1 /*-
2 * Copyright (c) 2004-2009 Robert N. M. Watson
3 * All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in the
12 * documentation and/or other materials provided with the distribution.
13 *
14 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
15 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
16 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
17 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
18 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
19 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
20 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
21 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
22 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
23 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
24 * SUCH DAMAGE.
25 *
26 * Copyright (c) 1990, 1994 Regents of The University of Michigan.
27 *
28 * Permission to use, copy, modify, and distribute this software and
29 * its documentation for any purpose and without fee is hereby granted,
30 * provided that the above copyright notice appears in all copies and
31 * that both that copyright notice and this permission notice appear
32 * in supporting documentation, and that the name of The University
33 * of Michigan not be used in advertising or publicity pertaining to
34 * distribution of the software without specific, written prior
35 * permission. This software is supplied as is without expressed or
36 * implied warranties of any kind.
37 *
38 * This product includes software developed by the University of
39 * California, Berkeley and its contributors.
40 *
41 * Research Systems Unix Group
42 * The University of Michigan
43 * c/o Wesley Craig
44 * 535 W. William Street
45 * Ann Arbor, Michigan
46 * +1-313-764-2278
47 * netatalk@umich.edu
48 *
49 * $FreeBSD$
50 */
51
52 #include <sys/param.h>
53 #include <sys/kernel.h>
54 #include <sys/lock.h>
55 #include <sys/mbuf.h>
56 #include <sys/signalvar.h>
57 #include <sys/socket.h>
58 #include <sys/socketvar.h>
59 #include <sys/sx.h>
60 #include <sys/systm.h>
61 #include <net/if.h>
62 #include <net/route.h>
63
64 #include <netatalk/at.h>
65 #include <netatalk/at_var.h>
66 #include <netatalk/ddp.h>
67 #include <netatalk/ddp_var.h>
68 #include <netatalk/ddp_pcb.h>
69 #include <netatalk/at_extern.h>
70
71 #include <security/mac/mac_framework.h>
72
73 static volatile int ddp_forward = 1;
74 static volatile int ddp_firewall = 0;
75 static struct ddpstat ddpstat;
76
77 static struct route forwro;
78
79 static void ddp_input(struct mbuf *, struct ifnet *, struct elaphdr *, int);
80
81 /*
82 * Could probably merge these two code segments a little better...
83 */
84 void
85 at2intr(struct mbuf *m)
86 {
87
88 /*
89 * Phase 2 packet handling .
90 */
91 ddp_input(m, m->m_pkthdr.rcvif, NULL, 2);
92 }
93
94 void
95 at1intr(struct mbuf *m)
96 {
97 struct elaphdr *elhp, elh;
98
99 /*
100 * Phase 1 packet handling
101 */
102 if (m->m_len < SZ_ELAPHDR && ((m = m_pullup(m, SZ_ELAPHDR)) ==
103 NULL)) {
104 ddpstat.ddps_tooshort++;
105 return;
106 }
107
108 /*
109 * This seems a little dubious, but I don't know phase 1 so leave it.
110 */
111 elhp = mtod(m, struct elaphdr *);
112 m_adj(m, SZ_ELAPHDR);
113
114 if (elhp->el_type != ELAP_DDPEXTEND) {
115 bcopy((caddr_t)elhp, (caddr_t)&elh, SZ_ELAPHDR);
116 ddp_input(m, m->m_pkthdr.rcvif, &elh, 1);
117 } else
118 ddp_input(m, m->m_pkthdr.rcvif, NULL, 1);
119 }
120
121 static void
122 ddp_input(struct mbuf *m, struct ifnet *ifp, struct elaphdr *elh, int phase)
123 {
124 struct sockaddr_at from, to;
125 struct ddpshdr *dsh, ddps;
126 struct at_ifaddr *aa;
127 struct ddpehdr *deh = NULL, ddpe;
128 struct ddpcb *ddp;
129 int dlen, mlen;
130 u_short cksum = 0;
131
132 bzero((caddr_t)&from, sizeof(struct sockaddr_at));
133 bzero((caddr_t)&to, sizeof(struct sockaddr_at));
134 if (elh != NULL) {
135 /*
136 * Extract the information in the short header. Network
137 * information is defaulted to ATADDR_ANYNET and node
138 * information comes from the elh info. We must be phase 1.
139 */
140 ddpstat.ddps_short++;
141
142 if (m->m_len < sizeof(struct ddpshdr) &&
143 ((m = m_pullup(m, sizeof(struct ddpshdr))) == NULL)) {
144 ddpstat.ddps_tooshort++;
145 return;
146 }
147
148 dsh = mtod(m, struct ddpshdr *);
149 bcopy((caddr_t)dsh, (caddr_t)&ddps, sizeof(struct ddpshdr));
150 ddps.dsh_bytes = ntohl(ddps.dsh_bytes);
151 dlen = ddps.dsh_len;
152
153 to.sat_addr.s_net = ATADDR_ANYNET;
154 to.sat_addr.s_node = elh->el_dnode;
155 to.sat_port = ddps.dsh_dport;
156 from.sat_addr.s_net = ATADDR_ANYNET;
157 from.sat_addr.s_node = elh->el_snode;
158 from.sat_port = ddps.dsh_sport;
159
160 /*
161 * Make sure that we point to the phase1 ifaddr info and that
162 * it's valid for this packet.
163 */
164 AT_IFADDR_RLOCK();
165 TAILQ_FOREACH(aa, &at_ifaddrhead, aa_link) {
166 if ((aa->aa_ifp == ifp)
167 && ((aa->aa_flags & AFA_PHASE2) == 0)
168 && ((to.sat_addr.s_node ==
169 AA_SAT(aa)->sat_addr.s_node) ||
170 (to.sat_addr.s_node == ATADDR_BCAST)))
171 break;
172 }
173 /*
174 * maybe we got a broadcast not meant for us.. ditch it.
175 */
176 if (aa == NULL) {
177 AT_IFADDR_RUNLOCK();
178 m_freem(m);
179 return;
180 }
181 } else {
182 /*
183 * There was no 'elh' passed on. This could still be either
184 * phase1 or phase2. We have a long header, but we may be
185 * running on a phase 1 net. Extract out all the info
186 * regarding this packet's src & dst.
187 */
188 ddpstat.ddps_long++;
189
190 if (m->m_len < sizeof(struct ddpehdr) &&
191 ((m = m_pullup(m, sizeof(struct ddpehdr))) == NULL)) {
192 AT_IFADDR_RUNLOCK();
193 ddpstat.ddps_tooshort++;
194 return;
195 }
196
197 deh = mtod(m, struct ddpehdr *);
198 bcopy((caddr_t)deh, (caddr_t)&ddpe, sizeof(struct ddpehdr));
199 ddpe.deh_bytes = ntohl(ddpe.deh_bytes);
200 dlen = ddpe.deh_len;
201
202 if ((cksum = ddpe.deh_sum) == 0)
203 ddpstat.ddps_nosum++;
204
205 from.sat_addr.s_net = ddpe.deh_snet;
206 from.sat_addr.s_node = ddpe.deh_snode;
207 from.sat_port = ddpe.deh_sport;
208 to.sat_addr.s_net = ddpe.deh_dnet;
209 to.sat_addr.s_node = ddpe.deh_dnode;
210 to.sat_port = ddpe.deh_dport;
211
212 AT_IFADDR_RLOCK();
213 if (to.sat_addr.s_net == ATADDR_ANYNET) {
214 /*
215 * The TO address doesn't specify a net, so by
216 * definition it's for this net. Try find ifaddr
217 * info with the right phase, the right interface,
218 * and either to our node, a broadcast, or looped
219 * back (though that SHOULD be covered in the other
220 * cases).
221 *
222 * XXX If we have multiple interfaces, then the first
223 * with this node number will match (which may NOT be
224 * what we want, but it's probably safe in 99.999% of
225 * cases.
226 */
227 TAILQ_FOREACH(aa, &at_ifaddrhead, aa_link) {
228 if (phase == 1 && (aa->aa_flags &
229 AFA_PHASE2))
230 continue;
231 if (phase == 2 && (aa->aa_flags &
232 AFA_PHASE2) == 0)
233 continue;
234 if ((aa->aa_ifp == ifp) &&
235 ((to.sat_addr.s_node ==
236 AA_SAT(aa)->sat_addr.s_node) ||
237 (to.sat_addr.s_node == ATADDR_BCAST) ||
238 (ifp->if_flags & IFF_LOOPBACK)))
239 break;
240 }
241 } else {
242 /*
243 * A destination network was given. We just try to
244 * find which ifaddr info matches it.
245 */
246 TAILQ_FOREACH(aa, &at_ifaddrhead, aa_link) {
247 /*
248 * This is a kludge. Accept packets that are
249 * for any router on a local netrange.
250 */
251 if (to.sat_addr.s_net == aa->aa_firstnet &&
252 to.sat_addr.s_node == 0)
253 break;
254 /*
255 * Don't use ifaddr info for which we are
256 * totally outside the netrange, and it's not
257 * a startup packet. Startup packets are
258 * always implicitly allowed on to the next
259 * test.
260 */
261 if (((ntohs(to.sat_addr.s_net) <
262 ntohs(aa->aa_firstnet)) ||
263 (ntohs(to.sat_addr.s_net) >
264 ntohs(aa->aa_lastnet))) &&
265 ((ntohs(to.sat_addr.s_net) < 0xff00) ||
266 (ntohs(to.sat_addr.s_net) > 0xfffe)))
267 continue;
268
269 /*
270 * Don't record a match either if we just
271 * don't have a match in the node address.
272 * This can have if the interface is in
273 * promiscuous mode for example.
274 */
275 if ((to.sat_addr.s_node !=
276 AA_SAT(aa)->sat_addr.s_node) &&
277 (to.sat_addr.s_node != ATADDR_BCAST))
278 continue;
279 break;
280 }
281 }
282 }
283 if (aa != NULL)
284 ifa_ref(&aa->aa_ifa);
285 AT_IFADDR_RUNLOCK();
286
287 /*
288 * Adjust the length, removing any padding that may have been added
289 * at a link layer. We do this before we attempt to forward a
290 * packet, possibly on a different media.
291 */
292 mlen = m->m_pkthdr.len;
293 if (mlen < dlen) {
294 ddpstat.ddps_toosmall++;
295 goto out;
296 }
297 if (mlen > dlen)
298 m_adj(m, dlen - mlen);
299
300 /*
301 * If it isn't for a net on any of our interfaces, or it IS for a net
302 * on a different interface than it came in on, (and it is not looped
303 * back) then consider if we should forward it. As we are not really
304 * a router this is a bit cheeky, but it may be useful some day.
305 */
306 if ((aa == NULL) || ((to.sat_addr.s_node == ATADDR_BCAST) &&
307 (aa->aa_ifp != ifp) && ((ifp->if_flags & IFF_LOOPBACK) == 0))) {
308 /*
309 * If we've explicitly disabled it, don't route anything.
310 */
311 if (ddp_forward == 0)
312 goto out;
313
314 /*
315 * If the cached forwarding route is still valid, use it.
316 *
317 * XXXRW: Access to the cached route may not be properly
318 * synchronized for parallel input handling.
319 */
320 if (forwro.ro_rt &&
321 (satosat(&forwro.ro_dst)->sat_addr.s_net !=
322 to.sat_addr.s_net ||
323 satosat(&forwro.ro_dst)->sat_addr.s_node !=
324 to.sat_addr.s_node)) {
325 RTFREE(forwro.ro_rt);
326 forwro.ro_rt = NULL;
327 }
328
329 /*
330 * If we don't have a cached one (any more) or it's useless,
331 * then get a new route.
332 *
333 * XXX this could cause a 'route leak'. Check this!
334 */
335 if (forwro.ro_rt == NULL || forwro.ro_rt->rt_ifp == NULL) {
336 forwro.ro_dst.sa_len = sizeof(struct sockaddr_at);
337 forwro.ro_dst.sa_family = AF_APPLETALK;
338 satosat(&forwro.ro_dst)->sat_addr.s_net =
339 to.sat_addr.s_net;
340 satosat(&forwro.ro_dst)->sat_addr.s_node =
341 to.sat_addr.s_node;
342 rtalloc(&forwro);
343 }
344
345 /*
346 * If it's not going to get there on this hop, and it's
347 * already done too many hops, then throw it away.
348 */
349 if ((to.sat_addr.s_net !=
350 satosat(&forwro.ro_dst)->sat_addr.s_net) &&
351 (ddpe.deh_hops == DDP_MAXHOPS))
352 goto out;
353
354 /*
355 * A ddp router might use the same interface to forward the
356 * packet, which this would not effect. Don't allow packets
357 * to cross from one interface to another however.
358 */
359 if (ddp_firewall && ((forwro.ro_rt == NULL) ||
360 (forwro.ro_rt->rt_ifp != ifp)))
361 goto out;
362
363 /*
364 * Adjust the header. If it was a short header then it would
365 * have not gotten here, so we can assume there is room to
366 * drop the header in.
367 *
368 * XXX what about promiscuous mode, etc...
369 */
370 ddpe.deh_hops++;
371 ddpe.deh_bytes = htonl(ddpe.deh_bytes);
372 /* XXX deh? */
373 bcopy((caddr_t)&ddpe, (caddr_t)deh, sizeof(u_short));
374 if (ddp_route(m, &forwro))
375 ddpstat.ddps_cantforward++;
376 else
377 ddpstat.ddps_forward++;
378 if (aa != NULL)
379 ifa_free(&aa->aa_ifa);
380 return;
381 }
382
383 /*
384 * It was for us, and we have an ifaddr to use with it.
385 */
386 from.sat_len = sizeof(struct sockaddr_at);
387 from.sat_family = AF_APPLETALK;
388
389 /*
390 * We are no longer interested in the link layer so cut it off.
391 */
392 if (elh == NULL) {
393 if (ddp_cksum && cksum && cksum !=
394 at_cksum(m, sizeof(int))) {
395 ddpstat.ddps_badsum++;
396 goto out;
397 }
398 m_adj(m, sizeof(struct ddpehdr));
399 } else
400 m_adj(m, sizeof(struct ddpshdr));
401
402 /*
403 * Search for ddp protocol control blocks that match these addresses.
404 */
405 DDP_LIST_SLOCK();
406 if ((ddp = ddp_search(&from, &to, aa)) == NULL)
407 goto out_unlock;
408
409 #ifdef MAC
410 if (mac_socket_check_deliver(ddp->ddp_socket, m) != 0)
411 goto out_unlock;
412 #endif
413
414 /*
415 * If we found one, deliver the packet to the socket
416 */
417 SOCKBUF_LOCK(&ddp->ddp_socket->so_rcv);
418 if (sbappendaddr_locked(&ddp->ddp_socket->so_rcv,
419 (struct sockaddr *)&from, m, NULL) == 0) {
420 SOCKBUF_UNLOCK(&ddp->ddp_socket->so_rcv);
421 /*
422 * If the socket is full (or similar error) dump the packet.
423 */
424 ddpstat.ddps_nosockspace++;
425 goto out_unlock;
426 }
427
428 /*
429 * And wake up whatever might be waiting for it
430 */
431 sorwakeup_locked(ddp->ddp_socket);
432 m = NULL;
433 out_unlock:
434 DDP_LIST_SUNLOCK();
435 out:
436 if (aa != NULL)
437 ifa_free(&aa->aa_ifa);
438 if (m != NULL)
439 m_freem(m);
440 }
Cache object: af3e266999f4de6b639401cc71c8c5dd
|