1 /* $OpenBSD: udp_usrreq.c,v 1.112 2006/12/09 01:12:28 itojun Exp $ */ 2 /* $NetBSD: udp_usrreq.c,v 1.28 1996/03/16 23:54:03 christos Exp $ */ 3 4 /* 5 * Copyright (c) 1982, 1986, 1988, 1990, 1993 6 * The Regents of the University of California. All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 1. Redistributions of source code must retain the above copyright 12 * notice, this list of conditions and the following disclaimer. 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 3. Neither the name of the University nor the names of its contributors 17 * may be used to endorse or promote products derived from this software 18 * without specific prior written permission. 19 * 20 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 23 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 30 * SUCH DAMAGE. 31 * 32 * @(#)COPYRIGHT 1.1 (NRL) 17 January 1995 33 * 34 * NRL grants permission for redistribution and use in source and binary 35 * forms, with or without modification, of the software and documentation 36 * created at NRL provided that the following conditions are met: 37 * 38 * 1. Redistributions of source code must retain the above copyright 39 * notice, this list of conditions and the following disclaimer. 40 * 2. Redistributions in binary form must reproduce the above copyright 41 * notice, this list of conditions and the following disclaimer in the 42 * documentation and/or other materials provided with the distribution. 43 * 3. All advertising materials mentioning features or use of this software 44 * must display the following acknowledgements: 45 * This product includes software developed by the University of 46 * California, Berkeley and its contributors. 47 * This product includes software developed at the Information 48 * Technology Division, US Naval Research Laboratory. 49 * 4. Neither the name of the NRL nor the names of its contributors 50 * may be used to endorse or promote products derived from this software 51 * without specific prior written permission. 52 * 53 * THE SOFTWARE PROVIDED BY NRL IS PROVIDED BY NRL AND CONTRIBUTORS ``AS 54 * IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 55 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A 56 * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL NRL OR 57 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, 58 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, 59 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR 60 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF 61 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 62 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 63 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 64 * 65 * The views and conclusions contained in the software and documentation 66 * are those of the authors and should not be interpreted as representing 67 * official policies, either expressed or implied, of the US Naval 68 * Research Laboratory (NRL). 69 */ 70 71 #include <sys/param.h> 72 #include <sys/systm.h> 73 #include <sys/mbuf.h> 74 #include <sys/protosw.h> 75 #include <sys/socket.h> 76 #include <sys/socketvar.h> 77 #include <sys/sysctl.h> 78 79 #include <net/if.h> 80 #include <net/route.h> 81 82 #include <netinet/in.h> 83 #include <netinet/in_systm.h> 84 #include <netinet/in_var.h> 85 #include <netinet/ip.h> 86 #include <netinet/in_pcb.h> 87 #include <netinet/ip_var.h> 88 #include <netinet/ip_icmp.h> 89 #include <netinet/udp.h> 90 #include <netinet/udp_var.h> 91 92 #ifdef IPSEC 93 #include <netinet/ip_ipsp.h> 94 #include <netinet/ip_esp.h> 95 #endif 96 97 #ifdef INET6 98 #ifndef INET 99 #include <netinet/in.h> 100 #endif 101 #include <netinet6/ip6protosw.h> 102 103 extern int ip6_defhlim; 104 #endif /* INET6 */ 105 106 /* 107 * UDP protocol implementation. 108 * Per RFC 768, August, 1980. 109 */ 110 int udpcksum = 1; 111 112 u_int udp_sendspace = 9216; /* really max datagram size */ 113 u_int udp_recvspace = 40 * (1024 + sizeof(struct sockaddr_in)); 114 /* 40 1K datagrams */ 115 116 int *udpctl_vars[UDPCTL_MAXID] = UDPCTL_VARS; 117 118 struct inpcbtable udbtable; 119 struct udpstat udpstat; 120 121 static void udp_detach(struct inpcb *); 122 static void udp_notify(struct inpcb *, int); 123 124 #ifndef UDBHASHSIZE 125 #define UDBHASHSIZE 128 126 #endif 127 int udbhashsize = UDBHASHSIZE; 128 129 /* from in_pcb.c */ 130 extern struct baddynamicports baddynamicports; 131 132 void 133 udp_init() 134 { 135 in_pcbinit(&udbtable, udbhashsize); 136 } 137 138 #ifdef INET6 139 int 140 udp6_input(mp, offp, proto) 141 struct mbuf **mp; 142 int *offp, proto; 143 { 144 struct mbuf *m = *mp; 145 146 #if defined(NFAITH) && 0 < NFAITH 147 if (m->m_pkthdr.rcvif) { 148 if (m->m_pkthdr.rcvif->if_type == IFT_FAITH) { 149 /* XXX send icmp6 host/port unreach? */ 150 m_freem(m); 151 return IPPROTO_DONE; 152 } 153 } 154 #endif 155 156 udp_input(m, *offp, proto); 157 return IPPROTO_DONE; 158 } 159 #endif 160 161 void 162 udp_input(struct mbuf *m, ...) 163 { 164 struct ip *ip; 165 struct udphdr *uh; 166 struct inpcb *inp; 167 struct mbuf *opts = NULL; 168 struct ip save_ip; 169 int iphlen, len; 170 va_list ap; 171 u_int16_t savesum; 172 union { 173 struct sockaddr sa; 174 struct sockaddr_in sin; 175 #ifdef INET6 176 struct sockaddr_in6 sin6; 177 #endif /* INET6 */ 178 } srcsa, dstsa; 179 #ifdef INET6 180 struct ip6_hdr *ip6; 181 #endif /* INET6 */ 182 #ifdef IPSEC 183 struct m_tag *mtag; 184 struct tdb_ident *tdbi; 185 struct tdb *tdb; 186 int error, s; 187 #endif /* IPSEC */ 188 189 va_start(ap, m); 190 iphlen = va_arg(ap, int); 191 va_end(ap); 192 193 udpstat.udps_ipackets++; 194 195 switch (mtod(m, struct ip *)->ip_v) { 196 case 4: 197 ip = mtod(m, struct ip *); 198 #ifdef INET6 199 ip6 = NULL; 200 #endif /* INET6 */ 201 srcsa.sa.sa_family = AF_INET; 202 break; 203 #ifdef INET6 204 case 6: 205 ip = NULL; 206 ip6 = mtod(m, struct ip6_hdr *); 207 srcsa.sa.sa_family = AF_INET6; 208 break; 209 #endif /* INET6 */ 210 default: 211 goto bad; 212 } 213 214 IP6_EXTHDR_GET(uh, struct udphdr *, m, iphlen, sizeof(struct udphdr)); 215 if (!uh) { 216 udpstat.udps_hdrops++; 217 return; 218 } 219 220 /* Check for illegal destination port 0 */ 221 if (uh->uh_dport == 0) { 222 udpstat.udps_noport++; 223 goto bad; 224 } 225 226 /* 227 * Make mbuf data length reflect UDP length. 228 * If not enough data to reflect UDP length, drop. 229 */ 230 len = ntohs((u_int16_t)uh->uh_ulen); 231 if (ip) { 232 if (m->m_pkthdr.len - iphlen != len) { 233 if (len > (m->m_pkthdr.len - iphlen) || 234 len < sizeof(struct udphdr)) { 235 udpstat.udps_badlen++; 236 goto bad; 237 } 238 m_adj(m, len - (m->m_pkthdr.len - iphlen)); 239 } 240 } 241 #ifdef INET6 242 else if (ip6) { 243 /* jumbograms */ 244 if (len == 0 && m->m_pkthdr.len - iphlen > 0xffff) 245 len = m->m_pkthdr.len - iphlen; 246 if (len != m->m_pkthdr.len - iphlen) { 247 udpstat.udps_badlen++; 248 goto bad; 249 } 250 } 251 #endif 252 else /* shouldn't happen */ 253 goto bad; 254 255 /* 256 * Save a copy of the IP header in case we want restore it 257 * for sending an ICMP error message in response. 258 */ 259 if (ip) 260 save_ip = *ip; 261 262 /* 263 * Checksum extended UDP header and data. 264 * from W.R.Stevens: check incoming udp cksums even if 265 * udpcksum is not set. 266 */ 267 savesum = uh->uh_sum; 268 #ifdef INET6 269 if (ip6) { 270 /* Be proactive about malicious use of IPv4 mapped address */ 271 if (IN6_IS_ADDR_V4MAPPED(&ip6->ip6_src) || 272 IN6_IS_ADDR_V4MAPPED(&ip6->ip6_dst)) { 273 /* XXX stat */ 274 goto bad; 275 } 276 277 /* 278 * In IPv6, the UDP checksum is ALWAYS used. 279 */ 280 if (uh->uh_sum == 0) { 281 udpstat.udps_nosum++; 282 goto bad; 283 } 284 if ((uh->uh_sum = in6_cksum(m, IPPROTO_UDP, iphlen, len))) { 285 udpstat.udps_badsum++; 286 goto bad; 287 } 288 } else 289 #endif /* INET6 */ 290 if (uh->uh_sum) { 291 if ((m->m_pkthdr.csum_flags & M_UDP_CSUM_IN_OK) == 0) { 292 if (m->m_pkthdr.csum_flags & M_UDP_CSUM_IN_BAD) { 293 udpstat.udps_badsum++; 294 udpstat.udps_inhwcsum++; 295 m_freem(m); 296 return; 297 } 298 299 if ((uh->uh_sum = in4_cksum(m, IPPROTO_UDP, 300 iphlen, len))) { 301 udpstat.udps_badsum++; 302 m_freem(m); 303 return; 304 } 305 } else { 306 m->m_pkthdr.csum_flags &= ~M_UDP_CSUM_IN_OK; 307 udpstat.udps_inhwcsum++; 308 } 309 } else 310 udpstat.udps_nosum++; 311 312 #ifdef IPSEC 313 if (udpencap_enable && udpencap_port && 314 uh->uh_dport == htons(udpencap_port)) { 315 u_int32_t spi; 316 int skip = iphlen + sizeof(struct udphdr); 317 318 if (m->m_pkthdr.len - skip < sizeof(u_int32_t)) { 319 /* packet too short */ 320 m_freem(m); 321 return; 322 } 323 m_copydata(m, skip, sizeof(u_int32_t), (caddr_t) &spi); 324 /* 325 * decapsulate if the SPI is not zero, otherwise pass 326 * to userland 327 */ 328 if (spi != 0) { 329 if ((m = m_pullup2(m, skip)) == NULL) { 330 udpstat.udps_hdrops++; 331 return; 332 } 333 334 /* remove the UDP header */ 335 bcopy(mtod(m, u_char *), 336 mtod(m, u_char *) + sizeof(struct udphdr), iphlen); 337 m_adj(m, sizeof(struct udphdr)); 338 skip -= sizeof(struct udphdr); 339 340 espstat.esps_udpencin++; 341 ipsec_common_input(m, skip, offsetof(struct ip, ip_p), 342 srcsa.sa.sa_family, IPPROTO_ESP, 1); 343 return; 344 } 345 } 346 #endif 347 348 switch (srcsa.sa.sa_family) { 349 case AF_INET: 350 bzero(&srcsa, sizeof(struct sockaddr_in)); 351 srcsa.sin.sin_len = sizeof(struct sockaddr_in); 352 srcsa.sin.sin_family = AF_INET; 353 srcsa.sin.sin_port = uh->uh_sport; 354 srcsa.sin.sin_addr = ip->ip_src; 355 356 bzero(&dstsa, sizeof(struct sockaddr_in)); 357 dstsa.sin.sin_len = sizeof(struct sockaddr_in); 358 dstsa.sin.sin_family = AF_INET; 359 dstsa.sin.sin_port = uh->uh_dport; 360 dstsa.sin.sin_addr = ip->ip_dst; 361 break; 362 #ifdef INET6 363 case AF_INET6: 364 bzero(&srcsa, sizeof(struct sockaddr_in6)); 365 srcsa.sin6.sin6_len = sizeof(struct sockaddr_in6); 366 srcsa.sin6.sin6_family = AF_INET6; 367 srcsa.sin6.sin6_port = uh->uh_sport; 368 #if 0 /*XXX inbound flowinfo */ 369 srcsa.sin6.sin6_flowinfo = htonl(0x0fffffff) & ip6->ip6_flow; 370 #endif 371 /* KAME hack: recover scopeid */ 372 (void)in6_recoverscope(&srcsa.sin6, &ip6->ip6_src, 373 m->m_pkthdr.rcvif); 374 375 bzero(&dstsa, sizeof(struct sockaddr_in6)); 376 dstsa.sin6.sin6_len = sizeof(struct sockaddr_in6); 377 dstsa.sin6.sin6_family = AF_INET6; 378 dstsa.sin6.sin6_port = uh->uh_dport; 379 /* KAME hack: recover scopeid */ 380 (void)in6_recoverscope(&dstsa.sin6, &ip6->ip6_dst, 381 m->m_pkthdr.rcvif); 382 break; 383 #endif /* INET6 */ 384 } 385 386 #ifdef INET6 387 if ((ip6 && IN6_IS_ADDR_MULTICAST(&ip6->ip6_dst)) || 388 (ip && IN_MULTICAST(ip->ip_dst.s_addr)) || 389 (ip && in_broadcast(ip->ip_dst, m->m_pkthdr.rcvif))) { 390 #else /* INET6 */ 391 if (IN_MULTICAST(ip->ip_dst.s_addr) || 392 in_broadcast(ip->ip_dst, m->m_pkthdr.rcvif)) { 393 #endif /* INET6 */ 394 struct inpcb *last; 395 /* 396 * Deliver a multicast or broadcast datagram to *all* sockets 397 * for which the local and remote addresses and ports match 398 * those of the incoming datagram. This allows more than 399 * one process to receive multi/broadcasts on the same port. 400 * (This really ought to be done for unicast datagrams as 401 * well, but that would cause problems with existing 402 * applications that open both address-specific sockets and 403 * a wildcard socket listening to the same port -- they would 404 * end up receiving duplicates of every unicast datagram. 405 * Those applications open the multiple sockets to overcome an 406 * inadequacy of the UDP socket interface, but for backwards 407 * compatibility we avoid the problem here rather than 408 * fixing the interface. Maybe 4.5BSD will remedy this?) 409 */ 410 411 iphlen += sizeof(struct udphdr); 412 413 /* 414 * Locate pcb(s) for datagram. 415 * (Algorithm copied from raw_intr().) 416 */ 417 last = NULL; 418 CIRCLEQ_FOREACH(inp, &udbtable.inpt_queue, inp_queue) { 419 #ifdef INET6 420 /* don't accept it if AF does not match */ 421 if (ip6 && !(inp->inp_flags & INP_IPV6)) 422 continue; 423 if (!ip6 && (inp->inp_flags & INP_IPV6)) 424 continue; 425 #endif 426 if (inp->inp_lport != uh->uh_dport) 427 continue; 428 #ifdef INET6 429 if (ip6) { 430 if (!IN6_IS_ADDR_UNSPECIFIED(&inp->inp_laddr6)) 431 if (!IN6_ARE_ADDR_EQUAL(&inp->inp_laddr6, 432 &ip6->ip6_dst)) 433 continue; 434 } else 435 #endif /* INET6 */ 436 if (inp->inp_laddr.s_addr != INADDR_ANY) { 437 if (inp->inp_laddr.s_addr != ip->ip_dst.s_addr) 438 continue; 439 } 440 #ifdef INET6 441 if (ip6) { 442 if (!IN6_IS_ADDR_UNSPECIFIED(&inp->inp_faddr6)) 443 if (!IN6_ARE_ADDR_EQUAL(&inp->inp_faddr6, 444 &ip6->ip6_src) || 445 inp->inp_fport != uh->uh_sport) 446 continue; 447 } else 448 #endif /* INET6 */ 449 if (inp->inp_faddr.s_addr != INADDR_ANY) { 450 if (inp->inp_faddr.s_addr != 451 ip->ip_src.s_addr || 452 inp->inp_fport != uh->uh_sport) 453 continue; 454 } 455 456 if (last != NULL) { 457 struct mbuf *n; 458 459 if ((n = m_copy(m, 0, M_COPYALL)) != NULL) { 460 #ifdef INET6 461 if (ip6 && (last->inp_flags & 462 IN6P_CONTROLOPTS)) 463 ip6_savecontrol(last, n, &opts); 464 #endif /* INET6 */ 465 if (ip && (last->inp_flags & 466 INP_CONTROLOPTS)) 467 ip_savecontrol(last, &opts, 468 ip, n); 469 470 m_adj(n, iphlen); 471 if (sbappendaddr( 472 &last->inp_socket->so_rcv, 473 &srcsa.sa, n, opts) == 0) { 474 m_freem(n); 475 if (opts) 476 m_freem(opts); 477 udpstat.udps_fullsock++; 478 } else 479 sorwakeup(last->inp_socket); 480 opts = NULL; 481 } 482 } 483 last = inp; 484 /* 485 * Don't look for additional matches if this one does 486 * not have either the SO_REUSEPORT or SO_REUSEADDR 487 * socket options set. This heuristic avoids searching 488 * through all pcbs in the common case of a non-shared 489 * port. It * assumes that an application will never 490 * clear these options after setting them. 491 */ 492 if ((last->inp_socket->so_options & (SO_REUSEPORT | 493 SO_REUSEADDR)) == 0) 494 break; 495 } 496 497 if (last == NULL) { 498 /* 499 * No matching pcb found; discard datagram. 500 * (No need to send an ICMP Port Unreachable 501 * for a broadcast or multicast datgram.) 502 */ 503 udpstat.udps_noportbcast++; 504 goto bad; 505 } 506 507 #ifdef INET6 508 if (ip6 && (last->inp_flags & IN6P_CONTROLOPTS)) 509 ip6_savecontrol(last, m, &opts); 510 #endif /* INET6 */ 511 if (ip && (last->inp_flags & INP_CONTROLOPTS)) 512 ip_savecontrol(last, &opts, ip, m); 513 514 m_adj(m, iphlen); 515 if (sbappendaddr(&last->inp_socket->so_rcv, 516 &srcsa.sa, m, opts) == 0) { 517 udpstat.udps_fullsock++; 518 goto bad; 519 } 520 sorwakeup(last->inp_socket); 521 return; 522 } 523 /* 524 * Locate pcb for datagram. 525 */ 526 #ifdef INET6 527 if (ip6) 528 inp = in6_pcbhashlookup(&udbtable, &ip6->ip6_src, uh->uh_sport, 529 &ip6->ip6_dst, uh->uh_dport); 530 else 531 #endif /* INET6 */ 532 inp = in_pcbhashlookup(&udbtable, ip->ip_src, uh->uh_sport, 533 ip->ip_dst, uh->uh_dport); 534 if (inp == 0) { 535 int inpl_reverse = 0; 536 #if NPF > 0 537 struct pf_mtag *t; 538 539 if ((t = pf_find_mtag(m)) != NULL && 540 t->flags & PF_TAG_TRANSLATE_LOCALHOST) 541 inpl_reverse = 1; 542 #endif 543 ++udpstat.udps_pcbhashmiss; 544 #ifdef INET6 545 if (ip6) { 546 inp = in6_pcblookup_listen(&udbtable, 547 &ip6->ip6_dst, uh->uh_dport, inpl_reverse); 548 } else 549 #endif /* INET6 */ 550 inp = in_pcblookup_listen(&udbtable, 551 ip->ip_dst, uh->uh_dport, inpl_reverse); 552 if (inp == 0) { 553 udpstat.udps_noport++; 554 if (m->m_flags & (M_BCAST | M_MCAST)) { 555 udpstat.udps_noportbcast++; 556 goto bad; 557 } 558 #ifdef INET6 559 if (ip6) { 560 uh->uh_sum = savesum; 561 icmp6_error(m, ICMP6_DST_UNREACH, 562 ICMP6_DST_UNREACH_NOPORT,0); 563 } else 564 #endif /* INET6 */ 565 { 566 *ip = save_ip; 567 uh->uh_sum = savesum; 568 icmp_error(m, ICMP_UNREACH, ICMP_UNREACH_PORT, 569 0, 0); 570 } 571 return; 572 } 573 } 574 575 #ifdef IPSEC 576 mtag = m_tag_find(m, PACKET_TAG_IPSEC_IN_DONE, NULL); 577 s = splnet(); 578 if (mtag != NULL) { 579 tdbi = (struct tdb_ident *)(mtag + 1); 580 tdb = gettdb(tdbi->spi, &tdbi->dst, tdbi->proto); 581 } else 582 tdb = NULL; 583 ipsp_spd_lookup(m, srcsa.sa.sa_family, iphlen, &error, 584 IPSP_DIRECTION_IN, tdb, inp); 585 if (error) { 586 splx(s); 587 goto bad; 588 } 589 590 /* Latch SA only if the socket is connected */ 591 if (inp->inp_tdb_in != tdb && 592 (inp->inp_socket->so_state & SS_ISCONNECTED)) { 593 if (tdb) { 594 tdb_add_inp(tdb, inp, 1); 595 if (inp->inp_ipo == NULL) { 596 inp->inp_ipo = ipsec_add_policy(inp, 597 srcsa.sa.sa_family, IPSP_DIRECTION_OUT); 598 if (inp->inp_ipo == NULL) { 599 splx(s); 600 goto bad; 601 } 602 } 603 if (inp->inp_ipo->ipo_dstid == NULL && 604 tdb->tdb_srcid != NULL) { 605 inp->inp_ipo->ipo_dstid = tdb->tdb_srcid; 606 tdb->tdb_srcid->ref_count++; 607 } 608 if (inp->inp_ipsec_remotecred == NULL && 609 tdb->tdb_remote_cred != NULL) { 610 inp->inp_ipsec_remotecred = 611 tdb->tdb_remote_cred; 612 tdb->tdb_remote_cred->ref_count++; 613 } 614 if (inp->inp_ipsec_remoteauth == NULL && 615 tdb->tdb_remote_auth != NULL) { 616 inp->inp_ipsec_remoteauth = 617 tdb->tdb_remote_auth; 618 tdb->tdb_remote_auth->ref_count++; 619 } 620 } else { /* Just reset */ 621 TAILQ_REMOVE(&inp->inp_tdb_in->tdb_inp_in, inp, 622 inp_tdb_in_next); 623 inp->inp_tdb_in = NULL; 624 } 625 } 626 splx(s); 627 #endif /*IPSEC */ 628 629 opts = NULL; 630 #ifdef INET6 631 if (ip6 && (inp->inp_flags & IN6P_CONTROLOPTS)) 632 ip6_savecontrol(inp, m, &opts); 633 #endif /* INET6 */ 634 if (ip && (inp->inp_flags & INP_CONTROLOPTS)) 635 ip_savecontrol(inp, &opts, ip, m); 636 637 iphlen += sizeof(struct udphdr); 638 m_adj(m, iphlen); 639 if (sbappendaddr(&inp->inp_socket->so_rcv, &srcsa.sa, m, opts) == 0) { 640 udpstat.udps_fullsock++; 641 goto bad; 642 } 643 sorwakeup(inp->inp_socket); 644 return; 645 bad: 646 m_freem(m); 647 if (opts) 648 m_freem(opts); 649 } 650 651 /* 652 * Notify a udp user of an asynchronous error; 653 * just wake up so that he can collect error status. 654 */ 655 static void 656 udp_notify(inp, errno) 657 struct inpcb *inp; 658 int errno; 659 { 660 inp->inp_socket->so_error = errno; 661 sorwakeup(inp->inp_socket); 662 sowwakeup(inp->inp_socket); 663 } 664 665 #ifdef INET6 666 void 667 udp6_ctlinput(cmd, sa, d) 668 int cmd; 669 struct sockaddr *sa; 670 void *d; 671 { 672 struct udphdr uh; 673 struct sockaddr_in6 sa6; 674 struct ip6_hdr *ip6; 675 struct mbuf *m; 676 int off; 677 void *cmdarg; 678 struct ip6ctlparam *ip6cp = NULL; 679 struct udp_portonly { 680 u_int16_t uh_sport; 681 u_int16_t uh_dport; 682 } *uhp; 683 void (*notify)(struct inpcb *, int) = udp_notify; 684 685 if (sa == NULL) 686 return; 687 if (sa->sa_family != AF_INET6 || 688 sa->sa_len != sizeof(struct sockaddr_in6)) 689 return; 690 691 if ((unsigned)cmd >= PRC_NCMDS) 692 return; 693 if (PRC_IS_REDIRECT(cmd)) 694 notify = in_rtchange, d = NULL; 695 else if (cmd == PRC_HOSTDEAD) 696 d = NULL; 697 else if (cmd == PRC_MSGSIZE) 698 ; /* special code is present, see below */ 699 else if (inet6ctlerrmap[cmd] == 0) 700 return; 701 702 /* if the parameter is from icmp6, decode it. */ 703 if (d != NULL) { 704 ip6cp = (struct ip6ctlparam *)d; 705 m = ip6cp->ip6c_m; 706 ip6 = ip6cp->ip6c_ip6; 707 off = ip6cp->ip6c_off; 708 cmdarg = ip6cp->ip6c_cmdarg; 709 } else { 710 m = NULL; 711 ip6 = NULL; 712 cmdarg = NULL; 713 /* XXX: translate addresses into internal form */ 714 sa6 = *(struct sockaddr_in6 *)sa; 715 #ifndef SCOPEDROUTING 716 if (in6_embedscope(&sa6.sin6_addr, &sa6, NULL, NULL)) { 717 /* should be impossible */ 718 return; 719 } 720 #endif 721 } 722 723 if (ip6cp && ip6cp->ip6c_finaldst) { 724 bzero(&sa6, sizeof(sa6)); 725 sa6.sin6_family = AF_INET6; 726 sa6.sin6_len = sizeof(sa6); 727 sa6.sin6_addr = *ip6cp->ip6c_finaldst; 728 /* XXX: assuming M is valid in this case */ 729 sa6.sin6_scope_id = in6_addr2scopeid(m->m_pkthdr.rcvif, 730 ip6cp->ip6c_finaldst); 731 #ifndef SCOPEDROUTING 732 if (in6_embedscope(ip6cp->ip6c_finaldst, &sa6, NULL, NULL)) { 733 /* should be impossible */ 734 return; 735 } 736 #endif 737 } else { 738 /* XXX: translate addresses into internal form */ 739 sa6 = *(struct sockaddr_in6 *)sa; 740 #ifndef SCOPEDROUTING 741 if (in6_embedscope(&sa6.sin6_addr, &sa6, NULL, NULL)) { 742 /* should be impossible */ 743 return; 744 } 745 #endif 746 } 747 748 if (ip6) { 749 /* 750 * XXX: We assume that when IPV6 is non NULL, 751 * M and OFF are valid. 752 */ 753 struct sockaddr_in6 sa6_src; 754 755 /* check if we can safely examine src and dst ports */ 756 if (m->m_pkthdr.len < off + sizeof(*uhp)) 757 return; 758 759 bzero(&uh, sizeof(uh)); 760 m_copydata(m, off, sizeof(*uhp), (caddr_t)&uh); 761 762 bzero(&sa6_src, sizeof(sa6_src)); 763 sa6_src.sin6_family = AF_INET6; 764 sa6_src.sin6_len = sizeof(sa6_src); 765 sa6_src.sin6_addr = ip6->ip6_src; 766 sa6_src.sin6_scope_id = in6_addr2scopeid(m->m_pkthdr.rcvif, 767 &ip6->ip6_src); 768 #ifndef SCOPEDROUTING 769 if (in6_embedscope(&sa6_src.sin6_addr, &sa6_src, NULL, NULL)) { 770 /* should be impossible */ 771 return; 772 } 773 #endif 774 775 if (cmd == PRC_MSGSIZE) { 776 int valid = 0; 777 778 /* 779 * Check to see if we have a valid UDP socket 780 * corresponding to the address in the ICMPv6 message 781 * payload. 782 */ 783 if (in6_pcbhashlookup(&udbtable, &sa6.sin6_addr, 784 uh.uh_dport, &sa6_src.sin6_addr, uh.uh_sport)) 785 valid = 1; 786 #if 0 787 /* 788 * As the use of sendto(2) is fairly popular, 789 * we may want to allow non-connected pcb too. 790 * But it could be too weak against attacks... 791 * We should at least check if the local address (= s) 792 * is really ours. 793 */ 794 else if (in6_pcblookup_listen(&udbtable, 795 &sa6_src.sin6_addr, uh.uh_sport, 0); 796 valid = 1; 797 #endif 798 799 /* 800 * Depending on the value of "valid" and routing table 801 * size (mtudisc_{hi,lo}wat), we will: 802 * - recalculate the new MTU and create the 803 * corresponding routing entry, or 804 * - ignore the MTU change notification. 805 */ 806 icmp6_mtudisc_update((struct ip6ctlparam *)d, valid); 807 808 /* 809 * regardless of if we called icmp6_mtudisc_update(), 810 * we need to call in6_pcbnotify(), to notify path 811 * MTU change to the userland (2292bis-02), because 812 * some unconnected sockets may share the same 813 * destination and want to know the path MTU. 814 */ 815 } 816 817 (void) in6_pcbnotify(&udbtable, (struct sockaddr *)&sa6, 818 uh.uh_dport, (struct sockaddr *)&sa6_src, 819 uh.uh_sport, cmd, cmdarg, notify); 820 } else { 821 (void) in6_pcbnotify(&udbtable, (struct sockaddr *)&sa6, 0, 822 (struct sockaddr *)&sa6_any, 0, cmd, cmdarg, notify); 823 } 824 } 825 #endif 826 827 void * 828 udp_ctlinput(cmd, sa, v) 829 int cmd; 830 struct sockaddr *sa; 831 void *v; 832 { 833 struct ip *ip = v; 834 struct udphdr *uhp; 835 struct in_addr faddr; 836 struct inpcb *inp; 837 extern int inetctlerrmap[]; 838 void (*notify)(struct inpcb *, int) = udp_notify; 839 int errno; 840 841 if (sa == NULL) 842 return NULL; 843 if (sa->sa_family != AF_INET || 844 sa->sa_len != sizeof(struct sockaddr_in)) 845 return NULL; 846 faddr = satosin(sa)->sin_addr; 847 if (faddr.s_addr == INADDR_ANY) 848 return NULL; 849 850 if ((unsigned)cmd >= PRC_NCMDS) 851 return NULL; 852 errno = inetctlerrmap[cmd]; 853 if (PRC_IS_REDIRECT(cmd)) 854 notify = in_rtchange, ip = 0; 855 else if (cmd == PRC_HOSTDEAD) 856 ip = 0; 857 else if (errno == 0) 858 return NULL; 859 if (ip) { 860 uhp = (struct udphdr *)((caddr_t)ip + (ip->ip_hl << 2)); 861 862 #ifdef IPSEC 863 /* PMTU discovery for udpencap */ 864 if (cmd == PRC_MSGSIZE && ip_mtudisc && udpencap_enable && 865 udpencap_port && uhp->uh_sport == htons(udpencap_port)) { 866 udpencap_ctlinput(cmd, sa, v); 867 return (NULL); 868 } 869 #endif 870 inp = in_pcbhashlookup(&udbtable, 871 ip->ip_dst, uhp->uh_dport, ip->ip_src, uhp->uh_sport); 872 if (inp && inp->inp_socket != NULL) 873 notify(inp, errno); 874 } else 875 in_pcbnotifyall(&udbtable, sa, errno, notify); 876 return (NULL); 877 } 878 879 int 880 udp_output(struct mbuf *m, ...) 881 { 882 struct inpcb *inp; 883 struct mbuf *addr, *control; 884 struct udpiphdr *ui; 885 int len = m->m_pkthdr.len; 886 struct in_addr laddr; 887 int s = 0, error = 0; 888 va_list ap; 889 890 va_start(ap, m); 891 inp = va_arg(ap, struct inpcb *); 892 addr = va_arg(ap, struct mbuf *); 893 control = va_arg(ap, struct mbuf *); 894 va_end(ap); 895 896 #ifdef DIAGNOSTIC 897 if ((inp->inp_flags & INP_IPV6) != 0) 898 panic("IPv6 inpcb to udp_output"); 899 #endif 900 901 /* 902 * Compute the packet length of the IP header, and 903 * punt if the length looks bogus. 904 */ 905 if ((len + sizeof(struct udpiphdr)) > IP_MAXPACKET) { 906 error = EMSGSIZE; 907 goto release; 908 } 909 910 if (addr) { 911 laddr = inp->inp_laddr; 912 if (inp->inp_faddr.s_addr != INADDR_ANY) { 913 error = EISCONN; 914 goto release; 915 } 916 /* 917 * Must block input while temporarily connected. 918 */ 919 s = splsoftnet(); 920 error = in_pcbconnect(inp, addr); 921 if (error) { 922 splx(s); 923 goto release; 924 } 925 } else { 926 if (inp->inp_faddr.s_addr == INADDR_ANY) { 927 error = ENOTCONN; 928 goto release; 929 } 930 } 931 /* 932 * Calculate data length and get a mbuf 933 * for UDP and IP headers. 934 */ 935 M_PREPEND(m, sizeof(struct udpiphdr), M_DONTWAIT); 936 if (m == 0) { 937 error = ENOBUFS; 938 goto bail; 939 } 940 941 /* 942 * Fill in mbuf with extended UDP header 943 * and addresses and length put into network format. 944 */ 945 ui = mtod(m, struct udpiphdr *); 946 bzero(ui->ui_x1, sizeof ui->ui_x1); 947 ui->ui_pr = IPPROTO_UDP; 948 ui->ui_len = htons((u_int16_t)len + sizeof (struct udphdr)); 949 ui->ui_src = inp->inp_laddr; 950 ui->ui_dst = inp->inp_faddr; 951 ui->ui_sport = inp->inp_lport; 952 ui->ui_dport = inp->inp_fport; 953 ui->ui_ulen = ui->ui_len; 954 955 /* 956 * Compute the pseudo-header checksum; defer further checksumming 957 * until ip_output() or hardware (if it exists). 958 */ 959 if (udpcksum) { 960 m->m_pkthdr.csum_flags |= M_UDPV4_CSUM_OUT; 961 ui->ui_sum = in_cksum_phdr(ui->ui_src.s_addr, 962 ui->ui_dst.s_addr, htons((u_int16_t)len + 963 sizeof (struct udphdr) + IPPROTO_UDP)); 964 } else 965 ui->ui_sum = 0; 966 ((struct ip *)ui)->ip_len = htons(sizeof (struct udpiphdr) + len); 967 ((struct ip *)ui)->ip_ttl = inp->inp_ip.ip_ttl; 968 ((struct ip *)ui)->ip_tos = inp->inp_ip.ip_tos; 969 970 udpstat.udps_opackets++; 971 error = ip_output(m, inp->inp_options, &inp->inp_route, 972 inp->inp_socket->so_options & 973 (SO_DONTROUTE | SO_BROADCAST | SO_JUMBO), 974 inp->inp_moptions, inp); 975 976 bail: 977 if (addr) { 978 inp->inp_laddr = laddr; 979 in_pcbdisconnect(inp); 980 splx(s); 981 } 982 if (control) 983 m_freem(control); 984 return (error); 985 986 release: 987 m_freem(m); 988 if (control) 989 m_freem(control); 990 return (error); 991 } 992 993 #ifdef INET6 994 /*ARGSUSED*/ 995 int 996 udp6_usrreq(so, req, m, addr, control, p) 997 struct socket *so; 998 int req; 999 struct mbuf *m, *addr, *control; 1000 struct proc *p; 1001 { 1002 1003 return udp_usrreq(so, req, m, addr, control); 1004 } 1005 #endif 1006 1007 /*ARGSUSED*/ 1008 int 1009 udp_usrreq(so, req, m, addr, control) 1010 struct socket *so; 1011 int req; 1012 struct mbuf *m, *addr, *control; 1013 { 1014 struct inpcb *inp = sotoinpcb(so); 1015 int error = 0; 1016 int s; 1017 1018 if (req == PRU_CONTROL) { 1019 #ifdef INET6 1020 if (inp->inp_flags & INP_IPV6) 1021 return (in6_control(so, (u_long)m, (caddr_t)addr, 1022 (struct ifnet *)control, 0)); 1023 else 1024 #endif /* INET6 */ 1025 return (in_control(so, (u_long)m, (caddr_t)addr, 1026 (struct ifnet *)control)); 1027 } 1028 if (inp == NULL && req != PRU_ATTACH) { 1029 error = EINVAL; 1030 goto release; 1031 } 1032 /* 1033 * Note: need to block udp_input while changing 1034 * the udp pcb queue and/or pcb addresses. 1035 */ 1036 switch (req) { 1037 1038 case PRU_ATTACH: 1039 if (inp != NULL) { 1040 error = EINVAL; 1041 break; 1042 } 1043 s = splsoftnet(); 1044 error = in_pcballoc(so, &udbtable); 1045 splx(s); 1046 if (error) 1047 break; 1048 error = soreserve(so, udp_sendspace, udp_recvspace); 1049 if (error) 1050 break; 1051 #ifdef INET6 1052 if (((struct inpcb *)so->so_pcb)->inp_flags & INP_IPV6) 1053 ((struct inpcb *) so->so_pcb)->inp_ipv6.ip6_hlim = 1054 ip6_defhlim; 1055 else 1056 #endif /* INET6 */ 1057 ((struct inpcb *) so->so_pcb)->inp_ip.ip_ttl = ip_defttl; 1058 break; 1059 1060 case PRU_DETACH: 1061 udp_detach(inp); 1062 break; 1063 1064 case PRU_BIND: 1065 s = splsoftnet(); 1066 #ifdef INET6 1067 if (inp->inp_flags & INP_IPV6) 1068 error = in6_pcbbind(inp, addr); 1069 else 1070 #endif 1071 error = in_pcbbind(inp, addr); 1072 splx(s); 1073 break; 1074 1075 case PRU_LISTEN: 1076 error = EOPNOTSUPP; 1077 break; 1078 1079 case PRU_CONNECT: 1080 #ifdef INET6 1081 if (inp->inp_flags & INP_IPV6) { 1082 if (!IN6_IS_ADDR_UNSPECIFIED(&inp->inp_faddr6)) { 1083 error = EISCONN; 1084 break; 1085 } 1086 s = splsoftnet(); 1087 error = in6_pcbconnect(inp, addr); 1088 splx(s); 1089 } else 1090 #endif /* INET6 */ 1091 { 1092 if (inp->inp_faddr.s_addr != INADDR_ANY) { 1093 error = EISCONN; 1094 break; 1095 } 1096 s = splsoftnet(); 1097 error = in_pcbconnect(inp, addr); 1098 splx(s); 1099 } 1100 1101 if (error == 0) 1102 soisconnected(so); 1103 break; 1104 1105 case PRU_CONNECT2: 1106 error = EOPNOTSUPP; 1107 break; 1108 1109 case PRU_ACCEPT: 1110 error = EOPNOTSUPP; 1111 break; 1112 1113 case PRU_DISCONNECT: 1114 #ifdef INET6 1115 if (inp->inp_flags & INP_IPV6) { 1116 if (IN6_IS_ADDR_UNSPECIFIED(&inp->inp_faddr6)) { 1117 error = ENOTCONN; 1118 break; 1119 } 1120 } else 1121 #endif /* INET6 */ 1122 { 1123 if (inp->inp_faddr.s_addr == INADDR_ANY) { 1124 error = ENOTCONN; 1125 break; 1126 } 1127 } 1128 1129 s = splsoftnet(); 1130 #ifdef INET6 1131 if (inp->inp_flags & INP_IPV6) 1132 inp->inp_laddr6 = in6addr_any; 1133 else 1134 #endif /* INET6 */ 1135 inp->inp_laddr.s_addr = INADDR_ANY; 1136 in_pcbdisconnect(inp); 1137 1138 splx(s); 1139 so->so_state &= ~SS_ISCONNECTED; /* XXX */ 1140 break; 1141 1142 case PRU_SHUTDOWN: 1143 socantsendmore(so); 1144 break; 1145 1146 case PRU_SEND: 1147 #ifdef INET6 1148 if (inp->inp_flags & INP_IPV6) 1149 return (udp6_output(inp, m, addr, control)); 1150 else 1151 return (udp_output(m, inp, addr, control)); 1152 #else 1153 return (udp_output(m, inp, addr, control)); 1154 #endif 1155 1156 case PRU_ABORT: 1157 soisdisconnected(so); 1158 udp_detach(inp); 1159 break; 1160 1161 case PRU_SOCKADDR: 1162 #ifdef INET6 1163 if (inp->inp_flags & INP_IPV6) 1164 in6_setsockaddr(inp, addr); 1165 else 1166 #endif /* INET6 */ 1167 in_setsockaddr(inp, addr); 1168 break; 1169 1170 case PRU_PEERADDR: 1171 #ifdef INET6 1172 if (inp->inp_flags & INP_IPV6) 1173 in6_setpeeraddr(inp, addr); 1174 else 1175 #endif /* INET6 */ 1176 in_setpeeraddr(inp, addr); 1177 break; 1178 1179 case PRU_SENSE: 1180 /* 1181 * stat: don't bother with a blocksize. 1182 */ 1183 /* 1184 * Perhaps Path MTU might be returned for a connected 1185 * UDP socket in this case. 1186 */ 1187 return (0); 1188 1189 case PRU_SENDOOB: 1190 case PRU_FASTTIMO: 1191 case PRU_SLOWTIMO: 1192 case PRU_PROTORCV: 1193 case PRU_PROTOSEND: 1194 error = EOPNOTSUPP; 1195 break; 1196 1197 case PRU_RCVD: 1198 case PRU_RCVOOB: 1199 return (EOPNOTSUPP); /* do not free mbuf's */ 1200 1201 default: 1202 panic("udp_usrreq"); 1203 } 1204 1205 release: 1206 if (control) { 1207 m_freem(control); 1208 } 1209 if (m) 1210 m_freem(m); 1211 return (error); 1212 } 1213 1214 static void 1215 udp_detach(inp) 1216 struct inpcb *inp; 1217 { 1218 int s = splsoftnet(); 1219 1220 in_pcbdetach(inp); 1221 splx(s); 1222 } 1223 1224 /* 1225 * Sysctl for udp variables. 1226 */ 1227 int 1228 udp_sysctl(name, namelen, oldp, oldlenp, newp, newlen) 1229 int *name; 1230 u_int namelen; 1231 void *oldp; 1232 size_t *oldlenp; 1233 void *newp; 1234 size_t newlen; 1235 { 1236 /* All sysctl names at this level are terminal. */ 1237 if (namelen != 1) 1238 return (ENOTDIR); 1239 1240 switch (name[0]) { 1241 case UDPCTL_BADDYNAMIC: 1242 return (sysctl_struct(oldp, oldlenp, newp, newlen, 1243 baddynamicports.udp, sizeof(baddynamicports.udp))); 1244 default: 1245 if (name[0] < UDPCTL_MAXID) 1246 return (sysctl_int_arr(udpctl_vars, name, namelen, 1247 oldp, oldlenp, newp, newlen)); 1248 return (ENOPROTOOPT); 1249 } 1250 /* NOTREACHED */ 1251 } 1252