ip_divert.c revision 32821 
1/*
2 * Copyright (c) 1982, 1986, 1988, 1993
3 *	The Regents of the University of California.  All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 * 1. Redistributions of source code must retain the above copyright
9 *    notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 *    notice, this list of conditions and the following disclaimer in the
12 *    documentation and/or other materials provided with the distribution.
13 * 3. All advertising materials mentioning features or use of this software
14 *    must display the following acknowledgement:
15 *	This product includes software developed by the University of
16 *	California, Berkeley and its contributors.
17 * 4. Neither the name of the University nor the names of its contributors
18 *    may be used to endorse or promote products derived from this software
19 *    without specific prior written permission.
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 * SUCH DAMAGE.
32 *
33 *	$Id: ip_divert.c,v 1.17 1998/01/08 23:41:50 eivind Exp $
34 */
35
36#include "opt_inet.h"
37
38#ifndef INET
39#error IPDIVERT requires INET.
40#endif
41
42#include <sys/param.h>
43#include <sys/malloc.h>
44#include <sys/mbuf.h>
45#include <sys/socket.h>
46#include <sys/protosw.h>
47#include <sys/socketvar.h>
48#include <sys/systm.h>
49#include <sys/proc.h>
50
51#include <net/if.h>
52#include <net/route.h>
53
54#include <netinet/in.h>
55#include <netinet/in_systm.h>
56#include <netinet/ip.h>
57#include <netinet/in_pcb.h>
58#include <netinet/in_var.h>
59#include <netinet/ip_var.h>
60
61/*
62 * Divert sockets
63 */
64
65/*
66 * Allocate enough space to hold a full IP packet
67 */
68#define	DIVSNDQ		(65536 + 100)
69#define	DIVRCVQ		(65536 + 100)
70
71/* Global variables */
72
73/*
74 * ip_input() and ip_output() set this secret value before calling us to
75 * let us know which divert port to divert a packet to; this is done so
76 * we can use the existing prototype for struct protosw's pr_input().
77 * This is stored in host order.
78 */
79u_short ip_divert_port;
80
81/*
82 * We set this value to a non-zero port number when we want the call to
83 * ip_fw_chk() in ip_input() or ip_output() to ignore ``divert <port>''
84 * chain entries. This is stored in host order.
85 */
86u_short ip_divert_ignore;
87
88/* Internal variables */
89
90static struct inpcbhead divcb;
91static struct inpcbinfo divcbinfo;
92
93static u_long	div_sendspace = DIVSNDQ;	/* XXX sysctl ? */
94static u_long	div_recvspace = DIVRCVQ;	/* XXX sysctl ? */
95
96/* Optimization: have this preinitialized */
97static struct sockaddr_in divsrc = { sizeof(divsrc), AF_INET };
98
99/* Internal functions */
100
101static int div_output(struct socket *so,
102		struct mbuf *m, struct sockaddr *addr, struct mbuf *control);
103
104/*
105 * Initialize divert connection block queue.
106 */
107void
108div_init(void)
109{
110	LIST_INIT(&divcb);
111	divcbinfo.listhead = &divcb;
112	/*
113	 * XXX We don't use the hash list for divert IP, but it's easier
114	 * to allocate a one entry hash list than it is to check all
115	 * over the place for hashbase == NULL.
116	 */
117	divcbinfo.hashbase = hashinit(1, M_PCB, &divcbinfo.hashmask);
118	divcbinfo.porthashbase = hashinit(1, M_PCB, &divcbinfo.porthashmask);
119}
120
121/*
122 * Setup generic address and protocol structures
123 * for div_input routine, then pass them along with
124 * mbuf chain. ip->ip_len is assumed to have had
125 * the header length (hlen) subtracted out already.
126 * We tell whether the packet was incoming or outgoing
127 * by seeing if hlen == 0, which is a hack.
128 */
129void
130div_input(struct mbuf *m, int hlen)
131{
132	struct ip *ip;
133	struct inpcb *inp;
134	struct socket *sa;
135
136	/* Sanity check */
137	if (ip_divert_port == 0)
138		panic("div_input: port is 0");
139
140	/* Assure header */
141	if (m->m_len < sizeof(struct ip) &&
142	    (m = m_pullup(m, sizeof(struct ip))) == 0) {
143		return;
144	}
145	ip = mtod(m, struct ip *);
146
147	/* Record divert port */
148	divsrc.sin_port = htons(ip_divert_port);
149
150	/* Restore packet header fields */
151	ip->ip_len += hlen;
152	HTONS(ip->ip_len);
153	HTONS(ip->ip_off);
154
155	/* Record receive interface address, if any */
156	divsrc.sin_addr.s_addr = 0;
157	if (hlen) {
158		struct ifaddr *ifa;
159
160#ifdef DIAGNOSTIC
161		/* Sanity check */
162		if (!(m->m_flags & M_PKTHDR))
163			panic("div_input: no pkt hdr");
164#endif
165
166		/* More fields affected by ip_input() */
167		HTONS(ip->ip_id);
168
169		/* Find IP address for recieve interface */
170		for (ifa = m->m_pkthdr.rcvif->if_addrhead.tqh_first;
171		    ifa != NULL; ifa = ifa->ifa_link.tqe_next) {
172			if (ifa->ifa_addr == NULL)
173				continue;
174			if (ifa->ifa_addr->sa_family != AF_INET)
175				continue;
176			divsrc.sin_addr =
177			    ((struct sockaddr_in *) ifa->ifa_addr)->sin_addr;
178			break;
179		}
180	}
181
182	/* Put packet on socket queue, if any */
183	sa = NULL;
184	for (inp = divcb.lh_first; inp != NULL; inp = inp->inp_list.le_next) {
185		if (inp->inp_lport == htons(ip_divert_port))
186			sa = inp->inp_socket;
187	}
188	if (sa) {
189		if (sbappendaddr(&sa->so_rcv, (struct sockaddr *)&divsrc,
190				m, (struct mbuf *)0) == 0)
191			m_freem(m);
192		else
193			sorwakeup(sa);
194	} else {
195		m_freem(m);
196		ipstat.ips_noproto++;
197		ipstat.ips_delivered--;
198        }
199}
200
201/*
202 * Deliver packet back into the IP processing machinery.
203 *
204 * If no address specified, or address is 0.0.0.0, send to ip_output();
205 * otherwise, send to ip_input() and mark as having been received on
206 * the interface with that address.
207 *
208 * If no address specified, or dest port is 0, allow packet to divert
209 * back to this socket; otherwise, don't.
210 */
211static int
212div_output(so, m, addr, control)
213	struct socket *so;
214	register struct mbuf *m;
215	struct sockaddr *addr;
216	struct mbuf *control;
217{
218	register struct inpcb *const inp = sotoinpcb(so);
219	register struct ip *const ip = mtod(m, struct ip *);
220	struct sockaddr_in *sin = NULL;
221	int error = 0;
222
223	if (control)
224		m_freem(control);		/* XXX */
225	if (addr)
226		sin = (struct sockaddr_in *)addr;
227
228	/* Loopback avoidance option */
229	ip_divert_ignore = ntohs(inp->inp_lport);
230
231	/* Reinject packet into the system as incoming or outgoing */
232	if (!sin || sin->sin_addr.s_addr == 0) {
233		/* Don't allow both user specified and setsockopt options,
234		   and don't allow packet length sizes that will crash */
235		if (((ip->ip_hl != (sizeof (*ip) >> 2)) && inp->inp_options) ||
236		     ((u_short)ntohs(ip->ip_len) > m->m_pkthdr.len)) {
237			error = EINVAL;
238			goto cantsend;
239		}
240
241		/* Convert fields to host order for ip_output() */
242		NTOHS(ip->ip_len);
243		NTOHS(ip->ip_off);
244
245		/* Send packet to output processing */
246		ipstat.ips_rawout++;			/* XXX */
247		error = ip_output(m, inp->inp_options, &inp->inp_route,
248			(so->so_options & SO_DONTROUTE) |
249			IP_ALLOWBROADCAST | IP_RAWOUTPUT, inp->inp_moptions);
250	} else {
251		struct ifaddr *ifa;
252
253		/* Find receive interface with the given IP address */
254		sin->sin_port = 0;
255		if ((ifa = ifa_ifwithaddr((struct sockaddr *) sin)) == 0) {
256			error = EADDRNOTAVAIL;
257			goto cantsend;
258		}
259		m->m_pkthdr.rcvif = ifa->ifa_ifp;
260
261		/* Send packet to input processing */
262		ip_input(m);
263	}
264
265	/* Reset for next time (and other packets) */
266	ip_divert_ignore = 0;
267	return error;
268
269cantsend:
270	ip_divert_ignore = 0;
271	m_freem(m);
272	return error;
273}
274
275static int
276div_attach(struct socket *so, int proto, struct proc *p)
277{
278	struct inpcb *inp;
279	int error, s;
280
281	inp  = sotoinpcb(so);
282	if (inp)
283		panic("div_attach");
284	if (p && (error = suser(p->p_ucred, &p->p_acflag)) != 0)
285		return error;
286
287	s = splnet();
288	error = in_pcballoc(so, &divcbinfo, p);
289	splx(s);
290	if (error)
291		return error;
292	error = soreserve(so, div_sendspace, div_recvspace);
293	if (error)
294		return error;
295	inp = (struct inpcb *)so->so_pcb;
296	inp->inp_ip_p = proto;
297	inp->inp_flags |= INP_HDRINCL;
298	/* The socket is always "connected" because
299	   we always know "where" to send the packet */
300	so->so_state |= SS_ISCONNECTED;
301	return 0;
302}
303
304static int
305div_detach(struct socket *so)
306{
307	struct inpcb *inp;
308
309	inp = sotoinpcb(so);
310	if (inp == 0)
311		panic("div_detach");
312	in_pcbdetach(inp);
313	return 0;
314}
315
316static int
317div_abort(struct socket *so)
318{
319	soisdisconnected(so);
320	return div_detach(so);
321}
322
323static int
324div_disconnect(struct socket *so)
325{
326	if ((so->so_state & SS_ISCONNECTED) == 0)
327		return ENOTCONN;
328	return div_abort(so);
329}
330
331static int
332div_bind(struct socket *so, struct sockaddr *nam, struct proc *p)
333{
334	struct inpcb *inp;
335	int s;
336	int error;
337
338	s = splnet();
339	inp = sotoinpcb(so);
340	error = in_pcbbind(inp, nam, p);
341	splx(s);
342	return 0;
343}
344
345static int
346div_shutdown(struct socket *so)
347{
348	socantsendmore(so);
349	return 0;
350}
351
352static int
353div_send(struct socket *so, int flags, struct mbuf *m, struct sockaddr *nam,
354	 struct mbuf *control, struct proc *p)
355{
356	/* Packet must have a header (but that's about it) */
357	if (m->m_len < sizeof (struct ip) ||
358	    (m = m_pullup(m, sizeof (struct ip))) == 0) {
359		ipstat.ips_toosmall++;
360		m_freem(m);
361		return EINVAL;
362	}
363
364	/* Send packet */
365	return div_output(so, m, nam, control);
366}
367
368struct pr_usrreqs div_usrreqs = {
369	div_abort, pru_accept_notsupp, div_attach, div_bind,
370	pru_connect_notsupp, pru_connect2_notsupp, in_control, div_detach,
371	div_disconnect, pru_listen_notsupp, in_setpeeraddr, pru_rcvd_notsupp,
372	pru_rcvoob_notsupp, div_send, pru_sense_null, div_shutdown,
373	in_setsockaddr, sosend, soreceive, sopoll
374};
375