1 /* $OpenBSD: udp_usrreq.c,v 1.254 2018/11/10 18:40:34 bluhm Exp $ */ 2 /* $NetBSD: udp_usrreq.c,v 1.28 1996/03/16 23:54:03 christos Exp $ */ 3 4 /* 5 * Copyright (c) 1982, 1986, 1988, 1990, 1993 6 * The Regents of the University of California. All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 1. Redistributions of source code must retain the above copyright 12 * notice, this list of conditions and the following disclaimer. 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 3. Neither the name of the University nor the names of its contributors 17 * may be used to endorse or promote products derived from this software 18 * without specific prior written permission. 19 * 20 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 23 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 30 * SUCH DAMAGE. 31 * 32 * @(#)COPYRIGHT 1.1 (NRL) 17 January 1995 33 * 34 * NRL grants permission for redistribution and use in source and binary 35 * forms, with or without modification, of the software and documentation 36 * created at NRL provided that the following conditions are met: 37 * 38 * 1. Redistributions of source code must retain the above copyright 39 * notice, this list of conditions and the following disclaimer. 40 * 2. Redistributions in binary form must reproduce the above copyright 41 * notice, this list of conditions and the following disclaimer in the 42 * documentation and/or other materials provided with the distribution. 43 * 3. All advertising materials mentioning features or use of this software 44 * must display the following acknowledgements: 45 * This product includes software developed by the University of 46 * California, Berkeley and its contributors. 47 * This product includes software developed at the Information 48 * Technology Division, US Naval Research Laboratory. 49 * 4. Neither the name of the NRL nor the names of its contributors 50 * may be used to endorse or promote products derived from this software 51 * without specific prior written permission. 52 * 53 * THE SOFTWARE PROVIDED BY NRL IS PROVIDED BY NRL AND CONTRIBUTORS ``AS 54 * IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 55 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A 56 * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL NRL OR 57 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, 58 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, 59 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR 60 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF 61 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 62 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 63 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 64 * 65 * The views and conclusions contained in the software and documentation 66 * are those of the authors and should not be interpreted as representing 67 * official policies, either expressed or implied, of the US Naval 68 * Research Laboratory (NRL). 69 */ 70 71 #include <sys/param.h> 72 #include <sys/systm.h> 73 #include <sys/mbuf.h> 74 #include <sys/protosw.h> 75 #include <sys/socket.h> 76 #include <sys/socketvar.h> 77 #include <sys/sysctl.h> 78 #include <sys/domain.h> 79 80 #include <net/if.h> 81 #include <net/if_var.h> 82 #include <net/if_media.h> 83 #include <net/route.h> 84 85 #include <netinet/in.h> 86 #include <netinet/in_var.h> 87 #include <netinet/ip.h> 88 #include <netinet/in_pcb.h> 89 #include <netinet/ip_var.h> 90 #include <netinet/ip_icmp.h> 91 #include <netinet/udp.h> 92 #include <netinet/udp_var.h> 93 94 #ifdef IPSEC 95 #include <netinet/ip_ipsp.h> 96 #include <netinet/ip_esp.h> 97 #endif 98 99 #ifdef INET6 100 #include <netinet6/in6_var.h> 101 #include <netinet6/ip6_var.h> 102 #include <netinet6/ip6protosw.h> 103 #endif /* INET6 */ 104 105 #include "pf.h" 106 #if NPF > 0 107 #include <net/pfvar.h> 108 #endif 109 110 #ifdef PIPEX 111 #include <netinet/if_ether.h> 112 #include <net/pipex.h> 113 #endif 114 115 #include "vxlan.h" 116 #if NVXLAN > 0 117 #include <net/if_vxlan.h> 118 #endif 119 120 /* 121 * UDP protocol implementation. 122 * Per RFC 768, August, 1980. 123 */ 124 int udpcksum = 1; 125 126 u_int udp_sendspace = 9216; /* really max datagram size */ 127 u_int udp_recvspace = 40 * (1024 + sizeof(struct sockaddr_in)); 128 /* 40 1K datagrams */ 129 130 int *udpctl_vars[UDPCTL_MAXID] = UDPCTL_VARS; 131 132 struct inpcbtable udbtable; 133 struct cpumem *udpcounters; 134 135 void udp_sbappend(struct inpcb *, struct mbuf *, struct ip *, 136 struct ip6_hdr *, int, struct udphdr *, struct sockaddr *, 137 u_int32_t); 138 int udp_output(struct inpcb *, struct mbuf *, struct mbuf *, struct mbuf *); 139 void udp_notify(struct inpcb *, int); 140 int udp_sysctl_udpstat(void *, size_t *, void *); 141 142 #ifndef UDB_INITIAL_HASH_SIZE 143 #define UDB_INITIAL_HASH_SIZE 128 144 #endif 145 146 void 147 udp_init(void) 148 { 149 udpcounters = counters_alloc(udps_ncounters); 150 in_pcbinit(&udbtable, UDB_INITIAL_HASH_SIZE); 151 } 152 153 int 154 udp_input(struct mbuf **mp, int *offp, int proto, int af) 155 { 156 struct mbuf *m = *mp; 157 int iphlen = *offp; 158 struct ip *ip = NULL; 159 struct udphdr *uh; 160 struct inpcb *inp = NULL; 161 struct ip save_ip; 162 int len; 163 u_int16_t savesum; 164 union { 165 struct sockaddr sa; 166 struct sockaddr_in sin; 167 #ifdef INET6 168 struct sockaddr_in6 sin6; 169 #endif /* INET6 */ 170 } srcsa, dstsa; 171 struct ip6_hdr *ip6 = NULL; 172 #ifdef IPSEC 173 struct m_tag *mtag; 174 struct tdb_ident *tdbi; 175 struct tdb *tdb; 176 int error, protoff; 177 #endif /* IPSEC */ 178 u_int32_t ipsecflowinfo = 0; 179 180 udpstat_inc(udps_ipackets); 181 182 IP6_EXTHDR_GET(uh, struct udphdr *, m, iphlen, sizeof(struct udphdr)); 183 if (!uh) { 184 udpstat_inc(udps_hdrops); 185 return IPPROTO_DONE; 186 } 187 188 /* Check for illegal destination port 0 */ 189 if (uh->uh_dport == 0) { 190 udpstat_inc(udps_noport); 191 goto bad; 192 } 193 194 /* 195 * Make mbuf data length reflect UDP length. 196 * If not enough data to reflect UDP length, drop. 197 */ 198 len = ntohs((u_int16_t)uh->uh_ulen); 199 switch (af) { 200 case AF_INET: 201 if (m->m_pkthdr.len - iphlen != len) { 202 if (len > (m->m_pkthdr.len - iphlen) || 203 len < sizeof(struct udphdr)) { 204 udpstat_inc(udps_badlen); 205 goto bad; 206 } 207 m_adj(m, len - (m->m_pkthdr.len - iphlen)); 208 } 209 ip = mtod(m, struct ip *); 210 /* 211 * Save a copy of the IP header in case we want restore it 212 * for sending an ICMP error message in response. 213 */ 214 save_ip = *ip; 215 break; 216 #ifdef INET6 217 case AF_INET6: 218 /* jumbograms */ 219 if (len == 0 && m->m_pkthdr.len - iphlen > 0xffff) 220 len = m->m_pkthdr.len - iphlen; 221 if (len != m->m_pkthdr.len - iphlen) { 222 udpstat_inc(udps_badlen); 223 goto bad; 224 } 225 ip6 = mtod(m, struct ip6_hdr *); 226 break; 227 #endif /* INET6 */ 228 default: 229 unhandled_af(af); 230 } 231 232 /* 233 * Checksum extended UDP header and data. 234 * from W.R.Stevens: check incoming udp cksums even if 235 * udpcksum is not set. 236 */ 237 savesum = uh->uh_sum; 238 if (uh->uh_sum == 0) { 239 udpstat_inc(udps_nosum); 240 #ifdef INET6 241 /* 242 * In IPv6, the UDP checksum is ALWAYS used. 243 */ 244 if (ip6) 245 goto bad; 246 #endif /* INET6 */ 247 } else { 248 if ((m->m_pkthdr.csum_flags & M_UDP_CSUM_IN_OK) == 0) { 249 if (m->m_pkthdr.csum_flags & M_UDP_CSUM_IN_BAD) { 250 udpstat_inc(udps_badsum); 251 goto bad; 252 } 253 udpstat_inc(udps_inswcsum); 254 255 if (ip) 256 uh->uh_sum = in4_cksum(m, IPPROTO_UDP, 257 iphlen, len); 258 #ifdef INET6 259 else if (ip6) 260 uh->uh_sum = in6_cksum(m, IPPROTO_UDP, 261 iphlen, len); 262 #endif /* INET6 */ 263 if (uh->uh_sum != 0) { 264 udpstat_inc(udps_badsum); 265 goto bad; 266 } 267 } 268 } 269 270 #ifdef IPSEC 271 if (udpencap_enable && udpencap_port && esp_enable && 272 #if NPF > 0 273 !(m->m_pkthdr.pf.flags & PF_TAG_DIVERTED) && 274 #endif 275 uh->uh_dport == htons(udpencap_port)) { 276 u_int32_t spi; 277 int skip = iphlen + sizeof(struct udphdr); 278 279 if (m->m_pkthdr.len - skip < sizeof(u_int32_t)) { 280 /* packet too short */ 281 m_freem(m); 282 return IPPROTO_DONE; 283 } 284 m_copydata(m, skip, sizeof(u_int32_t), (caddr_t) &spi); 285 /* 286 * decapsulate if the SPI is not zero, otherwise pass 287 * to userland 288 */ 289 if (spi != 0) { 290 if ((m = *mp = m_pullup(m, skip)) == NULL) { 291 udpstat_inc(udps_hdrops); 292 return IPPROTO_DONE; 293 } 294 295 /* remove the UDP header */ 296 bcopy(mtod(m, u_char *), 297 mtod(m, u_char *) + sizeof(struct udphdr), iphlen); 298 m_adj(m, sizeof(struct udphdr)); 299 skip -= sizeof(struct udphdr); 300 301 espstat_inc(esps_udpencin); 302 protoff = af == AF_INET ? offsetof(struct ip, ip_p) : 303 offsetof(struct ip6_hdr, ip6_nxt); 304 ipsec_common_input(m, skip, protoff, 305 af, IPPROTO_ESP, 1); 306 return IPPROTO_DONE; 307 } 308 } 309 #endif 310 311 switch (af) { 312 case AF_INET: 313 bzero(&srcsa, sizeof(struct sockaddr_in)); 314 srcsa.sin.sin_len = sizeof(struct sockaddr_in); 315 srcsa.sin.sin_family = AF_INET; 316 srcsa.sin.sin_port = uh->uh_sport; 317 srcsa.sin.sin_addr = ip->ip_src; 318 319 bzero(&dstsa, sizeof(struct sockaddr_in)); 320 dstsa.sin.sin_len = sizeof(struct sockaddr_in); 321 dstsa.sin.sin_family = AF_INET; 322 dstsa.sin.sin_port = uh->uh_dport; 323 dstsa.sin.sin_addr = ip->ip_dst; 324 break; 325 #ifdef INET6 326 case AF_INET6: 327 bzero(&srcsa, sizeof(struct sockaddr_in6)); 328 srcsa.sin6.sin6_len = sizeof(struct sockaddr_in6); 329 srcsa.sin6.sin6_family = AF_INET6; 330 srcsa.sin6.sin6_port = uh->uh_sport; 331 #if 0 /*XXX inbound flowinfo */ 332 srcsa.sin6.sin6_flowinfo = htonl(0x0fffffff) & ip6->ip6_flow; 333 #endif 334 /* KAME hack: recover scopeid */ 335 in6_recoverscope(&srcsa.sin6, &ip6->ip6_src); 336 337 bzero(&dstsa, sizeof(struct sockaddr_in6)); 338 dstsa.sin6.sin6_len = sizeof(struct sockaddr_in6); 339 dstsa.sin6.sin6_family = AF_INET6; 340 dstsa.sin6.sin6_port = uh->uh_dport; 341 #if 0 /*XXX inbound flowinfo */ 342 dstsa.sin6.sin6_flowinfo = htonl(0x0fffffff) & ip6->ip6_flow; 343 #endif 344 /* KAME hack: recover scopeid */ 345 in6_recoverscope(&dstsa.sin6, &ip6->ip6_dst); 346 break; 347 #endif /* INET6 */ 348 } 349 350 #if NVXLAN > 0 351 if (vxlan_enable > 0 && 352 #if NPF > 0 353 !(m->m_pkthdr.pf.flags & PF_TAG_DIVERTED) && 354 #endif 355 vxlan_lookup(m, uh, iphlen, &srcsa.sa, &dstsa.sa) != 0) 356 return IPPROTO_DONE; 357 #endif 358 359 if (m->m_flags & (M_BCAST|M_MCAST)) { 360 struct inpcb *last; 361 /* 362 * Deliver a multicast or broadcast datagram to *all* sockets 363 * for which the local and remote addresses and ports match 364 * those of the incoming datagram. This allows more than 365 * one process to receive multi/broadcasts on the same port. 366 * (This really ought to be done for unicast datagrams as 367 * well, but that would cause problems with existing 368 * applications that open both address-specific sockets and 369 * a wildcard socket listening to the same port -- they would 370 * end up receiving duplicates of every unicast datagram. 371 * Those applications open the multiple sockets to overcome an 372 * inadequacy of the UDP socket interface, but for backwards 373 * compatibility we avoid the problem here rather than 374 * fixing the interface. Maybe 4.5BSD will remedy this?) 375 */ 376 377 /* 378 * Locate pcb(s) for datagram. 379 * (Algorithm copied from raw_intr().) 380 */ 381 last = NULL; 382 NET_ASSERT_LOCKED(); 383 TAILQ_FOREACH(inp, &udbtable.inpt_queue, inp_queue) { 384 if (inp->inp_socket->so_state & SS_CANTRCVMORE) 385 continue; 386 #ifdef INET6 387 /* don't accept it if AF does not match */ 388 if (ip6 && !(inp->inp_flags & INP_IPV6)) 389 continue; 390 if (!ip6 && (inp->inp_flags & INP_IPV6)) 391 continue; 392 #endif 393 if (rtable_l2(inp->inp_rtableid) != 394 rtable_l2(m->m_pkthdr.ph_rtableid)) 395 continue; 396 if (inp->inp_lport != uh->uh_dport) 397 continue; 398 #ifdef INET6 399 if (ip6) { 400 if (inp->inp_ip6_minhlim && 401 inp->inp_ip6_minhlim > ip6->ip6_hlim) 402 continue; 403 if (!IN6_IS_ADDR_UNSPECIFIED(&inp->inp_laddr6)) 404 if (!IN6_ARE_ADDR_EQUAL(&inp->inp_laddr6, 405 &ip6->ip6_dst)) 406 continue; 407 } else 408 #endif /* INET6 */ 409 { 410 if (inp->inp_ip_minttl && 411 inp->inp_ip_minttl > ip->ip_ttl) 412 continue; 413 414 if (inp->inp_laddr.s_addr != INADDR_ANY) { 415 if (inp->inp_laddr.s_addr != 416 ip->ip_dst.s_addr) 417 continue; 418 } 419 } 420 #ifdef INET6 421 if (ip6) { 422 if (!IN6_IS_ADDR_UNSPECIFIED(&inp->inp_faddr6)) 423 if (!IN6_ARE_ADDR_EQUAL(&inp->inp_faddr6, 424 &ip6->ip6_src) || 425 inp->inp_fport != uh->uh_sport) 426 continue; 427 } else 428 #endif /* INET6 */ 429 if (inp->inp_faddr.s_addr != INADDR_ANY) { 430 if (inp->inp_faddr.s_addr != 431 ip->ip_src.s_addr || 432 inp->inp_fport != uh->uh_sport) 433 continue; 434 } 435 436 if (last != NULL) { 437 struct mbuf *n; 438 439 n = m_copym(m, 0, M_COPYALL, M_NOWAIT); 440 if (n != NULL) { 441 udp_sbappend(last, n, ip, ip6, iphlen, 442 uh, &srcsa.sa, 0); 443 } 444 } 445 last = inp; 446 /* 447 * Don't look for additional matches if this one does 448 * not have either the SO_REUSEPORT or SO_REUSEADDR 449 * socket options set. This heuristic avoids searching 450 * through all pcbs in the common case of a non-shared 451 * port. It assumes that an application will never 452 * clear these options after setting them. 453 */ 454 if ((last->inp_socket->so_options & (SO_REUSEPORT | 455 SO_REUSEADDR)) == 0) 456 break; 457 } 458 459 if (last == NULL) { 460 /* 461 * No matching pcb found; discard datagram. 462 * (No need to send an ICMP Port Unreachable 463 * for a broadcast or multicast datgram.) 464 */ 465 udpstat_inc(udps_noportbcast); 466 goto bad; 467 } 468 469 udp_sbappend(last, m, ip, ip6, iphlen, uh, &srcsa.sa, 0); 470 return IPPROTO_DONE; 471 } 472 /* 473 * Locate pcb for datagram. 474 */ 475 #if NPF > 0 476 inp = pf_inp_lookup(m); 477 #endif 478 if (inp == NULL) { 479 #ifdef INET6 480 if (ip6) 481 inp = in6_pcbhashlookup(&udbtable, &ip6->ip6_src, 482 uh->uh_sport, &ip6->ip6_dst, uh->uh_dport, 483 m->m_pkthdr.ph_rtableid); 484 else 485 #endif /* INET6 */ 486 inp = in_pcbhashlookup(&udbtable, ip->ip_src, uh->uh_sport, 487 ip->ip_dst, uh->uh_dport, m->m_pkthdr.ph_rtableid); 488 } 489 if (inp == 0) { 490 udpstat_inc(udps_pcbhashmiss); 491 #ifdef INET6 492 if (ip6) { 493 inp = in6_pcblookup_listen(&udbtable, &ip6->ip6_dst, 494 uh->uh_dport, m, m->m_pkthdr.ph_rtableid); 495 } else 496 #endif /* INET6 */ 497 inp = in_pcblookup_listen(&udbtable, ip->ip_dst, 498 uh->uh_dport, m, m->m_pkthdr.ph_rtableid); 499 if (inp == 0) { 500 udpstat_inc(udps_noport); 501 if (m->m_flags & (M_BCAST | M_MCAST)) { 502 udpstat_inc(udps_noportbcast); 503 goto bad; 504 } 505 #ifdef INET6 506 if (ip6) { 507 uh->uh_sum = savesum; 508 icmp6_error(m, ICMP6_DST_UNREACH, 509 ICMP6_DST_UNREACH_NOPORT,0); 510 } else 511 #endif /* INET6 */ 512 { 513 *ip = save_ip; 514 uh->uh_sum = savesum; 515 icmp_error(m, ICMP_UNREACH, ICMP_UNREACH_PORT, 516 0, 0); 517 } 518 return IPPROTO_DONE; 519 } 520 } 521 KASSERT(sotoinpcb(inp->inp_socket) == inp); 522 soassertlocked(inp->inp_socket); 523 524 #ifdef INET6 525 if (ip6 && inp->inp_ip6_minhlim && 526 inp->inp_ip6_minhlim > ip6->ip6_hlim) { 527 goto bad; 528 } else 529 #endif 530 if (ip && inp->inp_ip_minttl && 531 inp->inp_ip_minttl > ip->ip_ttl) { 532 goto bad; 533 } 534 535 #if NPF > 0 536 if (inp->inp_socket->so_state & SS_ISCONNECTED) 537 pf_inp_link(m, inp); 538 #endif 539 540 #ifdef IPSEC 541 mtag = m_tag_find(m, PACKET_TAG_IPSEC_IN_DONE, NULL); 542 if (mtag != NULL) { 543 tdbi = (struct tdb_ident *)(mtag + 1); 544 tdb = gettdb(tdbi->rdomain, tdbi->spi, 545 &tdbi->dst, tdbi->proto); 546 } else 547 tdb = NULL; 548 ipsp_spd_lookup(m, af, iphlen, &error, 549 IPSP_DIRECTION_IN, tdb, inp, 0); 550 if (error) { 551 udpstat_inc(udps_nosec); 552 goto bad; 553 } 554 /* create ipsec options while we know that tdb cannot be modified */ 555 if (tdb && tdb->tdb_ids) 556 ipsecflowinfo = tdb->tdb_ids->id_flow; 557 #endif /*IPSEC */ 558 559 #ifdef PIPEX 560 if (pipex_enable && inp->inp_pipex) { 561 struct pipex_session *session; 562 int off = iphlen + sizeof(struct udphdr); 563 if ((session = pipex_l2tp_lookup_session(m, off)) != NULL) { 564 if ((m = *mp = pipex_l2tp_input(m, off, session, 565 ipsecflowinfo)) == NULL) { 566 /* the packet is handled by PIPEX */ 567 return IPPROTO_DONE; 568 } 569 } 570 } 571 #endif 572 573 udp_sbappend(inp, m, ip, ip6, iphlen, uh, &srcsa.sa, ipsecflowinfo); 574 return IPPROTO_DONE; 575 bad: 576 m_freem(m); 577 return IPPROTO_DONE; 578 } 579 580 void 581 udp_sbappend(struct inpcb *inp, struct mbuf *m, struct ip *ip, 582 struct ip6_hdr *ip6, int iphlen, struct udphdr *uh, 583 struct sockaddr *srcaddr, u_int32_t ipsecflowinfo) 584 { 585 struct socket *so = inp->inp_socket; 586 struct mbuf *opts = NULL; 587 588 #ifdef INET6 589 if (ip6 && (inp->inp_flags & IN6P_CONTROLOPTS || 590 so->so_options & SO_TIMESTAMP)) 591 ip6_savecontrol(inp, m, &opts); 592 #endif /* INET6 */ 593 if (ip && (inp->inp_flags & INP_CONTROLOPTS || 594 so->so_options & SO_TIMESTAMP)) 595 ip_savecontrol(inp, &opts, ip, m); 596 #ifdef INET6 597 if (ip6 && (inp->inp_flags & IN6P_RECVDSTPORT)) { 598 struct mbuf **mp = &opts; 599 600 while (*mp) 601 mp = &(*mp)->m_next; 602 *mp = sbcreatecontrol((caddr_t)&uh->uh_dport, sizeof(u_int16_t), 603 IPV6_RECVDSTPORT, IPPROTO_IPV6); 604 } 605 #endif /* INET6 */ 606 if (ip && (inp->inp_flags & INP_RECVDSTPORT)) { 607 struct mbuf **mp = &opts; 608 609 while (*mp) 610 mp = &(*mp)->m_next; 611 *mp = sbcreatecontrol((caddr_t)&uh->uh_dport, sizeof(u_int16_t), 612 IP_RECVDSTPORT, IPPROTO_IP); 613 } 614 #ifdef IPSEC 615 if (ipsecflowinfo && (inp->inp_flags & INP_IPSECFLOWINFO)) { 616 struct mbuf **mp = &opts; 617 618 while (*mp) 619 mp = &(*mp)->m_next; 620 *mp = sbcreatecontrol((caddr_t)&ipsecflowinfo, 621 sizeof(u_int32_t), IP_IPSECFLOWINFO, IPPROTO_IP); 622 } 623 #endif 624 m_adj(m, iphlen + sizeof(struct udphdr)); 625 if (sbappendaddr(so, &so->so_rcv, srcaddr, m, opts) == 0) { 626 udpstat_inc(udps_fullsock); 627 m_freem(m); 628 m_freem(opts); 629 return; 630 } 631 sorwakeup(so); 632 } 633 634 /* 635 * Notify a udp user of an asynchronous error; 636 * just wake up so that he can collect error status. 637 */ 638 void 639 udp_notify(struct inpcb *inp, int errno) 640 { 641 inp->inp_socket->so_error = errno; 642 sorwakeup(inp->inp_socket); 643 sowwakeup(inp->inp_socket); 644 } 645 646 #ifdef INET6 647 void 648 udp6_ctlinput(int cmd, struct sockaddr *sa, u_int rdomain, void *d) 649 { 650 struct udphdr uh; 651 struct sockaddr_in6 sa6; 652 struct ip6_hdr *ip6; 653 struct mbuf *m; 654 int off; 655 void *cmdarg; 656 struct ip6ctlparam *ip6cp = NULL; 657 struct udp_portonly { 658 u_int16_t uh_sport; 659 u_int16_t uh_dport; 660 } *uhp; 661 void (*notify)(struct inpcb *, int) = udp_notify; 662 663 if (sa == NULL) 664 return; 665 if (sa->sa_family != AF_INET6 || 666 sa->sa_len != sizeof(struct sockaddr_in6)) 667 return; 668 669 if ((unsigned)cmd >= PRC_NCMDS) 670 return; 671 if (PRC_IS_REDIRECT(cmd)) 672 notify = in_rtchange, d = NULL; 673 else if (cmd == PRC_HOSTDEAD) 674 d = NULL; 675 else if (cmd == PRC_MSGSIZE) 676 ; /* special code is present, see below */ 677 else if (inet6ctlerrmap[cmd] == 0) 678 return; 679 680 /* if the parameter is from icmp6, decode it. */ 681 if (d != NULL) { 682 ip6cp = (struct ip6ctlparam *)d; 683 m = ip6cp->ip6c_m; 684 ip6 = ip6cp->ip6c_ip6; 685 off = ip6cp->ip6c_off; 686 cmdarg = ip6cp->ip6c_cmdarg; 687 } else { 688 m = NULL; 689 ip6 = NULL; 690 cmdarg = NULL; 691 /* XXX: translate addresses into internal form */ 692 sa6 = *satosin6(sa); 693 if (in6_embedscope(&sa6.sin6_addr, &sa6, NULL)) { 694 /* should be impossible */ 695 return; 696 } 697 } 698 699 if (ip6cp && ip6cp->ip6c_finaldst) { 700 bzero(&sa6, sizeof(sa6)); 701 sa6.sin6_family = AF_INET6; 702 sa6.sin6_len = sizeof(sa6); 703 sa6.sin6_addr = *ip6cp->ip6c_finaldst; 704 /* XXX: assuming M is valid in this case */ 705 sa6.sin6_scope_id = in6_addr2scopeid(m->m_pkthdr.ph_ifidx, 706 ip6cp->ip6c_finaldst); 707 if (in6_embedscope(ip6cp->ip6c_finaldst, &sa6, NULL)) { 708 /* should be impossible */ 709 return; 710 } 711 } else { 712 /* XXX: translate addresses into internal form */ 713 sa6 = *satosin6(sa); 714 if (in6_embedscope(&sa6.sin6_addr, &sa6, NULL)) { 715 /* should be impossible */ 716 return; 717 } 718 } 719 720 if (ip6) { 721 /* 722 * XXX: We assume that when IPV6 is non NULL, 723 * M and OFF are valid. 724 */ 725 struct sockaddr_in6 sa6_src; 726 727 /* check if we can safely examine src and dst ports */ 728 if (m->m_pkthdr.len < off + sizeof(*uhp)) 729 return; 730 731 bzero(&uh, sizeof(uh)); 732 m_copydata(m, off, sizeof(*uhp), (caddr_t)&uh); 733 734 bzero(&sa6_src, sizeof(sa6_src)); 735 sa6_src.sin6_family = AF_INET6; 736 sa6_src.sin6_len = sizeof(sa6_src); 737 sa6_src.sin6_addr = ip6->ip6_src; 738 sa6_src.sin6_scope_id = in6_addr2scopeid(m->m_pkthdr.ph_ifidx, 739 &ip6->ip6_src); 740 if (in6_embedscope(&sa6_src.sin6_addr, &sa6_src, NULL)) { 741 /* should be impossible */ 742 return; 743 } 744 745 if (cmd == PRC_MSGSIZE) { 746 int valid = 0; 747 748 /* 749 * Check to see if we have a valid UDP socket 750 * corresponding to the address in the ICMPv6 message 751 * payload. 752 */ 753 if (in6_pcbhashlookup(&udbtable, &sa6.sin6_addr, 754 uh.uh_dport, &sa6_src.sin6_addr, uh.uh_sport, 755 rdomain)) 756 valid = 1; 757 #if 0 758 /* 759 * As the use of sendto(2) is fairly popular, 760 * we may want to allow non-connected pcb too. 761 * But it could be too weak against attacks... 762 * We should at least check if the local address (= s) 763 * is really ours. 764 */ 765 else if (in6_pcblookup_listen(&udbtable, 766 &sa6_src.sin6_addr, uh.uh_sport, NULL, 767 rdomain)) 768 valid = 1; 769 #endif 770 771 /* 772 * Depending on the value of "valid" and routing table 773 * size (mtudisc_{hi,lo}wat), we will: 774 * - recalculate the new MTU and create the 775 * corresponding routing entry, or 776 * - ignore the MTU change notification. 777 */ 778 icmp6_mtudisc_update((struct ip6ctlparam *)d, valid); 779 780 /* 781 * regardless of if we called icmp6_mtudisc_update(), 782 * we need to call in6_pcbnotify(), to notify path 783 * MTU change to the userland (2292bis-02), because 784 * some unconnected sockets may share the same 785 * destination and want to know the path MTU. 786 */ 787 } 788 789 (void) in6_pcbnotify(&udbtable, &sa6, uh.uh_dport, 790 &sa6_src, uh.uh_sport, rdomain, cmd, cmdarg, notify); 791 } else { 792 (void) in6_pcbnotify(&udbtable, &sa6, 0, 793 &sa6_any, 0, rdomain, cmd, cmdarg, notify); 794 } 795 } 796 #endif 797 798 void 799 udp_ctlinput(int cmd, struct sockaddr *sa, u_int rdomain, void *v) 800 { 801 struct ip *ip = v; 802 struct udphdr *uhp; 803 struct in_addr faddr; 804 struct inpcb *inp; 805 void (*notify)(struct inpcb *, int) = udp_notify; 806 int errno; 807 808 if (sa == NULL) 809 return; 810 if (sa->sa_family != AF_INET || 811 sa->sa_len != sizeof(struct sockaddr_in)) 812 return; 813 faddr = satosin(sa)->sin_addr; 814 if (faddr.s_addr == INADDR_ANY) 815 return; 816 817 if ((unsigned)cmd >= PRC_NCMDS) 818 return; 819 errno = inetctlerrmap[cmd]; 820 if (PRC_IS_REDIRECT(cmd)) 821 notify = in_rtchange, ip = 0; 822 else if (cmd == PRC_HOSTDEAD) 823 ip = 0; 824 else if (errno == 0) 825 return; 826 if (ip) { 827 uhp = (struct udphdr *)((caddr_t)ip + (ip->ip_hl << 2)); 828 829 #ifdef IPSEC 830 /* PMTU discovery for udpencap */ 831 if (cmd == PRC_MSGSIZE && ip_mtudisc && udpencap_enable && 832 udpencap_port && uhp->uh_sport == htons(udpencap_port)) { 833 udpencap_ctlinput(cmd, sa, rdomain, v); 834 return; 835 } 836 #endif 837 inp = in_pcbhashlookup(&udbtable, 838 ip->ip_dst, uhp->uh_dport, ip->ip_src, uhp->uh_sport, 839 rdomain); 840 if (inp && inp->inp_socket != NULL) 841 notify(inp, errno); 842 } else 843 in_pcbnotifyall(&udbtable, sa, rdomain, errno, notify); 844 } 845 846 int 847 udp_output(struct inpcb *inp, struct mbuf *m, struct mbuf *addr, 848 struct mbuf *control) 849 { 850 struct sockaddr_in *sin = NULL; 851 struct udpiphdr *ui; 852 u_int32_t ipsecflowinfo = 0; 853 struct sockaddr_in src_sin; 854 int len = m->m_pkthdr.len; 855 struct in_addr *laddr; 856 int error = 0; 857 858 #ifdef DIAGNOSTIC 859 if ((inp->inp_flags & INP_IPV6) != 0) 860 panic("IPv6 inpcb to %s", __func__); 861 #endif 862 863 /* 864 * Compute the packet length of the IP header, and 865 * punt if the length looks bogus. 866 */ 867 if ((len + sizeof(struct udpiphdr)) > IP_MAXPACKET) { 868 error = EMSGSIZE; 869 goto release; 870 } 871 872 memset(&src_sin, 0, sizeof(src_sin)); 873 874 if (control) { 875 u_int clen; 876 struct cmsghdr *cm; 877 caddr_t cmsgs; 878 879 /* 880 * XXX: Currently, we assume all the optional information is 881 * stored in a single mbuf. 882 */ 883 if (control->m_next) { 884 error = EINVAL; 885 goto release; 886 } 887 888 clen = control->m_len; 889 cmsgs = mtod(control, caddr_t); 890 do { 891 if (clen < CMSG_LEN(0)) { 892 error = EINVAL; 893 goto release; 894 } 895 cm = (struct cmsghdr *)cmsgs; 896 if (cm->cmsg_len < CMSG_LEN(0) || 897 CMSG_ALIGN(cm->cmsg_len) > clen) { 898 error = EINVAL; 899 goto release; 900 } 901 #ifdef IPSEC 902 if ((inp->inp_flags & INP_IPSECFLOWINFO) != 0 && 903 cm->cmsg_len == CMSG_LEN(sizeof(ipsecflowinfo)) && 904 cm->cmsg_level == IPPROTO_IP && 905 cm->cmsg_type == IP_IPSECFLOWINFO) { 906 ipsecflowinfo = *(u_int32_t *)CMSG_DATA(cm); 907 } else 908 #endif 909 if (cm->cmsg_len == CMSG_LEN(sizeof(struct in_addr)) && 910 cm->cmsg_level == IPPROTO_IP && 911 cm->cmsg_type == IP_SENDSRCADDR) { 912 memcpy(&src_sin.sin_addr, CMSG_DATA(cm), 913 sizeof(struct in_addr)); 914 src_sin.sin_family = AF_INET; 915 src_sin.sin_len = sizeof(src_sin); 916 /* no check on reuse when sin->sin_port == 0 */ 917 if ((error = in_pcbaddrisavail(inp, &src_sin, 918 0, curproc))) 919 goto release; 920 } 921 clen -= CMSG_ALIGN(cm->cmsg_len); 922 cmsgs += CMSG_ALIGN(cm->cmsg_len); 923 } while (clen); 924 } 925 926 if (addr) { 927 if ((error = in_nam2sin(addr, &sin))) 928 goto release; 929 if (sin->sin_port == 0) { 930 error = EADDRNOTAVAIL; 931 goto release; 932 } 933 if (inp->inp_faddr.s_addr != INADDR_ANY) { 934 error = EISCONN; 935 goto release; 936 } 937 error = in_pcbselsrc(&laddr, sin, inp); 938 if (error) 939 goto release; 940 941 if (inp->inp_lport == 0) { 942 error = in_pcbbind(inp, NULL, curproc); 943 if (error) 944 goto release; 945 } 946 947 if (src_sin.sin_len > 0 && 948 src_sin.sin_addr.s_addr != INADDR_ANY && 949 src_sin.sin_addr.s_addr != inp->inp_laddr.s_addr) { 950 src_sin.sin_port = inp->inp_lport; 951 if (inp->inp_laddr.s_addr != INADDR_ANY && 952 (error = 953 in_pcbaddrisavail(inp, &src_sin, 0, curproc))) 954 goto release; 955 laddr = &src_sin.sin_addr; 956 } 957 } else { 958 if (inp->inp_faddr.s_addr == INADDR_ANY) { 959 error = ENOTCONN; 960 goto release; 961 } 962 laddr = &inp->inp_laddr; 963 } 964 965 /* 966 * Calculate data length and get a mbuf 967 * for UDP and IP headers. 968 */ 969 M_PREPEND(m, sizeof(struct udpiphdr), M_DONTWAIT); 970 if (m == NULL) { 971 error = ENOBUFS; 972 goto bail; 973 } 974 975 /* 976 * Fill in mbuf with extended UDP header 977 * and addresses and length put into network format. 978 */ 979 ui = mtod(m, struct udpiphdr *); 980 bzero(ui->ui_x1, sizeof ui->ui_x1); 981 ui->ui_pr = IPPROTO_UDP; 982 ui->ui_len = htons((u_int16_t)len + sizeof (struct udphdr)); 983 ui->ui_src = *laddr; 984 ui->ui_dst = sin ? sin->sin_addr : inp->inp_faddr; 985 ui->ui_sport = inp->inp_lport; 986 ui->ui_dport = sin ? sin->sin_port : inp->inp_fport; 987 ui->ui_ulen = ui->ui_len; 988 ((struct ip *)ui)->ip_len = htons(sizeof (struct udpiphdr) + len); 989 ((struct ip *)ui)->ip_ttl = inp->inp_ip.ip_ttl; 990 ((struct ip *)ui)->ip_tos = inp->inp_ip.ip_tos; 991 if (udpcksum) 992 m->m_pkthdr.csum_flags |= M_UDP_CSUM_OUT; 993 994 udpstat_inc(udps_opackets); 995 996 /* force routing table */ 997 m->m_pkthdr.ph_rtableid = inp->inp_rtableid; 998 999 #if NPF > 0 1000 if (inp->inp_socket->so_state & SS_ISCONNECTED) 1001 pf_mbuf_link_inpcb(m, inp); 1002 #endif 1003 1004 error = ip_output(m, inp->inp_options, &inp->inp_route, 1005 (inp->inp_socket->so_options & SO_BROADCAST), inp->inp_moptions, 1006 inp, ipsecflowinfo); 1007 1008 bail: 1009 m_freem(control); 1010 return (error); 1011 1012 release: 1013 m_freem(m); 1014 goto bail; 1015 } 1016 1017 /*ARGSUSED*/ 1018 int 1019 udp_usrreq(struct socket *so, int req, struct mbuf *m, struct mbuf *addr, 1020 struct mbuf *control, struct proc *p) 1021 { 1022 struct inpcb *inp; 1023 int error = 0; 1024 1025 if (req == PRU_CONTROL) { 1026 #ifdef INET6 1027 if (sotopf(so) == PF_INET6) 1028 return (in6_control(so, (u_long)m, (caddr_t)addr, 1029 (struct ifnet *)control)); 1030 else 1031 #endif /* INET6 */ 1032 return (in_control(so, (u_long)m, (caddr_t)addr, 1033 (struct ifnet *)control)); 1034 } 1035 1036 soassertlocked(so); 1037 1038 inp = sotoinpcb(so); 1039 if (inp == NULL) { 1040 error = EINVAL; 1041 goto release; 1042 } 1043 1044 /* 1045 * Note: need to block udp_input while changing 1046 * the udp pcb queue and/or pcb addresses. 1047 */ 1048 switch (req) { 1049 1050 case PRU_BIND: 1051 error = in_pcbbind(inp, addr, p); 1052 break; 1053 1054 case PRU_LISTEN: 1055 error = EOPNOTSUPP; 1056 break; 1057 1058 case PRU_CONNECT: 1059 #ifdef INET6 1060 if (inp->inp_flags & INP_IPV6) { 1061 if (!IN6_IS_ADDR_UNSPECIFIED(&inp->inp_faddr6)) { 1062 error = EISCONN; 1063 break; 1064 } 1065 error = in6_pcbconnect(inp, addr); 1066 } else 1067 #endif /* INET6 */ 1068 { 1069 if (inp->inp_faddr.s_addr != INADDR_ANY) { 1070 error = EISCONN; 1071 break; 1072 } 1073 error = in_pcbconnect(inp, addr); 1074 } 1075 1076 if (error == 0) 1077 soisconnected(so); 1078 break; 1079 1080 case PRU_CONNECT2: 1081 error = EOPNOTSUPP; 1082 break; 1083 1084 case PRU_ACCEPT: 1085 error = EOPNOTSUPP; 1086 break; 1087 1088 case PRU_DISCONNECT: 1089 #ifdef INET6 1090 if (inp->inp_flags & INP_IPV6) { 1091 if (IN6_IS_ADDR_UNSPECIFIED(&inp->inp_faddr6)) { 1092 error = ENOTCONN; 1093 break; 1094 } 1095 } else 1096 #endif /* INET6 */ 1097 { 1098 if (inp->inp_faddr.s_addr == INADDR_ANY) { 1099 error = ENOTCONN; 1100 break; 1101 } 1102 } 1103 1104 #ifdef INET6 1105 if (inp->inp_flags & INP_IPV6) 1106 inp->inp_laddr6 = in6addr_any; 1107 else 1108 #endif /* INET6 */ 1109 inp->inp_laddr.s_addr = INADDR_ANY; 1110 in_pcbdisconnect(inp); 1111 1112 so->so_state &= ~SS_ISCONNECTED; /* XXX */ 1113 break; 1114 1115 case PRU_SHUTDOWN: 1116 socantsendmore(so); 1117 break; 1118 1119 case PRU_SEND: 1120 #ifdef PIPEX 1121 if (inp->inp_pipex) { 1122 struct pipex_session *session; 1123 1124 if (addr != NULL) 1125 session = 1126 pipex_l2tp_userland_lookup_session(m, 1127 mtod(addr, struct sockaddr *)); 1128 else 1129 #ifdef INET6 1130 if (inp->inp_flags & INP_IPV6) 1131 session = 1132 pipex_l2tp_userland_lookup_session_ipv6( 1133 m, inp->inp_faddr6); 1134 else 1135 #endif 1136 session = 1137 pipex_l2tp_userland_lookup_session_ipv4( 1138 m, inp->inp_faddr); 1139 if (session != NULL) 1140 if ((m = pipex_l2tp_userland_output( 1141 m, session)) == NULL) { 1142 error = ENOMEM; 1143 goto release; 1144 } 1145 } 1146 #endif 1147 1148 #ifdef INET6 1149 if (inp->inp_flags & INP_IPV6) 1150 error = udp6_output(inp, m, addr, control); 1151 else 1152 #endif 1153 error = udp_output(inp, m, addr, control); 1154 return (error); 1155 1156 case PRU_ABORT: 1157 soisdisconnected(so); 1158 in_pcbdetach(inp); 1159 break; 1160 1161 case PRU_SOCKADDR: 1162 #ifdef INET6 1163 if (inp->inp_flags & INP_IPV6) 1164 in6_setsockaddr(inp, addr); 1165 else 1166 #endif /* INET6 */ 1167 in_setsockaddr(inp, addr); 1168 break; 1169 1170 case PRU_PEERADDR: 1171 #ifdef INET6 1172 if (inp->inp_flags & INP_IPV6) 1173 in6_setpeeraddr(inp, addr); 1174 else 1175 #endif /* INET6 */ 1176 in_setpeeraddr(inp, addr); 1177 break; 1178 1179 case PRU_SENSE: 1180 /* 1181 * stat: don't bother with a blocksize. 1182 */ 1183 /* 1184 * Perhaps Path MTU might be returned for a connected 1185 * UDP socket in this case. 1186 */ 1187 return (0); 1188 1189 case PRU_SENDOOB: 1190 case PRU_FASTTIMO: 1191 case PRU_SLOWTIMO: 1192 case PRU_PROTORCV: 1193 case PRU_PROTOSEND: 1194 error = EOPNOTSUPP; 1195 break; 1196 1197 case PRU_RCVD: 1198 case PRU_RCVOOB: 1199 return (EOPNOTSUPP); /* do not free mbuf's */ 1200 1201 default: 1202 panic("udp_usrreq"); 1203 } 1204 release: 1205 m_freem(control); 1206 m_freem(m); 1207 return (error); 1208 } 1209 1210 int 1211 udp_attach(struct socket *so, int proto) 1212 { 1213 int error; 1214 1215 if (so->so_pcb != NULL) 1216 return EINVAL; 1217 1218 if ((error = soreserve(so, udp_sendspace, udp_recvspace))) 1219 return error; 1220 1221 NET_ASSERT_LOCKED(); 1222 if ((error = in_pcballoc(so, &udbtable))) 1223 return error; 1224 #ifdef INET6 1225 if (sotoinpcb(so)->inp_flags & INP_IPV6) 1226 sotoinpcb(so)->inp_ipv6.ip6_hlim = ip6_defhlim; 1227 else 1228 #endif /* INET6 */ 1229 sotoinpcb(so)->inp_ip.ip_ttl = ip_defttl; 1230 return 0; 1231 } 1232 1233 int 1234 udp_detach(struct socket *so) 1235 { 1236 struct inpcb *inp; 1237 1238 soassertlocked(so); 1239 1240 inp = sotoinpcb(so); 1241 if (inp == NULL) 1242 return (EINVAL); 1243 1244 in_pcbdetach(inp); 1245 return (0); 1246 } 1247 1248 /* 1249 * Sysctl for udp variables. 1250 */ 1251 int 1252 udp_sysctl(int *name, u_int namelen, void *oldp, size_t *oldlenp, void *newp, 1253 size_t newlen) 1254 { 1255 int error; 1256 1257 /* All sysctl names at this level are terminal. */ 1258 if (namelen != 1) 1259 return (ENOTDIR); 1260 1261 switch (name[0]) { 1262 case UDPCTL_BADDYNAMIC: 1263 NET_LOCK(); 1264 error = sysctl_struct(oldp, oldlenp, newp, newlen, 1265 baddynamicports.udp, sizeof(baddynamicports.udp)); 1266 NET_UNLOCK(); 1267 return (error); 1268 1269 case UDPCTL_ROOTONLY: 1270 if (newp && securelevel > 0) 1271 return (EPERM); 1272 NET_LOCK(); 1273 error = sysctl_struct(oldp, oldlenp, newp, newlen, 1274 rootonlyports.udp, sizeof(rootonlyports.udp)); 1275 NET_UNLOCK(); 1276 return (error); 1277 1278 case UDPCTL_STATS: 1279 if (newp != NULL) 1280 return (EPERM); 1281 1282 return (udp_sysctl_udpstat(oldp, oldlenp, newp)); 1283 1284 default: 1285 if (name[0] < UDPCTL_MAXID) { 1286 NET_LOCK(); 1287 error = sysctl_int_arr(udpctl_vars, name, namelen, 1288 oldp, oldlenp, newp, newlen); 1289 NET_UNLOCK(); 1290 return (error); 1291 } 1292 return (ENOPROTOOPT); 1293 } 1294 /* NOTREACHED */ 1295 } 1296 1297 int 1298 udp_sysctl_udpstat(void *oldp, size_t *oldlenp, void *newp) 1299 { 1300 uint64_t counters[udps_ncounters]; 1301 struct udpstat udpstat; 1302 u_long *words = (u_long *)&udpstat; 1303 int i; 1304 1305 CTASSERT(sizeof(udpstat) == (nitems(counters) * sizeof(u_long))); 1306 memset(&udpstat, 0, sizeof udpstat); 1307 counters_read(udpcounters, counters, nitems(counters)); 1308 1309 for (i = 0; i < nitems(counters); i++) 1310 words[i] = (u_long)counters[i]; 1311 1312 return (sysctl_rdstruct(oldp, oldlenp, newp, 1313 &udpstat, sizeof(udpstat))); 1314 } 1315