1 /* $OpenBSD: in6_pcb.c,v 1.108 2018/10/04 17:33:41 bluhm Exp $ */ 2 3 /* 4 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. 5 * All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 2. Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in the 14 * documentation and/or other materials provided with the distribution. 15 * 3. Neither the name of the project nor the names of its contributors 16 * may be used to endorse or promote products derived from this software 17 * without specific prior written permission. 18 * 19 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND 20 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 21 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 22 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 23 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 24 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 25 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 26 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 27 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 28 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 29 * SUCH DAMAGE. 30 */ 31 32 /* 33 * @(#)COPYRIGHT 1.1 (NRL) 17 January 1995 34 * 35 * NRL grants permission for redistribution and use in source and binary 36 * forms, with or without modification, of the software and documentation 37 * created at NRL provided that the following conditions are met: 38 * 39 * 1. Redistributions of source code must retain the above copyright 40 * notice, this list of conditions and the following disclaimer. 41 * 2. Redistributions in binary form must reproduce the above copyright 42 * notice, this list of conditions and the following disclaimer in the 43 * documentation and/or other materials provided with the distribution. 44 * 3. All advertising materials mentioning features or use of this software 45 * must display the following acknowledgements: 46 * This product includes software developed by the University of 47 * California, Berkeley and its contributors. 48 * This product includes software developed at the Information 49 * Technology Division, US Naval Research Laboratory. 50 * 4. Neither the name of the NRL nor the names of its contributors 51 * may be used to endorse or promote products derived from this software 52 * without specific prior written permission. 53 * 54 * THE SOFTWARE PROVIDED BY NRL IS PROVIDED BY NRL AND CONTRIBUTORS ``AS 55 * IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 56 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A 57 * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL NRL OR 58 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, 59 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, 60 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR 61 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF 62 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 63 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 64 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 65 * 66 * The views and conclusions contained in the software and documentation 67 * are those of the authors and should not be interpreted as representing 68 * official policies, either expressed or implied, of the US Naval 69 * Research Laboratory (NRL). 70 */ 71 72 /* 73 * Copyright (c) 1982, 1986, 1990, 1993, 1995 74 * Regents of the University of California. All rights reserved. 75 * 76 * Redistribution and use in source and binary forms, with or without 77 * modification, are permitted provided that the following conditions 78 * are met: 79 * 1. Redistributions of source code must retain the above copyright 80 * notice, this list of conditions and the following disclaimer. 81 * 2. Redistributions in binary form must reproduce the above copyright 82 * notice, this list of conditions and the following disclaimer in the 83 * documentation and/or other materials provided with the distribution. 84 * 3. Neither the name of the University nor the names of its contributors 85 * may be used to endorse or promote products derived from this software 86 * without specific prior written permission. 87 * 88 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 89 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 90 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 91 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 92 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 93 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 94 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 95 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 96 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 97 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 98 * SUCH DAMAGE. 99 * 100 */ 101 102 #include "pf.h" 103 104 #include <sys/param.h> 105 #include <sys/systm.h> 106 #include <sys/mbuf.h> 107 #include <sys/protosw.h> 108 #include <sys/socket.h> 109 #include <sys/socketvar.h> 110 111 #include <net/if.h> 112 #include <net/if_var.h> 113 #include <net/pfvar.h> 114 115 #include <netinet/in.h> 116 #include <netinet/ip.h> 117 #include <netinet/ip_var.h> 118 #include <netinet/in_pcb.h> 119 120 #include <netinet6/in6_var.h> 121 122 const struct in6_addr zeroin6_addr; 123 124 struct inpcbhead * 125 in6_pcbhash(struct inpcbtable *table, int rdom, 126 const struct in6_addr *faddr, u_short fport, 127 const struct in6_addr *laddr, u_short lport) 128 { 129 SIPHASH_CTX ctx; 130 u_int32_t nrdom = htonl(rdom); 131 132 SipHash24_Init(&ctx, &table->inpt_key); 133 SipHash24_Update(&ctx, &nrdom, sizeof(nrdom)); 134 SipHash24_Update(&ctx, faddr, sizeof(*faddr)); 135 SipHash24_Update(&ctx, &fport, sizeof(fport)); 136 SipHash24_Update(&ctx, laddr, sizeof(*laddr)); 137 SipHash24_Update(&ctx, &lport, sizeof(lport)); 138 139 return (&table->inpt_hashtbl[SipHash24_End(&ctx) & table->inpt_mask]); 140 } 141 142 int 143 in6_pcbaddrisavail(struct inpcb *inp, struct sockaddr_in6 *sin6, int wild, 144 struct proc *p) 145 { 146 struct socket *so = inp->inp_socket; 147 struct inpcbtable *table = inp->inp_table; 148 u_short lport = sin6->sin6_port; 149 int reuseport = (so->so_options & SO_REUSEPORT); 150 151 wild |= INPLOOKUP_IPV6; 152 /* KAME hack: embed scopeid */ 153 if (in6_embedscope(&sin6->sin6_addr, sin6, inp) != 0) 154 return (EINVAL); 155 /* this must be cleared for ifa_ifwithaddr() */ 156 sin6->sin6_scope_id = 0; 157 /* reject IPv4 mapped address, we have no support for it */ 158 if (IN6_IS_ADDR_V4MAPPED(&sin6->sin6_addr)) 159 return (EADDRNOTAVAIL); 160 161 if (IN6_IS_ADDR_MULTICAST(&sin6->sin6_addr)) { 162 /* 163 * Treat SO_REUSEADDR as SO_REUSEPORT for multicast; 164 * allow complete duplication of binding if 165 * SO_REUSEPORT is set, or if SO_REUSEADDR is set 166 * and a multicast address is bound on both 167 * new and duplicated sockets. 168 */ 169 if (so->so_options & (SO_REUSEADDR|SO_REUSEPORT)) 170 reuseport = SO_REUSEADDR | SO_REUSEPORT; 171 } else if (!IN6_IS_ADDR_UNSPECIFIED(&sin6->sin6_addr)) { 172 struct ifaddr *ifa = NULL; 173 174 sin6->sin6_port = 0; /* 175 * Yechhhh, because of upcoming 176 * call to ifa_ifwithaddr(), which 177 * does bcmp's over the PORTS as 178 * well. (What about flow?) 179 */ 180 sin6->sin6_flowinfo = 0; 181 if (!(so->so_options & SO_BINDANY) && 182 (ifa = ifa_ifwithaddr(sin6tosa(sin6), 183 inp->inp_rtableid)) == NULL) 184 return (EADDRNOTAVAIL); 185 sin6->sin6_port = lport; 186 187 /* 188 * bind to an anycast address might accidentally 189 * cause sending a packet with an anycast source 190 * address, so we forbid it. 191 * 192 * We should allow to bind to a deprecated address, 193 * since the application dare to use it. 194 * But, can we assume that they are careful enough 195 * to check if the address is deprecated or not? 196 * Maybe, as a safeguard, we should have a setsockopt 197 * flag to control the bind(2) behavior against 198 * deprecated addresses (default: forbid bind(2)). 199 */ 200 if (ifa && ifatoia6(ifa)->ia6_flags & (IN6_IFF_ANYCAST| 201 IN6_IFF_TENTATIVE|IN6_IFF_DUPLICATED|IN6_IFF_DETACHED)) 202 return (EADDRNOTAVAIL); 203 } 204 if (lport) { 205 struct inpcb *t; 206 207 if (so->so_euid) { 208 t = in_pcblookup_local(table, 209 (struct in_addr *)&sin6->sin6_addr, lport, 210 INPLOOKUP_WILDCARD | INPLOOKUP_IPV6, 211 inp->inp_rtableid); 212 if (t && (so->so_euid != t->inp_socket->so_euid)) 213 return (EADDRINUSE); 214 } 215 t = in_pcblookup_local(table, 216 (struct in_addr *)&sin6->sin6_addr, lport, 217 wild, inp->inp_rtableid); 218 if (t && (reuseport & t->inp_socket->so_options) == 0) 219 return (EADDRINUSE); 220 } 221 return (0); 222 } 223 224 /* 225 * Connect from a socket to a specified address. 226 * Both address and port must be specified in argument sin6. 227 * Eventually, flow labels will have to be dealt with here, as well. 228 * 229 * If don't have a local address for this socket yet, 230 * then pick one. 231 */ 232 int 233 in6_pcbconnect(struct inpcb *inp, struct mbuf *nam) 234 { 235 struct in6_addr *in6a = NULL; 236 struct sockaddr_in6 *sin6; 237 int error; 238 struct sockaddr_in6 tmp; 239 240 KASSERT(inp->inp_flags & INP_IPV6); 241 242 if ((error = in6_nam2sin6(nam, &sin6))) 243 return (error); 244 if (sin6->sin6_port == 0) 245 return (EADDRNOTAVAIL); 246 /* reject IPv4 mapped address, we have no support for it */ 247 if (IN6_IS_ADDR_V4MAPPED(&sin6->sin6_addr)) 248 return (EADDRNOTAVAIL); 249 250 /* protect *sin6 from overwrites */ 251 tmp = *sin6; 252 sin6 = &tmp; 253 254 /* KAME hack: embed scopeid */ 255 if (in6_embedscope(&sin6->sin6_addr, sin6, inp) != 0) 256 return EINVAL; 257 /* this must be cleared for ifa_ifwithaddr() */ 258 sin6->sin6_scope_id = 0; 259 260 /* Source address selection. */ 261 /* 262 * XXX: in6_selectsrc might replace the bound local address 263 * with the address specified by setsockopt(IPV6_PKTINFO). 264 * Is it the intended behavior? 265 */ 266 error = in6_pcbselsrc(&in6a, sin6, inp, inp->inp_outputopts6); 267 if (error) 268 return (error); 269 270 inp->inp_ipv6.ip6_hlim = (u_int8_t)in6_selecthlim(inp); 271 272 if (in6_pcbhashlookup(inp->inp_table, &sin6->sin6_addr, sin6->sin6_port, 273 IN6_IS_ADDR_UNSPECIFIED(&inp->inp_laddr6) ? in6a : &inp->inp_laddr6, 274 inp->inp_lport, inp->inp_rtableid) != NULL) { 275 return (EADDRINUSE); 276 } 277 278 KASSERT(IN6_IS_ADDR_UNSPECIFIED(&inp->inp_laddr6) || inp->inp_lport); 279 280 if (IN6_IS_ADDR_UNSPECIFIED(&inp->inp_laddr6)) { 281 if (inp->inp_lport == 0) { 282 error = in_pcbbind(inp, NULL, curproc); 283 if (error) 284 return (error); 285 if (in6_pcbhashlookup(inp->inp_table, &sin6->sin6_addr, 286 sin6->sin6_port, in6a, inp->inp_lport, 287 inp->inp_rtableid) != NULL) { 288 inp->inp_lport = 0; 289 return (EADDRINUSE); 290 } 291 } 292 inp->inp_laddr6 = *in6a; 293 } 294 inp->inp_faddr6 = sin6->sin6_addr; 295 inp->inp_fport = sin6->sin6_port; 296 inp->inp_flowinfo &= ~IPV6_FLOWLABEL_MASK; 297 if (ip6_auto_flowlabel) 298 inp->inp_flowinfo |= 299 (htonl(ip6_randomflowlabel()) & IPV6_FLOWLABEL_MASK); 300 in_pcbrehash(inp); 301 return (0); 302 } 303 304 /* 305 * Get the local address/port, and put it in a sockaddr_in6. 306 * This services the getsockname(2) call. 307 */ 308 int 309 in6_setsockaddr(struct inpcb *inp, struct mbuf *nam) 310 { 311 struct sockaddr_in6 *sin6; 312 313 nam->m_len = sizeof(struct sockaddr_in6); 314 sin6 = mtod(nam,struct sockaddr_in6 *); 315 316 bzero ((caddr_t)sin6,sizeof(struct sockaddr_in6)); 317 sin6->sin6_family = AF_INET6; 318 sin6->sin6_len = sizeof(struct sockaddr_in6); 319 sin6->sin6_port = inp->inp_lport; 320 sin6->sin6_addr = inp->inp_laddr6; 321 /* KAME hack: recover scopeid */ 322 in6_recoverscope(sin6, &inp->inp_laddr6); 323 324 return 0; 325 } 326 327 /* 328 * Get the foreign address/port, and put it in a sockaddr_in6. 329 * This services the getpeername(2) call. 330 */ 331 int 332 in6_setpeeraddr(struct inpcb *inp, struct mbuf *nam) 333 { 334 struct sockaddr_in6 *sin6; 335 336 nam->m_len = sizeof(struct sockaddr_in6); 337 sin6 = mtod(nam,struct sockaddr_in6 *); 338 339 bzero ((caddr_t)sin6,sizeof(struct sockaddr_in6)); 340 sin6->sin6_family = AF_INET6; 341 sin6->sin6_len = sizeof(struct sockaddr_in6); 342 sin6->sin6_port = inp->inp_fport; 343 sin6->sin6_addr = inp->inp_faddr6; 344 /* KAME hack: recover scopeid */ 345 in6_recoverscope(sin6, &inp->inp_faddr6); 346 347 return 0; 348 } 349 350 /* 351 * Pass some notification to all connections of a protocol 352 * associated with address dst. The local address and/or port numbers 353 * may be specified to limit the search. The "usual action" will be 354 * taken, depending on the ctlinput cmd. The caller must filter any 355 * cmds that are uninteresting (e.g., no error in the map). 356 * Call the protocol specific routine (if any) to report 357 * any errors for each matching socket. 358 * 359 * Also perform input-side security policy check 360 * once PCB to be notified has been located. 361 */ 362 int 363 in6_pcbnotify(struct inpcbtable *table, struct sockaddr_in6 *dst, 364 uint fport_arg, const struct sockaddr_in6 *src, uint lport_arg, 365 u_int rtable, int cmd, void *cmdarg, void (*notify)(struct inpcb *, int)) 366 { 367 struct inpcb *inp, *ninp; 368 u_short fport = fport_arg, lport = lport_arg; 369 struct sockaddr_in6 sa6_src; 370 int errno, nmatch = 0; 371 u_int32_t flowinfo; 372 u_int rdomain; 373 374 NET_ASSERT_LOCKED(); 375 376 if ((unsigned)cmd >= PRC_NCMDS) 377 return (0); 378 379 if (IN6_IS_ADDR_UNSPECIFIED(&dst->sin6_addr)) 380 return (0); 381 if (IN6_IS_ADDR_V4MAPPED(&dst->sin6_addr)) { 382 #ifdef DIAGNOSTIC 383 printf("Huh? Thought in6_pcbnotify() never got " 384 "called with mapped!\n"); 385 #endif 386 return (0); 387 } 388 389 /* 390 * note that src can be NULL when we get notify by local fragmentation. 391 */ 392 sa6_src = (src == NULL) ? sa6_any : *src; 393 flowinfo = sa6_src.sin6_flowinfo; 394 395 /* 396 * Redirects go to all references to the destination, 397 * and use in_rtchange to invalidate the route cache. 398 * Dead host indications: also use in_rtchange to invalidate 399 * the cache, and deliver the error to all the sockets. 400 * Otherwise, if we have knowledge of the local port and address, 401 * deliver only to that socket. 402 */ 403 if (PRC_IS_REDIRECT(cmd) || cmd == PRC_HOSTDEAD) { 404 fport = 0; 405 lport = 0; 406 sa6_src.sin6_addr = in6addr_any; 407 408 if (cmd != PRC_HOSTDEAD) 409 notify = in_rtchange; 410 } 411 errno = inet6ctlerrmap[cmd]; 412 413 rdomain = rtable_l2(rtable); 414 TAILQ_FOREACH_SAFE(inp, &table->inpt_queue, inp_queue, ninp) { 415 if ((inp->inp_flags & INP_IPV6) == 0) 416 continue; 417 418 /* 419 * Under the following condition, notify of redirects 420 * to the pcb, without making address matches against inpcb. 421 * - redirect notification is arrived. 422 * - the inpcb is unconnected. 423 * - the inpcb is caching !RTF_HOST routing entry. 424 * - the ICMPv6 notification is from the gateway cached in the 425 * inpcb. i.e. ICMPv6 notification is from nexthop gateway 426 * the inpcb used very recently. 427 * 428 * This is to improve interaction between netbsd/openbsd 429 * redirect handling code, and inpcb route cache code. 430 * without the clause, !RTF_HOST routing entry (which carries 431 * gateway used by inpcb right before the ICMPv6 redirect) 432 * will be cached forever in unconnected inpcb. 433 * 434 * There still is a question regarding to what is TRT: 435 * - On bsdi/freebsd, RTF_HOST (cloned) routing entry will be 436 * generated on packet output. inpcb will always cache 437 * RTF_HOST routing entry so there's no need for the clause 438 * (ICMPv6 redirect will update RTF_HOST routing entry, 439 * and inpcb is caching it already). 440 * However, bsdi/freebsd are vulnerable to local DoS attacks 441 * due to the cloned routing entries. 442 * - Specwise, "destination cache" is mentioned in RFC2461. 443 * Jinmei says that it implies bsdi/freebsd behavior, itojun 444 * is not really convinced. 445 * - Having hiwat/lowat on # of cloned host route (redirect/ 446 * pmtud) may be a good idea. netbsd/openbsd has it. see 447 * icmp6_mtudisc_update(). 448 */ 449 if ((PRC_IS_REDIRECT(cmd) || cmd == PRC_HOSTDEAD) && 450 IN6_IS_ADDR_UNSPECIFIED(&inp->inp_laddr6) && 451 inp->inp_route.ro_rt && 452 !(inp->inp_route.ro_rt->rt_flags & RTF_HOST)) { 453 struct sockaddr_in6 *dst6; 454 455 dst6 = satosin6(&inp->inp_route.ro_dst); 456 if (IN6_ARE_ADDR_EQUAL(&dst6->sin6_addr, 457 &dst->sin6_addr)) 458 goto do_notify; 459 } 460 461 /* 462 * Detect if we should notify the error. If no source and 463 * destination ports are specified, but non-zero flowinfo and 464 * local address match, notify the error. This is the case 465 * when the error is delivered with an encrypted buffer 466 * by ESP. Otherwise, just compare addresses and ports 467 * as usual. 468 */ 469 if (lport == 0 && fport == 0 && flowinfo && 470 inp->inp_socket != NULL && 471 flowinfo == (inp->inp_flowinfo & IPV6_FLOWLABEL_MASK) && 472 IN6_ARE_ADDR_EQUAL(&inp->inp_laddr6, &sa6_src.sin6_addr)) 473 goto do_notify; 474 else if (!IN6_ARE_ADDR_EQUAL(&inp->inp_faddr6, 475 &dst->sin6_addr) || 476 rtable_l2(inp->inp_rtableid) != rdomain || 477 inp->inp_socket == NULL || 478 (lport && inp->inp_lport != lport) || 479 (!IN6_IS_ADDR_UNSPECIFIED(&sa6_src.sin6_addr) && 480 !IN6_ARE_ADDR_EQUAL(&inp->inp_laddr6, 481 &sa6_src.sin6_addr)) || 482 (fport && inp->inp_fport != fport)) { 483 continue; 484 } 485 do_notify: 486 nmatch++; 487 if (notify) 488 (*notify)(inp, errno); 489 } 490 return (nmatch); 491 } 492 493 struct inpcb * 494 in6_pcbhashlookup(struct inpcbtable *table, const struct in6_addr *faddr, 495 u_int fport_arg, const struct in6_addr *laddr, u_int lport_arg, 496 u_int rtable) 497 { 498 struct inpcbhead *head; 499 struct inpcb *inp; 500 u_int16_t fport = fport_arg, lport = lport_arg; 501 u_int rdomain; 502 503 rdomain = rtable_l2(rtable); 504 head = in6_pcbhash(table, rdomain, faddr, fport, laddr, lport); 505 LIST_FOREACH(inp, head, inp_hash) { 506 if (!(inp->inp_flags & INP_IPV6)) 507 continue; 508 if (IN6_ARE_ADDR_EQUAL(&inp->inp_faddr6, faddr) && 509 inp->inp_fport == fport && inp->inp_lport == lport && 510 IN6_ARE_ADDR_EQUAL(&inp->inp_laddr6, laddr) && 511 rtable_l2(inp->inp_rtableid) == rdomain) { 512 /* 513 * Move this PCB to the head of hash chain so that 514 * repeated accesses are quicker. This is analogous to 515 * the historic single-entry PCB cache. 516 */ 517 if (inp != LIST_FIRST(head)) { 518 LIST_REMOVE(inp, inp_hash); 519 LIST_INSERT_HEAD(head, inp, inp_hash); 520 } 521 break; 522 } 523 } 524 #ifdef DIAGNOSTIC 525 if (inp == NULL && in_pcbnotifymiss) { 526 printf("%s: faddr= fport=%d laddr= lport=%d rdom=%u\n", 527 __func__, ntohs(fport), ntohs(lport), rdomain); 528 } 529 #endif 530 return (inp); 531 } 532 533 struct inpcb * 534 in6_pcblookup_listen(struct inpcbtable *table, struct in6_addr *laddr, 535 u_int lport_arg, struct mbuf *m, u_int rtable) 536 { 537 struct inpcbhead *head; 538 const struct in6_addr *key1, *key2; 539 struct inpcb *inp; 540 u_int16_t lport = lport_arg; 541 u_int rdomain; 542 543 key1 = laddr; 544 key2 = &zeroin6_addr; 545 #if NPF > 0 546 if (m && m->m_pkthdr.pf.flags & PF_TAG_DIVERTED) { 547 struct pf_divert *divert; 548 549 divert = pf_find_divert(m); 550 KASSERT(divert != NULL); 551 switch (divert->type) { 552 case PF_DIVERT_TO: 553 key1 = key2 = &divert->addr.v6; 554 lport = divert->port; 555 break; 556 case PF_DIVERT_REPLY: 557 return (NULL); 558 default: 559 panic("%s: unknown divert type %d, mbuf %p, divert %p", 560 __func__, divert->type, m, divert); 561 } 562 } else if (m && m->m_pkthdr.pf.flags & PF_TAG_TRANSLATE_LOCALHOST) { 563 /* 564 * Redirected connections should not be treated the same 565 * as connections directed to ::1 since localhost 566 * can only be accessed from the host itself. 567 */ 568 key1 = &zeroin6_addr; 569 key2 = laddr; 570 } 571 #endif 572 573 rdomain = rtable_l2(rtable); 574 head = in6_pcbhash(table, rdomain, &zeroin6_addr, 0, key1, lport); 575 LIST_FOREACH(inp, head, inp_hash) { 576 if (!(inp->inp_flags & INP_IPV6)) 577 continue; 578 if (inp->inp_lport == lport && inp->inp_fport == 0 && 579 IN6_ARE_ADDR_EQUAL(&inp->inp_laddr6, key1) && 580 IN6_IS_ADDR_UNSPECIFIED(&inp->inp_faddr6) && 581 rtable_l2(inp->inp_rtableid) == rdomain) 582 break; 583 } 584 if (inp == NULL && ! IN6_ARE_ADDR_EQUAL(key1, key2)) { 585 head = in6_pcbhash(table, rdomain, 586 &zeroin6_addr, 0, key2, lport); 587 LIST_FOREACH(inp, head, inp_hash) { 588 if (!(inp->inp_flags & INP_IPV6)) 589 continue; 590 if (inp->inp_lport == lport && inp->inp_fport == 0 && 591 IN6_ARE_ADDR_EQUAL(&inp->inp_laddr6, key2) && 592 IN6_IS_ADDR_UNSPECIFIED(&inp->inp_faddr6) && 593 rtable_l2(inp->inp_rtableid) == rdomain) 594 break; 595 } 596 } 597 /* 598 * Move this PCB to the head of hash chain so that 599 * repeated accesses are quicker. This is analogous to 600 * the historic single-entry PCB cache. 601 */ 602 if (inp != NULL && inp != LIST_FIRST(head)) { 603 LIST_REMOVE(inp, inp_hash); 604 LIST_INSERT_HEAD(head, inp, inp_hash); 605 } 606 #ifdef DIAGNOSTIC 607 if (inp == NULL && in_pcbnotifymiss) { 608 printf("%s: laddr= lport=%d rdom=%u\n", 609 __func__, ntohs(lport), rdomain); 610 } 611 #endif 612 return (inp); 613 } 614