2011-12-19 15:59:56 +04:00
|
|
|
/* $NetBSD: udp_usrreq.c,v 1.184 2011/12/19 11:59:57 drochner Exp $ */
|
1999-07-01 12:12:45 +04:00
|
|
|
|
|
|
|
/*
|
|
|
|
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
|
|
|
|
* All rights reserved.
|
2002-06-09 20:33:36 +04:00
|
|
|
*
|
1999-07-01 12:12:45 +04:00
|
|
|
* Redistribution and use in source and binary forms, with or without
|
|
|
|
* modification, are permitted provided that the following conditions
|
|
|
|
* are met:
|
|
|
|
* 1. Redistributions of source code must retain the above copyright
|
|
|
|
* notice, this list of conditions and the following disclaimer.
|
|
|
|
* 2. Redistributions in binary form must reproduce the above copyright
|
|
|
|
* notice, this list of conditions and the following disclaimer in the
|
|
|
|
* documentation and/or other materials provided with the distribution.
|
|
|
|
* 3. Neither the name of the project nor the names of its contributors
|
|
|
|
* may be used to endorse or promote products derived from this software
|
|
|
|
* without specific prior written permission.
|
2002-06-09 20:33:36 +04:00
|
|
|
*
|
1999-07-01 12:12:45 +04:00
|
|
|
* THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
|
|
|
|
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
|
|
|
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
|
|
|
* ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
|
|
|
|
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
|
|
|
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
|
|
|
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
|
|
|
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
|
|
|
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
|
|
|
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
|
|
|
* SUCH DAMAGE.
|
|
|
|
*/
|
1994-06-29 10:29:24 +04:00
|
|
|
|
1993-03-21 12:45:37 +03:00
|
|
|
/*
|
1998-01-05 13:31:44 +03:00
|
|
|
* Copyright (c) 1982, 1986, 1988, 1990, 1993, 1995
|
1994-05-13 10:02:48 +04:00
|
|
|
* The Regents of the University of California. All rights reserved.
|
1993-03-21 12:45:37 +03:00
|
|
|
*
|
|
|
|
* Redistribution and use in source and binary forms, with or without
|
|
|
|
* modification, are permitted provided that the following conditions
|
|
|
|
* are met:
|
|
|
|
* 1. Redistributions of source code must retain the above copyright
|
|
|
|
* notice, this list of conditions and the following disclaimer.
|
|
|
|
* 2. Redistributions in binary form must reproduce the above copyright
|
|
|
|
* notice, this list of conditions and the following disclaimer in the
|
|
|
|
* documentation and/or other materials provided with the distribution.
|
2003-08-07 20:26:28 +04:00
|
|
|
* 3. Neither the name of the University nor the names of its contributors
|
1993-03-21 12:45:37 +03:00
|
|
|
* may be used to endorse or promote products derived from this software
|
|
|
|
* without specific prior written permission.
|
|
|
|
*
|
|
|
|
* THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
|
|
|
|
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
|
|
|
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
|
|
|
* ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
|
|
|
|
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
|
|
|
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
|
|
|
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
|
|
|
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
|
|
|
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
|
|
|
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
|
|
|
* SUCH DAMAGE.
|
|
|
|
*
|
1998-01-05 13:31:44 +03:00
|
|
|
* @(#)udp_usrreq.c 8.6 (Berkeley) 5/23/95
|
1993-03-21 12:45:37 +03:00
|
|
|
*/
|
1999-07-10 02:57:15 +04:00
|
|
|
|
2001-11-13 03:32:34 +03:00
|
|
|
#include <sys/cdefs.h>
|
2011-12-19 15:59:56 +04:00
|
|
|
__KERNEL_RCSID(0, "$NetBSD: udp_usrreq.c,v 1.184 2011/12/19 11:59:57 drochner Exp $");
|
2001-11-13 03:32:34 +03:00
|
|
|
|
2001-05-31 23:56:13 +04:00
|
|
|
#include "opt_inet.h"
|
2009-01-19 05:27:57 +03:00
|
|
|
#include "opt_compat_netbsd.h"
|
1999-07-10 02:57:15 +04:00
|
|
|
#include "opt_ipsec.h"
|
2001-06-02 20:17:09 +04:00
|
|
|
#include "opt_inet_csum.h"
|
2000-03-22 23:58:25 +03:00
|
|
|
#include "opt_ipkdb.h"
|
2003-06-23 15:00:59 +04:00
|
|
|
#include "opt_mbuftrace.h"
|
1993-03-21 12:45:37 +03:00
|
|
|
|
1993-12-18 03:40:47 +03:00
|
|
|
#include <sys/param.h>
|
|
|
|
#include <sys/malloc.h>
|
|
|
|
#include <sys/mbuf.h>
|
|
|
|
#include <sys/protosw.h>
|
|
|
|
#include <sys/socket.h>
|
|
|
|
#include <sys/socketvar.h>
|
1994-05-13 10:02:48 +04:00
|
|
|
#include <sys/errno.h>
|
1993-12-18 03:40:47 +03:00
|
|
|
#include <sys/stat.h>
|
1996-02-14 02:40:59 +03:00
|
|
|
#include <sys/systm.h>
|
|
|
|
#include <sys/proc.h>
|
1999-12-13 18:17:17 +03:00
|
|
|
#include <sys/domain.h>
|
1996-02-14 02:40:59 +03:00
|
|
|
#include <sys/sysctl.h>
|
1993-03-21 12:45:37 +03:00
|
|
|
|
1993-12-18 03:40:47 +03:00
|
|
|
#include <net/if.h>
|
|
|
|
#include <net/route.h>
|
1993-03-21 12:45:37 +03:00
|
|
|
|
1993-12-18 03:40:47 +03:00
|
|
|
#include <netinet/in.h>
|
|
|
|
#include <netinet/in_systm.h>
|
1995-04-13 10:35:38 +04:00
|
|
|
#include <netinet/in_var.h>
|
1993-12-18 03:40:47 +03:00
|
|
|
#include <netinet/ip.h>
|
|
|
|
#include <netinet/in_pcb.h>
|
|
|
|
#include <netinet/ip_var.h>
|
|
|
|
#include <netinet/ip_icmp.h>
|
|
|
|
#include <netinet/udp.h>
|
|
|
|
#include <netinet/udp_var.h>
|
2008-04-12 09:58:22 +04:00
|
|
|
#include <netinet/udp_private.h>
|
2011-09-24 21:18:17 +04:00
|
|
|
#include <netinet/rfc6056.h>
|
1993-03-21 12:45:37 +03:00
|
|
|
|
1999-12-13 18:17:17 +03:00
|
|
|
#ifdef INET6
|
|
|
|
#include <netinet/ip6.h>
|
|
|
|
#include <netinet/icmp6.h>
|
|
|
|
#include <netinet6/ip6_var.h>
|
2008-04-15 07:57:04 +04:00
|
|
|
#include <netinet6/ip6_private.h>
|
1999-12-13 18:17:17 +03:00
|
|
|
#include <netinet6/in6_pcb.h>
|
|
|
|
#include <netinet6/udp6_var.h>
|
2008-04-15 08:43:25 +04:00
|
|
|
#include <netinet6/udp6_private.h>
|
Better support of IPv6 scoped addresses.
- most of the kernel code will not care about the actual encoding of
scope zone IDs and won't touch "s6_addr16[1]" directly.
- similarly, most of the kernel code will not care about link-local
scoped addresses as a special case.
- scope boundary check will be stricter. For example, the current
*BSD code allows a packet with src=::1 and dst=(some global IPv6
address) to be sent outside of the node, if the application do:
s = socket(AF_INET6);
bind(s, "::1");
sendto(s, some_global_IPv6_addr);
This is clearly wrong, since ::1 is only meaningful within a single
node, but the current implementation of the *BSD kernel cannot
reject this attempt.
- and, while there, don't try to remove the ff02::/32 interface route
entry in in6_ifdetach() as it's already gone.
This also includes some level of support for the standard source
address selection algorithm defined in RFC3484, which will be
completed on in the future.
From the KAME project via JINMEI Tatuya.
Approved by core@.
2006-01-21 03:15:35 +03:00
|
|
|
#include <netinet6/scope6_var.h>
|
1999-12-13 18:17:17 +03:00
|
|
|
#endif
|
|
|
|
|
|
|
|
#ifndef INET6
|
|
|
|
/* always need ip6.h for IP6_EXTHDR_GET */
|
|
|
|
#include <netinet/ip6.h>
|
|
|
|
#endif
|
|
|
|
|
2001-05-08 14:15:13 +04:00
|
|
|
#include "faith.h"
|
|
|
|
#if defined(NFAITH) && NFAITH > 0
|
|
|
|
#include <net/if_faith.h>
|
|
|
|
#endif
|
|
|
|
|
2003-08-15 07:42:00 +04:00
|
|
|
#ifdef FAST_IPSEC
|
|
|
|
#include <netipsec/ipsec.h>
|
2008-04-23 10:09:04 +04:00
|
|
|
#include <netipsec/ipsec_var.h>
|
|
|
|
#include <netipsec/ipsec_private.h>
|
2006-02-23 04:35:19 +03:00
|
|
|
#include <netipsec/esp.h>
|
2003-08-15 07:42:00 +04:00
|
|
|
#ifdef INET6
|
|
|
|
#include <netipsec/ipsec6.h>
|
|
|
|
#endif
|
2008-04-23 10:09:04 +04:00
|
|
|
#endif /* FAST_IPSEC */
|
2003-08-15 07:42:00 +04:00
|
|
|
|
2011-12-19 15:59:56 +04:00
|
|
|
#ifdef KAME_IPSEC
|
1999-07-01 12:12:45 +04:00
|
|
|
#include <netinet6/ipsec.h>
|
2008-04-23 10:09:04 +04:00
|
|
|
#include <netinet6/ipsec_private.h>
|
2006-02-23 04:35:19 +03:00
|
|
|
#include <netinet6/esp.h>
|
1999-07-01 12:12:45 +04:00
|
|
|
#include <netkey/key.h>
|
2011-12-19 15:59:56 +04:00
|
|
|
#endif /* KAME_IPSEC */
|
1999-07-01 12:12:45 +04:00
|
|
|
|
2009-01-19 05:27:57 +03:00
|
|
|
#ifdef COMPAT_50
|
|
|
|
#include <compat/sys/socket.h>
|
|
|
|
#endif
|
|
|
|
|
2000-03-22 23:58:25 +03:00
|
|
|
#ifdef IPKDB
|
|
|
|
#include <ipkdb/ipkdb.h>
|
|
|
|
#endif
|
|
|
|
|
1994-01-09 02:19:48 +03:00
|
|
|
/*
|
|
|
|
* UDP protocol implementation.
|
|
|
|
* Per RFC 768, August, 1980.
|
|
|
|
*/
|
|
|
|
int udpcksum = 1;
|
2005-08-10 17:06:49 +04:00
|
|
|
int udp_do_loopback_cksum = 0;
|
1994-01-09 02:19:48 +03:00
|
|
|
|
2002-05-13 00:33:50 +04:00
|
|
|
struct inpcbtable udbtable;
|
2008-04-07 00:17:27 +04:00
|
|
|
|
2008-04-12 09:58:22 +04:00
|
|
|
percpu_t *udpstat_percpu;
|
2002-05-13 00:33:50 +04:00
|
|
|
|
2000-10-17 07:06:42 +04:00
|
|
|
#ifdef INET
|
2005-02-12 15:31:07 +03:00
|
|
|
#ifdef IPSEC_NAT_T
|
2005-12-09 18:36:34 +03:00
|
|
|
static int udp4_espinudp (struct mbuf **, int, struct sockaddr *,
|
2005-02-12 15:31:07 +03:00
|
|
|
struct socket *);
|
|
|
|
#endif
|
2004-04-19 03:35:56 +04:00
|
|
|
static void udp4_sendup (struct mbuf *, int, struct sockaddr *,
|
|
|
|
struct socket *);
|
|
|
|
static int udp4_realinput (struct sockaddr_in *, struct sockaddr_in *,
|
2005-12-09 18:36:34 +03:00
|
|
|
struct mbuf **, int);
|
2004-12-21 08:51:31 +03:00
|
|
|
static int udp4_input_checksum(struct mbuf *, const struct udphdr *, int, int);
|
2000-10-17 07:06:42 +04:00
|
|
|
#endif
|
1999-12-13 18:17:17 +03:00
|
|
|
#ifdef INET6
|
2004-04-19 03:35:56 +04:00
|
|
|
static void udp6_sendup (struct mbuf *, int, struct sockaddr *,
|
|
|
|
struct socket *);
|
|
|
|
static int udp6_realinput (int, struct sockaddr_in6 *,
|
|
|
|
struct sockaddr_in6 *, struct mbuf *, int);
|
2004-12-21 08:51:31 +03:00
|
|
|
static int udp6_input_checksum(struct mbuf *, const struct udphdr *, int, int);
|
1999-12-13 18:17:17 +03:00
|
|
|
#endif
|
2000-10-17 07:06:42 +04:00
|
|
|
#ifdef INET
|
2004-04-19 03:35:56 +04:00
|
|
|
static void udp_notify (struct inpcb *, int);
|
2000-10-17 07:06:42 +04:00
|
|
|
#endif
|
1994-01-09 02:17:18 +03:00
|
|
|
|
1996-01-31 06:49:23 +03:00
|
|
|
#ifndef UDBHASHSIZE
|
|
|
|
#define UDBHASHSIZE 128
|
|
|
|
#endif
|
|
|
|
int udbhashsize = UDBHASHSIZE;
|
|
|
|
|
2003-02-26 09:31:08 +03:00
|
|
|
#ifdef MBUFTRACE
|
2006-10-11 01:49:14 +04:00
|
|
|
struct mowner udp_mowner = MOWNER_INIT("udp", "");
|
|
|
|
struct mowner udp_rx_mowner = MOWNER_INIT("udp", "rx");
|
|
|
|
struct mowner udp_tx_mowner = MOWNER_INIT("udp", "tx");
|
2003-02-26 09:31:08 +03:00
|
|
|
#endif
|
|
|
|
|
2001-06-02 20:17:09 +04:00
|
|
|
#ifdef UDP_CSUM_COUNTERS
|
|
|
|
#include <sys/device.h>
|
|
|
|
|
2005-08-10 17:05:16 +04:00
|
|
|
#if defined(INET)
|
2001-06-02 20:17:09 +04:00
|
|
|
struct evcnt udp_hwcsum_bad = EVCNT_INITIALIZER(EVCNT_TYPE_MISC,
|
|
|
|
NULL, "udp", "hwcsum bad");
|
|
|
|
struct evcnt udp_hwcsum_ok = EVCNT_INITIALIZER(EVCNT_TYPE_MISC,
|
|
|
|
NULL, "udp", "hwcsum ok");
|
|
|
|
struct evcnt udp_hwcsum_data = EVCNT_INITIALIZER(EVCNT_TYPE_MISC,
|
|
|
|
NULL, "udp", "hwcsum data");
|
|
|
|
struct evcnt udp_swcsum = EVCNT_INITIALIZER(EVCNT_TYPE_MISC,
|
|
|
|
NULL, "udp", "swcsum");
|
|
|
|
|
2004-05-01 06:20:42 +04:00
|
|
|
EVCNT_ATTACH_STATIC(udp_hwcsum_bad);
|
|
|
|
EVCNT_ATTACH_STATIC(udp_hwcsum_ok);
|
|
|
|
EVCNT_ATTACH_STATIC(udp_hwcsum_data);
|
|
|
|
EVCNT_ATTACH_STATIC(udp_swcsum);
|
2005-08-10 17:05:16 +04:00
|
|
|
#endif /* defined(INET) */
|
|
|
|
|
|
|
|
#if defined(INET6)
|
|
|
|
struct evcnt udp6_hwcsum_bad = EVCNT_INITIALIZER(EVCNT_TYPE_MISC,
|
|
|
|
NULL, "udp6", "hwcsum bad");
|
|
|
|
struct evcnt udp6_hwcsum_ok = EVCNT_INITIALIZER(EVCNT_TYPE_MISC,
|
|
|
|
NULL, "udp6", "hwcsum ok");
|
|
|
|
struct evcnt udp6_hwcsum_data = EVCNT_INITIALIZER(EVCNT_TYPE_MISC,
|
|
|
|
NULL, "udp6", "hwcsum data");
|
|
|
|
struct evcnt udp6_swcsum = EVCNT_INITIALIZER(EVCNT_TYPE_MISC,
|
|
|
|
NULL, "udp6", "swcsum");
|
|
|
|
|
|
|
|
EVCNT_ATTACH_STATIC(udp6_hwcsum_bad);
|
|
|
|
EVCNT_ATTACH_STATIC(udp6_hwcsum_ok);
|
|
|
|
EVCNT_ATTACH_STATIC(udp6_hwcsum_data);
|
|
|
|
EVCNT_ATTACH_STATIC(udp6_swcsum);
|
|
|
|
#endif /* defined(INET6) */
|
|
|
|
|
|
|
|
#define UDP_CSUM_COUNTER_INCR(ev) (ev)->ev_count++
|
2004-05-01 06:20:42 +04:00
|
|
|
|
2001-06-02 20:17:09 +04:00
|
|
|
#else
|
|
|
|
|
|
|
|
#define UDP_CSUM_COUNTER_INCR(ev) /* nothing */
|
|
|
|
|
|
|
|
#endif /* UDP_CSUM_COUNTERS */
|
|
|
|
|
2009-09-16 19:23:04 +04:00
|
|
|
static void sysctl_net_inet_udp_setup(struct sysctllog **);
|
|
|
|
|
1994-01-09 02:17:18 +03:00
|
|
|
void
|
2004-04-19 03:35:56 +04:00
|
|
|
udp_init(void)
|
1993-03-21 12:45:37 +03:00
|
|
|
{
|
1995-06-12 04:46:47 +04:00
|
|
|
|
2009-09-16 19:23:04 +04:00
|
|
|
sysctl_net_inet_udp_setup(NULL);
|
|
|
|
|
1996-09-15 22:11:06 +04:00
|
|
|
in_pcbinit(&udbtable, udbhashsize, udbhashsize);
|
2001-06-02 20:17:09 +04:00
|
|
|
|
2003-02-26 09:31:08 +03:00
|
|
|
MOWNER_ATTACH(&udp_tx_mowner);
|
|
|
|
MOWNER_ATTACH(&udp_rx_mowner);
|
|
|
|
MOWNER_ATTACH(&udp_mowner);
|
2008-04-12 09:58:22 +04:00
|
|
|
|
2008-04-26 12:13:59 +04:00
|
|
|
#ifdef INET
|
2008-04-12 09:58:22 +04:00
|
|
|
udpstat_percpu = percpu_alloc(sizeof(uint64_t) * UDP_NSTATS);
|
2008-04-26 12:13:59 +04:00
|
|
|
#endif
|
|
|
|
#ifdef INET6
|
|
|
|
udp6stat_percpu = percpu_alloc(sizeof(uint64_t) * UDP6_NSTATS);
|
|
|
|
#endif
|
1993-03-21 12:45:37 +03:00
|
|
|
}
|
|
|
|
|
2004-12-21 08:51:31 +03:00
|
|
|
/*
|
|
|
|
* Checksum extended UDP header and data.
|
|
|
|
*/
|
|
|
|
|
|
|
|
int
|
|
|
|
udp_input_checksum(int af, struct mbuf *m, const struct udphdr *uh,
|
|
|
|
int iphlen, int len)
|
|
|
|
{
|
|
|
|
|
|
|
|
switch (af) {
|
2000-10-17 07:06:42 +04:00
|
|
|
#ifdef INET
|
2004-12-21 08:51:31 +03:00
|
|
|
case AF_INET:
|
|
|
|
return udp4_input_checksum(m, uh, iphlen, len);
|
|
|
|
#endif
|
|
|
|
#ifdef INET6
|
|
|
|
case AF_INET6:
|
|
|
|
return udp6_input_checksum(m, uh, iphlen, len);
|
|
|
|
#endif
|
|
|
|
}
|
|
|
|
#ifdef DIAGNOSTIC
|
|
|
|
panic("udp_input_checksum: unknown af %d", af);
|
|
|
|
#endif
|
|
|
|
/* NOTREACHED */
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
|
|
|
|
#ifdef INET
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Checksum extended UDP header and data.
|
|
|
|
*/
|
|
|
|
|
|
|
|
static int
|
|
|
|
udp4_input_checksum(struct mbuf *m, const struct udphdr *uh,
|
|
|
|
int iphlen, int len)
|
|
|
|
{
|
|
|
|
|
|
|
|
/*
|
|
|
|
* XXX it's better to record and check if this mbuf is
|
|
|
|
* already checked.
|
|
|
|
*/
|
|
|
|
|
|
|
|
if (uh->uh_sum == 0)
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
switch (m->m_pkthdr.csum_flags &
|
|
|
|
((m->m_pkthdr.rcvif->if_csum_flags_rx & M_CSUM_UDPv4) |
|
|
|
|
M_CSUM_TCP_UDP_BAD | M_CSUM_DATA)) {
|
|
|
|
case M_CSUM_UDPv4|M_CSUM_TCP_UDP_BAD:
|
|
|
|
UDP_CSUM_COUNTER_INCR(&udp_hwcsum_bad);
|
|
|
|
goto badcsum;
|
|
|
|
|
|
|
|
case M_CSUM_UDPv4|M_CSUM_DATA: {
|
|
|
|
u_int32_t hw_csum = m->m_pkthdr.csum_data;
|
|
|
|
|
|
|
|
UDP_CSUM_COUNTER_INCR(&udp_hwcsum_data);
|
|
|
|
if (m->m_pkthdr.csum_flags & M_CSUM_NO_PSEUDOHDR) {
|
|
|
|
const struct ip *ip =
|
|
|
|
mtod(m, const struct ip *);
|
|
|
|
|
|
|
|
hw_csum = in_cksum_phdr(ip->ip_src.s_addr,
|
|
|
|
ip->ip_dst.s_addr,
|
|
|
|
htons(hw_csum + len + IPPROTO_UDP));
|
|
|
|
}
|
|
|
|
if ((hw_csum ^ 0xffff) != 0)
|
|
|
|
goto badcsum;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
|
|
|
|
case M_CSUM_UDPv4:
|
|
|
|
/* Checksum was okay. */
|
|
|
|
UDP_CSUM_COUNTER_INCR(&udp_hwcsum_ok);
|
|
|
|
break;
|
|
|
|
|
|
|
|
default:
|
|
|
|
/*
|
|
|
|
* Need to compute it ourselves. Maybe skip checksum
|
|
|
|
* on loopback interfaces.
|
|
|
|
*/
|
|
|
|
if (__predict_true(!(m->m_pkthdr.rcvif->if_flags &
|
|
|
|
IFF_LOOPBACK) ||
|
|
|
|
udp_do_loopback_cksum)) {
|
|
|
|
UDP_CSUM_COUNTER_INCR(&udp_swcsum);
|
|
|
|
if (in4_cksum(m, IPPROTO_UDP, iphlen, len) != 0)
|
|
|
|
goto badcsum;
|
|
|
|
}
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
badcsum:
|
2008-04-12 09:58:22 +04:00
|
|
|
UDP_STATINC(UDP_STAT_BADSUM);
|
2004-12-21 08:51:31 +03:00
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
|
1999-12-13 18:17:17 +03:00
|
|
|
void
|
|
|
|
udp_input(struct mbuf *m, ...)
|
|
|
|
{
|
|
|
|
va_list ap;
|
|
|
|
struct sockaddr_in src, dst;
|
|
|
|
struct ip *ip;
|
|
|
|
struct udphdr *uh;
|
2003-01-20 02:57:01 +03:00
|
|
|
int iphlen;
|
1999-12-13 18:17:17 +03:00
|
|
|
int len;
|
|
|
|
int n;
|
2002-08-14 04:23:27 +04:00
|
|
|
u_int16_t ip_len;
|
1999-12-13 18:17:17 +03:00
|
|
|
|
|
|
|
va_start(ap, m);
|
|
|
|
iphlen = va_arg(ap, int);
|
2003-01-20 02:57:01 +03:00
|
|
|
(void)va_arg(ap, int); /* ignore value, advance ap */
|
1999-12-13 18:17:17 +03:00
|
|
|
va_end(ap);
|
|
|
|
|
2003-02-26 09:31:08 +03:00
|
|
|
MCLAIM(m, &udp_rx_mowner);
|
2008-04-12 09:58:22 +04:00
|
|
|
UDP_STATINC(UDP_STAT_IPACKETS);
|
1999-12-13 18:17:17 +03:00
|
|
|
|
|
|
|
/*
|
|
|
|
* Get IP and UDP header together in first mbuf.
|
|
|
|
*/
|
|
|
|
ip = mtod(m, struct ip *);
|
|
|
|
IP6_EXTHDR_GET(uh, struct udphdr *, m, iphlen, sizeof(struct udphdr));
|
|
|
|
if (uh == NULL) {
|
2008-04-12 09:58:22 +04:00
|
|
|
UDP_STATINC(UDP_STAT_HDROPS);
|
1999-12-13 18:17:17 +03:00
|
|
|
return;
|
|
|
|
}
|
Changes to allow the IPv4 and IPv6 layers to align headers themseves,
as necessary:
* Implement a new mbuf utility routine, m_copyup(), is is like
m_pullup(), except that it always prepends and copies, rather
than only doing so if the desired length is larger than m->m_len.
m_copyup() also allows an offset into the destination mbuf, which
allows space for packet headers, in the forwarding case.
* Add *_HDR_ALIGNED_P() macros for IP, IPv6, ICMP, and IGMP. These
macros expand to 1 if __NO_STRICT_ALIGNMENT is defined, so that
architectures which do not have strict alignment constraints don't
pay for the test or visit the new align-if-needed path.
* Use the new macros to check if a header needs to be aligned, or to
assert that it already is, as appropriate.
Note: This code is still somewhat experimental. However, the new
code path won't be visited if individual device drivers continue
to guarantee that packets are delivered to layer 3 already properly
aligned (which are rules that are already in use).
2002-07-01 02:40:32 +04:00
|
|
|
KASSERT(UDP_HDR_ALIGNED_P(uh));
|
1999-12-13 18:17:17 +03:00
|
|
|
|
2000-01-31 13:39:26 +03:00
|
|
|
/* destination port of 0 is illegal, based on RFC768. */
|
|
|
|
if (uh->uh_dport == 0)
|
|
|
|
goto bad;
|
|
|
|
|
1999-12-13 18:17:17 +03:00
|
|
|
/*
|
|
|
|
* Make mbuf data length reflect UDP length.
|
|
|
|
* If not enough data to reflect UDP length, drop.
|
|
|
|
*/
|
2002-08-14 04:23:27 +04:00
|
|
|
ip_len = ntohs(ip->ip_len);
|
1999-12-13 18:17:17 +03:00
|
|
|
len = ntohs((u_int16_t)uh->uh_ulen);
|
2002-08-14 04:23:27 +04:00
|
|
|
if (ip_len != iphlen + len) {
|
|
|
|
if (ip_len < iphlen + len || len < sizeof(struct udphdr)) {
|
2008-04-12 09:58:22 +04:00
|
|
|
UDP_STATINC(UDP_STAT_BADLEN);
|
1999-12-13 18:17:17 +03:00
|
|
|
goto bad;
|
|
|
|
}
|
2002-08-14 04:23:27 +04:00
|
|
|
m_adj(m, iphlen + len - ip_len);
|
1999-12-13 18:17:17 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Checksum extended UDP header and data.
|
|
|
|
*/
|
2004-12-21 08:51:31 +03:00
|
|
|
if (udp4_input_checksum(m, uh, iphlen, len))
|
|
|
|
goto badcsum;
|
1999-12-13 18:17:17 +03:00
|
|
|
|
|
|
|
/* construct source and dst sockaddrs. */
|
2007-05-12 06:03:15 +04:00
|
|
|
sockaddr_in_init(&src, &ip->ip_src, uh->uh_sport);
|
|
|
|
sockaddr_in_init(&dst, &ip->ip_dst, uh->uh_dport);
|
1999-12-13 18:17:17 +03:00
|
|
|
|
2005-12-09 18:36:34 +03:00
|
|
|
if ((n = udp4_realinput(&src, &dst, &m, iphlen)) == -1) {
|
2008-04-12 09:58:22 +04:00
|
|
|
UDP_STATINC(UDP_STAT_HDROPS);
|
2005-12-09 18:36:34 +03:00
|
|
|
return;
|
|
|
|
}
|
1999-12-13 18:17:17 +03:00
|
|
|
#ifdef INET6
|
|
|
|
if (IN_MULTICAST(ip->ip_dst.s_addr) || n == 0) {
|
|
|
|
struct sockaddr_in6 src6, dst6;
|
|
|
|
|
2009-03-18 19:00:08 +03:00
|
|
|
memset(&src6, 0, sizeof(src6));
|
1999-12-13 18:17:17 +03:00
|
|
|
src6.sin6_family = AF_INET6;
|
|
|
|
src6.sin6_len = sizeof(struct sockaddr_in6);
|
|
|
|
src6.sin6_addr.s6_addr[10] = src6.sin6_addr.s6_addr[11] = 0xff;
|
2009-04-18 18:58:02 +04:00
|
|
|
memcpy(&src6.sin6_addr.s6_addr[12], &ip->ip_src,
|
1999-12-13 18:17:17 +03:00
|
|
|
sizeof(ip->ip_src));
|
|
|
|
src6.sin6_port = uh->uh_sport;
|
2009-03-18 19:00:08 +03:00
|
|
|
memset(&dst6, 0, sizeof(dst6));
|
1999-12-13 18:17:17 +03:00
|
|
|
dst6.sin6_family = AF_INET6;
|
|
|
|
dst6.sin6_len = sizeof(struct sockaddr_in6);
|
|
|
|
dst6.sin6_addr.s6_addr[10] = dst6.sin6_addr.s6_addr[11] = 0xff;
|
2009-04-18 18:58:02 +04:00
|
|
|
memcpy(&dst6.sin6_addr.s6_addr[12], &ip->ip_dst,
|
1999-12-13 18:17:17 +03:00
|
|
|
sizeof(ip->ip_dst));
|
|
|
|
dst6.sin6_port = uh->uh_dport;
|
|
|
|
|
|
|
|
n += udp6_realinput(AF_INET, &src6, &dst6, m, iphlen);
|
|
|
|
}
|
|
|
|
#endif
|
|
|
|
|
|
|
|
if (n == 0) {
|
|
|
|
if (m->m_flags & (M_BCAST | M_MCAST)) {
|
2008-04-12 09:58:22 +04:00
|
|
|
UDP_STATINC(UDP_STAT_NOPORTBCAST);
|
1999-12-13 18:17:17 +03:00
|
|
|
goto bad;
|
|
|
|
}
|
2008-04-12 09:58:22 +04:00
|
|
|
UDP_STATINC(UDP_STAT_NOPORT);
|
2000-03-22 23:58:25 +03:00
|
|
|
#ifdef IPKDB
|
1999-12-13 18:17:17 +03:00
|
|
|
if (checkipkdb(&ip->ip_src, uh->uh_sport, uh->uh_dport,
|
|
|
|
m, iphlen + sizeof(struct udphdr),
|
|
|
|
m->m_pkthdr.len - iphlen - sizeof(struct udphdr))) {
|
|
|
|
/*
|
|
|
|
* It was a debugger connect packet,
|
|
|
|
* just drop it now
|
|
|
|
*/
|
|
|
|
goto bad;
|
|
|
|
}
|
|
|
|
#endif
|
|
|
|
icmp_error(m, ICMP_UNREACH, ICMP_UNREACH_PORT, 0, 0);
|
|
|
|
m = NULL;
|
|
|
|
}
|
|
|
|
|
|
|
|
bad:
|
|
|
|
if (m)
|
|
|
|
m_freem(m);
|
2001-06-02 20:17:09 +04:00
|
|
|
return;
|
|
|
|
|
|
|
|
badcsum:
|
|
|
|
m_freem(m);
|
1999-12-13 18:17:17 +03:00
|
|
|
}
|
2000-10-17 07:06:42 +04:00
|
|
|
#endif
|
1999-12-13 18:17:17 +03:00
|
|
|
|
|
|
|
#ifdef INET6
|
2004-12-21 08:51:31 +03:00
|
|
|
static int
|
|
|
|
udp6_input_checksum(struct mbuf *m, const struct udphdr *uh, int off, int len)
|
|
|
|
{
|
|
|
|
|
2005-08-10 17:05:16 +04:00
|
|
|
/*
|
|
|
|
* XXX it's better to record and check if this mbuf is
|
|
|
|
* already checked.
|
|
|
|
*/
|
|
|
|
|
2004-12-21 08:51:31 +03:00
|
|
|
if (__predict_false((m->m_flags & M_LOOP) && !udp_do_loopback_cksum)) {
|
|
|
|
goto good;
|
|
|
|
}
|
|
|
|
if (uh->uh_sum == 0) {
|
2008-04-15 08:43:25 +04:00
|
|
|
UDP6_STATINC(UDP6_STAT_NOSUM);
|
2004-12-21 08:51:31 +03:00
|
|
|
goto bad;
|
|
|
|
}
|
2005-08-10 17:05:16 +04:00
|
|
|
|
|
|
|
switch (m->m_pkthdr.csum_flags &
|
|
|
|
((m->m_pkthdr.rcvif->if_csum_flags_rx & M_CSUM_UDPv6) |
|
|
|
|
M_CSUM_TCP_UDP_BAD | M_CSUM_DATA)) {
|
|
|
|
case M_CSUM_UDPv6|M_CSUM_TCP_UDP_BAD:
|
|
|
|
UDP_CSUM_COUNTER_INCR(&udp6_hwcsum_bad);
|
2008-04-15 08:43:25 +04:00
|
|
|
UDP6_STATINC(UDP6_STAT_BADSUM);
|
2004-12-21 08:51:31 +03:00
|
|
|
goto bad;
|
2005-08-10 17:05:16 +04:00
|
|
|
|
|
|
|
#if 0 /* notyet */
|
|
|
|
case M_CSUM_UDPv6|M_CSUM_DATA:
|
|
|
|
#endif
|
|
|
|
|
|
|
|
case M_CSUM_UDPv6:
|
|
|
|
/* Checksum was okay. */
|
|
|
|
UDP_CSUM_COUNTER_INCR(&udp6_hwcsum_ok);
|
|
|
|
break;
|
|
|
|
|
|
|
|
default:
|
|
|
|
/*
|
|
|
|
* Need to compute it ourselves. Maybe skip checksum
|
|
|
|
* on loopback interfaces.
|
|
|
|
*/
|
|
|
|
UDP_CSUM_COUNTER_INCR(&udp6_swcsum);
|
|
|
|
if (in6_cksum(m, IPPROTO_UDP, off, len) != 0) {
|
2008-04-15 08:43:25 +04:00
|
|
|
UDP6_STATINC(UDP6_STAT_BADSUM);
|
2005-08-10 17:05:16 +04:00
|
|
|
goto bad;
|
|
|
|
}
|
2004-12-21 08:51:31 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
good:
|
|
|
|
return 0;
|
|
|
|
bad:
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
|
1999-12-13 18:17:17 +03:00
|
|
|
int
|
2006-11-10 16:01:55 +03:00
|
|
|
udp6_input(struct mbuf **mp, int *offp, int proto)
|
1999-12-13 18:17:17 +03:00
|
|
|
{
|
|
|
|
struct mbuf *m = *mp;
|
|
|
|
int off = *offp;
|
|
|
|
struct sockaddr_in6 src, dst;
|
|
|
|
struct ip6_hdr *ip6;
|
|
|
|
struct udphdr *uh;
|
|
|
|
u_int32_t plen, ulen;
|
|
|
|
|
2001-05-08 14:15:13 +04:00
|
|
|
ip6 = mtod(m, struct ip6_hdr *);
|
|
|
|
|
1999-12-13 18:17:17 +03:00
|
|
|
#if defined(NFAITH) && 0 < NFAITH
|
2001-05-08 14:15:13 +04:00
|
|
|
if (faithprefix(&ip6->ip6_dst)) {
|
|
|
|
/* send icmp6 host unreach? */
|
|
|
|
m_freem(m);
|
|
|
|
return IPPROTO_DONE;
|
1999-12-13 18:17:17 +03:00
|
|
|
}
|
|
|
|
#endif
|
|
|
|
|
2008-04-15 08:43:25 +04:00
|
|
|
UDP6_STATINC(UDP6_STAT_IPACKETS);
|
1999-12-13 18:17:17 +03:00
|
|
|
|
|
|
|
/* check for jumbogram is done in ip6_input. we can trust pkthdr.len */
|
|
|
|
plen = m->m_pkthdr.len - off;
|
|
|
|
IP6_EXTHDR_GET(uh, struct udphdr *, m, off, sizeof(struct udphdr));
|
|
|
|
if (uh == NULL) {
|
2008-04-15 07:57:04 +04:00
|
|
|
IP6_STATINC(IP6_STAT_TOOSHORT);
|
1999-12-13 18:17:17 +03:00
|
|
|
return IPPROTO_DONE;
|
|
|
|
}
|
Changes to allow the IPv4 and IPv6 layers to align headers themseves,
as necessary:
* Implement a new mbuf utility routine, m_copyup(), is is like
m_pullup(), except that it always prepends and copies, rather
than only doing so if the desired length is larger than m->m_len.
m_copyup() also allows an offset into the destination mbuf, which
allows space for packet headers, in the forwarding case.
* Add *_HDR_ALIGNED_P() macros for IP, IPv6, ICMP, and IGMP. These
macros expand to 1 if __NO_STRICT_ALIGNMENT is defined, so that
architectures which do not have strict alignment constraints don't
pay for the test or visit the new align-if-needed path.
* Use the new macros to check if a header needs to be aligned, or to
assert that it already is, as appropriate.
Note: This code is still somewhat experimental. However, the new
code path won't be visited if individual device drivers continue
to guarantee that packets are delivered to layer 3 already properly
aligned (which are rules that are already in use).
2002-07-01 02:40:32 +04:00
|
|
|
KASSERT(UDP_HDR_ALIGNED_P(uh));
|
1999-12-13 18:17:17 +03:00
|
|
|
ulen = ntohs((u_short)uh->uh_ulen);
|
2000-07-07 19:54:16 +04:00
|
|
|
/*
|
|
|
|
* RFC2675 section 4: jumbograms will have 0 in the UDP header field,
|
|
|
|
* iff payload length > 0xffff.
|
|
|
|
*/
|
1999-12-13 18:17:17 +03:00
|
|
|
if (ulen == 0 && plen > 0xffff)
|
|
|
|
ulen = plen;
|
|
|
|
|
|
|
|
if (plen != ulen) {
|
2008-04-15 08:43:25 +04:00
|
|
|
UDP6_STATINC(UDP6_STAT_BADLEN);
|
1999-12-13 18:17:17 +03:00
|
|
|
goto bad;
|
|
|
|
}
|
|
|
|
|
2000-01-31 13:39:26 +03:00
|
|
|
/* destination port of 0 is illegal, based on RFC768. */
|
|
|
|
if (uh->uh_dport == 0)
|
|
|
|
goto bad;
|
|
|
|
|
1999-12-22 07:03:01 +03:00
|
|
|
/* Be proactive about malicious use of IPv4 mapped address */
|
|
|
|
if (IN6_IS_ADDR_V4MAPPED(&ip6->ip6_src) ||
|
|
|
|
IN6_IS_ADDR_V4MAPPED(&ip6->ip6_dst)) {
|
|
|
|
/* XXX stat */
|
|
|
|
goto bad;
|
|
|
|
}
|
|
|
|
|
1999-12-13 18:17:17 +03:00
|
|
|
/*
|
2004-12-15 07:25:19 +03:00
|
|
|
* Checksum extended UDP header and data. Maybe skip checksum
|
|
|
|
* on loopback interfaces.
|
1999-12-13 18:17:17 +03:00
|
|
|
*/
|
2004-12-21 08:51:31 +03:00
|
|
|
if (udp6_input_checksum(m, uh, off, ulen))
|
|
|
|
goto bad;
|
1999-12-13 18:17:17 +03:00
|
|
|
|
|
|
|
/*
|
|
|
|
* Construct source and dst sockaddrs.
|
|
|
|
*/
|
2009-03-18 19:00:08 +03:00
|
|
|
memset(&src, 0, sizeof(src));
|
1999-12-13 18:17:17 +03:00
|
|
|
src.sin6_family = AF_INET6;
|
|
|
|
src.sin6_len = sizeof(struct sockaddr_in6);
|
Better support of IPv6 scoped addresses.
- most of the kernel code will not care about the actual encoding of
scope zone IDs and won't touch "s6_addr16[1]" directly.
- similarly, most of the kernel code will not care about link-local
scoped addresses as a special case.
- scope boundary check will be stricter. For example, the current
*BSD code allows a packet with src=::1 and dst=(some global IPv6
address) to be sent outside of the node, if the application do:
s = socket(AF_INET6);
bind(s, "::1");
sendto(s, some_global_IPv6_addr);
This is clearly wrong, since ::1 is only meaningful within a single
node, but the current implementation of the *BSD kernel cannot
reject this attempt.
- and, while there, don't try to remove the ff02::/32 interface route
entry in in6_ifdetach() as it's already gone.
This also includes some level of support for the standard source
address selection algorithm defined in RFC3484, which will be
completed on in the future.
From the KAME project via JINMEI Tatuya.
Approved by core@.
2006-01-21 03:15:35 +03:00
|
|
|
src.sin6_addr = ip6->ip6_src;
|
1999-12-13 18:17:17 +03:00
|
|
|
src.sin6_port = uh->uh_sport;
|
2009-03-18 19:00:08 +03:00
|
|
|
memset(&dst, 0, sizeof(dst));
|
1999-12-13 18:17:17 +03:00
|
|
|
dst.sin6_family = AF_INET6;
|
|
|
|
dst.sin6_len = sizeof(struct sockaddr_in6);
|
Better support of IPv6 scoped addresses.
- most of the kernel code will not care about the actual encoding of
scope zone IDs and won't touch "s6_addr16[1]" directly.
- similarly, most of the kernel code will not care about link-local
scoped addresses as a special case.
- scope boundary check will be stricter. For example, the current
*BSD code allows a packet with src=::1 and dst=(some global IPv6
address) to be sent outside of the node, if the application do:
s = socket(AF_INET6);
bind(s, "::1");
sendto(s, some_global_IPv6_addr);
This is clearly wrong, since ::1 is only meaningful within a single
node, but the current implementation of the *BSD kernel cannot
reject this attempt.
- and, while there, don't try to remove the ff02::/32 interface route
entry in in6_ifdetach() as it's already gone.
This also includes some level of support for the standard source
address selection algorithm defined in RFC3484, which will be
completed on in the future.
From the KAME project via JINMEI Tatuya.
Approved by core@.
2006-01-21 03:15:35 +03:00
|
|
|
dst.sin6_addr = ip6->ip6_dst;
|
1999-12-13 18:17:17 +03:00
|
|
|
dst.sin6_port = uh->uh_dport;
|
|
|
|
|
|
|
|
if (udp6_realinput(AF_INET6, &src, &dst, m, off) == 0) {
|
|
|
|
if (m->m_flags & M_MCAST) {
|
2008-04-15 08:43:25 +04:00
|
|
|
UDP6_STATINC(UDP6_STAT_NOPORTMCAST);
|
1999-12-13 18:17:17 +03:00
|
|
|
goto bad;
|
|
|
|
}
|
2008-04-15 08:43:25 +04:00
|
|
|
UDP6_STATINC(UDP6_STAT_NOPORT);
|
1999-12-13 18:17:17 +03:00
|
|
|
icmp6_error(m, ICMP6_DST_UNREACH, ICMP6_DST_UNREACH_NOPORT, 0);
|
|
|
|
m = NULL;
|
|
|
|
}
|
|
|
|
|
|
|
|
bad:
|
|
|
|
if (m)
|
|
|
|
m_freem(m);
|
|
|
|
return IPPROTO_DONE;
|
|
|
|
}
|
|
|
|
#endif
|
|
|
|
|
2000-10-17 07:06:42 +04:00
|
|
|
#ifdef INET
|
1999-12-13 18:17:17 +03:00
|
|
|
static void
|
2004-04-19 03:35:56 +04:00
|
|
|
udp4_sendup(struct mbuf *m, int off /* offset of data portion */,
|
|
|
|
struct sockaddr *src, struct socket *so)
|
1999-12-13 18:17:17 +03:00
|
|
|
{
|
|
|
|
struct mbuf *opts = NULL;
|
|
|
|
struct mbuf *n;
|
|
|
|
struct inpcb *inp = NULL;
|
|
|
|
|
|
|
|
if (!so)
|
|
|
|
return;
|
|
|
|
switch (so->so_proto->pr_domain->dom_family) {
|
|
|
|
case AF_INET:
|
|
|
|
inp = sotoinpcb(so);
|
|
|
|
break;
|
|
|
|
#ifdef INET6
|
|
|
|
case AF_INET6:
|
|
|
|
break;
|
|
|
|
#endif
|
|
|
|
default:
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
2011-12-19 15:59:56 +04:00
|
|
|
#if defined(KAME_IPSEC) || defined(FAST_IPSEC)
|
1999-12-13 18:17:17 +03:00
|
|
|
/* check AH/ESP integrity. */
|
|
|
|
if (so != NULL && ipsec4_in_reject_so(m, so)) {
|
2008-04-23 10:09:04 +04:00
|
|
|
IPSEC_STATINC(IPSEC_STAT_IN_POLVIO);
|
2007-09-02 11:18:55 +04:00
|
|
|
if ((n = m_copypacket(m, M_DONTWAIT)) != NULL)
|
2003-09-12 13:55:22 +04:00
|
|
|
icmp_error(n, ICMP_UNREACH, ICMP_UNREACH_ADMIN_PROHIBIT,
|
|
|
|
0, 0);
|
1999-12-13 18:17:17 +03:00
|
|
|
return;
|
|
|
|
}
|
|
|
|
#endif /*IPSEC*/
|
|
|
|
|
2007-09-02 11:18:55 +04:00
|
|
|
if ((n = m_copypacket(m, M_DONTWAIT)) != NULL) {
|
1999-12-13 18:17:17 +03:00
|
|
|
if (inp && (inp->inp_flags & INP_CONTROLOPTS
|
2009-01-19 05:27:57 +03:00
|
|
|
#ifdef SO_OTIMESTAMP
|
|
|
|
|| so->so_options & SO_OTIMESTAMP
|
|
|
|
#endif
|
1999-12-13 18:17:17 +03:00
|
|
|
|| so->so_options & SO_TIMESTAMP)) {
|
|
|
|
struct ip *ip = mtod(n, struct ip *);
|
|
|
|
ip_savecontrol(inp, &opts, ip, n);
|
|
|
|
}
|
|
|
|
|
|
|
|
m_adj(n, off);
|
|
|
|
if (sbappendaddr(&so->so_rcv, src, n,
|
|
|
|
opts) == 0) {
|
|
|
|
m_freem(n);
|
|
|
|
if (opts)
|
|
|
|
m_freem(opts);
|
2004-09-03 22:14:09 +04:00
|
|
|
so->so_rcv.sb_overflowed++;
|
2008-04-12 09:58:22 +04:00
|
|
|
UDP_STATINC(UDP_STAT_FULLSOCK);
|
1999-12-13 18:17:17 +03:00
|
|
|
} else
|
|
|
|
sorwakeup(so);
|
|
|
|
}
|
|
|
|
}
|
2000-10-17 07:06:42 +04:00
|
|
|
#endif
|
1999-12-13 18:17:17 +03:00
|
|
|
|
|
|
|
#ifdef INET6
|
|
|
|
static void
|
2004-04-19 03:35:56 +04:00
|
|
|
udp6_sendup(struct mbuf *m, int off /* offset of data portion */,
|
|
|
|
struct sockaddr *src, struct socket *so)
|
1999-12-13 18:17:17 +03:00
|
|
|
{
|
|
|
|
struct mbuf *opts = NULL;
|
|
|
|
struct mbuf *n;
|
|
|
|
struct in6pcb *in6p = NULL;
|
|
|
|
|
|
|
|
if (!so)
|
|
|
|
return;
|
|
|
|
if (so->so_proto->pr_domain->dom_family != AF_INET6)
|
|
|
|
return;
|
|
|
|
in6p = sotoin6pcb(so);
|
|
|
|
|
2011-12-19 15:59:56 +04:00
|
|
|
#if defined(KAME_IPSEC) || defined(FAST_IPSEC)
|
1999-12-13 18:17:17 +03:00
|
|
|
/* check AH/ESP integrity. */
|
|
|
|
if (so != NULL && ipsec6_in_reject_so(m, so)) {
|
2008-04-23 10:09:04 +04:00
|
|
|
IPSEC6_STATINC(IPSEC_STAT_IN_POLVIO);
|
2007-09-02 11:18:55 +04:00
|
|
|
if ((n = m_copypacket(m, M_DONTWAIT)) != NULL)
|
2003-09-12 13:55:22 +04:00
|
|
|
icmp6_error(n, ICMP6_DST_UNREACH,
|
|
|
|
ICMP6_DST_UNREACH_ADMIN, 0);
|
1999-12-13 18:17:17 +03:00
|
|
|
return;
|
|
|
|
}
|
|
|
|
#endif /*IPSEC*/
|
|
|
|
|
2007-09-02 11:18:55 +04:00
|
|
|
if ((n = m_copypacket(m, M_DONTWAIT)) != NULL) {
|
1999-12-13 18:17:17 +03:00
|
|
|
if (in6p && (in6p->in6p_flags & IN6P_CONTROLOPTS
|
2009-01-19 05:27:57 +03:00
|
|
|
#ifdef SO_OTIMESTAMP
|
|
|
|
|| in6p->in6p_socket->so_options & SO_OTIMESTAMP
|
|
|
|
#endif
|
|
|
|
|| in6p->in6p_socket->so_options & SO_TIMESTAMP)) {
|
1999-12-13 18:17:17 +03:00
|
|
|
struct ip6_hdr *ip6 = mtod(n, struct ip6_hdr *);
|
|
|
|
ip6_savecontrol(in6p, &opts, ip6, n);
|
|
|
|
}
|
|
|
|
|
|
|
|
m_adj(n, off);
|
|
|
|
if (sbappendaddr(&so->so_rcv, src, n, opts) == 0) {
|
|
|
|
m_freem(n);
|
|
|
|
if (opts)
|
|
|
|
m_freem(opts);
|
2004-09-03 22:14:09 +04:00
|
|
|
so->so_rcv.sb_overflowed++;
|
2008-04-15 08:43:25 +04:00
|
|
|
UDP6_STATINC(UDP6_STAT_FULLSOCK);
|
1999-12-13 18:17:17 +03:00
|
|
|
} else
|
|
|
|
sorwakeup(so);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
#endif
|
|
|
|
|
2000-10-17 07:06:42 +04:00
|
|
|
#ifdef INET
|
1999-12-13 18:17:17 +03:00
|
|
|
static int
|
2004-04-19 03:35:56 +04:00
|
|
|
udp4_realinput(struct sockaddr_in *src, struct sockaddr_in *dst,
|
2005-12-09 18:36:34 +03:00
|
|
|
struct mbuf **mp, int off /* offset of udphdr */)
|
1999-12-13 18:17:17 +03:00
|
|
|
{
|
|
|
|
u_int16_t *sport, *dport;
|
|
|
|
int rcvcnt;
|
|
|
|
struct in_addr *src4, *dst4;
|
2003-09-04 13:16:57 +04:00
|
|
|
struct inpcb_hdr *inph;
|
1999-12-13 18:17:17 +03:00
|
|
|
struct inpcb *inp;
|
2005-12-09 18:36:34 +03:00
|
|
|
struct mbuf *m = *mp;
|
1999-12-13 18:17:17 +03:00
|
|
|
|
|
|
|
rcvcnt = 0;
|
|
|
|
off += sizeof(struct udphdr); /* now, offset of payload */
|
|
|
|
|
|
|
|
if (src->sin_family != AF_INET || dst->sin_family != AF_INET)
|
|
|
|
goto bad;
|
|
|
|
|
|
|
|
src4 = &src->sin_addr;
|
|
|
|
sport = &src->sin_port;
|
|
|
|
dst4 = &dst->sin_addr;
|
|
|
|
dport = &dst->sin_port;
|
|
|
|
|
2000-12-04 14:23:04 +03:00
|
|
|
if (IN_MULTICAST(dst4->s_addr) ||
|
1999-12-13 18:17:17 +03:00
|
|
|
in_broadcast(*dst4, m->m_pkthdr.rcvif)) {
|
|
|
|
/*
|
|
|
|
* Deliver a multicast or broadcast datagram to *all* sockets
|
|
|
|
* for which the local and remote addresses and ports match
|
|
|
|
* those of the incoming datagram. This allows more than
|
|
|
|
* one process to receive multi/broadcasts on the same port.
|
|
|
|
* (This really ought to be done for unicast datagrams as
|
|
|
|
* well, but that would cause problems with existing
|
|
|
|
* applications that open both address-specific sockets and
|
|
|
|
* a wildcard socket listening to the same port -- they would
|
|
|
|
* end up receiving duplicates of every unicast datagram.
|
|
|
|
* Those applications open the multiple sockets to overcome an
|
|
|
|
* inadequacy of the UDP socket interface, but for backwards
|
|
|
|
* compatibility we avoid the problem here rather than
|
|
|
|
* fixing the interface. Maybe 4.5BSD will remedy this?)
|
|
|
|
*/
|
|
|
|
|
|
|
|
/*
|
2001-12-21 05:51:08 +03:00
|
|
|
* KAME note: traditionally we dropped udpiphdr from mbuf here.
|
2000-08-30 19:04:45 +04:00
|
|
|
* we need udpiphdr for IPsec processing so we do that later.
|
1999-12-13 18:17:17 +03:00
|
|
|
*/
|
|
|
|
/*
|
|
|
|
* Locate pcb(s) for datagram.
|
|
|
|
*/
|
2003-09-04 13:16:57 +04:00
|
|
|
CIRCLEQ_FOREACH(inph, &udbtable.inpt_queue, inph_queue) {
|
|
|
|
inp = (struct inpcb *)inph;
|
|
|
|
if (inp->inp_af != AF_INET)
|
|
|
|
continue;
|
|
|
|
|
1999-12-13 18:17:17 +03:00
|
|
|
if (inp->inp_lport != *dport)
|
|
|
|
continue;
|
|
|
|
if (!in_nullhost(inp->inp_laddr)) {
|
|
|
|
if (!in_hosteq(inp->inp_laddr, *dst4))
|
|
|
|
continue;
|
|
|
|
}
|
|
|
|
if (!in_nullhost(inp->inp_faddr)) {
|
|
|
|
if (!in_hosteq(inp->inp_faddr, *src4) ||
|
|
|
|
inp->inp_fport != *sport)
|
|
|
|
continue;
|
|
|
|
}
|
|
|
|
|
|
|
|
udp4_sendup(m, off, (struct sockaddr *)src,
|
|
|
|
inp->inp_socket);
|
|
|
|
rcvcnt++;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Don't look for additional matches if this one does
|
|
|
|
* not have either the SO_REUSEPORT or SO_REUSEADDR
|
|
|
|
* socket options set. This heuristic avoids searching
|
|
|
|
* through all pcbs in the common case of a non-shared
|
|
|
|
* port. It assumes that an application will never
|
|
|
|
* clear these options after setting them.
|
|
|
|
*/
|
|
|
|
if ((inp->inp_socket->so_options &
|
|
|
|
(SO_REUSEPORT|SO_REUSEADDR)) == 0)
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
} else {
|
|
|
|
/*
|
|
|
|
* Locate pcb for datagram.
|
|
|
|
*/
|
Reduces the resources demanded by TCP sessions in TIME_WAIT-state using
methods called Vestigial Time-Wait (VTW) and Maximum Segment Lifetime
Truncation (MSLT).
MSLT and VTW were contributed by Coyote Point Systems, Inc.
Even after a TCP session enters the TIME_WAIT state, its corresponding
socket and protocol control blocks (PCBs) stick around until the TCP
Maximum Segment Lifetime (MSL) expires. On a host whose workload
necessarily creates and closes down many TCP sockets, the sockets & PCBs
for TCP sessions in TIME_WAIT state amount to many megabytes of dead
weight in RAM.
Maximum Segment Lifetimes Truncation (MSLT) assigns each TCP session to
a class based on the nearness of the peer. Corresponding to each class
is an MSL, and a session uses the MSL of its class. The classes are
loopback (local host equals remote host), local (local host and remote
host are on the same link/subnet), and remote (local host and remote
host communicate via one or more gateways). Classes corresponding to
nearer peers have lower MSLs by default: 2 seconds for loopback, 10
seconds for local, 60 seconds for remote. Loopback and local sessions
expire more quickly when MSLT is used.
Vestigial Time-Wait (VTW) replaces a TIME_WAIT session's PCB/socket
dead weight with a compact representation of the session, called a
"vestigial PCB". VTW data structures are designed to be very fast and
memory-efficient: for fast insertion and lookup of vestigial PCBs,
the PCBs are stored in a hash table that is designed to minimize the
number of cacheline visits per lookup/insertion. The memory both
for vestigial PCBs and for elements of the PCB hashtable come from
fixed-size pools, and linked data structures exploit this to conserve
memory by representing references with a narrow index/offset from the
start of a pool instead of a pointer. When space for new vestigial PCBs
runs out, VTW makes room by discarding old vestigial PCBs, oldest first.
VTW cooperates with MSLT.
It may help to think of VTW as a "FIN cache" by analogy to the SYN
cache.
A 2.8-GHz Pentium 4 running a test workload that creates TIME_WAIT
sessions as fast as it can is approximately 17% idle when VTW is active
versus 0% idle when VTW is inactive. It has 103 megabytes more free RAM
when VTW is active (approximately 64k vestigial PCBs are created) than
when it is inactive.
2011-05-03 22:28:44 +04:00
|
|
|
inp = in_pcblookup_connect(&udbtable, *src4, *sport, *dst4,
|
|
|
|
*dport, 0);
|
1999-12-13 18:17:17 +03:00
|
|
|
if (inp == 0) {
|
2008-04-12 09:58:22 +04:00
|
|
|
UDP_STATINC(UDP_STAT_PCBHASHMISS);
|
1999-12-13 18:17:17 +03:00
|
|
|
inp = in_pcblookup_bind(&udbtable, *dst4, *dport);
|
2001-07-25 10:05:16 +04:00
|
|
|
if (inp == 0)
|
1999-12-13 18:17:17 +03:00
|
|
|
return rcvcnt;
|
|
|
|
}
|
|
|
|
|
2005-02-12 15:31:07 +03:00
|
|
|
#ifdef IPSEC_NAT_T
|
|
|
|
/* Handle ESP over UDP */
|
|
|
|
if (inp->inp_flags & INP_ESPINUDP_ALL) {
|
|
|
|
struct sockaddr *sa = (struct sockaddr *)src;
|
|
|
|
|
2005-12-09 18:36:34 +03:00
|
|
|
switch(udp4_espinudp(mp, off, sa, inp->inp_socket)) {
|
|
|
|
case -1: /* Error, m was freeed */
|
|
|
|
rcvcnt = -1;
|
|
|
|
goto bad;
|
|
|
|
break;
|
|
|
|
|
|
|
|
case 1: /* ESP over UDP */
|
2005-02-12 15:31:07 +03:00
|
|
|
rcvcnt++;
|
|
|
|
goto bad;
|
2005-12-09 18:36:34 +03:00
|
|
|
break;
|
2005-02-12 15:31:07 +03:00
|
|
|
|
2005-12-09 18:36:34 +03:00
|
|
|
case 0: /* plain UDP */
|
|
|
|
default: /* Unexpected */
|
|
|
|
/*
|
|
|
|
* Normal UDP processing will take place
|
|
|
|
* m may have changed.
|
|
|
|
*/
|
|
|
|
m = *mp;
|
|
|
|
break;
|
|
|
|
}
|
2005-02-12 15:31:07 +03:00
|
|
|
}
|
|
|
|
#endif
|
|
|
|
|
2009-07-20 03:17:33 +04:00
|
|
|
/*
|
|
|
|
* Check the minimum TTL for socket.
|
|
|
|
*/
|
|
|
|
if (mtod(m, struct ip *)->ip_ttl < inp->inp_ip_minttl)
|
|
|
|
goto bad;
|
|
|
|
|
1999-12-13 18:17:17 +03:00
|
|
|
udp4_sendup(m, off, (struct sockaddr *)src, inp->inp_socket);
|
|
|
|
rcvcnt++;
|
|
|
|
}
|
|
|
|
|
|
|
|
bad:
|
|
|
|
return rcvcnt;
|
|
|
|
}
|
2000-10-17 07:06:42 +04:00
|
|
|
#endif
|
1999-12-13 18:17:17 +03:00
|
|
|
|
|
|
|
#ifdef INET6
|
|
|
|
static int
|
2004-04-19 03:35:56 +04:00
|
|
|
udp6_realinput(int af, struct sockaddr_in6 *src, struct sockaddr_in6 *dst,
|
|
|
|
struct mbuf *m, int off)
|
1999-12-13 18:17:17 +03:00
|
|
|
{
|
2001-06-28 03:40:50 +04:00
|
|
|
u_int16_t sport, dport;
|
1999-12-13 18:17:17 +03:00
|
|
|
int rcvcnt;
|
Better support of IPv6 scoped addresses.
- most of the kernel code will not care about the actual encoding of
scope zone IDs and won't touch "s6_addr16[1]" directly.
- similarly, most of the kernel code will not care about link-local
scoped addresses as a special case.
- scope boundary check will be stricter. For example, the current
*BSD code allows a packet with src=::1 and dst=(some global IPv6
address) to be sent outside of the node, if the application do:
s = socket(AF_INET6);
bind(s, "::1");
sendto(s, some_global_IPv6_addr);
This is clearly wrong, since ::1 is only meaningful within a single
node, but the current implementation of the *BSD kernel cannot
reject this attempt.
- and, while there, don't try to remove the ff02::/32 interface route
entry in in6_ifdetach() as it's already gone.
This also includes some level of support for the standard source
address selection algorithm defined in RFC3484, which will be
completed on in the future.
From the KAME project via JINMEI Tatuya.
Approved by core@.
2006-01-21 03:15:35 +03:00
|
|
|
struct in6_addr src6, *dst6;
|
2001-06-28 03:40:50 +04:00
|
|
|
const struct in_addr *dst4;
|
2003-09-04 13:16:57 +04:00
|
|
|
struct inpcb_hdr *inph;
|
1999-12-13 18:17:17 +03:00
|
|
|
struct in6pcb *in6p;
|
|
|
|
|
|
|
|
rcvcnt = 0;
|
|
|
|
off += sizeof(struct udphdr); /* now, offset of payload */
|
|
|
|
|
|
|
|
if (af != AF_INET && af != AF_INET6)
|
|
|
|
goto bad;
|
|
|
|
if (src->sin6_family != AF_INET6 || dst->sin6_family != AF_INET6)
|
|
|
|
goto bad;
|
|
|
|
|
Better support of IPv6 scoped addresses.
- most of the kernel code will not care about the actual encoding of
scope zone IDs and won't touch "s6_addr16[1]" directly.
- similarly, most of the kernel code will not care about link-local
scoped addresses as a special case.
- scope boundary check will be stricter. For example, the current
*BSD code allows a packet with src=::1 and dst=(some global IPv6
address) to be sent outside of the node, if the application do:
s = socket(AF_INET6);
bind(s, "::1");
sendto(s, some_global_IPv6_addr);
This is clearly wrong, since ::1 is only meaningful within a single
node, but the current implementation of the *BSD kernel cannot
reject this attempt.
- and, while there, don't try to remove the ff02::/32 interface route
entry in in6_ifdetach() as it's already gone.
This also includes some level of support for the standard source
address selection algorithm defined in RFC3484, which will be
completed on in the future.
From the KAME project via JINMEI Tatuya.
Approved by core@.
2006-01-21 03:15:35 +03:00
|
|
|
src6 = src->sin6_addr;
|
|
|
|
if (sa6_recoverscope(src) != 0) {
|
|
|
|
/* XXX: should be impossible. */
|
|
|
|
goto bad;
|
|
|
|
}
|
2001-06-28 03:40:50 +04:00
|
|
|
sport = src->sin6_port;
|
Better support of IPv6 scoped addresses.
- most of the kernel code will not care about the actual encoding of
scope zone IDs and won't touch "s6_addr16[1]" directly.
- similarly, most of the kernel code will not care about link-local
scoped addresses as a special case.
- scope boundary check will be stricter. For example, the current
*BSD code allows a packet with src=::1 and dst=(some global IPv6
address) to be sent outside of the node, if the application do:
s = socket(AF_INET6);
bind(s, "::1");
sendto(s, some_global_IPv6_addr);
This is clearly wrong, since ::1 is only meaningful within a single
node, but the current implementation of the *BSD kernel cannot
reject this attempt.
- and, while there, don't try to remove the ff02::/32 interface route
entry in in6_ifdetach() as it's already gone.
This also includes some level of support for the standard source
address selection algorithm defined in RFC3484, which will be
completed on in the future.
From the KAME project via JINMEI Tatuya.
Approved by core@.
2006-01-21 03:15:35 +03:00
|
|
|
|
2001-06-28 03:40:50 +04:00
|
|
|
dport = dst->sin6_port;
|
2001-11-02 05:37:50 +03:00
|
|
|
dst4 = (struct in_addr *)&dst->sin6_addr.s6_addr[12];
|
Better support of IPv6 scoped addresses.
- most of the kernel code will not care about the actual encoding of
scope zone IDs and won't touch "s6_addr16[1]" directly.
- similarly, most of the kernel code will not care about link-local
scoped addresses as a special case.
- scope boundary check will be stricter. For example, the current
*BSD code allows a packet with src=::1 and dst=(some global IPv6
address) to be sent outside of the node, if the application do:
s = socket(AF_INET6);
bind(s, "::1");
sendto(s, some_global_IPv6_addr);
This is clearly wrong, since ::1 is only meaningful within a single
node, but the current implementation of the *BSD kernel cannot
reject this attempt.
- and, while there, don't try to remove the ff02::/32 interface route
entry in in6_ifdetach() as it's already gone.
This also includes some level of support for the standard source
address selection algorithm defined in RFC3484, which will be
completed on in the future.
From the KAME project via JINMEI Tatuya.
Approved by core@.
2006-01-21 03:15:35 +03:00
|
|
|
dst6 = &dst->sin6_addr;
|
1999-12-13 18:17:17 +03:00
|
|
|
|
Better support of IPv6 scoped addresses.
- most of the kernel code will not care about the actual encoding of
scope zone IDs and won't touch "s6_addr16[1]" directly.
- similarly, most of the kernel code will not care about link-local
scoped addresses as a special case.
- scope boundary check will be stricter. For example, the current
*BSD code allows a packet with src=::1 and dst=(some global IPv6
address) to be sent outside of the node, if the application do:
s = socket(AF_INET6);
bind(s, "::1");
sendto(s, some_global_IPv6_addr);
This is clearly wrong, since ::1 is only meaningful within a single
node, but the current implementation of the *BSD kernel cannot
reject this attempt.
- and, while there, don't try to remove the ff02::/32 interface route
entry in in6_ifdetach() as it's already gone.
This also includes some level of support for the standard source
address selection algorithm defined in RFC3484, which will be
completed on in the future.
From the KAME project via JINMEI Tatuya.
Approved by core@.
2006-01-21 03:15:35 +03:00
|
|
|
if (IN6_IS_ADDR_MULTICAST(dst6) ||
|
2001-06-28 03:40:50 +04:00
|
|
|
(af == AF_INET && IN_MULTICAST(dst4->s_addr))) {
|
1999-12-13 18:17:17 +03:00
|
|
|
/*
|
|
|
|
* Deliver a multicast or broadcast datagram to *all* sockets
|
|
|
|
* for which the local and remote addresses and ports match
|
|
|
|
* those of the incoming datagram. This allows more than
|
|
|
|
* one process to receive multi/broadcasts on the same port.
|
|
|
|
* (This really ought to be done for unicast datagrams as
|
|
|
|
* well, but that would cause problems with existing
|
|
|
|
* applications that open both address-specific sockets and
|
|
|
|
* a wildcard socket listening to the same port -- they would
|
|
|
|
* end up receiving duplicates of every unicast datagram.
|
|
|
|
* Those applications open the multiple sockets to overcome an
|
|
|
|
* inadequacy of the UDP socket interface, but for backwards
|
|
|
|
* compatibility we avoid the problem here rather than
|
|
|
|
* fixing the interface. Maybe 4.5BSD will remedy this?)
|
|
|
|
*/
|
|
|
|
|
|
|
|
/*
|
2001-12-21 05:51:08 +03:00
|
|
|
* KAME note: traditionally we dropped udpiphdr from mbuf here.
|
2000-08-30 19:04:45 +04:00
|
|
|
* we need udpiphdr for IPsec processing so we do that later.
|
1999-12-13 18:17:17 +03:00
|
|
|
*/
|
|
|
|
/*
|
|
|
|
* Locate pcb(s) for datagram.
|
|
|
|
*/
|
2003-09-04 13:16:57 +04:00
|
|
|
CIRCLEQ_FOREACH(inph, &udbtable.inpt_queue, inph_queue) {
|
|
|
|
in6p = (struct in6pcb *)inph;
|
|
|
|
if (in6p->in6p_af != AF_INET6)
|
|
|
|
continue;
|
|
|
|
|
2001-06-28 03:40:50 +04:00
|
|
|
if (in6p->in6p_lport != dport)
|
1999-12-13 18:17:17 +03:00
|
|
|
continue;
|
|
|
|
if (!IN6_IS_ADDR_UNSPECIFIED(&in6p->in6p_laddr)) {
|
Better support of IPv6 scoped addresses.
- most of the kernel code will not care about the actual encoding of
scope zone IDs and won't touch "s6_addr16[1]" directly.
- similarly, most of the kernel code will not care about link-local
scoped addresses as a special case.
- scope boundary check will be stricter. For example, the current
*BSD code allows a packet with src=::1 and dst=(some global IPv6
address) to be sent outside of the node, if the application do:
s = socket(AF_INET6);
bind(s, "::1");
sendto(s, some_global_IPv6_addr);
This is clearly wrong, since ::1 is only meaningful within a single
node, but the current implementation of the *BSD kernel cannot
reject this attempt.
- and, while there, don't try to remove the ff02::/32 interface route
entry in in6_ifdetach() as it's already gone.
This also includes some level of support for the standard source
address selection algorithm defined in RFC3484, which will be
completed on in the future.
From the KAME project via JINMEI Tatuya.
Approved by core@.
2006-01-21 03:15:35 +03:00
|
|
|
if (!IN6_ARE_ADDR_EQUAL(&in6p->in6p_laddr,
|
|
|
|
dst6))
|
1999-12-13 18:17:17 +03:00
|
|
|
continue;
|
2001-12-21 05:51:08 +03:00
|
|
|
} else {
|
Better support of IPv6 scoped addresses.
- most of the kernel code will not care about the actual encoding of
scope zone IDs and won't touch "s6_addr16[1]" directly.
- similarly, most of the kernel code will not care about link-local
scoped addresses as a special case.
- scope boundary check will be stricter. For example, the current
*BSD code allows a packet with src=::1 and dst=(some global IPv6
address) to be sent outside of the node, if the application do:
s = socket(AF_INET6);
bind(s, "::1");
sendto(s, some_global_IPv6_addr);
This is clearly wrong, since ::1 is only meaningful within a single
node, but the current implementation of the *BSD kernel cannot
reject this attempt.
- and, while there, don't try to remove the ff02::/32 interface route
entry in in6_ifdetach() as it's already gone.
This also includes some level of support for the standard source
address selection algorithm defined in RFC3484, which will be
completed on in the future.
From the KAME project via JINMEI Tatuya.
Approved by core@.
2006-01-21 03:15:35 +03:00
|
|
|
if (IN6_IS_ADDR_V4MAPPED(dst6) &&
|
2001-10-15 13:51:15 +04:00
|
|
|
(in6p->in6p_flags & IN6P_IPV6_V6ONLY))
|
2000-01-06 09:41:18 +03:00
|
|
|
continue;
|
|
|
|
}
|
1999-12-13 18:17:17 +03:00
|
|
|
if (!IN6_IS_ADDR_UNSPECIFIED(&in6p->in6p_faddr)) {
|
2001-06-28 03:40:50 +04:00
|
|
|
if (!IN6_ARE_ADDR_EQUAL(&in6p->in6p_faddr,
|
|
|
|
&src6) || in6p->in6p_fport != sport)
|
1999-12-13 18:17:17 +03:00
|
|
|
continue;
|
2001-12-21 05:51:08 +03:00
|
|
|
} else {
|
2001-06-28 03:40:50 +04:00
|
|
|
if (IN6_IS_ADDR_V4MAPPED(&src6) &&
|
2001-10-15 13:51:15 +04:00
|
|
|
(in6p->in6p_flags & IN6P_IPV6_V6ONLY))
|
2000-01-06 09:41:18 +03:00
|
|
|
continue;
|
|
|
|
}
|
1999-12-13 18:17:17 +03:00
|
|
|
|
|
|
|
udp6_sendup(m, off, (struct sockaddr *)src,
|
|
|
|
in6p->in6p_socket);
|
|
|
|
rcvcnt++;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Don't look for additional matches if this one does
|
|
|
|
* not have either the SO_REUSEPORT or SO_REUSEADDR
|
|
|
|
* socket options set. This heuristic avoids searching
|
|
|
|
* through all pcbs in the common case of a non-shared
|
|
|
|
* port. It assumes that an application will never
|
|
|
|
* clear these options after setting them.
|
|
|
|
*/
|
|
|
|
if ((in6p->in6p_socket->so_options &
|
|
|
|
(SO_REUSEPORT|SO_REUSEADDR)) == 0)
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
} else {
|
|
|
|
/*
|
|
|
|
* Locate pcb for datagram.
|
|
|
|
*/
|
Better support of IPv6 scoped addresses.
- most of the kernel code will not care about the actual encoding of
scope zone IDs and won't touch "s6_addr16[1]" directly.
- similarly, most of the kernel code will not care about link-local
scoped addresses as a special case.
- scope boundary check will be stricter. For example, the current
*BSD code allows a packet with src=::1 and dst=(some global IPv6
address) to be sent outside of the node, if the application do:
s = socket(AF_INET6);
bind(s, "::1");
sendto(s, some_global_IPv6_addr);
This is clearly wrong, since ::1 is only meaningful within a single
node, but the current implementation of the *BSD kernel cannot
reject this attempt.
- and, while there, don't try to remove the ff02::/32 interface route
entry in in6_ifdetach() as it's already gone.
This also includes some level of support for the standard source
address selection algorithm defined in RFC3484, which will be
completed on in the future.
From the KAME project via JINMEI Tatuya.
Approved by core@.
2006-01-21 03:15:35 +03:00
|
|
|
in6p = in6_pcblookup_connect(&udbtable, &src6, sport, dst6,
|
Reduces the resources demanded by TCP sessions in TIME_WAIT-state using
methods called Vestigial Time-Wait (VTW) and Maximum Segment Lifetime
Truncation (MSLT).
MSLT and VTW were contributed by Coyote Point Systems, Inc.
Even after a TCP session enters the TIME_WAIT state, its corresponding
socket and protocol control blocks (PCBs) stick around until the TCP
Maximum Segment Lifetime (MSL) expires. On a host whose workload
necessarily creates and closes down many TCP sockets, the sockets & PCBs
for TCP sessions in TIME_WAIT state amount to many megabytes of dead
weight in RAM.
Maximum Segment Lifetimes Truncation (MSLT) assigns each TCP session to
a class based on the nearness of the peer. Corresponding to each class
is an MSL, and a session uses the MSL of its class. The classes are
loopback (local host equals remote host), local (local host and remote
host are on the same link/subnet), and remote (local host and remote
host communicate via one or more gateways). Classes corresponding to
nearer peers have lower MSLs by default: 2 seconds for loopback, 10
seconds for local, 60 seconds for remote. Loopback and local sessions
expire more quickly when MSLT is used.
Vestigial Time-Wait (VTW) replaces a TIME_WAIT session's PCB/socket
dead weight with a compact representation of the session, called a
"vestigial PCB". VTW data structures are designed to be very fast and
memory-efficient: for fast insertion and lookup of vestigial PCBs,
the PCBs are stored in a hash table that is designed to minimize the
number of cacheline visits per lookup/insertion. The memory both
for vestigial PCBs and for elements of the PCB hashtable come from
fixed-size pools, and linked data structures exploit this to conserve
memory by representing references with a narrow index/offset from the
start of a pool instead of a pointer. When space for new vestigial PCBs
runs out, VTW makes room by discarding old vestigial PCBs, oldest first.
VTW cooperates with MSLT.
It may help to think of VTW as a "FIN cache" by analogy to the SYN
cache.
A 2.8-GHz Pentium 4 running a test workload that creates TIME_WAIT
sessions as fast as it can is approximately 17% idle when VTW is active
versus 0% idle when VTW is inactive. It has 103 megabytes more free RAM
when VTW is active (approximately 64k vestigial PCBs are created) than
when it is inactive.
2011-05-03 22:28:44 +04:00
|
|
|
dport, 0, 0);
|
1999-12-13 18:17:17 +03:00
|
|
|
if (in6p == 0) {
|
2008-04-12 09:58:22 +04:00
|
|
|
UDP_STATINC(UDP_STAT_PCBHASHMISS);
|
Better support of IPv6 scoped addresses.
- most of the kernel code will not care about the actual encoding of
scope zone IDs and won't touch "s6_addr16[1]" directly.
- similarly, most of the kernel code will not care about link-local
scoped addresses as a special case.
- scope boundary check will be stricter. For example, the current
*BSD code allows a packet with src=::1 and dst=(some global IPv6
address) to be sent outside of the node, if the application do:
s = socket(AF_INET6);
bind(s, "::1");
sendto(s, some_global_IPv6_addr);
This is clearly wrong, since ::1 is only meaningful within a single
node, but the current implementation of the *BSD kernel cannot
reject this attempt.
- and, while there, don't try to remove the ff02::/32 interface route
entry in in6_ifdetach() as it's already gone.
This also includes some level of support for the standard source
address selection algorithm defined in RFC3484, which will be
completed on in the future.
From the KAME project via JINMEI Tatuya.
Approved by core@.
2006-01-21 03:15:35 +03:00
|
|
|
in6p = in6_pcblookup_bind(&udbtable, dst6, dport, 0);
|
2001-07-25 10:05:16 +04:00
|
|
|
if (in6p == 0)
|
1999-12-13 18:17:17 +03:00
|
|
|
return rcvcnt;
|
|
|
|
}
|
|
|
|
|
|
|
|
udp6_sendup(m, off, (struct sockaddr *)src, in6p->in6p_socket);
|
|
|
|
rcvcnt++;
|
|
|
|
}
|
|
|
|
|
|
|
|
bad:
|
|
|
|
return rcvcnt;
|
|
|
|
}
|
|
|
|
#endif
|
|
|
|
|
2000-10-17 07:06:42 +04:00
|
|
|
#ifdef INET
|
1993-03-21 12:45:37 +03:00
|
|
|
/*
|
|
|
|
* Notify a udp user of an asynchronous error;
|
|
|
|
* just wake up so that he can collect error status.
|
|
|
|
*/
|
1994-01-09 02:17:18 +03:00
|
|
|
static void
|
2004-04-19 03:35:56 +04:00
|
|
|
udp_notify(struct inpcb *inp, int errno)
|
1993-03-21 12:45:37 +03:00
|
|
|
{
|
|
|
|
inp->inp_socket->so_error = errno;
|
|
|
|
sorwakeup(inp->inp_socket);
|
|
|
|
sowwakeup(inp->inp_socket);
|
|
|
|
}
|
|
|
|
|
1996-02-14 02:40:59 +03:00
|
|
|
void *
|
KNF: de-__P, bzero -> memset, bcmp -> memcmp. Remove extraneous
parentheses in return statements.
Cosmetic: don't open-code TAILQ_FOREACH().
Cosmetic: change types of variables to avoid oodles of casts: in
in6_src.c, avoid casts by changing several route_in6 pointers
to struct route pointers. Remove unnecessary casts to caddr_t
elsewhere.
Pave the way for eliminating address family-specific route caches:
soon, struct route will not embed a sockaddr, but it will hold
a reference to an external sockaddr, instead. We will set the
destination sockaddr using rtcache_setdst(). (I created a stub
for it, but it isn't used anywhere, yet.) rtcache_free() will
free the sockaddr. I have extracted from rtcache_free() a helper
subroutine, rtcache_clear(). rtcache_clear() will "forget" a
cached route, but it will not forget the destination by releasing
the sockaddr. I use rtcache_clear() instead of rtcache_free()
in rtcache_update(), because rtcache_update() is not supposed
to forget the destination.
Constify:
1 Introduce const accessor for route->ro_dst, rtcache_getdst().
2 Constify the 'dst' argument to ifnet->if_output(). This
led me to constify a lot of code called by output routines.
3 Constify the sockaddr argument to protosw->pr_ctlinput. This
led me to constify a lot of code called by ctlinput routines.
4 Introduce const macros for converting from a generic sockaddr
to family-specific sockaddrs, e.g., sockaddr_in: satocsin6,
satocsin, et cetera.
2007-02-18 01:34:07 +03:00
|
|
|
udp_ctlinput(int cmd, const struct sockaddr *sa, void *v)
|
1993-03-21 12:45:37 +03:00
|
|
|
{
|
2000-03-30 16:51:13 +04:00
|
|
|
struct ip *ip = v;
|
|
|
|
struct udphdr *uh;
|
2004-04-19 03:35:56 +04:00
|
|
|
void (*notify)(struct inpcb *, int) = udp_notify;
|
1995-06-12 10:48:54 +04:00
|
|
|
int errno;
|
1993-03-21 12:45:37 +03:00
|
|
|
|
1999-12-13 18:17:17 +03:00
|
|
|
if (sa->sa_family != AF_INET
|
|
|
|
|| sa->sa_len != sizeof(struct sockaddr_in))
|
1999-08-09 14:55:29 +04:00
|
|
|
return NULL;
|
1995-06-12 10:46:34 +04:00
|
|
|
if ((unsigned)cmd >= PRC_NCMDS)
|
1996-02-14 02:40:59 +03:00
|
|
|
return NULL;
|
1995-06-12 10:46:34 +04:00
|
|
|
errno = inetctlerrmap[cmd];
|
1995-06-12 04:46:47 +04:00
|
|
|
if (PRC_IS_REDIRECT(cmd))
|
1995-06-12 10:24:21 +04:00
|
|
|
notify = in_rtchange, ip = 0;
|
1995-06-12 04:46:47 +04:00
|
|
|
else if (cmd == PRC_HOSTDEAD)
|
1995-06-12 10:24:21 +04:00
|
|
|
ip = 0;
|
1995-06-26 12:46:16 +04:00
|
|
|
else if (errno == 0)
|
1996-02-14 02:40:59 +03:00
|
|
|
return NULL;
|
1995-06-12 10:24:21 +04:00
|
|
|
if (ip) {
|
2007-03-04 08:59:00 +03:00
|
|
|
uh = (struct udphdr *)((char *)ip + (ip->ip_hl << 2));
|
KNF: de-__P, bzero -> memset, bcmp -> memcmp. Remove extraneous
parentheses in return statements.
Cosmetic: don't open-code TAILQ_FOREACH().
Cosmetic: change types of variables to avoid oodles of casts: in
in6_src.c, avoid casts by changing several route_in6 pointers
to struct route pointers. Remove unnecessary casts to caddr_t
elsewhere.
Pave the way for eliminating address family-specific route caches:
soon, struct route will not embed a sockaddr, but it will hold
a reference to an external sockaddr, instead. We will set the
destination sockaddr using rtcache_setdst(). (I created a stub
for it, but it isn't used anywhere, yet.) rtcache_free() will
free the sockaddr. I have extracted from rtcache_free() a helper
subroutine, rtcache_clear(). rtcache_clear() will "forget" a
cached route, but it will not forget the destination by releasing
the sockaddr. I use rtcache_clear() instead of rtcache_free()
in rtcache_update(), because rtcache_update() is not supposed
to forget the destination.
Constify:
1 Introduce const accessor for route->ro_dst, rtcache_getdst().
2 Constify the 'dst' argument to ifnet->if_output(). This
led me to constify a lot of code called by output routines.
3 Constify the sockaddr argument to protosw->pr_ctlinput. This
led me to constify a lot of code called by ctlinput routines.
4 Introduce const macros for converting from a generic sockaddr
to family-specific sockaddrs, e.g., sockaddr_in: satocsin6,
satocsin, et cetera.
2007-02-18 01:34:07 +03:00
|
|
|
in_pcbnotify(&udbtable, satocsin(sa)->sin_addr, uh->uh_dport,
|
1996-09-09 18:51:07 +04:00
|
|
|
ip->ip_src, uh->uh_sport, errno, notify);
|
1999-12-13 18:17:17 +03:00
|
|
|
|
|
|
|
/* XXX mapped address case */
|
1995-06-12 10:24:21 +04:00
|
|
|
} else
|
KNF: de-__P, bzero -> memset, bcmp -> memcmp. Remove extraneous
parentheses in return statements.
Cosmetic: don't open-code TAILQ_FOREACH().
Cosmetic: change types of variables to avoid oodles of casts: in
in6_src.c, avoid casts by changing several route_in6 pointers
to struct route pointers. Remove unnecessary casts to caddr_t
elsewhere.
Pave the way for eliminating address family-specific route caches:
soon, struct route will not embed a sockaddr, but it will hold
a reference to an external sockaddr, instead. We will set the
destination sockaddr using rtcache_setdst(). (I created a stub
for it, but it isn't used anywhere, yet.) rtcache_free() will
free the sockaddr. I have extracted from rtcache_free() a helper
subroutine, rtcache_clear(). rtcache_clear() will "forget" a
cached route, but it will not forget the destination by releasing
the sockaddr. I use rtcache_clear() instead of rtcache_free()
in rtcache_update(), because rtcache_update() is not supposed
to forget the destination.
Constify:
1 Introduce const accessor for route->ro_dst, rtcache_getdst().
2 Constify the 'dst' argument to ifnet->if_output(). This
led me to constify a lot of code called by output routines.
3 Constify the sockaddr argument to protosw->pr_ctlinput. This
led me to constify a lot of code called by ctlinput routines.
4 Introduce const macros for converting from a generic sockaddr
to family-specific sockaddrs, e.g., sockaddr_in: satocsin6,
satocsin, et cetera.
2007-02-18 01:34:07 +03:00
|
|
|
in_pcbnotifyall(&udbtable, satocsin(sa)->sin_addr, errno,
|
1996-09-09 18:51:07 +04:00
|
|
|
notify);
|
1996-02-14 02:40:59 +03:00
|
|
|
return NULL;
|
1993-03-21 12:45:37 +03:00
|
|
|
}
|
|
|
|
|
2005-02-12 15:31:07 +03:00
|
|
|
int
|
2008-08-06 19:01:23 +04:00
|
|
|
udp_ctloutput(int op, struct socket *so, struct sockopt *sopt)
|
2005-02-12 15:31:07 +03:00
|
|
|
{
|
|
|
|
int s;
|
|
|
|
int error = 0;
|
|
|
|
struct inpcb *inp;
|
|
|
|
int family;
|
2008-08-06 19:01:23 +04:00
|
|
|
int optval;
|
2005-02-12 15:31:07 +03:00
|
|
|
|
|
|
|
family = so->so_proto->pr_domain->dom_family;
|
|
|
|
|
|
|
|
s = splsoftnet();
|
|
|
|
switch (family) {
|
|
|
|
#ifdef INET
|
|
|
|
case PF_INET:
|
2008-08-06 19:01:23 +04:00
|
|
|
if (sopt->sopt_level != IPPROTO_UDP) {
|
|
|
|
error = ip_ctloutput(op, so, sopt);
|
2005-02-12 15:31:07 +03:00
|
|
|
goto end;
|
|
|
|
}
|
|
|
|
break;
|
|
|
|
#endif
|
|
|
|
#ifdef INET6
|
|
|
|
case PF_INET6:
|
2008-08-06 19:01:23 +04:00
|
|
|
if (sopt->sopt_level != IPPROTO_UDP) {
|
|
|
|
error = ip6_ctloutput(op, so, sopt);
|
2005-02-12 15:31:07 +03:00
|
|
|
goto end;
|
|
|
|
}
|
|
|
|
break;
|
|
|
|
#endif
|
|
|
|
default:
|
|
|
|
error = EAFNOSUPPORT;
|
|
|
|
goto end;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
switch (op) {
|
|
|
|
case PRCO_SETOPT:
|
|
|
|
inp = sotoinpcb(so);
|
|
|
|
|
2008-08-06 19:01:23 +04:00
|
|
|
switch (sopt->sopt_name) {
|
2005-02-12 15:31:07 +03:00
|
|
|
case UDP_ENCAP:
|
2008-08-06 19:01:23 +04:00
|
|
|
error = sockopt_getint(sopt, &optval);
|
|
|
|
if (error)
|
2006-11-10 16:00:23 +03:00
|
|
|
break;
|
2005-02-27 01:45:09 +03:00
|
|
|
|
2008-08-06 19:01:23 +04:00
|
|
|
switch(optval) {
|
2005-02-12 15:31:07 +03:00
|
|
|
#ifdef IPSEC_NAT_T
|
|
|
|
case 0:
|
|
|
|
inp->inp_flags &= ~INP_ESPINUDP_ALL;
|
|
|
|
break;
|
|
|
|
|
|
|
|
case UDP_ENCAP_ESPINUDP:
|
|
|
|
inp->inp_flags &= ~INP_ESPINUDP_ALL;
|
|
|
|
inp->inp_flags |= INP_ESPINUDP;
|
|
|
|
break;
|
2005-02-27 01:45:09 +03:00
|
|
|
|
2005-02-12 15:31:07 +03:00
|
|
|
case UDP_ENCAP_ESPINUDP_NON_IKE:
|
|
|
|
inp->inp_flags &= ~INP_ESPINUDP_ALL;
|
|
|
|
inp->inp_flags |= INP_ESPINUDP_NON_IKE;
|
|
|
|
break;
|
|
|
|
#endif
|
|
|
|
default:
|
|
|
|
error = EINVAL;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
break;
|
2011-09-24 21:18:17 +04:00
|
|
|
|
|
|
|
case UDP_RFC6056ALGO:
|
|
|
|
error = sockopt_getint(sopt, &optval);
|
|
|
|
if (error)
|
|
|
|
break;
|
|
|
|
|
|
|
|
error = rfc6056_algo_index_select(
|
|
|
|
(struct inpcb_hdr *)inp, optval);
|
|
|
|
break;
|
2005-02-12 15:31:07 +03:00
|
|
|
|
|
|
|
default:
|
|
|
|
error = ENOPROTOOPT;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
break;
|
|
|
|
|
|
|
|
default:
|
|
|
|
error = EINVAL;
|
|
|
|
break;
|
2005-02-27 01:45:09 +03:00
|
|
|
}
|
|
|
|
|
2005-02-12 15:31:07 +03:00
|
|
|
end:
|
|
|
|
splx(s);
|
|
|
|
return error;
|
|
|
|
}
|
2005-02-27 01:45:09 +03:00
|
|
|
|
2005-02-12 15:31:07 +03:00
|
|
|
|
1994-01-09 02:17:18 +03:00
|
|
|
int
|
1996-02-14 02:40:59 +03:00
|
|
|
udp_output(struct mbuf *m, ...)
|
|
|
|
{
|
2000-03-30 16:51:13 +04:00
|
|
|
struct inpcb *inp;
|
|
|
|
struct udpiphdr *ui;
|
2004-12-15 07:25:19 +03:00
|
|
|
struct route *ro;
|
2000-03-30 16:51:13 +04:00
|
|
|
int len = m->m_pkthdr.len;
|
1996-05-23 20:22:32 +04:00
|
|
|
int error = 0;
|
1996-02-14 02:40:59 +03:00
|
|
|
va_list ap;
|
|
|
|
|
2003-02-26 09:31:08 +03:00
|
|
|
MCLAIM(m, &udp_tx_mowner);
|
1996-02-14 02:40:59 +03:00
|
|
|
va_start(ap, m);
|
1996-05-23 20:22:32 +04:00
|
|
|
inp = va_arg(ap, struct inpcb *);
|
1996-02-14 02:40:59 +03:00
|
|
|
va_end(ap);
|
1993-03-21 12:45:37 +03:00
|
|
|
|
|
|
|
/*
|
|
|
|
* Calculate data length and get a mbuf
|
|
|
|
* for UDP and IP headers.
|
|
|
|
*/
|
1994-05-13 10:02:48 +04:00
|
|
|
M_PREPEND(m, sizeof(struct udpiphdr), M_DONTWAIT);
|
|
|
|
if (m == 0) {
|
|
|
|
error = ENOBUFS;
|
|
|
|
goto release;
|
|
|
|
}
|
1993-03-21 12:45:37 +03:00
|
|
|
|
1996-10-25 10:35:16 +04:00
|
|
|
/*
|
|
|
|
* Compute the packet length of the IP header, and
|
|
|
|
* punt if the length looks bogus.
|
|
|
|
*/
|
2002-08-14 04:23:27 +04:00
|
|
|
if (len + sizeof(struct udpiphdr) > IP_MAXPACKET) {
|
1996-10-25 10:35:16 +04:00
|
|
|
error = EMSGSIZE;
|
|
|
|
goto release;
|
|
|
|
}
|
|
|
|
|
1993-03-21 12:45:37 +03:00
|
|
|
/*
|
|
|
|
* Fill in mbuf with extended UDP header
|
|
|
|
* and addresses and length put into network format.
|
|
|
|
*/
|
|
|
|
ui = mtod(m, struct udpiphdr *);
|
|
|
|
ui->ui_pr = IPPROTO_UDP;
|
|
|
|
ui->ui_src = inp->inp_laddr;
|
|
|
|
ui->ui_dst = inp->inp_faddr;
|
|
|
|
ui->ui_sport = inp->inp_lport;
|
|
|
|
ui->ui_dport = inp->inp_fport;
|
2001-06-02 20:17:09 +04:00
|
|
|
ui->ui_ulen = htons((u_int16_t)len + sizeof(struct udphdr));
|
1993-03-21 12:45:37 +03:00
|
|
|
|
2004-12-15 07:25:19 +03:00
|
|
|
ro = &inp->inp_route;
|
|
|
|
|
1993-03-21 12:45:37 +03:00
|
|
|
/*
|
2001-06-02 20:17:09 +04:00
|
|
|
* Set up checksum and output datagram.
|
1993-03-21 12:45:37 +03:00
|
|
|
*/
|
|
|
|
if (udpcksum) {
|
2001-06-02 20:17:09 +04:00
|
|
|
/*
|
|
|
|
* XXX Cache pseudo-header checksum part for
|
|
|
|
* XXX "connected" UDP sockets.
|
|
|
|
*/
|
|
|
|
ui->ui_sum = in_cksum_phdr(ui->ui_src.s_addr,
|
|
|
|
ui->ui_dst.s_addr, htons((u_int16_t)len +
|
|
|
|
sizeof(struct udphdr) + IPPROTO_UDP));
|
2005-04-19 01:50:25 +04:00
|
|
|
m->m_pkthdr.csum_flags = M_CSUM_UDPv4;
|
2001-06-02 20:17:09 +04:00
|
|
|
m->m_pkthdr.csum_data = offsetof(struct udphdr, uh_sum);
|
|
|
|
} else
|
|
|
|
ui->ui_sum = 0;
|
2002-08-14 04:23:27 +04:00
|
|
|
((struct ip *)ui)->ip_len = htons(sizeof (struct udpiphdr) + len);
|
1993-03-21 12:45:37 +03:00
|
|
|
((struct ip *)ui)->ip_ttl = inp->inp_ip.ip_ttl; /* XXX */
|
|
|
|
((struct ip *)ui)->ip_tos = inp->inp_ip.ip_tos; /* XXX */
|
2008-04-12 09:58:22 +04:00
|
|
|
UDP_STATINC(UDP_STAT_OPACKETS);
|
1999-07-01 12:12:45 +04:00
|
|
|
|
2004-12-15 07:25:19 +03:00
|
|
|
return (ip_output(m, inp->inp_options, ro,
|
1994-02-10 21:46:04 +03:00
|
|
|
inp->inp_socket->so_options & (SO_DONTROUTE | SO_BROADCAST),
|
2003-08-23 01:53:01 +04:00
|
|
|
inp->inp_moptions, inp->inp_socket));
|
1993-03-21 12:45:37 +03:00
|
|
|
|
|
|
|
release:
|
|
|
|
m_freem(m);
|
|
|
|
return (error);
|
|
|
|
}
|
|
|
|
|
1997-07-29 02:19:53 +04:00
|
|
|
int udp_sendspace = 9216; /* really max datagram size */
|
|
|
|
int udp_recvspace = 40 * (1024 + sizeof(struct sockaddr_in));
|
1993-03-21 12:45:37 +03:00
|
|
|
/* 40 1K datagrams */
|
|
|
|
|
|
|
|
/*ARGSUSED*/
|
1994-01-09 02:17:18 +03:00
|
|
|
int
|
2004-04-19 03:35:56 +04:00
|
|
|
udp_usrreq(struct socket *so, int req, struct mbuf *m, struct mbuf *nam,
|
2005-12-11 15:16:03 +03:00
|
|
|
struct mbuf *control, struct lwp *l)
|
1993-03-21 12:45:37 +03:00
|
|
|
{
|
2000-03-30 16:51:13 +04:00
|
|
|
struct inpcb *inp;
|
1993-03-21 12:45:37 +03:00
|
|
|
int s;
|
2000-03-30 16:51:13 +04:00
|
|
|
int error = 0;
|
1993-03-21 12:45:37 +03:00
|
|
|
|
|
|
|
if (req == PRU_CONTROL)
|
2007-03-04 08:59:00 +03:00
|
|
|
return (in_control(so, (long)m, (void *)nam,
|
2006-07-24 02:06:03 +04:00
|
|
|
(struct ifnet *)control, l));
|
1996-05-23 20:22:32 +04:00
|
|
|
|
2006-10-05 21:35:19 +04:00
|
|
|
s = splsoftnet();
|
|
|
|
|
2000-02-03 02:28:08 +03:00
|
|
|
if (req == PRU_PURGEIF) {
|
2008-04-24 15:38:36 +04:00
|
|
|
mutex_enter(softnet_lock);
|
2001-07-03 12:06:19 +04:00
|
|
|
in_pcbpurgeif0(&udbtable, (struct ifnet *)control);
|
2000-02-03 02:28:08 +03:00
|
|
|
in_purgeif((struct ifnet *)control);
|
|
|
|
in_pcbpurgeif(&udbtable, (struct ifnet *)control);
|
2008-04-24 15:38:36 +04:00
|
|
|
mutex_exit(softnet_lock);
|
2006-10-05 21:35:19 +04:00
|
|
|
splx(s);
|
2000-02-02 01:52:04 +03:00
|
|
|
return (0);
|
|
|
|
}
|
|
|
|
|
1996-05-23 20:22:32 +04:00
|
|
|
inp = sotoinpcb(so);
|
1996-05-23 21:03:27 +04:00
|
|
|
#ifdef DIAGNOSTIC
|
|
|
|
if (req != PRU_SEND && req != PRU_SENDOOB && control)
|
|
|
|
panic("udp_usrreq: unexpected control mbuf");
|
|
|
|
#endif
|
2008-04-24 15:38:36 +04:00
|
|
|
if (req == PRU_ATTACH) {
|
|
|
|
sosetlock(so);
|
|
|
|
} else if (inp == 0) {
|
1993-03-21 12:45:37 +03:00
|
|
|
error = EINVAL;
|
|
|
|
goto release;
|
|
|
|
}
|
1996-05-23 20:22:32 +04:00
|
|
|
|
1993-03-21 12:45:37 +03:00
|
|
|
/*
|
|
|
|
* Note: need to block udp_input while changing
|
|
|
|
* the udp pcb queue and/or pcb addresses.
|
|
|
|
*/
|
|
|
|
switch (req) {
|
|
|
|
|
|
|
|
case PRU_ATTACH:
|
1996-05-23 20:22:32 +04:00
|
|
|
if (inp != 0) {
|
|
|
|
error = EISCONN;
|
1993-03-21 12:45:37 +03:00
|
|
|
break;
|
|
|
|
}
|
2003-02-26 09:31:08 +03:00
|
|
|
#ifdef MBUFTRACE
|
|
|
|
so->so_mowner = &udp_mowner;
|
|
|
|
so->so_rcv.sb_mowner = &udp_rx_mowner;
|
|
|
|
so->so_snd.sb_mowner = &udp_tx_mowner;
|
|
|
|
#endif
|
1996-05-23 20:22:32 +04:00
|
|
|
if (so->so_snd.sb_hiwat == 0 || so->so_rcv.sb_hiwat == 0) {
|
|
|
|
error = soreserve(so, udp_sendspace, udp_recvspace);
|
|
|
|
if (error)
|
|
|
|
break;
|
|
|
|
}
|
1995-06-12 04:46:47 +04:00
|
|
|
error = in_pcballoc(so, &udbtable);
|
1993-03-21 12:45:37 +03:00
|
|
|
if (error)
|
|
|
|
break;
|
1996-05-23 20:22:32 +04:00
|
|
|
inp = sotoinpcb(so);
|
|
|
|
inp->inp_ip.ip_ttl = ip_defttl;
|
1993-03-21 12:45:37 +03:00
|
|
|
break;
|
|
|
|
|
|
|
|
case PRU_DETACH:
|
1996-05-23 20:22:32 +04:00
|
|
|
in_pcbdetach(inp);
|
1993-03-21 12:45:37 +03:00
|
|
|
break;
|
|
|
|
|
|
|
|
case PRU_BIND:
|
2006-07-24 02:06:03 +04:00
|
|
|
error = in_pcbbind(inp, nam, l);
|
1993-03-21 12:45:37 +03:00
|
|
|
break;
|
|
|
|
|
|
|
|
case PRU_LISTEN:
|
|
|
|
error = EOPNOTSUPP;
|
|
|
|
break;
|
|
|
|
|
|
|
|
case PRU_CONNECT:
|
2006-07-24 02:06:03 +04:00
|
|
|
error = in_pcbconnect(inp, nam, l);
|
1996-05-23 20:22:32 +04:00
|
|
|
if (error)
|
1993-03-21 12:45:37 +03:00
|
|
|
break;
|
1996-05-23 20:22:32 +04:00
|
|
|
soisconnected(so);
|
1993-03-21 12:45:37 +03:00
|
|
|
break;
|
|
|
|
|
|
|
|
case PRU_CONNECT2:
|
|
|
|
error = EOPNOTSUPP;
|
|
|
|
break;
|
|
|
|
|
|
|
|
case PRU_DISCONNECT:
|
1996-05-23 20:22:32 +04:00
|
|
|
/*soisdisconnected(so);*/
|
|
|
|
so->so_state &= ~SS_ISCONNECTED; /* XXX */
|
1993-03-21 12:45:37 +03:00
|
|
|
in_pcbdisconnect(inp);
|
1996-09-09 18:51:07 +04:00
|
|
|
inp->inp_laddr = zeroin_addr; /* XXX */
|
1996-09-15 22:11:06 +04:00
|
|
|
in_pcbstate(inp, INP_BOUND); /* XXX */
|
1993-03-21 12:45:37 +03:00
|
|
|
break;
|
|
|
|
|
|
|
|
case PRU_SHUTDOWN:
|
|
|
|
socantsendmore(so);
|
|
|
|
break;
|
|
|
|
|
1996-05-23 20:22:32 +04:00
|
|
|
case PRU_RCVD:
|
|
|
|
error = EOPNOTSUPP;
|
1993-03-21 12:45:37 +03:00
|
|
|
break;
|
|
|
|
|
1996-05-23 20:22:32 +04:00
|
|
|
case PRU_SEND:
|
1996-05-23 21:03:27 +04:00
|
|
|
if (control && control->m_len) {
|
|
|
|
m_freem(control);
|
|
|
|
m_freem(m);
|
|
|
|
error = EINVAL;
|
|
|
|
break;
|
|
|
|
}
|
1996-05-23 20:22:32 +04:00
|
|
|
{
|
1996-09-15 22:11:06 +04:00
|
|
|
struct in_addr laddr; /* XXX */
|
1993-03-21 12:45:37 +03:00
|
|
|
|
2011-07-03 13:03:32 +04:00
|
|
|
memset(&laddr, 0, sizeof laddr);
|
1996-05-23 20:22:32 +04:00
|
|
|
if (nam) {
|
1996-09-15 22:11:06 +04:00
|
|
|
laddr = inp->inp_laddr; /* XXX */
|
1996-05-23 20:22:32 +04:00
|
|
|
if ((so->so_state & SS_ISCONNECTED) != 0) {
|
|
|
|
error = EISCONN;
|
1996-05-23 21:03:27 +04:00
|
|
|
goto die;
|
1996-05-23 20:22:32 +04:00
|
|
|
}
|
2006-07-24 02:06:03 +04:00
|
|
|
error = in_pcbconnect(inp, nam, l);
|
2003-06-15 06:49:32 +04:00
|
|
|
if (error)
|
|
|
|
goto die;
|
1996-05-23 20:22:32 +04:00
|
|
|
} else {
|
|
|
|
if ((so->so_state & SS_ISCONNECTED) == 0) {
|
|
|
|
error = ENOTCONN;
|
1996-05-23 21:03:27 +04:00
|
|
|
goto die;
|
1996-05-23 20:22:32 +04:00
|
|
|
}
|
|
|
|
}
|
1996-05-23 21:05:45 +04:00
|
|
|
error = udp_output(m, inp);
|
2003-06-15 06:49:32 +04:00
|
|
|
m = NULL;
|
1996-05-23 20:22:32 +04:00
|
|
|
if (nam) {
|
|
|
|
in_pcbdisconnect(inp);
|
1996-09-15 22:11:06 +04:00
|
|
|
inp->inp_laddr = laddr; /* XXX */
|
|
|
|
in_pcbstate(inp, INP_BOUND); /* XXX */
|
1996-05-23 20:22:32 +04:00
|
|
|
}
|
2003-06-15 06:49:32 +04:00
|
|
|
die:
|
|
|
|
if (m)
|
|
|
|
m_freem(m);
|
1996-05-23 20:22:32 +04:00
|
|
|
}
|
1993-03-21 12:45:37 +03:00
|
|
|
break;
|
|
|
|
|
|
|
|
case PRU_SENSE:
|
|
|
|
/*
|
|
|
|
* stat: don't bother with a blocksize.
|
|
|
|
*/
|
1996-05-23 20:22:32 +04:00
|
|
|
splx(s);
|
1993-03-21 12:45:37 +03:00
|
|
|
return (0);
|
|
|
|
|
1996-05-23 20:22:32 +04:00
|
|
|
case PRU_RCVOOB:
|
|
|
|
error = EOPNOTSUPP;
|
|
|
|
break;
|
|
|
|
|
1993-03-21 12:45:37 +03:00
|
|
|
case PRU_SENDOOB:
|
1996-05-23 21:03:27 +04:00
|
|
|
m_freem(control);
|
1996-05-23 20:22:32 +04:00
|
|
|
m_freem(m);
|
1993-03-21 12:45:37 +03:00
|
|
|
error = EOPNOTSUPP;
|
|
|
|
break;
|
|
|
|
|
1996-05-23 20:22:32 +04:00
|
|
|
case PRU_SOCKADDR:
|
|
|
|
in_setsockaddr(inp, nam);
|
|
|
|
break;
|
|
|
|
|
|
|
|
case PRU_PEERADDR:
|
|
|
|
in_setpeeraddr(inp, nam);
|
|
|
|
break;
|
1993-03-21 12:45:37 +03:00
|
|
|
|
|
|
|
default:
|
|
|
|
panic("udp_usrreq");
|
|
|
|
}
|
|
|
|
|
|
|
|
release:
|
|
|
|
splx(s);
|
1996-05-23 20:22:32 +04:00
|
|
|
return (error);
|
1993-03-21 12:45:37 +03:00
|
|
|
}
|
1994-05-13 10:02:48 +04:00
|
|
|
|
2008-04-12 09:58:22 +04:00
|
|
|
static int
|
|
|
|
sysctl_net_inet_udp_stats(SYSCTLFN_ARGS)
|
|
|
|
{
|
|
|
|
|
2008-05-04 11:22:14 +04:00
|
|
|
return (NETSTAT_SYSCTL(udpstat_percpu, UDP_NSTATS));
|
2008-04-12 09:58:22 +04:00
|
|
|
}
|
|
|
|
|
1994-05-13 10:02:48 +04:00
|
|
|
/*
|
|
|
|
* Sysctl for udp variables.
|
|
|
|
*/
|
2009-09-16 19:23:04 +04:00
|
|
|
static void
|
|
|
|
sysctl_net_inet_udp_setup(struct sysctllog **clog)
|
1994-05-13 10:02:48 +04:00
|
|
|
{
|
2011-09-24 21:18:17 +04:00
|
|
|
const struct sysctlnode *rfc6056_node;
|
|
|
|
|
2004-03-24 18:34:46 +03:00
|
|
|
sysctl_createv(clog, 0, NULL, NULL,
|
|
|
|
CTLFLAG_PERMANENT,
|
Dynamic sysctl.
Gone are the old kern_sysctl(), cpu_sysctl(), hw_sysctl(),
vfs_sysctl(), etc, routines, along with sysctl_int() et al. Now all
nodes are registered with the tree, and nodes can be added (or
removed) easily, and I/O to and from the tree is handled generically.
Since the nodes are registered with the tree, the mapping from name to
number (and back again) can now be discovered, instead of having to be
hard coded. Adding new nodes to the tree is likewise much simpler --
the new infrastructure handles almost all the work for simple types,
and just about anything else can be done with a small helper function.
All existing nodes are where they were before (numerically speaking),
so all existing consumers of sysctl information should notice no
difference.
PS - I'm sorry, but there's a distinct lack of documentation at the
moment. I'm working on sysctl(3/8/9) right now, and I promise to
watch out for buses.
2003-12-04 22:38:21 +03:00
|
|
|
CTLTYPE_NODE, "net", NULL,
|
|
|
|
NULL, 0, NULL, 0,
|
|
|
|
CTL_NET, CTL_EOL);
|
2004-03-24 18:34:46 +03:00
|
|
|
sysctl_createv(clog, 0, NULL, NULL,
|
|
|
|
CTLFLAG_PERMANENT,
|
Dynamic sysctl.
Gone are the old kern_sysctl(), cpu_sysctl(), hw_sysctl(),
vfs_sysctl(), etc, routines, along with sysctl_int() et al. Now all
nodes are registered with the tree, and nodes can be added (or
removed) easily, and I/O to and from the tree is handled generically.
Since the nodes are registered with the tree, the mapping from name to
number (and back again) can now be discovered, instead of having to be
hard coded. Adding new nodes to the tree is likewise much simpler --
the new infrastructure handles almost all the work for simple types,
and just about anything else can be done with a small helper function.
All existing nodes are where they were before (numerically speaking),
so all existing consumers of sysctl information should notice no
difference.
PS - I'm sorry, but there's a distinct lack of documentation at the
moment. I'm working on sysctl(3/8/9) right now, and I promise to
watch out for buses.
2003-12-04 22:38:21 +03:00
|
|
|
CTLTYPE_NODE, "inet", NULL,
|
|
|
|
NULL, 0, NULL, 0,
|
|
|
|
CTL_NET, PF_INET, CTL_EOL);
|
2004-03-24 18:34:46 +03:00
|
|
|
sysctl_createv(clog, 0, NULL, NULL,
|
|
|
|
CTLFLAG_PERMANENT,
|
2004-05-25 08:33:59 +04:00
|
|
|
CTLTYPE_NODE, "udp",
|
|
|
|
SYSCTL_DESCR("UDPv4 related settings"),
|
Dynamic sysctl.
Gone are the old kern_sysctl(), cpu_sysctl(), hw_sysctl(),
vfs_sysctl(), etc, routines, along with sysctl_int() et al. Now all
nodes are registered with the tree, and nodes can be added (or
removed) easily, and I/O to and from the tree is handled generically.
Since the nodes are registered with the tree, the mapping from name to
number (and back again) can now be discovered, instead of having to be
hard coded. Adding new nodes to the tree is likewise much simpler --
the new infrastructure handles almost all the work for simple types,
and just about anything else can be done with a small helper function.
All existing nodes are where they were before (numerically speaking),
so all existing consumers of sysctl information should notice no
difference.
PS - I'm sorry, but there's a distinct lack of documentation at the
moment. I'm working on sysctl(3/8/9) right now, and I promise to
watch out for buses.
2003-12-04 22:38:21 +03:00
|
|
|
NULL, 0, NULL, 0,
|
|
|
|
CTL_NET, PF_INET, IPPROTO_UDP, CTL_EOL);
|
|
|
|
|
2004-03-24 18:34:46 +03:00
|
|
|
sysctl_createv(clog, 0, NULL, NULL,
|
|
|
|
CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
|
2004-05-25 08:33:59 +04:00
|
|
|
CTLTYPE_INT, "checksum",
|
2004-07-02 22:19:51 +04:00
|
|
|
SYSCTL_DESCR("Compute UDP checksums"),
|
Dynamic sysctl.
Gone are the old kern_sysctl(), cpu_sysctl(), hw_sysctl(),
vfs_sysctl(), etc, routines, along with sysctl_int() et al. Now all
nodes are registered with the tree, and nodes can be added (or
removed) easily, and I/O to and from the tree is handled generically.
Since the nodes are registered with the tree, the mapping from name to
number (and back again) can now be discovered, instead of having to be
hard coded. Adding new nodes to the tree is likewise much simpler --
the new infrastructure handles almost all the work for simple types,
and just about anything else can be done with a small helper function.
All existing nodes are where they were before (numerically speaking),
so all existing consumers of sysctl information should notice no
difference.
PS - I'm sorry, but there's a distinct lack of documentation at the
moment. I'm working on sysctl(3/8/9) right now, and I promise to
watch out for buses.
2003-12-04 22:38:21 +03:00
|
|
|
NULL, 0, &udpcksum, 0,
|
|
|
|
CTL_NET, PF_INET, IPPROTO_UDP, UDPCTL_CHECKSUM,
|
|
|
|
CTL_EOL);
|
2004-03-24 18:34:46 +03:00
|
|
|
sysctl_createv(clog, 0, NULL, NULL,
|
|
|
|
CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
|
2004-05-25 08:33:59 +04:00
|
|
|
CTLTYPE_INT, "sendspace",
|
|
|
|
SYSCTL_DESCR("Default UDP send buffer size"),
|
Dynamic sysctl.
Gone are the old kern_sysctl(), cpu_sysctl(), hw_sysctl(),
vfs_sysctl(), etc, routines, along with sysctl_int() et al. Now all
nodes are registered with the tree, and nodes can be added (or
removed) easily, and I/O to and from the tree is handled generically.
Since the nodes are registered with the tree, the mapping from name to
number (and back again) can now be discovered, instead of having to be
hard coded. Adding new nodes to the tree is likewise much simpler --
the new infrastructure handles almost all the work for simple types,
and just about anything else can be done with a small helper function.
All existing nodes are where they were before (numerically speaking),
so all existing consumers of sysctl information should notice no
difference.
PS - I'm sorry, but there's a distinct lack of documentation at the
moment. I'm working on sysctl(3/8/9) right now, and I promise to
watch out for buses.
2003-12-04 22:38:21 +03:00
|
|
|
NULL, 0, &udp_sendspace, 0,
|
|
|
|
CTL_NET, PF_INET, IPPROTO_UDP, UDPCTL_SENDSPACE,
|
|
|
|
CTL_EOL);
|
2004-03-24 18:34:46 +03:00
|
|
|
sysctl_createv(clog, 0, NULL, NULL,
|
|
|
|
CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
|
2004-05-25 08:33:59 +04:00
|
|
|
CTLTYPE_INT, "recvspace",
|
|
|
|
SYSCTL_DESCR("Default UDP receive buffer size"),
|
Dynamic sysctl.
Gone are the old kern_sysctl(), cpu_sysctl(), hw_sysctl(),
vfs_sysctl(), etc, routines, along with sysctl_int() et al. Now all
nodes are registered with the tree, and nodes can be added (or
removed) easily, and I/O to and from the tree is handled generically.
Since the nodes are registered with the tree, the mapping from name to
number (and back again) can now be discovered, instead of having to be
hard coded. Adding new nodes to the tree is likewise much simpler --
the new infrastructure handles almost all the work for simple types,
and just about anything else can be done with a small helper function.
All existing nodes are where they were before (numerically speaking),
so all existing consumers of sysctl information should notice no
difference.
PS - I'm sorry, but there's a distinct lack of documentation at the
moment. I'm working on sysctl(3/8/9) right now, and I promise to
watch out for buses.
2003-12-04 22:38:21 +03:00
|
|
|
NULL, 0, &udp_recvspace, 0,
|
|
|
|
CTL_NET, PF_INET, IPPROTO_UDP, UDPCTL_RECVSPACE,
|
|
|
|
CTL_EOL);
|
2004-12-15 07:25:19 +03:00
|
|
|
sysctl_createv(clog, 0, NULL, NULL,
|
|
|
|
CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
|
|
|
|
CTLTYPE_INT, "do_loopback_cksum",
|
|
|
|
SYSCTL_DESCR("Perform UDP checksum on loopback"),
|
|
|
|
NULL, 0, &udp_do_loopback_cksum, 0,
|
|
|
|
CTL_NET, PF_INET, IPPROTO_UDP, UDPCTL_LOOPBACKCKSUM,
|
|
|
|
CTL_EOL);
|
2005-03-09 08:07:19 +03:00
|
|
|
sysctl_createv(clog, 0, NULL, NULL,
|
|
|
|
CTLFLAG_PERMANENT,
|
2005-03-11 09:16:15 +03:00
|
|
|
CTLTYPE_STRUCT, "pcblist",
|
2005-03-09 08:07:19 +03:00
|
|
|
SYSCTL_DESCR("UDP protocol control block list"),
|
|
|
|
sysctl_inpcblist, 0, &udbtable, 0,
|
|
|
|
CTL_NET, PF_INET, IPPROTO_UDP, CTL_CREATE,
|
|
|
|
CTL_EOL);
|
2005-08-05 13:21:25 +04:00
|
|
|
sysctl_createv(clog, 0, NULL, NULL,
|
|
|
|
CTLFLAG_PERMANENT,
|
|
|
|
CTLTYPE_STRUCT, "stats",
|
|
|
|
SYSCTL_DESCR("UDP statistics"),
|
2008-04-12 09:58:22 +04:00
|
|
|
sysctl_net_inet_udp_stats, 0, NULL, 0,
|
2005-08-05 13:21:25 +04:00
|
|
|
CTL_NET, PF_INET, IPPROTO_UDP, UDPCTL_STATS,
|
|
|
|
CTL_EOL);
|
2011-09-24 21:18:17 +04:00
|
|
|
/* RFC6056 subtree */
|
|
|
|
sysctl_createv(clog, 0, NULL, &rfc6056_node,
|
|
|
|
CTLFLAG_PERMANENT,
|
|
|
|
CTLTYPE_NODE, "rfc6056",
|
|
|
|
SYSCTL_DESCR("RFC 6056"),
|
|
|
|
NULL, 0, NULL, 0,
|
|
|
|
CTL_NET, PF_INET, IPPROTO_UDP, CTL_CREATE, CTL_EOL);
|
|
|
|
sysctl_createv(clog, 0, &rfc6056_node, NULL,
|
|
|
|
CTLFLAG_PERMANENT,
|
|
|
|
CTLTYPE_STRING, "available",
|
|
|
|
SYSCTL_DESCR("RFC 6056 available algorithms"),
|
|
|
|
sysctl_rfc6056_available, 0, NULL, RFC6056_MAXLEN,
|
|
|
|
CTL_CREATE, CTL_EOL);
|
|
|
|
sysctl_createv(clog, 0, &rfc6056_node, NULL,
|
|
|
|
CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
|
|
|
|
CTLTYPE_STRING, "selected",
|
|
|
|
SYSCTL_DESCR("RFC 6056 selected algorithm"),
|
|
|
|
sysctl_rfc6056_selected, 0, NULL, RFC6056_MAXLEN,
|
|
|
|
CTL_CREATE, CTL_EOL);
|
1994-05-13 10:02:48 +04:00
|
|
|
}
|
2000-10-17 07:06:42 +04:00
|
|
|
#endif
|
2005-02-12 15:31:07 +03:00
|
|
|
|
2008-04-12 09:58:22 +04:00
|
|
|
void
|
|
|
|
udp_statinc(u_int stat)
|
|
|
|
{
|
|
|
|
|
|
|
|
KASSERT(stat < UDP_NSTATS);
|
|
|
|
UDP_STATINC(stat);
|
|
|
|
}
|
|
|
|
|
2005-02-12 15:31:07 +03:00
|
|
|
#if (defined INET && defined IPSEC_NAT_T)
|
|
|
|
/*
|
|
|
|
* Returns:
|
|
|
|
* 1 if the packet was processed
|
|
|
|
* 0 if normal UDP processing should take place
|
2005-12-09 18:36:34 +03:00
|
|
|
* -1 if an error occurent and m was freed
|
2005-02-12 15:31:07 +03:00
|
|
|
*/
|
|
|
|
static int
|
2006-11-10 16:01:55 +03:00
|
|
|
udp4_espinudp(struct mbuf **mp, int off, struct sockaddr *src,
|
2006-10-12 05:30:41 +04:00
|
|
|
struct socket *so)
|
2005-02-12 15:31:07 +03:00
|
|
|
{
|
|
|
|
size_t len;
|
2007-03-04 08:59:00 +03:00
|
|
|
void *data;
|
2005-02-12 15:31:07 +03:00
|
|
|
struct inpcb *inp;
|
|
|
|
size_t skip = 0;
|
|
|
|
size_t minlen;
|
|
|
|
size_t iphdrlen;
|
|
|
|
struct ip *ip;
|
|
|
|
struct mbuf *n;
|
2005-04-23 18:05:28 +04:00
|
|
|
struct m_tag *tag;
|
|
|
|
struct udphdr *udphdr;
|
|
|
|
u_int16_t sport, dport;
|
2005-12-09 18:36:34 +03:00
|
|
|
struct mbuf *m = *mp;
|
2005-02-12 15:31:07 +03:00
|
|
|
|
2005-02-27 01:45:09 +03:00
|
|
|
/*
|
2005-02-12 15:31:07 +03:00
|
|
|
* Collapse the mbuf chain if the first mbuf is too short
|
|
|
|
* The longest case is: UDP + non ESP marker + ESP
|
|
|
|
*/
|
|
|
|
minlen = off + sizeof(u_int64_t) + sizeof(struct esp);
|
|
|
|
if (minlen > m->m_pkthdr.len)
|
|
|
|
minlen = m->m_pkthdr.len;
|
|
|
|
|
|
|
|
if (m->m_len < minlen) {
|
2005-12-09 18:36:34 +03:00
|
|
|
if ((*mp = m_pullup(m, minlen)) == NULL) {
|
2005-02-12 15:31:07 +03:00
|
|
|
printf("udp4_espinudp: m_pullup failed\n");
|
2005-12-09 18:36:34 +03:00
|
|
|
return -1;
|
2005-02-12 15:31:07 +03:00
|
|
|
}
|
2005-12-09 18:36:34 +03:00
|
|
|
m = *mp;
|
2005-02-12 15:31:07 +03:00
|
|
|
}
|
|
|
|
|
2005-02-27 01:45:09 +03:00
|
|
|
len = m->m_len - off;
|
2007-03-04 08:59:00 +03:00
|
|
|
data = mtod(m, char *) + off;
|
2005-02-12 15:31:07 +03:00
|
|
|
inp = sotoinpcb(so);
|
|
|
|
|
|
|
|
/* Ignore keepalive packets */
|
2007-03-04 08:59:00 +03:00
|
|
|
if ((len == 1) && (*(unsigned char *)data == 0xff)) {
|
2005-02-12 15:31:07 +03:00
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
|
2005-02-27 01:45:09 +03:00
|
|
|
/*
|
|
|
|
* Check that the payload is long enough to hold
|
2005-02-12 15:31:07 +03:00
|
|
|
* an ESP header and compute the length of encapsulation
|
2005-02-27 01:45:09 +03:00
|
|
|
* header to remove
|
2005-02-12 15:31:07 +03:00
|
|
|
*/
|
|
|
|
if (inp->inp_flags & INP_ESPINUDP) {
|
|
|
|
u_int32_t *st = (u_int32_t *)data;
|
|
|
|
|
|
|
|
if ((len <= sizeof(struct esp)) || (*st == 0))
|
|
|
|
return 0; /* Normal UDP processing */
|
|
|
|
|
|
|
|
skip = sizeof(struct udphdr);
|
|
|
|
}
|
|
|
|
|
|
|
|
if (inp->inp_flags & INP_ESPINUDP_NON_IKE) {
|
2005-09-03 22:01:07 +04:00
|
|
|
u_int32_t *st = (u_int32_t *)data;
|
2005-02-12 15:31:07 +03:00
|
|
|
|
|
|
|
if ((len <= sizeof(u_int64_t) + sizeof(struct esp))
|
2005-09-03 22:01:07 +04:00
|
|
|
|| ((st[0] | st[1]) != 0))
|
2005-02-12 15:31:07 +03:00
|
|
|
return 0; /* Normal UDP processing */
|
2005-02-27 01:45:09 +03:00
|
|
|
|
2005-02-12 15:31:07 +03:00
|
|
|
skip = sizeof(struct udphdr) + sizeof(u_int64_t);
|
|
|
|
}
|
|
|
|
|
2005-04-23 18:05:28 +04:00
|
|
|
/*
|
|
|
|
* Get the UDP ports. They are handled in network
|
|
|
|
* order everywhere in IPSEC_NAT_T code.
|
|
|
|
*/
|
2007-03-04 08:59:00 +03:00
|
|
|
udphdr = (struct udphdr *)((char *)data - skip);
|
2005-04-23 18:05:28 +04:00
|
|
|
sport = udphdr->uh_sport;
|
|
|
|
dport = udphdr->uh_dport;
|
|
|
|
|
2005-02-12 15:31:07 +03:00
|
|
|
/*
|
|
|
|
* Remove the UDP header (and possibly the non ESP marker)
|
|
|
|
* IP header lendth is iphdrlen
|
2005-02-27 01:45:09 +03:00
|
|
|
* Before:
|
2005-02-12 15:31:07 +03:00
|
|
|
* <--- off --->
|
|
|
|
* +----+------+-----+
|
|
|
|
* | IP | UDP | ESP |
|
|
|
|
* +----+------+-----+
|
|
|
|
* <-skip->
|
|
|
|
* After:
|
|
|
|
* +----+-----+
|
|
|
|
* | IP | ESP |
|
|
|
|
* +----+-----+
|
|
|
|
* <-skip->
|
|
|
|
*/
|
|
|
|
iphdrlen = off - sizeof(struct udphdr);
|
2007-03-04 08:59:00 +03:00
|
|
|
memmove(mtod(m, char *) + skip, mtod(m, void *), iphdrlen);
|
2005-02-12 15:31:07 +03:00
|
|
|
m_adj(m, skip);
|
|
|
|
|
|
|
|
ip = mtod(m, struct ip *);
|
|
|
|
ip->ip_len = htons(ntohs(ip->ip_len) - skip);
|
|
|
|
ip->ip_p = IPPROTO_ESP;
|
|
|
|
|
|
|
|
/*
|
2005-02-27 01:45:09 +03:00
|
|
|
* Copy the mbuf to avoid multiple free, as both
|
|
|
|
* esp4_input (which we call) and udp_input (which
|
2005-02-12 15:31:07 +03:00
|
|
|
* called us) free the mbuf.
|
|
|
|
*/
|
|
|
|
if ((n = m_dup(m, 0, M_COPYALL, M_DONTWAIT)) == NULL) {
|
|
|
|
printf("udp4_espinudp: m_dup failed\n");
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2005-04-23 18:05:28 +04:00
|
|
|
/*
|
|
|
|
* Add a PACKET_TAG_IPSEC_NAT_T_PORT tag to remember
|
|
|
|
* the source UDP port. This is required if we want
|
|
|
|
* to select the right SPD for multiple hosts behind
|
|
|
|
* same NAT
|
|
|
|
*/
|
2005-04-26 00:37:06 +04:00
|
|
|
if ((tag = m_tag_get(PACKET_TAG_IPSEC_NAT_T_PORTS,
|
|
|
|
sizeof(sport) + sizeof(dport), M_DONTWAIT)) == NULL) {
|
|
|
|
printf("udp4_espinudp: m_tag_get failed\n");
|
2005-04-29 17:06:23 +04:00
|
|
|
m_freem(n);
|
2005-04-26 00:37:06 +04:00
|
|
|
return 0;
|
|
|
|
}
|
2005-04-23 18:05:28 +04:00
|
|
|
((u_int16_t *)(tag + 1))[0] = sport;
|
|
|
|
((u_int16_t *)(tag + 1))[1] = dport;
|
|
|
|
m_tag_prepend(n, tag);
|
|
|
|
|
2006-02-23 04:35:19 +03:00
|
|
|
#ifdef FAST_IPSEC
|
2007-06-28 00:38:32 +04:00
|
|
|
ipsec4_common_input(n, iphdrlen, IPPROTO_ESP);
|
2006-02-23 04:35:19 +03:00
|
|
|
#else
|
2005-02-12 15:31:07 +03:00
|
|
|
esp4_input(n, iphdrlen);
|
2006-02-23 04:35:19 +03:00
|
|
|
#endif
|
2005-02-12 15:31:07 +03:00
|
|
|
|
|
|
|
/* We handled it, it shoudln't be handled by UDP */
|
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
#endif
|