 continue; 699 } 700 in_pcbref(inp); 701 SIMPLEQ_INSERT_TAIL(&inpcblist, inp, inp_notify); 702 } 703 mtx_leave(&table->inpt_mtx); 704 705 while ((inp = SIMPLEQ_FIRST(&inpcblist)) != NULL) { 706 SIMPLEQ_REMOVE_HEAD(&inpcblist, inp_notify); 707 (*notify)(inp, errno); 708 in_pcbunref(inp); 709 } 710 } 711 712 /* 713 * Check for alternatives when higher level complains 714 * about service problems. For now, invalidate cached 715 * routing information. If the route was created dynamically 716 * (by a redirect), time to try a default gateway again. 717 */ 718 void 719 in_losing(struct inpcb *inp) 720 { 721 struct rtentry *rt = inp->inp_route.ro_rt; 722 723 if (rt) { 724 inp->inp_route.ro_rt = NULL; 725 726 if (rt->rt_flags & RTF_DYNAMIC) { 727 struct ifnet *ifp; 728 729 ifp = if_get(rt->rt_ifidx); 730 /* 731 * If the interface is gone, all its attached 732 * route entries have been removed from the table, 733 * so we're dealing with a stale cache and have 734 * nothing to do. 735 */ 736 if (ifp != NULL) 737 rtdeletemsg(rt, ifp, inp->inp_rtableid); 738 if_put(ifp); 739 } 740 /* 741 * A new route can be allocated 742 * the next time output is attempted. 743 * rtfree() needs to be called in anycase because the inp 744 * is still holding a reference to rt. 745 */ 746 rtfree(rt); 747 } 748 } 749 750 /* 751 * After a routing change, flush old routing 752 * and allocate a (hopefully) better one. 753 */ 754 void 755 in_rtchange(struct inpcb *inp, int errno) 756 { 757 if (inp->inp_route.ro_rt) { 758 rtfree(inp->inp_route.ro_rt); 759 inp->inp_route.ro_rt = NULL; 760 /* 761 * A new route can be allocated the next time 762 * output is attempted. 763 */ 764 } 765 } 766 767 struct inpcb * 768 in_pcblookup_local(struct inpcbtable *table, void *laddrp, u_int lport_arg, 769 int flags, u_int rtable) 770 { 771 struct inpcb *inp, *match = NULL; 772 int matchwild = 3, wildcard; 773 u_int16_t lport = lport_arg; 774 struct in_addr laddr = *(struct in_addr *)laddrp; 775 #ifdef INET6 776 struct in6_addr *laddr6 = (struct in6_addr *)laddrp; 777 #endif 778 struct inpcbhead *head; 779 u_int rdomain; 780 781 rdomain = rtable_l2(rtable); 782 mtx_enter(&table->inpt_mtx); 783 head = in_pcblhash(table, rdomain, lport); 784 LIST_FOREACH(inp, head, inp_lhash) { 785 if (rtable_l2(inp->inp_rtableid) != rdomain) 786 continue; 787 if (inp->inp_lport != lport) 788 continue; 789 wildcard = 0; 790 #ifdef INET6 791 if (ISSET(flags, INPLOOKUP_IPV6)) { 792 if (!ISSET(inp->inp_flags, INP_IPV6)) 793 continue; 794 795 if (!IN6_IS_ADDR_UNSPECIFIED(&inp->inp_faddr6)) 796 wildcard++; 797 798 if (!IN6_ARE_ADDR_EQUAL(&inp->inp_laddr6, laddr6)) { 799 if (IN6_IS_ADDR_UNSPECIFIED(&inp->inp_laddr6) || 800 IN6_IS_ADDR_UNSPECIFIED(laddr6)) 801 wildcard++; 802 else 803 continue; 804 } 805 806 } else 807 #endif /* INET6 */ 808 { 809 #ifdef INET6 810 if (ISSET(inp->inp_flags, INP_IPV6)) 811 continue; 812 #endif /* INET6 */ 813 814 if (inp->inp_faddr.s_addr != INADDR_ANY) 815 wildcard++; 816 817 if (inp->inp_laddr.s_addr != laddr.s_addr) { 818 if (inp->inp_laddr.s_addr == INADDR_ANY || 819 laddr.s_addr == INADDR_ANY) 820 wildcard++; 821 else 822 continue; 823 } 824 825 } 826 if ((!wildcard || (flags & INPLOOKUP_WILDCARD)) && 827 wildcard < matchwild) { 828 match = inp; 829 if ((matchwild = wildcard) == 0) 830 break; 831 } 832 } 833 mtx_leave(&table->inpt_mtx); 834 835 return (match); 836 } 837 838 struct rtentry * 839 in_pcbrtentry(struct inpcb *inp) 840 { 841 struct route *ro; 842 843 ro = &inp->inp_route; 844 845 /* check if route is still valid */ 846 if (!rtisvalid(ro->ro_rt)) { 847 rtfree(ro->ro_rt); 848 ro->ro_rt = NULL; 849 } 850 851 /* 852 * No route yet, so try to acquire one. 853 */ 854 if (ro->ro_rt == NULL) { 855 #ifdef INET6 856 memset(ro, 0, sizeof(struct route_in6)); 857 #else 858 memset(ro, 0, sizeof(struct route)); 859 #endif 860 861 switch(sotopf(inp->inp_socket)) { 862 #ifdef INET6 863 case PF_INET6: 864 if (IN6_IS_ADDR_UNSPECIFIED(&inp->inp_faddr6)) 865 break; 866 ro->ro_dst.sa_family = AF_INET6; 867 ro->ro_dst.sa_len = sizeof(struct sockaddr_in6); 868 satosin6(&ro->ro_dst)->sin6_addr = inp->inp_faddr6; 869 ro->ro_tableid = inp->inp_rtableid; 870 ro->ro_rt = rtalloc_mpath(&ro->ro_dst, 871 &inp->inp_laddr6.s6_addr32[0], ro->ro_tableid); 872 break; 873 #endif /* INET6 */ 874 case PF_INET: 875 if (inp->inp_faddr.s_addr == INADDR_ANY) 876 break; 877 ro->ro_dst.sa_family = AF_INET; 878 ro->ro_dst.sa_len = sizeof(struct sockaddr_in); 879 satosin(&ro->ro_dst)->sin_addr = inp->inp_faddr; 880 ro->ro_tableid = inp->inp_rtableid; 881 ro->ro_rt = rtalloc_mpath(&ro->ro_dst, 882 &inp->inp_laddr.s_addr, ro->ro_tableid); 883 break; 884 } 885 } 886 return (ro->ro_rt); 887 } 888 889 /* 890 * Return an IPv4 address, which is the most appropriate for a given 891 * destination. 892 * If necessary, this function lookups the routing table and returns 893 * an entry to the caller for later use. 894 */ 895 int 896 in_pcbselsrc(struct in_addr *insrc, struct sockaddr_in *sin, 897 struct inpcb *inp) 898 { 899 struct ip_moptions *mopts = inp->inp_moptions; 900 struct route *ro = &inp->inp_route; 901 struct in_addr *laddr = &inp->inp_laddr; 902 u_int rtableid = inp->inp_rtableid; 903 struct sockaddr *ip4_source = NULL; 904 905 struct sockaddr_in *sin2; 906 struct in_ifaddr *ia = NULL; 907 908 /* 909 * If the socket(if any) is already bound, use that bound address 910 * unless it is INADDR_ANY or INADDR_BROADCAST. 911 */ 912 if (laddr->s_addr != INADDR_ANY && 913 laddr->s_addr != INADDR_BROADCAST) { 914 *insrc = *laddr; 915 return (0); 916 } 917 918 /* 919 * If the destination address is multicast or limited 920 * broadcast (255.255.255.255) and an outgoing interface has 921 * been set as a multicast option, use the address of that 922 * interface as our source address. 923 */ 924 if ((IN_MULTICAST(sin->sin_addr.s_addr) || 925 sin->sin_addr.s_addr == INADDR_BROADCAST) && mopts != NULL) { 926 struct ifnet *ifp; 927 928 ifp = if_get(mopts->imo_ifidx); 929 if (ifp != NULL) { 930 if (ifp->if_rdomain == rtable_l2(rtableid)) 931 IFP_TO_IA(ifp, ia); 932 if (ia == NULL) { 933 if_put(ifp); 934 return (EADDRNOTAVAIL); 935 } 936 937 *insrc = ia->ia_addr.sin_addr; 938 if_put(ifp); 939 return (0); 940 } 941 } 942 943 /* 944 * If route is known or can be allocated now, 945 * our src addr is taken from the i/f, else punt. 946 */ 947 if (!rtisvalid(ro->ro_rt) || (ro->ro_tableid != rtableid) || 948 (satosin(&ro->ro_dst)->sin_addr.s_addr != sin->sin_addr.s_addr)) { 949 rtfree(ro->ro_rt); 950 ro->ro_rt = NULL; 951 } 952 if (ro->ro_rt == NULL) { 953 /* No route yet, so try to acquire one */ 954 ro->ro_dst.sa_family = AF_INET; 955 ro->ro_dst.sa_len = sizeof(struct sockaddr_in); 956 satosin(&ro->ro_dst)->sin_addr = sin->sin_addr; 957 ro->ro_tableid = rtableid; 958 ro->ro_rt = rtalloc_mpath(&ro->ro_dst, NULL, ro->ro_tableid); 959 960 /* 961 * It is important to zero out the rest of the 962 * struct sockaddr_in when mixing v6 & v4! 963 */ 964 sin2 = satosin(&ro->ro_dst); 965 memset(sin2->sin_zero, 0, sizeof(sin2->sin_zero)); 966 } 967 968 /* 969 * If we found a route, use the address 970 * corresponding to the outgoing interface. 971 */ 972 if (ro->ro_rt != NULL) 973 ia = ifatoia(ro->ro_rt->rt_ifa); 974 975 /* 976 * Use preferred source address if : 977 * - destination is not onlink 978 * - preferred source address is set 979 * - output interface is UP 980 */ 981 if (ro->ro_rt && !(ro->ro_rt->rt_flags & RTF_LLINFO) && 982 !(ro->ro_rt->rt_flags & RTF_HOST)) { 983 ip4_source = rtable_getsource(rtableid, AF_INET); 984 if (ip4_source != NULL) { 985 struct ifaddr *ifa; 986 if ((ifa = ifa_ifwithaddr(ip4_source, rtableid)) != 987 NULL && ISSET(ifa->ifa_ifp->if_flags, IFF_UP)) { 988 *insrc = satosin(ip4_source)->sin_addr; 989 return (0); 990 } 991 } 992 } 993 994 if (ia == NULL) 995 return (EADDRNOTAVAIL); 996 997 *insrc = ia->ia_addr.sin_addr; 998 return (0); 999 } 1000 1001 void 1002 in_pcbrehash(struct inpcb *inp) 1003 { 1004 struct inpcbtable *table = inp->inp_table; 1005 1006 mtx_enter(&table->inpt_mtx); 1007 in_pcbrehash_locked(inp); 1008 mtx_leave(&table->inpt_mtx); 1009 } 1010 1011 void 1012 in_pcbrehash_locked(struct inpcb *inp) 1013 { 1014 struct inpcbtable *table = inp->inp_table; 1015 struct inpcbhead *head; 1016 1017 NET_ASSERT_LOCKED(); 1018 MUTEX_ASSERT_LOCKED(&table->inpt_mtx); 1019 1020 LIST_REMOVE(inp, inp_lhash); 1021 head = in_pcblhash(table, inp->inp_rtableid, inp->inp_lport); 1022 LIST_INSERT_HEAD(head, inp, inp_lhash); 1023 LIST_REMOVE(inp, inp_hash); 1024 #ifdef INET6 1025 if (inp->inp_flags & INP_IPV6) 1026 head = in6_pcbhash(table, rtable_l2(inp->inp_rtableid), 1027 &inp->inp_faddr6, inp->inp_fport, 1028 &inp->inp_laddr6, inp->inp_lport); 1029 else 1030 #endif /* INET6 */ 1031 head = in_pcbhash(table, rtable_l2(inp->inp_rtableid), 1032 &inp->inp_faddr, inp->inp_fport, 1033 &inp->inp_laddr, inp->inp_lport); 1034 LIST_INSERT_HEAD(head, inp, inp_hash); 1035 } 1036 1037 int 1038 in_pcbresize(struct inpcbtable *table, int hashsize) 1039 { 1040 u_long nmask, nlmask; 1041 int osize; 1042 void *nhashtbl, *nlhashtbl, *ohashtbl, *olhashtbl; 1043 struct inpcb *inp; 1044 1045 MUTEX_ASSERT_LOCKED(&table->inpt_mtx); 1046 1047 ohashtbl = table->inpt_hashtbl; 1048 olhashtbl = table->inpt_lhashtbl; 1049 osize = table->inpt_size; 1050 1051 nhashtbl = hashinit(hashsize, M_PCB, M_NOWAIT, &nmask); 1052 if (nhashtbl == NULL) 1053 return ENOBUFS; 1054 nlhashtbl = hashinit(hashsize, M_PCB, M_NOWAIT, &nlmask); 1055 if (nlhashtbl == NULL) { 1056 hashfree(nhashtbl, hashsize, M_PCB); 1057 return ENOBUFS; 1058 } 1059 table->inpt_hashtbl = nhashtbl; 1060 table->inpt_lhashtbl = nlhashtbl; 1061 table->inpt_mask = nmask; 1062 table->inpt_lmask = nlmask; 1063 table->inpt_size = hashsize; 1064 arc4random_buf(&table->inpt_key, sizeof(table->inpt_key)); 1065 arc4random_buf(&table->inpt_lkey, sizeof(table->inpt_lkey)); 1066 1067 TAILQ_FOREACH(inp, &table->inpt_queue, inp_queue) { 1068 in_pcbrehash_locked(inp); 1069 } 1070 hashfree(ohashtbl, osize, M_PCB); 1071 hashfree(olhashtbl, osize, M_PCB); 1072 1073 return (0); 1074 } 1075 1076 #ifdef DIAGNOSTIC 1077 int in_pcbnotifymiss = 0; 1078 #endif 1079 1080 /* 1081 * The in(6)_pcbhashlookup functions are used to locate connected sockets 1082 * quickly: 1083 * faddr.fport <-> laddr.lport 1084 * No wildcard matching is done so that listening sockets are not found. 1085 * If the functions return NULL in(6)_pcblookup_listen can be used to 1086 * find a listening/bound socket that may accept the connection. 1087 * After those two lookups no other are necessary. 1088 */ 1089 struct inpcb * 1090 in_pcbhashlookup(struct inpcbtable *table, struct in_addr faddr, 1091 u_int fport_arg, struct in_addr laddr, u_int lport_arg, u_int rtable) 1092 { 1093 struct inpcbhead *head; 1094 struct inpcb *inp; 1095 u_int16_t fport = fport_arg, lport = lport_arg; 1096 u_int rdomain; 1097 1098 rdomain = rtable_l2(rtable); 1099 mtx_enter(&table->inpt_mtx); 1100 head = in_pcbhash(table, rdomain, &faddr, fport, &laddr, lport); 1101 LIST_FOREACH(inp, head, inp_hash) { 1102 #ifdef INET6 1103 if (inp->inp_flags & INP_IPV6) 1104 continue; /*XXX*/ 1105 #endif 1106 if (inp->inp_faddr.s_addr == faddr.s_addr && 1107 inp->inp_fport == fport && inp->inp_lport == lport && 1108 inp->inp_laddr.s_addr == laddr.s_addr && 1109 rtable_l2(inp->inp_rtableid) == rdomain) { 1110 /* 1111 * Move this PCB to the head of hash chain so that 1112 * repeated accesses are quicker. This is analogous to 1113 * the historic single-entry PCB cache. 1114 */ 1115 if (inp != LIST_FIRST(head)) { 1116 LIST_REMOVE(inp, inp_hash); 1117 LIST_INSERT_HEAD(head, inp, inp_hash); 1118 } 1119 break; 1120 } 1121 } 1122 mtx_leave(&table->inpt_mtx); 1123 #ifdef DIAGNOSTIC 1124 if (inp == NULL && in_pcbnotifymiss) { 1125 printf("%s: faddr=%08x fport=%d laddr=%08x lport=%d rdom=%u\n", 1126 __func__, ntohl(faddr.s_addr), ntohs(fport), 1127 ntohl(laddr.s_addr), ntohs(lport), rdomain); 1128 } 1129 #endif 1130 return (inp); 1131 } 1132 1133 /* 1134 * The in(6)_pcblookup_listen functions are used to locate listening 1135 * sockets quickly. This are sockets with unspecified foreign address 1136 * and port: 1137 * *.* <-> laddr.lport 1138 * *.* <-> *.lport 1139 */ 1140 struct inpcb * 1141 in_pcblookup_listen(struct inpcbtable *table, struct in_addr laddr, 1142 u_int lport_arg, struct mbuf *m, u_int rtable) 1143 { 1144 struct inpcbhead *head; 1145 const struct in_addr *key1, *key2; 1146 struct inpcb *inp; 1147 u_int16_t lport = lport_arg; 1148 u_int rdomain; 1149 1150 key1 = &laddr; 1151 key2 = &zeroin_addr; 1152 #if NPF > 0 1153 if (m && m->m_pkthdr.pf.flags & PF_TAG_DIVERTED) { 1154 struct pf_divert *divert; 1155 1156 divert = pf_find_divert(m); 1157 KASSERT(divert != NULL); 1158 switch (divert->type) { 1159 case PF_DIVERT_TO: 1160 key1 = key2 = &divert->addr.v4; 1161 lport = divert->port; 1162 break; 1163 case PF_DIVERT_REPLY: 1164 return (NULL); 1165 default: 1166 panic("%s: unknown divert type %d, mbuf %p, divert %p", 1167 __func__, divert->type, m, divert); 1168 } 1169 } else if (m && m->m_pkthdr.pf.flags & PF_TAG_TRANSLATE_LOCALHOST) { 1170 /* 1171 * Redirected connections should not be treated the same 1172 * as connections directed to 127.0.0.0/8 since localhost 1173 * can only be accessed from the host itself. 1174 * For example portmap(8) grants more permissions for 1175 * connections to the socket bound to 127.0.0.1 than 1176 * to the * socket. 1177 */ 1178 key1 = &zeroin_addr; 1179 key2 = &laddr; 1180 } 1181 #endif 1182 1183 rdomain = rtable_l2(rtable); 1184 mtx_enter(&table->inpt_mtx); 1185 head = in_pcbhash(table, rdomain, &zeroin_addr, 0, key1, lport); 1186 LIST_FOREACH(inp, head, inp_hash) { 1187 #ifdef INET6 1188 if (inp->inp_flags & INP_IPV6) 1189 continue; /*XXX*/ 1190 #endif 1191 if (inp->inp_lport == lport && inp->inp_fport == 0 && 1192 inp->inp_laddr.s_addr == key1->s_addr && 1193 inp->inp_faddr.s_addr == INADDR_ANY && 1194 rtable_l2(inp->inp_rtableid) == rdomain) 1195 break; 1196 } 1197 if (inp == NULL && key1->s_addr != key2->s_addr) { 1198 head = in_pcbhash(table, rdomain, 1199 &zeroin_addr, 0, key2, lport); 1200 LIST_FOREACH(inp, head, inp_hash) { 1201 #ifdef INET6 1202 if (inp->inp_flags & INP_IPV6) 1203 continue; /*XXX*/ 1204 #endif 1205 if (inp->inp_lport == lport && inp->inp_fport == 0 && 1206 inp->inp_laddr.s_addr == key2->s_addr && 1207 inp->inp_faddr.s_addr == INADDR_ANY && 1208 rtable_l2(inp->inp_rtableid) == rdomain) 1209 break; 1210 } 1211 } 1212 /* 1213 * Move this PCB to the head of hash chain so that 1214 * repeated accesses are quicker. This is analogous to 1215 * the historic single-entry PCB cache. 1216 */ 1217 if (inp != NULL && inp != LIST_FIRST(head)) { 1218 LIST_REMOVE(inp, inp_hash); 1219 LIST_INSERT_HEAD(head, inp, inp_hash); 1220 } 1221 mtx_leave(&table->inpt_mtx); 1222 #ifdef DIAGNOSTIC 1223 if (inp == NULL && in_pcbnotifymiss) { 1224 printf("%s: laddr=%08x lport=%d rdom=%u\n", 1225 __func__, ntohl(laddr.s_addr), ntohs(lport), rdomain); 1226 } 1227 #endif 1228 return (inp); 1229 } 1230