1 /* $OpenBSD: udp_usrreq.c,v 1.231 2017/02/05 16:23:38 jca Exp $ */ 2 /* $NetBSD: udp_usrreq.c,v 1.28 1996/03/16 23:54:03 christos Exp $ */ 3 4 /* 5 * Copyright (c) 1982, 1986, 1988, 1990, 1993 6 * The Regents of the University of California. All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 1. Redistributions of source code must retain the above copyright 12 * notice, this list of conditions and the following disclaimer. 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 3. Neither the name of the University nor the names of its contributors 17 * may be used to endorse or promote products derived from this software 18 * without specific prior written permission. 19 * 20 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 23 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 30 * SUCH DAMAGE. 31 * 32 * @(#)COPYRIGHT 1.1 (NRL) 17 January 1995 33 * 34 * NRL grants permission for redistribution and use in source and binary 35 * forms, with or without modification, of the software and documentation 36 * created at NRL provided that the following conditions are met: 37 * 38 * 1. Redistributions of source code must retain the above copyright 39 * notice, this list of conditions and the following disclaimer. 40 * 2. Redistributions in binary form must reproduce the above copyright 41 * notice, this list of conditions and the following disclaimer in the 42 * documentation and/or other materials provided with the distribution. 43 * 3. All advertising materials mentioning features or use of this software 44 * must display the following acknowledgements: 45 * This product includes software developed by the University of 46 * California, Berkeley and its contributors. 47 * This product includes software developed at the Information 48 * Technology Division, US Naval Research Laboratory. 49 * 4. Neither the name of the NRL nor the names of its contributors 50 * may be used to endorse or promote products derived from this software 51 * without specific prior written permission. 52 * 53 * THE SOFTWARE PROVIDED BY NRL IS PROVIDED BY NRL AND CONTRIBUTORS ``AS 54 * IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 55 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A 56 * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL NRL OR 57 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, 58 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, 59 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR 60 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF 61 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 62 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 63 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 64 * 65 * The views and conclusions contained in the software and documentation 66 * are those of the authors and should not be interpreted as representing 67 * official policies, either expressed or implied, of the US Naval 68 * Research Laboratory (NRL). 69 */ 70 71 #include <sys/param.h> 72 #include <sys/systm.h> 73 #include <sys/mbuf.h> 74 #include <sys/protosw.h> 75 #include <sys/socket.h> 76 #include <sys/socketvar.h> 77 #include <sys/sysctl.h> 78 #include <sys/domain.h> 79 80 #include <net/if.h> 81 #include <net/if_var.h> 82 #include <net/if_media.h> 83 #include <net/route.h> 84 85 #include <netinet/in.h> 86 #include <netinet/in_var.h> 87 #include <netinet/ip.h> 88 #include <netinet/in_pcb.h> 89 #include <netinet/ip_var.h> 90 #include <netinet/ip_icmp.h> 91 #include <netinet/udp.h> 92 #include <netinet/udp_var.h> 93 94 #ifdef IPSEC 95 #include <netinet/ip_ipsp.h> 96 #include <netinet/ip_esp.h> 97 #endif 98 99 #ifdef INET6 100 #include <netinet6/in6_var.h> 101 #include <netinet6/ip6_var.h> 102 #include <netinet6/ip6protosw.h> 103 #endif /* INET6 */ 104 105 #include "pf.h" 106 #if NPF > 0 107 #include <net/pfvar.h> 108 #endif 109 110 #ifdef PIPEX 111 #include <netinet/if_ether.h> 112 #include <net/pipex.h> 113 #endif 114 115 #include "vxlan.h" 116 #if NVXLAN > 0 117 #include <net/if_vxlan.h> 118 #endif 119 120 /* 121 * UDP protocol implementation. 122 * Per RFC 768, August, 1980. 123 */ 124 int udpcksum = 1; 125 126 u_int udp_sendspace = 9216; /* really max datagram size */ 127 u_int udp_recvspace = 40 * (1024 + sizeof(struct sockaddr_in)); 128 /* 40 1K datagrams */ 129 130 int *udpctl_vars[UDPCTL_MAXID] = UDPCTL_VARS; 131 132 struct inpcbtable udbtable; 133 struct cpumem *udpcounters; 134 135 int udp_output(struct inpcb *, struct mbuf *, struct mbuf *, struct mbuf *); 136 void udp_notify(struct inpcb *, int); 137 int udp_sysctl_udpstat(void *, size_t *, void *); 138 139 #ifndef UDB_INITIAL_HASH_SIZE 140 #define UDB_INITIAL_HASH_SIZE 128 141 #endif 142 143 void 144 udp_init(void) 145 { 146 udpcounters = counters_alloc(udps_ncounters); 147 in_pcbinit(&udbtable, UDB_INITIAL_HASH_SIZE); 148 } 149 150 int 151 udp_input(struct mbuf **mp, int *offp, int proto) 152 { 153 struct mbuf *m = *mp; 154 int iphlen = *offp; 155 struct ip *ip; 156 struct udphdr *uh; 157 struct inpcb *inp = NULL; 158 struct mbuf *opts = NULL; 159 struct ip save_ip; 160 int len; 161 u_int16_t savesum; 162 union { 163 struct sockaddr sa; 164 struct sockaddr_in sin; 165 #ifdef INET6 166 struct sockaddr_in6 sin6; 167 #endif /* INET6 */ 168 } srcsa, dstsa; 169 #ifdef INET6 170 struct ip6_hdr *ip6; 171 #endif /* INET6 */ 172 #ifdef IPSEC 173 struct m_tag *mtag; 174 struct tdb_ident *tdbi; 175 struct tdb *tdb; 176 int error, protoff; 177 #endif /* IPSEC */ 178 #if defined(IPSEC) || defined(PIPEX) 179 u_int32_t ipsecflowinfo = 0; 180 #endif /* define(IPSEC) || defined(PIPEX) */ 181 182 udpstat_inc(udps_ipackets); 183 184 switch (mtod(m, struct ip *)->ip_v) { 185 case 4: 186 ip = mtod(m, struct ip *); 187 #ifdef INET6 188 ip6 = NULL; 189 #endif /* INET6 */ 190 srcsa.sa.sa_family = AF_INET; 191 #ifdef IPSEC 192 protoff = offsetof(struct ip, ip_p); 193 #endif /* IPSEC */ 194 break; 195 #ifdef INET6 196 case 6: 197 ip = NULL; 198 ip6 = mtod(m, struct ip6_hdr *); 199 srcsa.sa.sa_family = AF_INET6; 200 #ifdef IPSEC 201 protoff = offsetof(struct ip6_hdr, ip6_nxt); 202 #endif /* IPSEC */ 203 break; 204 #endif /* INET6 */ 205 default: 206 goto bad; 207 } 208 209 IP6_EXTHDR_GET(uh, struct udphdr *, m, iphlen, sizeof(struct udphdr)); 210 if (!uh) { 211 udpstat_inc(udps_hdrops); 212 return IPPROTO_DONE; 213 } 214 215 /* Check for illegal destination port 0 */ 216 if (uh->uh_dport == 0) { 217 udpstat_inc(udps_noport); 218 goto bad; 219 } 220 221 /* 222 * Make mbuf data length reflect UDP length. 223 * If not enough data to reflect UDP length, drop. 224 */ 225 len = ntohs((u_int16_t)uh->uh_ulen); 226 if (ip) { 227 if (m->m_pkthdr.len - iphlen != len) { 228 if (len > (m->m_pkthdr.len - iphlen) || 229 len < sizeof(struct udphdr)) { 230 udpstat_inc(udps_badlen); 231 goto bad; 232 } 233 m_adj(m, len - (m->m_pkthdr.len - iphlen)); 234 } 235 } 236 #ifdef INET6 237 else if (ip6) { 238 /* jumbograms */ 239 if (len == 0 && m->m_pkthdr.len - iphlen > 0xffff) 240 len = m->m_pkthdr.len - iphlen; 241 if (len != m->m_pkthdr.len - iphlen) { 242 udpstat_inc(udps_badlen); 243 goto bad; 244 } 245 } 246 #endif 247 else /* shouldn't happen */ 248 goto bad; 249 250 /* 251 * Save a copy of the IP header in case we want restore it 252 * for sending an ICMP error message in response. 253 */ 254 if (ip) 255 save_ip = *ip; 256 257 #ifdef INET6 258 if (ip6) { 259 /* Be proactive about malicious use of IPv4 mapped address */ 260 if (IN6_IS_ADDR_V4MAPPED(&ip6->ip6_src) || 261 IN6_IS_ADDR_V4MAPPED(&ip6->ip6_dst)) { 262 /* XXX stat */ 263 goto bad; 264 } 265 } 266 #endif /* INET6 */ 267 268 /* 269 * Checksum extended UDP header and data. 270 * from W.R.Stevens: check incoming udp cksums even if 271 * udpcksum is not set. 272 */ 273 savesum = uh->uh_sum; 274 if (uh->uh_sum == 0) { 275 udpstat_inc(udps_nosum); 276 #ifdef INET6 277 /* 278 * In IPv6, the UDP checksum is ALWAYS used. 279 */ 280 if (ip6) 281 goto bad; 282 #endif /* INET6 */ 283 } else { 284 if ((m->m_pkthdr.csum_flags & M_UDP_CSUM_IN_OK) == 0) { 285 if (m->m_pkthdr.csum_flags & M_UDP_CSUM_IN_BAD) { 286 udpstat_inc(udps_badsum); 287 goto bad; 288 } 289 udpstat_inc(udps_inswcsum); 290 291 if (ip) 292 uh->uh_sum = in4_cksum(m, IPPROTO_UDP, 293 iphlen, len); 294 #ifdef INET6 295 else if (ip6) 296 uh->uh_sum = in6_cksum(m, IPPROTO_UDP, 297 iphlen, len); 298 #endif /* INET6 */ 299 if (uh->uh_sum != 0) { 300 udpstat_inc(udps_badsum); 301 goto bad; 302 } 303 } 304 } 305 306 #ifdef IPSEC 307 if (udpencap_enable && udpencap_port && 308 #if NPF > 0 309 !(m->m_pkthdr.pf.flags & PF_TAG_DIVERTED) && 310 #endif 311 uh->uh_dport == htons(udpencap_port)) { 312 u_int32_t spi; 313 int skip = iphlen + sizeof(struct udphdr); 314 315 if (m->m_pkthdr.len - skip < sizeof(u_int32_t)) { 316 /* packet too short */ 317 m_freem(m); 318 return IPPROTO_DONE; 319 } 320 m_copydata(m, skip, sizeof(u_int32_t), (caddr_t) &spi); 321 /* 322 * decapsulate if the SPI is not zero, otherwise pass 323 * to userland 324 */ 325 if (spi != 0) { 326 if ((m = m_pullup(m, skip)) == NULL) { 327 udpstat_inc(udps_hdrops); 328 return IPPROTO_DONE; 329 } 330 331 /* remove the UDP header */ 332 bcopy(mtod(m, u_char *), 333 mtod(m, u_char *) + sizeof(struct udphdr), iphlen); 334 m_adj(m, sizeof(struct udphdr)); 335 skip -= sizeof(struct udphdr); 336 337 espstat.esps_udpencin++; 338 ipsec_common_input(m, skip, protoff, 339 srcsa.sa.sa_family, IPPROTO_ESP, 1); 340 return IPPROTO_DONE; 341 } 342 } 343 #endif 344 345 switch (srcsa.sa.sa_family) { 346 case AF_INET: 347 bzero(&srcsa, sizeof(struct sockaddr_in)); 348 srcsa.sin.sin_len = sizeof(struct sockaddr_in); 349 srcsa.sin.sin_family = AF_INET; 350 srcsa.sin.sin_port = uh->uh_sport; 351 srcsa.sin.sin_addr = ip->ip_src; 352 353 bzero(&dstsa, sizeof(struct sockaddr_in)); 354 dstsa.sin.sin_len = sizeof(struct sockaddr_in); 355 dstsa.sin.sin_family = AF_INET; 356 dstsa.sin.sin_port = uh->uh_dport; 357 dstsa.sin.sin_addr = ip->ip_dst; 358 break; 359 #ifdef INET6 360 case AF_INET6: 361 bzero(&srcsa, sizeof(struct sockaddr_in6)); 362 srcsa.sin6.sin6_len = sizeof(struct sockaddr_in6); 363 srcsa.sin6.sin6_family = AF_INET6; 364 srcsa.sin6.sin6_port = uh->uh_sport; 365 #if 0 /*XXX inbound flowinfo */ 366 srcsa.sin6.sin6_flowinfo = htonl(0x0fffffff) & ip6->ip6_flow; 367 #endif 368 /* KAME hack: recover scopeid */ 369 in6_recoverscope(&srcsa.sin6, &ip6->ip6_src); 370 371 bzero(&dstsa, sizeof(struct sockaddr_in6)); 372 dstsa.sin6.sin6_len = sizeof(struct sockaddr_in6); 373 dstsa.sin6.sin6_family = AF_INET6; 374 dstsa.sin6.sin6_port = uh->uh_dport; 375 #if 0 /*XXX inbound flowinfo */ 376 dstsa.sin6.sin6_flowinfo = htonl(0x0fffffff) & ip6->ip6_flow; 377 #endif 378 /* KAME hack: recover scopeid */ 379 in6_recoverscope(&dstsa.sin6, &ip6->ip6_dst); 380 break; 381 #endif /* INET6 */ 382 } 383 384 #if NVXLAN > 0 385 if (vxlan_enable > 0 && 386 #if NPF > 0 387 !(m->m_pkthdr.pf.flags & PF_TAG_DIVERTED) && 388 #endif 389 vxlan_lookup(m, uh, iphlen, &srcsa.sa, &dstsa.sa) != 0) 390 return IPPROTO_DONE; 391 #endif 392 393 if (m->m_flags & (M_BCAST|M_MCAST)) { 394 struct inpcb *last; 395 /* 396 * Deliver a multicast or broadcast datagram to *all* sockets 397 * for which the local and remote addresses and ports match 398 * those of the incoming datagram. This allows more than 399 * one process to receive multi/broadcasts on the same port. 400 * (This really ought to be done for unicast datagrams as 401 * well, but that would cause problems with existing 402 * applications that open both address-specific sockets and 403 * a wildcard socket listening to the same port -- they would 404 * end up receiving duplicates of every unicast datagram. 405 * Those applications open the multiple sockets to overcome an 406 * inadequacy of the UDP socket interface, but for backwards 407 * compatibility we avoid the problem here rather than 408 * fixing the interface. Maybe 4.5BSD will remedy this?) 409 */ 410 411 iphlen += sizeof(struct udphdr); 412 413 /* 414 * Locate pcb(s) for datagram. 415 * (Algorithm copied from raw_intr().) 416 */ 417 last = NULL; 418 TAILQ_FOREACH(inp, &udbtable.inpt_queue, inp_queue) { 419 if (inp->inp_socket->so_state & SS_CANTRCVMORE) 420 continue; 421 #ifdef INET6 422 /* don't accept it if AF does not match */ 423 if (ip6 && !(inp->inp_flags & INP_IPV6)) 424 continue; 425 if (!ip6 && (inp->inp_flags & INP_IPV6)) 426 continue; 427 #endif 428 if (rtable_l2(inp->inp_rtableid) != 429 rtable_l2(m->m_pkthdr.ph_rtableid)) 430 continue; 431 if (inp->inp_lport != uh->uh_dport) 432 continue; 433 #ifdef INET6 434 if (ip6) { 435 if (inp->inp_ip6_minhlim && 436 inp->inp_ip6_minhlim > ip6->ip6_hlim) 437 continue; 438 if (!IN6_IS_ADDR_UNSPECIFIED(&inp->inp_laddr6)) 439 if (!IN6_ARE_ADDR_EQUAL(&inp->inp_laddr6, 440 &ip6->ip6_dst)) 441 continue; 442 } else 443 #endif /* INET6 */ 444 { 445 if (inp->inp_ip_minttl && 446 inp->inp_ip_minttl > ip->ip_ttl) 447 continue; 448 449 if (inp->inp_laddr.s_addr != INADDR_ANY) { 450 if (inp->inp_laddr.s_addr != 451 ip->ip_dst.s_addr) 452 continue; 453 } 454 } 455 #ifdef INET6 456 if (ip6) { 457 if (!IN6_IS_ADDR_UNSPECIFIED(&inp->inp_faddr6)) 458 if (!IN6_ARE_ADDR_EQUAL(&inp->inp_faddr6, 459 &ip6->ip6_src) || 460 inp->inp_fport != uh->uh_sport) 461 continue; 462 } else 463 #endif /* INET6 */ 464 if (inp->inp_faddr.s_addr != INADDR_ANY) { 465 if (inp->inp_faddr.s_addr != 466 ip->ip_src.s_addr || 467 inp->inp_fport != uh->uh_sport) 468 continue; 469 } 470 471 if (last != NULL) { 472 struct mbuf *n; 473 474 n = m_copym(m, 0, M_COPYALL, M_NOWAIT); 475 if (n != NULL) { 476 #ifdef INET6 477 if (ip6 && (last->inp_flags & 478 IN6P_CONTROLOPTS || 479 last->inp_socket->so_options & 480 SO_TIMESTAMP)) 481 ip6_savecontrol(last, n, &opts); 482 #endif /* INET6 */ 483 if (ip && (last->inp_flags & 484 INP_CONTROLOPTS || 485 last->inp_socket->so_options & 486 SO_TIMESTAMP)) 487 ip_savecontrol(last, &opts, 488 ip, n); 489 490 m_adj(n, iphlen); 491 if (sbappendaddr( 492 &last->inp_socket->so_rcv, 493 &srcsa.sa, n, opts) == 0) { 494 m_freem(n); 495 m_freem(opts); 496 udpstat_inc(udps_fullsock); 497 } else 498 sorwakeup(last->inp_socket); 499 opts = NULL; 500 } 501 } 502 last = inp; 503 /* 504 * Don't look for additional matches if this one does 505 * not have either the SO_REUSEPORT or SO_REUSEADDR 506 * socket options set. This heuristic avoids searching 507 * through all pcbs in the common case of a non-shared 508 * port. It assumes that an application will never 509 * clear these options after setting them. 510 */ 511 if ((last->inp_socket->so_options & (SO_REUSEPORT | 512 SO_REUSEADDR)) == 0) 513 break; 514 } 515 516 if (last == NULL) { 517 /* 518 * No matching pcb found; discard datagram. 519 * (No need to send an ICMP Port Unreachable 520 * for a broadcast or multicast datgram.) 521 */ 522 udpstat_inc(udps_noportbcast); 523 goto bad; 524 } 525 526 #ifdef INET6 527 if (ip6 && (last->inp_flags & IN6P_CONTROLOPTS || 528 last->inp_socket->so_options & SO_TIMESTAMP)) 529 ip6_savecontrol(last, m, &opts); 530 #endif /* INET6 */ 531 if (ip && (last->inp_flags & INP_CONTROLOPTS || 532 last->inp_socket->so_options & SO_TIMESTAMP)) 533 ip_savecontrol(last, &opts, ip, m); 534 535 m_adj(m, iphlen); 536 if (sbappendaddr(&last->inp_socket->so_rcv, 537 &srcsa.sa, m, opts) == 0) { 538 udpstat_inc(udps_fullsock); 539 goto bad; 540 } 541 sorwakeup(last->inp_socket); 542 return IPPROTO_DONE; 543 } 544 /* 545 * Locate pcb for datagram. 546 */ 547 #if NPF > 0 && 0 /* currently disabled */ 548 inp = pf_inp_lookup(m); 549 #endif 550 if (inp == NULL) { 551 #ifdef INET6 552 if (ip6) 553 inp = in6_pcbhashlookup(&udbtable, &ip6->ip6_src, 554 uh->uh_sport, &ip6->ip6_dst, uh->uh_dport, 555 m->m_pkthdr.ph_rtableid); 556 else 557 #endif /* INET6 */ 558 inp = in_pcbhashlookup(&udbtable, ip->ip_src, uh->uh_sport, 559 ip->ip_dst, uh->uh_dport, m->m_pkthdr.ph_rtableid); 560 } 561 if (inp == 0) { 562 int inpl_reverse = 0; 563 if (m->m_pkthdr.pf.flags & PF_TAG_TRANSLATE_LOCALHOST) 564 inpl_reverse = 1; 565 udpstat_inc(udps_pcbhashmiss); 566 #ifdef INET6 567 if (ip6) { 568 inp = in6_pcblookup_listen(&udbtable, 569 &ip6->ip6_dst, uh->uh_dport, inpl_reverse, m, 570 m->m_pkthdr.ph_rtableid); 571 } else 572 #endif /* INET6 */ 573 inp = in_pcblookup_listen(&udbtable, 574 ip->ip_dst, uh->uh_dport, inpl_reverse, m, 575 m->m_pkthdr.ph_rtableid); 576 if (inp == 0) { 577 udpstat_inc(udps_noport); 578 if (m->m_flags & (M_BCAST | M_MCAST)) { 579 udpstat_inc(udps_noportbcast); 580 goto bad; 581 } 582 #ifdef INET6 583 if (ip6) { 584 uh->uh_sum = savesum; 585 icmp6_error(m, ICMP6_DST_UNREACH, 586 ICMP6_DST_UNREACH_NOPORT,0); 587 } else 588 #endif /* INET6 */ 589 { 590 *ip = save_ip; 591 uh->uh_sum = savesum; 592 icmp_error(m, ICMP_UNREACH, ICMP_UNREACH_PORT, 593 0, 0); 594 } 595 return IPPROTO_DONE; 596 } 597 } 598 KASSERT(sotoinpcb(inp->inp_socket) == inp); 599 600 #ifdef INET6 601 if (ip6 && inp->inp_ip6_minhlim && 602 inp->inp_ip6_minhlim > ip6->ip6_hlim) { 603 goto bad; 604 } else 605 #endif 606 if (ip && inp->inp_ip_minttl && 607 inp->inp_ip_minttl > ip->ip_ttl) { 608 goto bad; 609 } 610 611 #if NPF > 0 612 if (inp->inp_socket->so_state & SS_ISCONNECTED) 613 pf_inp_link(m, inp); 614 #endif 615 616 #ifdef IPSEC 617 mtag = m_tag_find(m, PACKET_TAG_IPSEC_IN_DONE, NULL); 618 if (mtag != NULL) { 619 tdbi = (struct tdb_ident *)(mtag + 1); 620 tdb = gettdb(tdbi->rdomain, tdbi->spi, 621 &tdbi->dst, tdbi->proto); 622 } else 623 tdb = NULL; 624 ipsp_spd_lookup(m, srcsa.sa.sa_family, iphlen, &error, 625 IPSP_DIRECTION_IN, tdb, inp, 0); 626 if (error) { 627 udpstat_inc(udps_nosec); 628 goto bad; 629 } 630 /* create ipsec options while we know that tdb cannot be modified */ 631 if (tdb && tdb->tdb_ids) 632 ipsecflowinfo = tdb->tdb_ids->id_flow; 633 #endif /*IPSEC */ 634 635 opts = NULL; 636 #ifdef INET6 637 if (ip6 && (inp->inp_flags & IN6P_CONTROLOPTS || 638 inp->inp_socket->so_options & SO_TIMESTAMP)) 639 ip6_savecontrol(inp, m, &opts); 640 #endif /* INET6 */ 641 if (ip && (inp->inp_flags & INP_CONTROLOPTS || 642 inp->inp_socket->so_options & SO_TIMESTAMP)) 643 ip_savecontrol(inp, &opts, ip, m); 644 #ifdef INET6 645 if (ip6 && (inp->inp_flags & IN6P_RECVDSTPORT)) { 646 struct mbuf **mp = &opts; 647 648 while (*mp) 649 mp = &(*mp)->m_next; 650 *mp = sbcreatecontrol((caddr_t)&uh->uh_dport, sizeof(u_int16_t), 651 IPV6_RECVDSTPORT, IPPROTO_IPV6); 652 } 653 #endif /* INET6 */ 654 if (ip && (inp->inp_flags & INP_RECVDSTPORT)) { 655 struct mbuf **mp = &opts; 656 657 while (*mp) 658 mp = &(*mp)->m_next; 659 *mp = sbcreatecontrol((caddr_t)&uh->uh_dport, sizeof(u_int16_t), 660 IP_RECVDSTPORT, IPPROTO_IP); 661 } 662 #ifdef IPSEC 663 if (ipsecflowinfo && (inp->inp_flags & INP_IPSECFLOWINFO)) { 664 struct mbuf **mp = &opts; 665 666 while (*mp) 667 mp = &(*mp)->m_next; 668 *mp = sbcreatecontrol((caddr_t)&ipsecflowinfo, 669 sizeof(u_int32_t), IP_IPSECFLOWINFO, IPPROTO_IP); 670 } 671 #endif 672 #ifdef PIPEX 673 if (pipex_enable && inp->inp_pipex) { 674 struct pipex_session *session; 675 int off = iphlen + sizeof(struct udphdr); 676 if ((session = pipex_l2tp_lookup_session(m, off)) != NULL) { 677 if ((m = pipex_l2tp_input(m, off, session, 678 ipsecflowinfo)) == NULL) { 679 m_freem(opts); 680 /* the packet is handled by PIPEX */ 681 return IPPROTO_DONE; 682 } 683 } 684 } 685 #endif 686 687 iphlen += sizeof(struct udphdr); 688 m_adj(m, iphlen); 689 if (sbappendaddr(&inp->inp_socket->so_rcv, &srcsa.sa, m, opts) == 0) { 690 udpstat_inc(udps_fullsock); 691 goto bad; 692 } 693 sorwakeup(inp->inp_socket); 694 return IPPROTO_DONE; 695 bad: 696 m_freem(m); 697 m_freem(opts); 698 return IPPROTO_DONE; 699 } 700 701 /* 702 * Notify a udp user of an asynchronous error; 703 * just wake up so that he can collect error status. 704 */ 705 void 706 udp_notify(struct inpcb *inp, int errno) 707 { 708 inp->inp_socket->so_error = errno; 709 sorwakeup(inp->inp_socket); 710 sowwakeup(inp->inp_socket); 711 } 712 713 #ifdef INET6 714 void 715 udp6_ctlinput(int cmd, struct sockaddr *sa, u_int rdomain, void *d) 716 { 717 struct udphdr uh; 718 struct sockaddr_in6 sa6; 719 struct ip6_hdr *ip6; 720 struct mbuf *m; 721 int off; 722 void *cmdarg; 723 struct ip6ctlparam *ip6cp = NULL; 724 struct udp_portonly { 725 u_int16_t uh_sport; 726 u_int16_t uh_dport; 727 } *uhp; 728 void (*notify)(struct inpcb *, int) = udp_notify; 729 730 if (sa == NULL) 731 return; 732 if (sa->sa_family != AF_INET6 || 733 sa->sa_len != sizeof(struct sockaddr_in6)) 734 return; 735 736 if ((unsigned)cmd >= PRC_NCMDS) 737 return; 738 if (PRC_IS_REDIRECT(cmd)) 739 notify = in_rtchange, d = NULL; 740 else if (cmd == PRC_HOSTDEAD) 741 d = NULL; 742 else if (cmd == PRC_MSGSIZE) 743 ; /* special code is present, see below */ 744 else if (inet6ctlerrmap[cmd] == 0) 745 return; 746 747 /* if the parameter is from icmp6, decode it. */ 748 if (d != NULL) { 749 ip6cp = (struct ip6ctlparam *)d; 750 m = ip6cp->ip6c_m; 751 ip6 = ip6cp->ip6c_ip6; 752 off = ip6cp->ip6c_off; 753 cmdarg = ip6cp->ip6c_cmdarg; 754 } else { 755 m = NULL; 756 ip6 = NULL; 757 cmdarg = NULL; 758 /* XXX: translate addresses into internal form */ 759 sa6 = *satosin6(sa); 760 if (in6_embedscope(&sa6.sin6_addr, &sa6, NULL)) { 761 /* should be impossible */ 762 return; 763 } 764 } 765 766 if (ip6cp && ip6cp->ip6c_finaldst) { 767 bzero(&sa6, sizeof(sa6)); 768 sa6.sin6_family = AF_INET6; 769 sa6.sin6_len = sizeof(sa6); 770 sa6.sin6_addr = *ip6cp->ip6c_finaldst; 771 /* XXX: assuming M is valid in this case */ 772 sa6.sin6_scope_id = in6_addr2scopeid(m->m_pkthdr.ph_ifidx, 773 ip6cp->ip6c_finaldst); 774 if (in6_embedscope(ip6cp->ip6c_finaldst, &sa6, NULL)) { 775 /* should be impossible */ 776 return; 777 } 778 } else { 779 /* XXX: translate addresses into internal form */ 780 sa6 = *satosin6(sa); 781 if (in6_embedscope(&sa6.sin6_addr, &sa6, NULL)) { 782 /* should be impossible */ 783 return; 784 } 785 } 786 787 if (ip6) { 788 /* 789 * XXX: We assume that when IPV6 is non NULL, 790 * M and OFF are valid. 791 */ 792 struct sockaddr_in6 sa6_src; 793 794 /* check if we can safely examine src and dst ports */ 795 if (m->m_pkthdr.len < off + sizeof(*uhp)) 796 return; 797 798 bzero(&uh, sizeof(uh)); 799 m_copydata(m, off, sizeof(*uhp), (caddr_t)&uh); 800 801 bzero(&sa6_src, sizeof(sa6_src)); 802 sa6_src.sin6_family = AF_INET6; 803 sa6_src.sin6_len = sizeof(sa6_src); 804 sa6_src.sin6_addr = ip6->ip6_src; 805 sa6_src.sin6_scope_id = in6_addr2scopeid(m->m_pkthdr.ph_ifidx, 806 &ip6->ip6_src); 807 if (in6_embedscope(&sa6_src.sin6_addr, &sa6_src, NULL)) { 808 /* should be impossible */ 809 return; 810 } 811 812 if (cmd == PRC_MSGSIZE) { 813 int valid = 0; 814 815 /* 816 * Check to see if we have a valid UDP socket 817 * corresponding to the address in the ICMPv6 message 818 * payload. 819 */ 820 if (in6_pcbhashlookup(&udbtable, &sa6.sin6_addr, 821 uh.uh_dport, &sa6_src.sin6_addr, uh.uh_sport, 822 rdomain)) 823 valid = 1; 824 #if 0 825 /* 826 * As the use of sendto(2) is fairly popular, 827 * we may want to allow non-connected pcb too. 828 * But it could be too weak against attacks... 829 * We should at least check if the local address (= s) 830 * is really ours. 831 */ 832 else if (in6_pcblookup_listen(&udbtable, 833 &sa6_src.sin6_addr, uh.uh_sport, 0, 834 rdomain)) 835 valid = 1; 836 #endif 837 838 /* 839 * Depending on the value of "valid" and routing table 840 * size (mtudisc_{hi,lo}wat), we will: 841 * - recalculate the new MTU and create the 842 * corresponding routing entry, or 843 * - ignore the MTU change notification. 844 */ 845 icmp6_mtudisc_update((struct ip6ctlparam *)d, valid); 846 847 /* 848 * regardless of if we called icmp6_mtudisc_update(), 849 * we need to call in6_pcbnotify(), to notify path 850 * MTU change to the userland (2292bis-02), because 851 * some unconnected sockets may share the same 852 * destination and want to know the path MTU. 853 */ 854 } 855 856 (void) in6_pcbnotify(&udbtable, &sa6, uh.uh_dport, 857 &sa6_src, uh.uh_sport, rdomain, cmd, cmdarg, notify); 858 } else { 859 (void) in6_pcbnotify(&udbtable, &sa6, 0, 860 &sa6_any, 0, rdomain, cmd, cmdarg, notify); 861 } 862 } 863 #endif 864 865 void 866 udp_ctlinput(int cmd, struct sockaddr *sa, u_int rdomain, void *v) 867 { 868 struct ip *ip = v; 869 struct udphdr *uhp; 870 struct in_addr faddr; 871 struct inpcb *inp; 872 void (*notify)(struct inpcb *, int) = udp_notify; 873 int errno; 874 875 if (sa == NULL) 876 return; 877 if (sa->sa_family != AF_INET || 878 sa->sa_len != sizeof(struct sockaddr_in)) 879 return; 880 faddr = satosin(sa)->sin_addr; 881 if (faddr.s_addr == INADDR_ANY) 882 return; 883 884 if ((unsigned)cmd >= PRC_NCMDS) 885 return; 886 errno = inetctlerrmap[cmd]; 887 if (PRC_IS_REDIRECT(cmd)) 888 notify = in_rtchange, ip = 0; 889 else if (cmd == PRC_HOSTDEAD) 890 ip = 0; 891 else if (errno == 0) 892 return; 893 if (ip) { 894 uhp = (struct udphdr *)((caddr_t)ip + (ip->ip_hl << 2)); 895 896 #ifdef IPSEC 897 /* PMTU discovery for udpencap */ 898 if (cmd == PRC_MSGSIZE && ip_mtudisc && udpencap_enable && 899 udpencap_port && uhp->uh_sport == htons(udpencap_port)) { 900 udpencap_ctlinput(cmd, sa, rdomain, v); 901 return; 902 } 903 #endif 904 inp = in_pcbhashlookup(&udbtable, 905 ip->ip_dst, uhp->uh_dport, ip->ip_src, uhp->uh_sport, 906 rdomain); 907 if (inp && inp->inp_socket != NULL) 908 notify(inp, errno); 909 } else 910 in_pcbnotifyall(&udbtable, sa, rdomain, errno, notify); 911 } 912 913 int 914 udp_output(struct inpcb *inp, struct mbuf *m, struct mbuf *addr, 915 struct mbuf *control) 916 { 917 struct sockaddr_in *sin = NULL; 918 struct udpiphdr *ui; 919 u_int32_t ipsecflowinfo = 0; 920 struct sockaddr_in src_sin; 921 int len = m->m_pkthdr.len; 922 struct in_addr *laddr; 923 int error = 0; 924 925 #ifdef DIAGNOSTIC 926 if ((inp->inp_flags & INP_IPV6) != 0) 927 panic("IPv6 inpcb to %s", __func__); 928 #endif 929 930 /* 931 * Compute the packet length of the IP header, and 932 * punt if the length looks bogus. 933 */ 934 if ((len + sizeof(struct udpiphdr)) > IP_MAXPACKET) { 935 error = EMSGSIZE; 936 goto release; 937 } 938 939 memset(&src_sin, 0, sizeof(src_sin)); 940 941 if (control) { 942 u_int clen; 943 struct cmsghdr *cm; 944 caddr_t cmsgs; 945 946 /* 947 * XXX: Currently, we assume all the optional information is 948 * stored in a single mbuf. 949 */ 950 if (control->m_next) { 951 error = EINVAL; 952 goto release; 953 } 954 955 clen = control->m_len; 956 cmsgs = mtod(control, caddr_t); 957 do { 958 if (clen < CMSG_LEN(0)) { 959 error = EINVAL; 960 goto release; 961 } 962 cm = (struct cmsghdr *)cmsgs; 963 if (cm->cmsg_len < CMSG_LEN(0) || 964 CMSG_ALIGN(cm->cmsg_len) > clen) { 965 error = EINVAL; 966 goto release; 967 } 968 #ifdef IPSEC 969 if ((inp->inp_flags & INP_IPSECFLOWINFO) != 0 && 970 cm->cmsg_len == CMSG_LEN(sizeof(ipsecflowinfo)) && 971 cm->cmsg_level == IPPROTO_IP && 972 cm->cmsg_type == IP_IPSECFLOWINFO) { 973 ipsecflowinfo = *(u_int32_t *)CMSG_DATA(cm); 974 } else 975 #endif 976 if (cm->cmsg_len == CMSG_LEN(sizeof(struct in_addr)) && 977 cm->cmsg_level == IPPROTO_IP && 978 cm->cmsg_type == IP_SENDSRCADDR) { 979 memcpy(&src_sin.sin_addr, CMSG_DATA(cm), 980 sizeof(struct in_addr)); 981 src_sin.sin_family = AF_INET; 982 src_sin.sin_len = sizeof(src_sin); 983 /* no check on reuse when sin->sin_port == 0 */ 984 if ((error = in_pcbaddrisavail(inp, &src_sin, 985 0, curproc))) 986 goto release; 987 } 988 clen -= CMSG_ALIGN(cm->cmsg_len); 989 cmsgs += CMSG_ALIGN(cm->cmsg_len); 990 } while (clen); 991 } 992 993 if (addr) { 994 sin = mtod(addr, struct sockaddr_in *); 995 996 if (addr->m_len != sizeof(*sin)) { 997 error = EINVAL; 998 goto release; 999 } 1000 if (sin->sin_family != AF_INET) { 1001 error = EAFNOSUPPORT; 1002 goto release; 1003 } 1004 if (sin->sin_port == 0) { 1005 error = EADDRNOTAVAIL; 1006 goto release; 1007 } 1008 1009 if (inp->inp_faddr.s_addr != INADDR_ANY) { 1010 error = EISCONN; 1011 goto release; 1012 } 1013 1014 error = in_pcbselsrc(&laddr, sin, inp); 1015 if (error) 1016 goto release; 1017 1018 if (inp->inp_lport == 0) { 1019 error = in_pcbbind(inp, NULL, curproc); 1020 if (error) 1021 goto release; 1022 } 1023 1024 if (src_sin.sin_len > 0 && 1025 src_sin.sin_addr.s_addr != INADDR_ANY && 1026 src_sin.sin_addr.s_addr != inp->inp_laddr.s_addr) { 1027 src_sin.sin_port = inp->inp_lport; 1028 if (inp->inp_laddr.s_addr != INADDR_ANY && 1029 (error = 1030 in_pcbaddrisavail(inp, &src_sin, 0, curproc))) 1031 goto release; 1032 laddr = &src_sin.sin_addr; 1033 } 1034 } else { 1035 if (inp->inp_faddr.s_addr == INADDR_ANY) { 1036 error = ENOTCONN; 1037 goto release; 1038 } 1039 laddr = &inp->inp_laddr; 1040 } 1041 1042 /* 1043 * Calculate data length and get a mbuf 1044 * for UDP and IP headers. 1045 */ 1046 M_PREPEND(m, sizeof(struct udpiphdr), M_DONTWAIT); 1047 if (m == NULL) { 1048 error = ENOBUFS; 1049 goto bail; 1050 } 1051 1052 /* 1053 * Fill in mbuf with extended UDP header 1054 * and addresses and length put into network format. 1055 */ 1056 ui = mtod(m, struct udpiphdr *); 1057 bzero(ui->ui_x1, sizeof ui->ui_x1); 1058 ui->ui_pr = IPPROTO_UDP; 1059 ui->ui_len = htons((u_int16_t)len + sizeof (struct udphdr)); 1060 ui->ui_src = *laddr; 1061 ui->ui_dst = sin ? sin->sin_addr : inp->inp_faddr; 1062 ui->ui_sport = inp->inp_lport; 1063 ui->ui_dport = sin ? sin->sin_port : inp->inp_fport; 1064 ui->ui_ulen = ui->ui_len; 1065 ((struct ip *)ui)->ip_len = htons(sizeof (struct udpiphdr) + len); 1066 ((struct ip *)ui)->ip_ttl = inp->inp_ip.ip_ttl; 1067 ((struct ip *)ui)->ip_tos = inp->inp_ip.ip_tos; 1068 if (udpcksum) 1069 m->m_pkthdr.csum_flags |= M_UDP_CSUM_OUT; 1070 1071 udpstat_inc(udps_opackets); 1072 1073 /* force routing table */ 1074 m->m_pkthdr.ph_rtableid = inp->inp_rtableid; 1075 1076 #if NPF > 0 1077 if (inp->inp_socket->so_state & SS_ISCONNECTED) 1078 m->m_pkthdr.pf.inp = inp; 1079 #endif 1080 1081 error = ip_output(m, inp->inp_options, &inp->inp_route, 1082 (inp->inp_socket->so_options & SO_BROADCAST), inp->inp_moptions, 1083 inp, ipsecflowinfo); 1084 if (error == EACCES) /* translate pf(4) error for userland */ 1085 error = EHOSTUNREACH; 1086 1087 bail: 1088 m_freem(control); 1089 return (error); 1090 1091 release: 1092 m_freem(m); 1093 goto bail; 1094 } 1095 1096 /*ARGSUSED*/ 1097 int 1098 udp_usrreq(struct socket *so, int req, struct mbuf *m, struct mbuf *addr, 1099 struct mbuf *control, struct proc *p) 1100 { 1101 struct inpcb *inp; 1102 int error = 0; 1103 1104 NET_ASSERT_LOCKED(); 1105 1106 if (req == PRU_CONTROL) { 1107 #ifdef INET6 1108 if (sotopf(so) == PF_INET6) 1109 return (in6_control(so, (u_long)m, (caddr_t)addr, 1110 (struct ifnet *)control)); 1111 else 1112 #endif /* INET6 */ 1113 return (in_control(so, (u_long)m, (caddr_t)addr, 1114 (struct ifnet *)control)); 1115 } 1116 1117 inp = sotoinpcb(so); 1118 if (inp == NULL && req != PRU_ATTACH) { 1119 error = EINVAL; 1120 goto release; 1121 } 1122 1123 /* 1124 * Note: need to block udp_input while changing 1125 * the udp pcb queue and/or pcb addresses. 1126 */ 1127 switch (req) { 1128 1129 case PRU_ATTACH: 1130 if (inp != NULL) { 1131 error = EINVAL; 1132 break; 1133 } 1134 if ((error = soreserve(so, udp_sendspace, udp_recvspace)) || 1135 (error = in_pcballoc(so, &udbtable))) 1136 break; 1137 #ifdef INET6 1138 if (sotoinpcb(so)->inp_flags & INP_IPV6) 1139 sotoinpcb(so)->inp_ipv6.ip6_hlim = ip6_defhlim; 1140 else 1141 #endif /* INET6 */ 1142 sotoinpcb(so)->inp_ip.ip_ttl = ip_defttl; 1143 break; 1144 1145 case PRU_DETACH: 1146 in_pcbdetach(inp); 1147 break; 1148 1149 case PRU_BIND: 1150 error = in_pcbbind(inp, addr, p); 1151 break; 1152 1153 case PRU_LISTEN: 1154 error = EOPNOTSUPP; 1155 break; 1156 1157 case PRU_CONNECT: 1158 #ifdef INET6 1159 if (inp->inp_flags & INP_IPV6) { 1160 if (!IN6_IS_ADDR_UNSPECIFIED(&inp->inp_faddr6)) { 1161 error = EISCONN; 1162 break; 1163 } 1164 error = in6_pcbconnect(inp, addr); 1165 } else 1166 #endif /* INET6 */ 1167 { 1168 if (inp->inp_faddr.s_addr != INADDR_ANY) { 1169 error = EISCONN; 1170 break; 1171 } 1172 error = in_pcbconnect(inp, addr); 1173 } 1174 1175 if (error == 0) 1176 soisconnected(so); 1177 break; 1178 1179 case PRU_CONNECT2: 1180 error = EOPNOTSUPP; 1181 break; 1182 1183 case PRU_ACCEPT: 1184 error = EOPNOTSUPP; 1185 break; 1186 1187 case PRU_DISCONNECT: 1188 #ifdef INET6 1189 if (inp->inp_flags & INP_IPV6) { 1190 if (IN6_IS_ADDR_UNSPECIFIED(&inp->inp_faddr6)) { 1191 error = ENOTCONN; 1192 break; 1193 } 1194 } else 1195 #endif /* INET6 */ 1196 { 1197 if (inp->inp_faddr.s_addr == INADDR_ANY) { 1198 error = ENOTCONN; 1199 break; 1200 } 1201 } 1202 1203 #ifdef INET6 1204 if (inp->inp_flags & INP_IPV6) 1205 inp->inp_laddr6 = in6addr_any; 1206 else 1207 #endif /* INET6 */ 1208 inp->inp_laddr.s_addr = INADDR_ANY; 1209 in_pcbdisconnect(inp); 1210 1211 so->so_state &= ~SS_ISCONNECTED; /* XXX */ 1212 break; 1213 1214 case PRU_SHUTDOWN: 1215 socantsendmore(so); 1216 break; 1217 1218 case PRU_SEND: 1219 #ifdef PIPEX 1220 if (inp->inp_pipex) { 1221 struct pipex_session *session; 1222 1223 if (addr != NULL) 1224 session = 1225 pipex_l2tp_userland_lookup_session(m, 1226 mtod(addr, struct sockaddr *)); 1227 else 1228 #ifdef INET6 1229 if (inp->inp_flags & INP_IPV6) 1230 session = 1231 pipex_l2tp_userland_lookup_session_ipv6( 1232 m, inp->inp_faddr6); 1233 else 1234 #endif 1235 session = 1236 pipex_l2tp_userland_lookup_session_ipv4( 1237 m, inp->inp_faddr); 1238 if (session != NULL) 1239 if ((m = pipex_l2tp_userland_output( 1240 m, session)) == NULL) { 1241 error = ENOMEM; 1242 goto release; 1243 } 1244 } 1245 #endif 1246 1247 #ifdef INET6 1248 if (inp->inp_flags & INP_IPV6) 1249 error = udp6_output(inp, m, addr, control); 1250 else 1251 #endif 1252 error = udp_output(inp, m, addr, control); 1253 return (error); 1254 1255 case PRU_ABORT: 1256 soisdisconnected(so); 1257 in_pcbdetach(inp); 1258 break; 1259 1260 case PRU_SOCKADDR: 1261 #ifdef INET6 1262 if (inp->inp_flags & INP_IPV6) 1263 in6_setsockaddr(inp, addr); 1264 else 1265 #endif /* INET6 */ 1266 in_setsockaddr(inp, addr); 1267 break; 1268 1269 case PRU_PEERADDR: 1270 #ifdef INET6 1271 if (inp->inp_flags & INP_IPV6) 1272 in6_setpeeraddr(inp, addr); 1273 else 1274 #endif /* INET6 */ 1275 in_setpeeraddr(inp, addr); 1276 break; 1277 1278 case PRU_SENSE: 1279 /* 1280 * stat: don't bother with a blocksize. 1281 */ 1282 /* 1283 * Perhaps Path MTU might be returned for a connected 1284 * UDP socket in this case. 1285 */ 1286 return (0); 1287 1288 case PRU_SENDOOB: 1289 case PRU_FASTTIMO: 1290 case PRU_SLOWTIMO: 1291 case PRU_PROTORCV: 1292 case PRU_PROTOSEND: 1293 error = EOPNOTSUPP; 1294 break; 1295 1296 case PRU_RCVD: 1297 case PRU_RCVOOB: 1298 return (EOPNOTSUPP); /* do not free mbuf's */ 1299 1300 default: 1301 panic("udp_usrreq"); 1302 } 1303 1304 release: 1305 m_freem(control); 1306 m_freem(m); 1307 return (error); 1308 } 1309 1310 /* 1311 * Sysctl for udp variables. 1312 */ 1313 int 1314 udp_sysctl(int *name, u_int namelen, void *oldp, size_t *oldlenp, void *newp, 1315 size_t newlen) 1316 { 1317 /* All sysctl names at this level are terminal. */ 1318 if (namelen != 1) 1319 return (ENOTDIR); 1320 1321 switch (name[0]) { 1322 case UDPCTL_BADDYNAMIC: 1323 return (sysctl_struct(oldp, oldlenp, newp, newlen, 1324 baddynamicports.udp, sizeof(baddynamicports.udp))); 1325 1326 case UDPCTL_ROOTONLY: 1327 if (newp && securelevel > 0) 1328 return (EPERM); 1329 return (sysctl_struct(oldp, oldlenp, newp, newlen, 1330 rootonlyports.udp, sizeof(rootonlyports.udp))); 1331 1332 case UDPCTL_STATS: 1333 if (newp != NULL) 1334 return (EPERM); 1335 1336 return (udp_sysctl_udpstat(oldp, oldlenp, newp)); 1337 1338 default: 1339 if (name[0] < UDPCTL_MAXID) 1340 return (sysctl_int_arr(udpctl_vars, name, namelen, 1341 oldp, oldlenp, newp, newlen)); 1342 return (ENOPROTOOPT); 1343 } 1344 /* NOTREACHED */ 1345 } 1346 1347 int 1348 udp_sysctl_udpstat(void *oldp, size_t *oldlenp, void *newp) 1349 { 1350 uint64_t counters[udps_ncounters]; 1351 struct udpstat udpstat; 1352 u_long *words = (u_long *)&udpstat; 1353 int i; 1354 1355 CTASSERT(sizeof(udpstat) == (nitems(counters) * sizeof(u_long))); 1356 1357 counters_read(udpcounters, counters, nitems(counters)); 1358 1359 for (i = 0; i < nitems(counters); i++) 1360 words[i] = (u_long)counters[i]; 1361 1362 return (sysctl_rdstruct(oldp, oldlenp, newp, 1363 &udpstat, sizeof(udpstat))); 1364 } 1365