udp6_usrreq.c revision 183550
1/*- 2 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. 3 * All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * 2. Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in the 12 * documentation and/or other materials provided with the distribution. 13 * 3. Neither the name of the project nor the names of its contributors 14 * may be used to endorse or promote products derived from this software 15 * without specific prior written permission. 16 * 17 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND 18 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 19 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 20 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 21 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 22 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 23 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 24 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 25 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 26 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 27 * SUCH DAMAGE. 28 * 29 * $KAME: udp6_usrreq.c,v 1.27 2001/05/21 05:45:10 jinmei Exp $ 30 * $KAME: udp6_output.c,v 1.31 2001/05/21 16:39:15 jinmei Exp $ 31 */ 32 33/*- 34 * Copyright (c) 1982, 1986, 1988, 1990, 1993, 1995 35 * The Regents of the University of California. 36 * All rights reserved. 37 * 38 * Redistribution and use in source and binary forms, with or without 39 * modification, are permitted provided that the following conditions 40 * are met: 41 * 1. Redistributions of source code must retain the above copyright 42 * notice, this list of conditions and the following disclaimer. 43 * 2. Redistributions in binary form must reproduce the above copyright 44 * notice, this list of conditions and the following disclaimer in the 45 * documentation and/or other materials provided with the distribution. 46 * 4. Neither the name of the University nor the names of its contributors 47 * may be used to endorse or promote products derived from this software 48 * without specific prior written permission. 49 * 50 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 51 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 52 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 53 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 54 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 55 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 56 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 57 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 58 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 59 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 60 * SUCH DAMAGE. 61 * 62 * @(#)udp_usrreq.c 8.6 (Berkeley) 5/23/95 63 */ 64 65#include <sys/cdefs.h> 66__FBSDID("$FreeBSD: head/sys/netinet6/udp6_usrreq.c 183550 2008-10-02 15:37:58Z zec $"); 67 68#include "opt_inet.h" 69#include "opt_inet6.h" 70#include "opt_ipsec.h" 71#include "opt_mac.h" 72 73#include <sys/param.h> 74#include <sys/kernel.h> 75#include <sys/lock.h> 76#include <sys/mbuf.h> 77#include <sys/priv.h> 78#include <sys/proc.h> 79#include <sys/protosw.h> 80#include <sys/signalvar.h> 81#include <sys/socket.h> 82#include <sys/socketvar.h> 83#include <sys/sx.h> 84#include <sys/sysctl.h> 85#include <sys/syslog.h> 86#include <sys/systm.h> 87#include <sys/vimage.h> 88 89#include <net/if.h> 90#include <net/if_types.h> 91#include <net/route.h> 92 93#include <netinet/in.h> 94#include <netinet/in_pcb.h> 95#include <netinet/in_systm.h> 96#include <netinet/in_var.h> 97#include <netinet/ip.h> 98#include <netinet/ip_icmp.h> 99#include <netinet/ip6.h> 100#include <netinet/icmp_var.h> 101#include <netinet/icmp6.h> 102#include <netinet/ip_var.h> 103#include <netinet/udp.h> 104#include <netinet/udp_var.h> 105#include <netinet6/ip6protosw.h> 106#include <netinet6/ip6_var.h> 107#include <netinet6/in6_pcb.h> 108#include <netinet6/udp6_var.h> 109#include <netinet6/scope6_var.h> 110 111#ifdef IPSEC 112#include <netipsec/ipsec.h> 113#include <netipsec/ipsec6.h> 114#endif /* IPSEC */ 115 116#include <security/mac/mac_framework.h> 117 118/* 119 * UDP protocol implementation. 120 * Per RFC 768, August, 1980. 121 */ 122 123extern struct protosw inetsw[]; 124static void udp6_detach(struct socket *so); 125 126static void 127udp6_append(struct inpcb *inp, struct mbuf *n, int off, 128 struct sockaddr_in6 *fromsa) 129{ 130 INIT_VNET_INET(inp->inp_vnet); 131 struct socket *so; 132 struct mbuf *opts; 133 134 INP_LOCK_ASSERT(inp); 135 136#ifdef IPSEC 137 /* Check AH/ESP integrity. */ 138 if (ipsec6_in_reject(n, inp)) { 139 INIT_VNET_IPSEC(inp->inp_vnet); 140 m_freem(n); 141 V_ipsec6stat.in_polvio++; 142 return; 143 } 144#endif /* IPSEC */ 145#ifdef MAC 146 if (mac_inpcb_check_deliver(inp, n) != 0) { 147 m_freem(n); 148 return; 149 } 150#endif 151 opts = NULL; 152 if (inp->in6p_flags & IN6P_CONTROLOPTS || 153 inp->inp_socket->so_options & SO_TIMESTAMP) 154 ip6_savecontrol(inp, n, &opts); 155 m_adj(n, off + sizeof(struct udphdr)); 156 157 so = inp->inp_socket; 158 SOCKBUF_LOCK(&so->so_rcv); 159 if (sbappendaddr_locked(&so->so_rcv, (struct sockaddr *)fromsa, n, 160 opts) == 0) { 161 SOCKBUF_UNLOCK(&so->so_rcv); 162 m_freem(n); 163 if (opts) 164 m_freem(opts); 165 V_udpstat.udps_fullsock++; 166 } else 167 sorwakeup_locked(so); 168} 169 170int 171udp6_input(struct mbuf **mp, int *offp, int proto) 172{ 173 INIT_VNET_INET(curvnet); 174 INIT_VNET_INET6(curvnet); 175 struct mbuf *m = *mp; 176 struct ip6_hdr *ip6; 177 struct udphdr *uh; 178 struct inpcb *inp; 179 int off = *offp; 180 int plen, ulen; 181 struct sockaddr_in6 fromsa; 182 183 ip6 = mtod(m, struct ip6_hdr *); 184 185 if (faithprefix_p != NULL && (*faithprefix_p)(&ip6->ip6_dst)) { 186 /* XXX send icmp6 host/port unreach? */ 187 m_freem(m); 188 return (IPPROTO_DONE); 189 } 190 191#ifndef PULLDOWN_TEST 192 IP6_EXTHDR_CHECK(m, off, sizeof(struct udphdr), IPPROTO_DONE); 193 ip6 = mtod(m, struct ip6_hdr *); 194 uh = (struct udphdr *)((caddr_t)ip6 + off); 195#else 196 IP6_EXTHDR_GET(uh, struct udphdr *, m, off, sizeof(*uh)); 197 if (!uh) 198 return (IPPROTO_DONE); 199#endif 200 201 V_udpstat.udps_ipackets++; 202 203 /* 204 * Destination port of 0 is illegal, based on RFC768. 205 */ 206 if (uh->uh_dport == 0) 207 goto badunlocked; 208 209 plen = ntohs(ip6->ip6_plen) - off + sizeof(*ip6); 210 ulen = ntohs((u_short)uh->uh_ulen); 211 212 if (plen != ulen) { 213 V_udpstat.udps_badlen++; 214 goto badunlocked; 215 } 216 217 /* 218 * Checksum extended UDP header and data. 219 */ 220 if (uh->uh_sum == 0) { 221 V_udpstat.udps_nosum++; 222 goto badunlocked; 223 } 224 if (in6_cksum(m, IPPROTO_UDP, off, ulen) != 0) { 225 V_udpstat.udps_badsum++; 226 goto badunlocked; 227 } 228 229 /* 230 * Construct sockaddr format source address. 231 */ 232 init_sin6(&fromsa, m); 233 fromsa.sin6_port = uh->uh_sport; 234 235 INP_INFO_RLOCK(&V_udbinfo); 236 if (IN6_IS_ADDR_MULTICAST(&ip6->ip6_dst)) { 237 struct inpcb *last; 238 239 /* 240 * In the event that laddr should be set to the link-local 241 * address (this happens in RIPng), the multicast address 242 * specified in the received packet will not match laddr. To 243 * handle this situation, matching is relaxed if the 244 * receiving interface is the same as one specified in the 245 * socket and if the destination multicast address matches 246 * one of the multicast groups specified in the socket. 247 */ 248 249 /* 250 * KAME note: traditionally we dropped udpiphdr from mbuf 251 * here. We need udphdr for IPsec processing so we do that 252 * later. 253 */ 254 last = NULL; 255 LIST_FOREACH(inp, &V_udb, inp_list) { 256 if ((inp->inp_vflag & INP_IPV6) == 0) 257 continue; 258 if (inp->in6p_lport != uh->uh_dport) 259 continue; 260 /* 261 * XXX: Do not check source port of incoming datagram 262 * unless inp_connect() has been called to bind the 263 * fport part of the 4-tuple; the source could be 264 * trying to talk to us with an ephemeral port. 265 */ 266 if (inp->inp_fport != 0 && 267 inp->inp_fport != uh->uh_sport) 268 continue; 269 if (!IN6_IS_ADDR_UNSPECIFIED(&inp->in6p_laddr)) { 270 if (!IN6_ARE_ADDR_EQUAL(&inp->in6p_laddr, 271 &ip6->ip6_dst)) 272 continue; 273 } 274 if (!IN6_IS_ADDR_UNSPECIFIED(&inp->in6p_faddr)) { 275 if (!IN6_ARE_ADDR_EQUAL(&inp->in6p_faddr, 276 &ip6->ip6_src) || 277 inp->in6p_fport != uh->uh_sport) 278 continue; 279 } 280 281 if (last != NULL) { 282 struct mbuf *n; 283 284 if ((n = m_copy(m, 0, M_COPYALL)) != NULL) { 285 INP_RLOCK(last); 286 udp6_append(last, n, off, &fromsa); 287 INP_RUNLOCK(last); 288 } 289 } 290 last = inp; 291 /* 292 * Don't look for additional matches if this one does 293 * not have either the SO_REUSEPORT or SO_REUSEADDR 294 * socket options set. This heuristic avoids 295 * searching through all pcbs in the common case of a 296 * non-shared port. It assumes that an application 297 * will never clear these options after setting them. 298 */ 299 if ((last->inp_socket->so_options & 300 (SO_REUSEPORT|SO_REUSEADDR)) == 0) 301 break; 302 } 303 304 if (last == NULL) { 305 /* 306 * No matching pcb found; discard datagram. (No need 307 * to send an ICMP Port Unreachable for a broadcast 308 * or multicast datgram.) 309 */ 310 V_udpstat.udps_noport++; 311 V_udpstat.udps_noportmcast++; 312 goto badheadlocked; 313 } 314 INP_RLOCK(last); 315 INP_INFO_RUNLOCK(&V_udbinfo); 316 udp6_append(last, m, off, &fromsa); 317 INP_RUNLOCK(last); 318 return (IPPROTO_DONE); 319 } 320 /* 321 * Locate pcb for datagram. 322 */ 323 inp = in6_pcblookup_hash(&V_udbinfo, &ip6->ip6_src, uh->uh_sport, 324 &ip6->ip6_dst, uh->uh_dport, 1, m->m_pkthdr.rcvif); 325 if (inp == NULL) { 326 if (udp_log_in_vain) { 327 char ip6bufs[INET6_ADDRSTRLEN]; 328 char ip6bufd[INET6_ADDRSTRLEN]; 329 330 log(LOG_INFO, 331 "Connection attempt to UDP [%s]:%d from [%s]:%d\n", 332 ip6_sprintf(ip6bufd, &ip6->ip6_dst), 333 ntohs(uh->uh_dport), 334 ip6_sprintf(ip6bufs, &ip6->ip6_src), 335 ntohs(uh->uh_sport)); 336 } 337 V_udpstat.udps_noport++; 338 if (m->m_flags & M_MCAST) { 339 printf("UDP6: M_MCAST is set in a unicast packet.\n"); 340 V_udpstat.udps_noportmcast++; 341 goto badheadlocked; 342 } 343 INP_INFO_RUNLOCK(&V_udbinfo); 344 if (V_udp_blackhole) 345 goto badunlocked; 346 if (badport_bandlim(BANDLIM_ICMP6_UNREACH) < 0) 347 goto badunlocked; 348 icmp6_error(m, ICMP6_DST_UNREACH, ICMP6_DST_UNREACH_NOPORT, 0); 349 return (IPPROTO_DONE); 350 } 351 INP_RLOCK(inp); 352 INP_INFO_RUNLOCK(&V_udbinfo); 353 udp6_append(inp, m, off, &fromsa); 354 INP_RUNLOCK(inp); 355 return (IPPROTO_DONE); 356 357badheadlocked: 358 INP_INFO_RUNLOCK(&V_udbinfo); 359badunlocked: 360 if (m) 361 m_freem(m); 362 return (IPPROTO_DONE); 363} 364 365void 366udp6_ctlinput(int cmd, struct sockaddr *sa, void *d) 367{ 368 INIT_VNET_INET(curvnet); 369 struct udphdr uh; 370 struct ip6_hdr *ip6; 371 struct mbuf *m; 372 int off = 0; 373 struct ip6ctlparam *ip6cp = NULL; 374 const struct sockaddr_in6 *sa6_src = NULL; 375 void *cmdarg; 376 struct inpcb *(*notify)(struct inpcb *, int) = udp_notify; 377 struct udp_portonly { 378 u_int16_t uh_sport; 379 u_int16_t uh_dport; 380 } *uhp; 381 382 if (sa->sa_family != AF_INET6 || 383 sa->sa_len != sizeof(struct sockaddr_in6)) 384 return; 385 386 if ((unsigned)cmd >= PRC_NCMDS) 387 return; 388 if (PRC_IS_REDIRECT(cmd)) 389 notify = in6_rtchange, d = NULL; 390 else if (cmd == PRC_HOSTDEAD) 391 d = NULL; 392 else if (inet6ctlerrmap[cmd] == 0) 393 return; 394 395 /* if the parameter is from icmp6, decode it. */ 396 if (d != NULL) { 397 ip6cp = (struct ip6ctlparam *)d; 398 m = ip6cp->ip6c_m; 399 ip6 = ip6cp->ip6c_ip6; 400 off = ip6cp->ip6c_off; 401 cmdarg = ip6cp->ip6c_cmdarg; 402 sa6_src = ip6cp->ip6c_src; 403 } else { 404 m = NULL; 405 ip6 = NULL; 406 cmdarg = NULL; 407 sa6_src = &sa6_any; 408 } 409 410 if (ip6) { 411 /* 412 * XXX: We assume that when IPV6 is non NULL, 413 * M and OFF are valid. 414 */ 415 416 /* Check if we can safely examine src and dst ports. */ 417 if (m->m_pkthdr.len < off + sizeof(*uhp)) 418 return; 419 420 bzero(&uh, sizeof(uh)); 421 m_copydata(m, off, sizeof(*uhp), (caddr_t)&uh); 422 423 (void) in6_pcbnotify(&V_udbinfo, sa, uh.uh_dport, 424 (struct sockaddr *)ip6cp->ip6c_src, uh.uh_sport, cmd, 425 cmdarg, notify); 426 } else 427 (void) in6_pcbnotify(&V_udbinfo, sa, 0, 428 (const struct sockaddr *)sa6_src, 0, cmd, cmdarg, notify); 429} 430 431static int 432udp6_getcred(SYSCTL_HANDLER_ARGS) 433{ 434 INIT_VNET_INET(curvnet); 435 INIT_VNET_INET6(curvnet); 436 struct xucred xuc; 437 struct sockaddr_in6 addrs[2]; 438 struct inpcb *inp; 439 int error; 440 441 error = priv_check(req->td, PRIV_NETINET_GETCRED); 442 if (error) 443 return (error); 444 445 if (req->newlen != sizeof(addrs)) 446 return (EINVAL); 447 if (req->oldlen != sizeof(struct xucred)) 448 return (EINVAL); 449 error = SYSCTL_IN(req, addrs, sizeof(addrs)); 450 if (error) 451 return (error); 452 if ((error = sa6_embedscope(&addrs[0], V_ip6_use_defzone)) != 0 || 453 (error = sa6_embedscope(&addrs[1], V_ip6_use_defzone)) != 0) { 454 return (error); 455 } 456 INP_INFO_RLOCK(&V_udbinfo); 457 inp = in6_pcblookup_hash(&V_udbinfo, &addrs[1].sin6_addr, 458 addrs[1].sin6_port, &addrs[0].sin6_addr, addrs[0].sin6_port, 1, 459 NULL); 460 if (inp != NULL) { 461 INP_RLOCK(inp); 462 INP_INFO_RUNLOCK(&V_udbinfo); 463 if (inp->inp_socket == NULL) 464 error = ENOENT; 465 if (error == 0) 466 error = cr_canseesocket(req->td->td_ucred, 467 inp->inp_socket); 468 if (error == 0) 469 cru2x(inp->inp_socket->so_cred, &xuc); 470 INP_RUNLOCK(inp); 471 } else { 472 INP_INFO_RUNLOCK(&V_udbinfo); 473 error = ENOENT; 474 } 475 if (error == 0) 476 error = SYSCTL_OUT(req, &xuc, sizeof(struct xucred)); 477 return (error); 478} 479 480SYSCTL_PROC(_net_inet6_udp6, OID_AUTO, getcred, CTLTYPE_OPAQUE|CTLFLAG_RW, 0, 481 0, udp6_getcred, "S,xucred", "Get the xucred of a UDP6 connection"); 482 483static int 484udp6_output(struct inpcb *inp, struct mbuf *m, struct sockaddr *addr6, 485 struct mbuf *control, struct thread *td) 486{ 487 INIT_VNET_INET(curvnet); 488 INIT_VNET_INET6(curvnet); 489 u_int32_t ulen = m->m_pkthdr.len; 490 u_int32_t plen = sizeof(struct udphdr) + ulen; 491 struct ip6_hdr *ip6; 492 struct udphdr *udp6; 493 struct in6_addr *laddr, *faddr; 494 struct sockaddr_in6 *sin6 = NULL; 495 struct ifnet *oifp = NULL; 496 int scope_ambiguous = 0; 497 u_short fport; 498 int error = 0; 499 struct ip6_pktopts *optp, opt; 500 int af = AF_INET6, hlen = sizeof(struct ip6_hdr); 501 int flags; 502 struct sockaddr_in6 tmp; 503 504 INP_WLOCK_ASSERT(inp); 505 506 if (addr6) { 507 /* addr6 has been validated in udp6_send(). */ 508 sin6 = (struct sockaddr_in6 *)addr6; 509 510 /* protect *sin6 from overwrites */ 511 tmp = *sin6; 512 sin6 = &tmp; 513 514 /* 515 * Application should provide a proper zone ID or the use of 516 * default zone IDs should be enabled. Unfortunately, some 517 * applications do not behave as it should, so we need a 518 * workaround. Even if an appropriate ID is not determined, 519 * we'll see if we can determine the outgoing interface. If we 520 * can, determine the zone ID based on the interface below. 521 */ 522 if (sin6->sin6_scope_id == 0 && !V_ip6_use_defzone) 523 scope_ambiguous = 1; 524 if ((error = sa6_embedscope(sin6, V_ip6_use_defzone)) != 0) 525 return (error); 526 } 527 528 if (control) { 529 if ((error = ip6_setpktopts(control, &opt, 530 inp->in6p_outputopts, td->td_ucred, IPPROTO_UDP)) != 0) 531 goto release; 532 optp = &opt; 533 } else 534 optp = inp->in6p_outputopts; 535 536 if (sin6) { 537 faddr = &sin6->sin6_addr; 538 539 /* 540 * IPv4 version of udp_output calls in_pcbconnect in this case, 541 * which needs splnet and affects performance. 542 * Since we saw no essential reason for calling in_pcbconnect, 543 * we get rid of such kind of logic, and call in6_selectsrc 544 * and in6_pcbsetport in order to fill in the local address 545 * and the local port. 546 */ 547 if (sin6->sin6_port == 0) { 548 error = EADDRNOTAVAIL; 549 goto release; 550 } 551 552 if (!IN6_IS_ADDR_UNSPECIFIED(&inp->in6p_faddr)) { 553 /* how about ::ffff:0.0.0.0 case? */ 554 error = EISCONN; 555 goto release; 556 } 557 558 fport = sin6->sin6_port; /* allow 0 port */ 559 560 if (IN6_IS_ADDR_V4MAPPED(faddr)) { 561 if ((inp->in6p_flags & IN6P_IPV6_V6ONLY)) { 562 /* 563 * I believe we should explicitly discard the 564 * packet when mapped addresses are disabled, 565 * rather than send the packet as an IPv6 one. 566 * If we chose the latter approach, the packet 567 * might be sent out on the wire based on the 568 * default route, the situation which we'd 569 * probably want to avoid. 570 * (20010421 jinmei@kame.net) 571 */ 572 error = EINVAL; 573 goto release; 574 } 575 if (!IN6_IS_ADDR_UNSPECIFIED(&inp->in6p_laddr) && 576 !IN6_IS_ADDR_V4MAPPED(&inp->in6p_laddr)) { 577 /* 578 * when remote addr is an IPv4-mapped address, 579 * local addr should not be an IPv6 address, 580 * since you cannot determine how to map IPv6 581 * source address to IPv4. 582 */ 583 error = EINVAL; 584 goto release; 585 } 586 587 af = AF_INET; 588 } 589 590 if (!IN6_IS_ADDR_V4MAPPED(faddr)) { 591 laddr = in6_selectsrc(sin6, optp, inp, NULL, 592 td->td_ucred, &oifp, &error); 593 if (oifp && scope_ambiguous && 594 (error = in6_setscope(&sin6->sin6_addr, 595 oifp, NULL))) { 596 goto release; 597 } 598 } else 599 laddr = &inp->in6p_laddr; /* XXX */ 600 if (laddr == NULL) { 601 if (error == 0) 602 error = EADDRNOTAVAIL; 603 goto release; 604 } 605 if (inp->in6p_lport == 0 && 606 (error = in6_pcbsetport(laddr, inp, td->td_ucred)) != 0) 607 goto release; 608 } else { 609 if (IN6_IS_ADDR_UNSPECIFIED(&inp->in6p_faddr)) { 610 error = ENOTCONN; 611 goto release; 612 } 613 if (IN6_IS_ADDR_V4MAPPED(&inp->in6p_faddr)) { 614 if ((inp->in6p_flags & IN6P_IPV6_V6ONLY)) { 615 /* 616 * XXX: this case would happen when the 617 * application sets the V6ONLY flag after 618 * connecting the foreign address. 619 * Such applications should be fixed, 620 * so we bark here. 621 */ 622 log(LOG_INFO, "udp6_output: IPV6_V6ONLY " 623 "option was set for a connected socket\n"); 624 error = EINVAL; 625 goto release; 626 } else 627 af = AF_INET; 628 } 629 laddr = &inp->in6p_laddr; 630 faddr = &inp->in6p_faddr; 631 fport = inp->in6p_fport; 632 } 633 634 if (af == AF_INET) 635 hlen = sizeof(struct ip); 636 637 /* 638 * Calculate data length and get a mbuf 639 * for UDP and IP6 headers. 640 */ 641 M_PREPEND(m, hlen + sizeof(struct udphdr), M_DONTWAIT); 642 if (m == 0) { 643 error = ENOBUFS; 644 goto release; 645 } 646 647 /* 648 * Stuff checksum and output datagram. 649 */ 650 udp6 = (struct udphdr *)(mtod(m, caddr_t) + hlen); 651 udp6->uh_sport = inp->in6p_lport; /* lport is always set in the PCB */ 652 udp6->uh_dport = fport; 653 if (plen <= 0xffff) 654 udp6->uh_ulen = htons((u_short)plen); 655 else 656 udp6->uh_ulen = 0; 657 udp6->uh_sum = 0; 658 659 switch (af) { 660 case AF_INET6: 661 ip6 = mtod(m, struct ip6_hdr *); 662 ip6->ip6_flow = inp->in6p_flowinfo & IPV6_FLOWINFO_MASK; 663 ip6->ip6_vfc &= ~IPV6_VERSION_MASK; 664 ip6->ip6_vfc |= IPV6_VERSION; 665#if 0 /* ip6_plen will be filled in ip6_output. */ 666 ip6->ip6_plen = htons((u_short)plen); 667#endif 668 ip6->ip6_nxt = IPPROTO_UDP; 669 ip6->ip6_hlim = in6_selecthlim(inp, NULL); 670 ip6->ip6_src = *laddr; 671 ip6->ip6_dst = *faddr; 672 673 if ((udp6->uh_sum = in6_cksum(m, IPPROTO_UDP, 674 sizeof(struct ip6_hdr), plen)) == 0) { 675 udp6->uh_sum = 0xffff; 676 } 677 678 flags = 0; 679 680 V_udpstat.udps_opackets++; 681 error = ip6_output(m, optp, NULL, flags, inp->in6p_moptions, 682 NULL, inp); 683 break; 684 case AF_INET: 685 error = EAFNOSUPPORT; 686 goto release; 687 } 688 goto releaseopt; 689 690release: 691 m_freem(m); 692 693releaseopt: 694 if (control) { 695 ip6_clearpktopts(&opt, -1); 696 m_freem(control); 697 } 698 return (error); 699} 700 701static void 702udp6_abort(struct socket *so) 703{ 704 INIT_VNET_INET(so->so_vnet); 705 struct inpcb *inp; 706 707 inp = sotoinpcb(so); 708 KASSERT(inp != NULL, ("udp6_abort: inp == NULL")); 709 710#ifdef INET 711 if (inp->inp_vflag & INP_IPV4) { 712 struct pr_usrreqs *pru; 713 714 pru = inetsw[ip_protox[IPPROTO_UDP]].pr_usrreqs; 715 (*pru->pru_abort)(so); 716 return; 717 } 718#endif 719 720 INP_INFO_WLOCK(&V_udbinfo); 721 INP_WLOCK(inp); 722 if (!IN6_IS_ADDR_UNSPECIFIED(&inp->in6p_faddr)) { 723 in6_pcbdisconnect(inp); 724 inp->in6p_laddr = in6addr_any; 725 soisdisconnected(so); 726 } 727 INP_WUNLOCK(inp); 728 INP_INFO_WUNLOCK(&V_udbinfo); 729} 730 731static int 732udp6_attach(struct socket *so, int proto, struct thread *td) 733{ 734 INIT_VNET_INET(so->so_vnet); 735 struct inpcb *inp; 736 int error; 737 738 inp = sotoinpcb(so); 739 KASSERT(inp == NULL, ("udp6_attach: inp != NULL")); 740 741 if (so->so_snd.sb_hiwat == 0 || so->so_rcv.sb_hiwat == 0) { 742 error = soreserve(so, udp_sendspace, udp_recvspace); 743 if (error) 744 return (error); 745 } 746 INP_INFO_WLOCK(&V_udbinfo); 747 error = in_pcballoc(so, &V_udbinfo); 748 if (error) { 749 INP_INFO_WUNLOCK(&V_udbinfo); 750 return (error); 751 } 752 inp = (struct inpcb *)so->so_pcb; 753 INP_INFO_WUNLOCK(&V_udbinfo); 754 inp->inp_vflag |= INP_IPV6; 755 if ((inp->inp_flags & IN6P_IPV6_V6ONLY) == 0) 756 inp->inp_vflag |= INP_IPV4; 757 inp->in6p_hops = -1; /* use kernel default */ 758 inp->in6p_cksum = -1; /* just to be sure */ 759 /* 760 * XXX: ugly!! 761 * IPv4 TTL initialization is necessary for an IPv6 socket as well, 762 * because the socket may be bound to an IPv6 wildcard address, 763 * which may match an IPv4-mapped IPv6 address. 764 */ 765 inp->inp_ip_ttl = V_ip_defttl; 766 INP_WUNLOCK(inp); 767 return (0); 768} 769 770static int 771udp6_bind(struct socket *so, struct sockaddr *nam, struct thread *td) 772{ 773 INIT_VNET_INET(so->so_vnet); 774 struct inpcb *inp; 775 int error; 776 777 inp = sotoinpcb(so); 778 KASSERT(inp != NULL, ("udp6_bind: inp == NULL")); 779 780 INP_INFO_WLOCK(&V_udbinfo); 781 INP_WLOCK(inp); 782 inp->inp_vflag &= ~INP_IPV4; 783 inp->inp_vflag |= INP_IPV6; 784 if ((inp->inp_flags & IN6P_IPV6_V6ONLY) == 0) { 785 struct sockaddr_in6 *sin6_p; 786 787 sin6_p = (struct sockaddr_in6 *)nam; 788 789 if (IN6_IS_ADDR_UNSPECIFIED(&sin6_p->sin6_addr)) 790 inp->inp_vflag |= INP_IPV4; 791 else if (IN6_IS_ADDR_V4MAPPED(&sin6_p->sin6_addr)) { 792 struct sockaddr_in sin; 793 794 in6_sin6_2_sin(&sin, sin6_p); 795 inp->inp_vflag |= INP_IPV4; 796 inp->inp_vflag &= ~INP_IPV6; 797 error = in_pcbbind(inp, (struct sockaddr *)&sin, 798 td->td_ucred); 799 goto out; 800 } 801 } 802 803 error = in6_pcbbind(inp, nam, td->td_ucred); 804out: 805 INP_WUNLOCK(inp); 806 INP_INFO_WUNLOCK(&V_udbinfo); 807 return (error); 808} 809 810static void 811udp6_close(struct socket *so) 812{ 813 INIT_VNET_INET(so->so_vnet); 814 struct inpcb *inp; 815 816 inp = sotoinpcb(so); 817 KASSERT(inp != NULL, ("udp6_close: inp == NULL")); 818 819#ifdef INET 820 if (inp->inp_vflag & INP_IPV4) { 821 struct pr_usrreqs *pru; 822 823 pru = inetsw[ip_protox[IPPROTO_UDP]].pr_usrreqs; 824 (*pru->pru_disconnect)(so); 825 return; 826 } 827#endif 828 INP_INFO_WLOCK(&V_udbinfo); 829 INP_WLOCK(inp); 830 if (!IN6_IS_ADDR_UNSPECIFIED(&inp->in6p_faddr)) { 831 in6_pcbdisconnect(inp); 832 inp->in6p_laddr = in6addr_any; 833 soisdisconnected(so); 834 } 835 INP_WUNLOCK(inp); 836 INP_INFO_WUNLOCK(&V_udbinfo); 837} 838 839static int 840udp6_connect(struct socket *so, struct sockaddr *nam, struct thread *td) 841{ 842 INIT_VNET_INET(so->so_vnet); 843 struct inpcb *inp; 844 int error; 845 846 inp = sotoinpcb(so); 847 KASSERT(inp != NULL, ("udp6_connect: inp == NULL")); 848 849 INP_INFO_WLOCK(&V_udbinfo); 850 INP_WLOCK(inp); 851 if ((inp->inp_flags & IN6P_IPV6_V6ONLY) == 0) { 852 struct sockaddr_in6 *sin6_p; 853 854 sin6_p = (struct sockaddr_in6 *)nam; 855 if (IN6_IS_ADDR_V4MAPPED(&sin6_p->sin6_addr)) { 856 struct sockaddr_in sin; 857 858 if (inp->inp_faddr.s_addr != INADDR_ANY) { 859 error = EISCONN; 860 goto out; 861 } 862 in6_sin6_2_sin(&sin, sin6_p); 863 error = in_pcbconnect(inp, (struct sockaddr *)&sin, 864 td->td_ucred); 865 if (error == 0) { 866 inp->inp_vflag |= INP_IPV4; 867 inp->inp_vflag &= ~INP_IPV6; 868 soisconnected(so); 869 } 870 goto out; 871 } 872 } 873 if (!IN6_IS_ADDR_UNSPECIFIED(&inp->in6p_faddr)) { 874 error = EISCONN; 875 goto out; 876 } 877 error = in6_pcbconnect(inp, nam, td->td_ucred); 878 if (error == 0) { 879 if ((inp->inp_flags & IN6P_IPV6_V6ONLY) == 0) { 880 /* should be non mapped addr */ 881 inp->inp_vflag &= ~INP_IPV4; 882 inp->inp_vflag |= INP_IPV6; 883 } 884 soisconnected(so); 885 } 886out: 887 INP_WUNLOCK(inp); 888 INP_INFO_WUNLOCK(&V_udbinfo); 889 return (error); 890} 891 892static void 893udp6_detach(struct socket *so) 894{ 895 INIT_VNET_INET(so->so_vnet); 896 struct inpcb *inp; 897 898 inp = sotoinpcb(so); 899 KASSERT(inp != NULL, ("udp6_detach: inp == NULL")); 900 901 INP_INFO_WLOCK(&V_udbinfo); 902 INP_WLOCK(inp); 903 in6_pcbdetach(inp); 904 in6_pcbfree(inp); 905 INP_INFO_WUNLOCK(&V_udbinfo); 906} 907 908static int 909udp6_disconnect(struct socket *so) 910{ 911 INIT_VNET_INET(so->so_vnet); 912 struct inpcb *inp; 913 int error; 914 915 inp = sotoinpcb(so); 916 KASSERT(inp != NULL, ("udp6_disconnect: inp == NULL")); 917 918 INP_INFO_WLOCK(&V_udbinfo); 919 INP_WLOCK(inp); 920 921#ifdef INET 922 if (inp->inp_vflag & INP_IPV4) { 923 struct pr_usrreqs *pru; 924 925 pru = inetsw[ip_protox[IPPROTO_UDP]].pr_usrreqs; 926 error = (*pru->pru_disconnect)(so); 927 goto out; 928 } 929#endif 930 931 if (IN6_IS_ADDR_UNSPECIFIED(&inp->in6p_faddr)) { 932 error = ENOTCONN; 933 goto out; 934 } 935 936 in6_pcbdisconnect(inp); 937 inp->in6p_laddr = in6addr_any; 938 /* XXXRW: so_state locking? */ 939 so->so_state &= ~SS_ISCONNECTED; /* XXX */ 940out: 941 INP_WUNLOCK(inp); 942 INP_INFO_WUNLOCK(&V_udbinfo); 943 return (0); 944} 945 946static int 947udp6_send(struct socket *so, int flags, struct mbuf *m, 948 struct sockaddr *addr, struct mbuf *control, struct thread *td) 949{ 950 INIT_VNET_INET(so->so_vnet); 951 struct inpcb *inp; 952 int error = 0; 953 954 inp = sotoinpcb(so); 955 KASSERT(inp != NULL, ("udp6_send: inp == NULL")); 956 957 INP_INFO_WLOCK(&V_udbinfo); 958 INP_WLOCK(inp); 959 if (addr) { 960 if (addr->sa_len != sizeof(struct sockaddr_in6)) { 961 error = EINVAL; 962 goto bad; 963 } 964 if (addr->sa_family != AF_INET6) { 965 error = EAFNOSUPPORT; 966 goto bad; 967 } 968 } 969 970#ifdef INET 971 if ((inp->inp_flags & IN6P_IPV6_V6ONLY) == 0) { 972 int hasv4addr; 973 struct sockaddr_in6 *sin6 = 0; 974 975 if (addr == 0) 976 hasv4addr = (inp->inp_vflag & INP_IPV4); 977 else { 978 sin6 = (struct sockaddr_in6 *)addr; 979 hasv4addr = IN6_IS_ADDR_V4MAPPED(&sin6->sin6_addr) 980 ? 1 : 0; 981 } 982 if (hasv4addr) { 983 struct pr_usrreqs *pru; 984 985 if (!IN6_IS_ADDR_UNSPECIFIED(&inp->in6p_laddr) && 986 !IN6_IS_ADDR_V4MAPPED(&inp->in6p_laddr)) { 987 /* 988 * When remote addr is IPv4-mapped address, 989 * local addr should not be an IPv6 address; 990 * since you cannot determine how to map IPv6 991 * source address to IPv4. 992 */ 993 error = EINVAL; 994 goto out; 995 } 996 997 /* 998 * XXXRW: We release UDP-layer locks before calling 999 * udp_send() in order to avoid recursion. However, 1000 * this does mean there is a short window where inp's 1001 * fields are unstable. Could this lead to a 1002 * potential race in which the factors causing us to 1003 * select the UDPv4 output routine are invalidated? 1004 */ 1005 INP_WUNLOCK(inp); 1006 INP_INFO_WUNLOCK(&V_udbinfo); 1007 if (sin6) 1008 in6_sin6_2_sin_in_sock(addr); 1009 pru = inetsw[ip_protox[IPPROTO_UDP]].pr_usrreqs; 1010 /* addr will just be freed in sendit(). */ 1011 return ((*pru->pru_send)(so, flags, m, addr, control, 1012 td)); 1013 } 1014 } 1015#endif 1016#ifdef MAC 1017 mac_inpcb_create_mbuf(inp, m); 1018#endif 1019 error = udp6_output(inp, m, addr, control, td); 1020out: 1021 INP_WUNLOCK(inp); 1022 INP_INFO_WUNLOCK(&V_udbinfo); 1023 return (error); 1024 1025bad: 1026 INP_WUNLOCK(inp); 1027 INP_INFO_WUNLOCK(&V_udbinfo); 1028 m_freem(m); 1029 return (error); 1030} 1031 1032struct pr_usrreqs udp6_usrreqs = { 1033 .pru_abort = udp6_abort, 1034 .pru_attach = udp6_attach, 1035 .pru_bind = udp6_bind, 1036 .pru_connect = udp6_connect, 1037 .pru_control = in6_control, 1038 .pru_detach = udp6_detach, 1039 .pru_disconnect = udp6_disconnect, 1040 .pru_peeraddr = in6_mapped_peeraddr, 1041 .pru_send = udp6_send, 1042 .pru_shutdown = udp_shutdown, 1043 .pru_sockaddr = in6_mapped_sockaddr, 1044 .pru_soreceive = soreceive_dgram, 1045 .pru_sosend = sosend_dgram, 1046 .pru_sosetlabel = in_pcbsosetlabel, 1047 .pru_close = udp6_close 1048}; 1049