udp6_usrreq.c revision 1.144
1/* $NetBSD: udp6_usrreq.c,v 1.144 2018/11/22 04:48:34 knakahara Exp $ */ 2/* $KAME: udp6_usrreq.c,v 1.86 2001/05/27 17:33:00 itojun Exp $ */ 3/* $KAME: udp6_output.c,v 1.43 2001/10/15 09:19:52 itojun Exp $ */ 4 5/* 6 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. 7 * All rights reserved. 8 * 9 * Redistribution and use in source and binary forms, with or without 10 * modification, are permitted provided that the following conditions 11 * are met: 12 * 1. Redistributions of source code must retain the above copyright 13 * notice, this list of conditions and the following disclaimer. 14 * 2. Redistributions in binary form must reproduce the above copyright 15 * notice, this list of conditions and the following disclaimer in the 16 * documentation and/or other materials provided with the distribution. 17 * 3. Neither the name of the project nor the names of its contributors 18 * may be used to endorse or promote products derived from this software 19 * without specific prior written permission. 20 * 21 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND 22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 24 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 31 * SUCH DAMAGE. 32 */ 33 34/* 35 * Copyright (c) 1982, 1986, 1989, 1993 36 * The Regents of the University of California. All rights reserved. 37 * 38 * Redistribution and use in source and binary forms, with or without 39 * modification, are permitted provided that the following conditions 40 * are met: 41 * 1. Redistributions of source code must retain the above copyright 42 * notice, this list of conditions and the following disclaimer. 43 * 2. Redistributions in binary form must reproduce the above copyright 44 * notice, this list of conditions and the following disclaimer in the 45 * documentation and/or other materials provided with the distribution. 46 * 3. Neither the name of the University nor the names of its contributors 47 * may be used to endorse or promote products derived from this software 48 * without specific prior written permission. 49 * 50 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 51 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 52 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 53 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 54 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 55 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 56 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 57 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 58 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 59 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 60 * SUCH DAMAGE. 61 * 62 * @(#)udp_var.h 8.1 (Berkeley) 6/10/93 63 */ 64 65#include <sys/cdefs.h> 66__KERNEL_RCSID(0, "$NetBSD: udp6_usrreq.c,v 1.144 2018/11/22 04:48:34 knakahara Exp $"); 67 68#ifdef _KERNEL_OPT 69#include "opt_inet.h" 70#include "opt_inet_csum.h" 71#include "opt_ipsec.h" 72#include "opt_net_mpsafe.h" 73#endif 74 75#include <sys/param.h> 76#include <sys/mbuf.h> 77#include <sys/protosw.h> 78#include <sys/socket.h> 79#include <sys/socketvar.h> 80#include <sys/systm.h> 81#include <sys/proc.h> 82#include <sys/syslog.h> 83#include <sys/domain.h> 84#include <sys/sysctl.h> 85 86#include <net/if.h> 87#include <net/if_types.h> 88 89#include <netinet/in.h> 90#include <netinet/in_var.h> 91#include <netinet/in_systm.h> 92#include <netinet/in_offload.h> 93#include <netinet/ip.h> 94#include <netinet/ip_var.h> 95#include <netinet/in_pcb.h> 96#include <netinet/udp.h> 97#include <netinet/udp_var.h> 98#include <netinet/udp_private.h> 99 100#include <netinet/ip6.h> 101#include <netinet/icmp6.h> 102#include <netinet6/ip6_var.h> 103#include <netinet6/ip6_private.h> 104#include <netinet6/in6_pcb.h> 105#include <netinet6/udp6_var.h> 106#include <netinet6/udp6_private.h> 107#include <netinet6/ip6protosw.h> 108#include <netinet6/scope6_var.h> 109 110#ifdef IPSEC 111#include <netipsec/ipsec.h> 112#include <netipsec/esp.h> 113#ifdef INET6 114#include <netipsec/ipsec6.h> 115#endif 116#endif 117 118#include "faith.h" 119#if defined(NFAITH) && NFAITH > 0 120#include <net/if_faith.h> 121#endif 122 123/* 124 * UDP protocol implementation. 125 * Per RFC 768, August, 1980. 126 */ 127 128extern struct inpcbtable udbtable; 129 130percpu_t *udp6stat_percpu; 131 132/* UDP on IP6 parameters */ 133static int udp6_sendspace = 9216; /* really max datagram size */ 134static int udp6_recvspace = 40 * (1024 + sizeof(struct sockaddr_in6)); 135 /* 40 1K datagrams */ 136 137static void udp6_notify(struct in6pcb *, int); 138static void sysctl_net_inet6_udp6_setup(struct sysctllog **); 139#ifdef IPSEC 140static int udp6_espinudp(struct mbuf **, int, struct sockaddr *, 141 struct socket *); 142#endif 143 144#ifdef UDP_CSUM_COUNTERS 145#include <sys/device.h> 146struct evcnt udp6_hwcsum_bad = EVCNT_INITIALIZER(EVCNT_TYPE_MISC, 147 NULL, "udp6", "hwcsum bad"); 148struct evcnt udp6_hwcsum_ok = EVCNT_INITIALIZER(EVCNT_TYPE_MISC, 149 NULL, "udp6", "hwcsum ok"); 150struct evcnt udp6_hwcsum_data = EVCNT_INITIALIZER(EVCNT_TYPE_MISC, 151 NULL, "udp6", "hwcsum data"); 152struct evcnt udp6_swcsum = EVCNT_INITIALIZER(EVCNT_TYPE_MISC, 153 NULL, "udp6", "swcsum"); 154 155EVCNT_ATTACH_STATIC(udp6_hwcsum_bad); 156EVCNT_ATTACH_STATIC(udp6_hwcsum_ok); 157EVCNT_ATTACH_STATIC(udp6_hwcsum_data); 158EVCNT_ATTACH_STATIC(udp6_swcsum); 159 160#define UDP_CSUM_COUNTER_INCR(ev) (ev)->ev_count++ 161#else 162#define UDP_CSUM_COUNTER_INCR(ev) /* nothing */ 163#endif 164 165void 166udp6_init(void) 167{ 168 sysctl_net_inet6_udp6_setup(NULL); 169 udp6stat_percpu = percpu_alloc(sizeof(uint64_t) * UDP6_NSTATS); 170 171 udp_init_common(); 172} 173 174/* 175 * Notify a udp user of an asynchronous error; 176 * just wake up so that he can collect error status. 177 */ 178static void 179udp6_notify(struct in6pcb *in6p, int errno) 180{ 181 in6p->in6p_socket->so_error = errno; 182 sorwakeup(in6p->in6p_socket); 183 sowwakeup(in6p->in6p_socket); 184} 185 186void * 187udp6_ctlinput(int cmd, const struct sockaddr *sa, void *d) 188{ 189 struct udphdr uh; 190 struct ip6_hdr *ip6; 191 const struct sockaddr_in6 *sa6 = (const struct sockaddr_in6 *)sa; 192 struct mbuf *m; 193 int off; 194 void *cmdarg; 195 struct ip6ctlparam *ip6cp = NULL; 196 const struct sockaddr_in6 *sa6_src = NULL; 197 void (*notify)(struct in6pcb *, int) = udp6_notify; 198 struct udp_portonly { 199 u_int16_t uh_sport; 200 u_int16_t uh_dport; 201 } *uhp; 202 203 if (sa->sa_family != AF_INET6 || 204 sa->sa_len != sizeof(struct sockaddr_in6)) 205 return NULL; 206 207 if ((unsigned)cmd >= PRC_NCMDS) 208 return NULL; 209 if (PRC_IS_REDIRECT(cmd)) 210 notify = in6_rtchange, d = NULL; 211 else if (cmd == PRC_HOSTDEAD) 212 d = NULL; 213 else if (cmd == PRC_MSGSIZE) { 214 /* special code is present, see below */ 215 notify = in6_rtchange; 216 } 217 else if (inet6ctlerrmap[cmd] == 0) 218 return NULL; 219 220 /* if the parameter is from icmp6, decode it. */ 221 if (d != NULL) { 222 ip6cp = (struct ip6ctlparam *)d; 223 m = ip6cp->ip6c_m; 224 ip6 = ip6cp->ip6c_ip6; 225 off = ip6cp->ip6c_off; 226 cmdarg = ip6cp->ip6c_cmdarg; 227 sa6_src = ip6cp->ip6c_src; 228 } else { 229 m = NULL; 230 ip6 = NULL; 231 cmdarg = NULL; 232 sa6_src = &sa6_any; 233 off = 0; 234 } 235 236 if (ip6) { 237 /* check if we can safely examine src and dst ports */ 238 if (m->m_pkthdr.len < off + sizeof(*uhp)) { 239 if (cmd == PRC_MSGSIZE) 240 icmp6_mtudisc_update((struct ip6ctlparam *)d, 0); 241 return NULL; 242 } 243 244 memset(&uh, 0, sizeof(uh)); 245 m_copydata(m, off, sizeof(*uhp), (void *)&uh); 246 247 if (cmd == PRC_MSGSIZE) { 248 int valid = 0; 249 250 /* 251 * Check to see if we have a valid UDP socket 252 * corresponding to the address in the ICMPv6 message 253 * payload. 254 */ 255 if (in6_pcblookup_connect(&udbtable, &sa6->sin6_addr, 256 uh.uh_dport, (const struct in6_addr *)&sa6_src->sin6_addr, 257 uh.uh_sport, 0, 0)) 258 valid++; 259#if 0 260 /* 261 * As the use of sendto(2) is fairly popular, 262 * we may want to allow non-connected pcb too. 263 * But it could be too weak against attacks... 264 * We should at least check if the local address (= s) 265 * is really ours. 266 */ 267 else if (in6_pcblookup_bind(&udbtable, &sa6->sin6_addr, 268 uh.uh_dport, 0)) 269 valid++; 270#endif 271 272 /* 273 * Depending on the value of "valid" and routing table 274 * size (mtudisc_{hi,lo}wat), we will: 275 * - recalculate the new MTU and create the 276 * corresponding routing entry, or 277 * - ignore the MTU change notification. 278 */ 279 icmp6_mtudisc_update((struct ip6ctlparam *)d, valid); 280 281 /* 282 * regardless of if we called 283 * icmp6_mtudisc_update(), we need to call 284 * in6_pcbnotify(), to notify path MTU change 285 * to the userland (RFC3542), because some 286 * unconnected sockets may share the same 287 * destination and want to know the path MTU. 288 */ 289 } 290 291 (void)in6_pcbnotify(&udbtable, sa, uh.uh_dport, 292 sin6tocsa(sa6_src), uh.uh_sport, cmd, cmdarg, 293 notify); 294 } else { 295 (void)in6_pcbnotify(&udbtable, sa, 0, 296 sin6tocsa(sa6_src), 0, cmd, cmdarg, notify); 297 } 298 return NULL; 299} 300 301int 302udp6_ctloutput(int op, struct socket *so, struct sockopt *sopt) 303{ 304 int s; 305 int error = 0; 306 struct in6pcb *in6p; 307 int family; 308 int optval; 309 310 family = so->so_proto->pr_domain->dom_family; 311 312 s = splsoftnet(); 313 switch (family) { 314#ifdef INET 315 case PF_INET: 316 if (sopt->sopt_level != IPPROTO_UDP) { 317 error = ip_ctloutput(op, so, sopt); 318 goto end; 319 } 320 break; 321#endif 322#ifdef INET6 323 case PF_INET6: 324 if (sopt->sopt_level != IPPROTO_UDP) { 325 error = ip6_ctloutput(op, so, sopt); 326 goto end; 327 } 328 break; 329#endif 330 default: 331 error = EAFNOSUPPORT; 332 goto end; 333 } 334 335 switch (op) { 336 case PRCO_SETOPT: 337 in6p = sotoin6pcb(so); 338 339 switch (sopt->sopt_name) { 340 case UDP_ENCAP: 341 error = sockopt_getint(sopt, &optval); 342 if (error) 343 break; 344 345 switch(optval) { 346 case 0: 347 in6p->in6p_flags &= ~IN6P_ESPINUDP; 348 break; 349 350 case UDP_ENCAP_ESPINUDP: 351 in6p->in6p_flags |= IN6P_ESPINUDP; 352 break; 353 354 default: 355 error = EINVAL; 356 break; 357 } 358 break; 359 360 default: 361 error = ENOPROTOOPT; 362 break; 363 } 364 break; 365 366 default: 367 error = EINVAL; 368 break; 369 } 370 371end: 372 splx(s); 373 return error; 374} 375 376static void 377udp6_sendup(struct mbuf *m, int off /* offset of data portion */, 378 struct sockaddr *src, struct socket *so) 379{ 380 struct mbuf *opts = NULL; 381 struct mbuf *n; 382 struct in6pcb *in6p; 383 384 KASSERT(so != NULL); 385 KASSERT(so->so_proto->pr_domain->dom_family == AF_INET6); 386 in6p = sotoin6pcb(so); 387 KASSERT(in6p != NULL); 388 389#if defined(IPSEC) 390 if (ipsec_used && ipsec_in_reject(m, in6p)) { 391 if ((n = m_copypacket(m, M_DONTWAIT)) != NULL) 392 icmp6_error(n, ICMP6_DST_UNREACH, 393 ICMP6_DST_UNREACH_ADMIN, 0); 394 return; 395 } 396#endif 397 398 if ((n = m_copypacket(m, M_DONTWAIT)) != NULL) { 399 if (in6p->in6p_flags & IN6P_CONTROLOPTS || 400 SOOPT_TIMESTAMP(in6p->in6p_socket->so_options)) { 401 struct ip6_hdr *ip6 = mtod(n, struct ip6_hdr *); 402 ip6_savecontrol(in6p, &opts, ip6, n); 403 } 404 405 m_adj(n, off); 406 if (sbappendaddr(&so->so_rcv, src, n, opts) == 0) { 407 m_freem(n); 408 if (opts) 409 m_freem(opts); 410 UDP6_STATINC(UDP6_STAT_FULLSOCK); 411 soroverflow(so); 412 } else 413 sorwakeup(so); 414 } 415} 416 417int 418udp6_realinput(int af, struct sockaddr_in6 *src, struct sockaddr_in6 *dst, 419 struct mbuf **mp, int off) 420{ 421 u_int16_t sport, dport; 422 int rcvcnt; 423 struct in6_addr src6, *dst6; 424 const struct in_addr *dst4; 425 struct inpcb_hdr *inph; 426 struct in6pcb *in6p; 427 struct mbuf *m = *mp; 428 429 rcvcnt = 0; 430 off += sizeof(struct udphdr); /* now, offset of payload */ 431 432 if (af != AF_INET && af != AF_INET6) 433 goto bad; 434 if (src->sin6_family != AF_INET6 || dst->sin6_family != AF_INET6) 435 goto bad; 436 437 src6 = src->sin6_addr; 438 if (sa6_recoverscope(src) != 0) { 439 /* XXX: should be impossible. */ 440 goto bad; 441 } 442 sport = src->sin6_port; 443 444 dport = dst->sin6_port; 445 dst4 = (struct in_addr *)&dst->sin6_addr.s6_addr[12]; 446 dst6 = &dst->sin6_addr; 447 448 if (IN6_IS_ADDR_MULTICAST(dst6) || 449 (af == AF_INET && IN_MULTICAST(dst4->s_addr))) { 450 /* 451 * Deliver a multicast or broadcast datagram to *all* sockets 452 * for which the local and remote addresses and ports match 453 * those of the incoming datagram. This allows more than 454 * one process to receive multi/broadcasts on the same port. 455 * (This really ought to be done for unicast datagrams as 456 * well, but that would cause problems with existing 457 * applications that open both address-specific sockets and 458 * a wildcard socket listening to the same port -- they would 459 * end up receiving duplicates of every unicast datagram. 460 * Those applications open the multiple sockets to overcome an 461 * inadequacy of the UDP socket interface, but for backwards 462 * compatibility we avoid the problem here rather than 463 * fixing the interface. Maybe 4.5BSD will remedy this?) 464 */ 465 466 /* 467 * KAME note: traditionally we dropped udpiphdr from mbuf here. 468 * we need udpiphdr for IPsec processing so we do that later. 469 */ 470 /* 471 * Locate pcb(s) for datagram. 472 */ 473 TAILQ_FOREACH(inph, &udbtable.inpt_queue, inph_queue) { 474 in6p = (struct in6pcb *)inph; 475 if (in6p->in6p_af != AF_INET6) 476 continue; 477 478 if (in6p->in6p_lport != dport) 479 continue; 480 if (!IN6_IS_ADDR_UNSPECIFIED(&in6p->in6p_laddr)) { 481 if (!IN6_ARE_ADDR_EQUAL(&in6p->in6p_laddr, 482 dst6)) 483 continue; 484 } else { 485 if (IN6_IS_ADDR_V4MAPPED(dst6) && 486 (in6p->in6p_flags & IN6P_IPV6_V6ONLY)) 487 continue; 488 } 489 if (!IN6_IS_ADDR_UNSPECIFIED(&in6p->in6p_faddr)) { 490 if (!IN6_ARE_ADDR_EQUAL(&in6p->in6p_faddr, 491 &src6) || in6p->in6p_fport != sport) 492 continue; 493 } else { 494 if (IN6_IS_ADDR_V4MAPPED(&src6) && 495 (in6p->in6p_flags & IN6P_IPV6_V6ONLY)) 496 continue; 497 } 498 499 udp6_sendup(m, off, sin6tosa(src), in6p->in6p_socket); 500 rcvcnt++; 501 502 /* 503 * Don't look for additional matches if this one does 504 * not have either the SO_REUSEPORT or SO_REUSEADDR 505 * socket options set. This heuristic avoids searching 506 * through all pcbs in the common case of a non-shared 507 * port. It assumes that an application will never 508 * clear these options after setting them. 509 */ 510 if ((in6p->in6p_socket->so_options & 511 (SO_REUSEPORT|SO_REUSEADDR)) == 0) 512 break; 513 } 514 } else { 515 /* 516 * Locate pcb for datagram. 517 */ 518 in6p = in6_pcblookup_connect(&udbtable, &src6, sport, dst6, 519 dport, 0, 0); 520 if (in6p == 0) { 521 UDP_STATINC(UDP_STAT_PCBHASHMISS); 522 in6p = in6_pcblookup_bind(&udbtable, dst6, dport, 0); 523 if (in6p == 0) 524 return rcvcnt; 525 } 526 527#ifdef IPSEC 528 /* Handle ESP over UDP */ 529 if (in6p->in6p_flags & IN6P_ESPINUDP) { 530 struct sockaddr *sa = (struct sockaddr *)src; 531 532 switch (udp6_espinudp(mp, off, sa, in6p->in6p_socket)) { 533 case -1: /* Error, m was freed */ 534 rcvcnt = -1; 535 goto bad; 536 537 case 1: /* ESP over UDP */ 538 rcvcnt++; 539 goto bad; 540 541 case 0: /* plain UDP */ 542 default: /* Unexpected */ 543 /* 544 * Normal UDP processing will take place, 545 * m may have changed. 546 */ 547 m = *mp; 548 break; 549 } 550 } 551#endif 552 553 udp6_sendup(m, off, sin6tosa(src), in6p->in6p_socket); 554 rcvcnt++; 555 } 556 557bad: 558 return rcvcnt; 559} 560 561int 562udp6_input_checksum(struct mbuf *m, const struct udphdr *uh, int off, int len) 563{ 564 565 /* 566 * XXX it's better to record and check if this mbuf is 567 * already checked. 568 */ 569 570 if (__predict_false((m->m_flags & M_LOOP) && !udp_do_loopback_cksum)) { 571 goto good; 572 } 573 if (uh->uh_sum == 0) { 574 UDP6_STATINC(UDP6_STAT_NOSUM); 575 goto bad; 576 } 577 578 switch (m->m_pkthdr.csum_flags & 579 ((m_get_rcvif_NOMPSAFE(m)->if_csum_flags_rx & M_CSUM_UDPv6) | 580 M_CSUM_TCP_UDP_BAD | M_CSUM_DATA)) { 581 case M_CSUM_UDPv6|M_CSUM_TCP_UDP_BAD: 582 UDP_CSUM_COUNTER_INCR(&udp6_hwcsum_bad); 583 UDP6_STATINC(UDP6_STAT_BADSUM); 584 goto bad; 585 586#if 0 /* notyet */ 587 case M_CSUM_UDPv6|M_CSUM_DATA: 588#endif 589 590 case M_CSUM_UDPv6: 591 /* Checksum was okay. */ 592 UDP_CSUM_COUNTER_INCR(&udp6_hwcsum_ok); 593 break; 594 595 default: 596 /* 597 * Need to compute it ourselves. Maybe skip checksum 598 * on loopback interfaces. 599 */ 600 UDP_CSUM_COUNTER_INCR(&udp6_swcsum); 601 if (in6_cksum(m, IPPROTO_UDP, off, len) != 0) { 602 UDP6_STATINC(UDP6_STAT_BADSUM); 603 goto bad; 604 } 605 } 606 607good: 608 return 0; 609bad: 610 return -1; 611} 612 613int 614udp6_input(struct mbuf **mp, int *offp, int proto) 615{ 616 struct mbuf *m = *mp; 617 int off = *offp; 618 struct sockaddr_in6 src, dst; 619 struct ip6_hdr *ip6; 620 struct udphdr *uh; 621 u_int32_t plen, ulen; 622 623 ip6 = mtod(m, struct ip6_hdr *); 624 625#if defined(NFAITH) && 0 < NFAITH 626 if (faithprefix(&ip6->ip6_dst)) { 627 /* send icmp6 host unreach? */ 628 m_freem(m); 629 return IPPROTO_DONE; 630 } 631#endif 632 633 UDP6_STATINC(UDP6_STAT_IPACKETS); 634 635 /* Check for jumbogram is done in ip6_input. We can trust pkthdr.len. */ 636 plen = m->m_pkthdr.len - off; 637 IP6_EXTHDR_GET(uh, struct udphdr *, m, off, sizeof(struct udphdr)); 638 if (uh == NULL) { 639 IP6_STATINC(IP6_STAT_TOOSHORT); 640 return IPPROTO_DONE; 641 } 642 643 /* 644 * Enforce alignment requirements that are violated in 645 * some cases, see kern/50766 for details. 646 */ 647 if (UDP_HDR_ALIGNED_P(uh) == 0) { 648 m = m_copyup(m, off + sizeof(struct udphdr), 0); 649 if (m == NULL) { 650 IP6_STATINC(IP6_STAT_TOOSHORT); 651 return IPPROTO_DONE; 652 } 653 ip6 = mtod(m, struct ip6_hdr *); 654 uh = (struct udphdr *)(mtod(m, char *) + off); 655 } 656 KASSERT(UDP_HDR_ALIGNED_P(uh)); 657 ulen = ntohs((u_short)uh->uh_ulen); 658 659 /* 660 * RFC2675 section 4: jumbograms will have 0 in the UDP header field, 661 * iff payload length > 0xffff. 662 */ 663 if (ulen == 0 && plen > 0xffff) 664 ulen = plen; 665 666 if (plen != ulen) { 667 UDP6_STATINC(UDP6_STAT_BADLEN); 668 goto bad; 669 } 670 671 /* destination port of 0 is illegal, based on RFC768. */ 672 if (uh->uh_dport == 0) 673 goto bad; 674 675 /* 676 * Checksum extended UDP header and data. Maybe skip checksum 677 * on loopback interfaces. 678 */ 679 if (udp6_input_checksum(m, uh, off, ulen)) 680 goto bad; 681 682 /* 683 * Construct source and dst sockaddrs. 684 */ 685 memset(&src, 0, sizeof(src)); 686 src.sin6_family = AF_INET6; 687 src.sin6_len = sizeof(struct sockaddr_in6); 688 src.sin6_addr = ip6->ip6_src; 689 src.sin6_port = uh->uh_sport; 690 memset(&dst, 0, sizeof(dst)); 691 dst.sin6_family = AF_INET6; 692 dst.sin6_len = sizeof(struct sockaddr_in6); 693 dst.sin6_addr = ip6->ip6_dst; 694 dst.sin6_port = uh->uh_dport; 695 696 if (udp6_realinput(AF_INET6, &src, &dst, &m, off) == 0) { 697 if (m->m_flags & M_MCAST) { 698 UDP6_STATINC(UDP6_STAT_NOPORTMCAST); 699 goto bad; 700 } 701 UDP6_STATINC(UDP6_STAT_NOPORT); 702 icmp6_error(m, ICMP6_DST_UNREACH, ICMP6_DST_UNREACH_NOPORT, 0); 703 m = NULL; 704 } 705 706bad: 707 if (m) 708 m_freem(m); 709 return IPPROTO_DONE; 710} 711 712int 713udp6_output(struct in6pcb * const in6p, struct mbuf *m, 714 struct sockaddr_in6 * const addr6, struct mbuf * const control, 715 struct lwp * const l) 716{ 717 u_int32_t ulen = m->m_pkthdr.len; 718 u_int32_t plen = sizeof(struct udphdr) + ulen; 719 struct ip6_hdr *ip6; 720 struct udphdr *udp6; 721 struct in6_addr _laddr, *laddr, *faddr; 722 struct in6_addr laddr_mapped; /* XXX ugly */ 723 struct sockaddr_in6 *sin6 = NULL; 724 struct ifnet *oifp = NULL; 725 int scope_ambiguous = 0; 726 u_int16_t fport; 727 int error = 0; 728 struct ip6_pktopts *optp = NULL; 729 struct ip6_pktopts opt; 730 int af = AF_INET6, hlen = sizeof(struct ip6_hdr); 731#ifdef INET 732 struct ip *ip; 733 struct udpiphdr *ui; 734 int flags = 0; 735#endif 736 struct sockaddr_in6 tmp; 737 738 if (addr6) { 739 sin6 = addr6; 740 if (sin6->sin6_len != sizeof(*sin6)) { 741 error = EINVAL; 742 goto release; 743 } 744 if (sin6->sin6_family != AF_INET6) { 745 error = EAFNOSUPPORT; 746 goto release; 747 } 748 749 /* protect *sin6 from overwrites */ 750 tmp = *sin6; 751 sin6 = &tmp; 752 753 /* 754 * Application should provide a proper zone ID or the use of 755 * default zone IDs should be enabled. Unfortunately, some 756 * applications do not behave as it should, so we need a 757 * workaround. Even if an appropriate ID is not determined, 758 * we'll see if we can determine the outgoing interface. If we 759 * can, determine the zone ID based on the interface below. 760 */ 761 if (sin6->sin6_scope_id == 0 && !ip6_use_defzone) 762 scope_ambiguous = 1; 763 if ((error = sa6_embedscope(sin6, ip6_use_defzone)) != 0) 764 goto release; 765 } 766 767 if (control) { 768 if (__predict_false(l == NULL)) { 769 panic("%s: control but no lwp", __func__); 770 } 771 if ((error = ip6_setpktopts(control, &opt, 772 in6p->in6p_outputopts, l->l_cred, IPPROTO_UDP)) != 0) 773 goto release; 774 optp = &opt; 775 } else 776 optp = in6p->in6p_outputopts; 777 778 779 if (sin6) { 780 /* 781 * Slightly different than v4 version in that we call 782 * in6_selectsrc and in6_pcbsetport to fill in the local 783 * address and port rather than in_pcbconnect. in_pcbconnect 784 * sets in6p_faddr which causes EISCONN below to be hit on 785 * subsequent sendto. 786 */ 787 if (sin6->sin6_port == 0) { 788 error = EADDRNOTAVAIL; 789 goto release; 790 } 791 792 if (!IN6_IS_ADDR_UNSPECIFIED(&in6p->in6p_faddr)) { 793 /* how about ::ffff:0.0.0.0 case? */ 794 error = EISCONN; 795 goto release; 796 } 797 798 faddr = &sin6->sin6_addr; 799 fport = sin6->sin6_port; /* allow 0 port */ 800 801 if (IN6_IS_ADDR_V4MAPPED(faddr)) { 802 if ((in6p->in6p_flags & IN6P_IPV6_V6ONLY)) { 803 /* 804 * I believe we should explicitly discard the 805 * packet when mapped addresses are disabled, 806 * rather than send the packet as an IPv6 one. 807 * If we chose the latter approach, the packet 808 * might be sent out on the wire based on the 809 * default route, the situation which we'd 810 * probably want to avoid. 811 * (20010421 jinmei@kame.net) 812 */ 813 error = EINVAL; 814 goto release; 815 } 816 if (!IN6_IS_ADDR_UNSPECIFIED(&in6p->in6p_laddr) && 817 !IN6_IS_ADDR_V4MAPPED(&in6p->in6p_laddr)) { 818 /* 819 * when remote addr is an IPv4-mapped address, 820 * local addr should not be an IPv6 address, 821 * since you cannot determine how to map IPv6 822 * source address to IPv4. 823 */ 824 error = EINVAL; 825 goto release; 826 } 827 828 af = AF_INET; 829 } 830 831 if (!IN6_IS_ADDR_V4MAPPED(faddr)) { 832 struct psref psref; 833 int bound = curlwp_bind(); 834 835 error = in6_selectsrc(sin6, optp, 836 in6p->in6p_moptions, 837 &in6p->in6p_route, 838 &in6p->in6p_laddr, &oifp, &psref, &_laddr); 839 if (error) 840 laddr = NULL; 841 else 842 laddr = &_laddr; 843 if (oifp && scope_ambiguous && 844 (error = in6_setscope(&sin6->sin6_addr, 845 oifp, NULL))) { 846 if_put(oifp, &psref); 847 curlwp_bindx(bound); 848 goto release; 849 } 850 if_put(oifp, &psref); 851 curlwp_bindx(bound); 852 } else { 853 /* 854 * XXX: freebsd[34] does not have in_selectsrc, but 855 * we can omit the whole part because freebsd4 calls 856 * udp_output() directly in this case, and thus we'll 857 * never see this path. 858 */ 859 if (IN6_IS_ADDR_UNSPECIFIED(&in6p->in6p_laddr)) { 860 struct sockaddr_in sin_dst; 861 struct in_addr ina; 862 struct in_ifaddr *ia4; 863 struct psref _psref; 864 int bound; 865 866 memcpy(&ina, &faddr->s6_addr[12], sizeof(ina)); 867 sockaddr_in_init(&sin_dst, &ina, 0); 868 bound = curlwp_bind(); 869 ia4 = in_selectsrc(&sin_dst, &in6p->in6p_route, 870 in6p->in6p_socket->so_options, NULL, 871 &error, &_psref); 872 if (ia4 == NULL) { 873 curlwp_bindx(bound); 874 if (error == 0) 875 error = EADDRNOTAVAIL; 876 goto release; 877 } 878 memset(&laddr_mapped, 0, sizeof(laddr_mapped)); 879 laddr_mapped.s6_addr16[5] = 0xffff; /* ugly */ 880 memcpy(&laddr_mapped.s6_addr[12], 881 &IA_SIN(ia4)->sin_addr, 882 sizeof(IA_SIN(ia4)->sin_addr)); 883 ia4_release(ia4, &_psref); 884 curlwp_bindx(bound); 885 laddr = &laddr_mapped; 886 } else 887 { 888 laddr = &in6p->in6p_laddr; /* XXX */ 889 } 890 } 891 if (laddr == NULL) { 892 if (error == 0) 893 error = EADDRNOTAVAIL; 894 goto release; 895 } 896 if (in6p->in6p_lport == 0) { 897 /* 898 * Craft a sockaddr_in6 for the local endpoint. Use the 899 * "any" as a base, set the address, and recover the 900 * scope. 901 */ 902 struct sockaddr_in6 lsin6 = 903 *((const struct sockaddr_in6 *)in6p->in6p_socket->so_proto->pr_domain->dom_sa_any); 904 lsin6.sin6_addr = *laddr; 905 error = sa6_recoverscope(&lsin6); 906 if (error) 907 goto release; 908 909 error = in6_pcbsetport(&lsin6, in6p, l); 910 911 if (error) { 912 in6p->in6p_laddr = in6addr_any; 913 goto release; 914 } 915 } 916 } else { 917 if (IN6_IS_ADDR_UNSPECIFIED(&in6p->in6p_faddr)) { 918 error = ENOTCONN; 919 goto release; 920 } 921 if (IN6_IS_ADDR_V4MAPPED(&in6p->in6p_faddr)) { 922 if ((in6p->in6p_flags & IN6P_IPV6_V6ONLY)) 923 { 924 /* 925 * XXX: this case would happen when the 926 * application sets the V6ONLY flag after 927 * connecting the foreign address. 928 * Such applications should be fixed, 929 * so we bark here. 930 */ 931 log(LOG_INFO, "udp6_output: IPV6_V6ONLY " 932 "option was set for a connected socket\n"); 933 error = EINVAL; 934 goto release; 935 } else 936 af = AF_INET; 937 } 938 laddr = &in6p->in6p_laddr; 939 faddr = &in6p->in6p_faddr; 940 fport = in6p->in6p_fport; 941 } 942 943 if (af == AF_INET) 944 hlen = sizeof(struct ip); 945 946 /* 947 * Calculate data length and get a mbuf 948 * for UDP and IP6 headers. 949 */ 950 M_PREPEND(m, hlen + sizeof(struct udphdr), M_DONTWAIT); 951 if (m == NULL) { 952 error = ENOBUFS; 953 goto release; 954 } 955 956 /* 957 * Stuff checksum and output datagram. 958 */ 959 udp6 = (struct udphdr *)(mtod(m, char *) + hlen); 960 udp6->uh_sport = in6p->in6p_lport; /* lport is always set in the PCB */ 961 udp6->uh_dport = fport; 962 if (plen <= 0xffff) 963 udp6->uh_ulen = htons((u_int16_t)plen); 964 else 965 udp6->uh_ulen = 0; 966 udp6->uh_sum = 0; 967 968 switch (af) { 969 case AF_INET6: 970 ip6 = mtod(m, struct ip6_hdr *); 971 ip6->ip6_flow = in6p->in6p_flowinfo & IPV6_FLOWINFO_MASK; 972 ip6->ip6_vfc &= ~IPV6_VERSION_MASK; 973 ip6->ip6_vfc |= IPV6_VERSION; 974#if 0 /* ip6_plen will be filled in ip6_output. */ 975 ip6->ip6_plen = htons((u_int16_t)plen); 976#endif 977 ip6->ip6_nxt = IPPROTO_UDP; 978 ip6->ip6_hlim = in6_selecthlim_rt(in6p); 979 ip6->ip6_src = *laddr; 980 ip6->ip6_dst = *faddr; 981 982 udp6->uh_sum = in6_cksum_phdr(laddr, faddr, 983 htonl(plen), htonl(IPPROTO_UDP)); 984 m->m_pkthdr.csum_flags = M_CSUM_UDPv6; 985 m->m_pkthdr.csum_data = offsetof(struct udphdr, uh_sum); 986 987 UDP6_STATINC(UDP6_STAT_OPACKETS); 988 error = ip6_output(m, optp, &in6p->in6p_route, 0, 989 in6p->in6p_moptions, in6p, NULL); 990 break; 991 case AF_INET: 992#ifdef INET 993 /* can't transmit jumbogram over IPv4 */ 994 if (plen > 0xffff) { 995 error = EMSGSIZE; 996 goto release; 997 } 998 999 ip = mtod(m, struct ip *); 1000 ui = (struct udpiphdr *)ip; 1001 memset(ui->ui_x1, 0, sizeof(ui->ui_x1)); 1002 ui->ui_pr = IPPROTO_UDP; 1003 ui->ui_len = htons(plen); 1004 memcpy(&ui->ui_src, &laddr->s6_addr[12], sizeof(ui->ui_src)); 1005 ui->ui_ulen = ui->ui_len; 1006 1007 flags = (in6p->in6p_socket->so_options & 1008 (SO_DONTROUTE | SO_BROADCAST)); 1009 memcpy(&ui->ui_dst, &faddr->s6_addr[12], sizeof(ui->ui_dst)); 1010 1011 udp6->uh_sum = in_cksum(m, hlen + plen); 1012 if (udp6->uh_sum == 0) 1013 udp6->uh_sum = 0xffff; 1014 1015 ip->ip_len = htons(hlen + plen); 1016 ip->ip_ttl = in6_selecthlim(in6p, NULL); /* XXX */ 1017 ip->ip_tos = 0; /* XXX */ 1018 1019 UDP_STATINC(UDP_STAT_OPACKETS); 1020 error = ip_output(m, NULL, &in6p->in6p_route, flags /* XXX */, 1021 in6p->in6p_v4moptions, NULL); 1022 break; 1023#else 1024 error = EAFNOSUPPORT; 1025 goto release; 1026#endif 1027 } 1028 goto releaseopt; 1029 1030release: 1031 m_freem(m); 1032 1033releaseopt: 1034 if (control) { 1035 if (optp == &opt) 1036 ip6_clearpktopts(&opt, -1); 1037 m_freem(control); 1038 } 1039 return (error); 1040} 1041 1042static int 1043udp6_attach(struct socket *so, int proto) 1044{ 1045 struct in6pcb *in6p; 1046 int s, error; 1047 1048 KASSERT(sotoin6pcb(so) == NULL); 1049 sosetlock(so); 1050 1051 /* 1052 * MAPPED_ADDR implementation spec: 1053 * Always attach for IPv6, and only when necessary for IPv4. 1054 */ 1055 s = splsoftnet(); 1056 error = in6_pcballoc(so, &udbtable); 1057 splx(s); 1058 if (error) { 1059 return error; 1060 } 1061 error = soreserve(so, udp6_sendspace, udp6_recvspace); 1062 if (error) { 1063 return error; 1064 } 1065 in6p = sotoin6pcb(so); 1066 in6p->in6p_cksum = -1; /* just to be sure */ 1067 1068 KASSERT(solocked(so)); 1069 return 0; 1070} 1071 1072static void 1073udp6_detach(struct socket *so) 1074{ 1075 struct in6pcb *in6p = sotoin6pcb(so); 1076 int s; 1077 1078 KASSERT(solocked(so)); 1079 KASSERT(in6p != NULL); 1080 1081 s = splsoftnet(); 1082 in6_pcbdetach(in6p); 1083 splx(s); 1084} 1085 1086static int 1087udp6_accept(struct socket *so, struct sockaddr *nam) 1088{ 1089 KASSERT(solocked(so)); 1090 1091 return EOPNOTSUPP; 1092} 1093 1094static int 1095udp6_bind(struct socket *so, struct sockaddr *nam, struct lwp *l) 1096{ 1097 struct in6pcb *in6p = sotoin6pcb(so); 1098 struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)nam; 1099 int error = 0; 1100 int s; 1101 1102 KASSERT(solocked(so)); 1103 KASSERT(in6p != NULL); 1104 1105 s = splsoftnet(); 1106 error = in6_pcbbind(in6p, sin6, l); 1107 splx(s); 1108 return error; 1109} 1110 1111static int 1112udp6_listen(struct socket *so, struct lwp *l) 1113{ 1114 KASSERT(solocked(so)); 1115 1116 return EOPNOTSUPP; 1117} 1118 1119static int 1120udp6_connect(struct socket *so, struct sockaddr *nam, struct lwp *l) 1121{ 1122 struct in6pcb *in6p = sotoin6pcb(so); 1123 int error = 0; 1124 int s; 1125 1126 KASSERT(solocked(so)); 1127 KASSERT(in6p != NULL); 1128 1129 if (!IN6_IS_ADDR_UNSPECIFIED(&in6p->in6p_faddr)) 1130 return EISCONN; 1131 s = splsoftnet(); 1132 error = in6_pcbconnect(in6p, (struct sockaddr_in6 *)nam, l); 1133 splx(s); 1134 if (error == 0) 1135 soisconnected(so); 1136 1137 return error; 1138} 1139 1140static int 1141udp6_connect2(struct socket *so, struct socket *so2) 1142{ 1143 KASSERT(solocked(so)); 1144 1145 return EOPNOTSUPP; 1146} 1147 1148static int 1149udp6_disconnect(struct socket *so) 1150{ 1151 struct in6pcb *in6p = sotoin6pcb(so); 1152 int s; 1153 1154 KASSERT(solocked(so)); 1155 KASSERT(in6p != NULL); 1156 1157 if (IN6_IS_ADDR_UNSPECIFIED(&in6p->in6p_faddr)) 1158 return ENOTCONN; 1159 1160 s = splsoftnet(); 1161 in6_pcbdisconnect(in6p); 1162 memset((void *)&in6p->in6p_laddr, 0, sizeof(in6p->in6p_laddr)); 1163 splx(s); 1164 1165 so->so_state &= ~SS_ISCONNECTED; /* XXX */ 1166 in6_pcbstate(in6p, IN6P_BOUND); /* XXX */ 1167 return 0; 1168} 1169 1170static int 1171udp6_shutdown(struct socket *so) 1172{ 1173 int s; 1174 1175 s = splsoftnet(); 1176 socantsendmore(so); 1177 splx(s); 1178 1179 return 0; 1180} 1181 1182static int 1183udp6_abort(struct socket *so) 1184{ 1185 int s; 1186 1187 KASSERT(solocked(so)); 1188 KASSERT(sotoin6pcb(so) != NULL); 1189 1190 s = splsoftnet(); 1191 soisdisconnected(so); 1192 in6_pcbdetach(sotoin6pcb(so)); 1193 splx(s); 1194 1195 return 0; 1196} 1197 1198static int 1199udp6_ioctl(struct socket *so, u_long cmd, void *addr6, struct ifnet *ifp) 1200{ 1201 /* 1202 * MAPPED_ADDR implementation info: 1203 * Mapped addr support for PRU_CONTROL is not necessary. 1204 * Because typical user of PRU_CONTROL is such as ifconfig, 1205 * and they don't associate any addr to their socket. Then 1206 * socket family is only hint about the PRU_CONTROL'ed address 1207 * family, especially when getting addrs from kernel. 1208 * So AF_INET socket need to be used to control AF_INET addrs, 1209 * and AF_INET6 socket for AF_INET6 addrs. 1210 */ 1211 return in6_control(so, cmd, addr6, ifp); 1212} 1213 1214static int 1215udp6_stat(struct socket *so, struct stat *ub) 1216{ 1217 KASSERT(solocked(so)); 1218 1219 /* stat: don't bother with a blocksize */ 1220 return 0; 1221} 1222 1223static int 1224udp6_peeraddr(struct socket *so, struct sockaddr *nam) 1225{ 1226 KASSERT(solocked(so)); 1227 KASSERT(sotoin6pcb(so) != NULL); 1228 KASSERT(nam != NULL); 1229 1230 in6_setpeeraddr(sotoin6pcb(so), (struct sockaddr_in6 *)nam); 1231 return 0; 1232} 1233 1234static int 1235udp6_sockaddr(struct socket *so, struct sockaddr *nam) 1236{ 1237 KASSERT(solocked(so)); 1238 KASSERT(sotoin6pcb(so) != NULL); 1239 KASSERT(nam != NULL); 1240 1241 in6_setsockaddr(sotoin6pcb(so), (struct sockaddr_in6 *)nam); 1242 return 0; 1243} 1244 1245static int 1246udp6_rcvd(struct socket *so, int flags, struct lwp *l) 1247{ 1248 KASSERT(solocked(so)); 1249 1250 return EOPNOTSUPP; 1251} 1252 1253static int 1254udp6_recvoob(struct socket *so, struct mbuf *m, int flags) 1255{ 1256 KASSERT(solocked(so)); 1257 1258 return EOPNOTSUPP; 1259} 1260 1261static int 1262udp6_send(struct socket *so, struct mbuf *m, struct sockaddr *nam, 1263 struct mbuf *control, struct lwp *l) 1264{ 1265 struct in6pcb *in6p = sotoin6pcb(so); 1266 int error = 0; 1267 int s; 1268 1269 KASSERT(solocked(so)); 1270 KASSERT(in6p != NULL); 1271 KASSERT(m != NULL); 1272 1273 s = splsoftnet(); 1274 error = udp6_output(in6p, m, (struct sockaddr_in6 *)nam, control, l); 1275 splx(s); 1276 1277 return error; 1278} 1279 1280static int 1281udp6_sendoob(struct socket *so, struct mbuf *m, struct mbuf *control) 1282{ 1283 KASSERT(solocked(so)); 1284 1285 if (m) 1286 m_freem(m); 1287 if (control) 1288 m_freem(control); 1289 1290 return EOPNOTSUPP; 1291} 1292 1293static int 1294udp6_purgeif(struct socket *so, struct ifnet *ifp) 1295{ 1296 1297 mutex_enter(softnet_lock); 1298 in6_pcbpurgeif0(&udbtable, ifp); 1299#ifdef NET_MPSAFE 1300 mutex_exit(softnet_lock); 1301#endif 1302 in6_purgeif(ifp); 1303#ifdef NET_MPSAFE 1304 mutex_enter(softnet_lock); 1305#endif 1306 in6_pcbpurgeif(&udbtable, ifp); 1307 mutex_exit(softnet_lock); 1308 1309 return 0; 1310} 1311 1312static int 1313sysctl_net_inet6_udp6_stats(SYSCTLFN_ARGS) 1314{ 1315 1316 return (NETSTAT_SYSCTL(udp6stat_percpu, UDP6_NSTATS)); 1317} 1318 1319static void 1320sysctl_net_inet6_udp6_setup(struct sysctllog **clog) 1321{ 1322 1323 sysctl_createv(clog, 0, NULL, NULL, 1324 CTLFLAG_PERMANENT, 1325 CTLTYPE_NODE, "inet6", NULL, 1326 NULL, 0, NULL, 0, 1327 CTL_NET, PF_INET6, CTL_EOL); 1328 sysctl_createv(clog, 0, NULL, NULL, 1329 CTLFLAG_PERMANENT, 1330 CTLTYPE_NODE, "udp6", 1331 SYSCTL_DESCR("UDPv6 related settings"), 1332 NULL, 0, NULL, 0, 1333 CTL_NET, PF_INET6, IPPROTO_UDP, CTL_EOL); 1334 1335 sysctl_createv(clog, 0, NULL, NULL, 1336 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 1337 CTLTYPE_INT, "sendspace", 1338 SYSCTL_DESCR("Default UDP send buffer size"), 1339 NULL, 0, &udp6_sendspace, 0, 1340 CTL_NET, PF_INET6, IPPROTO_UDP, UDP6CTL_SENDSPACE, 1341 CTL_EOL); 1342 sysctl_createv(clog, 0, NULL, NULL, 1343 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 1344 CTLTYPE_INT, "recvspace", 1345 SYSCTL_DESCR("Default UDP receive buffer size"), 1346 NULL, 0, &udp6_recvspace, 0, 1347 CTL_NET, PF_INET6, IPPROTO_UDP, UDP6CTL_RECVSPACE, 1348 CTL_EOL); 1349 sysctl_createv(clog, 0, NULL, NULL, 1350 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 1351 CTLTYPE_INT, "do_loopback_cksum", 1352 SYSCTL_DESCR("Perform UDP checksum on loopback"), 1353 NULL, 0, &udp_do_loopback_cksum, 0, 1354 CTL_NET, PF_INET6, IPPROTO_UDP, UDP6CTL_LOOPBACKCKSUM, 1355 CTL_EOL); 1356 sysctl_createv(clog, 0, NULL, NULL, 1357 CTLFLAG_PERMANENT, 1358 CTLTYPE_STRUCT, "pcblist", 1359 SYSCTL_DESCR("UDP protocol control block list"), 1360 sysctl_inpcblist, 0, &udbtable, 0, 1361 CTL_NET, PF_INET6, IPPROTO_UDP, CTL_CREATE, 1362 CTL_EOL); 1363 sysctl_createv(clog, 0, NULL, NULL, 1364 CTLFLAG_PERMANENT, 1365 CTLTYPE_STRUCT, "stats", 1366 SYSCTL_DESCR("UDPv6 statistics"), 1367 sysctl_net_inet6_udp6_stats, 0, NULL, 0, 1368 CTL_NET, PF_INET6, IPPROTO_UDP, UDP6CTL_STATS, 1369 CTL_EOL); 1370} 1371 1372void 1373udp6_statinc(u_int stat) 1374{ 1375 1376 KASSERT(stat < UDP6_NSTATS); 1377 UDP6_STATINC(stat); 1378} 1379 1380#ifdef IPSEC 1381/* 1382 * Returns: 1383 * 1 if the packet was processed 1384 * 0 if normal UDP processing should take place 1385 * -1 if an error occurred and m was freed 1386 */ 1387static int 1388udp6_espinudp(struct mbuf **mp, int off, struct sockaddr *src, 1389 struct socket *so) 1390{ 1391 const size_t skip = sizeof(struct udphdr); 1392 size_t len; 1393 void *data; 1394 size_t minlen; 1395 int ip6hdrlen; 1396 struct ip6_hdr *ip6; 1397 struct m_tag *tag; 1398 struct udphdr *udphdr; 1399 u_int16_t sport, dport; 1400 struct mbuf *m = *mp; 1401 uint32_t *marker; 1402 1403 /* 1404 * Collapse the mbuf chain if the first mbuf is too short 1405 * The longest case is: UDP + non ESP marker + ESP 1406 */ 1407 minlen = off + sizeof(u_int64_t) + sizeof(struct esp); 1408 if (minlen > m->m_pkthdr.len) 1409 minlen = m->m_pkthdr.len; 1410 1411 if (m->m_len < minlen) { 1412 if ((*mp = m_pullup(m, minlen)) == NULL) { 1413 return -1; 1414 } 1415 m = *mp; 1416 } 1417 1418 len = m->m_len - off; 1419 data = mtod(m, char *) + off; 1420 1421 /* Ignore keepalive packets */ 1422 if ((len == 1) && (*(unsigned char *)data == 0xff)) { 1423 m_freem(m); 1424 *mp = NULL; /* avoid any further processing by caller ... */ 1425 return 1; 1426 } 1427 1428 /* Handle Non-ESP marker (32bit). If zero, then IKE. */ 1429 marker = (uint32_t *)data; 1430 if (len <= sizeof(uint32_t)) 1431 return 0; 1432 if (marker[0] == 0) 1433 return 0; 1434 1435 /* 1436 * Get the UDP ports. They are handled in network 1437 * order everywhere in IPSEC_NAT_T code. 1438 */ 1439 udphdr = (struct udphdr *)((char *)data - skip); 1440 sport = udphdr->uh_sport; 1441 dport = udphdr->uh_dport; 1442 1443 /* 1444 * Remove the UDP header (and possibly the non ESP marker) 1445 * IPv6 header length is ip6hdrlen 1446 * Before: 1447 * <---- off ---> 1448 * +-----+------+-----+ 1449 * | IP6 | UDP | ESP | 1450 * +-----+------+-----+ 1451 * <-skip-> 1452 * After: 1453 * +-----+-----+ 1454 * | IP6 | ESP | 1455 * +-----+-----+ 1456 * <-skip-> 1457 */ 1458 ip6hdrlen = off - sizeof(struct udphdr); 1459 memmove(mtod(m, char *) + skip, mtod(m, void *), ip6hdrlen); 1460 m_adj(m, skip); 1461 1462 ip6 = mtod(m, struct ip6_hdr *); 1463 ip6->ip6_plen = htons(ntohs(ip6->ip6_plen) - skip); 1464 ip6->ip6_nxt = IPPROTO_ESP; 1465 1466 /* 1467 * We have modified the packet - it is now ESP, so we should not 1468 * return to UDP processing ... 1469 * 1470 * Add a PACKET_TAG_IPSEC_NAT_T_PORT tag to remember 1471 * the source UDP port. This is required if we want 1472 * to select the right SPD for multiple hosts behind 1473 * same NAT 1474 */ 1475 if ((tag = m_tag_get(PACKET_TAG_IPSEC_NAT_T_PORTS, 1476 sizeof(sport) + sizeof(dport), M_DONTWAIT)) == NULL) { 1477 m_freem(m); 1478 return -1; 1479 } 1480 ((u_int16_t *)(tag + 1))[0] = sport; 1481 ((u_int16_t *)(tag + 1))[1] = dport; 1482 m_tag_prepend(m, tag); 1483 1484 if (ipsec_used) 1485 ipsec6_common_input(&m, &ip6hdrlen, IPPROTO_ESP); 1486 else 1487 m_freem(m); 1488 1489 /* We handled it, it shouldn't be handled by UDP */ 1490 *mp = NULL; /* avoid free by caller ... */ 1491 return 1; 1492} 1493#endif /* IPSEC */ 1494 1495PR_WRAP_USRREQS(udp6) 1496#define udp6_attach udp6_attach_wrapper 1497#define udp6_detach udp6_detach_wrapper 1498#define udp6_accept udp6_accept_wrapper 1499#define udp6_bind udp6_bind_wrapper 1500#define udp6_listen udp6_listen_wrapper 1501#define udp6_connect udp6_connect_wrapper 1502#define udp6_connect2 udp6_connect2_wrapper 1503#define udp6_disconnect udp6_disconnect_wrapper 1504#define udp6_shutdown udp6_shutdown_wrapper 1505#define udp6_abort udp6_abort_wrapper 1506#define udp6_ioctl udp6_ioctl_wrapper 1507#define udp6_stat udp6_stat_wrapper 1508#define udp6_peeraddr udp6_peeraddr_wrapper 1509#define udp6_sockaddr udp6_sockaddr_wrapper 1510#define udp6_rcvd udp6_rcvd_wrapper 1511#define udp6_recvoob udp6_recvoob_wrapper 1512#define udp6_send udp6_send_wrapper 1513#define udp6_sendoob udp6_sendoob_wrapper 1514#define udp6_purgeif udp6_purgeif_wrapper 1515 1516const struct pr_usrreqs udp6_usrreqs = { 1517 .pr_attach = udp6_attach, 1518 .pr_detach = udp6_detach, 1519 .pr_accept = udp6_accept, 1520 .pr_bind = udp6_bind, 1521 .pr_listen = udp6_listen, 1522 .pr_connect = udp6_connect, 1523 .pr_connect2 = udp6_connect2, 1524 .pr_disconnect = udp6_disconnect, 1525 .pr_shutdown = udp6_shutdown, 1526 .pr_abort = udp6_abort, 1527 .pr_ioctl = udp6_ioctl, 1528 .pr_stat = udp6_stat, 1529 .pr_peeraddr = udp6_peeraddr, 1530 .pr_sockaddr = udp6_sockaddr, 1531 .pr_rcvd = udp6_rcvd, 1532 .pr_recvoob = udp6_recvoob, 1533 .pr_send = udp6_send, 1534 .pr_sendoob = udp6_sendoob, 1535 .pr_purgeif = udp6_purgeif, 1536}; 1537