udp6_usrreq.c revision 183807
11541Srgrimes/*- 214500Shsu * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. 31541Srgrimes * All rights reserved. 41541Srgrimes * 51541Srgrimes * Redistribution and use in source and binary forms, with or without 61541Srgrimes * modification, are permitted provided that the following conditions 71541Srgrimes * are met: 81541Srgrimes * 1. Redistributions of source code must retain the above copyright 91541Srgrimes * notice, this list of conditions and the following disclaimer. 101541Srgrimes * 2. Redistributions in binary form must reproduce the above copyright 111541Srgrimes * notice, this list of conditions and the following disclaimer in the 121541Srgrimes * documentation and/or other materials provided with the distribution. 131541Srgrimes * 3. Neither the name of the project nor the names of its contributors 141541Srgrimes * may be used to endorse or promote products derived from this software 151541Srgrimes * without specific prior written permission. 161541Srgrimes * 171541Srgrimes * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND 181541Srgrimes * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 191541Srgrimes * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 201541Srgrimes * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 211541Srgrimes * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 221541Srgrimes * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 231541Srgrimes * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 241541Srgrimes * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 251541Srgrimes * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 261541Srgrimes * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 271541Srgrimes * SUCH DAMAGE. 281541Srgrimes * 291541Srgrimes * $KAME: udp6_usrreq.c,v 1.27 2001/05/21 05:45:10 jinmei Exp $ 301541Srgrimes * $KAME: udp6_output.c,v 1.31 2001/05/21 16:39:15 jinmei Exp $ 311541Srgrimes */ 321541Srgrimes 331541Srgrimes/*- 3414500Shsu * Copyright (c) 1982, 1986, 1988, 1990, 1993, 1995 3550477Speter * The Regents of the University of California. 361541Srgrimes * All rights reserved. 371541Srgrimes * 381541Srgrimes * Redistribution and use in source and binary forms, with or without 391541Srgrimes * modification, are permitted provided that the following conditions 401541Srgrimes * are met: 4133778Sbde * 1. Redistributions of source code must retain the above copyright 4233778Sbde * notice, this list of conditions and the following disclaimer. 431541Srgrimes * 2. Redistributions in binary form must reproduce the above copyright 4490868Smike * notice, this list of conditions and the following disclaimer in the 4593514Smike * documentation and/or other materials provided with the distribution. 461541Srgrimes * 4. Neither the name of the University nor the names of its contributors 47104341Smike * may be used to endorse or promote products derived from this software 481541Srgrimes * without specific prior written permission. 491541Srgrimes * 501541Srgrimes * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 511541Srgrimes * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 52128448Sobrien * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 531541Srgrimes * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 541541Srgrimes * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 551541Srgrimes * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 56128448Sobrien * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 571541Srgrimes * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 5893514Smike * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 5993514Smike * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 6093514Smike * SUCH DAMAGE. 6193514Smike * 6293514Smike * @(#)udp_usrreq.c 8.6 (Berkeley) 5/23/95 6393514Smike */ 6493514Smike 6593514Smike#include <sys/cdefs.h> 6693514Smike__FBSDID("$FreeBSD: head/sys/netinet6/udp6_usrreq.c 183807 2008-10-12 20:01:32Z rwatson $"); 6793514Smike 6893514Smike#include "opt_inet.h" 6993514Smike#include "opt_inet6.h" 7093514Smike#include "opt_ipsec.h" 7193514Smike#include "opt_mac.h" 7293514Smike 7393514Smike#include <sys/param.h> 7493514Smike#include <sys/kernel.h> 7593514Smike#include <sys/lock.h> 7693514Smike#include <sys/mbuf.h> 7793514Smike#include <sys/priv.h> 7893514Smike#include <sys/proc.h> 7993514Smike#include <sys/protosw.h> 8093514Smike#include <sys/signalvar.h> 8193514Smike#include <sys/socket.h> 8293514Smike#include <sys/socketvar.h> 8393514Smike#include <sys/sx.h> 8493514Smike#include <sys/sysctl.h> 8593514Smike#include <sys/syslog.h> 8693514Smike#include <sys/systm.h> 8793514Smike#include <sys/vimage.h> 8893514Smike 8993514Smike#include <net/if.h> 9093514Smike#include <net/if_types.h> 9193514Smike#include <net/route.h> 9293514Smike 9393514Smike#include <netinet/in.h> 9493514Smike#include <netinet/in_pcb.h> 9593514Smike#include <netinet/in_systm.h> 9693514Smike#include <netinet/in_var.h> 9793514Smike#include <netinet/ip.h> 9893514Smike#include <netinet/ip_icmp.h> 9993514Smike#include <netinet/ip6.h> 10093514Smike#include <netinet/icmp_var.h> 10193514Smike#include <netinet/icmp6.h> 10293514Smike#include <netinet/ip_var.h> 10393514Smike#include <netinet/udp.h> 10493514Smike#include <netinet/udp_var.h> 10593514Smike#include <netinet6/ip6protosw.h> 10693514Smike#include <netinet6/ip6_var.h> 107104341Smike#include <netinet6/in6_pcb.h> 10841927Sdt#include <netinet6/udp6_var.h> 10941927Sdt#include <netinet6/scope6_var.h> 11041927Sdt 11141927Sdt#ifdef IPSEC 112104341Smike#include <netipsec/ipsec.h> 113104341Smike#include <netipsec/ipsec6.h> 1141541Srgrimes#endif /* IPSEC */ 1151541Srgrimes 1161541Srgrimes#include <security/mac/mac_framework.h> 11751901Smarcel 11851901Smarcel/* 119110051Smike * UDP protocol implementation. 120110051Smike * Per RFC 768, August, 1980. 121110051Smike */ 122110051Smike 123110051Smikeextern struct protosw inetsw[]; 124110051Smikestatic void udp6_detach(struct socket *so); 125110051Smike 126110051Smikestatic void 127110051Smikeudp6_append(struct inpcb *inp, struct mbuf *n, int off, 128110051Smike struct sockaddr_in6 *fromsa) 129110051Smike{ 130102227Smike INIT_VNET_INET(inp->inp_vnet); 131104341Smike struct socket *so; 132110051Smike struct mbuf *opts; 133112745Smike 134112745Smike INP_LOCK_ASSERT(inp); 135112745Smike 136112745Smike#ifdef IPSEC 137112745Smike /* Check AH/ESP integrity. */ 138110051Smike if (ipsec6_in_reject(n, inp)) { 139110051Smike INIT_VNET_IPSEC(inp->inp_vnet); 140110051Smike m_freem(n); 141110051Smike V_ipsec6stat.in_polvio++; 142110051Smike return; 143130434Sdas } 14491325Smike#endif /* IPSEC */ 145110051Smike#ifdef MAC 146110051Smike if (mac_inpcb_check_deliver(inp, n) != 0) { 147110051Smike m_freem(n); 148110051Smike return; 149110051Smike } 150110051Smike#endif 151102227Smike opts = NULL; 152102227Smike if (inp->in6p_flags & IN6P_CONTROLOPTS || 153102227Smike inp->inp_socket->so_options & SO_TIMESTAMP) 15491325Smike ip6_savecontrol(inp, n, &opts); 15591325Smike m_adj(n, off + sizeof(struct udphdr)); 156105683Stjr 157105683Stjr so = inp->inp_socket; 158105683Stjr SOCKBUF_LOCK(&so->so_rcv); 159105683Stjr if (sbappendaddr_locked(&so->so_rcv, (struct sockaddr *)fromsa, n, 160105683Stjr opts) == 0) { 161105683Stjr SOCKBUF_UNLOCK(&so->so_rcv); 162105683Stjr m_freem(n); 163105683Stjr if (opts) 164105683Stjr m_freem(opts); 165105683Stjr V_udpstat.udps_fullsock++; 166105650Smike } else 167105650Smike sorwakeup_locked(so); 168105650Smike} 169105650Smike 170105650Smikeint 171111705Smikeudp6_input(struct mbuf **mp, int *offp, int proto) 172111705Smike{ 173111705Smike INIT_VNET_INET(curvnet); 174111705Smike INIT_VNET_INET6(curvnet); 175102325Smike struct mbuf *m = *mp; 176105142Smike struct ip6_hdr *ip6; 177105142Smike struct udphdr *uh; 178105142Smike struct inpcb *inp; 179105142Smike int off = *offp; 180105142Smike int plen, ulen; 181102325Smike struct sockaddr_in6 fromsa; 182102325Smike 183102325Smike ip6 = mtod(m, struct ip6_hdr *); 184102325Smike 185102325Smike if (faithprefix_p != NULL && (*faithprefix_p)(&ip6->ip6_dst)) { 186111705Smike /* XXX send icmp6 host/port unreach? */ 187111705Smike m_freem(m); 188111705Smike return (IPPROTO_DONE); 189111705Smike } 190102325Smike 191102325Smike#ifndef PULLDOWN_TEST 192102227Smike IP6_EXTHDR_CHECK(m, off, sizeof(struct udphdr), IPPROTO_DONE); 193102325Smike ip6 = mtod(m, struct ip6_hdr *); 194102325Smike uh = (struct udphdr *)((caddr_t)ip6 + off); 195102325Smike#else 196103457Smike IP6_EXTHDR_GET(uh, struct udphdr *, m, off, sizeof(*uh)); 197102227Smike if (!uh) 198103457Smike return (IPPROTO_DONE); 199103457Smike#endif 200103457Smike 201102227Smike V_udpstat.udps_ipackets++; 202105650Smike 203105650Smike /* 204105650Smike * Destination port of 0 is illegal, based on RFC768. 205105650Smike */ 206105650Smike if (uh->uh_dport == 0) 207105650Smike goto badunlocked; 208102227Smike 209108190Smike plen = ntohs(ip6->ip6_plen) - off + sizeof(*ip6); 210110051Smike ulen = ntohs((u_short)uh->uh_ulen); 211110051Smike 212110051Smike if (plen != ulen) { 213110051Smike V_udpstat.udps_badlen++; 214110051Smike goto badunlocked; 215110051Smike } 216110051Smike 217110051Smike /* 218110051Smike * Checksum extended UDP header and data. 219110051Smike */ 220108190Smike if (uh->uh_sum == 0) { 221108190Smike V_udpstat.udps_nosum++; 222108190Smike goto badunlocked; 223108190Smike } 224108190Smike if (in6_cksum(m, IPPROTO_UDP, off, ulen) != 0) { 225110051Smike V_udpstat.udps_badsum++; 226110051Smike goto badunlocked; 227110051Smike } 228110051Smike 229110051Smike /* 230110051Smike * Construct sockaddr format source address. 231110051Smike */ 232110051Smike init_sin6(&fromsa, m); 233110051Smike fromsa.sin6_port = uh->uh_sport; 234110051Smike 235102227Smike INP_INFO_RLOCK(&V_udbinfo); 236112745Smike if (IN6_IS_ADDR_MULTICAST(&ip6->ip6_dst)) { 23794363Smike struct inpcb *last; 238102227Smike 239102227Smike /* 240102227Smike * In the event that laddr should be set to the link-local 24136735Sdfr * address (this happens in RIPng), the multicast address 24294363Smike * specified in the received packet will not match laddr. To 243108190Smike * handle this situation, matching is relaxed if the 244108190Smike * receiving interface is the same as one specified in the 245108190Smike * socket and if the destination multicast address matches 246108190Smike * one of the multicast groups specified in the socket. 247108190Smike */ 248102227Smike 249102227Smike /* 250112569Sjake * KAME note: traditionally we dropped udpiphdr from mbuf 251102227Smike * here. We need udphdr for IPsec processing so we do that 252102227Smike * later. 2531541Srgrimes */ 25455205Speter last = NULL; 25515481Sbde LIST_FOREACH(inp, &V_udb, inp_list) { 256127239Smarcel if ((inp->inp_vflag & INP_IPV6) == 0) 257102227Smike continue; 258102421Smike if (inp->in6p_lport != uh->uh_dport) 259102421Smike continue; 260102421Smike /* 261102421Smike * XXX: Do not check source port of incoming datagram 262102421Smike * unless inp_connect() has been called to bind the 263102421Smike * fport part of the 4-tuple; the source could be 264102421Smike * trying to talk to us with an ephemeral port. 265102421Smike */ 266102421Smike if (inp->inp_fport != 0 && 267102421Smike inp->inp_fport != uh->uh_sport) 268102421Smike continue; 269102227Smike if (!IN6_IS_ADDR_UNSPECIFIED(&inp->in6p_laddr)) { 270104341Smike if (!IN6_ARE_ADDR_EQUAL(&inp->in6p_laddr, 27115481Sbde &ip6->ip6_dst)) 27212642Sbde continue; 27367708Sphk } 27467708Sphk if (!IN6_IS_ADDR_UNSPECIFIED(&inp->in6p_faddr)) { 27555205Speter if (!IN6_ARE_ADDR_EQUAL(&inp->in6p_faddr, 27646818Sphk &ip6->ip6_src) || 2771541Srgrimes inp->in6p_fport != uh->uh_sport) 278103867Smike continue; 279103867Smike } 2801541Srgrimes 281103867Smike if (last != NULL) { 2821541Srgrimes struct mbuf *n; 283103867Smike 2841541Srgrimes if ((n = m_copy(m, 0, M_COPYALL)) != NULL) { 285104341Smike INP_RLOCK(last); 28624896Sbde udp6_append(last, n, off, &fromsa); 287104341Smike INP_RUNLOCK(last); 288104341Smike } 289104341Smike } 290104341Smike last = inp; 291104341Smike /* 292104341Smike * Don't look for additional matches if this one does 293104341Smike * not have either the SO_REUSEPORT or SO_REUSEADDR 294104341Smike * socket options set. This heuristic avoids 295104341Smike * searching through all pcbs in the common case of a 296104341Smike * non-shared port. It assumes that an application 29724896Sbde * will never clear these options after setting them. 29824896Sbde */ 29924896Sbde if ((last->inp_socket->so_options & 30024896Sbde (SO_REUSEPORT|SO_REUSEADDR)) == 0) 30155205Speter break; 30224896Sbde } 30324896Sbde 30424896Sbde if (last == NULL) { 30592719Salfred /* 30624896Sbde * No matching pcb found; discard datagram. (No need 30724896Sbde * to send an ICMP Port Unreachable for a broadcast 30824896Sbde * or multicast datgram.) 30992719Salfred */ 31024896Sbde V_udpstat.udps_noport++; 31124896Sbde V_udpstat.udps_noportmcast++; 31224896Sbde goto badheadlocked; 31392719Salfred } 31424896Sbde INP_RLOCK(last); 31524896Sbde INP_INFO_RUNLOCK(&V_udbinfo); 31624896Sbde udp6_append(last, m, off, &fromsa); 31792719Salfred INP_RUNLOCK(last); 31824896Sbde return (IPPROTO_DONE); 31924896Sbde } 32055205Speter /* 32124896Sbde * Locate pcb for datagram. 32298271Swollman */ 3231541Srgrimes inp = in6_pcblookup_hash(&V_udbinfo, &ip6->ip6_src, uh->uh_sport, 3241541Srgrimes &ip6->ip6_dst, uh->uh_dport, 1, m->m_pkthdr.rcvif); 325 if (inp == NULL) { 326 if (udp_log_in_vain) { 327 char ip6bufs[INET6_ADDRSTRLEN]; 328 char ip6bufd[INET6_ADDRSTRLEN]; 329 330 log(LOG_INFO, 331 "Connection attempt to UDP [%s]:%d from [%s]:%d\n", 332 ip6_sprintf(ip6bufd, &ip6->ip6_dst), 333 ntohs(uh->uh_dport), 334 ip6_sprintf(ip6bufs, &ip6->ip6_src), 335 ntohs(uh->uh_sport)); 336 } 337 V_udpstat.udps_noport++; 338 if (m->m_flags & M_MCAST) { 339 printf("UDP6: M_MCAST is set in a unicast packet.\n"); 340 V_udpstat.udps_noportmcast++; 341 goto badheadlocked; 342 } 343 INP_INFO_RUNLOCK(&V_udbinfo); 344 if (V_udp_blackhole) 345 goto badunlocked; 346 if (badport_bandlim(BANDLIM_ICMP6_UNREACH) < 0) 347 goto badunlocked; 348 icmp6_error(m, ICMP6_DST_UNREACH, ICMP6_DST_UNREACH_NOPORT, 0); 349 return (IPPROTO_DONE); 350 } 351 INP_RLOCK(inp); 352 INP_INFO_RUNLOCK(&V_udbinfo); 353 udp6_append(inp, m, off, &fromsa); 354 INP_RUNLOCK(inp); 355 return (IPPROTO_DONE); 356 357badheadlocked: 358 INP_INFO_RUNLOCK(&V_udbinfo); 359badunlocked: 360 if (m) 361 m_freem(m); 362 return (IPPROTO_DONE); 363} 364 365void 366udp6_ctlinput(int cmd, struct sockaddr *sa, void *d) 367{ 368 INIT_VNET_INET(curvnet); 369 struct udphdr uh; 370 struct ip6_hdr *ip6; 371 struct mbuf *m; 372 int off = 0; 373 struct ip6ctlparam *ip6cp = NULL; 374 const struct sockaddr_in6 *sa6_src = NULL; 375 void *cmdarg; 376 struct inpcb *(*notify)(struct inpcb *, int) = udp_notify; 377 struct udp_portonly { 378 u_int16_t uh_sport; 379 u_int16_t uh_dport; 380 } *uhp; 381 382 if (sa->sa_family != AF_INET6 || 383 sa->sa_len != sizeof(struct sockaddr_in6)) 384 return; 385 386 if ((unsigned)cmd >= PRC_NCMDS) 387 return; 388 if (PRC_IS_REDIRECT(cmd)) 389 notify = in6_rtchange, d = NULL; 390 else if (cmd == PRC_HOSTDEAD) 391 d = NULL; 392 else if (inet6ctlerrmap[cmd] == 0) 393 return; 394 395 /* if the parameter is from icmp6, decode it. */ 396 if (d != NULL) { 397 ip6cp = (struct ip6ctlparam *)d; 398 m = ip6cp->ip6c_m; 399 ip6 = ip6cp->ip6c_ip6; 400 off = ip6cp->ip6c_off; 401 cmdarg = ip6cp->ip6c_cmdarg; 402 sa6_src = ip6cp->ip6c_src; 403 } else { 404 m = NULL; 405 ip6 = NULL; 406 cmdarg = NULL; 407 sa6_src = &sa6_any; 408 } 409 410 if (ip6) { 411 /* 412 * XXX: We assume that when IPV6 is non NULL, 413 * M and OFF are valid. 414 */ 415 416 /* Check if we can safely examine src and dst ports. */ 417 if (m->m_pkthdr.len < off + sizeof(*uhp)) 418 return; 419 420 bzero(&uh, sizeof(uh)); 421 m_copydata(m, off, sizeof(*uhp), (caddr_t)&uh); 422 423 (void) in6_pcbnotify(&V_udbinfo, sa, uh.uh_dport, 424 (struct sockaddr *)ip6cp->ip6c_src, uh.uh_sport, cmd, 425 cmdarg, notify); 426 } else 427 (void) in6_pcbnotify(&V_udbinfo, sa, 0, 428 (const struct sockaddr *)sa6_src, 0, cmd, cmdarg, notify); 429} 430 431static int 432udp6_getcred(SYSCTL_HANDLER_ARGS) 433{ 434 INIT_VNET_INET(curvnet); 435 INIT_VNET_INET6(curvnet); 436 struct xucred xuc; 437 struct sockaddr_in6 addrs[2]; 438 struct inpcb *inp; 439 int error; 440 441 error = priv_check(req->td, PRIV_NETINET_GETCRED); 442 if (error) 443 return (error); 444 445 if (req->newlen != sizeof(addrs)) 446 return (EINVAL); 447 if (req->oldlen != sizeof(struct xucred)) 448 return (EINVAL); 449 error = SYSCTL_IN(req, addrs, sizeof(addrs)); 450 if (error) 451 return (error); 452 if ((error = sa6_embedscope(&addrs[0], V_ip6_use_defzone)) != 0 || 453 (error = sa6_embedscope(&addrs[1], V_ip6_use_defzone)) != 0) { 454 return (error); 455 } 456 INP_INFO_RLOCK(&V_udbinfo); 457 inp = in6_pcblookup_hash(&V_udbinfo, &addrs[1].sin6_addr, 458 addrs[1].sin6_port, &addrs[0].sin6_addr, addrs[0].sin6_port, 1, 459 NULL); 460 if (inp != NULL) { 461 INP_RLOCK(inp); 462 INP_INFO_RUNLOCK(&V_udbinfo); 463 if (inp->inp_socket == NULL) 464 error = ENOENT; 465 if (error == 0) 466 error = cr_canseesocket(req->td->td_ucred, 467 inp->inp_socket); 468 if (error == 0) 469 cru2x(inp->inp_cred, &xuc); 470 INP_RUNLOCK(inp); 471 } else { 472 INP_INFO_RUNLOCK(&V_udbinfo); 473 error = ENOENT; 474 } 475 if (error == 0) 476 error = SYSCTL_OUT(req, &xuc, sizeof(struct xucred)); 477 return (error); 478} 479 480SYSCTL_PROC(_net_inet6_udp6, OID_AUTO, getcred, CTLTYPE_OPAQUE|CTLFLAG_RW, 0, 481 0, udp6_getcred, "S,xucred", "Get the xucred of a UDP6 connection"); 482 483static int 484udp6_output(struct inpcb *inp, struct mbuf *m, struct sockaddr *addr6, 485 struct mbuf *control, struct thread *td) 486{ 487 INIT_VNET_INET(curvnet); 488 INIT_VNET_INET6(curvnet); 489 u_int32_t ulen = m->m_pkthdr.len; 490 u_int32_t plen = sizeof(struct udphdr) + ulen; 491 struct ip6_hdr *ip6; 492 struct udphdr *udp6; 493 struct in6_addr *laddr, *faddr; 494 struct sockaddr_in6 *sin6 = NULL; 495 struct ifnet *oifp = NULL; 496 int scope_ambiguous = 0; 497 u_short fport; 498 int error = 0; 499 struct ip6_pktopts *optp, opt; 500 int af = AF_INET6, hlen = sizeof(struct ip6_hdr); 501 int flags; 502 struct sockaddr_in6 tmp; 503 504 INP_WLOCK_ASSERT(inp); 505 506 if (addr6) { 507 /* addr6 has been validated in udp6_send(). */ 508 sin6 = (struct sockaddr_in6 *)addr6; 509 510 /* protect *sin6 from overwrites */ 511 tmp = *sin6; 512 sin6 = &tmp; 513 514 /* 515 * Application should provide a proper zone ID or the use of 516 * default zone IDs should be enabled. Unfortunately, some 517 * applications do not behave as it should, so we need a 518 * workaround. Even if an appropriate ID is not determined, 519 * we'll see if we can determine the outgoing interface. If we 520 * can, determine the zone ID based on the interface below. 521 */ 522 if (sin6->sin6_scope_id == 0 && !V_ip6_use_defzone) 523 scope_ambiguous = 1; 524 if ((error = sa6_embedscope(sin6, V_ip6_use_defzone)) != 0) 525 return (error); 526 } 527 528 if (control) { 529 if ((error = ip6_setpktopts(control, &opt, 530 inp->in6p_outputopts, td->td_ucred, IPPROTO_UDP)) != 0) 531 goto release; 532 optp = &opt; 533 } else 534 optp = inp->in6p_outputopts; 535 536 if (sin6) { 537 faddr = &sin6->sin6_addr; 538 539 /* 540 * IPv4 version of udp_output calls in_pcbconnect in this case, 541 * which needs splnet and affects performance. 542 * Since we saw no essential reason for calling in_pcbconnect, 543 * we get rid of such kind of logic, and call in6_selectsrc 544 * and in6_pcbsetport in order to fill in the local address 545 * and the local port. 546 */ 547 if (sin6->sin6_port == 0) { 548 error = EADDRNOTAVAIL; 549 goto release; 550 } 551 552 if (!IN6_IS_ADDR_UNSPECIFIED(&inp->in6p_faddr)) { 553 /* how about ::ffff:0.0.0.0 case? */ 554 error = EISCONN; 555 goto release; 556 } 557 558 fport = sin6->sin6_port; /* allow 0 port */ 559 560 if (IN6_IS_ADDR_V4MAPPED(faddr)) { 561 if ((inp->in6p_flags & IN6P_IPV6_V6ONLY)) { 562 /* 563 * I believe we should explicitly discard the 564 * packet when mapped addresses are disabled, 565 * rather than send the packet as an IPv6 one. 566 * If we chose the latter approach, the packet 567 * might be sent out on the wire based on the 568 * default route, the situation which we'd 569 * probably want to avoid. 570 * (20010421 jinmei@kame.net) 571 */ 572 error = EINVAL; 573 goto release; 574 } 575 if (!IN6_IS_ADDR_UNSPECIFIED(&inp->in6p_laddr) && 576 !IN6_IS_ADDR_V4MAPPED(&inp->in6p_laddr)) { 577 /* 578 * when remote addr is an IPv4-mapped address, 579 * local addr should not be an IPv6 address, 580 * since you cannot determine how to map IPv6 581 * source address to IPv4. 582 */ 583 error = EINVAL; 584 goto release; 585 } 586 587 af = AF_INET; 588 } 589 590 if (!IN6_IS_ADDR_V4MAPPED(faddr)) { 591 laddr = in6_selectsrc(sin6, optp, inp, NULL, 592 td->td_ucred, &oifp, &error); 593 if (oifp && scope_ambiguous && 594 (error = in6_setscope(&sin6->sin6_addr, 595 oifp, NULL))) { 596 goto release; 597 } 598 } else 599 laddr = &inp->in6p_laddr; /* XXX */ 600 if (laddr == NULL) { 601 if (error == 0) 602 error = EADDRNOTAVAIL; 603 goto release; 604 } 605 if (inp->in6p_lport == 0 && 606 (error = in6_pcbsetport(laddr, inp, td->td_ucred)) != 0) 607 goto release; 608 } else { 609 if (IN6_IS_ADDR_UNSPECIFIED(&inp->in6p_faddr)) { 610 error = ENOTCONN; 611 goto release; 612 } 613 if (IN6_IS_ADDR_V4MAPPED(&inp->in6p_faddr)) { 614 if ((inp->in6p_flags & IN6P_IPV6_V6ONLY)) { 615 /* 616 * XXX: this case would happen when the 617 * application sets the V6ONLY flag after 618 * connecting the foreign address. 619 * Such applications should be fixed, 620 * so we bark here. 621 */ 622 log(LOG_INFO, "udp6_output: IPV6_V6ONLY " 623 "option was set for a connected socket\n"); 624 error = EINVAL; 625 goto release; 626 } else 627 af = AF_INET; 628 } 629 laddr = &inp->in6p_laddr; 630 faddr = &inp->in6p_faddr; 631 fport = inp->in6p_fport; 632 } 633 634 if (af == AF_INET) 635 hlen = sizeof(struct ip); 636 637 /* 638 * Calculate data length and get a mbuf 639 * for UDP and IP6 headers. 640 */ 641 M_PREPEND(m, hlen + sizeof(struct udphdr), M_DONTWAIT); 642 if (m == 0) { 643 error = ENOBUFS; 644 goto release; 645 } 646 647 /* 648 * Stuff checksum and output datagram. 649 */ 650 udp6 = (struct udphdr *)(mtod(m, caddr_t) + hlen); 651 udp6->uh_sport = inp->in6p_lport; /* lport is always set in the PCB */ 652 udp6->uh_dport = fport; 653 if (plen <= 0xffff) 654 udp6->uh_ulen = htons((u_short)plen); 655 else 656 udp6->uh_ulen = 0; 657 udp6->uh_sum = 0; 658 659 switch (af) { 660 case AF_INET6: 661 ip6 = mtod(m, struct ip6_hdr *); 662 ip6->ip6_flow = inp->in6p_flowinfo & IPV6_FLOWINFO_MASK; 663 ip6->ip6_vfc &= ~IPV6_VERSION_MASK; 664 ip6->ip6_vfc |= IPV6_VERSION; 665#if 0 /* ip6_plen will be filled in ip6_output. */ 666 ip6->ip6_plen = htons((u_short)plen); 667#endif 668 ip6->ip6_nxt = IPPROTO_UDP; 669 ip6->ip6_hlim = in6_selecthlim(inp, NULL); 670 ip6->ip6_src = *laddr; 671 ip6->ip6_dst = *faddr; 672 673 if ((udp6->uh_sum = in6_cksum(m, IPPROTO_UDP, 674 sizeof(struct ip6_hdr), plen)) == 0) { 675 udp6->uh_sum = 0xffff; 676 } 677 678 flags = 0; 679 680 V_udpstat.udps_opackets++; 681 error = ip6_output(m, optp, NULL, flags, inp->in6p_moptions, 682 NULL, inp); 683 break; 684 case AF_INET: 685 error = EAFNOSUPPORT; 686 goto release; 687 } 688 goto releaseopt; 689 690release: 691 m_freem(m); 692 693releaseopt: 694 if (control) { 695 ip6_clearpktopts(&opt, -1); 696 m_freem(control); 697 } 698 return (error); 699} 700 701static void 702udp6_abort(struct socket *so) 703{ 704 INIT_VNET_INET(so->so_vnet); 705 struct inpcb *inp; 706 707 inp = sotoinpcb(so); 708 KASSERT(inp != NULL, ("udp6_abort: inp == NULL")); 709 710#ifdef INET 711 if (inp->inp_vflag & INP_IPV4) { 712 struct pr_usrreqs *pru; 713 714 pru = inetsw[ip_protox[IPPROTO_UDP]].pr_usrreqs; 715 (*pru->pru_abort)(so); 716 return; 717 } 718#endif 719 720 INP_INFO_WLOCK(&V_udbinfo); 721 INP_WLOCK(inp); 722 if (!IN6_IS_ADDR_UNSPECIFIED(&inp->in6p_faddr)) { 723 in6_pcbdisconnect(inp); 724 inp->in6p_laddr = in6addr_any; 725 soisdisconnected(so); 726 } 727 INP_WUNLOCK(inp); 728 INP_INFO_WUNLOCK(&V_udbinfo); 729} 730 731static int 732udp6_attach(struct socket *so, int proto, struct thread *td) 733{ 734 INIT_VNET_INET(so->so_vnet); 735 struct inpcb *inp; 736 int error; 737 738 inp = sotoinpcb(so); 739 KASSERT(inp == NULL, ("udp6_attach: inp != NULL")); 740 741 if (so->so_snd.sb_hiwat == 0 || so->so_rcv.sb_hiwat == 0) { 742 error = soreserve(so, udp_sendspace, udp_recvspace); 743 if (error) 744 return (error); 745 } 746 INP_INFO_WLOCK(&V_udbinfo); 747 error = in_pcballoc(so, &V_udbinfo); 748 if (error) { 749 INP_INFO_WUNLOCK(&V_udbinfo); 750 return (error); 751 } 752 inp = (struct inpcb *)so->so_pcb; 753 INP_INFO_WUNLOCK(&V_udbinfo); 754 inp->inp_vflag |= INP_IPV6; 755 if ((inp->inp_flags & IN6P_IPV6_V6ONLY) == 0) 756 inp->inp_vflag |= INP_IPV4; 757 inp->in6p_hops = -1; /* use kernel default */ 758 inp->in6p_cksum = -1; /* just to be sure */ 759 /* 760 * XXX: ugly!! 761 * IPv4 TTL initialization is necessary for an IPv6 socket as well, 762 * because the socket may be bound to an IPv6 wildcard address, 763 * which may match an IPv4-mapped IPv6 address. 764 */ 765 inp->inp_ip_ttl = V_ip_defttl; 766 INP_WUNLOCK(inp); 767 return (0); 768} 769 770static int 771udp6_bind(struct socket *so, struct sockaddr *nam, struct thread *td) 772{ 773 INIT_VNET_INET(so->so_vnet); 774 struct inpcb *inp; 775 int error; 776 777 inp = sotoinpcb(so); 778 KASSERT(inp != NULL, ("udp6_bind: inp == NULL")); 779 780 INP_INFO_WLOCK(&V_udbinfo); 781 INP_WLOCK(inp); 782 inp->inp_vflag &= ~INP_IPV4; 783 inp->inp_vflag |= INP_IPV6; 784 if ((inp->inp_flags & IN6P_IPV6_V6ONLY) == 0) { 785 struct sockaddr_in6 *sin6_p; 786 787 sin6_p = (struct sockaddr_in6 *)nam; 788 789 if (IN6_IS_ADDR_UNSPECIFIED(&sin6_p->sin6_addr)) 790 inp->inp_vflag |= INP_IPV4; 791 else if (IN6_IS_ADDR_V4MAPPED(&sin6_p->sin6_addr)) { 792 struct sockaddr_in sin; 793 794 in6_sin6_2_sin(&sin, sin6_p); 795 inp->inp_vflag |= INP_IPV4; 796 inp->inp_vflag &= ~INP_IPV6; 797 error = in_pcbbind(inp, (struct sockaddr *)&sin, 798 td->td_ucred); 799 goto out; 800 } 801 } 802 803 error = in6_pcbbind(inp, nam, td->td_ucred); 804out: 805 INP_WUNLOCK(inp); 806 INP_INFO_WUNLOCK(&V_udbinfo); 807 return (error); 808} 809 810static void 811udp6_close(struct socket *so) 812{ 813 INIT_VNET_INET(so->so_vnet); 814 struct inpcb *inp; 815 816 inp = sotoinpcb(so); 817 KASSERT(inp != NULL, ("udp6_close: inp == NULL")); 818 819#ifdef INET 820 if (inp->inp_vflag & INP_IPV4) { 821 struct pr_usrreqs *pru; 822 823 pru = inetsw[ip_protox[IPPROTO_UDP]].pr_usrreqs; 824 (*pru->pru_disconnect)(so); 825 return; 826 } 827#endif 828 INP_INFO_WLOCK(&V_udbinfo); 829 INP_WLOCK(inp); 830 if (!IN6_IS_ADDR_UNSPECIFIED(&inp->in6p_faddr)) { 831 in6_pcbdisconnect(inp); 832 inp->in6p_laddr = in6addr_any; 833 soisdisconnected(so); 834 } 835 INP_WUNLOCK(inp); 836 INP_INFO_WUNLOCK(&V_udbinfo); 837} 838 839static int 840udp6_connect(struct socket *so, struct sockaddr *nam, struct thread *td) 841{ 842 INIT_VNET_INET(so->so_vnet); 843 struct inpcb *inp; 844 int error; 845 846 inp = sotoinpcb(so); 847 KASSERT(inp != NULL, ("udp6_connect: inp == NULL")); 848 849 INP_INFO_WLOCK(&V_udbinfo); 850 INP_WLOCK(inp); 851 if ((inp->inp_flags & IN6P_IPV6_V6ONLY) == 0) { 852 struct sockaddr_in6 *sin6_p; 853 854 sin6_p = (struct sockaddr_in6 *)nam; 855 if (IN6_IS_ADDR_V4MAPPED(&sin6_p->sin6_addr)) { 856 struct sockaddr_in sin; 857 858 if (inp->inp_faddr.s_addr != INADDR_ANY) { 859 error = EISCONN; 860 goto out; 861 } 862 in6_sin6_2_sin(&sin, sin6_p); 863 error = in_pcbconnect(inp, (struct sockaddr *)&sin, 864 td->td_ucred); 865 if (error == 0) { 866 inp->inp_vflag |= INP_IPV4; 867 inp->inp_vflag &= ~INP_IPV6; 868 soisconnected(so); 869 } 870 goto out; 871 } 872 } 873 if (!IN6_IS_ADDR_UNSPECIFIED(&inp->in6p_faddr)) { 874 error = EISCONN; 875 goto out; 876 } 877 error = in6_pcbconnect(inp, nam, td->td_ucred); 878 if (error == 0) { 879 if ((inp->inp_flags & IN6P_IPV6_V6ONLY) == 0) { 880 /* should be non mapped addr */ 881 inp->inp_vflag &= ~INP_IPV4; 882 inp->inp_vflag |= INP_IPV6; 883 } 884 soisconnected(so); 885 } 886out: 887 INP_WUNLOCK(inp); 888 INP_INFO_WUNLOCK(&V_udbinfo); 889 return (error); 890} 891 892static void 893udp6_detach(struct socket *so) 894{ 895 INIT_VNET_INET(so->so_vnet); 896 struct inpcb *inp; 897 898 inp = sotoinpcb(so); 899 KASSERT(inp != NULL, ("udp6_detach: inp == NULL")); 900 901 INP_INFO_WLOCK(&V_udbinfo); 902 INP_WLOCK(inp); 903 in6_pcbdetach(inp); 904 in6_pcbfree(inp); 905 INP_INFO_WUNLOCK(&V_udbinfo); 906} 907 908static int 909udp6_disconnect(struct socket *so) 910{ 911 INIT_VNET_INET(so->so_vnet); 912 struct inpcb *inp; 913 int error; 914 915 inp = sotoinpcb(so); 916 KASSERT(inp != NULL, ("udp6_disconnect: inp == NULL")); 917 918 INP_INFO_WLOCK(&V_udbinfo); 919 INP_WLOCK(inp); 920 921#ifdef INET 922 if (inp->inp_vflag & INP_IPV4) { 923 struct pr_usrreqs *pru; 924 925 pru = inetsw[ip_protox[IPPROTO_UDP]].pr_usrreqs; 926 error = (*pru->pru_disconnect)(so); 927 goto out; 928 } 929#endif 930 931 if (IN6_IS_ADDR_UNSPECIFIED(&inp->in6p_faddr)) { 932 error = ENOTCONN; 933 goto out; 934 } 935 936 in6_pcbdisconnect(inp); 937 inp->in6p_laddr = in6addr_any; 938 SOCK_LOCK(so); 939 so->so_state &= ~SS_ISCONNECTED; /* XXX */ 940 SOCK_UNLOCK(so); 941out: 942 INP_WUNLOCK(inp); 943 INP_INFO_WUNLOCK(&V_udbinfo); 944 return (0); 945} 946 947static int 948udp6_send(struct socket *so, int flags, struct mbuf *m, 949 struct sockaddr *addr, struct mbuf *control, struct thread *td) 950{ 951 INIT_VNET_INET(so->so_vnet); 952 struct inpcb *inp; 953 int error = 0; 954 955 inp = sotoinpcb(so); 956 KASSERT(inp != NULL, ("udp6_send: inp == NULL")); 957 958 INP_INFO_WLOCK(&V_udbinfo); 959 INP_WLOCK(inp); 960 if (addr) { 961 if (addr->sa_len != sizeof(struct sockaddr_in6)) { 962 error = EINVAL; 963 goto bad; 964 } 965 if (addr->sa_family != AF_INET6) { 966 error = EAFNOSUPPORT; 967 goto bad; 968 } 969 } 970 971#ifdef INET 972 if ((inp->inp_flags & IN6P_IPV6_V6ONLY) == 0) { 973 int hasv4addr; 974 struct sockaddr_in6 *sin6 = 0; 975 976 if (addr == 0) 977 hasv4addr = (inp->inp_vflag & INP_IPV4); 978 else { 979 sin6 = (struct sockaddr_in6 *)addr; 980 hasv4addr = IN6_IS_ADDR_V4MAPPED(&sin6->sin6_addr) 981 ? 1 : 0; 982 } 983 if (hasv4addr) { 984 struct pr_usrreqs *pru; 985 986 if (!IN6_IS_ADDR_UNSPECIFIED(&inp->in6p_laddr) && 987 !IN6_IS_ADDR_V4MAPPED(&inp->in6p_laddr)) { 988 /* 989 * When remote addr is IPv4-mapped address, 990 * local addr should not be an IPv6 address; 991 * since you cannot determine how to map IPv6 992 * source address to IPv4. 993 */ 994 error = EINVAL; 995 goto out; 996 } 997 998 /* 999 * XXXRW: We release UDP-layer locks before calling 1000 * udp_send() in order to avoid recursion. However, 1001 * this does mean there is a short window where inp's 1002 * fields are unstable. Could this lead to a 1003 * potential race in which the factors causing us to 1004 * select the UDPv4 output routine are invalidated? 1005 */ 1006 INP_WUNLOCK(inp); 1007 INP_INFO_WUNLOCK(&V_udbinfo); 1008 if (sin6) 1009 in6_sin6_2_sin_in_sock(addr); 1010 pru = inetsw[ip_protox[IPPROTO_UDP]].pr_usrreqs; 1011 /* addr will just be freed in sendit(). */ 1012 return ((*pru->pru_send)(so, flags, m, addr, control, 1013 td)); 1014 } 1015 } 1016#endif 1017#ifdef MAC 1018 mac_inpcb_create_mbuf(inp, m); 1019#endif 1020 error = udp6_output(inp, m, addr, control, td); 1021out: 1022 INP_WUNLOCK(inp); 1023 INP_INFO_WUNLOCK(&V_udbinfo); 1024 return (error); 1025 1026bad: 1027 INP_WUNLOCK(inp); 1028 INP_INFO_WUNLOCK(&V_udbinfo); 1029 m_freem(m); 1030 return (error); 1031} 1032 1033struct pr_usrreqs udp6_usrreqs = { 1034 .pru_abort = udp6_abort, 1035 .pru_attach = udp6_attach, 1036 .pru_bind = udp6_bind, 1037 .pru_connect = udp6_connect, 1038 .pru_control = in6_control, 1039 .pru_detach = udp6_detach, 1040 .pru_disconnect = udp6_disconnect, 1041 .pru_peeraddr = in6_mapped_peeraddr, 1042 .pru_send = udp6_send, 1043 .pru_shutdown = udp_shutdown, 1044 .pru_sockaddr = in6_mapped_sockaddr, 1045 .pru_soreceive = soreceive_dgram, 1046 .pru_sosend = sosend_dgram, 1047 .pru_sosetlabel = in_pcbsosetlabel, 1048 .pru_close = udp6_close 1049}; 1050