1 /* $OpenBSD: in6_pcb.c,v 1.34 2003/06/02 23:28:15 millert Exp $ */ 2 3 /* 4 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. 5 * All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 2. Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in the 14 * documentation and/or other materials provided with the distribution. 15 * 3. Neither the name of the project nor the names of its contributors 16 * may be used to endorse or promote products derived from this software 17 * without specific prior written permission. 18 * 19 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND 20 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 21 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 22 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 23 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 24 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 25 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 26 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 27 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 28 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 29 * SUCH DAMAGE. 30 */ 31 32 /* 33 * @(#)COPYRIGHT 1.1 (NRL) 17 January 1995 34 * 35 * NRL grants permission for redistribution and use in source and binary 36 * forms, with or without modification, of the software and documentation 37 * created at NRL provided that the following conditions are met: 38 * 39 * 1. Redistributions of source code must retain the above copyright 40 * notice, this list of conditions and the following disclaimer. 41 * 2. Redistributions in binary form must reproduce the above copyright 42 * notice, this list of conditions and the following disclaimer in the 43 * documentation and/or other materials provided with the distribution. 44 * 3. All advertising materials mentioning features or use of this software 45 * must display the following acknowledgements: 46 * This product includes software developed by the University of 47 * California, Berkeley and its contributors. 48 * This product includes software developed at the Information 49 * Technology Division, US Naval Research Laboratory. 50 * 4. Neither the name of the NRL nor the names of its contributors 51 * may be used to endorse or promote products derived from this software 52 * without specific prior written permission. 53 * 54 * THE SOFTWARE PROVIDED BY NRL IS PROVIDED BY NRL AND CONTRIBUTORS ``AS 55 * IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 56 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A 57 * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL NRL OR 58 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, 59 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, 60 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR 61 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF 62 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 63 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 64 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 65 * 66 * The views and conclusions contained in the software and documentation 67 * are those of the authors and should not be interpreted as representing 68 * official policies, either expressed or implied, of the US Naval 69 * Research Laboratory (NRL). 70 */ 71 72 /* 73 * Copyright (c) 1982, 1986, 1990, 1993, 1995 74 * Regents of the University of California. All rights reserved. 75 * 76 * Redistribution and use in source and binary forms, with or without 77 * modification, are permitted provided that the following conditions 78 * are met: 79 * 1. Redistributions of source code must retain the above copyright 80 * notice, this list of conditions and the following disclaimer. 81 * 2. Redistributions in binary form must reproduce the above copyright 82 * notice, this list of conditions and the following disclaimer in the 83 * documentation and/or other materials provided with the distribution. 84 * 3. Neither the name of the University nor the names of its contributors 85 * may be used to endorse or promote products derived from this software 86 * without specific prior written permission. 87 * 88 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 89 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 90 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 91 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 92 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 93 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 94 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 95 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 96 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 97 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 98 * SUCH DAMAGE. 99 * 100 */ 101 102 #include <sys/param.h> 103 #include <sys/systm.h> 104 #include <sys/malloc.h> 105 #include <sys/mbuf.h> 106 #include <sys/domain.h> 107 #include <sys/protosw.h> 108 #include <sys/socket.h> 109 #include <sys/socketvar.h> 110 #include <sys/errno.h> 111 #include <sys/time.h> 112 #include <sys/proc.h> 113 114 #include <net/if.h> 115 #include <net/route.h> 116 117 #include <netinet/in.h> 118 #include <netinet/in_systm.h> 119 #include <netinet/ip.h> 120 #include <netinet/in_pcb.h> 121 122 #include <netinet6/in6_var.h> 123 #include <netinet/ip6.h> 124 #include <netinet6/ip6_var.h> 125 126 /* 127 * External globals 128 */ 129 130 #include <dev/rndvar.h> 131 132 extern struct in6_ifaddr *in6_ifaddr; 133 extern struct in_ifaddr *in_ifaddr; 134 135 /* 136 * Globals 137 */ 138 139 struct in6_addr zeroin6_addr; 140 141 extern int ipport_firstauto; 142 extern int ipport_lastauto; 143 extern int ipport_hifirstauto; 144 extern int ipport_hilastauto; 145 146 /* 147 * Keep separate inet6ctlerrmap, because I may remap some of these. 148 * I also put it here, because, quite frankly, it belongs here, not in 149 * ip{v6,}_input(). 150 */ 151 #if 0 152 u_char inet6ctlerrmap[PRC_NCMDS] = { 153 0, 0, 0, 0, 154 0, EMSGSIZE, EHOSTDOWN, EHOSTUNREACH, 155 EHOSTUNREACH, EHOSTUNREACH, ECONNREFUSED, ECONNREFUSED, 156 EMSGSIZE, EHOSTUNREACH, 0, 0, 157 0, 0, 0, 0, 158 ENOPROTOOPT 159 }; 160 #endif 161 162 /* 163 * Bind an address (or at least a port) to an PF_INET6 socket. 164 */ 165 int 166 in6_pcbbind(inp, nam) 167 struct inpcb *inp; 168 struct mbuf *nam; 169 { 170 struct socket *so = inp->inp_socket; 171 172 struct inpcbtable *head = inp->inp_table; 173 struct sockaddr_in6 *sin6; 174 struct proc *p = curproc; /* XXX */ 175 u_short lport = 0; 176 int wild = INPLOOKUP_IPV6, reuseport = (so->so_options & SO_REUSEPORT); 177 int error; 178 179 /* 180 * REMINDER: Once up to speed, flow label processing should go here, 181 * too. (Same with in6_pcbconnect.) 182 */ 183 if (in6_ifaddr == 0 || in_ifaddr == 0) 184 return EADDRNOTAVAIL; 185 186 if (inp->inp_lport != 0 || !IN6_IS_ADDR_UNSPECIFIED(&inp->inp_laddr6)) 187 return EINVAL; /* If already bound, EINVAL! */ 188 189 if ((so->so_options & (SO_REUSEADDR | SO_REUSEPORT)) == 0 && 190 ((so->so_proto->pr_flags & PR_CONNREQUIRED) == 0 || 191 (so->so_options & SO_ACCEPTCONN) == 0)) 192 wild |= INPLOOKUP_WILDCARD; 193 194 /* 195 * If I did get a sockaddr passed in... 196 */ 197 if (nam) { 198 sin6 = mtod(nam, struct sockaddr_in6 *); 199 if (nam->m_len != sizeof (*sin6)) 200 return EINVAL; 201 202 /* 203 * Unlike v4, I have no qualms about EAFNOSUPPORT if the 204 * wretched family is not filled in! 205 */ 206 if (sin6->sin6_family != AF_INET6) 207 return EAFNOSUPPORT; 208 209 /* KAME hack: embed scopeid */ 210 if (in6_embedscope(&sin6->sin6_addr, sin6, inp, NULL) != 0) 211 return EINVAL; 212 /* this must be cleared for ifa_ifwithaddr() */ 213 sin6->sin6_scope_id = 0; 214 215 lport = sin6->sin6_port; 216 217 /* reject IPv4 mapped address, we have no support for it */ 218 if (IN6_IS_ADDR_V4MAPPED(&sin6->sin6_addr)) 219 return EADDRNOTAVAIL; 220 221 if (IN6_IS_ADDR_MULTICAST(&sin6->sin6_addr)) { 222 /* 223 * Treat SO_REUSEADDR as SO_REUSEPORT for multicast; 224 * allow complete duplication of binding if 225 * SO_REUSEPORT is set, or if SO_REUSEADDR is set 226 * and a multicast address is bound on both 227 * new and duplicated sockets. 228 */ 229 if (so->so_options & SO_REUSEADDR) 230 reuseport = SO_REUSEADDR | SO_REUSEPORT; 231 } else if (!IN6_IS_ADDR_UNSPECIFIED(&sin6->sin6_addr)) { 232 struct ifaddr *ia = NULL; 233 234 sin6->sin6_port = 0; /* 235 * Yechhhh, because of upcoming 236 * call to ifa_ifwithaddr(), which 237 * does bcmp's over the PORTS as 238 * well. (What about flow?) 239 */ 240 sin6->sin6_flowinfo = 0; 241 if ((ia = ifa_ifwithaddr((struct sockaddr *)sin6)) 242 == NULL) 243 return EADDRNOTAVAIL; 244 245 /* 246 * bind to an anycast address might accidentally 247 * cause sending a packet with an anycast source 248 * address, so we forbid it. 249 * 250 * We should allow to bind to a deprecated address, 251 * since the application dare to use it. 252 * But, can we assume that they are careful enough 253 * to check if the address is deprecated or not? 254 * Maybe, as a safeguard, we should have a setsockopt 255 * flag to control the bind(2) behavior against 256 * deprecated addresses (default: forbid bind(2)). 257 */ 258 if (ia && 259 ((struct in6_ifaddr *)ia)->ia6_flags & 260 (IN6_IFF_ANYCAST|IN6_IFF_NOTREADY|IN6_IFF_DETACHED)) 261 return (EADDRNOTAVAIL); 262 } 263 if (lport) { 264 struct inpcb *t; 265 266 /* 267 * Question: Do we wish to continue the Berkeley 268 * tradition of ports < IPPORT_RESERVED be only for 269 * root? 270 * Answer: For now yes, but IMHO, it should be REMOVED! 271 * OUCH: One other thing, is there no better way of 272 * finding a process for a socket instead of using 273 * curproc? (Marked with BSD's {in,}famous XXX ? 274 */ 275 if (ntohs(lport) < IPPORT_RESERVED && 276 (error = suser(p->p_ucred, &p->p_acflag))) 277 return error; 278 279 t = in_pcblookup(head, 280 (struct in_addr *)&zeroin6_addr, 0, 281 (struct in_addr *)&sin6->sin6_addr, lport, 282 wild); 283 284 if (t && (reuseport & t->inp_socket->so_options) == 0) 285 return EADDRINUSE; 286 } 287 inp->inp_laddr6 = sin6->sin6_addr; 288 289 if (!IN6_IS_ADDR_V4MAPPED(&sin6->sin6_addr)) { 290 inp->inp_ipv6.ip6_flow = htonl(0x60000000) | 291 (sin6->sin6_flowinfo & htonl(0x0fffffff)); 292 } 293 } 294 295 if (lport == 0) { 296 error = in6_pcbsetport(&inp->inp_laddr6, inp, p); 297 if (error != 0) 298 return error; 299 } else 300 inp->inp_lport = lport; 301 302 in_pcbrehash(inp); 303 304 return 0; 305 } 306 307 int 308 in6_pcbsetport(laddr, inp, p) 309 struct in6_addr *laddr; 310 struct inpcb *inp; 311 struct proc *p; 312 { 313 struct socket *so = inp->inp_socket; 314 struct inpcbtable *table = inp->inp_table; 315 u_int16_t first, last, old = 0; 316 u_int16_t *lastport = &inp->inp_table->inpt_lastport; 317 u_int16_t lport = 0; 318 int count; 319 int loopcount = 0; 320 int wild = INPLOOKUP_IPV6; 321 int error; 322 323 /* XXX we no longer support IPv4 mapped address, so no tweaks here */ 324 325 if ((so->so_options & (SO_REUSEADDR|SO_REUSEPORT)) == 0 && 326 ((so->so_proto->pr_flags & PR_CONNREQUIRED) == 0 || 327 (so->so_options & SO_ACCEPTCONN) == 0)) 328 wild |= INPLOOKUP_WILDCARD; 329 330 if (inp->inp_flags & INP_HIGHPORT) { 331 first = ipport_hifirstauto; /* sysctl */ 332 last = ipport_hilastauto; 333 } else if (inp->inp_flags & INP_LOWPORT) { 334 if ((error = suser(p->p_ucred, &p->p_acflag))) 335 return (EACCES); 336 first = IPPORT_RESERVED-1; /* 1023 */ 337 last = 600; /* not IPPORT_RESERVED/2 */ 338 } else { 339 first = ipport_firstauto; /* sysctl */ 340 last = ipport_lastauto; 341 } 342 343 /* 344 * Simple check to ensure all ports are not used up causing 345 * a deadlock here. 346 * 347 * We split the two cases (up and down) so that the direction 348 * is not being tested on each round of the loop. 349 */ 350 351 portloop: 352 if (first > last) { 353 /* 354 * counting down 355 */ 356 if (loopcount == 0) { /* only do this once. */ 357 old = first; 358 first -= (arc4random() % (first - last)); 359 } 360 count = first - last; 361 *lastport = first; /* restart each time */ 362 363 do { 364 if (count-- <= 0) { /* completely used? */ 365 if (loopcount == 0) { 366 last = old; 367 loopcount++; 368 goto portloop; 369 } 370 return (EADDRNOTAVAIL); 371 } 372 --*lastport; 373 if (*lastport > first || *lastport < last) 374 *lastport = first; 375 lport = htons(*lastport); 376 } while (in_baddynamic(*lastport, so->so_proto->pr_protocol) || 377 in_pcblookup(table, &zeroin6_addr, 0, 378 &inp->inp_laddr6, lport, wild)); 379 } else { 380 /* 381 * counting up 382 */ 383 if (loopcount == 0) { /* only do this once. */ 384 old = first; 385 first += (arc4random() % (last - first)); 386 } 387 count = last - first; 388 *lastport = first; /* restart each time */ 389 390 do { 391 if (count-- <= 0) { /* completely used? */ 392 if (loopcount == 0) { 393 first = old; 394 loopcount++; 395 goto portloop; 396 } 397 return (EADDRNOTAVAIL); 398 } 399 ++*lastport; 400 if (*lastport < first || *lastport > last) 401 *lastport = first; 402 lport = htons(*lastport); 403 } while (in_baddynamic(*lastport, so->so_proto->pr_protocol) || 404 in_pcblookup(table, &zeroin6_addr, 0, 405 &inp->inp_laddr6, lport, wild)); 406 } 407 408 inp->inp_lport = lport; 409 in_pcbrehash(inp); 410 411 return 0; 412 } 413 414 /* 415 * Connect from a socket to a specified address. 416 * Both address and port must be specified in argument sin6. 417 * Eventually, flow labels will have to be dealt with here, as well. 418 * 419 * If don't have a local address for this socket yet, 420 * then pick one. 421 * 422 * I believe this has to be called at splnet(). 423 */ 424 int 425 in6_pcbconnect(inp, nam) 426 struct inpcb *inp; 427 struct mbuf *nam; 428 { 429 struct in6_addr *in6a = NULL; 430 struct sockaddr_in6 *sin6 = mtod(nam, struct sockaddr_in6 *); 431 struct ifnet *ifp = NULL; /* outgoing interface */ 432 int error = 0; 433 struct in6_addr mapped; 434 struct sockaddr_in6 tmp; 435 436 (void)&in6a; /* XXX fool gcc */ 437 438 if (nam->m_len != sizeof(*sin6)) 439 return (EINVAL); 440 if (sin6->sin6_family != AF_INET6) 441 return (EAFNOSUPPORT); 442 if (sin6->sin6_port == 0) 443 return (EADDRNOTAVAIL); 444 445 /* reject IPv4 mapped address, we have no support for it */ 446 if (IN6_IS_ADDR_V4MAPPED(&sin6->sin6_addr)) 447 return EADDRNOTAVAIL; 448 449 /* sanity check for mapped address case */ 450 if (IN6_IS_ADDR_V4MAPPED(&sin6->sin6_addr)) { 451 if (IN6_IS_ADDR_UNSPECIFIED(&inp->inp_laddr6)) 452 inp->inp_laddr6.s6_addr16[5] = htons(0xffff); 453 if (!IN6_IS_ADDR_V4MAPPED(&inp->inp_laddr6)) 454 return EINVAL; 455 } else { 456 if (IN6_IS_ADDR_V4MAPPED(&inp->inp_laddr6)) 457 return EINVAL; 458 } 459 460 /* protect *sin6 from overwrites */ 461 tmp = *sin6; 462 sin6 = &tmp; 463 464 /* KAME hack: embed scopeid */ 465 if (in6_embedscope(&sin6->sin6_addr, sin6, inp, &ifp) != 0) 466 return EINVAL; 467 /* this must be cleared for ifa_ifwithaddr() */ 468 sin6->sin6_scope_id = 0; 469 470 /* Source address selection. */ 471 if (IN6_IS_ADDR_V4MAPPED(&inp->inp_laddr6) && 472 inp->inp_laddr6.s6_addr32[3] == 0) { 473 struct sockaddr_in sin, *sinp; 474 475 bzero(&sin, sizeof(sin)); 476 sin.sin_len = sizeof(sin); 477 sin.sin_family = AF_INET; 478 bcopy(&sin6->sin6_addr.s6_addr32[3], &sin.sin_addr, 479 sizeof(sin.sin_addr)); 480 sinp = in_selectsrc(&sin, (struct route *)&inp->inp_route6, 481 inp->inp_socket->so_options, NULL, &error); 482 if (sinp == 0) { 483 if (error == 0) 484 error = EADDRNOTAVAIL; 485 return (error); 486 } 487 bzero(&mapped, sizeof(mapped)); 488 mapped.s6_addr16[5] = htons(0xffff); 489 bcopy(&sinp->sin_addr, &mapped.s6_addr32[3], sizeof(sinp->sin_addr)); 490 in6a = &mapped; 491 } else { 492 /* 493 * XXX: in6_selectsrc might replace the bound local address 494 * with the address specified by setsockopt(IPV6_PKTINFO). 495 * Is it the intended behavior? 496 */ 497 in6a = in6_selectsrc(sin6, inp->inp_outputopts6, 498 inp->inp_moptions6, &inp->inp_route6, &inp->inp_laddr6, 499 &error); 500 if (in6a == 0) { 501 if (error == 0) 502 error = EADDRNOTAVAIL; 503 return (error); 504 } 505 } 506 if (inp->inp_route6.ro_rt) 507 ifp = inp->inp_route6.ro_rt->rt_ifp; 508 509 inp->inp_ipv6.ip6_hlim = (u_int8_t)in6_selecthlim(inp, ifp); 510 511 if (in_pcblookup(inp->inp_table, &sin6->sin6_addr, sin6->sin6_port, 512 IN6_IS_ADDR_UNSPECIFIED(&inp->inp_laddr6) ? in6a : &inp->inp_laddr6, 513 inp->inp_lport, INPLOOKUP_IPV6)) { 514 return (EADDRINUSE); 515 } 516 if (IN6_IS_ADDR_UNSPECIFIED(&inp->inp_laddr6) || 517 (IN6_IS_ADDR_V4MAPPED(&inp->inp_laddr6) && 518 inp->inp_laddr6.s6_addr32[3] == 0)) { 519 if (inp->inp_lport == 0) 520 (void)in6_pcbbind(inp, (struct mbuf *)0); 521 inp->inp_laddr6 = *in6a; 522 } 523 inp->inp_faddr6 = sin6->sin6_addr; 524 inp->inp_fport = sin6->sin6_port; 525 /* 526 * xxx kazu flowlabel is necessary for connect? 527 * but if this line is missing, the garbage value remains. 528 */ 529 inp->inp_ipv6.ip6_flow = sin6->sin6_flowinfo; 530 in_pcbrehash(inp); 531 return (0); 532 } 533 534 /* 535 * Pass some notification to all connections of a protocol 536 * associated with address dst. The local address and/or port numbers 537 * may be specified to limit the search. The "usual action" will be 538 * taken, depending on the ctlinput cmd. The caller must filter any 539 * cmds that are uninteresting (e.g., no error in the map). 540 * Call the protocol specific routine (if any) to report 541 * any errors for each matching socket. 542 * 543 * Also perform input-side security policy check 544 * once PCB to be notified has been located. 545 * 546 * Must be called at splnet. 547 */ 548 int 549 in6_pcbnotify(head, dst, fport_arg, src, lport_arg, cmd, cmdarg, notify) 550 struct inpcbtable *head; 551 struct sockaddr *dst, *src; 552 uint fport_arg; 553 uint lport_arg; 554 int cmd; 555 void *cmdarg; 556 void (*notify)(struct inpcb *, int); 557 { 558 struct inpcb *inp, *ninp; 559 u_short fport = fport_arg, lport = lport_arg; 560 struct sockaddr_in6 sa6_src, *sa6_dst; 561 int errno, nmatch = 0; 562 u_int32_t flowinfo; 563 564 if ((unsigned)cmd > PRC_NCMDS || dst->sa_family != AF_INET6) 565 return 1; 566 567 sa6_dst = (struct sockaddr_in6 *)dst; 568 if (IN6_IS_ADDR_UNSPECIFIED(&sa6_dst->sin6_addr)) 569 return 1; 570 if (IN6_IS_ADDR_V4MAPPED(&sa6_dst->sin6_addr)) 571 printf("Huh? Thought in6_pcbnotify() never got " 572 "called with mapped!\n"); 573 574 /* 575 * note that src can be NULL when we get notify by local fragmentation. 576 */ 577 sa6_src = (src == NULL) ? sa6_any : *(struct sockaddr_in6 *)src; 578 flowinfo = sa6_src.sin6_flowinfo; 579 580 /* 581 * Redirects go to all references to the destination, 582 * and use in_rtchange to invalidate the route cache. 583 * Dead host indications: also use in_rtchange to invalidate 584 * the cache, and deliver the error to all the sockets. 585 * Otherwise, if we have knowledge of the local port and address, 586 * deliver only to that socket. 587 */ 588 if (PRC_IS_REDIRECT(cmd) || cmd == PRC_HOSTDEAD) { 589 fport = 0; 590 lport = 0; 591 sa6_src.sin6_addr = in6addr_any; 592 593 if (cmd != PRC_HOSTDEAD) 594 notify = in_rtchange; 595 } 596 errno = inet6ctlerrmap[cmd]; 597 598 for (inp = head->inpt_queue.cqh_first; 599 inp != (struct inpcb *)&head->inpt_queue; inp = ninp) { 600 ninp = inp->inp_queue.cqe_next; 601 602 if ((inp->inp_flags & INP_IPV6) == 0) 603 continue; 604 605 /* 606 * Under the following condition, notify of redirects 607 * to the pcb, without making address matches against inpcb. 608 * - redirect notification is arrived. 609 * - the inpcb is unconnected. 610 * - the inpcb is caching !RTF_HOST routing entry. 611 * - the ICMPv6 notification is from the gateway cached in the 612 * inpcb. i.e. ICMPv6 notification is from nexthop gateway 613 * the inpcb used very recently. 614 * 615 * This is to improve interaction between netbsd/openbsd 616 * redirect handling code, and inpcb route cache code. 617 * without the clause, !RTF_HOST routing entry (which carries 618 * gateway used by inpcb right before the ICMPv6 redirect) 619 * will be cached forever in unconnected inpcb. 620 * 621 * There still is a question regarding to what is TRT: 622 * - On bsdi/freebsd, RTF_HOST (cloned) routing entry will be 623 * generated on packet output. inpcb will always cache 624 * RTF_HOST routing entry so there's no need for the clause 625 * (ICMPv6 redirect will update RTF_HOST routing entry, 626 * and inpcb is caching it already). 627 * However, bsdi/freebsd are vulnerable to local DoS attacks 628 * due to the cloned routing entries. 629 * - Specwise, "destination cache" is mentioned in RFC2461. 630 * Jinmei says that it implies bsdi/freebsd behavior, itojun 631 * is not really convinced. 632 * - Having hiwat/lowat on # of cloned host route (redirect/ 633 * pmtud) may be a good idea. netbsd/openbsd has it. see 634 * icmp6_mtudisc_update(). 635 */ 636 if ((PRC_IS_REDIRECT(cmd) || cmd == PRC_HOSTDEAD) && 637 IN6_IS_ADDR_UNSPECIFIED(&inp->inp_laddr6) && 638 inp->inp_route.ro_rt && 639 !(inp->inp_route.ro_rt->rt_flags & RTF_HOST)) { 640 struct sockaddr_in6 *dst6; 641 642 dst6 = (struct sockaddr_in6 *)&inp->inp_route.ro_dst; 643 if (IN6_ARE_ADDR_EQUAL(&dst6->sin6_addr, 644 &sa6_dst->sin6_addr)) 645 goto do_notify; 646 } 647 648 /* 649 * Detect if we should notify the error. If no source and 650 * destination ports are specified, but non-zero flowinfo and 651 * local address match, notify the error. This is the case 652 * when the error is delivered with an encrypted buffer 653 * by ESP. Otherwise, just compare addresses and ports 654 * as usual. 655 */ 656 if (lport == 0 && fport == 0 && flowinfo && 657 inp->inp_socket != NULL && 658 flowinfo == (inp->inp_flowinfo & IPV6_FLOWLABEL_MASK) && 659 IN6_ARE_ADDR_EQUAL(&inp->inp_laddr6, &sa6_src.sin6_addr)) 660 goto do_notify; 661 else if (!IN6_ARE_ADDR_EQUAL(&inp->inp_faddr6, 662 &sa6_dst->sin6_addr) || 663 inp->inp_socket == 0 || 664 (lport && inp->inp_lport != lport) || 665 (!IN6_IS_ADDR_UNSPECIFIED(&sa6_src.sin6_addr) && 666 !IN6_ARE_ADDR_EQUAL(&inp->inp_laddr6, 667 &sa6_src.sin6_addr)) || 668 (fport && inp->inp_fport != fport)) { 669 continue; 670 } 671 do_notify: 672 nmatch++; 673 if (notify) 674 (*notify)(inp, errno); 675 } 676 return 0; 677 } 678 679 /* 680 * Get the local address/port, and put it in a sockaddr_in6. 681 * This services the getsockname(2) call. 682 */ 683 int 684 in6_setsockaddr(inp, nam) 685 struct inpcb *inp; 686 struct mbuf *nam; 687 { 688 struct sockaddr_in6 *sin6; 689 690 nam->m_len = sizeof(struct sockaddr_in6); 691 sin6 = mtod(nam,struct sockaddr_in6 *); 692 693 bzero ((caddr_t)sin6,sizeof(struct sockaddr_in6)); 694 sin6->sin6_family = AF_INET6; 695 sin6->sin6_len = sizeof(struct sockaddr_in6); 696 sin6->sin6_port = inp->inp_lport; 697 sin6->sin6_addr = inp->inp_laddr6; 698 /* KAME hack: recover scopeid */ 699 (void)in6_recoverscope(sin6, &inp->inp_laddr6, NULL); 700 701 return 0; 702 } 703 704 /* 705 * Get the foreign address/port, and put it in a sockaddr_in6. 706 * This services the getpeername(2) call. 707 */ 708 int 709 in6_setpeeraddr(inp, nam) 710 struct inpcb *inp; 711 struct mbuf *nam; 712 { 713 struct sockaddr_in6 *sin6; 714 715 nam->m_len = sizeof(struct sockaddr_in6); 716 sin6 = mtod(nam,struct sockaddr_in6 *); 717 718 bzero ((caddr_t)sin6,sizeof(struct sockaddr_in6)); 719 sin6->sin6_family = AF_INET6; 720 sin6->sin6_len = sizeof(struct sockaddr_in6); 721 sin6->sin6_port = inp->inp_fport; 722 sin6->sin6_addr = inp->inp_faddr6; 723 /* KAME hack: recover scopeid */ 724 (void)in6_recoverscope(sin6, &inp->inp_faddr6, NULL); 725 726 return 0; 727 } 728