1 /* $OpenBSD: udp_usrreq.c,v 1.147 2012/04/04 04:31:38 yasuoka Exp $ */ 2 /* $NetBSD: udp_usrreq.c,v 1.28 1996/03/16 23:54:03 christos Exp $ */ 3 4 /* 5 * Copyright (c) 1982, 1986, 1988, 1990, 1993 6 * The Regents of the University of California. All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 1. Redistributions of source code must retain the above copyright 12 * notice, this list of conditions and the following disclaimer. 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 3. Neither the name of the University nor the names of its contributors 17 * may be used to endorse or promote products derived from this software 18 * without specific prior written permission. 19 * 20 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 23 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 30 * SUCH DAMAGE. 31 * 32 * @(#)COPYRIGHT 1.1 (NRL) 17 January 1995 33 * 34 * NRL grants permission for redistribution and use in source and binary 35 * forms, with or without modification, of the software and documentation 36 * created at NRL provided that the following conditions are met: 37 * 38 * 1. Redistributions of source code must retain the above copyright 39 * notice, this list of conditions and the following disclaimer. 40 * 2. Redistributions in binary form must reproduce the above copyright 41 * notice, this list of conditions and the following disclaimer in the 42 * documentation and/or other materials provided with the distribution. 43 * 3. All advertising materials mentioning features or use of this software 44 * must display the following acknowledgements: 45 * This product includes software developed by the University of 46 * California, Berkeley and its contributors. 47 * This product includes software developed at the Information 48 * Technology Division, US Naval Research Laboratory. 49 * 4. Neither the name of the NRL nor the names of its contributors 50 * may be used to endorse or promote products derived from this software 51 * without specific prior written permission. 52 * 53 * THE SOFTWARE PROVIDED BY NRL IS PROVIDED BY NRL AND CONTRIBUTORS ``AS 54 * IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 55 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A 56 * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL NRL OR 57 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, 58 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, 59 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR 60 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF 61 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 62 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 63 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 64 * 65 * The views and conclusions contained in the software and documentation 66 * are those of the authors and should not be interpreted as representing 67 * official policies, either expressed or implied, of the US Naval 68 * Research Laboratory (NRL). 69 */ 70 71 #include <sys/param.h> 72 #include <sys/systm.h> 73 #include <sys/mbuf.h> 74 #include <sys/protosw.h> 75 #include <sys/socket.h> 76 #include <sys/socketvar.h> 77 #include <sys/proc.h> 78 #include <sys/sysctl.h> 79 80 #include <net/if.h> 81 #include <net/route.h> 82 83 #include <netinet/in.h> 84 #include <netinet/in_systm.h> 85 #include <netinet/in_var.h> 86 #include <netinet/ip.h> 87 #include <netinet/in_pcb.h> 88 #include <netinet/ip_var.h> 89 #include <netinet/ip_icmp.h> 90 #include <netinet/udp.h> 91 #include <netinet/udp_var.h> 92 93 #ifdef IPSEC 94 #include <netinet/ip_ipsp.h> 95 #include <netinet/ip_esp.h> 96 #endif 97 98 #ifdef INET6 99 #ifndef INET 100 #include <netinet/in.h> 101 #endif 102 #include <netinet6/ip6protosw.h> 103 104 extern int ip6_defhlim; 105 #endif /* INET6 */ 106 107 #include "faith.h" 108 #if NFAITH > 0 109 #include <net/if_types.h> 110 #endif 111 112 #include "pf.h" 113 #if NPF > 0 114 #include <net/pfvar.h> 115 #endif 116 117 #ifdef PIPEX 118 #include <netinet/if_ether.h> 119 #include <net/pipex.h> 120 #endif 121 122 /* 123 * UDP protocol implementation. 124 * Per RFC 768, August, 1980. 125 */ 126 int udpcksum = 1; 127 128 u_int udp_sendspace = 9216; /* really max datagram size */ 129 u_int udp_recvspace = 40 * (1024 + sizeof(struct sockaddr_in)); 130 /* 40 1K datagrams */ 131 132 int *udpctl_vars[UDPCTL_MAXID] = UDPCTL_VARS; 133 134 struct inpcbtable udbtable; 135 struct udpstat udpstat; 136 137 void udp_detach(struct inpcb *); 138 void udp_notify(struct inpcb *, int); 139 140 #ifndef UDBHASHSIZE 141 #define UDBHASHSIZE 128 142 #endif 143 int udbhashsize = UDBHASHSIZE; 144 145 /* from in_pcb.c */ 146 extern struct baddynamicports baddynamicports; 147 148 void 149 udp_init() 150 { 151 in_pcbinit(&udbtable, udbhashsize); 152 } 153 154 #ifdef INET6 155 int 156 udp6_input(struct mbuf **mp, int *offp, int proto) 157 { 158 struct mbuf *m = *mp; 159 160 #if NFAITH > 0 161 if (m->m_pkthdr.rcvif) { 162 if (m->m_pkthdr.rcvif->if_type == IFT_FAITH) { 163 /* XXX send icmp6 host/port unreach? */ 164 m_freem(m); 165 return IPPROTO_DONE; 166 } 167 } 168 #endif 169 170 udp_input(m, *offp, proto); 171 return IPPROTO_DONE; 172 } 173 #endif 174 175 void 176 udp_input(struct mbuf *m, ...) 177 { 178 struct ip *ip; 179 struct udphdr *uh; 180 struct inpcb *inp = NULL; 181 struct mbuf *opts = NULL; 182 struct ip save_ip; 183 int iphlen, len; 184 va_list ap; 185 u_int16_t savesum; 186 union { 187 struct sockaddr sa; 188 struct sockaddr_in sin; 189 #ifdef INET6 190 struct sockaddr_in6 sin6; 191 #endif /* INET6 */ 192 } srcsa, dstsa; 193 #ifdef INET6 194 struct ip6_hdr *ip6; 195 #endif /* INET6 */ 196 #ifdef IPSEC 197 struct m_tag *mtag; 198 struct tdb_ident *tdbi; 199 struct tdb *tdb; 200 int error, s; 201 #endif /* IPSEC */ 202 203 va_start(ap, m); 204 iphlen = va_arg(ap, int); 205 va_end(ap); 206 207 udpstat.udps_ipackets++; 208 209 switch (mtod(m, struct ip *)->ip_v) { 210 case 4: 211 ip = mtod(m, struct ip *); 212 #ifdef INET6 213 ip6 = NULL; 214 #endif /* INET6 */ 215 srcsa.sa.sa_family = AF_INET; 216 break; 217 #ifdef INET6 218 case 6: 219 ip = NULL; 220 ip6 = mtod(m, struct ip6_hdr *); 221 srcsa.sa.sa_family = AF_INET6; 222 break; 223 #endif /* INET6 */ 224 default: 225 goto bad; 226 } 227 228 IP6_EXTHDR_GET(uh, struct udphdr *, m, iphlen, sizeof(struct udphdr)); 229 if (!uh) { 230 udpstat.udps_hdrops++; 231 return; 232 } 233 234 /* Check for illegal destination port 0 */ 235 if (uh->uh_dport == 0) { 236 udpstat.udps_noport++; 237 goto bad; 238 } 239 240 /* 241 * Make mbuf data length reflect UDP length. 242 * If not enough data to reflect UDP length, drop. 243 */ 244 len = ntohs((u_int16_t)uh->uh_ulen); 245 if (ip) { 246 if (m->m_pkthdr.len - iphlen != len) { 247 if (len > (m->m_pkthdr.len - iphlen) || 248 len < sizeof(struct udphdr)) { 249 udpstat.udps_badlen++; 250 goto bad; 251 } 252 m_adj(m, len - (m->m_pkthdr.len - iphlen)); 253 } 254 } 255 #ifdef INET6 256 else if (ip6) { 257 /* jumbograms */ 258 if (len == 0 && m->m_pkthdr.len - iphlen > 0xffff) 259 len = m->m_pkthdr.len - iphlen; 260 if (len != m->m_pkthdr.len - iphlen) { 261 udpstat.udps_badlen++; 262 goto bad; 263 } 264 } 265 #endif 266 else /* shouldn't happen */ 267 goto bad; 268 269 /* 270 * Save a copy of the IP header in case we want restore it 271 * for sending an ICMP error message in response. 272 */ 273 if (ip) 274 save_ip = *ip; 275 276 /* 277 * Checksum extended UDP header and data. 278 * from W.R.Stevens: check incoming udp cksums even if 279 * udpcksum is not set. 280 */ 281 savesum = uh->uh_sum; 282 #ifdef INET6 283 if (ip6) { 284 /* Be proactive about malicious use of IPv4 mapped address */ 285 if (IN6_IS_ADDR_V4MAPPED(&ip6->ip6_src) || 286 IN6_IS_ADDR_V4MAPPED(&ip6->ip6_dst)) { 287 /* XXX stat */ 288 goto bad; 289 } 290 291 /* 292 * In IPv6, the UDP checksum is ALWAYS used. 293 */ 294 if (uh->uh_sum == 0) { 295 udpstat.udps_nosum++; 296 goto bad; 297 } 298 if ((m->m_pkthdr.csum_flags & M_UDP_CSUM_IN_OK) == 0) { 299 if (m->m_pkthdr.csum_flags & M_UDP_CSUM_IN_BAD) { 300 udpstat.udps_badsum++; 301 udpstat.udps_inhwcsum++; 302 goto bad; 303 } 304 305 if ((uh->uh_sum = in6_cksum(m, IPPROTO_UDP, 306 iphlen, len))) { 307 udpstat.udps_badsum++; 308 goto bad; 309 } 310 } else { 311 m->m_pkthdr.csum_flags &= ~M_UDP_CSUM_IN_OK; 312 udpstat.udps_inhwcsum++; 313 } 314 } else 315 #endif /* INET6 */ 316 if (uh->uh_sum) { 317 if ((m->m_pkthdr.csum_flags & M_UDP_CSUM_IN_OK) == 0) { 318 if (m->m_pkthdr.csum_flags & M_UDP_CSUM_IN_BAD) { 319 udpstat.udps_badsum++; 320 udpstat.udps_inhwcsum++; 321 m_freem(m); 322 return; 323 } 324 325 if ((uh->uh_sum = in4_cksum(m, IPPROTO_UDP, 326 iphlen, len))) { 327 udpstat.udps_badsum++; 328 m_freem(m); 329 return; 330 } 331 } else { 332 m->m_pkthdr.csum_flags &= ~M_UDP_CSUM_IN_OK; 333 udpstat.udps_inhwcsum++; 334 } 335 } else 336 udpstat.udps_nosum++; 337 338 #ifdef IPSEC 339 if (udpencap_enable && udpencap_port && 340 uh->uh_dport == htons(udpencap_port)) { 341 u_int32_t spi; 342 int skip = iphlen + sizeof(struct udphdr); 343 344 if (m->m_pkthdr.len - skip < sizeof(u_int32_t)) { 345 /* packet too short */ 346 m_freem(m); 347 return; 348 } 349 m_copydata(m, skip, sizeof(u_int32_t), (caddr_t) &spi); 350 /* 351 * decapsulate if the SPI is not zero, otherwise pass 352 * to userland 353 */ 354 if (spi != 0) { 355 if ((m = m_pullup(m, skip)) == NULL) { 356 udpstat.udps_hdrops++; 357 return; 358 } 359 360 /* remove the UDP header */ 361 bcopy(mtod(m, u_char *), 362 mtod(m, u_char *) + sizeof(struct udphdr), iphlen); 363 m_adj(m, sizeof(struct udphdr)); 364 skip -= sizeof(struct udphdr); 365 366 espstat.esps_udpencin++; 367 ipsec_common_input(m, skip, offsetof(struct ip, ip_p), 368 srcsa.sa.sa_family, IPPROTO_ESP, 1); 369 return; 370 } 371 } 372 #endif 373 374 switch (srcsa.sa.sa_family) { 375 case AF_INET: 376 bzero(&srcsa, sizeof(struct sockaddr_in)); 377 srcsa.sin.sin_len = sizeof(struct sockaddr_in); 378 srcsa.sin.sin_family = AF_INET; 379 srcsa.sin.sin_port = uh->uh_sport; 380 srcsa.sin.sin_addr = ip->ip_src; 381 382 bzero(&dstsa, sizeof(struct sockaddr_in)); 383 dstsa.sin.sin_len = sizeof(struct sockaddr_in); 384 dstsa.sin.sin_family = AF_INET; 385 dstsa.sin.sin_port = uh->uh_dport; 386 dstsa.sin.sin_addr = ip->ip_dst; 387 break; 388 #ifdef INET6 389 case AF_INET6: 390 bzero(&srcsa, sizeof(struct sockaddr_in6)); 391 srcsa.sin6.sin6_len = sizeof(struct sockaddr_in6); 392 srcsa.sin6.sin6_family = AF_INET6; 393 srcsa.sin6.sin6_port = uh->uh_sport; 394 #if 0 /*XXX inbound flowinfo */ 395 srcsa.sin6.sin6_flowinfo = htonl(0x0fffffff) & ip6->ip6_flow; 396 #endif 397 /* KAME hack: recover scopeid */ 398 (void)in6_recoverscope(&srcsa.sin6, &ip6->ip6_src, 399 m->m_pkthdr.rcvif); 400 401 bzero(&dstsa, sizeof(struct sockaddr_in6)); 402 dstsa.sin6.sin6_len = sizeof(struct sockaddr_in6); 403 dstsa.sin6.sin6_family = AF_INET6; 404 dstsa.sin6.sin6_port = uh->uh_dport; 405 /* KAME hack: recover scopeid */ 406 (void)in6_recoverscope(&dstsa.sin6, &ip6->ip6_dst, 407 m->m_pkthdr.rcvif); 408 break; 409 #endif /* INET6 */ 410 } 411 412 #ifdef INET6 413 if ((ip6 && IN6_IS_ADDR_MULTICAST(&ip6->ip6_dst)) || 414 (ip && IN_MULTICAST(ip->ip_dst.s_addr)) || 415 (ip && in_broadcast(ip->ip_dst, m->m_pkthdr.rcvif, 416 m->m_pkthdr.rdomain))) { 417 #else /* INET6 */ 418 if (IN_MULTICAST(ip->ip_dst.s_addr) || 419 in_broadcast(ip->ip_dst, m->m_pkthdr.rcvif, m->m_pkthdr.rdomain)) { 420 #endif /* INET6 */ 421 struct inpcb *last; 422 /* 423 * Deliver a multicast or broadcast datagram to *all* sockets 424 * for which the local and remote addresses and ports match 425 * those of the incoming datagram. This allows more than 426 * one process to receive multi/broadcasts on the same port. 427 * (This really ought to be done for unicast datagrams as 428 * well, but that would cause problems with existing 429 * applications that open both address-specific sockets and 430 * a wildcard socket listening to the same port -- they would 431 * end up receiving duplicates of every unicast datagram. 432 * Those applications open the multiple sockets to overcome an 433 * inadequacy of the UDP socket interface, but for backwards 434 * compatibility we avoid the problem here rather than 435 * fixing the interface. Maybe 4.5BSD will remedy this?) 436 */ 437 438 iphlen += sizeof(struct udphdr); 439 440 /* 441 * Locate pcb(s) for datagram. 442 * (Algorithm copied from raw_intr().) 443 */ 444 last = NULL; 445 CIRCLEQ_FOREACH(inp, &udbtable.inpt_queue, inp_queue) { 446 if (inp->inp_socket->so_state & SS_CANTRCVMORE) 447 continue; 448 #ifdef INET6 449 /* don't accept it if AF does not match */ 450 if (ip6 && !(inp->inp_flags & INP_IPV6)) 451 continue; 452 if (!ip6 && (inp->inp_flags & INP_IPV6)) 453 continue; 454 #endif 455 if (rtable_l2(inp->inp_rtableid) != 456 rtable_l2(m->m_pkthdr.rdomain)) 457 continue; 458 if (inp->inp_lport != uh->uh_dport) 459 continue; 460 #ifdef INET6 461 if (ip6) { 462 if (!IN6_IS_ADDR_UNSPECIFIED(&inp->inp_laddr6)) 463 if (!IN6_ARE_ADDR_EQUAL(&inp->inp_laddr6, 464 &ip6->ip6_dst)) 465 continue; 466 } else 467 #endif /* INET6 */ 468 if (inp->inp_laddr.s_addr != INADDR_ANY) { 469 if (inp->inp_laddr.s_addr != ip->ip_dst.s_addr) 470 continue; 471 } 472 #ifdef INET6 473 if (ip6) { 474 if (!IN6_IS_ADDR_UNSPECIFIED(&inp->inp_faddr6)) 475 if (!IN6_ARE_ADDR_EQUAL(&inp->inp_faddr6, 476 &ip6->ip6_src) || 477 inp->inp_fport != uh->uh_sport) 478 continue; 479 } else 480 #endif /* INET6 */ 481 if (inp->inp_faddr.s_addr != INADDR_ANY) { 482 if (inp->inp_faddr.s_addr != 483 ip->ip_src.s_addr || 484 inp->inp_fport != uh->uh_sport) 485 continue; 486 } 487 488 if (last != NULL) { 489 struct mbuf *n; 490 491 if ((n = m_copy(m, 0, M_COPYALL)) != NULL) { 492 #ifdef INET6 493 if (ip6 && (last->inp_flags & 494 IN6P_CONTROLOPTS || 495 last->inp_socket->so_options & 496 SO_TIMESTAMP)) 497 ip6_savecontrol(last, n, &opts); 498 #endif /* INET6 */ 499 if (ip && (last->inp_flags & 500 INP_CONTROLOPTS || 501 last->inp_socket->so_options & 502 SO_TIMESTAMP)) 503 ip_savecontrol(last, &opts, 504 ip, n); 505 506 m_adj(n, iphlen); 507 if (sbappendaddr( 508 &last->inp_socket->so_rcv, 509 &srcsa.sa, n, opts) == 0) { 510 m_freem(n); 511 if (opts) 512 m_freem(opts); 513 udpstat.udps_fullsock++; 514 } else 515 sorwakeup(last->inp_socket); 516 opts = NULL; 517 } 518 } 519 last = inp; 520 /* 521 * Don't look for additional matches if this one does 522 * not have either the SO_REUSEPORT or SO_REUSEADDR 523 * socket options set. This heuristic avoids searching 524 * through all pcbs in the common case of a non-shared 525 * port. It assumes that an application will never 526 * clear these options after setting them. 527 */ 528 if ((last->inp_socket->so_options & (SO_REUSEPORT | 529 SO_REUSEADDR)) == 0) 530 break; 531 } 532 533 if (last == NULL) { 534 /* 535 * No matching pcb found; discard datagram. 536 * (No need to send an ICMP Port Unreachable 537 * for a broadcast or multicast datgram.) 538 */ 539 udpstat.udps_noportbcast++; 540 goto bad; 541 } 542 543 #ifdef INET6 544 if (ip6 && (last->inp_flags & IN6P_CONTROLOPTS || 545 last->inp_socket->so_options & SO_TIMESTAMP)) 546 ip6_savecontrol(last, m, &opts); 547 #endif /* INET6 */ 548 if (ip && (last->inp_flags & INP_CONTROLOPTS || 549 last->inp_socket->so_options & SO_TIMESTAMP)) 550 ip_savecontrol(last, &opts, ip, m); 551 552 m_adj(m, iphlen); 553 if (sbappendaddr(&last->inp_socket->so_rcv, 554 &srcsa.sa, m, opts) == 0) { 555 udpstat.udps_fullsock++; 556 goto bad; 557 } 558 sorwakeup(last->inp_socket); 559 return; 560 } 561 /* 562 * Locate pcb for datagram. 563 */ 564 #if 0 565 if (m->m_pkthdr.pf.statekey) 566 inp = ((struct pf_state_key *)m->m_pkthdr.pf.statekey)->inp; 567 #endif 568 if (inp == NULL) { 569 #ifdef INET6 570 if (ip6) 571 inp = in6_pcbhashlookup(&udbtable, &ip6->ip6_src, 572 uh->uh_sport, &ip6->ip6_dst, uh->uh_dport); 573 else 574 #endif /* INET6 */ 575 inp = in_pcbhashlookup(&udbtable, ip->ip_src, uh->uh_sport, 576 ip->ip_dst, uh->uh_dport, m->m_pkthdr.rdomain); 577 #if NPF > 0 578 if (m->m_pkthdr.pf.statekey && inp) { 579 ((struct pf_state_key *)m->m_pkthdr.pf.statekey)->inp = 580 inp; 581 inp->inp_pf_sk = m->m_pkthdr.pf.statekey; 582 } 583 #endif 584 } 585 if (inp == 0) { 586 int inpl_reverse = 0; 587 if (m->m_pkthdr.pf.flags & PF_TAG_TRANSLATE_LOCALHOST) 588 inpl_reverse = 1; 589 ++udpstat.udps_pcbhashmiss; 590 #ifdef INET6 591 if (ip6) { 592 inp = in6_pcblookup_listen(&udbtable, 593 &ip6->ip6_dst, uh->uh_dport, inpl_reverse, m); 594 } else 595 #endif /* INET6 */ 596 inp = in_pcblookup_listen(&udbtable, 597 ip->ip_dst, uh->uh_dport, inpl_reverse, m, 598 m->m_pkthdr.rdomain); 599 if (inp == 0) { 600 udpstat.udps_noport++; 601 if (m->m_flags & (M_BCAST | M_MCAST)) { 602 udpstat.udps_noportbcast++; 603 goto bad; 604 } 605 #ifdef INET6 606 if (ip6) { 607 uh->uh_sum = savesum; 608 icmp6_error(m, ICMP6_DST_UNREACH, 609 ICMP6_DST_UNREACH_NOPORT,0); 610 } else 611 #endif /* INET6 */ 612 { 613 *ip = save_ip; 614 uh->uh_sum = savesum; 615 icmp_error(m, ICMP_UNREACH, ICMP_UNREACH_PORT, 616 0, 0); 617 } 618 return; 619 } 620 } 621 622 #ifdef IPSEC 623 mtag = m_tag_find(m, PACKET_TAG_IPSEC_IN_DONE, NULL); 624 s = splnet(); 625 if (mtag != NULL) { 626 tdbi = (struct tdb_ident *)(mtag + 1); 627 tdb = gettdb(tdbi->rdomain, tdbi->spi, 628 &tdbi->dst, tdbi->proto); 629 } else 630 tdb = NULL; 631 ipsp_spd_lookup(m, srcsa.sa.sa_family, iphlen, &error, 632 IPSP_DIRECTION_IN, tdb, inp); 633 if (error) { 634 splx(s); 635 goto bad; 636 } 637 638 /* Latch SA only if the socket is connected */ 639 if (inp->inp_tdb_in != tdb && 640 (inp->inp_socket->so_state & SS_ISCONNECTED)) { 641 if (tdb) { 642 tdb_add_inp(tdb, inp, 1); 643 if (inp->inp_ipo == NULL) { 644 inp->inp_ipo = ipsec_add_policy(inp, 645 srcsa.sa.sa_family, IPSP_DIRECTION_OUT); 646 if (inp->inp_ipo == NULL) { 647 splx(s); 648 goto bad; 649 } 650 } 651 if (inp->inp_ipo->ipo_dstid == NULL && 652 tdb->tdb_srcid != NULL) { 653 inp->inp_ipo->ipo_dstid = tdb->tdb_srcid; 654 tdb->tdb_srcid->ref_count++; 655 } 656 if (inp->inp_ipsec_remotecred == NULL && 657 tdb->tdb_remote_cred != NULL) { 658 inp->inp_ipsec_remotecred = 659 tdb->tdb_remote_cred; 660 tdb->tdb_remote_cred->ref_count++; 661 } 662 if (inp->inp_ipsec_remoteauth == NULL && 663 tdb->tdb_remote_auth != NULL) { 664 inp->inp_ipsec_remoteauth = 665 tdb->tdb_remote_auth; 666 tdb->tdb_remote_auth->ref_count++; 667 } 668 } else { /* Just reset */ 669 TAILQ_REMOVE(&inp->inp_tdb_in->tdb_inp_in, inp, 670 inp_tdb_in_next); 671 inp->inp_tdb_in = NULL; 672 } 673 } 674 splx(s); 675 #endif /*IPSEC */ 676 677 opts = NULL; 678 #ifdef INET6 679 if (ip6 && (inp->inp_flags & IN6P_CONTROLOPTS || 680 inp->inp_socket->so_options & SO_TIMESTAMP)) 681 ip6_savecontrol(inp, m, &opts); 682 #endif /* INET6 */ 683 if (ip && (inp->inp_flags & INP_CONTROLOPTS || 684 inp->inp_socket->so_options & SO_TIMESTAMP)) 685 ip_savecontrol(inp, &opts, ip, m); 686 if (ip && (inp->inp_flags & INP_RECVDSTPORT)) { 687 struct mbuf **mp = &opts; 688 689 while (*mp) 690 mp = &(*mp)->m_next; 691 *mp = sbcreatecontrol((caddr_t)&uh->uh_dport, sizeof(u_int16_t), 692 IP_RECVDSTPORT, IPPROTO_IP); 693 } 694 #ifdef PIPEX 695 if (pipex_enable && inp->inp_pipex) { 696 struct pipex_session *session; 697 int off = iphlen + sizeof(struct udphdr); 698 if ((session = pipex_l2tp_lookup_session(m, off)) != NULL) { 699 if ((m = pipex_l2tp_input(m, off, session)) == NULL) 700 return; /* the packet is handled by PIPEX */ 701 } 702 } 703 #endif 704 705 iphlen += sizeof(struct udphdr); 706 m_adj(m, iphlen); 707 if (sbappendaddr(&inp->inp_socket->so_rcv, &srcsa.sa, m, opts) == 0) { 708 udpstat.udps_fullsock++; 709 goto bad; 710 } 711 sorwakeup(inp->inp_socket); 712 return; 713 bad: 714 m_freem(m); 715 if (opts) 716 m_freem(opts); 717 } 718 719 /* 720 * Notify a udp user of an asynchronous error; 721 * just wake up so that he can collect error status. 722 */ 723 void 724 udp_notify(struct inpcb *inp, int errno) 725 { 726 inp->inp_socket->so_error = errno; 727 sorwakeup(inp->inp_socket); 728 sowwakeup(inp->inp_socket); 729 } 730 731 #ifdef INET6 732 void 733 udp6_ctlinput(int cmd, struct sockaddr *sa, void *d) 734 { 735 struct udphdr uh; 736 struct sockaddr_in6 sa6; 737 struct ip6_hdr *ip6; 738 struct mbuf *m; 739 int off; 740 void *cmdarg; 741 struct ip6ctlparam *ip6cp = NULL; 742 struct udp_portonly { 743 u_int16_t uh_sport; 744 u_int16_t uh_dport; 745 } *uhp; 746 void (*notify)(struct inpcb *, int) = udp_notify; 747 748 if (sa == NULL) 749 return; 750 if (sa->sa_family != AF_INET6 || 751 sa->sa_len != sizeof(struct sockaddr_in6)) 752 return; 753 754 if ((unsigned)cmd >= PRC_NCMDS) 755 return; 756 if (PRC_IS_REDIRECT(cmd)) 757 notify = in_rtchange, d = NULL; 758 else if (cmd == PRC_HOSTDEAD) 759 d = NULL; 760 else if (cmd == PRC_MSGSIZE) 761 ; /* special code is present, see below */ 762 else if (inet6ctlerrmap[cmd] == 0) 763 return; 764 765 /* if the parameter is from icmp6, decode it. */ 766 if (d != NULL) { 767 ip6cp = (struct ip6ctlparam *)d; 768 m = ip6cp->ip6c_m; 769 ip6 = ip6cp->ip6c_ip6; 770 off = ip6cp->ip6c_off; 771 cmdarg = ip6cp->ip6c_cmdarg; 772 } else { 773 m = NULL; 774 ip6 = NULL; 775 cmdarg = NULL; 776 /* XXX: translate addresses into internal form */ 777 sa6 = *(struct sockaddr_in6 *)sa; 778 #ifndef SCOPEDROUTING 779 if (in6_embedscope(&sa6.sin6_addr, &sa6, NULL, NULL)) { 780 /* should be impossible */ 781 return; 782 } 783 #endif 784 } 785 786 if (ip6cp && ip6cp->ip6c_finaldst) { 787 bzero(&sa6, sizeof(sa6)); 788 sa6.sin6_family = AF_INET6; 789 sa6.sin6_len = sizeof(sa6); 790 sa6.sin6_addr = *ip6cp->ip6c_finaldst; 791 /* XXX: assuming M is valid in this case */ 792 sa6.sin6_scope_id = in6_addr2scopeid(m->m_pkthdr.rcvif, 793 ip6cp->ip6c_finaldst); 794 #ifndef SCOPEDROUTING 795 if (in6_embedscope(ip6cp->ip6c_finaldst, &sa6, NULL, NULL)) { 796 /* should be impossible */ 797 return; 798 } 799 #endif 800 } else { 801 /* XXX: translate addresses into internal form */ 802 sa6 = *(struct sockaddr_in6 *)sa; 803 #ifndef SCOPEDROUTING 804 if (in6_embedscope(&sa6.sin6_addr, &sa6, NULL, NULL)) { 805 /* should be impossible */ 806 return; 807 } 808 #endif 809 } 810 811 if (ip6) { 812 /* 813 * XXX: We assume that when IPV6 is non NULL, 814 * M and OFF are valid. 815 */ 816 struct sockaddr_in6 sa6_src; 817 818 /* check if we can safely examine src and dst ports */ 819 if (m->m_pkthdr.len < off + sizeof(*uhp)) 820 return; 821 822 bzero(&uh, sizeof(uh)); 823 m_copydata(m, off, sizeof(*uhp), (caddr_t)&uh); 824 825 bzero(&sa6_src, sizeof(sa6_src)); 826 sa6_src.sin6_family = AF_INET6; 827 sa6_src.sin6_len = sizeof(sa6_src); 828 sa6_src.sin6_addr = ip6->ip6_src; 829 sa6_src.sin6_scope_id = in6_addr2scopeid(m->m_pkthdr.rcvif, 830 &ip6->ip6_src); 831 #ifndef SCOPEDROUTING 832 if (in6_embedscope(&sa6_src.sin6_addr, &sa6_src, NULL, NULL)) { 833 /* should be impossible */ 834 return; 835 } 836 #endif 837 838 if (cmd == PRC_MSGSIZE) { 839 int valid = 0; 840 841 /* 842 * Check to see if we have a valid UDP socket 843 * corresponding to the address in the ICMPv6 message 844 * payload. 845 */ 846 if (in6_pcbhashlookup(&udbtable, &sa6.sin6_addr, 847 uh.uh_dport, &sa6_src.sin6_addr, uh.uh_sport)) 848 valid = 1; 849 #if 0 850 /* 851 * As the use of sendto(2) is fairly popular, 852 * we may want to allow non-connected pcb too. 853 * But it could be too weak against attacks... 854 * We should at least check if the local address (= s) 855 * is really ours. 856 */ 857 else if (in6_pcblookup_listen(&udbtable, 858 &sa6_src.sin6_addr, uh.uh_sport, 0); 859 valid = 1; 860 #endif 861 862 /* 863 * Depending on the value of "valid" and routing table 864 * size (mtudisc_{hi,lo}wat), we will: 865 * - recalculate the new MTU and create the 866 * corresponding routing entry, or 867 * - ignore the MTU change notification. 868 */ 869 icmp6_mtudisc_update((struct ip6ctlparam *)d, valid); 870 871 /* 872 * regardless of if we called icmp6_mtudisc_update(), 873 * we need to call in6_pcbnotify(), to notify path 874 * MTU change to the userland (2292bis-02), because 875 * some unconnected sockets may share the same 876 * destination and want to know the path MTU. 877 */ 878 } 879 880 (void) in6_pcbnotify(&udbtable, (struct sockaddr *)&sa6, 881 uh.uh_dport, (struct sockaddr *)&sa6_src, 882 uh.uh_sport, cmd, cmdarg, notify); 883 } else { 884 (void) in6_pcbnotify(&udbtable, (struct sockaddr *)&sa6, 0, 885 (struct sockaddr *)&sa6_any, 0, cmd, cmdarg, notify); 886 } 887 } 888 #endif 889 890 void * 891 udp_ctlinput(int cmd, struct sockaddr *sa, u_int rdomain, void *v) 892 { 893 struct ip *ip = v; 894 struct udphdr *uhp; 895 struct in_addr faddr; 896 struct inpcb *inp; 897 extern int inetctlerrmap[]; 898 void (*notify)(struct inpcb *, int) = udp_notify; 899 int errno; 900 901 if (sa == NULL) 902 return NULL; 903 if (sa->sa_family != AF_INET || 904 sa->sa_len != sizeof(struct sockaddr_in)) 905 return NULL; 906 faddr = satosin(sa)->sin_addr; 907 if (faddr.s_addr == INADDR_ANY) 908 return NULL; 909 910 if ((unsigned)cmd >= PRC_NCMDS) 911 return NULL; 912 errno = inetctlerrmap[cmd]; 913 if (PRC_IS_REDIRECT(cmd)) 914 notify = in_rtchange, ip = 0; 915 else if (cmd == PRC_HOSTDEAD) 916 ip = 0; 917 else if (errno == 0) 918 return NULL; 919 if (ip) { 920 uhp = (struct udphdr *)((caddr_t)ip + (ip->ip_hl << 2)); 921 922 #ifdef IPSEC 923 /* PMTU discovery for udpencap */ 924 if (cmd == PRC_MSGSIZE && ip_mtudisc && udpencap_enable && 925 udpencap_port && uhp->uh_sport == htons(udpencap_port)) { 926 udpencap_ctlinput(cmd, sa, rdomain, v); 927 return (NULL); 928 } 929 #endif 930 inp = in_pcbhashlookup(&udbtable, 931 ip->ip_dst, uhp->uh_dport, ip->ip_src, uhp->uh_sport, 932 rdomain); 933 if (inp && inp->inp_socket != NULL) 934 notify(inp, errno); 935 } else 936 in_pcbnotifyall(&udbtable, sa, rdomain, errno, notify); 937 return (NULL); 938 } 939 940 int 941 udp_output(struct mbuf *m, ...) 942 { 943 struct inpcb *inp; 944 struct mbuf *addr, *control; 945 struct udpiphdr *ui; 946 int len = m->m_pkthdr.len; 947 struct in_addr laddr; 948 int s = 0, error = 0; 949 va_list ap; 950 951 va_start(ap, m); 952 inp = va_arg(ap, struct inpcb *); 953 addr = va_arg(ap, struct mbuf *); 954 control = va_arg(ap, struct mbuf *); 955 va_end(ap); 956 957 #ifdef DIAGNOSTIC 958 if ((inp->inp_flags & INP_IPV6) != 0) 959 panic("IPv6 inpcb to udp_output"); 960 #endif 961 962 /* 963 * Compute the packet length of the IP header, and 964 * punt if the length looks bogus. 965 */ 966 if ((len + sizeof(struct udpiphdr)) > IP_MAXPACKET) { 967 error = EMSGSIZE; 968 goto release; 969 } 970 971 if (addr) { 972 laddr = inp->inp_laddr; 973 if (inp->inp_faddr.s_addr != INADDR_ANY) { 974 error = EISCONN; 975 goto release; 976 } 977 /* 978 * Must block input while temporarily connected. 979 */ 980 s = splsoftnet(); 981 error = in_pcbconnect(inp, addr); 982 if (error) { 983 splx(s); 984 goto release; 985 } 986 } else { 987 if (inp->inp_faddr.s_addr == INADDR_ANY) { 988 error = ENOTCONN; 989 goto release; 990 } 991 } 992 /* 993 * Calculate data length and get a mbuf 994 * for UDP and IP headers. 995 */ 996 M_PREPEND(m, sizeof(struct udpiphdr), M_DONTWAIT); 997 if (m == NULL) { 998 error = ENOBUFS; 999 goto bail; 1000 } 1001 1002 /* 1003 * Fill in mbuf with extended UDP header 1004 * and addresses and length put into network format. 1005 */ 1006 ui = mtod(m, struct udpiphdr *); 1007 bzero(ui->ui_x1, sizeof ui->ui_x1); 1008 ui->ui_pr = IPPROTO_UDP; 1009 ui->ui_len = htons((u_int16_t)len + sizeof (struct udphdr)); 1010 ui->ui_src = inp->inp_laddr; 1011 ui->ui_dst = inp->inp_faddr; 1012 ui->ui_sport = inp->inp_lport; 1013 ui->ui_dport = inp->inp_fport; 1014 ui->ui_ulen = ui->ui_len; 1015 1016 /* 1017 * Compute the pseudo-header checksum; defer further checksumming 1018 * until ip_output() or hardware (if it exists). 1019 */ 1020 if (udpcksum) { 1021 m->m_pkthdr.csum_flags |= M_UDP_CSUM_OUT; 1022 ui->ui_sum = in_cksum_phdr(ui->ui_src.s_addr, 1023 ui->ui_dst.s_addr, htons((u_int16_t)len + 1024 sizeof (struct udphdr) + IPPROTO_UDP)); 1025 } else 1026 ui->ui_sum = 0; 1027 ((struct ip *)ui)->ip_len = htons(sizeof (struct udpiphdr) + len); 1028 ((struct ip *)ui)->ip_ttl = inp->inp_ip.ip_ttl; 1029 ((struct ip *)ui)->ip_tos = inp->inp_ip.ip_tos; 1030 1031 udpstat.udps_opackets++; 1032 1033 /* force routing domain */ 1034 m->m_pkthdr.rdomain = inp->inp_rtableid; 1035 1036 error = ip_output(m, inp->inp_options, &inp->inp_route, 1037 inp->inp_socket->so_options & (SO_DONTROUTE | SO_BROADCAST), 1038 inp->inp_moptions, inp); 1039 if (error == EACCES) /* translate pf(4) error for userland */ 1040 error = EHOSTUNREACH; 1041 1042 bail: 1043 if (addr) { 1044 inp->inp_laddr = laddr; 1045 in_pcbdisconnect(inp); 1046 splx(s); 1047 } 1048 if (control) 1049 m_freem(control); 1050 return (error); 1051 1052 release: 1053 m_freem(m); 1054 if (control) 1055 m_freem(control); 1056 return (error); 1057 } 1058 1059 /*ARGSUSED*/ 1060 int 1061 udp_usrreq(struct socket *so, int req, struct mbuf *m, struct mbuf *addr, 1062 struct mbuf *control, struct proc *p) 1063 { 1064 struct inpcb *inp = sotoinpcb(so); 1065 int error = 0; 1066 int s; 1067 1068 if (req == PRU_CONTROL) { 1069 #ifdef INET6 1070 if (inp->inp_flags & INP_IPV6) 1071 return (in6_control(so, (u_long)m, (caddr_t)addr, 1072 (struct ifnet *)control, 0)); 1073 else 1074 #endif /* INET6 */ 1075 return (in_control(so, (u_long)m, (caddr_t)addr, 1076 (struct ifnet *)control)); 1077 } 1078 if (inp == NULL && req != PRU_ATTACH) { 1079 error = EINVAL; 1080 goto release; 1081 } 1082 /* 1083 * Note: need to block udp_input while changing 1084 * the udp pcb queue and/or pcb addresses. 1085 */ 1086 switch (req) { 1087 1088 case PRU_ATTACH: 1089 if (inp != NULL) { 1090 error = EINVAL; 1091 break; 1092 } 1093 s = splsoftnet(); 1094 error = in_pcballoc(so, &udbtable); 1095 splx(s); 1096 if (error) 1097 break; 1098 error = soreserve(so, udp_sendspace, udp_recvspace); 1099 if (error) 1100 break; 1101 #ifdef INET6 1102 if (((struct inpcb *)so->so_pcb)->inp_flags & INP_IPV6) 1103 ((struct inpcb *) so->so_pcb)->inp_ipv6.ip6_hlim = 1104 ip6_defhlim; 1105 else 1106 #endif /* INET6 */ 1107 ((struct inpcb *) so->so_pcb)->inp_ip.ip_ttl = ip_defttl; 1108 break; 1109 1110 case PRU_DETACH: 1111 udp_detach(inp); 1112 break; 1113 1114 case PRU_BIND: 1115 s = splsoftnet(); 1116 #ifdef INET6 1117 if (inp->inp_flags & INP_IPV6) 1118 error = in6_pcbbind(inp, addr, p); 1119 else 1120 #endif 1121 error = in_pcbbind(inp, addr, p); 1122 splx(s); 1123 break; 1124 1125 case PRU_LISTEN: 1126 error = EOPNOTSUPP; 1127 break; 1128 1129 case PRU_CONNECT: 1130 #ifdef INET6 1131 if (inp->inp_flags & INP_IPV6) { 1132 if (!IN6_IS_ADDR_UNSPECIFIED(&inp->inp_faddr6)) { 1133 error = EISCONN; 1134 break; 1135 } 1136 s = splsoftnet(); 1137 error = in6_pcbconnect(inp, addr); 1138 splx(s); 1139 } else 1140 #endif /* INET6 */ 1141 { 1142 if (inp->inp_faddr.s_addr != INADDR_ANY) { 1143 error = EISCONN; 1144 break; 1145 } 1146 s = splsoftnet(); 1147 error = in_pcbconnect(inp, addr); 1148 splx(s); 1149 } 1150 1151 if (error == 0) 1152 soisconnected(so); 1153 break; 1154 1155 case PRU_CONNECT2: 1156 error = EOPNOTSUPP; 1157 break; 1158 1159 case PRU_ACCEPT: 1160 error = EOPNOTSUPP; 1161 break; 1162 1163 case PRU_DISCONNECT: 1164 #ifdef INET6 1165 if (inp->inp_flags & INP_IPV6) { 1166 if (IN6_IS_ADDR_UNSPECIFIED(&inp->inp_faddr6)) { 1167 error = ENOTCONN; 1168 break; 1169 } 1170 } else 1171 #endif /* INET6 */ 1172 { 1173 if (inp->inp_faddr.s_addr == INADDR_ANY) { 1174 error = ENOTCONN; 1175 break; 1176 } 1177 } 1178 1179 s = splsoftnet(); 1180 #ifdef INET6 1181 if (inp->inp_flags & INP_IPV6) 1182 inp->inp_laddr6 = in6addr_any; 1183 else 1184 #endif /* INET6 */ 1185 inp->inp_laddr.s_addr = INADDR_ANY; 1186 in_pcbdisconnect(inp); 1187 1188 splx(s); 1189 so->so_state &= ~SS_ISCONNECTED; /* XXX */ 1190 break; 1191 1192 case PRU_SHUTDOWN: 1193 socantsendmore(so); 1194 break; 1195 1196 case PRU_SEND: 1197 #ifdef PIPEX 1198 if (inp->inp_pipex) { 1199 struct pipex_session *session; 1200 1201 if (addr != NULL) 1202 session = 1203 pipex_l2tp_userland_lookup_session(m, 1204 mtod(addr, struct sockaddr *)); 1205 else 1206 #ifdef INET6 1207 if (inp->inp_flags & INP_IPV6) 1208 session = 1209 pipex_l2tp_userland_lookup_session_ipv6( 1210 m, inp->inp_faddr6); 1211 else 1212 #endif 1213 session = 1214 pipex_l2tp_userland_lookup_session_ipv4( 1215 m, inp->inp_faddr); 1216 if (session != NULL) 1217 if ((m = pipex_l2tp_userland_output( 1218 m, session)) == NULL) { 1219 error = ENOMEM; 1220 goto release; 1221 } 1222 } 1223 #endif 1224 1225 #ifdef INET6 1226 if (inp->inp_flags & INP_IPV6) 1227 return (udp6_output(inp, m, addr, control)); 1228 else 1229 return (udp_output(m, inp, addr, control)); 1230 #else 1231 return (udp_output(m, inp, addr, control)); 1232 #endif 1233 1234 case PRU_ABORT: 1235 soisdisconnected(so); 1236 udp_detach(inp); 1237 break; 1238 1239 case PRU_SOCKADDR: 1240 #ifdef INET6 1241 if (inp->inp_flags & INP_IPV6) 1242 in6_setsockaddr(inp, addr); 1243 else 1244 #endif /* INET6 */ 1245 in_setsockaddr(inp, addr); 1246 break; 1247 1248 case PRU_PEERADDR: 1249 #ifdef INET6 1250 if (inp->inp_flags & INP_IPV6) 1251 in6_setpeeraddr(inp, addr); 1252 else 1253 #endif /* INET6 */ 1254 in_setpeeraddr(inp, addr); 1255 break; 1256 1257 case PRU_SENSE: 1258 /* 1259 * stat: don't bother with a blocksize. 1260 */ 1261 /* 1262 * Perhaps Path MTU might be returned for a connected 1263 * UDP socket in this case. 1264 */ 1265 return (0); 1266 1267 case PRU_SENDOOB: 1268 case PRU_FASTTIMO: 1269 case PRU_SLOWTIMO: 1270 case PRU_PROTORCV: 1271 case PRU_PROTOSEND: 1272 error = EOPNOTSUPP; 1273 break; 1274 1275 case PRU_RCVD: 1276 case PRU_RCVOOB: 1277 return (EOPNOTSUPP); /* do not free mbuf's */ 1278 1279 default: 1280 panic("udp_usrreq"); 1281 } 1282 1283 release: 1284 if (control) { 1285 m_freem(control); 1286 } 1287 if (m) 1288 m_freem(m); 1289 return (error); 1290 } 1291 1292 void 1293 udp_detach(struct inpcb *inp) 1294 { 1295 int s = splsoftnet(); 1296 1297 in_pcbdetach(inp); 1298 splx(s); 1299 } 1300 1301 /* 1302 * Sysctl for udp variables. 1303 */ 1304 int 1305 udp_sysctl(int *name, u_int namelen, void *oldp, size_t *oldlenp, void *newp, 1306 size_t newlen) 1307 { 1308 /* All sysctl names at this level are terminal. */ 1309 if (namelen != 1) 1310 return (ENOTDIR); 1311 1312 switch (name[0]) { 1313 case UDPCTL_BADDYNAMIC: 1314 return (sysctl_struct(oldp, oldlenp, newp, newlen, 1315 baddynamicports.udp, sizeof(baddynamicports.udp))); 1316 1317 case UDPCTL_STATS: 1318 if (newp != NULL) 1319 return (EPERM); 1320 return (sysctl_struct(oldp, oldlenp, newp, newlen, 1321 &udpstat, sizeof(udpstat))); 1322 1323 default: 1324 if (name[0] < UDPCTL_MAXID) 1325 return (sysctl_int_arr(udpctl_vars, name, namelen, 1326 oldp, oldlenp, newp, newlen)); 1327 return (ENOPROTOOPT); 1328 } 1329 /* NOTREACHED */ 1330 } 1331