1 /* $OpenBSD: udp_usrreq.c,v 1.130 2009/06/08 23:07:08 sthen Exp $ */ 2 /* $NetBSD: udp_usrreq.c,v 1.28 1996/03/16 23:54:03 christos Exp $ */ 3 4 /* 5 * Copyright (c) 1982, 1986, 1988, 1990, 1993 6 * The Regents of the University of California. All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 1. Redistributions of source code must retain the above copyright 12 * notice, this list of conditions and the following disclaimer. 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 3. Neither the name of the University nor the names of its contributors 17 * may be used to endorse or promote products derived from this software 18 * without specific prior written permission. 19 * 20 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 23 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 30 * SUCH DAMAGE. 31 * 32 * @(#)COPYRIGHT 1.1 (NRL) 17 January 1995 33 * 34 * NRL grants permission for redistribution and use in source and binary 35 * forms, with or without modification, of the software and documentation 36 * created at NRL provided that the following conditions are met: 37 * 38 * 1. Redistributions of source code must retain the above copyright 39 * notice, this list of conditions and the following disclaimer. 40 * 2. Redistributions in binary form must reproduce the above copyright 41 * notice, this list of conditions and the following disclaimer in the 42 * documentation and/or other materials provided with the distribution. 43 * 3. All advertising materials mentioning features or use of this software 44 * must display the following acknowledgements: 45 * This product includes software developed by the University of 46 * California, Berkeley and its contributors. 47 * This product includes software developed at the Information 48 * Technology Division, US Naval Research Laboratory. 49 * 4. Neither the name of the NRL nor the names of its contributors 50 * may be used to endorse or promote products derived from this software 51 * without specific prior written permission. 52 * 53 * THE SOFTWARE PROVIDED BY NRL IS PROVIDED BY NRL AND CONTRIBUTORS ``AS 54 * IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 55 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A 56 * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL NRL OR 57 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, 58 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, 59 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR 60 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF 61 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 62 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 63 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 64 * 65 * The views and conclusions contained in the software and documentation 66 * are those of the authors and should not be interpreted as representing 67 * official policies, either expressed or implied, of the US Naval 68 * Research Laboratory (NRL). 69 */ 70 71 #include <sys/param.h> 72 #include <sys/systm.h> 73 #include <sys/mbuf.h> 74 #include <sys/protosw.h> 75 #include <sys/socket.h> 76 #include <sys/socketvar.h> 77 #include <sys/sysctl.h> 78 79 #include <net/if.h> 80 #include <net/route.h> 81 82 #include <netinet/in.h> 83 #include <netinet/in_systm.h> 84 #include <netinet/in_var.h> 85 #include <netinet/ip.h> 86 #include <netinet/in_pcb.h> 87 #include <netinet/ip_var.h> 88 #include <netinet/ip_icmp.h> 89 #include <netinet/udp.h> 90 #include <netinet/udp_var.h> 91 92 #ifdef IPSEC 93 #include <netinet/ip_ipsp.h> 94 #include <netinet/ip_esp.h> 95 #endif 96 97 #ifdef INET6 98 #ifndef INET 99 #include <netinet/in.h> 100 #endif 101 #include <netinet6/ip6protosw.h> 102 103 extern int ip6_defhlim; 104 #endif /* INET6 */ 105 106 #include "faith.h" 107 108 #include "pf.h" 109 #if NPF > 0 110 #include <net/pfvar.h> 111 #endif 112 113 /* 114 * UDP protocol implementation. 115 * Per RFC 768, August, 1980. 116 */ 117 int udpcksum = 1; 118 119 u_int udp_sendspace = 9216; /* really max datagram size */ 120 u_int udp_recvspace = 40 * (1024 + sizeof(struct sockaddr_in)); 121 /* 40 1K datagrams */ 122 123 int *udpctl_vars[UDPCTL_MAXID] = UDPCTL_VARS; 124 125 struct inpcbtable udbtable; 126 struct udpstat udpstat; 127 128 void udp_detach(struct inpcb *); 129 void udp_notify(struct inpcb *, int); 130 131 #ifndef UDBHASHSIZE 132 #define UDBHASHSIZE 128 133 #endif 134 int udbhashsize = UDBHASHSIZE; 135 136 /* from in_pcb.c */ 137 extern struct baddynamicports baddynamicports; 138 139 void 140 udp_init() 141 { 142 in_pcbinit(&udbtable, udbhashsize); 143 } 144 145 #ifdef INET6 146 int 147 udp6_input(struct mbuf **mp, int *offp, int proto) 148 { 149 struct mbuf *m = *mp; 150 151 #if NFAITH > 0 152 if (m->m_pkthdr.rcvif) { 153 if (m->m_pkthdr.rcvif->if_type == IFT_FAITH) { 154 /* XXX send icmp6 host/port unreach? */ 155 m_freem(m); 156 return IPPROTO_DONE; 157 } 158 } 159 #endif 160 161 udp_input(m, *offp, proto); 162 return IPPROTO_DONE; 163 } 164 #endif 165 166 void 167 udp_input(struct mbuf *m, ...) 168 { 169 struct ip *ip; 170 struct udphdr *uh; 171 struct inpcb *inp = NULL; 172 struct mbuf *opts = NULL; 173 struct ip save_ip; 174 int iphlen, len; 175 va_list ap; 176 u_int16_t savesum; 177 union { 178 struct sockaddr sa; 179 struct sockaddr_in sin; 180 #ifdef INET6 181 struct sockaddr_in6 sin6; 182 #endif /* INET6 */ 183 } srcsa, dstsa; 184 #ifdef INET6 185 struct ip6_hdr *ip6; 186 #endif /* INET6 */ 187 #ifdef IPSEC 188 struct m_tag *mtag; 189 struct tdb_ident *tdbi; 190 struct tdb *tdb; 191 int error, s; 192 #endif /* IPSEC */ 193 194 va_start(ap, m); 195 iphlen = va_arg(ap, int); 196 va_end(ap); 197 198 udpstat.udps_ipackets++; 199 200 switch (mtod(m, struct ip *)->ip_v) { 201 case 4: 202 ip = mtod(m, struct ip *); 203 #ifdef INET6 204 ip6 = NULL; 205 #endif /* INET6 */ 206 srcsa.sa.sa_family = AF_INET; 207 break; 208 #ifdef INET6 209 case 6: 210 ip = NULL; 211 ip6 = mtod(m, struct ip6_hdr *); 212 srcsa.sa.sa_family = AF_INET6; 213 break; 214 #endif /* INET6 */ 215 default: 216 goto bad; 217 } 218 219 IP6_EXTHDR_GET(uh, struct udphdr *, m, iphlen, sizeof(struct udphdr)); 220 if (!uh) { 221 udpstat.udps_hdrops++; 222 return; 223 } 224 225 /* Check for illegal destination port 0 */ 226 if (uh->uh_dport == 0) { 227 udpstat.udps_noport++; 228 goto bad; 229 } 230 231 /* 232 * Make mbuf data length reflect UDP length. 233 * If not enough data to reflect UDP length, drop. 234 */ 235 len = ntohs((u_int16_t)uh->uh_ulen); 236 if (ip) { 237 if (m->m_pkthdr.len - iphlen != len) { 238 if (len > (m->m_pkthdr.len - iphlen) || 239 len < sizeof(struct udphdr)) { 240 udpstat.udps_badlen++; 241 goto bad; 242 } 243 m_adj(m, len - (m->m_pkthdr.len - iphlen)); 244 } 245 } 246 #ifdef INET6 247 else if (ip6) { 248 /* jumbograms */ 249 if (len == 0 && m->m_pkthdr.len - iphlen > 0xffff) 250 len = m->m_pkthdr.len - iphlen; 251 if (len != m->m_pkthdr.len - iphlen) { 252 udpstat.udps_badlen++; 253 goto bad; 254 } 255 } 256 #endif 257 else /* shouldn't happen */ 258 goto bad; 259 260 /* 261 * Save a copy of the IP header in case we want restore it 262 * for sending an ICMP error message in response. 263 */ 264 if (ip) 265 save_ip = *ip; 266 267 /* 268 * Checksum extended UDP header and data. 269 * from W.R.Stevens: check incoming udp cksums even if 270 * udpcksum is not set. 271 */ 272 savesum = uh->uh_sum; 273 #ifdef INET6 274 if (ip6) { 275 /* Be proactive about malicious use of IPv4 mapped address */ 276 if (IN6_IS_ADDR_V4MAPPED(&ip6->ip6_src) || 277 IN6_IS_ADDR_V4MAPPED(&ip6->ip6_dst)) { 278 /* XXX stat */ 279 goto bad; 280 } 281 282 /* 283 * In IPv6, the UDP checksum is ALWAYS used. 284 */ 285 if (uh->uh_sum == 0) { 286 udpstat.udps_nosum++; 287 goto bad; 288 } 289 if ((m->m_pkthdr.csum_flags & M_UDP_CSUM_IN_OK) == 0) { 290 if (m->m_pkthdr.csum_flags & M_UDP_CSUM_IN_BAD) { 291 udpstat.udps_badsum++; 292 udpstat.udps_inhwcsum++; 293 goto bad; 294 } 295 296 if ((uh->uh_sum = in6_cksum(m, IPPROTO_UDP, 297 iphlen, len))) { 298 udpstat.udps_badsum++; 299 goto bad; 300 } 301 } else { 302 m->m_pkthdr.csum_flags &= ~M_UDP_CSUM_IN_OK; 303 udpstat.udps_inhwcsum++; 304 } 305 } else 306 #endif /* INET6 */ 307 if (uh->uh_sum) { 308 if ((m->m_pkthdr.csum_flags & M_UDP_CSUM_IN_OK) == 0) { 309 if (m->m_pkthdr.csum_flags & M_UDP_CSUM_IN_BAD) { 310 udpstat.udps_badsum++; 311 udpstat.udps_inhwcsum++; 312 m_freem(m); 313 return; 314 } 315 316 if ((uh->uh_sum = in4_cksum(m, IPPROTO_UDP, 317 iphlen, len))) { 318 udpstat.udps_badsum++; 319 m_freem(m); 320 return; 321 } 322 } else { 323 m->m_pkthdr.csum_flags &= ~M_UDP_CSUM_IN_OK; 324 udpstat.udps_inhwcsum++; 325 } 326 } else 327 udpstat.udps_nosum++; 328 329 #ifdef IPSEC 330 if (udpencap_enable && udpencap_port && 331 uh->uh_dport == htons(udpencap_port)) { 332 u_int32_t spi; 333 int skip = iphlen + sizeof(struct udphdr); 334 335 if (m->m_pkthdr.len - skip < sizeof(u_int32_t)) { 336 /* packet too short */ 337 m_freem(m); 338 return; 339 } 340 m_copydata(m, skip, sizeof(u_int32_t), (caddr_t) &spi); 341 /* 342 * decapsulate if the SPI is not zero, otherwise pass 343 * to userland 344 */ 345 if (spi != 0) { 346 if ((m = m_pullup2(m, skip)) == NULL) { 347 udpstat.udps_hdrops++; 348 return; 349 } 350 351 /* remove the UDP header */ 352 bcopy(mtod(m, u_char *), 353 mtod(m, u_char *) + sizeof(struct udphdr), iphlen); 354 m_adj(m, sizeof(struct udphdr)); 355 skip -= sizeof(struct udphdr); 356 357 espstat.esps_udpencin++; 358 ipsec_common_input(m, skip, offsetof(struct ip, ip_p), 359 srcsa.sa.sa_family, IPPROTO_ESP, 1); 360 return; 361 } 362 } 363 #endif 364 365 switch (srcsa.sa.sa_family) { 366 case AF_INET: 367 bzero(&srcsa, sizeof(struct sockaddr_in)); 368 srcsa.sin.sin_len = sizeof(struct sockaddr_in); 369 srcsa.sin.sin_family = AF_INET; 370 srcsa.sin.sin_port = uh->uh_sport; 371 srcsa.sin.sin_addr = ip->ip_src; 372 373 bzero(&dstsa, sizeof(struct sockaddr_in)); 374 dstsa.sin.sin_len = sizeof(struct sockaddr_in); 375 dstsa.sin.sin_family = AF_INET; 376 dstsa.sin.sin_port = uh->uh_dport; 377 dstsa.sin.sin_addr = ip->ip_dst; 378 break; 379 #ifdef INET6 380 case AF_INET6: 381 bzero(&srcsa, sizeof(struct sockaddr_in6)); 382 srcsa.sin6.sin6_len = sizeof(struct sockaddr_in6); 383 srcsa.sin6.sin6_family = AF_INET6; 384 srcsa.sin6.sin6_port = uh->uh_sport; 385 #if 0 /*XXX inbound flowinfo */ 386 srcsa.sin6.sin6_flowinfo = htonl(0x0fffffff) & ip6->ip6_flow; 387 #endif 388 /* KAME hack: recover scopeid */ 389 (void)in6_recoverscope(&srcsa.sin6, &ip6->ip6_src, 390 m->m_pkthdr.rcvif); 391 392 bzero(&dstsa, sizeof(struct sockaddr_in6)); 393 dstsa.sin6.sin6_len = sizeof(struct sockaddr_in6); 394 dstsa.sin6.sin6_family = AF_INET6; 395 dstsa.sin6.sin6_port = uh->uh_dport; 396 /* KAME hack: recover scopeid */ 397 (void)in6_recoverscope(&dstsa.sin6, &ip6->ip6_dst, 398 m->m_pkthdr.rcvif); 399 break; 400 #endif /* INET6 */ 401 } 402 403 #ifdef INET6 404 if ((ip6 && IN6_IS_ADDR_MULTICAST(&ip6->ip6_dst)) || 405 (ip && IN_MULTICAST(ip->ip_dst.s_addr)) || 406 (ip && in_broadcast(ip->ip_dst, m->m_pkthdr.rcvif))) { 407 #else /* INET6 */ 408 if (IN_MULTICAST(ip->ip_dst.s_addr) || 409 in_broadcast(ip->ip_dst, m->m_pkthdr.rcvif)) { 410 #endif /* INET6 */ 411 struct inpcb *last; 412 /* 413 * Deliver a multicast or broadcast datagram to *all* sockets 414 * for which the local and remote addresses and ports match 415 * those of the incoming datagram. This allows more than 416 * one process to receive multi/broadcasts on the same port. 417 * (This really ought to be done for unicast datagrams as 418 * well, but that would cause problems with existing 419 * applications that open both address-specific sockets and 420 * a wildcard socket listening to the same port -- they would 421 * end up receiving duplicates of every unicast datagram. 422 * Those applications open the multiple sockets to overcome an 423 * inadequacy of the UDP socket interface, but for backwards 424 * compatibility we avoid the problem here rather than 425 * fixing the interface. Maybe 4.5BSD will remedy this?) 426 */ 427 428 iphlen += sizeof(struct udphdr); 429 430 /* 431 * Locate pcb(s) for datagram. 432 * (Algorithm copied from raw_intr().) 433 */ 434 last = NULL; 435 CIRCLEQ_FOREACH(inp, &udbtable.inpt_queue, inp_queue) { 436 #ifdef INET6 437 /* don't accept it if AF does not match */ 438 if (ip6 && !(inp->inp_flags & INP_IPV6)) 439 continue; 440 if (!ip6 && (inp->inp_flags & INP_IPV6)) 441 continue; 442 #endif 443 if (inp->inp_rdomain != m->m_pkthdr.rdomain) 444 continue; 445 if (inp->inp_lport != uh->uh_dport) 446 continue; 447 #ifdef INET6 448 if (ip6) { 449 if (!IN6_IS_ADDR_UNSPECIFIED(&inp->inp_laddr6)) 450 if (!IN6_ARE_ADDR_EQUAL(&inp->inp_laddr6, 451 &ip6->ip6_dst)) 452 continue; 453 } else 454 #endif /* INET6 */ 455 if (inp->inp_laddr.s_addr != INADDR_ANY) { 456 if (inp->inp_laddr.s_addr != ip->ip_dst.s_addr) 457 continue; 458 } 459 #ifdef INET6 460 if (ip6) { 461 if (!IN6_IS_ADDR_UNSPECIFIED(&inp->inp_faddr6)) 462 if (!IN6_ARE_ADDR_EQUAL(&inp->inp_faddr6, 463 &ip6->ip6_src) || 464 inp->inp_fport != uh->uh_sport) 465 continue; 466 } else 467 #endif /* INET6 */ 468 if (inp->inp_faddr.s_addr != INADDR_ANY) { 469 if (inp->inp_faddr.s_addr != 470 ip->ip_src.s_addr || 471 inp->inp_fport != uh->uh_sport) 472 continue; 473 } 474 475 if (last != NULL) { 476 struct mbuf *n; 477 478 if ((n = m_copy(m, 0, M_COPYALL)) != NULL) { 479 #ifdef INET6 480 if (ip6 && (last->inp_flags & 481 IN6P_CONTROLOPTS || 482 last->inp_socket->so_options & 483 SO_TIMESTAMP)) 484 ip6_savecontrol(last, n, &opts); 485 #endif /* INET6 */ 486 if (ip && (last->inp_flags & 487 INP_CONTROLOPTS || 488 last->inp_socket->so_options & 489 SO_TIMESTAMP)) 490 ip_savecontrol(last, &opts, 491 ip, n); 492 493 m_adj(n, iphlen); 494 if (sbappendaddr( 495 &last->inp_socket->so_rcv, 496 &srcsa.sa, n, opts) == 0) { 497 m_freem(n); 498 if (opts) 499 m_freem(opts); 500 udpstat.udps_fullsock++; 501 } else 502 sorwakeup(last->inp_socket); 503 opts = NULL; 504 } 505 } 506 last = inp; 507 /* 508 * Don't look for additional matches if this one does 509 * not have either the SO_REUSEPORT or SO_REUSEADDR 510 * socket options set. This heuristic avoids searching 511 * through all pcbs in the common case of a non-shared 512 * port. It assumes that an application will never 513 * clear these options after setting them. 514 */ 515 if ((last->inp_socket->so_options & (SO_REUSEPORT | 516 SO_REUSEADDR)) == 0) 517 break; 518 } 519 520 if (last == NULL) { 521 /* 522 * No matching pcb found; discard datagram. 523 * (No need to send an ICMP Port Unreachable 524 * for a broadcast or multicast datgram.) 525 */ 526 udpstat.udps_noportbcast++; 527 goto bad; 528 } 529 530 #ifdef INET6 531 if (ip6 && (last->inp_flags & IN6P_CONTROLOPTS || 532 last->inp_socket->so_options & SO_TIMESTAMP)) 533 ip6_savecontrol(last, m, &opts); 534 #endif /* INET6 */ 535 if (ip && (last->inp_flags & INP_CONTROLOPTS || 536 last->inp_socket->so_options & SO_TIMESTAMP)) 537 ip_savecontrol(last, &opts, ip, m); 538 539 m_adj(m, iphlen); 540 if (sbappendaddr(&last->inp_socket->so_rcv, 541 &srcsa.sa, m, opts) == 0) { 542 udpstat.udps_fullsock++; 543 goto bad; 544 } 545 sorwakeup(last->inp_socket); 546 return; 547 } 548 /* 549 * Locate pcb for datagram. 550 */ 551 #if 0 552 if (m->m_pkthdr.pf.statekey) 553 inp = ((struct pf_state_key *)m->m_pkthdr.pf.statekey)->inp; 554 #endif 555 if (inp == NULL) { 556 #ifdef INET6 557 if (ip6) 558 inp = in6_pcbhashlookup(&udbtable, &ip6->ip6_src, 559 uh->uh_sport, &ip6->ip6_dst, uh->uh_dport); 560 else 561 #endif /* INET6 */ 562 inp = in_pcbhashlookup(&udbtable, ip->ip_src, uh->uh_sport, 563 ip->ip_dst, uh->uh_dport, m->m_pkthdr.rdomain); 564 #if NPF > 0 565 if (m->m_pkthdr.pf.statekey && inp) { 566 ((struct pf_state_key *)m->m_pkthdr.pf.statekey)->inp = 567 inp; 568 inp->inp_pf_sk = m->m_pkthdr.pf.statekey; 569 } 570 #endif 571 } 572 if (inp == 0) { 573 int inpl_reverse = 0; 574 if (m->m_pkthdr.pf.flags & PF_TAG_TRANSLATE_LOCALHOST) 575 inpl_reverse = 1; 576 ++udpstat.udps_pcbhashmiss; 577 #ifdef INET6 578 if (ip6) { 579 inp = in6_pcblookup_listen(&udbtable, 580 &ip6->ip6_dst, uh->uh_dport, inpl_reverse, m); 581 } else 582 #endif /* INET6 */ 583 inp = in_pcblookup_listen(&udbtable, 584 ip->ip_dst, uh->uh_dport, inpl_reverse, m, 585 m->m_pkthdr.rdomain); 586 if (inp == 0) { 587 udpstat.udps_noport++; 588 if (m->m_flags & (M_BCAST | M_MCAST)) { 589 udpstat.udps_noportbcast++; 590 goto bad; 591 } 592 #ifdef INET6 593 if (ip6) { 594 uh->uh_sum = savesum; 595 icmp6_error(m, ICMP6_DST_UNREACH, 596 ICMP6_DST_UNREACH_NOPORT,0); 597 } else 598 #endif /* INET6 */ 599 { 600 *ip = save_ip; 601 uh->uh_sum = savesum; 602 icmp_error(m, ICMP_UNREACH, ICMP_UNREACH_PORT, 603 0, 0); 604 } 605 return; 606 } 607 } 608 609 #ifdef IPSEC 610 mtag = m_tag_find(m, PACKET_TAG_IPSEC_IN_DONE, NULL); 611 s = splnet(); 612 if (mtag != NULL) { 613 tdbi = (struct tdb_ident *)(mtag + 1); 614 tdb = gettdb(tdbi->spi, &tdbi->dst, tdbi->proto); 615 } else 616 tdb = NULL; 617 ipsp_spd_lookup(m, srcsa.sa.sa_family, iphlen, &error, 618 IPSP_DIRECTION_IN, tdb, inp); 619 if (error) { 620 splx(s); 621 goto bad; 622 } 623 624 /* Latch SA only if the socket is connected */ 625 if (inp->inp_tdb_in != tdb && 626 (inp->inp_socket->so_state & SS_ISCONNECTED)) { 627 if (tdb) { 628 tdb_add_inp(tdb, inp, 1); 629 if (inp->inp_ipo == NULL) { 630 inp->inp_ipo = ipsec_add_policy(inp, 631 srcsa.sa.sa_family, IPSP_DIRECTION_OUT); 632 if (inp->inp_ipo == NULL) { 633 splx(s); 634 goto bad; 635 } 636 } 637 if (inp->inp_ipo->ipo_dstid == NULL && 638 tdb->tdb_srcid != NULL) { 639 inp->inp_ipo->ipo_dstid = tdb->tdb_srcid; 640 tdb->tdb_srcid->ref_count++; 641 } 642 if (inp->inp_ipsec_remotecred == NULL && 643 tdb->tdb_remote_cred != NULL) { 644 inp->inp_ipsec_remotecred = 645 tdb->tdb_remote_cred; 646 tdb->tdb_remote_cred->ref_count++; 647 } 648 if (inp->inp_ipsec_remoteauth == NULL && 649 tdb->tdb_remote_auth != NULL) { 650 inp->inp_ipsec_remoteauth = 651 tdb->tdb_remote_auth; 652 tdb->tdb_remote_auth->ref_count++; 653 } 654 } else { /* Just reset */ 655 TAILQ_REMOVE(&inp->inp_tdb_in->tdb_inp_in, inp, 656 inp_tdb_in_next); 657 inp->inp_tdb_in = NULL; 658 } 659 } 660 splx(s); 661 #endif /*IPSEC */ 662 663 opts = NULL; 664 #ifdef INET6 665 if (ip6 && (inp->inp_flags & IN6P_CONTROLOPTS || 666 inp->inp_socket->so_options & SO_TIMESTAMP)) 667 ip6_savecontrol(inp, m, &opts); 668 #endif /* INET6 */ 669 if (ip && (inp->inp_flags & INP_CONTROLOPTS || 670 inp->inp_socket->so_options & SO_TIMESTAMP)) 671 ip_savecontrol(inp, &opts, ip, m); 672 if (ip && (inp->inp_flags & INP_RECVDSTPORT)) { 673 struct mbuf **mp = &opts; 674 675 while (*mp) 676 mp = &(*mp)->m_next; 677 *mp = sbcreatecontrol((caddr_t)&uh->uh_dport, sizeof(u_int16_t), 678 IP_RECVDSTPORT, IPPROTO_IP); 679 } 680 681 iphlen += sizeof(struct udphdr); 682 m_adj(m, iphlen); 683 if (sbappendaddr(&inp->inp_socket->so_rcv, &srcsa.sa, m, opts) == 0) { 684 udpstat.udps_fullsock++; 685 goto bad; 686 } 687 sorwakeup(inp->inp_socket); 688 return; 689 bad: 690 m_freem(m); 691 if (opts) 692 m_freem(opts); 693 } 694 695 /* 696 * Notify a udp user of an asynchronous error; 697 * just wake up so that he can collect error status. 698 */ 699 void 700 udp_notify(struct inpcb *inp, int errno) 701 { 702 inp->inp_socket->so_error = errno; 703 sorwakeup(inp->inp_socket); 704 sowwakeup(inp->inp_socket); 705 } 706 707 #ifdef INET6 708 void 709 udp6_ctlinput(int cmd, struct sockaddr *sa, void *d) 710 { 711 struct udphdr uh; 712 struct sockaddr_in6 sa6; 713 struct ip6_hdr *ip6; 714 struct mbuf *m; 715 int off; 716 void *cmdarg; 717 struct ip6ctlparam *ip6cp = NULL; 718 struct udp_portonly { 719 u_int16_t uh_sport; 720 u_int16_t uh_dport; 721 } *uhp; 722 void (*notify)(struct inpcb *, int) = udp_notify; 723 724 if (sa == NULL) 725 return; 726 if (sa->sa_family != AF_INET6 || 727 sa->sa_len != sizeof(struct sockaddr_in6)) 728 return; 729 730 if ((unsigned)cmd >= PRC_NCMDS) 731 return; 732 if (PRC_IS_REDIRECT(cmd)) 733 notify = in_rtchange, d = NULL; 734 else if (cmd == PRC_HOSTDEAD) 735 d = NULL; 736 else if (cmd == PRC_MSGSIZE) 737 ; /* special code is present, see below */ 738 else if (inet6ctlerrmap[cmd] == 0) 739 return; 740 741 /* if the parameter is from icmp6, decode it. */ 742 if (d != NULL) { 743 ip6cp = (struct ip6ctlparam *)d; 744 m = ip6cp->ip6c_m; 745 ip6 = ip6cp->ip6c_ip6; 746 off = ip6cp->ip6c_off; 747 cmdarg = ip6cp->ip6c_cmdarg; 748 } else { 749 m = NULL; 750 ip6 = NULL; 751 cmdarg = NULL; 752 /* XXX: translate addresses into internal form */ 753 sa6 = *(struct sockaddr_in6 *)sa; 754 #ifndef SCOPEDROUTING 755 if (in6_embedscope(&sa6.sin6_addr, &sa6, NULL, NULL)) { 756 /* should be impossible */ 757 return; 758 } 759 #endif 760 } 761 762 if (ip6cp && ip6cp->ip6c_finaldst) { 763 bzero(&sa6, sizeof(sa6)); 764 sa6.sin6_family = AF_INET6; 765 sa6.sin6_len = sizeof(sa6); 766 sa6.sin6_addr = *ip6cp->ip6c_finaldst; 767 /* XXX: assuming M is valid in this case */ 768 sa6.sin6_scope_id = in6_addr2scopeid(m->m_pkthdr.rcvif, 769 ip6cp->ip6c_finaldst); 770 #ifndef SCOPEDROUTING 771 if (in6_embedscope(ip6cp->ip6c_finaldst, &sa6, NULL, NULL)) { 772 /* should be impossible */ 773 return; 774 } 775 #endif 776 } else { 777 /* XXX: translate addresses into internal form */ 778 sa6 = *(struct sockaddr_in6 *)sa; 779 #ifndef SCOPEDROUTING 780 if (in6_embedscope(&sa6.sin6_addr, &sa6, NULL, NULL)) { 781 /* should be impossible */ 782 return; 783 } 784 #endif 785 } 786 787 if (ip6) { 788 /* 789 * XXX: We assume that when IPV6 is non NULL, 790 * M and OFF are valid. 791 */ 792 struct sockaddr_in6 sa6_src; 793 794 /* check if we can safely examine src and dst ports */ 795 if (m->m_pkthdr.len < off + sizeof(*uhp)) 796 return; 797 798 bzero(&uh, sizeof(uh)); 799 m_copydata(m, off, sizeof(*uhp), (caddr_t)&uh); 800 801 bzero(&sa6_src, sizeof(sa6_src)); 802 sa6_src.sin6_family = AF_INET6; 803 sa6_src.sin6_len = sizeof(sa6_src); 804 sa6_src.sin6_addr = ip6->ip6_src; 805 sa6_src.sin6_scope_id = in6_addr2scopeid(m->m_pkthdr.rcvif, 806 &ip6->ip6_src); 807 #ifndef SCOPEDROUTING 808 if (in6_embedscope(&sa6_src.sin6_addr, &sa6_src, NULL, NULL)) { 809 /* should be impossible */ 810 return; 811 } 812 #endif 813 814 if (cmd == PRC_MSGSIZE) { 815 int valid = 0; 816 817 /* 818 * Check to see if we have a valid UDP socket 819 * corresponding to the address in the ICMPv6 message 820 * payload. 821 */ 822 if (in6_pcbhashlookup(&udbtable, &sa6.sin6_addr, 823 uh.uh_dport, &sa6_src.sin6_addr, uh.uh_sport)) 824 valid = 1; 825 #if 0 826 /* 827 * As the use of sendto(2) is fairly popular, 828 * we may want to allow non-connected pcb too. 829 * But it could be too weak against attacks... 830 * We should at least check if the local address (= s) 831 * is really ours. 832 */ 833 else if (in6_pcblookup_listen(&udbtable, 834 &sa6_src.sin6_addr, uh.uh_sport, 0); 835 valid = 1; 836 #endif 837 838 /* 839 * Depending on the value of "valid" and routing table 840 * size (mtudisc_{hi,lo}wat), we will: 841 * - recalculate the new MTU and create the 842 * corresponding routing entry, or 843 * - ignore the MTU change notification. 844 */ 845 icmp6_mtudisc_update((struct ip6ctlparam *)d, valid); 846 847 /* 848 * regardless of if we called icmp6_mtudisc_update(), 849 * we need to call in6_pcbnotify(), to notify path 850 * MTU change to the userland (2292bis-02), because 851 * some unconnected sockets may share the same 852 * destination and want to know the path MTU. 853 */ 854 } 855 856 (void) in6_pcbnotify(&udbtable, (struct sockaddr *)&sa6, 857 uh.uh_dport, (struct sockaddr *)&sa6_src, 858 uh.uh_sport, cmd, cmdarg, notify); 859 } else { 860 (void) in6_pcbnotify(&udbtable, (struct sockaddr *)&sa6, 0, 861 (struct sockaddr *)&sa6_any, 0, cmd, cmdarg, notify); 862 } 863 } 864 #endif 865 866 void * 867 udp_ctlinput(int cmd, struct sockaddr *sa, void *v) 868 { 869 struct ip *ip = v; 870 struct udphdr *uhp; 871 struct in_addr faddr; 872 struct inpcb *inp; 873 extern int inetctlerrmap[]; 874 void (*notify)(struct inpcb *, int) = udp_notify; 875 int errno; 876 877 if (sa == NULL) 878 return NULL; 879 if (sa->sa_family != AF_INET || 880 sa->sa_len != sizeof(struct sockaddr_in)) 881 return NULL; 882 faddr = satosin(sa)->sin_addr; 883 if (faddr.s_addr == INADDR_ANY) 884 return NULL; 885 886 if ((unsigned)cmd >= PRC_NCMDS) 887 return NULL; 888 errno = inetctlerrmap[cmd]; 889 if (PRC_IS_REDIRECT(cmd)) 890 notify = in_rtchange, ip = 0; 891 else if (cmd == PRC_HOSTDEAD) 892 ip = 0; 893 else if (errno == 0) 894 return NULL; 895 if (ip) { 896 uhp = (struct udphdr *)((caddr_t)ip + (ip->ip_hl << 2)); 897 898 #ifdef IPSEC 899 /* PMTU discovery for udpencap */ 900 if (cmd == PRC_MSGSIZE && ip_mtudisc && udpencap_enable && 901 udpencap_port && uhp->uh_sport == htons(udpencap_port)) { 902 udpencap_ctlinput(cmd, sa, v); 903 return (NULL); 904 } 905 #endif 906 inp = in_pcbhashlookup(&udbtable, 907 ip->ip_dst, uhp->uh_dport, ip->ip_src, uhp->uh_sport, 908 /* XXX */ 0); 909 if (inp && inp->inp_socket != NULL) 910 notify(inp, errno); 911 } else 912 in_pcbnotifyall(&udbtable, sa, errno, notify); 913 return (NULL); 914 } 915 916 int 917 udp_output(struct mbuf *m, ...) 918 { 919 struct inpcb *inp; 920 struct mbuf *addr, *control; 921 struct udpiphdr *ui; 922 int len = m->m_pkthdr.len; 923 struct in_addr laddr; 924 int s = 0, error = 0; 925 va_list ap; 926 927 va_start(ap, m); 928 inp = va_arg(ap, struct inpcb *); 929 addr = va_arg(ap, struct mbuf *); 930 control = va_arg(ap, struct mbuf *); 931 va_end(ap); 932 933 #ifdef DIAGNOSTIC 934 if ((inp->inp_flags & INP_IPV6) != 0) 935 panic("IPv6 inpcb to udp_output"); 936 #endif 937 938 /* 939 * Compute the packet length of the IP header, and 940 * punt if the length looks bogus. 941 */ 942 if ((len + sizeof(struct udpiphdr)) > IP_MAXPACKET) { 943 error = EMSGSIZE; 944 goto release; 945 } 946 947 if (addr) { 948 laddr = inp->inp_laddr; 949 if (inp->inp_faddr.s_addr != INADDR_ANY) { 950 error = EISCONN; 951 goto release; 952 } 953 /* 954 * Must block input while temporarily connected. 955 */ 956 s = splsoftnet(); 957 error = in_pcbconnect(inp, addr); 958 if (error) { 959 splx(s); 960 goto release; 961 } 962 } else { 963 if (inp->inp_faddr.s_addr == INADDR_ANY) { 964 error = ENOTCONN; 965 goto release; 966 } 967 } 968 /* 969 * Calculate data length and get a mbuf 970 * for UDP and IP headers. 971 */ 972 M_PREPEND(m, sizeof(struct udpiphdr), M_DONTWAIT); 973 if (m == NULL) { 974 error = ENOBUFS; 975 goto bail; 976 } 977 978 /* 979 * Fill in mbuf with extended UDP header 980 * and addresses and length put into network format. 981 */ 982 ui = mtod(m, struct udpiphdr *); 983 bzero(ui->ui_x1, sizeof ui->ui_x1); 984 ui->ui_pr = IPPROTO_UDP; 985 ui->ui_len = htons((u_int16_t)len + sizeof (struct udphdr)); 986 ui->ui_src = inp->inp_laddr; 987 ui->ui_dst = inp->inp_faddr; 988 ui->ui_sport = inp->inp_lport; 989 ui->ui_dport = inp->inp_fport; 990 ui->ui_ulen = ui->ui_len; 991 992 /* 993 * Compute the pseudo-header checksum; defer further checksumming 994 * until ip_output() or hardware (if it exists). 995 */ 996 if (udpcksum) { 997 m->m_pkthdr.csum_flags |= M_UDPV4_CSUM_OUT; 998 ui->ui_sum = in_cksum_phdr(ui->ui_src.s_addr, 999 ui->ui_dst.s_addr, htons((u_int16_t)len + 1000 sizeof (struct udphdr) + IPPROTO_UDP)); 1001 } else 1002 ui->ui_sum = 0; 1003 ((struct ip *)ui)->ip_len = htons(sizeof (struct udpiphdr) + len); 1004 ((struct ip *)ui)->ip_ttl = inp->inp_ip.ip_ttl; 1005 ((struct ip *)ui)->ip_tos = inp->inp_ip.ip_tos; 1006 1007 udpstat.udps_opackets++; 1008 1009 /* force routing domain */ 1010 m->m_pkthdr.rdomain = inp->inp_rdomain; 1011 1012 error = ip_output(m, inp->inp_options, &inp->inp_route, 1013 inp->inp_socket->so_options & 1014 (SO_DONTROUTE | SO_BROADCAST | SO_JUMBO), 1015 inp->inp_moptions, inp); 1016 1017 bail: 1018 if (addr) { 1019 inp->inp_laddr = laddr; 1020 in_pcbdisconnect(inp); 1021 splx(s); 1022 } 1023 if (control) 1024 m_freem(control); 1025 return (error); 1026 1027 release: 1028 m_freem(m); 1029 if (control) 1030 m_freem(control); 1031 return (error); 1032 } 1033 1034 /*ARGSUSED*/ 1035 int 1036 udp_usrreq(struct socket *so, int req, struct mbuf *m, struct mbuf *addr, 1037 struct mbuf *control, struct proc *p) 1038 { 1039 struct inpcb *inp = sotoinpcb(so); 1040 int error = 0; 1041 int s; 1042 1043 if (req == PRU_CONTROL) { 1044 #ifdef INET6 1045 if (inp->inp_flags & INP_IPV6) 1046 return (in6_control(so, (u_long)m, (caddr_t)addr, 1047 (struct ifnet *)control, 0)); 1048 else 1049 #endif /* INET6 */ 1050 return (in_control(so, (u_long)m, (caddr_t)addr, 1051 (struct ifnet *)control)); 1052 } 1053 if (inp == NULL && req != PRU_ATTACH) { 1054 error = EINVAL; 1055 goto release; 1056 } 1057 /* 1058 * Note: need to block udp_input while changing 1059 * the udp pcb queue and/or pcb addresses. 1060 */ 1061 switch (req) { 1062 1063 case PRU_ATTACH: 1064 if (inp != NULL) { 1065 error = EINVAL; 1066 break; 1067 } 1068 s = splsoftnet(); 1069 error = in_pcballoc(so, &udbtable); 1070 splx(s); 1071 if (error) 1072 break; 1073 error = soreserve(so, udp_sendspace, udp_recvspace); 1074 if (error) 1075 break; 1076 #ifdef INET6 1077 if (((struct inpcb *)so->so_pcb)->inp_flags & INP_IPV6) 1078 ((struct inpcb *) so->so_pcb)->inp_ipv6.ip6_hlim = 1079 ip6_defhlim; 1080 else 1081 #endif /* INET6 */ 1082 ((struct inpcb *) so->so_pcb)->inp_ip.ip_ttl = ip_defttl; 1083 break; 1084 1085 case PRU_DETACH: 1086 udp_detach(inp); 1087 break; 1088 1089 case PRU_BIND: 1090 s = splsoftnet(); 1091 #ifdef INET6 1092 if (inp->inp_flags & INP_IPV6) 1093 error = in6_pcbbind(inp, addr, p); 1094 else 1095 #endif 1096 error = in_pcbbind(inp, addr, p); 1097 splx(s); 1098 break; 1099 1100 case PRU_LISTEN: 1101 error = EOPNOTSUPP; 1102 break; 1103 1104 case PRU_CONNECT: 1105 #ifdef INET6 1106 if (inp->inp_flags & INP_IPV6) { 1107 if (!IN6_IS_ADDR_UNSPECIFIED(&inp->inp_faddr6)) { 1108 error = EISCONN; 1109 break; 1110 } 1111 s = splsoftnet(); 1112 error = in6_pcbconnect(inp, addr); 1113 splx(s); 1114 } else 1115 #endif /* INET6 */ 1116 { 1117 if (inp->inp_faddr.s_addr != INADDR_ANY) { 1118 error = EISCONN; 1119 break; 1120 } 1121 s = splsoftnet(); 1122 error = in_pcbconnect(inp, addr); 1123 splx(s); 1124 } 1125 1126 if (error == 0) 1127 soisconnected(so); 1128 break; 1129 1130 case PRU_CONNECT2: 1131 error = EOPNOTSUPP; 1132 break; 1133 1134 case PRU_ACCEPT: 1135 error = EOPNOTSUPP; 1136 break; 1137 1138 case PRU_DISCONNECT: 1139 #ifdef INET6 1140 if (inp->inp_flags & INP_IPV6) { 1141 if (IN6_IS_ADDR_UNSPECIFIED(&inp->inp_faddr6)) { 1142 error = ENOTCONN; 1143 break; 1144 } 1145 } else 1146 #endif /* INET6 */ 1147 { 1148 if (inp->inp_faddr.s_addr == INADDR_ANY) { 1149 error = ENOTCONN; 1150 break; 1151 } 1152 } 1153 1154 s = splsoftnet(); 1155 #ifdef INET6 1156 if (inp->inp_flags & INP_IPV6) 1157 inp->inp_laddr6 = in6addr_any; 1158 else 1159 #endif /* INET6 */ 1160 inp->inp_laddr.s_addr = INADDR_ANY; 1161 in_pcbdisconnect(inp); 1162 1163 splx(s); 1164 so->so_state &= ~SS_ISCONNECTED; /* XXX */ 1165 break; 1166 1167 case PRU_SHUTDOWN: 1168 socantsendmore(so); 1169 break; 1170 1171 case PRU_SEND: 1172 #ifdef INET6 1173 if (inp->inp_flags & INP_IPV6) 1174 return (udp6_output(inp, m, addr, control)); 1175 else 1176 return (udp_output(m, inp, addr, control)); 1177 #else 1178 return (udp_output(m, inp, addr, control)); 1179 #endif 1180 1181 case PRU_ABORT: 1182 soisdisconnected(so); 1183 udp_detach(inp); 1184 break; 1185 1186 case PRU_SOCKADDR: 1187 #ifdef INET6 1188 if (inp->inp_flags & INP_IPV6) 1189 in6_setsockaddr(inp, addr); 1190 else 1191 #endif /* INET6 */ 1192 in_setsockaddr(inp, addr); 1193 break; 1194 1195 case PRU_PEERADDR: 1196 #ifdef INET6 1197 if (inp->inp_flags & INP_IPV6) 1198 in6_setpeeraddr(inp, addr); 1199 else 1200 #endif /* INET6 */ 1201 in_setpeeraddr(inp, addr); 1202 break; 1203 1204 case PRU_SENSE: 1205 /* 1206 * stat: don't bother with a blocksize. 1207 */ 1208 /* 1209 * Perhaps Path MTU might be returned for a connected 1210 * UDP socket in this case. 1211 */ 1212 return (0); 1213 1214 case PRU_SENDOOB: 1215 case PRU_FASTTIMO: 1216 case PRU_SLOWTIMO: 1217 case PRU_PROTORCV: 1218 case PRU_PROTOSEND: 1219 error = EOPNOTSUPP; 1220 break; 1221 1222 case PRU_RCVD: 1223 case PRU_RCVOOB: 1224 return (EOPNOTSUPP); /* do not free mbuf's */ 1225 1226 default: 1227 panic("udp_usrreq"); 1228 } 1229 1230 release: 1231 if (control) { 1232 m_freem(control); 1233 } 1234 if (m) 1235 m_freem(m); 1236 return (error); 1237 } 1238 1239 void 1240 udp_detach(struct inpcb *inp) 1241 { 1242 int s = splsoftnet(); 1243 1244 in_pcbdetach(inp); 1245 splx(s); 1246 } 1247 1248 /* 1249 * Sysctl for udp variables. 1250 */ 1251 int 1252 udp_sysctl(int *name, u_int namelen, void *oldp, size_t *oldlenp, void *newp, 1253 size_t newlen) 1254 { 1255 /* All sysctl names at this level are terminal. */ 1256 if (namelen != 1) 1257 return (ENOTDIR); 1258 1259 switch (name[0]) { 1260 case UDPCTL_BADDYNAMIC: 1261 return (sysctl_struct(oldp, oldlenp, newp, newlen, 1262 baddynamicports.udp, sizeof(baddynamicports.udp))); 1263 1264 case UDPCTL_STATS: 1265 if (newp != NULL) 1266 return (EPERM); 1267 return (sysctl_struct(oldp, oldlenp, newp, newlen, 1268 &udpstat, sizeof(udpstat))); 1269 1270 default: 1271 if (name[0] < UDPCTL_MAXID) 1272 return (sysctl_int_arr(udpctl_vars, name, namelen, 1273 oldp, oldlenp, newp, newlen)); 1274 return (ENOPROTOOPT); 1275 } 1276 /* NOTREACHED */ 1277 } 1278