1 /* $OpenBSD: udp_usrreq.c,v 1.205 2015/08/14 18:07:28 bluhm Exp $ */ 2 /* $NetBSD: udp_usrreq.c,v 1.28 1996/03/16 23:54:03 christos Exp $ */ 3 4 /* 5 * Copyright (c) 1982, 1986, 1988, 1990, 1993 6 * The Regents of the University of California. All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 1. Redistributions of source code must retain the above copyright 12 * notice, this list of conditions and the following disclaimer. 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 3. Neither the name of the University nor the names of its contributors 17 * may be used to endorse or promote products derived from this software 18 * without specific prior written permission. 19 * 20 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 23 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 30 * SUCH DAMAGE. 31 * 32 * @(#)COPYRIGHT 1.1 (NRL) 17 January 1995 33 * 34 * NRL grants permission for redistribution and use in source and binary 35 * forms, with or without modification, of the software and documentation 36 * created at NRL provided that the following conditions are met: 37 * 38 * 1. Redistributions of source code must retain the above copyright 39 * notice, this list of conditions and the following disclaimer. 40 * 2. Redistributions in binary form must reproduce the above copyright 41 * notice, this list of conditions and the following disclaimer in the 42 * documentation and/or other materials provided with the distribution. 43 * 3. All advertising materials mentioning features or use of this software 44 * must display the following acknowledgements: 45 * This product includes software developed by the University of 46 * California, Berkeley and its contributors. 47 * This product includes software developed at the Information 48 * Technology Division, US Naval Research Laboratory. 49 * 4. Neither the name of the NRL nor the names of its contributors 50 * may be used to endorse or promote products derived from this software 51 * without specific prior written permission. 52 * 53 * THE SOFTWARE PROVIDED BY NRL IS PROVIDED BY NRL AND CONTRIBUTORS ``AS 54 * IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 55 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A 56 * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL NRL OR 57 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, 58 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, 59 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR 60 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF 61 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 62 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 63 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 64 * 65 * The views and conclusions contained in the software and documentation 66 * are those of the authors and should not be interpreted as representing 67 * official policies, either expressed or implied, of the US Naval 68 * Research Laboratory (NRL). 69 */ 70 71 #include <sys/param.h> 72 #include <sys/systm.h> 73 #include <sys/mbuf.h> 74 #include <sys/protosw.h> 75 #include <sys/socket.h> 76 #include <sys/socketvar.h> 77 #include <sys/sysctl.h> 78 #include <sys/domain.h> 79 80 #include <net/if.h> 81 #include <net/if_var.h> 82 #include <net/if_media.h> 83 #include <net/route.h> 84 85 #include <netinet/in.h> 86 #include <netinet/in_var.h> 87 #include <netinet/ip.h> 88 #include <netinet/in_pcb.h> 89 #include <netinet/ip_var.h> 90 #include <netinet/ip_icmp.h> 91 #include <netinet/udp.h> 92 #include <netinet/udp_var.h> 93 94 #ifdef IPSEC 95 #include <netinet/ip_ipsp.h> 96 #include <netinet/ip_esp.h> 97 #endif 98 99 #ifdef INET6 100 #include <netinet6/in6_var.h> 101 #include <netinet6/ip6_var.h> 102 #include <netinet6/ip6protosw.h> 103 #endif /* INET6 */ 104 105 #include "pf.h" 106 #if NPF > 0 107 #include <net/pfvar.h> 108 #endif 109 110 #ifdef PIPEX 111 #include <netinet/if_ether.h> 112 #include <net/pipex.h> 113 #endif 114 115 #include "vxlan.h" 116 #if NVXLAN > 0 117 #include <net/if_vxlan.h> 118 #endif 119 120 /* 121 * UDP protocol implementation. 122 * Per RFC 768, August, 1980. 123 */ 124 int udpcksum = 1; 125 126 u_int udp_sendspace = 9216; /* really max datagram size */ 127 u_int udp_recvspace = 40 * (1024 + sizeof(struct sockaddr_in)); 128 /* 40 1K datagrams */ 129 130 int *udpctl_vars[UDPCTL_MAXID] = UDPCTL_VARS; 131 132 struct inpcbtable udbtable; 133 struct udpstat udpstat; 134 135 int udp_output(struct inpcb *, struct mbuf *, struct mbuf *, struct mbuf *); 136 void udp_notify(struct inpcb *, int); 137 138 #ifndef UDB_INITIAL_HASH_SIZE 139 #define UDB_INITIAL_HASH_SIZE 128 140 #endif 141 142 void 143 udp_init() 144 { 145 in_pcbinit(&udbtable, UDB_INITIAL_HASH_SIZE); 146 } 147 148 #ifdef INET6 149 int 150 udp6_input(struct mbuf **mp, int *offp, int proto) 151 { 152 struct mbuf *m = *mp; 153 154 udp_input(m, *offp, proto); 155 return IPPROTO_DONE; 156 } 157 #endif 158 159 void 160 udp_input(struct mbuf *m, ...) 161 { 162 struct ip *ip; 163 struct udphdr *uh; 164 struct inpcb *inp = NULL; 165 struct mbuf *opts = NULL; 166 struct ip save_ip; 167 int iphlen, len; 168 va_list ap; 169 u_int16_t savesum; 170 union { 171 struct sockaddr sa; 172 struct sockaddr_in sin; 173 #ifdef INET6 174 struct sockaddr_in6 sin6; 175 #endif /* INET6 */ 176 } srcsa; 177 #ifdef INET6 178 struct ip6_hdr *ip6; 179 #endif /* INET6 */ 180 #ifdef IPSEC 181 struct m_tag *mtag; 182 struct tdb_ident *tdbi; 183 struct tdb *tdb; 184 int error; 185 u_int32_t ipsecflowinfo = 0; 186 #endif /* IPSEC */ 187 188 va_start(ap, m); 189 iphlen = va_arg(ap, int); 190 va_end(ap); 191 192 udpstat.udps_ipackets++; 193 194 switch (mtod(m, struct ip *)->ip_v) { 195 case 4: 196 ip = mtod(m, struct ip *); 197 #ifdef INET6 198 ip6 = NULL; 199 #endif /* INET6 */ 200 srcsa.sa.sa_family = AF_INET; 201 break; 202 #ifdef INET6 203 case 6: 204 ip = NULL; 205 ip6 = mtod(m, struct ip6_hdr *); 206 srcsa.sa.sa_family = AF_INET6; 207 break; 208 #endif /* INET6 */ 209 default: 210 goto bad; 211 } 212 213 IP6_EXTHDR_GET(uh, struct udphdr *, m, iphlen, sizeof(struct udphdr)); 214 if (!uh) { 215 udpstat.udps_hdrops++; 216 return; 217 } 218 219 /* Check for illegal destination port 0 */ 220 if (uh->uh_dport == 0) { 221 udpstat.udps_noport++; 222 goto bad; 223 } 224 225 /* 226 * Make mbuf data length reflect UDP length. 227 * If not enough data to reflect UDP length, drop. 228 */ 229 len = ntohs((u_int16_t)uh->uh_ulen); 230 if (ip) { 231 if (m->m_pkthdr.len - iphlen != len) { 232 if (len > (m->m_pkthdr.len - iphlen) || 233 len < sizeof(struct udphdr)) { 234 udpstat.udps_badlen++; 235 goto bad; 236 } 237 m_adj(m, len - (m->m_pkthdr.len - iphlen)); 238 } 239 } 240 #ifdef INET6 241 else if (ip6) { 242 /* jumbograms */ 243 if (len == 0 && m->m_pkthdr.len - iphlen > 0xffff) 244 len = m->m_pkthdr.len - iphlen; 245 if (len != m->m_pkthdr.len - iphlen) { 246 udpstat.udps_badlen++; 247 goto bad; 248 } 249 } 250 #endif 251 else /* shouldn't happen */ 252 goto bad; 253 254 /* 255 * Save a copy of the IP header in case we want restore it 256 * for sending an ICMP error message in response. 257 */ 258 if (ip) 259 save_ip = *ip; 260 261 #ifdef INET6 262 if (ip6) { 263 /* Be proactive about malicious use of IPv4 mapped address */ 264 if (IN6_IS_ADDR_V4MAPPED(&ip6->ip6_src) || 265 IN6_IS_ADDR_V4MAPPED(&ip6->ip6_dst)) { 266 /* XXX stat */ 267 goto bad; 268 } 269 } 270 #endif /* INET6 */ 271 272 /* 273 * Checksum extended UDP header and data. 274 * from W.R.Stevens: check incoming udp cksums even if 275 * udpcksum is not set. 276 */ 277 savesum = uh->uh_sum; 278 if (uh->uh_sum == 0) { 279 udpstat.udps_nosum++; 280 #ifdef INET6 281 /* 282 * In IPv6, the UDP checksum is ALWAYS used. 283 */ 284 if (ip6) 285 goto bad; 286 #endif /* INET6 */ 287 } else { 288 if ((m->m_pkthdr.csum_flags & M_UDP_CSUM_IN_OK) == 0) { 289 if (m->m_pkthdr.csum_flags & M_UDP_CSUM_IN_BAD) { 290 udpstat.udps_badsum++; 291 goto bad; 292 } 293 udpstat.udps_inswcsum++; 294 295 if (ip) 296 uh->uh_sum = in4_cksum(m, IPPROTO_UDP, 297 iphlen, len); 298 #ifdef INET6 299 else if (ip6) 300 uh->uh_sum = in6_cksum(m, IPPROTO_UDP, 301 iphlen, len); 302 #endif /* INET6 */ 303 if (uh->uh_sum != 0) { 304 udpstat.udps_badsum++; 305 goto bad; 306 } 307 } 308 } 309 310 #ifdef IPSEC 311 if (udpencap_enable && udpencap_port && 312 #if NPF > 0 313 !(m->m_pkthdr.pf.flags & PF_TAG_DIVERTED) && 314 #endif 315 uh->uh_dport == htons(udpencap_port)) { 316 u_int32_t spi; 317 int skip = iphlen + sizeof(struct udphdr); 318 319 if (m->m_pkthdr.len - skip < sizeof(u_int32_t)) { 320 /* packet too short */ 321 m_freem(m); 322 return; 323 } 324 m_copydata(m, skip, sizeof(u_int32_t), (caddr_t) &spi); 325 /* 326 * decapsulate if the SPI is not zero, otherwise pass 327 * to userland 328 */ 329 if (spi != 0) { 330 if ((m = m_pullup(m, skip)) == NULL) { 331 udpstat.udps_hdrops++; 332 return; 333 } 334 335 /* remove the UDP header */ 336 bcopy(mtod(m, u_char *), 337 mtod(m, u_char *) + sizeof(struct udphdr), iphlen); 338 m_adj(m, sizeof(struct udphdr)); 339 skip -= sizeof(struct udphdr); 340 341 espstat.esps_udpencin++; 342 ipsec_common_input(m, skip, offsetof(struct ip, ip_p), 343 srcsa.sa.sa_family, IPPROTO_ESP, 1); 344 return; 345 } 346 } 347 #endif 348 349 switch (srcsa.sa.sa_family) { 350 case AF_INET: 351 bzero(&srcsa, sizeof(struct sockaddr_in)); 352 srcsa.sin.sin_len = sizeof(struct sockaddr_in); 353 srcsa.sin.sin_family = AF_INET; 354 srcsa.sin.sin_port = uh->uh_sport; 355 srcsa.sin.sin_addr = ip->ip_src; 356 break; 357 #ifdef INET6 358 case AF_INET6: 359 bzero(&srcsa, sizeof(struct sockaddr_in6)); 360 srcsa.sin6.sin6_len = sizeof(struct sockaddr_in6); 361 srcsa.sin6.sin6_family = AF_INET6; 362 srcsa.sin6.sin6_port = uh->uh_sport; 363 #if 0 /*XXX inbound flowinfo */ 364 srcsa.sin6.sin6_flowinfo = htonl(0x0fffffff) & ip6->ip6_flow; 365 #endif 366 /* KAME hack: recover scopeid */ 367 (void)in6_recoverscope(&srcsa.sin6, &ip6->ip6_src, NULL); 368 break; 369 #endif /* INET6 */ 370 } 371 372 #if NVXLAN > 0 373 if (vxlan_enable > 0 && 374 #if NPF > 0 375 !(m->m_pkthdr.pf.flags & PF_TAG_DIVERTED) && 376 #endif 377 (error = vxlan_lookup(m, uh, iphlen, &srcsa.sa)) != 0) { 378 if (error == -1) { 379 udpstat.udps_hdrops++; 380 m_freem(m); 381 } 382 return; 383 } 384 #endif 385 386 if (m->m_flags & (M_BCAST|M_MCAST)) { 387 struct inpcb *last; 388 /* 389 * Deliver a multicast or broadcast datagram to *all* sockets 390 * for which the local and remote addresses and ports match 391 * those of the incoming datagram. This allows more than 392 * one process to receive multi/broadcasts on the same port. 393 * (This really ought to be done for unicast datagrams as 394 * well, but that would cause problems with existing 395 * applications that open both address-specific sockets and 396 * a wildcard socket listening to the same port -- they would 397 * end up receiving duplicates of every unicast datagram. 398 * Those applications open the multiple sockets to overcome an 399 * inadequacy of the UDP socket interface, but for backwards 400 * compatibility we avoid the problem here rather than 401 * fixing the interface. Maybe 4.5BSD will remedy this?) 402 */ 403 404 iphlen += sizeof(struct udphdr); 405 406 /* 407 * Locate pcb(s) for datagram. 408 * (Algorithm copied from raw_intr().) 409 */ 410 last = NULL; 411 TAILQ_FOREACH(inp, &udbtable.inpt_queue, inp_queue) { 412 if (inp->inp_socket->so_state & SS_CANTRCVMORE) 413 continue; 414 #ifdef INET6 415 /* don't accept it if AF does not match */ 416 if (ip6 && !(inp->inp_flags & INP_IPV6)) 417 continue; 418 if (!ip6 && (inp->inp_flags & INP_IPV6)) 419 continue; 420 #endif 421 if (rtable_l2(inp->inp_rtableid) != 422 rtable_l2(m->m_pkthdr.ph_rtableid)) 423 continue; 424 if (inp->inp_lport != uh->uh_dport) 425 continue; 426 #ifdef INET6 427 if (ip6) { 428 if (!IN6_IS_ADDR_UNSPECIFIED(&inp->inp_laddr6)) 429 if (!IN6_ARE_ADDR_EQUAL(&inp->inp_laddr6, 430 &ip6->ip6_dst)) 431 continue; 432 } else 433 #endif /* INET6 */ 434 if (inp->inp_laddr.s_addr != INADDR_ANY) { 435 if (inp->inp_laddr.s_addr != ip->ip_dst.s_addr) 436 continue; 437 } 438 #ifdef INET6 439 if (ip6) { 440 if (!IN6_IS_ADDR_UNSPECIFIED(&inp->inp_faddr6)) 441 if (!IN6_ARE_ADDR_EQUAL(&inp->inp_faddr6, 442 &ip6->ip6_src) || 443 inp->inp_fport != uh->uh_sport) 444 continue; 445 } else 446 #endif /* INET6 */ 447 if (inp->inp_faddr.s_addr != INADDR_ANY) { 448 if (inp->inp_faddr.s_addr != 449 ip->ip_src.s_addr || 450 inp->inp_fport != uh->uh_sport) 451 continue; 452 } 453 454 if (last != NULL) { 455 struct mbuf *n; 456 457 n = m_copym(m, 0, M_COPYALL, M_NOWAIT); 458 if (n != NULL) { 459 #ifdef INET6 460 if (ip6 && (last->inp_flags & 461 IN6P_CONTROLOPTS || 462 last->inp_socket->so_options & 463 SO_TIMESTAMP)) 464 ip6_savecontrol(last, n, &opts); 465 #endif /* INET6 */ 466 if (ip && (last->inp_flags & 467 INP_CONTROLOPTS || 468 last->inp_socket->so_options & 469 SO_TIMESTAMP)) 470 ip_savecontrol(last, &opts, 471 ip, n); 472 473 m_adj(n, iphlen); 474 if (sbappendaddr( 475 &last->inp_socket->so_rcv, 476 &srcsa.sa, n, opts) == 0) { 477 m_freem(n); 478 m_freem(opts); 479 udpstat.udps_fullsock++; 480 } else 481 sorwakeup(last->inp_socket); 482 opts = NULL; 483 } 484 } 485 last = inp; 486 /* 487 * Don't look for additional matches if this one does 488 * not have either the SO_REUSEPORT or SO_REUSEADDR 489 * socket options set. This heuristic avoids searching 490 * through all pcbs in the common case of a non-shared 491 * port. It assumes that an application will never 492 * clear these options after setting them. 493 */ 494 if ((last->inp_socket->so_options & (SO_REUSEPORT | 495 SO_REUSEADDR)) == 0) 496 break; 497 } 498 499 if (last == NULL) { 500 /* 501 * No matching pcb found; discard datagram. 502 * (No need to send an ICMP Port Unreachable 503 * for a broadcast or multicast datgram.) 504 */ 505 udpstat.udps_noportbcast++; 506 goto bad; 507 } 508 509 #ifdef INET6 510 if (ip6 && (last->inp_flags & IN6P_CONTROLOPTS || 511 last->inp_socket->so_options & SO_TIMESTAMP)) 512 ip6_savecontrol(last, m, &opts); 513 #endif /* INET6 */ 514 if (ip && (last->inp_flags & INP_CONTROLOPTS || 515 last->inp_socket->so_options & SO_TIMESTAMP)) 516 ip_savecontrol(last, &opts, ip, m); 517 518 m_adj(m, iphlen); 519 if (sbappendaddr(&last->inp_socket->so_rcv, 520 &srcsa.sa, m, opts) == 0) { 521 udpstat.udps_fullsock++; 522 goto bad; 523 } 524 sorwakeup(last->inp_socket); 525 return; 526 } 527 /* 528 * Locate pcb for datagram. 529 */ 530 #if 0 531 if (m->m_pkthdr.pf.statekey) { 532 inp = m->m_pkthdr.pf.statekey->inp; 533 if (inp && inp->inp_pf_sk) 534 KASSERT(m->m_pkthdr.pf.statekey == inp->inp_pf_sk); 535 } 536 #endif 537 if (inp == NULL) { 538 #ifdef INET6 539 if (ip6) 540 inp = in6_pcbhashlookup(&udbtable, &ip6->ip6_src, 541 uh->uh_sport, &ip6->ip6_dst, uh->uh_dport, 542 m->m_pkthdr.ph_rtableid); 543 else 544 #endif /* INET6 */ 545 inp = in_pcbhashlookup(&udbtable, ip->ip_src, uh->uh_sport, 546 ip->ip_dst, uh->uh_dport, m->m_pkthdr.ph_rtableid); 547 #if NPF > 0 548 if (m->m_pkthdr.pf.statekey && inp) { 549 m->m_pkthdr.pf.statekey->inp = inp; 550 inp->inp_pf_sk = m->m_pkthdr.pf.statekey; 551 } 552 #endif 553 } 554 if (inp == 0) { 555 int inpl_reverse = 0; 556 if (m->m_pkthdr.pf.flags & PF_TAG_TRANSLATE_LOCALHOST) 557 inpl_reverse = 1; 558 ++udpstat.udps_pcbhashmiss; 559 #ifdef INET6 560 if (ip6) { 561 inp = in6_pcblookup_listen(&udbtable, 562 &ip6->ip6_dst, uh->uh_dport, inpl_reverse, m, 563 m->m_pkthdr.ph_rtableid); 564 } else 565 #endif /* INET6 */ 566 inp = in_pcblookup_listen(&udbtable, 567 ip->ip_dst, uh->uh_dport, inpl_reverse, m, 568 m->m_pkthdr.ph_rtableid); 569 if (inp == 0) { 570 udpstat.udps_noport++; 571 if (m->m_flags & (M_BCAST | M_MCAST)) { 572 udpstat.udps_noportbcast++; 573 goto bad; 574 } 575 #ifdef INET6 576 if (ip6) { 577 uh->uh_sum = savesum; 578 icmp6_error(m, ICMP6_DST_UNREACH, 579 ICMP6_DST_UNREACH_NOPORT,0); 580 } else 581 #endif /* INET6 */ 582 { 583 *ip = save_ip; 584 uh->uh_sum = savesum; 585 icmp_error(m, ICMP_UNREACH, ICMP_UNREACH_PORT, 586 0, 0); 587 } 588 return; 589 } 590 } 591 KASSERT(sotoinpcb(inp->inp_socket) == inp); 592 593 #if NPF > 0 594 if (m->m_pkthdr.pf.statekey && !m->m_pkthdr.pf.statekey->inp && 595 !inp->inp_pf_sk && (inp->inp_socket->so_state & SS_ISCONNECTED)) { 596 m->m_pkthdr.pf.statekey->inp = inp; 597 inp->inp_pf_sk = m->m_pkthdr.pf.statekey; 598 } 599 /* The statekey has finished finding the inp, it is no longer needed. */ 600 m->m_pkthdr.pf.statekey = NULL; 601 #endif 602 603 #ifdef IPSEC 604 mtag = m_tag_find(m, PACKET_TAG_IPSEC_IN_DONE, NULL); 605 if (mtag != NULL) { 606 tdbi = (struct tdb_ident *)(mtag + 1); 607 tdb = gettdb(tdbi->rdomain, tdbi->spi, 608 &tdbi->dst, tdbi->proto); 609 } else 610 tdb = NULL; 611 ipsp_spd_lookup(m, srcsa.sa.sa_family, iphlen, &error, 612 IPSP_DIRECTION_IN, tdb, inp, 0); 613 if (error) { 614 udpstat.udps_nosec++; 615 goto bad; 616 } 617 /* create ipsec options while we know that tdb cannot be modified */ 618 if (tdb && tdb->tdb_ids) 619 ipsecflowinfo = tdb->tdb_ids->id_flow; 620 #endif /*IPSEC */ 621 622 opts = NULL; 623 #ifdef INET6 624 if (ip6 && (inp->inp_flags & IN6P_CONTROLOPTS || 625 inp->inp_socket->so_options & SO_TIMESTAMP)) 626 ip6_savecontrol(inp, m, &opts); 627 #endif /* INET6 */ 628 if (ip && (inp->inp_flags & INP_CONTROLOPTS || 629 inp->inp_socket->so_options & SO_TIMESTAMP)) 630 ip_savecontrol(inp, &opts, ip, m); 631 #ifdef INET6 632 if (ip6 && (inp->inp_flags & IN6P_RECVDSTPORT)) { 633 struct mbuf **mp = &opts; 634 635 while (*mp) 636 mp = &(*mp)->m_next; 637 *mp = sbcreatecontrol((caddr_t)&uh->uh_dport, sizeof(u_int16_t), 638 IPV6_RECVDSTPORT, IPPROTO_IPV6); 639 } 640 #endif /* INET6 */ 641 if (ip && (inp->inp_flags & INP_RECVDSTPORT)) { 642 struct mbuf **mp = &opts; 643 644 while (*mp) 645 mp = &(*mp)->m_next; 646 *mp = sbcreatecontrol((caddr_t)&uh->uh_dport, sizeof(u_int16_t), 647 IP_RECVDSTPORT, IPPROTO_IP); 648 } 649 #ifdef IPSEC 650 if (ipsecflowinfo && (inp->inp_flags & INP_IPSECFLOWINFO)) { 651 struct mbuf **mp = &opts; 652 653 while (*mp) 654 mp = &(*mp)->m_next; 655 *mp = sbcreatecontrol((caddr_t)&ipsecflowinfo, 656 sizeof(u_int32_t), IP_IPSECFLOWINFO, IPPROTO_IP); 657 } 658 #endif 659 #ifdef PIPEX 660 if (pipex_enable && inp->inp_pipex) { 661 struct pipex_session *session; 662 int off = iphlen + sizeof(struct udphdr); 663 if ((session = pipex_l2tp_lookup_session(m, off)) != NULL) { 664 if ((m = pipex_l2tp_input(m, off, session, 665 ipsecflowinfo)) == NULL) { 666 m_freem(opts); 667 return; /* the packet is handled by PIPEX */ 668 } 669 } 670 } 671 #endif 672 673 iphlen += sizeof(struct udphdr); 674 m_adj(m, iphlen); 675 if (sbappendaddr(&inp->inp_socket->so_rcv, &srcsa.sa, m, opts) == 0) { 676 udpstat.udps_fullsock++; 677 goto bad; 678 } 679 sorwakeup(inp->inp_socket); 680 return; 681 bad: 682 m_freem(m); 683 m_freem(opts); 684 } 685 686 /* 687 * Notify a udp user of an asynchronous error; 688 * just wake up so that he can collect error status. 689 */ 690 void 691 udp_notify(struct inpcb *inp, int errno) 692 { 693 inp->inp_socket->so_error = errno; 694 sorwakeup(inp->inp_socket); 695 sowwakeup(inp->inp_socket); 696 } 697 698 #ifdef INET6 699 void 700 udp6_ctlinput(int cmd, struct sockaddr *sa, u_int rdomain, void *d) 701 { 702 struct udphdr uh; 703 struct sockaddr_in6 sa6; 704 struct ip6_hdr *ip6; 705 struct mbuf *m; 706 int off; 707 void *cmdarg; 708 struct ip6ctlparam *ip6cp = NULL; 709 struct udp_portonly { 710 u_int16_t uh_sport; 711 u_int16_t uh_dport; 712 } *uhp; 713 void (*notify)(struct inpcb *, int) = udp_notify; 714 715 if (sa == NULL) 716 return; 717 if (sa->sa_family != AF_INET6 || 718 sa->sa_len != sizeof(struct sockaddr_in6)) 719 return; 720 721 if ((unsigned)cmd >= PRC_NCMDS) 722 return; 723 if (PRC_IS_REDIRECT(cmd)) 724 notify = in_rtchange, d = NULL; 725 else if (cmd == PRC_HOSTDEAD) 726 d = NULL; 727 else if (cmd == PRC_MSGSIZE) 728 ; /* special code is present, see below */ 729 else if (inet6ctlerrmap[cmd] == 0) 730 return; 731 732 /* if the parameter is from icmp6, decode it. */ 733 if (d != NULL) { 734 ip6cp = (struct ip6ctlparam *)d; 735 m = ip6cp->ip6c_m; 736 ip6 = ip6cp->ip6c_ip6; 737 off = ip6cp->ip6c_off; 738 cmdarg = ip6cp->ip6c_cmdarg; 739 } else { 740 m = NULL; 741 ip6 = NULL; 742 cmdarg = NULL; 743 /* XXX: translate addresses into internal form */ 744 sa6 = *satosin6(sa); 745 if (in6_embedscope(&sa6.sin6_addr, &sa6, NULL, NULL)) { 746 /* should be impossible */ 747 return; 748 } 749 } 750 751 if (ip6cp && ip6cp->ip6c_finaldst) { 752 bzero(&sa6, sizeof(sa6)); 753 sa6.sin6_family = AF_INET6; 754 sa6.sin6_len = sizeof(sa6); 755 sa6.sin6_addr = *ip6cp->ip6c_finaldst; 756 /* XXX: assuming M is valid in this case */ 757 sa6.sin6_scope_id = in6_addr2scopeid(m->m_pkthdr.ph_ifidx, 758 ip6cp->ip6c_finaldst); 759 if (in6_embedscope(ip6cp->ip6c_finaldst, &sa6, NULL, NULL)) { 760 /* should be impossible */ 761 return; 762 } 763 } else { 764 /* XXX: translate addresses into internal form */ 765 sa6 = *satosin6(sa); 766 if (in6_embedscope(&sa6.sin6_addr, &sa6, NULL, NULL)) { 767 /* should be impossible */ 768 return; 769 } 770 } 771 772 if (ip6) { 773 /* 774 * XXX: We assume that when IPV6 is non NULL, 775 * M and OFF are valid. 776 */ 777 struct sockaddr_in6 sa6_src; 778 779 /* check if we can safely examine src and dst ports */ 780 if (m->m_pkthdr.len < off + sizeof(*uhp)) 781 return; 782 783 bzero(&uh, sizeof(uh)); 784 m_copydata(m, off, sizeof(*uhp), (caddr_t)&uh); 785 786 bzero(&sa6_src, sizeof(sa6_src)); 787 sa6_src.sin6_family = AF_INET6; 788 sa6_src.sin6_len = sizeof(sa6_src); 789 sa6_src.sin6_addr = ip6->ip6_src; 790 sa6_src.sin6_scope_id = in6_addr2scopeid(m->m_pkthdr.ph_ifidx, 791 &ip6->ip6_src); 792 if (in6_embedscope(&sa6_src.sin6_addr, &sa6_src, NULL, NULL)) { 793 /* should be impossible */ 794 return; 795 } 796 797 if (cmd == PRC_MSGSIZE) { 798 int valid = 0; 799 800 /* 801 * Check to see if we have a valid UDP socket 802 * corresponding to the address in the ICMPv6 message 803 * payload. 804 */ 805 if (in6_pcbhashlookup(&udbtable, &sa6.sin6_addr, 806 uh.uh_dport, &sa6_src.sin6_addr, uh.uh_sport, 807 rdomain)) 808 valid = 1; 809 #if 0 810 /* 811 * As the use of sendto(2) is fairly popular, 812 * we may want to allow non-connected pcb too. 813 * But it could be too weak against attacks... 814 * We should at least check if the local address (= s) 815 * is really ours. 816 */ 817 else if (in6_pcblookup_listen(&udbtable, 818 &sa6_src.sin6_addr, uh.uh_sport, 0, 819 rdomain)) 820 valid = 1; 821 #endif 822 823 /* 824 * Depending on the value of "valid" and routing table 825 * size (mtudisc_{hi,lo}wat), we will: 826 * - recalculate the new MTU and create the 827 * corresponding routing entry, or 828 * - ignore the MTU change notification. 829 */ 830 icmp6_mtudisc_update((struct ip6ctlparam *)d, valid); 831 832 /* 833 * regardless of if we called icmp6_mtudisc_update(), 834 * we need to call in6_pcbnotify(), to notify path 835 * MTU change to the userland (2292bis-02), because 836 * some unconnected sockets may share the same 837 * destination and want to know the path MTU. 838 */ 839 } 840 841 (void) in6_pcbnotify(&udbtable, &sa6, uh.uh_dport, 842 &sa6_src, uh.uh_sport, rdomain, cmd, cmdarg, notify); 843 } else { 844 (void) in6_pcbnotify(&udbtable, &sa6, 0, 845 &sa6_any, 0, rdomain, cmd, cmdarg, notify); 846 } 847 } 848 #endif 849 850 void * 851 udp_ctlinput(int cmd, struct sockaddr *sa, u_int rdomain, void *v) 852 { 853 struct ip *ip = v; 854 struct udphdr *uhp; 855 struct in_addr faddr; 856 struct inpcb *inp; 857 void (*notify)(struct inpcb *, int) = udp_notify; 858 int errno; 859 860 if (sa == NULL) 861 return NULL; 862 if (sa->sa_family != AF_INET || 863 sa->sa_len != sizeof(struct sockaddr_in)) 864 return NULL; 865 faddr = satosin(sa)->sin_addr; 866 if (faddr.s_addr == INADDR_ANY) 867 return NULL; 868 869 if ((unsigned)cmd >= PRC_NCMDS) 870 return NULL; 871 errno = inetctlerrmap[cmd]; 872 if (PRC_IS_REDIRECT(cmd)) 873 notify = in_rtchange, ip = 0; 874 else if (cmd == PRC_HOSTDEAD) 875 ip = 0; 876 else if (errno == 0) 877 return NULL; 878 if (ip) { 879 uhp = (struct udphdr *)((caddr_t)ip + (ip->ip_hl << 2)); 880 881 #ifdef IPSEC 882 /* PMTU discovery for udpencap */ 883 if (cmd == PRC_MSGSIZE && ip_mtudisc && udpencap_enable && 884 udpencap_port && uhp->uh_sport == htons(udpencap_port)) { 885 udpencap_ctlinput(cmd, sa, rdomain, v); 886 return (NULL); 887 } 888 #endif 889 inp = in_pcbhashlookup(&udbtable, 890 ip->ip_dst, uhp->uh_dport, ip->ip_src, uhp->uh_sport, 891 rdomain); 892 if (inp && inp->inp_socket != NULL) 893 notify(inp, errno); 894 } else 895 in_pcbnotifyall(&udbtable, sa, rdomain, errno, notify); 896 return (NULL); 897 } 898 899 int 900 udp_output(struct inpcb *inp, struct mbuf *m, struct mbuf *addr, 901 struct mbuf *control) 902 { 903 struct sockaddr_in *sin = NULL; 904 struct udpiphdr *ui; 905 u_int32_t ipsecflowinfo = 0; 906 int len = m->m_pkthdr.len; 907 struct in_addr *laddr; 908 int error = 0; 909 910 #ifdef DIAGNOSTIC 911 if ((inp->inp_flags & INP_IPV6) != 0) 912 panic("IPv6 inpcb to %s", __func__); 913 #endif 914 915 /* 916 * Compute the packet length of the IP header, and 917 * punt if the length looks bogus. 918 */ 919 if ((len + sizeof(struct udpiphdr)) > IP_MAXPACKET) { 920 error = EMSGSIZE; 921 goto release; 922 } 923 924 if (addr) { 925 sin = mtod(addr, struct sockaddr_in *); 926 927 if (addr->m_len != sizeof(*sin)) { 928 error = EINVAL; 929 goto release; 930 } 931 if (sin->sin_family != AF_INET) { 932 error = EAFNOSUPPORT; 933 goto release; 934 } 935 if (sin->sin_port == 0) { 936 error = EADDRNOTAVAIL; 937 goto release; 938 } 939 940 if (inp->inp_faddr.s_addr != INADDR_ANY) { 941 error = EISCONN; 942 goto release; 943 } 944 945 error = in_selectsrc(&laddr, sin, inp->inp_moptions, 946 &inp->inp_route, &inp->inp_laddr, inp->inp_rtableid); 947 if (error) 948 goto release; 949 950 if (inp->inp_lport == 0) { 951 int s = splsoftnet(); 952 error = in_pcbbind(inp, NULL, curproc); 953 splx(s); 954 if (error) 955 goto release; 956 } 957 } else { 958 if (inp->inp_faddr.s_addr == INADDR_ANY) { 959 error = ENOTCONN; 960 goto release; 961 } 962 laddr = &inp->inp_laddr; 963 } 964 965 #ifdef IPSEC 966 if (control && (inp->inp_flags & INP_IPSECFLOWINFO) != 0) { 967 u_int clen; 968 struct cmsghdr *cm; 969 caddr_t cmsgs; 970 971 /* 972 * XXX: Currently, we assume all the optional information is stored 973 * in a single mbuf. 974 */ 975 if (control->m_next) { 976 error = EINVAL; 977 goto release; 978 } 979 980 clen = control->m_len; 981 cmsgs = mtod(control, caddr_t); 982 do { 983 if (clen < CMSG_LEN(0)) { 984 error = EINVAL; 985 goto release; 986 } 987 cm = (struct cmsghdr *)cmsgs; 988 if (cm->cmsg_len < CMSG_LEN(0) || 989 CMSG_ALIGN(cm->cmsg_len) > clen) { 990 error = EINVAL; 991 goto release; 992 } 993 if (cm->cmsg_len == CMSG_LEN(sizeof(ipsecflowinfo)) && 994 cm->cmsg_level == IPPROTO_IP && 995 cm->cmsg_type == IP_IPSECFLOWINFO) { 996 ipsecflowinfo = *(u_int32_t *)CMSG_DATA(cm); 997 break; 998 } 999 clen -= CMSG_ALIGN(cm->cmsg_len); 1000 cmsgs += CMSG_ALIGN(cm->cmsg_len); 1001 } while (clen); 1002 } 1003 #endif 1004 /* 1005 * Calculate data length and get a mbuf 1006 * for UDP and IP headers. 1007 */ 1008 M_PREPEND(m, sizeof(struct udpiphdr), M_DONTWAIT); 1009 if (m == NULL) { 1010 error = ENOBUFS; 1011 goto bail; 1012 } 1013 1014 /* 1015 * Fill in mbuf with extended UDP header 1016 * and addresses and length put into network format. 1017 */ 1018 ui = mtod(m, struct udpiphdr *); 1019 bzero(ui->ui_x1, sizeof ui->ui_x1); 1020 ui->ui_pr = IPPROTO_UDP; 1021 ui->ui_len = htons((u_int16_t)len + sizeof (struct udphdr)); 1022 ui->ui_src = *laddr; 1023 ui->ui_dst = sin ? sin->sin_addr : inp->inp_faddr; 1024 ui->ui_sport = inp->inp_lport; 1025 ui->ui_dport = sin ? sin->sin_port : inp->inp_fport; 1026 ui->ui_ulen = ui->ui_len; 1027 ((struct ip *)ui)->ip_len = htons(sizeof (struct udpiphdr) + len); 1028 ((struct ip *)ui)->ip_ttl = inp->inp_ip.ip_ttl; 1029 ((struct ip *)ui)->ip_tos = inp->inp_ip.ip_tos; 1030 if (udpcksum) 1031 m->m_pkthdr.csum_flags |= M_UDP_CSUM_OUT; 1032 1033 udpstat.udps_opackets++; 1034 1035 /* force routing table */ 1036 m->m_pkthdr.ph_rtableid = inp->inp_rtableid; 1037 1038 #if NPF > 0 1039 if (inp->inp_socket->so_state & SS_ISCONNECTED) 1040 m->m_pkthdr.pf.inp = inp; 1041 #endif 1042 1043 error = ip_output(m, inp->inp_options, &inp->inp_route, 1044 (inp->inp_socket->so_options & SO_BROADCAST), inp->inp_moptions, 1045 inp, ipsecflowinfo); 1046 if (error == EACCES) /* translate pf(4) error for userland */ 1047 error = EHOSTUNREACH; 1048 1049 bail: 1050 m_freem(control); 1051 return (error); 1052 1053 release: 1054 m_freem(m); 1055 goto bail; 1056 } 1057 1058 /*ARGSUSED*/ 1059 int 1060 udp_usrreq(struct socket *so, int req, struct mbuf *m, struct mbuf *addr, 1061 struct mbuf *control, struct proc *p) 1062 { 1063 struct inpcb *inp; 1064 int error = 0; 1065 int s; 1066 1067 if (req == PRU_CONTROL) { 1068 #ifdef INET6 1069 if (sotopf(so) == PF_INET6) 1070 return (in6_control(so, (u_long)m, (caddr_t)addr, 1071 (struct ifnet *)control)); 1072 else 1073 #endif /* INET6 */ 1074 return (in_control(so, (u_long)m, (caddr_t)addr, 1075 (struct ifnet *)control)); 1076 } 1077 1078 s = splsoftnet(); 1079 inp = sotoinpcb(so); 1080 if (inp == NULL && req != PRU_ATTACH) { 1081 error = EINVAL; 1082 goto release; 1083 } 1084 1085 /* 1086 * Note: need to block udp_input while changing 1087 * the udp pcb queue and/or pcb addresses. 1088 */ 1089 switch (req) { 1090 1091 case PRU_ATTACH: 1092 if (inp != NULL) { 1093 error = EINVAL; 1094 break; 1095 } 1096 if ((error = soreserve(so, udp_sendspace, udp_recvspace)) || 1097 (error = in_pcballoc(so, &udbtable))) 1098 break; 1099 #ifdef INET6 1100 if (sotoinpcb(so)->inp_flags & INP_IPV6) 1101 sotoinpcb(so)->inp_ipv6.ip6_hlim = ip6_defhlim; 1102 else 1103 #endif /* INET6 */ 1104 sotoinpcb(so)->inp_ip.ip_ttl = ip_defttl; 1105 break; 1106 1107 case PRU_DETACH: 1108 in_pcbdetach(inp); 1109 break; 1110 1111 case PRU_BIND: 1112 #ifdef INET6 1113 if (inp->inp_flags & INP_IPV6) 1114 error = in6_pcbbind(inp, addr, p); 1115 else 1116 #endif 1117 error = in_pcbbind(inp, addr, p); 1118 break; 1119 1120 case PRU_LISTEN: 1121 error = EOPNOTSUPP; 1122 break; 1123 1124 case PRU_CONNECT: 1125 #ifdef INET6 1126 if (inp->inp_flags & INP_IPV6) { 1127 if (!IN6_IS_ADDR_UNSPECIFIED(&inp->inp_faddr6)) { 1128 error = EISCONN; 1129 break; 1130 } 1131 error = in6_pcbconnect(inp, addr); 1132 } else 1133 #endif /* INET6 */ 1134 { 1135 if (inp->inp_faddr.s_addr != INADDR_ANY) { 1136 error = EISCONN; 1137 break; 1138 } 1139 error = in_pcbconnect(inp, addr); 1140 } 1141 1142 if (error == 0) 1143 soisconnected(so); 1144 break; 1145 1146 case PRU_CONNECT2: 1147 error = EOPNOTSUPP; 1148 break; 1149 1150 case PRU_ACCEPT: 1151 error = EOPNOTSUPP; 1152 break; 1153 1154 case PRU_DISCONNECT: 1155 #ifdef INET6 1156 if (inp->inp_flags & INP_IPV6) { 1157 if (IN6_IS_ADDR_UNSPECIFIED(&inp->inp_faddr6)) { 1158 error = ENOTCONN; 1159 break; 1160 } 1161 } else 1162 #endif /* INET6 */ 1163 { 1164 if (inp->inp_faddr.s_addr == INADDR_ANY) { 1165 error = ENOTCONN; 1166 break; 1167 } 1168 } 1169 1170 #ifdef INET6 1171 if (inp->inp_flags & INP_IPV6) 1172 inp->inp_laddr6 = in6addr_any; 1173 else 1174 #endif /* INET6 */ 1175 inp->inp_laddr.s_addr = INADDR_ANY; 1176 in_pcbdisconnect(inp); 1177 1178 so->so_state &= ~SS_ISCONNECTED; /* XXX */ 1179 break; 1180 1181 case PRU_SHUTDOWN: 1182 socantsendmore(so); 1183 break; 1184 1185 case PRU_SEND: 1186 #ifdef PIPEX 1187 if (inp->inp_pipex) { 1188 struct pipex_session *session; 1189 1190 if (addr != NULL) 1191 session = 1192 pipex_l2tp_userland_lookup_session(m, 1193 mtod(addr, struct sockaddr *)); 1194 else 1195 #ifdef INET6 1196 if (inp->inp_flags & INP_IPV6) 1197 session = 1198 pipex_l2tp_userland_lookup_session_ipv6( 1199 m, inp->inp_faddr6); 1200 else 1201 #endif 1202 session = 1203 pipex_l2tp_userland_lookup_session_ipv4( 1204 m, inp->inp_faddr); 1205 if (session != NULL) 1206 if ((m = pipex_l2tp_userland_output( 1207 m, session)) == NULL) { 1208 error = ENOMEM; 1209 goto release; 1210 } 1211 } 1212 #endif 1213 1214 #ifdef INET6 1215 if (inp->inp_flags & INP_IPV6) 1216 error = udp6_output(inp, m, addr, control); 1217 else 1218 #endif 1219 error = udp_output(inp, m, addr, control); 1220 splx(s); 1221 return (error); 1222 1223 case PRU_ABORT: 1224 soisdisconnected(so); 1225 in_pcbdetach(inp); 1226 break; 1227 1228 case PRU_SOCKADDR: 1229 #ifdef INET6 1230 if (inp->inp_flags & INP_IPV6) 1231 in6_setsockaddr(inp, addr); 1232 else 1233 #endif /* INET6 */ 1234 in_setsockaddr(inp, addr); 1235 break; 1236 1237 case PRU_PEERADDR: 1238 #ifdef INET6 1239 if (inp->inp_flags & INP_IPV6) 1240 in6_setpeeraddr(inp, addr); 1241 else 1242 #endif /* INET6 */ 1243 in_setpeeraddr(inp, addr); 1244 break; 1245 1246 case PRU_SENSE: 1247 /* 1248 * stat: don't bother with a blocksize. 1249 */ 1250 /* 1251 * Perhaps Path MTU might be returned for a connected 1252 * UDP socket in this case. 1253 */ 1254 splx(s); 1255 return (0); 1256 1257 case PRU_SENDOOB: 1258 case PRU_FASTTIMO: 1259 case PRU_SLOWTIMO: 1260 case PRU_PROTORCV: 1261 case PRU_PROTOSEND: 1262 error = EOPNOTSUPP; 1263 break; 1264 1265 case PRU_RCVD: 1266 case PRU_RCVOOB: 1267 splx(s); 1268 return (EOPNOTSUPP); /* do not free mbuf's */ 1269 1270 default: 1271 panic("udp_usrreq"); 1272 } 1273 1274 release: 1275 splx(s); 1276 m_freem(control); 1277 m_freem(m); 1278 return (error); 1279 } 1280 1281 /* 1282 * Sysctl for udp variables. 1283 */ 1284 int 1285 udp_sysctl(int *name, u_int namelen, void *oldp, size_t *oldlenp, void *newp, 1286 size_t newlen) 1287 { 1288 /* All sysctl names at this level are terminal. */ 1289 if (namelen != 1) 1290 return (ENOTDIR); 1291 1292 switch (name[0]) { 1293 case UDPCTL_BADDYNAMIC: 1294 return (sysctl_struct(oldp, oldlenp, newp, newlen, 1295 baddynamicports.udp, sizeof(baddynamicports.udp))); 1296 1297 case UDPCTL_STATS: 1298 if (newp != NULL) 1299 return (EPERM); 1300 return (sysctl_struct(oldp, oldlenp, newp, newlen, 1301 &udpstat, sizeof(udpstat))); 1302 1303 default: 1304 if (name[0] < UDPCTL_MAXID) 1305 return (sysctl_int_arr(udpctl_vars, name, namelen, 1306 oldp, oldlenp, newp, newlen)); 1307 return (ENOPROTOOPT); 1308 } 1309 /* NOTREACHED */ 1310 } 1311