FreeBSD/Linux Kernel Cross Reference
sys/netinet/raw_ip.c
1 /*-
2 * SPDX-License-Identifier: BSD-3-Clause
3 *
4 * Copyright (c) 1982, 1986, 1988, 1993
5 * The Regents of the University of California.
6 * All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 * 3. Neither the name of the University nor the names of its contributors
17 * may be used to endorse or promote products derived from this software
18 * without specific prior written permission.
19 *
20 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
30 * SUCH DAMAGE.
31 *
32 * @(#)raw_ip.c 8.7 (Berkeley) 5/15/95
33 */
34
35 #include <sys/cdefs.h>
36 __FBSDID("$FreeBSD$");
37
38 #include "opt_inet.h"
39 #include "opt_inet6.h"
40 #include "opt_ipsec.h"
41 #include "opt_route.h"
42
43 #include <sys/param.h>
44 #include <sys/jail.h>
45 #include <sys/kernel.h>
46 #include <sys/eventhandler.h>
47 #include <sys/lock.h>
48 #include <sys/malloc.h>
49 #include <sys/mbuf.h>
50 #include <sys/priv.h>
51 #include <sys/proc.h>
52 #include <sys/protosw.h>
53 #include <sys/rwlock.h>
54 #include <sys/signalvar.h>
55 #include <sys/socket.h>
56 #include <sys/socketvar.h>
57 #include <sys/sx.h>
58 #include <sys/sysctl.h>
59 #include <sys/systm.h>
60
61 #include <vm/uma.h>
62
63 #include <net/if.h>
64 #include <net/if_var.h>
65 #include <net/route.h>
66 #include <net/route/route_ctl.h>
67 #include <net/vnet.h>
68
69 #include <netinet/in.h>
70 #include <netinet/in_systm.h>
71 #include <netinet/in_fib.h>
72 #include <netinet/in_pcb.h>
73 #include <netinet/in_var.h>
74 #include <netinet/if_ether.h>
75 #include <netinet/ip.h>
76 #include <netinet/ip_var.h>
77 #include <netinet/ip_mroute.h>
78 #include <netinet/ip_icmp.h>
79
80 #include <netipsec/ipsec_support.h>
81
82 #include <machine/stdarg.h>
83 #include <security/mac/mac_framework.h>
84
85 extern ipproto_input_t *ip_protox[];
86
87 VNET_DEFINE(int, ip_defttl) = IPDEFTTL;
88 SYSCTL_INT(_net_inet_ip, IPCTL_DEFTTL, ttl, CTLFLAG_VNET | CTLFLAG_RW,
89 &VNET_NAME(ip_defttl), 0,
90 "Maximum TTL on IP packets");
91
92 VNET_DEFINE(struct inpcbinfo, ripcbinfo);
93 #define V_ripcbinfo VNET(ripcbinfo)
94
95 /*
96 * Control and data hooks for ipfw, dummynet, divert and so on.
97 * The data hooks are not used here but it is convenient
98 * to keep them all in one place.
99 */
100 VNET_DEFINE(ip_fw_chk_ptr_t, ip_fw_chk_ptr) = NULL;
101 VNET_DEFINE(ip_fw_ctl_ptr_t, ip_fw_ctl_ptr) = NULL;
102
103 int (*ip_dn_ctl_ptr)(struct sockopt *);
104 int (*ip_dn_io_ptr)(struct mbuf **, struct ip_fw_args *);
105 void (*ip_divert_ptr)(struct mbuf *, bool);
106 int (*ng_ipfw_input_p)(struct mbuf **, struct ip_fw_args *, bool);
107
108 #ifdef INET
109 /*
110 * Hooks for multicast routing. They all default to NULL, so leave them not
111 * initialized and rely on BSS being set to 0.
112 */
113
114 /*
115 * The socket used to communicate with the multicast routing daemon.
116 */
117 VNET_DEFINE(struct socket *, ip_mrouter);
118
119 /*
120 * The various mrouter and rsvp functions.
121 */
122 int (*ip_mrouter_set)(struct socket *, struct sockopt *);
123 int (*ip_mrouter_get)(struct socket *, struct sockopt *);
124 int (*ip_mrouter_done)(void);
125 int (*ip_mforward)(struct ip *, struct ifnet *, struct mbuf *,
126 struct ip_moptions *);
127 int (*mrt_ioctl)(u_long, caddr_t, int);
128 int (*legal_vif_num)(int);
129 u_long (*ip_mcast_src)(int);
130
131 int (*rsvp_input_p)(struct mbuf **, int *, int);
132 int (*ip_rsvp_vif)(struct socket *, struct sockopt *);
133 void (*ip_rsvp_force_done)(struct socket *);
134 #endif /* INET */
135
136 u_long rip_sendspace = 9216;
137 SYSCTL_ULONG(_net_inet_raw, OID_AUTO, maxdgram, CTLFLAG_RW,
138 &rip_sendspace, 0, "Maximum outgoing raw IP datagram size");
139
140 u_long rip_recvspace = 9216;
141 SYSCTL_ULONG(_net_inet_raw, OID_AUTO, recvspace, CTLFLAG_RW,
142 &rip_recvspace, 0, "Maximum space for incoming raw IP datagrams");
143
144 /*
145 * Hash functions
146 */
147
148 #define INP_PCBHASH_RAW_SIZE 256
149 #define INP_PCBHASH_RAW(proto, laddr, faddr, mask) \
150 (((proto) + (laddr) + (faddr)) % (mask) + 1)
151
152 #ifdef INET
153 static void
154 rip_inshash(struct inpcb *inp)
155 {
156 struct inpcbinfo *pcbinfo = inp->inp_pcbinfo;
157 struct inpcbhead *pcbhash;
158 int hash;
159
160 INP_HASH_WLOCK_ASSERT(pcbinfo);
161 INP_WLOCK_ASSERT(inp);
162
163 if (inp->inp_ip_p != 0 &&
164 inp->inp_laddr.s_addr != INADDR_ANY &&
165 inp->inp_faddr.s_addr != INADDR_ANY) {
166 hash = INP_PCBHASH_RAW(inp->inp_ip_p, inp->inp_laddr.s_addr,
167 inp->inp_faddr.s_addr, pcbinfo->ipi_hashmask);
168 } else
169 hash = 0;
170 pcbhash = &pcbinfo->ipi_hashbase[hash];
171 CK_LIST_INSERT_HEAD(pcbhash, inp, inp_hash);
172 }
173
174 static void
175 rip_delhash(struct inpcb *inp)
176 {
177
178 INP_HASH_WLOCK_ASSERT(inp->inp_pcbinfo);
179 INP_WLOCK_ASSERT(inp);
180
181 CK_LIST_REMOVE(inp, inp_hash);
182 }
183 #endif /* INET */
184
185 INPCBSTORAGE_DEFINE(ripcbstor, inpcb, "rawinp", "ripcb", "rip", "riphash");
186
187 static void
188 rip_init(void *arg __unused)
189 {
190
191 in_pcbinfo_init(&V_ripcbinfo, &ripcbstor, INP_PCBHASH_RAW_SIZE, 1);
192 }
193 VNET_SYSINIT(rip_init, SI_SUB_PROTO_DOMAIN, SI_ORDER_THIRD, rip_init, NULL);
194
195 #ifdef VIMAGE
196 static void
197 rip_destroy(void *unused __unused)
198 {
199
200 in_pcbinfo_destroy(&V_ripcbinfo);
201 }
202 VNET_SYSUNINIT(raw_ip, SI_SUB_PROTO_DOMAIN, SI_ORDER_FOURTH, rip_destroy, NULL);
203 #endif
204
205 #ifdef INET
206 static int
207 rip_append(struct inpcb *inp, struct ip *ip, struct mbuf *m,
208 struct sockaddr_in *ripsrc)
209 {
210 struct socket *so = inp->inp_socket;
211 struct mbuf *n, *opts = NULL;
212
213 INP_LOCK_ASSERT(inp);
214
215 #if defined(IPSEC) || defined(IPSEC_SUPPORT)
216 /* check AH/ESP integrity. */
217 if (IPSEC_ENABLED(ipv4) && IPSEC_CHECK_POLICY(ipv4, m, inp) != 0)
218 return (0);
219 #endif /* IPSEC */
220 #ifdef MAC
221 if (mac_inpcb_check_deliver(inp, m) != 0)
222 return (0);
223 #endif
224 /* Check the minimum TTL for socket. */
225 if (inp->inp_ip_minttl && inp->inp_ip_minttl > ip->ip_ttl)
226 return (0);
227
228 if ((n = m_copym(m, 0, M_COPYALL, M_NOWAIT)) == NULL)
229 return (0);
230
231 if ((inp->inp_flags & INP_CONTROLOPTS) ||
232 (so->so_options & (SO_TIMESTAMP | SO_BINTIME)))
233 ip_savecontrol(inp, &opts, ip, n);
234 SOCKBUF_LOCK(&so->so_rcv);
235 if (sbappendaddr_locked(&so->so_rcv,
236 (struct sockaddr *)ripsrc, n, opts) == 0) {
237 soroverflow_locked(so);
238 m_freem(n);
239 if (opts)
240 m_freem(opts);
241 return (0);
242 }
243 sorwakeup_locked(so);
244
245 return (1);
246 }
247
248 struct rip_inp_match_ctx {
249 struct ip *ip;
250 int proto;
251 };
252
253 static bool
254 rip_inp_match1(const struct inpcb *inp, void *v)
255 {
256 struct rip_inp_match_ctx *ctx = v;
257
258 if (inp->inp_ip_p != ctx->proto)
259 return (false);
260 #ifdef INET6
261 /* XXX inp locking */
262 if ((inp->inp_vflag & INP_IPV4) == 0)
263 return (false);
264 #endif
265 if (inp->inp_laddr.s_addr != ctx->ip->ip_dst.s_addr)
266 return (false);
267 if (inp->inp_faddr.s_addr != ctx->ip->ip_src.s_addr)
268 return (false);
269 return (true);
270 }
271
272 static bool
273 rip_inp_match2(const struct inpcb *inp, void *v)
274 {
275 struct rip_inp_match_ctx *ctx = v;
276
277 if (inp->inp_ip_p && inp->inp_ip_p != ctx->proto)
278 return (false);
279 #ifdef INET6
280 /* XXX inp locking */
281 if ((inp->inp_vflag & INP_IPV4) == 0)
282 return (false);
283 #endif
284 if (!in_nullhost(inp->inp_laddr) &&
285 !in_hosteq(inp->inp_laddr, ctx->ip->ip_dst))
286 return (false);
287 if (!in_nullhost(inp->inp_faddr) &&
288 !in_hosteq(inp->inp_faddr, ctx->ip->ip_src))
289 return (false);
290 return (true);
291 }
292
293 /*
294 * Setup generic address and protocol structures for raw_input routine, then
295 * pass them along with mbuf chain.
296 */
297 int
298 rip_input(struct mbuf **mp, int *offp, int proto)
299 {
300 struct rip_inp_match_ctx ctx = {
301 .ip = mtod(*mp, struct ip *),
302 .proto = proto,
303 };
304 struct inpcb_iterator inpi = INP_ITERATOR(&V_ripcbinfo,
305 INPLOOKUP_RLOCKPCB, rip_inp_match1, &ctx);
306 struct ifnet *ifp;
307 struct mbuf *m = *mp;
308 struct inpcb *inp;
309 struct sockaddr_in ripsrc;
310 int appended;
311
312 *mp = NULL;
313 appended = 0;
314
315 bzero(&ripsrc, sizeof(ripsrc));
316 ripsrc.sin_len = sizeof(ripsrc);
317 ripsrc.sin_family = AF_INET;
318 ripsrc.sin_addr = ctx.ip->ip_src;
319
320 ifp = m->m_pkthdr.rcvif;
321
322 inpi.hash = INP_PCBHASH_RAW(proto, ctx.ip->ip_src.s_addr,
323 ctx.ip->ip_dst.s_addr, V_ripcbinfo.ipi_hashmask);
324 while ((inp = inp_next(&inpi)) != NULL) {
325 INP_RLOCK_ASSERT(inp);
326 if (jailed_without_vnet(inp->inp_cred) &&
327 prison_check_ip4(inp->inp_cred, &ctx.ip->ip_dst) != 0) {
328 /*
329 * XXX: If faddr was bound to multicast group,
330 * jailed raw socket will drop datagram.
331 */
332 continue;
333 }
334 appended += rip_append(inp, ctx.ip, m, &ripsrc);
335 }
336
337 inpi.hash = 0;
338 inpi.match = rip_inp_match2;
339 MPASS(inpi.inp == NULL);
340 while ((inp = inp_next(&inpi)) != NULL) {
341 INP_RLOCK_ASSERT(inp);
342 if (jailed_without_vnet(inp->inp_cred) &&
343 !IN_MULTICAST(ntohl(ctx.ip->ip_dst.s_addr)) &&
344 prison_check_ip4(inp->inp_cred, &ctx.ip->ip_dst) != 0)
345 /*
346 * Allow raw socket in jail to receive multicast;
347 * assume process had PRIV_NETINET_RAW at attach,
348 * and fall through into normal filter path if so.
349 */
350 continue;
351 /*
352 * If this raw socket has multicast state, and we
353 * have received a multicast, check if this socket
354 * should receive it, as multicast filtering is now
355 * the responsibility of the transport layer.
356 */
357 if (inp->inp_moptions != NULL &&
358 IN_MULTICAST(ntohl(ctx.ip->ip_dst.s_addr))) {
359 /*
360 * If the incoming datagram is for IGMP, allow it
361 * through unconditionally to the raw socket.
362 *
363 * In the case of IGMPv2, we may not have explicitly
364 * joined the group, and may have set IFF_ALLMULTI
365 * on the interface. imo_multi_filter() may discard
366 * control traffic we actually need to see.
367 *
368 * Userland multicast routing daemons should continue
369 * filter the control traffic appropriately.
370 */
371 int blocked;
372
373 blocked = MCAST_PASS;
374 if (proto != IPPROTO_IGMP) {
375 struct sockaddr_in group;
376
377 bzero(&group, sizeof(struct sockaddr_in));
378 group.sin_len = sizeof(struct sockaddr_in);
379 group.sin_family = AF_INET;
380 group.sin_addr = ctx.ip->ip_dst;
381
382 blocked = imo_multi_filter(inp->inp_moptions,
383 ifp,
384 (struct sockaddr *)&group,
385 (struct sockaddr *)&ripsrc);
386 }
387
388 if (blocked != MCAST_PASS) {
389 IPSTAT_INC(ips_notmember);
390 continue;
391 }
392 }
393 appended += rip_append(inp, ctx.ip, m, &ripsrc);
394 }
395 if (appended == 0 && ip_protox[ctx.ip->ip_p] == rip_input) {
396 IPSTAT_INC(ips_noproto);
397 IPSTAT_DEC(ips_delivered);
398 icmp_error(m, ICMP_UNREACH, ICMP_UNREACH_PROTOCOL, 0, 0);
399 } else
400 m_freem(m);
401 return (IPPROTO_DONE);
402 }
403
404 /*
405 * Generate IP header and pass packet to ip_output. Tack on options user may
406 * have setup with control call.
407 */
408 static int
409 rip_send(struct socket *so, int pruflags, struct mbuf *m, struct sockaddr *nam,
410 struct mbuf *control, struct thread *td)
411 {
412 struct epoch_tracker et;
413 struct ip *ip;
414 struct inpcb *inp;
415 in_addr_t *dst;
416 int error, flags, cnt, hlen;
417 u_char opttype, optlen, *cp;
418
419 inp = sotoinpcb(so);
420 KASSERT(inp != NULL, ("rip_send: inp == NULL"));
421
422 if (control != NULL) {
423 m_freem(control);
424 control = NULL;
425 }
426
427 if (so->so_state & SS_ISCONNECTED) {
428 if (nam) {
429 error = EISCONN;
430 m_freem(m);
431 return (error);
432 }
433 dst = &inp->inp_faddr.s_addr;
434 } else {
435 if (nam == NULL)
436 error = ENOTCONN;
437 else if (nam->sa_family != AF_INET)
438 error = EAFNOSUPPORT;
439 else if (nam->sa_len != sizeof(struct sockaddr_in))
440 error = EINVAL;
441 else
442 error = 0;
443 if (error != 0) {
444 m_freem(m);
445 return (error);
446 }
447 dst = &((struct sockaddr_in *)nam)->sin_addr.s_addr;
448 }
449
450 flags = ((so->so_options & SO_DONTROUTE) ? IP_ROUTETOIF : 0) |
451 IP_ALLOWBROADCAST;
452
453 /*
454 * If the user handed us a complete IP packet, use it. Otherwise,
455 * allocate an mbuf for a header and fill it in.
456 */
457 if ((inp->inp_flags & INP_HDRINCL) == 0) {
458 if (m->m_pkthdr.len + sizeof(struct ip) > IP_MAXPACKET) {
459 m_freem(m);
460 return(EMSGSIZE);
461 }
462 M_PREPEND(m, sizeof(struct ip), M_NOWAIT);
463 if (m == NULL)
464 return(ENOBUFS);
465
466 INP_RLOCK(inp);
467 ip = mtod(m, struct ip *);
468 ip->ip_tos = inp->inp_ip_tos;
469 if (inp->inp_flags & INP_DONTFRAG)
470 ip->ip_off = htons(IP_DF);
471 else
472 ip->ip_off = htons(0);
473 ip->ip_p = inp->inp_ip_p;
474 ip->ip_len = htons(m->m_pkthdr.len);
475 ip->ip_src = inp->inp_laddr;
476 ip->ip_dst.s_addr = *dst;
477 #ifdef ROUTE_MPATH
478 if (CALC_FLOWID_OUTBOUND) {
479 uint32_t hash_type, hash_val;
480
481 hash_val = fib4_calc_software_hash(ip->ip_src,
482 ip->ip_dst, 0, 0, ip->ip_p, &hash_type);
483 m->m_pkthdr.flowid = hash_val;
484 M_HASHTYPE_SET(m, hash_type);
485 flags |= IP_NODEFAULTFLOWID;
486 }
487 #endif
488 if (jailed(inp->inp_cred)) {
489 /*
490 * prison_local_ip4() would be good enough but would
491 * let a source of INADDR_ANY pass, which we do not
492 * want to see from jails.
493 */
494 if (ip->ip_src.s_addr == INADDR_ANY) {
495 NET_EPOCH_ENTER(et);
496 error = in_pcbladdr(inp, &ip->ip_dst,
497 &ip->ip_src, inp->inp_cred);
498 NET_EPOCH_EXIT(et);
499 } else {
500 error = prison_local_ip4(inp->inp_cred,
501 &ip->ip_src);
502 }
503 if (error != 0) {
504 INP_RUNLOCK(inp);
505 m_freem(m);
506 return (error);
507 }
508 }
509 ip->ip_ttl = inp->inp_ip_ttl;
510 } else {
511 if (m->m_pkthdr.len > IP_MAXPACKET) {
512 m_freem(m);
513 return (EMSGSIZE);
514 }
515 if (m->m_pkthdr.len < sizeof(*ip)) {
516 m_freem(m);
517 return (EINVAL);
518 }
519 m = m_pullup(m, sizeof(*ip));
520 if (m == NULL)
521 return (ENOMEM);
522 ip = mtod(m, struct ip *);
523 hlen = ip->ip_hl << 2;
524 if (m->m_len < hlen) {
525 m = m_pullup(m, hlen);
526 if (m == NULL)
527 return (EINVAL);
528 ip = mtod(m, struct ip *);
529 }
530 #ifdef ROUTE_MPATH
531 if (CALC_FLOWID_OUTBOUND) {
532 uint32_t hash_type, hash_val;
533
534 hash_val = fib4_calc_software_hash(ip->ip_dst,
535 ip->ip_src, 0, 0, ip->ip_p, &hash_type);
536 m->m_pkthdr.flowid = hash_val;
537 M_HASHTYPE_SET(m, hash_type);
538 flags |= IP_NODEFAULTFLOWID;
539 }
540 #endif
541 INP_RLOCK(inp);
542 /*
543 * Don't allow both user specified and setsockopt options,
544 * and don't allow packet length sizes that will crash.
545 */
546 if ((hlen < sizeof (*ip))
547 || ((hlen > sizeof (*ip)) && inp->inp_options)
548 || (ntohs(ip->ip_len) != m->m_pkthdr.len)) {
549 INP_RUNLOCK(inp);
550 m_freem(m);
551 return (EINVAL);
552 }
553 error = prison_check_ip4(inp->inp_cred, &ip->ip_src);
554 if (error != 0) {
555 INP_RUNLOCK(inp);
556 m_freem(m);
557 return (error);
558 }
559 /*
560 * Don't allow IP options which do not have the required
561 * structure as specified in section 3.1 of RFC 791 on
562 * pages 15-23.
563 */
564 cp = (u_char *)(ip + 1);
565 cnt = hlen - sizeof (struct ip);
566 for (; cnt > 0; cnt -= optlen, cp += optlen) {
567 opttype = cp[IPOPT_OPTVAL];
568 if (opttype == IPOPT_EOL)
569 break;
570 if (opttype == IPOPT_NOP) {
571 optlen = 1;
572 continue;
573 }
574 if (cnt < IPOPT_OLEN + sizeof(u_char)) {
575 INP_RUNLOCK(inp);
576 m_freem(m);
577 return (EINVAL);
578 }
579 optlen = cp[IPOPT_OLEN];
580 if (optlen < IPOPT_OLEN + sizeof(u_char) ||
581 optlen > cnt) {
582 INP_RUNLOCK(inp);
583 m_freem(m);
584 return (EINVAL);
585 }
586 }
587 /*
588 * This doesn't allow application to specify ID of zero,
589 * but we got this limitation from the beginning of history.
590 */
591 if (ip->ip_id == 0)
592 ip_fillid(ip);
593
594 /*
595 * XXX prevent ip_output from overwriting header fields.
596 */
597 flags |= IP_RAWOUTPUT;
598 IPSTAT_INC(ips_rawout);
599 }
600
601 if (inp->inp_flags & INP_ONESBCAST)
602 flags |= IP_SENDONES;
603
604 #ifdef MAC
605 mac_inpcb_create_mbuf(inp, m);
606 #endif
607
608 NET_EPOCH_ENTER(et);
609 error = ip_output(m, inp->inp_options, NULL, flags,
610 inp->inp_moptions, inp);
611 NET_EPOCH_EXIT(et);
612 INP_RUNLOCK(inp);
613 return (error);
614 }
615
616 /*
617 * Raw IP socket option processing.
618 *
619 * IMPORTANT NOTE regarding access control: Traditionally, raw sockets could
620 * only be created by a privileged process, and as such, socket option
621 * operations to manage system properties on any raw socket were allowed to
622 * take place without explicit additional access control checks. However,
623 * raw sockets can now also be created in jail(), and therefore explicit
624 * checks are now required. Likewise, raw sockets can be used by a process
625 * after it gives up privilege, so some caution is required. For options
626 * passed down to the IP layer via ip_ctloutput(), checks are assumed to be
627 * performed in ip_ctloutput() and therefore no check occurs here.
628 * Unilaterally checking priv_check() here breaks normal IP socket option
629 * operations on raw sockets.
630 *
631 * When adding new socket options here, make sure to add access control
632 * checks here as necessary.
633 *
634 * XXX-BZ inp locking?
635 */
636 int
637 rip_ctloutput(struct socket *so, struct sockopt *sopt)
638 {
639 struct inpcb *inp = sotoinpcb(so);
640 int error, optval;
641
642 if (sopt->sopt_level != IPPROTO_IP) {
643 if ((sopt->sopt_level == SOL_SOCKET) &&
644 (sopt->sopt_name == SO_SETFIB)) {
645 inp->inp_inc.inc_fibnum = so->so_fibnum;
646 return (0);
647 }
648 return (EINVAL);
649 }
650
651 error = 0;
652 switch (sopt->sopt_dir) {
653 case SOPT_GET:
654 switch (sopt->sopt_name) {
655 case IP_HDRINCL:
656 optval = inp->inp_flags & INP_HDRINCL;
657 error = sooptcopyout(sopt, &optval, sizeof optval);
658 break;
659
660 case IP_FW3: /* generic ipfw v.3 functions */
661 case IP_FW_ADD: /* ADD actually returns the body... */
662 case IP_FW_GET:
663 case IP_FW_TABLE_GETSIZE:
664 case IP_FW_TABLE_LIST:
665 case IP_FW_NAT_GET_CONFIG:
666 case IP_FW_NAT_GET_LOG:
667 if (V_ip_fw_ctl_ptr != NULL)
668 error = V_ip_fw_ctl_ptr(sopt);
669 else
670 error = ENOPROTOOPT;
671 break;
672
673 case IP_DUMMYNET3: /* generic dummynet v.3 functions */
674 case IP_DUMMYNET_GET:
675 if (ip_dn_ctl_ptr != NULL)
676 error = ip_dn_ctl_ptr(sopt);
677 else
678 error = ENOPROTOOPT;
679 break ;
680
681 case MRT_INIT:
682 case MRT_DONE:
683 case MRT_ADD_VIF:
684 case MRT_DEL_VIF:
685 case MRT_ADD_MFC:
686 case MRT_DEL_MFC:
687 case MRT_VERSION:
688 case MRT_ASSERT:
689 case MRT_API_SUPPORT:
690 case MRT_API_CONFIG:
691 case MRT_ADD_BW_UPCALL:
692 case MRT_DEL_BW_UPCALL:
693 error = priv_check(curthread, PRIV_NETINET_MROUTE);
694 if (error != 0)
695 return (error);
696 if (inp->inp_ip_p != IPPROTO_IGMP)
697 return (EOPNOTSUPP);
698 error = ip_mrouter_get ? ip_mrouter_get(so, sopt) :
699 EOPNOTSUPP;
700 break;
701
702 default:
703 error = ip_ctloutput(so, sopt);
704 break;
705 }
706 break;
707
708 case SOPT_SET:
709 switch (sopt->sopt_name) {
710 case IP_HDRINCL:
711 error = sooptcopyin(sopt, &optval, sizeof optval,
712 sizeof optval);
713 if (error)
714 break;
715 if (optval)
716 inp->inp_flags |= INP_HDRINCL;
717 else
718 inp->inp_flags &= ~INP_HDRINCL;
719 break;
720
721 case IP_FW3: /* generic ipfw v.3 functions */
722 case IP_FW_ADD:
723 case IP_FW_DEL:
724 case IP_FW_FLUSH:
725 case IP_FW_ZERO:
726 case IP_FW_RESETLOG:
727 case IP_FW_TABLE_ADD:
728 case IP_FW_TABLE_DEL:
729 case IP_FW_TABLE_FLUSH:
730 case IP_FW_NAT_CFG:
731 case IP_FW_NAT_DEL:
732 if (V_ip_fw_ctl_ptr != NULL)
733 error = V_ip_fw_ctl_ptr(sopt);
734 else
735 error = ENOPROTOOPT;
736 break;
737
738 case IP_DUMMYNET3: /* generic dummynet v.3 functions */
739 case IP_DUMMYNET_CONFIGURE:
740 case IP_DUMMYNET_DEL:
741 case IP_DUMMYNET_FLUSH:
742 if (ip_dn_ctl_ptr != NULL)
743 error = ip_dn_ctl_ptr(sopt);
744 else
745 error = ENOPROTOOPT ;
746 break ;
747
748 case IP_RSVP_ON:
749 error = priv_check(curthread, PRIV_NETINET_MROUTE);
750 if (error != 0)
751 return (error);
752 if (inp->inp_ip_p != IPPROTO_RSVP)
753 return (EOPNOTSUPP);
754 error = ip_rsvp_init(so);
755 break;
756
757 case IP_RSVP_OFF:
758 error = priv_check(curthread, PRIV_NETINET_MROUTE);
759 if (error != 0)
760 return (error);
761 error = ip_rsvp_done();
762 break;
763
764 case IP_RSVP_VIF_ON:
765 case IP_RSVP_VIF_OFF:
766 error = priv_check(curthread, PRIV_NETINET_MROUTE);
767 if (error != 0)
768 return (error);
769 if (inp->inp_ip_p != IPPROTO_RSVP)
770 return (EOPNOTSUPP);
771 error = ip_rsvp_vif ?
772 ip_rsvp_vif(so, sopt) : EINVAL;
773 break;
774
775 case MRT_INIT:
776 case MRT_DONE:
777 case MRT_ADD_VIF:
778 case MRT_DEL_VIF:
779 case MRT_ADD_MFC:
780 case MRT_DEL_MFC:
781 case MRT_VERSION:
782 case MRT_ASSERT:
783 case MRT_API_SUPPORT:
784 case MRT_API_CONFIG:
785 case MRT_ADD_BW_UPCALL:
786 case MRT_DEL_BW_UPCALL:
787 error = priv_check(curthread, PRIV_NETINET_MROUTE);
788 if (error != 0)
789 return (error);
790 if (inp->inp_ip_p != IPPROTO_IGMP)
791 return (EOPNOTSUPP);
792 error = ip_mrouter_set ? ip_mrouter_set(so, sopt) :
793 EOPNOTSUPP;
794 break;
795
796 default:
797 error = ip_ctloutput(so, sopt);
798 break;
799 }
800 break;
801 }
802
803 return (error);
804 }
805
806 void
807 rip_ctlinput(struct icmp *icmp)
808 {
809 #if defined(IPSEC) || defined(IPSEC_SUPPORT)
810 if (IPSEC_ENABLED(ipv4))
811 IPSEC_CTLINPUT(ipv4, icmp);
812 #endif
813 }
814
815 static int
816 rip_attach(struct socket *so, int proto, struct thread *td)
817 {
818 struct inpcb *inp;
819 int error;
820
821 inp = sotoinpcb(so);
822 KASSERT(inp == NULL, ("rip_attach: inp != NULL"));
823
824 error = priv_check(td, PRIV_NETINET_RAW);
825 if (error)
826 return (error);
827 if (proto >= IPPROTO_MAX || proto < 0)
828 return EPROTONOSUPPORT;
829 error = soreserve(so, rip_sendspace, rip_recvspace);
830 if (error)
831 return (error);
832 error = in_pcballoc(so, &V_ripcbinfo);
833 if (error)
834 return (error);
835 inp = (struct inpcb *)so->so_pcb;
836 inp->inp_ip_p = proto;
837 inp->inp_ip_ttl = V_ip_defttl;
838 INP_HASH_WLOCK(&V_ripcbinfo);
839 rip_inshash(inp);
840 INP_HASH_WUNLOCK(&V_ripcbinfo);
841 INP_WUNLOCK(inp);
842 return (0);
843 }
844
845 static void
846 rip_detach(struct socket *so)
847 {
848 struct inpcb *inp;
849
850 inp = sotoinpcb(so);
851 KASSERT(inp != NULL, ("rip_detach: inp == NULL"));
852 KASSERT(inp->inp_faddr.s_addr == INADDR_ANY,
853 ("rip_detach: not closed"));
854
855 /* Disable mrouter first */
856 if (so == V_ip_mrouter && ip_mrouter_done)
857 ip_mrouter_done();
858
859 INP_WLOCK(inp);
860 INP_HASH_WLOCK(&V_ripcbinfo);
861 rip_delhash(inp);
862 INP_HASH_WUNLOCK(&V_ripcbinfo);
863
864 if (ip_rsvp_force_done)
865 ip_rsvp_force_done(so);
866 if (so == V_ip_rsvpd)
867 ip_rsvp_done();
868 in_pcbdetach(inp);
869 in_pcbfree(inp);
870 }
871
872 static void
873 rip_dodisconnect(struct socket *so, struct inpcb *inp)
874 {
875 struct inpcbinfo *pcbinfo;
876
877 pcbinfo = inp->inp_pcbinfo;
878 INP_WLOCK(inp);
879 INP_HASH_WLOCK(pcbinfo);
880 rip_delhash(inp);
881 inp->inp_faddr.s_addr = INADDR_ANY;
882 rip_inshash(inp);
883 INP_HASH_WUNLOCK(pcbinfo);
884 SOCK_LOCK(so);
885 so->so_state &= ~SS_ISCONNECTED;
886 SOCK_UNLOCK(so);
887 INP_WUNLOCK(inp);
888 }
889
890 static void
891 rip_abort(struct socket *so)
892 {
893 struct inpcb *inp;
894
895 inp = sotoinpcb(so);
896 KASSERT(inp != NULL, ("rip_abort: inp == NULL"));
897
898 rip_dodisconnect(so, inp);
899 }
900
901 static void
902 rip_close(struct socket *so)
903 {
904 struct inpcb *inp;
905
906 inp = sotoinpcb(so);
907 KASSERT(inp != NULL, ("rip_close: inp == NULL"));
908
909 rip_dodisconnect(so, inp);
910 }
911
912 static int
913 rip_disconnect(struct socket *so)
914 {
915 struct inpcb *inp;
916
917 if ((so->so_state & SS_ISCONNECTED) == 0)
918 return (ENOTCONN);
919
920 inp = sotoinpcb(so);
921 KASSERT(inp != NULL, ("rip_disconnect: inp == NULL"));
922
923 rip_dodisconnect(so, inp);
924 return (0);
925 }
926
927 static int
928 rip_bind(struct socket *so, struct sockaddr *nam, struct thread *td)
929 {
930 struct sockaddr_in *addr = (struct sockaddr_in *)nam;
931 struct inpcb *inp;
932 int error;
933
934 if (nam->sa_family != AF_INET)
935 return (EAFNOSUPPORT);
936 if (nam->sa_len != sizeof(*addr))
937 return (EINVAL);
938
939 error = prison_check_ip4(td->td_ucred, &addr->sin_addr);
940 if (error != 0)
941 return (error);
942
943 inp = sotoinpcb(so);
944 KASSERT(inp != NULL, ("rip_bind: inp == NULL"));
945
946 if (CK_STAILQ_EMPTY(&V_ifnet) ||
947 (addr->sin_family != AF_INET && addr->sin_family != AF_IMPLINK) ||
948 (addr->sin_addr.s_addr &&
949 (inp->inp_flags & INP_BINDANY) == 0 &&
950 ifa_ifwithaddr_check((struct sockaddr *)addr) == 0))
951 return (EADDRNOTAVAIL);
952
953 INP_WLOCK(inp);
954 INP_HASH_WLOCK(&V_ripcbinfo);
955 rip_delhash(inp);
956 inp->inp_laddr = addr->sin_addr;
957 rip_inshash(inp);
958 INP_HASH_WUNLOCK(&V_ripcbinfo);
959 INP_WUNLOCK(inp);
960 return (0);
961 }
962
963 static int
964 rip_connect(struct socket *so, struct sockaddr *nam, struct thread *td)
965 {
966 struct sockaddr_in *addr = (struct sockaddr_in *)nam;
967 struct inpcb *inp;
968
969 if (nam->sa_len != sizeof(*addr))
970 return (EINVAL);
971 if (CK_STAILQ_EMPTY(&V_ifnet))
972 return (EADDRNOTAVAIL);
973 if (addr->sin_family != AF_INET && addr->sin_family != AF_IMPLINK)
974 return (EAFNOSUPPORT);
975
976 inp = sotoinpcb(so);
977 KASSERT(inp != NULL, ("rip_connect: inp == NULL"));
978
979 INP_WLOCK(inp);
980 INP_HASH_WLOCK(&V_ripcbinfo);
981 rip_delhash(inp);
982 inp->inp_faddr = addr->sin_addr;
983 rip_inshash(inp);
984 INP_HASH_WUNLOCK(&V_ripcbinfo);
985 soisconnected(so);
986 INP_WUNLOCK(inp);
987 return (0);
988 }
989
990 static int
991 rip_shutdown(struct socket *so)
992 {
993 struct inpcb *inp;
994
995 inp = sotoinpcb(so);
996 KASSERT(inp != NULL, ("rip_shutdown: inp == NULL"));
997
998 INP_WLOCK(inp);
999 socantsendmore(so);
1000 INP_WUNLOCK(inp);
1001 return (0);
1002 }
1003 #endif /* INET */
1004
1005 static int
1006 rip_pcblist(SYSCTL_HANDLER_ARGS)
1007 {
1008 struct inpcb_iterator inpi = INP_ALL_ITERATOR(&V_ripcbinfo,
1009 INPLOOKUP_RLOCKPCB);
1010 struct xinpgen xig;
1011 struct inpcb *inp;
1012 int error;
1013
1014 if (req->newptr != 0)
1015 return (EPERM);
1016
1017 if (req->oldptr == 0) {
1018 int n;
1019
1020 n = V_ripcbinfo.ipi_count;
1021 n += imax(n / 8, 10);
1022 req->oldidx = 2 * (sizeof xig) + n * sizeof(struct xinpcb);
1023 return (0);
1024 }
1025
1026 if ((error = sysctl_wire_old_buffer(req, 0)) != 0)
1027 return (error);
1028
1029 bzero(&xig, sizeof(xig));
1030 xig.xig_len = sizeof xig;
1031 xig.xig_count = V_ripcbinfo.ipi_count;
1032 xig.xig_gen = V_ripcbinfo.ipi_gencnt;
1033 xig.xig_sogen = so_gencnt;
1034 error = SYSCTL_OUT(req, &xig, sizeof xig);
1035 if (error)
1036 return (error);
1037
1038 while ((inp = inp_next(&inpi)) != NULL) {
1039 if (inp->inp_gencnt <= xig.xig_gen &&
1040 cr_canseeinpcb(req->td->td_ucred, inp) == 0) {
1041 struct xinpcb xi;
1042
1043 in_pcbtoxinpcb(inp, &xi);
1044 error = SYSCTL_OUT(req, &xi, sizeof xi);
1045 if (error) {
1046 INP_RUNLOCK(inp);
1047 break;
1048 }
1049 }
1050 }
1051
1052 if (!error) {
1053 /*
1054 * Give the user an updated idea of our state. If the
1055 * generation differs from what we told her before, she knows
1056 * that something happened while we were processing this
1057 * request, and it might be necessary to retry.
1058 */
1059 xig.xig_gen = V_ripcbinfo.ipi_gencnt;
1060 xig.xig_sogen = so_gencnt;
1061 xig.xig_count = V_ripcbinfo.ipi_count;
1062 error = SYSCTL_OUT(req, &xig, sizeof xig);
1063 }
1064
1065 return (error);
1066 }
1067
1068 SYSCTL_PROC(_net_inet_raw, OID_AUTO/*XXX*/, pcblist,
1069 CTLTYPE_OPAQUE | CTLFLAG_RD | CTLFLAG_MPSAFE, NULL, 0,
1070 rip_pcblist, "S,xinpcb",
1071 "List of active raw IP sockets");
1072
1073 #ifdef INET
1074 struct protosw rip_protosw = {
1075 .pr_type = SOCK_RAW,
1076 .pr_flags = PR_ATOMIC|PR_ADDR,
1077 .pr_ctloutput = rip_ctloutput,
1078 .pr_abort = rip_abort,
1079 .pr_attach = rip_attach,
1080 .pr_bind = rip_bind,
1081 .pr_connect = rip_connect,
1082 .pr_control = in_control,
1083 .pr_detach = rip_detach,
1084 .pr_disconnect = rip_disconnect,
1085 .pr_peeraddr = in_getpeeraddr,
1086 .pr_send = rip_send,
1087 .pr_shutdown = rip_shutdown,
1088 .pr_sockaddr = in_getsockaddr,
1089 .pr_sosetlabel = in_pcbsosetlabel,
1090 .pr_close = rip_close
1091 };
1092 #endif /* INET */
Cache object: 6397a39222bfc361e2bc1cfb5165366e
|