ip_divert.c revision 32350 
1/*
2 * Copyright (c) 1982, 1986, 1988, 1993
3 *	The Regents of the University of California.  All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 * 1. Redistributions of source code must retain the above copyright
9 *    notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 *    notice, this list of conditions and the following disclaimer in the
12 *    documentation and/or other materials provided with the distribution.
13 * 3. All advertising materials mentioning features or use of this software
14 *    must display the following acknowledgement:
15 *	This product includes software developed by the University of
16 *	California, Berkeley and its contributors.
17 * 4. Neither the name of the University nor the names of its contributors
18 *    may be used to endorse or promote products derived from this software
19 *    without specific prior written permission.
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 * SUCH DAMAGE.
32 *
33 *	$Id: ip_divert.c,v 1.16 1997/12/18 09:13:34 davidg Exp $
34 */
35
36#include "opt_inet.h"
37
38#ifndef INET
39#error IPDIVERT requires INET.
40#endif
41
42#include <sys/param.h>
43#include <sys/malloc.h>
44#include <sys/mbuf.h>
45#include <sys/socket.h>
46#include <sys/protosw.h>
47#include <sys/socketvar.h>
48#include <sys/systm.h>
49#include <sys/proc.h>
50
51#include <net/if.h>
52#include <net/route.h>
53
54#include <netinet/in.h>
55#include <netinet/in_systm.h>
56#include <netinet/ip.h>
57#include <netinet/in_pcb.h>
58#include <netinet/in_var.h>
59#include <netinet/ip_var.h>
60
61/*
62 * Divert sockets
63 */
64
65/*
66 * Allocate enough space to hold a full IP packet
67 */
68#define	DIVSNDQ		(65536 + 100)
69#define	DIVRCVQ		(65536 + 100)
70
71/* Global variables */
72
73/*
74 * ip_input() and ip_output() set this secret value before calling us to
75 * let us know which divert port to divert a packet to; this is done so
76 * we can use the existing prototype for struct protosw's pr_input().
77 * This is stored in host order.
78 */
79u_short ip_divert_port;
80
81/*
82 * We set this value to a non-zero port number when we want the call to
83 * ip_fw_chk() in ip_input() or ip_output() to ignore ``divert <port>''
84 * chain entries. This is stored in host order.
85 */
86u_short ip_divert_ignore;
87
88/* Internal variables */
89
90static struct inpcbhead divcb;
91static struct inpcbinfo divcbinfo;
92
93static u_long	div_sendspace = DIVSNDQ;	/* XXX sysctl ? */
94static u_long	div_recvspace = DIVRCVQ;	/* XXX sysctl ? */
95
96/* Optimization: have this preinitialized */
97static struct sockaddr_in divsrc = { sizeof(divsrc), AF_INET };
98
99/* Internal functions */
100
101static int div_output(struct socket *so,
102		struct mbuf *m, struct sockaddr *addr, struct mbuf *control);
103
104/*
105 * Initialize divert connection block queue.
106 */
107void
108div_init(void)
109{
110	LIST_INIT(&divcb);
111	divcbinfo.listhead = &divcb;
112	/*
113	 * XXX We don't use the hash list for divert IP, but it's easier
114	 * to allocate a one entry hash list than it is to check all
115	 * over the place for hashbase == NULL.
116	 */
117	divcbinfo.hashbase = hashinit(1, M_PCB, &divcbinfo.hashmask);
118}
119
120/*
121 * Setup generic address and protocol structures
122 * for div_input routine, then pass them along with
123 * mbuf chain. ip->ip_len is assumed to have had
124 * the header length (hlen) subtracted out already.
125 * We tell whether the packet was incoming or outgoing
126 * by seeing if hlen == 0, which is a hack.
127 */
128void
129div_input(struct mbuf *m, int hlen)
130{
131	struct ip *ip;
132	struct inpcb *inp;
133	struct socket *sa;
134
135	/* Sanity check */
136	if (ip_divert_port == 0)
137		panic("div_input: port is 0");
138
139	/* Assure header */
140	if (m->m_len < sizeof(struct ip) &&
141	    (m = m_pullup(m, sizeof(struct ip))) == 0) {
142		return;
143	}
144	ip = mtod(m, struct ip *);
145
146	/* Record divert port */
147	divsrc.sin_port = htons(ip_divert_port);
148
149	/* Restore packet header fields */
150	ip->ip_len += hlen;
151	HTONS(ip->ip_len);
152	HTONS(ip->ip_off);
153
154	/* Record receive interface address, if any */
155	divsrc.sin_addr.s_addr = 0;
156	if (hlen) {
157		struct ifaddr *ifa;
158
159#ifdef DIAGNOSTIC
160		/* Sanity check */
161		if (!(m->m_flags & M_PKTHDR))
162			panic("div_input: no pkt hdr");
163#endif
164
165		/* More fields affected by ip_input() */
166		HTONS(ip->ip_id);
167
168		/* Find IP address for recieve interface */
169		for (ifa = m->m_pkthdr.rcvif->if_addrhead.tqh_first;
170		    ifa != NULL; ifa = ifa->ifa_link.tqe_next) {
171			if (ifa->ifa_addr == NULL)
172				continue;
173			if (ifa->ifa_addr->sa_family != AF_INET)
174				continue;
175			divsrc.sin_addr =
176			    ((struct sockaddr_in *) ifa->ifa_addr)->sin_addr;
177			break;
178		}
179	}
180
181	/* Put packet on socket queue, if any */
182	sa = NULL;
183	for (inp = divcb.lh_first; inp != NULL; inp = inp->inp_list.le_next) {
184		if (inp->inp_lport == htons(ip_divert_port))
185			sa = inp->inp_socket;
186	}
187	if (sa) {
188		if (sbappendaddr(&sa->so_rcv, (struct sockaddr *)&divsrc,
189				m, (struct mbuf *)0) == 0)
190			m_freem(m);
191		else
192			sorwakeup(sa);
193	} else {
194		m_freem(m);
195		ipstat.ips_noproto++;
196		ipstat.ips_delivered--;
197        }
198}
199
200/*
201 * Deliver packet back into the IP processing machinery.
202 *
203 * If no address specified, or address is 0.0.0.0, send to ip_output();
204 * otherwise, send to ip_input() and mark as having been received on
205 * the interface with that address.
206 *
207 * If no address specified, or dest port is 0, allow packet to divert
208 * back to this socket; otherwise, don't.
209 */
210static int
211div_output(so, m, addr, control)
212	struct socket *so;
213	register struct mbuf *m;
214	struct sockaddr *addr;
215	struct mbuf *control;
216{
217	register struct inpcb *const inp = sotoinpcb(so);
218	register struct ip *const ip = mtod(m, struct ip *);
219	struct sockaddr_in *sin = NULL;
220	int error = 0;
221
222	if (control)
223		m_freem(control);		/* XXX */
224	if (addr)
225		sin = (struct sockaddr_in *)addr;
226
227	/* Loopback avoidance option */
228	ip_divert_ignore = ntohs(inp->inp_lport);
229
230	/* Reinject packet into the system as incoming or outgoing */
231	if (!sin || sin->sin_addr.s_addr == 0) {
232		/* Don't allow both user specified and setsockopt options,
233		   and don't allow packet length sizes that will crash */
234		if (((ip->ip_hl != (sizeof (*ip) >> 2)) && inp->inp_options) ||
235		     ((u_short)ntohs(ip->ip_len) > m->m_pkthdr.len)) {
236			error = EINVAL;
237			goto cantsend;
238		}
239
240		/* Convert fields to host order for ip_output() */
241		NTOHS(ip->ip_len);
242		NTOHS(ip->ip_off);
243
244		/* Send packet to output processing */
245		ipstat.ips_rawout++;			/* XXX */
246		error = ip_output(m, inp->inp_options, &inp->inp_route,
247			(so->so_options & SO_DONTROUTE) |
248			IP_ALLOWBROADCAST | IP_RAWOUTPUT, inp->inp_moptions);
249	} else {
250		struct ifaddr *ifa;
251
252		/* Find receive interface with the given IP address */
253		sin->sin_port = 0;
254		if ((ifa = ifa_ifwithaddr((struct sockaddr *) sin)) == 0) {
255			error = EADDRNOTAVAIL;
256			goto cantsend;
257		}
258		m->m_pkthdr.rcvif = ifa->ifa_ifp;
259
260		/* Send packet to input processing */
261		ip_input(m);
262	}
263
264	/* Reset for next time (and other packets) */
265	ip_divert_ignore = 0;
266	return error;
267
268cantsend:
269	ip_divert_ignore = 0;
270	m_freem(m);
271	return error;
272}
273
274static int
275div_attach(struct socket *so, int proto, struct proc *p)
276{
277	struct inpcb *inp;
278	int error, s;
279
280	inp  = sotoinpcb(so);
281	if (inp)
282		panic("div_attach");
283	if (p && (error = suser(p->p_ucred, &p->p_acflag)) != 0)
284		return error;
285
286	s = splnet();
287	error = in_pcballoc(so, &divcbinfo, p);
288	splx(s);
289	if (error)
290		return error;
291	error = soreserve(so, div_sendspace, div_recvspace);
292	if (error)
293		return error;
294	inp = (struct inpcb *)so->so_pcb;
295	inp->inp_ip_p = proto;
296	inp->inp_flags |= INP_HDRINCL;
297	/* The socket is always "connected" because
298	   we always know "where" to send the packet */
299	so->so_state |= SS_ISCONNECTED;
300	return 0;
301}
302
303static int
304div_detach(struct socket *so)
305{
306	struct inpcb *inp;
307
308	inp = sotoinpcb(so);
309	if (inp == 0)
310		panic("div_detach");
311	in_pcbdetach(inp);
312	return 0;
313}
314
315static int
316div_abort(struct socket *so)
317{
318	soisdisconnected(so);
319	return div_detach(so);
320}
321
322static int
323div_disconnect(struct socket *so)
324{
325	if ((so->so_state & SS_ISCONNECTED) == 0)
326		return ENOTCONN;
327	return div_abort(so);
328}
329
330static int
331div_bind(struct socket *so, struct sockaddr *nam, struct proc *p)
332{
333	struct inpcb *inp;
334	int s;
335	int error;
336
337	s = splnet();
338	inp = sotoinpcb(so);
339	error = in_pcbbind(inp, nam, p);
340	splx(s);
341	return 0;
342}
343
344static int
345div_shutdown(struct socket *so)
346{
347	socantsendmore(so);
348	return 0;
349}
350
351static int
352div_send(struct socket *so, int flags, struct mbuf *m, struct sockaddr *nam,
353	 struct mbuf *control, struct proc *p)
354{
355	/* Packet must have a header (but that's about it) */
356	if (m->m_len < sizeof (struct ip) ||
357	    (m = m_pullup(m, sizeof (struct ip))) == 0) {
358		ipstat.ips_toosmall++;
359		m_freem(m);
360		return EINVAL;
361	}
362
363	/* Send packet */
364	return div_output(so, m, nam, control);
365}
366
367struct pr_usrreqs div_usrreqs = {
368	div_abort, pru_accept_notsupp, div_attach, div_bind,
369	pru_connect_notsupp, pru_connect2_notsupp, in_control, div_detach,
370	div_disconnect, pru_listen_notsupp, in_setpeeraddr, pru_rcvd_notsupp,
371	pru_rcvoob_notsupp, div_send, pru_sense_null, div_shutdown,
372	in_setsockaddr, sosend, soreceive, sopoll
373};
374