* SUCH DAMAGE.
*
* @(#)udp_usrreq.c 8.6 (Berkeley) 5/23/95
+ * $FreeBSD: src/sys/netinet/udp_usrreq.c,v 1.64.2.13 2001/08/08 18:59:54 ghelmer Exp $
*/
#include <sys/param.h>
#include <sys/kernel.h>
#include <sys/malloc.h>
#include <sys/mbuf.h>
-#if INET6
#include <sys/domain.h>
-#endif
#include <sys/protosw.h>
#include <sys/socket.h>
#include <sys/socketvar.h>
#include <sys/sysctl.h>
#include <sys/syslog.h>
-#if ISFB31
-#include <vm/vm_zone.h>
-#endif
-
-
#include <net/if.h>
#include <net/route.h>
#include <netinet/in.h>
#include <netinet/in_systm.h>
#include <netinet/ip.h>
+#if INET6
+#include <netinet/ip6.h>
+#endif
#include <netinet/in_pcb.h>
#include <netinet/in_var.h>
#include <netinet/ip_var.h>
-#include <netinet/ip_icmp.h>
-#include <netinet/icmp_var.h>
#if INET6
-#include <netinet/ip6.h>
#include <netinet6/ip6_var.h>
#endif
+#include <netinet/ip_icmp.h>
+#include <netinet/icmp_var.h>
#include <netinet/udp.h>
#include <netinet/udp_var.h>
#include <sys/kdebug.h>
#if IPSEC
#include <netinet6/ipsec.h>
+extern int ipsec_bypass;
#endif /*IPSEC*/
#define DBG_FNC_UDP_OUTPUT NETDBG_CODE(DBG_NETUDP, (6 << 8) | 1)
-#ifndef offsetof /* XXX */
-#define offsetof(type, member) ((size_t)(&((type *)0)->member))
-#endif
-
#define __STDC__ 1
/*
* UDP protocol implementation.
SYSCTL_INT(_net_inet_udp, UDPCTL_CHECKSUM, checksum, CTLFLAG_RW,
&udpcksum, 0, "");
-int log_in_vain;
+int log_in_vain = 0;
SYSCTL_INT(_net_inet_udp, OID_AUTO, log_in_vain, CTLFLAG_RW,
- &log_in_vain, 0, "");
+ &log_in_vain, 0, "Log all incoming UDP packets");
+
+static int blackhole = 0;
+SYSCTL_INT(_net_inet_udp, OID_AUTO, blackhole, CTLFLAG_RW,
+ &blackhole, 0, "Do not send port unreachables for refused connects");
struct inpcbhead udb; /* from udp_var.h */
#define udb6 udb /* for KAME src sync over BSD*'s */
struct udpstat udpstat; /* from udp_var.h */
SYSCTL_STRUCT(_net_inet_udp, UDPCTL_STATS, stats, CTLFLAG_RD,
- &udpstat, udpstat, "");
+ &udpstat, udpstat, "UDP statistics (struct udpstat, netinet/udp_var.h)");
static struct sockaddr_in udp_in = { sizeof(udp_in), AF_INET };
#if INET6
#endif
static int udp_detach __P((struct socket *so));
-static int udp_output __P((struct inpcb *, struct mbuf *, struct sockaddr *,
- struct mbuf *, struct proc *));
+static int udp_output __P((struct inpcb *, struct mbuf *, struct sockaddr *,
+ struct mbuf *, struct proc *));
void
udp_init()
udbinfo.hashbase = hashinit(UDBHASHSIZE, M_PCB, &udbinfo.hashmask);
udbinfo.porthashbase = hashinit(UDBHASHSIZE, M_PCB,
&udbinfo.porthashmask);
-#if ISFB31
- udbinfo.ipi_zone = zinit("udpcb", sizeof(struct inpcb), maxsockets,
- ZONE_INTERRUPT, 0);
-#else
+#ifdef __APPLE__
str_size = (vm_size_t) sizeof(struct inpcb);
- udbinfo.ipi_zone = (void *) zinit(str_size, 80000*str_size, 8192, "inpcb_zone");
-#endif
+ udbinfo.ipi_zone = (void *) zinit(str_size, 80000*str_size, 8192, "udpcb");
udbinfo.last_pcb = 0;
in_pcb_nat_init(&udbinfo, AF_INET, IPPROTO_UDP, SOCK_DGRAM);
+#else
+ udbinfo.ipi_zone = zinit("udpcb", sizeof(struct inpcb), maxsockets,
+ ZONE_INTERRUPT, 0);
+#endif
#if 0
+ /* for pcb sharing testing only */
stat = in_pcb_new_share_client(&udbinfo, &fake_owner);
kprintf("udp_init in_pcb_new_share_client - stat = %d\n", stat);
register struct udphdr *uh;
register struct inpcb *inp;
struct mbuf *opts = 0;
-#if INET6
- struct ip6_recvpktopts opts6;
-#endif
int len;
struct ip save_ip;
struct sockaddr *append_sa;
udpstat.udps_ipackets++;
-#if INET6
- bzero(&opts6, sizeof(opts6));
-#endif
-
KERNEL_DEBUG(DBG_FNC_UDP_INPUT | DBG_FUNC_START, 0,0,0,0,0);
+ if (m->m_pkthdr.csum_flags & CSUM_TCP_SUM16)
+ m->m_pkthdr.csum_flags = 0; /* invalidate hwcksum for UDP */
/*
* Strip IP options, if any; should skip this,
if (iphlen > sizeof (struct ip)) {
ip_stripoptions(m, (struct mbuf *)0);
iphlen = sizeof(struct ip);
- if (m->m_pkthdr.csum_flags & CSUM_TCP_SUM16)
- m->m_pkthdr.csum_flags = 0; /* invalidate hwcksum */
}
/*
}
uh = (struct udphdr *)((caddr_t)ip + iphlen);
+ /* destination port of 0 is illegal, based on RFC768. */
+ if (uh->uh_dport == 0)
+ goto bad;
+
KERNEL_DEBUG(DBG_LAYER_IN_BEG, uh->uh_dport, uh->uh_sport,
ip->ip_src.s_addr, ip->ip_dst.s_addr, uh->uh_ulen);
if (m->m_pkthdr.csum_flags & CSUM_DATA_VALID) {
if (m->m_pkthdr.csum_flags & CSUM_PSEUDO_HDR)
uh->uh_sum = m->m_pkthdr.csum_data;
- else {
- if (apple_hwcksum_rx && (m->m_pkthdr.csum_flags & CSUM_TCP_SUM16)) {
- bzero(((struct ipovly *)ip)->ih_x1, 9);
- ((struct ipovly *)ip)->ih_len = uh->uh_ulen;
- uh->uh_sum = in_addword(in_cksum(m, sizeof(struct ip)),
- m->m_pkthdr.csum_data & 0xFFFF);
- }
- else {
- goto doudpcksum;
- }
- }
+ else
+ goto doudpcksum;
uh->uh_sum ^= 0xffff;
} else {
doudpcksum:
return;
}
}
+#ifndef __APPLE__
+ else
+ udpstat.udps_nosum++;
+#endif
if (IN_MULTICAST(ntohl(ip->ip_dst.s_addr)) ||
in_broadcast(ip->ip_dst, m->m_pkthdr.rcvif)) {
udp_in6.uin6_init_done = udp_ip6.uip6_init_done = 0;
#endif
LIST_FOREACH(inp, &udb, inp_list) {
+#ifdef __APPLE__
+ /* Ignore nat/SharedIP dummy pcbs */
+ if (inp->inp_socket == &udbinfo.nat_dummy_socket)
+ continue;
+#endif
#if INET6
if ((inp->inp_vflag & INP_IPV4) == 0)
continue;
#if IPSEC
/* check AH/ESP integrity. */
- if (ipsec4_in_reject_so(m, last->inp_socket)) {
+ if (ipsec_bypass == 0 && ipsec4_in_reject_so(m, last->inp_socket)) {
ipsecstat.in_polvio++;
/* do not inject data to pcb */
} else
#endif /*IPSEC*/
if ((n = m_copy(m, 0, M_COPYALL)) != NULL) {
- udp_append(last, ip, n, iphlen +
- sizeof (struct udphdr));
+ udp_append(last, ip, n,
+ iphlen +
+ sizeof(struct udphdr));
}
}
last = inp;
goto bad;
}
#if IPSEC
- else
/* check AH/ESP integrity. */
- if (m && ipsec4_in_reject_so(m, last->inp_socket)) {
+ if (ipsec_bypass == 0 && m && ipsec4_in_reject_so(m, last->inp_socket)) {
ipsecstat.in_polvio++;
goto bad;
}
#endif /*IPSEC*/
- udp_append(last, ip, m, iphlen + sizeof (struct udphdr));
+ udp_append(last, ip, m, iphlen + sizeof(struct udphdr));
return;
}
/*
udpstat.udps_noportbcast++;
goto bad;
}
- *ip = save_ip;
#if ICMP_BANDLIM
- if (badport_bandlim(0) < 0)
+ if (badport_bandlim(BANDLIM_ICMP_UNREACH) < 0)
goto bad;
#endif
+ if (blackhole)
+ goto bad;
+ *ip = save_ip;
+ ip->ip_len += iphlen;
icmp_error(m, ICMP_UNREACH, ICMP_UNREACH_PORT, 0, 0);
KERNEL_DEBUG(DBG_FNC_UDP_INPUT | DBG_FUNC_END, 0,0,0,0,0);
return;
}
#if IPSEC
- if (inp != NULL && ipsec4_in_reject_so(m, inp->inp_socket)) {
+ if (ipsec_bypass == 0 && inp != NULL && ipsec4_in_reject_so(m, inp->inp_socket)) {
ipsecstat.in_polvio++;
goto bad;
}
ip_2_ip6_hdr(&udp_ip6.uip6_ip6, ip);
savedflags = inp->inp_flags;
inp->inp_flags &= ~INP_UNMAPPABLEOPTS;
- ip6_savecontrol(inp, &udp_ip6.uip6_ip6, m,
- &opts6, NULL);
-
+ ip6_savecontrol(inp, &opts, &udp_ip6.uip6_ip6, m);
inp->inp_flags = savedflags;
} else
#endif
ip_savecontrol(inp, &opts, ip, m);
}
- m_adj(m, iphlen + sizeof(struct udphdr));
+ m_adj(m, iphlen + sizeof(struct udphdr));
KERNEL_DEBUG(DBG_LAYER_IN_END, uh->uh_dport, uh->uh_sport,
save_ip.ip_src.s_addr, save_ip.ip_dst.s_addr, uh->uh_ulen);
if (inp->inp_vflag & INP_IPV6) {
in6_sin_2_v4mapsin6(&udp_in, &udp_in6.uin6_sin);
append_sa = (struct sockaddr *)&udp_in6;
- opts = opts6.head;
} else
#endif
append_sa = (struct sockaddr *)&udp_in;
if (opts)
m_freem(opts);
KERNEL_DEBUG(DBG_FNC_UDP_INPUT | DBG_FUNC_END, 0,0,0,0,0);
+ return;
}
#if INET6
struct inpcb *last;
struct ip *ip;
struct mbuf *n;
+ int off;
{
struct sockaddr *append_sa;
struct mbuf *opts = 0;
-#if INET6
- struct ip6_recvpktopts opts6;
- bzero(&opts6, sizeof(opts6));
-#endif
-
if (last->inp_flags & INP_CONTROLOPTS ||
last->inp_socket->so_options & SO_TIMESTAMP) {
}
savedflags = last->inp_flags;
last->inp_flags &= ~INP_UNMAPPABLEOPTS;
- ip6_savecontrol(last, &udp_ip6.uip6_ip6, n,
- &opts6, NULL);
+ ip6_savecontrol(last, &opts, &udp_ip6.uip6_ip6, n);
last->inp_flags = savedflags;
} else
#endif
udp_in6.uin6_init_done = 1;
}
append_sa = (struct sockaddr *)&udp_in6.uin6_sin;
- opts = opts6.head;
} else
#endif
append_sa = (struct sockaddr *)&udp_in;
m_adj(n, off);
-
if (sbappendaddr(&last->inp_socket->so_rcv, append_sa, n, opts) == 0) {
m_freem(n);
if (opts)
sorwakeup(last->inp_socket);
}
-
-
/*
* Notify a udp user of an asynchronous error;
* just wake up so that he can collect error status.
struct sockaddr *sa;
void *vip;
{
- register struct ip *ip = vip;
- register struct udphdr *uh;
+ struct ip *ip = vip;
+ struct udphdr *uh;
+ void (*notify) __P((struct inpcb *, int)) = udp_notify;
+ struct in_addr faddr;
+ struct inpcb *inp;
+ int s;
+
+ faddr = ((struct sockaddr_in *)sa)->sin_addr;
+ if (sa->sa_family != AF_INET || faddr.s_addr == INADDR_ANY)
+ return;
- if (!PRC_IS_REDIRECT(cmd) &&
- ((unsigned)cmd >= PRC_NCMDS || inetctlerrmap[cmd] == 0))
+ if (PRC_IS_REDIRECT(cmd)) {
+ ip = 0;
+ notify = in_rtchange;
+ } else if (cmd == PRC_HOSTDEAD)
+ ip = 0;
+ else if ((unsigned)cmd >= PRC_NCMDS || inetctlerrmap[cmd] == 0)
return;
if (ip) {
+ s = splnet();
uh = (struct udphdr *)((caddr_t)ip + (ip->ip_hl << 2));
- in_pcbnotify(&udb, sa, uh->uh_dport, ip->ip_src, uh->uh_sport,
- cmd, udp_notify);
+ inp = in_pcblookup_hash(&udbinfo, faddr, uh->uh_dport,
+ ip->ip_src, uh->uh_sport, 0, NULL);
+ if (inp != NULL && inp->inp_socket != NULL)
+ (*notify)(inp, inetctlerrmap[cmd]);
+ splx(s);
} else
- in_pcbnotify(&udb, sa, 0, zeroin_addr, 0, cmd, udp_notify);
+ in_pcbnotifyall(&udb, faddr, inetctlerrmap[cmd], notify);
}
-
static int
udp_pcblist SYSCTL_HANDLER_ARGS
{
error = SYSCTL_OUT(req, &xig, sizeof xig);
if (error)
return error;
- /*
- * We are done if there is no pcb
- */
- if (n == 0)
- return 0;
+ /*
+ * We are done if there is no pcb
+ */
+ if (n == 0)
+ return 0;
inp_list = _MALLOC(n * sizeof *inp_list, M_TEMP, M_WAITOK);
if (inp_list == 0) {
return ENOMEM;
}
- s = splnet();
- for (inp = udbinfo.listhead->lh_first, i = 0; inp && i < n;
- inp = inp->inp_list.le_next) {
+
+ for (inp = LIST_FIRST(udbinfo.listhead), i = 0; inp && i < n;
+ inp = LIST_NEXT(inp, inp_list)) {
if (inp->inp_gencnt <= gencnt)
inp_list[i++] = inp;
}
static int
udp_output(inp, m, addr, control, p)
register struct inpcb *inp;
- register struct mbuf *m;
+ struct mbuf *m;
struct sockaddr *addr;
struct mbuf *control;
struct proc *p;
* and addresses and length put into network format.
*/
ui = mtod(m, struct udpiphdr *);
- bzero(ui->ui_x1, sizeof(ui->ui_x1));
+ bzero(ui->ui_x1, sizeof(ui->ui_x1)); /* XXX still needed? */
ui->ui_pr = IPPROTO_UDP;
- ui->ui_len = htons((u_short)len + sizeof (struct udphdr));
ui->ui_src = inp->inp_laddr;
ui->ui_dst = inp->inp_faddr;
ui->ui_sport = inp->inp_lport;
ui->ui_dport = inp->inp_fport;
- ui->ui_ulen = ui->ui_len;
+ ui->ui_ulen = htons((u_short)len + sizeof(struct udphdr));
/*
- * Stuff checksum and output datagram.
+ * Set up checksum and output datagram.
*/
if (udpcksum) {
- ui->ui_sum = in_pseudo(ui->ui_src.s_addr, ui->ui_dst.s_addr,
- htons((u_short)len + sizeof(struct udphdr) + IPPROTO_UDP));
- m->m_pkthdr.csum_flags = CSUM_UDP;
- m->m_pkthdr.csum_data = offsetof(struct udphdr, uh_sum);
- }
- else
+ ui->ui_sum = in_pseudo(ui->ui_src.s_addr, ui->ui_dst.s_addr,
+ htons((u_short)len + sizeof(struct udphdr) + IPPROTO_UDP));
+ m->m_pkthdr.csum_flags = CSUM_UDP;
+ m->m_pkthdr.csum_data = offsetof(struct udphdr, uh_sum);
+ } else {
ui->ui_sum = 0;
+ }
((struct ip *)ui)->ip_len = sizeof (struct udpiphdr) + len;
((struct ip *)ui)->ip_ttl = inp->inp_ip_ttl; /* XXX */
((struct ip *)ui)->ip_tos = inp->inp_ip_tos; /* XXX */
KERNEL_DEBUG(DBG_LAYER_OUT_END, ui->ui_dport, ui->ui_sport,
ui->ui_src.s_addr, ui->ui_dst.s_addr, ui->ui_ulen);
-
#if IPSEC
- ipsec_setsocket(m, inp->inp_socket);
+ if (ipsec_bypass == 0 && ipsec_setsocket(m, inp->inp_socket) != 0) {
+ error = ENOBUFS;
+ goto release;
+ }
#endif /*IPSEC*/
-
error = ip_output(m, inp->inp_options, &inp->inp_route,
- inp->inp_socket->so_options & (SO_DONTROUTE | SO_BROADCAST),
+ (inp->inp_socket->so_options & (SO_DONTROUTE | SO_BROADCAST)),
inp->inp_moptions);
if (addr) {
u_long udp_sendspace = 9216; /* really max datagram size */
/* 40 1K datagrams */
SYSCTL_INT(_net_inet_udp, UDPCTL_MAXDGRAM, maxdgram, CTLFLAG_RW,
- &udp_sendspace, 0, "");
-
+ &udp_sendspace, 0, "Maximum outgoing UDP datagram size");
-u_long udp_recvspace = 40 * (1024 + /* 40 1K datagrams */
+u_long udp_recvspace = 40 * (1024 +
#if INET6
sizeof(struct sockaddr_in6)
-#else /* INET6 */
+#else
sizeof(struct sockaddr_in)
-#endif /* INET6 */
+#endif
);
SYSCTL_INT(_net_inet_udp, UDPCTL_RECVSPACE, recvspace, CTLFLAG_RW,
- &udp_recvspace, 0, "");
+ &udp_recvspace, 0, "Maximum incoming UDP datagram size");
static int
udp_abort(struct socket *so)
struct inpcb *inp;
int error; long s;
- if (so->so_snd.sb_hiwat == 0 || so->so_rcv.sb_hiwat == 0) {
- error = soreserve(so, udp_sendspace, udp_recvspace);
- if (error)
- return error;
- }
+ inp = sotoinpcb(so);
+ if (inp != 0)
+ return EINVAL;
+
+ error = soreserve(so, udp_sendspace, udp_recvspace);
+ if (error)
+ return error;
s = splnet();
error = in_pcballoc(so, &udbinfo, p);
splx(s);
- if (error)
- return error;
- error = soreserve(so, udp_sendspace, udp_recvspace);
if (error)
return error;
inp = (struct inpcb *)so->so_pcb;
inp->inp_vflag |= INP_IPV4;
inp->inp_ip_ttl = ip_defttl;
-#if IPSEC
- error = ipsec_init_policy(so, &inp->inp_sp);
- if (error != 0) {
- in_pcbdetach(inp);
- return error;
- }
-#endif /*IPSEC*/
return 0;
}