1 /* $OpenBSD: udp_usrreq.c,v 1.198 2015/04/16 19:24:13 markus Exp $ */ 2 /* $NetBSD: udp_usrreq.c,v 1.28 1996/03/16 23:54:03 christos Exp $ */ 3 4 /* 5 * Copyright (c) 1982, 1986, 1988, 1990, 1993 6 * The Regents of the University of California. All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 1. Redistributions of source code must retain the above copyright 12 * notice, this list of conditions and the following disclaimer. 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 3. Neither the name of the University nor the names of its contributors 17 * may be used to endorse or promote products derived from this software 18 * without specific prior written permission. 19 * 20 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 23 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 30 * SUCH DAMAGE. 31 * 32 * @(#)COPYRIGHT 1.1 (NRL) 17 January 1995 33 * 34 * NRL grants permission for redistribution and use in source and binary 35 * forms, with or without modification, of the software and documentation 36 * created at NRL provided that the following conditions are met: 37 * 38 * 1. Redistributions of source code must retain the above copyright 39 * notice, this list of conditions and the following disclaimer. 40 * 2. Redistributions in binary form must reproduce the above copyright 41 * notice, this list of conditions and the following disclaimer in the 42 * documentation and/or other materials provided with the distribution. 43 * 3. All advertising materials mentioning features or use of this software 44 * must display the following acknowledgements: 45 * This product includes software developed by the University of 46 * California, Berkeley and its contributors. 47 * This product includes software developed at the Information 48 * Technology Division, US Naval Research Laboratory. 49 * 4. Neither the name of the NRL nor the names of its contributors 50 * may be used to endorse or promote products derived from this software 51 * without specific prior written permission. 52 * 53 * THE SOFTWARE PROVIDED BY NRL IS PROVIDED BY NRL AND CONTRIBUTORS ``AS 54 * IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 55 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A 56 * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL NRL OR 57 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, 58 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, 59 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR 60 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF 61 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 62 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 63 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 64 * 65 * The views and conclusions contained in the software and documentation 66 * are those of the authors and should not be interpreted as representing 67 * official policies, either expressed or implied, of the US Naval 68 * Research Laboratory (NRL). 69 */ 70 71 #include <sys/param.h> 72 #include <sys/systm.h> 73 #include <sys/mbuf.h> 74 #include <sys/protosw.h> 75 #include <sys/socket.h> 76 #include <sys/socketvar.h> 77 #include <sys/sysctl.h> 78 79 #include <net/if.h> 80 #include <net/if_var.h> 81 #include <net/if_media.h> 82 #include <net/route.h> 83 84 #include <netinet/in.h> 85 #include <netinet/in_var.h> 86 #include <netinet/ip.h> 87 #include <netinet/in_pcb.h> 88 #include <netinet/ip_var.h> 89 #include <netinet/ip_icmp.h> 90 #include <netinet/udp.h> 91 #include <netinet/udp_var.h> 92 93 #ifdef IPSEC 94 #include <netinet/ip_ipsp.h> 95 #include <netinet/ip_esp.h> 96 #endif 97 98 #ifdef INET6 99 #include <netinet6/in6_var.h> 100 #include <netinet6/ip6_var.h> 101 #include <netinet6/ip6protosw.h> 102 #endif /* INET6 */ 103 104 #include "pf.h" 105 #if NPF > 0 106 #include <net/pfvar.h> 107 #endif 108 109 #ifdef PIPEX 110 #include <netinet/if_ether.h> 111 #include <net/pipex.h> 112 #endif 113 114 #include "vxlan.h" 115 #if NVXLAN > 0 116 #include <net/if_vxlan.h> 117 #endif 118 119 /* 120 * UDP protocol implementation. 121 * Per RFC 768, August, 1980. 122 */ 123 int udpcksum = 1; 124 125 u_int udp_sendspace = 9216; /* really max datagram size */ 126 u_int udp_recvspace = 40 * (1024 + sizeof(struct sockaddr_in)); 127 /* 40 1K datagrams */ 128 129 int *udpctl_vars[UDPCTL_MAXID] = UDPCTL_VARS; 130 131 struct inpcbtable udbtable; 132 struct udpstat udpstat; 133 134 int udp_output(struct inpcb *, struct mbuf *, struct mbuf *, struct mbuf *); 135 void udp_detach(struct inpcb *); 136 void udp_notify(struct inpcb *, int); 137 138 #ifndef UDB_INITIAL_HASH_SIZE 139 #define UDB_INITIAL_HASH_SIZE 128 140 #endif 141 142 void 143 udp_init() 144 { 145 in_pcbinit(&udbtable, UDB_INITIAL_HASH_SIZE); 146 } 147 148 #ifdef INET6 149 int 150 udp6_input(struct mbuf **mp, int *offp, int proto) 151 { 152 struct mbuf *m = *mp; 153 154 udp_input(m, *offp, proto); 155 return IPPROTO_DONE; 156 } 157 #endif 158 159 void 160 udp_input(struct mbuf *m, ...) 161 { 162 struct ip *ip; 163 struct udphdr *uh; 164 struct inpcb *inp = NULL; 165 struct mbuf *opts = NULL; 166 struct ip save_ip; 167 int iphlen, len; 168 va_list ap; 169 u_int16_t savesum; 170 union { 171 struct sockaddr sa; 172 struct sockaddr_in sin; 173 #ifdef INET6 174 struct sockaddr_in6 sin6; 175 #endif /* INET6 */ 176 } srcsa; 177 #ifdef INET6 178 struct ip6_hdr *ip6; 179 #endif /* INET6 */ 180 #ifdef IPSEC 181 struct m_tag *mtag; 182 struct tdb_ident *tdbi; 183 struct tdb *tdb; 184 int error; 185 u_int32_t ipsecflowinfo = 0; 186 #endif /* IPSEC */ 187 188 va_start(ap, m); 189 iphlen = va_arg(ap, int); 190 va_end(ap); 191 192 udpstat.udps_ipackets++; 193 194 switch (mtod(m, struct ip *)->ip_v) { 195 case 4: 196 ip = mtod(m, struct ip *); 197 #ifdef INET6 198 ip6 = NULL; 199 #endif /* INET6 */ 200 srcsa.sa.sa_family = AF_INET; 201 break; 202 #ifdef INET6 203 case 6: 204 ip = NULL; 205 ip6 = mtod(m, struct ip6_hdr *); 206 srcsa.sa.sa_family = AF_INET6; 207 break; 208 #endif /* INET6 */ 209 default: 210 goto bad; 211 } 212 213 IP6_EXTHDR_GET(uh, struct udphdr *, m, iphlen, sizeof(struct udphdr)); 214 if (!uh) { 215 udpstat.udps_hdrops++; 216 return; 217 } 218 219 /* Check for illegal destination port 0 */ 220 if (uh->uh_dport == 0) { 221 udpstat.udps_noport++; 222 goto bad; 223 } 224 225 /* 226 * Make mbuf data length reflect UDP length. 227 * If not enough data to reflect UDP length, drop. 228 */ 229 len = ntohs((u_int16_t)uh->uh_ulen); 230 if (ip) { 231 if (m->m_pkthdr.len - iphlen != len) { 232 if (len > (m->m_pkthdr.len - iphlen) || 233 len < sizeof(struct udphdr)) { 234 udpstat.udps_badlen++; 235 goto bad; 236 } 237 m_adj(m, len - (m->m_pkthdr.len - iphlen)); 238 } 239 } 240 #ifdef INET6 241 else if (ip6) { 242 /* jumbograms */ 243 if (len == 0 && m->m_pkthdr.len - iphlen > 0xffff) 244 len = m->m_pkthdr.len - iphlen; 245 if (len != m->m_pkthdr.len - iphlen) { 246 udpstat.udps_badlen++; 247 goto bad; 248 } 249 } 250 #endif 251 else /* shouldn't happen */ 252 goto bad; 253 254 /* 255 * Save a copy of the IP header in case we want restore it 256 * for sending an ICMP error message in response. 257 */ 258 if (ip) 259 save_ip = *ip; 260 261 #ifdef INET6 262 if (ip6) { 263 /* Be proactive about malicious use of IPv4 mapped address */ 264 if (IN6_IS_ADDR_V4MAPPED(&ip6->ip6_src) || 265 IN6_IS_ADDR_V4MAPPED(&ip6->ip6_dst)) { 266 /* XXX stat */ 267 goto bad; 268 } 269 } 270 #endif /* INET6 */ 271 272 /* 273 * Checksum extended UDP header and data. 274 * from W.R.Stevens: check incoming udp cksums even if 275 * udpcksum is not set. 276 */ 277 savesum = uh->uh_sum; 278 if (uh->uh_sum == 0) { 279 udpstat.udps_nosum++; 280 #ifdef INET6 281 /* 282 * In IPv6, the UDP checksum is ALWAYS used. 283 */ 284 if (ip6) 285 goto bad; 286 #endif /* INET6 */ 287 } else { 288 if ((m->m_pkthdr.csum_flags & M_UDP_CSUM_IN_OK) == 0) { 289 if (m->m_pkthdr.csum_flags & M_UDP_CSUM_IN_BAD) { 290 udpstat.udps_badsum++; 291 goto bad; 292 } 293 udpstat.udps_inswcsum++; 294 295 if (ip) 296 uh->uh_sum = in4_cksum(m, IPPROTO_UDP, 297 iphlen, len); 298 #ifdef INET6 299 else if (ip6) 300 uh->uh_sum = in6_cksum(m, IPPROTO_UDP, 301 iphlen, len); 302 #endif /* INET6 */ 303 if (uh->uh_sum != 0) { 304 udpstat.udps_badsum++; 305 goto bad; 306 } 307 } 308 } 309 310 #ifdef IPSEC 311 if (udpencap_enable && udpencap_port && 312 #if NPF > 0 313 !(m->m_pkthdr.pf.flags & PF_TAG_DIVERTED) && 314 #endif 315 uh->uh_dport == htons(udpencap_port)) { 316 u_int32_t spi; 317 int skip = iphlen + sizeof(struct udphdr); 318 319 if (m->m_pkthdr.len - skip < sizeof(u_int32_t)) { 320 /* packet too short */ 321 m_freem(m); 322 return; 323 } 324 m_copydata(m, skip, sizeof(u_int32_t), (caddr_t) &spi); 325 /* 326 * decapsulate if the SPI is not zero, otherwise pass 327 * to userland 328 */ 329 if (spi != 0) { 330 if ((m = m_pullup(m, skip)) == NULL) { 331 udpstat.udps_hdrops++; 332 return; 333 } 334 335 /* remove the UDP header */ 336 bcopy(mtod(m, u_char *), 337 mtod(m, u_char *) + sizeof(struct udphdr), iphlen); 338 m_adj(m, sizeof(struct udphdr)); 339 skip -= sizeof(struct udphdr); 340 341 espstat.esps_udpencin++; 342 ipsec_common_input(m, skip, offsetof(struct ip, ip_p), 343 srcsa.sa.sa_family, IPPROTO_ESP, 1); 344 return; 345 } 346 } 347 #endif 348 349 switch (srcsa.sa.sa_family) { 350 case AF_INET: 351 bzero(&srcsa, sizeof(struct sockaddr_in)); 352 srcsa.sin.sin_len = sizeof(struct sockaddr_in); 353 srcsa.sin.sin_family = AF_INET; 354 srcsa.sin.sin_port = uh->uh_sport; 355 srcsa.sin.sin_addr = ip->ip_src; 356 break; 357 #ifdef INET6 358 case AF_INET6: 359 bzero(&srcsa, sizeof(struct sockaddr_in6)); 360 srcsa.sin6.sin6_len = sizeof(struct sockaddr_in6); 361 srcsa.sin6.sin6_family = AF_INET6; 362 srcsa.sin6.sin6_port = uh->uh_sport; 363 #if 0 /*XXX inbound flowinfo */ 364 srcsa.sin6.sin6_flowinfo = htonl(0x0fffffff) & ip6->ip6_flow; 365 #endif 366 /* KAME hack: recover scopeid */ 367 (void)in6_recoverscope(&srcsa.sin6, &ip6->ip6_src, NULL); 368 break; 369 #endif /* INET6 */ 370 } 371 372 #if NVXLAN > 0 373 if (vxlan_enable > 0 && 374 #if NPF > 0 375 !(m->m_pkthdr.pf.flags & PF_TAG_DIVERTED) && 376 #endif 377 (error = vxlan_lookup(m, uh, iphlen, &srcsa.sa)) != 0) { 378 if (error == -1) { 379 udpstat.udps_hdrops++; 380 m_freem(m); 381 } 382 return; 383 } 384 #endif 385 386 if (m->m_flags & (M_BCAST|M_MCAST)) { 387 struct inpcb *last; 388 /* 389 * Deliver a multicast or broadcast datagram to *all* sockets 390 * for which the local and remote addresses and ports match 391 * those of the incoming datagram. This allows more than 392 * one process to receive multi/broadcasts on the same port. 393 * (This really ought to be done for unicast datagrams as 394 * well, but that would cause problems with existing 395 * applications that open both address-specific sockets and 396 * a wildcard socket listening to the same port -- they would 397 * end up receiving duplicates of every unicast datagram. 398 * Those applications open the multiple sockets to overcome an 399 * inadequacy of the UDP socket interface, but for backwards 400 * compatibility we avoid the problem here rather than 401 * fixing the interface. Maybe 4.5BSD will remedy this?) 402 */ 403 404 iphlen += sizeof(struct udphdr); 405 406 /* 407 * Locate pcb(s) for datagram. 408 * (Algorithm copied from raw_intr().) 409 */ 410 last = NULL; 411 TAILQ_FOREACH(inp, &udbtable.inpt_queue, inp_queue) { 412 if (inp->inp_socket->so_state & SS_CANTRCVMORE) 413 continue; 414 #ifdef INET6 415 /* don't accept it if AF does not match */ 416 if (ip6 && !(inp->inp_flags & INP_IPV6)) 417 continue; 418 if (!ip6 && (inp->inp_flags & INP_IPV6)) 419 continue; 420 #endif 421 if (rtable_l2(inp->inp_rtableid) != 422 rtable_l2(m->m_pkthdr.ph_rtableid)) 423 continue; 424 if (inp->inp_lport != uh->uh_dport) 425 continue; 426 #ifdef INET6 427 if (ip6) { 428 if (!IN6_IS_ADDR_UNSPECIFIED(&inp->inp_laddr6)) 429 if (!IN6_ARE_ADDR_EQUAL(&inp->inp_laddr6, 430 &ip6->ip6_dst)) 431 continue; 432 } else 433 #endif /* INET6 */ 434 if (inp->inp_laddr.s_addr != INADDR_ANY) { 435 if (inp->inp_laddr.s_addr != ip->ip_dst.s_addr) 436 continue; 437 } 438 #ifdef INET6 439 if (ip6) { 440 if (!IN6_IS_ADDR_UNSPECIFIED(&inp->inp_faddr6)) 441 if (!IN6_ARE_ADDR_EQUAL(&inp->inp_faddr6, 442 &ip6->ip6_src) || 443 inp->inp_fport != uh->uh_sport) 444 continue; 445 } else 446 #endif /* INET6 */ 447 if (inp->inp_faddr.s_addr != INADDR_ANY) { 448 if (inp->inp_faddr.s_addr != 449 ip->ip_src.s_addr || 450 inp->inp_fport != uh->uh_sport) 451 continue; 452 } 453 454 if (last != NULL) { 455 struct mbuf *n; 456 457 if ((n = m_copy(m, 0, M_COPYALL)) != NULL) { 458 #ifdef INET6 459 if (ip6 && (last->inp_flags & 460 IN6P_CONTROLOPTS || 461 last->inp_socket->so_options & 462 SO_TIMESTAMP)) 463 ip6_savecontrol(last, n, &opts); 464 #endif /* INET6 */ 465 if (ip && (last->inp_flags & 466 INP_CONTROLOPTS || 467 last->inp_socket->so_options & 468 SO_TIMESTAMP)) 469 ip_savecontrol(last, &opts, 470 ip, n); 471 472 m_adj(n, iphlen); 473 if (sbappendaddr( 474 &last->inp_socket->so_rcv, 475 &srcsa.sa, n, opts) == 0) { 476 m_freem(n); 477 if (opts) 478 m_freem(opts); 479 udpstat.udps_fullsock++; 480 } else 481 sorwakeup(last->inp_socket); 482 opts = NULL; 483 } 484 } 485 last = inp; 486 /* 487 * Don't look for additional matches if this one does 488 * not have either the SO_REUSEPORT or SO_REUSEADDR 489 * socket options set. This heuristic avoids searching 490 * through all pcbs in the common case of a non-shared 491 * port. It assumes that an application will never 492 * clear these options after setting them. 493 */ 494 if ((last->inp_socket->so_options & (SO_REUSEPORT | 495 SO_REUSEADDR)) == 0) 496 break; 497 } 498 499 if (last == NULL) { 500 /* 501 * No matching pcb found; discard datagram. 502 * (No need to send an ICMP Port Unreachable 503 * for a broadcast or multicast datgram.) 504 */ 505 udpstat.udps_noportbcast++; 506 goto bad; 507 } 508 509 #ifdef INET6 510 if (ip6 && (last->inp_flags & IN6P_CONTROLOPTS || 511 last->inp_socket->so_options & SO_TIMESTAMP)) 512 ip6_savecontrol(last, m, &opts); 513 #endif /* INET6 */ 514 if (ip && (last->inp_flags & INP_CONTROLOPTS || 515 last->inp_socket->so_options & SO_TIMESTAMP)) 516 ip_savecontrol(last, &opts, ip, m); 517 518 m_adj(m, iphlen); 519 if (sbappendaddr(&last->inp_socket->so_rcv, 520 &srcsa.sa, m, opts) == 0) { 521 udpstat.udps_fullsock++; 522 goto bad; 523 } 524 sorwakeup(last->inp_socket); 525 return; 526 } 527 /* 528 * Locate pcb for datagram. 529 */ 530 #if 0 531 if (m->m_pkthdr.pf.statekey) { 532 inp = m->m_pkthdr.pf.statekey->inp; 533 if (inp && inp->inp_pf_sk) 534 KASSERT(m->m_pkthdr.pf.statekey == inp->inp_pf_sk); 535 } 536 #endif 537 if (inp == NULL) { 538 #ifdef INET6 539 if (ip6) 540 inp = in6_pcbhashlookup(&udbtable, &ip6->ip6_src, 541 uh->uh_sport, &ip6->ip6_dst, uh->uh_dport, 542 m->m_pkthdr.ph_rtableid); 543 else 544 #endif /* INET6 */ 545 inp = in_pcbhashlookup(&udbtable, ip->ip_src, uh->uh_sport, 546 ip->ip_dst, uh->uh_dport, m->m_pkthdr.ph_rtableid); 547 #if NPF > 0 548 if (m->m_pkthdr.pf.statekey && inp) { 549 m->m_pkthdr.pf.statekey->inp = inp; 550 inp->inp_pf_sk = m->m_pkthdr.pf.statekey; 551 } 552 #endif 553 } 554 if (inp == 0) { 555 int inpl_reverse = 0; 556 if (m->m_pkthdr.pf.flags & PF_TAG_TRANSLATE_LOCALHOST) 557 inpl_reverse = 1; 558 ++udpstat.udps_pcbhashmiss; 559 #ifdef INET6 560 if (ip6) { 561 inp = in6_pcblookup_listen(&udbtable, 562 &ip6->ip6_dst, uh->uh_dport, inpl_reverse, m, 563 m->m_pkthdr.ph_rtableid); 564 } else 565 #endif /* INET6 */ 566 inp = in_pcblookup_listen(&udbtable, 567 ip->ip_dst, uh->uh_dport, inpl_reverse, m, 568 m->m_pkthdr.ph_rtableid); 569 if (inp == 0) { 570 udpstat.udps_noport++; 571 if (m->m_flags & (M_BCAST | M_MCAST)) { 572 udpstat.udps_noportbcast++; 573 goto bad; 574 } 575 #ifdef INET6 576 if (ip6) { 577 uh->uh_sum = savesum; 578 icmp6_error(m, ICMP6_DST_UNREACH, 579 ICMP6_DST_UNREACH_NOPORT,0); 580 } else 581 #endif /* INET6 */ 582 { 583 *ip = save_ip; 584 uh->uh_sum = savesum; 585 icmp_error(m, ICMP_UNREACH, ICMP_UNREACH_PORT, 586 0, 0); 587 } 588 return; 589 } 590 } 591 KASSERT(sotoinpcb(inp->inp_socket) == inp); 592 593 #if NPF > 0 594 if (m->m_pkthdr.pf.statekey && !m->m_pkthdr.pf.statekey->inp && 595 !inp->inp_pf_sk && (inp->inp_socket->so_state & SS_ISCONNECTED)) { 596 m->m_pkthdr.pf.statekey->inp = inp; 597 inp->inp_pf_sk = m->m_pkthdr.pf.statekey; 598 } 599 /* The statekey has finished finding the inp, it is no longer needed. */ 600 m->m_pkthdr.pf.statekey = NULL; 601 #endif 602 603 #ifdef IPSEC 604 mtag = m_tag_find(m, PACKET_TAG_IPSEC_IN_DONE, NULL); 605 if (mtag != NULL) { 606 tdbi = (struct tdb_ident *)(mtag + 1); 607 tdb = gettdb(tdbi->rdomain, tdbi->spi, 608 &tdbi->dst, tdbi->proto); 609 } else 610 tdb = NULL; 611 ipsp_spd_lookup(m, srcsa.sa.sa_family, iphlen, &error, 612 IPSP_DIRECTION_IN, tdb, inp, 0); 613 if (error) { 614 udpstat.udps_nosec++; 615 goto bad; 616 } 617 /* create ipsec options while we know that tdb cannot be modified */ 618 if (tdb) 619 ipsecflowinfo = tdb->tdb_spi; 620 #endif /*IPSEC */ 621 622 opts = NULL; 623 #ifdef INET6 624 if (ip6 && (inp->inp_flags & IN6P_CONTROLOPTS || 625 inp->inp_socket->so_options & SO_TIMESTAMP)) 626 ip6_savecontrol(inp, m, &opts); 627 #endif /* INET6 */ 628 if (ip && (inp->inp_flags & INP_CONTROLOPTS || 629 inp->inp_socket->so_options & SO_TIMESTAMP)) 630 ip_savecontrol(inp, &opts, ip, m); 631 #ifdef INET6 632 if (ip6 && (inp->inp_flags & IN6P_RECVDSTPORT)) { 633 struct mbuf **mp = &opts; 634 635 while (*mp) 636 mp = &(*mp)->m_next; 637 *mp = sbcreatecontrol((caddr_t)&uh->uh_dport, sizeof(u_int16_t), 638 IPV6_RECVDSTPORT, IPPROTO_IPV6); 639 } 640 #endif /* INET6 */ 641 if (ip && (inp->inp_flags & INP_RECVDSTPORT)) { 642 struct mbuf **mp = &opts; 643 644 while (*mp) 645 mp = &(*mp)->m_next; 646 *mp = sbcreatecontrol((caddr_t)&uh->uh_dport, sizeof(u_int16_t), 647 IP_RECVDSTPORT, IPPROTO_IP); 648 } 649 #ifdef IPSEC 650 if (ipsecflowinfo && (inp->inp_flags & INP_IPSECFLOWINFO)) { 651 struct mbuf **mp = &opts; 652 653 while (*mp) 654 mp = &(*mp)->m_next; 655 *mp = sbcreatecontrol((caddr_t)&ipsecflowinfo, 656 sizeof(u_int32_t), IP_IPSECFLOWINFO, IPPROTO_IP); 657 } 658 #endif 659 #ifdef PIPEX 660 if (pipex_enable && inp->inp_pipex) { 661 struct pipex_session *session; 662 int off = iphlen + sizeof(struct udphdr); 663 if ((session = pipex_l2tp_lookup_session(m, off)) != NULL) { 664 if ((m = pipex_l2tp_input(m, off, session, 665 ipsecflowinfo)) == NULL) { 666 if (opts) 667 m_freem(opts); 668 return; /* the packet is handled by PIPEX */ 669 } 670 } 671 } 672 #endif 673 674 iphlen += sizeof(struct udphdr); 675 m_adj(m, iphlen); 676 if (sbappendaddr(&inp->inp_socket->so_rcv, &srcsa.sa, m, opts) == 0) { 677 udpstat.udps_fullsock++; 678 goto bad; 679 } 680 sorwakeup(inp->inp_socket); 681 return; 682 bad: 683 m_freem(m); 684 if (opts) 685 m_freem(opts); 686 } 687 688 /* 689 * Notify a udp user of an asynchronous error; 690 * just wake up so that he can collect error status. 691 */ 692 void 693 udp_notify(struct inpcb *inp, int errno) 694 { 695 inp->inp_socket->so_error = errno; 696 sorwakeup(inp->inp_socket); 697 sowwakeup(inp->inp_socket); 698 } 699 700 #ifdef INET6 701 void 702 udp6_ctlinput(int cmd, struct sockaddr *sa, u_int rdomain, void *d) 703 { 704 struct udphdr uh; 705 struct sockaddr_in6 sa6; 706 struct ip6_hdr *ip6; 707 struct mbuf *m; 708 int off; 709 void *cmdarg; 710 struct ip6ctlparam *ip6cp = NULL; 711 struct udp_portonly { 712 u_int16_t uh_sport; 713 u_int16_t uh_dport; 714 } *uhp; 715 void (*notify)(struct inpcb *, int) = udp_notify; 716 717 if (sa == NULL) 718 return; 719 if (sa->sa_family != AF_INET6 || 720 sa->sa_len != sizeof(struct sockaddr_in6)) 721 return; 722 723 if ((unsigned)cmd >= PRC_NCMDS) 724 return; 725 if (PRC_IS_REDIRECT(cmd)) 726 notify = in_rtchange, d = NULL; 727 else if (cmd == PRC_HOSTDEAD) 728 d = NULL; 729 else if (cmd == PRC_MSGSIZE) 730 ; /* special code is present, see below */ 731 else if (inet6ctlerrmap[cmd] == 0) 732 return; 733 734 /* if the parameter is from icmp6, decode it. */ 735 if (d != NULL) { 736 ip6cp = (struct ip6ctlparam *)d; 737 m = ip6cp->ip6c_m; 738 ip6 = ip6cp->ip6c_ip6; 739 off = ip6cp->ip6c_off; 740 cmdarg = ip6cp->ip6c_cmdarg; 741 } else { 742 m = NULL; 743 ip6 = NULL; 744 cmdarg = NULL; 745 /* XXX: translate addresses into internal form */ 746 sa6 = *(struct sockaddr_in6 *)sa; 747 if (in6_embedscope(&sa6.sin6_addr, &sa6, NULL, NULL)) { 748 /* should be impossible */ 749 return; 750 } 751 } 752 753 if (ip6cp && ip6cp->ip6c_finaldst) { 754 bzero(&sa6, sizeof(sa6)); 755 sa6.sin6_family = AF_INET6; 756 sa6.sin6_len = sizeof(sa6); 757 sa6.sin6_addr = *ip6cp->ip6c_finaldst; 758 /* XXX: assuming M is valid in this case */ 759 sa6.sin6_scope_id = in6_addr2scopeid(m->m_pkthdr.rcvif, 760 ip6cp->ip6c_finaldst); 761 if (in6_embedscope(ip6cp->ip6c_finaldst, &sa6, NULL, NULL)) { 762 /* should be impossible */ 763 return; 764 } 765 } else { 766 /* XXX: translate addresses into internal form */ 767 sa6 = *(struct sockaddr_in6 *)sa; 768 if (in6_embedscope(&sa6.sin6_addr, &sa6, NULL, NULL)) { 769 /* should be impossible */ 770 return; 771 } 772 } 773 774 if (ip6) { 775 /* 776 * XXX: We assume that when IPV6 is non NULL, 777 * M and OFF are valid. 778 */ 779 struct sockaddr_in6 sa6_src; 780 781 /* check if we can safely examine src and dst ports */ 782 if (m->m_pkthdr.len < off + sizeof(*uhp)) 783 return; 784 785 bzero(&uh, sizeof(uh)); 786 m_copydata(m, off, sizeof(*uhp), (caddr_t)&uh); 787 788 bzero(&sa6_src, sizeof(sa6_src)); 789 sa6_src.sin6_family = AF_INET6; 790 sa6_src.sin6_len = sizeof(sa6_src); 791 sa6_src.sin6_addr = ip6->ip6_src; 792 sa6_src.sin6_scope_id = in6_addr2scopeid(m->m_pkthdr.rcvif, 793 &ip6->ip6_src); 794 if (in6_embedscope(&sa6_src.sin6_addr, &sa6_src, NULL, NULL)) { 795 /* should be impossible */ 796 return; 797 } 798 799 if (cmd == PRC_MSGSIZE) { 800 int valid = 0; 801 802 /* 803 * Check to see if we have a valid UDP socket 804 * corresponding to the address in the ICMPv6 message 805 * payload. 806 */ 807 if (in6_pcbhashlookup(&udbtable, &sa6.sin6_addr, 808 uh.uh_dport, &sa6_src.sin6_addr, uh.uh_sport, 809 rdomain)) 810 valid = 1; 811 #if 0 812 /* 813 * As the use of sendto(2) is fairly popular, 814 * we may want to allow non-connected pcb too. 815 * But it could be too weak against attacks... 816 * We should at least check if the local address (= s) 817 * is really ours. 818 */ 819 else if (in6_pcblookup_listen(&udbtable, 820 &sa6_src.sin6_addr, uh.uh_sport, 0, 821 rdomain)) 822 valid = 1; 823 #endif 824 825 /* 826 * Depending on the value of "valid" and routing table 827 * size (mtudisc_{hi,lo}wat), we will: 828 * - recalculate the new MTU and create the 829 * corresponding routing entry, or 830 * - ignore the MTU change notification. 831 */ 832 icmp6_mtudisc_update((struct ip6ctlparam *)d, valid); 833 834 /* 835 * regardless of if we called icmp6_mtudisc_update(), 836 * we need to call in6_pcbnotify(), to notify path 837 * MTU change to the userland (2292bis-02), because 838 * some unconnected sockets may share the same 839 * destination and want to know the path MTU. 840 */ 841 } 842 843 (void) in6_pcbnotify(&udbtable, &sa6, uh.uh_dport, 844 &sa6_src, uh.uh_sport, rdomain, cmd, cmdarg, notify); 845 } else { 846 (void) in6_pcbnotify(&udbtable, &sa6, 0, 847 &sa6_any, 0, rdomain, cmd, cmdarg, notify); 848 } 849 } 850 #endif 851 852 void * 853 udp_ctlinput(int cmd, struct sockaddr *sa, u_int rdomain, void *v) 854 { 855 struct ip *ip = v; 856 struct udphdr *uhp; 857 struct in_addr faddr; 858 struct inpcb *inp; 859 void (*notify)(struct inpcb *, int) = udp_notify; 860 int errno; 861 862 if (sa == NULL) 863 return NULL; 864 if (sa->sa_family != AF_INET || 865 sa->sa_len != sizeof(struct sockaddr_in)) 866 return NULL; 867 faddr = satosin(sa)->sin_addr; 868 if (faddr.s_addr == INADDR_ANY) 869 return NULL; 870 871 if ((unsigned)cmd >= PRC_NCMDS) 872 return NULL; 873 errno = inetctlerrmap[cmd]; 874 if (PRC_IS_REDIRECT(cmd)) 875 notify = in_rtchange, ip = 0; 876 else if (cmd == PRC_HOSTDEAD) 877 ip = 0; 878 else if (errno == 0) 879 return NULL; 880 if (ip) { 881 uhp = (struct udphdr *)((caddr_t)ip + (ip->ip_hl << 2)); 882 883 #ifdef IPSEC 884 /* PMTU discovery for udpencap */ 885 if (cmd == PRC_MSGSIZE && ip_mtudisc && udpencap_enable && 886 udpencap_port && uhp->uh_sport == htons(udpencap_port)) { 887 udpencap_ctlinput(cmd, sa, rdomain, v); 888 return (NULL); 889 } 890 #endif 891 inp = in_pcbhashlookup(&udbtable, 892 ip->ip_dst, uhp->uh_dport, ip->ip_src, uhp->uh_sport, 893 rdomain); 894 if (inp && inp->inp_socket != NULL) 895 notify(inp, errno); 896 } else 897 in_pcbnotifyall(&udbtable, sa, rdomain, errno, notify); 898 return (NULL); 899 } 900 901 int 902 udp_output(struct inpcb *inp, struct mbuf *m, struct mbuf *addr, 903 struct mbuf *control) 904 { 905 struct sockaddr_in *sin = NULL; 906 struct udpiphdr *ui; 907 u_int32_t ipsecflowinfo = 0; 908 int len = m->m_pkthdr.len; 909 struct in_addr *laddr; 910 int error = 0; 911 912 #ifdef DIAGNOSTIC 913 if ((inp->inp_flags & INP_IPV6) != 0) 914 panic("IPv6 inpcb to %s", __func__); 915 #endif 916 917 /* 918 * Compute the packet length of the IP header, and 919 * punt if the length looks bogus. 920 */ 921 if ((len + sizeof(struct udpiphdr)) > IP_MAXPACKET) { 922 error = EMSGSIZE; 923 goto release; 924 } 925 926 if (addr) { 927 sin = mtod(addr, struct sockaddr_in *); 928 929 if (addr->m_len != sizeof(*sin)) { 930 error = EINVAL; 931 goto release; 932 } 933 if (sin->sin_family != AF_INET) { 934 error = EAFNOSUPPORT; 935 goto release; 936 } 937 if (sin->sin_port == 0) { 938 error = EADDRNOTAVAIL; 939 goto release; 940 } 941 942 if (inp->inp_faddr.s_addr != INADDR_ANY) { 943 error = EISCONN; 944 goto release; 945 } 946 947 error = in_selectsrc(&laddr, sin, inp->inp_moptions, 948 &inp->inp_route, &inp->inp_laddr, inp->inp_rtableid); 949 if (error) 950 goto release; 951 952 if (inp->inp_lport == 0) { 953 int s = splsoftnet(); 954 error = in_pcbbind(inp, NULL, curproc); 955 splx(s); 956 if (error) 957 goto release; 958 } 959 } else { 960 if (inp->inp_faddr.s_addr == INADDR_ANY) { 961 error = ENOTCONN; 962 goto release; 963 } 964 laddr = &inp->inp_laddr; 965 } 966 967 #ifdef IPSEC 968 if (control && (inp->inp_flags & INP_IPSECFLOWINFO) != 0) { 969 u_int clen; 970 struct cmsghdr *cm; 971 caddr_t cmsgs; 972 973 /* 974 * XXX: Currently, we assume all the optional information is stored 975 * in a single mbuf. 976 */ 977 if (control->m_next) { 978 error = EINVAL; 979 goto release; 980 } 981 982 clen = control->m_len; 983 cmsgs = mtod(control, caddr_t); 984 do { 985 if (clen < CMSG_LEN(0)) { 986 error = EINVAL; 987 goto release; 988 } 989 cm = (struct cmsghdr *)cmsgs; 990 if (cm->cmsg_len < CMSG_LEN(0) || 991 CMSG_ALIGN(cm->cmsg_len) > clen) { 992 error = EINVAL; 993 goto release; 994 } 995 if (cm->cmsg_len == CMSG_LEN(sizeof(ipsecflowinfo)) && 996 cm->cmsg_level == IPPROTO_IP && 997 cm->cmsg_type == IP_IPSECFLOWINFO) { 998 ipsecflowinfo = *(u_int32_t *)CMSG_DATA(cm); 999 break; 1000 } 1001 clen -= CMSG_ALIGN(cm->cmsg_len); 1002 cmsgs += CMSG_ALIGN(cm->cmsg_len); 1003 } while (clen); 1004 } 1005 #endif 1006 /* 1007 * Calculate data length and get a mbuf 1008 * for UDP and IP headers. 1009 */ 1010 M_PREPEND(m, sizeof(struct udpiphdr), M_DONTWAIT); 1011 if (m == NULL) { 1012 error = ENOBUFS; 1013 goto bail; 1014 } 1015 1016 /* 1017 * Fill in mbuf with extended UDP header 1018 * and addresses and length put into network format. 1019 */ 1020 ui = mtod(m, struct udpiphdr *); 1021 bzero(ui->ui_x1, sizeof ui->ui_x1); 1022 ui->ui_pr = IPPROTO_UDP; 1023 ui->ui_len = htons((u_int16_t)len + sizeof (struct udphdr)); 1024 ui->ui_src = *laddr; 1025 ui->ui_dst = sin ? sin->sin_addr : inp->inp_faddr; 1026 ui->ui_sport = inp->inp_lport; 1027 ui->ui_dport = sin ? sin->sin_port : inp->inp_fport; 1028 ui->ui_ulen = ui->ui_len; 1029 ((struct ip *)ui)->ip_len = htons(sizeof (struct udpiphdr) + len); 1030 ((struct ip *)ui)->ip_ttl = inp->inp_ip.ip_ttl; 1031 ((struct ip *)ui)->ip_tos = inp->inp_ip.ip_tos; 1032 if (udpcksum) 1033 m->m_pkthdr.csum_flags |= M_UDP_CSUM_OUT; 1034 1035 udpstat.udps_opackets++; 1036 1037 /* force routing table */ 1038 m->m_pkthdr.ph_rtableid = inp->inp_rtableid; 1039 1040 #if NPF > 0 1041 if (inp->inp_socket->so_state & SS_ISCONNECTED) 1042 m->m_pkthdr.pf.inp = inp; 1043 #endif 1044 1045 error = ip_output(m, inp->inp_options, &inp->inp_route, 1046 (inp->inp_socket->so_options & SO_BROADCAST), inp->inp_moptions, 1047 inp, ipsecflowinfo); 1048 if (error == EACCES) /* translate pf(4) error for userland */ 1049 error = EHOSTUNREACH; 1050 1051 bail: 1052 if (control) 1053 m_freem(control); 1054 return (error); 1055 1056 release: 1057 m_freem(m); 1058 goto bail; 1059 } 1060 1061 /*ARGSUSED*/ 1062 int 1063 udp_usrreq(struct socket *so, int req, struct mbuf *m, struct mbuf *addr, 1064 struct mbuf *control, struct proc *p) 1065 { 1066 struct inpcb *inp = sotoinpcb(so); 1067 int error = 0; 1068 int s; 1069 1070 if (req == PRU_CONTROL) { 1071 #ifdef INET6 1072 if (inp->inp_flags & INP_IPV6) 1073 return (in6_control(so, (u_long)m, (caddr_t)addr, 1074 (struct ifnet *)control)); 1075 else 1076 #endif /* INET6 */ 1077 return (in_control(so, (u_long)m, (caddr_t)addr, 1078 (struct ifnet *)control)); 1079 } 1080 if (inp == NULL && req != PRU_ATTACH) { 1081 error = EINVAL; 1082 goto release; 1083 } 1084 /* 1085 * Note: need to block udp_input while changing 1086 * the udp pcb queue and/or pcb addresses. 1087 */ 1088 switch (req) { 1089 1090 case PRU_ATTACH: 1091 if (inp != NULL) { 1092 error = EINVAL; 1093 break; 1094 } 1095 s = splsoftnet(); 1096 if ((error = soreserve(so, udp_sendspace, udp_recvspace)) || 1097 (error = in_pcballoc(so, &udbtable))) { 1098 splx(s); 1099 break; 1100 } 1101 splx(s); 1102 #ifdef INET6 1103 if (sotoinpcb(so)->inp_flags & INP_IPV6) 1104 sotoinpcb(so)->inp_ipv6.ip6_hlim = ip6_defhlim; 1105 else 1106 #endif /* INET6 */ 1107 sotoinpcb(so)->inp_ip.ip_ttl = ip_defttl; 1108 break; 1109 1110 case PRU_DETACH: 1111 udp_detach(inp); 1112 break; 1113 1114 case PRU_BIND: 1115 s = splsoftnet(); 1116 #ifdef INET6 1117 if (inp->inp_flags & INP_IPV6) 1118 error = in6_pcbbind(inp, addr, p); 1119 else 1120 #endif 1121 error = in_pcbbind(inp, addr, p); 1122 splx(s); 1123 break; 1124 1125 case PRU_LISTEN: 1126 error = EOPNOTSUPP; 1127 break; 1128 1129 case PRU_CONNECT: 1130 #ifdef INET6 1131 if (inp->inp_flags & INP_IPV6) { 1132 if (!IN6_IS_ADDR_UNSPECIFIED(&inp->inp_faddr6)) { 1133 error = EISCONN; 1134 break; 1135 } 1136 s = splsoftnet(); 1137 error = in6_pcbconnect(inp, addr); 1138 splx(s); 1139 } else 1140 #endif /* INET6 */ 1141 { 1142 if (inp->inp_faddr.s_addr != INADDR_ANY) { 1143 error = EISCONN; 1144 break; 1145 } 1146 s = splsoftnet(); 1147 error = in_pcbconnect(inp, addr); 1148 splx(s); 1149 } 1150 1151 if (error == 0) 1152 soisconnected(so); 1153 break; 1154 1155 case PRU_CONNECT2: 1156 error = EOPNOTSUPP; 1157 break; 1158 1159 case PRU_ACCEPT: 1160 error = EOPNOTSUPP; 1161 break; 1162 1163 case PRU_DISCONNECT: 1164 #ifdef INET6 1165 if (inp->inp_flags & INP_IPV6) { 1166 if (IN6_IS_ADDR_UNSPECIFIED(&inp->inp_faddr6)) { 1167 error = ENOTCONN; 1168 break; 1169 } 1170 } else 1171 #endif /* INET6 */ 1172 { 1173 if (inp->inp_faddr.s_addr == INADDR_ANY) { 1174 error = ENOTCONN; 1175 break; 1176 } 1177 } 1178 1179 s = splsoftnet(); 1180 #ifdef INET6 1181 if (inp->inp_flags & INP_IPV6) 1182 inp->inp_laddr6 = in6addr_any; 1183 else 1184 #endif /* INET6 */ 1185 inp->inp_laddr.s_addr = INADDR_ANY; 1186 in_pcbdisconnect(inp); 1187 1188 splx(s); 1189 so->so_state &= ~SS_ISCONNECTED; /* XXX */ 1190 break; 1191 1192 case PRU_SHUTDOWN: 1193 socantsendmore(so); 1194 break; 1195 1196 case PRU_SEND: 1197 #ifdef PIPEX 1198 if (inp->inp_pipex) { 1199 struct pipex_session *session; 1200 1201 if (addr != NULL) 1202 session = 1203 pipex_l2tp_userland_lookup_session(m, 1204 mtod(addr, struct sockaddr *)); 1205 else 1206 #ifdef INET6 1207 if (inp->inp_flags & INP_IPV6) 1208 session = 1209 pipex_l2tp_userland_lookup_session_ipv6( 1210 m, inp->inp_faddr6); 1211 else 1212 #endif 1213 session = 1214 pipex_l2tp_userland_lookup_session_ipv4( 1215 m, inp->inp_faddr); 1216 if (session != NULL) 1217 if ((m = pipex_l2tp_userland_output( 1218 m, session)) == NULL) { 1219 error = ENOMEM; 1220 goto release; 1221 } 1222 } 1223 #endif 1224 1225 #ifdef INET6 1226 if (inp->inp_flags & INP_IPV6) 1227 return (udp6_output(inp, m, addr, control)); 1228 else 1229 return (udp_output(inp, m, addr, control)); 1230 #else 1231 return (udp_output(inp, m, addr, control)); 1232 #endif 1233 1234 case PRU_ABORT: 1235 soisdisconnected(so); 1236 udp_detach(inp); 1237 break; 1238 1239 case PRU_SOCKADDR: 1240 #ifdef INET6 1241 if (inp->inp_flags & INP_IPV6) 1242 in6_setsockaddr(inp, addr); 1243 else 1244 #endif /* INET6 */ 1245 in_setsockaddr(inp, addr); 1246 break; 1247 1248 case PRU_PEERADDR: 1249 #ifdef INET6 1250 if (inp->inp_flags & INP_IPV6) 1251 in6_setpeeraddr(inp, addr); 1252 else 1253 #endif /* INET6 */ 1254 in_setpeeraddr(inp, addr); 1255 break; 1256 1257 case PRU_SENSE: 1258 /* 1259 * stat: don't bother with a blocksize. 1260 */ 1261 /* 1262 * Perhaps Path MTU might be returned for a connected 1263 * UDP socket in this case. 1264 */ 1265 return (0); 1266 1267 case PRU_SENDOOB: 1268 case PRU_FASTTIMO: 1269 case PRU_SLOWTIMO: 1270 case PRU_PROTORCV: 1271 case PRU_PROTOSEND: 1272 error = EOPNOTSUPP; 1273 break; 1274 1275 case PRU_RCVD: 1276 case PRU_RCVOOB: 1277 return (EOPNOTSUPP); /* do not free mbuf's */ 1278 1279 default: 1280 panic("udp_usrreq"); 1281 } 1282 1283 release: 1284 if (control) { 1285 m_freem(control); 1286 } 1287 if (m) 1288 m_freem(m); 1289 return (error); 1290 } 1291 1292 void 1293 udp_detach(struct inpcb *inp) 1294 { 1295 int s = splsoftnet(); 1296 1297 in_pcbdetach(inp); 1298 splx(s); 1299 } 1300 1301 /* 1302 * Sysctl for udp variables. 1303 */ 1304 int 1305 udp_sysctl(int *name, u_int namelen, void *oldp, size_t *oldlenp, void *newp, 1306 size_t newlen) 1307 { 1308 /* All sysctl names at this level are terminal. */ 1309 if (namelen != 1) 1310 return (ENOTDIR); 1311 1312 switch (name[0]) { 1313 case UDPCTL_BADDYNAMIC: 1314 return (sysctl_struct(oldp, oldlenp, newp, newlen, 1315 baddynamicports.udp, sizeof(baddynamicports.udp))); 1316 1317 case UDPCTL_STATS: 1318 if (newp != NULL) 1319 return (EPERM); 1320 return (sysctl_struct(oldp, oldlenp, newp, newlen, 1321 &udpstat, sizeof(udpstat))); 1322 1323 default: 1324 if (name[0] < UDPCTL_MAXID) 1325 return (sysctl_int_arr(udpctl_vars, name, namelen, 1326 oldp, oldlenp, newp, newlen)); 1327 return (ENOPROTOOPT); 1328 } 1329 /* NOTREACHED */ 1330 } 1331