sys/netinet/raw_ip.c

139804Simp/*
99026Sjulian * Copyright (c) 1982, 1986, 1988, 1993
99026Sjulian *	The Regents of the University of California.  All rights reserved.
99026Sjulian *
99026Sjulian * Redistribution and use in source and binary forms, with or without
99026Sjulian * modification, are permitted provided that the following conditions
99026Sjulian * are met:
99026Sjulian * 1. Redistributions of source code must retain the above copyright
99026Sjulian *    notice, this list of conditions and the following disclaimer.
124350Sschweikh * 2. Redistributions in binary form must reproduce the above copyright
99026Sjulian *    notice, this list of conditions and the following disclaimer in the
99026Sjulian *    documentation and/or other materials provided with the distribution.
99026Sjulian * 3. All advertising materials mentioning features or use of this software
99026Sjulian *    must display the following acknowledgement:
99026Sjulian *	This product includes software developed by the University of
99026Sjulian *	California, Berkeley and its contributors.
99026Sjulian * 4. Neither the name of the University nor the names of its contributors
99026Sjulian *    may be used to endorse or promote products derived from this software
99026Sjulian *    without specific prior written permission.
99026Sjulian *
99026Sjulian * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
99026Sjulian * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
99026Sjulian * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
99026Sjulian * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
99026Sjulian * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
99026Sjulian * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
99026Sjulian * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
99026Sjulian * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
181695Sattilio * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
235459Srstone * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
198464Sjkoshy * SUCH DAMAGE.
181695Sattilio *
116182Sobrien *	@(#)raw_ip.c	8.7 (Berkeley) 5/15/95
116182Sobrien * $FreeBSD: head/sys/netinet/raw_ip.c 117737 2003-07-18 16:10:36Z rwatson $
116182Sobrien */
99026Sjulian
99026Sjulian#include "opt_inet6.h"
99026Sjulian#include "opt_ipsec.h"
99026Sjulian#include "opt_mac.h"
99026Sjulian#include "opt_random_ip_id.h"
99026Sjulian
236317Skib#include <sys/param.h>
156705Sdavidxu#include <sys/kernel.h>
235459Srstone#include <sys/lock.h>
130355Sjulian#include <sys/mac.h>
107126Sjeff#include <sys/malloc.h>
126326Sjhb#include <sys/mbuf.h>
174647Sjeff#include <sys/proc.h>
294614Sjhb#include <sys/protosw.h>
293490Sdchagin#include <sys/signalvar.h>
122514Sjhb#include <sys/socket.h>
99026Sjulian#include <sys/socketvar.h>
213642Sdavidxu#include <sys/sx.h>
143149Sdavidxu#include <sys/sysctl.h>
176730Sjeff#include <sys/systm.h>
198464Sjkoshy
198464Sjkoshy#include <vm/uma.h>
198464Sjkoshy
99026Sjulian#include <net/if.h>
155195Srwatson#include <net/route.h>
155195Srwatson
99026Sjulian#include <netinet/in.h>
116355Salc#include <netinet/in_systm.h>
99026Sjulian#include <netinet/in_pcb.h>
173631Srrs#include <netinet/in_var.h>
99026Sjulian#include <netinet/ip.h>
235459Srstone#include <netinet/ip_var.h>
260817Savg#include <netinet/ip_mroute.h>
235459Srstone
99026Sjulian#include <netinet/ip_fw.h>
163709Sjb#include <netinet/ip_dummynet.h>
163709Sjb
99026Sjulian#ifdef FAST_IPSEC
99026Sjulian#include <netipsec/ipsec.h>
111028Sjeff#endif /*FAST_IPSEC*/
172256Sattilio
170296Sjeff#ifdef IPSEC
99026Sjulian#include <netinet6/ipsec.h>
170598Sjeff#endif /*IPSEC*/
283279Skib
283279Skibstruct	inpcbhead ripcb;
170598Sjeffstruct	inpcbinfo ripcbinfo;
216314Sdavidxu
216314Sdavidxu/* control hooks for ipfw and dummynet */
127794Smarcelip_fw_ctl_t *ip_fw_ctl_ptr;
143802Sphkip_dn_ctl_t *ip_dn_ctl_ptr;
216314Sdavidxu
216314Sdavidxu/*
213642Sdavidxu * hooks for multicast routing. They all default to NULL,
213642Sdavidxu * so leave them not initialized and rely on BSS being set to 0.
213642Sdavidxu */
213642Sdavidxu
213642Sdavidxu/* The socket used to communicate with the multicast routing daemon.  */
213642Sdavidxustruct socket  *ip_mrouter;
216314Sdavidxu
216314Sdavidxu/* The various mrouter and rsvp functions */
216314Sdavidxuint (*ip_mrouter_set)(struct socket *, struct sockopt *);
216314Sdavidxuint (*ip_mrouter_get)(struct socket *, struct sockopt *);
216314Sdavidxuint (*ip_mrouter_done)(void);
216314Sdavidxuint (*ip_mforward)(struct ip *, struct ifnet *, struct mbuf *,
216314Sdavidxu                   struct ip_moptions *);
216314Sdavidxuint (*mrt_ioctl)(int, caddr_t);
216314Sdavidxuint (*legal_vif_num)(int);
216314Sdavidxuu_long (*ip_mcast_src)(int);
216314Sdavidxu
216314Sdavidxuvoid (*rsvp_input_p)(struct mbuf *m, int off);
216314Sdavidxuint (*ip_rsvp_vif)(struct socket *, struct sockopt *);
240951Skibvoid (*ip_rsvp_force_done)(struct socket *);
240951Skib
216314Sdavidxu/*
216314Sdavidxu * Nominal space allocated to a raw ip socket.
216314Sdavidxu */
216314Sdavidxu#define	RIPSNDQ		8192
216314Sdavidxu#define	RIPRCVQ		8192
216314Sdavidxu
216314Sdavidxu/*
216314Sdavidxu * Raw interface to IP protocol.
216314Sdavidxu */
216314Sdavidxu
216314Sdavidxu/*
240951Skib * Initialize raw connection block q.
240951Skib */
216314Sdavidxuvoid
240951Skibrip_init()
240951Skib{
216314Sdavidxu	INP_INFO_LOCK_INIT(&ripcbinfo, "rip");
216314Sdavidxu	LIST_INIT(&ripcb);
216314Sdavidxu	ripcbinfo.listhead = &ripcb;
216314Sdavidxu	/*
216314Sdavidxu	 * XXX We don't use the hash list for raw IP, but it's easier
127794Smarcel	 * to allocate a one entry hash list than it is to check all
107719Sjulian	 * over the place for hashbase == NULL.
99026Sjulian	 */
132987Sgreen	ripcbinfo.hashbase = hashinit(1, M_PCB, &ripcbinfo.hashmask);
132987Sgreen	ripcbinfo.porthashbase = hashinit(1, M_PCB, &ripcbinfo.porthashmask);
99026Sjulian	ripcbinfo.ipi_zone = uma_zcreate("ripcb", sizeof(struct inpcb),
99026Sjulian	    NULL, NULL, NULL, NULL, UMA_ALIGN_PTR, UMA_ZONE_NOFREE);
99026Sjulian	uma_zone_set_max(ripcbinfo.ipi_zone, maxsockets);
99026Sjulian}
103216Sjulian
135573Sjhbstatic struct	sockaddr_in ripsrc = { sizeof(ripsrc), AF_INET };
130269Sjmallett/*
216314Sdavidxu * Setup generic address and protocol structures
143840Sphk * for raw_input routine, then pass them along with
130269Sjmallett * mbuf chain.
130269Sjmallett */
130269Sjmallettvoid
170296Sjeffrip_input(m, off)
130269Sjmallett	struct mbuf *m;
118442Sjhb	int off;
216313Sdavidxu{
173631Srrs	register struct ip *ip = mtod(m, struct ip *);
155195Srwatson	register struct inpcb *inp;
155195Srwatson	struct inpcb *last = 0;
155195Srwatson	struct mbuf *opts = 0;
161678Sdavidxu	int proto = ip->ip_p;
132987Sgreen
99026Sjulian	ripsrc.sin_addr = ip->ip_src;
99026Sjulian	LIST_FOREACH(inp, &ripcb, inp_list) {
99026Sjulian#ifdef INET6
99026Sjulian		if ((inp->inp_vflag & INP_IPV4) == 0)
99026Sjulian			continue;
99026Sjulian#endif
99026Sjulian		if (inp->inp_ip_p && inp->inp_ip_p != proto)
99026Sjulian			continue;
127794Smarcel		if (inp->inp_laddr.s_addr &&
99026Sjulian                  inp->inp_laddr.s_addr != ip->ip_dst.s_addr)
99026Sjulian			continue;
99026Sjulian		if (inp->inp_faddr.s_addr &&
99026Sjulian                  inp->inp_faddr.s_addr != ip->ip_src.s_addr)
99026Sjulian			continue;
99026Sjulian		if (last) {
103216Sjulian			struct mbuf *n = m_copy(m, 0, (int)M_COPYALL);
103216Sjulian			int policyfail = 0;
103216Sjulian
99026Sjulian			if (n != NULL) {
99026Sjulian#ifdef IPSEC
99026Sjulian				/* check AH/ESP integrity. */
99026Sjulian				if (ipsec4_in_reject_so(n, last->inp_socket)) {
99026Sjulian					policyfail = 1;
99026Sjulian					ipsecstat.in_polvio++;
99026Sjulian					/* do not inject data to pcb */
103216Sjulian				}
99026Sjulian#endif /*IPSEC*/
99026Sjulian#ifdef FAST_IPSEC
99026Sjulian				/* check AH/ESP integrity. */
99026Sjulian				if (ipsec4_in_reject(n, last)) {
99026Sjulian					policyfail = 1;
99026Sjulian					/* do not inject data to pcb */
155353Srwatson				}
155353Srwatson#endif /*FAST_IPSEC*/
155353Srwatson#ifdef MAC
185029Spjd				if (policyfail == 0 &&
185029Spjd				    mac_check_socket_deliver(last->inp_socket,
185029Spjd				    n) != 0)
173631Srrs					policyfail = 1;
216314Sdavidxu#endif
99026Sjulian			}
99026Sjulian			if (policyfail)
99026Sjulian				m_freem(n);
99026Sjulian			else if (n) {
99026Sjulian				if (last->inp_flags & INP_CONTROLOPTS ||
132987Sgreen				    last->inp_socket->so_options & SO_TIMESTAMP)
132987Sgreen				    ip_savecontrol(last, &opts, ip, n);
99026Sjulian				if (sbappendaddr(&last->inp_socket->so_rcv,
131149Smarcel				    (struct sockaddr *)&ripsrc, n,
99026Sjulian				    opts) == 0) {
99026Sjulian					/* should notify about lost packet */
131149Smarcel					m_freem(n);
126326Sjhb					if (opts)
122514Sjhb					    m_freem(opts);
236317Skib				} else
173631Srrs					sorwakeup(last->inp_socket);
107126Sjeff				opts = 0;
161678Sdavidxu			}
173361Skib		}
281979Skib		last = inp;
132987Sgreen	}
99026Sjulian	if (last) {
99026Sjulian#ifdef IPSEC
99026Sjulian		/* check AH/ESP integrity. */
99026Sjulian		if (ipsec4_in_reject_so(m, last->inp_socket)) {
99026Sjulian			m_freem(m);
99026Sjulian			ipsecstat.in_polvio++;
99026Sjulian			ipstat.ips_delivered--;
99026Sjulian			/* do not inject data to pcb */
131149Smarcel			return;
99026Sjulian		}
99026Sjulian#endif /*IPSEC*/
173631Srrs#ifdef FAST_IPSEC
236317Skib		/* check AH/ESP integrity. */
122514Sjhb		if (ipsec4_in_reject(m, last)) {
126326Sjhb			m_freem(m);
161678Sdavidxu			ipstat.ips_delivered--;
174647Sjeff			/* do not inject data to pcb */
99026Sjulian			return;
111028Sjeff		}
107126Sjeff#endif /*FAST_IPSEC*/
111028Sjeff#ifdef MAC
111028Sjeff		if (mac_check_socket_deliver(last->inp_socket, m) != 0) {
134791Sjulian			m_freem(m);
134791Sjulian			ipstat.ips_delivered--;
134791Sjulian			return;
134791Sjulian		}
105854Sjulian#endif
105854Sjulian		if (last->inp_flags & INP_CONTROLOPTS ||
173361Skib		    last->inp_socket->so_options & SO_TIMESTAMP)
173361Skib			ip_savecontrol(last, &opts, ip, m);
173361Skib		if (sbappendaddr(&last->inp_socket->so_rcv,
173361Skib		    (struct sockaddr *)&ripsrc, m, opts) == 0) {
173361Skib			m_freem(m);
173361Skib			if (opts)
173361Skib			    m_freem(opts);
163709Sjb		} else
105854Sjulian			sorwakeup(last->inp_socket);
170296Sjeff	} else {
151316Sdavidxu		m_freem(m);
153253Sdavidxu		ipstat.ips_noproto++;
153253Sdavidxu		ipstat.ips_delivered--;
153253Sdavidxu	}
153253Sdavidxu}
152185Sdavidxu
152948Sdavidxu/*
105854Sjulian * Generate IP header and pass packet to ip_output.
163709Sjb * Tack on options user may have setup with control call.
105854Sjulian */
105854Sjulianint
111028Sjeffrip_output(m, so, dst)
99026Sjulian	struct mbuf *m;
99026Sjulian	struct socket *so;
99026Sjulian	u_long dst;
99026Sjulian{
99026Sjulian	register struct ip *ip;
99026Sjulian	register struct inpcb *inp = sotoinpcb(so);
143802Sphk	int flags = (so->so_options & SO_DONTROUTE) | IP_ALLOWBROADCAST;
239301Skib
239301Skib#ifdef MAC
239328Skib	mac_create_mbuf_from_socket(so, m);
239301Skib#endif
239301Skib
174848Sjulian	/*
143802Sphk	 * If the user handed us a complete IP packet, use it.
107126Sjeff	 * Otherwise, allocate an mbuf for a header and fill it in.
99026Sjulian	 */
290325Skib	if ((inp->inp_flags & INP_HDRINCL) == 0) {
213642Sdavidxu		if (m->m_pkthdr.len + sizeof(struct ip) > IP_MAXPACKET) {
213642Sdavidxu			m_freem(m);
99026Sjulian			return(EMSGSIZE);
99026Sjulian		}
99026Sjulian		M_PREPEND(m, sizeof(struct ip), M_TRYWAIT);
170598Sjeff		ip = mtod(m, struct ip *);
164936Sjulian		ip->ip_tos = inp->inp_ip_tos;
99026Sjulian		ip->ip_off = 0;
99026Sjulian		ip->ip_p = inp->inp_ip_p;
170598Sjeff		ip->ip_len = m->m_pkthdr.len;
99026Sjulian		ip->ip_src = inp->inp_laddr;
170296Sjeff		ip->ip_dst.s_addr = dst;
164936Sjulian		ip->ip_ttl = inp->inp_ip_ttl;
170296Sjeff	} else {
99026Sjulian		if (m->m_pkthdr.len > IP_MAXPACKET) {
99026Sjulian			m_freem(m);
103410Smini			return(EMSGSIZE);
170598Sjeff		}
170598Sjeff		ip = mtod(m, struct ip *);
170598Sjeff		/* don't allow both user specified and setsockopt options,
170598Sjeff		   and don't allow packet length sizes that will crash */
170598Sjeff		if (((ip->ip_hl != (sizeof (*ip) >> 2))
170598Sjeff		     && inp->inp_options)
170598Sjeff		    || (ip->ip_len > m->m_pkthdr.len)
170598Sjeff		    || (ip->ip_len < (ip->ip_hl << 2))) {
170598Sjeff			m_freem(m);
170598Sjeff			return EINVAL;
177091Sjeff		}
99026Sjulian		if (ip->ip_id == 0)
99026Sjulian#ifdef RANDOM_IP_ID
99026Sjulian			ip->ip_id = ip_randomid();
99026Sjulian#else
105854Sjulian			ip->ip_id = htons(ip_id++);
99026Sjulian#endif
99026Sjulian		/* XXX prevent ip_output from overwriting header fields */
111028Sjeff		flags |= IP_RAWOUTPUT;
111028Sjeff		ipstat.ips_rawout++;
99026Sjulian	}
163709Sjb
170296Sjeff	return (ip_output(m, inp->inp_options, &inp->inp_route, flags,
105854Sjulian			  inp->inp_moptions, inp));
105854Sjulian}
105854Sjulian
170296Sjeff/*
105854Sjulian * Raw IP socket option processing.
164936Sjulian *
111028Sjeff * Note that access to all of the IP administrative functions here is
111028Sjeff * implicitly protected by suser() as gaining access to a raw socket
105854Sjulian * requires either that the thread pass a suser() check, or that it be
105854Sjulian * passed a raw socket by another thread that has passed a suser() check.
99026Sjulian * If FreeBSD moves to a more fine-grained access control mechanism,
99026Sjulian * additional checks will need to be placed here if the raw IP attachment
99026Sjulian * check is not equivilent the the check required for these
99026Sjulian * administrative operations; in some cases, these checks are already
99026Sjulian * present.
99026Sjulian */
99026Sjulianint
99026Sjulianrip_ctloutput(so, sopt)
196730Skib	struct socket *so;
99026Sjulian	struct sockopt *sopt;
173361Skib{
163709Sjb	struct	inpcb *inp = sotoinpcb(so);
99026Sjulian	int	error, optval;
173361Skib
173361Skib	if (sopt->sopt_level != IPPROTO_IP)
173361Skib		return (EINVAL);
196730Skib
173361Skib	error = 0;
173361Skib
173361Skib	switch (sopt->sopt_dir) {
173615Smarcel	case SOPT_GET:
173361Skib		switch (sopt->sopt_name) {
99026Sjulian		case IP_HDRINCL:
99026Sjulian			optval = inp->inp_flags & INP_HDRINCL;
196730Skib			error = sooptcopyout(sopt, &optval, sizeof optval);
196730Skib			break;
196730Skib
103367Sjulian		case IP_FW_ADD:	/* ADD actually returns the body... */
196730Skib		case IP_FW_GET:
196730Skib			if (IPFW_LOADED)
196730Skib				error = ip_fw_ctl_ptr(sopt);
196730Skib			else
196730Skib				error = ENOPROTOOPT;
196730Skib			break;
196730Skib
196730Skib		case IP_DUMMYNET_GET:
103367Sjulian			if (DUMMYNET_LOADED)
99026Sjulian				error = ip_dn_ctl_ptr(sopt);
99026Sjulian			else
99026Sjulian				error = ENOPROTOOPT;
99026Sjulian			break ;
99026Sjulian
189845Sjeff		case MRT_INIT:
189845Sjeff		case MRT_DONE:
177369Sjeff		case MRT_ADD_VIF:
177369Sjeff		case MRT_DEL_VIF:
176730Sjeff		case MRT_ADD_MFC:
173615Smarcel		case MRT_DEL_MFC:
173361Skib		case MRT_VERSION:
173361Skib		case MRT_ASSERT:
99026Sjulian			error = ip_mrouter_get ? ip_mrouter_get(so, sopt) :
99026Sjulian				EOPNOTSUPP;
99026Sjulian			break;
99026Sjulian
99026Sjulian		default:
130355Sjulian			error = ip_ctloutput(so, sopt);
99026Sjulian			break;
99026Sjulian		}
107719Sjulian		break;
107719Sjulian
177091Sjeff	case SOPT_SET:
99026Sjulian		switch (sopt->sopt_name) {
99026Sjulian		case IP_HDRINCL:
99026Sjulian			error = sooptcopyin(sopt, &optval, sizeof optval,
99026Sjulian					    sizeof optval);
229429Sjhb			if (error)
99026Sjulian				break;
170174Sjeff			if (optval)
99026Sjulian				inp->inp_flags |= INP_HDRINCL;
182011Sjhb			else
99026Sjulian				inp->inp_flags &= ~INP_HDRINCL;
99026Sjulian			break;
99026Sjulian
99026Sjulian		case IP_FW_ADD:
170296Sjeff		case IP_FW_DEL:
134791Sjulian		case IP_FW_FLUSH:
170296Sjeff		case IP_FW_ZERO:
134791Sjulian		case IP_FW_RESETLOG:
102581Sjulian			if (IPFW_LOADED)
133234Srwatson				error = ip_fw_ctl_ptr(sopt);
173601Sjulian			else
151316Sdavidxu				error = ENOPROTOOPT;
99026Sjulian			break;
155376Srwatson
155376Srwatson		case IP_DUMMYNET_CONFIGURE:
155376Srwatson		case IP_DUMMYNET_DEL:
134791Sjulian		case IP_DUMMYNET_FLUSH:
134791Sjulian			if (DUMMYNET_LOADED)
134791Sjulian				error = ip_dn_ctl_ptr(sopt);
134791Sjulian			else
134791Sjulian				error = ENOPROTOOPT ;
99026Sjulian			break ;
99026Sjulian
134791Sjulian		case IP_RSVP_ON:
103002Sjulian			error = ip_rsvp_init(so);
103002Sjulian			break;
134791Sjulian
134791Sjulian		case IP_RSVP_OFF:
134791Sjulian			error = ip_rsvp_done();
134791Sjulian			break;
102581Sjulian
134791Sjulian		case IP_RSVP_VIF_ON:
134791Sjulian		case IP_RSVP_VIF_OFF:
271372Skib			error = ip_rsvp_vif ?
134791Sjulian				ip_rsvp_vif(so, sopt) : EINVAL;
170174Sjeff			break;
170174Sjeff
134791Sjulian		case MRT_INIT:
134791Sjulian		case MRT_DONE:
134791Sjulian		case MRT_ADD_VIF:
207606Skib		case MRT_DEL_VIF:
134791Sjulian		case MRT_ADD_MFC:
134791Sjulian		case MRT_DEL_MFC:
134791Sjulian		case MRT_VERSION:
134791Sjulian		case MRT_ASSERT:
170296Sjeff			error = ip_mrouter_set ? ip_mrouter_set(so, sopt) :
182011Sjhb					EOPNOTSUPP;
283279Skib			break;
170296Sjeff
182011Sjhb		default:
182011Sjhb			error = ip_ctloutput(so, sopt);
134791Sjulian			break;
103002Sjulian		}
104695Sjulian		break;
134791Sjulian	}
134791Sjulian
134791Sjulian	return (error);
134791Sjulian}
134791Sjulian
134791Sjulian/*
119488Sdavidxu * This function exists solely to receive the PRC_IFDOWN messages which
170296Sjeff * are sent by if_down().  It looks for an ifaddr whose ifa_addr is sa,
198464Sjkoshy * and calls in_ifadown() to remove all routes corresponding to that address.
198464Sjkoshy * It also receives the PRC_IFUP messages from if_up() and reinstalls the
198464Sjkoshy * interface routes.
198464Sjkoshy */
198464Sjkoshyvoid
198464Sjkoshyrip_ctlinput(cmd, sa, vip)
198464Sjkoshy	int cmd;
198464Sjkoshy	struct sockaddr *sa;
170296Sjeff	void *vip;
293473Sdchagin{
293473Sdchagin	struct in_ifaddr *ia;
293473Sdchagin	struct ifnet *ifp;
229429Sjhb	int err;
229429Sjhb	int flags;
229429Sjhb
229429Sjhb	switch (cmd) {
229429Sjhb	case PRC_IFDOWN:
229429Sjhb		TAILQ_FOREACH(ia, &in_ifaddrhead, ia_link) {
229429Sjhb			if (ia->ia_ifa.ifa_addr == sa
229429Sjhb			    && (ia->ia_flags & IFA_ROUTE)) {
229429Sjhb				/*
229429Sjhb				 * in_ifscrub kills the interface route.
229429Sjhb				 */
229429Sjhb				in_ifscrub(ia->ia_ifp, ia);
208488Skib				/*
229429Sjhb				 * in_ifadown gets rid of all the rest of
293473Sdchagin				 * the routes.  This is not quite the right
229429Sjhb				 * thing to do, but at least if we are running
133396Sjulian				 * a routing process they will come back.
181695Sattilio				 */
181695Sattilio				in_ifadown(&ia->ia_ifa, 0);
181695Sattilio				break;
133396Sjulian			}
170296Sjeff		}
112993Speter		break;
99026Sjulian
99026Sjulian	case PRC_IFUP:
99026Sjulian		TAILQ_FOREACH(ia, &in_ifaddrhead, ia_link) {
124350Sschweikh			if (ia->ia_ifa.ifa_addr == sa)
107719Sjulian				break;
126932Speter		}
107719Sjulian		if (ia == 0 || (ia->ia_flags & IFA_ROUTE))
107719Sjulian			return;
107719Sjulian		flags = RTF_UP;
107719Sjulian		ifp = ia->ia_ifa.ifa_ifp;
107719Sjulian
107719Sjulian		if ((ifp->if_flags & IFF_LOOPBACK)
126932Speter		    || (ifp->if_flags & IFF_POINTOPOINT))
271372Skib			flags |= RTF_HOST;
271372Skib
170598Sjeff		err = rtinit(&ia->ia_ifa, RTM_ADD, flags);
170598Sjeff		if (err == 0)
170598Sjeff			ia->ia_flags |= IFA_ROUTE;
170598Sjeff		break;
189845Sjeff	}
176730Sjeff}
176730Sjeff
170598Sjeffu_long	rip_sendspace = RIPSNDQ;
170598Sjeffu_long	rip_recvspace = RIPRCVQ;
107719Sjulianint	rip_olddiverterror = 1;
107719Sjulian
107719SjulianSYSCTL_INT(_net_inet_raw, OID_AUTO, maxdgram, CTLFLAG_RW,
99026Sjulian    &rip_sendspace, 0, "Maximum outgoing raw IP datagram size");
99026SjulianSYSCTL_INT(_net_inet_raw, OID_AUTO, recvspace, CTLFLAG_RW,
103002Sjulian    &rip_recvspace, 0, "Maximum incoming raw IP datagram size");
103002SjulianSYSCTL_INT(_net_inet_raw, OID_AUTO, olddiverterror, CTLFLAG_RW,
99026Sjulian    &rip_olddiverterror, 0, "Return an error when creating an 'old' DIVERT socket");
99026Sjulian
163709Sjbstatic int
99026Sjulianrip_attach(struct socket *so, int proto, struct thread *td)
99026Sjulian{
170296Sjeff	struct inpcb *inp;
170296Sjeff	int error, s;
177368Sjeff
177368Sjeff	inp = sotoinpcb(so);
170296Sjeff	if (inp)
111028Sjeff		panic("rip_attach");
111028Sjeff	if (td && (error = suser(td)) != 0)
172207Sjeff		return error;
99026Sjulian
103002Sjulian	if (proto >= IPPROTO_MAX || proto < 0)
174629Sjeff		return EPROTONOSUPPORT;
174629Sjeff
151316Sdavidxu	/* To be removed before 5.2 */
119137Ssam	if (rip_olddiverterror && proto == IPPROTO_OLD_DIVERT) {
99026Sjulian		printf("Old IPDIVERT program needs to be recompiled, or new IP proto 254 user needs sysctl net.inet.raw.olddiverterror=0\n");
99026Sjulian		return EPROTONOSUPPORT;
99026Sjulian	}
99026Sjulian
134791Sjulian	error = soreserve(so, rip_sendspace, rip_recvspace);
136160Sjulian	if (error)
134791Sjulian		return error;
134791Sjulian	s = splnet();
113641Sjulian	error = in_pcballoc(so, &ripcbinfo, td);
113641Sjulian	splx(s);
124350Sschweikh	if (error)
113641Sjulian		return error;
113920Sjhb	inp = (struct inpcb *)so->so_pcb;
177368Sjeff	inp->inp_vflag |= INP_IPV4;
113641Sjulian	inp->inp_ip_p = proto;
113641Sjulian	inp->inp_ip_ttl = ip_defttl;
113641Sjulian	return 0;
163709Sjb}
124350Sschweikh
113641Sjulianstatic int
195701Skibrip_detach(struct socket *so)
195701Skib{
195701Skib	struct inpcb *inp;
195701Skib
195701Skib	inp = sotoinpcb(so);
227657Skib	if (inp == 0)
227657Skib		panic("rip_detach");
195701Skib	if (so == ip_mrouter && ip_mrouter_done)
195701Skib		ip_mrouter_done();
195701Skib	if (ip_rsvp_force_done)
195701Skib		ip_rsvp_force_done(so);
276272Skib	if (so == ip_rsvpd)
195701Skib		ip_rsvp_done();
195701Skib	in_pcbdetach(inp);
195701Skib	return 0;
195701Skib}
195701Skib
195701Skibstatic int
275795Skibrip_abort(struct socket *so)
275795Skib{
275795Skib	soisdisconnected(so);
275795Skib	if (so->so_state & SS_NOFDREF)
276272Skib		return rip_detach(so);
275795Skib	return 0;
275795Skib}
275795Skib
275795Skibstatic int
275795Skibrip_disconnect(struct socket *so)
275795Skib{
275795Skib	if ((so->so_state & SS_ISCONNECTED) == 0)
275795Skib		return ENOTCONN;
275795Skib	return rip_abort(so);
275795Skib}
275795Skib
275795Skibstatic int
275795Skibrip_bind(struct socket *so, struct sockaddr *nam, struct thread *td)
275795Skib{
275795Skib	struct inpcb *inp = sotoinpcb(so);
283279Skib	struct sockaddr_in *addr = (struct sockaddr_in *)nam;
275795Skib
275795Skib	if (nam->sa_len != sizeof(*addr))
275795Skib		return EINVAL;
275795Skib
275795Skib	if (TAILQ_EMPTY(&ifnet) || ((addr->sin_family != AF_INET) &&
283279Skib				    (addr->sin_family != AF_IMPLINK)) ||
275795Skib	    (addr->sin_addr.s_addr &&
275795Skib	     ifa_ifwithaddr((struct sockaddr *)addr) == 0))
275795Skib		return EADDRNOTAVAIL;
275795Skib	inp->inp_laddr = addr->sin_addr;
275795Skib	return 0;
283279Skib}
275795Skib
275795Skibstatic int
275795Skibrip_connect(struct socket *so, struct sockaddr *nam, struct thread *td)
276272Skib{
276272Skib	struct inpcb *inp = sotoinpcb(so);
276272Skib	struct sockaddr_in *addr = (struct sockaddr_in *)nam;
276272Skib
276272Skib	if (nam->sa_len != sizeof(*addr))
276272Skib		return EINVAL;
276272Skib	if (TAILQ_EMPTY(&ifnet))
276272Skib		return EADDRNOTAVAIL;
276272Skib	if ((addr->sin_family != AF_INET) &&
276272Skib	    (addr->sin_family != AF_IMPLINK))
276272Skib		return EAFNOSUPPORT;
283279Skib	inp->inp_faddr = addr->sin_addr;
276272Skib	soisconnected(so);
276272Skib	return 0;
276272Skib}
276272Skib
276272Skibstatic int
276272Skibrip_shutdown(struct socket *so)
276272Skib{
276272Skib	socantsendmore(so);
276272Skib	return 0;
275795Skib}
275795Skib
275795Skibstatic int
275795Skibrip_send(struct socket *so, int flags, struct mbuf *m, struct sockaddr *nam,
111028Sjeff	 struct mbuf *control, struct thread *td)
99026Sjulian{
99026Sjulian	struct inpcb *inp = sotoinpcb(so);
99026Sjulian	register u_long dst;
99026Sjulian
99026Sjulian	if (so->so_state & SS_ISCONNECTED) {
99026Sjulian		if (nam) {
99026Sjulian			m_freem(m);
99026Sjulian			return EISCONN;
99026Sjulian		}
160048Smaxim		dst = inp->inp_faddr.s_addr;
99026Sjulian	} else {
99026Sjulian		if (nam == NULL) {
99026Sjulian			m_freem(m);
276272Skib			return ENOTCONN;
99026Sjulian		}
99026Sjulian		dst = ((struct sockaddr_in *)nam)->sin_addr.s_addr;
99026Sjulian	}
181334Sjhb	return rip_output(m, so, dst);
99026Sjulian}
99026Sjulian
276272Skibstatic int
276272Skibrip_pcblist(SYSCTL_HANDLER_ARGS)
276272Skib{
276272Skib	int error, i, n, s;
276272Skib	struct inpcb *inp, **inp_list;
276272Skib	inp_gen_t gencnt;
276272Skib	struct xinpgen xig;
276272Skib
276272Skib	/*
276272Skib	 * The process of preparing the TCB list is too time-consuming and
276272Skib	 * resource-intensive to repeat twice on every request.
276272Skib	 */
126932Speter	if (req->oldptr == 0) {
99026Sjulian		n = ripcbinfo.ipi_count;
99026Sjulian		req->oldidx = 2 * (sizeof xig)
276272Skib			+ (n + n/8) * sizeof(struct xinpcb);
99026Sjulian		return 0;
99026Sjulian	}
100648Sjulian
136177Sdavidxu	if (req->newptr != 0)
99026Sjulian		return EPERM;
99026Sjulian
136177Sdavidxu	/*
136177Sdavidxu	 * OK, now we're committed to doing something.
136177Sdavidxu	 */
136177Sdavidxu	s = splnet();
136177Sdavidxu	gencnt = ripcbinfo.ipi_gencnt;
136177Sdavidxu	n = ripcbinfo.ipi_count;
136177Sdavidxu	splx(s);
136177Sdavidxu
136177Sdavidxu	xig.xig_len = sizeof xig;
136177Sdavidxu	xig.xig_count = n;
276272Skib	xig.xig_gen = gencnt;
276272Skib	xig.xig_sogen = so_gencnt;
102950Sdavidxu	error = SYSCTL_OUT(req, &xig, sizeof xig);
184667Sdavidxu	if (error)
99026Sjulian		return error;
195701Skib
275795Skib	inp_list = malloc(n * sizeof *inp_list, M_TEMP, M_WAITOK);
156942Sdavidxu	if (inp_list == 0)
156942Sdavidxu		return ENOMEM;
181334Sjhb
99026Sjulian	s = splnet();
99026Sjulian	for (inp = LIST_FIRST(ripcbinfo.listhead), i = 0; inp && i < n;
99026Sjulian	     inp = LIST_NEXT(inp, inp_list)) {
170296Sjeff		if (inp->inp_gencnt <= gencnt) {
177471Sjeff			if (cr_canseesocket(req->td->td_ucred,
276272Skib			    inp->inp_socket))
275795Skib				continue;
155594Sdavidxu			inp_list[i++] = inp;
276272Skib		}
155594Sdavidxu	}
276272Skib	splx(s);
155594Sdavidxu	n = i;
170296Sjeff
99026Sjulian	error = 0;
181334Sjhb	for (i = 0; i < n; i++) {
181334Sjhb		inp = inp_list[i];
195701Skib		if (inp->inp_gencnt <= gencnt) {
130674Sdavidxu			struct xinpcb xi;
124350Sschweikh			xi.xi_len = sizeof xi;
124350Sschweikh			/* XXX should avoid extra copy */
105911Sjulian			bcopy(inp, &xi.xi_inp, sizeof *inp);
275795Skib			if (inp->inp_socket)
105911Sjulian				sotoxsocket(inp->inp_socket, &xi.xi_socket);
105911Sjulian			error = SYSCTL_OUT(req, &xi, sizeof xi);
156942Sdavidxu		}
99026Sjulian	}
99026Sjulian	if (!error) {
100648Sjulian		/*
99026Sjulian		 * Give the user an updated idea of our state.
276272Skib		 * If the generation differs from what we told
195701Skib		 * her before, she knows that something happened
99026Sjulian		 * while we were processing this request, and it
136177Sdavidxu		 * might be necessary to retry.
135269Sjulian		 */
271372Skib		s = splnet();
271372Skib		xig.xig_gen = ripcbinfo.ipi_gencnt;
271372Skib		xig.xig_sogen = so_gencnt;
135269Sjulian		xig.xig_count = ripcbinfo.ipi_count;
271372Skib		splx(s);
136160Sjulian		error = SYSCTL_OUT(req, &xig, sizeof xig);
271372Skib	}
271372Skib	free(inp_list, M_TEMP);
271372Skib	return error;
271372Skib}
271372Skib
271372Skib/*
271372Skib * This is the wrapper function for in_setsockaddr.  We just pass down
271372Skib * the pcbinfo for in_setpeeraddr to lock.
271372Skib */
271372Skibstatic int
271372Skibrip_sockaddr(struct socket *so, struct sockaddr **nam)
271372Skib{
283004Skib	return (in_setsockaddr(so, nam, &ripcbinfo));
283004Skib}
283004Skib
283004Skib/*
283004Skib * This is the wrapper function for in_setpeeraddr.  We just pass down
283004Skib * the pcbinfo for in_setpeeraddr to lock.
283004Skib */
283004Skibstatic int
283004Skibrip_peeraddr(struct socket *so, struct sockaddr **nam)
283004Skib{
283004Skib	return (in_setpeeraddr(so, nam, &ripcbinfo));
283004Skib}
283004Skib
283004Skib
283004SkibSYSCTL_PROC(_net_inet_raw, OID_AUTO/*XXX*/, pcblist, CTLFLAG_RD, 0, 0,
283004Skib	    rip_pcblist, "S,xinpcb", "List of active raw IP sockets");
283004Skib
283004Skibstruct pr_usrreqs rip_usrreqs = {
283004Skib	rip_abort, pru_accept_notsupp, rip_attach, rip_bind, rip_connect,
283004Skib	pru_connect2_notsupp, in_control, rip_detach, rip_disconnect,
283004Skib	pru_listen_notsupp, rip_peeraddr, pru_rcvd_notsupp,
283004Skib	pru_rcvoob_notsupp, rip_send, pru_sense_null, rip_shutdown,
283004Skib	rip_sockaddr, sosend, soreceive, sopoll
111028Sjeff};
184667Sdavidxu