ip_divert.c revision 31838 
1/*
2 * Copyright (c) 1982, 1986, 1988, 1993
3 *	The Regents of the University of California.  All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 * 1. Redistributions of source code must retain the above copyright
9 *    notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 *    notice, this list of conditions and the following disclaimer in the
12 *    documentation and/or other materials provided with the distribution.
13 * 3. All advertising materials mentioning features or use of this software
14 *    must display the following acknowledgement:
15 *	This product includes software developed by the University of
16 *	California, Berkeley and its contributors.
17 * 4. Neither the name of the University nor the names of its contributors
18 *    may be used to endorse or promote products derived from this software
19 *    without specific prior written permission.
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 * SUCH DAMAGE.
32 *
33 *	$Id: ip_divert.c,v 1.15 1997/09/14 03:10:39 peter Exp $
34 */
35
36#include <sys/param.h>
37#include <sys/malloc.h>
38#include <sys/mbuf.h>
39#include <sys/socket.h>
40#include <sys/protosw.h>
41#include <sys/socketvar.h>
42#include <sys/systm.h>
43#include <sys/proc.h>
44
45#include <net/if.h>
46#include <net/route.h>
47
48#include <netinet/in.h>
49#include <netinet/in_systm.h>
50#include <netinet/ip.h>
51#include <netinet/in_pcb.h>
52#include <netinet/in_var.h>
53#include <netinet/ip_var.h>
54
55/*
56 * Divert sockets
57 */
58
59/*
60 * Allocate enough space to hold a full IP packet
61 */
62#define	DIVSNDQ		(65536 + 100)
63#define	DIVRCVQ		(65536 + 100)
64
65/* Global variables */
66
67/*
68 * ip_input() and ip_output() set this secret value before calling us to
69 * let us know which divert port to divert a packet to; this is done so
70 * we can use the existing prototype for struct protosw's pr_input().
71 * This is stored in host order.
72 */
73u_short ip_divert_port;
74
75/*
76 * We set this value to a non-zero port number when we want the call to
77 * ip_fw_chk() in ip_input() or ip_output() to ignore ``divert <port>''
78 * chain entries. This is stored in host order.
79 */
80u_short ip_divert_ignore;
81
82/* Internal variables */
83
84static struct inpcbhead divcb;
85static struct inpcbinfo divcbinfo;
86
87static u_long	div_sendspace = DIVSNDQ;	/* XXX sysctl ? */
88static u_long	div_recvspace = DIVRCVQ;	/* XXX sysctl ? */
89
90/* Optimization: have this preinitialized */
91static struct sockaddr_in divsrc = { sizeof(divsrc), AF_INET };
92
93/* Internal functions */
94
95static int div_output(struct socket *so,
96		struct mbuf *m, struct sockaddr *addr, struct mbuf *control);
97
98/*
99 * Initialize divert connection block queue.
100 */
101void
102div_init(void)
103{
104	LIST_INIT(&divcb);
105	divcbinfo.listhead = &divcb;
106	/*
107	 * XXX We don't use the hash list for divert IP, but it's easier
108	 * to allocate a one entry hash list than it is to check all
109	 * over the place for hashbase == NULL.
110	 */
111	divcbinfo.hashbase = hashinit(1, M_PCB, &divcbinfo.hashmask);
112}
113
114/*
115 * Setup generic address and protocol structures
116 * for div_input routine, then pass them along with
117 * mbuf chain. ip->ip_len is assumed to have had
118 * the header length (hlen) subtracted out already.
119 * We tell whether the packet was incoming or outgoing
120 * by seeing if hlen == 0, which is a hack.
121 */
122void
123div_input(struct mbuf *m, int hlen)
124{
125	struct ip *ip;
126	struct inpcb *inp;
127	struct socket *sa;
128
129	/* Sanity check */
130	if (ip_divert_port == 0)
131		panic("div_input: port is 0");
132
133	/* Assure header */
134	if (m->m_len < sizeof(struct ip) &&
135	    (m = m_pullup(m, sizeof(struct ip))) == 0) {
136		return;
137	}
138	ip = mtod(m, struct ip *);
139
140	/* Record divert port */
141	divsrc.sin_port = htons(ip_divert_port);
142
143	/* Restore packet header fields */
144	ip->ip_len += hlen;
145	HTONS(ip->ip_len);
146	HTONS(ip->ip_off);
147
148	/* Record receive interface address, if any */
149	divsrc.sin_addr.s_addr = 0;
150	if (hlen) {
151		struct ifaddr *ifa;
152
153#ifdef DIAGNOSTIC
154		/* Sanity check */
155		if (!(m->m_flags & M_PKTHDR))
156			panic("div_input: no pkt hdr");
157#endif
158
159		/* More fields affected by ip_input() */
160		HTONS(ip->ip_id);
161
162		/* Find IP address for recieve interface */
163		for (ifa = m->m_pkthdr.rcvif->if_addrhead.tqh_first;
164		    ifa != NULL; ifa = ifa->ifa_link.tqe_next) {
165			if (ifa->ifa_addr == NULL)
166				continue;
167			if (ifa->ifa_addr->sa_family != AF_INET)
168				continue;
169			divsrc.sin_addr =
170			    ((struct sockaddr_in *) ifa->ifa_addr)->sin_addr;
171			break;
172		}
173	}
174
175	/* Put packet on socket queue, if any */
176	sa = NULL;
177	for (inp = divcb.lh_first; inp != NULL; inp = inp->inp_list.le_next) {
178		if (inp->inp_lport == htons(ip_divert_port))
179			sa = inp->inp_socket;
180	}
181	if (sa) {
182		if (sbappendaddr(&sa->so_rcv, (struct sockaddr *)&divsrc,
183				m, (struct mbuf *)0) == 0)
184			m_freem(m);
185		else
186			sorwakeup(sa);
187	} else {
188		m_freem(m);
189		ipstat.ips_noproto++;
190		ipstat.ips_delivered--;
191        }
192}
193
194/*
195 * Deliver packet back into the IP processing machinery.
196 *
197 * If no address specified, or address is 0.0.0.0, send to ip_output();
198 * otherwise, send to ip_input() and mark as having been received on
199 * the interface with that address.
200 *
201 * If no address specified, or dest port is 0, allow packet to divert
202 * back to this socket; otherwise, don't.
203 */
204static int
205div_output(so, m, addr, control)
206	struct socket *so;
207	register struct mbuf *m;
208	struct sockaddr *addr;
209	struct mbuf *control;
210{
211	register struct inpcb *const inp = sotoinpcb(so);
212	register struct ip *const ip = mtod(m, struct ip *);
213	struct sockaddr_in *sin = NULL;
214	int error = 0;
215
216	if (control)
217		m_freem(control);		/* XXX */
218	if (addr)
219		sin = (struct sockaddr_in *)addr;
220
221	/* Loopback avoidance option */
222	ip_divert_ignore = ntohs(inp->inp_lport);
223
224	/* Reinject packet into the system as incoming or outgoing */
225	if (!sin || sin->sin_addr.s_addr == 0) {
226		/* Don't allow both user specified and setsockopt options,
227		   and don't allow packet length sizes that will crash */
228		if (((ip->ip_hl != (sizeof (*ip) >> 2)) && inp->inp_options) ||
229		     ((u_short)ntohs(ip->ip_len) > m->m_pkthdr.len)) {
230			error = EINVAL;
231			goto cantsend;
232		}
233
234		/* Convert fields to host order for ip_output() */
235		NTOHS(ip->ip_len);
236		NTOHS(ip->ip_off);
237
238		/* Send packet to output processing */
239		ipstat.ips_rawout++;			/* XXX */
240		error = ip_output(m, inp->inp_options, &inp->inp_route,
241			(so->so_options & SO_DONTROUTE) |
242			IP_ALLOWBROADCAST | IP_RAWOUTPUT, inp->inp_moptions);
243	} else {
244		struct ifaddr *ifa;
245
246		/* Find receive interface with the given IP address */
247		sin->sin_port = 0;
248		if ((ifa = ifa_ifwithaddr((struct sockaddr *) sin)) == 0) {
249			error = EADDRNOTAVAIL;
250			goto cantsend;
251		}
252		m->m_pkthdr.rcvif = ifa->ifa_ifp;
253
254		/* Send packet to input processing */
255		ip_input(m);
256	}
257
258	/* Reset for next time (and other packets) */
259	ip_divert_ignore = 0;
260	return error;
261
262cantsend:
263	ip_divert_ignore = 0;
264	m_freem(m);
265	return error;
266}
267
268static int
269div_attach(struct socket *so, int proto, struct proc *p)
270{
271	struct inpcb *inp;
272	int error, s;
273
274	inp  = sotoinpcb(so);
275	if (inp)
276		panic("div_attach");
277	if (p && (error = suser(p->p_ucred, &p->p_acflag)) != 0)
278		return error;
279
280	s = splnet();
281	error = in_pcballoc(so, &divcbinfo, p);
282	splx(s);
283	if (error)
284		return error;
285	error = soreserve(so, div_sendspace, div_recvspace);
286	if (error)
287		return error;
288	inp = (struct inpcb *)so->so_pcb;
289	inp->inp_ip_p = proto;
290	inp->inp_flags |= INP_HDRINCL;
291	/* The socket is always "connected" because
292	   we always know "where" to send the packet */
293	so->so_state |= SS_ISCONNECTED;
294	return 0;
295}
296
297static int
298div_detach(struct socket *so)
299{
300	struct inpcb *inp;
301
302	inp = sotoinpcb(so);
303	if (inp == 0)
304		panic("div_detach");
305	in_pcbdetach(inp);
306	return 0;
307}
308
309static int
310div_abort(struct socket *so)
311{
312	soisdisconnected(so);
313	return div_detach(so);
314}
315
316static int
317div_disconnect(struct socket *so)
318{
319	if ((so->so_state & SS_ISCONNECTED) == 0)
320		return ENOTCONN;
321	return div_abort(so);
322}
323
324static int
325div_bind(struct socket *so, struct sockaddr *nam, struct proc *p)
326{
327	struct inpcb *inp;
328	int s;
329	int error;
330
331	s = splnet();
332	inp = sotoinpcb(so);
333	error = in_pcbbind(inp, nam, p);
334	splx(s);
335	return 0;
336}
337
338static int
339div_shutdown(struct socket *so)
340{
341	socantsendmore(so);
342	return 0;
343}
344
345static int
346div_send(struct socket *so, int flags, struct mbuf *m, struct sockaddr *nam,
347	 struct mbuf *control, struct proc *p)
348{
349	/* Packet must have a header (but that's about it) */
350	if (m->m_len < sizeof (struct ip) ||
351	    (m = m_pullup(m, sizeof (struct ip))) == 0) {
352		ipstat.ips_toosmall++;
353		m_freem(m);
354		return EINVAL;
355	}
356
357	/* Send packet */
358	return div_output(so, m, nam, control);
359}
360
361struct pr_usrreqs div_usrreqs = {
362	div_abort, pru_accept_notsupp, div_attach, div_bind,
363	pru_connect_notsupp, pru_connect2_notsupp, in_control, div_detach,
364	div_disconnect, pru_listen_notsupp, in_setpeeraddr, pru_rcvd_notsupp,
365	pru_rcvoob_notsupp, div_send, pru_sense_null, div_shutdown,
366	in_setsockaddr, sosend, soreceive, sopoll
367};
368