/*
- * Copyright (c) 2000-2015 Apple Inc. All rights reserved.
+ * Copyright (c) 2000-2019 Apple Inc. All rights reserved.
*
* @APPLE_OSREFERENCE_LICENSE_HEADER_START@
- *
+ *
* This file contains Original Code and/or Modifications of Original Code
* as defined in and that are subject to the Apple Public Source License
* Version 2.0 (the 'License'). You may not use this file except in
* unlawful or unlicensed copies of an Apple operating system, or to
* circumvent, violate, or enable the circumvention or violation of, any
* terms of an Apple operating system software license agreement.
- *
+ *
* Please obtain a copy of the License at
* http://www.opensource.apple.com/apsl/ and read it before using this file.
- *
+ *
* The Original Code and all software distributed under the License are
* distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
* EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
* FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
* Please see the License for the specific language governing rights and
* limitations under the License.
- *
+ *
* @APPLE_OSREFERENCE_LICENSE_HEADER_END@
*/
*
* @(#)udp_var.h 8.1 (Berkeley) 6/10/93
*/
-
-#include <sys/param.h>
#include <sys/kernel.h>
#include <sys/malloc.h>
#include <sys/mbuf.h>
+#include <sys/param.h>
#include <sys/protosw.h>
#include <sys/socket.h>
#include <sys/socketvar.h>
#include <net/if_types.h>
#include <net/ntstat.h>
#include <net/dlil.h>
+#include <net/net_api_stats.h>
#include <netinet/in.h>
#include <netinet/in_systm.h>
#include <netinet6/ipsec.h>
#include <netinet6/ipsec6.h>
#include <netinet6/esp6.h>
+#include <netkey/key.h>
extern int ipsec_bypass;
extern int esp_udp_encap_port;
#endif /* IPSEC */
#include <netinet/flow_divert.h>
#endif /* FLOW_DIVERT */
+#if CONTENT_FILTER
+#include <net/content_filter.h>
+#endif /* CONTENT_FILTER */
+
/*
* UDP protocol inplementation.
* Per RFC 768, August, 1980.
static int udp6_abort(struct socket *);
static int udp6_attach(struct socket *, int, struct proc *);
static int udp6_bind(struct socket *, struct sockaddr *, struct proc *);
-static int udp6_connectx(struct socket *, struct sockaddr_list **,
- struct sockaddr_list **, struct proc *, uint32_t, sae_associd_t,
+static int udp6_connectx(struct socket *, struct sockaddr *,
+ struct sockaddr *, struct proc *, uint32_t, sae_associd_t,
sae_connid_t *, uint32_t, void *, uint32_t, struct uio *, user_ssize_t *);
-static int udp6_detach(struct socket *);
+static int udp6_detach(struct socket *);
static int udp6_disconnect(struct socket *);
static int udp6_disconnectx(struct socket *, sae_associd_t, sae_connid_t);
static int udp6_send(struct socket *, int, struct mbuf *, struct sockaddr *,
struct sockaddr_in6 *, struct mbuf *, int, struct ifnet *);
static int udp6_input_checksum(struct mbuf *, struct udphdr *, int, int);
-#if IPFIREWALL
-extern int fw_verbose;
-extern void ipfwsyslog( int level, const char *format,...);
-extern void ipfw_stealth_stats_incr_udpv6(void);
-
-/* Apple logging, log to ipfw.log */
-#define log_in_vain_log(a) { \
- if ((udp_log_in_vain == 3) && (fw_verbose == 2)) { \
- ipfwsyslog a; \
- } else if ((udp_log_in_vain == 4) && (fw_verbose == 2)) { \
- ipfw_stealth_stats_incr_udpv6(); \
- } else { \
- log a; \
- } \
-}
-#else /* !IPFIREWALL */
-#define log_in_vain_log( a ) { log a; }
-#endif /* !IPFIREWALL */
-
struct pr_usrreqs udp6_usrreqs = {
- .pru_abort = udp6_abort,
- .pru_attach = udp6_attach,
- .pru_bind = udp6_bind,
- .pru_connect = udp6_connect,
- .pru_connectx = udp6_connectx,
- .pru_control = in6_control,
- .pru_detach = udp6_detach,
- .pru_disconnect = udp6_disconnect,
- .pru_disconnectx = udp6_disconnectx,
- .pru_peeraddr = in6_mapped_peeraddr,
- .pru_send = udp6_send,
- .pru_shutdown = udp_shutdown,
- .pru_sockaddr = in6_mapped_sockaddr,
- .pru_sosend = sosend,
- .pru_soreceive = soreceive,
- .pru_soreceive_list = soreceive_list,
+ .pru_abort = udp6_abort,
+ .pru_attach = udp6_attach,
+ .pru_bind = udp6_bind,
+ .pru_connect = udp6_connect,
+ .pru_connectx = udp6_connectx,
+ .pru_control = in6_control,
+ .pru_detach = udp6_detach,
+ .pru_disconnect = udp6_disconnect,
+ .pru_disconnectx = udp6_disconnectx,
+ .pru_peeraddr = in6_mapped_peeraddr,
+ .pru_send = udp6_send,
+ .pru_shutdown = udp_shutdown,
+ .pru_sockaddr = in6_mapped_sockaddr,
+ .pru_sosend = sosend,
+ .pru_soreceive = soreceive,
+ .pru_soreceive_list = soreceive_list,
};
/*
#endif /* CONFIG_MACF_NET */
if ((last->in6p_flags & INP_CONTROLOPTS) != 0 ||
(last->in6p_socket->so_options & SO_TIMESTAMP) != 0 ||
- (last->in6p_socket->so_options & SO_TIMESTAMP_MONOTONIC) != 0) {
+ (last->in6p_socket->so_options & SO_TIMESTAMP_MONOTONIC) != 0 ||
+ (last->in6p_socket->so_options & SO_TIMESTAMP_CONTINUOUS) != 0) {
ret = ip6_savecontrol(last, n, &opts);
if (ret != 0) {
m_freem(n);
if (nstat_collect) {
INP_ADD_STAT(last, cell, wifi, wired, rxpackets, 1);
INP_ADD_STAT(last, cell, wifi, wired, rxbytes, n->m_pkthdr.len);
+ inp_set_activity_bitmap(last);
}
so_recv_data_stat(last->in6p_socket, n, 0);
if (sbappendaddr(&last->in6p_socket->so_rcv,
- (struct sockaddr *)udp_in6, n, opts, NULL) == 0)
+ (struct sockaddr *)udp_in6, n, opts, NULL) == 0) {
udpstat.udps_fullsock++;
- else
+ } else {
sorwakeup(last->in6p_socket);
+ }
}
int
struct inpcbinfo *pcbinfo = &udbinfo;
struct sockaddr_in6 fromsa;
- IP6_EXTHDR_CHECK(m, off, sizeof (struct udphdr), return IPPROTO_DONE);
+ IP6_EXTHDR_CHECK(m, off, sizeof(struct udphdr), return IPPROTO_DONE);
/* Expect 32-bit aligned data pointer on strict-align platforms */
MBUF_STRICT_DATA_ALIGNMENT_CHECK_32(m);
udpstat.udps_ipackets++;
- plen = ntohs(ip6->ip6_plen) - off + sizeof (*ip6);
+ plen = ntohs(ip6->ip6_plen) - off + sizeof(*ip6);
uh = (struct udphdr *)(void *)((caddr_t)ip6 + off);
ulen = ntohs((u_short)uh->uh_ulen);
/*
* Checksum extended UDP header and data.
*/
- if (udp6_input_checksum(m, uh, off, ulen))
+ if (udp6_input_checksum(m, uh, off, ulen)) {
goto bad;
+ }
/*
* Construct sockaddr format source address.
int skipit;
#endif /* IPSEC */
- if ((in6p->inp_vflag & INP_IPV6) == 0)
+ if ((in6p->inp_vflag & INP_IPV6) == 0) {
continue;
+ }
- if (inp_restricted_recv(in6p, ifp))
+ if (inp_restricted_recv(in6p, ifp)) {
continue;
+ }
if (in_pcb_checkstate(in6p, WNT_ACQUIRE, 0) ==
- WNT_STOPUSING)
+ WNT_STOPUSING) {
continue;
+ }
udp_lock(in6p->in6p_socket, 1, 0);
int blocked;
IM6O_LOCK(imo);
- bzero(&mcaddr, sizeof (struct sockaddr_in6));
- mcaddr.sin6_len = sizeof (struct sockaddr_in6);
+ bzero(&mcaddr, sizeof(struct sockaddr_in6));
+ mcaddr.sin6_len = sizeof(struct sockaddr_in6);
mcaddr.sin6_family = AF_INET6;
mcaddr.sin6_addr = ip6->ip6_dst;
blocked = im6o_mc_filter(imo, ifp,
- (struct sockaddr *)&mcaddr,
- (struct sockaddr *)&fromsa);
+ &mcaddr, &fromsa);
IM6O_UNLOCK(imo);
if (blocked != MCAST_PASS) {
udp_unlock(in6p->in6p_socket, 1, 0);
if (blocked == MCAST_NOTSMEMBER ||
- blocked == MCAST_MUTED)
+ blocked == MCAST_MUTED) {
udpstat.udps_filtermcast++;
+ }
continue;
}
}
skipit = 0;
if (!necp_socket_is_allowed_to_send_recv_v6(in6p,
uh->uh_dport, uh->uh_sport, &ip6->ip6_dst,
- &ip6->ip6_src, ifp, NULL, NULL)) {
+ &ip6->ip6_src, ifp, NULL, NULL, NULL)) {
/* do not inject data to pcb */
skipit = 1;
}
* and m_copy() will copy M_PKTHDR
* only if offset is 0.
*/
- if (reuse_sock)
+ if (reuse_sock) {
n = m_copy(m, 0, M_COPYALL);
+ }
udp6_append(in6p, ip6, &udp_in6, m,
- off + sizeof (struct udphdr), ifp);
+ off + sizeof(struct udphdr), ifp);
mcast_delivered++;
m = n;
}
* port. It assumes that an application will never
* clear these options after setting them.
*/
- if (reuse_sock == 0 || m == NULL)
+ if (reuse_sock == 0 || m == NULL) {
break;
+ }
/*
* Expect 32-bit aligned data pointer on strict-align
}
/* free the extra copy of mbuf or skipped by NECP */
- if (m != NULL)
+ if (m != NULL) {
m_freem(m);
- return (IPPROTO_DONE);
+ }
+ return IPPROTO_DONE;
}
#if IPSEC
/*
* UDP to port 4500 with a payload where the first four bytes are
- * not zero is a UDP encapsulated IPSec packet. Packets where
+ * not zero is a UDP encapsulated IPsec packet. Packets where
* the payload is one byte and that byte is 0xFF are NAT keepalive
- * packets. Decapsulate the ESP packet and carry on with IPSec input
+ * packets. Decapsulate the ESP packet and carry on with IPsec input
* or discard the NAT keep-alive.
*/
if (ipsec_bypass == 0 && (esp_udp_encap_port & 0xFFFF) != 0 &&
- uh->uh_dport == ntohs((u_short)esp_udp_encap_port)) {
- int payload_len = ulen - sizeof (struct udphdr) > 4 ? 4 :
- ulen - sizeof (struct udphdr);
-
- if (m->m_len < off + sizeof (struct udphdr) + payload_len) {
- if ((m = m_pullup(m, off + sizeof (struct udphdr) +
- payload_len)) == NULL) {
- udpstat.udps_hdrops++;
+ (uh->uh_dport == ntohs((u_short)esp_udp_encap_port) ||
+ uh->uh_sport == ntohs((u_short)esp_udp_encap_port))) {
+ /*
+ * Check if ESP or keepalive:
+ * 1. If the destination port of the incoming packet is 4500.
+ * 2. If the source port of the incoming packet is 4500,
+ * then check the SADB to match IP address and port.
+ */
+ bool check_esp = true;
+ if (uh->uh_dport != ntohs((u_short)esp_udp_encap_port)) {
+ check_esp = key_checksa_present(AF_INET6, (caddr_t)&ip6->ip6_dst,
+ (caddr_t)&ip6->ip6_src, uh->uh_dport,
+ uh->uh_sport);
+ }
+
+ if (check_esp) {
+ int payload_len = ulen - sizeof(struct udphdr) > 4 ? 4 :
+ ulen - sizeof(struct udphdr);
+
+ if (m->m_len < off + sizeof(struct udphdr) + payload_len) {
+ if ((m = m_pullup(m, off + sizeof(struct udphdr) +
+ payload_len)) == NULL) {
+ udpstat.udps_hdrops++;
+ goto bad;
+ }
+ /*
+ * Expect 32-bit aligned data pointer on strict-align
+ * platforms.
+ */
+ MBUF_STRICT_DATA_ALIGNMENT_CHECK_32(m);
+
+ ip6 = mtod(m, struct ip6_hdr *);
+ uh = (struct udphdr *)(void *)((caddr_t)ip6 + off);
+ }
+ /* Check for NAT keepalive packet */
+ if (payload_len == 1 && *(u_int8_t*)
+ ((caddr_t)uh + sizeof(struct udphdr)) == 0xFF) {
goto bad;
+ } else if (payload_len == 4 && *(u_int32_t*)(void *)
+ ((caddr_t)uh + sizeof(struct udphdr)) != 0) {
+ /* UDP encapsulated IPsec packet to pass through NAT */
+ /* preserve the udp header */
+ *offp = off + sizeof(struct udphdr);
+ return esp6_input(mp, offp, IPPROTO_UDP);
}
- /*
- * Expect 32-bit aligned data pointer on strict-align
- * platforms.
- */
- MBUF_STRICT_DATA_ALIGNMENT_CHECK_32(m);
-
- ip6 = mtod(m, struct ip6_hdr *);
- uh = (struct udphdr *)(void *)((caddr_t)ip6 + off);
- }
- /* Check for NAT keepalive packet */
- if (payload_len == 1 && *(u_int8_t*)
- ((caddr_t)uh + sizeof (struct udphdr)) == 0xFF) {
- goto bad;
- } else if (payload_len == 4 && *(u_int32_t*)(void *)
- ((caddr_t)uh + sizeof (struct udphdr)) != 0) {
- /* UDP encapsulated IPSec packet to pass through NAT */
- /* preserve the udp header */
- *offp = off + sizeof (struct udphdr);
- return (esp6_input(mp, offp, IPPROTO_UDP));
}
}
#endif /* IPSEC */
if (udp_log_in_vain) {
char buf[INET6_ADDRSTRLEN];
- strlcpy(buf, ip6_sprintf(&ip6->ip6_dst), sizeof (buf));
+ strlcpy(buf, ip6_sprintf(&ip6->ip6_dst), sizeof(buf));
if (udp_log_in_vain < 3) {
log(LOG_INFO, "Connection attempt to UDP "
"%s:%d from %s:%d\n", buf,
ntohs(uh->uh_sport));
} else if (!(m->m_flags & (M_BCAST | M_MCAST)) &&
!IN6_ARE_ADDR_EQUAL(&ip6->ip6_dst, &ip6->ip6_src)) {
- log_in_vain_log((LOG_INFO, "Connection attempt "
+ log(LOG_INFO, "Connection attempt "
"to UDP %s:%d from %s:%d\n", buf,
ntohs(uh->uh_dport),
ip6_sprintf(&ip6->ip6_src),
- ntohs(uh->uh_sport)));
+ ntohs(uh->uh_sport));
}
}
udpstat.udps_noport++;
goto bad;
}
icmp6_error(m, ICMP6_DST_UNREACH, ICMP6_DST_UNREACH_NOPORT, 0);
- return (IPPROTO_DONE);
+ return IPPROTO_DONE;
}
#if NECP
if (!necp_socket_is_allowed_to_send_recv_v6(in6p, uh->uh_dport,
- uh->uh_sport, &ip6->ip6_dst, &ip6->ip6_src, ifp, NULL, NULL)) {
+ uh->uh_sport, &ip6->ip6_dst, &ip6->ip6_src, ifp, NULL, NULL, NULL)) {
in_pcb_checkstate(in6p, WNT_RELEASE, 0);
IF_UDP_STATINC(ifp, badipsec);
goto bad;
udp_in6.sin6_port = uh->uh_sport;
if ((in6p->in6p_flags & INP_CONTROLOPTS) != 0 ||
(in6p->in6p_socket->so_options & SO_TIMESTAMP) != 0 ||
- (in6p->in6p_socket->so_options & SO_TIMESTAMP_MONOTONIC) != 0) {
+ (in6p->in6p_socket->so_options & SO_TIMESTAMP_MONOTONIC) != 0 ||
+ (in6p->in6p_socket->so_options & SO_TIMESTAMP_CONTINUOUS) != 0) {
ret = ip6_savecontrol(in6p, m, &opts);
if (ret != 0) {
udp_unlock(in6p->in6p_socket, 1, 0);
goto bad;
}
}
- m_adj(m, off + sizeof (struct udphdr));
+ m_adj(m, off + sizeof(struct udphdr));
if (nstat_collect) {
INP_ADD_STAT(in6p, cell, wifi, wired, rxpackets, 1);
INP_ADD_STAT(in6p, cell, wifi, wired, rxbytes, m->m_pkthdr.len);
+ inp_set_activity_bitmap(in6p);
}
so_recv_data_stat(in6p->in6p_socket, m, 0);
if (sbappendaddr(&in6p->in6p_socket->so_rcv,
}
sorwakeup(in6p->in6p_socket);
udp_unlock(in6p->in6p_socket, 1, 0);
- return (IPPROTO_DONE);
+ return IPPROTO_DONE;
bad:
- if (m != NULL)
+ if (m != NULL) {
m_freem(m);
- if (opts != NULL)
+ }
+ if (opts != NULL) {
m_freem(opts);
- return (IPPROTO_DONE);
+ }
+ return IPPROTO_DONE;
}
void
-udp6_ctlinput(int cmd, struct sockaddr *sa, void *d)
+udp6_ctlinput(int cmd, struct sockaddr *sa, void *d, __unused struct ifnet *ifp)
{
struct udphdr uh;
struct ip6_hdr *ip6;
struct mbuf *m;
int off = 0;
struct ip6ctlparam *ip6cp = NULL;
+ struct icmp6_hdr *icmp6 = NULL;
const struct sockaddr_in6 *sa6_src = NULL;
void (*notify)(struct inpcb *, int) = udp_notify;
struct udp_portonly {
} *uhp;
if (sa->sa_family != AF_INET6 ||
- sa->sa_len != sizeof (struct sockaddr_in6))
+ sa->sa_len != sizeof(struct sockaddr_in6)) {
return;
+ }
- if ((unsigned)cmd >= PRC_NCMDS)
+ if ((unsigned)cmd >= PRC_NCMDS) {
return;
- if (PRC_IS_REDIRECT(cmd))
- notify = in6_rtchange, d = NULL;
- else if (cmd == PRC_HOSTDEAD)
+ }
+ if (PRC_IS_REDIRECT(cmd)) {
+ notify = in6_rtchange;
d = NULL;
- else if (inet6ctlerrmap[cmd] == 0)
+ } else if (cmd == PRC_HOSTDEAD) {
+ d = NULL;
+ } else if (inet6ctlerrmap[cmd] == 0) {
return;
+ }
/* if the parameter is from icmp6, decode it. */
if (d != NULL) {
ip6cp = (struct ip6ctlparam *)d;
+ icmp6 = ip6cp->ip6c_icmp6;
m = ip6cp->ip6c_m;
ip6 = ip6cp->ip6c_ip6;
off = ip6cp->ip6c_off;
* XXX: We assume that when IPV6 is non NULL,
* M and OFF are valid.
*/
-
/* check if we can safely examine src and dst ports */
- if (m->m_pkthdr.len < off + sizeof (*uhp))
+ if (m->m_pkthdr.len < off + sizeof(*uhp)) {
return;
+ }
- bzero(&uh, sizeof (uh));
- m_copydata(m, off, sizeof (*uhp), (caddr_t)&uh);
+ bzero(&uh, sizeof(uh));
+ m_copydata(m, off, sizeof(*uhp), (caddr_t)&uh);
(void) in6_pcbnotify(&udbinfo, sa, uh.uh_dport,
(struct sockaddr*)ip6cp->ip6c_src, uh.uh_sport,
cmd, NULL, notify);
- } else {
- (void) in6_pcbnotify(&udbinfo, sa, 0,
- (struct sockaddr *)&sa6_src, 0, cmd, NULL, notify);
}
+ /*
+ * XXX The else condition here was broken for a long time.
+ * Fixing it made us deliver notification correctly but broke
+ * some frameworks that didn't handle it well.
+ * For now we have removed it and will revisit it later.
+ */
}
static int
}
soisdisconnected(so);
in6_pcbdetach(inp);
- return (0);
+ return 0;
}
static int
int error;
inp = sotoinpcb(so);
- if (inp != NULL)
- return (EINVAL);
+ if (inp != NULL) {
+ return EINVAL;
+ }
error = in_pcballoc(so, &udbinfo, p);
- if (error)
- return (error);
+ if (error) {
+ return error;
+ }
if (so->so_snd.sb_hiwat == 0 || so->so_rcv.sb_hiwat == 0) {
error = soreserve(so, udp_sendspace, udp_recvspace);
- if (error)
- return (error);
+ if (error) {
+ return error;
+ }
}
inp = (struct inpcb *)so->so_pcb;
inp->inp_vflag |= INP_IPV6;
- if (ip6_mapped_addr_on)
+ if (ip6_mapped_addr_on) {
inp->inp_vflag |= INP_IPV4;
- inp->in6p_hops = -1; /* use kernel default */
- inp->in6p_cksum = -1; /* just to be sure */
+ }
+ inp->in6p_hops = -1; /* use kernel default */
+ inp->in6p_cksum = -1; /* just to be sure */
/*
* XXX: ugly!!
* IPv4 TTL initialization is necessary for an IPv6 socket as well,
* which may match an IPv4-mapped IPv6 address.
*/
inp->inp_ip_ttl = ip_defttl;
- if (nstat_collect)
+ if (nstat_collect) {
nstat_udp_new_pcb(inp);
- return (0);
+ }
+ return 0;
}
static int
int error;
inp = sotoinpcb(so);
- if (inp == NULL)
- return (EINVAL);
+ if (inp == NULL) {
+ return EINVAL;
+ }
inp->inp_vflag &= ~INP_IPV4;
inp->inp_vflag |= INP_IPV6;
inp->inp_vflag |= INP_IPV4;
inp->inp_vflag &= ~INP_IPV6;
error = in_pcbbind(inp, (struct sockaddr *)&sin, p);
- return (error);
+ return error;
}
}
error = in6_pcbbind(inp, nam, p);
- return (error);
+ return error;
}
int
#endif /* defined(NECP) && defined(FLOW_DIVERT) */
inp = sotoinpcb(so);
- if (inp == NULL)
- return (EINVAL);
+ if (inp == NULL) {
+ return EINVAL;
+ }
#if defined(NECP) && defined(FLOW_DIVERT)
should_use_flow_divert = necp_socket_should_use_flow_divert(inp);
if (IN6_IS_ADDR_V4MAPPED(&sin6_p->sin6_addr)) {
struct sockaddr_in sin;
- if (inp->inp_faddr.s_addr != INADDR_ANY)
- return (EISCONN);
+ if (inp->inp_faddr.s_addr != INADDR_ANY) {
+ return EISCONN;
+ }
+
+ if (!(so->so_flags1 & SOF1_CONNECT_COUNTED)) {
+ so->so_flags1 |= SOF1_CONNECT_COUNTED;
+ INC_ATOMIC_INT64_LIM(net_api_stats.nas_socket_inet_dgram_connected);
+ }
+
in6_sin6_2_sin(&sin, sin6_p);
#if defined(NECP) && defined(FLOW_DIVERT)
if (should_use_flow_divert) {
error = in_pcbconnect(inp, (struct sockaddr *)&sin,
p, IFSCOPE_NONE, NULL);
if (error == 0) {
+#if NECP
+ /* Update NECP client with connected five-tuple */
+ if (!uuid_is_null(inp->necp_client_uuid)) {
+ socket_unlock(so, 0);
+ necp_client_assign_from_socket(so->last_pid, inp->necp_client_uuid, inp);
+ socket_lock(so, 0);
+ }
+#endif /* NECP */
inp->inp_vflag |= INP_IPV4;
inp->inp_vflag &= ~INP_IPV6;
soisconnected(so);
}
- return (error);
+ return error;
}
}
- if (!IN6_IS_ADDR_UNSPECIFIED(&inp->in6p_faddr))
- return (EISCONN);
+ if (!IN6_IS_ADDR_UNSPECIFIED(&inp->in6p_faddr)) {
+ return EISCONN;
+ }
+
+ if (!(so->so_flags1 & SOF1_CONNECT_COUNTED)) {
+ so->so_flags1 |= SOF1_CONNECT_COUNTED;
+ INC_ATOMIC_INT64_LIM(net_api_stats.nas_socket_inet6_dgram_connected);
+ }
#if defined(NECP) && defined(FLOW_DIVERT)
do_flow_divert:
} else {
error = ENETDOWN;
}
- return (error);
+ return error;
}
#endif /* defined(NECP) && defined(FLOW_DIVERT) */
inp->inp_vflag &= ~INP_IPV4;
inp->inp_vflag |= INP_IPV6;
}
+#if NECP
+ /* Update NECP client with connected five-tuple */
+ if (!uuid_is_null(inp->necp_client_uuid)) {
+ socket_unlock(so, 0);
+ necp_client_assign_from_socket(so->last_pid, inp->necp_client_uuid, inp);
+ socket_lock(so, 0);
+ }
+#endif /* NECP */
soisconnected(so);
- if (inp->inp_flowhash == 0)
+ if (inp->inp_flowhash == 0) {
inp->inp_flowhash = inp_calc_flowhash(inp);
+ }
/* update flowinfo - RFC 6437 */
if (inp->inp_flow == 0 &&
inp->in6p_flags & IN6P_AUTOFLOWLABEL) {
(htonl(inp->inp_flowhash) & IPV6_FLOWLABEL_MASK);
}
}
- return (error);
+ return error;
}
static int
-udp6_connectx(struct socket *so, struct sockaddr_list **src_sl,
- struct sockaddr_list **dst_sl, struct proc *p, uint32_t ifscope,
+udp6_connectx(struct socket *so, struct sockaddr *src,
+ struct sockaddr *dst, struct proc *p, uint32_t ifscope,
sae_associd_t aid, sae_connid_t *pcid, uint32_t flags, void *arg,
uint32_t arglen, struct uio *uio, user_ssize_t *bytes_written)
{
- return (udp_connectx_common(so, AF_INET6, src_sl, dst_sl,
- p, ifscope, aid, pcid, flags, arg, arglen, uio, bytes_written));
+ return udp_connectx_common(so, AF_INET6, src, dst,
+ p, ifscope, aid, pcid, flags, arg, arglen, uio, bytes_written);
}
static int
struct inpcb *inp;
inp = sotoinpcb(so);
- if (inp == NULL)
- return (EINVAL);
+ if (inp == NULL) {
+ return EINVAL;
+ }
in6_pcbdetach(inp);
- return (0);
+ return 0;
}
static int
inp = sotoinpcb(so);
if (inp == NULL
#if NECP
- || (necp_socket_should_use_flow_divert(inp))
+ || (necp_socket_should_use_flow_divert(inp))
#endif /* NECP */
- )
- return (inp == NULL ? EINVAL : EPROTOTYPE);
+ ) {
+ return inp == NULL ? EINVAL : EPROTOTYPE;
+ }
if (inp->inp_vflag & INP_IPV4) {
struct pr_usrreqs *pru;
pru = ip_protox[IPPROTO_UDP]->pr_usrreqs;
- return ((*pru->pru_disconnect)(so));
+ return (*pru->pru_disconnect)(so);
}
- if (IN6_IS_ADDR_UNSPECIFIED(&inp->in6p_faddr))
- return (ENOTCONN);
+ if (IN6_IS_ADDR_UNSPECIFIED(&inp->in6p_faddr)) {
+ return ENOTCONN;
+ }
in6_pcbdisconnect(inp);
inp->in6p_laddr = in6addr_any;
inp->in6p_last_outifp = NULL;
- so->so_state &= ~SS_ISCONNECTED; /* XXX */
- return (0);
+
+ so->so_state &= ~SS_ISCONNECTED; /* XXX */
+ return 0;
}
static int
udp6_disconnectx(struct socket *so, sae_associd_t aid, sae_connid_t cid)
{
#pragma unused(cid)
- if (aid != SAE_ASSOCID_ANY && aid != SAE_ASSOCID_ALL)
- return (EINVAL);
+ if (aid != SAE_ASSOCID_ANY && aid != SAE_ASSOCID_ALL) {
+ return EINVAL;
+ }
- return (udp6_disconnect(so));
+ return udp6_disconnect(so);
}
static int
#if defined(NECP) && defined(FLOW_DIVERT)
int should_use_flow_divert = 0;
#endif /* defined(NECP) && defined(FLOW_DIVERT) */
+#if CONTENT_FILTER
+ struct m_tag *cfil_tag = NULL;
+ struct sockaddr *cfil_faddr = NULL;
+#endif
inp = sotoinpcb(so);
if (inp == NULL) {
goto bad;
}
+#if CONTENT_FILTER
+ //If socket is subject to UDP Content Filter and unconnected, get addr from tag.
+ if (so->so_cfil_db && !addr && IN6_IS_ADDR_UNSPECIFIED(&inp->in6p_faddr)) {
+ cfil_tag = cfil_udp_get_socket_state(m, NULL, NULL, &cfil_faddr);
+ if (cfil_tag) {
+ addr = (struct sockaddr *)cfil_faddr;
+ }
+ }
+#endif
+
#if defined(NECP) && defined(FLOW_DIVERT)
should_use_flow_divert = necp_socket_should_use_flow_divert(inp);
#endif /* defined(NECP) && defined(FLOW_DIVERT) */
if (addr != NULL) {
- if (addr->sa_len != sizeof (struct sockaddr_in6)) {
+ if (addr->sa_len != sizeof(struct sockaddr_in6)) {
error = EINVAL;
goto bad;
}
if (hasv4addr) {
struct pr_usrreqs *pru;
- if (sin6 != NULL)
+ if (sin6 != NULL) {
in6_sin6_2_sin_in_sock(addr);
+ }
#if defined(NECP) && defined(FLOW_DIVERT)
if (should_use_flow_divert) {
goto do_flow_divert;
pru = ip_protox[IPPROTO_UDP]->pr_usrreqs;
error = ((*pru->pru_send)(so, flags, m, addr,
control, p));
+#if CONTENT_FILTER
+ if (cfil_tag) {
+ m_tag_free(cfil_tag);
+ }
+#endif
/* addr will just be freed in sendit(). */
- return (error);
+ return error;
}
}
do_flow_divert:
if (should_use_flow_divert) {
/* Implicit connect */
- return (flow_divert_implicit_data_out(so, flags, m, addr, control, p));
+ error = flow_divert_implicit_data_out(so, flags, m, addr, control, p);
+#if CONTENT_FILTER
+ if (cfil_tag) {
+ m_tag_free(cfil_tag);
+ }
+#endif
+ return error;
}
#endif /* defined(NECP) && defined(FLOW_DIVERT) */
- return (udp6_output(inp, m, addr, control, p));
+ error = udp6_output(inp, m, addr, control, p);
+#if CONTENT_FILTER
+ if (cfil_tag) {
+ m_tag_free(cfil_tag);
+ }
+#endif
+ return error;
bad:
VERIFY(error != 0);
- if (m != NULL)
+ if (m != NULL) {
m_freem(m);
- if (control != NULL)
+ }
+ if (control != NULL) {
m_freem(control);
-
- return (error);
+ }
+#if CONTENT_FILTER
+ if (cfil_tag) {
+ m_tag_free(cfil_tag);
+ }
+#endif
+ return error;
}
/*
struct ip6_hdr *ip6 = mtod(m, struct ip6_hdr *);
if (!(m->m_pkthdr.csum_flags & CSUM_DATA_VALID) &&
- uh->uh_sum == 0) {
+ uh->uh_sum == 0) {
/* UDP/IPv6 checksum is mandatory (RFC2460) */
- /*
+ /*
* If checksum was already validated, ignore this check.
- * This is necessary for transport-mode ESP, which may be
+ * This is necessary for transport-mode ESP, which may be
* getting UDP payloads without checksums when the network
* has a NAT64.
*/
if (m->m_pkthdr.csum_flags & CSUM_PSEUDO_HDR) {
uh->uh_sum = m->m_pkthdr.csum_rx_val;
} else {
- uint16_t sum = m->m_pkthdr.csum_rx_val;
- uint16_t start = m->m_pkthdr.csum_rx_start;
+ uint32_t sum = m->m_pkthdr.csum_rx_val;
+ uint32_t start = m->m_pkthdr.csum_rx_start;
+ int32_t trailer = (m_pktlen(m) - (off + ulen));
/*
* Perform 1's complement adjustment of octets
* that got included/excluded in the hardware-
- * calculated checksum value.
+ * calculated checksum value. Also take care
+ * of any trailing bytes and subtract out
+ * their partial sum.
*/
+ ASSERT(trailer >= 0);
if ((m->m_pkthdr.csum_flags & CSUM_PARTIAL) &&
- start != off) {
- uint16_t s, d;
+ (start != off || trailer != 0)) {
+ uint32_t swbytes = (uint32_t)trailer;
+ uint16_t s = 0, d = 0;
if (IN6_IS_SCOPE_EMBED(&ip6->ip6_src)) {
s = ip6->ip6_src.s6_addr16[1];
- ip6->ip6_src.s6_addr16[1] = 0 ;
+ ip6->ip6_src.s6_addr16[1] = 0;
}
if (IN6_IS_SCOPE_EMBED(&ip6->ip6_dst)) {
d = ip6->ip6_dst.s6_addr16[1];
}
/* callee folds in sum */
- sum = m_adj_sum16(m, start, off, sum);
+ sum = m_adj_sum16(m, start, off, ulen, sum);
+ if (off > start) {
+ swbytes += (off - start);
+ } else {
+ swbytes += (start - off);
+ }
- if (IN6_IS_SCOPE_EMBED(&ip6->ip6_src))
+ if (IN6_IS_SCOPE_EMBED(&ip6->ip6_src)) {
ip6->ip6_src.s6_addr16[1] = s;
- if (IN6_IS_SCOPE_EMBED(&ip6->ip6_dst))
+ }
+ if (IN6_IS_SCOPE_EMBED(&ip6->ip6_dst)) {
ip6->ip6_dst.s6_addr16[1] = d;
+ }
+
+ if (swbytes != 0) {
+ udp_in_cksum_stats(swbytes);
+ }
+ if (trailer != 0) {
+ m_adj(m, -trailer);
+ }
}
uh->uh_sum = in6_pseudo(&ip6->ip6_src, &ip6->ip6_dst,
badsum:
udpstat.udps_badsum++;
IF_UDP_STATINC(ifp, badchksum);
- return (-1);
+ return -1;
}
- return (0);
+ return 0;
}
projects / apple / xnu.git / blobdiff