2 * Copyright (c) 1982, 1986, 1988, 1990, 1993
3 * The Regents of the University of California. All rights reserved.
4 * Copyright (c) 2004 The FreeBSD Foundation
5 * Copyright (c) 2004-2006 Robert N. M. Watson
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
15 * 4. Neither the name of the University nor the names of its contributors
16 * may be used to endorse or promote products derived from this software
17 * without specific prior written permission.
19 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
20 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
21 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
22 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
23 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
24 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
25 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
26 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
27 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
28 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 * @(#)uipc_socket.c 8.3 (Berkeley) 4/15/94
35 * Comments on the socket life cycle:
37 * soalloc() sets of socket layer state for a socket, called only by
38 * socreate() and sonewconn(). Socket layer private.
40 * sodealloc() tears down socket layer state for a socket, called only by
41 * sofree() and sonewconn(). Socket layer private.
43 * pru_attach() associates protocol layer state with an allocated socket;
44 * called only once, may fail, aborting socket allocation. This is called
45 * from socreate() and sonewconn(). Socket layer private.
47 * pru_detach() disassociates protocol layer state from an attached socket,
48 * and will be called exactly once for sockets in which pru_attach() has
49 * been successfully called. If pru_attach() returned an error,
50 * pru_detach() will not be called. Socket layer private.
52 * pru_abort() and pru_close() notify the protocol layer that the last
53 * consumer of a socket is starting to tear down the socket, and that the
54 * protocol should terminate the connection. Historically, pru_abort() also
55 * detached protocol state from the socket state, but this is no longer the
58 * socreate() creates a socket and attaches protocol state. This is a public
59 * interface that may be used by socket layer consumers to create new
62 * sonewconn() creates a socket and attaches protocol state. This is a
63 * public interface that may be used by protocols to create new sockets when
64 * a new connection is received and will be available for accept() on a
67 * soclose() destroys a socket after possibly waiting for it to disconnect.
68 * This is a public interface that socket consumers should use to close and
69 * release a socket when done with it.
71 * soabort() destroys a socket without waiting for it to disconnect (used
72 * only for incoming connections that are already partially or fully
73 * connected). This is used internally by the socket layer when clearing
74 * listen socket queues (due to overflow or close on the listen socket), but
75 * is also a public interface protocols may use to abort connections in
76 * their incomplete listen queues should they no longer be required. Sockets
77 * placed in completed connection listen queues should not be aborted for
78 * reasons described in the comment above the soclose() implementation. This
79 * is not a general purpose close routine, and except in the specific
80 * circumstances described here, should not be used.
82 * sofree() will free a socket and its protocol state if all references on
83 * the socket have been released, and is the public interface to attempt to
84 * free a socket when a reference is removed. This is a socket layer private
87 * NOTE: In addition to socreate() and soclose(), which provide a single
88 * socket reference to the consumer to be managed as required, there are two
89 * calls to explicitly manage socket references, soref(), and sorele().
90 * Currently, these are generally required only when transitioning a socket
91 * from a listen queue to a file descriptor, in order to prevent garbage
92 * collection of the socket at an untimely moment. For a number of reasons,
93 * these interfaces are not preferred, and should be avoided.
96 #include <sys/cdefs.h>
97 __FBSDID("$FreeBSD$");
101 #include "opt_zero.h"
102 #include "opt_compat.h"
104 #include <sys/param.h>
105 #include <sys/systm.h>
106 #include <sys/fcntl.h>
107 #include <sys/limits.h>
108 #include <sys/lock.h>
110 #include <sys/malloc.h>
111 #include <sys/mbuf.h>
112 #include <sys/mutex.h>
113 #include <sys/domain.h>
114 #include <sys/file.h> /* for struct knote */
115 #include <sys/kernel.h>
116 #include <sys/event.h>
117 #include <sys/eventhandler.h>
118 #include <sys/poll.h>
119 #include <sys/proc.h>
120 #include <sys/protosw.h>
121 #include <sys/socket.h>
122 #include <sys/socketvar.h>
123 #include <sys/resourcevar.h>
124 #include <sys/signalvar.h>
125 #include <sys/sysctl.h>
127 #include <sys/jail.h>
129 #include <security/mac/mac_framework.h>
134 #include <sys/mount.h>
135 #include <compat/freebsd32/freebsd32.h>
137 extern struct sysentvec ia32_freebsd_sysvec;
140 static int soreceive_rcvoob(struct socket *so, struct uio *uio,
143 static void filt_sordetach(struct knote *kn);
144 static int filt_soread(struct knote *kn, long hint);
145 static void filt_sowdetach(struct knote *kn);
146 static int filt_sowrite(struct knote *kn, long hint);
147 static int filt_solisten(struct knote *kn, long hint);
149 static struct filterops solisten_filtops =
150 { 1, NULL, filt_sordetach, filt_solisten };
151 static struct filterops soread_filtops =
152 { 1, NULL, filt_sordetach, filt_soread };
153 static struct filterops sowrite_filtops =
154 { 1, NULL, filt_sowdetach, filt_sowrite };
156 uma_zone_t socket_zone;
157 so_gen_t so_gencnt; /* generation count for sockets */
161 MALLOC_DEFINE(M_SONAME, "soname", "socket name");
162 MALLOC_DEFINE(M_PCB, "pcb", "protocol control block");
164 static int somaxconn = SOMAXCONN;
165 static int somaxconn_sysctl(SYSCTL_HANDLER_ARGS);
166 /* XXX: we dont have SYSCTL_USHORT */
167 SYSCTL_PROC(_kern_ipc, KIPC_SOMAXCONN, somaxconn, CTLTYPE_UINT | CTLFLAG_RW,
168 0, sizeof(int), somaxconn_sysctl, "I", "Maximum pending socket connection "
170 static int numopensockets;
171 SYSCTL_INT(_kern_ipc, OID_AUTO, numopensockets, CTLFLAG_RD,
172 &numopensockets, 0, "Number of open sockets");
173 #ifdef ZERO_COPY_SOCKETS
174 /* These aren't static because they're used in other files. */
175 int so_zero_copy_send = 1;
176 int so_zero_copy_receive = 1;
177 SYSCTL_NODE(_kern_ipc, OID_AUTO, zero_copy, CTLFLAG_RD, 0,
178 "Zero copy controls");
179 SYSCTL_INT(_kern_ipc_zero_copy, OID_AUTO, receive, CTLFLAG_RW,
180 &so_zero_copy_receive, 0, "Enable zero copy receive");
181 SYSCTL_INT(_kern_ipc_zero_copy, OID_AUTO, send, CTLFLAG_RW,
182 &so_zero_copy_send, 0, "Enable zero copy send");
183 #endif /* ZERO_COPY_SOCKETS */
186 * accept_mtx locks down per-socket fields relating to accept queues. See
187 * socketvar.h for an annotation of the protected fields of struct socket.
189 struct mtx accept_mtx;
190 MTX_SYSINIT(accept_mtx, &accept_mtx, "accept", MTX_DEF);
193 * so_global_mtx protects so_gencnt, numopensockets, and the per-socket
196 static struct mtx so_global_mtx;
197 MTX_SYSINIT(so_global_mtx, &so_global_mtx, "so_glabel", MTX_DEF);
200 * General IPC sysctl name space, used by sockets and a variety of other IPC
203 SYSCTL_NODE(_kern, KERN_IPC, ipc, CTLFLAG_RW, 0, "IPC");
206 * Sysctl to get and set the maximum global sockets limit. Notify protocols
207 * of the change so that they can update their dependent limits as required.
210 sysctl_maxsockets(SYSCTL_HANDLER_ARGS)
212 int error, newmaxsockets;
214 newmaxsockets = maxsockets;
215 error = sysctl_handle_int(oidp, &newmaxsockets, sizeof(int), req);
216 if (error == 0 && req->newptr) {
217 if (newmaxsockets > maxsockets) {
218 maxsockets = newmaxsockets;
219 if (maxsockets > ((maxfiles / 4) * 3)) {
220 maxfiles = (maxsockets * 5) / 4;
221 maxfilesperproc = (maxfiles * 9) / 10;
223 EVENTHANDLER_INVOKE(maxsockets_change);
230 SYSCTL_PROC(_kern_ipc, OID_AUTO, maxsockets, CTLTYPE_INT|CTLFLAG_RW,
231 &maxsockets, 0, sysctl_maxsockets, "IU",
232 "Maximum number of sockets avaliable");
235 * Initialise maxsockets.
237 static void init_maxsockets(void *ignored)
239 TUNABLE_INT_FETCH("kern.ipc.maxsockets", &maxsockets);
240 maxsockets = imax(maxsockets, imax(maxfiles, nmbclusters));
242 SYSINIT(param, SI_SUB_TUNABLES, SI_ORDER_ANY, init_maxsockets, NULL);
245 * Socket operation routines. These routines are called by the routines in
246 * sys_socket.c or from a system process, and implement the semantics of
247 * socket operations by switching out to the protocol specific routines.
251 * Get a socket structure from our zone, and initialize it. Note that it
252 * would probably be better to allocate socket and PCB at the same time, but
253 * I'm not convinced that all the protocols can be easily modified to do
256 * soalloc() returns a socket with a ref count of 0.
258 static struct socket *
263 so = uma_zalloc(socket_zone, mflags | M_ZERO);
267 if (mac_init_socket(so, mflags) != 0) {
268 uma_zfree(socket_zone, so);
272 SOCKBUF_LOCK_INIT(&so->so_snd, "so_snd");
273 SOCKBUF_LOCK_INIT(&so->so_rcv, "so_rcv");
274 TAILQ_INIT(&so->so_aiojobq);
275 mtx_lock(&so_global_mtx);
276 so->so_gencnt = ++so_gencnt;
278 mtx_unlock(&so_global_mtx);
283 * Free the storage associated with a socket at the socket layer, tear down
284 * locks, labels, etc. All protocol state is assumed already to have been
285 * torn down (and possibly never set up) by the caller.
288 sodealloc(struct socket *so)
291 KASSERT(so->so_count == 0, ("sodealloc(): so_count %d", so->so_count));
292 KASSERT(so->so_pcb == NULL, ("sodealloc(): so_pcb != NULL"));
294 mtx_lock(&so_global_mtx);
295 so->so_gencnt = ++so_gencnt;
296 --numopensockets; /* Could be below, but faster here. */
297 mtx_unlock(&so_global_mtx);
298 if (so->so_rcv.sb_hiwat)
299 (void)chgsbsize(so->so_cred->cr_uidinfo,
300 &so->so_rcv.sb_hiwat, 0, RLIM_INFINITY);
301 if (so->so_snd.sb_hiwat)
302 (void)chgsbsize(so->so_cred->cr_uidinfo,
303 &so->so_snd.sb_hiwat, 0, RLIM_INFINITY);
305 /* remove acccept filter if one is present. */
306 if (so->so_accf != NULL)
307 do_setopt_accept_filter(so, NULL);
310 mac_destroy_socket(so);
313 SOCKBUF_LOCK_DESTROY(&so->so_snd);
314 SOCKBUF_LOCK_DESTROY(&so->so_rcv);
315 uma_zfree(socket_zone, so);
319 * socreate returns a socket with a ref count of 1. The socket should be
320 * closed with soclose().
323 socreate(dom, aso, type, proto, cred, td)
336 prp = pffindproto(dom, proto, type);
338 prp = pffindtype(dom, type);
340 if (prp == NULL || prp->pr_usrreqs->pru_attach == NULL ||
341 prp->pr_usrreqs->pru_attach == pru_attach_notsupp)
342 return (EPROTONOSUPPORT);
344 if (jailed(cred) && jail_socket_unixiproute_only &&
345 prp->pr_domain->dom_family != PF_LOCAL &&
346 prp->pr_domain->dom_family != PF_INET &&
347 prp->pr_domain->dom_family != PF_ROUTE) {
348 return (EPROTONOSUPPORT);
351 if (prp->pr_type != type)
353 so = soalloc(M_WAITOK);
357 TAILQ_INIT(&so->so_incomp);
358 TAILQ_INIT(&so->so_comp);
360 so->so_cred = crhold(cred);
363 mac_create_socket(cred, so);
365 knlist_init(&so->so_rcv.sb_sel.si_note, SOCKBUF_MTX(&so->so_rcv),
367 knlist_init(&so->so_snd.sb_sel.si_note, SOCKBUF_MTX(&so->so_snd),
370 error = (*prp->pr_usrreqs->pru_attach)(so, proto, td);
372 KASSERT(so->so_count == 1, ("socreate: so_count %d",
383 static int regression_sonewconn_earlytest = 1;
384 SYSCTL_INT(_regression, OID_AUTO, sonewconn_earlytest, CTLFLAG_RW,
385 ®ression_sonewconn_earlytest, 0, "Perform early sonewconn limit test");
389 * When an attempt at a new connection is noted on a socket which accepts
390 * connections, sonewconn is called. If the connection is possible (subject
391 * to space constraints, etc.) then we allocate a new structure, propoerly
392 * linked into the data structure of the original socket, and return this.
393 * Connstatus may be 0, or SO_ISCONFIRMING, or SO_ISCONNECTED.
395 * Note: the ref count on the socket is 0 on return.
398 sonewconn(head, connstatus)
399 register struct socket *head;
402 register struct socket *so;
406 over = (head->so_qlen > 3 * head->so_qlimit / 2);
409 if (regression_sonewconn_earlytest && over)
414 so = soalloc(M_NOWAIT);
417 if ((head->so_options & SO_ACCEPTFILTER) != 0)
420 so->so_type = head->so_type;
421 so->so_options = head->so_options &~ SO_ACCEPTCONN;
422 so->so_linger = head->so_linger;
423 so->so_state = head->so_state | SS_NOFDREF;
424 so->so_proto = head->so_proto;
425 so->so_cred = crhold(head->so_cred);
428 mac_create_socket_from_socket(head, so);
431 knlist_init(&so->so_rcv.sb_sel.si_note, SOCKBUF_MTX(&so->so_rcv),
433 knlist_init(&so->so_snd.sb_sel.si_note, SOCKBUF_MTX(&so->so_snd),
435 if (soreserve(so, head->so_snd.sb_hiwat, head->so_rcv.sb_hiwat) ||
436 (*so->so_proto->pr_usrreqs->pru_attach)(so, 0, NULL)) {
440 so->so_rcv.sb_lowat = head->so_rcv.sb_lowat;
441 so->so_snd.sb_lowat = head->so_snd.sb_lowat;
442 so->so_rcv.sb_timeo = head->so_rcv.sb_timeo;
443 so->so_snd.sb_timeo = head->so_snd.sb_timeo;
444 so->so_state |= connstatus;
447 TAILQ_INSERT_TAIL(&head->so_comp, so, so_list);
448 so->so_qstate |= SQ_COMP;
452 * Keep removing sockets from the head until there's room for
453 * us to insert on the tail. In pre-locking revisions, this
454 * was a simple if(), but as we could be racing with other
455 * threads and soabort() requires dropping locks, we must
456 * loop waiting for the condition to be true.
458 while (head->so_incqlen > head->so_qlimit) {
460 sp = TAILQ_FIRST(&head->so_incomp);
461 TAILQ_REMOVE(&head->so_incomp, sp, so_list);
463 sp->so_qstate &= ~SQ_INCOMP;
469 TAILQ_INSERT_TAIL(&head->so_incomp, so, so_list);
470 so->so_qstate |= SQ_INCOMP;
476 wakeup_one(&head->so_timeo);
484 struct sockaddr *nam;
488 return ((*so->so_proto->pr_usrreqs->pru_bind)(so, nam, td));
492 * solisten() transitions a socket from a non-listening state to a listening
493 * state, but can also be used to update the listen queue depth on an
494 * existing listen socket. The protocol will call back into the sockets
495 * layer using solisten_proto_check() and solisten_proto() to check and set
496 * socket-layer listen state. Call backs are used so that the protocol can
497 * acquire both protocol and socket layer locks in whatever order is required
500 * Protocol implementors are advised to hold the socket lock across the
501 * socket-layer test and set to avoid races at the socket layer.
504 solisten(so, backlog, td)
510 return ((*so->so_proto->pr_usrreqs->pru_listen)(so, backlog, td));
514 solisten_proto_check(so)
518 SOCK_LOCK_ASSERT(so);
520 if (so->so_state & (SS_ISCONNECTED | SS_ISCONNECTING |
527 solisten_proto(so, backlog)
532 SOCK_LOCK_ASSERT(so);
534 if (backlog < 0 || backlog > somaxconn)
536 so->so_qlimit = backlog;
537 so->so_options |= SO_ACCEPTCONN;
541 * Attempt to free a socket. This should really be sotryfree().
543 * sofree() will succeed if:
545 * - There are no outstanding file descriptor references or related consumers
548 * - The socket has been closed by user space, if ever open (SS_NOFDREF).
550 * - The protocol does not have an outstanding strong reference on the socket
553 * - The socket is not in a completed connection queue, so a process has been
554 * notified that it is present. If it is removed, the user process may
555 * block in accept() despite select() saying the socket was ready.
557 * Otherwise, it will quietly abort so that a future call to sofree(), when
558 * conditions are right, can succeed.
564 struct protosw *pr = so->so_proto;
567 ACCEPT_LOCK_ASSERT();
568 SOCK_LOCK_ASSERT(so);
570 if ((so->so_state & SS_NOFDREF) == 0 || so->so_count != 0 ||
571 (so->so_state & SS_PROTOREF) || (so->so_qstate & SQ_COMP)) {
579 KASSERT((so->so_qstate & SQ_COMP) != 0 ||
580 (so->so_qstate & SQ_INCOMP) != 0,
581 ("sofree: so_head != NULL, but neither SQ_COMP nor "
583 KASSERT((so->so_qstate & SQ_COMP) == 0 ||
584 (so->so_qstate & SQ_INCOMP) == 0,
585 ("sofree: so->so_qstate is SQ_COMP and also SQ_INCOMP"));
586 TAILQ_REMOVE(&head->so_incomp, so, so_list);
588 so->so_qstate &= ~SQ_INCOMP;
591 KASSERT((so->so_qstate & SQ_COMP) == 0 &&
592 (so->so_qstate & SQ_INCOMP) == 0,
593 ("sofree: so_head == NULL, but still SQ_COMP(%d) or SQ_INCOMP(%d)",
594 so->so_qstate & SQ_COMP, so->so_qstate & SQ_INCOMP));
595 if (so->so_options & SO_ACCEPTCONN) {
596 KASSERT((TAILQ_EMPTY(&so->so_comp)), ("sofree: so_comp populated"));
597 KASSERT((TAILQ_EMPTY(&so->so_incomp)), ("sofree: so_comp populated"));
603 * From this point on, we assume that no other references to this
604 * socket exist anywhere else in the stack. Therefore, no locks need
605 * to be acquired or held.
607 * We used to do a lot of socket buffer and socket locking here, as
608 * well as invoke sorflush() and perform wakeups. The direct call to
609 * dom_dispose() and sbrelease_internal() are an inlining of what was
610 * necessary from sorflush().
612 * Notice that the socket buffer and kqueue state are torn down
613 * before calling pru_detach. This means that protocols shold not
614 * assume they can perform socket wakeups, etc, in their detach
617 KASSERT((so->so_snd.sb_flags & SB_LOCK) == 0, ("sofree: snd sblock"));
618 KASSERT((so->so_rcv.sb_flags & SB_LOCK) == 0, ("sofree: rcv sblock"));
619 sbdestroy(&so->so_snd, so);
620 if (pr->pr_flags & PR_RIGHTS && pr->pr_domain->dom_dispose != NULL)
621 (*pr->pr_domain->dom_dispose)(so->so_rcv.sb_mb);
622 sbdestroy(&so->so_rcv, so);
623 if (pr->pr_usrreqs->pru_detach != NULL)
624 (*pr->pr_usrreqs->pru_detach)(so);
625 knlist_destroy(&so->so_rcv.sb_sel.si_note);
626 knlist_destroy(&so->so_snd.sb_sel.si_note);
631 * Close a socket on last file table reference removal. Initiate disconnect
632 * if connected. Free socket when disconnect complete.
634 * This function will sorele() the socket. Note that soclose() may be called
635 * prior to the ref count reaching zero. The actual socket structure will
636 * not be freed until the ref count reaches zero.
644 KASSERT(!(so->so_state & SS_NOFDREF), ("soclose: SS_NOFDREF on enter"));
646 funsetown(&so->so_sigio);
647 if (so->so_state & SS_ISCONNECTED) {
648 if ((so->so_state & SS_ISDISCONNECTING) == 0) {
649 error = sodisconnect(so);
653 if (so->so_options & SO_LINGER) {
654 if ((so->so_state & SS_ISDISCONNECTING) &&
655 (so->so_state & SS_NBIO))
657 while (so->so_state & SS_ISCONNECTED) {
658 error = tsleep(&so->so_timeo,
659 PSOCK | PCATCH, "soclos", so->so_linger * hz);
667 if (so->so_proto->pr_usrreqs->pru_close != NULL)
668 (*so->so_proto->pr_usrreqs->pru_close)(so);
669 if (so->so_options & SO_ACCEPTCONN) {
672 while ((sp = TAILQ_FIRST(&so->so_incomp)) != NULL) {
673 TAILQ_REMOVE(&so->so_incomp, sp, so_list);
675 sp->so_qstate &= ~SQ_INCOMP;
681 while ((sp = TAILQ_FIRST(&so->so_comp)) != NULL) {
682 TAILQ_REMOVE(&so->so_comp, sp, so_list);
684 sp->so_qstate &= ~SQ_COMP;
694 KASSERT((so->so_state & SS_NOFDREF) == 0, ("soclose: NOFDREF"));
695 so->so_state |= SS_NOFDREF;
701 * soabort() is used to abruptly tear down a connection, such as when a
702 * resource limit is reached (listen queue depth exceeded), or if a listen
703 * socket is closed while there are sockets waiting to be accepted.
705 * This interface is tricky, because it is called on an unreferenced socket,
706 * and must be called only by a thread that has actually removed the socket
707 * from the listen queue it was on, or races with other threads are risked.
709 * This interface will call into the protocol code, so must not be called
710 * with any socket locks held. Protocols do call it while holding their own
711 * recursible protocol mutexes, but this is something that should be subject
712 * to review in the future.
720 * In as much as is possible, assert that no references to this
721 * socket are held. This is not quite the same as asserting that the
722 * current thread is responsible for arranging for no references, but
723 * is as close as we can get for now.
725 KASSERT(so->so_count == 0, ("soabort: so_count"));
726 KASSERT((so->so_state & SS_PROTOREF) == 0, ("soabort: SS_PROTOREF"));
727 KASSERT(so->so_state & SS_NOFDREF, ("soabort: !SS_NOFDREF"));
728 KASSERT((so->so_state & SQ_COMP) == 0, ("soabort: SQ_COMP"));
729 KASSERT((so->so_state & SQ_INCOMP) == 0, ("soabort: SQ_INCOMP"));
731 if (so->so_proto->pr_usrreqs->pru_abort != NULL)
732 (*so->so_proto->pr_usrreqs->pru_abort)(so);
741 struct sockaddr **nam;
746 KASSERT((so->so_state & SS_NOFDREF) != 0, ("soaccept: !NOFDREF"));
747 so->so_state &= ~SS_NOFDREF;
749 error = (*so->so_proto->pr_usrreqs->pru_accept)(so, nam);
754 soconnect(so, nam, td)
756 struct sockaddr *nam;
761 if (so->so_options & SO_ACCEPTCONN)
764 * If protocol is connection-based, can only connect once.
765 * Otherwise, if connected, try to disconnect first. This allows
766 * user to disconnect by connecting to, e.g., a null address.
768 if (so->so_state & (SS_ISCONNECTED|SS_ISCONNECTING) &&
769 ((so->so_proto->pr_flags & PR_CONNREQUIRED) ||
770 (error = sodisconnect(so)))) {
774 * Prevent accumulated error from previous connection from
778 error = (*so->so_proto->pr_usrreqs->pru_connect)(so, nam, td);
790 return ((*so1->so_proto->pr_usrreqs->pru_connect2)(so1, so2));
799 if ((so->so_state & SS_ISCONNECTED) == 0)
801 if (so->so_state & SS_ISDISCONNECTING)
803 error = (*so->so_proto->pr_usrreqs->pru_disconnect)(so);
807 #ifdef ZERO_COPY_SOCKETS
808 struct so_zerocopy_stats{
813 struct so_zerocopy_stats so_zerocp_stats = {0,0,0};
814 #include <netinet/in.h>
815 #include <net/route.h>
816 #include <netinet/in_pcb.h>
818 #include <vm/vm_page.h>
819 #include <vm/vm_object.h>
822 * sosend_copyin() is only used if zero copy sockets are enabled. Otherwise
823 * sosend_dgram() and sosend_generic() use m_uiotombuf().
825 * sosend_copyin() accepts a uio and prepares an mbuf chain holding part or
826 * all of the data referenced by the uio. If desired, it uses zero-copy.
827 * *space will be updated to reflect data copied in.
829 * NB: If atomic I/O is requested, the caller must already have checked that
830 * space can hold resid bytes.
832 * NB: In the event of an error, the caller may need to free the partial
833 * chain pointed to by *mpp. The contents of both *uio and *space may be
834 * modified even in the case of an error.
837 sosend_copyin(struct uio *uio, struct mbuf **retmp, int atomic, long *space,
840 struct mbuf *m, **mp, *top;
843 #ifdef ZERO_COPY_SOCKETS
850 resid = uio->uio_resid;
853 #ifdef ZERO_COPY_SOCKETS
855 #endif /* ZERO_COPY_SOCKETS */
856 if (resid >= MINCLSIZE) {
857 #ifdef ZERO_COPY_SOCKETS
859 MGETHDR(m, M_TRYWAIT, MT_DATA);
865 m->m_pkthdr.rcvif = NULL;
867 MGET(m, M_TRYWAIT, MT_DATA);
873 if (so_zero_copy_send &&
876 uio->uio_iov->iov_len>=PAGE_SIZE) {
877 so_zerocp_stats.size_ok++;
878 so_zerocp_stats.align_ok++;
879 cow_send = socow_setup(m, uio);
883 MCLGET(m, M_TRYWAIT);
884 if ((m->m_flags & M_EXT) == 0) {
888 len = min(min(MCLBYTES, resid),
892 #else /* ZERO_COPY_SOCKETS */
894 m = m_getcl(M_TRYWAIT, MT_DATA, M_PKTHDR);
896 m->m_pkthdr.rcvif = NULL;
898 m = m_getcl(M_TRYWAIT, MT_DATA, 0);
899 len = min(min(MCLBYTES, resid), *space);
900 #endif /* ZERO_COPY_SOCKETS */
903 m = m_gethdr(M_TRYWAIT, MT_DATA);
905 m->m_pkthdr.rcvif = NULL;
907 len = min(min(MHLEN, resid), *space);
909 * For datagram protocols, leave room
910 * for protocol headers in first mbuf.
912 if (atomic && m && len < MHLEN)
915 m = m_get(M_TRYWAIT, MT_DATA);
916 len = min(min(MLEN, resid), *space);
925 #ifdef ZERO_COPY_SOCKETS
929 #endif /* ZERO_COPY_SOCKETS */
930 error = uiomove(mtod(m, void *), (int)len, uio);
931 resid = uio->uio_resid;
934 top->m_pkthdr.len += len;
940 top->m_flags |= M_EOR;
943 } while (*space > 0 && atomic);
948 #endif /*ZERO_COPY_SOCKETS*/
950 #define SBLOCKWAIT(f) (((f) & MSG_DONTWAIT) ? M_NOWAIT : M_WAITOK)
953 sosend_dgram(so, addr, uio, top, control, flags, td)
955 struct sockaddr *addr;
958 struct mbuf *control;
963 int clen = 0, error, dontroute;
964 #ifdef ZERO_COPY_SOCKETS
965 int atomic = sosendallatonce(so) || top;
968 KASSERT(so->so_type == SOCK_DGRAM, ("sodgram_send: !SOCK_DGRAM"));
969 KASSERT(so->so_proto->pr_flags & PR_ATOMIC,
970 ("sodgram_send: !PR_ATOMIC"));
973 resid = uio->uio_resid;
975 resid = top->m_pkthdr.len;
977 * In theory resid should be unsigned. However, space must be
978 * signed, as it might be less than 0 if we over-committed, and we
979 * must use a signed comparison of space and resid. On the other
980 * hand, a negative resid causes us to loop sending 0-length
981 * segments to the protocol.
983 * Also check to make sure that MSG_EOR isn't used on SOCK_STREAM
984 * type sockets since that's an error.
992 (flags & MSG_DONTROUTE) && (so->so_options & SO_DONTROUTE) == 0;
994 td->td_proc->p_stats->p_ru.ru_msgsnd++;
996 clen = control->m_len;
998 SOCKBUF_LOCK(&so->so_snd);
999 if (so->so_snd.sb_state & SBS_CANTSENDMORE) {
1000 SOCKBUF_UNLOCK(&so->so_snd);
1005 error = so->so_error;
1007 SOCKBUF_UNLOCK(&so->so_snd);
1010 if ((so->so_state & SS_ISCONNECTED) == 0) {
1012 * `sendto' and `sendmsg' is allowed on a connection-based
1013 * socket if it supports implied connect. Return ENOTCONN if
1014 * not connected and no address is supplied.
1016 if ((so->so_proto->pr_flags & PR_CONNREQUIRED) &&
1017 (so->so_proto->pr_flags & PR_IMPLOPCL) == 0) {
1018 if ((so->so_state & SS_ISCONFIRMING) == 0 &&
1019 !(resid == 0 && clen != 0)) {
1020 SOCKBUF_UNLOCK(&so->so_snd);
1024 } else if (addr == NULL) {
1025 if (so->so_proto->pr_flags & PR_CONNREQUIRED)
1028 error = EDESTADDRREQ;
1029 SOCKBUF_UNLOCK(&so->so_snd);
1035 * Do we need MSG_OOB support in SOCK_DGRAM? Signs here may be a
1036 * problem and need fixing.
1038 space = sbspace(&so->so_snd);
1039 if (flags & MSG_OOB)
1042 SOCKBUF_UNLOCK(&so->so_snd);
1043 if (resid > space) {
1049 if (flags & MSG_EOR)
1050 top->m_flags |= M_EOR;
1052 #ifdef ZERO_COPY_SOCKETS
1053 error = sosend_copyin(uio, &top, atomic, &space, flags);
1057 top = m_uiotombuf(uio, M_WAITOK, space, max_hdr,
1058 (M_PKTHDR | ((flags & MSG_EOR) ? M_EOR : 0)));
1060 error = EFAULT; /* only possible error */
1063 space -= resid - uio->uio_resid;
1065 resid = uio->uio_resid;
1067 KASSERT(resid == 0, ("sosend_dgram: resid != 0"));
1069 * XXXRW: Frobbing SO_DONTROUTE here is even worse without sblock
1074 so->so_options |= SO_DONTROUTE;
1078 * XXX all the SBS_CANTSENDMORE checks previously done could be out
1079 * of date. We could have recieved a reset packet in an interrupt or
1080 * maybe we slept while doing page faults in uiomove() etc. We could
1081 * probably recheck again inside the locking protection here, but
1082 * there are probably other places that this also happens. We must
1085 error = (*so->so_proto->pr_usrreqs->pru_send)(so,
1086 (flags & MSG_OOB) ? PRUS_OOB :
1088 * If the user set MSG_EOF, the protocol understands this flag and
1089 * nothing left to send then use PRU_SEND_EOF instead of PRU_SEND.
1091 ((flags & MSG_EOF) &&
1092 (so->so_proto->pr_flags & PR_IMPLOPCL) &&
1095 /* If there is more to send set PRUS_MORETOCOME */
1096 (resid > 0 && space > 0) ? PRUS_MORETOCOME : 0,
1097 top, addr, control, td);
1100 so->so_options &= ~SO_DONTROUTE;
1109 if (control != NULL)
1115 * Send on a socket. If send must go all at once and message is larger than
1116 * send buffering, then hard error. Lock against other senders. If must go
1117 * all at once and not enough room now, then inform user that this would
1118 * block and do nothing. Otherwise, if nonblocking, send as much as
1119 * possible. The data to be sent is described by "uio" if nonzero, otherwise
1120 * by the mbuf chain "top" (which must be null if uio is not). Data provided
1121 * in mbuf chain must be small enough to send all at once.
1123 * Returns nonzero on error, timeout or signal; callers must check for short
1124 * counts if EINTR/ERESTART are returned. Data and control buffers are freed
1127 #define snderr(errno) { error = (errno); goto release; }
1129 sosend_generic(so, addr, uio, top, control, flags, td)
1131 struct sockaddr *addr;
1134 struct mbuf *control;
1139 int clen = 0, error, dontroute;
1140 int atomic = sosendallatonce(so) || top;
1143 resid = uio->uio_resid;
1145 resid = top->m_pkthdr.len;
1147 * In theory resid should be unsigned. However, space must be
1148 * signed, as it might be less than 0 if we over-committed, and we
1149 * must use a signed comparison of space and resid. On the other
1150 * hand, a negative resid causes us to loop sending 0-length
1151 * segments to the protocol.
1153 * Also check to make sure that MSG_EOR isn't used on SOCK_STREAM
1154 * type sockets since that's an error.
1156 if (resid < 0 || (so->so_type == SOCK_STREAM && (flags & MSG_EOR))) {
1162 (flags & MSG_DONTROUTE) && (so->so_options & SO_DONTROUTE) == 0 &&
1163 (so->so_proto->pr_flags & PR_ATOMIC);
1165 td->td_proc->p_stats->p_ru.ru_msgsnd++;
1166 if (control != NULL)
1167 clen = control->m_len;
1169 SOCKBUF_LOCK(&so->so_snd);
1171 SOCKBUF_LOCK_ASSERT(&so->so_snd);
1172 error = sblock(&so->so_snd, SBLOCKWAIT(flags));
1176 SOCKBUF_LOCK_ASSERT(&so->so_snd);
1177 if (so->so_snd.sb_state & SBS_CANTSENDMORE)
1180 error = so->so_error;
1184 if ((so->so_state & SS_ISCONNECTED) == 0) {
1186 * `sendto' and `sendmsg' is allowed on a connection-
1187 * based socket if it supports implied connect.
1188 * Return ENOTCONN if not connected and no address is
1191 if ((so->so_proto->pr_flags & PR_CONNREQUIRED) &&
1192 (so->so_proto->pr_flags & PR_IMPLOPCL) == 0) {
1193 if ((so->so_state & SS_ISCONFIRMING) == 0 &&
1194 !(resid == 0 && clen != 0))
1196 } else if (addr == NULL)
1197 snderr(so->so_proto->pr_flags & PR_CONNREQUIRED ?
1198 ENOTCONN : EDESTADDRREQ);
1200 space = sbspace(&so->so_snd);
1201 if (flags & MSG_OOB)
1203 if ((atomic && resid > so->so_snd.sb_hiwat) ||
1204 clen > so->so_snd.sb_hiwat)
1206 if (space < resid + clen &&
1207 (atomic || space < so->so_snd.sb_lowat || space < clen)) {
1208 if ((so->so_state & SS_NBIO) || (flags & MSG_NBIO))
1209 snderr(EWOULDBLOCK);
1210 sbunlock(&so->so_snd);
1211 error = sbwait(&so->so_snd);
1216 SOCKBUF_UNLOCK(&so->so_snd);
1221 if (flags & MSG_EOR)
1222 top->m_flags |= M_EOR;
1224 #ifdef ZERO_COPY_SOCKETS
1225 error = sosend_copyin(uio, &top, atomic,
1228 SOCKBUF_LOCK(&so->so_snd);
1232 top = m_uiotombuf(uio, M_WAITOK, space,
1233 (atomic ? max_hdr : 0),
1234 (atomic ? M_PKTHDR : 0) |
1235 ((flags & MSG_EOR) ? M_EOR : 0));
1237 SOCKBUF_LOCK(&so->so_snd);
1238 error = EFAULT; /* only possible error */
1241 space -= resid - uio->uio_resid;
1243 resid = uio->uio_resid;
1247 so->so_options |= SO_DONTROUTE;
1251 * XXX all the SBS_CANTSENDMORE checks previously
1252 * done could be out of date. We could have recieved
1253 * a reset packet in an interrupt or maybe we slept
1254 * while doing page faults in uiomove() etc. We
1255 * could probably recheck again inside the locking
1256 * protection here, but there are probably other
1257 * places that this also happens. We must rethink
1260 error = (*so->so_proto->pr_usrreqs->pru_send)(so,
1261 (flags & MSG_OOB) ? PRUS_OOB :
1263 * If the user set MSG_EOF, the protocol understands
1264 * this flag and nothing left to send then use
1265 * PRU_SEND_EOF instead of PRU_SEND.
1267 ((flags & MSG_EOF) &&
1268 (so->so_proto->pr_flags & PR_IMPLOPCL) &&
1271 /* If there is more to send set PRUS_MORETOCOME. */
1272 (resid > 0 && space > 0) ? PRUS_MORETOCOME : 0,
1273 top, addr, control, td);
1276 so->so_options &= ~SO_DONTROUTE;
1283 SOCKBUF_LOCK(&so->so_snd);
1286 } while (resid && space > 0);
1287 SOCKBUF_LOCK(&so->so_snd);
1291 SOCKBUF_LOCK_ASSERT(&so->so_snd);
1292 sbunlock(&so->so_snd);
1294 SOCKBUF_LOCK_ASSERT(&so->so_snd);
1295 SOCKBUF_UNLOCK(&so->so_snd);
1299 if (control != NULL)
1306 sosend(so, addr, uio, top, control, flags, td)
1308 struct sockaddr *addr;
1311 struct mbuf *control;
1316 /* XXXRW: Temporary debugging. */
1317 KASSERT(so->so_proto->pr_usrreqs->pru_sosend != sosend,
1318 ("sosend: protocol calls sosend"));
1320 return (so->so_proto->pr_usrreqs->pru_sosend(so, addr, uio, top,
1321 control, flags, td));
1325 * The part of soreceive() that implements reading non-inline out-of-band
1326 * data from a socket. For more complete comments, see soreceive(), from
1327 * which this code originated.
1329 * Note that soreceive_rcvoob(), unlike the remainder of soreceive(), is
1330 * unable to return an mbuf chain to the caller.
1333 soreceive_rcvoob(so, uio, flags)
1338 struct protosw *pr = so->so_proto;
1342 KASSERT(flags & MSG_OOB, ("soreceive_rcvoob: (flags & MSG_OOB) == 0"));
1344 m = m_get(M_TRYWAIT, MT_DATA);
1347 error = (*pr->pr_usrreqs->pru_rcvoob)(so, m, flags & MSG_PEEK);
1351 #ifdef ZERO_COPY_SOCKETS
1352 if (so_zero_copy_receive) {
1355 if ((m->m_flags & M_EXT)
1356 && (m->m_ext.ext_type == EXT_DISPOSABLE))
1361 error = uiomoveco(mtod(m, void *),
1362 min(uio->uio_resid, m->m_len),
1365 #endif /* ZERO_COPY_SOCKETS */
1366 error = uiomove(mtod(m, void *),
1367 (int) min(uio->uio_resid, m->m_len), uio);
1369 } while (uio->uio_resid && error == 0 && m);
1377 * Following replacement or removal of the first mbuf on the first mbuf chain
1378 * of a socket buffer, push necessary state changes back into the socket
1379 * buffer so that other consumers see the values consistently. 'nextrecord'
1380 * is the callers locally stored value of the original value of
1381 * sb->sb_mb->m_nextpkt which must be restored when the lead mbuf changes.
1382 * NOTE: 'nextrecord' may be NULL.
1384 static __inline void
1385 sockbuf_pushsync(struct sockbuf *sb, struct mbuf *nextrecord)
1388 SOCKBUF_LOCK_ASSERT(sb);
1390 * First, update for the new value of nextrecord. If necessary, make
1391 * it the first record.
1393 if (sb->sb_mb != NULL)
1394 sb->sb_mb->m_nextpkt = nextrecord;
1396 sb->sb_mb = nextrecord;
1399 * Now update any dependent socket buffer fields to reflect the new
1400 * state. This is an expanded inline of SB_EMPTY_FIXUP(), with the
1401 * addition of a second clause that takes care of the case where
1402 * sb_mb has been updated, but remains the last record.
1404 if (sb->sb_mb == NULL) {
1405 sb->sb_mbtail = NULL;
1406 sb->sb_lastrecord = NULL;
1407 } else if (sb->sb_mb->m_nextpkt == NULL)
1408 sb->sb_lastrecord = sb->sb_mb;
1413 * Implement receive operations on a socket. We depend on the way that
1414 * records are added to the sockbuf by sbappend. In particular, each record
1415 * (mbufs linked through m_next) must begin with an address if the protocol
1416 * so specifies, followed by an optional mbuf or mbufs containing ancillary
1417 * data, and then zero or more mbufs of data. In order to allow parallelism
1418 * between network receive and copying to user space, as well as avoid
1419 * sleeping with a mutex held, we release the socket buffer mutex during the
1420 * user space copy. Although the sockbuf is locked, new data may still be
1421 * appended, and thus we must maintain consistency of the sockbuf during that
1424 * The caller may receive the data as a single mbuf chain by supplying an
1425 * mbuf **mp0 for use in returning the chain. The uio is then used only for
1426 * the count in uio_resid.
1429 soreceive_generic(so, psa, uio, mp0, controlp, flagsp)
1431 struct sockaddr **psa;
1434 struct mbuf **controlp;
1437 struct mbuf *m, **mp;
1438 int flags, len, error, offset;
1439 struct protosw *pr = so->so_proto;
1440 struct mbuf *nextrecord;
1442 int mbuf_removed = 0;
1443 int orig_resid = uio->uio_resid;
1448 if (controlp != NULL)
1451 flags = *flagsp &~ MSG_EOR;
1454 if (flags & MSG_OOB)
1455 return (soreceive_rcvoob(so, uio, flags));
1458 if ((pr->pr_flags & PR_WANTRCVD) && (so->so_state & SS_ISCONFIRMING)
1460 (*pr->pr_usrreqs->pru_rcvd)(so, 0);
1462 SOCKBUF_LOCK(&so->so_rcv);
1464 SOCKBUF_LOCK_ASSERT(&so->so_rcv);
1465 error = sblock(&so->so_rcv, SBLOCKWAIT(flags));
1469 m = so->so_rcv.sb_mb;
1471 * If we have less data than requested, block awaiting more (subject
1472 * to any timeout) if:
1473 * 1. the current count is less than the low water mark, or
1474 * 2. MSG_WAITALL is set, and it is possible to do the entire
1475 * receive operation at once if we block (resid <= hiwat).
1476 * 3. MSG_DONTWAIT is not set
1477 * If MSG_WAITALL is set but resid is larger than the receive buffer,
1478 * we have to do the receive in sections, and thus risk returning a
1479 * short count if a timeout or signal occurs after we start.
1481 if (m == NULL || (((flags & MSG_DONTWAIT) == 0 &&
1482 so->so_rcv.sb_cc < uio->uio_resid) &&
1483 (so->so_rcv.sb_cc < so->so_rcv.sb_lowat ||
1484 ((flags & MSG_WAITALL) && uio->uio_resid <= so->so_rcv.sb_hiwat)) &&
1485 m->m_nextpkt == NULL && (pr->pr_flags & PR_ATOMIC) == 0)) {
1486 KASSERT(m != NULL || !so->so_rcv.sb_cc,
1487 ("receive: m == %p so->so_rcv.sb_cc == %u",
1488 m, so->so_rcv.sb_cc));
1492 error = so->so_error;
1493 if ((flags & MSG_PEEK) == 0)
1497 SOCKBUF_LOCK_ASSERT(&so->so_rcv);
1498 if (so->so_rcv.sb_state & SBS_CANTRCVMORE) {
1504 for (; m != NULL; m = m->m_next)
1505 if (m->m_type == MT_OOBDATA || (m->m_flags & M_EOR)) {
1506 m = so->so_rcv.sb_mb;
1509 if ((so->so_state & (SS_ISCONNECTED|SS_ISCONNECTING)) == 0 &&
1510 (so->so_proto->pr_flags & PR_CONNREQUIRED)) {
1514 if (uio->uio_resid == 0)
1516 if ((so->so_state & SS_NBIO) ||
1517 (flags & (MSG_DONTWAIT|MSG_NBIO))) {
1518 error = EWOULDBLOCK;
1521 SBLASTRECORDCHK(&so->so_rcv);
1522 SBLASTMBUFCHK(&so->so_rcv);
1523 sbunlock(&so->so_rcv);
1524 error = sbwait(&so->so_rcv);
1531 * From this point onward, we maintain 'nextrecord' as a cache of the
1532 * pointer to the next record in the socket buffer. We must keep the
1533 * various socket buffer pointers and local stack versions of the
1534 * pointers in sync, pushing out modifications before dropping the
1535 * socket buffer mutex, and re-reading them when picking it up.
1537 * Otherwise, we will race with the network stack appending new data
1538 * or records onto the socket buffer by using inconsistent/stale
1539 * versions of the field, possibly resulting in socket buffer
1542 * By holding the high-level sblock(), we prevent simultaneous
1543 * readers from pulling off the front of the socket buffer.
1545 SOCKBUF_LOCK_ASSERT(&so->so_rcv);
1547 uio->uio_td->td_proc->p_stats->p_ru.ru_msgrcv++;
1548 KASSERT(m == so->so_rcv.sb_mb, ("soreceive: m != so->so_rcv.sb_mb"));
1549 SBLASTRECORDCHK(&so->so_rcv);
1550 SBLASTMBUFCHK(&so->so_rcv);
1551 nextrecord = m->m_nextpkt;
1552 if (pr->pr_flags & PR_ADDR) {
1553 KASSERT(m->m_type == MT_SONAME,
1554 ("m->m_type == %d", m->m_type));
1557 *psa = sodupsockaddr(mtod(m, struct sockaddr *),
1559 if (flags & MSG_PEEK) {
1562 sbfree(&so->so_rcv, m);
1564 so->so_rcv.sb_mb = m_free(m);
1565 m = so->so_rcv.sb_mb;
1566 sockbuf_pushsync(&so->so_rcv, nextrecord);
1571 * Process one or more MT_CONTROL mbufs present before any data mbufs
1572 * in the first mbuf chain on the socket buffer. If MSG_PEEK, we
1573 * just copy the data; if !MSG_PEEK, we call into the protocol to
1574 * perform externalization (or freeing if controlp == NULL).
1576 if (m != NULL && m->m_type == MT_CONTROL) {
1577 struct mbuf *cm = NULL, *cmn;
1578 struct mbuf **cme = &cm;
1581 if (flags & MSG_PEEK) {
1582 if (controlp != NULL) {
1583 *controlp = m_copy(m, 0, m->m_len);
1584 controlp = &(*controlp)->m_next;
1588 sbfree(&so->so_rcv, m);
1590 so->so_rcv.sb_mb = m->m_next;
1593 cme = &(*cme)->m_next;
1594 m = so->so_rcv.sb_mb;
1596 } while (m != NULL && m->m_type == MT_CONTROL);
1597 if ((flags & MSG_PEEK) == 0)
1598 sockbuf_pushsync(&so->so_rcv, nextrecord);
1599 while (cm != NULL) {
1602 if (pr->pr_domain->dom_externalize != NULL) {
1603 SOCKBUF_UNLOCK(&so->so_rcv);
1604 error = (*pr->pr_domain->dom_externalize)
1606 SOCKBUF_LOCK(&so->so_rcv);
1607 } else if (controlp != NULL)
1611 if (controlp != NULL) {
1613 while (*controlp != NULL)
1614 controlp = &(*controlp)->m_next;
1619 nextrecord = so->so_rcv.sb_mb->m_nextpkt;
1621 nextrecord = so->so_rcv.sb_mb;
1625 if ((flags & MSG_PEEK) == 0) {
1626 KASSERT(m->m_nextpkt == nextrecord,
1627 ("soreceive: post-control, nextrecord !sync"));
1628 if (nextrecord == NULL) {
1629 KASSERT(so->so_rcv.sb_mb == m,
1630 ("soreceive: post-control, sb_mb!=m"));
1631 KASSERT(so->so_rcv.sb_lastrecord == m,
1632 ("soreceive: post-control, lastrecord!=m"));
1636 if (type == MT_OOBDATA)
1639 if ((flags & MSG_PEEK) == 0) {
1640 KASSERT(so->so_rcv.sb_mb == nextrecord,
1641 ("soreceive: sb_mb != nextrecord"));
1642 if (so->so_rcv.sb_mb == NULL) {
1643 KASSERT(so->so_rcv.sb_lastrecord == NULL,
1644 ("soreceive: sb_lastercord != NULL"));
1648 SOCKBUF_LOCK_ASSERT(&so->so_rcv);
1649 SBLASTRECORDCHK(&so->so_rcv);
1650 SBLASTMBUFCHK(&so->so_rcv);
1653 * Now continue to read any data mbufs off of the head of the socket
1654 * buffer until the read request is satisfied. Note that 'type' is
1655 * used to store the type of any mbuf reads that have happened so far
1656 * such that soreceive() can stop reading if the type changes, which
1657 * causes soreceive() to return only one of regular data and inline
1658 * out-of-band data in a single socket receive operation.
1662 while (m != NULL && uio->uio_resid > 0 && error == 0) {
1664 * If the type of mbuf has changed since the last mbuf
1665 * examined ('type'), end the receive operation.
1667 SOCKBUF_LOCK_ASSERT(&so->so_rcv);
1668 if (m->m_type == MT_OOBDATA) {
1669 if (type != MT_OOBDATA)
1671 } else if (type == MT_OOBDATA)
1674 KASSERT(m->m_type == MT_DATA,
1675 ("m->m_type == %d", m->m_type));
1676 so->so_rcv.sb_state &= ~SBS_RCVATMARK;
1677 len = uio->uio_resid;
1678 if (so->so_oobmark && len > so->so_oobmark - offset)
1679 len = so->so_oobmark - offset;
1680 if (len > m->m_len - moff)
1681 len = m->m_len - moff;
1683 * If mp is set, just pass back the mbufs. Otherwise copy
1684 * them out via the uio, then free. Sockbuf must be
1685 * consistent here (points to current mbuf, it points to next
1686 * record) when we drop priority; we must note any additions
1687 * to the sockbuf when we block interrupts again.
1690 SOCKBUF_LOCK_ASSERT(&so->so_rcv);
1691 SBLASTRECORDCHK(&so->so_rcv);
1692 SBLASTMBUFCHK(&so->so_rcv);
1693 SOCKBUF_UNLOCK(&so->so_rcv);
1694 #ifdef ZERO_COPY_SOCKETS
1695 if (so_zero_copy_receive) {
1698 if ((m->m_flags & M_EXT)
1699 && (m->m_ext.ext_type == EXT_DISPOSABLE))
1704 error = uiomoveco(mtod(m, char *) + moff,
1708 #endif /* ZERO_COPY_SOCKETS */
1709 error = uiomove(mtod(m, char *) + moff, (int)len, uio);
1710 SOCKBUF_LOCK(&so->so_rcv);
1713 * If any part of the record has been removed
1714 * (such as the MT_SONAME mbuf, which will
1715 * happen when PR_ADDR, and thus also
1716 * PR_ATOMIC, is set), then drop the entire
1717 * record to maintain the atomicity of the
1718 * receive operation.
1720 if (m && mbuf_removed &&
1721 (pr->pr_flags & PR_ATOMIC))
1722 (void)sbdroprecord_locked(&so->so_rcv);
1726 uio->uio_resid -= len;
1727 SOCKBUF_LOCK_ASSERT(&so->so_rcv);
1728 if (len == m->m_len - moff) {
1729 if (m->m_flags & M_EOR)
1731 if (flags & MSG_PEEK) {
1735 nextrecord = m->m_nextpkt;
1736 sbfree(&so->so_rcv, m);
1740 so->so_rcv.sb_mb = m = m->m_next;
1743 so->so_rcv.sb_mb = m_free(m);
1744 m = so->so_rcv.sb_mb;
1746 sockbuf_pushsync(&so->so_rcv, nextrecord);
1747 SBLASTRECORDCHK(&so->so_rcv);
1748 SBLASTMBUFCHK(&so->so_rcv);
1751 if (flags & MSG_PEEK)
1757 if (flags & MSG_DONTWAIT)
1758 copy_flag = M_DONTWAIT;
1760 copy_flag = M_TRYWAIT;
1761 if (copy_flag == M_TRYWAIT)
1762 SOCKBUF_UNLOCK(&so->so_rcv);
1763 *mp = m_copym(m, 0, len, copy_flag);
1764 if (copy_flag == M_TRYWAIT)
1765 SOCKBUF_LOCK(&so->so_rcv);
1768 * m_copym() couldn't
1769 * allocate an mbuf. Adjust
1770 * uio_resid back (it was
1771 * adjusted down by len
1772 * bytes, which we didn't end
1773 * up "copying" over).
1775 uio->uio_resid += len;
1781 so->so_rcv.sb_cc -= len;
1784 SOCKBUF_LOCK_ASSERT(&so->so_rcv);
1785 if (so->so_oobmark) {
1786 if ((flags & MSG_PEEK) == 0) {
1787 so->so_oobmark -= len;
1788 if (so->so_oobmark == 0) {
1789 so->so_rcv.sb_state |= SBS_RCVATMARK;
1794 if (offset == so->so_oobmark)
1798 if (flags & MSG_EOR)
1801 * If the MSG_WAITALL flag is set (for non-atomic socket), we
1802 * must not quit until "uio->uio_resid == 0" or an error
1803 * termination. If a signal/timeout occurs, return with a
1804 * short count but without error. Keep sockbuf locked
1805 * against other readers.
1807 while (flags & MSG_WAITALL && m == NULL && uio->uio_resid > 0 &&
1808 !sosendallatonce(so) && nextrecord == NULL) {
1809 SOCKBUF_LOCK_ASSERT(&so->so_rcv);
1810 if (so->so_error || so->so_rcv.sb_state & SBS_CANTRCVMORE)
1813 * Notify the protocol that some data has been
1814 * drained before blocking.
1816 if (pr->pr_flags & PR_WANTRCVD) {
1817 SOCKBUF_UNLOCK(&so->so_rcv);
1818 (*pr->pr_usrreqs->pru_rcvd)(so, flags);
1819 SOCKBUF_LOCK(&so->so_rcv);
1821 SBLASTRECORDCHK(&so->so_rcv);
1822 SBLASTMBUFCHK(&so->so_rcv);
1823 error = sbwait(&so->so_rcv);
1826 m = so->so_rcv.sb_mb;
1828 nextrecord = m->m_nextpkt;
1832 SOCKBUF_LOCK_ASSERT(&so->so_rcv);
1833 if (m != NULL && pr->pr_flags & PR_ATOMIC) {
1835 if ((flags & MSG_PEEK) == 0)
1836 (void) sbdroprecord_locked(&so->so_rcv);
1838 if ((flags & MSG_PEEK) == 0) {
1841 * First part is an inline SB_EMPTY_FIXUP(). Second
1842 * part makes sure sb_lastrecord is up-to-date if
1843 * there is still data in the socket buffer.
1845 so->so_rcv.sb_mb = nextrecord;
1846 if (so->so_rcv.sb_mb == NULL) {
1847 so->so_rcv.sb_mbtail = NULL;
1848 so->so_rcv.sb_lastrecord = NULL;
1849 } else if (nextrecord->m_nextpkt == NULL)
1850 so->so_rcv.sb_lastrecord = nextrecord;
1852 SBLASTRECORDCHK(&so->so_rcv);
1853 SBLASTMBUFCHK(&so->so_rcv);
1855 * If soreceive() is being done from the socket callback,
1856 * then don't need to generate ACK to peer to update window,
1857 * since ACK will be generated on return to TCP.
1859 if (!(flags & MSG_SOCALLBCK) &&
1860 (pr->pr_flags & PR_WANTRCVD)) {
1861 SOCKBUF_UNLOCK(&so->so_rcv);
1862 (*pr->pr_usrreqs->pru_rcvd)(so, flags);
1863 SOCKBUF_LOCK(&so->so_rcv);
1866 SOCKBUF_LOCK_ASSERT(&so->so_rcv);
1867 if (orig_resid == uio->uio_resid && orig_resid &&
1868 (flags & MSG_EOR) == 0 && (so->so_rcv.sb_state & SBS_CANTRCVMORE) == 0) {
1869 sbunlock(&so->so_rcv);
1876 SOCKBUF_LOCK_ASSERT(&so->so_rcv);
1877 sbunlock(&so->so_rcv);
1879 SOCKBUF_LOCK_ASSERT(&so->so_rcv);
1880 SOCKBUF_UNLOCK(&so->so_rcv);
1885 soreceive(so, psa, uio, mp0, controlp, flagsp)
1887 struct sockaddr **psa;
1890 struct mbuf **controlp;
1894 /* XXXRW: Temporary debugging. */
1895 KASSERT(so->so_proto->pr_usrreqs->pru_soreceive != soreceive,
1896 ("soreceive: protocol calls soreceive"));
1898 return (so->so_proto->pr_usrreqs->pru_soreceive(so, psa, uio, mp0,
1907 struct protosw *pr = so->so_proto;
1909 if (!(how == SHUT_RD || how == SHUT_WR || how == SHUT_RDWR))
1915 return ((*pr->pr_usrreqs->pru_shutdown)(so));
1923 struct sockbuf *sb = &so->so_rcv;
1924 struct protosw *pr = so->so_proto;
1928 * XXXRW: This is quite ugly. Previously, this code made a copy of
1929 * the socket buffer, then zero'd the original to clear the buffer
1930 * fields. However, with mutexes in the socket buffer, this causes
1931 * problems. We only clear the zeroable bits of the original;
1932 * however, we have to initialize and destroy the mutex in the copy
1933 * so that dom_dispose() and sbrelease() can lock t as needed.
1936 sb->sb_flags |= SB_NOINTR;
1937 (void) sblock(sb, M_WAITOK);
1939 * socantrcvmore_locked() drops the socket buffer mutex so that it
1940 * can safely perform wakeups. Re-acquire the mutex before
1943 socantrcvmore_locked(so);
1947 * Invalidate/clear most of the sockbuf structure, but leave selinfo
1948 * and mutex data unchanged.
1950 bzero(&asb, offsetof(struct sockbuf, sb_startzero));
1951 bcopy(&sb->sb_startzero, &asb.sb_startzero,
1952 sizeof(*sb) - offsetof(struct sockbuf, sb_startzero));
1953 bzero(&sb->sb_startzero,
1954 sizeof(*sb) - offsetof(struct sockbuf, sb_startzero));
1957 SOCKBUF_LOCK_INIT(&asb, "so_rcv");
1958 if (pr->pr_flags & PR_RIGHTS && pr->pr_domain->dom_dispose != NULL)
1959 (*pr->pr_domain->dom_dispose)(asb.sb_mb);
1960 sbrelease(&asb, so);
1961 SOCKBUF_LOCK_DESTROY(&asb);
1965 * Perhaps this routine, and sooptcopyout(), below, ought to come in an
1966 * additional variant to handle the case where the option value needs to be
1967 * some kind of integer, but not a specific size. In addition to their use
1968 * here, these functions are also called by the protocol-level pr_ctloutput()
1972 sooptcopyin(sopt, buf, len, minlen)
1973 struct sockopt *sopt;
1981 * If the user gives us more than we wanted, we ignore it, but if we
1982 * don't get the minimum length the caller wants, we return EINVAL.
1983 * On success, sopt->sopt_valsize is set to however much we actually
1986 if ((valsize = sopt->sopt_valsize) < minlen)
1989 sopt->sopt_valsize = valsize = len;
1991 if (sopt->sopt_td != NULL)
1992 return (copyin(sopt->sopt_val, buf, valsize));
1994 bcopy(sopt->sopt_val, buf, valsize);
1999 * Kernel version of setsockopt(2).
2001 * XXX: optlen is size_t, not socklen_t
2004 so_setsockopt(struct socket *so, int level, int optname, void *optval,
2007 struct sockopt sopt;
2009 sopt.sopt_level = level;
2010 sopt.sopt_name = optname;
2011 sopt.sopt_dir = SOPT_SET;
2012 sopt.sopt_val = optval;
2013 sopt.sopt_valsize = optlen;
2014 sopt.sopt_td = NULL;
2015 return (sosetopt(so, &sopt));
2021 struct sockopt *sopt;
2032 if (sopt->sopt_level != SOL_SOCKET) {
2033 if (so->so_proto && so->so_proto->pr_ctloutput)
2034 return ((*so->so_proto->pr_ctloutput)
2036 error = ENOPROTOOPT;
2038 switch (sopt->sopt_name) {
2040 case SO_ACCEPTFILTER:
2041 error = do_setopt_accept_filter(so, sopt);
2047 error = sooptcopyin(sopt, &l, sizeof l, sizeof l);
2052 so->so_linger = l.l_linger;
2054 so->so_options |= SO_LINGER;
2056 so->so_options &= ~SO_LINGER;
2063 case SO_USELOOPBACK:
2071 error = sooptcopyin(sopt, &optval, sizeof optval,
2077 so->so_options |= sopt->sopt_name;
2079 so->so_options &= ~sopt->sopt_name;
2087 error = sooptcopyin(sopt, &optval, sizeof optval,
2093 * Values < 1 make no sense for any of these options,
2101 switch (sopt->sopt_name) {
2104 if (sbreserve(sopt->sopt_name == SO_SNDBUF ?
2105 &so->so_snd : &so->so_rcv, (u_long)optval,
2106 so, curthread) == 0) {
2113 * Make sure the low-water is never greater than the
2117 SOCKBUF_LOCK(&so->so_snd);
2118 so->so_snd.sb_lowat =
2119 (optval > so->so_snd.sb_hiwat) ?
2120 so->so_snd.sb_hiwat : optval;
2121 SOCKBUF_UNLOCK(&so->so_snd);
2124 SOCKBUF_LOCK(&so->so_rcv);
2125 so->so_rcv.sb_lowat =
2126 (optval > so->so_rcv.sb_hiwat) ?
2127 so->so_rcv.sb_hiwat : optval;
2128 SOCKBUF_UNLOCK(&so->so_rcv);
2136 if (curthread->td_proc->p_sysent == &ia32_freebsd_sysvec) {
2137 struct timeval32 tv32;
2139 error = sooptcopyin(sopt, &tv32, sizeof tv32,
2141 CP(tv32, tv, tv_sec);
2142 CP(tv32, tv, tv_usec);
2145 error = sooptcopyin(sopt, &tv, sizeof tv,
2150 /* assert(hz > 0); */
2151 if (tv.tv_sec < 0 || tv.tv_sec > INT_MAX / hz ||
2152 tv.tv_usec < 0 || tv.tv_usec >= 1000000) {
2156 /* assert(tick > 0); */
2157 /* assert(ULONG_MAX - INT_MAX >= 1000000); */
2158 val = (u_long)(tv.tv_sec * hz) + tv.tv_usec / tick;
2159 if (val > INT_MAX) {
2163 if (val == 0 && tv.tv_usec != 0)
2166 switch (sopt->sopt_name) {
2168 so->so_snd.sb_timeo = val;
2171 so->so_rcv.sb_timeo = val;
2178 error = sooptcopyin(sopt, &extmac, sizeof extmac,
2182 error = mac_setsockopt_label(sopt->sopt_td->td_ucred,
2190 error = ENOPROTOOPT;
2193 if (error == 0 && so->so_proto != NULL &&
2194 so->so_proto->pr_ctloutput != NULL) {
2195 (void) ((*so->so_proto->pr_ctloutput)
2204 * Helper routine for getsockopt.
2207 sooptcopyout(struct sockopt *sopt, const void *buf, size_t len)
2215 * Documented get behavior is that we always return a value, possibly
2216 * truncated to fit in the user's buffer. Traditional behavior is
2217 * that we always tell the user precisely how much we copied, rather
2218 * than something useful like the total amount we had available for
2219 * her. Note that this interface is not idempotent; the entire
2220 * answer must generated ahead of time.
2222 valsize = min(len, sopt->sopt_valsize);
2223 sopt->sopt_valsize = valsize;
2224 if (sopt->sopt_val != NULL) {
2225 if (sopt->sopt_td != NULL)
2226 error = copyout(buf, sopt->sopt_val, valsize);
2228 bcopy(buf, sopt->sopt_val, valsize);
2236 struct sockopt *sopt;
2246 if (sopt->sopt_level != SOL_SOCKET) {
2247 if (so->so_proto && so->so_proto->pr_ctloutput) {
2248 return ((*so->so_proto->pr_ctloutput)
2251 return (ENOPROTOOPT);
2253 switch (sopt->sopt_name) {
2255 case SO_ACCEPTFILTER:
2256 error = do_getopt_accept_filter(so, sopt);
2261 l.l_onoff = so->so_options & SO_LINGER;
2262 l.l_linger = so->so_linger;
2264 error = sooptcopyout(sopt, &l, sizeof l);
2267 case SO_USELOOPBACK:
2279 optval = so->so_options & sopt->sopt_name;
2281 error = sooptcopyout(sopt, &optval, sizeof optval);
2285 optval = so->so_type;
2290 optval = so->so_error;
2296 optval = so->so_snd.sb_hiwat;
2300 optval = so->so_rcv.sb_hiwat;
2304 optval = so->so_snd.sb_lowat;
2308 optval = so->so_rcv.sb_lowat;
2313 optval = (sopt->sopt_name == SO_SNDTIMEO ?
2314 so->so_snd.sb_timeo : so->so_rcv.sb_timeo);
2316 tv.tv_sec = optval / hz;
2317 tv.tv_usec = (optval % hz) * tick;
2319 if (curthread->td_proc->p_sysent == &ia32_freebsd_sysvec) {
2320 struct timeval32 tv32;
2322 CP(tv, tv32, tv_sec);
2323 CP(tv, tv32, tv_usec);
2324 error = sooptcopyout(sopt, &tv32, sizeof tv32);
2327 error = sooptcopyout(sopt, &tv, sizeof tv);
2332 error = sooptcopyin(sopt, &extmac, sizeof(extmac),
2336 error = mac_getsockopt_label(sopt->sopt_td->td_ucred,
2340 error = sooptcopyout(sopt, &extmac, sizeof extmac);
2348 error = sooptcopyin(sopt, &extmac, sizeof(extmac),
2352 error = mac_getsockopt_peerlabel(
2353 sopt->sopt_td->td_ucred, so, &extmac);
2356 error = sooptcopyout(sopt, &extmac, sizeof extmac);
2362 case SO_LISTENQLIMIT:
2363 optval = so->so_qlimit;
2367 optval = so->so_qlen;
2370 case SO_LISTENINCQLEN:
2371 optval = so->so_incqlen;
2375 error = ENOPROTOOPT;
2382 /* XXX; prepare mbuf for (__FreeBSD__ < 3) routines. */
2384 soopt_getm(struct sockopt *sopt, struct mbuf **mp)
2386 struct mbuf *m, *m_prev;
2387 int sopt_size = sopt->sopt_valsize;
2389 MGET(m, sopt->sopt_td ? M_TRYWAIT : M_DONTWAIT, MT_DATA);
2392 if (sopt_size > MLEN) {
2393 MCLGET(m, sopt->sopt_td ? M_TRYWAIT : M_DONTWAIT);
2394 if ((m->m_flags & M_EXT) == 0) {
2398 m->m_len = min(MCLBYTES, sopt_size);
2400 m->m_len = min(MLEN, sopt_size);
2402 sopt_size -= m->m_len;
2407 MGET(m, sopt->sopt_td ? M_TRYWAIT : M_DONTWAIT, MT_DATA);
2412 if (sopt_size > MLEN) {
2413 MCLGET(m, sopt->sopt_td != NULL ? M_TRYWAIT :
2415 if ((m->m_flags & M_EXT) == 0) {
2420 m->m_len = min(MCLBYTES, sopt_size);
2422 m->m_len = min(MLEN, sopt_size);
2424 sopt_size -= m->m_len;
2431 /* XXX; copyin sopt data into mbuf chain for (__FreeBSD__ < 3) routines. */
2433 soopt_mcopyin(struct sockopt *sopt, struct mbuf *m)
2435 struct mbuf *m0 = m;
2437 if (sopt->sopt_val == NULL)
2439 while (m != NULL && sopt->sopt_valsize >= m->m_len) {
2440 if (sopt->sopt_td != NULL) {
2443 error = copyin(sopt->sopt_val, mtod(m, char *),
2450 bcopy(sopt->sopt_val, mtod(m, char *), m->m_len);
2451 sopt->sopt_valsize -= m->m_len;
2452 sopt->sopt_val = (char *)sopt->sopt_val + m->m_len;
2455 if (m != NULL) /* should be allocated enoughly at ip6_sooptmcopyin() */
2456 panic("ip6_sooptmcopyin");
2460 /* XXX; copyout mbuf chain data into soopt for (__FreeBSD__ < 3) routines. */
2462 soopt_mcopyout(struct sockopt *sopt, struct mbuf *m)
2464 struct mbuf *m0 = m;
2467 if (sopt->sopt_val == NULL)
2469 while (m != NULL && sopt->sopt_valsize >= m->m_len) {
2470 if (sopt->sopt_td != NULL) {
2473 error = copyout(mtod(m, char *), sopt->sopt_val,
2480 bcopy(mtod(m, char *), sopt->sopt_val, m->m_len);
2481 sopt->sopt_valsize -= m->m_len;
2482 sopt->sopt_val = (char *)sopt->sopt_val + m->m_len;
2483 valsize += m->m_len;
2487 /* enough soopt buffer should be given from user-land */
2491 sopt->sopt_valsize = valsize;
2496 * sohasoutofband(): protocol notifies socket layer of the arrival of new
2497 * out-of-band data, which will then notify socket consumers.
2503 if (so->so_sigio != NULL)
2504 pgsigio(&so->so_sigio, SIGURG, 0);
2505 selwakeuppri(&so->so_rcv.sb_sel, PSOCK);
2509 sopoll(struct socket *so, int events, struct ucred *active_cred,
2513 /* XXXRW: Temporary debugging. */
2514 KASSERT(so->so_proto->pr_usrreqs->pru_sopoll != sopoll,
2515 ("sopoll: protocol calls sopoll"));
2517 return (so->so_proto->pr_usrreqs->pru_sopoll(so, events, active_cred,
2522 sopoll_generic(struct socket *so, int events, struct ucred *active_cred,
2527 SOCKBUF_LOCK(&so->so_snd);
2528 SOCKBUF_LOCK(&so->so_rcv);
2529 if (events & (POLLIN | POLLRDNORM))
2531 revents |= events & (POLLIN | POLLRDNORM);
2533 if (events & POLLINIGNEOF)
2534 if (so->so_rcv.sb_cc >= so->so_rcv.sb_lowat ||
2535 !TAILQ_EMPTY(&so->so_comp) || so->so_error)
2536 revents |= POLLINIGNEOF;
2538 if (events & (POLLOUT | POLLWRNORM))
2539 if (sowriteable(so))
2540 revents |= events & (POLLOUT | POLLWRNORM);
2542 if (events & (POLLPRI | POLLRDBAND))
2543 if (so->so_oobmark || (so->so_rcv.sb_state & SBS_RCVATMARK))
2544 revents |= events & (POLLPRI | POLLRDBAND);
2548 (POLLIN | POLLINIGNEOF | POLLPRI | POLLRDNORM |
2550 selrecord(td, &so->so_rcv.sb_sel);
2551 so->so_rcv.sb_flags |= SB_SEL;
2554 if (events & (POLLOUT | POLLWRNORM)) {
2555 selrecord(td, &so->so_snd.sb_sel);
2556 so->so_snd.sb_flags |= SB_SEL;
2560 SOCKBUF_UNLOCK(&so->so_rcv);
2561 SOCKBUF_UNLOCK(&so->so_snd);
2566 soo_kqfilter(struct file *fp, struct knote *kn)
2568 struct socket *so = kn->kn_fp->f_data;
2571 switch (kn->kn_filter) {
2573 if (so->so_options & SO_ACCEPTCONN)
2574 kn->kn_fop = &solisten_filtops;
2576 kn->kn_fop = &soread_filtops;
2580 kn->kn_fop = &sowrite_filtops;
2588 knlist_add(&sb->sb_sel.si_note, kn, 1);
2589 sb->sb_flags |= SB_KNOTE;
2595 filt_sordetach(struct knote *kn)
2597 struct socket *so = kn->kn_fp->f_data;
2599 SOCKBUF_LOCK(&so->so_rcv);
2600 knlist_remove(&so->so_rcv.sb_sel.si_note, kn, 1);
2601 if (knlist_empty(&so->so_rcv.sb_sel.si_note))
2602 so->so_rcv.sb_flags &= ~SB_KNOTE;
2603 SOCKBUF_UNLOCK(&so->so_rcv);
2608 filt_soread(struct knote *kn, long hint)
2612 so = kn->kn_fp->f_data;
2613 SOCKBUF_LOCK_ASSERT(&so->so_rcv);
2615 kn->kn_data = so->so_rcv.sb_cc - so->so_rcv.sb_ctl;
2616 if (so->so_rcv.sb_state & SBS_CANTRCVMORE) {
2617 kn->kn_flags |= EV_EOF;
2618 kn->kn_fflags = so->so_error;
2620 } else if (so->so_error) /* temporary udp error */
2622 else if (kn->kn_sfflags & NOTE_LOWAT)
2623 return (kn->kn_data >= kn->kn_sdata);
2625 return (so->so_rcv.sb_cc >= so->so_rcv.sb_lowat);
2629 filt_sowdetach(struct knote *kn)
2631 struct socket *so = kn->kn_fp->f_data;
2633 SOCKBUF_LOCK(&so->so_snd);
2634 knlist_remove(&so->so_snd.sb_sel.si_note, kn, 1);
2635 if (knlist_empty(&so->so_snd.sb_sel.si_note))
2636 so->so_snd.sb_flags &= ~SB_KNOTE;
2637 SOCKBUF_UNLOCK(&so->so_snd);
2642 filt_sowrite(struct knote *kn, long hint)
2646 so = kn->kn_fp->f_data;
2647 SOCKBUF_LOCK_ASSERT(&so->so_snd);
2648 kn->kn_data = sbspace(&so->so_snd);
2649 if (so->so_snd.sb_state & SBS_CANTSENDMORE) {
2650 kn->kn_flags |= EV_EOF;
2651 kn->kn_fflags = so->so_error;
2653 } else if (so->so_error) /* temporary udp error */
2655 else if (((so->so_state & SS_ISCONNECTED) == 0) &&
2656 (so->so_proto->pr_flags & PR_CONNREQUIRED))
2658 else if (kn->kn_sfflags & NOTE_LOWAT)
2659 return (kn->kn_data >= kn->kn_sdata);
2661 return (kn->kn_data >= so->so_snd.sb_lowat);
2666 filt_solisten(struct knote *kn, long hint)
2668 struct socket *so = kn->kn_fp->f_data;
2670 kn->kn_data = so->so_qlen;
2671 return (! TAILQ_EMPTY(&so->so_comp));
2675 socheckuid(struct socket *so, uid_t uid)
2680 if (so->so_cred->cr_uid != uid)
2686 somaxconn_sysctl(SYSCTL_HANDLER_ARGS)
2692 error = sysctl_handle_int(oidp, &val, sizeof(int), req);
2693 if (error || !req->newptr )
2696 if (val < 1 || val > USHRT_MAX)