1 /* $FreeBSD: src/sys/netinet6/udp6_usrreq.c,v 1.6.2.13 2003/01/24 05:11:35 sam Exp $ */
2 /* $KAME: udp6_usrreq.c,v 1.27 2001/05/21 05:45:10 jinmei Exp $ */
5 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 * 3. Neither the name of the project nor the names of its contributors
17 * may be used to endorse or promote products derived from this software
18 * without specific prior written permission.
20 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
34 * Copyright (c) 1982, 1986, 1989, 1993
35 * The Regents of the University of California. All rights reserved.
37 * Redistribution and use in source and binary forms, with or without
38 * modification, are permitted provided that the following conditions
40 * 1. Redistributions of source code must retain the above copyright
41 * notice, this list of conditions and the following disclaimer.
42 * 2. Redistributions in binary form must reproduce the above copyright
43 * notice, this list of conditions and the following disclaimer in the
44 * documentation and/or other materials provided with the distribution.
45 * 3. Neither the name of the University nor the names of its contributors
46 * may be used to endorse or promote products derived from this software
47 * without specific prior written permission.
49 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
50 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
51 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
52 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
53 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
54 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
55 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
56 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
57 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
58 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
61 * @(#)udp_var.h 8.1 (Berkeley) 6/10/93
65 #include "opt_inet6.h"
66 #include "opt_ipsec.h"
68 #include <sys/param.h>
69 #include <sys/kernel.h>
71 #include <sys/protosw.h>
72 #include <sys/socket.h>
73 #include <sys/socketvar.h>
74 #include <sys/sysctl.h>
75 #include <sys/errno.h>
77 #include <sys/systm.h>
78 #include <sys/syslog.h>
82 #include <sys/thread2.h>
83 #include <sys/socketvar2.h>
84 #include <sys/msgport2.h>
87 #include <net/route.h>
88 #include <net/if_types.h>
89 #include <net/netisr2.h>
91 #include <netinet/in.h>
92 #include <netinet/in_systm.h>
93 #include <netinet/ip.h>
94 #include <netinet/in_pcb.h>
95 #include <netinet/in_var.h>
96 #include <netinet/ip_var.h>
97 #include <netinet/udp.h>
98 #include <netinet/udp_var.h>
99 #include <netinet/ip6.h>
100 #include <netinet6/ip6_var.h>
101 #include <netinet6/in6_pcb.h>
102 #include <netinet/icmp6.h>
103 #include <netinet6/udp6_var.h>
104 #include <netinet6/ip6protosw.h>
107 #include <netinet6/ipsec.h>
108 #include <netinet6/ipsec6.h>
112 #include <netproto/ipsec/ipsec.h>
113 #include <netproto/ipsec/ipsec6.h>
114 #endif /* FAST_IPSEC */
117 * UDP protocol inplementation.
118 * Per RFC 768, August, 1980.
121 extern struct protosw inetsw
[];
122 static int in6_mcmatch (struct inpcb
*, struct in6_addr
*, struct ifnet
*);
125 in6_mcmatch(struct inpcb
*in6p
, struct in6_addr
*ia6
, struct ifnet
*ifp
)
127 struct ip6_moptions
*im6o
= in6p
->in6p_moptions
;
128 struct in6_multi_mship
*imm
;
133 for (imm
= im6o
->im6o_memberships
.lh_first
; imm
!= NULL
;
134 imm
= imm
->i6mm_chain
.le_next
) {
136 imm
->i6mm_maddr
->in6m_ifp
== ifp
) &&
137 IN6_ARE_ADDR_EQUAL(&imm
->i6mm_maddr
->in6m_addr
,
145 udp6_input(struct mbuf
**mp
, int *offp
, int proto
)
147 struct mbuf
*m
= *mp
;
151 struct mbuf
*opts
= NULL
;
154 struct sockaddr_in6 udp_in6
;
156 struct inpcbinfo
*pcbinfo
= &udbinfo
[0];
158 IP6_EXTHDR_CHECK(m
, off
, sizeof(struct udphdr
), IPPROTO_DONE
);
160 ip6
= mtod(m
, struct ip6_hdr
*);
162 udp_stat
.udps_ipackets
++;
164 plen
= ntohs(ip6
->ip6_plen
) - off
+ sizeof(*ip6
);
165 uh
= (struct udphdr
*)((caddr_t
)ip6
+ off
);
166 ulen
= ntohs((u_short
)uh
->uh_ulen
);
169 udp_stat
.udps_badlen
++;
174 * Checksum extended UDP header and data.
177 udp_stat
.udps_nosum
++;
178 else if (in6_cksum(m
, IPPROTO_UDP
, off
, ulen
) != 0) {
179 udp_stat
.udps_badsum
++;
183 if (IN6_IS_ADDR_MULTICAST(&ip6
->ip6_dst
)) {
184 struct inpcb
*last
, *marker
;
187 * Deliver a multicast datagram to all sockets
188 * for which the local and remote addresses and ports match
189 * those of the incoming datagram. This allows more than
190 * one process to receive multicasts on the same port.
191 * (This really ought to be done for unicast datagrams as
192 * well, but that would cause problems with existing
193 * applications that open both address-specific sockets and
194 * a wildcard socket listening to the same port -- they would
195 * end up receiving duplicates of every unicast datagram.
196 * Those applications open the multiple sockets to overcome an
197 * inadequacy of the UDP socket interface, but for backwards
198 * compatibility we avoid the problem here rather than
199 * fixing the interface. Maybe 4.5BSD will remedy this?)
203 * In a case that laddr should be set to the link-local
204 * address (this happens in RIPng), the multicast address
205 * specified in the received packet does not match with
206 * laddr. To cure this situation, the matching is relaxed
207 * if the receiving interface is the same as one specified
208 * in the socket and if the destination multicast address
209 * matches one of the multicast groups specified in the socket.
213 * Construct sockaddr format source address.
215 init_sin6(&udp_in6
, m
); /* general init */
216 udp_in6
.sin6_port
= uh
->uh_sport
;
218 * KAME note: traditionally we dropped udpiphdr from mbuf here.
219 * We need udphdr for IPsec processing so we do that later.
223 * Locate pcb(s) for datagram.
224 * (Algorithm copied from raw_intr().)
228 marker
= in_pcbmarker();
230 GET_PCBINFO_TOKEN(pcbinfo
);
232 LIST_INSERT_HEAD(&pcbinfo
->pcblisthead
, marker
, inp_list
);
233 while ((in6p
= LIST_NEXT(marker
, inp_list
)) != NULL
) {
234 LIST_REMOVE(marker
, inp_list
);
235 LIST_INSERT_AFTER(in6p
, marker
, inp_list
);
237 if (in6p
->inp_flags
& INP_PLACEMARKER
)
239 if (!INP_ISIPV6(in6p
))
241 if (in6p
->in6p_lport
!= uh
->uh_dport
)
243 if (!IN6_IS_ADDR_UNSPECIFIED(&in6p
->in6p_laddr
)) {
244 if (!IN6_ARE_ADDR_EQUAL(&in6p
->in6p_laddr
,
246 !in6_mcmatch(in6p
, &ip6
->ip6_dst
,
250 if (!IN6_IS_ADDR_UNSPECIFIED(&in6p
->in6p_faddr
)) {
251 if (!IN6_ARE_ADDR_EQUAL(&in6p
->in6p_faddr
,
253 in6p
->in6p_fport
!= uh
->uh_sport
)
262 * Check AH/ESP integrity.
264 if (ipsec6_in_reject_so(m
, last
->inp_socket
))
265 ipsec6stat
.in_polvio
++;
266 /* do not inject data into pcb */
271 * Check AH/ESP integrity.
273 if (ipsec6_in_reject(m
, last
))
276 #endif /* FAST_IPSEC */
277 if ((n
= m_copy(m
, 0, M_COPYALL
)) != NULL
) {
280 * m_copy(m, offset, ...) above.
281 * ssb_appendaddr() expects M_PKTHDR,
282 * and m_copy() will copy M_PKTHDR
283 * only if offset is 0.
285 so
= last
->in6p_socket
;
286 if ((last
->in6p_flags
& IN6P_CONTROLOPTS
) ||
287 (so
->so_options
& SO_TIMESTAMP
)) {
288 ip6_savecontrol(last
, &opts
,
291 m_adj(n
, off
+ sizeof(struct udphdr
));
292 lwkt_gettoken(&so
->so_rcv
.ssb_token
);
293 if (ssb_appendaddr(&so
->so_rcv
,
294 (struct sockaddr
*)&udp_in6
,
299 udp_stat
.udps_fullsock
++;
303 lwkt_reltoken(&so
->so_rcv
.ssb_token
);
309 * Don't look for additional matches if this one does
310 * not have either the SO_REUSEPORT or SO_REUSEADDR
311 * socket options set. This heuristic avoids searching
312 * through all pcbs in the common case of a non-shared
313 * port. It assumes that an application will never
314 * clear these options after setting them.
316 if ((last
->in6p_socket
->so_options
&
317 (SO_REUSEPORT
| SO_REUSEADDR
)) == 0)
320 LIST_REMOVE(marker
, inp_list
);
322 REL_PCBINFO_TOKEN(pcbinfo
);
326 * No matching pcb found; discard datagram.
327 * (No need to send an ICMP Port Unreachable
328 * for a broadcast or multicast datgram.)
330 udp_stat
.udps_noport
++;
331 udp_stat
.udps_noportmcast
++;
336 * Check AH/ESP integrity.
338 if (ipsec6_in_reject_so(m
, last
->inp_socket
)) {
339 ipsec6stat
.in_polvio
++;
345 * Check AH/ESP integrity.
347 if (ipsec6_in_reject(m
, last
)) {
350 #endif /* FAST_IPSEC */
351 if (last
->in6p_flags
& IN6P_CONTROLOPTS
352 || last
->in6p_socket
->so_options
& SO_TIMESTAMP
)
353 ip6_savecontrol(last
, &opts
, ip6
, m
);
355 m_adj(m
, off
+ sizeof(struct udphdr
));
356 so
= last
->in6p_socket
;
357 lwkt_gettoken(&so
->so_rcv
.ssb_token
);
358 if (ssb_appendaddr(&so
->so_rcv
, (struct sockaddr
*)&udp_in6
,
360 udp_stat
.udps_fullsock
++;
361 lwkt_reltoken(&so
->so_rcv
.ssb_token
);
365 lwkt_reltoken(&so
->so_rcv
.ssb_token
);
369 * Locate pcb for datagram.
371 in6p
= in6_pcblookup_hash(pcbinfo
, &ip6
->ip6_src
, uh
->uh_sport
,
372 &ip6
->ip6_dst
, uh
->uh_dport
, 1,
376 char buf
[INET6_ADDRSTRLEN
];
378 strcpy(buf
, ip6_sprintf(&ip6
->ip6_dst
));
380 "Connection attempt to UDP [%s]:%d from [%s]:%d\n",
381 buf
, ntohs(uh
->uh_dport
),
382 ip6_sprintf(&ip6
->ip6_src
), ntohs(uh
->uh_sport
));
384 udp_stat
.udps_noport
++;
385 if (m
->m_flags
& M_MCAST
) {
386 kprintf("UDP6: M_MCAST is set in a unicast packet.\n");
387 udp_stat
.udps_noportmcast
++;
390 icmp6_error(m
, ICMP6_DST_UNREACH
, ICMP6_DST_UNREACH_NOPORT
, 0);
395 * Check AH/ESP integrity.
397 if (ipsec6_in_reject_so(m
, in6p
->in6p_socket
)) {
398 ipsec6stat
.in_polvio
++;
404 * Check AH/ESP integrity.
406 if (ipsec6_in_reject(m
, in6p
)) {
409 #endif /* FAST_IPSEC */
412 * Construct sockaddr format source address.
413 * Stuff source address and datagram in user buffer.
415 init_sin6(&udp_in6
, m
); /* general init */
416 udp_in6
.sin6_port
= uh
->uh_sport
;
417 if (in6p
->in6p_flags
& IN6P_CONTROLOPTS
418 || in6p
->in6p_socket
->so_options
& SO_TIMESTAMP
)
419 ip6_savecontrol(in6p
, &opts
, ip6
, m
);
420 m_adj(m
, off
+ sizeof(struct udphdr
));
421 so
= in6p
->in6p_socket
;
422 lwkt_gettoken(&so
->so_rcv
.ssb_token
);
423 if (ssb_appendaddr(&so
->so_rcv
, (struct sockaddr
*)&udp_in6
,
425 udp_stat
.udps_fullsock
++;
426 lwkt_reltoken(&so
->so_rcv
.ssb_token
);
430 lwkt_reltoken(&so
->so_rcv
.ssb_token
);
441 udp6_ctlinput(netmsg_t msg
)
443 int cmd
= msg
->ctlinput
.nm_cmd
;
444 struct sockaddr
*sa
= msg
->ctlinput
.nm_arg
;
445 void *d
= msg
->ctlinput
.nm_extra
;
450 struct ip6ctlparam
*ip6cp
= NULL
;
451 const struct sockaddr_in6
*sa6_src
= NULL
;
452 inp_notify_t notify
= udp_notify
;
453 struct udp_portonly
{
458 if (sa
->sa_family
!= AF_INET6
||
459 sa
->sa_len
!= sizeof(struct sockaddr_in6
))
462 if ((unsigned)cmd
>= PRC_NCMDS
)
464 if (PRC_IS_REDIRECT(cmd
))
465 notify
= in6_rtchange
, d
= NULL
;
466 else if (cmd
== PRC_HOSTDEAD
)
468 else if (inet6ctlerrmap
[cmd
] == 0)
471 /* if the parameter is from icmp6, decode it. */
473 ip6cp
= (struct ip6ctlparam
*)d
;
475 ip6
= ip6cp
->ip6c_ip6
;
476 off
= ip6cp
->ip6c_off
;
477 sa6_src
= ip6cp
->ip6c_src
;
486 * XXX: We assume that when IPV6 is non NULL,
487 * M and OFF are valid.
490 /* check if we can safely examine src and dst ports */
491 if (m
->m_pkthdr
.len
< off
+ sizeof(*uhp
))
494 bzero(&uh
, sizeof(uh
));
495 m_copydata(m
, off
, sizeof(*uhp
), (caddr_t
)&uh
);
497 in6_pcbnotify(&udbinfo
[0], sa
, uh
.uh_dport
,
498 (struct sockaddr
*)ip6cp
->ip6c_src
, uh
.uh_sport
,
501 in6_pcbnotify(&udbinfo
[0], sa
, 0,
502 (const struct sockaddr
*)sa6_src
, 0,
506 lwkt_replymsg(&msg
->ctlinput
.base
.lmsg
, 0);
510 udp6_getcred(SYSCTL_HANDLER_ARGS
)
512 struct sockaddr_in6 addrs
[2];
516 error
= priv_check(req
->td
, PRIV_ROOT
);
520 if (req
->newlen
!= sizeof(addrs
))
522 if (req
->oldlen
!= sizeof(struct ucred
))
524 error
= SYSCTL_IN(req
, addrs
, sizeof(addrs
));
528 inp
= in6_pcblookup_hash(&udbinfo
[0], &addrs
[1].sin6_addr
,
530 &addrs
[0].sin6_addr
, addrs
[0].sin6_port
,
532 if (!inp
|| !inp
->inp_socket
) {
536 error
= SYSCTL_OUT(req
, inp
->inp_socket
->so_cred
,
537 sizeof(struct ucred
));
544 SYSCTL_PROC(_net_inet6_udp6
, OID_AUTO
, getcred
, CTLTYPE_OPAQUE
|CTLFLAG_RW
,
546 udp6_getcred
, "S,ucred", "Get the ucred of a UDP6 connection");
549 * NOTE: (so) is referenced from soabort*() and netmsg_pru_abort()
550 * will sofree() it when we return.
553 udp6_abort(netmsg_t msg
)
555 struct socket
*so
= msg
->abort
.base
.nm_so
;
561 soisdisconnected(so
);
568 lwkt_replymsg(&msg
->abort
.base
.lmsg
, error
);
572 udp6_attach(netmsg_t msg
)
574 struct socket
*so
= msg
->attach
.base
.nm_so
;
575 struct pru_attach_info
*ai
= msg
->attach
.nm_ai
;
585 if (so
->so_snd
.ssb_hiwat
== 0 || so
->so_rcv
.ssb_hiwat
== 0) {
586 error
= soreserve(so
, udp_sendspace
, udp_recvspace
,
592 error
= in_pcballoc(so
, &udbinfo
[0]);
596 inp
= (struct inpcb
*)so
->so_pcb
;
597 inp
->in6p_hops
= -1; /* use kernel default */
598 inp
->in6p_cksum
= -1; /* just to be sure */
601 * IPv4 TTL initialization is necessary for an IPv6 socket as well,
602 * because the socket may be bound to an IPv6 wildcard address,
603 * which may match an IPv4-mapped IPv6 address.
605 inp
->inp_ip_ttl
= ip_defttl
;
608 lwkt_replymsg(&msg
->attach
.base
.lmsg
, error
);
612 udp6_bind(netmsg_t msg
)
614 struct socket
*so
=msg
->bind
.base
.nm_so
;
615 struct sockaddr
*nam
= msg
->bind
.nm_nam
;
616 struct thread
*td
= msg
->bind
.nm_td
;
617 struct sockaddr_in6
*sin6_p
= (struct sockaddr_in6
*)nam
;
627 error
= in6_pcbbind(inp
, nam
, td
);
629 if (IN6_IS_ADDR_UNSPECIFIED(&sin6_p
->sin6_addr
))
630 inp
->inp_flags
|= INP_WASBOUND_NOTANY
;
631 in_pcbinswildcardhash(inp
);
634 lwkt_replymsg(&msg
->bind
.base
.lmsg
, error
);
638 udp6_connect(netmsg_t msg
)
640 struct socket
*so
= msg
->connect
.base
.nm_so
;
641 struct sockaddr
*nam
= msg
->connect
.nm_nam
;
642 struct thread
*td
= msg
->connect
.nm_td
;
643 struct sockaddr_in6
*sin6_p
;
653 sin6_p
= (struct sockaddr_in6
*)nam
;
654 if (IN6_IS_ADDR_V4MAPPED(&sin6_p
->sin6_addr
)) {
655 error
= EADDRNOTAVAIL
;
659 if (!IN6_IS_ADDR_UNSPECIFIED(&inp
->in6p_faddr
)) {
663 if (inp
->inp_flags
& INP_WILDCARD
)
664 in_pcbremwildcardhash(inp
);
665 if (!prison_remote_ip(td
, nam
)) {
666 error
= EAFNOSUPPORT
; /* IPv4 only jail */
669 error
= in6_pcbconnect(inp
, nam
, td
);
672 } else if (error
== EAFNOSUPPORT
) { /* connection dissolved */
674 * Follow traditional BSD behavior and retain
675 * the local port binding. But, fix the old misbehavior
676 * of overwriting any previously bound local address.
678 if (!(inp
->inp_flags
& INP_WASBOUND_NOTANY
))
679 inp
->in6p_laddr
= kin6addr_any
;
680 in_pcbinswildcardhash(inp
);
683 lwkt_replymsg(&msg
->connect
.base
.lmsg
, error
);
687 udp6_detach(netmsg_t msg
)
689 struct socket
*so
= msg
->detach
.base
.nm_so
;
700 lwkt_replymsg(&msg
->detach
.base
.lmsg
, error
);
704 udp6_disconnect(netmsg_t msg
)
706 struct socket
*so
= msg
->disconnect
.base
.nm_so
;
716 if (IN6_IS_ADDR_UNSPECIFIED(&inp
->in6p_faddr
)) {
719 in6_pcbdisconnect(inp
);
720 soclrstate(so
, SS_ISCONNECTED
); /* XXX */
724 lwkt_replymsg(&msg
->disconnect
.base
.lmsg
, error
);
728 udp6_send(netmsg_t msg
)
730 struct socket
*so
= msg
->send
.base
.nm_so
;
731 struct mbuf
*m
= msg
->send
.nm_m
;
732 struct sockaddr
*addr
= msg
->send
.nm_addr
;
733 struct mbuf
*control
= msg
->send
.nm_control
;
734 struct thread
*td
= msg
->send
.nm_td
;
745 struct sockaddr_in6
*sin6
;
747 if (addr
->sa_len
!= sizeof(struct sockaddr_in6
)) {
751 if (addr
->sa_family
!= AF_INET6
) {
752 error
= EAFNOSUPPORT
;
756 sin6
= (struct sockaddr_in6
*)addr
;
757 if (IN6_IS_ADDR_V4MAPPED(&sin6
->sin6_addr
)) {
758 error
= EADDRNOTAVAIL
;
763 error
= udp6_output(inp
, m
, addr
, control
, td
);
764 lwkt_replymsg(&msg
->send
.base
.lmsg
, error
);
768 lwkt_replymsg(&msg
->send
.base
.lmsg
, error
);
771 struct pr_usrreqs udp6_usrreqs
= {
772 .pru_abort
= udp6_abort
,
773 .pru_accept
= pr_generic_notsupp
,
774 .pru_attach
= udp6_attach
,
775 .pru_bind
= udp6_bind
,
776 .pru_connect
= udp6_connect
,
777 .pru_connect2
= pr_generic_notsupp
,
778 .pru_control
= in6_control_dispatch
,
779 .pru_detach
= udp6_detach
,
780 .pru_disconnect
= udp6_disconnect
,
781 .pru_listen
= pr_generic_notsupp
,
782 .pru_peeraddr
= in6_setpeeraddr_dispatch
,
783 .pru_rcvd
= pr_generic_notsupp
,
784 .pru_rcvoob
= pr_generic_notsupp
,
785 .pru_send
= udp6_send
,
786 .pru_sense
= pru_sense_null
,
787 .pru_shutdown
= udp_shutdown
,
788 .pru_sockaddr
= in6_setsockaddr_dispatch
,
789 .pru_sosend
= sosend
,
790 .pru_soreceive
= soreceive