The Design and Implementation of the FreeBSD Operating System, Second Edition
Now available: The Design and Implementation of the FreeBSD Operating System (Second Edition)


[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]

FreeBSD/Linux Kernel Cross Reference
sys/netinet6/udp6_usrreq.c

Version: -  FREEBSD  -  FREEBSD-12-STABLE  -  FREEBSD-12-0  -  FREEBSD-11-STABLE  -  FREEBSD-11-2  -  FREEBSD-11-1  -  FREEBSD-11-0  -  FREEBSD-10-STABLE  -  FREEBSD-10-4  -  FREEBSD-10-3  -  FREEBSD-10-2  -  FREEBSD-10-1  -  FREEBSD-10-0  -  FREEBSD-9-STABLE  -  FREEBSD-9-3  -  FREEBSD-9-2  -  FREEBSD-9-1  -  FREEBSD-9-0  -  FREEBSD-8-STABLE  -  FREEBSD-8-4  -  FREEBSD-8-3  -  FREEBSD-8-2  -  FREEBSD-8-1  -  FREEBSD-8-0  -  FREEBSD-7-STABLE  -  FREEBSD-7-4  -  FREEBSD-7-3  -  FREEBSD-7-2  -  FREEBSD-7-1  -  FREEBSD-7-0  -  FREEBSD-6-STABLE  -  FREEBSD-6-4  -  FREEBSD-6-3  -  FREEBSD-6-2  -  FREEBSD-6-1  -  FREEBSD-6-0  -  FREEBSD-5-STABLE  -  FREEBSD-5-5  -  FREEBSD-5-4  -  FREEBSD-5-3  -  FREEBSD-5-2  -  FREEBSD-5-1  -  FREEBSD-5-0  -  FREEBSD-4-STABLE  -  FREEBSD-3-STABLE  -  FREEBSD22  -  linux-2.6  -  linux-2.4.22  -  MK83  -  MK84  -  PLAN9  -  DFBSD  -  NETBSD  -  NETBSD5  -  NETBSD4  -  NETBSD3  -  NETBSD20  -  OPENBSD  -  xnu-517  -  xnu-792  -  xnu-792.6.70  -  xnu-1228  -  xnu-1456.1.26  -  xnu-1699.24.8  -  xnu-2050.18.24  -  OPENSOLARIS  -  minix-3-1-1 
SearchContext: -  none  -  3  -  10 

    1 /*-
    2  * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
    3  * Copyright (c) 2010-2011 Juniper Networks, Inc.
    4  * Copyright (c) 2014 Kevin Lo
    5  * All rights reserved.
    6  *
    7  * Portions of this software were developed by Robert N. M. Watson under
    8  * contract to Juniper Networks, Inc.
    9  *
   10  * Redistribution and use in source and binary forms, with or without
   11  * modification, are permitted provided that the following conditions
   12  * are met:
   13  * 1. Redistributions of source code must retain the above copyright
   14  *    notice, this list of conditions and the following disclaimer.
   15  * 2. Redistributions in binary form must reproduce the above copyright
   16  *    notice, this list of conditions and the following disclaimer in the
   17  *    documentation and/or other materials provided with the distribution.
   18  * 3. Neither the name of the project nor the names of its contributors
   19  *    may be used to endorse or promote products derived from this software
   20  *    without specific prior written permission.
   21  *
   22  * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
   23  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
   24  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
   25  * ARE DISCLAIMED.  IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
   26  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
   27  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
   28  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
   29  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
   30  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
   31  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
   32  * SUCH DAMAGE.
   33  *
   34  *      $KAME: udp6_usrreq.c,v 1.27 2001/05/21 05:45:10 jinmei Exp $
   35  *      $KAME: udp6_output.c,v 1.31 2001/05/21 16:39:15 jinmei Exp $
   36  */
   37 
   38 /*-
   39  * Copyright (c) 1982, 1986, 1988, 1990, 1993, 1995
   40  *      The Regents of the University of California.
   41  * All rights reserved.
   42  *
   43  * Redistribution and use in source and binary forms, with or without
   44  * modification, are permitted provided that the following conditions
   45  * are met:
   46  * 1. Redistributions of source code must retain the above copyright
   47  *    notice, this list of conditions and the following disclaimer.
   48  * 2. Redistributions in binary form must reproduce the above copyright
   49  *    notice, this list of conditions and the following disclaimer in the
   50  *    documentation and/or other materials provided with the distribution.
   51  * 4. Neither the name of the University nor the names of its contributors
   52  *    may be used to endorse or promote products derived from this software
   53  *    without specific prior written permission.
   54  *
   55  * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
   56  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
   57  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
   58  * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
   59  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
   60  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
   61  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
   62  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
   63  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
   64  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
   65  * SUCH DAMAGE.
   66  *
   67  *      @(#)udp_usrreq.c        8.6 (Berkeley) 5/23/95
   68  */
   69 
   70 #include <sys/cdefs.h>
   71 __FBSDID("$FreeBSD: releng/10.4/sys/netinet6/udp6_usrreq.c 338980 2018-09-27 18:34:42Z gordon $");
   72 
   73 #include "opt_inet.h"
   74 #include "opt_inet6.h"
   75 #include "opt_ipfw.h"
   76 #include "opt_ipsec.h"
   77 #include "opt_kdtrace.h"
   78 
   79 #include <sys/param.h>
   80 #include <sys/jail.h>
   81 #include <sys/kernel.h>
   82 #include <sys/lock.h>
   83 #include <sys/mbuf.h>
   84 #include <sys/priv.h>
   85 #include <sys/proc.h>
   86 #include <sys/protosw.h>
   87 #include <sys/sdt.h>
   88 #include <sys/signalvar.h>
   89 #include <sys/socket.h>
   90 #include <sys/socketvar.h>
   91 #include <sys/sx.h>
   92 #include <sys/sysctl.h>
   93 #include <sys/syslog.h>
   94 #include <sys/systm.h>
   95 
   96 #include <net/if.h>
   97 #include <net/if_types.h>
   98 #include <net/route.h>
   99 
  100 #include <netinet/in.h>
  101 #include <netinet/in_kdtrace.h>
  102 #include <netinet/in_pcb.h>
  103 #include <netinet/in_systm.h>
  104 #include <netinet/in_var.h>
  105 #include <netinet/ip.h>
  106 #include <netinet/ip_icmp.h>
  107 #include <netinet/ip6.h>
  108 #include <netinet/icmp_var.h>
  109 #include <netinet/icmp6.h>
  110 #include <netinet/ip_var.h>
  111 #include <netinet/udp.h>
  112 #include <netinet/udp_var.h>
  113 #include <netinet/udplite.h>
  114 
  115 #include <netinet6/ip6protosw.h>
  116 #include <netinet6/ip6_var.h>
  117 #include <netinet6/in6_pcb.h>
  118 #include <netinet6/udp6_var.h>
  119 #include <netinet6/scope6_var.h>
  120 
  121 #ifdef IPSEC
  122 #include <netipsec/ipsec.h>
  123 #include <netipsec/ipsec6.h>
  124 #endif /* IPSEC */
  125 
  126 #include <security/mac/mac_framework.h>
  127 
  128 /*
  129  * UDP protocol implementation.
  130  * Per RFC 768, August, 1980.
  131  */
  132 
  133 extern struct protosw   inetsw[];
  134 static void             udp6_detach(struct socket *so);
  135 
  136 static void
  137 udp6_append(struct inpcb *inp, struct mbuf *n, int off,
  138     struct sockaddr_in6 *fromsa)
  139 {
  140         struct socket *so;
  141         struct mbuf *opts;
  142         struct udpcb *up;
  143 
  144         INP_LOCK_ASSERT(inp);
  145 
  146         /*
  147          * Engage the tunneling protocol.
  148          */
  149         up = intoudpcb(inp);
  150         if (up->u_tun_func != NULL) {
  151                 (*up->u_tun_func)(n, off, inp, (struct sockaddr *)fromsa,
  152                     up->u_tun_ctx);
  153                 return;
  154         }
  155 #ifdef IPSEC
  156         /* Check AH/ESP integrity. */
  157         if (ipsec6_in_reject(n, inp)) {
  158                 m_freem(n);
  159                 IPSEC6STAT_INC(ips_in_polvio);
  160                 return;
  161         }
  162 #endif /* IPSEC */
  163 #ifdef MAC
  164         if (mac_inpcb_check_deliver(inp, n) != 0) {
  165                 m_freem(n);
  166                 return;
  167         }
  168 #endif
  169         opts = NULL;
  170         if (inp->inp_flags & INP_CONTROLOPTS ||
  171             inp->inp_socket->so_options & SO_TIMESTAMP)
  172                 ip6_savecontrol(inp, n, &opts);
  173         m_adj(n, off + sizeof(struct udphdr));
  174 
  175         so = inp->inp_socket;
  176         SOCKBUF_LOCK(&so->so_rcv);
  177         if (sbappendaddr_locked(&so->so_rcv, (struct sockaddr *)fromsa, n,
  178             opts) == 0) {
  179                 SOCKBUF_UNLOCK(&so->so_rcv);
  180                 m_freem(n);
  181                 if (opts)
  182                         m_freem(opts);
  183                 UDPSTAT_INC(udps_fullsock);
  184         } else
  185                 sorwakeup_locked(so);
  186 }
  187 
  188 int
  189 udp6_input(struct mbuf **mp, int *offp, int proto)
  190 {
  191         struct mbuf *m = *mp;
  192         struct ifnet *ifp;
  193         struct ip6_hdr *ip6;
  194         struct udphdr *uh;
  195         struct inpcb *inp;
  196         struct inpcbinfo *pcbinfo;
  197         struct udpcb *up;
  198         int off = *offp;
  199         int cscov_partial;
  200         int plen, ulen;
  201         struct sockaddr_in6 fromsa;
  202         struct m_tag *fwd_tag;
  203         uint16_t uh_sum;
  204         uint8_t nxt;
  205 
  206         ifp = m->m_pkthdr.rcvif;
  207         ip6 = mtod(m, struct ip6_hdr *);
  208 
  209         if (faithprefix_p != NULL && (*faithprefix_p)(&ip6->ip6_dst)) {
  210                 /* XXX send icmp6 host/port unreach? */
  211                 m_freem(m);
  212                 return (IPPROTO_DONE);
  213         }
  214 
  215 #ifndef PULLDOWN_TEST
  216         IP6_EXTHDR_CHECK(m, off, sizeof(struct udphdr), IPPROTO_DONE);
  217         ip6 = mtod(m, struct ip6_hdr *);
  218         uh = (struct udphdr *)((caddr_t)ip6 + off);
  219 #else
  220         IP6_EXTHDR_GET(uh, struct udphdr *, m, off, sizeof(*uh));
  221         if (!uh)
  222                 return (IPPROTO_DONE);
  223 #endif
  224 
  225         UDPSTAT_INC(udps_ipackets);
  226 
  227         /*
  228          * Destination port of 0 is illegal, based on RFC768.
  229          */
  230         if (uh->uh_dport == 0)
  231                 goto badunlocked;
  232 
  233         plen = ntohs(ip6->ip6_plen) - off + sizeof(*ip6);
  234         ulen = ntohs((u_short)uh->uh_ulen);
  235 
  236         nxt = ip6->ip6_nxt;
  237         cscov_partial = (nxt == IPPROTO_UDPLITE) ? 1 : 0;
  238         if (nxt == IPPROTO_UDPLITE) {
  239                 /* Zero means checksum over the complete packet. */
  240                 if (ulen == 0)
  241                         ulen = plen;
  242                 if (ulen == plen)
  243                         cscov_partial = 0;
  244                 if ((ulen < sizeof(struct udphdr)) || (ulen > plen)) {
  245                         /* XXX: What is the right UDPLite MIB counter? */
  246                         goto badunlocked;
  247                 }
  248                 if (uh->uh_sum == 0) {
  249                         /* XXX: What is the right UDPLite MIB counter? */
  250                         goto badunlocked;
  251                 }
  252         } else {
  253                 if ((ulen < sizeof(struct udphdr)) || (plen != ulen)) {
  254                         UDPSTAT_INC(udps_badlen);
  255                         goto badunlocked;
  256                 }
  257                 if (uh->uh_sum == 0) {
  258                         UDPSTAT_INC(udps_nosum);
  259                         goto badunlocked;
  260                 }
  261         }
  262 
  263         if ((m->m_pkthdr.csum_flags & CSUM_DATA_VALID_IPV6) &&
  264             !cscov_partial) {
  265                 if (m->m_pkthdr.csum_flags & CSUM_PSEUDO_HDR)
  266                         uh_sum = m->m_pkthdr.csum_data;
  267                 else
  268                         uh_sum = in6_cksum_pseudo(ip6, ulen, nxt,
  269                             m->m_pkthdr.csum_data);
  270                 uh_sum ^= 0xffff;
  271         } else
  272                 uh_sum = in6_cksum_partial(m, nxt, off, plen, ulen);
  273 
  274         if (uh_sum != 0) {
  275                 UDPSTAT_INC(udps_badsum);
  276                 goto badunlocked;
  277         }
  278 
  279         /*
  280          * Construct sockaddr format source address.
  281          */
  282         init_sin6(&fromsa, m);
  283         fromsa.sin6_port = uh->uh_sport;
  284 
  285         pcbinfo = get_inpcbinfo(nxt);
  286         if (IN6_IS_ADDR_MULTICAST(&ip6->ip6_dst)) {
  287                 struct inpcb *last;
  288                 struct inpcbhead *pcblist;
  289                 struct ip6_moptions *imo;
  290 
  291                 INP_INFO_RLOCK(pcbinfo);
  292                 /*
  293                  * In the event that laddr should be set to the link-local
  294                  * address (this happens in RIPng), the multicast address
  295                  * specified in the received packet will not match laddr.  To
  296                  * handle this situation, matching is relaxed if the
  297                  * receiving interface is the same as one specified in the
  298                  * socket and if the destination multicast address matches
  299                  * one of the multicast groups specified in the socket.
  300                  */
  301 
  302                 /*
  303                  * KAME note: traditionally we dropped udpiphdr from mbuf
  304                  * here.  We need udphdr for IPsec processing so we do that
  305                  * later.
  306                  */
  307                 pcblist = get_pcblist(nxt);
  308                 last = NULL;
  309                 LIST_FOREACH(inp, pcblist, inp_list) {
  310                         if ((inp->inp_vflag & INP_IPV6) == 0)
  311                                 continue;
  312                         if (inp->inp_lport != uh->uh_dport)
  313                                 continue;
  314                         if (inp->inp_fport != 0 &&
  315                             inp->inp_fport != uh->uh_sport)
  316                                 continue;
  317                         if (!IN6_IS_ADDR_UNSPECIFIED(&inp->in6p_laddr)) {
  318                                 if (!IN6_ARE_ADDR_EQUAL(&inp->in6p_laddr,
  319                                                         &ip6->ip6_dst))
  320                                         continue;
  321                         }
  322                         if (!IN6_IS_ADDR_UNSPECIFIED(&inp->in6p_faddr)) {
  323                                 if (!IN6_ARE_ADDR_EQUAL(&inp->in6p_faddr,
  324                                                         &ip6->ip6_src) ||
  325                                     inp->inp_fport != uh->uh_sport)
  326                                         continue;
  327                         }
  328 
  329                         /*
  330                          * XXXRW: Because we weren't holding either the inpcb
  331                          * or the hash lock when we checked for a match 
  332                          * before, we should probably recheck now that the 
  333                          * inpcb lock is (supposed to be) held.
  334                          */
  335 
  336                         /*
  337                          * Handle socket delivery policy for any-source
  338                          * and source-specific multicast. [RFC3678]
  339                          */
  340                         imo = inp->in6p_moptions;
  341                         if (imo && IN6_IS_ADDR_MULTICAST(&ip6->ip6_dst)) {
  342                                 struct sockaddr_in6      mcaddr;
  343                                 int                      blocked;
  344 
  345                                 INP_RLOCK(inp);
  346 
  347                                 bzero(&mcaddr, sizeof(struct sockaddr_in6));
  348                                 mcaddr.sin6_len = sizeof(struct sockaddr_in6);
  349                                 mcaddr.sin6_family = AF_INET6;
  350                                 mcaddr.sin6_addr = ip6->ip6_dst;
  351 
  352                                 blocked = im6o_mc_filter(imo, ifp,
  353                                         (struct sockaddr *)&mcaddr,
  354                                         (struct sockaddr *)&fromsa);
  355                                 if (blocked != MCAST_PASS) {
  356                                         if (blocked == MCAST_NOTGMEMBER)
  357                                                 IP6STAT_INC(ip6s_notmember);
  358                                         if (blocked == MCAST_NOTSMEMBER ||
  359                                             blocked == MCAST_MUTED)
  360                                                 UDPSTAT_INC(udps_filtermcast);
  361                                         INP_RUNLOCK(inp); /* XXX */
  362                                         continue;
  363                                 }
  364 
  365                                 INP_RUNLOCK(inp);
  366                         }
  367                         if (last != NULL) {
  368                                 struct mbuf *n;
  369 
  370                                 if ((n = m_copy(m, 0, M_COPYALL)) != NULL) {
  371                                         INP_RLOCK(last);
  372                                         UDP_PROBE(receive, NULL, last, ip6,
  373                                             last, uh);
  374                                         udp6_append(last, n, off, &fromsa);
  375                                         INP_RUNLOCK(last);
  376                                 }
  377                         }
  378                         last = inp;
  379                         /*
  380                          * Don't look for additional matches if this one does
  381                          * not have either the SO_REUSEPORT or SO_REUSEADDR
  382                          * socket options set.  This heuristic avoids
  383                          * searching through all pcbs in the common case of a
  384                          * non-shared port.  It assumes that an application
  385                          * will never clear these options after setting them.
  386                          */
  387                         if ((last->inp_socket->so_options &
  388                              (SO_REUSEPORT|SO_REUSEADDR)) == 0)
  389                                 break;
  390                 }
  391 
  392                 if (last == NULL) {
  393                         /*
  394                          * No matching pcb found; discard datagram.  (No need
  395                          * to send an ICMP Port Unreachable for a broadcast
  396                          * or multicast datgram.)
  397                          */
  398                         UDPSTAT_INC(udps_noport);
  399                         UDPSTAT_INC(udps_noportmcast);
  400                         goto badheadlocked;
  401                 }
  402                 INP_RLOCK(last);
  403                 INP_INFO_RUNLOCK(pcbinfo);
  404                 UDP_PROBE(receive, NULL, last, ip6, last, uh);
  405                 udp6_append(last, m, off, &fromsa);
  406                 INP_RUNLOCK(last);
  407                 return (IPPROTO_DONE);
  408         }
  409         /*
  410          * Locate pcb for datagram.
  411          */
  412 
  413         /*
  414          * Grab info from PACKET_TAG_IPFORWARD tag prepended to the chain.
  415          */
  416         if ((m->m_flags & M_IP6_NEXTHOP) &&
  417             (fwd_tag = m_tag_find(m, PACKET_TAG_IPFORWARD, NULL)) != NULL) {
  418                 struct sockaddr_in6 *next_hop6;
  419 
  420                 next_hop6 = (struct sockaddr_in6 *)(fwd_tag + 1);
  421 
  422                 /*
  423                  * Transparently forwarded. Pretend to be the destination.
  424                  * Already got one like this?
  425                  */
  426                 inp = in6_pcblookup_mbuf(pcbinfo, &ip6->ip6_src,
  427                     uh->uh_sport, &ip6->ip6_dst, uh->uh_dport,
  428                     INPLOOKUP_RLOCKPCB, m->m_pkthdr.rcvif, m);
  429                 if (!inp) {
  430                         /*
  431                          * It's new.  Try to find the ambushing socket.
  432                          * Because we've rewritten the destination address,
  433                          * any hardware-generated hash is ignored.
  434                          */
  435                         inp = in6_pcblookup(pcbinfo, &ip6->ip6_src,
  436                             uh->uh_sport, &next_hop6->sin6_addr,
  437                             next_hop6->sin6_port ? htons(next_hop6->sin6_port) :
  438                             uh->uh_dport, INPLOOKUP_WILDCARD |
  439                             INPLOOKUP_RLOCKPCB, m->m_pkthdr.rcvif);
  440                 }
  441                 /* Remove the tag from the packet. We don't need it anymore. */
  442                 m_tag_delete(m, fwd_tag);
  443                 m->m_flags &= ~M_IP6_NEXTHOP;
  444         } else
  445                 inp = in6_pcblookup_mbuf(pcbinfo, &ip6->ip6_src,
  446                     uh->uh_sport, &ip6->ip6_dst, uh->uh_dport,
  447                     INPLOOKUP_WILDCARD | INPLOOKUP_RLOCKPCB,
  448                     m->m_pkthdr.rcvif, m);
  449         if (inp == NULL) {
  450                 if (udp_log_in_vain) {
  451                         char ip6bufs[INET6_ADDRSTRLEN];
  452                         char ip6bufd[INET6_ADDRSTRLEN];
  453 
  454                         log(LOG_INFO,
  455                             "Connection attempt to UDP [%s]:%d from [%s]:%d\n",
  456                             ip6_sprintf(ip6bufd, &ip6->ip6_dst),
  457                             ntohs(uh->uh_dport),
  458                             ip6_sprintf(ip6bufs, &ip6->ip6_src),
  459                             ntohs(uh->uh_sport));
  460                 }
  461                 UDPSTAT_INC(udps_noport);
  462                 if (m->m_flags & M_MCAST) {
  463                         printf("UDP6: M_MCAST is set in a unicast packet.\n");
  464                         UDPSTAT_INC(udps_noportmcast);
  465                         goto badunlocked;
  466                 }
  467                 if (V_udp_blackhole)
  468                         goto badunlocked;
  469                 if (badport_bandlim(BANDLIM_ICMP6_UNREACH) < 0)
  470                         goto badunlocked;
  471                 icmp6_error(m, ICMP6_DST_UNREACH, ICMP6_DST_UNREACH_NOPORT, 0);
  472                 return (IPPROTO_DONE);
  473         }
  474         INP_RLOCK_ASSERT(inp);
  475         up = intoudpcb(inp);
  476         if (cscov_partial) {
  477                 if (up->u_rxcslen == 0 || up->u_rxcslen > ulen) {
  478                         INP_RUNLOCK(inp);
  479                         m_freem(m);
  480                         return (IPPROTO_DONE);
  481                 }
  482         }
  483         UDP_PROBE(receive, NULL, inp, ip6, inp, uh);
  484         udp6_append(inp, m, off, &fromsa);
  485         INP_RUNLOCK(inp);
  486         return (IPPROTO_DONE);
  487 
  488 badheadlocked:
  489         INP_INFO_RUNLOCK(pcbinfo);
  490 badunlocked:
  491         if (m)
  492                 m_freem(m);
  493         return (IPPROTO_DONE);
  494 }
  495 
  496 static void
  497 udp6_common_ctlinput(int cmd, struct sockaddr *sa, void *d,
  498     struct inpcbinfo *pcbinfo)
  499 {
  500         struct udphdr uh;
  501         struct ip6_hdr *ip6;
  502         struct mbuf *m;
  503         int off = 0;
  504         struct ip6ctlparam *ip6cp = NULL;
  505         const struct sockaddr_in6 *sa6_src = NULL;
  506         void *cmdarg;
  507         struct inpcb *(*notify)(struct inpcb *, int) = udp_notify;
  508         struct udp_portonly {
  509                 u_int16_t uh_sport;
  510                 u_int16_t uh_dport;
  511         } *uhp;
  512 
  513         if (sa->sa_family != AF_INET6 ||
  514             sa->sa_len != sizeof(struct sockaddr_in6))
  515                 return;
  516 
  517         if ((unsigned)cmd >= PRC_NCMDS)
  518                 return;
  519         if (PRC_IS_REDIRECT(cmd))
  520                 notify = in6_rtchange, d = NULL;
  521         else if (cmd == PRC_HOSTDEAD)
  522                 d = NULL;
  523         else if (inet6ctlerrmap[cmd] == 0)
  524                 return;
  525 
  526         /* if the parameter is from icmp6, decode it. */
  527         if (d != NULL) {
  528                 ip6cp = (struct ip6ctlparam *)d;
  529                 m = ip6cp->ip6c_m;
  530                 ip6 = ip6cp->ip6c_ip6;
  531                 off = ip6cp->ip6c_off;
  532                 cmdarg = ip6cp->ip6c_cmdarg;
  533                 sa6_src = ip6cp->ip6c_src;
  534         } else {
  535                 m = NULL;
  536                 ip6 = NULL;
  537                 cmdarg = NULL;
  538                 sa6_src = &sa6_any;
  539         }
  540 
  541         if (ip6) {
  542                 /*
  543                  * XXX: We assume that when IPV6 is non NULL,
  544                  * M and OFF are valid.
  545                  */
  546 
  547                 /* Check if we can safely examine src and dst ports. */
  548                 if (m->m_pkthdr.len < off + sizeof(*uhp))
  549                         return;
  550 
  551                 bzero(&uh, sizeof(uh));
  552                 m_copydata(m, off, sizeof(*uhp), (caddr_t)&uh);
  553 
  554                 (void)in6_pcbnotify(pcbinfo, sa, uh.uh_dport,
  555                     (struct sockaddr *)ip6cp->ip6c_src, uh.uh_sport, cmd,
  556                     cmdarg, notify);
  557         } else
  558                 (void)in6_pcbnotify(pcbinfo, sa, 0,
  559                     (const struct sockaddr *)sa6_src, 0, cmd, cmdarg, notify);
  560 }
  561 
  562 void
  563 udp6_ctlinput(int cmd, struct sockaddr *sa, void *d)
  564 {
  565 
  566         return (udp6_common_ctlinput(cmd, sa, d, &V_udbinfo));
  567 }
  568 
  569 void
  570 udplite6_ctlinput(int cmd, struct sockaddr *sa, void *d)
  571 {
  572 
  573         return (udp6_common_ctlinput(cmd, sa, d, &V_ulitecbinfo));
  574 }
  575 
  576 static int
  577 udp6_getcred(SYSCTL_HANDLER_ARGS)
  578 {
  579         struct xucred xuc;
  580         struct sockaddr_in6 addrs[2];
  581         struct inpcb *inp;
  582         int error;
  583 
  584         error = priv_check(req->td, PRIV_NETINET_GETCRED);
  585         if (error)
  586                 return (error);
  587 
  588         if (req->newlen != sizeof(addrs))
  589                 return (EINVAL);
  590         if (req->oldlen != sizeof(struct xucred))
  591                 return (EINVAL);
  592         error = SYSCTL_IN(req, addrs, sizeof(addrs));
  593         if (error)
  594                 return (error);
  595         if ((error = sa6_embedscope(&addrs[0], V_ip6_use_defzone)) != 0 ||
  596             (error = sa6_embedscope(&addrs[1], V_ip6_use_defzone)) != 0) {
  597                 return (error);
  598         }
  599         inp = in6_pcblookup(&V_udbinfo, &addrs[1].sin6_addr,
  600             addrs[1].sin6_port, &addrs[0].sin6_addr, addrs[0].sin6_port,
  601             INPLOOKUP_WILDCARD | INPLOOKUP_RLOCKPCB, NULL);
  602         if (inp != NULL) {
  603                 INP_RLOCK_ASSERT(inp);
  604                 if (inp->inp_socket == NULL)
  605                         error = ENOENT;
  606                 if (error == 0)
  607                         error = cr_canseesocket(req->td->td_ucred,
  608                             inp->inp_socket);
  609                 if (error == 0)
  610                         cru2x(inp->inp_cred, &xuc);
  611                 INP_RUNLOCK(inp);
  612         } else
  613                 error = ENOENT;
  614         if (error == 0)
  615                 error = SYSCTL_OUT(req, &xuc, sizeof(struct xucred));
  616         return (error);
  617 }
  618 
  619 SYSCTL_PROC(_net_inet6_udp6, OID_AUTO, getcred, CTLTYPE_OPAQUE|CTLFLAG_RW, 0,
  620     0, udp6_getcred, "S,xucred", "Get the xucred of a UDP6 connection");
  621 
  622 static int
  623 udp6_output(struct inpcb *inp, struct mbuf *m, struct sockaddr *addr6,
  624     struct mbuf *control, struct thread *td)
  625 {
  626         u_int32_t ulen = m->m_pkthdr.len;
  627         u_int32_t plen = sizeof(struct udphdr) + ulen;
  628         struct ip6_hdr *ip6;
  629         struct udphdr *udp6;
  630         struct in6_addr *laddr, *faddr, in6a;
  631         struct sockaddr_in6 *sin6 = NULL;
  632         struct ifnet *oifp = NULL;
  633         int cscov_partial = 0;
  634         int scope_ambiguous = 0;
  635         u_short fport;
  636         int error = 0;
  637         uint8_t nxt;
  638         uint16_t cscov = 0;
  639         struct ip6_pktopts *optp, opt;
  640         int af = AF_INET6, hlen = sizeof(struct ip6_hdr);
  641         int flags;
  642         struct sockaddr_in6 tmp;
  643 
  644         INP_WLOCK_ASSERT(inp);
  645         INP_HASH_WLOCK_ASSERT(inp->inp_pcbinfo);
  646 
  647         if (addr6) {
  648                 /* addr6 has been validated in udp6_send(). */
  649                 sin6 = (struct sockaddr_in6 *)addr6;
  650 
  651                 /* protect *sin6 from overwrites */
  652                 tmp = *sin6;
  653                 sin6 = &tmp;
  654 
  655                 /*
  656                  * Application should provide a proper zone ID or the use of
  657                  * default zone IDs should be enabled.  Unfortunately, some
  658                  * applications do not behave as it should, so we need a
  659                  * workaround.  Even if an appropriate ID is not determined,
  660                  * we'll see if we can determine the outgoing interface.  If we
  661                  * can, determine the zone ID based on the interface below.
  662                  */
  663                 if (sin6->sin6_scope_id == 0 && !V_ip6_use_defzone)
  664                         scope_ambiguous = 1;
  665                 if ((error = sa6_embedscope(sin6, V_ip6_use_defzone)) != 0)
  666                         return (error);
  667         }
  668 
  669         if (control) {
  670                 if ((error = ip6_setpktopts(control, &opt,
  671                     inp->in6p_outputopts, td->td_ucred, IPPROTO_UDP)) != 0)
  672                         goto release;
  673                 optp = &opt;
  674         } else
  675                 optp = inp->in6p_outputopts;
  676 
  677         if (sin6) {
  678                 faddr = &sin6->sin6_addr;
  679 
  680                 /*
  681                  * Since we saw no essential reason for calling in_pcbconnect,
  682                  * we get rid of such kind of logic, and call in6_selectsrc
  683                  * and in6_pcbsetport in order to fill in the local address
  684                  * and the local port.
  685                  */
  686                 if (sin6->sin6_port == 0) {
  687                         error = EADDRNOTAVAIL;
  688                         goto release;
  689                 }
  690 
  691                 if (!IN6_IS_ADDR_UNSPECIFIED(&inp->in6p_faddr)) {
  692                         /* how about ::ffff:0.0.0.0 case? */
  693                         error = EISCONN;
  694                         goto release;
  695                 }
  696 
  697                 fport = sin6->sin6_port; /* allow 0 port */
  698 
  699                 if (IN6_IS_ADDR_V4MAPPED(faddr)) {
  700                         if ((inp->inp_flags & IN6P_IPV6_V6ONLY)) {
  701                                 /*
  702                                  * I believe we should explicitly discard the
  703                                  * packet when mapped addresses are disabled,
  704                                  * rather than send the packet as an IPv6 one.
  705                                  * If we chose the latter approach, the packet
  706                                  * might be sent out on the wire based on the
  707                                  * default route, the situation which we'd
  708                                  * probably want to avoid.
  709                                  * (20010421 jinmei@kame.net)
  710                                  */
  711                                 error = EINVAL;
  712                                 goto release;
  713                         }
  714                         if (!IN6_IS_ADDR_UNSPECIFIED(&inp->in6p_laddr) &&
  715                             !IN6_IS_ADDR_V4MAPPED(&inp->in6p_laddr)) {
  716                                 /*
  717                                  * when remote addr is an IPv4-mapped address,
  718                                  * local addr should not be an IPv6 address,
  719                                  * since you cannot determine how to map IPv6
  720                                  * source address to IPv4.
  721                                  */
  722                                 error = EINVAL;
  723                                 goto release;
  724                         }
  725 
  726                         af = AF_INET;
  727                 }
  728 
  729                 if (!IN6_IS_ADDR_V4MAPPED(faddr)) {
  730                         error = in6_selectsrc(sin6, optp, inp, NULL,
  731                             td->td_ucred, &oifp, &in6a);
  732                         if (error)
  733                                 goto release;
  734                         if (oifp && scope_ambiguous &&
  735                             (error = in6_setscope(&sin6->sin6_addr,
  736                             oifp, NULL))) {
  737                                 goto release;
  738                         }
  739                         laddr = &in6a;
  740                 } else
  741                         laddr = &inp->in6p_laddr;       /* XXX */
  742                 if (laddr == NULL) {
  743                         if (error == 0)
  744                                 error = EADDRNOTAVAIL;
  745                         goto release;
  746                 }
  747                 if (inp->inp_lport == 0 &&
  748                     (error = in6_pcbsetport(laddr, inp, td->td_ucred)) != 0) {
  749                         /* Undo an address bind that may have occurred. */
  750                         inp->in6p_laddr = in6addr_any;
  751                         goto release;
  752                 }
  753         } else {
  754                 if (IN6_IS_ADDR_UNSPECIFIED(&inp->in6p_faddr)) {
  755                         error = ENOTCONN;
  756                         goto release;
  757                 }
  758                 if (IN6_IS_ADDR_V4MAPPED(&inp->in6p_faddr)) {
  759                         if ((inp->inp_flags & IN6P_IPV6_V6ONLY)) {
  760                                 /*
  761                                  * XXX: this case would happen when the
  762                                  * application sets the V6ONLY flag after
  763                                  * connecting the foreign address.
  764                                  * Such applications should be fixed,
  765                                  * so we bark here.
  766                                  */
  767                                 log(LOG_INFO, "udp6_output: IPV6_V6ONLY "
  768                                     "option was set for a connected socket\n");
  769                                 error = EINVAL;
  770                                 goto release;
  771                         } else
  772                                 af = AF_INET;
  773                 }
  774                 laddr = &inp->in6p_laddr;
  775                 faddr = &inp->in6p_faddr;
  776                 fport = inp->inp_fport;
  777         }
  778 
  779         if (af == AF_INET)
  780                 hlen = sizeof(struct ip);
  781 
  782         /*
  783          * Calculate data length and get a mbuf
  784          * for UDP and IP6 headers.
  785          */
  786         M_PREPEND(m, hlen + sizeof(struct udphdr), M_NOWAIT);
  787         if (m == 0) {
  788                 error = ENOBUFS;
  789                 goto release;
  790         }
  791 
  792         /*
  793          * Stuff checksum and output datagram.
  794          */
  795         nxt = (inp->inp_socket->so_proto->pr_protocol == IPPROTO_UDP) ?
  796             IPPROTO_UDP : IPPROTO_UDPLITE;
  797         udp6 = (struct udphdr *)(mtod(m, caddr_t) + hlen);
  798         udp6->uh_sport = inp->inp_lport; /* lport is always set in the PCB */
  799         udp6->uh_dport = fport;
  800         if (nxt == IPPROTO_UDPLITE) {
  801                 struct udpcb *up;
  802 
  803                 up = intoudpcb(inp);
  804                 cscov = up->u_txcslen;
  805                 if (cscov >= plen)
  806                         cscov = 0;
  807                 udp6->uh_ulen = htons(cscov);
  808                 /*
  809                  * For UDP-Lite, checksum coverage length of zero means
  810                  * the entire UDPLite packet is covered by the checksum.
  811                  */
  812                 cscov_partial = (cscov == 0) ? 0 : 1;
  813         } else if (plen <= 0xffff)
  814                 udp6->uh_ulen = htons((u_short)plen);
  815         else
  816                 udp6->uh_ulen = 0;
  817         udp6->uh_sum = 0;
  818 
  819         switch (af) {
  820         case AF_INET6:
  821                 ip6 = mtod(m, struct ip6_hdr *);
  822                 ip6->ip6_flow   = inp->inp_flow & IPV6_FLOWINFO_MASK;
  823                 ip6->ip6_vfc    &= ~IPV6_VERSION_MASK;
  824                 ip6->ip6_vfc    |= IPV6_VERSION;
  825                 ip6->ip6_plen   = htons((u_short)plen);
  826                 ip6->ip6_nxt    = nxt;
  827                 ip6->ip6_hlim   = in6_selecthlim(inp, NULL);
  828                 ip6->ip6_src    = *laddr;
  829                 ip6->ip6_dst    = *faddr;
  830 
  831                 if (cscov_partial) {
  832                         if ((udp6->uh_sum = in6_cksum_partial(m, nxt,
  833                             sizeof(struct ip6_hdr), plen, cscov)) == 0)
  834                                 udp6->uh_sum = 0xffff;
  835                 } else {
  836                         udp6->uh_sum = in6_cksum_pseudo(ip6, plen, nxt, 0);
  837                         m->m_pkthdr.csum_flags = CSUM_UDP_IPV6;
  838                         m->m_pkthdr.csum_data = offsetof(struct udphdr, uh_sum);
  839                 }
  840 
  841                 flags = 0;
  842 
  843                 UDP_PROBE(send, NULL, inp, ip6, inp, udp6);
  844                 UDPSTAT_INC(udps_opackets);
  845                 error = ip6_output(m, optp, NULL, flags, inp->in6p_moptions,
  846                     NULL, inp);
  847                 break;
  848         case AF_INET:
  849                 error = EAFNOSUPPORT;
  850                 goto release;
  851         }
  852         goto releaseopt;
  853 
  854 release:
  855         m_freem(m);
  856 
  857 releaseopt:
  858         if (control) {
  859                 ip6_clearpktopts(&opt, -1);
  860                 m_freem(control);
  861         }
  862         return (error);
  863 }
  864 
  865 static void
  866 udp6_abort(struct socket *so)
  867 {
  868         struct inpcb *inp;
  869         struct inpcbinfo *pcbinfo;
  870 
  871         pcbinfo = get_inpcbinfo(so->so_proto->pr_protocol);
  872         inp = sotoinpcb(so);
  873         KASSERT(inp != NULL, ("udp6_abort: inp == NULL"));
  874 
  875 #ifdef INET
  876         if (inp->inp_vflag & INP_IPV4) {
  877                 struct pr_usrreqs *pru;
  878 
  879                 pru = inetsw[ip_protox[IPPROTO_UDP]].pr_usrreqs;
  880                 (*pru->pru_abort)(so);
  881                 return;
  882         }
  883 #endif
  884 
  885         INP_WLOCK(inp);
  886         if (!IN6_IS_ADDR_UNSPECIFIED(&inp->in6p_faddr)) {
  887                 INP_HASH_WLOCK(pcbinfo);
  888                 in6_pcbdisconnect(inp);
  889                 inp->in6p_laddr = in6addr_any;
  890                 INP_HASH_WUNLOCK(pcbinfo);
  891                 soisdisconnected(so);
  892         }
  893         INP_WUNLOCK(inp);
  894 }
  895 
  896 static int
  897 udp6_attach(struct socket *so, int proto, struct thread *td)
  898 {
  899         struct inpcb *inp;
  900         struct inpcbinfo *pcbinfo;
  901         int error;
  902 
  903         pcbinfo = get_inpcbinfo(so->so_proto->pr_protocol);
  904         inp = sotoinpcb(so);
  905         KASSERT(inp == NULL, ("udp6_attach: inp != NULL"));
  906 
  907         if (so->so_snd.sb_hiwat == 0 || so->so_rcv.sb_hiwat == 0) {
  908                 error = soreserve(so, udp_sendspace, udp_recvspace);
  909                 if (error)
  910                         return (error);
  911         }
  912         INP_INFO_WLOCK(pcbinfo);
  913         error = in_pcballoc(so, pcbinfo);
  914         if (error) {
  915                 INP_INFO_WUNLOCK(pcbinfo);
  916                 return (error);
  917         }
  918         inp = (struct inpcb *)so->so_pcb;
  919         inp->inp_vflag |= INP_IPV6;
  920         if ((inp->inp_flags & IN6P_IPV6_V6ONLY) == 0)
  921                 inp->inp_vflag |= INP_IPV4;
  922         inp->in6p_hops = -1;    /* use kernel default */
  923         inp->in6p_cksum = -1;   /* just to be sure */
  924         /*
  925          * XXX: ugly!!
  926          * IPv4 TTL initialization is necessary for an IPv6 socket as well,
  927          * because the socket may be bound to an IPv6 wildcard address,
  928          * which may match an IPv4-mapped IPv6 address.
  929          */
  930         inp->inp_ip_ttl = V_ip_defttl;
  931 
  932         error = udp_newudpcb(inp);
  933         if (error) {
  934                 in_pcbdetach(inp);
  935                 in_pcbfree(inp);
  936                 INP_INFO_WUNLOCK(pcbinfo);
  937                 return (error);
  938         }
  939         INP_WUNLOCK(inp);
  940         INP_INFO_WUNLOCK(pcbinfo);
  941         return (0);
  942 }
  943 
  944 static int
  945 udp6_bind(struct socket *so, struct sockaddr *nam, struct thread *td)
  946 {
  947         struct inpcb *inp;
  948         struct inpcbinfo *pcbinfo;
  949         int error;
  950         u_char vflagsav;
  951 
  952         pcbinfo = get_inpcbinfo(so->so_proto->pr_protocol);
  953         inp = sotoinpcb(so);
  954         KASSERT(inp != NULL, ("udp6_bind: inp == NULL"));
  955 
  956         INP_WLOCK(inp);
  957         INP_HASH_WLOCK(pcbinfo);
  958         vflagsav = inp->inp_vflag;
  959         inp->inp_vflag &= ~INP_IPV4;
  960         inp->inp_vflag |= INP_IPV6;
  961         if ((inp->inp_flags & IN6P_IPV6_V6ONLY) == 0) {
  962                 struct sockaddr_in6 *sin6_p;
  963 
  964                 sin6_p = (struct sockaddr_in6 *)nam;
  965 
  966                 if (IN6_IS_ADDR_UNSPECIFIED(&sin6_p->sin6_addr))
  967                         inp->inp_vflag |= INP_IPV4;
  968 #ifdef INET
  969                 else if (IN6_IS_ADDR_V4MAPPED(&sin6_p->sin6_addr)) {
  970                         struct sockaddr_in sin;
  971 
  972                         in6_sin6_2_sin(&sin, sin6_p);
  973                         inp->inp_vflag |= INP_IPV4;
  974                         inp->inp_vflag &= ~INP_IPV6;
  975                         error = in_pcbbind(inp, (struct sockaddr *)&sin,
  976                             td->td_ucred);
  977                         goto out;
  978                 }
  979 #endif
  980         }
  981 
  982         error = in6_pcbbind(inp, nam, td->td_ucred);
  983 #ifdef INET
  984 out:
  985 #endif
  986         if (error != 0)
  987                 inp->inp_vflag = vflagsav;
  988         INP_HASH_WUNLOCK(pcbinfo);
  989         INP_WUNLOCK(inp);
  990         return (error);
  991 }
  992 
  993 static void
  994 udp6_close(struct socket *so)
  995 {
  996         struct inpcb *inp;
  997         struct inpcbinfo *pcbinfo;
  998 
  999         pcbinfo = get_inpcbinfo(so->so_proto->pr_protocol);
 1000         inp = sotoinpcb(so);
 1001         KASSERT(inp != NULL, ("udp6_close: inp == NULL"));
 1002 
 1003 #ifdef INET
 1004         if (inp->inp_vflag & INP_IPV4) {
 1005                 struct pr_usrreqs *pru;
 1006 
 1007                 pru = inetsw[ip_protox[IPPROTO_UDP]].pr_usrreqs;
 1008                 (*pru->pru_disconnect)(so);
 1009                 return;
 1010         }
 1011 #endif
 1012         INP_WLOCK(inp);
 1013         if (!IN6_IS_ADDR_UNSPECIFIED(&inp->in6p_faddr)) {
 1014                 INP_HASH_WLOCK(pcbinfo);
 1015                 in6_pcbdisconnect(inp);
 1016                 inp->in6p_laddr = in6addr_any;
 1017                 INP_HASH_WUNLOCK(pcbinfo);
 1018                 soisdisconnected(so);
 1019         }
 1020         INP_WUNLOCK(inp);
 1021 }
 1022 
 1023 static int
 1024 udp6_connect(struct socket *so, struct sockaddr *nam, struct thread *td)
 1025 {
 1026         struct inpcb *inp;
 1027         struct inpcbinfo *pcbinfo;
 1028         struct sockaddr_in6 *sin6;
 1029         int error;
 1030         u_char vflagsav;
 1031 
 1032         pcbinfo = get_inpcbinfo(so->so_proto->pr_protocol);
 1033         inp = sotoinpcb(so);
 1034         sin6 = (struct sockaddr_in6 *)nam;
 1035         KASSERT(inp != NULL, ("udp6_connect: inp == NULL"));
 1036 
 1037         /*
 1038          * XXXRW: Need to clarify locking of v4/v6 flags.
 1039          */
 1040         INP_WLOCK(inp);
 1041 #ifdef INET
 1042         if (IN6_IS_ADDR_V4MAPPED(&sin6->sin6_addr)) {
 1043                 struct sockaddr_in sin;
 1044 
 1045                 if ((inp->inp_flags & IN6P_IPV6_V6ONLY) != 0) {
 1046                         error = EINVAL;
 1047                         goto out;
 1048                 }
 1049                 if (inp->inp_faddr.s_addr != INADDR_ANY) {
 1050                         error = EISCONN;
 1051                         goto out;
 1052                 }
 1053                 in6_sin6_2_sin(&sin, sin6);
 1054                 error = prison_remote_ip4(td->td_ucred, &sin.sin_addr);
 1055                 if (error != 0)
 1056                         goto out;
 1057                 vflagsav = inp->inp_vflag;
 1058                 inp->inp_vflag |= INP_IPV4;
 1059                 inp->inp_vflag &= ~INP_IPV6;
 1060                 INP_HASH_WLOCK(pcbinfo);
 1061                 error = in_pcbconnect(inp, (struct sockaddr *)&sin,
 1062                     td->td_ucred);
 1063                 INP_HASH_WUNLOCK(pcbinfo);
 1064                 /*
 1065                  * If connect succeeds, mark socket as connected. If
 1066                  * connect fails and socket is unbound, reset inp_vflag
 1067                  * field.
 1068                  */
 1069                 if (error == 0)
 1070                         soisconnected(so);
 1071                 else if (inp->inp_laddr.s_addr == INADDR_ANY &&
 1072                     inp->inp_lport == 0)
 1073                         inp->inp_vflag = vflagsav;
 1074                 goto out;
 1075         }
 1076 #endif
 1077         if (!IN6_IS_ADDR_UNSPECIFIED(&inp->in6p_faddr)) {
 1078                 error = EISCONN;
 1079                 goto out;
 1080         }
 1081         error = prison_remote_ip6(td->td_ucred, &sin6->sin6_addr);
 1082         if (error != 0)
 1083                 goto out;
 1084         vflagsav = inp->inp_vflag;
 1085         inp->inp_vflag &= ~INP_IPV4;
 1086         inp->inp_vflag |= INP_IPV6;
 1087         INP_HASH_WLOCK(pcbinfo);
 1088         error = in6_pcbconnect(inp, nam, td->td_ucred);
 1089         INP_HASH_WUNLOCK(pcbinfo);
 1090         /*
 1091          * If connect succeeds, mark socket as connected. If
 1092          * connect fails and socket is unbound, reset inp_vflag
 1093          * field.
 1094          */
 1095         if (error == 0)
 1096                 soisconnected(so);
 1097         else if (IN6_IS_ADDR_UNSPECIFIED(&inp->in6p_laddr) &&
 1098             inp->inp_lport == 0)
 1099                 inp->inp_vflag = vflagsav;
 1100 out:
 1101         INP_WUNLOCK(inp);
 1102         return (error);
 1103 }
 1104 
 1105 static void
 1106 udp6_detach(struct socket *so)
 1107 {
 1108         struct inpcb *inp;
 1109         struct inpcbinfo *pcbinfo;
 1110         struct udpcb *up;
 1111 
 1112         pcbinfo = get_inpcbinfo(so->so_proto->pr_protocol);
 1113         inp = sotoinpcb(so);
 1114         KASSERT(inp != NULL, ("udp6_detach: inp == NULL"));
 1115 
 1116         INP_INFO_WLOCK(pcbinfo);
 1117         INP_WLOCK(inp);
 1118         up = intoudpcb(inp);
 1119         KASSERT(up != NULL, ("%s: up == NULL", __func__));
 1120         in_pcbdetach(inp);
 1121         in_pcbfree(inp);
 1122         INP_INFO_WUNLOCK(pcbinfo);
 1123         udp_discardcb(up);
 1124 }
 1125 
 1126 static int
 1127 udp6_disconnect(struct socket *so)
 1128 {
 1129         struct inpcb *inp;
 1130         struct inpcbinfo *pcbinfo;
 1131         int error;
 1132 
 1133         pcbinfo = get_inpcbinfo(so->so_proto->pr_protocol);
 1134         inp = sotoinpcb(so);
 1135         KASSERT(inp != NULL, ("udp6_disconnect: inp == NULL"));
 1136 
 1137 #ifdef INET
 1138         if (inp->inp_vflag & INP_IPV4) {
 1139                 struct pr_usrreqs *pru;
 1140 
 1141                 pru = inetsw[ip_protox[IPPROTO_UDP]].pr_usrreqs;
 1142                 (void)(*pru->pru_disconnect)(so);
 1143                 return (0);
 1144         }
 1145 #endif
 1146 
 1147         INP_WLOCK(inp);
 1148 
 1149         if (IN6_IS_ADDR_UNSPECIFIED(&inp->in6p_faddr)) {
 1150                 error = ENOTCONN;
 1151                 goto out;
 1152         }
 1153 
 1154         INP_HASH_WLOCK(pcbinfo);
 1155         in6_pcbdisconnect(inp);
 1156         inp->in6p_laddr = in6addr_any;
 1157         INP_HASH_WUNLOCK(pcbinfo);
 1158         SOCK_LOCK(so);
 1159         so->so_state &= ~SS_ISCONNECTED;                /* XXX */
 1160         SOCK_UNLOCK(so);
 1161 out:
 1162         INP_WUNLOCK(inp);
 1163         return (0);
 1164 }
 1165 
 1166 static int
 1167 udp6_send(struct socket *so, int flags, struct mbuf *m,
 1168     struct sockaddr *addr, struct mbuf *control, struct thread *td)
 1169 {
 1170         struct inpcb *inp;
 1171         struct inpcbinfo *pcbinfo;
 1172         int error = 0;
 1173 
 1174         pcbinfo = get_inpcbinfo(so->so_proto->pr_protocol);
 1175         inp = sotoinpcb(so);
 1176         KASSERT(inp != NULL, ("udp6_send: inp == NULL"));
 1177 
 1178         INP_WLOCK(inp);
 1179         if (addr) {
 1180                 if (addr->sa_len != sizeof(struct sockaddr_in6)) {
 1181                         error = EINVAL;
 1182                         goto bad;
 1183                 }
 1184                 if (addr->sa_family != AF_INET6) {
 1185                         error = EAFNOSUPPORT;
 1186                         goto bad;
 1187                 }
 1188         }
 1189 
 1190 #ifdef INET
 1191         if ((inp->inp_flags & IN6P_IPV6_V6ONLY) == 0) {
 1192                 int hasv4addr;
 1193                 struct sockaddr_in6 *sin6 = 0;
 1194 
 1195                 if (addr == 0)
 1196                         hasv4addr = (inp->inp_vflag & INP_IPV4);
 1197                 else {
 1198                         sin6 = (struct sockaddr_in6 *)addr;
 1199                         hasv4addr = IN6_IS_ADDR_V4MAPPED(&sin6->sin6_addr)
 1200                             ? 1 : 0;
 1201                 }
 1202                 if (hasv4addr) {
 1203                         struct pr_usrreqs *pru;
 1204 
 1205                         /*
 1206                          * XXXRW: We release UDP-layer locks before calling
 1207                          * udp_send() in order to avoid recursion.  However,
 1208                          * this does mean there is a short window where inp's
 1209                          * fields are unstable.  Could this lead to a
 1210                          * potential race in which the factors causing us to
 1211                          * select the UDPv4 output routine are invalidated?
 1212                          */
 1213                         INP_WUNLOCK(inp);
 1214                         if (sin6)
 1215                                 in6_sin6_2_sin_in_sock(addr);
 1216                         pru = inetsw[ip_protox[IPPROTO_UDP]].pr_usrreqs;
 1217                         /* addr will just be freed in sendit(). */
 1218                         return ((*pru->pru_send)(so, flags, m, addr, control,
 1219                             td));
 1220                 }
 1221         }
 1222 #endif
 1223 #ifdef MAC
 1224         mac_inpcb_create_mbuf(inp, m);
 1225 #endif
 1226         INP_HASH_WLOCK(pcbinfo);
 1227         error = udp6_output(inp, m, addr, control, td);
 1228         INP_HASH_WUNLOCK(pcbinfo);
 1229 #ifdef INET
 1230 #endif  
 1231         INP_WUNLOCK(inp);
 1232         return (error);
 1233 
 1234 bad:
 1235         INP_WUNLOCK(inp);
 1236         m_freem(m);
 1237         return (error);
 1238 }
 1239 
 1240 struct pr_usrreqs udp6_usrreqs = {
 1241         .pru_abort =            udp6_abort,
 1242         .pru_attach =           udp6_attach,
 1243         .pru_bind =             udp6_bind,
 1244         .pru_connect =          udp6_connect,
 1245         .pru_control =          in6_control,
 1246         .pru_detach =           udp6_detach,
 1247         .pru_disconnect =       udp6_disconnect,
 1248         .pru_peeraddr =         in6_mapped_peeraddr,
 1249         .pru_send =             udp6_send,
 1250         .pru_shutdown =         udp_shutdown,
 1251         .pru_sockaddr =         in6_mapped_sockaddr,
 1252         .pru_soreceive =        soreceive_dgram,
 1253         .pru_sosend =           sosend_dgram,
 1254         .pru_sosetlabel =       in_pcbsosetlabel,
 1255         .pru_close =            udp6_close
 1256 };

Cache object: 021f678c7bbce47f50cf49dd55f2c3e5


[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]


This page is part of the FreeBSD/Linux Linux Kernel Cross-Reference, and was automatically generated using a modified version of the LXR engine.