]> git.saurik.com Git - apple/xnu.git/blob - bsd/netinet/udp_usrreq.c
projects / apple / xnu.git / blob
? search:


37cc4153cca8b9a2cbc1c6f27a74b7a912bcbb95
[apple/xnu.git] / bsd / netinet / udp_usrreq.c
1 /*
2 * Copyright (c) 2000-2010 Apple Inc. All rights reserved.
3 *
4 * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. The rights granted to you under the License
10 * may not be used to create, or enable the creation or redistribution of,
11 * unlawful or unlicensed copies of an Apple operating system, or to
12 * circumvent, violate, or enable the circumvention or violation of, any
13 * terms of an Apple operating system software license agreement.
14 *
15 * Please obtain a copy of the License at
16 * http://www.opensource.apple.com/apsl/ and read it before using this file.
17 *
18 * The Original Code and all software distributed under the License are
19 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
20 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
21 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
22 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
23 * Please see the License for the specific language governing rights and
24 * limitations under the License.
25 *
26 * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
27 */
28 /*
29 * Copyright (c) 1982, 1986, 1988, 1990, 1993, 1995
30 * The Regents of the University of California. All rights reserved.
31 *
32 * Redistribution and use in source and binary forms, with or without
33 * modification, are permitted provided that the following conditions
34 * are met:
35 * 1. Redistributions of source code must retain the above copyright
36 * notice, this list of conditions and the following disclaimer.
37 * 2. Redistributions in binary form must reproduce the above copyright
38 * notice, this list of conditions and the following disclaimer in the
39 * documentation and/or other materials provided with the distribution.
40 * 3. All advertising materials mentioning features or use of this software
41 * must display the following acknowledgement:
42 * This product includes software developed by the University of
43 * California, Berkeley and its contributors.
44 * 4. Neither the name of the University nor the names of its contributors
45 * may be used to endorse or promote products derived from this software
46 * without specific prior written permission.
47 *
48 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
49 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
50 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
51 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
52 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
53 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
54 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
55 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
56 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
57 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
58 * SUCH DAMAGE.
59 *
60 * @(#)udp_usrreq.c 8.6 (Berkeley) 5/23/95
61 * $FreeBSD: src/sys/netinet/udp_usrreq.c,v 1.64.2.13 2001/08/08 18:59:54 ghelmer Exp $
62 */
63
64 #include <sys/param.h>
65 #include <sys/systm.h>
66 #include <sys/kernel.h>
67 #include <sys/malloc.h>
68 #include <sys/mbuf.h>
69 #include <sys/domain.h>
70 #include <sys/protosw.h>
71 #include <sys/socket.h>
72 #include <sys/socketvar.h>
73 #include <sys/sysctl.h>
74 #include <sys/syslog.h>
75 #include <sys/mcache.h>
76 #include <net/ntstat.h>
77
78 #include <kern/zalloc.h>
79
80 #include <net/if.h>
81 #include <net/if_types.h>
82 #include <net/route.h>
83
84 #include <netinet/in.h>
85 #include <netinet/in_systm.h>
86 #include <netinet/ip.h>
87 #if INET6
88 #include <netinet/ip6.h>
89 #endif
90 #include <netinet/in_pcb.h>
91 #include <netinet/in_var.h>
92 #include <netinet/ip_var.h>
93 #if INET6
94 #include <netinet6/in6_pcb.h>
95 #include <netinet6/ip6_var.h>
96 #endif
97 #include <netinet/ip_icmp.h>
98 #include <netinet/icmp_var.h>
99 #include <netinet/udp.h>
100 #include <netinet/udp_var.h>
101 #include <sys/kdebug.h>
102
103 #if IPSEC
104 #include <netinet6/ipsec.h>
105 #include <netinet6/esp.h>
106 extern int ipsec_bypass;
107 #endif /*IPSEC*/
108
109
110 #define DBG_LAYER_IN_BEG NETDBG_CODE(DBG_NETUDP, 0)
111 #define DBG_LAYER_IN_END NETDBG_CODE(DBG_NETUDP, 2)
112 #define DBG_LAYER_OUT_BEG NETDBG_CODE(DBG_NETUDP, 1)
113 #define DBG_LAYER_OUT_END NETDBG_CODE(DBG_NETUDP, 3)
114 #define DBG_FNC_UDP_INPUT NETDBG_CODE(DBG_NETUDP, (5 << 8))
115 #define DBG_FNC_UDP_OUTPUT NETDBG_CODE(DBG_NETUDP, (6 << 8) | 1)
116
117 /*
118 * UDP protocol implementation.
119 * Per RFC 768, August, 1980.
120 */
121 #ifndef COMPAT_42
122 static int udpcksum = 1;
123 #else
124 static int udpcksum = 0; /* XXX */
125 #endif
126 SYSCTL_INT(_net_inet_udp, UDPCTL_CHECKSUM, checksum, CTLFLAG_RW | CTLFLAG_LOCKED,
127 &udpcksum, 0, "");
128
129 static u_int32_t udps_in_sw_cksum;
130 SYSCTL_UINT(_net_inet_udp, OID_AUTO, in_sw_cksum, CTLFLAG_RD | CTLFLAG_LOCKED,
131 &udps_in_sw_cksum, 0,
132 "Number of received packets checksummed in software");
133
134 static u_int64_t udps_in_sw_cksum_bytes;
135 SYSCTL_QUAD(_net_inet_udp, OID_AUTO, in_sw_cksum_bytes, CTLFLAG_RD | CTLFLAG_LOCKED,
136 &udps_in_sw_cksum_bytes,
137 "Amount of received data checksummed in software");
138
139 static u_int32_t udps_out_sw_cksum;
140 SYSCTL_UINT(_net_inet_udp, OID_AUTO, out_sw_cksum, CTLFLAG_RD | CTLFLAG_LOCKED,
141 &udps_out_sw_cksum, 0,
142 "Number of transmitted packets checksummed in software");
143
144 static u_int64_t udps_out_sw_cksum_bytes;
145 SYSCTL_QUAD(_net_inet_udp, OID_AUTO, out_sw_cksum_bytes, CTLFLAG_RD | CTLFLAG_LOCKED,
146 &udps_out_sw_cksum_bytes,
147 "Amount of transmitted data checksummed in software");
148
149 int log_in_vain = 0;
150 SYSCTL_INT(_net_inet_udp, OID_AUTO, log_in_vain, CTLFLAG_RW | CTLFLAG_LOCKED,
151 &log_in_vain, 0, "Log all incoming UDP packets");
152
153 static int blackhole = 0;
154 SYSCTL_INT(_net_inet_udp, OID_AUTO, blackhole, CTLFLAG_RW | CTLFLAG_LOCKED,
155 &blackhole, 0, "Do not send port unreachables for refused connects");
156
157 struct inpcbhead udb; /* from udp_var.h */
158 #define udb6 udb /* for KAME src sync over BSD*'s */
159 struct inpcbinfo udbinfo;
160
161 #ifndef UDBHASHSIZE
162 #define UDBHASHSIZE 16
163 #endif
164
165 extern int esp_udp_encap_port;
166
167 extern void ipfwsyslog( int level, const char *format,...);
168
169 extern int fw_verbose;
170 static int udp_gc_done = FALSE; /* Garbage collection performed last slowtimo */
171
172 #if IPFIREWALL
173 #define log_in_vain_log( a ) { \
174 if ( (log_in_vain == 3 ) && (fw_verbose == 2)) { /* Apple logging, log to ipfw.log */ \
175 ipfwsyslog a ; \
176 } \
177 else log a ; \
178 }
179 #else
180 #define log_in_vain_log( a ) { log a; }
181 #endif
182
183 struct udpstat udpstat; /* from udp_var.h */
184 SYSCTL_STRUCT(_net_inet_udp, UDPCTL_STATS, stats, CTLFLAG_RD | CTLFLAG_LOCKED,
185 &udpstat, udpstat, "UDP statistics (struct udpstat, netinet/udp_var.h)");
186 SYSCTL_INT(_net_inet_udp, OID_AUTO, pcbcount, CTLFLAG_RD | CTLFLAG_LOCKED,
187 &udbinfo.ipi_count, 0, "Number of active PCBs");
188
189 __private_extern__ int udp_use_randomport = 1;
190 SYSCTL_INT(_net_inet_udp, OID_AUTO, randomize_ports, CTLFLAG_RW | CTLFLAG_LOCKED,
191 &udp_use_randomport, 0, "Randomize UDP port numbers");
192
193 #if INET6
194 struct udp_in6 {
195 struct sockaddr_in6 uin6_sin;
196 u_char uin6_init_done : 1;
197 };
198 struct udp_ip6 {
199 struct ip6_hdr uip6_ip6;
200 u_char uip6_init_done : 1;
201 };
202 static void ip_2_ip6_hdr(struct ip6_hdr *ip6, struct ip *ip);
203 static void udp_append(struct inpcb *last, struct ip *ip,
204 struct mbuf *n, int off, struct sockaddr_in *pudp_in,
205 struct udp_in6 *pudp_in6, struct udp_ip6 *pudp_ip6);
206 #else
207 static void udp_append(struct inpcb *last, struct ip *ip,
208 struct mbuf *n, int off, struct sockaddr_in *pudp_in);
209 #endif
210
211 static int udp_detach(struct socket *so);
212 static int udp_output(struct inpcb *, struct mbuf *, struct sockaddr *,
213 struct mbuf *, struct proc *);
214 extern int ChkAddressOK( __uint32_t dstaddr, __uint32_t srcaddr );
215
216 void
217 udp_init()
218 {
219 vm_size_t str_size;
220 struct inpcbinfo *pcbinfo;
221
222
223 LIST_INIT(&udb);
224 udbinfo.listhead = &udb;
225 udbinfo.hashbase = hashinit(UDBHASHSIZE, M_PCB, &udbinfo.hashmask);
226 udbinfo.porthashbase = hashinit(UDBHASHSIZE, M_PCB,
227 &udbinfo.porthashmask);
228 #ifdef __APPLE__
229 str_size = (vm_size_t) sizeof(struct inpcb);
230 udbinfo.ipi_zone = (void *) zinit(str_size, 80000*str_size, 8192, "udpcb");
231
232 pcbinfo = &udbinfo;
233 /*
234 * allocate lock group attribute and group for udp pcb mutexes
235 */
236 pcbinfo->mtx_grp_attr = lck_grp_attr_alloc_init();
237
238 pcbinfo->mtx_grp = lck_grp_alloc_init("udppcb", pcbinfo->mtx_grp_attr);
239
240 pcbinfo->mtx_attr = lck_attr_alloc_init();
241
242 if ((pcbinfo->mtx = lck_rw_alloc_init(pcbinfo->mtx_grp, pcbinfo->mtx_attr)) == NULL)
243 return; /* pretty much dead if this fails... */
244 #else
245 udbinfo.ipi_zone = zinit("udpcb", sizeof(struct inpcb), maxsockets,
246 ZONE_INTERRUPT, 0);
247 #endif
248 }
249
250 void
251 udp_input(m, iphlen)
252 register struct mbuf *m;
253 int iphlen;
254 {
255 register struct ip *ip;
256 register struct udphdr *uh;
257 register struct inpcb *inp;
258 struct mbuf *opts = 0;
259 int len, isbroadcast;
260 struct ip save_ip;
261 struct sockaddr *append_sa;
262 struct inpcbinfo *pcbinfo = &udbinfo;
263 struct sockaddr_in udp_in = {
264 sizeof (udp_in), AF_INET, 0, { 0 }, { 0, 0, 0, 0, 0, 0, 0, 0 }
265 };
266 struct ip_moptions *imo = NULL;
267 int foundmembership = 0, ret = 0;
268 #if INET6
269 struct udp_in6 udp_in6 = {
270 { sizeof (udp_in6.uin6_sin), AF_INET6, 0, 0,
271 IN6ADDR_ANY_INIT, 0 },
272 0
273 };
274 struct udp_ip6 udp_ip6;
275 #endif /* INET6 */
276
277 udpstat.udps_ipackets++;
278
279 KERNEL_DEBUG(DBG_FNC_UDP_INPUT | DBG_FUNC_START, 0,0,0,0,0);
280 if (m->m_pkthdr.csum_flags & CSUM_TCP_SUM16)
281 m->m_pkthdr.csum_flags = 0; /* invalidate hwcksum for UDP */
282
283 /*
284 * Strip IP options, if any; should skip this,
285 * make available to user, and use on returned packets,
286 * but we don't yet have a way to check the checksum
287 * with options still present.
288 */
289 if (iphlen > sizeof (struct ip)) {
290 ip_stripoptions(m, (struct mbuf *)0);
291 iphlen = sizeof(struct ip);
292 }
293
294 /*
295 * Get IP and UDP header together in first mbuf.
296 */
297 ip = mtod(m, struct ip *);
298 if (m->m_len < iphlen + sizeof(struct udphdr)) {
299 if ((m = m_pullup(m, iphlen + sizeof(struct udphdr))) == 0) {
300 udpstat.udps_hdrops++;
301 KERNEL_DEBUG(DBG_FNC_UDP_INPUT | DBG_FUNC_END, 0,0,0,0,0);
302 return;
303 }
304 ip = mtod(m, struct ip *);
305 }
306 uh = (struct udphdr *)((caddr_t)ip + iphlen);
307
308 /* destination port of 0 is illegal, based on RFC768. */
309 if (uh->uh_dport == 0)
310 goto bad;
311
312 KERNEL_DEBUG(DBG_LAYER_IN_BEG, uh->uh_dport, uh->uh_sport,
313 ip->ip_src.s_addr, ip->ip_dst.s_addr, uh->uh_ulen);
314
315 /*
316 * Make mbuf data length reflect UDP length.
317 * If not enough data to reflect UDP length, drop.
318 */
319 len = ntohs((u_short)uh->uh_ulen);
320 if (ip->ip_len != len) {
321 if (len > ip->ip_len || len < sizeof(struct udphdr)) {
322 udpstat.udps_badlen++;
323 goto bad;
324 }
325 m_adj(m, len - ip->ip_len);
326 /* ip->ip_len = len; */
327 }
328 /*
329 * Save a copy of the IP header in case we want restore it
330 * for sending an ICMP error message in response.
331 */
332 save_ip = *ip;
333
334 /*
335 * Checksum extended UDP header and data.
336 */
337 if (uh->uh_sum) {
338 if (m->m_pkthdr.csum_flags & CSUM_DATA_VALID) {
339 if (m->m_pkthdr.csum_flags & CSUM_PSEUDO_HDR)
340 uh->uh_sum = m->m_pkthdr.csum_data;
341 else
342 goto doudpcksum;
343 uh->uh_sum ^= 0xffff;
344 } else {
345 char b[9];
346 doudpcksum:
347 *(uint32_t*)&b[0] = *(uint32_t*)&((struct ipovly *)ip)->ih_x1[0];
348 *(uint32_t*)&b[4] = *(uint32_t*)&((struct ipovly *)ip)->ih_x1[4];
349 *(uint8_t*)&b[8] = *(uint8_t*)&((struct ipovly *)ip)->ih_x1[8];
350
351 bzero(((struct ipovly *)ip)->ih_x1, 9);
352 ((struct ipovly *)ip)->ih_len = uh->uh_ulen;
353 uh->uh_sum = in_cksum(m, len + sizeof (struct ip));
354
355 *(uint32_t*)&((struct ipovly *)ip)->ih_x1[0] = *(uint32_t*)&b[0];
356 *(uint32_t*)&((struct ipovly *)ip)->ih_x1[4] = *(uint32_t*)&b[4];
357 *(uint8_t*)&((struct ipovly *)ip)->ih_x1[8] = *(uint8_t*)&b[8];
358 udp_in_cksum_stats(len);
359 }
360 if (uh->uh_sum) {
361 udpstat.udps_badsum++;
362 m_freem(m);
363 KERNEL_DEBUG(DBG_FNC_UDP_INPUT | DBG_FUNC_END, 0,0,0,0,0);
364 return;
365 }
366 }
367 #ifndef __APPLE__
368 else
369 udpstat.udps_nosum++;
370 #endif
371
372 isbroadcast = in_broadcast(ip->ip_dst, m->m_pkthdr.rcvif);
373
374 if (IN_MULTICAST(ntohl(ip->ip_dst.s_addr)) || isbroadcast) {
375
376 int reuse_sock = 0, mcast_delivered = 0;
377
378 lck_rw_lock_shared(pcbinfo->mtx);
379 /*
380 * Deliver a multicast or broadcast datagram to *all* sockets
381 * for which the local and remote addresses and ports match
382 * those of the incoming datagram. This allows more than
383 * one process to receive multi/broadcasts on the same port.
384 * (This really ought to be done for unicast datagrams as
385 * well, but that would cause problems with existing
386 * applications that open both address-specific sockets and
387 * a wildcard socket listening to the same port -- they would
388 * end up receiving duplicates of every unicast datagram.
389 * Those applications open the multiple sockets to overcome an
390 * inadequacy of the UDP socket interface, but for backwards
391 * compatibility we avoid the problem here rather than
392 * fixing the interface. Maybe 4.5BSD will remedy this?)
393 */
394
395
396 /*
397 * Construct sockaddr format source address.
398 */
399 udp_in.sin_port = uh->uh_sport;
400 udp_in.sin_addr = ip->ip_src;
401 /*
402 * Locate pcb(s) for datagram.
403 * (Algorithm copied from raw_intr().)
404 */
405 #if INET6
406 udp_in6.uin6_init_done = udp_ip6.uip6_init_done = 0;
407 #endif
408 LIST_FOREACH(inp, &udb, inp_list) {
409 if (inp->inp_socket == NULL)
410 continue;
411 if (inp != sotoinpcb(inp->inp_socket))
412 panic("udp_input: bad so back ptr inp=%p\n", inp);
413 #if INET6
414 if ((inp->inp_vflag & INP_IPV4) == 0)
415 continue;
416 #endif
417 if ((inp->inp_moptions == NULL) &&
418 (ntohl(ip->ip_dst.s_addr) != INADDR_ALLHOSTS_GROUP) &&
419 (isbroadcast == 0) )
420 continue;
421
422
423 if (in_pcb_checkstate(inp, WNT_ACQUIRE, 0) == WNT_STOPUSING) {
424 continue;
425 }
426
427 udp_lock(inp->inp_socket, 1, 0);
428
429 if (in_pcb_checkstate(inp, WNT_RELEASE, 1) == WNT_STOPUSING) {
430 udp_unlock(inp->inp_socket, 1, 0);
431 continue;
432 }
433
434 if (inp->inp_lport != uh->uh_dport) {
435 udp_unlock(inp->inp_socket, 1, 0);
436 continue;
437 }
438 if (inp->inp_laddr.s_addr != INADDR_ANY) {
439 if (inp->inp_laddr.s_addr !=
440 ip->ip_dst.s_addr) {
441 udp_unlock(inp->inp_socket, 1, 0);
442 continue;
443 }
444 }
445 if (inp->inp_faddr.s_addr != INADDR_ANY) {
446 if (inp->inp_faddr.s_addr !=
447 ip->ip_src.s_addr ||
448 inp->inp_fport != uh->uh_sport) {
449 udp_unlock(inp->inp_socket, 1, 0);
450 continue;
451 }
452 }
453
454 if (isbroadcast == 0 && (ntohl(ip->ip_dst.s_addr) != INADDR_ALLHOSTS_GROUP)) {
455 if((imo = inp->inp_moptions) == NULL) {
456 udp_unlock(inp->inp_socket, 1, 0);
457 continue;
458 } else {
459 struct sockaddr_in group;
460 int blocked;
461
462 IMO_LOCK(imo);
463
464 bzero(&group, sizeof(struct sockaddr_in));
465 group.sin_len = sizeof(struct sockaddr_in);
466 group.sin_family = AF_INET;
467 group.sin_addr = ip->ip_dst;
468
469 blocked = imo_multi_filter(imo, m->m_pkthdr.rcvif,
470 (struct sockaddr *)&group,
471 (struct sockaddr *)&udp_in);
472 if (blocked == MCAST_PASS)
473 foundmembership = 1;
474
475 IMO_UNLOCK(imo);
476 if (!foundmembership) {
477 udp_unlock(inp->inp_socket, 1, 0);
478 continue;
479 }
480 foundmembership = 0;
481 }
482 }
483 reuse_sock = inp->inp_socket->so_options& (SO_REUSEPORT|SO_REUSEADDR);
484 {
485 #if IPSEC
486 int skipit = 0;
487 /* check AH/ESP integrity. */
488 if (ipsec_bypass == 0) {
489 if (ipsec4_in_reject_so(m, inp->inp_socket)) {
490 IPSEC_STAT_INCREMENT(ipsecstat.in_polvio);
491 /* do not inject data to pcb */
492 skipit = 1;
493 }
494 }
495 if (skipit == 0)
496 #endif /*IPSEC*/
497 {
498 struct mbuf *n = NULL;
499
500 if (reuse_sock)
501 n = m_copy(m, 0, M_COPYALL);
502 #if INET6
503 udp_append(inp, ip, m,
504 iphlen + sizeof(struct udphdr),
505 &udp_in, &udp_in6, &udp_ip6);
506 #else
507 udp_append(inp, ip, m,
508 iphlen + sizeof(struct udphdr),
509 &udp_in);
510 #endif /* INET6 */
511 mcast_delivered++;
512
513 m = n;
514 }
515 udp_unlock(inp->inp_socket, 1, 0);
516 }
517 /*
518 * Don't look for additional matches if this one does
519 * not have either the SO_REUSEPORT or SO_REUSEADDR
520 * socket options set. This heuristic avoids searching
521 * through all pcbs in the common case of a non-shared
522 * port. It assumes that an application will never
523 * clear these options after setting them.
524 */
525 if (reuse_sock == 0 || m == NULL)
526 break;
527 /*
528 * Recompute IP and UDP header pointers for new mbuf
529 */
530 ip = mtod(m, struct ip *);
531 uh = (struct udphdr *)((caddr_t)ip + iphlen);
532 }
533 lck_rw_done(pcbinfo->mtx);
534
535 if (mcast_delivered == 0) {
536 /*
537 * No matching pcb found; discard datagram.
538 * (No need to send an ICMP Port Unreachable
539 * for a broadcast or multicast datgram.)
540 */
541 udpstat.udps_noportbcast++;
542 goto bad;
543 }
544
545 if (m != NULL) /* free the extra copy of mbuf or skipped by IPSec */
546 m_freem(m);
547 KERNEL_DEBUG(DBG_FNC_UDP_INPUT | DBG_FUNC_END, 0,0,0,0,0);
548 return;
549 }
550
551 #if IPSEC
552 /*
553 * UDP to port 4500 with a payload where the first four bytes are
554 * not zero is a UDP encapsulated IPSec packet. Packets where
555 * the payload is one byte and that byte is 0xFF are NAT keepalive
556 * packets. Decapsulate the ESP packet and carry on with IPSec input
557 * or discard the NAT keep-alive.
558 */
559 if (ipsec_bypass == 0 && (esp_udp_encap_port & 0xFFFF) != 0 &&
560 uh->uh_dport == ntohs((u_short)esp_udp_encap_port)) {
561 int payload_len = len - sizeof(struct udphdr) > 4 ? 4 : len - sizeof(struct udphdr);
562 if (m->m_len < iphlen + sizeof(struct udphdr) + payload_len) {
563 if ((m = m_pullup(m, iphlen + sizeof(struct udphdr) + payload_len)) == 0) {
564 udpstat.udps_hdrops++;
565 KERNEL_DEBUG(DBG_FNC_UDP_INPUT | DBG_FUNC_END, 0,0,0,0,0);
566 return;
567 }
568 ip = mtod(m, struct ip *);
569 uh = (struct udphdr *)((caddr_t)ip + iphlen);
570 }
571 /* Check for NAT keepalive packet */
572 if (payload_len == 1 && *(u_int8_t*)((caddr_t)uh + sizeof(struct udphdr)) == 0xFF) {
573 m_freem(m);
574 KERNEL_DEBUG(DBG_FNC_UDP_INPUT | DBG_FUNC_END, 0,0,0,0,0);
575 return;
576 }
577 else if (payload_len == 4 && *(u_int32_t*)((caddr_t)uh + sizeof(struct udphdr)) != 0) {
578 /* UDP encapsulated IPSec packet to pass through NAT */
579 KERNEL_DEBUG(DBG_FNC_UDP_INPUT | DBG_FUNC_END, 0,0,0,0,0);
580 /* preserve the udp header */
581 esp4_input(m, iphlen + sizeof(struct udphdr));
582 return;
583 }
584 }
585 #endif
586
587 /*
588 * Locate pcb for datagram.
589 */
590 inp = in_pcblookup_hash(&udbinfo, ip->ip_src, uh->uh_sport,
591 ip->ip_dst, uh->uh_dport, 1, m->m_pkthdr.rcvif);
592 if (inp == NULL) {
593 if (log_in_vain) {
594 char buf[MAX_IPv4_STR_LEN];
595 char buf2[MAX_IPv4_STR_LEN];
596
597 /* check src and dst address */
598 if (log_in_vain != 3)
599 log(LOG_INFO,
600 "Connection attempt to UDP %s:%d from %s:%d\n",
601 inet_ntop(AF_INET, &ip->ip_dst, buf, sizeof(buf)),
602 ntohs(uh->uh_dport),
603 inet_ntop(AF_INET, &ip->ip_src, buf2, sizeof(buf2)),
604 ntohs(uh->uh_sport));
605 else if (!(m->m_flags & (M_BCAST | M_MCAST)) &&
606 ip->ip_dst.s_addr != ip->ip_src.s_addr)
607 log_in_vain_log((LOG_INFO,
608 "Stealth Mode connection attempt to UDP %s:%d from %s:%d\n",
609 inet_ntop(AF_INET, &ip->ip_dst, buf, sizeof(buf)),
610 ntohs(uh->uh_dport),
611 inet_ntop(AF_INET, &ip->ip_src, buf2, sizeof(buf2)),
612 ntohs(uh->uh_sport)))
613 }
614 udpstat.udps_noport++;
615 if (m->m_flags & (M_BCAST | M_MCAST)) {
616 udpstat.udps_noportbcast++;
617 goto bad;
618 }
619 #if ICMP_BANDLIM
620 if (badport_bandlim(BANDLIM_ICMP_UNREACH) < 0)
621 goto bad;
622 #endif
623 if (blackhole)
624 if (m->m_pkthdr.rcvif && m->m_pkthdr.rcvif->if_type != IFT_LOOP)
625 goto bad;
626 *ip = save_ip;
627 ip->ip_len += iphlen;
628 icmp_error(m, ICMP_UNREACH, ICMP_UNREACH_PORT, 0, 0);
629 KERNEL_DEBUG(DBG_FNC_UDP_INPUT | DBG_FUNC_END, 0,0,0,0,0);
630 return;
631 }
632 udp_lock(inp->inp_socket, 1, 0);
633
634 if (in_pcb_checkstate(inp, WNT_RELEASE, 1) == WNT_STOPUSING) {
635 udp_unlock(inp->inp_socket, 1, 0);
636 goto bad;
637 }
638 #if IPSEC
639 if (ipsec_bypass == 0 && inp != NULL) {
640 if (ipsec4_in_reject_so(m, inp->inp_socket)) {
641 IPSEC_STAT_INCREMENT(ipsecstat.in_polvio);
642 udp_unlock(inp->inp_socket, 1, 0);
643 goto bad;
644 }
645 }
646 #endif /*IPSEC*/
647
648 /*
649 * Construct sockaddr format source address.
650 * Stuff source address and datagram in user buffer.
651 */
652 udp_in.sin_port = uh->uh_sport;
653 udp_in.sin_addr = ip->ip_src;
654 if ((inp->inp_flags & INP_CONTROLOPTS) != 0
655 || (inp->inp_socket->so_options & SO_TIMESTAMP) != 0
656 || (inp->inp_socket->so_options & SO_TIMESTAMP_MONOTONIC) != 0) {
657 #if INET6
658 if (inp->inp_vflag & INP_IPV6) {
659 int savedflags;
660
661 ip_2_ip6_hdr(&udp_ip6.uip6_ip6, ip);
662 savedflags = inp->inp_flags;
663 inp->inp_flags &= ~INP_UNMAPPABLEOPTS;
664 ret = ip6_savecontrol(inp, m, &opts);
665 inp->inp_flags = savedflags;
666 } else
667 #endif
668 {
669 ret = ip_savecontrol(inp, &opts, ip, m);
670 }
671 if (ret != 0) {
672 udp_unlock(inp->inp_socket, 1, 0);
673 goto bad;
674 }
675 }
676 m_adj(m, iphlen + sizeof(struct udphdr));
677
678 KERNEL_DEBUG(DBG_LAYER_IN_END, uh->uh_dport, uh->uh_sport,
679 save_ip.ip_src.s_addr, save_ip.ip_dst.s_addr, uh->uh_ulen);
680
681 #if INET6
682 if (inp->inp_vflag & INP_IPV6) {
683 in6_sin_2_v4mapsin6(&udp_in, &udp_in6.uin6_sin);
684 append_sa = (struct sockaddr *)&udp_in6.uin6_sin;
685 } else
686 #endif
687 append_sa = (struct sockaddr *)&udp_in;
688 if (nstat_collect) {
689 locked_add_64(&inp->inp_stat->rxpackets, 1);
690 locked_add_64(&inp->inp_stat->rxbytes, m->m_pkthdr.len);
691 }
692 so_recv_data_stat(inp->inp_socket, m, 0);
693 if (sbappendaddr(&inp->inp_socket->so_rcv, append_sa, m, opts, NULL) == 0) {
694 udpstat.udps_fullsock++;
695 } else {
696 sorwakeup(inp->inp_socket);
697 }
698 udp_unlock(inp->inp_socket, 1, 0);
699 KERNEL_DEBUG(DBG_FNC_UDP_INPUT | DBG_FUNC_END, 0,0,0,0,0);
700 return;
701 bad:
702 m_freem(m);
703 if (opts)
704 m_freem(opts);
705 KERNEL_DEBUG(DBG_FNC_UDP_INPUT | DBG_FUNC_END, 0,0,0,0,0);
706 return;
707 }
708
709 #if INET6
710 static void
711 ip_2_ip6_hdr(ip6, ip)
712 struct ip6_hdr *ip6;
713 struct ip *ip;
714 {
715 bzero(ip6, sizeof(*ip6));
716
717 ip6->ip6_vfc = IPV6_VERSION;
718 ip6->ip6_plen = ip->ip_len;
719 ip6->ip6_nxt = ip->ip_p;
720 ip6->ip6_hlim = ip->ip_ttl;
721 ip6->ip6_src.s6_addr32[2] = ip6->ip6_dst.s6_addr32[2] =
722 IPV6_ADDR_INT32_SMP;
723 ip6->ip6_src.s6_addr32[3] = ip->ip_src.s_addr;
724 ip6->ip6_dst.s6_addr32[3] = ip->ip_dst.s_addr;
725 }
726 #endif
727
728 /*
729 * subroutine of udp_input(), mainly for source code readability.
730 */
731 static void
732 #if INET6
733 udp_append(struct inpcb *last, struct ip *ip, struct mbuf *n, int off,
734 struct sockaddr_in *pudp_in, struct udp_in6 *pudp_in6,
735 struct udp_ip6 *pudp_ip6)
736 #else
737 udp_append(struct inpcb *last, struct ip *ip, struct mbuf *n, int off,
738 struct sockaddr_in *pudp_in)
739 #endif
740 {
741 struct sockaddr *append_sa;
742 struct mbuf *opts = 0;
743 int ret = 0;
744
745 #if CONFIG_MACF_NET
746 if (mac_inpcb_check_deliver(last, n, AF_INET, SOCK_DGRAM) != 0) {
747 m_freem(n);
748 return;
749 }
750 #endif
751 if ((last->inp_flags & INP_CONTROLOPTS) != 0 ||
752 (last->inp_socket->so_options & SO_TIMESTAMP) != 0 ||
753 (last->inp_socket->so_options & SO_TIMESTAMP_MONOTONIC) != 0) {
754 #if INET6
755 if (last->inp_vflag & INP_IPV6) {
756 int savedflags;
757
758 if (pudp_ip6->uip6_init_done == 0) {
759 ip_2_ip6_hdr(&pudp_ip6->uip6_ip6, ip);
760 pudp_ip6->uip6_init_done = 1;
761 }
762 savedflags = last->inp_flags;
763 last->inp_flags &= ~INP_UNMAPPABLEOPTS;
764 ret = ip6_savecontrol(last, n, &opts);
765 if (ret != 0) {
766 last->inp_flags = savedflags;
767 goto error;
768 }
769 last->inp_flags = savedflags;
770 } else
771 #endif
772 {
773 ret = ip_savecontrol(last, &opts, ip, n);
774 if (ret != 0) {
775 goto error;
776 }
777 }
778 }
779 #if INET6
780 if (last->inp_vflag & INP_IPV6) {
781 if (pudp_in6->uin6_init_done == 0) {
782 in6_sin_2_v4mapsin6(pudp_in, &pudp_in6->uin6_sin);
783 pudp_in6->uin6_init_done = 1;
784 }
785 append_sa = (struct sockaddr *)&pudp_in6->uin6_sin;
786 } else
787 #endif
788 append_sa = (struct sockaddr *)pudp_in;
789 if (nstat_collect) {
790 locked_add_64(&last->inp_stat->rxpackets, 1);
791 locked_add_64(&last->inp_stat->rxbytes, n->m_pkthdr.len);
792 }
793 so_recv_data_stat(last->inp_socket, n, 0);
794 m_adj(n, off);
795 if (sbappendaddr(&last->inp_socket->so_rcv, append_sa, n, opts, NULL) == 0) {
796 udpstat.udps_fullsock++;
797 } else {
798 sorwakeup(last->inp_socket);
799 }
800 return;
801 error:
802 m_freem(n);
803 m_freem(opts);
804 return;
805 }
806
807 /*
808 * Notify a udp user of an asynchronous error;
809 * just wake up so that he can collect error status.
810 */
811 void
812 udp_notify(inp, errno)
813 register struct inpcb *inp;
814 int errno;
815 {
816 inp->inp_socket->so_error = errno;
817 sorwakeup(inp->inp_socket);
818 sowwakeup(inp->inp_socket);
819 }
820
821 void
822 udp_ctlinput(cmd, sa, vip)
823 int cmd;
824 struct sockaddr *sa;
825 void *vip;
826 {
827 struct ip *ip = vip;
828 struct udphdr *uh;
829 void (*notify)(struct inpcb *, int) = udp_notify;
830 struct in_addr faddr;
831 struct inpcb *inp;
832
833 faddr = ((struct sockaddr_in *)sa)->sin_addr;
834 if (sa->sa_family != AF_INET || faddr.s_addr == INADDR_ANY)
835 return;
836
837 if (PRC_IS_REDIRECT(cmd)) {
838 ip = 0;
839 notify = in_rtchange;
840 } else if (cmd == PRC_HOSTDEAD)
841 ip = 0;
842 else if ((unsigned)cmd >= PRC_NCMDS || inetctlerrmap[cmd] == 0)
843 return;
844 if (ip) {
845 uh = (struct udphdr *)((caddr_t)ip + (ip->ip_hl << 2));
846 inp = in_pcblookup_hash(&udbinfo, faddr, uh->uh_dport,
847 ip->ip_src, uh->uh_sport, 0, NULL);
848 if (inp != NULL && inp->inp_socket != NULL) {
849 udp_lock(inp->inp_socket, 1, 0);
850 if (in_pcb_checkstate(inp, WNT_RELEASE, 1) == WNT_STOPUSING) {
851 udp_unlock(inp->inp_socket, 1, 0);
852 return;
853 }
854 (*notify)(inp, inetctlerrmap[cmd]);
855 udp_unlock(inp->inp_socket, 1, 0);
856 }
857 } else
858 in_pcbnotifyall(&udbinfo, faddr, inetctlerrmap[cmd], notify);
859 }
860
861 int
862 udp_ctloutput(struct socket *so, struct sockopt *sopt)
863 {
864 int error, optval;
865 struct inpcb *inp;
866
867 if (sopt->sopt_level != IPPROTO_UDP)
868 return (ip_ctloutput(so, sopt));
869
870 error = 0;
871 inp = sotoinpcb(so);
872
873 switch (sopt->sopt_dir) {
874 case SOPT_SET:
875 switch (sopt->sopt_name) {
876 case UDP_NOCKSUM:
877 /* This option is settable only for UDP over IPv4 */
878 if (!(inp->inp_vflag & INP_IPV4)) {
879 error = EINVAL;
880 break;
881 }
882
883 if ((error = sooptcopyin(sopt, &optval, sizeof (optval),
884 sizeof (optval))) != 0)
885 break;
886
887 if (optval != 0)
888 inp->inp_flags |= INP_UDP_NOCKSUM;
889 else
890 inp->inp_flags &= ~INP_UDP_NOCKSUM;
891 break;
892
893 default:
894 error = ENOPROTOOPT;
895 break;
896 }
897 break;
898
899 case SOPT_GET:
900 switch (sopt->sopt_name) {
901 case UDP_NOCKSUM:
902 optval = inp->inp_flags & INP_UDP_NOCKSUM;
903 break;
904
905 default:
906 error = ENOPROTOOPT;
907 break;
908 }
909 if (error == 0)
910 error = sooptcopyout(sopt, &optval, sizeof (optval));
911 break;
912 }
913 return (error);
914 }
915
916 static int
917 udp_pcblist SYSCTL_HANDLER_ARGS
918 {
919 #pragma unused(oidp, arg1, arg2)
920 int error, i, n;
921 struct inpcb *inp, **inp_list;
922 inp_gen_t gencnt;
923 struct xinpgen xig;
924
925 /*
926 * The process of preparing the TCB list is too time-consuming and
927 * resource-intensive to repeat twice on every request.
928 */
929 lck_rw_lock_exclusive(udbinfo.mtx);
930 if (req->oldptr == USER_ADDR_NULL) {
931 n = udbinfo.ipi_count;
932 req->oldidx = 2 * (sizeof xig)
933 + (n + n/8) * sizeof(struct xinpcb);
934 lck_rw_done(udbinfo.mtx);
935 return 0;
936 }
937
938 if (req->newptr != USER_ADDR_NULL) {
939 lck_rw_done(udbinfo.mtx);
940 return EPERM;
941 }
942
943 /*
944 * OK, now we're committed to doing something.
945 */
946 gencnt = udbinfo.ipi_gencnt;
947 n = udbinfo.ipi_count;
948
949 bzero(&xig, sizeof(xig));
950 xig.xig_len = sizeof xig;
951 xig.xig_count = n;
952 xig.xig_gen = gencnt;
953 xig.xig_sogen = so_gencnt;
954 error = SYSCTL_OUT(req, &xig, sizeof xig);
955 if (error) {
956 lck_rw_done(udbinfo.mtx);
957 return error;
958 }
959 /*
960 * We are done if there is no pcb
961 */
962 if (n == 0) {
963 lck_rw_done(udbinfo.mtx);
964 return 0;
965 }
966
967 inp_list = _MALLOC(n * sizeof *inp_list, M_TEMP, M_WAITOK);
968 if (inp_list == 0) {
969 lck_rw_done(udbinfo.mtx);
970 return ENOMEM;
971 }
972
973 for (inp = LIST_FIRST(udbinfo.listhead), i = 0; inp && i < n;
974 inp = LIST_NEXT(inp, inp_list)) {
975 if (inp->inp_gencnt <= gencnt && inp->inp_state != INPCB_STATE_DEAD)
976 inp_list[i++] = inp;
977 }
978 n = i;
979
980 error = 0;
981 for (i = 0; i < n; i++) {
982 inp = inp_list[i];
983 if (inp->inp_gencnt <= gencnt && inp->inp_state != INPCB_STATE_DEAD) {
984 struct xinpcb xi;
985
986 bzero(&xi, sizeof(xi));
987 xi.xi_len = sizeof xi;
988 /* XXX should avoid extra copy */
989 inpcb_to_compat(inp, &xi.xi_inp);
990 if (inp->inp_socket)
991 sotoxsocket(inp->inp_socket, &xi.xi_socket);
992 error = SYSCTL_OUT(req, &xi, sizeof xi);
993 }
994 }
995 if (!error) {
996 /*
997 * Give the user an updated idea of our state.
998 * If the generation differs from what we told
999 * her before, she knows that something happened
1000 * while we were processing this request, and it
1001 * might be necessary to retry.
1002 */
1003 bzero(&xig, sizeof(xig));
1004 xig.xig_len = sizeof xig;
1005 xig.xig_gen = udbinfo.ipi_gencnt;
1006 xig.xig_sogen = so_gencnt;
1007 xig.xig_count = udbinfo.ipi_count;
1008 error = SYSCTL_OUT(req, &xig, sizeof xig);
1009 }
1010 FREE(inp_list, M_TEMP);
1011 lck_rw_done(udbinfo.mtx);
1012 return error;
1013 }
1014
1015 SYSCTL_PROC(_net_inet_udp, UDPCTL_PCBLIST, pcblist, CTLFLAG_RD | CTLFLAG_LOCKED, 0, 0,
1016 udp_pcblist, "S,xinpcb", "List of active UDP sockets");
1017
1018 #if !CONFIG_EMBEDDED
1019
1020 static int
1021 udp_pcblist64 SYSCTL_HANDLER_ARGS
1022 {
1023 #pragma unused(oidp, arg1, arg2)
1024 int error, i, n;
1025 struct inpcb *inp, **inp_list;
1026 inp_gen_t gencnt;
1027 struct xinpgen xig;
1028
1029 /*
1030 * The process of preparing the TCB list is too time-consuming and
1031 * resource-intensive to repeat twice on every request.
1032 */
1033 lck_rw_lock_shared(udbinfo.mtx);
1034 if (req->oldptr == USER_ADDR_NULL) {
1035 n = udbinfo.ipi_count;
1036 req->oldidx = 2 * (sizeof xig)
1037 + (n + n/8) * sizeof(struct xinpcb64);
1038 lck_rw_done(udbinfo.mtx);
1039 return 0;
1040 }
1041
1042 if (req->newptr != USER_ADDR_NULL) {
1043 lck_rw_done(udbinfo.mtx);
1044 return EPERM;
1045 }
1046
1047 /*
1048 * OK, now we're committed to doing something.
1049 */
1050 gencnt = udbinfo.ipi_gencnt;
1051 n = udbinfo.ipi_count;
1052
1053 bzero(&xig, sizeof(xig));
1054 xig.xig_len = sizeof xig;
1055 xig.xig_count = n;
1056 xig.xig_gen = gencnt;
1057 xig.xig_sogen = so_gencnt;
1058 error = SYSCTL_OUT(req, &xig, sizeof xig);
1059 if (error) {
1060 lck_rw_done(udbinfo.mtx);
1061 return error;
1062 }
1063 /*
1064 * We are done if there is no pcb
1065 */
1066 if (n == 0) {
1067 lck_rw_done(udbinfo.mtx);
1068 return 0;
1069 }
1070
1071 inp_list = _MALLOC(n * sizeof *inp_list, M_TEMP, M_WAITOK);
1072 if (inp_list == 0) {
1073 lck_rw_done(udbinfo.mtx);
1074 return ENOMEM;
1075 }
1076
1077 for (inp = LIST_FIRST(udbinfo.listhead), i = 0; inp && i < n;
1078 inp = LIST_NEXT(inp, inp_list)) {
1079 if (inp->inp_gencnt <= gencnt && inp->inp_state != INPCB_STATE_DEAD)
1080 inp_list[i++] = inp;
1081 }
1082 n = i;
1083
1084 error = 0;
1085 for (i = 0; i < n; i++) {
1086 inp = inp_list[i];
1087 if (inp->inp_gencnt <= gencnt && inp->inp_state != INPCB_STATE_DEAD) {
1088 struct xinpcb64 xi;
1089
1090 bzero(&xi, sizeof(xi));
1091 xi.xi_len = sizeof xi;
1092 inpcb_to_xinpcb64(inp, &xi);
1093 if (inp->inp_socket)
1094 sotoxsocket64(inp->inp_socket, &xi.xi_socket);
1095 error = SYSCTL_OUT(req, &xi, sizeof xi);
1096 }
1097 }
1098 if (!error) {
1099 /*
1100 * Give the user an updated idea of our state.
1101 * If the generation differs from what we told
1102 * her before, she knows that something happened
1103 * while we were processing this request, and it
1104 * might be necessary to retry.
1105 */
1106 bzero(&xig, sizeof(xig));
1107 xig.xig_len = sizeof xig;
1108 xig.xig_gen = udbinfo.ipi_gencnt;
1109 xig.xig_sogen = so_gencnt;
1110 xig.xig_count = udbinfo.ipi_count;
1111 error = SYSCTL_OUT(req, &xig, sizeof xig);
1112 }
1113 FREE(inp_list, M_TEMP);
1114 lck_rw_done(udbinfo.mtx);
1115 return error;
1116 }
1117
1118 SYSCTL_PROC(_net_inet_udp, OID_AUTO, pcblist64, CTLFLAG_RD | CTLFLAG_LOCKED, 0, 0,
1119 udp_pcblist64, "S,xinpcb64", "List of active UDP sockets");
1120
1121 #endif /* !CONFIG_EMBEDDED */
1122
1123 static int
1124 udp_pcblist_n SYSCTL_HANDLER_ARGS
1125 {
1126 #pragma unused(oidp, arg1, arg2)
1127 int error = 0;
1128
1129 error = get_pcblist_n(IPPROTO_UDP, req, &udbinfo);
1130
1131 return error;
1132 }
1133
1134
1135 SYSCTL_PROC(_net_inet_udp, OID_AUTO, pcblist_n, CTLFLAG_RD | CTLFLAG_LOCKED, 0, 0,
1136 udp_pcblist_n, "S,xinpcb_n", "List of active UDP sockets");
1137
1138
1139 static __inline__ u_int16_t
1140 get_socket_id(struct socket * s)
1141 {
1142 u_int16_t val;
1143
1144 if (s == NULL) {
1145 return (0);
1146 }
1147 val = (u_int16_t)(((uintptr_t)s) / sizeof(struct socket));
1148 if (val == 0) {
1149 val = 0xffff;
1150 }
1151 return (val);
1152 }
1153
1154 static int
1155 udp_check_pktinfo(struct mbuf *control, unsigned int *ifindex, struct in_addr *laddr)
1156 {
1157 struct cmsghdr *cm = 0;
1158 struct in_pktinfo *pktinfo;
1159 struct ifnet *ifp;
1160
1161 /*
1162 * XXX: Currently, we assume all the optional information is stored
1163 * in a single mbuf.
1164 */
1165 if (control->m_next)
1166 return (EINVAL);
1167
1168 if (control->m_len < CMSG_LEN(0))
1169 return (EINVAL);
1170
1171 for (cm = M_FIRST_CMSGHDR(control); cm; cm = M_NXT_CMSGHDR(control, cm)) {
1172 if (cm->cmsg_len < sizeof(struct cmsghdr) || cm->cmsg_len > control->m_len)
1173 return (EINVAL);
1174
1175 if (cm->cmsg_level != IPPROTO_IP || cm->cmsg_type != IP_PKTINFO)
1176 continue;
1177
1178 if (cm->cmsg_len != CMSG_LEN(sizeof(struct in_pktinfo)))
1179 return (EINVAL);
1180
1181 pktinfo = (struct in_pktinfo *)CMSG_DATA(cm);
1182
1183 /* Check for a valid ifindex in pktinfo */
1184 ifnet_head_lock_shared();
1185
1186 if (pktinfo->ipi_ifindex > if_index) {
1187 ifnet_head_done();
1188 return (ENXIO);
1189 }
1190
1191 /* If ipi_ifindex is specified it takes precedence over ipi_spec_dst */
1192
1193 if (pktinfo->ipi_ifindex) {
1194 ifp = ifindex2ifnet[pktinfo->ipi_ifindex];
1195 if (ifp == NULL) {
1196 ifnet_head_done();
1197 return (ENXIO);
1198 }
1199
1200 ifnet_head_done();
1201
1202 *ifindex = pktinfo->ipi_ifindex;
1203 laddr->s_addr = INADDR_ANY;
1204 break;
1205 }
1206
1207 ifnet_head_done();
1208
1209 /* Use the provided ipi_spec_dst address for temp source address */
1210 *ifindex = 0;
1211 *laddr = pktinfo->ipi_spec_dst;
1212 break;
1213 }
1214 return (0);
1215 }
1216
1217 static int
1218 udp_output(inp, m, addr, control, p)
1219 register struct inpcb *inp;
1220 struct mbuf *m;
1221 struct sockaddr *addr;
1222 struct mbuf *control;
1223 struct proc *p;
1224 {
1225 register struct udpiphdr *ui;
1226 register int len = m->m_pkthdr.len;
1227 struct sockaddr_in *sin;
1228 struct in_addr origladdr, laddr, faddr, pi_laddr;
1229 u_short lport, fport;
1230 struct sockaddr_in ifaddr;
1231 int error = 0, udp_dodisconnect = 0, pktinfo = 0;
1232 struct socket *so = inp->inp_socket;
1233 int soopts = 0;
1234 struct mbuf *inpopts;
1235 struct ip_moptions *mopts;
1236 struct route ro;
1237 struct ip_out_args ipoa = { IFSCOPE_NONE, 0 };
1238 mbuf_traffic_class_t mtc = MBUF_TC_UNSPEC;
1239 unsigned int origoutif;
1240
1241 pi_laddr.s_addr = INADDR_ANY;
1242
1243 KERNEL_DEBUG(DBG_FNC_UDP_OUTPUT | DBG_FUNC_START, 0,0,0,0,0);
1244
1245 if (control != NULL) {
1246 mtc = mbuf_traffic_class_from_control(control);
1247
1248 error = udp_check_pktinfo(control, &ipoa.ipoa_boundif, &pi_laddr);
1249
1250 m_freem(control);
1251 if (error)
1252 goto release;
1253 pktinfo++;
1254 }
1255
1256 KERNEL_DEBUG(DBG_LAYER_OUT_BEG, inp->inp_fport, inp->inp_lport,
1257 inp->inp_laddr.s_addr, inp->inp_faddr.s_addr,
1258 (htons((u_short)len + sizeof (struct udphdr))));
1259
1260 if (len + sizeof(struct udpiphdr) > IP_MAXPACKET) {
1261 error = EMSGSIZE;
1262 goto release;
1263 }
1264
1265 lck_mtx_assert(&inp->inpcb_mtx, LCK_MTX_ASSERT_OWNED);
1266
1267 /*
1268 * If socket was bound to an ifindex, tell ip_output about it.
1269 * If the ancillary IP_PKTINFO option contains an interface index,
1270 * it takes precedence over the one specified by IP_BOUND_IF.
1271 */
1272 if (ipoa.ipoa_boundif == IFSCOPE_NONE && (inp->inp_flags & INP_BOUND_IF))
1273 ipoa.ipoa_boundif = inp->inp_boundif;
1274 ipoa.ipoa_nocell = (inp->inp_flags & INP_NO_IFT_CELLULAR) ? 1 : 0;
1275 soopts |= IP_OUTARGS;
1276
1277 /* If there was a routing change, discard cached route and check
1278 * that we have a valid source address.
1279 * Reacquire a new source address if INADDR_ANY was specified
1280 */
1281 if (inp->inp_route.ro_rt != NULL &&
1282 inp->inp_route.ro_rt->generation_id != route_generation) {
1283 struct in_ifaddr *ia;
1284
1285 /* src address is gone? */
1286 if ((ia = ifa_foraddr(inp->inp_laddr.s_addr)) == NULL) {
1287 if (((inp->inp_flags & INP_INADDR_ANY) == 0) || (so->so_state & SS_ISCONNECTED)) {
1288 /* Rdar://5448998
1289 * If the source address is gone, return an error if:
1290 * - the source was specified
1291 * - the socket was already connected
1292 */
1293 error = EADDRNOTAVAIL;
1294 goto release;
1295 } else {
1296 /* new src will be set later */
1297 inp->inp_laddr.s_addr = INADDR_ANY;
1298 inp->inp_last_outif = 0;
1299 }
1300 }
1301 if (ia != NULL)
1302 IFA_REMREF(&ia->ia_ifa);
1303 if (inp->inp_route.ro_rt != NULL)
1304 rtfree(inp->inp_route.ro_rt);
1305 inp->inp_route.ro_rt = NULL;
1306 }
1307
1308 origoutif = inp->inp_last_outif;
1309
1310 /* IP_PKTINFO option check.
1311 * If a temporary scope or src address is provided, use it for this packet only
1312 * and make sure we forget it after sending this datagram.
1313 */
1314
1315 if (pi_laddr.s_addr != INADDR_ANY ||
1316 (ipoa.ipoa_boundif != IFSCOPE_NONE && pktinfo)) {
1317 laddr = pi_laddr; /* temp src address for this datagram only */
1318 origladdr.s_addr = INADDR_ANY;
1319 udp_dodisconnect = 1; /* we don't want to keep the laddr or route */
1320 inp->inp_flags |= INP_INADDR_ANY; /* remember we don't care about src addr.*/
1321 } else {
1322 origladdr = laddr = inp->inp_laddr;
1323 }
1324
1325 origoutif = inp->inp_last_outif;
1326 faddr = inp->inp_faddr;
1327 lport = inp->inp_lport;
1328 fport = inp->inp_fport;
1329
1330 if (addr) {
1331 sin = (struct sockaddr_in *)addr;
1332 if (faddr.s_addr != INADDR_ANY) {
1333 error = EISCONN;
1334 goto release;
1335 }
1336 if (lport == 0) {
1337 /*
1338 * In case we don't have a local port set, go through the full connect.
1339 * We don't have a local port yet (ie, we can't be looked up),
1340 * so it's not an issue if the input runs at the same time we do this.
1341 */
1342
1343 if (pi_laddr.s_addr != INADDR_ANY) /* if we have a source address specified, use that */
1344 inp->inp_laddr = pi_laddr;
1345 error = in_pcbconnect(inp, addr, p, &ipoa.ipoa_boundif); /* if a scope is specified, use it */
1346 if (error) {
1347 goto release;
1348 }
1349 laddr = inp->inp_laddr;
1350 lport = inp->inp_lport;
1351 faddr = inp->inp_faddr;
1352 fport = inp->inp_fport;
1353 udp_dodisconnect = 1;
1354 }
1355 else {
1356 /* Fast path case
1357 * we have a full address and a local port.
1358 * use those info to build the packet without changing the pcb
1359 * and interfering with the input path. See 3851370
1360 * Note: if we may have a scope from IP_PKTINFO but the
1361 * priority is always given to the scope provided by INP_BOUND_IF.
1362 */
1363 if (laddr.s_addr == INADDR_ANY) {
1364 if ((error = in_pcbladdr(inp, addr, &ifaddr, &ipoa.ipoa_boundif)) != 0)
1365 goto release;
1366 laddr = ifaddr.sin_addr;
1367 inp->inp_flags |= INP_INADDR_ANY; /* from pcbconnect: remember we don't care about src addr.*/
1368 }
1369
1370 faddr = sin->sin_addr;
1371 fport = sin->sin_port;
1372 }
1373 } else {
1374 if (faddr.s_addr == INADDR_ANY) {
1375 error = ENOTCONN;
1376 goto release;
1377 }
1378 }
1379
1380 #if CONFIG_MACF_NET
1381 mac_mbuf_label_associate_inpcb(inp, m);
1382 #endif
1383
1384 /*
1385 * Calculate data length and get a mbuf
1386 * for UDP and IP headers.
1387 */
1388 M_PREPEND(m, sizeof(struct udpiphdr), M_DONTWAIT);
1389 if (m == 0) {
1390 error = ENOBUFS;
1391 goto abort;
1392 }
1393
1394 /*
1395 * Fill in mbuf with extended UDP header
1396 * and addresses and length put into network format.
1397 */
1398 ui = mtod(m, struct udpiphdr *);
1399 bzero(ui->ui_x1, sizeof(ui->ui_x1)); /* XXX still needed? */
1400 ui->ui_pr = IPPROTO_UDP;
1401 ui->ui_src = laddr;
1402 ui->ui_dst = faddr;
1403 ui->ui_sport = lport;
1404 ui->ui_dport = fport;
1405 ui->ui_ulen = htons((u_short)len + sizeof(struct udphdr));
1406
1407 /*
1408 * Set up checksum and output datagram.
1409 */
1410 if (udpcksum && !(inp->inp_flags & INP_UDP_NOCKSUM)) {
1411 ui->ui_sum = in_pseudo(ui->ui_src.s_addr, ui->ui_dst.s_addr,
1412 htons((u_short)len + sizeof(struct udphdr) + IPPROTO_UDP));
1413 m->m_pkthdr.csum_flags = CSUM_UDP;
1414 m->m_pkthdr.csum_data = offsetof(struct udphdr, uh_sum);
1415 } else {
1416 ui->ui_sum = 0;
1417 }
1418 ((struct ip *)ui)->ip_len = sizeof (struct udpiphdr) + len;
1419 ((struct ip *)ui)->ip_ttl = inp->inp_ip_ttl; /* XXX */
1420 ((struct ip *)ui)->ip_tos = inp->inp_ip_tos; /* XXX */
1421 udpstat.udps_opackets++;
1422
1423 KERNEL_DEBUG(DBG_LAYER_OUT_END, ui->ui_dport, ui->ui_sport,
1424 ui->ui_src.s_addr, ui->ui_dst.s_addr, ui->ui_ulen);
1425
1426 #if IPSEC
1427 if (ipsec_bypass == 0 && ipsec_setsocket(m, inp->inp_socket) != 0) {
1428 error = ENOBUFS;
1429 goto abort;
1430 }
1431 #endif /*IPSEC*/
1432 m->m_pkthdr.socket_id = get_socket_id(inp->inp_socket);
1433
1434 inpopts = inp->inp_options;
1435 soopts |= (inp->inp_socket->so_options & (SO_DONTROUTE | SO_BROADCAST));
1436 mopts = inp->inp_moptions;
1437 if (mopts != NULL)
1438 IMO_ADDREF(mopts);
1439
1440 /* Copy the cached route and take an extra reference */
1441 inp_route_copyout(inp, &ro);
1442
1443 set_packet_tclass(m, so, mtc, 0);
1444
1445 socket_unlock(so, 0);
1446 error = ip_output_list(m, 0, inpopts, &ro, soopts, mopts, &ipoa);
1447 m = NULL;
1448 socket_lock(so, 0);
1449 if (mopts != NULL)
1450 IMO_REMREF(mopts);
1451
1452 if (error == 0 && nstat_collect) {
1453 locked_add_64(&inp->inp_stat->txpackets, 1);
1454 locked_add_64(&inp->inp_stat->txbytes, len);
1455 }
1456 /* Synchronize PCB cached route */
1457 inp_route_copyin(inp, &ro);
1458
1459 abort:
1460 if (udp_dodisconnect) {
1461 /* Always discard the cached route for unconnected socket */
1462 if (inp->inp_route.ro_rt != NULL) {
1463 rtfree(inp->inp_route.ro_rt);
1464 inp->inp_route.ro_rt = NULL;
1465 }
1466 in_pcbdisconnect(inp);
1467 inp->inp_laddr = origladdr; /* XXX rehash? */
1468 inp->inp_last_outif = origoutif;
1469 } else if (inp->inp_route.ro_rt != NULL) {
1470 struct rtentry *rt = inp->inp_route.ro_rt;
1471 unsigned int outif;
1472
1473 if (rt->rt_flags & (RTF_MULTICAST|RTF_BROADCAST))
1474 rt = NULL; /* unusable */
1475 /*
1476 * Always discard if it is a multicast or broadcast route.
1477 */
1478 if (rt == NULL) {
1479 rtfree(inp->inp_route.ro_rt);
1480 inp->inp_route.ro_rt = NULL;
1481 }
1482 /*
1483 * If the destination route is unicast, update outif with
1484 * that of the route interface index used by IP.
1485 */
1486 if (rt != NULL &&
1487 (outif = rt->rt_ifp->if_index) != inp->inp_last_outif)
1488 inp->inp_last_outif = outif;
1489 }
1490
1491 release:
1492 if (m != NULL)
1493 m_freem(m);
1494 KERNEL_DEBUG(DBG_FNC_UDP_OUTPUT | DBG_FUNC_END, error, 0,0,0,0);
1495 return (error);
1496 }
1497
1498 u_int32_t udp_sendspace = 9216; /* really max datagram size */
1499 /* 40 1K datagrams */
1500 u_int32_t udp_recvspace = 40 * (1024 +
1501 #if INET6
1502 sizeof(struct sockaddr_in6)
1503 #else
1504 sizeof(struct sockaddr_in)
1505 #endif
1506 );
1507
1508 /* Check that the values of udp send and recv space do not exceed sb_max */
1509 static int
1510 sysctl_udp_sospace(struct sysctl_oid *oidp, __unused void *arg1,
1511 __unused int arg2, struct sysctl_req *req) {
1512 u_int32_t new_value = 0, *space_p = NULL;
1513 int changed = 0, error = 0;
1514 u_quad_t sb_effective_max = (sb_max/ (MSIZE+MCLBYTES)) * MCLBYTES;
1515
1516 switch (oidp->oid_number) {
1517 case UDPCTL_RECVSPACE:
1518 space_p = &udp_recvspace;
1519 break;
1520 case UDPCTL_MAXDGRAM:
1521 space_p = &udp_sendspace;
1522 break;
1523 default:
1524 return EINVAL;
1525 }
1526 error = sysctl_io_number(req, *space_p, sizeof(u_int32_t),
1527 &new_value, &changed);
1528 if (changed) {
1529 if (new_value > 0 && new_value <= sb_effective_max) {
1530 *space_p = new_value;
1531 } else {
1532 error = ERANGE;
1533 }
1534 }
1535 return error;
1536 }
1537
1538 SYSCTL_PROC(_net_inet_udp, UDPCTL_RECVSPACE, recvspace, CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_LOCKED,
1539 &udp_recvspace, 0, &sysctl_udp_sospace, "IU", "Maximum incoming UDP datagram size");
1540
1541 SYSCTL_PROC(_net_inet_udp, UDPCTL_MAXDGRAM, maxdgram, CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_LOCKED,
1542 &udp_sendspace, 0, &sysctl_udp_sospace, "IU", "Maximum outgoing UDP datagram size");
1543
1544 static int
1545 udp_abort(struct socket *so)
1546 {
1547 struct inpcb *inp;
1548
1549 inp = sotoinpcb(so);
1550 if (inp == 0)
1551 panic("udp_abort: so=%p null inp\n", so); /* ??? possible? panic instead? */
1552 soisdisconnected(so);
1553 in_pcbdetach(inp);
1554 return 0;
1555 }
1556
1557 static int
1558 udp_attach(struct socket *so, __unused int proto, struct proc *p)
1559 {
1560 struct inpcb *inp;
1561 int error;
1562
1563 inp = sotoinpcb(so);
1564 if (inp != 0)
1565 panic ("udp_attach so=%p inp=%p\n", so, inp);
1566
1567 error = in_pcballoc(so, &udbinfo, p);
1568 if (error)
1569 return error;
1570 error = soreserve(so, udp_sendspace, udp_recvspace);
1571 if (error)
1572 return error;
1573 inp = (struct inpcb *)so->so_pcb;
1574 inp->inp_vflag |= INP_IPV4;
1575 inp->inp_ip_ttl = ip_defttl;
1576 nstat_udp_new_pcb(inp);
1577 return 0;
1578 }
1579
1580 static int
1581 udp_bind(struct socket *so, struct sockaddr *nam, struct proc *p)
1582 {
1583 struct inpcb *inp;
1584 int error;
1585
1586 if (nam->sa_family != 0 && nam->sa_family != AF_INET
1587 && nam->sa_family != AF_INET6) {
1588 return EAFNOSUPPORT;
1589 }
1590 inp = sotoinpcb(so);
1591 if (inp == 0)
1592 return EINVAL;
1593 error = in_pcbbind(inp, nam, p);
1594 return error;
1595 }
1596
1597 static int
1598 udp_connect(struct socket *so, struct sockaddr *nam, struct proc *p)
1599 {
1600 struct inpcb *inp;
1601 int error;
1602
1603 inp = sotoinpcb(so);
1604 if (inp == 0)
1605 return EINVAL;
1606 if (inp->inp_faddr.s_addr != INADDR_ANY)
1607 return EISCONN;
1608 error = in_pcbconnect(inp, nam, p, NULL);
1609 if (error == 0)
1610 soisconnected(so);
1611 return error;
1612 }
1613
1614 static int
1615 udp_detach(struct socket *so)
1616 {
1617 struct inpcb *inp;
1618
1619 inp = sotoinpcb(so);
1620 if (inp == 0)
1621 panic("udp_detach: so=%p null inp\n", so); /* ??? possible? panic instead? */
1622 in_pcbdetach(inp);
1623 inp->inp_state = INPCB_STATE_DEAD;
1624 return 0;
1625 }
1626
1627 static int
1628 udp_disconnect(struct socket *so)
1629 {
1630 struct inpcb *inp;
1631
1632 inp = sotoinpcb(so);
1633 if (inp == 0)
1634 return EINVAL;
1635 if (inp->inp_faddr.s_addr == INADDR_ANY)
1636 return ENOTCONN;
1637
1638 in_pcbdisconnect(inp);
1639 inp->inp_laddr.s_addr = INADDR_ANY;
1640 so->so_state &= ~SS_ISCONNECTED; /* XXX */
1641 inp->inp_last_outif = 0;
1642 return 0;
1643 }
1644
1645 static int
1646 udp_send(struct socket *so, __unused int flags, struct mbuf *m, struct sockaddr *addr,
1647 struct mbuf *control, struct proc *p)
1648 {
1649 struct inpcb *inp;
1650
1651 inp = sotoinpcb(so);
1652 if (inp == 0) {
1653 m_freem(m);
1654 return EINVAL;
1655 }
1656
1657 return udp_output(inp, m, addr, control, p);
1658 }
1659
1660 int
1661 udp_shutdown(struct socket *so)
1662 {
1663 struct inpcb *inp;
1664
1665 inp = sotoinpcb(so);
1666 if (inp == 0)
1667 return EINVAL;
1668 socantsendmore(so);
1669 return 0;
1670 }
1671
1672 struct pr_usrreqs udp_usrreqs = {
1673 udp_abort, pru_accept_notsupp, udp_attach, udp_bind, udp_connect,
1674 pru_connect2_notsupp, in_control, udp_detach, udp_disconnect,
1675 pru_listen_notsupp, in_setpeeraddr, pru_rcvd_notsupp,
1676 pru_rcvoob_notsupp, udp_send, pru_sense_null, udp_shutdown,
1677 in_setsockaddr, sosend, soreceive, pru_sopoll_notsupp
1678 };
1679
1680
1681 int
1682 udp_lock(struct socket *so, int refcount, void *debug)
1683 {
1684 void *lr_saved;
1685
1686 if (debug == NULL)
1687 lr_saved = __builtin_return_address(0);
1688 else
1689 lr_saved = debug;
1690
1691 if (so->so_pcb) {
1692 lck_mtx_assert(&((struct inpcb *)so->so_pcb)->inpcb_mtx,
1693 LCK_MTX_ASSERT_NOTOWNED);
1694 lck_mtx_lock(&((struct inpcb *)so->so_pcb)->inpcb_mtx);
1695 } else {
1696 panic("udp_lock: so=%p NO PCB! lr=%p lrh= %s\n",
1697 so, lr_saved, solockhistory_nr(so));
1698 /* NOTREACHED */
1699 }
1700 if (refcount)
1701 so->so_usecount++;
1702
1703 so->lock_lr[so->next_lock_lr] = lr_saved;
1704 so->next_lock_lr = (so->next_lock_lr+1) % SO_LCKDBG_MAX;
1705 return (0);
1706 }
1707
1708 int
1709 udp_unlock(struct socket *so, int refcount, void *debug)
1710 {
1711 void *lr_saved;
1712
1713 if (debug == NULL)
1714 lr_saved = __builtin_return_address(0);
1715 else
1716 lr_saved = debug;
1717
1718 if (refcount)
1719 so->so_usecount--;
1720
1721 if (so->so_pcb == NULL) {
1722 panic("udp_unlock: so=%p NO PCB! lr=%p lrh= %s\n",
1723 so, lr_saved, solockhistory_nr(so));
1724 /* NOTREACHED */
1725 } else {
1726 lck_mtx_assert(&((struct inpcb *)so->so_pcb)->inpcb_mtx,
1727 LCK_MTX_ASSERT_OWNED);
1728 so->unlock_lr[so->next_unlock_lr] = lr_saved;
1729 so->next_unlock_lr = (so->next_unlock_lr+1) % SO_LCKDBG_MAX;
1730 lck_mtx_unlock(&((struct inpcb *)so->so_pcb)->inpcb_mtx);
1731 }
1732
1733
1734 return (0);
1735 }
1736
1737 lck_mtx_t *
1738 udp_getlock(struct socket *so, __unused int locktype)
1739 {
1740 struct inpcb *inp = sotoinpcb(so);
1741
1742
1743 if (so->so_pcb)
1744 return(&inp->inpcb_mtx);
1745 else {
1746 panic("udp_getlock: so=%p NULL so_pcb lrh= %s\n",
1747 so, solockhistory_nr(so));
1748 return (so->so_proto->pr_domain->dom_mtx);
1749 }
1750 }
1751
1752 void
1753 udp_slowtimo()
1754 {
1755 struct inpcb *inp, *inpnxt;
1756 struct socket *so;
1757 struct inpcbinfo *pcbinfo = &udbinfo;
1758
1759 if (lck_rw_try_lock_exclusive(pcbinfo->mtx) == FALSE) {
1760 if (udp_gc_done == TRUE) {
1761 udp_gc_done = FALSE;
1762 return; /* couldn't get the lock, better lock next time */
1763 }
1764 lck_rw_lock_exclusive(pcbinfo->mtx);
1765 }
1766
1767 udp_gc_done = TRUE;
1768
1769 for (inp = udb.lh_first; inp != NULL; inp = inpnxt) {
1770 inpnxt = inp->inp_list.le_next;
1771
1772 if (inp->inp_wantcnt != WNT_STOPUSING)
1773 continue;
1774
1775 so = inp->inp_socket;
1776 if (!lck_mtx_try_lock(&inp->inpcb_mtx)) /* skip if busy, no hurry for cleanup... */
1777 continue;
1778
1779 if (so->so_usecount == 0) {
1780 if (inp->inp_state != INPCB_STATE_DEAD) {
1781 #if INET6
1782 if (INP_CHECK_SOCKAF(so, AF_INET6))
1783 in6_pcbdetach(inp);
1784 else
1785 #endif /* INET6 */
1786 in_pcbdetach(inp);
1787 }
1788 in_pcbdispose(inp);
1789 } else {
1790 lck_mtx_unlock(&inp->inpcb_mtx);
1791 }
1792 }
1793 lck_rw_done(pcbinfo->mtx);
1794 }
1795
1796 int
1797 ChkAddressOK( __uint32_t dstaddr, __uint32_t srcaddr )
1798 {
1799 if ( dstaddr == srcaddr ){
1800 return 0;
1801 }
1802 return 1;
1803 }
1804
1805 void
1806 udp_in_cksum_stats(u_int32_t len)
1807 {
1808 udps_in_sw_cksum++;
1809 udps_in_sw_cksum_bytes += len;
1810 }
1811
1812 void
1813 udp_out_cksum_stats(u_int32_t len)
1814 {
1815 udps_out_sw_cksum++;
1816 udps_out_sw_cksum_bytes += len;
1817 }
mirror of XNU