udp_usrreq.c revision 1.146.2.3
1 /* $NetBSD: udp_usrreq.c,v 1.146.2.3 2006/09/09 02:58:47 rpaulo Exp $ */ 2 3 /* 4 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. 5 * All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 2. Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in the 14 * documentation and/or other materials provided with the distribution. 15 * 3. Neither the name of the project nor the names of its contributors 16 * may be used to endorse or promote products derived from this software 17 * without specific prior written permission. 18 * 19 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND 20 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 21 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 22 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 23 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 24 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 25 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 26 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 27 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 28 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 29 * SUCH DAMAGE. 30 */ 31 32 /* 33 * Copyright (c) 1982, 1986, 1988, 1990, 1993, 1995 34 * The Regents of the University of California. All rights reserved. 35 * 36 * Redistribution and use in source and binary forms, with or without 37 * modification, are permitted provided that the following conditions 38 * are met: 39 * 1. Redistributions of source code must retain the above copyright 40 * notice, this list of conditions and the following disclaimer. 41 * 2. Redistributions in binary form must reproduce the above copyright 42 * notice, this list of conditions and the following disclaimer in the 43 * documentation and/or other materials provided with the distribution. 44 * 3. Neither the name of the University nor the names of its contributors 45 * may be used to endorse or promote products derived from this software 46 * without specific prior written permission. 47 * 48 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 49 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 50 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 51 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 52 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 53 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 54 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 55 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 56 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 57 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 58 * SUCH DAMAGE. 59 * 60 * @(#)udp_usrreq.c 8.6 (Berkeley) 5/23/95 61 */ 62 63 #include <sys/cdefs.h> 64 __KERNEL_RCSID(0, "$NetBSD: udp_usrreq.c,v 1.146.2.3 2006/09/09 02:58:47 rpaulo Exp $"); 65 66 #include "opt_inet.h" 67 #include "opt_ipsec.h" 68 #include "opt_inet_csum.h" 69 #include "opt_ipkdb.h" 70 #include "opt_mbuftrace.h" 71 72 #include <sys/param.h> 73 #include <sys/malloc.h> 74 #include <sys/mbuf.h> 75 #include <sys/protosw.h> 76 #include <sys/socket.h> 77 #include <sys/socketvar.h> 78 #include <sys/errno.h> 79 #include <sys/stat.h> 80 #include <sys/systm.h> 81 #include <sys/proc.h> 82 #include <sys/domain.h> 83 #include <sys/sysctl.h> 84 85 #include <net/if.h> 86 #include <net/route.h> 87 88 #include <netinet/in.h> 89 #include <netinet/in_systm.h> 90 #include <netinet/in_var.h> 91 #include <netinet/ip.h> 92 #include <netinet/in_pcb.h> 93 #include <netinet/ip_var.h> 94 #include <netinet/ip_icmp.h> 95 #include <netinet/udp.h> 96 #include <netinet/udp_var.h> 97 98 #ifdef INET6 99 #include <netinet/ip6.h> 100 #include <netinet/icmp6.h> 101 #include <netinet6/ip6_var.h> 102 #include <netinet6/udp6_var.h> 103 #include <netinet6/scope6_var.h> 104 #endif 105 106 #ifndef INET6 107 /* always need ip6.h for IP6_EXTHDR_GET */ 108 #include <netinet/ip6.h> 109 #endif 110 111 #include "faith.h" 112 #if defined(NFAITH) && NFAITH > 0 113 #include <net/if_faith.h> 114 #endif 115 116 #include <machine/stdarg.h> 117 118 #ifdef FAST_IPSEC 119 #include <netipsec/ipsec.h> 120 #include <netipsec/ipsec_var.h> /* XXX ipsecstat namespace */ 121 #include <netipsec/esp.h> 122 #ifdef INET6 123 #include <netipsec/ipsec6.h> 124 #endif 125 #endif /* FAST_IPSEC*/ 126 127 #ifdef IPSEC 128 #include <netinet6/ipsec.h> 129 #include <netinet6/esp.h> 130 #include <netkey/key.h> 131 #endif /*IPSEC*/ 132 133 #ifdef IPKDB 134 #include <ipkdb/ipkdb.h> 135 #endif 136 137 /* 138 * UDP protocol implementation. 139 * Per RFC 768, August, 1980. 140 */ 141 #ifndef COMPAT_42 142 int udpcksum = 1; 143 #else 144 int udpcksum = 0; /* XXX */ 145 #endif 146 int udp_do_loopback_cksum = 0; 147 148 struct inpcbtable udbtable; 149 struct udpstat udpstat; 150 151 #ifdef INET 152 #ifdef IPSEC_NAT_T 153 static int udp4_espinudp (struct mbuf **, int, struct sockaddr *, 154 struct socket *); 155 #endif 156 static void udp4_sendup (struct mbuf *, int, struct sockaddr *, 157 struct socket *); 158 static int udp4_realinput (struct sockaddr_in *, struct sockaddr_in *, 159 struct mbuf **, int); 160 static int udp4_input_checksum(struct mbuf *, const struct udphdr *, int, int); 161 #endif 162 #ifdef INET6 163 static void udp6_sendup (struct mbuf *, int, struct sockaddr *, 164 struct socket *); 165 static int udp6_realinput (int, struct sockaddr_in6 *, 166 struct sockaddr_in6 *, struct mbuf *, int); 167 static int udp6_input_checksum(struct mbuf *, const struct udphdr *, int, int); 168 #endif 169 #ifdef INET 170 static void udp_notify (struct inpcb *, int); 171 #endif 172 173 #ifndef UDBHASHSIZE 174 #define UDBHASHSIZE 128 175 #endif 176 int udbhashsize = UDBHASHSIZE; 177 178 #ifdef MBUFTRACE 179 struct mowner udp_mowner = { "udp" }; 180 struct mowner udp_rx_mowner = { "udp", "rx" }; 181 struct mowner udp_tx_mowner = { "udp", "tx" }; 182 #endif 183 184 #ifdef UDP_CSUM_COUNTERS 185 #include <sys/device.h> 186 187 #if defined(INET) 188 struct evcnt udp_hwcsum_bad = EVCNT_INITIALIZER(EVCNT_TYPE_MISC, 189 NULL, "udp", "hwcsum bad"); 190 struct evcnt udp_hwcsum_ok = EVCNT_INITIALIZER(EVCNT_TYPE_MISC, 191 NULL, "udp", "hwcsum ok"); 192 struct evcnt udp_hwcsum_data = EVCNT_INITIALIZER(EVCNT_TYPE_MISC, 193 NULL, "udp", "hwcsum data"); 194 struct evcnt udp_swcsum = EVCNT_INITIALIZER(EVCNT_TYPE_MISC, 195 NULL, "udp", "swcsum"); 196 197 EVCNT_ATTACH_STATIC(udp_hwcsum_bad); 198 EVCNT_ATTACH_STATIC(udp_hwcsum_ok); 199 EVCNT_ATTACH_STATIC(udp_hwcsum_data); 200 EVCNT_ATTACH_STATIC(udp_swcsum); 201 #endif /* defined(INET) */ 202 203 #if defined(INET6) 204 struct evcnt udp6_hwcsum_bad = EVCNT_INITIALIZER(EVCNT_TYPE_MISC, 205 NULL, "udp6", "hwcsum bad"); 206 struct evcnt udp6_hwcsum_ok = EVCNT_INITIALIZER(EVCNT_TYPE_MISC, 207 NULL, "udp6", "hwcsum ok"); 208 struct evcnt udp6_hwcsum_data = EVCNT_INITIALIZER(EVCNT_TYPE_MISC, 209 NULL, "udp6", "hwcsum data"); 210 struct evcnt udp6_swcsum = EVCNT_INITIALIZER(EVCNT_TYPE_MISC, 211 NULL, "udp6", "swcsum"); 212 213 EVCNT_ATTACH_STATIC(udp6_hwcsum_bad); 214 EVCNT_ATTACH_STATIC(udp6_hwcsum_ok); 215 EVCNT_ATTACH_STATIC(udp6_hwcsum_data); 216 EVCNT_ATTACH_STATIC(udp6_swcsum); 217 #endif /* defined(INET6) */ 218 219 #define UDP_CSUM_COUNTER_INCR(ev) (ev)->ev_count++ 220 221 #else 222 223 #define UDP_CSUM_COUNTER_INCR(ev) /* nothing */ 224 225 #endif /* UDP_CSUM_COUNTERS */ 226 227 void 228 udp_init(void) 229 { 230 231 in_pcbinit(&udbtable, udbhashsize, udbhashsize); 232 233 MOWNER_ATTACH(&udp_tx_mowner); 234 MOWNER_ATTACH(&udp_rx_mowner); 235 MOWNER_ATTACH(&udp_mowner); 236 } 237 238 /* 239 * Checksum extended UDP header and data. 240 */ 241 242 int 243 udp_input_checksum(int af, struct mbuf *m, const struct udphdr *uh, 244 int iphlen, int len) 245 { 246 247 switch (af) { 248 #ifdef INET 249 case AF_INET: 250 return udp4_input_checksum(m, uh, iphlen, len); 251 #endif 252 #ifdef INET6 253 case AF_INET6: 254 return udp6_input_checksum(m, uh, iphlen, len); 255 #endif 256 } 257 #ifdef DIAGNOSTIC 258 panic("udp_input_checksum: unknown af %d", af); 259 #endif 260 /* NOTREACHED */ 261 return -1; 262 } 263 264 #ifdef INET 265 266 /* 267 * Checksum extended UDP header and data. 268 */ 269 270 static int 271 udp4_input_checksum(struct mbuf *m, const struct udphdr *uh, 272 int iphlen, int len) 273 { 274 275 /* 276 * XXX it's better to record and check if this mbuf is 277 * already checked. 278 */ 279 280 if (uh->uh_sum == 0) 281 return 0; 282 283 switch (m->m_pkthdr.csum_flags & 284 ((m->m_pkthdr.rcvif->if_csum_flags_rx & M_CSUM_UDPv4) | 285 M_CSUM_TCP_UDP_BAD | M_CSUM_DATA)) { 286 case M_CSUM_UDPv4|M_CSUM_TCP_UDP_BAD: 287 UDP_CSUM_COUNTER_INCR(&udp_hwcsum_bad); 288 goto badcsum; 289 290 case M_CSUM_UDPv4|M_CSUM_DATA: { 291 u_int32_t hw_csum = m->m_pkthdr.csum_data; 292 293 UDP_CSUM_COUNTER_INCR(&udp_hwcsum_data); 294 if (m->m_pkthdr.csum_flags & M_CSUM_NO_PSEUDOHDR) { 295 const struct ip *ip = 296 mtod(m, const struct ip *); 297 298 hw_csum = in_cksum_phdr(ip->ip_src.s_addr, 299 ip->ip_dst.s_addr, 300 htons(hw_csum + len + IPPROTO_UDP)); 301 } 302 if ((hw_csum ^ 0xffff) != 0) 303 goto badcsum; 304 break; 305 } 306 307 case M_CSUM_UDPv4: 308 /* Checksum was okay. */ 309 UDP_CSUM_COUNTER_INCR(&udp_hwcsum_ok); 310 break; 311 312 default: 313 /* 314 * Need to compute it ourselves. Maybe skip checksum 315 * on loopback interfaces. 316 */ 317 if (__predict_true(!(m->m_pkthdr.rcvif->if_flags & 318 IFF_LOOPBACK) || 319 udp_do_loopback_cksum)) { 320 UDP_CSUM_COUNTER_INCR(&udp_swcsum); 321 if (in4_cksum(m, IPPROTO_UDP, iphlen, len) != 0) 322 goto badcsum; 323 } 324 break; 325 } 326 327 return 0; 328 329 badcsum: 330 udpstat.udps_badsum++; 331 return -1; 332 } 333 334 void 335 udp_input(struct mbuf *m, ...) 336 { 337 va_list ap; 338 struct sockaddr_in src, dst; 339 struct ip *ip; 340 struct udphdr *uh; 341 int iphlen; 342 int len; 343 int n; 344 u_int16_t ip_len; 345 346 va_start(ap, m); 347 iphlen = va_arg(ap, int); 348 (void)va_arg(ap, int); /* ignore value, advance ap */ 349 va_end(ap); 350 351 MCLAIM(m, &udp_rx_mowner); 352 udpstat.udps_ipackets++; 353 354 /* 355 * Get IP and UDP header together in first mbuf. 356 */ 357 ip = mtod(m, struct ip *); 358 IP6_EXTHDR_GET(uh, struct udphdr *, m, iphlen, sizeof(struct udphdr)); 359 if (uh == NULL) { 360 udpstat.udps_hdrops++; 361 return; 362 } 363 KASSERT(UDP_HDR_ALIGNED_P(uh)); 364 365 /* destination port of 0 is illegal, based on RFC768. */ 366 if (uh->uh_dport == 0) 367 goto bad; 368 369 /* 370 * Make mbuf data length reflect UDP length. 371 * If not enough data to reflect UDP length, drop. 372 */ 373 ip_len = ntohs(ip->ip_len); 374 len = ntohs((u_int16_t)uh->uh_ulen); 375 if (ip_len != iphlen + len) { 376 if (ip_len < iphlen + len || len < sizeof(struct udphdr)) { 377 udpstat.udps_badlen++; 378 goto bad; 379 } 380 m_adj(m, iphlen + len - ip_len); 381 } 382 383 /* 384 * Checksum extended UDP header and data. 385 */ 386 if (udp4_input_checksum(m, uh, iphlen, len)) 387 goto badcsum; 388 389 /* construct source and dst sockaddrs. */ 390 bzero(&src, sizeof(src)); 391 src.sin_family = AF_INET; 392 src.sin_len = sizeof(struct sockaddr_in); 393 bcopy(&ip->ip_src, &src.sin_addr, sizeof(src.sin_addr)); 394 src.sin_port = uh->uh_sport; 395 bzero(&dst, sizeof(dst)); 396 dst.sin_family = AF_INET; 397 dst.sin_len = sizeof(struct sockaddr_in); 398 bcopy(&ip->ip_dst, &dst.sin_addr, sizeof(dst.sin_addr)); 399 dst.sin_port = uh->uh_dport; 400 401 if ((n = udp4_realinput(&src, &dst, &m, iphlen)) == -1) { 402 udpstat.udps_hdrops++; 403 return; 404 } 405 #ifdef INET6 406 if (IN_MULTICAST(ip->ip_dst.s_addr) || n == 0) { 407 struct sockaddr_in6 src6, dst6; 408 409 bzero(&src6, sizeof(src6)); 410 src6.sin6_family = AF_INET6; 411 src6.sin6_len = sizeof(struct sockaddr_in6); 412 src6.sin6_addr.s6_addr[10] = src6.sin6_addr.s6_addr[11] = 0xff; 413 bcopy(&ip->ip_src, &src6.sin6_addr.s6_addr[12], 414 sizeof(ip->ip_src)); 415 src6.sin6_port = uh->uh_sport; 416 bzero(&dst6, sizeof(dst6)); 417 dst6.sin6_family = AF_INET6; 418 dst6.sin6_len = sizeof(struct sockaddr_in6); 419 dst6.sin6_addr.s6_addr[10] = dst6.sin6_addr.s6_addr[11] = 0xff; 420 bcopy(&ip->ip_dst, &dst6.sin6_addr.s6_addr[12], 421 sizeof(ip->ip_dst)); 422 dst6.sin6_port = uh->uh_dport; 423 424 n += udp6_realinput(AF_INET, &src6, &dst6, m, iphlen); 425 } 426 #endif 427 428 if (n == 0) { 429 if (m->m_flags & (M_BCAST | M_MCAST)) { 430 udpstat.udps_noportbcast++; 431 goto bad; 432 } 433 udpstat.udps_noport++; 434 #ifdef IPKDB 435 if (checkipkdb(&ip->ip_src, uh->uh_sport, uh->uh_dport, 436 m, iphlen + sizeof(struct udphdr), 437 m->m_pkthdr.len - iphlen - sizeof(struct udphdr))) { 438 /* 439 * It was a debugger connect packet, 440 * just drop it now 441 */ 442 goto bad; 443 } 444 #endif 445 icmp_error(m, ICMP_UNREACH, ICMP_UNREACH_PORT, 0, 0); 446 m = NULL; 447 } 448 449 bad: 450 if (m) 451 m_freem(m); 452 return; 453 454 badcsum: 455 m_freem(m); 456 } 457 #endif 458 459 #ifdef INET6 460 static int 461 udp6_input_checksum(struct mbuf *m, const struct udphdr *uh, int off, int len) 462 { 463 464 /* 465 * XXX it's better to record and check if this mbuf is 466 * already checked. 467 */ 468 469 if (__predict_false((m->m_flags & M_LOOP) && !udp_do_loopback_cksum)) { 470 goto good; 471 } 472 if (uh->uh_sum == 0) { 473 udp6stat.udp6s_nosum++; 474 goto bad; 475 } 476 477 switch (m->m_pkthdr.csum_flags & 478 ((m->m_pkthdr.rcvif->if_csum_flags_rx & M_CSUM_UDPv6) | 479 M_CSUM_TCP_UDP_BAD | M_CSUM_DATA)) { 480 case M_CSUM_UDPv6|M_CSUM_TCP_UDP_BAD: 481 UDP_CSUM_COUNTER_INCR(&udp6_hwcsum_bad); 482 udp6stat.udp6s_badsum++; 483 goto bad; 484 485 #if 0 /* notyet */ 486 case M_CSUM_UDPv6|M_CSUM_DATA: 487 #endif 488 489 case M_CSUM_UDPv6: 490 /* Checksum was okay. */ 491 UDP_CSUM_COUNTER_INCR(&udp6_hwcsum_ok); 492 break; 493 494 default: 495 /* 496 * Need to compute it ourselves. Maybe skip checksum 497 * on loopback interfaces. 498 */ 499 UDP_CSUM_COUNTER_INCR(&udp6_swcsum); 500 if (in6_cksum(m, IPPROTO_UDP, off, len) != 0) { 501 udp6stat.udp6s_badsum++; 502 goto bad; 503 } 504 } 505 506 good: 507 return 0; 508 bad: 509 return -1; 510 } 511 512 int 513 udp6_input(struct mbuf **mp, int *offp, int proto) 514 { 515 struct mbuf *m = *mp; 516 int off = *offp; 517 struct sockaddr_in6 src, dst; 518 struct ip6_hdr *ip6; 519 struct udphdr *uh; 520 u_int32_t plen, ulen; 521 522 ip6 = mtod(m, struct ip6_hdr *); 523 524 #if defined(NFAITH) && 0 < NFAITH 525 if (faithprefix(&ip6->ip6_dst)) { 526 /* send icmp6 host unreach? */ 527 m_freem(m); 528 return IPPROTO_DONE; 529 } 530 #endif 531 532 udp6stat.udp6s_ipackets++; 533 534 /* check for jumbogram is done in ip6_input. we can trust pkthdr.len */ 535 plen = m->m_pkthdr.len - off; 536 IP6_EXTHDR_GET(uh, struct udphdr *, m, off, sizeof(struct udphdr)); 537 if (uh == NULL) { 538 ip6stat.ip6s_tooshort++; 539 return IPPROTO_DONE; 540 } 541 KASSERT(UDP_HDR_ALIGNED_P(uh)); 542 ulen = ntohs((u_short)uh->uh_ulen); 543 /* 544 * RFC2675 section 4: jumbograms will have 0 in the UDP header field, 545 * iff payload length > 0xffff. 546 */ 547 if (ulen == 0 && plen > 0xffff) 548 ulen = plen; 549 550 if (plen != ulen) { 551 udp6stat.udp6s_badlen++; 552 goto bad; 553 } 554 555 /* destination port of 0 is illegal, based on RFC768. */ 556 if (uh->uh_dport == 0) 557 goto bad; 558 559 /* Be proactive about malicious use of IPv4 mapped address */ 560 if (IN6_IS_ADDR_V4MAPPED(&ip6->ip6_src) || 561 IN6_IS_ADDR_V4MAPPED(&ip6->ip6_dst)) { 562 /* XXX stat */ 563 goto bad; 564 } 565 566 /* 567 * Checksum extended UDP header and data. Maybe skip checksum 568 * on loopback interfaces. 569 */ 570 if (udp6_input_checksum(m, uh, off, ulen)) 571 goto bad; 572 573 /* 574 * Construct source and dst sockaddrs. 575 */ 576 bzero(&src, sizeof(src)); 577 src.sin6_family = AF_INET6; 578 src.sin6_len = sizeof(struct sockaddr_in6); 579 src.sin6_addr = ip6->ip6_src; 580 src.sin6_port = uh->uh_sport; 581 bzero(&dst, sizeof(dst)); 582 dst.sin6_family = AF_INET6; 583 dst.sin6_len = sizeof(struct sockaddr_in6); 584 dst.sin6_addr = ip6->ip6_dst; 585 dst.sin6_port = uh->uh_dport; 586 587 if (udp6_realinput(AF_INET6, &src, &dst, m, off) == 0) { 588 if (m->m_flags & M_MCAST) { 589 udp6stat.udp6s_noportmcast++; 590 goto bad; 591 } 592 udp6stat.udp6s_noport++; 593 icmp6_error(m, ICMP6_DST_UNREACH, ICMP6_DST_UNREACH_NOPORT, 0); 594 m = NULL; 595 } 596 597 bad: 598 if (m) 599 m_freem(m); 600 return IPPROTO_DONE; 601 } 602 #endif 603 604 #ifdef INET 605 static void 606 udp4_sendup(struct mbuf *m, int off /* offset of data portion */, 607 struct sockaddr *src, struct socket *so) 608 { 609 struct mbuf *opts = NULL; 610 struct mbuf *n; 611 struct inpcb *inp = NULL; 612 613 if (!so) 614 return; 615 switch (so->so_proto->pr_domain->dom_family) { 616 case AF_INET: 617 inp = sotoinpcb(so); 618 break; 619 #ifdef INET6 620 case AF_INET6: 621 break; 622 #endif 623 default: 624 return; 625 } 626 627 #if defined(IPSEC) || defined(FAST_IPSEC) 628 /* check AH/ESP integrity. */ 629 if (so != NULL && ipsec4_in_reject_so(m, so)) { 630 ipsecstat.in_polvio++; 631 if ((n = m_copy(m, 0, M_COPYALL)) != NULL) 632 icmp_error(n, ICMP_UNREACH, ICMP_UNREACH_ADMIN_PROHIBIT, 633 0, 0); 634 return; 635 } 636 #endif /*IPSEC*/ 637 638 if ((n = m_copy(m, 0, M_COPYALL)) != NULL) { 639 if (inp && (inp->inp_flags & INP_CONTROLOPTS 640 || so->so_options & SO_TIMESTAMP)) { 641 struct ip *ip = mtod(n, struct ip *); 642 ip_savecontrol(inp, &opts, ip, n); 643 } 644 645 m_adj(n, off); 646 if (sbappendaddr(&so->so_rcv, src, n, 647 opts) == 0) { 648 m_freem(n); 649 if (opts) 650 m_freem(opts); 651 so->so_rcv.sb_overflowed++; 652 udpstat.udps_fullsock++; 653 } else 654 sorwakeup(so); 655 } 656 } 657 #endif 658 659 #ifdef INET6 660 static void 661 udp6_sendup(struct mbuf *m, int off /* offset of data portion */, 662 struct sockaddr *src, struct socket *so) 663 { 664 struct mbuf *opts = NULL; 665 struct mbuf *n; 666 struct in6pcb *in6p = NULL; 667 668 if (!so) 669 return; 670 if (so->so_proto->pr_domain->dom_family != AF_INET6) 671 return; 672 in6p = sotoin6pcb(so); 673 674 #if defined(IPSEC) || defined(FAST_IPSEC) 675 /* check AH/ESP integrity. */ 676 if (so != NULL && ipsec6_in_reject_so(m, so)) { 677 ipsec6stat.in_polvio++; 678 if ((n = m_copy(m, 0, M_COPYALL)) != NULL) 679 icmp6_error(n, ICMP6_DST_UNREACH, 680 ICMP6_DST_UNREACH_ADMIN, 0); 681 return; 682 } 683 #endif /*IPSEC*/ 684 685 if ((n = m_copy(m, 0, M_COPYALL)) != NULL) { 686 if (in6p && (in6p->in6p_flags & IN6P_CONTROLOPTS 687 || in6p->in6p_socket->so_options & SO_TIMESTAMP)) { 688 struct ip6_hdr *ip6 = mtod(n, struct ip6_hdr *); 689 ip6_savecontrol(in6p, &opts, ip6, n); 690 } 691 692 m_adj(n, off); 693 if (sbappendaddr(&so->so_rcv, src, n, opts) == 0) { 694 m_freem(n); 695 if (opts) 696 m_freem(opts); 697 so->so_rcv.sb_overflowed++; 698 udp6stat.udp6s_fullsock++; 699 } else 700 sorwakeup(so); 701 } 702 } 703 #endif 704 705 #ifdef INET 706 static int 707 udp4_realinput(struct sockaddr_in *src, struct sockaddr_in *dst, 708 struct mbuf **mp, int off /* offset of udphdr */) 709 { 710 u_int16_t *sport, *dport; 711 int rcvcnt; 712 struct in_addr *src4, *dst4; 713 struct inpcb *inp; 714 struct mbuf *m = *mp; 715 716 rcvcnt = 0; 717 off += sizeof(struct udphdr); /* now, offset of payload */ 718 719 if (src->sin_family != AF_INET || dst->sin_family != AF_INET) 720 goto bad; 721 722 src4 = &src->sin_addr; 723 sport = &src->sin_port; 724 dst4 = &dst->sin_addr; 725 dport = &dst->sin_port; 726 727 if (IN_MULTICAST(dst4->s_addr) || 728 in_broadcast(*dst4, m->m_pkthdr.rcvif)) { 729 /* 730 * Deliver a multicast or broadcast datagram to *all* sockets 731 * for which the local and remote addresses and ports match 732 * those of the incoming datagram. This allows more than 733 * one process to receive multi/broadcasts on the same port. 734 * (This really ought to be done for unicast datagrams as 735 * well, but that would cause problems with existing 736 * applications that open both address-specific sockets and 737 * a wildcard socket listening to the same port -- they would 738 * end up receiving duplicates of every unicast datagram. 739 * Those applications open the multiple sockets to overcome an 740 * inadequacy of the UDP socket interface, but for backwards 741 * compatibility we avoid the problem here rather than 742 * fixing the interface. Maybe 4.5BSD will remedy this?) 743 */ 744 745 /* 746 * KAME note: traditionally we dropped udpiphdr from mbuf here. 747 * we need udpiphdr for IPsec processing so we do that later. 748 */ 749 /* 750 * Locate pcb(s) for datagram. 751 */ 752 CIRCLEQ_FOREACH(inp, &udbtable.inpt_queue, inp_queue) { 753 if (inp->inp_af != AF_INET) 754 continue; 755 756 if (inp->inp_lport != *dport) 757 continue; 758 if (!in_nullhost(inp->inp_laddr)) { 759 if (!in_hosteq(inp->inp_laddr, *dst4)) 760 continue; 761 } 762 if (!in_nullhost(inp->inp_faddr)) { 763 if (!in_hosteq(inp->inp_faddr, *src4) || 764 inp->inp_fport != *sport) 765 continue; 766 } 767 768 udp4_sendup(m, off, (struct sockaddr *)src, 769 inp->inp_socket); 770 rcvcnt++; 771 772 /* 773 * Don't look for additional matches if this one does 774 * not have either the SO_REUSEPORT or SO_REUSEADDR 775 * socket options set. This heuristic avoids searching 776 * through all pcbs in the common case of a non-shared 777 * port. It assumes that an application will never 778 * clear these options after setting them. 779 */ 780 if ((inp->inp_socket->so_options & 781 (SO_REUSEPORT|SO_REUSEADDR)) == 0) 782 break; 783 } 784 } else { 785 /* 786 * Locate pcb for datagram. 787 */ 788 inp = in_pcblookup_connect(&udbtable, *src4, *sport, *dst4, *dport); 789 if (inp == 0) { 790 ++udpstat.udps_pcbhashmiss; 791 inp = in_pcblookup_bind(&udbtable, *dst4, *dport); 792 if (inp == 0) 793 return rcvcnt; 794 } 795 796 #ifdef IPSEC_NAT_T 797 /* Handle ESP over UDP */ 798 if (inp->inp_flags & INP_ESPINUDP_ALL) { 799 struct sockaddr *sa = (struct sockaddr *)src; 800 801 switch(udp4_espinudp(mp, off, sa, inp->inp_socket)) { 802 case -1: /* Error, m was freeed */ 803 rcvcnt = -1; 804 goto bad; 805 break; 806 807 case 1: /* ESP over UDP */ 808 rcvcnt++; 809 goto bad; 810 break; 811 812 case 0: /* plain UDP */ 813 default: /* Unexpected */ 814 /* 815 * Normal UDP processing will take place 816 * m may have changed. 817 */ 818 m = *mp; 819 break; 820 } 821 } 822 #endif 823 824 udp4_sendup(m, off, (struct sockaddr *)src, inp->inp_socket); 825 rcvcnt++; 826 } 827 828 bad: 829 return rcvcnt; 830 } 831 #endif 832 833 #ifdef INET6 834 static int 835 udp6_realinput(int af, struct sockaddr_in6 *src, struct sockaddr_in6 *dst, 836 struct mbuf *m, int off) 837 { 838 u_int16_t sport, dport; 839 int rcvcnt; 840 struct in6_addr src6, *dst6; 841 const struct in_addr *dst4; 842 struct inpcb *inp; 843 844 rcvcnt = 0; 845 off += sizeof(struct udphdr); /* now, offset of payload */ 846 847 if (af != AF_INET && af != AF_INET6) 848 goto bad; 849 if (src->sin6_family != AF_INET6 || dst->sin6_family != AF_INET6) 850 goto bad; 851 852 src6 = src->sin6_addr; 853 if (sa6_recoverscope(src) != 0) { 854 /* XXX: should be impossible. */ 855 goto bad; 856 } 857 sport = src->sin6_port; 858 859 dport = dst->sin6_port; 860 dst4 = (struct in_addr *)&dst->sin6_addr.s6_addr[12]; 861 dst6 = &dst->sin6_addr; 862 863 if (IN6_IS_ADDR_MULTICAST(dst6) || 864 (af == AF_INET && IN_MULTICAST(dst4->s_addr))) { 865 /* 866 * Deliver a multicast or broadcast datagram to *all* sockets 867 * for which the local and remote addresses and ports match 868 * those of the incoming datagram. This allows more than 869 * one process to receive multi/broadcasts on the same port. 870 * (This really ought to be done for unicast datagrams as 871 * well, but that would cause problems with existing 872 * applications that open both address-specific sockets and 873 * a wildcard socket listening to the same port -- they would 874 * end up receiving duplicates of every unicast datagram. 875 * Those applications open the multiple sockets to overcome an 876 * inadequacy of the UDP socket interface, but for backwards 877 * compatibility we avoid the problem here rather than 878 * fixing the interface. Maybe 4.5BSD will remedy this?) 879 */ 880 881 /* 882 * KAME note: traditionally we dropped udpiphdr from mbuf here. 883 * we need udpiphdr for IPsec processing so we do that later. 884 */ 885 /* 886 * Locate pcb(s) for datagram. 887 */ 888 CIRCLEQ_FOREACH(inp, &udbtable.inpt_queue, inp_queue) { 889 if (inp->inp_af != AF_INET6) 890 continue; 891 892 if (inp->inp_lport != dport) 893 continue; 894 if (!IN6_IS_ADDR_UNSPECIFIED(&inp->in6p_laddr)) { 895 if (!IN6_ARE_ADDR_EQUAL(&inp->in6p_laddr, 896 dst6)) 897 continue; 898 } else { 899 if (IN6_IS_ADDR_V4MAPPED(dst6) && 900 (inp->inp_flags & IN6P_IPV6_V6ONLY)) 901 continue; 902 } 903 if (!IN6_IS_ADDR_UNSPECIFIED(&inp->in6p_faddr)) { 904 if (!IN6_ARE_ADDR_EQUAL(&inp->in6p_faddr, 905 &src6) || inp->inp_fport != sport) 906 continue; 907 } else { 908 if (IN6_IS_ADDR_V4MAPPED(&src6) && 909 (inp->inp_flags & IN6P_IPV6_V6ONLY)) 910 continue; 911 } 912 913 udp6_sendup(m, off, (struct sockaddr *)src, 914 inp->inp_socket); 915 rcvcnt++; 916 917 /* 918 * Don't look for additional matches if this one does 919 * not have either the SO_REUSEPORT or SO_REUSEADDR 920 * socket options set. This heuristic avoids searching 921 * through all pcbs in the common case of a non-shared 922 * port. It assumes that an application will never 923 * clear these options after setting them. 924 */ 925 if ((inp->inp_socket->so_options & 926 (SO_REUSEPORT|SO_REUSEADDR)) == 0) 927 break; 928 } 929 } else { 930 /* 931 * Locate pcb for datagram. 932 */ 933 inp = in6_pcblookup_connect(&udbtable, &src6, sport, dst6, 934 dport, 0); 935 if (inp == 0) { 936 ++udpstat.udps_pcbhashmiss; 937 inp = in6_pcblookup_bind(&udbtable, dst6, dport, 0); 938 if (inp == 0) 939 return rcvcnt; 940 } 941 942 udp6_sendup(m, off, (struct sockaddr *)src, inp->inp_socket); 943 rcvcnt++; 944 } 945 946 bad: 947 return rcvcnt; 948 } 949 #endif 950 951 #ifdef INET 952 /* 953 * Notify a udp user of an asynchronous error; 954 * just wake up so that he can collect error status. 955 */ 956 static void 957 udp_notify(struct inpcb *inp, int errno) 958 { 959 inp->inp_socket->so_error = errno; 960 sorwakeup(inp->inp_socket); 961 sowwakeup(inp->inp_socket); 962 } 963 964 void * 965 udp_ctlinput(int cmd, struct sockaddr *sa, void *v) 966 { 967 struct ip *ip = v; 968 struct udphdr *uh; 969 void (*notify)(struct inpcb *, int) = udp_notify; 970 int errno; 971 972 if (sa->sa_family != AF_INET 973 || sa->sa_len != sizeof(struct sockaddr_in)) 974 return NULL; 975 if ((unsigned)cmd >= PRC_NCMDS) 976 return NULL; 977 errno = inetctlerrmap[cmd]; 978 if (PRC_IS_REDIRECT(cmd)) 979 notify = in_rtchange, ip = 0; 980 else if (cmd == PRC_HOSTDEAD) 981 ip = 0; 982 else if (errno == 0) 983 return NULL; 984 if (ip) { 985 uh = (struct udphdr *)((caddr_t)ip + (ip->ip_hl << 2)); 986 in_pcbnotify(&udbtable, satosin(sa)->sin_addr, uh->uh_dport, 987 ip->ip_src, uh->uh_sport, errno, notify); 988 989 /* XXX mapped address case */ 990 } else 991 in_pcbnotifyall(&udbtable, satosin(sa)->sin_addr, errno, 992 notify); 993 return NULL; 994 } 995 996 int 997 udp_ctloutput(op, so, level, optname, mp) 998 int op; 999 struct socket *so; 1000 int level, optname; 1001 struct mbuf **mp; 1002 { 1003 int s; 1004 int error = 0; 1005 struct mbuf *m; 1006 struct inpcb *inp; 1007 int family; 1008 1009 family = so->so_proto->pr_domain->dom_family; 1010 1011 s = splsoftnet(); 1012 switch (family) { 1013 #ifdef INET 1014 case PF_INET: 1015 if (level != IPPROTO_UDP) { 1016 error = ip_ctloutput(op, so, level, optname, mp); 1017 goto end; 1018 } 1019 break; 1020 #endif 1021 #ifdef INET6 1022 case PF_INET6: 1023 if (level != IPPROTO_UDP) { 1024 error = ip6_ctloutput(op, so, level, optname, mp); 1025 goto end; 1026 } 1027 break; 1028 #endif 1029 default: 1030 error = EAFNOSUPPORT; 1031 goto end; 1032 break; 1033 } 1034 1035 1036 switch (op) { 1037 case PRCO_SETOPT: 1038 m = *mp; 1039 inp = sotoinpcb(so); 1040 1041 switch (optname) { 1042 case UDP_ENCAP: 1043 if (m == NULL || m->m_len < sizeof (int)) { 1044 error = EINVAL; 1045 goto end; 1046 } 1047 1048 switch(*mtod(m, int *)) { 1049 #ifdef IPSEC_NAT_T 1050 case 0: 1051 inp->inp_flags &= ~INP_ESPINUDP_ALL; 1052 break; 1053 1054 case UDP_ENCAP_ESPINUDP: 1055 inp->inp_flags &= ~INP_ESPINUDP_ALL; 1056 inp->inp_flags |= INP_ESPINUDP; 1057 break; 1058 1059 case UDP_ENCAP_ESPINUDP_NON_IKE: 1060 inp->inp_flags &= ~INP_ESPINUDP_ALL; 1061 inp->inp_flags |= INP_ESPINUDP_NON_IKE; 1062 break; 1063 #endif 1064 default: 1065 error = EINVAL; 1066 goto end; 1067 break; 1068 } 1069 break; 1070 1071 default: 1072 error = ENOPROTOOPT; 1073 goto end; 1074 break; 1075 } 1076 break; 1077 1078 default: 1079 error = EINVAL; 1080 goto end; 1081 break; 1082 } 1083 1084 end: 1085 splx(s); 1086 return error; 1087 } 1088 1089 1090 int 1091 udp_output(struct mbuf *m, ...) 1092 { 1093 struct inpcb *inp; 1094 struct udpiphdr *ui; 1095 struct route *ro; 1096 int len = m->m_pkthdr.len; 1097 int error = 0; 1098 va_list ap; 1099 1100 MCLAIM(m, &udp_tx_mowner); 1101 va_start(ap, m); 1102 inp = va_arg(ap, struct inpcb *); 1103 va_end(ap); 1104 1105 /* 1106 * Calculate data length and get a mbuf 1107 * for UDP and IP headers. 1108 */ 1109 M_PREPEND(m, sizeof(struct udpiphdr), M_DONTWAIT); 1110 if (m == 0) { 1111 error = ENOBUFS; 1112 goto release; 1113 } 1114 1115 /* 1116 * Compute the packet length of the IP header, and 1117 * punt if the length looks bogus. 1118 */ 1119 if (len + sizeof(struct udpiphdr) > IP_MAXPACKET) { 1120 error = EMSGSIZE; 1121 goto release; 1122 } 1123 1124 /* 1125 * Fill in mbuf with extended UDP header 1126 * and addresses and length put into network format. 1127 */ 1128 ui = mtod(m, struct udpiphdr *); 1129 ui->ui_pr = IPPROTO_UDP; 1130 ui->ui_src = inp->inp_laddr; 1131 ui->ui_dst = inp->inp_faddr; 1132 ui->ui_sport = inp->inp_lport; 1133 ui->ui_dport = inp->inp_fport; 1134 ui->ui_ulen = htons((u_int16_t)len + sizeof(struct udphdr)); 1135 1136 ro = &inp->inp_route; 1137 1138 /* 1139 * Set up checksum and output datagram. 1140 */ 1141 if (udpcksum) { 1142 /* 1143 * XXX Cache pseudo-header checksum part for 1144 * XXX "connected" UDP sockets. 1145 */ 1146 ui->ui_sum = in_cksum_phdr(ui->ui_src.s_addr, 1147 ui->ui_dst.s_addr, htons((u_int16_t)len + 1148 sizeof(struct udphdr) + IPPROTO_UDP)); 1149 m->m_pkthdr.csum_flags = M_CSUM_UDPv4; 1150 m->m_pkthdr.csum_data = offsetof(struct udphdr, uh_sum); 1151 } else 1152 ui->ui_sum = 0; 1153 ((struct ip *)ui)->ip_len = htons(sizeof (struct udpiphdr) + len); 1154 ((struct ip *)ui)->ip_ttl = inp->inp_ip.ip_ttl; /* XXX */ 1155 ((struct ip *)ui)->ip_tos = inp->inp_ip.ip_tos; /* XXX */ 1156 udpstat.udps_opackets++; 1157 1158 return (ip_output(m, inp->inp_options, ro, 1159 inp->inp_socket->so_options & (SO_DONTROUTE | SO_BROADCAST), 1160 inp->inp_moptions, inp->inp_socket)); 1161 1162 release: 1163 m_freem(m); 1164 return (error); 1165 } 1166 1167 int udp_sendspace = 9216; /* really max datagram size */ 1168 int udp_recvspace = 40 * (1024 + sizeof(struct sockaddr_in)); 1169 /* 40 1K datagrams */ 1170 1171 /*ARGSUSED*/ 1172 int 1173 udp_usrreq(struct socket *so, int req, struct mbuf *m, struct mbuf *nam, 1174 struct mbuf *control, struct lwp *l) 1175 { 1176 struct inpcb *inp; 1177 int s; 1178 int error = 0; 1179 1180 if (req == PRU_CONTROL) 1181 return (in_control(so, (long)m, (caddr_t)nam, 1182 (struct ifnet *)control, l)); 1183 1184 if (req == PRU_PURGEIF) { 1185 in_pcbpurgeif0(&udbtable, (struct ifnet *)control); 1186 in_purgeif((struct ifnet *)control); 1187 in_pcbpurgeif(&udbtable, (struct ifnet *)control); 1188 return (0); 1189 } 1190 1191 s = splsoftnet(); 1192 inp = sotoinpcb(so); 1193 #ifdef DIAGNOSTIC 1194 if (req != PRU_SEND && req != PRU_SENDOOB && control) 1195 panic("udp_usrreq: unexpected control mbuf"); 1196 #endif 1197 if (inp == 0 && req != PRU_ATTACH) { 1198 error = EINVAL; 1199 goto release; 1200 } 1201 1202 /* 1203 * Note: need to block udp_input while changing 1204 * the udp pcb queue and/or pcb addresses. 1205 */ 1206 switch (req) { 1207 1208 case PRU_ATTACH: 1209 if (inp != 0) { 1210 error = EISCONN; 1211 break; 1212 } 1213 #ifdef MBUFTRACE 1214 so->so_mowner = &udp_mowner; 1215 so->so_rcv.sb_mowner = &udp_rx_mowner; 1216 so->so_snd.sb_mowner = &udp_tx_mowner; 1217 #endif 1218 if (so->so_snd.sb_hiwat == 0 || so->so_rcv.sb_hiwat == 0) { 1219 error = soreserve(so, udp_sendspace, udp_recvspace); 1220 if (error) 1221 break; 1222 } 1223 error = in_pcballoc(so, &udbtable); 1224 if (error) 1225 break; 1226 inp = sotoinpcb(so); 1227 inp->inp_ip.ip_ttl = ip_defttl; 1228 break; 1229 1230 case PRU_DETACH: 1231 in_pcbdetach(inp); 1232 break; 1233 1234 case PRU_BIND: 1235 error = in_pcbbind(inp, nam, l); 1236 break; 1237 1238 case PRU_LISTEN: 1239 error = EOPNOTSUPP; 1240 break; 1241 1242 case PRU_CONNECT: 1243 error = in_pcbconnect(inp, nam, l); 1244 if (error) 1245 break; 1246 soisconnected(so); 1247 break; 1248 1249 case PRU_CONNECT2: 1250 error = EOPNOTSUPP; 1251 break; 1252 1253 case PRU_DISCONNECT: 1254 /*soisdisconnected(so);*/ 1255 so->so_state &= ~SS_ISCONNECTED; /* XXX */ 1256 in_pcbdisconnect(inp); 1257 inp->inp_laddr = zeroin_addr; /* XXX */ 1258 in_pcbstate(inp, INP_BOUND); /* XXX */ 1259 break; 1260 1261 case PRU_SHUTDOWN: 1262 socantsendmore(so); 1263 break; 1264 1265 case PRU_RCVD: 1266 error = EOPNOTSUPP; 1267 break; 1268 1269 case PRU_SEND: 1270 if (control && control->m_len) { 1271 m_freem(control); 1272 m_freem(m); 1273 error = EINVAL; 1274 break; 1275 } 1276 { 1277 struct in_addr laddr; /* XXX */ 1278 1279 if (nam) { 1280 laddr = inp->inp_laddr; /* XXX */ 1281 if ((so->so_state & SS_ISCONNECTED) != 0) { 1282 error = EISCONN; 1283 goto die; 1284 } 1285 error = in_pcbconnect(inp, nam, l); 1286 if (error) 1287 goto die; 1288 } else { 1289 if ((so->so_state & SS_ISCONNECTED) == 0) { 1290 error = ENOTCONN; 1291 goto die; 1292 } 1293 } 1294 error = udp_output(m, inp); 1295 m = NULL; 1296 if (nam) { 1297 in_pcbdisconnect(inp); 1298 inp->inp_laddr = laddr; /* XXX */ 1299 in_pcbstate(inp, INP_BOUND); /* XXX */ 1300 } 1301 die: 1302 if (m) 1303 m_freem(m); 1304 } 1305 break; 1306 1307 case PRU_SENSE: 1308 /* 1309 * stat: don't bother with a blocksize. 1310 */ 1311 splx(s); 1312 return (0); 1313 1314 case PRU_RCVOOB: 1315 error = EOPNOTSUPP; 1316 break; 1317 1318 case PRU_SENDOOB: 1319 m_freem(control); 1320 m_freem(m); 1321 error = EOPNOTSUPP; 1322 break; 1323 1324 case PRU_SOCKADDR: 1325 in_setsockaddr(inp, nam); 1326 break; 1327 1328 case PRU_PEERADDR: 1329 in_setpeeraddr(inp, nam); 1330 break; 1331 1332 default: 1333 panic("udp_usrreq"); 1334 } 1335 1336 release: 1337 splx(s); 1338 return (error); 1339 } 1340 1341 /* 1342 * Sysctl for udp variables. 1343 */ 1344 SYSCTL_SETUP(sysctl_net_inet_udp_setup, "sysctl net.inet.udp subtree setup") 1345 { 1346 1347 sysctl_createv(clog, 0, NULL, NULL, 1348 CTLFLAG_PERMANENT, 1349 CTLTYPE_NODE, "net", NULL, 1350 NULL, 0, NULL, 0, 1351 CTL_NET, CTL_EOL); 1352 sysctl_createv(clog, 0, NULL, NULL, 1353 CTLFLAG_PERMANENT, 1354 CTLTYPE_NODE, "inet", NULL, 1355 NULL, 0, NULL, 0, 1356 CTL_NET, PF_INET, CTL_EOL); 1357 sysctl_createv(clog, 0, NULL, NULL, 1358 CTLFLAG_PERMANENT, 1359 CTLTYPE_NODE, "udp", 1360 SYSCTL_DESCR("UDPv4 related settings"), 1361 NULL, 0, NULL, 0, 1362 CTL_NET, PF_INET, IPPROTO_UDP, CTL_EOL); 1363 1364 sysctl_createv(clog, 0, NULL, NULL, 1365 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 1366 CTLTYPE_INT, "checksum", 1367 SYSCTL_DESCR("Compute UDP checksums"), 1368 NULL, 0, &udpcksum, 0, 1369 CTL_NET, PF_INET, IPPROTO_UDP, UDPCTL_CHECKSUM, 1370 CTL_EOL); 1371 sysctl_createv(clog, 0, NULL, NULL, 1372 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 1373 CTLTYPE_INT, "sendspace", 1374 SYSCTL_DESCR("Default UDP send buffer size"), 1375 NULL, 0, &udp_sendspace, 0, 1376 CTL_NET, PF_INET, IPPROTO_UDP, UDPCTL_SENDSPACE, 1377 CTL_EOL); 1378 sysctl_createv(clog, 0, NULL, NULL, 1379 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 1380 CTLTYPE_INT, "recvspace", 1381 SYSCTL_DESCR("Default UDP receive buffer size"), 1382 NULL, 0, &udp_recvspace, 0, 1383 CTL_NET, PF_INET, IPPROTO_UDP, UDPCTL_RECVSPACE, 1384 CTL_EOL); 1385 sysctl_createv(clog, 0, NULL, NULL, 1386 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 1387 CTLTYPE_INT, "do_loopback_cksum", 1388 SYSCTL_DESCR("Perform UDP checksum on loopback"), 1389 NULL, 0, &udp_do_loopback_cksum, 0, 1390 CTL_NET, PF_INET, IPPROTO_UDP, UDPCTL_LOOPBACKCKSUM, 1391 CTL_EOL); 1392 sysctl_createv(clog, 0, NULL, NULL, 1393 CTLFLAG_PERMANENT, 1394 CTLTYPE_STRUCT, "pcblist", 1395 SYSCTL_DESCR("UDP protocol control block list"), 1396 sysctl_inpcblist, 0, &udbtable, 0, 1397 CTL_NET, PF_INET, IPPROTO_UDP, CTL_CREATE, 1398 CTL_EOL); 1399 sysctl_createv(clog, 0, NULL, NULL, 1400 CTLFLAG_PERMANENT, 1401 CTLTYPE_STRUCT, "stats", 1402 SYSCTL_DESCR("UDP statistics"), 1403 NULL, 0, &udpstat, sizeof(udpstat), 1404 CTL_NET, PF_INET, IPPROTO_UDP, UDPCTL_STATS, 1405 CTL_EOL); 1406 } 1407 #endif 1408 1409 #if (defined INET && defined IPSEC_NAT_T) 1410 /* 1411 * Returns: 1412 * 1 if the packet was processed 1413 * 0 if normal UDP processing should take place 1414 * -1 if an error occurent and m was freed 1415 */ 1416 static int 1417 udp4_espinudp(mp, off, src, so) 1418 struct mbuf **mp; 1419 int off; 1420 struct sockaddr *src; 1421 struct socket *so; 1422 { 1423 size_t len; 1424 caddr_t data; 1425 struct inpcb *inp; 1426 size_t skip = 0; 1427 size_t minlen; 1428 size_t iphdrlen; 1429 struct ip *ip; 1430 struct mbuf *n; 1431 struct m_tag *tag; 1432 struct udphdr *udphdr; 1433 u_int16_t sport, dport; 1434 struct mbuf *m = *mp; 1435 1436 /* 1437 * Collapse the mbuf chain if the first mbuf is too short 1438 * The longest case is: UDP + non ESP marker + ESP 1439 */ 1440 minlen = off + sizeof(u_int64_t) + sizeof(struct esp); 1441 if (minlen > m->m_pkthdr.len) 1442 minlen = m->m_pkthdr.len; 1443 1444 if (m->m_len < minlen) { 1445 if ((*mp = m_pullup(m, minlen)) == NULL) { 1446 printf("udp4_espinudp: m_pullup failed\n"); 1447 return -1; 1448 } 1449 m = *mp; 1450 } 1451 1452 len = m->m_len - off; 1453 data = mtod(m, caddr_t) + off; 1454 inp = sotoinpcb(so); 1455 1456 /* Ignore keepalive packets */ 1457 if ((len == 1) && (data[0] == '\xff')) { 1458 return 1; 1459 } 1460 1461 /* 1462 * Check that the payload is long enough to hold 1463 * an ESP header and compute the length of encapsulation 1464 * header to remove 1465 */ 1466 if (inp->inp_flags & INP_ESPINUDP) { 1467 u_int32_t *st = (u_int32_t *)data; 1468 1469 if ((len <= sizeof(struct esp)) || (*st == 0)) 1470 return 0; /* Normal UDP processing */ 1471 1472 skip = sizeof(struct udphdr); 1473 } 1474 1475 if (inp->inp_flags & INP_ESPINUDP_NON_IKE) { 1476 u_int32_t *st = (u_int32_t *)data; 1477 1478 if ((len <= sizeof(u_int64_t) + sizeof(struct esp)) 1479 || ((st[0] | st[1]) != 0)) 1480 return 0; /* Normal UDP processing */ 1481 1482 skip = sizeof(struct udphdr) + sizeof(u_int64_t); 1483 } 1484 1485 /* 1486 * Get the UDP ports. They are handled in network 1487 * order everywhere in IPSEC_NAT_T code. 1488 */ 1489 udphdr = (struct udphdr *)(data - skip); 1490 sport = udphdr->uh_sport; 1491 dport = udphdr->uh_dport; 1492 1493 /* 1494 * Remove the UDP header (and possibly the non ESP marker) 1495 * IP header lendth is iphdrlen 1496 * Before: 1497 * <--- off ---> 1498 * +----+------+-----+ 1499 * | IP | UDP | ESP | 1500 * +----+------+-----+ 1501 * <-skip-> 1502 * After: 1503 * +----+-----+ 1504 * | IP | ESP | 1505 * +----+-----+ 1506 * <-skip-> 1507 */ 1508 iphdrlen = off - sizeof(struct udphdr); 1509 memmove(mtod(m, caddr_t) + skip, mtod(m, caddr_t), iphdrlen); 1510 m_adj(m, skip); 1511 1512 ip = mtod(m, struct ip *); 1513 ip->ip_len = htons(ntohs(ip->ip_len) - skip); 1514 ip->ip_p = IPPROTO_ESP; 1515 1516 /* 1517 * Copy the mbuf to avoid multiple free, as both 1518 * esp4_input (which we call) and udp_input (which 1519 * called us) free the mbuf. 1520 */ 1521 if ((n = m_dup(m, 0, M_COPYALL, M_DONTWAIT)) == NULL) { 1522 printf("udp4_espinudp: m_dup failed\n"); 1523 return 0; 1524 } 1525 1526 /* 1527 * Add a PACKET_TAG_IPSEC_NAT_T_PORT tag to remember 1528 * the source UDP port. This is required if we want 1529 * to select the right SPD for multiple hosts behind 1530 * same NAT 1531 */ 1532 if ((tag = m_tag_get(PACKET_TAG_IPSEC_NAT_T_PORTS, 1533 sizeof(sport) + sizeof(dport), M_DONTWAIT)) == NULL) { 1534 printf("udp4_espinudp: m_tag_get failed\n"); 1535 m_freem(n); 1536 return 0; 1537 } 1538 ((u_int16_t *)(tag + 1))[0] = sport; 1539 ((u_int16_t *)(tag + 1))[1] = dport; 1540 m_tag_prepend(n, tag); 1541 1542 #ifdef FAST_IPSEC 1543 ipsec4_common_input(n, iphdrlen); 1544 #else 1545 esp4_input(n, iphdrlen); 1546 #endif 1547 1548 /* We handled it, it shoudln't be handled by UDP */ 1549 return 1; 1550 } 1551 #endif 1552
Indexes created Fri Sep 26 20:09:58 GMT 2025