udp6_usrreq.c revision 186813
1/*- 2 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. 3 * All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * 2. Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in the 12 * documentation and/or other materials provided with the distribution. 13 * 3. Neither the name of the project nor the names of its contributors 14 * may be used to endorse or promote products derived from this software 15 * without specific prior written permission. 16 * 17 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND 18 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 19 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 20 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 21 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 22 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 23 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 24 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 25 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 26 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 27 * SUCH DAMAGE. 28 * 29 * $KAME: udp6_usrreq.c,v 1.27 2001/05/21 05:45:10 jinmei Exp $ 30 * $KAME: udp6_output.c,v 1.31 2001/05/21 16:39:15 jinmei Exp $ 31 */ 32 33/*- 34 * Copyright (c) 1982, 1986, 1988, 1990, 1993, 1995 35 * The Regents of the University of California. 36 * All rights reserved. 37 * 38 * Redistribution and use in source and binary forms, with or without 39 * modification, are permitted provided that the following conditions 40 * are met: 41 * 1. Redistributions of source code must retain the above copyright 42 * notice, this list of conditions and the following disclaimer. 43 * 2. Redistributions in binary form must reproduce the above copyright 44 * notice, this list of conditions and the following disclaimer in the 45 * documentation and/or other materials provided with the distribution. 46 * 4. Neither the name of the University nor the names of its contributors 47 * may be used to endorse or promote products derived from this software 48 * without specific prior written permission. 49 * 50 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 51 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 52 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 53 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 54 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 55 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 56 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 57 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 58 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 59 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 60 * SUCH DAMAGE. 61 * 62 * @(#)udp_usrreq.c 8.6 (Berkeley) 5/23/95 63 */ 64 65#include <sys/cdefs.h> 66__FBSDID("$FreeBSD: head/sys/netinet6/udp6_usrreq.c 186813 2009-01-06 12:13:40Z rrs $"); 67 68#include "opt_inet.h" 69#include "opt_inet6.h" 70#include "opt_ipsec.h" 71#include "opt_mac.h" 72 73#include <sys/param.h> 74#include <sys/jail.h> 75#include <sys/kernel.h> 76#include <sys/lock.h> 77#include <sys/mbuf.h> 78#include <sys/priv.h> 79#include <sys/proc.h> 80#include <sys/protosw.h> 81#include <sys/signalvar.h> 82#include <sys/socket.h> 83#include <sys/socketvar.h> 84#include <sys/sx.h> 85#include <sys/sysctl.h> 86#include <sys/syslog.h> 87#include <sys/systm.h> 88#include <sys/vimage.h> 89 90#include <net/if.h> 91#include <net/if_types.h> 92#include <net/route.h> 93 94#include <netinet/in.h> 95#include <netinet/in_pcb.h> 96#include <netinet/in_systm.h> 97#include <netinet/in_var.h> 98#include <netinet/ip.h> 99#include <netinet/ip_icmp.h> 100#include <netinet/ip6.h> 101#include <netinet/icmp_var.h> 102#include <netinet/icmp6.h> 103#include <netinet/ip_var.h> 104#include <netinet/udp.h> 105#include <netinet/udp_var.h> 106#include <netinet/vinet.h> 107 108#include <netinet6/ip6protosw.h> 109#include <netinet6/ip6_var.h> 110#include <netinet6/in6_pcb.h> 111#include <netinet6/udp6_var.h> 112#include <netinet6/scope6_var.h> 113#include <netinet6/vinet6.h> 114 115#ifdef IPSEC 116#include <netipsec/ipsec.h> 117#include <netipsec/ipsec6.h> 118#endif /* IPSEC */ 119 120#include <security/mac/mac_framework.h> 121 122/* 123 * UDP protocol implementation. 124 * Per RFC 768, August, 1980. 125 */ 126 127extern struct protosw inetsw[]; 128static void udp6_detach(struct socket *so); 129 130static void 131udp6_append(struct inpcb *inp, struct mbuf *n, int off, 132 struct sockaddr_in6 *fromsa) 133{ 134 INIT_VNET_INET(inp->inp_vnet); 135 struct socket *so; 136 struct mbuf *opts; 137 138 INP_LOCK_ASSERT(inp); 139 140#ifdef IPSEC 141 /* Check AH/ESP integrity. */ 142 if (ipsec6_in_reject(n, inp)) { 143 INIT_VNET_IPSEC(inp->inp_vnet); 144 m_freem(n); 145 V_ipsec6stat.in_polvio++; 146 return; 147 } 148#endif /* IPSEC */ 149#ifdef MAC 150 if (mac_inpcb_check_deliver(inp, n) != 0) { 151 m_freem(n); 152 return; 153 } 154#endif 155 opts = NULL; 156 if (inp->inp_flags & INP_CONTROLOPTS || 157 inp->inp_socket->so_options & SO_TIMESTAMP) 158 ip6_savecontrol(inp, n, &opts); 159 m_adj(n, off + sizeof(struct udphdr)); 160 161 so = inp->inp_socket; 162 SOCKBUF_LOCK(&so->so_rcv); 163 if (sbappendaddr_locked(&so->so_rcv, (struct sockaddr *)fromsa, n, 164 opts) == 0) { 165 SOCKBUF_UNLOCK(&so->so_rcv); 166 m_freem(n); 167 if (opts) 168 m_freem(opts); 169 V_udpstat.udps_fullsock++; 170 } else 171 sorwakeup_locked(so); 172} 173 174int 175udp6_input(struct mbuf **mp, int *offp, int proto) 176{ 177 INIT_VNET_INET(curvnet); 178 INIT_VNET_INET6(curvnet); 179 struct mbuf *m = *mp; 180 struct ip6_hdr *ip6; 181 struct udphdr *uh; 182 struct inpcb *inp; 183 int off = *offp; 184 int plen, ulen; 185 struct sockaddr_in6 fromsa; 186 187 ip6 = mtod(m, struct ip6_hdr *); 188 189 if (faithprefix_p != NULL && (*faithprefix_p)(&ip6->ip6_dst)) { 190 /* XXX send icmp6 host/port unreach? */ 191 m_freem(m); 192 return (IPPROTO_DONE); 193 } 194 195#ifndef PULLDOWN_TEST 196 IP6_EXTHDR_CHECK(m, off, sizeof(struct udphdr), IPPROTO_DONE); 197 ip6 = mtod(m, struct ip6_hdr *); 198 uh = (struct udphdr *)((caddr_t)ip6 + off); 199#else 200 IP6_EXTHDR_GET(uh, struct udphdr *, m, off, sizeof(*uh)); 201 if (!uh) 202 return (IPPROTO_DONE); 203#endif 204 205 V_udpstat.udps_ipackets++; 206 207 /* 208 * Destination port of 0 is illegal, based on RFC768. 209 */ 210 if (uh->uh_dport == 0) 211 goto badunlocked; 212 213 plen = ntohs(ip6->ip6_plen) - off + sizeof(*ip6); 214 ulen = ntohs((u_short)uh->uh_ulen); 215 216 if (plen != ulen) { 217 V_udpstat.udps_badlen++; 218 goto badunlocked; 219 } 220 221 /* 222 * Checksum extended UDP header and data. 223 */ 224 if (uh->uh_sum == 0) { 225 V_udpstat.udps_nosum++; 226 goto badunlocked; 227 } 228 if (in6_cksum(m, IPPROTO_UDP, off, ulen) != 0) { 229 V_udpstat.udps_badsum++; 230 goto badunlocked; 231 } 232 233 /* 234 * Construct sockaddr format source address. 235 */ 236 init_sin6(&fromsa, m); 237 fromsa.sin6_port = uh->uh_sport; 238 239 INP_INFO_RLOCK(&V_udbinfo); 240 if (IN6_IS_ADDR_MULTICAST(&ip6->ip6_dst)) { 241 struct inpcb *last; 242 243 /* 244 * In the event that laddr should be set to the link-local 245 * address (this happens in RIPng), the multicast address 246 * specified in the received packet will not match laddr. To 247 * handle this situation, matching is relaxed if the 248 * receiving interface is the same as one specified in the 249 * socket and if the destination multicast address matches 250 * one of the multicast groups specified in the socket. 251 */ 252 253 /* 254 * KAME note: traditionally we dropped udpiphdr from mbuf 255 * here. We need udphdr for IPsec processing so we do that 256 * later. 257 */ 258 last = NULL; 259 LIST_FOREACH(inp, &V_udb, inp_list) { 260 if ((inp->inp_vflag & INP_IPV6) == 0) 261 continue; 262 if (inp->inp_lport != uh->uh_dport) 263 continue; 264 /* 265 * XXX: Do not check source port of incoming datagram 266 * unless inp_connect() has been called to bind the 267 * fport part of the 4-tuple; the source could be 268 * trying to talk to us with an ephemeral port. 269 */ 270 if (inp->inp_fport != 0 && 271 inp->inp_fport != uh->uh_sport) 272 continue; 273 if (!IN6_IS_ADDR_UNSPECIFIED(&inp->in6p_laddr)) { 274 if (!IN6_ARE_ADDR_EQUAL(&inp->in6p_laddr, 275 &ip6->ip6_dst)) 276 continue; 277 } 278 if (!IN6_IS_ADDR_UNSPECIFIED(&inp->in6p_faddr)) { 279 if (!IN6_ARE_ADDR_EQUAL(&inp->in6p_faddr, 280 &ip6->ip6_src) || 281 inp->inp_fport != uh->uh_sport) 282 continue; 283 } 284 285 if (last != NULL) { 286 struct mbuf *n; 287 288 if ((n = m_copy(m, 0, M_COPYALL)) != NULL) { 289 INP_RLOCK(last); 290 if (last->inp_ppcb != NULL) { 291 /* 292 * Engage the tunneling 293 * protocol we will have to 294 * leave the info_lock up, 295 * since we are hunting 296 * through multiple UDP 297 * inp's hope we don't break. 298 * 299 */ 300 udp_tun_func_t tunnel_func; 301 302 tunnel_func = (udp_tun_func_t)last->inp_ppcb; 303 tunnel_func(n, off, last); 304 INP_RUNLOCK(last); 305 } else { 306 udp6_append(last, n, off, &fromsa); 307 INP_RUNLOCK(last); 308 } 309 } 310 } 311 last = inp; 312 /* 313 * Don't look for additional matches if this one does 314 * not have either the SO_REUSEPORT or SO_REUSEADDR 315 * socket options set. This heuristic avoids 316 * searching through all pcbs in the common case of a 317 * non-shared port. It assumes that an application 318 * will never clear these options after setting them. 319 */ 320 if ((last->inp_socket->so_options & 321 (SO_REUSEPORT|SO_REUSEADDR)) == 0) 322 break; 323 } 324 325 if (last == NULL) { 326 /* 327 * No matching pcb found; discard datagram. (No need 328 * to send an ICMP Port Unreachable for a broadcast 329 * or multicast datgram.) 330 */ 331 V_udpstat.udps_noport++; 332 V_udpstat.udps_noportmcast++; 333 goto badheadlocked; 334 } 335 INP_RLOCK(last); 336 INP_INFO_RUNLOCK(&V_udbinfo); 337 if (last->inp_ppcb != NULL) { 338 /* 339 * Engage the tunneling protocol we must make sure 340 * all locks are released when we call the tunneling 341 * protocol. 342 */ 343 udp_tun_func_t tunnel_func; 344 345 tunnel_func = (udp_tun_func_t)inp->inp_ppcb; 346 tunnel_func(m, off, last); 347 INP_RUNLOCK(last); 348 return (IPPROTO_DONE); 349 } 350 udp6_append(last, m, off, &fromsa); 351 INP_RUNLOCK(last); 352 return (IPPROTO_DONE); 353 } 354 /* 355 * Locate pcb for datagram. 356 */ 357 inp = in6_pcblookup_hash(&V_udbinfo, &ip6->ip6_src, uh->uh_sport, 358 &ip6->ip6_dst, uh->uh_dport, 1, m->m_pkthdr.rcvif); 359 if (inp == NULL) { 360 if (udp_log_in_vain) { 361 char ip6bufs[INET6_ADDRSTRLEN]; 362 char ip6bufd[INET6_ADDRSTRLEN]; 363 364 log(LOG_INFO, 365 "Connection attempt to UDP [%s]:%d from [%s]:%d\n", 366 ip6_sprintf(ip6bufd, &ip6->ip6_dst), 367 ntohs(uh->uh_dport), 368 ip6_sprintf(ip6bufs, &ip6->ip6_src), 369 ntohs(uh->uh_sport)); 370 } 371 V_udpstat.udps_noport++; 372 if (m->m_flags & M_MCAST) { 373 printf("UDP6: M_MCAST is set in a unicast packet.\n"); 374 V_udpstat.udps_noportmcast++; 375 goto badheadlocked; 376 } 377 INP_INFO_RUNLOCK(&V_udbinfo); 378 if (V_udp_blackhole) 379 goto badunlocked; 380 if (badport_bandlim(BANDLIM_ICMP6_UNREACH) < 0) 381 goto badunlocked; 382 icmp6_error(m, ICMP6_DST_UNREACH, ICMP6_DST_UNREACH_NOPORT, 0); 383 return (IPPROTO_DONE); 384 } 385 INP_RLOCK(inp); 386 INP_INFO_RUNLOCK(&V_udbinfo); 387 if (inp->inp_ppcb != NULL) { 388 /* 389 * Engage the tunneling protocol we must make sure all locks 390 * are released when we call the tunneling protocol. 391 */ 392 udp_tun_func_t tunnel_func; 393 394 tunnel_func = (udp_tun_func_t)inp->inp_ppcb; 395 tunnel_func(m, off, inp); 396 INP_RUNLOCK(inp); 397 return (IPPROTO_DONE); 398 } 399 udp6_append(inp, m, off, &fromsa); 400 INP_RUNLOCK(inp); 401 return (IPPROTO_DONE); 402 403badheadlocked: 404 INP_INFO_RUNLOCK(&V_udbinfo); 405badunlocked: 406 if (m) 407 m_freem(m); 408 return (IPPROTO_DONE); 409} 410 411void 412udp6_ctlinput(int cmd, struct sockaddr *sa, void *d) 413{ 414 INIT_VNET_INET(curvnet); 415 struct udphdr uh; 416 struct ip6_hdr *ip6; 417 struct mbuf *m; 418 int off = 0; 419 struct ip6ctlparam *ip6cp = NULL; 420 const struct sockaddr_in6 *sa6_src = NULL; 421 void *cmdarg; 422 struct inpcb *(*notify)(struct inpcb *, int) = udp_notify; 423 struct udp_portonly { 424 u_int16_t uh_sport; 425 u_int16_t uh_dport; 426 } *uhp; 427 428 if (sa->sa_family != AF_INET6 || 429 sa->sa_len != sizeof(struct sockaddr_in6)) 430 return; 431 432 if ((unsigned)cmd >= PRC_NCMDS) 433 return; 434 if (PRC_IS_REDIRECT(cmd)) 435 notify = in6_rtchange, d = NULL; 436 else if (cmd == PRC_HOSTDEAD) 437 d = NULL; 438 else if (inet6ctlerrmap[cmd] == 0) 439 return; 440 441 /* if the parameter is from icmp6, decode it. */ 442 if (d != NULL) { 443 ip6cp = (struct ip6ctlparam *)d; 444 m = ip6cp->ip6c_m; 445 ip6 = ip6cp->ip6c_ip6; 446 off = ip6cp->ip6c_off; 447 cmdarg = ip6cp->ip6c_cmdarg; 448 sa6_src = ip6cp->ip6c_src; 449 } else { 450 m = NULL; 451 ip6 = NULL; 452 cmdarg = NULL; 453 sa6_src = &sa6_any; 454 } 455 456 if (ip6) { 457 /* 458 * XXX: We assume that when IPV6 is non NULL, 459 * M and OFF are valid. 460 */ 461 462 /* Check if we can safely examine src and dst ports. */ 463 if (m->m_pkthdr.len < off + sizeof(*uhp)) 464 return; 465 466 bzero(&uh, sizeof(uh)); 467 m_copydata(m, off, sizeof(*uhp), (caddr_t)&uh); 468 469 (void) in6_pcbnotify(&V_udbinfo, sa, uh.uh_dport, 470 (struct sockaddr *)ip6cp->ip6c_src, uh.uh_sport, cmd, 471 cmdarg, notify); 472 } else 473 (void) in6_pcbnotify(&V_udbinfo, sa, 0, 474 (const struct sockaddr *)sa6_src, 0, cmd, cmdarg, notify); 475} 476 477static int 478udp6_getcred(SYSCTL_HANDLER_ARGS) 479{ 480 INIT_VNET_INET(curvnet); 481 INIT_VNET_INET6(curvnet); 482 struct xucred xuc; 483 struct sockaddr_in6 addrs[2]; 484 struct inpcb *inp; 485 int error; 486 487 error = priv_check(req->td, PRIV_NETINET_GETCRED); 488 if (error) 489 return (error); 490 491 if (req->newlen != sizeof(addrs)) 492 return (EINVAL); 493 if (req->oldlen != sizeof(struct xucred)) 494 return (EINVAL); 495 error = SYSCTL_IN(req, addrs, sizeof(addrs)); 496 if (error) 497 return (error); 498 if ((error = sa6_embedscope(&addrs[0], V_ip6_use_defzone)) != 0 || 499 (error = sa6_embedscope(&addrs[1], V_ip6_use_defzone)) != 0) { 500 return (error); 501 } 502 INP_INFO_RLOCK(&V_udbinfo); 503 inp = in6_pcblookup_hash(&V_udbinfo, &addrs[1].sin6_addr, 504 addrs[1].sin6_port, &addrs[0].sin6_addr, addrs[0].sin6_port, 1, 505 NULL); 506 if (inp != NULL) { 507 INP_RLOCK(inp); 508 INP_INFO_RUNLOCK(&V_udbinfo); 509 if (inp->inp_socket == NULL) 510 error = ENOENT; 511 if (error == 0) 512 error = cr_canseesocket(req->td->td_ucred, 513 inp->inp_socket); 514 if (error == 0) 515 cru2x(inp->inp_cred, &xuc); 516 INP_RUNLOCK(inp); 517 } else { 518 INP_INFO_RUNLOCK(&V_udbinfo); 519 error = ENOENT; 520 } 521 if (error == 0) 522 error = SYSCTL_OUT(req, &xuc, sizeof(struct xucred)); 523 return (error); 524} 525 526SYSCTL_PROC(_net_inet6_udp6, OID_AUTO, getcred, CTLTYPE_OPAQUE|CTLFLAG_RW, 0, 527 0, udp6_getcred, "S,xucred", "Get the xucred of a UDP6 connection"); 528 529static int 530udp6_output(struct inpcb *inp, struct mbuf *m, struct sockaddr *addr6, 531 struct mbuf *control, struct thread *td) 532{ 533 INIT_VNET_INET(curvnet); 534 INIT_VNET_INET6(curvnet); 535 u_int32_t ulen = m->m_pkthdr.len; 536 u_int32_t plen = sizeof(struct udphdr) + ulen; 537 struct ip6_hdr *ip6; 538 struct udphdr *udp6; 539 struct in6_addr *laddr, *faddr; 540 struct sockaddr_in6 *sin6 = NULL; 541 struct ifnet *oifp = NULL; 542 int scope_ambiguous = 0; 543 u_short fport; 544 int error = 0; 545 struct ip6_pktopts *optp, opt; 546 int af = AF_INET6, hlen = sizeof(struct ip6_hdr); 547 int flags; 548 struct sockaddr_in6 tmp; 549 550 INP_WLOCK_ASSERT(inp); 551 552 if (addr6) { 553 /* addr6 has been validated in udp6_send(). */ 554 sin6 = (struct sockaddr_in6 *)addr6; 555 556 /* protect *sin6 from overwrites */ 557 tmp = *sin6; 558 sin6 = &tmp; 559 560 /* 561 * Application should provide a proper zone ID or the use of 562 * default zone IDs should be enabled. Unfortunately, some 563 * applications do not behave as it should, so we need a 564 * workaround. Even if an appropriate ID is not determined, 565 * we'll see if we can determine the outgoing interface. If we 566 * can, determine the zone ID based on the interface below. 567 */ 568 if (sin6->sin6_scope_id == 0 && !V_ip6_use_defzone) 569 scope_ambiguous = 1; 570 if ((error = sa6_embedscope(sin6, V_ip6_use_defzone)) != 0) 571 return (error); 572 } 573 574 if (control) { 575 if ((error = ip6_setpktopts(control, &opt, 576 inp->in6p_outputopts, td->td_ucred, IPPROTO_UDP)) != 0) 577 goto release; 578 optp = &opt; 579 } else 580 optp = inp->in6p_outputopts; 581 582 if (sin6) { 583 faddr = &sin6->sin6_addr; 584 585 /* 586 * IPv4 version of udp_output calls in_pcbconnect in this case, 587 * which needs splnet and affects performance. 588 * Since we saw no essential reason for calling in_pcbconnect, 589 * we get rid of such kind of logic, and call in6_selectsrc 590 * and in6_pcbsetport in order to fill in the local address 591 * and the local port. 592 */ 593 if (sin6->sin6_port == 0) { 594 error = EADDRNOTAVAIL; 595 goto release; 596 } 597 598 if (!IN6_IS_ADDR_UNSPECIFIED(&inp->in6p_faddr)) { 599 /* how about ::ffff:0.0.0.0 case? */ 600 error = EISCONN; 601 goto release; 602 } 603 604 fport = sin6->sin6_port; /* allow 0 port */ 605 606 if (IN6_IS_ADDR_V4MAPPED(faddr)) { 607 if ((inp->inp_flags & IN6P_IPV6_V6ONLY)) { 608 /* 609 * I believe we should explicitly discard the 610 * packet when mapped addresses are disabled, 611 * rather than send the packet as an IPv6 one. 612 * If we chose the latter approach, the packet 613 * might be sent out on the wire based on the 614 * default route, the situation which we'd 615 * probably want to avoid. 616 * (20010421 jinmei@kame.net) 617 */ 618 error = EINVAL; 619 goto release; 620 } 621 if (!IN6_IS_ADDR_UNSPECIFIED(&inp->in6p_laddr) && 622 !IN6_IS_ADDR_V4MAPPED(&inp->in6p_laddr)) { 623 /* 624 * when remote addr is an IPv4-mapped address, 625 * local addr should not be an IPv6 address, 626 * since you cannot determine how to map IPv6 627 * source address to IPv4. 628 */ 629 error = EINVAL; 630 goto release; 631 } 632 633 af = AF_INET; 634 } 635 636 if (!IN6_IS_ADDR_V4MAPPED(faddr)) { 637 laddr = in6_selectsrc(sin6, optp, inp, NULL, 638 td->td_ucred, &oifp, &error); 639 if (oifp && scope_ambiguous && 640 (error = in6_setscope(&sin6->sin6_addr, 641 oifp, NULL))) { 642 goto release; 643 } 644 } else 645 laddr = &inp->in6p_laddr; /* XXX */ 646 if (laddr == NULL) { 647 if (error == 0) 648 error = EADDRNOTAVAIL; 649 goto release; 650 } 651 if (inp->inp_lport == 0 && 652 (error = in6_pcbsetport(laddr, inp, td->td_ucred)) != 0) 653 goto release; 654 } else { 655 if (IN6_IS_ADDR_UNSPECIFIED(&inp->in6p_faddr)) { 656 error = ENOTCONN; 657 goto release; 658 } 659 if (IN6_IS_ADDR_V4MAPPED(&inp->in6p_faddr)) { 660 if ((inp->inp_flags & IN6P_IPV6_V6ONLY)) { 661 /* 662 * XXX: this case would happen when the 663 * application sets the V6ONLY flag after 664 * connecting the foreign address. 665 * Such applications should be fixed, 666 * so we bark here. 667 */ 668 log(LOG_INFO, "udp6_output: IPV6_V6ONLY " 669 "option was set for a connected socket\n"); 670 error = EINVAL; 671 goto release; 672 } else 673 af = AF_INET; 674 } 675 laddr = &inp->in6p_laddr; 676 faddr = &inp->in6p_faddr; 677 fport = inp->inp_fport; 678 } 679 680 if (af == AF_INET) 681 hlen = sizeof(struct ip); 682 683 /* 684 * Calculate data length and get a mbuf 685 * for UDP and IP6 headers. 686 */ 687 M_PREPEND(m, hlen + sizeof(struct udphdr), M_DONTWAIT); 688 if (m == 0) { 689 error = ENOBUFS; 690 goto release; 691 } 692 693 /* 694 * Stuff checksum and output datagram. 695 */ 696 udp6 = (struct udphdr *)(mtod(m, caddr_t) + hlen); 697 udp6->uh_sport = inp->inp_lport; /* lport is always set in the PCB */ 698 udp6->uh_dport = fport; 699 if (plen <= 0xffff) 700 udp6->uh_ulen = htons((u_short)plen); 701 else 702 udp6->uh_ulen = 0; 703 udp6->uh_sum = 0; 704 705 switch (af) { 706 case AF_INET6: 707 ip6 = mtod(m, struct ip6_hdr *); 708 ip6->ip6_flow = inp->inp_flow & IPV6_FLOWINFO_MASK; 709 ip6->ip6_vfc &= ~IPV6_VERSION_MASK; 710 ip6->ip6_vfc |= IPV6_VERSION; 711#if 0 /* ip6_plen will be filled in ip6_output. */ 712 ip6->ip6_plen = htons((u_short)plen); 713#endif 714 ip6->ip6_nxt = IPPROTO_UDP; 715 ip6->ip6_hlim = in6_selecthlim(inp, NULL); 716 ip6->ip6_src = *laddr; 717 ip6->ip6_dst = *faddr; 718 719 if ((udp6->uh_sum = in6_cksum(m, IPPROTO_UDP, 720 sizeof(struct ip6_hdr), plen)) == 0) { 721 udp6->uh_sum = 0xffff; 722 } 723 724 flags = 0; 725 726 V_udpstat.udps_opackets++; 727 error = ip6_output(m, optp, NULL, flags, inp->in6p_moptions, 728 NULL, inp); 729 break; 730 case AF_INET: 731 error = EAFNOSUPPORT; 732 goto release; 733 } 734 goto releaseopt; 735 736release: 737 m_freem(m); 738 739releaseopt: 740 if (control) { 741 ip6_clearpktopts(&opt, -1); 742 m_freem(control); 743 } 744 return (error); 745} 746 747static void 748udp6_abort(struct socket *so) 749{ 750 INIT_VNET_INET(so->so_vnet); 751 struct inpcb *inp; 752 753 inp = sotoinpcb(so); 754 KASSERT(inp != NULL, ("udp6_abort: inp == NULL")); 755 756#ifdef INET 757 if (inp->inp_vflag & INP_IPV4) { 758 struct pr_usrreqs *pru; 759 760 pru = inetsw[ip_protox[IPPROTO_UDP]].pr_usrreqs; 761 (*pru->pru_abort)(so); 762 return; 763 } 764#endif 765 766 INP_INFO_WLOCK(&V_udbinfo); 767 INP_WLOCK(inp); 768 if (!IN6_IS_ADDR_UNSPECIFIED(&inp->in6p_faddr)) { 769 in6_pcbdisconnect(inp); 770 inp->in6p_laddr = in6addr_any; 771 soisdisconnected(so); 772 } 773 INP_WUNLOCK(inp); 774 INP_INFO_WUNLOCK(&V_udbinfo); 775} 776 777static int 778udp6_attach(struct socket *so, int proto, struct thread *td) 779{ 780 INIT_VNET_INET(so->so_vnet); 781 struct inpcb *inp; 782 int error; 783 784 inp = sotoinpcb(so); 785 KASSERT(inp == NULL, ("udp6_attach: inp != NULL")); 786 787 if (so->so_snd.sb_hiwat == 0 || so->so_rcv.sb_hiwat == 0) { 788 error = soreserve(so, udp_sendspace, udp_recvspace); 789 if (error) 790 return (error); 791 } 792 INP_INFO_WLOCK(&V_udbinfo); 793 error = in_pcballoc(so, &V_udbinfo); 794 if (error) { 795 INP_INFO_WUNLOCK(&V_udbinfo); 796 return (error); 797 } 798 inp = (struct inpcb *)so->so_pcb; 799 INP_INFO_WUNLOCK(&V_udbinfo); 800 inp->inp_vflag |= INP_IPV6; 801 if ((inp->inp_flags & IN6P_IPV6_V6ONLY) == 0) 802 inp->inp_vflag |= INP_IPV4; 803 inp->in6p_hops = -1; /* use kernel default */ 804 inp->in6p_cksum = -1; /* just to be sure */ 805 /* 806 * XXX: ugly!! 807 * IPv4 TTL initialization is necessary for an IPv6 socket as well, 808 * because the socket may be bound to an IPv6 wildcard address, 809 * which may match an IPv4-mapped IPv6 address. 810 */ 811 inp->inp_ip_ttl = V_ip_defttl; 812 INP_WUNLOCK(inp); 813 return (0); 814} 815 816static int 817udp6_bind(struct socket *so, struct sockaddr *nam, struct thread *td) 818{ 819 INIT_VNET_INET(so->so_vnet); 820 struct inpcb *inp; 821 int error; 822 823 inp = sotoinpcb(so); 824 KASSERT(inp != NULL, ("udp6_bind: inp == NULL")); 825 826 INP_INFO_WLOCK(&V_udbinfo); 827 INP_WLOCK(inp); 828 inp->inp_vflag &= ~INP_IPV4; 829 inp->inp_vflag |= INP_IPV6; 830 if ((inp->inp_flags & IN6P_IPV6_V6ONLY) == 0) { 831 struct sockaddr_in6 *sin6_p; 832 833 sin6_p = (struct sockaddr_in6 *)nam; 834 835 if (IN6_IS_ADDR_UNSPECIFIED(&sin6_p->sin6_addr)) 836 inp->inp_vflag |= INP_IPV4; 837 else if (IN6_IS_ADDR_V4MAPPED(&sin6_p->sin6_addr)) { 838 struct sockaddr_in sin; 839 840 in6_sin6_2_sin(&sin, sin6_p); 841 inp->inp_vflag |= INP_IPV4; 842 inp->inp_vflag &= ~INP_IPV6; 843 error = in_pcbbind(inp, (struct sockaddr *)&sin, 844 td->td_ucred); 845 goto out; 846 } 847 } 848 849 error = in6_pcbbind(inp, nam, td->td_ucred); 850out: 851 INP_WUNLOCK(inp); 852 INP_INFO_WUNLOCK(&V_udbinfo); 853 return (error); 854} 855 856static void 857udp6_close(struct socket *so) 858{ 859 INIT_VNET_INET(so->so_vnet); 860 struct inpcb *inp; 861 862 inp = sotoinpcb(so); 863 KASSERT(inp != NULL, ("udp6_close: inp == NULL")); 864 865#ifdef INET 866 if (inp->inp_vflag & INP_IPV4) { 867 struct pr_usrreqs *pru; 868 869 pru = inetsw[ip_protox[IPPROTO_UDP]].pr_usrreqs; 870 (*pru->pru_disconnect)(so); 871 return; 872 } 873#endif 874 INP_INFO_WLOCK(&V_udbinfo); 875 INP_WLOCK(inp); 876 if (!IN6_IS_ADDR_UNSPECIFIED(&inp->in6p_faddr)) { 877 in6_pcbdisconnect(inp); 878 inp->in6p_laddr = in6addr_any; 879 soisdisconnected(so); 880 } 881 INP_WUNLOCK(inp); 882 INP_INFO_WUNLOCK(&V_udbinfo); 883} 884 885static int 886udp6_connect(struct socket *so, struct sockaddr *nam, struct thread *td) 887{ 888 INIT_VNET_INET(so->so_vnet); 889 struct inpcb *inp; 890 int error; 891 892 inp = sotoinpcb(so); 893 KASSERT(inp != NULL, ("udp6_connect: inp == NULL")); 894 895 INP_INFO_WLOCK(&V_udbinfo); 896 INP_WLOCK(inp); 897 if ((inp->inp_flags & IN6P_IPV6_V6ONLY) == 0) { 898 struct sockaddr_in6 *sin6_p; 899 900 sin6_p = (struct sockaddr_in6 *)nam; 901 if (IN6_IS_ADDR_V4MAPPED(&sin6_p->sin6_addr)) { 902 struct sockaddr_in sin; 903 904 if (inp->inp_faddr.s_addr != INADDR_ANY) { 905 error = EISCONN; 906 goto out; 907 } 908 in6_sin6_2_sin(&sin, sin6_p); 909 if (td && jailed(td->td_ucred)) 910 if (prison_remote_ip4(td->td_ucred, 911 &sin.sin_addr) != 0) { 912 error = EAFNOSUPPORT; 913 goto out; 914 } 915 error = in_pcbconnect(inp, (struct sockaddr *)&sin, 916 td->td_ucred); 917 if (error == 0) { 918 inp->inp_vflag |= INP_IPV4; 919 inp->inp_vflag &= ~INP_IPV6; 920 soisconnected(so); 921 } 922 goto out; 923 } 924 } 925 if (!IN6_IS_ADDR_UNSPECIFIED(&inp->in6p_faddr)) { 926 error = EISCONN; 927 goto out; 928 } 929 if (td && jailed(td->td_ucred)) { 930 struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)nam; 931 if (prison_remote_ip6(td->td_ucred, &sin6->sin6_addr) != 0) { 932 error = EAFNOSUPPORT; 933 goto out; 934 } 935 } 936 error = in6_pcbconnect(inp, nam, td->td_ucred); 937 if (error == 0) { 938 if ((inp->inp_flags & IN6P_IPV6_V6ONLY) == 0) { 939 /* should be non mapped addr */ 940 inp->inp_vflag &= ~INP_IPV4; 941 inp->inp_vflag |= INP_IPV6; 942 } 943 soisconnected(so); 944 } 945out: 946 INP_WUNLOCK(inp); 947 INP_INFO_WUNLOCK(&V_udbinfo); 948 return (error); 949} 950 951static void 952udp6_detach(struct socket *so) 953{ 954 INIT_VNET_INET(so->so_vnet); 955 struct inpcb *inp; 956 957 inp = sotoinpcb(so); 958 KASSERT(inp != NULL, ("udp6_detach: inp == NULL")); 959 960 INP_INFO_WLOCK(&V_udbinfo); 961 INP_WLOCK(inp); 962 in_pcbdetach(inp); 963 in_pcbfree(inp); 964 INP_INFO_WUNLOCK(&V_udbinfo); 965} 966 967static int 968udp6_disconnect(struct socket *so) 969{ 970 INIT_VNET_INET(so->so_vnet); 971 struct inpcb *inp; 972 int error; 973 974 inp = sotoinpcb(so); 975 KASSERT(inp != NULL, ("udp6_disconnect: inp == NULL")); 976 977 INP_INFO_WLOCK(&V_udbinfo); 978 INP_WLOCK(inp); 979 980#ifdef INET 981 if (inp->inp_vflag & INP_IPV4) { 982 struct pr_usrreqs *pru; 983 984 pru = inetsw[ip_protox[IPPROTO_UDP]].pr_usrreqs; 985 error = (*pru->pru_disconnect)(so); 986 goto out; 987 } 988#endif 989 990 if (IN6_IS_ADDR_UNSPECIFIED(&inp->in6p_faddr)) { 991 error = ENOTCONN; 992 goto out; 993 } 994 995 in6_pcbdisconnect(inp); 996 inp->in6p_laddr = in6addr_any; 997 SOCK_LOCK(so); 998 so->so_state &= ~SS_ISCONNECTED; /* XXX */ 999 SOCK_UNLOCK(so); 1000out: 1001 INP_WUNLOCK(inp); 1002 INP_INFO_WUNLOCK(&V_udbinfo); 1003 return (0); 1004} 1005 1006static int 1007udp6_send(struct socket *so, int flags, struct mbuf *m, 1008 struct sockaddr *addr, struct mbuf *control, struct thread *td) 1009{ 1010 INIT_VNET_INET(so->so_vnet); 1011 struct inpcb *inp; 1012 int error = 0; 1013 1014 inp = sotoinpcb(so); 1015 KASSERT(inp != NULL, ("udp6_send: inp == NULL")); 1016 1017 INP_INFO_WLOCK(&V_udbinfo); 1018 INP_WLOCK(inp); 1019 if (addr) { 1020 if (addr->sa_len != sizeof(struct sockaddr_in6)) { 1021 error = EINVAL; 1022 goto bad; 1023 } 1024 if (addr->sa_family != AF_INET6) { 1025 error = EAFNOSUPPORT; 1026 goto bad; 1027 } 1028 } 1029 1030#ifdef INET 1031 if ((inp->inp_flags & IN6P_IPV6_V6ONLY) == 0) { 1032 int hasv4addr; 1033 struct sockaddr_in6 *sin6 = 0; 1034 1035 if (addr == 0) 1036 hasv4addr = (inp->inp_vflag & INP_IPV4); 1037 else { 1038 sin6 = (struct sockaddr_in6 *)addr; 1039 hasv4addr = IN6_IS_ADDR_V4MAPPED(&sin6->sin6_addr) 1040 ? 1 : 0; 1041 } 1042 if (hasv4addr) { 1043 struct pr_usrreqs *pru; 1044 1045 if (!IN6_IS_ADDR_UNSPECIFIED(&inp->in6p_laddr) && 1046 !IN6_IS_ADDR_V4MAPPED(&inp->in6p_laddr)) { 1047 /* 1048 * When remote addr is IPv4-mapped address, 1049 * local addr should not be an IPv6 address; 1050 * since you cannot determine how to map IPv6 1051 * source address to IPv4. 1052 */ 1053 error = EINVAL; 1054 goto out; 1055 } 1056 1057 /* 1058 * XXXRW: We release UDP-layer locks before calling 1059 * udp_send() in order to avoid recursion. However, 1060 * this does mean there is a short window where inp's 1061 * fields are unstable. Could this lead to a 1062 * potential race in which the factors causing us to 1063 * select the UDPv4 output routine are invalidated? 1064 */ 1065 INP_WUNLOCK(inp); 1066 INP_INFO_WUNLOCK(&V_udbinfo); 1067 if (sin6) 1068 in6_sin6_2_sin_in_sock(addr); 1069 pru = inetsw[ip_protox[IPPROTO_UDP]].pr_usrreqs; 1070 /* addr will just be freed in sendit(). */ 1071 return ((*pru->pru_send)(so, flags, m, addr, control, 1072 td)); 1073 } 1074 } 1075#endif 1076#ifdef MAC 1077 mac_inpcb_create_mbuf(inp, m); 1078#endif 1079 error = udp6_output(inp, m, addr, control, td); 1080out: 1081 INP_WUNLOCK(inp); 1082 INP_INFO_WUNLOCK(&V_udbinfo); 1083 return (error); 1084 1085bad: 1086 INP_WUNLOCK(inp); 1087 INP_INFO_WUNLOCK(&V_udbinfo); 1088 m_freem(m); 1089 return (error); 1090} 1091 1092struct pr_usrreqs udp6_usrreqs = { 1093 .pru_abort = udp6_abort, 1094 .pru_attach = udp6_attach, 1095 .pru_bind = udp6_bind, 1096 .pru_connect = udp6_connect, 1097 .pru_control = in6_control, 1098 .pru_detach = udp6_detach, 1099 .pru_disconnect = udp6_disconnect, 1100 .pru_peeraddr = in6_mapped_peeraddr, 1101 .pru_send = udp6_send, 1102 .pru_shutdown = udp_shutdown, 1103 .pru_sockaddr = in6_mapped_sockaddr, 1104 .pru_soreceive = soreceive_dgram, 1105 .pru_sosend = sosend_dgram, 1106 .pru_sosetlabel = in_pcbsosetlabel, 1107 .pru_close = udp6_close 1108}; 1109