1 /* $OpenBSD: in6_pcb.c,v 1.123 2022/09/03 22:43:38 mvs Exp $ */
2
3 /*
4 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
5 * All rights reserved.
6 *
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
9 * are met:
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
15 * 3. Neither the name of the project nor the names of its contributors
16 * may be used to endorse or promote products derived from this software
17 * without specific prior written permission.
18 *
19 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
20 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
21 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
22 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
23 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
24 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
25 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
26 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
27 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
28 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
29 * SUCH DAMAGE.
30 */
31
32 /*
33 * @(#)COPYRIGHT 1.1 (NRL) 17 January 1995
34 *
35 * NRL grants permission for redistribution and use in source and binary
36 * forms, with or without modification, of the software and documentation
37 * created at NRL provided that the following conditions are met:
38 *
39 * 1. Redistributions of source code must retain the above copyright
40 * notice, this list of conditions and the following disclaimer.
41 * 2. Redistributions in binary form must reproduce the above copyright
42 * notice, this list of conditions and the following disclaimer in the
43 * documentation and/or other materials provided with the distribution.
44 * 3. All advertising materials mentioning features or use of this software
45 * must display the following acknowledgements:
46 * This product includes software developed by the University of
47 * California, Berkeley and its contributors.
48 * This product includes software developed at the Information
49 * Technology Division, US Naval Research Laboratory.
50 * 4. Neither the name of the NRL nor the names of its contributors
51 * may be used to endorse or promote products derived from this software
52 * without specific prior written permission.
53 *
54 * THE SOFTWARE PROVIDED BY NRL IS PROVIDED BY NRL AND CONTRIBUTORS ``AS
55 * IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
56 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
57 * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL NRL OR
58 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
59 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
60 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
61 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
62 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
63 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
64 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
65 *
66 * The views and conclusions contained in the software and documentation
67 * are those of the authors and should not be interpreted as representing
68 * official policies, either expressed or implied, of the US Naval
69 * Research Laboratory (NRL).
70 */
71
72 /*
73 * Copyright (c) 1982, 1986, 1990, 1993, 1995
74 * Regents of the University of California. All rights reserved.
75 *
76 * Redistribution and use in source and binary forms, with or without
77 * modification, are permitted provided that the following conditions
78 * are met:
79 * 1. Redistributions of source code must retain the above copyright
80 * notice, this list of conditions and the following disclaimer.
81 * 2. Redistributions in binary form must reproduce the above copyright
82 * notice, this list of conditions and the following disclaimer in the
83 * documentation and/or other materials provided with the distribution.
84 * 3. Neither the name of the University nor the names of its contributors
85 * may be used to endorse or promote products derived from this software
86 * without specific prior written permission.
87 *
88 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
89 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
90 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
91 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
92 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
93 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
94 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
95 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
96 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
97 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
98 * SUCH DAMAGE.
99 *
100 */
101
102 #include "pf.h"
103 #include "stoeplitz.h"
104
105 #include <sys/param.h>
106 #include <sys/systm.h>
107 #include <sys/mbuf.h>
108 #include <sys/protosw.h>
109 #include <sys/socket.h>
110 #include <sys/socketvar.h>
111
112 #include <net/if.h>
113 #include <net/if_var.h>
114 #include <net/pfvar.h>
115
116 #include <netinet/in.h>
117 #include <netinet/ip.h>
118 #include <netinet/ip_var.h>
119 #include <netinet/in_pcb.h>
120
121 #include <netinet6/in6_var.h>
122
123 #if NSTOEPLITZ > 0
124 #include <net/toeplitz.h>
125 #endif
126
127 const struct in6_addr zeroin6_addr;
128
129 struct inpcb *in6_pcbhash_lookup(struct inpcbtable *, u_int,
130 const struct in6_addr *, u_short, const struct in6_addr *, u_short);
131
132 struct inpcbhead *
133 in6_pcbhash(struct inpcbtable *table, u_int rdomain,
134 const struct in6_addr *faddr, u_short fport,
135 const struct in6_addr *laddr, u_short lport)
136 {
137 SIPHASH_CTX ctx;
138 u_int32_t nrdom = htonl(rdomain);
139
140 SipHash24_Init(&ctx, &table->inpt_key);
141 SipHash24_Update(&ctx, &nrdom, sizeof(nrdom));
142 SipHash24_Update(&ctx, faddr, sizeof(*faddr));
143 SipHash24_Update(&ctx, &fport, sizeof(fport));
144 SipHash24_Update(&ctx, laddr, sizeof(*laddr));
145 SipHash24_Update(&ctx, &lport, sizeof(lport));
146
147 return (&table->inpt_hashtbl[SipHash24_End(&ctx) & table->inpt_mask]);
148 }
149
150 int
151 in6_pcbaddrisavail(struct inpcb *inp, struct sockaddr_in6 *sin6, int wild,
152 struct proc *p)
153 {
154 struct socket *so = inp->inp_socket;
155 struct inpcbtable *table = inp->inp_table;
156 u_short lport = sin6->sin6_port;
157 int reuseport = (so->so_options & SO_REUSEPORT);
158
159 wild |= INPLOOKUP_IPV6;
160 /* KAME hack: embed scopeid */
161 if (in6_embedscope(&sin6->sin6_addr, sin6, inp) != 0)
162 return (EINVAL);
163 /* this must be cleared for ifa_ifwithaddr() */
164 sin6->sin6_scope_id = 0;
165 /* reject IPv4 mapped address, we have no support for it */
166 if (IN6_IS_ADDR_V4MAPPED(&sin6->sin6_addr))
167 return (EADDRNOTAVAIL);
168
169 if (IN6_IS_ADDR_MULTICAST(&sin6->sin6_addr)) {
170 /*
171 * Treat SO_REUSEADDR as SO_REUSEPORT for multicast;
172 * allow complete duplication of binding if
173 * SO_REUSEPORT is set, or if SO_REUSEADDR is set
174 * and a multicast address is bound on both
175 * new and duplicated sockets.
176 */
177 if (so->so_options & (SO_REUSEADDR|SO_REUSEPORT))
178 reuseport = SO_REUSEADDR | SO_REUSEPORT;
179 } else if (!IN6_IS_ADDR_UNSPECIFIED(&sin6->sin6_addr)) {
180 struct ifaddr *ifa = NULL;
181
182 sin6->sin6_port = 0; /*
183 * Yechhhh, because of upcoming
184 * call to ifa_ifwithaddr(), which
185 * does bcmp's over the PORTS as
186 * well. (What about flow?)
187 */
188 sin6->sin6_flowinfo = 0;
189 if (!(so->so_options & SO_BINDANY) &&
190 (ifa = ifa_ifwithaddr(sin6tosa(sin6),
191 inp->inp_rtableid)) == NULL)
192 return (EADDRNOTAVAIL);
193 sin6->sin6_port = lport;
194
195 /*
196 * bind to an anycast address might accidentally
197 * cause sending a packet with an anycast source
198 * address, so we forbid it.
199 *
200 * We should allow to bind to a deprecated address,
201 * since the application dare to use it.
202 * But, can we assume that they are careful enough
203 * to check if the address is deprecated or not?
204 * Maybe, as a safeguard, we should have a setsockopt
205 * flag to control the bind(2) behavior against
206 * deprecated addresses (default: forbid bind(2)).
207 */
208 if (ifa && ifatoia6(ifa)->ia6_flags & (IN6_IFF_ANYCAST|
209 IN6_IFF_TENTATIVE|IN6_IFF_DUPLICATED|IN6_IFF_DETACHED))
210 return (EADDRNOTAVAIL);
211 }
212 if (lport) {
213 struct inpcb *t;
214 int error = 0;
215
216 if (so->so_euid && !IN6_IS_ADDR_MULTICAST(&sin6->sin6_addr)) {
217 t = in_pcblookup_local(table, &sin6->sin6_addr, lport,
218 INPLOOKUP_WILDCARD | INPLOOKUP_IPV6,
219 inp->inp_rtableid);
220 if (t && (so->so_euid != t->inp_socket->so_euid))
221 error = EADDRINUSE;
222 in_pcbunref(t);
223 if (error)
224 return (error);
225 }
226 t = in_pcblookup_local(table, &sin6->sin6_addr, lport,
227 wild, inp->inp_rtableid);
228 if (t && (reuseport & t->inp_socket->so_options) == 0)
229 error = EADDRINUSE;
230 in_pcbunref(t);
231 if (error)
232 return (error);
233 }
234 return (0);
235 }
236
237 /*
238 * Connect from a socket to a specified address.
239 * Both address and port must be specified in argument sin6.
240 * Eventually, flow labels will have to be dealt with here, as well.
241 *
242 * If don't have a local address for this socket yet,
243 * then pick one.
244 */
245 int
246 in6_pcbconnect(struct inpcb *inp, struct mbuf *nam)
247 {
248 struct in6_addr *in6a = NULL;
249 struct sockaddr_in6 *sin6;
250 struct inpcb *t;
251 int error;
252 struct sockaddr_in6 tmp;
253
254 KASSERT(inp->inp_flags & INP_IPV6);
255
256 if ((error = in6_nam2sin6(nam, &sin6)))
257 return (error);
258 if (sin6->sin6_port == 0)
259 return (EADDRNOTAVAIL);
260 /* reject IPv4 mapped address, we have no support for it */
261 if (IN6_IS_ADDR_V4MAPPED(&sin6->sin6_addr))
262 return (EADDRNOTAVAIL);
263
264 /* protect *sin6 from overwrites */
265 tmp = *sin6;
266 sin6 = &tmp;
267
268 /* KAME hack: embed scopeid */
269 if (in6_embedscope(&sin6->sin6_addr, sin6, inp) != 0)
270 return EINVAL;
271 /* this must be cleared for ifa_ifwithaddr() */
272 sin6->sin6_scope_id = 0;
273
274 /* Source address selection. */
275 /*
276 * XXX: in6_selectsrc might replace the bound local address
277 * with the address specified by setsockopt(IPV6_PKTINFO).
278 * Is it the intended behavior?
279 */
280 error = in6_pcbselsrc(&in6a, sin6, inp, inp->inp_outputopts6);
281 if (error)
282 return (error);
283
284 inp->inp_ipv6.ip6_hlim = (u_int8_t)in6_selecthlim(inp);
285
286 t = in6_pcblookup(inp->inp_table, &sin6->sin6_addr, sin6->sin6_port,
287 IN6_IS_ADDR_UNSPECIFIED(&inp->inp_laddr6) ? in6a : &inp->inp_laddr6,
288 inp->inp_lport, inp->inp_rtableid);
289 if (t != NULL) {
290 in_pcbunref(t);
291 return (EADDRINUSE);
292 }
293
294 KASSERT(IN6_IS_ADDR_UNSPECIFIED(&inp->inp_laddr6) || inp->inp_lport);
295
296 if (IN6_IS_ADDR_UNSPECIFIED(&inp->inp_laddr6)) {
297 if (inp->inp_lport == 0) {
298 error = in_pcbbind(inp, NULL, curproc);
299 if (error)
300 return (error);
301 t = in6_pcblookup(inp->inp_table, &sin6->sin6_addr,
302 sin6->sin6_port, in6a, inp->inp_lport,
303 inp->inp_rtableid);
304 if (t != NULL) {
305 inp->inp_lport = 0;
306 in_pcbunref(t);
307 return (EADDRINUSE);
308 }
309 }
310 inp->inp_laddr6 = *in6a;
311 }
312 inp->inp_faddr6 = sin6->sin6_addr;
313 inp->inp_fport = sin6->sin6_port;
314 inp->inp_flowinfo &= ~IPV6_FLOWLABEL_MASK;
315 if (ip6_auto_flowlabel)
316 inp->inp_flowinfo |=
317 (htonl(ip6_randomflowlabel()) & IPV6_FLOWLABEL_MASK);
318 #if NSTOEPLITZ > 0
319 inp->inp_flowid = stoeplitz_ip6port(&inp->inp_faddr6,
320 &inp->inp_laddr6, inp->inp_fport, inp->inp_lport);
321 #endif
322 in_pcbrehash(inp);
323 return (0);
324 }
325
326 /*
327 * Get the local address/port, and put it in a sockaddr_in6.
328 * This services the getsockname(2) call.
329 */
330 void
331 in6_setsockaddr(struct inpcb *inp, struct mbuf *nam)
332 {
333 struct sockaddr_in6 *sin6;
334
335 nam->m_len = sizeof(struct sockaddr_in6);
336 sin6 = mtod(nam,struct sockaddr_in6 *);
337
338 bzero ((caddr_t)sin6,sizeof(struct sockaddr_in6));
339 sin6->sin6_family = AF_INET6;
340 sin6->sin6_len = sizeof(struct sockaddr_in6);
341 sin6->sin6_port = inp->inp_lport;
342 sin6->sin6_addr = inp->inp_laddr6;
343 /* KAME hack: recover scopeid */
344 in6_recoverscope(sin6, &inp->inp_laddr6);
345 }
346
347 /*
348 * Get the foreign address/port, and put it in a sockaddr_in6.
349 * This services the getpeername(2) call.
350 */
351 void
352 in6_setpeeraddr(struct inpcb *inp, struct mbuf *nam)
353 {
354 struct sockaddr_in6 *sin6;
355
356 nam->m_len = sizeof(struct sockaddr_in6);
357 sin6 = mtod(nam,struct sockaddr_in6 *);
358
359 bzero ((caddr_t)sin6,sizeof(struct sockaddr_in6));
360 sin6->sin6_family = AF_INET6;
361 sin6->sin6_len = sizeof(struct sockaddr_in6);
362 sin6->sin6_port = inp->inp_fport;
363 sin6->sin6_addr = inp->inp_faddr6;
364 /* KAME hack: recover scopeid */
365 in6_recoverscope(sin6, &inp->inp_faddr6);
366 }
367
368 int
369 in6_sockaddr(struct socket *so, struct mbuf *nam)
370 {
371 struct inpcb *in6p;
372
373 in6p = sotoinpcb(so);
374 in6_setsockaddr(in6p, nam);
375
376 return (0);
377 }
378
379 int
380 in6_peeraddr(struct socket *so, struct mbuf *nam)
381 {
382 struct inpcb *in6p;
383
384 in6p = sotoinpcb(so);
385 in6_setpeeraddr(in6p, nam);
386
387 return (0);
388 }
389
390 /*
391 * Pass some notification to all connections of a protocol
392 * associated with address dst. The local address and/or port numbers
393 * may be specified to limit the search. The "usual action" will be
394 * taken, depending on the ctlinput cmd. The caller must filter any
395 * cmds that are uninteresting (e.g., no error in the map).
396 * Call the protocol specific routine (if any) to report
397 * any errors for each matching socket.
398 *
399 * Also perform input-side security policy check
400 * once PCB to be notified has been located.
401 */
402 void
403 in6_pcbnotify(struct inpcbtable *table, struct sockaddr_in6 *dst,
404 uint fport_arg, const struct sockaddr_in6 *src, uint lport_arg,
405 u_int rtable, int cmd, void *cmdarg, void (*notify)(struct inpcb *, int))
406 {
407 SIMPLEQ_HEAD(, inpcb) inpcblist;
408 struct inpcb *inp;
409 u_short fport = fport_arg, lport = lport_arg;
410 struct sockaddr_in6 sa6_src;
411 int errno;
412 u_int32_t flowinfo;
413 u_int rdomain;
414
415 if ((unsigned)cmd >= PRC_NCMDS)
416 return;
417
418 if (IN6_IS_ADDR_UNSPECIFIED(&dst->sin6_addr))
419 return;
420 if (IN6_IS_ADDR_V4MAPPED(&dst->sin6_addr)) {
421 #ifdef DIAGNOSTIC
422 printf("%s: Huh? Thought we never got "
423 "called with mapped!\n", __func__);
424 #endif
425 return;
426 }
427
428 /*
429 * note that src can be NULL when we get notify by local fragmentation.
430 */
431 sa6_src = (src == NULL) ? sa6_any : *src;
432 flowinfo = sa6_src.sin6_flowinfo;
433
434 /*
435 * Redirects go to all references to the destination,
436 * and use in_rtchange to invalidate the route cache.
437 * Dead host indications: also use in_rtchange to invalidate
438 * the cache, and deliver the error to all the sockets.
439 * Otherwise, if we have knowledge of the local port and address,
440 * deliver only to that socket.
441 */
442 if (PRC_IS_REDIRECT(cmd) || cmd == PRC_HOSTDEAD) {
443 fport = 0;
444 lport = 0;
445 sa6_src.sin6_addr = in6addr_any;
446
447 if (cmd != PRC_HOSTDEAD)
448 notify = in_rtchange;
449 }
450 errno = inet6ctlerrmap[cmd];
451 if (notify == NULL)
452 return;
453
454 SIMPLEQ_INIT(&inpcblist);
455 rdomain = rtable_l2(rtable);
456 rw_enter_write(&table->inpt_notify);
457 mtx_enter(&table->inpt_mtx);
458 TAILQ_FOREACH(inp, &table->inpt_queue, inp_queue) {
459 if ((inp->inp_flags & INP_IPV6) == 0)
460 continue;
461
462 /*
463 * Under the following condition, notify of redirects
464 * to the pcb, without making address matches against inpcb.
465 * - redirect notification is arrived.
466 * - the inpcb is unconnected.
467 * - the inpcb is caching !RTF_HOST routing entry.
468 * - the ICMPv6 notification is from the gateway cached in the
469 * inpcb. i.e. ICMPv6 notification is from nexthop gateway
470 * the inpcb used very recently.
471 *
472 * This is to improve interaction between netbsd/openbsd
473 * redirect handling code, and inpcb route cache code.
474 * without the clause, !RTF_HOST routing entry (which carries
475 * gateway used by inpcb right before the ICMPv6 redirect)
476 * will be cached forever in unconnected inpcb.
477 *
478 * There still is a question regarding to what is TRT:
479 * - On bsdi/freebsd, RTF_HOST (cloned) routing entry will be
480 * generated on packet output. inpcb will always cache
481 * RTF_HOST routing entry so there's no need for the clause
482 * (ICMPv6 redirect will update RTF_HOST routing entry,
483 * and inpcb is caching it already).
484 * However, bsdi/freebsd are vulnerable to local DoS attacks
485 * due to the cloned routing entries.
486 * - Specwise, "destination cache" is mentioned in RFC2461.
487 * Jinmei says that it implies bsdi/freebsd behavior, itojun
488 * is not really convinced.
489 * - Having hiwat/lowat on # of cloned host route (redirect/
490 * pmtud) may be a good idea. netbsd/openbsd has it. see
491 * icmp6_mtudisc_update().
492 */
493 if ((PRC_IS_REDIRECT(cmd) || cmd == PRC_HOSTDEAD) &&
494 IN6_IS_ADDR_UNSPECIFIED(&inp->inp_laddr6) &&
495 inp->inp_route.ro_rt &&
496 !(inp->inp_route.ro_rt->rt_flags & RTF_HOST)) {
497 struct sockaddr_in6 *dst6;
498
499 dst6 = satosin6(&inp->inp_route.ro_dst);
500 if (IN6_ARE_ADDR_EQUAL(&dst6->sin6_addr,
501 &dst->sin6_addr))
502 goto do_notify;
503 }
504
505 /*
506 * Detect if we should notify the error. If no source and
507 * destination ports are specified, but non-zero flowinfo and
508 * local address match, notify the error. This is the case
509 * when the error is delivered with an encrypted buffer
510 * by ESP. Otherwise, just compare addresses and ports
511 * as usual.
512 */
513 if (lport == 0 && fport == 0 && flowinfo &&
514 inp->inp_socket != NULL &&
515 flowinfo == (inp->inp_flowinfo & IPV6_FLOWLABEL_MASK) &&
516 IN6_ARE_ADDR_EQUAL(&inp->inp_laddr6, &sa6_src.sin6_addr))
517 goto do_notify;
518 else if (!IN6_ARE_ADDR_EQUAL(&inp->inp_faddr6,
519 &dst->sin6_addr) ||
520 rtable_l2(inp->inp_rtableid) != rdomain ||
521 inp->inp_socket == NULL ||
522 (lport && inp->inp_lport != lport) ||
523 (!IN6_IS_ADDR_UNSPECIFIED(&sa6_src.sin6_addr) &&
524 !IN6_ARE_ADDR_EQUAL(&inp->inp_laddr6,
525 &sa6_src.sin6_addr)) ||
526 (fport && inp->inp_fport != fport)) {
527 continue;
528 }
529 do_notify:
530 in_pcbref(inp);
531 SIMPLEQ_INSERT_TAIL(&inpcblist, inp, inp_notify);
532 }
533 mtx_leave(&table->inpt_mtx);
534
535 while ((inp = SIMPLEQ_FIRST(&inpcblist)) != NULL) {
536 SIMPLEQ_REMOVE_HEAD(&inpcblist, inp_notify);
537 (*notify)(inp, errno);
538 in_pcbunref(inp);
539 }
540 rw_exit_write(&table->inpt_notify);
541 }
542
543 struct inpcb *
544 in6_pcbhash_lookup(struct inpcbtable *table, u_int rdomain,
545 const struct in6_addr *faddr, u_short fport,
546 const struct in6_addr *laddr, u_short lport)
547 {
548 struct inpcbhead *head;
549 struct inpcb *inp;
550
551 NET_ASSERT_LOCKED();
552 MUTEX_ASSERT_LOCKED(&table->inpt_mtx);
553
554 head = in6_pcbhash(table, rdomain, faddr, fport, laddr, lport);
555 LIST_FOREACH(inp, head, inp_hash) {
556 if (!ISSET(inp->inp_flags, INP_IPV6))
557 continue;
558 if (inp->inp_fport == fport && inp->inp_lport == lport &&
559 IN6_ARE_ADDR_EQUAL(&inp->inp_faddr6, faddr) &&
560 IN6_ARE_ADDR_EQUAL(&inp->inp_laddr6, laddr) &&
561 rtable_l2(inp->inp_rtableid) == rdomain) {
562 break;
563 }
564 }
565 if (inp != NULL) {
566 /*
567 * Move this PCB to the head of hash chain so that
568 * repeated accesses are quicker. This is analogous to
569 * the historic single-entry PCB cache.
570 */
571 if (inp != LIST_FIRST(head)) {
572 LIST_REMOVE(inp, inp_hash);
573 LIST_INSERT_HEAD(head, inp, inp_hash);
574 }
575 }
576 return (inp);
577 }
578
579 struct inpcb *
580 in6_pcblookup(struct inpcbtable *table, const struct in6_addr *faddr,
581 u_int fport, const struct in6_addr *laddr, u_int lport, u_int rtable)
582 {
583 struct inpcb *inp;
584 u_int rdomain;
585
586 rdomain = rtable_l2(rtable);
587 mtx_enter(&table->inpt_mtx);
588 inp = in6_pcbhash_lookup(table, rdomain, faddr, fport, laddr, lport);
589 in_pcbref(inp);
590 mtx_leave(&table->inpt_mtx);
591 #ifdef DIAGNOSTIC
592 if (inp == NULL && in_pcbnotifymiss) {
593 printf("%s: faddr= fport=%d laddr= lport=%d rdom=%u\n",
594 __func__, ntohs(fport), ntohs(lport), rdomain);
595 }
596 #endif
597 return (inp);
598 }
599
600 struct inpcb *
601 in6_pcblookup_listen(struct inpcbtable *table, struct in6_addr *laddr,
602 u_int lport, struct mbuf *m, u_int rtable)
603 {
604 const struct in6_addr *key1, *key2;
605 struct inpcb *inp;
606 u_int rdomain;
607
608 key1 = laddr;
609 key2 = &zeroin6_addr;
610 #if NPF > 0
611 if (m && m->m_pkthdr.pf.flags & PF_TAG_DIVERTED) {
612 struct pf_divert *divert;
613
614 divert = pf_find_divert(m);
615 KASSERT(divert != NULL);
616 switch (divert->type) {
617 case PF_DIVERT_TO:
618 key1 = key2 = &divert->addr.v6;
619 lport = divert->port;
620 break;
621 case PF_DIVERT_REPLY:
622 return (NULL);
623 default:
624 panic("%s: unknown divert type %d, mbuf %p, divert %p",
625 __func__, divert->type, m, divert);
626 }
627 } else if (m && m->m_pkthdr.pf.flags & PF_TAG_TRANSLATE_LOCALHOST) {
628 /*
629 * Redirected connections should not be treated the same
630 * as connections directed to ::1 since localhost
631 * can only be accessed from the host itself.
632 */
633 key1 = &zeroin6_addr;
634 key2 = laddr;
635 }
636 #endif
637
638 rdomain = rtable_l2(rtable);
639 mtx_enter(&table->inpt_mtx);
640 inp = in6_pcbhash_lookup(table, rdomain, &zeroin6_addr, 0, key1, lport);
641 if (inp == NULL && ! IN6_ARE_ADDR_EQUAL(key1, key2)) {
642 inp = in6_pcbhash_lookup(table, rdomain,
643 &zeroin6_addr, 0, key2, lport);
644 }
645 in_pcbref(inp);
646 mtx_leave(&table->inpt_mtx);
647 #ifdef DIAGNOSTIC
648 if (inp == NULL && in_pcbnotifymiss) {
649 printf("%s: laddr= lport=%d rdom=%u\n",
650 __func__, ntohs(lport), rdomain);
651 }
652 #endif
653 return (inp);
654 }
Cache object: 1f8f19dc108325cac09d5709bdefea62
|