2 * Copyright (c) 2004 The FreeBSD Foundation
3 * Copyright (c) 2004-2005 Robert N. M. Watson
4 * Copyright (c) 1982, 1986, 1988, 1990, 1993
5 * The Regents of the University of California. All rights reserved.
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
15 * 4. Neither the name of the University nor the names of its contributors
16 * may be used to endorse or promote products derived from this software
17 * without specific prior written permission.
19 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
20 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
21 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
22 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
23 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
24 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
25 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
26 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
27 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
28 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 * @(#)uipc_socket.c 8.3 (Berkeley) 4/15/94
34 #include <sys/cdefs.h>
35 __FBSDID("$FreeBSD$");
40 #include "opt_compat.h"
42 #include <sys/param.h>
43 #include <sys/systm.h>
44 #include <sys/fcntl.h>
45 #include <sys/limits.h>
48 #include <sys/malloc.h>
50 #include <sys/mutex.h>
51 #include <sys/domain.h>
52 #include <sys/file.h> /* for struct knote */
53 #include <sys/kernel.h>
54 #include <sys/event.h>
57 #include <sys/protosw.h>
58 #include <sys/socket.h>
59 #include <sys/socketvar.h>
60 #include <sys/resourcevar.h>
61 #include <sys/signalvar.h>
62 #include <sys/sysctl.h>
69 #include <sys/mount.h>
70 #include <compat/freebsd32/freebsd32.h>
72 extern struct sysentvec ia32_freebsd_sysvec;
75 static int soreceive_rcvoob(struct socket *so, struct uio *uio,
78 static void filt_sordetach(struct knote *kn);
79 static int filt_soread(struct knote *kn, long hint);
80 static void filt_sowdetach(struct knote *kn);
81 static int filt_sowrite(struct knote *kn, long hint);
82 static int filt_solisten(struct knote *kn, long hint);
84 static struct filterops solisten_filtops =
85 { 1, NULL, filt_sordetach, filt_solisten };
86 static struct filterops soread_filtops =
87 { 1, NULL, filt_sordetach, filt_soread };
88 static struct filterops sowrite_filtops =
89 { 1, NULL, filt_sowdetach, filt_sowrite };
91 uma_zone_t socket_zone;
92 so_gen_t so_gencnt; /* generation count for sockets */
94 MALLOC_DEFINE(M_SONAME, "soname", "socket name");
95 MALLOC_DEFINE(M_PCB, "pcb", "protocol control block");
97 SYSCTL_DECL(_kern_ipc);
99 static int somaxconn = SOMAXCONN;
100 static int somaxconn_sysctl(SYSCTL_HANDLER_ARGS);
101 /* XXX: we dont have SYSCTL_USHORT */
102 SYSCTL_PROC(_kern_ipc, KIPC_SOMAXCONN, somaxconn, CTLTYPE_UINT | CTLFLAG_RW,
103 0, sizeof(int), somaxconn_sysctl, "I", "Maximum pending socket connection "
105 static int numopensockets;
106 SYSCTL_INT(_kern_ipc, OID_AUTO, numopensockets, CTLFLAG_RD,
107 &numopensockets, 0, "Number of open sockets");
108 #ifdef ZERO_COPY_SOCKETS
109 /* These aren't static because they're used in other files. */
110 int so_zero_copy_send = 1;
111 int so_zero_copy_receive = 1;
112 SYSCTL_NODE(_kern_ipc, OID_AUTO, zero_copy, CTLFLAG_RD, 0,
113 "Zero copy controls");
114 SYSCTL_INT(_kern_ipc_zero_copy, OID_AUTO, receive, CTLFLAG_RW,
115 &so_zero_copy_receive, 0, "Enable zero copy receive");
116 SYSCTL_INT(_kern_ipc_zero_copy, OID_AUTO, send, CTLFLAG_RW,
117 &so_zero_copy_send, 0, "Enable zero copy send");
118 #endif /* ZERO_COPY_SOCKETS */
121 * accept_mtx locks down per-socket fields relating to accept queues. See
122 * socketvar.h for an annotation of the protected fields of struct socket.
124 struct mtx accept_mtx;
125 MTX_SYSINIT(accept_mtx, &accept_mtx, "accept", MTX_DEF);
128 * so_global_mtx protects so_gencnt, numopensockets, and the per-socket
131 static struct mtx so_global_mtx;
132 MTX_SYSINIT(so_global_mtx, &so_global_mtx, "so_glabel", MTX_DEF);
135 * Socket operation routines.
136 * These routines are called by the routines in
137 * sys_socket.c or from a system process, and
138 * implement the semantics of socket operations by
139 * switching out to the protocol specific routines.
143 * Get a socket structure from our zone, and initialize it.
144 * Note that it would probably be better to allocate socket
145 * and PCB at the same time, but I'm not convinced that all
146 * the protocols can be easily modified to do this.
148 * soalloc() returns a socket with a ref count of 0.
155 so = uma_zalloc(socket_zone, M_NOWAIT | M_ZERO);
159 if (mac_init_socket(so, M_NOWAIT) != 0) {
160 uma_zfree(socket_zone, so);
164 SOCKBUF_LOCK_INIT(&so->so_snd, "so_snd");
165 SOCKBUF_LOCK_INIT(&so->so_rcv, "so_rcv");
166 TAILQ_INIT(&so->so_aiojobq);
167 mtx_lock(&so_global_mtx);
168 so->so_gencnt = ++so_gencnt;
170 mtx_unlock(&so_global_mtx);
175 * socreate returns a socket with a ref count of 1. The socket should be
176 * closed with soclose().
179 socreate(dom, aso, type, proto, cred, td)
192 prp = pffindproto(dom, proto, type);
194 prp = pffindtype(dom, type);
196 if (prp == NULL || prp->pr_usrreqs->pru_attach == NULL ||
197 prp->pr_usrreqs->pru_attach == pru_attach_notsupp)
198 return (EPROTONOSUPPORT);
200 if (jailed(cred) && jail_socket_unixiproute_only &&
201 prp->pr_domain->dom_family != PF_LOCAL &&
202 prp->pr_domain->dom_family != PF_INET &&
203 prp->pr_domain->dom_family != PF_ROUTE) {
204 return (EPROTONOSUPPORT);
207 if (prp->pr_type != type)
213 TAILQ_INIT(&so->so_incomp);
214 TAILQ_INIT(&so->so_comp);
216 so->so_cred = crhold(cred);
219 mac_create_socket(cred, so);
221 knlist_init(&so->so_rcv.sb_sel.si_note, SOCKBUF_MTX(&so->so_rcv),
223 knlist_init(&so->so_snd.sb_sel.si_note, SOCKBUF_MTX(&so->so_snd),
226 error = (*prp->pr_usrreqs->pru_attach)(so, proto, td);
230 so->so_state |= SS_NOFDREF;
241 struct sockaddr *nam;
245 return ((*so->so_proto->pr_usrreqs->pru_bind)(so, nam, td));
249 sodealloc(struct socket *so)
252 KASSERT(so->so_count == 0, ("sodealloc(): so_count %d", so->so_count));
253 mtx_lock(&so_global_mtx);
254 so->so_gencnt = ++so_gencnt;
255 mtx_unlock(&so_global_mtx);
256 if (so->so_rcv.sb_hiwat)
257 (void)chgsbsize(so->so_cred->cr_uidinfo,
258 &so->so_rcv.sb_hiwat, 0, RLIM_INFINITY);
259 if (so->so_snd.sb_hiwat)
260 (void)chgsbsize(so->so_cred->cr_uidinfo,
261 &so->so_snd.sb_hiwat, 0, RLIM_INFINITY);
263 /* remove acccept filter if one is present. */
264 if (so->so_accf != NULL)
265 do_setopt_accept_filter(so, NULL);
268 mac_destroy_socket(so);
271 SOCKBUF_LOCK_DESTROY(&so->so_snd);
272 SOCKBUF_LOCK_DESTROY(&so->so_rcv);
273 uma_zfree(socket_zone, so);
274 mtx_lock(&so_global_mtx);
276 mtx_unlock(&so_global_mtx);
280 * solisten() transitions a socket from a non-listening state to a listening
281 * state, but can also be used to update the listen queue depth on an
282 * existing listen socket. The protocol will call back into the sockets
283 * layer using solisten_proto_check() and solisten_proto() to check and set
284 * socket-layer listen state. Call backs are used so that the protocol can
285 * acquire both protocol and socket layer locks in whatever order is required
288 * Protocol implementors are advised to hold the socket lock across the
289 * socket-layer test and set to avoid races at the socket layer.
292 solisten(so, backlog, td)
299 error = (*so->so_proto->pr_usrreqs->pru_listen)(so, td);
304 * XXXRW: The following state adjustment should occur in
305 * solisten_proto(), but we don't currently pass the backlog request
306 * to the protocol via pru_listen().
308 if (backlog < 0 || backlog > somaxconn)
310 so->so_qlimit = backlog;
315 solisten_proto_check(so)
319 SOCK_LOCK_ASSERT(so);
321 if (so->so_state & (SS_ISCONNECTED | SS_ISCONNECTING |
332 SOCK_LOCK_ASSERT(so);
334 so->so_options |= SO_ACCEPTCONN;
338 * Attempt to free a socket. This should really be sotryfree().
340 * We free the socket if the protocol is no longer interested in the socket,
341 * there's no file descriptor reference, and the refcount is 0. While the
342 * calling macro sotryfree() tests the refcount, sofree() has to test it
343 * again as it's possible to race with an accept()ing thread if the socket is
344 * in an listen queue of a listen socket, as being in the listen queue
345 * doesn't elevate the reference count. sofree() acquires the accept mutex
346 * early for this test in order to avoid that race.
354 ACCEPT_LOCK_ASSERT();
355 SOCK_LOCK_ASSERT(so);
357 if (so->so_pcb != NULL || (so->so_state & SS_NOFDREF) == 0 ||
366 KASSERT((so->so_qstate & SQ_COMP) != 0 ||
367 (so->so_qstate & SQ_INCOMP) != 0,
368 ("sofree: so_head != NULL, but neither SQ_COMP nor "
370 KASSERT((so->so_qstate & SQ_COMP) == 0 ||
371 (so->so_qstate & SQ_INCOMP) == 0,
372 ("sofree: so->so_qstate is SQ_COMP and also SQ_INCOMP"));
374 * accept(2) is responsible draining the completed
375 * connection queue and freeing those sockets, so
376 * we just return here if this socket is currently
377 * on the completed connection queue. Otherwise,
378 * accept(2) may hang after select(2) has indicating
379 * that a listening socket was ready. If it's an
380 * incomplete connection, we remove it from the queue
381 * and free it; otherwise, it won't be released until
382 * the listening socket is closed.
384 if ((so->so_qstate & SQ_COMP) != 0) {
389 TAILQ_REMOVE(&head->so_incomp, so, so_list);
391 so->so_qstate &= ~SQ_INCOMP;
394 KASSERT((so->so_qstate & SQ_COMP) == 0 &&
395 (so->so_qstate & SQ_INCOMP) == 0,
396 ("sofree: so_head == NULL, but still SQ_COMP(%d) or SQ_INCOMP(%d)",
397 so->so_qstate & SQ_COMP, so->so_qstate & SQ_INCOMP));
400 SOCKBUF_LOCK(&so->so_snd);
401 so->so_snd.sb_flags |= SB_NOINTR;
402 (void)sblock(&so->so_snd, M_WAITOK);
404 * socantsendmore_locked() drops the socket buffer mutex so that it
405 * can safely perform wakeups. Re-acquire the mutex before
408 socantsendmore_locked(so);
409 SOCKBUF_LOCK(&so->so_snd);
410 sbunlock(&so->so_snd);
411 sbrelease_locked(&so->so_snd, so);
412 SOCKBUF_UNLOCK(&so->so_snd);
414 knlist_destroy(&so->so_rcv.sb_sel.si_note);
415 knlist_destroy(&so->so_snd.sb_sel.si_note);
420 * Close a socket on last file table reference removal.
421 * Initiate disconnect if connected.
422 * Free socket when disconnect complete.
424 * This function will sorele() the socket. Note that soclose() may be
425 * called prior to the ref count reaching zero. The actual socket
426 * structure will not be freed until the ref count reaches zero.
434 KASSERT(!(so->so_state & SS_NOFDREF), ("soclose: SS_NOFDREF on enter"));
436 funsetown(&so->so_sigio);
437 if (so->so_pcb == NULL)
439 if (so->so_state & SS_ISCONNECTED) {
440 if ((so->so_state & SS_ISDISCONNECTING) == 0) {
441 error = sodisconnect(so);
445 if (so->so_options & SO_LINGER) {
446 if ((so->so_state & SS_ISDISCONNECTING) &&
447 (so->so_state & SS_NBIO))
449 while (so->so_state & SS_ISCONNECTED) {
450 error = tsleep(&so->so_timeo,
451 PSOCK | PCATCH, "soclos", so->so_linger * hz);
458 if (so->so_pcb != NULL) {
459 int error2 = (*so->so_proto->pr_usrreqs->pru_detach)(so);
463 if (so->so_options & SO_ACCEPTCONN) {
466 while ((sp = TAILQ_FIRST(&so->so_incomp)) != NULL) {
467 TAILQ_REMOVE(&so->so_incomp, sp, so_list);
469 sp->so_qstate &= ~SQ_INCOMP;
475 while ((sp = TAILQ_FIRST(&so->so_comp)) != NULL) {
476 TAILQ_REMOVE(&so->so_comp, sp, so_list);
478 sp->so_qstate &= ~SQ_COMP;
489 KASSERT((so->so_state & SS_NOFDREF) == 0, ("soclose: NOFDREF"));
490 so->so_state |= SS_NOFDREF;
496 * soabort() must not be called with any socket locks held, as it calls
497 * into the protocol, which will call back into the socket code causing
498 * it to acquire additional socket locks that may cause recursion or lock
507 error = (*so->so_proto->pr_usrreqs->pru_abort)(so);
511 sotryfree(so); /* note: does not decrement the ref count */
520 struct sockaddr **nam;
525 KASSERT((so->so_state & SS_NOFDREF) != 0, ("soaccept: !NOFDREF"));
526 so->so_state &= ~SS_NOFDREF;
528 error = (*so->so_proto->pr_usrreqs->pru_accept)(so, nam);
533 soconnect(so, nam, td)
535 struct sockaddr *nam;
540 if (so->so_options & SO_ACCEPTCONN)
543 * If protocol is connection-based, can only connect once.
544 * Otherwise, if connected, try to disconnect first.
545 * This allows user to disconnect by connecting to, e.g.,
548 if (so->so_state & (SS_ISCONNECTED|SS_ISCONNECTING) &&
549 ((so->so_proto->pr_flags & PR_CONNREQUIRED) ||
550 (error = sodisconnect(so)))) {
554 * Prevent accumulated error from previous connection
558 error = (*so->so_proto->pr_usrreqs->pru_connect)(so, nam, td);
570 return ((*so1->so_proto->pr_usrreqs->pru_connect2)(so1, so2));
579 if ((so->so_state & SS_ISCONNECTED) == 0)
581 if (so->so_state & SS_ISDISCONNECTING)
583 error = (*so->so_proto->pr_usrreqs->pru_disconnect)(so);
587 #define SBLOCKWAIT(f) (((f) & MSG_DONTWAIT) ? M_NOWAIT : M_WAITOK)
590 * If send must go all at once and message is larger than
591 * send buffering, then hard error.
592 * Lock against other senders.
593 * If must go all at once and not enough room now, then
594 * inform user that this would block and do nothing.
595 * Otherwise, if nonblocking, send as much as possible.
596 * The data to be sent is described by "uio" if nonzero,
597 * otherwise by the mbuf chain "top" (which must be null
598 * if uio is not). Data provided in mbuf chain must be small
599 * enough to send all at once.
601 * Returns nonzero on error, timeout or signal; callers
602 * must check for short counts if EINTR/ERESTART are returned.
603 * Data and control buffers are freed on return.
606 #ifdef ZERO_COPY_SOCKETS
607 struct so_zerocopy_stats{
612 struct so_zerocopy_stats so_zerocp_stats = {0,0,0};
613 #include <netinet/in.h>
614 #include <net/route.h>
615 #include <netinet/in_pcb.h>
617 #include <vm/vm_page.h>
618 #include <vm/vm_object.h>
619 #endif /*ZERO_COPY_SOCKETS*/
622 sosend(so, addr, uio, top, control, flags, td)
624 struct sockaddr *addr;
627 struct mbuf *control;
633 long space, len = 0, resid;
634 int clen = 0, error, dontroute;
635 int atomic = sosendallatonce(so) || top;
636 #ifdef ZERO_COPY_SOCKETS
638 #endif /* ZERO_COPY_SOCKETS */
641 resid = uio->uio_resid;
643 resid = top->m_pkthdr.len;
645 * In theory resid should be unsigned.
646 * However, space must be signed, as it might be less than 0
647 * if we over-committed, and we must use a signed comparison
648 * of space and resid. On the other hand, a negative resid
649 * causes us to loop sending 0-length segments to the protocol.
651 * Also check to make sure that MSG_EOR isn't used on SOCK_STREAM
652 * type sockets since that's an error.
654 if (resid < 0 || (so->so_type == SOCK_STREAM && (flags & MSG_EOR))) {
660 (flags & MSG_DONTROUTE) && (so->so_options & SO_DONTROUTE) == 0 &&
661 (so->so_proto->pr_flags & PR_ATOMIC);
663 td->td_proc->p_stats->p_ru.ru_msgsnd++;
665 clen = control->m_len;
666 #define snderr(errno) { error = (errno); goto release; }
668 SOCKBUF_LOCK(&so->so_snd);
670 SOCKBUF_LOCK_ASSERT(&so->so_snd);
671 error = sblock(&so->so_snd, SBLOCKWAIT(flags));
675 SOCKBUF_LOCK_ASSERT(&so->so_snd);
676 if (so->so_snd.sb_state & SBS_CANTSENDMORE)
679 error = so->so_error;
683 if ((so->so_state & SS_ISCONNECTED) == 0) {
685 * `sendto' and `sendmsg' is allowed on a connection-
686 * based socket if it supports implied connect.
687 * Return ENOTCONN if not connected and no address is
690 if ((so->so_proto->pr_flags & PR_CONNREQUIRED) &&
691 (so->so_proto->pr_flags & PR_IMPLOPCL) == 0) {
692 if ((so->so_state & SS_ISCONFIRMING) == 0 &&
693 !(resid == 0 && clen != 0))
695 } else if (addr == NULL)
696 snderr(so->so_proto->pr_flags & PR_CONNREQUIRED ?
697 ENOTCONN : EDESTADDRREQ);
699 space = sbspace(&so->so_snd);
702 if ((atomic && resid > so->so_snd.sb_hiwat) ||
703 clen > so->so_snd.sb_hiwat)
705 if (space < resid + clen &&
706 (atomic || space < so->so_snd.sb_lowat || space < clen)) {
707 if ((so->so_state & SS_NBIO) || (flags & MSG_NBIO))
709 sbunlock(&so->so_snd);
710 error = sbwait(&so->so_snd);
715 SOCKBUF_UNLOCK(&so->so_snd);
721 * Data is prepackaged in "top".
725 top->m_flags |= M_EOR;
727 #ifdef ZERO_COPY_SOCKETS
729 #endif /* ZERO_COPY_SOCKETS */
730 if (resid >= MINCLSIZE) {
731 #ifdef ZERO_COPY_SOCKETS
733 MGETHDR(m, M_TRYWAIT, MT_DATA);
736 SOCKBUF_LOCK(&so->so_snd);
740 m->m_pkthdr.rcvif = NULL;
742 MGET(m, M_TRYWAIT, MT_DATA);
745 SOCKBUF_LOCK(&so->so_snd);
749 if (so_zero_copy_send &&
752 uio->uio_iov->iov_len>=PAGE_SIZE) {
753 so_zerocp_stats.size_ok++;
754 so_zerocp_stats.align_ok++;
755 cow_send = socow_setup(m, uio);
759 MCLGET(m, M_TRYWAIT);
760 if ((m->m_flags & M_EXT) == 0) {
764 len = min(min(MCLBYTES, resid), space);
767 #else /* ZERO_COPY_SOCKETS */
769 m = m_getcl(M_TRYWAIT, MT_DATA, M_PKTHDR);
771 m->m_pkthdr.rcvif = NULL;
773 m = m_getcl(M_TRYWAIT, MT_DATA, 0);
774 len = min(min(MCLBYTES, resid), space);
775 #endif /* ZERO_COPY_SOCKETS */
778 m = m_gethdr(M_TRYWAIT, MT_DATA);
780 m->m_pkthdr.rcvif = NULL;
782 len = min(min(MHLEN, resid), space);
784 * For datagram protocols, leave room
785 * for protocol headers in first mbuf.
787 if (atomic && m && len < MHLEN)
790 m = m_get(M_TRYWAIT, MT_DATA);
791 len = min(min(MLEN, resid), space);
796 SOCKBUF_LOCK(&so->so_snd);
801 #ifdef ZERO_COPY_SOCKETS
805 #endif /* ZERO_COPY_SOCKETS */
806 error = uiomove(mtod(m, void *), (int)len, uio);
807 resid = uio->uio_resid;
810 top->m_pkthdr.len += len;
812 SOCKBUF_LOCK(&so->so_snd);
818 top->m_flags |= M_EOR;
821 } while (space > 0 && atomic);
824 so->so_options |= SO_DONTROUTE;
828 * XXX all the SBS_CANTSENDMORE checks previously
829 * done could be out of date. We could have recieved
830 * a reset packet in an interrupt or maybe we slept
831 * while doing page faults in uiomove() etc. We could
832 * probably recheck again inside the locking protection
833 * here, but there are probably other places that this
834 * also happens. We must rethink this.
836 error = (*so->so_proto->pr_usrreqs->pru_send)(so,
837 (flags & MSG_OOB) ? PRUS_OOB :
839 * If the user set MSG_EOF, the protocol
840 * understands this flag and nothing left to
841 * send then use PRU_SEND_EOF instead of PRU_SEND.
843 ((flags & MSG_EOF) &&
844 (so->so_proto->pr_flags & PR_IMPLOPCL) &&
847 /* If there is more to send set PRUS_MORETOCOME */
848 (resid > 0 && space > 0) ? PRUS_MORETOCOME : 0,
849 top, addr, control, td);
852 so->so_options &= ~SO_DONTROUTE;
860 SOCKBUF_LOCK(&so->so_snd);
863 } while (resid && space > 0);
864 SOCKBUF_LOCK(&so->so_snd);
868 SOCKBUF_LOCK_ASSERT(&so->so_snd);
869 sbunlock(&so->so_snd);
871 SOCKBUF_LOCK_ASSERT(&so->so_snd);
872 SOCKBUF_UNLOCK(&so->so_snd);
882 * The part of soreceive() that implements reading non-inline out-of-band
883 * data from a socket. For more complete comments, see soreceive(), from
884 * which this code originated.
886 * Note that soreceive_rcvoob(), unlike the remainder of soreceive(), is
887 * unable to return an mbuf chain to the caller.
890 soreceive_rcvoob(so, uio, flags)
895 struct protosw *pr = so->so_proto;
899 KASSERT(flags & MSG_OOB, ("soreceive_rcvoob: (flags & MSG_OOB) == 0"));
901 m = m_get(M_TRYWAIT, MT_DATA);
904 error = (*pr->pr_usrreqs->pru_rcvoob)(so, m, flags & MSG_PEEK);
908 #ifdef ZERO_COPY_SOCKETS
909 if (so_zero_copy_receive) {
912 if ((m->m_flags & M_EXT)
913 && (m->m_ext.ext_type == EXT_DISPOSABLE))
918 error = uiomoveco(mtod(m, void *),
919 min(uio->uio_resid, m->m_len),
922 #endif /* ZERO_COPY_SOCKETS */
923 error = uiomove(mtod(m, void *),
924 (int) min(uio->uio_resid, m->m_len), uio);
926 } while (uio->uio_resid && error == 0 && m);
934 * Following replacement or removal of the first mbuf on the first mbuf chain
935 * of a socket buffer, push necessary state changes back into the socket
936 * buffer so that other consumers see the values consistently. 'nextrecord'
937 * is the callers locally stored value of the original value of
938 * sb->sb_mb->m_nextpkt which must be restored when the lead mbuf changes.
939 * NOTE: 'nextrecord' may be NULL.
942 sockbuf_pushsync(struct sockbuf *sb, struct mbuf *nextrecord)
945 SOCKBUF_LOCK_ASSERT(sb);
947 * First, update for the new value of nextrecord. If necessary, make
948 * it the first record.
950 if (sb->sb_mb != NULL)
951 sb->sb_mb->m_nextpkt = nextrecord;
953 sb->sb_mb = nextrecord;
956 * Now update any dependent socket buffer fields to reflect the new
957 * state. This is an expanded inline of SB_EMPTY_FIXUP(), with the
958 * addition of a second clause that takes care of the case where
959 * sb_mb has been updated, but remains the last record.
961 if (sb->sb_mb == NULL) {
962 sb->sb_mbtail = NULL;
963 sb->sb_lastrecord = NULL;
964 } else if (sb->sb_mb->m_nextpkt == NULL)
965 sb->sb_lastrecord = sb->sb_mb;
970 * Implement receive operations on a socket.
971 * We depend on the way that records are added to the sockbuf
972 * by sbappend*. In particular, each record (mbufs linked through m_next)
973 * must begin with an address if the protocol so specifies,
974 * followed by an optional mbuf or mbufs containing ancillary data,
975 * and then zero or more mbufs of data.
976 * In order to avoid blocking network interrupts for the entire time here,
977 * we splx() while doing the actual copy to user space.
978 * Although the sockbuf is locked, new data may still be appended,
979 * and thus we must maintain consistency of the sockbuf during that time.
981 * The caller may receive the data as a single mbuf chain by supplying
982 * an mbuf **mp0 for use in returning the chain. The uio is then used
983 * only for the count in uio_resid.
986 soreceive(so, psa, uio, mp0, controlp, flagsp)
988 struct sockaddr **psa;
991 struct mbuf **controlp;
994 struct mbuf *m, **mp;
995 int flags, len, error, offset;
996 struct protosw *pr = so->so_proto;
997 struct mbuf *nextrecord;
999 int orig_resid = uio->uio_resid;
1004 if (controlp != NULL)
1007 flags = *flagsp &~ MSG_EOR;
1010 if (flags & MSG_OOB)
1011 return (soreceive_rcvoob(so, uio, flags));
1014 if ((pr->pr_flags & PR_WANTRCVD) && (so->so_state & SS_ISCONFIRMING)
1016 (*pr->pr_usrreqs->pru_rcvd)(so, 0);
1018 SOCKBUF_LOCK(&so->so_rcv);
1020 SOCKBUF_LOCK_ASSERT(&so->so_rcv);
1021 error = sblock(&so->so_rcv, SBLOCKWAIT(flags));
1025 m = so->so_rcv.sb_mb;
1027 * If we have less data than requested, block awaiting more
1028 * (subject to any timeout) if:
1029 * 1. the current count is less than the low water mark, or
1030 * 2. MSG_WAITALL is set, and it is possible to do the entire
1031 * receive operation at once if we block (resid <= hiwat).
1032 * 3. MSG_DONTWAIT is not set
1033 * If MSG_WAITALL is set but resid is larger than the receive buffer,
1034 * we have to do the receive in sections, and thus risk returning
1035 * a short count if a timeout or signal occurs after we start.
1037 if (m == NULL || (((flags & MSG_DONTWAIT) == 0 &&
1038 so->so_rcv.sb_cc < uio->uio_resid) &&
1039 (so->so_rcv.sb_cc < so->so_rcv.sb_lowat ||
1040 ((flags & MSG_WAITALL) && uio->uio_resid <= so->so_rcv.sb_hiwat)) &&
1041 m->m_nextpkt == NULL && (pr->pr_flags & PR_ATOMIC) == 0)) {
1042 KASSERT(m != NULL || !so->so_rcv.sb_cc,
1043 ("receive: m == %p so->so_rcv.sb_cc == %u",
1044 m, so->so_rcv.sb_cc));
1048 error = so->so_error;
1049 if ((flags & MSG_PEEK) == 0)
1053 SOCKBUF_LOCK_ASSERT(&so->so_rcv);
1054 if (so->so_rcv.sb_state & SBS_CANTRCVMORE) {
1060 for (; m != NULL; m = m->m_next)
1061 if (m->m_type == MT_OOBDATA || (m->m_flags & M_EOR)) {
1062 m = so->so_rcv.sb_mb;
1065 if ((so->so_state & (SS_ISCONNECTED|SS_ISCONNECTING)) == 0 &&
1066 (so->so_proto->pr_flags & PR_CONNREQUIRED)) {
1070 if (uio->uio_resid == 0)
1072 if ((so->so_state & SS_NBIO) ||
1073 (flags & (MSG_DONTWAIT|MSG_NBIO))) {
1074 error = EWOULDBLOCK;
1077 SBLASTRECORDCHK(&so->so_rcv);
1078 SBLASTMBUFCHK(&so->so_rcv);
1079 sbunlock(&so->so_rcv);
1080 error = sbwait(&so->so_rcv);
1087 * From this point onward, we maintain 'nextrecord' as a cache of the
1088 * pointer to the next record in the socket buffer. We must keep the
1089 * various socket buffer pointers and local stack versions of the
1090 * pointers in sync, pushing out modifications before dropping the
1091 * socket buffer mutex, and re-reading them when picking it up.
1093 * Otherwise, we will race with the network stack appending new data
1094 * or records onto the socket buffer by using inconsistent/stale
1095 * versions of the field, possibly resulting in socket buffer
1098 * By holding the high-level sblock(), we prevent simultaneous
1099 * readers from pulling off the front of the socket buffer.
1101 SOCKBUF_LOCK_ASSERT(&so->so_rcv);
1103 uio->uio_td->td_proc->p_stats->p_ru.ru_msgrcv++;
1104 KASSERT(m == so->so_rcv.sb_mb, ("soreceive: m != so->so_rcv.sb_mb"));
1105 SBLASTRECORDCHK(&so->so_rcv);
1106 SBLASTMBUFCHK(&so->so_rcv);
1107 nextrecord = m->m_nextpkt;
1108 if (pr->pr_flags & PR_ADDR) {
1109 KASSERT(m->m_type == MT_SONAME,
1110 ("m->m_type == %d", m->m_type));
1113 *psa = sodupsockaddr(mtod(m, struct sockaddr *),
1115 if (flags & MSG_PEEK) {
1118 sbfree(&so->so_rcv, m);
1119 so->so_rcv.sb_mb = m_free(m);
1120 m = so->so_rcv.sb_mb;
1121 sockbuf_pushsync(&so->so_rcv, nextrecord);
1126 * Process one or more MT_CONTROL mbufs present before any data mbufs
1127 * in the first mbuf chain on the socket buffer. If MSG_PEEK, we
1128 * just copy the data; if !MSG_PEEK, we call into the protocol to
1129 * perform externalization (or freeing if controlp == NULL).
1131 if (m != NULL && m->m_type == MT_CONTROL) {
1132 struct mbuf *cm = NULL, *cmn;
1133 struct mbuf **cme = &cm;
1136 if (flags & MSG_PEEK) {
1137 if (controlp != NULL) {
1138 *controlp = m_copy(m, 0, m->m_len);
1139 controlp = &(*controlp)->m_next;
1143 sbfree(&so->so_rcv, m);
1144 so->so_rcv.sb_mb = m->m_next;
1147 cme = &(*cme)->m_next;
1148 m = so->so_rcv.sb_mb;
1150 } while (m != NULL && m->m_type == MT_CONTROL);
1151 if ((flags & MSG_PEEK) == 0)
1152 sockbuf_pushsync(&so->so_rcv, nextrecord);
1153 while (cm != NULL) {
1156 if (pr->pr_domain->dom_externalize != NULL) {
1157 SOCKBUF_UNLOCK(&so->so_rcv);
1158 error = (*pr->pr_domain->dom_externalize)
1160 SOCKBUF_LOCK(&so->so_rcv);
1161 } else if (controlp != NULL)
1165 if (controlp != NULL) {
1167 while (*controlp != NULL)
1168 controlp = &(*controlp)->m_next;
1173 nextrecord = so->so_rcv.sb_mb->m_nextpkt;
1175 nextrecord = so->so_rcv.sb_mb;
1179 if ((flags & MSG_PEEK) == 0) {
1180 KASSERT(m->m_nextpkt == nextrecord,
1181 ("soreceive: post-control, nextrecord !sync"));
1182 if (nextrecord == NULL) {
1183 KASSERT(so->so_rcv.sb_mb == m,
1184 ("soreceive: post-control, sb_mb!=m"));
1185 KASSERT(so->so_rcv.sb_lastrecord == m,
1186 ("soreceive: post-control, lastrecord!=m"));
1190 if (type == MT_OOBDATA)
1193 if ((flags & MSG_PEEK) == 0) {
1194 KASSERT(so->so_rcv.sb_mb == nextrecord,
1195 ("soreceive: sb_mb != nextrecord"));
1196 if (so->so_rcv.sb_mb == NULL) {
1197 KASSERT(so->so_rcv.sb_lastrecord == NULL,
1198 ("soreceive: sb_lastercord != NULL"));
1202 SOCKBUF_LOCK_ASSERT(&so->so_rcv);
1203 SBLASTRECORDCHK(&so->so_rcv);
1204 SBLASTMBUFCHK(&so->so_rcv);
1207 * Now continue to read any data mbufs off of the head of the socket
1208 * buffer until the read request is satisfied. Note that 'type' is
1209 * used to store the type of any mbuf reads that have happened so far
1210 * such that soreceive() can stop reading if the type changes, which
1211 * causes soreceive() to return only one of regular data and inline
1212 * out-of-band data in a single socket receive operation.
1216 while (m != NULL && uio->uio_resid > 0 && error == 0) {
1218 * If the type of mbuf has changed since the last mbuf
1219 * examined ('type'), end the receive operation.
1221 SOCKBUF_LOCK_ASSERT(&so->so_rcv);
1222 if (m->m_type == MT_OOBDATA) {
1223 if (type != MT_OOBDATA)
1225 } else if (type == MT_OOBDATA)
1228 KASSERT(m->m_type == MT_DATA || m->m_type == MT_HEADER,
1229 ("m->m_type == %d", m->m_type));
1230 so->so_rcv.sb_state &= ~SBS_RCVATMARK;
1231 len = uio->uio_resid;
1232 if (so->so_oobmark && len > so->so_oobmark - offset)
1233 len = so->so_oobmark - offset;
1234 if (len > m->m_len - moff)
1235 len = m->m_len - moff;
1237 * If mp is set, just pass back the mbufs.
1238 * Otherwise copy them out via the uio, then free.
1239 * Sockbuf must be consistent here (points to current mbuf,
1240 * it points to next record) when we drop priority;
1241 * we must note any additions to the sockbuf when we
1242 * block interrupts again.
1245 SOCKBUF_LOCK_ASSERT(&so->so_rcv);
1246 SBLASTRECORDCHK(&so->so_rcv);
1247 SBLASTMBUFCHK(&so->so_rcv);
1248 SOCKBUF_UNLOCK(&so->so_rcv);
1249 #ifdef ZERO_COPY_SOCKETS
1250 if (so_zero_copy_receive) {
1253 if ((m->m_flags & M_EXT)
1254 && (m->m_ext.ext_type == EXT_DISPOSABLE))
1259 error = uiomoveco(mtod(m, char *) + moff,
1263 #endif /* ZERO_COPY_SOCKETS */
1264 error = uiomove(mtod(m, char *) + moff, (int)len, uio);
1265 SOCKBUF_LOCK(&so->so_rcv);
1268 * If any part of the record has been removed
1269 * (such as the MT_SONAME mbuf, which will
1270 * happen when PR_ADDR, and thus also
1271 * PR_ATOMIC, is set), then drop the entire
1272 * record to maintain the atomicity of the
1273 * receive operation.
1275 if (m && pr->pr_flags & PR_ATOMIC &&
1276 ((flags & MSG_PEEK) == 0))
1277 (void)sbdroprecord_locked(&so->so_rcv);
1281 uio->uio_resid -= len;
1282 SOCKBUF_LOCK_ASSERT(&so->so_rcv);
1283 if (len == m->m_len - moff) {
1284 if (m->m_flags & M_EOR)
1286 if (flags & MSG_PEEK) {
1290 nextrecord = m->m_nextpkt;
1291 sbfree(&so->so_rcv, m);
1295 so->so_rcv.sb_mb = m = m->m_next;
1298 so->so_rcv.sb_mb = m_free(m);
1299 m = so->so_rcv.sb_mb;
1302 m->m_nextpkt = nextrecord;
1303 if (nextrecord == NULL)
1304 so->so_rcv.sb_lastrecord = m;
1306 so->so_rcv.sb_mb = nextrecord;
1307 SB_EMPTY_FIXUP(&so->so_rcv);
1309 SBLASTRECORDCHK(&so->so_rcv);
1310 SBLASTMBUFCHK(&so->so_rcv);
1313 if (flags & MSG_PEEK)
1319 if (flags & MSG_DONTWAIT)
1320 copy_flag = M_DONTWAIT;
1322 copy_flag = M_TRYWAIT;
1323 if (copy_flag == M_TRYWAIT)
1324 SOCKBUF_UNLOCK(&so->so_rcv);
1325 *mp = m_copym(m, 0, len, copy_flag);
1326 if (copy_flag == M_TRYWAIT)
1327 SOCKBUF_LOCK(&so->so_rcv);
1330 * m_copym() couldn't allocate an mbuf.
1331 * Adjust uio_resid back (it was adjusted
1332 * down by len bytes, which we didn't end
1333 * up "copying" over).
1335 uio->uio_resid += len;
1341 so->so_rcv.sb_cc -= len;
1344 SOCKBUF_LOCK_ASSERT(&so->so_rcv);
1345 if (so->so_oobmark) {
1346 if ((flags & MSG_PEEK) == 0) {
1347 so->so_oobmark -= len;
1348 if (so->so_oobmark == 0) {
1349 so->so_rcv.sb_state |= SBS_RCVATMARK;
1354 if (offset == so->so_oobmark)
1358 if (flags & MSG_EOR)
1361 * If the MSG_WAITALL flag is set (for non-atomic socket),
1362 * we must not quit until "uio->uio_resid == 0" or an error
1363 * termination. If a signal/timeout occurs, return
1364 * with a short count but without error.
1365 * Keep sockbuf locked against other readers.
1367 while (flags & MSG_WAITALL && m == NULL && uio->uio_resid > 0 &&
1368 !sosendallatonce(so) && nextrecord == NULL) {
1369 SOCKBUF_LOCK_ASSERT(&so->so_rcv);
1370 if (so->so_error || so->so_rcv.sb_state & SBS_CANTRCVMORE)
1373 * Notify the protocol that some data has been
1374 * drained before blocking.
1376 if (pr->pr_flags & PR_WANTRCVD && so->so_pcb != NULL) {
1377 SOCKBUF_UNLOCK(&so->so_rcv);
1378 (*pr->pr_usrreqs->pru_rcvd)(so, flags);
1379 SOCKBUF_LOCK(&so->so_rcv);
1381 SBLASTRECORDCHK(&so->so_rcv);
1382 SBLASTMBUFCHK(&so->so_rcv);
1383 error = sbwait(&so->so_rcv);
1386 m = so->so_rcv.sb_mb;
1388 nextrecord = m->m_nextpkt;
1392 SOCKBUF_LOCK_ASSERT(&so->so_rcv);
1393 if (m != NULL && pr->pr_flags & PR_ATOMIC) {
1395 if ((flags & MSG_PEEK) == 0)
1396 (void) sbdroprecord_locked(&so->so_rcv);
1398 if ((flags & MSG_PEEK) == 0) {
1401 * First part is an inline SB_EMPTY_FIXUP(). Second
1402 * part makes sure sb_lastrecord is up-to-date if
1403 * there is still data in the socket buffer.
1405 so->so_rcv.sb_mb = nextrecord;
1406 if (so->so_rcv.sb_mb == NULL) {
1407 so->so_rcv.sb_mbtail = NULL;
1408 so->so_rcv.sb_lastrecord = NULL;
1409 } else if (nextrecord->m_nextpkt == NULL)
1410 so->so_rcv.sb_lastrecord = nextrecord;
1412 SBLASTRECORDCHK(&so->so_rcv);
1413 SBLASTMBUFCHK(&so->so_rcv);
1415 * If soreceive() is being done from the socket callback, then
1416 * don't need to generate ACK to peer to update window, since
1417 * ACK will be generated on return to TCP.
1419 if (!(flags & MSG_SOCALLBCK) &&
1420 (pr->pr_flags & PR_WANTRCVD) && so->so_pcb) {
1421 SOCKBUF_UNLOCK(&so->so_rcv);
1422 (*pr->pr_usrreqs->pru_rcvd)(so, flags);
1423 SOCKBUF_LOCK(&so->so_rcv);
1426 SOCKBUF_LOCK_ASSERT(&so->so_rcv);
1427 if (orig_resid == uio->uio_resid && orig_resid &&
1428 (flags & MSG_EOR) == 0 && (so->so_rcv.sb_state & SBS_CANTRCVMORE) == 0) {
1429 sbunlock(&so->so_rcv);
1436 SOCKBUF_LOCK_ASSERT(&so->so_rcv);
1437 sbunlock(&so->so_rcv);
1439 SOCKBUF_LOCK_ASSERT(&so->so_rcv);
1440 SOCKBUF_UNLOCK(&so->so_rcv);
1449 struct protosw *pr = so->so_proto;
1451 if (!(how == SHUT_RD || how == SHUT_WR || how == SHUT_RDWR))
1457 return ((*pr->pr_usrreqs->pru_shutdown)(so));
1465 struct sockbuf *sb = &so->so_rcv;
1466 struct protosw *pr = so->so_proto;
1470 * XXXRW: This is quite ugly. Previously, this code made a copy of
1471 * the socket buffer, then zero'd the original to clear the buffer
1472 * fields. However, with mutexes in the socket buffer, this causes
1473 * problems. We only clear the zeroable bits of the original;
1474 * however, we have to initialize and destroy the mutex in the copy
1475 * so that dom_dispose() and sbrelease() can lock t as needed.
1478 sb->sb_flags |= SB_NOINTR;
1479 (void) sblock(sb, M_WAITOK);
1481 * socantrcvmore_locked() drops the socket buffer mutex so that it
1482 * can safely perform wakeups. Re-acquire the mutex before
1485 socantrcvmore_locked(so);
1489 * Invalidate/clear most of the sockbuf structure, but leave
1490 * selinfo and mutex data unchanged.
1492 bzero(&asb, offsetof(struct sockbuf, sb_startzero));
1493 bcopy(&sb->sb_startzero, &asb.sb_startzero,
1494 sizeof(*sb) - offsetof(struct sockbuf, sb_startzero));
1495 bzero(&sb->sb_startzero,
1496 sizeof(*sb) - offsetof(struct sockbuf, sb_startzero));
1499 SOCKBUF_LOCK_INIT(&asb, "so_rcv");
1500 if (pr->pr_flags & PR_RIGHTS && pr->pr_domain->dom_dispose != NULL)
1501 (*pr->pr_domain->dom_dispose)(asb.sb_mb);
1502 sbrelease(&asb, so);
1503 SOCKBUF_LOCK_DESTROY(&asb);
1507 * Perhaps this routine, and sooptcopyout(), below, ought to come in
1508 * an additional variant to handle the case where the option value needs
1509 * to be some kind of integer, but not a specific size.
1510 * In addition to their use here, these functions are also called by the
1511 * protocol-level pr_ctloutput() routines.
1514 sooptcopyin(sopt, buf, len, minlen)
1515 struct sockopt *sopt;
1523 * If the user gives us more than we wanted, we ignore it,
1524 * but if we don't get the minimum length the caller
1525 * wants, we return EINVAL. On success, sopt->sopt_valsize
1526 * is set to however much we actually retrieved.
1528 if ((valsize = sopt->sopt_valsize) < minlen)
1531 sopt->sopt_valsize = valsize = len;
1533 if (sopt->sopt_td != NULL)
1534 return (copyin(sopt->sopt_val, buf, valsize));
1536 bcopy(sopt->sopt_val, buf, valsize);
1541 * Kernel version of setsockopt(2)/
1542 * XXX: optlen is size_t, not socklen_t
1545 so_setsockopt(struct socket *so, int level, int optname, void *optval,
1548 struct sockopt sopt;
1550 sopt.sopt_level = level;
1551 sopt.sopt_name = optname;
1552 sopt.sopt_dir = SOPT_SET;
1553 sopt.sopt_val = optval;
1554 sopt.sopt_valsize = optlen;
1555 sopt.sopt_td = NULL;
1556 return (sosetopt(so, &sopt));
1562 struct sockopt *sopt;
1573 if (sopt->sopt_level != SOL_SOCKET) {
1574 if (so->so_proto && so->so_proto->pr_ctloutput)
1575 return ((*so->so_proto->pr_ctloutput)
1577 error = ENOPROTOOPT;
1579 switch (sopt->sopt_name) {
1581 case SO_ACCEPTFILTER:
1582 error = do_setopt_accept_filter(so, sopt);
1588 error = sooptcopyin(sopt, &l, sizeof l, sizeof l);
1593 so->so_linger = l.l_linger;
1595 so->so_options |= SO_LINGER;
1597 so->so_options &= ~SO_LINGER;
1604 case SO_USELOOPBACK:
1612 error = sooptcopyin(sopt, &optval, sizeof optval,
1618 so->so_options |= sopt->sopt_name;
1620 so->so_options &= ~sopt->sopt_name;
1628 error = sooptcopyin(sopt, &optval, sizeof optval,
1634 * Values < 1 make no sense for any of these
1635 * options, so disallow them.
1642 switch (sopt->sopt_name) {
1645 if (sbreserve(sopt->sopt_name == SO_SNDBUF ?
1646 &so->so_snd : &so->so_rcv, (u_long)optval,
1647 so, curthread) == 0) {
1654 * Make sure the low-water is never greater than
1658 SOCKBUF_LOCK(&so->so_snd);
1659 so->so_snd.sb_lowat =
1660 (optval > so->so_snd.sb_hiwat) ?
1661 so->so_snd.sb_hiwat : optval;
1662 SOCKBUF_UNLOCK(&so->so_snd);
1665 SOCKBUF_LOCK(&so->so_rcv);
1666 so->so_rcv.sb_lowat =
1667 (optval > so->so_rcv.sb_hiwat) ?
1668 so->so_rcv.sb_hiwat : optval;
1669 SOCKBUF_UNLOCK(&so->so_rcv);
1677 if (curthread->td_proc->p_sysent == &ia32_freebsd_sysvec) {
1678 struct timeval32 tv32;
1680 error = sooptcopyin(sopt, &tv32, sizeof tv32,
1682 CP(tv32, tv, tv_sec);
1683 CP(tv32, tv, tv_usec);
1686 error = sooptcopyin(sopt, &tv, sizeof tv,
1691 /* assert(hz > 0); */
1692 if (tv.tv_sec < 0 || tv.tv_sec > INT_MAX / hz ||
1693 tv.tv_usec < 0 || tv.tv_usec >= 1000000) {
1697 /* assert(tick > 0); */
1698 /* assert(ULONG_MAX - INT_MAX >= 1000000); */
1699 val = (u_long)(tv.tv_sec * hz) + tv.tv_usec / tick;
1700 if (val > INT_MAX) {
1704 if (val == 0 && tv.tv_usec != 0)
1707 switch (sopt->sopt_name) {
1709 so->so_snd.sb_timeo = val;
1712 so->so_rcv.sb_timeo = val;
1719 error = sooptcopyin(sopt, &extmac, sizeof extmac,
1723 error = mac_setsockopt_label(sopt->sopt_td->td_ucred,
1731 error = ENOPROTOOPT;
1734 if (error == 0 && so->so_proto != NULL &&
1735 so->so_proto->pr_ctloutput != NULL) {
1736 (void) ((*so->so_proto->pr_ctloutput)
1744 /* Helper routine for getsockopt */
1746 sooptcopyout(struct sockopt *sopt, const void *buf, size_t len)
1754 * Documented get behavior is that we always return a value,
1755 * possibly truncated to fit in the user's buffer.
1756 * Traditional behavior is that we always tell the user
1757 * precisely how much we copied, rather than something useful
1758 * like the total amount we had available for her.
1759 * Note that this interface is not idempotent; the entire answer must
1760 * generated ahead of time.
1762 valsize = min(len, sopt->sopt_valsize);
1763 sopt->sopt_valsize = valsize;
1764 if (sopt->sopt_val != NULL) {
1765 if (sopt->sopt_td != NULL)
1766 error = copyout(buf, sopt->sopt_val, valsize);
1768 bcopy(buf, sopt->sopt_val, valsize);
1776 struct sockopt *sopt;
1786 if (sopt->sopt_level != SOL_SOCKET) {
1787 if (so->so_proto && so->so_proto->pr_ctloutput) {
1788 return ((*so->so_proto->pr_ctloutput)
1791 return (ENOPROTOOPT);
1793 switch (sopt->sopt_name) {
1795 case SO_ACCEPTFILTER:
1796 error = do_getopt_accept_filter(so, sopt);
1801 l.l_onoff = so->so_options & SO_LINGER;
1802 l.l_linger = so->so_linger;
1804 error = sooptcopyout(sopt, &l, sizeof l);
1807 case SO_USELOOPBACK:
1819 optval = so->so_options & sopt->sopt_name;
1821 error = sooptcopyout(sopt, &optval, sizeof optval);
1825 optval = so->so_type;
1829 optval = so->so_error;
1834 optval = so->so_snd.sb_hiwat;
1838 optval = so->so_rcv.sb_hiwat;
1842 optval = so->so_snd.sb_lowat;
1846 optval = so->so_rcv.sb_lowat;
1851 optval = (sopt->sopt_name == SO_SNDTIMEO ?
1852 so->so_snd.sb_timeo : so->so_rcv.sb_timeo);
1854 tv.tv_sec = optval / hz;
1855 tv.tv_usec = (optval % hz) * tick;
1857 if (curthread->td_proc->p_sysent == &ia32_freebsd_sysvec) {
1858 struct timeval32 tv32;
1860 CP(tv, tv32, tv_sec);
1861 CP(tv, tv32, tv_usec);
1862 error = sooptcopyout(sopt, &tv32, sizeof tv32);
1865 error = sooptcopyout(sopt, &tv, sizeof tv);
1870 error = sooptcopyin(sopt, &extmac, sizeof(extmac),
1874 error = mac_getsockopt_label(sopt->sopt_td->td_ucred,
1878 error = sooptcopyout(sopt, &extmac, sizeof extmac);
1886 error = sooptcopyin(sopt, &extmac, sizeof(extmac),
1890 error = mac_getsockopt_peerlabel(
1891 sopt->sopt_td->td_ucred, so, &extmac);
1894 error = sooptcopyout(sopt, &extmac, sizeof extmac);
1900 case SO_LISTENQLIMIT:
1901 optval = so->so_qlimit;
1905 optval = so->so_qlen;
1908 case SO_LISTENINCQLEN:
1909 optval = so->so_incqlen;
1913 error = ENOPROTOOPT;
1920 /* XXX; prepare mbuf for (__FreeBSD__ < 3) routines. */
1922 soopt_getm(struct sockopt *sopt, struct mbuf **mp)
1924 struct mbuf *m, *m_prev;
1925 int sopt_size = sopt->sopt_valsize;
1927 MGET(m, sopt->sopt_td ? M_TRYWAIT : M_DONTWAIT, MT_DATA);
1930 if (sopt_size > MLEN) {
1931 MCLGET(m, sopt->sopt_td ? M_TRYWAIT : M_DONTWAIT);
1932 if ((m->m_flags & M_EXT) == 0) {
1936 m->m_len = min(MCLBYTES, sopt_size);
1938 m->m_len = min(MLEN, sopt_size);
1940 sopt_size -= m->m_len;
1945 MGET(m, sopt->sopt_td ? M_TRYWAIT : M_DONTWAIT, MT_DATA);
1950 if (sopt_size > MLEN) {
1951 MCLGET(m, sopt->sopt_td != NULL ? M_TRYWAIT :
1953 if ((m->m_flags & M_EXT) == 0) {
1958 m->m_len = min(MCLBYTES, sopt_size);
1960 m->m_len = min(MLEN, sopt_size);
1962 sopt_size -= m->m_len;
1969 /* XXX; copyin sopt data into mbuf chain for (__FreeBSD__ < 3) routines. */
1971 soopt_mcopyin(struct sockopt *sopt, struct mbuf *m)
1973 struct mbuf *m0 = m;
1975 if (sopt->sopt_val == NULL)
1977 while (m != NULL && sopt->sopt_valsize >= m->m_len) {
1978 if (sopt->sopt_td != NULL) {
1981 error = copyin(sopt->sopt_val, mtod(m, char *),
1988 bcopy(sopt->sopt_val, mtod(m, char *), m->m_len);
1989 sopt->sopt_valsize -= m->m_len;
1990 sopt->sopt_val = (char *)sopt->sopt_val + m->m_len;
1993 if (m != NULL) /* should be allocated enoughly at ip6_sooptmcopyin() */
1994 panic("ip6_sooptmcopyin");
1998 /* XXX; copyout mbuf chain data into soopt for (__FreeBSD__ < 3) routines. */
2000 soopt_mcopyout(struct sockopt *sopt, struct mbuf *m)
2002 struct mbuf *m0 = m;
2005 if (sopt->sopt_val == NULL)
2007 while (m != NULL && sopt->sopt_valsize >= m->m_len) {
2008 if (sopt->sopt_td != NULL) {
2011 error = copyout(mtod(m, char *), sopt->sopt_val,
2018 bcopy(mtod(m, char *), sopt->sopt_val, m->m_len);
2019 sopt->sopt_valsize -= m->m_len;
2020 sopt->sopt_val = (char *)sopt->sopt_val + m->m_len;
2021 valsize += m->m_len;
2025 /* enough soopt buffer should be given from user-land */
2029 sopt->sopt_valsize = valsize;
2037 if (so->so_sigio != NULL)
2038 pgsigio(&so->so_sigio, SIGURG, 0);
2039 selwakeuppri(&so->so_rcv.sb_sel, PSOCK);
2043 sopoll(struct socket *so, int events, struct ucred *active_cred,
2048 SOCKBUF_LOCK(&so->so_snd);
2049 SOCKBUF_LOCK(&so->so_rcv);
2050 if (events & (POLLIN | POLLRDNORM))
2052 revents |= events & (POLLIN | POLLRDNORM);
2054 if (events & POLLINIGNEOF)
2055 if (so->so_rcv.sb_cc >= so->so_rcv.sb_lowat ||
2056 !TAILQ_EMPTY(&so->so_comp) || so->so_error)
2057 revents |= POLLINIGNEOF;
2059 if (events & (POLLOUT | POLLWRNORM))
2060 if (sowriteable(so))
2061 revents |= events & (POLLOUT | POLLWRNORM);
2063 if (events & (POLLPRI | POLLRDBAND))
2064 if (so->so_oobmark || (so->so_rcv.sb_state & SBS_RCVATMARK))
2065 revents |= events & (POLLPRI | POLLRDBAND);
2069 (POLLIN | POLLINIGNEOF | POLLPRI | POLLRDNORM |
2071 selrecord(td, &so->so_rcv.sb_sel);
2072 so->so_rcv.sb_flags |= SB_SEL;
2075 if (events & (POLLOUT | POLLWRNORM)) {
2076 selrecord(td, &so->so_snd.sb_sel);
2077 so->so_snd.sb_flags |= SB_SEL;
2081 SOCKBUF_UNLOCK(&so->so_rcv);
2082 SOCKBUF_UNLOCK(&so->so_snd);
2087 soo_kqfilter(struct file *fp, struct knote *kn)
2089 struct socket *so = kn->kn_fp->f_data;
2092 switch (kn->kn_filter) {
2094 if (so->so_options & SO_ACCEPTCONN)
2095 kn->kn_fop = &solisten_filtops;
2097 kn->kn_fop = &soread_filtops;
2101 kn->kn_fop = &sowrite_filtops;
2109 knlist_add(&sb->sb_sel.si_note, kn, 1);
2110 sb->sb_flags |= SB_KNOTE;
2116 filt_sordetach(struct knote *kn)
2118 struct socket *so = kn->kn_fp->f_data;
2120 SOCKBUF_LOCK(&so->so_rcv);
2121 knlist_remove(&so->so_rcv.sb_sel.si_note, kn, 1);
2122 if (knlist_empty(&so->so_rcv.sb_sel.si_note))
2123 so->so_rcv.sb_flags &= ~SB_KNOTE;
2124 SOCKBUF_UNLOCK(&so->so_rcv);
2129 filt_soread(struct knote *kn, long hint)
2133 so = kn->kn_fp->f_data;
2134 SOCKBUF_LOCK_ASSERT(&so->so_rcv);
2136 kn->kn_data = so->so_rcv.sb_cc - so->so_rcv.sb_ctl;
2137 if (so->so_rcv.sb_state & SBS_CANTRCVMORE) {
2138 kn->kn_flags |= EV_EOF;
2139 kn->kn_fflags = so->so_error;
2141 } else if (so->so_error) /* temporary udp error */
2143 else if (kn->kn_sfflags & NOTE_LOWAT)
2144 return (kn->kn_data >= kn->kn_sdata);
2146 return (so->so_rcv.sb_cc >= so->so_rcv.sb_lowat);
2150 filt_sowdetach(struct knote *kn)
2152 struct socket *so = kn->kn_fp->f_data;
2154 SOCKBUF_LOCK(&so->so_snd);
2155 knlist_remove(&so->so_snd.sb_sel.si_note, kn, 1);
2156 if (knlist_empty(&so->so_snd.sb_sel.si_note))
2157 so->so_snd.sb_flags &= ~SB_KNOTE;
2158 SOCKBUF_UNLOCK(&so->so_snd);
2163 filt_sowrite(struct knote *kn, long hint)
2167 so = kn->kn_fp->f_data;
2168 SOCKBUF_LOCK_ASSERT(&so->so_snd);
2169 kn->kn_data = sbspace(&so->so_snd);
2170 if (so->so_snd.sb_state & SBS_CANTSENDMORE) {
2171 kn->kn_flags |= EV_EOF;
2172 kn->kn_fflags = so->so_error;
2174 } else if (so->so_error) /* temporary udp error */
2176 else if (((so->so_state & SS_ISCONNECTED) == 0) &&
2177 (so->so_proto->pr_flags & PR_CONNREQUIRED))
2179 else if (kn->kn_sfflags & NOTE_LOWAT)
2180 return (kn->kn_data >= kn->kn_sdata);
2182 return (kn->kn_data >= so->so_snd.sb_lowat);
2187 filt_solisten(struct knote *kn, long hint)
2189 struct socket *so = kn->kn_fp->f_data;
2191 kn->kn_data = so->so_qlen;
2192 return (! TAILQ_EMPTY(&so->so_comp));
2196 socheckuid(struct socket *so, uid_t uid)
2201 if (so->so_cred->cr_uid != uid)
2207 somaxconn_sysctl(SYSCTL_HANDLER_ARGS)
2213 error = sysctl_handle_int(oidp, &val, sizeof(int), req);
2214 if (error || !req->newptr )
2217 if (val < 1 || val > USHRT_MAX)