2 * SPDX-License-Identifier: BSD-3-Clause
4 * Copyright (c) 1982, 1986, 1988, 1990, 1993
5 * The Regents of the University of California.
6 * Copyright (c) 2004 The FreeBSD Foundation
7 * Copyright (c) 2004-2008 Robert N. M. Watson
10 * Redistribution and use in source and binary forms, with or without
11 * modification, are permitted provided that the following conditions
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in the
17 * documentation and/or other materials provided with the distribution.
18 * 3. Neither the name of the University nor the names of its contributors
19 * may be used to endorse or promote products derived from this software
20 * without specific prior written permission.
22 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
23 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
24 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
25 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
26 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
27 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
28 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
29 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
30 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
31 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
34 * @(#)uipc_socket.c 8.3 (Berkeley) 4/15/94
38 * Comments on the socket life cycle:
40 * soalloc() sets of socket layer state for a socket, called only by
41 * socreate() and sonewconn(). Socket layer private.
43 * sodealloc() tears down socket layer state for a socket, called only by
44 * sofree() and sonewconn(). Socket layer private.
46 * pru_attach() associates protocol layer state with an allocated socket;
47 * called only once, may fail, aborting socket allocation. This is called
48 * from socreate() and sonewconn(). Socket layer private.
50 * pru_detach() disassociates protocol layer state from an attached socket,
51 * and will be called exactly once for sockets in which pru_attach() has
52 * been successfully called. If pru_attach() returned an error,
53 * pru_detach() will not be called. Socket layer private.
55 * pru_abort() and pru_close() notify the protocol layer that the last
56 * consumer of a socket is starting to tear down the socket, and that the
57 * protocol should terminate the connection. Historically, pru_abort() also
58 * detached protocol state from the socket state, but this is no longer the
61 * socreate() creates a socket and attaches protocol state. This is a public
62 * interface that may be used by socket layer consumers to create new
65 * sonewconn() creates a socket and attaches protocol state. This is a
66 * public interface that may be used by protocols to create new sockets when
67 * a new connection is received and will be available for accept() on a
70 * soclose() destroys a socket after possibly waiting for it to disconnect.
71 * This is a public interface that socket consumers should use to close and
72 * release a socket when done with it.
74 * soabort() destroys a socket without waiting for it to disconnect (used
75 * only for incoming connections that are already partially or fully
76 * connected). This is used internally by the socket layer when clearing
77 * listen socket queues (due to overflow or close on the listen socket), but
78 * is also a public interface protocols may use to abort connections in
79 * their incomplete listen queues should they no longer be required. Sockets
80 * placed in completed connection listen queues should not be aborted for
81 * reasons described in the comment above the soclose() implementation. This
82 * is not a general purpose close routine, and except in the specific
83 * circumstances described here, should not be used.
85 * sofree() will free a socket and its protocol state if all references on
86 * the socket have been released, and is the public interface to attempt to
87 * free a socket when a reference is removed. This is a socket layer private
90 * NOTE: In addition to socreate() and soclose(), which provide a single
91 * socket reference to the consumer to be managed as required, there are two
92 * calls to explicitly manage socket references, soref(), and sorele().
93 * Currently, these are generally required only when transitioning a socket
94 * from a listen queue to a file descriptor, in order to prevent garbage
95 * collection of the socket at an untimely moment. For a number of reasons,
96 * these interfaces are not preferred, and should be avoided.
98 * NOTE: With regard to VNETs the general rule is that callers do not set
99 * curvnet. Exceptions to this rule include soabort(), sodisconnect(),
100 * sofree() (and with that sorele(), sotryfree()), as well as sonewconn()
101 * and sorflush(), which are usually called from a pre-set VNET context.
102 * sopoll() currently does not need a VNET context to be set.
105 #include <sys/cdefs.h>
106 __FBSDID("$FreeBSD$");
108 #include "opt_inet.h"
109 #include "opt_inet6.h"
110 #include "opt_kern_tls.h"
111 #include "opt_sctp.h"
113 #include <sys/param.h>
114 #include <sys/systm.h>
115 #include <sys/capsicum.h>
116 #include <sys/fcntl.h>
117 #include <sys/limits.h>
118 #include <sys/lock.h>
120 #include <sys/malloc.h>
121 #include <sys/mbuf.h>
122 #include <sys/mutex.h>
123 #include <sys/domain.h>
124 #include <sys/file.h> /* for struct knote */
125 #include <sys/hhook.h>
126 #include <sys/kernel.h>
127 #include <sys/khelp.h>
128 #include <sys/ktls.h>
129 #include <sys/event.h>
130 #include <sys/eventhandler.h>
131 #include <sys/poll.h>
132 #include <sys/proc.h>
133 #include <sys/protosw.h>
134 #include <sys/sbuf.h>
135 #include <sys/socket.h>
136 #include <sys/socketvar.h>
137 #include <sys/resourcevar.h>
138 #include <net/route.h>
139 #include <sys/signalvar.h>
140 #include <sys/stat.h>
142 #include <sys/sysctl.h>
143 #include <sys/taskqueue.h>
146 #include <sys/unpcb.h>
147 #include <sys/jail.h>
148 #include <sys/syslog.h>
149 #include <netinet/in.h>
150 #include <netinet/in_pcb.h>
151 #include <netinet/tcp.h>
153 #include <net/vnet.h>
155 #include <security/mac/mac_framework.h>
159 #ifdef COMPAT_FREEBSD32
160 #include <sys/mount.h>
161 #include <sys/sysent.h>
162 #include <compat/freebsd32/freebsd32.h>
165 static int soreceive_rcvoob(struct socket *so, struct uio *uio,
167 static void so_rdknl_lock(void *);
168 static void so_rdknl_unlock(void *);
169 static void so_rdknl_assert_lock(void *, int);
170 static void so_wrknl_lock(void *);
171 static void so_wrknl_unlock(void *);
172 static void so_wrknl_assert_lock(void *, int);
174 static void filt_sordetach(struct knote *kn);
175 static int filt_soread(struct knote *kn, long hint);
176 static void filt_sowdetach(struct knote *kn);
177 static int filt_sowrite(struct knote *kn, long hint);
178 static int filt_soempty(struct knote *kn, long hint);
179 static int inline hhook_run_socket(struct socket *so, void *hctx, int32_t h_id);
180 fo_kqfilter_t soo_kqfilter;
182 static struct filterops soread_filtops = {
184 .f_detach = filt_sordetach,
185 .f_event = filt_soread,
187 static struct filterops sowrite_filtops = {
189 .f_detach = filt_sowdetach,
190 .f_event = filt_sowrite,
192 static struct filterops soempty_filtops = {
194 .f_detach = filt_sowdetach,
195 .f_event = filt_soempty,
198 so_gen_t so_gencnt; /* generation count for sockets */
200 MALLOC_DEFINE(M_SONAME, "soname", "socket name");
201 MALLOC_DEFINE(M_PCB, "pcb", "protocol control block");
203 #define VNET_SO_ASSERT(so) \
204 VNET_ASSERT(curvnet != NULL, \
205 ("%s:%d curvnet is NULL, so=%p", __func__, __LINE__, (so)));
207 VNET_DEFINE(struct hhook_head *, socket_hhh[HHOOK_SOCKET_LAST + 1]);
208 #define V_socket_hhh VNET(socket_hhh)
211 * Limit on the number of connections in the listen queue waiting
213 * NB: The original sysctl somaxconn is still available but hidden
214 * to prevent confusion about the actual purpose of this number.
216 static u_int somaxconn = SOMAXCONN;
219 sysctl_somaxconn(SYSCTL_HANDLER_ARGS)
225 error = sysctl_handle_int(oidp, &val, 0, req);
226 if (error || !req->newptr )
230 * The purpose of the UINT_MAX / 3 limit, is so that the formula
232 * below, will not overflow.
235 if (val < 1 || val > UINT_MAX / 3)
241 SYSCTL_PROC(_kern_ipc, OID_AUTO, soacceptqueue,
242 CTLTYPE_UINT | CTLFLAG_RW | CTLFLAG_MPSAFE, 0, sizeof(int),
243 sysctl_somaxconn, "I",
244 "Maximum listen socket pending connection accept queue size");
245 SYSCTL_PROC(_kern_ipc, KIPC_SOMAXCONN, somaxconn,
246 CTLTYPE_UINT | CTLFLAG_RW | CTLFLAG_SKIP | CTLFLAG_MPSAFE, 0,
247 sizeof(int), sysctl_somaxconn, "I",
248 "Maximum listen socket pending connection accept queue size (compat)");
250 static int numopensockets;
251 SYSCTL_INT(_kern_ipc, OID_AUTO, numopensockets, CTLFLAG_RD,
252 &numopensockets, 0, "Number of open sockets");
255 * accept_mtx locks down per-socket fields relating to accept queues. See
256 * socketvar.h for an annotation of the protected fields of struct socket.
258 struct mtx accept_mtx;
259 MTX_SYSINIT(accept_mtx, &accept_mtx, "accept", MTX_DEF);
262 * so_global_mtx protects so_gencnt, numopensockets, and the per-socket
265 static struct mtx so_global_mtx;
266 MTX_SYSINIT(so_global_mtx, &so_global_mtx, "so_glabel", MTX_DEF);
269 * General IPC sysctl name space, used by sockets and a variety of other IPC
272 SYSCTL_NODE(_kern, KERN_IPC, ipc, CTLFLAG_RW | CTLFLAG_MPSAFE, 0,
276 * Initialize the socket subsystem and set up the socket
279 static uma_zone_t socket_zone;
283 socket_zone_change(void *tag)
286 maxsockets = uma_zone_set_max(socket_zone, maxsockets);
290 socket_hhook_register(int subtype)
293 if (hhook_head_register(HHOOK_TYPE_SOCKET, subtype,
294 &V_socket_hhh[subtype],
295 HHOOK_NOWAIT|HHOOK_HEADISINVNET) != 0)
296 printf("%s: WARNING: unable to register hook\n", __func__);
300 socket_hhook_deregister(int subtype)
303 if (hhook_head_deregister(V_socket_hhh[subtype]) != 0)
304 printf("%s: WARNING: unable to deregister hook\n", __func__);
308 socket_init(void *tag)
311 socket_zone = uma_zcreate("socket", sizeof(struct socket), NULL, NULL,
312 NULL, NULL, UMA_ALIGN_PTR, 0);
313 maxsockets = uma_zone_set_max(socket_zone, maxsockets);
314 uma_zone_set_warning(socket_zone, "kern.ipc.maxsockets limit reached");
315 EVENTHANDLER_REGISTER(maxsockets_change, socket_zone_change, NULL,
316 EVENTHANDLER_PRI_FIRST);
318 SYSINIT(socket, SI_SUB_PROTO_DOMAININIT, SI_ORDER_ANY, socket_init, NULL);
321 socket_vnet_init(const void *unused __unused)
325 /* We expect a contiguous range */
326 for (i = 0; i <= HHOOK_SOCKET_LAST; i++)
327 socket_hhook_register(i);
329 VNET_SYSINIT(socket_vnet_init, SI_SUB_PROTO_DOMAININIT, SI_ORDER_ANY,
330 socket_vnet_init, NULL);
333 socket_vnet_uninit(const void *unused __unused)
337 for (i = 0; i <= HHOOK_SOCKET_LAST; i++)
338 socket_hhook_deregister(i);
340 VNET_SYSUNINIT(socket_vnet_uninit, SI_SUB_PROTO_DOMAININIT, SI_ORDER_ANY,
341 socket_vnet_uninit, NULL);
344 * Initialise maxsockets. This SYSINIT must be run after
348 init_maxsockets(void *ignored)
351 TUNABLE_INT_FETCH("kern.ipc.maxsockets", &maxsockets);
352 maxsockets = imax(maxsockets, maxfiles);
354 SYSINIT(param, SI_SUB_TUNABLES, SI_ORDER_ANY, init_maxsockets, NULL);
357 * Sysctl to get and set the maximum global sockets limit. Notify protocols
358 * of the change so that they can update their dependent limits as required.
361 sysctl_maxsockets(SYSCTL_HANDLER_ARGS)
363 int error, newmaxsockets;
365 newmaxsockets = maxsockets;
366 error = sysctl_handle_int(oidp, &newmaxsockets, 0, req);
367 if (error == 0 && req->newptr && newmaxsockets != maxsockets) {
368 if (newmaxsockets > maxsockets &&
369 newmaxsockets <= maxfiles) {
370 maxsockets = newmaxsockets;
371 EVENTHANDLER_INVOKE(maxsockets_change);
377 SYSCTL_PROC(_kern_ipc, OID_AUTO, maxsockets,
378 CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_MPSAFE, &maxsockets, 0,
379 sysctl_maxsockets, "IU",
380 "Maximum number of sockets available");
383 * Socket operation routines. These routines are called by the routines in
384 * sys_socket.c or from a system process, and implement the semantics of
385 * socket operations by switching out to the protocol specific routines.
389 * Get a socket structure from our zone, and initialize it. Note that it
390 * would probably be better to allocate socket and PCB at the same time, but
391 * I'm not convinced that all the protocols can be easily modified to do
394 * soalloc() returns a socket with a ref count of 0.
396 static struct socket *
397 soalloc(struct vnet *vnet)
401 so = uma_zalloc(socket_zone, M_NOWAIT | M_ZERO);
405 if (mac_socket_init(so, M_NOWAIT) != 0) {
406 uma_zfree(socket_zone, so);
410 if (khelp_init_osd(HELPER_CLASS_SOCKET, &so->osd)) {
411 uma_zfree(socket_zone, so);
416 * The socket locking protocol allows to lock 2 sockets at a time,
417 * however, the first one must be a listening socket. WITNESS lacks
418 * a feature to change class of an existing lock, so we use DUPOK.
420 mtx_init(&so->so_lock, "socket", NULL, MTX_DEF | MTX_DUPOK);
421 so->so_snd.sb_mtx = &so->so_snd_mtx;
422 so->so_rcv.sb_mtx = &so->so_rcv_mtx;
423 mtx_init(&so->so_snd_mtx, "so_snd", NULL, MTX_DEF);
424 mtx_init(&so->so_rcv_mtx, "so_rcv", NULL, MTX_DEF);
425 so->so_rcv.sb_sel = &so->so_rdsel;
426 so->so_snd.sb_sel = &so->so_wrsel;
427 sx_init(&so->so_snd_sx, "so_snd_sx");
428 sx_init(&so->so_rcv_sx, "so_rcv_sx");
429 TAILQ_INIT(&so->so_snd.sb_aiojobq);
430 TAILQ_INIT(&so->so_rcv.sb_aiojobq);
431 TASK_INIT(&so->so_snd.sb_aiotask, 0, soaio_snd, so);
432 TASK_INIT(&so->so_rcv.sb_aiotask, 0, soaio_rcv, so);
434 VNET_ASSERT(vnet != NULL, ("%s:%d vnet is NULL, so=%p",
435 __func__, __LINE__, so));
438 /* We shouldn't need the so_global_mtx */
439 if (hhook_run_socket(so, NULL, HHOOK_SOCKET_CREATE)) {
440 /* Do we need more comprehensive error returns? */
441 uma_zfree(socket_zone, so);
444 mtx_lock(&so_global_mtx);
445 so->so_gencnt = ++so_gencnt;
448 vnet->vnet_sockcnt++;
450 mtx_unlock(&so_global_mtx);
456 * Free the storage associated with a socket at the socket layer, tear down
457 * locks, labels, etc. All protocol state is assumed already to have been
458 * torn down (and possibly never set up) by the caller.
461 sodealloc(struct socket *so)
464 KASSERT(so->so_count == 0, ("sodealloc(): so_count %d", so->so_count));
465 KASSERT(so->so_pcb == NULL, ("sodealloc(): so_pcb != NULL"));
467 mtx_lock(&so_global_mtx);
468 so->so_gencnt = ++so_gencnt;
469 --numopensockets; /* Could be below, but faster here. */
471 VNET_ASSERT(so->so_vnet != NULL, ("%s:%d so_vnet is NULL, so=%p",
472 __func__, __LINE__, so));
473 so->so_vnet->vnet_sockcnt--;
475 mtx_unlock(&so_global_mtx);
477 mac_socket_destroy(so);
479 hhook_run_socket(so, NULL, HHOOK_SOCKET_CLOSE);
481 khelp_destroy_osd(&so->osd);
482 if (SOLISTENING(so)) {
483 if (so->sol_accept_filter != NULL)
484 accept_filt_setopt(so, NULL);
486 if (so->so_rcv.sb_hiwat)
487 (void)chgsbsize(so->so_cred->cr_uidinfo,
488 &so->so_rcv.sb_hiwat, 0, RLIM_INFINITY);
489 if (so->so_snd.sb_hiwat)
490 (void)chgsbsize(so->so_cred->cr_uidinfo,
491 &so->so_snd.sb_hiwat, 0, RLIM_INFINITY);
492 sx_destroy(&so->so_snd_sx);
493 sx_destroy(&so->so_rcv_sx);
494 mtx_destroy(&so->so_snd_mtx);
495 mtx_destroy(&so->so_rcv_mtx);
498 mtx_destroy(&so->so_lock);
499 uma_zfree(socket_zone, so);
503 * socreate returns a socket with a ref count of 1. The socket should be
504 * closed with soclose().
507 socreate(int dom, struct socket **aso, int type, int proto,
508 struct ucred *cred, struct thread *td)
515 prp = pffindproto(dom, proto, type);
517 prp = pffindtype(dom, type);
520 /* No support for domain. */
521 if (pffinddomain(dom) == NULL)
522 return (EAFNOSUPPORT);
523 /* No support for socket type. */
524 if (proto == 0 && type != 0)
526 return (EPROTONOSUPPORT);
528 if (prp->pr_usrreqs->pru_attach == NULL ||
529 prp->pr_usrreqs->pru_attach == pru_attach_notsupp)
530 return (EPROTONOSUPPORT);
532 if (IN_CAPABILITY_MODE(td) && (prp->pr_flags & PR_CAPATTACH) == 0)
535 if (prison_check_af(cred, prp->pr_domain->dom_family) != 0)
536 return (EPROTONOSUPPORT);
538 if (prp->pr_type != type)
540 so = soalloc(CRED_TO_VNET(cred));
545 so->so_cred = crhold(cred);
546 if ((prp->pr_domain->dom_family == PF_INET) ||
547 (prp->pr_domain->dom_family == PF_INET6) ||
548 (prp->pr_domain->dom_family == PF_ROUTE))
549 so->so_fibnum = td->td_proc->p_fibnum;
554 mac_socket_create(cred, so);
556 knlist_init(&so->so_rdsel.si_note, so, so_rdknl_lock, so_rdknl_unlock,
557 so_rdknl_assert_lock);
558 knlist_init(&so->so_wrsel.si_note, so, so_wrknl_lock, so_wrknl_unlock,
559 so_wrknl_assert_lock);
561 * Auto-sizing of socket buffers is managed by the protocols and
562 * the appropriate flags must be set in the pru_attach function.
564 CURVNET_SET(so->so_vnet);
565 error = (*prp->pr_usrreqs->pru_attach)(so, proto, td);
577 static int regression_sonewconn_earlytest = 1;
578 SYSCTL_INT(_regression, OID_AUTO, sonewconn_earlytest, CTLFLAG_RW,
579 ®ression_sonewconn_earlytest, 0, "Perform early sonewconn limit test");
582 static struct timeval overinterval = { 60, 0 };
583 SYSCTL_TIMEVAL_SEC(_kern_ipc, OID_AUTO, sooverinterval, CTLFLAG_RW,
585 "Delay in seconds between warnings for listen socket overflows");
588 * When an attempt at a new connection is noted on a socket which accepts
589 * connections, sonewconn is called. If the connection is possible (subject
590 * to space constraints, etc.) then we allocate a new structure, properly
591 * linked into the data structure of the original socket, and return this.
592 * Connstatus may be 0, or SS_ISCONFIRMING, or SS_ISCONNECTED.
594 * Note: the ref count on the socket is 0 on return.
597 sonewconn(struct socket *head, int connstatus)
603 const char localprefix[] = "local:";
604 char descrbuf[SUNPATHLEN + sizeof(localprefix)];
606 char addrbuf[INET6_ADDRSTRLEN];
608 char addrbuf[INET_ADDRSTRLEN];
613 over = (head->sol_qlen > 3 * head->sol_qlimit / 2);
615 if (regression_sonewconn_earlytest && over) {
619 head->sol_overcount++;
620 dolog = !!ratecheck(&head->sol_lastover, &overinterval);
623 * If we're going to log, copy the overflow count and queue
624 * length from the listen socket before dropping the lock.
625 * Also, reset the overflow count.
628 overcount = head->sol_overcount;
629 head->sol_overcount = 0;
630 qlen = head->sol_qlen;
632 SOLISTEN_UNLOCK(head);
636 * Try to print something descriptive about the
637 * socket for the error message.
639 sbuf_new(&descrsb, descrbuf, sizeof(descrbuf),
641 switch (head->so_proto->pr_domain->dom_family) {
642 #if defined(INET) || defined(INET6)
648 if (head->so_proto->pr_domain->dom_family ==
650 (sotoinpcb(head)->inp_inc.inc_flags &
653 &sotoinpcb(head)->inp_inc.inc6_laddr);
654 sbuf_printf(&descrsb, "[%s]", addrbuf);
660 sotoinpcb(head)->inp_inc.inc_laddr,
662 sbuf_cat(&descrsb, addrbuf);
665 sbuf_printf(&descrsb, ":%hu (proto %u)",
666 ntohs(sotoinpcb(head)->inp_inc.inc_lport),
667 head->so_proto->pr_protocol);
669 #endif /* INET || INET6 */
671 sbuf_cat(&descrsb, localprefix);
672 if (sotounpcb(head)->unp_addr != NULL)
674 sotounpcb(head)->unp_addr->sun_len -
675 offsetof(struct sockaddr_un,
681 sotounpcb(head)->unp_addr->sun_path,
684 sbuf_cat(&descrsb, "(unknown)");
689 * If we can't print something more specific, at least
690 * print the domain name.
692 if (sbuf_finish(&descrsb) != 0 ||
693 sbuf_len(&descrsb) <= 0) {
694 sbuf_clear(&descrsb);
696 head->so_proto->pr_domain->dom_name ?:
698 sbuf_finish(&descrsb);
700 KASSERT(sbuf_len(&descrsb) > 0,
701 ("%s: sbuf creation failed", __func__));
702 if (head->so_cred == 0) {
704 "%s: pcb %p (%s): Listen queue overflow: "
705 "%i already in queue awaiting acceptance "
706 "(%d occurrences)\n",
707 __func__, head->so_pcb, sbuf_data(&descrsb),
710 log(LOG_DEBUG, "%s: pcb %p (%s): Listen queue overflow: "
711 "%i already in queue awaiting acceptance "
712 "(%d occurrences), euid %d, rgid %d, jail %s\n",
713 __func__, head->so_pcb, sbuf_data(&descrsb),
715 head->so_cred->cr_uid, head->so_cred->cr_rgid,
716 head->so_cred->cr_prison ?
717 head->so_cred->cr_prison->pr_name :
720 sbuf_delete(&descrsb);
727 SOLISTEN_UNLOCK(head);
728 VNET_ASSERT(head->so_vnet != NULL, ("%s: so %p vnet is NULL",
730 so = soalloc(head->so_vnet);
732 log(LOG_DEBUG, "%s: pcb %p: New socket allocation failure: "
733 "limit reached or out of memory\n",
734 __func__, head->so_pcb);
737 so->so_listen = head;
738 so->so_type = head->so_type;
739 so->so_options = head->so_options & ~SO_ACCEPTCONN;
740 so->so_linger = head->so_linger;
741 so->so_state = head->so_state | SS_NOFDREF;
742 so->so_fibnum = head->so_fibnum;
743 so->so_proto = head->so_proto;
744 so->so_cred = crhold(head->so_cred);
746 mac_socket_newconn(head, so);
748 knlist_init(&so->so_rdsel.si_note, so, so_rdknl_lock, so_rdknl_unlock,
749 so_rdknl_assert_lock);
750 knlist_init(&so->so_wrsel.si_note, so, so_wrknl_lock, so_wrknl_unlock,
751 so_wrknl_assert_lock);
752 VNET_SO_ASSERT(head);
753 if (soreserve(so, head->sol_sbsnd_hiwat, head->sol_sbrcv_hiwat)) {
755 log(LOG_DEBUG, "%s: pcb %p: soreserve() failed\n",
756 __func__, head->so_pcb);
759 if ((*so->so_proto->pr_usrreqs->pru_attach)(so, 0, NULL)) {
761 log(LOG_DEBUG, "%s: pcb %p: pru_attach() failed\n",
762 __func__, head->so_pcb);
765 so->so_rcv.sb_lowat = head->sol_sbrcv_lowat;
766 so->so_snd.sb_lowat = head->sol_sbsnd_lowat;
767 so->so_rcv.sb_timeo = head->sol_sbrcv_timeo;
768 so->so_snd.sb_timeo = head->sol_sbsnd_timeo;
769 so->so_rcv.sb_flags |= head->sol_sbrcv_flags & SB_AUTOSIZE;
770 so->so_snd.sb_flags |= head->sol_sbsnd_flags & SB_AUTOSIZE;
773 if (head->sol_accept_filter != NULL)
775 so->so_state |= connstatus;
776 soref(head); /* A socket on (in)complete queue refs head. */
778 TAILQ_INSERT_TAIL(&head->sol_comp, so, so_list);
779 so->so_qstate = SQ_COMP;
781 solisten_wakeup(head); /* unlocks */
784 * Keep removing sockets from the head until there's room for
785 * us to insert on the tail. In pre-locking revisions, this
786 * was a simple if(), but as we could be racing with other
787 * threads and soabort() requires dropping locks, we must
788 * loop waiting for the condition to be true.
790 while (head->sol_incqlen > head->sol_qlimit) {
793 sp = TAILQ_FIRST(&head->sol_incomp);
794 TAILQ_REMOVE(&head->sol_incomp, sp, so_list);
797 sp->so_qstate = SQ_NONE;
798 sp->so_listen = NULL;
800 sorele_locked(head); /* does SOLISTEN_UNLOCK, head stays */
804 TAILQ_INSERT_TAIL(&head->sol_incomp, so, so_list);
805 so->so_qstate = SQ_INCOMP;
807 SOLISTEN_UNLOCK(head);
812 #if defined(SCTP) || defined(SCTP_SUPPORT)
814 * Socket part of sctp_peeloff(). Detach a new socket from an
815 * association. The new socket is returned with a reference.
818 sopeeloff(struct socket *head)
822 VNET_ASSERT(head->so_vnet != NULL, ("%s:%d so_vnet is NULL, head=%p",
823 __func__, __LINE__, head));
824 so = soalloc(head->so_vnet);
826 log(LOG_DEBUG, "%s: pcb %p: New socket allocation failure: "
827 "limit reached or out of memory\n",
828 __func__, head->so_pcb);
831 so->so_type = head->so_type;
832 so->so_options = head->so_options;
833 so->so_linger = head->so_linger;
834 so->so_state = (head->so_state & SS_NBIO) | SS_ISCONNECTED;
835 so->so_fibnum = head->so_fibnum;
836 so->so_proto = head->so_proto;
837 so->so_cred = crhold(head->so_cred);
839 mac_socket_newconn(head, so);
841 knlist_init(&so->so_rdsel.si_note, so, so_rdknl_lock, so_rdknl_unlock,
842 so_rdknl_assert_lock);
843 knlist_init(&so->so_wrsel.si_note, so, so_wrknl_lock, so_wrknl_unlock,
844 so_wrknl_assert_lock);
845 VNET_SO_ASSERT(head);
846 if (soreserve(so, head->so_snd.sb_hiwat, head->so_rcv.sb_hiwat)) {
848 log(LOG_DEBUG, "%s: pcb %p: soreserve() failed\n",
849 __func__, head->so_pcb);
852 if ((*so->so_proto->pr_usrreqs->pru_attach)(so, 0, NULL)) {
854 log(LOG_DEBUG, "%s: pcb %p: pru_attach() failed\n",
855 __func__, head->so_pcb);
858 so->so_rcv.sb_lowat = head->so_rcv.sb_lowat;
859 so->so_snd.sb_lowat = head->so_snd.sb_lowat;
860 so->so_rcv.sb_timeo = head->so_rcv.sb_timeo;
861 so->so_snd.sb_timeo = head->so_snd.sb_timeo;
862 so->so_rcv.sb_flags |= head->so_rcv.sb_flags & SB_AUTOSIZE;
863 so->so_snd.sb_flags |= head->so_snd.sb_flags & SB_AUTOSIZE;
872 sobind(struct socket *so, struct sockaddr *nam, struct thread *td)
876 CURVNET_SET(so->so_vnet);
877 error = (*so->so_proto->pr_usrreqs->pru_bind)(so, nam, td);
883 sobindat(int fd, struct socket *so, struct sockaddr *nam, struct thread *td)
887 CURVNET_SET(so->so_vnet);
888 error = (*so->so_proto->pr_usrreqs->pru_bindat)(fd, so, nam, td);
894 * solisten() transitions a socket from a non-listening state to a listening
895 * state, but can also be used to update the listen queue depth on an
896 * existing listen socket. The protocol will call back into the sockets
897 * layer using solisten_proto_check() and solisten_proto() to check and set
898 * socket-layer listen state. Call backs are used so that the protocol can
899 * acquire both protocol and socket layer locks in whatever order is required
902 * Protocol implementors are advised to hold the socket lock across the
903 * socket-layer test and set to avoid races at the socket layer.
906 solisten(struct socket *so, int backlog, struct thread *td)
910 CURVNET_SET(so->so_vnet);
911 error = (*so->so_proto->pr_usrreqs->pru_listen)(so, backlog, td);
917 * Prepare for a call to solisten_proto(). Acquire all socket buffer locks in
918 * order to interlock with socket I/O.
921 solisten_proto_check(struct socket *so)
923 SOCK_LOCK_ASSERT(so);
925 if ((so->so_state & (SS_ISCONNECTED | SS_ISCONNECTING |
926 SS_ISDISCONNECTING)) != 0)
930 * Sleeping is not permitted here, so simply fail if userspace is
931 * attempting to transmit or receive on the socket. This kind of
932 * transient failure is not ideal, but it should occur only if userspace
933 * is misusing the socket interfaces.
935 if (!sx_try_xlock(&so->so_snd_sx))
937 if (!sx_try_xlock(&so->so_rcv_sx)) {
938 sx_xunlock(&so->so_snd_sx);
941 mtx_lock(&so->so_snd_mtx);
942 mtx_lock(&so->so_rcv_mtx);
944 /* Interlock with soo_aio_queue(). */
945 if ((so->so_snd.sb_flags & (SB_AIO | SB_AIO_RUNNING)) != 0 ||
946 (so->so_rcv.sb_flags & (SB_AIO | SB_AIO_RUNNING)) != 0) {
947 solisten_proto_abort(so);
954 * Undo the setup done by solisten_proto_check().
957 solisten_proto_abort(struct socket *so)
959 mtx_unlock(&so->so_snd_mtx);
960 mtx_unlock(&so->so_rcv_mtx);
961 sx_xunlock(&so->so_snd_sx);
962 sx_xunlock(&so->so_rcv_sx);
966 solisten_proto(struct socket *so, int backlog)
968 int sbrcv_lowat, sbsnd_lowat;
969 u_int sbrcv_hiwat, sbsnd_hiwat;
970 short sbrcv_flags, sbsnd_flags;
971 sbintime_t sbrcv_timeo, sbsnd_timeo;
973 SOCK_LOCK_ASSERT(so);
974 KASSERT((so->so_state & (SS_ISCONNECTED | SS_ISCONNECTING |
975 SS_ISDISCONNECTING)) == 0,
976 ("%s: bad socket state %p", __func__, so));
982 * Change this socket to listening state.
984 sbrcv_lowat = so->so_rcv.sb_lowat;
985 sbsnd_lowat = so->so_snd.sb_lowat;
986 sbrcv_hiwat = so->so_rcv.sb_hiwat;
987 sbsnd_hiwat = so->so_snd.sb_hiwat;
988 sbrcv_flags = so->so_rcv.sb_flags;
989 sbsnd_flags = so->so_snd.sb_flags;
990 sbrcv_timeo = so->so_rcv.sb_timeo;
991 sbsnd_timeo = so->so_snd.sb_timeo;
993 sbdestroy(so, SO_SND);
994 sbdestroy(so, SO_RCV);
998 sizeof(struct socket) - offsetof(struct socket, so_rcv));
1001 so->sol_sbrcv_lowat = sbrcv_lowat;
1002 so->sol_sbsnd_lowat = sbsnd_lowat;
1003 so->sol_sbrcv_hiwat = sbrcv_hiwat;
1004 so->sol_sbsnd_hiwat = sbsnd_hiwat;
1005 so->sol_sbrcv_flags = sbrcv_flags;
1006 so->sol_sbsnd_flags = sbsnd_flags;
1007 so->sol_sbrcv_timeo = sbrcv_timeo;
1008 so->sol_sbsnd_timeo = sbsnd_timeo;
1010 so->sol_qlen = so->sol_incqlen = 0;
1011 TAILQ_INIT(&so->sol_incomp);
1012 TAILQ_INIT(&so->sol_comp);
1014 so->sol_accept_filter = NULL;
1015 so->sol_accept_filter_arg = NULL;
1016 so->sol_accept_filter_str = NULL;
1018 so->sol_upcall = NULL;
1019 so->sol_upcallarg = NULL;
1021 so->so_options |= SO_ACCEPTCONN;
1024 if (backlog < 0 || backlog > somaxconn)
1025 backlog = somaxconn;
1026 so->sol_qlimit = backlog;
1028 mtx_unlock(&so->so_snd_mtx);
1029 mtx_unlock(&so->so_rcv_mtx);
1030 sx_xunlock(&so->so_snd_sx);
1031 sx_xunlock(&so->so_rcv_sx);
1035 * Wakeup listeners/subsystems once we have a complete connection.
1036 * Enters with lock, returns unlocked.
1039 solisten_wakeup(struct socket *sol)
1042 if (sol->sol_upcall != NULL)
1043 (void )sol->sol_upcall(sol, sol->sol_upcallarg, M_NOWAIT);
1045 selwakeuppri(&sol->so_rdsel, PSOCK);
1046 KNOTE_LOCKED(&sol->so_rdsel.si_note, 0);
1048 SOLISTEN_UNLOCK(sol);
1049 wakeup_one(&sol->sol_comp);
1050 if ((sol->so_state & SS_ASYNC) && sol->so_sigio != NULL)
1051 pgsigio(&sol->so_sigio, SIGIO, 0);
1055 * Return single connection off a listening socket queue. Main consumer of
1056 * the function is kern_accept4(). Some modules, that do their own accept
1057 * management also use the function.
1059 * Listening socket must be locked on entry and is returned unlocked on
1061 * The flags argument is set of accept4(2) flags and ACCEPT4_INHERIT.
1064 solisten_dequeue(struct socket *head, struct socket **ret, int flags)
1069 SOLISTEN_LOCK_ASSERT(head);
1071 while (!(head->so_state & SS_NBIO) && TAILQ_EMPTY(&head->sol_comp) &&
1072 head->so_error == 0) {
1073 error = msleep(&head->sol_comp, SOCK_MTX(head), PSOCK | PCATCH,
1076 SOLISTEN_UNLOCK(head);
1080 if (head->so_error) {
1081 error = head->so_error;
1083 } else if ((head->so_state & SS_NBIO) && TAILQ_EMPTY(&head->sol_comp))
1084 error = EWOULDBLOCK;
1088 SOLISTEN_UNLOCK(head);
1091 so = TAILQ_FIRST(&head->sol_comp);
1093 KASSERT(so->so_qstate == SQ_COMP,
1094 ("%s: so %p not SQ_COMP", __func__, so));
1097 so->so_qstate = SQ_NONE;
1098 so->so_listen = NULL;
1099 TAILQ_REMOVE(&head->sol_comp, so, so_list);
1100 if (flags & ACCEPT4_INHERIT)
1101 so->so_state |= (head->so_state & SS_NBIO);
1103 so->so_state |= (flags & SOCK_NONBLOCK) ? SS_NBIO : 0;
1105 sorele_locked(head);
1112 * Evaluate the reference count and named references on a socket; if no
1113 * references remain, free it. This should be called whenever a reference is
1114 * released, such as in sorele(), but also when named reference flags are
1115 * cleared in socket or protocol code.
1117 * sofree() will free the socket if:
1119 * - There are no outstanding file descriptor references or related consumers
1122 * - The socket has been closed by user space, if ever open (SS_NOFDREF).
1124 * - The protocol does not have an outstanding strong reference on the socket
1127 * - The socket is not in a completed connection queue, so a process has been
1128 * notified that it is present. If it is removed, the user process may
1129 * block in accept() despite select() saying the socket was ready.
1132 sofree(struct socket *so)
1134 struct protosw *pr = so->so_proto;
1135 bool last __diagused;
1137 SOCK_LOCK_ASSERT(so);
1139 if ((so->so_state & (SS_NOFDREF | SS_PROTOREF)) != SS_NOFDREF ||
1140 refcount_load(&so->so_count) != 0 || so->so_qstate == SQ_COMP) {
1145 if (!SOLISTENING(so) && so->so_qstate == SQ_INCOMP) {
1148 sol = so->so_listen;
1149 KASSERT(sol, ("%s: so %p on incomp of NULL", __func__, so));
1152 * To solve race between close of a listening socket and
1153 * a socket on its incomplete queue, we need to lock both.
1154 * The order is first listening socket, then regular.
1155 * Since we don't have SS_NOFDREF neither SS_PROTOREF, this
1156 * function and the listening socket are the only pointers
1157 * to so. To preserve so and sol, we reference both and then
1159 * After relock the socket may not move to so_comp since it
1160 * doesn't have PCB already, but it may be removed from
1161 * so_incomp. If that happens, we share responsiblity on
1162 * freeing the socket, but soclose() has already removed
1170 if (so->so_qstate == SQ_INCOMP) {
1171 KASSERT(so->so_listen == sol,
1172 ("%s: so %p migrated out of sol %p",
1173 __func__, so, sol));
1174 TAILQ_REMOVE(&sol->sol_incomp, so, so_list);
1176 last = refcount_release(&sol->so_count);
1177 KASSERT(!last, ("%s: released last reference for %p",
1179 so->so_qstate = SQ_NONE;
1180 so->so_listen = NULL;
1182 KASSERT(so->so_listen == NULL,
1183 ("%s: so %p not on (in)comp with so_listen",
1186 KASSERT(refcount_load(&so->so_count) == 1,
1187 ("%s: so %p count %u", __func__, so, so->so_count));
1190 if (SOLISTENING(so))
1191 so->so_error = ECONNABORTED;
1194 if (so->so_dtor != NULL)
1198 if ((pr->pr_flags & PR_RIGHTS) && !SOLISTENING(so)) {
1199 MPASS(pr->pr_domain->dom_dispose != NULL);
1200 (*pr->pr_domain->dom_dispose)(so);
1202 if (pr->pr_usrreqs->pru_detach != NULL)
1203 (*pr->pr_usrreqs->pru_detach)(so);
1206 * From this point on, we assume that no other references to this
1207 * socket exist anywhere else in the stack. Therefore, no locks need
1208 * to be acquired or held.
1210 if (!SOLISTENING(so)) {
1211 sbdestroy(so, SO_SND);
1212 sbdestroy(so, SO_RCV);
1214 seldrain(&so->so_rdsel);
1215 seldrain(&so->so_wrsel);
1216 knlist_destroy(&so->so_rdsel.si_note);
1217 knlist_destroy(&so->so_wrsel.si_note);
1222 * Release a reference on a socket while holding the socket lock.
1223 * Unlocks the socket lock before returning.
1226 sorele_locked(struct socket *so)
1228 SOCK_LOCK_ASSERT(so);
1229 if (refcount_release(&so->so_count))
1236 * Close a socket on last file table reference removal. Initiate disconnect
1237 * if connected. Free socket when disconnect complete.
1239 * This function will sorele() the socket. Note that soclose() may be called
1240 * prior to the ref count reaching zero. The actual socket structure will
1241 * not be freed until the ref count reaches zero.
1244 soclose(struct socket *so)
1246 struct accept_queue lqueue;
1248 bool listening, last __diagused;
1250 KASSERT(!(so->so_state & SS_NOFDREF), ("soclose: SS_NOFDREF on enter"));
1252 CURVNET_SET(so->so_vnet);
1253 funsetown(&so->so_sigio);
1254 if (so->so_state & SS_ISCONNECTED) {
1255 if ((so->so_state & SS_ISDISCONNECTING) == 0) {
1256 error = sodisconnect(so);
1258 if (error == ENOTCONN)
1264 if ((so->so_options & SO_LINGER) != 0 && so->so_linger != 0) {
1265 if ((so->so_state & SS_ISDISCONNECTING) &&
1266 (so->so_state & SS_NBIO))
1268 while (so->so_state & SS_ISCONNECTED) {
1269 error = tsleep(&so->so_timeo,
1270 PSOCK | PCATCH, "soclos",
1271 so->so_linger * hz);
1279 if (so->so_proto->pr_usrreqs->pru_close != NULL)
1280 (*so->so_proto->pr_usrreqs->pru_close)(so);
1283 if ((listening = SOLISTENING(so))) {
1286 TAILQ_INIT(&lqueue);
1287 TAILQ_SWAP(&lqueue, &so->sol_incomp, socket, so_list);
1288 TAILQ_CONCAT(&lqueue, &so->sol_comp, so_list);
1290 so->sol_qlen = so->sol_incqlen = 0;
1292 TAILQ_FOREACH(sp, &lqueue, so_list) {
1294 sp->so_qstate = SQ_NONE;
1295 sp->so_listen = NULL;
1297 last = refcount_release(&so->so_count);
1298 KASSERT(!last, ("%s: released last reference for %p",
1302 KASSERT((so->so_state & SS_NOFDREF) == 0, ("soclose: NOFDREF"));
1303 so->so_state |= SS_NOFDREF;
1306 struct socket *sp, *tsp;
1308 TAILQ_FOREACH_SAFE(sp, &lqueue, so_list, tsp) {
1310 if (refcount_load(&sp->so_count) == 0) {
1314 /* See the handling of queued sockets
1325 * soabort() is used to abruptly tear down a connection, such as when a
1326 * resource limit is reached (listen queue depth exceeded), or if a listen
1327 * socket is closed while there are sockets waiting to be accepted.
1329 * This interface is tricky, because it is called on an unreferenced socket,
1330 * and must be called only by a thread that has actually removed the socket
1331 * from the listen queue it was on, or races with other threads are risked.
1333 * This interface will call into the protocol code, so must not be called
1334 * with any socket locks held. Protocols do call it while holding their own
1335 * recursible protocol mutexes, but this is something that should be subject
1336 * to review in the future.
1339 soabort(struct socket *so)
1343 * In as much as is possible, assert that no references to this
1344 * socket are held. This is not quite the same as asserting that the
1345 * current thread is responsible for arranging for no references, but
1346 * is as close as we can get for now.
1348 KASSERT(so->so_count == 0, ("soabort: so_count"));
1349 KASSERT((so->so_state & SS_PROTOREF) == 0, ("soabort: SS_PROTOREF"));
1350 KASSERT(so->so_state & SS_NOFDREF, ("soabort: !SS_NOFDREF"));
1353 if (so->so_proto->pr_usrreqs->pru_abort != NULL)
1354 (*so->so_proto->pr_usrreqs->pru_abort)(so);
1360 soaccept(struct socket *so, struct sockaddr **nam)
1365 KASSERT((so->so_state & SS_NOFDREF) != 0, ("soaccept: !NOFDREF"));
1366 so->so_state &= ~SS_NOFDREF;
1369 CURVNET_SET(so->so_vnet);
1370 error = (*so->so_proto->pr_usrreqs->pru_accept)(so, nam);
1376 soconnect(struct socket *so, struct sockaddr *nam, struct thread *td)
1379 return (soconnectat(AT_FDCWD, so, nam, td));
1383 soconnectat(int fd, struct socket *so, struct sockaddr *nam, struct thread *td)
1387 CURVNET_SET(so->so_vnet);
1389 * If protocol is connection-based, can only connect once.
1390 * Otherwise, if connected, try to disconnect first. This allows
1391 * user to disconnect by connecting to, e.g., a null address.
1393 if (so->so_state & (SS_ISCONNECTED|SS_ISCONNECTING) &&
1394 ((so->so_proto->pr_flags & PR_CONNREQUIRED) ||
1395 (error = sodisconnect(so)))) {
1399 * Prevent accumulated error from previous connection from
1403 if (fd == AT_FDCWD) {
1404 error = (*so->so_proto->pr_usrreqs->pru_connect)(so,
1407 error = (*so->so_proto->pr_usrreqs->pru_connectat)(fd,
1417 soconnect2(struct socket *so1, struct socket *so2)
1421 CURVNET_SET(so1->so_vnet);
1422 error = (*so1->so_proto->pr_usrreqs->pru_connect2)(so1, so2);
1428 sodisconnect(struct socket *so)
1432 if ((so->so_state & SS_ISCONNECTED) == 0)
1434 if (so->so_state & SS_ISDISCONNECTING)
1437 error = (*so->so_proto->pr_usrreqs->pru_disconnect)(so);
1442 sosend_dgram(struct socket *so, struct sockaddr *addr, struct uio *uio,
1443 struct mbuf *top, struct mbuf *control, int flags, struct thread *td)
1447 int clen = 0, error, dontroute;
1449 KASSERT(so->so_type == SOCK_DGRAM, ("sosend_dgram: !SOCK_DGRAM"));
1450 KASSERT(so->so_proto->pr_flags & PR_ATOMIC,
1451 ("sosend_dgram: !PR_ATOMIC"));
1454 resid = uio->uio_resid;
1456 resid = top->m_pkthdr.len;
1458 * In theory resid should be unsigned. However, space must be
1459 * signed, as it might be less than 0 if we over-committed, and we
1460 * must use a signed comparison of space and resid. On the other
1461 * hand, a negative resid causes us to loop sending 0-length
1462 * segments to the protocol.
1470 (flags & MSG_DONTROUTE) && (so->so_options & SO_DONTROUTE) == 0;
1472 td->td_ru.ru_msgsnd++;
1473 if (control != NULL)
1474 clen = control->m_len;
1476 SOCKBUF_LOCK(&so->so_snd);
1477 if (so->so_snd.sb_state & SBS_CANTSENDMORE) {
1478 SOCKBUF_UNLOCK(&so->so_snd);
1483 error = so->so_error;
1485 SOCKBUF_UNLOCK(&so->so_snd);
1488 if ((so->so_state & SS_ISCONNECTED) == 0) {
1490 * `sendto' and `sendmsg' is allowed on a connection-based
1491 * socket if it supports implied connect. Return ENOTCONN if
1492 * not connected and no address is supplied.
1494 if ((so->so_proto->pr_flags & PR_CONNREQUIRED) &&
1495 (so->so_proto->pr_flags & PR_IMPLOPCL) == 0) {
1496 if ((so->so_state & SS_ISCONFIRMING) == 0 &&
1497 !(resid == 0 && clen != 0)) {
1498 SOCKBUF_UNLOCK(&so->so_snd);
1502 } else if (addr == NULL) {
1503 if (so->so_proto->pr_flags & PR_CONNREQUIRED)
1506 error = EDESTADDRREQ;
1507 SOCKBUF_UNLOCK(&so->so_snd);
1513 * Do we need MSG_OOB support in SOCK_DGRAM? Signs here may be a
1514 * problem and need fixing.
1516 space = sbspace(&so->so_snd);
1517 if (flags & MSG_OOB)
1520 SOCKBUF_UNLOCK(&so->so_snd);
1521 if (resid > space) {
1527 if (flags & MSG_EOR)
1528 top->m_flags |= M_EOR;
1531 * Copy the data from userland into a mbuf chain.
1532 * If no data is to be copied in, a single empty mbuf
1535 top = m_uiotombuf(uio, M_WAITOK, space, max_hdr,
1536 (M_PKTHDR | ((flags & MSG_EOR) ? M_EOR : 0)));
1538 error = EFAULT; /* only possible error */
1541 space -= resid - uio->uio_resid;
1542 resid = uio->uio_resid;
1544 KASSERT(resid == 0, ("sosend_dgram: resid != 0"));
1546 * XXXRW: Frobbing SO_DONTROUTE here is even worse without sblock
1551 so->so_options |= SO_DONTROUTE;
1555 * XXX all the SBS_CANTSENDMORE checks previously done could be out
1556 * of date. We could have received a reset packet in an interrupt or
1557 * maybe we slept while doing page faults in uiomove() etc. We could
1558 * probably recheck again inside the locking protection here, but
1559 * there are probably other places that this also happens. We must
1563 error = (*so->so_proto->pr_usrreqs->pru_send)(so,
1564 (flags & MSG_OOB) ? PRUS_OOB :
1566 * If the user set MSG_EOF, the protocol understands this flag and
1567 * nothing left to send then use PRU_SEND_EOF instead of PRU_SEND.
1569 ((flags & MSG_EOF) &&
1570 (so->so_proto->pr_flags & PR_IMPLOPCL) &&
1573 /* If there is more to send set PRUS_MORETOCOME */
1574 (flags & MSG_MORETOCOME) ||
1575 (resid > 0 && space > 0) ? PRUS_MORETOCOME : 0,
1576 top, addr, control, td);
1579 so->so_options &= ~SO_DONTROUTE;
1588 if (control != NULL)
1594 * Send on a socket. If send must go all at once and message is larger than
1595 * send buffering, then hard error. Lock against other senders. If must go
1596 * all at once and not enough room now, then inform user that this would
1597 * block and do nothing. Otherwise, if nonblocking, send as much as
1598 * possible. The data to be sent is described by "uio" if nonzero, otherwise
1599 * by the mbuf chain "top" (which must be null if uio is not). Data provided
1600 * in mbuf chain must be small enough to send all at once.
1602 * Returns nonzero on error, timeout or signal; callers must check for short
1603 * counts if EINTR/ERESTART are returned. Data and control buffers are freed
1607 sosend_generic(struct socket *so, struct sockaddr *addr, struct uio *uio,
1608 struct mbuf *top, struct mbuf *control, int flags, struct thread *td)
1612 int clen = 0, error, dontroute;
1613 int atomic = sosendallatonce(so) || top;
1616 struct ktls_session *tls;
1617 int tls_enq_cnt, tls_pruflag;
1621 tls_rtype = TLS_RLTYPE_APP;
1624 resid = uio->uio_resid;
1625 else if ((top->m_flags & M_PKTHDR) != 0)
1626 resid = top->m_pkthdr.len;
1628 resid = m_length(top, NULL);
1630 * In theory resid should be unsigned. However, space must be
1631 * signed, as it might be less than 0 if we over-committed, and we
1632 * must use a signed comparison of space and resid. On the other
1633 * hand, a negative resid causes us to loop sending 0-length
1634 * segments to the protocol.
1636 * Also check to make sure that MSG_EOR isn't used on SOCK_STREAM
1637 * type sockets since that's an error.
1639 if (resid < 0 || (so->so_type == SOCK_STREAM && (flags & MSG_EOR))) {
1645 (flags & MSG_DONTROUTE) && (so->so_options & SO_DONTROUTE) == 0 &&
1646 (so->so_proto->pr_flags & PR_ATOMIC);
1648 td->td_ru.ru_msgsnd++;
1649 if (control != NULL)
1650 clen = control->m_len;
1652 error = SOCK_IO_SEND_LOCK(so, SBLOCKWAIT(flags));
1658 tls = ktls_hold(so->so_snd.sb_tls_info);
1660 if (tls->mode == TCP_TLS_MODE_SW)
1661 tls_pruflag = PRUS_NOTREADY;
1663 if (control != NULL) {
1664 struct cmsghdr *cm = mtod(control, struct cmsghdr *);
1666 if (clen >= sizeof(*cm) &&
1667 cm->cmsg_type == TLS_SET_RECORD_TYPE) {
1668 tls_rtype = *((uint8_t *)CMSG_DATA(cm));
1676 if (resid == 0 && !ktls_permit_empty_frames(tls)) {
1685 SOCKBUF_LOCK(&so->so_snd);
1686 if (so->so_snd.sb_state & SBS_CANTSENDMORE) {
1687 SOCKBUF_UNLOCK(&so->so_snd);
1692 error = so->so_error;
1694 SOCKBUF_UNLOCK(&so->so_snd);
1697 if ((so->so_state & SS_ISCONNECTED) == 0) {
1699 * `sendto' and `sendmsg' is allowed on a connection-
1700 * based socket if it supports implied connect.
1701 * Return ENOTCONN if not connected and no address is
1704 if ((so->so_proto->pr_flags & PR_CONNREQUIRED) &&
1705 (so->so_proto->pr_flags & PR_IMPLOPCL) == 0) {
1706 if ((so->so_state & SS_ISCONFIRMING) == 0 &&
1707 !(resid == 0 && clen != 0)) {
1708 SOCKBUF_UNLOCK(&so->so_snd);
1712 } else if (addr == NULL) {
1713 SOCKBUF_UNLOCK(&so->so_snd);
1714 if (so->so_proto->pr_flags & PR_CONNREQUIRED)
1717 error = EDESTADDRREQ;
1721 space = sbspace(&so->so_snd);
1722 if (flags & MSG_OOB)
1724 if ((atomic && resid > so->so_snd.sb_hiwat) ||
1725 clen > so->so_snd.sb_hiwat) {
1726 SOCKBUF_UNLOCK(&so->so_snd);
1730 if (space < resid + clen &&
1731 (atomic || space < so->so_snd.sb_lowat || space < clen)) {
1732 if ((so->so_state & SS_NBIO) ||
1733 (flags & (MSG_NBIO | MSG_DONTWAIT)) != 0) {
1734 SOCKBUF_UNLOCK(&so->so_snd);
1735 error = EWOULDBLOCK;
1738 error = sbwait(so, SO_SND);
1739 SOCKBUF_UNLOCK(&so->so_snd);
1744 SOCKBUF_UNLOCK(&so->so_snd);
1749 if (flags & MSG_EOR)
1750 top->m_flags |= M_EOR;
1753 ktls_frame(top, tls, &tls_enq_cnt,
1755 tls_rtype = TLS_RLTYPE_APP;
1760 * Copy the data from userland into a mbuf
1761 * chain. If resid is 0, which can happen
1762 * only if we have control to send, then
1763 * a single empty mbuf is returned. This
1764 * is a workaround to prevent protocol send
1769 top = m_uiotombuf(uio, M_WAITOK, space,
1770 tls->params.max_frame_len,
1772 ((flags & MSG_EOR) ? M_EOR : 0));
1774 ktls_frame(top, tls,
1775 &tls_enq_cnt, tls_rtype);
1777 tls_rtype = TLS_RLTYPE_APP;
1780 top = m_uiotombuf(uio, M_WAITOK, space,
1781 (atomic ? max_hdr : 0),
1782 (atomic ? M_PKTHDR : 0) |
1783 ((flags & MSG_EOR) ? M_EOR : 0));
1785 error = EFAULT; /* only possible error */
1788 space -= resid - uio->uio_resid;
1789 resid = uio->uio_resid;
1793 so->so_options |= SO_DONTROUTE;
1797 * XXX all the SBS_CANTSENDMORE checks previously
1798 * done could be out of date. We could have received
1799 * a reset packet in an interrupt or maybe we slept
1800 * while doing page faults in uiomove() etc. We
1801 * could probably recheck again inside the locking
1802 * protection here, but there are probably other
1803 * places that this also happens. We must rethink
1808 pru_flag = (flags & MSG_OOB) ? PRUS_OOB :
1810 * If the user set MSG_EOF, the protocol understands
1811 * this flag and nothing left to send then use
1812 * PRU_SEND_EOF instead of PRU_SEND.
1814 ((flags & MSG_EOF) &&
1815 (so->so_proto->pr_flags & PR_IMPLOPCL) &&
1818 /* If there is more to send set PRUS_MORETOCOME. */
1819 (flags & MSG_MORETOCOME) ||
1820 (resid > 0 && space > 0) ? PRUS_MORETOCOME : 0;
1823 pru_flag |= tls_pruflag;
1826 error = (*so->so_proto->pr_usrreqs->pru_send)(so,
1827 pru_flag, top, addr, control, td);
1831 so->so_options &= ~SO_DONTROUTE;
1836 if (tls != NULL && tls->mode == TCP_TLS_MODE_SW) {
1842 ktls_enqueue(top, so, tls_enq_cnt);
1851 } while (resid && space > 0);
1855 SOCK_IO_SEND_UNLOCK(so);
1863 if (control != NULL)
1869 sosend(struct socket *so, struct sockaddr *addr, struct uio *uio,
1870 struct mbuf *top, struct mbuf *control, int flags, struct thread *td)
1874 CURVNET_SET(so->so_vnet);
1875 error = so->so_proto->pr_usrreqs->pru_sosend(so, addr, uio,
1876 top, control, flags, td);
1882 * The part of soreceive() that implements reading non-inline out-of-band
1883 * data from a socket. For more complete comments, see soreceive(), from
1884 * which this code originated.
1886 * Note that soreceive_rcvoob(), unlike the remainder of soreceive(), is
1887 * unable to return an mbuf chain to the caller.
1890 soreceive_rcvoob(struct socket *so, struct uio *uio, int flags)
1892 struct protosw *pr = so->so_proto;
1896 KASSERT(flags & MSG_OOB, ("soreceive_rcvoob: (flags & MSG_OOB) == 0"));
1899 m = m_get(M_WAITOK, MT_DATA);
1900 error = (*pr->pr_usrreqs->pru_rcvoob)(so, m, flags & MSG_PEEK);
1904 error = uiomove(mtod(m, void *),
1905 (int) min(uio->uio_resid, m->m_len), uio);
1907 } while (uio->uio_resid && error == 0 && m);
1915 * Following replacement or removal of the first mbuf on the first mbuf chain
1916 * of a socket buffer, push necessary state changes back into the socket
1917 * buffer so that other consumers see the values consistently. 'nextrecord'
1918 * is the callers locally stored value of the original value of
1919 * sb->sb_mb->m_nextpkt which must be restored when the lead mbuf changes.
1920 * NOTE: 'nextrecord' may be NULL.
1922 static __inline void
1923 sockbuf_pushsync(struct sockbuf *sb, struct mbuf *nextrecord)
1926 SOCKBUF_LOCK_ASSERT(sb);
1928 * First, update for the new value of nextrecord. If necessary, make
1929 * it the first record.
1931 if (sb->sb_mb != NULL)
1932 sb->sb_mb->m_nextpkt = nextrecord;
1934 sb->sb_mb = nextrecord;
1937 * Now update any dependent socket buffer fields to reflect the new
1938 * state. This is an expanded inline of SB_EMPTY_FIXUP(), with the
1939 * addition of a second clause that takes care of the case where
1940 * sb_mb has been updated, but remains the last record.
1942 if (sb->sb_mb == NULL) {
1943 sb->sb_mbtail = NULL;
1944 sb->sb_lastrecord = NULL;
1945 } else if (sb->sb_mb->m_nextpkt == NULL)
1946 sb->sb_lastrecord = sb->sb_mb;
1950 * Implement receive operations on a socket. We depend on the way that
1951 * records are added to the sockbuf by sbappend. In particular, each record
1952 * (mbufs linked through m_next) must begin with an address if the protocol
1953 * so specifies, followed by an optional mbuf or mbufs containing ancillary
1954 * data, and then zero or more mbufs of data. In order to allow parallelism
1955 * between network receive and copying to user space, as well as avoid
1956 * sleeping with a mutex held, we release the socket buffer mutex during the
1957 * user space copy. Although the sockbuf is locked, new data may still be
1958 * appended, and thus we must maintain consistency of the sockbuf during that
1961 * The caller may receive the data as a single mbuf chain by supplying an
1962 * mbuf **mp0 for use in returning the chain. The uio is then used only for
1963 * the count in uio_resid.
1966 soreceive_generic(struct socket *so, struct sockaddr **psa, struct uio *uio,
1967 struct mbuf **mp0, struct mbuf **controlp, int *flagsp)
1969 struct mbuf *m, **mp;
1970 int flags, error, offset;
1972 struct protosw *pr = so->so_proto;
1973 struct mbuf *nextrecord;
1975 ssize_t orig_resid = uio->uio_resid;
1980 if (controlp != NULL)
1983 flags = *flagsp &~ MSG_EOR;
1986 if (flags & MSG_OOB)
1987 return (soreceive_rcvoob(so, uio, flags));
1990 if ((pr->pr_flags & PR_WANTRCVD) && (so->so_state & SS_ISCONFIRMING)
1991 && uio->uio_resid) {
1993 (*pr->pr_usrreqs->pru_rcvd)(so, 0);
1996 error = SOCK_IO_RECV_LOCK(so, SBLOCKWAIT(flags));
2001 SOCKBUF_LOCK(&so->so_rcv);
2002 m = so->so_rcv.sb_mb;
2004 * If we have less data than requested, block awaiting more (subject
2005 * to any timeout) if:
2006 * 1. the current count is less than the low water mark, or
2007 * 2. MSG_DONTWAIT is not set
2009 if (m == NULL || (((flags & MSG_DONTWAIT) == 0 &&
2010 sbavail(&so->so_rcv) < uio->uio_resid) &&
2011 sbavail(&so->so_rcv) < so->so_rcv.sb_lowat &&
2012 m->m_nextpkt == NULL && (pr->pr_flags & PR_ATOMIC) == 0)) {
2013 KASSERT(m != NULL || !sbavail(&so->so_rcv),
2014 ("receive: m == %p sbavail == %u",
2015 m, sbavail(&so->so_rcv)));
2016 if (so->so_error || so->so_rerror) {
2020 error = so->so_error;
2022 error = so->so_rerror;
2023 if ((flags & MSG_PEEK) == 0) {
2029 SOCKBUF_UNLOCK(&so->so_rcv);
2032 SOCKBUF_LOCK_ASSERT(&so->so_rcv);
2033 if (so->so_rcv.sb_state & SBS_CANTRCVMORE) {
2037 else if (so->so_rcv.sb_tlsdcc == 0 &&
2038 so->so_rcv.sb_tlscc == 0) {
2042 SOCKBUF_UNLOCK(&so->so_rcv);
2046 for (; m != NULL; m = m->m_next)
2047 if (m->m_type == MT_OOBDATA || (m->m_flags & M_EOR)) {
2048 m = so->so_rcv.sb_mb;
2051 if ((so->so_state & (SS_ISCONNECTING | SS_ISCONNECTED |
2052 SS_ISDISCONNECTING | SS_ISDISCONNECTED)) == 0 &&
2053 (so->so_proto->pr_flags & PR_CONNREQUIRED) != 0) {
2054 SOCKBUF_UNLOCK(&so->so_rcv);
2058 if (uio->uio_resid == 0) {
2059 SOCKBUF_UNLOCK(&so->so_rcv);
2062 if ((so->so_state & SS_NBIO) ||
2063 (flags & (MSG_DONTWAIT|MSG_NBIO))) {
2064 SOCKBUF_UNLOCK(&so->so_rcv);
2065 error = EWOULDBLOCK;
2068 SBLASTRECORDCHK(&so->so_rcv);
2069 SBLASTMBUFCHK(&so->so_rcv);
2070 error = sbwait(so, SO_RCV);
2071 SOCKBUF_UNLOCK(&so->so_rcv);
2078 * From this point onward, we maintain 'nextrecord' as a cache of the
2079 * pointer to the next record in the socket buffer. We must keep the
2080 * various socket buffer pointers and local stack versions of the
2081 * pointers in sync, pushing out modifications before dropping the
2082 * socket buffer mutex, and re-reading them when picking it up.
2084 * Otherwise, we will race with the network stack appending new data
2085 * or records onto the socket buffer by using inconsistent/stale
2086 * versions of the field, possibly resulting in socket buffer
2089 * By holding the high-level sblock(), we prevent simultaneous
2090 * readers from pulling off the front of the socket buffer.
2092 SOCKBUF_LOCK_ASSERT(&so->so_rcv);
2094 uio->uio_td->td_ru.ru_msgrcv++;
2095 KASSERT(m == so->so_rcv.sb_mb, ("soreceive: m != so->so_rcv.sb_mb"));
2096 SBLASTRECORDCHK(&so->so_rcv);
2097 SBLASTMBUFCHK(&so->so_rcv);
2098 nextrecord = m->m_nextpkt;
2099 if (pr->pr_flags & PR_ADDR) {
2100 KASSERT(m->m_type == MT_SONAME,
2101 ("m->m_type == %d", m->m_type));
2104 *psa = sodupsockaddr(mtod(m, struct sockaddr *),
2106 if (flags & MSG_PEEK) {
2109 sbfree(&so->so_rcv, m);
2110 so->so_rcv.sb_mb = m_free(m);
2111 m = so->so_rcv.sb_mb;
2112 sockbuf_pushsync(&so->so_rcv, nextrecord);
2117 * Process one or more MT_CONTROL mbufs present before any data mbufs
2118 * in the first mbuf chain on the socket buffer. If MSG_PEEK, we
2119 * just copy the data; if !MSG_PEEK, we call into the protocol to
2120 * perform externalization (or freeing if controlp == NULL).
2122 if (m != NULL && m->m_type == MT_CONTROL) {
2123 struct mbuf *cm = NULL, *cmn;
2124 struct mbuf **cme = &cm;
2126 struct cmsghdr *cmsg;
2127 struct tls_get_record tgr;
2130 * For MSG_TLSAPPDATA, check for an alert record.
2131 * If found, return ENXIO without removing
2132 * it from the receive queue. This allows a subsequent
2133 * call without MSG_TLSAPPDATA to receive it.
2134 * Note that, for TLS, there should only be a single
2135 * control mbuf with the TLS_GET_RECORD message in it.
2137 if (flags & MSG_TLSAPPDATA) {
2138 cmsg = mtod(m, struct cmsghdr *);
2139 if (cmsg->cmsg_type == TLS_GET_RECORD &&
2140 cmsg->cmsg_len == CMSG_LEN(sizeof(tgr))) {
2141 memcpy(&tgr, CMSG_DATA(cmsg), sizeof(tgr));
2142 if (__predict_false(tgr.tls_type ==
2143 TLS_RLTYPE_ALERT)) {
2144 SOCKBUF_UNLOCK(&so->so_rcv);
2153 if (flags & MSG_PEEK) {
2154 if (controlp != NULL) {
2155 *controlp = m_copym(m, 0, m->m_len,
2157 controlp = &(*controlp)->m_next;
2161 sbfree(&so->so_rcv, m);
2162 so->so_rcv.sb_mb = m->m_next;
2165 cme = &(*cme)->m_next;
2166 m = so->so_rcv.sb_mb;
2168 } while (m != NULL && m->m_type == MT_CONTROL);
2169 if ((flags & MSG_PEEK) == 0)
2170 sockbuf_pushsync(&so->so_rcv, nextrecord);
2171 while (cm != NULL) {
2174 if (pr->pr_domain->dom_externalize != NULL) {
2175 SOCKBUF_UNLOCK(&so->so_rcv);
2177 error = (*pr->pr_domain->dom_externalize)
2178 (cm, controlp, flags);
2179 SOCKBUF_LOCK(&so->so_rcv);
2180 } else if (controlp != NULL)
2184 if (controlp != NULL) {
2185 while (*controlp != NULL)
2186 controlp = &(*controlp)->m_next;
2191 nextrecord = so->so_rcv.sb_mb->m_nextpkt;
2193 nextrecord = so->so_rcv.sb_mb;
2197 if ((flags & MSG_PEEK) == 0) {
2198 KASSERT(m->m_nextpkt == nextrecord,
2199 ("soreceive: post-control, nextrecord !sync"));
2200 if (nextrecord == NULL) {
2201 KASSERT(so->so_rcv.sb_mb == m,
2202 ("soreceive: post-control, sb_mb!=m"));
2203 KASSERT(so->so_rcv.sb_lastrecord == m,
2204 ("soreceive: post-control, lastrecord!=m"));
2208 if (type == MT_OOBDATA)
2211 if ((flags & MSG_PEEK) == 0) {
2212 KASSERT(so->so_rcv.sb_mb == nextrecord,
2213 ("soreceive: sb_mb != nextrecord"));
2214 if (so->so_rcv.sb_mb == NULL) {
2215 KASSERT(so->so_rcv.sb_lastrecord == NULL,
2216 ("soreceive: sb_lastercord != NULL"));
2220 SOCKBUF_LOCK_ASSERT(&so->so_rcv);
2221 SBLASTRECORDCHK(&so->so_rcv);
2222 SBLASTMBUFCHK(&so->so_rcv);
2225 * Now continue to read any data mbufs off of the head of the socket
2226 * buffer until the read request is satisfied. Note that 'type' is
2227 * used to store the type of any mbuf reads that have happened so far
2228 * such that soreceive() can stop reading if the type changes, which
2229 * causes soreceive() to return only one of regular data and inline
2230 * out-of-band data in a single socket receive operation.
2234 while (m != NULL && !(m->m_flags & M_NOTAVAIL) && uio->uio_resid > 0
2237 * If the type of mbuf has changed since the last mbuf
2238 * examined ('type'), end the receive operation.
2240 SOCKBUF_LOCK_ASSERT(&so->so_rcv);
2241 if (m->m_type == MT_OOBDATA || m->m_type == MT_CONTROL) {
2242 if (type != m->m_type)
2244 } else if (type == MT_OOBDATA)
2247 KASSERT(m->m_type == MT_DATA,
2248 ("m->m_type == %d", m->m_type));
2249 so->so_rcv.sb_state &= ~SBS_RCVATMARK;
2250 len = uio->uio_resid;
2251 if (so->so_oobmark && len > so->so_oobmark - offset)
2252 len = so->so_oobmark - offset;
2253 if (len > m->m_len - moff)
2254 len = m->m_len - moff;
2256 * If mp is set, just pass back the mbufs. Otherwise copy
2257 * them out via the uio, then free. Sockbuf must be
2258 * consistent here (points to current mbuf, it points to next
2259 * record) when we drop priority; we must note any additions
2260 * to the sockbuf when we block interrupts again.
2263 SOCKBUF_LOCK_ASSERT(&so->so_rcv);
2264 SBLASTRECORDCHK(&so->so_rcv);
2265 SBLASTMBUFCHK(&so->so_rcv);
2266 SOCKBUF_UNLOCK(&so->so_rcv);
2267 if ((m->m_flags & M_EXTPG) != 0)
2268 error = m_unmapped_uiomove(m, moff, uio,
2271 error = uiomove(mtod(m, char *) + moff,
2273 SOCKBUF_LOCK(&so->so_rcv);
2276 * The MT_SONAME mbuf has already been removed
2277 * from the record, so it is necessary to
2278 * remove the data mbufs, if any, to preserve
2279 * the invariant in the case of PR_ADDR that
2280 * requires MT_SONAME mbufs at the head of
2283 if (pr->pr_flags & PR_ATOMIC &&
2284 ((flags & MSG_PEEK) == 0))
2285 (void)sbdroprecord_locked(&so->so_rcv);
2286 SOCKBUF_UNLOCK(&so->so_rcv);
2290 uio->uio_resid -= len;
2291 SOCKBUF_LOCK_ASSERT(&so->so_rcv);
2292 if (len == m->m_len - moff) {
2293 if (m->m_flags & M_EOR)
2295 if (flags & MSG_PEEK) {
2299 nextrecord = m->m_nextpkt;
2300 sbfree(&so->so_rcv, m);
2302 m->m_nextpkt = NULL;
2305 so->so_rcv.sb_mb = m = m->m_next;
2308 so->so_rcv.sb_mb = m_free(m);
2309 m = so->so_rcv.sb_mb;
2311 sockbuf_pushsync(&so->so_rcv, nextrecord);
2312 SBLASTRECORDCHK(&so->so_rcv);
2313 SBLASTMBUFCHK(&so->so_rcv);
2316 if (flags & MSG_PEEK)
2320 if (flags & MSG_DONTWAIT) {
2321 *mp = m_copym(m, 0, len,
2325 * m_copym() couldn't
2327 * Adjust uio_resid back
2329 * down by len bytes,
2330 * which we didn't end
2331 * up "copying" over).
2333 uio->uio_resid += len;
2337 SOCKBUF_UNLOCK(&so->so_rcv);
2338 *mp = m_copym(m, 0, len,
2340 SOCKBUF_LOCK(&so->so_rcv);
2343 sbcut_locked(&so->so_rcv, len);
2346 SOCKBUF_LOCK_ASSERT(&so->so_rcv);
2347 if (so->so_oobmark) {
2348 if ((flags & MSG_PEEK) == 0) {
2349 so->so_oobmark -= len;
2350 if (so->so_oobmark == 0) {
2351 so->so_rcv.sb_state |= SBS_RCVATMARK;
2356 if (offset == so->so_oobmark)
2360 if (flags & MSG_EOR)
2363 * If the MSG_WAITALL flag is set (for non-atomic socket), we
2364 * must not quit until "uio->uio_resid == 0" or an error
2365 * termination. If a signal/timeout occurs, return with a
2366 * short count but without error. Keep sockbuf locked
2367 * against other readers.
2369 while (flags & MSG_WAITALL && m == NULL && uio->uio_resid > 0 &&
2370 !sosendallatonce(so) && nextrecord == NULL) {
2371 SOCKBUF_LOCK_ASSERT(&so->so_rcv);
2372 if (so->so_error || so->so_rerror ||
2373 so->so_rcv.sb_state & SBS_CANTRCVMORE)
2376 * Notify the protocol that some data has been
2377 * drained before blocking.
2379 if (pr->pr_flags & PR_WANTRCVD) {
2380 SOCKBUF_UNLOCK(&so->so_rcv);
2382 (*pr->pr_usrreqs->pru_rcvd)(so, flags);
2383 SOCKBUF_LOCK(&so->so_rcv);
2385 SBLASTRECORDCHK(&so->so_rcv);
2386 SBLASTMBUFCHK(&so->so_rcv);
2388 * We could receive some data while was notifying
2389 * the protocol. Skip blocking in this case.
2391 if (so->so_rcv.sb_mb == NULL) {
2392 error = sbwait(so, SO_RCV);
2394 SOCKBUF_UNLOCK(&so->so_rcv);
2398 m = so->so_rcv.sb_mb;
2400 nextrecord = m->m_nextpkt;
2404 SOCKBUF_LOCK_ASSERT(&so->so_rcv);
2405 if (m != NULL && pr->pr_flags & PR_ATOMIC) {
2407 if ((flags & MSG_PEEK) == 0)
2408 (void) sbdroprecord_locked(&so->so_rcv);
2410 if ((flags & MSG_PEEK) == 0) {
2413 * First part is an inline SB_EMPTY_FIXUP(). Second
2414 * part makes sure sb_lastrecord is up-to-date if
2415 * there is still data in the socket buffer.
2417 so->so_rcv.sb_mb = nextrecord;
2418 if (so->so_rcv.sb_mb == NULL) {
2419 so->so_rcv.sb_mbtail = NULL;
2420 so->so_rcv.sb_lastrecord = NULL;
2421 } else if (nextrecord->m_nextpkt == NULL)
2422 so->so_rcv.sb_lastrecord = nextrecord;
2424 SBLASTRECORDCHK(&so->so_rcv);
2425 SBLASTMBUFCHK(&so->so_rcv);
2427 * If soreceive() is being done from the socket callback,
2428 * then don't need to generate ACK to peer to update window,
2429 * since ACK will be generated on return to TCP.
2431 if (!(flags & MSG_SOCALLBCK) &&
2432 (pr->pr_flags & PR_WANTRCVD)) {
2433 SOCKBUF_UNLOCK(&so->so_rcv);
2435 (*pr->pr_usrreqs->pru_rcvd)(so, flags);
2436 SOCKBUF_LOCK(&so->so_rcv);
2439 SOCKBUF_LOCK_ASSERT(&so->so_rcv);
2440 if (orig_resid == uio->uio_resid && orig_resid &&
2441 (flags & MSG_EOR) == 0 && (so->so_rcv.sb_state & SBS_CANTRCVMORE) == 0) {
2442 SOCKBUF_UNLOCK(&so->so_rcv);
2445 SOCKBUF_UNLOCK(&so->so_rcv);
2450 SOCK_IO_RECV_UNLOCK(so);
2455 * Optimized version of soreceive() for stream (TCP) sockets.
2458 soreceive_stream(struct socket *so, struct sockaddr **psa, struct uio *uio,
2459 struct mbuf **mp0, struct mbuf **controlp, int *flagsp)
2461 int len = 0, error = 0, flags, oresid;
2463 struct mbuf *m, *n = NULL;
2465 /* We only do stream sockets. */
2466 if (so->so_type != SOCK_STREAM)
2471 flags = *flagsp &~ MSG_EOR;
2474 if (controlp != NULL)
2476 if (flags & MSG_OOB)
2477 return (soreceive_rcvoob(so, uio, flags));
2485 * KTLS store TLS records as records with a control message to
2486 * describe the framing.
2488 * We check once here before acquiring locks to optimize the
2491 if (sb->sb_tls_info != NULL)
2492 return (soreceive_generic(so, psa, uio, mp0, controlp,
2496 /* Prevent other readers from entering the socket. */
2497 error = SOCK_IO_RECV_LOCK(so, SBLOCKWAIT(flags));
2503 if (sb->sb_tls_info != NULL) {
2505 SOCK_IO_RECV_UNLOCK(so);
2506 return (soreceive_generic(so, psa, uio, mp0, controlp,
2511 /* Easy one, no space to copyout anything. */
2512 if (uio->uio_resid == 0) {
2516 oresid = uio->uio_resid;
2518 /* We will never ever get anything unless we are or were connected. */
2519 if (!(so->so_state & (SS_ISCONNECTED|SS_ISDISCONNECTED))) {
2525 SOCKBUF_LOCK_ASSERT(&so->so_rcv);
2527 /* Abort if socket has reported problems. */
2529 if (sbavail(sb) > 0)
2531 if (oresid > uio->uio_resid)
2533 error = so->so_error;
2534 if (!(flags & MSG_PEEK))
2539 /* Door is closed. Deliver what is left, if any. */
2540 if (sb->sb_state & SBS_CANTRCVMORE) {
2541 if (sbavail(sb) > 0)
2547 /* Socket buffer is empty and we shall not block. */
2548 if (sbavail(sb) == 0 &&
2549 ((so->so_state & SS_NBIO) || (flags & (MSG_DONTWAIT|MSG_NBIO)))) {
2554 /* Socket buffer got some data that we shall deliver now. */
2555 if (sbavail(sb) > 0 && !(flags & MSG_WAITALL) &&
2556 ((so->so_state & SS_NBIO) ||
2557 (flags & (MSG_DONTWAIT|MSG_NBIO)) ||
2558 sbavail(sb) >= sb->sb_lowat ||
2559 sbavail(sb) >= uio->uio_resid ||
2560 sbavail(sb) >= sb->sb_hiwat) ) {
2564 /* On MSG_WAITALL we must wait until all data or error arrives. */
2565 if ((flags & MSG_WAITALL) &&
2566 (sbavail(sb) >= uio->uio_resid || sbavail(sb) >= sb->sb_hiwat))
2570 * Wait and block until (more) data comes in.
2571 * NB: Drops the sockbuf lock during wait.
2573 error = sbwait(so, SO_RCV);
2579 SOCKBUF_LOCK_ASSERT(&so->so_rcv);
2580 KASSERT(sbavail(sb) > 0, ("%s: sockbuf empty", __func__));
2581 KASSERT(sb->sb_mb != NULL, ("%s: sb_mb == NULL", __func__));
2585 uio->uio_td->td_ru.ru_msgrcv++;
2587 /* Fill uio until full or current end of socket buffer is reached. */
2588 len = min(uio->uio_resid, sbavail(sb));
2590 /* Dequeue as many mbufs as possible. */
2591 if (!(flags & MSG_PEEK) && len >= sb->sb_mb->m_len) {
2595 m_cat(*mp0, sb->sb_mb);
2597 m != NULL && m->m_len <= len;
2599 KASSERT(!(m->m_flags & M_NOTAVAIL),
2600 ("%s: m %p not available", __func__, m));
2602 uio->uio_resid -= m->m_len;
2608 sb->sb_lastrecord = sb->sb_mb;
2609 if (sb->sb_mb == NULL)
2612 /* Copy the remainder. */
2614 KASSERT(sb->sb_mb != NULL,
2615 ("%s: len > 0 && sb->sb_mb empty", __func__));
2617 m = m_copym(sb->sb_mb, 0, len, M_NOWAIT);
2619 len = 0; /* Don't flush data from sockbuf. */
2621 uio->uio_resid -= len;
2632 /* NB: Must unlock socket buffer as uiomove may sleep. */
2634 error = m_mbuftouio(uio, sb->sb_mb, len);
2639 SBLASTRECORDCHK(sb);
2643 * Remove the delivered data from the socket buffer unless we
2644 * were only peeking.
2646 if (!(flags & MSG_PEEK)) {
2648 sbdrop_locked(sb, len);
2650 /* Notify protocol that we drained some data. */
2651 if ((so->so_proto->pr_flags & PR_WANTRCVD) &&
2652 (((flags & MSG_WAITALL) && uio->uio_resid > 0) ||
2653 !(flags & MSG_SOCALLBCK))) {
2656 (*so->so_proto->pr_usrreqs->pru_rcvd)(so, flags);
2662 * For MSG_WAITALL we may have to loop again and wait for
2663 * more data to come in.
2665 if ((flags & MSG_WAITALL) && uio->uio_resid > 0)
2668 SBLASTRECORDCHK(sb);
2671 SOCK_IO_RECV_UNLOCK(so);
2676 * Optimized version of soreceive() for simple datagram cases from userspace.
2677 * Unlike in the stream case, we're able to drop a datagram if copyout()
2678 * fails, and because we handle datagrams atomically, we don't need to use a
2679 * sleep lock to prevent I/O interlacing.
2682 soreceive_dgram(struct socket *so, struct sockaddr **psa, struct uio *uio,
2683 struct mbuf **mp0, struct mbuf **controlp, int *flagsp)
2685 struct mbuf *m, *m2;
2688 struct protosw *pr = so->so_proto;
2689 struct mbuf *nextrecord;
2693 if (controlp != NULL)
2696 flags = *flagsp &~ MSG_EOR;
2701 * For any complicated cases, fall back to the full
2702 * soreceive_generic().
2704 if (mp0 != NULL || (flags & MSG_PEEK) || (flags & MSG_OOB))
2705 return (soreceive_generic(so, psa, uio, mp0, controlp,
2709 * Enforce restrictions on use.
2711 KASSERT((pr->pr_flags & PR_WANTRCVD) == 0,
2712 ("soreceive_dgram: wantrcvd"));
2713 KASSERT(pr->pr_flags & PR_ATOMIC, ("soreceive_dgram: !atomic"));
2714 KASSERT((so->so_rcv.sb_state & SBS_RCVATMARK) == 0,
2715 ("soreceive_dgram: SBS_RCVATMARK"));
2716 KASSERT((so->so_proto->pr_flags & PR_CONNREQUIRED) == 0,
2717 ("soreceive_dgram: P_CONNREQUIRED"));
2720 * Loop blocking while waiting for a datagram.
2722 SOCKBUF_LOCK(&so->so_rcv);
2723 while ((m = so->so_rcv.sb_mb) == NULL) {
2724 KASSERT(sbavail(&so->so_rcv) == 0,
2725 ("soreceive_dgram: sb_mb NULL but sbavail %u",
2726 sbavail(&so->so_rcv)));
2728 error = so->so_error;
2730 SOCKBUF_UNLOCK(&so->so_rcv);
2733 if (so->so_rcv.sb_state & SBS_CANTRCVMORE ||
2734 uio->uio_resid == 0) {
2735 SOCKBUF_UNLOCK(&so->so_rcv);
2738 if ((so->so_state & SS_NBIO) ||
2739 (flags & (MSG_DONTWAIT|MSG_NBIO))) {
2740 SOCKBUF_UNLOCK(&so->so_rcv);
2741 return (EWOULDBLOCK);
2743 SBLASTRECORDCHK(&so->so_rcv);
2744 SBLASTMBUFCHK(&so->so_rcv);
2745 error = sbwait(so, SO_RCV);
2747 SOCKBUF_UNLOCK(&so->so_rcv);
2751 SOCKBUF_LOCK_ASSERT(&so->so_rcv);
2754 uio->uio_td->td_ru.ru_msgrcv++;
2755 SBLASTRECORDCHK(&so->so_rcv);
2756 SBLASTMBUFCHK(&so->so_rcv);
2757 nextrecord = m->m_nextpkt;
2758 if (nextrecord == NULL) {
2759 KASSERT(so->so_rcv.sb_lastrecord == m,
2760 ("soreceive_dgram: lastrecord != m"));
2763 KASSERT(so->so_rcv.sb_mb->m_nextpkt == nextrecord,
2764 ("soreceive_dgram: m_nextpkt != nextrecord"));
2767 * Pull 'm' and its chain off the front of the packet queue.
2769 so->so_rcv.sb_mb = NULL;
2770 sockbuf_pushsync(&so->so_rcv, nextrecord);
2773 * Walk 'm's chain and free that many bytes from the socket buffer.
2775 for (m2 = m; m2 != NULL; m2 = m2->m_next)
2776 sbfree(&so->so_rcv, m2);
2779 * Do a few last checks before we let go of the lock.
2781 SBLASTRECORDCHK(&so->so_rcv);
2782 SBLASTMBUFCHK(&so->so_rcv);
2783 SOCKBUF_UNLOCK(&so->so_rcv);
2785 if (pr->pr_flags & PR_ADDR) {
2786 KASSERT(m->m_type == MT_SONAME,
2787 ("m->m_type == %d", m->m_type));
2789 *psa = sodupsockaddr(mtod(m, struct sockaddr *),
2794 /* XXXRW: Can this happen? */
2799 * Packet to copyout() is now in 'm' and it is disconnected from the
2802 * Process one or more MT_CONTROL mbufs present before any data mbufs
2803 * in the first mbuf chain on the socket buffer. We call into the
2804 * protocol to perform externalization (or freeing if controlp ==
2805 * NULL). In some cases there can be only MT_CONTROL mbufs without
2808 if (m->m_type == MT_CONTROL) {
2809 struct mbuf *cm = NULL, *cmn;
2810 struct mbuf **cme = &cm;
2816 cme = &(*cme)->m_next;
2818 } while (m != NULL && m->m_type == MT_CONTROL);
2819 while (cm != NULL) {
2822 if (pr->pr_domain->dom_externalize != NULL) {
2823 error = (*pr->pr_domain->dom_externalize)
2824 (cm, controlp, flags);
2825 } else if (controlp != NULL)
2829 if (controlp != NULL) {
2830 while (*controlp != NULL)
2831 controlp = &(*controlp)->m_next;
2836 KASSERT(m == NULL || m->m_type == MT_DATA,
2837 ("soreceive_dgram: !data"));
2838 while (m != NULL && uio->uio_resid > 0) {
2839 len = uio->uio_resid;
2842 error = uiomove(mtod(m, char *), (int)len, uio);
2847 if (len == m->m_len)
2864 soreceive(struct socket *so, struct sockaddr **psa, struct uio *uio,
2865 struct mbuf **mp0, struct mbuf **controlp, int *flagsp)
2869 CURVNET_SET(so->so_vnet);
2870 error = (so->so_proto->pr_usrreqs->pru_soreceive(so, psa, uio,
2871 mp0, controlp, flagsp));
2877 soshutdown(struct socket *so, int how)
2880 int error, soerror_enotconn;
2882 if (!(how == SHUT_RD || how == SHUT_WR || how == SHUT_RDWR))
2885 soerror_enotconn = 0;
2888 (SS_ISCONNECTED | SS_ISCONNECTING | SS_ISDISCONNECTING)) == 0) {
2890 * POSIX mandates us to return ENOTCONN when shutdown(2) is
2891 * invoked on a datagram sockets, however historically we would
2892 * actually tear socket down. This is known to be leveraged by
2893 * some applications to unblock process waiting in recvXXX(2)
2894 * by other process that it shares that socket with. Try to meet
2895 * both backward-compatibility and POSIX requirements by forcing
2896 * ENOTCONN but still asking protocol to perform pru_shutdown().
2898 if (so->so_type != SOCK_DGRAM && !SOLISTENING(so)) {
2902 soerror_enotconn = 1;
2905 if (SOLISTENING(so)) {
2906 if (how != SHUT_WR) {
2907 so->so_error = ECONNABORTED;
2908 solisten_wakeup(so); /* unlocks so */
2916 CURVNET_SET(so->so_vnet);
2918 if (pr->pr_usrreqs->pru_flush != NULL)
2919 (*pr->pr_usrreqs->pru_flush)(so, how);
2922 if (how != SHUT_RD) {
2923 error = (*pr->pr_usrreqs->pru_shutdown)(so);
2924 wakeup(&so->so_timeo);
2926 return ((error == 0 && soerror_enotconn) ? ENOTCONN : error);
2928 wakeup(&so->so_timeo);
2932 return (soerror_enotconn ? ENOTCONN : 0);
2936 sorflush(struct socket *so)
2944 * Dislodge threads currently blocked in receive and wait to acquire
2945 * a lock against other simultaneous readers before clearing the
2946 * socket buffer. Don't let our acquire be interrupted by a signal
2947 * despite any existing socket disposition on interruptable waiting.
2951 error = SOCK_IO_RECV_LOCK(so, SBL_WAIT | SBL_NOINTR);
2953 KASSERT(SOLISTENING(so),
2954 ("%s: soiolock(%p) failed", __func__, so));
2959 if (pr->pr_flags & PR_RIGHTS) {
2960 MPASS(pr->pr_domain->dom_dispose != NULL);
2961 (*pr->pr_domain->dom_dispose)(so);
2963 sbrelease(so, SO_RCV);
2964 SOCK_IO_RECV_UNLOCK(so);
2970 * Wrapper for Socket established helper hook.
2971 * Parameters: socket, context of the hook point, hook id.
2974 hhook_run_socket(struct socket *so, void *hctx, int32_t h_id)
2976 struct socket_hhook_data hhook_data = {
2983 CURVNET_SET(so->so_vnet);
2984 HHOOKS_RUN_IF(V_socket_hhh[h_id], &hhook_data, &so->osd);
2987 /* Ugly but needed, since hhooks return void for now */
2988 return (hhook_data.status);
2992 * Perhaps this routine, and sooptcopyout(), below, ought to come in an
2993 * additional variant to handle the case where the option value needs to be
2994 * some kind of integer, but not a specific size. In addition to their use
2995 * here, these functions are also called by the protocol-level pr_ctloutput()
2999 sooptcopyin(struct sockopt *sopt, void *buf, size_t len, size_t minlen)
3004 * If the user gives us more than we wanted, we ignore it, but if we
3005 * don't get the minimum length the caller wants, we return EINVAL.
3006 * On success, sopt->sopt_valsize is set to however much we actually
3009 if ((valsize = sopt->sopt_valsize) < minlen)
3012 sopt->sopt_valsize = valsize = len;
3014 if (sopt->sopt_td != NULL)
3015 return (copyin(sopt->sopt_val, buf, valsize));
3017 bcopy(sopt->sopt_val, buf, valsize);
3022 * Kernel version of setsockopt(2).
3024 * XXX: optlen is size_t, not socklen_t
3027 so_setsockopt(struct socket *so, int level, int optname, void *optval,
3030 struct sockopt sopt;
3032 sopt.sopt_level = level;
3033 sopt.sopt_name = optname;
3034 sopt.sopt_dir = SOPT_SET;
3035 sopt.sopt_val = optval;
3036 sopt.sopt_valsize = optlen;
3037 sopt.sopt_td = NULL;
3038 return (sosetopt(so, &sopt));
3042 sosetopt(struct socket *so, struct sockopt *sopt)
3053 CURVNET_SET(so->so_vnet);
3055 if (sopt->sopt_level != SOL_SOCKET) {
3056 if (so->so_proto->pr_ctloutput != NULL)
3057 error = (*so->so_proto->pr_ctloutput)(so, sopt);
3059 error = ENOPROTOOPT;
3061 switch (sopt->sopt_name) {
3062 case SO_ACCEPTFILTER:
3063 error = accept_filt_setopt(so, sopt);
3069 error = sooptcopyin(sopt, &l, sizeof l, sizeof l);
3072 if (l.l_linger < 0 ||
3073 l.l_linger > USHRT_MAX ||
3074 l.l_linger > (INT_MAX / hz)) {
3079 so->so_linger = l.l_linger;
3081 so->so_options |= SO_LINGER;
3083 so->so_options &= ~SO_LINGER;
3090 case SO_USELOOPBACK:
3094 case SO_REUSEPORT_LB:
3102 error = sooptcopyin(sopt, &optval, sizeof optval,
3108 so->so_options |= sopt->sopt_name;
3110 so->so_options &= ~sopt->sopt_name;
3115 error = sooptcopyin(sopt, &optval, sizeof optval,
3120 if (optval < 0 || optval >= rt_numfibs) {
3124 if (((so->so_proto->pr_domain->dom_family == PF_INET) ||
3125 (so->so_proto->pr_domain->dom_family == PF_INET6) ||
3126 (so->so_proto->pr_domain->dom_family == PF_ROUTE)))
3127 so->so_fibnum = optval;
3132 case SO_USER_COOKIE:
3133 error = sooptcopyin(sopt, &val32, sizeof val32,
3137 so->so_user_cookie = val32;
3144 error = sooptcopyin(sopt, &optval, sizeof optval,
3150 * Values < 1 make no sense for any of these options,
3158 error = sbsetopt(so, sopt->sopt_name, optval);
3163 #ifdef COMPAT_FREEBSD32
3164 if (SV_CURPROC_FLAG(SV_ILP32)) {
3165 struct timeval32 tv32;
3167 error = sooptcopyin(sopt, &tv32, sizeof tv32,
3169 CP(tv32, tv, tv_sec);
3170 CP(tv32, tv, tv_usec);
3173 error = sooptcopyin(sopt, &tv, sizeof tv,
3177 if (tv.tv_sec < 0 || tv.tv_usec < 0 ||
3178 tv.tv_usec >= 1000000) {
3182 if (tv.tv_sec > INT32_MAX)
3186 switch (sopt->sopt_name) {
3188 so->so_snd.sb_timeo = val;
3191 so->so_rcv.sb_timeo = val;
3198 error = sooptcopyin(sopt, &extmac, sizeof extmac,
3202 error = mac_setsockopt_label(sopt->sopt_td->td_ucred,
3210 error = sooptcopyin(sopt, &optval, sizeof optval,
3214 if (optval < 0 || optval > SO_TS_CLOCK_MAX) {
3218 so->so_ts_clock = optval;
3221 case SO_MAX_PACING_RATE:
3222 error = sooptcopyin(sopt, &val32, sizeof(val32),
3226 so->so_max_pacing_rate = val32;
3230 if (V_socket_hhh[HHOOK_SOCKET_OPT]->hhh_nhooks > 0)
3231 error = hhook_run_socket(so, sopt,
3234 error = ENOPROTOOPT;
3237 if (error == 0 && so->so_proto->pr_ctloutput != NULL)
3238 (void)(*so->so_proto->pr_ctloutput)(so, sopt);
3246 * Helper routine for getsockopt.
3249 sooptcopyout(struct sockopt *sopt, const void *buf, size_t len)
3257 * Documented get behavior is that we always return a value, possibly
3258 * truncated to fit in the user's buffer. Traditional behavior is
3259 * that we always tell the user precisely how much we copied, rather
3260 * than something useful like the total amount we had available for
3261 * her. Note that this interface is not idempotent; the entire
3262 * answer must be generated ahead of time.
3264 valsize = min(len, sopt->sopt_valsize);
3265 sopt->sopt_valsize = valsize;
3266 if (sopt->sopt_val != NULL) {
3267 if (sopt->sopt_td != NULL)
3268 error = copyout(buf, sopt->sopt_val, valsize);
3270 bcopy(buf, sopt->sopt_val, valsize);
3276 sogetopt(struct socket *so, struct sockopt *sopt)
3285 CURVNET_SET(so->so_vnet);
3287 if (sopt->sopt_level != SOL_SOCKET) {
3288 if (so->so_proto->pr_ctloutput != NULL)
3289 error = (*so->so_proto->pr_ctloutput)(so, sopt);
3291 error = ENOPROTOOPT;
3295 switch (sopt->sopt_name) {
3296 case SO_ACCEPTFILTER:
3297 error = accept_filt_getopt(so, sopt);
3302 l.l_onoff = so->so_options & SO_LINGER;
3303 l.l_linger = so->so_linger;
3305 error = sooptcopyout(sopt, &l, sizeof l);
3308 case SO_USELOOPBACK:
3314 case SO_REUSEPORT_LB:
3324 optval = so->so_options & sopt->sopt_name;
3326 error = sooptcopyout(sopt, &optval, sizeof optval);
3330 optval = so->so_proto->pr_domain->dom_family;
3334 optval = so->so_type;
3338 optval = so->so_proto->pr_protocol;
3344 optval = so->so_error;
3347 optval = so->so_rerror;
3354 optval = SOLISTENING(so) ? so->sol_sbsnd_hiwat :
3355 so->so_snd.sb_hiwat;
3359 optval = SOLISTENING(so) ? so->sol_sbrcv_hiwat :
3360 so->so_rcv.sb_hiwat;
3364 optval = SOLISTENING(so) ? so->sol_sbsnd_lowat :
3365 so->so_snd.sb_lowat;
3369 optval = SOLISTENING(so) ? so->sol_sbrcv_lowat :
3370 so->so_rcv.sb_lowat;
3375 tv = sbttotv(sopt->sopt_name == SO_SNDTIMEO ?
3376 so->so_snd.sb_timeo : so->so_rcv.sb_timeo);
3377 #ifdef COMPAT_FREEBSD32
3378 if (SV_CURPROC_FLAG(SV_ILP32)) {
3379 struct timeval32 tv32;
3381 CP(tv, tv32, tv_sec);
3382 CP(tv, tv32, tv_usec);
3383 error = sooptcopyout(sopt, &tv32, sizeof tv32);
3386 error = sooptcopyout(sopt, &tv, sizeof tv);
3391 error = sooptcopyin(sopt, &extmac, sizeof(extmac),
3395 error = mac_getsockopt_label(sopt->sopt_td->td_ucred,
3399 error = sooptcopyout(sopt, &extmac, sizeof extmac);
3407 error = sooptcopyin(sopt, &extmac, sizeof(extmac),
3411 error = mac_getsockopt_peerlabel(
3412 sopt->sopt_td->td_ucred, so, &extmac);
3415 error = sooptcopyout(sopt, &extmac, sizeof extmac);
3421 case SO_LISTENQLIMIT:
3422 optval = SOLISTENING(so) ? so->sol_qlimit : 0;
3426 optval = SOLISTENING(so) ? so->sol_qlen : 0;
3429 case SO_LISTENINCQLEN:
3430 optval = SOLISTENING(so) ? so->sol_incqlen : 0;
3434 optval = so->so_ts_clock;
3437 case SO_MAX_PACING_RATE:
3438 optval = so->so_max_pacing_rate;
3442 if (V_socket_hhh[HHOOK_SOCKET_OPT]->hhh_nhooks > 0)
3443 error = hhook_run_socket(so, sopt,
3446 error = ENOPROTOOPT;
3458 soopt_getm(struct sockopt *sopt, struct mbuf **mp)
3460 struct mbuf *m, *m_prev;
3461 int sopt_size = sopt->sopt_valsize;
3463 MGET(m, sopt->sopt_td ? M_WAITOK : M_NOWAIT, MT_DATA);
3466 if (sopt_size > MLEN) {
3467 MCLGET(m, sopt->sopt_td ? M_WAITOK : M_NOWAIT);
3468 if ((m->m_flags & M_EXT) == 0) {
3472 m->m_len = min(MCLBYTES, sopt_size);
3474 m->m_len = min(MLEN, sopt_size);
3476 sopt_size -= m->m_len;
3481 MGET(m, sopt->sopt_td ? M_WAITOK : M_NOWAIT, MT_DATA);
3486 if (sopt_size > MLEN) {
3487 MCLGET(m, sopt->sopt_td != NULL ? M_WAITOK :
3489 if ((m->m_flags & M_EXT) == 0) {
3494 m->m_len = min(MCLBYTES, sopt_size);
3496 m->m_len = min(MLEN, sopt_size);
3498 sopt_size -= m->m_len;
3506 soopt_mcopyin(struct sockopt *sopt, struct mbuf *m)
3508 struct mbuf *m0 = m;
3510 if (sopt->sopt_val == NULL)
3512 while (m != NULL && sopt->sopt_valsize >= m->m_len) {
3513 if (sopt->sopt_td != NULL) {
3516 error = copyin(sopt->sopt_val, mtod(m, char *),
3523 bcopy(sopt->sopt_val, mtod(m, char *), m->m_len);
3524 sopt->sopt_valsize -= m->m_len;
3525 sopt->sopt_val = (char *)sopt->sopt_val + m->m_len;
3528 if (m != NULL) /* should be allocated enoughly at ip6_sooptmcopyin() */
3529 panic("ip6_sooptmcopyin");
3534 soopt_mcopyout(struct sockopt *sopt, struct mbuf *m)
3536 struct mbuf *m0 = m;
3539 if (sopt->sopt_val == NULL)
3541 while (m != NULL && sopt->sopt_valsize >= m->m_len) {
3542 if (sopt->sopt_td != NULL) {
3545 error = copyout(mtod(m, char *), sopt->sopt_val,
3552 bcopy(mtod(m, char *), sopt->sopt_val, m->m_len);
3553 sopt->sopt_valsize -= m->m_len;
3554 sopt->sopt_val = (char *)sopt->sopt_val + m->m_len;
3555 valsize += m->m_len;
3559 /* enough soopt buffer should be given from user-land */
3563 sopt->sopt_valsize = valsize;
3568 * sohasoutofband(): protocol notifies socket layer of the arrival of new
3569 * out-of-band data, which will then notify socket consumers.
3572 sohasoutofband(struct socket *so)
3575 if (so->so_sigio != NULL)
3576 pgsigio(&so->so_sigio, SIGURG, 0);
3577 selwakeuppri(&so->so_rdsel, PSOCK);
3581 sopoll(struct socket *so, int events, struct ucred *active_cred,
3586 * We do not need to set or assert curvnet as long as everyone uses
3589 return (so->so_proto->pr_usrreqs->pru_sopoll(so, events, active_cred,
3594 sopoll_generic(struct socket *so, int events, struct ucred *active_cred,
3600 if (SOLISTENING(so)) {
3601 if (!(events & (POLLIN | POLLRDNORM)))
3603 else if (!TAILQ_EMPTY(&so->sol_comp))
3604 revents = events & (POLLIN | POLLRDNORM);
3605 else if ((events & POLLINIGNEOF) == 0 && so->so_error)
3606 revents = (events & (POLLIN | POLLRDNORM)) | POLLHUP;
3608 selrecord(td, &so->so_rdsel);
3613 SOCK_SENDBUF_LOCK(so);
3614 SOCK_RECVBUF_LOCK(so);
3615 if (events & (POLLIN | POLLRDNORM))
3616 if (soreadabledata(so))
3617 revents |= events & (POLLIN | POLLRDNORM);
3618 if (events & (POLLOUT | POLLWRNORM))
3619 if (sowriteable(so))
3620 revents |= events & (POLLOUT | POLLWRNORM);
3621 if (events & (POLLPRI | POLLRDBAND))
3622 if (so->so_oobmark ||
3623 (so->so_rcv.sb_state & SBS_RCVATMARK))
3624 revents |= events & (POLLPRI | POLLRDBAND);
3625 if ((events & POLLINIGNEOF) == 0) {
3626 if (so->so_rcv.sb_state & SBS_CANTRCVMORE) {
3627 revents |= events & (POLLIN | POLLRDNORM);
3628 if (so->so_snd.sb_state & SBS_CANTSENDMORE)
3632 if (so->so_rcv.sb_state & SBS_CANTRCVMORE)
3633 revents |= events & POLLRDHUP;
3636 (POLLIN | POLLPRI | POLLRDNORM | POLLRDBAND | POLLRDHUP)) {
3637 selrecord(td, &so->so_rdsel);
3638 so->so_rcv.sb_flags |= SB_SEL;
3640 if (events & (POLLOUT | POLLWRNORM)) {
3641 selrecord(td, &so->so_wrsel);
3642 so->so_snd.sb_flags |= SB_SEL;
3645 SOCK_RECVBUF_UNLOCK(so);
3646 SOCK_SENDBUF_UNLOCK(so);
3653 soo_kqfilter(struct file *fp, struct knote *kn)
3655 struct socket *so = kn->kn_fp->f_data;
3660 switch (kn->kn_filter) {
3662 kn->kn_fop = &soread_filtops;
3663 knl = &so->so_rdsel.si_note;
3668 kn->kn_fop = &sowrite_filtops;
3669 knl = &so->so_wrsel.si_note;
3674 kn->kn_fop = &soempty_filtops;
3675 knl = &so->so_wrsel.si_note;
3684 if (SOLISTENING(so)) {
3685 knlist_add(knl, kn, 1);
3687 SOCK_BUF_LOCK(so, which);
3688 knlist_add(knl, kn, 1);
3689 sb->sb_flags |= SB_KNOTE;
3690 SOCK_BUF_UNLOCK(so, which);
3697 * Some routines that return EOPNOTSUPP for entry points that are not
3698 * supported by a protocol. Fill in as needed.
3701 pru_accept_notsupp(struct socket *so, struct sockaddr **nam)
3708 pru_aio_queue_notsupp(struct socket *so, struct kaiocb *job)
3715 pru_attach_notsupp(struct socket *so, int proto, struct thread *td)
3722 pru_bind_notsupp(struct socket *so, struct sockaddr *nam, struct thread *td)
3729 pru_bindat_notsupp(int fd, struct socket *so, struct sockaddr *nam,
3737 pru_connect_notsupp(struct socket *so, struct sockaddr *nam, struct thread *td)
3744 pru_connectat_notsupp(int fd, struct socket *so, struct sockaddr *nam,
3752 pru_connect2_notsupp(struct socket *so1, struct socket *so2)
3759 pru_control_notsupp(struct socket *so, u_long cmd, caddr_t data,
3760 struct ifnet *ifp, struct thread *td)
3767 pru_disconnect_notsupp(struct socket *so)
3774 pru_listen_notsupp(struct socket *so, int backlog, struct thread *td)
3781 pru_peeraddr_notsupp(struct socket *so, struct sockaddr **nam)
3788 pru_rcvd_notsupp(struct socket *so, int flags)
3795 pru_rcvoob_notsupp(struct socket *so, struct mbuf *m, int flags)
3802 pru_send_notsupp(struct socket *so, int flags, struct mbuf *m,
3803 struct sockaddr *addr, struct mbuf *control, struct thread *td)
3806 if (control != NULL)
3808 if ((flags & PRUS_NOTREADY) == 0)
3810 return (EOPNOTSUPP);
3814 pru_ready_notsupp(struct socket *so, struct mbuf *m, int count)
3817 return (EOPNOTSUPP);
3821 * This isn't really a ``null'' operation, but it's the default one and
3822 * doesn't do anything destructive.
3825 pru_sense_null(struct socket *so, struct stat *sb)
3828 sb->st_blksize = so->so_snd.sb_hiwat;
3833 pru_shutdown_notsupp(struct socket *so)
3840 pru_sockaddr_notsupp(struct socket *so, struct sockaddr **nam)
3847 pru_sosend_notsupp(struct socket *so, struct sockaddr *addr, struct uio *uio,
3848 struct mbuf *top, struct mbuf *control, int flags, struct thread *td)
3855 pru_soreceive_notsupp(struct socket *so, struct sockaddr **paddr,
3856 struct uio *uio, struct mbuf **mp0, struct mbuf **controlp, int *flagsp)
3863 pru_sopoll_notsupp(struct socket *so, int events, struct ucred *cred,
3871 filt_sordetach(struct knote *kn)
3873 struct socket *so = kn->kn_fp->f_data;
3876 knlist_remove(&so->so_rdsel.si_note, kn, 1);
3877 if (!SOLISTENING(so) && knlist_empty(&so->so_rdsel.si_note))
3878 so->so_rcv.sb_flags &= ~SB_KNOTE;
3879 so_rdknl_unlock(so);
3884 filt_soread(struct knote *kn, long hint)
3888 so = kn->kn_fp->f_data;
3890 if (SOLISTENING(so)) {
3891 SOCK_LOCK_ASSERT(so);
3892 kn->kn_data = so->sol_qlen;
3894 kn->kn_flags |= EV_EOF;
3895 kn->kn_fflags = so->so_error;
3898 return (!TAILQ_EMPTY(&so->sol_comp));
3901 SOCK_RECVBUF_LOCK_ASSERT(so);
3903 kn->kn_data = sbavail(&so->so_rcv) - so->so_rcv.sb_ctl;
3904 if (so->so_rcv.sb_state & SBS_CANTRCVMORE) {
3905 kn->kn_flags |= EV_EOF;
3906 kn->kn_fflags = so->so_error;
3908 } else if (so->so_error || so->so_rerror)
3911 if (kn->kn_sfflags & NOTE_LOWAT) {
3912 if (kn->kn_data >= kn->kn_sdata)
3914 } else if (sbavail(&so->so_rcv) >= so->so_rcv.sb_lowat)
3917 /* This hook returning non-zero indicates an event, not error */
3918 return (hhook_run_socket(so, NULL, HHOOK_FILT_SOREAD));
3922 filt_sowdetach(struct knote *kn)
3924 struct socket *so = kn->kn_fp->f_data;
3927 knlist_remove(&so->so_wrsel.si_note, kn, 1);
3928 if (!SOLISTENING(so) && knlist_empty(&so->so_wrsel.si_note))
3929 so->so_snd.sb_flags &= ~SB_KNOTE;
3930 so_wrknl_unlock(so);
3935 filt_sowrite(struct knote *kn, long hint)
3939 so = kn->kn_fp->f_data;
3941 if (SOLISTENING(so))
3944 SOCK_SENDBUF_LOCK_ASSERT(so);
3945 kn->kn_data = sbspace(&so->so_snd);
3947 hhook_run_socket(so, kn, HHOOK_FILT_SOWRITE);
3949 if (so->so_snd.sb_state & SBS_CANTSENDMORE) {
3950 kn->kn_flags |= EV_EOF;
3951 kn->kn_fflags = so->so_error;
3953 } else if (so->so_error) /* temporary udp error */
3955 else if (((so->so_state & SS_ISCONNECTED) == 0) &&
3956 (so->so_proto->pr_flags & PR_CONNREQUIRED))
3958 else if (kn->kn_sfflags & NOTE_LOWAT)
3959 return (kn->kn_data >= kn->kn_sdata);
3961 return (kn->kn_data >= so->so_snd.sb_lowat);
3965 filt_soempty(struct knote *kn, long hint)
3969 so = kn->kn_fp->f_data;
3971 if (SOLISTENING(so))
3974 SOCK_SENDBUF_LOCK_ASSERT(so);
3975 kn->kn_data = sbused(&so->so_snd);
3977 if (kn->kn_data == 0)
3984 socheckuid(struct socket *so, uid_t uid)
3989 if (so->so_cred->cr_uid != uid)
3995 * These functions are used by protocols to notify the socket layer (and its
3996 * consumers) of state changes in the sockets driven by protocol-side events.
4000 * Procedures to manipulate state flags of socket and do appropriate wakeups.
4002 * Normal sequence from the active (originating) side is that
4003 * soisconnecting() is called during processing of connect() call, resulting
4004 * in an eventual call to soisconnected() if/when the connection is
4005 * established. When the connection is torn down soisdisconnecting() is
4006 * called during processing of disconnect() call, and soisdisconnected() is
4007 * called when the connection to the peer is totally severed. The semantics
4008 * of these routines are such that connectionless protocols can call
4009 * soisconnected() and soisdisconnected() only, bypassing the in-progress
4010 * calls when setting up a ``connection'' takes no time.
4012 * From the passive side, a socket is created with two queues of sockets:
4013 * so_incomp for connections in progress and so_comp for connections already
4014 * made and awaiting user acceptance. As a protocol is preparing incoming
4015 * connections, it creates a socket structure queued on so_incomp by calling
4016 * sonewconn(). When the connection is established, soisconnected() is
4017 * called, and transfers the socket structure to so_comp, making it available
4020 * If a socket is closed with sockets on either so_incomp or so_comp, these
4021 * sockets are dropped.
4023 * If higher-level protocols are implemented in the kernel, the wakeups done
4024 * here will sometimes cause software-interrupt process scheduling.
4027 soisconnecting(struct socket *so)
4031 so->so_state &= ~(SS_ISCONNECTED|SS_ISDISCONNECTING);
4032 so->so_state |= SS_ISCONNECTING;
4037 soisconnected(struct socket *so)
4039 bool last __diagused;
4042 so->so_state &= ~(SS_ISCONNECTING|SS_ISDISCONNECTING|SS_ISCONFIRMING);
4043 so->so_state |= SS_ISCONNECTED;
4045 if (so->so_qstate == SQ_INCOMP) {
4046 struct socket *head = so->so_listen;
4049 KASSERT(head, ("%s: so %p on incomp of NULL", __func__, so));
4051 * Promoting a socket from incomplete queue to complete, we
4052 * need to go through reverse order of locking. We first do
4053 * trylock, and if that doesn't succeed, we go the hard way
4054 * leaving a reference and rechecking consistency after proper
4057 if (__predict_false(SOLISTEN_TRYLOCK(head) == 0)) {
4060 SOLISTEN_LOCK(head);
4062 if (__predict_false(head != so->so_listen)) {
4064 * The socket went off the listen queue,
4065 * should be lost race to close(2) of sol.
4066 * The socket is about to soabort().
4069 sorele_locked(head);
4072 last = refcount_release(&head->so_count);
4073 KASSERT(!last, ("%s: released last reference for %p",
4077 if ((so->so_options & SO_ACCEPTFILTER) == 0) {
4078 TAILQ_REMOVE(&head->sol_incomp, so, so_list);
4079 head->sol_incqlen--;
4080 TAILQ_INSERT_TAIL(&head->sol_comp, so, so_list);
4082 so->so_qstate = SQ_COMP;
4084 solisten_wakeup(head); /* unlocks */
4086 SOCK_RECVBUF_LOCK(so);
4087 soupcall_set(so, SO_RCV,
4088 head->sol_accept_filter->accf_callback,
4089 head->sol_accept_filter_arg);
4090 so->so_options &= ~SO_ACCEPTFILTER;
4091 ret = head->sol_accept_filter->accf_callback(so,
4092 head->sol_accept_filter_arg, M_NOWAIT);
4093 if (ret == SU_ISCONNECTED) {
4094 soupcall_clear(so, SO_RCV);
4095 SOCK_RECVBUF_UNLOCK(so);
4098 SOCK_RECVBUF_UNLOCK(so);
4100 SOLISTEN_UNLOCK(head);
4105 wakeup(&so->so_timeo);
4111 soisdisconnecting(struct socket *so)
4115 so->so_state &= ~SS_ISCONNECTING;
4116 so->so_state |= SS_ISDISCONNECTING;
4118 if (!SOLISTENING(so)) {
4119 SOCK_RECVBUF_LOCK(so);
4120 socantrcvmore_locked(so);
4121 SOCK_SENDBUF_LOCK(so);
4122 socantsendmore_locked(so);
4125 wakeup(&so->so_timeo);
4129 soisdisconnected(struct socket *so)
4135 * There is at least one reader of so_state that does not
4136 * acquire socket lock, namely soreceive_generic(). Ensure
4137 * that it never sees all flags that track connection status
4138 * cleared, by ordering the update with a barrier semantic of
4139 * our release thread fence.
4141 so->so_state |= SS_ISDISCONNECTED;
4142 atomic_thread_fence_rel();
4143 so->so_state &= ~(SS_ISCONNECTING|SS_ISCONNECTED|SS_ISDISCONNECTING);
4145 if (!SOLISTENING(so)) {
4147 SOCK_RECVBUF_LOCK(so);
4148 socantrcvmore_locked(so);
4149 SOCK_SENDBUF_LOCK(so);
4150 sbdrop_locked(&so->so_snd, sbused(&so->so_snd));
4151 socantsendmore_locked(so);
4154 wakeup(&so->so_timeo);
4158 soiolock(struct socket *so, struct sx *sx, int flags)
4162 KASSERT((flags & SBL_VALID) == flags,
4163 ("soiolock: invalid flags %#x", flags));
4165 if ((flags & SBL_WAIT) != 0) {
4166 if ((flags & SBL_NOINTR) != 0) {
4169 error = sx_xlock_sig(sx);
4173 } else if (!sx_try_xlock(sx)) {
4174 return (EWOULDBLOCK);
4177 if (__predict_false(SOLISTENING(so))) {
4185 soiounlock(struct sx *sx)
4191 * Make a copy of a sockaddr in a malloced buffer of type M_SONAME.
4194 sodupsockaddr(const struct sockaddr *sa, int mflags)
4196 struct sockaddr *sa2;
4198 sa2 = malloc(sa->sa_len, M_SONAME, mflags);
4200 bcopy(sa, sa2, sa->sa_len);
4205 * Register per-socket destructor.
4208 sodtor_set(struct socket *so, so_dtor_t *func)
4211 SOCK_LOCK_ASSERT(so);
4216 * Register per-socket buffer upcalls.
4219 soupcall_set(struct socket *so, sb_which which, so_upcall_t func, void *arg)
4223 KASSERT(!SOLISTENING(so), ("%s: so %p listening", __func__, so));
4233 SOCK_BUF_LOCK_ASSERT(so, which);
4234 sb->sb_upcall = func;
4235 sb->sb_upcallarg = arg;
4236 sb->sb_flags |= SB_UPCALL;
4240 soupcall_clear(struct socket *so, sb_which which)
4244 KASSERT(!SOLISTENING(so), ("%s: so %p listening", __func__, so));
4254 SOCK_BUF_LOCK_ASSERT(so, which);
4255 KASSERT(sb->sb_upcall != NULL,
4256 ("%s: so %p no upcall to clear", __func__, so));
4257 sb->sb_upcall = NULL;
4258 sb->sb_upcallarg = NULL;
4259 sb->sb_flags &= ~SB_UPCALL;
4263 solisten_upcall_set(struct socket *so, so_upcall_t func, void *arg)
4266 SOLISTEN_LOCK_ASSERT(so);
4267 so->sol_upcall = func;
4268 so->sol_upcallarg = arg;
4272 so_rdknl_lock(void *arg)
4274 struct socket *so = arg;
4276 if (SOLISTENING(so))
4279 SOCK_RECVBUF_LOCK(so);
4283 so_rdknl_unlock(void *arg)
4285 struct socket *so = arg;
4287 if (SOLISTENING(so))
4290 SOCK_RECVBUF_UNLOCK(so);
4294 so_rdknl_assert_lock(void *arg, int what)
4296 struct socket *so = arg;
4298 if (what == LA_LOCKED) {
4299 if (SOLISTENING(so))
4300 SOCK_LOCK_ASSERT(so);
4302 SOCK_RECVBUF_LOCK_ASSERT(so);
4304 if (SOLISTENING(so))
4305 SOCK_UNLOCK_ASSERT(so);
4307 SOCK_RECVBUF_UNLOCK_ASSERT(so);
4312 so_wrknl_lock(void *arg)
4314 struct socket *so = arg;
4316 if (SOLISTENING(so))
4319 SOCK_SENDBUF_LOCK(so);
4323 so_wrknl_unlock(void *arg)
4325 struct socket *so = arg;
4327 if (SOLISTENING(so))
4330 SOCK_SENDBUF_UNLOCK(so);
4334 so_wrknl_assert_lock(void *arg, int what)
4336 struct socket *so = arg;
4338 if (what == LA_LOCKED) {
4339 if (SOLISTENING(so))
4340 SOCK_LOCK_ASSERT(so);
4342 SOCK_SENDBUF_LOCK_ASSERT(so);
4344 if (SOLISTENING(so))
4345 SOCK_UNLOCK_ASSERT(so);
4347 SOCK_SENDBUF_UNLOCK_ASSERT(so);
4352 * Create an external-format (``xsocket'') structure using the information in
4353 * the kernel-format socket structure pointed to by so. This is done to
4354 * reduce the spew of irrelevant information over this interface, to isolate
4355 * user code from changes in the kernel structure, and potentially to provide
4356 * information-hiding if we decide that some of this information should be
4357 * hidden from users.
4360 sotoxsocket(struct socket *so, struct xsocket *xso)
4363 bzero(xso, sizeof(*xso));
4364 xso->xso_len = sizeof *xso;
4365 xso->xso_so = (uintptr_t)so;
4366 xso->so_type = so->so_type;
4367 xso->so_options = so->so_options;
4368 xso->so_linger = so->so_linger;
4369 xso->so_state = so->so_state;
4370 xso->so_pcb = (uintptr_t)so->so_pcb;
4371 xso->xso_protocol = so->so_proto->pr_protocol;
4372 xso->xso_family = so->so_proto->pr_domain->dom_family;
4373 xso->so_timeo = so->so_timeo;
4374 xso->so_error = so->so_error;
4375 xso->so_uid = so->so_cred->cr_uid;
4376 xso->so_pgid = so->so_sigio ? so->so_sigio->sio_pgid : 0;
4377 if (SOLISTENING(so)) {
4378 xso->so_qlen = so->sol_qlen;
4379 xso->so_incqlen = so->sol_incqlen;
4380 xso->so_qlimit = so->sol_qlimit;
4381 xso->so_oobmark = 0;
4383 xso->so_state |= so->so_qstate;
4384 xso->so_qlen = xso->so_incqlen = xso->so_qlimit = 0;
4385 xso->so_oobmark = so->so_oobmark;
4386 sbtoxsockbuf(&so->so_snd, &xso->so_snd);
4387 sbtoxsockbuf(&so->so_rcv, &xso->so_rcv);
4392 so_sockbuf_rcv(struct socket *so)
4395 return (&so->so_rcv);
4399 so_sockbuf_snd(struct socket *so)
4402 return (&so->so_snd);
4406 so_state_get(const struct socket *so)
4409 return (so->so_state);
4413 so_state_set(struct socket *so, int val)
4420 so_options_get(const struct socket *so)
4423 return (so->so_options);
4427 so_options_set(struct socket *so, int val)
4430 so->so_options = val;
4434 so_error_get(const struct socket *so)
4437 return (so->so_error);
4441 so_error_set(struct socket *so, int val)
4448 so_linger_get(const struct socket *so)
4451 return (so->so_linger);
4455 so_linger_set(struct socket *so, int val)
4458 KASSERT(val >= 0 && val <= USHRT_MAX && val <= (INT_MAX / hz),
4459 ("%s: val %d out of range", __func__, val));
4461 so->so_linger = val;
4465 so_protosw_get(const struct socket *so)
4468 return (so->so_proto);
4472 so_protosw_set(struct socket *so, struct protosw *val)
4479 so_sorwakeup(struct socket *so)
4486 so_sowwakeup(struct socket *so)
4493 so_sorwakeup_locked(struct socket *so)
4496 sorwakeup_locked(so);
4500 so_sowwakeup_locked(struct socket *so)
4503 sowwakeup_locked(so);
4507 so_lock(struct socket *so)
4514 so_unlock(struct socket *so)