1 /*-
2 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
3 * Copyright (c) 2010-2011 Juniper Networks, Inc.
4 * Copyright (c) 2014 Kevin Lo
5 * All rights reserved.
6 *
7 * Portions of this software were developed by Robert N. M. Watson under
8 * contract to Juniper Networks, Inc.
9 *
10 * Redistribution and use in source and binary forms, with or without
11 * modification, are permitted provided that the following conditions
12 * are met:
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in the
17 * documentation and/or other materials provided with the distribution.
18 * 3. Neither the name of the project nor the names of its contributors
19 * may be used to endorse or promote products derived from this software
20 * without specific prior written permission.
21 *
22 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
23 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
24 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
25 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
26 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
27 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
28 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
29 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
30 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
31 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
32 * SUCH DAMAGE.
33 *
34 * $KAME: udp6_usrreq.c,v 1.27 2001/05/21 05:45:10 jinmei Exp $
35 * $KAME: udp6_output.c,v 1.31 2001/05/21 16:39:15 jinmei Exp $
36 */
37
38 /*-
39 * Copyright (c) 1982, 1986, 1988, 1990, 1993, 1995
40 * The Regents of the University of California.
41 * All rights reserved.
42 *
43 * Redistribution and use in source and binary forms, with or without
44 * modification, are permitted provided that the following conditions
45 * are met:
46 * 1. Redistributions of source code must retain the above copyright
47 * notice, this list of conditions and the following disclaimer.
48 * 2. Redistributions in binary form must reproduce the above copyright
49 * notice, this list of conditions and the following disclaimer in the
50 * documentation and/or other materials provided with the distribution.
51 * 4. Neither the name of the University nor the names of its contributors
52 * may be used to endorse or promote products derived from this software
53 * without specific prior written permission.
54 *
55 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
56 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
57 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
58 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
59 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
60 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
61 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
62 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
63 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
64 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
65 * SUCH DAMAGE.
66 *
67 * @(#)udp_usrreq.c 8.6 (Berkeley) 5/23/95
68 */
69
70 #include <sys/cdefs.h>
71 __FBSDID("$FreeBSD: releng/11.1/sys/netinet6/udp6_usrreq.c 338980 2018-09-27 18:34:42Z gordon $");
72
73 #include "opt_inet.h"
74 #include "opt_inet6.h"
75 #include "opt_ipsec.h"
76 #include "opt_rss.h"
77
78 #include <sys/param.h>
79 #include <sys/jail.h>
80 #include <sys/kernel.h>
81 #include <sys/lock.h>
82 #include <sys/mbuf.h>
83 #include <sys/priv.h>
84 #include <sys/proc.h>
85 #include <sys/protosw.h>
86 #include <sys/sdt.h>
87 #include <sys/signalvar.h>
88 #include <sys/socket.h>
89 #include <sys/socketvar.h>
90 #include <sys/sx.h>
91 #include <sys/sysctl.h>
92 #include <sys/syslog.h>
93 #include <sys/systm.h>
94
95 #include <net/if.h>
96 #include <net/if_var.h>
97 #include <net/if_types.h>
98 #include <net/route.h>
99 #include <net/rss_config.h>
100
101 #include <netinet/in.h>
102 #include <netinet/in_kdtrace.h>
103 #include <netinet/in_pcb.h>
104 #include <netinet/in_systm.h>
105 #include <netinet/in_var.h>
106 #include <netinet/ip.h>
107 #include <netinet/ip_icmp.h>
108 #include <netinet/ip6.h>
109 #include <netinet/icmp_var.h>
110 #include <netinet/icmp6.h>
111 #include <netinet/ip_var.h>
112 #include <netinet/udp.h>
113 #include <netinet/udp_var.h>
114 #include <netinet/udplite.h>
115
116 #include <netinet6/ip6protosw.h>
117 #include <netinet6/ip6_var.h>
118 #include <netinet6/in6_pcb.h>
119 #include <netinet6/in6_rss.h>
120 #include <netinet6/udp6_var.h>
121 #include <netinet6/scope6_var.h>
122
123 #include <netipsec/ipsec_support.h>
124
125 #include <security/mac/mac_framework.h>
126
127 /*
128 * UDP protocol implementation.
129 * Per RFC 768, August, 1980.
130 */
131
132 extern struct protosw inetsw[];
133 static void udp6_detach(struct socket *so);
134
135 static int
136 udp6_append(struct inpcb *inp, struct mbuf *n, int off,
137 struct sockaddr_in6 *fromsa)
138 {
139 struct socket *so;
140 struct mbuf *opts;
141 struct udpcb *up;
142
143 INP_LOCK_ASSERT(inp);
144
145 /*
146 * Engage the tunneling protocol.
147 */
148 up = intoudpcb(inp);
149 if (up->u_tun_func != NULL) {
150 in_pcbref(inp);
151 INP_RUNLOCK(inp);
152 (*up->u_tun_func)(n, off, inp, (struct sockaddr *)fromsa,
153 up->u_tun_ctx);
154 INP_RLOCK(inp);
155 return (in_pcbrele_rlocked(inp));
156 }
157 #if defined(IPSEC) || defined(IPSEC_SUPPORT)
158 /* Check AH/ESP integrity. */
159 if (IPSEC_ENABLED(ipv6)) {
160 if (IPSEC_CHECK_POLICY(ipv6, n, inp) != 0) {
161 m_freem(n);
162 return (0);
163 }
164 }
165 #endif /* IPSEC */
166 #ifdef MAC
167 if (mac_inpcb_check_deliver(inp, n) != 0) {
168 m_freem(n);
169 return (0);
170 }
171 #endif
172 opts = NULL;
173 if (inp->inp_flags & INP_CONTROLOPTS ||
174 inp->inp_socket->so_options & SO_TIMESTAMP)
175 ip6_savecontrol(inp, n, &opts);
176 m_adj(n, off + sizeof(struct udphdr));
177
178 so = inp->inp_socket;
179 SOCKBUF_LOCK(&so->so_rcv);
180 if (sbappendaddr_locked(&so->so_rcv, (struct sockaddr *)fromsa, n,
181 opts) == 0) {
182 SOCKBUF_UNLOCK(&so->so_rcv);
183 m_freem(n);
184 if (opts)
185 m_freem(opts);
186 UDPSTAT_INC(udps_fullsock);
187 } else
188 sorwakeup_locked(so);
189 return (0);
190 }
191
192 int
193 udp6_input(struct mbuf **mp, int *offp, int proto)
194 {
195 struct mbuf *m = *mp;
196 struct ifnet *ifp;
197 struct ip6_hdr *ip6;
198 struct udphdr *uh;
199 struct inpcb *inp;
200 struct inpcbinfo *pcbinfo;
201 struct udpcb *up;
202 int off = *offp;
203 int cscov_partial;
204 int plen, ulen;
205 struct sockaddr_in6 fromsa;
206 struct m_tag *fwd_tag;
207 uint16_t uh_sum;
208 uint8_t nxt;
209
210 ifp = m->m_pkthdr.rcvif;
211 ip6 = mtod(m, struct ip6_hdr *);
212
213 #ifndef PULLDOWN_TEST
214 IP6_EXTHDR_CHECK(m, off, sizeof(struct udphdr), IPPROTO_DONE);
215 ip6 = mtod(m, struct ip6_hdr *);
216 uh = (struct udphdr *)((caddr_t)ip6 + off);
217 #else
218 IP6_EXTHDR_GET(uh, struct udphdr *, m, off, sizeof(*uh));
219 if (!uh)
220 return (IPPROTO_DONE);
221 #endif
222
223 UDPSTAT_INC(udps_ipackets);
224
225 /*
226 * Destination port of 0 is illegal, based on RFC768.
227 */
228 if (uh->uh_dport == 0)
229 goto badunlocked;
230
231 plen = ntohs(ip6->ip6_plen) - off + sizeof(*ip6);
232 ulen = ntohs((u_short)uh->uh_ulen);
233
234 nxt = proto;
235 cscov_partial = (nxt == IPPROTO_UDPLITE) ? 1 : 0;
236 if (nxt == IPPROTO_UDPLITE) {
237 /* Zero means checksum over the complete packet. */
238 if (ulen == 0)
239 ulen = plen;
240 if (ulen == plen)
241 cscov_partial = 0;
242 if ((ulen < sizeof(struct udphdr)) || (ulen > plen)) {
243 /* XXX: What is the right UDPLite MIB counter? */
244 goto badunlocked;
245 }
246 if (uh->uh_sum == 0) {
247 /* XXX: What is the right UDPLite MIB counter? */
248 goto badunlocked;
249 }
250 } else {
251 if ((ulen < sizeof(struct udphdr)) || (plen != ulen)) {
252 UDPSTAT_INC(udps_badlen);
253 goto badunlocked;
254 }
255 if (uh->uh_sum == 0) {
256 UDPSTAT_INC(udps_nosum);
257 goto badunlocked;
258 }
259 }
260
261 if ((m->m_pkthdr.csum_flags & CSUM_DATA_VALID_IPV6) &&
262 !cscov_partial) {
263 if (m->m_pkthdr.csum_flags & CSUM_PSEUDO_HDR)
264 uh_sum = m->m_pkthdr.csum_data;
265 else
266 uh_sum = in6_cksum_pseudo(ip6, ulen, nxt,
267 m->m_pkthdr.csum_data);
268 uh_sum ^= 0xffff;
269 } else
270 uh_sum = in6_cksum_partial(m, nxt, off, plen, ulen);
271
272 if (uh_sum != 0) {
273 UDPSTAT_INC(udps_badsum);
274 goto badunlocked;
275 }
276
277 /*
278 * Construct sockaddr format source address.
279 */
280 init_sin6(&fromsa, m);
281 fromsa.sin6_port = uh->uh_sport;
282
283 pcbinfo = udp_get_inpcbinfo(nxt);
284 if (IN6_IS_ADDR_MULTICAST(&ip6->ip6_dst)) {
285 struct inpcb *last;
286 struct inpcbhead *pcblist;
287 struct ip6_moptions *imo;
288
289 INP_INFO_RLOCK(pcbinfo);
290 /*
291 * In the event that laddr should be set to the link-local
292 * address (this happens in RIPng), the multicast address
293 * specified in the received packet will not match laddr. To
294 * handle this situation, matching is relaxed if the
295 * receiving interface is the same as one specified in the
296 * socket and if the destination multicast address matches
297 * one of the multicast groups specified in the socket.
298 */
299
300 /*
301 * KAME note: traditionally we dropped udpiphdr from mbuf
302 * here. We need udphdr for IPsec processing so we do that
303 * later.
304 */
305 pcblist = udp_get_pcblist(nxt);
306 last = NULL;
307 LIST_FOREACH(inp, pcblist, inp_list) {
308 if ((inp->inp_vflag & INP_IPV6) == 0)
309 continue;
310 if (inp->inp_lport != uh->uh_dport)
311 continue;
312 if (inp->inp_fport != 0 &&
313 inp->inp_fport != uh->uh_sport)
314 continue;
315 if (!IN6_IS_ADDR_UNSPECIFIED(&inp->in6p_laddr)) {
316 if (!IN6_ARE_ADDR_EQUAL(&inp->in6p_laddr,
317 &ip6->ip6_dst))
318 continue;
319 }
320 if (!IN6_IS_ADDR_UNSPECIFIED(&inp->in6p_faddr)) {
321 if (!IN6_ARE_ADDR_EQUAL(&inp->in6p_faddr,
322 &ip6->ip6_src) ||
323 inp->inp_fport != uh->uh_sport)
324 continue;
325 }
326
327 /*
328 * XXXRW: Because we weren't holding either the inpcb
329 * or the hash lock when we checked for a match
330 * before, we should probably recheck now that the
331 * inpcb lock is (supposed to be) held.
332 */
333
334 /*
335 * Handle socket delivery policy for any-source
336 * and source-specific multicast. [RFC3678]
337 */
338 imo = inp->in6p_moptions;
339 if (imo && IN6_IS_ADDR_MULTICAST(&ip6->ip6_dst)) {
340 struct sockaddr_in6 mcaddr;
341 int blocked;
342
343 INP_RLOCK(inp);
344
345 bzero(&mcaddr, sizeof(struct sockaddr_in6));
346 mcaddr.sin6_len = sizeof(struct sockaddr_in6);
347 mcaddr.sin6_family = AF_INET6;
348 mcaddr.sin6_addr = ip6->ip6_dst;
349
350 blocked = im6o_mc_filter(imo, ifp,
351 (struct sockaddr *)&mcaddr,
352 (struct sockaddr *)&fromsa);
353 if (blocked != MCAST_PASS) {
354 if (blocked == MCAST_NOTGMEMBER)
355 IP6STAT_INC(ip6s_notmember);
356 if (blocked == MCAST_NOTSMEMBER ||
357 blocked == MCAST_MUTED)
358 UDPSTAT_INC(udps_filtermcast);
359 INP_RUNLOCK(inp); /* XXX */
360 continue;
361 }
362
363 INP_RUNLOCK(inp);
364 }
365 if (last != NULL) {
366 struct mbuf *n;
367
368 if ((n = m_copy(m, 0, M_COPYALL)) != NULL) {
369 INP_RLOCK(last);
370 UDP_PROBE(receive, NULL, last, ip6,
371 last, uh);
372 if (udp6_append(last, n, off, &fromsa))
373 goto inp_lost;
374 INP_RUNLOCK(last);
375 }
376 }
377 last = inp;
378 /*
379 * Don't look for additional matches if this one does
380 * not have either the SO_REUSEPORT or SO_REUSEADDR
381 * socket options set. This heuristic avoids
382 * searching through all pcbs in the common case of a
383 * non-shared port. It assumes that an application
384 * will never clear these options after setting them.
385 */
386 if ((last->inp_socket->so_options &
387 (SO_REUSEPORT|SO_REUSEADDR)) == 0)
388 break;
389 }
390
391 if (last == NULL) {
392 /*
393 * No matching pcb found; discard datagram. (No need
394 * to send an ICMP Port Unreachable for a broadcast
395 * or multicast datgram.)
396 */
397 UDPSTAT_INC(udps_noport);
398 UDPSTAT_INC(udps_noportmcast);
399 goto badheadlocked;
400 }
401 INP_RLOCK(last);
402 INP_INFO_RUNLOCK(pcbinfo);
403 UDP_PROBE(receive, NULL, last, ip6, last, uh);
404 if (udp6_append(last, m, off, &fromsa) == 0)
405 INP_RUNLOCK(last);
406 inp_lost:
407 return (IPPROTO_DONE);
408 }
409 /*
410 * Locate pcb for datagram.
411 */
412
413 /*
414 * Grab info from PACKET_TAG_IPFORWARD tag prepended to the chain.
415 */
416 if ((m->m_flags & M_IP6_NEXTHOP) &&
417 (fwd_tag = m_tag_find(m, PACKET_TAG_IPFORWARD, NULL)) != NULL) {
418 struct sockaddr_in6 *next_hop6;
419
420 next_hop6 = (struct sockaddr_in6 *)(fwd_tag + 1);
421
422 /*
423 * Transparently forwarded. Pretend to be the destination.
424 * Already got one like this?
425 */
426 inp = in6_pcblookup_mbuf(pcbinfo, &ip6->ip6_src,
427 uh->uh_sport, &ip6->ip6_dst, uh->uh_dport,
428 INPLOOKUP_RLOCKPCB, m->m_pkthdr.rcvif, m);
429 if (!inp) {
430 /*
431 * It's new. Try to find the ambushing socket.
432 * Because we've rewritten the destination address,
433 * any hardware-generated hash is ignored.
434 */
435 inp = in6_pcblookup(pcbinfo, &ip6->ip6_src,
436 uh->uh_sport, &next_hop6->sin6_addr,
437 next_hop6->sin6_port ? htons(next_hop6->sin6_port) :
438 uh->uh_dport, INPLOOKUP_WILDCARD |
439 INPLOOKUP_RLOCKPCB, m->m_pkthdr.rcvif);
440 }
441 /* Remove the tag from the packet. We don't need it anymore. */
442 m_tag_delete(m, fwd_tag);
443 m->m_flags &= ~M_IP6_NEXTHOP;
444 } else
445 inp = in6_pcblookup_mbuf(pcbinfo, &ip6->ip6_src,
446 uh->uh_sport, &ip6->ip6_dst, uh->uh_dport,
447 INPLOOKUP_WILDCARD | INPLOOKUP_RLOCKPCB,
448 m->m_pkthdr.rcvif, m);
449 if (inp == NULL) {
450 if (udp_log_in_vain) {
451 char ip6bufs[INET6_ADDRSTRLEN];
452 char ip6bufd[INET6_ADDRSTRLEN];
453
454 log(LOG_INFO,
455 "Connection attempt to UDP [%s]:%d from [%s]:%d\n",
456 ip6_sprintf(ip6bufd, &ip6->ip6_dst),
457 ntohs(uh->uh_dport),
458 ip6_sprintf(ip6bufs, &ip6->ip6_src),
459 ntohs(uh->uh_sport));
460 }
461 UDPSTAT_INC(udps_noport);
462 if (m->m_flags & M_MCAST) {
463 printf("UDP6: M_MCAST is set in a unicast packet.\n");
464 UDPSTAT_INC(udps_noportmcast);
465 goto badunlocked;
466 }
467 if (V_udp_blackhole)
468 goto badunlocked;
469 if (badport_bandlim(BANDLIM_ICMP6_UNREACH) < 0)
470 goto badunlocked;
471 icmp6_error(m, ICMP6_DST_UNREACH, ICMP6_DST_UNREACH_NOPORT, 0);
472 return (IPPROTO_DONE);
473 }
474 INP_RLOCK_ASSERT(inp);
475 up = intoudpcb(inp);
476 if (cscov_partial) {
477 if (up->u_rxcslen == 0 || up->u_rxcslen > ulen) {
478 INP_RUNLOCK(inp);
479 m_freem(m);
480 return (IPPROTO_DONE);
481 }
482 }
483 UDP_PROBE(receive, NULL, inp, ip6, inp, uh);
484 if (udp6_append(inp, m, off, &fromsa) == 0)
485 INP_RUNLOCK(inp);
486 return (IPPROTO_DONE);
487
488 badheadlocked:
489 INP_INFO_RUNLOCK(pcbinfo);
490 badunlocked:
491 if (m)
492 m_freem(m);
493 return (IPPROTO_DONE);
494 }
495
496 static void
497 udp6_common_ctlinput(int cmd, struct sockaddr *sa, void *d,
498 struct inpcbinfo *pcbinfo)
499 {
500 struct udphdr uh;
501 struct ip6_hdr *ip6;
502 struct mbuf *m;
503 int off = 0;
504 struct ip6ctlparam *ip6cp = NULL;
505 const struct sockaddr_in6 *sa6_src = NULL;
506 void *cmdarg;
507 struct inpcb *(*notify)(struct inpcb *, int) = udp_notify;
508 struct udp_portonly {
509 u_int16_t uh_sport;
510 u_int16_t uh_dport;
511 } *uhp;
512
513 if (sa->sa_family != AF_INET6 ||
514 sa->sa_len != sizeof(struct sockaddr_in6))
515 return;
516
517 if ((unsigned)cmd >= PRC_NCMDS)
518 return;
519 if (PRC_IS_REDIRECT(cmd))
520 notify = in6_rtchange, d = NULL;
521 else if (cmd == PRC_HOSTDEAD)
522 d = NULL;
523 else if (inet6ctlerrmap[cmd] == 0)
524 return;
525
526 /* if the parameter is from icmp6, decode it. */
527 if (d != NULL) {
528 ip6cp = (struct ip6ctlparam *)d;
529 m = ip6cp->ip6c_m;
530 ip6 = ip6cp->ip6c_ip6;
531 off = ip6cp->ip6c_off;
532 cmdarg = ip6cp->ip6c_cmdarg;
533 sa6_src = ip6cp->ip6c_src;
534 } else {
535 m = NULL;
536 ip6 = NULL;
537 cmdarg = NULL;
538 sa6_src = &sa6_any;
539 }
540
541 if (ip6) {
542 /*
543 * XXX: We assume that when IPV6 is non NULL,
544 * M and OFF are valid.
545 */
546
547 /* Check if we can safely examine src and dst ports. */
548 if (m->m_pkthdr.len < off + sizeof(*uhp))
549 return;
550
551 bzero(&uh, sizeof(uh));
552 m_copydata(m, off, sizeof(*uhp), (caddr_t)&uh);
553
554 if (!PRC_IS_REDIRECT(cmd)) {
555 /* Check to see if its tunneled */
556 struct inpcb *inp;
557 inp = in6_pcblookup_mbuf(pcbinfo, &ip6->ip6_dst,
558 uh.uh_dport, &ip6->ip6_src, uh.uh_sport,
559 INPLOOKUP_WILDCARD | INPLOOKUP_RLOCKPCB,
560 m->m_pkthdr.rcvif, m);
561 if (inp != NULL) {
562 struct udpcb *up;
563
564 up = intoudpcb(inp);
565 if (up->u_icmp_func) {
566 /* Yes it is. */
567 INP_RUNLOCK(inp);
568 (*up->u_icmp_func)(cmd, (struct sockaddr *)ip6cp->ip6c_src,
569 d, up->u_tun_ctx);
570 return;
571 } else {
572 /* Can't find it. */
573 INP_RUNLOCK(inp);
574 }
575 }
576 }
577 (void)in6_pcbnotify(pcbinfo, sa, uh.uh_dport,
578 (struct sockaddr *)ip6cp->ip6c_src, uh.uh_sport, cmd,
579 cmdarg, notify);
580 } else
581 (void)in6_pcbnotify(pcbinfo, sa, 0,
582 (const struct sockaddr *)sa6_src, 0, cmd, cmdarg, notify);
583 }
584
585 void
586 udp6_ctlinput(int cmd, struct sockaddr *sa, void *d)
587 {
588
589 return (udp6_common_ctlinput(cmd, sa, d, &V_udbinfo));
590 }
591
592 void
593 udplite6_ctlinput(int cmd, struct sockaddr *sa, void *d)
594 {
595
596 return (udp6_common_ctlinput(cmd, sa, d, &V_ulitecbinfo));
597 }
598
599 static int
600 udp6_getcred(SYSCTL_HANDLER_ARGS)
601 {
602 struct xucred xuc;
603 struct sockaddr_in6 addrs[2];
604 struct inpcb *inp;
605 int error;
606
607 error = priv_check(req->td, PRIV_NETINET_GETCRED);
608 if (error)
609 return (error);
610
611 if (req->newlen != sizeof(addrs))
612 return (EINVAL);
613 if (req->oldlen != sizeof(struct xucred))
614 return (EINVAL);
615 error = SYSCTL_IN(req, addrs, sizeof(addrs));
616 if (error)
617 return (error);
618 if ((error = sa6_embedscope(&addrs[0], V_ip6_use_defzone)) != 0 ||
619 (error = sa6_embedscope(&addrs[1], V_ip6_use_defzone)) != 0) {
620 return (error);
621 }
622 inp = in6_pcblookup(&V_udbinfo, &addrs[1].sin6_addr,
623 addrs[1].sin6_port, &addrs[0].sin6_addr, addrs[0].sin6_port,
624 INPLOOKUP_WILDCARD | INPLOOKUP_RLOCKPCB, NULL);
625 if (inp != NULL) {
626 INP_RLOCK_ASSERT(inp);
627 if (inp->inp_socket == NULL)
628 error = ENOENT;
629 if (error == 0)
630 error = cr_canseesocket(req->td->td_ucred,
631 inp->inp_socket);
632 if (error == 0)
633 cru2x(inp->inp_cred, &xuc);
634 INP_RUNLOCK(inp);
635 } else
636 error = ENOENT;
637 if (error == 0)
638 error = SYSCTL_OUT(req, &xuc, sizeof(struct xucred));
639 return (error);
640 }
641
642 SYSCTL_PROC(_net_inet6_udp6, OID_AUTO, getcred, CTLTYPE_OPAQUE|CTLFLAG_RW, 0,
643 0, udp6_getcred, "S,xucred", "Get the xucred of a UDP6 connection");
644
645 static int
646 udp6_output(struct inpcb *inp, struct mbuf *m, struct sockaddr *addr6,
647 struct mbuf *control, struct thread *td)
648 {
649 u_int32_t ulen = m->m_pkthdr.len;
650 u_int32_t plen = sizeof(struct udphdr) + ulen;
651 struct ip6_hdr *ip6;
652 struct udphdr *udp6;
653 struct in6_addr *laddr, *faddr, in6a;
654 struct sockaddr_in6 *sin6 = NULL;
655 int cscov_partial = 0;
656 int scope_ambiguous = 0;
657 u_short fport;
658 int error = 0;
659 uint8_t nxt;
660 uint16_t cscov = 0;
661 struct ip6_pktopts *optp, opt;
662 int af = AF_INET6, hlen = sizeof(struct ip6_hdr);
663 int flags;
664 struct sockaddr_in6 tmp;
665
666 INP_WLOCK_ASSERT(inp);
667 INP_HASH_WLOCK_ASSERT(inp->inp_pcbinfo);
668
669 if (addr6) {
670 /* addr6 has been validated in udp6_send(). */
671 sin6 = (struct sockaddr_in6 *)addr6;
672
673 /* protect *sin6 from overwrites */
674 tmp = *sin6;
675 sin6 = &tmp;
676
677 /*
678 * Application should provide a proper zone ID or the use of
679 * default zone IDs should be enabled. Unfortunately, some
680 * applications do not behave as it should, so we need a
681 * workaround. Even if an appropriate ID is not determined,
682 * we'll see if we can determine the outgoing interface. If we
683 * can, determine the zone ID based on the interface below.
684 */
685 if (sin6->sin6_scope_id == 0 && !V_ip6_use_defzone)
686 scope_ambiguous = 1;
687 if ((error = sa6_embedscope(sin6, V_ip6_use_defzone)) != 0)
688 return (error);
689 }
690
691 nxt = (inp->inp_socket->so_proto->pr_protocol == IPPROTO_UDP) ?
692 IPPROTO_UDP : IPPROTO_UDPLITE;
693 if (control) {
694 if ((error = ip6_setpktopts(control, &opt,
695 inp->in6p_outputopts, td->td_ucred, nxt)) != 0)
696 goto release;
697 optp = &opt;
698 } else
699 optp = inp->in6p_outputopts;
700
701 if (sin6) {
702 faddr = &sin6->sin6_addr;
703
704 /*
705 * Since we saw no essential reason for calling in_pcbconnect,
706 * we get rid of such kind of logic, and call in6_selectsrc
707 * and in6_pcbsetport in order to fill in the local address
708 * and the local port.
709 */
710 if (sin6->sin6_port == 0) {
711 error = EADDRNOTAVAIL;
712 goto release;
713 }
714
715 if (!IN6_IS_ADDR_UNSPECIFIED(&inp->in6p_faddr)) {
716 /* how about ::ffff:0.0.0.0 case? */
717 error = EISCONN;
718 goto release;
719 }
720
721 fport = sin6->sin6_port; /* allow 0 port */
722
723 if (IN6_IS_ADDR_V4MAPPED(faddr)) {
724 if ((inp->inp_flags & IN6P_IPV6_V6ONLY)) {
725 /*
726 * I believe we should explicitly discard the
727 * packet when mapped addresses are disabled,
728 * rather than send the packet as an IPv6 one.
729 * If we chose the latter approach, the packet
730 * might be sent out on the wire based on the
731 * default route, the situation which we'd
732 * probably want to avoid.
733 * (20010421 jinmei@kame.net)
734 */
735 error = EINVAL;
736 goto release;
737 }
738 if (!IN6_IS_ADDR_UNSPECIFIED(&inp->in6p_laddr) &&
739 !IN6_IS_ADDR_V4MAPPED(&inp->in6p_laddr)) {
740 /*
741 * when remote addr is an IPv4-mapped address,
742 * local addr should not be an IPv6 address,
743 * since you cannot determine how to map IPv6
744 * source address to IPv4.
745 */
746 error = EINVAL;
747 goto release;
748 }
749
750 af = AF_INET;
751 }
752
753 if (!IN6_IS_ADDR_V4MAPPED(faddr)) {
754 error = in6_selectsrc_socket(sin6, optp, inp,
755 td->td_ucred, scope_ambiguous, &in6a, NULL);
756 if (error)
757 goto release;
758 laddr = &in6a;
759 } else
760 laddr = &inp->in6p_laddr; /* XXX */
761 if (laddr == NULL) {
762 if (error == 0)
763 error = EADDRNOTAVAIL;
764 goto release;
765 }
766 if (inp->inp_lport == 0 &&
767 (error = in6_pcbsetport(laddr, inp, td->td_ucred)) != 0) {
768 /* Undo an address bind that may have occurred. */
769 inp->in6p_laddr = in6addr_any;
770 goto release;
771 }
772 } else {
773 if (IN6_IS_ADDR_UNSPECIFIED(&inp->in6p_faddr)) {
774 error = ENOTCONN;
775 goto release;
776 }
777 if (IN6_IS_ADDR_V4MAPPED(&inp->in6p_faddr)) {
778 if ((inp->inp_flags & IN6P_IPV6_V6ONLY)) {
779 /*
780 * XXX: this case would happen when the
781 * application sets the V6ONLY flag after
782 * connecting the foreign address.
783 * Such applications should be fixed,
784 * so we bark here.
785 */
786 log(LOG_INFO, "udp6_output: IPV6_V6ONLY "
787 "option was set for a connected socket\n");
788 error = EINVAL;
789 goto release;
790 } else
791 af = AF_INET;
792 }
793 laddr = &inp->in6p_laddr;
794 faddr = &inp->in6p_faddr;
795 fport = inp->inp_fport;
796 }
797
798 if (af == AF_INET)
799 hlen = sizeof(struct ip);
800
801 /*
802 * Calculate data length and get a mbuf
803 * for UDP and IP6 headers.
804 */
805 M_PREPEND(m, hlen + sizeof(struct udphdr), M_NOWAIT);
806 if (m == NULL) {
807 error = ENOBUFS;
808 goto release;
809 }
810
811 /*
812 * Stuff checksum and output datagram.
813 */
814 udp6 = (struct udphdr *)(mtod(m, caddr_t) + hlen);
815 udp6->uh_sport = inp->inp_lport; /* lport is always set in the PCB */
816 udp6->uh_dport = fport;
817 if (nxt == IPPROTO_UDPLITE) {
818 struct udpcb *up;
819
820 up = intoudpcb(inp);
821 cscov = up->u_txcslen;
822 if (cscov >= plen)
823 cscov = 0;
824 udp6->uh_ulen = htons(cscov);
825 /*
826 * For UDP-Lite, checksum coverage length of zero means
827 * the entire UDPLite packet is covered by the checksum.
828 */
829 cscov_partial = (cscov == 0) ? 0 : 1;
830 } else if (plen <= 0xffff)
831 udp6->uh_ulen = htons((u_short)plen);
832 else
833 udp6->uh_ulen = 0;
834 udp6->uh_sum = 0;
835
836 switch (af) {
837 case AF_INET6:
838 ip6 = mtod(m, struct ip6_hdr *);
839 ip6->ip6_flow = inp->inp_flow & IPV6_FLOWINFO_MASK;
840 ip6->ip6_vfc &= ~IPV6_VERSION_MASK;
841 ip6->ip6_vfc |= IPV6_VERSION;
842 ip6->ip6_plen = htons((u_short)plen);
843 ip6->ip6_nxt = nxt;
844 ip6->ip6_hlim = in6_selecthlim(inp, NULL);
845 ip6->ip6_src = *laddr;
846 ip6->ip6_dst = *faddr;
847
848 if (cscov_partial) {
849 if ((udp6->uh_sum = in6_cksum_partial(m, nxt,
850 sizeof(struct ip6_hdr), plen, cscov)) == 0)
851 udp6->uh_sum = 0xffff;
852 } else {
853 udp6->uh_sum = in6_cksum_pseudo(ip6, plen, nxt, 0);
854 m->m_pkthdr.csum_flags = CSUM_UDP_IPV6;
855 m->m_pkthdr.csum_data = offsetof(struct udphdr, uh_sum);
856 }
857
858 #ifdef RSS
859 {
860 uint32_t hash_val, hash_type;
861 uint8_t pr;
862
863 pr = inp->inp_socket->so_proto->pr_protocol;
864 /*
865 * Calculate an appropriate RSS hash for UDP and
866 * UDP Lite.
867 *
868 * The called function will take care of figuring out
869 * whether a 2-tuple or 4-tuple hash is required based
870 * on the currently configured scheme.
871 *
872 * Later later on connected socket values should be
873 * cached in the inpcb and reused, rather than constantly
874 * re-calculating it.
875 *
876 * UDP Lite is a different protocol number and will
877 * likely end up being hashed as a 2-tuple until
878 * RSS / NICs grow UDP Lite protocol awareness.
879 */
880 if (rss_proto_software_hash_v6(faddr, laddr, fport,
881 inp->inp_lport, pr, &hash_val, &hash_type) == 0) {
882 m->m_pkthdr.flowid = hash_val;
883 M_HASHTYPE_SET(m, hash_type);
884 }
885 }
886 #endif
887 flags = 0;
888 #ifdef RSS
889 /*
890 * Don't override with the inp cached flowid.
891 *
892 * Until the whole UDP path is vetted, it may actually
893 * be incorrect.
894 */
895 flags |= IP_NODEFAULTFLOWID;
896 #endif
897
898 UDP_PROBE(send, NULL, inp, ip6, inp, udp6);
899 UDPSTAT_INC(udps_opackets);
900 error = ip6_output(m, optp, &inp->inp_route6, flags,
901 inp->in6p_moptions, NULL, inp);
902 break;
903 case AF_INET:
904 error = EAFNOSUPPORT;
905 goto release;
906 }
907 goto releaseopt;
908
909 release:
910 m_freem(m);
911
912 releaseopt:
913 if (control) {
914 ip6_clearpktopts(&opt, -1);
915 m_freem(control);
916 }
917 return (error);
918 }
919
920 static void
921 udp6_abort(struct socket *so)
922 {
923 struct inpcb *inp;
924 struct inpcbinfo *pcbinfo;
925
926 pcbinfo = udp_get_inpcbinfo(so->so_proto->pr_protocol);
927 inp = sotoinpcb(so);
928 KASSERT(inp != NULL, ("udp6_abort: inp == NULL"));
929
930 INP_WLOCK(inp);
931 #ifdef INET
932 if (inp->inp_vflag & INP_IPV4) {
933 struct pr_usrreqs *pru;
934 uint8_t nxt;
935
936 nxt = (inp->inp_socket->so_proto->pr_protocol == IPPROTO_UDP) ?
937 IPPROTO_UDP : IPPROTO_UDPLITE;
938 INP_WUNLOCK(inp);
939 pru = inetsw[ip_protox[nxt]].pr_usrreqs;
940 (*pru->pru_abort)(so);
941 return;
942 }
943 #endif
944
945 if (!IN6_IS_ADDR_UNSPECIFIED(&inp->in6p_faddr)) {
946 INP_HASH_WLOCK(pcbinfo);
947 in6_pcbdisconnect(inp);
948 inp->in6p_laddr = in6addr_any;
949 INP_HASH_WUNLOCK(pcbinfo);
950 soisdisconnected(so);
951 }
952 INP_WUNLOCK(inp);
953 }
954
955 static int
956 udp6_attach(struct socket *so, int proto, struct thread *td)
957 {
958 struct inpcb *inp;
959 struct inpcbinfo *pcbinfo;
960 int error;
961
962 pcbinfo = udp_get_inpcbinfo(so->so_proto->pr_protocol);
963 inp = sotoinpcb(so);
964 KASSERT(inp == NULL, ("udp6_attach: inp != NULL"));
965
966 if (so->so_snd.sb_hiwat == 0 || so->so_rcv.sb_hiwat == 0) {
967 error = soreserve(so, udp_sendspace, udp_recvspace);
968 if (error)
969 return (error);
970 }
971 INP_INFO_WLOCK(pcbinfo);
972 error = in_pcballoc(so, pcbinfo);
973 if (error) {
974 INP_INFO_WUNLOCK(pcbinfo);
975 return (error);
976 }
977 inp = (struct inpcb *)so->so_pcb;
978 inp->inp_vflag |= INP_IPV6;
979 if ((inp->inp_flags & IN6P_IPV6_V6ONLY) == 0)
980 inp->inp_vflag |= INP_IPV4;
981 inp->in6p_hops = -1; /* use kernel default */
982 inp->in6p_cksum = -1; /* just to be sure */
983 /*
984 * XXX: ugly!!
985 * IPv4 TTL initialization is necessary for an IPv6 socket as well,
986 * because the socket may be bound to an IPv6 wildcard address,
987 * which may match an IPv4-mapped IPv6 address.
988 */
989 inp->inp_ip_ttl = V_ip_defttl;
990
991 error = udp_newudpcb(inp);
992 if (error) {
993 in_pcbdetach(inp);
994 in_pcbfree(inp);
995 INP_INFO_WUNLOCK(pcbinfo);
996 return (error);
997 }
998 INP_WUNLOCK(inp);
999 INP_INFO_WUNLOCK(pcbinfo);
1000 return (0);
1001 }
1002
1003 static int
1004 udp6_bind(struct socket *so, struct sockaddr *nam, struct thread *td)
1005 {
1006 struct inpcb *inp;
1007 struct inpcbinfo *pcbinfo;
1008 int error;
1009 u_char vflagsav;
1010
1011 pcbinfo = udp_get_inpcbinfo(so->so_proto->pr_protocol);
1012 inp = sotoinpcb(so);
1013 KASSERT(inp != NULL, ("udp6_bind: inp == NULL"));
1014
1015 INP_WLOCK(inp);
1016 INP_HASH_WLOCK(pcbinfo);
1017 vflagsav = inp->inp_vflag;
1018 inp->inp_vflag &= ~INP_IPV4;
1019 inp->inp_vflag |= INP_IPV6;
1020 if ((inp->inp_flags & IN6P_IPV6_V6ONLY) == 0) {
1021 struct sockaddr_in6 *sin6_p;
1022
1023 sin6_p = (struct sockaddr_in6 *)nam;
1024
1025 if (IN6_IS_ADDR_UNSPECIFIED(&sin6_p->sin6_addr))
1026 inp->inp_vflag |= INP_IPV4;
1027 #ifdef INET
1028 else if (IN6_IS_ADDR_V4MAPPED(&sin6_p->sin6_addr)) {
1029 struct sockaddr_in sin;
1030
1031 in6_sin6_2_sin(&sin, sin6_p);
1032 inp->inp_vflag |= INP_IPV4;
1033 inp->inp_vflag &= ~INP_IPV6;
1034 error = in_pcbbind(inp, (struct sockaddr *)&sin,
1035 td->td_ucred);
1036 goto out;
1037 }
1038 #endif
1039 }
1040
1041 error = in6_pcbbind(inp, nam, td->td_ucred);
1042 #ifdef INET
1043 out:
1044 #endif
1045 if (error != 0)
1046 inp->inp_vflag = vflagsav;
1047 INP_HASH_WUNLOCK(pcbinfo);
1048 INP_WUNLOCK(inp);
1049 return (error);
1050 }
1051
1052 static void
1053 udp6_close(struct socket *so)
1054 {
1055 struct inpcb *inp;
1056 struct inpcbinfo *pcbinfo;
1057
1058 pcbinfo = udp_get_inpcbinfo(so->so_proto->pr_protocol);
1059 inp = sotoinpcb(so);
1060 KASSERT(inp != NULL, ("udp6_close: inp == NULL"));
1061
1062 INP_WLOCK(inp);
1063 #ifdef INET
1064 if (inp->inp_vflag & INP_IPV4) {
1065 struct pr_usrreqs *pru;
1066 uint8_t nxt;
1067
1068 nxt = (inp->inp_socket->so_proto->pr_protocol == IPPROTO_UDP) ?
1069 IPPROTO_UDP : IPPROTO_UDPLITE;
1070 INP_WUNLOCK(inp);
1071 pru = inetsw[ip_protox[nxt]].pr_usrreqs;
1072 (*pru->pru_disconnect)(so);
1073 return;
1074 }
1075 #endif
1076 if (!IN6_IS_ADDR_UNSPECIFIED(&inp->in6p_faddr)) {
1077 INP_HASH_WLOCK(pcbinfo);
1078 in6_pcbdisconnect(inp);
1079 inp->in6p_laddr = in6addr_any;
1080 INP_HASH_WUNLOCK(pcbinfo);
1081 soisdisconnected(so);
1082 }
1083 INP_WUNLOCK(inp);
1084 }
1085
1086 static int
1087 udp6_connect(struct socket *so, struct sockaddr *nam, struct thread *td)
1088 {
1089 struct inpcb *inp;
1090 struct inpcbinfo *pcbinfo;
1091 struct sockaddr_in6 *sin6;
1092 int error;
1093 u_char vflagsav;
1094
1095 pcbinfo = udp_get_inpcbinfo(so->so_proto->pr_protocol);
1096 inp = sotoinpcb(so);
1097 sin6 = (struct sockaddr_in6 *)nam;
1098 KASSERT(inp != NULL, ("udp6_connect: inp == NULL"));
1099
1100 /*
1101 * XXXRW: Need to clarify locking of v4/v6 flags.
1102 */
1103 INP_WLOCK(inp);
1104 #ifdef INET
1105 if (IN6_IS_ADDR_V4MAPPED(&sin6->sin6_addr)) {
1106 struct sockaddr_in sin;
1107
1108 if ((inp->inp_flags & IN6P_IPV6_V6ONLY) != 0) {
1109 error = EINVAL;
1110 goto out;
1111 }
1112 if ((inp->inp_vflag & INP_IPV4) == 0) {
1113 error = EAFNOSUPPORT;
1114 goto out;
1115 }
1116 if (inp->inp_faddr.s_addr != INADDR_ANY) {
1117 error = EISCONN;
1118 goto out;
1119 }
1120 in6_sin6_2_sin(&sin, sin6);
1121 error = prison_remote_ip4(td->td_ucred, &sin.sin_addr);
1122 if (error != 0)
1123 goto out;
1124 vflagsav = inp->inp_vflag;
1125 inp->inp_vflag |= INP_IPV4;
1126 inp->inp_vflag &= ~INP_IPV6;
1127 INP_HASH_WLOCK(pcbinfo);
1128 error = in_pcbconnect(inp, (struct sockaddr *)&sin,
1129 td->td_ucred);
1130 INP_HASH_WUNLOCK(pcbinfo);
1131 /*
1132 * If connect succeeds, mark socket as connected. If
1133 * connect fails and socket is unbound, reset inp_vflag
1134 * field.
1135 */
1136 if (error == 0)
1137 soisconnected(so);
1138 else if (inp->inp_laddr.s_addr == INADDR_ANY &&
1139 inp->inp_lport == 0)
1140 inp->inp_vflag = vflagsav;
1141 goto out;
1142 } else {
1143 if ((inp->inp_vflag & INP_IPV6) == 0) {
1144 error = EAFNOSUPPORT;
1145 goto out;
1146 }
1147 }
1148 #endif
1149 if (!IN6_IS_ADDR_UNSPECIFIED(&inp->in6p_faddr)) {
1150 error = EISCONN;
1151 goto out;
1152 }
1153 error = prison_remote_ip6(td->td_ucred, &sin6->sin6_addr);
1154 if (error != 0)
1155 goto out;
1156 vflagsav = inp->inp_vflag;
1157 inp->inp_vflag &= ~INP_IPV4;
1158 inp->inp_vflag |= INP_IPV6;
1159 INP_HASH_WLOCK(pcbinfo);
1160 error = in6_pcbconnect(inp, nam, td->td_ucred);
1161 INP_HASH_WUNLOCK(pcbinfo);
1162 /*
1163 * If connect succeeds, mark socket as connected. If
1164 * connect fails and socket is unbound, reset inp_vflag
1165 * field.
1166 */
1167 if (error == 0)
1168 soisconnected(so);
1169 else if (IN6_IS_ADDR_UNSPECIFIED(&inp->in6p_laddr) &&
1170 inp->inp_lport == 0)
1171 inp->inp_vflag = vflagsav;
1172 out:
1173 INP_WUNLOCK(inp);
1174 return (error);
1175 }
1176
1177 static void
1178 udp6_detach(struct socket *so)
1179 {
1180 struct inpcb *inp;
1181 struct inpcbinfo *pcbinfo;
1182 struct udpcb *up;
1183
1184 pcbinfo = udp_get_inpcbinfo(so->so_proto->pr_protocol);
1185 inp = sotoinpcb(so);
1186 KASSERT(inp != NULL, ("udp6_detach: inp == NULL"));
1187
1188 INP_INFO_WLOCK(pcbinfo);
1189 INP_WLOCK(inp);
1190 up = intoudpcb(inp);
1191 KASSERT(up != NULL, ("%s: up == NULL", __func__));
1192 in_pcbdetach(inp);
1193 in_pcbfree(inp);
1194 INP_INFO_WUNLOCK(pcbinfo);
1195 udp_discardcb(up);
1196 }
1197
1198 static int
1199 udp6_disconnect(struct socket *so)
1200 {
1201 struct inpcb *inp;
1202 struct inpcbinfo *pcbinfo;
1203 int error;
1204
1205 pcbinfo = udp_get_inpcbinfo(so->so_proto->pr_protocol);
1206 inp = sotoinpcb(so);
1207 KASSERT(inp != NULL, ("udp6_disconnect: inp == NULL"));
1208
1209 INP_WLOCK(inp);
1210 #ifdef INET
1211 if (inp->inp_vflag & INP_IPV4) {
1212 struct pr_usrreqs *pru;
1213 uint8_t nxt;
1214
1215 nxt = (inp->inp_socket->so_proto->pr_protocol == IPPROTO_UDP) ?
1216 IPPROTO_UDP : IPPROTO_UDPLITE;
1217 INP_WUNLOCK(inp);
1218 pru = inetsw[ip_protox[nxt]].pr_usrreqs;
1219 (void)(*pru->pru_disconnect)(so);
1220 return (0);
1221 }
1222 #endif
1223
1224 if (IN6_IS_ADDR_UNSPECIFIED(&inp->in6p_faddr)) {
1225 error = ENOTCONN;
1226 goto out;
1227 }
1228
1229 INP_HASH_WLOCK(pcbinfo);
1230 in6_pcbdisconnect(inp);
1231 inp->in6p_laddr = in6addr_any;
1232 INP_HASH_WUNLOCK(pcbinfo);
1233 SOCK_LOCK(so);
1234 so->so_state &= ~SS_ISCONNECTED; /* XXX */
1235 SOCK_UNLOCK(so);
1236 out:
1237 INP_WUNLOCK(inp);
1238 return (0);
1239 }
1240
1241 static int
1242 udp6_send(struct socket *so, int flags, struct mbuf *m,
1243 struct sockaddr *addr, struct mbuf *control, struct thread *td)
1244 {
1245 struct inpcb *inp;
1246 struct inpcbinfo *pcbinfo;
1247 int error = 0;
1248
1249 pcbinfo = udp_get_inpcbinfo(so->so_proto->pr_protocol);
1250 inp = sotoinpcb(so);
1251 KASSERT(inp != NULL, ("udp6_send: inp == NULL"));
1252
1253 INP_WLOCK(inp);
1254 if (addr) {
1255 if (addr->sa_len != sizeof(struct sockaddr_in6)) {
1256 error = EINVAL;
1257 goto bad;
1258 }
1259 if (addr->sa_family != AF_INET6) {
1260 error = EAFNOSUPPORT;
1261 goto bad;
1262 }
1263 }
1264
1265 #ifdef INET
1266 if ((inp->inp_flags & IN6P_IPV6_V6ONLY) == 0) {
1267 int hasv4addr;
1268 struct sockaddr_in6 *sin6 = NULL;
1269
1270 if (addr == NULL)
1271 hasv4addr = (inp->inp_vflag & INP_IPV4);
1272 else {
1273 sin6 = (struct sockaddr_in6 *)addr;
1274 hasv4addr = IN6_IS_ADDR_V4MAPPED(&sin6->sin6_addr)
1275 ? 1 : 0;
1276 }
1277 if (hasv4addr) {
1278 struct pr_usrreqs *pru;
1279 uint8_t nxt;
1280
1281 nxt = (inp->inp_socket->so_proto->pr_protocol ==
1282 IPPROTO_UDP) ? IPPROTO_UDP : IPPROTO_UDPLITE;
1283 /*
1284 * XXXRW: We release UDP-layer locks before calling
1285 * udp_send() in order to avoid recursion. However,
1286 * this does mean there is a short window where inp's
1287 * fields are unstable. Could this lead to a
1288 * potential race in which the factors causing us to
1289 * select the UDPv4 output routine are invalidated?
1290 */
1291 INP_WUNLOCK(inp);
1292 if (sin6)
1293 in6_sin6_2_sin_in_sock(addr);
1294 pru = inetsw[ip_protox[nxt]].pr_usrreqs;
1295 /* addr will just be freed in sendit(). */
1296 return ((*pru->pru_send)(so, flags, m, addr, control,
1297 td));
1298 }
1299 }
1300 #endif
1301 #ifdef MAC
1302 mac_inpcb_create_mbuf(inp, m);
1303 #endif
1304 INP_HASH_WLOCK(pcbinfo);
1305 error = udp6_output(inp, m, addr, control, td);
1306 INP_HASH_WUNLOCK(pcbinfo);
1307 INP_WUNLOCK(inp);
1308 return (error);
1309
1310 bad:
1311 INP_WUNLOCK(inp);
1312 m_freem(m);
1313 return (error);
1314 }
1315
1316 struct pr_usrreqs udp6_usrreqs = {
1317 .pru_abort = udp6_abort,
1318 .pru_attach = udp6_attach,
1319 .pru_bind = udp6_bind,
1320 .pru_connect = udp6_connect,
1321 .pru_control = in6_control,
1322 .pru_detach = udp6_detach,
1323 .pru_disconnect = udp6_disconnect,
1324 .pru_peeraddr = in6_mapped_peeraddr,
1325 .pru_send = udp6_send,
1326 .pru_shutdown = udp_shutdown,
1327 .pru_sockaddr = in6_mapped_sockaddr,
1328 .pru_soreceive = soreceive_dgram,
1329 .pru_sosend = sosend_dgram,
1330 .pru_sosetlabel = in_pcbsosetlabel,
1331 .pru_close = udp6_close
1332 };
Cache object: 5d65e2a7c2c3ea3ebc84f407fa14a456
|